pbr: update to 1.2.0-r2

Makefile:
* stop shipping/dealing with the firewall hotplug (obsolete)
* install a third user-script (dnsprefetch) by @Betonmischer

Config:
* remove obsolete options
* include the new user script

Init-script:
* start much earlier so that on boot, the procd_add_raw_trigger works on all systems
* create a ubus() helper function so that service delete does not produce "Command not found"
* rename options to better reflect their function:
  * procd_lan_device to lan_device
  * procd_wan_interface to uplink_interface
  * procd_wan6_interface to uplink_interface6
  * procd_wan6_metric to uplink_interface6_metric
  * wan_ip_rules_priority to uplink_ip_rules_priority
  * wan_mark to uplink_mark
* visually separate run-time variables from variables loaded from config options
* use ${IPKG_INSTROOT} when sourcing files in case it will ever run on build host in the future
* fix typo in str_to_dnsmasq_nftset()
* use pidof to kill dnsmasq in dnsmasq_kill()
* add helper function uci_add_list_if_new()
* add helper function uci_changes()
* add helper function ubus() so that service delete does not produce "Command not found"
* implement the dnsmasq features check similar to dnsmasq init script
* add get_url() function similar to luci package
* add/modify error and warning messages
* change how mktemp is used for more reliable file creation
* unset non-true boolean package config options on load for easier checks later
* improve handling of nft/nft set options
* fewer calls to resolver() and resolver() optimization to speed up the service
* use softlinks instead of duplicating dnsmasq nftset files into each instance
* prevent duplication of dnsmasq nftset elements
* option to target a specific dest dns port in DNS policies
* bugfix: more reliable interface reloads
* display README links to errors/warnings sections if any errors/warnings discovered

Uci-defaults:
* transition from old options to new ones

Signed-off-by: Stan Grishin <[email protected]>
(cherry picked from commit 5d8e260)
Signed-off-by: Stan Grishin <[email protected]>

Author: stangri

net/pbr/Makefile

@@ -4,8 +4,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=pbr
-PKG_VERSION:=1.1.8
-PKG_RELEASE:=36
+PKG_VERSION:=1.2.1
+PKG_RELEASE:=17
 PKG_LICENSE:=AGPL-3.0-or-later
 PKG_MAINTAINER:=Stan Grishin <[email protected]>
 
@@ -75,34 +75,35 @@ define Package/pbr/default/install
 	$(INSTALL_CONF) ./files/etc/config/pbr $(1)/etc/config/pbr
 	$(INSTALL_DIR) $(1)/usr/share/pbr
 	$(INSTALL_DATA) ./files/usr/share/pbr/.keep $(1)/usr/share/pbr/.keep
-	$(INSTALL_DATA) ./files/usr/share/pbr/firewall.include $(1)/usr/share/pbr/firewall.include
+	$(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.dnsprefetch $(1)/usr/share/pbr/pbr.user.dnsprefetch
 	$(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.aws $(1)/usr/share/pbr/pbr.user.aws
 	$(INSTALL_DATA) ./files/usr/share/pbr/pbr.user.netflix $(1)/usr/share/pbr/pbr.user.netflix
 	$(INSTALL_DIR) $(1)/usr/share/nftables.d
 	$(CP) ./files/usr/share/nftables.d/* $(1)/usr/share/nftables.d/
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_BIN)  ./files/etc/uci-defaults/90-pbr $(1)/etc/uci-defaults/90-pbr
+	$(INSTALL_BIN) ./files/etc/uci-defaults/90-pbr $(1)/etc/uci-defaults/90-pbr
+	$(INSTALL_BIN) ./files/etc/uci-defaults/91-pbr-nft $(1)/etc/uci-defaults/91-pbr-nft
+	$(INSTALL_BIN) ./files/etc/uci-defaults/99-pbr-version $(1)/etc/uci-defaults/99-pbr-version
 endef
 
 define Package/pbr/install
 $(call Package/pbr/default/install,$(1))
-	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_BIN)  ./files/etc/uci-defaults/91-pbr-nft $(1)/etc/uci-defaults/91-pbr-nft
 endef
 
 define Package/pbr-netifd/install
 $(call Package/pbr/default/install,$(1))
 	$(INSTALL_DIR) $(1)/etc/uci-defaults
-	$(INSTALL_BIN)  ./files/etc/uci-defaults/91-pbr-netifd $(1)/etc/uci-defaults/91-pbr-netifd
 endef
+#	$(INSTALL_BIN)  ./files/etc/uci-defaults/91-pbr-netifd $(1)/etc/uci-defaults/91-pbr-netifd
 
 define Package/pbr/postinst
 #!/bin/sh
 # check if we are on real system
 if [ -z "$${IPKG_INSTROOT}" ]; then
-	chmod -x /etc/init.d/pbr || true
-	fw4 -q reload || true
-	chmod +x /etc/init.d/pbr || true
+	/etc/init.d/pbr netifd check && { 
+		echo -n "Reinstalling pbr netifd integration... "
+		/etc/init.d/pbr netifd install >/dev/null 2>&1 && echo "OK" || echo "FAIL"
+	} 
 	echo -n "Installing rc.d symlink for pbr... "
 	/etc/init.d/pbr enable && echo "OK" || echo "FAIL"
 fi
@@ -113,11 +114,14 @@ define Package/pbr/prerm
 #!/bin/sh
 # check if we are on real system
 if [ -z "$${IPKG_INSTROOT}" ]; then
-	uci -q delete firewall.pbr || true
 	echo -n "Stopping pbr service... "
-	/etc/init.d/pbr stop quiet >/dev/null 2>&1 && echo "OK" || echo "FAIL"
+	/etc/init.d/pbr stop >/dev/null 2>&1 && echo "OK" || echo "FAIL"
 	echo -n "Removing rc.d symlink for pbr... "
 	/etc/init.d/pbr disable && echo "OK" || echo "FAIL"
+	/etc/init.d/pbr netifd check && { 
+		echo -n "Uninstalling pbr netifd integration... "
+		/etc/init.d/pbr netifd uninstall >/dev/null 2>&1 && echo "OK" || echo "FAIL"
+	} 
 fi
 exit 0
 endef
@@ -135,10 +139,9 @@ define Package/pbr-netifd/postinst
 #!/bin/sh
 # check if we are on real system
 if [ -z "$${IPKG_INSTROOT}" ]; then
-	chmod -x /etc/init.d/pbr || true
-	fw4 -q reload || true
-	chmod +x /etc/init.d/pbr || true
-	echo -n "Installing rc.d symlink for pbr-netifd... "
+	echo -n "Installing pbr integration with netifd... "
+	/etc/init.d/pbr netifd check && /etc/init.d/pbr netifd install >/dev/null 2>&1 && echo "OK" || echo "FAIL"
+	echo -n "Installing rc.d symlink for pbr... "
 	/etc/init.d/pbr enable && echo "OK" || echo "FAIL"
 fi
 exit 0
@@ -148,32 +151,12 @@ define Package/pbr-netifd/prerm
 #!/bin/sh
 # check if we are on real system
 if [ -z "$${IPKG_INSTROOT}" ]; then
-	uci -q delete firewall.pbr || true
-	echo -n "Stopping pbr-netifd service... "
-	/etc/init.d/pbr stop quiet >/dev/null 2>&1 && echo "OK" || echo "FAIL"
+	echo -n "Stopping pbr service... "
+	/etc/init.d/pbr stop >/dev/null 2>&1 && echo "OK" || echo "FAIL"
 	echo -n "Removing rc.d symlink for pbr... "
 	/etc/init.d/pbr disable && echo "OK" || echo "FAIL"
-	echo -n "Cleaning up /etc/iproute2/rt_tables... "
-	if sed -i '/pbr_/d' /etc/iproute2/rt_tables; then
-		echo "OK"
-	else
-		echo "FAIL"
-	fi
-	echo -n "Cleaning up /etc/config/network... "
-	uci -q delete 'network.pbr_default' || true
-	uci -q delete 'network.pbr_default6' || true
-	uci commit network || true
-	if sed -i '/ip.table.*pbr_/d' /etc/config/network; then
-		echo "OK"
-	else
-		echo "FAIL"
-	fi
-	echo -n "Restarting Network... "
-	if /etc/init.d/network restart >/dev/null 2>&1; then
-		echo "OK"
-	else
-		echo "FAIL"
-	fi
+	echo -n "Uninstalling pbr integration with netifd... "
+	/etc/init.d/pbr netifd check && /etc/init.d/pbr netifd uninstall >/dev/null 2>&1 && echo "OK" || echo "FAIL"
 fi
 exit 0
 endef

net/pbr/files/etc/config/pbr

@@ -1,13 +1,11 @@
 config pbr 'config'
-	option debug_dnsmasq '0'
 	option enabled '0'
 	option verbosity '2'
 	option strict_enforcement '1'
 	option resolver_set 'dnsmasq.nftset'
 	list resolver_instance '*'
 	option ipv6_enabled '0'
 	list ignored_interface 'vpnserver'
-	option boot_timeout '30'
 	option rule_create_option 'add'
 	option procd_boot_trigger_delay '5000'
 	option procd_reload_delay '1'
@@ -26,6 +24,10 @@ config pbr 'config'
 	list webui_supported_protocol 'tcp udp'
 	list webui_supported_protocol 'icmp'
 
+config include
+	option path '/usr/share/pbr/pbr.user.dnsprefetch'
+	option enabled '0'
+
 config include
 	option path '/usr/share/pbr/pbr.user.aws'
 	option enabled '0'