6in4, 6rd, 6to4: Use source-restricted routes by default

SVN-Revision: 39307
This commit is contained in:
Steven Barth 2014-01-17 13:59:47 +00:00
parent bc8412b90e
commit a5ee266cd9
3 changed files with 34 additions and 10 deletions

View File

@ -14,8 +14,8 @@ proto_6in4_setup() {
local iface="$2"
local link="6in4-$cfg"
local mtu ttl ipaddr peeraddr ip6addr ip6prefix tunnelid username password
json_get_vars mtu ttl ipaddr peeraddr ip6addr ip6prefix tunnelid username password
local mtu ttl ipaddr peeraddr ip6addr ip6prefix tunnelid username password sourcerouting
json_get_vars mtu ttl ipaddr peeraddr ip6addr ip6prefix tunnelid username password sourcerouting
[ -z "$peeraddr" ] && {
proto_notify_error "$cfg" "MISSING_ADDRESS"
@ -34,16 +34,23 @@ proto_6in4_setup() {
}
proto_init_update "$link" 1
proto_add_ipv6_route "::" 0
local source=""
[ "$sourcerouting" != "0" ] && source="::/128"
proto_add_ipv6_route "::" 0 "" "" "" "$source"
[ -n "$ip6addr" ] && {
local local6="${ip6addr%%/*}"
local mask6="${ip6addr##*/}"
[[ "$local6" = "$mask6" ]] && mask6=
proto_add_ipv6_address "$local6" "$mask6"
[ "$sourcerouting" != "0" ] && proto_add_ipv6_route "::" 0 "" "" "" "$local6/$mask6"
}
[ -n "$ip6prefix" ] && proto_add_ipv6_prefix "$ip6prefix"
[ -n "$ip6prefix" ] && {
proto_add_ipv6_prefix "$ip6prefix"
[ "$sourcerouting" != "0" ] && proto_add_ipv6_route "::" 0 "" "" "" "$ip6prefix"
}
proto_add_tunnel
json_add_string mode sit
@ -90,6 +97,7 @@ proto_6in4_init_config() {
proto_config_add_string "password"
proto_config_add_int "mtu"
proto_config_add_int "ttl"
proto_config_add_boolean "soucerouting"
}
[ -n "$INCLUDE_ONLY" ] || {

View File

@ -14,8 +14,8 @@ proto_6rd_setup() {
local iface="$2"
local link="6rd-$cfg"
local mtu ttl ipaddr peeraddr ip6prefix ip6prefixlen ip4prefixlen tunlink
json_get_vars mtu ttl ipaddr peeraddr ip6prefix ip6prefixlen ip4prefixlen tunlink
local mtu ttl ipaddr peeraddr ip6prefix ip6prefixlen ip4prefixlen tunlink sourcerouting
json_get_vars mtu ttl ipaddr peeraddr ip6prefix ip6prefixlen ip4prefixlen tunlink sourcerouting
[ -z "$ip6prefix" -o -z "$peeraddr" ] && {
proto_notify_error "$cfg" "MISSING_ADDRESS"
@ -48,7 +48,14 @@ proto_6rd_setup() {
proto_init_update "$link" 1
proto_add_ipv6_address "$ip6addr" "$ip6prefixlen"
proto_add_ipv6_prefix "$ip6lanprefix"
proto_add_ipv6_route "::" 0 "::$peeraddr" 4096
if [ "$sourcerouting" != "0" ]; then
proto_add_ipv6_route "::" 0 "::$peeraddr" 4096 "" "::/128"
proto_add_ipv6_route "::" 0 "::$peeraddr" 4096 "" "$ip6addr/$ip6prefixlen"
proto_add_ipv6_route "::" 0 "::$peeraddr" 4096 "" "$ip6lanprefix"
else
proto_add_ipv6_route "::" 0 "::$peeraddr" 4096
fi
proto_add_tunnel
json_add_string mode sit
@ -79,6 +86,7 @@ proto_6rd_init_config() {
proto_config_add_string "ip6prefixlen"
proto_config_add_string "ip4prefixlen"
proto_config_add_string "tunlink"
proto_config_add_boolean "sourcerouting"
}
[ -n "$INCLUDE_ONLY" ] || {

View File

@ -34,8 +34,8 @@ proto_6to4_setup() {
local iface="$2"
local link="6to4-$cfg"
local mtu ttl ipaddr
json_get_vars mtu ttl ipaddr
local mtu ttl ipaddr sourcerouting
json_get_vars mtu ttl ipaddr sourcerouting
( proto_add_host_dependency "$cfg" 0.0.0.0 )
@ -64,7 +64,14 @@ proto_6to4_setup() {
proto_init_update "$link" 1
proto_add_ipv6_address "$local6" 16
proto_add_ipv6_prefix "$prefix6::/48"
proto_add_ipv6_route "::" 0 "::192.88.99.1"
if [ "$sourcerouting" != "0" ]; then
proto_add_ipv6_route "::" 0 "::192.88.99.1" "" "" "::/128"
proto_add_ipv6_route "::" 0 "::192.88.99.1" "" "" "$local6/16"
proto_add_ipv6_route "::" 0 "::192.88.99.1" "" "" "$prefix6::/48"
else
proto_add_ipv6_route "::" 0 "::192.88.99.1"
fi
proto_add_tunnel
json_add_string mode sit
@ -87,6 +94,7 @@ proto_6to4_init_config() {
proto_config_add_string "ipaddr"
proto_config_add_int "mtu"
proto_config_add_int "ttl"
proto_config_add_boolean "sourcerouting"
}
[ -n "$INCLUDE_ONLY" ] || {