]>
Commit | Line | Data |
---|---|---|
8032884d MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2018 IPFire Network Development Team # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | . /usr/lib/network/header-port | |
23 | ||
24 | SUPPORTED_IP_TUNNEL_MODES="gretap" | |
25 | ||
d389e96b MT |
26 | HOOK_SETTINGS=( |
27 | "ADDRESS" | |
28 | "MARK" | |
29 | "MODE" | |
30 | "PEER" | |
31 | "LOCAL_ADDRESS" | |
32 | ) | |
8032884d MT |
33 | |
34 | hook_check_settings() { | |
35 | assert isset MODE | |
36 | assert isoneof MODE ${SUPPORTED_IP_TUNNEL_MODES} | |
37 | ||
496d31e7 MT |
38 | assert isset ADDRESS |
39 | assert mac_is_valid "${ADDRESS}" | |
40 | ||
8032884d MT |
41 | # Generate a random mark |
42 | if ! isset MARK; then | |
43 | MARK="$(( ${RANDOM} & 0xffffffff ))" | |
44 | fi | |
45 | } | |
46 | ||
47 | hook_parse_cmdline() { | |
48 | while [ $# -gt 0 ]; do | |
49 | case "${1}" in | |
496d31e7 MT |
50 | --address=*) |
51 | ADDRESS="$(cli_get_val "${1}")" | |
52 | ||
53 | if ! isset ADDRESS || ! mac_is_valid "${ADDRESS}"; then | |
54 | error "Invalid MAC address: ${ADDRESS}" | |
55 | return ${EXIT_ERROR} | |
56 | fi | |
57 | ;; | |
58 | ||
8032884d MT |
59 | --local-address=*) |
60 | LOCAL_ADDRESS="$(cli_get_val "${1}")" | |
61 | ;; | |
62 | ||
63 | --mode=*) | |
64 | MODE="$(cli_get_val "${1}")" | |
65 | ||
66 | # MODE must be on the list of supported protocols | |
67 | if ! isoneof MODE ${SUPPORTED_IP_TUNNEL_MODES}; then | |
68 | error "Unsupported mode: ${mode}" | |
69 | return ${EXIT_ERROR} | |
70 | fi | |
71 | ;; | |
72 | ||
73 | --peer=*) | |
74 | PEER="$(cli_get_val "${1}")" | |
75 | ;; | |
76 | ||
77 | *) | |
78 | error "Unknown option: ${1}" | |
79 | return ${EXIT_ERROR} | |
80 | ;; | |
81 | esac | |
82 | shift | |
83 | done | |
84 | ||
496d31e7 MT |
85 | # Generate a random MAC address if none is set |
86 | if ! isset ADDRESS; then | |
87 | ADDRESS="$(mac_generate)" | |
88 | fi | |
89 | ||
8032884d MT |
90 | # If PEER is set, it must be a valid IP address |
91 | if isset PEER && ! ip_is_valid "${PEER}"; then | |
92 | error "Peer ${PEER} is not a valid IP address" | |
93 | return ${EXIT_ERROR} | |
94 | fi | |
95 | ||
96 | # If LOCAL_ADDRESS is set, it must be a valid IP address | |
97 | # of the same protocol than PEER is | |
98 | if isset LOCAL_ADDRESS; then | |
99 | if ! ip_is_valid "${LOCAL_ADDRESS}"; then | |
100 | error "Local address ${LOCAL_ADDRESS} is not a valid IP address" | |
101 | return ${EXIT_ERROR} | |
102 | fi | |
103 | ||
104 | if ! ip_protocol_match "${PEER}" "${LOCAL_ADDRESS}"; then | |
105 | error "Peer and local address are of different IP protocols" | |
106 | return ${EXIT_ERROR} | |
107 | fi | |
108 | fi | |
109 | ||
110 | return ${EXIT_OK} | |
111 | } | |
112 | ||
113 | hook_create() { | |
114 | local port="${1}" | |
115 | assert isset port | |
116 | ||
d389e96b | 117 | local ${HOOK_SETTINGS[*]} |
eba9fa9c | 118 | if ! port_settings_read "${port}"; then |
8032884d MT |
119 | log ERROR "Could not read settings for port ${port}" |
120 | return ${EXIT_ERROR} | |
121 | fi | |
122 | ||
123 | if ! ip_tunnel_add "${port}" \ | |
124 | --mode="${MODE}" \ | |
125 | --address="${ADDRESS}" \ | |
126 | --remote-address="${PEER}" \ | |
127 | --local-address="${LOCAL_ADDRESS}" \ | |
128 | --ikey="${MARK}" \ | |
129 | --okey="${MARK}"; then | |
130 | return ${EXIT_ERROR} | |
131 | fi | |
132 | ||
133 | exit ${EXIT_OK} | |
134 | } | |
135 | ||
136 | hook_remove() { | |
137 | local port="${1}" | |
138 | assert isset port | |
139 | ||
140 | # Remove the device | |
141 | if ! ip_tunnel_del "${port}"; then | |
142 | return ${EXIT_ERROR} | |
143 | fi | |
144 | ||
145 | exit ${EXIT_OK} | |
146 | } | |
147 | ||
148 | hook_hotplug_rename() { | |
12f9c8d2 | 149 | hook_hotplug_rename_by_address "$@" |
8032884d | 150 | } |