Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
R
re6stnet
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Joanne Hugé
re6stnet
Commits
484aef7a
Commit
484aef7a
authored
Sep 30, 2022
by
Joanne Hugé
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Remove --default option
parent
f4506017
Changes
7
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
26 additions
and
69 deletions
+26
-69
demo/m10/re6stnet.conf
demo/m10/re6stnet.conf
+0
-1
demo/m2/re6stnet.conf
demo/m2/re6stnet.conf
+0
-1
demo/m4/re6stnet.conf
demo/m4/re6stnet.conf
+0
-1
demo/m5/re6stnet.conf
demo/m5/re6stnet.conf
+0
-1
docs/re6stnet.rst
docs/re6stnet.rst
+9
-9
re6st/cli/node.py
re6st/cli/node.py
+15
-51
re6st/plib.py
re6st/plib.py
+2
-5
No files found.
demo/m10/re6stnet.conf
View file @
484aef7a
...
@@ -4,6 +4,5 @@ state m10/
...
@@ -4,6 +4,5 @@ state m10/
ca
ca2
.
crt
ca
ca2
.
crt
cert
m10
/
cert
.
crt
cert
m10
/
cert
.
crt
key
m10
/
cert
.
key
key
m10
/
cert
.
key
default
client
-
count
2
client
-
count
2
max
-
clients
2
max
-
clients
2
demo/m2/re6stnet.conf
View file @
484aef7a
...
@@ -5,4 +5,3 @@ pp 1194 tcp
...
@@ -5,4 +5,3 @@ pp 1194 tcp
ca
ca
.
crt
ca
ca
.
crt
cert
m2
/
cert
.
crt
cert
m2
/
cert
.
crt
key
m2
/
cert
.
key
key
m2
/
cert
.
key
default
demo/m4/re6stnet.conf
View file @
484aef7a
...
@@ -5,4 +5,3 @@ pp 1194 tcp
...
@@ -5,4 +5,3 @@ pp 1194 tcp
ca
ca
.
crt
ca
ca
.
crt
cert
m4
/
cert
.
crt
cert
m4
/
cert
.
crt
key
m4
/
cert
.
key
key
m4
/
cert
.
key
default
demo/m5/re6stnet.conf
View file @
484aef7a
...
@@ -4,6 +4,5 @@ state m5/
...
@@ -4,6 +4,5 @@ state m5/
ca
ca
.
crt
ca
ca
.
crt
cert
m5
/
cert
.
crt
cert
m5
/
cert
.
crt
key
m5
/
cert
.
key
key
m5
/
cert
.
key
default
client
-
count
0
client
-
count
0
max
-
clients
0
max
-
clients
0
docs/re6stnet.rst
View file @
484aef7a
...
@@ -30,8 +30,6 @@ Use ``re6stnet --help`` to get the complete list of options.
...
@@ -30,8 +30,6 @@ Use ``re6stnet --help`` to get the complete list of options.
If you already have IPv6 connectivity by autoconfiguration and still want to
If you already have IPv6 connectivity by autoconfiguration and still want to
use it for communications that are unrelated to this network, then:
use it for communications that are unrelated to this network, then:
- your kernel must support source address based routing (because you can't
use ``--default`` option).
- you must set ``net.ipv6.conf.<iface>.accept_ra`` sysctl to value 2 and
- you must set ``net.ipv6.conf.<iface>.accept_ra`` sysctl to value 2 and
trigger SLAAC with ``rdisc6 <iface>`` to restore the default route if the
trigger SLAAC with ``rdisc6 <iface>`` to restore the default route if the
kernel removed while enabling forwarding.
kernel removed while enabling forwarding.
...
@@ -85,20 +83,22 @@ If the `/etc/re6stnet/re6stnet.conf` configuration file exists, `re6stnet` is
...
@@ -85,20 +83,22 @@ If the `/etc/re6stnet/re6stnet.conf` configuration file exists, `re6stnet` is
automatically started as a system daemon, by ``systemd``\ (1). Debian package
automatically started as a system daemon, by ``systemd``\ (1). Debian package
also provides SysV init scripts.
also provides SysV init scripts.
Important note about
``--default`` option
Important note about
re6st's default route
-----------------------------------------
-----------------------------------------
When re6st is configured to route all your IPv6 traffic (``--default``),
Re6st installs a default route with a source-based routing filter, your kernel
any other interface providing IPv6 must have no default route. Otherwise,
must therefore support source address based routing. This route allows your node
re6st either refuses to start or aborts if it detect a default route.
to redirect traffic to non-re6st destinations while preventing any conflict with
already installed default routes (in case you have native IPv6 connectivity). If
you don't have any other IPv6 default route the route will still be used to
route all your IPv6 traffic.
Correct usage of NetworkManager
Correct usage of NetworkManager
-------------------------------
-------------------------------
It is required to configure properly every connection defined in NetworkManager
It is required to configure properly every connection defined in NetworkManager
because default settings are wrong and conflict with re6st. If ``--default`` is
because default settings are wrong and conflict with re6st. Please enable the
used, then disable IPv6, else enable the following options in the [ipv6]
following options in the [ipv6] section::
section::
ignore-auto-routes=true
ignore-auto-routes=true
never-default=true
never-default=true
...
...
re6st/cli/node.py
View file @
484aef7a
...
@@ -74,13 +74,10 @@ def getConfig():
...
@@ -74,13 +74,10 @@ def getConfig():
_
=
parser
.
add_argument_group
(
'routing'
).
add_argument
_
=
parser
.
add_argument_group
(
'routing'
).
add_argument
_
(
'-B'
,
dest
=
'babel_args'
,
metavar
=
'ARG'
,
action
=
'append'
,
default
=
[],
_
(
'-B'
,
dest
=
'babel_args'
,
metavar
=
'ARG'
,
action
=
'append'
,
default
=
[],
help
=
"Extra arguments to forward to Babel."
)
help
=
"Extra arguments to forward to Babel."
)
_
(
'-D'
,
'--default'
,
action
=
'store_true'
,
help
=
"Access internet via this network (in this case, make sure you"
" don't already have a default route), or if your kernel was"
" compiled without support for source address based routing"
" (CONFIG_IPV6_SUBTREES). Meaningless with --gateway."
)
_
(
'--table'
,
type
=
int
,
choices
=
(
0
,),
_
(
'--table'
,
type
=
int
,
choices
=
(
0
,),
help
=
"DEPRECATED: Use --default instead of --table=0"
)
help
=
"DEPRECATED"
)
_
(
'--default'
,
action
=
'store_true'
,
help
=
"DEPRECATED"
)
_
(
'--gateway'
,
action
=
'store_true'
,
_
(
'--gateway'
,
action
=
'store_true'
,
help
=
"Act as a gateway for this network (the default route will be"
help
=
"Act as a gateway for this network (the default route will be"
" exported). Do never use it if you don't know what it means."
)
" exported). Do never use it if you don't know what it means."
)
...
@@ -160,19 +157,14 @@ def main():
...
@@ -160,19 +157,14 @@ def main():
config
.
max_clients
=
cache
.
max_clients
config
.
max_clients
=
cache
.
max_clients
if
config
.
table
is
not
None
:
if
config
.
table
is
not
None
:
logging
.
warning
(
"--table option is deprecated: use --default instead"
)
logging
.
warning
(
"--table option is deprecated"
)
config
.
default
=
True
if
config
.
default
:
if
config
.
default
and
config
.
gateway
:
logging
.
warning
(
"--default option is deprecated"
)
sys
.
exit
(
"error: conflicting options --default and --gateway"
)
if
config
.
disable_proto
is
None
:
if
config
.
disable_proto
is
None
:
config
.
disable_proto
=
DEFAULT_DISABLED_PROTO
config
.
disable_proto
=
DEFAULT_DISABLED_PROTO
elif
'none'
in
config
.
disable_proto
:
elif
'none'
in
config
.
disable_proto
:
config
.
disable_proto
=
()
config
.
disable_proto
=
()
if
config
.
default
:
# Make sure we won't tunnel over re6st.
config
.
disable_proto
=
tuple
({
'tcp6'
,
'udp6'
}.
union
(
config
.
disable_proto
))
def
add_tunnels
(
iface_list
):
def
add_tunnels
(
iface_list
):
for
iface
in
iface_list
:
for
iface
in
iface_list
:
config
.
babel_args
+=
'-C'
,
'interface %s type tunnel'
%
iface
config
.
babel_args
+=
'-C'
,
'interface %s type tunnel'
%
iface
...
@@ -382,47 +374,19 @@ def main():
...
@@ -382,47 +374,19 @@ def main():
subprocess
.
call
(
if_rt
)
subprocess
.
call
(
if_rt
)
if_rt
[
4
]
=
my_subnet
if_rt
[
4
]
=
my_subnet
cleanup
.
append
(
lambda
:
subprocess
.
call
(
if_rt
))
cleanup
.
append
(
lambda
:
subprocess
.
call
(
if_rt
))
if
config
.
default
:
x
=
[
'ip'
,
'-6'
,
'route'
,
'add'
,
def
check_no_default_route
():
'unreachable'
,
'::/128'
,
'from'
,
'::/128'
]
for
route
in
call
((
'ip'
,
'-6'
,
'route'
,
'show'
,
if
subprocess
.
call
(
x
):
'default'
)).
splitlines
():
sys
.
exit
(
'error: Source address based routing is not'
if
not
(
' proto babel '
in
route
' enabled in your kernel (CONFIG_IPV6_SUBTREES).'
)
or
' proto 42 '
in
route
):
x
[
3
]
=
'del'
sys
.
exit
(
"Detected default route (%s)"
subprocess
.
check_call
(
x
)
" whereas you specified --default."
" Fix your configuration."
%
route
)
check_no_default_route
()
def
check_no_default_route_thread
():
try
:
while
True
:
time
.
sleep
(
60
)
try
:
check_no_default_route
()
except
OSError
,
e
:
if
e
.
errno
!=
errno
.
ENOMEM
:
raise
except
:
utils
.
log_exception
()
finally
:
exit
.
kill_main
(
1
)
t
=
threading
.
Thread
(
target
=
check_no_default_route_thread
)
t
.
daemon
=
True
t
.
start
()
else
:
x
=
[
'ip'
,
'-6'
,
'route'
,
'add'
,
'unreachable'
,
'::/128'
,
'from'
,
'::/128'
]
if
subprocess
.
call
(
x
):
sys
.
exit
(
'error: Source address based routing is not'
' enabled in your kernel (CONFIG_IPV6_SUBTREES).'
' Try with the --default option.'
)
x
[
3
]
=
'del'
subprocess
.
check_call
(
x
)
ip
(
'route'
,
'unreachable'
,
my_network
)
ip
(
'route'
,
'unreachable'
,
my_network
)
config
.
babel_args
+=
config
.
iface_list
config
.
babel_args
+=
config
.
iface_list
cleanup
.
append
(
plib
.
router
((
my_ip
,
len
(
subnet
)),
ipv4
,
cleanup
.
append
(
plib
.
router
((
my_ip
,
len
(
subnet
)),
ipv4
,
my_network
if
config
.
gateway
or
config
.
default
else
None
,
my_network
if
config
.
gateway
else
None
,
c
onfig
.
gateway
,
c
ache
.
hello
,
cache
.
hello
,
os
.
path
.
join
(
config
.
log
,
'babeld.log'
),
os
.
path
.
join
(
config
.
log
,
'babeld.log'
),
os
.
path
.
join
(
config
.
state
,
'babeld.state'
),
os
.
path
.
join
(
config
.
state
,
'babeld.state'
),
os
.
path
.
join
(
config
.
run
,
'babeld.pid'
),
os
.
path
.
join
(
config
.
run
,
'babeld.pid'
),
...
...
re6st/plib.py
View file @
484aef7a
...
@@ -62,7 +62,7 @@ def client(iface, address_list, encrypt, *args, **kw):
...
@@ -62,7 +62,7 @@ def client(iface, address_list, encrypt, *args, **kw):
return
openvpn
(
iface
,
encrypt
,
*
remote
,
**
kw
)
return
openvpn
(
iface
,
encrypt
,
*
remote
,
**
kw
)
def
router
(
ip
,
ip4
,
src
,
gateway
,
hello_interval
,
log_path
,
state_path
,
pidfile
,
def
router
(
ip
,
ip4
,
src
,
hello_interval
,
log_path
,
state_path
,
pidfile
,
control_socket
,
default
,
hmac
,
*
args
,
**
kw
):
control_socket
,
default
,
hmac
,
*
args
,
**
kw
):
ip
,
n
=
ip
ip
,
n
=
ip
hmac_sign
,
hmac_accept
=
hmac
hmac_sign
,
hmac_accept
=
hmac
...
@@ -98,10 +98,7 @@ def router(ip, ip4, src, gateway, hello_interval, log_path, state_path, pidfile,
...
@@ -98,10 +98,7 @@ def router(ip, ip4, src, gateway, hello_interval, log_path, state_path, pidfile,
if
ip4
:
if
ip4
:
cmd
+=
'-C'
,
'redistribute ip %s/%s eq %s'
%
(
ip4
,
n4
,
n4
)
cmd
+=
'-C'
,
'redistribute ip %s/%s eq %s'
%
(
ip4
,
n4
,
n4
)
if
src
:
if
src
:
if
gateway
:
cmd
+=
'-C'
,
'redistribute ip ::/0 eq 0 src-prefix '
+
src
cmd
+=
'-C'
,
'redistribute ip ::/0 eq 0 src-prefix '
+
src
else
:
cmd
+=
'-C'
,
'install ip ::/0 eq 0 src-prefix '
+
src
+
' pref-src '
+
ip
cmd
+=
(
'-C'
,
'redistribute deny'
,
cmd
+=
(
'-C'
,
'redistribute deny'
,
'-C'
,
'install ip ::/0 ge 1 pref-src '
+
ip
)
'-C'
,
'install ip ::/0 ge 1 pref-src '
+
ip
)
if
ip4
:
if
ip4
:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment