Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 164 lines (103 sloc) 4.248 kb
ccfcb1a @msantos Erlang userspace 6in4 tunnel
authored
1 sut, an IPv6 in IPv4 Userlspace Tunnel (RFC 4213)
2
3
4 ## DEPENDENCIES
5
6 * https://github.com/msantos/procket
7
8 * https://github.com/msantos/pkt
9
10 * https://github.com/msantos/tunctl
11
12
13 ## SETUP
14
15 * Sign up for an IPv6 tunnel with Hurricane Electric
16
17 http://tunnelbroker.net/
18
19 * Start the IPv6 tunnel:
20
21 * Serverv4 = HE IPv4 tunnel end
22
23 * Clientv4 = Your local IP address
24
25 * Clientv6 = The IPv6 address assigned by HE to your end of the tunnel
26
6d9a16a @msantos Clean up README, add examples
authored
27 sut:start([
28 {serverv4, "216.66.22.2"},
29 {clientv4, "192.168.1.72"},
30 {clientv6, "2001:3:3:3::2"}
31 ]).
ccfcb1a @msantos Erlang userspace 6in4 tunnel
authored
32
33 * Set up MTU and routing (as root)
34
35 ifconfig sut-ipv6 mtu 1480
36 ip route add ::/0 dev sut-ipv6
37
38 * Test the tunnel!
39
40 ping6 ipv6.google.com
41
42
0b551d8 @msantos Document start options and firewalling
authored
43 ## EXPORTS
44
45 start(Options) -> {ok, Ref}
46 start_link(Options) -> {ok, Ref}
47
48 Types Options = [Option]
49 Option = {ifname, Ifname}
50 | {serverv4, IPv4Address}
51 | {clientv4, IPv4Address}
52 | {clientv6, IPv6Address}
1666044 @msantos Allow the user to arbitrarily change the packet
authored
53 | {filter_out, Fun}
54 | {filter_in, Fun}
0b551d8 @msantos Document start options and firewalling
authored
55 Ifname = string() | binary()
56 IPv4Address = string() | tuple()
57 IPv6Address = string() | tuple()
58 Fun = fun()
59 Ref = pid()
60
6d9a16a @msantos Clean up README, add examples
authored
61 Starts an IPv6 over IPv4 configured tunnel.
0b551d8 @msantos Document start options and firewalling
authored
62
63 The default tun device is named "sut-ipv6". To specify the name,
64 use {ifname, <<"devname">>}. Note the user running the tunnel
6d9a16a @msantos Clean up README, add examples
authored
65 must have sudo permissions to configure this device.
0b551d8 @msantos Document start options and firewalling
authored
66
67 {serverv4, Server4} is the IPv4 address of the peer.
68
69 {clientv4, Client4} is the IPv4 address of the local end. If the
70 client is on a private network (the tunnel will be NAT'ed by
71 the gateway), specify the private IPv4 address here.
72
73 {clientv6, Client6} is the IPv6 address of the local end. This
74 address will usually be assigned by the tunnel broker.
75
6d9a16a @msantos Clean up README, add examples
authored
76 {filter_in, Fun} allows filtering and arbitrary transformation
1666044 @msantos Allow the user to arbitrarily change the packet
authored
77 of IPv6 packets received from the network. All packets undergo
78 the mandatory checks specified by RFC 4213 before being passed
79 to user checks.
0b551d8 @msantos Document start options and firewalling
authored
80
1666044 @msantos Allow the user to arbitrarily change the packet
authored
81 {filter_out, Fun} allows filtering and manipulation of IPv6
82 packets received from the tun device.
0b551d8 @msantos Document start options and firewalling
authored
83
84 Filtering functions take 2 argments: the packet payload (a binary)
85 and the tunnel state:
86
87 -include("sut.hrl").
88
89 -record(sut_state, {
90 serverv4,
91 clientv4,
92 clientv6
93 }.
94
1666044 @msantos Allow the user to arbitrarily change the packet
authored
95 Filtering functions should return ok to allow the packet or {ok,
96 binary()} if the packet has been altered by the function.
97
98 Any other return value causes the packet to be dropped. The
99 default filter for both incoming and outgoing packets is a noop:
0b551d8 @msantos Document start options and firewalling
authored
100
101 fun(_Packet, _State) -> ok end.
102
103
104 destroy(Ref) -> ok
105
106 Types Ref = pid()
107
108 Shutdown the tunnel. On Linux, the tunnel device will be removed.
109
6d9a16a @msantos Clean up README, add examples
authored
110 ## EXAMPLES
111
112 To compile:
113
114 make examples
115
116 ### basic\_firewall
117
118 An example of setting up a stateless packet filter.
119
120 The rules are:
121
122 * icmp: all
123 * udp: none
124 * tcp:
125 * outgoing: 22, 80, 443
126 * incoming: 22
127
128 Start the tunnel with the filter:
129
130 sut:start([
131 {filter_out, fun(Packet, State) -> basic_firewall:out(Packet, State) end},
132 {filter_in, fun(Packet, State) -> basic_firewall:in(Packet, State) end},
133
134 {serverv4, Server4},
135 {clientv4, Client4},
136 {clientv6, Client6}
137 ]).
138
139 ### tunnel\_activity
140
141 Flashes LEDs attached to an Arduino to signal tunnel activity. Requires:
142
143 https://github.com/msantos/srly
144
145 Upload a sketch to the Arduino:
146
147 https://github.com/msantos/srly/blob/master/examples/strobe/strobe.pde
148
149 Then start the tunnel:
150
151 tunnel_activity:start("/dev/ttyUSB0",
152 [{led_in, 3},
153 {led_out, 4},
154
155 {serverv4, Server4},
156 {clientv4, Client4},
157 {clientv6, Client6}]).
0b551d8 @msantos Document start options and firewalling
authored
158
ccfcb1a @msantos Erlang userspace 6in4 tunnel
authored
159 ## TODO
160
161 * Support other checks required by RFC
162
0b551d8 @msantos Document start options and firewalling
authored
163 * Make a firewall ruleset to Erlang compiler
Something went wrong with that request. Please try again.