package/network/ipv6/map/files/map.sh

   1 #!/bin/sh
   2 # map.sh - IPv4-in-IPv6 tunnel backend
   3 #
   4 # Author: Steven Barth <cyrus@openwrt.org>
   5 # Copyright (c) 2014 cisco Systems, Inc.
   6 #
   7 # This program is free software; you can redistribute it and/or modify
   8 # it under the terms of the GNU General Public License version 2
   9 # as published by the Free Software Foundation
  10 #
  11 # This program is distributed in the hope that it will be useful,
  12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14 # GNU General Public License for more details.
  15
  16 [ -n "$INCLUDE_ONLY" ] || {
  17         . /lib/functions.sh
  18         . /lib/functions/network.sh
  19         . ../netifd-proto.sh
  20         init_proto "$@"
  21 }
  22
  23 proto_map_setup() {
  24         local cfg="$1"
  25         local iface="$2"
  26         local link="map-$cfg"
  27
  28         local type legacymap mtu ttl tunlink zone encaplimit
  29         local rule ipaddr ip4prefixlen ip6prefix ip6prefixlen peeraddr ealen psidlen psid offset
  30         json_get_vars type legacymap mtu ttl tunlink zone encaplimit
  31         json_get_vars rule ipaddr ip4prefixlen ip6prefix ip6prefixlen peeraddr ealen psidlen psid offset
  32
  33         [ "$zone" = "-" ] && zone=""
  34         [ -z "$type" ] && type="map-e"
  35         [ -z "$ip4prefixlen" ] && ip4prefixlen=32
  36
  37         ( proto_add_host_dependency "$cfg" "::" "$tunlink" )
  38
  39         # fixme: handle RA/DHCPv6 address race for LW
  40         [ "$type" = lw4o6 ] && sleep 5
  41
  42         if [ -z "$rule" ]; then
  43                 rule="type=$type,ipv6prefix=$ip6prefix,prefix6len=$ip6prefixlen,ipv4prefix=$ipaddr,prefix4len=$ip4prefixlen"
  44                 [ -n "$psid" ] && rule="$rule,psid=$psid"
  45                 [ -n "$psidlen" ] && rule="$rule,psidlen=$psidlen"
  46                 [ -n "$offset" ] && rule="$rule,offset=$offset"
  47                 [ -n "$ealen" ] && rule="$rule,ealen=$ealen"
  48                 if [ "$type" = "map-t" ]; then
  49                         rule="$rule,dmr=$peeraddr"
  50                 else
  51                         rule="$rule,br=$peeraddr"
  52                 fi
  53         fi
  54
  55         echo "rule=$rule" > /tmp/map-$cfg.rules
  56         RULE_DATA=$(LEGACY="$legacymap" mapcalc ${tunlink:-\*} $rule)
  57         if [ "$?" != 0 ]; then
  58                 proto_notify_error "$cfg" "INVALID_MAP_RULE"
  59                 proto_block_restart "$cfg"
  60                 return
  61         fi
  62
  63         echo "$RULE_DATA" >> /tmp/map-$cfg.rules
  64         eval $RULE_DATA
  65
  66         if [ -z "$RULE_BMR" ]; then
  67                 proto_notify_error "$cfg" "NO_MATCHING_PD"
  68                 proto_block_restart "$cfg"
  69                 return
  70         fi
  71
  72         k=$RULE_BMR
  73         if [ "$type" = "lw4o6" -o "$type" = "map-e" ]; then
  74                 proto_init_update "$link" 1
  75                 proto_add_ipv4_address $(eval "echo \$RULE_${k}_IPV4ADDR") "" "" ""
  76
  77                 proto_add_tunnel
  78                 json_add_string mode ipip6
  79                 json_add_int mtu "${mtu:-1280}"
  80                 json_add_int ttl "${ttl:-64}"
  81                 json_add_string local $(eval "echo \$RULE_${k}_IPV6ADDR")
  82                 json_add_string remote $(eval "echo \$RULE_${k}_BR")
  83                 json_add_string link $(eval "echo \$RULE_${k}_PD6IFACE")
  84                 json_add_object "data"
  85                         [ -n "$encaplimit" ] && json_add_string encaplimit "$encaplimit"
  86                         if [ "$type" = "map-e" ]; then
  87                                 json_add_array "fmrs"
  88                                 for i in $(seq $RULE_COUNT); do
  89                                         [ "$(eval "echo \$RULE_${i}_FMR")" != 1 ] && continue
  90                                         json_add_object ""
  91                                         json_add_string prefix6 "$(eval "echo \$RULE_${i}_IPV6PREFIX")/$(eval "echo \$RULE_${i}_PREFIX6LEN")"
  92                                         json_add_string prefix4 "$(eval "echo \$RULE_${i}_IPV4PREFIX")/$(eval "echo \$RULE_${i}_PREFIX4LEN")"
  93                                         json_add_int ealen $(eval "echo \$RULE_${i}_EALEN")
  94                                         json_add_int offset $(eval "echo \$RULE_${i}_OFFSET")
  95                                         json_close_object
  96                                 done
  97                                 json_close_array
  98                         fi
  99                 json_close_object
 100
 101
 102                 proto_close_tunnel
 103         elif [ "$type" = "map-t" -a -f "/proc/net/nat46/control" ]; then
 104                 proto_init_update "$link" 1
 105                 local style="MAP"
 106                 [ "$legacymap" = 1 ] && style="MAP0"
 107
 108                 echo add $link > /proc/net/nat46/control
 109                 local cfgstr="local.style $style local.v4 $(eval "echo \$RULE_${k}_IPV4PREFIX")/$(eval "echo \$RULE_${k}_PREFIX4LEN")"
 110                 cfgstr="$cfgstr local.v6 $(eval "echo \$RULE_${k}_IPV6PREFIX")/$(eval "echo \$RULE_${k}_PREFIX6LEN")"
 111                 cfgstr="$cfgstr local.ea-len $(eval "echo \$RULE_${k}_EALEN") local.psid-offset $(eval "echo \$RULE_${k}_OFFSET")"
 112                 cfgstr="$cfgstr remote.v4 0.0.0.0/0 remote.v6 $(eval "echo \$RULE_${k}_DMR") remote.style RFC6052 remote.ea-len 0 remote.psid-offset 0"
 113                 echo config $link $cfgstr > /proc/net/nat46/control
 114
 115                 for i in $(seq $RULE_COUNT); do
 116                         [ "$(eval "echo \$RULE_${i}_FMR")" != 1 ] && continue
 117                         local cfgstr="remote.style $style remote.v4 $(eval "echo \$RULE_${i}_IPV4PREFIX")/$(eval "echo \$RULE_${i}_PREFIX4LEN")"
 118                         cfgstr="$cfgstr remote.v6 $(eval "echo \$RULE_${i}_IPV6PREFIX")/$(eval "echo \$RULE_${i}_PREFIX6LEN")"
 119                         cfgstr="$cfgstr remote.ea-len $(eval "echo \$RULE_${i}_EALEN") remote.psid-offset $(eval "echo \$RULE_${i}_OFFSET")"
 120                         echo insert $link $cfgstr > /proc/net/nat46/control
 121                 done
 122         else
 123                 proto_notify_error "$cfg" "UNSUPPORTED_TYPE"
 124                 proto_block_restart "$cfg"
 125         fi
 126
 127         proto_add_ipv4_route "0.0.0.0" 0
 128         proto_add_data
 129         [ -n "$zone" ] && json_add_string zone "$zone"
 130
 131         json_add_array firewall
 132           if [ -z "$(eval "echo \$RULE_${k}_PORTSETS")" ]; then
 133             json_add_object ""
 134               json_add_string type nat
 135               json_add_string target SNAT
 136               json_add_string family inet
 137               json_add_string snat_ip $(eval "echo \$RULE_${k}_IPV4ADDR")
 138             json_close_object
 139           else
 140             for portset in $(eval "echo \$RULE_${k}_PORTSETS"); do
 141               for proto in icmp tcp udp; do
 142                 json_add_object ""
 143                   json_add_string type nat
 144                   json_add_string target SNAT
 145                   json_add_string family inet
 146                   json_add_string proto "$proto"
 147                   json_add_boolean connlimit_ports 1
 148                   json_add_string snat_ip $(eval "echo \$RULE_${k}_IPV4ADDR")
 149                   json_add_string snat_port "$portset"
 150                 json_close_object
 151               done
 152             done
 153           fi
 154           if [ "$type" = "map-t" ]; then
 155                 [ -z "$zone" ] && zone=$(fw3 -q network $iface 2>/dev/null)
 156
 157                 [ -n "$zone" ] && {
 158                         json_add_object ""
 159                                 json_add_string type rule
 160                                 json_add_string family inet6
 161                                 json_add_string proto all
 162                                 json_add_string direction in
 163                                 json_add_string dest "$zone"
 164                                 json_add_string src "$zone"
 165                                 json_add_string src_ip $(eval "echo \$RULE_${k}_IPV6ADDR")
 166                                 json_add_string target ACCEPT
 167                         json_close_object
 168                         json_add_object ""
 169                                 json_add_string type rule
 170                                 json_add_string family inet6
 171                                 json_add_string proto all
 172                                 json_add_string direction out
 173                                 json_add_string dest "$zone"
 174                                 json_add_string src "$zone"
 175                                 json_add_string dest_ip $(eval "echo \$RULE_${k}_IPV6ADDR")
 176                                 json_add_string target ACCEPT
 177                         json_close_object
 178                 }
 179                 proto_add_ipv6_route $(eval "echo \$RULE_${k}_IPV6ADDR") 128
 180           fi
 181         json_close_array
 182         proto_close_data
 183
 184         proto_send_update "$cfg"
 185
 186         if [ "$type" = "lw4o6" -o "$type" = "map-e" ]; then
 187                 json_init
 188                 json_add_string name "${cfg}_"
 189                 json_add_string ifname "@$(eval "echo \$RULE_${k}_PD6IFACE")"
 190                 json_add_string proto "static"
 191                 json_add_array ip6addr
 192                 json_add_string "" "$(eval "echo \$RULE_${k}_IPV6ADDR")"
 193                 json_close_array
 194                 json_close_object
 195                 ubus call network add_dynamic "$(json_dump)"
 196         fi
 197 }
 198
 199 proto_map_teardown() {
 200         local cfg="$1"
 201         local link="map-$cfg"
 202
 203         json_get_var type type
 204
 205         [ -z "$type" ] && type="map-e"
 206
 207         case "$type" in
 208                 "map-e"|"lw4o6") ifdown "${cfg}_" ;;
 209                 "map-t") [ -f "/proc/net/nat46/control" ] && echo del $link > /proc/net/nat46/control ;;
 210         esac
 211
 212         rm -f /tmp/map-$cfg.rules
 213 }
 214
 215 proto_map_init_config() {
 216         no_device=1
 217         available=1
 218
 219         proto_config_add_string "rule"
 220         proto_config_add_string "ipaddr"
 221         proto_config_add_int "ip4prefixlen"
 222         proto_config_add_string "ip6prefix"
 223         proto_config_add_int "ip6prefixlen"
 224         proto_config_add_string "peeraddr"
 225         proto_config_add_int "ealen"
 226         proto_config_add_int "psidlen"
 227         proto_config_add_int "psid"
 228         proto_config_add_int "offset"
 229         proto_config_add_boolean "legacymap"
 230
 231         proto_config_add_string "tunlink"
 232         proto_config_add_int "mtu"
 233         proto_config_add_int "ttl"
 234         proto_config_add_string "zone"
 235         proto_config_add_string "encaplimit"
 236 }
 237
 238 [ -n "$INCLUDE_ONLY" ] || {
 239         add_protocol map
 240 }