This script is creating common bridges now, too and therefore needs a more generic name.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org --- config/rootfiles/common/udev | 2 +- config/udev/60-net.rules | 4 +- config/udev/network-hotplug-bridges | 114 ++++++++++++++++++++++++++++++++++++ config/udev/network-hotplug-macvtap | 114 ------------------------------------ lfs/udev | 4 +- 5 files changed, 119 insertions(+), 119 deletions(-) create mode 100644 config/udev/network-hotplug-bridges delete mode 100644 config/udev/network-hotplug-macvtap
diff --git a/config/rootfiles/common/udev b/config/rootfiles/common/udev index e1f4bd5..1ba82d0 100644 --- a/config/rootfiles/common/udev +++ b/config/rootfiles/common/udev @@ -28,7 +28,7 @@ lib/udev #lib/udev/hwdb.d/60-keyboard.hwdb #lib/udev/init-net-rules.sh #lib/udev/mtd_probe -#lib/udev/network-hotplug-macvtap +#lib/udev/network-hotplug-bridges #lib/udev/network-hotplug-rename #lib/udev/network-hotplug-vlan #lib/udev/rule_generator.functions diff --git a/config/udev/60-net.rules b/config/udev/60-net.rules index e031e7a..fff7513 100644 --- a/config/udev/60-net.rules +++ b/config/udev/60-net.rules @@ -6,5 +6,5 @@ ACTION=="add", SUBSYSTEM=="net", PROGRAM="/lib/udev/network-hotplug-rename", RES # that has just come up. ACTION=="add", SUBSYSTEM=="net", RUN+="/lib/udev/network-hotplug-vlan"
-# Call a script that will set up macvtap interfaces -ACTION=="add", SUBSYSTEM=="net", RUN+="/lib/udev/network-hotplug-macvtap" +# Call a script that will set up zones as bridges +ACTION=="add", SUBSYSTEM=="net", RUN+="/lib/udev/network-hotplug-bridges" diff --git a/config/udev/network-hotplug-bridges b/config/udev/network-hotplug-bridges new file mode 100644 index 0000000..ff6d20a --- /dev/null +++ b/config/udev/network-hotplug-bridges @@ -0,0 +1,114 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2016 IPFire Team info@ipfire.org # +# # +############################################################################ + +[ -n "${INTERFACE}" ] || exit 2 + +eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) + +detect_zone() { + local intf="${INTERFACE%0*}" + intf="${intf^^}" + + local zone + for zone in GREEN BLUE ORANGE RED; do + # Try to find if INTERFACE is the *phys version of a zone + if [ "${intf}" = "${zone}" ]; then + echo "${zone}" + return 0 + fi + + # Try to find out if this INTERFACE is a slave of a zone + local slave + for slave in $(get_value "${zone}_SLAVES"); do + if [ "${INTERFACE}" = "${slave}" ]; then + echo "${zone}" + return 0 + fi + done + done + + return 1 +} + +get_value() { + echo "${!1}" +} + +random_mac_address() { + local address="02" + + for i in $(seq 5); do + printf -v address "${address}:%02x" "$(( RANDOM % 256 ))" + done + + echo "${address}" +} + +# Try to detect which zone we are operating on +ZONE=$(detect_zone) + +# Cannot proceed if we could not find a zone +if [ -z "${ZONE}" ]; then + exit 0 +fi + +# Determine the mode of this zone +MODE="$(get_value "${ZONE}_MODE")" + +# The name of the virtual bridge +BRIDGE="$(get_value "${ZONE}_DEV")" + +case "${MODE}" in + bridge) + ADDRESS="$(get_value "${ZONE}_MACADDR")" + [ -n "${ADDRESS}" ] || ADDRESS="$(random_mac_address)" + + # We need to create the bridge if it doesn't exist, yet + if [ ! -d "/sys/class/net/${BRIDGE}" ]; then + ip link add "${BRIDGE}" address "${ADDRESS}" type bridge + #ip link set "${BRIDGE}" up + fi + + # Attach the physical device + ip link set dev "${INTERFACE}" master "${BRIDGE}" + ip link set dev "${INTERFACE}" up + ;; + + macvtap) + ADDRESS="$(</sys/class/net/${INTERFACE}/address)" + GENERATED_ADDRESS=$(random_mac_address) + + ip link add link "${INTERFACE}" "${BRIDGE}" address "${ADDRESS}" type macvlan mode bridge + ip link set "${INTERFACE}" address "${GENERATED_ADDRESS}" + ip link set "${INTERFACE}" up + ;; + + "") + exit 0 + ;; + + *) + logger -t "network" "Unhandled mode '${MODE}' for '${ZONE}' (${INTERFACE})" + exit 1 + ;; +esac diff --git a/config/udev/network-hotplug-macvtap b/config/udev/network-hotplug-macvtap deleted file mode 100644 index ff6d20a..0000000 --- a/config/udev/network-hotplug-macvtap +++ /dev/null @@ -1,114 +0,0 @@ -#!/bin/bash -############################################################################ -# # -# This file is part of the IPFire Firewall. # -# # -# IPFire is free software; you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation; either version 2 of the License, or # -# (at your option) any later version. # -# # -# IPFire is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with IPFire; if not, write to the Free Software # -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # -# # -# Copyright (C) 2016 IPFire Team info@ipfire.org # -# # -############################################################################ - -[ -n "${INTERFACE}" ] || exit 2 - -eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings) - -detect_zone() { - local intf="${INTERFACE%0*}" - intf="${intf^^}" - - local zone - for zone in GREEN BLUE ORANGE RED; do - # Try to find if INTERFACE is the *phys version of a zone - if [ "${intf}" = "${zone}" ]; then - echo "${zone}" - return 0 - fi - - # Try to find out if this INTERFACE is a slave of a zone - local slave - for slave in $(get_value "${zone}_SLAVES"); do - if [ "${INTERFACE}" = "${slave}" ]; then - echo "${zone}" - return 0 - fi - done - done - - return 1 -} - -get_value() { - echo "${!1}" -} - -random_mac_address() { - local address="02" - - for i in $(seq 5); do - printf -v address "${address}:%02x" "$(( RANDOM % 256 ))" - done - - echo "${address}" -} - -# Try to detect which zone we are operating on -ZONE=$(detect_zone) - -# Cannot proceed if we could not find a zone -if [ -z "${ZONE}" ]; then - exit 0 -fi - -# Determine the mode of this zone -MODE="$(get_value "${ZONE}_MODE")" - -# The name of the virtual bridge -BRIDGE="$(get_value "${ZONE}_DEV")" - -case "${MODE}" in - bridge) - ADDRESS="$(get_value "${ZONE}_MACADDR")" - [ -n "${ADDRESS}" ] || ADDRESS="$(random_mac_address)" - - # We need to create the bridge if it doesn't exist, yet - if [ ! -d "/sys/class/net/${BRIDGE}" ]; then - ip link add "${BRIDGE}" address "${ADDRESS}" type bridge - #ip link set "${BRIDGE}" up - fi - - # Attach the physical device - ip link set dev "${INTERFACE}" master "${BRIDGE}" - ip link set dev "${INTERFACE}" up - ;; - - macvtap) - ADDRESS="$(</sys/class/net/${INTERFACE}/address)" - GENERATED_ADDRESS=$(random_mac_address) - - ip link add link "${INTERFACE}" "${BRIDGE}" address "${ADDRESS}" type macvlan mode bridge - ip link set "${INTERFACE}" address "${GENERATED_ADDRESS}" - ip link set "${INTERFACE}" up - ;; - - "") - exit 0 - ;; - - *) - logger -t "network" "Unhandled mode '${MODE}' for '${ZONE}' (${INTERFACE})" - exit 1 - ;; -esac diff --git a/lfs/udev b/lfs/udev index 61bd337..320f272 100644 --- a/lfs/udev +++ b/lfs/udev @@ -109,8 +109,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) /lib/udev/network-hotplug-rename install -v -m 755 $(DIR_SRC)/config/udev/network-hotplug-vlan \ /lib/udev/network-hotplug-vlan - install -v -m 755 $(DIR_SRC)/config/udev/network-hotplug-macvtap \ - /lib/udev/network-hotplug-macvtap + install -v -m 755 $(DIR_SRC)/config/udev/network-hotplug-bridges \ + /lib/udev/network-hotplug-bridges install -v -m 644 $(DIR_SRC)/config/udev/60-net.rules \ /lib/udev/rules.d