net/external-protocol/Makefile

   1 include $(TOPDIR)/rules.mk
   2
   3 PKG_NAME:=external-protocol
   4 PKG_VERSION:=20231119
   5 PKG_RELEASE:=1
   6
   7 PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
   8
   9 include $(INCLUDE_DIR)/package.mk
  10
  11 define Package/external-protocol
  12   SECTION:=net
  13   CATEGORY:=Network
  14   TITLE:=externally managed protocol
  15   PKGARCH:=all
  16 endef
  17
  18 define Package/external-protocol/description
  19   external protocol is a general protocol for assisting
  20   setup of many virtual devices that lack proper
  21   protocol support in openwrt. Such as netavark, cni and
  22   netbird for example. External protocol is supposed
  23   to be managed with external software, not directly.
  24
  25   external protocol works automaticly on the background
  26   and sets up netifd details when interface comes up or
  27   goes down. This allows one to easily add interface to
  28   a firewall zone.
  29
  30   as a example use case, podman, with network where it's
  31   internal firewall and portmapper are disabled, control
  32   of firewalling, whether it was exposing ports or
  33   limiting/accepting access between networks, such as
  34   lan can be made through openwrt's own firewalling
  35   configuration if you used external protocol.
  36
  37   podman example configuration could be as following:
  38     - lan network: 10.0.0.0/16 (255.255.0.0)
  39     - container network: 10.129.0.1/24 (255.255.255.0)
  40
  41   Add a network configuration for your container network
  42   using external protocol. Then create firewall zone for it.
  43
  44   You could create a new container/pod with static ip
  45   address 10.129.0.2 (as 10.129.0.1 as container network's
  46   gateway).
  47
  48   Easily define permissions so that local networks can
  49   connect to container network, but not the other way around.
  50   Also you want to allow forwarding from/to wan.
  51
  52   Now, as container cannot access local dns, make a rule for
  53   your firewall to accept connections from container network
  54   to port 53 (dns).
  55
  56   Now all you have to do, is make redirects to your firewall
  57   and point them to 10.129.0.2 and connections from wan are
  58   redirectered to containers/pods.
  59
  60   external protocol also works for other applications as
  61   well that are using veth/tun/etc devices and don't have
  62   a hand-tailored protocol available, such as vpn service
  63   netbird.
  64
  65   Protocol has 3 settings: device, searchdomain and delay.
  66   Sometimes polling interfaces takes some time, and in
  67   that case you might want to add few seconds to delay.
  68   Otherwise, it can be excluded from configuration.
  69   Option for searchdomain is also completely optional.
  70
  71   package was previously known as cni protocol but as
  72   it can be used on so many other things, naming became
  73   mis-leading and it was renamed to external protocol.
  74 endef
  75
  76 define Build/Configure
  77 endef
  78
  79 define Build/Compile
  80 endef
  81
  82 define Package/external-protocol/install
  83         $(INSTALL_DIR) $(1)/lib/netifd/proto
  84         $(INSTALL_BIN) ./files/external.sh $(1)/lib/netifd/proto/external.sh
  85 endef
  86
  87 $(eval $(call BuildPackage,external-protocol))