]>
Commit | Line | Data |
---|---|---|
6a1b0fb1 MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2018 IPFire Network Development Team # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | BIRD_CONF="/etc/bird.conf" | |
23 | ||
24 | bird_start() { | |
25 | service_start "bird.service" | |
26 | } | |
27 | ||
28 | bird_stop() { | |
29 | service_stop "bird.service" | |
30 | } | |
31 | ||
32 | bird_reload() { | |
33 | service_reload "bird.service" | |
34 | } | |
35 | ||
39beacd0 MT |
36 | bird_enable() { |
37 | # Generate configuration file | |
38 | if ! bird_generate_config; then | |
39 | log ERROR "Could not write Bird configuration" | |
40 | return ${EXIT_ERROR} | |
41 | fi | |
42 | ||
43 | # Enable the service to be automatically started next time | |
44 | service_enable "bird.service" | |
45 | ||
46 | # Start it now | |
47 | bird_start | |
48 | } | |
49 | ||
1cb20d39 MT |
50 | # Update configuration any apply it in one go |
51 | bird_update() { | |
52 | if ! bird_generate_config; then | |
53 | log ERROR "Could not write Bird configuration" | |
54 | return ${EXIT_ERROR} | |
55 | fi | |
56 | ||
57 | # Reload bird | |
58 | bird_reload | |
59 | } | |
60 | ||
6a1b0fb1 MT |
61 | bird_generate_config() { |
62 | log DEBUG "Write BIRD configuration file" | |
63 | ||
64 | # Write header | |
65 | config_header "bird" > ${BIRD_CONF} | |
66 | ||
67 | # Write some basic settings | |
68 | local proto | |
69 | ( | |
70 | print "# Log everything to syslog" | |
71 | print "log syslog all;" | |
72 | ||
73 | ||
74 | print "# Turn on internal watchdog" | |
75 | print "watchdog warning 5s;" | |
76 | print "watchdog timeout 30s;" | |
77 | ||
78 | ||
79 | print "# Define default route tables" | |
80 | print "ipv6 table master6;" | |
81 | print "ipv4 table master4;" | |
82 | ||
83 | print "# Enable device configuration" | |
84 | print "protocol device {}" | |
85 | ||
86 | ||
87 | print "# Export all routes to kernel" | |
0a578797 | 88 | for proto in ${IP_SUPPORTED_PROTOCOLS}; do |
6a1b0fb1 MT |
89 | print "protocol kernel {" |
90 | print " ${proto} {" | |
91 | print " table ${proto/ipv/master};" | |
92 | print " export all;" | |
93 | print " };" | |
94 | print " learn;" | |
95 | print "}" | |
96 | ||
97 | done | |
98 | ) >> ${BIRD_CONF} | |
0a578797 MT |
99 | |
100 | # Static routes | |
101 | for proto in ${IP_SUPPORTED_PROTOCOLS}; do | |
102 | print "protocol static {" | |
103 | print " ${proto};" | |
104 | ||
105 | ||
106 | # Read routes for this protocol from configuration | |
107 | __bird_static_routes "${proto}" | |
108 | ||
109 | print "}" | |
110 | ||
111 | done >> ${BIRD_CONF} | |
7a3747a1 MT |
112 | |
113 | # Write IPv6 Router Advertisement configuration | |
114 | __bird_ipv6_radv >> ${BIRD_CONF} | |
0a578797 MT |
115 | } |
116 | ||
117 | __bird_static_routes() { | |
118 | local proto="${1}" | |
119 | assert isset proto | |
120 | ||
121 | local ${NETWORK_CONFIG_ROUTES_PARAMS} | |
122 | local line | |
123 | while read line; do | |
124 | route_parse_line "${line}" | |
125 | [ $? -eq ${EXIT_OK} ] || continue | |
126 | ||
127 | local type | |
128 | local arg | |
129 | for arg in unreachable prohibit blackhole; do | |
130 | if enabled "${arg}"; then | |
131 | type="${arg}" | |
132 | break | |
133 | fi | |
134 | done | |
135 | ||
136 | # Skip all routes of another protocol | |
137 | local _proto="$(ip_detect_protocol "${network}")" | |
138 | if [ "${proto}" != "${_proto}" ]; then | |
139 | continue | |
140 | fi | |
141 | ||
142 | case "${type}" in | |
143 | unreachable|prohibit|blackhole) | |
144 | print " route ${network} ${type};" | |
145 | ;; | |
146 | ||
147 | *) | |
148 | print " route ${network} via ${gateway};" | |
149 | ;; | |
150 | esac | |
151 | done < ${NETWORK_CONFIG_ROUTES} | |
6a1b0fb1 | 152 | } |
7a3747a1 MT |
153 | |
154 | __bird_ipv6_radv() { | |
155 | print "protocol radv {" | |
156 | ||
157 | local zone | |
158 | for zone in $(zones_get_local); do | |
159 | log DEBUG "Writing bird radv configuration for ${zone}" | |
160 | ||
161 | # Skip if there is no prefix or prefix is link-local. | |
162 | local addr="$(db_get "${zone}/ipv6/local-ip-address")" | |
163 | if [ -z "${addr}" ] || [ "${addr:0:5}" = "fe80:" ]; then | |
164 | continue | |
165 | fi | |
166 | ||
167 | # Check if the subnet is configured by the DHCP server. | |
168 | local dhcp="false" | |
169 | local prefix="$(ipv6_get_network "${addr}")" | |
170 | if isset prefix && dhcpd_subnet_match ipv6 "${prefix}"; then | |
171 | dhcp="true" | |
172 | fi | |
173 | ||
174 | print " interface \"${zone}\" {" | |
175 | # Failover to other routers within 10s | |
176 | print " max ra interval 10;" | |
177 | ||
178 | # Tell clients we are running DHCP | |
179 | if enabled dhcp; then | |
180 | print " managed yes;" | |
181 | print " other config yes;" | |
182 | fi | |
183 | ||
184 | if device_exists "${zone}"; then | |
185 | # Announce link MTU | |
186 | local mtu="$(device_get_mtu "${zone}")" | |
187 | print " link mtu ${mtu};" | |
188 | fi | |
189 | ||
190 | print # empty line | |
191 | ||
192 | # Announce all prefixes | |
193 | print " prefix ::/0 {" | |
194 | ||
195 | if enabled dhcp; then | |
196 | print " autonomous off;" | |
197 | fi | |
198 | ||
199 | print " };" | |
200 | print " };\n" | |
201 | done | |
202 | ||
203 | # Advertise any DNS servers | |
204 | if enabled DNS_ADVERTISE_SERVERS; then | |
205 | # Get a list of all IPv6 name servers | |
206 | local servers=() | |
207 | local server | |
208 | for server in $(dns_server_list_sorted); do | |
209 | # Skip any non-IPv6 servers | |
210 | ipv6_is_valid "${server}" || continue | |
211 | ||
212 | servers+=( "${server}" ) | |
213 | done | |
214 | ||
215 | if isset servers; then | |
216 | print " rdnss {" | |
217 | ||
218 | local server | |
219 | for server in ${servers}; do | |
220 | print " ns ${server};" | |
221 | done | |
222 | ||
223 | print " };" | |
224 | fi | |
225 | fi | |
226 | ||
227 | # DNS Search Domain | |
228 | print " dnssl {" | |
229 | ||
230 | local domain | |
231 | for domain in $(dns_get_search_domains); do | |
232 | print " domain \"${domain}\";" | |
233 | done | |
234 | ||
235 | print " };" | |
236 | ||
237 | print "}\n" | |
238 | } |