#!/bin/sh
#
# network-functions-ipv6
#
#@-INF@# RedHat 6.2 + 7.x
#@-INF@#
#@-INF@# directory: /etc/sysconfig/network-scripts
#@-INF@#
#@-INF@# permissions: 644
#@-INF@#
#@-INF@# description: Several IPv6 related functions
#@-INF@#	
#@-INF@# Contents:
#@-INF@#	
#@-INF@# Wrapper functions:
#@-INF@#  ipv6_exec_ifconfig               : Wrapper for "ifconfig"
#@-INF@#  ipv6_exec_route                  : Wrapper for "route"
#@-INF@#  ipv6_exec_ip                     : Wrapper for "ip"
#@-INF@#  ipv6_exec_sysctl                 : Wrapper for "sysctl"
#@-INF@#	
#@-INF@# Worker functions:
#@-INF@#  ipv6_add_addr_on_device          : Configure an IPv6 address for a specified interface
#@-INF@#  ipv6_del_addr_on_device          : Remove an IPv6 address on a specified interface
#@-INF@#  ipv6_cleanup_device              : Remove any IPv6 addresses assigned on a specified interface and related routes
#@-INF@#	
#@-INF@#  ipv6_enable_autotunnel           : Enabling automatic tunneling
#@-INF@#  ipv6_disable_autotunnel          : Disable automatic tunneling
#@-INF@#	
#@-INF@#  ipv6_add_nbma_tunnel             : Configure a NBMA-styled IPv6 tunnel
#@-INF@#  ipv6_del_nbma_tunnel             : Remove a NBMA-styled IPv6 tunnel
#@-INF@#  ipv6_cleanup_nbma_tunnels_to_dest: Remove all IPv6 tunnels to a remote IPv4-tunnel address
#@-INF@#	
#@-INF@#  ipv6_add_tunnel_device           : Create a tunnel device (for non-NBMA-styled tunnels)	
#@-INF@#  ipv6_del_tunnel_device           : Delete a tunnel device (for non-NBMA-styled tunnels)
#@-INF@#	
#@-INF@#  ipv6_add_6to4_tunnel             : Configure a 6to4 tunnel
#@-INF@#  ipv6_del_6to4_tunnel             : Remove a 6to4 tunnel
#@-INF@#  ipv6_cleanup_6to4_tunnels        : Remove all 6to4 tunnels
#@-INF@#  ipv6_create_6to4_prefix          : Create a 6to4 prefix
#@-INF@# 	
#@-INF@#  ipv6_add_route                   : Add an IPv6 route
#@-INF@#  ipv6_del_route                   : Remove an IPv6 route
#@-INF@#  ipv6_cleanup_routes              : Remove all IPv6 gateway routes through a device
#@-INF@#	
#@-INF@#  ipv6_control_forwarding          : Control IPv6 forwarding globally (no longer in use)
#@-INF@#  
#@-INF@#  ipv6_set_mtu                     : Set IPv6 MTU for an interface
#@-INF@#  ipv6_set_default_route           : Set default route
#@-INF@#
#@-INF@#  ipv6_trigger_radvd               : Trigger radvd
#@-INF@#
#@-INF@# Test functions:
#@-INF@#  ipv6_test_addr_exists_on_device  : Test existing of IPv6 address on an interface
#@-INF@#  ipv6_test_ipv4_addr_valid        : Test an IPv4 address for validity
#@-INF@#  ipv6_test_ipv4_addr_global_usable: Test an IPv4 address for globally usable (no private or others)
#@-INF@#  ipv6_test_ipv6_addr_valid        : Test an IPv6 address for validity
#@-INF@#  ipv6_test                        : Test whether system is prepared for IPv6
#@-INF@#  ipv6_test_device_status          : Test given device for exists,up, not up
#@-INF@#  ipv6_test_route_requires_next_hop: Test whether interface needs explicit next hop for route setup
#@-INF@#  
#@-INF@# Informationals: 
#@-INF@#  getversion_ipv6_functions: Get version of file /etc/sysconfig/network-scripts/network-functions-ipv6
#@-INF@#
#@+RH7@# Taken from: network-functions-ipv6
# (P) & (C) 1997-2002 by Peter Bieringer <pb@bieringer.de>
#
# Version: 2002-01-04
#
# Extended address detection is enabled, if 'ipv6calc' is installed
#  Available here: http://www.bieringer.de/linux/IPv6/tools/index.html#ipv6calc
#
#@-RH7@# Known bugs:
#@-RH7@#  sit0 will not be automatically shutdowned, if an additional IPv6 address was manually added to this device
#@-RH7@#   To solve this issue: add hooks in "/etc/rc.d/init.d/network" to call "init.ipv6-global"
#@-RH7@#
#@-INF@#  This function libary is now explicitly GPL'ed 
#@-INF@#   http://www.gnu.org/copyleft/gpl.html (20001125, Peter Bieringer)
#@-INF@#
#@-INF@#  Suggestions, comments and improvements are welcome!
#@-INF@#
#@-INF@#  You will find more information in the IPv6-HowTo for Linux at
#@-INF@#   http://www.bieringer.de/linux/IPv6/
#@-INF@#
#@-INF@# Changes to:
#@-INF@#  20000703: initial review for new layout, based on 'functions-ip6' 2.37
#@-INF@#             only ifup/ifdown works
#@-INF@#  20000704: review ifup-ipv6-tunnel, ifdown-ipv6-tunnel
#@-INF@#  20000723: minor review
#@-INF@#  20000731: fix misnamed function "forwarding-ipv6-route" -> "forwarding-ipv6"
#@-INF@#  20000816: rename all functions names: "-" to "_"
#@-INF@#             Mauro Tortonesi <mauro@ferrara.linux.it> reports incompatiblity
#@-INF@#             problems
#@-INF@#  20001125: explicitly GPL'ed
#@-INF@#  20001215: fix a bug regarding variable name length->prefixlength in setting
#@-INF@#             up interfaces, thanks to Marcus Windisch <marcus.windisch@gmx.net>
#@-INF@#  20010201: if a tunnel interface named sit0 is requested to set up, only bring
#@-INF@#             sit0 up to life (automatic tunneling support only)
#@-INF@#            begin to mark all major debug code for fast removing via grep
#@-INF@#  20010202: Backpatch changes done in Rawhide/initscripts-5.60-1.src.rpm by others
#@-INF@#            Tag several lines for easier stripping of unnecessary lines
#@-INF@#            Enable ifup_ipv6_real/ifdown_ipv6_real to extract prefix length from
#@-INF@#             given address, if not extra specified
#@-INF@#            Network route setup on interface initialization disabled (no longer needed?)
#@-INF@#  20010203: Remove obsolete kernel 2.1.x (x < 90) code, remove some information output
#@-INF@#            Add function ifdown_ipv6_real_all, usage prevents from kernel crashing
#@-INF@#             if on shutdown one address was forgotten
#@-INF@#            Add some "prevent of kernel crashing" airbags and duplicate configurations
#@-INF@#  20010205: Start interface, if down (for an IPv6 only configuration)
#@-INF@#             hint by Robert.Wachinger@icn.siemens.de
#@-INF@#  20010207: Change from direct writing to /proc to sysctl
#@-INF@#             Implement some rawhide fixes
#@-INF@#  20010208: Remove backward compatiblity for extra given prefix length
#@-INF@#            Remove no longer used routing setup on interfaces
#@-INF@#            Implement additional rawhide fixes
#@-INF@#  20010219: Cosmetic fix (remove a "!" on an echo output)
#@-INF@#  20010222: Fix variable names to prevent overwriting on nested function calls
#@-INF@#             in ifdown_ipv6_real_all, forwarding_ipv6
#@-INF@#  20010225: Extend address detection with external tool "ipv6addrshorter", if available
#@-INF@#  20010227: Because grepping in ifconfig output is not nice and perhaps depending on
#@-INF@#             international settings, the address detection now uses a new tool called
#@-INF@#             'ipv6calc', available here: http://www.bieringer.de/linux/IPv6/tools/index.html#ipv6calc
#@-INF@#             and grep /proc/net/if_inet6
#@-INF@#            On fallback mode (no 'ipv6calc' available) now using LC_ALL=C
#@-INF@#             credits for this hint to Pekka Savola <pekkas@netcore.fi>
#@-INF@#  20010302: Cleanup some cat/grep combinations
#@-INF@#            fix all net-tools commands for used with grep to LC_ALL=C
#@-INF@#            Clean up some "'" on echo
#@-INF@#  20010303: Address grepping use now "-i"
#@-INF@#            Looking for "ipv6calc" does no longer display "which" output of stderr
#@-INF@#            Add minor debugging code
#@-INF@#  20010303a:Detect routing setup issues (SIOCADDRT, SIOCDELRT) and handle them
#@-INF@#  20010303b:Add ifdown_ipv6_tunnel_all to shutdown all tunnels per device
#@-INF@#            Fix ifdown_ipv6_autotunnel (improved detection of existing tunnels)
#@-INF@#  20010303c:Run some checks on ipv6calc to prove expected working
#@-INF@#  20010304 :Add on ifdown_ipv6_tunnel_all a call to ifdown_ipv6_autotunnel
#@-INF@#  20010304a:Add 6to4 support
#@-INF@#  20010309 :Review 6to4 support, fix minor bugs
#@-INF@#            Add support for "ip" instead of NBMA-style for creating tunnels
#@-INF@#  20010310 :Cleanup for RH7 (line tagging)
#@-INF@#  20010310a:Cleanup for RH7 (line tagging)
#@-INF@#  20010310b:Add "ifdown_ipv6_route_all", cosmetic cleanups
#@-INF@#  20010312 :Add loopback address test on "testipv4_globalusable", add TTL for "ip tunnel" (really needed)
#@-INF@#  20010312a:Cosmetic fixes
#@-INF@#  20010313 :Cosmetic cleanup (remove "function" labels - not needed), add "-n" on "route" if output is grepped
#@-INF@#  20010315 :Add "ifdown_ipv6to4_all" to remove all applied 6to4 addresses
#@-INF@#  20010317 :Add "getversion_ipv6_functions" to get a version control capability for the future
#@-INF@#           :Review return code handling, add tests of addresses and configure results to prevent troubles
#@-INF@#           :More use of sub-function calls instead of direct command execution
#@-INF@#  20010317a:Change "create6to4address" to create6to4prefix
#@-INF@#  20010317a:"ifup_ipv6to4" can get an optional suffix (default: "1")
#@-INF@#  20010317b:Add a test whether "ip tunnel add" has worked
#@-INF@#  20010317c:Fix bad bug in low budget test in "testipv6_valid"
#@-INF@#  20010317d:Speedup duplicate remote IPv4 addresses on "ifup_ipv6_tunneldev"
#@-INF@#  20010417 :Spelling cleanups, remove usage information
#@-INF@#           :Remove "skip interface lo" code (perhaps dedicated configuration is needed sometimes)
#@-INF@#  20010417b:Fix comments
#@-INF@#  20010429 :Cosmetic review
#@-INF@#  20010430 :Cosmetic review
#@-INF@#  20010430a:Add optional option "testonly" for "test_ipv6"
#@-INF@#           :Change from "ifconfig" to "ip" if parsing output
#@-INF@#  20010501 :Adapt forwarding control to kernel behavior (only global switch is used)
#@-INF@#  20010505 :Add "exists IPv6 in proc" test
#@-INF@#            Add some sysctls for tunnel interfaces
#@-INF@#  20010507 :Remove double sysctls for 6to4 tunnel
#@-INF@#  20010511 :"forwarding_ipv6" should be no longer used (because of different behavior 'per interface'/'all')
#@-INF@#  20010519 :Remove setting of *.router_solicitations in proc 
#@-INF@#  20010520 :Cleanup some code by using "ip", adjust code for tabsize 8 (still not all)
#@-INF@#  20010520a:Add addtional tests on tunnel shutdown (not sit0)
#@-INF@#  20010520b:Cosmetic and minor fixes
#@-INF@#  20010522 :Add some forgotten debug code, pipe some output to /dev/null
#@-INF@#  20010522d:Cosmetic fixes
#@-INF@#  20010614a:Minor cosmetic fix
#@-INF@#  20010615 :Cosmetic fixes
#@-INF@#  20010707 :Change 6to4 setup prefix length from 48 (wrong) to 16 (well)
#@-INF@#  20010715 :Minor review, triggered by Pekka Savola
#@-INF@#  20010715a:Minor review, triggered by Pekka Savola
#@-INF@#  20010717 :Add function "ipv6_set_mtu"
#@-INF@#  20010717a:Change mechanism of mtu change to sysctl
#@-INF@#  20010718 :Minor RHL tagging
#@-INF@#  20010730 :Typo fixes, triggered by RHL
#@-INF@#            enable use of local IPv4 address for "ifup_ipv6_tunneldev", triggered by <kad # blackcatlinux.com>
#@-INF@#  20010731 :Another cosmetic fix, triggered by Pekka Savola, add some LC_ALL=C
#@-INF@#  20010806 :Direct stderr output of "ip tunnel" to /dev/null
#@-INF@#  20010815 :Add new function "ipv6_set_default_gateway", "ipv6_test_route_requires_next_hop"
#@-INF@#           :Began to rename some functions (wrappers for old names will be still there) to clear up names
#@-INF@#  20010818 :Fix call parameters in wrapper functions, some minor fixes regarding the default route functions
#@-INF@#  20010828 :Cosmetic fix (triggered by RH)
#@-INF@#  20010828a:Change default route from ::/0 to 2000::/3 until kernel supports it
#@-INF@#  20011124 :Catch error if device doesn't exist, minor renaming, minor cleanups
#@-INF@#  20011124c:Rename all functions to start with "ipv6_"
#@-INF@#  20011220 :Add "ipv6_create_6to4_prefix" in contents, remove RHL tags from IPv4 test functions (needed now really by 6to4 setup)
#@-INF@#  20020101 :Add some wrapper functions and add logging capability for each network configuration step, reorder debug code
#@-INF@#           :Add support for dedicated 6to4 tunnel device
#@-INF@#  20020102 :"ipv6_add_addr_on_device" uses prefix length '64' as default if missing
#@-INF@#  20020103a:Some RHL7 tagging and minor review
#@-INF@#  20020104 :Rename radvd message on missing pidfile, finnish debug message format

# Filter tags (for stripping, empty lines following here if all is stripped) #@-INF@#
#  #@-DEB@#  : Additional debug code
#  #@-INF@#  : Additional information
#  #@-RH7@#  : Not necessary for RedHat 7.x
#  #@+RH7@#  : Necessary for RedHat 7.x

#@-DEB@# This libary can be debugged easily, see following example
#@-DEB@#   export DEBUG_IPV6=256; ./ip-up.ipv6to4 ppp0
#@-DEB@#  output can be filtered, e.g. all executed commands will be show using
#@-DEB@#   export DEBUG_IPV6=256; ./ip-up.ipv6to4 ppp0 | grep "^EXE:"
#@-DEB@#
#@-DEB@# DEBUG_IPV6 &   1: "set -x" mode
#@-DEB@# DEBUG_IPV6 &   2: prevents from executing any network configuration
#@-DEB@# DEBUG_IPV6 &   4: shows messages in the test section
#@-DEB@# DEBUG_IPV6 &   8: address exists test
#@-DEB@# DEBUG_IPV6 &  16: ipv6_del_any_addr_on_device
#@-DEB@# DEBUG_IPV6 &  32: skip "ip*calc" exists test (simulate low budget tests)
#@-DEB@# DEBUG_IPV6 &  64: address tests
#@-DEB@# DEBUG_IPV6 & 128: 6to4
#@-DEB@# DEBUG_IPV6 & 256: display what will be executed
#@-DEB@# Hint: you can set the debug value for one command only like "export DEBUG_IPV6=1; command parameters"

#DEBUG_IPV6=$[ 65535 - 1 -2  -4 -8 -16 -32 -64 -128]								#@-DEB@#
#DEBUG_IPV6=0													#@-DEB@#
#DEBUG_IPV6=32 													#@-DEB@#
#DEBUG_IPV6=33 													#@-DEB@#
#DEBUG_IPV6=$[ 8	+ 32 ]											#@-DEB@#
#DEBUG_IPV6=2													#@-DEB@#
#DEBUG_IPV6=64													#@-DEB@#
#DEBUG_IPV6=1													#@-DEB@#
#DEBUG_IPV6=256													#@-DEB@#

[ -z "$DEBUG_IPV6" ]  && DEBUG_IPV6=0										#@-DEB@#

# Return values
#  0 = ok
#  1 = error occurs
#  2 = not enabled, i.e. no IPv6 kernel support or switched off by configuration

##### Test for "ipv6calc" (used for better existing address detection)
EXISTS_ipv6calc=no	
if [ $[ $DEBUG_IPV6 & 32 ] = 0 ]; then										#@-DEB@#
	if which ipv6calc >/dev/null 2>&1; then
		# do checks, whether ipv6calc does what was expected							#@-RH7@#
		if ipv6calc --if_inet62addr 3ffe04000100f1010000000000000001 40 | LC_ALL=C grep -q -v '3ffe:400:100:f101::1/64'; then
			false
			echo $"Binary 'ipv6calc' does not expected converions, please check installed version (check 1)!"	#@-RH7@#
		elif ipv6calc --addr2if_inet6 3ffe:400:100::1/64 | LC_ALL=C grep -q -v '3ffe0400010000000000000000000001 00 40'; then
			false
			echo $"Binary 'ipv6calc' does not expected converions, please check installed version (check 2)!"	#@-RH7@#
		else
			EXISTS_ipv6calc=yes
		fi
	else
		echo $"Binary 'ipv6calc' doesn't exist, existing address detection is not extended!"			#@-RH7@#
		false
	fi
else														#@-DEB@#
	echo $"'ipv6calc' exists test is skipped for debugging purposes"					#@-DEB@#
fi														#@-DEB@#

##### Test for "ipcalc" (used for private IPv4 address detection in 6to4 setup)						#@-RH7@#
EXISTS_ipcalc=no													#@-RH7@#	
if [ $[ $DEBUG_IPV6 & 32 ] = 0 ]; then										#@-DEB@##@-RH7@#
	if which ipcalc >/dev/null 2>&1; then										#@-RH7@#
		# do checks, whether ipv6calc does what was expected							#@-RH7@#
		if ipcalc --network 192.168.1.1 255.255.0.0 | LC_ALL=C grep -q -v 'NETWORK=192.168.0.0'; then			#@-RH7@#
			false												#@-RH7@#
			echo $"Binary 'ipcalc' does not expected converions, please check installed version!"		#@-RH7@#
		else													#@-RH7@#
			EXISTS_ipcalc=yes										#@-RH7@#
		fi													#@-RH7@#
	else														#@-RH7@#
		false													#@-RH7@#
		echo $"Binary 'ipcalc' doesn't exist, private IPv4 address detection is not extended!"			#@-RH7@#
	fi														#@-RH7@#
else														#@-DEB@##@-RH7@#
	echo $"'ipcalc' exists test is skipped for debugging purposes"						#@-DEB@##@-RH7@#
fi														#@-DEB@##@-RH7@#

##### Test for IPv6 capabilites
# $1: (optional) testflag: currently supported: "testonly" (do not load a module)
ipv6_test() {
	local fn="ipv6_test"

	local testflag=$1

	[ $[ $DEBUG_IPV6 & 4 ] = 0 ] || echo $"Tests for IPv6" 							#@-DEB@# 

	# Test for IPv6 enabled kernel											#@-RH7@#
	[ $[ $DEBUG_IPV6 & 4 ] = 0 ] || echo -n $"Test kernel for IPv6..."					#@-DEB@#

	if ! [ -f /proc/net/if_inet6 ]; then
		if [ "$testflag" = "testonly" ]; then
			return 2
		else
			echo $"WARN: [$fn] Did not find IPv6 in kernel, trying to load module"				#@-RH7@#
			modprobe ipv6
	
			if ! [ -f /proc/net/if_inet6 ]; then
				if ! [ $[ $DEBUG_IPV6 & 4 ] = 0 ] ; then					#@-DEB@#
					echo $"ERR:  [$fn] Not compiled for IPv6 - stop!"			#@-DEB@#
				else										#@-DEB@#
					echo $"ERR:  [$fn] Kernel is not compiled with IPv6 support"
				fi										#@-DEB@#
				return 2
			fi
		fi
	else													#@-DEB@#
		[ $[ $DEBUG_IPV6 & 4 ] = 0 ] || echo $"Ok!"							#@-DEB@#
	fi

	if [ ! -d /proc/sys/net/ipv6/conf/ ]; then
		# IPv6 related proc directory doesn't exist 								#@-RH7@#
		return 2
	fi

	# Test for IPv6 enabled needed binaries										#@-RH7@#
	[ $[ $DEBUG_IPV6 & 4 ] = 0 ] || echo -n $"Test binaries for IPv6 capability..."				#@-DEB@##@-RH7@#
															#@-RH7@#
	if ! LC_ALL=C ifconfig -? 2>&1 | LC_ALL=C grep -q "(IPv6)"; then						#@-RH7@#
		echo $"'`which ifconfig`' (net-tools) not compiled for IPv6 - stop!"					#@-RH7@#
		return 2												#@-RH7@#
	fi														#@-RH7@#
															#@-RH7@#
	if ! LC_ALL=C route -? 2>&1 | LC_ALL=C grep -q "(IPv6)"; then							#@-RH7@#
		echo $"'`which route`' (net-tools) not compiled for IPv6 - stop!"					#@-RH7@#
		return 2												#@-RH7@#
	fi														#@-RH7@#

	if ! which ip 2>&1 >/dev/null; then
		echo $"Utility 'ip' (from the iproute package) doesn't exist or isn't executable - non-NBMA-styled tunneling setup won't work!"
		return 2													
	else														#@-RH7@#
		if ! LC_ALL=C ip 2>&1 | LC_ALL=C grep -q "inet6"; then							#@-RH7@#
			echo $"'`which ip`' (iproute) not compiled for IPv6 - stop!"					#@-RH7@#
			return 2											#@-RH7@#
		fi													#@-RH7@#
	fi

	[ $[ $DEBUG_IPV6 & 4 ] = 0 ] || echo $"Ok!"								#@-DEB@#
	
	# Info about executing											#@-DEB@#
	[ $DEBUG_IPV6 -gt 0 ]  && echo $"DEB: [$fn] Libary 'network-functions-ipv6' is executed in DEBUG_IPV6 mode: $DEBUG_IPV6"	#@-DEB@#
	return 0
}


##### Get version of this function libary
getversion_ipv6_functions() {
	local version_ipv6_functions="`cat /etc/sysconfig/network-scripts/network-functions-ipv6 | LC_ALL=C grep "^# Version:" | awk '{ print $3 }' | sed 's/-//g' | sed 's/[A-Za-z]*$//g'`"
	echo $version_ipv6_functions
}


##### Wrapper for used binaries
## ifconfig
ipv6_exec_ifconfig() {
	local options=$*

	if [ $[ $DEBUG_IPV6 & 256 ] != 0 ]; then								#@-DEB@#
		echo "EXE: ifconfig $options" >/dev/stderr							#@-DEB@#
	fi													#@-DEB@#

	if [ $[ $DEBUG_IPV6 & 2 ] != 0 ] ; then									#@-DEB@#
		echo "DRY: ifconfig $options" >/dev/stderr							#@-DEB@#
		return 0											#@-DEB@#
	fi													#@-DEB@#
	
	LC_ALL=C ifconfig $options
	return $?
}

## route
ipv6_exec_route() {
	local options=$*

	if [ $[ $DEBUG_IPV6 & 256 ] != 0 ]; then								#@-DEB@#
		echo "EXE: route $options" >/dev/stderr								#@-DEB@#
	fi													#@-DEB@#

	if [ $[ $DEBUG_IPV6 & 2 ] != 0 ] ; then									#@-DEB@#
		echo "DRY: route $options" >/dev/stderr								#@-DEB@#
		return 0											#@-DEB@#
	fi													#@-DEB@#

	LC_ALL=C route $options
	return $?
}

## ip
ipv6_exec_ip() {
	local options=$*

	if [ $[ $DEBUG_IPV6 & 256 ] != 0 ]; then								#@-DEB@#
		echo "EXE: ip $options" >/dev/stderr								#@-DEB@#
	fi													#@-DEB@#

	if [ $[ $DEBUG_IPV6 & 2 ] != 0 ] ; then									#@-DEB@#
		echo "DRY: ip $options" >/dev/stderr								#@-DEB@#
		return 0											#@-DEB@#
	fi													#@-DEB@#

	LC_ALL=C ip $options
	return $?
}

## sysctl
ipv6_exec_sysctl() {
	local options=$*

	if [ $[ $DEBUG_IPV6 & 256 ] != 0 ]; then								#@-DEB@#
		echo "EXE: sysctl $options" >/dev/stderr							#@-DEB@#
	fi													#@-DEB@#

	if [ $[ $DEBUG_IPV6 & 2 ] != 0 ] ; then									#@-DEB@#
		echo "DRY: sysctl $options" >/dev/stderr							#@-DEB@#
		return 0											#@-DEB@#
	fi													#@-DEB@#

	LC_ALL=C sysctl "$options"
	return $?
}


##### Control IPv6 forwarding

# Control IPv6 forwarding
#  $1: control [yes|no|on|off]
#  $2: network device (if not given, global IPv6 forwarding is set) [OBSOLETE]
ipv6_control_forwarding() {
	local fn="ipv6_control_forwarding"

	local fw_control=$1
	local fw_device=$2		# maybe empty

	if [ -z "$fw_control" ]; then
		echo $"ERR:  [$fn] Missing parameter 'forwarding control' (arg 1)"
		return 1
	fi

	if ! [ "$fw_control" = "yes" -o "$fw_control" = "no" -o "$fw_control" = "on" -o "$fw_control" = "off" ]; then
		echo $"ERR:  [$fn] Don't understand forwarding control parameter '$fw_control' (arg 1)"
		return 1
	fi
	
	# Run IPv6 test													#@-RH7@#
	ipv6_test || return 2   

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set -x									#@-DEB@#

	if [ "$fw_control" = "yes" -o "$fw_control" = "on" ]; then
		local status=1
		local string="enabled"											#@-RH7@#
	else
		local status=0
		local string="disabled"											#@-RH7@#
	fi

	# Global control? (if no device is given)
	if [ -z "$fw_device" ]; then
		echo $"INF:  [$fn] IPv6 forwarding is now globally '$string'"						#@-RH7@#
		ipv6_exec_sysctl -w net.ipv6.conf.all.forwarding=$status >/dev/null
	fi
	
	# Per device control (not implemented in kernel)
	if [ ! -z "$fw_device" ]; then
		echo $"WARN: [$fn] IPv6 forwarding per device cannot be controlled via sysctl - use netfilter6 instead!"
	fi
	
	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set +x									#@-DEB@#
}


##### Static IPv6 route configuration

# Set static IPv6 route
#  $1: IPv6 network to route
#  $2: IPv6 gateway over which $1 should be routed (if "::", gw will be skipped)
#  $3: Interface (optional)
ipv6_add_route() {
	local fn="ipv6_add_route"

	local networkipv6=$1
	local gatewayipv6=$2
	local device=$3		# maybe empty

	if [ -z "$networkipv6" ]; then
		echo $"ERR:  [$fn] Missing parameter 'IPv6-network' (arg 1)"
		return 1
	fi

	if [ -z "$gatewayipv6" ]; then
		echo $"ERR:  [$fn] Missing parameter 'IPv6-gateway' (arg 2)"
		return 1
	fi

	# Run IPv6 test													#@-RH7@#
	ipv6_test || return 2   

	# Test, whether given IPv6 address is valid									#@-RH7@#
	ipv6_test_ipv6_addr_valid $networkipv6 || return 2
	ipv6_test_ipv6_addr_valid $gatewayipv6 || return 2

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set -x									#@-DEB@#
	
	if [ -z "$device" ]; then
		echo $"INF:  [$fn] Add IPv6 route '$networkipv6' gateway '$gatewayipv6'"					#@-RH7@#
		ipv6_exec_route -A inet6 add $networkipv6 gw $gatewayipv6
	else
		if [ "$gatewayipv6" = "::" ]; then
			echo $"INF:  [$fn] Add IPv6 route '$networkipv6' device '$device'"				#@-RH7@#
			ipv6_exec_route -A inet6 add $networkipv6 dev $device
		else
			echo $"INF:  [$fn] Add IPv6 route '$networkipv6' gateway '$gatewayipv6' device '$device'"	#@-RH7@#
			ipv6_exec_route -A inet6 add $networkipv6 gw $gatewayipv6 dev $device
		fi
	fi

	if [ $? -eq 7 ]; then
		# "SIOCADDRRT: File exists"
		true
		echo $"INF:  [$fn] Route already exists - skip"								#@-RH7@#
	elif [ $? -ne 0 ]; then
		return 2
	fi

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set +x									#@-DEB@#
	return 0
}

# Delete a static IPv6 route
#  $1: IPv6 network to route
#  $2: IPv6 gateway over which $1 should be routed (if "::", gw will be skipped)
#  $3: Interface (optional)
ipv6_del_route() {
	local fn="ipv6_del_route"

	local networkipv6=$1
	local gatewayipv6=$2
	local device=$3		# maybe empty

	if [ -z "$networkipv6" ]; then
		echo $"ERR:  [$fn] Missing parameter 'IPv6-network' (arg 1)"
		return 1
	fi

	if [ -z "$gatewayipv6" ]; then
		echo $"ERR:  [$fn] Missing parameter 'IPv6-gateway' (arg 2)"
		return 1
	fi

	# Run IPv6 test													#@-RH7@#
	ipv6_test || return 2

	# Test, whether given IPv6 address is valid	
	ipv6_test_ipv6_addr_valid $networkipv6 || return 2
	ipv6_test_ipv6_addr_valid $gatewayipv6 || return 2

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set -x									#@-DEB@#
	
	if [ -z "$device" ]; then
		echo $"INF:  [$fn] Delete IPv6 route '$networkipv6' gateway '$gatewayipv6'"				#@-RH7@#
		ipv6_exec_route -A inet6 del $networkipv6 gw $gatewayipv6
	else
		if [ "$gatewayipv6" = "::" ]; then
		    	echo $"INF:  [$fn] Delete IPv6 route '$networkipv6' device '$device'"				#@-RH7@#
			ipv6_exec_route -A inet6 del $networkipv6 dev $device
		else
		    	echo $"INF:  [$fn] Delete IPv6 route '$networkipv6' gateway '$gatewayipv6' device '$device'"	#@-RH7@#
			ipv6_exec_route -A inet6 del $networkipv6 gw $gatewayipv6 dev $device
		fi
	fi

	if [ $? -eq 7 ]; then
		# "SIOCADDRRT: File exists"
		true
		echo $"INF:  [$fn] Route '$networkipv6 gw $gatewayipv6 dev $device' doesn't exist"			#@-RH7@#
	elif [ $? -ne 0 ]; then
		return 2
	fi

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set +x									#@-DEB@#
	return 0
}

# Delete all static IPv6 routes through a given interface
#  $1: Interface
#  $2: Gateway match (optional)
ipv6_cleanup_routes() {
	local fn="ipv6_cleanup_routes"

	local device=$1
	local gatewaymatch=$2

	if [ -z "$device" ]; then
		echo $"ERR:  [$fn] Missing parameter 'device' (arg 1)"
		return 1
	fi

	# Run IPv6 test													#@-RH7@#
	ipv6_test || return 2   

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set -x									#@-DEB@#

	# Get all IPv6 routes through given interface and remove them
	ipv6_exec_route -A inet6 -n | LC_ALL=C grep "$device\W*$" | while read ipv6net nexthop flags metric ref use iface args; do
		if [ "$iface" = "$device" ]; then
			if [ ! -z "$gatewaymatch" ]; then
				# Test if given gateway matches
				if [ "$gatewaymatch" != "$nexthop" ]; then
					# No match, take next								#@-RH7@#
					continue
				fi
			fi
			# Only non addrconf (automatic installed) routes should be removed
			if echo $flags | LC_ALL=C grep -v -q "A"; then
    				echo $"INF:  [$fn] Delete IPv6 route '$ipv6net' gateway '$nexthop' device '$iface'"	#@-RH7@#
				ipv6_exec_route -A inet6 del $ipv6net gw $nexthop dev $iface
			fi
		fi
	done

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set +x									#@-DEB@#
}


##### automatic tunneling configuration

## Configure automatic tunneling up
ipv6_enable_autotunnel() {
	local fn="ipv6_enable_autotunnel"

	# Run IPv6 test													#@-RH7@#
	ipv6_test || return 2 

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set -x									#@-DEB@#

	# enable IPv6-over-IPv4 tunnels
	if ipv6_test_device_status sit0; then
		# already up, do nothing										#@-RH7@#
		true
	else
		# bring up basic tunnel device
	    	echo $"INF:  [$fn] Bring up basic tunnel device 'sit0'"							#@-RH7@#
		ipv6_exec_ifconfig sit0 up

		if [ $[ $DEBUG_IPV6 & 2 ] != 0 ] ; then								#@-DEB@#
			# Test, whether "up" has worked									#@-RH7@#
			if ! ipv6_test_device_status sit0; then
				echo $"ERR:  [$fn] Tunnel device 'sit0' enabling didn't work!"
				return 2
			fi
		fi												#@-DEB@#

		# Set sysctls proper (regardless "default")
		ipv6_exec_sysctl -w net.ipv6.conf.sit0.forwarding=1 >/dev/null
		ipv6_exec_sysctl -w net.ipv6.conf.sit0.accept_ra=0 >/dev/null
		ipv6_exec_sysctl -w net.ipv6.conf.sit0.accept_redirects=0 >/dev/null
	fi
	
	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set +x									#@-DEB@#
	return 0
}


## Configure automatic tunneling down
ipv6_disable_autotunnel() {
	local fn="ipv6_disable_autotunnel"

	# Run IPv6 test													#@-RH7@#
	ipv6_test || return 2

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] ||	set -x									#@-DEB@#

	if ipv6_test_device_status sit0; then
		# still up?												#@-RH7@#

		# disable IPv6-over-IPv4 tunnels (if a tunnel is no longer up)
		if ipv6_exec_route -A inet6 -n | LC_ALL=C grep "sit0\W*$" | awk '{ print $2 }' | LC_ALL=C grep -v -q "^::$"; then
			# still existing routes, skip shutdown of sit0
			true
		elif ipv6_exec_ip addr show dev sit0 | LC_ALL=C grep inet6 | awk '{ print $2 }' | LC_ALL=C grep -v -q '^::'; then
			# still existing IPv6 addresses, skip shutdown of sit0
			true
		else
			# take down basic tunnel device
			# Set sysctls proper 										#@-RH7@#
			ipv6_exec_sysctl -w net.ipv6.conf.sit0.forwarding=0 >/dev/null
			ipv6_exec_sysctl -w net.ipv6.conf.sit0.accept_ra=0 >/dev/null
			ipv6_exec_sysctl -w net.ipv6.conf.sit0.accept_redirects=0 >/dev/null
			
			echo $"INF:  [$fn] Bring down basic tunnel device 'sit0'"					#@-RH7@#
			ipv6_exec_ifconfig sit0 down

			if [ $[ $DEBUG_IPV6 & 2 ] = 0 ] ; then							#@-DEB@#
				# Test, whether "down" has worked							#@-RH7@#
				if ipv6_test_device_status sit0; then
					echo $"ERR:  [$fn] Tunnel device 'sit0' is still up!"
					return 2
				fi
			fi											#@-DEB@#
		fi
	fi

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set +x									#@-DEB@#
	return 0
}	


##### static NBMA-styled tunnel configuration

## Configure static tunnels up
#  $1: Interface (not needed - dummy)
#  $2: IPv4 address of foreign tunnel
#  $3: IPv6 route through this tunnel
ipv6_add_nbma_tunnel() {
	local fn="ipv6_add_nbma_tunnel"

	local device=$1
	local addressipv4tunnel=$2
	local routeipv6=$3

	if [ -z "$device" ]; then
		echo $"ERR:  [$fn] Missing parameter 'device' (arg 1)"
		return 1
	fi

	if [ -z "$addressipv4tunnel" ]; then
		echo $"ERR:  [$fn] Missing parameter 'IPv4-tunnel address' (arg 2)"
		return 1
	fi

	if [ -z "$routeipv6" ]; then
		echo $"ERR:  [$fn] Missing parameter 'IPv6-route' (arg 3)"
		return 1
	fi

	# Run IPv6 test													#@-RH7@#
	ipv6_test || return 2

	# Test, whether given IPv4 address is valid									#@-RH7@#
	ipv6_test_ipv4_addr_valid $addressipv4tunnel || return 2							#@-RH7@#

	# Test, whether given IPv6 address is valid	
	ipv6_test_ipv6_addr_valid $routeipv6 || return 2
	
	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set -x									#@-DEB@#

	# enable general IPv6-over-IPv4 tunneling
	ipv6_enable_autotunnel
	if [ $? -ne 0 ]; then
		return 2
	fi
	
	echo $"INF:  [$fn] Add NBMA-styled tunnel for '$routeipv6' to remote endpoint '$addressipv4tunnel' (virtual tunnel '$device')"	#@-RH7@#
 	# Set up a tunnel
	ipv6_add_route $routeipv6 ::$addressipv4tunnel sit0
	if [ $? -ne 0 ]; then
		local retval=2
	else
		local retval=0
	fi

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set +x									#@-DEB@#
	return $retval
}	


## Configure static tunnels down
#  $1: Interface (not used - dummy)
#  $2: IPv4 address of foreign tunnel
#  $3: IPv6 route through this tunnel
ipv6_del_nbma_tunnel() {
	local fn="ipv6_del_nbma_tunnel"

	local device=$1
	local addressipv4tunnel=$2
	local routeipv6=$3

	if [ -z "$device" ]; then
		echo $"ERR:  [$fn] Missing parameter 'device' (arg 1)"
		return 1
	fi

	if [ -z "$addressipv4tunnel" ]; then
		echo $"ERR:  [$fn] Missing parameter 'IPv4-tunnel address' (arg 2)"
		return 1
	fi

	if [ -z "$routeipv6" ]; then
		echo $"ERR:  [$fn] Missing parameter 'IPv6-route' (arg 3)"
		return 1
	fi

	# Run IPv6 test													#@-RH7@#
	ipv6_test || return 2

	# Test, whether given IPv4 address is valid									#@-RH7@#
	ipv6_test_ipv4_addr_valid $addressipv4tunnel || return 2							#@-RH7@#

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] ||	set -x									#@-DEB@#

	echo $"INF:  [$fn] Delete NBMA-styled tunnel for '$routeipv6' to remote endpoint '$addressipv4tunnel' (virtual tunnel '$device')"	#@-RH7@#
	# Delete a NBMA-styled tunnel
	ipv6_del_route $routeipv6 ::$addressipv4tunnel sit0
	if [ $? -ne 0 ]; then
		local retval=2
	else
		local retval=0
	fi

	# disable IPv6-over-IPv4 tunneling (if this was the last tunnel)
	ipv6_disable_autotunnel

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set +x									#@-DEB@#
	return $retval
}	


## Remove all IPv6 tunnels for a given tunnel endpoint
#  $1: Interface (not used - dummy)
#  $2: IPv4-tunnel address 
ipv6_cleanup_nbma_tunnels_to_dest() {
	local fn="ipv6_cleanup_nbma_tunnels_to_dest"

	local device=$1
	local tunnelv4=$2

	if [ -z "$device" ]; then
		echo $"ERR:  [$fn] Missing parameter 'device' (arg 1)"
		return 1
	fi

	if [ -z "$tunnelv4" ]; then
		echo $"ERR:  [$fn] Missing parameter 'IPv4-tunnel address' (arg 2)"
		return 1
	fi

	# Run IPv6 test													#@-RH7@#
	ipv6_test || return 2

	# Test, whether given IPv4 address is valid									#@-RH7@#
	ipv6_test_ipv4_addr_valid $tunnelv4 || return 2								#@-RH7@#

	# Get all IPv6 routes through given interface and remove them
	ipv6_exec_route -A inet6 -n | LC_ALL=C grep "::$tunnelv4" | while read ipv6net nexthop flags metric ref use iface args; do
		if [ "::$tunnelv4" = "$nexthop" ]; then
			if echo $flags | LC_ALL=C grep -v -q "A"; then
				# Only non addrconf (automatic installed) routes should be removed
				 ipv6_del_nbma_tunnel $device $tunnelv4 $ipv6net
			fi
		fi
	done

	# disable IPv6-over-IPv4 tunneling (if this was the last tunnel)
	ipv6_disable_autotunnel
	return 0
}


##### Test, whether an IPv6 address exists on an interface
# $1: Device for testing
# $2: Address to test (without prefix)
# $3: Prefix of address $2
# return values: 1:problem, 10:not exists, 11:exits
ipv6_test_addr_exists_on_device() {
	local fn="ipv6_test_addr_exists_on_device"

	local testdevice=$1
	local testaddr=$2
	local testprefix=$3

	if [ -z "$testdevice" ]; then
		echo $"ERR:  [$fn] Missing parameter 'device' (arg 1)"
		return 1
	fi
	if [ -z "$testaddr" ]; then
		echo $"ERR:  [$fn] Missing parameter 'IPv6 address to test' (arg 2)"
		return 1
	fi
	if [ -z "$testprefix" ]; then
		echo $"ERR:  [$fn] Missing parameter 'IPv6 address prefix length' (arg 3)"
		return 1
	fi

	[ $[ $DEBUG_IPV6 & 8 ] = 0 ] || echo $"DEB: [$fn] Called with device '$testdevice', addr '$testaddr', prefixlength '$testprefix'"	#@-DEB@#

	if [ "$EXISTS_ipv6calc" = "yes" ]; then
		# Using ipv6calc and compare against /proc/net/if_inet6

		[ $[ $DEBUG_IPV6 & 8 ] = 0 ] || echo $"DEB: [$fn] Convert address '$testaddr/$testprefix'"		#@-DEB@#
		local convertresult="`ipv6calc --addr2if_inet6 $testaddr/$testprefix`"
		[ $[ $DEBUG_IPV6 & 8 ] = 0 ] || echo $"DEB: [$fn] Result '$convertresult'"				#@-DEB@#

		# Split in address, scope and prefix length
		local test_addr="`echo $convertresult | awk '{ print $1 }'`"
		local test_scope="`echo $convertresult | awk '{ print $2 }'`"
		local test_prefixlength="`echo $convertresult | awk '{ print $3 }'`"
		[ $[ $DEBUG_IPV6 & 8 ] = 0 ] || echo $"DEB: [$fn] Splitted into (all hex values) address '$test_addr', scope '$test_scope', prefixlength '$test_prefixlength'"					#@-DEB@#

		if [ -z "$test_prefixlength" ]; then
			local testresult="`LC_ALL=C grep "$test_addr .. .. $test_scope .." /proc/net/if_inet6 | LC_ALL=C grep $testdevice$`"
		else
			local testresult="`LC_ALL=C grep "$test_addr .. $test_prefixlength $test_scope .." /proc/net/if_inet6 | LC_ALL=C grep $testdevice$`"
		fi
		[ $[ $DEBUG_IPV6 & 8 ] = 0 ] || echo $"DEB: [$fn] Exist test: '$testresult'"				#@-DEB@#
		if [ ! -z "$testresult" ]; then
			return 11
		else
			return 10
		fi
	else
		# low budget version, only works if given address is in equal form like "ip" displays
		local testresult="`ipv6_exec_ip addr show dev $testdevice | LC_ALL=C grep inet6 | awk '{ print $2 }' | LC_ALL=C grep -i "^$testaddr/$testprefix$"`"
		[ $[ $DEBUG_IPV6 & 8 ] = 0 ] || echo $"DEB: [$fn] Exist test: '$testresult'"				#@-DEB@#
		if [ ! -z "$testresult" ]; then
			return 11
		else
			return 10
		fi
	fi
}

##### Interface configuration

## Add an IPv6 address for given interface
#  $1: Interface 
#  $2: IPv6 address
# Return codes: 0=ok 1=parameter problem 2=device problem
ipv6_add_addr_on_device() {
	local fn="ipv6_add_addr_on_device"

	local device=$1
	local address=$2

	if [ -z "$device" ]; then
		echo $"ERR:  [$fn] Missing parameter 'device' (arg 1)"
		return 1
	fi

	if [ -z "$address" ]; then
		echo $"ERR:  [$fn] Missing parameter 'IPv6-address' (arg 2)"
		return 1
	fi

	# Run IPv6 test													#@-RH7@#
	ipv6_test || return 2

	# Test, whether given IPv6 address is valid									#@-RH7@#	
	ipv6_test_ipv6_addr_valid $address || return 2

	# Test status of interface											#@-RH7@#
	ipv6_test_device_status $device
	local result=$?

	if [ "$result" = "0" ]; then
		# Interface is already up										#@-RH7@#
		true
	elif [ "$result" != "1" ]; then
		# Interface doesn't exist										#@-RH7@#
		echo $"ERR:  [$fn] Device '$device' doesn't exist"
		return 2
	else
		# no IPv4 for this interface, interface is still down, bring it up ...					#@-RH7@#
		ipv6_exec_ifconfig $device up

		if [ $[ $DEBUG_IPV6 & 2 ] = 0 ] ; then								#@-DEB@#
			# Test, whether "up" has worked									#@-RH7@#
			if ! test_interface_status $device; then
				echo $"ERR:  [$fn] Device '$device' enabling didn't work"
				return 2
			fi
		fi												#@-DEB@#
	fi

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set -x									#@-DEB@#

	# Extract address parts
	local prefixlength_implicit="`echo $address | awk -F/ '{ print $2 }'`"
	local address_implicit="`echo $address | awk -F/ '{ print $1 }'`"

	# Check prefix length and using '64' as default
	if [ -z "$prefixlength_implicit" ]; then
		echo $"WARN: [$fn] No prefix length specified, using '64' as default"					#@-RH7@#
		prefixlength_implicit="64"
		address="$address_implicit/$prefixlength_implicit"
	fi

	# Only add if address does not already exist
	ipv6_test_addr_exists_on_device $device $address_implicit $prefixlength_implicit
	retval=$?
	if [ $retval -lt 10 ]; then
		return 2
	fi

	if [ $retval -eq 11 ]; then
		echo $"WARN: [$fn] Given IPv6 address '$address' for dev '$device' is already configured - skip"	#@-RH7@#
		true
	else
		echo $"INF:  [$fn] Add for dev '$device' IPv6 address '$address'"					#@-RH7@#
		ipv6_exec_ifconfig $device add $address || return 2
	fi

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set +x									#@-DEB@#
	return 0
}


## Remove all IPv6 routes and addresses for given interface
#   cleanup to prevent kernel crashes
#  $1: Interface 
ipv6_cleanup_device() {
	local fn="ipv6_cleanup_device"

	local device=$1

	if [ -z "$device" ]; then
		echo $"ERR:  [$fn] Missing parameter 'device' (arg 1)"
		return 1
	fi

	# Run IPv6 test													#@-RH7@#
	ipv6_test || return 2

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set -x									#@-DEB@#

	# Remove all IPv6 routes through this device (but not "lo")
	if [ "$device" != "lo" ]; then
		echo $"INF:  [$fn] Flush all IPv6 routes on device '$device'"						#@-RH7@#
		ipv6_exec_ip -6 route flush dev $device >/dev/null 2>&1
	fi

	# Remove all IPv6 addresses on this interface
	echo $"INF:  [$fn] Flush all IPv6 addresses on device '$device'"						#@-RH7@#
	ipv6_exec_ip -6 addr flush dev $device >/dev/null 2>&1

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set +x									#@-DEB@#
	return 0
}


## Remove an IPv6 address on given interface
#  $1: Interface 
#  $2: IPv6 address
ipv6_del_addr_on_device() {
	local fn="ipv6_del_addr_on_device"

	local device=$1
	local address=$2

	if [ -z "$device" ]; then
		echo $"ERR:  [$fn] Missing parameter 'device' (arg 1)"
		return 1
	fi

	if [ -z "$address" ]; then
		echo $"ERR:  [$fn] Missing parameter 'IPv6 address' (arg 2)"
		return 1
	fi

	# Run IPv6 test													#@-RH7@#
	ipv6_test || return 2

	# Test, whether given IPv6 address is valid									#@-RH7@#
	ipv6_test_ipv6_addr_valid $address || return 2

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set -x									#@-DEB@#

	# Extract address parts
	local prefixlength_implicit="`echo $address | awk -F/ '{ print $2 }'`"
	local address_implicit="`echo $address | awk -F/ '{ print $1 }'`"

	# Only remove, if address exists and is not link-local (prevents from kernel crashing)
	ipv6_test_addr_exists_on_device $device $address_implicit $prefixlength_implicit
	local retval=$?
	if [ $retval -lt 10 ]; then
		return 2
	fi

	if [ $retval -eq 11 ]; then
		echo $"INF:  [$fn] Delete dev $device IPv6 address '$address'"						#@-RH7@#
		ipv6_exec_ifconfig $device del $address || return 2
	else
		echo $"WARN: [$fn] Given IPv6 address '$address' doesn't exist on dev '$device'"			#@-RH7@#
		true
	fi
    
	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set +x									#@-DEB@#
	return 0
}


##### Some address test functions

## Test a given IPv6 address for validity
#  $1: <IPv6 address>
#  $2: [quiet] : do not display error message
#  Return code =0:valid  1:not valid  2:general problem
ipv6_test_ipv6_addr_valid() {
	local fn="ipv6_test_ipv6_addr_valid"

	local testipv6addr_valid=$1
	local modequiet=$2

	[ $[ $DEBUG_IPV6 & 64 ] = 0 ] || echo $"DEB: [$fn] Test IPv6 for validity: '$testipv6addr_valid'"	#@-DEB@#

	if [ -z "$testipv6addr_valid" ]; then
		# nothing to test											#@-RH7@#
		return 2
	fi
	if [ ! -z "$modequiet" ]; then
		if [ "$modequiet" != "quiet" ]; then
			echo $"ERR:  [$fn] Parameter '$modequiet' for 'quiet' mode is not valid (arg 2)"
			return 1
		fi
	fi

	# Extract parts
	local prefixlength_implicit="`echo $testipv6addr_valid | awk -F/ '{ print $2 }'`"
	local address_implicit="`echo $testipv6addr_valid | awk -F/ '{ print $1 }'`"

	if [ "$EXISTS_ipv6calc" = "yes" ]; then
		if ! ipv6calc --addr2uncompaddr $testipv6addr_valid >/dev/null 2>&1; then
			if [ "$modequiet" != "quiet" ]; then
				echo $"ERR:  [$fn] Given IPv6 address '$testipv6addr_valid' is not valid"
			fi
			return 1
		fi
	else
		# Test for a valid format
		if ! echo "$address_implicit" | LC_ALL=C egrep -q '^[:xdigit:]|[:\.]*$'; then
			echo $"ERR:  [$fn] Given IPv6 address '$testipv6addr_valid' is not valid"
			return 1
		fi
	fi

	# Test for prefix length
	if [ -z "$prefixlength_implicit" ]; then
		if echo "$testipv6addr_valid" | LC_ALL=C grep "/$"; then
			# Trailing "/", but no value
			echo $"ERR:  [$fn] Missing 'prefix length' for given address '$testipv6addr_valid'"
			return 1
		else
			return 0
		fi
	elif [ $prefixlength_implicit -lt 0 -o $prefixlength_implicit -gt 128 ]; then
		echo $"ERR:  [$fn] 'prefix length' on given address '$testipv6addr_valid' is out of range (0-128)"
		return 1
	fi

	[ $[ $DEBUG_IPV6 & 64 ] = 0 ] || echo "DEB: [$fn] IPv6 addres is valid"					#@-DEB@#
	return 0
}


## Test a given IPv4 address for validity
#  $1: IPv4 address
#  Return code =0:valid  1:not valid  2:general problem
ipv6_test_ipv4_addr_valid() {
	local fn="ipv6_test_ipv4_addr_valid"

	local testipv4addr_valid=$1

	[ $[ $DEBUG_IPV6 & 64 ] = 0 ] || echo $"DEB: [$fn] Test IPv4 for validity: '$testipv4addr_valid'"		#@-DEB@#

	if [ -z "$testipv4addr_valid" ]; then
		# nothing to test
		return 2
	fi
	# Test for a valid format
	if echo "$testipv4addr_valid" | LC_ALL=C egrep -q -v '^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$'; then
		echo $"ERR:  [$fn] Given IPv4 address '$testipv4addr_valid' has no proper format" 
		return 1
	fi

	# Test for valid IPv4 address parts
	local number1="`echo $testipv4addr_valid | awk -F. '{ print $1 }'`"
	local number2="`echo $testipv4addr_valid | awk -F. '{ print $2 }'`"
	local number3="`echo $testipv4addr_valid | awk -F. '{ print $3 }'`"
	local number4="`echo $testipv4addr_valid | awk -F. '{ print $4 }'`"
	if [ $number1 -lt 0 -o $number1 -gt 255 ]; then	
		echo $"ERR:  [$fn] Part 1 of given IPv4 address '$testipv4addr_valid' is out of range"
		return 1
	fi
	if [ $number2 -lt 0 -o $number2 -gt 255 ]; then	
		echo $"ERR:  [$fn] Part 2 of given IPv4 address '$testipv4addr_valid' is out of range"
		return 1
	fi
	if [ $number3 -lt 0 -o $number3 -gt 255 ]; then	
		echo $"ERR:  [$fn] Part 3 of given IPv4 address '$testipv4addr_valid' is out of range"
		return 1
	fi
	if [ $number4 -lt 0 -o $number4 -gt 255 ]; then	
		echo $"ERR:  [$fn] Part 4 of given IPv4 address '$testipv4addr_valid' is out of range"
		return 1
	fi

	[ $[ $DEBUG_IPV6 & 64 ] = 0 ] || echo "DEB: [$fn] IPv4 address is valid"				#@-DEB@#
	return 0
}


## Test a given IPv4 address for not a private but unicast one
#  $1: IPv4 address
#  Return code =0:ok  1:private or not unicast  2:general problem
ipv6_test_ipv4_addr_global_usable() {
	local fn="ipv6_test_ipv4_addr_global_usable"

	local testipv4addr_globalusable=$1

	[ $[ $DEBUG_IPV6 & 64 ] = 0 ] || echo $"DEB: [$fn] Test IPv4 for globally usage: '$testipv4addr_globalusable'"	#@-DEB@#

	if [ -z "$testipv4addr_globalusable" ]; then
		# nothing to test											#@-RH7@#
		return 2
	fi

	# Test for a valid IPv4 address											#@-RH7@#
	ipv6_test_ipv4_addr_valid $testipv4addr_globalusable || return 2						#@-RH7@#

	# Test for a globally usable IPv4 address now
	if [ "$EXISTS_ipcalc" = "yes" ]; then										#@-RH7@#
		# use ipcalc, easier for testing									#@-RH7@#
		# test 0.0.0.0/8
		ipcalc --network $testipv4addr_globalusable 255.0.0.0   | LC_ALL=C grep -q "NETWORK=0\.0\.0\.0"     && return 1
		# test 10.0.0.0/8 (private)
		ipcalc --network $testipv4addr_globalusable 255.0.0.0   | LC_ALL=C grep -q "NETWORK=10\.0\.0\.0"    && return 1
		# test 127.0.0.0/8 (loopback)
		ipcalc --network $testipv4addr_globalusable 255.0.0.0   | LC_ALL=C grep -q "NETWORK=127\.0\.0\.0"    && return 1
		# test 169.254.0.0/16 (DHCP link local)
		ipcalc --network $testipv4addr_globalusable 255.255.0.0 | LC_ALL=C grep -q "NETWORK=169\.254\.0\.0"  && return 1
		# test 172.16.0.0/12 (private)
		ipcalc --network $testipv4addr_globalusable 255.240.0.0 | LC_ALL=C grep -q "NETWORK=172\.16\.0\.0"  && return 1
		# test 192.168.0.0/16 (private)
		ipcalc --network $testipv4addr_globalusable 255.255.0.0 | LC_ALL=C grep -q "NETWORK=192\.168\.0\.0" && return 1
		# test 224.0.0.0/3 (multicast and reserved, broadcast)
		ipcalc --network $testipv4addr_globalusable 224.0.0.0   | LC_ALL=C grep -q "NETWORK=224\.0\.0\.0"   && return 1
	else														#@-RH7@#
		# low budget tester, perhaps not always correct working							#@-RH7@#
		local number1="`echo $testipv4addr_globalusable | awk -F. '{ print $1 }'`"				#@-RH7@#
		local number2="`echo $testipv4addr_globalusable | awk -F. '{ print $2 }'`"				#@-RH7@#
		if [ -z "$number1" -o -z "$number2" ]; then								#@-RH7@#
			# hmm, not an IPv4 address									#@-RH7@#
			return 2											#@-RH7@#
		fi													#@-RH7@#
		# test 0.0.0.0/8 											#@-RH7@#
		[ $number1 -eq 0 ] && return 1										#@-RH7@#
		# test 10.0.0.0/8 (private)										#@-RH7@#
		[ $number1 -eq 10 ] && return 1										#@-RH7@#
		# test 127.0.0.0/8 (loopback)										#@-RH7@#
		[ $number1 -eq 127 ] && return 1									#@-RH7@#
		# test 169.254.0.0/16 (DHCP link local)									#@-RH7@#
		[ $number1 -eq 169 -a $number2 -eq 254 ] && return 1							#@-RH7@#
		# test 172.16.0.0/12 (private)										#@-RH7@#
		[ $number1 -eq 172 -a $number2 -ge 16 -a $number2 -le 31 ] && return 1					#@-RH7@#
		# test 192.168.0.0/16 (private)										#@-RH7@#
		[ $number1 -eq 192 -a $number2 -eq 168 ] && return 1							#@-RH7@#
		# test 224.0.0.0/3 (multicast and reserved, broadast)							#@-RH7@#
		[ $number1 -ge 224 ] && return 1									#@-RH7@#
	fi														#@-RH7@#
	
	[ $[ $DEBUG_IPV6 & 64 ] = 0 ] || echo "DEB: [$fn] IPv4 address is global usable"				#@-DEB@#
	return 0
}


## Test a given device for status
#  $1: device name
#  Return code =0:UP  1:not UP  2:not exists
ipv6_test_device_status() {
	local fn="ipv6_test_device_status"

	local device=$1

	if [ -z "$device" ]; then
		echo $"ERR:  [$fn] Missing parameter 'device' (arg 1)"
		return 1
	fi

	# Test if device exists
	if ! ipv6_exec_ifconfig $device >/dev/null 2>&1 ; then
		return 2
	fi

	# Test if device is up
	if ipv6_exec_ifconfig $device 2>&1 | LC_ALL=C grep -q "UP "; then
		return 0
	else
		return 1
	fi
}


## Build 6to4 prefix
#  $1: IPv4 address
# RetVal: 6to4address
# Returncode 0=ok  1=failure  2=general problem
ipv6_create_6to4_prefix() {
	local fn="ipv6_create_6to4_prefix"

	local ipv4addr=$1

	# Test addresses												#@-RH7@#
	ipv6_test_ipv4_addr_valid $ipv4addr || return 2									#@-RH7@#

	local major1="`echo $ipv4addr | awk -F. '{ print $1 }'`"
	local minor1="`echo $ipv4addr | awk -F. '{ print $2 }'`"
	local major2="`echo $ipv4addr | awk -F. '{ print $3 }'`"
	local minor2="`echo $ipv4addr | awk -F. '{ print $4 }'`"

	if [ -z "$major1" -o -z "$minor1" -o -z "$major2" -o -z "$minor2" ]; then
		return 2
	fi

	if [ $major1 -eq 0 ]; then
		local block1="`printf "%x" $minor1`"	
	else 
		local block1="`printf "%x%02x" $major1 $minor1`"
	fi 
	if [ $major2 -eq 0 ]; then
		local block2="`printf "%x" $minor2`"	
	else 
		local block2="`printf "%x%02x" $major2 $minor2`"
	fi 

	local prefix6to4="2002:$block1:$block2"

	echo "$prefix6to4"
	return 0
}


##### 6to4 tunneling setup

## Configure 6to4 tunneling up
#  $1: Interface (sit0|tun6to4 implicit select the method using sit0 or a dedicated device)
#  $2: global IPv4 address of local interface
#  $3: IPv6 suffix for 6to4 prefix (optional, default is "1")
# ReturnCodes 0=ok  1=failure  2=general problem
ipv6_add_6to4_tunnel() {
	local fn="ipv6_add_6to4_tunnel"

	local device=$1
	local localipv4=$2
	local localipv6to4suffix=$3

	if [ -z "$device" ]; then
		echo $"ERR:  [$fn] Missing parameter 'device' (arg 1)"
		return 1
	fi

	if [ -z "$localipv4" ]; then
		echo $"ERR:  [$fn] Missing parameter 'local IPv4 address' (arg 2)"
		return 1
	fi

	# Check device
	if [ "$device" != "sit0" -a "$device" != "tun6to4" ]; then
		echo $"ERR:  [$fn] Given device '$device' not supported (arg 1)"
		return 1
	fi

	# Run IPv6 test													#@-RH7@#
	ipv6_test || return 2

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set -x									#@-DEB@#

	# Generate 6to4 address
	local prefix6to4="`ipv6_create_6to4_prefix $localipv4`"
	echo $"INF:  [$fn] Generated 6to4 prefix '$prefix6to4' from '$localipv4'"						#@-RH7@#
	if [ $? -ne 0 -o -z "$prefix6to4" ]; then
		return 2
	fi

	if [ -z "$localipv6to4suffix" ]; then
		local address6to4="${prefix6to4}::1/16"
	else
		local address6to4="${prefix6to4}::${localipv6to4suffix}/16"
	fi

	if [ "$device" = "sit0" ]; then
		# Enable generic IPv6-over-IPv4 tunneling
		ipv6_enable_autotunnel

		# Add 6to4 address on generic device sit0
		ipv6_add_addr_on_device sit0 $address6to4	
		if [ $? -ne 0 ]; then
			local retval=2
		else
			local retval=0
		fi
	elif [ "$device" = "tun6to4" ]; then
		ipv6_add_tunnel_device tun6to4 0.0.0.0 $address6to4 $ipv4addr
		if [ $? -ne 0 ]; then
			local retval=2
		else
			local retval=0
		fi
	fi

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set +x									#@-DEB@#
	return $retval
}	


## Configure all 6to4 tunneling down
#  $1: Interface (sit0|tun6to4 implicit select the method)
# ReturnCodes 0=ok  1=failure  2=general problem
ipv6_cleanup_6to4_tunnels() {
	local fn="ipv6_cleanup_6to4_tunnels"

	local device=$1

	if [ -z "$device" ]; then
		echo $"ERR:  [$fn] Missing parameter 'device' (arg 1)"
		return 1
	fi

	# Check device
	if [ "$device" != "sit0" -a "$device" != "tun6to4" ]; then
		echo $"ERR:  [$fn] Given device '$device' not supported (arg 1)"
		return 1
	fi

	# Run IPv6 test													#@-RH7@#
	ipv6_test || return 2

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set -x									#@-DEB@#

	if [ "$device" = "sit0" ]; then
		# Get all configured 6to4 addresses and delete them
		ipv6_exec_ip addr show dev sit0 | LC_ALL=C grep inet6 | awk '{ print $2 }' | LC_ALL=C grep "^2002:" | while read ipv6to4addr; do
			ipv6_del_addr_on_device sit0 $ipv6to4addr
		done

		# Try to disable general IPv6-over-IPv4 tunneling
		ipv6_disable_autotunnel
	elif [ "$device" = "tun6to4" ]; then
		ipv6_del_tunnel_device tun6to4
	fi

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set +x									#@-DEB@#
}	


## Configure 6to4 tunneling down
#  $1: Interface (sit0|tun6to4 implicit select the method)
#  $2: global IPv4 address of local interface
# ReturnCodes 0=ok  1=failure  2=general problem
ipv6_del_6to4_tunnel() {
	local fn="ipv6_del_6to4_tunnel"

	local device=$1
	local localipv4=$2

	if [ -z "$device" ]; then
		echo $"ERR:  [$fn] Missing parameter 'device' (arg 1)"
		return 1
	fi

	if [ -z "$localipv4" ]; then
		echo $"ERR:  [$fn] Missing parameter 'local IPv4 address' (arg 2)"
		return 1
	fi

	# Check device
	if [ "$device" != "sit0" -a "$device" != "tun6to4" ]; then
		echo $"ERR:  [$fn] Given device '$device' not supported (arg 1)!"
		return 1
	fi

	# Run IPv6 test													#@-RH7@# 
	ipv6_test || return 2

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set -x									#@-DEB@#

	# generate 6to4 address
	local prefix6to4="`ipv6_create_6to4_prefix $localipv4`"
	echo $"INF:  [$fn] Generated 6to4 prefix '$prefix6to4' from '$localipv4'"
	if [ $? -ne 0 -o -z "$prefix6to4" ]; then
		return 2
	fi

	if [ -z "$localipv6to4suffix" ]; then
		local address6to4="$prefix6to4::1/16"
	else
		local address6to4="${prefix6to4}::${localipv6to4suffix}/16"
	fi

	if [ "$device" = "sit0" ]; then
		ipv6_del_addr_on_device sit0 $address6to4	
		if [ $? -ne 0 ]; then
			return 2
		fi

		# Try to disable general IPv6-over-IPv4 tunneling
		ipv6_disable_autotunnel
		if [ $? -ne 0 ]; then
			local retval=2
		else
			local retval=0
		fi
	elif [ "$device" = "tun6to4" ]; then
		ipv6_del_tunnel_device tun6to4
	fi

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set +x									#@-DEB@#
	return $retval
}	


## Configure a static tunnel device up
#  $1: Interface 
#  $2: IPv4 address of foreign tunnel
#  $3: Local IPv6 address of a P-t-P tunnel (optional)
#  $4: Local IPv4 address of tunnel (optional)
ipv6_add_tunnel_device() {
	local fn="ipv6_add_tunnel_device"

	local device=$1
	local addressipv4tunnel=$2
	local addressipv6local=$3
	local addressipv4tunnellocal=$4
	
	if [ -z "$device" ]; then
		echo $"ERR:  [$fn] Missing parameter 'device' (arg 1)"
		return 1
	fi

	if [ -z "$addressipv4tunnel" ]; then
		echo $"ERR:  [$fn] Missing parameter 'IPv4-tunnel address' (arg 2)"
		return 1
	fi

	if [ -z "$addressipv4tunnellocal" ]; then
		addressipv4tunnellocal="any"
	fi
 
	# Run IPv6 test													#@-RH7@# 
	ipv6_test || return 2   

	# Test, whether given IPv4 address is valid									#@-RH7@#
	ipv6_test_ipv4_addr_valid $addressipv4tunnel || return 2									#@-RH7@#

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set -x									#@-DEB@#

	echo $"INF:  [$fn] Create a new tunnel device '$device' to remote endpoint '$addressipv4tunnel', local IPv4 is '$addressipv4tunnellocal'"		#@-RH7@#
	if ! ipv6_test_device_status $device; then
		# Get default TTL											#@-RH7@#
		local ttldefault="`ipv6_exec_sysctl net.ipv4.ip_default_ttl | awk '{ print $3 }'`"
		if [ -z "$ttldefault" ]; then
			local ttldefault=64
		fi

		# Test whether remote IPv4 address was already applied to another tunnel (does not catch IPv4 addresses with leading 0's)
		ipv6_exec_ip tunnel show 2>/dev/null | LC_ALL=C grep $addressipv4tunnel | while read dev type tag remote tag local tag ttl rest; do
			local devnew="`echo $dev | sed 's/:$//g'`"
			if [ "$remote" = "$addressipv4tunnel" ]; then
				echo $"ERR:  [$fn] Given remote address '$addressipv4tunnel' on tunnel device '$device' is already configured on device '$devnew'!"
				return 2
			fi
		done
		if [ $? -ne 0 ]; then
			return 2
		fi

		ipv6_exec_ip tunnel add $device mode sit ttl $ttldefault remote $addressipv4tunnel local $addressipv4tunnellocal

		# Test, whether "ip tunnel show" works without error
		ipv6_exec_ip tunnel show $device >/dev/null 2>&1
		if [ $? -ne 0 ]; then
			echo $"ERR:  [$fn] Tunnel device '$device' creation didn't work!"
			return 2
		fi

		# Test, whether "ip tunnel show" reports valid content
		if ! ipv6_exec_ip tunnel show $device | LC_ALL=C grep -q "remote"; then
			echo $"ERR:  [$fn] Tunnel device '$device' creation didn't work!"
			return 2
		fi

		ipv6_exec_ifconfig $device up

		# Test, whether creation was successful									#@-RH7@#
		if ! ipv6_test_device_status $device; then
			echo $"ERR:  [$fn] Tunnel device '$device' bringing up didn't work!"
			return 2
		fi

		# Set sysctls proper (regardless "default")
		ipv6_exec_sysctl -w net.ipv6.conf.$device.forwarding=1 >/dev/null
		ipv6_exec_sysctl -w net.ipv6.conf.$device.accept_ra=0 >/dev/null
		ipv6_exec_sysctl -w net.ipv6.conf.$device.accept_redirects=0 >/dev/null

		if [ ! -z "$addressipv6local" ]; then
			# Setup P-t-P address
			ipv6_add_addr_on_device $device $addressipv6local
			if [ $? -ne 0 ]; then
				return 2
			fi
		fi
	else
		echo $"WARN: [$fn] Tunnel device '$device' is already up"						#@-RH7@#
		false
	fi

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set +x									#@-DEB@#
	return 0
}	


## Configure a static tunnel device down
#  $1: Interface
ipv6_del_tunnel_device() {
	local fn="ipv6_del_tunnel_device"

	local device=$1

	if [ -z "$device" ]; then
		echo $"ERR:  [$fn] Missing parameter 'device' (arg 1)"
		return 1
	fi

	# Run IPv6 test													#@-RH7@#
	ipv6_test || return 2   

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set -x									#@-DEB@#

	if ipv6_test_device_status $device; then
		# Shut down tunnel											#@-RH7@#
		ipv6_cleanup_device $device
	else
		if [ "$device" != "sit0" ]; then
			echo $"WARN: [$fn] Tunnel device '$device' is already down"					#@-RH7@#
			false
		fi
	fi

	if [ "$device" != "sit0" ]; then
		echo $"INF:  [$fn] Delete tunnel device '$device'"							#@-RH7@#
		if ipv6_exec_ip tunnel 2>/dev/null | LC_ALL=C grep -q "^$device:" ; then
			ipv6_exec_ip tunnel del $device

			if [ $[ $DEBUG_IPV6 & 2 ] = 0 ]; then							#@-DEB@#
				# Test, whether remove was succesfull							#@-RH7@#
				if ipv6_test_device_status $device; then
					echo $"WARN: [$fn] Tunnel device '$device 'removing didn't work!"		#@-RH7@#
					false
				fi
			fi											#@-DEB@#
		else												
			echo $"WARN: [$fn] Tunnel device '$device' is already removed"					#@-RH7@#
			false
		fi
	fi

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set +x									#@-DEB@#
	return 0
}	


## Set IPv6 MTU for a device
#  $1: Interface
#  $2: IPv6 MTU
ipv6_set_mtu() {
	local fn="ipv6_set_mtu"

	local device=$1
	local ipv6_mtu=$2

	if [ -z "$device" ]; then
		echo $"ERR:  [$fn] Missing parameter 'device' (arg 1)"
		return 1
	fi

	if [ -z "$ipv6_mtu" ]; then
		echo $"ERR:  [$fn] Missing parameter 'IPv6 MTU' (arg 2)"
		return 1
	fi

	# Check range
	if [ $ipv6_mtu -lt 1280 -o $ipv6_mtu -gt 65535 ]; then
		echo $"ERR:  [$fn] Given IPv6 MTU is out of range"
		return 1
	fi

	echo $"INF:  [$fn] Set IPv6 MTU on '$device' to '$ipv6_mtu'"							#@-RH7@#
	ipv6_exec_sysctl -w net.ipv6.conf.$device.mtu=$ipv6_mtu >/dev/null
}


## Set a default gateway
#  $1: Address (can also contain scope suffix, will have precedence before $2)
#  $2: Device
# Action: set a default route with given parameters
# Return codes: 0: success, 2: given parameters not valid
ipv6_set_default_route() {
	local fn="ipv6_set_default_route"

	local address=$1
	local device=$2

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set -x									#@-DEB@#

	if [ ! -z "$address" ]; then
		# Split away scope, if available									#@-RH7@#
		addressgw=`echo $address | awk -F% '{ print $1 }'`
		devicegw=`echo $address | awk -F% '{ print $2 }'`
 
		if [ -z "$addressgw" ]; then
			echo $"ERR:  [$fn] Given IPv6 default gateway '$address' is not in proper format"
			return 2
		fi

		if echo $addressgw | LC_ALL=C grep -qi "^fe80:"; then
			# Link local, device must be specified								#@-RH7@#
			if [ -z "$devicegw" ]; then
				if [ -z "$device" ]; then
					echo $"ERR:  [$fn] Given IPv6 default gateway '$address' is link-local, but no device is specified"
					return 2
				else
					local devicegw=$device
				fi
			fi
		fi

		# Install route												#@-RH7@#
		if [ -z "$devicegw" ]; then
			echo $"INF:  [$fn] Set default route to '$addressgw' (no device defined)"			#@-RH7@#
			#ipv6_add_route ::/0 $addressgw
			ipv6_add_route 2000::/3 $addressgw
		else	
			echo $"INF:  [$fn] Set default route to '$addressgw' via '$devicegw'"				#@-RH7@#
			#ipv6_add_route ::/0 $addressgw $devicegw
			ipv6_add_route 2000::/3 $addressgw $devicegw
		fi
	elif [ ! -z "$device" ]; then
		# Test, whether interface needs explicit next hop							#@-RH7@#
		ipv6_test_route_requires_next_hop $device
		local result=$?

		if [ $result = 0 ]; then
			echo $"ERR:  [$fn] Given IPv6 default device '$device' requires an explicit nexthop"
			return 2
		elif [ $result != 1 ]; then
			echo $"ERR:  [$fn] Given IPv6 default device '$device' doesn't exist or isn't up"
			return 2
		fi
	
		echo $"INF:  [$fn] Set default route via '$device'"							#@-RH7@#
		#ipv6_add_route ::/0 :: $device
		ipv6_add_route 2000::/3 :: $device
	else
		echo $"ERR:  [$fn] No parameters given to setup a default route"
		return 2
	fi

	[ $[ $DEBUG_IPV6 & 1 ] = 0 ] || set +x									#@-DEB@#

	return 0
};


## Resolve need of explicit next hop for an interface
#  $1: Device
# Action: test, whether interface needs explicit next hop for route setup
# Return code: 0: yes, 1: no, 2: invalid input (interface not up|no parameter given)
ipv6_test_route_requires_next_hop() {
	local fn="ipv6_test_route_requires_next_hop"

	local device=$1

	if [ -z "$device" ]; then
		return 2
	fi

	ipv6_test_device_status $device
	local result=$?
	
	if [ $result != 0 ]; then
		# Interface is not up or doesn't exist									#@-RH7@#
		return 2
	fi

	if ipv6_exec_ip link show $device |  LC_ALL=C grep -q "POINTOPOINT"; then
		# Interface is P-to-P, needs no explicit next hop							#@-RH7@#
		return 1
	fi

	if [ "$device" = "sit0" ]; then		
		# Interface is basic tunnel interface, needs no explicit next hop					#@-RH7@#
		return 1
	fi
	
	return 0	
}

## Trigger radvd
#  $1: reason
#  $2: alternative pid file [optional]
# Action: trigger radvd depending on 'reason' and used settings
#  IPV6_TRIGGER_RADVD_ACTION_6TO4 [default: SIGHUP]
#  IPV6_TRIGGER_RADVD_ACTION_PPP [default: SIGHUP]
# Return code: 0: ok, 2: general problem
ipv6_trigger_radvd() {
	local fn="ipv6_trigger_radvd"

	local reason=$1
	local pidfile=$2

	if [ -z "$reason" ]; then
		echo $"ERR:  [$fn] No reason given on sending trigger to radvd!"
		return 2
	fi
		
	if [ -z "$pidfile" ]; then
		# Take default												#@-RH7@#
		local pidfile="/var/run/radvd/radvd.pid"
	fi

	# Print message and select action
	case $reason in
	    '6to4')
		echo $"INF:  [$fn] Trigger radvd for IPv6to4 prefix recalculation"
		if [ -z "$IPV6_TRIGGER_RADVD_ACTION_6TO4" ]; then
			local action="SIGHUP"
		else
			local action=$IPV6_TRIGGER_RADVD_ACTION_6TO4
		fi
		;;
	    'ppp')
		echo $"INF:  [$fn] Trigger radvd to reread config"	
		if [ -z "$IPV6_TRIGGER_RADVD_ACTION_PPP" ]; then
			local action="SIGHUP"
		else
			local action=$IPV6_TRIGGER_RADVD_ACTION_PPP
		fi
		;;
	    *)
		echo $"ERR:  [$fn] Unsupported reason '$reason' for sending trigger to radvd"
		return 2
		;;
	esac

	if [ -z "$action" ]; then
		echo $"ERR:  [$fn] Action is empty for sending trigger to radvd"
		return 2
	fi

	# PID file needed?
	if [ "$action" = "SIGHUP" ]; then
		if [ ! -f "$pidfile" ]; then
			echo $"ERR:  [$fn] Given pidfile doesn't exit, cannot send trigger to radvd"
			return 2
		fi

		# Get PID
		pid="`cat $pidfile`"
		if [ -z "$pid" ]; then
			# pidfile empty - strange
			echo $"ERR:  [$fn] Pidfile is empty, cannot send trigger to radvd"
			return 2
		fi
	fi

	# Do action
	case $action in
	    'SIGHUP')
		kill -HUP $pid
		;;
	    'restart')
		service radvd restart
		;;
	    'stop')
		service radvd stop
		;;
	    'start')
		service radvd start
		;;
	    *)
		echo $"ERR:  [$fn] Unsupported action '$action' for sending trigger to radvd!"
		return 2
		;;
	esac

	return 0
}
