[people/ms/network.git] / src / hooks / configs / static

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

. /usr/lib/network/header-config

# Allow multiple instances of this hook
HOOK_UNIQUE="false"

HOOK_SETTINGS=(
	"ADDRESS"
	"PREFIX"
	"GATEWAY"
)

hook_check_config_settings() {
	local protocol="$(ip_detect_protocol "${ADDRESS}")"

	case "${protocol}" in
		ipv6)
			assert ipv6_is_valid "${ADDRESS}"
			assert ipv6_prefix_is_valid "${PREFIX}"

			isset GATEWAY && assert ipv6_is_valid "${GATEWAY}"
			;;

		ipv4)
			assert ipv4_is_valid "${ADDRESS}"
			assert ipv4_prefix_is_valid "${PREFIX}"

			isset GATEWAY && assert ipv4_is_valid "${GATEWAY}"
			;;

		*)
			error "Could not determine protocol: ${protocol}"
			return ${EXIT_CONF_ERROR}
			;;
	esac

	return ${EXIT_OK}
}

hook_parse_cmdline() {
	local protocol
	local id="${1}"
	shift

	while [ $# -gt 0 ]; do
		case "${1}" in
			# IPv6
			*:*/*)
				protocol="ipv6"

				ADDRESS="$(ip_split_prefix "${1}")"
				PREFIX="$(ip_get_prefix "${1}")"

				# Validate address
				if ! ipv6_is_valid "${ADDRESS}"; then
					error "Invalid IP address: ${ADDRESS}"
					return ${EXIT_CONF_ERROR}
				fi

				# Validate prefix
				if ! ipv6_prefix_is_valid "${PREFIX}"; then
					error "Invalid prefix: ${PREFIX}"
					return ${EXIT_CONF_ERROR}
				fi

				# Store the IPv6 address in its shortest format
				ADDRESS="$(ipv6_format "${ADDRESS}")"
				;;

			# IPv4
			*.*.*.*/*)
				protocol="ipv4"

				ADDRESS="$(ip_split_prefix "${1}")"
				PREFIX="$(ip_get_prefix "${1}")"

				# Validate address
				if ! ipv4_is_valid "${ADDRESS}"; then
					error "Invalid IP address: ${ADDRESS}"
					return ${EXIT_CONF_ERROR}
				fi

				# Validate prefix
				if ! ipv4_prefix_is_valid "${PREFIX}"; then
					# This might be a netmask instead
					local prefix_from_netmask="$(ipv4_netmask2prefix "${PREFIX}")"

					if ! ipv4_prefix_is_valid "${prefix_from_netmask}"; then
						PREFIX="${prefix_from_netmask}"
					else
						error "Invalid prefix or netmask: ${PREFIX}"
						return ${EXIT_CONF_ERROR}
					fi
				fi
				;;

			# Gateway
			--gateway=*)
				GATEWAY="$(cli_get_val "${1}")"

				# Validate input
				if isset GATEWAY && ! ip_is_valid "${GATEWAY}"; then
					error "Invalid gateway IP address: ${GATEWAY}"
					return ${EXIT_CONF_ERROR}
				fi
				;;

			*)
				error "Invalid argument: ${1}"
				return ${EXIT_CONF_ERROR}
				;;
		esac
		shift
	done

	# Check if an address has been set
	if ! isset ADDRESS; then
		error "No IP address provided"
		return ${EXIT_CONF_ERROR}
	fi

	# Check if a prefix has been set
	if ! isset PREFIX; then
		error "No prefix provided"
		return ${EXIT_CONF_ERROR}
	fi

	# More gateway validation
	if isset GATEWAY; then
		local gateway_protocol="$(ip_detect_protocol "${GATEWAY}")"

		# Make sure that the prefix is of the same protocol version
		if [ "${gateway_protocol}" != "${protocol}" ]; then
			error "The gateway is of a wrong protocol: ${GATEWAY}"
			return ${EXIT_CONF_ERROR}
		fi

		# Make IP address as short as possible
		if [ "${gateway_protocol}" = "ipv6" ]; then
			GATEWAY="$(ipv6_format "${GATEWAY}")"
		fi
	fi

	# Check any conflicts
	if zone_config_check_same_setting "${zone}" "static" "${id}" "ADDRESS" "${ADDRESS}"; then
		error "A static configuration with the same address is already configured"
		return ${EXIT_CONF_ERROR}
	fi
}

hook_new() {
	local zone="${1}"
	shift

	local id=$(zone_config_get_new_id ${zone})
	log DEBUG "ID for the config is: ${id}"

	if ! hook_parse_cmdline "${id}" "$@"; then
		# Return an error if the parsing of the cmd line fails
		return ${EXIT_ERROR}
	fi

	zone_config_settings_write "${zone}" "${HOOK}" "${id}"

	exit ${EXIT_OK}
}

hook_up() {
	local zone="${1}"
	local config="${2}"
	shift 2

	# Check if the device exists
	if ! device_exists ${zone}; then
		error "Zone ${zone} doesn't exist"
		return ${EXIT_ERROR}
	fi

	# Read configuration
	if ! zone_config_settings_read "${zone}" "${config}"; then
		error "Could not read configuration for ${zone} ${config}"
		return ${EXIT_ERROR}
	fi

	# Add IP address to the interface
	if ! ip_address_add "${zone}" "${ADDRESS}/${PREFIX}"; then
		return ${EXIT_ERROR}
	fi

	local protocol="$(ip_detect_protocol "${ADDRESS}")"
	assert isset protocol

	db_set "${zone}/${protocol}/type" "${HOOK}"
	db_set "${zone}/${protocol}/local-ip-address" "${ADDRESS}/${PREFIX}"
	db_set "${zone}/${protocol}/remote-ip-address" "${GATEWAY}"
	db_set "${zone}/${protocol}/active" 1

	# Update routing tables
	routing_update "${zone}" "${protocol}"
	routing_default_update

	exit ${EXIT_OK}
}

hook_down() {
	local zone=${1}
	local config=${2}
	shift 2

	if ! device_exists ${zone}; then
		error "Zone ${zone} doesn't exist"
		exit ${EXIT_ERROR}
	fi

	# Read configuration
	if ! zone_config_settings_read "${zone}" "${config}"; then
		return ${EXIT_ERRO}
	fi

	# Remove routing information from database
	local protocol="$(ip_detect_protocol "${ADDRESS}")"
	assert isset protocol
	db_delete "${zone}/${protocol}"

	# Remove the IP address
	ip_address_del "${zone}" "${ADDRESS}/${PREFIX}"

	# Update routing tables
	routing_update "${zone}" "${protocol}"
	routing_default_update

	return ${EXIT_OK}
}

hook_status() {
	local zone=${1}
	local config=${2}
	shift 2

	if ! device_exists ${zone}; then
		error "Zone ${zone} doesn't exist"
		exit ${EXIT_ERROR}
	fi

	# Read configuration
	if ! zone_config_settings_read "${zone}" "${config}"; then
		return ${EXIT_ERROR}
	fi

	local status=${MSG_HOOK_UP}
	if ! zone_has_ip "${zone}" "${ADDRESS}/${PREFIX}"; then
		status=${MSG_HOOK_DOWN}
	fi
	cli_statusline 3 "${HOOK}" "${status}"

	cli_print_fmt1 3 "IP Address" "${ADDRESS}/${PREFIX}"
	if [ -n "${GATEWAY}" ]; then
		cli_print_fmt1 3 "Gateway" "${GATEWAY}"
	fi
	cli_space

	return ${EXIT_OK}
}
Commit	Line	Data
46a28dcd MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
	22	. /usr/lib/network/header-config
	23
fdd9ac5f MT	24	# Allow multiple instances of this hook
	25	HOOK_UNIQUE="false"
	26
636f1b96 MT	27	HOOK_SETTINGS=(
	28	"ADDRESS"
	29	"PREFIX"
	30	"GATEWAY"
	31	)
46a28dcd MT	32
	33	hook_check_config_settings() {
	34	local protocol="$(ip_detect_protocol "${ADDRESS}")"
	35
	36	case "${protocol}" in
	37	ipv6)
	38	assert ipv6_is_valid "${ADDRESS}"
	39	assert ipv6_prefix_is_valid "${PREFIX}"
	40
	41	isset GATEWAY && assert ipv6_is_valid "${GATEWAY}"
	42	;;
	43
	44	ipv4)
	45	assert ipv4_is_valid "${ADDRESS}"
	46	assert ipv4_prefix_is_valid "${PREFIX}"
	47
	48	isset GATEWAY && assert ipv4_is_valid "${GATEWAY}"
	49	;;
	50
	51	*)
	52	error "Could not determine protocol: ${protocol}"
	53	return ${EXIT_CONF_ERROR}
	54	;;
	55	esac
	56
	57	return ${EXIT_OK}
	58	}
	59
	60	hook_parse_cmdline() {
	61	local protocol
b907d1e6 SS	62	local id="${1}"
b907d1e6 SS	63	shift
46a28dcd MT	64
	65	while [ $# -gt 0 ]; do
	66	case "${1}" in
	67	# IPv6
	68	:/*)
	69	protocol="ipv6"
	70
	71	ADDRESS="$(ip_split_prefix "${1}")"
	72	PREFIX="$(ip_get_prefix "${1}")"
	73
	74	# Validate address
	75	if ! ipv6_is_valid "${ADDRESS}"; then
	76	error "Invalid IP address: ${ADDRESS}"
	77	return ${EXIT_CONF_ERROR}
	78	fi
	79
	80	# Validate prefix
	81	if ! ipv6_prefix_is_valid "${PREFIX}"; then
	82	error "Invalid prefix: ${PREFIX}"
	83	return ${EXIT_CONF_ERROR}
	84	fi
	85
	86	# Store the IPv6 address in its shortest format
	87	ADDRESS="$(ipv6_format "${ADDRESS}")"
	88	;;
	89
	90	# IPv4
	91	.../*)
	92	protocol="ipv4"
	93
	94	ADDRESS="$(ip_split_prefix "${1}")"
	95	PREFIX="$(ip_get_prefix "${1}")"
	96
	97	# Validate address
	98	if ! ipv4_is_valid "${ADDRESS}"; then
	99	error "Invalid IP address: ${ADDRESS}"
	100	return ${EXIT_CONF_ERROR}
	101	fi
	102
	103	# Validate prefix
	104	if ! ipv4_prefix_is_valid "${PREFIX}"; then
	105	# This might be a netmask instead
	106	local prefix_from_netmask="$(ipv4_netmask2prefix "${PREFIX}")"
	107
	108	if ! ipv4_prefix_is_valid "${prefix_from_netmask}"; then
	109	PREFIX="${prefix_from_netmask}"
	110	else
	111	error "Invalid prefix or netmask: ${PREFIX}"
	112	return ${EXIT_CONF_ERROR}
	113	fi
	114	fi
	115	;;
	116
	117	# Gateway
	118	--gateway=*)
	119	GATEWAY="$(cli_get_val "${1}")"
	120
	121	# Validate input
	122	if isset GATEWAY && ! ip_is_valid "${GATEWAY}"; then
	123	error "Invalid gateway IP address: ${GATEWAY}"
	124	return ${EXIT_CONF_ERROR}
	125	fi
	126	;;
	127
128	*)
129	error "Invalid argument: ${1}"
130	return ${EXIT_CONF_ERROR}
131	;;
132	esac
133	shift
134	done
135
136	# Check if an address has been set
137	if ! isset ADDRESS; then
138	error "No IP address provided"
139	return ${EXIT_CONF_ERROR}
140	fi
141
142	# Check if a prefix has been set
143	if ! isset PREFIX; then
144	error "No prefix provided"
145	return ${EXIT_CONF_ERROR}
146	fi
147
148	# More gateway validation
149	if isset GATEWAY; then
150	local gateway_protocol="$(ip_detect_protocol "${GATEWAY}")"
151
152	# Make sure that the prefix is of the same protocol version
153	if [ "${gateway_protocol}" != "${protocol}" ]; then
154	error "The gateway is of a wrong protocol: ${GATEWAY}"
155	return ${EXIT_CONF_ERROR}
156	fi
157
158	# Make IP address as short as possible
159	if [ "${gateway_protocol}" = "ipv6" ]; then
160	GATEWAY="$(ipv6_format "${GATEWAY}")"
161	fi
162	fi
163
164	# Check any conflicts
b907d1e6	165	if zone_config_check_same_setting "${zone}" "static" "${id}" "ADDRESS" "${ADDRESS}"; then
46a28dcd MT	166	error "A static configuration with the same address is already configured"
	167	return ${EXIT_CONF_ERROR}
	168	fi
	169	}
	170
b907d1e6 SS	171	hook_new() {
	172	local zone="${1}"
	173	shift
	174
	175	local id=$(zone_config_get_new_id ${zone})
	176	log DEBUG "ID for the config is: ${id}"
	177
	178	if ! hook_parse_cmdline "${id}" "$@"; then
	179	# Return an error if the parsing of the cmd line fails
	180	return ${EXIT_ERROR}
	181	fi
	182
	183	zone_config_settings_write "${zone}" "${HOOK}" "${id}"
	184
	185	exit ${EXIT_OK}
	186	}
	187
46a28dcd MT	188	hook_up() {
	189	local zone="${1}"
	190	local config="${2}"
	191	shift 2
	192
	193	# Check if the device exists
	194	if ! device_exists ${zone}; then
	195	error "Zone ${zone} doesn't exist"
	196	return ${EXIT_ERROR}
	197	fi
	198
	199	# Read configuration
	200	if ! zone_config_settings_read "${zone}" "${config}"; then
	201	error "Could not read configuration for ${zone} ${config}"
	202	return ${EXIT_ERROR}
	203	fi
	204
	205	# Add IP address to the interface
	206	if ! ip_address_add "${zone}" "${ADDRESS}/${PREFIX}"; then
	207	return ${EXIT_ERROR}
	208	fi
	209
	210	local protocol="$(ip_detect_protocol "${ADDRESS}")"
	211	assert isset protocol
	212
	213	db_set "${zone}/${protocol}/type" "${HOOK}"
	214	db_set "${zone}/${protocol}/local-ip-address" "${ADDRESS}/${PREFIX}"
	215	db_set "${zone}/${protocol}/remote-ip-address" "${GATEWAY}"
	216	db_set "${zone}/${protocol}/active" 1
	217
	218	# Update routing tables
	219	routing_update "${zone}" "${protocol}"
	220	routing_default_update
	221
	222	exit ${EXIT_OK}
	223	}
	224
	225	hook_down() {
	226	local zone=${1}
	227	local config=${2}
	228	shift 2
	229
	230	if ! device_exists ${zone}; then
	231	error "Zone ${zone} doesn't exist"
	232	exit ${EXIT_ERROR}
	233	fi
	234
	235	# Read configuration
	236	if ! zone_config_settings_read "${zone}" "${config}"; then
	237	return ${EXIT_ERRO}
	238	fi
	239
	240	# Remove routing information from database
	241	local protocol="$(ip_detect_protocol "${ADDRESS}")"
	242	assert isset protocol
	243	db_delete "${zone}/${protocol}"
	244
	245	# Remove the IP address
	246	ip_address_del "${zone}" "${ADDRESS}/${PREFIX}"
	247
	248	# Update routing tables
	249	routing_update "${zone}" "${protocol}"
	250	routing_default_update
	251
252	return ${EXIT_OK}
253	}
254
255	hook_status() {
256	local zone=${1}
257	local config=${2}
258	shift 2
259
260	if ! device_exists ${zone}; then
261	error "Zone ${zone} doesn't exist"
262	exit ${EXIT_ERROR}
263	fi
264
265	# Read configuration
266	if ! zone_config_settings_read "${zone}" "${config}"; then
267	return ${EXIT_ERROR}
268	fi
269
270	local status=${MSG_HOOK_UP}
271	if ! zone_has_ip "${zone}" "${ADDRESS}/${PREFIX}"; then
272	status=${MSG_HOOK_DOWN}
273	fi
274	cli_statusline 3 "${HOOK}" "${status}"
275
276	cli_print_fmt1 3 "IP Address" "${ADDRESS}/${PREFIX}"
277	if [ -n "${GATEWAY}" ]; then
278	cli_print_fmt1 3 "Gateway" "${GATEWAY}"
279	fi
280	cli_space
281
282	return ${EXIT_OK}
283	}