blob: a1297920870488a7e56eae23e3f7cba3af0d65e9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
#!/bin/sh /etc/rc.common
# Copyright (C) 2010-2014 OpenWrt.org
START=99
USE_PROCD=1
PROG=/usr/sbin/omcproxy
# Uncomment to enable verbosity
#OPTIONS="-v"
PROXIES=""
omcproxy_add_proxy() {
local uplink downlink scope proxy
config_get uplink $1 uplink
config_get downlink $1 downlink
config_get scope $1 scope
proxy=""
network_get_device updev $uplink
[ -n "$updev" ] || return 0
for network in $downlink; do
network_get_device downdev $network
[ -n "$downdev" ] && proxy="$proxy,$downdev"
# Disable in-kernel querier while ours is active
[ -f /sys/class/net/$downdev/bridge/multicast_querier ] && \
echo 0 > /sys/class/net/$downdev/bridge/multicast_querier
done
[ -n "$proxy" ] || return 0
[ -n "$scope" ] && proxy="$proxy,scope=$scope"
PROXIES="$PROXIES $updev$proxy"
}
omcproxy_add_trigger() {
local uplink downlink
config_get uplink $1 uplink
config_get downlink $1 downlink
for network in $uplink $downlink; do
procd_add_interface_trigger "interface.*" $network /etc/init.d/omcproxy restart
done
}
omcproxy_add_firewall() {
config_get uplink $1 uplink
config_get downlink $1 downlink
upzone=$(fw3 network $uplink)
[ -n "$upzone" ] || return 0
json_add_object ""
json_add_string type rule
json_add_string src "$upzone"
json_add_string proto igmp
json_add_string target ACCEPT
json_close_object
json_add_object ""
json_add_string type rule
json_add_string family ipv6
json_add_string src "$upzone"
json_add_string proto icmp
json_add_string src_ip fe80::/10
json_add_array icmp_type
json_add_string "" 130/0
json_add_string "" 131/0
json_add_string "" 132/0
json_add_string "" 143/0
json_close_array
json_add_string target ACCEPT
json_close_object
for network in $downlink; do
downzone=$(fw3 network $network)
[ -n "$downzone" ] || continue
json_add_object ""
json_add_string type rule
json_add_string src "$upzone"
json_add_string dest "$downzone"
json_add_string family ipv4
json_add_string proto any
json_add_string dest_ip "224.0.0.0/4"
json_add_string target ACCEPT
json_close_object
json_add_object ""
json_add_string type rule
json_add_string src "$upzone"
json_add_string dest "$downzone"
json_add_string family ipv6
json_add_string proto any
json_add_string dest_ip "ff00::/8"
json_add_string target ACCEPT
json_close_object
done
}
service_triggers() {
procd_add_reload_trigger "omcproxy"
}
start_service() {
include /lib/functions
config_load omcproxy
config_foreach omcproxy_add_proxy proxy
[ -n "$PROXIES" ] || return 0
procd_open_instance
procd_set_param command $PROG
[ -n "$OPTIONS" ] && procd_append_param command $OPTIONS
procd_append_param command $PROXIES
procd_set_param respawn
procd_open_trigger
config_foreach omcproxy_add_trigger proxy
procd_close_trigger
procd_open_data
json_add_array firewall
config_foreach omcproxy_add_firewall proxy
json_close_array
procd_close_data
procd_close_instance
# Increase maximum IPv4 group memberships per socket
echo 128 > /proc/sys/net/ipv4/igmp_max_memberships
}
service_started() {
procd_set_config_changed firewall
}
|
