]>
Commit | Line | Data |
---|---|---|
4231f419 MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2010 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
e617226b MT |
22 | IP_SUPPORTED_PROTOCOLS="${IP_SUPPORTED_PROTOCOLS} ipv6" |
23 | ||
4231f419 | 24 | function ipv6_device_autoconf_enable() { |
9f742d49 MT |
25 | local device="${1}" |
26 | assert device_exists "${device}" | |
58fb41ee | 27 | |
9f742d49 MT |
28 | sysctl_set "net.ipv6.conf.${device}.accept_ra" 1 |
29 | sysctl_set "net.ipv6.conf.${device}.autoconf" 1 | |
4231f419 MT |
30 | } |
31 | ||
32 | function ipv6_device_autoconf_disable() { | |
9f742d49 MT |
33 | local device="${1}" |
34 | assert device_exists "${device}" | |
58fb41ee | 35 | |
9f742d49 MT |
36 | sysctl_set "net.ipv6.conf.${device}.accept_ra" 0 |
37 | sysctl_set "net.ipv6.conf.${device}.autoconf" 0 | |
58fb41ee MT |
38 | } |
39 | ||
40 | # Enable IPv6 RFC3041 privacy extensions if desired | |
41 | function ipv6_device_privacy_extensions_enable() { | |
9f742d49 MT |
42 | local device="${1}" |
43 | assert device_exists "${device}" | |
58fb41ee | 44 | |
9f742d49 | 45 | sysctl_set "net.ipv6.conf.${device}.use_tempaddr" 2 |
58fb41ee MT |
46 | } |
47 | ||
48 | function ipv6_device_privacy_extensions_disable() { | |
9f742d49 MT |
49 | local device="${1}" |
50 | assert device_exists "${device}" | |
58fb41ee | 51 | |
9f742d49 | 52 | sysctl_set "net.ipv6.conf.${device}.use_tempaddr" 0 |
4231f419 MT |
53 | } |
54 | ||
55 | function ipv6_is_valid() { | |
fa6df98c | 56 | ipcalc --ipv6 -c $@ >/dev/null 2>&1 |
58fb41ee | 57 | |
fa6df98c MT |
58 | case "$?" in |
59 | 0) | |
60 | return ${EXIT_OK} | |
61 | ;; | |
62 | *) | |
38f61548 | 63 | return ${EXIT_ERROR} |
fa6df98c MT |
64 | ;; |
65 | esac | |
4231f419 MT |
66 | } |
67 | ||
cb965348 MT |
68 | function ipv6_prefix_is_valid() { |
69 | local prefix=${1} | |
70 | assert isset prefix | |
71 | ||
72 | [ ${prefix} -le 0 ] && return ${EXIT_FALSE} | |
73 | [ ${prefix} -gt 128 ] && return ${EXIT_FALSE} | |
74 | ||
75 | return ${EXIT_TRUE} | |
76 | } | |
77 | ||
4231f419 MT |
78 | function ipv6_implode() { |
79 | local address=${1} | |
58fb41ee MT |
80 | assert isset address |
81 | ||
ab70371d MT |
82 | local ADDRESS6_IMPL |
83 | eval $(ipcalc -6 -i ${address} 2>/dev/null) | |
84 | assert isset ADDRESS6_IMPL | |
4231f419 | 85 | |
ab70371d | 86 | print "${ADDRESS6_IMPL}" |
4231f419 MT |
87 | } |
88 | ||
89 | function ipv6_explode() { | |
90 | local address=${1} | |
58fb41ee MT |
91 | assert isset address |
92 | ||
ab70371d | 93 | # Nothing to do if the length of the address is 39. |
4231f419 | 94 | if [ ${#address} -eq 39 ]; then |
ab70371d MT |
95 | print "${address}" |
96 | return ${EXIT_OK} | |
4231f419 MT |
97 | fi |
98 | ||
ab70371d MT |
99 | local ADDRESS6_EXPL |
100 | eval $(ipcalc -6 -e ${address} 2>/dev/null) | |
101 | assert isset ADDRESS6_EXPL | |
4231f419 | 102 | |
ab70371d MT |
103 | print "${ADDRESS6_EXPL}" |
104 | } | |
4231f419 | 105 | |
ab70371d MT |
106 | function ipv6_addr_eq() { |
107 | local addr1=${1} | |
108 | assert isset addr1 | |
4231f419 | 109 | |
ab70371d MT |
110 | local addr2=${2} |
111 | assert isset addr2 | |
4231f419 | 112 | |
ab70371d MT |
113 | local addr |
114 | for addr in addr1 addr2; do | |
115 | printf -v ${addr} "%s" $(ipv6_explode ${!addr}) | |
116 | done | |
4231f419 | 117 | |
ab70371d MT |
118 | [[ "${addr1}" = "${addr2}" ]] \ |
119 | && return ${EXIT_TRUE} || return ${EXIT_FALSE} | |
120 | } | |
4231f419 | 121 | |
ab70371d MT |
122 | function ipv6_addr_gt() { |
123 | local addr1=${1} | |
124 | assert isset addr1 | |
4231f419 | 125 | |
ab70371d MT |
126 | local addr2=${2} |
127 | assert isset addr2 | |
4231f419 | 128 | |
ab70371d MT |
129 | local addr |
130 | for addr in addr1 addr2; do | |
131 | printf -v ${addr} "%s" $(ipv6_explode ${!addr}) | |
4231f419 MT |
132 | done |
133 | ||
ab70371d MT |
134 | local i addr1_oct addr2_oct |
135 | for i in 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30; do | |
136 | addr1_oct="0x${addr1:${i}:2}" | |
137 | addr2_oct="0x${addr2:${i}:2}" | |
4231f419 | 138 | |
ab70371d MT |
139 | [[ ${addr1_oct} -gt ${addr2_oct} ]] && return ${EXIT_TRUE} |
140 | done | |
4231f419 | 141 | |
ab70371d | 142 | return ${EXIT_FALSE} |
4231f419 MT |
143 | } |
144 | ||
145 | function ipv6_hash() { | |
146 | local address=${1} | |
147 | ||
58fb41ee MT |
148 | assert isset address |
149 | ||
4231f419 MT |
150 | # Explode address |
151 | address=$(ipv6_explode ${address}) | |
152 | ||
153 | echo "${address//:/}" | |
154 | } | |
ab70371d MT |
155 | |
156 | function ipv6_get_network() { | |
157 | local addr=${1} | |
158 | assert isset addr | |
159 | ||
160 | # Check if a prefix (e.g. /64) is provided. | |
161 | local prefix=$(ip_get_prefix ${addr}) | |
162 | assert ipv6_prefix_is_valid ${prefix} | |
163 | ||
164 | local PREFIX6 | |
165 | eval $(ipcalc --ipv6 -p ${addr}) | |
166 | assert isset PREFIX6 | |
167 | ||
168 | print "${PREFIX6}/${prefix}" | |
169 | } |