From e66a24563348a6ff633c8153c1f3ed2eb589703a Mon Sep 17 00:00:00 2001 From: genofire Date: Mon, 20 Sep 2021 16:46:16 +0200 Subject: [PATCH] add support for networkd-dispatcher --- networkd-dispatcher/configured.d/clat.sh | 57 ++++++++++++++++++++++++ networkd-dispatcher/no-carrier.d/clat.sh | 5 +++ 2 files changed, 62 insertions(+) create mode 100755 networkd-dispatcher/configured.d/clat.sh create mode 100755 networkd-dispatcher/no-carrier.d/clat.sh diff --git a/networkd-dispatcher/configured.d/clat.sh b/networkd-dispatcher/configured.d/clat.sh new file mode 100755 index 0000000..72fa335 --- /dev/null +++ b/networkd-dispatcher/configured.d/clat.sh @@ -0,0 +1,57 @@ +#!/bin/sh + +if [ "$IFACE" == "clat" ]; then + echo "clat does not need to configurate again" + exit 0 +fi + +# NAT64 - by interface +nat64_prefix=$(dig +short ipv4only.arpa AAAA | sed 's/c000:a[ab]//' | head -1) +if [ $? -ne 0 ]; then + echo "${color_error}dns failed: no request to ipv4only.arpa possible${color_log}" + exit 1 +fi +if [ "$nat64_prefix" == "" ]; then + echo "${color_error}nat64 prefix/subnet unkown${color_log}" + exit 1 +fi +echo "setup clat with prefix: $nat64_prefix/64" + +# namespace setup +ip netns add clatns +ip link add name clat type veth peer name to_world +ip link set up dev clat +ip link set up dev to_world netns clatns + +# namespace network +clat_ll=$(ip -6 address show scope link dev clat | grep -Po 'inet6 \K[0-9a-f:]+') +internal_ll=$(ip netns exec clatns ip -6 address show scope link dev to_world | grep -Po 'inet6 \K[0-9a-f:]+') + +v6_address_clat="$(ip r g ${nat64_prefix}0 | grep -Po 'src \K[0-9a-f]+:[0-9a-f]+:[0-9a-f]+:[0-9a-f]+:')$(echo $internal_ll | grep -Po 'fe80::\K[0-9a-f:]+')" + +echo "ipv6 address clat: $v6_address_clat/64" +ip netns exec clatns ip -6 address add $v6_address_clat/64 dev to_world +ip netns exec clatns ip -6 route add default via $clat_ll dev to_world +ip netns exec clatns ip -4 address add 192.0.0.1/30 dev to_world + +# jool setup +if ! ip netns exec clatns modprobe jool_siit; then + echo "${color_error}module jool_siit not found${color_log}" + ip netns del clatns + exit 1 +fi +ip netns exec clatns jool_siit instance add --netfilter --pool6 $nat64_prefix/64 +ip netns exec clatns jool_siit eamt add 192.0.0.2 $v6_address_clat + +# route ipv6 +echo 1 > /proc/sys/net/ipv6/conf/$IFACE/proxy_ndp +sysctl -w net.ipv6.conf.all.forwarding=1 +#echo 1 tee /proc/sys/net/ipv6/conf/*/forwarding +ip -6 neigh add proxy $v6_address_clat dev $IFACE +ip -6 route add $v6_address_clat/128 via $internal_ll dev clat + +# route ipv4 +ip -4 address add 192.0.0.2/30 dev clat +ip -4 route add default via 192.0.0.1 dev clat + +echo "completed" diff --git a/networkd-dispatcher/no-carrier.d/clat.sh b/networkd-dispatcher/no-carrier.d/clat.sh new file mode 100755 index 0000000..27fcfaa --- /dev/null +++ b/networkd-dispatcher/no-carrier.d/clat.sh @@ -0,0 +1,5 @@ +#!/bin/sh +if [ "$IFACE" != "clat" ]; then + ip netns del clatns; + exit 0; +fi