First commit

Makefile

@@ -0,0 +1,53 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=luci-app-airwhu
+PKG_VERSION=1.0
+PKG_RELEASE:=1
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
+
+PO2LMO:=$(BUILD_DIR)/luci/build/po2lmo
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/luci-app-airwhu
+	SECTION:=luci
+	CATEGORY:=LuCI
+	SUBMENU:=3. Applications
+	DEPENDS:=+mentohust +kmod-ipt-nat6
+	TITLE:=luci-app-airwhu
+	PKGARCH:=all
+endef
+
+define Package/luci-app-airwhu/description
+	 LuCI web-interface for Ruijie 802.1X Client with IPv6 NAT.
+endef
+
+define Build/Prepare
+	mkdir -p $(PKG_BUILD_DIR)
+	$(CP) ./* $(PKG_BUILD_DIR)/
+	$(PO2LMO) $(PKG_BUILD_DIR)/po/airwhu.zh-cn.po $(PKG_BUILD_DIR)/po/airwhu.zh-cn.lmo
+endef  
+
+define Build/Compile
+endef
+
+define Package/luci-app-airwhu/install
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
+	$(INSTALL_DIR) $(1)/bin
+	$(INSTALL_DIR) $(1)/usr/lib/lua/luci/model/cbi
+	$(INSTALL_DIR) $(1)/usr/lib/lua/luci/controller
+	$(INSTALL_DIR) $(1)/usr/lib/lua/luci/i18n  
+
+	$(INSTALL_CONF) ./files/root/etc/config/airwhu $(1)/etc/config/airwhu
+	$(INSTALL_BIN) ./files/root/etc/init.d/mentohust $(1)/etc/init.d/mentohust
+	$(INSTALL_BIN) ./files/root/etc/hotplug.d/iface/99-ipv6nat $(1)/etc/hotplug.d/iface/99-ipv6nat
+	$(INSTALL_BIN) ./files/root/bin/ipv6masq.sh $(1)/bin/ipv6masq.sh
+	$(INSTALL_DATA) ./files/root/usr/lib/lua/luci/model/cbi/airwhu.lua $(1)/usr/lib/lua/luci/model/cbi/airwhu.lua
+	$(INSTALL_DATA) ./files/root/usr/lib/lua/luci/controller/airwhu.lua $(1)/usr/lib/lua/luci/controller/airwhu.lua
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/po/airwhu.zh-cn.lmo $(1)/usr/lib/lua/luci/i18n/airwhu.zh-cn.lmo
+endef
+
+$(eval $(call BuildPackage,luci-app-airwhu))

README.md

@@ -0,0 +1,9 @@
+luci-app-airwhu
+===================
+
+代码中只包含Lua和Bash脚本，所以不受限于平台，编译后的文件可以在任何平台安装：<br/>
+opkg install luci-app-airwhu_1.0-1_all.ipk<br/>
+
+该luci界面依赖MentoHUST以及kmod-ipt-nat6这两个ipk包。
+
+该说明有待完善。

files/root/bin/ipv6masq.sh

@@ -0,0 +1,41 @@
+#!/bin/sh /etc/rc.common
+#Author:KyleRicardo
+#Email:[email protected]
+
+action=$1
+
+if [ "$action"x = "install"x ]; then 
+	uci delete network.globals.ula_prefix
+
+	uci set network.wan6.peerdns='0'
+	uci set network.wan6.dns='2001:da8:202:10::36'
+
+	uci delete network.lan.ip6assign
+	uci set network.lan.ip6addr='BABE:BABE:BABE:BABE::1/64'
+	uci set network.lan.ip6prefix='BABE:BABE:BABE:BABE::/64'
+
+	uci set dhcp.lan.ra_management='1'
+	uci set dhcp.lan.ra_default='1'
+
+	uci set $(uci show firewall|grep Allow-ICMPv6-Forward|sed -e 's/.name[^ ]*'//).enabled='0'
+
+	uci commit
+
+
+elif [ "$action"x = "uninstall"x ]; then 
+	uci set network.globals.ula_prefix='fdad:91b7:54bb::/48'
+
+	uci delete network.wan6.peerdns='0'
+	uci delete network.wan6.dns='2001:da8:202:10::36'
+
+	uci set network.lan.ip6assign='60'
+	uci delete network.lan.ip6addr='BABE:BABE:BABE:BABE::1/64'
+	uci delete network.lan.ip6prefix='BABE:BABE:BABE:BABE::/64'
+
+	uci delete dhcp.lan.ra_management='1'
+	uci delete dhcp.lan.ra_default='1'
+
+	uci delete $(uci show firewall|grep Allow-ICMPv6-Forward|sed -e 's/.name[^ ]*'//).enabled
+
+	uci commit
+fi

files/root/etc/config/airwhu

@@ -0,0 +1,4 @@
+
+config switch
+
+config auth

files/root/etc/hotplug.d/iface/99-ipv6nat

@@ -0,0 +1,56 @@
+#!/bin/sh /etc/rc.common
+#Author:KyleRicardo
+#Email:[email protected]
+
+
+[ "$ACTION" = ifup ] || exit 0
+iface=wan6
+[ -z "$iface" -o "$INTERFACE" = "$iface" ] || exit 0
+ip -6 route add `ip -6 route show default|sed -e 's/from [^ ]* //'`
+logger -t IPv6 "Add IPv6 default route."
+
+MAX_TRIES=99
+
+WAN6_NAME="wan6"
+
+WAN6_INTERFACE=$(uci get "network.$WAN6_NAME.ifname")
+#eth0.2 by default
+
+LAN_IP6PREFIX=$(uci get network.lan.ip6prefix)
+#e.g. aaaa:bbbb:cccc:dddd::/64
+
+#LAN_ULA_PREFIX=$(uci get network.globals.ula_prefix)
+#e.g. ddc2:d512:65f5::/48
+
+PROBE=0
+
+COUNT=1
+
+while [ $PROBE -eq 0 ]
+do
+if [ $COUNT -gt $MAX_TRIES ]
+then
+logger -t NAT6 "No IPv6 route found (reached retry limit $MAX_TRIES times)" && exit 1
+fi
+sleep 5
+logger -t NAT6 "Probing IPv6 route ($COUNT time)"
+COUNT=$((COUNT+1))
+PROBE=$(route -A inet6 | grep -c '::/0')
+done
+
+#ip6tables -t nat -I POSTROUTING -s "$LAN_ULA_PREFIX" -o "$WAN6_INTERFACE" -j MASQUERADE
+ip6tables -t nat -I POSTROUTING -s "$LAN_IP6PREFIX" -o "$WAN6_INTERFACE" -j MASQUERADE
+
+#WAN6_GATEWAY=$(route -A inet6 -e | grep "$WAN6_INTERFACE" | awk '/::\/0/{print $2; exit}')
+#get gateway from routing table. !!!Caution!!! May not work !
+WAN6_GATEWAY=$(ifconfig eth0.2 | grep 'Global' | awk '{print $3}'| awk -F':' '{print $1":"$2":"$3":"$4"::1"}')
+#caculate gateway from wan ipv6
+#WAN6_GATEWAY=$(tracepath6 -n tv.byr.cn | grep ' 1: ' | awk 'NR==1 {print $2}')
+#opkg install iputils-tracepath6 . change tv.byr.cn for faster site. e.g. ipv6.bjtu.edu.cn
+
+#route -A inet6 add 2000::/3 gw "$WAN6_GATEWAY" dev "$WAN6_INTERFACE"
+route -A inet6 add default gw "$WAN6_GATEWAY" dev "$WAN6_INTERFACE"
+
+logger -t NAT6 "Done with IPv6 settings"
+
+

files/root/etc/init.d/mentohust

@@ -0,0 +1,49 @@
+#!/bin/sh /etc/rc.common
+#Author:KyleRicardo
+#Email:[email protected]
+
+START=65
+STOP=10
+
+start()
+{
+if [ $(uci get airwhu.@switch[0].enableauth) ] ;
+then
+	local Username=$(uci get airwhu.@auth[0].Username) 
+	local Password=$(uci get airwhu.@auth[0].Password) 
+	local ifname=$(uci get airwhu.@auth[0].ifname) 
+	local IP=$(uci get airwhu.@auth[0].IP) 
+	local Mask=$(uci get airwhu.@auth[0].Mask) 
+	local Gateway=$(uci get airwhu.@auth[0].Gateway) 
+	local DNS=$(uci get airwhu.@auth[0].DNS) 
+	local PingHost=$(uci get airwhu.@auth[0].PingHost) 
+	local Timeout=$(uci get airwhu.@auth[0].Timeout) 
+	local EchoInterval=$(uci get airwhu.@auth[0].EchoInterval) 
+	local RestartWait=$(uci get airwhu.@auth[0].RestartWait) 
+	local MaxFail=$(uci get airwhu.@auth[0].MaxFail) 
+	local StartMode=$(uci get airwhu.@auth[0].StartMode) 
+	local DHCPMode=$(uci get airwhu.@auth[0].DHCPMode) 
+	local DaemonMode=$(uci get airwhu.@auth[0].DaemonMode) 
+	local ShowNotify=$(uci get airwhu.@auth[0].ShowNotify) 
+	local Version=$(uci get airwhu.@auth[0].Version) 
+	local DataFile=$(uci get airwhu.@auth[0].DataFile) 
+	local DHCPScript=$(uci get airwhu.@auth[0].DHCPScript) 
+	mentohust -u$Username -p$Password -n$ifname -b$DaemonMode -a$StartMode -d$DaemonMode -c"$DHCPScript" -w>/dev/null 2>&1
+	#Temporarily designed only for whu. To be continued...
+else
+	stop
+fi
+
+}
+
+stop()
+{
+	sync
+	mentohust -k >/dev/null 2>&1
+}
+
+restart()
+{
+	stop
+	start
+}

files/root/usr/lib/lua/luci/controller/airwhu.lua

@@ -0,0 +1,5 @@
+module("luci.controller.airwhu", package.seeall)
+
+function index()
+        entry({"admin", "services", "AirWHU"}, cbi("airwhu"), _("AirWHU"), 100)
+        end

files/root/usr/lib/lua/luci/model/cbi/airwhu.lua

@@ -0,0 +1,120 @@
+--[[
+
+LuCI - Lua Configuration Interface
+LICENSE under GPLv3.
+Copyright 2017 KyleRicardo[W.B.L.E. TeAm] <[email protected]>
+
+]]
+--
+require("luci.sys")
+require("luci.tools.webadmin")
+
+local IsOnAir = (luci.sys.call("pidof mentohust > /dev/null") == 0)  
+if IsOnAir then      
+    state_msg = "<b><font color=\"green\">" .. translate("Running") .. "</font></b>"  
+else  
+    state_msg = "<b><font color=\"red\">" .. translate("Not Running") .. "</font></b>"  
+end  
+
+m = Map("airwhu", translate("AirWHU"), translate("Configure Ruijie 802.1X client with IPv6 NAT based on Masquerade.") .. "<br /><br />" .. translate("Status") .. " : " .. state_msg)
+
+s = m:section(TypedSection, "switch", translate("Global Switch"), translate("Configure global 802.1X Authentication and IPv6-NAT on-off."))
+s.addremove = false
+s.anonymous = true
+
+s:option(Flag, "enableauth", translate("Enable 802.1X Auth"), translate("Enable or disable Ruijie 802.1X authentication."))
+tmp = s:option(Flag, "startwithboot", translate("Start with boot"), translate("Start Ruijie 802.1X Authentication based on MentoHUST when the router is booting."))
+tmp:depends("enableauth","1")
+s:option(Flag, "enableipv6", translate("Enable IPv6 NAT"), translate("Enable IPv6 NAT pass-through based on ip6tables MASQUERADE."))
+
+s = m:section(TypedSection, "auth", translate("Config Authentication"), translate("The options below are all of MentoHUST's arguments."))
+s.anonymous = true
+s.addremove = false
+
+ur = s:option(Value, "Username", translate("Username"))
+ur.rmempty = false
+
+pw = s:option(Value, "Password", translate("Password"))
+pw.password = true
+pw.rmempty = false
+
+ifname = s:option(ListValue, "ifname", translate("Interfaces"))
+wan_dev = luci.sys.exec("uci get network.wan.ifname")
+for k, v in ipairs(luci.sys.net.devices()) do
+    if v == wan_dev then
+        ifname:value(v)
+    end
+end
+
+
+s:option(Value, "IP", translate("IP"), translate("default to localhost's IP")).default = "0.0.0.0"
+
+s:option(Value, "Mask", translate("Netmask"), translate("default to localhost's netmask")).default = "255.255.255.0"
+
+s:option(Value, "Gateway", translate("Gateway"), translate("default to 0.0.0.0")).default = "0.0.0.0"
+
+s:option(Value, "DNS", translate("DNS"), translate("default to 0.0.0.0")).default = "0.0.0.0"
+
+s:option(Value, "PingHost", translate("Ping host"), translate("default to 0.0.0.0,i.e. disable this function")).default = "0.0.0.0"
+
+s:option(Value, "Timeout", translate("Authenticate timeout(s)"), translate("default to 8s")).default = "8"
+
+s:option(Value, "EchoInterval", translate("Heartbeat timeout(s)"), translate("default to 30s")).default = "30"
+
+s:option(Value, "RestartWait", translate("Timeout on failure(s)"), translate("default to 15s")).default = "15"
+
+s:option(Value, "MaxFail", translate("Max failure times"), translate("0 means no limit,default to 8")).default = "8"
+
+t = s:option(ListValue, "StartMode", translate("mulcast address"), translate("default to 1"))
+t:value("0", translate("0(standard)"))
+t:value("1", translate("1(ruijjie)"))
+t:value("2", translate("2(saier)"))
+t.default = "1"
+
+t = s:option(ListValue, "DHCPMode", translate("DHCP type"), translate("default to 1"))
+t:value("0", translate("0(not in used)"))
+t:value("1", translate("1(secondary authenticate)"))
+t:value("2", translate("2(post authenticate)"))
+t:value("3", translate("3(pre authenticate)"))
+t.default = "1"
+
+t = s:option(ListValue, "DaemonMode", translate("run in daemon mode"), translate("default to 3"))
+t:value("0", translate("0(no)"))
+t:value("1", translate("1(yes,turn off output)"))
+t:value("2", translate("2(yes,persevere output)"))
+t:value("3", translate("3(yes,output to file)"))
+t.default = "3"
+
+s:option(Value, "ShowNotify", translate("display notification"), translate("0(no),1-20(yes),default to 0")).default = "0"
+
+s:option(Value, "Version", translate("client version"), translate("default to 0.00,compatible with xrgsu")).default = "0.00"
+
+tmp = s:option(Value, "DataFile", translate("customized data file"), translate("not in used by default"))
+tmp.optional = true
+tmp.rmempty = false
+
+script = s:option(Value, "DHCPScript", translate("DHCP script"), translate("use dhclient by default"))
+script.default = "udhcpc -i "..wan_dev
+
+local apply = luci.http.formvalue("cbi.apply")
+if apply then
+	if luci.sys.exec("uci get airwhu.@switch[0].enableauth") then
+		luci.sys.exec("/etc/init.d/mentohust restart")
+	else
+        	luci.sys.exec("/etc/init.d/mentohust stop")
+	end
+
+	if luci.sys.exec("uci get airwhu.@switch[0].startwithboot") then
+		luci.sys.exec("/etc/init.d/mentohust enable")
+	else
+        	luci.sys.exec("/etc/init.d/mentohust disable")
+	end
+
+	if luci.sys.exec("uci get airwhu.@switch[0].enableipv6") then
+		luci.sys.exec("sh /bin/ipv6masq.sh install")
+	else
+		luci.sys.exec("sh /bin/ipv6masq.sh uninstall")
+	end
+end
+
+return m