Implement a forwarding service.

- Add the `forwarding` system service (script + OpenRC support).
- Enable support for UDP ports for `socat`.
- Adjust UDS pass-through to avoid conflicts with forwarding.
- Update documentation.

Requested by:	Universal Devices

8 files changed, 169 insertions, 9 deletions

diff --git a/aports/forwarding/APKBUILD b/aports/forwarding/APKBUILD
new file mode 100644
index 0000000..f735cf4
--- /dev/null
+++ b/aports/forwarding/APKBUILD
@@ -0,0 +1,26 @@
+# Maintainer: Gabor Pali <pali.gabor@gmail.com>
+
+pkgname=forwarding
+pkgver=0.1.0
+pkgrel=0
+pkgdesc="Forwarding management service for Wifibox"
+url="https://github.com/pgj/freebsd-wifibox-alpine"
+arch="all"
+license="BSD2"
+depends="socat"
+install=""
+subpackages=
+options="!check"
+arch="noarch"
+source="forwarding.initd
+	forwarding
+"
+
+package() {
+	install -D -m755 "$srcdir"/forwarding.initd "$pkgdir"/etc/init.d/forwarding
+	install -D -m755 "$srcdir"/forwarding "$pkgdir"/sbin/forwarding
+}
+sha512sums="
+4df2661906f5f1c3bc93ef29f2e9265e5391ae1a24a990e7bf70b4687b65cfae5afe4be481214e9fa2646137b37c9fe688074d0e4ebe1c2a5a73a3ec8fbb0098  forwarding.initd
+ffc13f4384e896e59c695826a659e5ab5df06e08a0b418e67cebf0fe43ac22dfb57489031db7e9bef4465cd6f6cdf188606ad2b02c945acfcd1911fd21ee4a1e  forwarding
+"
diff --git a/aports/forwarding/forwarding b/aports/forwarding/forwarding
new file mode 100644
index 0000000..be1fc64
--- /dev/null
+++ b/aports/forwarding/forwarding
@@ -0,0 +1,65 @@
+#!/bin/sh
+# shellcheck disable=SC2034,SC3043,SC3060
+
+log() {
+    local _level="$1"
+    local _message="$2"
+
+    /usr/bin/logger -p "daemon.${_level}" -t "forwarding[$$]" "${_message}"
+}
+
+capture_output() {
+    local _type="$1"
+    local _id="$2"
+
+    while read -r message; do
+	log "${_type}" "[${_id}] ${message}"
+    done
+}
+
+_block=
+
+terminate() {
+    local _sleep
+
+    if [ -n "${_block}" ]; then
+	log info "Received signal for termination, stopping PID ${_block}."
+	/bin/kill -KILL "${_block}"
+	log debug "Killed: $?"
+	_sleep=$(/bin/ps -o ppid,comm,pid \
+		     | /bin/grep -F "1 sleep" \
+		     | /usr/bin/head -1 \
+		     | /bin/sed "s@[ ]*1[ ]*sleep[ ]*@@")
+	log info "Stopping the orphaned sleep as PID ${_sleep}."
+	/bin/kill -KILL "${_sleep}"
+	log debug "Killed: $?"
+    else
+	log warn "Nothing is blocked, nothing to do."
+    fi
+}
+
+trap terminate TERM
+
+while read -r _line; do
+    _parameters=$(echo "${_line}" | /bin/sed '/^[[:blank:]]*#/d;s/#.*//')
+
+    [ -z "${_parameters}" ] && continue
+
+    log info "Launching socat with parameters: [${_parameters}]"
+    /usr/bin/socat ${_parameters} 2>&1 \
+	| capture_output debug socat &
+done < /media/etc/forwarding.conf
+
+(while /bin/true; do /bin/sleep 365d; done) &
+_block=$!
+
+log info "Waiting for PID ${_block} to stop."
+wait "${_block}"
+
+_socats=$(/usr/bin/pgrep -P $$ socat)
+log info "Stopping, own socat processes: [${_socats}]"
+
+# shellcheck disable=SC2086
+[ -n "${_socats}" ] && /bin/kill -TERM ${_socats}
+
+log info "Finished."
diff --git a/aports/forwarding/forwarding.initd b/aports/forwarding/forwarding.initd
new file mode 100644
index 0000000..fd63aa0
--- /dev/null
+++ b/aports/forwarding/forwarding.initd
@@ -0,0 +1,13 @@
+#!/sbin/openrc-run
+
+supervisor=supervise-daemon
+name="Forwarding service"
+description="Forwarding support"
+
+command=/sbin/forwarding
+command_background=true
+
+depend() {
+	need net
+	after firewall
+}
diff --git a/aports/socat/APKBUILD b/aports/socat/APKBUILD
index c3f567b..1966d19 100644
--- a/aports/socat/APKBUILD
+++ b/aports/socat/APKBUILD
@@ -2,7 +2,7 @@
 
 pkgname=socat
 pkgver=1.7.4.3
-pkgrel=0 # base: 0
+pkgrel=1 # base: 0
 pkgdesc="Multipurpose relay for binary protocols"
 options="!check"
 url="http://www.dest-unreach.org/socat/"
@@ -34,7 +34,6 @@ build() {
 		--disable-rawip \
 		--disable-genericsocket \
 		--disable-interface \
-		--disable-udp \
 		--disable-sctp \
 		--disable-vsock \
 		--disable-socks4 \
diff --git a/aports/uds_passthru/APKBUILD b/aports/uds_passthru/APKBUILD
index 41cfa4d..1fd7d07 100644
--- a/aports/uds_passthru/APKBUILD
+++ b/aports/uds_passthru/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Gabor Pali <pali.gabor@gmail.com>
 
 pkgname=uds_passthru
-pkgver=0.1.0
+pkgver=0.1.1
 pkgrel=0
 pkgdesc="Unix Domain Socket pass-through for Wifibox"
 url="https://github.com/pgj/freebsd-wifibox-alpine"
@@ -22,5 +22,5 @@ package() {
 }
 sha512sums="
 efb66ffbfde79321b534c8427bbb77bbb298175fb30be8c79f21e091ed3b942d8260020996e15d62ada60de778d38d5352f4f323bd7023672b4b778e4ef1318f  uds_passthru.initd
-bc83be88e395dd73d1ba5e65d23dde045918b763b1562b3ebd17beb35e3599ca44f78dd6a732815fd6aecb0e6f8ae97ea70ef359620bf14c9ffbe88c5005ad00  uds_passthru
+7c04a8b4b39b15d18f3708144ab76c30bc50b8b4747546d7ba6123801f3ef7a6cf71644ddfb636209c5b9e9de60f442ea807205773e54ab8fdf3c3eccfcd237e  uds_passthru
 "
diff --git a/aports/uds_passthru/uds_passthru b/aports/uds_passthru/uds_passthru
index 95e0931..ba26b78 100644
--- a/aports/uds_passthru/uds_passthru
+++ b/aports/uds_passthru/uds_passthru
@@ -104,8 +104,8 @@ _block=$!
 log info "Waiting for PID ${_block} to stop."
 wait "${_block}"
 
-_socats=$(/usr/bin/pgrep socat)
-log info "Stopping, socat processes: [${_socats}]"
+_socats=$(/usr/bin/pgrep -P $$ socat)
+log info "Stopping, own socat processes: [${_socats}]"
 
 # shellcheck disable=SC2086
 [ -n "${_socats}" ] && /bin/kill -TERM ${_socats}
diff --git a/etc/optional/forwarding/appliance/forwarding.conf.sample b/etc/optional/forwarding/appliance/forwarding.conf.sample
new file mode 100644
index 0000000..4a16606
--- /dev/null
+++ b/etc/optional/forwarding/appliance/forwarding.conf.sample
@@ -0,0 +1,9 @@
+# With the help of this configuration file, forwarding of traffic
+# between the different networks could be implemented via socat(1).
+# It should hold the parameters to be passed for socat(1), consult its
+# manual page for the details.
+#
+# Example configurations:
+#
+# UDP4-RECV:11223,broadcast,reuseaddr UDP4:10.0.0.2:11223
+# UDP-LISTEN:11224,broadcast,fork,reuseaddr UDP:10.0.0.2:11224
diff --git a/man/wifibox-alpine.5 b/man/wifibox-alpine.5
index 6cb02d5..2e892d7 100644
--- a/man/wifibox-alpine.5
+++ b/man/wifibox-alpine.5
@@ -1,4 +1,4 @@
-.Dd November 3, 2022
+.Dd November 29, 2022
 .Dt WIFIBOX-ALPINE 5
 .Os
 .Sh NAME
@@ -62,6 +62,11 @@ mdnsd:
 .ft B
 https://opensource.apple.com/source/mDNSResponder/
 .ft R
+.It
+socat:
+.ft B
+http://www.dest-unreach.org/socat/
+.ft R
 .El
 .Sh IMPLEMENTATION
 The guest is created with a
@@ -92,8 +97,11 @@ for connecting to wireless networks, or
 for creating wireless access points, depending how it was built.  In
 addition to that,
 .Sy mdnsd
-could be deployed to handle multicast DNS requests.  Each
-application-specific detail is going to be included below.
+could be deployed to handle multicast DNS requests, and
+.Sy forwarding
+could be configured to pass traffic between originally isolated inner
+and outer networks, such as UDP broadcasts.  Each application-specific
+detail is going to be included below.
 .Pp
 For the ease of management, the host shares configuration files with
 the services that are responsible for implementing the domain logic.
@@ -111,6 +119,15 @@ system for the same purpose, and their Linux version is utilized here
 to make it possible to reuse the configuration files of the same
 format from the host.
 .It
+.Sy forwarding
+works with the
+.Pa appliance/forwarding.conf
+file.  It uses the syntax of the
+.Sy socat
+address specifications but it is limited to work with UDP and TCP
+ports only.  Note that this is optional component, and its presence
+depends on the configuration of the guest image.
+.It
 .Sy hostname
 sets the hostname on boot from the
 .Pa applicance/hostname
@@ -198,6 +215,11 @@ directory where the
 are hooked up in the system in the following ways.
 .Bl -bullet
 .It
+.Pa /media/etc/forwarding.conf
+is used directly from this location by
+.Sy forwarding ,
+when it is configured to use.
+.It
 .Pa /media/etc/hostname
 is mapped to
 .Pa /etc/hostname
@@ -359,6 +381,32 @@ The file exported this way could be then used as the main
 configuration by moving it to the location from where the
 .Pa /media/etc
 directory is mounted.
+.Sh DEALING WITH UDP PACKETS
+By design, UDP packets are not meant to passed between the
+.Sy eth0
+and
+.Sy wlan0
+interfaces which may cause certain application fail to work.  A
+possible way to address this shortcoming is to deploy the proper
+handlers to the user space and configure
+.Sy iptables
+to use them.  This can be requested by the
+.Sy RETURN
+target, which can be inserted in the
+.Sy PREROUTING
+chain for the NAT rules.  For example, in case of
+.Sy mdnsd ,
+the packet filtering rules have to explicitly be configured to pass
+every UDP packet on port 5353 to the application for further
+processing.
+.Bd -literal -offset indent
+-A PREROUTING -p udp --dport 5353 -j RETURN
+.Ed
+.Pp
+For other similar uses, the
+.Sy forwarding
+service can be set up and the ports that are forwarded that way could
+be linked to the network packet filtering logic in the same manner.
 .Sh WIRELESS DIAGNOSTICS
 Details of wireless configuration can be learned through the use of
 the