--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+function bonding_create() {
+ local device=${1}
+ local mac=${2}
+
+ [ -z "${mac}" ] && mac=$(mac_generate)
+
+ log INFO "Creating bonding device '${device}' (${mac})."
+
+ echo "+${device}" > /sys/class/net/bonding_masters
+ device_set_address ${mac}
+ device_set_up ${device}
+}
+
+function bonding_remove() {
+ local device=$(devicify ${1})
+
+ log INFO "Remove bonding device '${device}'."
+
+ device_set_down ${device}
+ echo "-${device}" > /sys/class/net/bonding_masters
+}
+
+function bonding_set_mode() {
+ local device=${1}
+ local mode=${2}
+
+ log INFO "Setting bonding mode on '${device}' '${mode}'."
+
+ echo "${mode}" > /sys/class/net/${device}/bonding/mode
+}
+
+function bonding_enslave_device() {
+ local device=$(devicify ${1})
+ local slave=$(devicify ${2})
+ shift 2
+
+ log INFO "Enslaving slave '${slave}' to '${device}'."
+
+ device_set_down ${slave}
+ echo "+${slave}" > /sys/class/net/${device}/bonding/slaves
+}
local hook
local out
local ret
- for hook in $(hooks_get_all); do
- out=$(hook_exec ${hook} discover ${device})
+ for hook in $(hook_zone_get_all); do
+ out=$(hook_zone_exec ${hook} discover ${device})
ret=$?
[ ${ret} -eq ${DISCOVER_NOT_SUPPORTED} ] && continue
log INFO "Running discovery process on device '${device}'."
local hook
- for hook in $(hooks_get_all); do
- hook_exec ${hook} discover ${device}
+ for hook in $(hook_zone_get_all); do
+ hook_zone_exec ${hook} discover ${device}
done
}
return ${EXIT_ERROR}
}
-function device_bonding_create() {
- local device=${1}
- local mac=${2}
-
- [ -z "${mac}" ] && mac=$(mac_generate)
-
- log INFO "Creating bonding device '${device}' (${mac})."
-
- echo "+${device}" > /sys/class/net/bonding_masters
- device_set_address ${mac}
- device_set_up ${device}
-}
-
-function device_bonding_remove() {
- local device=$(devicify ${1})
-
- log INFO "Remove bonding device '${device}'."
-
- device_set_down ${device}
- echo "-${device}" > /sys/class/net/bonding_masters
-}
-
-function bonding_set_mode() {
- local device=${1}
- local mode=${2}
-
- log INFO "Setting bonding mode on '${device}' '${mode}'."
-
- echo "${mode}" > /sys/class/net/${device}/bonding/mode
-}
-
-function bonding_enslave_device() {
- local device=$(devicify ${1})
- local slave=$(devicify ${2})
- shift 2
-
- log INFO "Enslaving slave '${slave}' to '${device}'."
-
- device_set_down ${slave}
- echo "+${slave}" > /sys/class/net/${device}/bonding/slaves
-}
-
function bridge_attach_device() {
local bridge=${1}
local device=${2}
# #
###############################################################################
+function hook_dir() {
+ local type=${1}
+
+ echo "${HOOKS_DIR}/${type}s"
+}
+
function hook_exists() {
- local hook=${1}
+ local type=${1}
+ local hook=${2}
- [ -d "${HOOKS_DIR}/${hook}" ] && return ${EXIT_ERROR}
+ local hook_dir=$(hook_dir ${type})
- [ -x "${HOOKS_DIR}/${hook}" ]
+ [ -d "${hook_dir}/${hook}" ] && return ${EXIT_ERROR}
+
+ [ -x "${hook_dir}/${hook}" ]
}
-function hook_port_exists() {
+function hook_exec() {
+ local type=${1}
+ local hook=${2}
+ shift 2
+
+ if ! hook_exists ${type} ${hook}; then
+ error "Hook '${hook}' does not exist."
+ return ${EXIT_ERROR}
+ fi
+
+ ${SHELL} $(hook_dir ${type})/${hook} $@
+}
+
+function config_get_hook() {
+ local config=${1}
+
+ (
+ . ${config}
+ echo "${HOOK}"
+ )
+}
+
+## Wrappers around the hook functions for zones
+
+function hook_zone_exists() {
+ hook_exists zone $@
+}
+
+function hook_zone_port_exists() {
local hook_zone=${1}
local hook_port=${2}
- hook_exists ${hook_zone} || return ${EXIT_ERROR}
+ hook_zone_exists ${hook_zone} || return ${EXIT_ERROR}
- [ -x "${HOOKS_DIR}/${hook_zone}.ports/${hook_port}" ]
+ [ -x "$(hook_dir zone)/${hook_zone}.ports/${hook_port}" ]
}
-function hook_config_exists() {
+function hook_zone_config_exists() {
local hook_zone=${1}
local hook_config=${2}
- hook_exists ${hook_zone} || return ${EXIT_ERROR}
+ hook_zone_exists ${hook_zone} || return ${EXIT_ERROR}
- [ -x "${HOOKS_DIR}/${hook_zone}.configs/${hook_config}" ]
+ [ -x "$(hook_dir zone)/${hook_zone}.configs/${hook_config}" ]
}
-function hook_has_ports() {
+function hook_zone_has_ports() {
local hook=${1}
- [ -d "${HOOKS_DIR}/${hook}.ports" ]
+ [ -d "$(hook_dir zone)/${hook}.ports" ]
}
-function hook_has_configs() {
+function hook_zone_has_configs() {
local hook=${1}
- [ -d "${HOOKS_DIR}/${hook}.configs" ]
+ [ -d "$(hook_dir zone)/${hook}.configs" ]
}
-function hook_exec() {
- local hook=${1}
- shift
-
- if ! hook_exists ${hook}; then
- error "Hook '${hook}' does not exist."
- return ${EXIT_ERROR}
- fi
-
- ${SHELL} ${HOOKS_DIR}/${hook} $@
+function hook_zone_exec() {
+ hook_exec zone $@
}
-function hook_port_exec() {
+function hook_zone_port_exec() {
local hook_zone=${1}
local hook_port=${2}
shift 2
- if ! hook_exists ${hook_zone}; then
+ if ! hook_exists zone ${hook_zone}; then
error "Hook '${hook_zone}' does not exist."
return ${EXIT_ERROR}
fi
- if ! hook_port_exists ${hook_zone} ${hook_port}; then
+ if ! hook_zone_port_exists ${hook_zone} ${hook_port}; then
error "Port hook '${hook_port}' does not exist."
return ${EXIT_ERROR}
fi
- ${SHELL} ${HOOKS_DIR}/${hook_zone}.ports/${hook_port} $@
+ ${SHELL} $(hook_dir zone)/${hook_zone}.ports/${hook_port} $@
}
-function hook_config_exec() {
+function hook_zone_config_exec() {
local hook_zone=${1}
local hook_config=${2}
shift 2
- if ! hook_exists ${hook_zone}; then
+ if ! hook_zone_exists ${hook_zone}; then
error "Hook '${hook_zone}' does not exist."
return ${EXIT_ERROR}
fi
- if ! hook_config_exists ${hook_zone} ${hook_config}; then
+ if ! hook_zone_config_exists ${hook_zone} ${hook_config}; then
error "Config hook '${hook_config}' does not exist."
return ${EXIT_ERROR}
fi
- ${SHELL} ${HOOKS_DIR}/${hook_zone}.configs/${hook_config} $@
+ ${SHELL} $(hook_dir zone)/${hook_zone}.configs/${hook_config} $@
}
-function hooks_get_all() {
+function hook_zone_get_all() {
local type=${1}
local hook
- for hook in ${HOOKS_DIR}/*; do
+ for hook in $(hook_dir zone)/*; do
hook=$(basename ${hook})
- hook_exists ${hook} && echo "${hook}"
+ hook_zone_exists ${hook} && echo "${hook}"
done | sort
}
-function hook_ports_get_all() {
+function hook_zone_ports_get_all() {
local hook=${1}
- if ! hook_exists ${hook}; then
+ if ! hook_exists zone ${hook}; then
error "Hook '${hook}' does not exist."
return ${EXIT_ERROR}
fi
local hook
- for hook in ${HOOKS_DIR}/${zone}.ports/*; do
+ for hook in $(hook_dir zone)/${zone}.ports/*; do
hook=$(basename ${hook})
## XXX executeable?
echo "${hook}"
done | sort
}
-
-function config_get_hook() {
- local config=${1}
-
- (
- . ${config}
- echo "${HOOK}"
- )
-}
function zone_dir() {
local zone=${1}
- echo "${ZONE_DIR}/${zone}"
+ echo "${ZONE_DIR}/zones/${zone}"
}
function zone_exists() {
return ${EXIT_ERROR}
fi
- if ! hook_exists ${hook}; then
+ if ! hook_zone_exists ${hook}; then
error "Hook '${hook}' does not exist."
return ${EXIT_ERROR}
fi
mkdir -p $(zone_dir ${zone})
- hook_exec ${hook} create ${zone} $@
+ hook_zone_exec ${hook} create ${zone} $@
local ret=$?
# Maybe the zone create hook did not exit correctly.
return ${EXIT_ERROR}
fi
- if ! hook_exists ${hook}; then
+ if ! hook_zone_exists ${hook}; then
error "Hook '${hook}' does not exist."
return ${EXIT_ERROR}
fi
- hook_exec ${hook} edit ${zone} $@
+ hook_zone_exec ${hook} edit ${zone} $@
}
function zone_remove() {
return ${EXIT_ERROR}
fi
- if ! hook_exists ${hook}; then
+ if ! hook_zone_exists ${hook}; then
error "Hook '${hook}' does not exist."
return ${EXIT_ERROR}
fi
zone_db ${zone} starting
- hook_exec ${hook} up ${zone} $@
-
+ hook_zone_exec ${hook} up ${zone} $@
+
zone_db ${zone} started
}
return ${EXIT_ERROR}
fi
- if ! hook_exists ${hook}; then
+ if ! hook_zone_exists ${hook}; then
error "Hook '${hook}' does not exist."
return ${EXIT_ERROR}
fi
zone_db ${zone} stopping
- hook_exec ${hook} down ${zone} $@
+ hook_zone_exec ${hook} down ${zone} $@
zone_db ${zone} stopped
}
return ${EXIT_ERROR}
fi
- if ! hook_exists ${hook}; then
+ if ! hook_zone_exists ${hook}; then
error "Hook '${hook}' does not exist."
return ${EXIT_ERROR}
fi
- hook_exec ${hook} status ${zone} $@
+ hook_zone_exec ${hook} status ${zone} $@
}
function zone_port() {
return ${EXIT_ERROR}
fi
- if ! hook_exists ${hook}; then
+ if ! hook_zone_exists ${hook}; then
error "Hook '${hook}' does not exist."
return ${EXIT_ERROR}
fi
- hook_exec ${hook} port ${zone} $@
+ hook_zone_exec ${hook} port ${zone} $@
}
function zone_config() {
return ${EXIT_ERROR}
fi
- if ! hook_exists ${hook}; then
+ if ! hook_zone_exists ${hook}; then
error "Hook '${hook}' does not exist."
return ${EXIT_ERROR}
fi
- hook_exec ${hook} config ${zone} $@
+ hook_zone_exec ${hook} config ${zone} $@
}
function zone_show() {
function zones_get_all() {
local zone
- for zone in ${ZONE_DIR}/*; do
+ for zone in $(zone_dir)/*; do
zone=$(basename ${zone})
zone_exists ${zone} || continue
for port in $(zone_ports_list ${zone}); do
hook_port=$(config_get_hook $(zone_dir ${zone})/${port})
- hook_port_exec ${hook_zone} ${hook_port} ${cmd} ${zone} ${port} $@
+ hook_zone_port_exec ${hook_zone} ${hook_port} ${cmd} ${zone} ${port} $@
done
}
for config in $(zone_configs_list ${zone}); do
hook_config=$(config_get_hook $(zone_dir ${zone})/${config})
- hook_config_exec ${hook_zone} ${hook_config} ${cmd} ${zone} ${config} $@
+ hook_zone_config_exec ${hook_zone} ${hook_config} ${cmd} ${zone} ${config} $@
done
}
function run() {
case "${action}" in
- create|rem|up|down)
+ create|rem|up|down|status)
_${action} $@
;;
esac
local hook_zone=$(zone_get_hook ${zone})
- if ! hook_exists ${hook_zone}; then
+ if ! hook_zone_exists ${hook_zone}; then
error "Hook '${hook}' does not exist."
exit ${EXIT_ERROR}
fi
- if ! hook_port_exists ${hook_zone} ${hook_port}; then
+ if ! hook_zone_port_exists ${hook_zone} ${hook_port}; then
error "Hook '${hook_port}' is not supported for zone '${zone}'."
exit ${EXIT_ERROR}
fi
- hook_port_exec ${hook_zone} ${hook_port} ${cmd} ${zone} $@
+ hook_zone_port_exec ${hook_zone} ${hook_port} ${cmd} ${zone} $@
}
function _port_create() {
local hook_zone=$(zone_get_hook ${zone})
- if ! hook_exists ${hook_zone}; then
+ if ! hook_zone_exists ${hook_zone}; then
error "Hook '${hook}' does not exist."
exit ${EXIT_ERROR}
fi
exit ${EXIT_ERROR}
fi
- hook_config_exec ${hook_zone} ${hook_config} ${cmd} ${zone} $@
+ hook_zone_config_exec ${hook_zone} ${hook_config} ${cmd} ${zone} $@
}
function _config_create() {
;;
port)
- if ! hook_has_ports ${HOOK}; then
+ if ! hook_zone_has_ports ${HOOK}; then
error "Hook '${HOOK}' does not support ports."
exit ${EXIT_ERROR}
fi
;;
config)
- if ! hook_has_configs ${HOOK}; then
+ if ! hook_zone_has_configs ${HOOK}; then
error "Hook '${HOOK}' does not support configurations."
exit ${EXIT_ERROR}
fi
local hook=${2}
shift 2
- if ! hook_exists port ${hook}; then
+ if ! port_hook_exists ${hook}; then
error "Hook does not exist '${hook}'"
exit ${EXIT_ERROR}
fi
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+. /lib/network/header-port
+
+HOOK_SETTINGS="HOOK DEVICE_MAC DEVICE_NAME MODE SLAVES"
+
+DEVICE_NAME="bond0" # XXX DEVICE_NAME must be unique
+DEVICE_MAC=$(mac_generate)
+
+function _check() {
+ assert isset DEVICE_MAC
+ assert ismac DEVICE_MAC
+ assert isset DEVICE_NAME
+
+ assert isset SLAVES
+}
+
+function _create() {
+ local zone=${1}
+ shift
+
+ local
+
+ while [ $# -gt 0 ]; do
+ case "${1}" in
+ --mac=*)
+ DEVICE_MAC=${1#--mac=}
+ ;;
+ --mode=*)
+ MODE=${1#--mode=}
+ ;;
+ --slave=*)
+ slave=${1#--slave=}
+ SLAVES="${SLAVES} $(macify ${slave})"
+ ;;
+ *)
+ warning "Unknown argument '${1}'"
+ ;;
+ esac
+ shift
+ done
+
+ # Remove any whitespace
+ SLAVES=$(echo ${SLAVES})
+
+ _check
+
+ config_write $(zone_dir ${zone})/port.${HOOK}.$(device_hash ${DEVICE_MAC}) ${HOOK_SETTINGS}
+
+ exit ${EXIT_OK}
+}
+
+function _up() {
+ local zone=${1}
+ local port=${2}
+
+ config_read $(zone_dir ${zone})/${port}
+
+ if ! device_exists $(devicify ${DEVICE_MAC}); then
+ device_virtual_create ${DEVICE} ${DEVICE_VID} ${DEVICE_MAC}
+ fi
+
+ local device=$(devicify ${DEVICE_MAC})
+
+ # Set same MTU to device that the bridge has got
+ device_set_mtu ${device} $(device_get_mtu ${zone})
+
+ bridge_attach_device ${zone} ${device}
+
+ exit ${EXIT_OK}
+}
+
+run $@
projects / people / arne_f / network.git / commitdiff
