]>
Commit | Line | Data |
---|---|---|
cccb3a4b MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
9390b61b | 5 | # Copyright (C) 2012-2013 IPFire Network Development Team # |
cccb3a4b MT |
6 | # # |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
91c8cce9 | 22 | IP_TUNNEL_MODES="gre sit vti" |
cccb3a4b | 23 | |
1c6a4e30 | 24 | ip_tunnel_add() { |
cccb3a4b MT |
25 | local device=${1} |
26 | shift | |
27 | ||
1a02da59 | 28 | local mode |
cccb3a4b MT |
29 | local ttl |
30 | ||
31 | local remote_address | |
32 | local local_address | |
33 | ||
1a02da59 MT |
34 | local ikey |
35 | local okey | |
36 | ||
cccb3a4b MT |
37 | while [ $# -gt 0 ]; do |
38 | case "${1}" in | |
39 | --mode=*) | |
9390b61b | 40 | mode="$(cli_get_val ${1})" |
cccb3a4b MT |
41 | ;; |
42 | --ttl=*) | |
9390b61b | 43 | ttl="$(cli_get_val ${1})" |
cccb3a4b | 44 | ;; |
cccb3a4b | 45 | --remote-address=*) |
9390b61b | 46 | remote_address="$(cli_get_val ${1})" |
cccb3a4b MT |
47 | ;; |
48 | --local-address=*) | |
9390b61b | 49 | local_address="$(cli_get_val ${1})" |
cccb3a4b | 50 | ;; |
1a02da59 MT |
51 | |
52 | # Keys for VTI | |
53 | --ikey=*) | |
54 | ikey="$(cli_get_val ${1})" | |
55 | ;; | |
56 | --okey=*) | |
57 | okey="$(cli_get_val ${1})" | |
58 | ;; | |
cccb3a4b MT |
59 | esac |
60 | shift | |
61 | done | |
62 | ||
1a02da59 MT |
63 | if ! isset mode; then |
64 | error "--mode= is not set. Must be one of ${IP_TUNNEL_MODES}" | |
65 | return ${EXIT_ERROR} | |
66 | fi | |
67 | ||
68 | if ! isoneof mode ${IP_TUNNEL_MODES}; then | |
69 | error "Invalid mode: ${mode}" | |
70 | return ${EXIT_ERROR} | |
71 | fi | |
72 | ||
73 | # ikey and okey must be set for VTI devices | |
74 | if [ "${mode}" = "vti" ] && (! isset ikey || ! isset okey); then | |
75 | error "--ikey= and --okey= must be set for VTI device" | |
76 | return ${EXIT_ERROR} | |
77 | fi | |
cccb3a4b MT |
78 | |
79 | # If TTL is set, make sure it is an integer. | |
1a02da59 MT |
80 | if isset ttl && ! isinteger ttl; then |
81 | error "TTL must be an integer: ${ttl}" | |
82 | return ${EXIT_ERROR} | |
83 | fi | |
cccb3a4b | 84 | |
cccb3a4b MT |
85 | local cmd_args |
86 | ||
87 | # Apply TTL if a value has been set. | |
88 | if isset ttl; then | |
89 | cmd_args="${cmd_args} ttl ${ttl}" | |
90 | fi | |
91 | ||
eec68f19 MT |
92 | # Apply local address if a value has been set. |
93 | if isset local_address; then | |
94 | cmd_args="${cmd_args} local ${local_address}" | |
95 | fi | |
96 | ||
9390b61b SS |
97 | # Apply remote address if a value has been set. |
98 | if isset remote_address; then | |
99 | cmd_args="${cmd_args} remote ${remote_address}" | |
100 | fi | |
101 | ||
1a02da59 MT |
102 | # Add ikey and okey for VTI devices |
103 | if [ "${mode}" = "vti" ]; then | |
104 | cmd_args="${cmd_args} ikey ${ikey} okey ${okey}" | |
105 | fi | |
106 | ||
cccb3a4b MT |
107 | log DEBUG "Creating tunnel device '${device}' (mode=${mode})..." |
108 | ||
109 | # Create the device. | |
d7357cc3 | 110 | if ! cmd ip link add name ${device} type ${mode} ${cmd_args}; then |
1a02da59 MT |
111 | error "Could not create tunnel device ${device}" |
112 | return ${EXIT_ERROR} | |
113 | fi | |
ea1857e3 MT |
114 | |
115 | # Disable policy lookups for VTI devices | |
116 | if [ "${mode}" = "vti" ]; then | |
117 | sysctl_set "net.ipv4.conf.${device}.disable_policy" "1" | |
118 | fi | |
119 | ||
120 | return ${EXIT_OK} | |
cccb3a4b MT |
121 | } |
122 | ||
1c6a4e30 | 123 | ip_tunnel_del() { |
cccb3a4b MT |
124 | local device=${1} |
125 | assert device_exists ${device} | |
126 | ||
127 | # Make sure the device has been shut down. | |
128 | device_set_down ${device} | |
129 | ||
130 | log DEBUG "Removing tunnel device '${device}'..." | |
131 | ||
d7357cc3 | 132 | ip link del ${device} |
cccb3a4b MT |
133 | assert [ $? -eq 0 ] |
134 | } | |
82fac748 MT |
135 | |
136 | ip_tunnel_change_keys() { | |
137 | local device="${1}" | |
138 | shift | |
139 | ||
140 | if ! isset device; then | |
141 | error "No device given" | |
142 | return ${EXIT_ERROR} | |
143 | fi | |
144 | ||
145 | local ikey | |
146 | local okey | |
147 | ||
148 | while [ $# -gt 0 ]; do | |
149 | case "${1}" in | |
150 | --ikey=*) | |
151 | ikey="$(cli_get_val ${1})" | |
152 | ;; | |
153 | --okey=*) | |
154 | okey="$(cli_get_val ${1})" | |
155 | ;; | |
156 | *) | |
157 | error "Invalid argument: ${1}" | |
158 | return ${EXIT_ERROR} | |
159 | ;; | |
160 | esac | |
161 | shift | |
162 | done | |
163 | ||
164 | if ! isset ikey || ! isset okey; then | |
165 | error "You need to set --ikey= and --okey=" | |
166 | return ${EXIT_ERROR} | |
167 | fi | |
168 | ||
169 | if ! device_exists "${device}"; then | |
170 | error "No such device: ${device}" | |
171 | return ${EXIT_ERROR} | |
172 | fi | |
173 | ||
174 | if ! cmd ip link change dev "${device}" \ | |
175 | type vti ikey "${ikey}" okey "${okey}"; then | |
176 | log ERROR "Could not change keys of device ${device}" | |
177 | return ${EXIT_ERROR} | |
178 | fi | |
179 | ||
180 | return ${EXIT_OK} | |
181 | } |