From 46a28dcda4cc335187e2be7d4daf96d42724de48 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 6 Feb 2018 14:49:21 +0000 Subject: [PATCH] Replace ipv[64]-static by one static hook There is no need to split this into multiple hooks since they share a lot of common configuration, etc. There is no migration path provided here. Signed-off-by: Michael Tremer --- Makefile.am | 5 +- src/header-config | 15 +- src/hooks/configs/ipv4-static | 208 --------------------------- src/hooks/configs/ipv6-static | 177 ----------------------- src/hooks/configs/static | 257 ++++++++++++++++++++++++++++++++++ 5 files changed, 273 insertions(+), 389 deletions(-) delete mode 100644 src/hooks/configs/ipv4-static delete mode 100644 src/hooks/configs/ipv6-static create mode 100644 src/hooks/configs/static diff --git a/Makefile.am b/Makefile.am index 2178652..7a755cc 100644 --- a/Makefile.am +++ b/Makefile.am @@ -209,10 +209,9 @@ src_inetcalc_LDADD = \ dist_hooks_configs_SCRIPTS = \ src/hooks/configs/dhcp \ - src/hooks/configs/ipv4-static \ src/hooks/configs/ipv6-auto \ - src/hooks/configs/ipv6-static \ - src/hooks/configs/pppoe-server + src/hooks/configs/pppoe-server \ + src/hooks/configs/static dist_hooks_ports_SCRIPTS = \ src/hooks/ports/bonding \ diff --git a/src/header-config b/src/header-config index ec85a70..141d52b 100644 --- a/src/header-config +++ b/src/header-config @@ -20,7 +20,20 @@ ############################################################################### hook_new() { - cmd_not_implemented + local zone="${1}" + shift + + # Parse command line arguments + if ! hook_parse_cmdline "$@"; then + return ${EXIT_ERROR} + fi + + # Write configuration to disk + if ! zone_config_settings_write "${zone}" "${HOOK}"; then + return ${EXIT_ERROR} + fi + + return ${EXIT_OK} } hook_edit() { diff --git a/src/hooks/configs/ipv4-static b/src/hooks/configs/ipv4-static deleted file mode 100644 index 7aea0b9..0000000 --- a/src/hooks/configs/ipv4-static +++ /dev/null @@ -1,208 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -. /usr/lib/network/header-config - -HOOK_MANPAGE="network-config-ipv4-static" - -HOOK_CONFIG_SETTINGS="HOOK ADDRESS PREFIX GATEWAY" - -hook_check_config_settings() { - assert isset ADDRESS - assert isinteger PREFIX - - if [ ${PREFIX} -gt 30 ]; then - error "PREFIX is greater than 30." - exit ${EXIT_ERROR} - fi -} - -hook_parse_cmdline() { - local arg - - while read -r arg; do - local key="$(cli_get_key "${arg}")" - local val="$(cli_get_val "${arg}")" - - case "${key}" in - address) - if ! ipv4_is_valid "${val}"; then - error "Invalid IPv4 address: ${val}" - exit ${EXIT_CONF_ERROR} - fi - - ADDRESS="${val}" - ;; - - prefix) - if ! ipv4_prefix_is_valid "${val}"; then - error "Invalid IPv4 prefix: ${val}" - exit ${EXIT_CONF_ERROR} - fi - - PREFIX="${val}" - ;; - - gateway) - if ! ipv4_is_valid "${val}"; then - error "Invalid IPv4 address for gateway: ${val}" - exit ${EXIT_CONF_ERROR} - fi - - GATEWAY="${val}" - ;; - - # Compatibility switches - netmask) - if ! ipv4_netmask_is_valid "${val}"; then - error "Invalid netmask: ${val}" - exit ${EXIT_CONF_ERROR} - fi - - # The netmask will be converted into a prefix - PREFIX="$(ipv4_netmask2prefix ${val})" - ;; - - # Unknown switches - *) - error "Unhandled argument: ${arg}" - exit ${EXIT_CONF_ERROR} - ;; - esac - done <<< "$(args "$@")" - - if ! isset ADDRESS; then - error "You need to provide an IPv4 address" - exit ${EXIT_CONF_ERROR} - fi - - if ! isset PREFIX; then - error "You need to provide an IPv4 prefix" - exit ${EXIT_CONF_ERROR} - fi - - if zone_config_check_same_setting "${zone}" "ipv4-static" "ADDRESS" "${ADDRESS}"; then - error "An ipv4-static config with the same IPv4 address is already configured" - exit ${EXIT_CONF_ERROR} - fi - - if ! isset GATEWAY && zone_is_nonlocal "${zone}"; then - warning "You did not configure a gateway for a non-local zone" - fi -} - -hook_new() { - local zone="${1}" - shift - - assert zone_exists "${zone}" - - if ! hook_parse_cmdline "$@"; then - # Return an error if the parsing of the cmd line fails - return ${EXIT_ERROR} - fi - - zone_config_settings_write "${zone}" "${HOOK}" - - exit ${EXIT_OK} -} - -hook_up() { - local zone=${1} - local config=${2} - shift 2 - - if ! device_exists ${zone}; then - error "Zone '${zone}' doesn't exist." - exit ${EXIT_ERROR} - fi - - zone_config_settings_read "${zone}" "${config}" - - ip_address_add ${zone} ${ADDRESS}/${PREFIX} - - # Save configuration - db_set "${zone}/ipv4/type" "${HOOK}" - db_set "${zone}/ipv4/local-ip-address" "${ADDRESS}/${PREFIX}" - db_set "${zone}/ipv4/remote-ip-address" "${GATEWAY}" - db_set "${zone}/ipv4/active" 1 - - routing_update ${zone} ipv4 - routing_default_update - - exit ${EXIT_OK} -} - -hook_down() { - local zone=${1} - local config=${2} - shift 2 - - if ! device_exists ${zone}; then - error "Zone '${zone}' doesn't exist." - exit ${EXIT_ERROR} - fi - - # Remove routing information from database. - db_delete "${zone}/ipv4" - - zone_config_settings_read "${zone}" "${config}" - - ip_address_del ${zone} ${ADDRESS}/${PREFIX} - - # Update routing tables. - routing_default_update - - exit ${EXIT_OK} -} - -hook_status() { - local zone="${1}" - assert isset zone - - local config="${2}" - assert isset config - - shift 2 - - if ! device_exists ${zone}; then - error "Zone '${zone}' doesn't exist." - exit ${EXIT_ERROR} - fi - - zone_config_settings_read "${zone}" "${config}" - - local status - if zone_has_ip ${zone} ${ADDRESS}/${PREFIX}; then - status=${MSG_HOOK_UP} - else - status=${MSG_HOOK_DOWN} - fi - cli_statusline 3 "${HOOK}" "${status}" - - cli_print_fmt1 3 "IPv4 address" "${ADDRESS}/${PREFIX}" - if [ -n "${GATEWAY}" ]; then - cli_print_fmt1 3 "Gateway" "${GATEWAY}" - fi - cli_space - - exit ${EXIT_OK} -} diff --git a/src/hooks/configs/ipv6-static b/src/hooks/configs/ipv6-static deleted file mode 100644 index ca6cc5b..0000000 --- a/src/hooks/configs/ipv6-static +++ /dev/null @@ -1,177 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -. /usr/lib/network/header-config - -HOOK_CONFIG_SETTINGS="HOOK ADDRESS PREFIX GATEWAY" - -hook_check_config_settings() { - assert isset ADDRESS - assert isinteger PREFIX - - if [ ${PREFIX} -gt 64 ]; then - error "PREFIX is greater than 64." - exit ${EXIT_ERROR} - fi -} - -hook_parse_cmdline() { - while [ $# -gt 0 ]; do - case "${1}" in - --gateway=*) - GATEWAY=${1#--gateway=} - ;; - *:*/*) - ADDRESS=$(ip_split_prefix "${1}") - PREFIX=$(ip_get_prefix "${1}") - ;; - *) - error "Invalid argument: ${1}" - return ${EXIT_ERROR} - ;; - esac - shift - done - - if ! isset ADDRESS; then - error "You need to pass an address" - return ${EXIT_ERROR} - fi - - if ! isset PREFIX; then - error "You need to pass a prefix" - return ${EXIT_ERROR} - fi - - if ! ipv6_is_valid "${ADDRESS}"; then - error "${ADDRESS} is not a valid IPv6 address" - return ${EXIT_ERROR} - fi - - if ! ipv6_prefix_is_valid "${PREFIX}"; then - error "${PREFIX} is not a valid IPv6 prefix" - return ${EXIT_ERROR} - fi - - if zone_config_check_same_setting "${zone}" "ipv6-static" "ADDRESS" "${ADDRESS}"; then - error "An ipv6-static config with the same IPv6 address is already configured" - exit ${EXIT_CONF_ERROR} - fi - - # Store IPv6 address in small format. - ADDRESS=$(ipv6_format "${ADDRESS}") - - if [ -n "${GATEWAY}" ]; then - GATEWAY=$(ipv6_format "${GATEWAY}") - fi -} - -hook_new() { - local zone=${1} - shift - - if ! hook_parse_cmdline "$@"; then - # Return an error if the parsing of the cmd line fails - return ${EXIT_ERROR} - fi - - zone_config_settings_write "${zone}" "${HOOK}" - - exit ${EXIT_OK} -} - -hook_up() { - local zone=${1} - local config=${2} - shift 2 - - if ! device_exists ${zone}; then - error "Zone '${zone}' doesn't exist." - exit ${EXIT_ERROR} - fi - - zone_config_settings_read "${zone}" "${config}" - - ip_address_add ${zone} ${ADDRESS}/${PREFIX} - - db_set "${zone}/ipv6/local-ip-address" "${ADDRESS}/${PREFIX}" - db_set "${zone}/ipv6/remote-ip-address" "${GATEWAY}" - db_set "${zone}/ipv6/active" 1 - - routing_default_update - - exit ${EXIT_OK} -} - -hook_down() { - local zone=${1} - local config=${2} - shift 2 - - if ! device_exists ${zone}; then - error "Zone '${zone}' doesn't exist." - exit ${EXIT_ERROR} - fi - - # Remove routing information from database. - db_delete "${zone}/ipv6" - - zone_config_settings_read "${zone}" "${config}" - - ip_address_del ${zone} ${ADDRESS}/${PREFIX} - - # Update routing tables. - routing_default_update - - exit ${EXIT_OK} -} - -hook_status() { - local zone=${1} - local config=${2} - shift 2 - - if ! device_exists ${zone}; then - error "Zone '${zone}' doesn't exist." - exit ${EXIT_ERROR} - fi - - zone_config_settings_read "${zone}" "${config}" - - # Make sure ADDRESS is as short as possible. - ADDRESS=$(ipv6_format "${ADDRESS}") - - local status - if zone_has_ip ${zone} ${ADDRESS}/${PREFIX}; then - status=${MSG_HOOK_UP} - else - status=${MSG_HOOK_DOWN} - fi - cli_statusline 3 "${HOOK}" "${status}" - - cli_print_fmt1 3 "IPv6 address" "${ADDRESS}/${PREFIX}" - if [ -n "${GATEWAY}" ]; then - cli_print_fmt1 3 "Gateway" "${GATEWAY}" - fi - cli_space - - exit ${EXIT_OK} -} diff --git a/src/hooks/configs/static b/src/hooks/configs/static new file mode 100644 index 0000000..91bba8a --- /dev/null +++ b/src/hooks/configs/static @@ -0,0 +1,257 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +. /usr/lib/network/header-config + +HOOK_CONFIG_SETTINGS="HOOK ADDRESS PREFIX GATEWAY" + +hook_check_config_settings() { + local protocol="$(ip_detect_protocol "${ADDRESS}")" + + case "${protocol}" in + ipv6) + assert ipv6_is_valid "${ADDRESS}" + assert ipv6_prefix_is_valid "${PREFIX}" + + isset GATEWAY && assert ipv6_is_valid "${GATEWAY}" + ;; + + ipv4) + assert ipv4_is_valid "${ADDRESS}" + assert ipv4_prefix_is_valid "${PREFIX}" + + isset GATEWAY && assert ipv4_is_valid "${GATEWAY}" + ;; + + *) + error "Could not determine protocol: ${protocol}" + return ${EXIT_CONF_ERROR} + ;; + esac + + return ${EXIT_OK} +} + +hook_parse_cmdline() { + local protocol + + while [ $# -gt 0 ]; do + case "${1}" in + # IPv6 + *:*/*) + protocol="ipv6" + + ADDRESS="$(ip_split_prefix "${1}")" + PREFIX="$(ip_get_prefix "${1}")" + + # Validate address + if ! ipv6_is_valid "${ADDRESS}"; then + error "Invalid IP address: ${ADDRESS}" + return ${EXIT_CONF_ERROR} + fi + + # Validate prefix + if ! ipv6_prefix_is_valid "${PREFIX}"; then + error "Invalid prefix: ${PREFIX}" + return ${EXIT_CONF_ERROR} + fi + + # Store the IPv6 address in its shortest format + ADDRESS="$(ipv6_format "${ADDRESS}")" + ;; + + # IPv4 + *.*.*.*/*) + protocol="ipv4" + + ADDRESS="$(ip_split_prefix "${1}")" + PREFIX="$(ip_get_prefix "${1}")" + + # Validate address + if ! ipv4_is_valid "${ADDRESS}"; then + error "Invalid IP address: ${ADDRESS}" + return ${EXIT_CONF_ERROR} + fi + + # Validate prefix + if ! ipv4_prefix_is_valid "${PREFIX}"; then + # This might be a netmask instead + local prefix_from_netmask="$(ipv4_netmask2prefix "${PREFIX}")" + + if ! ipv4_prefix_is_valid "${prefix_from_netmask}"; then + PREFIX="${prefix_from_netmask}" + else + error "Invalid prefix or netmask: ${PREFIX}" + return ${EXIT_CONF_ERROR} + fi + fi + ;; + + # Gateway + --gateway=*) + GATEWAY="$(cli_get_val "${1}")" + + # Validate input + if isset GATEWAY && ! ip_is_valid "${GATEWAY}"; then + error "Invalid gateway IP address: ${GATEWAY}" + return ${EXIT_CONF_ERROR} + fi + ;; + + *) + error "Invalid argument: ${1}" + return ${EXIT_CONF_ERROR} + ;; + esac + shift + done + + # Check if an address has been set + if ! isset ADDRESS; then + error "No IP address provided" + return ${EXIT_CONF_ERROR} + fi + + # Check if a prefix has been set + if ! isset PREFIX; then + error "No prefix provided" + return ${EXIT_CONF_ERROR} + fi + + # More gateway validation + if isset GATEWAY; then + local gateway_protocol="$(ip_detect_protocol "${GATEWAY}")" + + # Make sure that the prefix is of the same protocol version + if [ "${gateway_protocol}" != "${protocol}" ]; then + error "The gateway is of a wrong protocol: ${GATEWAY}" + return ${EXIT_CONF_ERROR} + fi + + # Make IP address as short as possible + if [ "${gateway_protocol}" = "ipv6" ]; then + GATEWAY="$(ipv6_format "${GATEWAY}")" + fi + fi + + # Check any conflicts + if zone_config_check_same_setting "${zone}" "static" "ADDRESS" "${ADDRESS}"; then + error "A static configuration with the same address is already configured" + return ${EXIT_CONF_ERROR} + fi +} + +hook_up() { + local zone="${1}" + local config="${2}" + shift 2 + + # Check if the device exists + if ! device_exists ${zone}; then + error "Zone ${zone} doesn't exist" + return ${EXIT_ERROR} + fi + + # Read configuration + if ! zone_config_settings_read "${zone}" "${config}"; then + error "Could not read configuration for ${zone} ${config}" + return ${EXIT_ERROR} + fi + + # Add IP address to the interface + if ! ip_address_add "${zone}" "${ADDRESS}/${PREFIX}"; then + return ${EXIT_ERROR} + fi + + local protocol="$(ip_detect_protocol "${ADDRESS}")" + assert isset protocol + + db_set "${zone}/${protocol}/type" "${HOOK}" + db_set "${zone}/${protocol}/local-ip-address" "${ADDRESS}/${PREFIX}" + db_set "${zone}/${protocol}/remote-ip-address" "${GATEWAY}" + db_set "${zone}/${protocol}/active" 1 + + # Update routing tables + routing_update "${zone}" "${protocol}" + routing_default_update + + exit ${EXIT_OK} +} + +hook_down() { + local zone=${1} + local config=${2} + shift 2 + + if ! device_exists ${zone}; then + error "Zone ${zone} doesn't exist" + exit ${EXIT_ERROR} + fi + + # Read configuration + if ! zone_config_settings_read "${zone}" "${config}"; then + return ${EXIT_ERRO} + fi + + # Remove routing information from database + local protocol="$(ip_detect_protocol "${ADDRESS}")" + assert isset protocol + db_delete "${zone}/${protocol}" + + # Remove the IP address + ip_address_del "${zone}" "${ADDRESS}/${PREFIX}" + + # Update routing tables + routing_update "${zone}" "${protocol}" + routing_default_update + + return ${EXIT_OK} +} + +hook_status() { + local zone=${1} + local config=${2} + shift 2 + + if ! device_exists ${zone}; then + error "Zone ${zone} doesn't exist" + exit ${EXIT_ERROR} + fi + + # Read configuration + if ! zone_config_settings_read "${zone}" "${config}"; then + return ${EXIT_ERROR} + fi + + local status=${MSG_HOOK_UP} + if ! zone_has_ip "${zone}" "${ADDRESS}/${PREFIX}"; then + status=${MSG_HOOK_DOWN} + fi + cli_statusline 3 "${HOOK}" "${status}" + + cli_print_fmt1 3 "IP Address" "${ADDRESS}/${PREFIX}" + if [ -n "${GATEWAY}" ]; then + cli_print_fmt1 3 "Gateway" "${GATEWAY}" + fi + cli_space + + return ${EXIT_OK} +} -- 2.47.3