add various scripts to not lose them

doc/common_requirements.md

@@ -1,4 +1,4 @@
 Debian packages:
 ```
-apt-get install git cmake build-essential python3-dev python3-wheel python3-pip python3-build python3-yaml python3-toml python3-psutil python3-aiohttp python3-requests python3-apscheduler python3-smbus
+apt-get install git cmake build-essential python3-dev python3-wheel python3-pip python3-build python3-yaml python3-toml python3-psutil python3-aiohttp python3-requests python3-apscheduler python3-smbus traceroute tcpdump
 ```

misc/openwrt/etc/hotplug.d/iface/99-ifup

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+tables="mts-azov rt-azov mts-il"
+net=
+
+case "$ACTION" in
+	ifup)
+		case "$INTERFACE" in
+			eth2)
+				net=192.168.7
+				;;
+			eth3)
+				net=192.168.8
+				;;
+		esac
+		if [ -z "$net" ]; then exit; fi
+		for t in $tables; do
+			ip r add ${net}.0/24 via ${net}.1 table $t
+		done
+		;;
+esac

misc/openwrt/etc/rc.local

@@ -0,0 +1,70 @@
+# Put your custom commands here that should be executed once
+# the system init finished. By default this file does nothing.
+
+TABLES="mts-azov rt-azov mts-il"
+
+# create ip sets
+for _table in $TABLES; do
+	ipset create $_table hash:net
+done
+
+# add untrusted cameras set
+ipset create ipcam hash:net
+for addr in $(seq 21 69); do
+	ipset add ipcam 192.168.5.${addr}
+done
+
+sleep 0.1
+
+# block internet access for untrusted cameras
+iptables -I FORWARD 1 -m set --match-set ipcam src ! -d 192.168.5.0 -j REJECT
+
+# add some default routing rules
+ipset add mts-azov 192.168.5.0/24 # everybody
+ipset add mts-azov 192.168.5.163  # cs1
+ipset add mts-azov 192.168.5.212  # cs2
+ipset add mts-azov 192.168.5.161  # cs3
+
+ipset add rt-azov  192.168.5.133  # roof2
+ipset add rt-azov  192.168.5.115  # room
+ipset add rt-azov  192.168.5.170  # room
+
+ipset add mts-il   192.168.5.120  # inv
+ipset add mts-il   192.168.5.223  # inv
+ipset add mts-il   192.168.5.143  # roof1
+
+# create rules
+ip rule add fwmark 100 table mts-azov
+ip rule add fwmark 101 table rt-azov
+ip rule add fwmark 102 table mts-il
+
+# set default route for each custom routing table
+ip route add default via 192.168.7.1 table mts-azov
+ip route add default via 192.168.8.1 table rt-azov
+ip route add default via 192.168.88.1 table mts-il # via mikrotik
+
+# fix local routes
+for _table in $TABLES; do
+	ip route add 192.168.5.0/24 via 192.168.5.1 table $_table
+	ip route add 192.168.6.0/24 via 192.168.88.1 table $_table
+	ip route add 192.168.7.0/24 via 192.168.7.1 table $_table
+	ip route add 192.168.8.0/24 via 192.168.8.1 table $_table
+	ip route add 192.168.88.0/24 via 192.168.88.1 table $_table
+done
+
+# iptables rules (see also /etc/firewall.user)
+sleep 0.5
+
+# pass already-marked packets
+iptables -t mangle -A PREROUTING -m mark ! --mark 0x0 -j ACCEPT
+
+iptables -t mangle -A PREROUTING -m set --match-set mts-azov src -j MARK --set-mark 0x64
+iptables -t mangle -A OUTPUT -m set --match-set mts-azov src -j MARK --set-mark 0x64
+
+iptables -t mangle -A PREROUTING -m set --match-set mts-il src -j MARK --set-mark 0x66
+iptables -t mangle -A OUTPUT -m set --match-set mts-il src -j MARK --set-mark 0x66
+
+iptables -t mangle -A PREROUTING -m set --match-set rt-azov src -j MARK --set-mark 0x65
+iptables -t mangle -A OUTPUT -m set --match-set rt-azov src -j MARK --set-mark 0x65
+
+exit 0

misc/scripts/ipcam_capture_restart.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+for f in $(ls /etc/ipcam_capture.conf.d/ | xargs); do
+        camera="${f/.conf/}"
+        echo "restarting $camera"
+        systemctl restart ipcam_capture@${camera}
+done

misc/scripts/ipcam_rtsp2hls_restart.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+cd /etc/ipcam_rtsp2hls.conf.d/
+for f in *-low.conf; do
+        f=${f/-low.conf/}
+        echo "restarting $f"
+        systemctl restart ipcam_rtsp2hls@${f}
+        systemctl restart ipcam_rtsp2hls@${f}-low
+done

misc/scripts/make_netns_per_upstream.sh

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+set -x
+set -e
+
+get_default_iface() {
+	ip -4 r show default | awk '{print $5}'
+}
+
+declare -A UPSTREAMS=(
+	[mtsil]=102
+	[mtsazov]=100
+	[rtazov]=101
+)
+
+for name in "${!UPSTREAMS[@]}"; do
+	mark=${UPSTREAMS[$name]}
+	veth_addr=10.${mark}.1.1
+	vpeer_addr=10.${mark}.1.2
+	veth_if=veth${name}
+	vpeer_if=vpeer${name}
+
+	ip netns add $name
+	ip link add $veth_if type veth peer name $vpeer_if
+	ip link set $vpeer_if netns $name
+	ip addr add $veth_addr/24 dev $veth_if
+	ip link set $veth_if up
+
+	ip netns exec $name ip addr add $vpeer_addr/24 dev $vpeer_if
+	ip netns exec $name ip link set $vpeer_if up
+	ip netns exec $name ip link set lo up
+	ip netns exec $name ip route add default via $veth_addr
+
+	iptables -t mangle -A PREROUTING -s $vpeer_addr/24 -j MARK --set-mark $mark
+	iptables -t nat -A POSTROUTING -s $vpeer_addr/24 -o "$(get_default_iface)" -j MASQUERADE
+done
+
+sysctl net.ipv4.ip_forward=1

systemd/ipcam_capture@.service

@@ -4,12 +4,12 @@ After=network-online.target
 
 [Service]
 Restart=always
+RestartSec=3
 User=user
 Group=user
 EnvironmentFile=/etc/ipcam_capture.conf.d/%i.conf
 ExecStart=/home/user/homekit/tools/ipcam_capture.sh --outdir $OUTDIR --creds $CREDS --ip $IP --port $PORT $ARGS
 Restart=always
-RestartSec=2
 
 [Install]
 WantedBy=multi-user.target

systemd/ipcam_rtsp2hls@.service

@@ -4,6 +4,7 @@ After=network-online.target
 
 [Service]
 Restart=always
+RestartSec=3
 User=user
 Group=user
 EnvironmentFile=/etc/ipcam_rtsp2hls.conf.d/%i.conf

systemd/ipcam_server.service

@@ -5,7 +5,8 @@ After=network-online.target
 [Service]
 User=user
 Group=user
-Restart=on-failure
+Restart=always
+RestartSec=10
 ExecStart=/home/user/homekit/src/ipcam_server.py
 WorkingDirectory=/home/user