2 # Copyright (c) 2012 OpenWrt.org
4 . /lib/functions/service.sh
5 . /lib/functions/network.sh
8 local NAT="ip6tables -t nat"
14 local __value=$(cat "/proc/sys/net/ipv6/conf/$__device/$__option")
15 eval "$__return=$__value"
23 echo "$value" > "/proc/sys/net/ipv6/conf/$device/$option"
32 service_check "$__exe" && {
34 [ -n "$__return" ] && eval "$__return=1"
36 rm -f "$SERVICE_PID_FILE"
46 SERVICE_PID_FILE="$pidfile"
51 resolve_network_add() {
56 network_get_device __cdevice "$__section"
57 [ "$__cdevice" != "$__device" ] && return
59 eval "$__return"'="'"$__section"'"'
66 config_foreach resolve_network_add interface "$__device" "$__return"
70 setup_masquerading() {
72 local chain="network6_masquerade_$2"
75 $NAT -D POSTROUTING -j "$chain" 2>/dev/null && {
76 $NAT -F "$chain" 2>/dev/null
77 $NAT -X "$chain" 2>/dev/null
80 [ "$cmd" != "stop" ] && {
82 $NAT -A "$chain" -o "$device" -j MASQUERADE
83 $NAT -A POSTROUTING -j "$chain"
91 local chain="network6_npt_$network"
93 [ "$cmd" != "start" ] && {
94 $NAT -D POSTROUTING -j "$chain" 2>/dev/null && {
95 $NAT -D PREROUTING -j "$chain" 2>/dev/null
96 $NAT -F "$chain" 2>/dev/null
97 $NAT -X "$chain" 2>/dev/null
101 [ "$cmd" != "stop" ] && {
102 $NAT -N "$chain" 2>/dev/null && {
103 $NAT -A PREROUTING -j "$chain"
104 $NAT -A POSTROUTING -j "$chain"
117 local addr=$(echo "$prefix" | cut -d/ -f1)
118 local rem=$(echo "$prefix" | cut -d/ -f2)
119 local length=$(echo "$rem" | cut -d, -f1)
123 # If preferred / valid provided
124 [ "$rem" != "$length" ] && {
125 prefer=$(echo "$rem" | cut -d, -f2)
126 valid=$(echo "$rem" | cut -d, -f3)
129 # Get prefix configuration
131 local prefix_action=""
132 config_get ula global ula_prefix
133 config_get prefix_action "$network" prefix_action
134 [ -z "$prefix_action" ] && prefix_action="distribute"
136 # Always announce the ULA when doing NPT
137 [ "$prefix" == "$ula" -a "$prefix_action" == "npt" ] && prefix_action="distribute"
139 [ "$prefix_action" == "distribute" -o "$prefix_action" == "npt" ] && {
140 local msg='{"network": "'"$network"'", "prefix": "'"$addr"'", "length": '"$length"
141 [ -n "$valid" ] && msg="$msg"', "valid": '"$valid"', "preferred": '"$prefer"
142 [ -z "$cmd" ] && cmd=newprefix
144 [ "$prefix_action" == "npt" ] && msg="$msg"', "npt": 1'
145 [ "$type" == "secondary" ] && msg="$msg"', "secondary": 1'
149 conf_get mtu "$device" mtu
150 msg="$msg"', "mtu": '"$mtu"
152 ubus call 6distributed "$cmd" "$msg}"
155 [ "$prefix_action" == "npt" ] && {
156 local chain="network6_npt_$network"
157 local ula_addr=$(echo "$ula" | cut -d/ -f1)
158 local ula_rem=$(echo "$ula" | cut -d/ -f2)
159 local ula_length=$(echo "$ula_rem" | cut -d, -f1)
162 network_get_device device "$network"
163 [ "$length" -lt "$ula_length" ] && length="$ula_length"
164 [ "$cmd" == "delprefix" ] && cmd="-D $chain" || cmd="-A $chain"
166 local in="-i $device -d $addr/$length -j NETMAP --to $ula_addr/$ula_length"
167 local out="-o $device -s $ula_addr/$ula_length -j NETMAP --to $addr/$length"
169 setup_npt_chain start "$network"
179 # Notify the address distribution daemon
180 ubus call 6distributed deliface '{"network": "'"$network"'"}'
183 # Start RD & DHCPv6 service
185 config_get router_service global router_service
187 if [ "$router_service" == "dnsmasq" ]; then
188 rm -f "/var/etc/dnsmasq.d/ipv6-router-$network.conf"
189 /etc/init.d/dnsmasq restart
191 stop_service /usr/sbin/6relayd "/var/run/ipv6-router-$network.pid"
196 restart_relay_slave() {
200 network_is_up "$__section" || return
203 network_get_device __device "$__section"
206 config_get __cmaster "$__section" relay_master
208 [ "$__master" == "$__cmaster" ] && {
209 disable_interface "$__section"
210 enable_interface "$__section" "$__device"
221 network_is_up "$__section" || return
225 network_get_device __device "$__section"
227 # Match master network
229 config_get __cmaster "$__section" relay_master
230 [ "$__master" == "$__cmaster" ] || return
234 config_get __cmode "$__section" mode
235 [ "$__cmode" == "downstream" ] && __cmode="router"
237 # Don't start fallback interfaces if we are in forced-relay mode
238 [ "$__cmode" == "relay" -o "$__mode" == "fallback" ] || return
240 # Don't make non-relay or non-router interfaces slaves
241 [ "$__cmode" == "relay" -o "$__cmode" == "router" ] || return
243 # Disable any active distribution
244 [ "$__cmode" == "router" ] && disable_router "$__section"
246 # Configure interface to accept RA and send RS
247 conf_set "$__device" accept_ra 2
248 conf_set "$__device" forwarding 2
250 eval "$__return"'="$'"$__return"' '"$__device"'"'
256 local pid_fallback="/var/run/ipv6-relay-fallback-$network.pid"
257 local pid_forced="/var/run/ipv6-relay-forced-$network.pid"
258 local was_fallback=""
260 stop_service /usr/sbin/6relayd "$pid_fallback" was_fallback
261 stop_service /usr/sbin/6relayd "$pid_forced"
263 # Reenable normal distribution on slave interfaces
264 [ -n "$was_fallback" ] && config_foreach restart_relay_slave interface "$network"
268 detect_forced_relay_mode() {
273 config_get __cmode "$__section" mode
274 [ "$__cmode" == "relay" ] && eval "$__mode=forced"
282 # Stop last active relay
283 stop_relay "$network"
285 # Detect if we have a forced-relay
286 [ -z "$mode" ] && config_foreach detect_forced_relay_mode interface mode
288 # Don't start without a mode
289 [ -z "$mode" ] && return
291 # Detect master device
293 network_get_device device "$network"
295 # Generate command string
296 local cmd="/usr/sbin/6relayd -A $device"
298 config_foreach add_relay_slave interface ifaces "$network" "$mode"
301 local pid="/var/run/ipv6-relay-$mode-$network.pid"
302 [ -n "$ifaces" ] && start_service "$cmd $ifaces" "$pid"
304 # There are no slave interface, however indicate that we want to relay
305 [ -z "$ifaces" ] && touch "$pid"
309 setup_prefix_fallback() {
314 stop_relay "$network"
315 restart_relay "$network"
317 setup_masquerading stop "$network"
319 [ "$cmd" != "stop" ] && {
321 config_get fallback "$network" prefix_fallback
323 [ "$fallback" == "relay" ] && restart_relay "$network" fallback
324 [ "$fallback" == "masquerade" ] && setup_masquerading start "$network" "$device"
329 restart_master_relay() {
332 local pid_fallback="/var/run/ipv6-relay-fallback-$network.pid"
333 local pid_forced="/var/run/ipv6-relay-forced-$network.pid"
335 # Disable active relaying to this interface
336 config_get relay_master "$network" relay_master
337 [ -z "$relay_master" ] && return
338 network_is_up "$relay_master" || return
340 # Detect running mode
341 [ -z "$mode" && -f "$pid_fallback" ] && mode="fallback"
342 [ -z "$mode" && -f "$pid_forced" ] && mode="forced"
344 # Restart relay if running or start requested
345 [ -n "$mode" ] && restart_relay "$relay_master" "$mode"
353 local fwscript="/var/etc/ipv6-firewall.d/site-border-$network.sh"
354 local chain="ipv6-site-border-$network"
356 if [ -n "$device" ]; then
358 config_get_bool site_border "$network" site_border 0
359 [ "$site_border" == "1" ] || return
361 mkdir -p $(dirname "$fwscript")
362 echo "ip6tables -N $chain" > "$fwscript"
363 echo "ip6tables -F $chain" >> "$fwscript"
364 echo "ip6tables -A $chain -o $device -j REJECT --reject-with icmp6-no-route" >> "$fwscript"
365 echo "ip6tables -A $chain -i $device -j REJECT --reject-with icmp6-no-route" >> "$fwscript"
366 echo "ip6tables -A ipv6-site-border -j $chain" >> "$fwscript"
369 [ -f "$fwscript" ] || return
371 ip6tables -D ipv6-site-border -j "$chain"
372 ip6tables -F "$chain"
373 ip6tables -X "$chain"
378 disable_interface() {
381 # Delete all prefixes routed to this interface
382 ubus call 6distributed delprefix '{"network": "'"$network"'"}'
385 restart_master_relay "$network"
387 # Disable distribution
388 disable_router "$network"
390 # Disable any active relays, masquerading rules and NPT rules
391 stop_relay "$network"
392 setup_masquerading stop "$network"
393 setup_npt_chain stop "$network"
395 # Disable DHCPv6 client if enabled, state script will take care
396 stop_service /usr/sbin/odhcp6c "/var/run/ipv6-dhcpv6-$network.pid"
399 set_site_border "$network"
403 enable_ula_prefix() {
407 [ -z "$ula" ] && ula="global"
411 config_get ula_prefix "$ula" ula_prefix
413 # ULA auto configuration (first init)
414 [ "$ula_prefix" == "auto" ] && {
419 # Sometimes results are empty, therefore try until it works...
420 while [ -z "$r1" -o -z "$r2" -o -z "$r3" ]; do
421 r1=$(printf "%02x" $(($(</dev/urandom tr -dc 0-9 | dd bs=9 count=1) % 256)))
422 r2=$(printf "%01x" $(($(</dev/urandom tr -dc 0-9 | dd bs=9 count=1) % 65536)))
423 r3=$(printf "%01x" $(($(</dev/urandom tr -dc 0-9 | dd bs=9 count=1) % 65536)))
426 ula_prefix="fd$r1:$r2:$r3::/48"
428 # Save prefix so it will be preserved across reboots
429 config_set "$ula" ula_prefix "$ula_prefix"
430 uci_set network6 "$ula" ula_prefix "$ula_prefix"
435 [ -n "$ula_prefix" ] && announce_prefix "$ula_prefix" "$network" "$device" newprefix secondary
443 # Enable global forwarding
445 conf_get global_forward all forwarding
446 [ "$global_forward" != "1" ] && conf_set all forwarding 1
449 conf_set "$device" accept_ra 1
450 conf_set "$device" forwarding 1
453 enable_ula_prefix "$network" global "$device"
454 # Compatibility (deprecated)
455 enable_ula_prefix "$network" "$network" "$device"
457 # Announce all static prefixes
458 config_list_foreach "$network" static_prefix announce_prefix "$network" "$device"
460 # start relay if there are forced relay members
461 restart_relay "$network"
471 config_get length "$network" advertise_prefix
472 [ -z "$length" ] && length=64
473 [ "$length" -ne "0" ] && ubus call 6distributed newiface '{"network": "'"$network"'", "iface": "'"$device"'", "length": '"$length"'}'
475 # Start RD & DHCPv6 service
477 config_get router_service global router_service
480 config_get_bool always_default "$network" always_default 0
482 if [ "$router_service" == "dnsmasq" ]; then
484 config_get dnsmasq_opts "$network" dnsmasq_opts
485 [ -z "$dnsmasq_opts" ] && dnsmasq_opts="ra-names,24h"
487 local conf="/var/etc/dnsmasq.d/ipv6-router-$network.conf"
488 mkdir -p $(dirname $conf)
489 echo "dhcp-range=::00ff,::ffff,constructor:$device,$dnsmasq_opts" > $conf
490 echo "enable-ra" >> $conf
491 /etc/init.d/dnsmasq restart
494 [ "$always_default" == "1" ] && opts="-u"
496 local pid="/var/run/ipv6-router-$network.pid"
497 start_service "/usr/sbin/6relayd -S $opts . $device" "$pid"
500 # Try relaying if necessary
501 restart_master_relay "$network"
510 conf_set "$device" accept_ra 2
511 conf_set "$device" forwarding 2
514 conf_set "$device" disable_ipv6 1
515 conf_set "$device" disable_ipv6 0
517 # Configure DHCPv6-client
518 local dhcp6_opts="$device"
520 # Configure DHCPv6-client (e.g. requested prefix)
522 config_get request_prefix "$network" request_prefix
523 [ -z "$request_prefix" ] && request_prefix="auto"
524 [ "$request_prefix" != "no" ] && {
525 [ "$request_prefix" == "auto" ] && request_prefix=0
526 dhcp6_opts="-P$request_prefix $dhcp6_opts"
529 # Start DHCPv6 client
530 local pid="/var/run/ipv6-dhcpv6-$network.pid"
531 start_service "/usr/sbin/odhcp6c -s/lib/ipv6/dhcpv6.sh $dhcp6_opts" "$pid"
533 # Refresh RA on all interfaces
534 for pid in /var/run/ipv6-router-*.pid; do
535 kill -SIGUSR1 $(cat "$pid")
546 [ "$mode" == "6rd" ] && {
547 local ip4prefix=$(uci_get network "$network" ip4prefixlen 0)
548 local ip6prefix=$(uci_get network "$network" ip6prefixlen 32)
549 prefixlen=$(($ip6prefix + 32 - $ip4prefix))
553 network_get_ipaddr6 prefix "$network"
555 announce_prefix "$prefix/$prefixlen" "$network" "$device"
565 config_get mode "$network" mode
566 [ -n "$mode" -a "$mode" != "none" ] || return
568 # Compatibility with old mode names
569 [ "$mode" == "downstream" ] && mode=router
570 [ "$mode" == "upstream" ] && mode=dhcpv6
573 [ "$mode" == "static" -o "$mode" == "dhcpv6" -o "$mode" == "6to4" -o "$mode" == "6in4" ] && set_site_border "$network" "$device"
575 # Run mode startup code
576 enable_static "$network" "$device"
577 [ "$mode" == "dhcpv6" ] && enable_dhcpv6 "$network" "$device"
578 [ "$mode" == "router" ] && enable_router "$network" "$device"
579 [ "$mode" == "6to4" -o "$mode" == "6rd" ] && enable_6to4 "$network" "$device" "$mode"
580 [ "$mode" == "relay" ] && restart_master_relay "$network" forced