IP_SUPPORTED_PROTOCOLS="${IP_SUPPORTED_PROTOCOLS} ipv6"
-function ipv6_device_autoconf_enable() {
+ipv6_device_autoconf_enable() {
local device="${1}"
assert device_exists "${device}"
ipv6_device_forwarding_disable "${device}"
}
-function ipv6_device_autoconf_disable() {
+ipv6_device_autoconf_disable() {
local device="${1}"
assert device_exists "${device}"
ipv6_device_privacy_extensions_disable "${device}"
}
-function ipv6_device_forwarding_enable() {
+ipv6_device_forwarding_enable() {
local device="${1}"
+ shift
+
+ local accept_ra=0
+
+ local arg
+ while read arg; do
+ case "${arg}" in
+ --accept-ra)
+ accept_ra=2
+ ;;
+ esac
+ done <<< "$(args "$@")"
sysctl_set "net.ipv6.conf.${device}.forwarding" 1
log INFO "Enabled IPv6 forwarding on '${device}'"
+
+ # If forwarding is enabled, the kernel won't process
+ # any router advertisements any more, which is not good
+ # when we still want a default route when running in
+ # DHCP client mode on an uplink zone.
+ if [ ${accept_ra} -gt 0 ]; then
+ log INFO " and accepting router advertisements"
+
+ sysctl_set "net.ipv6.conf.${device}.accept_ra" 2
+ fi
}
-function ipv6_device_forwarding_disable() {
+ipv6_device_forwarding_disable() {
local device="${1}"
sysctl_set "net.ipv6.conf.${device}.forwarding" 0
}
# Enable IPv6 RFC3041 privacy extensions if desired
-function ipv6_device_privacy_extensions_enable() {
+ipv6_device_privacy_extensions_enable() {
local device="${1}"
assert device_exists "${device}"
sysctl_set "net.ipv6.conf.${device}.use_tempaddr" 2
}
-function ipv6_device_privacy_extensions_disable() {
+ipv6_device_privacy_extensions_disable() {
local device="${1}"
assert device_exists "${device}"
sysctl_set "net.ipv6.conf.${device}.use_tempaddr" 0
}
-function ipv6_is_valid() {
- ipcalc --ipv6 -c $@ >/dev/null 2>&1
-
- case "$?" in
- 0)
- return ${EXIT_OK}
- ;;
- *)
- return ${EXIT_ERROR}
- ;;
- esac
+ipv6_is_valid() {
+ local address=${1}
+
+ local prefix=$(ip_get_prefix ${address})
+ address=$(ip_split_prefix ${address})
+
+ # If prefix is set, we check if it is correct
+ if isset prefix; then
+ # Must be numeric
+ isinteger prefix || return ${EXIT_FALSE}
+
+ # Must be 128 if present
+ [ ${prefix} -eq 128 ] || return ${EXIT_FALSE}
+ fi
+
+ inetcalc -6 -c ${address} && return ${EXIT_TRUE} || return ${EXIT_FALSE}
+}
+
+ipv6_net_is_valid() {
+ local net="${1}"
+
+ local prefix="$(ip_get_prefix "${net}")"
+ local addr="$(ip_split_prefix "${net}")"
+
+ ipv6_prefix_is_valid "${prefix}" && ipv6_is_valid "${addr}"
}
-function ipv6_prefix_is_valid() {
+ipv6_prefix_is_valid() {
local prefix=${1}
- assert isset prefix
+
+ # Check if prefix is a number
+ isinteger prefix || return ${EXIT_FALSE}
[ ${prefix} -le 0 ] && return ${EXIT_FALSE}
[ ${prefix} -gt 128 ] && return ${EXIT_FALSE}
return ${EXIT_TRUE}
}
-function ipv6_get_prefix() {
+ipv6_prefix_size_is_valid_for_delegation() {
+ local prefix_size="${1}"
+ assert isinteger prefix_size
+
+ # For prefix delegation, the prefix must be between /48 and /64
+ # (RFC3769, section 3.1)
+ [[ ${prefix_size} -lt 48 ]] && return ${EXIT_FALSE}
+ [[ ${prefix_size} -gt 64 ]] && return ${EXIT_FALSE}
+
+ return ${EXIT_TRUE}
+}
+
+ipv6_get_prefix() {
ip_get_prefix "$@"
}
-function ipv6_split_prefix() {
+ipv6_split_prefix() {
ip_split_prefix "$@"
}
-function ipv6_address_add() {
+ipv6_address_add() {
local address="${1}"
assert isset address
wait_for_dad="false"
;;
esac
- done <<< "$(args $@)"
+ done <<< "$(args "$@")"
local cmd="ip addr add ${address} dev ${device} scope ${scope}"
return ${EXIT_OK}
}
-function ipv6_address_del() {
+ipv6_address_del() {
local address="${1}"
local device="${2}"
ip_address_del "${device}" "${address}"
}
-function ipv6_address_flush() {
+ipv6_address_flush() {
local device="${1}"
assert isset device
# Remove any stale addresses from aborted clients
cmd_quiet ip -6 addr flush dev "${device}" scope global permanent
+ cmd_quiet ip -6 addr flush dev "${device}" scope global dynamic
}
-function ipv6_address_change_lifetime() {
+ipv6_address_change_lifetime() {
local address="${1}"
assert isset address
valid_lft="$(cli_get_val "${arg}")"
;;
esac
- done <<< "$(args $@)"
+ done <<< "$(args "$@")"
local cmd="ip -6 addr change ${address} dev ${device} scope global"
return ${EXIT_OK}
}
-function ipv6_get_dad_status() {
+ipv6_get_dad_status() {
local address="${1}"
assert isset address
return ${EXIT_DAD_OK}
}
-function ipv6_wait_for_dad() {
+ipv6_wait_for_dad() {
local address="${1}"
assert isset address
return ${EXIT_ERROR}
}
-function ipv6_device_get_addresses() {
+ipv6_device_get_addresses() {
local device="${1}"
assert isset device
shift
scope="$(cli_get_val "${arg}")"
;;
esac
- done <<< "$(args $@)"
+ done <<< "$(args "$@")"
local cmd="ip -o addr show dev ${device}"
if isset scope; then
list_sort ${addresses}
}
-function ipv6_implode() {
- local address=${1}
- assert isset address
-
- local ADDRESS6_IMPL
- eval $(ipcalc -6 -i ${address} 2>/dev/null)
- assert isset ADDRESS6_IMPL
-
- print "${ADDRESS6_IMPL}"
-}
-
-function ipv6_explode() {
- local address=${1}
- assert isset address
-
- # Nothing to do if the length of the address is 39.
- if [ ${#address} -eq 39 ]; then
- print "${address}"
- return ${EXIT_OK}
- fi
-
- local ADDRESS6_EXPL
- eval $(ipcalc -6 -e ${address} 2>/dev/null)
- assert isset ADDRESS6_EXPL
-
- print "${ADDRESS6_EXPL}"
+ipv6_format() {
+ inetcalc -6 -f "$@"
}
-function ipv6_addr_eq() {
- local addr1=${1}
- assert isset addr1
-
- local addr2=${2}
- assert isset addr2
+ipv6_addr_eq() {
+ assert [ $# -eq 2 ]
- local addr
- for addr in addr1 addr2; do
- printf -v ${addr} "%s" $(ipv6_explode ${!addr})
- done
+ local addr1="${1}"
+ local addr2="${2}"
- [[ "${addr1}" = "${addr2}" ]] \
+ inetcalc -6 -e "${addr1}" "${addr2}" \
&& return ${EXIT_TRUE} || return ${EXIT_FALSE}
}
-function ipv6_addr_gt() {
- local addr1=${1}
- assert isset addr1
-
- local addr2=${2}
- assert isset addr2
-
- local addr
- for addr in addr1 addr2; do
- printf -v ${addr} "%s" $(ipv6_explode ${!addr})
- done
-
- local i addr1_oct addr2_oct
- for i in 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30; do
- addr1_oct="0x${addr1:${i}:2}"
- addr2_oct="0x${addr2:${i}:2}"
+ipv6_addr_gt() {
+ assert [ $# -eq 2 ]
- [[ ${addr1_oct} -gt ${addr2_oct} ]] && return ${EXIT_TRUE}
- done
+ local addr1="${1}"
+ local addr2="${2}"
- return ${EXIT_FALSE}
+ inetcalc -6 -g "${addr1}" "${addr2}" \
+ && return ${EXIT_TRUE} || return ${EXIT_FALSE}
}
-function ipv6_hash() {
- local address=${1}
-
- assert isset address
-
- # Explode address
- address=$(ipv6_explode ${address})
-
- echo "${address//:/}"
+ipv6_addr_ge() {
+ ipv6_addr_eq "$@" || ipv6_addr_gt "$@"
}
-function ipv6_get_network() {
- local addr=${1}
- assert isset addr
-
- # Check if a prefix (e.g. /64) is provided.
- local prefix=$(ip_get_prefix ${addr})
- assert ipv6_prefix_is_valid ${prefix}
-
- local PREFIX6
- eval $(ipcalc --ipv6 -p ${addr})
- assert isset PREFIX6
-
- print "${PREFIX6}/${prefix}"
+ipv6_addr_lt() {
+ ! ipv6_addr_eq "$@" && ! ipv6_addr_gt "$@"
}
-function ipv6_6rd_format_address() {
- local isp_prefix="${1}"
- assert ipv6_is_valid "${isp_prefix}"
-
- local client_address="${2}"
- assert ipv4_is_valid "${client_address}"
-
- local prefix="$(ipv6_get_prefix "${isp_prefix}")"
- isp_prefix="$(ipv6_split_prefix "${isp_prefix}")"
-
- # This only works for prefix lengths up to 32 bit.
- assert [ "${prefix}" -le 32 ]
- assert [ "${prefix}" -gt 0 ]
-
- # Explode the address and throw away the second 32 bit.
- local address="$(ipv6_explode "${isp_prefix}")"
-
- client_address="$(ipv6_6rd_format_client_address ${client_address})"
- assert isset client_address
-
- local block1="0x${address:0:4}"
- local block2="0x${address:5:4}"
- local block3="0x${address:10:4}"
- local block4="0x${address:15:4}"
-
- address="$(( (${block1} << 48) + (${block2} << 32) + (${block3} << 16) + ${block4} ))"
- assert [ "${address}" -gt 0 ]
-
- block1="0x${client_address:0:4}"
- block2="0x${client_address:5:4}"
-
- client_address="$(( (${block1} << 48) + (${block2} << 32) ))"
-
- # Fix for numbers that are interpreted by bash as negative
- # numbers and therefore filled up with ones when shifted to
- # the right. Weird.
- if [ "${client_address}" -gt 0 ]; then
- client_address="$(( ${client_address} >> ${prefix} ))"
- else
- local bitmask="$(( 1 << 63 ))"
- client_address="$(( ${client_address} >> 1 ))"
- client_address="$(( ${client_address} ^ ${bitmask} ))"
- client_address="$(( ${client_address} >> $(( ${prefix} - 1 )) ))"
- fi
- assert [ "${client_address}" -gt 0 ]
-
- # XOR everything together
- address="$(( ${address} ^ ${client_address} ))"
- prefix="$(( ${prefix} + 32 ))"
-
- local block formatted_address=":"
- while [ ${address} -gt 0 ]; do
- printf -v block "%x" "$(( ${address} & 0xffff ))"
- formatted_address="${block}:${formatted_address}"
-
- address="$(( ${address} >> 16 ))"
- done
-
- assert ipv6_is_valid "${formatted_address}"
-
- # Implode the output IP address.
- formatted_address="$(ipv6_implode "${formatted_address}")"
-
- print "${formatted_address}/${prefix}"
+ipv6_addr_le() {
+ ipv6_addr_eq "$@" || ! ipv6_addr_gt "$@"
}
-function ipv6_6rd_format_client_address() {
- local address="${1}"
- assert isset address
-
- print "%02x%02x:%02x%02x" ${address//\./ }
+ipv6_get_network() {
+ ip_get_network "$@"
}