diff options
| author | cyrus <cyrus@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2013-01-02 23:05:44 +0000 |
|---|---|---|
| committer | cyrus <cyrus@3c298f89-4303-0410-b956-a3cf2f4a3e73> | 2013-01-02 23:05:44 +0000 |
| commit | d01cd03c82df4eede1ddaa42fbf7cd4a1eff9b6b (patch) | |
| tree | 571eeaa189dc379cb04533f86c1c70ce475bcb3e /package/network/ipv6/ipv6-support/files | |
| parent | 3a1ca62454708c3751dc44fd636dca09e012adda (diff) | |
ipv6-support: Update iteration
* Add support for blocking forwarding while address assignments
* Fix relay restarting function
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34985 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/network/ipv6/ipv6-support/files')
| -rwxr-xr-x | package/network/ipv6/ipv6-support/files/dhcpv6.sh | 28 | ||||
| -rw-r--r-- | package/network/ipv6/ipv6-support/files/support.sh | 38 |
2 files changed, 52 insertions, 14 deletions
diff --git a/package/network/ipv6/ipv6-support/files/dhcpv6.sh b/package/network/ipv6/ipv6-support/files/dhcpv6.sh index 299cf99f3..9609f04d5 100755 --- a/package/network/ipv6/ipv6-support/files/dhcpv6.sh +++ b/package/network/ipv6/ipv6-support/files/dhcpv6.sh @@ -12,6 +12,29 @@ resolve_network network "$device" # Unknown network [ -z "$network" ] && exit 0 +if [ "$state" == "started" ]; then + # Start border + set_forward_border "$network" "$device" enable + + # Configure device + conf_set "$device" accept_ra 2 + conf_set "$device" forwarding 2 + + # Trigger RS + conf_set "$device" disable_ipv6 1 + conf_set "$device" disable_ipv6 0 + + exit 0 +elif [ "$state" == "stopped" ]; then + # Deconfigure device + conf_set "$device" accept_ra 1 + conf_set "$device" forwarding 1 + + # Disable border + set_forward_border "$network" "$device" disable + + exit 0 +fi # Announce prefixes for prefix in $PREFIXES; do @@ -23,7 +46,7 @@ for prefix in $PREFIXES_LOST; do done -# Enable relaying if requested +# Enable relaying if requested and we didn't get a prefix, disable otherwise local fallback="stop" [ -z "$PREFIXES" -a "$state" != "unbound" ] && fallback="start" setup_prefix_fallback "$fallback" "$network" "$device" @@ -32,6 +55,9 @@ setup_prefix_fallback "$fallback" "$network" "$device" # Operations in case of success [ "$state" == "timeout" -o "$state" == "unbound" ] && exit 0 +# Handshake completed, disable forwarding border +set_forward_border "$network" "$device" disable + local peerdns config_get_bool peerdns "$network" peerdns 1 [ "$peerdns" -eq "1" ] && { diff --git a/package/network/ipv6/ipv6-support/files/support.sh b/package/network/ipv6/ipv6-support/files/support.sh index a38c6a41e..8ae803cf1 100644 --- a/package/network/ipv6/ipv6-support/files/support.sh +++ b/package/network/ipv6/ipv6-support/files/support.sh @@ -329,8 +329,6 @@ setup_prefix_fallback() { restart_master_relay() { local network="$1" local mode="$2" - local pid_fallback="/var/run/ipv6-relay-fallback-$network.pid" - local pid_forced="/var/run/ipv6-relay-forced-$network.pid" # Disable active relaying to this interface config_get relay_master "$network" relay_master @@ -338,8 +336,10 @@ restart_master_relay() { network_is_up "$relay_master" || return # Detect running mode - [ -z "$mode" && -f "$pid_fallback" ] && mode="fallback" - [ -z "$mode" && -f "$pid_forced" ] && mode="forced" + local pid_fallback="/var/run/ipv6-relay-fallback-$relay_master.pid" + local pid_forced="/var/run/ipv6-relay-forced-$relay_master.pid" + [ -z "$mode" -a -f "$pid_fallback" ] && mode="fallback" + [ -z "$mode" -a -f "$pid_forced" ] && mode="forced" # Restart relay if running or start requested [ -n "$mode" ] && restart_relay "$relay_master" "$mode" @@ -375,6 +375,26 @@ set_site_border() { } +set_forward_border() { + local network="$1" + local device="$2" + local method="$3" + local fwscript="/var/etc/ipv6-firewall.d/forward-border-$network.sh" + + if [ "$method" == "enable" ]; then + mkdir -p $(dirname "$fwscript") + echo "ip6tables -A forwarding_rule -o \"$device\" -j REJECT --reject-with icmp6-no-route" > "$fwscript" + . "$fwscript" + else + [ -f "$fwscript" ] || return + rm -f "$fwscript" + # Racy race race + ip6tables -D forwarding_rule -o "$device" -j REJECT --reject-with icmp6-no-route 2>/dev/null + ip6tables -D forwarding_rule -o "$device" -j REJECT --reject-with icmp6-no-route 2>/dev/null + fi +} + + disable_interface() { local network="$1" @@ -446,8 +466,8 @@ enable_static() { [ "$global_forward" != "1" ] && conf_set all forwarding 1 # Configure device - conf_set "$device" accept_ra 1 conf_set "$device" forwarding 1 + conf_set "$device" accept_ra 1 # Enable ULA enable_ula_prefix "$network" global "$device" @@ -506,14 +526,6 @@ enable_dhcpv6() { local network="$1" local device="$2" - # Configure device - conf_set "$device" accept_ra 2 - conf_set "$device" forwarding 2 - - # Trigger RS - conf_set "$device" disable_ipv6 1 - conf_set "$device" disable_ipv6 0 - # Configure DHCPv6-client local dhcp6_opts="$device" |