[people/ms/network.git] / src / functions / functions.ip

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

# A list of supported versions of the IP protocol
IP_SUPPORTED_PROTOCOLS=""

ip_split_prefix() {
	local address=${1}
	assert isset address

	echo "${address%%/*}"
}

ip_get_prefix() {
	local address=${1}
	assert isset address

	# Break if no prefix is provided
	[[ ${address} =~ \/ ]] || return ${EXIT_OK}

	echo "${address##*/}"
}

ip_detect_protocol() {
	local address="${1}"
	assert isset address

	# Remove prefix so that we can handle subnet, too
	address=$(ip_split_prefix ${address})

	local protocol
	for protocol in ${IP_SUPPORTED_PROTOCOLS}; do
		if ${protocol}_is_valid "${address}"; then
			echo "${protocol}"
			return ${EXIT_OK}
		fi
	done

	return ${EXIT_ERROR}
}

ip_protocol_is_supported() {
	local proto=${1}

	assert isset proto

	list_match ${proto} ${IP_SUPPORTED_PROTOCOLS}
}

ip_is_valid() {
	local address=${1}
	assert isset address

	local protocol
	for protocol in ${IP_SUPPORTED_PROTOCOLS}; do
		if ${protocol}_is_valid "${address}"; then
			return ${EXIT_TRUE}
		fi
	done

	return ${EXIT_FALSE}
}

ip_net_is_valid() {
	local network=${1}
	assert isset network

	local protocol
	for protocol in ${IP_SUPPORTED_PROTOCOLS}; do
		if ${protocol}_net_is_valid "${network}"; then
			return ${EXIT_TRUE}
		fi
	done

	return ${EXIT_FALSE}
}

ip_prefix_is_valid() {
	local proto=${1}
	assert isset proto

	local prefix=${2}

	case "${proto}" in
		ipv4)
			ipv4_prefix_is_valid ${prefix}
			return $?
			;;
		ipv6)
			ipv6_prefix_is_valid ${prefix}
			return $?
			;;
	esac

	assert ip_protocol_is_supported ${proto}
}

ip_get_network() {
	inetcalc -n "$@" && return ${EXIT_OK} || return ${EXIT_ERROR}
}

ip_network_is_subset_of() {
	assert [ $# -eq 2 ]

	inetcalc -s "$@" && return ${EXIT_TRUE} || return ${EXIT_FALSE}
}

ip_address_add() {
	local device=${1}
	local address=${2}

	assert isset address
	assert device_exists ${device}

	local prefix=$(ip_get_prefix ${address})
	address=$(ip_split_prefix ${address})

	assert isset prefix
	assert isset address

	echo "ADDRESS = $address"

	# Detect the protocol version
	local protocol=$(ip_detect_protocol "${address}")
	assert ip_protocol_is_supported "${protocol}"

	case "${protocol}" in
		ipv6)
			assert ipv6_prefix_is_valid "${prefix}"
			;;
		ipv4)
			assert ipv4_prefix_is_valid "${prefix}"
			;;
	esac

	case "${protocol}" in
		ipv4)
			if ipv4_detect_duplicate ${device} ${address}; then
				error_log "Duplicate address detected on zone '${device}' (${address})."
				error_log "Cannot continue."
				return ${EXIT_ERROR}
			fi
			;;
	esac

	if ! device_has_ip ${device} ${address}/${prefix}; then
		assert ip addr add ${address}/${prefix} dev ${device}

		log DEBUG "IP address '${address}' (${protocol}) was successfully configured on device '${device}'."

		case "${protocol}" in
			ipv4)
				# Announce our new address to the neighbours
				ipv4_update_neighbours ${device} ${address}
				;;
		esac
	else
		log DEBUG "IP address '${address}' (${protocol}) was already configured on device '${device}'."
	fi

	return ${EXIT_OK}
}

ip_address_del() {
	local device=${1}
	local address=${2}

	assert isset address
	assert device_exists ${device}

	local prefix=$(ip_get_prefix ${address})
	address=$(ip_split_prefix ${address})

	assert isset prefix

	# Detect the protocol version
	local protocol=$(ip_detect_protocol "${address}")
	assert ip_protocol_is_supported "${protocol}"

	if device_has_ip ${device} ${address}/${prefix}; then
		assert ip addr del ${address}/${prefix} dev ${device}

		log DEBUG "IP address '${address}' (${protocol}) was successfully removed from device '${device}'."
	else
		log DEBUG "IP address '${address}' (${protocol}) was not configured on device '${device}'."
	fi

	return ${EXIT_OK}
}

# Get all currently assigned addresse for a given network
ip_get_assigned_addresses_from_net() {
	local net=${1}
	shift
	local args="$@"

	if ! ip_net_is_valid ${net}; then
		log ERROR "IP net ${net} is invalid"
		return ${EXIT_ERROR}
	fi

	local line
	local addresses

	# We read the output of $(ip addr show to ${net} ${args})
	while read -r line; do
		# We are only interested in lines which start with inet or inet6
		[[ "${line}" =~ ^(inet6 |inet ) ]] || continue

		# We need the second word the line
		line=(${line})
		list_append "addresses" "$(ip_split_prefix "${line[1]}")"
	done <<< "$(ip addr show to "${net}" ${args})"

	# We sort the list to get the lowest IP as first item
	list_sort ${addresses}
}
Commit	Line	Data
2b5c311d MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
e617226b MT	22	# A list of supported versions of the IP protocol
	23	IP_SUPPORTED_PROTOCOLS=""
	24
1c6a4e30	25	ip_split_prefix() {
2b5c311d	26	local address=${1}
2b5c311d MT	27	assert isset address
	28
	29	echo "${address%%/*}"
	30	}
	31
1c6a4e30	32	ip_get_prefix() {
2b5c311d	33	local address=${1}
2b5c311d MT	34	assert isset address
2b5c311d MT	35
38f61548 MT	36	# Break if no prefix is provided
	37	[[ ${address} =~ \/ ]] \|\| return ${EXIT_OK}
	38
2b5c311d MT	39	echo "${address##*/}"
	40	}
	41
1c6a4e30	42	ip_detect_protocol() {
13a6e69f	43	local address="${1}"
2b5c311d MT	44	assert isset address
2b5c311d MT	45
0af2168d JS	46	# Remove prefix so that we can handle subnet, too
	47	address=$(ip_split_prefix ${address})
	48
2b5c311d	49	local protocol
e617226b	50	for protocol in ${IP_SUPPORTED_PROTOCOLS}; do
13a6e69f	51	if ${protocol}_is_valid "${address}"; then
2b5c311d MT	52	echo "${protocol}"
	53	return ${EXIT_OK}
	54	fi
	55	done
	56
	57	return ${EXIT_ERROR}
	58	}
e617226b	59
1c6a4e30	60	ip_protocol_is_supported() {
e617226b MT	61	local proto=${1}
	62
	63	assert isset proto
	64
8c9205b1	65	list_match ${proto} ${IP_SUPPORTED_PROTOCOLS}
e617226b	66	}
38f61548	67
1c6a4e30	68	ip_is_valid() {
afb7d704 MT	69	local address=${1}
	70	assert isset address
	71
b2cb6736 JS	72	local protocol
	73	for protocol in ${IP_SUPPORTED_PROTOCOLS}; do
	74	if ${protocol}_is_valid "${address}"; then
	75	return ${EXIT_TRUE}
	76	fi
	77	done
	78
	79	return ${EXIT_FALSE}
afb7d704 MT	80	}
afb7d704 MT	81
8b0958b2	82	ip_net_is_valid() {
cb965348 MT	83	local network=${1}
	84	assert isset network
	85
d2bd71e4 JS	86	local protocol
	87	for protocol in ${IP_SUPPORTED_PROTOCOLS}; do
	88	if ${protocol}_net_is_valid "${network}"; then
	89	return ${EXIT_TRUE}
	90	fi
	91	done
cb965348	92
d2bd71e4	93	return ${EXIT_FALSE}
cb965348 MT	94	}
cb965348 MT	95
1c6a4e30	96	ip_prefix_is_valid() {
cb965348 MT	97	local proto=${1}
	98	assert isset proto
	99
	100	local prefix=${2}
	101
	102	case "${proto}" in
	103	ipv4)
	104	ipv4_prefix_is_valid ${prefix}
	105	return $?
	106	;;
	107	ipv6)
	108	ipv6_prefix_is_valid ${prefix}
	109	return $?
	110	;;
	111	esac
	112
	113	assert ip_protocol_is_supported ${proto}
	114	}
	115
13a6e69f	116	ip_get_network() {
2212045f	117	inetcalc -n "$@" && return ${EXIT_OK} \|\| return ${EXIT_ERROR}
13a6e69f MT	118	}
13a6e69f MT	119
4a7c3c02 MT	120	ip_network_is_subset_of() {
	121	assert [ $# -eq 2 ]
	122
2212045f	123	inetcalc -s "$@" && return ${EXIT_TRUE} \|\| return ${EXIT_FALSE}
4a7c3c02 MT	124	}
4a7c3c02 MT	125
1c6a4e30	126	ip_address_add() {
38f61548 MT	127	local device=${1}
	128	local address=${2}
	129
	130	assert isset address
	131	assert device_exists ${device}
	132
	133	local prefix=$(ip_get_prefix ${address})
	134	address=$(ip_split_prefix ${address})
	135
	136	assert isset prefix
13a6e69f MT	137	assert isset address
	138
	139	echo "ADDRESS = $address"
38f61548 MT	140
38f61548 MT	141	# Detect the protocol version
13a6e69f MT	142	local protocol=$(ip_detect_protocol "${address}")
	143	assert ip_protocol_is_supported "${protocol}"
	144
	145	case "${protocol}" in
	146	ipv6)
	147	assert ipv6_prefix_is_valid "${prefix}"
	148	;;
	149	ipv4)
	150	assert ipv4_prefix_is_valid "${prefix}"
	151	;;
	152	esac
38f61548 MT	153
	154	case "${protocol}" in
	155	ipv4)
	156	if ipv4_detect_duplicate ${device} ${address}; then
	157	error_log "Duplicate address detected on zone '${device}' (${address})."
	158	error_log "Cannot continue."
	159	return ${EXIT_ERROR}
	160	fi
	161	;;
	162	esac
	163
	164	if ! device_has_ip ${device} ${address}/${prefix}; then
	165	assert ip addr add ${address}/${prefix} dev ${device}
	166
	167	log DEBUG "IP address '${address}' (${protocol}) was successfully configured on device '${device}'."
	168
	169	case "${protocol}" in
	170	ipv4)
	171	# Announce our new address to the neighbours
	172	ipv4_update_neighbours ${device} ${address}
	173	;;
	174	esac
	175	else
	176	log DEBUG "IP address '${address}' (${protocol}) was already configured on device '${device}'."
	177	fi
	178
	179	return ${EXIT_OK}
	180	}
	181
1c6a4e30	182	ip_address_del() {
38f61548 MT	183	local device=${1}
	184	local address=${2}
	185
	186	assert isset address
	187	assert device_exists ${device}
	188
	189	local prefix=$(ip_get_prefix ${address})
	190	address=$(ip_split_prefix ${address})
	191
	192	assert isset prefix
	193
	194	# Detect the protocol version
13a6e69f MT	195	local protocol=$(ip_detect_protocol "${address}")
13a6e69f MT	196	assert ip_protocol_is_supported "${protocol}"
38f61548 MT	197
	198	if device_has_ip ${device} ${address}/${prefix}; then
	199	assert ip addr del ${address}/${prefix} dev ${device}
	200
	201	log DEBUG "IP address '${address}' (${protocol}) was successfully removed from device '${device}'."
	202	else
	203	log DEBUG "IP address '${address}' (${protocol}) was not configured on device '${device}'."
	204	fi
	205
	206	return ${EXIT_OK}
	207	}
1ad09828 JS	208
	209	# Get all currently assigned addresse for a given network
	210	ip_get_assigned_addresses_from_net() {
	211	local net=${1}
	212	shift
	213	local args="$@"
	214
	215	if ! ip_net_is_valid ${net}; then
	216	log ERROR "IP net ${net} is invalid"
	217	return ${EXIT_ERROR}
	218	fi
	219
	220	local line
	221	local addresses
	222
	223	# We read the output of $(ip addr show to ${net} ${args})
	224	while read -r line; do
	225	# We are only interested in lines which start with inet or inet6
	226	[[ "${line}" =~ ^(inet6 \|inet ) ]] \|\| continue
	227
	228	# We need the second word the line
	229	line=(${line})
	230	list_append "addresses" "$(ip_split_prefix "${line[1]}")"
	231	done <<< "$(ip addr show to "${net}" ${args})"
	232
	233	# We sort the list to get the lowest IP as first item
	234	list_sort ${addresses}
	235	}