]>
Commit | Line | Data |
---|---|---|
85de251d MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2010 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | . /usr/lib/network/header-zone | |
23 | ||
24 | SUPPORTED_IP_TUNNEL_MODES="gre" | |
25 | ||
26 | HOOK_SETTINGS="HOOK MODE PEER LOCAL_ADDRESS" | |
27 | ||
28 | # Default mode of the tunnel | |
29 | MODE="gre" | |
30 | ||
31 | # The IP address of the tunnel endpoint where to connect to | |
32 | PEER= | |
33 | ||
34 | # The local IP address of the tunnel endpoint | |
35 | LOCAL_ADDRESS= | |
36 | ||
37 | hook_check_settings() { | |
38 | assert isset MODE && assert isoneof MODE ${SUPPORTED_IP_TUNNEL_MODES} | |
39 | ||
40 | assert isset PEER && assert ip_is_valid "${PEER}" | |
41 | ||
42 | # LOCAL_ADDRESS must be valid and match the protocol of PEER | |
43 | if isset LOCAL_ADDRESS; then | |
44 | assert ip_is_valid "${LOCAL_ADDRESS}" | |
45 | assert ip_protocol_match "${PEER}" "${LOCAL_ADDRESS}" | |
46 | fi | |
47 | } | |
48 | ||
49 | hook_parse_cmdline() { | |
50 | while [ $# -gt 0 ]; do | |
51 | case "${1}" in | |
52 | --local-address=*) | |
53 | LOCAL_ADDRESS="$(cli_get_val "${1}")" | |
54 | ;; | |
55 | ||
56 | --mode=*) | |
57 | MODE="$(cli_get_val "${1}")" | |
58 | ||
59 | # MODE must be on the list of supported protocols | |
60 | if ! isoneof MODE ${SUPPORTED_IP_TUNNEL_MODES}; then | |
61 | error "Unsupported mode: ${mode}" | |
62 | return ${EXIT_ERROR} | |
63 | fi | |
64 | ;; | |
65 | ||
66 | --peer=*) | |
67 | PEER="$(cli_get_val "${1}")" | |
68 | ;; | |
69 | ||
70 | *) | |
71 | error "Unknown option: ${1}" | |
72 | exit ${EXIT_ERROR} | |
73 | ;; | |
74 | esac | |
75 | shift | |
76 | done | |
77 | ||
78 | # PEER must be set | |
79 | if ! isset PEER; then | |
80 | error "Peer is not set" | |
81 | return ${EXIT_ERROR} | |
82 | fi | |
83 | ||
84 | # PEER must be a valid IP address | |
85 | if ! ip_is_valid "${PEER}"; then | |
86 | error "Peer ${PEER} is not a valid IP address" | |
87 | return ${EXIT_ERROR} | |
88 | fi | |
89 | ||
90 | # If LOCAL_ADDRESS is set, it must be a valid IP address | |
91 | # of the same protocol than PEER is | |
92 | if isset LOCAL_ADDRESS; then | |
93 | if ! ip_is_valid "${LOCAL_ADDRESS}"; then | |
94 | error "Local address ${LOCAL_ADDRESS} is not a valid IP address" | |
95 | return ${EXIT_ERROR} | |
96 | fi | |
97 | ||
98 | if ! ip_protocol_match "${PEER}" "${LOCAL_ADDRESS}"; then | |
99 | error "Peer and local address are of different IP protocols" | |
100 | return ${EXIT_ERROR} | |
101 | fi | |
102 | fi | |
103 | ||
104 | return ${EXIT_OK} | |
105 | } | |
106 | ||
107 | hook_up() { | |
108 | local zone=${1} | |
109 | assert isset zone | |
110 | ||
111 | # Read configuration | |
112 | if ! zone_settings_read "${zone}"; then | |
113 | log ERROR "Could not read settings from ${zone}" | |
114 | exit ${EXIT_ERROR} | |
115 | fi | |
116 | ||
117 | # Create device if it doesn't exist, yet | |
118 | if ! device_exists "${zone}"; then | |
119 | ip_tunnel_add "${zone}" \ | |
120 | --mode="${MODE}" \ | |
121 | --remote-address="${PEER}" \ | |
122 | --local-address="${LOCAL_ADDRESS}" | |
123 | fi | |
124 | ||
125 | # Bring up the device | |
126 | device_set_up "${zone}" | |
127 | ||
128 | # Bring up all configurations | |
129 | zone_configs_up "${zone}" | |
130 | ||
131 | exit ${EXIT_OK} | |
132 | } | |
133 | ||
134 | hook_down() { | |
135 | local zone="${1}" | |
136 | assert isset zone | |
137 | ||
138 | # Stop all the configs. | |
139 | zone_configs_down "${zone}" | |
140 | ||
141 | # Remove the tunnel device | |
142 | ip_tunnel_del "${zone}" || exit $? | |
143 | ||
144 | exit ${EXIT_OK} | |
145 | } | |
146 | ||
147 | hook_status() { | |
148 | local zone=${1} | |
149 | assert isset zone | |
150 | ||
151 | cli_device_headline "${zone}" | |
152 | ||
153 | # Read configuration | |
154 | if ! zone_settings_read "${zone}"; then | |
155 | error "Could not read settings from ${zone}" | |
156 | exit ${EXIT_ERROR} | |
157 | fi | |
158 | ||
159 | cli_headline 2 "Configuration" | |
160 | cli_print_fmt1 2 "Mode" "$(ip_tunnel_protocol_to_name "${MODE}")" | |
161 | cli_print_fmt1 2 "Peer" "${PEER}" | |
162 | if isset LOCAL_ADDRESS; then | |
163 | cli_print_fmt1 2 "Local Address" "${LOCAL_ADDRESS}" | |
164 | fi | |
165 | cli_space | |
166 | ||
167 | cli_headline 2 "Configurations" | |
168 | zone_configs_cmd status "${zone}" | |
169 | cli_space | |
170 | ||
171 | exit ${EXIT_OK} | |
172 | } |