projects / openwrt / staging / dedeckeh.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
464xlat: delete SNATed conntracks on interface teardown
[openwrt/staging/dedeckeh.git] / package / network / ipv6 / 464xlat / files / 464xlat.sh
1 #!/bin/sh
2 # 464xlat.sh - 464xlat CLAT
3 #
4 # Copyright (c) 2015 Steven Barth <cyrus@openwrt.org>
5 #
6 # This program is free software; you can redistribute it and/or modify
7 # it under the terms of the GNU General Public License version 2
8 # as published by the Free Software Foundation
9 #
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14
15 [ -n "$INCLUDE_ONLY" ] || {
16 . /lib/functions.sh
17 . /lib/functions/network.sh
18 . ../netifd-proto.sh
19 init_proto "$@"
20 }
21
22 proto_464xlat_setup() {
23 local cfg="$1"
24 local iface="$2"
25 local link="464-$cfg"
26
27 local ip6addr ip6prefix tunlink zone
28 json_get_vars ip6addr ip6prefix tunlink zone
29
30 [ "$zone" = "-" ] && zone=""
31
32 ( proto_add_host_dependency "$cfg" "::" "$tunlink" )
33
34 if [ -z "$tunlink" ] && ! network_find_wan6 tunlink; then
35 proto_notify_error "$cfg" "NO_WAN_LINK"
36 return
37 fi
38 network_get_device tundev "$tunlink"
39
40 ip6addr=$(464xlatcfg "$link" "$tundev" "$ip6prefix" 192.0.0.1 $ip6addr)
41 if [ -z "$ip6addr" ]; then
42 proto_notify_error "$cfg" "CLAT_CONFIG_FAILED"
43 return
44 fi
45
46 ip -6 rule del from all lookup local
47 ip -6 rule add from all lookup local pref 1
48 ip -6 rule add to $ip6addr lookup prelocal pref 0
49 echo "$ip6addr" > /tmp/464-$cfg-anycast
50
51 proto_init_update "$link" 1
52 proto_add_ipv4_route "0.0.0.0" 0 "" "" 2048
53 proto_add_ipv6_route $ip6addr 128 "" "" "" "" 128
54
55 proto_add_data
56 [ -n "$zone" ] && json_add_string zone "$zone"
57
58 json_add_array firewall
59 [ -z "$zone" ] && zone=$(fw3 -q network $iface 2>/dev/null)
60
61 json_add_object ""
62 json_add_string type nat
63 json_add_string target SNAT
64 json_add_string family inet
65 json_add_string snat_ip 192.0.0.1
66 json_close_object
67 [ -n "$zone" ] && {
68 json_add_object ""
69 json_add_string type rule
70 json_add_string family inet6
71 json_add_string proto all
72 json_add_string direction in
73 json_add_string dest "$zone"
74 json_add_string src "$zone"
75 json_add_string src_ip $ip6addr
76 json_add_string target ACCEPT
77 json_close_object
78 }
79 json_close_array
80 proto_close_data
81
82 proto_send_update "$cfg"
83 }
84
85 proto_464xlat_teardown() {
86 local cfg="$1"
87 local link="464-$cfg"
88
89 [ -f /tmp/464-$cfg-anycast ] || return
90 local ip6addr=$(cat /tmp/464-$cfg-anycast)
91
92 464xlatcfg "$link"
93
94 rm -rf /tmp/464-$cfg-anycast
95 [ -n "$ip6addr" ] && ip -6 rule del to $ip6addr lookup prelocal
96
97 if [ -z "$(ls /tmp/464-*-anycast 2>&-)" ]; then
98 ip -6 rule del from all lookup local
99 ip -6 rule add from all lookup local pref 0
100 fi
101
102 # Kill conntracks SNATed to 192.0.0.1
103 echo 192.0.0.1 > /proc/net/nf_conntrack
104 }
105
106 proto_464xlat_init_config() {
107 no_device=1
108 available=1
109
110 proto_config_add_string "ip6prefix"
111 proto_config_add_string "ip6addr"
112 proto_config_add_string "tunlink"
113 proto_config_add_string "zone"
114 }
115
116 [ -n "$INCLUDE_ONLY" ] || {
117 add_protocol 464xlat
118 }
Staging tree of dedeckeh