From 3c3ea0d4fe43765f9b060c45c82df84db2e16bce Mon Sep 17 00:00:00 2001
From: dwj0 <45187345+dwj0@users.noreply.github.com>
Date: Wed, 31 Mar 2021 12:31:52 +0800
Subject: [PATCH] Add n2n  supernode ports and rules (#6577)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* 自动开放 supernode 的防火墙端口，这样 openwrtr的edge和supernode都可以用了。
增加edge的第二supernode节点。但当两个supernode都设了后，貌似只有第二个supernode起作用，如果把第二个supernode关掉，就都连不上了

为n2n的防火墙规则添加描述

* Update n2n_v2.init

修复 n2n 的 supernode 添加防火墙规则的错误端口

Co-authored-by: dwj0 <dwj-ubuntu@example.com>
---
 package/lean/luci-app-n2n_v2/Makefile         |  2 +-
 .../luasrc/model/cbi/n2n_v2.lua               | 10 +++++++
 .../lean/luci-app-n2n_v2/po/zh-cn/n2n_v2.po   |  6 ++++
 package/lean/n2n_v2/Makefile                  |  4 +--
 package/lean/n2n_v2/files/n2n_v2.init         | 28 +++++++++++--------
 5 files changed, 36 insertions(+), 14 deletions(-)

diff --git a/package/lean/luci-app-n2n_v2/Makefile b/package/lean/luci-app-n2n_v2/Makefile
index 9f06c7526..5a9948368 100755
--- a/package/lean/luci-app-n2n_v2/Makefile
+++ b/package/lean/luci-app-n2n_v2/Makefile
@@ -10,7 +10,7 @@ LUCI_TITLE:=n2n_v2 VPN Configuration module
 LUCI_DEPENDS:=+n2n-edge +n2n-supernode
 LUCI_PKGARCH:=all
 PKG_VERSION:=2.8.1
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 include $(TOPDIR)/feeds/luci/luci.mk
 
diff --git a/package/lean/luci-app-n2n_v2/luasrc/model/cbi/n2n_v2.lua b/package/lean/luci-app-n2n_v2/luasrc/model/cbi/n2n_v2.lua
index c9085ffcc..5c5a8985b 100644
--- a/package/lean/luci-app-n2n_v2/luasrc/model/cbi/n2n_v2.lua
+++ b/package/lean/luci-app-n2n_v2/luasrc/model/cbi/n2n_v2.lua
@@ -60,10 +60,20 @@ mtu.optional = false
 supernode = s:option(Value, "supernode", translate("Supernode Host"))
 supernode.datatype = "host"
 supernode.optional = false
+supernode.rmempty = false
 
 port = s:option(Value, "port", translate("Supernode Port"))
 port.datatype = "port"
 port.optional = false
+port.rmempty = false
+
+second_supernode = s:option(Value, "second_supernode", translate("Second Supernode Host"))
+second_supernode.datatype = "host"
+second_supernode.optional = false
+
+second_port = s:option(Value, "second_port", translate("Second Supernode Port"))
+second_port.datatype = "port"
+second_port.optional = false
 
 community = s:option(Value, "community", translate("N2N Community name"))
 community.optional = false
diff --git a/package/lean/luci-app-n2n_v2/po/zh-cn/n2n_v2.po b/package/lean/luci-app-n2n_v2/po/zh-cn/n2n_v2.po
index d4f5508fe..3b320177b 100755
--- a/package/lean/luci-app-n2n_v2/po/zh-cn/n2n_v2.po
+++ b/package/lean/luci-app-n2n_v2/po/zh-cn/n2n_v2.po
@@ -35,6 +35,9 @@ msgstr "接口子网掩码"
 msgid "Supernode Host"
 msgstr "Supernode节点地址"
 
+msgid "Second Supernode Host"
+msgstr "第二Supernode节点地址"
+
 msgid "N2N Community name"
 msgstr "N2N网络组名称"
 
@@ -50,6 +53,9 @@ msgstr "端口"
 msgid "Supernode Port"
 msgstr "Supernode节点端口"
 
+msgid "Second Supernode Port"
+msgstr "第二Supernode节点端口"
+
 msgid "Encryption key"
 msgstr "加密密钥"
 
diff --git a/package/lean/n2n_v2/Makefile b/package/lean/n2n_v2/Makefile
index 7b185ced1..398f7ffda 100644
--- a/package/lean/n2n_v2/Makefile
+++ b/package/lean/n2n_v2/Makefile
@@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=n2n
 PKG_SOURCE_URL:=https://github.com/ntop/n2n.git
 PKG_SOURCE_VERSION:=99e56e9f3c34c49eeb297971d41150b433489120
-PKG_VERSION:=2.8.0_git-$(PKG_SOURCE_VERSION)
-PKG_RELEASE:=3
+PKG_VERSION:=2.8.1_git-$(PKG_SOURCE_VERSION)
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
diff --git a/package/lean/n2n_v2/files/n2n_v2.init b/package/lean/n2n_v2/files/n2n_v2.init
index c1d7fa8a5..93b8289c7 100644
--- a/package/lean/n2n_v2/files/n2n_v2.init
+++ b/package/lean/n2n_v2/files/n2n_v2.init
@@ -19,26 +19,30 @@ start_instance() {
         config_get mtu "$cfg" 'mtu'
         config_get supernode "$cfg" 'supernode'
         config_get port "$cfg" 'port'
+        config_get second_supernode "$cfg" 'second_supernode'
+        config_get second_port "$cfg" 'second_port'
         config_get community "$cfg" 'community'
         config_get key "$cfg" 'key'
         config_get_bool route "$cfg" 'route' '0'
         address="$ipaddr"
+        supernode_bak=""
+        [ "$second_supernode" -a "$second_port" ] && supernode_bak=" -l ${second_supernode}:${second_port}"
         [ "$route" = "1" ] && args='-r'
         [ "$mode" = 'dhcp' ] && address='0.0.0.0'
         [ "-$mtu" != "-" ] && mtu="-M $mtu"
         eval "$(ipcalc.sh "$ipaddr/$prefix")"
         netmask="$NETMASK"
-        /usr/bin/edge -u 0 -g 0 -d $tunname -a ${mode}:${address} -s $netmask -c $community $([ -n "$key" ] && echo -k $key) -l ${supernode}:${port} $args $mtu
-        sleep 1
-        iptables -I FORWARD -i "$tunname" -j ACCEPT
-        iptables -I FORWARD -o "$tunname" -j ACCEPT
-        iptables -t nat -I POSTROUTING -o "$tunname" -j MASQUERADE
+        /usr/bin/edge -u 0 -g 0 -d $tunname -a ${mode}:${address} -s $netmask -c $community $([ -n "$key" ] && echo -k $key) -l ${supernode}:${port}$supernode_bak $args $mtu
+        iptables -I FORWARD -i "$tunname" -j ACCEPT -m comment --comment 'n2n edge eth'
+        iptables -I FORWARD -o "$tunname" -j ACCEPT -m comment --comment 'n2n edge eth'
+        iptables -t nat -I POSTROUTING -o "$tunname" -j MASQUERADE -m comment --comment 'n2n edge net'
       ;;
       supernode)
         config_get_bool enabled "$cfg" 'enabled' '0'
         [ "$enabled" = "0" ] && return 1
-        config_get port "$cfg" port
+        config_get port "$cfg" 'port'
         /usr/bin/supernode -l $port &
+        iptables -I INPUT -p udp --dport $port -j ACCEPT -m comment --comment 'n2n supernode port'
       ;;
       route)
         config_get_bool enabled "$cfg" 'enabled' '0'
@@ -59,13 +63,15 @@ stop_instance() {
     case "$type" in
       edge)
         config_get tunname "$cfg" 'tunname'
-        iptables -D FORWARD -i "$tunname" -j ACCEPT 2>/dev/null
-        iptables -D FORWARD -o "$tunname" -j ACCEPT 2>/dev/null
-        iptables -t nat -D POSTROUTING -o "$tunname" -j MASQUERADE 2>/dev/null
+        iptables -D FORWARD -i "$tunname" -j ACCEPT -m comment --comment 'n2n edge eth' 2>/dev/null
+        iptables -D FORWARD -o "$tunname" -j ACCEPT -m comment --comment 'n2n edge eth' 2>/dev/null
+        iptables -t nat -D POSTROUTING -o "$tunname" -j MASQUERADE -m comment --comment 'n2n edge net' 2>/dev/null
         killall -9 edge
       ;;
       supernode)
-        killall -9 supernode
+        config_get port "$cfg" 'port'
+        iptables -D INPUT -p udp --dport $port -j ACCEPT -m comment --comment 'n2n supernode port' 2>/dev/null
+        ps | grep supernode | grep -v grep 2>&1 >/dev/null && killall -9 supernode
       ;;
     esac
 }
@@ -81,5 +87,5 @@ start() {
 stop() {
     config_load 'n2n_v2'
     config_foreach stop_instance 'edge'
-    ps | grep supernode | grep -v grep 2>&1 >/dev/null && killall -9 supernode
+    config_foreach stop_instance 'supernode'
 }