464xlat: import from routing, add myself as maintainer

Signed-off-by: Hans Dedecker <[email protected]>

package/network/ipv6/464xlat/Makefile

@@ -0,0 +1,43 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=464xlat
+PKG_VERSION:=11
+
+PKG_SOURCE_DATE:=2018-01-16
+PKG_MAINTAINER:=Hans Dedecker <[email protected]>
+PKG_LICENSE:=GPL-2.0
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/464xlat
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=@IPV6 +kmod-nat46 +ip
+  TITLE:=464xlat CLAT support
+endef
+
+define Build/Prepare
+	$(call Build/Prepare/Default)
+	$(CP) ./src/* $(PKG_BUILD_DIR)/
+endef
+
+define Build/Compile
+	$(MAKE) -C $(PKG_BUILD_DIR) \
+		CC="$(TARGET_CC)" \
+		CFLAGS="$(TARGET_CFLAGS) -Wall" \
+		LDFLAGS="$(TARGET_LDFLAGS)"
+endef
+
+define Package/464xlat/description
+  464xlat provides support to deploy limited IPv4 access services to mobile
+  and wireline IPv6-only edge networks without encapsulation (RFC6877)
+endef
+
+define Package/464xlat/install
+	$(INSTALL_DIR) $(1)/lib/netifd/proto
+	$(INSTALL_BIN) ./files/464xlat.sh $(1)/lib/netifd/proto/464xlat.sh
+	$(INSTALL_DIR) $(1)/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/464xlatcfg $(1)/sbin
+endef
+
+$(eval $(call BuildPackage,464xlat))

package/network/ipv6/464xlat/files/464xlat.sh

@@ -0,0 +1,111 @@
+#!/bin/sh
+# 464xlat.sh - 464xlat CLAT
+#
+# Copyright (c) 2015 Steven Barth <[email protected]>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+[ -n "$INCLUDE_ONLY" ] || {
+	. /lib/functions.sh
+	. /lib/functions/network.sh
+	. ../netifd-proto.sh
+	init_proto "$@"
+}
+
+proto_464xlat_setup() {
+	local cfg="$1"
+	local iface="$2"
+	local link="464-$cfg"
+
+	local ip6addr ip6prefix tunlink zone
+	json_get_vars ip6addr ip6prefix tunlink zone
+
+	[ -z "$zone" ] && zone="wan"
+
+	( proto_add_host_dependency "$cfg" "::" "$tunlink" )
+
+	if [ -z "$tunlink" ] && ! network_find_wan6 tunlink; then
+		proto_notify_error "$cfg" "NO_WAN_LINK"
+		return
+	fi
+	network_get_device tundev "$tunlink"
+
+	ip6addr=$(464xlatcfg "$link" "$tundev" "$ip6prefix" 192.0.0.1 $ip6addr)
+	if [ -z "$ip6addr" ]; then
+		proto_notify_error "$cfg" "CLAT_CONFIG_FAILED"
+		return
+	fi
+
+	ip -6 rule del from all lookup local
+	ip -6 rule add from all lookup local pref 1
+	ip -6 rule add to $ip6addr lookup prelocal pref 0
+	echo "$ip6addr" > /tmp/464-$cfg-anycast
+
+	proto_init_update "$link" 1
+	proto_add_ipv4_route "0.0.0.0" 0 "" "" 2048
+	proto_add_ipv6_route $ip6addr 128 "" "" "" "" 128
+
+	proto_add_data
+	[ "$zone" != "-" ] && json_add_string zone "$zone"
+
+	json_add_array firewall
+		json_add_object ""
+			json_add_string type nat
+			json_add_string target SNAT
+			json_add_string family inet
+			json_add_string snat_ip 192.0.0.1
+		json_close_object
+		json_add_object ""
+			json_add_string type rule
+			json_add_string family inet6
+			json_add_string proto all
+			json_add_string direction in
+			json_add_string dest "$zone"
+			json_add_string src "$zone"
+			json_add_string src_ip $ip6addr
+			json_add_string target ACCEPT
+		json_close_object
+	json_close_array
+	proto_close_data
+
+	proto_send_update "$cfg"
+}
+
+proto_464xlat_teardown() {
+	local cfg="$1"
+	local link="464-$cfg"
+
+	[ -f /tmp/464-$cfg-anycast ] || return
+	local ip6addr=$(cat /tmp/464-$cfg-anycast)
+
+	464xlatcfg "$link"
+
+	rm -rf /tmp/464-$cfg-anycast
+	[ -n "$ip6addr" ] && ip -6 rule del to $ip6addr lookup prelocal
+
+	if [ -z "$(ls /tmp/464-*-anycast 2>&-)" ]; then
+		ip -6 rule del from all lookup local
+		ip -6 rule add from all lookup local pref 0
+	fi
+}
+
+proto_464xlat_init_config() {
+	no_device=1
+	available=1
+
+	proto_config_add_string "ip6prefix"
+	proto_config_add_string "ip6addr"
+	proto_config_add_string "tunlink"
+	proto_config_add_string "zone"
+}
+
+[ -n "$INCLUDE_ONLY" ] || {
+        add_protocol 464xlat
+}

package/network/ipv6/464xlat/src/464xlatcfg.c

@@ -0,0 +1,154 @@
+/* 464xlatcfg.c
+ *
+ * Copyright (c) 2015 Steven Barth <[email protected]>
+ * Copyright (c) 2017 Hans Dedecker <[email protected]>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <netinet/icmp6.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <net/if.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <stdio.h>
+#include <netdb.h>
+
+static void sighandler(__attribute__((unused)) int signal)
+{
+}
+
+int main(int argc, const char *argv[])
+{
+	char buf[INET6_ADDRSTRLEN], prefix[INET6_ADDRSTRLEN + 4];
+	int pid;
+
+	if (argc <= 1) {
+		fprintf(stderr, "Usage: %s <name> [ifname] [ipv6prefix] [ipv4addr] [ipv6addr]\n", argv[0]);
+		return 1;
+	}
+
+	snprintf(buf, sizeof(buf), "/var/run/%s.pid", argv[1]);
+	FILE *fp = fopen(buf, "r");
+	if (fp) {
+		if (fscanf(fp, "%d", &pid) == 1)
+			kill(pid, SIGTERM);
+
+		unlink(buf);
+		fclose(fp);
+	}
+
+	if (!argv[2])
+		return 0;
+
+	if (!argv[3] || !argv[4] || !(fp = fopen(buf, "wx")))
+		return 1;
+
+	signal(SIGTERM, SIG_DFL);
+	setvbuf(fp, NULL, _IOLBF, 0);
+	fprintf(fp, "%d\n", getpid());
+
+	prefix[sizeof(prefix) - 1] = 0;
+	strncpy(prefix, argv[3], sizeof(prefix) - 1);
+
+	if (!prefix[0]) {
+		struct addrinfo hints = { .ai_family = AF_INET6 }, *res;
+		if (getaddrinfo("ipv4only.arpa", NULL, &hints, &res) || !res) {
+			sleep(3);
+			if (getaddrinfo("ipv4only.arpa", NULL, &hints, &res) || !res)
+				return 2;
+		}
+
+		struct sockaddr_in6 *sin6 = (struct sockaddr_in6*)res->ai_addr;
+		inet_ntop(AF_INET6, &sin6->sin6_addr, prefix, sizeof(prefix) - 4);
+		strcat(prefix, "/96");
+		freeaddrinfo(res);
+	}
+
+	int i = 0;
+	int sock;
+	struct sockaddr_in6 saddr;
+
+	do {
+		socklen_t saddrlen = sizeof(saddr);
+		struct icmp6_filter filt;
+
+		sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
+		ICMP6_FILTER_SETBLOCKALL(&filt);
+		setsockopt(sock, IPPROTO_ICMPV6, ICMP6_FILTER, &filt, sizeof(filt));
+		setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, argv[2], strlen(argv[2]));
+		memset(&saddr, 0, sizeof(saddr));
+		saddr.sin6_family = AF_INET6;
+		saddr.sin6_addr.s6_addr32[0] = htonl(0x2001);
+		saddr.sin6_addr.s6_addr32[1] = htonl(0xdb8);
+		if (connect(sock, (struct sockaddr*)&saddr, sizeof(saddr)) ||
+				getsockname(sock, (struct sockaddr*)&saddr, &saddrlen))
+			return 3;
+
+		if (!IN6_IS_ADDR_LINKLOCAL(&saddr.sin6_addr) || argv[5])
+			break;
+
+		close(sock);
+		sleep(3);
+		i++;
+	} while (i < 3);
+
+	struct ipv6_mreq mreq = {saddr.sin6_addr, if_nametoindex(argv[2])};
+	if (!argv[5]) {
+		if (IN6_IS_ADDR_LINKLOCAL(&mreq.ipv6mr_multiaddr))
+			return 5;
+
+		srandom(mreq.ipv6mr_multiaddr.s6_addr32[0] ^ mreq.ipv6mr_multiaddr.s6_addr32[1] ^
+				mreq.ipv6mr_multiaddr.s6_addr32[2] ^ mreq.ipv6mr_multiaddr.s6_addr32[3]);
+		mreq.ipv6mr_multiaddr.s6_addr32[2] = random();
+		mreq.ipv6mr_multiaddr.s6_addr32[3] = random();
+	} else if (inet_pton(AF_INET6, argv[5], &mreq.ipv6mr_multiaddr) != 1) {
+		return 1;
+	}
+
+	if (setsockopt(sock, SOL_IPV6, IPV6_JOIN_ANYCAST, &mreq, sizeof(mreq)))
+		return 3;
+
+	inet_ntop(AF_INET6, &mreq.ipv6mr_multiaddr, buf, sizeof(buf));
+	fputs(buf, stdout);
+	fputc('\n', stdout);
+	fflush(stdout);
+
+	FILE *nat46 = fopen("/proc/net/nat46/control", "w");
+	if (!nat46 || fprintf(nat46, "add %s\nconfig %s local.style NONE local.v4 %s/32 local.v6 %s/128 "
+			"remote.style RFC6052 remote.v6 %s\n", argv[1], argv[1], argv[4], buf, prefix) < 0 ||
+			fclose(nat46))
+		return 4;
+
+	if (!(pid = fork())) {
+		fclose(fp);
+		fclose(stdin);
+		fclose(stdout);
+		fclose(stderr);
+		chdir("/");
+		setsid();
+		signal(SIGTERM, sighandler);
+		pause();
+
+		nat46 = fopen("/proc/net/nat46/control", "w");
+		if (nat46) {
+			fprintf(nat46, "del %s\n", argv[1]);
+			fclose(nat46);
+		}
+	} else {
+		rewind(fp);
+		fprintf(fp, "%d\n", pid);
+	}
+
+	return 0;
+}

package/network/ipv6/464xlat/src/Makefile

@@ -0,0 +1,8 @@
+all: 464xlatcfg
+
+464xlatcfg: 464xlatcfg.c
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+
+clean:
+	rm -f 464xlatcfg
+