Skip to content

O
OpenXG-RAN
Commit b4538302 authored by Lionel Gauthier's avatar Lionel Gauthier
Browse files
Options

Can disable SGI interface 

git-svn-id: http://svn.eurecom.fr/openair4G/trunk@5131 818b1a75-f10b-46b9-bf7c-635c3b92a50f
parent 69f29c28
Hide whitespace changes
Inline Side-by-side
Showing with 110 additions and 104 deletions
targets/PROJECTS/GENERIC-LTE-EPC/utils.bash
View file @ b4538302
...@@ -543,113 +543,119 @@ build_mme_spgw_vlan_network() { ...@@ -543,113 +543,119 @@ build_mme_spgw_vlan_network() {
echo_fatal "BAD INTERFACE NAME FOR SGW S1U $SGW_INTERFACE_NAME_FOR_S1U_S12_S4_UP"' (waiting for ethx.y, wlanx.y or wifix.y)' echo_fatal "BAD INTERFACE NAME FOR SGW S1U $SGW_INTERFACE_NAME_FOR_S1U_S12_S4_UP"' (waiting for ethx.y, wlanx.y or wifix.y)'
fi; fi;
ping -c 1 router.eur > /dev/null || { echo_fatal "router.eur does not respond to ping" >&2 ; } #
IP_ROUTER=`python -c 'import socket; print socket.gethostbyname("router.eur")'` is_real_interface $PGW_INTERFACE_NAME_FOR_SGI
export MAC_ROUTER=`ip neigh show | grep $IP_ROUTER | cut -d ' ' -f5 | tr -d ':'` if [ $? -eq 1 ]; then
echo_success "ROUTER MAC ADDRESS= $MAC_ROUTER" ping -c 1 router.eur > /dev/null || { echo_fatal "router.eur does not respond to ping" >&2 ; }
IP_ROUTER=`python -c 'import socket; print socket.gethostbyname("router.eur")'`
if [ $ENABLE_USE_NETFILTER_FOR_SGI -eq 1 ]; then export MAC_ROUTER=`ip neigh show | grep $IP_ROUTER | cut -d ' ' -f5 | tr -d ':'`
echo_success "ROUTER MAC ADDRESS= $MAC_ROUTER"
bash_exec "modprobe nf_conntrack"
bash_exec "modprobe nf_conntrack_ftp" if [ $ENABLE_USE_NETFILTER_FOR_SGI -eq 1 ]; then
###################################################### bash_exec "modprobe nf_conntrack"
# PREROUTING bash_exec "modprobe nf_conntrack_ftp"
######################################################
# We restore the mark following the CONNMARK mark. In fact, it does a simple MARK=CONNMARK ######################################################
# where MARK is the standard mark (usable by tc) # PREROUTING
# In French: Cette option de cible restaure le paquet marqué dans la marque de connexion ######################################################
# comme défini par CONNMARK. Un masque peut aussi être défini par l'option --mask. # We restore the mark following the CONNMARK mark. In fact, it does a simple MARK=CONNMARK
# Si une option mask est placée, seules les options masquées seront placées. # where MARK is the standard mark (usable by tc)
# Notez que cette option de cible n'est valide que dans la table mangle. # In French: Cette option de cible restaure le paquet marqué dans la marque de connexion
bash_exec "$IPTABLES -t mangle -A PREROUTING -j CONNMARK --restore-mark" # comme défini par CONNMARK. Un masque peut aussi être défini par l'option --mask.
# Si une option mask est placée, seules les options masquées seront placées.
# TEST bash_exec "$IPTABLES -t mangle -A PREROUTING -m mark --mark 0 -i $PGW_INTERFACE_NAME_FOR_SGI -j MARK --set-mark 15" # Notez que cette option de cible n'est valide que dans la table mangle.
# We set the mark of the initial packet as value of the conntrack mark for all the packets of the connection. bash_exec "$IPTABLES -t mangle -A PREROUTING -j CONNMARK --restore-mark"
# This mark will be restore for the other packets by the first rule of POSTROUTING --restore-mark).
bash_exec "$IPTABLES -t mangle -A PREROUTING -j CONNMARK --save-mark" # TEST bash_exec "$IPTABLES -t mangle -A PREROUTING -m mark --mark 0 -i $PGW_INTERFACE_NAME_FOR_SGI -j MARK --set-mark 15"
# We set the mark of the initial packet as value of the conntrack mark for all the packets of the connection.
# This mark will be restore for the other packets by the first rule of POSTROUTING --restore-mark).
###################################################### bash_exec "$IPTABLES -t mangle -A PREROUTING -j CONNMARK --save-mark"
# POSTROUTING
######################################################
######################################################
# MARK=CONNMARK # POSTROUTING
bash_exec "iptables -A POSTROUTING -t mangle -o tap0 -j CONNMARK --restore-mark" ######################################################
# If we’ve got a mark no need to get further[
bash_exec "iptables -A POSTROUTING -t mangle -o tap0 -m mark ! --mark 0 -j ACCEPT" # MARK=CONNMARK
bash_exec "iptables -A POSTROUTING -t mangle -o tap0 -j CONNMARK --restore-mark"
#bash_exec "iptables -A POSTROUTING -p tcp --dport 21 -t mangle -j MARK --set-mark 1" # If we’ve got a mark no need to get further[
#bash_exec "iptables -A POSTROUTING -p tcp --dport 80 -t mangle -j MARK --set-mark 2" bash_exec "iptables -A POSTROUTING -t mangle -o tap0 -m mark ! --mark 0 -j ACCEPT"
# We set the mark of the initial packet as value of the conntrack mark for all the packets #bash_exec "iptables -A POSTROUTING -p tcp --dport 21 -t mangle -j MARK --set-mark 1"
# of the connection. This mark will be restore for the other packets by the first rule #bash_exec "iptables -A POSTROUTING -p tcp --dport 80 -t mangle -j MARK --set-mark 2"
# of POSTROUTING (–restore-mark).
bash_exec "iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark" # We set the mark of the initial packet as value of the conntrack mark for all the packets
# of the connection. This mark will be restore for the other packets by the first rule
bash_exec "iptables -A PREROUTING -t mangle -j CONNMARK --restore-mark" # of POSTROUTING (–restore-mark).
bash_exec "iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark"
# We restore the mark following the CONNMARK mark.
# In fact, it does a simple MARK=CONNMARK where MARK is the standard mark (usable by tc) bash_exec "iptables -A PREROUTING -t mangle -j CONNMARK --restore-mark"
#bash_exec "$IPTABLES -A OUTPUT -t mangle -m mark ! --mark 0 -j CONNMARK --restore-mark"
# We restore the mark following the CONNMARK mark.
# If we’ve got a mark no need to get further[1] # In fact, it does a simple MARK=CONNMARK where MARK is the standard mark (usable by tc)
#TEST bash_exec "$IPTABLES -A OUTPUT -t mangle -p icmp -j MARK --set-mark 14" #bash_exec "$IPTABLES -A OUTPUT -t mangle -m mark ! --mark 0 -j CONNMARK --restore-mark"
#bash_exec "$IPTABLES -A OUTPUT -t mangle -m mark ! --mark 0 -j ACCEPT"
# If we’ve got a mark no need to get further[1]
#TEST bash_exec "$IPTABLES -A OUTPUT -t mangle -p icmp -j MARK --set-mark 14"
# We set the mark of the initial packet as value of the conntrack mark for all the packets of the connection. #bash_exec "$IPTABLES -A OUTPUT -t mangle -m mark ! --mark 0 -j ACCEPT"
# This mark will be restore for the other packets by the first rule of OUTPUT (–restore-mark).
#bash_exec "$IPTABLES -A OUTPUT -t mangle -j CONNMARK --save-mark"
# We set the mark of the initial packet as value of the conntrack mark for all the packets of the connection.
###################################################### # This mark will be restore for the other packets by the first rule of OUTPUT (–restore-mark).
# NETFILTER QUEUE #bash_exec "$IPTABLES -A OUTPUT -t mangle -j CONNMARK --save-mark"
######################################################
bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 5 -j NFQUEUE --queue-num 1" ######################################################
bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 6 -j NFQUEUE --queue-num 1" # NETFILTER QUEUE
bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 7 -j NFQUEUE --queue-num 1" ######################################################
bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 8 -j NFQUEUE --queue-num 1" bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 5 -j NFQUEUE --queue-num 1"
bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 9 -j NFQUEUE --queue-num 1" bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 6 -j NFQUEUE --queue-num 1"
bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 10 -j NFQUEUE --queue-num 1" bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 7 -j NFQUEUE --queue-num 1"
bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 11 -j NFQUEUE --queue-num 1" bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 8 -j NFQUEUE --queue-num 1"
bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 12 -j NFQUEUE --queue-num 1" bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 9 -j NFQUEUE --queue-num 1"
bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 13 -j NFQUEUE --queue-num 1" bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 10 -j NFQUEUE --queue-num 1"
bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 14 -j NFQUEUE --queue-num 1" bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 11 -j NFQUEUE --queue-num 1"
bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 15 -j NFQUEUE --queue-num 1" bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 12 -j NFQUEUE --queue-num 1"
bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 13 -j NFQUEUE --queue-num 1"
bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 14 -j NFQUEUE --queue-num 1"
bash_exec "$IPTABLES -t mangle -A PREROUTING -i $PGW_INTERFACE_NAME_FOR_SGI -m connmark --mark 15 -j NFQUEUE --queue-num 1"
#echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables #To disable Iptables in the bridge.
#Raw table: Some years ago appeared a new tables in Iptables.
#This table can be used to avoid packets (connection really) to enter the NAT table:
# iptables -t raw -I PREROUTING -i BRIDGE -s x.x.x.x -j NOTRACK.
#bash_exec "$IPTABLES -t nat -A POSTROUTING -o $PGW_INTERFACE_NAME_FOR_SGI -j SNAT --to-source $PGW_IP_ADDR_FOR_SGI"
else
# # get ipv4 address from PGW_INTERFACE_NAME_FOR_SGI
#IP_ADDR=`ifconfig $PGW_INTERFACE_NAME_FOR_SGI | awk '/inet addr/ {split ($2,A,":"); print A[2]}' | tr '\n' ' ' | sed -n '1h;1!H;${;g;s/^[ \t]*//g;s/[ \t]*$//g;p;}'`
#NETWORK=`echo $IP_ADDR | cut -d . -f 1,2,3`
bash_exec "modprobe 8021q"
for i in 5 6 7 8 9 10 11 12 13 14 15
do
# create vlan interface
ifconfig $PGW_INTERFACE_NAME_FOR_SGI.$i down > /dev/null 2>&1
vconfig rem $PGW_INTERFACE_NAME_FOR_SGI.$i > /dev/null 2>&1
sync
bash_exec "vconfig add $PGW_INTERFACE_NAME_FOR_SGI $i"
sync
bash_exec "ifconfig $PGW_INTERFACE_NAME_FOR_SGI.$i up"
sync
# configure vlan interface
#CIDR=$NETWORK'.'$i'/24'
base=200
NET=$(( $i + $base ))
CIDR='10.0.'$NET'.2/8'
bash_exec "ip -4 addr add $CIDR dev $PGW_INTERFACE_NAME_FOR_SGI.$i"
done
fi
#echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables #To disable Iptables in the bridge. bash_exec "ip link set $PGW_INTERFACE_NAME_FOR_SGI promisc on"
#Raw table: Some years ago appeared a new tables in Iptables.
#This table can be used to avoid packets (connection really) to enter the NAT table:
# iptables -t raw -I PREROUTING -i BRIDGE -s x.x.x.x -j NOTRACK.
#bash_exec "$IPTABLES -t nat -A POSTROUTING -o $PGW_INTERFACE_NAME_FOR_SGI -j SNAT --to-source $PGW_IP_ADDR_FOR_SGI"
else else
# # get ipv4 address from PGW_INTERFACE_NAME_FOR_SGI echo_warning "SGI interface disabled by config file"
#IP_ADDR=`ifconfig $PGW_INTERFACE_NAME_FOR_SGI | awk '/inet addr/ {split ($2,A,":"); print A[2]}' | tr '\n' ' ' | sed -n '1h;1!H;${;g;s/^[ \t]*//g;s/[ \t]*$//g;p;}'`
#NETWORK=`echo $IP_ADDR | cut -d . -f 1,2,3`
bash_exec "modprobe 8021q"
for i in 5 6 7 8 9 10 11 12 13 14 15
do
# create vlan interface
ifconfig $PGW_INTERFACE_NAME_FOR_SGI.$i down > /dev/null 2>&1
vconfig rem $PGW_INTERFACE_NAME_FOR_SGI.$i > /dev/null 2>&1
sync
bash_exec "vconfig add $PGW_INTERFACE_NAME_FOR_SGI $i"
sync
bash_exec "ifconfig $PGW_INTERFACE_NAME_FOR_SGI.$i up"
sync
# configure vlan interface
#CIDR=$NETWORK'.'$i'/24'
base=200
NET=$(( $i + $base ))
CIDR='10.0.'$NET'.2/8'
bash_exec "ip -4 addr add $CIDR dev $PGW_INTERFACE_NAME_FOR_SGI.$i"
done
fi fi
bash_exec "ip link set $PGW_INTERFACE_NAME_FOR_SGI promisc on"
} }
clean_epc_vlan_network() { clean_epc_vlan_network() {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment