2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2012-2013 IPFire Network Development Team #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
22 IP_TUNNEL_MODES
="gre gretap sit vti"
24 ip_tunnel_protocol_to_name
() {
29 print
"Generic Routing Encapsulation"
32 print
"Simple Internet Transition"
35 print
"Virtual Tunnel Interface"
43 # This function converts our modes into the type
44 # the iproute2 tool uses
45 ip_tunnel_convert_mode_to_iproute2_mode
() {
49 if ! isset mode ||
! isset protocol
; then
50 log ERROR
"Did not get mode and/or protocol"
54 if [[ "${protocol}" = "ipv4" ]]; then
55 # When we use IPv4 we can use our modes
59 if [[ "${protocol}" = "ipv6" ]]; then
60 # When we use IPv6 we have to convert
89 while [ $# -gt 0 ]; do
92 address
="$(cli_get_val "${1}")"
95 if ! isset address ||
! mac_is_valid
"${address}"; then
96 error
"Invalid MAC address: ${address}"
101 mode
="$(cli_get_val "${1}")"
104 ttl
="$(cli_get_val "${1}")"
107 remote_address
="$(cli_get_val "${1}")"
110 local_address
="$(cli_get_val "${1}")"
115 ikey
="$(cli_get_val "${1}")"
118 okey
="$(cli_get_val "${1}")"
124 if ! isset mode
; then
125 error
"--mode= is not set. Must be one of ${IP_TUNNEL_MODES}"
129 if ! isoneof mode
${IP_TUNNEL_MODES}; then
130 error
"Invalid mode: ${mode}"
134 # We cannot mix IPv6 and IPv4
135 if isset local_address
&& ! ip_protocol_match
"${remote_address}" "${local_address}"; then
136 log ERROR
"Local and remote address are not of the same IP protocol"
140 # ikey and okey must be set for VTI devices
141 if [ "${mode}" = "vti" ] && (! isset ikey ||
! isset okey
); then
142 error
"--ikey= and --okey= must be set for VTI device"
146 # Custom checks for certain modes
149 # Generate a random MAC address if none was passed
150 if ! isset address
; then
151 address
="$(mac_generate)"
156 # If TTL is set, make sure it is an integer.
157 if isset ttl
&& ! isinteger ttl
; then
158 error
"TTL must be an integer: ${ttl}"
162 # Determine the mode based on the IP protocol
163 local remote_address_protocol
="$(ip_detect_protocol "${remote_address}")"
164 mode
=$
(ip_tunnel_convert_mode_to_iproute2_mode
"${mode}" "${remote_address_protocol}")
166 local cmd_args
=( name
"${device}" )
168 if isset address
; then
169 cmd_args
=( "${cmd_args[@]}" "address" "${address}" )
173 cmd_args
=( "${cmd_args[@]}" "type" "${mode}" )
175 # Apply TTL if a value has been set.
177 cmd_args
=( "${cmd_args[@]}" "ttl" "${ttl}" )
180 # Apply local address if a value has been set.
181 if isset local_address
; then
182 cmd_args
=( "${cmd_args[@]}" "local" "${local_address}" )
185 # Apply remote address if a value has been set.
186 if isset remote_address
; then
187 cmd_args
=( "${cmd_args[@]}" "remote" "${remote_address}" )
190 # Add ikey and okey for VTI devices
191 if [ "${mode}" = "vti" ]; then
192 cmd_args
=( "${cmd_args[@]}" "ikey" "${ikey}" "okey" "${okey}" )
195 log DEBUG
"Creating tunnel device '${device}' (mode=${mode})..."
198 if ! cmd ip link add
"${cmd_args[@]}"; then
199 error
"Could not create tunnel device ${device}"
203 # Disable policy lookups for VTI devices
204 if [ "${mode}" = "vti" ]; then
205 sysctl_set
"net.ipv4.conf.${device}.disable_policy" "1"
219 if ! device_exists
"${device}"; then
220 log ERROR
"No such device: ${device}"
224 # Determine the device type
225 local type="$(device_tunnel_get_type ${device})"
230 while [ $# -gt 0 ]; do
233 local="$(cli_get_val "${1}")"
235 if ! ip_is_valid
"${local}"; then
236 error
"Invalid IP address for --local: ${local}"
240 if ! isoneof
"type" gre gre6 vti vti6
; then
241 log ERROR
"Cannot change --local for devices of type ${type}"
246 remote
="$(cli_get_val "${1}")"
248 if ! ip_is_valid
"${remote}"; then
249 error
"Invalid IP address for --remote: ${remote}"
253 if ! isoneof
"type" gre gre6 vti vti6
; then
254 log ERROR
"Cannot change --remote for devices of type ${type}"
262 # XXX If a device is of an IP protocol and the protocol of remote and local
263 # have changed, we will need to destroy the interface and recreate it with
269 cmd_args
="${cmd_args} local ${local}"
272 if isset remote
; then
273 cmd_args
="${cmd_args} remote ${remote}"
276 # Exit if there is nothing to do
277 if ! isset cmd_args
; then
282 cmd ip link change dev
"${device}" type "${type}" ${cmd_args}