[people/stevee/network.git] / functions.routing

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

function routing_has_default() {
	ip route | grep -q "^default"
}

function routing_default_update() {
	local routes

	local zones=$(zones_get_nonlocal)
	if [ -z "${zones}" ]; then
		zones=$(zones_get_local)
	fi

	local gateway
	local proto
	local weight
	local zone
	local cmd

	for proto in ${IP_SUPPORTED_PROTOCOLS}; do
		# Clear routes
		routes=""

		cmd="ip $([ "${proto}" = "ipv6" ] && echo "-6") route"

		for zone in ${zones}; do
			# Skip if zone is not up
			routing_db_exists ${zone} ${proto} || continue

			if [ "$(routing_db_get ${zone} ${proto} active)" = "1" ]; then
				gateway=$(routing_db_get ${zone} ${proto} remote-ip-address)

				assert device_exists ${zone}

				# If we have got a Point-to-Point device, we will directly send all
				# packets into the pipe.
				if device_is_ptp ${zone}; then
					routes="${routes} dev ${zone}"

				# On other devices, we will use the gateway if we got one.
				elif isset gateway; then
					routes="${routes} nexthop via ${gateway}"

				# If none of the cases above apply, we cannot go on.
				else
					continue
				fi

				# Apply weight.
				weight=$(routing_db_get ${zone} ${proto} weight)
				if isinteger ${weight}; then
					routes="${routes} weight ${weight}"
				fi
			else
				log DEBUG "Ignoring zone '${zone}' which is not active."
			fi
		done

		# Remove too much spaces.
		routes=$(echo ${routes})

		# Remove all default routes.
		while ${cmd} | grep -q "^default"; do
			${cmd} del default
		done

		if [ -z "${routes}" ]; then
			log INFO "Removed default route for ${proto}."
			return ${EXIT_OK}
		fi

		log INFO "Setting default route for ${proto}: ${routes}"

		cmd ${cmd} add default ${routes}
		assert [ $? -eq 0 ]

		case "${proto}" in
			ipv6)
				# Apply radvd configuration.
				radvd_update
				;;
		esac
	done
}

function routing_table_exists() {
	local zone=${1}

	grep -q "${zone}$" < /etc/iproute2/rt_tables
}

function routing_table_create() {
	local zone=${1}

	if routing_table_exists ${zone}; then
		return ${EXIT_OK}
	fi

	log INFO "Creating routing table for zone '${zone}'"

	local id=$(( ${zone#${ZONE_NONLOCAL}} + 1 ))

	echo "${id}	${zone}" >> /etc/iproute2/rt_tables
}

function routing_table_remove() {
	: # XXX do we need this?
}

function routing_db_path() {
	local zone=${1}
	local proto=${2}

	assert isset zone
	assert isset proto
	assert isoneof proto ${IP_SUPPORTED_PROTOCOLS}

	echo "${ROUTING_DB_DIR}/${zone}/${proto}"
}

function routing_db_exists() {
	[ -d "$(routing_db_path $@)" ]
}

function routing_db_create() {
	routing_db_exists $@ && return ${EXIT_OK}

	mkdir -p $(routing_db_path $@)
}

function routing_db_remove() {
	rm -rf $(routing_db_path $@)
}

function routing_db_set() {
	local zone=${1}
	local proto=${2}
	local parameter=${3}
	shift 3

	local value="$@"

	log INFO "Updating database (${zone} - ${proto}): ${parameter} = ${value}"

	routing_db_create ${zone} ${proto}

	echo "${value}" > $(routing_db_path ${zone} ${proto})/${parameter}
}

function routing_db_get() {
	local zone=${1}
	local proto=${2}
	local parameter=${3}
	shift 3

	cat $(routing_db_path ${zone} ${proto})/${parameter} 2>/dev/null
}

function routing_db_from_ppp() {
	local zone=${1}
	local proto=${2}

	assert isset zone
	assert isset proto

	# Save ppp configuration
	routing_db_set ${zone} ${proto} type "ppp"

	if [ "${proto}" = "ipv6" ]; then
		routing_db_set ${zone} ${proto} local-ip-address ${PPP_LLLOCAL}
		routing_db_set ${zone} ${proto} remote-ip-address ${PPP_LLREMOTE}
	elif [ "${proto}" = "ipv4" ]; then
		routing_db_set ${zone} ${proto} local-ip-address ${PPP_IPLOCAL}
		routing_db_set ${zone} ${proto} remote-ip-address ${PPP_IPREMOTE}
	fi

	routing_db_set ${zone} ${proto} dns ${PPP_DNS1} ${PPP_DNS2}

	routing_db_set ${zone} ${proto} remote-address ${PPP_MACREMOTE,,}
}

function routing_update() {
	local zone=${1}
	assert isset zone

	# Nothing to do for local zones.
	if zone_is_local ${zone}; then
		return ${EXIT_OK}
	fi

	local proto=${2}
	local table=${zone}
	assert isset proto

	local ip_cmd="ip"
	if [ "${proto}" = "ipv6" ]; then
		ip_cmd="${ip_cmd} -6"
	fi

	# Create routing table if not exists
	routing_table_create ${table}

	log DEBUG "Flushing routing table ${table}"
	cmd ${ip_cmd} route flush table ${table}

	# Exit here if there is no routing information.
	if ! routing_db_exists ${zone} ${proto}; then
		return ${EXIT_OK}
	fi

	local local_ip_address=$(routing_db_get ${zone} ${proto} local-ip-address)
	local remote_ip_address=$(routing_db_get ${zone} ${proto} remote-ip-address)

	case "${proto}" in
		ipv4)
			local net_address=$(ipv4_get_netaddress ${local_ip_address})

			log DEBUG "Adding route for subnet ${local_ip_address} to table ${table}"
			cmd ${ip_cmd} route add table ${table} ${net_address} dev ${zone}
			;;
	esac

	log DEBUG "Adding default route for table ${table}"
	local routing_cmd="${ip_cmd} route add table ${table} default"
	if isset remote_ip_address; then
		routing_cmd="${routing_cmd} via ${remote_ip_address}"
	else
		routing_cmd="${routing_cmd} dev ${zone}"
	fi
	cmd ${routing_cmd}

	cmd ${ip_cmd} rule add from ${local_ip_address} lookup ${table}
}
Commit	Line	Data
ff8ec5ef MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
	22	function routing_has_default() {
	23	ip route \| grep -q "^default"
	24	}
	25
	26	function routing_default_update() {
ff8ec5ef MT	27	local routes
ff8ec5ef MT	28
b816e04b MT	29	local zones=$(zones_get_nonlocal)
	30	if [ -z "${zones}" ]; then
	31	zones=$(zones_get_local)
	32	fi
	33
ff8ec5ef	34	local gateway
201b7dff	35	local proto
ff8ec5ef	36	local weight
b816e04b	37	local zone
e817357d	38	local cmd
ff8ec5ef	39
201b7dff MT	40	for proto in ${IP_SUPPORTED_PROTOCOLS}; do
	41	# Clear routes
	42	routes=""
ff8ec5ef	43
e817357d MT	44	cmd="ip $([ "${proto}" = "ipv6" ] && echo "-6") route"
e817357d MT	45
201b7dff MT	46	for zone in ${zones}; do
	47	# Skip if zone is not up
	48	routing_db_exists ${zone} ${proto} \|\| continue
ff8ec5ef	49
201b7dff MT	50	if [ "$(routing_db_get ${zone} ${proto} active)" = "1" ]; then
201b7dff MT	51	gateway=$(routing_db_get ${zone} ${proto} remote-ip-address)
ff8ec5ef	52
86fae95d	53	assert device_exists ${zone}
28f0b4ab	54
00b2c5c9	55	# If we have got a Point-to-Point device, we will directly send all
28f0b4ab	56	# packets into the pipe.
00b2c5c9	57	if device_is_ptp ${zone}; then
e817357d	58	routes="${routes} dev ${zone}"
28f0b4ab MT	59
	60	# On other devices, we will use the gateway if we got one.
	61	elif isset gateway; then
e817357d	62	routes="${routes} nexthop via ${gateway}"
28f0b4ab MT	63
	64	# If none of the cases above apply, we cannot go on.
	65	else
	66	continue
e817357d	67	fi
b816e04b	68
28f0b4ab MT	69	# Apply weight.
	70	weight=$(routing_db_get ${zone} ${proto} weight)
	71	if isinteger ${weight}; then
201b7dff MT	72	routes="${routes} weight ${weight}"
	73	fi
	74	else
	75	log DEBUG "Ignoring zone '${zone}' which is not active."
ff8ec5ef	76	fi
201b7dff	77	done
ff8ec5ef	78
e817357d MT	79	# Remove too much spaces.
e817357d MT	80	routes=$(echo ${routes})
b816e04b	81
e817357d MT	82	# Remove all default routes.
	83	while ${cmd} \| grep -q "^default"; do
	84	${cmd} del default
	85	done
	86
	87	if [ -z "${routes}" ]; then
	88	log INFO "Removed default route for ${proto}."
201b7dff	89	return ${EXIT_OK}
ff8ec5ef	90	fi
ff8ec5ef	91
201b7dff	92	log INFO "Setting default route for ${proto}: ${routes}"
b816e04b	93
28f0b4ab	94	cmd ${cmd} add default ${routes}
201b7dff	95	assert [ $? -eq 0 ]
e817357d MT	96
	97	case "${proto}" in
	98	ipv6)
	99	# Apply radvd configuration.
	100	radvd_update
	101	;;
	102	esac
201b7dff	103	done
ff8ec5ef MT	104	}
	105
	106	function routing_table_exists() {
	107	local zone=${1}
	108
	109	grep -q "${zone}$" < /etc/iproute2/rt_tables
	110	}
	111
	112	function routing_table_create() {
	113	local zone=${1}
	114
ff8ec5ef MT	115	if routing_table_exists ${zone}; then
	116	return ${EXIT_OK}
	117	fi
	118
	119	log INFO "Creating routing table for zone '${zone}'"
	120
5791cc55	121	local id=$(( ${zone#${ZONE_NONLOCAL}} + 1 ))
ff8ec5ef MT	122
	123	echo "${id} ${zone}" >> /etc/iproute2/rt_tables
	124	}
	125
	126	function routing_table_remove() {
	127	: # XXX do we need this?
	128	}
b816e04b MT	129
	130	function routing_db_path() {
	131	local zone=${1}
	132	local proto=${2}
	133
	134	assert isset zone
	135	assert isset proto
	136	assert isoneof proto ${IP_SUPPORTED_PROTOCOLS}
	137
	138	echo "${ROUTING_DB_DIR}/${zone}/${proto}"
	139	}
	140
	141	function routing_db_exists() {
	142	[ -d "$(routing_db_path $@)" ]
	143	}
	144
	145	function routing_db_create() {
	146	routing_db_exists $@ && return ${EXIT_OK}
	147
	148	mkdir -p $(routing_db_path $@)
	149	}
	150
	151	function routing_db_remove() {
	152	rm -rf $(routing_db_path $@)
	153	}
	154
	155	function routing_db_set() {
	156	local zone=${1}
	157	local proto=${2}
	158	local parameter=${3}
	159	shift 3
	160
	161	local value="$@"
	162
	163	log INFO "Updating database (${zone} - ${proto}): ${parameter} = ${value}"
	164
	165	routing_db_create ${zone} ${proto}
	166
	167	echo "${value}" > $(routing_db_path ${zone} ${proto})/${parameter}
	168	}
	169
	170	function routing_db_get() {
	171	local zone=${1}
	172	local proto=${2}
	173	local parameter=${3}
	174	shift 3
	175
	176	cat $(routing_db_path ${zone} ${proto})/${parameter} 2>/dev/null
	177	}
	178
	179	function routing_db_from_ppp() {
	180	local zone=${1}
	181	local proto=${2}
	182
2c973348 MT	183	assert isset zone
	184	assert isset proto
	185
b816e04b MT	186	# Save ppp configuration
b816e04b MT	187	routing_db_set ${zone} ${proto} type "ppp"
201b7dff MT	188
	189	if [ "${proto}" = "ipv6" ]; then
	190	routing_db_set ${zone} ${proto} local-ip-address ${PPP_LLLOCAL}
	191	routing_db_set ${zone} ${proto} remote-ip-address ${PPP_LLREMOTE}
	192	elif [ "${proto}" = "ipv4" ]; then
	193	routing_db_set ${zone} ${proto} local-ip-address ${PPP_IPLOCAL}
	194	routing_db_set ${zone} ${proto} remote-ip-address ${PPP_IPREMOTE}
	195	fi
b816e04b MT	196
	197	routing_db_set ${zone} ${proto} dns ${PPP_DNS1} ${PPP_DNS2}
	198
	199	routing_db_set ${zone} ${proto} remote-address ${PPP_MACREMOTE,,}
	200	}
	201
	202	function routing_update() {
	203	local zone=${1}
2c973348	204	assert isset zone
b816e04b MT	205
	206	# Nothing to do for local zones.
	207	if zone_is_local ${zone}; then
	208	return ${EXIT_OK}
	209	fi
	210
	211	local proto=${2}
	212	local table=${zone}
2c973348	213	assert isset proto
b816e04b	214
28f0b4ab MT	215	local ip_cmd="ip"
	216	if [ "${proto}" = "ipv6" ]; then
	217	ip_cmd="${ip_cmd} -6"
	218	fi
	219
b816e04b MT	220	# Create routing table if not exists
	221	routing_table_create ${table}
	222
	223	log DEBUG "Flushing routing table ${table}"
28f0b4ab	224	cmd ${ip_cmd} route flush table ${table}
b816e04b	225
f5a771cf MT	226	# Exit here if there is no routing information.
	227	if ! routing_db_exists ${zone} ${proto}; then
	228	return ${EXIT_OK}
	229	fi
	230
b816e04b	231	local local_ip_address=$(routing_db_get ${zone} ${proto} local-ip-address)
d5bace8d	232	local remote_ip_address=$(routing_db_get ${zone} ${proto} remote-ip-address)
b816e04b	233
d5bace8d MT	234	case "${proto}" in
	235	ipv4)
	236	local net_address=$(ipv4_get_netaddress ${local_ip_address})
	237
	238	log DEBUG "Adding route for subnet ${local_ip_address} to table ${table}"
28f0b4ab	239	cmd ${ip_cmd} route add table ${table} ${net_address} dev ${zone}
d5bace8d MT	240	;;
d5bace8d MT	241	esac
b816e04b	242
28f0b4ab MT	243	log DEBUG "Adding default route for table ${table}"
28f0b4ab MT	244	local routing_cmd="${ip_cmd} route add table ${table} default"
b816e04b	245	if isset remote_ip_address; then
28f0b4ab MT	246	routing_cmd="${routing_cmd} via ${remote_ip_address}"
	247	else
	248	routing_cmd="${routing_cmd} dev ${zone}"
b816e04b	249	fi
28f0b4ab	250	cmd ${routing_cmd}
b816e04b	251
28f0b4ab	252	cmd ${ip_cmd} rule add from ${local_ip_address} lookup ${table}
b816e04b	253	}