diff options
author | Bill Nottingham <notting@redhat.com> | 2002-03-11 22:42:29 +0000 |
---|---|---|
committer | Bill Nottingham <notting@redhat.com> | 2002-03-11 22:42:29 +0000 |
commit | 5473ffcdc6afc4a3fb56fb0019e3b34854be9a3d (patch) | |
tree | e1bd8be7bee11624d0967933662e2dae185dc912 | |
parent | 83c5f7d06c0bcb45a71c3ccc3f513903d38242c2 (diff) | |
download | initscripts-5473ffcdc6afc4a3fb56fb0019e3b34854be9a3d.tar initscripts-5473ffcdc6afc4a3fb56fb0019e3b34854be9a3d.tar.gz initscripts-5473ffcdc6afc4a3fb56fb0019e3b34854be9a3d.tar.bz2 initscripts-5473ffcdc6afc4a3fb56fb0019e3b34854be9a3d.tar.xz initscripts-5473ffcdc6afc4a3fb56fb0019e3b34854be9a3d.zip |
*BIG* IPv6 syncup. <pekkas@netcore.fi>
-rw-r--r-- | changes.ipv6 | 42 | ||||
-rw-r--r-- | initscripts.spec | 4 | ||||
-rw-r--r-- | ipv6-6to4.howto | 98 | ||||
-rw-r--r-- | ipv6-tunnel.howto | 20 | ||||
-rw-r--r-- | ppp/ip-down.ipv6to4 | 83 | ||||
-rw-r--r-- | ppp/ip-up.ipv6to4 | 126 | ||||
-rw-r--r-- | ppp/ipv6-down | 40 | ||||
-rw-r--r-- | ppp/ipv6-up | 40 | ||||
-rw-r--r-- | static-routes-ipv6 | 44 | ||||
-rw-r--r-- | sysconfig.txt | 174 | ||||
-rwxr-xr-x | sysconfig/network-scripts/ifdown-ippp | 6 | ||||
-rwxr-xr-x | sysconfig/network-scripts/ifdown-ipv6 | 138 | ||||
-rwxr-xr-x | sysconfig/network-scripts/ifdown-sit | 55 | ||||
-rwxr-xr-x | sysconfig/network-scripts/ifup-ippp | 16 | ||||
-rwxr-xr-x | sysconfig/network-scripts/ifup-ipv6 | 185 | ||||
-rwxr-xr-x | sysconfig/network-scripts/ifup-sit | 109 | ||||
-rwxr-xr-x | sysconfig/network-scripts/init.ipv6-global | 110 | ||||
-rw-r--r-- | sysconfig/network-scripts/network-functions-ipv6 | 1543 |
18 files changed, 1880 insertions, 953 deletions
diff --git a/changes.ipv6 b/changes.ipv6 new file mode 100644 index 00000000..1d55a0ca --- /dev/null +++ b/changes.ipv6 @@ -0,0 +1,42 @@ +v1.4 10th Jan 2002, Pekka Savola <pekkas@netcore.fi> + +IPv6 CHANGES +============ + +This mentions the most important changes (visible to the administrator) +in IPv6 initscripts. + +RHL71 -> RHL72 +-------------- + + - 6to4 tunneling support was added using device sit0 + - Tunneling method was changed from NBMA (now obsolete) to dedicated + - Automatic tunneling configured was moved from ifcfg-sit0 to + IPV6_AUTOTUNNEL at /etc/sysconfig/network + +RHL72 -> Current +---------------- + + - 6to4 device changed from sit0 to tun6to4 + - 6to4 assumes the anycast (closest) 6to4 server is used (192.88.99.1) + unless specified with IPV6TO4_RELAY. + - 6to4 does not support automatic tunneling *at all* anymore; use + IPV6_AUTOTUNNEL if you want to use it. + - All support from NBMA tunnels as well as 6to4 using sit0 was removed + - IPV6TO4_CONTROL_RADVD and IPV6TO4_RADVD_PIDFILE was changed to + IPV6_*, respectively. + - IPV6_DEFAULTGW and IPV6_DEFAULTDEV support was introduced; + /etc/sysconfig/static-routes-ipv6 must not be used for them anymore. + +Rough guide to migration: + - Rename IPV6TO4_CONTROL_RADVD to IPV6_CONTROL_RADVD if exists + - Rename IPV6TO4_RADVD_PIDFILE to IPV6_RADVD_PIDFILE if exists + - Remove "default" route from /etc/sysconfig/static-routes-ipv6 and replace + it with something like IPV6_DEFAULTDEV=tun6to4 in /etc/sysconfig/network + - If you need autotunneling, use IPV6_AUTOTUNNEL in /etc/sysconfig/network + +More information +---------------- + +http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/scripts/current/ ,in particular: +http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/scripts/current/index.html#migration diff --git a/initscripts.spec b/initscripts.spec index c7e566ff..8fb7877f 100644 --- a/initscripts.spec +++ b/initscripts.spec @@ -231,8 +231,10 @@ rm -rf $RPM_BUILD_ROOT %config /etc/ppp/ip-down %config /etc/ppp/ip-up.ipv6to4 %config /etc/ppp/ip-down.ipv6to4 +%config /etc/ppp/ipv6-up +%config /etc/ppp/ipv6-down %config /etc/initlog.conf -%doc sysconfig.txt sysvinitfiles ChangeLog static-routes-ipv6 ipv6-tunnel.howto ipv6-6to4.howto +%doc sysconfig.txt sysvinitfiles ChangeLog static-routes-ipv6 ipv6-tunnel.howto ipv6-6to4.howto changes.ipv6 %ghost %attr(0664,root,utmp) /var/log/wtmp %ghost %attr(0664,root,utmp) /var/run/utmp %dir /etc/locale diff --git a/ipv6-6to4.howto b/ipv6-6to4.howto index 28543ff8..b42704b8 100644 --- a/ipv6-6to4.howto +++ b/ipv6-6to4.howto @@ -1,5 +1,4 @@ -v1.1 18th Apr 2001, Pekka Savola <pekkas@netcore.fi> -v1.2 23th May 2001, Pekka Savola <pekkas@netcore.fi> +v1.4 10th Jan 2002, Pekka Savola <pekkas@netcore.fi> HOW TO SET UP IPV6 WITH 6TO4 ---------------------------- @@ -30,82 +29,122 @@ ASSUMPTIONS 3. You have a static, globally unique IPv4 address. This is not an absolute requirement, but the only scenario discussed here. -4. Protocol 41 (IPv6) is not being filtered in any firewall. +4. Protocol 41 (IPv6-in-IPv4) is not being filtered in any IPv4 firewall. 5. 'iproute' package is installed. This is used by default for a lot more powerful tunneling capabilities. +Note: even though 6to4 was supported with earlier releases of Red Hat Linux, +below it is assumed that the initscripts package version this +document comes with is used. + INFORMATION NEEDED ------------------ -You need to know: - -1. The IPv4 address of a 6to4 relay router +Nothing :-). -See: http://www.kfu.com/~nsayer/6to4/ for public ones. +If you want to select a specific relay (rather than automatically +selecting the closest one), you can define it with IPV6TO4_RELAY +using the list below: -Here, 194.95.108.191 (6to4.ipv6.fh-regensburg.de) is used. +http://www.kfu.com/~nsayer/6to4/ SETTING UP THE 6TO4 CONFIGURATION --------------------------------- Now, set up the configuration as follows: -1. Add 'NETWORKING_IPV6=yes' to /etc/sysconfig/network: +1. Enable IPv6 and set 6to4 pseudo-interface as default gateway in + /etc/sysconfig/network: echo "NETWORKING_IPV6=yes" >> /etc/sysconfig/network + echo "IPV6_GATEWAYDEV=tun6to4">> /etc/sysconfig/network -2. Add static routes to IPv6 Internet (this includes 6bone): - - echo "sit0 2000::/3" >> /etc/sysconfig/static-routes-ipv6 +2. Edit your outbound (Internet) interface configuration. This can be + e.g. ippp0, ppp0, eth0, or the like. Here, eth1 is used. -NOTE: sit0 is used for 6to4 routing. - -3. Edit your outbound (Internet) interface configuration. This can be -e.g. ippp0, eth0, or the like. Here, eth0 is used. /etc/sysconfig/network-scripts/ifcfg-eth0: --- DEVICE=eth0 BOOTPROTO=static ONBOOT=yes -IPADDR=xx.yy.zz.ww +IPADDR=xx.yy.zz.ww [Globally unique IPv4 address] NETMASK=aa.bb.cc.dd [IPv4 settings up to this point] IPV6INIT=yes IPV6TO4INIT=yes -IPV6TO4_RELAY=194.95.108.191 --- + Note: [i]ppp - interfaces need to be called in /etc/ppp/ip-up|down.local; + if you are not using local files by yourself, this can easily be done with: + + cd /etc/ppp + ln -s ip-up.ipv6to4 ip-up.local + ln -s ip-down.ipv6to4 ip-down.local + + USING 6TO4 ---------- 6to4 automatic tunneling is brought up when the interface is brought up. -You will see your 6to4 address prefix in device sit0 when done: +You will see your 6to4 address prefix in device tun6to4 when done: - inet6 addr: 2002:c15e:a001::1/48 Scope:Global + inet6 addr: 2002:c15e:a001::1/16 Scope:Global Note that 'c15e:a001' is the hexadecimal representation of dotted-quad IPv4 address (IPADDR= above), here '193.94.160.1'. NOTE: iproute tools give more reliable data, try e.g. '/sbin/ip addr ls'. -SUBNETTING ----------- +PROVIDING IPV6 TO YOUR LAN +-------------------------- -If you want to provide IPv6 for your LAN using your Linux system as a -router, this can be done rather easily with 6to4. +If you want to provide IPv6 for your LAN (e.g. connected on eth1) +using your Linux system as a router, this can be done rather easily with 6to4. You will need to enable IPv6 forwarding (IPV6FORWARDING=yes in /etc/sysconfig/network) and install a router advertisement daemon. One such, -'radvd' is available in Powertools. +'radvd' is available in the distribution. -You must configure the prefix your IPv4 maps to (see sit0 above) in +You must configure the prefix your IPv4 maps to (see tun6to4 above) in /etc/radvd.conf or use certain automatic hooks. This is not covered here in detail; see radvd.conf(5) and /etc/sysconfig/network-scripts/ifup-ipv6 for details. +Usually the following is enough: + +1. Make sure that radvd package is installed. + +2. Configure radvd as outlined in radvd.conf(5); the file could + be something like: + + interface eth0 + { + AdvSendAdvert on; + MinRtrAdvInterval 3; + MaxRtrAdvInterval 10; + prefix 0:0:0:1::/64 + { + Base6to4Interface eth0; + AdvPreferredLifetime 120; + AdvValidLifetime 300; + }; + }; + +3. Make sure radvd starts at boot and start it now: + + /sbin/chkconfig radvd on + /sbin/service radvd start + +4. Make the initscripts signal radvd to recalculate the prefix when it + changes: + + /etc/sysconfig/network-scripts/ifcfg-eth0: + + IPV6_CONTROL_RADVD=yes + MORE INFORMATION ---------------- @@ -115,6 +154,9 @@ source of IPv6 related Linux-information. ftp://ftp.isi.edu/in-notes/rfc3056.txt ("Connection of IPv6 Domains via IPv4 Clouds") is the RFC about 6to4. -ftp://ftp.itojun.org/pub/paper/draft-itojun-ipv6-transition-abuse-01.txt -("Possible abuse against IPv6 transition technologies") explains some +ftp://ftp.isi.edu/in-notes/rfc3068.txt ("An Anycast Prefix for 6to4 Relay +Routers") is the RFC about finding a close 6to4 relay automatically. + +http:://www.ietf.org/internet-drafts/draft-savola-ngtrans-6to4-security-00.txt +("Security Considerations and Enhancements for 6to4") explains some security considerations in 6to4. diff --git a/ipv6-tunnel.howto b/ipv6-tunnel.howto index c37f9762..3f717b1d 100644 --- a/ipv6-tunnel.howto +++ b/ipv6-tunnel.howto @@ -1,6 +1,4 @@ -v1.0 4th Mar 2001, Pekka Savola <pekkas@netcore.fi> -v1.1 18th Apr 2001, Pekka Savola <pekkas@netcore.fi> -v1.2 23th May 2001, Pekka Savola <pekkas@netcore.fi> +v1.4 10th Jan 2002, Pekka Savola <pekkas@netcore.fi> HOW TO SET UP AN IPV6 TUNNEL ---------------------------- @@ -16,7 +14,7 @@ ASSUMPTIONS 2. You have a static, globally unique IPv4 address. -3. Protocol 41 (IPv6) is not being filtered in any firewall. +3. Protocol 41 (IPv6-in-IPv4) is not being filtered in any IPv4 firewall. 4. 'iproute' package is installed. This is used by default for a lot more powerful tunneling capabilities. @@ -37,7 +35,7 @@ addresses). You must get these from a party (tunnel broker) who's assigning IPv6 tunnels. See: http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO-1.html#joinIPv6backbone -Example from http://www.freenet6.net: +Example from http://old.freenet6.net: --- This script will create a tunnel between this computer and the Freenet6 server (tunnels server) @@ -56,15 +54,12 @@ SETTING UP THE TUNNEL CONFIGURATION Now, set up the configuration as follows: -1. Add 'NETWORKING_IPV6=yes' to /etc/sysconfig/network: +1. Enable IPv6 and set tunnel as default gateway in /etc/sysconfig/network: echo "NETWORKING_IPV6=yes" >> /etc/sysconfig/network + echo "IPV6_GATEWAYDEV=sit1">> /etc/sysconfig/network -2. Add static routes to IPv6 Internet (this includes 6bone): - - echo "sit1 2000::/3" >> /etc/sysconfig/static-routes-ipv6 - -3. Create /etc/sysconfig/network-scripts/ifcfg-sit1, with the following: +2. Create /etc/sysconfig/network-scripts/ifcfg-sit1, with the following: --- DEVICE=sit1 @@ -75,7 +70,8 @@ IPV6TUNNELIPV4=206.123.31.102 IPV6ADDR=3ffe:b00:c18:1fff:0:0:0:7f5/128 --- -NOTE: You must use _sit1_. sit0 should not be used. +NOTE: You must use _sit1_ (or sit2,...). sit0 cannot be used, this is a +special device. NOTE: Some tunnel endpoints might require a different kind of prefix length; for example, Cisco's usually favour /126. Using /0 creates a default route diff --git a/ppp/ip-down.ipv6to4 b/ppp/ip-down.ipv6to4 index 29a4e8a0..de2c6085 100644 --- a/ppp/ip-down.ipv6to4 +++ b/ppp/ip-down.ipv6to4 @@ -4,30 +4,38 @@ # # # Taken from: -# (P) & (C) 2000-2001 by Peter Bieringer <pb@bieringer.de> +# (P) & (C) 2000-2002 by Peter Bieringer <pb@bieringer.de> # -# Version 2001-07-15a +# You will find more information in the IPv6-HowTo for Linux at +# http://www.bieringer.de/linux/IPv6/ +# +# Version 2002-01-25 # # Calling parameters: # $1: interface name # -# Called by (mostly) /etc/ppp/ip-down.local +# Called (mostly) by /etc/ppp/ip-down.local # like: /etc/ppp/ip-down.ipv6to4 $1 >>/var/log/ppp-ipv6to4.log 2>&1 # +# Note: this script will *check* whether the existing 6to4 tunnel +# was set before by using "ip-up.ipv6to4" comparing IPv4 address +# of device with the generated 6to4 prefix +# # Uses following information from /etc/sysconfig/network: # NETWORKING_IPV6=yes|no: controls IPv6 initialization (global setting) # # Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1: # IPV6TO4INIT=yes|no: controls configuration -# IPV6TO4_RELAY=IPv4addr: remote IPv6to4 relay address -# IPV6TO4_ROUTING="eth0-:f101::0/64 eth1-:f102::0/64": information to setup local subnetting -# IPV6TO4_CONTROL_RADVD=yes|no: controls radvd triggering -# IPV6TO4_RADVD_PIDFILE=file: PID file of radvd for sending signals, default is "/var/run/radvd/radvd.pid" +# IPV6TO4_ROUTING="<device>-<suffix>/<prefix length> ...": information to setup local subnetting +# +# IPV6_CONTROL_RADVD=yes|no: controls radvd triggering +# IPV6_RADVD_PIDFILE=<file>: PID file of radvd for sending signals, default is "/var/run/radvd/radvd.pid" +# IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP: how to trigger radvd [optional, default is SIGHUP] # if [ -z "$1" ]; then - echo $"Arg 1 is empty but should contain interface name - skip IPv6to4 initialization" >/dev/stderr + echo $"Argument 1 is empty but should contain interface name - skip IPv6to4 initialization" exit 1 fi @@ -40,10 +48,14 @@ cd /etc/sysconfig/network-scripts CONFIG=$1 [ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG -source_config +source_config + +# IPv6 don't need aliases anymore, config is skipped +REALDEVICE=`echo ${DEVICE} | sed 's/:.*//g'` +[ "$DEVICE" != "$REALDEVICE" ] && exit 0 # Test whether IPv6 should be configured, else stop -[ "${NETWORKING_IPV6}" = "yes" ] || exit 0 +[ "$NETWORKING_IPV6" = "yes" ] || exit 0 if [ ! -f /etc/sysconfig/network-scripts/network-functions-ipv6 ]; then exit 1 @@ -51,50 +63,55 @@ fi . /etc/sysconfig/network-scripts/network-functions-ipv6 + # Run basic IPv6 test, if not ok, skip IPv6 initialization -test_ipv6 testonly || exit 0 +ipv6_test testonly || exit 0 +# Test device status +ipv6_test_device_status $DEVICE +if [ $? != 0 -a $? != 11 ]; then + # device doesn't exist or other problem occurs + exit 1 +fi # Shutdown of 6to4, if configured valid6to4config="yes" -if [ -z "$IPV6TO4_RELAY" ]; then + +# Get IPv4 address from interface +ipv4addr="`ipv6_get_ipv4addr_of_device $DEVICE`" +if [ -z "$ipv4addr" ]; then + # Has no IPv4 address valid6to4config="no" fi + +# Get local IPv4 address of dedicated tunnel +ipv4addr6to4local="`ipv6_get_ipv4addr_of_tunnel tun6to4 local`" + +# Check against configured 6to4 tunnel to see if this interface was used before +if [ "$ipv4addr" != "$ipv4addr6to4local" ]; then + # IPv4 address of interface does't match local tunnel address, interface was not used for current 6to4 setup + valid6to4config="no" +fi + if [ "$valid6to4config" = "yes" ]; then # Beep if [ -x /usr/bin/beep ]; then /usr/bin/beep -f 2666; else echo -en "\a" >/dev/console; fi - if [ "$IPV6TO4_CONTROL_RADVD" = "yes" ]; then - # stop RADVD from distributing no longer usable 6to4 prefixes - if [ -z "$IPV6TO4_RADVD_PIDFILE" ]; then - IPV6TO4_RADVD_PIDFILE="/var/run/radvd/radvd.pid" - fi - # Send SIGHUP to radvd - if [ -f "$IPV6TO4_RADVD_PIDFILE" ]; then - pid="`cat $IPV6TO4_RADVD_PIDFILE`" - if [ ! -z "$pid" ]; then - # still waiting for feature enabling: stopping distribution of prefixes in RADVD.... - # kill -SOMETHING $pid - false - else - false - fi - fi + if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then + # Control running radvd + ipv6_trigger_radvd down "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE fi - # Delete all static IPv6to4 routes to relay - ifdown_ipv6_route_all sit0 ::$IPV6TO4_RELAY - if [ ! -z "$IPV6TO4_ROUTING" ]; then # Delete routes to local networks for devsuf in $IPV6TO4_ROUTING; do dev="`echo $devsuf | awk -F- '{ print $1 }'`" - ifdown_ipv6_route_all $dev :: + ipv6_cleanup_routes $dev :: done fi # Delete all configured 6to4 address - ifdown_ipv6to4_all sit0 + ipv6_cleanup_6to4_tunnels tun6to4 # Beep if [ -x /usr/bin/beep ]; then /usr/bin/beep -f 2000; else echo -en "\a" >/dev/console; fi diff --git a/ppp/ip-up.ipv6to4 b/ppp/ip-up.ipv6to4 index 7124868d..79d99c03 100644 --- a/ppp/ip-up.ipv6to4 +++ b/ppp/ip-up.ipv6to4 @@ -1,29 +1,38 @@ -#!/bin/bash +#!/bin/sh # # ip-up.ipv6to4 # # # Taken from: -# (P) & (C) 2000-2001 by Peter Bieringer <pb@bieringer.de> +# (P) & (C) 2000-2002 by Peter Bieringer <pb@bieringer.de> # -# Version 2001-07-15a +# You will find more information in the IPv6-HowTo for Linux at +# http://www.bieringer.de/linux/IPv6/ +# +# Version 2002-01-25 # # Calling parameters: # $1: interface name # -# Called by (mostly) /etc/ppp/ip-up.local +# Called (mostly) by /etc/ppp/ip-up.local # like: /etc/ppp/ip-up.ipv6to4 $1 >>/var/log/ppp-ipv6to4.log 2>&1 # +# Note: this script will *kill* older still existing 6to4 tunnels regardless +# whether they were set before by another device +# # Uses following information from /etc/sysconfig/network: # NETWORKING_IPV6=yes|no: controls IPv6 initialization (global setting) # # Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1: # IPV6TO4INIT=yes|no: controls configuration -# IPV6TO4_IPV4ADDR=IPv4addr: special local address for 6to4 tunneling (only needed behind a NAT gateway) -# IPV6TO4_RELAY=IPv4addr: remote IPv6to4 relay address -# IPV6TO4_ROUTING="eth0-:f101::0/64 eth1-:f102::0/64": information to setup local subnetting -# IPV6TO4_CONTROL_RADVD=yes|no: controls radvd triggering -# IPV6TO4_RADVD_PIDFILE=file: PID file of radvd for sending signals, default is "/var/run/radvd/radvd.pid" +# IPV6TO4_IPV4ADDR=<IPv4 address>: special local address for 6to4 tunneling (only needed behind a NAT gateway) +# IPV6TO4_RELAY=<IPv4 address>: remote 6to4 relay router address [default: 192.88.99.1] +# IPV6TO4_ROUTING="<device>-<suffix>/<prefix length> ...": information to setup local subnetting +# Example: IPV6TO4_ROUTING="eth0-:f101::0/64 eth1-:f102::0/64" +# +# IPV6_CONTROL_RADVD=yes|no: controls radvd triggering +# IPV6_RADVD_PIDFILE=<file>: PID file of radvd for sending signals, default is "/var/run/radvd/radvd.pid" +# IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP: how to trigger radvd [optional, default is SIGHUP] # # Requirements # radvd-0.6.2p3 or newer supporting option "Base6to4Interface" @@ -31,7 +40,7 @@ if [ -z "$1" ]; then - echo $"Option 1 is empty but should contain interface name - skip IPv6to4 initialization" >/dev/stderr + echo $"Argument 1 is empty but should contain interface name - skip IPv6to4 initialization" exit 1 fi @@ -46,8 +55,12 @@ CONFIG=$1 [ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG source_config +# IPv6 don't need aliases anymore, config is skipped +REALDEVICE=`echo ${DEVICE} | sed 's/:.*//g'` +[ "$DEVICE" != "$REALDEVICE" ] && exit 0 + # Test whether IPv6 should be configured, else stop -[ "${NETWORKING_IPV6}" = "yes" ] || exit 0 +[ "$NETWORKING_IPV6" = "yes" ] || exit 0 if [ ! -f /etc/sysconfig/network-scripts/network-functions-ipv6 ]; then exit 1 @@ -55,9 +68,9 @@ fi . /etc/sysconfig/network-scripts/network-functions-ipv6 -# Run basic IPv6 test (and make sure the ipv6 module will be loaded), if not ok, skip IPv6 initialization -test_ipv6 || exit 1 +# Run basic IPv6 test (and make sure the ipv6 module will be loaded), if not ok, skip IPv6 initialization +ipv6_test || exit 1 # Setup of 6to4, if configured valid6to4config="yes" @@ -75,75 +88,84 @@ if [ "$IPV6TO4INIT" = "yes" ]; then fi if [ ! -z "$ipv4addr" ]; then # Test for non-global IPv4 address - if ! testipv4_globalusable $ipv4addr; then - echo $"Given IPv4 address $ipv4addr is not a globally usable one, 6to4 configuration is not valid!" + if ! ipv6_test_ipv4_addr_global_usable $ipv4addr; then + echo $"Given IPv4 address '$ipv4addr' is not globally usable, 6to4 configuration is not valid" valid6to4config="no" fi - if [ -z "$IPV6TO4_RELAY" ]; then - echo $"IPv6to4 configuration needs an IPv6to4 relay address, 6to4 configuration is not valid!" - valid6to4config="no" - fi else - echo $"IPv6to4 configuration needs an IPv4 address on related interface or extra specified, 6to4 configuration is not valid!" + echo $"IPv6to4 configuration needs an IPv4 address on related interface or otherwise specified, 6to4 configuration is not valid" valid6to4config="no" fi + if [ -z "$IPV6TO4_RELAY" ]; then + IPV6TO4_RELAY="192.88.99.1" + fi + + # Check/generate relay address + ipv6to4_relay="`ipv6_create_6to4_relay_address $IPV6TO4_RELAY`" + if [ $? -ne 0 ]; then + valid6to4config="no" + fi + if [ "$valid6to4config" = "yes" ]; then # Beep if [ -x /usr/bin/beep ]; then /usr/bin/beep -f 2000; else echo -en "\a" >/dev/console; fi - # Cleanup all old data (needed, if "ip-down.ipv6to4" wasn't executed) - - # Delete all static IPv6to4 routes to relay - ifdown_ipv6_route_all sit0 ::$IPV6TO4_RELAY - # Delete routes to local networks - for devsuf in $IPV6TO4_ROUTING; do - dev="`echo $devsuf | awk -F- '{ print $1 }'`" - ifdown_ipv6_route_all $dev :: + for devsuf in $IPV6TO4_ROUTING; do + dev="`echo $devsuf | awk -F- '{ print $1 }'`" + ipv6_cleanup_routes $dev :: done - # Delete all configured 6to4 address - ifdown_ipv6to4_all sit0 - + # Cleanup all old data (needed, if "ip-down.ipv6to4" wasn't executed), delete all configured 6to4 address + ipv6_cleanup_6to4_tunnels tun6to4 + # Setup new data - ifup_ipv6to4 $DEVICE $ipv4addr || exit 1 - + ipv6_add_6to4_tunnel tun6to4 $ipv4addr || exit 1 + + # Add default route, if device matches + if [ "$IPV6_DEFAULTDEV" = "tun6to4" ]; then + if [ ! -z "$IPV6_DEFAULTGW" ]; then + echo $"Warning: interface 'tun6to4' does not support 'IPV6_DEFAULTGW', ignored" + fi + ipv6_set_default_route $ipv6to4_relay tun6to4 + fi + + # Add static routes if [ -f /etc/sysconfig/static-routes-ipv6 ]; then - grep -w "^sit0" /etc/sysconfig/static-routes-ipv6 | while read device args; do - ifup_ipv6_route $args ::$IPV6TO4_RELAY sit0 + LC_ALL=C grep -w "^tun6to4" /etc/sysconfig/static-routes-ipv6 | while read device network gateway; do + if [ -z "$network" ]; then + continue + fi + if [ -z "$gateway" ]; then + gateway="$ipv6to4_relay" + fi + ipv6_add_route $network $gateway tun6to4 done fi + + # Cleanup autmatically generated autotunnel (not needed for 6to4) + ipv6_del_route "::/96" "::" tun6to4 + ipv6_del_addr_on_device tun6to4 "::$ipv4addr/128" - if [ "$IPV6TO4_CONTROL_RADVD" = "yes" ]; then - if [ -z "$IPV6TO4_RADVD_PIDFILE" ]; then - # Take default - IPV6TO4_RADVD_PIDFILE="/var/run/radvd/radvd.pid" - fi + if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then + # Control running radvd + ipv6_trigger_radvd up "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE - if [ -f "$IPV6TO4_RADVD_PIDFILE" ]; then - pid="`cat $IPV6TO4_RADVD_PIDFILE`" - if [ ! -z "$pid" ]; then - echo $"Trigger RADVD for IPv6to4 prefix recalculation" - kill -HUP $pid - else - false - fi - fi if [ ! -z "$IPV6TO4_ROUTING" ]; then # Generate 6to4 address - ipv6to4prefix="`create6to4prefix $ipv4addr`" + ipv6to4prefix="`ipv6_create_6to4_prefix $ipv4addr`" if [ ! -z "$ipv6to4prefix" ]; then # Add route to local networks for devsuf in $IPV6TO4_ROUTING; do dev="`echo $devsuf | awk -F- '{ print $1 }'`" suf="`echo $devsuf | awk -F- '{ print $2 }'`" - ifup_ipv6_route ${ipv6to4prefix}$suf :: $dev + ipv6_add_route ${ipv6to4prefix}$suf :: $dev done else echo $"Error occured while calculating the IPv6to4 prefix" fi else - echo $"RADVD control enabled, but config is not complete!" + echo $"radvd control enabled, but config is not complete" fi fi diff --git a/ppp/ipv6-down b/ppp/ipv6-down new file mode 100644 index 00000000..bc077de8 --- /dev/null +++ b/ppp/ipv6-down @@ -0,0 +1,40 @@ +#!/bin/bash + +# Version: 2002-01-12 + +# This file should not be modified -- make local changes to +# /etc/ppp/ipv6-down.local instead + +LOGDEVICE=$6 +REALDEVICE=$1 + +export PATH=/sbin:/usr/sbin:/bin:/usr/bin + +[ -x /etc/ppp/ipv6-up.local ] && /etc/ppp/ipv6-up.local "$@" + +# Setup IP6 +if [ -f /etc/sysconfig/network ]; then + . /etc/sysconfig/network + + if [ "${NETWORKING_IPV6}" = "yes" -a -x /etc/sysconfig/network-scripts/ifdown-ipv6 ]; then + # Source IPv4 helper functions + cd /etc/sysconfig/network-scripts + . network-functions + + # Source IPv6 helper functions + . /etc/sysconfig/network-scripts/network-functions-ipv6 + + CONFIG=$1 + [ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG + source_config + + /etc/sysconfig/network-scripts/ifdown-ipv6 $REALDEVICE + + if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then + # Control running radvd + ipv6_trigger_radvd down "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE + fi + fi +fi + +exit 0 diff --git a/ppp/ipv6-up b/ppp/ipv6-up new file mode 100644 index 00000000..921f8cdd --- /dev/null +++ b/ppp/ipv6-up @@ -0,0 +1,40 @@ +#!/bin/bash + +# This file should not be modified -- make local changes to +# /etc/ppp/ipv6-up.local instead + +# Version: 2002-01-12 + +LOGDEVICE=$6 +REALDEVICE=$1 + +export PATH=/sbin:/usr/sbin:/bin:/usr/bin + +# Setup IPv6 +if [ -f /etc/sysconfig/network ]; then + . /etc/sysconfig/network + + if [ "${NETWORKING_IPV6}" = "yes" -a -x /etc/sysconfig/network-scripts/ifup-ipv6 ]; then + # Source IPv4 helper functions + cd /etc/sysconfig/network-scripts + . network-functions + + # Source IPv6 helper functions + . /etc/sysconfig/network-scripts/network-functions-ipv6 + + CONFIG=$1 + [ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG + source_config + + /etc/sysconfig/network-scripts/ifup-ipv6 $REALDEVICE + + if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then + # Control running radvd + ipv6_trigger_radvd up "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE + fi + fi +fi + +[ -x /etc/ppp/ipv6-up.local ] && /etc/ppp/ipv6-up.local "$@" + +exit 0 diff --git a/static-routes-ipv6 b/static-routes-ipv6 index 92df51fc..657bceab 100644 --- a/static-routes-ipv6 +++ b/static-routes-ipv6 @@ -1,30 +1,26 @@ +# Version: 2002-01-09 + # file: /etc/sysconfig/static-routes-ipv6 # # description: this file contains all static IPv6 routes # description: Here you can specify several routes to specified gateways # description: and also route through a virtual tunnel interface # -# (P) 2000 by Peter Bieringer <pb@bieringer.de> -# -# Changes to -# 20000704: initial taken from my network-ip6.conf -# 20001125: remove (C)opyright (makes no sense in a configuration file) -# and add path to file information - -#Device IPv6 network to route IPv6 gateway address -#eth0 fec0:0:0:2::/64 fec0:0:0:1:0:0:0:20 -#eth0 3ffe::/16 3ffe:0400:0100:f102:0:0:0:1 - -## enable following as "default" routes through a gateway (but review gateway!) -# IPv6 Testing Address Allocation (6bone testbed) -#eth0 3ffe::/16 3ffe:0400:0100:f102:0:0:0:1 -# IPv6 official addresses -#eth0 2000::/3 3ffe:0400:0100:f102:0:0:0:1 - - -## enable following as "default" routes through a tunnel -## Virtual tunnel interface IPv6 network to route through -# IPv6 Testing Address Allocation (6bone testbed) -#sit1 3ffe::/16 -# IPv6 official addresses -#sit1 2000::/3 +# (P) 2000-2002 by Peter Bieringer <pb@bieringer.de> + +#Device IPv6 network to route IPv6 gateway address + + +## Example: static routes through a gateway on local link +#eth0 fec0:0:0:2::/64 fec0:0:0:1:0:0:0:20 +#eth0 3ffe:ffff:1234::/48 3ffe:ffff:1234:0002:0:0:0:1 + + +## Example: default route through a gateway on local link +#eth0 2000::/3 3ffe:ffff:1234:0002:0:0:0:1 + + +## Example: static route through a dedicated tunnel +#sit1 3ffe:ffff:1234::/48 + + diff --git a/sysconfig.txt b/sysconfig.txt index 0b4b7aef..04c313de 100644 --- a/sysconfig.txt +++ b/sysconfig.txt @@ -160,15 +160,20 @@ Files in /etc/sysconfig IPXINTERNALNETNUM=<netnum> IPXINTERNALNODENUM=<nodenum> + All the IPX stuff is optional, and should default to off. + NETWORKING_IPV6=yes|no Enable or disable global IPv6 initialization + Default: no IPV6FORWARDING=yes|no Enable or disable global forwarding of incoming IPv6 packes on all interfaces. - Note: Actual packet forwarding cannot be controlled per-device. + Note: Actual packet forwarding cannot be controlled per-device, use netfilter6 for such issues + Default: no IPV6INIT=yes|no - Enable or disable IPv6 configuration for all interfaces. + Enable or disable IPv6 configuration for all interfaces Use with caution! + Default: value not set in this file IPV6_AUTOCONF=yes|no Sets the default for device-based autoconfiguration. @@ -178,15 +183,54 @@ Files in /etc/sysconfig Default: yes if IPV6FORWARDING=yes, no if IPV6FORWARDING=no IPV6_AUTOTUNNEL=yes|no Controls automatic IPv6 tunneling. - - IPV6_TUNNELMODE=IP|NBMA [OPTIONAL: IP by default] - Mode of tunnel setup - IP: separate tunnel device mode (now recommeded) - NBMA: NBMA-styled tunnel mode (now mostly obsolete) - - All IPv6 options can be overridden in interface-specific configuration. - - All the IPX stuff is optional, and should default to off. + Default: no + + IPV6_DEFAULTGW=<IPv6 address[%interface]> (optional) + Add a default route through specified gateway + An interface can be specified: required for link-local addresses + Examples: + IPV6_DEFAULTGW="3ffe:400:100:f101::2" + Add default route through 3ffe:400:100:f101::2 + IPV6_DEFAULTGW="3ffe:400:100:f101::2%eth0" + Add default route through 3ffe:400:100:f101::2 and device eth0 + IPV6_DEFAULTGW="fe80::1%eth0" + Add default route through fe80::1 and device eth0 + + Note: if IPV6_DEFAULTGW is specified with %interface scope and it + doesn't match IPV6_DEFAULTDEV, IPV6_DEFAULTDEV is ignored. + Note: it's preferred to use %interface for all addresses, not + just link-local if you have multiple IPv6-enabled interfaces. + + IPV6_DEFAULTDEV=<interface> (optional) + Add a default route through specified interface without specifying next hop + Type of interface will be tested whether this is allowed + Examples: + IPV6_DEFAULTDEV="eth0" INVALID example! + IPV6_DEFAULTDEV="ppp0" + IPV6_DEFAULTDEV="sit0" + Examples for 6to4 + IPV6_DEFAULTDEV="tun6to4" + Add default route through dedicated 6to4 tunnel device "tun6to4", if configured + + Note: "tun6to4" does not support an additional IPV6_DEFAULTGW. + Other interfaces prefer IPV6_DEFAULTGW, if specified. + + IPV6_RADVD_PIDFILE=<pid-file> (optional) + Location of PID file for controlling radvd, see IPV6_CONTROL_RADVD + Default: "/var/run/radvd/radvd.pid" + Example: + IPV6_RADVD_PIDFILE="/some/other/location/radvd.pid" + IPV6TO4_RADVD_PIDFILE=<pid-file> (obsolete) + As above, still supported for a while for backward compatibility. + IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP (optional) + How to trigger radvd in case of 6to4 or PPP action + startstop: radvd starts if interface goes up and stops + if interface goes down using initscript call of radvd with related parameter + reload|restart: initscript of radvd is called with this parameter + SIGHUP: signal HUP is sent to radvd, pidfile must be specified, if not the default + Default: SIGHUP + + IPv6 options above can be overridden in interface-specific configuration. obsoleted values from earlier releases: @@ -224,8 +268,8 @@ Files in /etc/sysconfig /etc/sysconfig/static-routes-ipv6: Contains lines of the form: - <device> ipv6network ipv6gateway - <tunneldevice> ipv6network + <device> IPv6-network IPv6-gateway + <tunneldevice> IPv6-network <device> must be a device name to have the route brought up and down with the device @@ -235,13 +279,20 @@ Files in /etc/sysconfig eth0 fec0:0:0:2::/64 fec0:0:0:1:0:0:0:20 adds a route for IPv6 network fec0:0:0:2::/64 through fec0:0:0:1:0:0:0:20 - eth0 2000::/3 3ffe:400:100:f101::1 - eth0 3ffe::/16 3ffe:400:100:f101::1 - so-called "default" route for clients + eth0 2000::/3 3ffe:ffff:0:1::1 + so-called "default" routes for clients sit1 2000::/3 - sit1 3ffe::/16 - adds routes through virtual tunnel sit1 + adds routes through dedicated tunnel interface sit1 + + tun6to4 3ffe:ffff:1234::/56 + tun6to4 3ffe:ffff:5678::/56 ::5.6.7.8 + adds routes through hardwired 6to4 tunnel interface tun6to4 + + Notes: + * default routes (such as the "2000::/3" shown above) should be set with + IPV6_DEFAULTGW and IPV6_DEFAULTDEV, see more above. + * tunnel device "sit0" is not supported here, routes will never be applied /etc/sysconfig/routed: @@ -417,7 +468,7 @@ Files in /etc/sysconfig/network-scripts/ /etc/sysconfig/network-scripts/init.ipv6-global: Not really a public file. Contains different basic settings that - are set from /etc/rc.d/init.d/network at different stages of + are set from /etc/[rc.d]/init.d/network at different stages of network initialization. /etc/sysconfig/network-scripts/network-functions: @@ -484,67 +535,76 @@ Files in /etc/sysconfig/network-scripts/ IPv6-only items for real interfaces: IPV6INIT=yes|no Enable or disable IPv6 configuration for this interface + Default: no IPV6FORWARDING=yes|no Enable or disable global forwarding of incoming IPv6 packets - Note! Obsolete in interface specification. - IPV6ADDR=<ipv6address>/<prefixlength> - specify primary static IPv6 address here + Note: Obsolete in interface specification! + Default: no + IPV6ADDR=<IPv6 address>[/<prefix length>] + Specify a primary static IPv6 address here + Optional, if normal host and a router advertisement daemon is on local link + Required, if node is a router and interface should route packets + Note: if prefix length is omitted, 64 is assumed Example: - IPV6ADDR="3ffe:400:100:f101::1/64" - IPV6ADDR_SECONDARIES=<list of ipv6 addresses> - a list of secondary IPv6 addresses (perhaps useful for virtual hosting) + IPV6ADDR="3ffe:ffff:0:5::1" + IPV6ADDR="3ffe:ffff:0:1::1/128" + IPV6ADDR_SECONDARIES="<IPv6 address>[/<prefix length>] ..." (optional) + A list of secondary IPv6 addresses (perhaps useful for virtual hosting) Example: - IPV6ADDR_SECONDARIES="3ffe:400:100:f101::10/64 3ffe:400:100:f101::11/64" - IPV6_MTU="<MTU of link>" [optional] - Note: Must be greater or equal to 1280. + IPV6ADDR_SECONDARIES="3ffe:ffff:0:1::10 3ffe:ffff:0:2::11/128" + IPV6_MTU=<MTU of link> (optional) Optional, dedicated MTU of this link + Note: Must be greater or equal to 1280. Example: IPV6_MTU="1280" Special configuration options for multi-homed hosts etc. - IPV6_ROUTER=yes|no: controls IPv6 autoconfiguration - IPV6_AUTOCONF=yes|no: controls IPv6 autoconfiguration - defaults: - global IPV6FORWARDING=yes: IPV6_AUTOCONF=no, IPV6_ROUTER=yes - global IPV6FORWARDING=no: IPV6_AUTOCONF=yes + IPV6_ROUTER=yes|no: Controls IPv6 autoconfiguration + IPV6_AUTOCONF=yes|no: Controls IPv6 autoconfiguration + Defaults: + Global IPV6FORWARDING=yes: IPV6_AUTOCONF=no, IPV6_ROUTER=yes + Global IPV6FORWARDING=no: IPV6_AUTOCONF=yes Optional settings for a 6to4 tunnel IPV6TO4INIT=yes|no Enable or disable 6to4 tunneling setup - IPV6TO4_RELAY=<ipv4address> + Default: no + IPV6TO4_RELAY=<IPv4 address> (optional) IPv4 address of the remote 6to4 relay - IPV6TO4_IPV4ADDR=<ipv6address> [OPTIONAL] - overwrite local IPv4 address which is accessable from the Internet - (optional, in case of NAT or other special scenarios) - IPV6TO4_ROUTING=<LAN-routing-setup-tokens> [OPTIONAL] - a list of routing tokens to setup proper IPv6 routes on the LAN + Note: if this is omitted, ::192.88.99.1 (the anycast relay address) is chosen + IPV6TO4_IPV4ADDR=<IPv6 address>[/<prefix length>] (optional) + Overwrite local IPv4 address which is accessable from the Internet + (optional, in case of static IPv4-NAT behind a router or other special scenarios) + IPV6TO4_ROUTING="<device>-<suffix>/<prefix length> ..." (optional) + A list of routing tokens to setup proper IPv6 routes on the LAN Example: IPV6TO4_ROUTING="eth0-:f101::0/64 eth1-:f102::0/64" Will create one route per eth0 and eth1, taking given SLA - IPV6TO4_CONTROL_RADVD=yes|no [OPTIONAL] - Enable signalling radvd that the 6to4 prefix has been changed - IPV6TO4_RADVD_PIDFILE=<path-to-pid-file> [OPTIONAL] - location of PID file to get PID for sending signal - default is "/var/run/radvd/radvd.pid" - Example: - IPV6TO4_RADVD_PIDFILE="/some/other/location/radvd.pid" - IPv6-only items for automatic tunnel interface: - Virtual interface name: sit0 - IPV6INIT=yes|no - Enable or disable IPv6 configuration for this interface - Obsolete now, see IPV6_AUTOTUNNEL in /etc/sysconfig/network + Optional settings for a 6to4 tunnel or a ppp link + IPV6_CONTROL_RADVD=yes|no (optional) + Enable signalling radvd that the 6to4 prefix has been changed or a + preconfigured dynamic device is up or down + Default: no - IPv6-only items for static unnumbered tunnel interface: - Virtual interface name: sit1.. + IPv6-only items for static tunnel interface: + Interface name: sitX (X => 1) IPV6INIT=yes|no Enable or disable IPv6 configuration for this interface - IPV6TUNNELIPV4=<ipv4 address of foreign tunnel endpoint> - specify IPv4 address of a foreign IPv6-in-IPv4 tunnel endpoint + Default: no + IPV6TUNNELIPV4=<IPv4 address> + Specify IPv4 address of a foreign IPv6-in-IPv4 tunnel endpoint Example: - IPV6TUNNELIPV4="195.226.187.50" - IPV6ADDR=<ipv6address>/<prefixlength> [OPTIONAL] + IPV6TUNNELIPV4="1.2.3.4" + IPV6TUNNELIPV4LOCAL=<IPv4 address> + Specify local IPv4 address of tunnel, useful on interfaces with multiple IPv4 addresses + IPV6ADDR=<IPv6 address>[/<prefix length>] (optional) local IPv6 address of a numbered tunnel + IPV6_MTU=<MTU of tunnel> (optional) + Optional, dedicated MTU of this tunnel + Note: Must be greater or equal to 1280 + Example: + IPV6_MTU="1280" Ethernet-only items: {IPXNETNUM,IPXPRIMARY,IPXACTIVE}_{802_2,802_3,ETHERII,SNAP} diff --git a/sysconfig/network-scripts/ifdown-ippp b/sysconfig/network-scripts/ifdown-ippp index 4a4c449d..adc6d4b7 100755 --- a/sysconfig/network-scripts/ifdown-ippp +++ b/sysconfig/network-scripts/ifdown-ippp @@ -16,9 +16,9 @@ if [ -f /var/lock/subsys/ibod ] ; then fi # Shut down IPv6 -#if [ "${NETWORKING_IPV6}" = "yes" ]; then -# /etc/sysconfig/network-scripts/ifdown-ipv6 $DEVICE -#fi +if [ "${NETWORKING_IPV6}" = "yes" ]; then + /etc/sysconfig/network-scripts/ifdown-ipv6 $DEVICE +fi # shutdown isdn device isdnctrl hangup $DEVICE >/dev/null 2>&1 diff --git a/sysconfig/network-scripts/ifdown-ipv6 b/sysconfig/network-scripts/ifdown-ipv6 index 8f4319ba..23084670 100755 --- a/sysconfig/network-scripts/ifdown-ipv6 +++ b/sysconfig/network-scripts/ifdown-ipv6 @@ -4,26 +4,38 @@ # # # Taken from: -# (P) & (C) 2000-2001 by Peter Bieringer <pb@bieringer.de> +# (P) & (C) 2000-2002 by Peter Bieringer <pb@bieringer.de> +# +# You will find more information in the IPv6-HowTo for Linux at +# http://www.bieringer.de/linux/IPv6/ # # RHL integration assistance by Pekka Savola <pekkas@netcore.fi> # -# Version 2001-07-15 +# Version 2002-01-25 +# +# Note: if called as (like normally) by /etc/sysconfig/network-scripts/ifdown +# exit codes aren't handled by "ifdown" # # Uses following information from /etc/sysconfig/network: # NETWORKING_IPV6=yes|no: controls IPv6 initialization (global setting) # # Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1: +# DEVICE=<device> # IPV6INIT=yes|no: controls IPv6 configuration for this interface # # Optional for 6to4 tunneling: -# IPV6TO4_RELAY=<ipv4address>: IPv4 address of the remote 6to4 relay -# IPV6TO4_ROUTING="eth0-:f101::0/64 eth1-:f102::0/64": information to setup local subnetting -# IPV6TO4_CONTROL_RADVD=yes|no: controls radvd triggering [optional] -# IPV6TO4_RADVD_PIDFILE=file: PID file of radvd for sending signals, default is "/var/run/radvd/radvd.pid" [optional] +# IPV6TO4_RELAY=<IPv4 address>: IPv4 address of the remote 6to4 relay [default: 192.88.99.1] +# IPV6TO4_ROUTING="<device>-<suffix>/<prefix length> ...": information to setup local subnetting # -# Requirements for 6to4 if using radvd: -# radvd-0.6.2p3 or newer supporting option "Base6to4Interface" +# Optional for 6to4 tunneling links to trigger radvd: +# IPV6_CONTROL_RADVD=yes|no: controls radvd triggering [optional] +# IPV6_RADVD_PIDFILE=<file>: PID file of radvd for sending signals, default is "/var/run/radvd/radvd.pid" [optional] +# IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP: how to trigger radvd [optional, default is SIGHUP] +# +# Required version of radvd to use 6to4 prefix recalculation +# 0.6.2p3 or newer supporting option "Base6to4Interface" +# Required version of radvd to use dynamic ppp links +# 0.7.0 + fixes or newer # @@ -34,7 +46,11 @@ cd /etc/sysconfig/network-scripts CONFIG=$1 [ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG -source_config +source_config + +# IPv6 don't need aliases anymore, config is skipped +REALDEVICE=`echo ${DEVICE} | sed 's/:.*//g'` +[ "$DEVICE" != "$REALDEVICE" ] && exit 0 # Test whether IPv6 should be configured, else stop [ "${NETWORKING_IPV6}" = "yes" ] || exit 0 @@ -46,88 +62,66 @@ fi # Source IPv6 helper functions . /etc/sysconfig/network-scripts/network-functions-ipv6 + # IPv6 test, no module loaded, exit if system is not IPv6-ready -test_ipv6 testonly || exit 0 +ipv6_test testonly || exit 0 +# Test device status +ipv6_test_device_status $DEVICE +if [ $? != 0 -a $? != 11 ]; then + # device doesn't exist or other problem occurs + exit 1 +fi # Switch some sysctls to secure mode -sysctl -w net.ipv6.conf.$DEVICE.forwarding=0 >/dev/null -sysctl -w net.ipv6.conf.$DEVICE.accept_ra=0 >/dev/null -sysctl -w net.ipv6.conf.$DEVICE.accept_redirects=0 >/dev/null +ipv6_exec_sysctl -w net.ipv6.conf.$DEVICE.forwarding=0 >/dev/null +ipv6_exec_sysctl -w net.ipv6.conf.$DEVICE.accept_ra=0 >/dev/null +ipv6_exec_sysctl -w net.ipv6.conf.$DEVICE.accept_redirects=0 >/dev/null # Shutdown of 6to4, if configured valid6to4config="yes" if [ -z "$IPV6TO4_RELAY" ]; then - valid6to4config="no" + IPV6TO4_RELAY="192.88.99.1" fi -if [ "$valid6to4config" = "yes" ]; then - if [ "$IPV6TO4_CONTROL_RADVD" = "yes" ]; then - # stop RADVD from distributing no longer usable 6to4 prefixes - if [ -z "$IPV6TO4_RADVD_PIDFILE" ]; then - IPV6TO4_RADVD_PIDFILE="/var/run/radvd/radvd.pid" - fi - # Send SIGHUP to radvd - if [ -f "$IPV6TO4_RADVD_PIDFILE" ]; then - pid="`cat $IPV6TO4_RADVD_PIDFILE`" - if [ ! -z "$pid" ]; then - # still waiting for feature enabling: stopping distribution of prefixes in RADVD.... - # kill -SOMETHING $pid - false - else - false - fi - fi + +# Get IPv4 address from interface +if [ ! -z "$IPV6TO4_IPV4ADDR" ]; then + # Take special configured from config file (precedence 1) + ipv4addr="$IPV6TO4_IPV4ADDR" +else + # Get IPv4 address from interface first (has precedence 2) + ipv4addr="`ipv6_get_ipv4addr_of_device $DEVICE`" + if [ -z "$ipv4addr" ]; then + # Take configured from config file (precedence 3) + ipv4addr="$IPADDR" fi +fi + +# Get local IPv4 address of dedicated tunnel +ipv4addr6to4local="`ipv6_get_ipv4addr_of_tunnel tun6to4 local`" + +# Check against configured 6to4 tunnel to see if this interface was used before +if [ "$ipv4addr" != "$ipv4addr6to4local" ]; then + # IPv4 address of interface does't match local tunnel address, interface was not used for current 6to4 setup + valid6to4config="no" +fi +# Shutdown of 6to4, if configured +if [ "$valid6to4config" = "yes" ]; then if [ ! -z "$IPV6TO4_ROUTING" ]; then # Delete routes to local networks for devsuf in $IPV6TO4_ROUTING; do dev="`echo $devsuf | awk -F- '{ print $1 }'`" - ifdown_ipv6_route_all $dev :: + ipv6_cleanup_routes $dev :: done fi - # Detect type of address, whether it is IPv4 or IPv6 - if testipv6_valid $IPV6TO4_RELAY; then - relay6to4type="ipv6" - fi - - # Delete all static IPv6to4 routes - if [ "$relay6to4type" = "ipv6" ]; then - ifdown_ipv6_route_all sit0 $IPV6TO4_RELAY - else - ifdown_ipv6_route_all sit0 ::$IPV6TO4_RELAY - fi - - # Delete old 6to4 routes, even if IPV6TO4_RELAY was changed - if [ -f /etc/sysconfig/static-routes-ipv6 ]; then - grep -w "^sit0" /etc/sysconfig/static-routes-ipv6 | while read device network dummy; do - if [ "$EXISTS_ipv6calc" = "yes" ]; then - # Convert given network to compressed one - network="`ipv6calc --addr_to_compressed $network`" - fi - LC_ALL=C route -A inet6 | grep "^$network" | while read destination nexthop flags metric ref use iface dummy; do - if ! [ "$device" = "$iface" -a "$network" = "$destination" ]; then - continue - fi - # Look for routes to a compatible IPv4 address, delete them - if echo $nexthop | egrep -q '^::[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'; then - ifdown_ipv6_route $destination $nexthop $iface - fi - # Look for routes to a IPv6to4 address, delete them - if echo $nexthop | egrep -q '^2002::'; then - ifdown_ipv6_route $destination $nexthop $iface - fi - done - done - fi - - # Delete 6to4 route - ifdown_ipv6_route 2002::/16 :: sit0 - # Delete all configured 6to4 address - ifdown_ipv6to4_all sit0 + ipv6_cleanup_6to4_tunnels tun6to4 + + # Control running radvd + ipv6_trigger_radvd down "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE fi # Delete all current configured IPv6 addresses on this interface -ifdown_ipv6_real_all $DEVICE +ipv6_cleanup_device $DEVICE diff --git a/sysconfig/network-scripts/ifdown-sit b/sysconfig/network-scripts/ifdown-sit index 1fa4dad9..521217ce 100755 --- a/sysconfig/network-scripts/ifdown-sit +++ b/sysconfig/network-scripts/ifdown-sit @@ -4,19 +4,20 @@ # # # Taken from: -# (P) & (C) 2000-2001 by Peter Bieringer <pb@bieringer.de> +# (P) & (C) 2000-2002 by Peter Bieringer <pb@bieringer.de> +# +# You will find more information in the IPv6-HowTo for Linux at +# http://www.bieringer.de/linux/IPv6/ # # RHL integration assistance by Pekka Savola <pekkas@netcore.fi> # -# Version 2001-07-15a +# Version 2002-01-25 # # Uses following information from /etc/sysconfig/network: # NETWORKING_IPV6=yes|no: controls IPv6 initialization (global setting) # -# Uses following information from "/etc/sysconfig/network-scripts/ifcfg-$1": -# For static tunnels -# IPV6TUNNELIPV4="<ipv4 address of foreign tunnel endpoint>" -# IPV6ADDR=<ipv6address>/<prefixlength> [OPTIONAL: numbered tunnels] +# Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1: +# DEVICE=<device> # @@ -29,10 +30,14 @@ cd /etc/sysconfig/network-scripts CONFIG=$1 [ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG -source_config +source_config + +# IPv6 don't need aliases anymore, config is skipped +REALDEVICE=`echo ${DEVICE} | sed 's/:.*//g'` +[ "$DEVICE" != "$REALDEVICE" ] && exit 0 # Test whether IPv6 should be configured, else stop -[ "${NETWORKING_IPV6}" = "yes" ] || exit 0 +[ "$NETWORKING_IPV6" = "yes" ] || exit 0 if [ ! -f /etc/sysconfig/network-scripts/network-functions-ipv6 ]; then exit 1 @@ -41,28 +46,22 @@ fi # Source IPv6 helper functions . /etc/sysconfig/network-scripts/network-functions-ipv6 -# IPv6 test, no module loaded, exit if system is not IPv6-ready -test_ipv6 testonly || exit 0 -# Delete IPv6-in-IPv4 tunnel(s) +# Generic tunnel device sit0 is not supported here if [ "$DEVICE" = "sit0" ]; then - ifdown_ipv6_autotunnel -elif [ ! -z "$IPV6TUNNELIPV4" ]; then - if [ "$IPV6_TUNNELMODE" = "NBMA" ]; then - if [ ! -z "$IPV6ADDR" ]; then - ifdown_ipv6_real sit0 $IPV6ADDR - fi - - # Cleanup all IPv6 tunnel configuration on specified interface and shut down sit0, if no longer used - ifdown_ipv6_tunnel_all $DEVICE $IPV6TUNNELIPV4 + echo $"Device '$DEVICE' isn't supported here, use IPV6_AUTOTUNNEL setting and restart (IPv6) networking" + exit 1 +fi - elif [ -z "$IPV6_TUNNELMODE" -o "$IPV6_TUNNELMODE" = "IP" ]; then - # Delete all IPv6 routes and addresses - ifdown_ipv6_real_all $DEVICE +# IPv6 test, no module loaded, exit if system is not IPv6-ready +ipv6_test testonly || exit 0 - # Shut down tunnel device - ifdown_ipv6_tunneldev $DEVICE - else - echo $"Tunnel creation mode '$IPV6_TUNNELMODE' not supported - skip!" - fi +# Test device status +ipv6_test_device_status $DEVICE +if [ $? != 0 -a $? != 11 ]; then + # device doesn't exist or other problem occurs + exit 0 fi + +# Cleanup and shut down IPv6-in-IPv4 tunnel device +ipv6_del_tunnel_device $DEVICE diff --git a/sysconfig/network-scripts/ifup-ippp b/sysconfig/network-scripts/ifup-ippp index 2f715796..4ddf67c9 100755 --- a/sysconfig/network-scripts/ifup-ippp +++ b/sysconfig/network-scripts/ifup-ippp @@ -345,10 +345,18 @@ function addprovider() fi fi - ## Setup IPv6 - #if [ "${NETWORKING_IPV6}" = "yes" ]; then - # /etc/sysconfig/network-scripts/ifup-ipv6 $DEVICE - #fi + # Setup IPv6 + if [ "${NETWORKING_IPV6}" = "yes" ]; then + if [ "$IPV6INIT" = "yes" -a ! -z "$IPV6ADDR" ]; then + # Native IPv6 use of device configured, check of encapsulation required + if [ "$ENCAP" = "syncppp" ]; then + echo $"Warning: ipppd (kernel 2.4.x and below) doesn't support IPv6 using encapsulation 'syncppp'" + elif [ "$ENCAP" = "rawip" ]; then + echo $"Warning: link doesn't support IPv6 using encapsulation 'rawip'" + fi + fi + /etc/sysconfig/network-scripts/ifup-ipv6 $DEVICE + fi } addprovider || exit 1 diff --git a/sysconfig/network-scripts/ifup-ipv6 b/sysconfig/network-scripts/ifup-ipv6 index cd5d0062..dc628341 100755 --- a/sysconfig/network-scripts/ifup-ipv6 +++ b/sysconfig/network-scripts/ifup-ipv6 @@ -4,19 +4,25 @@ # # # Taken from: -# (P) & (C) 2000-2001 by Peter Bieringer <pb@bieringer.de> +# (P) & (C) 2000-2002 by Peter Bieringer <pb@bieringer.de> +# +# You will find more information in the IPv6-HowTo for Linux at +# http://www.bieringer.de/linux/IPv6/ # # RHL integration assistance by Pekka Savola <pekkas@netcore.fi> # -# Version 2001-07-16 +# Version 2002-01-25 +# +# Note: if called (like normally) by /etc/sysconfig/network-scripts/ifup +# exit codes aren't handled by "ifup" # # Uses following information from "/etc/sysconfig/network": # NETWORKING_IPV6=yes|no: controls IPv6 initialization (global setting) # # Uses following information from "/etc/sysconfig/network-scripts/ifcfg-$1": # IPV6INIT=yes|no: controls IPv6 configuration for this interface -# IPV6ADDR=<ipv6address>/<prefixlength>: specify primary static IPv6 address here -# IPV6ADDR_SECONDARIES="<list of ipv6 addresses>" [optional] +# IPV6ADDR=<IPv6 address>[/<prefix length>]: specify primary static IPv6 address +# IPV6ADDR_SECONDARIES="<IPv6 address>[/<prefix length>] ..." (optional) # IPV6_ROUTER=yes|no: controls IPv6 autoconfiguration (no: multi-homed interface without routing) # IPV6_AUTOCONF=yes|no: controls IPv6 autoconfiguration # defaults: @@ -24,16 +30,22 @@ # IPV6FORWARDING=no: IPV6_AUTOCONF=yes # IPV6_MTU=<MTU for IPv6>: controls IPv6 MTU for this link [optional] # -# Optional for 6to4 tunneling: +# Optional for 6to4 tunneling (hardwired name of tunnel device is "tun6to4"): # IPV6TO4INIT=yes|no: controls 6to4 tunneling setup -# IPV6TO4_RELAY=<ipv4address|ipv6to4address>: IPv4/IPv6to4 address of the remote 6to4 relay -# IPV6TO4_IPV4ADDR=<ipv6address>: overwrite local IPv4 address [optional] -# IPV6TO4_ROUTING="eth0-:f101::0/64 eth1-:f102::0/64": information to setup local subnetting -# IPV6TO4_CONTROL_RADVD=yes|no: controls radvd triggering [optional] -# IPV6TO4_RADVD_PIDFILE=file: PID file of radvd for sending signals, default is "/var/run/radvd/radvd.pid" [optional] +# IPV6TO4_RELAY=<IPv4 address>: IPv4 address of the remote 6to4 relay [default: 192.88.99.1] +# IPV6TO4_IPV4ADDR=<IPv4 address>: overwrite local IPv4 address [optional] +# IPV6TO4_ROUTING="<device>-<suffix>/<prefix length> ...": information to setup local subnetting +# Example: IPV6TO4_ROUTING="eth0-:f101::0/64 eth1-:f102::0/64" +# +# Optional for 6to4 tunneling to trigger radvd: +# IPV6_CONTROL_RADVD=yes|no: controls radvd triggering [optional] +# IPV6_RADVD_PIDFILE=<file>: PID file of radvd for sending signals, default is "/var/run/radvd/radvd.pid" [optional] +# IPV6_RADVD_TRIGGER_ACTION=startstop|reload|restart|SIGHUP: how to trigger radvd [optional, default is SIGHUP] # -# Requirements for 6to4 if using radvd: -# radvd-0.6.2p3 or newer supporting option "Base6to4Interface" +# Required version of radvd to use 6to4 prefix recalculation +# 0.6.2p3 or newer supporting option "Base6to4Interface" +# Required version of radvd to use dynamic ppp links +# 0.7.0 + fixes or newer # @@ -48,6 +60,10 @@ CONFIG=$1 [ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG source_config +# IPv6 don't need aliases anymore, config is skipped +REALDEVICE=`echo ${DEVICE} | sed 's/:.*//g'` +[ "$DEVICE" != "$REALDEVICE" ] && exit 0 + # Test whether IPv6 configuration is enabled for this interface, else stop [ "$IPV6INIT" = "yes" ] || exit 0 @@ -61,17 +77,24 @@ fi # Source IPv6 helper functions . /etc/sysconfig/network-scripts/network-functions-ipv6 + # IPv6 test, module loaded, exit if system is not IPv6-ready -test_ipv6 || exit 1 +ipv6_test || exit 1 + +# Test device status +ipv6_test_device_status $DEVICE +if [ $? != 0 -a $? != 11 ]; then + # device doesn't exist or other problem occurs + exit 1 +fi - # Setup IPv6 address on specified interface if ! [ -z "$IPV6ADDR" ]; then - ifup_ipv6_real $DEVICE $IPV6ADDR + ipv6_add_addr_on_device $DEVICE $IPV6ADDR || exit 1 fi # Get current global IPv6 forwarding -ipv6_global_forwarding_current="`sysctl -n net.ipv6.conf.all.forwarding`" +ipv6_global_forwarding_current="`ipv6_exec_sysctl -n net.ipv6.conf.all.forwarding`" # Set some proc switches depending on defines if [ "$IPV6FORWARDING" = "yes" ]; then @@ -80,7 +103,7 @@ if [ "$IPV6FORWARDING" = "yes" ]; then # Check, if global IPv6 forwarding was already set by global script if [ $ipv6_global_forwarding_current -ne 1 ]; then echo $"Global IPv6 forwarding is enabled in configuration, but not currently enabled in kernel" -# echo $"Please restart network with '/sbin/service network restart'" + echo $"Please restart network with '/sbin/service network restart'" fi ipv6_local_forwarding=1 @@ -97,7 +120,7 @@ else # Check, if global IPv6 forwarding was already set by global script if [ $ipv6_global_forwarding_current -ne 0 ]; then echo $"Global IPv6 forwarding is disabled in configuration, but not currently disabled in kernel" -# echo $"Please restart network with '/sbin/service network restart'" + echo $"Please restart network with '/sbin/service network restart'" fi ipv6_local_forwarding=0 @@ -106,124 +129,134 @@ else ipv6_local_auto=0 fi fi -sysctl -w net.ipv6.conf.$DEVICE.forwarding=$ipv6_local_forwarding >/dev/null -sysctl -w net.ipv6.conf.$DEVICE.accept_ra=$ipv6_local_auto >/dev/null -sysctl -w net.ipv6.conf.$DEVICE.accept_redirects=$ipv6_local_auto >/dev/null +ipv6_exec_sysctl -w net.ipv6.conf.$DEVICE.forwarding=$ipv6_local_forwarding >/dev/null +ipv6_exec_sysctl -w net.ipv6.conf.$DEVICE.accept_ra=$ipv6_local_auto >/dev/null +ipv6_exec_sysctl -w net.ipv6.conf.$DEVICE.accept_redirects=$ipv6_local_auto >/dev/null # Set IPv6 MTU, if given if [ ! -z "$IPV6_MTU" ]; then ipv6_set_mtu $DEVICE $IPV6_MTU fi -# Setup additional IPv6 addresses from list +# Setup additional IPv6 addresses from list, if given if [ ! -z "$IPV6ADDR_SECONDARIES" ]; then for ipv6addr in $IPV6ADDR_SECONDARIES; do - ifup_ipv6_real $DEVICE $ipv6addr + ipv6_add_addr_on_device $DEVICE $ipv6addr done fi -# Setup additional static IPv6 routes on specified interface +# Setup default IPv6 route, check are done by function +if [ ! -z "$IPV6_DEFAULTDEV" -o ! -z "$IPV6_DEFAULTGW" ]; then + ipv6_set_default_route "$IPV6_DEFAULTGW" "$IPV6_DEFAULTDEV" "$DEVICE" +fi + +# Setup additional static IPv6 routes on specified interface, if given if [ -f /etc/sysconfig/static-routes-ipv6 ]; then - grep -w "^$DEVICE" /etc/sysconfig/static-routes-ipv6 | while read device args; do - ifup_ipv6_route $args $DEVICE + LC_ALL=C grep -w "^$DEVICE" /etc/sysconfig/static-routes-ipv6 | while read device args; do + ipv6_add_route $args $DEVICE done fi # Setup of 6to4, if configured if [ "$IPV6TO4INIT" = "yes" ]; then valid6to4config="yes" + + # Test device status of 6to4 tunnel + ipv6_test_device_status tun6to4 + if [ $? = 0 ]; then + # device is already up + echo $"Device 'tun6to4' (from '$DEVICE') is already up, shutdown first" + exit 1 + fi + + # Get IPv4 address for local 6to4 prefix calculation if [ ! -z "$IPV6TO4_IPV4ADDR" ]; then # Take special configured from config file (precedence 1) ipv4addr="$IPV6TO4_IPV4ADDR" else # Get IPv4 address from interface first (has precedence 2) - ipv4addr="`LC_ALL=C ifconfig $DEVICE |grep "inet addr:" | tr : " " | awk '{ print $3 }'`" + ipv4addr="`ipv6_get_ipv4addr_of_device $DEVICE`" if [ -z "$ipv4addr" ]; then # Take configured from config file (precedence 3) ipv4addr="$IPADDR" fi fi if [ ! -z "$ipv4addr" ]; then - if ! testipv4_globalusable $ipv4addr; then - echo $"Given IPv4 address $ipv4addr is not a globally usable one, 6to4 configuration is not valid!" + if ! ipv6_test_ipv4_addr_global_usable $ipv4addr; then + echo $"Given IPv4 address '$ipv4addr' is not globally usable, 6to4 configuration is not valid" valid6to4config="no" fi if [ -z "$IPV6TO4_RELAY" ]; then - echo $"IPv6to4 configuration needs an IPv6to4 relay address, 6to4 configuration is not valid!" - valid6to4config="no" + IPV6TO4_RELAY="192.88.99.1" fi - if [ "$valid6to4config" = "yes" ]; then - if testipv4_globalusable $IPV6TO4_RELAY 2>/dev/null; then - true - elif testipv6_valid $IPV6TO4_RELAY; then - relay6to4type="ipv6" - if echo $IPV6TO4_RELAY | grep -q "^2002:"; then - # IPv6 address is a 6to4 (further tests not be implemented at the moment) - true - else - echo $"Given IPv6 address of relay is not a 6to4 one, 6to4 configuration is not valid!" - valid6to4config="no" - fi - else - echo $"Given address of relay is not a globally usable one, 6to4 configuration is not valid!" - valid6to4config="no" - fi + + # Check/generate relay address + ipv6to4_relay="`ipv6_create_6to4_relay_address $IPV6TO4_RELAY`" + if [ $? -ne 0 ]; then + valid6to4config="no" fi else - echo $"IPv6to4 configuration needs an IPv4 address on related interface or extra specified, 6to4 configuration is not valid!" + echo $"IPv6to4 configuration needs an IPv4 address on related interface or otherwise specified, 6to4 configuration is not valid" valid6to4config="no" fi + + # Setup 6to4 tunnel (hardwired name is "tun6to4"), if config is valid if [ "$valid6to4config" = "yes" ]; then - ifup_ipv6to4 $DEVICE $ipv4addr + ipv6_add_6to4_tunnel tun6to4 $ipv4addr + + # Add default route, if device matches + if [ "$IPV6_DEFAULTDEV" = "tun6to4" ]; then + if [ ! -z "$IPV6_DEFAULTGW" ]; then + echo $"Warning: interface 'tun6to4' does not support 'IPV6_DEFAULTGW', ignored" + fi + ipv6_set_default_route $ipv6to4_relay tun6to4 + fi # Add static routes if [ -f /etc/sysconfig/static-routes-ipv6 ]; then - grep -w "^sit0" /etc/sysconfig/static-routes-ipv6 | while read device network dummy; do - if [ "$relay6to4type" = "ipv6" ]; then - # Foreign 6to4 relay gateway as IPv6to4 - ifup_ipv6_route $network $IPV6TO4_RELAY sit0 - else - # Foreign 6to4 relay gateway as compatible IPv4 - ifup_ipv6_route $network ::$IPV6TO4_RELAY sit0 + LC_ALL=C grep -w "^tun6to4" /etc/sysconfig/static-routes-ipv6 | while read device network gateway; do + if [ -z "$network" ]; then + continue + fi + if [ -z "$gateway" ]; then + gateway="$ipv6to4_relay" fi + ipv6_add_route $network $ipv6to4_relay tun6to4 done - fi + fi + + # Cleanup autmatically generated autotunnel (not needed for 6to4) + ipv6_del_route "::/96" "::" tun6to4 + ipv6_del_addr_on_device tun6to4 "::$ipv4addr/128" - if [ "$IPV6TO4_CONTROL_RADVD" = "yes" ]; then + if [ "$IPV6_CONTROL_RADVD" = "yes" ]; then # RADVD is in use, so forwarding of IPv6 packets should be enabled, display warning if [ $ipv6_global_forwarding_current -ne 1 ]; then - echo $"Using 6to4 and RADVD IPv6 forwarding usually should be enabled, but it isn't!" + echo $"Using 6to4 and RADVD IPv6 forwarding usually should be enabled, but it isn't" fi - if [ -z "$IPV6TO4_RADVD_PIDFILE" ]; then - IPV6TO4_RADVD_PIDFILE="/var/run/radvd/radvd.pid" - fi - - # Send SIGHUP to radvd for prefix recalculation - if [ -f "$IPV6TO4_RADVD_PIDFILE" ]; then - pid="`cat $IPV6TO4_RADVD_PIDFILE`" - if [ ! -z "$pid" ]; then - echo $"Trigger RADVD for IPv6to4 prefix recalculation" - kill -HUP $pid - else - false - fi - fi if [ ! -z "$IPV6TO4_ROUTING" ]; then - ipv6to4prefix="`create6to4prefix $ipv4addr`" + ipv6to4prefix="`ipv6_create_6to4_prefix $ipv4addr`" if [ ! -z "$ipv6to4prefix" ]; then # Add route to local networks for devsuf in $IPV6TO4_ROUTING; do dev="`echo $devsuf | awk -F- '{ print $1 }'`" suf="`echo $devsuf | awk -F- '{ print $2 }'`" - ifup_ipv6_route ${ipv6to4prefix}$suf :: $dev + ipv6_add_route ${ipv6to4prefix}$suf :: $dev done else echo $"Error occured while calculating the IPv6to4 prefix" fi else - echo $"RADVD control enabled, but config is not complete!" + echo $"radvd control enabled, but config is not complete" fi + + # Control running radvd + ipv6_trigger_radvd up "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE fi + else + echo $"6to4 configuration is not valid" + exit 1 fi fi + diff --git a/sysconfig/network-scripts/ifup-sit b/sysconfig/network-scripts/ifup-sit index 15ed67cd..0ad99784 100755 --- a/sysconfig/network-scripts/ifup-sit +++ b/sysconfig/network-scripts/ifup-sit @@ -4,23 +4,24 @@ # # # Taken from: -# (P) & (C) 2000-2001 by Peter Bieringer <pb@bieringer.de> +# (P) & (C) 2000-2002 by Peter Bieringer <pb@bieringer.de> # # RHL integration assistance by Pekka Savola <pekkas@netcore.fi> # -# Version 2001-07-17 +# Version 2002-01-25 # -# Uses following information from "/etc/sysconfig/network": +# Uses following information from /etc/sysconfig/network: # NETWORKING_IPV6=yes|no: controls IPv6 initialization (global setting) # -# Uses following information from "/etc/sysconfig/network-scripts/ifcfg-$1": +# Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1: +# DEVICE=<device> # IPV6INIT=yes|no: controls IPv6 configuration for this interface -# IPV6_TUNNELMODE=IP|NBMA: mode of tunnel creation [default: IP] # IPV6_MTU=<MTU for IPv6>: controls IPv6 MTU for this link [optional] # # For static tunnels -# IPV6TUNNELIPV4="<ipv4 address of foreign tunnel endpoint>" -# IPV6ADDR=<ipv6address>/<prefixlength> [OPTIONAL: numbered tunnels] +# IPV6TUNNELIPV4=<IPv4 address>: IPv4 address of remote tunnel endpoint +# IPV6TUNNELIPV4LOCAL=<IPv4 address>: (optional) local IPv4 address of tunnel +# IPV6ADDR=<IPv6 address>[/<prefix length>]: (optional) local IPv6 address of a numbered tunnel # @@ -33,7 +34,11 @@ cd /etc/sysconfig/network-scripts CONFIG=$1 [ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG -source_config +source_config + +# IPv6 don't need aliases anymore, config is skipped +REALDEVICE=`echo ${DEVICE} | sed 's/:.*//g'` +[ "$DEVICE" != "$REALDEVICE" ] && exit 0 # Test whether IPv6 configuration is enabled for this interface, else stop [ "$IPV6INIT" = "yes" ] || exit 0 @@ -48,54 +53,50 @@ fi # Source IPv6 helper functions . /etc/sysconfig/network-scripts/network-functions-ipv6 + # IPv6 test, module loaded, exit if system is not IPv6-ready -test_ipv6 || exit 1 +ipv6_test || exit 1 -# Setup IPv6-in-IPv4 tunnel(s) +# Generic tunnel device sit0 is not supported here if [ "$DEVICE" = "sit0" ]; then - ifup_ipv6_autotunnel || exit 1 + echo $"Device '$DEVICE' isn't supported here, use IPV6_AUTOTUNNEL setting and restart (IPv6) networking" + exit 1 +fi + +if [ -z "$IPV6TUNNELIPV4" ]; then + echo $"Missing remote IPv4 address of tunnel, configuration is not valid" + exit 1 +fi + +# Test device status +ipv6_test_device_status $DEVICE +if [ $? = 0 ]; then + # device is already up + echo $"Device '$DEVICE' is already up, please shutdown first" + exit 1 +fi + +# Create tunnel +ipv6_add_tunnel_device $DEVICE $IPV6TUNNELIPV4 "" $IPV6TUNNELIPV4LOCAL || exit 1 + +# Set IPv6 MTU, if given +if [ ! -z "$IPV6_MTU" ]; then + ipv6_set_mtu $DEVICE $IPV6_MTU +fi + +# Apply local IPv6 address, if given (numbered tunnel) +if [ ! -z "$IPV6ADDR" ]; then + ipv6_add_addr_on_device $DEVICE $IPV6ADDR +fi + +# Setup default IPv6 route, check are done by function +if [ ! -z "$IPV6_DEFAULTDEV" -o ! -z "$IPV6_DEFAULTGW" ]; then + ipv6_set_default_route "$IPV6_DEFAULTGW" "$IPV6_DEFAULTDEV" "$DEVICE" +fi - # Set IPv6 MTU, if given - if [ ! -z "$IPV6_MTU" ]; then - ipv6_set_mtu $DEVICE $IPV6_MTU - fi - -elif [ ! -z "$IPV6TUNNELIPV4" ]; then - if [ "$IPV6_TUNNELMODE" = "NBMA" ]; then - if [ ! -z "$IPV6ADDR" ]; then - ifup_ipv6_real sit0 $IPV6ADDR - fi - - # Add static IPv6 tunnel routes on specified virtual interface - if [ -f /etc/sysconfig/static-routes-ipv6 ]; then - grep -w "^$DEVICE" /etc/sysconfig/static-routes-ipv6 | while read device ipv6route args; do - ifup_ipv6_tunnel $DEVICE $IPV6TUNNELIPV4 $ipv6route - done - fi - - # Set IPv6 MTU, if given and in range - if [ ! -z "$IPV6_MTU" ]; then - ipv6_set_mtu sit0 $IPV6_MTU - fi - - elif [ -z "$IPV6_TUNNELMODE" -o "$IPV6_TUNNELMODE" = "IP" ]; then - ifup_ipv6_tunneldev $DEVICE $IPV6TUNNELIPV4 || exit 1 - - # Set IPv6 MTU, if given and in range - if [ ! -z "$IPV6_MTU" ]; then - ipv6_set_mtu $DEVICE $IPV6_MTU - fi - - if [ ! -z "$IPV6ADDR" ]; then - ifup_ipv6_real $DEVICE $IPV6ADDR - fi - - if [ -f /etc/sysconfig/static-routes-ipv6 ]; then - grep -w "^$DEVICE" /etc/sysconfig/static-routes-ipv6 | while read device ipv6route args; do - ifup_ipv6_route $ipv6route :: $DEVICE - done - fi - else - echo $"Tunnel creation mode '$IPV6_TUNNELMODE' not supported - skip!" - fi +# Setup additional static IPv6 routes on specified interface, if given +if [ -f /etc/sysconfig/static-routes-ipv6 ]; then + LC_ALL=C grep -w "^$DEVICE" /etc/sysconfig/static-routes-ipv6 | while read device ipv6route args; do + ipv6_add_route $ipv6route :: $DEVICE + done fi diff --git a/sysconfig/network-scripts/init.ipv6-global b/sysconfig/network-scripts/init.ipv6-global index aed005d8..fa380391 100755 --- a/sysconfig/network-scripts/init.ipv6-global +++ b/sysconfig/network-scripts/init.ipv6-global @@ -3,25 +3,30 @@ # init.ipv6-global # # -# Taken from: -# (P) & (C) 2001 by Peter Bieringer <pb@bieringer.de> +# Taken from: init.ipv6-global +# (P) & (C) 2001-2002 by Peter Bieringer <pb@bieringer.de> +# +# You will find more information in the IPv6-HowTo for Linux at +# http://www.bieringer.de/linux/IPv6/ # # RHL integration assistance by Pekka Savola <pekkas@netcore.fi> # -# Version 2001-07-15a +# Version 2002-01-25 # # Calling parameters: # $1: action (currently supported: start|stop|showsysctl) # $2: position for start|stop (currently supported: pre|post) # -# Called by hooks from /etc/rc.d/init.d/network +# Called by hooks from /etc/[rc.d/]init.d/network # # Uses following information from /etc/sysconfig/network: # NETWORKING_IPV6=yes|no: controls global IPv6 initialization (default: no) # IPV6FORWARDING=yes|no: controls global IPv6 forwarding (default: no) -# IPV6AUTOCONF=yes|no: controls global automatic IPv6 configuration +# IPV6_AUTOCONF=yes|no: controls global automatic IPv6 configuration # (default: yes if IPV6FORWARDING=no, no if IPV6FORWARDING=yes) # IPV6_AUTOTUNNEL=yes|no: controls automatic IPv6 tunneling (default: no) +# IPV6_DEFAULTGW=<ipv6address[%interface]> [optional] +# IPV6_DEFAULTDEV=<interface> [optional] # @@ -47,13 +52,14 @@ fi # Source IPv6 helper functions . /etc/sysconfig/network-scripts/network-functions-ipv6 + # Initialize IPv6, depending on caller option case $ACTION in start) case $POSITION in pre) # IPv6 test, module loaded, exit if system is not IPv6-ready - test_ipv6 || exit 1 + ipv6_test || exit 1 if [ "$IPV6FORWARDING" = "yes" ]; then @@ -61,7 +67,7 @@ case $ACTION in ipv6_global_auto=0 else ipv6_global_forwarding=0 - if [ "$IPV6AUTO" = "no" ]; then + if [ "$IPV6_AUTOCONF" = "no" ]; then ipv6_global_auto=0 else ipv6_global_auto=1 @@ -69,44 +75,52 @@ case $ACTION in fi # Reset IPv6 sysctl switches for "all", "default" and still existing devices - for i in /proc/sys/net/ipv6/conf/*; do - if [ ! -d $i ]; then - continue - fi - interface="`echo $i | awk -F/ '{ print $NF}'`" + sysctl -a | grep "^net\.ipv6\.conf\." | awk -F. '{ print $4 }' | sort | uniq | while read interface; do # Host/Router behaviour for the interface - sysctl -w net.ipv6.conf.$interface.forwarding=$ipv6_global_forwarding >/dev/null + ipv6_exec_sysctl -w net.ipv6.conf.$interface.forwarding=$ipv6_global_forwarding >/dev/null # Autoconfiguration and redirect handling for Hosts - sysctl -w net.ipv6.conf.$interface.accept_ra=$ipv6_global_auto >/dev/null - sysctl -w net.ipv6.conf.$interface.accept_redirects=$ipv6_global_auto >/dev/null + ipv6_exec_sysctl -w net.ipv6.conf.$interface.accept_ra=$ipv6_global_auto >/dev/null + ipv6_exec_sysctl -w net.ipv6.conf.$interface.accept_redirects=$ipv6_global_auto >/dev/null done - - if [ "$IPV6_AUTOTUNNEL" = "yes" ]; then - ifup_ipv6_autotunnel - fi ;; post) # IPv6 test, module loaded, exit if system is not IPv6-ready - test_ipv6 || exit 1 + ipv6_test || exit 1 + if [ "$IPV6_AUTOTUNNEL" = "yes" ]; then + ipv6_enable_autotunnel + # autotunnel interface doesn't require a MTU setup + fi + ## Add some routes which should never appear on the wire # Unreachable IPv4-only addresses, normally blocked by source address selection - ip route add unreach ::ffff:0.0.0.0/96 + ipv6_exec_ip route add unreach ::ffff:0.0.0.0/96 # Unreachable IPv4-mapped addresses - ip route add unreach ::0.0.0.0/96 + ipv6_exec_ip route add unreach ::0.0.0.0/96 # Unreachable 6to4: IPv4 multicast, reserved, limited broadcast - ip route add unreach 2002:e000::/19 + ipv6_exec_ip route add unreach 2002:e000::/19 # Unreachable 6to4: IPv4 loopback - ip route add unreach 2002:7f00::/24 - # Unreachable 6to4: IPv4 private (RFC1918) - ip route add unreach 2002:0a00::/24 - ip route add unreach 2002:ac10::/28 - ip route add unreach 2002:c0a8::/32 - # Unreachable 6to4: IPv4 private (DHCP link-local) - ip route add unreach 2002:a9fe::/32 + ipv6_exec_ip route add unreach 2002:7f00::/24 + # Unreachable 6to4: IPv4 private (RFC 1918) + ipv6_exec_ip route add unreach 2002:0a00::/24 + ipv6_exec_ip route add unreach 2002:ac10::/28 + ipv6_exec_ip route add unreach 2002:c0a8::/32 + # Unreachable 6to4: IPv4 private (APIPA / DHCP link-local) + ipv6_exec_ip route add unreach 2002:a9fe::/32 + # Unreachable IPv6: 6bone test addresses + ipv6_exec_ip route add unreach 3ffe:ffff::/32 + + # Set default route for autotunnel, if specified + if [ "$IPV6_DEFAULTDEV" = "sit0" -a "$IPV6_AUTOTUNNEL" = "yes" ]; then + if [ ! -z "$IPV6_DEFAULTGW" ]; then + ipv6_set_default_route $IPV6_DEFAULTGW $IPV6_DEFAULTDEV sit0 + elif [ ! -z "$IPV6_DEFAULTDEV" ]; then + ipv6_set_default_route "" $IPV6_DEFAULTDEV sit0 + fi + fi ;; *) @@ -120,34 +134,30 @@ case $ACTION in case $POSITION in pre) # IPv6 test, no module loaded, exit if system is not IPv6-ready - test_ipv6 testonly || exit 0 + ipv6_test testonly || exit 0 ;; post) # IPv6 test, no module loaded, exit if system is not IPv6-ready - test_ipv6 testonly || exit 0 + ipv6_test testonly || exit 0 - for i in /proc/sys/net/ipv6/conf/*; do - if [ ! -d $i ]; then - continue - fi - interface="`echo $i | awk -F/ '{ print $NF}'`" + sysctl -a | grep "^net\.ipv6\.conf\." | awk -F. '{ print $4 }' | sort | uniq | while read interface; do # Assume Host behaviour - sysctl -w net.ipv6.conf.$interface.forwarding=0 >/dev/null + ipv6_exec_sysctl -w net.ipv6.conf.$interface.forwarding=0 >/dev/null # Disable autoconfiguration and redirects - sysctl -w net.ipv6.conf.$interface.accept_ra=0 >/dev/null - sysctl -w net.ipv6.conf.$interface.accept_redirects=0 >/dev/null + ipv6_exec_sysctl -w net.ipv6.conf.$interface.accept_ra=0 >/dev/null + ipv6_exec_sysctl -w net.ipv6.conf.$interface.accept_redirects=0 >/dev/null done - # Find still existing tunnel devices and shutdown and delete them - LC_ALL=C ip tunnel | grep "ipv6/ip" | awk -F: '{ print $1 }' | while read device; do - ifdown_ipv6_tunneldev $device - done + # Cleanup still existing tunnel devices + ipv6_cleanup_tunnel_devices + # Shut down generic tunnel interface now + ipv6_exec_ifconfig sit0 down ;; *) @@ -163,15 +173,11 @@ case $ACTION in showsysctl) # Run only basic tests, no module is loaded, if not ok, skip IPv6 initialization - test_ipv6 testonly || exit 0 + ipv6_test testonly || exit 0 # Show sysctl switches - for i in /proc/sys/net/ipv6/conf/default/*; do - if [ ! -f $i ]; then continue; fi - switch="`echo $i | awk -F/ '{ print $NF}'`" - for j in /proc/sys/net/ipv6/conf/*; do - if [ ! -d $j ]; then continue; fi - interface="`echo $j | awk -F/ '{ print $NF}'`" + sysctl -a | grep "^net\.ipv6\.conf\.default\." | awk -F. '{ print $5 }' | awk -F= '{ print $1 }' | sed 's/ //g' | while read switch; do + sysctl -a | grep "^net\.ipv6\.conf\." | awk -F. '{ print $4 }' | sort | uniq | while read interface; do sysctl net.ipv6.conf.$interface.$switch done echo @@ -179,7 +185,7 @@ case $ACTION in ;; *) - echo "Usage: $0 {start|stop|showsysctl}" + echo $"Usage: $0 {start|stop|reload|restart|showsysctl}" exit 1 ;; diff --git a/sysconfig/network-scripts/network-functions-ipv6 b/sysconfig/network-scripts/network-functions-ipv6 index fc7b5254..dd1bd823 100644 --- a/sysconfig/network-scripts/network-functions-ipv6 +++ b/sysconfig/network-scripts/network-functions-ipv6 @@ -2,30 +2,170 @@ # # network-functions-ipv6 # -# Taken from: -# (P) & (C) 1997-2001 by Peter Bieringer <pb@bieringer.de> +# Taken from: network-functions-ipv6 +# (P) & (C) 1997-2002 by Peter Bieringer <pb@bieringer.de> # -# Version: 2001-07-17a +# Version: 2002-01-25 # # Extended address detection is enabled, if 'ipv6calc' is installed # Available here: http://www.bieringer.de/linux/IPv6/tools/index.html#ipv6calc # +# + -# Return values -# 0 = ok -# 1 = error occurs -# 2 = not enabled, i.e. no IPv6 kernel support or switched off by configuration +##### Logging function +# $1: <message> : message string +# $2: [stdout|stderr].[err|warn[ing]|inf[o]|notice] : log level with optional channel, default is "stdout.notice" +# [syslog.[facility.].err|warn[ing]|inf[o]|notice : syslog channel, default is "syslog.user.notice" +# $3: <function name> : name of function which calls this log function, can be empty using "" +# return code: 0=ok 1=argument error 3=major problem +ipv6_log() { + local message="$1" + local level="$2" + local name="$3" + + if [ -z "$message" ]; then + echo $"ERROR: [ipv6_log] Missing 'message' (arg 1)" >/dev/stderr + return 1 + fi + if [ -z "$level" ]; then + local level="stdout.notice" + fi + + + # Map loglevel now + local fn=1 + local fnawk="print \$$fn" + local t="`echo $level | awk -F. "{ $fnawk }"`" + + # Check channel, if given + case $t in + 'stdout'|'stderr'|'syslog') + local channel="$t" + local fn=$[ $fn + 1 ] + ;; + *) + local channel="stdout" + ;; + esac + + # Check syslog facilty, if given + if [ "$channel" = "syslog" ]; then + local fnawk="print \$$fn" + local t="`echo $level | awk -F. "{ $fnawk }"`" + case $t in + 'local0'|'local1'|'local2'|'local3'|'local4'|'local5'|'local6'|'local7'|'daemon') + local facility="$t" + local fn=$[ $fn + 1 ] + ;; + *) + local facility="user" + ;; + esac + fi + + local fnawk="print \$$fn" + local t="`echo $level | awk -F. "{ $fnawk }"`" + + # Map priority + [ "$t" = "inf" ] && local t="info" + [ "$t" = "deb" ] && local t="debug" + [ "$t" = "warning" ] && local t="warn" + [ "$t" = "error" ] && local t="err" + [ "$t" = "critical" ] && local t="crit" + + # Check priority, if given + case $t in + 'info'|'debug'|'notice'|'warn'|'err'|'crit') + local priority="$t" + local fn=$[ $fn + 1 ] + ;; + *) + local priority="notice" + ;; + esac + + local fnawk="print \$$fn" + local t="`echo $level | awk -F. "{ $fnawk }"`" + if [ ! -z "$t" ]; then + echo $"ERROR: [ipv6_log] Loglevel isn't valid '$level' (arg 2)" >/dev/stderr + return 1 + fi + + # Generate function text + if [ -z "$name" ]; then + local txt_name="" + else + local txt_name="[$name]" + fi + + # Log message + case $channel in + 'stdout'|'stderr') + # Generate level text + case $priority in + 'debug') + local txt_level=$"DEBUG " + ;; + 'err') + local txt_level=$"ERROR " + ;; + 'warn') + local txt_level=$"WARN " + ;; + 'crit') + local txt_level=$"CRITICAL " + ;; + 'info') + local txt_level=$"INFO " + ;; + 'notice') + local txt_level=$"NOTICE " + ;; + esac + + [ ! -z "$txt_name" ] && local txt_name="$txt_name " + + if [ "$channel" = "stderr" ]; then + echo "$txt_level: ${txt_name}${message}" >/dev/stderr + elif [ "$channel" = "stdout" ]; then + echo "$txt_level: ${txt_name}${message}" + fi + ;; + 'syslog') + + if [ ! -x logger ]; then + echo $"ERROR: [ipv6_log] Syslog is chosen, but binary 'logger' doesn't exist or isn't executable" >/dev/stderr + return 3 + fi + if [ -z "$txt_name" ]; then + logger -p $facility.$priority $message + else + logger -p $facility.$priority -t "$txt_name" "$message" + fi + ;; + *) + echo $"ERROR: [ipv6_log] Cannot log to channel '$channel'" >/dev/stderr + return 3 + ;; + esac + + return 0 +} + + +###### Beginning of main code here, always executed on "source|. network-functions-ipv6" ##### Test for "ipv6calc" (used for better existing address detection) EXISTS_ipv6calc=no if which ipv6calc >/dev/null 2>&1; then - if ipv6calc --if_inet62addr 3ffe04000100f1010000000000000001 40 | grep -q -v '3ffe:400:100:f101::1/64'; then + if ipv6calc --if_inet62addr 3ffe04000100f1010000000000000001 40 | LC_ALL=C grep -q -v '3ffe:400:100:f101::1/64'; then false - elif ipv6calc --addr2if_inet6 3ffe:400:100::1/64 | grep -q -v '3ffe0400010000000000000000000001 00 40'; then + elif ipv6calc --addr2if_inet6 3ffe:400:100::1/64 | LC_ALL=C grep -q -v '3ffe0400010000000000000000000001 00 40'; then false else EXISTS_ipv6calc=yes @@ -35,12 +175,17 @@ EXISTS_ipv6calc=no fi + +###### End of main code here + + ##### Test for IPv6 capabilites # $1: (optional) testflag: currently supported: "testonly" (do not load a module) -test_ipv6() { - local testflag=$1 - +# return code: 0=ok 2=IPv6 test fails +ipv6_test() { + local fn="ipv6_test" + local testflag=$1 if ! [ -f /proc/net/if_inet6 ]; then if [ "$testflag" = "testonly" ]; then @@ -49,7 +194,7 @@ test_ipv6() { modprobe ipv6 if ! [ -f /proc/net/if_inet6 ]; then - echo $"Kernel is not compiled with IPv6 support" + ipv6_log $"Kernel is not compiled with IPv6 support" crit $fn return 2 fi fi @@ -59,44 +204,95 @@ test_ipv6() { return 2 fi - if ! which ip 2>&1 >/dev/null; then - echo $"Utility 'ip' (from the iproute package) doesn't exist or isn't executable - non-NBMA-styled tunneling setup won't work!" + ipv6_log $"Utility 'ip' (from iproute-package) doesn't exist or isn't executable - stop" crit $fn return 2 fi - return 0 } ##### Get version of this function libary +# stdout: <version number YYYYMMDD> getversion_ipv6_functions() { - local version_ipv6_functions="`cat /etc/sysconfig/network-scripts/network-functions-ipv6 | grep "^# Version:" | awk '{ print $3 }' | sed 's/-//g' | sed 's/[A-Za-z]*$//g'`" + local version_ipv6_functions="`cat /etc/sysconfig/network-scripts/network-functions-ipv6 | LC_ALL=C grep "^# Version:" | awk '{ print $3 }' | sed 's/-//g' | sed 's/[A-Za-z]*$//g'`" echo $version_ipv6_functions } + +##### Wrapper for used binaries +## ifconfig +# $*: <arguments...> +# return code: result of execution +ipv6_exec_ifconfig() { + local options=$* + + LC_ALL=C ifconfig $options 2>&1 + + return $? +} + + +## route +# $*: <arguments...> +# return code: result of execution +ipv6_exec_route() { + local options=$* + + LC_ALL=C route $options 2>&1 + + return $? +} + + +## ip +# $*: <arguments...> +# return code: result of execution +ipv6_exec_ip() { + local options=$* + + LC_ALL=C ip $options 2>&1 + + return $? +} + + +## sysctl +# $*: <arguments...> +# return code: result of execution +ipv6_exec_sysctl() { + local options=$* + + LC_ALL=C sysctl $options 2>&1 + + return $? +} + + ##### Control IPv6 forwarding # Control IPv6 forwarding -# $1: control [yes|no|on|off] -# $2: network device (if not given, global IPv6 forwarding is set) [OBSOLETE] -forwarding_ipv6() { +# $1: yes|no|on|off : control value +# $2: [<interface>] : (optional), if not given, global IPv6 forwarding is set [OBSOLETE] +# return code: 0=ok 1=argument error 2=IPv6 test fails +ipv6_control_forwarding() { + local fn="ipv6_control_forwarding" + local fw_control=$1 local fw_device=$2 # maybe empty if [ -z "$fw_control" ]; then - echo $"Missing parameter 'forwarding control' (arg 1)" + ipv6_log $"Missing parameter 'forwarding control' (arg 1)" err $fn return 1 fi if ! [ "$fw_control" = "yes" -o "$fw_control" = "no" -o "$fw_control" = "on" -o "$fw_control" = "off" ]; then - echo $"Don't understand forwarding control parameter '$fw_control' (arg 1)" + ipv6_log $"Forwarding control parameter isn't valid '$fw_control' (arg 1)" err $fn return 1 fi - test_ipv6 || return 2 - + ipv6_test || return 2 if [ "$fw_control" = "yes" -o "$fw_control" = "on" ]; then local status=1 @@ -106,131 +302,146 @@ forwarding_ipv6() { # Global control? (if no device is given) if [ -z "$fw_device" ]; then - sysctl -w net.ipv6.conf.all.forwarding=$status >/dev/null + ipv6_exec_sysctl -w net.ipv6.conf.all.forwarding=$status >/dev/null fi # Per device control (not implemented in kernel) if [ ! -z "$fw_device" ]; then - echo $"IPv6 forwarding per device cannot be controlled via sysctl - use netfilter6 instead!" + ipv6_log $"IPv6 forwarding per device cannot be controlled via sysctl - use netfilter6 instead" warn $fn fi + return 0 } ##### Static IPv6 route configuration # Set static IPv6 route -# $1: IPv6 network to route -# $2: IPv6 gateway over which $1 should be routed (if "::", gw will be skipped) -# $3: Interface (optional) -ifup_ipv6_route() { +# $1: <IPv6 network> : to route +# $2: <IPv6 gateway> : over which $1 should be routed (if "::", gw will be skipped) +# $3: [<Interface>] : (optional) +# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem adding route +ipv6_add_route() { + local fn="ipv6_add_route" + local networkipv6=$1 local gatewayipv6=$2 local device=$3 # maybe empty if [ -z "$networkipv6" ]; then - echo $"Missing parameter 'IPv6-network' (arg 1)" + ipv6_log $"Missing parameter 'IPv6-network' (arg 1)" err $fn return 1 fi if [ -z "$gatewayipv6" ]; then - echo $"Missing parameter 'IPv6-gateway' (arg 2)" + ipv6_log $"Missing parameter 'IPv6-gateway' (arg 2)" err $fn return 1 fi - test_ipv6 || return 2 + ipv6_test || return 2 - testipv6_valid $networkipv6 || return 2 - testipv6_valid $gatewayipv6 || return 2 + ipv6_test_ipv6_addr_valid $networkipv6 || return 2 + ipv6_test_ipv6_addr_valid $gatewayipv6 || return 2 - if [ -z "$device" ]; then - local output="`LC_ALL=C route -A inet6 add $networkipv6 gw $gatewayipv6 2>&1`" + local returntxt="`ipv6_exec_ip -6 route add $networkipv6 via $gatewayipv6 metric 1`" else if [ "$gatewayipv6" = "::" ]; then - local output="`LC_ALL=C route -A inet6 add $networkipv6 dev $device 2>&1`" + local returntxt="`ipv6_exec_ip -6 route add $networkipv6 dev $device metric 1`" else - local output="`LC_ALL=C route -A inet6 add $networkipv6 gw $gatewayipv6 dev $device 2>&1`" + local returntxt="`ipv6_exec_ip -6 route add $networkipv6 via $gatewayipv6 dev $device metric 1`" fi fi - if [ $? -ne 0 ]; then - if echo $output | grep -i -q 'SIOCADDRT: File exists'; then + if [ ! -z "$returntxt" ]; then + if echo $returntxt | grep -q "File exists"; then + # Netlink: "File exists" true - else - echo $output - return 2 + elif echo $returntxt | grep -q "No route to host"; then + # Netlink: "No route to host" + ipv6_log $"'No route to host' adding route '$networkipv6' via gateway '$gatewayipv6' through device '$device'" warn $fn + return 3 + else + ipv6_log $"Unknown error" warn $fn + return 3 fi fi return 0 } + # Delete a static IPv6 route -# $1: IPv6 network to route -# $2: IPv6 gateway over which $1 should be routed (if "::", gw will be skipped) -# $3: Interface (optional) -ifdown_ipv6_route() { +# $1: <IPv6 network> : to route +# $2: <IPv6 gateway> : over which $1 should be routed (if "::", gw will be skipped) +# $3: [<Interface>] : (optional) +# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem adding route +ipv6_del_route() { + local fn="ipv6_del_route" + local networkipv6=$1 local gatewayipv6=$2 local device=$3 # maybe empty if [ -z "$networkipv6" ]; then - echo $"Missing parameter 'IPv6-network' (arg 1)" + ipv6_log $"Missing parameter 'IPv6-network' (arg 1)" err $fn return 1 fi if [ -z "$gatewayipv6" ]; then - echo $"Missing parameter 'IPv6-gateway' (arg 2)" + ipv6_log $"Missing parameter 'IPv6-gateway' (arg 2)" err $fn return 1 fi - test_ipv6 || return 2 + ipv6_test testonly || return 2 # Test, whether given IPv6 address is valid - testipv6_valid $networkipv6 || return 2 - testipv6_valid $gatewayipv6 || return 2 + ipv6_test_ipv6_addr_valid $networkipv6 || return 1 + ipv6_test_ipv6_addr_valid $gatewayipv6 || return 1 - if [ -z "$device" ]; then - local output="`LC_ALL=C route -A inet6 del $networkipv6 gw $gatewayipv6 2>&1`" + ipv6_exec_ip -6 route del $networkipv6 via $gatewayipv6 + local result=$? else if [ "$gatewayipv6" = "::" ]; then - local output="`LC_ALL=C route -A inet6 del $networkipv6 dev $device 2>&1`" + ipv6_exec_ip -6 route del $networkipv6 dev $device + local result=$? else - local output="`LC_ALL=C route -A inet6 del $networkipv6 gw $gatewayipv6 dev $device 2>&1`" + ipv6_exec_ip -6 route del $networkipv6 via $gatewayipv6 dev $device + local result=$? fi fi - if [ $? -ne 0 ]; then - if echo $output | grep -i -q 'SIOCDELRT: No such process'; then - true - else - echo $output - return 2 - fi + if [ $result -eq 2 ]; then + # Netlink: "No such process" + true + elif [ $result -ne 0 ]; then + return 3 fi return 0 } + # Delete all static IPv6 routes through a given interface -# $1: Interface -# $2: Gateway match (optional) -ifdown_ipv6_route_all() { +# $1: <Interface> +# $2: [<Gateway>] : to match (optional) +# return code: 0=ok 1=argument error 2=IPv6 test fails +ipv6_cleanup_routes() { + local fn="ipv6_cleanup_routes" + local device=$1 local gatewaymatch=$2 if [ -z "$device" ]; then - echo $"Missing parameter 'device' (arg 1)" + ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi - test_ipv6 || return 2 - + ipv6_test testonly || return 2 # Get all IPv6 routes through given interface and remove them - LC_ALL=C route -A inet6 -n | grep "$device\W*$" | while read ipv6net nexthop flags metric ref use iface args; do + ipv6_exec_route -A inet6 -n | LC_ALL=C grep "$device\W*$" | while read ipv6net nexthop flags metric ref use iface args; do if [ "$iface" = "$device" ]; then if [ ! -z "$gatewaymatch" ]; then # Test if given gateway matches @@ -239,38 +450,41 @@ ifdown_ipv6_route_all() { fi fi # Only non addrconf (automatic installed) routes should be removed - if echo $flags | grep -v -q "A"; then - local output="`LC_ALL=C route -A inet6 del $ipv6net gw $nexthop dev $iface 2>&1`" + if echo $flags | LC_ALL=C grep -v -q "A"; then + ipv6_exec_route -A inet6 del $ipv6net gw $nexthop dev $iface fi fi done + return 0 } ##### automatic tunneling configuration ## Configure automatic tunneling up -ifup_ipv6_autotunnel() { - test_ipv6 || return 2 +# return code: 0=ok 2=IPv6 test fails 3=major problem +ipv6_enable_autotunnel() { + local fn="ipv6_enable_autotunnel" + ipv6_test || return 2 # enable IPv6-over-IPv4 tunnels - if test_interface_status sit0; then + if ipv6_test_device_status sit0; then true else # bring up basic tunnel device - ifconfig sit0 up + ipv6_exec_ifconfig sit0 up - if ! test_interface_status sit0; then - echo $"Tunnel device 'sit0' enabling didn't work - FATAL ERROR!" - return 2 + if ! ipv6_test_device_status sit0; then + ipv6_log $"Tunnel device 'sit0' enabling didn't work" err $fn + return 3 fi - # Set sysctls proper (regardless "default") - sysctl -w net.ipv6.conf.sit0.forwarding=1 >/dev/null - sysctl -w net.ipv6.conf.sit0.accept_ra=0 >/dev/null - sysctl -w net.ipv6.conf.sit0.accept_redirects=0 >/dev/null + # Set sysctls proper (regardless "default") + ipv6_exec_sysctl -w net.ipv6.conf.sit0.forwarding=1 >/dev/null + ipv6_exec_sysctl -w net.ipv6.conf.sit0.accept_ra=0 >/dev/null + ipv6_exec_sysctl -w net.ipv6.conf.sit0.accept_redirects=0 >/dev/null fi return 0 @@ -278,30 +492,32 @@ ifup_ipv6_autotunnel() { ## Configure automatic tunneling down -ifdown_ipv6_autotunnel() { - test_ipv6 || return 2 +# return code: 0=ok 2=IPv6 test fails 3=major problem +ipv6_disable_autotunnel() { + local fn="ipv6_disable_autotunnel" + ipv6_test testonly || return 2 - if test_interface_status sit0; then + if ipv6_test_device_status sit0; then # disable IPv6-over-IPv4 tunnels (if a tunnel is no longer up) - if LC_ALL=C route -A inet6 -n | grep "sit0\W*$" | awk '{ print $2 }' | grep -v -q "^::$"; then + if ipv6_exec_route -A inet6 -n | LC_ALL=C grep "sit0\W*$" | awk '{ print $2 }' | LC_ALL=C grep -v -q "^::$"; then # still existing routes, skip shutdown of sit0 true - elif LC_ALL=C ip addr show dev sit0 | grep inet6 | awk '{ print $2 }' | grep -v -q '^::'; then + elif ipv6_exec_ip addr show dev sit0 | LC_ALL=C grep inet6 | awk '{ print $2 }' | LC_ALL=C grep -v -q '^::'; then # still existing IPv6 addresses, skip shutdown of sit0 true else # take down basic tunnel device - sysctl -w net.ipv6.conf.sit0.forwarding=0 >/dev/null - sysctl -w net.ipv6.conf.sit0.accept_ra=0 >/dev/null - sysctl -w net.ipv6.conf.sit0.accept_redirects=0 >/dev/null + ipv6_exec_sysctl -w net.ipv6.conf.sit0.forwarding=0 >/dev/null + ipv6_exec_sysctl -w net.ipv6.conf.sit0.accept_ra=0 >/dev/null + ipv6_exec_sysctl -w net.ipv6.conf.sit0.accept_redirects=0 >/dev/null - ifconfig sit0 down + ipv6_exec_ifconfig sit0 down - if test_interface_status sit0; then - echo $"Tunnel device 'sit0' is still up - FATAL ERROR!" - return 2 + if ipv6_test_device_status sit0; then + ipv6_log $"Tunnel device 'sit0' is still up" err $fn + return 3 fi fi fi @@ -310,298 +526,251 @@ ifdown_ipv6_autotunnel() { } -##### static NBMA-styled tunnel configuration - -## Configure static tunnels up -# $1: Interface (not needed - dummy) -# $2: IPv4 address of foreign tunnel -# $3: IPv6 route through this tunnel -ifup_ipv6_tunnel() { - local device=$1 - local addressipv4tunnel=$2 - local routeipv6=$3 - - if [ -z "$device" ]; then - echo $"Missing parameter 'device' (arg 1)" - return 1 - fi - - if [ -z "$addressipv4tunnel" ]; then - echo $"Missing parameter 'IPv4-tunnel address' (arg 2)" - return 1 - fi - - if [ -z "$routeipv6" ]; then - echo $"Missing parameter 'IPv6-route' (arg 3)" - return 1 - fi - - test_ipv6 || return 2 - - - # Test, whether given IPv6 address is valid - testipv6_valid $routeipv6 || return 2 - - - # enable general IPv6-over-IPv4 tunneling - ifup_ipv6_autotunnel - if [ $? -ne 0 ]; then - return 2 - fi - - # Set up a tunnel - ifup_ipv6_route $routeipv6 ::$addressipv4tunnel sit0 - if [ $? -ne 0 ]; then - return 2 - fi - - return 0 -} - - -## Configure static tunnels down -# $1: Interface (not used - dummy) -# $2: IPv4 address of foreign tunnel -# $3: IPv6 route through this tunnel -ifdown_ipv6_tunnel() { - local device=$1 - local addressipv4tunnel=$2 - local routeipv6=$3 - - if [ -z "$device" ]; then - echo $"Missing parameter 'device' (arg 1)" - return 1 - fi - - if [ -z "$addressipv4tunnel" ]; then - echo $"Missing parameter 'IPv4-tunnel address' (arg 2)" - return 1 - fi - - if [ -z "$routeipv6" ]; then - echo $"Missing parameter 'IPv6-route' (arg 3)" - return 1 - fi - - test_ipv6 || return 2 - - - - # Delete a NBMA-styled tunnel - ifdown_ipv6_route $routeipv6 ::$addressipv4tunnel sit0 - if [ $? -ne 0 ]; then - return 2 - fi - - # disable IPv6-over-IPv4 tunneling (if this was the last tunnel) - ifdown_ipv6_autotunnel - -} - - -## Remove all IPv6 tunnels for a given tunnel endpoint -# $1: Interface (not used - dummy) -# $2: IPv4-tunnel address -ifdown_ipv6_tunnel_all() { - local idtuall_device=$1 - local idtuall_tunnel=$2 - - if [ -z "$idtuall_device" ]; then - echo $"Missing parameter 'device' (arg 1)" - return 1 - fi - - if [ -z "$idtuall_tunnel" ]; then - echo $"Missing parameter 'IPv4-tunnel address' (arg 2)" - return 1 - fi - - test_ipv6 || return 2 - - - # Get all IPv6 routes through given interface and remove them - LC_ALL=C route -A inet6 -n | grep "::$idtuall_tunnel" | while read ipv6net nexthop flags metric ref use iface args; do - if [ "::$idtuall_tunnel" = "$nexthop" ]; then - if echo $flags | grep -v -q "A"; then - # Only non addrconf (automatic installed) routes should be removed - ifdown_ipv6_tunnel $idtuall_device $idtuall_tunnel $ipv6net - fi - fi - done - - # disable IPv6-over-IPv4 tunneling (if this was the last tunnel) - ifdown_ipv6_autotunnel - return 0 -} - ##### Test, whether an IPv6 address exists on an interface -# $1: Device for testing -# $2: Address to test (without prefix) -# $3: Prefix of address $1 -# return values: 1:problem, 10:not exists, 11:exits -test_ipv6_address_exists() { +# $1: <Interface> : to testing +# $2: <IPv6 Address> : to test (without prefix length) +# $3: <Prefix length> : of address $2 +# return values: 0=ok (exists) 1=argument error 3=major problem 10=not exists +ipv6_test_addr_exists_on_device() { + local fn="ipv6_test_addr_exists_on_device" + local testdevice=$1 local testaddr=$2 local testprefix=$3 + if [ -z "$testdevice" ]; then + ipv6_log $"Missing parameter 'device' (arg 1)" err $fn + return 1 + fi if [ -z "$testaddr" ]; then - echo $"Missing parameter 'IPv6AddrToTest' (arg 2)" + ipv6_log $"Missing parameter 'IPv6 address to test' (arg 2)" err $fn + return 1 + fi + if [ -z "$testprefix" ]; then + ipv6_log $"Missing parameter 'IPv6 address prefix length' (arg 3)" err $fn return 1 fi + ipv6_test testonly || return 2 if [ "$EXISTS_ipv6calc" = "yes" ]; then # Using ipv6calc and compare against /proc/net/if_inet6 local convertresult="`ipv6calc --addr2if_inet6 $testaddr/$testprefix`" + # Split in address, scope and prefix length local test_addr="`echo $convertresult | awk '{ print $1 }'`" local test_scope="`echo $convertresult | awk '{ print $2 }'`" local test_prefixlength="`echo $convertresult | awk '{ print $3 }'`" if [ -z "$test_prefixlength" ]; then - local testresult="`grep "$test_addr .. .. $test_scope .." /proc/net/if_inet6 | grep $testdevice$`" + local testresult="`LC_ALL=C grep "$test_addr .. .. $test_scope .." /proc/net/if_inet6 | LC_ALL=C grep $testdevice$`" else - local testresult="`grep "$test_addr .. $test_prefixlength $test_scope .." /proc/net/if_inet6 | grep $testdevice$`" + local testresult="`LC_ALL=C grep "$test_addr .. $test_prefixlength $test_scope .." /proc/net/if_inet6 | LC_ALL=C grep $testdevice$`" fi if [ ! -z "$testresult" ]; then - return 11 + # exists + return 0 else + # not exits return 10 fi else # low budget version, only works if given address is in equal form like "ip" displays - local testresult="`LC_ALL=C ip addr show dev $testdevice | grep inet6 | awk '{ print $2 }' | grep -i "^$testaddr/$testprefix$"`" + local testresult="`ipv6_exec_ip addr show dev $testdevice | LC_ALL=C grep inet6 | awk '{ print $2 }' | LC_ALL=C grep -i "^$testaddr/$testprefix$"`" if [ ! -z "$testresult" ]; then - return 11 + # exits + return 0 else + # not exits return 10 fi fi + + # Normally this lines not reached + return 3 +} + + +##### Test, whether an IPv6 address with given prefix exists on an interface +# $1: <Interface> : to test +# $2: <Prefix> +# return values: 0=ok (exists) 1=argument error 3=major problem 10=not exists +ipv6_test_addrprefix_exists_on_device() { + local fn="ipv6_test_addr_prefix_exists_on_device" + + local testdevice=$1 + local testaddrprefix=$2 + + if [ -z "$testdevice" ]; then + ipv6_log $"Missing parameter 'device' (arg 1)" err $fn + return 1 + fi + if [ -z "$testaddrprefix" ]; then + ipv6_log $"Missing parameter 'IPv6 address prefix' (arg 2)" err $fn + return 1 + fi + + ipv6_test testonly || return 2 + + # For the moment: low budget version, only works if given address is in equal form like "ip" displays + local testresult="`ipv6_exec_ip addr show dev $testdevice | LC_ALL=C grep inet6 | awk '{ print $2 }' | LC_ALL=C grep -i "^$testaddrprefix:"`" + if [ ! -z "$testresult" ]; then + # exists + return 0 + else + # not exists + return 10 + fi + + # Normally this lines not reached + return 3 } + ##### Interface configuration ## Add an IPv6 address for given interface -# $1: Interface -# $2: IPv6 address -ifup_ipv6_real() { +# $1: <Interface> +# $2: <IPv6 address> +# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem +ipv6_add_addr_on_device() { + local fn="ipv6_add_addr_on_device" + local device=$1 local address=$2 if [ -z "$device" ]; then - echo $"Missing parameter 'device' (arg 1)" - ifupdown_ipv6_usage + ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi if [ -z "$address" ]; then - echo $"Missing parameter 'IPv6-address' (arg 2)" - ifupdown_ipv6_usage + ipv6_log $"Missing parameter 'IPv6-address' (arg 2)" err $fn return 1 fi - test_ipv6 || return 2 + ipv6_test || return 2 + + ipv6_test_ipv6_addr_valid $address || return 1 - testipv6_valid $address || return 2 + ipv6_test_device_status $device + local result=$? - if test_interface_status $device; then + if [ "$result" = "0" ]; then true + elif [ "$result" != "11" ]; then + ipv6_log $"Device '$device' doesn't exist" err $fn + return 3 else - ifconfig $device up + ipv6_exec_ifconfig $device up if ! test_interface_status $device; then - echo $"Device '$device' enabling didn't work - FATAL ERROR!" - return 2 + ipv6_log $"Device '$device' enabling didn't work" err $fn + return 3 fi fi - # Extract address parts local prefixlength_implicit="`echo $address | awk -F/ '{ print $2 }'`" local address_implicit="`echo $address | awk -F/ '{ print $1 }'`" + # Check prefix length and using '64' as default + if [ -z "$prefixlength_implicit" ]; then + local prefixlength_implicit="64" + local address="$address_implicit/$prefixlength_implicit" + fi + # Only add if address does not already exist - test_ipv6_address_exists $device $address_implicit $prefixlength_implicit - retval=$? - if [ $retval -lt 10 ]; then - return 2 + ipv6_test_addr_exists_on_device $device $address_implicit $prefixlength_implicit + local result=$? + + if [ $result -ne 0 -a $result -ne 10 ]; then + return 3 fi - if [ $retval -eq 11 ]; then + if [ $result -eq 0 ]; then true else - ifconfig $device add $address || return 2 + ipv6_exec_ifconfig $device inet6 add $address || return 3 fi return 0 } -## Remove all IPv6 routes and addresses for given interface -# cleanup to prevent kernel crashes -# $1: Interface -ifdown_ipv6_real_all() { +## Remove all IPv6 routes and addresses on given interface (cleanup to prevent kernel crashes) +# $1: <Interface> +# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem +ipv6_cleanup_device() { + local fn="ipv6_cleanup_device" + local device=$1 if [ -z "$device" ]; then - echo $"Missing parameter 'device' (arg 1)" + ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi - test_ipv6 || return 2 - + ipv6_test testonly || return 2 # Remove all IPv6 routes through this device (but not "lo") - if [ "$device" != "lo" ]; then - ip -6 route flush dev $device >/dev/null 2>&1 - fi + if [ "$device" != "lo" ]; then + ipv6_exec_ip -6 route flush dev $device >/dev/null 2>&1 + fi # Remove all IPv6 addresses on this interface - ip -6 addr flush dev $device >/dev/null 2>&1 + ipv6_exec_ip -6 addr flush dev $device >/dev/null 2>&1 return 0 } ## Remove an IPv6 address on given interface -# $1: Interface -# $2: IPv6 address -ifdown_ipv6_real() { +# $1: <Interface> +# $2: <IPv6 address> +# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem +ipv6_del_addr_on_device() { + local fn="ipv6_del_addr_on_device" + local device=$1 local address=$2 if [ -z "$device" ]; then - echo $"Missing parameter 'device' (arg 1)" - ifupdown_ipv6_usage + ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi if [ -z "$address" ]; then - echo $"Missing parameter 'IPv6-address' (arg 2)" - ifupdown_ipv6_usage + ipv6_log $"Missing parameter 'IPv6 address' (arg 2)" err $fn return 1 fi - test_ipv6 || return 2 - - testipv6_valid $address || return 2 + ipv6_test testonly || return 2 + ipv6_test_ipv6_addr_valid $address || return 1 # Extract address parts local prefixlength_implicit="`echo $address | awk -F/ '{ print $2 }'`" local address_implicit="`echo $address | awk -F/ '{ print $1 }'`" + # Check prefix length and using '64' as default + if [ -z "$prefixlength_implicit" ]; then + local prefixlength_implicit="64" + local address="$address_implicit/$prefixlength_implicit" + fi + # Only remove, if address exists and is not link-local (prevents from kernel crashing) - test_ipv6_address_exists $device $address_implicit $prefixlength_implicit - local retval=$? - if [ $retval -lt 10 ]; then - return 2 + ipv6_test_addr_exists_on_device $device $address_implicit $prefixlength_implicit + local result=$? + + if [ $result -ne 0 -a $result -ne 10 ]; then + return 3 fi - if [ $retval -eq 11 ]; then - ifconfig $device del $address || return 2 + if [ $result -eq 0 ]; then + ipv6_exec_ifconfig $device inet6 del $address || return 3 else true fi @@ -612,15 +781,24 @@ ifdown_ipv6_real() { ##### Some address test functions -## Test a given IPv6 address for valid -# $1: IPv6 address -# Return code =0:valid 1:not valid 2:general problem -testipv6_valid() { - local testipv6addr_valid=$1 +## Test a given IPv6 address for validity +# $1: <IPv6 address> +# $2: [quiet] : (optional) don't display error message +# return code: 0=ok 1=argument error 10=not valid +ipv6_test_ipv6_addr_valid() { + local fn="ipv6_test_ipv6_addr_valid" + local testipv6addr_valid=$1 + local modequiet=$2 if [ -z "$testipv6addr_valid" ]; then - return 2 + return 1 + fi + if [ ! -z "$modequiet" ]; then + if [ "$modequiet" != "quiet" ]; then + ipv6_log $"Parameter '$modequiet' for 'quiet' mode is not valid (arg 2)" err $fn + return 1 + fi fi # Extract parts @@ -629,102 +807,166 @@ testipv6_valid() { if [ "$EXISTS_ipv6calc" = "yes" ]; then if ! ipv6calc --addr2uncompaddr $testipv6addr_valid >/dev/null 2>&1; then - echo $"Given IPv6 address '$testipv6addr_valid' is not valid" - return 1 + if [ "$modequiet" != "quiet" ]; then + ipv6_log $"Given IPv6 address '$testipv6addr_valid' is not valid" err $fn + fi + return 10 fi else # Test for a valid format - if ! echo "$address_implicit" | egrep -q '^[a-fA-F0-9:\.]*$'; then - echo $"Given IPv6 address '$testipv6addr_valid' is not valid" - return 1 + if ! echo "$address_implicit" | LC_ALL=C egrep -q '^[:xdigit:]|[:\.]*$'; then + if [ "$modequiet" != "quiet" ]; then + ipv6_log $"Given IPv6 address '$testipv6addr_valid' is not valid" err $fn + fi + return 10 fi fi # Test for prefix length if [ -z "$prefixlength_implicit" ]; then - if echo "$testipv6addr_valid" | grep "/$"; then + if echo "$testipv6addr_valid" | LC_ALL=C grep "/$"; then # Trailing "/", but no value - echo $"Missing 'prefix length' for given address '$testipv6addr_valid'" - return 1 + if [ "$modequiet" != "quiet" ]; then + ipv6_log $"Missing prefix length for given address '$testipv6addr_valid'" err $fn + fi + return 10 else return 0 fi elif [ $prefixlength_implicit -lt 0 -o $prefixlength_implicit -gt 128 ]; then - echo $"'prefix length' on given address '$testipv6addr_valid' is out of range (0-128)" - return 1 + if [ "$modequiet" != "quiet" ]; then + ipv6_log $"On given address '$testipv6addr_valid' the prefix length is out of range (valid: 0-128)" err $fn + fi + return 10 fi return 0 } +## Test a given IPv4 address for validity +# $1: <IPv4 address> +# $2: [quiet] : (optional) don't display error message +# return code: 0=ok 1=argument error 10=not valid +ipv6_test_ipv4_addr_valid() { + local fn="ipv6_test_ipv4_addr_valid" + + local testipv4addr_valid=$1 + local modequiet=$2 + + if [ -z "$testipv4addr_valid" ]; then + return 1 + fi + if [ ! -z "$modequiet" ]; then + if [ "$modequiet" != "quiet" ]; then + ipv6_log $"Parameter '$modequiet' for 'quiet' mode is not valid (arg 2)" err $fn + return 1 + fi + fi + + # Test for a valid format + if echo "$testipv4addr_valid" | LC_ALL=C egrep -q -v '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'; then + if [ "$modequiet" != "quiet" ]; then + ipv6_log $"Given IPv4 address '$testipv4addr_valid' has no proper format" err $fn + fi + return 10 + fi + + # Test for valid IPv4 address parts + local number1="`echo $testipv4addr_valid | awk -F. '{ print $1 }'`" + local number2="`echo $testipv4addr_valid | awk -F. '{ print $2 }'`" + local number3="`echo $testipv4addr_valid | awk -F. '{ print $3 }'`" + local number4="`echo $testipv4addr_valid | awk -F. '{ print $4 }'`" + local c=1 + for number in "$number1" "$number2" "$number3" "$number4"; do + if [ $number -lt 0 -o $number -gt 255 ]; then + if [ "$modequiet" != "quiet" ]; then + ipv6_log $"Part $c of given IPv4 address '$testipv4addr_valid' is out of range" err $fn + fi + return 10 + fi + local c=$[ $c + 1 ] + done + + return 0 +} ## Test a given IPv4 address for not a private but unicast one -# $1: IPv4 address -# Return code =0:ok 1:private or not unicast 2:general problem -testipv4_globalusable() { +# $1: <IPv4 address> +# return code: 0=ok 1=argument error 10=private or not unicast +ipv6_test_ipv4_addr_global_usable() { + local fn="ipv6_test_ipv4_addr_global_usable" + local testipv4addr_globalusable=$1 if [ -z "$testipv4addr_globalusable" ]; then - return 2 + return 1 fi - # Test for a globally usable IPv4 address now # test 0.0.0.0/8 - ipcalc --network $testipv4addr_globalusable 255.0.0.0 | grep -q "NETWORK=0\.0\.0\.0" && return 1 - # test 10.0.0.0/8 (private) - ipcalc --network $testipv4addr_globalusable 255.0.0.0 | grep -q "NETWORK=10\.0\.0\.0" && return 1 - # test 127.0.0.0/8 (loopback) - ipcalc --network $testipv4addr_globalusable 255.0.0.0 | grep -q "NETWORK=127\.0\.0\.0" && return 1 - # test 169.254.0.0/16 (DHCP link local) - ipcalc --network $testipv4addr_globalusable 255.255.0.0 | grep -q "NETWORK=169\.254\.0\.0" && return 1 - # test 172.16.0.0/12 (private) - ipcalc --network $testipv4addr_globalusable 255.240.0.0 | grep -q "NETWORK=172\.16\.0\.0" && return 1 - # test 192.168.0.0/16 (private) - ipcalc --network $testipv4addr_globalusable 255.255.0.0 | grep -q "NETWORK=192\.168\.0\.0" && return 1 - # test 224.0.0.0/3 (multicast and reserved, broadcast) - ipcalc --network $testipv4addr_globalusable 224.0.0.0 | grep -q "NETWORK=224\.0\.0\.0" && return 1 + ipcalc --network $testipv4addr_globalusable 255.0.0.0 | LC_ALL=C grep -q "NETWORK=0\.0\.0\.0" && return 10 + # test 10.0.0.0/8 (RFC 1918 / private) + ipcalc --network $testipv4addr_globalusable 255.0.0.0 | LC_ALL=C grep -q "NETWORK=10\.0\.0\.0" && return 10 + # test 127.0.0.0/8 (loopback) + ipcalc --network $testipv4addr_globalusable 255.0.0.0 | LC_ALL=C grep -q "NETWORK=127\.0\.0\.0" && return 10 + # test 169.254.0.0/16 (APIPA / DHCP link local) + ipcalc --network $testipv4addr_globalusable 255.255.0.0 | LC_ALL=C grep -q "NETWORK=169\.254\.0\.0" && return 10 + # test 172.16.0.0/12 (RFC 1918 / private) + ipcalc --network $testipv4addr_globalusable 255.240.0.0 | LC_ALL=C grep -q "NETWORK=172\.16\.0\.0" && return 10 + # test 192.168.0.0/16 (RFC 1918 / private) + ipcalc --network $testipv4addr_globalusable 255.255.0.0 | LC_ALL=C grep -q "NETWORK=192\.168\.0\.0" && return 10 + # test 224.0.0.0/3 (multicast and reserved, broadcast) + ipcalc --network $testipv4addr_globalusable 224.0.0.0 | LC_ALL=C grep -q "NETWORK=224\.0\.0\.0" && return 10 return 0 } ## Test a given device for status -# $1: device name -# Return code =0:UP 1:not UP 2:not exists -test_interface_status() { +# $1: <Interface> +# return code: 0=ok 1=argument error 10=not exists 11=down +ipv6_test_device_status() { + local fn="ipv6_test_device_status" + local device=$1 if [ -z "$device" ]; then - echo $"Missing parameter 'device'" - echo $"Usage: ifdown_ipv6to4_all interfacename" + ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi # Test if device exists - if ! LC_ALL=C ifconfig $device >/dev/null 2>&1 ; then - return 2 + if ! ipv6_exec_ifconfig $device >/dev/null; then + # not exists + return 10 fi # Test if device is up - if LC_ALL=C ifconfig $device 2>&1 | grep -q "UP "; then + if ipv6_exec_ifconfig $device | LC_ALL=C grep -q "UP "; then + # up return 0 else - return 1 + # down + return 11 fi } -## Build 6to4 prefix -# $1: IPv4 address -# RetVal: 6to4address -# Returncode 0=ok 1=failure 2=general problem -create6to4prefix() { +## Create 6to4 prefix +# $1: <IPv4 address> +# stdout: <6to4address> +# return code: 0=ok 1=argument error +ipv6_create_6to4_prefix() { + local fn="ipv6_create_6to4_prefix" + local ipv4addr=$1 + if [ -z "$ipv4addr" ]; then + ipv6_log $"Missing parameter 'IPv4 address' (arg 1)" stderr.err $fn + fi local major1="`echo $ipv4addr | awk -F. '{ print $1 }'`" local minor1="`echo $ipv4addr | awk -F. '{ print $2 }'`" @@ -732,7 +974,7 @@ create6to4prefix() { local minor2="`echo $ipv4addr | awk -F. '{ print $4 }'`" if [ -z "$major1" -o -z "$minor1" -o -z "$major2" -o -z "$minor2" ]; then - return 2 + return 1 fi if [ $major1 -eq 0 ]; then @@ -753,37 +995,77 @@ create6to4prefix() { } +## Check and create 6to4 tunnel relay address +# $1: <IPv4 address|IPv6to4 address> +# stdout: <tunnel relay address> +# return code: 0=ok 1=argument error +ipv6_create_6to4_relay_address() { + local fn="ipv6_create_6to4_relay_address" + + local addr=$1 + + if [ -z "$addr" ]; then + ipv6_log $"Missing parameter 'address' (arg 1)" stderr.err $fn + return 1 + fi + + # Check + if ipv6_test_ipv4_addr_valid $addr quiet; then + # ok, a IPv4 one + if ipv6_test_ipv4_addr_global_usable $addr; then + # IPv4 globally usable + local ipv6to4_relay="::$addr" + else + ipv6_log $"Given address '$addr' is not a global IPv4 one (arg 1)" stderr.err $fn + return 1 + fi + else + ipv6_log $"Given address '$addr' is not a valid IPv4 one (arg 1)" stderr.err $fn + return 1 + fi + + echo "$ipv6to4_relay" + + return 0 +} + + ##### 6to4 tunneling setup ## Configure 6to4 tunneling up -# $1: Interface (not needed - dummy) -# $2: global IPv4 address of local interface -# $3: IPv6 suffix for 6to4 prefix (optional, default is "1") -# ReturnCodes 0=ok 1=failure 2=general problem -ifup_ipv6to4() { - local device=$1 # dummy +# $1: <Interface> : only "tun6to4" is supported +# $2: <IPv4 address> : global address of local interface +# $3: [<IPv6 suffix>] : for 6to4 prefix (optional, default is "::1") +# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem +ipv6_add_6to4_tunnel() { + local fn="ipv6_add_6to4_tunnel" + + local device=$1 local localipv4=$2 local localipv6to4suffix=$3 if [ -z "$device" ]; then - echo $"Missing parameter 'device' (arg 1)" - ifupdown_ipv6to4_usage + ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi if [ -z "$localipv4" ]; then - echo $"Missing parameter 'local IPv4 address' (arg 2)" - ifupdown_ipv6to4_usage + ipv6_log $"Missing parameter 'local IPv4 address' (arg 2)" err $fn return 1 fi - test_ipv6 || return 2 + # Check device + if [ "$device" != "tun6to4" ]; then + ipv6_log $"Given device '$device' is not supported (arg 1)" err $fn + return 1 + fi + ipv6_test || return 2 # Generate 6to4 address - local prefix6to4="`create6to4prefix $localipv4`" + local prefix6to4="`ipv6_create_6to4_prefix $localipv4`" if [ $? -ne 0 -o -z "$prefix6to4" ]; then - return 2 + return 3 fi if [ -z "$localipv6to4suffix" ]; then @@ -792,69 +1074,76 @@ ifup_ipv6to4() { local address6to4="${prefix6to4}::${localipv6to4suffix}/16" fi - # Enable general IPv6-over-IPv4 tunneling - ifup_ipv6_autotunnel - - ifup_ipv6_real sit0 $address6to4 - if [ $? -ne 0 ]; then - return 2 - fi + ipv6_add_tunnel_device tun6to4 0.0.0.0 $address6to4 $ipv4addr + if [ $? -ne 0 ]; then + local retval=3 + else + local retval=0 + fi - return 0 + return $retval } ## Configure all 6to4 tunneling down -# $1: Interface (not needed - dummy) -# ReturnCodes 0=ok 1=failure 2=general problem -ifdown_ipv6to4_all() { - local device=$1 # dummy +# $1: <Interface> : only "tun6to4" is supported +# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem +ipv6_cleanup_6to4_tunnels() { + local fn="ipv6_cleanup_6to4_tunnels" + + local device=$1 if [ -z "$device" ]; then - echo $"Missing parameter 'device' (arg 1)" + ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi - test_ipv6 || return 2 - + # Check device + if [ "$device" != "tun6to4" ]; then + ipv6_log $"Given device '$device' is not supported (arg 1)" err $fn + return 1 + fi - # Get all configured 6to4 addresses and delete them - LC_ALL=C ip addr show dev sit0 | grep inet6 | awk '{ print $2 }' | grep "^2002:" | while read ipv6to4addr; do - ifdown_ipv6_real sit0 $ipv6to4addr - done + ipv6_test testonly || return 2 - # Try to disable general IPv6-over-IPv4 tunneling - ifdown_ipv6_autotunnel + ipv6_del_tunnel_device tun6to4 -} + return 0 +} ## Configure 6to4 tunneling down -# $1: Interface (not needed - dummy) -# $2: global IPv4 address of local interface -# ReturnCodes 0=ok 1=failure 2=general problem -ifdown_ipv6to4() { - local device=$1 # dummy +# $1: <Interface> : only "tun6to4" is supported +# $2: <IPv4 address> : global address of local interface +# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem +ipv6_del_6to4_tunnel() { + local fn="ipv6_del_6to4_tunnel" + + local device=$1 local localipv4=$2 if [ -z "$device" ]; then - echo $"Missing parameter 'device' (arg 1)" + ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi if [ -z "$localipv4" ]; then - echo $"Missing parameter 'local IPv4 address' (arg 2)" + ipv6_log $"Missing parameter 'local IPv4 address' (arg 2)" err $fn return 1 fi - test_ipv6 || return 2 + # Check device + if [ "$device" != "tun6to4" ]; then + ipv6_log $"Given device '$device' is not supported (arg 1)" err $fn + return 1 + fi + ipv6_test || return 2 # generate 6to4 address - local prefix6to4="`create6to4prefix $localipv4`" - echo $"Generated 6to4 prefix '$prefix6to4' from '$localipv4'" + local prefix6to4="`ipv6_create_6to4_prefix $localipv4`" if [ $? -ne 0 -o -z "$prefix6to4" ]; then - return 2 + return 3 fi if [ -z "$localipv6to4suffix" ]; then @@ -863,121 +1152,120 @@ ifdown_ipv6to4() { local address6to4="${prefix6to4}::${localipv6to4suffix}/16" fi - ifdown_ipv6_real sit0 $address6to4 - if [ $? -ne 0 ]; then - return 2 - fi - - # Try to disable general IPv6-over-IPv4 tunneling - ifdown_ipv6_autotunnel - if [ $? -ne 0 ]; then - return 2 - fi + ipv6_del_tunnel_device tun6to4 + local retval=$? - return 0 + return $retval } -##### static tunnel device configuration - ## Configure a static tunnel device up -# $1: Interface -# $2: IPv4 address of foreign tunnel -# $3: Local IPv6 address of a P-t-P tunnel (optional) -ifup_ipv6_tunneldev() { +# $1: <Interface> +# $2: <IPv4 address> : of foreign tunnel +# $3: [<IPv6 address>] : local one of a P-t-P tunnel (optional) +# $4: [<IPv4 address>] : local one of tunnel (optional) +# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem +ipv6_add_tunnel_device() { + local fn="ipv6_add_tunnel_device" + local device=$1 local addressipv4tunnel=$2 local addressipv6local=$3 - + local addressipv4tunnellocal=$4 + if [ -z "$device" ]; then - echo $"Missing parameter 'device' (arg 1)" + ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi if [ -z "$addressipv4tunnel" ]; then - echo $"Missing parameter 'IPv4-tunnel address' (arg 2)" + ipv6_log $"Missing parameter 'IPv4-tunnel address' (arg 2)" err $fn return 1 fi - test_ipv6 || return 2 - + if [ -z "$addressipv4tunnellocal" ]; then + local addressipv4tunnellocal="any" + fi + + ipv6_test || return 2 + if ! ipv6_test_device_status $device; then + local ttldefault="`ipv6_exec_sysctl net.ipv4.ip_default_ttl | awk '{ print $3 }'`" + if [ -z "$ttldefault" ]; then + local ttldefault=64 + fi - if ! test_interface_status $device; then - local ttldefault="`sysctl net.ipv4.ip_default_ttl | awk '{ print $3 }'`" - if [ -z "$ttldefault" ]; then - local ttldefault=64 - fi - - # Test whether remote IPv4 address was already applied to another tunnel (does not catch IPv4 addresses with leading 0's) - LC_ALL=C ip tunnel show | grep $addressipv4tunnel | while read dev type tag remote tag local tag ttl rest; do - local devnew="`echo $dev | sed 's/:$//g'`" - if [ "$remote" = "$addressipv4tunnel" ]; then - echo $"Given remote address '$addressipv4tunnel' on tunnel device '$device' is already configured on device '$devnew' - FATAL ERROR!" - return 2 - fi - done - if [ $? -ne 0 ]; then - return 2 + # Test whether remote IPv4 address was already applied to another tunnel (does not catch IPv4 addresses with leading 0's) + ipv6_exec_ip tunnel show 2>/dev/null | LC_ALL=C grep $addressipv4tunnel | while read dev type tag remote tag local tag ttl rest; do + local devnew="`echo $dev | sed 's/:$//g'`" + if [ "$remote" = "$addressipv4tunnel" ]; then + ipv6_log $"Given remote address '$addressipv4tunnel' on tunnel device '$device' is already configured on device '$devnew'" err $fn + return 3 fi + done + if [ $? -ne 0 ]; then + return 3 + fi - ip tunnel add $device mode sit ttl $ttldefault remote $addressipv4tunnel + ipv6_exec_ip tunnel add $device mode sit ttl $ttldefault remote $addressipv4tunnel local $addressipv4tunnellocal - # Test, whether "ip tunnel show" works without error - ip tunnel show $device >/dev/null 2>&1 - if [ $? -ne 0 ]; then - echo $"Tunnel device '$device' creation didn't work - ERROR!" - return 2 - fi + # Test, whether "ip tunnel show" works without error + ipv6_exec_ip tunnel show $device >/dev/null 2>&1 + if [ $? -ne 0 ]; then + ipv6_log $"Tunnel device '$device' creation didn't work" err $fn + return 3 + fi - # Test, whether "ip tunnel show" reports valid content - if ! ip tunnel show $device | grep -q "remote"; then - echo $"Tunnel device '$device' creation didn't work - ERROR!" - return 2 - fi + # Test, whether "ip tunnel show" reports valid content + if ! ipv6_exec_ip tunnel show $device | LC_ALL=C grep -q "remote"; then + ipv6_log $"Tunnel device '$device' creation didn't work" err $fn + return 3 + fi - ifconfig $device up + ipv6_exec_ifconfig $device up - if ! test_interface_status $device; then - echo $"Tunnel device '$device' bringing up didn't work - ERROR!" - return 2 - fi + if ! ipv6_test_device_status $device; then + ipv6_log $"Tunnel device '$device' bringing up didn't work" err $fn + return 3 + fi - # Set sysctls proper (regardless "default") - sysctl -w net.ipv6.conf.$device.forwarding=1 >/dev/null - sysctl -w net.ipv6.conf.$device.accept_ra=0 >/dev/null - sysctl -w net.ipv6.conf.$device.accept_redirects=0 >/dev/null + # Set sysctls proper (regardless "default") + ipv6_exec_sysctl -w net.ipv6.conf.$device.forwarding=1 >/dev/null + ipv6_exec_sysctl -w net.ipv6.conf.$device.accept_ra=0 >/dev/null + ipv6_exec_sysctl -w net.ipv6.conf.$device.accept_redirects=0 >/dev/null - if [ ! -z "$addressipv6local" ]; then - # Setup P-t-P address - ifup_ipv6_real $device $addressipv6local - if [ $? -ne 0 ]; then - return 2 - fi + if [ ! -z "$addressipv6local" ]; then + # Setup P-t-P address + ipv6_add_addr_on_device $device $addressipv6local + if [ $? -ne 0 ]; then + return 3 fi - else - false fi + else + false + fi return 0 } ## Configure a static tunnel device down -# $1: Interface -ifdown_ipv6_tunneldev() { +# $1: <Interface> +# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem +ipv6_del_tunnel_device() { + local fn="ipv6_del_tunnel_device" + local device=$1 if [ -z "$device" ]; then - echo $"Missing parameter 'device' (arg 1)" + ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi - test_ipv6 || return 2 + ipv6_test testonly || return 2 - - if test_interface_status $device; then - ifdown_ipv6_real_all $device + if ipv6_test_device_status $device; then + ipv6_cleanup_device $device else if [ "$device" != "sit0" ]; then false @@ -985,11 +1273,11 @@ ifdown_ipv6_tunneldev() { fi if [ "$device" != "sit0" ]; then - if ip tunnel | grep -q "^$device:" ; then - ip tunnel del $device + if ipv6_exec_ip tunnel 2>/dev/null | LC_ALL=C grep -q "^$device:" ; then + ipv6_exec_ip tunnel del $device - if test_interface_status $device; then - false + if ipv6_test_device_status $device; then + return 3 fi else false @@ -997,31 +1285,372 @@ ifdown_ipv6_tunneldev() { fi return 0 +} + + +## Cleanup all dedicated tunnel devices +ipv6_cleanup_tunnel_devices() { + local fn="ipv6_cleanup_tunnel_devices" + + ipv6_test testonly || return 2 + + # Find still existing tunnel devices and shutdown and delete them + + ipv6_exec_ip tunnel | grep "ipv6/ip" | awk -F: '{ print $1 }' | while read device; do + ipv6_del_tunnel_device $device + done + + return 0 +} + + +## Get address of a dedicated tunnel +# $1: <Interface> +# $2: local|remote : local or remote address +# stdout: <IPv4 address> if available +# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem +ipv6_get_ipv4addr_of_tunnel() { + local fn="ipv6_get_local_ipv4_of_tunnel" + + local device=$1 + local selection=$2 + + if [ -z "$device" ]; then + ipv6_log $"Missing parameter 'device' (arg 1)" stderr.err $fn + return 1 + fi + + if [ -z "$selection" ]; then + ipv6_log $"Missing parameter 'selection' (arg 2)" stderr.err $fn + return 1 + fi + if [ "$selection" != "local" -a "$selection" != "remote" ]; then + ipv6_log $"Unsupported selection '$selection' specified (arg 2)" stderr.err $fn + return 1 + fi + + ipv6_test testonly || return 2 + + ipv6_test_device_status $device + + if [ $? != 0 -a $? != 11 ]; then + # Device doesn't exist + return 3 + fi + + # Device exists, retrieve address + if [ "$selection" = "local" ]; then + local tunnel_local_ipv4addr="`ipv6_exec_ip tunnel show $device | awk '{ print $6 }'`" + elif [ "$selection" = "remote" ]; then + local tunnel_local_ipv4addr="`ipv6_exec_ip tunnel show $device | awk '{ print $4 }'`" + fi + + if [ $? != 0 ]; then + return 3 + fi + + if [ "$tunnel_local_ipv4addr" = "any" ]; then + local tunnel_local_ipv4addr="0.0.0.0" + fi + + echo "$tunnel_local_ipv4addr" + + return 0 +} + + +## Get IPv4 address of a device +# $1: <Interface> +# stdout: <IPv4 address> if available +# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem +ipv6_get_ipv4addr_of_device() { + local fn="ipv6_get_ipv4addr_of_device" + + local device=$1 + + if [ -z "$device" ]; then + ipv6_log $"Missing parameter 'device' (arg 1)" stderr.err $fn + return 1 + fi + + ipv6_test_device_status $device + + if [ $? != 0 -a $? != 11 ]; then + # Device doesn't exist + return 3 + fi + + # Device exists, retrieve address + local ipv4addr="`ipv6_exec_ip -4 addr show dev $device | grep -w "inet" | awk '{ print $2 }' | awk -F/ '{ print $1 }'`" + + if [ $? != 0 ]; then + return 3 + fi + + if [ "$ipv4addr" = "any" ]; then + local ipv4addr="0.0.0.0" + fi + + echo "$ipv4addr" + + return 0 } ## Set IPv6 MTU for a device -# $1: Interface -# $2: IPv6 MTU +# $1: <Interface> +# $2: <IPv6 MTU> +# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem ipv6_set_mtu() { + local fn="ipv6_set_mtu" + local device=$1 local ipv6_mtu=$2 if [ -z "$device" ]; then - echo $"Missing parameter 'device' (arg 1)" + ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi if [ -z "$ipv6_mtu" ]; then - echo $"Missing parameter 'IPv6 MTU' (arg 2)" + ipv6_log $"Missing parameter 'IPv6 MTU' (arg 2)" err $fn return 1 fi # Check range if [ $ipv6_mtu -lt 1280 -o $ipv6_mtu -gt 65535 ]; then - echo $"Given IPv6 MTU is out of range" + ipv6_log $"Given IPv6 MTU '$ipv6_mtu' is out of range" err $fn return 1 fi - sysctl -w net.ipv6.conf.$device.mtu=$ipv6_mtu >/dev/null + ipv6_test testonly || return 2 + + # Check whether key exists + ipv6_exec_sysctl net.ipv6.conf.$device.mtu=$ipv6_mtu >/dev/null 2>&1 + if [ $? -ne 0 ]; then + return 3 + fi + + # Set value + ipv6_exec_sysctl -w net.ipv6.conf.$device.mtu=$ipv6_mtu >/dev/null + + return 0 +} + + +## Set a default gateway +# $1: <IPv6 Address> : gateway, can also contain scope suffix (device name), cause a warning if not matching with $2 (but will have precedence) +# $2: <gateway device>: specified gateway device (has +# $3: <check device>: (optional) device to check scope and gateway device against (setup is skipped, if not matching) +# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem +ipv6_set_default_route() { + local fn="ipv6_set_default_route" + + local address=$1 + local device=$2 + local device_check=$3 + + ipv6_test testonly || return 2 + + # Map the unspecified address to nothing + if [ "$address" = "::" ]; then + local address="" + fi + + if [ ! -z "$address" ]; then + local addressgw=`echo $address | awk -F% '{ print $1 }'` + local device_scope=`echo $address | awk -F% '{ print $2 }'` + + if [ -z "$addressgw" ]; then + ipv6_log $"Given IPv6 default gateway '$address' is not in proper format" err $fn + return 3 + fi + + # Scope device has precedence + if [ ! -z "$device_scope" -a ! -z "$device" -a "$device_scope" != "$device" ]; then + ipv6_log $"Given IPv6 default gateway '$address' has scope '$device_scope' defined, given default gateway device '$device' will be not used" inf $fn + local device="" + fi + + # Link local addresses require a device + if echo $addressgw | LC_ALL=C grep -qi "^fe80:"; then + if [ -z "$device_scope" ]; then + if [ -z "$device" ]; then + ipv6_log $"Given IPv6 default gateway '$address' is link-local, but no scope or gateway device is specified" err $fn + return 3 + fi + fi + fi + + # Check whether the route belongs to the specific given interface + if [ ! -z "$device_check" ]; then + # Check whether scope device matches given check device + if [ ! -z "$device_scope" -a "$device_check" != "$device_scope" ]; then + # scope device != specific given -> skip + return 0 + elif [ ! -z "$device" -a "$device_check" != "$device" ]; then + # gateway device != specific given -> skip + return 0 + fi + fi + + # Set device now, if given + if [ -z "$device" ]; then + local device="$device_scope" + fi + + if [ -z "$device" ]; then + # Note: this can cause a warning and a not installed route, if given address is not reachable on the link + #ipv6_add_route ::/0 $addressgw + ipv6_add_route 2000::/3 $addressgw + else + #ipv6_add_route ::/0 $addressgw $device + ipv6_add_route 2000::/3 $addressgw $device + fi + elif [ ! -z "$device" ]; then + # Check whether the route belongs to the specific given interface + if [ ! -z "$device_check" -a "$device_check" != "$device" ]; then + # gateway device != specific given -> skip + return 0 + fi + + ipv6_test_route_requires_next_hop $device + local result=$? + + if [ $result = 0 ]; then + ipv6_log $"Given IPv6 default device '$device' requires an explicit nexthop" err $fn + return 3 + elif [ $result != 10 ]; then + ipv6_log $"Given IPv6 default device '$device' doesn't exist or isn't up" err $fn + return 3 + fi + + #ipv6_add_route ::/0 :: $device + ipv6_add_route 2000::/3 :: $device + else + ipv6_log $"No parameters given to setup a default route" err $fn + return 3 + fi + + return 0 +} + + +## Resolve need of explicit next hop for an interface +# $1: <Interface> +# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem 10=needs no explicit hop +ipv6_test_route_requires_next_hop() { + local fn="ipv6_test_route_requires_next_hop" + + local device=$1 + + if [ -z "$device" ]; then + ipv6_log $"Missing parameter 'device' (arg 1)" err $fn + return 1 + fi + + ipv6_test testonly || return 2 + + ipv6_test_device_status $device + + if [ $? != 0 ]; then + return 3 + fi + + if [ "$device" = "sit0" ]; then + return 10 + fi + + if ipv6_exec_ip link show $device | LC_ALL=C grep -q "POINTOPOINT"; then + return 10 + fi + + return 0 +} + + +## Trigger radvd +# $1: up|down : device reason for triggering (coming up or going down) +# $2: [startstop|restart|reload|SIGHUP] : triger mechanism (default is "SIGHUP") +# "startstop" : reason=up -> start, reason=down -> stop +# $3: [<filename>] : alternative pid file [optional] +# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem 10=need no explicit hop +ipv6_trigger_radvd() { + local fn="ipv6_trigger_radvd" + + local reason=$1 + local mechanism=$2 + local pidfile=$3 + + if [ -z "$reason" ]; then + ipv6_log $"No reason given for sending trigger to radvd" err $fn + return 1 + fi + + if [ "$reason" != "up" -a "$reason" != "down" ]; then + ipv6_log $"Unsupported reason '$reason' for sending trigger to radvd" err $fn + return 1 + fi + + if [ -z "$mechanism" ]; then + # Take default + local mechanism="SIGHUP" + fi + + if [ -z "$pidfile" ]; then + local pidfile="/var/run/radvd/radvd.pid" + fi + + # Print message and select action + case $mechanism in + 'startstop') + case $reason in + up) + local action="start" + ;; + down) + local action="stop" + ;; + esac + ;; + 'reload'|'restart'|'SIGHUP') + local action="$mechanism" + ;; + *) + ipv6_log $"Unsupported mechanism '$mechanism' for sending trigger to radvd" err $fn + return 3 + ;; + esac + + # PID file needed? + if [ "$action" = "SIGHUP" ]; then + if [ ! -f "$pidfile" ]; then + ipv6_log $"Given pidfile '$pidfile' doesn't exist, cannot send trigger to radvd" err $fn + return 3 + fi + + # Get PID + local pid="`cat $pidfile`" + if [ -z "$pid" ]; then + # pidfile empty - strange + ipv6_log $"Pidfile '$pidfile' is empty, cannot send trigger to radvd" err $fn + return 3 + fi + fi + + + # Do action + case $action in + 'SIGHUP') + kill -HUP $pid + ;; + 'reload'|'restart'|'stop'|'start') + service radvd $action >/dev/null 2>&1 + ;; + *) + # Normally not reached, "action" is set above to proper value + ;; + esac + + return 0 } |