diff options
author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2018-02-27 01:45:19 +0200 |
---|---|---|
committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2018-03-06 20:53:53 +0200 |
commit | 575908f89ac8f204ddadd8f69f0c8dcc4d997dd5 (patch) | |
tree | e23d4cfa32dc0b9bf775dbac41b120c94b1dbdff | |
parent | 84bacf1b16e81f040d70625f4b3fe2051cdcd576 (diff) | |
download | dmvpn-tools-575908f89ac8f204ddadd8f69f0c8dcc4d997dd5.tar.bz2 dmvpn-tools-575908f89ac8f204ddadd8f69f0c8dcc4d997dd5.tar.xz |
configurable prefix length limitv0.1.1
-rwxr-xr-x | nhrp-events | 16 | ||||
-rwxr-xr-x | setup-dmvpn | 13 |
2 files changed, 26 insertions, 3 deletions
diff --git a/nhrp-events b/nhrp-events index 834c851..317c197 100755 --- a/nhrp-events +++ b/nhrp-events @@ -166,13 +166,25 @@ end local function bgp_create_spoke_rules(msg, remote_cert, local_cert) if not local_cert.hub then return end + if not config then + local conf_file = io.open("/etc/nhrp-events.conf") + config = require("lyaml").load(conf_file:read("*a")) + conf_file:close() + end + local bgpcfg = {} for afi, family in ipairs{"ip", "ipv6"} do for seq, net in ipairs(remote_cert.NET[afi]) do + local len = tonumber(net:match('/(%d+)$')) + local limit = remote_cert.hub and ({32, 128})[afi] or config['max-prefix-length'][family] table.insert( bgpcfg, - ("%s prefix-list net-%s-in seq %d permit %s"):format( - family, msg.remote_addr, seq * 5, net + ("%s prefix-list net-%s-in seq %d permit %s%s"):format( + family, + msg.remote_addr, + seq * 5, + net, + limit > len and (" le %d"):format(limit) or "" ) ) end diff --git a/setup-dmvpn b/setup-dmvpn index d862472..4d4ceb7 100755 --- a/setup-dmvpn +++ b/setup-dmvpn @@ -251,5 +251,16 @@ EOF awall enable dmvpn-hub awall translate enable_firewall iptables - [ "$SITE_PREFIX_LEN_IPV6" ] && enable_firewall ip6tables + + cat > /etc/nhrp-events.conf <<EOF +max-prefix-length: + ip: $SITE_PREFIX_LEN_IPV4 +EOF + + if [ "$SITE_PREFIX_LEN_IPV6" ]; then + enable_firewall ip6tables + cat >> /etc/nhrp-events.conf <<EOF + ipv6: $SITE_PREFIX_LEN_IPV6 +EOF + fi fi |