search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libevent: updated to 2.0.22
[tomato.git] / release / src-rt-6.x.4708 / router / rc / tinc.c
blob2379179175b6b10ba9b43d839dbdd4fc28fe4e9a
1 /*
2
3 Copyright (C) 2014 Lance Fredrickson
4 lancethepants@gmail.com
5
6 */
7
8 #include "rc.h"
9
10 #define BUF_SIZE 256
11
12 void start_tinc(void)
13 {
14
15 char *nv, *nvp, *b;
16 const char *connecto, *name, *address, *port, *compression, *subnet, *rsa, *ed25519, *custom, *tinc_tmp_value;
17 char buffer[BUF_SIZE];
18 FILE *fp, *hp;
19
20
21 // create tinc directories
22 mkdir("/etc/tinc", 0700);
23 mkdir("/etc/tinc/hosts", 0700);
24
25
26 // write private rsa key
27 if ( strcmp( tinc_tmp_value = nvram_safe_get("tinc_private_rsa"), "") != 0 ){
28 if ( !( fp = fopen( "/etc/tinc/rsa_key.priv", "w" ))){
29 perror( "/etc/tinc/rsa_key.priv" );
30 return;
31 }
32 fprintf(fp, "%s\n", tinc_tmp_value );
33 fclose(fp);
34 chmod("/etc/tinc/rsa_key.priv", 0600);
35 }
36
37
38 // write private ed25519 key
39 if ( strcmp( tinc_tmp_value = nvram_safe_get("tinc_private_ed25519"), "") != 0 ){
40 if ( !( fp = fopen( "/etc/tinc/ed25519_key.priv", "w" ))){
41 perror( "/etc/tinc/ed25519_key.priv" );
42 return;
43 }
44 fprintf(fp, "%s\n", tinc_tmp_value );
45 fclose(fp);
46 chmod("/etc/tinc/ed25519_key.priv", 0600);
47 }
48
49
50 // create tinc.conf
51 if ( !( fp = fopen( "/etc/tinc/tinc.conf", "w" ))){
52 perror( "/etc/tinc/tinc.conf" );
53 return;
54 }
55
56
57 fprintf(fp, "Name = %s\n", nvram_safe_get( "tinc_name" ));
58
59 fprintf(fp, "Interface = tinc\n" );
60
61 fprintf(fp, "DeviceType = %s\n", nvram_safe_get( "tinc_devicetype" ));
62
63
64 if (nvram_match("tinc_devicetype", "tun")){
65 fprintf(fp, "Mode = router\n");
66 }
67 else if (nvram_match("tinc_devicetype", "tap")){
68 fprintf(fp, "Mode = %s\n", nvram_safe_get( "tinc_mode" ));
69 }
70
71
72 // create tinc host files
73 nvp = nv = strdup(nvram_safe_get("tinc_hosts"));
74 if (!nv) return;
75 while ((b = strsep(&nvp, ">")) != NULL) {
76
77 if (vstrsep(b, "<", &connecto, &name, &address, &port, &compression, &subnet, &rsa, &ed25519, &custom) != 9) continue;
78
79 sprintf(&buffer[0], "/etc/tinc/hosts/%s", name);
80 if ( !( hp = fopen( &buffer[0], "w" ))){
81 perror( &buffer[0] );
82 return;
83 }
84
85 // write Connecto's to tinc.conf, excluding the host system if connecto is enabled
86 if ( (strcmp( connecto, "1") == 0 ) && (strcmp( nvram_safe_get("tinc_name"), name) != 0 ) ){
87 fprintf(fp, "ConnectTo = %s\n", name );
88 }
89
90 if ( strcmp( rsa, "" ) != 0 )
91 fprintf(hp, "%s\n", rsa );
92
93 if ( strcmp( ed25519, "" ) != 0 )
94 fprintf(hp, "%s\n", ed25519 );
95
96 if ( strcmp( address, "" ) != 0 )
97 fprintf(hp, "Address = %s\n", address );
98
99 if ( strcmp( subnet, "" ) != 0 )
100 fprintf(hp, "Subnet = %s\n", subnet );
101
102 if ( strcmp( compression, "" ) != 0 )
103 fprintf(hp, "Compression = %s\n", compression );
104
105 if ( strcmp( port, "") != 0 )
106 fprintf(hp, "Port = %s\n", port );
107
108 if ( strcmp( custom, "") != 0 )
109 fprintf(hp, "%s\n", custom );
110
111 fclose(hp);
112
113 // generate tinc-up and firewall scripts
114 if ( strcmp( nvram_safe_get("tinc_name"), name) == 0 ){
115
116 // create tinc-up script if this is the host system.
117
118 if ( !( hp = fopen( "/etc/tinc/tinc-up", "w" ))){
119 perror( "/etc/tinc/tinc-up" );
120 return;
121 }
122
123 fprintf(hp, "#!/bin/sh\n" );
124
125 // Determine whether automatically generate tinc-up, or use manually supplied script.
126 if ( !nvram_match("tinc_manual_tinc_up", "1") ){
127
128 if (nvram_match("tinc_devicetype", "tun")){
129 fprintf(hp, "ifconfig $INTERFACE %s netmask %s\n", nvram_safe_get("lan_ipaddr"), nvram_safe_get("tinc_vpn_netmask") );
130 }
131 else if (nvram_match("tinc_devicetype", "tap")){
132 fprintf(hp, "brctl addif %s $INTERFACE\n", nvram_safe_get("lan_ifname") );
133 fprintf(hp, "ifconfig $INTERFACE 0.0.0.0 promisc up\n" );
134 }
135 }
136 else {
137 fprintf(hp, "%s\n", nvram_safe_get("tinc_tinc_up") );
138 }
139
140 fclose(hp);
141 chmod("/etc/tinc/tinc-up", 0744);
142
143 // Create firewall script.
144 if ( !( hp = fopen( "/etc/tinc/tinc-fw.sh", "w" ))){
145 perror( "/etc/tinc/tinc-fw.sh" );
146 return;
147 }
148
149 fprintf(hp, "#!/bin/sh\n" );
150
151 if ( !nvram_match("tinc_manual_firewall", "2") ){
152
153 if ( strcmp( port, "") == 0 )
154 port = "655";
155
156 fprintf(hp, "iptables -I INPUT -p udp --dport %s -j ACCEPT\n", port );
157 fprintf(hp, "iptables -I INPUT -p tcp --dport %s -j ACCEPT\n", port );
158
159
160 fprintf(hp, "iptables -I INPUT -i tinc -j ACCEPT\n" );
161 fprintf(hp, "iptables -I FORWARD -i tinc -j ACCEPT\n" );
162
163 #ifdef TCONFIG_IPV6
164 if (ipv6_enabled()){
165
166 fprintf(hp, "\n" );
167 fprintf(hp, "ip6tables -I INPUT -p udp --dport %s -j ACCEPT\n", port );
168 fprintf(hp, "ip6tables -I INPUT -p tcp --dport %s -j ACCEPT\n", port );
169
170 fprintf(hp, "ip6tables -I INPUT -i tinc -j ACCEPT\n" );
171 fprintf(hp, "ip6tables -I FORWARD -i tinc -j ACCEPT\n" );
172 }
173 #endif
174 }
175
176 if ( !nvram_match("tinc_manual_firewall", "0") ){
177
178 fprintf(hp, "\n" );
179 fprintf(hp, "%s\n", nvram_safe_get("tinc_firewall") );
180
181 }
182
183 fclose(hp);
184 chmod("/etc/tinc/tinc-fw.sh", 0744);
185 }
186 }
187
188 // Write tinc.conf custom configuration
189 if ( strcmp( tinc_tmp_value = nvram_safe_get("tinc_custom"), "") != 0 )
190 fprintf(fp, "%s\n", tinc_tmp_value );
191
192 fclose(fp);
193 free(nv);
194
195 // write tinc-down
196 if ( strcmp( tinc_tmp_value = nvram_safe_get("tinc_tinc_down"), "") != 0 ){
197 if ( !( fp = fopen( "/etc/tinc/tinc-down", "w" ))){
198 perror( "/etc/tinc/tinc-down" );
199 return;
200 }
201 fprintf(fp, "#!/bin/sh\n" );
202 fprintf(fp, "%s\n", tinc_tmp_value );
203 fclose(fp);
204 chmod("/etc/tinc/tinc-down", 0744);
205 }
206
207 // write host-up
208 if ( strcmp( tinc_tmp_value = nvram_safe_get("tinc_host_up"), "") != 0 ){
209 if ( !( fp = fopen( "/etc/tinc/host-up", "w" ))){
210 perror( "/etc/tinc/host-up" );
211 return;
212 }
213 fprintf(fp, "#!/bin/sh\n" );
214 fprintf(fp, "%s\n", tinc_tmp_value );
215 fclose(fp);
216 chmod("/etc/tinc/host-up", 0744);
217 }
218
219 // write host-down
220 if ( strcmp( tinc_tmp_value = nvram_safe_get("tinc_host_down"), "") != 0 ){
221 if ( !( fp = fopen( "/etc/tinc/host-down", "w" ))){
222 perror( "/etc/tinc/host-down" );
223 return;
224 }
225 fprintf(fp, "#!/bin/sh\n" );
226 fprintf(fp, "%s\n", tinc_tmp_value );
227 fclose(fp);
228 chmod("/etc/tinc/host-down", 0744);
229 }
230
231 // write subnet-up
232 if ( strcmp( tinc_tmp_value = nvram_safe_get("tinc_subnet_up"), "") != 0 ){
233 if ( !( fp = fopen( "/etc/tinc/subnet-up", "w" ))){
234 perror( "/etc/tinc/subnet-up" );
235 return;
236 }
237 fprintf(fp, "#!/bin/sh\n" );
238 fprintf(fp, "%s\n", tinc_tmp_value );
239 fclose(fp);
240 chmod("/etc/tinc/subnet-up", 0744);
241 }
242
243 // write subnet-down
244 if ( strcmp( tinc_tmp_value = nvram_safe_get("tinc_subnet_down"), "") != 0 ){
245 if ( !( fp = fopen( "/etc/tinc/subnet-down", "w" ))){
246 perror( "/etc/tinc/subnet-down" );
247 return;
248 }
249 fprintf(fp, "#!/bin/sh\n" );
250 fprintf(fp, "%s\n", tinc_tmp_value );
251 fclose(fp);
252 chmod("/etc/tinc/subnet-down", 0744);
253 }
254
255
256 // Make sure module is loaded
257 modprobe("tun");
258 f_wait_exists("/dev/net/tun", 5);
259
260 run_tinc_firewall_script();
261 xstart( "/usr/sbin/tinc", "start" );
262 return;
263 }
264
265 void stop_tinc(void)
266 {
267 killall("tincd", SIGTERM);
268 system( "/bin/sed -i \'s/-A/-D/g;s/-I/-D/g\' /etc/tinc/tinc-fw.sh\n");
269 run_tinc_firewall_script();
270 system( "/bin/rm -rf /etc/tinc\n" );
271 return;
272 }
273
274 void run_tinc_firewall_script(void){
275
276 FILE *fp;
277
278 if ((fp = fopen( "/etc/tinc/tinc-fw.sh", "r" ))){
279
280 fclose(fp);
281 system( "/etc/tinc/tinc-fw.sh" );
282 }
283
284 return;
285 }
286
287 void start_tinc_wanup(void){
288
289 if ( nvram_match("tinc_wanup", "1") )
290 start_tinc();
291
292 return;
293 }
Tomato firmware and modifications.