net/pbr/Makefile

   1 # Copyright 2017-2022 Stan Grishin (stangri@melmac.ca)
   2 # This is free software, licensed under the GNU General Public License v3.
   3
   4 include $(TOPDIR)/rules.mk
   5
   6 PKG_NAME:=pbr
   7 PKG_VERSION:=1.0.1
   8 PKG_RELEASE:=4
   9 PKG_LICENSE:=GPL-3.0-or-later
  10 PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
  11
  12 include $(INCLUDE_DIR)/package.mk
  13
  14 define Package/pbr/default
  15   SECTION:=net
  16   CATEGORY:=Network
  17   SUBMENU:=VPN
  18   PROVIDES:=pbr
  19   TITLE:=Policy Based Routing Service
  20   URL:=https://docs.openwrt.melmac.net/pbr/
  21   DEPENDS:=+ip-full +jshn +jsonfilter +resolveip
  22   CONFLICTS:=vpnbypass vpn-policy-routing
  23   PKGARCH:=all
  24 endef
  25
  26 define Package/pbr
  27 $(call Package/pbr/default)
  28   TITLE+= with nft/nft set support
  29   DEPENDS+=+firewall4 +kmod-nft-core +kmod-nft-nat +nftables-json
  30   PROVIDES:=vpnbypass vpn-policy-routing
  31 endef
  32
  33 define Package/pbr-iptables
  34 $(call Package/pbr/default)
  35   TITLE+= with iptables/ipset support
  36   DEPENDS+=+ipset +iptables +kmod-ipt-ipset +iptables-mod-ipopt
  37   PROVIDES:=pbr vpnbypass vpn-policy-routing
  38 endef
  39
  40 define Package/pbr-netifd
  41 $(call Package/pbr/default)
  42   TITLE+= with netifd support
  43   PROVIDES:=pbr vpnbypass vpn-policy-routing
  44 endef
  45
  46 define Package/pbr/description
  47 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
  48 This version supports OpenWrt with both fw3/ipset/iptables and fw4/nft.
  49 endef
  50
  51 define Package/pbr-iptables/description
  52 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
  53 This version supports OpenWrt with fw3/ipset/iptables.
  54 endef
  55
  56 define Package/pbr-netifd/description
  57 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
  58 This version supports OpenWrt with both fw3/ipset/iptables and fw4/nft.
  59 This version uses OpenWrt native netifd/tables to set up interfaces. This is WIP.
  60 endef
  61
  62 define Package/pbr/conffiles
  63 /etc/config/pbr
  64 endef
  65
  66 Package/pbr-iptables/conffiles = $(Package/pbr/conffiles)
  67 Package/pbr-netifd/conffiles = $(Package/pbr/conffiles)
  68
  69 define Build/Configure
  70 endef
  71
  72 define Build/Compile
  73 endef
  74
  75 define Package/pbr/default/install
  76         $(INSTALL_DIR) $(1)/etc/init.d
  77         $(INSTALL_BIN) ./files/etc/init.d/pbr.init $(1)/etc/init.d/pbr
  78         $(SED) "s|^\(readonly PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/pbr
  79         $(INSTALL_DIR) $(1)/etc/hotplug.d/firewall
  80         $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
  81         $(INSTALL_DATA) ./files/etc/hotplug.d/iface/70-pbr $(1)/etc/hotplug.d/iface/70-pbr
  82         $(INSTALL_DIR) $(1)/etc/uci-defaults
  83         $(INSTALL_BIN)  ./files/etc/uci-defaults/90-pbr $(1)/etc/uci-defaults/90-pbr
  84         $(INSTALL_DIR) $(1)/usr/share/pbr
  85         $(INSTALL_DATA) ./files/usr/share/pbr/pbr.firewall.include $(1)/usr/share/pbr/pbr.firewall.include
  86         $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.aws $(1)/usr/share/pbr/pbr.user.aws
  87         $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.netflix $(1)/usr/share/pbr/pbr.user.netflix
  88 endef
  89
  90 define Package/pbr/install
  91 $(call Package/pbr/default/install,$(1))
  92         $(INSTALL_DIR) $(1)/etc/config
  93         $(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
  94         $(INSTALL_DIR) $(1)/usr/share/nftables.d
  95         $(CP) ./files/usr/share/nftables.d/* $(1)/usr/share/nftables.d/
  96 endef
  97
  98 define Package/pbr-iptables/install
  99 $(call Package/pbr/default/install,$(1))
 100         $(INSTALL_DIR) $(1)/etc/config
 101         $(INSTALL_CONF) ./files/etc/config/pbr.iptables $(1)/etc/config/pbr
 102 endef
 103
 104 define Package/pbr-netifd/install
 105 $(call Package/pbr/default/install,$(1))
 106         $(INSTALL_DIR) $(1)/etc/config
 107         $(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
 108         $(INSTALL_DIR) $(1)/etc/uci-defaults
 109         $(INSTALL_BIN)  ./files/etc/uci-defaults/91-pbr $(1)/etc/uci-defaults/91-pbr
 110 endef
 111
 112 define Package/pbr/postinst
 113         #!/bin/sh
 114         # check if we are on real system
 115         if [ -z "$${IPKG_INSTROOT}" ]; then
 116                 chmod -x /etc/init.d/pbr || true
 117                 fw4 -q reload || true
 118                 chmod +x /etc/init.d/pbr || true
 119                 echo -n "Installing rc.d symlink for pbr... "
 120                 /etc/init.d/pbr enable && echo "OK" || echo "FAIL"
 121         fi
 122         exit 0
 123 endef
 124
 125 define Package/pbr/prerm
 126         #!/bin/sh
 127         # check if we are on real system
 128         if [ -z "$${IPKG_INSTROOT}" ]; then
 129                 uci -q delete firewall.pbr || true
 130                 echo "Stopping pbr service... "
 131                 /etc/init.d/pbr stop || true
 132                 echo -n "Removing rc.d symlink for pbr... "
 133                 /etc/init.d/pbr disable && echo "OK" || echo "FAIL"
 134         fi
 135         exit 0
 136 endef
 137
 138 define Package/pbr/postrm
 139         #!/bin/sh
 140         # check if we are on real system
 141         if [ -z "$${IPKG_INSTROOT}" ]; then
 142                 fw4 -q reload || true
 143         fi
 144         exit 0
 145 endef
 146
 147 define Package/pbr-iptables/postinst
 148         #!/bin/sh
 149         # check if we are on real system
 150         if [ -z "$${IPKG_INSTROOT}" ]; then
 151                 echo -n "Installing rc.d symlink for pbr... "
 152                 /etc/init.d/pbr enable && echo "OK" || echo "FAIL"
 153         fi
 154         exit 0
 155 endef
 156
 157 define Package/pbr-iptables/prerm
 158         #!/bin/sh
 159         # check if we are on real system
 160         if [ -z "$${IPKG_INSTROOT}" ]; then
 161                 uci -q delete firewall.pbr || true
 162                 echo "Stopping pbr service... "
 163                 /etc/init.d/pbr stop || true
 164                 echo -n "Removing rc.d symlink for pbr... "
 165                 /etc/init.d/pbr disable && echo "OK" || echo "FAIL"
 166         fi
 167         exit 0
 168 endef
 169
 170 define Package/pbr-netifd/postinst
 171         #!/bin/sh
 172         # check if we are on real system
 173         if [ -z "$${IPKG_INSTROOT}" ]; then
 174                 echo -n "Installing rc.d symlink for pbr... "
 175                 /etc/init.d/pbr enable && echo "OK" || echo "FAIL"
 176         #       echo -n "Installing netifd support for pbr... "
 177         #       /etc/init.d/pbr netifd install && echo "OK" || echo "FAIL"
 178         #       echo -n "Restarting network... "
 179         #       /etc/init.d/network restart && echo "OK" || echo "FAIL"
 180         fi
 181         exit 0
 182 endef
 183
 184 define Package/pbr-netifd/prerm
 185         #!/bin/sh
 186         # check if we are on real system
 187         if [ -z "$${IPKG_INSTROOT}" ]; then
 188                 uci -q delete firewall.pbr || true
 189                 echo "Stopping pbr service... "
 190                 /etc/init.d/pbr stop || true
 191         #       echo -n "Removing netifd support for pbr... "
 192         #       /etc/init.d/pbr netifd remove && echo "OK" || echo "FAIL"
 193                 echo -n "Removing rc.d symlink for pbr... "
 194                 /etc/init.d/pbr disable && echo "OK" || echo "FAIL"
 195         #       echo -n "Restarting network... "
 196         #       /etc/init.d/network restart && echo "OK" || echo "FAIL"
 197         fi
 198         exit 0
 199 endef
 200
 201 $(eval $(call BuildPackage,pbr))
 202 $(eval $(call BuildPackage,pbr-iptables))
 203 #$(eval $(call BuildPackage,pbr-netifd))