File: if-up

package info (click to toggle)
gvpe 3.1-2
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye, buster, sid, trixie
  • size: 2,632 kB
  • sloc: ansic: 9,303; cpp: 6,668; sh: 4,583; perl: 149; makefile: 70; sed: 16
file content (134 lines) | stat: -rw-r--r-- 4,367 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
 
#!/bin/bash

# Some environment variables will be set:
#
# CONFBASE=/etc/vpe	# the configuration directory prefix
# IFNAME=vpn0		# the network interface (ifname)
# MAC=fe:fd:80:00:00:01	# the mac-address to use for the interface
# NODENAME=cerebro	# the selected nodename (-n switch)
# NODEID=1		# the numerical node id
# MTU=1436		# the tunnel packet overhead (set mtu to 1500-$OVERHEAD)

# this if-up script is rather full-featured, and is used to
# generate a fully-routed (no arp traffic) vpn. the main portion
# consists of "ipn" calls (see below).

# some hosts require additional specific configuration, this is handled
# using if statements near the end of the script.

# with the --fw switch, outputs mac/net pairs for your firewall use:
# if-up --fw | while read mac net; do
#   iptables -t filter -A INPUT -i vpn0 -p all -m mac --mac-source \! $mac -s $net -j DROP
# done

ipn() {
   local id="$1"; shift
   local mac=fe:fd:80:00:00:$(printf "%02x" $id)
   if [ -n "$FW" ]; then
      for net in "$@"; do
         echo "$mac $net"
      done
   else
      local ip="$1"; shift
      if [ "$id" == $NODEID ]; then
         [ -n "$ADDR_ONLY" ] && ip addr add $ip broadcast 10.255.255.255 dev $IFNAME
      elif [ -z "$ADDR_ONLY" ]; then
         ip neighbour add $ip lladdr $mac nud permanent dev $IFNAME
         for route in "$@"; do
            ip route add $route via $ip dev vpn0
         done
      fi
   fi
}

ipns() {
   # this contains the generic routing information for the vpn
   # each call to ipn has the following parameters:
   # ipn <node-id> <gateway-ip> [<route> ...]
   # the second line (ipn 2) means:
   # the second node (doom in the config file) has the ip address 10.0.0.5,
   # which is the gateway for the 10.0/28 network and three additional ip
   # addresses
   
   ipn  1 10.0.0.20
   ipn  2 10.0.0.5  10.0.0.0/28 #200.100.162.92 200.100.162.93 100.99.218.222
   ipn  3 10.0.0.17
   ipn  4 10.0.0.18
   ipn  5 10.0.0.19 10.3.0.0/16
   ipn  6 10.0.0.21 10.0.2.0/26 #200.100.162.17
   ipn  7 10.0.0.22 10.1.2.0/24 # wappla, off
   ipn  8 10.0.0.23 # stefan, off
   ipn  9 10.0.0.24 10.13.0.0/16
   ipn 10 10.0.0.25
   ipn 11 10.0.0.26
   ipn 12 10.0.0.27 10.0.2.64/26
   ipn 13 10.0.0.28 10.0.3.0/24
   ipn 14 10.0.0.29 10.1.1.0/24 # fwkw, off
   # mind the gateway ip gap
   ipn 15 10.9.0.30 10.0.4.0/24
   ipn 16 10.9.0.31
   ipn 17 10.9.0.32 10.42.0.0/16
   ipn 18 10.9.0.33
   ipn 19 10.9.0.34
   #ipn 20 10.9.0.35
}

if [ "$1" == "--fw" ]; then
   FW=1

   ipns
else
   exec >/var/log/vpe.if-up 2>&1
   set -x

   [ $NODENAME = "ruth"    ] && ip link set $IFNAME down # hack

   # first set the link up and initialize the interface ip
   # address.
   ip link set $IFNAME address $MAC
   ip link set $IFNAME mtu $MTU up
   ADDR_ONLY=1 ipns # set addr only

   # now initialize the main vpn routes (10.0/8)
   # the second route is a hack to to reach some funnily-connected
   # machines.
   ip route add 10.0.0.0/8 dev $IFNAME
   ip route add 10.0.0.0/27 dev $IFNAME

   ipns # set the interface routes

   # now for something completely different, ehr, something not
   # easily doable with ipn, namely some extra specific highly complicated
   # and non-regular setups for some machines.
   if [ $NODENAME = doom ]; then
      ip addr add 200.100.162.92 dev $IFNAME
      ip route add 200.100.0.0/16 via 10.0.0.17 dev $IFNAME
      ip route flush table 101
      ip route add table 101 default src 200.100.162.92 via 10.0.0.17 dev $IFNAME

      ip addr add 100.99.218.222 dev $IFNAME
      ip route add 100.99.218.192/27 via 10.0.0.19 dev $IFNAME
      ip route flush table 103
      ip route add table 103 default src 100.99.218.222 via 10.0.0.19

   elif [ $NODENAME = marco ]; then
      ip addr add 200.100.162.17 dev $IFNAME

      for addr in 79 89 90 91 92 93 94 95; do
         ip route add 200.100.162.$addr dev ppp0
      done
      ip route add 200.100.76.0/23 dev ppp0
      ip route add src 200.100.162.17 200.100.0.0/16 via 10.0.0.17 dev $IFNAME

   elif [ $NODENAME = ruth ]; then
      ip route add 200.100.162.17 via 10.0.0.21 dev vpn0
      ip route add 200.100.162.92 via 10.0.0.5 dev vpn0
      ip route add 200.100.162.93 via 10.0.0.5 dev vpn0

   fi

   # and this is the second part of the 10.0/27 hack. don't ask.
   [ $NODENAME != fwkw ] && ip route add 10.0.0.0/24 via 10.0.0.29 dev $IFNAME
fi