OPENNHRP-SCRIPT(8) OpenNHRP Documentation OPENNHRP-SCRIPT(8)NAMEopennhrp-script - NHRP peer configuration script
DESCRIPTION
NHRP peer configuration script is used invoked by opennhrp(8).
This script can be used to establish a direct NBMA peer to peer connec‐
tion after NHRP Resolution Reply has been received, but prior to
injecting the peer address to kernel neighbor table. This could be to
insert firewall rules allowing the traffic and/or establishing an IPsec
connection (or some other secure communication channel). The script is
also called when the cached peer information expires.
OPERATION
When opennhrp needs to invoke the peer configuration script, it defines
a set of variables in the environment and then executes the script with
exactly one argument. The argument is set to the name of the reason
why the script has been invoked. The following reasons are currently
defined: interface-up, peer-register, peer-up, peer-down, nhs-up, nhs-
down, route-up and route-down.
INTERFACE-UP
Interface has been just discovered, or it is has changed state from
down to up. This is the place to clean up old routes if needed.
PEER-REGISTER
A peer registration request has been received. The script is run before
the internal peer cache is altered and this allows the script to reject
registration without it deleting old peers. This could be used to check
that IPsec connection is up or one might encode allowed protocol-
addresses in the certificate and it could be enforced here. This hook
is executed synchronously so it should be fast.
PEER-UP
A peer has been discovered (either by means of static configuration,
dynamic client registration or resolution reply arrival to initiate
shortcut). This hook is invoked right after the peer's NBMA address is
available. For all other than dynamic-map entries the protocol address
is available too. The information will not be injected to the kernel
ARP cache until the script has returned zero. If non-zero return value
is returned, the peer entry is marked as invalid and negative cached
for a short period of time.
PEER-DOWN
A peer connection is about to be cleared. This can happend for dynamic
client registrations or cached information. Dynamic client registra‐
tions are teared down when registration holding time expires (and no
re-registration has occured) or if it explicitely removed using Purge
Request. Cached entries are removed when holding time expires (and
there has been no traffic to trigger renewal of the peer address infor‐
mation) or when it is explicitely removed with Purge Request.
NHS-UP
This is called for NHS right after the first succesful Registration
Reply is received. This can be used to update application level con‐
figuration about which servers to use.
NHS-DOWN
Informs that the specified NHS is no longer available.
ROUTE-UP
In reply to resolution request we have received a shortcut route with
destination off the NBMA subnetwork. The script should insert appropri‐
ate entry to kernel routing table.
ROUTE-DOWN
The associated shortcut route information is no longer valid and should
be removed from kernel routing table.
ENVIRONMENT
NHRP_TYPE
For peer-up and peer-down reasons this can be: static (config‐
ured information), dynamic-nhs (configured NHS with only NBMA
address known), dynamic (client registered) or cached (resolved
since we had packets going there).
The nhs-up and nhs-down reasons are called for static entries
with register keyword and dynamic-nhs entries.
For peer-register this is always dynamic.
For route-up and route-down reasons this is always defined as
route.
For interface-up reason this is irrelevant, but always defined
as interface.
NHRP_INTERFACE
The network interface to which this event is related to.
NHRP_GRE_KEY
The GRE key assigned to the related network interface.
NHRP_DESTADDR
Destination protocol address. E.g. for NBMA GRE tunnels this is
the IP address assigned to the tunnel interface being used.
NHRP_DESTPREFIX
Subnet prefix length for destination protocol address.
NHRP_DESTNBMA
Defined only for peer-up and peer-down reasons. This contains
the NBMA address of the destination. E.g. for NBMA GRE this con‐
tains the public IP of the peer.
NHRP_DESTMTU
Defined only for peer-up reasons. This contains the MTU for NBMA
address of the destination.
NHRP_NEXTHOP
Defined only for route-up and route-down reasons. This is the
protocol address of the next hop to be used in routing.
NHRP_PEER_DOWN_REASON
Defined only for peer-down reason. This describes why the peer
has been deleted. Currently it is one of expired, user-request
or lower-down.
SEE ALSOopennhrp(8)AUTHORS
Timo Teras <timo.teras@iki.fi>
20 May 2009 OPENNHRP-SCRIPT(8)
