Commit 484aef7a authored by Joanne Hugé's avatar Joanne Hugé

Remove --default option

parent f4506017
......@@ -4,6 +4,5 @@ state m10/
ca ca2.crt
cert m10/cert.crt
key m10/cert.key
default
client-count 2
max-clients 2
......@@ -5,4 +5,3 @@ pp 1194 tcp
ca ca.crt
cert m2/cert.crt
key m2/cert.key
default
......@@ -5,4 +5,3 @@ pp 1194 tcp
ca ca.crt
cert m4/cert.crt
key m4/cert.key
default
......@@ -4,6 +4,5 @@ state m5/
ca ca.crt
cert m5/cert.crt
key m5/cert.key
default
client-count 0
max-clients 0
......@@ -30,8 +30,6 @@ Use ``re6stnet --help`` to get the complete list of options.
If you already have IPv6 connectivity by autoconfiguration and still want to
use it for communications that are unrelated to this network, then:
- your kernel must support source address based routing (because you can't
use ``--default`` option).
- you must set ``net.ipv6.conf.<iface>.accept_ra`` sysctl to value 2 and
trigger SLAAC with ``rdisc6 <iface>`` to restore the default route if the
kernel removed while enabling forwarding.
......@@ -85,20 +83,22 @@ If the `/etc/re6stnet/re6stnet.conf` configuration file exists, `re6stnet` is
automatically started as a system daemon, by ``systemd``\ (1). Debian package
also provides SysV init scripts.
Important note about ``--default`` option
Important note about re6st's default route
-----------------------------------------
When re6st is configured to route all your IPv6 traffic (``--default``),
any other interface providing IPv6 must have no default route. Otherwise,
re6st either refuses to start or aborts if it detect a default route.
Re6st installs a default route with a source-based routing filter, your kernel
must therefore support source address based routing. This route allows your node
to redirect traffic to non-re6st destinations while preventing any conflict with
already installed default routes (in case you have native IPv6 connectivity). If
you don't have any other IPv6 default route the route will still be used to
route all your IPv6 traffic.
Correct usage of NetworkManager
-------------------------------
It is required to configure properly every connection defined in NetworkManager
because default settings are wrong and conflict with re6st. If ``--default`` is
used, then disable IPv6, else enable the following options in the [ipv6]
section::
because default settings are wrong and conflict with re6st. Please enable the
following options in the [ipv6] section::
ignore-auto-routes=true
never-default=true
......
......@@ -74,13 +74,10 @@ def getConfig():
_ = parser.add_argument_group('routing').add_argument
_('-B', dest='babel_args', metavar='ARG', action='append', default=[],
help="Extra arguments to forward to Babel.")
_('-D', '--default', action='store_true',
help="Access internet via this network (in this case, make sure you"
" don't already have a default route), or if your kernel was"
" compiled without support for source address based routing"
" (CONFIG_IPV6_SUBTREES). Meaningless with --gateway.")
_('--table', type=int, choices=(0,),
help="DEPRECATED: Use --default instead of --table=0")
help="DEPRECATED")
_('--default', action='store_true',
help="DEPRECATED")
_('--gateway', action='store_true',
help="Act as a gateway for this network (the default route will be"
" exported). Do never use it if you don't know what it means.")
......@@ -160,19 +157,14 @@ def main():
config.max_clients = cache.max_clients
if config.table is not None:
logging.warning("--table option is deprecated: use --default instead")
config.default = True
if config.default and config.gateway:
sys.exit("error: conflicting options --default and --gateway")
logging.warning("--table option is deprecated")
if config.default:
logging.warning("--default option is deprecated")
if config.disable_proto is None:
config.disable_proto = DEFAULT_DISABLED_PROTO
elif 'none' in config.disable_proto:
config.disable_proto = ()
if config.default:
# Make sure we won't tunnel over re6st.
config.disable_proto = tuple({'tcp6', 'udp6'}.union(
config.disable_proto))
def add_tunnels(iface_list):
for iface in iface_list:
config.babel_args += '-C', 'interface %s type tunnel' % iface
......@@ -382,47 +374,19 @@ def main():
subprocess.call(if_rt)
if_rt[4] = my_subnet
cleanup.append(lambda: subprocess.call(if_rt))
if config.default:
def check_no_default_route():
for route in call(('ip', '-6', 'route', 'show',
'default')).splitlines():
if not (' proto babel ' in route
or ' proto 42 ' in route):
sys.exit("Detected default route (%s)"
" whereas you specified --default."
" Fix your configuration." % route)
check_no_default_route()
def check_no_default_route_thread():
try:
while True:
time.sleep(60)
try:
check_no_default_route()
except OSError, e:
if e.errno != errno.ENOMEM:
raise
except:
utils.log_exception()
finally:
exit.kill_main(1)
t = threading.Thread(target=check_no_default_route_thread)
t.daemon = True
t.start()
else:
x = ['ip', '-6', 'route', 'add',
'unreachable', '::/128', 'from', '::/128']
if subprocess.call(x):
sys.exit('error: Source address based routing is not'
' enabled in your kernel (CONFIG_IPV6_SUBTREES).'
' Try with the --default option.')
' enabled in your kernel (CONFIG_IPV6_SUBTREES).')
x[3] = 'del'
subprocess.check_call(x)
ip('route', 'unreachable', my_network)
config.babel_args += config.iface_list
cleanup.append(plib.router((my_ip, len(subnet)), ipv4,
my_network if config.gateway or config.default else None,
config.gateway, cache.hello,
my_network if config.gateway else None,
cache.hello,
os.path.join(config.log, 'babeld.log'),
os.path.join(config.state, 'babeld.state'),
os.path.join(config.run, 'babeld.pid'),
......
......@@ -62,7 +62,7 @@ def client(iface, address_list, encrypt, *args, **kw):
return openvpn(iface, encrypt, *remote, **kw)
def router(ip, ip4, src, gateway, hello_interval, log_path, state_path, pidfile,
def router(ip, ip4, src, hello_interval, log_path, state_path, pidfile,
control_socket, default, hmac, *args, **kw):
ip, n = ip
hmac_sign, hmac_accept = hmac
......@@ -98,10 +98,7 @@ def router(ip, ip4, src, gateway, hello_interval, log_path, state_path, pidfile,
if ip4:
cmd += '-C', 'redistribute ip %s/%s eq %s' % (ip4, n4, n4)
if src:
if gateway:
cmd += '-C', 'redistribute ip ::/0 eq 0 src-prefix ' + src
else:
cmd += '-C', 'install ip ::/0 eq 0 src-prefix ' + src + ' pref-src ' + ip
cmd += ('-C', 'redistribute deny',
'-C', 'install ip ::/0 ge 1 pref-src ' + ip)
if ip4:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment