From 9ceebc2a6ef72017a79bb48c7c62ef54b04bdc8b Mon Sep 17 00:00:00 2001
From: Neale Pickett <neale@lanl.gov>
Date: Thu, 22 Sep 2011 18:32:03 -0600
Subject: [PATCH] IPv6 router

---
 Makefile                                 |  2 +
 packages/router/router.mk                | 50 ++++++++++++++++++++----
 packages/router/service/fish-forward/run |  3 --
 packages/router/service/radvd/log/run    |  4 ++
 packages/router/service/radvd/radvd.conf | 26 ++++++++++++
 packages/router/service/radvd/run        |  5 +++
 packages/router/service/router/finish    |  6 +--
 packages/router/service/router/run       | 39 ++++--------------
 packages/router/service/sshd/passwd      |  1 +
 packages/router/service/sshd/run         |  3 ++
 10 files changed, 93 insertions(+), 46 deletions(-)
 delete mode 100755 packages/router/service/fish-forward/run
 create mode 100755 packages/router/service/radvd/log/run
 create mode 100644 packages/router/service/radvd/radvd.conf
 create mode 100755 packages/router/service/radvd/run
 create mode 100644 packages/router/service/sshd/passwd

diff --git a/Makefile b/Makefile
index 24dd97e..329657e 100644
--- a/Makefile
+++ b/Makefile
@@ -10,6 +10,8 @@ CACHE = cache
 # The end result
 BIN = bin
 
+# Things configure likes to see
+CONFIG_XCOMPILE_FLAGS = --host=i386-linux --program-transform-name=
 
 all: packages
 
diff --git a/packages/router/router.mk b/packages/router/router.mk
index 916ad05..ea9c639 100644
--- a/packages/router/router.mk
+++ b/packages/router/router.mk
@@ -1,6 +1,23 @@
 ROUTER_PKGDIR = $(TARGET)/router
 ROUTER_BUILDDIR = $(BUILD)/router
 
+
+router-source: $(ROUTER_BUILDDIR)/dnsmasq-source $(ROUTER_BUILDDIR)/radvd-source
+
+router-build: $(ROUTER_BUILDDIR)/dnsmasq-build $(ROUTER_BUILDDIR)/radvd-build
+
+router-install: router-build
+	mkdir -p $(ROUTER_PKGDIR)/bin
+	cp $(DNSMASQ_SRCDIR)/src/dnsmasq $(ROUTER_PKGDIR)/bin/
+
+	cp $(RADVD_SRCDIR)/radvd $(ROUTER_PKGDIR)/bin/
+	cp $(RADVD_SRCDIR)/radvdump $(ROUTER_PKGDIR)/bin/
+
+	$(call COPYTREE, packages/router/service, $(ROUTER_PKGDIR)/service)
+
+##
+## dnsmasq
+##
 DNSMASQ_VERSION = 2.57
 DNSMASQ_SRCDIR = $(ROUTER_BUILDDIR)/dnsmasq-$(DNSMASQ_VERSION)
 DNSMASQ_TARBALL = $(CACHE)/dnsmasq-$(DNSMASQ_VERSION).tar.gz
@@ -10,22 +27,39 @@ $(DNSMASQ_TARBALL):
 	@ mkdir -p $(@D)
 	wget -O $@ $(DNSMASQ_URL)
 
-router-source: $(ROUTER_BUILDDIR)/source
-$(ROUTER_BUILDDIR)/source: $(DNSMASQ_TARBALL)
+$(ROUTER_BUILDDIR)/dnsmasq-source: $(DNSMASQ_TARBALL)
 	mkdir -p $(ROUTER_BUILDDIR)
 	zcat $(DNSMASQ_TARBALL) | (cd $(ROUTER_BUILDDIR) && tar xf -)
 	touch $@
 
-router-build: $(ROUTER_BUILDDIR)/built
-$(ROUTER_BUILDDIR)/built: $(ROUTER_BUILDDIR)/source
+$(ROUTER_BUILDDIR)/dnsmasq-build: $(ROUTER_BUILDDIR)/dnsmasq-source
 	$(MAKE) -C $(DNSMASQ_SRCDIR)
 	touch $@
 
-router-install: router-build
-	mkdir -p $(ROUTER_PKGDIR)/sbin
-	cp $(DNSMASQ_SRCDIR)/src/dnsmasq $(ROUTER_PKGDIR)/sbin/
 
-	$(call COPYTREE, packages/router/service, $(ROUTER_PKGDIR)/service)
+##
+## radvd
+##
+RADVD_VERSION = 1.8.1
+RADVD_TARBALL = $(CACHE)/radvd-$(RADVD_VERSION).tar.gz
+RADVD_URL = http://www.litech.org/radvd/dist/radvd-$(RADVD_VERSION).tar.gz
+RADVD_SRCDIR = $(ROUTER_BUILDDIR)/radvd-$(RADVD_VERSION)
+
+$(RADVD_TARBALL):
+	@ mkdir -p $(@D)
+	wget -O $@ $(RADVD_URL)
+
+$(ROUTER_BUILDDIR)/radvd-source: $(RADVD_TARBALL)
+	mkdir -p $(ROUTER_BUILDDIR)
+	zcat $(RADVD_TARBALL) | (cd $(ROUTER_BUILDDIR) && tar xf -)
+	touch $@
+
+$(ROUTER_BUILDDIR)/radvd-build: $(ROUTER_BUILDDIR)/radvd-source
+	cd $(RADVD_SRCDIR) && ./configure $(CONFIG_XCOMPILE_FLAGS)
+	$(MAKE) -C $(RADVD_SRCDIR)
+	touch $@
+
+
 
 router-clean:
 	rm -rf $(ROUTER_PKGDIR)
diff --git a/packages/router/service/fish-forward/run b/packages/router/service/fish-forward/run
deleted file mode 100755
index 413c81d..0000000
--- a/packages/router/service/fish-forward/run
+++ /dev/null
@@ -1,3 +0,0 @@
-#! /bin/sh
-
-exec socat -u udp-listen:27844 udp-datagram:172.16.24.255:27844,broadcast
diff --git a/packages/router/service/radvd/log/run b/packages/router/service/radvd/log/run
new file mode 100755
index 0000000..d9d6355
--- /dev/null
+++ b/packages/router/service/radvd/log/run
@@ -0,0 +1,4 @@
+#! /bin/sh
+
+exec svlogd -tt $PWD
+
diff --git a/packages/router/service/radvd/radvd.conf b/packages/router/service/radvd/radvd.conf
new file mode 100644
index 0000000..f8d7540
--- /dev/null
+++ b/packages/router/service/radvd/radvd.conf
@@ -0,0 +1,26 @@
+interface eth0    { AdvSendAdvert on; prefix fd84:b410:3441:0::/64; };
+interface eth0.1  { AdvSendAdvert on; prefix fd84:b410:3441:1::/64; };
+interface eth0.2  { AdvSendAdvert on; prefix fd84:b410:3441:2::/64; };
+interface eth0.3  { AdvSendAdvert on; prefix fd84:b410:3441:3::/64; };
+interface eth0.4  { AdvSendAdvert on; prefix fd84:b410:3441:4::/64; };
+interface eth0.5  { AdvSendAdvert on; prefix fd84:b410:3441:5::/64; };
+interface eth0.6  { AdvSendAdvert on; prefix fd84:b410:3441:6::/64; };
+interface eth0.7  { AdvSendAdvert on; prefix fd84:b410:3441:7::/64; };
+interface eth0.8  { AdvSendAdvert on; prefix fd84:b410:3441:8::/64; };
+interface eth0.9  { AdvSendAdvert on; prefix fd84:b410:3441:9::/64; };
+interface eth0.10 { AdvSendAdvert on; prefix fd84:b410:3441:10::/64; };
+interface eth0.11 { AdvSendAdvert on; prefix fd84:b410:3441:11::/64; };
+interface eth0.12 { AdvSendAdvert on; prefix fd84:b410:3441:12::/64; };
+interface eth0.13 { AdvSendAdvert on; prefix fd84:b410:3441:13::/64; };
+interface eth0.14 { AdvSendAdvert on; prefix fd84:b410:3441:14::/64; };
+interface eth0.15 { AdvSendAdvert on; prefix fd84:b410:3441:15::/64; };
+interface eth0.16 { AdvSendAdvert on; prefix fd84:b410:3441:16::/64; };
+interface eth0.17 { AdvSendAdvert on; prefix fd84:b410:3441:17::/64; };
+interface eth0.18 { AdvSendAdvert on; prefix fd84:b410:3441:18::/64; };
+interface eth0.19 { AdvSendAdvert on; prefix fd84:b410:3441:19::/64; };
+interface eth0.20 { AdvSendAdvert on; prefix fd84:b410:3441:20::/64; };
+interface eth0.21 { AdvSendAdvert on; prefix fd84:b410:3441:21::/64; };
+interface eth0.22 { AdvSendAdvert on; prefix fd84:b410:3441:22::/64; };
+interface eth0.23 { AdvSendAdvert on; prefix fd84:b410:3441:23::/64; };
+interface eth0.24 { AdvSendAdvert on; prefix fd84:b410:3441:24::/64; };
+
diff --git a/packages/router/service/radvd/run b/packages/router/service/radvd/run
new file mode 100755
index 0000000..3ee78f1
--- /dev/null
+++ b/packages/router/service/radvd/run
@@ -0,0 +1,5 @@
+#! /bin/sh
+
+exec 2>&1
+
+exec /opt/router/bin/radvd -C radvd.conf -d 1 -m stderr -p radvd.pid
diff --git a/packages/router/service/router/finish b/packages/router/service/router/finish
index 8c3aa29..d743cb8 100755
--- a/packages/router/service/router/finish
+++ b/packages/router/service/router/finish
@@ -1,9 +1,9 @@
 #! /bin/sh
 
-ip addr del 10.0.0.1/16 dev eth0
-
-for i in $(seq 48); do
+for i in $(seq 24); do
   ip link del link dev eth0.$i
 done
 
+ip link set dev eth0 down
+
 iptables -F INPUT
diff --git a/packages/router/service/router/run b/packages/router/service/router/run
index ae41920..ca5ce40 100755
--- a/packages/router/service/router/run
+++ b/packages/router/service/router/run
@@ -4,45 +4,20 @@ exec 2>&1
 
 hostname router
 
-# McPhall suggested all these.  I don't know what most of them do.
-# But I do know that McPhall is a smart guy.
-echo 1 > /proc/sys/net/ipv4/ip_forward
+PFX=fd84:b410:3441
+
+# We're a router
 echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
-echo 0 > /proc/sys/kernel/randomize_va_space
-echo 0 > /proc/sys/net/ipv4/conf/all/arp_accept
-echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
-echo 1 > /proc/sys/net/ipv4/conf/all/arp_announce
-echo 2 > /proc/sys/net/ipv4/conf/all/arp_ignore
-echo 0 > /proc/sys/net/ipv4/conf/all/shared_media
-echo 0 > /proc/sys/net/ipv4/tcp_timestamps
-echo 1 > /proc/sys/net/ipv4/icmp_errors_use_inbound_ifaddr
-echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
 
-
-# Make a huge arp table, because this is a router
-# and people like to run nmap
-
-echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
-echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
-
-# No label: dnsmasq can't cope
-ip addr add 172.16.0.1/24 dev eth0
-ip addr add 172.30.73.1/24 dev eth0
+# Bring up main ethernet interface
+ip addr add $PFX:0::1/64 dev eth0
 ip link set eth0 up
 
+# Bring up vlans
 for i in $(seq 24); do
   ip link add link eth0 name eth0.$i type vlan id $i
-  ip addr add 172.16.$i.1/24 dev eth0.$i
+  ip addr add $PFX:$i::1/64 dev eth0.$i
   ip link set eth0.$i up
 done
 
-iptables -P OUTPUT ACCEPT
-iptables -P FORWARD ACCEPT
-
-iptables -A INPUT -p udp --dport 53 -j ACCEPT
-iptables -A INPUT -p udp --dport 67:68 -j ACCEPT
-iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
-iptables -A INPUT -s 172.16.0.0/12 -j ACCEPT
-iptables -P INPUT DROP
-
 sleep 8100d
diff --git a/packages/router/service/sshd/passwd b/packages/router/service/sshd/passwd
new file mode 100644
index 0000000..97e6113
--- /dev/null
+++ b/packages/router/service/sshd/passwd
@@ -0,0 +1 @@
+root:$1$xAJ7KwiU$BeKJjYGs9r/hY9Ag4qv4I1:0:0:root:/:/bin/sh
\ No newline at end of file
diff --git a/packages/router/service/sshd/run b/packages/router/service/sshd/run
index e60e68b..0a56304 100755
--- a/packages/router/service/sshd/run
+++ b/packages/router/service/sshd/run
@@ -1,4 +1,7 @@
 #! /bin/sh
 
 exec 2>&1
+
+cat passwd > /etc/passwd
+
 exec dropbear -r ./rsa.key -E -F