Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/msantos/sut

Six (IPv6 in IPv4) Userlspace Tunnel
https://github.com/msantos/sut

firewall rfc4213 tunnel tuntap

Last synced: 7 days ago
JSON representation

Six (IPv6 in IPv4) Userlspace Tunnel

Host: GitHub
URL: https://github.com/msantos/sut
Owner: msantos
License: bsd-3-clause
Created: 2012-03-29T22:04:25.000Z (over 12 years ago)
Default Branch: master
Last Pushed: 2024-09-07T11:54:32.000Z (2 months ago)
Last Synced: 2024-10-07T15:48:26.138Z (about 1 month ago)
Topics: firewall, rfc4213, tunnel, tuntap
Language: Erlang
Homepage:
Size: 46.9 KB
Stars: 11
Watchers: 4
Forks: 3
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-starred - msantos/sut - Six (IPv6 in IPv4) Userlspace Tunnel (others)

README

        [![Package Version](https://img.shields.io/hexpm/v/sut)](https://hex.pm/packages/sut)

[![Hex Docs](https://img.shields.io/badge/hex-docs)](https://hexdocs.pm/sut/)

sut, an IPv6 in IPv4 Userlspace Tunnel (RFC 4213)

## DEPENDENCIES

* https://github.com/msantos/procket

* https://github.com/msantos/pkt

* https://github.com/msantos/tunctl

## SETUP

* Sign up for an IPv6 tunnel with Hurricane Electric

  http://tunnelbroker.net/

* Start the IPv6 tunnel:

  * Serverv4 = HE IPv4 tunnel end

  * Clientv4 = Your local IP address

  * Clientv6 = The IPv6 address assigned by HE to your end of the tunnel

    ```

      sut:start([

              {serverv4, "216.66.22.2"},

              {clientv4, "192.168.1.72"},

              {clientv6, "2001:3:3:3::2"}

              ]).

    ```

  * Set up MTU and routing (as root)

    ```

      ifconfig sut-ipv6 mtu 1480

      ip route add ::/0 dev sut-ipv6

    ```

  * Test the tunnel!

    ```

      ping6 ipv6.google.com

    ```

## EXPORTS

```

start(Options) -> {ok, Ref}

start_link(Options) -> {ok, Ref}

    Types   Options = [Option]

            Option = {ifname, Ifname}

                | {serverv4, IPv4Address}

                | {clientv4, IPv4Address}

                | {clientv6, IPv6Address}

                | {filter_out, Fun}

                | {filter_in, Fun}

            Ifname = string() | binary()

            IPv4Address = string() | tuple()

            IPv6Address = string() | tuple()

            Fun = fun()

            Ref = pid()

    Starts an IPv6 over IPv4 configured tunnel.

    The default tun device is named "sut-ipv6". To specify the name,

    use {ifname, <<"devname">>}. Note the user running the tunnel

    must have sudo permissions to configure this device.

    {serverv4, Server4} is the IPv4 address of the peer.

    {clientv4, Client4} is the IPv4 address of the local end. If the

    client is on a private network (the tunnel will be NAT'ed by

    the gateway), specify the private IPv4 address here.

    {clientv6, Client6} is the IPv6 address of the local end. This

    address will usually be assigned by the tunnel broker.

    {filter_in, Fun} allows filtering and arbitrary transformation

    of IPv6 packets received from the network. All packets undergo

    the mandatory checks specified by RFC 4213 before being passed

    to user checks.

    {filter_out, Fun} allows filtering and manipulation of IPv6

    packets received from the tun device.

    Filtering functions take 2 arguments: the packet payload (a binary)

    and the tunnel state:

        -include("sut.hrl").

        -record(sut_state, {

            serverv4,

            clientv4,

            clientv6

            }.

    Filtering functions should return ok to allow the packet or {ok,

    binary()} if the packet has been altered by the function.

    Any other return value causes the packet to be dropped. The

    default filter for both incoming and outgoing packets is a noop:

        fun(_Packet, _State) -> ok end.

destroy(Ref) -> ok

    Types   Ref = pid()

    Shutdown the tunnel. On Linux, the tunnel device will be removed.

```

## EXAMPLES

To compile:

```

erlc -I deps -o ebin examples/*.erl

```

### basic_firewall

An example of setting up a stateless packet filter.

The rules are:

```

* icmp: all

* udp: none

* tcp:

    * outgoing: 22, 80, 443

    * incoming: 22

```

Start the tunnel with the filter:

```

sut:start([

    {filter_out, fun(Packet, State) -> basic_firewall:out(Packet, State) end},

    {filter_in, fun(Packet, State) -> basic_firewall:in(Packet, State) end},

    {serverv4, Server4},

    {clientv4, Client4},

    {clientv6, Client6}

]).

```

### tunnel_activity

Flashes LEDs attached to an Arduino to signal tunnel activity. Requires:

```

https://github.com/msantos/srly

```

Upload a sketch to the Arduino:

```

https://github.com/msantos/srly/blob/master/examples/strobe/strobe.pde

```

Then start the tunnel:

```

tunnel_activity:start(

    "/dev/ttyUSB0",

    [

        {led_in, 3},

        {led_out, 4},

        {serverv4, Server4},

        {clientv4, Client4},

        {clientv6, Client6}

    ]

).

```

## TODO

* Support other checks required by RFC

* Make a firewall ruleset to Erlang compiler