From a86d2f5d898523ddaa95044d45a6210a6c733645 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 20 Mar 2016 18:39:04 +0100 Subject: doc: examples/openwrt: update init script and example config with new options --- doc/examples/openwrt/fastd.config | 20 +++++++++++------ doc/examples/openwrt/fastd.init | 46 ++++++++++++++++++++++++--------------- 2 files changed, 41 insertions(+), 25 deletions(-) diff --git a/doc/examples/openwrt/fastd.config b/doc/examples/openwrt/fastd.config index b2ab205..f24b89b 100644 --- a/doc/examples/openwrt/fastd.config +++ b/doc/examples/openwrt/fastd.config @@ -62,7 +62,8 @@ config fastd sample_config # Socket to get fastd's status # option status_socket '/var/run/fastd-example.sock' - # Limits the maximum number of connections, optional + # Limits the maximum number of connections (optional) + # May also be used in peer groups # option peer_limit 5 # The secret key @@ -82,13 +83,21 @@ config fastd sample_config # If set to 1, the logs won't contain peers' MAC addresses # option hide_mac_addresses '0' - # command to configure IP addresses etc. after the tunnel interface is up; $1 will be the interface name (optional) + # If set to 0, peer-specific interfaces will only exist as long as there is an active connection +# option persist_interface '1' + + # If fastd was compiled with libcap support, defines how capabilities are handled + # Possible values: 1, 0, early, force (see fastd documentation for a description of the values) +# option drop_capabilities '1' + + # Command to configure IP addresses etc. after the tunnel interface is up; $1 will be the interface name (optional) # option up '' - # command to execute before the tunnel interface is set down; $1 will be the interface name (optional) + # Command to execute before the tunnel interface is set down; $1 will be the interface name (optional) # option down '' - # commands executed by fastd ($INTERFACE can be used for the interface name; optional) + # Commands executed by fastd ($INTERFACE can be used for the interface name; optional) + # All except on_pre_up and on_post_down may also be used in peer groups # option on_pre_up '' # option on_up '' # option on_down '' @@ -152,6 +161,3 @@ config peer_group sample_group # Methods set in the peer group override the ones configured in the parent group or globally # list method 'null' - - # Limits the maximum number of connections to peers in this group (optional) -# option peer_limit 5 diff --git a/doc/examples/openwrt/fastd.init b/doc/examples/openwrt/fastd.init index 6bb48d0..15737b4 100644 --- a/doc/examples/openwrt/fastd.init +++ b/doc/examples/openwrt/fastd.init @@ -71,33 +71,40 @@ guard_quotes() { yes_no() { case "$1" in - 0|no|off|false|disabled) echo -n no;; - *) echo -n yes;; + 1|yes|on|true|enabled) + echo -n yes;; + 0|no|off|false|disabled) + echo -n no;; + *) + guard_value "$1";; esac } +config_string_bind='bind $(guard_quotes "$value");' config_string_config='include $(escape_string "$value");' config_string_config_peer='include peer $(escape_string "$value");' config_string_config_peer_dir='include peers from $(escape_string "$value");' -config_string_bind='bind $(guard_quotes "$value");' +config_string_drop_capabilities='drop capabilities $(yes_no "$value");' +config_string_forward='forward $(yes_no "$value");' +config_string_group='group $(escape_string "$value");' +config_string_hide_ip_addresses='hide ip addresses $(yes_no "$value");' +config_string_hide_mac_addresses='hide mac addresses $(yes_no "$value");' +config_string_interface='interface $(escape_string "$value");' config_string_method='method $(escape_string "$value");' -config_string_syslog_level='log to syslog level $(guard_value "$value");' config_string_mode='mode $(guard_value "$value");' -config_string_interface='interface $(escape_string "$value");' config_string_mtu='mtu $(guard_value "$value");' config_string_peer_limit='peer limit $(guard_value "$value");' -config_string_user='user $(escape_string "$value");' -config_string_group='group $(escape_string "$value");' -config_string_status_socket='status socket $(escape_string "$value");' -config_string_forward='forward $(yes_no "$value");' -config_string_hide_ip_addresses='hide ip addresses $(yes_no "$value");' -config_string_hide_mac_addresses='hide mac addresses $(yes_no "$value");' -config_string_secure_handshakes='secure handshakes $(yes_no "$value");' config_string_packet_mark='packet mark $(guard_value "$value");' +config_string_persist_interface='persist interface $(yes_no "$value");' +config_string_secure_handshakes='secure handshakes $(yes_no "$value");' +config_string_status_socket='status socket $(escape_string "$value");' +config_string_syslog_level='log to syslog level $(guard_value "$value");' +config_string_user='user $(escape_string "$value");' + config_string_on_pre_up='on pre-up $(escape_string "$value");' +config_string_on_post_down='on post-down $(escape_string "$value");' config_string_on_up='on up $(escape_string "$value");' config_string_on_down='on down $(escape_string "$value");' -config_string_on_post_down='on post-down $(escape_string "$value");' config_string_on_connect='on connect $(escape_string "$value");' config_string_on_establish='on establish $(escape_string "$value");' config_string_on_disestablish='on disestablish $(escape_string "$value");' @@ -106,8 +113,10 @@ config_string_on_verify='on verify $(escape_string "$value");' config_string_peer='peer $(escape_string "$value") {' config_string_peer_group='peer group $(escape_string "$value") {' -peer_string_key='key $(escape_string "$value");' peer_string_float='float $(yes_no "$value");' +peer_string_interface='interface $(escape_string "$value");' +peer_string_key='key $(escape_string "$value");' +peer_string_mtu='mtu $(guard_value "$value");' peer_string_remote='remote $(guard_quotes "$value");' generate_option() { @@ -167,7 +176,7 @@ generate_peer_config() { fi append_options "$peer" peer \ - key float remote + float interface key mtu remote } generate_single_peer_config() { @@ -234,7 +243,8 @@ generate_peer_group_config() { if [ -z "$update_only" ]; then generate_option "$group" config_string_peer_group append_options "$group" config \ - config config_peer config_peer_dir method peer_limit + config config_peer config_peer_dir method peer_limit \ + on_up on_down on_connect on_establish on_disestablish on_verify fi update_peer_group "$net" "$group_dir" "$group" "$update_only" @@ -256,9 +266,9 @@ generate_config() { generate_option 'info' config_string_syslog_level append_options "$s" config \ - config config_peer config_peer_dir bind method syslog_level mode interface mtu peer_limit \ + bind config config_peer config_peer_dir drop_capabilities method syslog_level mode interface mtu peer_limit \ user group status_socket forward hide_ip_addresses hide_mac_addresses secure_handshakes packet_mark \ - on_pre_up on_up on_down on_post_down on_connect on_establish on_disestablish on_verify + persist_interface on_pre_up on_post_down on_up on_down on_connect on_establish on_disestablish on_verify config_get mode "$s" mode -- cgit v1.2.3