]>
Commit | Line | Data |
---|---|---|
cccb3a4b MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
9390b61b | 5 | # Copyright (C) 2012-2013 IPFire Network Development Team # |
cccb3a4b MT |
6 | # # |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
1a02da59 | 22 | IP_TUNNEL_MODES="sit vti" |
cccb3a4b | 23 | |
1c6a4e30 | 24 | ip_tunnel_add() { |
cccb3a4b MT |
25 | local device=${1} |
26 | shift | |
27 | ||
1a02da59 | 28 | local mode |
cccb3a4b MT |
29 | local ttl |
30 | ||
31 | local remote_address | |
32 | local local_address | |
33 | ||
1a02da59 MT |
34 | local ikey |
35 | local okey | |
36 | ||
cccb3a4b MT |
37 | while [ $# -gt 0 ]; do |
38 | case "${1}" in | |
39 | --mode=*) | |
9390b61b | 40 | mode="$(cli_get_val ${1})" |
cccb3a4b MT |
41 | ;; |
42 | --ttl=*) | |
9390b61b | 43 | ttl="$(cli_get_val ${1})" |
cccb3a4b | 44 | ;; |
cccb3a4b | 45 | --remote-address=*) |
9390b61b | 46 | remote_address="$(cli_get_val ${1})" |
cccb3a4b MT |
47 | ;; |
48 | --local-address=*) | |
9390b61b | 49 | local_address="$(cli_get_val ${1})" |
cccb3a4b | 50 | ;; |
1a02da59 MT |
51 | |
52 | # Keys for VTI | |
53 | --ikey=*) | |
54 | ikey="$(cli_get_val ${1})" | |
55 | ;; | |
56 | --okey=*) | |
57 | okey="$(cli_get_val ${1})" | |
58 | ;; | |
cccb3a4b MT |
59 | esac |
60 | shift | |
61 | done | |
62 | ||
1a02da59 MT |
63 | if ! isset mode; then |
64 | error "--mode= is not set. Must be one of ${IP_TUNNEL_MODES}" | |
65 | return ${EXIT_ERROR} | |
66 | fi | |
67 | ||
68 | if ! isoneof mode ${IP_TUNNEL_MODES}; then | |
69 | error "Invalid mode: ${mode}" | |
70 | return ${EXIT_ERROR} | |
71 | fi | |
72 | ||
73 | # ikey and okey must be set for VTI devices | |
74 | if [ "${mode}" = "vti" ] && (! isset ikey || ! isset okey); then | |
75 | error "--ikey= and --okey= must be set for VTI device" | |
76 | return ${EXIT_ERROR} | |
77 | fi | |
cccb3a4b MT |
78 | |
79 | # If TTL is set, make sure it is an integer. | |
1a02da59 MT |
80 | if isset ttl && ! isinteger ttl; then |
81 | error "TTL must be an integer: ${ttl}" | |
82 | return ${EXIT_ERROR} | |
83 | fi | |
cccb3a4b | 84 | |
cccb3a4b MT |
85 | assert isset local_address |
86 | ||
87 | local cmd_args | |
88 | ||
89 | # Apply TTL if a value has been set. | |
90 | if isset ttl; then | |
91 | cmd_args="${cmd_args} ttl ${ttl}" | |
92 | fi | |
93 | ||
9390b61b SS |
94 | # Apply remote address if a value has been set. |
95 | if isset remote_address; then | |
96 | cmd_args="${cmd_args} remote ${remote_address}" | |
97 | fi | |
98 | ||
1a02da59 MT |
99 | # Add ikey and okey for VTI devices |
100 | if [ "${mode}" = "vti" ]; then | |
101 | cmd_args="${cmd_args} ikey ${ikey} okey ${okey}" | |
102 | fi | |
103 | ||
cccb3a4b MT |
104 | log DEBUG "Creating tunnel device '${device}' (mode=${mode})..." |
105 | ||
106 | # Create the device. | |
1a02da59 MT |
107 | if ! cmd ip tunnel add ${device} mode ${mode} \ |
108 | local ${local_address} ${cmd_args}; then | |
109 | error "Could not create tunnel device ${device}" | |
110 | return ${EXIT_ERROR} | |
111 | fi | |
ea1857e3 MT |
112 | |
113 | # Disable policy lookups for VTI devices | |
114 | if [ "${mode}" = "vti" ]; then | |
115 | sysctl_set "net.ipv4.conf.${device}.disable_policy" "1" | |
116 | fi | |
117 | ||
118 | return ${EXIT_OK} | |
cccb3a4b MT |
119 | } |
120 | ||
1c6a4e30 | 121 | ip_tunnel_del() { |
cccb3a4b MT |
122 | local device=${1} |
123 | assert device_exists ${device} | |
124 | ||
125 | # Make sure the device has been shut down. | |
126 | device_set_down ${device} | |
127 | ||
128 | log DEBUG "Removing tunnel device '${device}'..." | |
129 | ||
130 | ip tunnel del ${device} | |
131 | assert [ $? -eq 0 ] | |
132 | } |