src/functions/functions.vlan

   1 #!/bin/bash
   2 ###############################################################################
   3 #                                                                             #
   4 # IPFire.org - A linux based firewall                                         #
   5 # Copyright (C) 2012  IPFire Network Development Team                         #
   6 #                                                                             #
   7 # This program is free software: you can redistribute it and/or modify        #
   8 # it under the terms of the GNU General Public License as published by        #
   9 # the Free Software Foundation, either version 3 of the License, or           #
  10 # (at your option) any later version.                                         #
  11 #                                                                             #
  12 # This program is distributed in the hope that it will be useful,             #
  13 # but WITHOUT ANY WARRANTY; without even the implied warranty of              #
  14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
  15 # GNU General Public License for more details.                                #
  16 #                                                                             #
  17 # You should have received a copy of the GNU General Public License           #
  18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
  19 #                                                                             #
  20 ###############################################################################
  21
  22 PROC_NET_VLAN="/proc/net/vlan"
  23 PROC_NET_VLAN_CONFIG="${PROC_NET_VLAN}/config"
  24
  25 VLAN_PORT_INTERFIX="v"
  26
  27 function vlan_init() {
  28         ebtables-restore <<EOF
  29 *filter
  30 :INPUT ACCEPT
  31 :FORWARD ACCEPT
  32 :OUTPUT ACCEPT
  33
  34 *broute
  35 :BROUTING ACCEPT
  36 -A BROUTING -p 802_1Q -j DROP
  37 EOF
  38 }
  39
  40 function vlan_create() {
  41         local device=${1}
  42         assert isset device
  43
  44         local parent=${2}
  45         assert isset parent
  46
  47         local tag=${3}
  48         assert isinteger tag
  49
  50         local address=${4}
  51         if isset address; then
  52                 assert ismac address
  53         fi
  54
  55         # Check if a device with the name does already exist.
  56         if device_exists ${device}; then
  57                 log ERROR "device '${device}' does already exist"
  58                 return ${EXIT_ERROR}
  59         fi
  60
  61         # Check if the parent device exists.
  62         if ! device_exists ${parent}; then
  63                 log ERROR "parent device '${parent}' does not exist"
  64                 return ${EXIT_ERROR}
  65         fi
  66
  67         # Load ebtables stuff.
  68         vlan_init
  69
  70         local command="ip link add link ${parent} name ${device}"
  71
  72         if isset address; then
  73                 command="${command} address ${address}"
  74         fi
  75
  76         command="${command} type vlan id ${tag}"
  77
  78         cmd_quiet ${command}
  79         local ret=$?
  80
  81         if [ ${ret} -eq ${EXIT_OK} ]; then
  82                 log DEBUG "vlan device '${device}' has been created"
  83         else
  84                 log ERROR "could not create vlan device '${device}': ${ret}"
  85         fi
  86
  87         return ${ret}
  88 }
  89
  90 function vlan_remove() {
  91         local device=${1}
  92         assert isset device
  93
  94         # Set down device (if not already done).
  95         device_set_down ${device}
  96
  97         device_delete ${device}
  98 }
  99
 100 function vlan_get_parent() {
 101         local device=${1}
 102         assert isset device
 103
 104         # Nothing to do, if 8021q module is not loaded.
 105         [ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}
 106
 107         local dev spacer1 id spacer2 parent
 108         while read dev spacer1 id spacer2 parent; do
 109                 [ "${device}" = "${dev}" ] || continue
 110
 111                 print "${parent}"
 112                 return ${EXIT_OK}
 113         done < ${PROC_NET_VLAN_CONFIG}
 114
 115         return ${EXIT_ERROR}
 116 }
 117
 118 function vlan_get_id() {
 119         local device=${1}
 120         assert isset device
 121
 122         # Nothing to do, if 8021q module is not loaded.
 123         [ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}
 124
 125         local dev spacer1 id spacer2 parent
 126         while read dev spacer1 id spacer2 parent; do
 127                 [ "${device}" = "${dev}" ] || continue
 128
 129                 print "${id}"
 130                 return ${EXIT_OK}
 131         done < ${PROC_NET_VLAN_CONFIG}
 132
 133         return ${EXIT_ERROR}
 134 }
 135
 136 function vlan_get_by_parent_and_vid() {
 137         local parent=${1}
 138         assert isset parent
 139
 140         local vid=${2}
 141         assert isset vid
 142
 143         # Nothing to do, if 8021q module is not loaded.
 144         [ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}
 145
 146         local dev spacer1 id spacer2 par
 147         while read dev spacer1 id spacer2 par; do
 148                 [ "${parent}" = "${par}" ] || continue
 149                 [ "${vid}" = "${id}" ] || continue
 150
 151                 print "${dev}"
 152                 return ${EXIT_OK}
 153         done < ${PROC_NET_VLAN_CONFIG}
 154
 155         return ${EXIT_ERROR}
 156 }