forked from freifunk-franken/firmware
Fabian Bläse
9a3b499cae
If a prefix is used for a client interface utilizing snat, it shall not be publicly reachable, so it can be reused across multiple routers. To prevent such prefixes from leaking, create appropriate babel filters if snat is used. Fixes: #196 Signed-off-by: Fabian Bläse <fabian@blaese.de> Reviewed-by: Christian Dresel <freifunk@dresel.systems>
111 lines
2.5 KiB
Plaintext
111 lines
2.5 KiB
Plaintext
. /lib/functions.sh
|
|
. /lib/functions/fff/babel
|
|
|
|
#load board specific properties
|
|
BOARD="$(uci get board.model.name)"
|
|
. /etc/network.$BOARD
|
|
|
|
configure() {
|
|
## babelpeer
|
|
# remove peers missing in gateway config
|
|
remove_babelpeer() {
|
|
local name="$1"
|
|
|
|
# check prefix
|
|
if [ "$name" = "${name#babelpeer_}" ]; then
|
|
return
|
|
fi
|
|
|
|
if ! uci -q get gateway.$name > /dev/null; then
|
|
# remove interface
|
|
uci -q del network.$name
|
|
# remove iif-rules
|
|
babel_delete_iifrules "$name"
|
|
# remove babel interface
|
|
babel_delete_interface "$name"
|
|
fi
|
|
}
|
|
|
|
config_load babeld
|
|
config_foreach remove_babelpeer interface
|
|
|
|
#add new peers
|
|
add_babelpeer() {
|
|
local name="$1"
|
|
local prefixname="babelpeer_$name"
|
|
local vlan
|
|
local type
|
|
|
|
# get iface
|
|
if vlan=$(uci -q get gateway.$name.vlan); then
|
|
iface="${SWITCHDEV}.$vlan"
|
|
elif iface=$(uci -q get gateway.$name.iface); then
|
|
iface="$iface"
|
|
else
|
|
echo "ERROR: No iface set for babelpeer $name!"
|
|
exit 1
|
|
fi
|
|
|
|
# get type
|
|
if type=$(uci -q get gateway.$name.type); then
|
|
type="$type"
|
|
else
|
|
type=wired
|
|
fi
|
|
|
|
# get rxcost
|
|
if rxcost=$(uci -q get gateway.$name.rxcost); then
|
|
rxcost="$rxcost"
|
|
else
|
|
rxcost=96
|
|
fi
|
|
|
|
# add interface
|
|
uci set network.$prefixname=interface
|
|
uci set network.$prefixname.proto=static
|
|
uci set network.$prefixname.ifname=$iface
|
|
|
|
# add iif-rules
|
|
babel_add_iifrules "$prefixname" || { echo "Could not add iif-rules for babelpeer $name"; exit 1; }
|
|
|
|
# peer_ip
|
|
uci -q delete "network.$prefixname.ipaddr"
|
|
uci -q delete "network.$prefixname.ip6addr"
|
|
babel_add_peeraddr "network.$prefixname.ipaddr"
|
|
babel_add_peer6addr "network.$prefixname.ip6addr"
|
|
|
|
# add babel interface
|
|
babel_add_interface "$prefixname" "$iface" "$type" "$rxcost" || { echo "Could not add babeld interface for babelpeer $name"; exit 1; }
|
|
}
|
|
|
|
config_load gateway
|
|
config_foreach add_babelpeer babelpeer
|
|
|
|
|
|
# configure babeld filters for custom ipv6 addresses
|
|
## remove old filters
|
|
babel_remove_custom_redistribute_filters
|
|
|
|
## add new filters set for client interface in gatewayconfig
|
|
for prefix in $(uci -q get gateway.@client[0].ip6addr); do
|
|
babel_add_redistribute_filter "$prefix"
|
|
done
|
|
|
|
## add deny filters for client prefixes used with snat
|
|
if [ "$(uci -q get gateway.@client[0].snat)" = "1" ]; then
|
|
for prefix in $(uci -q get gateway.@client[0].ipaddr); do
|
|
babel_add_private_prefix_filter "$prefix"
|
|
done
|
|
fi
|
|
}
|
|
|
|
apply() {
|
|
uci commit network
|
|
uci commit babeld
|
|
}
|
|
|
|
revert() {
|
|
uci revert network
|
|
uci revert babeld
|
|
}
|