hhf/pfatt
1
0
Fork 0
Code Issues 26 Pull requests Projects Releases Packages Wiki Activity Actions

Start splitting supplicant logic

Browse source
This commit is contained in:
James Gilliland 2022-03-12 16:13:13 -06:00
parent 7c6fac34a0
commit 09a00a2594
6 changed files with 200 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/Commands/GenDuid.php
View file

@ -61,7 +61,7 @@ final class GenDuid extends Command
return implode(':', $bytes);
}
private function getInstructions($id): string
private function getInstructions(string $id): string
{
return <<<EOF

56
src/Commands/Startup.php
View file

@ -8,6 +8,7 @@ use Pfatt\Service\Config;
use Pfatt\Service\IfConfig;
use Pfatt\Service\KldLoad;
use Pfatt\Service\NgCtl;
use Pfatt\Service\WpaCli;
use Psr\Log\LoggerInterface;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputInterface;
@ -18,18 +19,20 @@ final class Startup extends Command
{
protected static $defaultName = 'startup';
protected static $defaultDescription = 'Start netgraph connetion';
protected Config $config;
protected LoggerInterface $logger;
protected NgCtl $ngControl;
private Config $config;
private LoggerInterface $logger;
private NgCtl $ngControl;
private IfConfig $ifConfig;
private KldLoad $kldLoad;
private WpaCli $wpaCli;
public function __construct(
Config $config,
LoggerInterface $logger,
NgCtl $ngControl,
IfConfig $ifConfig,
KldLoad $kldLoad
KldLoad $kldLoad,
WpaCli $wpaCli
) {
parent::__construct('startup');
$this->config = $config;
@ -37,6 +40,7 @@ final class Startup extends Command
$this->ngControl = $ngControl;
$this->ifConfig = $ifConfig;
$this->kldLoad = $kldLoad;
$this->wpaCli = $wpaCli;
}
/**
@ -74,6 +78,19 @@ final class Startup extends Command
$this->logger->info('OK!');
break;
}
if ($this->config->getAuthMode() === 'bridge') {
$this->setupBridge();
}
else {
$this->setupSupplicant();
}
$this->logger->info("ngeth0 should now be available to configure as your pfSense WAN");
$this->logger->info("Done");
return Command::SUCCESS;
}
private function setupBridge(): void
{
$this->ngControl->createBridge(
$this->config->getOntInterface(),
$this->config->getRgInterface(),
@ -83,9 +100,34 @@ final class Startup extends Command
$this->config->getOntInterface(),
$this->config->getRgInterface()
);
$this->logger->info("ngeth0 should now be available to configure as your pfSense WAN");
$this->logger->info("Done");
return Command::SUCCESS;
}
private function setupSupplicant(): void
{
$this->ngControl->setupWpaSupplicant(
$this->config->getOntInterface(),
$this->config->getRgInterface(),
$this->config->getRgEthernetMac()
);
$this->ifConfig->start(
$this->config->getOntInterface()
);
// @todo startup wpa_supplicant
$this->wpaCli->configureSupplicant($this->config->getRgEthernetMac());
// TODO do supplicant things. So many things.
$this->logger->notice('Waiting for EAP authorization...');
while ($this->wpaCli->status() !== 'Authorized') {
sleep(1);
}
$this->logger->notice('EAP authorization completed');
$ip = $this->ifConfig->getIp('ngeth0');
if ($ip === '0.0.0.0') {
// @todo restart DHCP?
// Is this really necessary or dhcpd resolve resolve itself?
}
$this->logger->info('IP address is ' . $ip);
$this->logger->info('ngeth0 should now be available to configure as your WAN');
}
/**

11
src/Service/Config.php
View file

@ -71,4 +71,15 @@ class Config
{
return $this->rgEthernetMac;
}
/**
* Get authorization mode.
*
* @return string
*/
public function getAuthMode(): string
{
// @todo detect the variant to trigger different behaviors.
return 'bridge';
}
}

37
src/Service/IfConfig.php
View file

@ -16,24 +16,15 @@ class IfConfig
$this->logger = $logger;
}
public function start(string $ont, string $rg): void
public function start(string ...$interfaces): void
{
$this->logger->info(" enabling $rg interface...");
$this->exec([$rg, 'up']);
$this->logger->info('OK!');
$this->logger->info(" enabling $ont interface...");
$this->exec([$ont, 'up"']);
$this->logger->info('OK!');
$this->logger->info(" enabling promiscuous mode on $rg...");
$this->exec([$rg, 'promisc']);
$this->logger->info('OK!');
$this->logger->info(" enabling promiscuous mode on $ont...");
$this->exec([$ont, 'promisc']);
foreach ($interfaces as $interface) {
$this->logger->info(" enabling $interface interface...");
$this->exec([$interface, 'up']);
$this->exec([$interface, 'promisc']);
$this->logger->info('OK!');
}
}
public function stop(string $ont, string $rg): void
{
@ -49,9 +40,21 @@ class IfConfig
* @return bool
* True on success, false on failure.
*/
private function exec(array $args): bool
private function exec(array $args, ?callable $callback = null): bool
{
$process = new Process(['/sbin/ifconfig', ...$args], '/tmp');
return !$process->run();
return !$process->run($callback);
}
public function getIp(string $interface): string
{
$ip = '';
$this->exec([$interface], function (string $type, string $buffer) use (&$ip) {
if ($type === Process::OUT
&& str_contains($buffer, 'inet ')) {
[, $ip] = explode(' ', $buffer);
}
});
return $ip;
}
}

52
src/Service/NgCtl.php
View file

@ -4,11 +4,10 @@ declare(strict_types=1);
namespace Pfatt\Service;
use Psr\Log\LoggerAwareInterface;
use Psr\Log\LoggerInterface;
use Symfony\Component\Process\Process;
class NgCtl implements LoggerAwareInterface
class NgCtl
{
private LoggerInterface $logger;
@ -42,7 +41,13 @@ class NgCtl implements LoggerAwareInterface
public function ngConnect(): void
{
$this->logger->info('Connecting netgraph node ...');
$this->exec(['connect', 'waneapfilter:', 'laneapfilter:', 'eapout', 'eapout']) ?
$this->exec([
'connect',
'waneapfilter:',
'laneapfilter:',
'eapout',
'eapout'
]) ?
$this->logger->info('OK!') :
$this->logger->error('ERROR!');
}
@ -56,7 +61,6 @@ class NgCtl implements LoggerAwareInterface
* Residential Gateway network connection interface.
* @param string $rgMac
* Residential Gateway MAC address.
* @return void
*/
public function createBridge(string $ont, string $rg, string $rgMac): void
{
@ -140,6 +144,14 @@ class NgCtl implements LoggerAwareInterface
$this->logger->info('OK!');
}
/**
* Remove nodes.
*
* @param string $ont
* ONT network connection interface.
* @param string $rg
* Residential Gateway network connection interface.
*/
public function removeNodes(string $ont, string $rg): void
{
$this->exec(['shutdown', 'waneapfilter:']);
@ -151,6 +163,30 @@ class NgCtl implements LoggerAwareInterface
$this->exec(['shutdown', 'ngeth0:']);
}
/**
* Setup connections fo WPA supplicant.
*
* @param string $ont
* ONT network connection interface.
* @param string $rg
* Residential Gateway network connection interface.
* @param string $rgMac
* Residential Gateway MAC address.
*/
public function setupWpaSupplicant(
string $ont,
string $rg,
string $rgMac
): void {
$this->logger->info('Creating vlan node and ngeth0 interface.');
$this->exec(['mkpeer', $ont . ':', 'vlan', 'lower', 'donstream']);
$this->exec(['name', $ont . ':lower', 'vlan0']);
$this->exec(['mkpeer', 'vlan0:', 'eiface', 'vlan0', 'ether']);
$this->exec(['msg vlan: \'addfilter { vlan=0 hook="vlan0" }']);
$this->exec(['msg', 'ngeth0:', 'set', $rgMac]);
$this->logger->info('OK!');
}
/**
* Run a ngctl command.
*
@ -165,12 +201,4 @@ class NgCtl implements LoggerAwareInterface
$process = new Process(['/usr/sbin/ngctl', ...$args], '/tmp');
return !$process->run();
}
/**
* {@inheritDoc}
*/
public function setLogger(LoggerInterface $logger): void
{
$this->logger = $logger;
}
}

78
src/Service/WpaCli.php Normal file
View file

@ -0,0 +1,78 @@
<?php
namespace Pfatt\Service;
use Symfony\Component\Process\Process;
class WpaCli
{
const CA_LOCATION = '/conf/pfatt/wpa/ca.pem';
const CLIENT_CERT_LOCATION = '/conf/pfatt/wpa/client.pem';
const PRIVATE_KEY_LOCATION = '/conf/pfatt/wpa/private.pem';
/**
* Setup configuration of wpa_supplicant.
*
* @param string $rgMac
* Residential Gateway MAC address.
*/
public function configureSupplicant(string $rgMac): void
{
$this->exec(['set', 'eapol_version', '2']);
$this->exec(['set', 'fast_reauth', '1']);
$this->exec(['ap_scan', '0']);
$this->exec(['add_network']);
$this->exec([
'set_network',
'0',
'ca_cert',
'"' . self::CA_LOCATION . '"'
]);
$this->exec([
'set_network',
'0',
'client_cert',
'"' . self::CLIENT_CERT_LOCATION . '"'
]);
$this->exec(['set_network', '0', 'eap', 'TLS']);
$this->exec(['set_network', '0', 'eapol_flags', '0']);
$this->exec(['set_network', '0', 'identity', '"' . $rgMac . '"']);
$this->exec(['set_network', '0', 'key_mgmt', 'IEEE8021X']);
$this->exec(['set_network', '0', 'phase1', '"allow_canned_success=1"']);
$this->exec([
'set_network',
'0',
'private_key',
'"' . self::PRIVATE_KEY_LOCATION . '"'
]);
$this->exec(['enable_network', '0']);
}
public function status(): string
{
$status = '';
$this->exec(['status'],
function (string $type, string $buffer) use (&$status) {
if ($type === Process::OUT
&& str_contains($buffer, 'suppPortStatus')) {
[, $status] = explode('=', $buffer);
}
});
return $status;
}
/**
* Run a wpa_cli command.
*
* @param array<int, string> $args
* Additional arguments to pass to ngctl.
*
* @return bool
* True on success, false on failure.
*/
private function exec(array $args, ?callable $callback = null): bool
{
$process = new Process(['/usr/sbin/wpa_cli', ...$args], '/tmp');
return !$process->run($callback);
}
}