Got rid of vconfig and clean up a lot of stuff.
if enabled long; then
# Virtual devices.
- device_is_virtual ${device} && cli_device_virtual ${device}
+ device_is_vlan ${device} && cli_device_vlan ${device}
# Bonded devices.
device_is_bonded ${device} && cli_device_bonded ${device}
cli_space
}
-function cli_device_virtual() {
+function cli_device_vlan() {
local device=${1}
cli_headline 2 "VLAN"
- cli_print_fmt1 2 "Parent" "$(virtual_get_parent ${device})"
- cli_print_fmt1 2 "VID" "$(virtual_get_id ${device})"
+ cli_print_fmt1 2 "Parent" "$(vlan_get_parent ${device})"
+ cli_print_fmt1 2 "VID" "$(vlan_get_id ${device})"
cli_space
}
device_ifindex_to_name ${ifindex}
}
-# Check if the device is a virtual device
-function device_is_virtual() {
+# Check if the device is a vlan device
+function device_is_vlan() {
local device=${1}
+ assert isset device
- [ -e "/proc/net/vlan/${device}" ]
+ [ -e "${PROC_NET_VLAN}/${device}" ]
}
-# Check if the device has virtual devices
-function device_has_virtuals() {
+# Check if the device has vlan devices
+function device_has_vlans() {
local device=${1}
+ assert isset device
- if device_is_virtual ${device}; then
+ if device_is_vlan ${device}; then
return ${EXIT_FALSE}
fi
- local virtuals=$(device_get_virtuals ${device})
- [ -n "${virtuals}" ] && return ${EXIT_OK} || return ${EXIT_ERROR}
+ local vlans=$(device_get_vlans ${device})
+ [ -n "${vlans}" ] && return ${EXIT_OK} || return ${EXIT_ERROR}
}
-function device_get_virtuals() {
+function device_get_vlans() {
local device=${1}
+ assert isset device
# If no 8021q module has been loaded into the kernel,
# we cannot do anything.
- [ -r "/proc/net/vlan/config" ] || return ${EXIT_OK}
+ [ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}
local dev spacer1 id spacer2 parent
while read dev spacer1 id spacer2 parent; do
- [ "${parent}" = "${device}" ] && echo "${dev}"
- done < /proc/net/vlan/config | sort
+ [ "${parent}" = "${device}" ] || continue
+
+ print "${dev}"
+ done < ${PROC_NET_VLAN_CONFIG}
}
# Check if the device is a ppp device
device_is_ppp ${device} && \
return ${EXIT_ERROR}
- device_is_virtual ${device} && \
+ device_is_vlan ${device} && \
return ${EXIT_ERROR}
[ "$(__device_get_file ${device} type)" != "1" ] && \
function device_get_type() {
local device=${1}
- if device_is_virtual ${device}; then
+ if device_is_vlan ${device}; then
echo "vlan"
elif device_is_bonding ${device}; then
function device_is_used() {
local device=${1}
- device_has_virtuals ${device} && \
+ device_has_vlans ${device} && \
return ${EXIT_OK}
device_is_bonded ${device} && \
return ${EXIT_OK}
local device=${1}
local parent
- if device_is_virtual ${device}; then
- parent=$(virtual_get_parent ${device})
+ if device_is_vlan ${device}; then
+ parent=$(vlan_get_parent ${device})
device_is_up ${parent} && return ${EXIT_OK}
local device=${1}
local parent
- if device_is_virtual ${device}; then
- parent=$(virtual_get_parent ${device})
+ if device_is_vlan ${device}; then
+ parent=$(vlan_get_parent ${device})
device_is_up ${parent} || return ${EXIT_OK}
+++ /dev/null
-#!/bin/bash
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-function virtual_init() {
- module_load 8021q
-
- ebtables-restore <<EOF
-*filter
-:INPUT ACCEPT
-:FORWARD ACCEPT
-:OUTPUT ACCEPT
-
-*broute
-:BROUTING ACCEPT
--A BROUTING -p 802_1Q -j DROP
-EOF
-}
-
-function virtual_create() {
- local port=${1}
- local vid=${2}
- local mac=${3}
- local newport=${port}v${vid}
-
- if [ -z "${mac}" ]; then
- mac=$(mac_generate)
- fi
-
- # Initialize the vlan drivers just when we need them.
- virtual_init
-
- log INFO "Creating virtual device '${newport}' with address '${mac}'."
-
- local oldport=$(virtual_get_by_parent_and_vid ${port} ${vid})
-
- if device_exists ${oldport}; then
- local differences
-
- if [ "${oldport}" != "${newport}" ]; then
- differences="${differences} name"
- fi
- if [ "$(device_get_address ${oldport})" != "${mac}" ]; then
- differences="${differences} address"
- fi
-
- echo "differences: $differences"
-
- if [ -n "${differences}" ]; then
- if device_is_used ${oldport}; then
- error_log "There was a device '${oldport}' set up with VID '${vid}' and parent '${port}' which is used somewhere else. Cannot go on."
- return ${EXIT_ERROR}
- else
- log DEBUG "There is a device '${oldport}' but it not used, so we grab it to ourselves."
- fi
- else
- log DEBUG "Device '${newport}' already exists and reflects our configuration. Go on."
-
- device_set_up ${oldport}
- return ${EXIT_OK}
- fi
-
- else
- log DEBUG "Virtual device '${newport}' does not exist, yet."
-
- vconfig set_name_type DEV_PLUS_VID_NO_PAD >/dev/null
- vconfig add ${port} ${vid} >/dev/null
-
- if [ $? -ne ${EXIT_OK} ]; then
- error_log "Could not create virtual device '${newport}'."
- return ${EXIT_ERROR}
- fi
-
- oldport=$(virtual_get_by_parent_and_vid ${port} ${vid})
-
- fi
-
- assert device_exists ${oldport}
-
- if ! device_exists ${oldport}; then
- error "Could not determine the created virtual device '${newport}'."
- return ${EXIT_ERROR}
- fi
-
- # The device is expected to be named like ${port}.${vid}
- # and will be renamed to the virtual schema
- device_set_name ${oldport} ${newport}
-
- if [ $? -ne ${EXIT_OK} ]; then
- error_log "Could not set name of virtual device '${newport}'."
- return ${EXIT_ERROR}
- fi
-
- assert device_exists ${newport}
-
- # Setting new mac address
- device_set_address ${newport} ${mac}
-
- if [ $? -ne ${EXIT_OK} ]; then
- error_log "Could not set address '${mac}' to virtual device '${newport}'."
- return ${EXIT_ERROR}
- fi
-
- # Bring up the new device
- device_set_up ${newport}
-
- return ${EXIT_OK}
-}
-
-function virtual_remove() {
- local device=${1}
-
- log INFO "Removing virtual device '${device}' with address '$(macify ${device})'."
-
- device_set_down ${device}
-
- vconfig rem ${device} >/dev/null
-
- if [ $? -ne ${EXIT_OK} ]; then
- error_log "Could not remote virtual device '${newport}'."
- return ${EXIT_ERROR}
- fi
-
- return ${EXIT_OK}
-}
-
-function virtual_get_parent() {
- local device=${1}
-
- # Nothing to do, if 8021q module is not loaded.
- [ -r "/proc/net/vlan/config" ] || return ${EXIT_OK}
-
- local dev spacer1 id spacer2 parent
- while read dev spacer1 id spacer2 parent; do
- if [ "${device}" = "${dev}" ]; then
- echo "${parent}"
- return ${EXIT_OK}
- fi
- done < /proc/net/vlan/config
-
- return ${EXIT_ERROR}
-}
-
-function virtual_get_id() {
- local device=${1}
-
- # Nothing to do, if 8021q module is not loaded.
- [ -r "/proc/net/vlan/config" ] || return ${EXIT_OK}
-
- local dev spacer1 id spacer2 parent
- while read dev spacer1 id spacer2 parent; do
- if [ "${device}" = "${dev}" ]; then
- echo "${id}"
- return ${EXIT_OK}
- fi
- done < /proc/net/vlan/config
-
- return ${EXIT_ERROR}
-}
-
-function virtual_get_by_parent_and_vid() {
- local parent=${1}
- local vid=${2}
-
- assert isset parent
- assert isset vid
-
- # Nothing to do, if 8021q module is not loaded.
- [ -r "/proc/net/vlan/config" ] || return ${EXIT_OK}
-
- local dev spacer1 id spacer2 par
- while read dev spacer1 id spacer2 par; do
- if [ "${parent}" = "${par}" ] && [ "${vid}" = "${id}" ]; then
- echo "${dev}"
- return ${EXIT_OK}
- fi
- done < /proc/net/vlan/config
-
- return ${EXIT_ERROR}
-}
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2012 IPFire Network Development Team #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+PROC_NET_VLAN="/proc/net/vlan"
+PROC_NET_VLAN_CONFIG="${PROC_NET_VLAN}/config"
+
+VLAN_PORT_INTERFIX="v"
+
+function vlan_init() {
+ ebtables-restore <<EOF
+*filter
+:INPUT ACCEPT
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+
+*broute
+:BROUTING ACCEPT
+-A BROUTING -p 802_1Q -j DROP
+EOF
+}
+
+function vlan_create() {
+ local device=${1}
+ assert isset device
+
+ local parent=${2}
+ assert isset parent
+
+ local tag=${3}
+ assert isinteger tag
+
+ local address=${4}
+ if isset address; then
+ assert ismac address
+ fi
+
+ # Check if a device with the name does already exist.
+ if device_exists ${device}; then
+ log ERROR "device '${device}' does already exist"
+ return ${EXIT_ERROR}
+ fi
+
+ # Check if the parent device exists.
+ if ! device_exists ${parent}; then
+ log ERROR "parent device '${parent}' does not exist"
+ return ${EXIT_ERROR}
+ fi
+
+ # Load ebtables stuff.
+ vlan_init
+
+ local command="ip link add link ${parent} name ${device}"
+
+ if isset address; then
+ command="${command} address ${address}"
+ fi
+
+ command="${command} type vlan id ${tag}"
+
+ cmd_quiet ${command}
+ local ret=$?
+
+ if [ ${ret} -eq ${EXIT_OK} ]; then
+ log DEBUG "vlan device '${device}' has been created"
+ else
+ log ERROR "could not create vlan device '${device}': ${ret}"
+ fi
+
+ return ${ret}
+}
+
+function vlan_remove() {
+ local device=${1}
+ assert isset device
+
+ # Set down device (if not already done).
+ device_set_down ${device}
+
+ device_delete ${device}
+}
+
+function vlan_get_parent() {
+ local device=${1}
+ assert isset device
+
+ # Nothing to do, if 8021q module is not loaded.
+ [ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}
+
+ local dev spacer1 id spacer2 parent
+ while read dev spacer1 id spacer2 parent; do
+ [ "${device}" = "${dev}" ] || continue
+
+ print "${parent}"
+ return ${EXIT_OK}
+ done < ${PROC_NET_VLAN_CONFIG}
+
+ return ${EXIT_ERROR}
+}
+
+function vlan_get_id() {
+ local device=${1}
+ assert isset device
+
+ # Nothing to do, if 8021q module is not loaded.
+ [ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}
+
+ local dev spacer1 id spacer2 parent
+ while read dev spacer1 id spacer2 parent; do
+ [ "${device}" = "${dev}" ] || continue
+
+ print "${id}"
+ return ${EXIT_OK}
+ done < ${PROC_NET_VLAN_CONFIG}
+
+ return ${EXIT_ERROR}
+}
+
+function vlan_get_by_parent_and_vid() {
+ local parent=${1}
+ assert isset parent
+
+ local vid=${2}
+ assert isset vid
+
+ # Nothing to do, if 8021q module is not loaded.
+ [ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}
+
+ local dev spacer1 id spacer2 par
+ while read dev spacer1 id spacer2 par; do
+ [ "${parent}" = "${par}" ] || continue
+ [ "${vid}" = "${id}" ] || continue
+
+ print "${dev}"
+ return ${EXIT_OK}
+ done < ${PROC_NET_VLAN_CONFIG}
+
+ return ${EXIT_ERROR}
+}
. /usr/lib/network/header-port
-HOOK_SETTINGS="HOOK ADDRESS PARENT TAG"
+HOOK_SETTINGS="HOOK ADDRESS PARENT_DEVICE TAG"
PORT_PARENTS_VAR="PARENT"
-ADDRESS=$(mac_generate)
-
function _check() {
- assert isset PARENT
- assert ismac ADDRESS
+ assert isset PARENT_DEVICE
assert isinteger TAG
+ if isset ADDRESS; then
+ assert ismac ADDRESS
+ fi
+
if [ ${TAG} -gt 4096 ]; then
error "TAG is greater than 4096."
exit ${EXIT_ERROR}
function _create() {
while [ $# -gt 0 ]; do
case "${1}" in
- --device=*)
- PARENT=${1#--device=}
+ --parent-device=*)
+ PARENT_DEVICE=$(cli_get_val ${1})
;;
- --mac=*)
- ADDRESS=${1#--mac=}
+ --address=*)
+ ADDRESS=$(cli_get_val ${1})
;;
- --id=*)
- TAG=${1#--id=}
+ --tag=*)
+ TAG=$(cli_get_val ${1})
;;
*)
warning "Unknown argument '${1}'"
shift
done
- local port="${PARENT}v${TAG}"
+ local port="${PARENT_DEVICE}${VLAN_PORT_INTERFIX}${TAG}"
config_write $(port_file ${port}) ${HOOK_SETTINGS}
function _edit() {
local port=${1}
- shift
-
assert isset port
+ shift
config_read $(port_file ${port})
while [ $# -gt 0 ]; do
case "${1}" in
- --mac=*)
- ADDRESS=${1#--mac=}
+ --address=*)
+ ADDRESS=$(cli_get_val ${1})
;;
*)
warning "Unknown argument '${1}'"
function _up() {
local port=${1}
-
assert isset port
- config_read $(port_file ${port})
-
if ! device_exists ${port}; then
- virtual_create ${PARENT} ${TAG} ${ADDRESS}
+ # Read configuration file.
+ config_read $(port_file ${port}) ${HOOK_SETTINGS}
+
+ vlan_create ${port} ${PARENT_DEVICE} ${TAG} ${ADDRESS}
fi
+ # Bring up the device.
+ device_set_up ${port}
+
exit ${EXIT_OK}
}
function _down() {
local port=${1}
-
assert isset port
- config_read $(port_file ${port})
-
+ # Exit, if the port does not exist.
if ! device_exists ${port}; then
exit ${EXIT_OK}
fi
- virtual_remove ${port}
+ # Tear down the port.
+ device_set_down ${port}
+
+ # Remove the port.
+ vlan_remove ${port}
exit ${EXIT_OK}
}
cli_print_fmt1 1 "Promisc" "$(cli_print_bool $?)"
cli_space
- # Print all virtual devices.
- local virtuals=$(device_get_virtuals ${device})
- if [ -n "${virtuals}" ]; then
- cli_headline 2 "Virtual devices"
-
- local virtual
- for virtual in ${virtuals}; do
- cli_print 2 "* %-6s - %s" "${virtual}" "$(device_get_address ${virtual})"
+ # Print all vlan devices.
+ local vlans=$(device_get_vlans ${device})
+ if [ -n "${vlans}" ]; then
+ cli_headline 2 "VLAN devices"
+
+ local vlan
+ for vlan in ${vlans}; do
+ cli_print 2 "* %-6s - %s" "${vlan}" "$(device_get_address ${vlan})"
done
cli_space
fi