map.sh 7.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238
  1. #!/bin/sh
  2. # map.sh - IPv4-in-IPv6 tunnel backend
  3. #
  4. # Author: Steven Barth <cyrus@openwrt.org>
  5. # Copyright (c) 2014 cisco Systems, Inc.
  6. #
  7. # This program is free software; you can redistribute it and/or modify
  8. # it under the terms of the GNU General Public License version 2
  9. # as published by the Free Software Foundation
  10. #
  11. # This program is distributed in the hope that it will be useful,
  12. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. # GNU General Public License for more details.
  15. [ -n "$INCLUDE_ONLY" ] || {
  16. . /lib/functions.sh
  17. . /lib/functions/network.sh
  18. . ../netifd-proto.sh
  19. init_proto "$@"
  20. }
  21. proto_map_setup() {
  22. local cfg="$1"
  23. local iface="$2"
  24. local link="map-$cfg"
  25. # uncomment for legacy MAP0 mode
  26. #export LEGACY=1
  27. local type mtu ttl tunlink zone encaplimit
  28. local rule ipaddr ip4prefixlen ip6prefix ip6prefixlen peeraddr ealen psidlen psid offset
  29. json_get_vars type mtu ttl tunlink zone encaplimit
  30. json_get_vars rule ipaddr ip4prefixlen ip6prefix ip6prefixlen peeraddr ealen psidlen psid offset
  31. [ -z "$zone" ] && zone="wan"
  32. [ -z "$type" ] && type="map-e"
  33. [ -z "$ip4prefixlen" ] && ip4prefixlen=32
  34. ( proto_add_host_dependency "$cfg" "::" "$tunlink" )
  35. # fixme: handle RA/DHCPv6 address race for LW
  36. [ "$type" = lw4o6 ] && sleep 5
  37. if [ -z "$rule" ]; then
  38. rule="type=$type,ipv6prefix=$ip6prefix,prefix6len=$ip6prefixlen,ipv4prefix=$ipaddr,prefix4len=$ip4prefixlen"
  39. [ -n "$psid" ] && rule="$rule,psid=$psid"
  40. [ -n "$psidlen" ] && rule="$rule,psidlen=$psidlen"
  41. [ -n "$offset" ] && rule="$rule,offset=$offset"
  42. [ -n "$ealen" ] && rule="$rule,ealen=$ealen"
  43. if [ "$type" = "map-t" ]; then
  44. rule="$rule,dmr=$peeraddr"
  45. else
  46. rule="$rule,br=$peeraddr"
  47. fi
  48. fi
  49. echo "rule=$rule" > /tmp/map-$cfg.rules
  50. RULE_DATA=$(mapcalc ${tunlink:-\*} $rule)
  51. if [ "$?" != 0 ]; then
  52. proto_notify_error "$cfg" "INVALID_MAP_RULE"
  53. proto_block_restart "$cfg"
  54. return
  55. fi
  56. echo "$RULE_DATA" >> /tmp/map-$cfg.rules
  57. eval $RULE_DATA
  58. if [ -z "$RULE_BMR" ]; then
  59. proto_notify_error "$cfg" "NO_MATCHING_PD"
  60. proto_block_restart "$cfg"
  61. return
  62. fi
  63. k=$RULE_BMR
  64. if [ "$type" = "lw4o6" -o "$type" = "map-e" ]; then
  65. proto_init_update "$link" 1
  66. proto_add_ipv4_address $(eval "echo \$RULE_${k}_IPV4ADDR") "" "" ""
  67. proto_add_tunnel
  68. json_add_string mode ipip6
  69. json_add_int mtu "${mtu:-1280}"
  70. json_add_int ttl "${ttl:-64}"
  71. json_add_string local $(eval "echo \$RULE_${k}_IPV6ADDR")
  72. json_add_string remote $(eval "echo \$RULE_${k}_BR")
  73. json_add_string link $(eval "echo \$RULE_${k}_PD6IFACE")
  74. json_add_object "data"
  75. [ -n "$encaplimit" ] && json_add_string encaplimit "$encaplimit"
  76. if [ "$type" = "map-e" ]; then
  77. json_add_array "fmrs"
  78. for i in $(seq $RULE_COUNT); do
  79. [ "$(eval "echo \$RULE_${i}_FMR")" != 1 ] && continue
  80. json_add_object ""
  81. json_add_string prefix6 "$(eval "echo \$RULE_${i}_IPV6PREFIX")/$(eval "echo \$RULE_${i}_PREFIX6LEN")"
  82. json_add_string prefix4 "$(eval "echo \$RULE_${i}_IPV4PREFIX")/$(eval "echo \$RULE_${i}_PREFIX4LEN")"
  83. json_add_int ealen $(eval "echo \$RULE_${i}_EALEN")
  84. json_add_int offset $(eval "echo \$RULE_${i}_OFFSET")
  85. json_close_object
  86. done
  87. json_close_array
  88. fi
  89. json_close_object
  90. proto_close_tunnel
  91. elif [ "$type" = "map-t" -a -f "/proc/net/nat46/control" ]; then
  92. proto_init_update "$link" 1
  93. local style="MAP"
  94. [ "$LEGACY" = 1 ] && style="MAP0"
  95. echo add $link > /proc/net/nat46/control
  96. local cfgstr="local.style $style local.v4 $(eval "echo \$RULE_${k}_IPV4PREFIX")/$(eval "echo \$RULE_${k}_PREFIX4LEN")"
  97. cfgstr="$cfgstr local.v6 $(eval "echo \$RULE_${k}_IPV6PREFIX")/$(eval "echo \$RULE_${k}_PREFIX6LEN")"
  98. cfgstr="$cfgstr local.ea-len $(eval "echo \$RULE_${k}_EALEN") local.psid-offset $(eval "echo \$RULE_${k}_OFFSET")"
  99. cfgstr="$cfgstr remote.v4 0.0.0.0/0 remote.v6 $(eval "echo \$RULE_${k}_DMR") remote.style RFC6052 remote.ea-len 0 remote.psid-offset 0"
  100. echo config $link $cfgstr > /proc/net/nat46/control
  101. for i in $(seq $RULE_COUNT); do
  102. [ "$(eval "echo \$RULE_${i}_FMR")" != 1 ] && continue
  103. local cfgstr="remote.style $style remote.v4 $(eval "echo \$RULE_${i}_IPV4PREFIX")/$(eval "echo \$RULE_${i}_PREFIX4LEN")"
  104. cfgstr="$cfgstr remote.v6 $(eval "echo \$RULE_${i}_IPV6PREFIX")/$(eval "echo \$RULE_${i}_PREFIX6LEN")"
  105. cfgstr="$cfgstr remote.ea-len $(eval "echo \$RULE_${i}_EALEN") remote.psid-offset $(eval "echo \$RULE_${i}_OFFSET")"
  106. echo insert $link $cfgstr > /proc/net/nat46/control
  107. done
  108. else
  109. proto_notify_error "$cfg" "UNSUPPORTED_TYPE"
  110. proto_block_restart "$cfg"
  111. fi
  112. proto_add_ipv4_route "0.0.0.0" 0
  113. proto_add_data
  114. [ "$zone" != "-" ] && json_add_string zone "$zone"
  115. json_add_array firewall
  116. if [ -z "$(eval "echo \$RULE_${k}_PORTSETS")" ]; then
  117. json_add_object ""
  118. json_add_string type nat
  119. json_add_string target SNAT
  120. json_add_string family inet
  121. json_add_string snat_ip $(eval "echo \$RULE_${k}_IPV4ADDR")
  122. json_close_object
  123. else
  124. for portset in $(eval "echo \$RULE_${k}_PORTSETS"); do
  125. for proto in icmp tcp udp; do
  126. json_add_object ""
  127. json_add_string type nat
  128. json_add_string target SNAT
  129. json_add_string family inet
  130. json_add_string proto "$proto"
  131. json_add_boolean connlimit_ports 1
  132. json_add_string snat_ip $(eval "echo \$RULE_${k}_IPV4ADDR")
  133. json_add_string snat_port "$portset"
  134. json_close_object
  135. done
  136. done
  137. fi
  138. if [ "$type" = "map-t" ]; then
  139. json_add_object ""
  140. json_add_string type rule
  141. json_add_string family inet6
  142. json_add_string proto all
  143. json_add_string direction in
  144. json_add_string dest "$zone"
  145. json_add_string src "$zone"
  146. json_add_string src_ip $(eval "echo \$RULE_${k}_IPV6ADDR")
  147. json_add_string target ACCEPT
  148. json_close_object
  149. json_add_object ""
  150. json_add_string type rule
  151. json_add_string family inet6
  152. json_add_string proto all
  153. json_add_string direction out
  154. json_add_string dest "$zone"
  155. json_add_string src "$zone"
  156. json_add_string dest_ip $(eval "echo \$RULE_${k}_IPV6ADDR")
  157. json_add_string target ACCEPT
  158. json_close_object
  159. proto_add_ipv6_route $(eval "echo \$RULE_${k}_IPV6ADDR") 128
  160. fi
  161. json_close_array
  162. proto_close_data
  163. proto_send_update "$cfg"
  164. if [ "$type" = "lw4o6" -o "$type" = "map-e" ]; then
  165. json_init
  166. json_add_string name "${cfg}_"
  167. json_add_string ifname "@$(eval "echo \$RULE_${k}_PD6IFACE")"
  168. json_add_string proto "static"
  169. json_add_array ip6addr
  170. json_add_string "" "$(eval "echo \$RULE_${k}_IPV6ADDR")"
  171. json_close_array
  172. json_close_object
  173. ubus call network add_dynamic "$(json_dump)"
  174. fi
  175. }
  176. proto_map_teardown() {
  177. local cfg="$1"
  178. local link="map-$cfg"
  179. json_get_var type type
  180. [ -z "$type" ] && type="map-e"
  181. case "$type" in
  182. "map-e"|"lw4o6") ifdown "${cfg}_" ;;
  183. "map-t") [ -f "/proc/net/nat46/control" ] && echo del $link > /proc/net/nat46/control ;;
  184. esac
  185. rm -f /tmp/map-$cfg.rules
  186. }
  187. proto_map_init_config() {
  188. no_device=1
  189. available=1
  190. proto_config_add_string "rule"
  191. proto_config_add_string "ipaddr"
  192. proto_config_add_int "ip4prefixlen"
  193. proto_config_add_string "ip6prefix"
  194. proto_config_add_int "ip6prefixlen"
  195. proto_config_add_string "peeraddr"
  196. proto_config_add_int "ealen"
  197. proto_config_add_int "psidlen"
  198. proto_config_add_int "psid"
  199. proto_config_add_int "offset"
  200. proto_config_add_string "tunlink"
  201. proto_config_add_int "mtu"
  202. proto_config_add_int "ttl"
  203. proto_config_add_string "zone"
  204. proto_config_add_string "encaplimit"
  205. }
  206. [ -n "$INCLUDE_ONLY" ] || {
  207. add_protocol map
  208. }