nat46: initial 464xlat support

Signed-off-by: Steven Barth <steven@midlink.org>

nat46/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2014 OpenWrt.org
+# Copyright (C) 2014-2015 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -29,6 +29,13 @@ define Package/map-t
   TITLE:=MAP-T configuration support
 endef
 
+define Package/464xlat
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+kmod-nat46
+  TITLE:=464xlat CLAT support
+endef
+
 define KernelPackage/nat46
   DEPENDS:=+kmod-ipv6
   TITLE:=Stateless NAT46 translation kernel module
@@ -40,7 +47,16 @@ endef
 
 include $(INCLUDE_DIR)/kernel-defaults.mk
 
+define Build/Prepare
+	$(call Build/Prepare/Default)
+	$(CP) ./src/* $(PKG_BUILD_DIR)/
+endef
+
 define Build/Compile
+	$(MAKE) -C $(PKG_BUILD_DIR) \
+		CC="$(TARGET_CC)" \
+		CFLAGS="$(TARGET_CFLAGS) -Wall" \
+		LDFLAGS="$(TARGET_LDFLAGS)"
 	$(MAKE) $(KERNEL_MAKEOPTS) SUBDIRS="$(PKG_BUILD_DIR)/nat46/modules" \
 		MODFLAGS="-DMODULE -mlong-calls" \
 		EXTRA_CFLAGS="-DNAT46_VERSION=\\\"$(PKG_SOURCE_VERSION)\\\"" \
@@ -51,5 +67,13 @@ define Package/map-t/install
 	true
 endef
 
+define Package/464xlat/install
+	$(INSTALL_DIR) $(1)/lib/netifd/proto
+	$(INSTALL_BIN) ./files/464xlat.sh $(1)/lib/netifd/proto/464xlat.sh
+	$(INSTALL_DIR) $(1)/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/464xlatcfg $(1)/sbin
+endef
+
 $(eval $(call KernelPackage,nat46))
 $(eval $(call BuildPackage,map-t))
+$(eval $(call BuildPackage,464xlat))

nat46/files/464xlat.sh

@@ -0,0 +1,102 @@
+#!/bin/sh
+# 464xlat.sh - 464xlat CLAT
+#
+# Copyright (c) 2015 Steven Barth <cyrus@openwrt.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+[ -n "$INCLUDE_ONLY" ] || {
+	. /lib/functions.sh
+	. /lib/functions/network.sh
+	. ../netifd-proto.sh
+	init_proto "$@"
+}
+
+proto_464xlat_setup() {
+	local cfg="$1"
+	local iface="$2"
+	local link="464xlat-$cfg"
+
+	local ip6addr ip6prefix tunlink zone
+	json_get_vars ip6addr ip6prefix tunlink zone
+
+	[ -z "$zone" ] && zone="wan"
+
+	( proto_add_host_dependency "$cfg" "::" "$tunlink" )
+
+	if [ -z "$tunlink" ] && ! network_find_wan6 tunlink; then
+		proto_notify_error "$cfg" "NO_WAN_LINK"
+		return
+	fi
+	network_get_device tundev "$tunlink"
+
+	ip6addr=$(464xlatcfg "$link" "$tundev" "$ip6prefix" 192.0.0.1 $ip6addr)
+	if [ -z "$ip6addr" ]; then
+		proto_notify_error "$cfg" "CLAT_CONFIG_FAILED"
+		return
+	fi
+
+	proto_init_update "$link" 1
+	proto_add_ipv4_route "0.0.0.0" 0 "" "" 2048
+	proto_add_ipv6_route $ip6addr 128 "" "" "" "" 128
+
+	proto_add_data
+	[ "$zone" != "-" ] && json_add_string zone "$zone"
+
+	json_add_array firewall
+		json_add_object ""
+			json_add_string type nat
+			json_add_string target SNAT
+			json_add_string family inet
+			json_add_string snat_ip 192.0.0.1
+		json_close_object
+	  	json_add_object ""
+	  		json_add_string type rule
+	  		json_add_string family inet6
+	  		json_add_string proto all
+	  		json_add_string direction in
+			json_add_string dest "$zone"
+			json_add_string src "$zone"
+	  		json_add_string src_ip $ip6addr
+	  		json_add_string target ACCEPT
+	  	json_close_object
+	  	json_add_object ""
+	  		json_add_string type rule
+	  		json_add_string family inet6
+	  		json_add_string proto all
+	  		json_add_string direction out
+			json_add_string dest "$zone"
+			json_add_string src "$zone"
+	  		json_add_string dest_ip $ip6addr
+	  		json_add_string target ACCEPT
+	  	json_close_object
+	json_close_array
+	proto_close_data
+
+	proto_send_update "$cfg"
+}
+
+proto_464xlat_teardown() {
+	464xlatcfg "464xlat-$1"
+}
+
+proto_464xlat_init_config() {
+	no_device=1
+	available=1
+
+	proto_config_add_string "ip6prefix"
+	proto_config_add_string "ip6addr"
+	proto_config_add_string "tunlink"
+	proto_config_add_string "zone"
+}
+
+[ -n "$INCLUDE_ONLY" ] || {
+        add_protocol 464xlat
+}

nat46/src/464xlatcfg.c

@@ -0,0 +1,116 @@
+/* 464xlatcfg.c
+ *
+ * Copyright (c) 2015 Steven Barth <cyrus@openwrt.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+#include <netinet/icmp6.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <net/if.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <stdio.h>
+#include <netdb.h>
+
+int main(int argc, const char *argv[])
+{
+	char buf[INET6_ADDRSTRLEN], prefix[INET6_ADDRSTRLEN + 4];
+	int pid;
+	
+	if (argc <= 1) {
+		fprintf(stderr, "Usage: %s <name> [ifname] [ipv6prefix] [ipv4addr] [ipv6addr]\n", argv[0]);
+		return 1;
+	}
+	
+	snprintf(buf, sizeof(buf), "/var/run/%s.pid", argv[1]);
+	FILE *fp = fopen(buf, "r");
+	if (fp) {
+		fscanf(fp, "%d", &pid);
+		kill(pid, SIGTERM);
+		unlink(buf);
+		fclose(fp);
+	}
+	
+	if (!argv[2])
+		return 0;
+	
+	if (!argv[3] || !argv[4] || !(fp = fopen(buf, "wx")))
+		return 1;
+
+	prefix[sizeof(prefix) - 1] = 0;
+	strncpy(prefix, argv[3], sizeof(prefix) - 1);
+
+	if (!prefix[0]) {
+		struct addrinfo hints = { .ai_family = AF_INET6 }, *res;
+		if (getaddrinfo("ipv4only.arpa", NULL, &hints, &res) || !res) {
+			sleep(3);
+			if (getaddrinfo("ipv4only.arpa", NULL, &hints, &res) || !res)
+				return 2;
+		}
+
+		struct sockaddr_in6 *sin6 = (struct sockaddr_in6*)res->ai_addr;
+		inet_ntop(AF_INET6, &sin6->sin6_addr, prefix, sizeof(prefix) - 4);
+		strcat(prefix, "/96");
+		freeaddrinfo(res);
+	}
+		
+	struct sockaddr_in6 saddr = {.sin6_family = AF_INET6, .sin6_addr = {{{0x20, 0x01, 0x0d, 0xb8}}}};
+	socklen_t saddrlen = sizeof(saddr);
+	int sock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
+	struct icmp6_filter filt;
+	ICMP6_FILTER_SETBLOCKALL(&filt);
+	setsockopt(sock, IPPROTO_ICMPV6, ICMP6_FILTER, &filt, sizeof(filt));
+	setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, argv[2], strlen(argv[2]));
+	if (connect(sock, (struct sockaddr*)&saddr, sizeof(saddr)) ||
+			getsockname(sock, (struct sockaddr*)&saddr, &saddrlen))
+		return 3;
+	
+	struct ipv6_mreq mreq = {saddr.sin6_addr, if_nametoindex(argv[2])};
+	if (!argv[5]) {
+		srandom(mreq.ipv6mr_multiaddr.s6_addr32[0] ^ mreq.ipv6mr_multiaddr.s6_addr32[1] ^
+				mreq.ipv6mr_multiaddr.s6_addr32[2] ^ mreq.ipv6mr_multiaddr.s6_addr32[3]);
+		mreq.ipv6mr_multiaddr.s6_addr32[2] = random();
+		mreq.ipv6mr_multiaddr.s6_addr32[3] = random();
+	} else if (inet_pton(AF_INET6, argv[5], &mreq.ipv6mr_multiaddr) != 1) {
+		return 1;
+	}
+	
+	if (setsockopt(sock, SOL_IPV6, IPV6_JOIN_ANYCAST, &mreq, sizeof(mreq)))
+		return 3;
+	
+	inet_ntop(AF_INET6, &mreq.ipv6mr_multiaddr, buf, sizeof(buf));
+	fputs(buf, stdout);
+	fputc('\n', stdout);
+	fflush(stdout);
+	
+	FILE *nat46 = fopen("/proc/net/nat46/control", "w");
+	if (!nat46 || fprintf(nat46, "add %s\nconfig %s local.style NONE local.v4 %s/32 local.v6 %s/128 "
+			"remote.style RFC6052 remote.v6 %s\n", argv[1], argv[1], argv[4], buf, prefix) < 0 ||
+			fclose(nat46))
+		return 4;
+	
+	if (!(pid = fork())) {
+		fclose(fp);
+		fclose(stdin);
+		fclose(stdout);
+		fclose(stderr);
+		chdir("/");
+		setsid();
+		pause();
+	} else {
+		fprintf(fp, "%d\n", pid);
+	}
+	
+	return 0;
+}

nat46/src/Makefile

@@ -0,0 +1,8 @@
+all: 464xlatcfg
+
+464xlatcfg: 464xlatcfg.c
+	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
+
+clean:
+	rm -f 464xlatcfg
+