2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2010 Michael Tremer & Christian Schmidt #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
22 # A list of supported versions of the IP protocol
23 IP_SUPPORTED_PROTOCOLS
=""
36 # Break if no prefix is provided
37 [[ ${address} =~ \
/ ]] ||
return ${EXIT_OK}
42 ip_detect_protocol
() {
46 # Remove prefix so that we can handle subnet, too
47 address
=$
(ip_split_prefix
${address})
50 for protocol
in ${IP_SUPPORTED_PROTOCOLS}; do
51 if ${protocol}_is_valid
"${address}"; then
60 ip_protocol_is_supported
() {
65 listmatch
${proto} ${IP_SUPPORTED_PROTOCOLS}
73 for protocol
in ${IP_SUPPORTED_PROTOCOLS}; do
74 if ${protocol}_is_valid
"${address}"; then
86 # Get the address part.
87 local address
=$
(ip_split_prefix
${network})
88 isset address ||
return ${EXIT_FALSE}
91 local prefix
=$
(ip_get_prefix
${network})
92 isset prefix ||
return ${EXIT_FALSE}
94 # Detect the protocol (if this fails, the
95 # address part is invalid)
96 local proto
=$
(ip_detect_protocol
${address})
97 isset proto ||
return ${EXIT_FALSE}
99 # Check if the prefix is correct.
100 ip_prefix_is_valid
${proto} ${prefix} || return ${EXIT_FALSE}
105 ip_prefix_is_valid
() {
113 ipv4_prefix_is_valid
${prefix}
117 ipv6_prefix_is_valid
${prefix}
122 assert ip_protocol_is_supported
${proto}
126 inetcalc
-n $@
&& return ${EXIT_OK} ||
return ${EXIT_ERROR}
129 ip_network_is_subset_of
() {
132 inetcalc
-s $@
&& return ${EXIT_TRUE} ||
return ${EXIT_FALSE}
140 assert device_exists
${device}
142 local prefix
=$
(ip_get_prefix
${address})
143 address
=$
(ip_split_prefix
${address})
148 echo "ADDRESS = $address"
150 # Detect the protocol version
151 local protocol
=$
(ip_detect_protocol
"${address}")
152 assert ip_protocol_is_supported
"${protocol}"
154 case "${protocol}" in
156 assert ipv6_prefix_is_valid
"${prefix}"
159 assert ipv4_prefix_is_valid
"${prefix}"
163 case "${protocol}" in
165 if ipv4_detect_duplicate
${device} ${address}; then
166 error_log
"Duplicate address detected on zone '${device}' (${address})."
167 error_log
"Cannot continue."
173 if ! device_has_ip
${device} ${address}/${prefix}; then
174 assert ip addr add
${address}/${prefix} dev ${device}
176 log DEBUG
"IP address '${address}' (${protocol}) was successfully configured on device '${device}'."
178 case "${protocol}" in
180 # Announce our new address to the neighbours
181 ipv4_update_neighbours
${device} ${address}
185 log DEBUG
"IP address '${address}' (${protocol}) was already configured on device '${device}'."
196 assert device_exists
${device}
198 local prefix
=$
(ip_get_prefix
${address})
199 address
=$
(ip_split_prefix
${address})
203 # Detect the protocol version
204 local protocol
=$
(ip_detect_protocol
"${address}")
205 assert ip_protocol_is_supported
"${protocol}"
207 if device_has_ip
${device} ${address}/${prefix}; then
208 assert ip addr del
${address}/${prefix} dev ${device}
210 log DEBUG
"IP address '${address}' (${protocol}) was successfully removed from device '${device}'."
212 log DEBUG
"IP address '${address}' (${protocol}) was not configured on device '${device}'."