2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2010 Michael Tremer & Christian Schmidt #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
22 declare -A DEVICE_LINK_SPEEDS
=(
29 [10000BaseT-Full
]=0x1000
35 for device
in $
(list_directory
${SYS_CLASS_NET}); do
36 if device_exists
"${device}"; then
44 # List all serial devices
48 # Check if the device exists
52 # If device name was not found, exit.
53 [ -n "${device}" ] ||
return ${EXIT_ERROR}
55 # Check for a normal network device.
56 [ -d "${SYS_CLASS_NET}/${device}" ] && return ${EXIT_OK}
58 # If the check above did not find a result,
60 phy_exists "${device}" && return ${EXIT_OK}
62 # If the check above did not find a result,
63 # we check for serial devices.
64 serial_exists ${device}
67 device_matches_pattern() {
74 pattern="^
${pattern//N/[[:digit:]]+}$
"
76 [[ ${device} =~ ${pattern} ]] \
77 && return ${EXIT_TRUE} || return ${EXIT_FALSE}
84 # Nothing to do, it device does not exist.
85 device_exists ${device} || return ${EXIT_OK}
87 # Shut down device before we delete it
88 device_set_down "${device}"
91 cmd_quiet ip link delete ${device}
94 if [ ${ret} -ne ${EXIT_OK} ]; then
95 log ERROR "device
: Could not delete device
'${device}': ${ret}"
106 local flags=$(__device_get_file ${device} flags)
108 if [[ "$
(( ${flags} & ${flag} ))" -eq 0 ]]; then
115 # Check if the device is up
119 device_exists ${device} || return ${EXIT_ERROR}
121 device_has_flag ${device} 0x1
124 device_ifindex_to_name() {
128 local device device_idx
129 for device in $(list_directory "${SYS_CLASS_NET}"); do
130 device_idx=$(device_get_ifindex ${device})
132 if [ "${device_idx}" = "${idx}" ]; then
141 device_get_ifindex() {
145 local path="${SYS_CLASS_NET}/${1}/ifindex
"
147 # Check if file can be read.
148 [ -r "${path}" ] || return ${EXIT_ERROR}
153 device_get_driver() {
157 get_driver_from_path "${SYS_CLASS_NET}/${device}/device
/driver
/module
"
160 # Check if the device is a bonding device
161 device_is_bonding() {
162 [ -d "/sys
/class
/net
/${1}/bonding
" ]
165 # Check if the device bonded in a bonding device
169 [ -d "${SYS_CLASS_NET}/${device}/bonding_slave
" ]
172 # Check if the device is a bridge
174 [ -d "/sys
/class
/net
/${1}/bridge
" ]
177 device_is_bridge_attached() {
179 [ -d "${SYS_CLASS_NET}/${device}/brport
" ]
182 device_is_wireless_monitor() {
186 device_is_wireless "${device}" && \
187 device_matches_pattern "${device}" "${PORT_PATTERN_WIRELESS_MONITOR}"
190 device_is_wireless_adhoc() {
194 device_is_wireless "${device}" && \
195 device_matches_pattern "${device}" "${PORT_PATTERN_WIRELESS_ADHOC}"
198 device_get_bridge() {
202 # Check if device is attached to a bridge.
203 device_is_bridge_attached ${device} || return ${EXIT_ERROR}
205 local ifindex_path="${SYS_CLASS_NET}/${device}/brport
/bridge
/ifindex
"
206 [ -r "${ifindex_path}" ] || return ${EXIT_ERROR}
208 local ifindex=$(<${ifindex_path})
211 device_ifindex_to_name ${ifindex}
214 # Check if the device is a vlan device
219 [ -e "${PROC_NET_VLAN}/${device}" ]
222 # Check if the device has vlan devices
227 if device_is_vlan ${device}; then
231 local vlans=$(device_get_vlans ${device})
232 [ -n "${vlans}" ] && return ${EXIT_OK} || return ${EXIT_ERROR}
239 # If no 8021q module has been loaded into the kernel,
240 # we cannot do anything.
241 [ -r "${PROC_NET_VLAN_CONFIG}" ] ||
return ${EXIT_OK}
243 local dev spacer1 id spacer2 parent
244 while read dev spacer1 id spacer2 parent
; do
245 [ "${parent}" = "${device}" ] ||
continue
248 done < ${PROC_NET_VLAN_CONFIG}
251 __device_type_matches
() {
255 local _type
="$(__device_get_file "${device}" "type")"
257 if [ "${type}" = "${_type}" ]; then
264 # Check if the device is a ppp device
269 __device_type_matches
"${device}" 512
272 # Check if the device is a pointopoint device.
276 device_has_flag
${device} 0x10
279 # Check if the device is a loopback device
280 device_is_loopback
() {
283 [ "${device}" = "lo" ]
286 # Check if the device is a dummy device
287 # This is the worst possible check, but all I could come up with
291 [[ ${device} =~ ^dummy
[0-9]+$
]]
297 [[ ${device} =~ ^ipsec\
- ]]
300 # Check if the device is a wireless device
301 device_is_wireless
() {
304 [ -d "${SYS_CLASS_NET}/${device}/phy80211" ]
311 __device_type_matches
"${device}" 768
318 __device_type_matches
"${device}" 769
324 if device_is_wireless
"${device}"; then
325 print
"$(<${SYS_CLASS_NET}/${device}/phy80211/name)"
340 # Returns true if a device is a tun device
344 [ -e "${SYS_CLASS_NET}/${device}/tun_flags" ]
347 # Check if the device is a physical network interface
348 device_is_ethernet
() {
351 device_is_ethernet_compatible
"${device}" || \
354 device_is_loopback
${device} && \
357 device_is_bonding
${device} && \
360 device_is_bridge
${device} && \
363 device_is_ppp
${device} && \
366 device_is_vlan
${device} && \
369 device_is_dummy
${device} && \
372 device_is_tun
${device} && \
378 # Get the device type
382 # If the device does not exist (happens on udev remove events),
383 # we do not bother to run all checks.
384 if ! device_exists
"${device}"; then
387 elif device_is_vlan
${device}; then
390 elif device_is_bonding
${device}; then
393 elif device_is_bridge
${device}; then
396 elif device_is_ppp
${device}; then
399 elif device_is_loopback
${device}; then
402 elif device_is_wireless_adhoc
${device}; then
403 echo "wireless-adhoc"
405 elif device_is_wireless
${device}; then
408 elif device_is_dummy
${device}; then
411 elif device_is_tun
${device}; then
414 elif device_is_ethernet
${device}; then
417 elif device_is_serial
${device}; then
420 elif device_is_phy
${device}; then
424 echo "$(device_tunnel_get_type "${device}")"
428 # This function just checks the types a ip-tunnel device usually have
429 # so when we know that the device is an ip-tunnel device we save time
430 device_tunnel_get_type
() {
433 # If the device does not exist (happens on udev remove events),
434 # we do not bother to run all checks.
435 if ! device_exists
"${device}"; then
438 elif device_is_vti
${device}; then
441 elif device_is_vti6
${device}; then
449 device_is_ethernet_compatible
() {
452 # /sys/class/net/*/type must equal 1 for ethernet compatible devices
453 local type="$(__device_get_file "${device}" "type")"
454 [[ "${type}" = "1" ]]
457 device_get_status
() {
461 local status
=${STATUS_DOWN}
463 if device_is_up
${device}; then
466 if ! device_has_carrier
${device}; then
467 status
=${STATUS_NOCARRIER}
474 device_get_address
() {
477 cat ${SYS_CLASS_NET}/${device}/address
2>/dev
/null
480 device_set_address
() {
486 if ! device_exists
"${device}"; then
487 error
"Device '${device}' does not exist."
491 # Do nothing if the address has not changed
492 local old_addr
="$(device_get_address "${device}")"
493 if [ -n "${old_addr}" -a "${addr}" = "${old_addr}" ]; then
497 log DEBUG
"Setting address of '${device}' from '${old_addr}' to '${addr}'"
500 if device_is_up
"${device}"; then
501 device_set_down
"${device}"
505 ip link
set "${device}" address
"${addr}"
508 if [ "${up}" = "1" ]; then
509 device_set_up
"${device}"
512 if [ "${ret}" != "0" ]; then
513 error_log
"Could not set address '${addr}' on device '${device}'"
521 for device
in $
(list_directory
"${SYS_CLASS_NET}"); do
522 # bonding_masters is no device
523 [ "${device}" = "bonding_masters" ] && continue
531 # Check if a device has a cable plugged in
532 device_has_carrier
() {
536 local carrier
=$
(__device_get_file
${device} carrier
)
537 [ "${carrier}" = "1" ]
540 device_is_promisc
() {
543 device_has_flag
${device} 0x200
546 device_set_promisc
() {
550 assert device_exists
${device}
552 assert isoneof state on off
554 ip link
set ${device} promisc
${state}
557 # Check if the device is free
559 ! device_is_used
"$@"
562 # Check if the device is used
566 device_has_vlans
${device} && \
568 device_is_bonded
${device} && \
570 device_is_bridge_attached
${device} && \
576 # Give the device a new name
579 local destination
=${2}
581 # Check if devices exists
582 if ! device_exists
${source} || device_exists
${destination}; then
587 if device_is_up
${source}; then
588 ip link
set ${source} down
592 ip link
set ${source} name
${destination}
594 if [ "${up}" = "1" ]; then
595 ip link
set ${destination} up
599 device_set_master
() {
606 if ! cmd ip link
set "${device}" master
"${master}"; then
607 log ERROR
"Could not set master ${master} for device ${device}"
614 device_remove_master
() {
618 if ! cmd ip link
set "${device}" nomaster
; then
619 log ERROR
"Could not remove master for device ${device}"
632 # Do nothing if device is already up
633 device_is_up
${device} && return ${EXIT_OK}
635 log INFO
"Bringing up ${device}"
637 device_set_parent_up
${device}
638 if ! cmd ip link
set ${device} up
; then
643 if interrupt_use_smp_affinity
; then
644 device_auto_configure_smp_affinity
${device}
650 device_set_parent_up
() {
654 if device_is_vlan
${device}; then
655 parent
=$
(vlan_get_parent
${device})
657 device_is_up
${parent} && return ${EXIT_OK}
659 log DEBUG
"Setting up parent device '${parent}' of '${device}'"
661 device_set_up
${parent}
675 if device_is_up
${device}; then
676 log INFO
"Bringing down ${device}"
678 cmd ip link
set ${device} down
682 device_set_parent_down
${device}
687 device_set_parent_down
() {
691 if device_is_vlan
${device}; then
692 parent
=$
(vlan_get_parent
${device})
694 device_is_up
${parent} ||
return ${EXIT_OK}
696 if device_is_free
${parent}; then
697 log DEBUG
"Tearing down parent device '${parent}' of '${device}'"
699 device_set_down
${parent}
709 # Return an error if the device does not exist
710 device_exists
${device} ||
return ${EXIT_ERROR}
712 echo $
(<${SYS_CLASS_NET}/${device}/mtu
)
715 # Set mtu to a device
720 assert device_exists
${device}
722 # Handle bridges differently
723 if device_is_bridge
${device}; then
725 for port
in $
(bridge_get_members
${device}); do
726 device_set_mtu
${port} ${mtu}
730 log INFO
"Setting MTU of ${device} to ${mtu}"
733 if device_is_up
${device}; then
734 device_set_down
${device}
739 if ! cmd ip link
set ${device} mtu
${mtu}; then
742 log ERROR
"Could not set MTU ${mtu} on ${device}"
745 if [ "${up}" = "1" ]; then
746 device_set_up
${device}
752 device_adjust_mtu
() {
756 local other_device
="${2}"
758 local mtu
="$(device_get_mtu "${other_device}")"
759 device_set_mtu
"${device}" "${mtu}"
765 log INFO
"Running discovery process on device '${device}'."
768 for hook
in $
(hook_zone_get_all
); do
769 hook_zone_exec
${hook} discover
${device}
778 # Flash for ten seconds by default
782 local background
="false"
791 seconds
="$(cli_get_val "${arg}")"
794 done <<< "$(args "$@
")"
796 assert isinteger seconds
798 if ! device_exists
"${device}"; then
799 log ERROR
"Cannot identify device ${device}: Does not exist"
803 if ! device_is_ethernet
"${device}"; then
804 log DEBUG
"Cannot identify device ${device}: Not an ethernet device"
805 return ${EXIT_NOT_SUPPORTED}
808 log DEBUG
"Identifying device ${device}"
810 local command="ethtool --identify ${device} ${seconds}"
813 if enabled background
; then
814 cmd_background
"${command}"
816 cmd_quiet
"${command}"
828 assert device_exists
${device}
830 # IPv6 addresses must be fully imploded
831 local protocol
=$
(ip_detect_protocol
${addr})
832 case "${protocol}" in
834 addr
=$
(ipv6_format
"${addr}")
838 list_match
${addr} $
(device_get_addresses
${device})
841 device_get_addresses
() {
844 assert device_exists
${device}
849 ip addr show
${device} | \
850 while read prot addr line
; do
851 [ "${prot:0:4}" = "inet" ] && echo "${addr}"
855 __device_get_file
() {
859 fread
"${SYS_CLASS_NET}/${device}/${file}"
862 __device_set_file
() {
869 fappend
"${SYS_CLASS_NET}/${device}/${file}" "${value}"
872 device_get_rx_bytes
() {
875 __device_get_file
${device} statistics
/rx_bytes
878 device_get_tx_bytes
() {
881 __device_get_file
${device} statistics
/tx_bytes
884 device_get_rx_packets
() {
887 __device_get_file
${device} statistics
/rx_packets
890 device_get_tx_packets
() {
893 __device_get_file
${device} statistics
/tx_packets
896 device_get_rx_errors
() {
899 __device_get_file
${device} statistics
/rx_errors
902 device_get_tx_errors
() {
905 __device_get_file
${device} statistics
/tx_errors
908 device_advertise_link_speeds
() {
914 # Advertised modes in hex
919 local m
="${DEVICE_LINK_SPEEDS[${mode}]}"
921 advertise
="$(( advertise | m ))"
925 # If nothing was selected, we reset and enable everything
926 if [ ${advertise} -eq 0 ]; then
930 # Enable auto-negotiation
931 cmd_quiet ethtool
--change "${device}" autoneg on
933 # Set advertised link speeds
934 if ! cmd_quiet ethtool
--change "${device}" advertise
"0x$(hex "${advertise}")"; then
935 log ERROR
"Could not set link modes of ${device}: $@"
939 log DEBUG
"Set device link modes of ${device} to $@"
946 local speed
=$
(__device_get_file
${device} speed
)
948 # Exit for no output (i.e. no link detected)
949 isset speed ||
return ${EXIT_ERROR}
951 # Don't return anything for negative values
952 [ ${speed} -lt 0 ] && return ${EXIT_ERROR}
957 device_get_duplex
() {
960 local duplex
=$
(__device_get_file
${device} duplex
)
972 device_get_link_string
() {
978 local speed
="$(device_get_speed "${device}")"
980 list_append s
"${speed} MBit/s"
983 local duplex
="$(device_get_duplex "${device}")"
984 if isset duplex
; then
985 list_append s
"${duplex} duplex"
991 device_auto_configure_smp_affinity
() {
996 if lock_acquire
"smp-affinity" 60; then
997 device_set_smp_affinity
${device} auto
999 lock_release
"smp-affinity"
1003 device_set_smp_affinity
() {
1009 # mode can be auto which will automatically try to find
1010 # the least busy processor, or an integer for the desired
1011 # processor that should handle this device
1013 local num_processors
=$
(system_get_processors
)
1015 if [ "${mode}" = "auto" ]; then
1016 local processor
=$
(interrupt_choose_least_busy_processor
)
1018 assert isinteger mode
1019 local processor
=${mode}
1021 if [ ${processor} -gt ${num_processors} ]; then
1022 log ERROR
"Processor ${processor} does not exist"
1023 return ${EXIT_ERROR}
1027 local interrupts
=$
(interrupts_for_device
${device})
1028 if ! isset interrupts
; then
1029 log DEBUG
"${device} has no interrupts. Not changing SMP affinity"
1035 for interrupt
in ${interrupts}; do
1036 interrupt_set_smp_affinity
${interrupt} ${processor}
1039 # Find all queues and assign them to the next processor
1041 for queue
in $
(device_get_queues
${device}); do
1043 # Only handle receive queues
1045 for interrupt
in $
(interrupts_for_device_queue
${device} ${queue}); do
1046 interrupt_set_smp_affinity
${interrupt} ${processor}
1049 device_queue_set_smp_affinity
${device} ${queue} ${processor}
1058 # Get the next available processor if in auto mode
1059 [ "${mode}" = "auto" ] && processor
=$
(system_get_next_processor
${processor})
1065 device_get_queues
() {
1070 list_directory
"${SYS_CLASS_NET}/${device}/queues"
1073 device_supports_multiqueue
() {
1076 local num_queues
=$
(device_num_queues
${device})
1078 if isset num_queues
&& [ ${num_queues} -gt 2 ]; then
1082 return ${EXIT_FALSE}
1085 device_num_queues
() {
1089 isset
type && assert isoneof
type rx tx
1094 for q
in $
(device_get_queues
${device}); do
1095 case "${type},${q}" in
1111 device_queue_get_smp_affinity
() {
1117 local path
="${SYS_CLASS_NET}/${device}/queues/${queue}"
1121 path
="${path}/rps_cpus"
1124 path
="${path}/xps_cpus"
1127 assert
[ -r "${path}" ]
1129 __bitmap_to_processor_ids $
(<${path})
1132 device_queue_set_smp_affinity
() {
1137 local processor
=${3}
1139 local path
="${SYS_CLASS_NET}/${device}/queues/${queue}/rps_cpus"
1140 assert
[ -w "${path}" ]
1142 log DEBUG
"Setting SMP affinity of ${device} (${queue}) to processor ${processor}"
1144 __processor_id_to_bitmap
${processor} > ${path}
1147 # Tries to find a device which has the given IP address assigned
1148 device_get_by_assigned_ip_address
() {
1155 # Read the first line of ip addr show to
1156 read -r device
<<< $
(ip addr show to
"${ip}")
1158 # If we did not found a device we return with ${EXIT_ERROR}
1159 if ! isset device
; then
1160 return ${EXIT_ERROR}
1163 # We get something like:
1164 # 3: upl0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
1165 # and we want upl0 so we take the second word and removing the :
1174 device_get_by_mac_address
() {
1181 for device
in $
(device_list
); do
1182 if [ "${mac}" = "$(device_get_address ${device})" ]; then
1188 # We could not found a port to the given mac address so we return exit error
1189 return ${EXIT_ERROR}