スキップしてメイン コンテンツに移動

MAP-E: DHCPv6-PDにて取得したPREFIXからbashスクリプトにて各種パラメータを自動計算

前回前々回は、すでに計算済みのmap-eルールをDebian ルータの起動時に読み込ませていましたが、javascriptで書かれた計算ページのjavascriptソースをbashスクリプトに書き換え、各種パラメータを自動計算できるようにしてみました。環境は通信が、OCNバーチャルコネクトで、OSはDebianです。(v6Plusでも自動計算できる範囲であれば対応できると思います。)
追記2:ルータ自体からさらにサブネットルータにPDできるようにしました。
なお、今回の設定は、GUA(IPv4でいうグローバルアドレス)をLAN側に割り当てる設定であり、firewallの設定も入れていませんので、注意してください。
今回の設定は、以下のgw1の部分です。

以下、今回のスクリプトおよびインターフェースの設定等です。
## 0-1a. WAN側インターフェス 
auto enp1s0f1
iface enp1s0f1 inet6 auto
  dhcp 1
  request_prefix 1
## 0-1b. LAN側インターフェス 
auto enp1s0f0
iface enp1s0f0 inet6 manual
iface enp1s0f0 inet static
  address 192.168.1.1
  netmask 255.255.255.0
追記3:forward設定をしている場合、外側インターフェースがaccept_ra=2でないとraにてgatewayが設定されない点を修正しました。
## 0-2. forward設定(/etc/sysctl.conf) 
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.enp1s0f1.accept_ra=2
追記1:wan interfaceが自動でupされず、dhclientとdhcpdが正常に呼び出されない場合があります。おそらくタイミングの問題だと思いますが、その場合、/etc/rc.localに以下を追記してください。
## 0-3. /etc/rc.local (chmod +x) 
  ifup enp1s0f1
  sleep 10
  /etc/init.d/isc-dhcp-server restart
追記4:radvdが広報する間隔を最大180秒(defaultは600秒)にしました。
## 0-4. /etc/radvd.conf (apt-get install radvd) 
interface enp1s0f0 {
  AdvManagedFlag on;
  AdvOtherConfigFlag on;
  AdvSendAdvert on;
  MaxRtrAdvInterval 180;
#  AdvLinkMTU 9000;

  RDNSS 2606:4700:4700::1111 2606:4700:4700::1001 2001:4860:4860::8888 {
  };

  AdvRASrcAddress {
    fe80::1;
  };
};
## 0-5. /etc/keepalived/keepalived.conf (apt-get install keepalived) 
global_defs {
  vrrp_version 3
}

vrrp_sync_group G1 {
  group {
    ipv6_vgw01
  }
}

vrrp_instance ipv6_vgw01 {
  state BACKUP
  interface enp1s0f0
  virtual_router_id 62
  priority 100
  advert_int 1.0
  virtual_ipaddress {
    fe80::1/10
  }
  garp_master_delay 1
}
## 0-6. /etc/default/isc-dhcp-server 
INTERFACESv4="enp1s0f0"
INTERFACESv6="enp1s0f0"
追記6:IPv6のREBIND6時に/etc/resolv.confを自動で変更する場合。
## 0-7. /sbin/dhclient-scriptの変更(403行目) 
#変更前
if [ "${reason}" = BOUND6 ] ||

#変更後
if [ "${reason}" = BOUND6 ] || [ "${reason}" = REBIND6 ] ||
## 1. /etc/dhcp/dhclient-exit-hooks.d/prefix-delegation ( chmod +x ) 
#!/bin/bash
if [ -n "$new_ip6_prefix" ];then
  ia_pd_interface=enp1s0f0
  # check current inet6 addr and run the script unless proper prefix is given.
  bounded=false
  for addr in `ip -6 a show dev $ia_pd_interface | grep inet6 | awk '{print $2}'`;do
    if [ "$addr" = "$new_ip6_prefix" ];then bounded=true;fi
  done

  if ! "$bounded"; then
    /usr/local/sbin/map_e-calc.sh $new_ip6_prefix $interface $ia_pd_interface
    /usr/local/sbin/subnet-dhcpd6.sh $new_ip6_prefix 
    /usr/local/sbin/subnet-dhcpd4.sh 192.168.1.0 255.255.255.0 192.168.1.200 192.168.1.254 192.168.1.1
  fi
fi

## Uncomment below for debug
#printenv >> /tmp/pd.log
#echo ======================= >> /tmp/pd.log
追記7:プレフィックスとアドレスを固定で割り当てる設定を追加しました。子ルータのDUIDは、gw1の/var/log/syslogを参照してください。
## 2-1a./usr/local/sbin/subnet-dhcpd6.sh ( chmod +x ) 
#!/bin/bash

PFX_W_LEN=$1

SUBNET_LEN=4
#SUBNET_LEN=8

PFX=`echo $PFX_W_LEN | awk -F'::' '{print $1}'`
PFX_WO_LEN=`echo $PFX_W_LEN | awk -F'/' '{print $1}'`
PFX_LEN=`echo $PFX_W_LEN  | awk -F'/' '{print $2}'`
PFX1=`echo $PFX | awk -F':' '{print $1}'`
PFX2=`echo $PFX | awk -F':' '{print $2}'`
PFX3=`echo $PFX | awk -F':' '{print $3}'`
PFX4=`echo $PFX | awk -F':' '{print $4}'`

if [ -z "$PFX3" ]; then PFX3=0; fi
if [ -z "$PFX4" ]; then PFX4=0; fi


PFX3=`printf %04x 0x$PFX3`
PFX4=`printf %04x 0x$PFX4`

#echo DEBUG: PFX1:PFX2:PFX3:PFX4::/PFX_LEN $PFX1\:$PFX2\:$PFX3\:$PFX4\::/$PFX_LEN
#echo DEBUG: PFX_LEN: $PFX_LEN

# 固定で割当てたい場合、PD6_FXを個数分追加し、PD6_Sを0xX0/0x0X増分させてください。
if [ $SUBNET_LEN == 4 ];then
PD6_F1=`printf %x $(( 0x$PFX4 + 0x10 ))`
PD6_F2=`printf %x $(( 0x$PFX4 + 0x20 ))`
PD6_S=`printf %x $(( 0x$PFX4 + 0x30 ))`
PD6_E=`printf %x $(( 0x$PFX4 + 0xf0 ))`
elif [ $SUBNET_LEN == 8 ];then
PD6_F1=`printf %x $(( 0x$PFX4 + 0x01 ))`
PD6_F2=`printf %x $(( 0x$PFX4 + 0x02 ))`
PD6_S=`printf %x $(( 0x$PFX4 + 0x03 ))`
PD6_E=`printf %x $(( 0x$PFX4 + 0xff ))`
fi

#echo DEBUG: $PD6_S $PD6_E

if [ ! -d /etc/dhcp/conf.d ]; then
 mkdir -p /etc/dhcp/conf.d
fi

#echo DEBUG: PFX_WO_LEN: $PFX_WO_LEN

cat > /etc/dhcp/conf.d/$PFX_WO_LEN.conf << EOF
default-lease-time 600;
max-lease-time 7200;
log-facility local7;

subnet6 $PFX_W_LEN {
    range6 $PFX1:$PFX2:$PFX3:$PFX4:: $PFX1:$PFX2:$PFX3:$PFX4:ffff:ffff:ffff:ffff;
    option dhcp6.name-servers 2606:4700:4700::1111, 2606:4700:4700::1001;
    prefix6 $PFX1:$PFX2:$PFX3:$PD6_S:: $PFX1:$PFX2:$PFX3:$PD6_E:: /$(( $PFX_LEN + $SUBNET_LEN ));
}

host gw2 {
  host-identifier option dhcp6.client-id 00:01:00:01:22:33:44:55:00:66:77:88:99:02;
  fixed-address6 $PFX1:$PFX2:$PFX3:$PFX4::1;
  fixed-prefix6  $PFX1:$PFX2:$PFX3:$PD6_F1::/$(( $PFX_LEN + $SUBNET_LEN ));
  on commit {
    execute("/usr/local/sbin/pdr.sh",
      "$PFX1:$PFX2:$PFX3:$PD6_F1::",
      "$(( $PFX_LEN + $SUBNET_LEN ))",
      "$PFX1:$PFX2:$PFX3:$PFX4::131"
    );
  }
}

on commit {
  if exists dhcp6.ia-pd {
    set pdaddr=binary-to-ascii(16, 16, ":", substring(option dhcp6.ia-pd,25,16));
    set pdlen=binary-to-ascii(10, 8, "", substring(option dhcp6.ia-pd,24,1));
    set nh=binary-to-ascii(16, 16, ":", substring(option dhcp6.ia-na,16,16));
    execute("/usr/local/sbin/pdr.sh", pdaddr, pdlen, nh);
  }
}

EOF

if [ ! -e /etc/dhcp/dhcpd6.conf.bkup ] && [ -e /etc/dhcp/dhcpd6.conf ];then
 mv /etc/dhcp/dhcpd6.conf /etc/dhcp/dhcpd6.conf.bkup
fi
cat > /etc/dhcp/dhcpd6.conf << EOF
include "/etc/dhcp/conf.d/$PFX_WO_LEN.conf";
EOF


#/etc/init.d/isc-dhcp-server restart
## 2-1b. /usr/local/sbin/pdr.sh ( chmod +x ) 
#!/bin/bash
rt1=`ip -6 route show $1/$2 via $3`
rt2=`ip -6 route show $1/$2`
if [ -z "$rt1" ];then
  if [ -n "$rt2" ]; then
    ip -6 route delete $1/$2
  fi
  ip -6 route add $1/$2 via $3
fi
## 2-2. /usr/local/sbin/subnet-dhcpd4.sh ( chmod +x ) 
#!/bin/bash

SUBNET=$1
MASK=$2

RANGE_S=$3
RANGE_E=$4

RT=$5

if [ ! -d /etc/dhcp/conf.d ]; then
 mkdir -p /etc/dhcp/conf.d
fi

cat > /etc/dhcp/conf.d/$SUBNET.conf << EOF
subnet $SUBNET netmask $MASK {
    range $RANGE_S $RANGE_E;
    option domain-name-servers 1.1.1.1, 1.0.0.1;
    option routers $5;
}

EOF

if [ ! -e /etc/dhcp/dhcpd.conf.bkup ] && [ -e /etc/dhcp/dhcpd.conf ];then
 mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.bkup
fi
cat > /etc/dhcp/dhcpd.conf << EOF
include "/etc/dhcp/conf.d/$SUBNET.conf";
EOF

#/etc/init.d/isc-dhcp-server restart
## 2-3. /usr/local/sbin/map_e-calc.sh ( chmod +x ) 
#!/bin/bash
new_ip6_prefix=$1
interface=$2
ia_pd_interface=$3

## use below just for debugging
#new_ip6_prefix=240b:0250:00ab::/48
#new_ip6_prefix=2404:7a82:0820:300::/56
#new_ip6_prefix=2400:4050:5c71:af00::/56


declare -A ruleprefix31=(
  [0x240b0010]=106,72
  [0x240b0012]=14,8
  [0x240b0250]=14,10
  [0x240b0252]=14,12
  [0x24047a80]=133,200
  [0x24047a84]=133,206
)
declare -A ruleprefix38=(
  [0x24047a8200]=125,196,208
  [0x24047a8204]=125,196,212
  [0x24047a8208]=125,198,140
  [0x24047a820c]=125,198,144
  [0x24047a8210]=125,198,212
  [0x24047a8214]=125,198,244
  [0x24047a8218]=122,131,104
  [0x24047a821c]=125,195,20
  [0x24047a8220]=133,203,160
  [0x24047a8224]=133,203,164
  [0x24047a8228]=133,203,168
  [0x24047a822c]=133,203,172
  [0x24047a8230]=133,203,176
  [0x24047a8234]=133,203,180
  [0x24047a8238]=133,203,184
  [0x24047a823c]=133,203,188
  [0x24047a8240]=133,209,0
  [0x24047a8244]=133,209,4
  [0x24047a8248]=133,209,8
  [0x24047a824c]=133,209,12
  [0x24047a8250]=133,209,16
  [0x24047a8254]=133,209,20
  [0x24047a8258]=133,209,24
  [0x24047a825c]=133,209,28
  [0x24047a8260]=133,204,192
  [0x24047a8264]=133,204,196
  [0x24047a8268]=133,204,200
  [0x24047a826c]=133,204,204
  [0x24047a8270]=133,204,208
  [0x24047a8274]=133,204,212
  [0x24047a8278]=133,204,216
  [0x24047a827c]=133,204,220
  [0x24047a8280]=133,203,224
  [0x24047a8284]=133,203,228
  [0x24047a8288]=133,203,232
  [0x24047a828c]=133,203,236
  [0x24047a8290]=133,203,240
  [0x24047a8294]=133,203,244
  [0x24047a8298]=133,203,248
  [0x24047a829c]=133,203,252
  [0x24047a82a0]=125,194,192
  [0x24047a82a4]=125,194,196
  [0x24047a82a8]=125,194,200
  [0x24047a82ac]=125,194,204
  [0x24047a82b0]=119,239,128
  [0x24047a82b4]=119,239,132
  [0x24047a82b8]=119,239,136
  [0x24047a82bc]=119,239,140
  [0x24047a82c0]=125,194,32
  [0x24047a82c4]=125,194,36
  [0x24047a82c8]=125,194,40
  [0x24047a82cc]=125,194,44
  [0x24047a82d0]=125,195,24
  [0x24047a82d4]=125,195,28
  [0x24047a82d8]=122,130,192
  [0x24047a82dc]=122,130,196
  [0x24047a82e0]=122,135,64
  [0x24047a82e4]=122,135,68
  [0x24047a82e8]=125,192,240
  [0x24047a82ec]=125,192,244
  [0x24047a82f0]=125,193,176
  [0x24047a82f4]=125,193,180
  [0x24047a82f8]=122,130,176
  [0x24047a82fc]=122,130,180
  [0x24047a8300]=122,131,24
  [0x24047a8304]=122,131,28
  [0x24047a8308]=122,131,32
  [0x24047a830c]=122,131,36
  [0x24047a8310]=119,243,112
  [0x24047a8314]=119,243,116
  [0x24047a8318]=219,107,136
  [0x24047a831c]=219,107,140
  [0x24047a8320]=220,144,224
  [0x24047a8324]=220,144,228
  [0x24047a8328]=125,194,64
  [0x24047a832c]=125,194,68
  [0x24047a8330]=221,171,40
  [0x24047a8334]=221,171,44
  [0x24047a8338]=110,233,80
  [0x24047a833c]=110,233,84
  [0x24047a8340]=119,241,184
  [0x24047a8344]=119,241,188
  [0x24047a8348]=119,243,56
  [0x24047a834c]=119,243,60
  [0x24047a8350]=125,199,8
  [0x24047a8354]=125,199,12
  [0x24047a8358]=125,196,96
  [0x24047a835c]=125,196,100
  [0x24047a8360]=122,130,104
  [0x24047a8364]=122,130,108
  [0x24047a8368]=122,130,112
  [0x24047a836c]=122,130,116
  [0x24047a8370]=49,129,152
  [0x24047a8374]=49,129,156
  [0x24047a8378]=49,129,192
  [0x24047a837c]=49,129,196
  [0x24047a8380]=49,129,120
  [0x24047a8384]=49,129,124
  [0x24047a8388]=221,170,40
  [0x24047a838c]=221,170,44
  [0x24047a8390]=60,239,108
  [0x24047a8394]=60,236,24
  [0x24047a8398]=122,130,120
  [0x24047a839c]=60,236,84
  [0x24047a83a0]=60,239,180
  [0x24047a83a4]=60,239,184
  [0x24047a83a8]=118,110,136
  [0x24047a83ac]=119,242,136
  [0x24047a83b0]=60,238,188
  [0x24047a83b4]=60,238,204
  [0x24047a83b8]=122,134,52
  [0x24047a83bc]=119,244,60
  [0x24047a83c0]=119,243,100
  [0x24047a83c4]=221,170,236
  [0x24047a83c8]=221,171,48
  [0x24047a83cc]=60,238,36
  [0x24047a83d0]=125,195,236
  [0x24047a83d4]=60,236,20
  [0x24047a83d8]=118,108,76
  [0x24047a83dc]=118,110,108
  [0x24047a83e0]=118,110,112
  [0x24047a83e4]=118,111,88
  [0x24047a83e8]=118,111,228
  [0x24047a83ec]=118,111,236
  [0x24047a83f0]=119,241,148
  [0x24047a83f4]=119,242,124
  [0x24047a83f8]=125,194,28
  [0x24047a83fc]=125,194,96
  [0x24047a8600]=133,204,128
  [0x24047a8604]=133,204,132
  [0x24047a8608]=133,204,136
  [0x24047a860c]=133,204,140
  [0x24047a8610]=133,204,144
  [0x24047a8614]=133,204,148
  [0x24047a8618]=133,204,152
  [0x24047a861c]=133,204,156
  [0x24047a8620]=133,204,160
  [0x24047a8624]=133,204,164
  [0x24047a8628]=133,204,168
  [0x24047a862c]=133,204,172
  [0x24047a8630]=133,204,176
  [0x24047a8634]=133,204,180
  [0x24047a8638]=133,204,184
  [0x24047a863c]=133,204,188
  [0x24047a8640]=133,203,192
  [0x24047a8644]=133,203,196
  [0x24047a8648]=133,203,200
  [0x24047a864c]=133,203,204
  [0x24047a8650]=133,203,208
  [0x24047a8654]=133,203,212
  [0x24047a8658]=133,203,216
  [0x24047a865c]=133,203,220
  [0x24047a8660]=133,204,0
  [0x24047a8664]=133,204,4
  [0x24047a8668]=133,204,8
  [0x24047a866c]=133,204,12
  [0x24047a8670]=133,204,16
  [0x24047a8674]=133,204,20
  [0x24047a8678]=133,204,24
  [0x24047a867c]=133,204,28
  [0x24047a8680]=133,204,64
  [0x24047a8684]=133,204,68
  [0x24047a8688]=133,204,72
  [0x24047a868c]=133,204,76
  [0x24047a8690]=133,204,80
  [0x24047a8694]=133,204,84
  [0x24047a8698]=133,204,88
  [0x24047a869c]=133,204,92
  [0x24047a86a0]=221,171,112
  [0x24047a86a4]=221,171,116
  [0x24047a86a8]=221,171,120
  [0x24047a86ac]=221,171,124
  [0x24047a86b0]=125,195,184
  [0x24047a86b4]=125,196,216
  [0x24047a86b8]=221,171,108
  [0x24047a86bc]=219,107,152
  [0x24047a86c0]=60,239,128
  [0x24047a86c4]=60,239,132
  [0x24047a86c8]=60,239,136
  [0x24047a86cc]=60,239,140
  [0x24047a86d0]=118,110,80
  [0x24047a86d4]=118,110,84
  [0x24047a86d8]=118,110,88
  [0x24047a86dc]=118,110,92
  [0x24047a86e0]=125,194,176
  [0x24047a86e4]=125,194,180
  [0x24047a86e8]=125,194,184
  [0x24047a86ec]=125,194,188
  [0x24047a86f0]=60,239,112
  [0x24047a86f4]=60,239,116
  [0x24047a86f8]=60,239,120
  [0x24047a86fc]=60,239,124
  [0x24047a8700]=125,195,56
  [0x24047a8704]=125,195,60
  [0x24047a8708]=125,196,32
  [0x24047a870c]=125,196,36
  [0x24047a8710]=118,108,80
  [0x24047a8714]=118,108,84
  [0x24047a8718]=118,111,80
  [0x24047a871c]=118,111,84
  [0x24047a8720]=218,227,176
  [0x24047a8724]=218,227,180
  [0x24047a8728]=60,239,208
  [0x24047a872c]=60,239,212
  [0x24047a8730]=118,109,56
  [0x24047a8734]=118,109,60
  [0x24047a8738]=122,131,88
  [0x24047a873c]=122,131,92
  [0x24047a8740]=122,131,96
  [0x24047a8744]=122,131,100
  [0x24047a8748]=122,130,48
  [0x24047a874c]=122,130,52
  [0x24047a8750]=125,198,224
  [0x24047a8754]=125,198,228
  [0x24047a8758]=119,243,104
  [0x24047a875c]=119,243,108
  [0x24047a8760]=118,109,152
  [0x24047a8764]=118,109,156
  [0x24047a8768]=118,111,104
  [0x24047a876c]=118,111,108
  [0x24047a8770]=119,239,48
  [0x24047a8774]=119,239,52
  [0x24047a8778]=122,130,16
  [0x24047a877c]=122,130,20
  [0x24047a8780]=125,196,128
  [0x24047a8784]=125,196,132
  [0x24047a8788]=122,131,48
  [0x24047a878c]=122,131,52
  [0x24047a8790]=122,134,104
  [0x24047a8794]=122,134,108
  [0x24047a8798]=60,238,208
  [0x24047a879c]=60,238,212
  [0x24047a87a0]=220,144,192
  [0x24047a87a4]=220,144,196
  [0x24047a87a8]=110,233,48
  [0x24047a87ac]=122,131,84
  [0x24047a87b0]=111,169,152
  [0x24047a87b4]=119,241,132
  [0x24047a87b8]=119,241,136
  [0x24047a87bc]=119,244,68
  [0x24047a87c0]=60,236,92
  [0x24047a87c4]=60,237,108
  [0x24047a87c8]=60,238,12
  [0x24047a87cc]=60,238,44
  [0x24047a87d0]=60,238,216
  [0x24047a87d4]=60,238,232
  [0x24047a87d8]=49,129,72
  [0x24047a87dc]=110,233,4
  [0x24047a87e0]=110,233,192
  [0x24047a87e4]=119,243,20
  [0x24047a87e8]=119,243,24
  [0x24047a87ec]=125,193,4
  [0x24047a87f0]=125,193,148
  [0x24047a87f4]=118,110,76
  [0x24047a87f8]=118,110,96
  [0x24047a87fc]=125,193,152
)
declare -A ruleprefix38_20=(
  [0x2400405000]=153,240,0
  [0x2400405004]=153,240,16
  [0x2400405008]=153,240,32
  [0x240040500c]=153,240,48
  [0x2400405010]=153,240,64
  [0x2400405014]=153,240,80
  [0x2400405018]=153,240,96
  [0x240040501c]=153,240,112
  [0x2400405020]=153,240,128
  [0x2400405024]=153,240,144
  [0x2400405028]=153,240,160
  [0x240040502c]=153,240,176
  [0x2400405030]=153,240,192
  [0x2400405034]=153,240,208
  [0x2400405038]=153,240,224
  [0x240040503c]=153,240,240
  [0x2400405040]=153,241,0
  [0x2400405044]=153,241,16
  [0x2400405048]=153,241,32
  [0x240040504c]=153,241,48
  [0x2400405050]=153,241,64
  [0x2400405054]=153,241,80
  [0x2400405058]=153,241,96
  [0x240040505c]=153,241,112
  [0x2400405060]=153,241,128
  [0x2400405064]=153,241,144
  [0x2400405068]=153,241,160
  [0x240040506c]=153,241,176
  [0x2400405070]=153,241,192
  [0x2400405074]=153,241,208
  [0x2400405078]=153,241,224
  [0x240040507c]=153,241,240
  [0x2400405080]=153,242,0
  [0x2400405084]=153,242,16
  [0x2400405088]=153,242,32
  [0x240040508c]=153,242,48
  [0x2400405090]=153,242,64
  [0x2400405094]=153,242,80
  [0x2400405098]=153,242,96
  [0x240040509c]=153,242,112
  [0x24004050a0]=153,242,128
  [0x24004050a4]=153,242,144
  [0x24004050a8]=153,242,160
  [0x24004050ac]=153,242,176
  [0x24004050b0]=153,242,192
  [0x24004050b4]=153,242,208
  [0x24004050b8]=153,242,224
  [0x24004050bc]=153,242,240
  [0x24004050c0]=153,243,0
  [0x24004050c4]=153,243,16
  [0x24004050c8]=153,243,32
  [0x24004050cc]=153,243,48
  [0x24004050d0]=153,243,64
  [0x24004050d4]=153,243,80
  [0x24004050d8]=153,243,96
  [0x24004050dc]=153,243,112
  [0x24004050e0]=153,243,128
  [0x24004050e4]=153,243,144
  [0x24004050e8]=153,243,160
  [0x24004050ec]=153,243,176
  [0x24004050f0]=153,243,192
  [0x24004050f4]=153,243,208
  [0x24004050f8]=153,243,224
  [0x24004050fc]=153,243,240
  [0x2400405100]=122,26,0
  [0x2400405104]=122,26,16
  [0x2400405108]=122,26,32
  [0x240040510c]=122,26,48
  [0x2400405110]=122,26,64
  [0x2400405114]=122,26,80
  [0x2400405118]=122,26,96
  [0x240040511c]=122,26,112
  [0x2400405120]=114,146,64
  [0x2400405124]=114,146,80
  [0x2400405128]=114,146,96
  [0x240040512c]=114,146,112
  [0x2400405130]=114,148,192
  [0x2400405134]=114,148,208
  [0x2400405138]=114,148,224
  [0x240040513c]=114,148,240
  [0x2400405140]=114,150,192
  [0x2400405144]=114,150,208
  [0x2400405148]=114,150,224
  [0x240040514c]=114,150,240
  [0x2400405150]=114,163,64
  [0x2400405154]=114,163,80
  [0x2400405158]=114,163,96
  [0x240040515c]=114,163,112
  [0x2400405180]=114,172,192
  [0x2400405184]=114,172,208
  [0x2400405188]=114,172,224
  [0x240040518c]=114,172,240
  [0x2400405190]=114,177,64
  [0x2400405194]=114,177,80
  [0x2400405198]=114,177,96
  [0x240040519c]=114,177,112
  [0x24004051a0]=118,0,64
  [0x24004051a4]=118,0,80
  [0x24004051a8]=118,0,96
  [0x24004051ac]=118,0,112
  [0x24004051b0]=118,7,64
  [0x24004051b4]=118,7,80
  [0x24004051b8]=118,7,96
  [0x24004051bc]=118,7,112
  [0x2400405200]=123,225,192
  [0x2400405204]=123,225,208
  [0x2400405208]=123,225,224
  [0x240040520c]=123,225,240
  [0x2400405210]=153,134,0
  [0x2400405214]=153,134,16
  [0x2400405218]=153,134,32
  [0x240040521c]=153,134,48
  [0x2400405220]=153,139,128
  [0x2400405224]=153,139,144
  [0x2400405228]=153,139,160
  [0x240040522c]=153,139,176
  [0x2400405230]=153,151,64
  [0x2400405234]=153,151,80
  [0x2400405238]=153,151,96
  [0x240040523c]=153,151,112
  [0x24004051c0]=118,8,192
  [0x24004051c4]=118,8,208
  [0x24004051c8]=118,8,224
  [0x24004051cc]=118,8,240
  [0x24004051d0]=118,9,0
  [0x24004051d4]=118,9,16
  [0x24004051d8]=118,9,32
  [0x24004051dc]=118,9,48
  [0x24004051e0]=123,218,64
  [0x24004051e4]=123,218,80
  [0x24004051e8]=123,218,96
  [0x24004051ec]=123,218,112
  [0x24004051f0]=123,220,128
  [0x24004051f4]=123,220,144
  [0x24004051f8]=123,220,160
  [0x24004051fc]=123,220,176
  [0x2400405240]=153,170,64
  [0x2400405244]=153,170,80
  [0x2400405248]=153,170,96
  [0x240040524c]=153,170,112
  [0x2400405250]=153,170,192
  [0x2400405254]=153,170,208
  [0x2400405258]=153,170,224
  [0x240040525c]=153,170,240
  [0x2400405260]=61,127,128
  [0x2400405264]=61,127,144
  [0x2400405268]=114,146,0
  [0x240040526c]=114,146,16
  [0x2400405270]=114,146,128
  [0x2400405274]=114,146,144
  [0x2400405278]=114,148,64
  [0x240040527c]=114,148,80
  [0x2400405280]=114,148,160
  [0x2400405284]=114,148,176
  [0x2400405288]=114,149,0
  [0x240040528c]=114,149,16
  [0x2400405290]=114,150,160
  [0x2400405294]=114,150,176
  [0x2400405298]=114,158,0
  [0x240040529c]=114,158,16
  [0x2400405160]=114,163,128
  [0x2400405164]=114,163,144
  [0x2400405168]=114,163,160
  [0x240040516c]=114,163,176
  [0x2400405170]=114,167,64
  [0x2400405174]=114,167,80
  [0x2400405178]=114,167,96
  [0x240040517c]=114,167,112
  [0x2400405300]=114,162,128
  [0x2400405304]=114,162,144
  [0x2400405308]=114,163,0
  [0x240040530c]=114,163,16
  [0x2400405310]=114,165,224
  [0x2400405314]=114,165,240
  [0x2400405318]=114,167,192
  [0x240040531c]=114,167,208
  [0x2400405320]=114,177,128
  [0x2400405324]=114,177,144
  [0x2400405328]=114,178,224
  [0x240040532c]=114,178,240
  [0x2400405330]=118,1,0
  [0x2400405334]=118,1,16
  [0x2400405338]=118,3,192
  [0x240040533c]=118,3,208
  [0x2400405340]=118,6,64
  [0x2400405344]=118,6,80
  [0x2400405348]=118,7,160
  [0x240040534c]=118,7,176
  [0x2400405360]=118,9,128
  [0x2400405364]=118,9,144
  [0x2400405368]=118,22,128
  [0x240040536c]=118,22,144
  [0x2400405370]=122,16,0
  [0x2400405374]=122,16,16
  [0x2400405378]=123,220,0
  [0x240040537c]=123,220,16
  [0x2400405350]=118,7,192
  [0x2400405354]=118,7,208
  [0x2400405358]=118,9,64
  [0x240040535c]=118,9,80
  [0x2400405380]=153,173,0
  [0x2400405384]=153,173,16
  [0x2400405388]=153,173,32
  [0x240040538c]=153,173,48
  [0x2400405390]=153,173,64
  [0x2400405394]=153,173,80
  [0x2400405398]=153,173,96
  [0x240040539c]=153,173,112
  [0x24004053a0]=153,173,128
  [0x24004053a4]=153,173,144
  [0x24004053a8]=153,173,160
  [0x24004053ac]=153,173,176
  [0x24004053b0]=153,173,192
  [0x24004053b4]=153,173,208
  [0x24004053b8]=153,173,224
  [0x24004053bc]=153,173,240
  [0x24004053c0]=153,238,0
  [0x24004053c4]=153,238,16
  [0x24004053c8]=153,238,32
  [0x24004053cc]=153,238,48
  [0x24004053d0]=153,238,64
  [0x24004053d4]=153,238,80
  [0x24004053d8]=153,238,96
  [0x24004053dc]=153,238,112
  [0x24004053e0]=153,238,128
  [0x24004053e4]=153,238,144
  [0x24004053e8]=153,238,160
  [0x24004053ec]=153,238,176
  [0x24004053f0]=153,238,192
  [0x24004053f4]=153,238,208
  [0x24004053f8]=153,238,224
  [0x24004053fc]=153,238,240
  [0x2400415000]=153,239,0
  [0x2400415004]=153,239,16
  [0x2400415008]=153,239,32
  [0x240041500c]=153,239,48
  [0x2400415010]=153,239,64
  [0x2400415014]=153,239,80
  [0x2400415018]=153,239,96
  [0x240041501c]=153,239,112
  [0x2400415020]=153,239,128
  [0x2400415024]=153,239,144
  [0x2400415028]=153,239,160
  [0x240041502c]=153,239,176
  [0x2400415030]=153,239,192
  [0x2400415034]=153,239,208
  [0x2400415038]=153,239,224
  [0x240041503c]=153,239,240
  [0x2400415040]=153,252,0
  [0x2400415044]=153,252,16
  [0x2400415048]=153,252,32
  [0x240041504c]=153,252,48
  [0x2400415050]=153,252,64
  [0x2400415054]=153,252,80
  [0x2400415058]=153,252,96
  [0x240041505c]=153,252,112
  [0x2400415060]=153,252,128
  [0x2400415064]=153,252,144
  [0x2400415068]=153,252,160
  [0x240041506c]=153,252,176
  [0x2400415070]=153,252,192
  [0x2400415074]=153,252,208
  [0x2400415078]=153,252,224
  [0x240041507c]=153,252,240
  [0x2400415080]=123,222,96
  [0x2400415084]=123,222,112
  [0x2400415088]=123,225,96
  [0x240041508c]=123,225,112
  [0x2400415090]=123,225,160
  [0x2400415094]=123,225,176
  [0x2400415098]=124,84,96
  [0x240041509c]=124,84,112
  [0x2400415380]=180,12,128
  [0x2400415384]=180,12,144
  [0x2400415388]=180,26,96
  [0x240041538c]=180,26,112
  [0x2400415390]=180,26,160
  [0x2400415394]=180,26,176
  [0x2400415398]=180,26,224
  [0x240041539c]=180,26,240
  [0x24004153a0]=180,30,0
  [0x24004153a4]=180,30,16
  [0x24004153a8]=180,31,96
  [0x24004153ac]=180,31,112
  [0x24004153c0]=180,46,0
  [0x24004153c4]=180,46,16
  [0x24004153c8]=180,48,0
  [0x24004153cc]=180,48,16
  [0x24004153d0]=180,50,192
  [0x24004153d4]=180,50,208
  [0x24004153d8]=180,53,0
  [0x24004153dc]=180,53,16
  [0x24004153b0]=180,32,64
  [0x24004153b4]=180,32,80
  [0x24004153b8]=180,34,160
  [0x24004153bc]=180,34,176
  [0x24004153e0]=218,230,128
  [0x24004153e4]=218,230,144
  [0x24004153e8]=219,161,64
  [0x24004153ec]=219,161,80
  [0x24004153f0]=220,96,64
  [0x24004153f4]=220,96,80
  [0x24004153f8]=220,99,0
  [0x24004153fc]=220,99,16
  [0x2400415100]=180,60,0
  [0x2400415104]=180,60,16
  [0x2400415108]=180,60,32
  [0x240041510c]=180,60,48
  [0x2400415110]=180,60,64
  [0x2400415114]=180,60,80
  [0x2400415118]=180,60,96
  [0x240041511c]=180,60,112
  [0x2400415120]=180,60,128
  [0x2400415124]=180,60,144
  [0x2400415128]=180,60,160
  [0x240041512c]=180,60,176
  [0x2400415130]=180,60,192
  [0x2400415134]=180,60,208
  [0x2400415138]=180,60,224
  [0x240041513c]=180,60,240
  [0x2400415140]=153,139,0
  [0x2400415144]=153,139,16
  [0x2400415148]=153,139,32
  [0x240041514c]=153,139,48
  [0x2400415150]=153,139,64
  [0x2400415154]=153,139,80
  [0x2400415158]=153,139,96
  [0x240041515c]=153,139,112
  [0x2400415160]=219,161,128
  [0x2400415164]=219,161,144
  [0x2400415168]=219,161,160
  [0x240041516c]=219,161,176
  [0x2400415170]=219,161,192
  [0x2400415174]=219,161,208
  [0x2400415178]=219,161,224
  [0x240041517c]=219,161,240
  [0x24004151c0]=124,84,128
  [0x24004151c4]=124,84,144
  [0x24004151c8]=124,98,192
  [0x24004151cc]=124,98,208
  [0x2400415180]=153,187,0
  [0x2400415184]=153,187,16
  [0x2400415188]=153,187,32
  [0x240041518c]=153,187,48
  [0x2400415190]=153,191,0
  [0x2400415194]=153,191,16
  [0x2400415198]=153,191,32
  [0x240041519c]=153,191,48
  [0x24004151a0]=180,12,64
  [0x24004151a4]=180,12,80
  [0x24004151a8]=180,12,96
  [0x24004151ac]=180,12,112
  [0x24004151b0]=180,13,0
  [0x24004151b4]=180,13,16
  [0x24004151b8]=180,13,32
  [0x24004151bc]=180,13,48
  [0x24004151d0]=124,100,0
  [0x24004151d4]=124,100,16
  [0x24004151d8]=124,100,224
  [0x24004151dc]=124,100,240
  [0x2400415300]=153,165,96
  [0x2400415304]=153,165,112
  [0x2400415308]=153,165,160
  [0x240041530c]=153,165,176
  [0x2400415310]=153,171,224
  [0x2400415314]=153,171,240
  [0x2400415318]=153,175,0
  [0x240041531c]=153,175,16
  [0x2400415344]=220,106,48
  [0x2400415374]=220,106,80
  [0x2400415340]=220,106,32
  [0x2400415370]=220,106,64
  [0x2400415320]=153,181,0
  [0x2400415324]=153,181,16
  [0x2400415328]=153,183,224
  [0x240041532c]=153,183,240
  [0x2400415330]=153,184,128
  [0x2400415334]=153,184,144
  [0x2400415338]=153,187,224
  [0x240041533c]=153,187,240
  [0x2400415360]=153,191,192
  [0x2400415364]=153,191,208
  [0x2400415348]=153,188,0
  [0x240041534c]=153,188,16
  [0x2400415350]=153,190,128
  [0x2400415354]=153,190,144
  [0x2400415358]=153,191,64
  [0x240041535c]=153,191,80
  [0x2400415368]=153,194,96
  [0x240041536c]=153,194,112
  [0x2400415200]=180,16,0
  [0x2400415204]=180,16,16
  [0x2400415208]=180,16,32
  [0x240041520c]=180,16,48
  [0x2400415210]=180,29,128
  [0x2400415214]=180,29,144
  [0x2400415218]=180,29,160
  [0x240041521c]=180,29,176
  [0x2400415220]=180,59,64
  [0x2400415224]=180,59,80
  [0x2400415228]=180,59,96
  [0x240041522c]=180,59,112
  [0x2400415230]=219,161,0
  [0x2400415234]=219,161,16
  [0x2400415238]=219,161,32
  [0x240041523c]=219,161,48
  [0x2400415250]=153,131,96
  [0x2400415254]=153,131,112
  [0x2400415260]=153,131,128
  [0x2400415264]=153,131,144
  [0x2400415268]=153,132,128
  [0x240041526c]=153,132,144
  [0x2400415240]=153,129,160
  [0x2400415244]=153,129,176
  [0x2400415248]=153,130,0
  [0x240041524c]=153,130,16
  [0x2400415270]=153,134,64
  [0x2400415274]=153,134,80
  [0x2400415278]=153,137,0
  [0x240041527c]=153,137,16
  [0x2400415280]=153,139,192
  [0x2400415284]=153,139,208
  [0x2400415288]=153,151,32
  [0x240041528c]=153,151,48
  [0x2400415290]=153,156,96
  [0x2400415294]=153,156,112
  [0x2400415298]=153,156,128
  [0x240041529c]=153,156,144
)

ip6_prefix_tmp=`echo ${new_ip6_prefix/::/:0::}`
if [[ $ip6_prefix_tmp =~ ^([0-9a-f]{1,4}):([0-9a-f]{1,4}):([0-9a-f]{1,4}):([0-9a-f]{0,4}) ]]; then

  tmp=( $( echo ${ip6_prefix_tmp} | sed -e "s|:| |g" ) )

  for i in {0..3}; do
    if [ -z "${tmp[$i]}" ];then tmp[$i]=0;fi
    hextet[i]=`printf %d 0x${tmp[$i]}`
  done
else
  echo "プレフィックスを認識できません"
  exit 1  
fi

prefix31=$(( $(( ${hextet[0]} * 0x10000 )) + $((${hextet[1]} & 0xfffe)) ))
prefix38=$(( $(( ${hextet[0]} * 0x1000000 )) + $(( ${hextet[1]} * 0x100 )) + $(( $(( ${hextet[2]} & 0xfc00 )) >> 8 )) ))
offset=6
rfc=false
if [ -n "${ruleprefix38[`printf 0x%x $prefix38`]}" ]; then
  octet="${ruleprefix38[`printf 0x%x $prefix38`]}"
# replace "," to the array delimiter " " to split into an array
  octet=(${octet//,/ }) 
  octet[2]=$(( ${octet[2]} | $(( $(( ${hextet[2]} & 0x0300 )) >> 8 )) )) 
  octet[3]=$(( ${hextet[2]} & 0x00ff )) 
#  echo debug: ${octet[0]} ${octet[1]} ${octet[2]} ${octet[3]} 
  ipaddr="${ruleprefix38[`printf 0x%x $prefix38`]}",0
  ip6prefixlen=38
  psidlen=8 
  offset=4
elif [ -n "${ruleprefix31[`printf 0x%x $prefix31`]}" ]; then 
  octet="${ruleprefix31[`printf 0x%x $prefix31`]}" 
  octet=(${octet//,/ }) 
  octet[1]=$(( ${octet[1]} | $(( ${hextet[1]} & 0x0001 )) )) 
  octet[2]=$(( $(( ${hextet[2]} & 0xff00 )) >> 8 ))
  octet[3]=$(( ${hextet[2]} & 0x00ff ))
  ipaddr="${ruleprefix31[`printf 0x%x $prefix31`]}",0,0
  ip6prefixlen=31
  psidlen=8
  offset=4
elif [ -n "${ruleprefix38_20[`printf 0x%x $prefix38`]}" ]; then 
  octet="${ruleprefix38_20[`printf 0x%x $prefix38`]}"
  octet=(${octet//,/ }) 
  octet[2]=$(( ${octet[2]} | $(( $(( ${hextet[2]} & 0x03c0 )) >> 6 )) ))
  octet[3]=$(( $(( $(( ${hextet[2]} & 0x003f )) << 2 )) | $(( $(( ${hextet[3]} & 0xc000 )) >> 14 )) )) 
  ipaddr="${ruleprefix38_20[`printf 0x%x $prefix38`]}",0
  ip6prefixlen=38
  psidlen=6
else
  echo "未対応のプレフィックス"
  exit 1 
fi

if [ $psidlen == 8 ]; then
  psid=$(( $(( ${hextet[3]} & 0xff00 )) >> 8 ))
elif [ $psidlen == 6 ]; then
  psid=$(( $(( ${hextet[3]} & 0x3f00 )) >> 8 ))
fi

ports=""
Amax=$(( $(( 1 << $offset )) -1 ));
for (( A=1; A <= $Amax; A++ )) {
  port=$(( $(( $A << $((16 - $offset)) )) | $(( $psid << $(( 16 - $offset - $psidlen )) )) ))
  ports+="$port""-""$(( $port + $(( $(( 1 << $(( 16 - $offset - $psidlen )) )) - 1 ))  ))"
  if [ $A -lt $Amax ]; then 
    if ! ((A % 3)); then ports="$ports"\\n; else ports="$ports ";fi
  fi
} 

# vars for bring up the map-e router
lp=$Amax
nxps=$(( 1 << $((16 - $offset)) ))
pslen=$(( 1 << $(( 16 - $offset - $psidlen )) ))
#echo -e "$ports"


if [ $(( ${hextet[3]} & 0xff )) != 0 ]; then
  echo "入力値とCEとで/64が異なる"
fi

hextet[3]=$((${hextet[3]} & 0xff00))
if $rfc; then
  hextet[4]=0
  hextet[5]=$(( $((  ${octet[0]} << 8  )) | ${octet[1]} ))
  hextet[6]=$(( $((  ${octet[2]} << 8  )) | ${octet[3]} ))
  hextet[7]=$psid
else
  hextet[4]=${octet[0]}
  hextet[5]=$(( $((${octet[1]} << 8)) | ${octet[2]} ))
  hextet[6]=$((${octet[3]} << 8))
  hextet[7]=$(($psid << 8))
fi

declare -a ce
for ((i=0; i < 8; i++)); do
  ce[i]=`printf %x ${hextet[$i]}`
done

ealen=$(( 56 - $ip6prefixlen ))
ip4prefixlen=$(( 32 - $(($ealen - $psidlen))  ))

declare -a hextet2
if [ $ip6prefixlen == 38 ]; then
  hextet2[0]=${hextet[0]}
  hextet2[1]=${hextet[1]}
  hextet2[2]=$(( ${hextet[2]} & 0xfc00))
elif [ $ip6prefixlen == 31 ]; then
  hextet2[0]=${hextet[0]}
  hextet2[1]=$(( ${hextet[1]} & 0xfffe ))
fi  

declare -a ip6prefix
for ((i=0; i < ${#hextet2[@]}; i++)); do
  ip6prefix[i]=`printf %x ${hextet2[$i]}` 
done 

prefix31_hex=`printf 0x%x $prefix31`
if   [[ $prefix31_hex -ge 0x24047a80 ]] && [[ $prefix31_hex -lt 0x24047a84 ]]; then
  peeraddr="2001:260:700:1::1:275"
elif [[ $prefix31_hex -ge 0x24047a84 ]] && [[ $prefix31_hex -lt 0x24047a88 ]]; then
  peeraddr="2001:260:700:1::1:276"
elif [[ $prefix31_hex -ge 0x240b0010 ]] && [[ $prefix31_hex -lt 0x240b0014 ]]; then
  peeraddr="2404:9200:225:100::64"
elif [[ $prefix31_hex -ge 0x240b0250 ]] && [[ $prefix31_hex -lt 0x240b0254 ]]; then
  peeraddr="2404:9200:225:100::64"
elif [ -n "${ruleprefix38_20[`printf 0x%x $prefix38`]}" ]; then
  peeraddr="2001:380:a120::9"
else
  peeraddr=""
fi

echo DEBUG: peeraddr: $peeraddr
ipaddr=(${ipaddr//,/ })
ip4a="$(IFS="."; echo "${ipaddr[*]}")"
echo DEBUG: ipaddr: $ip4a
echo DEBUG: ip4prefixlen: $ip4prefixlen
ip6pfx="$(IFS=":"; echo "${ip6prefix[*]}")" 
echo DEBUG: ip6prefix: $ip6pfx::
echo DEBUG: ip6prefixlen: $ip6prefixlen
echo DEBUG: ealen: $ealen
echo DEBUG: psidlen: $psidlen
echo DEBUG: offset: $offset

PFX=$new_ip6_prefix
echo debug: PFX: $PFX

CE="$(IFS=":"; echo "${ce[*]}")"
echo debug: CE: $CE

IPV4=${octet[0]}.${octet[1]}.${octet[2]}.${octet[3]}
echo debug: IPV4: $IPV4

PSID=$psid
echo debug: PSID: $PSID

BR=$peeraddr
echo debug: BR: $BR

echo debug: nxps $nxps lp: $lp pslen: $pslen


## 例:ここからさらに引数を渡して別スクリプトを呼び出し
/usr/local/sbin/map_e-router.sh $PFX $CE $IPV4 $PSID $BR $nxps $lp $interface $ia_pd_interface $pslen
追記5:本ルータ以下にサブルータを接続する場合、IPv4サブネットへのルートは自動では設定されませんので、例えば3-1,3-2の## local messy setups below.以下または、/etc/rc.local(chmod+x)にスタテイックルートを追記してください。 
ip -4 route add 172.16.2.0/24 via 192.168.1.2 dev eth1
ip -4 route add 172.16.3.0/24 via 192.168.1.2 dev eth1
ip -4 route add 172.16.4.0/24 via 192.168.1.2 dev eth1
2021/03/15 修正1:パラメータの受け渡しが10個以上の場合、期待通りに動作しない点を修正しました。
2021/03/15 修正2:変数skipが初期化されていない場合、期待通りに動作しない点を修正しました。
2021/05/16 修正3:CEアドレスをWANDEVではなくLANDEVに割り当てる様にスクリプトの一部を修正しました。
## 3-1. /usr/local/sbin/map_e-router.sh -- iptables版 ( chmod +x ) 
#!/bin/bash

PFX=${1}

BR=${5}
CE=${2}
IP4=${3}
PSID=${4}

LANDEV=${9}

WANDEV=${8}
TUNDEV='tun0'

lp=${7}
nxps=${6}
pslen=${10}

ip -6 addr add $CE/128 dev $LANDEV
ip -6 addr add $PFX dev $LANDEV
ip -6 tunnel add $TUNDEV mode ip4ip6 remote $BR local $CE dev $LANDEV encaplimit none
ip link set dev $TUNDEV mtu 1460
ip link set dev $TUNDEV up
ip -4 addr add $IP4/32 dev $TUNDEV

ip route delete default
ip route add default dev $TUNDEV

## ipv6 default routeは, radvdにて広報され取得まで数分かかる場合があるので、
## 下記2行はnet.ipv6.conf.$WANDEV.accept_ra_defrtr=0の場合(手動で割当てたい場合)
#ip -6 route add default proto static metric 20 \
#    nexthop via fe80::wwww:xxxx:yyyy:zzzz dev $WANDEV weight 10

iptables -t nat -F
iptables -t mangle -F

rule=1
skip=0

while [ $rule -le $lp  ] ; do
  mark=$rule
  pn=`expr $rule - 1`
  portl=`expr \( $rule + $skip \) \* $nxps + $PSID \* $pslen`
  portr=`expr $portl + $(( $pslen - 1))`

  iptables -t mangle -A POSTROUTING -o $TUNDEV -m statistic --mode nth --every $lp --packet $pn -j MARK --set-mark $mark

  iptables -t nat -A POSTROUTING -p icmp -o $TUNDEV -m mark --mark $mark -j SNAT --to $IP4:$portl-$portr
  iptables -t nat -A POSTROUTING -p tcp  -o $TUNDEV -m mark --mark $mark -j SNAT --to $IP4:$portl-$portr
  iptables -t nat -A POSTROUTING -p udp  -o $TUNDEV -m mark --mark $mark -j SNAT --to $IP4:$portl-$portr
  iptables -t nat -A POSTROUTING -p sctp -o $TUNDEV -m mark --mark $mark -j SNAT --to $IP4:$portl-$portr
  iptables -t nat -A POSTROUTING -p dccp -o $TUNDEV -m mark --mark $mark -j SNAT --to $IP4:$portl-$portr

  rule=`expr $rule + 1`
done

iptables -t mangle -o $TUNDEV --insert FORWARD 1 -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:65495 -j TCPMSS --clamp-mss-to-pmtu

## local messy setups below.
2021/03/15 修正1:パラメータの受け渡しが10個以上の場合、期待通りに動作しない点を修正しました。
2021/05/16 修正2:CEアドレスをWANDEVではなくLANDEVに割り当てる様にスクリプトの一部を修正しました。
## 3-2. /usr/local/sbin/map_e-router.sh -- nftables版 ( chmod +x ) 
#!/bin/bash

PFX=${1}
BR=${5}
CE=${2}
IP4=${3}
PSID=${4}
lp=${7}
nxps=${6}
pslen=${10}

LANDEV=${9}

WANDEV=${8}
TUNDEV='tun0'

ip -6 addr add $CE/128 dev $LANDEV
ip -6 addr add $PFX dev $LANDEV
ip -6 tunnel add $TUNDEV mode ip4ip6 remote $BR local $CE dev $LANDEV encaplimit none
ip link set dev $TUNDEV mtu 1460 up
ip -4 addr add $IP4/32 dev $TUNDEV

## ipv6 default routeは, radvdにて広報され取得まで数分かかる場合があるので、
## 下記2行はnet.ipv6.conf.$WANDEV.accept_ra_defrtr=0の場合(手動で割当てたい場合)
#ip -6 route add default proto static metric 20 \
#    nexthop via fe80::wwww:xxxx:yyyy:zzzz dev $WANDEV weight 10

ip route add default proto static metric 20 \
    nexthop dev $TUNDEV weight 10

## configure nftables

## clear nftables first of all
nft flush ruleset

## add map_e_filter table
nft add table ip map_e_filter
nft add chain ip map_e_filter POSTROUTING { type filter hook postrouting priority 0\; }
nft add rule  ip map_e_filter POSTROUTING iifname $TUNDEV tcp flags \& syn == syn tcp option maxseg size set rt mtu
nft add rule  ip map_e_filter POSTROUTING oifname $TUNDEV tcp flags \& syn == syn tcp option maxseg size set rt mtu

## add map_e_nat table
nft add table ip map_e_nat
nft add chain ip map_e_nat POSTROUTING { type nat hook postrouting priority 0 \; }

## add my_vmap
nft add map ip map_e_nat my_vmap { type mark : verdict \; }

## add POSTROUTING rules to map_e_nat table
for proto in tcp udp icmp udplite sctp dccp; do
nft add rule map_e_nat POSTROUTING oifname $TUNDEV meta l4proto $proto mark set numgen inc mod $lp offset 1
done

nft add rule map_e_nat POSTROUTING oifname $TUNDEV meta mark vmap @my_vmap

## add map_e_chains to map_e_nat table and add elements into my_vmap

rule=1

while [ $rule -le $lp  ] ; do
  mark=`expr $rule`
  portl=`expr $rule \* $nxps + $PSID \* $pslen`
  portr=`expr $portl + $(($pslen - 1))`
  nft add chain ip map_e_nat map_e_chain$mark
  for proto in tcp udp icmp udplite sctp dccp; do
    nft add rule ip map_e_nat map_e_chain$mark meta l4proto $proto snat to $IP4:$portl-$portr persistent
  done
  nft add element ip map_e_nat my_vmap { $mark : goto map_e_chain$mark }
  rule=`expr $rule + 1`
done

#### local messy setups below
今回は以上です。それでは。
ラベル:

コメント

コメントを投稿

このブログの人気の投稿

wsdd を使ってSamba サーバをネットワークに表示

Windows 10のアップデートで、セキュリティー対応のため、smbv1がデフォルトではインストールされなくなり、Samba serverがエクスプローラーのネットワークに表示されなくなってしまいました。そこで、いくつか方法を調べたのですが、linuxでwsdの実装がないか探したところ、 https://github.com/christgau/wsdd が、見つかりましたので、さっそくインストールしてみました。まだパッケージにはないようですが、インストール自身は簡単です。wsdd自体は以下のように取得し、linkを張っておきます。 cd /usr/local/bin/ sudo wget https://raw.githubusercontent.com/christgau/wsdd/master/src/wsdd.py sudo chmod 755 wsdd.py sudo ln -sf wsdd.py wsdd こちらのsambaサーバはDebianなので、/etc/systemd/system/wsdd.serviceは以下のようにしました。 [Unit] Description=Web Services Dynamic Discovery host daemon Requires=network-online.target After=network.target network-online.target multi-user.target [Service] Type=simple ExecStart=/usr/local/bin/wsdd -d MYDOMAIN [Install] WantedBy=multi-user.target wsdd -d MYDOMAINのところを、環境にあわせて書き換えてください。 次に、systemdに登録・起動テストを行います。 systemctl enable wsdd systemctl start wsdd 起動に成功すると、エクスプローラーのネットワークに表示されます。  なおこのwsddはpython3が必要です。一度試してみてください。SMBv1/CIFSを停止していても、大丈夫です。 cで書かれたほかのwsddの実装もあるようなので、いずれパッケージになるかも...
コメントを投稿
続きを読む

Windows デバイス暗号化 のサポートで "許可されていない dma 対応バス/デバイスが検出されました"の対処

Windows でセキュリティー関係を見ているのですが、とあるPCでmsinfo32で確認すると"デバイス暗号化のサポート"で"許可されていない dma 対応バス/デバイスが検出されました"と出ていました。このPCの場合、それ以外はOK(なにも表示されない)だったのですが、ネットでしらべるとMSのドキュメントではハードウェアベンダーに問い合わせるなどと敷居が高く具体的にどこが引っかかっているかわかりません。そこでほかに方法はないかとしらべやってみたところ、"前提条件をみたしています"まで持って行けたので、本稿を挙げた次第です。 具体的には、以下のようにします。 1-a. 許可するDMA対応バス・デバイスを指定するレジストリの所有権と書き込み設定をおこなう。 以下のレジストリキーの所有者を自分自身(管理ユーザ)のものにし、フルコントロール権を付与する。 HKLM\SYSTEM\CurrentControlSet\Control\DmaSecurity\AllowedBuses もしくは 1-b. MicrosoftよりPsExecをダウンロードし、System権限でRegeditを立ち上げ編集する。 Microsoftより、https://docs.microsoft.com/en-us/sysinternals/downloads/psexec にある こちら をダウンロードし、解凍する。解凍すると、x64の場合、PsExec64.exeがあるので、管理者権限で以下を実行し、システム権限でregeditを立ち上げることが出来るようになる。 cd Downloads\PSTools .\PsExec64.exe -sid C:\Windows\regedit.exe 2-a. パワーシェルスクリプトを実行し、PnPデバイスのうちインスタンスがPCIで始まるものを"AllowedBuses"に追加する。 以下のパワーシェルスクリプトを作成する。たとえばDocuments\allow-dma-bus-device.ps1として作成する。( こちらの記事のものを使用させていただきました: Thank you! ) $tmpfile = "$($env:T...
コメントを投稿
続きを読む

フレッツ光クロス:MAP-E ROUTER by Debian Box (iptables)

フレッツ光クロスがようやく開通したので、Debianにてrouterを構成し接続してみました。なお、プロバイダーを選ぶにあたっては、IPoE方式がそれぞれ異なるため検討したところ、IPoEでは、MAP-Eでもv6plusとocnバーチャルコネクトがあり、前者がポート数240なのに対し、後者は約4倍のポート数が使えるようなネットの情報をみて、OCNバーチャルコネクトを選択しました。(プロバイダーとしてはぷららです。なおDS-LiteはCE側でのNATではないので今回は見送りました。)そこで、OCN バーチャルコネクトをDebian(iptables)で実現するとどうなるかと思い、ネットの情報を頼りにしつつ、設定した次第です。 実際に試した結果、とりあえず通信できていますが、MAP-Eは本来マッピングルールをマップサーバから取得するはずなので、今回のやり方が正解とはいえませんし、仕様変更されると通信できなくなる可能性があります。あくまでも参考程度ですが、本稿をUPしてみました。 2023/03/16追記: こちら にゲームコンソールNAT越え(Nintendo Switch ナットタイプ A判定)対応版を投稿しました。 2023/03/28追記:※1の記述および3行無効化によりNAT越え(Nintendo Switch ナットタイプ B判定)できるようになりました。 構成は以下の通りです。 ルーターがDebianで回線がOCNバーチャルコネクトであること以外はなにも特別なところはない構成です。 さて、いきなり設定ですが、まず、割り当てられたプレフィックスを確認します。 確認は、 dhclient -6 -d -P enp2s0 とします。出力の中に 前略 RCV: | | X-- IAPREFIX 2400:4050:5c71:af00::/56 後略 このようにプレフィックスが表示されるので、その確認したプレフィックスを書き留めておきます。これを こちらで 入力します。すると、 CE: 2400:4050:5c71:af00:99:f171:c600:2f00 IPv4 アドレス: 153.241.113.198 ポート番号:(1776-1791 2800-2815 3824-3839) 4848-4863 5872-5887 6896-...
コメントを投稿
続きを読む