[people/ms/network.git] / src / functions / functions.vlan

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2012  IPFire Network Development Team                         #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

PROC_NET_VLAN="/proc/net/vlan"
PROC_NET_VLAN_CONFIG="${PROC_NET_VLAN}/config"

VLAN_PORT_INTERFIX="v"

vlan_init() {
	ebtables-restore <<EOF
*filter
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT

*broute
:BROUTING ACCEPT
-A BROUTING -p 802_1Q -j DROP
EOF
}

vlan_create() {
	local device=${1}
	assert isset device

	local parent=${2}
	assert isset parent

	local tag=${3}
	assert isinteger tag

	local address=${4}
	if isset address; then
		assert ismac address
	fi

	# Check if a device with the name does already exist.
	if device_exists ${device}; then
		log ERROR "device '${device}' does already exist"
		return ${EXIT_ERROR}
	fi

	# Check if the parent device exists.
	if ! device_exists ${parent}; then
		log ERROR "parent device '${parent}' does not exist"
		return ${EXIT_ERROR}
	fi

	# Load ebtables stuff.
	vlan_init

	local command="ip link add link ${parent} name ${device}"

	if isset address; then
		command="${command} address ${address}"
	fi

	command="${command} type vlan id ${tag}"

	cmd_quiet ${command}
	local ret=$?

	if [ ${ret} -eq ${EXIT_OK} ]; then
		log DEBUG "vlan device '${device}' has been created"
	else
		log ERROR "could not create vlan device '${device}': ${ret}"
	fi

	return ${ret}
}

vlan_remove() {
	device_delete "$@"
}

vlan_get_parent() {
	local device=${1}
	assert isset device

	# Nothing to do, if 8021q module is not loaded.
	[ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}

	local dev spacer1 id spacer2 parent
	while read dev spacer1 id spacer2 parent; do
		[ "${device}" = "${dev}" ] || continue

		print "${parent}"
		return ${EXIT_OK}
	done < ${PROC_NET_VLAN_CONFIG}

	return ${EXIT_ERROR}
}

vlan_get_id() {
	local device=${1}
	assert isset device

	# Nothing to do, if 8021q module is not loaded.
	[ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}

	local dev spacer1 id spacer2 parent
	while read dev spacer1 id spacer2 parent; do
		[ "${device}" = "${dev}" ] || continue

		print "${id}"
		return ${EXIT_OK}
	done < ${PROC_NET_VLAN_CONFIG}

	return ${EXIT_ERROR}
}

vlan_get_by_parent_and_vid() {
	local parent=${1}
	assert isset parent

	local vid=${2}
	assert isset vid

	# Nothing to do, if 8021q module is not loaded.
	[ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}

	local dev spacer1 id spacer2 par
	while read dev spacer1 id spacer2 par; do
		[ "${parent}" = "${par}" ] || continue
		[ "${vid}" = "${id}" ] || continue

		print "${dev}"
		return ${EXIT_OK}
	done < ${PROC_NET_VLAN_CONFIG}

	return ${EXIT_ERROR}
}
Commit	Line	Data
	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2012 IPFire Network Development Team #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
	22	PROC_NET_VLAN="/proc/net/vlan"
	23	PROC_NET_VLAN_CONFIG="${PROC_NET_VLAN}/config"
	24
	25	VLAN_PORT_INTERFIX="v"
	26
	27	vlan_init() {
	28	ebtables-restore <<EOF
	29	*filter
	30	:INPUT ACCEPT
	31	:FORWARD ACCEPT
	32	:OUTPUT ACCEPT
	33
	34	*broute
	35	:BROUTING ACCEPT
	36	-A BROUTING -p 802_1Q -j DROP
	37	EOF
	38	}
	39
	40	vlan_create() {
	41	local device=${1}
	42	assert isset device
	43
	44	local parent=${2}
	45	assert isset parent
	46
	47	local tag=${3}
	48	assert isinteger tag
	49
	50	local address=${4}
	51	if isset address; then
	52	assert ismac address
	53	fi
	54
	55	# Check if a device with the name does already exist.
	56	if device_exists ${device}; then
	57	log ERROR "device '${device}' does already exist"
	58	return ${EXIT_ERROR}
	59	fi
	60
	61	# Check if the parent device exists.
	62	if ! device_exists ${parent}; then
	63	log ERROR "parent device '${parent}' does not exist"
	64	return ${EXIT_ERROR}
	65	fi
	66
	67	# Load ebtables stuff.
	68	vlan_init
	69
	70	local command="ip link add link ${parent} name ${device}"
	71
	72	if isset address; then
	73	command="${command} address ${address}"
	74	fi
	75
	76	command="${command} type vlan id ${tag}"
	77
	78	cmd_quiet ${command}
	79	local ret=$?
	80
	81	if [ ${ret} -eq ${EXIT_OK} ]; then
	82	log DEBUG "vlan device '${device}' has been created"
	83	else
	84	log ERROR "could not create vlan device '${device}': ${ret}"
	85	fi
	86
	87	return ${ret}
	88	}
	89
	90	vlan_remove() {
	91	device_delete "$@"
	92	}
	93
	94	vlan_get_parent() {
	95	local device=${1}
	96	assert isset device
	97
	98	# Nothing to do, if 8021q module is not loaded.
	99	[ -r "${PROC_NET_VLAN_CONFIG}" ] \|\| return ${EXIT_OK}
	100
	101	local dev spacer1 id spacer2 parent
	102	while read dev spacer1 id spacer2 parent; do
	103	[ "${device}" = "${dev}" ] \|\| continue
	104
	105	print "${parent}"
	106	return ${EXIT_OK}
	107	done < ${PROC_NET_VLAN_CONFIG}
	108
	109	return ${EXIT_ERROR}
	110	}
	111
	112	vlan_get_id() {
	113	local device=${1}
	114	assert isset device
	115
	116	# Nothing to do, if 8021q module is not loaded.
	117	[ -r "${PROC_NET_VLAN_CONFIG}" ] \|\| return ${EXIT_OK}
	118
	119	local dev spacer1 id spacer2 parent
	120	while read dev spacer1 id spacer2 parent; do
	121	[ "${device}" = "${dev}" ] \|\| continue
	122
	123	print "${id}"
	124	return ${EXIT_OK}
	125	done < ${PROC_NET_VLAN_CONFIG}
	126
	127	return ${EXIT_ERROR}
	128	}
	129
	130	vlan_get_by_parent_and_vid() {
	131	local parent=${1}
	132	assert isset parent
	133
	134	local vid=${2}
	135	assert isset vid
	136
	137	# Nothing to do, if 8021q module is not loaded.
	138	[ -r "${PROC_NET_VLAN_CONFIG}" ] \|\| return ${EXIT_OK}
	139
	140	local dev spacer1 id spacer2 par
	141	while read dev spacer1 id spacer2 par; do
	142	[ "${parent}" = "${par}" ] \|\| continue
	143	[ "${vid}" = "${id}" ] \|\| continue
	144
	145	print "${dev}"
	146	return ${EXIT_OK}
	147	done < ${PROC_NET_VLAN_CONFIG}
	148
	149	return ${EXIT_ERROR}
	150	}