[people/ms/network.git] / hooks / zones / bridge

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

. /usr/lib/network/header-zone

HOOK_MANPAGE="network-zone-bridge"

HOOK_SETTINGS="HOOK STP STP_FORWARD_DELAY STP_HELLO STP_MAXAGE STP_MODE"
HOOK_SETTINGS="${HOOK_SETTINGS} STP_PRIORITY MAC MTU"

# Default values
MAC=$(mac_generate)
MTU=1500
STP="on"
STP_MODE="rstp"
STP_FORWARD_DELAY=0
STP_HELLO=2
STP_MAXAGE=20
STP_PRIORITY=512

function _check() {
	assert ismac MAC
	assert isbool STP
	assert isoneof STP_MODE stp rstp
	assert isinteger STP_HELLO
	assert isinteger STP_FORWARD_DELAY
	assert isinteger STP_PRIORITY
	assert isinteger MTU
}

function _parse_cmdline() {
	while [ $# -gt 0 ]; do
		case "${1}" in
			--stp=*)
				STP=${1#--stp=}
				;;
			--stp-mode=*)
				STP_MODE=${1#--stp-mode=}
				;;
			--stp-hello=*)
				STP_HELLO=${1#--stp-hello=}
				;;
			--stp-forward-delay=*)
				STP_FORWARD_DELAY=${1#--stp-forward-delay=}
				;;
			--stp-priority=*)
				STP_PRIORITY=${1#--stp-priority=}
				;;
			--mtu=*)
				MTU=${1#--mtu=}
				;;
			--mac=*)
				MAC=${1#--mac=}
				;;
			*)
				warning "Ignoring unknown option '${1}'"
				;;
		esac
		shift
	done
}

function _up() {
	local zone=${1}
	shift

	zone_config_read ${zone}

	if ! device_exists ${zone}; then
		brctl addbr ${zone}
	fi

	[ -n "${MAC}" ] && device_set_address ${zone} ${MAC}
	[ -n "${MTU}" ] && device_set_mtu ${zone} ${MTU} 

	# Enable STP
	if enabled STP; then
		stp_enable ${zone} ${STP_MODE}

		if [ -n "${STP_FORWARD_DELAY}" ]; then
			stp_bridge_set_forward_delay ${zone} ${STP_FORWARD_DELAY}
		fi

		if [ -n "${STP_HELLO}" ]; then
			stp_bridge_set_hello_time ${zone} ${STP_HELLO}
		fi

		if [ -n "${STP_MAXAGE}" ]; then
			stp_bridge_set_max_age ${zone} ${STP_MAXAGE}
		fi

		if [ -n "${STP_PRIORITY}" ]; then
			stp_bridge_set_priority ${zone} ${STP_PRIORITY}
		fi
	else
		stp_disable ${zone}
	fi

	device_set_up ${zone}

	# XXX Currently, there is a bug (in the linux kernel?) that we need to
	# set our bridges to promisc mode.
	device_set_promisc ${zone} on

	# Bring all ports up
	zone_ports_up ${zone}
	zone_configs_up ${zone}

	event_interface_up ${zone}

	exit ${EXIT_OK}
}

function _down() {
	local zone=${1}
	shift

	if ! device_is_up ${zone}; then
		warning "Zone '${zone}' is not up"
		exit ${EXIT_OK}
	fi

	event_interface_down ${zone}

	zone_configs_down ${zone}
	zone_ports_down ${zone}

	# XXX See remark in _up().
	device_set_promisc ${zone} off

	device_set_down ${zone}
	brctl delbr ${zone}

	exit ${EXIT_OK}
}

function _status() {
	local zone=${1}
	assert isset zone

	# Print the default header.
	cli_device_headline ${zone}

	# Exit if zone is down
	if ! zone_is_up ${zone}; then
		echo # Empty line
		exit ${EXIT_ERROR}
	fi

	cli_headline 2 "Spanning Tree Protocol information"
	if stp_is_enabled ${zone}; then
		local proto=$(stp_bridge_get_protocol ${zone})

		cli_print_fmt1 2 "Version"	"$(stp_get_name ${proto})"
		cli_print_fmt1 2 "ID"		"$(stp_bridge_get_id ${zone})"
		cli_print_fmt1 2 "Priority"	"$(stp_bridge_get_priority ${zone})"

		if stp_bridge_is_root ${zone}; then
			cli_print 2 "This bridge is root."
		else
			cli_print_fmt1 2 "Designated root" \
				"$(stp_bridge_get_designated_root ${zone})"
			cli_print_fmt1 2 "Root path cost" \
				"$(stp_bridge_get_root_path_cost ${zone})"
		fi
		cli_space

		# Topology information
		cli_print_fmt1 2 "Topology changing" \
			"$(stp_bridge_get_topology_change_detected ${zone})"
		cli_print_fmt1 2 "Topology change time" \
			"$(beautify_time $(stp_bridge_get_topology_change_timer ${zone}))"
		cli_print_fmt1 2 "Topology change count" \
			"$(stp_bridge_get_topology_change_count ${zone})"
		cli_space
	else
		cli_print 2 "Disabled"
		cli_space
	fi

	cli_headline 2 "Ports"
	zone_ports_status ${zone}
	cli_space

	cli_headline 2 "Configurations"
	zone_configs_cmd status ${zone}
	cli_space

	exit ${EXIT_OK}
}
Commit	Line	Data
1848564d MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
e2aa12b3	22	. /usr/lib/network/header-zone
1848564d	23
de125810 MT	24	HOOK_MANPAGE="network-zone-bridge"
de125810 MT	25
6b3f9c85 MT	26	HOOK_SETTINGS="HOOK STP STP_FORWARD_DELAY STP_HELLO STP_MAXAGE STP_MODE"
6b3f9c85 MT	27	HOOK_SETTINGS="${HOOK_SETTINGS} STP_PRIORITY MAC MTU"
1848564d MT	28
	29	# Default values
	30	MAC=$(mac_generate)
	31	MTU=1500
	32	STP="on"
6b3f9c85	33	STP_MODE="rstp"
1848564d MT	34	STP_FORWARD_DELAY=0
	35	STP_HELLO=2
	36	STP_MAXAGE=20
e266c18e	37	STP_PRIORITY=512
1848564d MT	38
	39	function _check() {
	40	assert ismac MAC
	41	assert isbool STP
6b3f9c85	42	assert isoneof STP_MODE stp rstp
1848564d MT	43	assert isinteger STP_HELLO
1848564d MT	44	assert isinteger STP_FORWARD_DELAY
d82cf370	45	assert isinteger STP_PRIORITY
1848564d MT	46	assert isinteger MTU
	47	}
	48
	49	function _parse_cmdline() {
	50	while [ $# -gt 0 ]; do
	51	case "${1}" in
	52	--stp=*)
	53	STP=${1#--stp=}
	54	;;
6b3f9c85 MT	55	--stp-mode=*)
	56	STP_MODE=${1#--stp-mode=}
	57	;;
1848564d MT	58	--stp-hello=*)
	59	STP_HELLO=${1#--stp-hello=}
	60	;;
	61	--stp-forward-delay=*)
	62	STP_FORWARD_DELAY=${1#--stp-forward-delay=}
	63	;;
d82cf370 MT	64	--stp-priority=*)
	65	STP_PRIORITY=${1#--stp-priority=}
	66	;;
1848564d MT	67	--mtu=*)
	68	MTU=${1#--mtu=}
	69	;;
	70	--mac=*)
	71	MAC=${1#--mac=}
	72	;;
	73	*)
	74	warning "Ignoring unknown option '${1}'"
	75	;;
	76	esac
	77	shift
	78	done
	79	}
	80
	81	function _up() {
	82	local zone=${1}
	83	shift
	84
eb9d9b03	85	zone_config_read ${zone}
1848564d MT	86
	87	if ! device_exists ${zone}; then
	88	brctl addbr ${zone}
	89	fi
	90
7cbea20d	91	[ -n "${MAC}" ] && device_set_address ${zone} ${MAC}
1848564d MT	92	[ -n "${MTU}" ] && device_set_mtu ${zone} ${MTU}
	93
	94	# Enable STP
	95	if enabled STP; then
e266c18e	96	stp_enable ${zone} ${STP_MODE}
1848564d MT	97
1848564d MT	98	if [ -n "${STP_FORWARD_DELAY}" ]; then
e2aa12b3	99	stp_bridge_set_forward_delay ${zone} ${STP_FORWARD_DELAY}
1848564d MT	100	fi
	101
	102	if [ -n "${STP_HELLO}" ]; then
e2aa12b3	103	stp_bridge_set_hello_time ${zone} ${STP_HELLO}
1848564d MT	104	fi
	105
	106	if [ -n "${STP_MAXAGE}" ]; then
e2aa12b3	107	stp_bridge_set_max_age ${zone} ${STP_MAXAGE}
1848564d	108	fi
d82cf370 MT	109
d82cf370 MT	110	if [ -n "${STP_PRIORITY}" ]; then
e2aa12b3	111	stp_bridge_set_priority ${zone} ${STP_PRIORITY}
d82cf370	112	fi
1848564d	113	else
6b3f9c85	114	stp_disable ${zone}
1848564d MT	115	fi
	116
	117	device_set_up ${zone}
	118
cf6e4606 MT	119	# XXX Currently, there is a bug (in the linux kernel?) that we need to
	120	# set our bridges to promisc mode.
	121	device_set_promisc ${zone} on
	122
1848564d MT	123	# Bring all ports up
1848564d MT	124	zone_ports_up ${zone}
1848564d MT	125	zone_configs_up ${zone}
	126
	127	event_interface_up ${zone}
8dcb2687 MT	128
8dcb2687 MT	129	exit ${EXIT_OK}
1848564d MT	130	}
	131
	132	function _down() {
	133	local zone=${1}
	134	shift
	135
	136	if ! device_is_up ${zone}; then
	137	warning "Zone '${zone}' is not up"
	138	exit ${EXIT_OK}
	139	fi
	140
	141	event_interface_down ${zone}
	142
	143	zone_configs_down ${zone}
	144	zone_ports_down ${zone}
	145
cf6e4606 MT	146	# XXX See remark in _up().
	147	device_set_promisc ${zone} off
	148
1848564d MT	149	device_set_down ${zone}
	150	brctl delbr ${zone}
	151
8dcb2687	152	exit ${EXIT_OK}
1848564d MT	153	}
1848564d MT	154
e84e4e76 MT	155	function _status() {
e84e4e76 MT	156	local zone=${1}
3cb2fc42	157	assert isset zone
e84e4e76	158
3cb2fc42 MT	159	# Print the default header.
3cb2fc42 MT	160	cli_device_headline ${zone}
e84e4e76 MT	161
	162	# Exit if zone is down
	163	if ! zone_is_up ${zone}; then
	164	echo # Empty line
	165	exit ${EXIT_ERROR}
	166	fi
	167
3cb2fc42 MT	168	cli_headline 2 "Spanning Tree Protocol information"
	169	if stp_is_enabled ${zone}; then
	170	local proto=$(stp_bridge_get_protocol ${zone})
8d4f9311	171
3cb2fc42 MT	172	cli_print_fmt1 2 "Version" "$(stp_get_name ${proto})"
	173	cli_print_fmt1 2 "ID" "$(stp_bridge_get_id ${zone})"
	174	cli_print_fmt1 2 "Priority" "$(stp_bridge_get_priority ${zone})"
36e3fd2f MT	175
36e3fd2f MT	176	if stp_bridge_is_root ${zone}; then
3cb2fc42	177	cli_print 2 "This bridge is root."
36e3fd2f	178	else
3cb2fc42 MT	179	cli_print_fmt1 2 "Designated root" \
	180	"$(stp_bridge_get_designated_root ${zone})"
	181	cli_print_fmt1 2 "Root path cost" \
	182	"$(stp_bridge_get_root_path_cost ${zone})"
36e3fd2f	183	fi
3cb2fc42	184	cli_space
feb76eaf	185
36e3fd2f	186	# Topology information
3cb2fc42 MT	187	cli_print_fmt1 2 "Topology changing" \
	188	"$(stp_bridge_get_topology_change_detected ${zone})"
	189	cli_print_fmt1 2 "Topology change time" \
	190	"$(beautify_time $(stp_bridge_get_topology_change_timer ${zone}))"
	191	cli_print_fmt1 2 "Topology change count" \
	192	"$(stp_bridge_get_topology_change_count ${zone})"
	193	cli_space
feb76eaf	194	else
3cb2fc42 MT	195	cli_print 2 "Disabled"
3cb2fc42 MT	196	cli_space
feb76eaf	197	fi
e84e4e76	198
50250b79	199	cli_headline 2 "Ports"
711ffac1	200	zone_ports_status ${zone}
8e3508ac	201	cli_space
e84e4e76	202
50250b79	203	cli_headline 2 "Configurations"
e84e4e76	204	zone_configs_cmd status ${zone}
3cb2fc42	205	cli_space
8e3508ac	206
e84e4e76 MT	207	exit ${EXIT_OK}
e84e4e76 MT	208	}