[people/stevee/network.git] / src / functions / functions.ipv4

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

IP_SUPPORTED_PROTOCOLS="${IP_SUPPORTED_PROTOCOLS} ipv4"

function ipv4_is_valid() {
	ipcalc --ipv4 -c $@ >/dev/null 2>&1

	case "$?" in
		0)
			return ${EXIT_OK}
			;;
		*)
			return ${EXIT_ERROR}
			;;
	esac
}

function ipv4_prefix_is_valid() {
	local prefix=${1}

	isset prefix || return ${EXIT_FALSE}

	[ ${prefix} -le  0 ] && return ${EXIT_FALSE}
	[ ${prefix} -gt 32 ] && return ${EXIT_FALSE}

	return ${EXIT_TRUE}
}

function ipv4_detect_duplicate() {
	local device=${1}
	local address=${2}

	assert isset address
	assert isset device
	assert device_exists ${device}

	# Don't check on PPP devices.
	device_is_ppp ${device} && return ${EXIT_ERROR}

	if ! arping -q -c 2 -w 3 -D -I ${device} ${address}; then
		log DEBUG "Detected duplicate address '${address}' on device '${device}'."
		return ${EXIT_OK}
	fi

	return ${EXIT_ERROR}
}

function ipv4_update_neighbours() {
	local device=${1}
	local address=${2}

	# Don't do anything on PPP devices.
	device_is_ppp ${device} && return ${EXIT_OK}

	arping -q -A -c 1 -I ${device} ${address}
	( sleep 2; arping -q -U -c 1 -I ${device} ${address} ) >/dev/null 2>&1 </dev/null &
}

function ipv4_get_netaddress() {
	local address=${1}
	assert isset address

	local prefix=$(ip_get_prefix ${address})
	isset prefix || prefix="32"

	# Assume host-only address if no prefix has been given.
	if [ "${prefix}" = "32" ]; then
		echo "${address}/${prefix}"
		return ${EXIT_OK}
	fi

	local NETWORK
	eval $(ipcalc --network ${address})
	assert isset NETWORK

	echo "${NETWORK}/${prefix}"
	return ${EXIT_OK}
}

function ipv4_get_prefix() {
	local address=${1}
	local broadcast=${2}

	assert isset address
	assert isset broadcast

	local PREFIX
	eval $(ipcalc --prefix ${address} ${broadcast})
	assert isset PREFIX

	echo "${PREFIX}"
	return ${EXIT_OK}
}

function ipv4_get_netmask() {
	local address=${1}
	assert isset address

	# Add prefix if none given.
	local prefix=$(ip_get_prefix ${address})
	isset prefix || address="${address}/32"

	local NETMASK
	eval $(ipcalc --netmask ${address})
	assert isset NETMASK

	print "${NETMASK}"
	return ${EXIT_OK}
}

function ipv4_flush_device() {
	#
	# Flushes all routes, addresses from the device
	# and clears the ARP cache.
	#

	local device=${1}
	assert isset device

	ip -4 addr flush dev ${device} >/dev/null 2>&1
	ip -4 route flush dev ${device} >/dev/null 2>&1
	ip -4 neigh flush dev ${device} >/dev/null 2>&1

	return 0
}

function ipv4_prefix2netmask() {
	local prefix=${1}
	shift

	assert isinteger prefix

	# XXX this function is a stub

	case "${prefix}" in
		24)
			echo "255.255.255.0"
			;;
		*)
			assert false NOT IMPLEMENTED
			;;
	esac
}

function ipv4_get_network() {
	local network=$(ipv4_get_network $@)

	ipv4_decode ${network}
}

function ipv4_get_network_encoded() {
	local net=${1}

	local prefix=$(ip_get_prefix ${net})
	isset prefix || prefix=32

	local mask=0
	if [ ${prefix} -ne 0 ]; then
		mask=$(( -1 << $(( 32 - ${prefix} )) ))
	fi

	local addr=$(ip_split_prefix ${net})
	addr=$(ipv4_encode ${addr})

	print "%d" $(( ${addr} & ${mask} ))
}

function ipv4_get_broadcast() {
	local broadcast=$(ipv4_get_broadcast_encoded $@)

	ipv4_decode ${broadcast}
}

function ipv4_get_broadcast_encoded() {
	local net=${1}

	local prefix=$(ip_get_prefix ${net})
	assert isset prefix

	prefix=$(( 32 - ${prefix} ))

	local netmask=0
	local broadcast=-1
	if [ ${prefix} -eq 32 ]; then
		:
	else
		netmask=$(( -1 << ${prefix} ))
		broadcast=$(( $(( 1 << ${prefix} )) - 1))
	fi

	local addr=$(ip_split_prefix ${net})
	addr=$(ipv4_encode ${addr})

	print "%d" $(( $(( ${addr} & ${netmask} )) | ${broadcast} ))
}

function ipv4_encode() {
	local addr=${1}
	local int=0

	local field
	for field in ${addr//./ }; do
		int=$(( $(( ${int} << 8 )) | ${field} ))
	done

	print "${int}"
}

function ipv4_decode() {
	local int=${1}

	local addr=$(( ${int} & 255 ))

	local i
	for i in 1 2 3; do
		int=$(( ${int} >> 8 ))
		addr="$(( ${int} & 255 )).${addr}"
	done

	print "${addr}"
}

function ipv4_addr_eq() {
	local addr1=${1}
	assert isset addr1

	local addr2=${2}
	assert isset addr2

	[[ "${addr1}" = "${addr2}" ]] \
		&& return ${EXIT_TRUE} || return ${EXIT_FALSE}
}

function ipv4_addr_gt() {
	local addr1=${1}
	assert isset addr1

	local addr2=${2}
	assert isset addr2

	local addr
	for addr in addr1 addr2; do
		printf -v ${addr} "%s" "$(ip_encode ${!addr})"
	done

	[[ ${addr1} -gt ${addr2} ]] \
		&& return ${EXIT_TRUE} || return ${EXIT_FALSE}
}

function ipv4_range() {
	local range=${1}

	local first=${1%-*}
	local last=${1#*-}

	_ipv4_range "$(ipv4_encode ${first})" "$(ipv4_encode ${last})"
}

function _ipv4_range() {
	local first=${1}
	local last=${2}

	if [ ${first} -gt ${last} ]; then
		local range="$(ipv4_decode ${first})-$(ipv4_decode ${last})"

		error "Invalid IPv4 address range: ${range}"
		return ${EXIT_ERROR}
	fi

	last=$(( ${last} + 1 ))

	local prefix
	local x y z
	while [ ${last} -gt ${first} ]; do
		prefix=
		x=31
		y=2
		z=1

		while [ $(( ${first} % ${y} )) -eq 0 ] && [ ${last} -gt $(( ${first} + ${y} )) ]; do
			prefix="/${x}"
			x=$(( ${x} - 1 ))
			z=${y}
			y=$(( ${y} * 2 ))
		done

		print "$(ipv4_decode ${first})${prefix}"
		first=$(( ${first} + ${z} ))
	done
}

function ipv4_range_explicit() {
	local range=${1}

	local first last

	case "${range}" in
		*.*.*.*-*.*.*.*)
			first=${range%-*}
			last=${range#*-}
			;;
		*.*.*.*/*)
			first=$(ipv4_get_network ${range})
			last=$(ipv4_get_broadcast ${range})
			;;
	esac

	_ipv4_range_explicit "$(ipv4_encode ${first})" "$(ipv4_encode ${last})"
}

function _ipv4_range_explicit() {
	local first=${1}
	local last=${2}

	if [ ${first} -gt ${last} ]; then
		local range="$(ipv4_decode ${first})-$(ipv4_decode ${last})"

		error "Invalid IPv4 address range: ${range}"
		return ${EXIT_ERROR}
	fi

	while [ ${first} -le ${last} ]; do
		ipv4_decode ${first}
		first=$(( ${first} + 1 ))
	done
}

function ipv4_in_subnet() {
	local addr=${1}
	assert isset addr

	local subnet=${2}
	assert isset subnet

	local subnet_first=$(ipv4_get_network_encoded ${subnet})
	local subnet_last=$(ipv4_get_broadcast_encoded ${subnet})

	addr=$(ipv4_encode ${addr})

	if [[ "${addr}" -ge "${subnet_first}" ]] && [[ "${addr}" -le "${subnet_last}" ]]; then
		return ${EXIT_TRUE}
	fi

	return ${EXIT_FALSE}
}

function ipv4_ttl_valid() {
	local ttl="${1}"

	isinteger ttl || return ${EXIT_FALSE}

	# Must be between 10 and 255.
	[ "${ttl}" -lt  10 ] && return ${EXIT_FALSE}
	[ "${ttl}" -gt 255 ] && return ${EXIT_FALSE}

	return ${EXIT_TRUE}
}
Commit	Line	Data
05c234a8 MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
e617226b MT	22	IP_SUPPORTED_PROTOCOLS="${IP_SUPPORTED_PROTOCOLS} ipv4"
e617226b MT	23
05c234a8	24	function ipv4_is_valid() {
fa6df98c	25	ipcalc --ipv4 -c $@ >/dev/null 2>&1
05c234a8	26
fa6df98c MT	27	case "$?" in
	28	0)
	29	return ${EXIT_OK}
	30	;;
	31	*)
38f61548	32	return ${EXIT_ERROR}
fa6df98c MT	33	;;
fa6df98c MT	34	esac
05c234a8 MT	35	}
05c234a8 MT	36
cb965348 MT	37	function ipv4_prefix_is_valid() {
cb965348 MT	38	local prefix=${1}
ab70371d MT	39
ab70371d MT	40	isset prefix \|\| return ${EXIT_FALSE}
cb965348 MT	41
	42	[ ${prefix} -le 0 ] && return ${EXIT_FALSE}
	43	[ ${prefix} -gt 32 ] && return ${EXIT_FALSE}
	44
	45	return ${EXIT_TRUE}
	46	}
	47
05c234a8 MT	48	function ipv4_detect_duplicate() {
	49	local device=${1}
	50	local address=${2}
	51
	52	assert isset address
	53	assert isset device
	54	assert device_exists ${device}
	55
785afa13 MT	56	# Don't check on PPP devices.
	57	device_is_ppp ${device} && return ${EXIT_ERROR}
	58
05c234a8 MT	59	if ! arping -q -c 2 -w 3 -D -I ${device} ${address}; then
05c234a8 MT	60	log DEBUG "Detected duplicate address '${address}' on device '${device}'."
9eebfc55	61	return ${EXIT_OK}
05c234a8 MT	62	fi
05c234a8 MT	63
9eebfc55	64	return ${EXIT_ERROR}
05c234a8 MT	65	}
	66
	67	function ipv4_update_neighbours() {
	68	local device=${1}
	69	local address=${2}
	70
785afa13 MT	71	# Don't do anything on PPP devices.
	72	device_is_ppp ${device} && return ${EXIT_OK}
	73
05c234a8 MT	74	arping -q -A -c 1 -I ${device} ${address}
	75	( sleep 2; arping -q -U -c 1 -I ${device} ${address} ) >/dev/null 2>&1 </dev/null &
	76	}
d5bace8d MT	77
	78	function ipv4_get_netaddress() {
	79	local address=${1}
	80	assert isset address
	81
	82	local prefix=$(ip_get_prefix ${address})
1dbb6df4 MT	83	isset prefix \|\| prefix="32"
	84
	85	# Assume host-only address if no prefix has been given.
	86	if [ "${prefix}" = "32" ]; then
	87	echo "${address}/${prefix}"
	88	return ${EXIT_OK}
	89	fi
d5bace8d MT	90
	91	local NETWORK
	92	eval $(ipcalc --network ${address})
	93	assert isset NETWORK
	94
	95	echo "${NETWORK}/${prefix}"
d5bace8d MT	96	return ${EXIT_OK}
d5bace8d MT	97	}
e9ea243e MT	98
	99	function ipv4_get_prefix() {
	100	local address=${1}
	101	local broadcast=${2}
	102
	103	assert isset address
	104	assert isset broadcast
	105
	106	local PREFIX
	107	eval $(ipcalc --prefix ${address} ${broadcast})
	108	assert isset PREFIX
	109
	110	echo "${PREFIX}"
	111	return ${EXIT_OK}
	112	}
	113
ab70371d MT	114	function ipv4_get_netmask() {
	115	local address=${1}
	116	assert isset address
	117
	118	# Add prefix if none given.
	119	local prefix=$(ip_get_prefix ${address})
	120	isset prefix \|\| address="${address}/32"
	121
	122	local NETMASK
	123	eval $(ipcalc --netmask ${address})
	124	assert isset NETMASK
	125
	126	print "${NETMASK}"
	127	return ${EXIT_OK}
	128	}
	129
e9ea243e MT	130	function ipv4_flush_device() {
	131	#
	132	# Flushes all routes, addresses from the device
	133	# and clears the ARP cache.
	134	#
	135
	136	local device=${1}
	137	assert isset device
	138
	139	ip -4 addr flush dev ${device} >/dev/null 2>&1
	140	ip -4 route flush dev ${device} >/dev/null 2>&1
	141	ip -4 neigh flush dev ${device} >/dev/null 2>&1
	142
	143	return 0
c7b93f70	144	}
6f49dbac	145
785afa13 MT	146	function ipv4_prefix2netmask() {
	147	local prefix=${1}
	148	shift
	149
	150	assert isinteger prefix
	151
	152	# XXX this function is a stub
	153
	154	case "${prefix}" in
	155	24)
	156	echo "255.255.255.0"
	157	;;
	158	*)
	159	assert false NOT IMPLEMENTED
	160	;;
	161	esac
e9ea243e	162	}
999d659b MT	163
999d659b MT	164	function ipv4_get_network() {
ab70371d MT	165	local network=$(ipv4_get_network $@)
	166
	167	ipv4_decode ${network}
	168	}
	169
	170	function ipv4_get_network_encoded() {
999d659b MT	171	local net=${1}
	172
	173	local prefix=$(ip_get_prefix ${net})
	174	isset prefix \|\| prefix=32
	175
	176	local mask=0
	177	if [ ${prefix} -ne 0 ]; then
	178	mask=$(( -1 << $(( 32 - ${prefix} )) ))
	179	fi
	180
	181	local addr=$(ip_split_prefix ${net})
	182	addr=$(ipv4_encode ${addr})
	183
ab70371d	184	print "%d" $(( ${addr} & ${mask} ))
999d659b MT	185	}
	186
	187	function ipv4_get_broadcast() {
ab70371d MT	188	local broadcast=$(ipv4_get_broadcast_encoded $@)
	189
	190	ipv4_decode ${broadcast}
	191	}
	192
	193	function ipv4_get_broadcast_encoded() {
999d659b MT	194	local net=${1}
	195
	196	local prefix=$(ip_get_prefix ${net})
	197	assert isset prefix
	198
	199	prefix=$(( 32 - ${prefix} ))
	200
	201	local netmask=0
	202	local broadcast=-1
	203	if [ ${prefix} -eq 32 ]; then
	204	:
	205	else
	206	netmask=$(( -1 << ${prefix} ))
	207	broadcast=$(( $(( 1 << ${prefix} )) - 1))
	208	fi
	209
	210	local addr=$(ip_split_prefix ${net})
	211	addr=$(ipv4_encode ${addr})
	212
ab70371d	213	print "%d" $(( $(( ${addr} & ${netmask} )) \| ${broadcast} ))
999d659b MT	214	}
	215
	216	function ipv4_encode() {
	217	local addr=${1}
	218	local int=0
	219
	220	local field
	221	for field in ${addr//./ }; do
	222	int=$(( $(( ${int} << 8 )) \| ${field} ))
	223	done
	224
	225	print "${int}"
	226	}
	227
	228	function ipv4_decode() {
	229	local int=${1}
	230
	231	local addr=$(( ${int} & 255 ))
	232
	233	local i
	234	for i in 1 2 3; do
	235	int=$(( ${int} >> 8 ))
	236	addr="$(( ${int} & 255 )).${addr}"
	237	done
	238
	239	print "${addr}"
	240	}
	241
ab70371d MT	242	function ipv4_addr_eq() {
	243	local addr1=${1}
	244	assert isset addr1
	245
	246	local addr2=${2}
	247	assert isset addr2
	248
	249	[[ "${addr1}" = "${addr2}" ]] \
	250	&& return ${EXIT_TRUE} \|\| return ${EXIT_FALSE}
	251	}
	252
	253	function ipv4_addr_gt() {
	254	local addr1=${1}
	255	assert isset addr1
	256
	257	local addr2=${2}
	258	assert isset addr2
	259
	260	local addr
	261	for addr in addr1 addr2; do
	262	printf -v ${addr} "%s" "$(ip_encode ${!addr})"
	263	done
	264
	265	[[ ${addr1} -gt ${addr2} ]] \
	266	&& return ${EXIT_TRUE} \|\| return ${EXIT_FALSE}
	267	}
	268
999d659b MT	269	function ipv4_range() {
	270	local range=${1}
	271
	272	local first=${1%-*}
	273	local last=${1#*-}
	274
	275	_ipv4_range "$(ipv4_encode ${first})" "$(ipv4_encode ${last})"
	276	}
	277
	278	function _ipv4_range() {
	279	local first=${1}
	280	local last=${2}
	281
	282	if [ ${first} -gt ${last} ]; then
	283	local range="$(ipv4_decode ${first})-$(ipv4_decode ${last})"
	284
	285	error "Invalid IPv4 address range: ${range}"
	286	return ${EXIT_ERROR}
	287	fi
	288
	289	last=$(( ${last} + 1 ))
	290
	291	local prefix
	292	local x y z
	293	while [ ${last} -gt ${first} ]; do
	294	prefix=
	295	x=31
	296	y=2
	297	z=1
	298
	299	while [ $(( ${first} % ${y} )) -eq 0 ] && [ ${last} -gt $(( ${first} + ${y} )) ]; do
	300	prefix="/${x}"
	301	x=$(( ${x} - 1 ))
	302	z=${y}
	303	y=$(( ${y} * 2 ))
	304	done
	305
	306	print "$(ipv4_decode ${first})${prefix}"
	307	first=$(( ${first} + ${z} ))
	308	done
	309	}
	310
	311	function ipv4_range_explicit() {
	312	local range=${1}
	313
	314	local first last
	315
	316	case "${range}" in
	317	...-...)
	318	first=${range%-*}
	319	last=${range#*-}
	320	;;
	321	.../*)
	322	first=$(ipv4_get_network ${range})
	323	last=$(ipv4_get_broadcast ${range})
	324	;;
	325	esac
	326
	327	_ipv4_range_explicit "$(ipv4_encode ${first})" "$(ipv4_encode ${last})"
	328	}
	329
	330	function _ipv4_range_explicit() {
	331	local first=${1}
	332	local last=${2}
333
334	if [ ${first} -gt ${last} ]; then
335	local range="$(ipv4_decode ${first})-$(ipv4_decode ${last})"
336
337	error "Invalid IPv4 address range: ${range}"
338	return ${EXIT_ERROR}
339	fi
340
341	while [ ${first} -le ${last} ]; do
342	ipv4_decode ${first}
343	first=$(( ${first} + 1 ))
344	done
345	}
ab70371d MT	346
	347	function ipv4_in_subnet() {
	348	local addr=${1}
	349	assert isset addr
	350
	351	local subnet=${2}
	352	assert isset subnet
	353
	354	local subnet_first=$(ipv4_get_network_encoded ${subnet})
	355	local subnet_last=$(ipv4_get_broadcast_encoded ${subnet})
	356
	357	addr=$(ipv4_encode ${addr})
	358
	359	if [[ "${addr}" -ge "${subnet_first}" ]] && [[ "${addr}" -le "${subnet_last}" ]]; then
	360	return ${EXIT_TRUE}
	361	fi
	362
	363	return ${EXIT_FALSE}
	364	}
ef953be2 MT	365
	366	function ipv4_ttl_valid() {
	367	local ttl="${1}"
	368
	369	isinteger ttl \|\| return ${EXIT_FALSE}
	370
	371	# Must be between 10 and 255.
	372	[ "${ttl}" -lt 10 ] && return ${EXIT_FALSE}
	373	[ "${ttl}" -gt 255 ] && return ${EXIT_FALSE}
	374
	375	return ${EXIT_TRUE}
	376	}