NET Pokročílé routování

b70c3739 · Jiří Kalvoda · 94bc1ab3 · b70c3739 · b70c3739 · b70c3739
Commit b70c3739 authored 1 year ago by Jiří Kalvoda
--- a/network/blatto-daemon.py
+++ b/network/blatto-daemon.py
@@ -79,20 +79,6 @@ while True:
                w = iwc[i["ifname"]]
                out["essid"] = w["essid"]
            interfaces[i["ifname"]] = out
-    if blatto_wg:
-        try:
-            autorouting = open("/run/wg-blatto/autorouting").read().strip()
-            current_routing = open("/run/wg-blatto/routing").read().strip()
-            wanted_routing = "no" if blatto else autorouting
-            p(f"blatto-wg routing: {current_routing} -> {wanted_routing}")
-            if wanted_routing != current_routing:
-                subprocess.run(["/etc/net/wg-blatto-route", wanted_routing])
-
-            current_routing = open("/run/wg-blatto/routing").read().strip()
-            blatto_wg["routing"] = current_routing
-
-        except FileNotFoundError as e:
-            p(f"blatto-wg routing: {e}")
    send({"blatto-wg": blatto_wg, "blatto": blatto, "interfaces": interfaces}, "2a01:510:d504:751a::1" if blatto else "2a01:510:d504:751b::1")
    p("DONE")
    signal.sigtimedwait([signal.SIGHUP], 10)
--- a/network/dhcpcd.enter-hook-defaults
+++ b/network/dhcpcd.enter-hook-defaults
@@ -8,7 +8,19 @@ fi
 if [ "$ifssid" == blatto-jk-5g ] || [ "$ifssid" == blatto-jk-2g ]
 then
 	conntrack_hack
-	route6 default via 2a01:510:d504:751a::1 dev w metric 3004
+
+	route 10.12.11.0/24 dev $interface metric 300 table 12
+	route default via 10.12.11.1 dev $interface metric 300 table 12
+	route6 2a01:510:d504:751a::0/64 dev $interface metric 300 table 12
+	route6 default via 2a01:510:d504:751a::1 dev $interface metric 300 table 12
+
+	for i in 2 3 4
+	do
+		route default via 10.12.11.$i metric 300 table 12$i
+		route 10.12.11.0/24 dev $interface metric 300 table 12$i
+	done
+
+	route6 default via 2a01:510:d504:751a::1 dev $interface metric 3004
 fi

 if [ "$ifssid" == samet-5G  ]
@@ -21,7 +33,7 @@ then
 	mtu 1340
 	if [ "$reason" == BOUND ]
 	then
-		CDWIFI_IFACE=$interface cdwifi-autologin
+		CDWIFI_IFACE=$interface CDWIFI_CURL="direct curl" cdwifi-autologin
 	fi
 fi
 if [ "$ifssid" == Onboard-WiFi ]

--- a/network/hopik/scripts/con-sm
+++ b/network/hopik/scripts/con-sm
@@ -12,6 +12,19 @@ ip route add 10.12.0.0/16 via 10.12.11.1 dev $interface metric 1000
 ip route add 2a01:510:d504:7500::0/56 via 2a01:510:d504:751a::1 dev wg-blatto metric 1000
 ip route add default via 10.12.11.1 dev $interface metric 1000
 ip route add default via 2a01:510:d504:751a::1 dev $interface metric 1000
+
+ip route add 10.12.11.0/24 dev $interface metric 100 table 12
+ip route add default via 10.12.11.1 dev $interface metric 100 table 12
+ip -6 route add 2a01:510:d504:751a::0/64 dev $interface metric 100 table 12
+ip -6 route add default via 2a01:510:d504:751a::1 dev $interface metric 100 table 12
+
+for i in 2 3 4
+do
+	ip route add route default via 10.12.11.$i metric 100 table 12$i
+	ip route add route 10.12.11.0/24 dev $interface metric 100 table 12$i
+done
+
+
 (echo domain jk.blatto.eu;  echo nameserver 10.12.11.1 ) | resolvconf -a $interface

 systemctl reload net-blatto-daemon
--- a/network/wg-blatto
+++ b/network/wg-blatto
@@ -3,7 +3,9 @@ set -euo xtrace -o pipefail

 vlan_name=$1
 id=$2
-default_routing=${3:-blatto}
+adopt=false
+
+[ "${3:-no}" == adopt ] && adopt=true

 eval "$(ssh root@blatto.eu wg-get-metadata $vlan_name)"

@@ -22,14 +24,15 @@ cat psk | ssh root@blatto.eu "wg-register $vlan_name $id $(hostname) $(cat $id.p

 mkdir -p /etc/net

-cat <<AMEN > /etc/net/wg-blatto
+(
+cat <<AMEN
 #!/bin/sh
 set -o xtrace

+do_route_flush=\${1:-false}
+
 ip link del wg-blatto || true
 rm /run/wg-blatto/ || true
-ip route flush table 12
-ip -6 route flush table 12

 ip link add dev wg-blatto type wireguard
 ip addr add $v4net.$id/24 dev wg-blatto metric 100
@@ -39,85 +42,62 @@ wg set wg-blatto peer \$(cat /etc/wireguard/blatto/blattes.pub) preshared-key /e
 ip link set mtu 1432 dev wg-blatto
 ip link set wg-blatto up

-ip route add throw 10.0.0.0/8 table 12
-ip route add throw 192.168.0.0/16 table 12
-ip route add throw 172.16.0.0/12 table 12
-ip route add $v4net.0/24 dev wg-blatto table 12
-ip rule add not to $blattes_ipv4 ipproto udp dport $port table 12
-ip -6 route add throw fe80::/10 table 12
-ip -6 route add throw fc00::/7 table 12
-ip -6 route add $v6net::/64 dev wg-blatto table 12
-ip -6 rule add table 12
-
-mkdir /run/wg-blatto/
-if [ ${default_routing::5} = auto: ]
-then
-	echo ${default_routing:5} > /run/wg-blatto/autorouting
-	/etc/net/wg-blatto-route no
-else
-	/etc/net/wg-blatto-route $default_routing
-fi
 AMEN

-cat <<AMEN > /etc/net/wg-blatto-route
-#!/bin/sh
-set -o xtrace
+for ups in $upstreams
+do
+	ups_id=upstream_${ups}_id
+	ups_id=${!ups_id}
+	echo ip link del wg-blatto2$ups || true
+	echo ip link add wg-blatto2$ups type sit remote $ipv4_prefix.$vlid.$ups_id local any mode any
+	echo ip link set wg-blatto2$ups up
+	echo
+done
+
+cat <<AMEN
+
+for ipv in 4 6
+do
+	for tind in 12 12{2,3,4} 612 612{2,3,4}
+	do
+		\$do_route_flush && ip -\$ipv route flush table \$tind
+		ip -\$ipv rule add fwmark \$tind table \$tind priority \$tind
+	done
+	ip -\$ipv rule add fwmark 6 table 612 priority 32666
+done
+
+ip route add default via $v4net.1 dev wg-blatto table 12 metric 1100
+ip route add default via $v6net::1 dev wg-blatto table 12 metric 1100
+
+ip route add default dev wg-blatto2mn  table 122 metric 1100 src $v4net.$id
+ip route add default dev wg-blatto2awn table 123 metric 1100 src $v4net.$id
+ip route add default dev wg-blatto2mul table 124 metric 1100 src $v4net.$id

-blatto=del
-default=del
-adopt_blatto=del
-adopt_default=del
-adopt=del
+mkdir /run/wg-blatto/

-if [ \$1 = no ]
-then
-	true
-elif [ \$1 = blatto ]
-then
-	blatto=add
-elif [ \$1 = all ]
-then
-	blatto=add
-	default=add
-elif [ \$1 = adopt_blatto ]
-then
-	blatto=add
-	adopt_blatto=add
-	adopt=add
-elif [ \$1 = adopt_all ]
-then
-	blatto=add
-	default=add
-	adopt_blatto=add
-	adopt_default=add
-	adopt=add
-else
-	echo usage: \$0 no/blatto/all/adopt_blatto/adopt_all
-	exit 1
-fi
+echo $adopt > /run/wg-blatto/adopt

+systemctl reload net-blatto-daemon
+AMEN
+if $adopt
+then
+cat <<AMEN
+ip addr add $adopt_v4net.$id/32 dev wg-blatto metric 1000
+ip addr add $adopt_v6net::$id/128 dev wg-blatto metric 1000

-ip route \$blatto $ipv4_prefix.0.0/16 via $v4net.1 dev wg-blatto table 12 metric 100
-ip route \$blatto ${ipv6_prefix}00::0/56 via $v6net::1 dev wg-blatto table 12 metric 100
-ip route \$default default via $v4net.1 dev wg-blatto table 12 metric 100
-ip route \$default default via $v6net::1 dev wg-blatto table 12 metric 100
+ip route add default dev wg-blatto table 12 metric 1000 src $adopt_v4net.$id
+ip route add default dev wg-blatto table 12 metric 1000 src $adopt_v6net::$id

-ip addr \$adopt $adopt_v4net.$id/32 dev wg-blatto metric 1
-ip addr \$adopt $adopt_v6net::$id/128 dev wg-blatto metric 1
-ip route \$adopt_blatto $ipv4_prefix.0.0/16 dev wg-blatto table 12 metric 1 src $adopt_v4net.$id
-ip route \$adopt_blatto ${ipv6_prefix}00::0/56 dev wg-blatto table 12 metric 1 src $adopt_v6net::$id
-ip route \$adopt_default default dev wg-blatto table 12 metric 1 src $adopt_v4net.$id
-ip route \$adopt_default default dev wg-blatto table 12 metric 1 src $adopt_v6net::$id
+ip route add default dev wg-blatto2mn table 122 metric 1000 src $adopt_v4net.$id
+ip route add default dev wg-blatto2awn table 123 metric 1000 src $adopt_v4net.$id
+ip route add default dev wg-blatto2mul table 124 metric 1000 src $adopt_v4net.$id

-if [ \$adopt = add ]
-then
-	ip addr del $v4net.$id/24 dev wg-blatto metric 100
-	ip addr add $v4net.$id/24 dev wg-blatto metric 100
+ip addr del $v4net.$id/24 dev wg-blatto metric 1100
+ip addr add $v4net.$id/24 dev wg-blatto metric 1100
+AMEN
 fi
+) > /etc/net/wg-blatto

-echo \$1 > /run/wg-blatto/routing
-
-systemctl reload net-blatto-daemon
-AMEN
+rm /etc/net/wg-blatto-route || true

-chmod +x /etc/net/wg-blatto{,-route}
+chmod +x /etc/net/wg-blatto