porttrigger: implementation of porttrigger

Added init script Makefile and library for rule installation

porttrigger/Makefile

@@ -0,0 +1,56 @@
+#
+# Copyright (C) 2021-2023 IOPSYS Software Solutions AB
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=porttrigger
+PKG_VERSION:=1.0.0
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+LOCAL_DEV:=1
+ifneq ($(LOCAL_DEV),1)
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/port-trigger.git
+PKG_SOURCE_VERSION:=
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
+PKG_MIRROR_HASH:=skip
+endif
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=LICENSE
+
+include $(INCLUDE_DIR)/package.mk
+include ../bbfdm/bbfdm.mk
+
+define Package/porttrigger
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=Port Trigger Daemon
+  DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libbbfdm-api
+endef
+
+define Package/porttrigger/description
+	Manage port trigger
+endef
+
+ifeq ($(LOCAL_DEV),1)
+define Build/Prepare
+        $(CP) -rf ./port-trigger/* $(PKG_BUILD_DIR)/
+endef
+endif
+
+define Package/porttrigger/install
+	$(CP) ./files/* $(1)/
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DIR) $(1)/lib/porttrigger
+                                                                                
+	$(INSTALL_BIN) ./files/etc/init.d/porttrigger $(1)/etc/init.d/
+	$(INSTALL_DATA) ./files/etc/config/porttrigger $(1)/etc/config/
+	$(INSTALL_DATA) ./files/lib/port_trigger.sh $(1)/lib/porttrigger/
+	$(call BbfdmInstallPlugin,$(1),$(PKG_BUILD_DIR)/bbf_plugin/libporttrigger.so)
+endef
+
+$(eval $(call BuildPackage,porttrigger))

porttrigger/files/etc/config/porttrigger

@@ -0,0 +1 @@
+#port trigger uci file

porttrigger/files/etc/init.d/porttrigger

@@ -0,0 +1,20 @@
+#!/bin/sh /etc/rc.common
+
+START=65
+STOP=20
+USE_PROCD=1
+
+. /lib/porttrigger/port_trigger.sh
+
+start_service() {
+	port_trigger_handling
+}
+
+service_triggers()
+{
+	procd_add_reload_trigger "firewall"
+}
+
+reload_service() {
+	start
+}

porttrigger/files/lib/port_trigger.sh

@@ -0,0 +1,99 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+process_port_trigger() {
+	local rule_id="$1"
+	local is_enabled=""
+	local duration=""
+	local trigger_dport=""
+	local trigger_dport_end=""
+	local protocol=""
+	local interface=""
+	local open_dport=""
+	local open_dport_end=""
+	local open_protocol=""
+	local ptg_id=""
+
+	config_get ptg_id "$rule_id" "dm_parent"
+
+	is_enabled=$(uci -q get porttrigger."$ptg_id".enable)
+
+	if [ -z "$is_enabled" ] || [ "$is_enabled" = "0" ]; then
+		return
+	fi
+
+	IP_RULE=""
+	protocol=$(uci -q get porttrigger."$ptg_id".protocol)
+	[ -z "$protocol" ] && return
+
+	if [ "$protocol" = "UDP" ] || [ "$protocol" = "udp" ]; then
+		IP_RULE="$IP_RULE -p udp"
+	elif [ "$protocol" = "TCP" ] || [ "$protocol" = "tcp" ]; then
+		IP_RULE="$IP_RULE -p tcp"
+	else
+		return
+	fi
+
+	trigger_dport=$(uci -q get porttrigger."$ptg_id".port)
+	[ -z "$trigger_dport" ] && return
+	IP_RULE="$IP_RULE --dport $trigger_dport"
+
+	trigger_dport_end=$(uci -q get porttrigger."$ptg_id".end_port_range)
+	if [ -n "$trigger_dport_end" ]; then
+		IP_RULE="$IP_RULE:$trigger_dport"
+	fi
+
+	config_get open_protocol "$rule_id" "protocol"
+	if [ "$open_protocol" = "UDP" ] || [ "$open_protocol" = "udp" ]; then
+		IP_RULE="$IP_RULE -j TRIGGER --trigger-type out --trigger-proto udp"
+	elif [ "$open_protocol" = "TCP" ] || [ "$open_protocol" = "tcp" ]; then
+		IP_RULE="$IP_RULE -j TRIGGER --trigger-type out --trigger-proto tcp"
+	else
+		return
+	fi
+
+	config_get open_dport "$rule_id" "port"
+	[ -z "$open_dport" ] && return
+	IP_RULE="$IP_RULE --trigger-match $open_dport"
+
+	config_get open_dport_end "$rule_id" "end_port_range"
+	if [ -z "$open_dport_end" ]; then
+		IP_RULE="$IP_RULE --trigger-relate $open_dport"
+	else
+		IP_RULE="$IP_RULE-$open_dport_end --trigger-relate $open_dport-$open_dport_end"
+	fi
+
+	duration=$(uci -q get porttrigger."$ptg_id".auto_disable_duration)
+        if [ -n "$duration" ]; then
+                IP_RULE="$IP_RULE --trigger-timeout $duration"
+        fi
+
+	interface=$(uci -q get porttrigger."$ptg_id".src)
+	[ -z "$interface" ] && return
+	device=$(uci show network | grep -w "name='.*$interface'" | cut -d'.' -f2)
+	ports=$(uci -q get network."$device".ports)
+	for port in ${ports}; do
+        	IP_RULE_1="iptables -t nat -A prerouting_porttrigger -i $port $IP_RULE"
+        	echo "$IP_RULE_1">>/tmp/port_trigger_iptables
+	done
+}
+
+port_trigger_handling() {
+	rm /tmp/port_trigger_iptables
+	iptables -w -t nat -F prerouting_porttrigger
+
+	touch /tmp/port_trigger_iptables
+	prerouting_porttrigger=$(iptables -t nat --list | grep prerouting_porttrigger)
+	if [ -z "$prerouting_porttrigger" ]; then
+		iptables -w -t nat -N prerouting_porttrigger
+		ret=$?
+		[ $ret -eq 0 ] && iptables -w -t nat -I PREROUTING -j prerouting_porttrigger
+	fi
+
+	# Load /etc/config/porttrigger UCI file
+	config_load porttrigger
+	config_foreach process_port_trigger rule
+
+	sh /tmp/port_trigger_iptables
+}