diff --git a/base_data/frr/local/frr.conf b/base_data/frr/local/frr.conf index c6cba98..270b55a 100644 --- a/base_data/frr/local/frr.conf +++ b/base_data/frr/local/frr.conf @@ -22,7 +22,7 @@ router bgp 65000 advertise-all-vni exit-address-family ! - neighbor 192.0.2.254 remote-as 65001 + neighbor 192.168.14.1 remote-as 65001 ! address-family ipv4 unicast redistribute static @@ -33,12 +33,13 @@ router bgp 65000 ! ! -ip prefix-list PUBLIC_ONLY seq 20 deny 10.0.0.0/8 -ip prefix-list PUBLIC_ONLY seq 30 deny 172.16.0.0/12 -ip prefix-list PUBLIC_ONLY seq 40 deny 192.168.0.0/16 -ip prefix-list PUBLIC_ONLY seq 50 deny 127.0.0.0/8 -ip prefix-list PUBLIC_ONLY seq 60 deny 169.254.0.0/16 -ip prefix-list PUBLIC_ONLY seq 70 deny 100.64.0.0/10 +ip prefix-list PUBLIC_ONLY seq 10 deny 192.168.15.0/24 +ip prefix-list PUBLIC_ONLY seq 20 deny 10.0.0.0/8 le 32 +ip prefix-list PUBLIC_ONLY seq 30 deny 172.16.0.0/12 le 32 +ip prefix-list PUBLIC_ONLY seq 40 deny 192.168.0.0/16 le 32 +ip prefix-list PUBLIC_ONLY seq 50 deny 127.0.0.0/8 le 32 +ip prefix-list PUBLIC_ONLY seq 60 deny 169.254.0.0/16 le 32 +ip prefix-list PUBLIC_ONLY seq 70 deny 100.64.0.0/10 le 32 ip prefix-list PUBLIC_ONLY seq 80 permit 0.0.0.0/0 le 32 route-map PUBLIC_ONLY permit 10 diff --git a/lib/dhcp.sh b/lib/dhcp.sh deleted file mode 100644 index 008fa7d..0000000 --- a/lib/dhcp.sh +++ /dev/null @@ -1,89 +0,0 @@ -#!/bin/bash - -# Fonction pour convertir une adresse IP en entier -function ip_to_int() { - local ip=$1 - local a b c d - IFS=. read -r a b c d <<< "$ip" - echo "$((a * 256 ** 3 + b * 256 ** 2 + c * 256 + d))" -} - -# Fonction pour convertir un entier en adresse IP -function int_to_ip() { - local int=$1 - echo "$((int >> 24 & 255)).$((int >> 16 & 255)).$((int >> 8 & 255)).$((int & 255))" -} - -# Fonction pour générer une adresse MAC unique (incrémenter tous les octets) -function int_to_mac() { - local base_mac="00:22:33" # Préfixe de base pour la MAC (4 premiers octets) - local incr=$1 # Incrément global pour les derniers octets - local byte1=$(( (incr >> 16) & 0xFF )) # Incrémenter le premier octet des 2 derniers octets - local byte2=$(( (incr >> 8) & 0xFF )) # Incrémenter le second octet - local byte3=$(( incr & 0xFF )) # Incrémenter le troisième octet - - printf "%s:%02X:%02X:%02X\n" "$base_mac" "$byte1" "$byte2" "$byte3" -} - -function generate_dhcp_file { - # CIDR de départ (ex: "10.10.10.0/24") - cidr="${1}" - gateway_cidr=${3} - gateway="$(echo "${gateway_cidr}" | cut -d\/ -f1)" - subnet="$(echo "${cidr}" | cut -d\/ -f1)" - output_file="/etc/dnsmasq.d/${2}.conf" - - # Extraire l'adresse de réseau et le masque - IFS='/' read -r network mask <<< "$cidr" - network_int=$(ip_to_int "$network") - - # Calcul du masque - netmask=$(( 0xFFFFFFFF ^ ((1 << (32 - mask)) - 1) )) - - # Calcul de l'adresse de fin - end_ip=$((network_int + ( ( 0xFFFFFFFF ^ netmask )))) - - # Calcul du nombre d'IP dans la plage - num_ips=$((end_ip - network_int + 1)) - - # Vérifier si le nombre d'adresses est correct - if [ "$num_ips" -le 0 ]; then - echo "Erreur dans le calcul de la plage IP. Le CIDR est probablement mal formé." - exit 1 - fi - - # Si trop d'adresses, éviter de les générer toutes à la fois - if [ "$num_ips" -gt 1000000 ]; then - echo "La plage d'adresses est trop grande pour être générée en une seule fois. Essayez avec un plus petit sous-réseau." - exit 1 - fi - - # Vider le fichier de sortie avant d'écrire - > "$output_file" - - echo "no-resolv" >> "$output_file" - echo "dhcp-range=${subnet},static,255.255.255.0,12h" >> "$output_file" - echo "dhcp-option=3,${gateway}" >> "$output_file" - echo "dhcp-option=6,1.1.1.1,8.8.8.8" >> "$output_file" - - # Variables pour l'incrémentation des MAC et IP - mac_incr=0 - ip_incr=$network_int - - # Générer les réservations - for i in $(seq 0 $((num_ips - 1))) - do - # Calculer l'adresse IP - ip=$(int_to_ip "$ip_incr") - - # Calculer l'adresse MAC valide (incrémenter tous les octets) - mac=$(int_to_mac $mac_incr) - - # Ajouter la ligne dans le fichier de configuration - echo "dhcp-host=$mac,$ip" >> "$output_file" - - # Incrémenter les variables - mac_incr=$((mac_incr + 1)) # Incrémenter l'adresse MAC - ip_incr=$((ip_incr + 1)) # Incrémenter l'adresse IP - done -} \ No newline at end of file diff --git a/lib/prime/vm.sh b/lib/prime/vm.sh index 494fdb7..fe5960b 100644 --- a/lib/prime/vm.sh +++ b/lib/prime/vm.sh @@ -75,5 +75,4 @@ function stop_vm { eval set -- "${FLAGS_ARGV}" qemu_stop_vm "${FLAGS_vm_name}" - -} \ No newline at end of file +} diff --git a/lib/subnet.sh b/lib/subnet.sh index 3cf6e7e..5dab07f 100644 --- a/lib/subnet.sh +++ b/lib/subnet.sh @@ -17,8 +17,8 @@ function check_subnet_exist { print_in_color "${COLOR_GREY}" "Check in linux if ${subnet_name} exist" ip link show | grep -E '^[0-9]*:'|sed -e 's/ //g' | cut -d: -f 2 | grep "br-${subnet_id}" > /dev/null || return 1 ip -n "${vpc_name}" link show | grep -E '^[0-9]*:'|sed -e 's/ //g' | cut -d: -f 2 | grep "br-${subnet_id}" > /dev/null || return 1 - ip link show | grep -E '^[0-9]*:'|sed -e 's/ //g' | cut -d: -f 2 | grep "vs-${subnet_id}-e" > /dev/null || return 1 - ip -n "${vpc_name}" link show | grep -E '^[0-9]*:'|sed -e 's/ //g' | cut -d: -f 2 | grep "vs-${subnet_id}-i" > /dev/null || return 1 + ip link show | grep -E '^[0-9]*:'|sed -e 's/ //g' | cut -d: -f 2 | grep "v-${subnet_id}-e" > /dev/null || return 1 + ip -n "${vpc_name}" link show | grep -E '^[0-9]*:'|sed -e 's/ //g' | cut -d: -f 2 | grep "v-${subnet_id}-i" > /dev/null || return 1 ip link show | grep -E '^[0-9]*:'|sed -e 's/ //g' | cut -d: -f 2 | grep "vxlan-${vxlan_id}" > /dev/null || return 1 return 0 @@ -45,7 +45,7 @@ function create_subnet { add_in_db "subnet" "${subnet_name}" "${vpc_name}" "${vxlan_id}" "${local_ip}" "${gateway_ip}" "${subnet}" print_in_color "${COLOR_GREEN}" " - create veth" - ip link add "vs-${subnet_id}-e" type veth peer name "vs-${subnet_id}-int" netns "${vpc_name}" + ip link add "v-${subnet_id}-e" type veth peer name "v-${subnet_id}-i" netns "${vpc_name}" print_in_color "${COLOR_GREEN}" " - add bridges" brctl addbr "br-${subnet_id}" @@ -61,16 +61,16 @@ function create_subnet { nolearning print_in_color "${COLOR_GREEN}" " - add interface in bridge" - brctl addif "br-${subnet_id}" "vs-${subnet_id}-e" - ip netns exec "${vpc_name}" brctl addif "br-${subnet_id}" "vs-${subnet_id}-i" + brctl addif "br-${subnet_id}" "v-${subnet_id}-e" + ip netns exec "${vpc_name}" brctl addif "br-${subnet_id}" "v-${subnet_id}-i" brctl addif "br-${subnet_id}" "vxlan-${vxlan_id}" print_in_color "${COLOR_GREEN}" " - up interface" - ip link set up dev "vs-${subnet_id}-e" + ip link set up dev "v-${subnet_id}-e" ip link set up dev "vxlan-${vxlan_id}" ip link set up dev "br-${subnet_id}" - ip -n "${vpc_name}" link set up dev "vs-${subnet_id}-i" + ip -n "${vpc_name}" link set up dev "v-${subnet_id}-i" ip -n "${vpc_name}" link set up dev "br-${subnet_id}" @@ -82,9 +82,7 @@ function create_subnet { ebtables -A FORWARD --out-interface "br-${subnet_id}" -p arp --arp-op Request --arp-ip-dst "${gateway_ip}" -j DROP ebtables -A FORWARD --out-interface "br-${subnet_id}" -p IPv4 --ip-protocol udp --ip-source-port 67:68 --ip-destination-port 67:68 -j DROP - #generate_dhcp_file "${subnet}" "${vpc_name}_br-${subnet_id}" "${gateway_ip}" - systemctl start "dnsmasq@${vpc_name}_br-${subnet_id}.service" - + /opt/two/bin/dhcp -name "${vpc_name}_br-${subnet_id}" -subnet "${subnet}" -gateway "${gateway_ip}" } return 0 } @@ -109,7 +107,7 @@ function delete_subnet { ebtables -D FORWARD --out-interface "br-${subnet_id}" -p IPv4 --ip-protocol udp --ip-source-port 67:68 --ip-destination-port 67:68 -j DROP ip link del dev "br-${subnet_id}" ip -n "${vpc_name}" link del dev "br-${subnet_id}" - ip link del dev "veth-${subnet_id}-ext" + ip link del dev "v-${subnet_id}-e" print_in_color "${COLOR_GREY}" "Try to delete ${vpc_name}" count_in_db "subnet" "${vpc_name}" diff --git a/local.sh b/local.sh index 88b808e..2f800c5 100644 --- a/local.sh +++ b/local.sh @@ -13,25 +13,28 @@ sysctl -w net.ipv4.ip_forward=1 ip netns exec vpc-000000 sysctl -w net.ipv4.ip_forward=1 ip link add name "br-000000" type bridge -ip -n "vpc-000000" link add name "br-000000" type bridge ip link set dev "br-000000" type bridge stp_state 0 +ip link set up dev "br-000000" +ip link add name "br-public" type bridge +ip link set up dev "br-public" +ip link set "eno1" master "br-000000" +ip a add 192.168.14.101/24 dev "br-000000" +ip route replace default via 192.168.14.1 dev "br-000000" +ip a del 192.168.14.101/24 dev eno1 +pkill dhclient + +ip -n "vpc-000000" link add name "br-000000" type bridge ip -n "vpc-000000" link set dev "br-000000" type bridge stp_state 0 ip link set up dev "veth-000000-ext" -ip link set up dev "br-000000" ip -n "vpc-000000" link set up dev "veth-000000-int" ip -n "vpc-000000" link set up dev "br-000000" -ip link set "eno1" master "br-000000" ip link set "veth-000000-ext" master "br-000000" ip -n "vpc-000000" link set "veth-000000-int" master "br-000000" -ip a add 192.168.14.101/24 dev "br-000000" -ip route replace default via 192.168.14.1 dev "br-000000" -ip a del 192.168.14.101/24 dev eno1 -pkill dhclient ebtables -A FORWARD --out-interface "br-000000" -p IPv4 --ip-protocol udp --ip-source-port 67:68 --ip-destination-port 67:68 -j DROP @@ -82,4 +85,4 @@ ip netns exec "vpc-000000" qemu-system-x86_64 \ -drive "file=/disk/vm-3.qcow2,if=virtio" \ -netdev "tap,id=net0,ifname=tap0,script=no,downscript=no" \ -device "virtio-net-pci,netdev=net0,mac=00:22:33:00:00:01" \ - -daemonize \ No newline at end of file + -daemonize