]>
Commit | Line | Data |
---|---|---|
943e3f7e | 1 | #!/bin/bash |
9620ecef MT |
2 | ############################################################################### |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2010 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
943e3f7e MT |
21 | |
22 | function virtual_init() { | |
23 | module_load 8021q | |
b8357295 MT |
24 | |
25 | ebtables-restore <<EOF | |
26 | *filter | |
27 | :INPUT ACCEPT | |
28 | :FORWARD ACCEPT | |
29 | :OUTPUT ACCEPT | |
30 | ||
31 | *broute | |
32 | :BROUTING ACCEPT | |
33 | -A BROUTING -p 802_1Q -j DROP | |
34 | EOF | |
943e3f7e MT |
35 | } |
36 | ||
9620ecef | 37 | function virtual_create() { |
5bb2429a | 38 | local port=${1} |
9620ecef MT |
39 | local vid=${2} |
40 | local mac=${3} | |
41 | local newport=${port}v${vid} | |
42 | ||
43 | if [ -z "${mac}" ]; then | |
44 | mac=$(mac_generate) | |
45 | fi | |
46 | ||
482ab321 MT |
47 | # Initialize the vlan drivers just when we need them. |
48 | virtual_init | |
49 | ||
9620ecef MT |
50 | log INFO "Creating virtual device '${newport}' with address '${mac}'." |
51 | ||
52 | local oldport=$(virtual_get_by_parent_and_vid ${port} ${vid}) | |
53 | ||
54 | if device_exists ${oldport}; then | |
55 | local differences | |
56 | ||
57 | if [ "${oldport}" != "${newport}" ]; then | |
58 | differences="${differences} name" | |
59 | fi | |
60 | if [ "$(device_get_address ${oldport})" != "${mac}" ]; then | |
61 | differences="${differences} address" | |
62 | fi | |
63 | ||
64 | echo "differences: $differences" | |
65 | ||
66 | if [ -n "${differences}" ]; then | |
67 | if device_is_used ${oldport}; then | |
68 | error_log "There was a device '${oldport}' set up with VID '${vid}' and parent '${port}' which is used somewhere else. Cannot go on." | |
69 | return ${EXIT_ERROR} | |
70 | else | |
71 | log DEBUG "There is a device '${oldport}' but it not used, so we grab it to ourselves." | |
72 | fi | |
73 | else | |
74 | log DEBUG "Device '${newport}' already exists and reflects our configuration. Go on." | |
75 | ||
76 | device_set_up ${oldport} | |
77 | return ${EXIT_OK} | |
78 | fi | |
79 | ||
80 | else | |
81 | log DEBUG "Virtual device '${newport}' does not exist, yet." | |
82 | ||
83 | vconfig set_name_type DEV_PLUS_VID_NO_PAD >/dev/null | |
84 | vconfig add ${port} ${vid} >/dev/null | |
85 | ||
86 | if [ $? -ne ${EXIT_OK} ]; then | |
87 | error_log "Could not create virtual device '${newport}'." | |
88 | return ${EXIT_ERROR} | |
89 | fi | |
90 | ||
91 | oldport=$(virtual_get_by_parent_and_vid ${port} ${vid}) | |
92 | ||
93 | fi | |
94 | ||
95 | assert device_exists ${oldport} | |
96 | ||
97 | if ! device_exists ${oldport}; then | |
98 | error "Could not determine the created virtual device '${newport}'." | |
99 | return ${EXIT_ERROR} | |
100 | fi | |
101 | ||
102 | # The device is expected to be named like ${port}.${vid} | |
103 | # and will be renamed to the virtual schema | |
104 | device_set_name ${oldport} ${newport} | |
105 | ||
106 | if [ $? -ne ${EXIT_OK} ]; then | |
107 | error_log "Could not set name of virtual device '${newport}'." | |
108 | return ${EXIT_ERROR} | |
109 | fi | |
110 | ||
111 | assert device_exists ${newport} | |
112 | ||
113 | # Setting new mac address | |
114 | device_set_address ${newport} ${mac} | |
115 | ||
116 | if [ $? -ne ${EXIT_OK} ]; then | |
117 | error_log "Could not set address '${mac}' to virtual device '${newport}'." | |
118 | return ${EXIT_ERROR} | |
119 | fi | |
120 | ||
121 | # Bring up the new device | |
122 | device_set_up ${newport} | |
123 | ||
124 | return ${EXIT_OK} | |
125 | } | |
126 | ||
127 | function virtual_remove() { | |
5bb2429a | 128 | local device=${1} |
9620ecef MT |
129 | |
130 | log INFO "Removing virtual device '${device}' with address '$(macify ${device})'." | |
131 | ||
132 | device_set_down ${device} | |
133 | ||
134 | vconfig rem ${device} >/dev/null | |
135 | ||
136 | if [ $? -ne ${EXIT_OK} ]; then | |
137 | error_log "Could not remote virtual device '${newport}'." | |
138 | return ${EXIT_ERROR} | |
139 | fi | |
140 | ||
141 | return ${EXIT_OK} | |
142 | } | |
143 | ||
144 | function virtual_get_parent() { | |
145 | local device=${1} | |
146 | ||
147 | local parent=$(grep "^${device}" < /proc/net/vlan/config | awk '{ print $NF }') | |
148 | ||
149 | if device_exists ${parent}; then | |
150 | echo "${parent}" | |
151 | return ${EXIT_OK} | |
152 | fi | |
153 | ||
154 | return ${EXIT_ERROR} | |
155 | } | |
156 | ||
157 | function virtual_get_by_parent_and_vid() { | |
158 | local parent=${1} | |
159 | local vid=${2} | |
160 | ||
161 | assert isset parent | |
162 | assert isset vid | |
163 | ||
164 | local v_port | |
165 | local v_id | |
166 | local v_parent | |
167 | ||
168 | assert [ -e "/proc/net/vlan/config" ] | |
169 | ||
170 | fgrep '|' < /proc/net/vlan/config | tr -d '|' | \ | |
171 | while read v_port v_id v_parent; do | |
172 | if [ "${v_parent}" = "${parent}" ] && [ "${v_id}" = "${vid}" ]; then | |
173 | echo "${v_port}" | |
174 | return ${EXIT_OK} | |
175 | fi | |
176 | done | |
177 | ||
178 | return ${EXIT_ERROR} | |
179 | } |