]>
Commit | Line | Data |
---|---|---|
46a28dcd MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2010 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | . /usr/lib/network/header-config | |
23 | ||
fdd9ac5f MT |
24 | # Allow multiple instances of this hook |
25 | HOOK_UNIQUE="false" | |
26 | ||
636f1b96 MT |
27 | HOOK_SETTINGS=( |
28 | "ADDRESS" | |
29 | "PREFIX" | |
30 | "GATEWAY" | |
31 | ) | |
46a28dcd MT |
32 | |
33 | hook_check_config_settings() { | |
34 | local protocol="$(ip_detect_protocol "${ADDRESS}")" | |
35 | ||
36 | case "${protocol}" in | |
37 | ipv6) | |
38 | assert ipv6_is_valid "${ADDRESS}" | |
39 | assert ipv6_prefix_is_valid "${PREFIX}" | |
40 | ||
41 | isset GATEWAY && assert ipv6_is_valid "${GATEWAY}" | |
42 | ;; | |
43 | ||
44 | ipv4) | |
45 | assert ipv4_is_valid "${ADDRESS}" | |
46 | assert ipv4_prefix_is_valid "${PREFIX}" | |
47 | ||
48 | isset GATEWAY && assert ipv4_is_valid "${GATEWAY}" | |
49 | ;; | |
50 | ||
51 | *) | |
52 | error "Could not determine protocol: ${protocol}" | |
53 | return ${EXIT_CONF_ERROR} | |
54 | ;; | |
55 | esac | |
56 | ||
57 | return ${EXIT_OK} | |
58 | } | |
59 | ||
60 | hook_parse_cmdline() { | |
61 | local protocol | |
b907d1e6 SS |
62 | local id="${1}" |
63 | shift | |
46a28dcd MT |
64 | |
65 | while [ $# -gt 0 ]; do | |
66 | case "${1}" in | |
67 | # IPv6 | |
68 | *:*/*) | |
69 | protocol="ipv6" | |
70 | ||
71 | ADDRESS="$(ip_split_prefix "${1}")" | |
72 | PREFIX="$(ip_get_prefix "${1}")" | |
73 | ||
74 | # Validate address | |
75 | if ! ipv6_is_valid "${ADDRESS}"; then | |
76 | error "Invalid IP address: ${ADDRESS}" | |
77 | return ${EXIT_CONF_ERROR} | |
78 | fi | |
79 | ||
80 | # Validate prefix | |
81 | if ! ipv6_prefix_is_valid "${PREFIX}"; then | |
82 | error "Invalid prefix: ${PREFIX}" | |
83 | return ${EXIT_CONF_ERROR} | |
84 | fi | |
85 | ||
86 | # Store the IPv6 address in its shortest format | |
87 | ADDRESS="$(ipv6_format "${ADDRESS}")" | |
88 | ;; | |
89 | ||
90 | # IPv4 | |
91 | *.*.*.*/*) | |
92 | protocol="ipv4" | |
93 | ||
94 | ADDRESS="$(ip_split_prefix "${1}")" | |
95 | PREFIX="$(ip_get_prefix "${1}")" | |
96 | ||
97 | # Validate address | |
98 | if ! ipv4_is_valid "${ADDRESS}"; then | |
99 | error "Invalid IP address: ${ADDRESS}" | |
100 | return ${EXIT_CONF_ERROR} | |
101 | fi | |
102 | ||
103 | # Validate prefix | |
104 | if ! ipv4_prefix_is_valid "${PREFIX}"; then | |
105 | # This might be a netmask instead | |
106 | local prefix_from_netmask="$(ipv4_netmask2prefix "${PREFIX}")" | |
107 | ||
108 | if ! ipv4_prefix_is_valid "${prefix_from_netmask}"; then | |
109 | PREFIX="${prefix_from_netmask}" | |
110 | else | |
111 | error "Invalid prefix or netmask: ${PREFIX}" | |
112 | return ${EXIT_CONF_ERROR} | |
113 | fi | |
114 | fi | |
115 | ;; | |
116 | ||
117 | # Gateway | |
118 | --gateway=*) | |
119 | GATEWAY="$(cli_get_val "${1}")" | |
120 | ||
121 | # Validate input | |
122 | if isset GATEWAY && ! ip_is_valid "${GATEWAY}"; then | |
123 | error "Invalid gateway IP address: ${GATEWAY}" | |
124 | return ${EXIT_CONF_ERROR} | |
125 | fi | |
126 | ;; | |
127 | ||
128 | *) | |
129 | error "Invalid argument: ${1}" | |
130 | return ${EXIT_CONF_ERROR} | |
131 | ;; | |
132 | esac | |
133 | shift | |
134 | done | |
135 | ||
136 | # Check if an address has been set | |
137 | if ! isset ADDRESS; then | |
138 | error "No IP address provided" | |
139 | return ${EXIT_CONF_ERROR} | |
140 | fi | |
141 | ||
142 | # Check if a prefix has been set | |
143 | if ! isset PREFIX; then | |
144 | error "No prefix provided" | |
145 | return ${EXIT_CONF_ERROR} | |
146 | fi | |
147 | ||
148 | # More gateway validation | |
149 | if isset GATEWAY; then | |
150 | local gateway_protocol="$(ip_detect_protocol "${GATEWAY}")" | |
151 | ||
152 | # Make sure that the prefix is of the same protocol version | |
153 | if [ "${gateway_protocol}" != "${protocol}" ]; then | |
154 | error "The gateway is of a wrong protocol: ${GATEWAY}" | |
155 | return ${EXIT_CONF_ERROR} | |
156 | fi | |
157 | ||
158 | # Make IP address as short as possible | |
159 | if [ "${gateway_protocol}" = "ipv6" ]; then | |
160 | GATEWAY="$(ipv6_format "${GATEWAY}")" | |
161 | fi | |
162 | fi | |
163 | ||
164 | # Check any conflicts | |
b907d1e6 | 165 | if zone_config_check_same_setting "${zone}" "static" "${id}" "ADDRESS" "${ADDRESS}"; then |
46a28dcd MT |
166 | error "A static configuration with the same address is already configured" |
167 | return ${EXIT_CONF_ERROR} | |
168 | fi | |
169 | } | |
170 | ||
b907d1e6 SS |
171 | hook_new() { |
172 | local zone="${1}" | |
173 | shift | |
174 | ||
175 | local id=$(zone_config_get_new_id ${zone}) | |
176 | log DEBUG "ID for the config is: ${id}" | |
177 | ||
178 | if ! hook_parse_cmdline "${id}" "$@"; then | |
179 | # Return an error if the parsing of the cmd line fails | |
180 | return ${EXIT_ERROR} | |
181 | fi | |
182 | ||
183 | zone_config_settings_write "${zone}" "${HOOK}" "${id}" | |
184 | ||
185 | exit ${EXIT_OK} | |
186 | } | |
187 | ||
46a28dcd MT |
188 | hook_up() { |
189 | local zone="${1}" | |
190 | local config="${2}" | |
191 | shift 2 | |
192 | ||
193 | # Check if the device exists | |
194 | if ! device_exists ${zone}; then | |
195 | error "Zone ${zone} doesn't exist" | |
196 | return ${EXIT_ERROR} | |
197 | fi | |
198 | ||
199 | # Read configuration | |
200 | if ! zone_config_settings_read "${zone}" "${config}"; then | |
201 | error "Could not read configuration for ${zone} ${config}" | |
202 | return ${EXIT_ERROR} | |
203 | fi | |
204 | ||
205 | # Add IP address to the interface | |
206 | if ! ip_address_add "${zone}" "${ADDRESS}/${PREFIX}"; then | |
207 | return ${EXIT_ERROR} | |
208 | fi | |
209 | ||
210 | local protocol="$(ip_detect_protocol "${ADDRESS}")" | |
211 | assert isset protocol | |
212 | ||
213 | db_set "${zone}/${protocol}/type" "${HOOK}" | |
214 | db_set "${zone}/${protocol}/local-ip-address" "${ADDRESS}/${PREFIX}" | |
215 | db_set "${zone}/${protocol}/remote-ip-address" "${GATEWAY}" | |
216 | db_set "${zone}/${protocol}/active" 1 | |
217 | ||
218 | # Update routing tables | |
219 | routing_update "${zone}" "${protocol}" | |
220 | routing_default_update | |
221 | ||
222 | exit ${EXIT_OK} | |
223 | } | |
224 | ||
225 | hook_down() { | |
226 | local zone=${1} | |
227 | local config=${2} | |
228 | shift 2 | |
229 | ||
230 | if ! device_exists ${zone}; then | |
231 | error "Zone ${zone} doesn't exist" | |
232 | exit ${EXIT_ERROR} | |
233 | fi | |
234 | ||
235 | # Read configuration | |
236 | if ! zone_config_settings_read "${zone}" "${config}"; then | |
237 | return ${EXIT_ERRO} | |
238 | fi | |
239 | ||
240 | # Remove routing information from database | |
241 | local protocol="$(ip_detect_protocol "${ADDRESS}")" | |
242 | assert isset protocol | |
243 | db_delete "${zone}/${protocol}" | |
244 | ||
245 | # Remove the IP address | |
246 | ip_address_del "${zone}" "${ADDRESS}/${PREFIX}" | |
247 | ||
248 | # Update routing tables | |
249 | routing_update "${zone}" "${protocol}" | |
250 | routing_default_update | |
251 | ||
252 | return ${EXIT_OK} | |
253 | } | |
254 | ||
255 | hook_status() { | |
256 | local zone=${1} | |
257 | local config=${2} | |
258 | shift 2 | |
259 | ||
260 | if ! device_exists ${zone}; then | |
261 | error "Zone ${zone} doesn't exist" | |
262 | exit ${EXIT_ERROR} | |
263 | fi | |
264 | ||
265 | # Read configuration | |
266 | if ! zone_config_settings_read "${zone}" "${config}"; then | |
267 | return ${EXIT_ERROR} | |
268 | fi | |
269 | ||
270 | local status=${MSG_HOOK_UP} | |
271 | if ! zone_has_ip "${zone}" "${ADDRESS}/${PREFIX}"; then | |
272 | status=${MSG_HOOK_DOWN} | |
273 | fi | |
274 | cli_statusline 3 "${HOOK}" "${status}" | |
275 | ||
276 | cli_print_fmt1 3 "IP Address" "${ADDRESS}/${PREFIX}" | |
277 | if [ -n "${GATEWAY}" ]; then | |
278 | cli_print_fmt1 3 "Gateway" "${GATEWAY}" | |
279 | fi | |
280 | cli_space | |
281 | ||
282 | return ${EXIT_OK} | |
283 | } |