src/functions/functions.vlan

   1 #!/bin/bash
   2 ###############################################################################
   3 #                                                                             #
   4 # IPFire.org - A linux based firewall                                         #
   5 # Copyright (C) 2012  IPFire Network Development Team                         #
   6 #                                                                             #
   7 # This program is free software: you can redistribute it and/or modify        #
   8 # it under the terms of the GNU General Public License as published by        #
   9 # the Free Software Foundation, either version 3 of the License, or           #
  10 # (at your option) any later version.                                         #
  11 #                                                                             #
  12 # This program is distributed in the hope that it will be useful,             #
  13 # but WITHOUT ANY WARRANTY; without even the implied warranty of              #
  14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
  15 # GNU General Public License for more details.                                #
  16 #                                                                             #
  17 # You should have received a copy of the GNU General Public License           #
  18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
  19 #                                                                             #
  20 ###############################################################################
  21
  22 PROC_NET_VLAN="/proc/net/vlan"
  23 PROC_NET_VLAN_CONFIG="${PROC_NET_VLAN}/config"
  24
  25 VLAN_PORT_INTERFIX="v"
  26
  27 vlan_init() {
  28         ebtables-restore <<EOF
  29 *filter
  30 :INPUT ACCEPT
  31 :FORWARD ACCEPT
  32 :OUTPUT ACCEPT
  33
  34 *broute
  35 :BROUTING ACCEPT
  36 -A BROUTING -p 802_1Q -j DROP
  37 EOF
  38 }
  39
  40 vlan_create() {
  41         local device=${1}
  42         assert isset device
  43
  44         local parent=${2}
  45         assert isset parent
  46
  47         local tag=${3}
  48         assert isinteger tag
  49
  50         local address=${4}
  51         if isset address; then
  52                 assert ismac address
  53         fi
  54
  55         # Check if a device with the name does already exist.
  56         if device_exists ${device}; then
  57                 log ERROR "device '${device}' does already exist"
  58                 return ${EXIT_ERROR}
  59         fi
  60
  61         # Check if the parent device exists.
  62         if ! device_exists ${parent}; then
  63                 log ERROR "parent device '${parent}' does not exist"
  64                 return ${EXIT_ERROR}
  65         fi
  66
  67         # Load ebtables stuff.
  68         vlan_init
  69
  70         local command="ip link add link ${parent} name ${device}"
  71
  72         if isset address; then
  73                 command="${command} address ${address}"
  74         fi
  75
  76         command="${command} type vlan id ${tag}"
  77
  78         cmd_quiet ${command}
  79         local ret=$?
  80
  81         if [ ${ret} -eq ${EXIT_OK} ]; then
  82                 log DEBUG "vlan device '${device}' has been created"
  83         else
  84                 log ERROR "could not create vlan device '${device}': ${ret}"
  85         fi
  86
  87         return ${ret}
  88 }
  89
  90 vlan_remove() {
  91         device_delete "$@"
  92 }
  93
  94 vlan_get_parent() {
  95         local device=${1}
  96         assert isset device
  97
  98         # Nothing to do, if 8021q module is not loaded.
  99         [ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}
 100
 101         local dev spacer1 id spacer2 parent
 102         while read dev spacer1 id spacer2 parent; do
 103                 [ "${device}" = "${dev}" ] || continue
 104
 105                 print "${parent}"
 106                 return ${EXIT_OK}
 107         done < ${PROC_NET_VLAN_CONFIG}
 108
 109         return ${EXIT_ERROR}
 110 }
 111
 112 vlan_get_id() {
 113         local device=${1}
 114         assert isset device
 115
 116         # Nothing to do, if 8021q module is not loaded.
 117         [ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}
 118
 119         local dev spacer1 id spacer2 parent
 120         while read dev spacer1 id spacer2 parent; do
 121                 [ "${device}" = "${dev}" ] || continue
 122
 123                 print "${id}"
 124                 return ${EXIT_OK}
 125         done < ${PROC_NET_VLAN_CONFIG}
 126
 127         return ${EXIT_ERROR}
 128 }
 129
 130 vlan_get_by_parent_and_vid() {
 131         local parent=${1}
 132         assert isset parent
 133
 134         local vid=${2}
 135         assert isset vid
 136
 137         # Nothing to do, if 8021q module is not loaded.
 138         [ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}
 139
 140         local dev spacer1 id spacer2 par
 141         while read dev spacer1 id spacer2 par; do
 142                 [ "${parent}" = "${par}" ] || continue
 143                 [ "${vid}" = "${id}" ] || continue
 144
 145                 print "${dev}"
 146                 return ${EXIT_OK}
 147         done < ${PROC_NET_VLAN_CONFIG}
 148
 149         return ${EXIT_ERROR}
 150 }