From 8065d37b1c08a65e1261daffcb4f934fe3d3d23f Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 9 Apr 2013 11:56:35 +0200 Subject: [PATCH] 6to4-tunnel: Allow to update endpoint address. This currently only works with tunnelbroker.net from Hurricane Electric. --- functions.he | 65 ++++++++++++++++++++++++++++++++ functions.http | 83 +++++++++++++++++++++++++++++++++++++++++ hooks/zones/6to4-tunnel | 47 ++++++++++++++++++++++- 3 files changed, 194 insertions(+), 1 deletion(-) create mode 100644 functions.he create mode 100644 functions.http diff --git a/functions.he b/functions.he new file mode 100644 index 00000000..d6730052 --- /dev/null +++ b/functions.he @@ -0,0 +1,65 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2013 IPFire Network Development Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +function he_tunnelbroker_endpoint_update() { + local username + local password + local tunnel_id + + while [ $# -gt 0 ]; do + case "${1}" in + --username=*) + username="$(cli_get_val ${1})" + ;; + --password=*) + password="$(cli_get_val ${1})" + ;; + --tunnel-id=*) + tunnel_id="$(cli_get_val ${1})" + ;; + esac + shift + done + + assert isset username + assert isset password + assert isset tunnel_id + + # Send HTTP request. + local response=$(http_GET --username="${username}" --password="${password}" \ + "https://ipv4.tunnelbroker.net/ipv4_end.php" "tid=${tunnel_id}") + + log DEBUG "Server response: ${response}" + + case "${response}" in + "-ERROR: This tunnel is already associated with this IP address.*") + # This is not really an error, because the right IP address is + # already configured. + ;; + "-ERROR:*") + log ERROR "Tunnel endpoint address update not successful for tunnel ${tunnel_id}" + return ${EXIT_ERROR} + ;; + esac + + log INFO "Tunnel endpoint address has been updated for tunnel ${tunnel_id}" + return ${EXIT_OK} +} diff --git a/functions.http b/functions.http new file mode 100644 index 00000000..1c61443c --- /dev/null +++ b/functions.http @@ -0,0 +1,83 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2013 IPFire Network Development Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +function http_format_args() { + local args="$@" + + list_join args "&" +} + +function http_GET() { + local username + local password + + local url + + while [ $# -gt 0 ]; do + case "${1}" in + --username=*) + username="$(cli_get_val ${1})" + ;; + --password=*) + password="$(cli_get_val ${1})" + ;; + *) + break + ;; + esac + shift + done + + local url="$(cli_get_val ${1})" + shift + + # Add credentials to the URL. + if isset username && isset password; then + # Stip http:// and so on from the URL. + local scheme="${url%://*}" + url="${url#*://}" + + # Build new URL string with credentials. + url="${scheme}://${username}:${password}@${url}" + fi + + # Add all query arguments if necessary. + local args=$(http_format_args "$@") + if [ -n "${args}" ]; then + url="${url}?${args}" + fi + + http_call "${url}" +} + +function http_call() { + # Argument list for invoking curl. + local args + + list_append args "--silent" + list_append args "--user-agent IPFire-Network/${NETWORK_VERSION}" + + # Add all other args. + list_append args "$@" + + # Run curl. + curl ${args} +} diff --git a/hooks/zones/6to4-tunnel b/hooks/zones/6to4-tunnel index f0325295..2fbb5bbf 100755 --- a/hooks/zones/6to4-tunnel +++ b/hooks/zones/6to4-tunnel @@ -21,7 +21,8 @@ . /usr/lib/network/header-zone -HOOK_SETTINGS="HOOK SERVER_ADDRESS LOCAL_ADDRESS LOCAL_ADDRESS6" +HOOK_SETTINGS="HOOK SERVER_ADDRESS LOCAL_ADDRESS LOCAL_ADDRESS6 TUNNEL_ID" +HOOK_SETTINGS="${HOOK_SETTINGS} AUTO_UPDATE_ENDPOINT USERNAME PASSWORD" # The IPv4 address of the tunnel endpoint where to connect to. SERVER_ADDRESS= @@ -32,10 +33,27 @@ LOCAL_ADDRESS= # The address that is assigned to the tunnel device (with prefix). LOCAL_ADDRESS6= +# True if the endpoint IP address should be automatically +# updated each time the tunnel connects. +AUTO_UPDATE_ENDPOINT="false" + +# The ID of the tunnel. +TUNNEL_ID= + +# Credentials for the tunnelbroker.net service. +USERNAME= +PASSWORD= + function _check() { assert isset SERVER_ADDRESS assert isset LOCAL_ADDRESS assert isset LOCAL_ADDRESS6 + + if enabled AUTO_UPDATE_ENDPOINT; then + assert isset TUNNEL_ID + assert isset USERNAME + assert isset PASSWORD + fi } function _parse_cmdline() { @@ -52,6 +70,24 @@ function _parse_cmdline() { --local-ipv6-address=*) LOCAL_ADDRESS6=$(cli_get_val ${1}) ;; + --auto-update-endpoint=*) + local val="$(cli_get_val ${1})" + + if enabled val; then + AUTO_UPDATE_ENDPOINT="true" + else + AUTO_UPADTE_ENDPOINT="false" + fi + ;; + --tunnel-id=*) + TUNNEL_ID="$(cli_get_val ${1})" + ;; + --username=*) + USERNAME="$(cli_get_val ${1})" + ;; + --password=*) + PASSWORD="$(cli_get_val ${1})" + ;; *) echo "Unknown option: ${1}" >&2 exit ${EXIT_ERROR} @@ -68,6 +104,15 @@ function _up() { # Read configuration options. zone_config_read ${zone} + if enabled AUTO_UPDATE_ENDPOINT; then + log DEBUG "Updating tunnel endpoint" + + he_tunnelbroker_endpoint_update \ + --username="${USERNAME}" \ + --password="${PASSWORD}" \ + --tunnel-id="${TUNNEL_ID}" + fi + ip_tunnel_add ${zone} --ttl=255 \ --remote-address="${SERVER_ADDRESS}" \ --local-address="${LOCAL_ADDRESS}" -- 2.47.2