diff options
Diffstat (limited to 'misc')
| -rw-r--r-- | misc/openwrt/etc/hotplug.d/iface/99-ifup | 21 | ||||
| -rw-r--r-- | misc/openwrt/etc/rc.local | 70 | ||||
| -rw-r--r-- | misc/openwrt/root/bin/setup-routing.sh (renamed from misc/openwrt/setup-routing.sh) | 0 | ||||
| -rw-r--r-- | misc/scripts/ipcam_capture_restart.sh | 7 | ||||
| -rw-r--r-- | misc/scripts/ipcam_rtsp2hls_restart.sh | 8 | ||||
| -rw-r--r-- | misc/scripts/make_netns_per_upstream.sh | 38 |
6 files changed, 144 insertions, 0 deletions
diff --git a/misc/openwrt/etc/hotplug.d/iface/99-ifup b/misc/openwrt/etc/hotplug.d/iface/99-ifup new file mode 100644 index 0000000..e3562cd --- /dev/null +++ b/misc/openwrt/etc/hotplug.d/iface/99-ifup @@ -0,0 +1,21 @@ +#!/bin/sh + +tables="mts-azov rt-azov mts-il" +net= + +case "$ACTION" in + ifup) + case "$INTERFACE" in + eth2) + net=192.168.7 + ;; + eth3) + net=192.168.8 + ;; + esac + if [ -z "$net" ]; then exit; fi + for t in $tables; do + ip r add ${net}.0/24 via ${net}.1 table $t + done + ;; +esac
\ No newline at end of file diff --git a/misc/openwrt/etc/rc.local b/misc/openwrt/etc/rc.local new file mode 100644 index 0000000..407d1eb --- /dev/null +++ b/misc/openwrt/etc/rc.local @@ -0,0 +1,70 @@ +# Put your custom commands here that should be executed once +# the system init finished. By default this file does nothing. + +TABLES="mts-azov rt-azov mts-il" + +# create ip sets +for _table in $TABLES; do + ipset create $_table hash:net +done + +# add untrusted cameras set +ipset create ipcam hash:net +for addr in $(seq 21 69); do + ipset add ipcam 192.168.5.${addr} +done + +sleep 0.1 + +# block internet access for untrusted cameras +iptables -I FORWARD 1 -m set --match-set ipcam src ! -d 192.168.5.0 -j REJECT + +# add some default routing rules +ipset add mts-azov 192.168.5.0/24 # everybody +ipset add mts-azov 192.168.5.163 # cs1 +ipset add mts-azov 192.168.5.212 # cs2 +ipset add mts-azov 192.168.5.161 # cs3 + +ipset add rt-azov 192.168.5.133 # roof2 +ipset add rt-azov 192.168.5.115 # room +ipset add rt-azov 192.168.5.170 # room + +ipset add mts-il 192.168.5.120 # inv +ipset add mts-il 192.168.5.223 # inv +ipset add mts-il 192.168.5.143 # roof1 + +# create rules +ip rule add fwmark 100 table mts-azov +ip rule add fwmark 101 table rt-azov +ip rule add fwmark 102 table mts-il + +# set default route for each custom routing table +ip route add default via 192.168.7.1 table mts-azov +ip route add default via 192.168.8.1 table rt-azov +ip route add default via 192.168.88.1 table mts-il # via mikrotik + +# fix local routes +for _table in $TABLES; do + ip route add 192.168.5.0/24 via 192.168.5.1 table $_table + ip route add 192.168.6.0/24 via 192.168.88.1 table $_table + ip route add 192.168.7.0/24 via 192.168.7.1 table $_table + ip route add 192.168.8.0/24 via 192.168.8.1 table $_table + ip route add 192.168.88.0/24 via 192.168.88.1 table $_table +done + +# iptables rules (see also /etc/firewall.user) +sleep 0.5 + +# pass already-marked packets +iptables -t mangle -A PREROUTING -m mark ! --mark 0x0 -j ACCEPT + +iptables -t mangle -A PREROUTING -m set --match-set mts-azov src -j MARK --set-mark 0x64 +iptables -t mangle -A OUTPUT -m set --match-set mts-azov src -j MARK --set-mark 0x64 + +iptables -t mangle -A PREROUTING -m set --match-set mts-il src -j MARK --set-mark 0x66 +iptables -t mangle -A OUTPUT -m set --match-set mts-il src -j MARK --set-mark 0x66 + +iptables -t mangle -A PREROUTING -m set --match-set rt-azov src -j MARK --set-mark 0x65 +iptables -t mangle -A OUTPUT -m set --match-set rt-azov src -j MARK --set-mark 0x65 + +exit 0 diff --git a/misc/openwrt/setup-routing.sh b/misc/openwrt/root/bin/setup-routing.sh index b384541..b384541 100644 --- a/misc/openwrt/setup-routing.sh +++ b/misc/openwrt/root/bin/setup-routing.sh diff --git a/misc/scripts/ipcam_capture_restart.sh b/misc/scripts/ipcam_capture_restart.sh new file mode 100644 index 0000000..85144da --- /dev/null +++ b/misc/scripts/ipcam_capture_restart.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +for f in $(ls /etc/ipcam_capture.conf.d/ | xargs); do + camera="${f/.conf/}" + echo "restarting $camera" + systemctl restart ipcam_capture@${camera} +done
\ No newline at end of file diff --git a/misc/scripts/ipcam_rtsp2hls_restart.sh b/misc/scripts/ipcam_rtsp2hls_restart.sh new file mode 100644 index 0000000..61ee623 --- /dev/null +++ b/misc/scripts/ipcam_rtsp2hls_restart.sh @@ -0,0 +1,8 @@ +#!/bin/bash +cd /etc/ipcam_rtsp2hls.conf.d/ +for f in *-low.conf; do + f=${f/-low.conf/} + echo "restarting $f" + systemctl restart ipcam_rtsp2hls@${f} + systemctl restart ipcam_rtsp2hls@${f}-low +done diff --git a/misc/scripts/make_netns_per_upstream.sh b/misc/scripts/make_netns_per_upstream.sh new file mode 100644 index 0000000..fb152fa --- /dev/null +++ b/misc/scripts/make_netns_per_upstream.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +set -x +set -e + +get_default_iface() { + ip -4 r show default | awk '{print $5}' +} + +declare -A UPSTREAMS=( + [mtsil]=102 + [mtsazov]=100 + [rtazov]=101 +) + +for name in "${!UPSTREAMS[@]}"; do + mark=${UPSTREAMS[$name]} + veth_addr=10.${mark}.1.1 + vpeer_addr=10.${mark}.1.2 + veth_if=veth${name} + vpeer_if=vpeer${name} + + ip netns add $name + ip link add $veth_if type veth peer name $vpeer_if + ip link set $vpeer_if netns $name + ip addr add $veth_addr/24 dev $veth_if + ip link set $veth_if up + + ip netns exec $name ip addr add $vpeer_addr/24 dev $vpeer_if + ip netns exec $name ip link set $vpeer_if up + ip netns exec $name ip link set lo up + ip netns exec $name ip route add default via $veth_addr + + iptables -t mangle -A PREROUTING -s $vpeer_addr/24 -j MARK --set-mark $mark + iptables -t nat -A POSTROUTING -s $vpeer_addr/24 -o "$(get_default_iface)" -j MASQUERADE +done + +sysctl net.ipv4.ip_forward=1 |