]>
Commit | Line | Data |
---|---|---|
1848564d MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2010 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | . /lib/network/header-zone | |
23 | ||
943e3f7e | 24 | # TODO XXX AC name, service name, sync? |
1848564d | 25 | |
943e3f7e | 26 | HOOK_SETTINGS="HOOK AUTH LINKNAME USER SECRET PEERDNS DEFAULTROUTE MTU" |
1848564d MT |
27 | |
28 | AUTH= | |
29 | DEFAULTROUTE=1 | |
201b7dff | 30 | IPV6=1 |
1848564d MT |
31 | LINKNAME="$(uuid)" |
32 | MTU=1492 | |
33 | PEERDNS=1 | |
34 | SECRET= | |
35 | USER= | |
36 | ||
37 | PPPOE_ALLOWED_AUTHS="chap pap" | |
38 | PPPOE_PLUGIN="rp-pppoe.so" | |
39 | ||
261132f9 MT |
40 | function pppd_pid() { |
41 | local zone=${1} | |
42 | shift | |
43 | ||
44 | cat /var/run/${zone}.pid 2>/dev/null | |
45 | } | |
46 | ||
1848564d MT |
47 | function _check() { |
48 | assert isset USER | |
49 | assert isset SECRET | |
50 | assert isset LINKNAME | |
51 | assert isset DEFAULTROUTE | |
52 | assert isset PEERDNS | |
711ffac1 MT |
53 | #assert isset DEVICE |
54 | #assert isset DEVICE_TYPE | |
1848564d MT |
55 | |
56 | assert isbool DEFAULTROUTE | |
201b7dff | 57 | assert isbool IPV6 |
1848564d | 58 | assert isbool PEERDNS |
711ffac1 MT |
59 | #assert ismac DEVICE |
60 | #assert isoneof DEVICE_TYPE real virtual | |
61 | ||
62 | local ports_num=$(listlength ${PORTS}) | |
63 | assert isoneof ports_num 0 1 | |
1848564d MT |
64 | |
65 | isset AUTH && assert isoneof AUTH ${PPPOE_ALLOWED_AUTHS} | |
66 | isset DEVICE_ID && assert isinteger DEVICE_VID | |
67 | } | |
68 | ||
69 | function _parse_cmdline() { | |
711ffac1 MT |
70 | local value |
71 | ||
1848564d MT |
72 | while [ $# -gt 0 ]; do |
73 | case "$1" in | |
74 | --user=*) | |
75 | USER=${1#--user=} | |
76 | ;; | |
77 | --secret=*) | |
78 | SECRET=${1#--secret=} | |
79 | ;; | |
80 | --linkname=*) | |
81 | LINKNAME=${1#--name=} | |
82 | ;; | |
83 | --mtu=*) | |
84 | MTU=${1#--mtu=} | |
85 | ;; | |
711ffac1 MT |
86 | --defaultroute=*) |
87 | value=${1#--defaultroute=} | |
88 | if enabled value; then | |
89 | DEFAULTROUTE=1 | |
90 | else | |
91 | DEFAULTROUTE=0 | |
92 | fi | |
1848564d | 93 | ;; |
711ffac1 MT |
94 | --dns=*) |
95 | value=${1#--dns=} | |
96 | if enabled value; then | |
97 | PEERDNS=1 | |
98 | else | |
99 | PEERDNS=0 | |
100 | fi | |
1848564d MT |
101 | ;; |
102 | --auth=*) | |
103 | AUTH=${1#--auth=} | |
104 | ;; | |
201b7dff MT |
105 | --ipv6=*) |
106 | IPV6=${1#--ipv6=} | |
107 | ;; | |
1848564d MT |
108 | *) |
109 | echo "Unknown option: $1" >&2 | |
110 | exit ${EXIT_ERROR} | |
111 | ;; | |
112 | esac | |
113 | shift | |
114 | done | |
1848564d MT |
115 | } |
116 | ||
117 | function _up() { | |
118 | local zone=${1} | |
119 | shift | |
120 | ||
711ffac1 MT |
121 | assert isset zone |
122 | ||
123 | zone_config_read ${zone} | |
124 | ||
943e3f7e MT |
125 | local port=$(zone_get_ports ${zone}) |
126 | ||
127 | assert isset port | |
128 | ||
129 | if ! port_exists ${port}; then | |
130 | error_log "Parent device '${port}' does not exist. Cannot bring up zone '${zone}'." | |
711ffac1 MT |
131 | exit ${EXIT_ERROR} |
132 | fi | |
1848564d | 133 | |
1848564d | 134 | # Creating necessary files |
711ffac1 | 135 | # XXX must be PPP_RUN |
1848564d MT |
136 | [ -d "${RED_RUN}/${LINKNAME}" ] || mkdir -p ${RED_RUN}/${LINKNAME} |
137 | ||
138 | # Setting up the device | |
943e3f7e | 139 | zone_ports_up ${zone} |
1848564d MT |
140 | |
141 | ppp_secret "${USER}" "${SECRET}" | |
142 | ||
711ffac1 MT |
143 | # XXX AC and service on plugin command line |
144 | ||
1848564d | 145 | cat <<EOF >${RED_RUN}/${LINKNAME}/options |
5b20e43a | 146 | # Naming options |
1848564d MT |
147 | ifname ${zone} |
148 | name ${LINKNAME} | |
149 | linkname ${LINKNAME} | |
5b20e43a | 150 | |
943e3f7e | 151 | plugin ${PPPOE_PLUGIN} ${port} |
5b20e43a | 152 | |
201b7dff MT |
153 | # Enable/disable IPv6 |
154 | $(enabled IPV6 && echo "+" || echo "-")ipv6 | |
155 | ||
5b20e43a MT |
156 | # User configuration |
157 | user ${USER} | |
158 | ||
1848564d MT |
159 | $(enabled PEERDNS && echo "usepeerdns") |
160 | $(enabled DEFAULTROUTE && echo "defaultroute") | |
5b20e43a MT |
161 | |
162 | noauth | |
1848564d | 163 | $(isset AUTH && echo "require-${AUTH}") |
5b20e43a MT |
164 | |
165 | noipdefault | |
166 | ||
167 | # Maximum transmission/receive unit | |
168 | mtu ${MTU} | |
169 | mru ${MTU} | |
170 | ||
171 | # Disable the compression | |
1848564d | 172 | noccp noaccomp nodeflate nopcomp novj novjccomp nobsdcomp nomppe |
5b20e43a | 173 | |
71c6b131 | 174 | updetach debug |
5b20e43a | 175 | EOF |
5b20e43a | 176 | |
711ffac1 | 177 | pppd_exec file ${RED_RUN}/${LINKNAME}/options |
1848564d | 178 | |
da453c33 MT |
179 | local ret=$? |
180 | ||
181 | # Get exit code from ppp daemon and handle it: | |
182 | case "${ret}" in | |
183 | 0) | |
184 | log DEBUG "pppd detached successfully" | |
185 | exit ${EXIT_OK} | |
186 | ;; | |
2c973348 MT |
187 | 19) |
188 | log ERROR "Authentication failed. Maybe user and/or secret is/are incorrect." | |
189 | exit ${EXIT_ERROR} | |
190 | ;; | |
da453c33 MT |
191 | esac |
192 | ||
193 | error_log "pppd exited with unknown exit code '${ret}'" | |
194 | ||
195 | exit ${EXIT_ERROR} | |
1848564d MT |
196 | } |
197 | ||
198 | function _down() { | |
199 | local zone=${1} | |
200 | shift | |
201 | ||
1848564d | 202 | # Kill pppd |
711ffac1 | 203 | # XXX very ugly |
261132f9 | 204 | kill $(pppd_pid ${zone}) &>/dev/null |
1848564d | 205 | |
943e3f7e | 206 | zone_ports_down ${zone} |
1848564d MT |
207 | |
208 | exit ${EXIT_OK} | |
209 | } | |
210 | ||
211 | function _discover() { | |
212 | local device=${1} | |
213 | ||
214 | if [ "$(device_get_type ${device})" != "real" ]; then | |
5b20e43a | 215 | exit ${EXIT_ERROR} |
1848564d MT |
216 | fi |
217 | ||
218 | local output | |
219 | output=$(pppoe-discovery -I ${device} -U $(uuid) 2>&1) | |
220 | ||
221 | # Exit if there was not output | |
222 | [ -z "${output}" ] && exit ${DISCOVER_ERROR} | |
223 | ||
224 | # Exit if PADI timed out | |
225 | grep -q "Timeout" <<<${output} && exit ${DISCOVER_ERROR} | |
226 | ||
227 | local ac | |
228 | while read line; do | |
229 | case "${line}" in | |
230 | Access-Concentrator:*) | |
231 | ac="${line#Access-Concentrator: }" | |
232 | ;; | |
233 | esac | |
234 | done <<<"${output}" | |
235 | ||
236 | echo "ACCESS_CONCENTRATOR=\"$ac\"" | |
237 | ||
238 | exit ${DISCOVER_OK} | |
239 | } | |
5b20e43a | 240 | |
8eadf1da MT |
241 | function _status() { |
242 | local zone=${1} | |
243 | ||
711ffac1 MT |
244 | assert isset zone |
245 | ||
8eadf1da MT |
246 | cli_status_headline ${zone} |
247 | ||
711ffac1 MT |
248 | zone_config_read ${zone} |
249 | ||
250 | cli_headline " Configuration:" | |
251 | printf "${DEVICE_PRINT_LINE1}" "User:" "${USER}" | |
252 | printf "${DEVICE_PRINT_LINE1}" "Secret:" "<hidden>" | |
253 | echo | |
254 | printf "${DEVICE_PRINT_LINE1}" "MTU:" "${MTU}" | |
201b7dff | 255 | printf "${DEVICE_PRINT_LINE1}" "IPv6:" "$(enabled IPV6 && echo "enabled" || echo "disabled")" |
711ffac1 MT |
256 | printf "${DEVICE_PRINT_LINE1}" "Use default route?" "$(enabled DEFAULTROUTE && echo "enabled" || echo "disabled")" |
257 | printf "${DEVICE_PRINT_LINE1}" "Use peer DNS?" "$(enabled PEERDNS && echo "enabled" || echo "disabled")" | |
258 | echo | |
943e3f7e MT |
259 | cli_headline " Ports:" |
260 | zone_ports_status ${zone} | |
261 | if [ -z "$(zone_get_ports ${zone})" ]; then | |
262 | echo -e " ${COLOUR_WARN}No ports attached. Won't be able to start.${COLOUR_NORMAL}" | |
263 | fi | |
711ffac1 | 264 | |
8eadf1da MT |
265 | # Exit if zone is down |
266 | if ! zone_is_up ${zone}; then | |
267 | echo # Empty line | |
268 | exit ${EXIT_ERROR} | |
269 | fi | |
270 | ||
711ffac1 MT |
271 | # XXX display time since connection started |
272 | ||
8eadf1da | 273 | cli_headline " Point-to-Point-over-Ethernet protocol:" |
201b7dff MT |
274 | local proto |
275 | for proto in ${IP_SUPPORTED_PROTOCOLS}; do | |
276 | routing_db_exists ${zone} ${proto} || continue | |
277 | if [ "${proto}" = "ipv6" ]; then | |
278 | echo " Internet Protocol Version 6:" | |
279 | elif [ "${proto}" = "ipv4" ]; then | |
280 | echo " Internet Protocol Version 4:" | |
281 | fi | |
282 | echo " IP-Address : $(routing_db_get ${zone} ${proto} local-ip-address)" | |
283 | echo " Gateway : $(routing_db_get ${zone} ${proto} remote-ip-address)" | |
284 | echo " DNS-Server : $(routing_db_get ${zone} ${proto} dns)" | |
285 | echo | |
286 | echo " MAC-Remote : $(routing_db_get ${zone} ${proto} remote-address)" | |
287 | echo | |
288 | done | |
8eadf1da MT |
289 | echo " MTU : $(device_get_mtu ${zone})" |
290 | echo # Empty line | |
291 | exit ${EXIT_OK} | |
292 | } | |
293 | ||
711ffac1 MT |
294 | function _port_add() { |
295 | local zone=${1} | |
296 | local port=${2} | |
297 | shift 2 | |
298 | ||
943e3f7e MT |
299 | if [ $(listlength $(zone_get_ports ${zone})) -ge 1 ]; then |
300 | error "This hook only supports one port at a time." | |
301 | error "Please remove any existant port(s) and try again." | |
711ffac1 MT |
302 | exit ${EXIT_ERROR} |
303 | fi | |
304 | ||
943e3f7e | 305 | _port_cmd add ${zone} ${port} $@ |
711ffac1 MT |
306 | |
307 | exit ${EXIT_OK} | |
308 | } | |
309 | ||
1848564d | 310 | run $@ |