From 86b522d3dd832f52fe0968b86d511ce257ed261f Mon Sep 17 00:00:00 2001 From: Jeongik Cha Date: Mon, 6 Dec 2021 12:27:49 +0000 Subject: OpenWrt network interface for wifi 1. Declare network interface for wifi 2. extract config files per config Test: atest android.app.cts.DownloadManagerTest#testDownloadManagerSupportsHttpWithExternalWebServer Bug: 191348818 Bug: 207732192 Bug: 208339539 Change-Id: I5a97ecfe12a024a99d836514790825059e1e0001 --- x86/Android.bp | 5 +- x86/config/dhcp | 46 +++++++++++ x86/config/firewall | 159 ++++++++++++++++++++++++++++++++++++++ x86/config/network | 28 +++++++ x86/config/wireless | 14 ++++ x86/uci-defaults/0_default_config | 3 + x86/uci-defaults/0_network_config | 36 --------- 7 files changed, 254 insertions(+), 37 deletions(-) create mode 100644 x86/config/dhcp create mode 100644 x86/config/firewall create mode 100644 x86/config/network create mode 100644 x86/config/wireless create mode 100644 x86/uci-defaults/0_default_config delete mode 100644 x86/uci-defaults/0_network_config diff --git a/x86/Android.bp b/x86/Android.bp index 0385e1c..a477379 100644 --- a/x86/Android.bp +++ b/x86/Android.bp @@ -20,14 +20,17 @@ genrule { "kmods/*", "packages/*", "uci-defaults/*", + "config/*", ], out: ["customization.img"], cmd: "mkdir -p $(genDir)/root/upper/etc/uci-defaults && " + "mkdir -p $(genDir)/root/upper/ipks && " + + "mkdir -p $(genDir)/root/upper/etc/config && " + "cp $(in) $(genDir)/ && " + "mv $(genDir)/*.ipk $(genDir)/root/upper/ipks && " + "mv $(genDir)/LICENSE $(genDir)/HOW_TO_GET_SOURCE_CODE $(genDir)/root/upper && " + - "mv $(genDir)/0_network_config $(genDir)/root/upper/etc/uci-defaults && " + + "mv $(genDir)/0_default_config $(genDir)/root/upper/etc/uci-defaults && " + + "find $(genDir) -maxdepth 1 -type f -exec mv {} $(genDir)/root/upper/etc/config \\; && " + "ln -s 2 $(genDir)/root/.fs_state && " + "truncate -s 128M $(out) && " + "$(location make_f2fs) $(out) && " + diff --git a/x86/config/dhcp b/x86/config/dhcp new file mode 100644 index 0000000..e93f8f6 --- /dev/null +++ b/x86/config/dhcp @@ -0,0 +1,46 @@ +config dnsmasq + option domainneeded '1' + option boguspriv '1' + option filterwin2k '0' + option localise_queries '1' + option rebind_protection '1' + option rebind_localhost '1' + option local '/lan/' + option domain 'lan' + option expandhosts '1' + option nonegcache '0' + option authoritative '1' + option readethers '1' + option leasefile '/tmp/dhcp.leases' + option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto' + option nonwildcard '1' + option localservice '1' + option ednspacket_max '1232' + +config dhcp 'lan' + option interface 'lan' + option start '100' + option limit '150' + option leasetime '12h' + option dhcpv4 'server' + option dhcpv6 'server' + option ra 'server' + option ra_slaac '1' + list ra_flags 'managed-config' + list ra_flags 'other-config' + +config dhcp 'wan' + option interface 'wan' + option ignore '1' + +config odhcpd 'odhcpd' + option maindhcp '0' + option leasefile '/tmp/hosts/odhcpd' + option leasetrigger '/usr/sbin/odhcpd-update' + option loglevel '4' + +config 'dhcp' 'wifi' + option 'interface' 'wifi' + option 'start' '100' + option 'limit' '150' + option 'leasetime' '12h' diff --git a/x86/config/firewall b/x86/config/firewall new file mode 100644 index 0000000..8c936ed --- /dev/null +++ b/x86/config/firewall @@ -0,0 +1,159 @@ +config defaults + option syn_flood '1' + option input 'ACCEPT' + option output 'ACCEPT' + option forward 'REJECT' + +config zone + option name wifi + list network 'wifi' + option input ACCEPT + option output ACCEPT + option forward REJECT + +config 'forwarding' + option 'src' 'wifi' + option 'dest' 'wan' + + +config zone + option name 'lan' + list network 'lan' + option input 'ACCEPT' + option output 'ACCEPT' + option forward 'ACCEPT' + +config zone + option name 'wan' + list network 'wan' + list network 'wan6' + option input 'REJECT' + option output 'ACCEPT' + option forward 'REJECT' + option masq '1' + option mtu_fix '1' + +config forwarding + option src 'lan' + option dest 'wan' + +config rule + option name 'Allow-DHCP-Renew' + option src 'wan' + option proto 'udp' + option dest_port '68' + option target 'ACCEPT' + option family 'ipv4' + +config rule + option name 'Allow-Ping' + option src 'wan' + option proto 'icmp' + option icmp_type 'echo-request' + option family 'ipv4' + option target 'ACCEPT' + +config rule + option name 'Allow-IGMP' + option src 'wan' + option proto 'igmp' + option family 'ipv4' + option target 'ACCEPT' + +config rule + option name 'Allow-DHCPv6' + option src 'wan' + option proto 'udp' + option src_ip 'fc00::/6' + option dest_ip 'fc00::/6' + option dest_port '546' + option family 'ipv6' + option target 'ACCEPT' + +config rule + option name 'Allow-MLD' + option src 'wan' + option proto 'icmp' + option src_ip 'fe80::/10' + list icmp_type '130/0' + list icmp_type '131/0' + list icmp_type '132/0' + list icmp_type '143/0' + option family 'ipv6' + option target 'ACCEPT' + +config rule + option name 'Allow-ICMPv6-Input' + option src 'wan' + option proto 'icmp' + list icmp_type 'echo-request' + list icmp_type 'echo-reply' + list icmp_type 'destination-unreachable' + list icmp_type 'packet-too-big' + list icmp_type 'time-exceeded' + list icmp_type 'bad-header' + list icmp_type 'unknown-header-type' + list icmp_type 'router-solicitation' + list icmp_type 'neighbour-solicitation' + list icmp_type 'router-advertisement' + list icmp_type 'neighbour-advertisement' + option limit '1000/sec' + option family 'ipv6' + option target 'ACCEPT' + +config rule + option name 'Allow-ICMPv6-Forward' + option src 'wan' + option dest '*' + option proto 'icmp' + list icmp_type 'echo-request' + list icmp_type 'echo-reply' + list icmp_type 'destination-unreachable' + list icmp_type 'packet-too-big' + list icmp_type 'time-exceeded' + list icmp_type 'bad-header' + list icmp_type 'unknown-header-type' + option limit '1000/sec' + option family 'ipv6' + option target 'ACCEPT' + +config rule + option name 'Allow-IPSec-ESP' + option src 'wan' + option dest 'lan' + option proto 'esp' + option target 'ACCEPT' + +config rule + option name 'Allow-ISAKMP' + option src 'wan' + option dest 'lan' + option dest_port '500' + option proto 'udp' + option target 'ACCEPT' + +config rule + option name 'Support-UDP-Traceroute' + option src 'wan' + option dest_port '33434:33689' + option proto 'udp' + option family 'ipv4' + option target 'REJECT' + option enabled 'false' + +config include + option path '/etc/firewall.user' + +config rule + option name 'Allow SSH' + option src 'wan' + option target 'ACCEPT' + option proto 'tcp' + option dest_port '22' + +config rule + option name 'Allow LuCI' + option src 'wan' + option target 'ACCEPT' + option proto 'tcp' + option dest_port '80 443' diff --git a/x86/config/network b/x86/config/network new file mode 100644 index 0000000..e342f53 --- /dev/null +++ b/x86/config/network @@ -0,0 +1,28 @@ +config interface 'loopback' + option device 'lo' + option proto 'static' + option ipaddr '127.0.0.1' + option netmask '255.0.0.0' + +config globals 'globals' + option ula_prefix 'fd72:5afb:a7cf::/48' + +config device + option name 'br-lan' + option type 'bridge' + list ports 'eth0' + +config interface 'wan' + option device 'br-lan' + option proto 'static' + option netmask '255.255.255.0' + option ipaddr '192.168.96.2' + option ip6assign '30' + option gateway '192.168.96.1' + option dns '8.8.8.8' + option broadcast '192.168.96.3' + +config 'interface' 'wifi' + option 'proto' 'static' + option 'ipaddr' '192.168.2.1' + option 'netmask' '255.255.255.0' diff --git a/x86/config/wireless b/x86/config/wireless new file mode 100644 index 0000000..aadcb99 --- /dev/null +++ b/x86/config/wireless @@ -0,0 +1,14 @@ +config wifi-device 'radio0' + option type 'mac80211' + option channel '36' + option hwmode '11a' + option path 'virtual/mac80211_hwsim/hwsim0' + option htmode 'VHT80' + option disabled '0' + +config wifi-iface 'default_radio0' + option device 'radio0' + option mode 'ap' + option encryption 'none' + option network 'wifi' + option ssid 'VirtWifi' diff --git a/x86/uci-defaults/0_default_config b/x86/uci-defaults/0_default_config new file mode 100644 index 0000000..ff068df --- /dev/null +++ b/x86/uci-defaults/0_default_config @@ -0,0 +1,3 @@ +#!/bin/sh +opkg install /ipks/* +ip link set eth0 mtu 1460 diff --git a/x86/uci-defaults/0_network_config b/x86/uci-defaults/0_network_config deleted file mode 100644 index f2c1e7f..0000000 --- a/x86/uci-defaults/0_network_config +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -opkg install /ipks/* - -# The script below should be run after uci for wireless is available. -while ! (uci show wireless | grep wireless) ; do sleep 1; echo "wait for wlan" > /dev/kmsg; done - -uci -q batch << EOI -rename network.lan='wan' -set network.wan.proto='static' -set network.wan.ipaddr='192.168.96.2' -set network.wan.netmask='255.255.255.0' -set network.wan.ip6assign='30' -set network.wan.gateway='192.168.96.1' -set network.wan.dns='8.8.8.8' -set network.wan.broadcast='192.168.96.3' -commit network -set wireless.radio0.disabled='0' -set wireless.default_radio0.network='wan' -set wireless.default_radio0.ssid='VirtWifi' -commit wireless -add firewall rule -set firewall.@rule[-1].name='Allow SSH' -set firewall.@rule[-1].src=wan -set firewall.@rule[-1].target=ACCEPT -set firewall.@rule[-1].proto=tcp -set firewall.@rule[-1].dest_port=22 -add firewall rule -set firewall.@rule[-1].name='Allow LuCI' -set firewall.@rule[-1].src=wan -set firewall.@rule[-1].target=ACCEPT -set firewall.@rule[-1].proto=tcp -set firewall.@rule[-1].dest_port='80 443' -commit firewall -EOI -/etc/init.d/firewall restart - -- cgit v1.2.3