2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2012 IPFire Network Development Team #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
22 # Functions for static routing.
26 local ${NETWORK_CONFIG_ROUTES_PARAMS}
28 while [ $# -gt 0 ]; do
31 gateway
=$
(cli_get_val
${1})
43 mtu
=$
(cli_get_val
${1})
46 if isset network
; then
47 error
"Bad number of arguments. Network passed twice or more"
59 if ! ip_net_is_valid
${network} && ! ip_is_valid
${network}; then
60 error
"The given network is invalid: ${network}"
64 if route_find_duplicate
${network}; then
65 error
"A route to ${network} does already exist."
69 # Check if gateway and unreachable are both enabled.
70 if isset gateway
; then
71 if enabled unreachable
; then
72 error
"You cannot use both, --gateway=${gateway} and --unreachable at the same time."
76 if enabled prohibit
; then
77 error
"You cannot use both, --gateway=${gateway} and --prohibit at the same time."
81 if enabled blackhole
; then
82 error
"You cannot use both, --gateway=${gateway} and --blackhole at the same time."
86 # Check if network and gateway IP protocol version match.
87 if ! ip_is_valid
${gateway}; then
88 error
"--gateway= is not a valid IP address."
92 # Check if the gateway is part of the statically routed network
93 if ip_network_is_subset_of
${gateway} ${network}; then
94 error
"The gateway is in the routed network"
98 local network_proto
=$
(ip_detect_protocol
${network})
99 assert isset network_proto
101 local gateway_proto
=$
(ip_detect_protocol
${gateway})
102 assert isset gateway_proto
104 if [ "${network_proto}" != "${gateway_proto}" ]; then
105 error
"The IP protocol version of the given network and gateway did not match."
110 local counter
=$
(list_count true
${unreachable} ${prohibit} ${blackhole})
111 if [ ${counter} -gt 1 ]; then
112 error
"You can only use one of --unreachable, --prohibit or --blackhole."
117 if isset mtu
&& ! isinteger mtu
; then
118 error
"MTU must be an integer number: ${mtu}"
123 list_append line
"network=\"${network}\""
125 # Add gateway to configuration entry when it is set.
126 if isset gateway
; then
127 list_append line
"gateway=\"${gateway}\""
130 # Add unreachable to configuration entry when it is set.
132 for arg
in unreachable prohibit blackhole
; do
133 if enabled
${arg}; then
134 list_append line
"${arg}=\"true\""
141 list_append line
"mtu=\"${mtu}\""
144 # Write line to file.
145 print
"${line}" >> ${NETWORK_CONFIG_ROUTES}
147 log INFO
"New route to network '${network}' has been added."
153 local error
=${EXIT_OK}
155 for _network
in $@
; do
157 if ! ip_net_is_valid
${_network} && ! ip_is_valid
${_network}; then
158 error
"Invalid IP address or network: ${_network}"
165 local ${NETWORK_CONFIG_ROUTES_PARAMS}
168 route_parse_line
${line}
169 [ $?
-eq ${EXIT_OK} ] ||
continue
171 # Skip the rule, we want to delete.
172 if [ "${network}" = "${_network}" ]; then
178 done < ${NETWORK_CONFIG_ROUTES} > ${NETWORK_CONFIG_ROUTES}.tmp
179 mv ${NETWORK_CONFIG_ROUTES}{.tmp
,}
181 if enabled found
; then
182 log INFO
"Route to network '${_network}' has been removed."
184 error
"No route to network '${_network}' was found."
195 while [ $# -gt 0 ]; do
198 protocol
=$
(cli_get_val
${1})
201 warning
"Unrecognized argument: ${1}"
207 if [ ! -r "${NETWORK_CONFIG_ROUTES}" ]; then
208 print
"No static routes defined."
212 local format
="%-40s %-20s %-4s"
213 print
"${format}" "NETWORK/HOST" "GATEWAY" "MTU"
215 local ${NETWORK_CONFIG_ROUTES_PARAMS}
218 route_parse_line
${line}
219 [ $?
-eq ${EXIT_OK} ] ||
continue
222 for arg
in unreachable prohibit blackhole
; do
223 if enabled
${arg}; then
229 # Filter all entries with a wrong protocol.
230 if isset protocol
; then
231 local proto
=$
(ip_detect_protocol
${network})
232 [ "${protocol}" = "${proto}" ] ||
continue
235 # Print something when no MTU was set.
240 print
"${format}" "${network}" "${gateway}" "${mtu}"
241 done < ${NETWORK_CONFIG_ROUTES}
244 route_find_duplicate
() {
247 [ -r "${NETWORK_CONFIG_ROUTES}" ] ||
return ${EXIT_FALSE}
249 local ${NETWORK_CONFIG_ROUTES_PARAMS}
252 route_parse_line
${line}
253 [ $?
-eq ${EXIT_OK} ] ||
continue
255 # Check if the network is already in use.
256 [ "${network}" = "${_network}" ] && return ${EXIT_TRUE}
257 done < ${NETWORK_CONFIG_ROUTES}
265 # Reset all possible settings.
266 for arg in ${NETWORK_CONFIG_ROUTES_PARAMS}; do
267 printf -v ${arg} "%s
" ""
273 network=$(cli_get_val ${arg})
276 gateway=$(cli_get_val ${arg})
279 unreachable=$(cli_get_val ${arg})
282 prohibit=$(cli_get_val ${arg})
285 blackhole=$(cli_get_val ${arg})
288 mtu=$(cli_get_val ${arg})
291 done <<< "$
(args $@
)"
293 ### Check if all values are correctly set.
295 # network must be set.
296 isset network || return ${EXIT_ERROR}
298 # Is network or IP valid?
299 if ! ip_net_is_valid ${network} && ! ip_is_valid ${network}; then
300 error "The given network is invalid
: ${network}"
304 # Check gateway settings.
305 if isset gateway; then
306 # When gateway is set, unreachable cannot be set.
307 isset unreachable && return ${EXIT_ERROR}
309 # Must be a valid IP address.
310 ip_is_valid ${gateway} || return ${EXIT_ERROR}
312 # Check if the gateway is part of the statically routed network
313 if ip_network_is_subset_of ${gateway} ${network}; then
317 # Check if exactly one of unreachable, prohibit or blackhole is set.
318 local counter=$(list_count true ${unreachable} ${prohibit} ${blackhole})
319 [ ${counter} -eq 1 ] || return ${EXIT_ERROR}
322 # mtu must be an integer number.
324 isinteger mtu || return ${EXIT_ERROR}
334 log DEBUG "Applying static routes...
"
336 # Flush the routing table.
337 route_table_flush ${table}
339 local ${NETWORK_CONFIG_ROUTES_PARAMS}
342 route_parse_line ${line}
343 [ $? -eq ${EXIT_OK} ] || continue
347 for arg in unreachable prohibit blackhole; do
348 if enabled ${arg}; then
355 route_entry_add ${network} --table="static
" --proto="static
" \
356 --type="${type}" --gateway="${gateway}" --mtu="${mtu}"
359 if [ ${ret} -ne ${EXIT_OK} ]; then
360 log WARNING "Could not
set route
'${network}'.
"
362 done < ${NETWORK_CONFIG_ROUTES}
364 # Create a lookup rule for the static routing table.
365 route_rule_add --lookup="static
" --priority=1000
378 while [ $# -gt 0 ]; do
381 gateway=$(cli_get_val ${1})
384 table=$(cli_get_val ${1})
387 type=$(cli_get_val ${1})
390 proto=$(cli_get_val ${1})
393 mtu=$(cli_get_val ${1})
396 if isset network; then
397 warning "Unrecognized argument
: ${1}"
407 assert isoneof type unicast broadcast unreachable prohibit blackhole
411 if ! ip_net_is_valid ${network} && ! ip_is_valid ${network}; then
412 error "The given network is invalid
: ${network}"
420 # Detect the protocol of the given network.
421 local protocol=$(ip_detect_protocol ${network})
423 case "${protocol}" in
425 command="ip
-6 route add
"
428 command="ip route add
"
431 log ERROR "Could not detect protocol
for ${network}"
437 list_append command "${type}"
439 # Add network/prefix.
440 list_append command "${network}"
442 if [ "${type}" = "unicast
" ]; then
444 assert ip_is_valid ${gateway}
446 list_append command "via
${gateway}"
449 # Add table (if any).
451 # Create routing table, if it does not exist, yet.
452 route_table_create ${table}
454 list_append command "table
${table}"
459 list_append command "proto
${proto}"
464 list_append command "mtu
${mtu}"
470 route_table_create() {
474 if route_table_exists ${table}; then
478 # Get the next free id.
479 local id=$(_route_table_next_id)
482 # Write everything to file.
483 print "%d
\t%s
" "${id}" "${table}" >> /etc/iproute2/rt_tables
485 log DEBUG "Created routing table
'${table}'.
"
490 _route_table_next_id() {
491 # The Linux kernel is able to manage 255 routing tables (1-255).
492 # This function returns the next free id, starting from 255.
495 for next_id in {255..1}; do
496 if ! route_table_exists --id="${next_id}"; then
505 route_table_flush() {
509 while [ $# -gt 0 ]; do
512 protocol=$(cli_get_val ${1})
521 # If the table does not exists, there is nothing to
523 route_table_exists ${table} || return ${EXIT_OK}
527 for proto in ${IP_SUPPORTED_PROTOCOLS}; do
528 # Skip unwanted protocols.
529 if isset protocol; then
530 [ "${protocol}" = "${proto}" ] || continue
536 command="ip
-6 route flush
"
539 command="ip route flush
"
544 list_append command "table
${table}"
553 route_table_exists() {
556 while [ $# -gt 0 ]; do
559 _id=$(cli_get_val ${1})
570 while read -r id table; do
572 [ "${id:0:1}" = "#" ] && continue
574 if [ "${_table}" = "${table}" ] || [ "${_id}" = "${id}" ]; then
578 done < /etc
/iproute
2/rt_tables
585 local protocols
=${IP_SUPPORTED_PROTOCOLS}
588 while [ $# -gt 0 ]; do
591 lookup
=$
(cli_get_val
${1})
594 priority
=$
(cli_get_val
${1})
597 protocols
=$
(cli_get_val
${1})
599 assert isoneof protocols
${IP_SUPPORTED_PROTOCOLS}
602 warning
"Unhandled argument: ${1}"
608 local command options
610 if isset lookup
; then
611 route_table_create
${lookup}
613 list_append options
"lookup ${lookup}"
616 if isset priority
; then
617 assert isinteger priority
619 list_append options
"prio ${priority}"
623 for proto
in ${protocols}; do
627 command="ip -6 rule add ${options}"
630 command="ip rule add ${options}"
635 # Skip, if the rule does already exist.
637 --protocol=${proto} \
639 --priority=${priority} \
646 route_rule_exists
() {
652 while [ $# -gt 0 ]; do
655 from
=$
(cli_get_val
${1})
658 lookup
=$
(cli_get_val
${1})
661 prio
=$
(cli_get_val
${1})
664 proto
=$
(cli_get_val
${1})
667 warning
"Unrecognized argument: ${1}"
676 command="ip -6 rule show"
679 command="ip rule show"
684 local _lookup _from _prio
686 while read -r line
; do
687 _route_rule_exists_parse
${line}
690 [ "${from}" = "${_from}" ] ||
continue
694 [ "${prio}" = "${_prio}" ] ||
continue
697 if isset lookup
; then
698 [ "${lookup}" = "${_lookup}" ] ||
continue
702 done <<< "$(${command})"
707 _route_rule_exists_parse
() {
708 # Reset all variables.
713 while [ $# -gt 0 ]; do
728 # Skip unknown arguments.