IPv6 router

This commit is contained in:
Neale Pickett 2011-09-22 18:32:03 -06:00
parent 103688df85
commit 17d0544c1e
10 changed files with 93 additions and 46 deletions

View File

@ -10,6 +10,8 @@ CACHE = cache
# The end result
BIN = bin
# Things configure likes to see
CONFIG_XCOMPILE_FLAGS = --host=i386-linux --program-transform-name=
all: packages

View File

@ -1,6 +1,23 @@
ROUTER_PKGDIR = $(TARGET)/router
ROUTER_BUILDDIR = $(BUILD)/router
router-source: $(ROUTER_BUILDDIR)/dnsmasq-source $(ROUTER_BUILDDIR)/radvd-source
router-build: $(ROUTER_BUILDDIR)/dnsmasq-build $(ROUTER_BUILDDIR)/radvd-build
router-install: router-build
mkdir -p $(ROUTER_PKGDIR)/bin
cp $(DNSMASQ_SRCDIR)/src/dnsmasq $(ROUTER_PKGDIR)/bin/
cp $(RADVD_SRCDIR)/radvd $(ROUTER_PKGDIR)/bin/
cp $(RADVD_SRCDIR)/radvdump $(ROUTER_PKGDIR)/bin/
$(call COPYTREE, packages/router/service, $(ROUTER_PKGDIR)/service)
##
## dnsmasq
##
DNSMASQ_VERSION = 2.57
DNSMASQ_SRCDIR = $(ROUTER_BUILDDIR)/dnsmasq-$(DNSMASQ_VERSION)
DNSMASQ_TARBALL = $(CACHE)/dnsmasq-$(DNSMASQ_VERSION).tar.gz
@ -10,22 +27,39 @@ $(DNSMASQ_TARBALL):
@ mkdir -p $(@D)
wget -O $@ $(DNSMASQ_URL)
router-source: $(ROUTER_BUILDDIR)/source
$(ROUTER_BUILDDIR)/source: $(DNSMASQ_TARBALL)
$(ROUTER_BUILDDIR)/dnsmasq-source: $(DNSMASQ_TARBALL)
mkdir -p $(ROUTER_BUILDDIR)
zcat $(DNSMASQ_TARBALL) | (cd $(ROUTER_BUILDDIR) && tar xf -)
touch $@
router-build: $(ROUTER_BUILDDIR)/built
$(ROUTER_BUILDDIR)/built: $(ROUTER_BUILDDIR)/source
$(ROUTER_BUILDDIR)/dnsmasq-build: $(ROUTER_BUILDDIR)/dnsmasq-source
$(MAKE) -C $(DNSMASQ_SRCDIR)
touch $@
router-install: router-build
mkdir -p $(ROUTER_PKGDIR)/sbin
cp $(DNSMASQ_SRCDIR)/src/dnsmasq $(ROUTER_PKGDIR)/sbin/
$(call COPYTREE, packages/router/service, $(ROUTER_PKGDIR)/service)
##
## radvd
##
RADVD_VERSION = 1.8.1
RADVD_TARBALL = $(CACHE)/radvd-$(RADVD_VERSION).tar.gz
RADVD_URL = http://www.litech.org/radvd/dist/radvd-$(RADVD_VERSION).tar.gz
RADVD_SRCDIR = $(ROUTER_BUILDDIR)/radvd-$(RADVD_VERSION)
$(RADVD_TARBALL):
@ mkdir -p $(@D)
wget -O $@ $(RADVD_URL)
$(ROUTER_BUILDDIR)/radvd-source: $(RADVD_TARBALL)
mkdir -p $(ROUTER_BUILDDIR)
zcat $(RADVD_TARBALL) | (cd $(ROUTER_BUILDDIR) && tar xf -)
touch $@
$(ROUTER_BUILDDIR)/radvd-build: $(ROUTER_BUILDDIR)/radvd-source
cd $(RADVD_SRCDIR) && ./configure $(CONFIG_XCOMPILE_FLAGS)
$(MAKE) -C $(RADVD_SRCDIR)
touch $@
router-clean:
rm -rf $(ROUTER_PKGDIR)

View File

@ -1,3 +0,0 @@
#! /bin/sh
exec socat -u udp-listen:27844 udp-datagram:172.16.24.255:27844,broadcast

View File

@ -0,0 +1,4 @@
#! /bin/sh
exec svlogd -tt $PWD

View File

@ -0,0 +1,26 @@
interface eth0 { AdvSendAdvert on; prefix fd84:b410:3441:0::/64; };
interface eth0.1 { AdvSendAdvert on; prefix fd84:b410:3441:1::/64; };
interface eth0.2 { AdvSendAdvert on; prefix fd84:b410:3441:2::/64; };
interface eth0.3 { AdvSendAdvert on; prefix fd84:b410:3441:3::/64; };
interface eth0.4 { AdvSendAdvert on; prefix fd84:b410:3441:4::/64; };
interface eth0.5 { AdvSendAdvert on; prefix fd84:b410:3441:5::/64; };
interface eth0.6 { AdvSendAdvert on; prefix fd84:b410:3441:6::/64; };
interface eth0.7 { AdvSendAdvert on; prefix fd84:b410:3441:7::/64; };
interface eth0.8 { AdvSendAdvert on; prefix fd84:b410:3441:8::/64; };
interface eth0.9 { AdvSendAdvert on; prefix fd84:b410:3441:9::/64; };
interface eth0.10 { AdvSendAdvert on; prefix fd84:b410:3441:10::/64; };
interface eth0.11 { AdvSendAdvert on; prefix fd84:b410:3441:11::/64; };
interface eth0.12 { AdvSendAdvert on; prefix fd84:b410:3441:12::/64; };
interface eth0.13 { AdvSendAdvert on; prefix fd84:b410:3441:13::/64; };
interface eth0.14 { AdvSendAdvert on; prefix fd84:b410:3441:14::/64; };
interface eth0.15 { AdvSendAdvert on; prefix fd84:b410:3441:15::/64; };
interface eth0.16 { AdvSendAdvert on; prefix fd84:b410:3441:16::/64; };
interface eth0.17 { AdvSendAdvert on; prefix fd84:b410:3441:17::/64; };
interface eth0.18 { AdvSendAdvert on; prefix fd84:b410:3441:18::/64; };
interface eth0.19 { AdvSendAdvert on; prefix fd84:b410:3441:19::/64; };
interface eth0.20 { AdvSendAdvert on; prefix fd84:b410:3441:20::/64; };
interface eth0.21 { AdvSendAdvert on; prefix fd84:b410:3441:21::/64; };
interface eth0.22 { AdvSendAdvert on; prefix fd84:b410:3441:22::/64; };
interface eth0.23 { AdvSendAdvert on; prefix fd84:b410:3441:23::/64; };
interface eth0.24 { AdvSendAdvert on; prefix fd84:b410:3441:24::/64; };

View File

@ -0,0 +1,5 @@
#! /bin/sh
exec 2>&1
exec /opt/router/bin/radvd -C radvd.conf -d 1 -m stderr -p radvd.pid

View File

@ -1,9 +1,9 @@
#! /bin/sh
ip addr del 10.0.0.1/16 dev eth0
for i in $(seq 48); do
for i in $(seq 24); do
ip link del link dev eth0.$i
done
ip link set dev eth0 down
iptables -F INPUT

View File

@ -4,45 +4,20 @@ exec 2>&1
hostname router
# McPhall suggested all these. I don't know what most of them do.
# But I do know that McPhall is a smart guy.
echo 1 > /proc/sys/net/ipv4/ip_forward
PFX=fd84:b410:3441
# We're a router
echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
echo 0 > /proc/sys/kernel/randomize_va_space
echo 0 > /proc/sys/net/ipv4/conf/all/arp_accept
echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
echo 1 > /proc/sys/net/ipv4/conf/all/arp_announce
echo 2 > /proc/sys/net/ipv4/conf/all/arp_ignore
echo 0 > /proc/sys/net/ipv4/conf/all/shared_media
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 1 > /proc/sys/net/ipv4/icmp_errors_use_inbound_ifaddr
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Make a huge arp table, because this is a router
# and people like to run nmap
echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
# No label: dnsmasq can't cope
ip addr add 172.16.0.1/24 dev eth0
ip addr add 172.30.73.1/24 dev eth0
# Bring up main ethernet interface
ip addr add $PFX:0::1/64 dev eth0
ip link set eth0 up
# Bring up vlans
for i in $(seq 24); do
ip link add link eth0 name eth0.$i type vlan id $i
ip addr add 172.16.$i.1/24 dev eth0.$i
ip addr add $PFX:$i::1/64 dev eth0.$i
ip link set eth0.$i up
done
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 67:68 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -s 172.16.0.0/12 -j ACCEPT
iptables -P INPUT DROP
sleep 8100d

View File

@ -0,0 +1 @@
root:$1$xAJ7KwiU$BeKJjYGs9r/hY9Ag4qv4I1:0:0:root:/:/bin/sh

View File

@ -1,4 +1,7 @@
#! /bin/sh
exec 2>&1
cat passwd > /etc/passwd
exec dropbear -r ./rsa.key -E -F