From cccb3a4bbfae81fa0ec6742aea2aa235a0d2ff5c Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 6 Jun 2012 15:38:55 +0000 Subject: [PATCH] Add 6to4 tunnel functionality. Introduces a hook that can connect to 6to4 tunnelbrokers like Hurricane Electric's tunnelbroker.net. --- functions.dns | 30 +++++++++ functions.ip-tunnel | 89 +++++++++++++++++++++++++++ hooks/zones/6to4-tunnel | 131 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 250 insertions(+) create mode 100644 functions.dns create mode 100644 functions.ip-tunnel create mode 100755 hooks/zones/6to4-tunnel diff --git a/functions.dns b/functions.dns new file mode 100644 index 00000000..ee7d5c3f --- /dev/null +++ b/functions.dns @@ -0,0 +1,30 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2012 IPFire Network Development Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +function dns_get_hostname() { + local address=${1} + assert isset address + + #( + # eval $(ipcalc -h ${address}) + # echo "${HOSTNAME}" + #) +} diff --git a/functions.ip-tunnel b/functions.ip-tunnel new file mode 100644 index 00000000..4279d414 --- /dev/null +++ b/functions.ip-tunnel @@ -0,0 +1,89 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2012 IPFire Network Development Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +IP_TUNNEL_MODES="sit" + +function ip_tunnel_add() { + local device=${1} + shift + + local mode="sit" + local ttl + + local remote_address + local local_address + + while [ $# -gt 0 ]; do + case "${1}" in + --mode=*) + mode=$(cli_get_val ${1}) + ;; + --ttl=*) + ttl=$(cli_get_val ${1}) + ;; + + --remote-address=*) + remote_address=$(cli_get_val ${1}) + ;; + --local-address=*) + local_address=$(cli_get_val ${1}) + ;; + esac + shift + done + + assert isset mode + assert isoneof mode ${IP_TUNNEL_MODES} + + # If TTL is set, make sure it is an integer. + isset ttl && assert isinteger ttl + + assert isset remote_address + assert isset local_address + + local cmd_args + + # Apply TTL if a value has been set. + if isset ttl; then + cmd_args="${cmd_args} ttl ${ttl}" + fi + + log DEBUG "Creating tunnel device '${device}' (mode=${mode})..." + + # Create the device. + cmd ip tunnel add ${device} mode ${mode} \ + remote ${remote_address} local ${local_address} ${cmd_args} + assert [ $? -eq 0 ] +} + + +function ip_tunnel_del() { + local device=${1} + assert device_exists ${device} + + # Make sure the device has been shut down. + device_set_down ${device} + + log DEBUG "Removing tunnel device '${device}'..." + + ip tunnel del ${device} + assert [ $? -eq 0 ] +} diff --git a/hooks/zones/6to4-tunnel b/hooks/zones/6to4-tunnel new file mode 100755 index 00000000..cfa7cb92 --- /dev/null +++ b/hooks/zones/6to4-tunnel @@ -0,0 +1,131 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +. /usr/lib/network/header-zone + +HOOK_SETTINGS="HOOK SERVER_ADDRESS LOCAL_ADDRESS LOCAL_ADDRESS6" + +# The IPv4 address of the tunnel endpoint where to connect to. +SERVER_ADDRESS= + +# The local IPv4 address of the tunnel endpoint. +LOCAL_ADDRESS= + +# The address that is assigned to the tunnel device (with prefix). +LOCAL_ADDRESS6= + +function _check() { + assert isset SERVER_ADDRESS + assert isset LOCAL_ADDRESS + assert isset LOCAL_ADDRESS6 +} + +function _parse_cmdline() { + local value + + while [ $# -gt 0 ]; do + case "${1}" in + --server-address=*) + SERVER_ADDRESS=$(cli_get_val ${1}) + ;; + --local-ipv4-address=*) + LOCAL_ADDRESS=$(cli_get_val ${1}) + ;; + --local-ipv6-address=*) + LOCAL_ADDRESS6=$(cli_get_val ${1}) + ;; + *) + echo "Unknown option: ${1}" >&2 + exit ${EXIT_ERROR} + ;; + esac + shift + done +} + +function _up() { + local zone=${1} + assert isset zone + + # Read configuration options. + zone_config_read ${zone} + + ip_tunnel_add ${zone} --ttl=255 \ + --remote-address="${SERVER_ADDRESS}" \ + --local-address="${LOCAL_ADDRESS}" + + # Bring up the device. + device_set_up ${zone} + + # Assign IPv6 address. + ip_address_add ${zone} ${LOCAL_ADDRESS6} + + # Update routing information. + routing_db_set ${zone} ipv6 type "${HOOK}" + routing_db_set ${zone} ipv6 local-ip-address "${LOCAL_ADDRESS6}" + routing_db_set ${zone} ipv6 active 1 + + # Update the routing database. + routing_update ${zone} ipv6 + routing_default_update + + exit ${EXIT_OK} +} + +function _down() { + local zone=${1} + assert isset zone + + # Remove everything from the routing db. + routing_db_remove ${zone} ipv6 + routing_update ${zone} ipv6 + routing_default_update + + # Remove the tunnel device. + ip_tunnel_del ${zone} + + exit ${EXIT_OK} +} + +function _status() { + local zone=${1} + assert isset zone + + cli_status_headline ${zone} + + zone_config_read ${zone} + + local server_line="${SERVER_ADDRESS}" + local server_hostname=$(dns_get_hostname ${SERVER_ADDRESS}) + if [ -n "${server_hostname}" ]; then + server_line="${server_line} (Hostname: ${server_hostname})" + fi + + cli_headline " Configuration:" + printf "${DEVICE_PRINT_LINE1}" "Server:" "${server_line}" + printf "${DEVICE_PRINT_LINE1}" "Endpoint IPv4 address:" "${LOCAL_ADDRESS}" + printf "${DEVICE_PRINT_LINE1}" "Endpoint IPv6 address:" "${LOCAL_ADDRESS6}" + echo + + exit ${EXIT_OK} +} + +run $@ -- 2.39.5