From: Hans Dedecker Date: Sun, 27 Jan 2019 12:07:52 +0000 (+0100) Subject: 464xlat: import from routing, add myself as maintainer X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=633cac0cb4617e9d1c73a15abf7cd5294295cfc5;p=openwrt%2Fstaging%2Fstintel.git 464xlat: import from routing, add myself as maintainer Signed-off-by: Hans Dedecker --- diff --git a/package/network/ipv6/464xlat/Makefile b/package/network/ipv6/464xlat/Makefile new file mode 100644 index 0000000000..9be09fa916 --- /dev/null +++ b/package/network/ipv6/464xlat/Makefile @@ -0,0 +1,43 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=464xlat +PKG_VERSION:=11 + +PKG_SOURCE_DATE:=2018-01-16 +PKG_MAINTAINER:=Hans Dedecker +PKG_LICENSE:=GPL-2.0 + +include $(INCLUDE_DIR)/package.mk + +define Package/464xlat + SECTION:=net + CATEGORY:=Network + DEPENDS:=@IPV6 +kmod-nat46 +ip + TITLE:=464xlat CLAT support +endef + +define Build/Prepare + $(call Build/Prepare/Default) + $(CP) ./src/* $(PKG_BUILD_DIR)/ +endef + +define Build/Compile + $(MAKE) -C $(PKG_BUILD_DIR) \ + CC="$(TARGET_CC)" \ + CFLAGS="$(TARGET_CFLAGS) -Wall" \ + LDFLAGS="$(TARGET_LDFLAGS)" +endef + +define Package/464xlat/description + 464xlat provides support to deploy limited IPv4 access services to mobile + and wireline IPv6-only edge networks without encapsulation (RFC6877) +endef + +define Package/464xlat/install + $(INSTALL_DIR) $(1)/lib/netifd/proto + $(INSTALL_BIN) ./files/464xlat.sh $(1)/lib/netifd/proto/464xlat.sh + $(INSTALL_DIR) $(1)/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/464xlatcfg $(1)/sbin +endef + +$(eval $(call BuildPackage,464xlat)) diff --git a/package/network/ipv6/464xlat/files/464xlat.sh b/package/network/ipv6/464xlat/files/464xlat.sh new file mode 100755 index 0000000000..e5fcf7db96 --- /dev/null +++ b/package/network/ipv6/464xlat/files/464xlat.sh @@ -0,0 +1,111 @@ +#!/bin/sh +# 464xlat.sh - 464xlat CLAT +# +# Copyright (c) 2015 Steven Barth +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +[ -n "$INCLUDE_ONLY" ] || { + . /lib/functions.sh + . /lib/functions/network.sh + . ../netifd-proto.sh + init_proto "$@" +} + +proto_464xlat_setup() { + local cfg="$1" + local iface="$2" + local link="464-$cfg" + + local ip6addr ip6prefix tunlink zone + json_get_vars ip6addr ip6prefix tunlink zone + + [ -z "$zone" ] && zone="wan" + + ( proto_add_host_dependency "$cfg" "::" "$tunlink" ) + + if [ -z "$tunlink" ] && ! network_find_wan6 tunlink; then + proto_notify_error "$cfg" "NO_WAN_LINK" + return + fi + network_get_device tundev "$tunlink" + + ip6addr=$(464xlatcfg "$link" "$tundev" "$ip6prefix" 192.0.0.1 $ip6addr) + if [ -z "$ip6addr" ]; then + proto_notify_error "$cfg" "CLAT_CONFIG_FAILED" + return + fi + + ip -6 rule del from all lookup local + ip -6 rule add from all lookup local pref 1 + ip -6 rule add to $ip6addr lookup prelocal pref 0 + echo "$ip6addr" > /tmp/464-$cfg-anycast + + proto_init_update "$link" 1 + proto_add_ipv4_route "0.0.0.0" 0 "" "" 2048 + proto_add_ipv6_route $ip6addr 128 "" "" "" "" 128 + + proto_add_data + [ "$zone" != "-" ] && json_add_string zone "$zone" + + json_add_array firewall + json_add_object "" + json_add_string type nat + json_add_string target SNAT + json_add_string family inet + json_add_string snat_ip 192.0.0.1 + json_close_object + json_add_object "" + json_add_string type rule + json_add_string family inet6 + json_add_string proto all + json_add_string direction in + json_add_string dest "$zone" + json_add_string src "$zone" + json_add_string src_ip $ip6addr + json_add_string target ACCEPT + json_close_object + json_close_array + proto_close_data + + proto_send_update "$cfg" +} + +proto_464xlat_teardown() { + local cfg="$1" + local link="464-$cfg" + + [ -f /tmp/464-$cfg-anycast ] || return + local ip6addr=$(cat /tmp/464-$cfg-anycast) + + 464xlatcfg "$link" + + rm -rf /tmp/464-$cfg-anycast + [ -n "$ip6addr" ] && ip -6 rule del to $ip6addr lookup prelocal + + if [ -z "$(ls /tmp/464-*-anycast 2>&-)" ]; then + ip -6 rule del from all lookup local + ip -6 rule add from all lookup local pref 0 + fi +} + +proto_464xlat_init_config() { + no_device=1 + available=1 + + proto_config_add_string "ip6prefix" + proto_config_add_string "ip6addr" + proto_config_add_string "tunlink" + proto_config_add_string "zone" +} + +[ -n "$INCLUDE_ONLY" ] || { + add_protocol 464xlat +} diff --git a/package/network/ipv6/464xlat/src/464xlatcfg.c b/package/network/ipv6/464xlat/src/464xlatcfg.c new file mode 100644 index 0000000000..288733e199 --- /dev/null +++ b/package/network/ipv6/464xlat/src/464xlatcfg.c @@ -0,0 +1,154 @@ +/* 464xlatcfg.c + * + * Copyright (c) 2015 Steven Barth + * Copyright (c) 2017 Hans Dedecker + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static void sighandler(__attribute__((unused)) int signal) +{ +} + +int main(int argc, const char *argv[]) +{ + char buf[INET6_ADDRSTRLEN], prefix[INET6_ADDRSTRLEN + 4]; + int pid; + + if (argc <= 1) { + fprintf(stderr, "Usage: %s [ifname] [ipv6prefix] [ipv4addr] [ipv6addr]\n", argv[0]); + return 1; + } + + snprintf(buf, sizeof(buf), "/var/run/%s.pid", argv[1]); + FILE *fp = fopen(buf, "r"); + if (fp) { + if (fscanf(fp, "%d", &pid) == 1) + kill(pid, SIGTERM); + + unlink(buf); + fclose(fp); + } + + if (!argv[2]) + return 0; + + if (!argv[3] || !argv[4] || !(fp = fopen(buf, "wx"))) + return 1; + + signal(SIGTERM, SIG_DFL); + setvbuf(fp, NULL, _IOLBF, 0); + fprintf(fp, "%d\n", getpid()); + + prefix[sizeof(prefix) - 1] = 0; + strncpy(prefix, argv[3], sizeof(prefix) - 1); + + if (!prefix[0]) { + struct addrinfo hints = { .ai_family = AF_INET6 }, *res; + if (getaddrinfo("ipv4only.arpa", NULL, &hints, &res) || !res) { + sleep(3); + if (getaddrinfo("ipv4only.arpa", NULL, &hints, &res) || !res) + return 2; + } + + struct sockaddr_in6 *sin6 = (struct sockaddr_in6*)res->ai_addr; + inet_ntop(AF_INET6, &sin6->sin6_addr, prefix, sizeof(prefix) - 4); + strcat(prefix, "/96"); + freeaddrinfo(res); + } + + int i = 0; + int sock; + struct sockaddr_in6 saddr; + + do { + socklen_t saddrlen = sizeof(saddr); + struct icmp6_filter filt; + + sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6); + ICMP6_FILTER_SETBLOCKALL(&filt); + setsockopt(sock, IPPROTO_ICMPV6, ICMP6_FILTER, &filt, sizeof(filt)); + setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, argv[2], strlen(argv[2])); + memset(&saddr, 0, sizeof(saddr)); + saddr.sin6_family = AF_INET6; + saddr.sin6_addr.s6_addr32[0] = htonl(0x2001); + saddr.sin6_addr.s6_addr32[1] = htonl(0xdb8); + if (connect(sock, (struct sockaddr*)&saddr, sizeof(saddr)) || + getsockname(sock, (struct sockaddr*)&saddr, &saddrlen)) + return 3; + + if (!IN6_IS_ADDR_LINKLOCAL(&saddr.sin6_addr) || argv[5]) + break; + + close(sock); + sleep(3); + i++; + } while (i < 3); + + struct ipv6_mreq mreq = {saddr.sin6_addr, if_nametoindex(argv[2])}; + if (!argv[5]) { + if (IN6_IS_ADDR_LINKLOCAL(&mreq.ipv6mr_multiaddr)) + return 5; + + srandom(mreq.ipv6mr_multiaddr.s6_addr32[0] ^ mreq.ipv6mr_multiaddr.s6_addr32[1] ^ + mreq.ipv6mr_multiaddr.s6_addr32[2] ^ mreq.ipv6mr_multiaddr.s6_addr32[3]); + mreq.ipv6mr_multiaddr.s6_addr32[2] = random(); + mreq.ipv6mr_multiaddr.s6_addr32[3] = random(); + } else if (inet_pton(AF_INET6, argv[5], &mreq.ipv6mr_multiaddr) != 1) { + return 1; + } + + if (setsockopt(sock, SOL_IPV6, IPV6_JOIN_ANYCAST, &mreq, sizeof(mreq))) + return 3; + + inet_ntop(AF_INET6, &mreq.ipv6mr_multiaddr, buf, sizeof(buf)); + fputs(buf, stdout); + fputc('\n', stdout); + fflush(stdout); + + FILE *nat46 = fopen("/proc/net/nat46/control", "w"); + if (!nat46 || fprintf(nat46, "add %s\nconfig %s local.style NONE local.v4 %s/32 local.v6 %s/128 " + "remote.style RFC6052 remote.v6 %s\n", argv[1], argv[1], argv[4], buf, prefix) < 0 || + fclose(nat46)) + return 4; + + if (!(pid = fork())) { + fclose(fp); + fclose(stdin); + fclose(stdout); + fclose(stderr); + chdir("/"); + setsid(); + signal(SIGTERM, sighandler); + pause(); + + nat46 = fopen("/proc/net/nat46/control", "w"); + if (nat46) { + fprintf(nat46, "del %s\n", argv[1]); + fclose(nat46); + } + } else { + rewind(fp); + fprintf(fp, "%d\n", pid); + } + + return 0; +} diff --git a/package/network/ipv6/464xlat/src/Makefile b/package/network/ipv6/464xlat/src/Makefile new file mode 100644 index 0000000000..3950a6b1dd --- /dev/null +++ b/package/network/ipv6/464xlat/src/Makefile @@ -0,0 +1,8 @@ +all: 464xlatcfg + +464xlatcfg: 464xlatcfg.c + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + +clean: + rm -f 464xlatcfg +