[people/ms/network.git] / src / functions / functions.routing

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

routing_has_default() {
	ip route | grep -q "^default"
}

routing_default_update() {
	local routes

	local zones=$(zones_get_nonlocal)
	if [ -z "${zones}" ]; then
		zones=$(zones_get_local)
	fi

	local gateway
	local proto
	local weight
	local zone
	local cmd

	for proto in ${IP_SUPPORTED_PROTOCOLS}; do
		# Clear routes
		routes=""

		cmd="ip $([ "${proto}" = "ipv6" ] && echo "-6") route"

		for zone in ${zones}; do
			# Skip if zone is not up
			db_exists "${zone}/${proto}" || continue

			if [ "$(db_get "${zone}/${proto}/active")" = "1" ]; then
				gateway="$(db_get "${zone}/${proto}/remote-ip-address")"

				# Go on if the device is not there anymore.
				device_exists ${zone} || continue

				# On other devices, we will use the gateway if we got one.
				if isset gateway; then
					routes="${routes} nexthop via ${gateway}"

				# If we have got a Point-to-Point device, we will directly send all
				# packets into the pipe.
				elif device_is_ptp ${zone}; then
					routes="${routes} dev ${zone}"

				# If none of the cases above apply, we cannot go on.
				else
					continue
				fi

				# Apply weight.
				weight="$(db_get "${zone}/${proto}/weight")"
				if isinteger ${weight}; then
					routes="${routes} weight ${weight}"
				fi
			else
				log DEBUG "Ignoring zone '${zone}' which is not active."
			fi
		done

		# Remove too much spaces.
		routes=$(echo ${routes})

		# Reload bird configuration
		[[ "${proto}" = "ipv6" ]] && bird_update

		# Remove all default routes.
		if [ -z "${routes}" ]; then
			cmd ${cmd} del default
			log INFO "Removed default route for ${proto}."
			return ${EXIT_OK}
		fi

		log INFO "Setting default route for ${proto}: ${routes}"

		cmd ${cmd} replace default ${routes}
		assert [ $? -eq 0 ]

		triggers_execute_all "online"
	done
}

routing_db_from_ppp() {
	local zone=${1}
	local proto=${2}

	assert isset zone
	assert isset proto

	# Save ppp configuration
	db_set "${zone}/${proto}/type" "ppp"

	if [ "${proto}" = "ipv6" ]; then
		db_set "${zone}/${proto}/local-ip-address" "${PPP_LLLOCAL}"
		db_set "${zone}/${proto}/remote-ip-address" "${PPP_LLREMOTE}"
	elif [ "${proto}" = "ipv4" ]; then
		db_set "${zone}/${proto}/local-ip-address" "${PPP_IPLOCAL}"
		db_set "${zone}/${proto}/remote-ip-address" "${PPP_IPREMOTE}"
	fi

	# Save the transmitted DNS servers
	if isset PPP_DNS1 || isset PPP_DNS2; then
		db_set "${zone}/${proto}/domain-name-servers" "${PPP_DNS1} ${PPP_DNS2}"
	else
		db_set "${zone}/${proto}/domain-name-servers"
	fi

	# Save the MAC address of the remote DSLAM
	if isset PPP_MACREMOTE; then
		db_set "${zone}/remote-address" "${PPP_MACREMOTE,,}"
	fi
}

routing_update() {
	local zone=${1}
	assert isset zone

	# Nothing to do for local zones.
	if zone_is_local ${zone}; then
		return ${EXIT_OK}
	fi

	local proto=${2}
	local table=${zone}
	assert isset proto

	local ip_cmd="ip"
	if [ "${proto}" = "ipv6" ]; then
		ip_cmd="${ip_cmd} -6"
	fi

	# Create routing table if not exists
	route_table_create ${table}

	log DEBUG "Flushing routing table ${table}"
	cmd ${ip_cmd} route flush table ${table}

	# Exit here if there is no routing information.
	if ! db_exists "${zone}/${proto}"; then
		return ${EXIT_OK}
	fi

	local local_ip_address="$(db_get "${zone}/${proto}/local-ip-address")"
	local remote_ip_address="$(db_get "${zone}/${proto}/remote-ip-address")"

	case "${proto}" in
		ipv4)
			local network=$(ipv4_get_network "${local_ip_address}")

			log DEBUG "Adding route for subnet ${local_ip_address} to table ${table}"
			cmd ${ip_cmd} route add table "${table}" "${network}" dev "${zone}"
			;;
	esac

	log DEBUG "Adding default route for table ${table}"
	local routing_cmd="${ip_cmd} route add table ${table} default"
	if isset remote_ip_address; then
		routing_cmd="${routing_cmd} via ${remote_ip_address}"
	else
		routing_cmd="${routing_cmd} dev ${zone}"
	fi
	cmd ${routing_cmd}

	cmd ${ip_cmd} rule add from ${local_ip_address} lookup ${table}
}
Commit	Line	Data
ff8ec5ef MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
1c6a4e30	22	routing_has_default() {
ff8ec5ef MT	23	ip route \| grep -q "^default"
	24	}
	25
1c6a4e30	26	routing_default_update() {
ff8ec5ef MT	27	local routes
ff8ec5ef MT	28
b816e04b MT	29	local zones=$(zones_get_nonlocal)
	30	if [ -z "${zones}" ]; then
	31	zones=$(zones_get_local)
	32	fi
	33
ff8ec5ef	34	local gateway
201b7dff	35	local proto
ff8ec5ef	36	local weight
b816e04b	37	local zone
e817357d	38	local cmd
ff8ec5ef	39
201b7dff MT	40	for proto in ${IP_SUPPORTED_PROTOCOLS}; do
	41	# Clear routes
	42	routes=""
ff8ec5ef	43
e817357d MT	44	cmd="ip $([ "${proto}" = "ipv6" ] && echo "-6") route"
e817357d MT	45
201b7dff MT	46	for zone in ${zones}; do
201b7dff MT	47	# Skip if zone is not up
c041b631	48	db_exists "${zone}/${proto}" \|\| continue
ff8ec5ef	49
c041b631 MT	50	if [ "$(db_get "${zone}/${proto}/active")" = "1" ]; then
c041b631 MT	51	gateway="$(db_get "${zone}/${proto}/remote-ip-address")"
ff8ec5ef	52
6c74a64c MT	53	# Go on if the device is not there anymore.
6c74a64c MT	54	device_exists ${zone} \|\| continue
28f0b4ab	55
8fdc3a35 SS	56	# On other devices, we will use the gateway if we got one.
	57	if isset gateway; then
	58	routes="${routes} nexthop via ${gateway}"
	59
00b2c5c9	60	# If we have got a Point-to-Point device, we will directly send all
28f0b4ab	61	# packets into the pipe.
8fdc3a35	62	elif device_is_ptp ${zone}; then
59187e11	63	routes="${routes} dev ${zone}"
28f0b4ab	64
28f0b4ab MT	65	# If none of the cases above apply, we cannot go on.
	66	else
	67	continue
e817357d	68	fi
b816e04b	69
28f0b4ab	70	# Apply weight.
c041b631	71	weight="$(db_get "${zone}/${proto}/weight")"
28f0b4ab	72	if isinteger ${weight}; then
201b7dff MT	73	routes="${routes} weight ${weight}"
	74	fi
	75	else
	76	log DEBUG "Ignoring zone '${zone}' which is not active."
ff8ec5ef	77	fi
201b7dff	78	done
ff8ec5ef	79
e817357d MT	80	# Remove too much spaces.
e817357d MT	81	routes=$(echo ${routes})
b816e04b	82
1cb20d39 MT	83	# Reload bird configuration
1cb20d39 MT	84	[[ "${proto}" = "ipv6" ]] && bird_update
05ab2f8a	85
e817357d	86	# Remove all default routes.
e817357d	87	if [ -z "${routes}" ]; then
de3cecef	88	cmd ${cmd} del default
e817357d	89	log INFO "Removed default route for ${proto}."
201b7dff	90	return ${EXIT_OK}
ff8ec5ef	91	fi
ff8ec5ef	92
201b7dff	93	log INFO "Setting default route for ${proto}: ${routes}"
b816e04b	94
de3cecef	95	cmd ${cmd} replace default ${routes}
201b7dff	96	assert [ $? -eq 0 ]
e817357d	97
de3cecef	98	triggers_execute_all "online"
201b7dff	99	done
ff8ec5ef MT	100	}
ff8ec5ef MT	101
1c6a4e30	102	routing_db_from_ppp() {
b816e04b MT	103	local zone=${1}
	104	local proto=${2}
	105
2c973348 MT	106	assert isset zone
	107	assert isset proto
	108
b816e04b	109	# Save ppp configuration
c041b631	110	db_set "${zone}/${proto}/type" "ppp"
201b7dff MT	111
201b7dff MT	112	if [ "${proto}" = "ipv6" ]; then
c041b631 MT	113	db_set "${zone}/${proto}/local-ip-address" "${PPP_LLLOCAL}"
c041b631 MT	114	db_set "${zone}/${proto}/remote-ip-address" "${PPP_LLREMOTE}"
201b7dff	115	elif [ "${proto}" = "ipv4" ]; then
c041b631 MT	116	db_set "${zone}/${proto}/local-ip-address" "${PPP_IPLOCAL}"
c041b631 MT	117	db_set "${zone}/${proto}/remote-ip-address" "${PPP_IPREMOTE}"
201b7dff	118	fi
b816e04b	119
c041b631 MT	120	# Save the transmitted DNS servers
	121	if isset PPP_DNS1 \|\| isset PPP_DNS2; then
	122	db_set "${zone}/${proto}/domain-name-servers" "${PPP_DNS1} ${PPP_DNS2}"
	123	else
	124	db_set "${zone}/${proto}/domain-name-servers"
	125	fi
b816e04b	126
c041b631 MT	127	# Save the MAC address of the remote DSLAM
c041b631 MT	128	if isset PPP_MACREMOTE; then
39cd231c	129	db_set "${zone}/remote-address" "${PPP_MACREMOTE,,}"
c041b631	130	fi
b816e04b MT	131	}
b816e04b MT	132
1c6a4e30	133	routing_update() {
b816e04b	134	local zone=${1}
2c973348	135	assert isset zone
b816e04b MT	136
	137	# Nothing to do for local zones.
	138	if zone_is_local ${zone}; then
	139	return ${EXIT_OK}
	140	fi
	141
	142	local proto=${2}
	143	local table=${zone}
2c973348	144	assert isset proto
b816e04b	145
28f0b4ab MT	146	local ip_cmd="ip"
	147	if [ "${proto}" = "ipv6" ]; then
	148	ip_cmd="${ip_cmd} -6"
	149	fi
	150
b816e04b	151	# Create routing table if not exists
8bd6339d	152	route_table_create ${table}
b816e04b MT	153
b816e04b MT	154	log DEBUG "Flushing routing table ${table}"
28f0b4ab	155	cmd ${ip_cmd} route flush table ${table}
b816e04b	156
f5a771cf	157	# Exit here if there is no routing information.
c041b631	158	if ! db_exists "${zone}/${proto}"; then
f5a771cf MT	159	return ${EXIT_OK}
	160	fi
	161
c041b631 MT	162	local local_ip_address="$(db_get "${zone}/${proto}/local-ip-address")"
c041b631 MT	163	local remote_ip_address="$(db_get "${zone}/${proto}/remote-ip-address")"
b816e04b	164
d5bace8d MT	165	case "${proto}" in
d5bace8d MT	166	ipv4)
13a6e69f	167	local network=$(ipv4_get_network "${local_ip_address}")
d5bace8d MT	168
d5bace8d MT	169	log DEBUG "Adding route for subnet ${local_ip_address} to table ${table}"
13a6e69f	170	cmd ${ip_cmd} route add table "${table}" "${network}" dev "${zone}"
d5bace8d MT	171	;;
d5bace8d MT	172	esac
b816e04b	173
28f0b4ab MT	174	log DEBUG "Adding default route for table ${table}"
28f0b4ab MT	175	local routing_cmd="${ip_cmd} route add table ${table} default"
b816e04b	176	if isset remote_ip_address; then
28f0b4ab MT	177	routing_cmd="${routing_cmd} via ${remote_ip_address}"
	178	else
	179	routing_cmd="${routing_cmd} dev ${zone}"
b816e04b	180	fi
28f0b4ab	181	cmd ${routing_cmd}
b816e04b	182
28f0b4ab	183	cmd ${ip_cmd} rule add from ${local_ip_address} lookup ${table}
b816e04b	184	}