nnd
/
s6-netdev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

More cleanup and generalizing

This commit is contained in:
Alex D. 2023-09-03 13:18:01 +00:00
parent 93cccc63fa
commit 8bad04acb6
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
2 changed files with 120 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

161
netdev.sh
View File

@ -2,6 +2,8 @@
#
# Generate s6 network definitions
# set -x
header_eb() {
echo '#!/bin/execlineb -P'
}
@ -16,6 +18,11 @@ header_addr() {
echo "define ADDR $addr"
}
header_fam() {
local fam="${1:?missing family}"
echo "define FAMILY $fam"
}
header_vlan() {
local vlan="${1:?missing vlan}"
local parent="${2:?missing parent}"
@ -35,22 +42,21 @@ emptyenv -p
EOF
}
h_if() {
header_eb
header_if "$1"
header_path
}
h_if_addr() {
header_eb
header_if "$1"
header_addr "$2"
header_path
addrfam() {
# Use ipv6 if cannot autodetect of if no semicolons are present
local addr="$1"
local fam='6'
if which grep >/dev/null 2>&1 && echo "$addr" | grep -v ':'; then
local fam='4'
fi
echo "$fam"
}
linkdel() {
local if="${1:?missing if}"
h_if "$if"
header_eb
header_path
header_if "$if"
echo 'ip link del $INTERFACE'
}
@ -69,11 +75,15 @@ new_link() {
local sname="interface.$if.link"
install -Dm644 <(
h_if "$if"
header_eb
header_path
header_if "$if"
echo 'ip link set dev $INTERFACE up'
) rc/"$sname"/up
install -Dm644 <(
h_if "$if"
header_eb
header_path
header_if "$if"
echo 'ip link set dev $INTERFACE down'
) rc/"$sname"/down
install -Dm644 <(echo oneshot) rc/"$sname"/type
@ -82,33 +92,38 @@ new_link() {
new_forward() {
local if="${1:?missing if}"
local fam="${2:-6}"
local sname="sysctl.net-ipv6-conf-$if-forwarding"
local sname="sysctl.net-ipv$fam-conf-$if-forwarding"
ifbundle "$if" "$sname"
install -Dm644 <(
header_eb
header_path
header_if "$if"
header_fam "$fam"
cat <<EOF
s6-envdir -i /etc/s6/env/sysctl.net-ipv6-conf-\${INTERFACE}-forwarding
export SYSCTL net/ipv6/conf/\${INTERFACE}/forwarding
export VAL 1
s6-envdir -I /etc/s6/env/sysctl.net-ipv\${FAMILY}-conf-\${INTERFACE}-forwarding
export SYSCTL net/ipv\${FAMILY}/conf/\${INTERFACE}/forwarding
/usr/libexec/nnd/s6/sysctl
EOF
) rc/"$sname"/up
install -Dm644 <(
header_eb
header_path
header_if "$if"
header_fam "$fam"
cat <<EOF
export SYSCTL net/ipv6/conf/\${INTERFACE}/forwarding
export SYSCTL net/ipv\${FAMILY}/conf/\${INTERFACE}/forwarding
export VAL 0
/usr/libexec/nnd/s6/sysctl
EOF
) rc/"$sname"/down
install -Dm644 <(echo oneshot) rc/"$sname"/type
install -Dm644 /dev/null rc/"$sname"/dependencies.d/module.ipv6
[ "$fam" = '6' ] && install -Dm644 /dev/null rc/"$sname"/dependencies.d/module.ipv6
install -Dm644 /dev/null rc/"$sname"/dependencies.d/mount.proc
install -Dm644 /dev/null rc/"$sname"/dependencies.d/interface."$if".create
install -Dm644 <(echo 1) env/"$sname"/VAL
}
new_if_slave() {
@ -120,19 +135,19 @@ new_if_slave() {
install -Dm644 <(
header_eb
header_path
cat <<EOF
define MASTERIF $master
define SLAVEIF $slave
EOF
header_path
echo 'ip link set dev $SLAVEIF master $MASTERIF'
) rc/"$sname"/up
install -Dm644 <(
header_eb
header_path
cat <<EOF
define SLAVEIF $slave
EOF
header_path
echo 'ip link set dev $SLAVEIF nomaster'
) rc/"$sname"/down
install -Dm644 <(echo oneshot) rc/"$sname"/type
@ -147,7 +162,9 @@ new_if_bridge() {
ifbundle "$if" "$sname"
install -Dm644 <(
h_if "$if"
header_eb
header_path
header_if "$if"
echo 'ip link add $INTERFACE type bridge'
) rc/"$sname"/up
install -Dm644 <(linkdel "$if") rc/"$sname"/down
@ -168,16 +185,17 @@ bridge_property() {
install -Dm644 <(
header_eb
header_path
header_if "$if"
cat <<EOF
define PROP $prop
define STATE $state
EOF
header_path
echo 'ip link set $INTERFACE type bridge $PROP $STATE'
) rc/"$sname"/up
[ -z "$downstate" ] || install -Dm644 <(
header_eb
header_path
header_if "$if"
cat <<EOF
define PROP $prop
@ -198,7 +216,10 @@ if_lladdress() {
ifbundle "$if" "$sname"
install -Dm644 <(
h_if_addr "$if" "$addr"
header_eb
header_path
header_if "$if"
header_addr "$addr"
echo 'ip link set $INTERFACE address $ADDR'
) rc/"$sname"/up
install -Dm644 <(echo oneshot) rc/"$sname"/type
@ -212,7 +233,9 @@ new_if_phys() {
ifbundle "$if" "$sname"
install -Dm644 <(
h_if "$if"
header_eb
header_path
header_if "$if"
echo 'bcnm-waitif 1 $INTERFACE'
) rc/"$sname"/up
install -Dm644 <(echo oneshot) rc/"$sname"/type
@ -229,7 +252,9 @@ new_if_wg() {
ifbundle "$if" "$sname"
install -Dm644 <(
h_if "$if"
header_eb
header_path
header_if "$if"
echo 'ip link add $INTERFACE type wireguard'
) rc/"$sname"/up
install -Dm644 <(linkdel "$if") rc/"$sname"/down
@ -250,12 +275,12 @@ wgconf() {
install -Dm644 <(
header_eb
header_path
header_if "$if"
cat <<EOF
s6-envdir -i /etc/s6/env/interface.\${INTERFACE}.wg-config
importas -i CONFIG CONFIG
EOF
header_path
echo 'wg setconf $INTERFACE $CONFIG'
) rc/"$sname"/up
install -Dm644 <(echo oneshot) rc/"$sname"/type
@ -272,12 +297,12 @@ new_if_vrf() {
install -Dm644 <(
header_eb
header_path
header_if "$if"
cat <<EOF
s6-envdir -i /etc/s6/env/interface.\${INTERFACE}
importas -i TABLE TABLE
EOF
header_path
echo 'ip link add $INTERFACE type vrf table $TABLE'
) rc/"$sname"/up
install -Dm644 <(linkdel "$if") rc/"$sname"/down
@ -299,9 +324,9 @@ new_if_vlan() {
install -Dm644 <(
header_eb
header_path
header_if "$if"
header_vlan "$vlan" "$parent"
header_path
echo 'ip link add link $PARENT name $INTERFACE type vlan id $VLAN'
) rc/"$sname"/up
install -Dm644 <(linkdel "$if") rc/"$sname"/down
@ -311,85 +336,113 @@ new_if_vlan() {
new_link "$if"
}
addr_v6_static_if() {
addr_static_if() {
local if="${1:?missing if}"
local addr="${2:?missing addr}"
local fam="${3:-$(addrfam "$addr")}"
local addrn="$(echo "$addr" | sed 's/\//_/g')"
local sname="interface.$if.static.addr.6.$addrn"
local sname="interface.$if.static.addr.$fam.$addrn"
ifbundle "$if" "$sname"
install -Dm644 <(
h_if_addr "$if" "$addr"
echo 'ip -6 address add $ADDR dev $INTERFACE'
header_eb
header_path
header_if "$if"
header_addr "$addr"
header_fam "$fam"
echo 'ip -${FAMILY} address add $ADDR dev $INTERFACE'
) rc/"$sname"/up
install -Dm644 <(
h_if_addr "$if" "$addr"
echo 'ip -6 address del $ADDR dev $INTERFACE'
header_eb
header_path
header_if "$if"
header_addr "$addr"
header_fam "$fam"
echo 'ip -${FAMILY} address del $ADDR dev $INTERFACE'
) rc/"$sname"/down
install -Dm644 <(echo oneshot) rc/"$sname"/type
install -Dm644 /dev/null rc/"$sname"/dependencies.d/interface."$if".create
}
route_v6_vrf_default_if() {
route_vrf_default_if() {
local vrf="${1:?missing vrf}"
local if="${2:?missing if}"
local fam="${3:-6}"
local sname="interface.$vrf.route.6.default"
local sname="interface.$vrf.route.$fam.default"
ifbundle "$vrf" "$sname"
install -Dm644 <(
header_eb
header_path
header_vrf "$vrf"
header_if "$if"
header_path
echo 'ip -6 route add default dev $INTERFACE vrf $VRF'
header_fam "$fam"
echo 'ip -${FAMILY} route add default dev $INTERFACE vrf $VRF'
) rc/"$sname"/up
install -Dm644 <(
header_eb
header_path
header_vrf "$vrf"
header_if "$if"
header_path
echo 'ip -6 route del default dev $INTERFACE vrf $VRF'
header_fam "$fam"
echo 'ip -${FAMILY} route del default dev $INTERFACE vrf $VRF'
) rc/"$sname"/down
install -Dm644 <(echo oneshot) rc/"$sname"/type
install -Dm644 /dev/null rc/"$sname"/dependencies.d/interface."$vrf".create
install -Dm644 /dev/null rc/"$sname"/dependencies.d/interface."$if".link
}
route_v6_vrf_default_unreach() {
route_vrf_default_unreach() {
local if="${1:?missing if}"
local fam="${2:-6}"
local sname="interface.$if.route.6.unreach"
local sname="interface.$if.route.$fam.unreach"
ifbundle "$if" "$sname"
install -Dm644 <(
h_if "$if"
echo 'ip -6 route add unreachable default vrf $INTERFACE'
header_eb
header_path
header_if "$if"
header_fam "$fam"
echo 'ip -${FAMILY} route add unreachable default vrf $INTERFACE'
) rc/"$sname"/up
install -Dm644 <(
h_if "$if"
echo 'ip -6 route del unreachable default vrf $INTERFACE'
header_eb
header_path
header_if "$if"
header_fam "$fam"
echo 'ip -${FAMILY} route del unreachable default vrf $INTERFACE'
) rc/"$sname"/down
install -Dm644 <(echo oneshot) rc/"$sname"/type
install -Dm644 /dev/null rc/"$sname"/dependencies.d/interface."$if".create
}
route_v6_vrf_sink_unreach() {
route_vrf_sink_unreach() {
local if="${1:?missing if}"
local addr="${2:?missing addr}"
local fam="${3:-6}"
local addrn="$(echo "$addr" | sed 's/\//_/g')"
local sname="interface.$if.route.6.sink.$addrn"
local sname="interface.$if.route.$fam.sink.$addrn"
ifbundle "$if" "$sname"
install -Dm644 <(
h_if_addr "$if" "$addr"
echo 'ip -6 route add unreachable $ADDR vrf $INTERFACE'
header_eb
header_path
header_if "$if"
header_addr "$addr"
header_fam "$fam"
echo 'ip -${FAMILY} route add unreachable $ADDR vrf $INTERFACE'
) rc/"$sname"/up
install -Dm644 <(
h_if_addr "$if" "$addr"
echo 'ip -6 route del unreachable $ADDR vrf $INTERFACE'
header_eb
header_path
header_if "$if"
header_addr "$addr"
header_fam "$fam"
echo 'ip -${FAMILY} route del unreachable $ADDR vrf $INTERFACE'
) rc/"$sname"/down
install -Dm644 <(echo oneshot) rc/"$sname"/type
install -Dm644 /dev/null rc/"$sname"/dependencies.d/interface."$if".create

26
router.sh
View File

@ -23,7 +23,7 @@ new_if_phys "vnet5"
# VRFs
IFACE="vrf-dn42"
new_if_vrf "$IFACE" 20
route_v6_vrf_default_unreach "$IFACE"
route_vrf_default_unreach "$IFACE"
new_if_slave "$IFACE" "br-dn42"
new_if_slave "$IFACE" "famfo"
new_if_slave "$IFACE" "mark22k"
@ -34,8 +34,8 @@ new_if_vrf "$IFACE" 20
IFACE="vrf-v6"
new_if_vrf "$IFACE" 10
route_v6_vrf_default_if "$IFACE" "intersix"
route_v6_vrf_sink_unreach "$IFACE" "2a04:5b81:2060::/48"
route_vrf_default_if "$IFACE" "intersix"
route_vrf_sink_unreach "$IFACE" "2a04:5b81:2060::/48"
new_if_slave "$IFACE" "intersix"
new_if_slave "$IFACE" "b00b"
new_if_slave "$IFACE" "f33d"
@ -66,7 +66,7 @@ new_if_bridge "$IFACE"
bridge_property 'mcast_querier' "$IFACE"
bridge_property 'mcast_mld_version' "$IFACE" '2' ''
if_lladdress "$IFACE" '02:00:00:00:f3:3d'
addr_v6_static_if "$IFACE" "2a04:5b81:2060:f33d::1/64"
addr_static_if "$IFACE" "2a04:5b81:2060:f33d::1/64"
new_if_slave "$IFACE" "vnet2"
IFACE="b00b"
@ -78,7 +78,7 @@ new_if_bridge "$IFACE"
bridge_property 'mcast_stats_enabled' "$IFACE"
bridge_property 'mcast_mld_version' "$IFACE" '2' ''
if_lladdress "$IFACE" '02:00:00:00:b0:0b'
addr_v6_static_if "$IFACE" "2a04:5b81:2060:b00b::1/64"
addr_static_if "$IFACE" "2a04:5b81:2060:b00b::1/64"
new_if_slave "$IFACE" "vnet0"
new_if_slave "$IFACE" "vnet4"
new_if_slave "$IFACE" "phys2-66"
@ -91,20 +91,20 @@ new_if_bridge "$IFACE"
bridge_property 'mcast_querier' "$IFACE"
bridge_property 'mcast_mld_version' "$IFACE" '2' ''
if_lladdress "$IFACE" '02:00:00:00:d0:0d'
addr_v6_static_if "$IFACE" "2a04:5b81:2060:d00d::1/64"
addr_static_if "$IFACE" "2a04:5b81:2060:d00d::1/64"
new_if_slave "$IFACE" "vnet3"
# Wireguard
new_if_wg "famfo"
addr_v6_static_if "famfo" "fe80::1422:1/64"
addr_static_if "famfo" "fe80::1422:1/64"
new_if_wg "kioubit"
addr_v6_static_if "kioubit" "fe80::2/64"
addr_static_if "kioubit" "fe80::2/64"
new_if_wg "highdef"
addr_v6_static_if "highdef" "fe80::2/64"
addr_static_if "highdef" "fe80::2/64"
new_if_wg "mark22k"
addr_v6_static_if "mark22k" "fe80::4546/64"
addr_static_if "mark22k" "fe80::4546/64"
new_if_wg "lare"
addr_v6_static_if "lare" "fe80::2/64"
addr_static_if "lare" "fe80::2/64"
new_if_wg "intersix"
addr_v6_static_if "intersix" "fe80::2/64"
addr_v6_static_if "intersix" "2a04:5b80:ffff:ff0b::2/64"
addr_static_if "intersix" "fe80::2/64"
addr_static_if "intersix" "2a04:5b80:ffff:ff0b::2/64"