| b.liu | e958203 | 2025-04-17 19:18:16 +0800 | [diff] [blame] | 1 | #!/bin/sh |
| 2 | # 6in4.sh - IPv6-in-IPv4 tunnel backend |
| 3 | # Copyright (c) 2010-2015 OpenWrt.org |
| 4 | |
| 5 | [ -n "$INCLUDE_ONLY" ] || { |
| 6 | . /lib/functions.sh |
| 7 | . /lib/functions/network.sh |
| 8 | . ../netifd-proto.sh |
| 9 | init_proto "$@" |
| 10 | } |
| 11 | |
| 12 | # Function taken from 6to4 package (6to4.sh), flipped returns |
| 13 | test_6in4_rfc1918() |
| 14 | { |
| 15 | local oIFS="$IFS"; IFS="."; set -- $1; IFS="$oIFS" |
| 16 | [ $1 -eq 10 ] && return 1 |
| 17 | [ $1 -eq 192 ] && [ $2 -eq 168 ] && return 1 |
| 18 | [ $1 -eq 172 ] && [ $2 -ge 16 ] && [ $2 -le 31 ] && return 1 |
| 19 | |
| 20 | # RFC 6598 |
| 21 | [ $1 -eq 100 ] && [ $2 -ge 64 ] && [ $2 -le 127 ] && return 1 |
| 22 | |
| 23 | return 0 |
| 24 | } |
| 25 | |
| 26 | proto_6in4_update() { |
| 27 | sh -c ' |
| 28 | timeout=5 |
| 29 | |
| 30 | (while [ $((timeout--)) -gt 0 ]; do |
| 31 | sleep 1 |
| 32 | kill -0 $$ || exit 0 |
| 33 | done; kill -9 $$) 2>/dev/null & |
| 34 | |
| 35 | exec "$@" |
| 36 | ' "$1" "$@" |
| 37 | } |
| 38 | |
| 39 | proto_6in4_add_prefix() { |
| 40 | append "$3" "$1" |
| 41 | } |
| 42 | |
| 43 | proto_6in4_setup() { |
| 44 | local cfg="$1" |
| 45 | local iface="$2" |
| 46 | local link="6in4-$cfg" |
| 47 | local remoteip |
| 48 | |
| 49 | local mtu ttl tos ipaddr peeraddr ip6addr ip6prefix ip6prefixes tunlink tunnelid username password updatekey device nohostroute |
| 50 | json_get_vars mtu ttl tos ipaddr peeraddr ip6addr tunlink tunnelid username password updatekey device nohostroute |
| 51 | json_for_each_item proto_6in4_add_prefix ip6prefix ip6prefixes |
| 52 | |
| 53 | [ -n "$device" ] && link="$device" |
| 54 | |
| 55 | [ -z "$peeraddr" ] && { |
| 56 | proto_notify_error "$cfg" "MISSING_PEER_ADDRESS" |
| 57 | proto_block_restart "$cfg" |
| 58 | return |
| 59 | } |
| 60 | |
| 61 | remoteip=$(resolveip -t 10 -4 "$peeraddr") |
| 62 | |
| 63 | if [ -z "$remoteip" ]; then |
| 64 | proto_notify_error "$cfg" "PEER_RESOLVE_FAIL" |
| 65 | return |
| 66 | fi |
| 67 | |
| 68 | for ip in $remoteip; do |
| 69 | peeraddr=$ip |
| 70 | break |
| 71 | done |
| 72 | |
| 73 | if [ "${nohostroute}" != "1" ]; then |
| 74 | ( proto_add_host_dependency "$cfg" "$peeraddr" "$tunlink" ) |
| 75 | fi |
| 76 | |
| 77 | [ -z "$ipaddr" ] && { |
| 78 | local wanif="$tunlink" |
| 79 | if [ -z "$wanif" ] && ! network_find_wan wanif; then |
| 80 | proto_notify_error "$cfg" "NO_WAN_LINK" |
| 81 | return |
| 82 | fi |
| 83 | |
| 84 | if ! network_get_ipaddr ipaddr "$wanif"; then |
| 85 | proto_notify_error "$cfg" "NO_WAN_LINK" |
| 86 | return |
| 87 | fi |
| 88 | } |
| 89 | |
| 90 | proto_init_update "$link" 1 |
| 91 | |
| 92 | [ -n "$ip6addr" ] && { |
| 93 | local local6="${ip6addr%%/*}" |
| 94 | local mask6="${ip6addr##*/}" |
| 95 | [ "$local6" = "$mask6" ] && mask6= |
| 96 | proto_add_ipv6_address "$local6" "$mask6" |
| 97 | proto_add_ipv6_route "::" 0 "" "" "" "$local6/$mask6" |
| 98 | } |
| 99 | |
| 100 | for ip6prefix in $ip6prefixes; do |
| 101 | proto_add_ipv6_prefix "$ip6prefix" |
| 102 | proto_add_ipv6_route "::" 0 "" "" "" "$ip6prefix" |
| 103 | done |
| 104 | |
| 105 | proto_add_tunnel |
| 106 | json_add_string mode sit |
| 107 | json_add_int mtu "${mtu:-1280}" |
| 108 | json_add_int ttl "${ttl:-64}" |
| 109 | [ -n "$tos" ] && json_add_string tos "$tos" |
| 110 | json_add_string local "$ipaddr" |
| 111 | json_add_string remote "$peeraddr" |
| 112 | [ -n "$tunlink" ] && json_add_string link "$tunlink" |
| 113 | proto_close_tunnel |
| 114 | |
| 115 | proto_send_update "$cfg" |
| 116 | |
| 117 | [ -n "$tunnelid" -a -n "$username" -a \( -n "$password" -o -n "$updatekey" \) ] && { |
| 118 | [ -n "$updatekey" ] && password="$updatekey" |
| 119 | |
| 120 | local http="http" |
| 121 | local urlget="uclient-fetch" |
| 122 | local urlget_opts="-qO-" |
| 123 | local ca_path="${SSL_CERT_DIR:-/etc/ssl/certs}" |
| 124 | |
| 125 | [ -f /lib/libustream-ssl.so ] && http=https |
| 126 | [ "$http" = "https" -a -z "$(find $ca_path -name "*.0" 2>/dev/null)" ] && { |
| 127 | urlget_opts="$urlget_opts --no-check-certificate" |
| 128 | } |
| 129 | |
| 130 | local url="$http://ipv4.tunnelbroker.net/nic/update?hostname=$tunnelid" |
| 131 | |
| 132 | test_6in4_rfc1918 "$ipaddr" && { |
| 133 | local url="${url}&myip=${ipaddr}" |
| 134 | } |
| 135 | |
| 136 | local try=0 |
| 137 | local max=3 |
| 138 | |
| 139 | ( |
| 140 | set -o pipefail |
| 141 | while [ $((++try)) -le $max ]; do |
| 142 | if proto_6in4_update $urlget $urlget_opts --user="$username" --password="$password" "$url" 2>&1 | \ |
| 143 | sed -e 's,^Killed$,timeout,' -e "s,^,update $try/$max: ," | \ |
| 144 | logger -t "$link"; |
| 145 | then |
| 146 | logger -t "$link" "updated" |
| 147 | return 0 |
| 148 | fi |
| 149 | sleep 5 |
| 150 | done |
| 151 | logger -t "$link" "update failed" |
| 152 | ) |
| 153 | } |
| 154 | } |
| 155 | |
| 156 | proto_6in4_teardown() { |
| 157 | local cfg="$1" |
| 158 | } |
| 159 | |
| 160 | proto_6in4_init_config() { |
| 161 | no_device=1 |
| 162 | available=1 |
| 163 | |
| 164 | proto_config_add_string "ipaddr" |
| 165 | proto_config_add_string "ip6addr" |
| 166 | proto_config_add_array "ip6prefix" |
| 167 | proto_config_add_string "peeraddr" |
| 168 | proto_config_add_string "tunlink" |
| 169 | proto_config_add_string "tunnelid" |
| 170 | proto_config_add_string "username" |
| 171 | proto_config_add_string "password" |
| 172 | proto_config_add_string "updatekey" |
| 173 | proto_config_add_int "mtu" |
| 174 | proto_config_add_int "ttl" |
| 175 | proto_config_add_string "tos" |
| 176 | proto_config_add_string "device" |
| 177 | proto_config_add_boolean "nohostroute" |
| 178 | } |
| 179 | |
| 180 | [ -n "$INCLUDE_ONLY" ] || { |
| 181 | add_protocol 6in4 |
| 182 | } |