]>
Commit | Line | Data |
---|---|---|
943e3f7e | 1 | #!/bin/bash |
9620ecef MT |
2 | ############################################################################### |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2010 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
943e3f7e MT |
21 | |
22 | function virtual_init() { | |
23 | module_load 8021q | |
b8357295 MT |
24 | |
25 | ebtables-restore <<EOF | |
26 | *filter | |
27 | :INPUT ACCEPT | |
28 | :FORWARD ACCEPT | |
29 | :OUTPUT ACCEPT | |
30 | ||
31 | *broute | |
32 | :BROUTING ACCEPT | |
33 | -A BROUTING -p 802_1Q -j DROP | |
34 | EOF | |
943e3f7e MT |
35 | } |
36 | ||
37 | init_register virtual_init | |
9620ecef | 38 | |
9620ecef | 39 | function virtual_create() { |
5bb2429a | 40 | local port=${1} |
9620ecef MT |
41 | local vid=${2} |
42 | local mac=${3} | |
43 | local newport=${port}v${vid} | |
44 | ||
45 | if [ -z "${mac}" ]; then | |
46 | mac=$(mac_generate) | |
47 | fi | |
48 | ||
49 | log INFO "Creating virtual device '${newport}' with address '${mac}'." | |
50 | ||
51 | local oldport=$(virtual_get_by_parent_and_vid ${port} ${vid}) | |
52 | ||
53 | if device_exists ${oldport}; then | |
54 | local differences | |
55 | ||
56 | if [ "${oldport}" != "${newport}" ]; then | |
57 | differences="${differences} name" | |
58 | fi | |
59 | if [ "$(device_get_address ${oldport})" != "${mac}" ]; then | |
60 | differences="${differences} address" | |
61 | fi | |
62 | ||
63 | echo "differences: $differences" | |
64 | ||
65 | if [ -n "${differences}" ]; then | |
66 | if device_is_used ${oldport}; then | |
67 | error_log "There was a device '${oldport}' set up with VID '${vid}' and parent '${port}' which is used somewhere else. Cannot go on." | |
68 | return ${EXIT_ERROR} | |
69 | else | |
70 | log DEBUG "There is a device '${oldport}' but it not used, so we grab it to ourselves." | |
71 | fi | |
72 | else | |
73 | log DEBUG "Device '${newport}' already exists and reflects our configuration. Go on." | |
74 | ||
75 | device_set_up ${oldport} | |
76 | return ${EXIT_OK} | |
77 | fi | |
78 | ||
79 | else | |
80 | log DEBUG "Virtual device '${newport}' does not exist, yet." | |
81 | ||
82 | vconfig set_name_type DEV_PLUS_VID_NO_PAD >/dev/null | |
83 | vconfig add ${port} ${vid} >/dev/null | |
84 | ||
85 | if [ $? -ne ${EXIT_OK} ]; then | |
86 | error_log "Could not create virtual device '${newport}'." | |
87 | return ${EXIT_ERROR} | |
88 | fi | |
89 | ||
90 | oldport=$(virtual_get_by_parent_and_vid ${port} ${vid}) | |
91 | ||
92 | fi | |
93 | ||
94 | assert device_exists ${oldport} | |
95 | ||
96 | if ! device_exists ${oldport}; then | |
97 | error "Could not determine the created virtual device '${newport}'." | |
98 | return ${EXIT_ERROR} | |
99 | fi | |
100 | ||
101 | # The device is expected to be named like ${port}.${vid} | |
102 | # and will be renamed to the virtual schema | |
103 | device_set_name ${oldport} ${newport} | |
104 | ||
105 | if [ $? -ne ${EXIT_OK} ]; then | |
106 | error_log "Could not set name of virtual device '${newport}'." | |
107 | return ${EXIT_ERROR} | |
108 | fi | |
109 | ||
110 | assert device_exists ${newport} | |
111 | ||
112 | # Setting new mac address | |
113 | device_set_address ${newport} ${mac} | |
114 | ||
115 | if [ $? -ne ${EXIT_OK} ]; then | |
116 | error_log "Could not set address '${mac}' to virtual device '${newport}'." | |
117 | return ${EXIT_ERROR} | |
118 | fi | |
119 | ||
120 | # Bring up the new device | |
121 | device_set_up ${newport} | |
122 | ||
123 | return ${EXIT_OK} | |
124 | } | |
125 | ||
126 | function virtual_remove() { | |
5bb2429a | 127 | local device=${1} |
9620ecef MT |
128 | |
129 | log INFO "Removing virtual device '${device}' with address '$(macify ${device})'." | |
130 | ||
131 | device_set_down ${device} | |
132 | ||
133 | vconfig rem ${device} >/dev/null | |
134 | ||
135 | if [ $? -ne ${EXIT_OK} ]; then | |
136 | error_log "Could not remote virtual device '${newport}'." | |
137 | return ${EXIT_ERROR} | |
138 | fi | |
139 | ||
140 | return ${EXIT_OK} | |
141 | } | |
142 | ||
143 | function virtual_get_parent() { | |
144 | local device=${1} | |
145 | ||
146 | local parent=$(grep "^${device}" < /proc/net/vlan/config | awk '{ print $NF }') | |
147 | ||
148 | if device_exists ${parent}; then | |
149 | echo "${parent}" | |
150 | return ${EXIT_OK} | |
151 | fi | |
152 | ||
153 | return ${EXIT_ERROR} | |
154 | } | |
155 | ||
156 | function virtual_get_by_parent_and_vid() { | |
157 | local parent=${1} | |
158 | local vid=${2} | |
159 | ||
160 | assert isset parent | |
161 | assert isset vid | |
162 | ||
163 | local v_port | |
164 | local v_id | |
165 | local v_parent | |
166 | ||
167 | assert [ -e "/proc/net/vlan/config" ] | |
168 | ||
169 | fgrep '|' < /proc/net/vlan/config | tr -d '|' | \ | |
170 | while read v_port v_id v_parent; do | |
171 | if [ "${v_parent}" = "${parent}" ] && [ "${v_id}" = "${vid}" ]; then | |
172 | echo "${v_port}" | |
173 | return ${EXIT_OK} | |
174 | fi | |
175 | done | |
176 | ||
177 | return ${EXIT_ERROR} | |
178 | } |