]>
Commit | Line | Data |
---|---|---|
4231f419 MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2010 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
e617226b MT |
22 | IP_SUPPORTED_PROTOCOLS="${IP_SUPPORTED_PROTOCOLS} ipv6" |
23 | ||
58fb41ee MT |
24 | function ipv6_init() { |
25 | log INFO "Initializing IPv6 networking." | |
26 | ||
27 | # Enable forwarding on all devices | |
f3ab2af9 MT |
28 | #ipv6_device_forwarding_disable all |
29 | #ipv6_device_forwarding_disable default | |
58fb41ee MT |
30 | |
31 | # Disable autoconfiguration on all devices per default | |
f3ab2af9 MT |
32 | #ipv6_device_autoconf_disable all |
33 | #ipv6_device_autoconf_disable default | |
58fb41ee MT |
34 | |
35 | # XXX do we need this? | |
36 | #local device | |
37 | #for device in $(devices_get_all); do | |
38 | # ipv6_device_forwarding_disable ${device} | |
39 | # ipv6_device_autoconf_disable ${device} | |
40 | #done | |
41 | } | |
42 | ||
43 | init_register ipv6_init | |
44 | ||
4231f419 MT |
45 | function ipv6_device_autoconf_enable() { |
46 | local device=${1} | |
47 | ||
58fb41ee MT |
48 | assert isset device |
49 | ||
50 | # Allow setting default and all settings | |
51 | if ! isoneof device all default; then | |
52 | assert device_exists ${device} | |
4231f419 MT |
53 | fi |
54 | ||
58fb41ee MT |
55 | local val |
56 | for val in accept_ra accept_redirects; do | |
57 | echo 1 > /proc/sys/net/ipv6/conf/${device}/${val} | |
58 | done | |
4231f419 MT |
59 | } |
60 | ||
61 | function ipv6_device_autoconf_disable() { | |
62 | local device=${1} | |
63 | ||
58fb41ee MT |
64 | assert isset device |
65 | ||
66 | # Allow setting default and all settings | |
67 | if ! isoneof device all default; then | |
68 | assert device_exists ${device} | |
69 | fi | |
70 | ||
71 | local val | |
72 | for val in accept_ra accept_redirects; do | |
73 | echo 0 > /proc/sys/net/ipv6/conf/${device}/${val} | |
74 | done | |
75 | } | |
76 | ||
77 | function ipv6_device_forwarding_enable() { | |
78 | local device=${1} | |
79 | ||
80 | assert isset device | |
81 | ||
82 | # Allow setting default and all settings | |
83 | if ! isoneof device all default; then | |
84 | assert device_exists ${device} | |
85 | fi | |
86 | ||
87 | echo 1 > /proc/sys/net/ipv6/conf/${device}/forwarding | |
88 | } | |
89 | ||
90 | function ipv6_device_forwarding_disable() { | |
91 | local device=${1} | |
92 | ||
93 | assert isset device | |
94 | ||
95 | # Allow setting default and all settings | |
96 | if ! isoneof device all default; then | |
97 | assert device_exists ${device} | |
4231f419 MT |
98 | fi |
99 | ||
58fb41ee MT |
100 | echo 0 > /proc/sys/net/ipv6/conf/${device}/forwarding |
101 | } | |
102 | ||
103 | # Enable IPv6 RFC3041 privacy extensions if desired | |
104 | function ipv6_device_privacy_extensions_enable() { | |
105 | local device=${1} | |
106 | local type=${2} | |
107 | ||
108 | assert isset device | |
109 | assert device_exists ${device} | |
110 | ||
111 | # Default value is rfc3041 | |
112 | if [ -z "${type}" ]; then | |
113 | type="rfc3041" | |
114 | fi | |
115 | ||
116 | assert isset type | |
117 | ||
118 | case "${type}" in | |
119 | rfc3041) | |
120 | echo 2 > /proc/sys/net/ipv6/conf/${device}/use_tempaddr | |
121 | ;; | |
122 | *) | |
123 | error_log "Given type '${type}' is not supported." | |
124 | return ${EXIT_ERROR} | |
125 | ;; | |
126 | esac | |
127 | ||
128 | return ${EXIT_OK} | |
129 | } | |
130 | ||
131 | function ipv6_device_privacy_extensions_disable() { | |
132 | local device=${1} | |
133 | ||
134 | assert isset device | |
135 | assert device_exists ${device} | |
136 | ||
137 | echo 0 > /proc/sys/net/ipv6/conf/${device}/use_tempaddr | |
4231f419 MT |
138 | } |
139 | ||
140 | function ipv6_is_valid() { | |
fa6df98c | 141 | ipcalc --ipv6 -c $@ >/dev/null 2>&1 |
58fb41ee | 142 | |
fa6df98c MT |
143 | case "$?" in |
144 | 0) | |
145 | return ${EXIT_OK} | |
146 | ;; | |
147 | *) | |
38f61548 | 148 | return ${EXIT_ERROR} |
fa6df98c MT |
149 | ;; |
150 | esac | |
4231f419 MT |
151 | } |
152 | ||
cb965348 MT |
153 | function ipv6_prefix_is_valid() { |
154 | local prefix=${1} | |
155 | assert isset prefix | |
156 | ||
157 | [ ${prefix} -le 0 ] && return ${EXIT_FALSE} | |
158 | [ ${prefix} -gt 128 ] && return ${EXIT_FALSE} | |
159 | ||
160 | return ${EXIT_TRUE} | |
161 | } | |
162 | ||
4231f419 MT |
163 | function ipv6_implode() { |
164 | local address=${1} | |
58fb41ee MT |
165 | assert isset address |
166 | ||
ab70371d MT |
167 | local ADDRESS6_IMPL |
168 | eval $(ipcalc -6 -i ${address} 2>/dev/null) | |
169 | assert isset ADDRESS6_IMPL | |
4231f419 | 170 | |
ab70371d | 171 | print "${ADDRESS6_IMPL}" |
4231f419 MT |
172 | } |
173 | ||
174 | function ipv6_explode() { | |
175 | local address=${1} | |
58fb41ee MT |
176 | assert isset address |
177 | ||
ab70371d | 178 | # Nothing to do if the length of the address is 39. |
4231f419 | 179 | if [ ${#address} -eq 39 ]; then |
ab70371d MT |
180 | print "${address}" |
181 | return ${EXIT_OK} | |
4231f419 MT |
182 | fi |
183 | ||
ab70371d MT |
184 | local ADDRESS6_EXPL |
185 | eval $(ipcalc -6 -e ${address} 2>/dev/null) | |
186 | assert isset ADDRESS6_EXPL | |
4231f419 | 187 | |
ab70371d MT |
188 | print "${ADDRESS6_EXPL}" |
189 | } | |
4231f419 | 190 | |
ab70371d MT |
191 | function ipv6_addr_eq() { |
192 | local addr1=${1} | |
193 | assert isset addr1 | |
4231f419 | 194 | |
ab70371d MT |
195 | local addr2=${2} |
196 | assert isset addr2 | |
4231f419 | 197 | |
ab70371d MT |
198 | local addr |
199 | for addr in addr1 addr2; do | |
200 | printf -v ${addr} "%s" $(ipv6_explode ${!addr}) | |
201 | done | |
4231f419 | 202 | |
ab70371d MT |
203 | [[ "${addr1}" = "${addr2}" ]] \ |
204 | && return ${EXIT_TRUE} || return ${EXIT_FALSE} | |
205 | } | |
4231f419 | 206 | |
ab70371d MT |
207 | function ipv6_addr_gt() { |
208 | local addr1=${1} | |
209 | assert isset addr1 | |
4231f419 | 210 | |
ab70371d MT |
211 | local addr2=${2} |
212 | assert isset addr2 | |
4231f419 | 213 | |
ab70371d MT |
214 | local addr |
215 | for addr in addr1 addr2; do | |
216 | printf -v ${addr} "%s" $(ipv6_explode ${!addr}) | |
4231f419 MT |
217 | done |
218 | ||
ab70371d MT |
219 | local i addr1_oct addr2_oct |
220 | for i in 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30; do | |
221 | addr1_oct="0x${addr1:${i}:2}" | |
222 | addr2_oct="0x${addr2:${i}:2}" | |
4231f419 | 223 | |
ab70371d MT |
224 | [[ ${addr1_oct} -gt ${addr2_oct} ]] && return ${EXIT_TRUE} |
225 | done | |
4231f419 | 226 | |
ab70371d | 227 | return ${EXIT_FALSE} |
4231f419 MT |
228 | } |
229 | ||
230 | function ipv6_hash() { | |
231 | local address=${1} | |
232 | ||
58fb41ee MT |
233 | assert isset address |
234 | ||
4231f419 MT |
235 | # Explode address |
236 | address=$(ipv6_explode ${address}) | |
237 | ||
238 | echo "${address//:/}" | |
239 | } | |
ab70371d MT |
240 | |
241 | function ipv6_get_network() { | |
242 | local addr=${1} | |
243 | assert isset addr | |
244 | ||
245 | # Check if a prefix (e.g. /64) is provided. | |
246 | local prefix=$(ip_get_prefix ${addr}) | |
247 | assert ipv6_prefix_is_valid ${prefix} | |
248 | ||
249 | local PREFIX6 | |
250 | eval $(ipcalc --ipv6 -p ${addr}) | |
251 | assert isset PREFIX6 | |
252 | ||
253 | print "${PREFIX6}/${prefix}" | |
254 | } |