[people/ms/network.git] / src / hooks / zones / bridge

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

. /usr/lib/network/header-zone

HOOK_MANPAGE="network-zone-bridge"

HOOK_SETTINGS="HOOK STP STP_FORWARD_DELAY STP_HELLO STP_MAXAGE STP_MODE"
HOOK_SETTINGS="${HOOK_SETTINGS} STP_PRIORITY MAC MTU"

HOOK_PORT_SETTINGS="COST PRIORITY"

# Default values
MAC=$(mac_generate)
MTU=1500
STP="on"
STP_MODE="rstp"
STP_FORWARD_DELAY=0
STP_HELLO=2
STP_MAXAGE=20
STP_PRIORITY=512

function hook_check() {
	assert ismac MAC
	assert isbool STP
	assert isoneof STP_MODE stp rstp
	assert isinteger STP_HELLO
	assert isinteger STP_FORWARD_DELAY
	assert isinteger STP_PRIORITY
	assert isinteger MTU
}

function hook_parse_cmdline() {
	while [ $# -gt 0 ]; do
		case "${1}" in
			--stp=*)
				STP=${1#--stp=}
				;;
			--stp-mode=*)
				STP_MODE=${1#--stp-mode=}
				;;
			--stp-hello=*)
				STP_HELLO=${1#--stp-hello=}
				;;
			--stp-forward-delay=*)
				STP_FORWARD_DELAY=${1#--stp-forward-delay=}
				;;
			--stp-priority=*)
				STP_PRIORITY=${1#--stp-priority=}
				;;
			--mtu=*)
				MTU=${1#--mtu=}
				;;
			--mac=*)
				MAC=${1#--mac=}
				;;
			*)
				warning "Ignoring unknown option '${1}'"
				;;
		esac
		shift
	done
}

function hook_up() {
	local zone=${1}
	assert isset zone

	zone_settings_read "${zone}" ${HOOK_SETTINGS}

	# Create the bridge if it does not already exist.
	if ! device_exists ${zone}; then
		bridge_create ${zone} \
			--address=${MAC} --mtu=${MTU}

	# Adjust MAC address and MTU if needed.
	else
		device_set_address ${zone} ${MAC}
		device_set_mtu ${zone} ${MTU}
	fi

	# Enable STP
	if enabled STP; then
		stp_enable ${zone}

		if [ -n "${STP_FORWARD_DELAY}" ]; then
			stp_bridge_set_forward_delay ${zone} ${STP_FORWARD_DELAY}
		fi

		if [ -n "${STP_HELLO}" ]; then
			stp_bridge_set_hello_time ${zone} ${STP_HELLO}
		fi

		if [ -n "${STP_MAXAGE}" ]; then
			stp_bridge_set_max_age ${zone} ${STP_MAXAGE}
		fi

		if [ -n "${STP_PRIORITY}" ]; then
			stp_bridge_set_priority ${zone} ${STP_PRIORITY}
		fi
	else
		stp_disable ${zone}
	fi

	device_set_up ${zone}

	# XXX Currently, there is a bug (in the linux kernel?) that we need to
	# set our bridges to promisc mode.
	device_set_promisc ${zone} on

	# Bring all ports up
	zone_ports_up ${zone}
	zone_configs_up ${zone}

	exit ${EXIT_OK}
}

function hook_down() {
	local zone=${1}
	assert isset zone

	if ! device_is_up ${zone}; then
		warning "Zone '${zone}' is not up"
		exit ${EXIT_OK}
	fi

	zone_configs_down ${zone}
	zone_ports_down ${zone}

	# XXX See remark in _up().
	device_set_promisc ${zone} off

	device_set_down ${zone}
	bridge_delete ${zone}

	exit ${EXIT_OK}
}

function hook_status() {
	local zone=${1}
	assert isset zone

	# Print the default header.
	cli_device_headline ${zone}

	# Exit if zone is down
	if ! zone_is_up ${zone}; then
		echo # Empty line
		exit ${EXIT_ERROR}
	fi

	cli_headline 2 "Spanning Tree Protocol information"
	if stp_is_enabled ${zone}; then
		local proto=$(stp_bridge_get_protocol ${zone})

		cli_print_fmt1 2 "Version"	"$(stp_get_name ${proto})"
		cli_print_fmt1 2 "ID"		"$(stp_bridge_get_id ${zone})"
		cli_print_fmt1 2 "Priority"	"$(stp_bridge_get_priority ${zone})"

		if stp_bridge_is_root ${zone}; then
			cli_print 2 "This bridge is root."
		else
			cli_print_fmt1 2 "Designated root" \
				"$(stp_bridge_get_designated_root ${zone})"
			cli_print_fmt1 2 "Root path cost" \
				"$(stp_bridge_get_root_path_cost ${zone})"
		fi
		cli_space

		# Topology information
		cli_print_fmt1 2 "Topology changing" \
			"$(stp_bridge_get_topology_change_detected ${zone})"
		cli_print_fmt1 2 "Topology change time" \
			"$(beautify_time $(stp_bridge_get_topology_change_timer ${zone}))"
		cli_print_fmt1 2 "Topology change count" \
			"$(stp_bridge_get_topology_change_count ${zone})"
		cli_space
	else
		cli_print 2 "Disabled"
		cli_space
	fi

	cli_headline 2 "Ports"
	zone_ports_status ${zone}
	cli_space

	cli_headline 2 "Configurations"
	zone_configs_cmd status ${zone}
	cli_space

	exit ${EXIT_OK}
}

function __parse_cmdline_args() {
	while [ $# -gt 0 ]; do
		case "${1}" in
			--priority=*)
				PRIORITY="$(cli_get_val ${1})"
				;;
			--cost=*)
				COST="$(cli_get_val ${1})"
				;;
		esac
		shift
	done

	return ${EXIT_OK}
}

function hook_port_add() {
	# Excepting at least two arguments here
	assert [ $# -ge 2 ]

	local zone="${1}"
	local port="${2}"
	shift 2

	__parse_cmdline_args "$@"
	[ $? -eq ${EXIT_OK} ] || return ${EXIT_ERROR}

	zone_port_settings_write "${zone}" "${port}" ${HOOK_PORT_SETTINGS}

	log INFO "Port '${port}' has been added to zone '${zone}'"

	exit ${EXIT_OK}
}

function hook_port_edit() {
	assert [ $# -ge 2 ]

	local zone="${1}"
	local port="${2}"
	shift 2

	zone_port_settings_read "${zone}" "${port}" ${HOOK_PORT_SETTINGS}

	__parse_cmdline_args "$@"
	[ $? -eq ${EXIT_OK} ] || return ${EXIT_ERROR}

	zone_port_settings_write "${zone}" "${port}" ${HOOK_PORT_SETTINGS}

	log INFO "Port '${port}' (member of zone '${zone}') has been edited"

	exit ${EXIT_OK}
}

function hook_port_remove() {
	assert [ $# -eq 2 ]

	local zone="${1}"
	local port="${2}"

	# Shut down the port (if possible)
	port_down "${port}"

	log INFO "Port '${port}' has been removed from zone '${zone}'"
	zone_port_settings_remove "${zone}" "${port}"

	exit ${EXIT_OK}
}

function hook_port_up() {
	assert [ $# -eq 2 ]

	local zone="${1}"
	local port="${2}"

	# Try bringing up the port
	port_up "${port}"

	# If the port could not be brought up, we will
	# log an error message and exit.
	if ! device_exists "${port}"; then
		log WARNING "Port '${port}' cannot be attached to zone '${zone}' as it does not exist"
		exit ${EXIT_OK}
	fi

	# Read configuration values
	zone_port_settings_read "${zone}" "${port}" ${HOOK_PORT_SETTINGS}

	# Attach the port to the bridge
	bridge_attach_device "${zone}" "${port}"

	# Set STP configuration
	if isset COST; then
		stp_port_set_cost "${zone}" "${port}" "${COST}"
	fi

	# TODO Apply priority (#10609)

	exit ${EXIT_OK}
}

function hook_port_down() {
	assert [ $# -eq 2 ]

	local zone="${1}"
	local port="${2}"

	bridge_detach_device "${zone}" "${port}"

	port_down "${port}"

	exit ${EXIT_OK}
}

function hook_port_status() {
	assert [ $# -eq 2 ]

	local zone="${1}"
	local port="${2}"

	# Do nothing for devices which are not up and running.
	device_exists "${port}" || exit ${EXIT_OK}

	local status

	# Check if the device is down.
	if ! device_is_up "${port}"; then
		status="${MSG_DEVICE_STATUS_DOWN}"

	# Check if the device has no carrier.
	elif ! device_has_carrier "${port}"; then
		status="${MSG_DEVICE_STATUS_NOCARRIER}"

	# Check for STP information.
	elif stp_is_enabled "${zone}"; then
		local state="$(stp_port_get_state "${zone}" "${port}")"
		state="MSG_STP_${state}"
		status="${!state}"

		status="${status} - DSR: $(stp_port_get_designated_root "${zone}" "${port}")"
		status="${status} - Cost: $(stp_port_get_cost "${zone}" "${port}")"
	else
		status="${MSG_DEVICE_STATUS_UP}"
	fi
	cli_statusline 3 "${port}" "${status}"

	exit ${EXIT_OK}
}
Commit	Line	Data
1848564d MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
e2aa12b3	22	. /usr/lib/network/header-zone
1848564d	23
de125810 MT	24	HOOK_MANPAGE="network-zone-bridge"
de125810 MT	25
6b3f9c85 MT	26	HOOK_SETTINGS="HOOK STP STP_FORWARD_DELAY STP_HELLO STP_MAXAGE STP_MODE"
6b3f9c85 MT	27	HOOK_SETTINGS="${HOOK_SETTINGS} STP_PRIORITY MAC MTU"
1848564d	28
828eb94a MT	29	HOOK_PORT_SETTINGS="COST PRIORITY"
828eb94a MT	30
1848564d MT	31	# Default values
	32	MAC=$(mac_generate)
	33	MTU=1500
	34	STP="on"
6b3f9c85	35	STP_MODE="rstp"
1848564d MT	36	STP_FORWARD_DELAY=0
	37	STP_HELLO=2
	38	STP_MAXAGE=20
e266c18e	39	STP_PRIORITY=512
1848564d	40
2181765d	41	function hook_check() {
1848564d MT	42	assert ismac MAC
1848564d MT	43	assert isbool STP
6b3f9c85	44	assert isoneof STP_MODE stp rstp
1848564d MT	45	assert isinteger STP_HELLO
1848564d MT	46	assert isinteger STP_FORWARD_DELAY
d82cf370	47	assert isinteger STP_PRIORITY
1848564d MT	48	assert isinteger MTU
	49	}
	50
2181765d	51	function hook_parse_cmdline() {
1848564d MT	52	while [ $# -gt 0 ]; do
	53	case "${1}" in
	54	--stp=*)
	55	STP=${1#--stp=}
	56	;;
6b3f9c85 MT	57	--stp-mode=*)
	58	STP_MODE=${1#--stp-mode=}
	59	;;
1848564d MT	60	--stp-hello=*)
	61	STP_HELLO=${1#--stp-hello=}
	62	;;
	63	--stp-forward-delay=*)
	64	STP_FORWARD_DELAY=${1#--stp-forward-delay=}
	65	;;
d82cf370 MT	66	--stp-priority=*)
	67	STP_PRIORITY=${1#--stp-priority=}
	68	;;
1848564d MT	69	--mtu=*)
	70	MTU=${1#--mtu=}
	71	;;
	72	--mac=*)
	73	MAC=${1#--mac=}
	74	;;
	75	*)
	76	warning "Ignoring unknown option '${1}'"
	77	;;
	78	esac
	79	shift
	80	done
	81	}
	82
2181765d	83	function hook_up() {
1848564d	84	local zone=${1}
99be6026	85	assert isset zone
1848564d	86
e9df08ad	87	zone_settings_read "${zone}" ${HOOK_SETTINGS}
1848564d	88
99be6026	89	# Create the bridge if it does not already exist.
1848564d	90	if ! device_exists ${zone}; then
99be6026 MT	91	bridge_create ${zone} \
99be6026 MT	92	--address=${MAC} --mtu=${MTU}
1848564d	93
99be6026 MT	94	# Adjust MAC address and MTU if needed.
	95	else
	96	device_set_address ${zone} ${MAC}
	97	device_set_mtu ${zone} ${MTU}
	98	fi
1848564d MT	99
	100	# Enable STP
	101	if enabled STP; then
7d85603e	102	stp_enable ${zone}
1848564d MT	103
1848564d MT	104	if [ -n "${STP_FORWARD_DELAY}" ]; then
e2aa12b3	105	stp_bridge_set_forward_delay ${zone} ${STP_FORWARD_DELAY}
1848564d MT	106	fi
	107
	108	if [ -n "${STP_HELLO}" ]; then
e2aa12b3	109	stp_bridge_set_hello_time ${zone} ${STP_HELLO}
1848564d MT	110	fi
	111
	112	if [ -n "${STP_MAXAGE}" ]; then
e2aa12b3	113	stp_bridge_set_max_age ${zone} ${STP_MAXAGE}
1848564d	114	fi
d82cf370 MT	115
d82cf370 MT	116	if [ -n "${STP_PRIORITY}" ]; then
e2aa12b3	117	stp_bridge_set_priority ${zone} ${STP_PRIORITY}
d82cf370	118	fi
1848564d	119	else
6b3f9c85	120	stp_disable ${zone}
1848564d MT	121	fi
	122
	123	device_set_up ${zone}
	124
cf6e4606 MT	125	# XXX Currently, there is a bug (in the linux kernel?) that we need to
	126	# set our bridges to promisc mode.
	127	device_set_promisc ${zone} on
	128
1848564d MT	129	# Bring all ports up
1848564d MT	130	zone_ports_up ${zone}
1848564d MT	131	zone_configs_up ${zone}
1848564d MT	132
8dcb2687	133	exit ${EXIT_OK}
1848564d MT	134	}
1848564d MT	135
2181765d	136	function hook_down() {
1848564d	137	local zone=${1}
99be6026	138	assert isset zone
1848564d MT	139
	140	if ! device_is_up ${zone}; then
	141	warning "Zone '${zone}' is not up"
	142	exit ${EXIT_OK}
	143	fi
	144
1848564d MT	145	zone_configs_down ${zone}
	146	zone_ports_down ${zone}
	147
cf6e4606 MT	148	# XXX See remark in _up().
	149	device_set_promisc ${zone} off
	150
1848564d	151	device_set_down ${zone}
99be6026	152	bridge_delete ${zone}
1848564d	153
8dcb2687	154	exit ${EXIT_OK}
1848564d MT	155	}
1848564d MT	156
2181765d	157	function hook_status() {
e84e4e76	158	local zone=${1}
3cb2fc42	159	assert isset zone
e84e4e76	160
3cb2fc42 MT	161	# Print the default header.
3cb2fc42 MT	162	cli_device_headline ${zone}
e84e4e76 MT	163
	164	# Exit if zone is down
	165	if ! zone_is_up ${zone}; then
	166	echo # Empty line
	167	exit ${EXIT_ERROR}
	168	fi
	169
3cb2fc42 MT	170	cli_headline 2 "Spanning Tree Protocol information"
	171	if stp_is_enabled ${zone}; then
	172	local proto=$(stp_bridge_get_protocol ${zone})
8d4f9311	173
3cb2fc42 MT	174	cli_print_fmt1 2 "Version" "$(stp_get_name ${proto})"
	175	cli_print_fmt1 2 "ID" "$(stp_bridge_get_id ${zone})"
	176	cli_print_fmt1 2 "Priority" "$(stp_bridge_get_priority ${zone})"
36e3fd2f MT	177
36e3fd2f MT	178	if stp_bridge_is_root ${zone}; then
3cb2fc42	179	cli_print 2 "This bridge is root."
36e3fd2f	180	else
3cb2fc42 MT	181	cli_print_fmt1 2 "Designated root" \
	182	"$(stp_bridge_get_designated_root ${zone})"
	183	cli_print_fmt1 2 "Root path cost" \
	184	"$(stp_bridge_get_root_path_cost ${zone})"
36e3fd2f	185	fi
3cb2fc42	186	cli_space
feb76eaf	187
36e3fd2f	188	# Topology information
3cb2fc42 MT	189	cli_print_fmt1 2 "Topology changing" \
	190	"$(stp_bridge_get_topology_change_detected ${zone})"
	191	cli_print_fmt1 2 "Topology change time" \
	192	"$(beautify_time $(stp_bridge_get_topology_change_timer ${zone}))"
	193	cli_print_fmt1 2 "Topology change count" \
	194	"$(stp_bridge_get_topology_change_count ${zone})"
	195	cli_space
feb76eaf	196	else
3cb2fc42 MT	197	cli_print 2 "Disabled"
3cb2fc42 MT	198	cli_space
feb76eaf	199	fi
e84e4e76	200
50250b79	201	cli_headline 2 "Ports"
711ffac1	202	zone_ports_status ${zone}
8e3508ac	203	cli_space
e84e4e76	204
50250b79	205	cli_headline 2 "Configurations"
e84e4e76	206	zone_configs_cmd status ${zone}
3cb2fc42	207	cli_space
8e3508ac	208
e84e4e76 MT	209	exit ${EXIT_OK}
e84e4e76 MT	210	}
828eb94a MT	211
	212	function __parse_cmdline_args() {
	213	while [ $# -gt 0 ]; do
	214	case "${1}" in
	215	--priority=*)
	216	PRIORITY="$(cli_get_val ${1})"
	217	;;
	218	--cost=*)
	219	COST="$(cli_get_val ${1})"
	220	;;
	221	esac
	222	shift
	223	done
	224
	225	return ${EXIT_OK}
	226	}
	227
	228	function hook_port_add() {
	229	# Excepting at least two arguments here
	230	assert [ $# -ge 2 ]
	231
	232	local zone="${1}"
	233	local port="${2}"
	234	shift 2
	235
	236	__parse_cmdline_args "$@"
	237	[ $? -eq ${EXIT_OK} ] \|\| return ${EXIT_ERROR}
	238
e9df08ad	239	zone_port_settings_write "${zone}" "${port}" ${HOOK_PORT_SETTINGS}
828eb94a MT	240
	241	log INFO "Port '${port}' has been added to zone '${zone}'"
	242
	243	exit ${EXIT_OK}
	244	}
	245
	246	function hook_port_edit() {
	247	assert [ $# -ge 2 ]
	248
	249	local zone="${1}"
	250	local port="${2}"
	251	shift 2
	252
e9df08ad	253	zone_port_settings_read "${zone}" "${port}" ${HOOK_PORT_SETTINGS}
828eb94a MT	254
	255	__parse_cmdline_args "$@"
	256	[ $? -eq ${EXIT_OK} ] \|\| return ${EXIT_ERROR}
	257
e9df08ad	258	zone_port_settings_write "${zone}" "${port}" ${HOOK_PORT_SETTINGS}
828eb94a MT	259
	260	log INFO "Port '${port}' (member of zone '${zone}') has been edited"
	261
	262	exit ${EXIT_OK}
	263	}
	264
	265	function hook_port_remove() {
	266	assert [ $# -eq 2 ]
	267
	268	local zone="${1}"
	269	local port="${2}"
	270
	271	# Shut down the port (if possible)
	272	port_down "${port}"
	273
	274	log INFO "Port '${port}' has been removed from zone '${zone}'"
e9df08ad	275	zone_port_settings_remove "${zone}" "${port}"
828eb94a MT	276
	277	exit ${EXIT_OK}
	278	}
	279
	280	function hook_port_up() {
	281	assert [ $# -eq 2 ]
	282
	283	local zone="${1}"
	284	local port="${2}"
	285
3ee5ccb1	286	# Try bringing up the port
828eb94a MT	287	port_up "${port}"
828eb94a MT	288
3ee5ccb1 MT	289	# If the port could not be brought up, we will
	290	# log an error message and exit.
	291	if ! device_exists "${port}"; then
	292	log WARNING "Port '${port}' cannot be attached to zone '${zone}' as it does not exist"
	293	exit ${EXIT_OK}
	294	fi
	295
	296	# Read configuration values
	297	zone_port_settings_read "${zone}" "${port}" ${HOOK_PORT_SETTINGS}
828eb94a	298
3ee5ccb1	299	# Attach the port to the bridge
828eb94a MT	300	bridge_attach_device "${zone}" "${port}"
828eb94a MT	301
3ee5ccb1	302	# Set STP configuration
2c083d57 MT	303	if isset COST; then
	304	stp_port_set_cost "${zone}" "${port}" "${COST}"
	305	fi
	306
	307	# TODO Apply priority (#10609)
828eb94a MT	308
	309	exit ${EXIT_OK}
	310	}
	311
	312	function hook_port_down() {
	313	assert [ $# -eq 2 ]
	314
	315	local zone="${1}"
	316	local port="${2}"
	317
	318	bridge_detach_device "${zone}" "${port}"
	319
	320	port_down "${port}"
	321
	322	exit ${EXIT_OK}
	323	}
	324
	325	function hook_port_status() {
	326	assert [ $# -eq 2 ]
	327
	328	local zone="${1}"
	329	local port="${2}"
	330
	331	# Do nothing for devices which are not up and running.
	332	device_exists "${port}" \|\| exit ${EXIT_OK}
	333
	334	local status
	335
	336	# Check if the device is down.
	337	if ! device_is_up "${port}"; then
	338	status="${MSG_DEVICE_STATUS_DOWN}"
	339
	340	# Check if the device has no carrier.
	341	elif ! device_has_carrier "${port}"; then
	342	status="${MSG_DEVICE_STATUS_NOCARRIER}"
	343
	344	# Check for STP information.
	345	elif stp_is_enabled "${zone}"; then
	346	local state="$(stp_port_get_state "${zone}" "${port}")"
	347	state="MSG_STP_${state}"
	348	status="${!state}"
	349
	350	status="${status} - DSR: $(stp_port_get_designated_root "${zone}" "${port}")"
	351	status="${status} - Cost: $(stp_port_get_cost "${zone}" "${port}")"
	352	else
	353	status="${MSG_DEVICE_STATUS_UP}"
	354	fi
	355	cli_statusline 3 "${port}" "${status}"
	356
	357	exit ${EXIT_OK}
	358	}