[people/stevee/network.git] / functions.virtual

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

function virtual_init() {
	module_load 8021q

	ebtables-restore <<EOF
*filter
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT

*broute
:BROUTING ACCEPT
-A BROUTING -p 802_1Q -j DROP
EOF
}

function virtual_create() {
	local port=${1}
	local vid=${2}
	local mac=${3}
	local newport=${port}v${vid}

	if [ -z "${mac}" ]; then
		mac=$(mac_generate)
	fi

	# Initialize the vlan drivers just when we need them.
	virtual_init

	log INFO "Creating virtual device '${newport}' with address '${mac}'."

	local oldport=$(virtual_get_by_parent_and_vid ${port} ${vid})

	if device_exists ${oldport}; then
		local differences

		if [ "${oldport}" != "${newport}" ]; then
			differences="${differences} name"
		fi
		if [ "$(device_get_address ${oldport})" != "${mac}" ]; then
			differences="${differences} address"
		fi
		
		echo "differences: $differences"

		if [ -n "${differences}" ]; then
			if device_is_used ${oldport}; then
				error_log "There was a device '${oldport}' set up with VID '${vid}' and parent '${port}' which is used somewhere else. Cannot go on." 
				return ${EXIT_ERROR}
			else
				log DEBUG "There is a device '${oldport}' but it not used, so we grab it to ourselves."
			fi
		else
			log DEBUG "Device '${newport}' already exists and reflects our configuration. Go on."

			device_set_up ${oldport}
			return ${EXIT_OK}
		fi

	else
		log DEBUG "Virtual device '${newport}' does not exist, yet."

		vconfig set_name_type DEV_PLUS_VID_NO_PAD >/dev/null
		vconfig add ${port} ${vid} >/dev/null
		
		if [ $? -ne ${EXIT_OK} ]; then
			error_log "Could not create virtual device '${newport}'."
			return ${EXIT_ERROR}
		fi

		oldport=$(virtual_get_by_parent_and_vid ${port} ${vid})

	fi

	assert device_exists ${oldport}

	if ! device_exists ${oldport}; then
		error "Could not determine the created virtual device '${newport}'."
		return ${EXIT_ERROR}
	fi

	# The device is expected to be named like ${port}.${vid}
	# and will be renamed to the virtual schema
	device_set_name ${oldport} ${newport}

	if [ $? -ne ${EXIT_OK} ]; then
		error_log "Could not set name of virtual device '${newport}'."
		return ${EXIT_ERROR}
	fi

	assert device_exists ${newport}

	# Setting new mac address
	device_set_address ${newport} ${mac}
	
	if [ $? -ne ${EXIT_OK} ]; then
		error_log "Could not set address '${mac}' to virtual device '${newport}'."
		return ${EXIT_ERROR}
	fi

	# Bring up the new device
	device_set_up ${newport}

	return ${EXIT_OK}
}

function virtual_remove() {
	local device=${1}

	log INFO "Removing virtual device '${device}' with address '$(macify ${device})'."

	device_set_down ${device}

	vconfig rem ${device} >/dev/null

	if [ $? -ne ${EXIT_OK} ]; then
		error_log "Could not remote virtual device '${newport}'."
		return ${EXIT_ERROR}
	fi

	return ${EXIT_OK}
}

function virtual_get_parent() {
	local device=${1}

	local dev spacer1 id spacer2 parent
	while read dev spacer1 id spacer2 parent; do
		if [ "${device}" = "${dev}" ]; then
			echo "${parent}"
			return ${EXIT_OK}
		fi
	done < /proc/net/vlan/config

	return ${EXIT_ERROR}
}

function virtual_get_id() {
	local device=${1}

	local dev spacer1 id spacer2 parent
	while read dev spacer1 id spacer2 parent; do
		if [ "${device}" = "${dev}" ]; then
			echo "${id}"
			return ${EXIT_OK}
		fi
	done < /proc/net/vlan/config

	return ${EXIT_ERROR}
}

function virtual_get_by_parent_and_vid() {
	local parent=${1}
	local vid=${2}

	assert isset parent
	assert isset vid

	assert [ -e "/proc/net/vlan/config" ]

	local dev spacer1 id spacer2 par
	while read dev spacer1 id spacer2 par; do
		if [ "${parent}" = "${par}" ] && [ "${vid}" = "${id}" ]; then
			echo "${dev}"
			return ${EXIT_OK}
		fi
	done < /proc/net/vlan/config

	return ${EXIT_ERROR}
}
Commit	Line	Data
943e3f7e	1	#!/bin/bash
9620ecef MT	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
943e3f7e MT	21
	22	function virtual_init() {
	23	module_load 8021q
b8357295 MT	24
	25	ebtables-restore <<EOF
	26	*filter
	27	:INPUT ACCEPT
	28	:FORWARD ACCEPT
	29	:OUTPUT ACCEPT
	30
	31	*broute
	32	:BROUTING ACCEPT
	33	-A BROUTING -p 802_1Q -j DROP
	34	EOF
943e3f7e MT	35	}
943e3f7e MT	36
9620ecef	37	function virtual_create() {
5bb2429a	38	local port=${1}
9620ecef MT	39	local vid=${2}
	40	local mac=${3}
	41	local newport=${port}v${vid}
	42
	43	if [ -z "${mac}" ]; then
	44	mac=$(mac_generate)
	45	fi
	46
482ab321 MT	47	# Initialize the vlan drivers just when we need them.
	48	virtual_init
	49
9620ecef MT	50	log INFO "Creating virtual device '${newport}' with address '${mac}'."
	51
	52	local oldport=$(virtual_get_by_parent_and_vid ${port} ${vid})
	53
	54	if device_exists ${oldport}; then
	55	local differences
	56
	57	if [ "${oldport}" != "${newport}" ]; then
	58	differences="${differences} name"
	59	fi
	60	if [ "$(device_get_address ${oldport})" != "${mac}" ]; then
	61	differences="${differences} address"
	62	fi
	63
	64	echo "differences: $differences"
	65
	66	if [ -n "${differences}" ]; then
	67	if device_is_used ${oldport}; then
	68	error_log "There was a device '${oldport}' set up with VID '${vid}' and parent '${port}' which is used somewhere else. Cannot go on."
	69	return ${EXIT_ERROR}
	70	else
	71	log DEBUG "There is a device '${oldport}' but it not used, so we grab it to ourselves."
	72	fi
	73	else
	74	log DEBUG "Device '${newport}' already exists and reflects our configuration. Go on."
	75
	76	device_set_up ${oldport}
	77	return ${EXIT_OK}
	78	fi
	79
	80	else
	81	log DEBUG "Virtual device '${newport}' does not exist, yet."
	82
	83	vconfig set_name_type DEV_PLUS_VID_NO_PAD >/dev/null
	84	vconfig add ${port} ${vid} >/dev/null
	85
	86	if [ $? -ne ${EXIT_OK} ]; then
	87	error_log "Could not create virtual device '${newport}'."
	88	return ${EXIT_ERROR}
	89	fi
	90
	91	oldport=$(virtual_get_by_parent_and_vid ${port} ${vid})
	92
	93	fi
	94
	95	assert device_exists ${oldport}
	96
	97	if ! device_exists ${oldport}; then
	98	error "Could not determine the created virtual device '${newport}'."
	99	return ${EXIT_ERROR}
	100	fi
	101
	102	# The device is expected to be named like ${port}.${vid}
	103	# and will be renamed to the virtual schema
	104	device_set_name ${oldport} ${newport}
	105
	106	if [ $? -ne ${EXIT_OK} ]; then
	107	error_log "Could not set name of virtual device '${newport}'."
	108	return ${EXIT_ERROR}
	109	fi
	110
	111	assert device_exists ${newport}
	112
	113	# Setting new mac address
114	device_set_address ${newport} ${mac}
115
116	if [ $? -ne ${EXIT_OK} ]; then
117	error_log "Could not set address '${mac}' to virtual device '${newport}'."
118	return ${EXIT_ERROR}
119	fi
120
121	# Bring up the new device
122	device_set_up ${newport}
123
124	return ${EXIT_OK}
125	}
126
127	function virtual_remove() {
5bb2429a	128	local device=${1}
9620ecef MT	129
	130	log INFO "Removing virtual device '${device}' with address '$(macify ${device})'."
	131
	132	device_set_down ${device}
	133
	134	vconfig rem ${device} >/dev/null
	135
	136	if [ $? -ne ${EXIT_OK} ]; then
	137	error_log "Could not remote virtual device '${newport}'."
	138	return ${EXIT_ERROR}
	139	fi
	140
	141	return ${EXIT_OK}
	142	}
	143
	144	function virtual_get_parent() {
	145	local device=${1}
	146
fe8e6d69 MT	147	local dev spacer1 id spacer2 parent
	148	while read dev spacer1 id spacer2 parent; do
	149	if [ "${device}" = "${dev}" ]; then
	150	echo "${parent}"
	151	return ${EXIT_OK}
	152	fi
	153	done < /proc/net/vlan/config
9620ecef	154
fe8e6d69 MT	155	return ${EXIT_ERROR}
	156	}
	157
	158	function virtual_get_id() {
	159	local device=${1}
	160
	161	local dev spacer1 id spacer2 parent
	162	while read dev spacer1 id spacer2 parent; do
	163	if [ "${device}" = "${dev}" ]; then
	164	echo "${id}"
	165	return ${EXIT_OK}
	166	fi
	167	done < /proc/net/vlan/config
9620ecef MT	168
	169	return ${EXIT_ERROR}
	170	}
	171
	172	function virtual_get_by_parent_and_vid() {
	173	local parent=${1}
	174	local vid=${2}
	175
	176	assert isset parent
	177	assert isset vid
	178
9620ecef MT	179	assert [ -e "/proc/net/vlan/config" ]
9620ecef MT	180
fe8e6d69 MT	181	local dev spacer1 id spacer2 par
	182	while read dev spacer1 id spacer2 par; do
	183	if [ "${parent}" = "${par}" ] && [ "${vid}" = "${id}" ]; then
	184	echo "${dev}"
	185	return ${EXIT_OK}
	186	fi
	187	done < /proc/net/vlan/config
9620ecef MT	188
	189	return ${EXIT_ERROR}
	190	}