1 include $(TOPDIR
)/rules.mk
3 PKG_NAME
:=external-protocol
7 PKG_MAINTAINER
:=Oskari Rauta
<oskari.rauta@gmail.com
>
9 include $(INCLUDE_DIR
)/package.mk
11 define Package
/external-protocol
14 TITLE
:=externally managed protocol
18 define Package
/external-protocol
/description
19 external protocol is a general protocol for assisting
20 setup of many virtual devices that lack proper
21 protocol support in openwrt. Such
as netavark
, cni and
22 netbird for example. External protocol is supposed
23 to be managed with external software
, not directly.
25 external protocol works automaticly on the background
26 and sets up netifd details when interface comes up or
27 goes down. This allows one to easily add interface to
30 as a example use case
, podman
, with network where it
's
31 internal firewall and portmapper are disabled, control
32 of firewalling, whether it was exposing ports or
33 limiting/accepting access between networks, such as
34 lan can be made through openwrt's own firewalling
35 configuration if you used external protocol.
37 podman example configuration could be
as following
:
38 - lan network
: 10.0.0.0/16 (255.255.0.0)
39 - container network
: 10.129.0.1/24 (255.255.255.0)
41 Add a network configuration for your container network
42 using external protocol. Then create firewall zone for it.
44 You could create a new container
/pod with static ip
45 address
10.129.0.2 (as 10.129.0.1 as container network
's
48 Easily define permissions so that local networks can
49 connect to container network, but not the other way around.
50 Also you want to allow forwarding from/to wan.
52 Now, as container cannot access local dns, make a rule for
53 your firewall to accept connections from container network
56 Now all you have to do, is make redirects to your firewall
57 and point them to 10.129.0.2 and connections from wan are
58 redirectered to containers/pods.
60 external protocol also works for other applications as
61 well that are using veth/tun/etc devices and don't have
62 a hand-tailored protocol available
, such
as vpn service
65 Protocol has
3 settings
: device
, searchdomain and delay.
66 Sometimes polling interfaces takes some time
, and in
67 that case you might want to add few seconds to delay.
68 Otherwise
, it can be excluded from configuration.
69 Option for searchdomain is also completely optional.
71 package was previously known
as cni protocol but
as
72 it can be used on so many other things
, naming became
73 mis-leading and it was renamed to external protocol.
76 define Build
/Configure
82 define Package
/external-protocol
/install
83 $(INSTALL_DIR
) $(1)/lib
/netifd
/proto
84 $(INSTALL_BIN
) .
/files
/external.sh
$(1)/lib
/netifd
/proto
/external.sh
87 $(eval
$(call BuildPackage
,external-protocol
))