net/pbr/Makefile

   1 # Copyright 2017-2022 Stan Grishin (stangri@melmac.ca)
   2 # This is free software, licensed under the GNU General Public License v3.
   3
   4 include $(TOPDIR)/rules.mk
   5
   6 PKG_NAME:=pbr
   7 PKG_VERSION:=1.0.1
   8 PKG_RELEASE:=1
   9 PKG_LICENSE:=GPL-3.0-or-later
  10 PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
  11
  12 include $(INCLUDE_DIR)/package.mk
  13
  14 define Package/pbr/default
  15   SECTION:=net
  16   CATEGORY:=Network
  17   SUBMENU:=VPN
  18   PROVIDES:=pbr
  19   TITLE:=Policy Based Routing Service
  20   URL:=https://docs.openwrt.melmac.net/pbr/
  21   DEPENDS:=+ip-full +jshn +jsonfilter +resolveip
  22   CONFLICTS:=vpnbypass vpn-policy-routing
  23   PROVIDES:=pbr vpnbypass vpn-policy-routing
  24   PKGARCH:=all
  25 endef
  26
  27 define Package/pbr
  28 $(call Package/pbr/default)
  29         TITLE+= with nft/nft set support
  30         DEPENDS+=+firewall4 +kmod-nft-core +kmod-nft-nat +nftables-json
  31 endef
  32
  33 define Package/pbr-iptables
  34 $(call Package/pbr/default)
  35         TITLE+= with iptables/ipset support
  36         DEPENDS+=+ipset +iptables +kmod-ipt-ipset +iptables-mod-ipopt
  37 endef
  38
  39 define Package/pbr-netifd
  40 $(call Package/pbr/default)
  41         TITLE+= with netifd support
  42 endef
  43
  44 define Package/pbr/description
  45 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
  46 This version supports OpenWrt with both fw3/ipset/iptables and fw4/nft.
  47 endef
  48
  49 define Package/pbr-iptables/description
  50 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
  51 This version supports OpenWrt with fw3/ipset/iptables.
  52 endef
  53
  54 define Package/pbr-netifd/description
  55 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
  56 This version supports OpenWrt with both fw3/ipset/iptables and fw4/nft.
  57 This version uses OpenWrt native netifd/tables to set up interfaces. This is WIP.
  58 endef
  59
  60 define Package/pbr/conffiles
  61 /etc/config/pbr
  62 endef
  63
  64 Package/pbr-iptables/conffiles = $(Package/pbr/conffiles)
  65 Package/pbr-netifd/conffiles = $(Package/pbr/conffiles)
  66
  67 define Build/Configure
  68 endef
  69
  70 define Build/Compile
  71 endef
  72
  73 define Package/pbr/default/install
  74         $(INSTALL_DIR) $(1)/etc/init.d
  75         $(INSTALL_BIN) ./files/etc/init.d/pbr.init $(1)/etc/init.d/pbr
  76         $(SED) "s|^\(readonly PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/pbr
  77         $(INSTALL_DIR) $(1)/etc/hotplug.d/firewall
  78         $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
  79         $(INSTALL_DATA) ./files/etc/hotplug.d/iface/70-pbr $(1)/etc/hotplug.d/iface/70-pbr
  80         $(INSTALL_DIR) $(1)/etc/uci-defaults
  81         $(INSTALL_BIN)  ./files/etc/uci-defaults/90-pbr $(1)/etc/uci-defaults/90-pbr
  82         $(INSTALL_DIR) $(1)/usr/share/pbr
  83         $(INSTALL_DATA) ./files/usr/share/pbr/pbr.firewall.include $(1)/usr/share/pbr/pbr.firewall.include
  84         $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.aws $(1)/usr/share/pbr/pbr.user.aws
  85         $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.netflix $(1)/usr/share/pbr/pbr.user.netflix
  86 endef
  87
  88 define Package/pbr/install
  89 $(call Package/pbr/default/install,$(1))
  90         $(INSTALL_DIR) $(1)/etc/config
  91         $(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
  92         $(INSTALL_DIR) $(1)/usr/share/nftables.d
  93         $(CP) ./files/usr/share/nftables.d/* $(1)/usr/share/nftables.d/
  94 endef
  95
  96 define Package/pbr-iptables/install
  97 $(call Package/pbr/default/install,$(1))
  98         $(INSTALL_DIR) $(1)/etc/config
  99         $(INSTALL_CONF) ./files/etc/config/pbr.iptables $(1)/etc/config/pbr
 100 endef
 101
 102 define Package/pbr-netifd/install
 103 $(call Package/pbr/default/install,$(1))
 104         $(INSTALL_DIR) $(1)/etc/config
 105         $(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
 106         $(INSTALL_DIR) $(1)/etc/uci-defaults
 107         $(INSTALL_BIN)  ./files/etc/uci-defaults/91-pbr $(1)/etc/uci-defaults/91-pbr
 108 endef
 109
 110 define Package/pbr/postinst
 111         #!/bin/sh
 112         # check if we are on real system
 113         if [ -z "$${IPKG_INSTROOT}" ]; then
 114                 chmod -x /etc/init.d/pbr || true
 115                 fw4 -q reload || true
 116                 chmod +x /etc/init.d/pbr || true
 117                 echo -n "Installing rc.d symlink for pbr... "
 118                 /etc/init.d/pbr enable && echo "OK" || echo "FAIL"
 119         fi
 120         exit 0
 121 endef
 122
 123 define Package/pbr/prerm
 124         #!/bin/sh
 125         # check if we are on real system
 126         if [ -z "$${IPKG_INSTROOT}" ]; then
 127                 uci -q delete firewall.pbr || true
 128                 echo "Stopping pbr service... "
 129                 /etc/init.d/pbr stop || true
 130                 echo -n "Removing rc.d symlink for pbr... "
 131                 /etc/init.d/pbr disable && echo "OK" || echo "FAIL"
 132         fi
 133         exit 0
 134 endef
 135
 136 define Package/pbr/postrm
 137         #!/bin/sh
 138         # check if we are on real system
 139         if [ -z "$${IPKG_INSTROOT}" ]; then
 140                 fw4 -q reload || true
 141         fi
 142         exit 0
 143 endef
 144
 145 define Package/pbr-iptables/postinst
 146         #!/bin/sh
 147         # check if we are on real system
 148         if [ -z "$${IPKG_INSTROOT}" ]; then
 149                 echo -n "Installing rc.d symlink for pbr... "
 150                 /etc/init.d/pbr enable && echo "OK" || echo "FAIL"
 151         fi
 152         exit 0
 153 endef
 154
 155 define Package/pbr-iptables/prerm
 156         #!/bin/sh
 157         # check if we are on real system
 158         if [ -z "$${IPKG_INSTROOT}" ]; then
 159                 uci -q delete firewall.pbr || true
 160                 echo "Stopping pbr service... "
 161                 /etc/init.d/pbr stop || true
 162                 echo -n "Removing rc.d symlink for pbr... "
 163                 /etc/init.d/pbr disable && echo "OK" || echo "FAIL"
 164         fi
 165         exit 0
 166 endef
 167
 168 define Package/pbr-netifd/postinst
 169         #!/bin/sh
 170         # check if we are on real system
 171         if [ -z "$${IPKG_INSTROOT}" ]; then
 172                 echo -n "Installing rc.d symlink for pbr... "
 173                 /etc/init.d/pbr enable && echo "OK" || echo "FAIL"
 174         #       echo -n "Installing netifd support for pbr... "
 175         #       /etc/init.d/pbr netifd install && echo "OK" || echo "FAIL"
 176         #       echo -n "Restarting network... "
 177         #       /etc/init.d/network restart && echo "OK" || echo "FAIL"
 178         fi
 179         exit 0
 180 endef
 181
 182 define Package/pbr-netifd/prerm
 183         #!/bin/sh
 184         # check if we are on real system
 185         if [ -z "$${IPKG_INSTROOT}" ]; then
 186                 uci -q delete firewall.pbr || true
 187                 echo "Stopping pbr service... "
 188                 /etc/init.d/pbr stop || true
 189         #       echo -n "Removing netifd support for pbr... "
 190         #       /etc/init.d/pbr netifd remove && echo "OK" || echo "FAIL"
 191                 echo -n "Removing rc.d symlink for pbr... "
 192                 /etc/init.d/pbr disable && echo "OK" || echo "FAIL"
 193         #       echo -n "Restarting network... "
 194         #       /etc/init.d/network restart && echo "OK" || echo "FAIL"
 195         fi
 196         exit 0
 197 endef
 198
 199 $(eval $(call BuildPackage,pbr))
 200 $(eval $(call BuildPackage,pbr-iptables))
 201 #$(eval $(call BuildPackage,pbr-netifd))