[people/ms/network.git] / src / functions / functions.ipv6

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

IP_SUPPORTED_PROTOCOLS="${IP_SUPPORTED_PROTOCOLS} ipv6"

function ipv6_device_autoconf_enable() {
	local device="${1}"
	assert device_exists "${device}"

	sysctl_set "net.ipv6.conf.${device}.accept_ra" 1
	sysctl_set "net.ipv6.conf.${device}.autoconf" 1
}

function ipv6_device_autoconf_disable() {
	local device="${1}"
	assert device_exists "${device}"

	sysctl_set "net.ipv6.conf.${device}.accept_ra" 0
	sysctl_set "net.ipv6.conf.${device}.autoconf" 0
}

# Enable IPv6 RFC3041 privacy extensions if desired
function ipv6_device_privacy_extensions_enable() {
	local device="${1}"
	assert device_exists "${device}"

	sysctl_set "net.ipv6.conf.${device}.use_tempaddr" 2
}

function ipv6_device_privacy_extensions_disable() {
	local device="${1}"
	assert device_exists "${device}"

	sysctl_set "net.ipv6.conf.${device}.use_tempaddr" 0
}

function ipv6_is_valid() {
	ipcalc --ipv6 -c $@ >/dev/null 2>&1

	case "$?" in
		0)
			return ${EXIT_OK}
			;;
		*)
			return ${EXIT_ERROR}
			;;
	esac
}

function ipv6_prefix_is_valid() {
	local prefix=${1}
	assert isset prefix

	[ ${prefix} -le   0 ] && return ${EXIT_FALSE}
	[ ${prefix} -gt 128 ] && return ${EXIT_FALSE}

	return ${EXIT_TRUE}
}

function ipv6_get_prefix() {
	ip_get_prefix "$@"
}

function ipv6_split_prefix() {
	ip_split_prefix "$@"
}

function ipv6_implode() {
	local address=${1}
	assert isset address

	local ADDRESS6_IMPL
	eval $(ipcalc -6 -i ${address} 2>/dev/null)
	assert isset ADDRESS6_IMPL

	print "${ADDRESS6_IMPL}"
}

function ipv6_explode() {
	local address=${1}
	assert isset address

	# Nothing to do if the length of the address is 39.
	if [ ${#address} -eq 39 ]; then
		print "${address}"
		return ${EXIT_OK}
	fi

	local ADDRESS6_EXPL
	eval $(ipcalc -6 -e ${address} 2>/dev/null)
	assert isset ADDRESS6_EXPL

	print "${ADDRESS6_EXPL}"
}

function ipv6_addr_eq() {
	local addr1=${1}
	assert isset addr1

	local addr2=${2}
	assert isset addr2

	local addr
	for addr in addr1 addr2; do
		printf -v ${addr} "%s" $(ipv6_explode ${!addr})
	done

	[[ "${addr1}" = "${addr2}" ]] \
		&& return ${EXIT_TRUE} || return ${EXIT_FALSE}
}

function ipv6_addr_gt() {
	local addr1=${1}
	assert isset addr1

	local addr2=${2}
	assert isset addr2

	local addr
	for addr in addr1 addr2; do
		printf -v ${addr} "%s" $(ipv6_explode ${!addr})
	done

	local i addr1_oct addr2_oct
	for i in 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30; do
		addr1_oct="0x${addr1:${i}:2}"
		addr2_oct="0x${addr2:${i}:2}"

		[[ ${addr1_oct} -gt ${addr2_oct} ]] && return ${EXIT_TRUE}
	done

	return ${EXIT_FALSE}
}

function ipv6_hash() {
	local address=${1}

	assert isset address

	# Explode address
	address=$(ipv6_explode ${address})

	echo "${address//:/}"
}

function ipv6_get_network() {
	local addr=${1}
	assert isset addr

	# Check if a prefix (e.g. /64) is provided.
	local prefix=$(ip_get_prefix ${addr})
	assert ipv6_prefix_is_valid ${prefix}

	local PREFIX6
	eval $(ipcalc --ipv6 -p ${addr})
	assert isset PREFIX6

	print "${PREFIX6}/${prefix}"
}

function ipv6_6rd_format_address() {
	local isp_prefix="${1}"
	assert ipv6_is_valid "${isp_prefix}"

	local client_address="${2}"
	assert ipv4_is_valid "${client_address}"

	local prefix="$(ipv6_get_prefix "${isp_prefix}")"
	isp_prefix="$(ipv6_split_prefix "${isp_prefix}")"

	# This only works for prefix lengths up to 32 bit.
	assert [ "${prefix}" -le 32 ]
	assert [ "${prefix}" -gt  0 ]

	# Explode the address and throw away the second 32 bit.
	local address="$(ipv6_explode "${isp_prefix}")"

	client_address="$(ipv6_6rd_format_client_address ${client_address})"
	assert isset client_address

	local block1="0x${address:0:4}"
	local block2="0x${address:5:4}"
	local block3="0x${address:10:4}"
	local block4="0x${address:15:4}"

	address="$(( (${block1} << 48) + (${block2} << 32) + (${block3} << 16) + ${block4} ))"
	assert [ "${address}" -gt 0 ]

	block1="0x${client_address:0:4}"
	block2="0x${client_address:5:4}"

	client_address="$(( (${block1} << 48) + (${block2} << 32) ))"

	# Fix for numbers that are interpreted by bash as negative
	# numbers and therefore filled up with ones when shifted to
	# the right. Weird.
	if [ "${client_address}" -gt 0 ]; then
		client_address="$(( ${client_address} >> ${prefix} ))"
	else
		local bitmask="$(( 1 << 63 ))"
		client_address="$(( ${client_address} >> 1 ))"
		client_address="$(( ${client_address} ^ ${bitmask} ))"
		client_address="$(( ${client_address} >> $(( ${prefix} - 1 )) ))"
	fi
	assert [ "${client_address}" -gt 0 ]

	# XOR everything together
	address="$(( ${address} ^ ${client_address} ))"
	prefix="$(( ${prefix} + 32 ))"

	local block formatted_address=":"
	while [ ${address} -gt 0 ]; do
		printf -v block "%x" "$(( ${address} & 0xffff ))"
		formatted_address="${block}:${formatted_address}"

		address="$(( ${address} >> 16 ))"
	done

	assert ipv6_is_valid "${formatted_address}"

	# Implode the output IP address.
	formatted_address="$(ipv6_implode "${formatted_address}")"

	print "${formatted_address}/${prefix}"
}

function ipv6_6rd_format_client_address() {
	local address="${1}"
	assert isset address

	print "%02x%02x:%02x%02x" ${address//\./ }
}
Commit	Line	Data
4231f419 MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
e617226b MT	22	IP_SUPPORTED_PROTOCOLS="${IP_SUPPORTED_PROTOCOLS} ipv6"
e617226b MT	23
4231f419	24	function ipv6_device_autoconf_enable() {
9f742d49 MT	25	local device="${1}"
9f742d49 MT	26	assert device_exists "${device}"
4231f419	27
9f742d49 MT	28	sysctl_set "net.ipv6.conf.${device}.accept_ra" 1
9f742d49 MT	29	sysctl_set "net.ipv6.conf.${device}.autoconf" 1
4231f419 MT	30	}
	31
	32	function ipv6_device_autoconf_disable() {
9f742d49 MT	33	local device="${1}"
9f742d49 MT	34	assert device_exists "${device}"
58fb41ee	35
9f742d49 MT	36	sysctl_set "net.ipv6.conf.${device}.accept_ra" 0
9f742d49 MT	37	sysctl_set "net.ipv6.conf.${device}.autoconf" 0
58fb41ee MT	38	}
	39
	40	# Enable IPv6 RFC3041 privacy extensions if desired
	41	function ipv6_device_privacy_extensions_enable() {
9f742d49 MT	42	local device="${1}"
9f742d49 MT	43	assert device_exists "${device}"
58fb41ee	44
9f742d49	45	sysctl_set "net.ipv6.conf.${device}.use_tempaddr" 2
58fb41ee MT	46	}
	47
	48	function ipv6_device_privacy_extensions_disable() {
9f742d49 MT	49	local device="${1}"
9f742d49 MT	50	assert device_exists "${device}"
58fb41ee	51
9f742d49	52	sysctl_set "net.ipv6.conf.${device}.use_tempaddr" 0
4231f419 MT	53	}
	54
	55	function ipv6_is_valid() {
fa6df98c	56	ipcalc --ipv6 -c $@ >/dev/null 2>&1
58fb41ee	57
fa6df98c MT	58	case "$?" in
	59	0)
	60	return ${EXIT_OK}
	61	;;
	62	*)
38f61548	63	return ${EXIT_ERROR}
fa6df98c MT	64	;;
fa6df98c MT	65	esac
4231f419 MT	66	}
4231f419 MT	67
cb965348 MT	68	function ipv6_prefix_is_valid() {
	69	local prefix=${1}
	70	assert isset prefix
	71
	72	[ ${prefix} -le 0 ] && return ${EXIT_FALSE}
	73	[ ${prefix} -gt 128 ] && return ${EXIT_FALSE}
	74
	75	return ${EXIT_TRUE}
	76	}
	77
9390b61b SS	78	function ipv6_get_prefix() {
	79	ip_get_prefix "$@"
	80	}
	81
	82	function ipv6_split_prefix() {
	83	ip_split_prefix "$@"
	84	}
	85
4231f419 MT	86	function ipv6_implode() {
4231f419 MT	87	local address=${1}
58fb41ee MT	88	assert isset address
58fb41ee MT	89
ab70371d MT	90	local ADDRESS6_IMPL
	91	eval $(ipcalc -6 -i ${address} 2>/dev/null)
	92	assert isset ADDRESS6_IMPL
4231f419	93
ab70371d	94	print "${ADDRESS6_IMPL}"
4231f419 MT	95	}
	96
	97	function ipv6_explode() {
	98	local address=${1}
58fb41ee MT	99	assert isset address
58fb41ee MT	100
ab70371d	101	# Nothing to do if the length of the address is 39.
4231f419	102	if [ ${#address} -eq 39 ]; then
ab70371d MT	103	print "${address}"
ab70371d MT	104	return ${EXIT_OK}
4231f419 MT	105	fi
4231f419 MT	106
ab70371d MT	107	local ADDRESS6_EXPL
	108	eval $(ipcalc -6 -e ${address} 2>/dev/null)
	109	assert isset ADDRESS6_EXPL
4231f419	110
ab70371d MT	111	print "${ADDRESS6_EXPL}"
ab70371d MT	112	}
4231f419	113
ab70371d MT	114	function ipv6_addr_eq() {
	115	local addr1=${1}
	116	assert isset addr1
4231f419	117
ab70371d MT	118	local addr2=${2}
ab70371d MT	119	assert isset addr2
4231f419	120
ab70371d MT	121	local addr
	122	for addr in addr1 addr2; do
	123	printf -v ${addr} "%s" $(ipv6_explode ${!addr})
	124	done
4231f419	125
ab70371d MT	126	[[ "${addr1}" = "${addr2}" ]] \
	127	&& return ${EXIT_TRUE} \|\| return ${EXIT_FALSE}
	128	}
4231f419	129
ab70371d MT	130	function ipv6_addr_gt() {
	131	local addr1=${1}
	132	assert isset addr1
4231f419	133
ab70371d MT	134	local addr2=${2}
ab70371d MT	135	assert isset addr2
4231f419	136
ab70371d MT	137	local addr
	138	for addr in addr1 addr2; do
	139	printf -v ${addr} "%s" $(ipv6_explode ${!addr})
4231f419 MT	140	done
4231f419 MT	141
ab70371d MT	142	local i addr1_oct addr2_oct
	143	for i in 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30; do
	144	addr1_oct="0x${addr1:${i}:2}"
	145	addr2_oct="0x${addr2:${i}:2}"
4231f419	146
ab70371d MT	147	[[ ${addr1_oct} -gt ${addr2_oct} ]] && return ${EXIT_TRUE}
ab70371d MT	148	done
4231f419	149
ab70371d	150	return ${EXIT_FALSE}
4231f419 MT	151	}
	152
	153	function ipv6_hash() {
	154	local address=${1}
	155
58fb41ee MT	156	assert isset address
58fb41ee MT	157
4231f419 MT	158	# Explode address
	159	address=$(ipv6_explode ${address})
	160
	161	echo "${address//:/}"
	162	}
ab70371d MT	163
	164	function ipv6_get_network() {
	165	local addr=${1}
	166	assert isset addr
	167
	168	# Check if a prefix (e.g. /64) is provided.
	169	local prefix=$(ip_get_prefix ${addr})
	170	assert ipv6_prefix_is_valid ${prefix}
	171
	172	local PREFIX6
	173	eval $(ipcalc --ipv6 -p ${addr})
	174	assert isset PREFIX6
	175
	176	print "${PREFIX6}/${prefix}"
	177	}
9390b61b SS	178
	179	function ipv6_6rd_format_address() {
	180	local isp_prefix="${1}"
	181	assert ipv6_is_valid "${isp_prefix}"
	182
	183	local client_address="${2}"
	184	assert ipv4_is_valid "${client_address}"
	185
	186	local prefix="$(ipv6_get_prefix "${isp_prefix}")"
	187	isp_prefix="$(ipv6_split_prefix "${isp_prefix}")"
	188
	189	# This only works for prefix lengths up to 32 bit.
	190	assert [ "${prefix}" -le 32 ]
	191	assert [ "${prefix}" -gt 0 ]
	192
	193	# Explode the address and throw away the second 32 bit.
	194	local address="$(ipv6_explode "${isp_prefix}")"
	195
	196	client_address="$(ipv6_6rd_format_client_address ${client_address})"
	197	assert isset client_address
	198
	199	local block1="0x${address:0:4}"
	200	local block2="0x${address:5:4}"
	201	local block3="0x${address:10:4}"
	202	local block4="0x${address:15:4}"
	203
	204	address="$(( (${block1} << 48) + (${block2} << 32) + (${block3} << 16) + ${block4} ))"
	205	assert [ "${address}" -gt 0 ]
	206
	207	block1="0x${client_address:0:4}"
	208	block2="0x${client_address:5:4}"
	209
	210	client_address="$(( (${block1} << 48) + (${block2} << 32) ))"
	211
	212	# Fix for numbers that are interpreted by bash as negative
	213	# numbers and therefore filled up with ones when shifted to
	214	# the right. Weird.
	215	if [ "${client_address}" -gt 0 ]; then
	216	client_address="$(( ${client_address} >> ${prefix} ))"
	217	else
	218	local bitmask="$(( 1 << 63 ))"
	219	client_address="$(( ${client_address} >> 1 ))"
	220	client_address="$(( ${client_address} ^ ${bitmask} ))"
	221	client_address="$(( ${client_address} >> $(( ${prefix} - 1 )) ))"
	222	fi
	223	assert [ "${client_address}" -gt 0 ]
	224
	225	# XOR everything together
	226	address="$(( ${address} ^ ${client_address} ))"
	227	prefix="$(( ${prefix} + 32 ))"
	228
	229	local block formatted_address=":"
	230	while [ ${address} -gt 0 ]; do
	231	printf -v block "%x" "$(( ${address} & 0xffff ))"
	232	formatted_address="${block}:${formatted_address}"
	233
	234	address="$(( ${address} >> 16 ))"
	235	done
	236
	237	assert ipv6_is_valid "${formatted_address}"
	238
	239	# Implode the output IP address.
	240	formatted_address="$(ipv6_implode "${formatted_address}")"
	241
242	print "${formatted_address}/${prefix}"
243	}
244
245	function ipv6_6rd_format_client_address() {
246	local address="${1}"
247	assert isset address
248
249	print "%02x%02x:%02x%02x" ${address//\./ }
250	}