]> git.ipfire.org Git - people/stevee/network.git/blob - functions.ipv6
ipv[46]-static: Sum up some functions.
[people/stevee/network.git] / functions.ipv6
1 #!/bin/bash
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2010 Michael Tremer & Christian Schmidt #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 IP_SUPPORTED_PROTOCOLS="${IP_SUPPORTED_PROTOCOLS} ipv6"
23
24 function ipv6_init() {
25 log INFO "Initializing IPv6 networking."
26
27 # Enable forwarding on all devices
28 ipv6_device_forwarding_disable all
29 ipv6_device_forwarding_disable default
30
31 # Disable autoconfiguration on all devices per default
32 ipv6_device_autoconf_disable all
33 ipv6_device_autoconf_disable default
34
35 # XXX do we need this?
36 #local device
37 #for device in $(devices_get_all); do
38 # ipv6_device_forwarding_disable ${device}
39 # ipv6_device_autoconf_disable ${device}
40 #done
41 }
42
43 init_register ipv6_init
44
45 function ipv6_device_autoconf_enable() {
46 local device=${1}
47
48 assert isset device
49
50 # Allow setting default and all settings
51 if ! isoneof device all default; then
52 assert device_exists ${device}
53 fi
54
55 local val
56 for val in accept_ra accept_redirects; do
57 echo 1 > /proc/sys/net/ipv6/conf/${device}/${val}
58 done
59 }
60
61 function ipv6_device_autoconf_disable() {
62 local device=${1}
63
64 assert isset device
65
66 # Allow setting default and all settings
67 if ! isoneof device all default; then
68 assert device_exists ${device}
69 fi
70
71 local val
72 for val in accept_ra accept_redirects; do
73 echo 0 > /proc/sys/net/ipv6/conf/${device}/${val}
74 done
75 }
76
77 function ipv6_device_forwarding_enable() {
78 local device=${1}
79
80 assert isset device
81
82 # Allow setting default and all settings
83 if ! isoneof device all default; then
84 assert device_exists ${device}
85 fi
86
87 echo 1 > /proc/sys/net/ipv6/conf/${device}/forwarding
88 }
89
90 function ipv6_device_forwarding_disable() {
91 local device=${1}
92
93 assert isset device
94
95 # Allow setting default and all settings
96 if ! isoneof device all default; then
97 assert device_exists ${device}
98 fi
99
100 echo 0 > /proc/sys/net/ipv6/conf/${device}/forwarding
101 }
102
103 # Enable IPv6 RFC3041 privacy extensions if desired
104 function ipv6_device_privacy_extensions_enable() {
105 local device=${1}
106 local type=${2}
107
108 assert isset device
109 assert device_exists ${device}
110
111 # Default value is rfc3041
112 if [ -z "${type}" ]; then
113 type="rfc3041"
114 fi
115
116 assert isset type
117
118 case "${type}" in
119 rfc3041)
120 echo 2 > /proc/sys/net/ipv6/conf/${device}/use_tempaddr
121 ;;
122 *)
123 error_log "Given type '${type}' is not supported."
124 return ${EXIT_ERROR}
125 ;;
126 esac
127
128 return ${EXIT_OK}
129 }
130
131 function ipv6_device_privacy_extensions_disable() {
132 local device=${1}
133
134 assert isset device
135 assert device_exists ${device}
136
137 echo 0 > /proc/sys/net/ipv6/conf/${device}/use_tempaddr
138 }
139
140 function ipv6_is_valid() {
141 local address=${1}
142
143 assert isset address
144
145 local prefix=$(ip_get_prefix ${address})
146 address=$(ip_split_prefix ${address})
147
148 # Check length
149 [ ${#address} -gt 39 ] && return ${EXIT_ERROR}
150
151 # Check prefix if provided
152 if [ -n "${prefix}" ]; then
153 # XXX need to check was largest prefix is
154 if [ ${prefix} -lt 0 ] && [ ${prefix} -gt 64 ]; then
155 return ${EXIT_ERROR}
156 fi
157 fi
158
159 # XXX find :: twice?
160 # XXX check for documentation prefix?
161
162 # Check for bad characters
163 local char
164 for char in 0 1 2 3 4 5 6 7 8 9 a b c d e f :; do
165 address=${address//${char}/}
166 done
167 [ -n "${address}" ] && return ${EXIT_ERROR}
168
169 return ${EXIT_OK}
170 }
171
172 function ipv6_implode() {
173 local address=${1}
174
175 assert isset address
176
177 if ! ipv6_is_valid ${address}; then
178 error "IPv6 address is invalid: ${address}"
179 return ${EXIT_ERROR}
180 fi
181
182 # Save prefix
183 local prefix=$(ip_get_prefix ${address})
184 address=$(ip_split_prefix ${address})
185
186 # Make proper address in exploded format
187 address=$(ipv6_explode ${address})
188
189 local block
190 local char
191 local i
192
193 local address_new
194 local block_new
195
196 for block in ${address//:/\ }; do
197 block_new=
198 for i in $(seq 0 ${#block}); do
199 char="${block:${i}:1}"
200
201 [ -z "${char}" ] && continue
202
203 if [ -z "${block_new}" ] && [ "${char}" = "0" ]; then
204 continue
205 fi
206
207 block_new="${block_new}${char}"
208 done
209
210 [ -z "${block_new}" ] && block_new="0"
211
212 address_new="${address_new}:${block_new}"
213 done
214
215 # Cut first colon (:)
216 address="${address_new:1:${#address_new}}"
217
218 local match
219 local matches=()
220 local pattern
221 local pos_start
222 local pos_next
223 for pos_start in $(seq 0 ${#address}); do
224 matches["${pos_start}"]=0
225
226 for pos_next in $(seq ${pos_start} 2 ${#address}); do
227 case "${pos_start}" in
228 0)
229 match="${address:${pos_next}:2}"
230 pattern="0:"
231 ;;
232 *)
233 match="${address:${pos_next}:2}"
234 pattern=":0"
235 ;;
236 esac
237
238 [ -z "${match}" ] && continue
239
240 if [ "${match}" = "${pattern}" ]; then
241 matches[${pos_start}]=$(( matches[${pos_start}] + 1))
242 else
243 break
244 fi
245 done
246 done
247
248 local pos_best
249 local pos_best_val=0
250 for i in $(seq 0 ${#matches[@]}); do
251 [ -z "${matches[${i}]}" ] && continue
252
253 if [ ${matches[${i}]} -gt ${pos_best_val} ]; then
254 pos_best=${i}
255 pos_best_val=${matches[${i}]}
256 fi
257 done
258
259 if [ -n "${pos_best}" ]; then
260 address_new="${address:0:${pos_best}}::"
261
262 local pos_end=$(( ${pos_best_val} * 2 + ${pos_best} + 1))
263
264 if [ "${pos_best}" = "0" ]; then
265 pos_end=$(( ${pos_end} - 1 ))
266 fi
267
268 address="${address_new}${address:${pos_end}:${#address}}"
269 fi
270
271 # If a prefix was provided we append it in the end
272 [ -n "${prefix}" ] && address="${address}/${prefix}"
273
274 assert ipv6_is_valid ${address}
275
276 echo "${address}"
277 }
278
279 function ipv6_explode() {
280 local address=${1}
281
282 assert isset address
283
284 local prefix=$(ip_get_prefix ${address})
285 address=$(ip_split_prefix ${address})
286
287 if [ ${#address} -eq 39 ]; then
288 echo "${address}$([ -n "${prefix}" ] && echo "/${prefix}")"
289 return ${EXIT_OK}
290 fi
291
292 address=${address//::/:X:}
293
294 local block
295 local block_count=0
296 local block_id
297 local block_max=8
298 local blocks=()
299
300 for block in ${address//:/\ }; do
301 blocks[${block_count}]=${block}
302
303 block_count=$(( ${block_count} + 1 ))
304 done
305
306 if [ ${#blocks[@]} -lt ${block_max} ]; then
307 for block_id in $(seq ${#blocks[@]} -1 0); do
308 block=${blocks[${block_id}]}
309
310 [ -z "${block}" ] && continue
311
312 if [ "${block}" = "X" ]; then
313 blocks[${block_id}]="0000"
314 break
315 fi
316
317 blocks[$(( ${block_max} - ${block_count} + ${block_id} ))]=${block}
318 blocks[${block_id}]="0000"
319 done
320 fi
321
322 for block_id in $(seq 0 ${#blocks[@]}); do
323 block=${blocks[${block_id}]}
324
325 [ -z "${block}" ] && block="0000"
326
327 while [ "${#block}" -lt 4 ]; do
328 block="0${block}"
329 done
330
331 blocks[${block_id}]=${block}
332 done
333
334 address=
335 for block in ${blocks[@]}; do
336 address="${address}:${block}"
337 done
338 address=${address:1:39}
339
340 # If a prefix was provided we append it in the end again
341 [ -n "${prefix}" ] && address="${address}/${prefix}"
342
343 assert ipv6_is_valid ${address}
344
345 echo "${address}"
346 }
347
348 function ipv6_hash() {
349 local address=${1}
350
351 assert isset address
352
353 # Explode address
354 address=$(ipv6_explode ${address})
355
356 echo "${address//:/}"
357 }