[people/amarx/ipfire-3.x.git] / src / network / lib / functions

#!/bin/sh
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2009  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

HOME_DIR=${HOME_DIR-/lib/network}
CONFIG_DIR=/etc/sysconfig/networking
HOOKS_DIR=${HOME_DIR}/hooks

CONFIG_ZONES=${CONFIG_DIR}/zones
CONFIG_PORTS=${CONFIG_DIR}/ports

COMMON_DEVICE=black+

EXIT_OK=0
EXIT_ERROR=1
EXIT_CONF_ERROR=2

[ -n "${DEBUG}"   ] || DEBUG=
[ -n "${VERBOSE}" ] || VERBOSE=

function is_mac() {
	egrep -q "^[0-9a-f][0-9a-f]\:[0-9a-f][0-9a-f]\:[0-9a-f][0-9a-f]\:[0-9a-f][0-9a-f]\:[0-9a-f][0-9a-f]\:[0-9a-f][0-9a-f]$" <<<$1
}

function get_device_by_mac() {
	local mac
	local device

	mac=$1

	for device in /sys/class/net/*; do
		if [ "$(cat $device/address)" = "$mac" ]; then
			device=${device##*/}
			# Skip virtual devices
			if [ -e "/proc/net/vlan/$device" ]; then
				continue
			fi
			# Skip zones
			if zone_exists ${device}; then
				continue
			fi
			echo ${device}
			return 0
		fi
	done
	return 1
}

function get_device_by_mac_and_vid() {
	local mac=$1
	local vid=$2

	local i
	local VID
	local DEVICE
	if [ -e "/proc/net/vlan/config" ]; then
		grep '|' /proc/net/vlan/config | sed "s/|//g" | \
			while read DEVICE VID PARENT; do
				if [ "${vid}" = "${VID}" ] && [ "$(macify ${PARENT})" = "${mac}" ]; then
					echo "${DEVICE}"
					return 0
				fi
			done
	fi
	return 1
}

function get_device() {
	if [ ${#@} -gt 1 ]; then
		get_device_by_mac_and_vid $@
	else
		get_device_by_mac $@
	fi
}

function get_mac_by_device() {
	local device
	device=$1
	if [ -d "/sys/class/net/$device" ]; then
		cat /sys/class/net/$device/address
		return 0
	fi
	return 1
}

function get_mac() {
	get_mac_by_device $@
}

function devicify() {
	local device=${1}
	local mac

	if is_mac ${device}; then
		mac=${device}
		device=$(get_device_by_mac ${device})
	fi
	if [ -n "${device}" ]; then
		echo ${device}
		return 0
	else
		echo "devicify: Could not find device of $@" >&2
		return 1
	fi
}

function macify() {
	local input=${1}
	local mac
	
	if is_mac ${input}; then
		mac=${input}
	else
		mac=$(get_mac_by_device ${input})
	fi
	echo ${mac}
}

function device_exists() {
	ip link show $(devicify ${1}) &>/dev/null
}

function device_is_up() {
	ip link show $(devicify ${1}) 2>/dev/null | grep -qE "<.*UP.*>"
}

function device_rename() {
	local source=$1
	local destination=$2

	# Replace + by a valid number
	if grep -q "+$" <<<${destination}; then
		local number
		destination=$(sed -e "s/+//" <<<$destination)
		number=0
		while [ "${number}" -le "100" ]; do
			if ! device_exists "${destination}${number}"; then
				destination="${destination}${number}"
				break
			fi
			number=$(($number + 1))
		done
	fi

	# Check if devices exist
	if ! device_exists ${source} || device_exists ${destination}; then
		return 4
	fi

	ip link set ${source} down
	ip link set ${source} name ${destination}
	ip link set ${destination} up
	return $?
}

function hook_exists() {
	[ -x "${HOOKS_DIR}/${1}" ]
}

function port_exists() {
	device_exists $@
}

function port_is_up() {
	port_exists $@ && device_is_up $@
}

function zone_exists() {
	[ -e "$CONFIG_ZONES/${1}" ]
}

function zone_is_up() {
	zone_exists $@ && device_is_up $@
}

function bridge_devices() {
	local bridge=$1
	[ -z "${bridge}" ] && return 2
	brctl show | grep "^${bridge}" | awk '{ print $NF }' | grep -v "^interfaces$"
}

function zone_add_port() {
	local zone=${1}
	local port=${2}

	brctl addif ${zone} ${port}
}

function zone_del_port() {
	local zone=${1}
	local port=${2}

	brctl delif ${zone} ${port}
}

function zone_list() {
	local zone
	for zone in $(find ${CONFIG_ZONES}/* 2>/dev/null); do
		[ -d "${zone}" ] && echo ${zone}
	done
}

function run_hooks() {
	local action=${1}
	local dir=${2}
	local failed
	local hook
	local hooks
	shift 2

	if [ -z "${action}" ] || [ -z "${dir}" ]; then
		echo "Not enough parameters given." >&2
		return 1
	fi

	for hook in $(find ${dir} -type f); do
		(
			. ${hook}
			if [ -n "${HOOK}" ] && hook_exists ${HOOK}; then
				/lib/network/hooks/${HOOK} --config=${hook} $@ ${action}
				RET=$?
			else
				echo -e "${FAILURE}Unable to process ${hook}. Either"
				echo -e "${FAILURE}the HOOK variable was not set,"
				echo -e "${FAILURE}or the specified hook cannot be executed."
				message=""
				log_failure_msg
			fi
			exit ${RET}
		) || failed=1
	done

	return ${failed}
}

function hook_type() {
	local hook=${1}
	(
		. $(hook_run ${hook} info)
		echo "${HOOK_TYPE}"
	)
}

function config_get_hook() {
	local config=${1}
	if [ ! -e "${config}" ]; then
		log_failure_msg "Config file \"${config}\" does not exist."
		return ${EXIT_ERROR}
	fi
	( . ${config}; echo ${HOOK}	)
}

function hook_run() {
	local hook=${1}
	shift

	if ! hook_exists ${hook}; then
		log_failure_msg "Hook ${hook} cannot be found or is not executeable."
		return ${EXIT_ERROR}
	fi
	decho "Running hook: ${hook} $@"
	DEBUG=${DEBUG} VERBOSE=${VERBOSE} ${HOOKS_DIR}/${hook} $@
	return $?
}

function hook_run_multiple() {
	local zone
	local config
	local hook
	local hook_type2
	local type
	
	while [ "$#" -gt "0" ]; do
		case "${1}" in
			--type=*)
				type=${1#--type=}
				;;
			*)
				zone=${1}
				break
				;;			
		esac
		shift
	done

	if ! zone_exists ${zone}; then
		return ${EXIT_ERROR}
	fi

	for config in $(find ${CONFIG_ZONES}/${zone} 2>/dev/null); do
		hook=$(config_get_hook ${config})
		if [ -n "${type}" ]; then
			hook_type2=$(hook_type ${hook})
			if [ "${type}" != "${hook_type2}" ]; then
				continue
			fi
		fi
		hook_run ${hook} $@
	done
}

function zone_run() {
	local zone=${1}
	shift

	if ! zone_exists ${zone}; then
		log_failure_msg "Zone ${zone} does not exist."
		exit ${EXIT_ERROR}
	fi
	decho "Running zone: ${zone} $@"
	DEBUG=${DEBUG} VERBOSE=${VERBOSE} ${HOME_DIR}/zone --zone=${zone} $@
	return $?
}
Commit	Line	Data
63ef8328 MT	1	#!/bin/sh
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2009 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
e68e56b5	22	HOME_DIR=${HOME_DIR-/lib/network}
ae69ea7e	23	CONFIG_DIR=/etc/sysconfig/networking
6ad03435	24	HOOKS_DIR=${HOME_DIR}/hooks
ae69ea7e MT	25
	26	CONFIG_ZONES=${CONFIG_DIR}/zones
	27	CONFIG_PORTS=${CONFIG_DIR}/ports
b5238f57	28
cd1bc684 MT	29	COMMON_DEVICE=black+
cd1bc684 MT	30
6ad03435 MT	31	EXIT_OK=0
	32	EXIT_ERROR=1
	33	EXIT_CONF_ERROR=2
	34
	35	[ -n "${DEBUG}" ] \|\| DEBUG=
	36	[ -n "${VERBOSE}" ] \|\| VERBOSE=
	37
b5238f57	38	function is_mac() {
ae69ea7e	39	egrep -q "^[0-9a-f][0-9a-f]\:[0-9a-f][0-9a-f]\:[0-9a-f][0-9a-f]\:[0-9a-f][0-9a-f]\:[0-9a-f][0-9a-f]\:[0-9a-f][0-9a-f]$" <<<$1
b5238f57	40	}
63ef8328 MT	41
63ef8328 MT	42	function get_device_by_mac() {
ae69ea7e	43	local mac
4bded844	44	local device
ae69ea7e MT	45
	46	mac=$1
	47
4bded844 MT	48	for device in /sys/class/net/*; do
	49	if [ "$(cat $device/address)" = "$mac" ]; then
	50	device=${device##*/}
	51	# Skip virtual devices
	52	if [ -e "/proc/net/vlan/$device" ]; then
	53	continue
	54	fi
	55	# Skip zones
	56	if zone_exists ${device}; then
	57	continue
	58	fi
	59	echo ${device}
	60	return 0
63ef8328 MT	61	fi
63ef8328 MT	62	done
4bded844	63	return 1
63ef8328 MT	64	}
63ef8328 MT	65
ae69ea7e	66	function get_device_by_mac_and_vid() {
6ad03435 MT	67	local mac=$1
6ad03435 MT	68	local vid=$2
ae69ea7e MT	69
	70	local i
	71	local VID
	72	local DEVICE
4bded844 MT	73	if [ -e "/proc/net/vlan/config" ]; then
	74	grep '\|' /proc/net/vlan/config \| sed "s/\|//g" \| \
	75	while read DEVICE VID PARENT; do
	76	if [ "${vid}" = "${VID}" ] && [ "$(macify ${PARENT})" = "${mac}" ]; then
	77	echo "${DEVICE}"
	78	return 0
	79	fi
	80	done
	81	fi
ae69ea7e MT	82	return 1
	83	}
	84
90af6f24 MT	85	function get_device() {
	86	if [ ${#@} -gt 1 ]; then
	87	get_device_by_mac_and_vid $@
	88	else
	89	get_device_by_mac $@
	90	fi
	91	}
	92
63ef8328	93	function get_mac_by_device() {
ae69ea7e MT	94	local device
ae69ea7e MT	95	device=$1
63ef8328 MT	96	if [ -d "/sys/class/net/$device" ]; then
	97	cat /sys/class/net/$device/address
	98	return 0
	99	fi
	100	return 1
	101	}
b5238f57	102
90af6f24 MT	103	function get_mac() {
	104	get_mac_by_device $@
	105	}
	106
ae69ea7e	107	function devicify() {
6ad03435	108	local device=${1}
ae69ea7e MT	109	local mac
ae69ea7e MT	110
ae69ea7e MT	111	if is_mac ${device}; then
	112	mac=${device}
	113	device=$(get_device_by_mac ${device})
	114	fi
4bded844 MT	115	if [ -n "${device}" ]; then
	116	echo ${device}
	117	return 0
	118	else
	119	echo "devicify: Could not find device of $@" >&2
	120	return 1
	121	fi
ae69ea7e MT	122	}
	123
	124	function macify() {
6ad03435	125	local input=${1}
ae69ea7e MT	126	local mac
ae69ea7e MT	127
ae69ea7e MT	128	if is_mac ${input}; then
	129	mac=${input}
	130	else
	131	mac=$(get_mac_by_device ${input})
	132	fi
	133	echo ${mac}
	134	}
	135
b5238f57	136	function device_exists() {
ae69ea7e MT	137	ip link show $(devicify ${1}) &>/dev/null
	138	}
	139
cd1bc684 MT	140	function device_is_up() {
	141	ip link show $(devicify ${1}) 2>/dev/null \| grep -qE "<.UP.>"
	142	}
	143
6ad03435 MT	144	function device_rename() {
	145	local source=$1
	146	local destination=$2
ae69ea7e	147
4bded844 MT	148	# Replace + by a valid number
	149	if grep -q "+$" <<<${destination}; then
	150	local number
	151	destination=$(sed -e "s/+//" <<<$destination)
	152	number=0
6ad03435	153	while [ "${number}" -le "100" ]; do
4bded844 MT	154	if ! device_exists "${destination}${number}"; then
	155	destination="${destination}${number}"
	156	break
	157	fi
	158	number=$(($number + 1))
	159	done
	160	fi
	161
ae69ea7e MT	162	# Check if devices exist
	163	if ! device_exists ${source} \|\| device_exists ${destination}; then
	164	return 4
	165	fi
	166
4bded844	167	ip link set ${source} down
ae69ea7e	168	ip link set ${source} name ${destination}
4bded844	169	ip link set ${destination} up
ae69ea7e	170	return $?
b5238f57 MT	171	}
b5238f57 MT	172
6ad03435 MT	173	function hook_exists() {
	174	[ -x "${HOOKS_DIR}/${1}" ]
	175	}
	176
	177	function port_exists() {
	178	device_exists $@
b5238f57 MT	179	}
b5238f57 MT	180
cd1bc684	181	function port_is_up() {
6ad03435 MT	182	port_exists $@ && device_is_up $@
	183	}
	184
	185	function zone_exists() {
	186	[ -e "$CONFIG_ZONES/${1}" ]
cd1bc684 MT	187	}
	188
	189	function zone_is_up() {
	190	zone_exists $@ && device_is_up $@
	191	}
	192
b5238f57	193	function bridge_devices() {
6ad03435	194	local bridge=$1
ae69ea7e MT	195	[ -z "${bridge}" ] && return 2
	196	brctl show \| grep "^${bridge}" \| awk '{ print $NF }' \| grep -v "^interfaces$"
	197	}
	198
	199	function zone_add_port() {
6ad03435 MT	200	local zone=${1}
6ad03435 MT	201	local port=${2}
90af6f24 MT	202
	203	brctl addif ${zone} ${port}
	204	}
	205
	206	function zone_del_port() {
6ad03435 MT	207	local zone=${1}
6ad03435 MT	208	local port=${2}
90af6f24 MT	209
90af6f24 MT	210	brctl delif ${zone} ${port}
ae69ea7e MT	211	}
ae69ea7e MT	212
6ad03435	213	function zone_list() {
ae69ea7e	214	local zone
6ad03435	215	for zone in $(find ${CONFIG_ZONES}/* 2>/dev/null); do
ae69ea7e MT	216	[ -d "${zone}" ] && echo ${zone}
ae69ea7e MT	217	done
b5238f57	218	}
1135a884 MT	219
1135a884 MT	220	function run_hooks() {
6ad03435 MT	221	local action=${1}
6ad03435 MT	222	local dir=${2}
1135a884 MT	223	local failed
	224	local hook
	225	local hooks
1135a884 MT	226	shift 2
	227
	228	if [ -z "${action}" ] \|\| [ -z "${dir}" ]; then
	229	echo "Not enough parameters given." >&2
	230	return 1
	231	fi
	232
	233	for hook in $(find ${dir} -type f); do
	234	(
	235	. ${hook}
6ad03435 MT	236	if [ -n "${HOOK}" ] && hook_exists ${HOOK}; then
6ad03435 MT	237	/lib/network/hooks/${HOOK} --config=${hook} $@ ${action}
1135a884 MT	238	RET=$?
	239	else
	240	echo -e "${FAILURE}Unable to process ${hook}. Either"
	241	echo -e "${FAILURE}the HOOK variable was not set,"
	242	echo -e "${FAILURE}or the specified hook cannot be executed."
	243	message=""
	244	log_failure_msg
	245	fi
	246	exit ${RET}
	247	) \|\| failed=1
	248	done
	249
	250	return ${failed}
	251	}
6ad03435 MT	252
	253	function hook_type() {
	254	local hook=${1}
	255	(
	256	. $(hook_run ${hook} info)
	257	echo "${HOOK_TYPE}"
	258	)
	259	}
	260
	261	function config_get_hook() {
	262	local config=${1}
	263	if [ ! -e "${config}" ]; then
	264	log_failure_msg "Config file \"${config}\" does not exist."
	265	return ${EXIT_ERROR}
	266	fi
	267	( . ${config}; echo ${HOOK} )
	268	}
	269
	270	function hook_run() {
	271	local hook=${1}
	272	shift
	273
	274	if ! hook_exists ${hook}; then
	275	log_failure_msg "Hook ${hook} cannot be found or is not executeable."
	276	return ${EXIT_ERROR}
	277	fi
	278	decho "Running hook: ${hook} $@"
	279	DEBUG=${DEBUG} VERBOSE=${VERBOSE} ${HOOKS_DIR}/${hook} $@
	280	return $?
	281	}
	282
	283	function hook_run_multiple() {
	284	local zone
	285	local config
	286	local hook
	287	local hook_type2
	288	local type
	289
	290	while [ "$#" -gt "0" ]; do
	291	case "${1}" in
	292	--type=*)
	293	type=${1#--type=}
	294	;;
	295	*)
	296	zone=${1}
	297	break
	298	;;
	299	esac
	300	shift
	301	done
	302
	303	if ! zone_exists ${zone}; then
	304	return ${EXIT_ERROR}
	305	fi
	306
	307	for config in $(find ${CONFIG_ZONES}/${zone} 2>/dev/null); do
	308	hook=$(config_get_hook ${config})
	309	if [ -n "${type}" ]; then
	310	hook_type2=$(hook_type ${hook})
	311	if [ "${type}" != "${hook_type2}" ]; then
	312	continue
	313	fi
	314	fi
	315	hook_run ${hook} $@
316	done
317	}
318
319	function zone_run() {
320	local zone=${1}
321	shift
322
323	if ! zone_exists ${zone}; then
324	log_failure_msg "Zone ${zone} does not exist."
325	exit ${EXIT_ERROR}
326	fi
327	decho "Running zone: ${zone} $@"
328	DEBUG=${DEBUG} VERBOSE=${VERBOSE} ${HOME_DIR}/zone --zone=${zone} $@
329	return $?
330	}