2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2010 Michael Tremer & Christian Schmidt #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
22 function ipv6_init
() {
23 log INFO
"Initializing IPv6 networking."
25 # Enable forwarding on all devices
26 ipv6_device_forwarding_disable all
27 ipv6_device_forwarding_disable default
29 # Disable autoconfiguration on all devices per default
30 ipv6_device_autoconf_disable all
31 ipv6_device_autoconf_disable default
33 # XXX do we need this?
35 #for device in $(devices_get_all); do
36 # ipv6_device_forwarding_disable ${device}
37 # ipv6_device_autoconf_disable ${device}
41 init_register ipv6_init
43 function ipv6_device_autoconf_enable
() {
48 # Allow setting default and all settings
49 if ! isoneof device all default
; then
50 assert device_exists
${device}
54 for val
in accept_ra accept_redirects
; do
55 echo 1 > /proc
/sys
/net
/ipv
6/conf
/${device}/${val}
59 function ipv6_device_autoconf_disable
() {
64 # Allow setting default and all settings
65 if ! isoneof device all default
; then
66 assert device_exists
${device}
70 for val
in accept_ra accept_redirects
; do
71 echo 0 > /proc
/sys
/net
/ipv
6/conf
/${device}/${val}
75 function ipv6_device_forwarding_enable
() {
80 # Allow setting default and all settings
81 if ! isoneof device all default
; then
82 assert device_exists
${device}
85 echo 1 > /proc
/sys
/net
/ipv
6/conf
/${device}/forwarding
88 function ipv6_device_forwarding_disable
() {
93 # Allow setting default and all settings
94 if ! isoneof device all default
; then
95 assert device_exists
${device}
98 echo 0 > /proc
/sys
/net
/ipv
6/conf
/${device}/forwarding
101 # Enable IPv6 RFC3041 privacy extensions if desired
102 function ipv6_device_privacy_extensions_enable
() {
107 assert device_exists
${device}
109 # Default value is rfc3041
110 if [ -z "${type}" ]; then
118 echo 2 > /proc
/sys
/net
/ipv
6/conf
/${device}/use_tempaddr
121 error_log
"Given type '${type}' is not supported."
129 function ipv6_device_privacy_extensions_disable
() {
133 assert device_exists
${device}
135 echo 0 > /proc
/sys
/net
/ipv
6/conf
/${device}/use_tempaddr
138 function ipv6_is_valid
() {
144 [ ${#address} -gt 39 ] && return ${EXIT_ERROR}
147 # XXX check for documentation prefix?
149 # Check for bad characters
151 for char
in 0 1 2 3 4 5 6 7 8 9 a b c d e f
:; do
152 address
=${address//${char}/}
154 [ -n "${address}" ] && return ${EXIT_ERROR}
159 function ipv6_implode
() {
164 if ! ipv6_is_valid
${address}; then
165 error
"IPv6 address is invalid: ${address}"
169 # Make proper address in exploded format
170 address
=$
(ipv6_explode
${address})
179 for block
in ${address//:/\ }; do
181 for i
in $
(seq 0 ${#block}); do
182 char
="${block:${i}:1}"
184 [ -z "${char}" ] && continue
186 if [ -z "${block_new}" ] && [ "${char}" = "0" ]; then
190 block_new
="${block_new}${char}"
193 [ -z "${block_new}" ] && block_new
="0"
195 address_new
="${address_new}:${block_new}"
198 # Cut first colon (:)
199 address
="${address_new:1:${#address_new}}"
206 for pos_start
in $
(seq 0 ${#address}); do
207 matches
["${pos_start}"]=0
209 for pos_next
in $
(seq ${pos_start} 2 ${#address}); do
210 case "${pos_start}" in
212 match
="${address:${pos_next}:2}"
216 match
="${address:${pos_next}:2}"
221 [ -z "${match}" ] && continue
223 if [ "${match}" = "${pattern}" ]; then
224 matches
[${pos_start}]=$
(( matches
[${pos_start}] + 1))
233 for i
in $
(seq 0 ${#matches[@]}); do
234 [ -z "${matches[${i}]}" ] && continue
236 if [ ${matches[${i}]} -gt ${pos_best_val} ]; then
238 pos_best_val
=${matches[${i}]}
242 if [ -n "${pos_best}" ]; then
243 address_new
="${address:0:${pos_best}}::"
245 local pos_end
=$
(( ${pos_best_val} * 2 + ${pos_best} + 1))
247 if [ "${pos_best}" = "0" ]; then
248 pos_end
=$
(( ${pos_end} - 1 ))
251 address
="${address_new}${address:${pos_end}:${#address}}"
254 assert ipv6_is_valid
${address}
259 function ipv6_explode
() {
264 if [ ${#address} -eq 39 ]; then
269 address
=${address//::/:X:}
277 for block
in ${address//:/\ }; do
278 blocks
[${block_count}]=${block}
280 block_count
=$
(( ${block_count} + 1 ))
283 if [ ${#blocks[@]} -lt ${block_max} ]; then
284 for block_id
in $
(seq ${#blocks[@]} -1 0); do
285 block
=${blocks[${block_id}]}
287 [ -z "${block}" ] && continue
289 if [ "${block}" = "X" ]; then
290 blocks
[${block_id}]="0000"
294 blocks
[$
(( ${block_max} - ${block_count} + ${block_id} ))]=${block}
295 blocks
[${block_id}]="0000"
299 for block_id
in $
(seq 0 ${#blocks[@]}); do
300 block
=${blocks[${block_id}]}
302 [ -z "${block}" ] && block
="0000"
304 while [ "${#block}" -lt 4 ]; do
308 blocks
[${block_id}]=${block}
312 for block
in ${blocks[@]}; do
313 address
="${address}:${block}"
315 address
=${address:1:39}
317 assert ipv6_is_valid
${address}
322 function ipv6_hash
() {
328 address
=$
(ipv6_explode
${address})
330 echo "${address//:/}"