Mercurial > hg > anonet-resdb
view contrib/peer2anonet/peer2anonet @ 548:dcedb70c723d draft
peer2anonet: patched the service run file
| author | d3v1150m471c <d3v11@d3v1150m471c.ano> |
|---|---|
| date | Sun, 10 Jul 2011 21:42:44 -0500 |
| parents | 76d0f12e2125 |
| children | 5b5b29f8d8c7 |
line wrap: on
line source
#!/bin/bash ######################################################################### # We need to check for root privileges: if [[ $(id -u) != 0 ]]; then echo "peer2anonet: error: root privileges required." exit 1 fi ######################################################################### # We need to see if service(s) directories exist: mkdir -p /services mkdir -p /services/bird mkdir -p /service ######################################################################### # Generate new keys: KEYS=`quicktun.keypair</dev/random | head -2` SECKEY=`echo "${KEYS/SECRET: /}" | head -1` YPUBKEY=`echo "${KEYS/PUBLIC: /}" | head -2 | tail -1` echo " peer2anonet: your public key is: " echo "$YPUBKEY " ######################################################################### # We need to get info for the new peering and BGP session: read -p "Enter your peer name/interface: " PEERNAME read -p "Enter your new network address: " YOURNET read -p "Enter your new network router address: " YOURROUTE read -p "Enter your new network ip address: " YOURIP read -p "Enter your peer remote ip: " REMOTEIP read -p "Enter your peer anonet ip: " PEERIP read -p "Enter your new local port: " YOURPORT read -p "Enter your peer remote port: " PEERPORT read -p "Enter your new asn: " YOURASN read -p "Enter your peer asn: " PEERASN ######################################################################### # Do some security checks on variables: TEST[0]=$PEERNAME; TEST[1]=$YOURNET; TEST[2]=$YOURROUTE; TEST[3]=$YOURIP TEST[4]=$REMOTEIP; TEST[5]=$PEERIP; TEST[6]=$YOURPORT; TEST[7]=$PEERPORT TEST[8]=$YOURASN; TEST[9]=$PEERASN; for((X=0;X<=5;X++)); do if [[ $(echo ${TEST[$X]} | tr -d 'a-zA-Z0-9._-' | wc -c) -gt 1 ]]; then echo ${TEST[$X]} | tr -d 'a-zA-Z0-9' | wc -c echo "peer2anonet: fatal error: unacceptable data: ${TEST[$X]} " exit 1 fi done for((X=6;X<=9;X++)); do if [[ $(echo ${TEST[$X]} | tr -d '0-9' | wc -c) -gt 1 ]]; then echo "peer2anonet: fatal error: unacceptable data: ${TEST[$X]} " exit 1 fi done ######################################################################### # We need to check if base files need to be imported to services for bird: NEW_PROTOCOL=" protocol bgp $PEERNAME'_bgp' { table AnoNet_routes; local as $YOURASN; neighbor $PEERIP as $PEERASN; source address $YOURIP; import filter only_AnoNet_ebgp; export filter only_AnoNet_ebgp_export; }" BIRD_RUN='#!/bin/sh exec bird -c bird.conf -d' BIRD_CONF="function n_AnoNet_mine (prefix arg) { if arg ~ [ $YOURNET/24+ ] then return true; return false; }; function n_AnoNet (prefix arg) { if arg ~ [ 1.0.0.0/8+ ] then return true; return false; }; filter only_AnoNet_ebgp { if n_AnoNet(net) then if !n_AnoNet_mine(net) then accept \"AnoNet\"; else reject \"mine\"; reject \"non-AnoNet\"; }; filter only_AnoNet_ebgp_export { if n_AnoNet(net) then accept \"AnoNet\"; reject \"non-AnoNet\"; }; filter only_AnoNet { if n_AnoNet(net) then accept \"AnoNet\"; reject \"non-AnoNet\"; }; table AnoNet_routes; protocol pipe pipe_AnoNet_routes { peer table AnoNet_routes; mode transparent; import filter only_AnoNet; export filter only_AnoNet; }; protocol static static_AnoNet_routes { table AnoNet_routes; route $YOURROUTE/24 drop; } protocol kernel { scan time 10; import all; export all; } protocol device { scan time 900; } protocol direct direct_AnoNet_routes { table AnoNet_routes; interface \"eth0\"; import filter only_AnoNet; }" test -e /services/bird/bird.conf || echo "$BIRD_CONF" > /services/bird/bird.conf test -e /services/bird/run || echo "$BIRD_RUN" > /services/bird/run chmod +x /services/bird/run echo "$NEW_PROTOCOL" >> /services/bird/bird.conf ######################################################################### # We need to check if this peering session already exists: test -e /services/"$PEERNAME" && rm -r /services/"$PEERNAME" mkdir -p /services/"$PEERNAME" ######################################################################### # Create files to configure the new peering session: echo "#!/bin/sh export REMOTE_ADDRESS=$REMOTEIP export REMOTE_PORT=$PEERPORT export LOCAL_PORT=$YOURPORT export PRIVATE_KEY=$SECKEY export PUBLIC_KEY=\"\$(cat pubkey)\" export TUN_MODE=1 export INTERFACE=ppp-$PEERNAME ( sleep 5; ip addr add $YOURIP peer $PEERIP/32 dev \$INTERFACE scope link ip addr add $YOURROUTE/32 dev \$INTERFACE scope global ip link set dev \$INTERFACE up ) & exec /usr/sbin/quicktun.nacltai" > /services/"$PEERNAME"/run chmod +x /services/"$PEERNAME"/run ######################################################################### # Configure and start our new peering session: ln -s /services/"$PEERNAME" /service/ echo "peer2anonet: New peering session configured " read -p "Enter your peer's public key: " PUBKEY if [[ $(echo "$PUBKEY" | tr -d 'a-zA-Z0-9' | wc -c) -gt 1 ]]; then echo "peer2anonet: fatal error: unacceptable data: $PUBKEY " exit 1 fi echo "$PUBKEY" > /services/"$PEERNAME"/pubkey exit 0