forked from freifunk-franken/firmware
fff: advertise fdff:0::/64 to access web interface
This patch adds a prefix advertisment for each node. Every node get also the IPs * $prefix::MAC * $prefix::link-local * $prefix::1 ::1 is duplicated so we need filtering to not forward data into the network for ::1. Signed-off-by: Tim Niemeyer <tim.niemeyer@mastersword.de> Reviewed-by: Jan Kraus <mayosemmel@gmail.com Reviewed-by: Tobias Klaus <tk+ff@meskal.net>
This commit is contained in:
parent
afc9fe3c93
commit
d8eccf57e3
|
@ -59,6 +59,14 @@ ebtables -A MULTICAST_OUT -p IPv4 --ip-proto igmp -j RETURN
|
||||||
######## INPUT ############
|
######## INPUT ############
|
||||||
ebtables -P INPUT ACCEPT
|
ebtables -P INPUT ACCEPT
|
||||||
|
|
||||||
|
# Erlaube router solicitation von client zu knoten
|
||||||
|
ebtables -A INPUT -p IPv6 -i ! bat0 --ip6-proto ipv6-icmp --ip6-icmp-type router-solicitation -j ACCEPT
|
||||||
|
ebtables -A INPUT -d Multicast --logical-in br-mesh -i ! bat0 -j ACCEPT
|
||||||
|
|
||||||
|
# No input from/to local node ip from batman
|
||||||
|
ebtables -A INPUT --logical-in br-mesh -i bat0 -p IPv6 --ip6-source fdff::1/128 -j DROP
|
||||||
|
ebtables -A INPUT --logical-in br-mesh -i bat0 -p IPv6 --ip6-destination fdff::1/128 -j DROP
|
||||||
|
|
||||||
# Erlaube nur DHCP Antworten von BATMAN -> KNOTEN
|
# Erlaube nur DHCP Antworten von BATMAN -> KNOTEN
|
||||||
ebtables -A INPUT -p IPv4 --ip-proto udp --ip-dport 68 -j IN_ONLY
|
ebtables -A INPUT -p IPv4 --ip-proto udp --ip-dport 68 -j IN_ONLY
|
||||||
# Erlaube nur DHCPv6 Antworten von BATMAN -> KNOTEN
|
# Erlaube nur DHCPv6 Antworten von BATMAN -> KNOTEN
|
||||||
|
@ -71,6 +79,10 @@ ebtables -A INPUT -p IPv6 -i bat0 --ip6-proto ipv6-icmp --ip6-icmp-type router-s
|
||||||
######## FORWARD ############
|
######## FORWARD ############
|
||||||
ebtables -P FORWARD ACCEPT
|
ebtables -P FORWARD ACCEPT
|
||||||
|
|
||||||
|
# Do not forward local node ip
|
||||||
|
ebtables -A FORWARD --logical-out br-mesh -o bat0 -p IPv6 --ip6-destination fdff::1/128 -j DROP
|
||||||
|
ebtables -A FORWARD --logical-out br-mesh -o bat0 -p IPv6 --ip6-source fdff::1/128 -j DROP
|
||||||
|
|
||||||
# Erlaube nur DHCP Request von CLIENT -> BATMAN
|
# Erlaube nur DHCP Request von CLIENT -> BATMAN
|
||||||
ebtables -A FORWARD -p IPv4 --ip-proto udp --ip-dport 67 -j OUT_ONLY
|
ebtables -A FORWARD -p IPv4 --ip-proto udp --ip-dport 67 -j OUT_ONLY
|
||||||
# Erlaube nur DHCP Antworten von BATMAN -> CLIENT
|
# Erlaube nur DHCP Antworten von BATMAN -> CLIENT
|
||||||
|
@ -89,6 +101,13 @@ ebtables -A FORWARD -d Multicast --logical-out br-mesh -o bat0 -j MULTICAST_OUT
|
||||||
######## OUTPUT ############
|
######## OUTPUT ############
|
||||||
ebtables -P OUTPUT ACCEPT
|
ebtables -P OUTPUT ACCEPT
|
||||||
|
|
||||||
|
# Erlaube router advertisment von knoten zu client
|
||||||
|
ebtables -A OUTPUT -p IPv6 -o ! bat0 --ip6-proto ipv6-icmp --ip6-icmp-type router-advertisement -j ACCEPT
|
||||||
|
|
||||||
|
# Do not output local node ip to batman
|
||||||
|
ebtables -A OUTPUT --logical-out br-mesh -o bat0 -p IPv6 --ip6-destination fdff::1/128 -j DROP
|
||||||
|
ebtables -A OUTPUT --logical-out br-mesh -o bat0 -p IPv6 --ip6-source fdff::1/128 -j DROP
|
||||||
|
|
||||||
# Erlaube nur DHCP Request von KNOTEN -> BATMAN
|
# Erlaube nur DHCP Request von KNOTEN -> BATMAN
|
||||||
ebtables -A OUTPUT -p IPv4 --ip-proto udp --ip-dport 67 -j OUT_ONLY
|
ebtables -A OUTPUT -p IPv4 --ip-proto udp --ip-dport 67 -j OUT_ONLY
|
||||||
# Erlaube nur DHCPv6 Request von KNOTEN -> BATMAN
|
# Erlaube nur DHCPv6 Request von KNOTEN -> BATMAN
|
||||||
|
|
|
@ -113,3 +113,43 @@ if [[ -n "$ETH0MAC" ]]; then
|
||||||
ifconfig eth0 up
|
ifconfig eth0 up
|
||||||
/etc/init.d/network restart
|
/etc/init.d/network restart
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if uci get network.mesh.ip6addr
|
||||||
|
then
|
||||||
|
echo "IPv6 for mesh is set already"
|
||||||
|
else
|
||||||
|
# Some time needed :(
|
||||||
|
sleep 5
|
||||||
|
|
||||||
|
for ip in $(ip -6 addr show br-mesh | awk '/fdff/{ print $2 }'); do
|
||||||
|
ip -6 addr del $ip dev br-mesh
|
||||||
|
done
|
||||||
|
|
||||||
|
prefix="fdff:0::/64"
|
||||||
|
# Set $prefix::MAC as IP
|
||||||
|
suffix=$(awk -F: '{ print $1$2":"$3$4":"$5$6 }' /sys/class/net/br-mesh/address)
|
||||||
|
addr=$(echo $prefix | sed -e 's/\//'$suffix'\//')
|
||||||
|
ip -6 addr add $addr dev br-mesh
|
||||||
|
|
||||||
|
uci -q del network.globals
|
||||||
|
uci -q set network.globals=globals
|
||||||
|
uci -q set network.globals.ula_prefix=$prefix
|
||||||
|
uci -q add_list network.mesh.ip6addr=$addr
|
||||||
|
uci -q set network.mesh.proto=static
|
||||||
|
|
||||||
|
# Set $prefix::1 as IP
|
||||||
|
suffix="1"
|
||||||
|
addr=$(echo $prefix | sed -e 's/\//'$suffix'\//')
|
||||||
|
ip -6 addr add $addr dev br-mesh
|
||||||
|
uci -q add_list network.mesh.ip6addr=$addr
|
||||||
|
|
||||||
|
# Set $prefix::link-local as IP
|
||||||
|
suffix=$(awk -F: '{ printf("%02x%s:%sff:fe%s:%s%s\n", xor(("0x"$1),2), $2, $3, $4, $5, $6) }' /sys/class/net/br-mesh/address)
|
||||||
|
addr=$(echo $prefix | sed -e 's/\//'$suffix'\//')
|
||||||
|
ip -6 addr add $addr dev br-mesh
|
||||||
|
uci -q add_list network.mesh.ip6addr=$addr
|
||||||
|
|
||||||
|
uci -q commit network
|
||||||
|
|
||||||
|
/etc/init.d/fff-uradvd restart
|
||||||
|
fi
|
||||||
|
|
|
@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=fff
|
PKG_NAME:=fff
|
||||||
PKG_VERSION:=0.0.1
|
PKG_VERSION:=0.0.1
|
||||||
PKG_RELEASE:=4
|
PKG_RELEASE:=5
|
||||||
|
|
||||||
PKG_BUILD_DIR:=$(BUILD_DIR)/fff
|
PKG_BUILD_DIR:=$(BUILD_DIR)/fff
|
||||||
|
|
||||||
|
@ -14,7 +14,7 @@ define Package/fff-base
|
||||||
DEFAULT:=y
|
DEFAULT:=y
|
||||||
TITLE:= Freifunk-Franken Base
|
TITLE:= Freifunk-Franken Base
|
||||||
URL:=http://www.freifunk-franken.de
|
URL:=http://www.freifunk-franken.de
|
||||||
DEPENDS:=+micrond +fff-nodewatcher +fff-web
|
DEPENDS:=+micrond +fff-nodewatcher +fff-web +fff-uradvd
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/fff-base/description
|
define Package/fff-base/description
|
||||||
|
|
Loading…
Reference in New Issue