summaryrefslogtreecommitdiff
path: root/roles/linux_ns/templates
diff options
context:
space:
mode:
Diffstat (limited to 'roles/linux_ns/templates')
-rwxr-xr-xroles/linux_ns/templates/dn42-route-namespace.sh85
1 files changed, 85 insertions, 0 deletions
diff --git a/roles/linux_ns/templates/dn42-route-namespace.sh b/roles/linux_ns/templates/dn42-route-namespace.sh
new file mode 100755
index 0000000..6822834
--- /dev/null
+++ b/roles/linux_ns/templates/dn42-route-namespace.sh
@@ -0,0 +1,85 @@
+#!/bin/sh -x
+
+set -eu
+
+# Set public IPv6 network prefix in the form aaaa:bbbb:cccc:dddd
+# (yes, without trailing: or ::)
+hoster_prefix_v6="{{ hoster_ipv6_prefix }}"
+# hardcoded: use 42 prefix
+ns_prefix_v6="${hoster_prefix_v6}:42"
+
+# insert IPv4 address
+hoster_addr_v4="{{ hoster_ipv4_address }}"
+# hardcoded: net
+ns_net_v4="10.42.0.0/24"
+# hardcoded: peer address (inside namespace)
+ns_addr_peer_v4="10.42.0.2/32"
+
+case $- in
+ *x*) debug="-x" ;;
+ *) debug="" ;;
+esac
+
+case "$1" in
+ start)
+ ip netns exec dn42 sh $debug "$0" start-ns
+ ip route add ${ns_net_v4} dev vethdn42
+ ip a add ${ns_prefix_v6}::1/128 dev vethdn42
+ ip route add ${ns_prefix_v6}::2/128 dev vethdn42
+ # hardcoded: route for dn42
+ ip route replace fd00::/8 via ${ns_prefix_v6}::2 dev vethdn42 src fcee::1
+ ;;
+ start-ns)
+ sysctl -w net.ipv6.conf.all.forwarding=1
+
+ ip -4 route flush dev eth0
+ ip -6 route flush dev eth0
+ ip -4 a flush dev eth0
+ ip -6 a flush dev eth0
+
+ ip a add ${ns_addr_peer_v4} dev eth0
+ ip route add ${hoster_addr_v4} dev eth0
+ ip route add default via ${hoster_addr_v4} dev eth0
+
+ ip a add ${ns_prefix_v6}::2/128 dev eth0
+ ip route add ${ns_prefix_v6}::1 dev eth0
+ ip route add default via ${ns_prefix_v6}::1 dev eth0
+
+ # hardcoded: dummy-interface with additional addresses
+ ifup dn42_int
+
+ # hardcoded: Additional rules for (policy) routing.
+ # tables are filled by bird.
+ ip -6 rule add prio 31000 table 210
+ ip -6 rule add prio 32000 table 250
+
+ # hardcoded: iptables
+ iptables-nft-restore < /etc/iptables/netns/dn42/iptables.save
+ ip6tables-nft-restore < /etc/iptables/netns/dn42/ip6tables.save
+ ;;
+ stop)
+ ip -6 route flush dev vethdn42
+ ip -4 route flush dev vethdn42
+
+ ip -6 a flush dev vethdn42
+ ip -4 a flush dev vethdn42
+
+ ip netns exec dn42 sh $debug "$0" stop-ns
+ ;;
+ stop-ns)
+ ifdown dn42_int
+
+ ip -6 route flush dev eth0
+ ip -6 a flush dev eth0
+
+ ip -4 route flush dev eth0
+ ip -4 a flush dev eth0
+
+ ip -6 rule del prio 31000
+ ip -6 rule del prio 32000
+
+ ;;
+ *)
+ echo "Ignore invalid parameter $1" >&2
+ ;;
+esac
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-22 21:24:48 +0000