]>
Commit | Line | Data |
---|---|---|
2b5c311d MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2010 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
e617226b MT |
22 | # A list of supported versions of the IP protocol |
23 | IP_SUPPORTED_PROTOCOLS="" | |
24 | ||
1c6a4e30 | 25 | ip_split_prefix() { |
2b5c311d | 26 | local address=${1} |
2b5c311d MT |
27 | assert isset address |
28 | ||
29 | echo "${address%%/*}" | |
30 | } | |
31 | ||
1c6a4e30 | 32 | ip_get_prefix() { |
2b5c311d | 33 | local address=${1} |
2b5c311d MT |
34 | assert isset address |
35 | ||
38f61548 MT |
36 | # Break if no prefix is provided |
37 | [[ ${address} =~ \/ ]] || return ${EXIT_OK} | |
38 | ||
2b5c311d MT |
39 | echo "${address##*/}" |
40 | } | |
41 | ||
1c6a4e30 | 42 | ip_detect_protocol() { |
13a6e69f | 43 | local address="${1}" |
2b5c311d MT |
44 | assert isset address |
45 | ||
0af2168d JS |
46 | # Remove prefix so that we can handle subnet, too |
47 | address=$(ip_split_prefix ${address}) | |
48 | ||
2b5c311d | 49 | local protocol |
e617226b | 50 | for protocol in ${IP_SUPPORTED_PROTOCOLS}; do |
13a6e69f | 51 | if ${protocol}_is_valid "${address}"; then |
2b5c311d MT |
52 | echo "${protocol}" |
53 | return ${EXIT_OK} | |
54 | fi | |
55 | done | |
56 | ||
57 | return ${EXIT_ERROR} | |
58 | } | |
e617226b | 59 | |
1c6a4e30 | 60 | ip_protocol_is_supported() { |
e617226b MT |
61 | local proto=${1} |
62 | ||
63 | assert isset proto | |
64 | ||
8c9205b1 | 65 | list_match ${proto} ${IP_SUPPORTED_PROTOCOLS} |
e617226b | 66 | } |
38f61548 | 67 | |
1c6a4e30 | 68 | ip_is_valid() { |
afb7d704 MT |
69 | local address=${1} |
70 | assert isset address | |
71 | ||
b2cb6736 JS |
72 | local protocol |
73 | for protocol in ${IP_SUPPORTED_PROTOCOLS}; do | |
74 | if ${protocol}_is_valid "${address}"; then | |
75 | return ${EXIT_TRUE} | |
76 | fi | |
77 | done | |
78 | ||
79 | return ${EXIT_FALSE} | |
afb7d704 MT |
80 | } |
81 | ||
8b0958b2 | 82 | ip_net_is_valid() { |
cb965348 MT |
83 | local network=${1} |
84 | assert isset network | |
85 | ||
d2bd71e4 JS |
86 | local protocol |
87 | for protocol in ${IP_SUPPORTED_PROTOCOLS}; do | |
88 | if ${protocol}_net_is_valid "${network}"; then | |
89 | return ${EXIT_TRUE} | |
90 | fi | |
91 | done | |
cb965348 | 92 | |
d2bd71e4 | 93 | return ${EXIT_FALSE} |
cb965348 MT |
94 | } |
95 | ||
1c6a4e30 | 96 | ip_prefix_is_valid() { |
cb965348 MT |
97 | local proto=${1} |
98 | assert isset proto | |
99 | ||
100 | local prefix=${2} | |
101 | ||
102 | case "${proto}" in | |
103 | ipv4) | |
104 | ipv4_prefix_is_valid ${prefix} | |
105 | return $? | |
106 | ;; | |
107 | ipv6) | |
108 | ipv6_prefix_is_valid ${prefix} | |
109 | return $? | |
110 | ;; | |
111 | esac | |
112 | ||
113 | assert ip_protocol_is_supported ${proto} | |
114 | } | |
115 | ||
13a6e69f | 116 | ip_get_network() { |
2212045f | 117 | inetcalc -n "$@" && return ${EXIT_OK} || return ${EXIT_ERROR} |
13a6e69f MT |
118 | } |
119 | ||
4a7c3c02 MT |
120 | ip_network_is_subset_of() { |
121 | assert [ $# -eq 2 ] | |
122 | ||
2212045f | 123 | inetcalc -s "$@" && return ${EXIT_TRUE} || return ${EXIT_FALSE} |
4a7c3c02 MT |
124 | } |
125 | ||
1c6a4e30 | 126 | ip_address_add() { |
38f61548 MT |
127 | local device=${1} |
128 | local address=${2} | |
129 | ||
130 | assert isset address | |
131 | assert device_exists ${device} | |
132 | ||
133 | local prefix=$(ip_get_prefix ${address}) | |
134 | address=$(ip_split_prefix ${address}) | |
135 | ||
136 | assert isset prefix | |
13a6e69f MT |
137 | assert isset address |
138 | ||
139 | echo "ADDRESS = $address" | |
38f61548 MT |
140 | |
141 | # Detect the protocol version | |
13a6e69f MT |
142 | local protocol=$(ip_detect_protocol "${address}") |
143 | assert ip_protocol_is_supported "${protocol}" | |
144 | ||
145 | case "${protocol}" in | |
146 | ipv6) | |
147 | assert ipv6_prefix_is_valid "${prefix}" | |
148 | ;; | |
149 | ipv4) | |
150 | assert ipv4_prefix_is_valid "${prefix}" | |
151 | ;; | |
152 | esac | |
38f61548 MT |
153 | |
154 | case "${protocol}" in | |
155 | ipv4) | |
156 | if ipv4_detect_duplicate ${device} ${address}; then | |
157 | error_log "Duplicate address detected on zone '${device}' (${address})." | |
158 | error_log "Cannot continue." | |
159 | return ${EXIT_ERROR} | |
160 | fi | |
161 | ;; | |
162 | esac | |
163 | ||
164 | if ! device_has_ip ${device} ${address}/${prefix}; then | |
165 | assert ip addr add ${address}/${prefix} dev ${device} | |
166 | ||
167 | log DEBUG "IP address '${address}' (${protocol}) was successfully configured on device '${device}'." | |
168 | ||
169 | case "${protocol}" in | |
170 | ipv4) | |
171 | # Announce our new address to the neighbours | |
172 | ipv4_update_neighbours ${device} ${address} | |
173 | ;; | |
174 | esac | |
175 | else | |
176 | log DEBUG "IP address '${address}' (${protocol}) was already configured on device '${device}'." | |
177 | fi | |
178 | ||
179 | return ${EXIT_OK} | |
180 | } | |
181 | ||
1c6a4e30 | 182 | ip_address_del() { |
38f61548 MT |
183 | local device=${1} |
184 | local address=${2} | |
185 | ||
186 | assert isset address | |
187 | assert device_exists ${device} | |
188 | ||
189 | local prefix=$(ip_get_prefix ${address}) | |
190 | address=$(ip_split_prefix ${address}) | |
191 | ||
192 | assert isset prefix | |
193 | ||
194 | # Detect the protocol version | |
13a6e69f MT |
195 | local protocol=$(ip_detect_protocol "${address}") |
196 | assert ip_protocol_is_supported "${protocol}" | |
38f61548 MT |
197 | |
198 | if device_has_ip ${device} ${address}/${prefix}; then | |
199 | assert ip addr del ${address}/${prefix} dev ${device} | |
200 | ||
201 | log DEBUG "IP address '${address}' (${protocol}) was successfully removed from device '${device}'." | |
202 | else | |
203 | log DEBUG "IP address '${address}' (${protocol}) was not configured on device '${device}'." | |
204 | fi | |
205 | ||
206 | return ${EXIT_OK} | |
207 | } |