]>
Commit | Line | Data |
---|---|---|
7b616db4 JS |
1 | #!/bin/bash |
2 | ############################################################################ | |
3 | # # | |
4 | # This file is part of the IPFire Firewall. # | |
5 | # # | |
6 | # IPFire is free software; you can redistribute it and/or modify # | |
7 | # it under the terms of the GNU General Public License as published by # | |
8 | # the Free Software Foundation; either version 2 of the License, or # | |
9 | # (at your option) any later version. # | |
10 | # # | |
11 | # IPFire is distributed in the hope that it will be useful, # | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
14 | # GNU General Public License for more details. # | |
15 | # # | |
16 | # You should have received a copy of the GNU General Public License # | |
17 | # along with IPFire; if not, write to the Free Software # | |
18 | # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # | |
19 | # # | |
20 | # Copyright (C) 2016 IPFire Team <info@ipfire.org> # | |
21 | # # | |
22 | ############################################################################ | |
23 | ||
24 | [ -n "${INTERFACE}" ] || exit 2 | |
25 | ||
4aef53d5 | 26 | eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) |
7b616db4 | 27 | |
4aef53d5 JS |
28 | detect_zone() { |
29 | local intf="${INTERFACE%0*}" | |
30 | intf="${intf^^}" | |
31 | ||
32 | local zone | |
33 | for zone in GREEN BLUE ORANGE RED; do | |
34 | # Try to find if INTERFACE is the *phys version of a zone | |
35 | if [ "${intf}" = "${zone}" ]; then | |
36 | echo "${zone}" | |
37 | return 0 | |
38 | fi | |
39 | ||
40 | # Try to find out if this INTERFACE is a slave of a zone | |
41 | local slave | |
42 | for slave in $(get_value "${zone}_SLAVES"); do | |
43 | if [ "${INTERFACE}" = "${slave}" ]; then | |
44 | echo "${zone}" | |
45 | return 0 | |
46 | fi | |
47 | done | |
48 | done | |
49 | ||
50 | return 1 | |
51 | } | |
52 | ||
53 | get_value() { | |
54 | echo "${!1}" | |
55 | } | |
56 | ||
57 | random_mac_address() { | |
58 | local address="02" | |
59 | ||
60 | for i in $(seq 5); do | |
61 | printf -v address "${address}:%02x" "$(( RANDOM % 256 ))" | |
62 | done | |
63 | ||
64 | echo "${address}" | |
65 | } | |
66 | ||
67 | # Try to detect which zone we are operating on | |
68 | ZONE=$(detect_zone) | |
69 | ||
70 | # Cannot proceed if we could not find a zone | |
71 | if [ -z "${ZONE}" ]; then | |
72 | exit 0 | |
73 | fi | |
74 | ||
75 | # Determine the mode of this zone | |
76 | MODE="$(get_value "${ZONE}_MODE")" | |
77 | ||
78 | # The name of the virtual bridge | |
79 | BRIDGE="$(get_value "${ZONE}_DEV")" | |
80 | ||
81 | case "${MODE}" in | |
82 | bridge) | |
83 | ADDRESS="$(get_value "${ZONE}_MACADDR")" | |
84 | [ -n "${ADDRESS}" ] || ADDRESS="$(random_mac_address)" | |
85 | ||
86 | # We need to create the bridge if it doesn't exist, yet | |
87 | if [ ! -d "/sys/class/net/${BRIDGE}" ]; then | |
88 | ip link add "${BRIDGE}" address "${ADDRESS}" type bridge | |
89 | #ip link set "${BRIDGE}" up | |
90 | fi | |
91 | ||
92 | # Attach the physical device | |
93 | ip link set dev "${INTERFACE}" master "${BRIDGE}" | |
94 | ip link set dev "${INTERFACE}" up | |
7b616db4 | 95 | ;; |
4aef53d5 JS |
96 | |
97 | macvtap) | |
98 | ADDRESS="$(</sys/class/net/${INTERFACE}/address)" | |
99 | GENERATED_ADDRESS=$(random_mac_address) | |
100 | ||
101 | ip link add link "${INTERFACE}" "${BRIDGE}" address "${ADDRESS}" type macvlan mode bridge | |
102 | ip link set "${INTERFACE}" address "${GENERATED_ADDRESS}" | |
103 | ip link set "${INTERFACE}" up | |
7b616db4 | 104 | ;; |
7b616db4 | 105 | |
4aef53d5 JS |
106 | "") |
107 | exit 0 | |
108 | ;; | |
7b616db4 | 109 | |
4aef53d5 JS |
110 | *) |
111 | logger -t "network" "Unhandled mode '${MODE}' for '${ZONE}' (${INTERFACE})" | |
112 | exit 1 | |
113 | ;; | |
114 | esac |