From e7719bb4aa7830d5422281421a0f5f6e0d3675d8 Mon Sep 17 00:00:00 2001
From: Steven Barth <cyrus@openwrt.org>
Date: Fri, 28 Dec 2012 12:02:22 +0000
Subject: [PATCH] ipv6-support: Updated functionality * Add site-border feature
 again * Add option to always announce a default router

SVN-Revision: 34908
---
 package/network/ipv6/ipv6-support/Makefile    |  5 ++-
 .../ipv6/ipv6-support/files/firewall.sh       |  9 ++++
 .../ipv6-support/files/ipv6-support.defaults  |  6 +++
 .../ipv6/ipv6-support/files/network6.config   |  1 +
 .../ipv6/ipv6-support/files/support.sh        | 43 ++++++++++++++++++-
 5 files changed, 62 insertions(+), 2 deletions(-)
 create mode 100755 package/network/ipv6/ipv6-support/files/firewall.sh
 create mode 100644 package/network/ipv6/ipv6-support/files/ipv6-support.defaults

diff --git a/package/network/ipv6/ipv6-support/Makefile b/package/network/ipv6/ipv6-support/Makefile
index 634dc5d74b..2efeaabac0 100644
--- a/package/network/ipv6/ipv6-support/Makefile
+++ b/package/network/ipv6/ipv6-support/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ipv6-support
-PKG_VERSION:=2012-12-28
+PKG_VERSION:=2012-12-29
 PKG_RELEASE:=1
 
 include $(INCLUDE_DIR)/package.mk
@@ -43,8 +43,11 @@ define Package/ipv6-support/install
 	$(INSTALL_DIR) $(1)/lib/ipv6
 	$(INSTALL_DATA) ./files/support.sh $(1)/lib/ipv6/support.sh
 	$(INSTALL_BIN) ./files/dhcpv6.sh $(1)/lib/ipv6/dhcpv6.sh
+	$(INSTALL_BIN) ./files/firewall.sh $(1)/lib/ipv6/firewall.sh
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_DATA) ./files/network6.config $(1)/etc/config/network6
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_BIN) ./files/ipv6-support.defaults $(1)/etc/uci-defaults/ipv6-support.defaults
 endef
 
 $(eval $(call BuildPackage,ipv6-support))
diff --git a/package/network/ipv6/ipv6-support/files/firewall.sh b/package/network/ipv6/ipv6-support/files/firewall.sh
new file mode 100755
index 0000000000..57fcd382e9
--- /dev/null
+++ b/package/network/ipv6/ipv6-support/files/firewall.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+ip6tables -N ipv6-site-border
+ip6tables -A forwarding_rule -s fc00::/7 -j ipv6-site-border
+ip6tables -A forwarding_rule -d fc00::/7 -j ipv6-site-border
+
+mkdir -p /var/etc/ipv6-firewall.d
+for i in /var/etc/ipv6-firewall.d/*; do
+	[ -f "$i" ] && . "$i"
+done
diff --git a/package/network/ipv6/ipv6-support/files/ipv6-support.defaults b/package/network/ipv6/ipv6-support/files/ipv6-support.defaults
new file mode 100644
index 0000000000..6a699a1453
--- /dev/null
+++ b/package/network/ipv6/ipv6-support/files/ipv6-support.defaults
@@ -0,0 +1,6 @@
+#!/bin/sh
+uci -q batch <<-EOF >/dev/null
+	set firewall.ipv6_support=include
+	set firewall.ipv6_support.path=/lib/ipv6/firewall.sh
+	commit firewall
+EOF
diff --git a/package/network/ipv6/ipv6-support/files/network6.config b/package/network/ipv6/ipv6-support/files/network6.config
index ce85dbe8b6..37a327f2b2 100644
--- a/package/network/ipv6/ipv6-support/files/network6.config
+++ b/package/network/ipv6/ipv6-support/files/network6.config
@@ -6,6 +6,7 @@ config interface wan
 	option request_prefix	auto
 	option prefix_fallback	relay
 	option peerdns		1	
+	option site_border	1
 
 config interface lan
 	option mode		router
diff --git a/package/network/ipv6/ipv6-support/files/support.sh b/package/network/ipv6/ipv6-support/files/support.sh
index 01efb9ed7c..14d2db6c5b 100644
--- a/package/network/ipv6/ipv6-support/files/support.sh
+++ b/package/network/ipv6/ipv6-support/files/support.sh
@@ -346,6 +346,35 @@ restart_master_relay() {
 }
 
 
+set_site_border() {
+	local network="$1"
+	local device="$2"
+
+	local fwscript="/var/etc/ipv6-firewall.d/site-border-$network.sh"
+	local chain="ipv6-site-border-$network"
+
+	if [ -n "$device" ]; then
+		local site_border
+		config_get_bool site_border "$network" site_border 0
+		[ "$site_border" == "1" ] || return
+
+		mkdir -p $(dirname "$fwscript")
+		echo "ip6tables -N $chain" > "$fwscript"
+		echo "ip6tables -F $chain" >> "$fwscript"
+		echo "ip6tables -A $chain -o $device -j REJECT --reject-with icmp6-no-route" >> "$fwscript"
+		echo "ip6tables -A $chain -i $device -j REJECT --reject-with icmp6-no-route" >> "$fwscript"
+		echo "ip6tables -A ipv6-site-border -j $chain" >> "$fwscript"
+		. "$fwscript"
+	else
+		[ -f "$fwscript" ] || return
+		rm -f "$fwscript"
+		ip6tables -D ipv6-site-border -j "$chain"
+		ip6tables -F "$chain"
+		ip6tables -X "$chain"
+	fi
+}
+
+
 disable_interface() {
 	local network="$1"
 
@@ -365,6 +394,9 @@ disable_interface() {
 
 	# Disable DHCPv6 client if enabled, state script will take care
 	stop_service /usr/sbin/odhcp6c "/var/run/ipv6-dhcpv6-$network.pid"
+
+	# Stop site-border
+	set_site_border "$network"
 }
 
 
@@ -444,6 +476,9 @@ enable_router() {
 	local router_service
 	config_get router_service global router_service
 
+	local always_default
+	config_get_bool always_default "$network" always_default 0
+
 	if [ "$router_service" == "dnsmasq" ]; then
 		local dnsmasq_opts
 		config_get dnsmasq_opts "$network" dnsmasq_opts
@@ -455,8 +490,11 @@ enable_router() {
 		echo "enable-ra" >> $conf
 		/etc/init.d/dnsmasq restart
 	else
+		local opts=""
+		[ "$always_default" == "1" ] && opts="-u"
+
 		local pid="/var/run/ipv6-router-$network.pid"
-		start_service "/usr/sbin/6relayd -S . $device" "$pid"
+		start_service "/usr/sbin/6relayd -S $opts . $device" "$pid"
 	fi
 
 	# Try relaying if necessary
@@ -531,6 +569,9 @@ enable_interface()
 	[ "$mode" == "downstream" ] && mode=router
 	[ "$mode" == "upstream" ] && mode=dhcpv6
 
+	# Enable site-border
+	[ "$mode" == "static" -o "$mode" == "dhcpv6" -o "$mode" == "6to4" -o "$mode" == "6in4" ] && set_site_border "$network" "$device"
+
 	# Run mode startup code
 	enable_static "$network" "$device"
 	[ "$mode" == "dhcpv6" ] && enable_dhcpv6 "$network" "$device"
-- 
GitLab