diff options
| -rw-r--r-- | changes.ipv6 | 11 | ||||
| -rw-r--r-- | ipv6-6to4.howto | 18 | ||||
| -rw-r--r-- | sysconfig/network-scripts/network-functions-ipv6 | 74 |
3 files changed, 48 insertions, 55 deletions
diff --git a/changes.ipv6 b/changes.ipv6 index 250e507e..1970e98e 100644 --- a/changes.ipv6 +++ b/changes.ipv6 @@ -1,4 +1,4 @@ -v1.5 4th Dec 2002, Pekka Savola <pekkas@netcore.fi> +v1.6 2nd Sep 2003, Pekka Savola <pekkas@netcore.fi> IPv6 CHANGES ============ @@ -6,8 +6,13 @@ IPv6 CHANGES This mentions the most important changes (visible to the administrator) in IPv6 initscripts. -RHL80 -> CURRENT ----------------- +RHL9 -> CURRENT +--------------- + + - no major functional changes, only bugfixes and cleanups + +RHL80 -> RHL9 +------------- - 6to4 device MTU is calculated explicitly, IPV6TO4_MTU support added - add route6-<device> static route support diff --git a/ipv6-6to4.howto b/ipv6-6to4.howto index b42704b8..707908d8 100644 --- a/ipv6-6to4.howto +++ b/ipv6-6to4.howto @@ -1,4 +1,4 @@ -v1.4 10th Jan 2002, Pekka Savola <pekkas@netcore.fi> +v1.5 1st Sep 2003, Pekka Savola <pekkas@netcore.fi> HOW TO SET UP IPV6 WITH 6TO4 ---------------------------- @@ -120,7 +120,7 @@ Usually the following is enough: 2. Configure radvd as outlined in radvd.conf(5); the file could be something like: - interface eth0 + interface eth1 { AdvSendAdvert on; MinRtrAdvInterval 3; @@ -145,6 +145,18 @@ Usually the following is enough: IPV6_CONTROL_RADVD=yes +5. Configure the associated routes to other 6to4 subnets to point at + your LAN interfaces; this can be done automatically with + IPV6TO4_ROUTING variable; please refer sysconfig.txt for details. + In the particular example, above, this would be like: + + /etc/sysconfig/network-scripts/ifcfg-eth0: + + IPV6TO4_ROUTING="eth1-:1::0/64" + + However, please note that no global address is configured on the + interface, just a route! + MORE INFORMATION ---------------- @@ -157,6 +169,6 @@ Clouds") is the RFC about 6to4. ftp://ftp.isi.edu/in-notes/rfc3068.txt ("An Anycast Prefix for 6to4 Relay Routers") is the RFC about finding a close 6to4 relay automatically. -http:://www.ietf.org/internet-drafts/draft-savola-ngtrans-6to4-security-00.txt +http://www.ietf.org/internet-drafts/draft-savola-v6ops-6to4-security-02.txt ("Security Considerations and Enhancements for 6to4") explains some security considerations in 6to4. diff --git a/sysconfig/network-scripts/network-functions-ipv6 b/sysconfig/network-scripts/network-functions-ipv6 index bf9a4576..e5284411 100644 --- a/sysconfig/network-scripts/network-functions-ipv6 +++ b/sysconfig/network-scripts/network-functions-ipv6 @@ -137,7 +137,7 @@ ipv6_log() { fi ;; 'syslog') - + # note: logger resides in /usr/bin, but not used by default if ! [ -x logger ]; then echo $"ERROR: [ipv6_log] Syslog is chosen, but binary 'logger' doesn't exist or isn't executable" >/dev/stderr return 3 @@ -509,7 +509,7 @@ ipv6_disable_autotunnel() { if ipv6_exec_route -A inet6 -n 2>/dev/null | LC_ALL=C grep "sit0\W*$" | awk '{ print $2 }' | LC_ALL=C grep -v -q "^::$"; then # still existing routes, skip shutdown of sit0 true - elif ipv6_exec_ip addr show dev sit0 | LC_ALL=C grep inet6 | awk '{ print $2 }' | LC_ALL=C grep -v -q '^::'; then + elif ipv6_exec_ip -6 -o addr show dev sit0 | awk '{ print $4 }' | LC_ALL=C grep -v -q '^::'; then # still existing IPv6 addresses, skip shutdown of sit0 true else @@ -583,7 +583,7 @@ ipv6_test_addr_exists_on_device() { fi else # low budget version, only works if given address is in equal form like "ip" displays - local testresult="`ipv6_exec_ip addr show dev $testdevice | LC_ALL=C grep -w inet6 | awk '{ print $2 }' | LC_ALL=C grep -i "^$testaddr/$testprefix$"`" + local testresult="`ipv6_exec_ip -o -6 addr show dev $testdevice | awk '{ print $4 }' | LC_ALL=C grep -i "^$testaddr/$testprefix$"`" if [ -n "$testresult" ]; then # exists return 0 @@ -598,41 +598,6 @@ ipv6_test_addr_exists_on_device() { } -##### Test, whether an IPv6 address with given prefix exists on an interface -# $1: <Interface> : to test -# $2: <Prefix> -# return values: 0=ok (exists) 1=argument error 3=major problem 10=not exists -ipv6_test_addrprefix_exists_on_device() { - local fn="ipv6_test_addr_prefix_exists_on_device" - - local testdevice=$1 - local testaddrprefix=$2 - - if [ -z "$testdevice" ]; then - ipv6_log $"Missing parameter 'device' (arg 1)" err $fn - return 1 - fi - if [ -z "$testaddrprefix" ]; then - ipv6_log $"Missing parameter 'IPv6 address prefix' (arg 2)" err $fn - return 1 - fi - - ipv6_test testonly || return 2 - - # For the moment: low budget version, only works if given address is in equal form like "ip" displays - local testresult="`ipv6_exec_ip addr show dev $testdevice | LC_ALL=C grep inet6 | awk '{ print $2 }' | LC_ALL=C grep -i "^$testaddrprefix:"`" - if [ -n "$testresult" ]; then - # exists - return 0 - else - # not exists - return 10 - fi - - # Normally this lines not reached - return 3 -} - ##### Interface configuration @@ -1081,13 +1046,16 @@ ipv6_add_6to4_tunnel() { local address6to4="${prefix6to4}::${localipv6to4suffix}/16" fi - ipv6_add_tunnel_device tun6to4 0.0.0.0 $address6to4 $ipv4addr + ipv6_add_tunnel_device tun6to4 0.0.0.0 $address6to4 $localipv4 if [ $? -ne 0 ]; then local retval=3 else local retval=0 fi + # Add unspecific unreachable route for local 6to4 address space + ipv6_exec_ip route add unreach ${prefix6to4}::/48 + # Set MTU, if given if [ -n "$mtu" ]; then ipv6_set_mtu $device $mtu @@ -1120,6 +1088,11 @@ ipv6_cleanup_6to4_tunnels() { ipv6_del_tunnel_device tun6to4 + # Remove all unspecific unreachable routes for local 6to4 address space + ipv6_exec_ip -6 route | LC_ALL=C grep "^unreachable 2002:" | LC_ALL=C grep "/48 dev lo" | while read token net rest; do + ipv6_exec_ip route del unreach $net + done + return 0 } @@ -1155,6 +1128,9 @@ ipv6_del_6to4_tunnel() { ipv6_del_tunnel_device tun6to4 local retval=$? + # Remove unspecific unreachable route for local 6to4 address space + ipv6_exec_ip route del unreach ${prefix6to4}::/48 + return $retval } @@ -1273,7 +1249,7 @@ ipv6_del_tunnel_device() { fi if [ "$device" != "sit0" ]; then - if ipv6_exec_ip tunnel 2>/dev/null | LC_ALL=C grep -q "^$device:" ; then + if ipv6_exec_ip tunnel show $device 2>/dev/null | LC_ALL=C grep -q -w "ipv6/ip"; then ipv6_exec_ip tunnel del $device if ipv6_test_device_status $device; then @@ -1296,7 +1272,7 @@ ipv6_cleanup_tunnel_devices() { # Find still existing tunnel devices and shutdown and delete them - ipv6_exec_ip tunnel | LC_ALL=C grep -w "ipv6/ip" | awk -F: '{ print $1 }' | while read device; do + ipv6_exec_ip tunnel show | LC_ALL=C grep -w "ipv6/ip" | awk -F: '{ print $1 }' | while read device; do ipv6_del_tunnel_device $device done @@ -1362,7 +1338,7 @@ ipv6_get_ipv4addr_of_tunnel() { ## Get IPv4 address of a device # $1: <Interface> # stdout: <IPv4 address> if available -# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem +# return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem (more than one IPv4 address applied) ipv6_get_ipv4addr_of_device() { local fn="ipv6_get_ipv4addr_of_device" @@ -1380,8 +1356,8 @@ ipv6_get_ipv4addr_of_device() { return 3 fi - # Device exists, retrieve address - local ipv4addr="`ipv6_exec_ip -4 addr show dev $device | LC_ALL=C grep -w "inet" | awk '{ print $2 }' | awk -F/ '{ print $1 }'`" + # Device exists, retrieve the first address only + local ipv4addr="`ipv6_exec_ip -o -4 addr show dev $device | awk '{ print $4 }' | awk -F/ '{ print $1; exit }'`" if [ $? != 0 ]; then return 3 @@ -1438,9 +1414,9 @@ ipv6_set_mtu() { } -## Set a default gateway -# $1: <IPv6 Address> : gateway, can also contain scope suffix (device name), cause a warning if not matching with $2 (but will have precedence) -# $2: <gateway device>: specified gateway device (has +## Set a default route +# $1: <IPv6 address> : gateway, can also contain scope suffix (device name), cause a warning if not matching with $2 (but will have precedence) +# $2: <gateway device>: gateway device (optional in case of $1 is a global address or $1 contains scope suffix) # $3: <check device>: (optional) device to check scope and gateway device against (setup is skipped, if not matching) # return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem ipv6_set_default_route() { @@ -1494,7 +1470,7 @@ ipv6_set_default_route() { fi fi - # Set device now, if given + # Set device now, if not given if [ -z "$device" ]; then local device="$device_scope" fi @@ -1561,7 +1537,7 @@ ipv6_test_route_requires_next_hop() { return 10 fi - if ipv6_exec_ip link show $device 2>/dev/null | LC_ALL=C grep -q "POINTOPOINT"; then + if ipv6_exec_ip -o link show $device 2>/dev/null | LC_ALL=C grep -q "POINTOPOINT"; then return 10 fi |