aboutsummaryrefslogtreecommitdiffstats
path: root/sysconfig
diff options
context:
space:
mode:
authorBill Nottingham <notting@redhat.com>2001-07-11 05:23:56 +0000
committerBill Nottingham <notting@redhat.com>2001-07-11 05:23:56 +0000
commit3b86e2508b13f4bd6339f7be708a2cf1eab99a44 (patch)
tree9cab5aea5252b6fc072670e92fd2f07cede5ed9d /sysconfig
parentd4b006581428be84473825bf5d31ed81f6c4a647 (diff)
downloadinitscripts-3b86e2508b13f4bd6339f7be708a2cf1eab99a44.tar
initscripts-3b86e2508b13f4bd6339f7be708a2cf1eab99a44.tar.gz
initscripts-3b86e2508b13f4bd6339f7be708a2cf1eab99a44.tar.bz2
initscripts-3b86e2508b13f4bd6339f7be708a2cf1eab99a44.tar.xz
initscripts-3b86e2508b13f4bd6339f7be708a2cf1eab99a44.zip
big ipv6 update from Pekka Savola (<pekkas@netcore.fi>)
Diffstat (limited to 'sysconfig')
-rwxr-xr-xsysconfig/network-scripts/ifdown2
-rwxr-xr-xsysconfig/network-scripts/ifdown-ipv6106
-rwxr-xr-xsysconfig/network-scripts/ifdown-sit77
-rwxr-xr-xsysconfig/network-scripts/ifup7
-rwxr-xr-xsysconfig/network-scripts/ifup-ipv6221
-rwxr-xr-xsysconfig/network-scripts/ifup-sit67
-rwxr-xr-xsysconfig/network-scripts/init.ipv6-global188
-rw-r--r--sysconfig/network-scripts/network-functions-ipv6971
8 files changed, 1263 insertions, 376 deletions
diff --git a/sysconfig/network-scripts/ifdown b/sysconfig/network-scripts/ifdown
index c63864bb..1cd03d7c 100755
--- a/sysconfig/network-scripts/ifdown
+++ b/sysconfig/network-scripts/ifdown
@@ -48,7 +48,7 @@ fi
check_device_down ${DEVICE} && exit 0
if [ "${NETWORKING_IPV6}" = "yes" ]; then
- /etc/sysconfig/network-scripts/ifdown-ipv6 $DEVICE
+ /etc/sysconfig/network-scripts/ifdown-ipv6 ${CONFIG}
fi
retcode=0
diff --git a/sysconfig/network-scripts/ifdown-ipv6 b/sysconfig/network-scripts/ifdown-ipv6
index 45c7f24d..d111d1cb 100755
--- a/sysconfig/network-scripts/ifdown-ipv6
+++ b/sysconfig/network-scripts/ifdown-ipv6
@@ -6,9 +6,27 @@
# Taken from:
# (P) & (C) 2000-2001 by Peter Bieringer <pb@bieringer.de>
#
-# Version 2001-02-08
+# RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
+#
+# Version 2001-05-22d
+#
+# Uses following information from /etc/sysconfig/network:
+# NETWORKING_IPV6=yes|no: controls IPv6 initialization (global setting)
+#
+# Uses following information from /etc/sysconfig/network-scripts/ifcfg-$1:
+# IPV6INIT=yes|no: controls IPv6 configuration for this interface
+#
+# Optional for 6to4 tunneling:
+# IPV6TO4_RELAY=<ipv4address>: IPv4 address of the remote 6to4 relay
+# IPV6TO4_ROUTING="eth0-:f101::0/64 eth1-:f102::0/64": information to setup local subnetting
+# IPV6TO4_CONTROL_RADVD=yes|no: controls radvd triggering [optional]
+# IPV6TO4_RADVD_PIDFILE=file: PID file of radvd for sending signals, default is "/var/run/radvd/radvd.pid" [optional]
+#
+# Requirements for 6to4 if using radvd:
+# radvd-0.6.2p3 or newer supporting option "Base6to4Interface"
#
+
. /etc/sysconfig/network
cd /etc/sysconfig/network-scripts
@@ -18,42 +36,68 @@ CONFIG=$1
[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
source_config
-# Test if IPv6 configuration is enabled
-if [ ! "$IPV6INIT" = "yes" ]; then
- # not enabled, stop here
- exit 0
+# Test if IPv6 is globally enabled
+if [ ! "${NETWORKING_IPV6}" = "yes" ]; then
+ # Global IPv6 switch not enabled, end now
+ exit 0
+fi
+
+if [ ! -f /etc/sysconfig/network-scripts/network-functions-ipv6 ]; then
+ # IPv6 setup isn't well
+ exit 1
fi
-
-# Test if IPv6 is up
-if [ "${NETWORKING_IPV6}" = "yes" ]; then
- . /etc/sysconfig/network-scripts/network-functions-ipv6
+# Source IPv6 helper functions
+. /etc/sysconfig/network-scripts/network-functions-ipv6
+
+# IPv6 test, no module loaded, exit if system is not IPv6-ready
+test_ipv6 testonly || exit 0
- # Delete additional static IPv6 routes on specified interface
- if [ -f /etc/sysconfig/static-routes-ipv6 ]; then
- grep "^$DEVICE" /etc/sysconfig/static-routes-ipv6 | while read device args; do
- if [ "$device" = "$DEVICE" ]; then
- ifdown_ipv6_route $args $DEVICE
+
+# Switch some sysctls to secure mode
+sysctl -w net.ipv6.conf.$DEVICE.forwarding=0 >/dev/null
+sysctl -w net.ipv6.conf.$DEVICE.accept_ra=0 >/dev/null
+sysctl -w net.ipv6.conf.$DEVICE.accept_redirects=0 >/dev/null
+
+# Shutdown of 6to4, if configured
+valid6to4config="yes"
+if [ -z "$IPV6TO4_RELAY" ]; then
+ valid6to4config="no"
+fi
+if [ "$valid6to4config" = "yes" ]; then
+ if [ "$IPV6TO4_CONTROL_RADVD" = "yes" ]; then
+ # stop RADVD from distributing no longer usable 6to4 prefixes
+ if [ -z "$IPV6TO4_RADVD_PIDFILE" ]; then
+ # Take default
+ IPV6TO4_RADVD_PIDFILE="/var/run/radvd/radvd.pid"
+ fi
+ # Send SIGHUP to radvd
+ if [ -f "$IPV6TO4_RADVD_PIDFILE" ]; then
+ pid="`cat $IPV6TO4_RADVD_PIDFILE`"
+ if [ ! -z "$pid" ]; then
+ # still waiting for feature enabling: stopping distribution of prefixes in RADVD....
+ # kill -SOMETHING $pid
+ false
+ else
+ false
fi
- done
+ fi
fi
- # Switch off forwarding per device (packets received on this
- # interface aren't forwarded
- forwarding_ipv6 no $DEVICE
-
- # Delete additional IPv6 addresses from list
- if [ ! -z "$IPV6ADDR_SECONDARIES" ]; then
- for ipv6addr in $IPV6ADDR_SECONDARIES; do
- ifdown_ipv6_real $DEVICE $ipv6addr
+ if [ ! -z "$IPV6TO4_ROUTING" ]; then
+ # Delete routes to local networks
+ for devsuf in $IPV6TO4_ROUTING; do
+ dev="`echo $devsuf | awk -F- '{ print $1 }'`"
+ ifdown_ipv6_route_all $dev ::
done
fi
-
- # Shutdown basic configured IPv6 address on specified interface
- if ! [ -z "$IPV6ADDR" ]; then
- ifdown_ipv6_real $DEVICE $IPV6ADDR
- fi
- # Cleanup all IPv6 configuration on specified interface (prevents from kernel crashing)
- ifdown_ipv6_real_all $DEVICE
-fi
+ # Delete all static IPv6to4 routes
+ ifdown_ipv6_route_all sit0 ::$IPV6TO4_RELAY
+
+ # Delete all configured 6to4 address
+ ifdown_ipv6to4_all sit0
+fi
+
+# Delete all current configured IPv6 addresses on this interface
+ifdown_ipv6_real_all $DEVICE
diff --git a/sysconfig/network-scripts/ifdown-sit b/sysconfig/network-scripts/ifdown-sit
index a70d5169..a2a70c16 100755
--- a/sysconfig/network-scripts/ifdown-sit
+++ b/sysconfig/network-scripts/ifdown-sit
@@ -6,13 +6,24 @@
# Taken from:
# (P) & (C) 2000-2001 by Peter Bieringer <pb@bieringer.de>
#
-# Version 2001-02-08
+# RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
+#
+# Version 2001-05-22d
+#
+# Uses following information from /etc/sysconfig/network:
+# NETWORKING_IPV6=yes|no: controls IPv6 initialization (global setting)
+#
+# Uses following information from "/etc/sysconfig/network-scripts/ifcfg-$1":
+# For static tunnels
+# IPV6TUNNELIPV4="<ipv4 address of foreign tunnel endpoint>"
+# IPV6ADDR=<ipv6address>/<prefixlength> [OPTIONAL: numbered tunnels]
#
-# Filter tags (for stripping, empty lines following if all is stripped)
+# Get global network configuration
. /etc/sysconfig/network
+# Source IPv4 helper functions
cd /etc/sysconfig/network-scripts
. network-functions
@@ -20,33 +31,43 @@ CONFIG=$1
[ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
source_config
-# Test if IPv6 configuration is enabled for this interface
-if [ ! "$IPV6INIT" = "yes" ]; then
- # not enabled, stop here
- exit 0
-fi
-
# Test if IPv6 is up
-if [ "${NETWORKING_IPV6}" = "yes" ]; then
-
- . /etc/sysconfig/network-scripts/network-functions-ipv6
-
- # Delete IPv6-in-IPv4 tunnel(s)
- if [ "$DEVICE" = "sit0" ]; then
- ifdown_ipv6_autotunnel
- elif [ ! -z "$IPV6TUNNELIPV4" ]; then
- # Delete static IPv6 tunnel routes on specified virtual interface
- if [ -f /etc/sysconfig/static-routes-ipv6 ]; then
- grep "^$DEVICE" /etc/sysconfig/static-routes-ipv6 | while read device ipv6route args; do
- if [ "$device" = "$DEVICE" ]; then
- ifdown_ipv6_tunnel $DEVICE $IPV6TUNNELIPV4 $ipv6route
- fi
- done
+if [ ! "${NETWORKING_IPV6}" = "yes" ]; then
+ # Global IPv6 switch not enabled, end now
+ exit 0
+fi
+
+if [ ! -f /etc/sysconfig/network-scripts/network-functions-ipv6 ]; then
+ # IPv6 setup isn't well
+ exit 1
+fi
+
+# Source IPv6 helper functions
+. /etc/sysconfig/network-scripts/network-functions-ipv6
+
+# IPv6 test, no module loaded, exit if system is not IPv6-ready
+test_ipv6 testonly || exit 0
+
+# Delete IPv6-in-IPv4 tunnel(s)
+if [ "$DEVICE" = "sit0" ]; then
+ ifdown_ipv6_autotunnel
+elif [ ! -z "$IPV6TUNNELIPV4" ]; then
+ if [ "$IPV6_TUNNELMODE" = "NBMA" ]; then
+ if [ ! -z "$IPV6ADDR" ]; then
+ # Numbered tunnel
+ ifdown_ipv6_real sit0 $IPV6ADDR
fi
- if [ ! -z "$IPV6ADDR" ]; then
- # Numbered tunnel
- ifdown_ipv6_real sit0 $IPV6ADDR
+ # Cleanup all IPv6 tunnel configuration on specified interface and shut down sit0, if no longer used
+ ifdown_ipv6_tunnel_all $DEVICE $IPV6TUNNELIPV4
+
+ elif [ -z "$IPV6_TUNNELMODE" -o "$IPV6_TUNNELMODE" = "IP" ]; then
+ # Delete all IPv6 routes and addresses
+ ifdown_ipv6_real_all $DEVICE
+
+ # Shut down tunnel device
+ ifdown_ipv6_tunneldev $DEVICE
+ else
+ echo $"Tunnel creation mode '$IPV6_TUNNELMODE' not supported - skip!"
fi
- fi
-fi
+fi
diff --git a/sysconfig/network-scripts/ifup b/sysconfig/network-scripts/ifup
index 6a418d40..214f42ea 100755
--- a/sysconfig/network-scripts/ifup
+++ b/sysconfig/network-scripts/ifup
@@ -167,7 +167,7 @@ if [ -n "${DYNCONFIG}" ]; then
if [ -x /sbin/dhcpcd ] && /sbin/dhcpcd ${DHCPCDARGS} ${DEVICE} ; then
echo $" done."
- elif [ -x /sbin/pump ] && /sbin/pump ${PUMPARGS} -i ${DEVICE} ; then
+ elif [ -x /sbin/pump ] && /sbin/pump ${PUMPARGS} -i ${DEVICE}; then
echo $" done."
else
echo $" failed."
@@ -180,6 +180,9 @@ else
if [ -z "${IPADDR}" ]; then
# enable device without IP, useful for e.g. PPPoE
ip link set ${DEVICE} up
+ if [ "${NETWORKING_IPV6}" = "yes" ]; then
+ /etc/sysconfig/network-scripts/ifup-ipv6 ${CONFIG}
+ fi
exec /etc/sysconfig/network-scripts/ifup-post ${CONFIG} ${2}
fi
@@ -246,7 +249,7 @@ fi
# IPv6 initialisation?
if [ "${NETWORKING_IPV6}" = "yes" ]; then
- /etc/sysconfig/network-scripts/ifup-ipv6 $DEVICE
+ /etc/sysconfig/network-scripts/ifup-ipv6 ${CONFIG}
fi
exec /etc/sysconfig/network-scripts/ifup-post ${CONFIG} ${2}
diff --git a/sysconfig/network-scripts/ifup-ipv6 b/sysconfig/network-scripts/ifup-ipv6
index 4ee50e1e..b8a5c71c 100755
--- a/sysconfig/network-scripts/ifup-ipv6
+++ b/sysconfig/network-scripts/ifup-ipv6
@@ -6,13 +6,40 @@
# Taken from:
# (P) & (C) 2000-2001 by Peter Bieringer <pb@bieringer.de>
#
-# Version 2001-03-03
+# RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
+#
+# Version 2001-05-22d
+#
+# Uses following information from "/etc/sysconfig/network":
+# NETWORKING_IPV6=yes|no: controls IPv6 initialization (global setting)
+#
+# Uses following information from "/etc/sysconfig/network-scripts/ifcfg-$1":
+# IPV6INIT=yes|no: controls IPv6 configuration for this interface
+# IPV6ADDR=<ipv6address>/<prefixlength>: specify primary static IPv6 address here
+# IPV6ADDR_SECONDARIES="<list of ipv6 addresses>" [optional]
+# IPV6_ROUTER=yes|no: controls IPv6 autoconfiguration (no: multi-homed interface without routing)
+# IPV6_AUTOCONF=yes|no: controls IPv6 autoconfiguration
+# defaults:
+# IPV6FORWARDING=yes: IPV6_AUTOCONF=no, IPV6_ROUTER=yes
+# IPV6FORWARDING=no: IPV6_AUTOCONF=yes
+#
+# Optional for 6to4 tunneling:
+# IPV6TO4INIT=yes|no: controls 6to4 tunneling setup
+# IPV6TO4_RELAY=<ipv4address>: IPv4 address of the remote 6to4 relay
+# IPV6TO4_IPV4ADDR=<ipv6address>: overwrite local IPv4 address [optional]
+# IPV6TO4_ROUTING="eth0-:f101::0/64 eth1-:f102::0/64": information to setup local subnetting
+# IPV6TO4_CONTROL_RADVD=yes|no: controls radvd triggering [optional]
+# IPV6TO4_RADVD_PIDFILE=file: PID file of radvd for sending signals, default is "/var/run/radvd/radvd.pid" [optional]
+#
+# Requirements for 6to4 if using radvd:
+# radvd-0.6.2p3 or newer supporting option "Base6to4Interface"
#
-# Filter tags (for stripping, empty lines following if all is stripped)
+# Get global network configuration
. /etc/sysconfig/network
+# Source IPv4 helper functions
cd /etc/sysconfig/network-scripts
. network-functions
@@ -27,43 +54,171 @@ if [ ! "$IPV6INIT" = "yes" ]; then
fi
# Test if IPv6 is up
-if [ "${NETWORKING_IPV6}" = "yes" ]; then
+if [ ! "${NETWORKING_IPV6}" = "yes" ]; then
+ # Global IPv6 switch not enabled, end now
+ exit 0
+fi
+
+if [ ! -f /etc/sysconfig/network-scripts/network-functions-ipv6 ]; then
+ # IPv6 setup isn't well
+ exit 1
+fi
- . /etc/sysconfig/network-scripts/network-functions-ipv6
+# Source IPv6 helper functions
+. /etc/sysconfig/network-scripts/network-functions-ipv6
+
+# IPv6 test, module loaded, exit if system is not IPv6-ready
+test_ipv6 || exit 1
- # Run basic IPv6 test (and make sure the ipv6 module will be loaded)
- test_ipv6 || exit 0
- # Setup IPv6 address on specified interface
- if ! [ -z "$IPV6ADDR" ]; then
- ifup_ipv6_real $DEVICE $IPV6ADDR
+# Setup IPv6 address on specified interface
+if ! [ -z "$IPV6ADDR" ]; then
+ ifup_ipv6_real $DEVICE $IPV6ADDR
+fi
+
+# Get current global IPv6 forwarding
+ipv6_global_forwarding_current="`sysctl -n net.ipv6.conf.all.forwarding`"
+
+# Set some proc switches depending on defines
+if [ "$IPV6FORWARDING" = "yes" ]; then
+ # Global forwarding should be enabled
+
+ # Check, if global IPv6 forwarding was already set by global script
+ if [ $ipv6_global_forwarding_current -ne 1 ]; then
+ # Forwarding enabled, but not set, display warning
+ echo $"Global IPv6 forwarding is enabled in configuration, but not currently enabled in kernel"
+ echo $"Please restart network with '/etc/rc.d/init.d/network restart'"
fi
-
- # Switch forwarding per device like defined
- # Packets received on selected interface are forwarded
- if ! [ -z "$IPV6FORWARDING" ]; then
- if [ "$IPV6FORWARDING" = "yes" ]; then
- forwarding_ipv6 yes $DEVICE
- # also for all (otherwise, nothing is forwarded)
- forwarding_ipv6 yes
- else
- forwarding_ipv6 no $DEVICE
- fi
+
+ ipv6_local_forwarding=1
+ ipv6_local_auto=0
+ if [ "$IPV6_ROUTER" = "no" ]; then
+ # Interface should not act as a Router
+ ipv6_local_forwarding=0
fi
-
- # Setup additional IPv6 addresses from list
- if [ ! -z "$IPV6ADDR_SECONDARIES" ]; then
- for ipv6addr in $IPV6ADDR_SECONDARIES; do
- ifup_ipv6_real $DEVICE $ipv6addr
- done
+ if [ "$IPV6_AUTOCONF" = "yes" ]; then
+ # Interface should be autoconfigured
+ ipv6_local_auto=1
+ fi
+else
+ # Global forwarding should be disabled
+
+ # Check, if global IPv6 forwarding was already set by global script
+ if [ $ipv6_global_forwarding_current -ne 0 ]; then
+ # Forwarding disabled, but not set, display warning
+ echo $"Global IPv6 forwarding is disabled in configuration, but not currently disabled in kernel"
+ echo $"Please restart network with '/etc/rc.d/init.d/network restart'"
fi
- # Setup additional static IPv6 routes on specified interface
- if [ -f /etc/sysconfig/static-routes-ipv6 ]; then
- grep "^$DEVICE" /etc/sysconfig/static-routes-ipv6 | while read device args; do
- if [ "$device" = "$DEVICE" ]; then
- ifup_ipv6_route $args $DEVICE
+ ipv6_local_forwarding=0
+ ipv6_local_auto=1
+ if [ "$IPV6_AUTOCONF" = "no" ]; then
+ # Interface should not be autoconfigured
+ ipv6_local_auto=0
+ fi
+fi
+sysctl -w net.ipv6.conf.$DEVICE.forwarding=$ipv6_local_forwarding >/dev/null
+sysctl -w net.ipv6.conf.$DEVICE.accept_ra=$ipv6_local_auto >/dev/null
+sysctl -w net.ipv6.conf.$DEVICE.accept_redirects=$ipv6_local_auto >/dev/null
+
+# Setup additional IPv6 addresses from list
+if [ ! -z "$IPV6ADDR_SECONDARIES" ]; then
+ for ipv6addr in $IPV6ADDR_SECONDARIES; do
+ ifup_ipv6_real $DEVICE $ipv6addr
+ done
+fi
+
+# Setup additional static IPv6 routes on specified interface
+if [ -f /etc/sysconfig/static-routes-ipv6 ]; then
+ grep "^$DEVICE\W" /etc/sysconfig/static-routes-ipv6 | while read device args; do
+ if [ "$device" = "$DEVICE" ]; then
+ ifup_ipv6_route $args $DEVICE
+ fi
+ done
+fi
+
+# Setup of 6to4, if configured
+if [ "$IPV6TO4INIT" = "yes" ]; then
+ valid6to4config="yes"
+ if [ ! -z "$IPV6TO4_IPV4ADDR" ]; then
+ # Take special configured from config file (precedence 1)
+ ipv4addr="$IPV6TO4_IPV4ADDR"
+ else
+ # Get IPv4 address from interface first (has precedence 2)
+ ipv4addr="`LC_ALL=C ifconfig $DEVICE |grep "inet addr:" | tr : " " | awk '{ print $3 }'`"
+ if [ -z "$ipv4addr" ]; then
+ # Take configured from config file (precedence 3)
+ ipv4addr="$IPADDR"
+ fi
+ fi
+ if [ ! -z "$ipv4addr" ]; then
+ # Test for non-global IPv4 address
+ if ! testipv4_globalusable $ipv4addr; then
+ echo $"Given IPv4 address $ipv4addr is not a globally usable one, 6to4 configuration is not valid!"
+ valid6to4config="no"
+ fi
+ if [ -z "$IPV6TO4_RELAY" ]; then
+ echo $"IPv6to4 configuration needs an IPv6to4 relay address, 6to4 configuration is not valid!"
+ valid6to4config="no"
+ fi
+ if [ "$valid6to4config" = "yes" ]; then
+ if ! testipv4_globalusable $IPV6TO4_RELAY; then
+ echo $"Given IPv4 address of relay is not a globally usable one, 6to4 configuration is not valid!"
+ valid6to4config="no"
fi
- done
+ fi
+ else
+ echo $"IPv6to4 configuration needs an IPv4 address on related interface or extra specified, 6to4 configuration is not valid!"
+ valid6to4config="no"
fi
-fi
+ if [ "$valid6to4config" = "yes" ]; then
+ ifup_ipv6to4 $DEVICE $ipv4addr
+ if [ -f /etc/sysconfig/static-routes-ipv6 ]; then
+ grep "^sit0" /etc/sysconfig/static-routes-ipv6 | while read device args; do
+ if [ "$device" = "sit0" ]; then
+ ifup_ipv6_route $args ::$IPV6TO4_RELAY sit0
+ fi
+ done
+ fi
+
+ if [ "$IPV6TO4_CONTROL_RADVD" = "yes" ]; then
+ # RADVD is in use, so forwarding of IPv6 packets should be enabled
+ if [ $ipv6_global_forwarding_current -ne 1 ]; then
+ # Forwarding not set, display warning
+ echo $"Using 6to4 and RADVD IPv6 forwarding usually should be enabled, but it isn't!"
+ fi
+
+ if [ -z "$IPV6TO4_RADVD_PIDFILE" ]; then
+ # Take default
+ IPV6TO4_RADVD_PIDFILE="/var/run/radvd/radvd.pid"
+ fi
+
+ # Send SIGHUP to radvd
+ if [ -f "$IPV6TO4_RADVD_PIDFILE" ]; then
+ pid="`cat $IPV6TO4_RADVD_PIDFILE`"
+ if [ ! -z "$pid" ]; then
+ echo $"Trigger RADVD for IPv6to4 prefix recalculation"
+ kill -HUP $pid
+ else
+ false
+ fi
+ fi
+ if [ ! -z "$IPV6TO4_ROUTING" ]; then
+ # Generate 6to4 address
+ ipv6to4prefix="`create6to4prefix $ipv4addr`"
+ if [ ! -z "$ipv6to4prefix" ]; then
+ # Add route to local networks
+ for devsuf in $IPV6TO4_ROUTING; do
+ dev="`echo $devsuf | awk -F- '{ print $1 }'`"
+ suf="`echo $devsuf | awk -F- '{ print $2 }'`"
+ ifup_ipv6_route ${ipv6to4prefix}$suf :: $dev
+ done
+ else
+ echo $"Error occured while calculating the IPv6to4 prefix"
+ fi
+ else
+ echo $"RADVD control enabled, but config is not complete!"
+ fi
+ fi
+ fi
+fi
diff --git a/sysconfig/network-scripts/ifup-sit b/sysconfig/network-scripts/ifup-sit
index ff92aba1..baf78a66 100755
--- a/sysconfig/network-scripts/ifup-sit
+++ b/sysconfig/network-scripts/ifup-sit
@@ -6,13 +6,27 @@
# Taken from:
# (P) & (C) 2000-2001 by Peter Bieringer <pb@bieringer.de>
#
-# Version 2001-03-03
+# RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
+#
+# Version 2001-05-22d
+#
+# Uses following information from "/etc/sysconfig/network":
+# NETWORKING_IPV6=yes|no: controls IPv6 initialization (global setting)
+#
+# Uses following information from "/etc/sysconfig/network-scripts/ifcfg-$1":
+# IPV6INIT=yes|no: controls IPv6 configuration for this interface
+# IPV6_TUNNELMODE=IP|NBMA: mode of tunnel creation [default: IP]
+#
+# For static tunnels
+# IPV6TUNNELIPV4="<ipv4 address of foreign tunnel endpoint>"
+# IPV6ADDR=<ipv6address>/<prefixlength> [OPTIONAL: numbered tunnels]
#
-# Filter tags (for stripping, empty lines following if all is stripped)
+# Get global network configuration
. /etc/sysconfig/network
+# Source IPv4 helper functions
cd /etc/sysconfig/network-scripts
. network-functions
@@ -22,22 +36,32 @@ source_config
# Test if IPv6 configuration is enabled for this interface
if [ ! "$IPV6INIT" = "yes" ]; then
- # not enabled, stop here
exit 0
fi
# Test if IPv6 is up
-if [ "${NETWORKING_IPV6}" = "yes" ]; then
-
- . /etc/sysconfig/network-scripts/network-functions-ipv6
+if [ ! "${NETWORKING_IPV6}" = "yes" ]; then
+ exit 0
+fi
+
+if [ ! -f /etc/sysconfig/network-scripts/network-functions-ipv6 ]; then
+ # IPv6 setup isn't well
+ exit 1
+fi
- # Run basic IPv6 test (and make sure the ipv6 module will be loaded)
- test_ipv6 || exit 0
+# Source IPv6 helper functions
+. /etc/sysconfig/network-scripts/network-functions-ipv6
- # Setup IPv6-in-IPv4 tunnel(s)
- if [ "$DEVICE" = "sit0" ]; then
- ifup_ipv6_autotunnel
- elif [ ! -z "$IPV6TUNNELIPV4" ]; then
+# IPv6 test, module loaded, exit if system is not IPv6-ready
+test_ipv6 || exit 1
+
+# Setup IPv6-in-IPv4 tunnel(s)
+if [ "$DEVICE" = "sit0" ]; then
+ ifup_ipv6_autotunnel || exit 1
+
+elif [ ! -z "$IPV6TUNNELIPV4" ]; then
+ if [ "$IPV6_TUNNELMODE" = "NBMA" ]; then
+ # NBMA-styled tunneling
if [ ! -z "$IPV6ADDR" ]; then
# Numbered tunnel
ifup_ipv6_real sit0 $IPV6ADDR
@@ -51,5 +75,22 @@ if [ "${NETWORKING_IPV6}" = "yes" ]; then
fi
done
fi
+ elif [ -z "$IPV6_TUNNELMODE" -o "$IPV6_TUNNELMODE" = "IP" ]; then
+ ifup_ipv6_tunneldev $DEVICE $IPV6TUNNELIPV4 || exit 1
+
+ if [ ! -z "$IPV6ADDR" ]; then
+ # Numbered tunnel
+ ifup_ipv6_real $DEVICE $IPV6ADDR
+ fi
+
+ if [ -f /etc/sysconfig/static-routes-ipv6 ]; then
+ grep "^$DEVICE\W" /etc/sysconfig/static-routes-ipv6 | while read device ipv6route args; do
+ if [ "$device" = "$DEVICE" ]; then
+ ifup_ipv6_route $ipv6route :: $DEVICE
+ fi
+ done
+ fi
+ else
+ echo $"Tunnel creation mode '$IPV6_TUNNELMODE' not supported - skip!"
fi
-fi
+fi
diff --git a/sysconfig/network-scripts/init.ipv6-global b/sysconfig/network-scripts/init.ipv6-global
new file mode 100755
index 00000000..da46d4ba
--- /dev/null
+++ b/sysconfig/network-scripts/init.ipv6-global
@@ -0,0 +1,188 @@
+#!/bin/sh
+#
+# init.ipv6-global
+#
+#
+# Taken from:
+# (P) & (C) 2001 by Peter Bieringer <pb@bieringer.de>
+#
+# RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
+#
+# Version 2001-05-22d
+#
+# Calling parameters:
+# $1: action (currently supported: start|stop|showsysctl)
+# $2: position for start|stop (currently supported: pre|post)
+#
+# Called by hooks from /etc/rc.d/init.d/network
+#
+# Uses following information from /etc/sysconfig/network:
+# NETWORKING_IPV6=yes|no: controls global IPv6 initialization (default: no)
+# IPV6FORWARDING=yes|no: controls global IPv6 forwarding (default: no)
+# IPV6AUTOCONF=yes|no: controls global automatic IPv6 configuration
+# (default: yes if IPV6FORWARDING=no, no if IPV6FORWARDING=yes)
+# IPV6_AUTOTUNNEL=yes|no: controls automatic IPv6 tunneling (default: no)
+#
+
+
+
+# Get global network configuration
+. /etc/sysconfig/network
+
+# Source IPv4 helper functions
+cd /etc/sysconfig/network-scripts
+. network-functions
+
+# Get action and hook position
+ACTION="$1"
+POSITION="$2"
+
+# Test for IPv6 enabling
+if [ ! "${NETWORKING_IPV6}" = "yes" ]; then
+ exit 0
+fi
+
+if [ ! -f /etc/sysconfig/network-scripts/network-functions-ipv6 ]; then
+ exit 1
+fi
+
+# Source IPv6 helper functions
+. /etc/sysconfig/network-scripts/network-functions-ipv6
+
+# Initialize IPv6, depending on caller option
+case $ACTION in
+ start)
+ case $POSITION in
+ pre)
+ # IPv6 test, module loaded, exit if system is not IPv6-ready
+ test_ipv6 || exit 1
+
+
+ if [ "$IPV6FORWARDING" = "yes" ]; then
+ ipv6_global_forwarding=1
+ ipv6_global_auto=0
+ else
+ ipv6_global_forwarding=0
+ if [ "$IPV6AUTO" = "no" ]; then
+ ipv6_global_auto=0
+ else
+ ipv6_global_auto=1
+ fi
+ fi
+
+ # Reset IPv6 sysctl switches for "all", "default" and still existing devices
+ for i in /proc/sys/net/ipv6/conf/*; do
+ if [ ! -d $i ]; then
+ continue
+ fi
+ interface="`echo $i | awk -F/ '{ print $NF}'`"
+ # Host/Router behaviour for the interface
+ sysctl -w net.ipv6.conf.$interface.forwarding=$ipv6_global_forwarding >/dev/null
+
+ # Autoconfiguration and redirect handling for Hosts
+ sysctl -w net.ipv6.conf.$interface.accept_ra=$ipv6_global_auto >/dev/null
+ sysctl -w net.ipv6.conf.$interface.accept_redirects=$ipv6_global_auto >/dev/null
+ done
+
+ if [ "$IPV6_AUTOTUNNEL" = "yes" ]; then
+ ifup_ipv6_autotunnel
+ fi
+ ;;
+
+ post)
+ # IPv6 test, module loaded, exit if system is not IPv6-ready
+ test_ipv6 || exit 1
+
+
+ ## Add some routes which should never appear on the wire
+ # Unreachable IPv4-only addresses, normally blocked by source address selection
+ ip route add unreach ::ffff:0.0.0.0/96
+ # Unreachable IPv4-mapped addresses
+ ip route add unreach ::0.0.0.0/96
+ # Unreachable 6to4: IPv4 multicast, reserved, limited broadcast
+ ip route add unreach 2002:e000::/19
+ # Unreachable 6to4: IPv4 loopback
+ ip route add unreach 2002:7f00::/24
+ # Unreachable 6to4: IPv4 private (RFC1918)
+ ip route add unreach 2002:0a00::/24
+ ip route add unreach 2002:ac10::/28
+ ip route add unreach 2002:c0a8::/32
+ # Unreachable 6to4: IPv4 private (DHCP link-local)
+ ip route add unreach 2002:a9fe::/32
+ ;;
+
+ *)
+ echo "Usage: $0 $1 {pre|post}"
+ ;;
+
+ esac
+ ;;
+
+ stop)
+ case $POSITION in
+ pre)
+ # IPv6 test, no module loaded, exit if system is not IPv6-ready
+ test_ipv6 testonly || exit 0
+
+
+ ;;
+
+ post)
+ # IPv6 test, no module loaded, exit if system is not IPv6-ready
+ test_ipv6 testonly || exit 0
+
+
+ for i in /proc/sys/net/ipv6/conf/*; do
+ if [ ! -d $i ]; then
+ continue
+ fi
+ interface="`echo $i | awk -F/ '{ print $NF}'`"
+ # Assume Host behaviour
+ sysctl -w net.ipv6.conf.$interface.forwarding=0 >/dev/null
+
+ # Disable autoconfiguration and redirects
+ sysctl -w net.ipv6.conf.$interface.accept_ra=0 >/dev/null
+ sysctl -w net.ipv6.conf.$interface.accept_redirects=0 >/dev/null
+ done
+
+ # Find still existing tunnel devices and shutdown and delete them
+ LC_ALL=C ip tunnel | grep "ipv6/ip" | awk -F: '{ print $1 }' | while read device; do
+ ifdown_ipv6_tunneldev $device
+ done
+
+ ;;
+
+ *)
+ echo "Usage: $0 $1 {pre|post}"
+ ;;
+
+ esac
+ ;;
+
+ restart|reload)
+ # do nothing, will be handled by main script
+ ;;
+
+ showsysctl)
+ # Run only basic tests, no module is loaded, if not ok, skip IPv6 initialization
+ test_ipv6 testonly || exit 0
+
+ # Show sysctl switches
+ for i in /proc/sys/net/ipv6/conf/default/*; do
+ if [ ! -f $i ]; then continue; fi
+ switch="`echo $i | awk -F/ '{ print $NF}'`"
+ for j in /proc/sys/net/ipv6/conf/*; do
+ if [ ! -d $j ]; then continue; fi
+ interface="`echo $j | awk -F/ '{ print $NF}'`"
+ sysctl net.ipv6.conf.$interface.$switch
+ done
+ echo
+ done
+ ;;
+
+ *)
+ echo "Usage: $0 {start|stop|showsysctl}"
+ exit 1
+ ;;
+
+esac
diff --git a/sysconfig/network-scripts/network-functions-ipv6 b/sysconfig/network-scripts/network-functions-ipv6
index f9f87d29..6b4441a8 100644
--- a/sysconfig/network-scripts/network-functions-ipv6
+++ b/sysconfig/network-scripts/network-functions-ipv6
@@ -5,16 +5,12 @@
# Taken from:
# (P) & (C) 1997-2001 by Peter Bieringer <pb@bieringer.de>
#
-# Version: 2001-03-03b
+# Version: 2001-05-22d
#
# Extended address detection is enabled, if 'ipv6calc' is installed
# Available here: http://www.bieringer.de/linux/IPv6/tools/index.html#ipv6calc
#
-# Known bugs:
-# sit0 will not be shutdowned, if an additional IPv6 address was manually added to this device
-#
-# Filter tags (for stripping, empty lines following here if all is stripped)
@@ -24,85 +20,102 @@
# 1 = error occurs
# 2 = not enabled, i.e. no IPv6 kernel support or switched off by configuration
-##### Test for "ipv6calc" (can be used for better duplicate address detection)
+##### Test for "ipv6calc" (used for better existing address detection)
EXISTS_ipv6calc=no
if which ipv6calc >/dev/null 2>&1; then
- EXISTS_ipv6calc=yes
+ # do checks, whether ipv6calc does what was expected
+ if ipv6calc --if_inet62addr 3ffe04000100f1010000000000000001 40 | grep -q -v '3ffe:400:100:f101::1/64'; then
+ false
+ elif ipv6calc --addr2if_inet6 3ffe:400:100::1/64 | grep -q -v '3ffe0400010000000000000000000001 00 40'; then
+ false
+ else
+ EXISTS_ipv6calc=yes
+ fi
else
- true
+ false
fi
##### Test for IPv6 capabilites
+# $1: (optional) testflag: currently supported: "testonly" (do not load a module)
+test_ipv6() {
+ local testflag=$1
-function test_ipv6()
-{
# Test for IPv6 enabled kernel
if ! [ -f /proc/net/if_inet6 ]; then
- modprobe ipv6
-
- if ! [ -f /proc/net/if_inet6 ]; then
- echo $"Kernel is not compiled with IPv6 support"
+ if [ "$testflag" = "testonly" ]; then
return 2
+ else
+ modprobe ipv6
+
+ if ! [ -f /proc/net/if_inet6 ]; then
+ echo $"Kernel is not compiled with IPv6 support"
+ return 2
+ fi
fi
fi
+ if [ ! -d /proc/sys/net/ipv6/conf/ ]; then
+ # IPv6 related proc directory doesn't exist
+ return 2
+ fi
+
+ if ! which ip 2>&1 >/dev/null; then
+ echo $"Utility 'ip' (iproute-package) doesn't exist or isn't executable - non-NBMA-styled tunneling setup won't work!"
+ return 2
+ fi
+
return 0
}
-##### Control IPv6 forwarding
-# Display usage
-function forwarding_ipv6_usage() {
- echo $"Usage: $0 yes|no [device]"
+
+##### Get version of this function libary
+getversion_ipv6_functions() {
+ local version_ipv6_functions="`cat /etc/sysconfig/network-scripts/network-functions-ipv6 | grep "^# Version:" | awk '{ print $3 }' | sed 's/-//g' | sed 's/[A-Za-z]*$//g'`"
+ echo $version_ipv6_functions
}
+##### Control IPv6 forwarding
# Control IPv6 forwarding
# $1: control [yes|no|on|off]
-# $2: network device (if not given, global IPv6 forwarding is set)
-function forwarding_ipv6() {
- fw_control=$1
- fw_device=$2 # maybe empty
+# $2: network device (if not given, global IPv6 forwarding is set) [OBSOLETE]
+forwarding_ipv6() {
+ local fw_control=$1
+ local fw_device=$2 # maybe empty
if [ -z "$fw_control" ]; then
- echo $"Missing parameter 'forwarding control'"
- forwarding_ipv6_usage
+ echo $"Missing parameter 'forwarding control' (arg 1)"
return 1
fi
if ! [ "$fw_control" = "yes" -o "$fw_control" = "no" -o "$fw_control" = "on" -o "$fw_control" = "off" ]; then
- echo $"Don't understand forwarding control parameter '$fw_control'"
- forwarding_ipv6_usage
+ echo $"Don't understand forwarding control parameter '$fw_control' (arg 1)"
return 1
fi
- # Device "lo" need no IPv6 configuration
- if [ "$fw_device" = "lo" ]; then
- return 0;
- fi
-
# Run IPv6 test
- test_ipv6 || return
+ test_ipv6 || return 2
if [ "$fw_control" = "yes" -o "$fw_control" = "on" ]; then
- status=1
+ local status=1
else
- status=0
+ local status=0
fi
# Global control? (if no device is given)
if [ -z "$fw_device" ]; then
- sysctl -w net.ipv6.conf.all.forwarding=$status >/dev/null 2>&1
+ sysctl -w net.ipv6.conf.all.forwarding=$status >/dev/null
fi
- # Per device control
+ # Per device control (not implemented in kernel)
if [ ! -z "$fw_device" ]; then
- sysctl -w net.ipv6.conf.$fw_device.forwarding=$status >/dev/null 2>&1
+ echo $"IPv6 forwarding per device cannot be controlled via sysctl - use netfilter6 instead!"
fi
}
@@ -110,112 +123,144 @@ function forwarding_ipv6() {
##### Static IPv6 route configuration
-# Display usage
-function ifupdown_ipv6_route_usage() {
- echo $"Usage: $0 IPv6-network IPv6-gateway [device]"
-}
-
# Set static IPv6 route
# $1: IPv6 network to route
-# $2: IPv6 gateway over which $1 should be routed
+# $2: IPv6 gateway over which $1 should be routed (if "::", gw will be skipped)
# $3: Interface (optional)
-function ifup_ipv6_route() {
- networkipv6=$1
- gatewayipv6=$2
- device=$3 # maybe empty
+ifup_ipv6_route() {
+ local networkipv6=$1
+ local gatewayipv6=$2
+ local device=$3 # maybe empty
if [ -z "$networkipv6" ]; then
- echo $"Missing parameter 'IPv6-network'"
- ifupdown_ipv6_route_usage
+ echo $"Missing parameter 'IPv6-network' (arg 1)"
return 1
fi
if [ -z "$gatewayipv6" ]; then
- echo $"Missing parameter 'IPv6-gateway'"
- ifupdown_ipv6_route_usage
+ echo $"Missing parameter 'IPv6-gateway' (arg 2)"
return 1
fi
- # Device "lo" need no IPv6 configuration
- if [ "$device" = "lo" ]; then
- return 0;
- fi
-
# Run IPv6 test
- test_ipv6 || return
+ test_ipv6 || return 2
+
+ # Test, whether given IPv6 address is valid
+ if ! testipv6_valid $networkipv6; then
+ return 2
+ fi
+ if ! testipv6_valid $gatewayipv6; then
+ return 2
+ fi
if [ -z "$device" ]; then
- output="`LC_ALL=C route -A inet6 add $networkipv6 gw $gatewayipv6 2>&1`"
- if [ $? -ne 0 ]; then
- if echo $output | grep -i -q 'SIOCADDRT: File exists'; then
- true
- else
- echo $output
- fi
- fi
+ local output="`LC_ALL=C route -A inet6 add $networkipv6 gw $gatewayipv6 2>&1`"
else
- output="`LC_ALL=C route -A inet6 add $networkipv6 gw $gatewayipv6 dev $device 2>&1`"
- if [ $? -ne 0 ]; then
- if echo $output | grep -i -q 'SIOCADDRT: File exists'; then
- true
- else
- echo $output
- fi
- fi
+ if [ "$gatewayipv6" = "::" ]; then
+ local output="`LC_ALL=C route -A inet6 add $networkipv6 dev $device 2>&1`"
+ else
+ local output="`LC_ALL=C route -A inet6 add $networkipv6 gw $gatewayipv6 dev $device 2>&1`"
+ fi
+ fi
+
+ if [ $? -ne 0 ]; then
+ if echo $output | grep -i -q 'SIOCADDRT: File exists'; then
+ true
+ else
+ echo $output
+ return 2
+ fi
fi
+ return 0
}
-# Delete static IPv6 route
+# Delete a static IPv6 route
# $1: IPv6 network to route
-# $2: IPv6 gateway over which $1 should be routed
+# $2: IPv6 gateway over which $1 should be routed (if "::", gw will be skipped)
# $3: Interface (optional)
-function ifdown_ipv6_route() {
- networkipv6=$1
- gatewayipv6=$2
- device=$3 # maybe empty
+ifdown_ipv6_route() {
+ local networkipv6=$1
+ local gatewayipv6=$2
+ local device=$3 # maybe empty
if [ -z "$networkipv6" ]; then
- echo $"Missing parameter 'IPv6-network'"
- ifup_ipv6_route_usage
+ echo $"Missing parameter 'IPv6-network' (arg 1)"
return 1
fi
if [ -z "$gatewayipv6" ]; then
- echo $"Missing parameter 'IPv6-gateway'"
- ifup_ipv6_route_usage
+ echo $"Missing parameter 'IPv6-gateway' (arg 2)"
return 1
fi
- # Device "lo" need no IPv6 configuration
- if [ "$device" = "lo" ]; then
- return 0;
- fi
-
# Run IPv6 test
- test_ipv6 || return
+ test_ipv6 || return 2
+
+ # Test, whether given IPv6 address is valid
+ if ! testipv6_valid $networkipv6; then
+ return 2
+ fi
+ if ! testipv6_valid $gatewayipv6; then
+ return 2
+ fi
if [ -z "$device" ]; then
- output="`LC_ALL=C route -A inet6 del $networkipv6 gw $gatewayipv6 2>&1`"
- if [ $? -ne 0 ]; then
- if echo $output | grep -i -q 'SIOCDELRT: No such process'; then
- true
- else
- echo $output
- fi
- fi
+ local output="`LC_ALL=C route -A inet6 del $networkipv6 gw $gatewayipv6 2>&1`"
else
- output="`LC_ALL=C route -A inet6 del $networkipv6 gw $gatewayipv6 dev $device 2>&1`"
- if [ $? -ne 0 ]; then
- if echo $output | grep -i -q 'SIOCDELRT: No such process'; then
- true
- else
- echo $output
+ if [ "$gatewayipv6" = "::" ]; then
+ local output="`LC_ALL=C route -A inet6 del $networkipv6 dev $device 2>&1`"
+ else
+ local output="`LC_ALL=C route -A inet6 del $networkipv6 gw $gatewayipv6 dev $device 2>&1`"
+ fi
+ fi
+
+ if [ $? -ne 0 ]; then
+ if echo $output | grep -i -q 'SIOCDELRT: No such process'; then
+ true
+ else
+ echo $output
+ return 2
+ fi
+ fi
+
+ return 0
+}
+
+# Delete all static IPv6 routes through a given interface
+# $1: Interface
+# $2: Gateway match (optional)
+ifdown_ipv6_route_all() {
+ local device=$1
+ local gatewaymatch=$2
+
+ if [ -z "$device" ]; then
+ echo $"Missing parameter 'device' (arg 1)"
+ return 1
+ fi
+
+ # Run IPv6 test
+ test_ipv6 || return 2
+
+
+ # Get all IPv6 routes through given interface and remove them
+ LC_ALL=C route -A inet6 -n | grep "$device\W*$" | while read ipv6net nexthop flags metric ref use iface args; do
+ if [ "$iface" = "$device" ]; then
+ if [ ! -z "$gatewaymatch" ]; then
+ # Test if given gateway matches
+ if [ "$gatewaymatch" != "$nexthop" ]; then
+ # No match, take next
+ continue
fi
fi
- fi
+ # Only non addrconf (automatic installed) routes should be removed
+ if echo $flags | grep -v -q "A"; then
+ local output="`LC_ALL=C route -A inet6 del $ipv6net gw $nexthop dev $iface 2>&1`"
+ fi
+ fi
+ done
}
@@ -223,107 +268,121 @@ function ifdown_ipv6_route() {
##### automatic tunneling configuration
## Configure automatic tunneling up
-function ifup_ipv6_autotunnel() {
-
+ifup_ipv6_autotunnel() {
# Run IPv6 test
- test_ipv6 || return
+ test_ipv6 || return 2
# enable IPv6-over-IPv4 tunnels
- if LC_ALL=C ifconfig sit0 | grep -q "UP "; then
+ if test_interface_status sit0; then
# already up, do nothing
true
else
# basic tunnel device to up
ifconfig sit0 up
- # Switch on forwarding
- forwarding_ipv6 on sit0
+ # Test, whether "up" has worked
+ if ! test_interface_status sit0; then
+ echo $"Tunnel device 'sit0' enabling didn't work - FATAL ERROR!"
+ return 2
+ fi
+
+ # Set sysctls proper (regardless "default")
+ sysctl -w net.ipv6.conf.sit0.forwarding=1 >/dev/null
+ sysctl -w net.ipv6.conf.sit0.accept_ra=0 >/dev/null
+ sysctl -w net.ipv6.conf.sit0.accept_redirects=0 >/dev/null
fi
+ return 0
}
## Configure automatic tunneling down
-function ifdown_ipv6_autotunnel() {
-
+ifdown_ipv6_autotunnel() {
# Run IPv6 test
- test_ipv6 || return
+ test_ipv6 || return 2
- if LC_ALL=C ifconfig sit0 | grep -q "UP "; then
+ if test_interface_status sit0; then
# still up?
# disable IPv6-over-IPv4 tunnels (if a tunnel is no longer up)
- if LC_ALL=C route -n -A inet6 -n | grep sit0 | awk '{ print $2 }' | grep -v -q "^::$"; then
+ if LC_ALL=C route -A inet6 -n | grep "sit0\W*$" | awk '{ print $2 }' | grep -v -q "^::$"; then
# still existing routes, skip shutdown of sit0
true
- elif LC_ALL=C ifconfig sit0 | grep 'inet6 addr:' | awk '{ print $3 }' | grep -v -q '^::'; then
+ elif LC_ALL=C ip addr show dev sit0 | grep inet6 | awk '{ print $2 }' | grep -v -q '^::'; then
# still existing IPv6 addresses, skip shutdown of sit0
true
else
# basic tunnel device to down
- # Switch off forwarding
- forwarding_ipv6 off sit0
+ # Set sysctls proper
+ sysctl -w net.ipv6.conf.sit0.forwarding=0 >/dev/null
+ sysctl -w net.ipv6.conf.sit0.accept_ra=0 >/dev/null
+ sysctl -w net.ipv6.conf.sit0.accept_redirects=0 >/dev/null
ifconfig sit0 down
+
+ # Test, whether "down" has worked
+ if test_interface_status sit0; then
+ echo $"Tunnel device 'sit0' is still up - FATAL ERROR!"
+ return 2
+ fi
fi
fi
+ return 0
}
-##### static tunneling configuration
-
-function ifupdown_ipv6_tunnel_usage() {
- echo $"Usage: $0 interfacename IPv4-tunneladdress IPv6-route"
-}
-
+##### static NBMA-styled tunnel configuration
## Configure static tunnels up
# $1: Interface (not needed - dummy)
# $2: IPv4 address of foreign tunnel
# $3: IPv6 route through this tunnel
-function ifup_ipv6_tunnel() {
- device=$1
- addressipv4tunnel=$2
- routeipv6=$3
+ifup_ipv6_tunnel() {
+ local device=$1
+ local addressipv4tunnel=$2
+ local routeipv6=$3
if [ -z "$device" ]; then
- echo $"Missing parameter 'device'"
- ifupdown_ipv6_tunnel_usage
+ echo $"Missing parameter 'device' (arg 1)"
return 1
fi
if [ -z "$addressipv4tunnel" ]; then
- echo $"Missing parameter 'IPv4-tunneladdress'"
- ifupdown_ipv6_tunnel_usage
+ echo $"Missing parameter 'IPv4-tunneladdress' (arg 2)"
return 1
fi
if [ -z "$routeipv6" ]; then
- echo $"Missing parameter 'IPv6-route'"
- ifupdown_ipv6_tunnel_usage
+ echo $"Missing parameter 'IPv6-route' (arg 3)"
return 1
fi
-
+
# Run IPv6 test
- test_ipv6 || return
+ test_ipv6 || return 2
+
+ # Test, whether given IPv6 address is valid
+ if ! testipv6_valid $routeipv6; then
+ return 2
+ fi
+
# enable general IPv6-over-IPv4 tunneling
ifup_ipv6_autotunnel
+ if [ $? -ne 0 ]; then
+ return 2
+ fi
- # Set up a tunnel
- output="`LC_ALL=C route -A inet6 add $routeipv6 gw ::$addressipv4tunnel dev sit0 2>&1`"
+ # Set up a tunnel
+ ifup_ipv6_route $routeipv6 ::$addressipv4tunnel sit0
if [ $? -ne 0 ]; then
- if echo $output | grep -i -q 'SIOCADDRT: File exists'; then
- true
- else
- echo $output
- fi
+ return 2
fi
+ return 0
}
@@ -331,41 +390,37 @@ function ifup_ipv6_tunnel() {
# $1: Interface (not used - dummy)
# $2: IPv4 address of foreign tunnel
# $3: IPv6 route through this tunnel
-function ifdown_ipv6_tunnel() {
- device=$1
- addressipv4tunnel=$2
- routeipv6=$3
+ifdown_ipv6_tunnel() {
+ local device=$1
+ local addressipv4tunnel=$2
+ local routeipv6=$3
if [ -z "$device" ]; then
- echo $"Missing parameter 'device'"
+ echo $"Missing parameter 'device' (arg 1)"
ifupdown_ipv6_tunnel_usage
return 1
fi
if [ -z "$addressipv4tunnel" ]; then
- echo $"Missing parameter 'IPv4-tunneladdress'"
+ echo $"Missing parameter 'IPv4-tunnel address' (arg 2)"
ifupdown_ipv6_tunnel_usage
return 1
fi
if [ -z "$routeipv6" ]; then
- echo $"Missing parameter 'IPv6-route'"
+ echo $"Missing parameter 'IPv6-route' (arg 3)"
ifupdown_ipv6_tunnel_usage
return 1
fi
# Run IPv6 test
- test_ipv6 || return
+ test_ipv6 || return 2
- # Set up a tunnel
- output="`LC_ALL=C route -A inet6 del $routeipv6 gw ::$addressipv4tunnel dev sit0 2>&1`"
+ # Delete a NBMA-styled tunnel
+ ifdown_ipv6_route $routeipv6::$addressipv4tunnel sit0
if [ $? -ne 0 ]; then
- if echo $output | grep -i -q 'SIOCDELRT: No such process'; then
- true
- else
- echo $output
- fi
+ return 2
fi
# disable IPv6-over-IPv4 tunneling (if no longer a tunnel is up)
@@ -377,23 +432,26 @@ function ifdown_ipv6_tunnel() {
## Remove all IPv6 tunnels for a given tunnel endpoint
# $1: Interface (not used - dummy)
# $2: IPv4-tunneladdress
-function ifdown_ipv6_tunnel_all() {
- idtuall_device=$1
- idtuall_tunnel=$2
+ifdown_ipv6_tunnel_all() {
+ local idtuall_device=$1
+ local idtuall_tunnel=$2
if [ -z "$idtuall_device" ]; then
- echo $"Missing parameter 'device'"
- echo $"Usage: ifdown_ipv6_tunnel_all interfacename IPv4-tunneladdress"
+ echo $"Missing parameter 'device' (arg 1)"
return 1
fi
if [ -z "$idtuall_tunnel" ]; then
- echo $"Missing parameter 'IPv4-tunneladdress'"
- echo $"Usage: ifdown_ipv6_tunnel_all interfacename IPv4-tunneladdress"
+ echo $"Missing parameter 'IPv4-tunneladdress' (arg 2)"
return 1
fi
+
+ # Run IPv6 test
+ test_ipv6 || return 2
+
+
# Get all IPv6 routes through given interface and remove them
- LC_ALL=C route -n -A inet6 | grep "::$idtuall_tunnel" | while read ipv6net nexthop flags metric ref use iface args; do
+ LC_ALL=C route -A inet6 -n | grep "::$idtuall_tunnel" | while read ipv6net nexthop flags metric ref use iface args; do
if [ "::$idtuall_tunnel" = "$nexthop" ]; then
if echo $flags | grep -v -q "A"; then
# Only non addrconf (automatic installed) routes should be removed
@@ -401,6 +459,10 @@ function ifdown_ipv6_tunnel_all() {
fi
fi
done
+
+ # disable IPv6-over-IPv4 tunneling (if no longer a tunnel is up)
+ ifdown_ipv6_autotunnel
+ return 0
}
@@ -409,13 +471,13 @@ function ifdown_ipv6_tunnel_all() {
# $2: Address to test (without prefix)
# $3: Prefix of address $1
# return values: 1:problem, 10:not exists, 11:exits
-function test_ipv6_addrs_exists () {
- testdevice=$1
- testaddr=$2
- testprefix=$3
+test_ipv6_address_exists() {
+ local testdevice=$1
+ local testaddr=$2
+ local testprefix=$3
if [ -z "$testaddr" ]; then
- echo $"Missing parameter 'IPv6AddrToTest'"
+ echo $"Missing parameter 'IPv6AddrToTest' (arg 1)"
return 1
fi
@@ -423,16 +485,16 @@ function test_ipv6_addrs_exists () {
if [ "$EXISTS_ipv6calc" = "yes" ]; then
# Using ipv6calc and compare against /proc/net/if_inet6
- convertresult="`LC_ALL=C ipv6calc --addr2if_inet6 $testaddr/$testprefix`"
+ local convertresult="`LC_ALL=C ipv6calc --addr2if_inet6 $testaddr/$testprefix`"
# Split in address, scope and prefix length
- test_addr="`echo $convertresult | awk '{ print $1 }'`"
- test_scope="`echo $convertresult | awk '{ print $2 }'`"
- test_prefixlength="`echo $convertresult | awk '{ print $3 }'`"
+ local test_addr="`echo $convertresult | awk '{ print $1 }'`"
+ local test_scope="`echo $convertresult | awk '{ print $2 }'`"
+ local test_prefixlength="`echo $convertresult | awk '{ print $3 }'`"
if [ -z "$test_prefixlength" ]; then
- testresult="`grep "$test_addr .. .. $test_scope .." /proc/net/if_inet6 | grep $testdevice$`"
+ local testresult="`grep "$test_addr .. .. $test_scope .." /proc/net/if_inet6 | grep $testdevice$`"
else
- testresult="`grep "$test_addr .. $test_prefixlength $test_scope .." /proc/net/if_inet6 | grep $testdevice$`"
+ local testresult="`grep "$test_addr .. $test_prefixlength $test_scope .." /proc/net/if_inet6 | grep $testdevice$`"
fi
if [ ! -z "$testresult" ]; then
return 11
@@ -440,8 +502,8 @@ function test_ipv6_addrs_exists () {
return 10
fi
else
- # low budget version, only works if given address is in equal form like ifconfig displays
- testresult="`LC_ALL=C ifconfig $testdevice | grep "inet6 addr:" | grep -i ": $testaddr/$testprefix" | awk '{ print $3 }'`"
+ # low budget version, only works if given address is in equal form like "ip" displays
+ local testresult="`LC_ALL=C ip addr show dev $testdevice | grep inet6 | awk '{ print $2 }' | grep -i "^$testaddr/$testprefix$"`"
if [ ! -z "$testresult" ]; then
return 11
else
@@ -451,64 +513,56 @@ function test_ipv6_addrs_exists () {
}
##### Interface configuration
-function ifupdown_ipv6_usage() {
- echo $"Usage: $0 interfacename IPv6-address/IPv6-prefixlength"
-}
## Add an IPv6 address for given interface
# $1: Interface
# $2: IPv6 address
-function ifup_ipv6_real() {
- device=$1
- address=$2
+ifup_ipv6_real() {
+ local device=$1
+ local address=$2
if [ -z "$device" ]; then
- echo $"Missing parameter 'device'"
+ echo $"Missing parameter 'device' (arg 1)"
ifupdown_ipv6_usage
return 1
fi
- # Device "lo" need no IPv6 configuration
- if [ "$device" = "lo" ]; then
- return 0;
- fi
-
if [ -z "$address" ]; then
- echo $"Missing parameter 'IPv6-address'"
+ echo $"Missing parameter 'IPv6-address' (arg 2)"
ifupdown_ipv6_usage
return 1
fi
+ # Run IPv6 test
+ test_ipv6 || return 2
+
+ # Test, whether given IPv6 address is valid
+ if ! testipv6_valid $address; then
+ return 2
+ fi
+
# Test status of interface
- if LC_ALL=C ifconfig $device | grep -q "UP "; then
- # Interface is up
- true
+ if test_interface_status $device; then
+ # Interface is already up
+ true
else
# no IPv4 for this interface, interface is still down, do up ...
- ifconfig $device up
- fi
-
- # Extract address parts
- prefixlength_implicit="`echo $address | awk -F/ '{ print $2 }'`"
- address_implicit="`echo $address | awk -F/ '{ print $1 }'`"
+ ifconfig $device up
- # Test for prefix length
- if [ -z "$prefixlength_implicit" ]; then
- echo $"Missing 'prefix length' for given address"
- ifupdown_ipv6_usage
- return 1
- elif [ $prefixlength_implicit -lt 0 -o $prefixlength_implicit -gt 128 ]; then
- echo $"'prefix length' on given address is out of range (0-128)"
- ifupdown_ipv6_usage
- return 1
+ # Test, whether "up" has worked
+ if ! test_interface_status $device; then
+ echo $"Device '$device' enabling didn't work - FATAL ERROR!"
+ return 2
+ fi
fi
- # Run IPv6 test
- test_ipv6 || return
+ # Extract address parts
+ local prefixlength_implicit="`echo $address | awk -F/ '{ print $2 }'`"
+ local address_implicit="`echo $address | awk -F/ '{ print $1 }'`"
# Only add, if address do not already exist
- test_ipv6_addrs_exists $device $address_implicit $prefixlength_implicit
+ test_ipv6_address_exists $device $address_implicit $prefixlength_implicit
retval=$?
if [ $retval -lt 10 ]; then
return 2
@@ -520,94 +574,72 @@ function ifup_ipv6_real() {
ifconfig $device add $address || return 2
fi
+ return 0
}
## Remove all IPv6 routes and addresses for given interface
# cleanup to prevent kernel crashes
# $1: Interface
-function ifdown_ipv6_real_all() {
- idall_device=$1
+ifdown_ipv6_real_all() {
+ local device=$1
- if [ -z "$idall_device" ]; then
- echo $"Missing parameter 'device'"
- echo $"Usage: ifdown_ipv6_real_all interfacename"
+ if [ -z "$device" ]; then
+ echo $"Missing parameter 'device' (arg 1)"
return 1
fi
- # Get all IPv6 routes through given interface and remove them
- LC_ALL=C route -n -A inet6 | grep $idall_device | while read ipv6net nexthop flags metric ref use iface args; do
- if [ "$idall_device" = "$iface" ]; then
- if echo $flags | grep -v -q "A"; then
- # Only non addrconf (automatic installed) routes should be removed
- ifdown_ipv6_route $ipv6net $nexthop $iface
- fi
+ # Run IPv6 test
+ test_ipv6 || return 2
+
+
+ # Remove all IPv6 routes through this device (but not "lo")
+ if [ "$device" != "lo" ]; then
+ ip -6 route flush dev $device >/dev/null 2>&1
fi
- done
-
- # Get all IPv6 addresses assigned to given interface and remove them
- if [ "$EXISTS_ipv6calc" = "yes" ]; then
- grep $idall_device$ /proc/net/if_inet6 | while read hexaddr dummy1 hexprefixlenth hexscope device args; do
- if [ "$hexscope" != "20" ]; then
- ipv6addr="`ipv6calc --if_inet62addr $hexaddr $hexprefixlenth`"
- ifdown_ipv6_real $idall_device $ipv6addr
- fi
- done
- else
- LC_ALL=C ifconfig $idall_device | grep "inet6 addr:" | while read dummy1 dummy2 ipv6addr scope args; do
- if [ "$scope" != "Scope:Link" ]; then
- ifdown_ipv6_real $idall_device $ipv6addr
- fi
- done
- fi
+
+ # Remove all IPv6 addresses on this interface
+ ip -6 addr flush dev $device >/dev/null 2>&1
+
+ return 0
}
+
## Remove an IPv6 address on given interface
# $1: Interface
# $2: IPv6 address
-function ifdown_ipv6_real() {
- device=$1
- address=$2
+ifdown_ipv6_real() {
+ local device=$1
+ local address=$2
if [ -z "$device" ]; then
- echo $"Missing parameter 'device'"
+ echo $"Missing parameter 'device' (arg 1)"
ifupdown_ipv6_usage
return 1
fi
- # Device "lo" need no IPv6 configuration
- if [ "$device" = "lo" ]; then
- return 0;
- fi
-
if [ -z "$address" ]; then
- echo $"Missing parameter 'IPv6-address'"
+ echo $"Missing parameter 'IPv6-address' (arg 2)"
ifupdown_ipv6_usage
return 1
fi
- # Extract address parts
- prefixlength_implicit="`echo $address | awk -F/ '{ print $2 }'`"
- address_implicit="`echo $address | awk -F/ '{ print $1 }'`"
+ # Run IPv6 test
+ test_ipv6 || return 2
- # Test for prefix length
- if [ -z "$prefixlength_implicit" ]; then
- echo $"Missing 'prefix length' for given address"
- ifupdown_ipv6_usage
- return 1
- elif [ $prefixlength_implicit -lt 0 -o $prefixlength_implicit -gt 128 ]; then
- echo $"'prefix length' on given address is out of range (0-128)"
- ifupdown_ipv6_usage
- return 1
+ # Test, whether given IPv6 address is valid
+ if ! testipv6_valid $address; then
+ return 2
fi
- # Run IPv6 test
- test_ipv6 || return
+ # Extract address parts
+ local prefixlength_implicit="`echo $address | awk -F/ '{ print $2 }'`"
+ local address_implicit="`echo $address | awk -F/ '{ print $1 }'`"
# Only remove, if address exists and is not link-local (prevents from kernel crashing)
- test_ipv6_addrs_exists $device $address_implicit $prefixlength_implicit
- retval=$?
+ test_ipv6_address_exists $device $address_implicit $prefixlength_implicit
+ local retval=$?
if [ $retval -lt 10 ]; then
return 2
fi
@@ -618,5 +650,408 @@ function ifdown_ipv6_real() {
true
fi
+ return 0
}
+
+##### Some address test functions
+
+## Test a given IPv6 address for valid
+# $1: IPv6 address
+# Return code =0:valid 1:not valid 2:general problem
+testipv6_valid() {
+ local testipv6addr_valid=$1
+
+
+ if [ -z "$testipv6addr_valid" ]; then
+ # nothing for testing
+ return 2
+ fi
+
+ # Extract parts
+ local prefixlength_implicit="`echo $testipv6addr_valid | awk -F/ '{ print $2 }'`"
+ local address_implicit="`echo $testipv6addr_valid | awk -F/ '{ print $1 }'`"
+
+ if [ "$EXISTS_ipv6calc" = "yes" ]; then
+ if ! ipv6calc --addr2uncompaddr $testipv6addr_valid >/dev/null 2>&1; then
+ echo $"Given IPv6 address '$testipv6addr_valid' is not valid"
+ return 1
+ fi
+ else
+ # Test for a valid format
+ if ! echo "$address_implicit" | egrep -q '^[a-fA-F0-9:\.]*$'; then
+ echo $"Given IPv6 address '$testipv6addr_valid' is not valid"
+ return 1
+ fi
+ fi
+
+ # Test for prefix length
+ if [ -z "$prefixlength_implicit" ]; then
+ if echo "$testipv6addr_valid" | grep "/$"; then
+ # Trailing "/", but no value
+ echo $"Missing 'prefix length' for given address ''$testipv6addr_valid"
+ return 1
+ else
+ return 0
+ fi
+ elif [ $prefixlength_implicit -lt 0 -o $prefixlength_implicit -gt 128 ]; then
+ echo $"'prefix length' on given address '$testipv6addr_valid' is out of range (0-128)"
+ return 1
+ fi
+
+ return 0
+}
+
+
+
+
+## Test a given IPv4 address for not a private but unicast one
+# $1: IPv4 address
+# Return code =0:ok 1:private or not unicast 2:general problem
+testipv4_globalusable() {
+ local testipv4addr_globalusable=$1
+
+
+ if [ -z "$testipv4addr_globalusable" ]; then
+ # nothing for testing
+ return 2
+ fi
+
+
+ # Test for a globally usable IPv4 address now
+ # test 0.0.0.0/8
+ ipcalc --network $testipv4addr_globalusable 255.0.0.0 | grep -q "NETWORK=0\.0\.0\.0" && return 1
+ # test 10.0.0.0/8 (private)
+ ipcalc --network $testipv4addr_globalusable 255.0.0.0 | grep -q "NETWORK=10\.0\.0\.0" && return 1
+ # test 127.0.0.0/8 (loopback)
+ ipcalc --network $testipv4addr_globalusable 255.0.0.0 | grep -q "NETWORK=127\.0\.0\.0" && return 1
+ # test 169.254.0.0/16 (DHCP link local)
+ ipcalc --network $testipv4addr_globalusable 255.255.0.0 | grep -q "NETWORK=169\.254\.0\.0" && return 1
+ # test 172.16.0.0/12 (private)
+ ipcalc --network $testipv4addr_globalusable 255.240.0.0 | grep -q "NETWORK=172\.16\.0\.0" && return 1
+ # test 192.168.0.0/16 (private)
+ ipcalc --network $testipv4addr_globalusable 255.255.0.0 | grep -q "NETWORK=192\.168\.0\.0" && return 1
+ # test 224.0.0.0/3 (multicast and reserved, broadcast)
+ ipcalc --network $testipv4addr_globalusable 224.0.0.0 | grep -q "NETWORK=224\.0\.0\.0" && return 1
+
+ return 0
+}
+
+
+## Test a given device for status
+# $1: device name
+# Return code =0:UP 1:not UP 2:not exists
+test_interface_status() {
+ local device=$1
+
+ if [ -z "$device" ]; then
+ echo $"Missing parameter 'device'"
+ echo $"Usage: ifdown_ipv6to4_all interfacename"
+ return 1
+ fi
+
+ # Test if device exists
+ if ! LC_ALL=C ifconfig $device >/dev/null 2>&1 ; then
+ return 2
+ fi
+
+ # Test if device is up
+ if LC_ALL=C ifconfig $device 2>&1 | grep -q "UP "; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+
+## Build 6to4 prefix
+# $1: IPv4 address
+# RetVal: 6to4address
+# Returncode 0=ok 1=failure 2=general problem
+create6to4prefix() {
+ local ipv4addr=$1
+
+
+ local major1="`echo $ipv4addr | awk -F. '{ print $1 }'`"
+ local minor1="`echo $ipv4addr | awk -F. '{ print $2 }'`"
+ local major2="`echo $ipv4addr | awk -F. '{ print $3 }'`"
+ local minor2="`echo $ipv4addr | awk -F. '{ print $4 }'`"
+
+ if [ -z "$major1" -o -z "$minor1" -o -z "$major2" -o -z "$minor2" ]; then
+ return 2
+ fi
+
+ if [ $major1 -eq 0 ]; then
+ local block1="`printf "%x" $minor1`"
+ else
+ local block1="`printf "%x%02x" $major1 $minor1`"
+ fi
+ if [ $major2 -eq 0 ]; then
+ local block2="`printf "%x" $minor2`"
+ else
+ local block2="`printf "%x%02x" $major2 $minor2`"
+ fi
+
+ local prefix6to4="2002:$block1:$block2"
+
+ echo "$prefix6to4"
+ return 0
+}
+
+
+##### 6to4 tunneling setup
+
+## Configure 6to4 tunneling up
+# $1: Interface (not needed - dummy)
+# $2: global IPv4 address of local interface
+# $3: IPv6 suffix for 6to4 prefix (optional, default is "1")
+# ReturnCodes 0=ok 1=failure 2=general problem
+ifup_ipv6to4() {
+ local device=$1 # dummy
+ local localipv4=$2
+ local localipv6to4suffix=$3
+
+ if [ -z "$device" ]; then
+ echo $"Missing parameter 'device' (arg 1)"
+ ifupdown_ipv6to4_usage
+ return 1
+ fi
+
+ if [ -z "$localipv4" ]; then
+ echo $"Missing parameter 'local IPv4 address' (arg 2)"
+ ifupdown_ipv6to4_usage
+ return 1
+ fi
+
+ # Run IPv6 test
+ test_ipv6 || return 2
+
+
+ # generate 6to4 address
+ local prefix6to4="`create6to4prefix $localipv4`"
+ if [ $? -ne 0 -o -z "$prefix6to4" ]; then
+ return 2
+ fi
+
+ if [ -z "$localipv6to4suffix" ]; then
+ local address6to4="${prefix6to4}::1/48"
+ else
+ local address6to4="${prefix6to4}::${localipv6to4suffix}/48"
+ fi
+
+ # enable general IPv6-over-IPv4 tunneling
+ ifup_ipv6_autotunnel
+
+ ifup_ipv6_real sit0 $address6to4
+ if [ $? -ne 0 ]; then
+ return 2
+ fi
+
+ return 0
+}
+
+
+## Configure all 6to4 tunneling down
+# $1: Interface (not needed - dummy)
+# ReturnCodes 0=ok 1=failure 2=general problem
+ifdown_ipv6to4_all() {
+ local device=$1 # dummy
+
+ if [ -z "$device" ]; then
+ echo $"Missing parameter 'device' (arg 1)"
+ return 1
+ fi
+
+ # Run IPv6 test
+ test_ipv6 || return 2
+
+
+ # Get all configured 6to4 addresses
+ LC_ALL=C ip addr show dev sit0 | grep inet6 | awk '{ print $2 }' | grep "^2002:" | while read ipv6to4addr; do
+ # And delete them
+ ifdown_ipv6_real sit0 $ipv6to4addr
+ done
+
+ # try to disable general IPv6-over-IPv4 tunneling
+ ifdown_ipv6_autotunnel
+
+}
+
+
+## Configure 6to4 tunneling down
+# $1: Interface (not needed - dummy)
+# $2: global IPv4 address of local interface
+# ReturnCodes 0=ok 1=failure 2=general problem
+ifdown_ipv6to4() {
+ local device=$1 # dummy
+ local localipv4=$2
+
+ if [ -z "$device" ]; then
+ echo $"Missing parameter 'device' (arg 1)"
+ return 1
+ fi
+
+ if [ -z "$localipv4" ]; then
+ echo $"Missing parameter 'local IPv4 address' (arg 2)"
+ return 1
+ fi
+
+ # Run IPv6 test
+ test_ipv6 || return 2
+
+
+ # generate 6to4 address
+ local prefix6to4="`create6to4prefix $localipv4`"
+ echo $"Generated 6to4 prefix '$prefix6to4' from '$localipv4'"
+ if [ $? -ne 0 -o -z "$prefix6to4" ]; then
+ return 2
+ fi
+
+ if [ -z "$localipv6to4suffix" ]; then
+ local address6to4="$prefix6to4::1/48"
+ else
+ local address6to4="${prefix6to4}::${localipv6to4suffix}/48"
+ fi
+
+ ifdown_ipv6_real sit0 $address6to4
+ if [ $? -ne 0 ]; then
+ return 2
+ fi
+
+ # try to disable general IPv6-over-IPv4 tunneling
+ ifdown_ipv6_autotunnel
+ if [ $? -ne 0 ]; then
+ return 2
+ fi
+
+ return 0
+}
+
+
+##### static tunnel device configuration
+
+## Configure a static tunnel device up
+# $1: Interface
+# $2: IPv4 address of foreign tunnel
+# $3: Local IPv6 address of a P-t-P tunnel (optional)
+ifup_ipv6_tunneldev() {
+ local device=$1
+ local addressipv4tunnel=$2
+ local addressipv6local=$3
+
+ if [ -z "$device" ]; then
+ echo $"Missing parameter 'device' (arg 1)"
+ return 1
+ fi
+
+ if [ -z "$addressipv4tunnel" ]; then
+ echo $"Missing parameter 'IPv4-tunneladdress' (arg 2)"
+ return 1
+ fi
+
+ # Run IPv6 test
+ test_ipv6 || return 2
+
+
+
+ if ! test_interface_status $device; then
+ # Get default TTL
+ local ttldefault="`sysctl net.ipv4.ip_default_ttl | awk '{ print $3 }'`"
+ if [ -z "$ttldefault" ]; then
+ local ttldefault=64
+ fi
+
+ # Test whether remote IPv4 address was already applied to another tunnel (does not catch IPv4 addresses with leading 0's)
+ LC_ALL=C ip tunnel show | grep $addressipv4tunnel | while read dev type tag remote tag local tag ttl rest; do
+ local devnew="`echo $dev | sed 's/:$//g'`"
+ if [ "$remote" = "$addressipv4tunnel" ]; then
+ echo $"Given remote address '$addressipv4tunnel' on tunnel device '$device' is already configured on device '$devnew' - FATAL ERROR!"
+ return 2
+ fi
+ done
+ if [ $? -ne 0 ]; then
+ return 2
+ fi
+
+ ip tunnel add $device mode sit ttl $ttldefault remote $addressipv4tunnel
+
+ # Test, whether "ip tunnel show" works without error
+ ip tunnel show $device >/dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ echo $"Tunnel device '$device' creation didn't work - ERROR!"
+ return 2
+ fi
+
+ # Test, whether "ip tunnel show" reports valid content
+ if ! ip tunnel show $device | grep -q "remote"; then
+ echo $"Tunnel device '$device' creation didn't work - ERROR!"
+ return 2
+ fi
+
+ ifconfig $device up
+
+ # Test, whether creation did worked
+ if ! test_interface_status $device; then
+ echo $"Tunnel device '$device' bringing up didn't work - ERROR!"
+ return 2
+ fi
+
+ # Set sysctls proper (regardless "default")
+ sysctl -w net.ipv6.conf.$device.forwarding=1 >/dev/null
+ sysctl -w net.ipv6.conf.$device.accept_ra=0 >/dev/null
+ sysctl -w net.ipv6.conf.$device.accept_redirects=0 >/dev/null
+
+ if [ ! -z "$addressipv6local" ]; then
+ # Setup P-t-P address
+ ifup_ipv6_real $device $addressipv6local
+ if [ $? -ne 0 ]; then
+ return 2
+ fi
+ fi
+ else
+ false
+ fi
+
+ return 0
+}
+
+
+## Configure a static tunnel device down
+# $1: Interface
+ifdown_ipv6_tunneldev() {
+ local device=$1
+
+ if [ -z "$device" ]; then
+ echo $"Missing parameter 'device' (arg 1)"
+ return 1
+ fi
+
+ # Run IPv6 test
+ test_ipv6 || return 2
+
+
+ if test_interface_status $device; then
+ # Shut down tunnel
+ ifdown_ipv6_real_all $device
+ else
+ if [ "$device" != "sit0" ]; then
+ false
+ fi
+ fi
+
+ if [ "$device" != "sit0" ]; then
+ if ip tunnel | grep -q "^$device:" ; then
+ ip tunnel del $device
+
+ # Test, whether removing did worked
+ if test_interface_status $device; then
+ false
+ fi
+ else
+ false
+ fi
+ fi
+
+ return 0
+}
+