2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2010 Michael Tremer & Christian Schmidt #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
22 IP_SUPPORTED_PROTOCOLS
="${IP_SUPPORTED_PROTOCOLS} ipv6"
24 function ipv6_init
() {
25 log INFO
"Initializing IPv6 networking."
27 # Enable forwarding on all devices
28 #ipv6_device_forwarding_disable all
29 #ipv6_device_forwarding_disable default
31 # Disable autoconfiguration on all devices per default
32 #ipv6_device_autoconf_disable all
33 #ipv6_device_autoconf_disable default
35 # XXX do we need this?
37 #for device in $(devices_get_all); do
38 # ipv6_device_forwarding_disable ${device}
39 # ipv6_device_autoconf_disable ${device}
43 init_register ipv6_init
45 function ipv6_device_autoconf_enable
() {
50 # Allow setting default and all settings
51 if ! isoneof device all default
; then
52 assert device_exists
${device}
56 for val
in accept_ra accept_redirects
; do
57 echo 1 > /proc
/sys
/net
/ipv
6/conf
/${device}/${val}
61 function ipv6_device_autoconf_disable
() {
66 # Allow setting default and all settings
67 if ! isoneof device all default
; then
68 assert device_exists
${device}
72 for val
in accept_ra accept_redirects
; do
73 echo 0 > /proc
/sys
/net
/ipv
6/conf
/${device}/${val}
77 function ipv6_device_forwarding_enable
() {
82 # Allow setting default and all settings
83 if ! isoneof device all default
; then
84 assert device_exists
${device}
87 echo 1 > /proc
/sys
/net
/ipv
6/conf
/${device}/forwarding
90 function ipv6_device_forwarding_disable
() {
95 # Allow setting default and all settings
96 if ! isoneof device all default
; then
97 assert device_exists
${device}
100 echo 0 > /proc
/sys
/net
/ipv
6/conf
/${device}/forwarding
103 # Enable IPv6 RFC3041 privacy extensions if desired
104 function ipv6_device_privacy_extensions_enable
() {
109 assert device_exists
${device}
111 # Default value is rfc3041
112 if [ -z "${type}" ]; then
120 echo 2 > /proc
/sys
/net
/ipv
6/conf
/${device}/use_tempaddr
123 error_log
"Given type '${type}' is not supported."
131 function ipv6_device_privacy_extensions_disable
() {
135 assert device_exists
${device}
137 echo 0 > /proc
/sys
/net
/ipv
6/conf
/${device}/use_tempaddr
140 function ipv6_is_valid
() {
141 ipcalc
--ipv6 -c $@
>/dev
/null
2>&1
153 function ipv6_prefix_is_valid
() {
157 [ ${prefix} -le 0 ] && return ${EXIT_FALSE}
158 [ ${prefix} -gt 128 ] && return ${EXIT_FALSE}
163 function ipv6_implode
() {
168 eval $
(ipcalc
-6 -i ${address} 2>/dev
/null
)
169 assert isset ADDRESS6_IMPL
171 print
"${ADDRESS6_IMPL}"
174 function ipv6_explode
() {
178 # Nothing to do if the length of the address is 39.
179 if [ ${#address} -eq 39 ]; then
185 eval $
(ipcalc
-6 -e ${address} 2>/dev
/null
)
186 assert isset ADDRESS6_EXPL
188 print
"${ADDRESS6_EXPL}"
191 function ipv6_addr_eq
() {
199 for addr
in addr1 addr2
; do
200 printf -v ${addr} "%s" $
(ipv6_explode
${!addr})
203 [[ "${addr1}" = "${addr2}" ]] \
204 && return ${EXIT_TRUE} ||
return ${EXIT_FALSE}
207 function ipv6_addr_gt
() {
215 for addr
in addr1 addr2
; do
216 printf -v ${addr} "%s" $
(ipv6_explode
${!addr})
219 local i addr1_oct addr2_oct
220 for i
in 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30; do
221 addr1_oct
="0x${addr1:${i}:2}"
222 addr2_oct
="0x${addr2:${i}:2}"
224 [[ ${addr1_oct} -gt ${addr2_oct} ]] && return ${EXIT_TRUE}
230 function ipv6_hash
() {
236 address
=$
(ipv6_explode
${address})
238 echo "${address//:/}"
241 function ipv6_get_network
() {
245 # Check if a prefix (e.g. /64) is provided.
246 local prefix
=$
(ip_get_prefix
${addr})
247 assert ipv6_prefix_is_valid
${prefix}
250 eval $
(ipcalc
--ipv6 -p ${addr})
253 print
"${PREFIX6}/${prefix}"