[people/stevee/network.git] / src / hooks / zones / 6to4-tunnel

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

. /usr/lib/network/header-zone

HOOK_SETTINGS="HOOK SERVER_ADDRESS LOCAL_ADDRESS LOCAL_ADDRESS6 TUNNEL_ID"
HOOK_SETTINGS="${HOOK_SETTINGS} AUTO_UPDATE_ENDPOINT USERNAME PASSWORD"

# The IPv4 address of the tunnel endpoint where to connect to.
SERVER_ADDRESS=

# The local IPv4 address of the tunnel endpoint.
LOCAL_ADDRESS=

# The address that is assigned to the tunnel device (with prefix).
LOCAL_ADDRESS6=

# True if the endpoint IP address should be automatically
# updated each time the tunnel connects.
AUTO_UPDATE_ENDPOINT="false"

# The ID of the tunnel.
TUNNEL_ID=

# Credentials for the tunnelbroker.net service.
USERNAME=
PASSWORD=

hook_check_settings() {
	assert isset SERVER_ADDRESS
	assert isset LOCAL_ADDRESS
	assert isset LOCAL_ADDRESS6
	# LOCAL_ADDRESS6 needs to have a prefix
	assert ipv6_net_is_valid LOCAL_ADDRESS6

	if enabled AUTO_UPDATE_ENDPOINT; then
		assert isset TUNNEL_ID
		assert isset USERNAME
		assert isset PASSWORD
	fi
}

hook_parse_cmdline() {
	local value

	while [ $# -gt 0 ]; do
		case "${1}" in
			--server-address=*)
				SERVER_ADDRESS=$(cli_get_val "${1}")
				;;
			--local-ipv4-address=*)
				LOCAL_ADDRESS=$(cli_get_val "${1}")
				;;
			--local-ipv6-address=*)
				LOCAL_ADDRESS6=$(cli_get_val "${1}")
				;;
			--auto-update-endpoint=*)
				local val="$(cli_get_val "${1}")"

				if enabled val; then
					AUTO_UPDATE_ENDPOINT="true"
				else
					AUTO_UPADTE_ENDPOINT="false"
				fi
				;;
			--tunnel-id=*)
				TUNNEL_ID="$(cli_get_val "${1}")"
				;;
			--username=*)
				USERNAME="$(cli_get_val "${1}")"
				;;
			--password=*)
				PASSWORD="$(cli_get_val "${1}")"
				;;
			*)
				echo "Unknown option: ${1}" >&2
				exit ${EXIT_ERROR}
				;;
		esac
		shift
	done
}

hook_up() {
	local zone=${1}
	assert isset zone

	# Read configuration options.
	zone_settings_read "${zone}"

	if enabled AUTO_UPDATE_ENDPOINT; then
		log DEBUG "Updating tunnel endpoint"

		he_tunnelbroker_endpoint_update \
			--username="${USERNAME}" \
			--password="${PASSWORD}" \
			--tunnel-id="${TUNNEL_ID}"
	fi

	ip_tunnel_add ${zone} --ttl=255 \
		--remote-address="${SERVER_ADDRESS}" \
		--local-address="${LOCAL_ADDRESS}"

	# Bring up the device.
	device_set_up ${zone}

	# Assign IPv6 address.
	ip_address_add ${zone} ${LOCAL_ADDRESS6}

	# Update routing information.
	db_set "${zone}/ipv6/type" "${HOOK}"
	db_set "${zone}/ipv6/local-ip-address" "${LOCAL_ADDRESS6}"
	db_set "${zone}/ipv6/active" 1

	# Update the routing database.
	routing_update ${zone} ipv6
	routing_default_update

	exit ${EXIT_OK}
}

hook_down() {
	local zone=${1}
	assert isset zone

	# Remove everything from the routing db.
	db_delete "${zone}/ipv6"

	routing_update ${zone} ipv6
	routing_default_update

	# Remove the tunnel device.
	ip_tunnel_del ${zone}

	exit ${EXIT_OK}
}

hook_status() {
	local zone=${1}
	assert isset zone

	cli_device_headline ${zone}

	zone_settings_read "${zone}"

	local server_line="${SERVER_ADDRESS}"
	local server_hostname=$(dns_get_hostname ${SERVER_ADDRESS})
	if [ -n "${server_hostname}" ]; then
		server_line="${server_line} (Hostname: ${server_hostname})"
	fi

	cli_headline 2 "Configuration"
	cli_print_fmt1 2 "Server" "${server_line}"
	cli_print_fmt1 2 "Endpoint IPv4 address" "${LOCAL_ADDRESS}"
	cli_print_fmt1 2 "Endpoint IPv6 address" "${LOCAL_ADDRESS6}"
	cli_space

	exit ${EXIT_OK}
}
Commit	Line	Data
cccb3a4b MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
	22	. /usr/lib/network/header-zone
	23
8065d37b MT	24	HOOK_SETTINGS="HOOK SERVER_ADDRESS LOCAL_ADDRESS LOCAL_ADDRESS6 TUNNEL_ID"
8065d37b MT	25	HOOK_SETTINGS="${HOOK_SETTINGS} AUTO_UPDATE_ENDPOINT USERNAME PASSWORD"
cccb3a4b MT	26
	27	# The IPv4 address of the tunnel endpoint where to connect to.
	28	SERVER_ADDRESS=
	29
	30	# The local IPv4 address of the tunnel endpoint.
	31	LOCAL_ADDRESS=
	32
	33	# The address that is assigned to the tunnel device (with prefix).
	34	LOCAL_ADDRESS6=
	35
8065d37b MT	36	# True if the endpoint IP address should be automatically
	37	# updated each time the tunnel connects.
	38	AUTO_UPDATE_ENDPOINT="false"
	39
	40	# The ID of the tunnel.
	41	TUNNEL_ID=
	42
	43	# Credentials for the tunnelbroker.net service.
	44	USERNAME=
	45	PASSWORD=
	46
1c6a4e30	47	hook_check_settings() {
cccb3a4b MT	48	assert isset SERVER_ADDRESS
	49	assert isset LOCAL_ADDRESS
	50	assert isset LOCAL_ADDRESS6
f356ea0b JS	51	# LOCAL_ADDRESS6 needs to have a prefix
f356ea0b JS	52	assert ipv6_net_is_valid LOCAL_ADDRESS6
8065d37b MT	53
	54	if enabled AUTO_UPDATE_ENDPOINT; then
	55	assert isset TUNNEL_ID
	56	assert isset USERNAME
	57	assert isset PASSWORD
	58	fi
cccb3a4b MT	59	}
cccb3a4b MT	60
1c6a4e30	61	hook_parse_cmdline() {
cccb3a4b MT	62	local value
	63
	64	while [ $# -gt 0 ]; do
	65	case "${1}" in
	66	--server-address=*)
2212045f	67	SERVER_ADDRESS=$(cli_get_val "${1}")
cccb3a4b MT	68	;;
cccb3a4b MT	69	--local-ipv4-address=*)
2212045f	70	LOCAL_ADDRESS=$(cli_get_val "${1}")
cccb3a4b MT	71	;;
cccb3a4b MT	72	--local-ipv6-address=*)
2212045f	73	LOCAL_ADDRESS6=$(cli_get_val "${1}")
cccb3a4b	74	;;
8065d37b	75	--auto-update-endpoint=*)
2212045f	76	local val="$(cli_get_val "${1}")"
8065d37b MT	77
	78	if enabled val; then
	79	AUTO_UPDATE_ENDPOINT="true"
	80	else
	81	AUTO_UPADTE_ENDPOINT="false"
	82	fi
	83	;;
	84	--tunnel-id=*)
2212045f	85	TUNNEL_ID="$(cli_get_val "${1}")"
8065d37b MT	86	;;
8065d37b MT	87	--username=*)
2212045f	88	USERNAME="$(cli_get_val "${1}")"
8065d37b MT	89	;;
8065d37b MT	90	--password=*)
2212045f	91	PASSWORD="$(cli_get_val "${1}")"
8065d37b	92	;;
cccb3a4b MT	93	*)
	94	echo "Unknown option: ${1}" >&2
	95	exit ${EXIT_ERROR}
	96	;;
	97	esac
	98	shift
	99	done
	100	}
	101
1c6a4e30	102	hook_up() {
cccb3a4b MT	103	local zone=${1}
	104	assert isset zone
	105
	106	# Read configuration options.
1e6f187e	107	zone_settings_read "${zone}"
cccb3a4b	108
8065d37b MT	109	if enabled AUTO_UPDATE_ENDPOINT; then
	110	log DEBUG "Updating tunnel endpoint"
	111
	112	he_tunnelbroker_endpoint_update \
	113	--username="${USERNAME}" \
	114	--password="${PASSWORD}" \
	115	--tunnel-id="${TUNNEL_ID}"
	116	fi
	117
cccb3a4b MT	118	ip_tunnel_add ${zone} --ttl=255 \
	119	--remote-address="${SERVER_ADDRESS}" \
	120	--local-address="${LOCAL_ADDRESS}"
	121
	122	# Bring up the device.
	123	device_set_up ${zone}
	124
	125	# Assign IPv6 address.
	126	ip_address_add ${zone} ${LOCAL_ADDRESS6}
	127
	128	# Update routing information.
c041b631 MT	129	db_set "${zone}/ipv6/type" "${HOOK}"
	130	db_set "${zone}/ipv6/local-ip-address" "${LOCAL_ADDRESS6}"
	131	db_set "${zone}/ipv6/active" 1
cccb3a4b MT	132
	133	# Update the routing database.
	134	routing_update ${zone} ipv6
	135	routing_default_update
	136
	137	exit ${EXIT_OK}
	138	}
	139
1c6a4e30	140	hook_down() {
cccb3a4b MT	141	local zone=${1}
	142	assert isset zone
	143
	144	# Remove everything from the routing db.
c041b631 MT	145	db_delete "${zone}/ipv6"
c041b631 MT	146
cccb3a4b MT	147	routing_update ${zone} ipv6
	148	routing_default_update
	149
	150	# Remove the tunnel device.
	151	ip_tunnel_del ${zone}
	152
	153	exit ${EXIT_OK}
	154	}
	155
1c6a4e30	156	hook_status() {
cccb3a4b MT	157	local zone=${1}
	158	assert isset zone
	159
3cb2fc42	160	cli_device_headline ${zone}
cccb3a4b	161
1e6f187e	162	zone_settings_read "${zone}"
cccb3a4b MT	163
	164	local server_line="${SERVER_ADDRESS}"
	165	local server_hostname=$(dns_get_hostname ${SERVER_ADDRESS})
	166	if [ -n "${server_hostname}" ]; then
	167	server_line="${server_line} (Hostname: ${server_hostname})"
	168	fi
	169
3cb2fc42 MT	170	cli_headline 2 "Configuration"
	171	cli_print_fmt1 2 "Server" "${server_line}"
	172	cli_print_fmt1 2 "Endpoint IPv4 address" "${LOCAL_ADDRESS}"
	173	cli_print_fmt1 2 "Endpoint IPv6 address" "${LOCAL_ADDRESS6}"
	174	cli_space
cccb3a4b MT	175
	176	exit ${EXIT_OK}
	177	}