]>
Commit | Line | Data |
---|---|---|
ff8ec5ef MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2010 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | function routing_has_default() { | |
23 | ip route | grep -q "^default" | |
24 | } | |
25 | ||
26 | function routing_default_update() { | |
ff8ec5ef MT |
27 | local routes |
28 | ||
b816e04b MT |
29 | local zones=$(zones_get_nonlocal) |
30 | if [ -z "${zones}" ]; then | |
31 | zones=$(zones_get_local) | |
32 | fi | |
33 | ||
ff8ec5ef | 34 | local gateway |
201b7dff | 35 | local proto |
ff8ec5ef | 36 | local weight |
b816e04b | 37 | local zone |
ff8ec5ef | 38 | |
201b7dff MT |
39 | for proto in ${IP_SUPPORTED_PROTOCOLS}; do |
40 | # Clear routes | |
41 | routes="" | |
ff8ec5ef | 42 | |
201b7dff MT |
43 | for zone in ${zones}; do |
44 | # Skip if zone is not up | |
45 | routing_db_exists ${zone} ${proto} || continue | |
ff8ec5ef | 46 | |
201b7dff MT |
47 | if [ "$(routing_db_get ${zone} ${proto} active)" = "1" ]; then |
48 | gateway=$(routing_db_get ${zone} ${proto} remote-ip-address) | |
49 | weight=$(routing_db_get ${zone} ${proto} weight) | |
ff8ec5ef | 50 | |
201b7dff | 51 | routes="${routes} nexthop via ${gateway}" |
b816e04b | 52 | |
201b7dff MT |
53 | if [ -n "${weight}" ]; then |
54 | routes="${routes} weight ${weight}" | |
55 | fi | |
56 | else | |
57 | log DEBUG "Ignoring zone '${zone}' which is not active." | |
ff8ec5ef | 58 | fi |
201b7dff | 59 | done |
ff8ec5ef | 60 | |
201b7dff MT |
61 | if [ -z "${routes}" ]; then |
62 | log INFO "Removing default route for ${proto}." | |
b816e04b | 63 | |
201b7dff MT |
64 | if routing_has_default; then |
65 | ip route del default | |
66 | fi | |
67 | return ${EXIT_OK} | |
ff8ec5ef | 68 | fi |
ff8ec5ef | 69 | |
201b7dff MT |
70 | # Remove too much spaces. |
71 | routes=$(echo ${routes}) | |
b816e04b | 72 | |
201b7dff | 73 | log INFO "Setting default route for ${proto}: ${routes}" |
b816e04b | 74 | |
201b7dff MT |
75 | ip $([ "${proto}" = "ipv6" ] && echo "-6") route replace default ${routes} |
76 | assert [ $? -eq 0 ] | |
77 | done | |
ff8ec5ef MT |
78 | } |
79 | ||
80 | function routing_table_exists() { | |
81 | local zone=${1} | |
82 | ||
83 | grep -q "${zone}$" < /etc/iproute2/rt_tables | |
84 | } | |
85 | ||
86 | function routing_table_create() { | |
87 | local zone=${1} | |
88 | ||
ff8ec5ef MT |
89 | if routing_table_exists ${zone}; then |
90 | return ${EXIT_OK} | |
91 | fi | |
92 | ||
93 | log INFO "Creating routing table for zone '${zone}'" | |
94 | ||
95 | local id=$(( ${zone#red} + 1 )) | |
96 | ||
97 | echo "${id} ${zone}" >> /etc/iproute2/rt_tables | |
98 | } | |
99 | ||
100 | function routing_table_remove() { | |
101 | : # XXX do we need this? | |
102 | } | |
b816e04b MT |
103 | |
104 | function routing_db_path() { | |
105 | local zone=${1} | |
106 | local proto=${2} | |
107 | ||
108 | assert isset zone | |
109 | assert isset proto | |
110 | assert isoneof proto ${IP_SUPPORTED_PROTOCOLS} | |
111 | ||
112 | echo "${ROUTING_DB_DIR}/${zone}/${proto}" | |
113 | } | |
114 | ||
115 | function routing_db_exists() { | |
116 | [ -d "$(routing_db_path $@)" ] | |
117 | } | |
118 | ||
119 | function routing_db_create() { | |
120 | routing_db_exists $@ && return ${EXIT_OK} | |
121 | ||
122 | mkdir -p $(routing_db_path $@) | |
123 | } | |
124 | ||
125 | function routing_db_remove() { | |
126 | rm -rf $(routing_db_path $@) | |
127 | } | |
128 | ||
129 | function routing_db_set() { | |
130 | local zone=${1} | |
131 | local proto=${2} | |
132 | local parameter=${3} | |
133 | shift 3 | |
134 | ||
135 | local value="$@" | |
136 | ||
137 | log INFO "Updating database (${zone} - ${proto}): ${parameter} = ${value}" | |
138 | ||
139 | routing_db_create ${zone} ${proto} | |
140 | ||
141 | echo "${value}" > $(routing_db_path ${zone} ${proto})/${parameter} | |
142 | } | |
143 | ||
144 | function routing_db_get() { | |
145 | local zone=${1} | |
146 | local proto=${2} | |
147 | local parameter=${3} | |
148 | shift 3 | |
149 | ||
150 | cat $(routing_db_path ${zone} ${proto})/${parameter} 2>/dev/null | |
151 | } | |
152 | ||
153 | function routing_db_from_ppp() { | |
154 | local zone=${1} | |
155 | local proto=${2} | |
156 | ||
2c973348 MT |
157 | assert isset zone |
158 | assert isset proto | |
159 | ||
b816e04b MT |
160 | # Save ppp configuration |
161 | routing_db_set ${zone} ${proto} type "ppp" | |
201b7dff MT |
162 | |
163 | if [ "${proto}" = "ipv6" ]; then | |
164 | routing_db_set ${zone} ${proto} local-ip-address ${PPP_LLLOCAL} | |
165 | routing_db_set ${zone} ${proto} remote-ip-address ${PPP_LLREMOTE} | |
166 | elif [ "${proto}" = "ipv4" ]; then | |
167 | routing_db_set ${zone} ${proto} local-ip-address ${PPP_IPLOCAL} | |
168 | routing_db_set ${zone} ${proto} remote-ip-address ${PPP_IPREMOTE} | |
169 | fi | |
b816e04b MT |
170 | |
171 | routing_db_set ${zone} ${proto} dns ${PPP_DNS1} ${PPP_DNS2} | |
172 | ||
173 | routing_db_set ${zone} ${proto} remote-address ${PPP_MACREMOTE,,} | |
174 | } | |
175 | ||
176 | function routing_update() { | |
177 | local zone=${1} | |
2c973348 | 178 | assert isset zone |
b816e04b MT |
179 | |
180 | # Nothing to do for local zones. | |
181 | if zone_is_local ${zone}; then | |
182 | return ${EXIT_OK} | |
183 | fi | |
184 | ||
185 | local proto=${2} | |
186 | local table=${zone} | |
2c973348 | 187 | assert isset proto |
b816e04b MT |
188 | |
189 | # Create routing table if not exists | |
190 | routing_table_create ${table} | |
191 | ||
192 | log DEBUG "Flushing routing table ${table}" | |
193 | cmd ip route flush table ${table} | |
194 | ||
195 | local local_ip_address=$(routing_db_get ${zone} ${proto} local-ip-address) | |
196 | ||
197 | # XXX does not work. | |
198 | #log DEBUG "Adding route for subnet ${local_ip_address} to table ${table}" | |
199 | #cmd ip route add table ${table} ${local_ip_address} dev ${zone} | |
200 | ||
201 | local remote_ip_address=$(routing_db_get ${zone} ${proto} remote-ip-address) | |
202 | ||
203 | if isset remote_ip_address; then | |
204 | log DEBUG "Adding default route for table ${table}" | |
205 | ||
206 | cmd ip route add table ${table} default nexthop via ${remote_ip_address} | |
207 | fi | |
208 | ||
209 | cmd ip rule add from ${local_ip_address} lookup ${table} | |
210 | } |