- Move from veth to bridge to support docker networking,

- Move default config to darkstar example, - Add cerber config example, - Add NETWORK_DST_NAME & NETWORK_SRC_DEVICE config variables.
2025-07-05 19:30:34 +02:00
parent 41ad7590d9
commit 3366399b37
3 changed files with 126 additions and 71 deletions
--- a/usr/local/lib/dns.bash
+++ b/usr/local/lib/dns.bash
@@ -169,12 +169,17 @@ dns_tab_put()
    dtp_value="$3"


-    ${LOG} 1>&2 "DNS: Update cache entry: Type: [${dtp_type}]   Key: [${dtp_key}]   Value: [${dtp_value}]"
+    if [[ "${dtp_value}" == "" ]]
+    then
+	${LOG} 1>&2 "DNS: Skiping cache entry: Type: [${dtp_type}]   Key: [${dtp_key}]   Value: [${dtp_value}]"
+    else
+	${LOG} 1>&2 "DNS: Update cache entry: Type: [${dtp_type}]   Key: [${dtp_key}]   Value: [${dtp_value}]"
    
-    var_assign DNS_${dtp_type}_ID_LIST "${dtp_key}" INC
-    tab_assign DNS_${dtp_type}_TAB     "${dtp_key}" "${dtp_value}"
+	var_assign DNS_${dtp_type}_ID_LIST "${dtp_key}" INC
+	tab_assign DNS_${dtp_type}_TAB     "${dtp_key}" "${dtp_value}"

-    DNS_CACHE_UPDATED=1
+	DNS_CACHE_UPDATED=1
+    fi
 }


--- a/usr/local/lib/network.bash
+++ b/usr/local/lib/network.bash
@@ -121,7 +121,7 @@ network_dst_tab_load()
            
            tab_assign NETWORK_DST_TAB     "${ndtl_id},Status"          "$( ip link show dev ${ndtl_device} 2>/dev/null | grep -q ",UP," && echo 1 || echo 0)"

-            ndtl_host_name="vpn${ndtl_id}.vpn.rx3"
+            ndtl_host_name="vpn${ndtl_id}.${NETWORK_DST_NAME}"
            
            tab_assign NETWORK_DST_TAB     "${ndtl_id},Host_Name"       "${ndtl_host_name}"
            dns_lookup                     "A"                          "${ndtl_host_name}" "NOCACHE"
@@ -251,6 +251,7 @@ network_dst_tab_dev_lookup()
 network_src_tab_load()
 {
              nstl_id=0
+        nstl_local_id=0
    nstl_port_default=3000


@@ -278,8 +279,18 @@ network_src_tab_load()
            
            case "${nstl_type}"
            in
+                "0") # Local
+#                    nstl_device="${NETWORK_SRC_DEVICE}-${nstl_local_id}"
+#		    ((nstl_local_id++))
+		    [[ $nstl_host_name =~ ([0-9]+) ]]
+		    nstl_device="${NETWORK_SRC_DEVICE}-${BASH_REMATCH[1]}"
+		;;&
+		
+                "1") # Routed
+                    nstl_device=""
+		;;&
+		
                "0"|"1") # Local + Routed
-                            nstl_device=""
                            nstl_status="2"
                    
                    nstl_bytes_received=""
@@ -369,6 +380,7 @@ network_src_tab_get()
    src_port_start=${NETWORK_SRC_TAB["${src_id},Port_Start"]}
    src_port_range=${NETWORK_SRC_TAB["${src_id},Port_Range"]}

+    
    if [[ "${src_port_range}" != "0" ]]
    then
 	src_port_end=$(( ${src_port_start} + ${src_port_range} - 1))
@@ -481,23 +493,34 @@ network_tab_dump()

 network_table_init()
 {
-    ${LOG} "Add Rx3 routes in VPN tables"
-    
-    for table in ${NETWORK_TABLE_LIST}
+    for dst_id in ${NETWORK_DST_ID_LIST}
    do
-      for route in ${IP_ROUTE}
-      do
-	${DEBUG} ip route add ${route/:*/} table ${table} dev ${route/*:/}
-      done
-    done
+	network_dst_tab_get ${dst_id}

-    
-    ${LOG} "Copy main default rule into table 3 (VPN Local routing table)"
-    
-    if [[ "$(ip route list match 0.0.0.0 table main)" != "" ]]
-    then
-	${DEBUG} ip route add $(ip route list match 0.0.0.0 table main) table 3
-    fi
+	if [[ ${dst_type} == "0" ]]
+	then
+	    ${LOG} "Copy main default route into table 3 (VPN Local routing table)"
+	    
+	    if [[ "$(ip route list match 0.0.0.0 table main)" != "" ]]
+	    then
+		${DEBUG} ip route add $(ip route list match 0.0.0.0 table main) table 3
+	    fi
+	else
+	    ${LOG} "Define default route to device: [${dst_device}] into table: [${dst_table}]"
+	    
+	    if [[ "$(ip link show ${dst_device})" != "" ]]
+	    then
+		${DEBUG} ip route add default dev ${dst_device} table ${dst_table}
+	    fi
+	fi
+	
+	${LOG} "Add Rx3 routes in VPN tables"
+	
+	for route in ${IP_ROUTE}
+	do
+	    ${DEBUG} ip route add ${route/:*/} table ${dst_table} dev ${route/*:/}
+	done
+    done
 }


@@ -568,42 +591,40 @@ network_table_set()


 #--------------------------------------------------------------------------------------------------------------------------
-# veth_up
+# bridge_up
 #--------------------------------------------------------------------------------------------------------------------------

-function veth_up
+function bridge_up
 {
-    vu_eth_dev_eth=$1
-       vu_peer_dev=$2
-       vu_eth_addr=$3
-       vu_eth_mask=$4
-      vu_peer_addr=$5
-          vu_table=$6
+#    set -x
+      bu_bridge_device=$1
+     bu_bridge_network=$2
+        bu_bridge_mask=$3
+     bu_bridge_address=$4
+       bu_peer_address=$5
+              bu_table=$6

    
-    ${LOG} "Create veth pair [${vu_eth_dev}]/[${vu_peer_dev}]..."
+    ${LOG} "Create bridge [${bu_bridge_device}]..."
    
-    ${DEBUG} ip link add  ${vu_eth_dev} type veth peer name ${vu_peer_dev}
+    ${DEBUG} ip link add name ${bu_bridge_device} type bridge

    
-    ${LOG} "Configure host side [${vu_eth_dev}:${vu_eth_addr}/${vu_eth_mask}]..."
+    ${LOG} "Configure host side [${bu_bridge_device}:${bu_bridge_address}/${bu_bridge_mask}]..."
    
-    ${DEBUG} ip link set ${vu_eth_dev} up
-    ${DEBUG} ip addr add ${vu_eth_addr}/${vu_eth_mask} dev ${vu_eth_dev}
+    ${DEBUG} ip link set ${bu_bridge_device} up
+    ${DEBUG} ip addr add ${bu_bridge_address}/${bu_bridge_mask} dev ${bu_bridge_device}

    
-    ${LOG} "Configure IP rule and routing..."
+    ${LOG} "Configure IP rule and routing [${bu_bridge_device}]..."
    
-    ${DEBUG} ip rule add  from ${vu_peer_addr} table ${vu_table}
+    ${DEBUG} ip rule add from ${bu_peer_address} table ${bu_table}

-
-    TABLE_LIST=${vu_table}
-
-    vu_route="$(ip route list table main | grep -e ${vu_eth_dev} | grep -e ${vu_eth_addr} | sed 's/ proto.*//')" 
-    for vu_tab in ${TABLE_LIST} 
+    for bu_tab in ${NETWORK_TABLE_LIST}
    do
-        ${DEBUG} ip route add  ${vu_route} table ${vu_tab}
+        ${DEBUG} ip route add ${bu_bridge_network}/${bu_bridge_mask} dev ${bu_bridge_device} table ${bu_tab}
    done
+#    set +x
 }


@@ -611,35 +632,32 @@ function veth_up


 #--------------------------------------------------------------------------------------------------------------------------
-# veth_down
+# bridge_down
 #--------------------------------------------------------------------------------------------------------------------------

-function veth_down
+function bridge_down
 {  
-    vd_eth_dev_eth=$1
-       vd_peer_dev=$2
-       vd_eth_addr=$3
-       vd_eth_mask=$4
-      vd_peer_addr=$5
-          vd_table=$6
+      bd_bridge_device=$1
+     bd_bridge_network=$2
+        bd_bridge_mask=$3
+     bd_bridge_address=$4
+       bd_peer_address=$5
+              bd_table=$6

+	      
+    ${LOG} "Remove IP routing and rule [${bd_bridge_device}]..."
    
-    ${LOG} "Remove IP routing and rule..."
-    
-    TABLE_LIST=${vd_table}
-
-    vd_route="$(ip route list table main | grep -e ${vd_eth_dev} | grep -e ${vd_eth_addr} | sed 's/ proto.*//')" 
-    for tab in ${TABLE_LIST} 
+    for bd_tab in ${NETWORK_TABLE_LIST}
    do
-        ${DEBUG} ip route show ${vd_route} table ${tab} &> /dev/null && ${DEBUG} ip route del  ${route} table ${tab} &> /dev/null || true
+        ${DEBUG} ip route del ${bd_bridge_network}/${bd_bridge_mask} dev ${bd_bridge_device} table ${bd_tab} || true
    done
-    
-    ${DEBUG} ip rule del from ${vd_peer_addr} &> /dev/null || true

-
-    ${LOG} "Remove veth pair..."
+    ${DEBUG} ip rule del from ${bd_peer_address} table ${bd_table}
    
-    ${DEBUG} ip link show ${vd_eth_dev} &> /dev/null && ${DEBUG} ip link del ${vd_eth_dev} &> /dev/null
+
+    ${LOG} "Remove bridge [${bd_bridge_device}]..."
+    
+    ${DEBUG} ip link show ${bd_bridge_device} && ${DEBUG} ip link del ${bd_bridge_device}
 }


@@ -647,12 +665,28 @@ function veth_down


 #--------------------------------------------------------------------------------------------------------------------------
-# network_veth_init
+# network_bridge_init
 #--------------------------------------------------------------------------------------------------------------------------

-network_veth_init()
+network_bridge_init()
 {
-    ${LOG} "Add VEth"
+    ${LOG} "Add all Bridges"
+
+    for src_id in ${NETWORK_SRC_ID_LIST}
+    do
+	network_src_tab_get ${src_id}
+
+	if [[ "${src_type}" == "0" ]]
+	then
+	    nbi_bridge_device="${src_device}"
+	    nbi_bridge_network="${src_ip%.*}.$(( ${src_ip/*./} - 1))"
+	    nbi_bridge_mask="30"
+	    nbi_bridge_address="${src_ip%.*}.$(( ${src_ip/*./} + 1))"
+	    nbi_peer_address="${src_ip}"
+	    
+	    bridge_up "${nbi_bridge_device}" "${nbi_bridge_network}" "${nbi_bridge_mask}" "${nbi_bridge_address}" "${nbi_peer_address}" "${src_table}"
+	fi
+    done   
 }


@@ -660,12 +694,28 @@ network_veth_init()


 #--------------------------------------------------------------------------------------------------------------------------
-# network_veth_deinit
+# network_bridge_deinit
 #--------------------------------------------------------------------------------------------------------------------------

-network_veth_deinit()
+network_bridge_deinit()
 {
-    ${LOG} "Remove VEth"
+    ${LOG} "Remove all Bridge"
+    
+    for src_id in ${NETWORK_SRC_ID_LIST}
+    do
+	network_src_tab_get ${src_id}
+
+	if [[ "${src_type}" == "0" ]]
+	then
+	    nbi_bridge_device="${src_device}"
+	    nbi_bridge_network="${src_ip%.*}.$(( ${src_ip/*./} - 1))"
+	    nbi_bridge_mask="30"
+	    nbi_bridge_address="${src_ip%.*}.$(( ${src_ip/*./} + 1))"
+	    nbi_peer_address="${src_ip}"
+	    
+	    bridge_down "${nbi_bridge_device}" "${nbi_bridge_network}" "${nbi_bridge_mask}" "${nbi_bridge_address}" "${nbi_peer_address}" "${src_table}"
+	fi
+    done
 }


@@ -803,7 +853,7 @@ network_start()
 {
    network_table_init

-    network_veth_init
+    network_bridge_init
    
    network_forward_start
 }
@@ -820,7 +870,7 @@ network_stop()
 {
    network_forward_stop
    
-    network_veth_deinit
+    network_bridge_deinit
    
    network_table_deinit
 }