diff --git a/base_data/frr/local/frr.conf b/base_data/frr/local/frr.conf index 270b55a..c6cba98 100644 --- a/base_data/frr/local/frr.conf +++ b/base_data/frr/local/frr.conf @@ -22,7 +22,7 @@ router bgp 65000 advertise-all-vni exit-address-family ! - neighbor 192.168.14.1 remote-as 65001 + neighbor 192.0.2.254 remote-as 65001 ! address-family ipv4 unicast redistribute static @@ -33,13 +33,12 @@ router bgp 65000 ! ! -ip prefix-list PUBLIC_ONLY seq 10 deny 192.168.15.0/24 -ip prefix-list PUBLIC_ONLY seq 20 deny 10.0.0.0/8 le 32 -ip prefix-list PUBLIC_ONLY seq 30 deny 172.16.0.0/12 le 32 -ip prefix-list PUBLIC_ONLY seq 40 deny 192.168.0.0/16 le 32 -ip prefix-list PUBLIC_ONLY seq 50 deny 127.0.0.0/8 le 32 -ip prefix-list PUBLIC_ONLY seq 60 deny 169.254.0.0/16 le 32 -ip prefix-list PUBLIC_ONLY seq 70 deny 100.64.0.0/10 le 32 +ip prefix-list PUBLIC_ONLY seq 20 deny 10.0.0.0/8 +ip prefix-list PUBLIC_ONLY seq 30 deny 172.16.0.0/12 +ip prefix-list PUBLIC_ONLY seq 40 deny 192.168.0.0/16 +ip prefix-list PUBLIC_ONLY seq 50 deny 127.0.0.0/8 +ip prefix-list PUBLIC_ONLY seq 60 deny 169.254.0.0/16 +ip prefix-list PUBLIC_ONLY seq 70 deny 100.64.0.0/10 ip prefix-list PUBLIC_ONLY seq 80 permit 0.0.0.0/0 le 32 route-map PUBLIC_ONLY permit 10 diff --git a/lib/dhcp.sh b/lib/dhcp.sh new file mode 100644 index 0000000..008fa7d --- /dev/null +++ b/lib/dhcp.sh @@ -0,0 +1,89 @@ +#!/bin/bash + +# Fonction pour convertir une adresse IP en entier +function ip_to_int() { + local ip=$1 + local a b c d + IFS=. read -r a b c d <<< "$ip" + echo "$((a * 256 ** 3 + b * 256 ** 2 + c * 256 + d))" +} + +# Fonction pour convertir un entier en adresse IP +function int_to_ip() { + local int=$1 + echo "$((int >> 24 & 255)).$((int >> 16 & 255)).$((int >> 8 & 255)).$((int & 255))" +} + +# Fonction pour générer une adresse MAC unique (incrémenter tous les octets) +function int_to_mac() { + local base_mac="00:22:33" # Préfixe de base pour la MAC (4 premiers octets) + local incr=$1 # Incrément global pour les derniers octets + local byte1=$(( (incr >> 16) & 0xFF )) # Incrémenter le premier octet des 2 derniers octets + local byte2=$(( (incr >> 8) & 0xFF )) # Incrémenter le second octet + local byte3=$(( incr & 0xFF )) # Incrémenter le troisième octet + + printf "%s:%02X:%02X:%02X\n" "$base_mac" "$byte1" "$byte2" "$byte3" +} + +function generate_dhcp_file { + # CIDR de départ (ex: "10.10.10.0/24") + cidr="${1}" + gateway_cidr=${3} + gateway="$(echo "${gateway_cidr}" | cut -d\/ -f1)" + subnet="$(echo "${cidr}" | cut -d\/ -f1)" + output_file="/etc/dnsmasq.d/${2}.conf" + + # Extraire l'adresse de réseau et le masque + IFS='/' read -r network mask <<< "$cidr" + network_int=$(ip_to_int "$network") + + # Calcul du masque + netmask=$(( 0xFFFFFFFF ^ ((1 << (32 - mask)) - 1) )) + + # Calcul de l'adresse de fin + end_ip=$((network_int + ( ( 0xFFFFFFFF ^ netmask )))) + + # Calcul du nombre d'IP dans la plage + num_ips=$((end_ip - network_int + 1)) + + # Vérifier si le nombre d'adresses est correct + if [ "$num_ips" -le 0 ]; then + echo "Erreur dans le calcul de la plage IP. Le CIDR est probablement mal formé." + exit 1 + fi + + # Si trop d'adresses, éviter de les générer toutes à la fois + if [ "$num_ips" -gt 1000000 ]; then + echo "La plage d'adresses est trop grande pour être générée en une seule fois. Essayez avec un plus petit sous-réseau." + exit 1 + fi + + # Vider le fichier de sortie avant d'écrire + > "$output_file" + + echo "no-resolv" >> "$output_file" + echo "dhcp-range=${subnet},static,255.255.255.0,12h" >> "$output_file" + echo "dhcp-option=3,${gateway}" >> "$output_file" + echo "dhcp-option=6,1.1.1.1,8.8.8.8" >> "$output_file" + + # Variables pour l'incrémentation des MAC et IP + mac_incr=0 + ip_incr=$network_int + + # Générer les réservations + for i in $(seq 0 $((num_ips - 1))) + do + # Calculer l'adresse IP + ip=$(int_to_ip "$ip_incr") + + # Calculer l'adresse MAC valide (incrémenter tous les octets) + mac=$(int_to_mac $mac_incr) + + # Ajouter la ligne dans le fichier de configuration + echo "dhcp-host=$mac,$ip" >> "$output_file" + + # Incrémenter les variables + mac_incr=$((mac_incr + 1)) # Incrémenter l'adresse MAC + ip_incr=$((ip_incr + 1)) # Incrémenter l'adresse IP + done +} \ No newline at end of file diff --git a/lib/prime/vm.sh b/lib/prime/vm.sh index fe5960b..494fdb7 100644 --- a/lib/prime/vm.sh +++ b/lib/prime/vm.sh @@ -75,4 +75,5 @@ function stop_vm { eval set -- "${FLAGS_ARGV}" qemu_stop_vm "${FLAGS_vm_name}" -} + +} \ No newline at end of file diff --git a/lib/subnet.sh b/lib/subnet.sh index 5dab07f..3cf6e7e 100644 --- a/lib/subnet.sh +++ b/lib/subnet.sh @@ -17,8 +17,8 @@ function check_subnet_exist { print_in_color "${COLOR_GREY}" "Check in linux if ${subnet_name} exist" ip link show | grep -E '^[0-9]*:'|sed -e 's/ //g' | cut -d: -f 2 | grep "br-${subnet_id}" > /dev/null || return 1 ip -n "${vpc_name}" link show | grep -E '^[0-9]*:'|sed -e 's/ //g' | cut -d: -f 2 | grep "br-${subnet_id}" > /dev/null || return 1 - ip link show | grep -E '^[0-9]*:'|sed -e 's/ //g' | cut -d: -f 2 | grep "v-${subnet_id}-e" > /dev/null || return 1 - ip -n "${vpc_name}" link show | grep -E '^[0-9]*:'|sed -e 's/ //g' | cut -d: -f 2 | grep "v-${subnet_id}-i" > /dev/null || return 1 + ip link show | grep -E '^[0-9]*:'|sed -e 's/ //g' | cut -d: -f 2 | grep "vs-${subnet_id}-e" > /dev/null || return 1 + ip -n "${vpc_name}" link show | grep -E '^[0-9]*:'|sed -e 's/ //g' | cut -d: -f 2 | grep "vs-${subnet_id}-i" > /dev/null || return 1 ip link show | grep -E '^[0-9]*:'|sed -e 's/ //g' | cut -d: -f 2 | grep "vxlan-${vxlan_id}" > /dev/null || return 1 return 0 @@ -45,7 +45,7 @@ function create_subnet { add_in_db "subnet" "${subnet_name}" "${vpc_name}" "${vxlan_id}" "${local_ip}" "${gateway_ip}" "${subnet}" print_in_color "${COLOR_GREEN}" " - create veth" - ip link add "v-${subnet_id}-e" type veth peer name "v-${subnet_id}-i" netns "${vpc_name}" + ip link add "vs-${subnet_id}-e" type veth peer name "vs-${subnet_id}-int" netns "${vpc_name}" print_in_color "${COLOR_GREEN}" " - add bridges" brctl addbr "br-${subnet_id}" @@ -61,16 +61,16 @@ function create_subnet { nolearning print_in_color "${COLOR_GREEN}" " - add interface in bridge" - brctl addif "br-${subnet_id}" "v-${subnet_id}-e" - ip netns exec "${vpc_name}" brctl addif "br-${subnet_id}" "v-${subnet_id}-i" + brctl addif "br-${subnet_id}" "vs-${subnet_id}-e" + ip netns exec "${vpc_name}" brctl addif "br-${subnet_id}" "vs-${subnet_id}-i" brctl addif "br-${subnet_id}" "vxlan-${vxlan_id}" print_in_color "${COLOR_GREEN}" " - up interface" - ip link set up dev "v-${subnet_id}-e" + ip link set up dev "vs-${subnet_id}-e" ip link set up dev "vxlan-${vxlan_id}" ip link set up dev "br-${subnet_id}" - ip -n "${vpc_name}" link set up dev "v-${subnet_id}-i" + ip -n "${vpc_name}" link set up dev "vs-${subnet_id}-i" ip -n "${vpc_name}" link set up dev "br-${subnet_id}" @@ -82,7 +82,9 @@ function create_subnet { ebtables -A FORWARD --out-interface "br-${subnet_id}" -p arp --arp-op Request --arp-ip-dst "${gateway_ip}" -j DROP ebtables -A FORWARD --out-interface "br-${subnet_id}" -p IPv4 --ip-protocol udp --ip-source-port 67:68 --ip-destination-port 67:68 -j DROP - /opt/two/bin/dhcp -name "${vpc_name}_br-${subnet_id}" -subnet "${subnet}" -gateway "${gateway_ip}" + #generate_dhcp_file "${subnet}" "${vpc_name}_br-${subnet_id}" "${gateway_ip}" + systemctl start "dnsmasq@${vpc_name}_br-${subnet_id}.service" + } return 0 } @@ -107,7 +109,7 @@ function delete_subnet { ebtables -D FORWARD --out-interface "br-${subnet_id}" -p IPv4 --ip-protocol udp --ip-source-port 67:68 --ip-destination-port 67:68 -j DROP ip link del dev "br-${subnet_id}" ip -n "${vpc_name}" link del dev "br-${subnet_id}" - ip link del dev "v-${subnet_id}-e" + ip link del dev "veth-${subnet_id}-ext" print_in_color "${COLOR_GREY}" "Try to delete ${vpc_name}" count_in_db "subnet" "${vpc_name}" diff --git a/local.sh b/local.sh index 2f800c5..88b808e 100644 --- a/local.sh +++ b/local.sh @@ -13,28 +13,25 @@ sysctl -w net.ipv4.ip_forward=1 ip netns exec vpc-000000 sysctl -w net.ipv4.ip_forward=1 ip link add name "br-000000" type bridge -ip link set dev "br-000000" type bridge stp_state 0 -ip link set up dev "br-000000" -ip link add name "br-public" type bridge -ip link set up dev "br-public" -ip link set "eno1" master "br-000000" -ip a add 192.168.14.101/24 dev "br-000000" -ip route replace default via 192.168.14.1 dev "br-000000" -ip a del 192.168.14.101/24 dev eno1 -pkill dhclient - ip -n "vpc-000000" link add name "br-000000" type bridge +ip link set dev "br-000000" type bridge stp_state 0 ip -n "vpc-000000" link set dev "br-000000" type bridge stp_state 0 ip link set up dev "veth-000000-ext" +ip link set up dev "br-000000" ip -n "vpc-000000" link set up dev "veth-000000-int" ip -n "vpc-000000" link set up dev "br-000000" +ip link set "eno1" master "br-000000" ip link set "veth-000000-ext" master "br-000000" ip -n "vpc-000000" link set "veth-000000-int" master "br-000000" +ip a add 192.168.14.101/24 dev "br-000000" +ip route replace default via 192.168.14.1 dev "br-000000" +ip a del 192.168.14.101/24 dev eno1 +pkill dhclient ebtables -A FORWARD --out-interface "br-000000" -p IPv4 --ip-protocol udp --ip-source-port 67:68 --ip-destination-port 67:68 -j DROP @@ -85,4 +82,4 @@ ip netns exec "vpc-000000" qemu-system-x86_64 \ -drive "file=/disk/vm-3.qcow2,if=virtio" \ -netdev "tap,id=net0,ifname=tap0,script=no,downscript=no" \ -device "virtio-net-pci,netdev=net0,mac=00:22:33:00:00:01" \ - -daemonize + -daemonize \ No newline at end of file