Mercurial > hg > anonet-resdb

view contrib/peer2anonet/peer2anonet @ 549:5b5b29f8d8c7 draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
peer2anonet: made some patches to script. see README file for details.
author d3v1150m471c <d3v11@d3v1150m471c.ano>
date Sun, 10 Jul 2011 22:41:54 -0500
parents dcedb70c723d
children 4964136d5043
line wrap: on
line source

#!/bin/bash
#########################################################################
# We need to check for root privileges:
if [[ $(id -u) != 0 ]]; then
 echo "peer2anonet: error: root privileges required."
 exit 1
fi

#########################################################################
# We need to see if service(s) directories exist:
mkdir -p /services
mkdir -p /services/bird
mkdir -p /service

#########################################################################
# We need to get info for the new peering and BGP session:
read -p "Enter your peer's name/interface: " PEERNAME
read -p "Enter your new network address: " YOURNET
read -p "Enter your new network router address: " YOURROUTE
read -p "Enter your new network ip address: " YOURIP
read -p "Enter your peer's remote ip: " REMOTEIP
read -p "Enter your peer's anonet ip: " PEERIP
read -p "Enter your new local port: " YOURPORT
read -p "Enter your peer's remote port: " PEERPORT
read -p "Enter your new asn: " YOURASN
read -p "Enter your peer's asn: " PEERASN
read -p "Enter your peer's public key: " PUBKEY

#########################################################################
# Do some security checks on variables:
TEST[0]=$PEERNAME; TEST[1]=$YOURNET; TEST[2]=$YOURROUTE; TEST[3]=$YOURIP
TEST[4]=$REMOTEIP; TEST[5]=$PEERIP; TEST[6]=$YOURPORT; TEST[7]=$PEERPORT
       TEST[8]=$YOURASN; TEST[9]=$PEERASN

for((X=0;X<=5;X++)); do
if [[ $(echo ${TEST[$X]} | tr -d 'a-zA-Z0-9._-' | wc -c) -gt 1 ]]; then
echo ${TEST[$X]} | tr -d 'a-zA-Z0-9' | wc -c
 echo "peer2anonet: fatal error: unacceptable data: ${TEST[$X]}
"
 exit 1
fi
done

for((X=6;X<=9;X++)); do
if [[ $(echo ${TEST[$X]} | tr -d '0-9' | wc -c) -gt 1 ]]; then
 echo "peer2anonet: fatal error: unacceptable data: ${TEST[$X]}
"
 exit 1
fi
done

if [[ $(echo "$PUBKEY" | tr -d 'a-zA-Z0-9' | wc -c) -gt 1 ]]; then
 echo "peer2anonet: fatal error: unacceptable data: ${TEST[$X]}
"
 exit 1
fi

#########################################################################
# We need to check if base files need to be imported to services for bird:
NEW_PROTOCOL="
protocol bgp $PEERNAME'_bgp' { table AnoNet_routes;
 local as $YOURASN;
 neighbor $PEERIP as $PEERASN;
 source address $YOURIP;
 import filter only_AnoNet_ebgp;
 export filter only_AnoNet_ebgp_export;
}"

BIRD_RUN='#!/bin/sh
exec bird -c bird.conf -d'

BIRD_CONF="function n_AnoNet_mine (prefix arg) {
 if arg ~ [ $YOURNET/24+ ] then return true;
return false; };

function n_AnoNet (prefix arg) {
 if arg ~ [ 1.0.0.0/8+ ] then return true;
return false; };

filter only_AnoNet_ebgp {
 if n_AnoNet(net) then
  if !n_AnoNet_mine(net) then
   accept \"AnoNet\";
  else reject \"mine\";
reject \"non-AnoNet\"; };

filter only_AnoNet_ebgp_export {
 if n_AnoNet(net) then accept \"AnoNet\";
reject \"non-AnoNet\"; };

filter only_AnoNet {
 if n_AnoNet(net) then accept \"AnoNet\";
reject \"non-AnoNet\"; };

table AnoNet_routes;

protocol pipe pipe_AnoNet_routes { peer table AnoNet_routes; mode transparent;
 import filter only_AnoNet;
 export filter only_AnoNet;
};

protocol static static_AnoNet_routes { table AnoNet_routes;
 route $YOURROUTE/24 drop;
}

protocol kernel {
 scan time 10;
 import all;
 export all;
}

protocol device {
 scan time 900;
}

protocol direct direct_AnoNet_routes { table AnoNet_routes;
 interface \"eth0\";
 import filter only_AnoNet;
}"



test -e /services/bird/bird.conf || echo "$BIRD_CONF" > /services/bird/bird.conf
test -e /services/bird/run || echo "$BIRD_RUN" > /services/bird/run
chmod +x /services/bird/run
echo "$NEW_PROTOCOL" >> /services/bird/bird.conf

#########################################################################
# We need to check if this peering session already exists:
test -e /services/"$PEERNAME" && rm -r /services/"$PEERNAME"
mkdir -p /services/"$PEERNAME"


#########################################################################
# Create files to configure the new peering session:
echo "#!/bin/sh
export REMOTE_ADDRESS=$REMOTEIP
export REMOTE_PORT=$PEERPORT
export LOCAL_PORT=$YOURPORT
export PRIVATE_KEY=\"\$(cat seckey)\"
export PUBLIC_KEY=$PUBKEY
export TUN_MODE=1
export INTERFACE=ppp-$PEERNAME
( sleep 5;
 ip addr add $YOURIP peer $PEERIP/32 dev \$INTERFACE scope link
 ip addr add $YOURROUTE/32 dev \$INTERFACE scope global
 ip link set dev \$INTERFACE up
) &
exec /usr/sbin/quicktun.nacltai" > /services/"$PEERNAME"/run
chmod +x /services/"$PEERNAME"/run

#########################################################################
# Configure and start our new peering session:
test -L "/service/$PEERNAME" && rm -r "/service/$PEERNAME"
ln -s "/services/$PEERNAME" /service/
echo 'Secret Key Goes Here!' > "/services/$PEERNAME/seckey"
echo "peer2anonet: New peering session configured.
Please place your secret key in: /services/$PEERNAME/seckey
"