]>
Commit | Line | Data |
---|---|---|
85de251d MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2010 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | . /usr/lib/network/header-zone | |
23 | ||
55dcff45 | 24 | SUPPORTED_IP_TUNNEL_MODES="gre sit vti" |
85de251d | 25 | |
d389e96b MT |
26 | HOOK_SETTINGS=( |
27 | "MARK" | |
28 | "MODE" | |
9515b039 | 29 | "MTU" |
d389e96b MT |
30 | "PEER" |
31 | "LOCAL_ADDRESS" | |
32 | ) | |
85de251d MT |
33 | |
34 | # Default mode of the tunnel | |
53e764a7 | 35 | DEFAULT_MODE="gre" |
85de251d | 36 | |
9515b039 MT |
37 | # Default MTU |
38 | DEFAULT_MTU="1480" | |
39 | ||
85de251d MT |
40 | hook_check_settings() { |
41 | assert isset MODE && assert isoneof MODE ${SUPPORTED_IP_TUNNEL_MODES} | |
42 | ||
43 | assert isset PEER && assert ip_is_valid "${PEER}" | |
44 | ||
45 | # LOCAL_ADDRESS must be valid and match the protocol of PEER | |
46 | if isset LOCAL_ADDRESS; then | |
47 | assert ip_is_valid "${LOCAL_ADDRESS}" | |
48 | assert ip_protocol_match "${PEER}" "${LOCAL_ADDRESS}" | |
49 | fi | |
2cab7afb MT |
50 | |
51 | # Generate a random mark | |
52 | if ! isset MARK; then | |
53 | MARK="$(( ${RANDOM} & 0xffffffff ))" | |
54 | fi | |
85de251d MT |
55 | } |
56 | ||
57 | hook_parse_cmdline() { | |
58 | while [ $# -gt 0 ]; do | |
59 | case "${1}" in | |
60 | --local-address=*) | |
61 | LOCAL_ADDRESS="$(cli_get_val "${1}")" | |
62 | ;; | |
63 | ||
64 | --mode=*) | |
65 | MODE="$(cli_get_val "${1}")" | |
66 | ||
67 | # MODE must be on the list of supported protocols | |
68 | if ! isoneof MODE ${SUPPORTED_IP_TUNNEL_MODES}; then | |
69 | error "Unsupported mode: ${mode}" | |
70 | return ${EXIT_ERROR} | |
71 | fi | |
72 | ;; | |
73 | ||
9515b039 MT |
74 | --mtu=*) |
75 | MTU="$(cli_get_val "${1}")" | |
76 | ||
77 | # Validate MTU | |
78 | if ! mtu_is_valid "ipv6" "${MTU}"; then | |
79 | error "Invalid MTU: ${MTU}" | |
80 | return ${EXIT_ERROR} | |
81 | fi | |
82 | ;; | |
83 | ||
85de251d MT |
84 | --peer=*) |
85 | PEER="$(cli_get_val "${1}")" | |
86 | ;; | |
87 | ||
88 | *) | |
89 | error "Unknown option: ${1}" | |
90 | exit ${EXIT_ERROR} | |
91 | ;; | |
92 | esac | |
93 | shift | |
94 | done | |
95 | ||
bfaa4f61 MT |
96 | # If PEER is set, it must be a valid IP address |
97 | if isset PEER && ! ip_is_valid "${PEER}"; then | |
85de251d MT |
98 | error "Peer ${PEER} is not a valid IP address" |
99 | return ${EXIT_ERROR} | |
100 | fi | |
101 | ||
102 | # If LOCAL_ADDRESS is set, it must be a valid IP address | |
103 | # of the same protocol than PEER is | |
104 | if isset LOCAL_ADDRESS; then | |
105 | if ! ip_is_valid "${LOCAL_ADDRESS}"; then | |
106 | error "Local address ${LOCAL_ADDRESS} is not a valid IP address" | |
107 | return ${EXIT_ERROR} | |
108 | fi | |
109 | ||
110 | if ! ip_protocol_match "${PEER}" "${LOCAL_ADDRESS}"; then | |
111 | error "Peer and local address are of different IP protocols" | |
112 | return ${EXIT_ERROR} | |
113 | fi | |
114 | fi | |
115 | ||
116 | return ${EXIT_OK} | |
117 | } | |
118 | ||
119 | hook_up() { | |
120 | local zone=${1} | |
121 | assert isset zone | |
122 | ||
123 | # Read configuration | |
124 | if ! zone_settings_read "${zone}"; then | |
125 | log ERROR "Could not read settings from ${zone}" | |
126 | exit ${EXIT_ERROR} | |
127 | fi | |
128 | ||
129 | # Create device if it doesn't exist, yet | |
130 | if ! device_exists "${zone}"; then | |
131 | ip_tunnel_add "${zone}" \ | |
132 | --mode="${MODE}" \ | |
9515b039 | 133 | --mtu="${MTU}" \ |
85de251d | 134 | --remote-address="${PEER}" \ |
2cab7afb MT |
135 | --local-address="${LOCAL_ADDRESS}" \ |
136 | --ikey="${MARK}" \ | |
137 | --okey="${MARK}" | |
85de251d MT |
138 | fi |
139 | ||
140 | # Bring up the device | |
141 | device_set_up "${zone}" | |
142 | ||
143 | # Bring up all configurations | |
144 | zone_configs_up "${zone}" | |
145 | ||
146 | exit ${EXIT_OK} | |
147 | } | |
148 | ||
149 | hook_down() { | |
150 | local zone="${1}" | |
151 | assert isset zone | |
152 | ||
153 | # Stop all the configs. | |
154 | zone_configs_down "${zone}" | |
155 | ||
156 | # Remove the tunnel device | |
157 | ip_tunnel_del "${zone}" || exit $? | |
158 | ||
159 | exit ${EXIT_OK} | |
160 | } | |
161 | ||
162 | hook_status() { | |
163 | local zone=${1} | |
164 | assert isset zone | |
165 | ||
166 | cli_device_headline "${zone}" | |
167 | ||
168 | # Read configuration | |
169 | if ! zone_settings_read "${zone}"; then | |
170 | error "Could not read settings from ${zone}" | |
171 | exit ${EXIT_ERROR} | |
172 | fi | |
173 | ||
bfaa4f61 MT |
174 | cli_print_fmt1 1 "Mode" "$(ip_tunnel_protocol_to_name "${MODE}")" |
175 | ||
176 | if isset PEER || isset LOCAL_ADDRESS; then | |
177 | if isset PEER; then | |
178 | cli_print_fmt1 1 "Peer" "${PEER}" | |
179 | fi | |
180 | ||
181 | if isset LOCAL_ADDRESS; then | |
182 | cli_print_fmt1 1 "Local Address" "${LOCAL_ADDRESS}" | |
183 | fi | |
85de251d MT |
184 | fi |
185 | cli_space | |
186 | ||
187 | cli_headline 2 "Configurations" | |
188 | zone_configs_cmd status "${zone}" | |
189 | cli_space | |
190 | ||
191 | exit ${EXIT_OK} | |
192 | } |