[people/ms/network.git] / src / hooks / configs / static

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

. /usr/lib/network/header-config

HOOK_CONFIG_SETTINGS="HOOK ADDRESS PREFIX GATEWAY"

hook_check_config_settings() {
	local protocol="$(ip_detect_protocol "${ADDRESS}")"

	case "${protocol}" in
		ipv6)
			assert ipv6_is_valid "${ADDRESS}"
			assert ipv6_prefix_is_valid "${PREFIX}"

			isset GATEWAY && assert ipv6_is_valid "${GATEWAY}"
			;;

		ipv4)
			assert ipv4_is_valid "${ADDRESS}"
			assert ipv4_prefix_is_valid "${PREFIX}"

			isset GATEWAY && assert ipv4_is_valid "${GATEWAY}"
			;;

		*)
			error "Could not determine protocol: ${protocol}"
			return ${EXIT_CONF_ERROR}
			;;
	esac

	return ${EXIT_OK}
}

hook_parse_cmdline() {
	local protocol

	while [ $# -gt 0 ]; do
		case "${1}" in
			# IPv6
			*:*/*)
				protocol="ipv6"

				ADDRESS="$(ip_split_prefix "${1}")"
				PREFIX="$(ip_get_prefix "${1}")"

				# Validate address
				if ! ipv6_is_valid "${ADDRESS}"; then
					error "Invalid IP address: ${ADDRESS}"
					return ${EXIT_CONF_ERROR}
				fi

				# Validate prefix
				if ! ipv6_prefix_is_valid "${PREFIX}"; then
					error "Invalid prefix: ${PREFIX}"
					return ${EXIT_CONF_ERROR}
				fi

				# Store the IPv6 address in its shortest format
				ADDRESS="$(ipv6_format "${ADDRESS}")"
				;;

			# IPv4
			*.*.*.*/*)
				protocol="ipv4"

				ADDRESS="$(ip_split_prefix "${1}")"
				PREFIX="$(ip_get_prefix "${1}")"

				# Validate address
				if ! ipv4_is_valid "${ADDRESS}"; then
					error "Invalid IP address: ${ADDRESS}"
					return ${EXIT_CONF_ERROR}
				fi

				# Validate prefix
				if ! ipv4_prefix_is_valid "${PREFIX}"; then
					# This might be a netmask instead
					local prefix_from_netmask="$(ipv4_netmask2prefix "${PREFIX}")"

					if ! ipv4_prefix_is_valid "${prefix_from_netmask}"; then
						PREFIX="${prefix_from_netmask}"
					else
						error "Invalid prefix or netmask: ${PREFIX}"
						return ${EXIT_CONF_ERROR}
					fi
				fi
				;;

			# Gateway
			--gateway=*)
				GATEWAY="$(cli_get_val "${1}")"

				# Validate input
				if isset GATEWAY && ! ip_is_valid "${GATEWAY}"; then
					error "Invalid gateway IP address: ${GATEWAY}"
					return ${EXIT_CONF_ERROR}
				fi
				;;

			*)
				error "Invalid argument: ${1}"
				return ${EXIT_CONF_ERROR}
				;;
		esac
		shift
	done

	# Check if an address has been set
	if ! isset ADDRESS; then
		error "No IP address provided"
		return ${EXIT_CONF_ERROR}
	fi

	# Check if a prefix has been set
	if ! isset PREFIX; then
		error "No prefix provided"
		return ${EXIT_CONF_ERROR}
	fi

	# More gateway validation
	if isset GATEWAY; then
		local gateway_protocol="$(ip_detect_protocol "${GATEWAY}")"

		# Make sure that the prefix is of the same protocol version
		if [ "${gateway_protocol}" != "${protocol}" ]; then
			error "The gateway is of a wrong protocol: ${GATEWAY}"
			return ${EXIT_CONF_ERROR}
		fi

		# Make IP address as short as possible
		if [ "${gateway_protocol}" = "ipv6" ]; then
			GATEWAY="$(ipv6_format "${GATEWAY}")"
		fi
	fi

	# Check any conflicts
	if zone_config_check_same_setting "${zone}" "static" "ADDRESS" "${ADDRESS}"; then
		error "A static configuration with the same address is already configured"
		return ${EXIT_CONF_ERROR}
	fi
}

hook_up() {
	local zone="${1}"
	local config="${2}"
	shift 2

	# Check if the device exists
	if ! device_exists ${zone}; then
		error "Zone ${zone} doesn't exist"
		return ${EXIT_ERROR}
	fi

	# Read configuration
	if ! zone_config_settings_read "${zone}" "${config}"; then
		error "Could not read configuration for ${zone} ${config}"
		return ${EXIT_ERROR}
	fi

	# Add IP address to the interface
	if ! ip_address_add "${zone}" "${ADDRESS}/${PREFIX}"; then
		return ${EXIT_ERROR}
	fi

	local protocol="$(ip_detect_protocol "${ADDRESS}")"
	assert isset protocol

	db_set "${zone}/${protocol}/type" "${HOOK}"
	db_set "${zone}/${protocol}/local-ip-address" "${ADDRESS}/${PREFIX}"
	db_set "${zone}/${protocol}/remote-ip-address" "${GATEWAY}"
	db_set "${zone}/${protocol}/active" 1

	# Update routing tables
	routing_update "${zone}" "${protocol}"
	routing_default_update

	exit ${EXIT_OK}
}

hook_down() {
	local zone=${1}
	local config=${2}
	shift 2

	if ! device_exists ${zone}; then
		error "Zone ${zone} doesn't exist"
		exit ${EXIT_ERROR}
	fi

	# Read configuration
	if ! zone_config_settings_read "${zone}" "${config}"; then
		return ${EXIT_ERRO}
	fi

	# Remove routing information from database
	local protocol="$(ip_detect_protocol "${ADDRESS}")"
	assert isset protocol
	db_delete "${zone}/${protocol}"

	# Remove the IP address
	ip_address_del "${zone}" "${ADDRESS}/${PREFIX}"

	# Update routing tables
	routing_update "${zone}" "${protocol}"
	routing_default_update

	return ${EXIT_OK}
}

hook_status() {
	local zone=${1}
	local config=${2}
	shift 2

	if ! device_exists ${zone}; then
		error "Zone ${zone} doesn't exist"
		exit ${EXIT_ERROR}
	fi

	# Read configuration
	if ! zone_config_settings_read "${zone}" "${config}"; then
		return ${EXIT_ERROR}
	fi

	local status=${MSG_HOOK_UP}
	if ! zone_has_ip "${zone}" "${ADDRESS}/${PREFIX}"; then
		status=${MSG_HOOK_DOWN}
	fi
	cli_statusline 3 "${HOOK}" "${status}"

	cli_print_fmt1 3 "IP Address" "${ADDRESS}/${PREFIX}"
	if [ -n "${GATEWAY}" ]; then
		cli_print_fmt1 3 "Gateway" "${GATEWAY}"
	fi
	cli_space

	return ${EXIT_OK}
}
Commit	Line	Data
46a28dcd MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
	22	. /usr/lib/network/header-config
	23
	24	HOOK_CONFIG_SETTINGS="HOOK ADDRESS PREFIX GATEWAY"
	25
	26	hook_check_config_settings() {
	27	local protocol="$(ip_detect_protocol "${ADDRESS}")"
	28
	29	case "${protocol}" in
	30	ipv6)
	31	assert ipv6_is_valid "${ADDRESS}"
	32	assert ipv6_prefix_is_valid "${PREFIX}"
	33
	34	isset GATEWAY && assert ipv6_is_valid "${GATEWAY}"
	35	;;
	36
	37	ipv4)
	38	assert ipv4_is_valid "${ADDRESS}"
	39	assert ipv4_prefix_is_valid "${PREFIX}"
	40
	41	isset GATEWAY && assert ipv4_is_valid "${GATEWAY}"
	42	;;
	43
	44	*)
	45	error "Could not determine protocol: ${protocol}"
	46	return ${EXIT_CONF_ERROR}
	47	;;
	48	esac
	49
	50	return ${EXIT_OK}
	51	}
	52
	53	hook_parse_cmdline() {
	54	local protocol
	55
	56	while [ $# -gt 0 ]; do
	57	case "${1}" in
	58	# IPv6
	59	:/*)
	60	protocol="ipv6"
	61
	62	ADDRESS="$(ip_split_prefix "${1}")"
	63	PREFIX="$(ip_get_prefix "${1}")"
	64
65	# Validate address
66	if ! ipv6_is_valid "${ADDRESS}"; then
67	error "Invalid IP address: ${ADDRESS}"
68	return ${EXIT_CONF_ERROR}
69	fi
70
71	# Validate prefix
72	if ! ipv6_prefix_is_valid "${PREFIX}"; then
73	error "Invalid prefix: ${PREFIX}"
74	return ${EXIT_CONF_ERROR}
75	fi
76
77	# Store the IPv6 address in its shortest format
78	ADDRESS="$(ipv6_format "${ADDRESS}")"
79	;;
80
81	# IPv4
82	.../*)
83	protocol="ipv4"
84
85	ADDRESS="$(ip_split_prefix "${1}")"
86	PREFIX="$(ip_get_prefix "${1}")"
87
88	# Validate address
89	if ! ipv4_is_valid "${ADDRESS}"; then
90	error "Invalid IP address: ${ADDRESS}"
91	return ${EXIT_CONF_ERROR}
92	fi
93
94	# Validate prefix
95	if ! ipv4_prefix_is_valid "${PREFIX}"; then
96	# This might be a netmask instead
97	local prefix_from_netmask="$(ipv4_netmask2prefix "${PREFIX}")"
98
99	if ! ipv4_prefix_is_valid "${prefix_from_netmask}"; then
100	PREFIX="${prefix_from_netmask}"
101	else
102	error "Invalid prefix or netmask: ${PREFIX}"
103	return ${EXIT_CONF_ERROR}
104	fi
105	fi
106	;;
107
108	# Gateway
109	--gateway=*)
110	GATEWAY="$(cli_get_val "${1}")"
111
112	# Validate input
113	if isset GATEWAY && ! ip_is_valid "${GATEWAY}"; then
114	error "Invalid gateway IP address: ${GATEWAY}"
115	return ${EXIT_CONF_ERROR}
116	fi
117	;;
118
119	*)
120	error "Invalid argument: ${1}"
121	return ${EXIT_CONF_ERROR}
122	;;
123	esac
124	shift
125	done
126
127	# Check if an address has been set
128	if ! isset ADDRESS; then
129	error "No IP address provided"
130	return ${EXIT_CONF_ERROR}
131	fi
132
133	# Check if a prefix has been set
134	if ! isset PREFIX; then
135	error "No prefix provided"
136	return ${EXIT_CONF_ERROR}
137	fi
138
139	# More gateway validation
140	if isset GATEWAY; then
141	local gateway_protocol="$(ip_detect_protocol "${GATEWAY}")"
142
143	# Make sure that the prefix is of the same protocol version
144	if [ "${gateway_protocol}" != "${protocol}" ]; then
145	error "The gateway is of a wrong protocol: ${GATEWAY}"
146	return ${EXIT_CONF_ERROR}
147	fi
148
149	# Make IP address as short as possible
150	if [ "${gateway_protocol}" = "ipv6" ]; then
151	GATEWAY="$(ipv6_format "${GATEWAY}")"
152	fi
153	fi
154
155	# Check any conflicts
156	if zone_config_check_same_setting "${zone}" "static" "ADDRESS" "${ADDRESS}"; then
157	error "A static configuration with the same address is already configured"
158	return ${EXIT_CONF_ERROR}
159	fi
160	}
161
162	hook_up() {
163	local zone="${1}"
164	local config="${2}"
165	shift 2
166
167	# Check if the device exists
168	if ! device_exists ${zone}; then
169	error "Zone ${zone} doesn't exist"
170	return ${EXIT_ERROR}
171	fi
172
173	# Read configuration
174	if ! zone_config_settings_read "${zone}" "${config}"; then
175	error "Could not read configuration for ${zone} ${config}"
176	return ${EXIT_ERROR}
177	fi
178
179	# Add IP address to the interface
180	if ! ip_address_add "${zone}" "${ADDRESS}/${PREFIX}"; then
181	return ${EXIT_ERROR}
182	fi
183
184	local protocol="$(ip_detect_protocol "${ADDRESS}")"
185	assert isset protocol
186
187	db_set "${zone}/${protocol}/type" "${HOOK}"
188	db_set "${zone}/${protocol}/local-ip-address" "${ADDRESS}/${PREFIX}"
189	db_set "${zone}/${protocol}/remote-ip-address" "${GATEWAY}"
190	db_set "${zone}/${protocol}/active" 1
191
192	# Update routing tables
193	routing_update "${zone}" "${protocol}"
194	routing_default_update
195
196	exit ${EXIT_OK}
197	}
198
199	hook_down() {
200	local zone=${1}
201	local config=${2}
202	shift 2
203
204	if ! device_exists ${zone}; then
205	error "Zone ${zone} doesn't exist"
206	exit ${EXIT_ERROR}
207	fi
208
209	# Read configuration
210	if ! zone_config_settings_read "${zone}" "${config}"; then
211	return ${EXIT_ERRO}
212	fi
213
214	# Remove routing information from database
215	local protocol="$(ip_detect_protocol "${ADDRESS}")"
216	assert isset protocol
217	db_delete "${zone}/${protocol}"
218
219	# Remove the IP address
220	ip_address_del "${zone}" "${ADDRESS}/${PREFIX}"
221
222	# Update routing tables
223	routing_update "${zone}" "${protocol}"
224	routing_default_update
225
226	return ${EXIT_OK}
227	}
228
229	hook_status() {
230	local zone=${1}
231	local config=${2}
232	shift 2
233
234	if ! device_exists ${zone}; then
235	error "Zone ${zone} doesn't exist"
236	exit ${EXIT_ERROR}
237	fi
238
239	# Read configuration
240	if ! zone_config_settings_read "${zone}" "${config}"; then
241	return ${EXIT_ERROR}
242	fi
243
244	local status=${MSG_HOOK_UP}
245	if ! zone_has_ip "${zone}" "${ADDRESS}/${PREFIX}"; then
246	status=${MSG_HOOK_DOWN}
247	fi
248	cli_statusline 3 "${HOOK}" "${status}"
249
250	cli_print_fmt1 3 "IP Address" "${ADDRESS}/${PREFIX}"
251	if [ -n "${GATEWAY}" ]; then
252	cli_print_fmt1 3 "Gateway" "${GATEWAY}"
253	fi
254	cli_space
255
256	return ${EXIT_OK}
257	}