[Fwd: [vpnc-devel] IPv6 support in vpnc-script]

From: David Woodhouse <dwmw2 infradead org>
To: dcbw redhat com
Cc: networkmanager-list gnome org
Subject: [Fwd: [vpnc-devel] IPv6 support in vpnc-script]
Date: Wed, 11 Nov 2009 10:07:24 +0000

As I extend the vpnc <-> vpnc-script interface and ask if the vpnc folks
object, it occurs to me that I should also be asking the same question
of those who need to implement the vpnc-script side of it too, such as
NetworkManager.

We have IPv6 support in NetworkManager now, right? So extending
NetworkManager-openconnect and NetworkManager-vpnc to set up the IPv6
routing shouldn't be so hard?

-- 
dwmw2

--- Begin Message ---

From: David Woodhouse <dwmw2 infradead org>
To: vpnc-devel unix-ag uni-kl de
Subject: [vpnc-devel] IPv6 support in vpnc-script
Date: Wed, 11 Nov 2009 01:05:49 +0000

I've just added IPv6 support to OpenConnect, and hence to vpnc-script.

If anyone is planning to add IPv6 support to vpnc, feel free to shout if
you don't like the way I've done it. I don't really want vpnc and
openconnect to end up being incompatible in the way they invoke
vpnc-script.

For the IPv6 address, it assumes that it'll either be passed an address
in $INTERNAL_IP6_ADDRESS, or full address/mask in $INTERNAL_IP6_NETMASK.
It'll use the latter by preference.

Routes are handled just like the Legacy IP routes -- with
$CISCO_IPV6_SPLIT_INC giving the number of routes, and each route in
$CISCO_IPV6_SPLIT_INC_x_ADDR and $CISCO_IPV6_SPLIT_INC_x_NETMASKLEN.
We don't bother with the netmask -- it's just netmasklen.

I've left IPv6 nameservers in $INTERNAL_IP4_DNS for now, alongside the
Legacy IP nameservers. I could be persuaded to do it differently,
perhaps.

I haven't yet made it cope with the fact that the VPN gateway might be
on IPv6; it currently assumes that it'll be on Legacy IP.

Neither have I made it work on non-Linux; the IPv6 route handling
functions for non-iproute2 systems are just a stubs for now.

diff --git a/vpnc-script b/vpnc-script
index 673e8a3..9faaf00 100755
--- a/vpnc-script
+++ b/vpnc-script
@@ -105,6 +105,13 @@ do_ifconfig() {
 	if [ -n "$INTERNAL_IP4_NETMASK" ]; then
 		set_network_route $INTERNAL_IP4_NETADDR $INTERNAL_IP4_NETMASK $INTERNAL_IP4_NETMASKLEN
 	fi
+
+	# If the netmask is provided, it contains the address _and_ netmask
+	if [ -n "$INTERNAL_IP6_NETMASK" -a -n "$IPROUTE" ]; then
+		$IPROUTE -6 addr add $INTERNAL_IP6_NETMASK dev $TUNDEV
+	elif [ -n "$INTERNAL_IP6_ADDRESS" -a -n "$IPROUTE" ]; then
+		$IPROUTE -6 addr add $INTERNAL_IP6_ADDRESS/128 dev $TUNDEV
+	fi
 }
 
 destroy_tun_device() {
@@ -161,6 +168,31 @@ if [ -n "$IPROUTE" ]; then
 		$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
 		$IPROUTE route flush cache
 	}
+
+	set_ipv6_default_route() {
+		# We don't save/restore IPv6 default route; just add a higher-priority one.
+		$IPROUTE -6 route add default dev "$TUNDEV" metric 1
+		$IPROUTE -6 route flush cache
+	}
+
+	set_ipv6_network_route() {
+		NETWORK="$1"
+		NETMASKLEN="$2"
+		$IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
+		$IPROUTE route flush cache
+	}
+
+	reset_ipv6_default_route() {
+		$IPROUTE -6 route del default dev "$TUNDEV"
+		$IPROUTE route flush cache
+	}
+
+	del_ipv6_network_route() {
+		NETWORK="$1"
+		NETMASKLEN="$2"
+		$IPROUTE -6 route del "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
+		$IPROUTE -6 route flush cache
+	}
 else # use route command
 	get_default_gw() {
 		# isn't -n supposed to give --numeric output?
@@ -213,6 +245,27 @@ else # use route command
 		NETMASKLEN="$3"
 		route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS"
 	}
+
+	set_ipv6_default_route() {
+		# FIXME
+		:
+	}
+
+	set_ipv6_network_route() {
+		# FIXME
+		:
+	}
+
+	reset_ipv6_default_route() {
+		# FIXME
+		:
+	}
+
+	del_ipv6_network_route() {
+		# FIXME
+		:
+	}
+
 fi
 
 # =========== resolv.conf handling ====================================
@@ -467,11 +520,33 @@ do_connect() {
 			i=`expr $i + 1`
 		done
 		for i in $INTERNAL_IP4_DNS ; do
-			set_network_route "$i" "255.255.255.255" "32"
+			if ! echo "$i" | grep -q : ; then
+				set_network_route "$i" "255.255.255.255" "32"
+			fi
 		done
-	else
+	elif [ -n "$INTERNAL_IP4_ADDRESS" ]; then
 		set_default_route
 	fi
+	if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then
+		i=0
+		while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
+			eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}"
+			eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}"
+			if [ $NETMASKLEN -lt 128 ]; then
+				set_ipv6_network_route "$NETWORK" "$NETMASKLEN"
+			else
+				set_ipv6_default_route
+			fi
+			i=`expr $i + 1`
+		done
+		for i in $INTERNAL_IP4_DNS ; do
+			if echo "$i" | grep -q : ; then
+				set_ipv6_network_route "$i" "128"
+			fi
+		done
+	elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
+		set_ipv6_default_route
+	fi
 
 	if [ -n "$INTERNAL_IP4_DNS" ]; then
 		$MODIFYRESOLVCONF
@@ -500,6 +575,24 @@ do_disconnect() {
 	else
 		reset_default_route
 	fi
+	if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then
+		i=0
+		while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
+			eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}"
+			eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}"
+			if [ $NETMASKLEN -eq 128 ]; then
+				del_ipv6_network_route "$NETWORK" "$NETMASKLEN"
+			else
+				reset_ipv6_default_route
+			fi
+			i=`expr $i + 1`
+		done
+		for i in $INTERNAL_IP6_DNS ; do
+			del_ipv6_network_route "$i" "128"
+		done
+	else
+		reset_ipv6_default_route
+	fi
 
 	del_vpngateway_route
 


-- 
dwmw2

_______________________________________________
vpnc-devel mailing list
vpnc-devel unix-ag uni-kl de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

--- End Message ---

Follow-Ups:
- Re: [Fwd: [vpnc-devel] IPv6 support in vpnc-script]
  - From: Dan Winship

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]