add openwrt package

Signed-off-by: liudengfeng <liudengfeng@kunteng.org>
turanalmammadov · Dec 8, 2018 · 3e89cb0 · 3e89cb0
1 parent 744b671
commit 3e89cb0
Show file tree

Hide file tree

Showing 4 changed files with 368 additions and 0 deletions.
diff --git a/openwrt/Makefile b/openwrt/Makefile
@@ -0,0 +1,70 @@
+#
+# Copyright (C) 2018 KunTeng.org.cn
+#
+# This is free software, licensed under the GNU General Public License v3.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=apfree-wifidog
+PKG_VERSION:=3.11.1716
+PKG_RELEASE=1
+
+
+PKG_LICENSE:=GPL-3.0
+PKG_MAINTAINER:=Dengfeng Liu<liudengfeng@kunteng.org>
+PKG_LICENSE_FILES:=COPYING
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/liudf0716/apfree_wifidog.git
+PKG_SOURCE_VERSION:=$(PKG_VERSION)
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_MIRROR_HASH:=01dfcb80ddaacc0ec234335ff1c229c9af2524b6b802216de93bcc85588a823e
+
+PKG_INSTALL:=1
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(PKG_NAME)-$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+define Package/apfree-wifidog
+  SUBMENU:=Captive Portals
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+zlib +iptables-mod-extra +iptables-mod-ipopt +kmod-ipt-nat +iptables-mod-nat-extra \
+           +libpthread +libopenssl +@OPENSSL_WITH_EC +@OPENSSL_WITH_DEPRECATED +@OPENSSL_WITH_PSK \
+           +libjson-c +ipset +libip4tc +libevent2 +libevent2-openssl \
+           +fping +libmosquitto +libuci +px5g
+  TITLE:=Apfree's wireless captive portal solution
+  URL:=http://www.kunteng.org.cn
+endef
+
+define Package/apfree-wifidog/description
+	The ApFree Wifidog project is a complete and embeddable captive
+	portal solution for wireless community groups or individuals
+	who wish to open a free Hotspot while still preventing abuse
+	of their Internet connection.
+	It's enhanced wifidog
+endef
+
+define Package/apfree-wifidog/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/wifidogx $(1)/usr/bin/wifidogx
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/wdctlx $(1)/usr/bin/wdctlx
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) ./files/wdping $(1)/usr/sbin/
+	$(INSTALL_DIR) $(1)/etc
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/wifidog-msg.html $(1)/etc/
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/wifidog-redir.html $(1)/etc/
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/wifidog-redir.html.front $(1)/etc/
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/wifidog-redir.html.rear $(1)/etc/
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/authserver-offline.html $(1)/etc/
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/internet-offline.html $(1)/etc/
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/wifidogx.init $(1)/etc/init.d/wifidogx
+	$(INSTALL_DIR) $(1)/etc/config
+	$(CP) ./files/wifidogx.conf $(1)/etc/config/wifidogx
+endef
+
+$(eval $(call BuildPackage,apfree-wifidog))
diff --git a/openwrt/files/wdping b/openwrt/files/wdping
@@ -0,0 +1,7 @@
+#!/bin/sh
+IP=$1
+[ -x /usr/sbin/fping ] && {
+	fping -t 100 -c 1 $IP &> /dev/null && echo 1 || echo 0
+} || {
+	ping -w 1 -c 1 $IP &> /dev/null && echo 1 || echo 0
+}
diff --git a/openwrt/files/wifidogx.conf b/openwrt/files/wifidogx.conf
@@ -0,0 +1,12 @@
+config wifidog
+	option	gateway_interface	'br-lan'
+	option	auth_server_hostname	'wifidog.kunteng.org.cn'
+	option	auth_server_port	443
+	option	auth_server_path	'/wifidog/'	
+	option	check_interval		60
+	option	client_timeout		10
+	option	pool_mode			1
+	option	thread_number		5
+	option	queue_size			20
+	option	wired_passed		0
+	option	enable		0
diff --git a/openwrt/files/wifidogx.init b/openwrt/files/wifidogx.init
@@ -0,0 +1,279 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2018 KunTeng.org.cn
+START=65
+
+USE_PROCD=1
+PROG=/usr/bin/wifidogx
+CONFIGFILE=/tmp/wifidog.conf
+
+EXTRA_COMMANDS="status"
+EXTRA_HELP="        status Print the status of the service"
+
+PX5G_BIN="/usr/sbin/px5g"
+OPENSSL_BIN="/usr/bin/openssl"
+APFREE_CERT="/etc/apfree.crt"
+APFREE_KEY="/etc/apfree.key"
+
+generate_keys() {
+    local days bits country state location commonname
+
+    # Prefer px5g for certificate generation (existence evaluated last)
+    local GENKEY_CMD=""
+    local UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"')
+    [ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -sha256 -outform pem -nodes"
+    [ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -pem"
+    [ -n "$GENKEY_CMD" ] && {
+        $GENKEY_CMD \
+            -days ${days:-720} -newkey rsa:${bits:-2048} -keyout "${APFREE_KEY}.new" -out "${APFREE_CERT}.new" \
+            -subj /C="${country:-CN}"/ST="${state:-localhost}"/L="${location:-Unknown}"/O="${commonname:-ApFreeWiFidog}$UNIQUEID"/CN="${commonname:-ApFreeWiFidog}"
+        sync
+        mv "${APFREE_KEY}.new" "${APFREE_KEY}"
+        mv "${APFREE_CERT}.new" "${APFREE_CERT}"
+    }
+}
+
+service_trigger() {
+	 procd_add_reload_trigger	"wifidogx"
+}
+
+echo_firewall_rule() {
+	echo "    FirewallRule $1"
+}
+
+prepare_mqtt_conf() {
+	local cfg=$1
+	local serveraddr
+	local serverport
+
+	config_get serveraddr "$cfg" "serveraddr"
+	config_get serverport "$cfg" "serverport"
+	[ -z "$serveraddr" -o -z "$serverport" ] && return 1
+
+	cat <<-EOF >>$CONFIGFILE
+ 
+		MQTT {
+		    ServerAddr $serveraddr
+		    ServerPort $serverport
+		}
+EOF
+
+	sed -i -e '/^$/d' $CONFIGFILE
+}
+
+prepare_wifidog_conf() {
+	local cfg=$1
+	local enable
+	local gateway_id
+	local gateway_interface
+	local auth_server_hostname
+	local auth_server_http_port
+	local auth_server_path
+	local auth_server_path_login
+	local auth_server_path_portal
+	local auth_server_path_msg
+	local auth_server_path_ping
+	local auth_server_path_auth
+	local delta_traffic
+	local check_interval
+	local client_timeout
+	local httpd_max_conn
+	local trusted_domains
+	local js_filter
+	local trusted_maclist
+	local untrusted_maclist
+	local pool_mode
+	local thread_number
+	local queue_size
+	local wired_passed
+	local trusted_iplist
+	local trusted_pan_domains
+	local proxy_port
+	local no_auth
+	local apple_cna
+	local update_domain_interval
+	local dns_timeout
+
+	[ -f $CONFIGFILE ] && rm $CONFIGFILE
+
+	config_get enable "$cfg" "enable" 0
+	[ $enable = "1" ] || return
+
+	local default_gateway_id=`ifconfig br-lan|grep HWaddr|awk '{print $5}'|sed s/://g`
+
+	local external_interface=`uci show network.wan.ifname|cut -d'=' -f 2|sed -e "s/'//g"`
+
+	config_get gateway_id "$cfg" "gateway_id" $default_gateway_id
+	config_get gateway_interface "$cfg" "gateway_interface" "br-lan"
+	config_get auth_server_hostname "$cfg" "auth_server_hostname" 
+	config_get auth_server_port "$cfg" "auth_server_port" "80"
+	config_get auth_server_path "$cfg" 	"auth_server_path" "/wifidog/"
+	config_get auth_server_path_login "$cfg" 	"auth_server_path_login"
+	config_get auth_server_path_portal "$cfg" 	"auth_server_path_portal"
+	config_get auth_server_path_msg "$cfg" 	"auth_server_path_msg"
+	config_get auth_server_path_ping "$cfg" 	"auth_server_path_ping"
+	config_get auth_server_path_auth "$cfg" 	"auth_server_path_auth"
+	config_get delta_traffic	"$cfg"	"delta_traffic"
+	config_get check_interval	"$cfg"	"check_interval"	"60"
+	config_get js_filter		"$cfg"	"js_filter"			1
+	config_get client_timeout	"$cfg"	"client_timeout"	"5"
+	config_get httpd_max_conn	"$cfg"	"httpd_max_conn"	"200"
+	config_get trusted_domains 	"$cfg"	"trusted_domains"
+	config_get trusted_maclist		"$cfg"	"trusted_maclist"
+	config_get untrusted_maclist 	"$cfg"	"untrusted_maclist"
+	config_get pool_mode		"$cfg"	"pool_mode"			0
+	config_get thread_number	"$cfg"	"thread_number"		20
+	config_get queue_size		"$cfg"	"queue_size"		200
+	config_get wired_passed		"$cfg"	"wired_passed"		1
+	config_get trusted_iplist	"$cfg"	"trusted_iplist"
+	config_get trusted_pan_domains	"$cfg"	"trusted_pan_domains"
+	config_get proxy_port	"$cfg"	"proxy_port"
+	config_get no_auth	"$cfg"	"no_auth"
+	config_get apple_cna	"$cfg"	"bypass_apple_cna"
+	config_get update_domain_interval	"$cfg"	"update_domain_interval"
+	config_get dns_timeout	"$cfg"	"dns_timeout"
+
+	local set_auth_server_path_login=`[ -n "$auth_server_path_login" ] && echo "    LoginScriptPathFragment $auth_server_path_login"`
+	local set_auth_server_path_portal=`[ -n "$auth_server_path_portal" ] && echo "    PortalScriptPathFragment $auth_server_path_portal"`
+	local set_auth_server_path_msg=`[ -n "$auth_server_path_msg" ] && echo "    MsgScriptPathFragment $auth_server_path_msg"`
+	local set_auth_server_path_ping=`[ -n "$auth_server_path_ping" ] && echo "    PingScriptPathFragment $auth_server_path_ping"`
+	local set_auth_server_path_auth=`[ -n "$auth_server_path_auth" ] && echo "    AuthScriptPathFragment $auth_server_path_auth"` 
+	local set_delta_traffic=`[ -n "$delta_traffic" ] && echo "DeltaTraffic $delta_traffic"` 
+	local set_trusted_maclist=`[ -n "$trusted_maclist" ] && echo "TrustedMACList $trusted_maclist"` 
+	local set_untrusted_maclist=`[ -n "$untrusted_maclist" ] && echo "UntrustedMACList $untrusted_maclist"` 
+	local set_trusted_domains=`[ -n "$trusted_domains" ] && echo "TrustedDomains	$trusted_domains"`
+	local set_trusted_iplist=`[ -n "$trusted_iplist" ] && echo "TrustedIpList	$trusted_iplist"`
+	local set_trusted_pan_domains=`[ -n "$trusted_pan_domains" ] && echo "TrustedPanDomains"	$trusted_pan_domains`
+	local set_proxy_port=`[ -n "$proxy_port" ] && echo "Proxyport"	$proxy_port`
+	local set_no_auth=`[ -n "$no_auth"  ] && echo "NoAuth"  $no_auth`
+	local set_firewall_rule_global=`config_list_foreach "$cfg" "firewall_rule_global" echo_firewall_rule`
+	local set_firewall_rule_validating_users=`config_list_foreach "$cfg" "firewall_rule_validating_users" echo_firewall_rule`
+	local set_firewall_rule_known_users=`config_list_foreach "$cfg" "firewall_rule_known_users" echo_firewall_rule`
+	local set_firewall_rule_auth_is_down=`config_list_foreach "$cfg" "firewall_rule_auth_is_down" echo_firewall_rule`
+	local set_firewall_rule_unknown_users=`config_list_foreach "$cfg" "firewall_rule_unknown_users" echo_firewall_rule`
+	local set_firewall_rule_locked_users=`config_list_foreach "$cfg" "firewall_rule_locked_users" echo_firewall_rule`
+	local set_apple_cna=`[ -n "$apple_cna"  ] && echo "BypassAppleCNA" $apple_cna`
+	local set_update_domain_interval=`[ -n "$update_domain_interval" ] && echo "UpdateDomainInterval" $update_domain_interval`
+	local set_dns_timeout=`[ -n "$dns_timeout" ] && echo "DNSTimeout" $dns_timeout`
+
+	cat <<-EOF >$CONFIGFILE
+		GatewayID $gateway_id
+		GatewayInterface $gateway_interface
+		Externalinterface $external_interface
+ 
+		AuthServer {
+		    Hostname $auth_server_hostname
+		    HTTPPort $auth_server_port
+		    Path $auth_server_path
+			$set_auth_server_path_login
+			$set_auth_server_path_portal
+			$set_auth_server_path_msg
+			$set_auth_server_path_ping
+			$set_auth_server_path_auth
+		}
+ 
+		$set_delta_traffic
+		CheckInterval $check_interval
+		ClientTimeout $client_timeout
+		JsFilter	$js_filter
+		WiredPassed	$wired_passed
+
+		PoolMode	$pool_mode
+		ThreadNumber	$thread_number
+		QueueSize	$queue_size
+
+		$set_trusted_domains
+
+		$set_untrusted_maclist
+
+		$set_trusted_maclist
+
+		$set_trusted_iplist
+
+		$set_trusted_pan_domains
+
+		$set_proxy_port
+
+		$set_no_auth
+
+		$set_apple_cna
+
+		$set_update_domain_interval
+
+		$set_dns_timeout
+
+		FirewallRuleSet global {
+			$set_firewall_rule_global
+		}
+ 
+		FirewallRuleSet validating-users {
+			$set_firewall_rule_validating_users
+		    FirewallRule allow to 0.0.0.0/0
+		}
+ 
+		FirewallRuleSet known-users {
+			$set_firewall_rule_known_users
+		    FirewallRule allow to 0.0.0.0/0
+		}
+ 
+		FirewallRuleSet auth-is-down {
+			$set_firewall_rule_auth_is_down
+		}
+ 
+		FirewallRuleSet unknown-users {
+			$set_firewall_rule_unknown_users
+		    FirewallRule allow udp port 53
+		    FirewallRule allow tcp port 53
+		    FirewallRule allow udp port 67
+		    FirewallRule allow tcp port 67
+		}
+ 
+		FirewallRuleSet locked-users {
+			$set_firewall_rule_locked_users
+		    FirewallRule block to 0.0.0.0/0
+		}
+EOF
+}
+
+init_config() {
+	config_load wifidogx
+	config_foreach prepare_wifidog_conf wifidog
+
+	[ ! -f $CONFIGFILE ] && {
+		echo "no wifidog.conf, exit..."
+		stop
+		exit
+	}
+
+	[ -s "$APFREE_CERT" -a -s "$APFREE_KEY" ] || {
+		generate_keys
+	}
+
+	[ ! -f $APFREE_KEY -o ! -f $APFREE_CERT ] && {
+		echo "no cert or key, exit..."
+		stop
+		exit
+	}
+
+	config_foreach prepare_mqtt_conf mqtt
+}
+
+start_service() {
+	init_config
+
+	procd_open_instance
+	# -s: log to syslog
+	# -f: run in foreground
+	procd_set_param command $PROG -c $CONFIGFILE -f -d 0
+	procd_set_param respawn # respawn automatically if something died
+	procd_set_param file	$CONFIGFILE
+	procd_close_instance
+}
+
+reload_service() {
+	rc_procd start_service "$@"
+	return 0
+}
+
+status() {
+	/usr/bin/wdctlx status
+}