#!/bin/sh # # network-functions-ipv6 # # Taken from: network-functions-ipv6 # (P) & (C) 1997-2005 by Peter Bieringer # # You will find more information on the initscripts-ipv6 homepage at # http://www.deepspace6.net/projects/initscripts-ipv6.html # # Version: 2006-08-03 # # ##### Logging function # $1: : message string # $2: [stdout|stderr].[err|warn[ing]|inf[o]|notice] : log level with optional channel, default is "stdout.notice" # [syslog.[facility.].err|warn[ing]|inf[o]|notice : syslog channel, default is "syslog.user.notice" # $3: : name of function which calls this log function, can be empty using "" # return code: 0=ok 1=argument error 3=major problem ipv6_log() { local message="$1" local level="$2" local name="$3" if [ -z "$message" ]; then echo $"ERROR: [ipv6_log] Missing 'message' (arg 1)" >/dev/stderr return 1 fi if [ -z "$level" ]; then local level="stdout.notice" fi # Map loglevel now local fn=1 local fnawk="print \$$fn" local t="`echo $level | awk -F. "{ $fnawk }"`" # Check channel, if given case $t in 'stdout'|'stderr'|'syslog') local channel="$t" local fn=$[ $fn + 1 ] ;; *) local channel="stdout" ;; esac # Check syslog facilty, if given if [ "$channel" = "syslog" ]; then local fnawk="print \$$fn" local t="`echo $level | awk -F. "{ $fnawk }"`" case $t in 'local0'|'local1'|'local2'|'local3'|'local4'|'local5'|'local6'|'local7'|'daemon') local facility="$t" local fn=$[ $fn + 1 ] ;; *) local facility="user" ;; esac fi local fnawk="print \$$fn" local t="`echo $level | awk -F. "{ $fnawk }"`" # Map priority [ "$t" = "inf" ] && local t="info" [ "$t" = "deb" ] && local t="debug" [ "$t" = "warning" ] && local t="warn" [ "$t" = "error" ] && local t="err" [ "$t" = "critical" ] && local t="crit" # Check priority, if given case $t in 'info'|'debug'|'notice'|'warn'|'err'|'crit') local priority="$t" local fn=$[ $fn + 1 ] ;; *) local priority="notice" ;; esac local fnawk="print \$$fn" local t="`echo $level | awk -F. "{ $fnawk }"`" if [ -n "$t" ]; then echo $"ERROR: [ipv6_log] Loglevel isn't valid '$level' (arg 2)" >/dev/stderr return 1 fi # Generate function text if [ -z "$name" ]; then local txt_name="" else local txt_name="[$name]" fi # Log message case $channel in 'stdout'|'stderr') # Generate level text case $priority in 'debug') local txt_level=$"DEBUG " ;; 'err') local txt_level=$"ERROR " ;; 'warn') local txt_level=$"WARN " ;; 'crit') local txt_level=$"CRITICAL " ;; 'info') local txt_level=$"INFO " ;; 'notice') local txt_level=$"NOTICE " ;; esac [ -n "$txt_name" ] && local txt_name="$txt_name " if [ "$channel" = "stderr" ]; then echo "$txt_level: ${txt_name}${message}" >/dev/stderr elif [ "$channel" = "stdout" ]; then echo "$txt_level: ${txt_name}${message}" fi ;; 'syslog') # note: logger resides in /usr/bin, but not used by default if ! [ -x logger ]; then echo $"ERROR: [ipv6_log] Syslog is chosen, but binary 'logger' doesn't exist or isn't executable" >/dev/stderr return 3 fi if [ -z "$txt_name" ]; then logger -p $facility.$priority $message else logger -p $facility.$priority -t "$txt_name" "$message" fi ;; *) echo $"ERROR: [ipv6_log] Cannot log to channel '$channel'" >/dev/stderr return 3 ;; esac return 0 } ###### Beginning of main code here, always executed on "source|. network-functions-ipv6" ###### End of main code here ##### Test for IPv6 capabilites # $1: (optional) testflag: currently supported: "testonly" (do not load a module) # return code: 0=ok 2=IPv6 test fails ipv6_test() { local fn="ipv6_test" local testflag=$1 if ! [ -f /proc/net/if_inet6 ]; then if [ "$testflag" = "testonly" ]; then return 2 else modprobe ipv6 if ! [ -f /proc/net/if_inet6 ]; then ipv6_log $"Kernel is not compiled with IPv6 support" crit $fn return 2 fi fi fi if ! [ -d /proc/sys/net/ipv6/conf/ ]; then return 2 fi if ! [ -x /sbin/ip ]; then ipv6_log $"Utility 'ip' (package: iproute) doesn't exist or isn't executable - stop" crit $fn return 2 fi if ! [ -x /sbin/sysctl ]; then ipv6_log $"Utility 'sysctl' (package: procps) doesn't exist or isn't executable - stop" crit $fn return 2 fi return 0 } ##### Get version of this function library # stdout: getversion_ipv6_functions() { local version_ipv6_functions="`cat /etc/sysconfig/network-scripts/network-functions-ipv6 | LC_ALL=C grep "^# Version:" | awk '{ print $3 }' | sed 's/-//g' | sed 's/[A-Za-z]*$//g'`" echo $version_ipv6_functions return 0 } ##### Wrapper for used binaries ## ifconfig # $*: # return code: result of execution ipv6_exec_ifconfig() { local fn="ipv6_exec_ifconfig" local options=$* LC_ALL=C /sbin/ifconfig $options return $? } ## route # $*: # return code: result of execution ipv6_exec_route() { local options=$* LC_ALL=C /sbin/route $options return $? } ## ip # $*: # return code: result of execution ipv6_exec_ip() { local options=$* LC_ALL=C /sbin/ip $options return $? } ## sysctl # $*: # return code: result of execution ipv6_exec_sysctl() { local options=$* LC_ALL=C /sbin/sysctl -e $options return $? } ##### Control IPv6 forwarding # Control IPv6 forwarding # $1: yes|no|on|off : control value # $2: [] : (optional), if not given, global IPv6 forwarding is set [OBSOLETE] # return code: 0=ok 1=argument error 2=IPv6 test fails ipv6_control_forwarding() { local fn="ipv6_control_forwarding" local fw_control=$1 local fw_device=$2 # maybe empty if [ -z "$fw_control" ]; then ipv6_log $"Missing parameter 'forwarding control' (arg 1)" err $fn return 1 fi if ! [ "$fw_control" = "yes" -o "$fw_control" = "no" -o "$fw_control" = "on" -o "$fw_control" = "off" ]; then ipv6_log $"Forwarding control parameter isn't valid '$fw_control' (arg 1)" err $fn return 1 fi ipv6_test || return 2 if [ "$fw_control" = "yes" -o "$fw_control" = "on" ]; then local status=1 else local status=0 fi # Global control? (if no device is given) if [ -z "$fw_device" ]; then ipv6_exec_sysctl -w net.ipv6.conf.all.forwarding=$status >/dev/null 2>&1 fi # Per device control (not implemented in kernel) if [ -n "$fw_device" ]; then ipv6_log $"IPv6 forwarding per device cannot be controlled via sysctl - use netfilter6 instead" warn $fn fi return 0 } ##### Static IPv6 route configuration # Set static IPv6 route # $1: : to route # $2: : over which $1 should be routed (if "::", gw will be skipped) # $3: [] : (optional) # return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem adding route ipv6_add_route() { local fn="ipv6_add_route" local networkipv6=$1 local gatewayipv6=$2 local device=$3 # maybe empty if [ -z "$networkipv6" ]; then ipv6_log $"Missing parameter 'IPv6-network' (arg 1)" err $fn return 1 fi if [ -z "$gatewayipv6" ]; then ipv6_log $"Missing parameter 'IPv6-gateway' (arg 2)" err $fn return 1 fi ipv6_test || return 2 ipv6_test_ipv6_addr_valid $networkipv6 || return 2 ipv6_test_ipv6_addr_valid $gatewayipv6 || return 2 if [ -z "$device" ]; then local returntxt="`ipv6_exec_ip -6 route add $networkipv6 via $gatewayipv6 metric 1 2>&1`" else if [ "$gatewayipv6" = "::" ]; then local returntxt="`ipv6_exec_ip -6 route add $networkipv6 dev $device metric 1 2>&1`" else local returntxt="`ipv6_exec_ip -6 route add $networkipv6 via $gatewayipv6 dev $device metric 1 2>&1`" fi fi if [ -n "$returntxt" ]; then if echo $returntxt | LC_ALL=C grep -q "File exists"; then # Netlink: "File exists" true elif echo $returntxt | LC_ALL=C grep -q "No route to host"; then # Netlink: "No route to host" ipv6_log $"'No route to host' adding route '$networkipv6' via gateway '$gatewayipv6' through device '$device'" warn $fn return 3 else ipv6_log $"Unknown error" warn $fn return 3 fi fi return 0 } # Delete a static IPv6 route # $1: : to route # $2: : over which $1 should be routed (if "::", gw will be skipped) # $3: [] : (optional) # return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem adding route ipv6_del_route() { local fn="ipv6_del_route" local networkipv6=$1 local gatewayipv6=$2 local device=$3 # maybe empty if [ -z "$networkipv6" ]; then ipv6_log $"Missing parameter 'IPv6-network' (arg 1)" err $fn return 1 fi if [ -z "$gatewayipv6" ]; then ipv6_log $"Missing parameter 'IPv6-gateway' (arg 2)" err $fn return 1 fi ipv6_test testonly || return 2 # Test, whether given IPv6 address is valid ipv6_test_ipv6_addr_valid $networkipv6 || return 1 ipv6_test_ipv6_addr_valid $gatewayipv6 || return 1 if [ -z "$device" ]; then ipv6_exec_ip -6 route del $networkipv6 via $gatewayipv6 local result=$? else if [ "$gatewayipv6" = "::" ]; then ipv6_exec_ip -6 route del $networkipv6 dev $device local result=$? else ipv6_exec_ip -6 route del $networkipv6 via $gatewayipv6 dev $device local result=$? fi fi if [ $result -eq 2 ]; then # Netlink: "No such process" true elif [ $result -ne 0 ]; then return 3 fi return 0 } # Delete all static IPv6 routes through a given interface # $1: # $2: [] : to match (optional) # return code: 0=ok 1=argument error 2=IPv6 test fails ipv6_cleanup_routes() { local fn="ipv6_cleanup_routes" local device=$1 local gatewaymatch=$2 if [ -z "$device" ]; then ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi ipv6_test testonly || return 2 if [ -n "$gatewaymatch" ]; then # Get all IPv6 routes (except default link-local and multicast) through given interface via a given gateway and remove them ipv6_exec_ip -6 route show dev $device via $gatewaymatch | LC_ALL=C grep -v -w expires | LC_ALL=C egrep -v "^fe80::/64|^ff00::/8" | while read ipv6net dummy; do ipv6_del_route $ipv6net $gatewaymatch $device done else # Get all IPv6 routes (except default link-local and multicast) through given interface and remove them ipv6_exec_ip -6 route show dev $device | LC_ALL=C grep -v -w expires | LC_ALL=C egrep -v "^fe80::/64|^ff00::/8" | while read ipv6net dummy; do ipv6_del_route $ipv6net :: $device done fi return 0 } ##### automatic tunneling configuration ## Configure automatic tunneling up # return code: 0=ok 2=IPv6 test fails 3=major problem ipv6_enable_autotunnel() { local fn="ipv6_enable_autotunnel" ipv6_test || return 2 # enable IPv6-over-IPv4 tunnels if ipv6_test_device_status sit0; then true else # bring up basic tunnel device ipv6_exec_ip link set sit0 up if ! ipv6_test_device_status sit0; then ipv6_log $"Tunnel device 'sit0' enabling didn't work" err $fn return 3 fi # Set sysctls proper (regardless "default") ipv6_exec_sysctl -w net.ipv6.conf.sit0.forwarding=1 >/dev/null 2>&1 ipv6_exec_sysctl -w net.ipv6.conf.sit0.accept_ra=0 >/dev/null 2>&1 ipv6_exec_sysctl -w net.ipv6.conf.sit0.accept_redirects=0 >/dev/null 2>&1 fi return 0 } ## Configure automatic tunneling down # return code: 0=ok 2=IPv6 test fails 3=major problem ipv6_disable_autotunnel() { local fn="ipv6_disable_autotunnel" ipv6_test testonly || return 2 if ipv6_test_device_status sit0; then # disable IPv6-over-IPv4 tunnels (if a tunnel is no longer up) if ipv6_exec_ip -6 route show dev sit0 | LC_ALL=C grep -w via | awk '{ print $3 }' | LC_ALL=C grep -v -q "^::$"; then # still existing routes, skip shutdown of sit0 true elif ipv6_exec_ip -6 -o addr show dev sit0 | awk '{ print $4 }' | LC_ALL=C grep -v -q '^::'; then # still existing IPv6 addresses, skip shutdown of sit0 true else # take down basic tunnel device ipv6_exec_sysctl -w net.ipv6.conf.sit0.forwarding=0 >/dev/null 2>&1 ipv6_exec_sysctl -w net.ipv6.conf.sit0.accept_ra=0 >/dev/null 2>&1 ipv6_exec_sysctl -w net.ipv6.conf.sit0.accept_redirects=0 >/dev/null 2>&1 ipv6_exec_ip link set sit0 down if ipv6_test_device_status sit0; then ipv6_log $"Tunnel device 'sit0' is still up" err $fn return 3 fi fi fi return 0 } ##### Interface configuration ## Add an IPv6 address for given interface # $1: # $2: # return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem ipv6_add_addr_on_device() { local fn="ipv6_add_addr_on_device" local device=$1 local address=$2 if [ -z "$device" ]; then ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi if [ -z "$address" ]; then ipv6_log $"Missing parameter 'IPv6-address' (arg 2)" err $fn return 1 fi ipv6_test || return 2 ipv6_test_ipv6_addr_valid $address || return 1 ipv6_test_device_status $device local result=$? if [ "$result" = "0" ]; then true elif [ "$result" != "11" ]; then ipv6_log $"Device '$device' doesn't exist" err $fn return 3 else ipv6_exec_ip link set $device up if ! ipv6_test_device_status $device; then ipv6_log $"Device '$device' enabling didn't work" err $fn return 3 fi fi # Extract address parts local prefixlength_implicit="`echo $address | awk -F/ '{ print $2 }'`" local address_implicit="`echo $address | awk -F/ '{ print $1 }'`" # Check prefix length and using '64' as default if [ -z "$prefixlength_implicit" ]; then local prefixlength_implicit="64" local address="$address_implicit/$prefixlength_implicit" fi ipv6_exec_ip -6 addr add $address dev $device local result=$? if [ $result -eq 2 ]; then return 0 elif [ $result -ne 0 ]; then ipv6_log $"Cannot add IPv6 address '$address' on dev '$device'" err $fn return 3 fi return 0 } ## Remove all IPv6 routes and addresses on given interface (cleanup to prevent kernel crashes) # $1: # return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem ipv6_cleanup_device() { local fn="ipv6_cleanup_device" local device=$1 if [ -z "$device" ]; then ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi ipv6_test testonly || return 2 # Remove all IPv6 routes through this device (but not "lo") if [ "$device" != "lo" ]; then ipv6_exec_ip -6 route flush dev $device scope global >/dev/null 2>&1 ipv6_exec_ip -6 route flush dev $device scope site >/dev/null 2>&1 fi # Remove all IPv6 addresses on this interface ipv6_exec_ip -6 addr flush dev $device scope global >/dev/null 2>&1 ipv6_exec_ip -6 addr flush dev $device scope site >/dev/null 2>&1 return 0 } ## Remove all IPv6 6to4 related routes and addresses on given interface # $1: # return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem ipv6_cleanup_6to4_device() { local fn="ipv6_cleanup_6to4_device" local device=$1 if [ -z "$device" ]; then ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi ipv6_test testonly || return 2 # Cleanup 6to4 addresses on this device ipv6_exec_ip -6 addr show dev $dev scope global permanent | LC_ALL=C grep -w inet6 | awk '{ print $2}' | LC_ALL=C grep "^2002:" | while read addr; do ipv6_del_addr_on_device ${dev} ${addr} done # Get all IPv6 routes through given interface related to 6to4 and remove them ipv6_exec_ip -6 route show dev $device | LC_ALL=C grep "^2002:" | while read ipv6net dummy; do ipv6_del_route $ipv6net :: $device done return 0 } ## Remove an IPv6 address on given interface # $1: # $2: # return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem ipv6_del_addr_on_device() { local fn="ipv6_del_addr_on_device" local device=$1 local address=$2 if [ -z "$device" ]; then ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi if [ -z "$address" ]; then ipv6_log $"Missing parameter 'IPv6 address' (arg 2)" err $fn return 1 fi ipv6_test testonly || return 2 ipv6_test_ipv6_addr_valid $address || return 1 # Extract address parts local prefixlength_implicit="`echo $address | awk -F/ '{ print $2 }'`" local address_implicit="`echo $address | awk -F/ '{ print $1 }'`" # Check prefix length and using '64' as default if [ -z "$prefixlength_implicit" ]; then local prefixlength_implicit="64" local address="$address_implicit/$prefixlength_implicit" fi ipv6_exec_ip -6 addr del $address dev $device local result=$? if [ $result -eq 2 ]; then return 0 elif [ $result -ne 0 ]; then ipv6_log $"Cannot delete IPv6 address '$address' on dev '$device'" err $fn return 3 fi return 0 } ##### Some address test functions ## Test a given IPv6 address for validity # $1: # $2: [quiet] : (optional) don't display error message # return code: 0=ok 1=argument error 10=not valid ipv6_test_ipv6_addr_valid() { local fn="ipv6_test_ipv6_addr_valid" local testipv6addr_valid=$1 local modequiet=$2 if [ -z "$testipv6addr_valid" ]; then return 1 fi if [ -n "$modequiet" ]; then if [ "$modequiet" != "quiet" ]; then ipv6_log $"Parameter '$modequiet' for 'quiet' mode is not valid (arg 2)" err $fn return 1 fi fi # Extract parts local prefixlength_implicit="`echo $testipv6addr_valid | awk -F/ '{ print $2 }'`" local address_implicit="`echo $testipv6addr_valid | awk -F/ '{ print $1 }'`" # Test for a valid format if ! echo "$address_implicit" | LC_ALL=C egrep -q '^[[:xdigit:]:.]*$'; then if [ "$modequiet" != "quiet" ]; then ipv6_log $"Given IPv6 address '$testipv6addr_valid' is not valid" err $fn fi return 10 fi # Test for prefix length if [ -z "$prefixlength_implicit" ]; then if echo "$testipv6addr_valid" | LC_ALL=C grep "/$"; then # Trailing "/", but no value if [ "$modequiet" != "quiet" ]; then ipv6_log $"Missing prefix length for given address '$testipv6addr_valid'" err $fn fi return 10 else return 0 fi elif [ $prefixlength_implicit -lt 0 -o $prefixlength_implicit -gt 128 ]; then if [ "$modequiet" != "quiet" ]; then ipv6_log $"On given address '$testipv6addr_valid' the prefix length is out of range (valid: 0-128)" err $fn fi return 10 fi return 0 } ## Test a given IPv4 address for validity # $1: # $2: [quiet] : (optional) don't display error message # return code: 0=ok 1=argument error 10=not valid ipv6_test_ipv4_addr_valid() { local fn="ipv6_test_ipv4_addr_valid" local testipv4addr_valid=$1 local modequiet=$2 if [ -z "$testipv4addr_valid" ]; then return 1 fi if [ -n "$modequiet" ]; then if [ "$modequiet" != "quiet" ]; then ipv6_log $"Parameter '$modequiet' for 'quiet' mode is not valid (arg 2)" err $fn return 1 fi fi # Test for a valid format if echo "$testipv4addr_valid" | LC_ALL=C egrep -q -v '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'; then if [ "$modequiet" != "quiet" ]; then ipv6_log $"Given IPv4 address '$testipv4addr_valid' has no proper format" err $fn fi return 10 fi # Test for valid IPv4 address parts local number1="`echo $testipv4addr_valid | awk -F. '{ print $1 }'`" local number2="`echo $testipv4addr_valid | awk -F. '{ print $2 }'`" local number3="`echo $testipv4addr_valid | awk -F. '{ print $3 }'`" local number4="`echo $testipv4addr_valid | awk -F. '{ print $4 }'`" local c=1 for number in "$number1" "$number2" "$number3" "$number4"; do if [ $number -lt 0 -o $number -gt 255 ]; then if [ "$modequiet" != "quiet" ]; then ipv6_log $"Part $c of given IPv4 address '$testipv4addr_valid' is out of range" err $fn fi return 10 fi local c=$[ $c + 1 ] done return 0 } ## Test a given IPv4 address for not a private but unicast one # $1: # return code: 0=ok 1=argument error 10=private or not unicast ipv6_test_ipv4_addr_global_usable() { local fn="ipv6_test_ipv4_addr_global_usable" local testipv4addr_globalusable=$1 if [ -z "$testipv4addr_globalusable" ]; then return 1 fi # Test for a globally usable IPv4 address now # test 0.0.0.0/8 /bin/ipcalc --network $testipv4addr_globalusable 255.0.0.0 | LC_ALL=C grep -q "NETWORK=0\.0\.0\.0" && return 10 # test 10.0.0.0/8 (RFC 1918 / private) /bin/ipcalc --network $testipv4addr_globalusable 255.0.0.0 | LC_ALL=C grep -q "NETWORK=10\.0\.0\.0" && return 10 # test 127.0.0.0/8 (loopback) /bin/ipcalc --network $testipv4addr_globalusable 255.0.0.0 | LC_ALL=C grep -q "NETWORK=127\.0\.0\.0" && return 10 # test 169.254.0.0/16 (APIPA / DHCP link local) /bin/ipcalc --network $testipv4addr_globalusable 255.255.0.0 | LC_ALL=C grep -q "NETWORK=169\.254\.0\.0" && return 10 # test 172.16.0.0/12 (RFC 1918 / private) /bin/ipcalc --network $testipv4addr_globalusable 255.240.0.0 | LC_ALL=C grep -q "NETWORK=172\.16\.0\.0" && return 10 # test 192.168.0.0/16 (RFC 1918 / private) /bin/ipcalc --network $testipv4addr_globalusable 255.255.0.0 | LC_ALL=C grep -q "NETWORK=192\.168\.0\.0" && return 10 # test 224.0.0.0/3 (multicast and reserved, broadcast) /bin/ipcalc --network $testipv4addr_globalusable 224.0.0.0 | LC_ALL=C grep -q "NETWORK=224\.0\.0\.0" && return 10 return 0 } ## Test a given device for status # $1: # return code: 0=ok 1=argument error 10=not exists 11=down ipv6_test_device_status() { local fn="ipv6_test_device_status" local device=$1 if [ -z "$device" ]; then ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi # Test if device exists if ! ipv6_exec_ip link show dev $device >/dev/null 2>&1; then # not exists return 10 fi # Test if device is up if ipv6_exec_ip link show dev $device 2>/dev/null | LC_ALL=C grep -q "UP"; then # up return 0 else # down return 11 fi } ## Create 6to4 prefix # $1: # stdout: <6to4address> # return code: 0=ok 1=argument error ipv6_create_6to4_prefix() { local fn="ipv6_create_6to4_prefix" local ipv4addr=$1 if [ -z "$ipv4addr" ]; then ipv6_log $"Missing parameter 'IPv4 address' (arg 1)" stderr.err $fn fi local major1="`echo $ipv4addr | awk -F. '{ print $1 }'`" local minor1="`echo $ipv4addr | awk -F. '{ print $2 }'`" local major2="`echo $ipv4addr | awk -F. '{ print $3 }'`" local minor2="`echo $ipv4addr | awk -F. '{ print $4 }'`" if [ -z "$major1" -o -z "$minor1" -o -z "$major2" -o -z "$minor2" ]; then return 1 fi if [ $major1 -eq 0 ]; then local block1="`printf "%x" $minor1`" else local block1="`printf "%x%02x" $major1 $minor1`" fi if [ $major2 -eq 0 ]; then local block2="`printf "%x" $minor2`" else local block2="`printf "%x%02x" $major2 $minor2`" fi local prefix6to4="2002:$block1:$block2" echo "$prefix6to4" return 0 } ## Check and create 6to4 tunnel relay address # $1: # stdout: # return code: 0=ok 1=argument error ipv6_create_6to4_relay_address() { local fn="ipv6_create_6to4_relay_address" local addr=$1 if [ -z "$addr" ]; then ipv6_log $"Missing parameter 'address' (arg 1)" stderr.err $fn return 1 fi # Check if ipv6_test_ipv4_addr_valid $addr quiet; then # ok, a IPv4 one if ipv6_test_ipv4_addr_global_usable $addr; then # IPv4 globally usable local ipv6to4_relay="::$addr" else ipv6_log $"Given address '$addr' is not a global IPv4 one (arg 1)" stderr.err $fn return 1 fi else ipv6_log $"Given address '$addr' is not a valid IPv4 one (arg 1)" stderr.err $fn return 1 fi echo "$ipv6to4_relay" return 0 } ##### 6to4 tunneling setup ## Configure 6to4 tunneling up # $1: : only "tun6to4" is supported # $2: : global IPv4 address of interface (will be used to generate 6to4 prefix) # $3: [] : for 6to4 prefix (optional, default is "::1") # $4: [] : MTU of tunnel device (optional, default is automatic) # $5: [] : local IPv4 address of tunnel interface (required in case of 6to4 behind NAT) # return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem ipv6_add_6to4_tunnel() { local fn="ipv6_add_6to4_tunnel" local device=$1 local globalipv4=$2 local globalipv6to4suffix=$3 local mtu=$4 local localipv4=$5 if [ -z "$device" ]; then ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi if [ -z "$globalipv4" ]; then ipv6_log $"Missing parameter 'global IPv4 address' (arg 2)" err $fn return 1 fi # Check device if [ "$device" != "tun6to4" ]; then ipv6_log $"Given device '$device' is not supported (arg 1)" err $fn return 1 fi # Copy global IPv4 address to local if last one is not given if [ -z "$localipv4" ]; then localipv4="$globalipv4" fi ipv6_test || return 2 # Generate 6to4 address local prefix6to4="`ipv6_create_6to4_prefix $globalipv4`" if [ $? -ne 0 -o -z "$prefix6to4" ]; then return 3 fi if [ -z "$globalipv6to4suffix" ]; then local address6to4="${prefix6to4}::1/16" else local address6to4="${prefix6to4}::${globalipv6to4suffix}/16" fi ipv6_add_tunnel_device tun6to4 0.0.0.0 $address6to4 $localipv4 if [ $? -ne 0 ]; then local retval=3 else local retval=0 fi # Add unspecific unreachable route for local 6to4 address space ipv6_exec_ip route add unreach ${prefix6to4}::/48 # Set MTU, if given if [ -n "$mtu" ]; then ipv6_set_mtu $device $mtu fi return $retval } ## Configure all 6to4 tunneling down # $1: : only "tun6to4" is supported # return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem ipv6_cleanup_6to4_tunnels() { local fn="ipv6_cleanup_6to4_tunnels" local device=$1 if [ -z "$device" ]; then ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi # Check device if [ "$device" != "tun6to4" ]; then ipv6_log $"Given device '$device' is not supported (arg 1)" err $fn return 1 fi ipv6_test testonly || return 2 ipv6_del_tunnel_device tun6to4 # Remove all unspecific unreachable routes for local 6to4 address space ipv6_exec_ip -6 route | LC_ALL=C grep "^unreachable 2002:" | LC_ALL=C grep "/48 dev lo" | while read token net rest; do ipv6_exec_ip route del unreach $net done return 0 } ## Configure 6to4 tunneling down # $1: : only "tun6to4" is supported # $2: : global address of local interface # return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem ipv6_del_6to4_tunnel() { local fn="ipv6_del_6to4_tunnel" local device=$1 local localipv4=$2 if [ -z "$device" ]; then ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi if [ -z "$localipv4" ]; then ipv6_log $"Missing parameter 'local IPv4 address' (arg 2)" err $fn return 1 fi # Check device if [ "$device" != "tun6to4" ]; then ipv6_log $"Given device '$device' is not supported (arg 1)" err $fn return 1 fi ipv6_test || return 2 ipv6_del_tunnel_device tun6to4 local retval=$? # Remove unspecific unreachable route for local 6to4 address space ipv6_exec_ip route del unreach ${prefix6to4}::/48 return $retval } ## Configure a static tunnel device up # $1: # $2: : of foreign tunnel # $3: [] : local one of a P-t-P tunnel (optional) # $4: [] : local one of tunnel (optional) # return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem ipv6_add_tunnel_device() { local fn="ipv6_add_tunnel_device" local device=$1 local addressipv4tunnel=$2 local addressipv6local=$3 local addressipv4tunnellocal=$4 if [ -z "$device" ]; then ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi if [ -z "$addressipv4tunnel" ]; then ipv6_log $"Missing parameter 'IPv4-tunnel address' (arg 2)" err $fn return 1 fi if [ -z "$addressipv4tunnellocal" ]; then local addressipv4tunnellocal="any" fi ipv6_test || return 2 if ! ipv6_test_device_status $device; then local ttldefault="`ipv6_exec_sysctl net.ipv4.ip_default_ttl | awk '{ print $3 }'`" if [ -z "$ttldefault" ]; then local ttldefault=64 fi # Test whether remote IPv4 address was already applied to another tunnel if [ "$addressipv4tunnel" != "0.0.0.0" -a "$addressipv4tunnel" != "any" ]; then ipv6_exec_ip tunnel show remote $addressipv4tunnel 2>/dev/null | LC_ALL=C grep -w "ipv6/ip" | while IFS=":" read devnew rest; do if [ "$devnew" != "$device" ]; then ipv6_log $"Given remote address '$addressipv4tunnel' on tunnel device '$device' is already configured on device '$devnew'" err $fn return 3 fi done fi ipv6_exec_ip tunnel add $device mode sit ttl $ttldefault remote $addressipv4tunnel local $addressipv4tunnellocal if [ $? -ne 0 ]; then return 3 fi # Test, whether "ip tunnel show" reports valid content if ! ipv6_exec_ip tunnel show $device 2>/dev/null | LC_ALL=C grep -q -w "remote"; then ipv6_log $"Tunnel device '$device' creation didn't work" err $fn return 3 fi ipv6_exec_ip link set $device up if ! ipv6_test_device_status $device; then ipv6_log $"Tunnel device '$device' bringing up didn't work" err $fn return 3 fi # Set sysctls proper (regardless "default") ipv6_exec_sysctl -w net.ipv6.conf.$device.forwarding=1 >/dev/null 2>&1 ipv6_exec_sysctl -w net.ipv6.conf.$device.accept_ra=0 >/dev/null 2>&1 ipv6_exec_sysctl -w net.ipv6.conf.$device.accept_redirects=0 >/dev/null 2>&1 if [ -n "$addressipv6local" ]; then # Setup P-t-P address ipv6_add_addr_on_device $device $addressipv6local if [ $? -ne 0 ]; then return 3 fi fi else false fi return 0 } ## Configure a static tunnel device down # $1: # return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem ipv6_del_tunnel_device() { local fn="ipv6_del_tunnel_device" local device=$1 if [ -z "$device" ]; then ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi ipv6_test testonly || return 2 if ipv6_test_device_status $device; then ipv6_cleanup_device $device else if [ "$device" != "sit0" ]; then false fi fi if [ "$device" != "sit0" ]; then if ipv6_exec_ip tunnel show $device 2>/dev/null | LC_ALL=C grep -q -w "ipv6/ip"; then ipv6_exec_ip tunnel del $device if ipv6_test_device_status $device; then return 3 fi else false fi fi return 0 } ## Cleanup all dedicated tunnel devices ipv6_cleanup_tunnel_devices() { local fn="ipv6_cleanup_tunnel_devices" ipv6_test testonly || return 2 # Find still existing tunnel devices and shutdown and delete them ipv6_exec_ip tunnel show | LC_ALL=C grep -w "ipv6/ip" | awk -F: '{ print $1 }' | while read device; do ipv6_del_tunnel_device $device done return 0 } ## Get address of a dedicated tunnel # $1: # $2: local|remote : local or remote address # stdout: if available # return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem ipv6_get_ipv4addr_of_tunnel() { local fn="ipv6_get_local_ipv4_of_tunnel" local device=$1 local selection=$2 if [ -z "$device" ]; then ipv6_log $"Missing parameter 'device' (arg 1)" stderr.err $fn return 1 fi if [ -z "$selection" ]; then ipv6_log $"Missing parameter 'selection' (arg 2)" stderr.err $fn return 1 fi if [ "$selection" != "local" -a "$selection" != "remote" ]; then ipv6_log $"Unsupported selection '$selection' specified (arg 2)" stderr.err $fn return 1 fi ipv6_test testonly || return 2 ipv6_test_device_status $device if [ $? != 0 -a $? != 11 ]; then # Device doesn't exist return 3 fi # Device exists, retrieve address if [ "$selection" = "local" ]; then local tunnel_local_ipv4addr="`ipv6_exec_ip tunnel show $device | awk '{ print $6 }'`" elif [ "$selection" = "remote" ]; then local tunnel_local_ipv4addr="`ipv6_exec_ip tunnel show $device | awk '{ print $4 }'`" fi if [ $? != 0 ]; then return 3 fi if [ "$tunnel_local_ipv4addr" = "any" ]; then local tunnel_local_ipv4addr="0.0.0.0" fi echo "$tunnel_local_ipv4addr" return 0 } ## Get IPv4 address of a device # $1: # stdout: if available # return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem (more than one IPv4 address applied) ipv6_get_ipv4addr_of_device() { local fn="ipv6_get_ipv4addr_of_device" local device=$1 if [ -z "$device" ]; then ipv6_log $"Missing parameter 'device' (arg 1)" stderr.err $fn return 1 fi ipv6_test_device_status $device if [ $? != 0 -a $? != 11 ]; then # Device doesn't exist return 3 fi # Device exists, retrieve the first address only local ipv4addr="`ipv6_exec_ip -o -4 addr show dev $device | awk '{ print $4 }' | awk -F/ '{ print $1; exit }'`" if [ $? != 0 ]; then return 3 fi if [ "$ipv4addr" = "any" ]; then local ipv4addr="0.0.0.0" fi echo "$ipv4addr" return 0 } ## Set IPv6 MTU for a device # $1: # $2: # return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem ipv6_set_mtu() { local fn="ipv6_set_mtu" local device=$1 local ipv6_mtu=$2 if [ -z "$device" ]; then ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi if [ -z "$ipv6_mtu" ]; then ipv6_log $"Missing parameter 'IPv6 MTU' (arg 2)" err $fn return 1 fi # Check range if [ $ipv6_mtu -lt 1280 -o $ipv6_mtu -gt 65535 ]; then ipv6_log $"Given IPv6 MTU '$ipv6_mtu' is out of range" err $fn return 1 fi ipv6_test testonly || return 2 # Check whether key exists ipv6_exec_sysctl net.ipv6.conf.$device.mtu >/dev/null 2>&1 if [ $? -ne 0 ]; then return 3 fi # Set value ipv6_exec_sysctl -w net.ipv6.conf.$device.mtu=$ipv6_mtu >/dev/null 2>&1 return 0 } ## Set a default route # $1: : gateway, can also contain scope suffix (device name), cause a warning if not matching with $2 (but will have precedence) # $2: : gateway device (optional in case of $1 is a global address or $1 contains scope suffix) # $3: : (optional) device to check scope and gateway device against (setup is skipped, if not matching) # return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem ipv6_set_default_route() { local fn="ipv6_set_default_route" local address=$1 local device=$2 local device_check=$3 ipv6_test testonly || return 2 # Map the unspecified address to nothing if [ "$address" = "::" ]; then local address="" fi if [ -n "$address" ]; then local addressgw=`echo $address | awk -F% '{ print $1 }'` local device_scope=`echo $address | awk -F% '{ print $2 }'` if [ -z "$addressgw" ]; then ipv6_log $"Given IPv6 default gateway '$address' is not in proper format" err $fn return 3 fi # Scope device has precedence if [ -n "$device_scope" -a -n "$device" -a "$device_scope" != "$device" ]; then ipv6_log $"Given IPv6 default gateway '$address' has scope '$device_scope' defined, given default gateway device '$device' will be not used" inf $fn local device="" fi # Link local addresses require a device if echo $addressgw | LC_ALL=C grep -qi "^fe80:"; then if [ -z "$device_scope" ]; then if [ -z "$device" ]; then ipv6_log $"Given IPv6 default gateway '$address' is link-local, but no scope or gateway device is specified" err $fn return 3 fi fi fi # Check whether the route belongs to the specific given interface if [ -n "$device_check" ]; then # Check whether scope device matches given check device if [ -n "$device_scope" -a "$device_check" != "$device_scope" ]; then # scope device != specific given -> skip return 0 elif [ -n "$device" -a "$device_check" != "$device" ]; then # gateway device != specific given -> skip return 0 fi fi # Set device now, if not given if [ -z "$device" ]; then local device="$device_scope" fi if [ -z "$device" ]; then # Note: this can cause a warning and a not installed route, if given address is not reachable on the link ipv6_add_route ::/0 $addressgw else ipv6_add_route ::/0 $addressgw $device fi elif [ -n "$device" ]; then # Check whether the route belongs to the specific given interface if [ -n "$device_check" -a "$device_check" != "$device" ]; then # gateway device != specific given -> skip return 0 fi ipv6_test_route_requires_next_hop $device local result=$? if [ $result = 0 ]; then ipv6_log $"Given IPv6 default device '$device' requires an explicit nexthop" err $fn return 3 elif [ $result != 10 ]; then ipv6_log $"Given IPv6 default device '$device' doesn't exist or isn't up" err $fn return 3 fi ipv6_add_route ::/0 :: $device else ipv6_log $"No parameters given to setup a default route" err $fn return 3 fi return 0 } ## Resolve need of explicit next hop for an interface # $1: # return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem 10=needs no explicit hop ipv6_test_route_requires_next_hop() { local fn="ipv6_test_route_requires_next_hop" local device=$1 if [ -z "$device" ]; then ipv6_log $"Missing parameter 'device' (arg 1)" err $fn return 1 fi ipv6_test testonly || return 2 ipv6_test_device_status $device if [ $? != 0 ]; then return 3 fi if [ "$device" = "sit0" ]; then return 10 fi if ipv6_exec_ip -o link show $device 2>/dev/null | LC_ALL=C grep -q "POINTOPOINT"; then return 10 fi return 0 } ## Trigger radvd # $1: up|down : device reason for triggering (coming up or going down) # $2: [startstop|restart|reload|SIGHUP] : triger mechanism (default is "SIGHUP") # "startstop" : reason=up -> start, reason=down -> stop # $3: [] : alternative pid file [optional] # return code: 0=ok 1=argument error 2=IPv6 test fails 3=major problem ipv6_trigger_radvd() { local fn="ipv6_trigger_radvd" local reason=$1 local mechanism=$2 local pidfile=$3 if [ -z "$reason" ]; then ipv6_log $"No reason given for sending trigger to radvd" err $fn return 1 fi if [ "$reason" != "up" -a "$reason" != "down" ]; then ipv6_log $"Unsupported reason '$reason' for sending trigger to radvd" err $fn return 1 fi if [ -z "$mechanism" ]; then # Take default local mechanism="SIGHUP" fi if [ -z "$pidfile" ]; then local pidfile="/var/run/radvd/radvd.pid" fi # Print message and select action case $mechanism in 'startstop') case $reason in up) local action="start" ;; down) local action="stop" ;; esac ;; 'reload'|'restart'|'SIGHUP') local action="$mechanism" ;; *) ipv6_log $"Unsupported mechanism '$mechanism' for sending trigger to radvd" err $fn return 3 ;; esac # PID file needed? if [ "$action" = "SIGHUP" ]; then if ! [ -f "$pidfile" ]; then if [ "$reason" = "down" ]; then # be quiet because triggering may have been disabled true else ipv6_log $"Given pidfile '$pidfile' doesn't exist, cannot send trigger to radvd" err $fn fi return 3 fi # Get PID local pid="`cat $pidfile`" if [ -z "$pid" ]; then # pidfile empty - strange ipv6_log $"Pidfile '$pidfile' is empty, cannot send trigger to radvd" err $fn return 3 fi fi # Do action case $action in 'SIGHUP') kill -HUP $pid ;; 'reload'|'restart'|'stop'|'start') if ! /sbin/chkconfig --list radvd >/dev/null 2>&1; then if [ "$reason" = "down" ]; then # be quiet because triggering may have been disabled true else ipv6_log $"radvd not (properly) installed, triggering failed" err $fn fi return 3 else /sbin/service radvd $action >/dev/null 2>&1 fi ;; *) # Normally not reached, "action" is set above to proper value ;; esac return 0 }