Modify IPV6TO4_ROUTING to also add addresses on the interfaces

Add RFC 3041 (IPv6 privacy) support
(patch for both by Peter Bieringer <pb@bieringer.de>)

5 files changed, 113 insertions, 65 deletions

diff --git a/sysconfig/network-scripts/ifdown-ipv6 b/sysconfig/network-scripts/ifdown-ipv6
index b9120134..64ee246d 100755
--- a/sysconfig/network-scripts/ifdown-ipv6
+++ b/sysconfig/network-scripts/ifdown-ipv6
@@ -11,7 +11,7 @@
 #
 # RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
 #
-# Version 2004-09-02
+# Version 2005-09-22
 #
 # Note: if called as (like normally) by /etc/sysconfig/network-scripts/ifdown
 #        exit codes aren't handled by "ifdown"
@@ -25,7 +25,7 @@
 #
 # Optional for 6to4 tunneling:
 #  IPV6TO4_RELAY=<IPv4 address>: IPv4 address of the remote 6to4 relay [default: 192.88.99.1]
-#  IPV6TO4_ROUTING="<device>-<suffix>/<prefix length> ...": information to setup local subnetting
+#  IPV6TO4_ROUTING="<device>-<suffix>/<prefix length> ...": information to setup internal interfaces
 #
 # Optional for 6to4 tunneling links to trigger radvd:
 #  IPV6_CONTROL_RADVD=yes|no: controls radvd triggering [optional]
@@ -39,10 +39,10 @@
 #
 
 
-. /etc/sysconfig/network 
+. /etc/sysconfig/network
 
 cd /etc/sysconfig/network-scripts
-. network-functions 
+. network-functions
 
 CONFIG=$1
 [ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
@@ -74,45 +74,51 @@ ipv6_exec_sysctl -w net.ipv6.conf.$DEVICE.forwarding=0 >/dev/null 2>&1
 ipv6_exec_sysctl -w net.ipv6.conf.$DEVICE.accept_ra=0 >/dev/null 2>&1
 ipv6_exec_sysctl -w net.ipv6.conf.$DEVICE.accept_redirects=0 >/dev/null 2>&1
 
-# Shutdown of 6to4, if configured
-valid6to4config="yes"
-if [ -z "$IPV6TO4_RELAY" ]; then
-	IPV6TO4_RELAY="192.88.99.1"
-fi
-
-# Get IPv4 address from interface
-if [ -n "$IPV6TO4_IPV4ADDR" ]; then
-	# Take special configured from config file (precedence 1)
-	ipv4addr="$IPV6TO4_IPV4ADDR"
+# Test status of tun6to4 device
+ipv6_test_device_status tun6to4
+if [ $? = 0 -o $? = 11 ]; then
+	# Device exists
+	valid6to4config="yes"
 
-	# Get IPv4 address from interface first
-	ipv4addrlocal="`ipv6_get_ipv4addr_of_device $DEVICE`"
-	if [ -z "$ipv4addrlocal" ]; then
-		# Take configured from config file
-		ipv4addrlocal="$IPADDR"
+	if [ -z "$IPV6TO4_RELAY" ]; then
+		IPV6TO4_RELAY="192.88.99.1"
 	fi
-else
-	# Get IPv4 address from interface first (has precedence 2)
-	ipv4addr="`ipv6_get_ipv4addr_of_device $DEVICE`"
-	if [ -z "$ipv4addr" ]; then
-		# Take configured from config file (precedence 3)
-		ipv4addr="$IPADDR"
+
+	# Get IPv4 address from interface
+	if [ -n "$IPV6TO4_IPV4ADDR" ]; then
+		# Take special configured from config file (precedence 1)
+		ipv4addr="$IPV6TO4_IPV4ADDR"
+
+		# Get IPv4 address from interface first
+		ipv4addrlocal="`ipv6_get_ipv4addr_of_device $DEVICE`"
+		if [ -z "$ipv4addrlocal" ]; then
+			# Take configured from config file
+			ipv4addrlocal="$IPADDR"
+		fi
+	else
+		# Get IPv4 address from interface first (has precedence 2)
+		ipv4addr="`ipv6_get_ipv4addr_of_device $DEVICE`"
+		if [ -z "$ipv4addr" ]; then
+			# Take configured from config file (precedence 3)
+			ipv4addr="$IPADDR"
+		fi
+		ipv4addrlocal="$ipv4addr"
 	fi
-	ipv4addrlocal="$ipv4addr"
-fi
 
-# Get local IPv4 address of dedicated tunnel
-ipv4addr6to4local="`ipv6_get_ipv4addr_of_tunnel tun6to4 local`"
+	# Get local IPv4 address of dedicated tunnel
+	ipv4addr6to4local="`ipv6_get_ipv4addr_of_tunnel tun6to4 local`"
 
-if [ -z "$ipv4addrlocal" -o -z "$ipv4addr6to4local" ]; then
-	# no IPv4 addresses given, 6to4 sure not configured
-	valid6to4config="no"
-else
-	# Check against configured 6to4 tunnel to see if this interface was used before
-	if [ "$ipv4addrlocal" != "$ipv4addr6to4local" ]; then
-		# IPv4 address of interface does't match local tunnel address, interface was not used for current 6to4 setup
+	if [ -z "$ipv4addrlocal" -o -z "$ipv4addr6to4local" ]; then
+		# no IPv4 addresses given, 6to4 sure not configured
 		valid6to4config="no"
+	else
+		# Check against configured 6to4 tunnel to see if this interface was used before
+		if [ "$ipv4addrlocal" != "$ipv4addr6to4local" ]; then
+			# IPv4 address of interface does't match local tunnel address, interface was not used for current 6to4 setup
+			valid6to4config="no"
+		fi
 	fi
+
 fi
 
 # Shutdown of 6to4, if configured
@@ -121,16 +127,16 @@ if [ "$valid6to4config" = "yes" ]; then
 		# Delete routes to local networks
 		for devsuf in $IPV6TO4_ROUTING; do
 			dev="`echo $devsuf | awk -F- '{ print $1 }'`"
-			ipv6_cleanup_routes $dev ::
+			ipv6_cleanup_6to4_device $dev
 		done
 	fi
 
 	# Delete all configured 6to4 address
-	ipv6_cleanup_6to4_tunnels tun6to4 
+	ipv6_cleanup_6to4_tunnels tun6to4
 
 	# Control running radvd
 	ipv6_trigger_radvd down "$IPV6_RADVD_TRIGGER_ACTION" $IPV6_RADVD_PIDFILE
 fi
 
-# Delete all current configured IPv6 addresses on this interface 
+# Delete all current configured IPv6 addresses on this interface
 ipv6_cleanup_device $DEVICE
diff --git a/sysconfig/network-scripts/ifdown-sit b/sysconfig/network-scripts/ifdown-sit
index 2059f96a..36603177 100755
--- a/sysconfig/network-scripts/ifdown-sit
+++ b/sysconfig/network-scripts/ifdown-sit
@@ -4,10 +4,10 @@
 #
 #
 # Taken from:
-# (P) & (C) 2000-2002 by Peter Bieringer <pb@bieringer.de>
+# (P) & (C) 2000-2003 by Peter Bieringer <pb@bieringer.de>
 #
-#  You will find more information in the IPv6-HowTo for Linux at
-#   http://www.bieringer.de/linux/IPv6/
+#  You will find more information on the initscripts-ipv6 homepage at
+#   http://www.deepspace6.net/projects/initscripts-ipv6.html
 #
 # RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
 #
@@ -21,10 +21,10 @@
 #
 
 
-. /etc/sysconfig/network 
+. /etc/sysconfig/network
 
 cd /etc/sysconfig/network-scripts
-. network-functions 
+. network-functions
 
 CONFIG=$1
 [ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
@@ -58,4 +58,4 @@ if [ $? != 0 -a $? != 11 ]; then
 fi
 
 # Cleanup and shut down IPv6-in-IPv4 tunnel device
-ipv6_del_tunnel_device $DEVICE 
+ipv6_del_tunnel_device $DEVICE
diff --git a/sysconfig/network-scripts/ifup-ipv6 b/sysconfig/network-scripts/ifup-ipv6
index 6ff924b0..8762129f 100755
--- a/sysconfig/network-scripts/ifup-ipv6
+++ b/sysconfig/network-scripts/ifup-ipv6
@@ -4,17 +4,17 @@
 #
 #
 # Taken from:
-# (P) & (C) 2000-2004 by Peter Bieringer <pb@bieringer.de>
+# (P) & (C) 2000-2005 by Peter Bieringer <pb@bieringer.de>
 #
 #  You will find more information on the initscripts-ipv6 homepage at
 #   http://www.deepspace6.net/projects/initscripts-ipv6.html
 #
 # RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
 #
-# Version 2004-03-21
+# Version 2005-09-22
 #
 # Note: if called (like normally) by /etc/sysconfig/network-scripts/ifup
-#        exit codes aren't handled by "ifup" 
+#        exit codes aren't handled by "ifup"
 #
 # Uses following information from "/etc/sysconfig/network":
 #  NETWORKING_IPV6=yes|no: controls IPv6 initialization (global setting)
@@ -31,14 +31,16 @@
 #    IPV6FORWARDING=yes: IPV6_AUTOCONF=no, IPV6_ROUTER=yes
 #    IPV6FORWARDING=no: IPV6_AUTOCONF=yes
 #  IPV6_MTU=<MTU for IPv6>: controls IPv6 MTU for this link (optional)
+#  IPV6_PRIVACY="rfc3041": control IPv6 privacy (optional)
+#    This script only supports "rfc3041" (if kernel supports it)
 #
 # Optional for 6to4 tunneling (hardwired name of tunnel device is "tun6to4"):
 #  IPV6TO4INIT=yes|no: controls 6to4 tunneling setup
 #  IPV6TO4_RELAY=<IPv4 address>: IPv4 address of the remote 6to4 relay (default: 192.88.99.1)
 #  IPV6TO4_MTU=<MTU for IPv6>: controls IPv6 MTU for the 6to4 link (optional, default is MTU of interface - 20)
 #  IPV6TO4_IPV4ADDR=<IPv4 address>: overwrite local IPv4 address (optional)
-#  IPV6TO4_ROUTING="<device>-<suffix>/<prefix length> ...": information to setup local subnetting
-#    Example: IPV6TO4_ROUTING="eth0-:f101::0/64 eth1-:f102::0/64"
+#  IPV6TO4_ROUTING="<device>-<suffix>/<prefix length> ...": information to setup additional interfaces
+#    Example: IPV6TO4_ROUTING="eth0-:f101::1/64 eth1-:f102::1/64"
 #
 # Optional for 6to4 tunneling to trigger radvd:
 #  IPV6_CONTROL_RADVD=yes|no: controls radvd triggering (optional)
@@ -48,18 +50,18 @@
 #  Required version of radvd to use 6to4 prefix recalculation
 #   0.6.2p3 or newer supporting option "Base6to4Interface"
 #  Required version of radvd to use dynamic ppp links
-#   0.7.0 + fixes or newer 
+#   0.7.0 + fixes or newer
 #
 
 
-. /etc/sysconfig/network 
+. /etc/sysconfig/network
 
 cd /etc/sysconfig/network-scripts
-. network-functions 
+. network-functions
 
 CONFIG=$1
 [ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
-source_config  
+source_config
 
 # IPv6 don't need aliases anymore, config is skipped
 REALDEVICE=`echo ${DEVICE} | sed 's/:.*//g'`
@@ -83,7 +85,7 @@ ipv6_test_device_status $DEVICE
 if [ $? != 0 -a $? != 11 ]; then
 	# device doesn't exist or other problem occurs
 	exit 1
-fi 
+fi
 
 # Setup IPv6 address on specified interface
 if ! [ -z "$IPV6ADDR" ]; then
@@ -142,6 +144,14 @@ if [ -n "$IPV6ADDR_SECONDARIES" ]; then
 	done
 fi
 
+# Enable IPv6 RFC3041 privacy extensions if desired
+if [ "$IPV6_PRIVACY" = "rfc3041" ]; then
+	ipv6_exec_sysctl -w net.ipv6.conf.$DEVICE.use_tempaddr=2 >/dev/null 2>&1
+	if [ $? -ne 0 ]; then
+		echo $"Cannot enable IPv6 privacy method '$IPV6_PRIVACY', not supported by kernel"
+	fi
+fi
+
 # Setup default IPv6 route, check are done by function
 if [ -n "$IPV6_DEFAULTDEV" -o -n "$IPV6_DEFAULTGW" ]; then
 	ipv6_set_default_route "$IPV6_DEFAULTGW" "$IPV6_DEFAULTDEV" "$DEVICE"
@@ -284,7 +294,7 @@ if [ "$IPV6TO4INIT" = "yes" ]; then
 					for devsuf in $IPV6TO4_ROUTING; do
 						dev="`echo $devsuf | awk -F- '{ print $1 }'`"
 						suf="`echo $devsuf | awk -F- '{ print $2 }'`"
-						ipv6_add_route ${ipv6to4prefix}$suf :: $dev
+						ipv6_add_addr_on_device ${dev} ${ipv6to4prefix}${suf}
 					done
 				else
 					echo $"Error occurred while calculating the IPv6to4 prefix"
diff --git a/sysconfig/network-scripts/ifup-sit b/sysconfig/network-scripts/ifup-sit
index 80d5b963..4fa78eb5 100755
--- a/sysconfig/network-scripts/ifup-sit
+++ b/sysconfig/network-scripts/ifup-sit
@@ -4,11 +4,14 @@
 #
 #
 # Taken from:
-# (P) & (C) 2000-2002 by Peter Bieringer <pb@bieringer.de>
+# (P) & (C) 2000-2003 by Peter Bieringer <pb@bieringer.de>
+#
+#  You will find more information on the initscripts-ipv6 homepage at
+#   http://www.deepspace6.net/projects/initscripts-ipv6.html
 #
 # RHL integration assistance by Pekka Savola <pekkas@netcore.fi>
 #
-# Version 2002-12-04
+# Version 2003-09-08
 #
 # Uses following information from /etc/sysconfig/network:
 #  NETWORKING_IPV6=yes|no: controls IPv6 initialization (global setting)
@@ -19,8 +22,8 @@
 #  DEVICE=<device>
 #  IPV6INIT=yes|no: controls IPv6 configuration for this interface
 #  IPV6_MTU=<MTU for IPv6>: controls IPv6 MTU for this link (optional)
-# 
-#  For static tunnels 
+#
+#  For static tunnels
 #  IPV6TUNNELIPV4=<IPv4 address>: IPv4 address of remote tunnel endpoint
 #  IPV6TUNNELIPV4LOCAL=<IPv4 address>: (optional) local IPv4 address of tunnel
 #  IPV6ADDR=<IPv6 address>[/<prefix length>]: (optional) local IPv6 address of a numbered tunnel
@@ -28,10 +31,10 @@
 #
 
 
-. /etc/sysconfig/network 
+. /etc/sysconfig/network
 
 cd /etc/sysconfig/network-scripts
-. network-functions 
+. network-functions
 
 CONFIG=$1
 [ -f "$CONFIG" ] || CONFIG=ifcfg-$CONFIG
diff --git a/sysconfig/network-scripts/network-functions-ipv6 b/sysconfig/network-scripts/network-functions-ipv6
index 153c05ea..5ee91187 100644
--- a/sysconfig/network-scripts/network-functions-ipv6
+++ b/sysconfig/network-scripts/network-functions-ipv6
@@ -8,7 +8,7 @@
 #  You will find more information on the initscripts-ipv6 homepage at
 #   http://www.deepspace6.net/projects/initscripts-ipv6.html
 #
-# Version: 2005-03-03
+# Version: 2005-09-22
 #
 #
 
@@ -419,12 +419,12 @@ ipv6_cleanup_routes() {
 	if [ -n "$gatewaymatch" ]; then
 		# Get all IPv6 routes (except default link-local and multicast) through given interface via a given gateway and remove them
 		ipv6_exec_ip -6 route show dev $device via $gatewaymatch | LC_ALL=C grep -v -w expires | LC_ALL=C egrep -v "^fe80::/64|^ff00::/8" | while read ipv6net dummy; do
-			ipv6_exec_ip -6 route del $ipv6net via $gatewaymatch dev $iface
+			ipv6_del_route $ipv6net $gatewaymatch $device
 		done
 	else
 		# Get all IPv6 routes (except default link-local and multicast) through given interface and remove them
 		ipv6_exec_ip -6 route show dev $device | LC_ALL=C grep -v -w expires | LC_ALL=C egrep -v "^fe80::/64|^ff00::/8" | while read ipv6net dummy; do
-			ipv6_exec_ip -6 route del $ipv6net dev $iface
+			ipv6_del_route $ipv6net :: $device
 		done
 	fi
 
@@ -594,6 +594,35 @@ ipv6_cleanup_device() {
 }
 
 
+## Remove all IPv6 6to4 related routes and addresses on given interface
+#  $1: <Interface>
+# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem
+ipv6_cleanup_6to4_device() {
+	local fn="ipv6_cleanup_6to4_device"
+
+	local device=$1
+
+	if [ -z "$device" ]; then
+		ipv6_log $"Missing parameter 'device' (arg 1)" err $fn
+		return 1
+	fi
+
+	ipv6_test testonly || return 2
+
+	# Cleanup 6to4 addresses on this device
+	ipv6_exec_ip -6 addr show dev $dev scope global permanent | LC_ALL=C grep -w inet6 | awk '{ print $2}' | LC_ALL=C grep "^2002:" | while read addr; do
+        	ipv6_del_addr_on_device ${dev} ${addr}
+	done
+
+	# Get all IPv6 routes through given interface via a given gateway and remove them
+	ipv6_exec_ip -6 route show dev $device | LC_ALL=C grep "^2002:" | while read ipv6net dummy; do
+		ipv6_del_route $ipv6net :: $device
+	done
+
+	return 0
+}
+
+
 ## Remove an IPv6 address on given interface
 #  $1: <Interface>
 #  $2: <IPv6 address>