ipv6-support: Update iteration * Add support for blocking forwarding while address...
authorSteven Barth <cyrus@openwrt.org>
Wed, 2 Jan 2013 23:05:44 +0000 (23:05 +0000)
committerSteven Barth <cyrus@openwrt.org>
Wed, 2 Jan 2013 23:05:44 +0000 (23:05 +0000)
SVN-Revision: 34985

package/network/ipv6/ipv6-support/Makefile
package/network/ipv6/ipv6-support/files/dhcpv6.sh
package/network/ipv6/ipv6-support/files/support.sh

index eee6f9d32815a71bf1de5b75a4fedd7dbbcb3fa5..0d596d4d3b01ac55342d2260bf38cd11d00a36dc 100644 (file)
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ipv6-support
-PKG_VERSION:=2013-01-01
+PKG_VERSION:=2013-01-02
 PKG_RELEASE:=1
 
 include $(INCLUDE_DIR)/package.mk
index 299cf99f3d1322c632cf247e5c50742f92259a17..9609f04d5c65cfaaa234fa124d9440582938d38b 100755 (executable)
@@ -12,6 +12,29 @@ resolve_network network "$device"
 # Unknown network
 [ -z "$network" ] && exit 0
 
+if [ "$state" == "started" ]; then
+       # Start border
+       set_forward_border "$network" "$device" enable
+
+       # Configure device
+       conf_set "$device" accept_ra 2
+       conf_set "$device" forwarding 2
+
+       # Trigger RS
+       conf_set "$device" disable_ipv6 1
+       conf_set "$device" disable_ipv6 0
+
+       exit 0
+elif [ "$state" == "stopped" ]; then
+       # Deconfigure device
+       conf_set "$device" accept_ra 1
+       conf_set "$device" forwarding 1
+
+       # Disable border
+       set_forward_border "$network" "$device" disable
+
+       exit 0
+fi
 
 # Announce prefixes
 for prefix in $PREFIXES; do
@@ -23,7 +46,7 @@ for prefix in $PREFIXES_LOST; do
 done
 
 
-# Enable relaying if requested
+# Enable relaying if requested and we didn't get a prefix, disable otherwise
 local fallback="stop"
 [ -z "$PREFIXES" -a "$state" != "unbound" ] && fallback="start"
 setup_prefix_fallback "$fallback" "$network" "$device"
@@ -32,6 +55,9 @@ setup_prefix_fallback "$fallback" "$network" "$device"
 # Operations in case of success
 [ "$state" == "timeout" -o "$state" == "unbound" ] && exit 0
 
+# Handshake completed, disable forwarding border
+set_forward_border "$network" "$device" disable
+
 local peerdns
 config_get_bool peerdns "$network" peerdns 1
 [ "$peerdns" -eq "1" ] && {
index a38c6a41e94de11e0595bc39d7f134f03eeb7280..8ae803cf1c225e8dd12e8fc57f7a78fdc6921bc0 100644 (file)
@@ -329,8 +329,6 @@ setup_prefix_fallback() {
 restart_master_relay() {
        local network="$1"
        local mode="$2"
-       local pid_fallback="/var/run/ipv6-relay-fallback-$network.pid"
-       local pid_forced="/var/run/ipv6-relay-forced-$network.pid"
 
        # Disable active relaying to this interface
        config_get relay_master "$network" relay_master
@@ -338,8 +336,10 @@ restart_master_relay() {
        network_is_up "$relay_master" || return
 
        # Detect running mode
-       [ -z "$mode" && -f "$pid_fallback" ] && mode="fallback"
-       [ -z "$mode" && -f "$pid_forced" ] && mode="forced"
+       local pid_fallback="/var/run/ipv6-relay-fallback-$relay_master.pid"
+       local pid_forced="/var/run/ipv6-relay-forced-$relay_master.pid"
+       [ -z "$mode" -a -f "$pid_fallback" ] && mode="fallback"
+       [ -z "$mode" -a -f "$pid_forced" ] && mode="forced"
 
        # Restart relay if running or start requested
        [ -n "$mode" ] && restart_relay "$relay_master" "$mode"
@@ -375,6 +375,26 @@ set_site_border() {
 }
 
 
+set_forward_border() {
+       local network="$1"
+       local device="$2"
+       local method="$3"
+       local fwscript="/var/etc/ipv6-firewall.d/forward-border-$network.sh"
+
+       if [ "$method" == "enable" ]; then
+               mkdir -p $(dirname "$fwscript")
+               echo "ip6tables -A forwarding_rule -o \"$device\" -j REJECT --reject-with icmp6-no-route" > "$fwscript"
+               . "$fwscript"
+       else
+               [ -f "$fwscript" ] || return
+               rm -f "$fwscript"
+               # Racy race race
+               ip6tables -D forwarding_rule -o "$device" -j REJECT --reject-with icmp6-no-route 2>/dev/null
+               ip6tables -D forwarding_rule -o "$device" -j REJECT --reject-with icmp6-no-route 2>/dev/null
+       fi
+}
+
+
 disable_interface() {
        local network="$1"
 
@@ -446,8 +466,8 @@ enable_static() {
        [ "$global_forward" != "1" ] && conf_set all forwarding 1
 
        # Configure device
-       conf_set "$device" accept_ra 1
        conf_set "$device" forwarding 1
+       conf_set "$device" accept_ra 1
 
        # Enable ULA
        enable_ula_prefix "$network" global "$device"
@@ -506,14 +526,6 @@ enable_dhcpv6() {
        local network="$1"
        local device="$2"
        
-       # Configure device
-       conf_set "$device" accept_ra 2
-       conf_set "$device" forwarding 2
-       
-       # Trigger RS
-       conf_set "$device" disable_ipv6 1
-       conf_set "$device" disable_ipv6 0
-
        # Configure DHCPv6-client
        local dhcp6_opts="$device"