net/pbr/Makefile

   1 # Copyright 2017-2022 Stan Grishin (stangri@melmac.ca)
   2 # This is free software, licensed under the GNU General Public License v3.
   3
   4 include $(TOPDIR)/rules.mk
   5
   6 PKG_NAME:=pbr
   7 PKG_VERSION:=1.0.1
   8 PKG_RELEASE:=14
   9 PKG_LICENSE:=GPL-3.0-or-later
  10 PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
  11
  12 include $(INCLUDE_DIR)/package.mk
  13
  14 define Package/pbr/Default
  15   SECTION:=net
  16   CATEGORY:=Network
  17   SUBMENU:=Routing and Redirection
  18   TITLE:=Policy Based Routing Service
  19   URL:=https://docs.openwrt.melmac.net/pbr/
  20   DEPENDS:=+ip-full +jshn +jsonfilter +libubus +resolveip
  21   CONFLICTS:=vpnbypass vpn-policy-routing
  22   PKGARCH:=all
  23 endef
  24
  25 define Package/pbr
  26 $(call Package/pbr/Default)
  27   TITLE+= with nft/nft set support
  28   DEPENDS+=+kmod-nft-core +kmod-nft-nat +nftables-json
  29   VARIANT:=nftables
  30   PROVIDES:=vpnbypass vpn-policy-routing
  31   DEFAULT_VARIANT:=1
  32 endef
  33
  34 define Package/pbr-iptables
  35 $(call Package/pbr/Default)
  36   TITLE+= with iptables/ipset support
  37   DEPENDS+=+ipset +iptables +kmod-ipt-ipset +iptables-mod-ipopt
  38   VARIANT:=iptables
  39   PROVIDES:=pbr
  40 endef
  41
  42 define Package/pbr-netifd
  43 $(call Package/pbr/Default)
  44   TITLE+= with netifd support
  45   VARIANT:=netifd
  46   PROVIDES:=pbr
  47 endef
  48
  49 define Package/pbr/description
  50 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
  51 This version supports OpenWrt with both firewall3/ipset/iptables and firewall4/nft.
  52 endef
  53
  54 define Package/pbr-iptables/description
  55 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
  56 This version supports OpenWrt with firewall3/ipset/iptables.
  57 endef
  58
  59 define Package/pbr-netifd/description
  60 This service enables policy-based routing for WAN interfaces and various VPN tunnels.
  61 This version supports OpenWrt with both firewall3/ipset/iptables and firewall4/nft.
  62 This version uses OpenWrt native netifd/tables to set up interfaces. This is WIP.
  63 endef
  64
  65 define Package/pbr/conffiles
  66 /etc/config/pbr
  67 endef
  68
  69 Package/pbr-iptables/conffiles = $(Package/pbr/conffiles)
  70 Package/pbr-netifd/conffiles = $(Package/pbr/conffiles)
  71
  72 define Build/Configure
  73 endef
  74
  75 define Build/Compile
  76 endef
  77
  78 define Package/pbr/default/install
  79         $(INSTALL_DIR) $(1)/etc/init.d
  80         $(INSTALL_BIN) ./files/etc/init.d/pbr.init $(1)/etc/init.d/pbr
  81         $(SED) "s|^\(readonly PKG_VERSION\).*|\1='$(PKG_VERSION)-$(PKG_RELEASE)'|" $(1)/etc/init.d/pbr
  82         $(INSTALL_DIR) $(1)/etc/hotplug.d/firewall
  83         $(INSTALL_DIR) $(1)/etc/hotplug.d/iface
  84         $(INSTALL_DATA) ./files/etc/hotplug.d/iface/70-pbr $(1)/etc/hotplug.d/iface/70-pbr
  85         $(INSTALL_DIR) $(1)/etc/uci-defaults
  86         $(INSTALL_BIN)  ./files/etc/uci-defaults/90-pbr $(1)/etc/uci-defaults/90-pbr
  87         $(INSTALL_DIR) $(1)/usr/share/pbr
  88         $(INSTALL_DATA) ./files/usr/share/pbr/pbr.firewall.include $(1)/usr/share/pbr/pbr.firewall.include
  89         $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.aws $(1)/usr/share/pbr/pbr.user.aws
  90         $(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.netflix $(1)/usr/share/pbr/pbr.user.netflix
  91 endef
  92
  93 define Package/pbr/install
  94 $(call Package/pbr/default/install,$(1))
  95         $(INSTALL_DIR) $(1)/etc/config
  96         $(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
  97         $(INSTALL_DIR) $(1)/usr/share/nftables.d
  98         $(CP) ./files/usr/share/nftables.d/* $(1)/usr/share/nftables.d/
  99 endef
 100
 101 define Package/pbr-iptables/install
 102 $(call Package/pbr/default/install,$(1))
 103         $(INSTALL_DIR) $(1)/etc/config
 104         $(INSTALL_CONF) ./files/etc/config/pbr.iptables $(1)/etc/config/pbr
 105 endef
 106
 107 define Package/pbr-netifd/install
 108 $(call Package/pbr/default/install,$(1))
 109         $(INSTALL_DIR) $(1)/etc/config
 110         $(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
 111         $(INSTALL_DIR) $(1)/etc/uci-defaults
 112         $(INSTALL_BIN)  ./files/etc/uci-defaults/91-pbr $(1)/etc/uci-defaults/91-pbr
 113 endef
 114
 115 define Package/pbr/postinst
 116         #!/bin/sh
 117         # check if we are on real system
 118         if [ -z "$${IPKG_INSTROOT}" ]; then
 119                 chmod -x /etc/init.d/pbr || true
 120                 fw4 -q reload || true
 121                 chmod +x /etc/init.d/pbr || true
 122                 echo -n "Installing rc.d symlink for pbr... "
 123                 /etc/init.d/pbr enable && echo "OK" || echo "FAIL"
 124         fi
 125         exit 0
 126 endef
 127
 128 define Package/pbr/prerm
 129         #!/bin/sh
 130         # check if we are on real system
 131         if [ -z "$${IPKG_INSTROOT}" ]; then
 132                 uci -q delete firewall.pbr || true
 133                 echo -n "Stopping pbr service... "
 134                 /etc/init.d/pbr stop && echo "OK" || echo "FAIL"
 135                 echo -n "Removing rc.d symlink for pbr... "
 136                 /etc/init.d/pbr disable && echo "OK" || echo "FAIL"
 137         fi
 138         exit 0
 139 endef
 140
 141 define Package/pbr/postrm
 142         #!/bin/sh
 143         # check if we are on real system
 144         if [ -z "$${IPKG_INSTROOT}" ]; then
 145                 fw4 -q reload || true
 146         fi
 147         exit 0
 148 endef
 149
 150 define Package/pbr-iptables/postinst
 151         #!/bin/sh
 152         # check if we are on real system
 153         if [ -z "$${IPKG_INSTROOT}" ]; then
 154                 echo -n "Installing rc.d symlink for pbr-iptables... "
 155                 /etc/init.d/pbr enable && echo "OK" || echo "FAIL"
 156         fi
 157         exit 0
 158 endef
 159
 160 define Package/pbr-iptables/prerm
 161         #!/bin/sh
 162         # check if we are on real system
 163         if [ -z "$${IPKG_INSTROOT}" ]; then
 164                 uci -q delete firewall.pbr || true
 165                 echo -n "Stopping pbr-iptables service... "
 166                 /etc/init.d/pbr stop && echo "OK" || echo "FAIL"
 167                 echo -n "Removing rc.d symlink for pbr-iptables... "
 168                 /etc/init.d/pbr disable && echo "OK" || echo "FAIL"
 169         fi
 170         exit 0
 171 endef
 172
 173 define Package/pbr-netifd/postinst
 174         #!/bin/sh
 175         # check if we are on real system
 176         if [ -z "$${IPKG_INSTROOT}" ]; then
 177                 echo -n "Installing rc.d symlink for pbr-netifd... "
 178                 /etc/init.d/pbr enable && echo "OK" || echo "FAIL"
 179         fi
 180         exit 0
 181 endef
 182
 183 define Package/pbr-netifd/prerm
 184         #!/bin/sh
 185         # check if we are on real system
 186         if [ -z "$${IPKG_INSTROOT}" ]; then
 187                 uci -q delete firewall.pbr || true
 188                 echo -n "Stopping pbr-netifd service... "
 189                 /etc/init.d/pbr stop && echo "OK" || echo "FAIL"
 190                 echo -n "Removing rc.d symlink for pbr... "
 191                 /etc/init.d/pbr disable && echo "OK" || echo "FAIL"
 192         fi
 193         exit 0
 194 endef
 195
 196 $(eval $(call BuildPackage,pbr))
 197 $(eval $(call BuildPackage,pbr-iptables))
 198 #$(eval $(call BuildPackage,pbr-netifd))