2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2010 Michael Tremer & Christian Schmidt #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
22 .
/usr
/lib
/network
/header-zone
24 SUPPORTED_IP_TUNNEL_MODES
="gre sit vti"
34 # Default mode of the tunnel
40 hook_check_settings
() {
41 assert isset MODE
&& assert isoneof MODE
${SUPPORTED_IP_TUNNEL_MODES}
43 assert isset PEER
&& assert ip_is_valid
"${PEER}"
45 # LOCAL_ADDRESS must be valid and match the protocol of PEER
46 if isset LOCAL_ADDRESS
; then
47 assert ip_is_valid
"${LOCAL_ADDRESS}"
48 assert ip_protocol_match
"${PEER}" "${LOCAL_ADDRESS}"
51 # Generate a random mark
53 MARK
="$(( ${RANDOM} & 0xffffffff ))"
57 hook_parse_cmdline
() {
58 while [ $# -gt 0 ]; do
61 LOCAL_ADDRESS
="$(cli_get_val "${1}")"
65 MODE
="$(cli_get_val "${1}")"
67 # MODE must be on the list of supported protocols
68 if ! isoneof MODE
${SUPPORTED_IP_TUNNEL_MODES}; then
69 error
"Unsupported mode: ${mode}"
75 MTU
="$(cli_get_val "${1}")"
78 if ! mtu_is_valid
"ipv6" "${MTU}"; then
79 error
"Invalid MTU: ${MTU}"
85 PEER
="$(cli_get_val "${1}")"
89 error
"Unknown option: ${1}"
96 # If PEER is set, it must be a valid IP address
97 if isset PEER
&& ! ip_is_valid
"${PEER}"; then
98 error
"Peer ${PEER} is not a valid IP address"
102 # If LOCAL_ADDRESS is set, it must be a valid IP address
103 # of the same protocol than PEER is
104 if isset LOCAL_ADDRESS
; then
105 if ! ip_is_valid
"${LOCAL_ADDRESS}"; then
106 error
"Local address ${LOCAL_ADDRESS} is not a valid IP address"
110 if ! ip_protocol_match
"${PEER}" "${LOCAL_ADDRESS}"; then
111 error
"Peer and local address are of different IP protocols"
124 if ! zone_settings_read
"${zone}"; then
125 log ERROR
"Could not read settings from ${zone}"
129 # Create device if it doesn't exist, yet
130 if ! device_exists
"${zone}"; then
131 ip_tunnel_add
"${zone}" \
134 --remote-address="${PEER}" \
135 --local-address="${LOCAL_ADDRESS}" \
140 # Bring up the device
141 device_set_up
"${zone}"
143 # Bring up all configurations
144 zone_configs_up
"${zone}"
153 # Stop all the configs.
154 zone_configs_down
"${zone}"
156 # Remove the tunnel device
157 ip_tunnel_del
"${zone}" ||
exit $?
166 cli_device_headline
"${zone}"
169 if ! zone_settings_read
"${zone}"; then
170 error
"Could not read settings from ${zone}"
174 cli_print_fmt1
1 "Mode" "$(ip_tunnel_protocol_to_name "${MODE}")"
176 if isset PEER || isset LOCAL_ADDRESS
; then
178 cli_print_fmt1
1 "Peer" "${PEER}"
181 if isset LOCAL_ADDRESS
; then
182 cli_print_fmt1
1 "Local Address" "${LOCAL_ADDRESS}"
187 cli_headline
2 "Configurations"
188 zone_configs_cmd status
"${zone}"