]> git.ipfire.org Git - people/stevee/network.git/blob - functions.ipv6
projects / people / stevee / network.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Don't use connection tracking for loopback traffic.
[people/stevee/network.git] / functions.ipv6
1 #!/bin/bash
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2010 Michael Tremer & Christian Schmidt #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 IP_SUPPORTED_PROTOCOLS="${IP_SUPPORTED_PROTOCOLS} ipv6"
23
24 function ipv6_init() {
25 log INFO "Initializing IPv6 networking."
26
27 # Enable forwarding on all devices
28 #ipv6_device_forwarding_disable all
29 #ipv6_device_forwarding_disable default
30
31 # Disable autoconfiguration on all devices per default
32 #ipv6_device_autoconf_disable all
33 #ipv6_device_autoconf_disable default
34
35 # XXX do we need this?
36 #local device
37 #for device in $(devices_get_all); do
38 # ipv6_device_forwarding_disable ${device}
39 # ipv6_device_autoconf_disable ${device}
40 #done
41 }
42
43 init_register ipv6_init
44
45 function ipv6_device_autoconf_enable() {
46 local device=${1}
47
48 assert isset device
49
50 # Allow setting default and all settings
51 if ! isoneof device all default; then
52 assert device_exists ${device}
53 fi
54
55 local val
56 for val in accept_ra accept_redirects; do
57 echo 1 > /proc/sys/net/ipv6/conf/${device}/${val}
58 done
59 }
60
61 function ipv6_device_autoconf_disable() {
62 local device=${1}
63
64 assert isset device
65
66 # Allow setting default and all settings
67 if ! isoneof device all default; then
68 assert device_exists ${device}
69 fi
70
71 local val
72 for val in accept_ra accept_redirects; do
73 echo 0 > /proc/sys/net/ipv6/conf/${device}/${val}
74 done
75 }
76
77 function ipv6_device_forwarding_enable() {
78 local device=${1}
79
80 assert isset device
81
82 # Allow setting default and all settings
83 if ! isoneof device all default; then
84 assert device_exists ${device}
85 fi
86
87 echo 1 > /proc/sys/net/ipv6/conf/${device}/forwarding
88 }
89
90 function ipv6_device_forwarding_disable() {
91 local device=${1}
92
93 assert isset device
94
95 # Allow setting default and all settings
96 if ! isoneof device all default; then
97 assert device_exists ${device}
98 fi
99
100 echo 0 > /proc/sys/net/ipv6/conf/${device}/forwarding
101 }
102
103 # Enable IPv6 RFC3041 privacy extensions if desired
104 function ipv6_device_privacy_extensions_enable() {
105 local device=${1}
106 local type=${2}
107
108 assert isset device
109 assert device_exists ${device}
110
111 # Default value is rfc3041
112 if [ -z "${type}" ]; then
113 type="rfc3041"
114 fi
115
116 assert isset type
117
118 case "${type}" in
119 rfc3041)
120 echo 2 > /proc/sys/net/ipv6/conf/${device}/use_tempaddr
121 ;;
122 *)
123 error_log "Given type '${type}' is not supported."
124 return ${EXIT_ERROR}
125 ;;
126 esac
127
128 return ${EXIT_OK}
129 }
130
131 function ipv6_device_privacy_extensions_disable() {
132 local device=${1}
133
134 assert isset device
135 assert device_exists ${device}
136
137 echo 0 > /proc/sys/net/ipv6/conf/${device}/use_tempaddr
138 }
139
140 function ipv6_is_valid() {
141 ipcalc --ipv6 -c $@ >/dev/null 2>&1
142
143 case "$?" in
144 0)
145 return ${EXIT_OK}
146 ;;
147 *)
148 return ${EXIT_ERROR}
149 ;;
150 esac
151 }
152
153 function ipv6_prefix_is_valid() {
154 local prefix=${1}
155 assert isset prefix
156
157 [ ${prefix} -le 0 ] && return ${EXIT_FALSE}
158 [ ${prefix} -gt 128 ] && return ${EXIT_FALSE}
159
160 return ${EXIT_TRUE}
161 }
162
163 function ipv6_implode() {
164 local address=${1}
165 assert isset address
166
167 local ADDRESS6_IMPL
168 eval $(ipcalc -6 -i ${address} 2>/dev/null)
169 assert isset ADDRESS6_IMPL
170
171 print "${ADDRESS6_IMPL}"
172 }
173
174 function ipv6_explode() {
175 local address=${1}
176 assert isset address
177
178 # Nothing to do if the length of the address is 39.
179 if [ ${#address} -eq 39 ]; then
180 print "${address}"
181 return ${EXIT_OK}
182 fi
183
184 local ADDRESS6_EXPL
185 eval $(ipcalc -6 -e ${address} 2>/dev/null)
186 assert isset ADDRESS6_EXPL
187
188 print "${ADDRESS6_EXPL}"
189 }
190
191 function ipv6_addr_eq() {
192 local addr1=${1}
193 assert isset addr1
194
195 local addr2=${2}
196 assert isset addr2
197
198 local addr
199 for addr in addr1 addr2; do
200 printf -v ${addr} "%s" $(ipv6_explode ${!addr})
201 done
202
203 [[ "${addr1}" = "${addr2}" ]] \
204 && return ${EXIT_TRUE} || return ${EXIT_FALSE}
205 }
206
207 function ipv6_addr_gt() {
208 local addr1=${1}
209 assert isset addr1
210
211 local addr2=${2}
212 assert isset addr2
213
214 local addr
215 for addr in addr1 addr2; do
216 printf -v ${addr} "%s" $(ipv6_explode ${!addr})
217 done
218
219 local i addr1_oct addr2_oct
220 for i in 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30; do
221 addr1_oct="0x${addr1:${i}:2}"
222 addr2_oct="0x${addr2:${i}:2}"
223
224 [[ ${addr1_oct} -gt ${addr2_oct} ]] && return ${EXIT_TRUE}
225 done
226
227 return ${EXIT_FALSE}
228 }
229
230 function ipv6_hash() {
231 local address=${1}
232
233 assert isset address
234
235 # Explode address
236 address=$(ipv6_explode ${address})
237
238 echo "${address//:/}"
239 }
240
241 function ipv6_get_network() {
242 local addr=${1}
243 assert isset addr
244
245 # Check if a prefix (e.g. /64) is provided.
246 local prefix=$(ip_get_prefix ${addr})
247 assert ipv6_prefix_is_valid ${prefix}
248
249 local PREFIX6
250 eval $(ipcalc --ipv6 -p ${addr})
251 assert isset PREFIX6
252
253 print "${PREFIX6}/${prefix}"
254 }
Stevee's network tree.