[people/arne_f/network.git] / functions.virtual

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

function virtual_init() {
	module_load 8021q

	ebtables-restore <<EOF
*filter
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT

*broute
:BROUTING ACCEPT
-A BROUTING -p 802_1Q -j DROP
EOF
}

init_register virtual_init

function virtual_create() {
	local port=$(devicify ${1})
	local vid=${2}
	local mac=${3}
	local newport=${port}v${vid}

	if [ -z "${mac}" ]; then
		mac=$(mac_generate)
	fi

	log INFO "Creating virtual device '${newport}' with address '${mac}'."

	local oldport=$(virtual_get_by_parent_and_vid ${port} ${vid})

	if device_exists ${oldport}; then
		local differences

		if [ "${oldport}" != "${newport}" ]; then
			differences="${differences} name"
		fi
		if [ "$(device_get_address ${oldport})" != "${mac}" ]; then
			differences="${differences} address"
		fi
		
		echo "differences: $differences"

		if [ -n "${differences}" ]; then
			if device_is_used ${oldport}; then
				error_log "There was a device '${oldport}' set up with VID '${vid}' and parent '${port}' which is used somewhere else. Cannot go on." 
				return ${EXIT_ERROR}
			else
				log DEBUG "There is a device '${oldport}' but it not used, so we grab it to ourselves."
			fi
		else
			log DEBUG "Device '${newport}' already exists and reflects our configuration. Go on."

			device_set_up ${oldport}
			return ${EXIT_OK}
		fi

	else
		log DEBUG "Virtual device '${newport}' does not exist, yet."

		vconfig set_name_type DEV_PLUS_VID_NO_PAD >/dev/null
		vconfig add ${port} ${vid} >/dev/null
		
		if [ $? -ne ${EXIT_OK} ]; then
			error_log "Could not create virtual device '${newport}'."
			return ${EXIT_ERROR}
		fi

		oldport=$(virtual_get_by_parent_and_vid ${port} ${vid})

	fi

	assert device_exists ${oldport}

	if ! device_exists ${oldport}; then
		error "Could not determine the created virtual device '${newport}'."
		return ${EXIT_ERROR}
	fi

	# The device is expected to be named like ${port}.${vid}
	# and will be renamed to the virtual schema
	device_set_name ${oldport} ${newport}

	if [ $? -ne ${EXIT_OK} ]; then
		error_log "Could not set name of virtual device '${newport}'."
		return ${EXIT_ERROR}
	fi

	assert device_exists ${newport}

	# Setting new mac address
	device_set_address ${newport} ${mac}
	
	if [ $? -ne ${EXIT_OK} ]; then
		error_log "Could not set address '${mac}' to virtual device '${newport}'."
		return ${EXIT_ERROR}
	fi

	# Bring up the new device
	device_set_up ${newport}

	return ${EXIT_OK}
}

function virtual_remove() {
	local device=$(devicify ${1})

	log INFO "Removing virtual device '${device}' with address '$(macify ${device})'."

	device_set_down ${device}

	vconfig rem ${device} >/dev/null

	if [ $? -ne ${EXIT_OK} ]; then
		error_log "Could not remote virtual device '${newport}'."
		return ${EXIT_ERROR}
	fi

	return ${EXIT_OK}
}

function virtual_get_parent() {
	local device=${1}

	local parent=$(grep "^${device}" < /proc/net/vlan/config | awk '{ print $NF }')

	if device_exists ${parent}; then
		echo "${parent}"
		return ${EXIT_OK}
	fi

	return ${EXIT_ERROR}
}

function virtual_get_by_parent_and_vid() {
	local parent=${1}
	local vid=${2}

	assert isset parent
	assert isset vid

	local v_port
	local v_id
	local v_parent

	assert [ -e "/proc/net/vlan/config" ]

	fgrep '|' < /proc/net/vlan/config | tr -d '|' | \
		while read v_port v_id v_parent; do
			if [ "${v_parent}" = "${parent}" ] && [ "${v_id}" = "${vid}" ]; then
				echo "${v_port}"
				return ${EXIT_OK}
			fi
		done

	return ${EXIT_ERROR}
}
Commit	Line	Data
943e3f7e	1	#!/bin/bash
9620ecef MT	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
943e3f7e MT	21
	22	function virtual_init() {
	23	module_load 8021q
b8357295 MT	24
	25	ebtables-restore <<EOF
	26	*filter
	27	:INPUT ACCEPT
	28	:FORWARD ACCEPT
	29	:OUTPUT ACCEPT
	30
	31	*broute
	32	:BROUTING ACCEPT
	33	-A BROUTING -p 802_1Q -j DROP
	34	EOF
943e3f7e MT	35	}
	36
	37	init_register virtual_init
9620ecef	38
9620ecef MT	39	function virtual_create() {
	40	local port=$(devicify ${1})
	41	local vid=${2}
	42	local mac=${3}
	43	local newport=${port}v${vid}
	44
	45	if [ -z "${mac}" ]; then
	46	mac=$(mac_generate)
	47	fi
	48
	49	log INFO "Creating virtual device '${newport}' with address '${mac}'."
	50
	51	local oldport=$(virtual_get_by_parent_and_vid ${port} ${vid})
	52
	53	if device_exists ${oldport}; then
	54	local differences
	55
	56	if [ "${oldport}" != "${newport}" ]; then
	57	differences="${differences} name"
	58	fi
	59	if [ "$(device_get_address ${oldport})" != "${mac}" ]; then
	60	differences="${differences} address"
	61	fi
	62
	63	echo "differences: $differences"
	64
	65	if [ -n "${differences}" ]; then
	66	if device_is_used ${oldport}; then
	67	error_log "There was a device '${oldport}' set up with VID '${vid}' and parent '${port}' which is used somewhere else. Cannot go on."
	68	return ${EXIT_ERROR}
	69	else
	70	log DEBUG "There is a device '${oldport}' but it not used, so we grab it to ourselves."
	71	fi
	72	else
	73	log DEBUG "Device '${newport}' already exists and reflects our configuration. Go on."
	74
	75	device_set_up ${oldport}
	76	return ${EXIT_OK}
	77	fi
	78
	79	else
	80	log DEBUG "Virtual device '${newport}' does not exist, yet."
	81
	82	vconfig set_name_type DEV_PLUS_VID_NO_PAD >/dev/null
	83	vconfig add ${port} ${vid} >/dev/null
	84
	85	if [ $? -ne ${EXIT_OK} ]; then
	86	error_log "Could not create virtual device '${newport}'."
	87	return ${EXIT_ERROR}
	88	fi
	89
	90	oldport=$(virtual_get_by_parent_and_vid ${port} ${vid})
	91
	92	fi
	93
	94	assert device_exists ${oldport}
	95
	96	if ! device_exists ${oldport}; then
	97	error "Could not determine the created virtual device '${newport}'."
	98	return ${EXIT_ERROR}
	99	fi
	100
	101	# The device is expected to be named like ${port}.${vid}
	102	# and will be renamed to the virtual schema
103	device_set_name ${oldport} ${newport}
104
105	if [ $? -ne ${EXIT_OK} ]; then
106	error_log "Could not set name of virtual device '${newport}'."
107	return ${EXIT_ERROR}
108	fi
109
110	assert device_exists ${newport}
111
112	# Setting new mac address
113	device_set_address ${newport} ${mac}
114
115	if [ $? -ne ${EXIT_OK} ]; then
116	error_log "Could not set address '${mac}' to virtual device '${newport}'."
117	return ${EXIT_ERROR}
118	fi
119
120	# Bring up the new device
121	device_set_up ${newport}
122
123	return ${EXIT_OK}
124	}
125
126	function virtual_remove() {
127	local device=$(devicify ${1})
128
129	log INFO "Removing virtual device '${device}' with address '$(macify ${device})'."
130
131	device_set_down ${device}
132
133	vconfig rem ${device} >/dev/null
134
135	if [ $? -ne ${EXIT_OK} ]; then
136	error_log "Could not remote virtual device '${newport}'."
137	return ${EXIT_ERROR}
138	fi
139
140	return ${EXIT_OK}
141	}
142
143	function virtual_get_parent() {
144	local device=${1}
145
146	local parent=$(grep "^${device}" < /proc/net/vlan/config \| awk '{ print $NF }')
147
148	if device_exists ${parent}; then
149	echo "${parent}"
150	return ${EXIT_OK}
151	fi
152
153	return ${EXIT_ERROR}
154	}
155
156	function virtual_get_by_parent_and_vid() {
157	local parent=${1}
158	local vid=${2}
159
160	assert isset parent
161	assert isset vid
162
163	local v_port
164	local v_id
165	local v_parent
166
167	assert [ -e "/proc/net/vlan/config" ]
168
169	fgrep '\|' < /proc/net/vlan/config \| tr -d '\|' \| \
170	while read v_port v_id v_parent; do
171	if [ "${v_parent}" = "${parent}" ] && [ "${v_id}" = "${vid}" ]; then
172	echo "${v_port}"
173	return ${EXIT_OK}
174	fi
175	done
176
177	return ${EXIT_ERROR}
178	}