#!/bin/sh /etc/rc.common
-# Copyright (C) 2010-2014 OpenWrt.org
+# Copyright (C) 2018 OpenWrt.org
START=99
USE_PROCD=1
PROG=/usr/sbin/omcproxy
-# Uncomment to enable verbosity
-#OPTIONS="-v"
+# Uncomment to enable verbosity
+#OPTIONS="-v"
PROXIES=""
-
omcproxy_add_proxy() {
- local uplink downlink scope proxy
+ local proxy scope uplink updevice downlinks
+
config_get uplink $1 uplink
- config_get downlink $1 downlink
- config_get scope $1 scope
+ [ -n "$uplink" ] || return
+
+ network_get_device updevice "$uplink" || {
+ procd_append_param error "$uplink is not up"
+ return;
+ }
- proxy=""
+ config_get downlinks $1 downlink
+ for downlink in $downlinks; do
+ local device
- network_get_device updev $uplink
- [ -n "$updev" ] || return 0
+ network_get_device device "$downlink" || {
+ procd_append_param error "$downlink is not up"
+ continue;
+ }
- for network in $downlink; do
- network_get_device downdev $network
- [ -n "$downdev" ] && proxy="$proxy,$downdev"
+ proxy="$proxy,$device"
- # Disable in-kernel querier while ours is active
- [ -f /sys/class/net/$downdev/bridge/multicast_querier ] && \
- echo 0 > /sys/class/net/$downdev/bridge/multicast_querier
+ # Disable in-kernel querier while ours is active, default is 1.
+ [ -f /sys/class/net/$device/bridge/multicast_querier ] && \
+ echo 0 > /sys/class/net/$device/bridge/multicast_querier
done
[ -n "$proxy" ] || return 0
- [ -n "$scope" ] && proxy="$proxy,scope=$scope"
- PROXIES="$PROXIES $updev$proxy"
+ config_get scope $1 scope
+ [ -n "$scope" ] && proxy="$proxy,scope=$scope"
+ PROXIES="$PROXIES $updevice$proxy"
}
-omcproxy_add_trigger() {
- local uplink downlink
+omcproxy_add_network_triggers() {
+ local uplink downlinks
+
config_get uplink $1 uplink
- config_get downlink $1 downlink
+ config_get downlinks $1 downlink
- for network in $uplink $downlink; do
- procd_add_interface_trigger "interface.*" $network /etc/init.d/omcproxy restart
+ for link in $uplink $downlinks; do
+ procd_add_interface_trigger "interface.*" $link /etc/init.d/omcproxy restart
done
}
-omcproxy_add_firewall() {
+omcproxy_add_firewall_rules() {
+ local uplink downlinks
+
config_get uplink $1 uplink
- config_get downlink $1 downlink
+ config_get downlinks $1 downlink
upzone=$(fw3 -q network $uplink 2>/dev/null)
[ -n "$upzone" ] || return 0
json_add_object ""
json_add_string type rule
json_add_string src "$upzone"
+ json_add_string family ipv4
json_add_string proto igmp
json_add_string target ACCEPT
json_close_object
json_add_string target ACCEPT
json_close_object
- for network in $downlink; do
- downzone=$(fw3 -q network $network 2>/dev/null)
+ for downlink in $downlinks; do
+ downzone=$(fw3 -q network $downlink 2>/dev/null)
[ -n "$downzone" ] || continue
json_add_object ""
json_add_string src "$upzone"
json_add_string dest "$downzone"
json_add_string family ipv4
- json_add_string proto any
+ json_add_string proto udp
json_add_string dest_ip "224.0.0.0/4"
json_add_string target ACCEPT
json_close_object
json_add_string src "$upzone"
json_add_string dest "$downzone"
json_add_string family ipv6
- json_add_string proto any
+ json_add_string proto udp
json_add_string dest_ip "ff00::/8"
json_add_string target ACCEPT
json_close_object
service_triggers() {
procd_add_reload_trigger "omcproxy"
+ config_foreach omcproxy_add_network_triggers proxy
}
start_service() {
- include /lib/functions
+ . /lib/functions/network.sh
config_load omcproxy
- config_foreach omcproxy_add_proxy proxy
+ config_foreach omcproxy_add_proxy proxy
[ -n "$PROXIES" ] || return 0
procd_open_instance
procd_append_param command $PROXIES
procd_set_param respawn
- procd_open_trigger
- config_foreach omcproxy_add_trigger proxy
- procd_close_trigger
-
procd_open_data
json_add_array firewall
- config_foreach omcproxy_add_firewall proxy
+ config_foreach omcproxy_add_firewall_rules proxy
json_close_array
procd_close_data
procd_close_instance
- # Increase maximum IPv4 group memberships per socket
+ # Increase maximum IPv4 group memberships per socket, default is 100.
echo 128 > /proc/sys/net/ipv4/igmp_max_memberships
}
service_started() {
procd_set_config_changed firewall
}
+
+stop_service() {
+ procd_set_config_changed firewall
+}