]>
Commit | Line | Data |
---|---|---|
1848564d MT |
1 | #!/bin/bash |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2010 Michael Tremer & Christian Schmidt # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
a5ebb169 | 22 | . /lib/network/header-config |
1848564d MT |
23 | |
24 | HOOK_SETTINGS="HOOK ADDRESS PREFIX GATEWAY" | |
25 | ||
26 | function _check() { | |
27 | assert isset ADDRESS | |
28 | assert isinteger PREFIX | |
29 | ||
30 | if [ ${PREFIX} -gt 30 ]; then | |
31 | error "PREFIX is greater than 30." | |
32 | exit ${EXIT_ERROR} | |
33 | fi | |
34 | } | |
35 | ||
36 | function _create() { | |
37 | local zone=${1} | |
38 | shift | |
39 | ||
40 | while [ $# -gt 0 ]; do | |
41 | case "${1}" in | |
42 | --address=*) | |
43 | ADDRESS=${1#--address=} | |
44 | ;; | |
45 | --netmask=*) | |
46 | NETMASK=${1#--netmask=} | |
47 | ;; | |
48 | --prefix=*) | |
49 | PREFIX=${1#--prefix=} | |
50 | ;; | |
51 | --gateway=*) | |
52 | GATEWAY=${1#--gateway=} | |
53 | ;; | |
54 | esac | |
55 | shift | |
56 | done | |
57 | ||
58 | if [ -z "${PREFIX}" -a -n "${NETMASK}" ]; then | |
59 | PREFIX=$(ipv4_mask_to_cidr ${NETMASK}) | |
60 | fi | |
61 | ||
a5ebb169 MT |
62 | # XXX maybe we can add some hashing to identify a configuration again |
63 | config_write $(zone_dir ${zone})/configs/${HOOK}.$(uuid) ${HOOK_SETTINGS} | |
1848564d MT |
64 | |
65 | exit ${EXIT_OK} | |
66 | } | |
67 | ||
68 | function _up() { | |
69 | local zone=${1} | |
70 | local config=${2} | |
71 | shift 2 | |
72 | ||
73 | if ! device_exists ${zone}; then | |
74 | error "Zone '${zone}' doesn't exist." | |
75 | exit ${EXIT_ERROR} | |
76 | fi | |
a5ebb169 MT |
77 | |
78 | config_read $(zone_dir ${zone})/configs/${config} | |
1848564d MT |
79 | |
80 | if ! zone_has_ipv4 ${zone} ${ADDRESS}/${PREFIX}; then | |
05c234a8 | 81 | if ipv4_detect_duplicate ${zone} ${ADDRESS}; then |
9eebfc55 | 82 | error_log "Duplicate address detected on zone '${zone}' (${ADDRESS})." |
05c234a8 MT |
83 | error_log "Cannot continue." |
84 | exit ${EXIT_ERROR} | |
85 | fi | |
86 | ||
1848564d | 87 | ip addr add ${ADDRESS}/${PREFIX} dev ${zone} |
05c234a8 MT |
88 | |
89 | # Announce our new address to the neighbours | |
90 | ipv4_update_neighbours ${zone} ${ADDRESS} | |
1848564d MT |
91 | fi |
92 | ||
940d7206 | 93 | if zone_is_nonlocal ${zone} && [ -n "${GATEWAY}" ]; then |
9c71c87c MT |
94 | # Save configuration |
95 | red_db_set ${zone} type "${HOOK}" | |
96 | red_db_set ${zone} local-ip-address ${ADDRESS}/${PREFIX} | |
97 | red_db_set ${zone} remote-ip-address ${GATEWAY} | |
98 | ||
99 | red_db_set ${zone} active 1 | |
100 | red_routing_update ${zone} | |
1848564d MT |
101 | fi |
102 | ||
103 | exit ${EXIT_OK} | |
104 | } | |
105 | ||
106 | function _down() { | |
107 | local zone=${1} | |
108 | local config=${2} | |
109 | shift 2 | |
110 | ||
111 | if ! device_exists ${zone}; then | |
112 | error "Zone '${zone}' doesn't exist." | |
113 | exit ${EXIT_ERROR} | |
114 | fi | |
115 | ||
a5ebb169 | 116 | config_read $(zone_dir ${zone})/configs/${config} |
1848564d MT |
117 | |
118 | if zone_has_ipv4 ${zone} ${ADDRESS}/${PREFIX}; then | |
119 | ip addr del ${ADDRESS}/${PREFIX} dev ${zone} | |
120 | fi | |
121 | ||
122 | exit ${EXIT_OK} | |
123 | } | |
124 | ||
ae1def39 MT |
125 | function _status() { |
126 | local zone=${1} | |
127 | local config=${2} | |
128 | shift 2 | |
129 | ||
130 | if ! device_exists ${zone}; then | |
131 | error "Zone '${zone}' doesn't exist." | |
132 | exit ${EXIT_ERROR} | |
133 | fi | |
134 | ||
a5ebb169 | 135 | config_read $(zone_dir ${zone})/configs/${config} |
ae1def39 | 136 | |
54a70b3e | 137 | printf " %10s - " "${HOOK}" |
ae1def39 | 138 | if zone_has_ipv4 ${zone} ${ADDRESS}/${PREFIX}; then |
a5ebb169 | 139 | echo -ne "${COLOUR_ENABLED}ENABLED ${COLOUR_NORMAL}" |
ae1def39 | 140 | else |
a5ebb169 | 141 | echo -ne "${COLOUR_DISABLED}DISABLED${COLOUR_NORMAL}" |
ae1def39 | 142 | fi |
54a70b3e | 143 | echo " - ${ADDRESS}/${PREFIX}" |
ae1def39 MT |
144 | |
145 | if [ -n "${GATEWAY}" ]; then | |
146 | echo " Gateway: ${GATEWAY}" | |
147 | fi | |
148 | ||
149 | exit ${EXIT_OK} | |
150 | } | |
151 | ||
1848564d MT |
152 | function ipv4_mask_to_cidr() { |
153 | local mask=0 | |
154 | ||
155 | local field | |
156 | for field in $(tr '.' ' ' <<<${1}); do | |
157 | mask=$(( $(( ${mask} << 8 )) | ${field} )) | |
158 | done | |
159 | ||
160 | local cidr=0 | |
161 | local x=$(( 128 << 24 )) # 0x80000000 | |
162 | ||
163 | while [ $(( ${x} & ${mask} )) -ne 0 ]; do | |
164 | [ ${mask} -eq ${x} ] && mask=0 || mask=$(( ${mask} << 1 )) | |
165 | cidr=$((${cidr} + 1)) | |
166 | done | |
167 | ||
168 | if [ $(( ${mask} & 2147483647 )) -ne 0 ]; then # 2147483647 = 0x7fffffff | |
169 | echo "Invalid net mask: $1" >&2 | |
170 | else | |
171 | echo ${cidr} | |
172 | fi | |
173 | } | |
174 | ||
175 | run $@ |