[people/stevee/network.git] / functions.ipv6

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

IP_SUPPORTED_PROTOCOLS="${IP_SUPPORTED_PROTOCOLS} ipv6"

function ipv6_init() {
	log INFO "Initializing IPv6 networking."

	# Enable forwarding on all devices
	#ipv6_device_forwarding_disable all
	#ipv6_device_forwarding_disable default

	# Disable autoconfiguration on all devices per default
	#ipv6_device_autoconf_disable all
	#ipv6_device_autoconf_disable default

	# XXX do we need this?
	#local device
	#for device in $(devices_get_all); do
	#	ipv6_device_forwarding_disable ${device}
	#	ipv6_device_autoconf_disable ${device}
	#done
}

init_register ipv6_init

function ipv6_device_autoconf_enable() {
	local device=${1}

	assert isset device

	# Allow setting default and all settings
	if ! isoneof device all default; then
		assert device_exists ${device}
	fi

	local val
	for val in accept_ra accept_redirects; do
		echo 1 > /proc/sys/net/ipv6/conf/${device}/${val}
	done
}

function ipv6_device_autoconf_disable() {
	local device=${1}

	assert isset device

	# Allow setting default and all settings
	if ! isoneof device all default; then
		assert device_exists ${device}
	fi

	local val
	for val in accept_ra accept_redirects; do
		echo 0 > /proc/sys/net/ipv6/conf/${device}/${val}
	done
}

function ipv6_device_forwarding_enable() {
	local device=${1}

	assert isset device

	# Allow setting default and all settings
	if ! isoneof device all default; then
		assert device_exists ${device}
	fi

	echo 1 > /proc/sys/net/ipv6/conf/${device}/forwarding
}

function ipv6_device_forwarding_disable() {
	local device=${1}

	assert isset device

	# Allow setting default and all settings
	if ! isoneof device all default; then
		assert device_exists ${device}
	fi

	echo 0 > /proc/sys/net/ipv6/conf/${device}/forwarding
}

# Enable IPv6 RFC3041 privacy extensions if desired
function ipv6_device_privacy_extensions_enable() {
	local device=${1}
	local type=${2}

	assert isset device
	assert device_exists ${device}

	# Default value is rfc3041
	if [ -z "${type}" ]; then
		type="rfc3041"
	fi

	assert isset type

	case "${type}" in
		rfc3041)
			echo 2 > /proc/sys/net/ipv6/conf/${device}/use_tempaddr
			;;
		*)
			error_log "Given type '${type}' is not supported."
			return ${EXIT_ERROR}
			;;
	esac

	return ${EXIT_OK}
}

function ipv6_device_privacy_extensions_disable() {
	local device=${1}

	assert isset device
	assert device_exists ${device}

	echo 0 > /proc/sys/net/ipv6/conf/${device}/use_tempaddr
}

function ipv6_is_valid() {
	ipcalc --ipv6 -c $@ >/dev/null 2>&1

	case "$?" in
		0)
			return ${EXIT_OK}
			;;
		*)
			return ${EXIT_ERROR}
			;;
	esac
}

function ipv6_prefix_is_valid() {
	local prefix=${1}
	assert isset prefix

	[ ${prefix} -le   0 ] && return ${EXIT_FALSE}
	[ ${prefix} -gt 128 ] && return ${EXIT_FALSE}

	return ${EXIT_TRUE}
}

function ipv6_implode() {
	local address=${1}
	assert isset address

	local ADDRESS6_IMPL
	eval $(ipcalc -6 -i ${address} 2>/dev/null)
	assert isset ADDRESS6_IMPL

	print "${ADDRESS6_IMPL}"
}

function ipv6_explode() {
	local address=${1}
	assert isset address

	# Nothing to do if the length of the address is 39.
	if [ ${#address} -eq 39 ]; then
		print "${address}"
		return ${EXIT_OK}
	fi

	local ADDRESS6_EXPL
	eval $(ipcalc -6 -e ${address} 2>/dev/null)
	assert isset ADDRESS6_EXPL

	print "${ADDRESS6_EXPL}"
}

function ipv6_addr_eq() {
	local addr1=${1}
	assert isset addr1

	local addr2=${2}
	assert isset addr2

	local addr
	for addr in addr1 addr2; do
		printf -v ${addr} "%s" $(ipv6_explode ${!addr})
	done

	[[ "${addr1}" = "${addr2}" ]] \
		&& return ${EXIT_TRUE} || return ${EXIT_FALSE}
}

function ipv6_addr_gt() {
	local addr1=${1}
	assert isset addr1

	local addr2=${2}
	assert isset addr2

	local addr
	for addr in addr1 addr2; do
		printf -v ${addr} "%s" $(ipv6_explode ${!addr})
	done

	local i addr1_oct addr2_oct
	for i in 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30; do
		addr1_oct="0x${addr1:${i}:2}"
		addr2_oct="0x${addr2:${i}:2}"

		[[ ${addr1_oct} -gt ${addr2_oct} ]] && return ${EXIT_TRUE}
	done

	return ${EXIT_FALSE}
}

function ipv6_hash() {
	local address=${1}

	assert isset address

	# Explode address
	address=$(ipv6_explode ${address})

	echo "${address//:/}"
}

function ipv6_get_network() {
	local addr=${1}
	assert isset addr

	# Check if a prefix (e.g. /64) is provided.
	local prefix=$(ip_get_prefix ${addr})
	assert ipv6_prefix_is_valid ${prefix}

	local PREFIX6
	eval $(ipcalc --ipv6 -p ${addr})
	assert isset PREFIX6

	print "${PREFIX6}/${prefix}"
}
Commit	Line	Data
4231f419 MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
e617226b MT	22	IP_SUPPORTED_PROTOCOLS="${IP_SUPPORTED_PROTOCOLS} ipv6"
e617226b MT	23
58fb41ee MT	24	function ipv6_init() {
	25	log INFO "Initializing IPv6 networking."
	26
	27	# Enable forwarding on all devices
f3ab2af9 MT	28	#ipv6_device_forwarding_disable all
f3ab2af9 MT	29	#ipv6_device_forwarding_disable default
58fb41ee MT	30
58fb41ee MT	31	# Disable autoconfiguration on all devices per default
f3ab2af9 MT	32	#ipv6_device_autoconf_disable all
f3ab2af9 MT	33	#ipv6_device_autoconf_disable default
58fb41ee MT	34
	35	# XXX do we need this?
	36	#local device
	37	#for device in $(devices_get_all); do
	38	# ipv6_device_forwarding_disable ${device}
	39	# ipv6_device_autoconf_disable ${device}
	40	#done
	41	}
	42
	43	init_register ipv6_init
	44
4231f419 MT	45	function ipv6_device_autoconf_enable() {
	46	local device=${1}
	47
58fb41ee MT	48	assert isset device
	49
	50	# Allow setting default and all settings
	51	if ! isoneof device all default; then
	52	assert device_exists ${device}
4231f419 MT	53	fi
4231f419 MT	54
58fb41ee MT	55	local val
	56	for val in accept_ra accept_redirects; do
	57	echo 1 > /proc/sys/net/ipv6/conf/${device}/${val}
	58	done
4231f419 MT	59	}
	60
	61	function ipv6_device_autoconf_disable() {
	62	local device=${1}
	63
58fb41ee MT	64	assert isset device
	65
	66	# Allow setting default and all settings
	67	if ! isoneof device all default; then
	68	assert device_exists ${device}
	69	fi
	70
	71	local val
	72	for val in accept_ra accept_redirects; do
	73	echo 0 > /proc/sys/net/ipv6/conf/${device}/${val}
	74	done
	75	}
	76
	77	function ipv6_device_forwarding_enable() {
	78	local device=${1}
	79
	80	assert isset device
	81
	82	# Allow setting default and all settings
	83	if ! isoneof device all default; then
	84	assert device_exists ${device}
	85	fi
	86
	87	echo 1 > /proc/sys/net/ipv6/conf/${device}/forwarding
	88	}
	89
	90	function ipv6_device_forwarding_disable() {
	91	local device=${1}
	92
	93	assert isset device
	94
	95	# Allow setting default and all settings
	96	if ! isoneof device all default; then
	97	assert device_exists ${device}
4231f419 MT	98	fi
4231f419 MT	99
58fb41ee MT	100	echo 0 > /proc/sys/net/ipv6/conf/${device}/forwarding
	101	}
	102
	103	# Enable IPv6 RFC3041 privacy extensions if desired
	104	function ipv6_device_privacy_extensions_enable() {
	105	local device=${1}
	106	local type=${2}
	107
	108	assert isset device
	109	assert device_exists ${device}
	110
	111	# Default value is rfc3041
	112	if [ -z "${type}" ]; then
	113	type="rfc3041"
	114	fi
	115
	116	assert isset type
	117
	118	case "${type}" in
	119	rfc3041)
	120	echo 2 > /proc/sys/net/ipv6/conf/${device}/use_tempaddr
	121	;;
	122	*)
	123	error_log "Given type '${type}' is not supported."
	124	return ${EXIT_ERROR}
	125	;;
	126	esac
	127
	128	return ${EXIT_OK}
	129	}
	130
	131	function ipv6_device_privacy_extensions_disable() {
	132	local device=${1}
	133
	134	assert isset device
	135	assert device_exists ${device}
	136
	137	echo 0 > /proc/sys/net/ipv6/conf/${device}/use_tempaddr
4231f419 MT	138	}
	139
	140	function ipv6_is_valid() {
fa6df98c	141	ipcalc --ipv6 -c $@ >/dev/null 2>&1
58fb41ee	142
fa6df98c MT	143	case "$?" in
	144	0)
	145	return ${EXIT_OK}
	146	;;
	147	*)
38f61548	148	return ${EXIT_ERROR}
fa6df98c MT	149	;;
fa6df98c MT	150	esac
4231f419 MT	151	}
4231f419 MT	152
cb965348 MT	153	function ipv6_prefix_is_valid() {
	154	local prefix=${1}
	155	assert isset prefix
	156
	157	[ ${prefix} -le 0 ] && return ${EXIT_FALSE}
	158	[ ${prefix} -gt 128 ] && return ${EXIT_FALSE}
	159
	160	return ${EXIT_TRUE}
	161	}
	162
4231f419 MT	163	function ipv6_implode() {
4231f419 MT	164	local address=${1}
58fb41ee MT	165	assert isset address
58fb41ee MT	166
ab70371d MT	167	local ADDRESS6_IMPL
	168	eval $(ipcalc -6 -i ${address} 2>/dev/null)
	169	assert isset ADDRESS6_IMPL
4231f419	170
ab70371d	171	print "${ADDRESS6_IMPL}"
4231f419 MT	172	}
	173
	174	function ipv6_explode() {
	175	local address=${1}
58fb41ee MT	176	assert isset address
58fb41ee MT	177
ab70371d	178	# Nothing to do if the length of the address is 39.
4231f419	179	if [ ${#address} -eq 39 ]; then
ab70371d MT	180	print "${address}"
ab70371d MT	181	return ${EXIT_OK}
4231f419 MT	182	fi
4231f419 MT	183
ab70371d MT	184	local ADDRESS6_EXPL
	185	eval $(ipcalc -6 -e ${address} 2>/dev/null)
	186	assert isset ADDRESS6_EXPL
4231f419	187
ab70371d MT	188	print "${ADDRESS6_EXPL}"
ab70371d MT	189	}
4231f419	190
ab70371d MT	191	function ipv6_addr_eq() {
	192	local addr1=${1}
	193	assert isset addr1
4231f419	194
ab70371d MT	195	local addr2=${2}
ab70371d MT	196	assert isset addr2
4231f419	197
ab70371d MT	198	local addr
	199	for addr in addr1 addr2; do
	200	printf -v ${addr} "%s" $(ipv6_explode ${!addr})
	201	done
4231f419	202
ab70371d MT	203	[[ "${addr1}" = "${addr2}" ]] \
	204	&& return ${EXIT_TRUE} \|\| return ${EXIT_FALSE}
	205	}
4231f419	206
ab70371d MT	207	function ipv6_addr_gt() {
	208	local addr1=${1}
	209	assert isset addr1
4231f419	210
ab70371d MT	211	local addr2=${2}
ab70371d MT	212	assert isset addr2
4231f419	213
ab70371d MT	214	local addr
	215	for addr in addr1 addr2; do
	216	printf -v ${addr} "%s" $(ipv6_explode ${!addr})
4231f419 MT	217	done
4231f419 MT	218
ab70371d MT	219	local i addr1_oct addr2_oct
	220	for i in 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30; do
	221	addr1_oct="0x${addr1:${i}:2}"
	222	addr2_oct="0x${addr2:${i}:2}"
4231f419	223
ab70371d MT	224	[[ ${addr1_oct} -gt ${addr2_oct} ]] && return ${EXIT_TRUE}
ab70371d MT	225	done
4231f419	226
ab70371d	227	return ${EXIT_FALSE}
4231f419 MT	228	}
	229
	230	function ipv6_hash() {
	231	local address=${1}
	232
58fb41ee MT	233	assert isset address
58fb41ee MT	234
4231f419 MT	235	# Explode address
	236	address=$(ipv6_explode ${address})
	237
	238	echo "${address//:/}"
	239	}
ab70371d MT	240
	241	function ipv6_get_network() {
	242	local addr=${1}
	243	assert isset addr
	244
	245	# Check if a prefix (e.g. /64) is provided.
	246	local prefix=$(ip_get_prefix ${addr})
	247	assert ipv6_prefix_is_valid ${prefix}
	248
	249	local PREFIX6
	250	eval $(ipcalc --ipv6 -p ${addr})
	251	assert isset PREFIX6
	252
	253	print "${PREFIX6}/${prefix}"
	254	}