From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sun, 23 Sep 2012 19:18:47 +0000 (+0000)
Subject: vlan: Rewrite VLAN stuff.
X-Git-Tag: 005~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7951525a2ca2d0e0f01e0180a59260979b55992f;p=network.git

vlan: Rewrite VLAN stuff.

Got rid of vconfig and clean up a lot of stuff.
---

diff --git a/functions.cli b/functions.cli
index 5d5b9143..66d7be5a 100644
--- a/functions.cli
+++ b/functions.cli
@@ -118,7 +118,7 @@ function cli_device_headline() {
 
 	if enabled long; then
 		# Virtual devices.
-		device_is_virtual ${device} && cli_device_virtual ${device}
+		device_is_vlan ${device} && cli_device_vlan ${device}
 
 		# Bonded devices.
 		device_is_bonded ${device} && cli_device_bonded ${device}
@@ -154,13 +154,13 @@ function cli_device_stats() {
 	cli_space
 }
 
-function cli_device_virtual() {
+function cli_device_vlan() {
 	local device=${1}
 
 	cli_headline 2 "VLAN"
 
-	cli_print_fmt1 2 "Parent" "$(virtual_get_parent ${device})"
-	cli_print_fmt1 2 "VID" "$(virtual_get_id ${device})"
+	cli_print_fmt1 2 "Parent" "$(vlan_get_parent ${device})"
+	cli_print_fmt1 2 "VID" "$(vlan_get_id ${device})"
 	cli_space
 }
 
diff --git a/functions.device b/functions.device
index c9836c0c..6de949e0 100644
--- a/functions.device
+++ b/functions.device
@@ -185,36 +185,41 @@ function device_get_bridge() {
 	device_ifindex_to_name ${ifindex}
 }
 
-# Check if the device is a virtual device
-function device_is_virtual() {
+# Check if the device is a vlan device
+function device_is_vlan() {
 	local device=${1}
+	assert isset device
 
-	[ -e "/proc/net/vlan/${device}" ]
+	[ -e "${PROC_NET_VLAN}/${device}" ]
 }
 
-# Check if the device has virtual devices
-function device_has_virtuals() {
+# Check if the device has vlan devices
+function device_has_vlans() {
 	local device=${1}
+	assert isset device
 
-	if device_is_virtual ${device}; then
+	if device_is_vlan ${device}; then
 		return ${EXIT_FALSE}
 	fi
 
-	local virtuals=$(device_get_virtuals ${device})
-	[ -n "${virtuals}" ] && return ${EXIT_OK} || return ${EXIT_ERROR}
+	local vlans=$(device_get_vlans ${device})
+	[ -n "${vlans}" ] && return ${EXIT_OK} || return ${EXIT_ERROR}
 }
 
-function device_get_virtuals() {
+function device_get_vlans() {
 	local device=${1}
+	assert isset device
 
 	# If no 8021q module has been loaded into the kernel,
 	# we cannot do anything.
-	[ -r "/proc/net/vlan/config" ] || return ${EXIT_OK}
+	[ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}
 
 	local dev spacer1 id spacer2 parent
 	while read dev spacer1 id spacer2 parent; do
-		[ "${parent}" = "${device}" ] && echo "${dev}"
-	done < /proc/net/vlan/config | sort
+		[ "${parent}" = "${device}" ] || continue
+
+		print "${dev}"
+	done < ${PROC_NET_VLAN_CONFIG}
 }
 
 # Check if the device is a ppp device
@@ -267,7 +272,7 @@ function device_is_ethernet() {
 	device_is_ppp ${device} && \
 		return ${EXIT_ERROR}
 
-	device_is_virtual ${device} && \
+	device_is_vlan ${device} && \
 		return ${EXIT_ERROR}
 
 	[ "$(__device_get_file ${device} type)" != "1" ] && \
@@ -280,7 +285,7 @@ function device_is_ethernet() {
 function device_get_type() {
 	local device=${1}
 
-	if device_is_virtual ${device}; then
+	if device_is_vlan ${device}; then
 		echo "vlan"
 
 	elif device_is_bonding ${device}; then
@@ -419,7 +424,7 @@ function device_is_free() {
 function device_is_used() {
 	local device=${1}
 
-	device_has_virtuals ${device} && \
+	device_has_vlans ${device} && \
 		return ${EXIT_OK}
 	device_is_bonded ${device} && \
 		return ${EXIT_OK}
@@ -483,8 +488,8 @@ function device_set_parent_up() {
 	local device=${1}
 	local parent
 
-	if device_is_virtual ${device}; then
-		parent=$(virtual_get_parent ${device})
+	if device_is_vlan ${device}; then
+		parent=$(vlan_get_parent ${device})
 
 		device_is_up ${parent} && return ${EXIT_OK}
 
@@ -520,8 +525,8 @@ function device_set_parent_down() {
 	local device=${1}
 	local parent
 
-	if device_is_virtual ${device}; then
-		parent=$(virtual_get_parent ${device})
+	if device_is_vlan ${device}; then
+		parent=$(vlan_get_parent ${device})
 
 		device_is_up ${parent} || return ${EXIT_OK}
 
diff --git a/functions.virtual b/functions.virtual
deleted file mode 100644
index ba037ba8..00000000
--- a/functions.virtual
+++ /dev/null
@@ -1,197 +0,0 @@
-#!/bin/bash
-###############################################################################
-#                                                                             #
-# IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
-#                                                                             #
-# This program is free software: you can redistribute it and/or modify        #
-# it under the terms of the GNU General Public License as published by        #
-# the Free Software Foundation, either version 3 of the License, or           #
-# (at your option) any later version.                                         #
-#                                                                             #
-# This program is distributed in the hope that it will be useful,             #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
-# GNU General Public License for more details.                                #
-#                                                                             #
-# You should have received a copy of the GNU General Public License           #
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
-#                                                                             #
-###############################################################################
-
-function virtual_init() {
-	module_load 8021q
-
-	ebtables-restore <<EOF
-*filter
-:INPUT ACCEPT
-:FORWARD ACCEPT
-:OUTPUT ACCEPT
-
-*broute
-:BROUTING ACCEPT
--A BROUTING -p 802_1Q -j DROP
-EOF
-}
-
-function virtual_create() {
-	local port=${1}
-	local vid=${2}
-	local mac=${3}
-	local newport=${port}v${vid}
-
-	if [ -z "${mac}" ]; then
-		mac=$(mac_generate)
-	fi
-
-	# Initialize the vlan drivers just when we need them.
-	virtual_init
-
-	log INFO "Creating virtual device '${newport}' with address '${mac}'."
-
-	local oldport=$(virtual_get_by_parent_and_vid ${port} ${vid})
-
-	if device_exists ${oldport}; then
-		local differences
-
-		if [ "${oldport}" != "${newport}" ]; then
-			differences="${differences} name"
-		fi
-		if [ "$(device_get_address ${oldport})" != "${mac}" ]; then
-			differences="${differences} address"
-		fi
-		
-		echo "differences: $differences"
-
-		if [ -n "${differences}" ]; then
-			if device_is_used ${oldport}; then
-				error_log "There was a device '${oldport}' set up with VID '${vid}' and parent '${port}' which is used somewhere else. Cannot go on." 
-				return ${EXIT_ERROR}
-			else
-				log DEBUG "There is a device '${oldport}' but it not used, so we grab it to ourselves."
-			fi
-		else
-			log DEBUG "Device '${newport}' already exists and reflects our configuration. Go on."
-
-			device_set_up ${oldport}
-			return ${EXIT_OK}
-		fi
-
-	else
-		log DEBUG "Virtual device '${newport}' does not exist, yet."
-
-		vconfig set_name_type DEV_PLUS_VID_NO_PAD >/dev/null
-		vconfig add ${port} ${vid} >/dev/null
-		
-		if [ $? -ne ${EXIT_OK} ]; then
-			error_log "Could not create virtual device '${newport}'."
-			return ${EXIT_ERROR}
-		fi
-
-		oldport=$(virtual_get_by_parent_and_vid ${port} ${vid})
-
-	fi
-
-	assert device_exists ${oldport}
-
-	if ! device_exists ${oldport}; then
-		error "Could not determine the created virtual device '${newport}'."
-		return ${EXIT_ERROR}
-	fi
-
-	# The device is expected to be named like ${port}.${vid}
-	# and will be renamed to the virtual schema
-	device_set_name ${oldport} ${newport}
-
-	if [ $? -ne ${EXIT_OK} ]; then
-		error_log "Could not set name of virtual device '${newport}'."
-		return ${EXIT_ERROR}
-	fi
-
-	assert device_exists ${newport}
-
-	# Setting new mac address
-	device_set_address ${newport} ${mac}
-	
-	if [ $? -ne ${EXIT_OK} ]; then
-		error_log "Could not set address '${mac}' to virtual device '${newport}'."
-		return ${EXIT_ERROR}
-	fi
-
-	# Bring up the new device
-	device_set_up ${newport}
-
-	return ${EXIT_OK}
-}
-
-function virtual_remove() {
-	local device=${1}
-
-	log INFO "Removing virtual device '${device}' with address '$(macify ${device})'."
-
-	device_set_down ${device}
-
-	vconfig rem ${device} >/dev/null
-
-	if [ $? -ne ${EXIT_OK} ]; then
-		error_log "Could not remote virtual device '${newport}'."
-		return ${EXIT_ERROR}
-	fi
-
-	return ${EXIT_OK}
-}
-
-function virtual_get_parent() {
-	local device=${1}
-
-	# Nothing to do, if 8021q module is not loaded.
-	[ -r "/proc/net/vlan/config" ] || return ${EXIT_OK}
-
-	local dev spacer1 id spacer2 parent
-	while read dev spacer1 id spacer2 parent; do
-		if [ "${device}" = "${dev}" ]; then
-			echo "${parent}"
-			return ${EXIT_OK}
-		fi
-	done < /proc/net/vlan/config
-
-	return ${EXIT_ERROR}
-}
-
-function virtual_get_id() {
-	local device=${1}
-
-	# Nothing to do, if 8021q module is not loaded.
-	[ -r "/proc/net/vlan/config" ] || return ${EXIT_OK}
-
-	local dev spacer1 id spacer2 parent
-	while read dev spacer1 id spacer2 parent; do
-		if [ "${device}" = "${dev}" ]; then
-			echo "${id}"
-			return ${EXIT_OK}
-		fi
-	done < /proc/net/vlan/config
-
-	return ${EXIT_ERROR}
-}
-
-function virtual_get_by_parent_and_vid() {
-	local parent=${1}
-	local vid=${2}
-
-	assert isset parent
-	assert isset vid
-
-	# Nothing to do, if 8021q module is not loaded.
-	[ -r "/proc/net/vlan/config" ] || return ${EXIT_OK}
-
-	local dev spacer1 id spacer2 par
-	while read dev spacer1 id spacer2 par; do
-		if [ "${parent}" = "${par}" ] && [ "${vid}" = "${id}" ]; then
-			echo "${dev}"
-			return ${EXIT_OK}
-		fi
-	done < /proc/net/vlan/config
-
-	return ${EXIT_ERROR}
-}
diff --git a/functions.vlan b/functions.vlan
new file mode 100644
index 00000000..8bcf169d
--- /dev/null
+++ b/functions.vlan
@@ -0,0 +1,156 @@
+#!/bin/bash
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2012  IPFire Network Development Team                         #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+PROC_NET_VLAN="/proc/net/vlan"
+PROC_NET_VLAN_CONFIG="${PROC_NET_VLAN}/config"
+
+VLAN_PORT_INTERFIX="v"
+
+function vlan_init() {
+	ebtables-restore <<EOF
+*filter
+:INPUT ACCEPT
+:FORWARD ACCEPT
+:OUTPUT ACCEPT
+
+*broute
+:BROUTING ACCEPT
+-A BROUTING -p 802_1Q -j DROP
+EOF
+}
+
+function vlan_create() {
+	local device=${1}
+	assert isset device
+
+	local parent=${2}
+	assert isset parent
+
+	local tag=${3}
+	assert isinteger tag
+
+	local address=${4}
+	if isset address; then
+		assert ismac address
+	fi
+
+	# Check if a device with the name does already exist.
+	if device_exists ${device}; then
+		log ERROR "device '${device}' does already exist"
+		return ${EXIT_ERROR}
+	fi
+
+	# Check if the parent device exists.
+	if ! device_exists ${parent}; then
+		log ERROR "parent device '${parent}' does not exist"
+		return ${EXIT_ERROR}
+	fi
+
+	# Load ebtables stuff.
+	vlan_init
+
+	local command="ip link add link ${parent} name ${device}"
+
+	if isset address; then
+		command="${command} address ${address}"
+	fi
+
+	command="${command} type vlan id ${tag}"
+
+	cmd_quiet ${command}
+	local ret=$?
+
+	if [ ${ret} -eq ${EXIT_OK} ]; then
+		log DEBUG "vlan device '${device}' has been created"
+	else
+		log ERROR "could not create vlan device '${device}': ${ret}"
+	fi
+
+	return ${ret}
+}
+
+function vlan_remove() {
+	local device=${1}
+	assert isset device
+
+	# Set down device (if not already done).
+	device_set_down ${device}
+
+	device_delete ${device}
+}
+
+function vlan_get_parent() {
+	local device=${1}
+	assert isset device
+
+	# Nothing to do, if 8021q module is not loaded.
+	[ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}
+
+	local dev spacer1 id spacer2 parent
+	while read dev spacer1 id spacer2 parent; do
+		[ "${device}" = "${dev}" ] || continue
+
+		print "${parent}"
+		return ${EXIT_OK}
+	done < ${PROC_NET_VLAN_CONFIG}
+
+	return ${EXIT_ERROR}
+}
+
+function vlan_get_id() {
+	local device=${1}
+	assert isset device
+
+	# Nothing to do, if 8021q module is not loaded.
+	[ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}
+
+	local dev spacer1 id spacer2 parent
+	while read dev spacer1 id spacer2 parent; do
+		[ "${device}" = "${dev}" ] || continue
+
+		print "${id}"
+		return ${EXIT_OK}
+	done < ${PROC_NET_VLAN_CONFIG}
+
+	return ${EXIT_ERROR}
+}
+
+function vlan_get_by_parent_and_vid() {
+	local parent=${1}
+	assert isset parent
+
+	local vid=${2}
+	assert isset vid
+
+	# Nothing to do, if 8021q module is not loaded.
+	[ -r "${PROC_NET_VLAN_CONFIG}" ] || return ${EXIT_OK}
+
+	local dev spacer1 id spacer2 par
+	while read dev spacer1 id spacer2 par; do
+		[ "${parent}" = "${par}" ] || continue
+		[ "${vid}" = "${id}" ] || continue
+
+		print "${dev}"
+		return ${EXIT_OK}
+	done < ${PROC_NET_VLAN_CONFIG}
+
+	return ${EXIT_ERROR}
+}
diff --git a/hooks/ports/virtual b/hooks/ports/vlan
similarity index 79%
rename from hooks/ports/virtual
rename to hooks/ports/vlan
index 4117c2fd..66b98eb3 100755
--- a/hooks/ports/virtual
+++ b/hooks/ports/vlan
@@ -21,17 +21,18 @@
 
 . /usr/lib/network/header-port
 
-HOOK_SETTINGS="HOOK ADDRESS PARENT TAG"
+HOOK_SETTINGS="HOOK ADDRESS PARENT_DEVICE TAG"
 
 PORT_PARENTS_VAR="PARENT"
 
-ADDRESS=$(mac_generate)
-
 function _check() {
-	assert isset PARENT
-	assert ismac ADDRESS
+	assert isset PARENT_DEVICE
 	assert isinteger TAG
 
+	if isset ADDRESS; then
+		assert ismac ADDRESS
+	fi
+
 	if [ ${TAG} -gt 4096 ]; then
 		error "TAG is greater than 4096."
 		exit ${EXIT_ERROR}
@@ -49,14 +50,14 @@ function _check() {
 function _create() {
 	while [ $# -gt 0 ]; do
 		case "${1}" in
-			--device=*)
-				PARENT=${1#--device=}
+			--parent-device=*)
+				PARENT_DEVICE=$(cli_get_val ${1})
 				;;
-			--mac=*)
-				ADDRESS=${1#--mac=}
+			--address=*)
+				ADDRESS=$(cli_get_val ${1})
 				;;
-			--id=*)
-				TAG=${1#--id=}
+			--tag=*)
+				TAG=$(cli_get_val ${1})
 				;;
 			*)
 				warning "Unknown argument '${1}'"
@@ -65,7 +66,7 @@ function _create() {
 		shift
 	done
 
-	local port="${PARENT}v${TAG}"
+	local port="${PARENT_DEVICE}${VLAN_PORT_INTERFIX}${TAG}"
 
 	config_write $(port_file ${port}) ${HOOK_SETTINGS}
 
@@ -74,16 +75,15 @@ function _create() {
 
 function _edit() {
 	local port=${1}
-	shift
-
 	assert isset port
+	shift
 
 	config_read $(port_file ${port})
 
 	while [ $# -gt 0 ]; do
 		case "${1}" in
-			--mac=*)
-				ADDRESS=${1#--mac=}
+			--address=*)
+				ADDRESS=$(cli_get_val ${1})
 				;;
 			*)
 				warning "Unknown argument '${1}'"
@@ -99,30 +99,35 @@ function _edit() {
 
 function _up() {
 	local port=${1}
-
 	assert isset port
 
-	config_read $(port_file ${port})
-
 	if ! device_exists ${port}; then
-		virtual_create ${PARENT} ${TAG} ${ADDRESS}
+		# Read configuration file.
+		config_read $(port_file ${port}) ${HOOK_SETTINGS}
+
+		vlan_create ${port} ${PARENT_DEVICE} ${TAG} ${ADDRESS}
 	fi
 
+	# Bring up the device.
+	device_set_up ${port}
+
 	exit ${EXIT_OK}
 }
 
 function _down() {
 	local port=${1}
-
 	assert isset port
 
-	config_read $(port_file ${port})
-
+	# Exit, if the port does not exist.
 	if ! device_exists ${port}; then
 		exit ${EXIT_OK}
 	fi
 
-	virtual_remove ${port}
+	# Tear down the port.
+	device_set_down ${port}
+
+	# Remove the port.
+	vlan_remove ${port}
 
 	exit ${EXIT_OK}
 }
diff --git a/hooks/zones/bridge.ports/virtual b/hooks/zones/bridge.ports/vlan
similarity index 100%
rename from hooks/zones/bridge.ports/virtual
rename to hooks/zones/bridge.ports/vlan
diff --git a/network b/network
index d8e6e729..3c3b1006 100755
--- a/network
+++ b/network
@@ -146,14 +146,14 @@ function cli_device_status() {
 	cli_print_fmt1 1 "Promisc"	"$(cli_print_bool $?)"
 	cli_space
 
-	# Print all virtual devices.
-	local virtuals=$(device_get_virtuals ${device})
-	if [ -n "${virtuals}" ]; then
-		cli_headline 2 "Virtual devices"
-
-		local virtual
-		for virtual in ${virtuals}; do
-			cli_print 2 "* %-6s - %s" "${virtual}" "$(device_get_address ${virtual})"
+	# Print all vlan devices.
+	local vlans=$(device_get_vlans ${device})
+	if [ -n "${vlans}" ]; then
+		cli_headline 2 "VLAN devices"
+
+		local vlan
+		for vlan in ${vlans}; do
+			cli_print 2 "* %-6s - %s" "${vlan}" "$(device_get_address ${vlan})"
 		done
 		cli_space
 	fi