Mercurial > hg > anonet-resdb
view contrib/peer2anonet/peer2anonet @ 668:d76cc244e016 draft
Added "ping hack" to peer2anonet for users with dymanic IcannNet IP's
| author | d3v11 <d3v11@d3v11.ano> |
|---|---|
| date | Sun, 09 Oct 2011 17:53:29 -0500 |
| parents | 6753fb814c94 |
| children | 2d916fa935e6 |
line wrap: on
line source
#!/bin/bash ######################################################################### # We need to check for root privileges: if [[ $(id -u) != 0 ]]; then echo "peer2anonet: error: root privileges required." exit 1 fi ######################################################################### # We need to source our peer2anonet variables source /etc/peer2anonet/p2a.conf ######################################################################### # We need to see if service(s) directories exist: mkdir -p /services mkdir -p /services/bird mkdir -p /service ######################################################################### # We need to get info for the new peering and BGP session: read -p "Enter your peer's name/interface: " PEERNAME read -p "Enter your peer's remote ip: " REMOTEIP read -p "Enter your peer's anonet ip: " PEERIP read -p "Enter your peer's remote port: " PEERPORT read -p "Enter your peer's asn: " PEERASN read -p "Enter your peer's public key: " PUBKEY ######################################################################### # Do some security checks on variables: TEST[0]=$PEERNAME; TEST[1]=$REMOTEIP; TEST[2]=$PEERIP TEST[3]=$PEERPORT; TEST[4]=$PEERASN for((X=0;X<=2;X++)); do if [[ $(echo ${TEST[$X]} | tr -d 'a-zA-Z0-9._-' | wc -c) -gt 1 ]]; then echo ${TEST[$X]} | tr -d 'a-zA-Z0-9' | wc -c echo "peer2anonet: fatal error: unacceptable data: ${TEST[$X]} " exit 1 fi done for((X=3;X<=4;X++)); do if [[ $(echo ${TEST[$X]} | tr -d '0-9' | wc -c) -gt 1 ]]; then echo "peer2anonet: fatal error: unacceptable data: ${TEST[$X]} " exit 1 fi done if [[ $(echo "$PUBKEY" | tr -d 'a-zA-Z0-9' | wc -c) -gt 1 ]]; then echo "peer2anonet: fatal error: unacceptable data: ${TEST[$X]} " exit 1 fi ADDPORT="2$(($PEERASN % 10000))" ######################################################################### # We need to check if base files need to be imported to services for bird: NEW_PROTOCOL=" protocol bgp $PEERNAME { table AnoNet_routes; local as $P2A_ASN; neighbor $PEERIP as $PEERASN; source address $P2A_IP; import filter only_AnoNet_ebgp; export filter only_AnoNet_ebgp_export; }" BIRD_RUN='#!/bin/sh exec bird -c bird.conf -d' BIRD_CONF="function n_AnoNet_mine (prefix arg) { if arg ~ [ $P2A_NET/24+ ] then return true; return false; }; function n_AnoNet (prefix arg) { if arg ~ [ 1.0.0.0/8+ ] then return true; return false; }; filter only_AnoNet_ebgp { if n_AnoNet(net) then if !n_AnoNet_mine(net) then accept \"AnoNet\"; else reject \"mine\"; reject \"non-AnoNet\"; }; filter only_AnoNet_ebgp_export { if n_AnoNet(net) then accept \"AnoNet\"; reject \"non-AnoNet\"; }; filter only_AnoNet { if n_AnoNet(net) then accept \"AnoNet\"; reject \"non-AnoNet\"; }; table AnoNet_routes; protocol pipe pipe_AnoNet_routes { peer table AnoNet_routes; mode transparent; import filter only_AnoNet; export filter only_AnoNet; }; protocol static static_AnoNet_routes { table AnoNet_routes; route $P2A_NET/24 drop; } protocol kernel { scan time 10; import all; export all; } protocol device { scan time 900; } protocol direct direct_AnoNet_routes { table AnoNet_routes; interface \"eth0\"; import filter only_AnoNet; }" test -e /services/bird/bird.conf || echo "$BIRD_CONF" > /services/bird/bird.conf test -e /services/bird/run || echo "$BIRD_RUN" > /services/bird/run chmod +x /services/bird/run echo "$NEW_PROTOCOL" >> /services/bird/bird.conf test -L /services/bird && rm -r /service/bird test -L /service/bird || ln -s /services/bird /service/ ######################################################################### # We need to check if this peering session already exists: test -e /services/"$PEERNAME" && rm -r /services/"$PEERNAME" mkdir -p /services/"$PEERNAME" ######################################################################### # Create files to configure the new peering session: echo "#!/bin/sh #export REMOTE_FLOAT=1 export REMOTE_ADDRESS=$REMOTEIP export REMOTE_PORT=$PEERPORT export LOCAL_PORT=$ADDPORT export PRIVATE_KEY=\"\$(cat seckey)\" export PUBLIC_KEY=$PUBKEY export TUN_MODE=1 export INTERFACE=ppp-$PEERNAME ( sleep 5; ip addr add $P2A_IP peer $PEERIP/32 dev \$INTERFACE scope link ip addr add $P2A_ROUTE/32 dev \$INTERFACE scope global ip link set dev \$INTERFACE up ping -c 1 -I $INTERFACE -r -w 5 ) & exec /usr/sbin/quicktun.nacltai" > /services/"$PEERNAME"/run chmod +x /services/"$PEERNAME"/run ######################################################################### # Configure and start our new peering session: test -L "/service/$PEERNAME" && rm -r "/service/$PEERNAME" ln -s "/services/$PEERNAME" /service/ echo 'Secret Key Goes Here!' > "/services/$PEERNAME/seckey" echo "peer2anonet: New peering session configured. Please place your secret key in: /services/$PEERNAME/seckey To allow remote floating: uncomment REMOTE_FLOAT=1 in /services/$PEERNAME/run"