IP_SUPPORTED_PROTOCOLS="${IP_SUPPORTED_PROTOCOLS} ipv6"
- function ipv6_init() {
- log INFO "Initializing IPv6 networking."
-
- # Enable forwarding on all devices
- #ipv6_device_forwarding_disable all
- #ipv6_device_forwarding_disable default
-
- # Disable autoconfiguration on all devices per default
- #ipv6_device_autoconf_disable all
- #ipv6_device_autoconf_disable default
-
- # XXX do we need this?
- #local device
- #for device in $(devices_get_all); do
- # ipv6_device_forwarding_disable ${device}
- # ipv6_device_autoconf_disable ${device}
- #done
- }
-
- init_register ipv6_init
-
function ipv6_device_autoconf_enable() {
- local device=${1}
-
- assert isset device
-
- # Allow setting default and all settings
- if ! isoneof device all default; then
- assert device_exists ${device}
- fi
+ local device="${1}"
+ assert device_exists "${device}"
- local val
- for val in accept_ra accept_redirects; do
- echo 1 > /proc/sys/net/ipv6/conf/${device}/${val}
- done
+ sysctl_set "net.ipv6.conf.${device}.accept_ra" 1
+ sysctl_set "net.ipv6.conf.${device}.autoconf" 1
}
function ipv6_device_autoconf_disable() {
- local device=${1}
-
- assert isset device
-
- # Allow setting default and all settings
- if ! isoneof device all default; then
- assert device_exists ${device}
- fi
-
- local val
- for val in accept_ra accept_redirects; do
- echo 0 > /proc/sys/net/ipv6/conf/${device}/${val}
- done
- }
-
- function ipv6_device_forwarding_enable() {
- local device=${1}
-
- assert isset device
-
- # Allow setting default and all settings
- if ! isoneof device all default; then
- assert device_exists ${device}
- fi
+ local device="${1}"
+ assert device_exists "${device}"
- echo 1 > /proc/sys/net/ipv6/conf/${device}/forwarding
- }
-
- function ipv6_device_forwarding_disable() {
- local device=${1}
-
- assert isset device
-
- # Allow setting default and all settings
- if ! isoneof device all default; then
- assert device_exists ${device}
- fi
-
- echo 0 > /proc/sys/net/ipv6/conf/${device}/forwarding
+ sysctl_set "net.ipv6.conf.${device}.accept_ra" 0
+ sysctl_set "net.ipv6.conf.${device}.autoconf" 0
}
# Enable IPv6 RFC3041 privacy extensions if desired
function ipv6_device_privacy_extensions_enable() {
- local device=${1}
- local type=${2}
-
- assert isset device
- assert device_exists ${device}
-
- # Default value is rfc3041
- if [ -z "${type}" ]; then
- type="rfc3041"
- fi
-
- assert isset type
+ local device="${1}"
+ assert device_exists "${device}"
- case "${type}" in
- rfc3041)
- echo 2 > /proc/sys/net/ipv6/conf/${device}/use_tempaddr
- ;;
- *)
- error_log "Given type '${type}' is not supported."
- return ${EXIT_ERROR}
- ;;
- esac
-
- return ${EXIT_OK}
+ sysctl_set "net.ipv6.conf.${device}.use_tempaddr" 2
}
function ipv6_device_privacy_extensions_disable() {
- local device=${1}
-
- assert isset device
- assert device_exists ${device}
+ local device="${1}"
+ assert device_exists "${device}"
- echo 0 > /proc/sys/net/ipv6/conf/${device}/use_tempaddr
+ sysctl_set "net.ipv6.conf.${device}.use_tempaddr" 0
}
function ipv6_is_valid() {
return ${EXIT_TRUE}
}
+function ipv6_get_prefix() {
+ ip_get_prefix "$@"
+}
+
+function ipv6_split_prefix() {
+ ip_split_prefix "$@"
+}
+
function ipv6_implode() {
local address=${1}
assert isset address
print "${PREFIX6}/${prefix}"
}
+
+function ipv6_6rd_format_address() {
+ local isp_prefix="${1}"
+ assert ipv6_is_valid "${isp_prefix}"
+
+ local client_address="${2}"
+ assert ipv4_is_valid "${client_address}"
+
+ local prefix="$(ipv6_get_prefix "${isp_prefix}")"
+ isp_prefix="$(ipv6_split_prefix "${isp_prefix}")"
+
+ # This only works for prefix lengths up to 32 bit.
+ assert [ "${prefix}" -le 32 ]
+ assert [ "${prefix}" -gt 0 ]
+
+ # Explode the address and throw away the second 32 bit.
+ local address="$(ipv6_explode "${isp_prefix}")"
+
+ client_address="$(ipv6_6rd_format_client_address ${client_address})"
+ assert isset client_address
+
+ local block1="0x${address:0:4}"
+ local block2="0x${address:5:4}"
+ local block3="0x${address:10:4}"
+ local block4="0x${address:15:4}"
+
+ address="$(( (${block1} << 48) + (${block2} << 32) + (${block3} << 16) + ${block4} ))"
+ assert [ "${address}" -gt 0 ]
+
+ block1="0x${client_address:0:4}"
+ block2="0x${client_address:5:4}"
+
+ client_address="$(( (${block1} << 48) + (${block2} << 32) ))"
+
+ # Fix for numbers that are interpreted by bash as negative
+ # numbers and therefore filled up with ones when shifted to
+ # the right. Weird.
+ if [ "${client_address}" -gt 0 ]; then
+ client_address="$(( ${client_address} >> ${prefix} ))"
+ else
+ local bitmask="$(( 1 << 63 ))"
+ client_address="$(( ${client_address} >> 1 ))"
+ client_address="$(( ${client_address} ^ ${bitmask} ))"
+ client_address="$(( ${client_address} >> $(( ${prefix} - 1 )) ))"
+ fi
+ assert [ "${client_address}" -gt 0 ]
+
+ # XOR everything together
+ address="$(( ${address} ^ ${client_address} ))"
+ prefix="$(( ${prefix} + 32 ))"
+
+ local block formatted_address=":"
+ while [ ${address} -gt 0 ]; do
+ printf -v block "%x" "$(( ${address} & 0xffff ))"
+ formatted_address="${block}:${formatted_address}"
+
+ address="$(( ${address} >> 16 ))"
+ done
+
+ assert ipv6_is_valid "${formatted_address}"
+
+ # Implode the output IP address.
+ formatted_address="$(ipv6_implode "${formatted_address}")"
+
+ print "${formatted_address}/${prefix}"
+}
+
+function ipv6_6rd_format_client_address() {
+ local address="${1}"
+ assert isset address
+
+ print "%02x%02x:%02x%02x" ${address//\./ }
+}