aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteven Barth <cyrus@openwrt.org>2013-01-02 23:05:44 +0000
committerSteven Barth <cyrus@openwrt.org>2013-01-02 23:05:44 +0000
commit965afef3174182f4977ee9656757434e3bc048ba (patch)
tree0766f6f9e7ecd502717b630b6b2d417ca88c982c
parentc7d9d7c9522a9dc612d917fd879a046e7b582295 (diff)
downloadupstream-965afef3174182f4977ee9656757434e3bc048ba.tar.gz
upstream-965afef3174182f4977ee9656757434e3bc048ba.tar.bz2
upstream-965afef3174182f4977ee9656757434e3bc048ba.zip
ipv6-support: Update iteration * Add support for blocking forwarding while address assignments * Fix relay restarting function
SVN-Revision: 34985
-rw-r--r--package/network/ipv6/ipv6-support/Makefile2
-rwxr-xr-xpackage/network/ipv6/ipv6-support/files/dhcpv6.sh28
-rw-r--r--package/network/ipv6/ipv6-support/files/support.sh38
3 files changed, 53 insertions, 15 deletions
diff --git a/package/network/ipv6/ipv6-support/Makefile b/package/network/ipv6/ipv6-support/Makefile
index eee6f9d328..0d596d4d3b 100644
--- a/package/network/ipv6/ipv6-support/Makefile
+++ b/package/network/ipv6/ipv6-support/Makefile
@@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=ipv6-support
-PKG_VERSION:=2013-01-01
+PKG_VERSION:=2013-01-02
PKG_RELEASE:=1
include $(INCLUDE_DIR)/package.mk
diff --git a/package/network/ipv6/ipv6-support/files/dhcpv6.sh b/package/network/ipv6/ipv6-support/files/dhcpv6.sh
index 299cf99f3d..9609f04d5c 100755
--- a/package/network/ipv6/ipv6-support/files/dhcpv6.sh
+++ b/package/network/ipv6/ipv6-support/files/dhcpv6.sh
@@ -12,6 +12,29 @@ resolve_network network "$device"
# Unknown network
[ -z "$network" ] && exit 0
+if [ "$state" == "started" ]; then
+ # Start border
+ set_forward_border "$network" "$device" enable
+
+ # Configure device
+ conf_set "$device" accept_ra 2
+ conf_set "$device" forwarding 2
+
+ # Trigger RS
+ conf_set "$device" disable_ipv6 1
+ conf_set "$device" disable_ipv6 0
+
+ exit 0
+elif [ "$state" == "stopped" ]; then
+ # Deconfigure device
+ conf_set "$device" accept_ra 1
+ conf_set "$device" forwarding 1
+
+ # Disable border
+ set_forward_border "$network" "$device" disable
+
+ exit 0
+fi
# Announce prefixes
for prefix in $PREFIXES; do
@@ -23,7 +46,7 @@ for prefix in $PREFIXES_LOST; do
done
-# Enable relaying if requested
+# Enable relaying if requested and we didn't get a prefix, disable otherwise
local fallback="stop"
[ -z "$PREFIXES" -a "$state" != "unbound" ] && fallback="start"
setup_prefix_fallback "$fallback" "$network" "$device"
@@ -32,6 +55,9 @@ setup_prefix_fallback "$fallback" "$network" "$device"
# Operations in case of success
[ "$state" == "timeout" -o "$state" == "unbound" ] && exit 0
+# Handshake completed, disable forwarding border
+set_forward_border "$network" "$device" disable
+
local peerdns
config_get_bool peerdns "$network" peerdns 1
[ "$peerdns" -eq "1" ] && {
diff --git a/package/network/ipv6/ipv6-support/files/support.sh b/package/network/ipv6/ipv6-support/files/support.sh
index a38c6a41e9..8ae803cf1c 100644
--- a/package/network/ipv6/ipv6-support/files/support.sh
+++ b/package/network/ipv6/ipv6-support/files/support.sh
@@ -329,8 +329,6 @@ setup_prefix_fallback() {
restart_master_relay() {
local network="$1"
local mode="$2"
- local pid_fallback="/var/run/ipv6-relay-fallback-$network.pid"
- local pid_forced="/var/run/ipv6-relay-forced-$network.pid"
# Disable active relaying to this interface
config_get relay_master "$network" relay_master
@@ -338,8 +336,10 @@ restart_master_relay() {
network_is_up "$relay_master" || return
# Detect running mode
- [ -z "$mode" && -f "$pid_fallback" ] && mode="fallback"
- [ -z "$mode" && -f "$pid_forced" ] && mode="forced"
+ local pid_fallback="/var/run/ipv6-relay-fallback-$relay_master.pid"
+ local pid_forced="/var/run/ipv6-relay-forced-$relay_master.pid"
+ [ -z "$mode" -a -f "$pid_fallback" ] && mode="fallback"
+ [ -z "$mode" -a -f "$pid_forced" ] && mode="forced"
# Restart relay if running or start requested
[ -n "$mode" ] && restart_relay "$relay_master" "$mode"
@@ -375,6 +375,26 @@ set_site_border() {
}
+set_forward_border() {
+ local network="$1"
+ local device="$2"
+ local method="$3"
+ local fwscript="/var/etc/ipv6-firewall.d/forward-border-$network.sh"
+
+ if [ "$method" == "enable" ]; then
+ mkdir -p $(dirname "$fwscript")
+ echo "ip6tables -A forwarding_rule -o \"$device\" -j REJECT --reject-with icmp6-no-route" > "$fwscript"
+ . "$fwscript"
+ else
+ [ -f "$fwscript" ] || return
+ rm -f "$fwscript"
+ # Racy race race
+ ip6tables -D forwarding_rule -o "$device" -j REJECT --reject-with icmp6-no-route 2>/dev/null
+ ip6tables -D forwarding_rule -o "$device" -j REJECT --reject-with icmp6-no-route 2>/dev/null
+ fi
+}
+
+
disable_interface() {
local network="$1"
@@ -446,8 +466,8 @@ enable_static() {
[ "$global_forward" != "1" ] && conf_set all forwarding 1
# Configure device
- conf_set "$device" accept_ra 1
conf_set "$device" forwarding 1
+ conf_set "$device" accept_ra 1
# Enable ULA
enable_ula_prefix "$network" global "$device"
@@ -506,14 +526,6 @@ enable_dhcpv6() {
local network="$1"
local device="$2"
- # Configure device
- conf_set "$device" accept_ra 2
- conf_set "$device" forwarding 2
-
- # Trigger RS
- conf_set "$device" disable_ipv6 1
- conf_set "$device" disable_ipv6 0
-
# Configure DHCPv6-client
local dhcp6_opts="$device"