mirrors/clatd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: mirrors:v1.4
Branches Tags
mirrors:master mirrors:rfc8781
mirrors:v2.1.0 mirrors:v2.0.0 mirrors:v1.6 mirrors:v1.5 mirrors:v1.4 mirrors:v1.3 mirrors:v1.2 mirrors:v1.1 mirrors:v1.0
...
compare: mirrors:v1.5
Branches Tags
mirrors:master mirrors:rfc8781
mirrors:v2.1.0 mirrors:v2.0.0 mirrors:v1.6 mirrors:v1.5 mirrors:v1.4 mirrors:v1.3 mirrors:v1.2 mirrors:v1.1 mirrors:v1.0

14 Commits
v1.4 ... v1.5

Author SHA1 Message Date
Tore Anderson
66e1e5fc28 Bump version to v1.5 
Most important change is 19c4042 - necessary to support newer Linux kernels.
 2019-05-20 10:19:56 +02:00
Tore Anderson
1441a3ff4b Copyright year update to 2019 2019-05-20 10:18:56 +02:00
Tore Anderson
19c4042f1e Strip prefix length before route lookup for $plat_prefix 
Recent Linux kernels have removed the ability to do a `ip -6 route get` lookup
for destinations with a prefix length:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0eff0a274104487938d741b5c37aca1795afd184

Strip the prefix length before doing this lookup, so that it is done for the
first address in `$plat_prefix` instead.

Closes #12.
 2019-05-20 09:13:05 +02:00
Tore Anderson
888e30bd2b Copyright year update to 2018 2018-12-14 23:59:01 +01:00
Tore Anderson
b8f583a4e0 Correctly detect PLAT prefixes containing embedded WKAs 
The previous code would fail to detect PLAT prefix if ipv4only.arpa resolved to
an address such as 2001:db8:c000:aa::c000:aa. It would get confused as to
whether the prefix was 2001:db8::/32 (incorrect) or 2001:db8:c000:aa::/96
(correct).

Bug reported by Kasper Dupont - thanks!
 2018-12-14 23:48:32 +01:00
Tore Anderson
c228c2bb64 Copyright year update to 2017 2017-08-15 18:15:31 +02:00
Tore Anderson
ebd8487dd0 README: typofixes 2017-08-15 18:14:37 +02:00
Tore Anderson
1218ca7979 Remove doc saying TAYGA will be auto-built 
Now that TAYGA is avaiable in EPEL, it is better to point people at that
instead of building TAYGA from source. In commit 18dca08 the build from source
functionality was removed. Update documentation accordingly.
 2017-08-15 18:11:39 +02:00
Tore Anderson
3f73b5281e Makefile: Add DESTDIR, PREFIX and SYSCONFDIR variables 
These variables can be used to control exactly where clatd gets installed.

Requested by @ingvarha.

Closes: #8
 2017-08-15 18:00:47 +02:00
Tore Anderson
6c7c2d2a92 Don't hardcode commands paths 
Don't assume that utilities such as systemctl or initctl is found in a certain
specific path. Instead look for them in $PATH. This applies to both the
Makefile and the NetworkManager dispatcher script.

Resolves #11.
 2017-08-15 17:46:54 +02:00
Tore Anderson
18dca086c2 Update siit-dc/eam I-D references to RFC numbers 
The three I-Ds that describe SIIT-DC and SIIT-EAM have been published as
RFCs, so update the references accordingly. Also update once occurrence
of old terminology ("Host Agent") with the new and final one ("Edge
Relay").
 2016-03-28 08:38:56 +02:00
Tore Anderson
fb4587bfd6 nm-dispatcher: only act on iface up/down events 
Ensure other events (like hostname changes, DHCP lease renewals, etc.)
are ignored as they are very unlikely to be relevant for clatd.
 2016-03-28 08:26:20 +02:00
Tore Anderson
1abcec1285 Minor documentation fixes 2016-01-28 13:40:05 +01:00
Tore Anderson
9a1a4ae797 2016 licence update 
Change "2014-2015" with "2014-2016". Also, I had forgotten to update the
licence comment in the clatd script itself in b5725c0, so fix that too.
Thanks to @ingvarha for noticing!
 2016-01-28 11:55:02 +01:00
5 changed files with 78 additions and 53 deletions
Expand all files Collapse all files

2
LICENCE
View File

@@ -1,4 +1,4 @@
Copyright (c) 2014-2015 Tore Anderson <tore@fud.no>
Copyright (c) 2014-2019 Tore Anderson <tore@fud.no>
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in

34
Makefile
View File

@@ -1,20 +1,30 @@
DESTDIR=
PREFIX=/usr
SYSCONFDIR=/etc
APT_GET:=$(shell which apt-get)
DNF_OR_YUM:=$(shell which dnf || which yum)
INITCTL:=$(shell which initctl)
SYSTEMCTL:=$(shell which systemctl)
TAYGA:=$(shell which tayga)
install:
# Install the main script to /usr/sbin
install -m0755 clatd /usr/sbin/clatd
# Install the main script
install -m0755 clatd $(DESTDIR)$(PREFIX)/sbin/clatd
# Install manual page if pod2man is installed
pod2man --name clatd --center "clatd - a CLAT implementation for Linux" --section 8 README.pod /usr/share/man/man8/clatd.8 && gzip -f9 /usr/share/man/man8/clatd.8 || echo "pod2man is required to generate manual page"
pod2man --name clatd --center "clatd - a CLAT implementation for Linux" --section 8 README.pod $(DESTDIR)$(PREFIX)/share/man/man8/clatd.8 && gzip -f9 $(DESTDIR)$(PREFIX)/share/man/man8/clatd.8 || echo "pod2man is required to generate manual page"
# Install systemd service file if applicable for this system
if test -x /usr/bin/systemctl && test -d "/etc/systemd/system"; then install -m0644 scripts/clatd.systemd /etc/systemd/system/clatd.service && systemctl daemon-reload; fi
if test -e "/etc/systemd/system/clatd.service" && test ! -e "/etc/systemd/system/multi-user.target.wants/clatd.service"; then systemctl enable clatd.service; fi
if test -x "$(SYSTEMCTL)" && test -d "$(DESTDIR)$(SYSCONFDIR)/systemd/system"; then install -m0644 scripts/clatd.systemd $(DESTDIR)$(SYSCONFDIR)/systemd/system/clatd.service && $(SYSTEMCTL) daemon-reload; fi
if test -e "$(DESTDIR)$(SYSCONFDIR)/systemd/system/clatd.service" && test ! -e "$(DESTDIR)$(SYSCONFDIR)/systemd/system/multi-user.target.wants/clatd.service"; then $(SYSTEMCTL) enable clatd.service; fi
# Install upstart service file if applicable for this system
if test -x /sbin/initctl && test -d "/etc/init"; then install -m0644 scripts/clatd.upstart /etc/init/clatd.conf; fi
if test -x "$(INITCTL)" && test -d "$(DESTDIR)$(SYSCONFDIR)/init"; then install -m0644 scripts/clatd.upstart $(DESTDIR)$(SYSCONFDIR)/init/clatd.conf; fi
# Install NetworkManager dispatcher script if applicable
if test -d /etc/NetworkManager/dispatcher.d; then install -m0755 scripts/clatd.networkmanager /etc/NetworkManager/dispatcher.d/50-clatd; fi
if test -d $(DESTDIR)$(SYSCONFDIR)/NetworkManager/dispatcher.d; then install -m0755 scripts/clatd.networkmanager $(DESTDIR)$(SYSCONFDIR)/NetworkManager/dispatcher.d/50-clatd; fi
installdeps:
# .deb/apt-get based distros
if test -x /usr/bin/apt-get; then apt-get -y install perl-base perl-modules libnet-ip-perl libnet-dns-perl libio-socket-inet6-perl iproute iptables tayga; fi
# .rpm/YUM-based distros
if test -x /usr/bin/yum; then yum -y install perl perl-Net-IP perl-Net-DNS perl-IO-Socket-INET6 perl-File-Temp iproute iptables; fi
# to get TAYGA on .rpm/YUM-based distros, we unfortunately need to install from source
if test -x /usr/bin/yum && test ! -x /usr/sbin/tayga; then echo "TAYGA isn't packaged for YUM-based distros, will download and compile the source in 5 seconds (^C interrupts)" && sleep 5 && yum -y install gcc tar wget bzip2 && wget http://www.litech.org/tayga/tayga-0.9.2.tar.bz2 && bzcat tayga-0.9.2.tar.bz2 | tar x && cd tayga-0.9.2 && ./configure --prefix=/usr && make && make install && rm -rf ../tayga-0.9.2.tar.bz2 ../tayga-0.9.2; fi
if test -x "$(APT_GET)"; then $(APT_GET) -y install perl-base perl-modules libnet-ip-perl libnet-dns-perl libio-socket-inet6-perl iproute iptables tayga; fi
# .rpm/DNF/YUM-based distros
if test -x "$(DNF_OR_YUM)"; then $(DNF_OR_YUM) -y install perl perl-Net-IP perl-Net-DNS perl-IO-Socket-INET6 perl-File-Temp iproute iptables; fi
# If necessary, try to install the TAYGA .rpm using dnf/yum. It is unfortunately not available in all .rpm based distros (in particular CentOS/RHEL).
if test -x "$(DNF_OR_YUM)" && test ! -x "$(TAYGA)"; then $(DNF_OR_YUM) -y install tayga || echo "ERROR: Failed to install TAYGA using dnf/yum, the package is probably not included in your distro. Try enabling the EPEL repo <URL: https://fedoraproject.org/wiki/EPEL> and try again, or install TAYGA <URL: http://www.litech.org/tayga> directly from source."; exit 1; fi

43
README.pod
View File

@@ -14,11 +14,11 @@ make use of DNS64 (for example because they use legacy AF_INET socket calls,
or if they are simply not using DNS64).
B<clatd> may also be used to implement an SIIT-DC Edge Relay as described in
I<I-D.ietf-v6ops-siit-dc-2xlat>. In this scenario, the PLAT is in reality a
SIIT-DC Border Relay (see I<I-D.ietf-v6ops-siit-dc>) instead of a Stateful
NAT64 (see I<RFC6146>). When used as a SIIT-DC Edge Relay, you will probably
want to manually configure the settings I<clat-v4-addr>, I<clat-v6-addr>, and
I<plat-prefix> to mirror the SIIT-DC Border Relay's configuration.
I<RFC 7756>. In this scenario, the PLAT is in reality a SIIT-DC Border Relay
(see I<RFC 7755>) instead of a Stateful NAT64 (see I<RFC6146>). When used as a
SIIT-DC Edge Relay, you will probably want to manually configure the settings
I<clat-v4-addr>, I<clat-v6-addr>, and I<plat-prefix> to mirror the SIIT-DC
Border Relay's configuration.
It relies on the software package TAYGA by Nathan Lutchansky for the actual
translation of packets between IPv4 and IPv6 (I<RFC 6145>) TAYGA may be
@@ -87,21 +87,21 @@ of B<clatd> and its dependencies:
This will install B<clatd> to /usr/sbin, plus install systemd, upstart, and/or
NetworkManager scripts if your distribution appears to be using them, and
install all the dependencies. Note that TAYGA isn't available in RPM format,
so on RedHat/Fedora the installdeps target will install gcc and attempt to
compile TAYGA from source.
install all the dependencies. Note that TAYGA isn't available in all RPM-based
distros (in particular RHEL and its clones). It is however available in EPEL
(see L<https://fedoraproject.org/wiki/EPEL>).
=head1 CONFIGURATION
B<clatd> is designed to be able to run without any user-supplied configuration
in most cases. However, user-specified onfiguration settings may be added to
in most cases. However, user-specified configuration settings may be added to
the configuration file, the path to which may be given on the command line
using the I<-c> option, or if it is not, the default location
I</etc/clatd.conf> is used. Configuration settings may also be given directly
on the command line when starting B<clatd>, which takes precedence over settings
in the configuration file.
Settings are of the form B<key=value>. A list of recogniced keys and their
Settings are of the form B<key=value>. A list of recognised keys and their
possible values follow below:
=over
@@ -159,7 +159,7 @@ example:
B<clatd 'script-up=ip route add 192.0.2.0/24 dev $clat_dev || true'>
=item B<script-up=string> (no default)
=item B<script-down=string> (no default)
This works exactly the same as B<script-up>, only that this script is run right
after TAYGA has exited, before the clean-up process of restoring any settings
@@ -183,11 +183,11 @@ will bind to this address when communicating with external IPv4 destinations.
In a standard 464XLAT environment with a stateful NAT64 serving as the PLAT,
there should be no need to change the default.
When using B<clatd> as an SIIT-DC Edge Relay (I<I-D.ietf-v6ops-siit-dc-2xlat>),
you will want to set this to the IPv4 Service Address configured in the SIIT-DC
Border Relay. This way, local applications can correctly identify which public
address they'll be using on the IPv4 internet, and will be able to provide
fully functional references to it in application-level payload, and so on.
When using B<clatd> as an SIIT-DC Edge Relay (I<RFC 7756>), you will want to
set this to the IPv4 Service Address configured in the SIIT-DC Border Relay.
This way, local applications can correctly identify which public address
they'll be using on the IPv4 internet, and will be able to provide fully
functional references to it in application-level payload, and so on.
The default address is one from I<RFC 7335>.
@@ -280,7 +280,7 @@ DNS64 answers using the method in I<RFC 7050>.
Controls whether or not B<clatd> should add a Proxy-ND entry for the CLAT IPv6
address on the network device facing the PLAT. This is probably necessary
on Ethernet networks (otherwise the upstream IPv6 router won't know where to
send packets to the CLAT's IPv6 adderss), but likely not necessary on
send packets to the CLAT's IPv6 address), but likely not necessary on
point-to-point links like PPP or 3GPP mobile broadband, as in those cases
IPv6 ND isn't used. However it doesn't hurt to add Proxy-ND entries in that
case, either.
@@ -354,7 +354,7 @@ If you enable B<v4-defaultroute-replace> while at the same time disabling
B<v4-defaultroute-enable>, B<clatd> will remove any pre-existing IPv4 default
routes but not add any of its own.
Setting B<v4-defaultroute-replace> to I<yes>will disable the IPv4 connectivity
Setting B<v4-defaultroute-replace> to I<yes> will disable the IPv4 connectivity
check.
=item B<v4-defaultroute-metric=integer> (default: I<2048>)
@@ -412,7 +412,7 @@ configuration file) when reporting a bug.
=head1 LICENCE
Copyright (c) 2014-2015 Tore Anderson <tore@fud.no>
Copyright (c) 2014-2019 Tore Anderson <tore@fud.no>
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
@@ -436,8 +436,7 @@ SOFTWARE.
ip(8), ip6tables(8), tayga(8), tayga.conf(5)
RFC 6052, RFC 6145, RFC 6146, RFC 6877, RFC 7050, RFC 7335
I-D.ietf-v6ops-siit-dc, I-D.ietf-v6ops-siit-dc-2xlat, I-D.ietf-v6ops-siit-eam
RFC 6052, RFC 6145, RFC 6146, RFC 6877, RFC 7050, RFC 7335 RFC 7755, RFC 7756,
RFC 7757
=cut

43
clatd
View File

@@ -1,10 +1,24 @@
#! /usr/bin/perl -w
#
# Copyright (c) 2014 Tore Anderson <tore@fud.no>
# Copyright (c) 2014-2019 Tore Anderson <tore@fud.no>
#
# As long as you retain this notice, you may use this piece of software as
# you wish. If you like it, and we happen to meet one day, you can buy me
# a beer in return. If you really like it, make it an IPA.
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# See the file 'README.pod' in the source distribution or the manual page
# clatd(8) for more information.
@@ -12,7 +26,7 @@
use strict;
use Net::IP;
my $VERSION = "1.4";
my $VERSION = "1.5";
#
# Populate the global config hash with the default values
@@ -205,9 +219,9 @@ sub sysctl {
#
# Look for either of the WKAs for ipv4only.arpa (192.0.0.170 and .171) in an
# IPv6 address at all of the locations RFC 6052 says it can occur. If it's
# present at any of those locations (but no more than once), return the
# inferred translation prefix.
# IPv6 address at all of the locations RFC 6052 says it can occur, starting at
# the longest prefix length. If it's present at any of those locations, return
# the inferred translation prefix.
#
sub find_rfc7050_wka {
my $AAAA = shift;
@@ -234,7 +248,7 @@ sub find_rfc7050_wka {
my $discovered_pfx_len;
for my $len (keys(%rfc6052table)) {
outer: for my $len (sort {$b <=> $a} keys(%rfc6052table)) {
d2("Looking for Well-Known Addresses at prefix length /$len");
my $maskedip = $ip->intip();
my $mask = Net::IP->new($rfc6052table{"$len"}{"mask"}, 6);
@@ -255,13 +269,9 @@ sub find_rfc7050_wka {
}
if($maskedip == $wkaint->intip) {
if($discovered_pfx_len) {
w("Found WKA at two locations in ", $ip->sort,
"(/$discovered_pfx_len and /$len) - ignoring");
return;
}
d2("Found it!");
$discovered_pfx_len = $len;
last outer;
} else {
d2("Didn't find it");
}
@@ -383,6 +393,7 @@ sub get_plat_dev {
if(!$plat_prefix) {
err("get_plat_dev(): No PLAT prefix to work with");
}
$plat_prefix =~ s|/\d+$||;
open(my $fd, '-|', cfg("cmd-ip"), qw(-6 route get), $plat_prefix)
or err("get_plat_dev(): 'ip -6 route get $plat_prefix' failed to execute");
while(<$fd>) {
@@ -651,8 +662,8 @@ for (my $i = 0; $i < @ARGV;) {
next;
} elsif($ARGV[$i] =~ /^(-h|--help)$/) {
print <<"EOF";
clatd v$VERSION - a 464XLAT (RFC 6877) CLAT and SIIT-DC Host Agent
(I-D.anderson-v6ops-siit-dc-2xlat) implementation for Linux
clatd v$VERSION - a 464XLAT (RFC 6877) CLAT and SIIT-DC Edge Relay
(RFC 7756) implementation for Linux
EOF
print "\n";
print " Usage: clatd [-q] [-d [-d]] [-c config-file] ",

9
scripts/clatd.networkmanager
View File

@@ -14,6 +14,11 @@
# committing suicide from the restarts below
[ "$DEVICE_IFACE" = "clat" ] && exit 0
# We're only acting on interface "up" or "down" events. NM will run the
# dispatcher scripts for other events we're not interested in, like the
# hostname being set or a DHCP lease being renewed. Ignore those.
[ "$2" != "up" ] && [ "$2" != "down" ] && exit 0
# We simply restart clatd in all situations, as no matter if an interface
# goes up or down, it may mean that the PLAT device changes, it may mean
# native IPv4 appearing or disappearing, or it may mean that DNS64 became
@@ -21,8 +26,8 @@
# start from scratch than to figure out if a restart is truly necessary
# systemd-based distros
if test -x /usr/bin/systemctl; then
/usr/bin/systemctl restart clatd.service
if which systemctl &> /dev/null; then
systemctl restart clatd.service
fi
# upstart-based distros