2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2010 Michael Tremer & Christian Schmidt #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
22 IP_SUPPORTED_PROTOCOLS
="${IP_SUPPORTED_PROTOCOLS} ipv6"
24 function ipv6_init
() {
25 log INFO
"Initializing IPv6 networking."
27 # Enable forwarding on all devices
28 ipv6_device_forwarding_disable all
29 ipv6_device_forwarding_disable default
31 # Disable autoconfiguration on all devices per default
32 ipv6_device_autoconf_disable all
33 ipv6_device_autoconf_disable default
35 # XXX do we need this?
37 #for device in $(devices_get_all); do
38 # ipv6_device_forwarding_disable ${device}
39 # ipv6_device_autoconf_disable ${device}
43 init_register ipv6_init
45 function ipv6_device_autoconf_enable
() {
50 # Allow setting default and all settings
51 if ! isoneof device all default
; then
52 assert device_exists
${device}
56 for val
in accept_ra accept_redirects
; do
57 echo 1 > /proc
/sys
/net
/ipv
6/conf
/${device}/${val}
61 function ipv6_device_autoconf_disable
() {
66 # Allow setting default and all settings
67 if ! isoneof device all default
; then
68 assert device_exists
${device}
72 for val
in accept_ra accept_redirects
; do
73 echo 0 > /proc
/sys
/net
/ipv
6/conf
/${device}/${val}
77 function ipv6_device_forwarding_enable
() {
82 # Allow setting default and all settings
83 if ! isoneof device all default
; then
84 assert device_exists
${device}
87 echo 1 > /proc
/sys
/net
/ipv
6/conf
/${device}/forwarding
90 function ipv6_device_forwarding_disable
() {
95 # Allow setting default and all settings
96 if ! isoneof device all default
; then
97 assert device_exists
${device}
100 echo 0 > /proc
/sys
/net
/ipv
6/conf
/${device}/forwarding
103 # Enable IPv6 RFC3041 privacy extensions if desired
104 function ipv6_device_privacy_extensions_enable
() {
109 assert device_exists
${device}
111 # Default value is rfc3041
112 if [ -z "${type}" ]; then
120 echo 2 > /proc
/sys
/net
/ipv
6/conf
/${device}/use_tempaddr
123 error_log
"Given type '${type}' is not supported."
131 function ipv6_device_privacy_extensions_disable
() {
135 assert device_exists
${device}
137 echo 0 > /proc
/sys
/net
/ipv
6/conf
/${device}/use_tempaddr
140 function ipv6_is_valid
() {
145 local prefix
=$
(ip_get_prefix
${address})
146 address
=$
(ip_split_prefix
${address})
149 [ ${#address} -gt 39 ] && return ${EXIT_ERROR}
151 # Check prefix if provided
152 if [ -n "${prefix}" ]; then
153 # XXX need to check was largest prefix is
154 if [ ${prefix} -lt 0 ] && [ ${prefix} -gt 64 ]; then
160 # XXX check for documentation prefix?
162 # Check for bad characters
164 for char
in 0 1 2 3 4 5 6 7 8 9 a b c d e f
:; do
165 address
=${address//${char}/}
167 [ -n "${address}" ] && return ${EXIT_ERROR}
172 function ipv6_implode
() {
177 if ! ipv6_is_valid
${address}; then
178 error
"IPv6 address is invalid: ${address}"
183 local prefix
=$
(ip_get_prefix
${address})
184 address
=$
(ip_split_prefix
${address})
186 # Make proper address in exploded format
187 address
=$
(ipv6_explode
${address})
196 for block
in ${address//:/\ }; do
198 for i
in $
(seq 0 ${#block}); do
199 char
="${block:${i}:1}"
201 [ -z "${char}" ] && continue
203 if [ -z "${block_new}" ] && [ "${char}" = "0" ]; then
207 block_new
="${block_new}${char}"
210 [ -z "${block_new}" ] && block_new
="0"
212 address_new
="${address_new}:${block_new}"
215 # Cut first colon (:)
216 address
="${address_new:1:${#address_new}}"
223 for pos_start
in $
(seq 0 ${#address}); do
224 matches
["${pos_start}"]=0
226 for pos_next
in $
(seq ${pos_start} 2 ${#address}); do
227 case "${pos_start}" in
229 match
="${address:${pos_next}:2}"
233 match
="${address:${pos_next}:2}"
238 [ -z "${match}" ] && continue
240 if [ "${match}" = "${pattern}" ]; then
241 matches
[${pos_start}]=$
(( matches
[${pos_start}] + 1))
250 for i
in $
(seq 0 ${#matches[@]}); do
251 [ -z "${matches[${i}]}" ] && continue
253 if [ ${matches[${i}]} -gt ${pos_best_val} ]; then
255 pos_best_val
=${matches[${i}]}
259 if [ -n "${pos_best}" ]; then
260 address_new
="${address:0:${pos_best}}::"
262 local pos_end
=$
(( ${pos_best_val} * 2 + ${pos_best} + 1))
264 if [ "${pos_best}" = "0" ]; then
265 pos_end
=$
(( ${pos_end} - 1 ))
268 address
="${address_new}${address:${pos_end}:${#address}}"
271 # If a prefix was provided we append it in the end
272 [ -n "${prefix}" ] && address="${address}/${prefix}"
274 assert ipv6_is_valid
${address}
279 function ipv6_explode
() {
284 local prefix
=$
(ip_get_prefix
${address})
285 address
=$
(ip_split_prefix
${address})
287 if [ ${#address} -eq 39 ]; then
288 echo "${address}$([ -n "${prefix}" ] && echo "/${prefix}")"
292 address=${address//::/:X:}
300 for block in ${address//:/\ }; do
301 blocks[${block_count}]=${block}
303 block_count=$(( ${block_count} + 1 ))
306 if [ ${#blocks[@]} -lt ${block_max} ]; then
307 for block_id in $(seq ${#blocks[@]} -1 0); do
308 block=${blocks[${block_id}]}
310 [ -z "${block}" ] && continue
312 if [ "${block}" = "X
" ]; then
313 blocks[${block_id}]="0000"
317 blocks[$(( ${block_max} - ${block_count} + ${block_id} ))]=${block}
318 blocks[${block_id}]="0000"
322 for block_id in $(seq 0 ${#blocks[@]}); do
323 block=${blocks[${block_id}]}
325 [ -z "${block}" ] && block="0000"
327 while [ "${#block}" -lt 4 ]; do
331 blocks[${block_id}]=${block}
335 for block in ${blocks[@]}; do
336 address="${address}:${block}"
338 address=${address:1:39}
340 # If a prefix was provided we append it in the end again
341 [ -n "${prefix}" ] && address="${address}/${prefix}"
343 assert ipv6_is_valid ${address}
348 function ipv6_hash() {
354 address=$(ipv6_explode ${address})
356 echo "${address//:/}"