adding example runit-style service directory

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

examples/var_service/dhcp_if/convert2ipconf

@@ -0,0 +1,53 @@
+#!/bin/sh
+# convert:
+
+# dhcptype=5
+# serverid=172.16.42.102
+# lease=97200
+# interface=eth0
+# ip=172.16.42.177
+# subnet=255.255.255.0
+# mask=24
+# broadcast=172.16.22.255
+# router=172.16.42.98
+# dns=10.34.32.125 10.32.63.5 10.34.255.7 10.11.255.27
+# domain=lab.example.com example.com
+# ntpsrv=10.34.32.125 10.34.255.7
+
+# into:
+
+#let cfg=cfg+1
+#if[$cfg]=...; ip[$cfg]=...; ipmask[$cfg]=.../...; gw[$cfg]=...; net[$cfg]=... dns[$cfg]=...
+
+exec >"$0.out" 2>&1
+
+test "$interface" || exit 1
+test -f "$1" || exit 1
+
+# Unsafe, and does not handle values with spaces:
+#. "./$1" || exit 1
+# Safe(r) parsing:
+sq="'"
+while read line; do
+	#echo "line: $line"
+	# Skip empty lines and lines with single quotes
+	test "${line##*$sq*}" || continue
+	var="${line%%=*}"
+	val="${line#*=}"
+	#echo "var:$var val:'$val'"
+	eval "$var='$val'"
+done <"$1"
+
+{
+echo "let cfg=cfg+1"
+test "$interface" 	&& echo "if[\$cfg]='$interface'"
+test "$ip"		&& echo "ip[\$cfg]='$ip'"
+test "$ip" && test "$mask" \
+			&& echo "ipmask[\$cfg]='$ip/$mask'"
+test "$router"		&& echo "gw[\$cfg]='$router'"
+test "$dns"		&& echo "dns[\$cfg]='$dns'"
+# TODO: I never saw a dhcp server which correctly announces
+# which subnet(s) is/are available thru advertised router
+# Assume 0/0
+echo "net[\$cfg]='0/0'"
+} >"$2"

examples/var_service/dhcp_if/dhcp_handler

@@ -0,0 +1,82 @@
+#!/bin/sh
+# executed by udhcpc
+# parameters: $1 and environment
+#
+# $1 is:
+#
+# deconfig: This argument is used when udhcpc starts, and
+# when a lease is lost. The script should put the interface in an
+# up, but deconfigured state, ie: ifconfig $interface 0.0.0.0.
+# Environment: interface=ethN
+#
+# bound: This argument is used when udhcpc moves from an
+# unbound, to a bound state. All of the paramaters are set in
+# enviromental variables, The script should configure the interface,
+# and set any other relavent parameters (default gateway, dns server, etc).
+# Environment:
+# dhcptype=5
+# serverid=172.16.42.102
+# lease=97200
+# interface=eth0
+# ip=172.16.42.177
+# subnet=255.255.255.0
+# mask=24
+# broadcast=172.16.22.255
+# router=172.16.42.98
+# dns=10.34.32.125 10.32.63.5 10.34.255.7 10.11.255.27
+# domain=lab.example.com example.com
+# ntpsrv=10.34.32.125 10.34.255.7
+#
+# renew: This argument is used when a DHCP lease is renewed. All of
+# the paramaters are set in enviromental variables. This argument is
+# used when the interface is already configured, so the IP address,
+# will not change, however, the other DHCP paramaters, such as the
+# default gateway, subnet mask, and dns server may change.
+# Environment: same as for "bound".
+#
+# nak: This argument is used with udhcpc receives a NAK message.
+# The script with the deconfig argument will be called directly
+# afterwards, so no changes to the network interface are neccessary.
+# This hook is provided for purely informational purposes (the
+# message option may contain a reason for the NAK).
+# Environment: interface=ethN, serverid=IP_ADDR
+#
+# leasefail: called when lease cannot be obtained
+# (for example, when DHCP server is down).
+# Environment: interface=ethN
+
+# TODO: put domain into /etc/resolv.conf (thru /var/service/fw)
+# TODO: feed ntp IPs to /var/service/ntp
+
+service=`basename $PWD`
+outfile="$service.ipconf"
+dir="/var/run/service/fw"
+
+exec >>"$0.out" 2>&1
+
+echo "`date`: Params: $*"
+
+if test x"$1" != x"bound" && test x"$1" != x"renew" ; then
+	# Reconfigure network with this interface disabled
+	echo "Deconfiguring"
+	rm "$service.out"
+	rm "$outfile"
+	rm "$dir/$outfile"
+	sv u /var/service/fw
+	exit
+fi
+
+# Bound: we've got the lease
+
+# Process params
+env >"$service.out"
+./convert2ipconf "$service.out" "$outfile"
+
+# Reconfigure routing and firewall if needed
+diff --brief "$outfile" "$dir/$outfile" >/dev/null 2>&1
+if test "$?" != "0"; then
+	echo "Reconfiguring"
+	mkdir -p "$dir" 2>/dev/null
+	cp "$outfile" "$dir/$outfile"
+	sv u /var/service/fw
+fi

examples/var_service/dhcp_if/log/run

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+user=logger
+
+logdir="/var/log/service/`(cd ..;basename $PWD)`"
+mkdir -p "$logdir" 2>/dev/null
+chown -R "$user": "$logdir"
+chmod -R go-rwxst,u+rwX "$logdir"
+rm logdir
+ln -s "$logdir" logdir
+
+# make this dir accessible to logger
+chmod a+rX .
+
+exec >/dev/null
+exec 2>&1
+exec \
+env - PATH="$PATH" \
+softlimit \
+setuidgid "$user" \
+svlogd -tt "$logdir"

examples/var_service/dhcp_if/p_log

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+cd log/logdir || exit 1
+cat @* current | $PAGER

examples/var_service/dhcp_if/run

@@ -0,0 +1,23 @@
+#!/bin/sh
+
+exec 2>&1
+exec </dev/null
+
+pwd="$PWD"
+
+if="${PWD##*/dhcp_}"
+
+echo "* Upping iface $if"
+ip link set dev "$if" up
+
+echo "* Starting udhcpc"
+exec \
+env - PATH="$PATH" \
+softlimit \
+setuidgid root \
+udhcpc -vv \
+--hostname=null \
+--foreground \
+--interface="$if" \
+--pidfile="$pwd/udhcpc.pid" \
+--script="$pwd/dhcp_handler"

examples/var_service/dhcp_if/w_log

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+cd log/logdir || exit 1
+watch -n2 'w=`ttysize w`; h=`ttysize h`; tail -$((h-3)) current 2>&1 | cut -b0-$((w-2))'

examples/var_service/dhcp_if_pinger/run

@@ -0,0 +1,23 @@
+#!/bin/sh
+
+delay=67
+
+if=${PWD##*/dhcp_}
+if=${if%%_pinger}
+
+if test -f "$0.log"; then
+	tail -999 "$0.log" >"$0.log.new"
+	mv "$0.log.new" "$0.log"
+fi
+
+test -f "/var/service/dhcp_$if/dhcp_$if.out" || exec env - sleep "$delay"
+. "/var/service/dhcp_$if/dhcp_$if.out"
+test x"$router" != x"" || exec env - sleep "$delay"
+
+#echo "`date '+%Y-%m-%d %H:%M:%S'` Testing ping -c3 $router" >>"$0.log"
+ping -c3 "$router" && exec env - sleep "$delay"
+
+echo "`date '+%Y-%m-%d %H:%M:%S'` Restarting /var/service/dhcp_$if" >>"$0.log"
+sv t "/var/service/dhcp_$if"
+
+exec env - sleep "$delay"

examples/var_service/fw/conf/11.22.33.44.ipconf--

@@ -0,0 +1,10 @@
+#!/bin/sh
+# If we have simple static address...
+#
+let cfg=cfg+1
+if[$cfg]=if
+ip[$cfg]=11.22.33.44
+ipmask[$cfg]=11.22.33.44/24
+gw[$cfg]=11.22.33.1
+net[$cfg]=0/0
+dns[$cfg]='11.22.33.2 11.22.33.3'

examples/var_service/fw/conf/192.168.0.1.ipconf

@@ -0,0 +1,11 @@
+#!/bin/sh
+# A small network with no routers
+# (maybe *we* are their router)
+#
+let cfg=cfg+1
+if[$cfg]=if
+ip[$cfg]=192.168.0.1
+ipmask[$cfg]=192.168.0.1/24
+### gw[$cfg]=
+### net[$cfg]=0/0
+### dns[$cfg]=''

examples/var_service/fw/conf/lo.ipconf

@@ -0,0 +1,10 @@
+#!/bin/bash
+# Mostly redundant except when you need dns[]=your_static_dns_srv
+#
+let cfg=cfg+1
+if[$cfg]=lo
+ip[$cfg]=127.0.0.1
+ipmask[$cfg]=127.0.0.1/8
+gw[$cfg]=''
+net[$cfg]=''
+#dns[$cfg]=127.0.0.1

examples/var_service/fw/etc/hosts

@@ -0,0 +1,21 @@
+#!/bin/sh
+echo "\
+# This file is automagically regenerated
+# Note! /etc/nsswitch.conf may override this!
+
+# For loopbacking
+127.0.0.1 localhost
+
+# Our local IPs"
+
+hostname=`hostname`
+test "$hostname" || hostname=localhost
+domain=`(. /boot.conf; echo "$DNSDOMAINNAME")`
+test "$domain" && hostname="$hostname $hostname.$domain"
+
+ip -o a l \
+| grep -F 'inet ' \
+| sed -e 's/^.*inet //' -e 's:[ /].*$: '"$hostname"':'
+
+echo
+echo "# End of /etc/hosts"

examples/var_service/fw/etc/resolv.conf

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+domain=`(. /boot.conf; echo "$DNSDOMAINNAME") 2>/dev/null`
+
+echo "# This file is automagically regenerated with each boot"
+echo
+test "$domain" && echo "domain $domain"
+test "$domain" && echo "search $domain"
+echo
+echo "# Note that nslookup can choke on DNS server which itself"
+echo "# does NOT have domain name. Other things can work fine."
+echo
+# # If we run DNS cache:
+# echo "nameserver 127.0.0.1"
+# exit
+
+prio=0
+i=0; while test "${if[$i]}"; do
+    test x"${dns_prio[$i]}" != x"" \
+    && test "${dns_prio[$i]}" -gt "$prio" \
+    && prio="${dns_prio[$i]}"
+let i++; done
+
+i=0; while test "${if[$i]}"; do
+    for d in ${dns[$i]}; do
+	p="${dns_prio[$i]}"
+	test x"$p" == x"" && p=0
+	test x"$p" == x"$prio" || continue
+	echo "nameserver $d"
+    done
+let i++; done

examples/var_service/fw/run

@@ -0,0 +1,211 @@
+#!/bin/bash
+# (using bashisms: "function", arrays)
+
+user=root
+extif=if
+ext_open_tcp="21 22 80" # space-separated
+
+# Make ourself one-shot
+sv o .
+# Debug
+#date '+%Y-%m-%d %H:%M:%S' >>"$0.log"
+
+service=`basename "$PWD"`
+rundir="/var/run/service/$service"
+
+### filter This is the default table (if no -t option is passed).  It contains
+###        the  built-in chains INPUT (for packets coming into the box itself),
+###        FORWARD (for packets being routed through the box), and OUTPUT (for
+###        locally-generated packets).
+###
+### nat    This table is consulted when a packet that creates a new connection
+###        is encountered.  It consists of three built-ins: PREROUTING (for
+###        altering packets as soon as they come in), OUTPUT (for altering
+###        locally-generated packets before routing), and POSTROUTING (for
+###        altering packets as they are about to go out).
+###
+### mangle It had two built-in chains: PREROUTING (for altering incoming
+###        packets before routing) and OUTPUT (for altering locally-generated
+###        packets before routing).  Recently three other built-in
+###        chains are added: INPUT (for packets coming into the box
+###        itself), FORWARD (for altering packets being routed through the
+###        box), and POSTROUTING (for altering packets as they are about to go
+###        out).
+###
+###       ...iface...                              ...iface...
+###          |                                        ^
+###          v                                        |
+### -mangle,NAT-               -mangle,filter-   -mangle,NAT--
+### |PREROUTING|-->[Routing]-->|FORWARD      |-->|POSTROUTING|
+### ------------    |    ^     ---------------   -------------
+###                 |    |                           ^
+###                 |    +--if NATed------------+    |
+###                 v                           |    |
+###      -mangle,filter-                -mangle,NAT,filter-
+###      |INPUT        |  +->[Routing]->|OUTPUT           |
+###      ---------------  |             -------------------
+###                 |     |
+###                 v     |
+###         ... Local Process...
+
+doit() {
+    echo "# $*"
+    "$@"
+}
+
+#exec >/dev/null
+exec >"$0.out"
+exec 2>&1
+exec </dev/null
+
+umask 077
+
+# Make sure rundir/ exists
+mkdir -p "$rundir" 2>/dev/null
+chown -R "$user:" "$rundir"
+chmod -R a=rX "$rundir"
+rm -rf rundir 2>/dev/null
+ln -s "$rundir" rundir
+
+# Timestamping
+date '+%Y-%m-%d %H:%M:%S'
+
+
+echo; echo "* Reading IP config"
+cfg=-1
+#             static cfg    dhcp,zeroconf etc
+for ipconf in conf/*.ipconf "$rundir"/*.ipconf; do
+	if test -f "$ipconf"; then
+		echo "+ $ipconf"
+		. "$ipconf"
+	fi
+done
+
+echo; echo "* Configuring hardware"
+#doit ethtool -s if autoneg off speed 100 duplex full
+#doit ethtool -K if rx off tx off sg off tso off
+
+echo; echo "* Resetting address and routing info"
+doit ip a f dev lo
+i=0; while test "${if[$i]}"; do
+    doit ip a f dev "${if[$i]}"
+    doit ip r f dev "${if[$i]}" root 0/0
+let i++; done
+
+echo; echo "* Configuring addresses"
+doit ip a a dev lo 127.0.0.1/8 scope host
+doit ip a a dev lo ::1/128 scope host
+i=0; while test "${if[$i]}"; do
+    if test "${ipmask[$i]}"; then
+        doit ip a a dev "${if[$i]}" "${ipmask[$i]}" brd +
+        doit ip l set dev "${if[$i]}" up
+    fi
+let i++; done
+
+echo; echo "* Configuring routes"
+i=0; while test "${if[$i]}"; do
+    if test "${net[$i]}" && test "${gw[$i]}"; then
+        doit ip r a "${net[$i]}" via "${gw[$i]}"
+    fi
+let i++; done
+
+echo; echo "* Recreating /etc/* files reflecting new network configuration:"
+for i in etc/*; do
+	n=`basename "$i"`
+	echo "+ $n"
+	(. "$i") >"/etc/$n"
+	chmod 644 "/etc/$n"
+done
+
+
+# Usage: new_chain <chain> [<table>]
+new_chain() {
+	local t=""
+	test x"$2" != x"" && t="-t $2"
+	doit iptables $t -N $1
+	ipt="iptables $t -A $1"
+}
+
+echo; echo "* Reset iptables"
+doit iptables           --flush
+doit iptables           --delete-chain
+doit iptables           --zero
+doit iptables -t nat    --flush
+doit iptables -t nat    --delete-chain
+doit iptables -t nat    --zero
+doit iptables -t mangle --flush
+doit iptables -t mangle --delete-chain
+doit iptables -t mangle --zero
+
+echo; echo "* Configure iptables"
+doit modprobe nf_nat_ftp
+doit modprobe nf_nat_tftp
+doit modprobe nf_conntrack_ftp
+doit modprobe nf_conntrack_tftp
+
+#       *** nat ***
+#       INCOMING TRAFFIC
+ipt="iptables -t nat -A PREROUTING"
+# nothing here
+
+#       LOCALLY ORIGINATED TRAFFIC
+ipt="iptables -t nat -A OUTPUT"
+# nothing here
+
+#       OUTGOING TRAFFIC
+ipt="iptables -t nat -A POSTROUTING"
+# Masquerade boxes on my private net
+doit $ipt -s 192.168.0.0/24 -o $extif -j MASQUERADE
+
+#       *** mangle ***
+### DEBUG
+### ipt="iptables -t mangle -A PREROUTING"
+### doit $ipt -s 192.168.0.0/24 -j RETURN
+### ipt="iptables -t mangle -A FORWARD"
+### doit $ipt -s 192.168.0.0/24 -j RETURN
+### ipt="iptables -t mangle -A POSTROUTING"
+### doit $ipt -s 192.168.0.0/24 -j RETURN
+# nothing here
+
+#       *** filter ***
+#
+new_chain iext filter
+#doit $ipt -s 203.177.104.72 -j DROP	# Some idiot probes my ssh
+#doit $ipt -d 203.177.104.72 -j DROP	# Some idiot probes my ssh
+doit $ipt -m state --state ESTABLISHED,RELATED -j RETURN  # FTP data etc is ok
+if test "$ext_open_tcp"; then
+	portlist="${ext_open_tcp// /,}"
+	doit $ipt -p tcp -m multiport --dports $portlist -j RETURN
+fi
+doit $ipt -p tcp -j REJECT	# Anything else isn't ok. REJECT = irc opens faster
+				# (it probes proxy ports, DROP will incur timeout delays)
+ipt="iptables -t filter -A INPUT"
+doit $ipt -i $extif -j iext
+
+
+echo; echo "* Enabling forwarding"
+echo 1 >/proc/sys/net/ipv4/ip_forward
+echo "/proc/sys/net/ipv4/ip_forward: `cat /proc/sys/net/ipv4/ip_forward`"
+
+
+# Signal everybody that firewall is up
+date '+%Y-%m-%d %H:%M:%S' >"$rundir/up"
+
+# Ok, spew out gobs of info and disable ourself
+echo; echo "* IP:"
+ip a l
+echo; echo "* Routing:"
+ip r l
+echo; echo "* Firewall:"
+{
+echo '---FILTER--';
+iptables -v -L -x -n;
+echo '---NAT-----';
+iptables -t nat -v -L -x -n;
+echo '---MANGLE--';
+iptables -t mangle -v -L -x -n;
+} \
+| grep -v '^$' | grep -Fv 'bytes target'
+echo
+
+echo "* End of firewall configuration"

examples/var_service/fw/stat

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+echo; echo "* Firewall:"
+{
+echo '---FILTER--';
+iptables -v -L -x -n;
+echo '---NAT-----';
+iptables -t nat -v -L -x -n;
+echo '---MANGLE--';
+iptables -t mangle -v -L -x -n;
+} \
+| grep -v '^$' | grep -Fv 'bytes target' | $PAGER

examples/var_service/ifplugd_if/ifplugd_handler

@@ -0,0 +1,15 @@
+#!/bin/sh
+# parameters:
+# $1: interface
+# $2: state
+
+if test -d "/var/service/dhcp_$1"; then
+	if test x"$2" = x"down"; then
+		echo "Downing /var/service/dhcp_$1"
+		sv d "/var/service/dhcp_$1"
+	fi
+	if test x"$2" = x"up"; then
+		echo "Upping /var/service/dhcp_$1"
+		sv u "/var/service/dhcp_$1"
+	fi
+fi

examples/var_service/ifplugd_if/log/run

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+user=logger
+
+logdir="/var/log/service/`(cd ..;basename $PWD)`"
+mkdir -p "$logdir" 2>/dev/null
+chown -R "$user": "$logdir"
+chmod -R go-rwxst,u+rwX "$logdir"
+rm logdir
+ln -s "$logdir" logdir
+
+# make this dir accessible to logger
+chmod a+rX .
+
+exec >/dev/null
+exec 2>&1
+exec \
+env - PATH="$PATH" \
+softlimit \
+setuidgid "$user" \
+svlogd -tt "$logdir"

examples/var_service/ifplugd_if/p_log

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+cd log/logdir || exit 1
+cat @* current | $PAGER

examples/var_service/ifplugd_if/run

@@ -0,0 +1,32 @@
+#!/bin/sh
+
+exec 2>&1
+exec </dev/null
+
+pwd="$PWD"
+
+if="${PWD##*/ifplugd_}"
+
+echo "* Starting ifplugd [$$]"
+exec \
+env - PATH="$PATH" \
+softlimit \
+setuidgid root \
+ifplugd -apq -n -s -i "$if" -r "$pwd/ifplugd_handler"
+
+#-n       Do not daemonize
+#-s       Do not log to syslog
+#-i IFACE Interface
+#-f/-F    Treat link detection error as link down/link up (otherwise exit on error)
+#-a       Do not up interface automatically
+#-M       Monitor creation/destruction of interface (otherwise it must exist)
+#-r PROG  Script to run
+#-x ARG   Extra argument for script
+#-I       Dont exit on nonzero exit code from script
+#-p       Dont run script on daemon startup
+#-q       Dont run script on daemon quit
+#-l       Run script on startup even if no cable is detected
+#-t SECS  Poll time in seconds
+#-u SECS  Delay before running script after link up
+#-d SECS  Delay after link down
+#-m MODE  API mode (mii, priv, ethtool, wlan, auto)

examples/var_service/ifplugd_if/w_log

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+cd log/logdir || exit 1
+watch -n2 'w=`ttysize w`; h=`ttysize h`; tail -$((h-3)) current 2>&1 | cut -b0-$((w-2))'

examples/var_service/nmeter/run

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+# Since per-process /proc/net/ (-> /proc/self/net/) appeared,
+# we need to be root
+user=root
+tty="/dev/tty9"
+
+chmod -R a+X . # or else env will moan
+chown $user: $tty # devfs made happy
+
+cmd="nmeter '%t %c x %x p%p f %f b %b m %m if%[nif]'"
+
+exec >/dev/null
+exec 2>&1
+exec </dev/null
+
+eval exec \
+setuidgid "$user" \
+env - PATH="$PATH" \
+<"$tty" >"$tty" 2>&1 \
+$cmd