]>
Commit | Line | Data |
---|---|---|
46a28dcd MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2010 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | . /usr/lib/network/header-config | |
23 | ||
636f1b96 MT |
24 | HOOK_SETTINGS=( |
25 | "ADDRESS" | |
26 | "PREFIX" | |
27 | "GATEWAY" | |
28 | ) | |
46a28dcd MT |
29 | |
30 | hook_check_config_settings() { | |
31 | local protocol="$(ip_detect_protocol "${ADDRESS}")" | |
32 | ||
33 | case "${protocol}" in | |
34 | ipv6) | |
35 | assert ipv6_is_valid "${ADDRESS}" | |
36 | assert ipv6_prefix_is_valid "${PREFIX}" | |
37 | ||
38 | isset GATEWAY && assert ipv6_is_valid "${GATEWAY}" | |
39 | ;; | |
40 | ||
41 | ipv4) | |
42 | assert ipv4_is_valid "${ADDRESS}" | |
43 | assert ipv4_prefix_is_valid "${PREFIX}" | |
44 | ||
45 | isset GATEWAY && assert ipv4_is_valid "${GATEWAY}" | |
46 | ;; | |
47 | ||
48 | *) | |
49 | error "Could not determine protocol: ${protocol}" | |
50 | return ${EXIT_CONF_ERROR} | |
51 | ;; | |
52 | esac | |
53 | ||
54 | return ${EXIT_OK} | |
55 | } | |
56 | ||
57 | hook_parse_cmdline() { | |
58 | local protocol | |
b907d1e6 SS |
59 | local id="${1}" |
60 | shift | |
46a28dcd MT |
61 | |
62 | while [ $# -gt 0 ]; do | |
63 | case "${1}" in | |
64 | # IPv6 | |
65 | *:*/*) | |
66 | protocol="ipv6" | |
67 | ||
68 | ADDRESS="$(ip_split_prefix "${1}")" | |
69 | PREFIX="$(ip_get_prefix "${1}")" | |
70 | ||
71 | # Validate address | |
72 | if ! ipv6_is_valid "${ADDRESS}"; then | |
73 | error "Invalid IP address: ${ADDRESS}" | |
74 | return ${EXIT_CONF_ERROR} | |
75 | fi | |
76 | ||
77 | # Validate prefix | |
78 | if ! ipv6_prefix_is_valid "${PREFIX}"; then | |
79 | error "Invalid prefix: ${PREFIX}" | |
80 | return ${EXIT_CONF_ERROR} | |
81 | fi | |
82 | ||
83 | # Store the IPv6 address in its shortest format | |
84 | ADDRESS="$(ipv6_format "${ADDRESS}")" | |
85 | ;; | |
86 | ||
87 | # IPv4 | |
88 | *.*.*.*/*) | |
89 | protocol="ipv4" | |
90 | ||
91 | ADDRESS="$(ip_split_prefix "${1}")" | |
92 | PREFIX="$(ip_get_prefix "${1}")" | |
93 | ||
94 | # Validate address | |
95 | if ! ipv4_is_valid "${ADDRESS}"; then | |
96 | error "Invalid IP address: ${ADDRESS}" | |
97 | return ${EXIT_CONF_ERROR} | |
98 | fi | |
99 | ||
100 | # Validate prefix | |
101 | if ! ipv4_prefix_is_valid "${PREFIX}"; then | |
102 | # This might be a netmask instead | |
103 | local prefix_from_netmask="$(ipv4_netmask2prefix "${PREFIX}")" | |
104 | ||
105 | if ! ipv4_prefix_is_valid "${prefix_from_netmask}"; then | |
106 | PREFIX="${prefix_from_netmask}" | |
107 | else | |
108 | error "Invalid prefix or netmask: ${PREFIX}" | |
109 | return ${EXIT_CONF_ERROR} | |
110 | fi | |
111 | fi | |
112 | ;; | |
113 | ||
114 | # Gateway | |
115 | --gateway=*) | |
116 | GATEWAY="$(cli_get_val "${1}")" | |
117 | ||
118 | # Validate input | |
119 | if isset GATEWAY && ! ip_is_valid "${GATEWAY}"; then | |
120 | error "Invalid gateway IP address: ${GATEWAY}" | |
121 | return ${EXIT_CONF_ERROR} | |
122 | fi | |
123 | ;; | |
124 | ||
125 | *) | |
126 | error "Invalid argument: ${1}" | |
127 | return ${EXIT_CONF_ERROR} | |
128 | ;; | |
129 | esac | |
130 | shift | |
131 | done | |
132 | ||
133 | # Check if an address has been set | |
134 | if ! isset ADDRESS; then | |
135 | error "No IP address provided" | |
136 | return ${EXIT_CONF_ERROR} | |
137 | fi | |
138 | ||
139 | # Check if a prefix has been set | |
140 | if ! isset PREFIX; then | |
141 | error "No prefix provided" | |
142 | return ${EXIT_CONF_ERROR} | |
143 | fi | |
144 | ||
145 | # More gateway validation | |
146 | if isset GATEWAY; then | |
147 | local gateway_protocol="$(ip_detect_protocol "${GATEWAY}")" | |
148 | ||
149 | # Make sure that the prefix is of the same protocol version | |
150 | if [ "${gateway_protocol}" != "${protocol}" ]; then | |
151 | error "The gateway is of a wrong protocol: ${GATEWAY}" | |
152 | return ${EXIT_CONF_ERROR} | |
153 | fi | |
154 | ||
155 | # Make IP address as short as possible | |
156 | if [ "${gateway_protocol}" = "ipv6" ]; then | |
157 | GATEWAY="$(ipv6_format "${GATEWAY}")" | |
158 | fi | |
159 | fi | |
160 | ||
161 | # Check any conflicts | |
b907d1e6 | 162 | if zone_config_check_same_setting "${zone}" "static" "${id}" "ADDRESS" "${ADDRESS}"; then |
46a28dcd MT |
163 | error "A static configuration with the same address is already configured" |
164 | return ${EXIT_CONF_ERROR} | |
165 | fi | |
166 | } | |
167 | ||
b907d1e6 SS |
168 | hook_new() { |
169 | local zone="${1}" | |
170 | shift | |
171 | ||
172 | local id=$(zone_config_get_new_id ${zone}) | |
173 | log DEBUG "ID for the config is: ${id}" | |
174 | ||
175 | if ! hook_parse_cmdline "${id}" "$@"; then | |
176 | # Return an error if the parsing of the cmd line fails | |
177 | return ${EXIT_ERROR} | |
178 | fi | |
179 | ||
180 | zone_config_settings_write "${zone}" "${HOOK}" "${id}" | |
181 | ||
182 | exit ${EXIT_OK} | |
183 | } | |
184 | ||
46a28dcd MT |
185 | hook_up() { |
186 | local zone="${1}" | |
187 | local config="${2}" | |
188 | shift 2 | |
189 | ||
190 | # Check if the device exists | |
191 | if ! device_exists ${zone}; then | |
192 | error "Zone ${zone} doesn't exist" | |
193 | return ${EXIT_ERROR} | |
194 | fi | |
195 | ||
196 | # Read configuration | |
197 | if ! zone_config_settings_read "${zone}" "${config}"; then | |
198 | error "Could not read configuration for ${zone} ${config}" | |
199 | return ${EXIT_ERROR} | |
200 | fi | |
201 | ||
202 | # Add IP address to the interface | |
203 | if ! ip_address_add "${zone}" "${ADDRESS}/${PREFIX}"; then | |
204 | return ${EXIT_ERROR} | |
205 | fi | |
206 | ||
207 | local protocol="$(ip_detect_protocol "${ADDRESS}")" | |
208 | assert isset protocol | |
209 | ||
210 | db_set "${zone}/${protocol}/type" "${HOOK}" | |
211 | db_set "${zone}/${protocol}/local-ip-address" "${ADDRESS}/${PREFIX}" | |
212 | db_set "${zone}/${protocol}/remote-ip-address" "${GATEWAY}" | |
213 | db_set "${zone}/${protocol}/active" 1 | |
214 | ||
215 | # Update routing tables | |
216 | routing_update "${zone}" "${protocol}" | |
217 | routing_default_update | |
218 | ||
219 | exit ${EXIT_OK} | |
220 | } | |
221 | ||
222 | hook_down() { | |
223 | local zone=${1} | |
224 | local config=${2} | |
225 | shift 2 | |
226 | ||
227 | if ! device_exists ${zone}; then | |
228 | error "Zone ${zone} doesn't exist" | |
229 | exit ${EXIT_ERROR} | |
230 | fi | |
231 | ||
232 | # Read configuration | |
233 | if ! zone_config_settings_read "${zone}" "${config}"; then | |
234 | return ${EXIT_ERRO} | |
235 | fi | |
236 | ||
237 | # Remove routing information from database | |
238 | local protocol="$(ip_detect_protocol "${ADDRESS}")" | |
239 | assert isset protocol | |
240 | db_delete "${zone}/${protocol}" | |
241 | ||
242 | # Remove the IP address | |
243 | ip_address_del "${zone}" "${ADDRESS}/${PREFIX}" | |
244 | ||
245 | # Update routing tables | |
246 | routing_update "${zone}" "${protocol}" | |
247 | routing_default_update | |
248 | ||
249 | return ${EXIT_OK} | |
250 | } | |
251 | ||
252 | hook_status() { | |
253 | local zone=${1} | |
254 | local config=${2} | |
255 | shift 2 | |
256 | ||
257 | if ! device_exists ${zone}; then | |
258 | error "Zone ${zone} doesn't exist" | |
259 | exit ${EXIT_ERROR} | |
260 | fi | |
261 | ||
262 | # Read configuration | |
263 | if ! zone_config_settings_read "${zone}" "${config}"; then | |
264 | return ${EXIT_ERROR} | |
265 | fi | |
266 | ||
267 | local status=${MSG_HOOK_UP} | |
268 | if ! zone_has_ip "${zone}" "${ADDRESS}/${PREFIX}"; then | |
269 | status=${MSG_HOOK_DOWN} | |
270 | fi | |
271 | cli_statusline 3 "${HOOK}" "${status}" | |
272 | ||
273 | cli_print_fmt1 3 "IP Address" "${ADDRESS}/${PREFIX}" | |
274 | if [ -n "${GATEWAY}" ]; then | |
275 | cli_print_fmt1 3 "Gateway" "${GATEWAY}" | |
276 | fi | |
277 | cli_space | |
278 | ||
279 | return ${EXIT_OK} | |
280 | } |