Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>master
parent
4856fa30a6
commit
633cac0cb4
@ -0,0 +1,43 @@ |
|||||||
|
include $(TOPDIR)/rules.mk |
||||||
|
|
||||||
|
PKG_NAME:=464xlat
|
||||||
|
PKG_VERSION:=11
|
||||||
|
|
||||||
|
PKG_SOURCE_DATE:=2018-01-16
|
||||||
|
PKG_MAINTAINER:=Hans Dedecker <dedeckeh@gmail.com>
|
||||||
|
PKG_LICENSE:=GPL-2.0
|
||||||
|
|
||||||
|
include $(INCLUDE_DIR)/package.mk |
||||||
|
|
||||||
|
define Package/464xlat |
||||||
|
SECTION:=net
|
||||||
|
CATEGORY:=Network
|
||||||
|
DEPENDS:=@IPV6 +kmod-nat46 +ip
|
||||||
|
TITLE:=464xlat CLAT support
|
||||||
|
endef |
||||||
|
|
||||||
|
define Build/Prepare |
||||||
|
$(call Build/Prepare/Default)
|
||||||
|
$(CP) ./src/* $(PKG_BUILD_DIR)/
|
||||||
|
endef |
||||||
|
|
||||||
|
define Build/Compile |
||||||
|
$(MAKE) -C $(PKG_BUILD_DIR) \
|
||||||
|
CC="$(TARGET_CC)" \
|
||||||
|
CFLAGS="$(TARGET_CFLAGS) -Wall" \
|
||||||
|
LDFLAGS="$(TARGET_LDFLAGS)"
|
||||||
|
endef |
||||||
|
|
||||||
|
define Package/464xlat/description |
||||||
|
464xlat provides support to deploy limited IPv4 access services to mobile
|
||||||
|
and wireline IPv6-only edge networks without encapsulation (RFC6877)
|
||||||
|
endef |
||||||
|
|
||||||
|
define Package/464xlat/install |
||||||
|
$(INSTALL_DIR) $(1)/lib/netifd/proto
|
||||||
|
$(INSTALL_BIN) ./files/464xlat.sh $(1)/lib/netifd/proto/464xlat.sh
|
||||||
|
$(INSTALL_DIR) $(1)/sbin
|
||||||
|
$(INSTALL_BIN) $(PKG_BUILD_DIR)/464xlatcfg $(1)/sbin
|
||||||
|
endef |
||||||
|
|
||||||
|
$(eval $(call BuildPackage,464xlat)) |
@ -0,0 +1,111 @@ |
|||||||
|
#!/bin/sh |
||||||
|
# 464xlat.sh - 464xlat CLAT |
||||||
|
# |
||||||
|
# Copyright (c) 2015 Steven Barth <cyrus@openwrt.org> |
||||||
|
# |
||||||
|
# This program is free software; you can redistribute it and/or modify |
||||||
|
# it under the terms of the GNU General Public License version 2 |
||||||
|
# as published by the Free Software Foundation |
||||||
|
# |
||||||
|
# This program is distributed in the hope that it will be useful, |
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||||
|
# GNU General Public License for more details. |
||||||
|
|
||||||
|
[ -n "$INCLUDE_ONLY" ] || { |
||||||
|
. /lib/functions.sh |
||||||
|
. /lib/functions/network.sh |
||||||
|
. ../netifd-proto.sh |
||||||
|
init_proto "$@" |
||||||
|
} |
||||||
|
|
||||||
|
proto_464xlat_setup() { |
||||||
|
local cfg="$1" |
||||||
|
local iface="$2" |
||||||
|
local link="464-$cfg" |
||||||
|
|
||||||
|
local ip6addr ip6prefix tunlink zone |
||||||
|
json_get_vars ip6addr ip6prefix tunlink zone |
||||||
|
|
||||||
|
[ -z "$zone" ] && zone="wan" |
||||||
|
|
||||||
|
( proto_add_host_dependency "$cfg" "::" "$tunlink" ) |
||||||
|
|
||||||
|
if [ -z "$tunlink" ] && ! network_find_wan6 tunlink; then |
||||||
|
proto_notify_error "$cfg" "NO_WAN_LINK" |
||||||
|
return |
||||||
|
fi |
||||||
|
network_get_device tundev "$tunlink" |
||||||
|
|
||||||
|
ip6addr=$(464xlatcfg "$link" "$tundev" "$ip6prefix" 192.0.0.1 $ip6addr) |
||||||
|
if [ -z "$ip6addr" ]; then |
||||||
|
proto_notify_error "$cfg" "CLAT_CONFIG_FAILED" |
||||||
|
return |
||||||
|
fi |
||||||
|
|
||||||
|
ip -6 rule del from all lookup local |
||||||
|
ip -6 rule add from all lookup local pref 1 |
||||||
|
ip -6 rule add to $ip6addr lookup prelocal pref 0 |
||||||
|
echo "$ip6addr" > /tmp/464-$cfg-anycast |
||||||
|
|
||||||
|
proto_init_update "$link" 1 |
||||||
|
proto_add_ipv4_route "0.0.0.0" 0 "" "" 2048 |
||||||
|
proto_add_ipv6_route $ip6addr 128 "" "" "" "" 128 |
||||||
|
|
||||||
|
proto_add_data |
||||||
|
[ "$zone" != "-" ] && json_add_string zone "$zone" |
||||||
|
|
||||||
|
json_add_array firewall |
||||||
|
json_add_object "" |
||||||
|
json_add_string type nat |
||||||
|
json_add_string target SNAT |
||||||
|
json_add_string family inet |
||||||
|
json_add_string snat_ip 192.0.0.1 |
||||||
|
json_close_object |
||||||
|
json_add_object "" |
||||||
|
json_add_string type rule |
||||||
|
json_add_string family inet6 |
||||||
|
json_add_string proto all |
||||||
|
json_add_string direction in |
||||||
|
json_add_string dest "$zone" |
||||||
|
json_add_string src "$zone" |
||||||
|
json_add_string src_ip $ip6addr |
||||||
|
json_add_string target ACCEPT |
||||||
|
json_close_object |
||||||
|
json_close_array |
||||||
|
proto_close_data |
||||||
|
|
||||||
|
proto_send_update "$cfg" |
||||||
|
} |
||||||
|
|
||||||
|
proto_464xlat_teardown() { |
||||||
|
local cfg="$1" |
||||||
|
local link="464-$cfg" |
||||||
|
|
||||||
|
[ -f /tmp/464-$cfg-anycast ] || return |
||||||
|
local ip6addr=$(cat /tmp/464-$cfg-anycast) |
||||||
|
|
||||||
|
464xlatcfg "$link" |
||||||
|
|
||||||
|
rm -rf /tmp/464-$cfg-anycast |
||||||
|
[ -n "$ip6addr" ] && ip -6 rule del to $ip6addr lookup prelocal |
||||||
|
|
||||||
|
if [ -z "$(ls /tmp/464-*-anycast 2>&-)" ]; then |
||||||
|
ip -6 rule del from all lookup local |
||||||
|
ip -6 rule add from all lookup local pref 0 |
||||||
|
fi |
||||||
|
} |
||||||
|
|
||||||
|
proto_464xlat_init_config() { |
||||||
|
no_device=1 |
||||||
|
available=1 |
||||||
|
|
||||||
|
proto_config_add_string "ip6prefix" |
||||||
|
proto_config_add_string "ip6addr" |
||||||
|
proto_config_add_string "tunlink" |
||||||
|
proto_config_add_string "zone" |
||||||
|
} |
||||||
|
|
||||||
|
[ -n "$INCLUDE_ONLY" ] || { |
||||||
|
add_protocol 464xlat |
||||||
|
} |
@ -0,0 +1,154 @@ |
|||||||
|
/* 464xlatcfg.c
|
||||||
|
* |
||||||
|
* Copyright (c) 2015 Steven Barth <cyrus@openwrt.org> |
||||||
|
* Copyright (c) 2017 Hans Dedecker <dedeckeh@gmail.com> |
||||||
|
* |
||||||
|
* This program is free software; you can redistribute it and/or modify |
||||||
|
* it under the terms of the GNU General Public License version 2 |
||||||
|
* as published by the Free Software Foundation |
||||||
|
* |
||||||
|
* This program is distributed in the hope that it will be useful, |
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||||
|
* GNU General Public License for more details. |
||||||
|
*/ |
||||||
|
|
||||||
|
#include <netinet/icmp6.h> |
||||||
|
#include <netinet/in.h> |
||||||
|
#include <sys/socket.h> |
||||||
|
#include <arpa/inet.h> |
||||||
|
#include <net/if.h> |
||||||
|
#include <unistd.h> |
||||||
|
#include <stdlib.h> |
||||||
|
#include <signal.h> |
||||||
|
#include <stdio.h> |
||||||
|
#include <netdb.h> |
||||||
|
|
||||||
|
static void sighandler(__attribute__((unused)) int signal) |
||||||
|
{ |
||||||
|
} |
||||||
|
|
||||||
|
int main(int argc, const char *argv[]) |
||||||
|
{ |
||||||
|
char buf[INET6_ADDRSTRLEN], prefix[INET6_ADDRSTRLEN + 4]; |
||||||
|
int pid; |
||||||
|
|
||||||
|
if (argc <= 1) { |
||||||
|
fprintf(stderr, "Usage: %s <name> [ifname] [ipv6prefix] [ipv4addr] [ipv6addr]\n", argv[0]); |
||||||
|
return 1; |
||||||
|
} |
||||||
|
|
||||||
|
snprintf(buf, sizeof(buf), "/var/run/%s.pid", argv[1]); |
||||||
|
FILE *fp = fopen(buf, "r"); |
||||||
|
if (fp) { |
||||||
|
if (fscanf(fp, "%d", &pid) == 1) |
||||||
|
kill(pid, SIGTERM); |
||||||
|
|
||||||
|
unlink(buf); |
||||||
|
fclose(fp); |
||||||
|
} |
||||||
|
|
||||||
|
if (!argv[2]) |
||||||
|
return 0; |
||||||
|
|
||||||
|
if (!argv[3] || !argv[4] || !(fp = fopen(buf, "wx"))) |
||||||
|
return 1; |
||||||
|
|
||||||
|
signal(SIGTERM, SIG_DFL); |
||||||
|
setvbuf(fp, NULL, _IOLBF, 0); |
||||||
|
fprintf(fp, "%d\n", getpid()); |
||||||
|
|
||||||
|
prefix[sizeof(prefix) - 1] = 0; |
||||||
|
strncpy(prefix, argv[3], sizeof(prefix) - 1); |
||||||
|
|
||||||
|
if (!prefix[0]) { |
||||||
|
struct addrinfo hints = { .ai_family = AF_INET6 }, *res; |
||||||
|
if (getaddrinfo("ipv4only.arpa", NULL, &hints, &res) || !res) { |
||||||
|
sleep(3); |
||||||
|
if (getaddrinfo("ipv4only.arpa", NULL, &hints, &res) || !res) |
||||||
|
return 2; |
||||||
|
} |
||||||
|
|
||||||
|
struct sockaddr_in6 *sin6 = (struct sockaddr_in6*)res->ai_addr; |
||||||
|
inet_ntop(AF_INET6, &sin6->sin6_addr, prefix, sizeof(prefix) - 4); |
||||||
|
strcat(prefix, "/96"); |
||||||
|
freeaddrinfo(res); |
||||||
|
} |
||||||
|
|
||||||
|
int i = 0; |
||||||
|
int sock; |
||||||
|
struct sockaddr_in6 saddr; |
||||||
|
|
||||||
|
do { |
||||||
|
socklen_t saddrlen = sizeof(saddr); |
||||||
|
struct icmp6_filter filt; |
||||||
|
|
||||||
|
sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6); |
||||||
|
ICMP6_FILTER_SETBLOCKALL(&filt); |
||||||
|
setsockopt(sock, IPPROTO_ICMPV6, ICMP6_FILTER, &filt, sizeof(filt)); |
||||||
|
setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, argv[2], strlen(argv[2])); |
||||||
|
memset(&saddr, 0, sizeof(saddr)); |
||||||
|
saddr.sin6_family = AF_INET6; |
||||||
|
saddr.sin6_addr.s6_addr32[0] = htonl(0x2001); |
||||||
|
saddr.sin6_addr.s6_addr32[1] = htonl(0xdb8); |
||||||
|
if (connect(sock, (struct sockaddr*)&saddr, sizeof(saddr)) || |
||||||
|
getsockname(sock, (struct sockaddr*)&saddr, &saddrlen)) |
||||||
|
return 3; |
||||||
|
|
||||||
|
if (!IN6_IS_ADDR_LINKLOCAL(&saddr.sin6_addr) || argv[5]) |
||||||
|
break; |
||||||
|
|
||||||
|
close(sock); |
||||||
|
sleep(3); |
||||||
|
i++; |
||||||
|
} while (i < 3); |
||||||
|
|
||||||
|
struct ipv6_mreq mreq = {saddr.sin6_addr, if_nametoindex(argv[2])}; |
||||||
|
if (!argv[5]) { |
||||||
|
if (IN6_IS_ADDR_LINKLOCAL(&mreq.ipv6mr_multiaddr)) |
||||||
|
return 5; |
||||||
|
|
||||||
|
srandom(mreq.ipv6mr_multiaddr.s6_addr32[0] ^ mreq.ipv6mr_multiaddr.s6_addr32[1] ^ |
||||||
|
mreq.ipv6mr_multiaddr.s6_addr32[2] ^ mreq.ipv6mr_multiaddr.s6_addr32[3]); |
||||||
|
mreq.ipv6mr_multiaddr.s6_addr32[2] = random(); |
||||||
|
mreq.ipv6mr_multiaddr.s6_addr32[3] = random(); |
||||||
|
} else if (inet_pton(AF_INET6, argv[5], &mreq.ipv6mr_multiaddr) != 1) { |
||||||
|
return 1; |
||||||
|
} |
||||||
|
|
||||||
|
if (setsockopt(sock, SOL_IPV6, IPV6_JOIN_ANYCAST, &mreq, sizeof(mreq))) |
||||||
|
return 3; |
||||||
|
|
||||||
|
inet_ntop(AF_INET6, &mreq.ipv6mr_multiaddr, buf, sizeof(buf)); |
||||||
|
fputs(buf, stdout); |
||||||
|
fputc('\n', stdout); |
||||||
|
fflush(stdout); |
||||||
|
|
||||||
|
FILE *nat46 = fopen("/proc/net/nat46/control", "w"); |
||||||
|
if (!nat46 || fprintf(nat46, "add %s\nconfig %s local.style NONE local.v4 %s/32 local.v6 %s/128 " |
||||||
|
"remote.style RFC6052 remote.v6 %s\n", argv[1], argv[1], argv[4], buf, prefix) < 0 || |
||||||
|
fclose(nat46)) |
||||||
|
return 4; |
||||||
|
|
||||||
|
if (!(pid = fork())) { |
||||||
|
fclose(fp); |
||||||
|
fclose(stdin); |
||||||
|
fclose(stdout); |
||||||
|
fclose(stderr); |
||||||
|
chdir("/"); |
||||||
|
setsid(); |
||||||
|
signal(SIGTERM, sighandler); |
||||||
|
pause(); |
||||||
|
|
||||||
|
nat46 = fopen("/proc/net/nat46/control", "w"); |
||||||
|
if (nat46) { |
||||||
|
fprintf(nat46, "del %s\n", argv[1]); |
||||||
|
fclose(nat46); |
||||||
|
} |
||||||
|
} else { |
||||||
|
rewind(fp); |
||||||
|
fprintf(fp, "%d\n", pid); |
||||||
|
} |
||||||
|
|
||||||
|
return 0; |
||||||
|
} |
@ -0,0 +1,8 @@ |
|||||||
|
all: 464xlatcfg |
||||||
|
|
||||||
|
464xlatcfg: 464xlatcfg.c |
||||||
|
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
|
||||||
|
|
||||||
|
clean: |
||||||
|
rm -f 464xlatcfg
|
||||||
|
|
Loading…
Reference in new issue