[openwrt/openwrt] unetd: add WireGuard based VPN connection manager for OpenWrt

LEDE Commits lede-commits at lists.infradead.org
Sat Aug 27 06:45:20 PDT 2022 

nbd pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/104de8abe455405d43133edc551d50645934d5be

commit 104de8abe455405d43133edc551d50645934d5be
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Tue Aug 23 23:29:52 2022 +0200

    unetd: add WireGuard based VPN connection manager for OpenWrt
    
    This package simplifies setting up wireguard networks on OpenWrt by a wireguard
    network as a JSON file, which can be shared across all participating nodes.
    It can be signed with an authentication key and automatically kept in sync.
    unetd also supports deterministically generating ipv6 addresses for each host
    based on the public key and storing those in a hosts file that can be used with
    dnsmasq. It also supports automatically creating VXLAN tunnels between multiple
    endpoints.
    
    Signed-off-by: Felix Fietkau <nbd at nbd.name>
---
 package/network/services/unetd/Makefile         | 83 +++++++++++++++++++++++
 package/network/services/unetd/files/unetd.init | 17 +++++
 package/network/services/unetd/files/unetd.sh   | 87 +++++++++++++++++++++++++
 3 files changed, 187 insertions(+)

diff --git a/package/network/services/unetd/Makefile b/package/network/services/unetd/Makefile
new file mode 100644
index 0000000000..3a61ed43bb
--- /dev/null
+++ b/package/network/services/unetd/Makefile
@@ -0,0 +1,83 @@
+#
+# Copyright (C) 2022 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=unetd
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL=$(PROJECT_GIT)/project/unetd.git
+PKG_SOURCE_DATE:=2022-08-25
+PKG_SOURCE_VERSION:=d8220b098010041232374761fee258a8deff0865
+PKG_MIRROR_HASH:=6efced0eb451f6ac5d7facec3f45ce7f6928fae4481650ffcebf3b6434478550
+
+PKG_LICENSE:=GPL-2.0
+PKG_MAINTAINER:=Felix Fietkau <nbd at nbd.name>
+
+PKG_BUILD_DEPENDS:=bpf-headers
+
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+include $(INCLUDE_DIR)/bpf.mk
+include $(INCLUDE_DIR)/nls.mk
+
+define Package/unetd
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=WireGuard based VPN connection manager for OpenWrt
+  DEPENDS:=+libubox +libubus +libblobmsg-json +libnl-tiny +kmod-wireguard +libbpf $(BPF_DEPENDS)
+endef
+
+define Package/unet-cli
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=unetd +ucode +ucode-mod-fs
+  TITLE:=unetd administration command line utility
+endef
+
+TARGET_CFLAGS += \
+	-I$(STAGING_DIR)/usr/include/libnl-tiny \
+	-I$(STAGING_DIR)/usr/include
+
+CMAKE_OPTIONS += \
+	-DLIBNL_LIBS=-lnl-tiny
+
+define Build/Compile
+	$(call CompileBPF,$(PKG_BUILD_DIR)/mss-bpf.c)
+	$(call Build/Compile/Default,)
+endef
+
+define Package/unetd/conffiles
+/etc/unetd
+endef
+
+define Package/unetd/install
+	$(INSTALL_DIR) \
+		$(1)/etc/unetd \
+		$(1)/lib/bpf \
+		$(1)/etc/init.d \
+		$(1)/lib/netifd/proto \
+		$(1)/usr/sbin \
+		$(1)/usr/lib
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libunet.so* $(1)/usr/lib/
+	$(INSTALL_BIN) \
+		$(PKG_INSTALL_DIR)/usr/sbin/unetd \
+		$(PKG_INSTALL_DIR)/usr/sbin/unet-tool \
+		$(1)/usr/sbin/
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/mss-bpf.o $(1)/lib/bpf/mss.o
+	$(INSTALL_BIN) ./files/unetd.init $(1)/etc/init.d/unetd
+	$(INSTALL_BIN) ./files/unetd.sh $(1)/lib/netifd/proto
+endef
+
+define Package/unet-cli/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/scripts/unet-cli $(1)/usr/sbin
+endef
+
+$(eval $(call BuildPackage,unetd))
+$(eval $(call BuildPackage,unet-cli))
diff --git a/package/network/services/unetd/files/unetd.init b/package/network/services/unetd/files/unetd.init
new file mode 100644
index 0000000000..0ec48b2b92
--- /dev/null
+++ b/package/network/services/unetd/files/unetd.init
@@ -0,0 +1,17 @@
+#!/bin/sh /etc/rc.common
+# Copyright (c) 2022 OpenWrt.org
+
+START=19
+
+USE_PROCD=1
+PROG=/usr/sbin/unetd
+
+start_service() {
+	mkdir -p /var/run/unetd /etc/unetd
+
+	procd_open_instance
+	procd_set_param command "$PROG" -h /var/run/unetd/hosts
+	procd_set_param respawn
+	procd_set_param limits core="unlimited"
+	procd_close_instance
+}
diff --git a/package/network/services/unetd/files/unetd.sh b/package/network/services/unetd/files/unetd.sh
new file mode 100644
index 0000000000..8e56fbd869
--- /dev/null
+++ b/package/network/services/unetd/files/unetd.sh
@@ -0,0 +1,87 @@
+#!/bin/sh
+
+[ -x /usr/sbin/unetd ] || exit 0
+
+. /lib/functions.sh
+. /lib/functions/network.sh
+. ../netifd-proto.sh
+
+init_proto "$@"
+
+proto_unet_init_config() {
+	proto_config_add_string device
+	proto_config_add_string type
+	proto_config_add_string auth_key
+	proto_config_add_string key
+	proto_config_add_string file
+	proto_config_add_int keepalive
+	proto_config_add_string domain
+	proto_config_add_string "tunnels:list(string)"
+	proto_config_add_string "connect:list(string)"
+	no_device=1
+	available=1
+	no_proto_task=1
+}
+
+proto_unet_setup() {
+	local config="$1"
+
+	local device type key file keepalive domain tunnels
+	json_get_vars device type auth_key key file keepalive domain tunnels connect
+	device="${device:-$config}"
+
+	[ -n "$auth_key" ] && type="${type:-dynamic}"
+	[ -n "$file" ] && type="${type:-file}"
+
+	json_init
+	json_add_string name "$device"
+	json_add_string type "$type"
+	json_add_string interface "$config"
+	json_add_string auth_key "$auth_key"
+	json_add_string key "$key"
+	json_add_string file "$file"
+	[ -n "$keepalive" ] && json_add_int keepalive "$keepalive"
+	json_add_string domain "$domain"
+
+	json_add_object tunnels
+	for t in $tunnels; do
+		local ifname="${t%%=*}"
+		local service="${t#*=}"
+		[ -n "$ifname" -a -n "$service" -a "$ifname" != "$t" ] || continue
+		json_add_string "$ifname" "$service"
+	done
+	json_close_object
+
+	json_add_array auth_connect
+	for c in $connect; do
+		json_add_string "" "$c"
+	done
+	json_close_array
+
+	ip link del dev "$device" >/dev/null 2>&1
+	ip link add dev "$device" type wireguard || {
+		echo "Could not create wireguard device $device"
+		proto_setup_failed "$config"
+		exit 1
+	}
+
+	ubus call unetd network_add "$(json_dump)"
+}
+
+proto_unet_teardown() {
+	local config="$1"
+	local iface="$2"
+
+	local device
+	json_get_vars device
+	device="${device:-$iface}"
+
+	json_init
+	json_add_string name "$device"
+
+	ip link del dev "$device"
+
+	ubus call unetd network_del "$(json_dump)"
+}
+
+add_protocol unet

More information about the lede-commits mailing list