aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2018-02-26 16:45:08 +0200
committerKaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>2018-03-06 13:11:54 +0200
commitb20fb5d12c472bbc0648355805df6c379894180b (patch)
tree83bdbc3520fe8271a5fe0e6acb60fe0520ae383a
parentb0ff5cd7d6aa05bb97dd4bd2bde6d16168e02c7c (diff)
downloaddmvpn-tools-b20fb5d12c472bbc0648355805df6c379894180b.tar.bz2
dmvpn-tools-b20fb5d12c472bbc0648355805df6c379894180b.tar.xz
nhrp-events: IPv6 support
-rw-r--r--dmvpn.lua7
-rwxr-xr-xnhrp-events63
2 files changed, 49 insertions, 21 deletions
diff --git a/dmvpn.lua b/dmvpn.lua
index 82a9722..32419f8 100644
--- a/dmvpn.lua
+++ b/dmvpn.lua
@@ -21,12 +21,13 @@ local decoders={
end
end,
['sbgp-ipAddrBlock']=function(d)
- local res = {}
+ local res = {{}, {}}
for _, ab in ipairs(rfc3779.IPAddrBlocks.decode(d)) do
- if ab.ipAddressChoice and ab.ipAddressChoice.addressesOrRanges then
+ local afi = ab.addressFamily.afi
+ if res[afi] and ab.ipAddressChoice and ab.ipAddressChoice.addressesOrRanges then
for _, a in ipairs(ab.ipAddressChoice.addressesOrRanges) do
if a.addressPrefix then
- table.insert(res, a.addressPrefix)
+ table.insert(res[afi], a.addressPrefix)
end
end
end
diff --git a/nhrp-events b/nhrp-events
index 3d791b2..49cf22b 100755
--- a/nhrp-events
+++ b/nhrp-events
@@ -60,7 +60,7 @@ local function parse_cert(certhex)
cn = "(no CN)",
AS = 0,
GRE = {},
- NET = {},
+ NET = {{}, {}}
}
local cert = x509.new(certhex:hex2bin(), 'der')
out.cn = tostring(cert:getSubject())
@@ -143,9 +143,19 @@ local function bgp_reset(msg, local_cert)
end
local function bgp_nhs_up(msg, remote_cert, local_cert)
- configure_bgp(("nhs-up %s"):format(msg.remote_addr),
+ local bgpcfg = {
("router bgp %s"):format(local_cert.AS),
- ("neighbor %s peer-group hubs"):format(msg.remote_addr))
+ ("neighbor %s peer-group hubs"):format(msg.remote_addr)
+ }
+ if #local_cert.NET[2] > 0 then
+ table.insert(bgpcfg, "address-family ipv6")
+ table.insert(
+ bgpcfg, ("neighbor %s activate"):format(msg.remote_addr)
+ )
+ end
+ configure_bgp(
+ ("nhs-up %s"):format(msg.remote_addr), table.unpack(bgpcfg)
+ )
end
local function bgp_nhs_down(msg, remote_cert, local_cert)
@@ -158,11 +168,15 @@ local function bgp_create_spoke_rules(msg, remote_cert, local_cert)
if not local_cert.hub then return end
local bgpcfg = {}
- for seq, net in ipairs(remote_cert.NET) do
- table.insert(bgpcfg,
- ("ip prefix-list net-%s-in seq %d permit %s le %d"):format(
- msg.remote_addr, seq * 5, net,
- remote_cert.hub and 32 or 26))
+ for afi, family in ipairs{"ip", "ipv6"} do
+ for seq, net in ipairs(remote_cert.NET[afi]) do
+ table.insert(
+ bgpcfg,
+ ("%s prefix-list net-%s-in seq %d permit %s"):format(
+ family, msg.remote_addr, seq * 5, net
+ )
+ )
+ end
end
table.insert(bgpcfg, ("router bgp %s"):format(local_cert.AS))
if remote_cert.hub then
@@ -175,6 +189,17 @@ local function bgp_create_spoke_rules(msg, remote_cert, local_cert)
end
table.insert(bgpcfg, ("neighbor %s prefix-list net-%s-in in"):format(msg.remote_addr, msg.remote_addr))
+ if #remote_cert.NET[2] > 0 then
+ table.insert(bgpcfg, "address-family ipv6")
+ table.insert(
+ bgpcfg, ("neighbor %s activate"):format(msg.remote_addr)
+ )
+ table.insert(
+ bgpcfg,
+ ("neighbor %s prefix-list net-%s-in in"):format(msg.remote_addr, msg.remote_addr)
+ )
+ end
+
local status, output = configure_bgp(("nhc-register %s"):format(msg.remote_addr), table.unpack(bgpcfg))
if output:find("Cannot") then
posix.syslog(6, "BGP: "..output)
@@ -206,19 +231,21 @@ local function handle_message(msg)
msg.remote_addr, msg.remote_nbma, remote_cert.cn))
-- Automatic BGP binding for hub-spoke connections
- if msg.type == "nhs" and msg.old_type ~= "nhs" then
- if not local_cert.hub then
- if tonumber(msg.num_nhs) == 0 and msg.vc_initiated == "yes" then
- bgp_reset(msg, local_cert)
+ if msg.remote_addr:find("%.") then
+ if msg.type == "nhs" and msg.old_type ~= "nhs" then
+ if not local_cert.hub then
+ if tonumber(msg.num_nhs) == 0 and msg.vc_initiated == "yes" then
+ bgp_reset(msg, local_cert)
+ end
+ bgp_nhs_up(msg, remote_cert, local_cert)
+ else
+ bgp_create_spoke_rules(msg, remote_cert, local_cert)
end
- bgp_nhs_up(msg, remote_cert, local_cert)
- else
+ elseif msg.type ~= "nhs" and msg.old_type == "nhs" then
+ bgp_nhs_down(msg, remote_cert, local_cert)
+ elseif msg.type == "dynamic" and msg.old_type ~= "dynamic" then
bgp_create_spoke_rules(msg, remote_cert, local_cert)
end
- elseif msg.type ~= "nhs" and msg.old_type == "nhs" then
- bgp_nhs_down(msg, remote_cert, local_cert)
- elseif msg.type == "dynamic" and msg.old_type ~= "dynamic" then
- bgp_create_spoke_rules(msg, remote_cert, local_cert)
end
return "accept"