]>
Commit | Line | Data |
---|---|---|
4231f419 MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2010 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
e617226b MT |
22 | IP_SUPPORTED_PROTOCOLS="${IP_SUPPORTED_PROTOCOLS} ipv6" |
23 | ||
4231f419 | 24 | function ipv6_device_autoconf_enable() { |
9f742d49 MT |
25 | local device="${1}" |
26 | assert device_exists "${device}" | |
4231f419 | 27 | |
9f742d49 MT |
28 | sysctl_set "net.ipv6.conf.${device}.accept_ra" 1 |
29 | sysctl_set "net.ipv6.conf.${device}.autoconf" 1 | |
4231f419 MT |
30 | } |
31 | ||
32 | function ipv6_device_autoconf_disable() { | |
9f742d49 MT |
33 | local device="${1}" |
34 | assert device_exists "${device}" | |
58fb41ee | 35 | |
9f742d49 MT |
36 | sysctl_set "net.ipv6.conf.${device}.accept_ra" 0 |
37 | sysctl_set "net.ipv6.conf.${device}.autoconf" 0 | |
58fb41ee MT |
38 | } |
39 | ||
40 | # Enable IPv6 RFC3041 privacy extensions if desired | |
41 | function ipv6_device_privacy_extensions_enable() { | |
9f742d49 MT |
42 | local device="${1}" |
43 | assert device_exists "${device}" | |
58fb41ee | 44 | |
9f742d49 | 45 | sysctl_set "net.ipv6.conf.${device}.use_tempaddr" 2 |
58fb41ee MT |
46 | } |
47 | ||
48 | function ipv6_device_privacy_extensions_disable() { | |
9f742d49 MT |
49 | local device="${1}" |
50 | assert device_exists "${device}" | |
58fb41ee | 51 | |
9f742d49 | 52 | sysctl_set "net.ipv6.conf.${device}.use_tempaddr" 0 |
4231f419 MT |
53 | } |
54 | ||
55 | function ipv6_is_valid() { | |
fa6df98c | 56 | ipcalc --ipv6 -c $@ >/dev/null 2>&1 |
58fb41ee | 57 | |
fa6df98c MT |
58 | case "$?" in |
59 | 0) | |
60 | return ${EXIT_OK} | |
61 | ;; | |
62 | *) | |
38f61548 | 63 | return ${EXIT_ERROR} |
fa6df98c MT |
64 | ;; |
65 | esac | |
4231f419 MT |
66 | } |
67 | ||
cb965348 MT |
68 | function ipv6_prefix_is_valid() { |
69 | local prefix=${1} | |
70 | assert isset prefix | |
71 | ||
72 | [ ${prefix} -le 0 ] && return ${EXIT_FALSE} | |
73 | [ ${prefix} -gt 128 ] && return ${EXIT_FALSE} | |
74 | ||
75 | return ${EXIT_TRUE} | |
76 | } | |
77 | ||
9390b61b SS |
78 | function ipv6_get_prefix() { |
79 | ip_get_prefix "$@" | |
80 | } | |
81 | ||
82 | function ipv6_split_prefix() { | |
83 | ip_split_prefix "$@" | |
84 | } | |
85 | ||
4231f419 MT |
86 | function ipv6_implode() { |
87 | local address=${1} | |
58fb41ee MT |
88 | assert isset address |
89 | ||
ab70371d MT |
90 | local ADDRESS6_IMPL |
91 | eval $(ipcalc -6 -i ${address} 2>/dev/null) | |
92 | assert isset ADDRESS6_IMPL | |
4231f419 | 93 | |
ab70371d | 94 | print "${ADDRESS6_IMPL}" |
4231f419 MT |
95 | } |
96 | ||
97 | function ipv6_explode() { | |
98 | local address=${1} | |
58fb41ee MT |
99 | assert isset address |
100 | ||
ab70371d | 101 | # Nothing to do if the length of the address is 39. |
4231f419 | 102 | if [ ${#address} -eq 39 ]; then |
ab70371d MT |
103 | print "${address}" |
104 | return ${EXIT_OK} | |
4231f419 MT |
105 | fi |
106 | ||
ab70371d MT |
107 | local ADDRESS6_EXPL |
108 | eval $(ipcalc -6 -e ${address} 2>/dev/null) | |
109 | assert isset ADDRESS6_EXPL | |
4231f419 | 110 | |
ab70371d MT |
111 | print "${ADDRESS6_EXPL}" |
112 | } | |
4231f419 | 113 | |
ab70371d MT |
114 | function ipv6_addr_eq() { |
115 | local addr1=${1} | |
116 | assert isset addr1 | |
4231f419 | 117 | |
ab70371d MT |
118 | local addr2=${2} |
119 | assert isset addr2 | |
4231f419 | 120 | |
ab70371d MT |
121 | local addr |
122 | for addr in addr1 addr2; do | |
123 | printf -v ${addr} "%s" $(ipv6_explode ${!addr}) | |
124 | done | |
4231f419 | 125 | |
ab70371d MT |
126 | [[ "${addr1}" = "${addr2}" ]] \ |
127 | && return ${EXIT_TRUE} || return ${EXIT_FALSE} | |
128 | } | |
4231f419 | 129 | |
ab70371d MT |
130 | function ipv6_addr_gt() { |
131 | local addr1=${1} | |
132 | assert isset addr1 | |
4231f419 | 133 | |
ab70371d MT |
134 | local addr2=${2} |
135 | assert isset addr2 | |
4231f419 | 136 | |
ab70371d MT |
137 | local addr |
138 | for addr in addr1 addr2; do | |
139 | printf -v ${addr} "%s" $(ipv6_explode ${!addr}) | |
4231f419 MT |
140 | done |
141 | ||
ab70371d MT |
142 | local i addr1_oct addr2_oct |
143 | for i in 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30; do | |
144 | addr1_oct="0x${addr1:${i}:2}" | |
145 | addr2_oct="0x${addr2:${i}:2}" | |
4231f419 | 146 | |
ab70371d MT |
147 | [[ ${addr1_oct} -gt ${addr2_oct} ]] && return ${EXIT_TRUE} |
148 | done | |
4231f419 | 149 | |
ab70371d | 150 | return ${EXIT_FALSE} |
4231f419 MT |
151 | } |
152 | ||
153 | function ipv6_hash() { | |
154 | local address=${1} | |
155 | ||
58fb41ee MT |
156 | assert isset address |
157 | ||
4231f419 MT |
158 | # Explode address |
159 | address=$(ipv6_explode ${address}) | |
160 | ||
161 | echo "${address//:/}" | |
162 | } | |
ab70371d MT |
163 | |
164 | function ipv6_get_network() { | |
165 | local addr=${1} | |
166 | assert isset addr | |
167 | ||
168 | # Check if a prefix (e.g. /64) is provided. | |
169 | local prefix=$(ip_get_prefix ${addr}) | |
170 | assert ipv6_prefix_is_valid ${prefix} | |
171 | ||
172 | local PREFIX6 | |
173 | eval $(ipcalc --ipv6 -p ${addr}) | |
174 | assert isset PREFIX6 | |
175 | ||
176 | print "${PREFIX6}/${prefix}" | |
177 | } | |
9390b61b SS |
178 | |
179 | function ipv6_6rd_format_address() { | |
180 | local isp_prefix="${1}" | |
181 | assert ipv6_is_valid "${isp_prefix}" | |
182 | ||
183 | local client_address="${2}" | |
184 | assert ipv4_is_valid "${client_address}" | |
185 | ||
186 | local prefix="$(ipv6_get_prefix "${isp_prefix}")" | |
187 | isp_prefix="$(ipv6_split_prefix "${isp_prefix}")" | |
188 | ||
189 | # This only works for prefix lengths up to 32 bit. | |
190 | assert [ "${prefix}" -le 32 ] | |
191 | assert [ "${prefix}" -gt 0 ] | |
192 | ||
193 | # Explode the address and throw away the second 32 bit. | |
194 | local address="$(ipv6_explode "${isp_prefix}")" | |
195 | ||
196 | client_address="$(ipv6_6rd_format_client_address ${client_address})" | |
197 | assert isset client_address | |
198 | ||
199 | local block1="0x${address:0:4}" | |
200 | local block2="0x${address:5:4}" | |
201 | local block3="0x${address:10:4}" | |
202 | local block4="0x${address:15:4}" | |
203 | ||
204 | address="$(( (${block1} << 48) + (${block2} << 32) + (${block3} << 16) + ${block4} ))" | |
205 | assert [ "${address}" -gt 0 ] | |
206 | ||
207 | block1="0x${client_address:0:4}" | |
208 | block2="0x${client_address:5:4}" | |
209 | ||
210 | client_address="$(( (${block1} << 48) + (${block2} << 32) ))" | |
211 | ||
212 | # Fix for numbers that are interpreted by bash as negative | |
213 | # numbers and therefore filled up with ones when shifted to | |
214 | # the right. Weird. | |
215 | if [ "${client_address}" -gt 0 ]; then | |
216 | client_address="$(( ${client_address} >> ${prefix} ))" | |
217 | else | |
218 | local bitmask="$(( 1 << 63 ))" | |
219 | client_address="$(( ${client_address} >> 1 ))" | |
220 | client_address="$(( ${client_address} ^ ${bitmask} ))" | |
221 | client_address="$(( ${client_address} >> $(( ${prefix} - 1 )) ))" | |
222 | fi | |
223 | assert [ "${client_address}" -gt 0 ] | |
224 | ||
225 | # XOR everything together | |
226 | address="$(( ${address} ^ ${client_address} ))" | |
227 | prefix="$(( ${prefix} + 32 ))" | |
228 | ||
229 | local block formatted_address=":" | |
230 | while [ ${address} -gt 0 ]; do | |
231 | printf -v block "%x" "$(( ${address} & 0xffff ))" | |
232 | formatted_address="${block}:${formatted_address}" | |
233 | ||
234 | address="$(( ${address} >> 16 ))" | |
235 | done | |
236 | ||
237 | assert ipv6_is_valid "${formatted_address}" | |
238 | ||
239 | # Implode the output IP address. | |
240 | formatted_address="$(ipv6_implode "${formatted_address}")" | |
241 | ||
242 | print "${formatted_address}/${prefix}" | |
243 | } | |
244 | ||
245 | function ipv6_6rd_format_client_address() { | |
246 | local address="${1}" | |
247 | assert isset address | |
248 | ||
249 | print "%02x%02x:%02x%02x" ${address//\./ } | |
250 | } |