add sshtunnel, Manages Local and Remote openssh ssh(1) tunnels
authorNuno Goncalves <nunojpg@gmail.com>
Fri, 23 Apr 2010 14:48:26 +0000 (14:48 +0000)
committerNuno Goncalves <nunojpg@gmail.com>
Fri, 23 Apr 2010 14:48:26 +0000 (14:48 +0000)
SVN-Revision: 21111

net/sshtunnel/Makefile [new file with mode: 0644]
net/sshtunnel/files/etc/config/sshtunnel [new file with mode: 0644]
net/sshtunnel/files/etc/init.d/sshtunnel [new file with mode: 0755]
net/sshtunnel/files/usr/bin/sshtunnel.sh [new file with mode: 0755]

diff --git a/net/sshtunnel/Makefile b/net/sshtunnel/Makefile
new file mode 100644 (file)
index 0000000..daf16b2
--- /dev/null
@@ -0,0 +1,39 @@
+# 
+# Copyright (C) 2010 segal.di.ubi.pt 
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=sshtunnel
+PKG_VERSION:=1
+PKG_RELEASE:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/sshtunnel
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=Manages Local and Remote openssh ssh(1) tunnels
+  MAINTAINER:=Nuno Goncalves <nunojpg@gmail.com>
+  DEPENDS:=+openssh-client
+endef
+
+define Package/sshtunnel/description
+Creates openssh ssh(1) Local and Remote tunnels configured in UCI file. Can be user to allow remote connections, possibly over NATed connections or without public IP/DNS
+endef
+
+define Package/sshtunnel/conffiles
+/etc/config/sshtunnel
+endef
+
+define Build/Compile
+endef
+
+define Package/sshtunnel/install
+       $(CP) ./files/* $(1)
+endef
+
+$(eval $(call BuildPackage,sshtunnel))
diff --git a/net/sshtunnel/files/etc/config/sshtunnel b/net/sshtunnel/files/etc/config/sshtunnel
new file mode 100644 (file)
index 0000000..acfd942
--- /dev/null
@@ -0,0 +1,30 @@
+#
+# only authentication supported is public key with indentity file specified
+# pkcs11 support soon
+#
+
+# tunnelR(emote) - when the connection will be initiated to the R(emote) endpoint at
+# remoteaddress:remoteport and then forward to localaddress:localport
+#
+config tunnelR http
+       option user             mourinho
+       option hostname         server.disney.com
+       option identity         /root/.ssh/id_rsa
+       option remoteaddress    *
+       option remoteport       9009
+       option localaddress     192.168.1.13
+       option localport        80
+       option options          '-o ServerAliveCountMax=3 -o ServerAliveInterval=20 -o StrictHostKeyChecking=false'
+
+# tunnelL(ocal) - when the connection will be initiated to the L(ocal) endpoint at
+# localaddress:localport and then forward to remoteaddress:remoteport 
+#
+config tunnelL test
+       option user             mourinho
+       option hostname         server.disney.com
+       option identity         /root/.ssh/id_rsa
+       option localaddress     *
+       option localport        1022
+       option remoteaddress    secretserver.disney.com
+       option remoteport       22
+       option options          '-o ServerAliveCountMax=3 -o ServerAliveInterval=20 -o StrictHostKeyChecking=false'
diff --git a/net/sshtunnel/files/etc/init.d/sshtunnel b/net/sshtunnel/files/etc/init.d/sshtunnel
new file mode 100755 (executable)
index 0000000..569d96f
--- /dev/null
@@ -0,0 +1,74 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+STOP=01
+
+PIDFILE="/tmp/run/sshtunnel"
+
+load_tunnel() {
+       config_get user $1 user
+       config_get hostname $1 hostname
+       config_get identity $1 identity
+       config_get remoteport $1 remoteport
+       config_get localport $1 localport
+       config_get options $1 options '-o ServerAliveCountMax=3 -o ServerAliveInterval=20 -o StrictHostKeyChecking=false'
+       config_get retrydelay $1 retrydelay "10"
+       [ "$cfgtype" = "tunnelL" ] && {
+               config_get localaddress $1 localaddress "127.0.0.1"
+               config_get remoteaddress $1 remoteaddress "*"
+       }
+       [ "$cfgtype" = "tunnelR" ] && {
+               config_get localaddress $1 localaddress "*"
+               config_get remoteaddress $1 remoteaddress "127.0.0.1"
+       }
+
+       local error
+       [ -f "$identity" ]      || error="Identity file $identity not accessible"
+        [ -n "$user" ]                 || error="please set user option"                                                                       
+        [ -n "$hostname" ]     || error="please set hostname option"                                                    
+        [ "$remoteport" -gt 0 -a "$localport" -gt 0 -a "$retrydelay" -ge 0 ]   || error="invalid configuration"
+       [ -n "$error" ] && { logger -p user.err -t "sshtunnel" "$cfgtype $1 not started - $error"; return; }
+
+       [ "$cfgtype" = "tunnelL" ] && {
+               args="-N -i $identity -o PasswordAuthentication=no -o ExitOnForwardFailure=yes $options -L $localaddress:$localport:$remoteaddress:$remoteport $user@$hostname"
+       }
+       [ "$cfgtype" = "tunnelR" ] && {
+               args="-N -i $identity -o PasswordAuthentication=no -o ExitOnForwardFailure=yes $options -R $remoteaddress:$remoteport:$localaddress:$localport $user@$hostname"
+       }
+       
+       /usr/bin/sshtunnel.sh "$args" "$retrydelay" &
+       echo $! >> "$PIDFILE".pids
+       logger -p user.info -t "sshtunnel" "started new $cfgtype $1 (pid=$!;retrydelay=$retrydelay)" 
+}
+
+stop() {
+        if [ -f "$PIDFILE".pids ]
+        then
+                logger -p user.info -t "sshtunnel" "stopping all tunnels"
+                
+                while read pid
+                do
+                       start-stop-daemon -K -p "$PIDFILE"_"$pid".pid
+                       kill $pid
+                       logger -p daemon.info -t "sshtunnel[$pid]" "tunnel stopped"
+               done < "$PIDFILE".pids
+                
+                rm "$PIDFILE".pids
+                
+                logger -p user.info -t "sshtunnel" "all tunnels stopped"
+        else
+                logger -p user.info -t "sshtunnel" "no tunnels running"
+        fi
+}
+
+start() {
+        [ -f "$PIDFILE".pids ] && stop
+        
+        logger -p user.info -t "sshtunnel" "starting all tunnels"
+        
+        config_load sshtunnel
+        config_foreach load_tunnel tunnelR
+        config_foreach load_tunnel tunnelL
+       
+        logger -p user.info -t "sshtunnel" "all tunnels started"
+}
diff --git a/net/sshtunnel/files/usr/bin/sshtunnel.sh b/net/sshtunnel/files/usr/bin/sshtunnel.sh
new file mode 100755 (executable)
index 0000000..eccf07c
--- /dev/null
@@ -0,0 +1,19 @@
+#!/bin/sh 
+
+PIDFILE="/tmp/run/sshtunnel"
+
+args=$1
+retrydelay=$2
+
+while true
+do
+       logger -p daemon.info -t "sshtunnel[$$]" "connecting: ssh $args"
+       
+       start-stop-daemon -S -p "$PIDFILE"_"$$".pid -mx ssh -- $args &>/tmp/log/sshtunnel_$$ 
+       logger -p daemon.err -t "sshtunnel[$$]" < /tmp/log/sshtunnel_$$
+       rm /tmp/log/sshtunnel_$$
+       
+       logger -p daemon.info -t "sshtunnel[$$]" "ssh exited with code $?, retrying in $retrydelay seconds"
+       
+       sleep "$retrydelay" & wait
+done