]> git.ipfire.org Git - people/stevee/network.git/blobdiff - src/functions/functions.ipv6
projects / people / stevee / network.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
network fix parameter passing when using ""
[people/stevee/network.git] / src / functions / functions.ipv6
diff --git a/src/functions/functions.ipv6 b/src/functions/functions.ipv6
index 55540527816836c8dd871965b2c6db724c05b43e..50c2b9efc84ba84423a70e5918079f62045e70b5 100644 (file)
--- a/src/functions/functions.ipv6
+++ b/src/functions/functions.ipv6
@@ -21,7 +21,7 @@
 
 IP_SUPPORTED_PROTOCOLS="${IP_SUPPORTED_PROTOCOLS} ipv6"
 
-function ipv6_device_autoconf_enable() {
+ipv6_device_autoconf_enable() {
        local device="${1}"
        assert device_exists "${device}"
 
@@ -35,7 +35,7 @@ function ipv6_device_autoconf_enable() {
        ipv6_device_forwarding_disable "${device}"
 }
 
-function ipv6_device_autoconf_disable() {
+ipv6_device_autoconf_disable() {
        local device="${1}"
        assert device_exists "${device}"
 
@@ -51,15 +51,37 @@ function ipv6_device_autoconf_disable() {
        ipv6_device_privacy_extensions_disable "${device}"
 }
 
-function ipv6_device_forwarding_enable() {
+ipv6_device_forwarding_enable() {
        local device="${1}"
+       shift
+
+       local accept_ra=0
+
+       local arg
+       while read arg; do
+               case "${arg}" in
+                       --accept-ra)
+                               accept_ra=2
+                               ;;
+               esac
+       done <<< "$(args "$@")"
 
        sysctl_set "net.ipv6.conf.${device}.forwarding" 1
 
        log INFO "Enabled IPv6 forwarding on '${device}'"
+
+       # If forwarding is enabled, the kernel won't process
+       # any router advertisements any more, which is not good
+       # when we still want a default route when running in
+       # DHCP client mode on an uplink zone.
+       if [ ${accept_ra} -gt 0 ]; then
+               log INFO "  and accepting router advertisements"
+
+               sysctl_set "net.ipv6.conf.${device}.accept_ra" 2
+       fi
 }
 
-function ipv6_device_forwarding_disable() {
+ipv6_device_forwarding_disable() {
        local device="${1}"
 
        sysctl_set "net.ipv6.conf.${device}.forwarding" 0
@@ -68,36 +90,52 @@ function ipv6_device_forwarding_disable() {
 }
 
 # Enable IPv6 RFC3041 privacy extensions if desired
-function ipv6_device_privacy_extensions_enable() {
+ipv6_device_privacy_extensions_enable() {
        local device="${1}"
        assert device_exists "${device}"
 
        sysctl_set "net.ipv6.conf.${device}.use_tempaddr" 2
 }
 
-function ipv6_device_privacy_extensions_disable() {
+ipv6_device_privacy_extensions_disable() {
        local device="${1}"
        assert device_exists "${device}"
 
        sysctl_set "net.ipv6.conf.${device}.use_tempaddr" 0
 }
 
-function ipv6_is_valid() {
-       ipcalc --ipv6 -c $@ >/dev/null 2>&1
-
-       case "$?" in
-               0)
-                       return ${EXIT_OK}
-                       ;;
-               *)
-                       return ${EXIT_ERROR}
-                       ;;
-       esac
+ipv6_is_valid() {
+       local address=${1}
+
+       local prefix=$(ip_get_prefix ${address})
+       address=$(ip_split_prefix ${address})
+
+       # If prefix is set, we check if it is correct
+       if isset prefix; then
+               # Must be numeric
+               isinteger prefix || return ${EXIT_FALSE}
+
+               # Must be 128 if present
+               [ ${prefix} -eq 128 ] || return ${EXIT_FALSE}
+       fi
+
+       inetcalc -6 -c ${address} && return ${EXIT_TRUE} || return ${EXIT_FALSE}
+}
+
+ipv6_net_is_valid() {
+       local net="${1}"
+
+       local prefix="$(ip_get_prefix "${net}")"
+       local addr="$(ip_split_prefix "${net}")"
+
+       ipv6_prefix_is_valid "${prefix}" && ipv6_is_valid "${addr}"
 }
 
-function ipv6_prefix_is_valid() {
+ipv6_prefix_is_valid() {
        local prefix=${1}
-       assert isset prefix
+
+       # Check if prefix is a number
+       isinteger prefix || return ${EXIT_FALSE}
 
        [ ${prefix} -le   0 ] && return ${EXIT_FALSE}
        [ ${prefix} -gt 128 ] && return ${EXIT_FALSE}
@@ -105,15 +143,27 @@ function ipv6_prefix_is_valid() {
        return ${EXIT_TRUE}
 }
 
-function ipv6_get_prefix() {
+ipv6_prefix_size_is_valid_for_delegation() {
+       local prefix_size="${1}"
+       assert isinteger prefix_size
+
+       # For prefix delegation, the prefix must be between /48 and /64
+       # (RFC3769, section 3.1)
+       [[ ${prefix_size} -lt 48 ]] && return ${EXIT_FALSE}
+       [[ ${prefix_size} -gt 64 ]] && return ${EXIT_FALSE}
+
+       return ${EXIT_TRUE}
+}
+
+ipv6_get_prefix() {
        ip_get_prefix "$@"
 }
 
-function ipv6_split_prefix() {
+ipv6_split_prefix() {
        ip_split_prefix "$@"
 }
 
-function ipv6_address_add() {
+ipv6_address_add() {
        local address="${1}"
        assert isset address
 
@@ -141,7 +191,7 @@ function ipv6_address_add() {
                                wait_for_dad="false"
                                ;;
                esac
-       done <<< "$(args $@)"
+       done <<< "$(args "$@")"
 
        local cmd="ip addr add ${address} dev ${device} scope ${scope}"
 
@@ -191,14 +241,14 @@ function ipv6_address_add() {
        return ${EXIT_OK}
 }
 
-function ipv6_address_del() {
+ipv6_address_del() {
        local address="${1}"
        local device="${2}"
 
        ip_address_del "${device}" "${address}"
 }
 
-function ipv6_address_flush() {
+ipv6_address_flush() {
        local device="${1}"
        assert isset device
 
@@ -206,9 +256,10 @@ function ipv6_address_flush() {
 
        # Remove any stale addresses from aborted clients
        cmd_quiet ip -6 addr flush dev "${device}" scope global permanent
+       cmd_quiet ip -6 addr flush dev "${device}" scope global dynamic
 }
 
-function ipv6_address_change_lifetime() {
+ipv6_address_change_lifetime() {
        local address="${1}"
        assert isset address
 
@@ -229,7 +280,7 @@ function ipv6_address_change_lifetime() {
                                valid_lft="$(cli_get_val "${arg}")"
                                ;;
                esac
-       done <<< "$(args $@)"
+       done <<< "$(args "$@")"
 
        local cmd="ip -6 addr change ${address} dev ${device} scope global"
 
@@ -258,7 +309,7 @@ function ipv6_address_change_lifetime() {
        return ${EXIT_OK}
 }
 
-function ipv6_get_dad_status() {
+ipv6_get_dad_status() {
        local address="${1}"
        assert isset address
 
@@ -287,7 +338,7 @@ function ipv6_get_dad_status() {
        return ${EXIT_DAD_OK}
 }
 
-function ipv6_wait_for_dad() {
+ipv6_wait_for_dad() {
        local address="${1}"
        assert isset address
 
@@ -320,7 +371,7 @@ function ipv6_wait_for_dad() {
        return ${EXIT_ERROR}
 }
 
-function ipv6_device_get_addresses() {
+ipv6_device_get_addresses() {
        local device="${1}"
        assert isset device
        shift
@@ -334,7 +385,7 @@ function ipv6_device_get_addresses() {
                                scope="$(cli_get_val "${arg}")"
                                ;;
                esac
-       done <<< "$(args $@)"
+       done <<< "$(args "$@")"
 
        local cmd="ip -o addr show dev ${device}"
        if isset scope; then
@@ -359,168 +410,42 @@ function ipv6_device_get_addresses() {
        list_sort ${addresses}
 }
 
-function ipv6_implode() {
-       local address=${1}
-       assert isset address
-
-       local ADDRESS6_IMPL
-       eval $(ipcalc -6 -i ${address} 2>/dev/null)
-       assert isset ADDRESS6_IMPL
-
-       print "${ADDRESS6_IMPL}"
-}
-
-function ipv6_explode() {
-       local address=${1}
-       assert isset address
-
-       # Nothing to do if the length of the address is 39.
-       if [ ${#address} -eq 39 ]; then
-               print "${address}"
-               return ${EXIT_OK}
-       fi
-
-       local ADDRESS6_EXPL
-       eval $(ipcalc -6 -e ${address} 2>/dev/null)
-       assert isset ADDRESS6_EXPL
-
-       print "${ADDRESS6_EXPL}"
+ipv6_format() {
+       inetcalc -6 -f "$@"
 }
 
-function ipv6_addr_eq() {
-       local addr1=${1}
-       assert isset addr1
-
-       local addr2=${2}
-       assert isset addr2
+ipv6_addr_eq() {
+       assert [ $# -eq 2 ]
 
-       local addr
-       for addr in addr1 addr2; do
-               printf -v ${addr} "%s" $(ipv6_explode ${!addr})
-       done
+       local addr1="${1}"
+       local addr2="${2}"
 
-       [[ "${addr1}" = "${addr2}" ]] \
+       inetcalc -6 -e "${addr1}" "${addr2}" \
                && return ${EXIT_TRUE} || return ${EXIT_FALSE}
 }
 
-function ipv6_addr_gt() {
-       local addr1=${1}
-       assert isset addr1
-
-       local addr2=${2}
-       assert isset addr2
-
-       local addr
-       for addr in addr1 addr2; do
-               printf -v ${addr} "%s" $(ipv6_explode ${!addr})
-       done
-
-       local i addr1_oct addr2_oct
-       for i in 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30; do
-               addr1_oct="0x${addr1:${i}:2}"
-               addr2_oct="0x${addr2:${i}:2}"
+ipv6_addr_gt() {
+       assert [ $# -eq 2 ]
 
-               [[ ${addr1_oct} -gt ${addr2_oct} ]] && return ${EXIT_TRUE}
-       done
+       local addr1="${1}"
+       local addr2="${2}"
 
-       return ${EXIT_FALSE}
+       inetcalc -6 -g "${addr1}" "${addr2}" \
+               && return ${EXIT_TRUE} || return ${EXIT_FALSE}
 }
 
-function ipv6_hash() {
-       local address=${1}
-
-       assert isset address
-
-       # Explode address
-       address=$(ipv6_explode ${address})
-
-       echo "${address//:/}"
+ipv6_addr_ge() {
+       ipv6_addr_eq "$@" || ipv6_addr_gt "$@"
 }
 
-function ipv6_get_network() {
-       local addr=${1}
-       assert isset addr
-
-       # Check if a prefix (e.g. /64) is provided.
-       local prefix=$(ip_get_prefix ${addr})
-       assert ipv6_prefix_is_valid ${prefix}
-
-       local PREFIX6
-       eval $(ipcalc --ipv6 -p ${addr})
-       assert isset PREFIX6
-
-       print "${PREFIX6}/${prefix}"
+ipv6_addr_lt() {
+       ! ipv6_addr_eq "$@" && ! ipv6_addr_gt "$@"
 }
 
-function ipv6_6rd_format_address() {
-       local isp_prefix="${1}"
-       assert ipv6_is_valid "${isp_prefix}"
-
-       local client_address="${2}"
-       assert ipv4_is_valid "${client_address}"
-
-       local prefix="$(ipv6_get_prefix "${isp_prefix}")"
-       isp_prefix="$(ipv6_split_prefix "${isp_prefix}")"
-
-       # This only works for prefix lengths up to 32 bit.
-       assert [ "${prefix}" -le 32 ]
-       assert [ "${prefix}" -gt  0 ]
-
-       # Explode the address and throw away the second 32 bit.
-       local address="$(ipv6_explode "${isp_prefix}")"
-
-       client_address="$(ipv6_6rd_format_client_address ${client_address})"
-       assert isset client_address
-
-       local block1="0x${address:0:4}"
-       local block2="0x${address:5:4}"
-       local block3="0x${address:10:4}"
-       local block4="0x${address:15:4}"
-
-       address="$(( (${block1} << 48) + (${block2} << 32) + (${block3} << 16) + ${block4} ))"
-       assert [ "${address}" -gt 0 ]
-
-       block1="0x${client_address:0:4}"
-       block2="0x${client_address:5:4}"
-
-       client_address="$(( (${block1} << 48) + (${block2} << 32) ))"
-
-       # Fix for numbers that are interpreted by bash as negative
-       # numbers and therefore filled up with ones when shifted to
-       # the right. Weird.
-       if [ "${client_address}" -gt 0 ]; then
-               client_address="$(( ${client_address} >> ${prefix} ))"
-       else
-               local bitmask="$(( 1 << 63 ))"
-               client_address="$(( ${client_address} >> 1 ))"
-               client_address="$(( ${client_address} ^ ${bitmask} ))"
-               client_address="$(( ${client_address} >> $(( ${prefix} - 1 )) ))"
-       fi
-       assert [ "${client_address}" -gt 0 ]
-
-       # XOR everything together
-       address="$(( ${address} ^ ${client_address} ))"
-       prefix="$(( ${prefix} + 32 ))"
-
-       local block formatted_address=":"
-       while [ ${address} -gt 0 ]; do
-               printf -v block "%x" "$(( ${address} & 0xffff ))"
-               formatted_address="${block}:${formatted_address}"
-
-               address="$(( ${address} >> 16 ))"
-       done
-
-       assert ipv6_is_valid "${formatted_address}"
-
-       # Implode the output IP address.
-       formatted_address="$(ipv6_implode "${formatted_address}")"
-
-       print "${formatted_address}/${prefix}"
+ipv6_addr_le() {
+       ipv6_addr_eq "$@" || ! ipv6_addr_gt "$@"
 }
 
-function ipv6_6rd_format_client_address() {
-       local address="${1}"
-       assert isset address
-
-       print "%02x%02x:%02x%02x" ${address//\./ }
+ipv6_get_network() {
+       ip_get_network "$@"
 }
Stevee's network tree.