]>
Commit | Line | Data |
---|---|---|
46a28dcd MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2010 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | . /usr/lib/network/header-config | |
23 | ||
24 | HOOK_CONFIG_SETTINGS="HOOK ADDRESS PREFIX GATEWAY" | |
25 | ||
26 | hook_check_config_settings() { | |
27 | local protocol="$(ip_detect_protocol "${ADDRESS}")" | |
28 | ||
29 | case "${protocol}" in | |
30 | ipv6) | |
31 | assert ipv6_is_valid "${ADDRESS}" | |
32 | assert ipv6_prefix_is_valid "${PREFIX}" | |
33 | ||
34 | isset GATEWAY && assert ipv6_is_valid "${GATEWAY}" | |
35 | ;; | |
36 | ||
37 | ipv4) | |
38 | assert ipv4_is_valid "${ADDRESS}" | |
39 | assert ipv4_prefix_is_valid "${PREFIX}" | |
40 | ||
41 | isset GATEWAY && assert ipv4_is_valid "${GATEWAY}" | |
42 | ;; | |
43 | ||
44 | *) | |
45 | error "Could not determine protocol: ${protocol}" | |
46 | return ${EXIT_CONF_ERROR} | |
47 | ;; | |
48 | esac | |
49 | ||
50 | return ${EXIT_OK} | |
51 | } | |
52 | ||
53 | hook_parse_cmdline() { | |
54 | local protocol | |
55 | ||
56 | while [ $# -gt 0 ]; do | |
57 | case "${1}" in | |
58 | # IPv6 | |
59 | *:*/*) | |
60 | protocol="ipv6" | |
61 | ||
62 | ADDRESS="$(ip_split_prefix "${1}")" | |
63 | PREFIX="$(ip_get_prefix "${1}")" | |
64 | ||
65 | # Validate address | |
66 | if ! ipv6_is_valid "${ADDRESS}"; then | |
67 | error "Invalid IP address: ${ADDRESS}" | |
68 | return ${EXIT_CONF_ERROR} | |
69 | fi | |
70 | ||
71 | # Validate prefix | |
72 | if ! ipv6_prefix_is_valid "${PREFIX}"; then | |
73 | error "Invalid prefix: ${PREFIX}" | |
74 | return ${EXIT_CONF_ERROR} | |
75 | fi | |
76 | ||
77 | # Store the IPv6 address in its shortest format | |
78 | ADDRESS="$(ipv6_format "${ADDRESS}")" | |
79 | ;; | |
80 | ||
81 | # IPv4 | |
82 | *.*.*.*/*) | |
83 | protocol="ipv4" | |
84 | ||
85 | ADDRESS="$(ip_split_prefix "${1}")" | |
86 | PREFIX="$(ip_get_prefix "${1}")" | |
87 | ||
88 | # Validate address | |
89 | if ! ipv4_is_valid "${ADDRESS}"; then | |
90 | error "Invalid IP address: ${ADDRESS}" | |
91 | return ${EXIT_CONF_ERROR} | |
92 | fi | |
93 | ||
94 | # Validate prefix | |
95 | if ! ipv4_prefix_is_valid "${PREFIX}"; then | |
96 | # This might be a netmask instead | |
97 | local prefix_from_netmask="$(ipv4_netmask2prefix "${PREFIX}")" | |
98 | ||
99 | if ! ipv4_prefix_is_valid "${prefix_from_netmask}"; then | |
100 | PREFIX="${prefix_from_netmask}" | |
101 | else | |
102 | error "Invalid prefix or netmask: ${PREFIX}" | |
103 | return ${EXIT_CONF_ERROR} | |
104 | fi | |
105 | fi | |
106 | ;; | |
107 | ||
108 | # Gateway | |
109 | --gateway=*) | |
110 | GATEWAY="$(cli_get_val "${1}")" | |
111 | ||
112 | # Validate input | |
113 | if isset GATEWAY && ! ip_is_valid "${GATEWAY}"; then | |
114 | error "Invalid gateway IP address: ${GATEWAY}" | |
115 | return ${EXIT_CONF_ERROR} | |
116 | fi | |
117 | ;; | |
118 | ||
119 | *) | |
120 | error "Invalid argument: ${1}" | |
121 | return ${EXIT_CONF_ERROR} | |
122 | ;; | |
123 | esac | |
124 | shift | |
125 | done | |
126 | ||
127 | # Check if an address has been set | |
128 | if ! isset ADDRESS; then | |
129 | error "No IP address provided" | |
130 | return ${EXIT_CONF_ERROR} | |
131 | fi | |
132 | ||
133 | # Check if a prefix has been set | |
134 | if ! isset PREFIX; then | |
135 | error "No prefix provided" | |
136 | return ${EXIT_CONF_ERROR} | |
137 | fi | |
138 | ||
139 | # More gateway validation | |
140 | if isset GATEWAY; then | |
141 | local gateway_protocol="$(ip_detect_protocol "${GATEWAY}")" | |
142 | ||
143 | # Make sure that the prefix is of the same protocol version | |
144 | if [ "${gateway_protocol}" != "${protocol}" ]; then | |
145 | error "The gateway is of a wrong protocol: ${GATEWAY}" | |
146 | return ${EXIT_CONF_ERROR} | |
147 | fi | |
148 | ||
149 | # Make IP address as short as possible | |
150 | if [ "${gateway_protocol}" = "ipv6" ]; then | |
151 | GATEWAY="$(ipv6_format "${GATEWAY}")" | |
152 | fi | |
153 | fi | |
154 | ||
155 | # Check any conflicts | |
156 | if zone_config_check_same_setting "${zone}" "static" "ADDRESS" "${ADDRESS}"; then | |
157 | error "A static configuration with the same address is already configured" | |
158 | return ${EXIT_CONF_ERROR} | |
159 | fi | |
160 | } | |
161 | ||
162 | hook_up() { | |
163 | local zone="${1}" | |
164 | local config="${2}" | |
165 | shift 2 | |
166 | ||
167 | # Check if the device exists | |
168 | if ! device_exists ${zone}; then | |
169 | error "Zone ${zone} doesn't exist" | |
170 | return ${EXIT_ERROR} | |
171 | fi | |
172 | ||
173 | # Read configuration | |
174 | if ! zone_config_settings_read "${zone}" "${config}"; then | |
175 | error "Could not read configuration for ${zone} ${config}" | |
176 | return ${EXIT_ERROR} | |
177 | fi | |
178 | ||
179 | # Add IP address to the interface | |
180 | if ! ip_address_add "${zone}" "${ADDRESS}/${PREFIX}"; then | |
181 | return ${EXIT_ERROR} | |
182 | fi | |
183 | ||
184 | local protocol="$(ip_detect_protocol "${ADDRESS}")" | |
185 | assert isset protocol | |
186 | ||
187 | db_set "${zone}/${protocol}/type" "${HOOK}" | |
188 | db_set "${zone}/${protocol}/local-ip-address" "${ADDRESS}/${PREFIX}" | |
189 | db_set "${zone}/${protocol}/remote-ip-address" "${GATEWAY}" | |
190 | db_set "${zone}/${protocol}/active" 1 | |
191 | ||
192 | # Update routing tables | |
193 | routing_update "${zone}" "${protocol}" | |
194 | routing_default_update | |
195 | ||
196 | exit ${EXIT_OK} | |
197 | } | |
198 | ||
199 | hook_down() { | |
200 | local zone=${1} | |
201 | local config=${2} | |
202 | shift 2 | |
203 | ||
204 | if ! device_exists ${zone}; then | |
205 | error "Zone ${zone} doesn't exist" | |
206 | exit ${EXIT_ERROR} | |
207 | fi | |
208 | ||
209 | # Read configuration | |
210 | if ! zone_config_settings_read "${zone}" "${config}"; then | |
211 | return ${EXIT_ERRO} | |
212 | fi | |
213 | ||
214 | # Remove routing information from database | |
215 | local protocol="$(ip_detect_protocol "${ADDRESS}")" | |
216 | assert isset protocol | |
217 | db_delete "${zone}/${protocol}" | |
218 | ||
219 | # Remove the IP address | |
220 | ip_address_del "${zone}" "${ADDRESS}/${PREFIX}" | |
221 | ||
222 | # Update routing tables | |
223 | routing_update "${zone}" "${protocol}" | |
224 | routing_default_update | |
225 | ||
226 | return ${EXIT_OK} | |
227 | } | |
228 | ||
229 | hook_status() { | |
230 | local zone=${1} | |
231 | local config=${2} | |
232 | shift 2 | |
233 | ||
234 | if ! device_exists ${zone}; then | |
235 | error "Zone ${zone} doesn't exist" | |
236 | exit ${EXIT_ERROR} | |
237 | fi | |
238 | ||
239 | # Read configuration | |
240 | if ! zone_config_settings_read "${zone}" "${config}"; then | |
241 | return ${EXIT_ERROR} | |
242 | fi | |
243 | ||
244 | local status=${MSG_HOOK_UP} | |
245 | if ! zone_has_ip "${zone}" "${ADDRESS}/${PREFIX}"; then | |
246 | status=${MSG_HOOK_DOWN} | |
247 | fi | |
248 | cli_statusline 3 "${HOOK}" "${status}" | |
249 | ||
250 | cli_print_fmt1 3 "IP Address" "${ADDRESS}/${PREFIX}" | |
251 | if [ -n "${GATEWAY}" ]; then | |
252 | cli_print_fmt1 3 "Gateway" "${GATEWAY}" | |
253 | fi | |
254 | cli_space | |
255 | ||
256 | return ${EXIT_OK} | |
257 | } |