]>
Commit | Line | Data |
---|---|---|
46a28dcd MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2010 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | . /usr/lib/network/header-config | |
23 | ||
24 | HOOK_CONFIG_SETTINGS="HOOK ADDRESS PREFIX GATEWAY" | |
25 | ||
26 | hook_check_config_settings() { | |
27 | local protocol="$(ip_detect_protocol "${ADDRESS}")" | |
28 | ||
29 | case "${protocol}" in | |
30 | ipv6) | |
31 | assert ipv6_is_valid "${ADDRESS}" | |
32 | assert ipv6_prefix_is_valid "${PREFIX}" | |
33 | ||
34 | isset GATEWAY && assert ipv6_is_valid "${GATEWAY}" | |
35 | ;; | |
36 | ||
37 | ipv4) | |
38 | assert ipv4_is_valid "${ADDRESS}" | |
39 | assert ipv4_prefix_is_valid "${PREFIX}" | |
40 | ||
41 | isset GATEWAY && assert ipv4_is_valid "${GATEWAY}" | |
42 | ;; | |
43 | ||
44 | *) | |
45 | error "Could not determine protocol: ${protocol}" | |
46 | return ${EXIT_CONF_ERROR} | |
47 | ;; | |
48 | esac | |
49 | ||
50 | return ${EXIT_OK} | |
51 | } | |
52 | ||
53 | hook_parse_cmdline() { | |
54 | local protocol | |
b907d1e6 SS |
55 | local id="${1}" |
56 | shift | |
46a28dcd MT |
57 | |
58 | while [ $# -gt 0 ]; do | |
59 | case "${1}" in | |
60 | # IPv6 | |
61 | *:*/*) | |
62 | protocol="ipv6" | |
63 | ||
64 | ADDRESS="$(ip_split_prefix "${1}")" | |
65 | PREFIX="$(ip_get_prefix "${1}")" | |
66 | ||
67 | # Validate address | |
68 | if ! ipv6_is_valid "${ADDRESS}"; then | |
69 | error "Invalid IP address: ${ADDRESS}" | |
70 | return ${EXIT_CONF_ERROR} | |
71 | fi | |
72 | ||
73 | # Validate prefix | |
74 | if ! ipv6_prefix_is_valid "${PREFIX}"; then | |
75 | error "Invalid prefix: ${PREFIX}" | |
76 | return ${EXIT_CONF_ERROR} | |
77 | fi | |
78 | ||
79 | # Store the IPv6 address in its shortest format | |
80 | ADDRESS="$(ipv6_format "${ADDRESS}")" | |
81 | ;; | |
82 | ||
83 | # IPv4 | |
84 | *.*.*.*/*) | |
85 | protocol="ipv4" | |
86 | ||
87 | ADDRESS="$(ip_split_prefix "${1}")" | |
88 | PREFIX="$(ip_get_prefix "${1}")" | |
89 | ||
90 | # Validate address | |
91 | if ! ipv4_is_valid "${ADDRESS}"; then | |
92 | error "Invalid IP address: ${ADDRESS}" | |
93 | return ${EXIT_CONF_ERROR} | |
94 | fi | |
95 | ||
96 | # Validate prefix | |
97 | if ! ipv4_prefix_is_valid "${PREFIX}"; then | |
98 | # This might be a netmask instead | |
99 | local prefix_from_netmask="$(ipv4_netmask2prefix "${PREFIX}")" | |
100 | ||
101 | if ! ipv4_prefix_is_valid "${prefix_from_netmask}"; then | |
102 | PREFIX="${prefix_from_netmask}" | |
103 | else | |
104 | error "Invalid prefix or netmask: ${PREFIX}" | |
105 | return ${EXIT_CONF_ERROR} | |
106 | fi | |
107 | fi | |
108 | ;; | |
109 | ||
110 | # Gateway | |
111 | --gateway=*) | |
112 | GATEWAY="$(cli_get_val "${1}")" | |
113 | ||
114 | # Validate input | |
115 | if isset GATEWAY && ! ip_is_valid "${GATEWAY}"; then | |
116 | error "Invalid gateway IP address: ${GATEWAY}" | |
117 | return ${EXIT_CONF_ERROR} | |
118 | fi | |
119 | ;; | |
120 | ||
121 | *) | |
122 | error "Invalid argument: ${1}" | |
123 | return ${EXIT_CONF_ERROR} | |
124 | ;; | |
125 | esac | |
126 | shift | |
127 | done | |
128 | ||
129 | # Check if an address has been set | |
130 | if ! isset ADDRESS; then | |
131 | error "No IP address provided" | |
132 | return ${EXIT_CONF_ERROR} | |
133 | fi | |
134 | ||
135 | # Check if a prefix has been set | |
136 | if ! isset PREFIX; then | |
137 | error "No prefix provided" | |
138 | return ${EXIT_CONF_ERROR} | |
139 | fi | |
140 | ||
141 | # More gateway validation | |
142 | if isset GATEWAY; then | |
143 | local gateway_protocol="$(ip_detect_protocol "${GATEWAY}")" | |
144 | ||
145 | # Make sure that the prefix is of the same protocol version | |
146 | if [ "${gateway_protocol}" != "${protocol}" ]; then | |
147 | error "The gateway is of a wrong protocol: ${GATEWAY}" | |
148 | return ${EXIT_CONF_ERROR} | |
149 | fi | |
150 | ||
151 | # Make IP address as short as possible | |
152 | if [ "${gateway_protocol}" = "ipv6" ]; then | |
153 | GATEWAY="$(ipv6_format "${GATEWAY}")" | |
154 | fi | |
155 | fi | |
156 | ||
157 | # Check any conflicts | |
b907d1e6 | 158 | if zone_config_check_same_setting "${zone}" "static" "${id}" "ADDRESS" "${ADDRESS}"; then |
46a28dcd MT |
159 | error "A static configuration with the same address is already configured" |
160 | return ${EXIT_CONF_ERROR} | |
161 | fi | |
162 | } | |
163 | ||
b907d1e6 SS |
164 | hook_new() { |
165 | local zone="${1}" | |
166 | shift | |
167 | ||
168 | local id=$(zone_config_get_new_id ${zone}) | |
169 | log DEBUG "ID for the config is: ${id}" | |
170 | ||
171 | if ! hook_parse_cmdline "${id}" "$@"; then | |
172 | # Return an error if the parsing of the cmd line fails | |
173 | return ${EXIT_ERROR} | |
174 | fi | |
175 | ||
176 | zone_config_settings_write "${zone}" "${HOOK}" "${id}" | |
177 | ||
178 | exit ${EXIT_OK} | |
179 | } | |
180 | ||
46a28dcd MT |
181 | hook_up() { |
182 | local zone="${1}" | |
183 | local config="${2}" | |
184 | shift 2 | |
185 | ||
186 | # Check if the device exists | |
187 | if ! device_exists ${zone}; then | |
188 | error "Zone ${zone} doesn't exist" | |
189 | return ${EXIT_ERROR} | |
190 | fi | |
191 | ||
192 | # Read configuration | |
193 | if ! zone_config_settings_read "${zone}" "${config}"; then | |
194 | error "Could not read configuration for ${zone} ${config}" | |
195 | return ${EXIT_ERROR} | |
196 | fi | |
197 | ||
198 | # Add IP address to the interface | |
199 | if ! ip_address_add "${zone}" "${ADDRESS}/${PREFIX}"; then | |
200 | return ${EXIT_ERROR} | |
201 | fi | |
202 | ||
203 | local protocol="$(ip_detect_protocol "${ADDRESS}")" | |
204 | assert isset protocol | |
205 | ||
206 | db_set "${zone}/${protocol}/type" "${HOOK}" | |
207 | db_set "${zone}/${protocol}/local-ip-address" "${ADDRESS}/${PREFIX}" | |
208 | db_set "${zone}/${protocol}/remote-ip-address" "${GATEWAY}" | |
209 | db_set "${zone}/${protocol}/active" 1 | |
210 | ||
211 | # Update routing tables | |
212 | routing_update "${zone}" "${protocol}" | |
213 | routing_default_update | |
214 | ||
215 | exit ${EXIT_OK} | |
216 | } | |
217 | ||
218 | hook_down() { | |
219 | local zone=${1} | |
220 | local config=${2} | |
221 | shift 2 | |
222 | ||
223 | if ! device_exists ${zone}; then | |
224 | error "Zone ${zone} doesn't exist" | |
225 | exit ${EXIT_ERROR} | |
226 | fi | |
227 | ||
228 | # Read configuration | |
229 | if ! zone_config_settings_read "${zone}" "${config}"; then | |
230 | return ${EXIT_ERRO} | |
231 | fi | |
232 | ||
233 | # Remove routing information from database | |
234 | local protocol="$(ip_detect_protocol "${ADDRESS}")" | |
235 | assert isset protocol | |
236 | db_delete "${zone}/${protocol}" | |
237 | ||
238 | # Remove the IP address | |
239 | ip_address_del "${zone}" "${ADDRESS}/${PREFIX}" | |
240 | ||
241 | # Update routing tables | |
242 | routing_update "${zone}" "${protocol}" | |
243 | routing_default_update | |
244 | ||
245 | return ${EXIT_OK} | |
246 | } | |
247 | ||
248 | hook_status() { | |
249 | local zone=${1} | |
250 | local config=${2} | |
251 | shift 2 | |
252 | ||
253 | if ! device_exists ${zone}; then | |
254 | error "Zone ${zone} doesn't exist" | |
255 | exit ${EXIT_ERROR} | |
256 | fi | |
257 | ||
258 | # Read configuration | |
259 | if ! zone_config_settings_read "${zone}" "${config}"; then | |
260 | return ${EXIT_ERROR} | |
261 | fi | |
262 | ||
263 | local status=${MSG_HOOK_UP} | |
264 | if ! zone_has_ip "${zone}" "${ADDRESS}/${PREFIX}"; then | |
265 | status=${MSG_HOOK_DOWN} | |
266 | fi | |
267 | cli_statusline 3 "${HOOK}" "${status}" | |
268 | ||
269 | cli_print_fmt1 3 "IP Address" "${ADDRESS}/${PREFIX}" | |
270 | if [ -n "${GATEWAY}" ]; then | |
271 | cli_print_fmt1 3 "Gateway" "${GATEWAY}" | |
272 | fi | |
273 | cli_space | |
274 | ||
275 | return ${EXIT_OK} | |
276 | } |