summaryrefslogtreecommitdiff
path: root/roles/linux-ns/templates/dn42-route-namespace.sh
blob: 6822834278742d795f86af87d0646b9d32fee838 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

#!/bin/sh -x

set -eu

# Set public IPv6 network prefix in the form aaaa:bbbb:cccc:dddd
# (yes, without trailing: or ::)
hoster_prefix_v6="{{ hoster_ipv6_prefix }}"
# hardcoded: use 42 prefix
ns_prefix_v6="${hoster_prefix_v6}:42"

# insert IPv4 address
hoster_addr_v4="{{ hoster_ipv4_address }}"
# hardcoded: net
ns_net_v4="10.42.0.0/24"
# hardcoded: peer address (inside namespace)
ns_addr_peer_v4="10.42.0.2/32"

case $- in
  *x*) debug="-x" ;;
  *)   debug="" ;;
esac

case "$1" in
  start)
    ip netns exec dn42 sh $debug "$0" start-ns
    ip route add ${ns_net_v4} dev vethdn42
    ip a add ${ns_prefix_v6}::1/128 dev vethdn42
    ip route add ${ns_prefix_v6}::2/128 dev vethdn42
    # hardcoded: route for dn42
    ip route replace fd00::/8 via ${ns_prefix_v6}::2 dev vethdn42 src fcee::1
    ;;
  start-ns)
    sysctl -w net.ipv6.conf.all.forwarding=1

    ip -4 route flush dev eth0
    ip -6 route flush dev eth0
    ip -4 a flush dev eth0
    ip -6 a flush dev eth0

    ip a add ${ns_addr_peer_v4} dev eth0
    ip route add ${hoster_addr_v4} dev eth0
    ip route add default via ${hoster_addr_v4} dev eth0

    ip a add ${ns_prefix_v6}::2/128 dev eth0
    ip route add ${ns_prefix_v6}::1 dev eth0
    ip route add default via ${ns_prefix_v6}::1 dev eth0

    # hardcoded: dummy-interface with additional addresses
    ifup dn42_int

    # hardcoded: Additional rules for (policy) routing.
    # tables are filled by bird.
    ip -6 rule add prio 31000 table 210
    ip -6 rule add prio 32000 table 250

    # hardcoded: iptables
    iptables-nft-restore  < /etc/iptables/netns/dn42/iptables.save
    ip6tables-nft-restore  < /etc/iptables/netns/dn42/ip6tables.save
    ;;
  stop)
    ip -6 route flush dev vethdn42
    ip -4 route flush dev vethdn42

    ip -6 a flush dev vethdn42
    ip -4 a flush dev vethdn42

    ip netns exec dn42 sh $debug "$0" stop-ns
    ;;
  stop-ns)
    ifdown dn42_int

    ip -6 route flush dev eth0
    ip -6 a flush dev eth0

    ip -4 route flush dev eth0
    ip -4 a flush dev eth0

    ip -6 rule del prio 31000
    ip -6 rule del prio 32000

    ;;
  *)
    echo "Ignore invalid parameter $1" >&2
    ;;
esac
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-22 13:57:18 +0000