Skip to content

Commit

Permalink
ffac-mesh-vpn-wireguard-owrt19: fix all shellcheck
Browse files Browse the repository at this point in the history
  • Loading branch information
grische committed Nov 20, 2023
1 parent 1af59ce commit 4fa0140
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 45 deletions.
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
#!/bin/sh
#!/bin/busybox sh
# shellcheck shell=dash

if { set -C; 2>/dev/null >/var/lock/checkuplink.lock; }; then
if { set -C; true 2>/dev/null >/var/lock/checkuplink.lock; }; then
trap "rm -f /var/lock/checkuplink.lock" EXIT
else
echo "Lock file exists... exiting"
Expand All @@ -9,53 +10,56 @@ fi

interface_linklocal() {
# We generate a predictable v6 address
local macaddr
#local macaddr="$(echo $(uci get network.wg_mesh.private_key | wg pubkey) |md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/')"
local macaddr="$(printf "%s" "$(uci get network.wg_mesh.private_key | wg pubkey)"|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/')"
local oldIFS="$IFS"; IFS=':'; set -- $macaddr; IFS="$oldIFS"
# shellcheck disable=SC2086
macaddr="$(printf "%s" "$(uci get network.wg_mesh.private_key | wg pubkey)"|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/')"
local oldIFS="$IFS"; IFS=':'; set -- "$macaddr"; IFS="$oldIFS"
echo "fe80::$1$2:$3ff:fe$4:$5$6"
}

clean_port() {
echo "$(echo $1 | sed -r 's/:[0-9]+$|\[|\]//g')"
echo "$1" | sed -r 's/:[0-9]+$|\[|\]//g'
}

check_address_family() {
local peer_endpoint="$1"
local gateway="$(clean_port $peer_endpoint)"
local gateway
gateway="$(clean_port "$peer_endpoint")"
# Check if we have a default route for v6 if not fallback to v4
defgw=$(ip -6 route show table 1 | grep 'default via')
if [ "$?" -eq "0" ]; then
local ipv6="$(gluon-wan nslookup $gateway | grep 'Address [0-9]' | egrep -o '([a-f0-9:]+:+)+[a-f0-9]+')"
echo [$ipv6]$(echo $peer_endpoint | egrep -oe :[0-9]+$)
if ip -6 route show table 1 | grep -q 'default via' > /dev/null
then
local ipv6
ipv6="$(gluon-wan nslookup "$gateway" | grep 'Address [0-9]' | grep -E -o '([a-f0-9:]+:+)+[a-f0-9]+')"
echo "[$ipv6]$(echo "$peer_endpoint" | grep -E -oe ":[0-9]+$")"
else
local ipv4="$(gluon-wan nslookup $gateway | grep 'Address [0-9]' | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")"
echo $ipv4$(echo $peer_endpoint | egrep -oe :[0-9]+$)
local ipv4
ipv4="$(gluon-wan nslookup "$gateway" | grep 'Address [0-9]' | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")"
echo "$ipv4$(echo "$peer_endpoint" | grep -E -oe ":[0-9]+$")"
fi

}

# Do we already have a private-key? If not generate one
temp=$(uci get network.wg_mesh.private_key)
if [ "$?" -ne "0" ]; then
if uci -q get network.wg_mesh.private_key > /dev/nul;
then
uci set network.wg_mesh=interface
uci set network.wg_mesh.private_key=$(wg genkey)
uci set network.wg_mesh.private_key="$(wg genkey)"
uci commit network
fi

# Is wireguard enabled?
if [ "$(uci get wireguard.mesh_vpn.enabled)" == "true" ] || [ "$(uci get wireguard.mesh_vpn.enabled)" == "1" ]; then
if [ "$(uci get wireguard.mesh_vpn.enabled)" = "true" ] || [ "$(uci get wireguard.mesh_vpn.enabled)" = "1" ]; then
#We assume we are not connected by default
CONNECTED=0

MESH_VPN_IFACE=$(uci get wireguard.mesh_vpn.iface)

# Check connectivity to supernode
wget http://[$(wg | grep fe80 | awk '{split($3,A,"/")};{print A[1]}')%$MESH_VPN_IFACE]/ --timeout=5 -O/dev/null -q
if [ "$?" -eq "0" ]; then
GWMAC=$(batctl gwl | grep \* | awk '{print $2}')
batctl ping -c 5 $GWMAC &> /dev/null
if [ "$?" -eq "0" ]; then
if wget "http://[$(wg | grep fe80 | awk '{split($3,A,"/")};{print A[1]}')%$MESH_VPN_IFACE]/" --timeout=5 -O/dev/null -q
then
GWMAC=$(batctl gwl | awk '/[*]/{print $2}')
if batctl ping -c 5 "$GWMAC" > /dev/null 2>&1
then
CONNECTED=1
fi
fi
Expand All @@ -64,34 +68,33 @@ if [ "$(uci get wireguard.mesh_vpn.enabled)" == "true" ] || [ "$(uci get wiregua
if [ "$CONNECTED" -ne "1" ]; then
logger -t checkuplink "Reconnecting ..."
NTP_SERVER=$(uci get system.ntp.server)
gluon-wan /usr/sbin/ntpd -n -N -S /usr/sbin/ntpd-hotplug -p $NTP_SERVER -q
gluon-wan /usr/sbin/ntpd -n -N -S /usr/sbin/ntpd-hotplug -p "$NTP_SERVER" -q

# TODO use upstream config schema: uci show wireguard | grep =peer | sed "s/[^_]*_\([^=]*\).*/\1/"
# Get the number of configured peers and randomly select one
NUMBER_OF_PEERS=$(uci -q show wireguard | egrep -ce peer_[0-9]+.endpoint)
NUMBER_OF_PEERS=$(uci -q show wireguard | grep -E -ce "peer_[0-9]+.endpoint")
set +C
if [ -f "/tmp/connect_peer" ] ; then
PEER="$(( ($(cat /tmp/connect_peer) % $NUMBER_OF_PEERS) +1 ))"
PEER="$(( ($(cat /tmp/connect_peer) % NUMBER_OF_PEERS) +1 ))"
logger -t checkuplink "Selected ttt $PEER"
else
PEER="$(awk -v min=1 -v max=$NUMBER_OF_PEERS 'BEGIN{srand(); print int(min+rand()*(max-min+1))}')"
PEER="$(awk -v min=1 -v max="$NUMBER_OF_PEERS" 'BEGIN{srand(); print int(min+rand()*(max-min+1))}')"
fi
echo "$PEER" > /tmp/connect_peer
PEER_PUBLICKEY="$(uci get wireguard.peer_$PEER.public_key)"
logger -t checkuplink "Selected peer $PEER"

endpoint="$(check_address_family "$(uci get wireguard.peer_$PEER.endpoint)")"
endpoint="$(check_address_family "$(uci get wireguard.peer_"$PEER".endpoint)")"

logger -t checkuplink "Connecting to $endpoint"

# Delete Interfaces
ip link set nomaster dev mesh-vpn &> /dev/null
ip link delete dev mesh-vpn &> /dev/null
ip link del $MESH_VPN_IFACE &> /dev/null
ip link set nomaster dev mesh-vpn > /dev/null 2>&1
ip link delete dev mesh-vpn > /dev/null 2>&1
ip link del "$MESH_VPN_IFACE" > /dev/null 2>&1
PUBLICKEY=$(uci get network.wg_mesh.private_key | wg pubkey)

# Push public key to broker, test for https and use if supported
wget -q https://[::1]
wget -q "https://[::1]"
if [ $? -eq 1 ]; then
PROTO=http
else
Expand All @@ -100,31 +103,31 @@ if [ "$(uci get wireguard.mesh_vpn.enabled)" == "true" ] || [ "$(uci get wiregua

NODENAME=$(uci get system.@system[0].hostname)
BROKER=$(uci get wireguard.mesh_vpn.broker)
gluon-wan wget -q -O- --post-data='{"node_name": "'"$NODENAME"'","public_key": "'"$PUBLICKEY"'"}' $PROTO://$BROKER
gluon-wan wget -q -O- --post-data='{"node_name": "'"$NODENAME"'","public_key": "'"$PUBLICKEY"'"}' $PROTO://"$BROKER"

# Bring up the wireguard interface
ip link add dev $MESH_VPN_IFACE type wireguard
wg set $MESH_VPN_IFACE fwmark 1
uci get network.wg_mesh.private_key | wg set $MESH_VPN_IFACE private-key /proc/self/fd/0
ip link set up dev $MESH_VPN_IFACE
ip link add dev "$MESH_VPN_IFACE" type wireguard
wg set "$MESH_VPN_IFACE" fwmark 1
uci get network.wg_mesh.private_key | wg set "$MESH_VPN_IFACE" private-key /proc/self/fd/0
ip link set up dev "$MESH_VPN_IFACE"

# Add link-address and Peer
ip address add "$(interface_linklocal "$MESH_VPN_IFACE")"/64 dev $MESH_VPN_IFACE
if [ "$endpoint" == "" ]; then
endpoint=$(uci get wireguard.peer_$PEER.endpoint)
ip address add "$(interface_linklocal "$MESH_VPN_IFACE")"/64 dev "$MESH_VPN_IFACE"
if [ "$endpoint" = "" ]; then
endpoint=$(uci get wireguard.peer_"$PEER".endpoint)
fi
gluon-wan wg set $MESH_VPN_IFACE peer $(uci get wireguard.peer_$PEER.public_key) persistent-keepalive 25 allowed-ips fe80::1/128 endpoint $endpoint
gluon-wan wg set "$MESH_VPN_IFACE" peer "$(uci get wireguard.peer_"$PEER".public_key)" persistent-keepalive 25 allowed-ips fe80::1/128 endpoint "$endpoint"

# We need to allow incoming vxlan traffic on mesh iface
sleep 10
ip6tables -I INPUT 1 -i $MESH_VPN_IFACE -m udp -p udp --dport 4789 -j ACCEPT
ip6tables -I INPUT 1 -i "$MESH_VPN_IFACE" -m udp -p udp --dport 4789 -j ACCEPT
logger -t checkuplink "vxlan link $(interface_linklocal "$MESH_VPN_IFACE")"
# Bring up VXLAN
ip link add mesh-vpn type vxlan id "$(lua -e 'print(tonumber(require("gluon.util").domain_seed_bytes("gluon-mesh-vxlan", 3), 16))')" local $(interface_linklocal "$MESH_VPN_IFACE") remote fe80::1 dstport 4789 dev $MESH_VPN_IFACE udp6zerocsumtx udp6zerocsumrx
ip link add mesh-vpn type vxlan id "$(lua -e 'print(tonumber(require("gluon.util").domain_seed_bytes("gluon-mesh-vxlan", 3), 16))')" local "$(interface_linklocal "$MESH_VPN_IFACE")" remote fe80::1 dstport 4789 dev "$MESH_VPN_IFACE" udp6zerocsumtx udp6zerocsumrx
ip link set up dev mesh-vpn

sleep 5
# If we have a BATMAN_V env we need to correct the throughput value now
batctl hardif mesh-vpn throughput_override 1000mbit;
fi
fi
fi
2 changes: 1 addition & 1 deletion ffac-mesh-vpn-wireguard-openwrt19/gluonShellDiet.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@

# This script requires a file as argument in which it will remove all comment lines that start with a hash '#'

sed -i '/^\s*\#[^!].*/d; /^\s*\#$/d' $1
sed -i '/^\s*\#[^!].*/d; /^\s*\#$/d' "$1"

0 comments on commit 4fa0140

Please sign in to comment.