unetd: add WireGuard based VPN connection manager for OpenWrt

package/network/services/unetd/Makefile

@@ -0,0 +1,113 @@
+#
+# Copyright (C) 2022 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=unetd
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL=$(PROJECT_GIT)/project/unetd.git
+PKG_SOURCE_DATE:=2024-03-31
+PKG_SOURCE_VERSION:=806457664ab6e952a7f4febb82e891f596fe577c
+PKG_MIRROR_HASH:=0d3952f8079476e68487094b49c9c39074a1068c932f204a87c609074ce30d74
+
+PKG_LICENSE:=GPL-2.0
+PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
+
+PKG_BUILD_DEPENDS:=HAS_BPF_TOOLCHAIN:bpf-headers
+
+PKG_BUILD_PARALLEL:=1
+
+PKG_CONFIG_DEPENDS += CONFIG_UNETD_VXLAN_SUPPORT
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+include $(INCLUDE_DIR)/bpf.mk
+include $(INCLUDE_DIR)/nls.mk
+
+define Package/unetd
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=WireGuard based VPN connection manager for OpenWrt
+  DEPENDS:=+libubox +libubus +libblobmsg-json +libnl-tiny +kmod-wireguard +UNETD_VXLAN_SUPPORT:libbpf
+endef
+
+define Package/unetd/config
+	config UNETD_VXLAN_SUPPORT
+		bool "VXLAN support"
+		depends on PACKAGE_unetd
+		depends on HAS_BPF_TOOLCHAIN
+		default y
+
+endef
+
+define Package/unet-dht
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=unetd
+  TITLE:=unetd DHT discovery support
+endef
+
+define Package/unet-cli
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+unetd +ucode +ucode-mod-fs
+  TITLE:=unetd administration command line utility
+endef
+
+TARGET_CFLAGS += \
+	-I$(STAGING_DIR)/usr/include/libnl-tiny \
+	-I$(STAGING_DIR)/usr/include
+
+CMAKE_OPTIONS += \
+	-DLIBNL_LIBS=-lnl-tiny \
+	-DVXLAN_SUPPORT=$(if $(CONFIG_UNETD_VXLAN_SUPPORT),ON,OFF)
+
+ifdef CONFIG_UNETD_VXLAN_SUPPORT
+  define Build/Compile
+	$(call CompileBPF,$(PKG_BUILD_DIR)/mss-bpf.c)
+	$(call Build/Compile/Default,)
+  endef
+endif
+
+define Package/unetd/conffiles
+/etc/unetd
+endef
+
+define Package/unetd/install
+	$(INSTALL_DIR) \
+		$(1)/etc/unetd \
+		$(1)/lib/bpf \
+		$(1)/etc/init.d \
+		$(1)/lib/netifd/proto \
+		$(1)/usr/sbin \
+		$(1)/usr/lib
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/libunet.so* $(1)/usr/lib/
+	$(INSTALL_BIN) \
+		$(PKG_INSTALL_DIR)/usr/sbin/unetd \
+		$(PKG_INSTALL_DIR)/usr/sbin/unet-tool \
+		$(1)/usr/sbin/
+	$(if $(CONFIG_UNETD_VXLAN_SUPPORT),$(INSTALL_DATA) $(PKG_BUILD_DIR)/mss-bpf.o $(1)/lib/bpf/mss.o)
+	$(INSTALL_BIN) ./files/unetd.init $(1)/etc/init.d/unetd
+	$(INSTALL_BIN) ./files/unetd.sh $(1)/lib/netifd/proto
+endef
+
+define Package/unet-dht/install
+	$(INSTALL_DIR) \
+		$(1)/etc/init.d \
+		$(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/unet-dht $(1)/usr/sbin
+	$(INSTALL_BIN) ./files/unet-dht.init $(1)/etc/init.d/unet-dht
+endef
+
+define Package/unet-cli/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/scripts/unet-cli $(1)/usr/sbin
+endef
+
+$(eval $(call BuildPackage,unetd))
+$(eval $(call BuildPackage,unet-dht))
+$(eval $(call BuildPackage,unet-cli))

package/network/services/unetd/files/unet-dht.init

@@ -0,0 +1,24 @@
+#!/bin/sh /etc/rc.common
+# Copyright (c) 2022 OpenWrt.org
+
+START=19
+
+USE_PROCD=1
+PROG=/usr/sbin/unet-dht
+
+unet_dht_id() {
+	cat \
+		/sys/class/net/eth?/address \
+		/sys/class/ieee80211/phy*/macaddress \
+		/etc/board.json | md5sum | awk '{ print $1 }'
+}
+
+start_service() {
+	mkdir -p /var/run/unetd /etc/unetd
+
+	procd_open_instance
+	procd_set_param command "$PROG" -u /var/run/unetd/socket -n /var/run/unetd/nodes.dat $(unet_dht_id)
+	procd_set_param respawn
+	procd_set_param limits core="unlimited"
+	procd_close_instance
+}

package/network/services/unetd/files/unetd.init

@@ -0,0 +1,17 @@
+#!/bin/sh /etc/rc.common
+# Copyright (c) 2022 OpenWrt.org
+
+START=19
+
+USE_PROCD=1
+PROG=/usr/sbin/unetd
+
+start_service() {
+	mkdir -p /var/run/unetd /etc/unetd
+
+	procd_open_instance
+	procd_set_param command "$PROG" -h /var/run/unetd/hosts -u /var/run/unetd/socket
+	procd_set_param respawn
+	procd_set_param limits core="unlimited"
+	procd_close_instance
+}

package/network/services/unetd/files/unetd.sh

@@ -0,0 +1,99 @@
+#!/bin/sh
+
+[ -x /usr/sbin/unetd ] || exit 0
+
+. /lib/functions.sh
+. /lib/functions/network.sh
+. ../netifd-proto.sh
+
+init_proto "$@"
+
+proto_unet_init_config() {
+	proto_config_add_string device
+	proto_config_add_string type
+	proto_config_add_string auth_key
+	proto_config_add_string key
+	proto_config_add_string file
+	proto_config_add_int keepalive
+	proto_config_add_string domain
+	proto_config_add_boolean dht
+	proto_config_add_array "tunnels:list(string)"
+	proto_config_add_array "connect:list(string)"
+	proto_config_add_array "peer_data:list(string)"
+	no_device=1
+	available=1
+	no_proto_task=1
+}
+
+proto_unet_setup() {
+	local config="$1"
+
+	local device type key file keepalive domain tunnels
+	json_get_vars device type auth_key key file keepalive domain dht
+	json_get_values tunnels tunnels
+	json_get_values connect connect
+	json_get_values peer_data peer_data
+	device="${device:-$config}"
+
+	[ -n "$auth_key" ] && type="${type:-dynamic}"
+	[ -n "$file" ] && type="${type:-file}"
+
+	json_init
+	json_add_string name "$device"
+	json_add_string type "$type"
+	json_add_string interface "$config"
+	json_add_string auth_key "$auth_key"
+	json_add_string key "$key"
+	json_add_string file "$file"
+	[ -n "$keepalive" ] && json_add_int keepalive "$keepalive"
+	[ -n "$dht" ] && json_add_boolean dht "$dht"
+	json_add_string domain "$domain"
+
+	json_add_object tunnels
+	for t in $tunnels; do
+		local ifname="${t%%=*}"
+		local service="${t#*=}"
+		[ -n "$ifname" -a -n "$service" -a "$ifname" != "$t" ] || continue
+		json_add_string "$ifname" "$service"
+	done
+	json_close_object
+
+	json_add_array auth_connect
+	for c in $connect; do
+		json_add_string "" "$c"
+	done
+	json_close_array
+
+	json_add_array peer_data
+	for c in $peer_data; do
+		json_add_string "" "$c"
+	done
+	json_close_array
+
+	ip link del dev "$device" >/dev/null 2>&1
+	ip link add dev "$device" type wireguard || {
+		echo "Could not create wireguard device $device"
+		proto_setup_failed "$config"
+		exit 1
+	}
+
+	ubus call unetd network_add "$(json_dump)"
+}
+
+proto_unet_teardown() {
+	local config="$1"
+	local iface="$2"
+
+	local device
+	json_get_vars device
+	device="${device:-$iface}"
+
+	json_init
+	json_add_string name "$device"
+
+	ip link del dev "$device"
+
+	ubus call unetd network_del "$(json_dump)"
+}
+
+add_protocol unet