[people/stevee/network.git] / src / functions / functions.bird

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2018  IPFire Network Development Team                         #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

BIRD_CONF="/etc/bird.conf"

bird_start() {
	service_start "bird.service"
}

bird_stop() {
	service_stop "bird.service"
}

bird_reload() {
	service_reload "bird.service"
}

# Update configuration any apply it in one go
bird_update() {
	if ! bird_generate_config; then
		log ERROR "Could not write Bird configuration"
		return ${EXIT_ERROR}
	fi

	# Reload bird
	bird_reload
}

bird_generate_config() {
	log DEBUG "Write BIRD configuration file"

	# Write header
	config_header "bird" > ${BIRD_CONF}

	# Write some basic settings
	local proto
	(
		print "# Log everything to syslog"
		print "log syslog all;"
		print

		print "# Turn on internal watchdog"
		print "watchdog warning 5s;"
		print "watchdog timeout 30s;"
		print

		print "# Define default route tables"
		print "ipv6 table master6;"
		print "ipv4 table master4;"

		print "# Enable device configuration"
		print "protocol device {}"
		print

		print "# Export all routes to kernel"
		for proto in ${IP_SUPPORTED_PROTOCOLS}; do
			print "protocol kernel {"
			print "	${proto} {"
			print "		table ${proto/ipv/master};"
			print "		export all;"
			print "	};"
			print "	learn;"
			print "}"
			print
		done
	) >> ${BIRD_CONF}

	# Static routes
	for proto in ${IP_SUPPORTED_PROTOCOLS}; do
		print "protocol static {"
		print "	${proto};"
		print

		# Read routes for this protocol from configuration
		__bird_static_routes "${proto}"

		print "}"
		print
	done >> ${BIRD_CONF}

	# Write IPv6 Router Advertisement configuration
	__bird_ipv6_radv >> ${BIRD_CONF}
}

__bird_static_routes() {
	local proto="${1}"
	assert isset proto

	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	local line
	while read line; do
		route_parse_line "${line}"
		[ $? -eq ${EXIT_OK} ] || continue

		local type
		local arg
		for arg in unreachable prohibit blackhole; do
			if enabled "${arg}"; then
				type="${arg}"
				break
			fi
		done

		# Skip all routes of another protocol
		local _proto="$(ip_detect_protocol "${network}")"
		if [ "${proto}" != "${_proto}" ]; then
			continue
		fi

		case "${type}" in
			unreachable|prohibit|blackhole)
				print "	route ${network} ${type};"
				;;

			*)
				print "	route ${network} via ${gateway};"
				;;
		esac
	done < ${NETWORK_CONFIG_ROUTES}
}

__bird_ipv6_radv() {
	print "protocol radv {"

	local zone
	for zone in $(zones_get_local); do
		log DEBUG "Writing bird radv configuration for ${zone}"

		# Skip if there is no prefix or prefix is link-local.
		local addr="$(db_get "${zone}/ipv6/local-ip-address")"
		if [ -z "${addr}" ] || [ "${addr:0:5}" = "fe80:" ]; then
			continue
		fi

		# Check if the subnet is configured by the DHCP server.
		local dhcp="false"
		local prefix="$(ipv6_get_network "${addr}")"
		if isset prefix && dhcpd_subnet_match ipv6 "${prefix}"; then
			dhcp="true"
		fi

		print "	interface \"${zone}\" {"
			# Failover to other routers within 10s
			print "		max ra interval 10;"

			# Tell clients we are running DHCP
			if enabled dhcp; then
				print "		managed yes;"
				print "		other config yes;"
			fi

			if device_exists "${zone}"; then
				# Announce link MTU
				local mtu="$(device_get_mtu "${zone}")"
				print "		link mtu ${mtu};"
			fi

			print # empty line

			# Announce all prefixes
			print "		prefix ::/0 {"

			if enabled dhcp; then
				print "			autonomous off;"
			fi

			print "		};"
		print "	};\n"
	done

	# Advertise any DNS servers
	if enabled DNS_ADVERTISE_SERVERS; then
		# Get a list of all IPv6 name servers
		local servers=()
		local server
		for server in $(dns_server_list_sorted); do
			# Skip any non-IPv6 servers
			ipv6_is_valid "${server}" || continue

			servers+=( "${server}" )
		done

		if isset servers; then
			print "	rdnss {"

			local server
			for server in ${servers}; do
				print "		ns ${server};"
			done

			print "	};"
		fi
	fi

	# DNS Search Domain
	print "	dnssl {"

	local domain
	for domain in $(dns_get_search_domains); do
		print "		domain \"${domain}\";"
	done

	print "	};"

	print "}\n"
}
Commit	Line	Data
6a1b0fb1 MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2018 IPFire Network Development Team #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
	22	BIRD_CONF="/etc/bird.conf"
	23
	24	bird_start() {
	25	service_start "bird.service"
	26	}
	27
	28	bird_stop() {
	29	service_stop "bird.service"
	30	}
	31
	32	bird_reload() {
	33	service_reload "bird.service"
	34	}
	35
1cb20d39 MT	36	# Update configuration any apply it in one go
	37	bird_update() {
	38	if ! bird_generate_config; then
	39	log ERROR "Could not write Bird configuration"
	40	return ${EXIT_ERROR}
	41	fi
	42
	43	# Reload bird
	44	bird_reload
	45	}
	46
6a1b0fb1 MT	47	bird_generate_config() {
	48	log DEBUG "Write BIRD configuration file"
	49
	50	# Write header
	51	config_header "bird" > ${BIRD_CONF}
	52
	53	# Write some basic settings
	54	local proto
	55	(
	56	print "# Log everything to syslog"
	57	print "log syslog all;"
	58	print
	59
	60	print "# Turn on internal watchdog"
	61	print "watchdog warning 5s;"
	62	print "watchdog timeout 30s;"
	63	print
	64
	65	print "# Define default route tables"
	66	print "ipv6 table master6;"
	67	print "ipv4 table master4;"
	68
	69	print "# Enable device configuration"
	70	print "protocol device {}"
	71	print
	72
	73	print "# Export all routes to kernel"
0a578797	74	for proto in ${IP_SUPPORTED_PROTOCOLS}; do
6a1b0fb1 MT	75	print "protocol kernel {"
	76	print " ${proto} {"
	77	print " table ${proto/ipv/master};"
	78	print " export all;"
	79	print " };"
	80	print " learn;"
	81	print "}"
	82	print
	83	done
	84	) >> ${BIRD_CONF}
0a578797 MT	85
	86	# Static routes
	87	for proto in ${IP_SUPPORTED_PROTOCOLS}; do
	88	print "protocol static {"
	89	print " ${proto};"
	90	print
	91
	92	# Read routes for this protocol from configuration
	93	__bird_static_routes "${proto}"
	94
	95	print "}"
	96	print
	97	done >> ${BIRD_CONF}
7a3747a1 MT	98
	99	# Write IPv6 Router Advertisement configuration
	100	__bird_ipv6_radv >> ${BIRD_CONF}
0a578797 MT	101	}
	102
	103	__bird_static_routes() {
	104	local proto="${1}"
	105	assert isset proto
	106
	107	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	108	local line
	109	while read line; do
	110	route_parse_line "${line}"
	111	[ $? -eq ${EXIT_OK} ] \|\| continue
	112
	113	local type
	114	local arg
	115	for arg in unreachable prohibit blackhole; do
	116	if enabled "${arg}"; then
	117	type="${arg}"
	118	break
	119	fi
	120	done
	121
	122	# Skip all routes of another protocol
	123	local _proto="$(ip_detect_protocol "${network}")"
	124	if [ "${proto}" != "${_proto}" ]; then
	125	continue
	126	fi
	127
	128	case "${type}" in
	129	unreachable\|prohibit\|blackhole)
	130	print " route ${network} ${type};"
	131	;;
	132
	133	*)
	134	print " route ${network} via ${gateway};"
	135	;;
	136	esac
	137	done < ${NETWORK_CONFIG_ROUTES}
6a1b0fb1	138	}
7a3747a1 MT	139
	140	__bird_ipv6_radv() {
	141	print "protocol radv {"
	142
	143	local zone
	144	for zone in $(zones_get_local); do
	145	log DEBUG "Writing bird radv configuration for ${zone}"
	146
	147	# Skip if there is no prefix or prefix is link-local.
	148	local addr="$(db_get "${zone}/ipv6/local-ip-address")"
	149	if [ -z "${addr}" ] \|\| [ "${addr:0:5}" = "fe80:" ]; then
	150	continue
	151	fi
	152
	153	# Check if the subnet is configured by the DHCP server.
	154	local dhcp="false"
	155	local prefix="$(ipv6_get_network "${addr}")"
	156	if isset prefix && dhcpd_subnet_match ipv6 "${prefix}"; then
	157	dhcp="true"
	158	fi
	159
	160	print " interface \"${zone}\" {"
	161	# Failover to other routers within 10s
	162	print " max ra interval 10;"
	163
	164	# Tell clients we are running DHCP
	165	if enabled dhcp; then
	166	print " managed yes;"
	167	print " other config yes;"
	168	fi
	169
	170	if device_exists "${zone}"; then
	171	# Announce link MTU
	172	local mtu="$(device_get_mtu "${zone}")"
	173	print " link mtu ${mtu};"
	174	fi
	175
	176	print # empty line
	177
	178	# Announce all prefixes
	179	print " prefix ::/0 {"
	180
	181	if enabled dhcp; then
	182	print " autonomous off;"
	183	fi
	184
	185	print " };"
	186	print " };\n"
	187	done
	188
	189	# Advertise any DNS servers
	190	if enabled DNS_ADVERTISE_SERVERS; then
	191	# Get a list of all IPv6 name servers
	192	local servers=()
	193	local server
	194	for server in $(dns_server_list_sorted); do
	195	# Skip any non-IPv6 servers
	196	ipv6_is_valid "${server}" \|\| continue
	197
	198	servers+=( "${server}" )
	199	done
	200
	201	if isset servers; then
	202	print " rdnss {"
203
204	local server
205	for server in ${servers}; do
206	print " ns ${server};"
207	done
208
209	print " };"
210	fi
211	fi
212
213	# DNS Search Domain
214	print " dnssl {"
215
216	local domain
217	for domain in $(dns_get_search_domains); do
218	print " domain \"${domain}\";"
219	done
220
221	print " };"
222
223	print "}\n"
224	}