Mercurial > hg > anonet-resdb
changeset 771:d76deb2af72f draft
updated peer2anonet
author | d3v11 <d3v11@d3v11.ano> |
---|---|
date | Thu, 24 Nov 2011 21:38:40 +0000 |
parents | 2587c6d6204a |
children | 1ba55b415d50 a253a7be0c7b |
files | contrib/peer2anonet/Makefile contrib/peer2anonet/README contrib/peer2anonet/configure contrib/peer2anonet/peer2anonet |
diffstat | 4 files changed, 184 insertions(+), 205 deletions(-) [+] |
line wrap: on
line diff
--- a/contrib/peer2anonet/Makefile Mon Nov 21 19:50:39 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,32 +0,0 @@ -#!/usr/bin/make -f - -install-deb: - make clean - rm -rf DEBIAN/peer2anonet *.deb - mkdir DEBIAN/peer2anonet - mkdir DEBIAN/peer2anonet/DEBIAN - mkdir DEBIAN/peer2anonet/usr - mkdir DEBIAN/peer2anonet/usr/bin - mkdir DEBIAN/peer2anonet/etc - mkdir DEBIAN/peer2anonet/etc/peer2anonet - cp DEBIAN/control DEBIAN/peer2anonet/DEBIAN/control - cp peer2anonet DEBIAN/peer2anonet/usr/bin/peer2anonet - chmod +x DEBIAN/peer2anonet/usr/bin/peer2anonet - DEBIAN/configure - dpkg-deb --build DEBIAN/peer2anonet - dpkg -i DEBIAN/peer2anonet.deb - rm -rf DEBIAN/peer2anonet DEBIAN/peer2anonet.deb - -install: - make clean - make uninstall - cp peer2anonet /usr/bin/peer2anonet - chmod +x /usr/bin/peer2anonet - mkdir /etc/peer2anonet - ./configure - -uninstall: - rm -rf /usr/bin/peer2anonet /etc/peer2anonet - -clean: - rm -rf DEBIAN/peer2anonet DEBIAN/peer2anonet.deb
--- a/contrib/peer2anonet/README Mon Nov 21 19:50:39 2011 +0000 +++ b/contrib/peer2anonet/README Thu Nov 24 21:38:40 2011 +0000 @@ -1,82 +1,21 @@ -SYNOPSIS: - # Generate Keys: - quicktun.keypair</dev/random - - # Interactive prompt: - peer2anonet - - # Accept pipe from file: - peer2anonet < autoconfig.txt - - # Accept netcat pipe: - nc -l 1337 | peer2anonet - - # Send a netcat pipe: - nc 1337 192.168.1.0 < autoconfig.txt - DESCRIPTION: peer2anonet is an autoconfiguration utility to easily establish a - peering session with BGP on anonet2. - -LICENSE: - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. + peering session with BGP on AnoNet2. DEPENDS ON: quicktun, bird, daemontools(non-deb), bash -INSTALL AND UNINSTALL: - ****************************************************************** - * PEER2ANONET CAN AND WILL OVERWRITE /service AND /services, TO * - * INCLUDE FILES WITHIN THOSE DIRECTORIES. PLEASE CREATE BACKUPS * - * BEFORE INSTALLING AND USING PEER2ANONET AT ANY TIME! * - ****************************************************************** - - To install, `cd' to the extracted peer2anonet folder. - Issue the following commands as root: +USAGE: - make install - - To uninstall peer2anonet, as root do: + --configure generate a new local configuration and exit - make uninstall - - To compile/install a .deb package, as root do: - - make install-deb + --update regenerate peer configurations -USAGE: - You may execute peer2anonet and answer configuration questions - via interface or pipe a file containing the new peering - session's specifications to the executable. peer2anonet has - some security checks but it is highly recommended you check - a autoconfig file manually before using to prevent malicious - attacks. An autoconfig file should be in the following format: - Plain text file, one block of data per line, no spaces, and - without including the following '<-- comments'. + --configure-peer generate a new peer configuration and update -================== Not Actual Line on File ============================ -anon <--your peer's alias -11.22.33.44 <--your peer's remote ip -1.2.3.4 <--your peer's anonet ip -4321 <--your peer's client port -1234 <--your peer's asn -3c6e0b8a9c15224a8228b9a98ca1531d <--your peer's public key -================== Not Actual Line on File ============================ + --rm-peer remove a peer configuration and update - At your discretion, you may exclude the public key from the - bottom of an autoconfig file and post installation of your new - peer service, peer2anonet will prompt foor it. +
--- a/contrib/peer2anonet/configure Mon Nov 21 19:50:39 2011 +0000 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,12 +0,0 @@ -#!/bin/bash -read -p "Enter your anonet network: " P2A_NET -read -p "Enter your anonet router: " P2A_ROUTE -read -p "Enter your anonet asn: " P2A_ASN -read -p "Enter your anonet ip: " P2A_IP - -echo '' >/etc/peer2anonet/p2a.conf - -echo "P2A_NET=\"$P2A_NET\"" >>/etc/peer2anonet/p2a.conf -echo "P2A_ROUTE=\"$P2A_ROUTE\"" >>/etc/peer2anonet/p2a.conf -echo "P2A_ASN=\"$P2A_ASN\"" >>/etc/peer2anonet/p2a.conf -echo "P2A_IP=\"$P2A_IP\"" >>/etc/peer2anonet/p2a.conf
--- a/contrib/peer2anonet/peer2anonet Mon Nov 21 19:50:39 2011 +0000 +++ b/contrib/peer2anonet/peer2anonet Thu Nov 24 21:38:40 2011 +0000 @@ -1,75 +1,119 @@ #!/bin/bash -######################################################################### -# We need to check for root privileges: if [[ $(id -u) != 0 ]]; then - echo "peer2anonet: error: root privileges required." - exit 1 + echo "error: root privileges required." + exit 1 fi -######################################################################### -# We need to source our peer2anonet variables -source /etc/peer2anonet/p2a.conf +USAGE(){ + echo -e '\npeer2anonet:' + echo -e '\n --configure generate a new local configuration and exit' + echo -e '\n --update regenerate peer configurations' + echo -e '\n --configure-peer generate a new peer configuration and update' + echo -e '\n --rm-peer remove a peer configuration and update\n' + exit 0 + } -######################################################################### -# We need to see if service(s) directories exist: +mkdir -p /service mkdir -p /services mkdir -p /services/bird -mkdir -p /service - -######################################################################### -# We need to get info for the new peering and BGP session: -read -p "Enter your peer's name/interface: " PEERNAME -read -p "Enter your peer's remote ip: " REMOTEIP -read -p "Enter your peer's anonet ip: " PEERIP -read -p "Enter your peer's remote port: " PEERPORT -read -p "Enter your peer's asn: " PEERASN -read -p "Enter your peer's public key: " PUBKEY - -######################################################################### -# Do some security checks on variables: -TEST[0]=$PEERNAME; TEST[1]=$REMOTEIP; TEST[2]=$PEERIP - TEST[3]=$PEERPORT; TEST[4]=$PEERASN +mkdir -p /etc/peer2anonet +mkdir -p /etc/peer2anonet/peers -for((X=0;X<=2;X++)); do -if [[ $(echo ${TEST[$X]} | tr -d 'a-zA-Z0-9._-' | wc -c) -gt 1 ]]; then -echo ${TEST[$X]} | tr -d 'a-zA-Z0-9' | wc -c - echo "peer2anonet: fatal error: unacceptable data: ${TEST[$X]} -" - exit 1 -fi -done - -for((X=3;X<=4;X++)); do -if [[ $(echo ${TEST[$X]} | tr -d '0-9' | wc -c) -gt 1 ]]; then - echo "peer2anonet: fatal error: unacceptable data: ${TEST[$X]} -" - exit 1 -fi -done - -if [[ $(echo "$PUBKEY" | tr -d 'a-zA-Z0-9' | wc -c) -gt 1 ]]; then - echo "peer2anonet: fatal error: unacceptable data: ${TEST[$X]} -" - exit 1 +if [ -e /etc/peer2anonet/p2a.conf ]; then + source /etc/peer2anonet/p2a.conf +else + echo "peer2anonet: needs --configure prior to usage" + exit 1 fi -ADDPORT="2$(($PEERASN % 10000))" +CONFIGURE(){ + echo -e '\nCONFIGURE:\n' + read -p " Enter your AnoNet subnet: " P2A_NET + read -p " Enter your AnoNet router: " P2A_ROUTE + read -p " Enter your peering ip: " P2A_IP + read -p " Enter your AnoNet asn: " P2A_ASN + echo "P2A_NET=\"$P2A_NET\"">/etc/peer2anonet/p2a.conf + echo "P2A_ROUTE=\"$P2A_ROUTE\"">>/etc/peer2anonet/p2a.conf + echo "P2A_IP=\"$P2A_IP\"">>/etc/peer2anonet/p2a.conf + echo "P2A_ASN=\"$P2A_ASN\"">>/etc/peer2anonet/p2a.conf + echo -e '\npeer2anonet: configured\n' + exit 0 + } + +UPDATE(){ + echo -e '\nUPDATE:\n' + if [[ $(ls /etc/peer2anonet/peers) ]]; then + for PEER in `ls /etc/peer2anonet/peers`; do + if [ -e /etc/peer2anonet/peers/"$PEER"/remote_ip ]; then + if [[ $(echo X`cat /etc/peer2anonet/peers/"$PEER"/remote_ip`) == 'X' ]]; then + echo " error: /etc/peer2anonet/peers/$PEER/remote_ip is void" + exit 1 + fi + else + echo " error: /etc/peer2anonet/peers/$PEER/remote_ip not exists" + exit 1 + fi + + if [ -e /etc/peer2anonet/peers/"$PEER"/peering_ip ]; then + if [[ $(echo X`cat /etc/peer2anonet/peers/"$PEER"/peering_ip`) == 'X' ]]; then + echo " error: /etc/peer2anonet/peers/$PEER/peering_ip is void" + exit 1 + fi + else + echo " error: /etc/peer2anonet/peers/$PEER/peering_ip not exists" + exit 1 + fi -######################################################################### -# We need to check if base files need to be imported to services for bird: -NEW_PROTOCOL=" -protocol bgp $PEERNAME { table AnoNet_routes; - local as $P2A_ASN; - neighbor $PEERIP as $PEERASN; - source address $P2A_IP; - import filter only_AnoNet_ebgp; - export filter only_AnoNet_ebgp_export; -}" + if [ -e /etc/peer2anonet/peers/"$PEER"/port ]; then + if [[ $(echo X`cat /etc/peer2anonet/peers/"$PEER"/port`) == 'X' ]]; then + echo " error: /etc/peer2anonet/peers/$PEER/port is void" + exit 1 + fi + else + echo " error: /etc/peer2anonet/peers/$PEER/port not exists" + exit 1 + fi + + if [ -e /etc/peer2anonet/peers/"$PEER"/asn ]; then + if [[ $(echo X`cat /etc/peer2anonet/peers/"$PEER"/asn`) == 'X' ]]; then + echo " error: /etc/peer2anonet/peers/$PEER/asn is void" + exit 1 + fi + else + echo " error: /etc/peer2anonet/peers/$PEER/asn not exists" + exit 1 + fi -BIRD_RUN='#!/bin/sh -exec bird -c bird.conf -d' + if [ -e /etc/peer2anonet/peers/"$PEER"/pubkey ]; then + if [[ $(echo X`cat /etc/peer2anonet/peers/"$PEER"/pubkey`) == 'X' ]]; then + echo " error: /etc/peer2anonet/peers/$PEER/pubkey is void" + exit 1 + fi + else + echo " error: /etc/peer2anonet/peers/$PEER/pubkey not exists" + exit 1 + fi -BIRD_CONF="function n_AnoNet_mine (prefix arg) { + if [ -e /etc/peer2anonet/peers/"$PEER"/seckey ]; then + if [[ $(echo X`cat /etc/peer2anonet/peers/"$PEER"/seckey`) == 'X' ]]; then + echo " error: /etc/peer2anonet/peers/$PEER/seckey is void" + exit 1 + fi + else + echo " error: /etc/peer2anonet/peers/$PEER/seckey not exists" + exit 1 + fi + done + else + echo " error: peering configurations not exists" + exit 1 + fi + + echo '#!/bin/bash +bird -c bird.conf -d' > /services/bird/run + chmod +x /services/bird/run + + echo "function n_AnoNet_mine (prefix arg) { if arg ~ [ $P2A_NET/24+ ] then return true; return false; }; @@ -116,26 +160,28 @@ protocol direct direct_AnoNet_routes { table AnoNet_routes; interface \"eth0\"; import filter only_AnoNet; -}" - - +}" > /services/bird/bird.conf -test -e /services/bird/bird.conf || echo "$BIRD_CONF" > /services/bird/bird.conf -test -e /services/bird/run || echo "$BIRD_RUN" > /services/bird/run -chmod +x /services/bird/run -echo "$NEW_PROTOCOL" >> /services/bird/bird.conf -test -L /services/bird && rm -r /service/bird -test -L /service/bird || ln -s /services/bird /service/ + for PEER in `ls /etc/peer2anonet/peers`; do + mkdir -p /services/"$PEER" + PEERNAME="$PEER" + REMOTEIP=`cat /etc/peer2anonet/peers/"$PEER"/remote_ip` + PEERIP=`cat /etc/peer2anonet/peers/"$PEER"/peering_ip` + PEERPORT=`cat /etc/peer2anonet/peers/"$PEER"/port` + PEERASN=`cat /etc/peer2anonet/peers/"$PEER"/asn` + PUBKEY=`cat /etc/peer2anonet/peers/"$PEER"/pubkey` + SECKEY=`cat /etc/peer2anonet/peers/"$PEER"/seckey` -######################################################################### -# We need to check if this peering session already exists: -test -e /services/"$PEERNAME" && rm -r /services/"$PEERNAME" -mkdir -p /services/"$PEERNAME" + echo " +protocol bgp $PEERNAME { table AnoNet_routes; + local as $P2A_ASN; + neighbor $PEERIP as $PEERASN; + source address $P2A_IP; + import filter only_AnoNet_ebgp; + export filter only_AnoNet_ebgp_export; +}" >> /services/bird/bird.conf - -######################################################################### -# Create files to configure the new peering session: -echo "#!/bin/sh + echo "#!/bin/bash # uncomment if your peer has a dynamic IP # #export REMOTE_FLOAT=1 @@ -147,8 +193,8 @@ export REMOTE_ADDRESS=$REMOTEIP export REMOTE_PORT=$PEERPORT -export LOCAL_PORT=$ADDPORT -export PRIVATE_KEY=\"\$(cat seckey)\" +export LOCAL_PORT=2${PEERASN:0:5} +export PRIVATE_KEY=$SECKEY export PUBLIC_KEY=$PUBKEY export TUN_MODE=1 export INTERFACE=ppp-$PEERNAME @@ -173,23 +219,61 @@ ping -c 1 -I \$INTERFACE $PEERIP -r -w 5 ) & exec /usr/sbin/quicktun.nacltai" > /services/"$PEERNAME"/run -chmod +x /services/"$PEERNAME"/run + chmod +x /services/"$PEERNAME"/run + test -L "/service/$PEERNAME" || ln -s "/services/$PEERNAME" "/service/$PEERNAME" + svc -d "/service/$PEERNAME" && svc -u "/service/$PEERNAME" + done + test -L /service/bird || ln -s /services/bird /service/bird + echo configure | birdc + } + +CONFIGURE_PEER(){ + echo -e '\nCONFIGURE PEER:\n' + read -p " Enter your peer's name: " PEERNAME + read -p " Enter your peer's remote ip: " REMOTEIP + read -p " Enter your peer's peering ip: " PEERIP + read -p " Enter your peer's remote port: " PEERPORT + read -p " Enter your peer's asn: " PEERASN + read -p " Enter your peer's public key: " PUBKEY + read -p " Enter your private key: " SECKEY + mkdir -p /etc/peer2anonet/peers/"$PEERNAME" + echo $REMOTEIP >/etc/peer2anonet/peers/"$PEERNAME"/remote_ip + echo $PEERIP >/etc/peer2anonet/peers/"$PEERNAME"/peering_ip + echo $PEERPORT >/etc/peer2anonet/peers/"$PEERNAME"/port + echo $PEERASN >/etc/peer2anonet/peers/"$PEERNAME"/asn + echo $PUBKEY >/etc/peer2anonet/peers/"$PEERNAME"/pubkey + echo $SECKEY >/etc/peer2anonet/peers/"$PEERNAME"/seckey + echo -e "\n configured $PEERNAME\n" + } -######################################################################### -# Configure and start our new peering session: -test -L "/service/$PEERNAME" && rm -r "/service/$PEERNAME" -ln -s "/services/$PEERNAME" /service/ -echo 'Secret Key Goes Here!' > "/services/$PEERNAME/seckey" -echo "peer2anonet: New peering session configured. -Please place your secret key in: /services/$PEERNAME/seckey +RM_PEER(){ + echo -e '\nRM PEER:\n' + read -p " Enter your peer's name: " PEERNAME + if [ -e /etc/peer2anonet/peers/"$PEERNAME" ]; then + rm -r /etc/peer2anonet/peers/"$PEERNAME" + echo + echo -e " removed /etc/peer2anonet/peers/$PEERNAME\n" + else + echo + echo -e " error: /etc/peer2anonet/peers/$PEERNAME not exists\n" + exit 1 + fi + } -Some additional options are available in /services/$PEERNAME/run -Please read the comments in the file for details. You may need to -restart the bird daemon. ie, svc -t /service/bird " + +if [ "$1" == '--configure' ]; then + CONFIGURE +elif [ "$1" == '--update' ]; then + UPDATE +elif [ "$1" == '--configure-peer' ]; then + CONFIGURE_PEER + UPDATE +elif [ "$1" == '--rm-peer' ]; then + RM_PEER + UPDATE +else + USAGE +fi - - - -