From e7719bb4aa7830d5422281421a0f5f6e0d3675d8 Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Fri, 28 Dec 2012 12:02:22 +0000 Subject: [PATCH] ipv6-support: Updated functionality * Add site-border feature again * Add option to always announce a default router SVN-Revision: 34908 --- package/network/ipv6/ipv6-support/Makefile | 5 ++- .../ipv6/ipv6-support/files/firewall.sh | 9 ++++ .../ipv6-support/files/ipv6-support.defaults | 6 +++ .../ipv6/ipv6-support/files/network6.config | 1 + .../ipv6/ipv6-support/files/support.sh | 43 ++++++++++++++++++- 5 files changed, 62 insertions(+), 2 deletions(-) create mode 100755 package/network/ipv6/ipv6-support/files/firewall.sh create mode 100644 package/network/ipv6/ipv6-support/files/ipv6-support.defaults diff --git a/package/network/ipv6/ipv6-support/Makefile b/package/network/ipv6/ipv6-support/Makefile index 634dc5d74b..2efeaabac0 100644 --- a/package/network/ipv6/ipv6-support/Makefile +++ b/package/network/ipv6/ipv6-support/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ipv6-support -PKG_VERSION:=2012-12-28 +PKG_VERSION:=2012-12-29 PKG_RELEASE:=1 include $(INCLUDE_DIR)/package.mk @@ -43,8 +43,11 @@ define Package/ipv6-support/install $(INSTALL_DIR) $(1)/lib/ipv6 $(INSTALL_DATA) ./files/support.sh $(1)/lib/ipv6/support.sh $(INSTALL_BIN) ./files/dhcpv6.sh $(1)/lib/ipv6/dhcpv6.sh + $(INSTALL_BIN) ./files/firewall.sh $(1)/lib/ipv6/firewall.sh $(INSTALL_DIR) $(1)/etc/config $(INSTALL_DATA) ./files/network6.config $(1)/etc/config/network6 + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_BIN) ./files/ipv6-support.defaults $(1)/etc/uci-defaults/ipv6-support.defaults endef $(eval $(call BuildPackage,ipv6-support)) diff --git a/package/network/ipv6/ipv6-support/files/firewall.sh b/package/network/ipv6/ipv6-support/files/firewall.sh new file mode 100755 index 0000000000..57fcd382e9 --- /dev/null +++ b/package/network/ipv6/ipv6-support/files/firewall.sh @@ -0,0 +1,9 @@ +#!/bin/sh +ip6tables -N ipv6-site-border +ip6tables -A forwarding_rule -s fc00::/7 -j ipv6-site-border +ip6tables -A forwarding_rule -d fc00::/7 -j ipv6-site-border + +mkdir -p /var/etc/ipv6-firewall.d +for i in /var/etc/ipv6-firewall.d/*; do + [ -f "$i" ] && . "$i" +done diff --git a/package/network/ipv6/ipv6-support/files/ipv6-support.defaults b/package/network/ipv6/ipv6-support/files/ipv6-support.defaults new file mode 100644 index 0000000000..6a699a1453 --- /dev/null +++ b/package/network/ipv6/ipv6-support/files/ipv6-support.defaults @@ -0,0 +1,6 @@ +#!/bin/sh +uci -q batch <<-EOF >/dev/null + set firewall.ipv6_support=include + set firewall.ipv6_support.path=/lib/ipv6/firewall.sh + commit firewall +EOF diff --git a/package/network/ipv6/ipv6-support/files/network6.config b/package/network/ipv6/ipv6-support/files/network6.config index ce85dbe8b6..37a327f2b2 100644 --- a/package/network/ipv6/ipv6-support/files/network6.config +++ b/package/network/ipv6/ipv6-support/files/network6.config @@ -6,6 +6,7 @@ config interface wan option request_prefix auto option prefix_fallback relay option peerdns 1 + option site_border 1 config interface lan option mode router diff --git a/package/network/ipv6/ipv6-support/files/support.sh b/package/network/ipv6/ipv6-support/files/support.sh index 01efb9ed7c..14d2db6c5b 100644 --- a/package/network/ipv6/ipv6-support/files/support.sh +++ b/package/network/ipv6/ipv6-support/files/support.sh @@ -346,6 +346,35 @@ restart_master_relay() { } +set_site_border() { + local network="$1" + local device="$2" + + local fwscript="/var/etc/ipv6-firewall.d/site-border-$network.sh" + local chain="ipv6-site-border-$network" + + if [ -n "$device" ]; then + local site_border + config_get_bool site_border "$network" site_border 0 + [ "$site_border" == "1" ] || return + + mkdir -p $(dirname "$fwscript") + echo "ip6tables -N $chain" > "$fwscript" + echo "ip6tables -F $chain" >> "$fwscript" + echo "ip6tables -A $chain -o $device -j REJECT --reject-with icmp6-no-route" >> "$fwscript" + echo "ip6tables -A $chain -i $device -j REJECT --reject-with icmp6-no-route" >> "$fwscript" + echo "ip6tables -A ipv6-site-border -j $chain" >> "$fwscript" + . "$fwscript" + else + [ -f "$fwscript" ] || return + rm -f "$fwscript" + ip6tables -D ipv6-site-border -j "$chain" + ip6tables -F "$chain" + ip6tables -X "$chain" + fi +} + + disable_interface() { local network="$1" @@ -365,6 +394,9 @@ disable_interface() { # Disable DHCPv6 client if enabled, state script will take care stop_service /usr/sbin/odhcp6c "/var/run/ipv6-dhcpv6-$network.pid" + + # Stop site-border + set_site_border "$network" } @@ -444,6 +476,9 @@ enable_router() { local router_service config_get router_service global router_service + local always_default + config_get_bool always_default "$network" always_default 0 + if [ "$router_service" == "dnsmasq" ]; then local dnsmasq_opts config_get dnsmasq_opts "$network" dnsmasq_opts @@ -455,8 +490,11 @@ enable_router() { echo "enable-ra" >> $conf /etc/init.d/dnsmasq restart else + local opts="" + [ "$always_default" == "1" ] && opts="-u" + local pid="/var/run/ipv6-router-$network.pid" - start_service "/usr/sbin/6relayd -S . $device" "$pid" + start_service "/usr/sbin/6relayd -S $opts . $device" "$pid" fi # Try relaying if necessary @@ -531,6 +569,9 @@ enable_interface() [ "$mode" == "downstream" ] && mode=router [ "$mode" == "upstream" ] && mode=dhcpv6 + # Enable site-border + [ "$mode" == "static" -o "$mode" == "dhcpv6" -o "$mode" == "6to4" -o "$mode" == "6in4" ] && set_site_border "$network" "$device" + # Run mode startup code enable_static "$network" "$device" [ "$mode" == "dhcpv6" ] && enable_dhcpv6 "$network" "$device" -- 2.34.1