mirror of https://github.com/hak5/openwrt-owl.git
ipv6-support: Updated functionality * Add site-border feature again * Add option to always announce a default router
SVN-Revision: 34908owl
parent
ce41e59030
commit
e7719bb4aa
|
@ -8,7 +8,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=ipv6-support
|
||||
PKG_VERSION:=2012-12-28
|
||||
PKG_VERSION:=2012-12-29
|
||||
PKG_RELEASE:=1
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
@ -43,8 +43,11 @@ define Package/ipv6-support/install
|
|||
$(INSTALL_DIR) $(1)/lib/ipv6
|
||||
$(INSTALL_DATA) ./files/support.sh $(1)/lib/ipv6/support.sh
|
||||
$(INSTALL_BIN) ./files/dhcpv6.sh $(1)/lib/ipv6/dhcpv6.sh
|
||||
$(INSTALL_BIN) ./files/firewall.sh $(1)/lib/ipv6/firewall.sh
|
||||
$(INSTALL_DIR) $(1)/etc/config
|
||||
$(INSTALL_DATA) ./files/network6.config $(1)/etc/config/network6
|
||||
$(INSTALL_DIR) $(1)/etc/uci-defaults
|
||||
$(INSTALL_BIN) ./files/ipv6-support.defaults $(1)/etc/uci-defaults/ipv6-support.defaults
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,ipv6-support))
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
#!/bin/sh
|
||||
ip6tables -N ipv6-site-border
|
||||
ip6tables -A forwarding_rule -s fc00::/7 -j ipv6-site-border
|
||||
ip6tables -A forwarding_rule -d fc00::/7 -j ipv6-site-border
|
||||
|
||||
mkdir -p /var/etc/ipv6-firewall.d
|
||||
for i in /var/etc/ipv6-firewall.d/*; do
|
||||
[ -f "$i" ] && . "$i"
|
||||
done
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/sh
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
set firewall.ipv6_support=include
|
||||
set firewall.ipv6_support.path=/lib/ipv6/firewall.sh
|
||||
commit firewall
|
||||
EOF
|
|
@ -6,6 +6,7 @@ config interface wan
|
|||
option request_prefix auto
|
||||
option prefix_fallback relay
|
||||
option peerdns 1
|
||||
option site_border 1
|
||||
|
||||
config interface lan
|
||||
option mode router
|
||||
|
|
|
@ -346,6 +346,35 @@ restart_master_relay() {
|
|||
}
|
||||
|
||||
|
||||
set_site_border() {
|
||||
local network="$1"
|
||||
local device="$2"
|
||||
|
||||
local fwscript="/var/etc/ipv6-firewall.d/site-border-$network.sh"
|
||||
local chain="ipv6-site-border-$network"
|
||||
|
||||
if [ -n "$device" ]; then
|
||||
local site_border
|
||||
config_get_bool site_border "$network" site_border 0
|
||||
[ "$site_border" == "1" ] || return
|
||||
|
||||
mkdir -p $(dirname "$fwscript")
|
||||
echo "ip6tables -N $chain" > "$fwscript"
|
||||
echo "ip6tables -F $chain" >> "$fwscript"
|
||||
echo "ip6tables -A $chain -o $device -j REJECT --reject-with icmp6-no-route" >> "$fwscript"
|
||||
echo "ip6tables -A $chain -i $device -j REJECT --reject-with icmp6-no-route" >> "$fwscript"
|
||||
echo "ip6tables -A ipv6-site-border -j $chain" >> "$fwscript"
|
||||
. "$fwscript"
|
||||
else
|
||||
[ -f "$fwscript" ] || return
|
||||
rm -f "$fwscript"
|
||||
ip6tables -D ipv6-site-border -j "$chain"
|
||||
ip6tables -F "$chain"
|
||||
ip6tables -X "$chain"
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
disable_interface() {
|
||||
local network="$1"
|
||||
|
||||
|
@ -365,6 +394,9 @@ disable_interface() {
|
|||
|
||||
# Disable DHCPv6 client if enabled, state script will take care
|
||||
stop_service /usr/sbin/odhcp6c "/var/run/ipv6-dhcpv6-$network.pid"
|
||||
|
||||
# Stop site-border
|
||||
set_site_border "$network"
|
||||
}
|
||||
|
||||
|
||||
|
@ -444,6 +476,9 @@ enable_router() {
|
|||
local router_service
|
||||
config_get router_service global router_service
|
||||
|
||||
local always_default
|
||||
config_get_bool always_default "$network" always_default 0
|
||||
|
||||
if [ "$router_service" == "dnsmasq" ]; then
|
||||
local dnsmasq_opts
|
||||
config_get dnsmasq_opts "$network" dnsmasq_opts
|
||||
|
@ -455,8 +490,11 @@ enable_router() {
|
|||
echo "enable-ra" >> $conf
|
||||
/etc/init.d/dnsmasq restart
|
||||
else
|
||||
local opts=""
|
||||
[ "$always_default" == "1" ] && opts="-u"
|
||||
|
||||
local pid="/var/run/ipv6-router-$network.pid"
|
||||
start_service "/usr/sbin/6relayd -S . $device" "$pid"
|
||||
start_service "/usr/sbin/6relayd -S $opts . $device" "$pid"
|
||||
fi
|
||||
|
||||
# Try relaying if necessary
|
||||
|
@ -531,6 +569,9 @@ enable_interface()
|
|||
[ "$mode" == "downstream" ] && mode=router
|
||||
[ "$mode" == "upstream" ] && mode=dhcpv6
|
||||
|
||||
# Enable site-border
|
||||
[ "$mode" == "static" -o "$mode" == "dhcpv6" -o "$mode" == "6to4" -o "$mode" == "6in4" ] && set_site_border "$network" "$device"
|
||||
|
||||
# Run mode startup code
|
||||
enable_static "$network" "$device"
|
||||
[ "$mode" == "dhcpv6" ] && enable_dhcpv6 "$network" "$device"
|
||||
|
|
Loading…
Reference in New Issue