src/functions/functions.vlan

   1 #!/bin/bash
   2 ###############################################################################
   3 #                                                                             #
   4 # IPFire.org - A linux based firewall                                         #
   5 # Copyright (C) 2012  IPFire Network Development Team                         #
   6 #                                                                             #
   7 # This program is free software: you can redistribute it and/or modify        #
   8 # it under the terms of the GNU General Public License as published by        #
   9 # the Free Software Foundation, either version 3 of the License, or           #
  10 # (at your option) any later version.                                         #
  11 #                                                                             #
  12 # This program is distributed in the hope that it will be useful,             #
  13 # but WITHOUT ANY WARRANTY; without even the implied warranty of              #
  14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
  15 # GNU General Public License for more details.                                #
  16 #                                                                             #
  17 # You should have received a copy of the GNU General Public License           #
  18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
  19 #                                                                             #
  20 ###############################################################################
  21
  22 PROC_NET_VLAN="/proc/net/vlan"
  23 PROC_NET_VLAN_CONFIG="${PROC_NET_VLAN}/config"
  24
  25 VLAN_PORT_INTERFIX="v"
  26
  27 vlan_init() {
  28         ebtables-restore <<EOF
  29 *filter
  30 :INPUT ACCEPT
  31 :FORWARD ACCEPT
  32 :OUTPUT ACCEPT
  33
  34 *broute
  35 :BROUTING ACCEPT
  36 -A BROUTING -p 802_1Q -j DROP
  37 EOF
  38 }
  39
  40 vlan_create() {
  41         local device="${1}"
  42         shift
  43
  44         assert isset device
  45
  46         local address
  47         local parent
  48         local tag
  49
  50         # Parse command line arguments
  51         while [ $# -gt 0 ]; do
  52                 case "${1}" in
  53                         --address=*)
  54                                 address=$(cli_get_val "${1}")
  55                                 ;;
  56                         --parent=*)
  57                                 parent=$(cli_get_val "${1}")
  58                                 ;;
  59                         --tag=*)
  60                                 tag=$(cli_get_val "${1}")
  61                                 ;;
  62                         *)
  63                                 error "Unrecognized argument: ${1}"
  64                                 return ${EXIT_ERROR}
  65                                 ;;
  66                 esac
  67                 shift
  68         done
  69
  70         # Generate a random MAC address if none was passed
  71         if ! isset address; then
  72                 address="$(mac_generate)"
  73         fi
  74
  75         # Check if address is valid
  76         if ! ismac address; then
  77                 log ERROR "Invalid mac address: ${address}"
  78                 return ${EXIT_ERROR}
  79         fi
  80
  81         # Check if a device with the name does already exist
  82         if device_exists "${device}"; then
  83                 log ERROR "Device '${device}' already exists"
  84                 return ${EXIT_ERROR}
  85         fi
  86
  87         # Check if the parent device exists
  88         if ! device_exists "${parent}"; then
  89                 log ERROR "Parent device '${parent}' does not exist"
  90                 return ${EXIT_ERROR}
  91         fi
  92
  93         # Load ebtables stuff.
  94         vlan_init
  95
  96         # Make the command
  97         local command=(
  98                 ip link add link "${parent}" name "${device}"
  99                         address "${address}" type vlan id "${tag}"
 100         )
 101
 102         # Run the command
 103         if ! cmd_quiet "${command[*]}"; then
 104                 log ERROR "Could not create VLAN device ${device}: $?"
 105                 return ${EXIT_ERROR}
 106         fi
 107
 108         log DEBUG "Created VLAN device ${device} (parent = ${parent}, id = ${tag})"
 109
 110         return ${EXIT_OK}
 111 }
 112
 113 vlan_remove() {
 114         device_delete "$@"
 115 }
 116
 117 vlan_get_parent() {
 118         local device=${1}
 119         assert isset device
 120
 121         # Nothing to do, if 8021q module is not loaded.
 122         [ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}
 123
 124         local dev spacer1 id spacer2 parent
 125         while read dev spacer1 id spacer2 parent; do
 126                 [ "${device}" = "${dev}" ] || continue
 127
 128                 print "${parent}"
 129                 return ${EXIT_OK}
 130         done < ${PROC_NET_VLAN_CONFIG}
 131
 132         return ${EXIT_ERROR}
 133 }
 134
 135 vlan_get_id() {
 136         local device=${1}
 137         assert isset device
 138
 139         # Nothing to do, if 8021q module is not loaded.
 140         [ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}
 141
 142         local dev spacer1 id spacer2 parent
 143         while read dev spacer1 id spacer2 parent; do
 144                 [ "${device}" = "${dev}" ] || continue
 145
 146                 print "${id}"
 147                 return ${EXIT_OK}
 148         done < ${PROC_NET_VLAN_CONFIG}
 149
 150         return ${EXIT_ERROR}
 151 }
 152
 153 vlan_get_by_parent_and_vid() {
 154         local parent=${1}
 155         assert isset parent
 156
 157         local vid=${2}
 158         assert isset vid
 159
 160         # Nothing to do, if 8021q module is not loaded.
 161         [ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}
 162
 163         local dev spacer1 id spacer2 par
 164         while read dev spacer1 id spacer2 par; do
 165                 [ "${parent}" = "${par}" ] || continue
 166                 [ "${vid}" = "${id}" ] || continue
 167
 168                 print "${dev}"
 169                 return ${EXIT_OK}
 170         done < ${PROC_NET_VLAN_CONFIG}
 171
 172         return ${EXIT_ERROR}
 173 }