]>
Commit | Line | Data |
---|---|---|
1 | #!/bin/bash | |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2010 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | # A list of supported versions of the IP protocol | |
23 | IP_SUPPORTED_PROTOCOLS="" | |
24 | ||
25 | ip_split_prefix() { | |
26 | local address=${1} | |
27 | assert isset address | |
28 | ||
29 | echo "${address%%/*}" | |
30 | } | |
31 | ||
32 | ip_get_prefix() { | |
33 | local address=${1} | |
34 | assert isset address | |
35 | ||
36 | # Break if no prefix is provided | |
37 | [[ ${address} =~ \/ ]] || return ${EXIT_OK} | |
38 | ||
39 | echo "${address##*/}" | |
40 | } | |
41 | ||
42 | ip_detect_protocol() { | |
43 | local address="${1}" | |
44 | ||
45 | assert isset address | |
46 | ||
47 | local protocol | |
48 | for protocol in ${IP_SUPPORTED_PROTOCOLS}; do | |
49 | if ${protocol}_is_valid "${address}"; then | |
50 | echo "${protocol}" | |
51 | return ${EXIT_OK} | |
52 | fi | |
53 | done | |
54 | ||
55 | return ${EXIT_ERROR} | |
56 | } | |
57 | ||
58 | ip_protocol_is_supported() { | |
59 | local proto=${1} | |
60 | ||
61 | assert isset proto | |
62 | ||
63 | listmatch ${proto} ${IP_SUPPORTED_PROTOCOLS} | |
64 | } | |
65 | ||
66 | ip_is_valid() { | |
67 | local address=${1} | |
68 | assert isset address | |
69 | ||
70 | local proto=$(ip_detect_protocol ${address}) | |
71 | isset proto && return ${EXIT_TRUE} || return ${EXIT_FALSE} | |
72 | } | |
73 | ||
74 | ip_is_network() { | |
75 | local network=${1} | |
76 | assert isset network | |
77 | ||
78 | # Get the address part. | |
79 | local address=$(ip_split_prefix ${network}) | |
80 | isset address || return ${EXIT_FALSE} | |
81 | ||
82 | # Get the prefix. | |
83 | local prefix=$(ip_get_prefix ${network}) | |
84 | isset prefix || return ${EXIT_FALSE} | |
85 | ||
86 | # Detect the protocol. | |
87 | local proto=$(ip_detect_protocol ${address}) | |
88 | assert isset proto | |
89 | ||
90 | # Check if the prefix is correct. | |
91 | ip_prefix_is_valid ${proto} ${prefix} || return ${EXIT_FALSE} | |
92 | ||
93 | return ${EXIT_TRUE} | |
94 | } | |
95 | ||
96 | ip_prefix_is_valid() { | |
97 | local proto=${1} | |
98 | assert isset proto | |
99 | ||
100 | local prefix=${2} | |
101 | ||
102 | case "${proto}" in | |
103 | ipv4) | |
104 | ipv4_prefix_is_valid ${prefix} | |
105 | return $? | |
106 | ;; | |
107 | ipv6) | |
108 | ipv6_prefix_is_valid ${prefix} | |
109 | return $? | |
110 | ;; | |
111 | esac | |
112 | ||
113 | assert ip_protocol_is_supported ${proto} | |
114 | } | |
115 | ||
116 | ip_get_network() { | |
117 | inetcalc -n $@ && return ${EXIT_OK} || return ${EXIT_ERROR} | |
118 | } | |
119 | ||
120 | ip_address_add() { | |
121 | local device=${1} | |
122 | local address=${2} | |
123 | ||
124 | assert isset address | |
125 | assert device_exists ${device} | |
126 | ||
127 | local prefix=$(ip_get_prefix ${address}) | |
128 | address=$(ip_split_prefix ${address}) | |
129 | ||
130 | assert isset prefix | |
131 | assert isset address | |
132 | ||
133 | echo "ADDRESS = $address" | |
134 | ||
135 | # Detect the protocol version | |
136 | local protocol=$(ip_detect_protocol "${address}") | |
137 | assert ip_protocol_is_supported "${protocol}" | |
138 | ||
139 | case "${protocol}" in | |
140 | ipv6) | |
141 | assert ipv6_prefix_is_valid "${prefix}" | |
142 | ;; | |
143 | ipv4) | |
144 | assert ipv4_prefix_is_valid "${prefix}" | |
145 | ;; | |
146 | esac | |
147 | ||
148 | case "${protocol}" in | |
149 | ipv4) | |
150 | if ipv4_detect_duplicate ${device} ${address}; then | |
151 | error_log "Duplicate address detected on zone '${device}' (${address})." | |
152 | error_log "Cannot continue." | |
153 | return ${EXIT_ERROR} | |
154 | fi | |
155 | ;; | |
156 | esac | |
157 | ||
158 | if ! device_has_ip ${device} ${address}/${prefix}; then | |
159 | assert ip addr add ${address}/${prefix} dev ${device} | |
160 | ||
161 | log DEBUG "IP address '${address}' (${protocol}) was successfully configured on device '${device}'." | |
162 | ||
163 | case "${protocol}" in | |
164 | ipv4) | |
165 | # Announce our new address to the neighbours | |
166 | ipv4_update_neighbours ${device} ${address} | |
167 | ;; | |
168 | esac | |
169 | else | |
170 | log DEBUG "IP address '${address}' (${protocol}) was already configured on device '${device}'." | |
171 | fi | |
172 | ||
173 | return ${EXIT_OK} | |
174 | } | |
175 | ||
176 | ip_address_del() { | |
177 | local device=${1} | |
178 | local address=${2} | |
179 | ||
180 | assert isset address | |
181 | assert device_exists ${device} | |
182 | ||
183 | local prefix=$(ip_get_prefix ${address}) | |
184 | address=$(ip_split_prefix ${address}) | |
185 | ||
186 | assert isset prefix | |
187 | ||
188 | # Detect the protocol version | |
189 | local protocol=$(ip_detect_protocol "${address}") | |
190 | assert ip_protocol_is_supported "${protocol}" | |
191 | ||
192 | if device_has_ip ${device} ${address}/${prefix}; then | |
193 | assert ip addr del ${address}/${prefix} dev ${device} | |
194 | ||
195 | log DEBUG "IP address '${address}' (${protocol}) was successfully removed from device '${device}'." | |
196 | else | |
197 | log DEBUG "IP address '${address}' (${protocol}) was not configured on device '${device}'." | |
198 | fi | |
199 | ||
200 | return ${EXIT_OK} | |
201 | } |