commit aa12466ce21fbb1c4daac5cd33f1cfef5345ddd9 Author: Martin/Geno Date: Tue Oct 29 16:50:31 2019 +0100 init diff --git a/clatd.sh b/clatd.sh new file mode 100755 index 0000000..96b07a3 --- /dev/null +++ b/clatd.sh @@ -0,0 +1,90 @@ +#!/bin/sh + +color_default=$(tput setaf 7); +color_config=$(tput setaf 3); +color_error=$(tput setaf 1); +color_log=$(tput setaf 8); +echo "$(figlet jool clat)${color_log}" + +ip netns pids jool +if [ $? -eq 0 ]; then + echo "${color_error}> already running - teardown ${color_log}" + ip netns del jool + exit 0 +fi + +# +# TODO: +# - get $nat64_subnet by ipv4only.arpa request +# - skip if ipv4 default route exists +# - improve $nat64_gw generation for ipv6 address in namespace +# - improve subnet sizes - hardcoded /64 and /96 + +nat64_subnet="64:ff9b::" +echo "${color_default}detect nat64: ${color_config}$nat64_subnet${color_log}" + +ifname_ex="$(ip r g ${nat64_subnet}0 | grep -Po 'dev \K[0-9a-z]+')" +echo "${color_default}over interface: ${color_config}$ifname_ex${color_log}" + +# +# setup interfaces and namespace +# + +echo "${color_default}> setup interfaces and namespace${color_log}" +ip netns add jool +ip link add name clat type veth peer name to_world +ip link set up dev clat +ip link set up dev to_world netns jool + +clat_ll=$(ip -6 address show scope link dev clat | grep -Po 'inet6 \K[0-9a-f:]+') +internal_ll=$(ip netns exec jool ip -6 address show scope link dev to_world | grep -Po 'inet6 \K[0-9a-f:]+') + + +# +# setup network in namespace +# + +echo "${color_default}> setup network in namespace${color_log}" + +nat64_gw="$(ip r g ${nat64_subnet}0 | grep -Po 'src \K[0-9a-f]+:[0-9a-f]+:[0-9a-f]+:[0-9a-f]+:')$(echo $internal_ll | grep -Po 'fe80::\K[0-9a-f:]+')" + +echo "${color_default}generate internal ipv6 address: ${color_config}$nat64_gw${color_log}" +ip netns exec jool ip -6 address add $nat64_gw/64 dev to_world +ip netns exec jool ip -6 route add default via $clat_ll dev to_world +ip netns exec jool ip -4 address add 192.0.0.1/29 dev to_world + + +# +# setup jool in namespace +# + +echo "${color_default}> setup jool in namespace${color_log}" +ip netns exec jool modprobe jool_siit +if [ $? -ne 0 ]; then + echo "${color_error}module jool_siit not found${color_log}" + ip netns del jool + exit 1 +fi +ip netns exec jool jool_siit instance add --netfilter --pool6 $nat64_subnet/96 +ip netns exec jool jool_siit eamt add 192.0.0.2 $nat64_gw + + +# +# routing ipv6 namespace +# + +echo "${color_default}> routing ipv6 to namespace${color_log}" +echo 1 > /proc/sys/net/ipv6/conf/$ifname_ex/proxy_ndp +echo 1 | tee /proc/sys/net/ipv6/conf/*/forwarding +ip -6 neigh add proxy $internal_ll dev $ifname_ex +ip -6 route add $nat64_gw/96 via $internal_ll dev clat + + +# +# routing ipv4 to namespace +# + +echo "${color_default}> routing ipv4 to namespace${color_log}" + +ip -4 address add 192.0.0.2/29 dev clat +ip -4 route add default via 192.0.0.1 dev clat