This page describes how specific features are implemented in the new node firmware.
OpenWRT stores its config in
/etc/config/ in UCI format.
SOWN packages also store config in this location and format wherever possible.
Config for daemons is usually converted to a config file, or to command line arguments, by the OpenWRT
/etc/init.d/ scripts. These config files usually end up in
/var/run/ which is mapped to a directory in
System config updating
System config updating is performed by individual scripts in
UCI config updating
Scripts generally call
update_config to check for new versions of a UCI config file.
NB: the magic parameters
__VERSION__ are replaced with the package name and version at package build time for easier maintenance.
update_config returns 0 if there was an update to the config file, and 1 on error or no update.
NB: Un-parsable config files will be reverted by
update_config and result in an error code.
Scripts then use this return code to determine when to restart services.
Non-UCI config updating
Under the hood
download_package_uri to download files.
The caller of
download_package_uri is responsible for handling the file retrieved.
download_package_uri will return 0 on success, 1 on HTTP 304 Not Modified and 1 on error.
download_package_uri can be passed extra curl config lines which can be used to specify last-modified times, or etag hashes.
credentials update script uses this to download an archive containing the client public and private keys, and the
HTTP requests to auth are to URLs of the following form:
https://sown-auth.ecs.soton.ac.uk/pkg/config/backfire/ is read from the
/etc/config/sown_core config file.
On Auth, package config generation functions live in
Requests for these first pass through the request controller in
kohana/application/classes/controller/package/config/backfire.php which handles request version numbers, client identity and request permission logic.
The URL is mapped through a rewrite in
pkg/.htaccess and the
package_config route in
Automatic system config updating
Enabled config updating scripts are symlinked in
These scripts are invoked by
/usr/sbin/update_sown_config, which is invoked by crontab when auth is reachable.
Available crontabs are found in
Currently enabled crontabs are symlinked in
/tmp/sown/crontabs/current, this directory is populated at boot from
The rationale for this is that dynamic changes to the crontab will not require changes to the flash memory.
The sown functions file (
/etc/sown/functions.sh) contains three functions for managing the crontabs.
- enable_crontab and disable_crontab
- Updates the symlinks in
/tmp/sown/crontabs/current. Returns 0 on a change, 1 otherwise.
- Installs a new crontab if changes from the running crontab are detected.
This may be used most effectively for single crontab changes as follows:
enable_crontab my_crontab && update_crontabs
For multiple changes, either do the overall change detection manually, or do this:
enable_crontab my_crontab1 enable_crontab my_crontab2 update_crontabs
update_crontabs will MD5 the crontabs anyway, so it may be considered safe.
Server status check
The server status checker lives in
/usr/sbin/server_status_check. It pings the sown core servers on their different IP addresses to determine the state of the network.
Currently it is designed to trigger the following event scripts:
Event scripts live in
The sown tunnel is maintained by the
The maintainer script is started periodically by crontab, and by hotplug as soon as eth0 comes up (see
If it is already running, the script will not start a second instance.
The maintainer waits until the VPN server is reachable before starting OpenVPN. If sufficient servers are reachable, the script will not start OpenVPN.
Openvpn triggers the following event scripts:
Logging is implemented through syslog-ng.
The OpenWRT syslog package design is not very well engineered, so syslog-ng cannot replace it fully out of the box.
postinst script we remove the busybox symlinks for syslogd and klogd, and add in a script to start syslog-ng.
This ensures that OpenWRT starts syslog-ng as early as possible.
prerm package script reinstates the altered links.
The configuration options for a node to log to our VPN servers are currently commented out.
For development there's a hacked-together circular logging script which logs 150-200 lines to
This should be replaced by a better compiled binary utility if there is one available.
when auth becomes reachable then start offering eduroam
when auth becomes unreachable and no clients are using eduroam then switch eduroam to hidden
if eth0 comes up and it's configured to a static IP after X seconds if auth has never been reachable then revert to DHCP