Commit 5d1bfc91 authored by Julien Muchembled's avatar Julien Muchembled

Test single-ip certs and simplify Babel rules

parent 4a740337
......@@ -175,7 +175,7 @@ if 1:
% (folder, VERBOSE, registry, args))
re6stnet(registry, 'registry', '--ip ' + REGISTRY, registry='http://localhost/')
re6stnet(machine1, 'm1', '-I%s' % m1_if_0.name)
re6stnet(machine2, 'm2')
re6stnet(machine2, 'm2', prefix_len=80)
re6stnet(machine3, 'm3', '-i%s' % m3_if_0.name)
re6stnet(machine4, 'm4', '-i%s' % m4_if_0.name)
re6stnet(machine5, 'm5', '-i%s' % m5_if_0.name)
......@@ -265,13 +265,15 @@ if len(sys.argv) > 1:
print 'digraph {'
a = 2 * math.pi / len(g)
z = 4
for i, n in enumerate(sorted(g)):
p = g[n]
print '"%s"[pos="%s,%s!"%s];' % (n,
m2 = '%u/80' % (2 << 64)
title = lambda n: '2|80' if n == m2 else n
g = sorted((title(k), v) for k, v in g.iteritems())
for i, (n, p) in enumerate(g):
print '"%s"[pos="%s,%s!"%s];' % (title(n),
z * math.cos(a * i), z * math.sin(a * i),
', style=dashed' if p is None else '')
for p in p or ():
print '"%s" -> "%s";' % (n, p)
print '"%s" -> "%s";' % (n, title(p))
print '}'
"""), stdout=subprocess.PIPE).communicate()[0]
if gv:
......
......@@ -52,21 +52,16 @@ def client(iface, server_address, encrypt, *args, **kw):
return openvpn(iface, encrypt, *remote, **kw)
def router(network, subnet, subnet_size, hello_interval, log_path, state_path,
pidfile, tunnel_interfaces, *args, **kw):
def router(network, subnet, hello_interval, log_path, state_path, pidfile,
tunnel_interfaces, *args, **kw):
s = utils.ipFromBin(subnet)
n = len(subnet)
cmd = ['babeld',
'-C', 'redistribute local ip %s/%s le %s' % (subnet, subnet_size, subnet_size),
'-C', 'redistribute local deny',
'-C', 'redistribute ip %s/%s le %s' % (subnet, subnet_size, subnet_size),
'-C', 'redistribute ip %s/%u eq %u' % (s, n, n),
'-C', 'redistribute deny',
'-C', 'out local ip %s/%s le %s' % (subnet, subnet_size, subnet_size),
'-C', 'out local deny',
'-C', 'in ip %s/%u' % (utils.ipFromBin(network), len(network)),
# Route only addresse in the 'local' network,
# or other entire networks
#'-C', 'in ip %s' % (config.internal_ip),
#'-C', 'in ip ::/0 le %s' % network_mask,
'-C', 'in deny',
#'-C', 'in ip %s/%u' % (utils.ipFromBin(network), len(network)),
#'-C', 'in deny',
'-h', str(hello_interval),
'-H', str(hello_interval),
'-L', log_path,
......
......@@ -108,8 +108,12 @@ def binFromIp(ip):
return bin(ip1)[2:].rjust(64, '0') + bin(ip2)[2:].rjust(64, '0')
def ipFromBin(prefix, suffix=''):
ip = prefix + suffix.rjust(128 - len(prefix), '0')
def ipFromBin(ip, suffix=''):
suffix_len = 128 - len(ip)
if suffix_len > 0:
ip += suffix.rjust(suffix_len, '0')
elif suffix_len:
sys.exit("Prefix exceeds 128 bits")
return socket.inet_ntop(socket.AF_INET6,
struct.pack('>QQ', int(ip[:64], 2), int(ip[64:], 2)))
......
......@@ -179,8 +179,8 @@ def main():
tunnel_manager = write_pipe = None
config.babel_args += config.iface_list
cleanup = [plib.router(network, utils.ipFromBin(subnet), len(subnet),
config.hello, os.path.join(config.log, 'babeld.log'),
cleanup = [plib.router(network, subnet, config.hello,
os.path.join(config.log, 'babeld.log'),
os.path.join(config.state, 'babeld.state'),
config.babel_pidfile, tunnel_interfaces,
*config.babel_args).terminate]
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment