luci-app-zerotier: add daemon for nat rule update

linkease · Oct 6, 2023 · 8bb0a66 · 8bb0a66
1 parent f81f810
commit 8bb0a66
Show file tree

Hide file tree

Showing 7 changed files with 86 additions and 69 deletions.
diff --git a/luci-app-zerotier/Makefile b/luci-app-zerotier/Makefile
@@ -9,8 +9,8 @@ include $(TOPDIR)/rules.mk
 LUCI_TITLE:=LuCI for Zerotier
 LUCI_DEPENDS:=+zerotier
 LUCI_PKGARCH:=all
-PKG_VERSION:=1.0
-PKG_RELEASE:=21
+PKG_VERSION:=1.1.0
+PKG_RELEASE:=1
 
 include $(TOPDIR)/feeds/luci/luci.mk
 
@@ -23,4 +23,8 @@ define Package/luci-app-zerotier/prerm
 exit 0
 endef
 
+define Package/luci-app-zerotier/conffiles
+/etc/config/zero
+endef
+
 # call BuildPackage - OpenWrt buildroot signature
diff --git a/luci-app-zerotier/root/etc/hotplug.d/net/25-luci-zerotier b/luci-app-zerotier/root/etc/hotplug.d/net/25-luci-zerotier
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+[ "$ACTION" = add ] || exit 0
+echo "$DEVICENAME" | grep -qE '^zt[0-9a-z]{8}$' || exit 0
+
+zero_enable="$(uci get zerotier.sample_config.enabled)"
+[ "${zero_enable}" -eq "1" ] || exit 0
+
+nat_enable="$(uci get zerotier.sample_config.nat)"
+[ "${nat_enable}" -eq "1" ] || exti 0
+
+logger -t luci-zerotier "zerotier start at $DEVICENAME"
+
+touch /var/run/zerotier/netchanged 2>/dev/null
diff --git a/luci-app-zerotier/root/etc/init.d/luci_zerotier b/luci-app-zerotier/root/etc/init.d/luci_zerotier
@@ -12,6 +12,10 @@ service_triggers() {
 	procd_add_interface_trigger "interface.*.up" wan /etc/init.d/luci_zerotier restart
 }
 
+iptables_w() {
+	iptables -w 1 "$@"
+}
+
 section_enabled() {
 	config_get_bool enabled "$1" 'enabled' 0
 	[ $enabled -gt 0 ]
@@ -78,38 +82,47 @@ start_instance() {
 		touch $CONFIG_PATH/networks.d/$1.conf
 	}
 
+	rm -f $CONFIG_PATH/networks.d/*.conf
 	config_list_foreach $cfg 'join' add_join
 
 	procd_open_instance
 	procd_set_param command $PROG $ARGS $CONFIG_PATH
+	procd_set_param file /etc/config/zerotier
 	procd_set_param stderr 1
+	procd_set_param respawn
 	procd_close_instance
 }
 
 start_service() {
-	/etc/zerotier.stop
+	/etc/init.d/zerotier running && /etc/init.d/zerotier stop 2>/dev/null
+	local nat
 	config_load 'zerotier'
+	config_get_bool nat "sample_config" 'nat' 0
+	config_get_bool enabled "sample_config" 'enabled' 0
+	if [ "$nat" -eq 1 -a $enabled -eq 1 ]; then
+		mkdir -p /var/run/zerotier
+
+		iptables_w -N zerotier_forward
+		iptables_w -I FORWARD -i zt+ -j zerotier_forward
+		iptables_w -I FORWARD -o zt+ -j zerotier_forward
+		iptables_w -t nat -N zerotier_nat
+		iptables_w -t nat -I POSTROUTING -j zerotier_nat
+	else
+		stop_service
+	fi
+	procd_open_instance zerotier_nat
+	procd_set_param command /usr/libexec/zerotier-nat
+	procd_close_instance
 	config_foreach start_instance 'zerotier'
-	touch /tmp/zero.log && /etc/zerotier.start > /tmp/zero.log 2>&1 &
-}
-
-stop_instance() {
-	rm -f /tmp/zero.log
-	local cfg="$1"
-
-	/etc/zerotier.stop > /tmp/zero.log 2>&1 &
-	# Remove existing link or folder
-	rm -f $CONFIG_PATH/networks.d/*.conf
-	rm -rf $CONFIG_PATH
 }
 
 stop_service() {
-	/etc/zerotier.stop
-	config_load 'zerotier'
-	config_foreach stop_instance 'zerotier'
-}
-
-reload_service() {
-	stop
-	start
+	rm -rf /var/run/zerotier
+	iptables_w -D FORWARD -i zt+ -j zerotier_forward 2>/dev/null
+	iptables_w -D FORWARD -o zt+ -j zerotier_forward 2>/dev/null
+	iptables_w -t nat -D POSTROUTING -j zerotier_nat 2>/dev/null
+	iptables_w -F zerotier_forward 2>/dev/null
+	iptables_w -X zerotier_forward 2>/dev/null
+	iptables_w -t nat -F zerotier_nat 2>/dev/null
+	iptables_w -t nat -X zerotier_nat 2>/dev/null
 }
diff --git a/luci-app-zerotier/root/etc/uci-defaults/40_luci-zerotier b/luci-app-zerotier/root/etc/uci-defaults/40_luci-zerotier
@@ -6,10 +6,6 @@ uci -q batch <<-EOF >/dev/null
 	set ucitrack.@zerotier[-1].init=luci_zerotier
 	commit ucitrack
 	delete firewall.zerotier
-	set firewall.zerotier=include
-	set firewall.zerotier.type=script
-	set firewall.zerotier.path=/etc/zerotier.start
-	set firewall.zerotier.reload=1
 	commit firewall
 EOF
 

diff --git a/luci-app-zerotier/root/etc/zerotier.start b/luci-app-zerotier/root/etc/zerotier.start
diff --git a/luci-app-zerotier/root/etc/zerotier.stop b/luci-app-zerotier/root/etc/zerotier.stop
diff --git a/luci-app-zerotier/root/usr/libexec/zerotier-nat b/luci-app-zerotier/root/usr/libexec/zerotier-nat
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+IPTABLES_FILE=/var/run/zerotier/nat.iptables
+
+iptables_w() {
+    echo iptables -w 1 "$@" >>$IPTABLES_FILE
+}
+
+while :; do
+    [ -d /var/run/zerotier ] || exit 0
+    sleep 3
+    [ -d /var/run/zerotier ] || exit 0
+    [ -f /var/run/zerotier/netchanged ] || continue
+    netchanged=$(date '+%s' -r /var/run/zerotier/netchanged)
+    now=$(date '+%s')
+    [ "$netchanged" -lt "$now" ] || continue
+    iptables_before=$(md5sum $IPTABLES_FILE 2>/dev/null || echo "empty" | cut -d ' ' -f 1)
+    >$IPTABLES_FILE
+    iptables_w -F zerotier_forward
+    iptables_w -t nat -F zerotier_nat
+    zt0="$(ls /sys/class/net/ | grep -E '^zt[0-9a-z]{8}$' | awk '{print $1}')"
+    for i in ${zt0}
+    do
+        iptables_w -I zerotier_forward -i "$i" -j ACCEPT
+        iptables_w -I zerotier_forward -o "$i" -j ACCEPT
+        iptables_w -t nat -I zerotier_nat -o "$i" -j MASQUERADE
+        ip_segment="$(ip route | grep "dev $i proto kernel" | awk '{print $1}')"
+        [ -z "$ip_segment" ] || iptables_w -t nat -I zerotier_nat -s "${ip_segment}" -j MASQUERADE
+    done
+    iptables_after=$(md5sum $IPTABLES_FILE 2>/dev/null || echo "empty" | cut -d ' ' -f 1)
+    [ "$iptables_before" = "$iptables_after" ] && continue
+    . $IPTABLES_FILE >/var/run/zerotier/nat.log
+done