Mhoro. Izvi zvinoreva kuti kune network ye5k vatengi. Munguva ichangopfuura imwe nguva isingafadzi yakauya - pakati pemambure tine Brocade RX8 uye yakatanga kutumira akawanda asingazivikanwe-unicast mapaketi, sezvo network yakakamurwa kuva vlans - ichi hachisi dambudziko, ASI pane yakakosha vlans yemakero machena, nezvimwe. uye dzakatambanudzwa kumativi ose emumbure. Saka zvino fungidzira kuyerera kuri kuuya kukero yemutengi asiri kudzidza semudzidzi wepabhodha uye kuyerera uku kunobhururuka kwakananga kune redhiyo link kune imwe (uye yese) musha - chiteshi chakavharwa - vatengi vakatsamwa - kusuwa ...
Chinangwa ndechekushandura bug kuita chimiro. Ini ndanga ndichifunga munzira yeq-in-q ine yakazara-yakazara mutengi vlan, asi marudzi ese ehardware seP3310, kana dot1q ikagoneswa, inomira kurega DHCP ichipfuura, ivo havaziviwo kusarudza qinq uye akawanda. misungo yakadaro. Chii chinonzi ip-unnambered uye chinoshanda sei? Muchidimbu: kero yegedhi + nzira pane iyo interface. Zvebasa redu, isu tinoda: kucheka shaper, kugovera kero kune vatengi, kuwedzera nzira kune vatengi kuburikidza nemamwe mainterface. Kuita zvese izvi? Shaper - lisg, dhcp - db2dhcp pamaseva maviri akazvimirira, dhcprelay inomhanya pamaseva ekuwana, ucarp inomhanyawo pamaseva ekuwana - kuchengetedza. Asi sei kuwedzera nzira? Iwe unogona kuwedzera zvese pachine nguva neyakakura script - asi ichi hachisi chokwadi. Saka tichaita crutch yekuzvinyora.
Mushure mekunyatsotsvaga paInternet, ndakawana raibhurari yepamusoro-yepamusoro yeC ++, iyo inokutendera kuti unyatso nhuhwidza traffic. Iyo algorithm yechirongwa inowedzera nzira ndeiyi inotevera - isu tinoteerera zvikumbiro zvearp pane iyo interface, kana isu tiine kero pane iyo lo interface pane server inokumbirwa, tobva tawedzera nzira kuburikidza neiyi interface uye towedzera static arp. rekodha kune iyi ip - kazhinji, mashoma makopi-paste, chirevo chidiki uye wapedza
Nzvimbo dze 'router'
#include <stdio.h>
#include <sys/types.h>
#include <ifaddrs.h>
#include <netinet/in.h>
#include <string.h>
#include <arpa/inet.h>
#include <tins/tins.h>
#include <map>
#include <iostream>
#include <functional>
#include <sstream>
using std::cout;
using std::endl;
using std::map;
using std::bind;
using std::string;
using std::stringstream;
using namespace Tins;
class arp_monitor {
public:
void run(Sniffer &sniffer);
void reroute();
void makegws();
string iface;
map <string, string> gws;
private:
bool callback(const PDU &pdu);
map <string, string> route_map;
map <string, string> mac_map;
map <IPv4Address, HWAddress<6>> addresses;
};
void arp_monitor::makegws() {
struct ifaddrs *ifAddrStruct = NULL;
struct ifaddrs *ifa = NULL;
void *tmpAddrPtr = NULL;
gws.clear();
getifaddrs(&ifAddrStruct);
for (ifa = ifAddrStruct; ifa != NULL; ifa = ifa->ifa_next) {
if (!ifa->ifa_addr) {
continue;
}
string ifName = ifa->ifa_name;
if (ifName == "lo") {
char addressBuffer[INET_ADDRSTRLEN];
if (ifa->ifa_addr->sa_family == AF_INET) { // check it is IP4
// is a valid IP4 Address
tmpAddrPtr = &((struct sockaddr_in *) ifa->ifa_addr)->sin_addr;
inet_ntop(AF_INET, tmpAddrPtr, addressBuffer, INET_ADDRSTRLEN);
} else if (ifa->ifa_addr->sa_family == AF_INET6) { // check it is IP6
// is a valid IP6 Address
tmpAddrPtr = &((struct sockaddr_in6 *) ifa->ifa_addr)->sin6_addr;
inet_ntop(AF_INET6, tmpAddrPtr, addressBuffer, INET6_ADDRSTRLEN);
} else {
continue;
}
gws[addressBuffer] = addressBuffer;
cout << "GW " << addressBuffer << " is added" << endl;
}
}
if (ifAddrStruct != NULL) freeifaddrs(ifAddrStruct);
}
void arp_monitor::run(Sniffer &sniffer) {
cout << "RUNNED" << endl;
sniffer.sniff_loop(
bind(
&arp_monitor::callback,
this,
std::placeholders::_1
)
);
}
void arp_monitor::reroute() {
cout << "REROUTING" << endl;
map<string, string>::iterator it;
for ( it = route_map.begin(); it != route_map.end(); it++ ) {
if (this->gws.count(it->second) && !this->gws.count(it->second)) {
string cmd = "ip route replace ";
cmd += it->first;
cmd += " dev " + this->iface;
cmd += " src " + it->second;
cmd += " proto static";
cout << cmd << std::endl;
cout << "REROUTE " << it->first << " SRC " << it->second << endl;
system(cmd.c_str());
cmd = "arp -s ";
cmd += it->first;
cmd += " ";
cmd += mac_map[it->first];
cout << cmd << endl;
system(cmd.c_str());
}
}
for ( it = gws.begin(); it != gws.end(); it++ ) {
string cmd = "arping -U -s ";
cmd += it->first;
cmd += " -I ";
cmd += this->iface;
cmd += " -b -c 1 ";
cmd += it->first;
system(cmd.c_str());
}
cout << "REROUTED" << endl;
}
bool arp_monitor::callback(const PDU &pdu) {
// Retrieve the ARP layer
const ARP &arp = pdu.rfind_pdu<ARP>();
if (arp.opcode() == ARP::REQUEST) {
string target = arp.target_ip_addr().to_string();
string sender = arp.sender_ip_addr().to_string();
this->route_map[sender] = target;
this->mac_map[sender] = arp.sender_hw_addr().to_string();
cout << "save sender " << sender << ":" << this->mac_map[sender] << " want taregt " << target << endl;
if (this->gws.count(target) && !this->gws.count(sender)) {
string cmd = "ip route replace ";
cmd += sender;
cmd += " dev " + this->iface;
cmd += " src " + target;
cmd += " proto static";
// cout << cmd << std::endl;
/* cout << "ARP REQUEST FROM " << arp.sender_ip_addr()
<< " for address " << arp.target_ip_addr()
<< " sender hw address " << arp.sender_hw_addr() << std::endl
<< " run cmd: " << cmd << endl;*/
system(cmd.c_str());
cmd = "arp -s ";
cmd += arp.sender_ip_addr().to_string();
cmd += " ";
cmd += arp.sender_hw_addr().to_string();
cout << cmd << endl;
system(cmd.c_str());
}
}
return true;
}
arp_monitor monitor;
void reroute(int signum) {
monitor.makegws();
monitor.reroute();
}
int main(int argc, char *argv[]) {
string test;
cout << sizeof(string) << endl;
if (argc != 2) {
cout << "Usage: " << *argv << " <interface>" << endl;
return 1;
}
signal(SIGHUP, reroute);
monitor.iface = argv[1];
// Sniffer configuration
SnifferConfiguration config;
config.set_promisc_mode(true);
config.set_filter("arp");
monitor.makegws();
try {
// Sniff on the provided interface in promiscuous mode
Sniffer sniffer(argv[1], config);
// Only capture arp packets
monitor.run(sniffer);
}
catch (std::exception &ex) {
std::cerr << "Error: " << ex.what() << std::endl;
}
}libtins yekuisa script
#!/bin/bash
git clone https://github.com/mfontanini/libtins.git
cd libtins
mkdir build
cd build
cmake ../
make
make install
ldconfig
Raira kugadzira iyo binary
g++ main.cpp -o arp-rt -O3 -std=c++11 -lpthread -ltinsNdoitanga sei?
start-stop-daemon --start --exec /opt/ipoe/arp-routes/arp-rt -b -m -p /opt/ipoe/arp-routes/daemons/eth0.800.pid -- eth0.800
Ehe - ichavakazve matafura zvichienderana neiyo HUP chiratidzo. Sei usina kushandisa netlink? Husimbe chete uye Linux igwaro pane script - saka zvese zvakanaka. Zvakanaka, nzira inzira, chii chinotevera? Tevere, isu tinofanirwa kutumira nzira dziri pane ino sevha kumuganhu - pano, nekuda kweiyo yekare hardware, isu takatora nzira yekusapikisa - takapa basa iri kuBGP.
bgp configzita remugamuchiri *******
pasiwedhi *******
log faira /var/log/bgp.log
!
# AS nhamba, kero uye network ndeyekunyepedzera
router bgp 12345
bgp router-id 1.2.3.4
redistribute yakabatana
redistribute static
muvakidzani 1.2.3.1 kure-se12345
muvakidzani 1.2.3.1 inotevera-hop-iwe pachako
muvakidzani 1.2.3.1 nzira-mepu hapana mukati
muvakidzani 1.2.3.1 nzira-mepu kutumira kunze
!
yekuwana-rondedzero kutumira mvumo 1.2.3.0/24
!
nzira-mepu kutumira mvumo 10
match ip kero kutumira kunze
!
nzira-mepu kutumira kunze kuramba 20
Ngatienderere mberi. Kuti sevha ipindure kune zvikumbiro zvearp, unofanirwa kugonesa arp proxy.
echo 1 > /proc/sys/net/ipv4/conf/eth0.800/proxy_arp
Ngatienderere mberi - ucarp. Isu tinonyora zvinyorwa zvekutanga zvechishamiso ichi isu pachedu.
Muenzaniso wekumhanyisa daemon imwe
start-stop-daemon --start --exec /usr/sbin/ucarp -b -m -p /opt/ipoe/ucarp-gen2/daemons/$iface.$vhid.$virtualaddr.pid -- --interface=eth0.800 --srcip=1.2.3.4 --vhid=1 --pass=carpasword --addr=10.10.10.1 --upscript=/opt/ipoe/ucarp-gen2/up.sh --downscript=/opt/ipoe/ucarp-gen2/down.sh -z -k 10 -P --xparam="10.10.10.0/24"
up.sh
#!/bin/bash
iface=$1
addr=$2
gw=$3
vlan=`echo $1 | sed "s/eth0.//"`
ip ad ad $addr/32 dev lo
ip ro add blackhole $gw
echo 1 > /proc/sys/net/ipv4/conf/$iface/proxy_arp
killall -9 dhcrelay
/etc/init.d/dhcrelay zap
/etc/init.d/dhcrelay start
killall -HUP arp-rt
down.sh
#!/bin/bash
iface=$1
addr=$2
gw=$3
ip ad d $addr/32 dev lo
ip ro de blackhole $gw
echo 0 > /proc/sys/net/ipv4/conf/$iface/proxy_arp
killall -9 dhcrelay
/etc/init.d/dhcrelay zap
/etc/init.d/dhcrelay start
Kuti dhcprelay ishande pane interface, inoda kero. Naizvozvo, pane mainterfaces atinoshandisa isu tichawedzera kuruboshwe kero - semuenzaniso 10.255.255.1/32, 10.255.255.2/32, nezvimwe. Ini handisi kukuudza maitiro ekugadzirisa relay - zvese zviri nyore.
Saka chii chatinacho? Backup yemagedhi, otomatiki-kugadzirisa nzira, dhcp. Iyi ndiyo yakaderera seti - lisg zvakare inoputira zvese zvakaitenderedza uye isu tatova nemuumbi. Nei zvinhu zvese zvakareba uye zvakaoma? Hazvisi nyore here kutora accel-ppd uye kushandisa pppoe zvachose? Aiwa, hazvisi nyore - vanhu havagone kupinza chigamba mu router, tisingatauri pppoe. accel-ppp chinhu chinotonhorera - asi haina kutiitira - pane zvikanganiso zvakawanda mukodhi - inoputsika, inocheka zvisina tsarukano, uye chinosiririsa ndechekuti kana yakapenya - ipapo vanhu vanofanirwa kurodha zvakare. zvese - nhare dzvuku - hazvina kushanda zvachose. Chii chakanakira kushandisa ucarp pane keepalived? Hongu, mune zvese - kune zana magedhi, akachengetwa uye chikanganiso chimwe mukugadzirisa - zvese hazvishande. 100 gedhi harishande neucarp. Nezve chengetedzo, vanoti avo vakasara vachazvinyoresa kero uye voshandisa pagova - kudzora nguva ino, isu tinomisa dhcp-snooping + source-guard + arp inspection pane ese switch / olts / mabhesi. Kana mutengi asina dhpc asi static - acces-list pachiteshi.
Nei zvose izvi zvakaitwa? Kuparadza traffic isingadiwe. Iye zvino shanduko imwe neimwe ine vlan yayo uye isingazivikanwe-unicast haisisiri inotyisa, sezvo inongoda kuenda kune imwe chiteshi uye kwete kune vese ... Zvakanaka, mhedzisiro ndeye yakajairwa michina config, hukuru hukuru mukugovera kero nzvimbo.
Maitiro ekugadzirisa lisg inyaya yakasiyana. Manongedzo kumaraibhurari akabatanidzwa. Zvichida zviri pamusoro zvichabatsira mumwe munhu mukuzadzisa zvinangwa zvavo. Version 6 haisati yaitwa panetiweki yedu - asi pachave nedambudziko - pane zvirongwa zvekunyorazve lisg yevhezheni 6, uye zvichave zvakakodzera kugadzirisa chirongwa chinowedzera nzira.
Source: www.habr.com