2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2010 Michael Tremer & Christian Schmidt #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
22 IP_SUPPORTED_PROTOCOLS
="${IP_SUPPORTED_PROTOCOLS} ipv6"
24 function ipv6_device_autoconf_enable
() {
26 assert device_exists
"${device}"
28 sysctl_set
"net.ipv6.conf.${device}.accept_ra" 1
29 sysctl_set
"net.ipv6.conf.${device}.autoconf" 1
32 function ipv6_device_autoconf_disable
() {
34 assert device_exists
"${device}"
36 sysctl_set
"net.ipv6.conf.${device}.accept_ra" 0
37 sysctl_set
"net.ipv6.conf.${device}.autoconf" 0
40 # Enable IPv6 RFC3041 privacy extensions if desired
41 function ipv6_device_privacy_extensions_enable
() {
43 assert device_exists
"${device}"
45 sysctl_set
"net.ipv6.conf.${device}.use_tempaddr" 2
48 function ipv6_device_privacy_extensions_disable
() {
50 assert device_exists
"${device}"
52 sysctl_set
"net.ipv6.conf.${device}.use_tempaddr" 0
55 function ipv6_is_valid
() {
56 ipcalc
--ipv6 -c $@
>/dev
/null
2>&1
68 function ipv6_prefix_is_valid
() {
72 [ ${prefix} -le 0 ] && return ${EXIT_FALSE}
73 [ ${prefix} -gt 128 ] && return ${EXIT_FALSE}
78 function ipv6_get_prefix
() {
82 function ipv6_split_prefix
() {
86 function ipv6_implode
() {
91 eval $
(ipcalc
-6 -i ${address} 2>/dev
/null
)
92 assert isset ADDRESS6_IMPL
94 print
"${ADDRESS6_IMPL}"
97 function ipv6_explode
() {
101 # Nothing to do if the length of the address is 39.
102 if [ ${#address} -eq 39 ]; then
108 eval $
(ipcalc
-6 -e ${address} 2>/dev
/null
)
109 assert isset ADDRESS6_EXPL
111 print
"${ADDRESS6_EXPL}"
114 function ipv6_addr_eq
() {
122 for addr
in addr1 addr2
; do
123 printf -v ${addr} "%s" $
(ipv6_explode
${!addr})
126 [[ "${addr1}" = "${addr2}" ]] \
127 && return ${EXIT_TRUE} ||
return ${EXIT_FALSE}
130 function ipv6_addr_gt
() {
138 for addr
in addr1 addr2
; do
139 printf -v ${addr} "%s" $
(ipv6_explode
${!addr})
142 local i addr1_oct addr2_oct
143 for i
in 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30; do
144 addr1_oct
="0x${addr1:${i}:2}"
145 addr2_oct
="0x${addr2:${i}:2}"
147 [[ ${addr1_oct} -gt ${addr2_oct} ]] && return ${EXIT_TRUE}
153 function ipv6_hash
() {
159 address
=$
(ipv6_explode
${address})
161 echo "${address//:/}"
164 function ipv6_get_network
() {
168 # Check if a prefix (e.g. /64) is provided.
169 local prefix
=$
(ip_get_prefix
${addr})
170 assert ipv6_prefix_is_valid
${prefix}
173 eval $
(ipcalc
--ipv6 -p ${addr})
176 print
"${PREFIX6}/${prefix}"
179 function ipv6_6rd_format_address
() {
180 local isp_prefix
="${1}"
181 assert ipv6_is_valid
"${isp_prefix}"
183 local client_address
="${2}"
184 assert ipv4_is_valid
"${client_address}"
186 local prefix
="$(ipv6_get_prefix "${isp_prefix}")"
187 isp_prefix
="$(ipv6_split_prefix "${isp_prefix}")"
189 # This only works for prefix lengths up to 32 bit.
190 assert
[ "${prefix}" -le 32 ]
191 assert
[ "${prefix}" -gt 0 ]
193 # Explode the address and throw away the second 32 bit.
194 local address
="$(ipv6_explode "${isp_prefix}")"
196 client_address
="$(ipv6_6rd_format_client_address ${client_address})"
197 assert isset client_address
199 local block1
="0x${address:0:4}"
200 local block2
="0x${address:5:4}"
201 local block3
="0x${address:10:4}"
202 local block4
="0x${address:15:4}"
204 address
="$(( (${block1} << 48) + (${block2} << 32) + (${block3} << 16) + ${block4} ))"
205 assert
[ "${address}" -gt 0 ]
207 block1
="0x${client_address:0:4}"
208 block2
="0x${client_address:5:4}"
210 client_address
="$(( (${block1} << 48) + (${block2} << 32) ))"
212 # Fix for numbers that are interpreted by bash as negative
213 # numbers and therefore filled up with ones when shifted to
215 if [ "${client_address}" -gt 0 ]; then
216 client_address
="$(( ${client_address} >> ${prefix} ))"
218 local bitmask
="$(( 1 << 63 ))"
219 client_address
="$(( ${client_address} >> 1 ))"
220 client_address
="$(( ${client_address} ^ ${bitmask} ))"
221 client_address
="$(( ${client_address} >> $(( ${prefix} - 1 )) ))"
223 assert
[ "${client_address}" -gt 0 ]
225 # XOR everything together
226 address
="$(( ${address} ^ ${client_address} ))"
227 prefix
="$(( ${prefix} + 32 ))"
229 local block formatted_address
=":"
230 while [ ${address} -gt 0 ]; do
231 printf -v block
"%x" "$(( ${address} & 0xffff ))"
232 formatted_address
="${block}:${formatted_address}"
234 address
="$(( ${address} >> 16 ))"
237 assert ipv6_is_valid
"${formatted_address}"
239 # Implode the output IP address.
240 formatted_address
="$(ipv6_implode "${formatted_address}")"
242 print
"${formatted_address}/${prefix}"
245 function ipv6_6rd_format_client_address
() {
249 print
"%02x%02x:%02x%02x" ${address//\./ }