package/network/ipv6/ipv6-support/files/support.sh

   1 #!/bin/sh
   2 # Copyright (c) 2012 OpenWrt.org
   3 . /lib/functions.sh
   4 . /lib/functions/service.sh
   5 . /lib/functions/network.sh
   6
   7 config_load network6
   8 local NAT="ip6tables -t nat"
   9
  10 conf_get() {
  11         local __return="$1"
  12         local __device="$2"
  13         local __option="$3"
  14         local __value=$(cat "/proc/sys/net/ipv6/conf/$__device/$__option")
  15         eval "$__return=$__value"
  16 }
  17
  18
  19 conf_set() {
  20         local device="$1"
  21         local option="$2"
  22         local value="$3"
  23         echo "$value" > "/proc/sys/net/ipv6/conf/$device/$option"
  24 }
  25
  26
  27 stop_service() {
  28         local __exe="$1"
  29         SERVICE_PID_FILE="$2"
  30         local __return="$3"
  31
  32         service_check "$__exe" && {
  33                 service_stop "$__exe"
  34                 [ -n "$__return" ] && eval "$__return=1"
  35         }
  36         rm -f "$SERVICE_PID_FILE"
  37 }
  38
  39
  40 start_service() {
  41         local cmd="$1"
  42         local pidfile="$2"
  43
  44         SERVICE_DAEMONIZE=1
  45         SERVICE_WRITE_PID=1
  46         SERVICE_PID_FILE="$pidfile"
  47         service_start $cmd
  48 }
  49
  50
  51 resolve_network_add() {
  52         local __section="$1"
  53         local __device="$2"
  54         local __return="$3"
  55         local __cdevice
  56         network_get_device __cdevice "$__section"
  57         [ "$__cdevice" != "$__device" ] && return
  58
  59         eval "$__return"'="'"$__section"'"'
  60 }
  61
  62
  63 resolve_network() {
  64         local __return="$1"
  65         local __device="$2"
  66         config_foreach resolve_network_add interface "$__device" "$__return"
  67 }
  68
  69
  70 setup_masquerading() {
  71         local cmd="$1"
  72         local chain="network6_masquerade_$2"
  73         local device="$3"
  74
  75         $NAT -D POSTROUTING -j "$chain" 2>/dev/null && {
  76                 $NAT -F "$chain" 2>/dev/null
  77                 $NAT -X "$chain" 2>/dev/null
  78         }
  79
  80         [ "$cmd" != "stop" ] && {
  81                 $NAT -N "$chain"
  82                 $NAT -A "$chain" -o "$device" -j MASQUERADE
  83                 $NAT -A POSTROUTING -j "$chain"
  84         }
  85 }
  86
  87
  88 setup_npt_chain() {
  89         local cmd="$1"
  90         local network="$2"
  91         local chain="network6_npt_$network"
  92
  93         [ "$cmd" != "start" ] && {
  94                 $NAT -D POSTROUTING -j "$chain" 2>/dev/null && {
  95                         $NAT -D PREROUTING -j "$chain" 2>/dev/null
  96                         $NAT -F "$chain" 2>/dev/null
  97                         $NAT -X "$chain" 2>/dev/null
  98                 }
  99         }
 100
 101         [ "$cmd" != "stop" ] && {
 102                 $NAT -N "$chain" 2>/dev/null && {
 103                         $NAT -A PREROUTING -j "$chain"
 104                         $NAT -A POSTROUTING -j "$chain"
 105                 }
 106         }
 107 }
 108
 109
 110 announce_prefix() {
 111         local prefix="$1"
 112         local network="$2"
 113         local device="$3"
 114         local cmd="$4"
 115         local type="$5"
 116
 117         local addr=$(echo "$prefix" | cut -d/ -f1)
 118         local rem=$(echo "$prefix" | cut -d/ -f2)
 119         local length=$(echo "$rem" | cut -d, -f1)
 120         local prefer=""
 121         local valid=""
 122
 123         # If preferred / valid provided
 124         [ "$rem" != "$length" ] && {
 125                 prefer=$(echo "$rem" | cut -d, -f2)
 126                 valid=$(echo "$rem" | cut -d, -f3)
 127         }
 128
 129         # Get prefix configuration
 130         local ula=""
 131         local prefix_action=""
 132         config_get ula global ula_prefix
 133         config_get prefix_action "$network" prefix_action
 134         [ -z "$prefix_action" ] && prefix_action="distribute"
 135
 136         # Always announce the ULA when doing NPT
 137         [ "$prefix" == "$ula" -a "$prefix_action" == "npt" ] && prefix_action="distribute"
 138
 139         [ "$prefix_action" == "distribute" -o "$prefix_action" == "npt" ] && {
 140                 local msg='{"network": "'"$network"'", "prefix": "'"$addr"'", "length": '"$length"
 141                 [ -n "$valid" ] && msg="$msg"', "valid": '"$valid"', "preferred": '"$prefer"
 142                 [ -z "$cmd" ] && cmd=newprefix
 143
 144                 [ "$prefix_action" == "npt" ] && msg="$msg"', "npt": 1'
 145                 [ "$type" == "secondary" ] && msg="$msg"', "secondary": 1'
 146
 147                 # Detect MTU
 148                 local mtu
 149                 conf_get mtu "$device" mtu
 150                 msg="$msg"', "mtu": '"$mtu"
 151
 152                 ubus call 6distributed "$cmd" "$msg}"
 153         }
 154
 155         [ "$prefix_action" == "npt" ] && {
 156                 local chain="network6_npt_$network"
 157                 local ula_addr=$(echo "$ula" | cut -d/ -f1)
 158                 local ula_rem=$(echo "$ula" | cut -d/ -f2)
 159                 local ula_length=$(echo "$ula_rem" | cut -d, -f1)
 160                 local device=""
 161
 162                 network_get_device device "$network"
 163                 [ "$length" -lt "$ula_length" ] && length="$ula_length"
 164                 [ "$cmd" == "delprefix" ] && cmd="-D $chain" || cmd="-A $chain"
 165
 166                 local in="-i $device -d $addr/$length -j NETMAP --to $ula_addr/$ula_length"
 167                 local out="-o $device -s $ula_addr/$ula_length -j NETMAP --to $addr/$length"
 168
 169                 setup_npt_chain start "$network"
 170                 $NAT $cmd $in
 171                 $NAT $cmd $out
 172         }
 173 }
 174
 175
 176 disable_router() {
 177         local network="$1"
 178
 179         # Notify the address distribution daemon
 180         ubus call 6distributed deliface '{"network": "'"$network"'"}'
 181
 182
 183         # Start RD & DHCPv6 service
 184         local router_service
 185         config_get router_service global router_service
 186
 187         if [ "$router_service" == "dnsmasq" ]; then
 188                 rm -f "/var/etc/dnsmasq.d/ipv6-router-$network.conf"
 189                 /etc/init.d/dnsmasq restart
 190         else
 191                 stop_service /usr/sbin/6relayd "/var/run/ipv6-router-$network.pid"
 192         fi
 193 }
 194
 195
 196 restart_relay_slave() {
 197         local __section="$1"
 198         local __master="$2"
 199
 200         network_is_up "$__section" || return
 201
 202         local __device=""
 203         network_get_device __device "$__section"
 204
 205         local __cmaster=""
 206         config_get __cmaster "$__section" relay_master
 207
 208         [ "$__master" == "$__cmaster" ] && {
 209                 disable_interface "$__section"
 210                 enable_interface "$__section" "$__device"
 211         }
 212 }
 213
 214
 215 add_relay_slave() {
 216         local __section="$1"
 217         local __return="$2"
 218         local __master="$3"
 219         local __mode="$4"
 220
 221         network_is_up "$__section" || return
 222
 223         # Get device
 224         local __device=""
 225         network_get_device __device "$__section"
 226
 227         # Match master network
 228         local __cmaster=""
 229         config_get __cmaster "$__section" relay_master
 230         [ "$__master" == "$__cmaster" ] || return
 231
 232         # Test slave  mode
 233         local __cmode=""
 234         config_get __cmode "$__section" mode
 235         [ "$__cmode" == "downstream" ] && __cmode="router"
 236
 237         # Don't start fallback interfaces if we are in forced-relay mode
 238         [ "$__cmode" == "relay" -o "$__mode" == "fallback" ] || return
 239
 240         # Don't make non-relay or non-router interfaces slaves
 241         [ "$__cmode" == "relay" -o "$__cmode" == "router" ] || return
 242
 243         # Disable any active distribution
 244         [ "$__cmode" == "router" ] && disable_router "$__section"
 245
 246         # Configure interface to accept RA and send RS
 247         conf_set "$__device" accept_ra 2
 248         conf_set "$__device" forwarding 2
 249
 250         eval "$__return"'="$'"$__return"' '"$__device"'"'
 251 }
 252
 253
 254 stop_relay() {
 255         local network="$1"
 256         local pid_fallback="/var/run/ipv6-relay-fallback-$network.pid"
 257         local pid_forced="/var/run/ipv6-relay-forced-$network.pid"
 258         local was_fallback=""
 259
 260         stop_service /usr/sbin/6relayd "$pid_fallback" was_fallback
 261         stop_service /usr/sbin/6relayd "$pid_forced"
 262
 263         # Reenable normal distribution on slave interfaces
 264         [ -n "$was_fallback" ] && config_foreach restart_relay_slave interface "$network"
 265 }
 266
 267
 268 detect_forced_relay_mode() {
 269         local __section="$1"
 270         local __mode="$2"
 271
 272         local __cmode
 273         config_get __cmode "$__section" mode
 274         [ "$__cmode" == "relay" ] && eval "$__mode=forced"
 275 }
 276
 277
 278 restart_relay() {
 279         local network="$1"
 280         local mode="$2"
 281
 282         # Stop last active relay
 283         stop_relay "$network"
 284
 285         # Detect if we have a forced-relay
 286         [ -z "$mode" ] && config_foreach detect_forced_relay_mode interface mode
 287
 288         # Don't start without a mode
 289         [ -z "$mode" ] && return
 290
 291         # Detect master device
 292         local device=""
 293         network_get_device device "$network"
 294
 295         # Generate command string
 296         local cmd="/usr/sbin/6relayd -A $device"
 297         local ifaces=""
 298         config_foreach add_relay_slave interface ifaces "$network" "$mode"
 299
 300         # Start relay
 301         local pid="/var/run/ipv6-relay-$mode-$network.pid"
 302         [ -n "$ifaces" ] && start_service "$cmd $ifaces" "$pid"
 303
 304         # There are no slave interface, however indicate that we want to relay
 305         [ -z "$ifaces" ] && touch "$pid"
 306 }
 307
 308
 309 setup_prefix_fallback() {
 310         local cmd="$1"
 311         local network="$2"
 312         local device="$3"
 313
 314         stop_relay "$network"
 315         restart_relay "$network"
 316
 317         setup_masquerading stop "$network"
 318
 319         [ "$cmd" != "stop" ] && {
 320                 local fallback=""
 321                 config_get fallback "$network" prefix_fallback
 322
 323                 [ "$fallback" == "relay" ] && restart_relay "$network" fallback
 324                 [ "$fallback" == "masquerade" ] && setup_masquerading start "$network" "$device"
 325         }
 326 }
 327
 328
 329 restart_master_relay() {
 330         local network="$1"
 331         local mode="$2"
 332
 333         # Disable active relaying to this interface
 334         config_get relay_master "$network" relay_master
 335         [ -z "$relay_master" ] && return
 336         network_is_up "$relay_master" || return
 337
 338         # Detect running mode
 339         local pid_fallback="/var/run/ipv6-relay-fallback-$relay_master.pid"
 340         local pid_forced="/var/run/ipv6-relay-forced-$relay_master.pid"
 341         [ -z "$mode" -a -f "$pid_fallback" ] && mode="fallback"
 342         [ -z "$mode" -a -f "$pid_forced" ] && mode="forced"
 343
 344         # Restart relay if running or start requested
 345         [ -n "$mode" ] && restart_relay "$relay_master" "$mode"
 346 }
 347
 348
 349 set_site_border() {
 350         local network="$1"
 351         local device="$2"
 352
 353         local fwscript="/var/etc/ipv6-firewall.d/site-border-$network.sh"
 354         local chain="ipv6-site-border-$network"
 355
 356         if [ -n "$device" ]; then
 357                 local site_border
 358                 config_get_bool site_border "$network" site_border 1
 359                 [ "$site_border" == "1" ] || return
 360
 361                 mkdir -p $(dirname "$fwscript")
 362                 echo "ip6tables -N $chain" > "$fwscript"
 363                 echo "ip6tables -F $chain" >> "$fwscript"
 364                 echo "ip6tables -A $chain -o $device -j REJECT --reject-with icmp6-no-route" >> "$fwscript"
 365                 echo "ip6tables -A $chain -i $device -j REJECT --reject-with icmp6-no-route" >> "$fwscript"
 366                 echo "ip6tables -A ipv6-site-border -j $chain" >> "$fwscript"
 367                 . "$fwscript"
 368         else
 369                 [ -f "$fwscript" ] || return
 370                 rm -f "$fwscript"
 371                 ip6tables -D ipv6-site-border -j "$chain"
 372                 ip6tables -F "$chain"
 373                 ip6tables -X "$chain"
 374         fi
 375 }
 376
 377
 378 set_forward_border() {
 379         local network="$1"
 380         local device="$2"
 381         local method="$3"
 382         local fwscript="/var/etc/ipv6-firewall.d/forward-border-$network.sh"
 383
 384         if [ "$method" == "enable" ]; then
 385                 mkdir -p $(dirname "$fwscript")
 386                 echo "ip6tables -A forwarding_rule -o \"$device\" -j REJECT --reject-with icmp6-no-route" > "$fwscript"
 387                 . "$fwscript"
 388         else
 389                 [ -f "$fwscript" ] || return
 390                 rm -f "$fwscript"
 391                 # Racy race race
 392                 ip6tables -D forwarding_rule -o "$device" -j REJECT --reject-with icmp6-no-route 2>/dev/null
 393                 ip6tables -D forwarding_rule -o "$device" -j REJECT --reject-with icmp6-no-route 2>/dev/null
 394         fi
 395 }
 396
 397
 398 disable_interface() {
 399         local network="$1"
 400
 401         # Delete all prefixes routed to this interface
 402         ubus call 6distributed delprefix '{"network": "'"$network"'"}'
 403
 404         # Restart Relay
 405         restart_master_relay "$network"
 406
 407         # Disable distribution
 408         disable_router "$network"
 409
 410         # Disable any active relays, masquerading rules and NPT rules
 411         stop_relay "$network"
 412         setup_masquerading stop "$network"
 413         setup_npt_chain stop "$network"
 414
 415         # Disable DHCPv6 client if enabled, state script will take care
 416         stop_service /usr/sbin/odhcp6c "/var/run/ipv6-dhcpv6-$network.pid"
 417
 418         # Stop site-border
 419         set_site_border "$network"
 420 }
 421
 422
 423 enable_ula_prefix() {
 424         local network="$1"
 425         local ula="$2"
 426         local device="$3"
 427         [ -z "$ula" ] && ula="global"
 428
 429         # ULA-integration
 430         local ula_prefix=""
 431         config_get ula_prefix "$ula" ula_prefix
 432
 433         # ULA auto configuration (first init)
 434         [ "$ula_prefix" == "auto" ] && {
 435                 local r1=""
 436                 local r2=""
 437                 local r3=""
 438
 439                 # Sometimes results are empty, therefore try until it works...
 440                 while [ -z "$r1" -o -z "$r2" -o -z "$r3" ]; do
 441                         r1=$(printf "%02x" $(($(</dev/urandom tr -dc 0-9 | dd bs=9 count=1) % 256)))
 442                         r2=$(printf "%01x" $(($(</dev/urandom tr -dc 0-9 | dd bs=9 count=1) % 65536)))
 443                         r3=$(printf "%01x" $(($(</dev/urandom tr -dc 0-9 | dd bs=9 count=1) % 65536)))
 444                 done
 445
 446                 ula_prefix="fd$r1:$r2:$r3::/48"
 447
 448                 # Save prefix so it will be preserved across reboots
 449                 config_set "$ula" ula_prefix "$ula_prefix"
 450                 uci_set network6 "$ula" ula_prefix "$ula_prefix"
 451                 uci_commit network6
 452         }
 453
 454         # Announce ULA
 455         [ -n "$ula_prefix" ] && announce_prefix "$ula_prefix" "$network" "$device" newprefix secondary
 456 }
 457
 458
 459 enable_static() {
 460         local network="$1"
 461         local device="$2"
 462
 463         # Enable global forwarding
 464         local global_forward
 465         conf_get global_forward all forwarding
 466         [ "$global_forward" != "1" ] && conf_set all forwarding 1
 467
 468         # Configure device
 469         conf_set "$device" forwarding 1
 470         conf_set "$device" accept_ra 1
 471
 472         # Enable ULA
 473         enable_ula_prefix "$network" global "$device"
 474         # Compatibility (deprecated)
 475         enable_ula_prefix "$network" "$network" "$device"
 476
 477         # Announce all static prefixes
 478         config_list_foreach "$network" static_prefix announce_prefix "$network" "$device"
 479
 480         # start relay if there are forced relay members
 481         restart_relay "$network"
 482 }
 483
 484
 485 enable_router() {
 486         local network="$1"
 487         local device="$2"
 488
 489         # Get IPv6 prefixes
 490         local length
 491         config_get length "$network" advertise_prefix
 492         [ -z "$length" ] && length=64
 493         [ "$length" -ne "0" ] && ubus call 6distributed newiface '{"network": "'"$network"'", "iface": "'"$device"'", "length": '"$length"'}'
 494
 495         # Start RD & DHCPv6 service
 496         local router_service
 497         config_get router_service global router_service
 498
 499         local always_default
 500         config_get_bool always_default "$network" always_default 0
 501
 502         if [ "$router_service" == "dnsmasq" ]; then
 503                 local dnsmasq_opts
 504                 config_get dnsmasq_opts "$network" dnsmasq_opts
 505                 [ -z "$dnsmasq_opts" ] && dnsmasq_opts="ra-names,24h"
 506
 507                 local conf="/var/etc/dnsmasq.d/ipv6-router-$network.conf"
 508                 mkdir -p $(dirname $conf)
 509                 echo "dhcp-range=::00ff,::ffff,constructor:$device,$dnsmasq_opts" > $conf
 510                 echo "enable-ra" >> $conf
 511                 /etc/init.d/dnsmasq restart
 512         else
 513                 local opts=""
 514                 [ "$always_default" == "1" ] && opts="-u"
 515
 516                 local pid="/var/run/ipv6-router-$network.pid"
 517                 start_service "/usr/sbin/6relayd -S $opts . $device" "$pid"
 518         fi
 519
 520         # Try relaying if necessary
 521         restart_master_relay "$network"
 522 }
 523
 524
 525 enable_dhcpv6() {
 526         local network="$1"
 527         local device="$2"
 528
 529         # Configure DHCPv6-client
 530         local dhcp6_opts="$device"
 531
 532         # Configure DHCPv6-client (e.g. requested prefix)
 533         local request_prefix
 534         config_get request_prefix "$network" request_prefix
 535         [ -z "$request_prefix" ] && request_prefix="auto"
 536         [ "$request_prefix" != "no" ] && {
 537                 [ "$request_prefix" == "auto" ] && request_prefix=0
 538                 dhcp6_opts="-P$request_prefix $dhcp6_opts"
 539         }
 540
 541         # Start DHCPv6 client
 542         local pid="/var/run/ipv6-dhcpv6-$network.pid"
 543         start_service "/usr/sbin/odhcp6c -s/lib/ipv6/dhcpv6.sh $dhcp6_opts" "$pid"
 544 }
 545
 546
 547 enable_6to4() {
 548         local network="$1"
 549         local device="$2"
 550         local mode="$3"
 551
 552         local prefixlen="48"
 553         [ "$mode" == "6rd" ] && {
 554                 local ip4prefix=$(uci_get network "$network" ip4prefixlen 0)
 555                 local ip6prefix=$(uci_get network "$network" ip6prefixlen 32)
 556                 prefixlen=$(($ip6prefix + 32 - $ip4prefix))
 557         }
 558
 559         local prefix=""
 560         network_get_ipaddr6 prefix "$network"
 561
 562         announce_prefix "$prefix/$prefixlen" "$network" "$device"
 563 }
 564
 565
 566 enable_interface()
 567 {
 568         local network="$1"
 569         local device="$2"
 570         local mode=""
 571
 572         config_get mode "$network" mode
 573         [ -n "$mode" -a "$mode" != "none" ] || return
 574
 575         # Compatibility with old mode names
 576         [ "$mode" == "downstream" ] && mode=router
 577         [ "$mode" == "upstream" ] && mode=dhcpv6
 578
 579         # Enable site-border
 580         [ "$mode" == "static" -o "$mode" == "dhcpv6" -o "$mode" == "6to4" -o "$mode" == "6in4" ] && set_site_border "$network" "$device"
 581
 582         # Run mode startup code
 583         enable_static "$network" "$device"
 584         [ "$mode" == "dhcpv6" ] && enable_dhcpv6 "$network" "$device"
 585         [ "$mode" == "router" ] && enable_router "$network" "$device"
 586         [ "$mode" == "6to4" -o "$mode" == "6rd" ] && enable_6to4 "$network" "$device" "$mode"
 587         [ "$mode" == "relay" ] && restart_master_relay "$network" forced
 588 }