From: Michael Tremer Date: Tue, 14 Apr 2015 12:55:39 +0000 (+0000) Subject: ipv6: Add auto-configuration hook for zones X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b73e9d434dd370dd0de6723a54969c0e062a4c91;p=people%2Fstevee%2Fnetwork.git ipv6: Add auto-configuration hook for zones This may be mostly unusable for a firewall but we will have it just because. Can be used for hosts that do not route anything. --- diff --git a/Makefile.am b/Makefile.am index 5d8a6ed3..bf3886e5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -180,8 +180,9 @@ UNINSTALL_EXEC_HOOKS += bridge-stp-uninstall-hook dist_hooks_configs_SCRIPTS = \ src/hooks/configs/ipv4-dhcp \ - src/hooks/configs/ipv6-static \ src/hooks/configs/ipv4-static \ + src/hooks/configs/ipv6-auto \ + src/hooks/configs/ipv6-static \ src/hooks/configs/pppoe-server dist_hooks_ports_SCRIPTS = \ diff --git a/src/hooks/configs/ipv6-auto b/src/hooks/configs/ipv6-auto new file mode 100644 index 00000000..6cb5ed30 --- /dev/null +++ b/src/hooks/configs/ipv6-auto @@ -0,0 +1,129 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +. /usr/lib/network/header-config + +HOOK_CONFIG_SETTINGS="HOOK PRIVACY_EXTENSIONS" + +# Privacy Extensions are disabled by default +PRIVACY_EXTENSIONS="off" + +function hook_check_config_settings() { + assert isbool PRIVACY_EXTENSIONS +} + +function hook_create() { + local zone="${1}" + shift + + while read arg; do + case "${arg}" in + --privacy-extensions=*) + local val="$(cli_get_val "${arg}")" + + if enabled val; then + PRIVACY_EXTENSIONS="on" + else + PRIVACY_EXTENSIONS="off" + fi + ;; + esac + done <<< "$(args $@)" + + zone_config_settings_write "${zone}" "${HOOK}" + + exit ${EXIT_OK} +} + +function hook_up() { + local zone=${1} + shift + + if ! device_exists ${zone}; then + error "Zone '${zone}' doesn't exist." + exit ${EXIT_ERROR} + fi + + zone_config_settings_read "${zone}" "${HOOK}" + + # Enable IPv6 auto-configuration + ipv6_device_autoconf_enable "${zone}" + + # Set up privacy extensions (RFC3041) + if enabled PRIVACY_EXTENSIONS; then + ipv6_device_privacy_extensions_enable "${zone}" + else + ipv6_device_privacy_extensions_disable "${zone}" + fi + + exit ${EXIT_OK} +} + +function hook_down() { + local zone=${1} + local config=${2} + shift 2 + + if ! device_exists ${zone}; then + error "Zone '${zone}' doesn't exist." + exit ${EXIT_ERROR} + fi + + # Disable IPv6 auto-configuration + ipv6_device_autoconf_disable "${zone}" + + exit ${EXIT_OK} +} + +function hook_status() { + local zone=${1} + local config=${2} + shift 2 + + if ! device_exists ${zone}; then + error "Zone '${zone}' doesn't exist." + exit ${EXIT_ERROR} + fi + + zone_config_settings_read "${zone}" "${config}" + + local addresses=$(ipv6_device_get_addresses "${zone}" --scope="global") + local status + if isset addresses; then + status="${MSG_HOOK_UP}" + else + status="${MSG_HOOK_DOWN}" + fi + cli_statusline 3 "${HOOK}" "${status}" + + if enabled PRIVACY_EXTENSIONS; then + cli_print_fmt1 3 "Privacy Extensions enabled" + cli_space + fi + + local addr + for addr in ${addresses}; do + cli_print_fmt1 3 "IPv6 address" "${addr}" + done + cli_space + + exit ${EXIT_OK} +}