ipv6 prefix delegation for rotuer

much tidying needed, but it works
module-based-network
Daniel Barlow 2023-05-31 23:29:05 +01:00
parent d82173133c
commit 3f4dbfcfd3
7 changed files with 123 additions and 5 deletions

View File

@ -0,0 +1,70 @@
(local inotify (require :inotify))
(fn watch-fsevents [directory-name]
(let [handle (inotify.init)]
(handle:addwatch directory-name
inotify.IN_CREATE
inotify.IN_MOVE
inotify.IN_DELETE
inotify.IN_DELETE_SELF
inotify.IN_MOVED_FROM
inotify.IN_MOVED_TO
inotify.IN_CLOSE_WRITE)
handle))
(fn merge [table1 table2]
(collect [k v (pairs table2) &into table1]
k v))
(fn parse-extra [s]
(let [out {}]
(each [name val (string.gmatch s ",(.-)=([^,]+)")]
(tset out name val))
out))
(fn parse-prefixes [prefixes]
(icollect [val (string.gmatch prefixes "([^ ]+)")]
(let [(prefix len preferred valid extra)
(string.match val "(.-)::/(%d+),(%d+),(%d+)(.*)$")]
(merge {: prefix : len : preferred : valid} (parse-extra extra))
)))
;; Format: <prefix>/<length>,preferred,valid[,excluded=<excluded-prefix>/<length>][,class=<prefix class #>]
;; (parse-prefixes "2001:8b0:de3a:40dc::/64,7198,7198 2001:8b0:de3a:1001::/64,7198,7188,excluded=1/2,thi=10")
(fn file-exists? [name]
(let [f (io.open name :r)]
(match f
non-nil (or (f:close) true)
(nil err) false)))
(fn read-line [name]
(with-open [f (assert (io.open name :r) (.. "can't open file " name))]
(f:read "*l")))
(var last-update 0)
(fn event-time [directory]
(if (file-exists? (.. directory "/state"))
(tonumber (read-line (.. directory "/last-update")))
nil))
(fn wait-for-update [directory fsevents]
(while (<= (or (event-time directory) 0) last-update)
(fsevents:read))
(set last-update (event-time directory))
true)
(let [[state-directory lan-device] arg
fsevents (watch-fsevents state-directory)]
(while (wait-for-update state-directory fsevents)
(match (read-line (.. state-directory "/state"))
(where (or :bound :rebound :informed :updated :ra-updated))
(let [[{ : prefix : len : preferred : valid }]
(parse-prefixes (read-line (.. state-directory "/prefixes")))]
(os.execute (.. "ip address add " prefix "::1/" len
" dev " lan-device)))
_ (os.exit 1))))

View File

@ -0,0 +1,10 @@
{
writeFennelScript
, luaSmall
, linotify
}:
writeFennelScript "acquire-delegated-prefix"
[
(linotify.override { lua = luaSmall; })
]
./acquire-delegated-prefix.fnl

View File

@ -10,6 +10,10 @@
(fn write-value-from-env [name]
(write-value name (os.getenv (string.upper name))))
;; we remove state before updating to ensure that consumers don't get
;; a half-updated snapshot
(os.remove (.. state-directory "/state"))
(let [wanted
[
:addresses
@ -52,7 +56,8 @@
"unbound" false
"stopped" false
_ true)]
(write-value "state" state)
(write-value "last-update" (tostring (os.time)))
(write-value "ifname" ifname)
(write-value "state" state)
(when ready
(with-open [fd (io.open "/proc/self/fd/10" :w)] (fd:write "\n"))))

View File

@ -183,10 +183,14 @@ in rec {
groups.system.usernames = ["dnsmasq"];
services.dns =
dnsmasq {
let interface = services.int;
in dnsmasq {
resolvconf = services.resolvconf;
interface = services.int;
ranges = ["10.8.0.10,10.8.0.240"];
inherit interface;
ranges = [
"10.8.0.10,10.8.0.240"
"::,constructor:${interface.device},ra-stateless"
];
domain = "fake.liminix.org";
};
@ -248,6 +252,14 @@ in rec {
dependencies = [ services.wan ];
};
services.acquire-lan-prefix =
let script = pkgs.callPackage ./acquire-delegated-prefix.nix { };
in longrun {
name = "acquire-lan-prefix";
run = "${script} /run/service-state/dhcp6c.wan ${services.int.device}";
dependencies = [ services.dhcp6 ];
};
services.default = target {
name = "default";
contents = with config.services; [
@ -265,6 +277,7 @@ in rec {
sshd
config.services.hostname
dhcp6
acquire-lan-prefix
];
};
defaultProfile.packages = with pkgs; [min-collect-garbage nftables tcpdump] ;

View File

@ -23,6 +23,7 @@
kernel-backport = callPackage ./kernel-backport {};
mac80211 = callPackage ./mac80211 {};
netlink-lua = callPackage ./netlink-lua {};
linotify = callPackage ./linotify {};
ifwait = callPackage ./ifwait {};
gen_init_cpio = callPackage ./gen_init_cpio {};

19
pkgs/linotify/default.nix Normal file
View File

@ -0,0 +1,19 @@
{ lua, lib, fetchFromGitHub }:
let pname = "linotify";
in lua.pkgs.buildLuaPackage {
inherit pname;
version = "0.5";
src = fetchFromGitHub {
repo = "linotify";
owner = "hoelzro";
rev = "a56913e9c0922befb65227a00cf69c2e8052de1a";
hash = "sha256-IlOJbGx1zbOR3vgNMsNTPsarhPANpzl7jsu33LEbIqY=";
};
installPhase = ''
mkdir -p "$out/lib/lua/${lua.luaversion}"
cp inotify.so "$out/lib/lua/${lua.luaversion}/"
'';
}

View File

@ -15,7 +15,7 @@ in name : packages : source :
echo "#!${lua}/bin/lua"
echo "package.path = ${lib.strings.escapeShellArg luapath} .. package.path"
echo "package.cpath = ${lib.strings.escapeShellArg luacpath} .. package.cpath"
${lua.pkgs.fennel}/bin/fennel --compile ${source}
${lua.pkgs.fennel}/bin/fennel --correlate --compile ${source}
) > $out
chmod a+x $out
''