mirror of https://github.com/aredn/aredn.git
398 lines
13 KiB
Lua
Executable File
398 lines
13 KiB
Lua
Executable File
#! /usr/bin/lua
|
|
--[[
|
|
|
|
Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
|
|
Copyright (C) 2021 Tim Wilkinson
|
|
Original Perl Copyright (C) 2015 Conrad Lara
|
|
See Contributors file for additional contributors
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation version 3 of the License.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
Additional Terms:
|
|
|
|
Additional use restrictions exist on the AREDN(TM) trademark and logo.
|
|
See AREDNLicense.txt for more info.
|
|
|
|
Attributions to the AREDN Project must be retained in the source code.
|
|
If importing this code into a new or existing project attribution
|
|
to the AREDN project must be added to the source code.
|
|
|
|
You must not misrepresent the origin of the material contained within.
|
|
|
|
Modified versions must be modified to attribute to the original source
|
|
and be marked in reasonable ways as differentiate it from the original
|
|
version
|
|
|
|
--]]
|
|
|
|
require("nixio")
|
|
require("aredn.utils")
|
|
require("aredn.hardware")
|
|
aredn.info = require('aredn.info')
|
|
require("uci")
|
|
|
|
-- Whether to validate hosts and services before publishing
|
|
local validate = false
|
|
local validation_timeout = 150 * 60 -- 2.5 hours (so must fail 3 times in a row)
|
|
local validation_state = "/tmp/service-validation-state"
|
|
|
|
-- check what config gile we are building for
|
|
local uci_conf_file
|
|
if #arg == 0 then
|
|
uci_conf_file = "olsrd"
|
|
else
|
|
uci_conf_file = arg[1]
|
|
if #arg == 2 and arg[2] == "validate" then
|
|
validate = true
|
|
end
|
|
end
|
|
|
|
if uci_conf_file == "olsrd6" then
|
|
-- we only generate entries for IPv4 at the moment
|
|
os.exit(0)
|
|
end
|
|
|
|
local cursor = uci.cursor()
|
|
local cursorm = uci.cursor("/etc/config.mesh")
|
|
|
|
local names = {}
|
|
local hosts = {}
|
|
local services = {}
|
|
local tunnels = {}
|
|
local wgtunnels = {}
|
|
|
|
function ip_to_hostname(ip)
|
|
if ip and ip ~= "" and ip ~= "none" then
|
|
local a, b, c, d = ip:match("(.*)%.(.*)%.(.*)%.(.*)")
|
|
local revip = d .. "." .. c .. "." .. b .. "." .. a
|
|
local f = io.popen("nslookup " .. ip)
|
|
if f then
|
|
local pattern = "^" .. revip .. "%.in%-addr%.arpa%s+name%s+=%s+(%S+)%.local%.mesh"
|
|
for line in f:lines()
|
|
do
|
|
local host = line:match(pattern)
|
|
if host then
|
|
f:close()
|
|
return host
|
|
end
|
|
end
|
|
f:close()
|
|
end
|
|
end
|
|
return ""
|
|
end
|
|
|
|
-- canonical names for this node
|
|
-- (they should up in reverse order, make the official name last)
|
|
local name = aredn.info.get_nvram("tactical")
|
|
if name ~= "" then
|
|
names[#names + 1] = name
|
|
end
|
|
name = aredn.info.get_nvram("node")
|
|
if name ~= "" then
|
|
names[#names + 1] = name
|
|
end
|
|
|
|
local dmz_mode = cursor:get("aredn", "@dmz[0]", "mode")
|
|
if dmz_mode ~= "0" then
|
|
if nixio.fs.stat("/etc/config.mesh/aliases.dmz") then
|
|
for line in io.lines("/etc/config.mesh/aliases.dmz")
|
|
do
|
|
local ip, host = line:match("(.*) (.*)")
|
|
if host then
|
|
hosts[#hosts + 1] = { ip = ip, host = host }
|
|
end
|
|
end
|
|
end
|
|
if nixio.fs.stat("/etc/ethers") then
|
|
local noprop_ip = {}
|
|
if nixio.fs.stat("/etc/hosts") then
|
|
for line in io.lines("/etc/hosts")
|
|
do
|
|
local ip = line:match("^(%S+)%s.*#NOPROP$")
|
|
if ip then
|
|
noprop_ip[ip] = true
|
|
end
|
|
end
|
|
end
|
|
for line in io.lines("/etc/ethers")
|
|
do
|
|
local ip = line:match("[0-9a-fA-F:]+%s+([%d%.]+)")
|
|
if ip and not noprop_ip[ip] then
|
|
local host = ip_to_hostname(ip)
|
|
if host then
|
|
hosts[#hosts + 1] = { ip = ip, host = host }
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
-- add a name for the dtdlink and xlink interfaces
|
|
if name then
|
|
local dtdip = aredn.hardware.get_interface_ip4(aredn.hardware.get_iface_name("dtdlink"))
|
|
if dtdip then
|
|
hosts[#hosts + 1] = { ip = dtdip, host = "dtdlink." .. name .. ".local.mesh" }
|
|
if nixio.fs.stat("/etc/config.mesh/xlink") then
|
|
local count = 0
|
|
uci.cursor("/etc/config.mesh"):foreach("xlink", "interface",
|
|
function(section)
|
|
if section.ipaddr then
|
|
hosts[#hosts + 1] = { ip = section.ipaddr, host = "xlink" .. count .. "." .. name .. ".local.mesh" }
|
|
count = count + 1
|
|
end
|
|
end
|
|
)
|
|
end
|
|
end
|
|
end
|
|
|
|
-- load the services
|
|
if nixio.fs.stat("/etc/config/services") then
|
|
for line in io.lines("/etc/config/services")
|
|
do
|
|
if line:match("^%w+://[%w%-%.]+:%d+.*|tcp|[^|]+$") or line:match("^%w+://[%w%-%.]+:%d+.*|udp|[^|]+$") then
|
|
services[#services + 1] = line
|
|
end
|
|
end
|
|
end
|
|
|
|
-- validation
|
|
if validate then
|
|
-- Load previous state
|
|
local vstate = {}
|
|
if nixio.fs.stat(validation_state) then
|
|
for line in io.lines(validation_state)
|
|
do
|
|
local last, key = line:match("^(%d+) (.*)$")
|
|
if last then
|
|
vstate[key] = tonumber(last)
|
|
end
|
|
end
|
|
end
|
|
local now = os.time()
|
|
local last = now + validation_timeout
|
|
local laniface = aredn.hardware.get_iface_name("lan")
|
|
-- Add in local names so services checks pass
|
|
for _, name in ipairs(names)
|
|
do
|
|
vstate[name:lower()] = last
|
|
end
|
|
-- Check we can reach all the IP addresses
|
|
for _, host in ipairs(hosts)
|
|
do
|
|
if os.execute("/bin/ping -q -c 1 -W 1 " .. host.ip .. " > /dev/null 2>&1") == 0 then
|
|
vstate[host.host:lower()] = last
|
|
elseif os.execute("/usr/sbin/arping -q -f -c 1 -w 1 -I " .. laniface .. " " .. host.ip .. " > /dev/null 2>&1") == 0 then
|
|
vstate[host.host:lower()] = last
|
|
end
|
|
end
|
|
-- Check all the services have a valid host
|
|
for _, service in ipairs(services)
|
|
do
|
|
local proto, hostname, port, path = service:match("^(%w+)://([%w%-%.]+):(%d+)(.*)|...|[^|]+$")
|
|
local vs = vstate[hostname:lower()]
|
|
if not vs or vs > now or dmz_mode == "0" then
|
|
if port == "0" then
|
|
-- no port so not a link - we can only check the hostname so have to assume the service is good
|
|
vstate[service] = last
|
|
elseif proto == "http" then
|
|
-- http so looks like a link. http check it
|
|
if not hostname:match("%.local%.mesh$") then
|
|
hostname = hostname .. ".local.mesh"
|
|
end
|
|
local status, effective_url = io.popen("/usr/bin/curl --max-time 10 --retry 0 --connect-timeout 2 --speed-time 5 --speed-limit 1000 --silent --output /dev/null --location --write-out '%{http_code} %{url_effective}' " .. "http://" .. hostname .. ":" .. port .. path):read("*a"):match("^(%d+) (.*)")
|
|
if status == "200" or status == "401" then
|
|
vstate[service] = last
|
|
elseif status == "301" or status == "302" or status == "303" or status == "307" or status == "308" then
|
|
-- Ended at a redirect rather than an actual page.
|
|
if effective_url:match("^https:") then
|
|
-- We cannot validate https: links so we just assume they're okay
|
|
vstate[service] = last
|
|
end
|
|
end
|
|
else
|
|
-- valid port, but we dont know the protocol (we cannot trust the one defined in the services file because the UI wont set
|
|
-- anything but 'tcp'). Check both tcp and udp and assume valid it either is okay
|
|
-- tcp
|
|
local s = nixio.socket("inet", "stream")
|
|
s:setopt("socket", "sndtimeo", 2)
|
|
local r = s:connect(hostname, tonumber(port))
|
|
s:close()
|
|
if r == true then
|
|
-- tcp connection succeeded
|
|
vstate[service] = last
|
|
else
|
|
-- udp
|
|
s = nixio.socket("inet", "dgram")
|
|
s:setopt("socket", "rcvtimeo", 2)
|
|
s:connect(hostname, tonumber(port))
|
|
s:send("")
|
|
r = s:recv(0)
|
|
s:close()
|
|
if r ~= nil then
|
|
-- A nil response is an explicity rejection of the udp request. Otherwise we have
|
|
-- to assume the service is valid
|
|
vstate[service] = last
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
-- Generate new hosts and services as long as they're valid
|
|
local old_hosts = hosts
|
|
hosts = {}
|
|
for _, host in ipairs(old_hosts)
|
|
do
|
|
local lname = host.host:lower()
|
|
local vs = vstate[lname]
|
|
if not vs then
|
|
hosts[#hosts + 1] = host
|
|
vstate[lname] = last
|
|
elseif vs > now then
|
|
hosts[#hosts + 1] = host
|
|
end
|
|
end
|
|
local old_services = services
|
|
services = {}
|
|
for _, service in ipairs(old_services)
|
|
do
|
|
local vs = vstate[service]
|
|
if not vs then
|
|
-- New services will be valid for a while, even if they're not there yet
|
|
services[#services + 1] = service
|
|
vstate[service] = last
|
|
elseif vs > now then
|
|
services[#services + 1] = service
|
|
end
|
|
end
|
|
|
|
-- Store state for next time
|
|
local f = io.open(validation_state, "w")
|
|
if f then
|
|
for key, last in pairs(vstate)
|
|
do
|
|
f:write(last .. " " .. key .. "\n")
|
|
end
|
|
f:close()
|
|
end
|
|
end
|
|
-- end validation
|
|
|
|
-- load the tunnels
|
|
if nixio.fs.stat("/etc/local/mesh-firewall/02-vtund") then
|
|
local tunnum = 50
|
|
cursor:foreach("vtun", "client",
|
|
function(section)
|
|
if section.enabled == "1" then
|
|
tunnels[#tunnels + 1] = "tun" .. tunnum
|
|
tunnum = tunnum + 1
|
|
end
|
|
end
|
|
)
|
|
local maxclients = cursor:get("aredn", "@tunnel[0]", "maxclients")
|
|
if not maxclients then
|
|
maxclients = 10
|
|
end
|
|
tunnum = 50 + maxclients
|
|
local wgtunnum = 0
|
|
if cursor:get("wireguard", "@client[0]", "name") then
|
|
tunnels[#tunnels + 1] = "wgc"
|
|
end
|
|
cursorm:foreach("vtun", "server",
|
|
function(section)
|
|
if section.enabled == "1" then
|
|
if section.netip:match("/") then
|
|
tunnels[#tunnels + 1] = "wgs" .. wgtunnum
|
|
wgtunnum = wgtunnum + 1
|
|
else
|
|
tunnels[#tunnels + 1] = "tun" .. tunnum
|
|
tunnum = tunnum + 1
|
|
end
|
|
end
|
|
end
|
|
)
|
|
end
|
|
|
|
-- add the nameservice plugin
|
|
print()
|
|
print([[LoadPlugin "olsrd_nameservice.so.0.4"]])
|
|
print([[{]])
|
|
print([[ PlParam "sighup-pid-file" "/var/run/dnsmasq/dnsmasq.pid"]])
|
|
print([[ PlParam "interval" "30"]])
|
|
print([[ PlParam "timeout" "300"]])
|
|
print([[ PlParam "name-change-script" "/usr/local/bin/olsrd-namechange"]])
|
|
for _, name in ipairs(names)
|
|
do
|
|
print([[ PlParam "name" "]] .. name .. [["]])
|
|
end
|
|
for _, host in ipairs(hosts)
|
|
do
|
|
print([[ PlParam "]] .. host.ip .. [[" "]] .. host.host .. [["]])
|
|
end
|
|
for _, service in ipairs(services)
|
|
do
|
|
print([[ PlParam "service" "]] .. service .. [["]])
|
|
end
|
|
print([[}]])
|
|
|
|
-- add the ACTIVE tunnel interfaces
|
|
if #tunnels > 0 then
|
|
local tun_weight = cursor:get("aredn", "@tunnel[0]", "weight")
|
|
tun_weight = tonumber(tun_weight)
|
|
local tuns = ""
|
|
for _, tunnel in ipairs(tunnels)
|
|
do
|
|
tuns = tuns .. " \"" .. tunnel .. "\""
|
|
end
|
|
print()
|
|
print([[Interface]] .. tuns)
|
|
print([[{]])
|
|
print([[ Ip4Broadcast 255.255.255.255]])
|
|
local is_supernode = cursor:get("aredn", "@supernode[0]", "enable") == "1"
|
|
if not tun_weight or tun_weight < 1 or is_supernode then
|
|
print([[ Mode "ether"]])
|
|
elseif tun_weight > 1 then
|
|
print([[ LinkQualityMult default ]] .. (1 / tun_weight))
|
|
end
|
|
print([[}]])
|
|
end
|
|
|
|
-- add the XLINK interfaces
|
|
if nixio.fs.stat("/etc/config.mesh/xlink") then
|
|
uci.cursor("/etc/config.mesh"):foreach("xlink", "interface",
|
|
function(section)
|
|
print()
|
|
print([[Interface "]] .. section.ifname .. [["]])
|
|
print([[{]])
|
|
if section.peer then
|
|
print([[ Ip4Broadcast ]] .. section.peer)
|
|
else
|
|
print([[ Ip4Broadcast 255.255.255.255]])
|
|
end
|
|
local weight = tonumber(section.weight)
|
|
if weight then
|
|
if weight > 1 then
|
|
print([[ LinkQualityMult default ]] .. (1 / weight))
|
|
elseif weight < 1 then
|
|
print([[ Mode "ether"]])
|
|
end
|
|
else
|
|
print([[ Mode "ether"]])
|
|
end
|
|
print([[}]])
|
|
end
|
|
)
|
|
end
|