switch to tabbed indentation
Jordan Sokolic
parent
d18fd71667
commit
1eede6ba73
312
run.sh
312
run.sh
|
|
@ -1,10 +1,10 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
# set -x
|
# set -x
|
||||||
|
|
||||||
function _usage() {
|
function _usage() {
|
||||||
echo "Could not find config file."
|
echo "Could not find config file."
|
||||||
echo "Usage: $0 [/path/to/openwrt.conf]"
|
echo "Usage: $0 [/path/to/openwrt.conf]"
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
SCRIPT_DIR=$(cd $(dirname $0) && pwd )
|
SCRIPT_DIR=$(cd $(dirname $0) && pwd )
|
||||||
|
|
@ -13,196 +13,196 @@ CONFIG_FILE=${1:-$DEFAULT_CONFIG_FILE}
|
||||||
source $CONFIG_FILE 2>/dev/null || { _usage; exit 1; }
|
source $CONFIG_FILE 2>/dev/null || { _usage; exit 1; }
|
||||||
|
|
||||||
function _nmcli() {
|
function _nmcli() {
|
||||||
type nmcli >/dev/null 2>&1
|
type nmcli >/dev/null 2>&1
|
||||||
if [[ $? -eq 0 ]]; then
|
if [[ $? -eq 0 ]]; then
|
||||||
echo "* setting interface '$WIFI_IFACE' to unmanaged"
|
echo "* setting interface '$WIFI_IFACE' to unmanaged"
|
||||||
nmcli dev set $WIFI_IFACE managed no
|
nmcli dev set $WIFI_IFACE managed no
|
||||||
nmcli radio wifi on
|
nmcli radio wifi on
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function _get_phy_from_dev() {
|
function _get_phy_from_dev() {
|
||||||
test $WIFI_ENABLED = 'true' || return
|
test $WIFI_ENABLED = 'true' || return
|
||||||
test -z $WIFI_PHY || return
|
test -z $WIFI_PHY || return
|
||||||
if [[ -f /sys/class/net/$WIFI_IFACE/phy80211/name ]]; then
|
if [[ -f /sys/class/net/$WIFI_IFACE/phy80211/name ]]; then
|
||||||
WIFI_PHY=$(cat /sys/class/net/$WIFI_IFACE/phy80211/name 2>/dev/null)
|
WIFI_PHY=$(cat /sys/class/net/$WIFI_IFACE/phy80211/name 2>/dev/null)
|
||||||
echo "* got '$WIFI_PHY' for device '$WIFI_IFACE'"
|
echo "* got '$WIFI_PHY' for device '$WIFI_IFACE'"
|
||||||
else
|
else
|
||||||
echo "$WIFI_IFACE is not a valid phy80211 device"
|
echo "$WIFI_IFACE is not a valid phy80211 device"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function _cleanup() {
|
function _cleanup() {
|
||||||
echo -e "\n* cleaning up..."
|
echo -e "\n* cleaning up..."
|
||||||
echo "* stopping container"
|
echo "* stopping container"
|
||||||
docker stop $CONTAINER >/dev/null
|
docker stop $CONTAINER >/dev/null
|
||||||
echo "* cleaning up netns symlink"
|
echo "* cleaning up netns symlink"
|
||||||
sudo rm -rf /var/run/netns/$CONTAINER
|
sudo rm -rf /var/run/netns/$CONTAINER
|
||||||
echo "* removing host $LAN_DRIVER interface"
|
echo "* removing host $LAN_DRIVER interface"
|
||||||
if [[ $LAN_DRIVER != "bridge" ]] ; then
|
if [[ $LAN_DRIVER != "bridge" ]] ; then
|
||||||
sudo ip link del dev $LAN_IFACE
|
sudo ip link del dev $LAN_IFACE
|
||||||
elif [[ $LAN_PARENT =~ \. ]] ; then
|
elif [[ $LAN_PARENT =~ \. ]] ; then
|
||||||
sudo ip link del dev $LAN_PARENT
|
sudo ip link del dev $LAN_PARENT
|
||||||
fi
|
fi
|
||||||
echo -ne "* finished"
|
echo -ne "* finished"
|
||||||
}
|
}
|
||||||
|
|
||||||
function _gen_config() {
|
function _gen_config() {
|
||||||
echo "* generating network config"
|
echo "* generating network config"
|
||||||
set -a
|
set -a
|
||||||
_get_phy_from_dev
|
_get_phy_from_dev
|
||||||
source $CONFIG_FILE
|
source $CONFIG_FILE
|
||||||
for file in etc/config/*.tpl; do
|
for file in etc/config/*.tpl; do
|
||||||
envsubst <${file} >${file%.tpl}
|
envsubst <${file} >${file%.tpl}
|
||||||
docker cp ${file%.tpl} $CONTAINER:/${file%.tpl}
|
docker cp ${file%.tpl} $CONTAINER:/${file%.tpl}
|
||||||
done
|
done
|
||||||
set +a
|
set +a
|
||||||
}
|
}
|
||||||
|
|
||||||
function _init_network() {
|
function _init_network() {
|
||||||
echo "* setting up docker network"
|
echo "* setting up docker network"
|
||||||
local LAN_ARGS
|
local LAN_ARGS
|
||||||
case $LAN_DRIVER in
|
case $LAN_DRIVER in
|
||||||
bridge)
|
bridge)
|
||||||
LAN_ARGS=""
|
LAN_ARGS=""
|
||||||
;;
|
;;
|
||||||
macvlan)
|
macvlan)
|
||||||
LAN_ARGS="-o parent=$LAN_PARENT"
|
LAN_ARGS="-o parent=$LAN_PARENT"
|
||||||
;;
|
;;
|
||||||
ipvlan)
|
ipvlan)
|
||||||
LAN_ARGS="-o parent=$LAN_PARENT -o ipvlan_mode=l2"
|
LAN_ARGS="-o parent=$LAN_PARENT -o ipvlan_mode=l2"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
echo "invalid choice for LAN network driver"
|
echo "invalid choice for LAN network driver"
|
||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
docker network create --driver $LAN_DRIVER \
|
docker network create --driver $LAN_DRIVER \
|
||||||
$LAN_ARGS \
|
$LAN_ARGS \
|
||||||
--subnet $LAN_SUBNET \
|
--subnet $LAN_SUBNET \
|
||||||
$LAN_NAME || exit 1
|
$LAN_NAME || exit 1
|
||||||
|
|
||||||
docker network create --driver macvlan \
|
docker network create --driver macvlan \
|
||||||
-o parent=$WAN_PARENT \
|
-o parent=$WAN_PARENT \
|
||||||
$WAN_NAME || exit 1
|
$WAN_NAME || exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
function _set_hairpin() {
|
function _set_hairpin() {
|
||||||
test $WIFI_HAIRPIN = 'true' || return
|
test $WIFI_HAIRPIN = 'true' || return
|
||||||
echo -n "* set hairpin mode on interface '$1'"
|
echo -n "* set hairpin mode on interface '$1'"
|
||||||
for i in {1..10}; do
|
for i in {1..10}; do
|
||||||
echo -n '.'
|
echo -n '.'
|
||||||
sudo ip netns exec $CONTAINER ip link set $WIFI_IFACE type bridge_slave hairpin on 2>/dev/null && { echo 'ok'; break; }
|
sudo ip netns exec $CONTAINER ip link set $WIFI_IFACE type bridge_slave hairpin on 2>/dev/null && { echo 'ok'; break; }
|
||||||
sleep 3
|
sleep 3
|
||||||
done
|
done
|
||||||
if [[ $i -ge 10 ]]; then
|
if [[ $i -ge 10 ]]; then
|
||||||
echo -e "\ncouldn't set hairpin mode, wifi clients will probably be unable to talk to each other"
|
echo -e "\ncouldn't set hairpin mode, wifi clients will probably be unable to talk to each other"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function _create_or_start_container() {
|
function _create_or_start_container() {
|
||||||
if ! docker inspect $IMAGE_TAG >/dev/null 2>&1; then
|
if ! docker inspect $IMAGE_TAG >/dev/null 2>&1; then
|
||||||
echo "no image '$IMAGE_TAG' found, did you forget to run 'make build'?"
|
echo "no image '$IMAGE_TAG' found, did you forget to run 'make build'?"
|
||||||
exit 1
|
exit 1
|
||||||
|
|
||||||
elif docker inspect $CONTAINER >/dev/null 2>&1; then
|
elif docker inspect $CONTAINER >/dev/null 2>&1; then
|
||||||
echo "* starting container '$CONTAINER'"
|
echo "* starting container '$CONTAINER'"
|
||||||
docker start $CONTAINER || exit 1
|
docker start $CONTAINER || exit 1
|
||||||
|
|
||||||
else
|
else
|
||||||
_init_network
|
_init_network
|
||||||
echo "* creating container $CONTAINER"
|
echo "* creating container $CONTAINER"
|
||||||
docker create \
|
docker create \
|
||||||
--network $LAN_NAME \
|
--network $LAN_NAME \
|
||||||
--cap-add NET_ADMIN \
|
--cap-add NET_ADMIN \
|
||||||
--cap-add NET_RAW \
|
--cap-add NET_RAW \
|
||||||
--hostname openwrt \
|
--hostname openwrt \
|
||||||
--dns 127.0.0.1 \
|
--dns 127.0.0.1 \
|
||||||
--ip $LAN_ADDR \
|
--ip $LAN_ADDR \
|
||||||
--sysctl net.netfilter.nf_conntrack_acct=1 \
|
--sysctl net.netfilter.nf_conntrack_acct=1 \
|
||||||
--sysctl net.ipv6.conf.all.disable_ipv6=0 \
|
--sysctl net.ipv6.conf.all.disable_ipv6=0 \
|
||||||
--sysctl net.ipv6.conf.all.forwarding=1 \
|
--sysctl net.ipv6.conf.all.forwarding=1 \
|
||||||
--name $CONTAINER $IMAGE_TAG >/dev/null
|
--name $CONTAINER $IMAGE_TAG >/dev/null
|
||||||
docker network connect $WAN_NAME $CONTAINER
|
docker network connect $WAN_NAME $CONTAINER
|
||||||
|
|
||||||
_gen_config
|
_gen_config
|
||||||
docker start $CONTAINER
|
docker start $CONTAINER
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function _reload_fw() {
|
function _reload_fw() {
|
||||||
echo "* reloading firewall rules"
|
echo "* reloading firewall rules"
|
||||||
docker exec -i $CONTAINER sh -c '
|
docker exec -i $CONTAINER sh -c '
|
||||||
for iptables in iptables ip6tables; do
|
for iptables in iptables ip6tables; do
|
||||||
for table in filter nat mangle; do
|
for table in filter nat mangle; do
|
||||||
$iptables -t $table -F
|
$iptables -t $table -F
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
/sbin/fw3 -q restart'
|
/sbin/fw3 -q restart'
|
||||||
}
|
}
|
||||||
|
|
||||||
function _prepare_wifi() {
|
function _prepare_wifi() {
|
||||||
test $WIFI_ENABLED = 'true' || return
|
test $WIFI_ENABLED = 'true' || return
|
||||||
test -z $WIFI_IFACE && _usage
|
test -z $WIFI_IFACE && _usage
|
||||||
_get_phy_from_dev
|
_get_phy_from_dev
|
||||||
_nmcli
|
_nmcli
|
||||||
echo "* moving device $WIFI_PHY to docker network namespace"
|
echo "* moving device $WIFI_PHY to docker network namespace"
|
||||||
sudo iw phy "$WIFI_PHY" set netns $pid
|
sudo iw phy "$WIFI_PHY" set netns $pid
|
||||||
_set_hairpin $WIFI_IFACE
|
_set_hairpin $WIFI_IFACE
|
||||||
}
|
}
|
||||||
|
|
||||||
function _prepare_lan() {
|
function _prepare_lan() {
|
||||||
case $LAN_DRIVER in
|
case $LAN_DRIVER in
|
||||||
macvlan)
|
macvlan)
|
||||||
echo "* setting up host $LAN_DRIVER interface"
|
echo "* setting up host $LAN_DRIVER interface"
|
||||||
LAN_IFACE=macvlan0
|
LAN_IFACE=macvlan0
|
||||||
sudo ip link add $LAN_IFACE link $LAN_PARENT type $LAN_DRIVER mode bridge
|
sudo ip link add $LAN_IFACE link $LAN_PARENT type $LAN_DRIVER mode bridge
|
||||||
sudo ip link set $LAN_IFACE up
|
sudo ip link set $LAN_IFACE up
|
||||||
sudo ip route add $LAN_SUBNET dev $LAN_IFACE
|
sudo ip route add $LAN_SUBNET dev $LAN_IFACE
|
||||||
;;
|
;;
|
||||||
ipvlan)
|
ipvlan)
|
||||||
echo "* setting up host $LAN_DRIVER interface"
|
echo "* setting up host $LAN_DRIVER interface"
|
||||||
LAN_IFACE=ipvlan0
|
LAN_IFACE=ipvlan0
|
||||||
sudo ip link add $LAN_IFACE link $LAN_PARENT type $LAN_DRIVER mode l2
|
sudo ip link add $LAN_IFACE link $LAN_PARENT type $LAN_DRIVER mode l2
|
||||||
sudo ip link set $LAN_IFACE up
|
sudo ip link set $LAN_IFACE up
|
||||||
sudo ip route add $LAN_SUBNET dev $LAN_IFACE
|
sudo ip route add $LAN_SUBNET dev $LAN_IFACE
|
||||||
;;
|
;;
|
||||||
bridge)
|
bridge)
|
||||||
LAN_ID=$(docker network inspect $LAN_NAME -f "{{.Id}}")
|
LAN_ID=$(docker network inspect $LAN_NAME -f "{{.Id}}")
|
||||||
LAN_IFACE=br-${LAN_ID:0:12}
|
LAN_IFACE=br-${LAN_ID:0:12}
|
||||||
|
|
||||||
# test if $LAN_PARENT is a VLAN of $WAN_PARENT, create it if it doesn't exist and add it to the bridge
|
# test if $LAN_PARENT is a VLAN of $WAN_PARENT, create it if it doesn't exist and add it to the bridge
|
||||||
local lan_array=(${LAN_PARENT//./ })
|
local lan_array=(${LAN_PARENT//./ })
|
||||||
if [[ ${lan_array[0]} = $WAN_PARENT ]] && ! ip link show $LAN_PARENT >/dev/null 2>&1 ; then
|
if [[ ${lan_array[0]} = $WAN_PARENT ]] && ! ip link show $LAN_PARENT >/dev/null 2>&1 ; then
|
||||||
sudo ip link add link ${lan_array[0]} name $LAN_PARENT type vlan id ${lan_array[1]}
|
sudo ip link add link ${lan_array[0]} name $LAN_PARENT type vlan id ${lan_array[1]}
|
||||||
fi
|
fi
|
||||||
sudo ip link set $LAN_PARENT master $LAN_IFACE
|
sudo ip link set $LAN_PARENT master $LAN_IFACE
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
echo "invalid network driver type, must be 'bridge' or 'macvlan'"
|
echo "invalid network driver type, must be 'bridge' or 'macvlan'"
|
||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
echo "* getting address via DHCP"
|
echo "* getting address via DHCP"
|
||||||
sudo dhcpcd -q $LAN_IFACE
|
sudo dhcpcd -q $LAN_IFACE
|
||||||
}
|
}
|
||||||
|
|
||||||
function main() {
|
function main() {
|
||||||
cd "${SCRIPT_DIR}"
|
cd "${SCRIPT_DIR}"
|
||||||
_create_or_start_container
|
_create_or_start_container
|
||||||
|
|
||||||
pid=$(docker inspect -f '{{.State.Pid}}' $CONTAINER)
|
pid=$(docker inspect -f '{{.State.Pid}}' $CONTAINER)
|
||||||
|
|
||||||
echo "* creating netns symlink '$CONTAINER'"
|
echo "* creating netns symlink '$CONTAINER'"
|
||||||
sudo mkdir -p /var/run/netns
|
sudo mkdir -p /var/run/netns
|
||||||
sudo ln -sf /proc/$pid/ns/net /var/run/netns/$CONTAINER
|
sudo ln -sf /proc/$pid/ns/net /var/run/netns/$CONTAINER
|
||||||
|
|
||||||
_prepare_wifi
|
_prepare_wifi
|
||||||
_prepare_lan
|
_prepare_lan
|
||||||
|
|
||||||
_reload_fw
|
_reload_fw
|
||||||
echo "* ready"
|
echo "* ready"
|
||||||
}
|
}
|
||||||
|
|
||||||
main
|
main
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue