xref: /aosp_15_r20/external/ot-br-posix/script/_nat64 (revision 4a64e381480ef79f0532b2421e44e6ee336b8e0d) 
1#!/bin/bash
2#
3#  Copyright (c) 2017, The OpenThread Authors.
4#  All rights reserved.
5#
6#  Redistribution and use in source and binary forms, with or without
7#  modification, are permitted provided that the following conditions are met:
8#  1. Redistributions of source code must retain the above copyright
9#     notice, this list of conditions and the following disclaimer.
10#  2. Redistributions in binary form must reproduce the above copyright
11#     notice, this list of conditions and the following disclaimer in the
12#     documentation and/or other materials provided with the distribution.
13#  3. Neither the name of the copyright holder nor the
14#     names of its contributors may be used to endorse or promote products
15#     derived from this software without specific prior written permission.
16#
17#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
18#  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19#  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20#  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
21#  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22#  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23#  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24#  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25#  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26#  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27#  POSSIBILITY OF SUCH DAMAGE.
28#
29#   Description:
30#       This script manipulates nat64 configuration.
31#
32
33NAT64_SERVICE="${NAT64_SERVICE:-openthread}"
34TAYGA_DEFAULT=/etc/default/tayga
35TAYGA_CONF=/etc/tayga.conf
36TAYGA_IPV4_ADDR=192.168.255.1
37TAYGA_IPV6_ADDR=fdaa:bb:1::1
38TAYGA_TUN_V6_ADDR=fdaa:bb:1::2
39NAT64_PREFIX=64:ff9b::/96
40DYNAMIC_POOL="${NAT64_DYNAMIC_POOL:-192.168.255.0/24}"
41NAT44_SERVICE=/etc/init.d/otbr-nat44
42WLAN_IFNAMES="${INFRA_IF_NAME:-eth0}"
43THREAD_IF="${THREAD_IF:-wpan0}"
44
45# Currently solution was verified only on raspbian and ubuntu.
46#
47#without NAT64 || test $PLATFORM = ubuntu || test $PLATFORM = raspbian || die "nat64 is not tested under $PLATFORM."
48
49tayga_install()
50{
51    test -f $TAYGA_DEFAULT -a -f $TAYGA_CONF || die 'Cannot find tayga configuration file!'
52    sudo sed -i 's/^RUN="no"/RUN="yes"/' $TAYGA_DEFAULT
53    sudo sed -i 's/^IPV4_TUN_ADDR=""/IPV4_TUN_ADDR="'$TAYGA_IPV4_ADDR'"/' $TAYGA_DEFAULT
54    sudo sed -i 's/^IPV6_TUN_ADDR=""/IPV6_TUN_ADDR="'$TAYGA_TUN_V6_ADDR'"/' $TAYGA_DEFAULT
55    sudo sed -i 's/^prefix /##prefix /' $TAYGA_CONF
56    sudo sed -i '/^##prefix /a prefix '$NAT64_PREFIX $TAYGA_CONF
57    sudo sed -i '/^#ipv6-addr/a ipv6-addr '$TAYGA_IPV6_ADDR $TAYGA_CONF
58    sudo sed -i 's/^dynamic-pool /##dynamic-pool /' $TAYGA_CONF
59    sudo sed -i '/^##dynamic-pool /a dynamic-pool '"$DYNAMIC_POOL" $TAYGA_CONF
60
61    if have systemctl; then
62        sudo systemctl restart tayga || die 'Unable to restart taga service!'
63        sudo systemctl enable tayga || die 'Unable to enable taga service!'
64    fi
65}
66
67tayga_uninstall()
68{
69    sudo sed -i 's/^RUN="yes"/RUN="no"/' $TAYGA_DEFAULT
70    sudo sed -i 's/^IPV4_TUN_ADDR="'$TAYGA_IPV4_ADDR'"/IPV4_TUN_ADDR=""/' $TAYGA_DEFAULT
71    sudo sed -i '/^prefix /d' $TAYGA_CONF
72    if grep "##prefix " $TAYGA_CONF; then
73        sudo sed -i 's/^##prefix /prefix /' $TAYGA_CONF
74    else
75        sudo sed -i 's/^# prefix /prefix /' $TAYGA_CONF
76    fi
77    sudo sed -i '/^ipv6-addr '$TAYGA_IPV6_ADDR'/d' $TAYGA_CONF
78    if grep "##dynamic-pool " $TAYGA_CONF; then
79        sudo sed -i '/^dynamic-pool /d' $TAYGA_CONF
80        sudo sed -i 's/^##dynamic-pool /dynamic-pool /' $TAYGA_CONF
81    fi
82}
83
84tayga_start()
85{
86    if with DOCKER; then
87        service tayga start || die 'Failed to start tayga'
88    elif have systemctl; then
89        sudo systemctl start tayga || die 'Failed to start tayga!'
90        sudo systemctl enable tayga || die 'Failed to enable tayga!'
91    fi
92}
93
94tayga_stop()
95{
96    if with DOCKER; then
97        service tayga stop || true
98    elif have systemctl; then
99        sudo systemctl stop tayga || true
100    fi
101}
102
103nat44_install()
104{
105    sudo tee $NAT44_SERVICE <<EOF
106#! /bin/sh
107#
108#  Copyright (c) 2017, The OpenThread Authors.
109#  All rights reserved.
110#
111#  Redistribution and use in source and binary forms, with or without
112#  modification, are permitted provided that the following conditions are met:
113#  1. Redistributions of source code must retain the above copyright
114#     notice, this list of conditions and the following disclaimer.
115#  2. Redistributions in binary form must reproduce the above copyright
116#     notice, this list of conditions and the following disclaimer in the
117#     documentation and/or other materials provided with the distribution.
118#  3. Neither the name of the copyright holder nor the
119#     names of its contributors may be used to endorse or promote products
120#     derived from this software without specific prior written permission.
121#
122#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
123#  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
124#  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
125#  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
126#  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
127#  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
128#  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
129#  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
130#  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
131#  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
132#  POSSIBILITY OF SUCH DAMAGE.
133#
134### BEGIN INIT INFO
135# Provides:          otbr-nat44
136# Required-Start:
137# Required-Stop:
138# Should-Start:
139# Should-Stop:
140# Default-Start:     2 3 4 5
141# Default-Stop:
142# Short-Description: iptables NAT44
143# Description:       NAT44 is require for OpenThread border router
144#                    to connect to arbitrary IPv4 endpoints.
145### END INIT INFO
146
147. /lib/lsb/init-functions
148. /lib/init/vars.sh
149
150case "\$1" in
151    start)
152EOF
153    if [ "$NAT64_SERVICE" = tayga ]; then
154        # Although Tayga itself also configures a NAT44 iptables route, this iptables route is used with Tayga
155        # due to some history reason. It might be removed when native NAT64 service is ready.
156        for IFNAME in $WLAN_IFNAMES; do
157            echo "        iptables -t nat -A POSTROUTING -o $IFNAME -j MASQUERADE" | sudo tee -a $NAT44_SERVICE
158        done
159    else
160        # Just a random fwmark bits.
161        echo "        iptables -t mangle -A PREROUTING -i $THREAD_IF -j MARK --set-mark 0x1001" | sudo tee -a $NAT44_SERVICE
162        echo "        iptables -t nat -A POSTROUTING -m mark --mark 0x1001 -j MASQUERADE" | sudo tee -a $NAT44_SERVICE
163        for IFNAME in $WLAN_IFNAMES; do
164            echo "        iptables -t filter -A FORWARD -o $IFNAME -j ACCEPT" | sudo tee -a $NAT44_SERVICE
165            echo "        iptables -t filter -A FORWARD -i $IFNAME -j ACCEPT" | sudo tee -a $NAT44_SERVICE
166        done
167    fi
168    sudo tee -a $NAT44_SERVICE <<EOF
169        ;;
170    restart|reload|force-reload)
171        echo "Error: argument '\$1' not supported" >&2
172        exit 3
173        ;;
174    stop|status)
175        # No-op
176        ;;
177    *)
178        echo "Usage: \$0 start|stop" >&2
179        exit 3
180        ;;
181esac
182EOF
183    sudo chmod a+x $NAT44_SERVICE
184    if have systemctl; then
185        sudo systemctl enable otbr-nat44 || die 'Unable to enable nat44 service!'
186        sudo systemctl start otbr-nat44 || die 'Failed to start nat44 service!'
187    fi
188}
189
190nat44_uninstall()
191{
192    if have systemctl; then
193        sudo systemctl disable otbr-nat44 || true
194    fi
195
196    # systemctl disable doesn't remove sym-links
197    if have update-rc.d; then
198        sudo update-rc.d otbr-nat44 remove || true
199    fi
200    test ! -f $NAT44_SERVICE || sudo rm $NAT44_SERVICE
201}
202
203nat44_start()
204{
205    if with DOCKER; then
206        service otbr-nat44 start || die 'Failed to start NAT44!'
207    elif have systemctl; then
208        sudo systemctl start otbr-nat44 || die 'Failed to start NAT44!'
209    fi
210}
211
212nat44_stop()
213{
214    if with DOCKER; then
215        service otbr-nat44 stop || true
216    elif have systemctl; then
217        sudo systemctl stop otbr-nat44 || true
218    fi
219}
220
221nat64_install()
222{
223    with NAT64 || return 0
224
225    if [ "$NAT64_SERVICE" = tayga ]; then
226        tayga_install
227    fi
228
229    nat44_install
230}
231
232nat64_uninstall()
233{
234    with NAT64 || return 0
235
236    nat64_stop
237
238    if [ "$NAT64_SERVICE" = tayga ]; then
239        tayga_uninstall
240    fi
241
242    nat44_uninstall
243}
244
245nat64_start()
246{
247    with NAT64 || return 0
248
249    if [ "$NAT64_SERVICE" = tayga ]; then
250        tayga_start
251    fi
252
253    nat44_start
254}
255
256nat64_stop()
257{
258    with NAT64 || return 0
259
260    if [ "$NAT64_SERVICE" = tayga ]; then
261        tayga_stop
262    fi
263
264    nat44_stop
265}
266