This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via b6f790fcb7b50bb2ed938e0a49ecdad2142d8f71 (commit) via 55495f4dcb79d2ac1754069db937fa9400019290 (commit) via fadf701755d7008aad6ae18a2b8ff00e8c5837b1 (commit) via e1b234b5ebdd094e884c81f0c2f0f04c057459ae (commit) via 2634100d31d605301a6921d36b7f8f011ec285f4 (commit) via 9ed6ed2406665619f73af5e88beb36609315fab2 (commit) via 920ab081c5587062f7a285b5553b2ab4d1e8d028 (commit) via 018b171aced816af47cf96fdae7fbddb932b9b86 (commit) via e09bf765a519d4d3b6bbffc7244cf0089298d4b5 (commit) from 9493ba5445fac3640c2d9858064c1c127403fbf5 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit b6f790fcb7b50bb2ed938e0a49ecdad2142d8f71 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Oct 8 22:47:03 2010 +0200
naoki: Remove left over logging call.
commit 55495f4dcb79d2ac1754069db937fa9400019290 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Oct 8 20:57:12 2010 +0200
openssl: Move libs /usr/lib -> /lib.
commit fadf701755d7008aad6ae18a2b8ff00e8c5837b1 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Oct 8 17:10:16 2010 +0200
grep: Update to 2.7.
commit e1b234b5ebdd094e884c81f0c2f0f04c057459ae Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Oct 8 17:09:47 2010 +0200
dansguardian: New package.
commit 2634100d31d605301a6921d36b7f8f011ec285f4 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Oct 10 00:06:00 2010 +0200
network: Give it its own git repository at...
http://git.ipfire.org/?p=network.git;a=summary
commit 9ed6ed2406665619f73af5e88beb36609315fab2 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Oct 9 19:58:35 2010 +0200
naoki: Add ssh-keyput.
commit 920ab081c5587062f7a285b5553b2ab4d1e8d028 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Oct 9 18:08:12 2010 +0200
naoki: Speed up dependency resolution process.
commit 018b171aced816af47cf96fdae7fbddb932b9b86 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Oct 8 20:29:55 2010 +0200
polkit: Enable gobject-introspection.
We cannot build man pages because of the lack of docbook and so we let them out for now.
commit e09bf765a519d4d3b6bbffc7244cf0089298d4b5 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Oct 8 20:29:24 2010 +0200
gobject-introspection: Create strong dependency from devel to main package.
-----------------------------------------------------------------------
Summary of changes: naoki/dependencies.py | 64 ++- .../udisks.nm => dansguardian/dansguardian.nm} | 31 +- .../dansguardian/patches/dansguardian-gcc44.patch | 55 ++ .../gobject-introspection/gobject-introspection.nm | 4 +- pkgs/core/grep/grep.nm | 4 +- pkgs/core/network/network.nm | 25 +- pkgs/core/network/src/functions | 43 -- pkgs/core/network/src/functions.aiccu | 141 ----- pkgs/core/network/src/functions.bonding | 140 ----- pkgs/core/network/src/functions.bridge | 117 ---- pkgs/core/network/src/functions.cli | 517 --------------- pkgs/core/network/src/functions.colors | 53 -- pkgs/core/network/src/functions.constants | 72 --- pkgs/core/network/src/functions.db | 113 ---- pkgs/core/network/src/functions.device | 539 ---------------- pkgs/core/network/src/functions.ethernet | 20 - pkgs/core/network/src/functions.events | 48 -- pkgs/core/network/src/functions.hook | 211 ------- pkgs/core/network/src/functions.ip | 52 -- pkgs/core/network/src/functions.ipv4 | 76 --- pkgs/core/network/src/functions.ipv6 | 331 ---------- pkgs/core/network/src/functions.logging | 40 -- pkgs/core/network/src/functions.ports | 250 -------- pkgs/core/network/src/functions.ppp | 112 ---- pkgs/core/network/src/functions.red | 97 --- pkgs/core/network/src/functions.routing | 90 --- pkgs/core/network/src/functions.stp | 468 -------------- pkgs/core/network/src/functions.util | 417 ------------- pkgs/core/network/src/functions.virtual | 178 ------ pkgs/core/network/src/functions.wireless | 296 --------- pkgs/core/network/src/functions.zone | 659 -------------------- pkgs/core/network/src/header-config | 49 -- pkgs/core/network/src/header-port | 73 --- pkgs/core/network/src/header-zone | 334 ---------- pkgs/core/network/src/hooks/ports/bonding | 205 ------ pkgs/core/network/src/hooks/ports/ethernet | 105 ---- pkgs/core/network/src/hooks/ports/virtual | 154 ----- pkgs/core/network/src/hooks/ports/wireless-ap | 201 ------ pkgs/core/network/src/hooks/zones/aiccu | 131 ---- pkgs/core/network/src/hooks/zones/bridge | 187 ------ .../src/hooks/zones/bridge.configs/ipv4-static | 175 ------ .../src/hooks/zones/bridge.configs/ipv6-static | 138 ---- .../network/src/hooks/zones/bridge.ports/bonding | 1 - .../network/src/hooks/zones/bridge.ports/ethernet | 155 ----- .../network/src/hooks/zones/bridge.ports/virtual | 1 - .../src/hooks/zones/bridge.ports/wireless-ap | 1 - pkgs/core/network/src/hooks/zones/pppoe | 288 --------- .../network/src/hooks/zones/pppoe.ports/bonding | 1 - .../network/src/hooks/zones/pppoe.ports/ethernet | 115 ---- .../network/src/hooks/zones/pppoe.ports/virtual | 1 - pkgs/core/network/src/network | 59 -- pkgs/core/network/src/ppp/ip-updown | 44 -- pkgs/core/openssl/openssl.nm | 7 +- pkgs/core/polkit/polkit.nm | 10 +- tools/quality-agent.d/099-strip | 1 - tools/ssh-keyput | 92 +++ 56 files changed, 238 insertions(+), 7553 deletions(-) copy pkgs/core/{udisks/udisks.nm => dansguardian/dansguardian.nm} (67%) create mode 100644 pkgs/core/dansguardian/patches/dansguardian-gcc44.patch delete mode 100644 pkgs/core/network/src/functions delete mode 100644 pkgs/core/network/src/functions.aiccu delete mode 100644 pkgs/core/network/src/functions.bonding delete mode 100644 pkgs/core/network/src/functions.bridge delete mode 100644 pkgs/core/network/src/functions.cli delete mode 100644 pkgs/core/network/src/functions.colors delete mode 100644 pkgs/core/network/src/functions.constants delete mode 100644 pkgs/core/network/src/functions.db delete mode 100644 pkgs/core/network/src/functions.device delete mode 100644 pkgs/core/network/src/functions.ethernet delete mode 100644 pkgs/core/network/src/functions.events delete mode 100644 pkgs/core/network/src/functions.hook delete mode 100644 pkgs/core/network/src/functions.ip delete mode 100644 pkgs/core/network/src/functions.ipv4 delete mode 100644 pkgs/core/network/src/functions.ipv6 delete mode 100644 pkgs/core/network/src/functions.logging delete mode 100644 pkgs/core/network/src/functions.ports delete mode 100644 pkgs/core/network/src/functions.ppp delete mode 100644 pkgs/core/network/src/functions.red delete mode 100644 pkgs/core/network/src/functions.routing delete mode 100644 pkgs/core/network/src/functions.stp delete mode 100644 pkgs/core/network/src/functions.util delete mode 100644 pkgs/core/network/src/functions.virtual delete mode 100644 pkgs/core/network/src/functions.wireless delete mode 100644 pkgs/core/network/src/functions.zone delete mode 100644 pkgs/core/network/src/header-config delete mode 100644 pkgs/core/network/src/header-port delete mode 100644 pkgs/core/network/src/header-zone delete mode 100755 pkgs/core/network/src/hooks/ports/bonding delete mode 100755 pkgs/core/network/src/hooks/ports/ethernet delete mode 100755 pkgs/core/network/src/hooks/ports/virtual delete mode 100755 pkgs/core/network/src/hooks/ports/wireless-ap delete mode 100755 pkgs/core/network/src/hooks/zones/aiccu delete mode 100755 pkgs/core/network/src/hooks/zones/bridge delete mode 100755 pkgs/core/network/src/hooks/zones/bridge.configs/ipv4-static delete mode 100755 pkgs/core/network/src/hooks/zones/bridge.configs/ipv6-static delete mode 120000 pkgs/core/network/src/hooks/zones/bridge.ports/bonding delete mode 100755 pkgs/core/network/src/hooks/zones/bridge.ports/ethernet delete mode 120000 pkgs/core/network/src/hooks/zones/bridge.ports/virtual delete mode 120000 pkgs/core/network/src/hooks/zones/bridge.ports/wireless-ap delete mode 100755 pkgs/core/network/src/hooks/zones/pppoe delete mode 120000 pkgs/core/network/src/hooks/zones/pppoe.ports/bonding delete mode 100644 pkgs/core/network/src/hooks/zones/pppoe.ports/ethernet delete mode 120000 pkgs/core/network/src/hooks/zones/pppoe.ports/virtual delete mode 100755 pkgs/core/network/src/network delete mode 100755 pkgs/core/network/src/ppp/ip-updown create mode 100644 tools/ssh-keyput
Difference in files: diff --git a/naoki/dependencies.py b/naoki/dependencies.py index 9578aaa..3463183 100644 --- a/naoki/dependencies.py +++ b/naoki/dependencies.py @@ -59,12 +59,22 @@ class DependencySet(object): self._dependencies = [] self._items = []
+ # caches + self.__provides = {} + self.__dependencies = {} + # add all provided dependencies for dependency in dependencies: self.add_dependency(dependency)
logging.debug("Successfully initialized %s" % self)
+ @property + def hash(self): + hash = ["%s" % i for i in self._items] + + return "".join(hash) + def __repr__(self): return "<%s>" % (self.__class__.__name__)
@@ -106,13 +116,15 @@ class DependencySet(object): # Safe for endless loop counter = 1000
- while self.unresolved_dependencies: + while True: counter -= 1 if not counter: logging.debug("Maximum count of dependency loop was reached") break
- dependency = self.unresolved_dependencies.pop(0) + dependency = self.next_unresolved_dependency + if not dependency: + break
logging.debug("Processing dependency: %s" % dependency.identifier)
@@ -151,10 +163,20 @@ class DependencySet(object):
@property def unresolved_dependencies(self): + return self.calculate_unresolved_dependencies(next=False) + + @property + def next_unresolved_dependency(self): + d = self.calculate_unresolved_dependencies(next=True) + if d: + return d[0] + + def calculate_unresolved_dependencies(self, next=False): dependencies = []
- # XXX These are not so nice because they possibly check all packages - # and do not break after the first match + # Cache provides + provides = self.provides + for dependency in self._dependencies + self.dependencies: if dependency.type == DEP_INVALID: continue @@ -168,20 +190,30 @@ class DependencySet(object): if found: continue
- for provide in self.provides: - if dependency.match(provide): - found = True - break - - if found: - continue + #for provide in provides: + # if dependency.match(provide): + # found = True + # break + # + #if found: + # continue
dependencies.append(dependency)
+ # If next is set return only one. + if next: + return dependencies + return dependencies
@property def dependencies(self): + if not self.__dependencies.has_key(self.hash): + self.__dependencies[self.hash] = self.calculate_dependencies() + + return self.__dependencies[self.hash] + + def calculate_dependencies(self): dependencies = [] for item in self._items: dependencies += item.get_dependencies() @@ -192,14 +224,20 @@ class DependencySet(object): def packages(self): return sorted(self._items)
- @property - def provides(self): + def calculate_provides(self): provides = [] for item in self._items: provides += item.get_provides()
return list(set(provides))
+ @property + def provides(self): + if not self.__provides.has_key(self.hash): + self.__provides[self.hash] = self.calculate_provides() + + return self.__provides[self.hash] +
if __name__ == "__main__": import architectures diff --git a/pkgs/core/dansguardian/dansguardian.nm b/pkgs/core/dansguardian/dansguardian.nm new file mode 100644 index 0000000..137f7b8 --- /dev/null +++ b/pkgs/core/dansguardian/dansguardian.nm @@ -0,0 +1,59 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include $(PKGROOT)/Include + +PKG_NAME = dansguardian +PKG_VER = 2.10.1.1 +PKG_REL = 0 + +PKG_MAINTAINER = +PKG_GROUP = Networking/Proxy +PKG_URL = http://www.dansguardian.org/ +PKG_LICENSE = GPLv2+ +PKG_SUMMARY = A content filtering web proxy. + +PKG_BUILD_DEPS+= gcc-c++ pcre-devel pkg-config zlib-devel + +define PKG_DESCRIPTION + DansGuardian filters the content of pages based on many methods including \ + phrase matching, PICS filtering and URL filtering. It does not purely filter \ + based on a banned list of sites. \ + \ + It provides real-time virus scanning capabilities for content access. \ + \ + DansGuardian is designed to be completely flexible and allows you to tailor the \ + filtering to your exact needs. It can be as draconian or as unobstructive as \ + you want. The default settings are geared towards what a primary school might \ + want but DansGuardian puts you in control of what you want to block. \ + \ + DansGuardian requires squid or another similar caching proxy server on your \ + local network. +endef + +PKG_TARBALL = $(THISAPP).tar.gz + +CONFIGURE_OPTIONS += \ + --sysconfdir=/etc \ + --localstatedir=/var diff --git a/pkgs/core/dansguardian/patches/dansguardian-gcc44.patch b/pkgs/core/dansguardian/patches/dansguardian-gcc44.patch new file mode 100644 index 0000000..3cdef6e --- /dev/null +++ b/pkgs/core/dansguardian/patches/dansguardian-gcc44.patch @@ -0,0 +1,55 @@ +diff -ruN dansguardian-2.10.1.1.orig/src/ConnectionHandler.cpp dansguardian-2.10.1.1/src/ConnectionHandler.cpp +--- dansguardian-2.10.1.1.orig/src/ConnectionHandler.cpp 2009-02-25 12:36:22.000000000 +0100 ++++ dansguardian-2.10.1.1/src/ConnectionHandler.cpp 2009-07-15 12:02:09.801533048 +0200 +@@ -45,6 +45,7 @@ + + #ifdef ENABLE_ORIG_IP + #include <linux/types.h> ++#include <limits.h> + #include <linux/netfilter_ipv4.h> + #endif + +diff -ruN dansguardian-2.10.1.1.orig/src/contentscanners/clamav.cpp dansguardian-2.10.1.1/src/contentscanners/clamav.cpp +--- dansguardian-2.10.1.1.orig/src/contentscanners/clamav.cpp 2008-11-18 12:27:04.000000000 +0100 ++++ dansguardian-2.10.1.1/src/contentscanners/clamav.cpp 2009-07-15 11:59:12.316495912 +0200 +@@ -26,6 +26,7 @@ + #include "../ContentScanner.hpp" + #include "../OptionContainer.hpp" + ++#include <cstdio> + #include <syslog.h> + #include <sys/time.h> + #include <sys/types.h> +diff -ruN dansguardian-2.10.1.1.orig/src/contentscanners/commandlinescan.cpp dansguardian-2.10.1.1/src/contentscanners/commandlinescan.cpp +--- dansguardian-2.10.1.1.orig/src/contentscanners/commandlinescan.cpp 2008-11-18 12:27:04.000000000 +0100 ++++ dansguardian-2.10.1.1/src/contentscanners/commandlinescan.cpp 2009-07-15 11:59:12.317495697 +0200 +@@ -28,6 +28,7 @@ + #include "../OptionContainer.hpp" + #include "../RegExp.hpp" + ++#include <cstdio> + #include <syslog.h> + #include <sys/time.h> + #include <sys/types.h> +diff -ruN dansguardian-2.10.1.1.orig/src/contentscanners/icapscan.cpp dansguardian-2.10.1.1/src/contentscanners/icapscan.cpp +--- dansguardian-2.10.1.1.orig/src/contentscanners/icapscan.cpp 2008-11-18 12:27:04.000000000 +0100 ++++ dansguardian-2.10.1.1/src/contentscanners/icapscan.cpp 2009-07-15 11:59:12.318495062 +0200 +@@ -29,6 +29,7 @@ + #include "../ContentScanner.hpp" + #include "../OptionContainer.hpp" + ++#include <cstdio> + #include <syslog.h> + #include <sys/time.h> + #include <sys/types.h> +diff -ruN dansguardian-2.10.1.1.orig/src/downloadmanagers/fancy.cpp dansguardian-2.10.1.1/src/downloadmanagers/fancy.cpp +--- dansguardian-2.10.1.1.orig/src/downloadmanagers/fancy.cpp 2008-11-18 12:27:04.000000000 +0100 ++++ dansguardian-2.10.1.1/src/downloadmanagers/fancy.cpp 2009-07-15 11:59:12.319495964 +0200 +@@ -26,6 +26,7 @@ + #include "../HTMLTemplate.hpp" + #include "../ConnectionHandler.hpp" + ++#include <cstdio> + #include <syslog.h> + #include <sys/time.h> + #include <sys/types.h> diff --git a/pkgs/core/gobject-introspection/gobject-introspection.nm b/pkgs/core/gobject-introspection/gobject-introspection.nm index 9aa0e27..97ee77a 100644 --- a/pkgs/core/gobject-introspection/gobject-introspection.nm +++ b/pkgs/core/gobject-introspection/gobject-introspection.nm @@ -26,7 +26,7 @@ include $(PKGROOT)/Include
PKG_NAME = gobject-introspection PKG_VER = 0.9.3 -PKG_REL = 0 +PKG_REL = 1
PKG_MAINTAINER = PKG_GROUP = Development/Libraries @@ -37,6 +37,8 @@ PKG_SUMMARY = Introspection system for GObject-based libraries. PKG_BUILD_DEPS+= bison cairo-devel flex glib2-devel libffi-devel libtool \ pkg-config python-devel
+PKG_DEPS-$(PKG_NAME_REAL)-devel += $(PKG_NAME_REAL) + define PKG_DESCRIPTION GObject Introspection can scan C header and source files in order \ to generate introspection "typelib" files. It also provides an API to \ diff --git a/pkgs/core/grep/grep.nm b/pkgs/core/grep/grep.nm index 36ef6cd..9fbd803 100644 --- a/pkgs/core/grep/grep.nm +++ b/pkgs/core/grep/grep.nm @@ -25,7 +25,7 @@ include $(PKGROOT)/Include
PKG_NAME = grep -PKG_VER = 2.6.2 +PKG_VER = 2.7 PKG_REL = 0
PKG_MAINTAINER = @@ -34,7 +34,7 @@ PKG_URL = http://www.gnu.org/software/grep/ PKG_LICENSE = GPLv3+ PKG_SUMMARY = A pattern matching utilities.
-PKG_DEPS += pcre +PKG_BUILD_DEPS+= pcre-devel
define PKG_DESCRIPTION The GNU versions of commonly used grep utilities. Grep searches through \ diff --git a/pkgs/core/network/network.nm b/pkgs/core/network/network.nm index 0554d38..30cf750 100644 --- a/pkgs/core/network/network.nm +++ b/pkgs/core/network/network.nm @@ -25,7 +25,7 @@ include $(PKGROOT)/Include
PKG_NAME = network -PKG_VER = +PKG_VER = 0.99.0 PKG_REL = 0
PKG_MAINTAINER = Michael Tremer michael.tremer@ipfire.org @@ -34,6 +34,7 @@ PKG_URL = http://www.ipfire.org/ PKG_LICENSE = GPLv3+ PKG_SUMMARY = The IPFire Networking Scripts.
+PKG_BUILD_DEPS = # Need no gcc PKG_DEPS += bash bridge-utils coreutils dhcp grep iproute2 ppp sqlite \ upstart vlan
@@ -41,26 +42,6 @@ define PKG_DESCRIPTION This script installs the IPFire Networking Scripts. endef
-PKG_TARBALL = - -define STAGE_PREPARE - cp -vrf $(DIR_SOURCE)/src $(DIR_APP) -endef +PKG_TARBALL = $(THISAPP).tar.gz
STAGE_BUILD = # Do nothing - -define STAGE_INSTALL - -mkdir -pv $(BUILDROOT)/etc/{network,ppp} - -mkdir -pv $(BUILDROOT)/lib/network - -mkdir -pv $(BUILDROOT)/sbin - -mkdir -pv $(BUILDROOT)/var/log/network - - install -m 755 -v $(DIR_APP)/network $(BUILDROOT)/sbin - - cp -rfv $(DIR_APP)/{hooks,header*,functions*} $(BUILDROOT)/lib/network/ - - install -m 755 -v $(DIR_APP)/ppp/ip-updown $(BUILDROOT)/etc/ppp - ln -svf ip-updown $(BUILDROOT)/etc/ppp/ip-pre-up - ln -svf ip-updown $(BUILDROOT)/etc/ppp/ip-up - ln -svf ip-updown $(BUILDROOT)/etc/ppp/ip-down -endef diff --git a/pkgs/core/network/src/functions b/pkgs/core/network/src/functions deleted file mode 100644 index befdd14..0000000 --- a/pkgs/core/network/src/functions +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash - -INIT_FUNCTIONS="" - -function init_register() { - INIT_FUNCTIONS="${INIT_FUNCTIONS} $@" -} - -function init_run() { - local init - for init in ${INIT_FUNCTIONS}; do - ${init} - done -} - -for file in /lib/network/functions.*; do - . ${file} -done - -# Reading in network tool configuration -network_config_read - -# Create run dir -if ! [ -d "${RUN_DIR}" ]; then - mkdir ${RUN_DIR} -fi - -# Set colour mode -case "${COLOURS}" in - auto) - colours_auto_disable - ;; - off|0) - colours_disable - ;; - on|1) - # Do nothing - ;; - *) - warning_log "Unknown parameter given for COLOURS: ${COLOURS}" - ;; -esac - diff --git a/pkgs/core/network/src/functions.aiccu b/pkgs/core/network/src/functions.aiccu deleted file mode 100644 index 5a49edd..0000000 --- a/pkgs/core/network/src/functions.aiccu +++ /dev/null @@ -1,141 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function aiccu_init() { - log INFO "Initializing aiccu." - mkdir -p $(aiccu_config_dir) -} - -init_register aiccu_init - -function aiccu_config_dir() { - local device=${1} - - echo "${RUN_DIR}/aiccu/${device}" -} - -function aiccu_start() { - local device=${1} - shift - - assert isset device - - local config_dir=$(aiccu_config_dir ${device}) - mkdir -p ${config_dir} - - local config_file=${config_dir}/config - aiccu_configure ${device} $@ > ${config_file} - - aiccu start ${config_file} &>/dev/null - local ret=$? - - case "${ret}" in - 0) - log DEBUG "Aiccu was successfully started for '${device}'." - return ${EXIT_OK} - ;; - *) - error_log "Could not start aiccu properly for '${device}'." - - error_log "Configuration file dump:" - local line - while read line; do - error_log " ${line}" - done < ${config_file} - - return ${EXIT_ERROR} - ;; - esac -} - -function aiccu_stop() { - local device=${1} - - assert isset device - - aiccu stop $(aiccu_config_dir ${device})/config - - rm -rf $(aiccu_config_dir ${device}) -} - -function aiccu_configure() { - local device=${1} - - assert isset device - - local user - local secret - local server - local protocol="tic" - local tunnel_id - - while [ $# -gt 0 ]; do - case "${1}" in - --user=*) - user=$(cli_get_val ${1}) - ;; - --secret=*) - secret=$(cli_get_val ${1}) - ;; - --server=*) - server=$(cli_get_val ${1}) - ;; - --protocol=*) - protocol=$(cli_get_val ${1}) - ;; - --tunnel-id=*) - tunnel_id=$(cli_get_val ${1}) - ;; - esac - shift - done - - assert isset user - assert isset secret - assert isset server - assert isset protocol - assert isoneof protocol tic tsp l2tp - -cat <<EOF -## AICCU configuration for ${zone} - -username ${user} -password ${secret} - -server ${server} -protocol ${protocol} - -$(isset tunnel_id && echo "tunnel_id ${tunnel_id}") - -ipv6_interface ${device} - -verbose true -daemonize true -automatic true - -pidfile $(aiccu_config_dir ${zone})/pid - -#setupscript /tmp/aiccu.sh - -EOF - - return ${EXIT_OK} -} diff --git a/pkgs/core/network/src/functions.bonding b/pkgs/core/network/src/functions.bonding deleted file mode 100644 index 74a4d09..0000000 --- a/pkgs/core/network/src/functions.bonding +++ /dev/null @@ -1,140 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function bonding_init() { - if ! grep -q "^bonding" /proc/modules; then - modprobe bonding - - bonding_remove bond0 - fi -} - -init_register bonding_init - -function bonding_create() { - local device=${1} - local mac=${2} - - [ -z "${mac}" ] && mac=$(mac_generate) - - log INFO "Creating bonding device '${device}' (${mac})." - - echo "+${device}" > /sys/class/net/bonding_masters - device_set_address ${device} ${mac} - device_set_up ${device} -} - -function bonding_remove() { - local device=$(devicify ${1}) - - assert isset device - - log INFO "Remove bonding device '${device}'." - - device_set_down ${device} - echo "-${device}" > /sys/class/net/bonding_masters -} - -function bonding_set_mode() { - local device=${1} - local mode=${2} - - log INFO "Setting bonding mode on '${device}' '${mode}'." - - echo "${mode}" > /sys/class/net/${device}/bonding/mode -} - -function bonding_get_mode() { - local device=${1} - - local mode mode_num - read mode mode_num < ${SYS_CLASS_NET}/${device}/bonding/mode - echo "${mode}" -} - -function bonding_enslave_device() { - local device=$(devicify ${1}) - local slave=$(devicify ${2}) - shift 2 - - assert isset device - assert isset slave - - log INFO "Enslaving slave '${slave}' to '${device}'." - - device_set_down ${slave} - echo "+${slave}" > /sys/class/net/${device}/bonding/slaves -} - -function bonding_get_slaves() { - local device=${1} - - cat ${SYS_CLASS_NET}/${device}/bonding/slaves -} - -function bonding_get_active_slave() { - local device=${1} - - cat ${SYS_CLASS_NET}/${device}/bonding/active_slave -} - -# XXX function bonding_get_lacp_rate? - -function bonding_get_miimon() { - local device=${1} - - cat ${SYS_CLASS_NET}/${device}/bonding/miimon -} - -function bonding_set_miimon() { - local device=${1} - local miimon=${2} - - echo "${miimon}" > ${SYS_CLASS_NET}/${device}/bonding/miimon -} - -function bonding_device_print() { - local device=${1} - - ethernet_device_print ${device} - - echo # Empty line - - printf "${DEVICE_PRINT_LINE1}" "Mode:" "$(bonding_get_mode ${device})" - printf "${DEVICE_PRINT_LINE1}" "Slaves:" "$(bonding_get_slaves ${device})" -} - -function bonding_slave_get_master() { - local slave=${1} - - assert isset slave - assert device_is_bonded ${slave} - - local device - for device in $(devices_get_all); do - if device_is_bonding ${device} && listmatch ${slave} $(bonding_get_slaves ${device}); then - echo "${device}" - return ${EXIT_OK} - fi - done - - return ${EXIT_ERROR} -} diff --git a/pkgs/core/network/src/functions.bridge b/pkgs/core/network/src/functions.bridge deleted file mode 100644 index edf54be..0000000 --- a/pkgs/core/network/src/functions.bridge +++ /dev/null @@ -1,117 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function bridge_attach_device() { - local bridge=${1} - local device=${2} - - assert isset bridge - assert isset device - - assert device_exists ${bridge} - assert device_exists ${device} - - # If device is already attached, exit silently - if listmatch ${device} $(bridge_get_members ${bridge}); then - return ${EXIT_OK} - fi - - log INFO "Attaching device '${device}' to bridge '${bridge}'." - - brctl addif ${bridge} ${device} -} - -function bridge_detach_device() { - local bridge=${1} - local device=${2} - - assert isset bridge - assert isset device - - if ! device_exists ${bridge}; then - error "Bridge '${bridge}' does not exist." - return ${EXIT_ERROR} - fi - - if ! device_exists ${device}; then - return ${EXIT_OK} - fi - - # If device is not attached, exit silently - if ! listmatch ${device} $(bridge_get_members ${bridge}); then - return ${EXIT_OK} - fi - - log INFO "Detaching device '${device}' from bridge '${bridge}'." - - brctl delif ${bridge} ${device} -} - -function bridge_get_members() { - local bridge=${1} - - assert isset bridge - - local member - for member in ${SYS_CLASS_NET}/${bridge}/brif/*; do - member=$(basename ${member}) - if device_exists ${member}; then - echo "${member}" - fi - done -} - -function bridge_is_forwarding() { - local seconds=45 - local zone=${1} - - bridge_has_carrier ${zone} || return ${EXIT_ERROR} - - local device - while [ ${seconds} -gt 0 ]; do - for device in ${SYS_CLASS_NET}/${zone}/brif/*; do - [ -e "${device}/state" ] || continue - if [ "$(<${device}/state)" = "3" ]; then - return ${EXIT_OK} - fi - done - sleep 1 - seconds=$((${seconds} - 1)) - done - - return ${EXIT_ERROR} -} - -function bridge_has_carrier() { - local zone=${1} - - local has_carrier=${EXIT_ERROR} - - local device - for device in ${SYS_CLASS_NET}/${zone}/brif/*; do - device=$(basename ${device}) - device_exists ${device} || continue - - device_has_carrier ${device} && has_carrier=${EXIT_OK} - done - - return ${has_carrier} -} diff --git a/pkgs/core/network/src/functions.cli b/pkgs/core/network/src/functions.cli deleted file mode 100644 index aa0bddf..0000000 --- a/pkgs/core/network/src/functions.cli +++ /dev/null @@ -1,517 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function cli_config() { - if cli_help_requested $@; then - cli_usage root-config - exit ${EXIT_OK} - fi - - if [ -n "${1}" ]; then - network_config_set $@ - else - network_config_print - fi -} - -function cli_device() { - if device_config_exists ${1}; then - local device=${1} - local action=${2} - shift 2 - - case "${action}" in - down|up) - device_${action} ${device} $@ - ;; - esac - else - local action=${1} - shift - - case "${action}" in - create) - device_${action} $@ - ;; - - discover) - echo "# XXX need to implement --raw here" - local device - for device in ${devices}; do - cli_device_discover ${device} $@ - done - ;; - - show|"") - local device - for device in $(device_get $@); do - device_print ${device} - done - ;; - *) - cli_usage device - ;; - esac - fi -} - -function cli_device_discover() { - local device=${1} - shift - - local device_type=$(device_get_type ${device}) - if [ "${device_type}" != "real" ]; then - return ${EXIT_OK} - fi - - local raw - - while [ $# -gt 0 ]; do - case "${1}" in - --raw) - raw=1 - ;; - esac - shift - done - - local up - device_is_up ${device} && up=1 - device_set_up ${device} - - enabled raw || echo "${device}" - - local hook - local out - local ret - for hook in $(hook_zone_get_all); do - out=$(hook_zone_exec ${hook} discover ${device}) - ret=$? - - [ ${ret} -eq ${DISCOVER_NOT_SUPPORTED} ] && continue - - if enabled raw; then - case "${ret}" in - ${DISCOVER_OK}) - echo "${hook}: OK" - local line - while read line; do - echo "${hook}: ${line}" - done <<<"${out}" - ;; - - ${DISCOVER_ERROR}) - echo "${hook}: FAILED" - ;; - esac - else - case "${ret}" in - ${DISCOVER_OK}) - echo " ${hook} was successful." - local line - while read line; do - echo " ${line}" - done <<<"${out}" - ;; - - ${DISCOVER_ERROR}) - echo " ${hook} failed." - ;; - esac - fi - done - - echo # New line - - [ "${up}" = "1" ] || device_set_down ${device} -} - -function cli_port() { - if cli_help_requested $@; then - cli_usage root-port - exit ${EXIT_OK} - fi - - local action - local port - - if port_exists ${1}; then - port=${1} - action=${2} - shift 2 - - # Action aliases - case "${action}" in - start) - action="up" - ;; - stop) - action="down" - ;; - show) - action="status" - ;; - esac - - case "${action}" in - edit|up|down|status) - port_${action} ${port} $@ - ;; - *) - error "Unrecognized argument: ${action}" - exit ${EXIT_ERROR} - ;; - esac - else - action=${1} - shift - - case "${action}" in - create|destroy) - port_${action} $@ - ;; - *) - error "Unrecognized argument: ${action}" - exit ${EXIT_ERROR} - ;; - esac - fi -} - -function cli_zone() { - if cli_help_requested $@; then - cli_usage root-zone - exit ${EXIT_OK} - fi - - local action - local zone - - if zone_name_is_valid ${1}; then - zone=${1} - action=${2} - shift 2 - - # Action aliases - case "${action}" in - start) - action="up" - ;; - stop) - action="down" - ;; - show) - action="status" - ;; - esac - - case "${action}" in - config|down|edit|port|status|up) - zone_${action} ${zone} $@ - ;; - *) - error "Unrecognized argument: ${action}" - cli_usage root-zone-subcommands - exit ${EXIT_ERROR} - ;; - esac - else - action=${1} - shift - - case "${action}" in - create|remove) - zone_${action} $@ - ;; - ""|*) - if [ -n "${action}" ]; then - error "Unrecognized argument: '${action}'" - echo - fi - - cli_usage root-zone - exit ${EXIT_ERROR} - ;; - esac - fi -} - -function cli_start() { - if cli_help_requested $@; then - cli_usage root-start - exit ${EXIT_OK} - fi - - local zones=$(zones_get $@) - - local zone - for zone in ${zones}; do - zone_up ${zone} - done -} - -function cli_stop() { - if cli_help_requested $@; then - cli_usage root-stop - exit ${EXIT_OK} - fi - - local zones=$(zones_get $@) - - local zone - for zone in ${zones}; do - zone_down ${zone} - done -} - -function cli_restart() { - if cli_help_requested $@; then - cli_usage root-restart - exit ${EXIT_OK} - fi - - cli_stop $@ - - # Give the system some time to calm down - sleep ${TIMEOUT_RESTART} - - cli_start $@ -} - -function cli_status() { - if cli_help_requested $@; then - cli_usage root-status - exit ${EXIT_OK} - fi - - local zones=$(zones_get $@) - - local zone - for zone in ${zones}; do - zone_status ${zone} - done -} - -function cli_reset() { - if cli_help_requested $@; then - cli_usage root-reset - exit ${EXIT_OK} - fi - - warning_log "Will reset the whole network configuration!!!" - - # Force mode is disabled by default - local force=0 - - while [ $# -gt 0 ]; do - case "${1}" in - --force|-f) - force=1 - ;; - esac - shift - done - - # If we are not running in force mode, we ask the user if he does know - # what he is doing. - if ! enabled force; then - if ! cli_yesno "Do you really want to reset the whole network configuration?"; then - exit ${EXIT_ERROR} - fi - fi - - local zone - for zone in $(zones_get --all); do - zone_remove ${zone} - done - - local port - for port in $(ports_get --all); do - port_remove ${port} - done - - # Re-run the initialization functions - init_run - - exit ${EXIT_OK} -} - -function cli_help_requested() { - local argument="${1}" - - if [ -n "${argument}" ]; then - if listmatch ${argument} help -h --help; then - return ${EXIT_OK} - fi - fi - - return ${EXIT_ERROR} -} - -function cli_usage() { - local what=${1} - - case "${what}" in - root) - echo "${0}: [command] <options ...>" - echo - echo " start - ..." - echo " stop - ..." - echo " restart - ..." - echo " status - ..." - echo - echo " config - ..." - echo - echo " device - ..." - echo " zone - ..." - echo - ;; - root-config) - echo "${0}: ${what#root-} [KEY=VAL, ...]" - echo - echo " This command allows setting of global configuration parameters." - echo - echo " If no additional arguments are passed it will list the current configuration." - echo - echo " You can overwrite the settings like the following:" - echo - echo " ${0} ${what#root-} DEBUG=1 ..." - echo - ;; - root-reset) - echo "${0}: ${what#root-} [--force | -f]" - echo - echo " This command resets the network configuration." - echo - echo " Will delete all zones and ports." - echo - echo -e " ${COLOUR_RED}USE WITH CAUTION!${COLOUR_NORMAL}" - echo - ;; - root-start|root-stop|root-restart) - echo "${0}: ${what#root-} [--local-only|--remote-only|--all|<zone>...]" - echo - echo " This commands ${what#root-}s all zones by default." - echo " One can pass several parameters to only process a subset of all" - echo " available zones:" - echo - echo -e " ${COLOUR_BOLD}--local-only${COLOUR_NORMAL}" - echo " Process all local zones which includes every zone without red." - echo - echo -e " ${COLOUR_BOLD}--remote-only${COLOUR_NORMAL}" - echo " Process all remote zones which means only the red ones." - echo - echo -e " ${COLOUR_BOLD}--all${COLOUR_NORMAL}" - echo " Process all zones. This is the default parameter." - echo - echo " Additionally, you can pass one or more zone names which will" - echo " be processed." - echo - ;; - root-status) - echo "${0}: ${what#root-} [--local-only|--remote-only|--all|<zone>...]" - echo - echo " This commands shows status information of all zones by default." - echo " One can pass several parameters to only process a subset of all" - echo " available zones:" - echo - echo -e " ${COLOUR_BOLD}--local-only${COLOUR_NORMAL}" - echo " Process all local zones which includes every zone without red." - echo - echo -e " ${COLOUR_BOLD}--remote-only${COLOUR_NORMAL}" - echo " Process all remote zones which means only the red ones." - echo - echo -e " ${COLOUR_BOLD}--all${COLOUR_NORMAL}" - echo " Process all zones. This is the default parameter." - echo - echo " Additionally, you can pass one or more zone names which will" - echo " be processed." - echo - ;; - root-zone) - echo "${0}: ${what#root-} <create|remove> <zone> [<type> <options...>]" - echo - echo " Create or remove a zone." - echo - echo -e " ${COLOUR_BOLD}create <zone> <type> <options>${COLOUR_NORMAL}" - echo " Create a new zone of type <type> where <zone> is an allowed" - echo " zone name." - echo - echo -e " ${COLOUR_BOLD}remove <zone>${COLOUR_NORMAL}" - echo " Remove the zone <zone>." - echo - echo " You may also edit the configuration of the zones." - echo - echo -e " ${COLOUR_BOLD}<zone> ...${COLOUR_NORMAL}" - echo " Edit the zone <zone>." - echo - ;; - usage) - echo - echo " Run '${0} help' to get information how to use this tool." - echo - ;; - *) - error "No help available for this command '${what}'." - echo - ;; - esac - - echo "Network configuration tool. Report all bugs to http://bugs.ipfire.org." -} - -function cli_status_headline() { - local zone=${1} - - local state="${COLOUR_DOWN}DOWN${COLOUR_NORMAL}" - zone_is_up ${zone} && state="${COLOUR_UP}UP${COLOUR_NORMAL}" - - echo -e "${zone} - ${state} - $(zone_get_hook ${zone})" -} - -function cli_headline() { - echo - echo -e "${COLOUR_BOLD}$@${COLOUR_NORMAL}" -} - -function cli_yesno() { - local message="$@ [y/N] " - local yesno - - echo - echo -ne "${message}" - read yesno - - if listmatch ${yesno} y Y j J yes YES Yes; then - return ${EXIT_OK} - fi - - return ${EXIT_ERROR} -} - -function cli_get_key() { - local key="${1%%=*}" - echo "${key/--/}" -} - -function cli_get_val() { - echo "${1##*=}" -} diff --git a/pkgs/core/network/src/functions.colors b/pkgs/core/network/src/functions.colors deleted file mode 100644 index c0de260..0000000 --- a/pkgs/core/network/src/functions.colors +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -COLOUR_GREEN="\033[1;32m" -COLOUR_RED="\033[1;31m" -COLOUR_NORMAL="\033[0;39m" -COLOUR_YELLOW="\033[1;35m" - -COLOUR_BOLD="\033[1;39m" -COLOUR_DOWN=${COLOUR_RED} -COLOUR_ERROR=${COLOUR_RED} -COLOUR_OK=${COLOUR_GREEN} -COLOUR_UP=${COLOUR_GREEN} -COLOUR_WARN=${COLOUR_YELLOW} - -COLOUR_ENABLED=${COLOUR_GREEN} -COLOUR_DISABLED=${COLOUR_RED} - -COLOUR_STP_FORWARDING=${COLOUR_GREEN} -COLOUR_STP_DISCARDING=${COLOUR_RED} -COLOUR_STP_LEARNING=${COLOUR_YELLOW} -COLOUR_STP_BLOCKING=${COLOUR_YELLOW} - -function colours_disable() { - local line - for line in $(set | grep "^COLOUR_"); do - unset ${line%%=*} - done -} - -function colours_auto_disable() { - if [ "${TERM}" = "dumb" ]; then - colours_disable - fi -} diff --git a/pkgs/core/network/src/functions.constants b/pkgs/core/network/src/functions.constants deleted file mode 100644 index efca146..0000000 --- a/pkgs/core/network/src/functions.constants +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -# Enable colors by default -COLOURS="auto" - -BASE_DIR=/lib/network -CONFIG_DIR=/etc/network -HOOKS_DIR=${BASE_DIR}/hooks -LOG_DIR=/var/log/network -RUN_DIR=/var/run/network -ZONE_DIR=${CONFIG_DIR} - -RED_RUN=${RUN_DIR}/red -PPP_SECRETS=/etc/ppp/secrets - -CONFIG_FILE=${CONFIG_DIR}/network_config -CONFIG_FILE_PARAMS="COLOURS DEBUG SHELL TIMEOUT_RESTART" - -RED_DB_DIR=${RUN_DIR}/red - -DB_CONNECTION_FILE="${LOG_DIR}/connections.db" - -# Proper error codes -EXIT_OK=0 -EXIT_ERROR=1 -EXIT_CONF_ERROR=2 -EXIT_ERROR_ASSERT=3 - -STATUS_UP=0 -STATUS_DOWN=1 -STATUS_NOCARRIER=2 - -STATUS_TEXT[${STATUS_UP}]="UP" -STATUS_TEXT[${STATUS_DOWN}]="DOWN" -STATUS_TEXT[${STATUS_NOCARRIER}]="NO CARRIER" - -STATUS_COLOUR[${STATUS_UP}]=${COLOUR_GREEN} -STATUS_COLOUR[${STATUS_DOWN}]=${COLOUR_RED} -STATUS_COLOUR[${STATUS_NOCARRIER}]=${COLOUR_YELLOW} - -DISCOVER_OK=0 -DISCOVER_ERROR=1 -DISCOVER_NOT_SUPPORTED=2 - -# The user is able to create zones that begin with these names -VALID_ZONES="green orange red grey" - -SYS_CLASS_NET="/sys/class/net" - -# Timeout values -TIMEOUT_RESTART=2 - -DEVICE_PRINT_LINE1=" %-24s %s\n" diff --git a/pkgs/core/network/src/functions.db b/pkgs/core/network/src/functions.db deleted file mode 100644 index 23e0e35..0000000 --- a/pkgs/core/network/src/functions.db +++ /dev/null @@ -1,113 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function db_connection_init() { - if [ -e "${DB_CONNECTION_FILE}" ]; then - return ${EXIT_OK} - fi - - log DEBUG "Creating connection database ${DB_CONNECTION_FILE}." - - sqlite3 -batch ${DB_CONNECTION_FILE} <<EOF -CREATE TABLE log( - id INTEGER PRIMARY KEY AUTOINCREMENT, - zone TEXT, - time INTEGER, - state TEXT -); - -CREATE VIEW current as - SELECT zone, time, state FROM log GROUP BY zone; - -EOF -} - -function db_connection_update() { - local zone=${1} - local action=${2} - shift 2 - - db_connection_init - - log DEBUG "Writing connection to database: zone=${zone} action=${action}." - - sqlite3 -batch ${DB_CONNECTION_FILE} <<EOF -INSERT INTO log(zone, time, state) - VALUES('${zone}', strftime('%s', 'now', 'utc'), '${action}'); -EOF -} - -function db_ppp_init() { - local file=${1} - - if [ -e "${file}" ]; then - return ${EXIT_OK} - fi - - log DEBUG "Creating ppp database ${file}." - - sqlite3 -batch ${file} <<EOF -CREATE TABLE accounting( - id INTEGER PRIMARY KEY AUTOINCREMENT, - time INTEGER, - duration INTEGER, - rcvd INTEGER, - sent INTEGER -); -EOF -} - -function db_ppp_update() { - local zone=${1} - shift - - local rcvd - local sent - local duration - - while [ $# -gt 0 ]; do - case "${1}" in - --rcvd=*) - rcvd=${1#--rcvd=} - ;; - --sent=*) - sent=${1#--sent=} - ;; - --duration=*) - duration=${1#--duration=} - ;; - esac - shift - done - - local file="${LOG_DIR}/ppp_${zone}.db" - - db_ppp_init ${file} - - local time=$(( $(date -u +"%s") - ${duration} )) - - log DEBUG "Writing accounting data: time=${time} duration=${duration} rcvd=${rcvd} sent=${sent}." - - sqlite3 -batch ${file} <<EOF -INSERT INTO accounting(time, duration, rcvd, sent) - VALUES('${time}', '${duration}', '${rcvd}', '${sent}'); -EOF -} diff --git a/pkgs/core/network/src/functions.device b/pkgs/core/network/src/functions.device deleted file mode 100644 index 3bf8df5..0000000 --- a/pkgs/core/network/src/functions.device +++ /dev/null @@ -1,539 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function devicify() { - local device=${1} - - assert isset device - - if device_exists ${device}; then - echo "${device}" - return ${EXIT_OK} - fi - - local d - for d in $(devices_get_all); do - if [ "$(device_get_address ${d})" = "${device}" ]; then - echo "${d}" - return ${EXIT_OK} - fi - done - - return ${EXIT_ERROR} -} - -function macify() { - local device=${1} - - assert isset device - - if mac_is_valid ${device}; then - echo "${device}" - return ${EXIT_OK} - fi - - if device_exists ${device}; then - device_get_address ${device} - return ${EXIT_OK} - fi - - return ${EXIT_ERROR} -} - -# Check if the device exists -function device_exists() { - local device=${1} - - # If device name was not found, exit. - [ -n "${device}" ] || return ${EXIT_ERROR} - - [ -d "${SYS_CLASS_NET}/${device}" ] -} - -# Check if the device is up -function device_is_up() { - local device=${1} - - device_exists ${device} || return ${EXIT_ERROR} - - ip link show ${device} 2>/dev/null | grep -qE "<.*UP.*>" -} - -# Check if the device is a bonding device -function device_is_bonding() { - [ -d "/sys/class/net/${1}/bonding" ] -} - -# Check if the device bonded in a bonding device -function device_is_bonded() { - local device=${1} - - [ -d "${SYS_CLASS_NET}/${device}/master" ] -} - -# Check if the device is a bridge -function device_is_bridge() { - [ -d "/sys/class/net/${1}/bridge" ] -} - -function device_is_bridge_attached() { - local device=${1} - - [ -d "${SYS_CLASS_NET}/${device}/brport" ] -} - -# Check if the device is a virtual device -function device_is_virtual() { - local device=${1} - - [ -e "/proc/net/vlan/${device}" ] -} - -# Check if the device has virtual devices -function device_has_virtuals() { - local device=${1} - - if device_is_virtual ${device}; then - return 1 - fi - - if [ ! -e "/proc/net/vlan/config" ]; then - return 1 - fi - grep -q "${1}$" /proc/net/vlan/config -} - -# Check if the device is a ppp device -function device_is_ppp() { - local device=${1} - - ip link show ${device} 2>/dev/null | grep -qE "<.*POINTOPOINT.*>" -} - -# Check if the device is a loopback device -function device_is_loopback() { - local device=$(devicify ${1}) - [ "${device}" = "lo" ] -} - -# Check if the device is a physical network interface -function device_is_real() { - local device=${1} - - device_is_loopback ${device} && \ - return ${EXIT_ERROR} - - device_is_bonding ${device} && \ - return ${EXIT_ERROR} - - device_is_bridge ${device} && \ - return ${EXIT_ERROR} - - device_is_ppp ${device} && \ - return ${EXIT_ERROR} - - device_is_virtual ${device} && \ - return ${EXIT_ERROR} - - [ "$(__device_get_file ${device} type)" != "1" ] && \ - return ${EXIT_ERROR} - - return ${EXIT_OK} -} - -# Get the device type -function device_get_type() { - local device=$(devicify ${1}) - - if device_is_virtual ${device}; then - echo "vlan" - - elif device_is_bonding ${device}; then - echo "bonding" - - elif device_is_bridge ${device}; then - echo "bridge" - - elif device_is_ppp ${device}; then - echo "ppp" - - elif device_is_loopback ${device}; then - echo "loopback" - - elif device_is_real ${device}; then - echo "real" - - else - echo "unknown" - fi -} - -function device_get_status() { - local device=${1} - - assert isset device - - local status=${STATUS_UNKNOWN} - - if ! device_has_carrier ${device}; then - status=${STATUS_NOCARRIER} - elif device_is_up ${device}; then - status=${STATUS_UP} - elif device_is_down ${device}; then - status=${STATUS_DOWN} - fi - - assert isset status - - echo "${status}" -} - -function device_get_address() { - local device=${1} - - cat ${SYS_CLASS_NET}/${device}/address 2>/dev/null -} - -function device_set_address() { - local device=${1} - local addr=${2} - - if ! device_exists ${device}; then - error "Device '${device}' does not exist." - return ${EXIT_ERROR} - fi - - log INFO "Setting address of '${device}' to '${addr}' - was $(device_get_address ${device})." - - local up - if device_is_up ${device}; then - device_set_down ${device} - up=1 - fi - - ip link set ${device} address ${addr} - local ret=$? - - if [ "${up}" = "1" ]; then - device_set_up ${device} - fi - - if [ "${ret}" != "0" ]; then - error_log "Could not set address '${addr}' on device '${device}'." - fi - - return ${ret} -} - -function device_get() { - local device - local devices - - for device in ${SYS_CLASS_NET}/*; do - device=$(basename ${device}) - - # bonding_masters is no device - [ "${device}" = "bonding_masters" ] && continue - - devices="${devices} ${device}" - done - - echo ${devices} - return ${EXIT_OK} -} - -function devices_get_all() { - device_get -} - -# Check if a device has a cable plugged in -function device_has_carrier() { - local device=$(devicify ${1}) - [ "$(<${SYS_CLASS_NET}/${device}/carrier)" = "1" ] -} - -function device_is_promisc() { - local device=${1} - - ip link show ${device} | grep -qE "<.*PROMISC.*>" -} - -# Check if the device is free -function device_is_free() { - ! device_is_used $@ -} - -# Check if the device is used -function device_is_used() { - local device=$(devicify ${1}) - - device_has_virtuals ${device} && \ - return ${EXIT_OK} - device_is_bonded ${device} && \ - return ${EXIT_OK} - device_is_bridge_attached ${device} && \ - return ${EXIT_OK} - - return ${EXIT_ERROR} -} - -function device_hash() { - local device=${1} - - # Get mac address of device and remove all colons (:) - # that will result in a hash. - device=$(macify ${device}) - - echo "${device//:/}" -} - -# Give the device a new name -function device_set_name() { - local source=$1 - local destination=${2} - - # Check if devices exists - if ! device_exists ${source} || device_exists ${destination}; then - return 4 - fi - - local up - if device_is_up ${source}; then - ip link set ${source} down - up=1 - fi - - ip link set ${source} name ${destination} - - if [ "${up}" = "1" ]; then - ip link set ${destination} up - fi -} - -# Set device up -function device_set_up() { - local device=$(devicify ${1}) - - # Silently fail if device was not found - [ -z "${device}" ] && return ${EXIT_ERROR} - - # Do nothing if device is already up - device_is_up ${device} && return ${EXIT_OK} - - device_set_parent_up ${device} - - log DEBUG "Setting up device '${device}'" - - ip link set ${device} up -} - -function device_set_parent_up() { - local device=${1} - local parent - - if device_is_virtual ${device}; then - parent=$(virtual_get_parent ${device}) - - device_is_up ${parent} && return ${EXIT_OK} - - log DEBUG "Setting up parent device '${parent}' of '${device}'" - - device_set_up ${parent} - return $? - fi - - return ${EXIT_OK} -} - -# Set device down -function device_set_down() { - local device=$(devicify ${1}) - - local ret=${EXIT_OK} - - if device_is_up ${device}; then - log DEBUG "Tearing down device '${device}'" - - ip link set ${device} down - ret=$? - fi - - device_set_parent_down ${device} - - return ${ret} -} - -function device_set_parent_down() { - local device=${1} - local parent - - if device_is_virtual ${device}; then - parent=$(virtual_get_parent ${device}) - - device_is_up ${parent} || return ${EXIT_OK} - - if device_is_free ${parent}; then - log DEBUG "Tearing down parent device '${parent}' of '${device}'" - - device_set_down ${parent} - fi - fi - - return ${EXIT_OK} -} - -function device_get_mtu() { - local device=${1} - - if ! device_exists ${device}; then - error "Device '${device}' does not exist." - return ${EXIT_ERROR} - fi - - echo $(<${SYS_CLASS_NET}/${device}/mtu) -} - -# Set mtu to a device -function device_set_mtu() { - local device=${1} - local mtu=${2} - - if ! device_exists ${device}; then - error "Device '${device}' does not exist." - return ${EXIT_ERROR} - fi - - local oldmtu=$(device_get_mtu ${device}) - - if [ "${oldmtu}" = "${mtu}" ]; then - # No need to set mtu. - return ${EXIT_OK} - fi - - log INFO "Setting mtu of '${device}' to '${mtu}' - was ${oldmtu}." - - local up - if device_is_up ${device}; then - device_set_down ${device} - up=1 - fi - - ip link set ${device} mtu ${mtu} - local ret=$? - - if [ "${up}" = "1" ]; then - device_set_up ${device} - fi - - if [ "${ret}" != "0" ]; then - error_log "Could not set mtu '${mtu}' on device '${device}'." - fi - - return ${ret} -} - -function device_discover() { - local device=${1} - - log INFO "Running discovery process on device '${device}'." - - local hook - for hook in $(hook_zone_get_all); do - hook_zone_exec ${hook} discover ${device} - done -} - -function device_has_ipv4() { - local device=${1} - local addr=${2} - - if ! device_exists ${device}; then - error "Device '${device}' does not exist." - return ${EXIT_ERROR} - fi - - ip addr show ${device} | grep -q -e "inet " -e "${addr}" -} - -function device_has_ipv6() { - local device=${1} - local addr=${2} - - if ! device_exists ${device}; then - error "Device '${device}' does not exist." - return ${EXIT_ERROR} - fi - - local prefix=${addr##*/} - addr=$(ipv6_implode ${addr%%/*}) - - if [ -n "${prefix}" ]; then - addr="${addr}/${prefix}" - fi - - ip addr show ${device} | grep -q "inet6 ${addr}" -} - -function __device_get_file() { - local device=${1} - local file=${2} - - assert isset device - assert isset file - - cat ${SYS_CLASS_NET}/${device}/${file} -} - -function device_get_rx_bytes() { - local device=${1} - - __device_get_file ${device} statistics/rx_bytes -} - -function device_get_tx_bytes() { - local device=${1} - - __device_get_file ${device} statistics/tx_bytes -} - -function device_get_rx_packets() { - local device=${1} - - __device_get_file ${device} statistics/rx_packets -} - -function device_get_tx_packets() { - local device=${1} - - __device_get_file ${device} statistics/tx_packets -} - -function device_get_rx_errors() { - local device=${1} - - __device_get_file ${device} statistics/rx_errors -} - -function device_get_tx_errors() { - local device=${1} - - __device_get_file ${device} statistics/tx_errors -} diff --git a/pkgs/core/network/src/functions.ethernet b/pkgs/core/network/src/functions.ethernet deleted file mode 100644 index 71cd5ad..0000000 --- a/pkgs/core/network/src/functions.ethernet +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### diff --git a/pkgs/core/network/src/functions.events b/pkgs/core/network/src/functions.events deleted file mode 100644 index 895f801..0000000 --- a/pkgs/core/network/src/functions.events +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function event_emit() { - local event=${1} - shift - - log DEBUG "Emitting event '${event}' ($@)" - - initctl emit ${event} $@ -} - -function event_firewall_reload() { - event_emit firewall-reload -} - -function event_interface_up() { - local iface=${1} - - event_emit network-interface-up IFACE=${iface} - - # XXX Just for now - routing_default_update -} - -function event_interface_down() { - local iface=${1} - - event_emit network-interface-down IFACE=${iface} -} diff --git a/pkgs/core/network/src/functions.hook b/pkgs/core/network/src/functions.hook deleted file mode 100644 index d193266..0000000 --- a/pkgs/core/network/src/functions.hook +++ /dev/null @@ -1,211 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function hook_dir() { - local type=${1} - - if [ -n "${type}" ]; then - type="/${type}s" - fi - - echo "${HOOKS_DIR}${type}" -} - -function hook_exists() { - local type=${1} - local hook=${2} - - assert isset type - assert isset hook - - local hook_dir=$(hook_dir ${type}) - - [ -d "${hook_dir}/${hook}" ] && return ${EXIT_ERROR} - - [ -x "${hook_dir}/${hook}" ] -} - -function hook_exec() { - local type=${1} - local hook=${2} - shift 2 - - assert isset type - assert isset hook - - if ! hook_exists ${type} ${hook}; then - error "Hook '${hook}' does not exist." - return ${EXIT_ERROR} - fi - - exec_cmd $(hook_dir ${type})/${hook} $@ -} - -function config_get_hook() { - local config=${1} - - assert isset config - assert [ -e "${config}" ] - - ( - . ${config} - echo "${HOOK}" - ) -} - -## Wrappers around the hook functions for zones - -function hook_zone_exists() { - hook_exists zone $@ -} - -function hook_zone_port_exists() { - local hook_zone=${1} - local hook_port=${2} - - hook_zone_exists ${hook_zone} || return ${EXIT_ERROR} - - [ -x "$(hook_dir zone)/${hook_zone}.ports/${hook_port}" ] -} - -function hook_zone_config_exists() { - local hook_zone=${1} - local hook_config=${2} - - hook_zone_exists ${hook_zone} || return ${EXIT_ERROR} - - [ -x "$(hook_dir zone)/${hook_zone}.configs/${hook_config}" ] -} - -function hook_zone_has_ports() { - local hook=${1} - - [ -d "$(hook_dir zone)/${hook}.ports" ] -} - -function hook_zone_port_exists() { - : # XXX WANTED -} - -function hook_zone_has_configs() { - local hook=${1} - - [ -d "$(hook_dir zone)/${hook}.configs" ] -} - -function hook_zone_exec() { - hook_exec zone $@ -} - -function hook_zone_port_exec() { - local hook_zone=${1} - local hook_port=${2} - shift 2 - - if ! hook_exists zone ${hook_zone}; then - error "Hook '${hook_zone}' does not exist." - return ${EXIT_ERROR} - fi - - if ! hook_zone_port_exists ${hook_zone} ${hook_port}; then - error "Port hook '${hook_port}' does not exist." - return ${EXIT_ERROR} - fi - - exec_cmd $(hook_dir zone)/${hook_zone}.ports/${hook_port} $@ -} - -function hook_zone_config_exec() { - local hook_zone=${1} - local hook_config=${2} - shift 2 - - assert isset hook_zone - assert isset hook_config - - if ! hook_zone_exists ${hook_zone}; then - error "Hook '${hook_zone}' does not exist." - return ${EXIT_ERROR} - fi - - if ! hook_zone_config_exists ${hook_zone} ${hook_config}; then - error "Config hook '${hook_config}' does not exist." - return ${EXIT_ERROR} - fi - - exec_cmd $(hook_dir zone)/${hook_zone}.configs/${hook_config} $@ -} - -function hook_zone_get_all() { - local type=${1} - - local hook - for hook in $(hook_dir zone)/*; do - hook=$(basename ${hook}) - hook_zone_exists ${hook} && echo "${hook}" - done -} - -function hook_zone_ports_get_all() { - local hook=${1} - - if ! hook_exists zone ${hook}; then - error "Hook '${hook}' does not exist." - return ${EXIT_ERROR} - fi - - # If the zone hook has got no ports we exit silently - if ! hook_zone_has_ports ${hook}; then - return ${EXIT_OK} - fi - - local h - for h in $(hook_dir zone)/${hook}.ports/*; do - h=$(basename ${h}) - if hook_zone_port_exists ${hook} ${h}; then - echo "${h}" - fi - done -} - -function hook_zone_configs_get_all() { - local hook=${1} - - if ! hook_exists zone ${hook}; then - error "Hook '${hook}' does not exist." - return ${EXIT_ERROR} - fi - - # If the zone hook has got no configurations we exit silently - if ! hook_zone_has_configs ${hook}; then - return ${EXIT_OK} - fi - - local h - for h in $(hook_dir zone)/${hook}.configs/*; do - h=$(basename ${h}) - if hook_zone_config_exists ${hook} ${h}; then - echo "${h}" - fi - done - - return ${EXIT_OK} -} diff --git a/pkgs/core/network/src/functions.ip b/pkgs/core/network/src/functions.ip deleted file mode 100644 index f95265e..0000000 --- a/pkgs/core/network/src/functions.ip +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function ip_split_prefix() { - local address=${1} - - assert isset address - - echo "${address%%/*}" -} - -function ip_get_prefix() { - local address=${1} - - assert isset address - - echo "${address##*/}" -} - -function ip_detect_protocol() { - local address=${1} - - assert isset address - - local protocol - for protocol in ipv4 ipv6; do - if ${protocol}_is_valid ${address}; then - echo "${protocol}" - return ${EXIT_OK} - fi - done - - return ${EXIT_ERROR} -} diff --git a/pkgs/core/network/src/functions.ipv4 b/pkgs/core/network/src/functions.ipv4 deleted file mode 100644 index 74c524a..0000000 --- a/pkgs/core/network/src/functions.ipv4 +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function ipv4_split_prefix() { - ip_split_prefix $@ -} - -function ipv4_is_valid() { - local address=${1} - - assert isset address - - # Cut the /24 if there is one given - address=$(ipv4_split_prefix ${address}) - - local IFS="." - local octet - local count - for octet in ${address}; do - if [ ${octet} -ge 0 ] && [ ${octet} -le 255 ]; then - count=$(( ${count} + 1 )) - continue - fi - - # If we get here the address was not valid - break - done - - if [ ${count} -eq 4 ]; then - return ${EXIT_OK} - fi - - return ${EXIT_ERROR} -} - -function ipv4_detect_duplicate() { - local device=${1} - local address=${2} - - assert isset address - assert isset device - assert device_exists ${device} - - if ! arping -q -c 2 -w 3 -D -I ${device} ${address}; then - log DEBUG "Detected duplicate address '${address}' on device '${device}'." - return ${EXIT_OK} - fi - - return ${EXIT_ERROR} -} - -function ipv4_update_neighbours() { - local device=${1} - local address=${2} - - arping -q -A -c 1 -I ${device} ${address} - ( sleep 2; arping -q -U -c 1 -I ${device} ${address} ) >/dev/null 2>&1 </dev/null & -} diff --git a/pkgs/core/network/src/functions.ipv6 b/pkgs/core/network/src/functions.ipv6 deleted file mode 100644 index 73a774b..0000000 --- a/pkgs/core/network/src/functions.ipv6 +++ /dev/null @@ -1,331 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function ipv6_init() { - log INFO "Initializing IPv6 networking." - - # Enable forwarding on all devices - ipv6_device_forwarding_disable all - ipv6_device_forwarding_disable default - - # Disable autoconfiguration on all devices per default - ipv6_device_autoconf_disable all - ipv6_device_autoconf_disable default - - # XXX do we need this? - #local device - #for device in $(devices_get_all); do - # ipv6_device_forwarding_disable ${device} - # ipv6_device_autoconf_disable ${device} - #done -} - -init_register ipv6_init - -function ipv6_device_autoconf_enable() { - local device=${1} - - assert isset device - - # Allow setting default and all settings - if ! isoneof device all default; then - assert device_exists ${device} - fi - - local val - for val in accept_ra accept_redirects; do - echo 1 > /proc/sys/net/ipv6/conf/${device}/${val} - done -} - -function ipv6_device_autoconf_disable() { - local device=${1} - - assert isset device - - # Allow setting default and all settings - if ! isoneof device all default; then - assert device_exists ${device} - fi - - local val - for val in accept_ra accept_redirects; do - echo 0 > /proc/sys/net/ipv6/conf/${device}/${val} - done -} - -function ipv6_device_forwarding_enable() { - local device=${1} - - assert isset device - - # Allow setting default and all settings - if ! isoneof device all default; then - assert device_exists ${device} - fi - - echo 1 > /proc/sys/net/ipv6/conf/${device}/forwarding -} - -function ipv6_device_forwarding_disable() { - local device=${1} - - assert isset device - - # Allow setting default and all settings - if ! isoneof device all default; then - assert device_exists ${device} - fi - - echo 0 > /proc/sys/net/ipv6/conf/${device}/forwarding -} - -# Enable IPv6 RFC3041 privacy extensions if desired -function ipv6_device_privacy_extensions_enable() { - local device=${1} - local type=${2} - - assert isset device - assert device_exists ${device} - - # Default value is rfc3041 - if [ -z "${type}" ]; then - type="rfc3041" - fi - - assert isset type - - case "${type}" in - rfc3041) - echo 2 > /proc/sys/net/ipv6/conf/${device}/use_tempaddr - ;; - *) - error_log "Given type '${type}' is not supported." - return ${EXIT_ERROR} - ;; - esac - - return ${EXIT_OK} -} - -function ipv6_device_privacy_extensions_disable() { - local device=${1} - - assert isset device - assert device_exists ${device} - - echo 0 > /proc/sys/net/ipv6/conf/${device}/use_tempaddr -} - -function ipv6_is_valid() { - local address=${1} - - assert isset address - - # Check length - [ ${#address} -gt 39 ] && return ${EXIT_ERROR} - - # XXX find :: twice? - # XXX check for documentation prefix? - - # Check for bad characters - local char - for char in 0 1 2 3 4 5 6 7 8 9 a b c d e f :; do - address=${address//${char}/} - done - [ -n "${address}" ] && return ${EXIT_ERROR} - - return ${EXIT_OK} -} - -function ipv6_implode() { - local address=${1} - - assert isset address - - if ! ipv6_is_valid ${address}; then - error "IPv6 address is invalid: ${address}" - return ${EXIT_ERROR} - fi - - # Make proper address in exploded format - address=$(ipv6_explode ${address}) - - local block - local char - local i - - local address_new - local block_new - - for block in ${address//:/\ }; do - block_new= - for i in $(seq 0 ${#block}); do - char="${block:${i}:1}" - - [ -z "${char}" ] && continue - - if [ -z "${block_new}" ] && [ "${char}" = "0" ]; then - continue - fi - - block_new="${block_new}${char}" - done - - [ -z "${block_new}" ] && block_new="0" - - address_new="${address_new}:${block_new}" - done - - # Cut first colon (:) - address="${address_new:1:${#address_new}}" - - local match - local matches=() - local pattern - local pos_start - local pos_next - for pos_start in $(seq 0 ${#address}); do - matches["${pos_start}"]=0 - - for pos_next in $(seq ${pos_start} 2 ${#address}); do - case "${pos_start}" in - 0) - match="${address:${pos_next}:2}" - pattern="0:" - ;; - *) - match="${address:${pos_next}:2}" - pattern=":0" - ;; - esac - - [ -z "${match}" ] && continue - - if [ "${match}" = "${pattern}" ]; then - matches[${pos_start}]=$(( matches[${pos_start}] + 1)) - else - break - fi - done - done - - local pos_best - local pos_best_val=0 - for i in $(seq 0 ${#matches[@]}); do - [ -z "${matches[${i}]}" ] && continue - - if [ ${matches[${i}]} -gt ${pos_best_val} ]; then - pos_best=${i} - pos_best_val=${matches[${i}]} - fi - done - - if [ -n "${pos_best}" ]; then - address_new="${address:0:${pos_best}}::" - - local pos_end=$(( ${pos_best_val} * 2 + ${pos_best} + 1)) - - if [ "${pos_best}" = "0" ]; then - pos_end=$(( ${pos_end} - 1 )) - fi - - address="${address_new}${address:${pos_end}:${#address}}" - fi - - assert ipv6_is_valid ${address} - - echo "${address}" -} - -function ipv6_explode() { - local address=${1} - - assert isset address - - if [ ${#address} -eq 39 ]; then - echo "${address}" - return ${EXIT_OK} - fi - - address=${address//::/:X:} - - local block - local block_count=0 - local block_id - local block_max=8 - local blocks=() - - for block in ${address//:/\ }; do - blocks[${block_count}]=${block} - - block_count=$(( ${block_count} + 1 )) - done - - if [ ${#blocks[@]} -lt ${block_max} ]; then - for block_id in $(seq ${#blocks[@]} -1 0); do - block=${blocks[${block_id}]} - - [ -z "${block}" ] && continue - - if [ "${block}" = "X" ]; then - blocks[${block_id}]="0000" - break - fi - - blocks[$(( ${block_max} - ${block_count} + ${block_id} ))]=${block} - blocks[${block_id}]="0000" - done - fi - - for block_id in $(seq 0 ${#blocks[@]}); do - block=${blocks[${block_id}]} - - [ -z "${block}" ] && block="0000" - - while [ "${#block}" -lt 4 ]; do - block="0${block}" - done - - blocks[${block_id}]=${block} - done - - address= - for block in ${blocks[@]}; do - address="${address}:${block}" - done - address=${address:1:39} - - assert ipv6_is_valid ${address} - - echo "${address}" -} - -function ipv6_hash() { - local address=${1} - - assert isset address - - # Explode address - address=$(ipv6_explode ${address}) - - echo "${address//:/}" -} diff --git a/pkgs/core/network/src/functions.logging b/pkgs/core/network/src/functions.logging deleted file mode 100644 index e909a74..0000000 --- a/pkgs/core/network/src/functions.logging +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -LOG_FACILITY="network" -LOG_LEVEL="DEBUG" - -function log() { - local level=${1} - shift - local message="$@" - - if [ -z "${DEBUG}" ] && [ "${level}" = "DEBUG" ]; then - return - fi - - # Set a prefix if we are in a hook. - if [ -n "${HOOK}" ]; then - message="${HOOK}: ${message}" - fi - - logger -t ${LOG_FACILITY} "${message}" -} diff --git a/pkgs/core/network/src/functions.ports b/pkgs/core/network/src/functions.ports deleted file mode 100644 index 9cda564..0000000 --- a/pkgs/core/network/src/functions.ports +++ /dev/null @@ -1,250 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function port_dir() { - echo "${CONFIG_DIR}/ports" -} - -function port_file() { - local port=${1} - - assert isset port - - echo "$(port_dir)/${port}" -} - -function port_exists() { - local port=${1} - - [ -f "${CONFIG_DIR}/ports/${port}" ] -} - -function port_get_hook() { - local port=${1} - - assert isset port - - config_get_hook $(port_file ${port}) -} - -function port_is_attached() { - local port=${1} - shift - - assert isset port - - local zone - for zone in $(zones_get_all); do - - assert isset zone - assert zone_exists ${zone} - - if listmatch ${port} $(zone_get_ports ${zone}); then - echo "${zone}" - return ${EXIT_OK} - fi - done - - return ${EXIT_ERROR} -} - -function port_create() { - #local port=${1} - #shift - # - #if port_exists ${port}; then - # error "Port '${port}' does already exist." - # return ${EXIT_ERROR} - #fi - - local hook=${1} - shift - - if ! hook_exists port ${hook}; then - error "Port hook '${hook}' does not exist." - return ${EXIT_ERROR} - fi - - #port_edit ${port} ${hook} $@ - # - #if [ $? -ne ${EXIT_OK} ]; then - # port_destroy ${port} - #fi - - hook_exec port ${hook} create $@ -} - -function port_destroy() { - local port=${1} - - assert isset port - - port_exists ${port} || return ${EXIT_OK} - - # Check if the port is attached to any zone and don't delete it. - local ok=${EXIT_OK} - - local attached_zone=$(port_is_attached ${port}) - if [ -n "${attached_zone}" ]; then - error_log "Cannot destroy port '${port}' which is attached to zone '${attached_zone}'." - ok=${EXIT_ERROR} - fi - - # Check if the port is linked to any other port and don't allow the user - # to delete it. - local other_port - for other_port in $(ports_get); do - [ "${other_port}" = "${port}" ] && continue - - if listmatch ${port} $(port_get_parents ${other_port}); then - error_log "Cannot destroy port '${port}' which is a parent port to '${other_port}'." - ok=${EXIT_ERROR} - fi - - if listmatch ${port} $(port_get_children ${other_port}); then - error_log "Cannot destroy port '${port}' which is child of port '${other_port}'." - ok=${EXIT_ERROR} - fi - done - - # If ok says we are not okay --> exit - if [ ${ok} -ne ${EXIT_OK} ]; then - return ${EXIT_ERROR} - fi - - port_down ${port} - - rm -f $(port_file ${port}) -} - -function port_remove() { - port_destroy $@ -} - -function port_edit() { - port_cmd edit $@ -} - -# XXX? Compatibility function -function port_show() { - port_status $@ -} - -function port_up() { - port_cmd up $@ -} - -function port_down() { - port_cmd down $@ -} - -function port_status() { - port_cmd status $@ -} - -function port_info() { - port_cmd info $@ -} - -function port_cmd() { - local cmd=${1} - local port=${2} - shift 2 - - assert isset cmd - assert isset port - - local hook=$(port_get_hook ${port}) - - assert isset hook - - hook_exec port ${hook} ${cmd} ${port} $@ -} - -function ports_get() { - local port - for port in $(port_dir)/*; do - port=$(basename ${port}) - if port_exists ${port}; then - echo "${port}" - fi - done -} - -# This function automatically creates the real ethernet devices -# that do not exists in the configuration. -# Saves some work for the administrator. -function ports_init() { - local device - for device in $(devices_get_all); do - if device_is_real ${device}; then - if ! port_exists ${device}; then - port_create ethernet ${device} - fi - fi - done -} - -init_register ports_init - -function port_find_free() { - local pattern=${1} - - assert isset pattern - - local port - local i=0 - - while [ ${i} -lt 99 ]; do - port=${pattern//N/${i}} - if ! port_exists ${port} && ! device_exists ${port}; then - echo "${port}" - break - fi - i=$(( ${i} + 1 )) - done -} - -function port_get_info() { - local port=${1} - local key=${2} - - assert isset port - assert port_exists ${port} - assert isset key - - ( - eval $(port_info ${port}) - echo "${!key}" - ) -} - -function port_get_parents() { - local port=${1} - - port_get_info ${port} PORT_PARENTS -} - -function port_get_children() { - local port=${1} - - port_get_info ${port} PORT_CHILDREN -} diff --git a/pkgs/core/network/src/functions.ppp b/pkgs/core/network/src/functions.ppp deleted file mode 100644 index c10e7e7..0000000 --- a/pkgs/core/network/src/functions.ppp +++ /dev/null @@ -1,112 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function ppp_init() { - mkdir -p /var/run/ppp 2>/dev/null -} - -init_register ppp_init - -function ppp_common_ip_pre_up() { - local zone=${1} - shift - - if ! zone_exists ${zone}; then - error "Zone '${zone}' does not exist." - return ${EXIT_ERROR} - fi - - red_db_from_ppp ${zone} - - # Request firewall reload - event_firewall_reload - - return ${EXIT_OK} -} - -function ppp_common_ip_up() { - local zone=${1} - shift - - if ! zone_exists ${zone}; then - error "Zone '${zone}' does not exist." - return ${EXIT_ERROR} - fi - - red_db_set ${zone} active 1 - red_routing_update ${zone} - - # Emit interface-up event - event_interface_up ${zone} - - return ${EXIT_OK} -} - -function ppp_common_ip_down() { - local zone=${1} - shift - - if ! zone_exists ${zone}; then - error "Zone '${zone}' does not exist." - return ${EXIT_ERROR} - fi - - # Save accounting information - ppp_accounting ${zone} - - # Emit interface-up event - event_interface_down ${zone} - - return ${EXIT_OK} -} - -function ppp_secret() { - local USER=${1} - local SECRET=${2} - local a - local secret - local user - - # Updateing secret file - > ${PPP_SECRETS}.tmp - while read user a secret; do - if [ "'${USER}'" != "${user}" ]; then - echo "${user} ${a} ${secret}" >> ${PPP_SECRETS}.tmp - fi - done < ${PPP_SECRETS} - echo "'${USER}' * '${SECRET}'" >> ${PPP_SECRETS}.tmp - cat ${PPP_SECRETS}.tmp > ${PPP_SECRETS} - rm -f ${PPP_SECRETS}.tmp -} - -function ppp_accounting() { - local zone=${1} - shift - - db_ppp_update ${zone} --duration="${CONNECT_TIME}" \ - --rcvd="${BYTES_RCVD}" --sent="${BYTES_SENT}" -} - -function pppd_exec() { - log DEBUG "Running pppd with parameters '$@'." - - pppd $@ > /dev/null -} diff --git a/pkgs/core/network/src/functions.red b/pkgs/core/network/src/functions.red deleted file mode 100644 index 849e6a0..0000000 --- a/pkgs/core/network/src/functions.red +++ /dev/null @@ -1,97 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function red_db_path() { - local zone=${1} - - echo "${RED_DB_DIR}/${zone}" -} - -function red_db_exists() { - local zone=${1} - - [ -d "$(red_db_path ${zone})" ] -} - -function red_db_create() { - local zone=${1} - - red_db_exists ${zone} && return ${EXIT_OK} - - mkdir -p $(red_db_path ${zone}) -} - -function red_db_remove() { - local zone=${1} - - [ -z "${zone}" ] && return ${EXIT_ERROR} - - rm -rf ${RED_DB_DIR} -} - -function red_db_set() { - local zone=${1} - local parameter=${2} - shift 2 - - local value="$@" - - red_db_create ${zone} - - echo "${value}" > $(red_db_path ${zone})/${parameter} -} - -function red_db_get() { - local zone=${1} - local parameter=${2} - shift 2 - - cat $(red_db_path ${zone})/${parameter} 2>/dev/null -} - -function red_db_from_ppp() { - local zone=${1} - - # Save ppp configuration - red_db_set ${zone} type "ppp" - red_db_set ${zone} local-ip-address ${PPP_IPLOCAL} - red_db_set ${zone} remote-ip-address ${PPP_IPREMOTE} - - red_db_set ${zone} dns ${PPP_DNS1} ${PPP_DNS2} - - red_db_set ${zone} remote-address ${PPP_MACREMOTE,,} -} - -function red_routing_update() { - local zone=${1} - - local table=${zone} - - # Create routing table if not exists - routing_table_create ${table} - - local remote_ip_address=$(red_db_get ${zone} remote-ip-address) - local local_ip_address=$(red_db_get ${zone} local-ip-address) - - ip route replace table ${table} default nexthop via ${remote_ip_address} - - ip rule add from ${local_ip_address} lookup ${table} -} diff --git a/pkgs/core/network/src/functions.routing b/pkgs/core/network/src/functions.routing deleted file mode 100644 index 1733ede..0000000 --- a/pkgs/core/network/src/functions.routing +++ /dev/null @@ -1,90 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function routing_has_default() { - ip route | grep -q "^default" -} - -function routing_default_update() { - local zone - local routes - - local gateway - local weight - - log INFO "Updating default route." - - for zone in $(zones_get_nonlocal); do - # Skip if zone is not up - red_db_exists ${zone} || continue - - if [ "$(red_db_get ${zone} active)" = "1" ]; then - gateway=$(red_db_get ${zone} remote-ip-address) - weight=$(red_db_get ${zone} weight) - - routes="${routes} nexthop via ${gateway}" - - if [ -n "${weight}" ]; then - routes="${routes} weight ${weight}" - fi - else - log DEBUG "Ignoring zone '${zone}' which is not active." - fi - done - - if [ -z "${routes}" ]; then - if routing_has_default; then - ip route del default - fi - return ${EXIT_OK} - fi - - ip route replace default ${routes} -} - -function routing_table_exists() { - local zone=${1} - - grep -q "${zone}$" < /etc/iproute2/rt_tables -} - -function routing_table_create() { - local zone=${1} - - if ! zone_is_nonlocal ${zone}; then - error_log "Can only create routing tables for non-local zones." - return ${EXIT_ERROR} - fi - - if routing_table_exists ${zone}; then - return ${EXIT_OK} - fi - - log INFO "Creating routing table for zone '${zone}'" - - local id=$(( ${zone#red} + 1 )) - - echo "${id} ${zone}" >> /etc/iproute2/rt_tables -} - -function routing_table_remove() { - : # XXX do we need this? -} diff --git a/pkgs/core/network/src/functions.stp b/pkgs/core/network/src/functions.stp deleted file mode 100644 index ba906ba..0000000 --- a/pkgs/core/network/src/functions.stp +++ /dev/null @@ -1,468 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function stp_init() { - module_load stp - - assert binary_exists brctl - assert binary_exists rstpctl -} - -init_register stp_init - -function __rstpctl_bridge_get() { - local bridge=${1} - local param=${2} - - assert isset bridge - assert isset param - - local key - local val - rstpctl dumpbridge ${bridge} | \ - while read bridge key val; do - if [ "${key}" = "${param}" ]; then - echo "${val}" - return ${EXIT_OK} - fi - done - - return ${EXIT_ERROR} -} - -function __rstpctl_port_get() { - local bridge=${1} - local port=${2} - local param=${3} - - assert isset bridge - assert isset port - assert isset param - - local key - local val - rstpctl dumpports ${bridge} | \ - while read por key val; do - if [ "${port}" = "${por}" -a "${key}" = "${param}" ]; then - echo "${val}" - return ${EXIT_OK} - fi - done - - return ${EXIT_ERROR} -} - -function stp_enable() { - local bridge=${1} - - assert isset bridge - assert zone_exists ${bridge} - - brctl stp ${bridge} on - - local mode=$(zone_config_get ${bridge} STP_MODE) - - case "${mode}" in - stp) - rstpctl setforcevers ${bridge} slow - ;; - rstp) - rstpctl setforcevers ${bridge} normal - ;; - *) - error_log "Unknown protocol version: ${mode}." - ;; - esac -} - -function stp_disable() { - local bridge=${1} - - assert isset bridge - assert zone_exists ${bridge} - - brctl stp ${bridge} off -} - -function stp_bridge_get_protocol() { - local bridge=${1} - - assert isset bridge - - local mode=$(__rstpctl_bridge_get ${bridge} protocol_version) - - case "${mode}" in - 0) - echo "stp" - ;; - 2) - echo "rstp" - ;; - esac -} - -function stp_bridge_set_protocol() { - : XXX WANTED -} - -function stp_bridge_get_id() { - local bridge=${1} - - assert isset bridge - - case "$(stp_bridge_get_protocol ${bridge})" in - rstp) - __rstpctl_bridge_get ${bridge} "id" - return ${EXIT_OK} - ;; - stp) - __device_get_file ${bridge} "bridge/bridge_id" - return ${EXIT_OK} - ;; - esac - - return ${EXIT_ERROR} -} - -function stp_bridge_get_forward_delay() { - local bridge=${1} - - assert isset bridge - - case "$(stp_bridge_get_protocol ${bridge})" in - rstp) - __rstpctl_bridge_get ${bridge} "bridge_forward_delay" - return ${EXIT_OK} - ;; - stp) - __device_get_file ${bridge} "bridge/forward_delay" - return ${EXIT_OK} - ;; - esac - - return ${EXIT_ERROR} -} - -function stp_bridge_get_hello_time() { - local bridge=${1} - - assert isset bridge - - case "$(stp_bridge_get_protocol ${bridge})" in - rstp) - __rstpctl_bridge_get ${bridge} "bridge_hello_time" - return ${EXIT_OK} - ;; - stp) - __device_get_file ${bridge} "bridge/hello_time" - return ${EXIT_OK} - ;; - esac - - return ${EXIT_ERROR} -} - -function stp_bridge_get_max_age() { - local bridge=${1} - - assert isset bridge - - case "$(stp_bridge_get_protocol ${bridge})" in - rstp) - __rstpctl_bridge_get ${bridge} "bridge_max_age" - return ${EXIT_OK} - ;; - stp) - __device_get_file ${bridge} "bridge/max_age" - return ${EXIT_OK} - ;; - esac - - return ${EXIT_ERROR} -} - -function stp_bridge_get_designated_root() { - local bridge=${1} - local output - - assert isset bridge - - case "$(stp_bridge_get_protocol ${bridge})" in - rstp) - output=$(__rstpctl_bridge_get ${bridge} "designated_root") - ;; - stp) - output=$(__device_get_file ${bridge} "bridge/root_id") - ;; - esac - - if ! isset output; then - return ${EXIT_ERROR} - fi - - mac_format "${output:5:12}" - - return ${EXIT_OK} -} - -function stp_bridge_get_root_path_cost() { - local bridge=${1} - - assert isset bridge - - case "$(stp_bridge_get_protocol ${bridge})" in - rstp) - __rstpctl_bridge_get ${bridge} "root_path_cost" - return ${EXIT_OK} - ;; - stp) - __device_get_file ${bridge} "bridge/root_path_cost" - return ${EXIT_OK} - ;; - esac - - return ${EXIT_ERROR} -} - -function stp_bridge_get_root_port_id() { - local bridge=${1} - - assert isset bridge - - case "$(stp_bridge_get_protocol ${bridge})" in - rstp) - __rstpctl_bridge_get ${bridge} "root_port" - return ${EXIT_OK} - ;; - stp) - __device_get_file ${bridge} "bridge/root_port" - return ${EXIT_OK} - ;; - esac - - return ${EXIT_ERROR} -} - -function stp_bridge_get_root_port() { - local bridge=${1} - - assert isset bridge - - local id=$(stp_bridge_get_root_port_id ${bridge}) - - local member - local member_id - for member in $(bridge_get_members ${bridge}); do - member_id=$(stp_port_get_id ${bridge} ${member}) - - if [ "${id}" = "${member_id}" ]; then - echo "${member}" - return ${EXIT_OK} - fi - done - - return ${EXIT_ERROR} -} - -function stp_bridge_is_root() { - local bridge=${1} - - assert isset bridge - - [ -n "$(stp_bridge_get_root_port ${bridge})" ] -} - -function stp_bridge_get_priority() { - local bridge=${1} - - assert isset bridge - - case "$(stp_bridge_get_protocol ${bridge})" in - rstp) - local output=$(__rstpctl_bridge_get ${bridge} "root_path_cost") - dec "${output:0:4}" - return ${EXIT_OK} - ;; - stp) - __device_get_file ${bridge} "bridge/priority" - return ${EXIT_OK} - ;; - esac - - return ${EXIT_ERROR} -} - -function stp_bridge_get_topology_change_count() { - local bridge=${1} - - assert isset bridge - - case "$(stp_bridge_get_protocol ${bridge})" in - rstp) - __rstpctl_bridge_get ${bridge} "topology_change_count" - return ${EXIT_OK} - ;; - stp) - __device_get_file ${bridge} "bridge/topology_change" - return ${EXIT_OK} - ;; - esac - - return ${EXIT_ERROR} -} - -function stp_bridge_get_topology_change_timer() { - local bridge=${1} - - assert isset bridge - - case "$(stp_bridge_get_protocol ${bridge})" in - rstp) - __rstpctl_bridge_get ${bridge} "time_since_topology_change" - return ${EXIT_OK} - ;; - stp) - __device_get_file ${bridge} "bridge/topology_change_timer" - return ${EXIT_OK} - ;; - esac - - return ${EXIT_ERROR} -} - -function stp_bridge_get_topology_change_detected() { - local bridge=${1} - - assert isset bridge - - case "$(stp_bridge_get_protocol ${bridge})" in - rstp) - __rstpctl_bridge_get ${bridge} "topology_change" - return ${EXIT_OK} - ;; - stp) - __device_get_file ${bridge} "bridge/topology_change_detected" - return ${EXIT_OK} - ;; - esac - - return ${EXIT_ERROR} -} - -# STP states -STP_STATE[0]="disabled" -STP_STATE[1]="listening" -STP_STATE[2]="learning" -STP_STATE[3]="forwarding" -STP_STATE[4]="blocking" - -function stp_port_get_state() { - local bridge=${1} - local port=${2} - local output - - assert isset bridge - assert isset port - - case "$(stp_bridge_get_protocol ${bridge})" in - rstp) - output=$(__rstpctl_port_get ${bridge} ${port} "state") - ;; - stp) - output=$(__device_get_file ${bridge} "brif/${port}/state") - - # Translate int to name - output="${STP_STATE[${output}]}" - ;; - esac - - if ! isset output; then - return ${EXIT_ERROR} - fi - - echo "${output^^}" - - return ${EXIT_OK} -} - -function stp_port_get_id() { - local bridge=${1} - local port=${2} - - assert isset bridge - assert isset port - - case "$(stp_bridge_get_protocol ${bridge})" in - rstp) - __rstpctl_port_get ${bridge} ${port} "id" - return ${EXIT_OK} - ;; - stp) - dec $(__device_get_file ${bridge} "brif/${port}/port_no") - return ${EXIT_OK} - ;; - esac - - return ${EXIT_ERROR} -} - -function stp_port_get_cost() { - local bridge=${1} - local port=${2} - - assert isset bridge - assert isset port - - case "$(stp_bridge_get_protocol ${bridge})" in - rstp) - __rstpctl_port_get ${bridge} ${port} "path_cost" - return ${EXIT_OK} - ;; - stp) - __device_get_file ${bridge} "brif/${port}/path_cost" - return ${EXIT_OK} - ;; - esac - - return ${EXIT_ERROR} -} - -function stp_port_get_designated_root() { - local bridge=${1} - local port=${2} - local output - - assert isset bridge - assert isset port - - case "$(stp_bridge_get_protocol ${bridge})" in - rstp) - output=$(__rstpctl_port_get ${bridge} ${port} "designated_root") - ;; - stp) - output=$(__device_get_file ${bridge} "brif/${port}/designated_root") - ;; - esac - - mac_format ${output:5:12} - - return ${EXIT_ERROR} -} diff --git a/pkgs/core/network/src/functions.util b/pkgs/core/network/src/functions.util deleted file mode 100644 index 8b20787..0000000 --- a/pkgs/core/network/src/functions.util +++ /dev/null @@ -1,417 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -# Print a pretty error message -function error() { - echo -e " ${COLOUR_ERROR}ERROR${COLOUR_NORMAL} : $@" >&2 -} - -function error_log() { - error "$@" - log ERROR "$@" -} - -# Print a pretty warn message -function warning() { - echo -e " ${COLOUR_WARN}WARNING${COLOUR_NORMAL}: $@" >&2 -} - -function warning_log() { - warning "$@" - log WARNING "$@" -} - -# This function does not exist because we cannot use /usr/bin/sort. -# It implements some kind of bubble sort which is generally very slow -# but we only have to sort very small data. -function listsort() { - local list=($@) - local list_prev - - local i - local j - local var - while [ "${list[*]}" != "${list_prev}" ]; do - list_prev="${list[*]}" - for j in $(seq 1 ${#list[*]}); do - [ ${j} -ge ${#list[*]} ] && continue - i=$(( ${j} - 1 )) - if [[ "${list[${j}]}" < "${list[${i}]}" ]]; then - var="${list[${i}]}" - list[${i}]="${list[${j}]}" - list[${j}]="${var}" - fi - done - done - - echo "${list[*]}" -} - -function listmatch() { - local match=${1} - shift - - assert isset match - - local i - for i in $@; do - [ "${match}" = "${i}" ] && return ${EXIT_OK} - done - - return ${EXIT_ERROR} -} - -function listlength() { - local length=0 - - local i - for i in $@; do - length=$(( ${length} + 1 )) - done - - echo "${length}" -} - -function config_read() { - local config_file=${1} - - if [ -e "${config_file}" ]; then - . ${config_file} - config_check - fi -} - -function config_write() { - local config_file=${1} - shift - - # Check if all values to be written are sane - config_check - - log DEBUG "Writing configuration file ${config_file}." - - > ${config_file} - - local param - for param in $(listsort $@); do - echo "${param}="${!param}"" >> ${config_file} - done -} - -function config_print() { - local param - - for param in $(listsort $@); do - printf "%-16s = %s\n" "${param}" "${!param}" - done -} - -function config_check() { - # If there is a function defined that is called __check - # we call that function - [ -n "$(type -t _check)" ] && _check -} - -function network_config_set() { - while [ $# -gt 0 ]; do - case "${1}" in - *=*) - log INFO "Setting configuration option '${1}'". - eval ${1} - ;; - *) - warning "Invalid parameter given: ${1}" - ;; - esac - shift - done - - # Write configuration to disk - network_config_write -} - -function network_config_read() { - config_read ${CONFIG_FILE} -} - -function network_config_write() { - config_write ${CONFIG_FILE} ${CONFIG_FILE_PARAMS} -} - -function network_config_print() { - config_print ${CONFIG_FILE_PARAMS} -} - -# Speedup function to avoid a call of the basename binary -function basename() { - echo "${1##*/}" -} - -function enabled() { - local param=${1} - - [ "${!param}" = "yes" ] || [ "${!param}" = "on" ] || [ "${!param}" = "1" ] -} - -function mac_generate() { - local mac=() - for i in $(seq 0 5); do - mac[i]="$(uuid)" - mac[i]="0x${mac[i]:0:2}" - done - - # Remove multicast bit - # and set address is software assigned - # XXX must doublecheck if this works - mac[0]=$((mac[0] & 0xfe)) - mac[0]=$((mac[0] | 0x02)) - - local output - for i in ${mac[*]}; do - if [ -n "${output}" ]; then - output="${output}:" - fi - - output="${output}$(printf "%02x" ${i})" - done - - # Check if output is valid - assert mac_is_valid ${output} - - echo ${output} -} - -function mac_format() { - local mac=${1} - - local output - - if [ "${#mac}" = "12" ]; then - # Add colons (:) to mac address - output=${mac:0:2} - local i - for i in 2 4 6 8 10; do - output="${output}:${mac:${i}:2}" - done - fi - - assert mac_is_valid ${output} - - echo "${output}" -} - -function mac_is_valid() { - local mac=${1} - - [[ ${mac} =~ ^([0-9a-f]{2}:){5}[0-9a-f]{2}$ ]] -} - -function uuid() { - echo $(</proc/sys/kernel/random/uuid) -} - -function isset() { - local var=${1} - - [ -n "${!var}" ] -} - -# XXX Nearly same as listmatch -function isoneof() { - local var=${!1} - shift - - for i in $@; do - [ "${var}" = "${i}" ] && return ${EXIT_OK} - done - - return ${EXIT_ERROR} -} - -function isbool() { - local var=${1} - - isoneof ${var} 0 1 no yes on off -} - -function isinteger() { - local var=${!1} - - [[ ${var} =~ ^[0-9]+$ ]] -} - -function ismac() { - local mac=${!1} - - mac_is_valid ${mac} -} - -function backtrace() { - local start=1 - - echo # Empty line - error_log "Backtrace (most recent call in first line):" - - local i - for i in $(seq ${start} ${#BASH_SOURCE[*]}); do - [ -z "${FUNCNAME[${i}]}" ] && continue - [ "${FUNCNAME[${i}]}" == "main" ] && continue - - error_log " $(printf "%20s" "'${FUNCNAME[${i}]}'") called from ${BASH_SOURCE[$(( ${i} + 1 ))]}:${BASH_LINENO[${i}]}" - done -} - -function assert() { - local assertion="$@" - - if ! ${assertion}; then - error_log "Assertion '${assertion}' failed." - backtrace - exit ${EXIT_ERROR} - fi - - return ${EXIT_OK} -} - -function exec_cmd() { - local cmd=$@ - - log DEBUG "Running command: ${cmd}" - - ${SHELL} ${cmd} - local ret=$? - - #log DEBUG "Returned with code '${ret}'" - - if [ ${ret} -eq ${EXIT_ERROR_ASSERT} ]; then - error_log "Stopping parent process due to assertion error in child process: ${cmd}" - exit ${EXIT_ERROR_ASSERT} - fi - - return ${ret} -} - -function uppercase() { - local input - read input - echo "${input^^}" -} - -function lowercase() { - local input - read input - echo "${input,,}" -} - -function seq() { - if [ $# -eq 2 ]; then - eval echo {${1}..${2}} - elif [ $# -eq 3 ]; then - eval echo {${1}..${3}..${2}} - fi -} - -function beautify_time() { - local value=${1} - - local unit - local limit - for unit in s m h d w; do - case "${unit}" in - s|m|h) - limit=60 - ;; - d) - limit=24 - ;; - w) - limit=7 - ;; - esac - - [ ${value} -lt ${limit} ] && break - - value=$(( ${value} / ${limit} )) - done - - echo "${value}${unit}" -} - -function beautify_bytes() { - local value=${1} - - local unit - local limit=1024 - for unit in B k M G T; do - [ ${value} -lt ${limit} ] && break - value=$(( ${value} / ${limit} )) - done - - echo "${value}${unit}" -} - -function module_load() { - local module=${1} - - if ! grep -q "^${module}" /proc/modules; then - log DEBUG "Loading module '${module}'." - modprobe ${module} - fi -} - -function binary_exists() { - local binary=${1} - - if [ -n "$(type -p ${binary})" ]; then - return ${EXIT_OK} - fi - - return ${EXIT_ERROR} -} - -function process_kill() { - local process=${1} - - if ! isinteger process; then - process=$(pidof ${process}) - fi - - local pid - local sig - for pid in ${process}; do - for sig in 15 9; do - [ -d "/proc/${pid}" ] || break - - kill -${sig} ${pid} - sleep 1 - done - done -} - -function dec() { - local hex=${1} - - if [ "${hex:0:2}" != "0x" ]; then - hex="0x${hex}" - fi - - printf "%d\n" "${hex}" -} diff --git a/pkgs/core/network/src/functions.virtual b/pkgs/core/network/src/functions.virtual deleted file mode 100644 index b9d0335..0000000 --- a/pkgs/core/network/src/functions.virtual +++ /dev/null @@ -1,178 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function virtual_init() { - module_load 8021q - - ebtables-restore <<EOF -*filter -:INPUT ACCEPT -:FORWARD ACCEPT -:OUTPUT ACCEPT - -*broute -:BROUTING ACCEPT --A BROUTING -p 802_1Q -j DROP -EOF -} - -init_register virtual_init - -function virtual_create() { - local port=$(devicify ${1}) - local vid=${2} - local mac=${3} - local newport=${port}v${vid} - - if [ -z "${mac}" ]; then - mac=$(mac_generate) - fi - - log INFO "Creating virtual device '${newport}' with address '${mac}'." - - local oldport=$(virtual_get_by_parent_and_vid ${port} ${vid}) - - if device_exists ${oldport}; then - local differences - - if [ "${oldport}" != "${newport}" ]; then - differences="${differences} name" - fi - if [ "$(device_get_address ${oldport})" != "${mac}" ]; then - differences="${differences} address" - fi - - echo "differences: $differences" - - if [ -n "${differences}" ]; then - if device_is_used ${oldport}; then - error_log "There was a device '${oldport}' set up with VID '${vid}' and parent '${port}' which is used somewhere else. Cannot go on." - return ${EXIT_ERROR} - else - log DEBUG "There is a device '${oldport}' but it not used, so we grab it to ourselves." - fi - else - log DEBUG "Device '${newport}' already exists and reflects our configuration. Go on." - - device_set_up ${oldport} - return ${EXIT_OK} - fi - - else - log DEBUG "Virtual device '${newport}' does not exist, yet." - - vconfig set_name_type DEV_PLUS_VID_NO_PAD >/dev/null - vconfig add ${port} ${vid} >/dev/null - - if [ $? -ne ${EXIT_OK} ]; then - error_log "Could not create virtual device '${newport}'." - return ${EXIT_ERROR} - fi - - oldport=$(virtual_get_by_parent_and_vid ${port} ${vid}) - - fi - - assert device_exists ${oldport} - - if ! device_exists ${oldport}; then - error "Could not determine the created virtual device '${newport}'." - return ${EXIT_ERROR} - fi - - # The device is expected to be named like ${port}.${vid} - # and will be renamed to the virtual schema - device_set_name ${oldport} ${newport} - - if [ $? -ne ${EXIT_OK} ]; then - error_log "Could not set name of virtual device '${newport}'." - return ${EXIT_ERROR} - fi - - assert device_exists ${newport} - - # Setting new mac address - device_set_address ${newport} ${mac} - - if [ $? -ne ${EXIT_OK} ]; then - error_log "Could not set address '${mac}' to virtual device '${newport}'." - return ${EXIT_ERROR} - fi - - # Bring up the new device - device_set_up ${newport} - - return ${EXIT_OK} -} - -function virtual_remove() { - local device=$(devicify ${1}) - - log INFO "Removing virtual device '${device}' with address '$(macify ${device})'." - - device_set_down ${device} - - vconfig rem ${device} >/dev/null - - if [ $? -ne ${EXIT_OK} ]; then - error_log "Could not remote virtual device '${newport}'." - return ${EXIT_ERROR} - fi - - return ${EXIT_OK} -} - -function virtual_get_parent() { - local device=${1} - - local parent=$(grep "^${device}" < /proc/net/vlan/config | awk '{ print $NF }') - - if device_exists ${parent}; then - echo "${parent}" - return ${EXIT_OK} - fi - - return ${EXIT_ERROR} -} - -function virtual_get_by_parent_and_vid() { - local parent=${1} - local vid=${2} - - assert isset parent - assert isset vid - - local v_port - local v_id - local v_parent - - assert [ -e "/proc/net/vlan/config" ] - - fgrep '|' < /proc/net/vlan/config | tr -d '|' | \ - while read v_port v_id v_parent; do - if [ "${v_parent}" = "${parent}" ] && [ "${v_id}" = "${vid}" ]; then - echo "${v_port}" - return ${EXIT_OK} - fi - done - - return ${EXIT_ERROR} -} diff --git a/pkgs/core/network/src/functions.wireless b/pkgs/core/network/src/functions.wireless deleted file mode 100644 index 07a2ee0..0000000 --- a/pkgs/core/network/src/functions.wireless +++ /dev/null @@ -1,296 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -PHY_DIR="/sys/class/ieee80211" - -function phy_dir() { - local phy=${1} - - echo "${PHY_DIR}/${phy}" -} - -function phy_exists() { - local phy=${1} - - [ -d "$(phy_dir ${phy})" ] -} - -function phy_list() { - local phy - for phy in $(phy_dir)/*; do - phy=$(basename ${phy}) - echo "${phy}" - done -} - -function phy_get() { - local info=${1} - - local phy - - if listmatch ${info} $(phy_list); then - phy="${info}" - elif device_exists ${info}; then - info=$(device_get_address ${info}) - fi - - if [ -z "${phy}" ] && mac_is_valid ${info}; then - local i - for i in $(phy_list); do - if [ "${info}" = "$(phy_get_address ${i})" ]; then - phy=${i} - break - fi - done - fi - - if [ -z "${phy}" ]; then - return ${EXIT_ERROR} - fi - - echo "${phy}" - return ${EXIT_OK} -} - -function phy_get_address() { - local phy=${1} - - assert isset phy - - cat $(phy_dir ${phy})/macaddress 2>/dev/null -} - -function wireless_create() { - local device=${1} - local phy=$(phy_get ${2}) - local type=${3} - local mac=${4} - - assert isset device - assert isset phy - assert isset type - - isset mac || mac=$(mac_generate) - - assert phy_exists ${phy} - assert isoneof type managed __ap - - iw phy ${phy} interface add ${device} type ${type} - - if device_exists ${device}; then - device_set_address ${device} ${mac} - fi - - device_set_up ${device} -} - -function wireless_remove() { - local device=${1} - - assert device_exists ${device} - - device_set_down ${device} - - iw dev ${device} del -} - -function wireless_set_channel() { - local device=${1} - local channel=${2} - - assert isset device - assert device_exists ${device} - assert isset channel - - iw dev ${device} set channel ${channel} $@ -} - -function hostapd_init() { - mkdir -p $(hostapd_config_dir) -} - -init_register hostapd_init - -function hostapd_config_dir() { - local device=${1} - - echo "${RUN_DIR}/hostapd/${device}" -} - -function hostapd_config_write() { - local device=${1} - shift - - assert device_exists ${device} - - local broadcast_ssid - local channel - local country_code - local mode - local ssid - - while [ $# -gt 0 ]; do - case "${1}" in - --broadcast-ssid=*) - broadcast_ssid=${1#--broadcast-ssid=} - ;; - --channel=*) - channel=${1#--channel=} - ;; - --country-code=*) - country_code=${1#--country-code=} - ;; - --mode=*) - mode=${1#--mode=} - ;; - --ssid=*) - ssid=${1#--ssid=} - ;; - *) - warning_log "Ignoring unknown argument '${1}'." - ;; - esac - shift - done - - assert isset broadcast_ssid - assert isbool broadcast_ssid - - assert isset channel - assert isinteger channel - - assert isset country_code - assert isset mode - assert isset ssid - - local ignore_broadcast_ssid - if enabled broadcast_ssid; then - ignore_broadcast_ssid="0" - else - ignore_broadcast_ssid="1" - fi - - cat <<EOF -### Hostapd configuration for ${device} - -# Interface configuration -driver=nl80211 -interface=${device} - -# Wireless configuration -channel=${channel} -country_code=${country_code} -hw_mode=${mode} -ignore_broadcast_ssid=${ignore_broadcast_ssid} -ssid=${ssid} - -# Logging options -logger_syslog=-1 -logger_syslog_level=2 -logger_stdout=-1 -logger_stdout_level=2 - -# Dump file -dump_file=$(hostapd_config_dir ${device}/dump - -ctrl_interface=/var/run/hostapd -ctrl_interface_group=0 -EOF - - return ${EXIT_OK} -} - -function hostapd_start() { - local device=${1} - shift - - assert isset device - - local config_dir=$(hostapd_config_dir ${device}) - mkdir -p ${config_dir} - - local config_file=${config_dir}/config - hostapd_config_write ${device} $@ > ${config_file} - - hostapd -dd -B -P ${config_dir}/pid ${config_file} - local ret=$? - - case "${ret}" in - 0) - log DEBUG "Hostapd was successfully started for '${device}'." - return ${EXIT_OK} - ;; - 1) - error_log "Could not start hostapd properly for '${device}'." - - error_log "Configuration file dump:" - local line - while read line; do - error_log " ${line}" - done < ${config_file} - - return ${EXIT_ERROR} - ;; - esac -} - -function hostapd_stop() { - local device=${1} - - assert isset device - - local pid=$(hostapd_get_pid ${device}) - - if isset pid; then - process_kill ${pid} - else - warning_log "Could not find pid file for hostapd process running for ${device}." - fi - - rm -rf $(hostapd_config_dir ${device}) -} - -function hostapd_get_pid() { - local device=${1} - - assert isset device - - local pid_file="$(hostapd_config_dir ${device})/pid" - - [ -e "${pid_file}" ] || return ${EXIT_ERROR} - - cat ${pid_file} 2>/dev/null - return ${EXIT_OK} -} - -function hostapd_is_running() { - local device=${1} - - assert isset device - - local pid=$(hostapd_get_pid ${device}) - - if isset pid && [ -d "/proc/${pid}" ]; then - return ${EXIT_OK} - fi - - return ${EXIT_ERROR} -} diff --git a/pkgs/core/network/src/functions.zone b/pkgs/core/network/src/functions.zone deleted file mode 100644 index 8df8c40..0000000 --- a/pkgs/core/network/src/functions.zone +++ /dev/null @@ -1,659 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -function zone_dir() { - local zone=${1} - - #assert isset zone - - echo "${ZONE_DIR}/zones/${zone}" -} - -function zone_exists() { - local zone=${1} - - assert isset zone - - [ -d "$(zone_dir ${zone})" ] -} - -function zone_match() { - local match - - local i - for i in ${VALID_ZONES}; do - match="${match}|${i}[0-9]{1,5}" - done - - echo "${match:1:${#match}}" -} - -function zone_name_is_valid() { - local zone=${1} - - assert isset zone - - [[ ${zone} =~ $(zone_match) ]] -} - -function zone_is_local() { - local zone=${1} - - ! zone_is_nonlocal ${zone} -} - -function zone_is_nonlocal() { - local zone=${1} - - assert isset zone - - [[ ${zone} =~ ^red[0-9]{1,5} ]] -} - -function zone_get_hook() { - local zone=${1} - - assert isset zone - - config_get_hook $(zone_dir ${zone})/settings -} - -function zone_create() { - local zone=${1} - local hook=${2} - shift 2 - - if ! zone_name_is_valid ${zone}; then - error "Zone name '${zone}' is not valid." - return ${EXIT_ERROR} - fi - - if zone_exists ${zone}; then - error "Zone '${zone}' does already exist." - return ${EXIT_ERROR} - fi - - if ! hook_zone_exists ${hook}; then - error "Hook '${hook}' does not exist." - return ${EXIT_ERROR} - fi - - mkdir -p $(zone_dir ${zone}) - - # Create directories for configs and ports - mkdir -p $(zone_dir ${zone})/{configs,ports} - - hook_zone_exec ${hook} create ${zone} $@ - local ret=$? - - # Maybe the zone create hook did not exit correctly. - # If this is the case we remove the created zone immediately. - if [ "${ret}" = "${EXIT_ERROR}" ]; then - zone_remove ${zone} - fi -} - -function zone_edit() { - local zone=${1} - shift - - if ! zone_exists ${zone}; then - error "Zone '${zone}' does not exist." - return ${EXIT_ERROR} - fi - - local hook=$(config_get_hook $(zone_dir ${zone})/settings) - - if [ -z "${hook}" ]; then - error "Config file did not provide any hook." - return ${EXIT_ERROR} - fi - - if ! hook_zone_exists ${hook}; then - error "Hook '${hook}' does not exist." - return ${EXIT_ERROR} - fi - - hook_zone_exec ${hook} edit ${zone} $@ -} - -function zone_remove() { - local zone=${1} - shift - - if ! zone_exists ${zone}; then - error "Zone '${zone}' does not exist." - return ${EXIT_ERROR} - fi - - # XXX Tear this down here? - - rm -rf $(zone_dir ${zone}) -} - -function zone_up() { - local zone=${1} - shift - - if ! zone_exists ${zone}; then - error "Zone '${zone}' does not exist." - return ${EXIT_ERROR} - fi - - local hook=$(config_get_hook $(zone_dir ${zone})/settings) - - if [ -z "${hook}" ]; then - error "Config file did not provide any hook." - return ${EXIT_ERROR} - fi - - if ! hook_zone_exists ${hook}; then - error "Hook '${hook}' does not exist." - return ${EXIT_ERROR} - fi - - zone_db ${zone} starting - - hook_zone_exec ${hook} up ${zone} $@ - - zone_db ${zone} started -} - -function zone_down() { - local zone=${1} - shift - - if ! zone_exists ${zone}; then - error "Zone '${zone}' does not exist." - return ${EXIT_ERROR} - fi - - local hook=$(config_get_hook $(zone_dir ${zone})/settings) - - if [ -z "${hook}" ]; then - error "Config file did not provide any hook." - return ${EXIT_ERROR} - fi - - if ! hook_zone_exists ${hook}; then - error "Hook '${hook}' does not exist." - return ${EXIT_ERROR} - fi - - zone_db ${zone} stopping - - hook_zone_exec ${hook} down ${zone} $@ - - zone_db ${zone} stopped -} - -function zone_status() { - local zone=${1} - shift - - if ! zone_exists ${zone}; then - error "Zone '${zone}' does not exist." - return ${EXIT_ERROR} - fi - - local hook=$(config_get_hook $(zone_dir ${zone})/settings) - - if [ -z "${hook}" ]; then - error "Config file did not provide any hook." - return ${EXIT_ERROR} - fi - - if ! hook_zone_exists ${hook}; then - error "Hook '${hook}' does not exist." - return ${EXIT_ERROR} - fi - - hook_zone_exec ${hook} status ${zone} $@ -} - -function zone_port() { - local zone=${1} - local action=${2} - shift 2 - - assert isset zone - assert isset action - assert zone_exists ${zone} - - # Aliases - case "${action}" in - del|delete|remove) - action="rem" - ;; - esac - - case "${action}" in - add|edit|rem) - zone_port_${action} ${zone} $@ - ;; - *) - error "Unrecognized argument: ${action}" - cli_usage root-zone-port-subcommands - exit ${EXIT_ERROR} - ;; - esac -} - -function zone_port_add() { - local zone=${1} - shift - - assert isset zone - - local hook=$(zone_get_hook ${zone}) - - assert isset hook - - hook_zone_exec ${hook} port_add ${zone} $@ -} - -function zone_port_edit() { - zone_port_cmd edit $@ -} - -function zone_port_rem() { - zone_port_cmd rem $@ -} - -function zone_port_cmd() { - local cmd=${1} - local zone=${2} - local port=${3} - shift 3 - - assert isset zone - assert isset port - - local hook_zone=$(zone_get_hook ${zone}) - local hook_port=$(port_get_hook ${port}) - - assert isset hook_zone - assert isset hook_port - - assert hook_zone_port_exists ${hook_zone} ${hook_port} - - hook_zone_port_exec ${hook_zone} ${hook_port} ${cmd} ${zone} ${port} $@ -} - -function zone_port_up() { - zone_port_cmd up $@ -} - -function zone_port_down() { - zone_port_cmd down $@ -} - -function zone_get_ports() { - local zone=${1} - - assert isset zone - - local port - for port in $(zone_dir ${zone})/ports/*; do - port=$(basename ${port}) - - if port_exists ${port}; then - echo "${port}" - fi - done -} - -# XXX overwritten some lines below -function zone_config() { - local zone=${1} - shift - - if ! zone_exists ${zone}; then - error "Zone '${zone}' does not exist." - return ${EXIT_ERROR} - fi - - local hook=$(config_get_hook $(zone_dir ${zone})/settings) - - if [ -z "${hook}" ]; then - error "Config file did not provide any hook." - return ${EXIT_ERROR} - fi - - if ! hook_zone_exists ${hook}; then - error "Hook '${hook}' does not exist." - return ${EXIT_ERROR} - fi - - hook_zone_exec ${hook} config ${zone} $@ -} - -function zone_config() { - local zone=${1} - local action=${2} - shift 2 - - assert isset zone - assert isset action - assert zone_exists ${zone} - - # Aliases - case "${action}" in - del|delete|remove) - action="rem" - ;; - esac - - case "${action}" in - create|edit|rem) - zone_config_${action} ${zone} $@ - ;; - *) - error "Unrecognized argument: ${action}" - cli_usage root-zone-config-subcommands - exit ${EXIT_ERROR} - ;; - esac -} - -function zone_config_create() { - local zone=${1} - shift - - assert isset zone - - local hook=$(zone_get_hook ${zone}) - - assert isset hook - - hook_zone_exec ${hook} config_create ${zone} $@ -} - -function zone_show() { - local zone=${1} - - echo "${zone}" - echo " Type: $(zone_get_hook ${zone})" - echo -} - -function zones_show() { - local zone - - for zone in $(zones_get $@); do - zone_show ${zone} - done -} - -function zones_get_all() { - local zone - for zone in $(zone_dir)/*; do - zone=$(basename ${zone}) - zone_exists ${zone} || continue - - echo "${zone}" - done -} - -function zones_get_local() { - local zone - for zone in $(zones_get_all); do - zone_is_local ${zone} && echo "${zone}" - done -} - -function zones_get_nonlocal() { - local zone - for zone in $(zones_get_all); do - zone_is_nonlocal ${zone} && echo "${zone}" - done -} - -function zones_get() { - local local=1 - local remote=1 - - local zones - - while [ $# -gt 0 ]; do - case "${1}" in - --local-only) - local=1 - remote=0 - ;; - --remote-only) - local=0 - remote=1 - ;; - --all) - local=1 - remote=1 - ;; - *) - if zone_name_is_valid ${1}; then - zones="${zones} ${1}" - else - warning "Unrecognized argument '${1}'" - fi - ;; - esac - shift - done - - if [ -n "${zones}" ]; then - local zone - for zone in ${zones}; do - zone_exists ${zone} && echo "${zone}" - done - exit ${EXIT_OK} - fi - - if [ ${local} -eq 1 ] && [ ${remote} -eq 1 ]; then - zones_get_all - elif [ ${local} -eq 1 ]; then - zones_get_local - elif [ ${remote} -eq 1 ]; then - zones_get_nonlocal - fi -} - -function zone_ports_list() { - local zone=${1} - - local port - for port in $(zone_dir ${zone})/ports/*; do - [ -e "${port}" ] || continue - - echo $(basename ${port}) - done -} - -function zone_ports_cmd() { - local cmd=${1} - local zone=${2} - shift 2 - - assert isset cmd - assert isset zone - - assert zone_exists ${zone} - - local hook=$(zone_get_hook ${zone}) - - local port - for port in $(zone_get_ports ${zone}); do - #zone_port_cmd ${cmd} ${zone} ${port} $@ - hook_zone_exec ${hook} ${cmd} ${zone} ${port} $@ - done -} - -function zone_ports_up() { - zone_ports_cmd port_up $@ -} - -function zone_ports_down() { - zone_ports_cmd port_down $@ -} - -function zone_ports_status() { - zone_ports_cmd port_status $@ -} - -function zone_configs_list() { - local zone=${1} - - local config - for config in $(zone_dir ${zone})/configs/*; do - [ -e "${config}" ] || continue - - echo $(basename ${config}) - done -} - -function zone_configs_cmd() { - local cmd=${1} - local zone=${2} - shift 2 - - local hook_zone=$(config_get_hook $(zone_dir ${zone})/settings) - - local hook_config - local config - for config in $(zone_configs_list ${zone}); do - hook_config=$(config_get_hook $(zone_dir ${zone})/configs/${config}) - - hook_zone_config_exec ${hook_zone} ${hook_config} ${cmd} ${zone} ${config} $@ - done -} - -function zone_configs_up() { - zone_configs_cmd up $@ -} - -function zone_configs_down() { - zone_configs_cmd down $@ -} - -function zone_configs_status() { - zone_configs_cmd config_status $@ -} - -function zone_has_ipv4() { - device_has_ipv4 $@ -} - -function zone_has_ipv6() { - device_has_ipv6 $@ -} - -function zone_db() { - local zone=${1} - local action=${2} - shift 2 - - case "${action}" in - starting|started|stopping|stopped) - db_connection_update ${zone} ${action} - ;; - esac -} - -function zone_is_up() { - local zone=${1} - - device_is_up ${zone} -} - -function zone_is_down() { - ! zone_is_up $@ -} - -function zone_get_supported_port_hooks() { - local zone=${1} - - local hook=$(zone_get_hook ${zone}) - - hook_zone_ports_get_all ${hook} -} - -function zone_get_supported_config_hooks() { - local zone=${1} - - local hook=$(zone_get_hook ${zone}) - - hook_zone_configs_get_all ${hook} -} - -function zone_file() { - local zone=${1} - - assert isset zone - - echo "$(zone_dir ${zone})/settings" -} - -function zone_config_read() { - local zone=${1} - - assert isset zone - - config_read $(zone_file ${zone}) -} - -function zone_config_write() { - local zone=${1} - - assert isset zone - - config_write $(zone_file ${zone}) ${HOOK_SETTINGS} -} - -function zone_config_set() { - local zone=${1} - shift - local args="$@" - - assert isset zone - - ( - zone_config_read ${zone} - - for arg in ${args}; do - eval "${arg}" - done - - zone_config_write ${zone} - ) -} - -function zone_config_get() { - local zone=${1} - local key=${2} - - assert isset zone - assert isset key - - ( - zone_config_read ${zone} - - echo "${!key}" - ) -} diff --git a/pkgs/core/network/src/header-config b/pkgs/core/network/src/header-config deleted file mode 100644 index 47e9921..0000000 --- a/pkgs/core/network/src/header-config +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -. /lib/network/functions - -HOOK=$(basename ${0}) - -while [ $# -gt 0 ]; do - case "${1}" in - -*) - error "Unrecognized option: ${1}" - exit ${EXIT_ERROR} - ;; - *) - action=${1} - ;; - esac - shift - [ -n "${action}" ] && break -done - -function run() { - case "${action}" in - edit|create|rem|up|down|status) - _${action} $@ - ;; - esac - - error "Config hook '${HOOK}' didn't exit properly." - exit ${EXIT_ERROR} -} diff --git a/pkgs/core/network/src/header-port b/pkgs/core/network/src/header-port deleted file mode 100644 index 95b39d0..0000000 --- a/pkgs/core/network/src/header-port +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -. /lib/network/functions - -HOOK=$(basename ${0}) -INFO_SETTINGS="HOOK PORT_PARENTS PORT_CHILDREN" - -while [ $# -gt 0 ]; do - case "${1}" in - -*) - error "Unrecognized option: ${1}" - exit ${EXIT_ERROR} - ;; - *) - action=${1} - ;; - esac - shift - [ -n "${action}" ] && break -done - -function run() { - case "${action}" in - edit|add|create|rem|up|down|status|info) - _${action} $@ - ;; - esac - - error "Port hook '${HOOK}' didn't exit properly." - exit ${EXIT_ERROR} -} - -function _info() { - local port=${1} - shift - - assert isset port - - config_read $(port_file ${port}) - - local key - local val - for key in PORT_PARENTS PORT_CHILDREN; do - val="${key}_VAR" - val=${!val} - eval "${key}="${!val}"" - done - - for key in ${INFO_SETTINGS}; do - echo "${key}="${!key}"" - done - - exit ${ERROR_OK} -} diff --git a/pkgs/core/network/src/header-zone b/pkgs/core/network/src/header-zone deleted file mode 100644 index 9407c97..0000000 --- a/pkgs/core/network/src/header-zone +++ /dev/null @@ -1,334 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### -# -# Notes: -# - All functions in this scope must start with an underline (_) to not -# conflict with any functions that were defined somewhere else. -# - -. /lib/network/functions - -HOOK=$(basename ${0}) - -while [ $# -gt 0 ]; do - case "${1}" in - -*) - error "Unrecognized option: ${1}" - exit ${EXIT_ERROR} - ;; - *) - action=${1} - ;; - esac - shift - - # If action argument was given, we will exit. - [ -n "${action}" ] && break -done - -# _notimplemented -# Returns a soft error if a function was not implemented, yet. -# -function _notimplemented() { - warning "'$@' was not implemented." - exit ${EXIT_CONF_ERROR} -} - -function _info() { - echo "HOOK="${HOOK}"" -} - -function _create() { - local zone=${1} - shift - - config_read $(zone_dir ${zone})/settings - - _parse_cmdline $@ - - config_write $(zone_dir ${zone})/settings ${HOOK_SETTINGS} - - exit ${EXIT_OK} -} - -function _edit() { - _create $@ -} - -function _rem() { - _notimplemented _rem -} - -function _status() { - local zone=${1} - - if device_is_up ${zone}; then - exit ${STATUS_UP} - fi - - exit ${STATUS_DOWN} -} - -function _up() { - _notimplemented _up -} - -function _down() { - _notimplemented _down -} - -function _discover() { - # This hook does not support a discovery - exit ${DISCOVER_NOT_SUPPORTED} -} - -# Do nothing -function _parse_cmdline() { - return ${EXIT_OK} -} - -function _port() { - local zone=${1} - local action=${2} - shift 2 - - local ret - - case "${action}" in - add|create|edit|rem|show) - _port_${action} ${zone} $@ - ret=$? - ;; - *) - error "Unrecognized argument: '${action}'" - exit ${EXIT_ERROR} - ;; - esac - - exit ${ret} -} - -function _port_add() { - _port_cmd add $@ -} - -function _port_edit() { - _port_cmd edit $@ -} - -function _port_rem() { - _port_cmd rem $@ -} - -function _port_show() { - _notimplemented _port_show -} - -function _port_status() { - _port_cmd status $@ -} - -function _port_cmd() { - local cmd=${1} - local zone=${2} - local port=${3} - shift 3 - - assert isset cmd - assert isset zone - assert isset port - - local hook_zone=$(zone_get_hook ${zone}) - local hook_port=$(port_get_hook ${port}) - - assert isset hook_zone - assert isset hook_port - - if ! listmatch ${hook_port} $(zone_get_supported_port_hooks ${zone}); then - error_log "Zone '${zone}' does not support port of type '${hook_port}'." - exit ${EXIT_ERROR} - fi - - hook_zone_port_exec ${hook_zone} ${hook_port} ${cmd} ${zone} ${port} $@ - - exit $? -} - -function _port_up() { - _port_cmd up $@ -} - -function _port_down() { - _port_cmd down $@ -} - -function _config() { - local zone=${1} - local action=${2} - shift 2 - - local ret - - case "${action}" in - create|edit|rem|show) - _config_${action} ${zone} $@ - ret=$? - ;; - *) - error "Unrecognized argument: '${action}'" - exit ${EXIT_ERROR} - ;; - esac - - exit ${ret} -} - -# This function is not a public one -function __configcmd() { - local cmd=${1} - local zone=${2} - local hook_config=${3} - shift 3 - - local hook_zone=$(zone_get_hook ${zone}) - - if ! hook_zone_exists ${hook_zone}; then - error "Hook '${hook}' does not exist." - exit ${EXIT_ERROR} - fi - - if ! hook_config_exists ${hook_zone} ${hook_config}; then - error "Hook '${hook_config}' is not supported for zone '${zone}'." - exit ${EXIT_ERROR} - fi - - hook_zone_config_exec ${hook_zone} ${hook_config} ${cmd} ${zone} $@ -} - -function _config_create() { - local zone=${1} - local hook_config=${2} - shift 2 - - assert isset zone - assert isset hook_config - assert zone_exists ${zone} - - if ! listmatch ${hook_config} $(zone_get_supported_config_hooks ${zone}); then - error_log "Zone '${zone}' does not support configuration of type '${hook_config}'." - exit ${EXIT_ERROR} - fi - - local hook_zone=$(zone_get_hook ${zone}) - assert isset hook_zone - - hook_zone_config_exec ${hook_zone} ${hook_config} create ${zone} $@ - - exit $? -} - -function _config_edit() { - __configcmd edit $@ -} - -function _config_rem() { - _notimplemented _config_rem -} - -function _config_show() { - _notimplemented _config_show -} - -function _ppp-ip-pre-up() { - local zone=${1} - shift - - if ! zone_exists ${zone}; then - error "Zone '${zone}' does not exist." - exit ${EXIT_ERROR} - fi - - ppp_common_ip_pre_up ${zone} $@ - - exit $? -} - -function _ppp-ip-up() { - local zone=${1} - shift - - if ! zone_exists ${zone}; then - error "Zone '${zone}' does not exist." - exit ${EXIT_ERROR} - fi - - ppp_common_ip_up ${zone} $@ - - exit $? -} - -function _ppp-ip-down() { - local zone=${1} - shift - - if ! zone_exists ${zone}; then - error "Zone '${zone}' does not exist." - exit ${EXIT_ERROR} - fi - - ppp_common_ip_down ${zone} $@ - - exit $? -} - -function run() { - # Replace all dashes by an underscore - #action=${action//-/_} - - case "${action}" in - # Main functions - create|discover|down|edit|info|rem|status|up) - _${action} $@ - ;; - - # Port callbacks - port_add|port_rem|port_up|port_down|port_status) - _${action} $@ - ;; - - # Configuration callbacks - config_create) - _${action} $@ - ;; - - # ppp daemon callbacks - ppp-ip-pre-up|ppp-ip-up|ppp-ip-down) - _${action} $@ - ;; - - *) - error "Unknown action: ${action}" - ;; - esac - - error "Hook did not exit properly." - exit ${EXIT_ERROR} -} diff --git a/pkgs/core/network/src/hooks/ports/bonding b/pkgs/core/network/src/hooks/ports/bonding deleted file mode 100755 index 0a8535f..0000000 --- a/pkgs/core/network/src/hooks/ports/bonding +++ /dev/null @@ -1,205 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -. /lib/network/header-port - -HOOK_SETTINGS="HOOK DEVICE_MAC MIIMON MODE SLAVES" - -PORT_CHILDREN_VAR="SLAVES" - -DEVICE_MAC=$(mac_generate) -MIIMON=100 - -function _check() { - assert isset DEVICE_MAC - assert ismac DEVICE_MAC - - #assert isset SLAVES - assert isinteger MIIMON -} - -function _create() { - _edit $@ -} - -function _edit() { - local port=${1} - shift - - while [ $# -gt 0 ]; do - case "${1}" in - --mac=*) - DEVICE_MAC=${1#--mac=} - ;; - --miimon=*) - MIIMON=${1#--miimon=} - ;; - --mode=*) - MODE=${1#--mode=} - ;; - --slave=*) - slave=${1#--slave=} - SLAVES="${SLAVES} $(macify ${slave})" - ;; - *) - warning "Unknown argument '${1}'" - ;; - esac - shift - done - - DEVICE=${port} - - # XXX think this must move to _check() - if ! isset DEVICE; then - error "You must set a device name." - exit ${EXIT_ERROR} - fi - - if ! isset SLAVES; then - error "You need to specify at least one slave port (e.g. --slave=port0)." - exit ${EXIT_ERROR} - fi - - local slave - for slave in ${SLAVES}; do - if ! device_is_real $(devicify ${slave}); then - error "Slave device '${slave}' is not an ethernet device." - exit ${EXIT_ERROR} - fi - done - - # Remove any whitespace - SLAVES=$(echo ${SLAVES}) - - config_write $(port_file ${port}) ${HOOK_SETTINGS} - - exit ${EXIT_OK} -} - -function _up() { - local device=${1} - - config_read $(port_file ${device}) - - if device_exists ${device}; then - log DEBUG "Bonding device '${device}' does already exist." - - device_set_address ${DEVICE_MAC} - device_set_up ${device} - - exit ${EXIT_OK} - fi - - bonding_create ${device} ${DEVICE_MAC} - - if [ -n "${MODE}" ]; then - bonding_set_mode ${device} ${MODE} - fi - - bonding_set_miimon ${device} ${MIIMON} - - local slave - for slave in ${SLAVES}; do - if ! device_exists $(devicify ${slave}); then - warning_log "${device}: configured slave '${slave}' is not available." - continue - fi - - slave=$(devicify ${slave}) - assert isset slave - - bonding_enslave_device ${device} ${slave} - done - - exit ${EXIT_OK} -} - -function _down() { - local device=${1} - - bonding_remove ${device} - - local slave - for slave in ${SLAVES}; do - device_set_down ${slave} - done - - exit ${EXIT_OK} -} - -function _status() { - local port=${1} - shift - - assert isset port - - echo "${port}" - - local status=$(device_get_status ${port}) - printf "${DEVICE_PRINT_LINE1}" "Status:" "$(echo -ne ${STATUS_COLOUR[${status}]}${STATUS_TEXT[${status}]}${COLOUR_NORMAL})" - - cli_headline " Ethernet information:" - printf "${DEVICE_PRINT_LINE1}" "Address:" $(device_get_address ${port}) - printf "${DEVICE_PRINT_LINE1}" "MTU:" $(device_get_mtu ${port}) - printf "${DEVICE_PRINT_LINE1}" "Promisc mode:" $(device_is_promisc ${port} && echo "yes" || echo "no") - - if device_is_bonded ${port}; then - cli_headline " Bonding information:" - - local master=$(bonding_slave_get_master ${port}) - printf "${DEVICE_PRINT_LINE1}" "Master:" "${master}" - - local active - if [ "$(bonding_get_active_slave ${master})" = "${port}" ]; then - active="yes" - else - active="no" - fi - printf "${DEVICE_PRINT_LINE1}" "Active slave:" "${active}" - fi - - if device_is_bonding ${port}; then - cli_headline " Bonding information:" - - printf "${DEVICE_PRINT_LINE1}" "Mode:" "$(bonding_get_mode ${port})" - # XXX lacp rate - echo - - local slave - local slave_active=$(bonding_get_active_slave ${port}) - for slave in $(bonding_get_slaves ${port}); do - printf "${DEVICE_PRINT_LINE1}" "Slave$([ "${slave}" = "${slave_active}" ] && echo " (active)"):" "${slave}" - done - fi - - cli_headline " Statistics:" - printf "${DEVICE_PRINT_LINE1}" "Received:" \ - "$(beautify_bytes $(device_get_rx_bytes ${port})) ($(device_get_rx_packets ${port}) packets)" - printf "${DEVICE_PRINT_LINE1}" "Sent:" \ - "$(beautify_bytes $(device_get_tx_bytes ${port})) ($(device_get_tx_packets ${port}) packets)" - - echo - - exit ${EXIT_OK} -} - -run $@ diff --git a/pkgs/core/network/src/hooks/ports/ethernet b/pkgs/core/network/src/hooks/ports/ethernet deleted file mode 100755 index 2d49f49..0000000 --- a/pkgs/core/network/src/hooks/ports/ethernet +++ /dev/null @@ -1,105 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -. /lib/network/header-port - -HOOK_SETTINGS="HOOK DEVICE_MAC" - -function _check() { - assert ismac DEVICE_MAC -} - -function _create() { - local port=${1} - shift - - assert isset port - - DEVICE_MAC=$(device_get_address ${port}) - - config_write $(port_file ${port}) ${HOOK_SETTINGS} - - exit ${EXIT_OK} -} - -function _up() { - local port=${1} - - assert isset port - - device_set_up ${port} - - exit ${EXIT_OK} -} - -function _down() { - local port=${1} - - assert isset port - - device_set_down ${port} - - exit ${EXIT_OK} -} - -function _status() { - local port=${1} - shift - - assert isset port - - echo "${port}" - - local status=$(device_get_status ${port}) - printf "${DEVICE_PRINT_LINE1}" "Status:" "$(echo -ne ${STATUS_COLOUR[${status}]}${STATUS_TEXT[${status}]}${COLOUR_NORMAL})" - - cli_headline " Ethernet information:" - printf "${DEVICE_PRINT_LINE1}" "Address:" $(device_get_address ${port}) - printf "${DEVICE_PRINT_LINE1}" "MTU:" $(device_get_mtu ${port}) - printf "${DEVICE_PRINT_LINE1}" "Promisc mode:" $(device_is_promisc ${port} && echo "yes" || echo "no") - - if device_is_bonded ${port}; then - cli_headline " Bonding information:" - - local master=$(bonding_slave_get_master ${port}) - printf "${DEVICE_PRINT_LINE1}" "Master:" "${master}" - - local active - if [ "$(bonding_get_active_slave ${master})" = "${port}" ]; then - active="yes" - else - active="no" - fi - printf "${DEVICE_PRINT_LINE1}" "Active slave:" "${active}" - fi - - cli_headline " Statistics:" - printf "${DEVICE_PRINT_LINE1}" "Received:" \ - "$(beautify_bytes $(device_get_rx_bytes ${port})) ($(device_get_rx_packets ${port}) packets)" - printf "${DEVICE_PRINT_LINE1}" "Sent:" \ - "$(beautify_bytes $(device_get_tx_bytes ${port})) ($(device_get_tx_packets ${port}) packets)" - - echo - - exit ${EXIT_OK} -} - -run $@ diff --git a/pkgs/core/network/src/hooks/ports/virtual b/pkgs/core/network/src/hooks/ports/virtual deleted file mode 100755 index a8c7d49..0000000 --- a/pkgs/core/network/src/hooks/ports/virtual +++ /dev/null @@ -1,154 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -. /lib/network/header-port - -HOOK_SETTINGS="HOOK ADDRESS PARENT TAG" - -PORT_PARENTS_VAR="PARENT" - -ADDRESS=$(mac_generate) - -function _check() { - assert isset PARENT - assert ismac ADDRESS - assert isinteger TAG - - if [ ${TAG} -gt 4096 ]; then - error "TAG is greater than 4096." - exit ${EXIT_ERROR} - fi - - local reserved - for reserved in 0 4095; do - if [ "${TAG}" = "${reserved}" ]; then - error "TAG=${reserved} is reserved." - exit ${EXIT_ERROR} - fi - done -} - -function _create() { - while [ $# -gt 0 ]; do - case "${1}" in - --device=*) - PARENT=${1#--device=} - ;; - --mac=*) - ADDRESS=${1#--mac=} - ;; - --id=*) - TAG=${1#--id=} - ;; - *) - warning "Unknown argument '${1}'" - ;; - esac - shift - done - - local port="${PARENT}v${TAG}" - - config_write $(port_file ${port}) ${HOOK_SETTINGS} - - exit ${EXIT_OK} -} - -function _edit() { - local port=${1} - shift - - assert isset port - - config_read $(port_file ${port}) - - while [ $# -gt 0 ]; do - case "${1}" in - --mac=*) - ADDRESS=${1#--mac=} - ;; - *) - warning "Unknown argument '${1}'" - ;; - esac - shift - done - - config_write $(port_file ${port}) ${HOOK_SETTINGS} - - exit ${EXIT_OK} -} - -function _up() { - local port=${1} - - assert isset port - - config_read $(port_file ${port}) - - if ! device_exists ${port}; then - virtual_create ${PARENT} ${TAG} ${ADDRESS} - fi - - exit ${EXIT_OK} -} - -function _down() { - local port=${1} - - assert isset port - - config_read $(port_file ${port}) - - if ! device_exists ${port}; then - exit ${EXIT_OK} - fi - - virtual_remove ${port} - - exit ${EXIT_OK} -} - -function _status() { - local zone=${1} - local port=${2} - - config_read $(zone_dir ${zone})/${port} - - local device=$(devicify ${ADDRESS}) - - printf " %-10s - " "${device}" - if ! device_is_up ${device}; then - echo -ne "${COLOUR_DOWN} DOWN ${COLOUR_NORMAL}" - else - local state=$(stp_port_state ${zone} ${device}) - local colour="COLOUR_STP_${state}" - printf "${!colour}%10s${COLOUR_NORMAL}" ${state} - fi - - echo -n " - DSR: $(stp_port_designated_root ${zone} ${device})" - echo -n " - Cost: $(stp_port_pathcost ${zone} ${device})" - echo - - exit ${EXIT_OK} -} - -run $@ diff --git a/pkgs/core/network/src/hooks/ports/wireless-ap b/pkgs/core/network/src/hooks/ports/wireless-ap deleted file mode 100755 index 036ea06..0000000 --- a/pkgs/core/network/src/hooks/ports/wireless-ap +++ /dev/null @@ -1,201 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -. /lib/network/header-port - -DEVICE_PATTERN="apN" - -HOOK_SETTINGS="HOOK ADDRESS BROADCAST_SSID COUNTRY_CODE MODE PHY SSID" - -ADDRESS=$(mac_generate) -BROADCAST_SSID=on -CHANNEL=1 -COUNTRY_CODE="US" -MODE="g" -SSID= - -function _check() { - assert isset ADDRESS - assert ismac ADDRESS - assert isset BROADCAST_SSID - assert isbool BROADCAST_SSID - assert isset CHANNEL - assert isset COUNTRY_CODE - assert isset MODE - assert isoneof MODE b g - assert isset PHY - assert ismac PHY - assert isset SSID -} - -function _create() { - while [ $# -gt 0 ]; do - case "${1}" in - --broadcast-ssid=*) - BROADCAST_SSID=$(cli_get_val ${1}) - ;; - --channel=*) - CHANNEL=$(cli_get_val ${1}) - ;; - --country-code=*) - COUNTRY_CODE=$(cli_get_val ${1}) - ;; - --mac=*) - ADDRESS=$(cli_get_val ${1}) - ;; - --mode=*) - MODE=$(cli_get_val ${1}) - ;; - --phy=*) - PHY=$(cli_get_val ${1}) - ;; - --ssid=*) - SSID=$(cli_get_val ${1}) - ;; - *) - warning "Ignoring unknown argument '${1}'" - ;; - esac - shift - done - - # Save address of phy do identify it again - PHY=$(phy_get ${PHY}) - PHY=$(phy_get_address ${PHY}) - - local port=$(port_find_free ${DEVICE_PATTERN}) - assert isset port - - config_write $(port_file ${port}) ${HOOK_SETTINGS} - - exit ${EXIT_OK} -} - -function _edit() { - local port=${1} - shift - - assert isset port - - config_read $(port_file ${port}) - - while [ $# -gt 0 ]; do - case "${1}" in - --broadcast-ssid=*) - BROADCAST_SSID=$(cli_get_val ${1}) - ;; - --channel=*) - CHANNEL=$(cli_get_val ${1}) - ;; - --country-code=*) - COUNTRY_CODE=$(cli_get_val ${1}) - ;; - --ssid=*) - SSID=$(cli_get_val ${1}) - ;; - --mode=*) - MODE=$(cli_get_val ${1}) - ;; - *) - warning "Unknown argument '${1}'" - ;; - esac - shift - done - - config_write $(port_file ${port}) ${HOOK_SETTINGS} - - exit ${EXIT_OK} -} - -function _up() { - local port=${1} - - assert isset port - - config_read $(port_file ${port}) - - if ! device_exists ${port}; then - wireless_create ${port} ${PHY} __ap ${ADDRESS} - fi - - if ! hostapd_is_running ${port}; then - hostapd_start ${port} \ - --broadcast-ssid="${BROADCAST_SSID}" \ - --channel="${CHANNEL}" \ - --country-code="${COUNTRY_CODE}" \ - --mode="${MODE}" \ - --ssid="${SSID}" - - local ret=$? - - if [ ${ret} -eq ${EXIT_ERROR} ]; then - error_log "Could not start '${port}' because hostapd crashed previously." - ( _down ${port} ) - exit ${EXIT_ERROR} - fi - fi - - exit ${EXIT_OK} -} - -function _down() { - local port=${1} - - assert isset port - - config_read $(port_file ${port}) - - if ! device_exists ${port}; then - exit ${EXIT_OK} - fi - - hostapd_stop ${port} - wireless_remove ${port} - - exit ${EXIT_OK} -} - -function _status() { - local zone=${1} - local port=${2} - -config_read $(zone_dir ${zone})/${port} - - local device=$(devicify ${DEVICE_MAC}) - - printf " %-10s - " "${device}" - if ! device_is_up ${device}; then - echo -ne "${COLOUR_DOWN} DOWN ${COLOUR_NORMAL}" - else - local state=$(stp_port_state ${zone} ${device}) - local colour="COLOUR_STP_${state}" - printf "${!colour}%10s${COLOUR_NORMAL}" ${state} - fi - - echo -n " - DSR: $(stp_port_designated_root ${zone} ${device})" - echo -n " - Cost: $(stp_port_pathcost ${zone} ${device})" - echo - - exit ${EXIT_OK} -} - -run $@ diff --git a/pkgs/core/network/src/hooks/zones/aiccu b/pkgs/core/network/src/hooks/zones/aiccu deleted file mode 100755 index e867ff4..0000000 --- a/pkgs/core/network/src/hooks/zones/aiccu +++ /dev/null @@ -1,131 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -. /lib/network/header-zone - -HOOK_SETTINGS="HOOK PROTOCOL USER SECRET SERVER TUNNEL_ID" - -USER= -SECRET= -SERVER="tic.sixxs.net" -PROTOCOL="tic" -TUNNEL_ID= - -function _check() { - assert isset USER - assert isset SECRET - assert isset SERVER - assert isset PROTOCOL -} - -function _parse_cmdline() { - local value - - while [ $# -gt 0 ]; do - case "$1" in - --user=*) - USER=$(cli_get_val ${1}) - ;; - --secret=*) - SECRET=$(cli_get_val ${1}) - ;; - --server=*) - SERVER=$(cli_get_val ${1}) - ;; - --protocol=*) - PROTOCOL=$(cli_get_val ${1}) - ;; - --tunnel-id=*) - TUNNEL_ID=$(cli_get_val ${1}) - ;; - *) - echo "Unknown option: $1" >&2 - exit ${EXIT_ERROR} - ;; - esac - shift - done -} - -function _up() { - local zone=${1} - shift - - assert isset zone - - zone_config_read ${zone} - - aiccu_start ${zone} \ - --server="${SERVER}" \ - --protocol="${PROTOCOL}" \ - --user="${USER}" \ - --secret="${SECRET}" \ - --tunnel-id="${TUNNEL_ID}" - - exit $? -} - -function _down() { - local zone=${1} - shift - - aiccu_stop ${zone} - - exit ${EXIT_OK} -} - -function _status() { - local zone=${1} - - assert isset zone - - cli_status_headline ${zone} - - zone_config_read ${zone} - - cli_headline " Configuration:" - printf "${DEVICE_PRINT_LINE1}" "User:" "${USER}" - printf "${DEVICE_PRINT_LINE1}" "Secret:" "<hidden>" - echo - printf "${DEVICE_PRINT_LINE1}" "Server:" "${SERVER}" - printf "${DEVICE_PRINT_LINE1}" "Protocol:" "${PROTOCOL}" - if isset TUNNEL_ID; then - echo - printf "${DEVICE_PRINT_LINE1}" "Tunnel ID:" "${TUNNEL_ID}" - fi - echo - printf "${DEVICE_PRINT_LINE1}" "Use default route?" "$(enabled DEFAULTROUTE && echo "enabled" || echo "disabled")" - printf "${DEVICE_PRINT_LINE1}" "Use peer DNS?" "$(enabled PEERDNS && echo "enabled" || echo "disabled")" - - # Exit if zone is down - if ! zone_is_up ${zone}; then - echo # Empty line - exit ${EXIT_ERROR} - fi - - cli_headline " Protocol information:" - printf "${DEVICE_PRINT_LINE1}" "MTU:" "$(device_get_mtu ${zone})" - echo - - exit ${EXIT_OK} -} - -run $@ diff --git a/pkgs/core/network/src/hooks/zones/bridge b/pkgs/core/network/src/hooks/zones/bridge deleted file mode 100755 index 022ca65..0000000 --- a/pkgs/core/network/src/hooks/zones/bridge +++ /dev/null @@ -1,187 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -. /lib/network/header-zone - -HOOK_SETTINGS="HOOK STP STP_FORWARD_DELAY STP_HELLO STP_MAXAGE STP_MODE" -HOOK_SETTINGS="${HOOK_SETTINGS} STP_PRIORITY MAC MTU" - -# Default values -MAC=$(mac_generate) -MTU=1500 -STP="on" -STP_MODE="rstp" -STP_FORWARD_DELAY=0 -STP_HELLO=2 -STP_MAXAGE=20 -STP_PRIORITY=512 # XXX check out better value - -function _check() { - assert ismac MAC - assert isbool STP - assert isoneof STP_MODE stp rstp - assert isinteger STP_HELLO - assert isinteger STP_FORWARD_DELAY - assert isinteger STP_PRIORITY - assert isinteger MTU -} - -function _parse_cmdline() { - while [ $# -gt 0 ]; do - case "${1}" in - --stp=*) - STP=${1#--stp=} - ;; - --stp-mode=*) - STP_MODE=${1#--stp-mode=} - ;; - --stp-hello=*) - STP_HELLO=${1#--stp-hello=} - ;; - --stp-forward-delay=*) - STP_FORWARD_DELAY=${1#--stp-forward-delay=} - ;; - --stp-priority=*) - STP_PRIORITY=${1#--stp-priority=} - ;; - --mtu=*) - MTU=${1#--mtu=} - ;; - --mac=*) - MAC=${1#--mac=} - ;; - *) - warning "Ignoring unknown option '${1}'" - ;; - esac - shift - done -} - -function _up() { - local zone=${1} - shift - - config_read ${ZONE_DIR}/${zone}/settings - - if ! device_exists ${zone}; then - brctl addbr ${zone} - fi - - [ -n "${MAC}" ] && device_set_address ${zone} ${MAC} - [ -n "${MTU}" ] && device_set_mtu ${zone} ${MTU} - - # Enable STP - if enabled STP; then - stp_enable ${zone} - - if [ -n "${STP_FORWARD_DELAY}" ]; then - brctl setfd ${zone} ${STP_FORWARD_DELAY} - fi - - if [ -n "${STP_HELLO}" ]; then - brctl sethello ${zone} ${STP_HELLO} - fi - - if [ -n "${STP_MAXAGE}" ]; then - brctl setmaxage ${zone} ${STP_MAXAGE} - fi - - if [ -n "${STP_PRIORITY}" ]; then - brctl setbridgeprio ${zone} ${STP_PRIORITY} - fi - else - stp_disable ${zone} - fi - - device_set_up ${zone} - - # Bring all ports up - zone_ports_up ${zone} - zone_configs_up ${zone} - - event_interface_up ${zone} - - exit ${EXIT_OK} -} - -function _down() { - local zone=${1} - shift - - if ! device_is_up ${zone}; then - warning "Zone '${zone}' is not up" - exit ${EXIT_OK} - fi - - event_interface_down ${zone} - - zone_configs_down ${zone} - zone_ports_down ${zone} - - device_set_down ${zone} - brctl delbr ${zone} - - exit ${EXIT_OK} -} - -function _status() { - local zone=${1} - - cli_status_headline ${zone} - - # Exit if zone is down - if ! zone_is_up ${zone}; then - echo # Empty line - exit ${EXIT_ERROR} - fi - - # XXX Add bridge stp priority here - # brctl does not give any information about that - - cli_headline " Spanning Tree Protocol information:" - printf "${DEVICE_PRINT_LINE1}" "ID:" $(stp_bridge_get_id ${zone}) - printf "${DEVICE_PRINT_LINE1}" "Priority:" $(stp_bridge_get_priority ${zone}) - - if stp_bridge_is_root ${zone}; then - echo -e " ${COLOUR_BOLD}This bridge is root.${COLOUR_NORMAL}" - else - printf "${DEVICE_PRINT_LINE1}" "Designated root:" $(stp_bridge_get_designated_root ${zone}) - printf "${DEVICE_PRINT_LINE1}" "Root path cost:" $(stp_bridge_get_root_path_cost ${zone}) - fi - echo # Empty line - - # Topology information - printf "${DEVICE_PRINT_LINE1}" "Topology changing:" $(stp_bridge_get_topology_change_detected ${zone}) - printf "${DEVICE_PRINT_LINE1}" "Topology change time:" $(beautify_time $(stp_bridge_get_topology_change_timer ${zone})) - printf "${DEVICE_PRINT_LINE1}" "Topology change count:" $(stp_bridge_get_topology_change_count ${zone}) - - cli_headline " Ports:" - zone_ports_status ${zone} - - cli_headline " Configurations:" - zone_configs_cmd status ${zone} - - echo # Empty line - exit ${EXIT_OK} -} - -run $@ diff --git a/pkgs/core/network/src/hooks/zones/bridge.configs/ipv4-static b/pkgs/core/network/src/hooks/zones/bridge.configs/ipv4-static deleted file mode 100755 index c9462d5..0000000 --- a/pkgs/core/network/src/hooks/zones/bridge.configs/ipv4-static +++ /dev/null @@ -1,175 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -. /lib/network/header-config - -HOOK_SETTINGS="HOOK ADDRESS PREFIX GATEWAY" - -function _check() { - assert isset ADDRESS - assert isinteger PREFIX - - if [ ${PREFIX} -gt 30 ]; then - error "PREFIX is greater than 30." - exit ${EXIT_ERROR} - fi -} - -function _create() { - local zone=${1} - shift - - while [ $# -gt 0 ]; do - case "${1}" in - --address=*) - ADDRESS=${1#--address=} - ;; - --netmask=*) - NETMASK=${1#--netmask=} - ;; - --prefix=*) - PREFIX=${1#--prefix=} - ;; - --gateway=*) - GATEWAY=${1#--gateway=} - ;; - esac - shift - done - - if [ -z "${PREFIX}" -a -n "${NETMASK}" ]; then - PREFIX=$(ipv4_mask_to_cidr ${NETMASK}) - fi - - # XXX maybe we can add some hashing to identify a configuration again - config_write $(zone_dir ${zone})/configs/${HOOK}.$(uuid) ${HOOK_SETTINGS} - - exit ${EXIT_OK} -} - -function _up() { - local zone=${1} - local config=${2} - shift 2 - - if ! device_exists ${zone}; then - error "Zone '${zone}' doesn't exist." - exit ${EXIT_ERROR} - fi - - config_read $(zone_dir ${zone})/configs/${config} - - if ! zone_has_ipv4 ${zone} ${ADDRESS}/${PREFIX}; then - if ipv4_detect_duplicate ${zone} ${ADDRESS}; then - error_log "Duplicate address detected on zone '${zone}' (${ADDRESS})." - error_log "Cannot continue." - exit ${EXIT_ERROR} - fi - - ip addr add ${ADDRESS}/${PREFIX} dev ${zone} - - # Announce our new address to the neighbours - ipv4_update_neighbours ${zone} ${ADDRESS} - fi - - if zone_is_nonlocal ${zone} && [ -n "${GATEWAY}" ]; then - # Save configuration - red_db_set ${zone} type "${HOOK}" - red_db_set ${zone} local-ip-address ${ADDRESS}/${PREFIX} - red_db_set ${zone} remote-ip-address ${GATEWAY} - - red_db_set ${zone} active 1 - red_routing_update ${zone} - fi - - exit ${EXIT_OK} -} - -function _down() { - local zone=${1} - local config=${2} - shift 2 - - if ! device_exists ${zone}; then - error "Zone '${zone}' doesn't exist." - exit ${EXIT_ERROR} - fi - - config_read $(zone_dir ${zone})/configs/${config} - - if zone_has_ipv4 ${zone} ${ADDRESS}/${PREFIX}; then - ip addr del ${ADDRESS}/${PREFIX} dev ${zone} - fi - - exit ${EXIT_OK} -} - -function _status() { - local zone=${1} - local config=${2} - shift 2 - - if ! device_exists ${zone}; then - error "Zone '${zone}' doesn't exist." - exit ${EXIT_ERROR} - fi - - config_read $(zone_dir ${zone})/configs/${config} - - printf " %10s - " "${HOOK}" - if zone_has_ipv4 ${zone} ${ADDRESS}/${PREFIX}; then - echo -ne "${COLOUR_ENABLED}ENABLED ${COLOUR_NORMAL}" - else - echo -ne "${COLOUR_DISABLED}DISABLED${COLOUR_NORMAL}" - fi - echo " - ${ADDRESS}/${PREFIX}" - - if [ -n "${GATEWAY}" ]; then - echo " Gateway: ${GATEWAY}" - fi - - exit ${EXIT_OK} -} - -function ipv4_mask_to_cidr() { - local mask=0 - - local field - for field in $(tr '.' ' ' <<<${1}); do - mask=$(( $(( ${mask} << 8 )) | ${field} )) - done - - local cidr=0 - local x=$(( 128 << 24 )) # 0x80000000 - - while [ $(( ${x} & ${mask} )) -ne 0 ]; do - [ ${mask} -eq ${x} ] && mask=0 || mask=$(( ${mask} << 1 )) - cidr=$((${cidr} + 1)) - done - - if [ $(( ${mask} & 2147483647 )) -ne 0 ]; then # 2147483647 = 0x7fffffff - echo "Invalid net mask: $1" >&2 - else - echo ${cidr} - fi -} - -run $@ diff --git a/pkgs/core/network/src/hooks/zones/bridge.configs/ipv6-static b/pkgs/core/network/src/hooks/zones/bridge.configs/ipv6-static deleted file mode 100755 index f39a293..0000000 --- a/pkgs/core/network/src/hooks/zones/bridge.configs/ipv6-static +++ /dev/null @@ -1,138 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -. /lib/network/header-port - -HOOK_SETTINGS="HOOK ADDRESS PREFIX GATEWAY" - -function _check() { - assert isset ADDRESS - assert isinteger PREFIX - - if [ ${PREFIX} -gt 64 ]; then - error "PREFIX is greater than 64." - exit ${EXIT_ERROR} - fi -} - -function _create() { - local zone=${1} - shift - - while [ $# -gt 0 ]; do - case "${1}" in - --address=*) - ADDRESS=${1#--address=} - ;; - --prefix=*) - PREFIX=${1#--prefix=} - ;; - --gateway=*) - GATEWAY=${1#--gateway=} - ;; - esac - shift - done - - # Store IPv6 address in full format - ADDRESS=$(ipv6_explode ${ADDRESS}) - - if [ -n "${GATEWAY}" ]; then - GATEWAY=$(ipv6_explode ${GATEWAY}) - fi - - config_write $(zone_dir ${zone})/config.${HOOK}.$(ipv6_hash ${ADDRESS}).${PREFIX} ${HOOK_SETTINGS} - - exit ${EXIT_OK} -} - -function _up() { - local zone=${1} - local config=${2} - shift 2 - - if ! device_exists ${zone}; then - error "Zone '${zone}' doesn't exist." - exit ${EXIT_ERROR} - fi - - config_read $(zone_dir ${zone})/${config} - - if ! zone_has_ipv6 ${zone} ${ADDRESS}/${PREFIX}; then - ip addr add ${ADDRESS}/${PREFIX} dev ${zone} - else - warning "Do not set IPv6 address '${ADDRESS}/${PREFIX}' because it was already configured on zone '${zone}'." - fi - - if zone_is_nonlocal ${zone} && [ -n "${GATEWAY}" ]; then - : # XXX to be done - fi - - exit ${EXIT_OK} -} - -function _down() { - local zone=${1} - local config=${2} - shift 2 - - if ! device_exists ${zone}; then - error "Zone '${zone}' doesn't exist." - exit ${EXIT_ERROR} - fi - - config_read $(zone_dir ${zone})/${config} - - if zone_has_ipv6 ${zone} ${ADDRESS}/${PREFIX}; then - ip addr del ${ADDRESS}/${PREFIX} dev ${zone} - fi - - exit ${EXIT_OK} -} - -function _status() { - local zone=${1} - local config=${2} - shift 2 - - if ! device_exists ${zone}; then - error "Zone '${zone}' doesn't exist." - exit ${EXIT_ERROR} - fi - - config_read $(zone_dir ${zone})/${config} - - printf " %10s - " "${HOOK}" - if zone_has_ipv6 ${zone} ${ADDRESS}/${PREFIX}; then - echo -ne "${COLOUR_OK} OK ${COLOUR_NORMAL}" - else - echo -ne "${COLOUR_ERROR}ERROR${COLOUR_NORMAL}" - fi - echo " - $(ipv6_implode ${ADDRESS})/${PREFIX}" - - if [ -n "${GATEWAY}" ]; then - echo " Gateway: ${GATEWAY}" - fi - - exit ${EXIT_OK} -} - -run $@ diff --git a/pkgs/core/network/src/hooks/zones/bridge.ports/bonding b/pkgs/core/network/src/hooks/zones/bridge.ports/bonding deleted file mode 120000 index 3857774..0000000 --- a/pkgs/core/network/src/hooks/zones/bridge.ports/bonding +++ /dev/null @@ -1 +0,0 @@ -ethernet \ No newline at end of file diff --git a/pkgs/core/network/src/hooks/zones/bridge.ports/ethernet b/pkgs/core/network/src/hooks/zones/bridge.ports/ethernet deleted file mode 100755 index c249e17..0000000 --- a/pkgs/core/network/src/hooks/zones/bridge.ports/ethernet +++ /dev/null @@ -1,155 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -. /lib/network/header-port - -HOOK_SETTINGS="COST PRIORITY" - -function _check() { - local i - for i in COST PRIORITY; do - if isset ${i}; then - assert isinteger ${i} - fi - done -} - -function _add() { - local zone=${1} - local port=${2} - shift 2 - - assert isset zone - assert isset port - - if ! port_exists ${port}; then - error "Port '${port}' does not exist." - exit ${EXIT_ERROR} - fi - - config_read $(zone_dir ${zone})/ports/${port} - - while [ $# -gt 0 ]; do - case "${1}" in - --priority=*) - PRIORITY=${1#--priority=} - ;; - --cost=*) - COST=${1#--cost=} - ;; - esac - shift - done - - config_write $(zone_dir ${zone})/ports/${port} ${HOOK_SETTINGS} - - exit ${EXIT_OK} -} - -function _edit() { - _add $@ -} - -function _rem() { - local zone=${1} - local port=${2} - - assert isset zone - assert isset port - - assert zone_exists ${zone} - - if ! listmatch ${port} $(zone_get_ports ${zone}); then - error "Port '${port}' does not belong to '${zone}'." - error "Won't remove anything." - exit ${EXIT_ERROR} - fi - - if port_exists ${port}; then - ( _down ${zone} ${port} ) - fi - - rm -f $(zone_dir ${zone})/ports/${port} - - exit ${EXIT_OK} -} - -function _up() { - local zone=${1} - local port=${2} - - assert isset zone - assert isset port - - assert zone_exists ${zone} - assert port_exists ${port} - - port_up ${port} - - # Set same MTU to device that the bridge has got - device_set_mtu ${port} $(device_get_mtu ${zone}) - - bridge_attach_device ${zone} ${port} - - # XXX must set cost and prio here - - exit ${EXIT_OK} -} - -function _down() { - local zone=${1} - local port=${2} - - assert isset zone - assert isset port - - assert zone_exists ${zone} - assert port_exists ${port} - - bridge_detach_device ${zone} ${port} - - port_down ${port} - - exit ${EXIT_OK} -} - -function _status() { - local zone=${1} - local port=${2} - - printf " %-10s - " "${port}" - if ! device_is_up ${port}; then - echo -ne "${COLOUR_DOWN} DOWN ${COLOUR_NORMAL}" - else - local state=$(stp_port_get_state ${zone} ${port}) - local colour="COLOUR_STP_${state}" - printf "${!colour}%10s${COLOUR_NORMAL}" ${state} - - echo -n " - DSR: $(stp_port_get_designated_root ${zone} ${port})" - echo -n " - Cost: $(stp_port_get_cost ${zone} ${port})" - fi - - echo - - exit ${EXIT_OK} -} - -run $@ diff --git a/pkgs/core/network/src/hooks/zones/bridge.ports/virtual b/pkgs/core/network/src/hooks/zones/bridge.ports/virtual deleted file mode 120000 index 3857774..0000000 --- a/pkgs/core/network/src/hooks/zones/bridge.ports/virtual +++ /dev/null @@ -1 +0,0 @@ -ethernet \ No newline at end of file diff --git a/pkgs/core/network/src/hooks/zones/bridge.ports/wireless-ap b/pkgs/core/network/src/hooks/zones/bridge.ports/wireless-ap deleted file mode 120000 index 3857774..0000000 --- a/pkgs/core/network/src/hooks/zones/bridge.ports/wireless-ap +++ /dev/null @@ -1 +0,0 @@ -ethernet \ No newline at end of file diff --git a/pkgs/core/network/src/hooks/zones/pppoe b/pkgs/core/network/src/hooks/zones/pppoe deleted file mode 100755 index bc14d82..0000000 --- a/pkgs/core/network/src/hooks/zones/pppoe +++ /dev/null @@ -1,288 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -. /lib/network/header-zone - -# TODO XXX AC name, service name, sync? - -HOOK_SETTINGS="HOOK AUTH LINKNAME USER SECRET PEERDNS DEFAULTROUTE MTU" - -AUTH= -DEFAULTROUTE=1 -LINKNAME="$(uuid)" -MTU=1492 -PEERDNS=1 -SECRET= -USER= - -PPPOE_ALLOWED_AUTHS="chap pap" -PPPOE_PLUGIN="rp-pppoe.so" - -function pppd_pid() { - local zone=${1} - shift - - cat /var/run/${zone}.pid 2>/dev/null -} - -function _check() { - assert isset USER - assert isset SECRET - assert isset LINKNAME - assert isset DEFAULTROUTE - assert isset PEERDNS - #assert isset DEVICE - #assert isset DEVICE_TYPE - - assert isbool DEFAULTROUTE - assert isbool PEERDNS - #assert ismac DEVICE - #assert isoneof DEVICE_TYPE real virtual - - local ports_num=$(listlength ${PORTS}) - assert isoneof ports_num 0 1 - - isset AUTH && assert isoneof AUTH ${PPPOE_ALLOWED_AUTHS} - isset DEVICE_ID && assert isinteger DEVICE_VID -} - -function _parse_cmdline() { - local value - - while [ $# -gt 0 ]; do - case "$1" in - --user=*) - USER=${1#--user=} - ;; - --secret=*) - SECRET=${1#--secret=} - ;; - --linkname=*) - LINKNAME=${1#--name=} - ;; - --mtu=*) - MTU=${1#--mtu=} - ;; - --defaultroute=*) - value=${1#--defaultroute=} - if enabled value; then - DEFAULTROUTE=1 - else - DEFAULTROUTE=0 - fi - ;; - --dns=*) - value=${1#--dns=} - if enabled value; then - PEERDNS=1 - else - PEERDNS=0 - fi - ;; - --auth=*) - AUTH=${1#--auth=} - ;; - *) - echo "Unknown option: $1" >&2 - exit ${EXIT_ERROR} - ;; - esac - shift - done -} - -function _up() { - local zone=${1} - shift - - assert isset zone - - zone_config_read ${zone} - - local port=$(zone_get_ports ${zone}) - - assert isset port - - if ! port_exists ${port}; then - error_log "Parent device '${port}' does not exist. Cannot bring up zone '${zone}'." - exit ${EXIT_ERROR} - fi - - # Creating necessary files - # XXX must be PPP_RUN - [ -d "${RED_RUN}/${LINKNAME}" ] || mkdir -p ${RED_RUN}/${LINKNAME} - - # Setting up the device - zone_ports_up ${zone} - - ppp_secret "${USER}" "${SECRET}" - - # XXX AC and service on plugin command line - - cat <<EOF >${RED_RUN}/${LINKNAME}/options -# Naming options -ifname ${zone} -name ${LINKNAME} -linkname ${LINKNAME} - -plugin ${PPPOE_PLUGIN} ${port} - -# User configuration -user ${USER} - -$(enabled PEERDNS && echo "usepeerdns") -$(enabled DEFAULTROUTE && echo "defaultroute") - -noauth -$(isset AUTH && echo "require-${AUTH}") - -noipdefault - -# Maximum transmission/receive unit -mtu ${MTU} -mru ${MTU} - -# Disable the compression -noccp noaccomp nodeflate nopcomp novj novjccomp nobsdcomp nomppe - -updetach debug -EOF - - pppd_exec file ${RED_RUN}/${LINKNAME}/options - - local ret=$? - - # Get exit code from ppp daemon and handle it: - case "${ret}" in - 0) - log DEBUG "pppd detached successfully" - exit ${EXIT_OK} - ;; - esac - - error_log "pppd exited with unknown exit code '${ret}'" - - exit ${EXIT_ERROR} -} - -function _down() { - local zone=${1} - shift - - # Kill pppd - # XXX very ugly - kill $(pppd_pid ${zone}) &>/dev/null - - zone_ports_down ${zone} - - exit ${EXIT_OK} -} - -function _discover() { - local device=${1} - - if [ "$(device_get_type ${device})" != "real" ]; then - exit ${EXIT_ERROR} - fi - - local output - output=$(pppoe-discovery -I ${device} -U $(uuid) 2>&1) - - # Exit if there was not output - [ -z "${output}" ] && exit ${DISCOVER_ERROR} - - # Exit if PADI timed out - grep -q "Timeout" <<<${output} && exit ${DISCOVER_ERROR} - - local ac - while read line; do - case "${line}" in - Access-Concentrator:*) - ac="${line#Access-Concentrator: }" - ;; - esac - done <<<"${output}" - - echo "ACCESS_CONCENTRATOR="$ac"" - - exit ${DISCOVER_OK} -} - -function _status() { - local zone=${1} - - assert isset zone - - cli_status_headline ${zone} - - zone_config_read ${zone} - - cli_headline " Configuration:" - printf "${DEVICE_PRINT_LINE1}" "User:" "${USER}" - printf "${DEVICE_PRINT_LINE1}" "Secret:" "<hidden>" - echo - printf "${DEVICE_PRINT_LINE1}" "MTU:" "${MTU}" - printf "${DEVICE_PRINT_LINE1}" "Use default route?" "$(enabled DEFAULTROUTE && echo "enabled" || echo "disabled")" - printf "${DEVICE_PRINT_LINE1}" "Use peer DNS?" "$(enabled PEERDNS && echo "enabled" || echo "disabled")" - echo - cli_headline " Ports:" - zone_ports_status ${zone} - if [ -z "$(zone_get_ports ${zone})" ]; then - echo -e " ${COLOUR_WARN}No ports attached. Won't be able to start.${COLOUR_NORMAL}" - fi - - # Exit if zone is down - if ! zone_is_up ${zone}; then - echo # Empty line - exit ${EXIT_ERROR} - fi - - # XXX display time since connection started - - cli_headline " Point-to-Point-over-Ethernet protocol:" - echo " IP-Address : $(red_db_get ${zone} local-ip-address)" - echo " Gateway : $(red_db_get ${zone} remote-ip-address)" - echo " DNS-Server : $(red_db_get ${zone} dns)" - echo - echo " MAC-Remote : $(red_db_get ${zone} remote-address)" - echo - echo " MTU : $(device_get_mtu ${zone})" - echo # Empty line - exit ${EXIT_OK} -} - -function _port_add() { - local zone=${1} - local port=${2} - shift 2 - - if [ $(listlength $(zone_get_ports ${zone})) -ge 1 ]; then - error "This hook only supports one port at a time." - error "Please remove any existant port(s) and try again." - exit ${EXIT_ERROR} - fi - - _port_cmd add ${zone} ${port} $@ - - exit ${EXIT_OK} -} - -run $@ diff --git a/pkgs/core/network/src/hooks/zones/pppoe.ports/bonding b/pkgs/core/network/src/hooks/zones/pppoe.ports/bonding deleted file mode 120000 index 3857774..0000000 --- a/pkgs/core/network/src/hooks/zones/pppoe.ports/bonding +++ /dev/null @@ -1 +0,0 @@ -ethernet \ No newline at end of file diff --git a/pkgs/core/network/src/hooks/zones/pppoe.ports/ethernet b/pkgs/core/network/src/hooks/zones/pppoe.ports/ethernet deleted file mode 100644 index 67a781f..0000000 --- a/pkgs/core/network/src/hooks/zones/pppoe.ports/ethernet +++ /dev/null @@ -1,115 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -. /lib/network/header-port - -function _add() { - local zone=${1} - local port=${2} - shift 2 - - assert isset zone - assert isset port - - if ! port_exists ${port}; then - error "Port '${port}' does not exist." - exit ${EXIT_ERROR} - fi - - touch $(zone_dir ${zone})/ports/${port} - - exit ${EXIT_OK} -} - -function _edit() { - _add $@ -} - -function _rem() { - local zone=${1} - local port=${2} - shift 2 - - assert isset zone - assert isset port - - if ! listmatch ${port} $(zone_get_ports ${zone}); then - error "Port '${port}' does not belong to '${zone}'." - error "Won't remove anything." - exit ${EXIT_ERROR} - fi - - warning "Removing port '${port}' from '${zone}' will shutdown the zone." - - # Shut down this zone - zone_down ${zone} - - rm -f $(zone_dir ${zone})/ports/${port} - - exit ${EXIT_OK} -} - -function _up() { - local zone=${1} - local port=${2} - - assert isset zone - assert isset port - - assert zone_exists ${zone} - assert port_exists ${port} - - port_up ${port} - - exit ${EXIT_OK} -} - -function _down() { - local zone=${1} - local port=${2} - - assert isset zone - assert isset port - - assert zone_exists ${zone} - assert port_exists ${port} - - port_down ${port} - - exit ${EXIT_OK} -} - -function _status() { - local zone=${1} - local port=${2} - - printf " %-10s - " "${port}" - if device_is_up ${port}; then - echo -ne "${COLOUR_UP} UP ${COLOUR_NORMAL}" - else - echo -ne "${COLOUR_DOWN} DOWN ${COLOUR_NORMAL}" - fi - echo - - exit ${EXIT_OK} -} - -run $@ diff --git a/pkgs/core/network/src/hooks/zones/pppoe.ports/virtual b/pkgs/core/network/src/hooks/zones/pppoe.ports/virtual deleted file mode 120000 index 3857774..0000000 --- a/pkgs/core/network/src/hooks/zones/pppoe.ports/virtual +++ /dev/null @@ -1 +0,0 @@ -ethernet \ No newline at end of file diff --git a/pkgs/core/network/src/network b/pkgs/core/network/src/network deleted file mode 100755 index 2309848..0000000 --- a/pkgs/core/network/src/network +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -. /lib/network/functions - -# Parse the command line -while [ $# -gt 0 ]; do - case "${1}" in - -d|--debug) - DEBUG=1 - log DEBUG "Enabled debugging mode" - ;; - *) - action=${1} - ;; - esac - shift - [ -n "${action}" ] && break -done - -# Process the given action -case "${action}" in - init) - init_run - ;; - - config|port|device|zone|start|stop|restart|status|reset) - cli_${action} $@ - ;; - - ""|help|--help|-h) - cli_usage root - exit ${EXIT_OK} - ;; - - *) - error "Invalid command given: ${action}" - cli_usage usage - exit ${EXIT_CONF_ERROR} - ;; -esac diff --git a/pkgs/core/network/src/ppp/ip-updown b/pkgs/core/network/src/ppp/ip-updown deleted file mode 100755 index 8e9751a..0000000 --- a/pkgs/core/network/src/ppp/ip-updown +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2010 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -umask 022 -export PATH=/usr/sbin:/sbin:/usr/bin:/bin - -# Give the variables we get passed by pppd an own namespace -for i in IFNAME IPLOCAL IPREMOTE DNS1 DNS2 MACREMOTE; do - export PPP_${i}=${!i} - unset ${i} -done - -. /lib/network/functions - -# Zone equals IFNAME -ZONE=${PPP_IFNAME} - -assert isset ZONE -assert zone_exists ${ZONE} - -HOOK=$(zone_get_hook ${ZONE}) - -assert isset HOOK -assert hook_zone_exists ${HOOK} - -hook_zone_exec ${HOOK} ppp-$(basename ${0}) ${ZONE} diff --git a/pkgs/core/openssl/openssl.nm b/pkgs/core/openssl/openssl.nm index 25d8faf..0b5b0b3 100644 --- a/pkgs/core/openssl/openssl.nm +++ b/pkgs/core/openssl/openssl.nm @@ -26,7 +26,7 @@ include $(PKGROOT)/Include
PKG_NAME = openssl PKG_VER = 1.0.0 -PKG_REL = 0 +PKG_REL = 1
PKG_MAINTAINER = Michael Tremer michael.tremer@ipfire.org PKG_GROUP = System/Libraries @@ -112,6 +112,11 @@ endef define STAGE_INSTALL cd $(DIR_APP) && make install build-shared INSTALL_PREFIX=$(BUILDROOT)
+ -mkdir -pv $(BUILDROOT)/lib + mv -vf $(BUILDROOT)/usr/lib/lib{crypto,ssl}.so.* $(BUILDROOT)/lib + ln -svf ../../lib/libcrypto.so.10 $(BUILDROOT)/usr/lib/libcrypto.so + ln -svf ../../lib/libssl.so.10 $(BUILDROOT)/usr/lib/libssl.so + # Install manpages do right place -mkdir -pv $(BUILDROOT)/usr/share mv -v $(BUILDROOT)/etc/pki/tls/man $(BUILDROOT)/usr/share/ diff --git a/pkgs/core/polkit/polkit.nm b/pkgs/core/polkit/polkit.nm index f11dc4c..9149d73 100644 --- a/pkgs/core/polkit/polkit.nm +++ b/pkgs/core/polkit/polkit.nm @@ -34,8 +34,8 @@ PKG_URL = http://www.freedesktop.org/wiki/Software/PolicyKit PKG_LICENSE = LGPLv2+ PKG_SUMMARY = PolicyKit Authorization Framework.
-PKG_BUILD_DEPS+= eggdbus-devel expat-devel intltool gettext glib2-devel \ - pam-devel perl-xml-parser pkg-config +PKG_BUILD_DEPS+= eggdbus-devel expat-devel gobject-introspection-devel \ + intltool gettext glib2-devel pam-devel perl-xml-parser pkg-config
define PKG_DESCRIPTION PolicyKit is a toolkit for defining and handling authorizations. \ @@ -51,5 +51,9 @@ CONFIGURE_OPTIONS += \ --sysconfdir=/etc \ --libexecdir=/usr/lib/polkit-1 \ --localstatedir=/var \ - --disable-introspection \ + --enable-introspection \ --disable-static + +define STAGE_PREPARE_CMDS + cd $(DIR_APP) && sed -e "s/^SUBDIRS.*/SUBDIRS = actions data src po/" -i Makefile* +endef diff --git a/tools/quality-agent.d/099-strip b/tools/quality-agent.d/099-strip index f79b9a3..bd7a16a 100755 --- a/tools/quality-agent.d/099-strip +++ b/tools/quality-agent.d/099-strip @@ -12,7 +12,6 @@ function check() { fi done
- log "Strip unneeded symbols" for f in $(find ${BUILDROOT} -type f); do if (file $f | grep -q ' shared object,'); then strip --strip-unneeded "$f" || : diff --git a/tools/ssh-keyput b/tools/ssh-keyput new file mode 100644 index 0000000..da4aa2b --- /dev/null +++ b/tools/ssh-keyput @@ -0,0 +1,92 @@ +#!/bin/bash +# +# ssh-keyput -- set up passwordless openssh login. +# +# Copyright (C) 2001, 2002, 2006 by SWsoft. +# Author: Kir Kolyshkin +# +# This script is used to put your public ssh keys to another host's +# authorized_keys[2], so you will be able to ssh login without entering +# a password. Key pairs are generated if needed, and connectivity +# is checked after putting the keys. + +PROGNAME=`basename $0` + +function usage() +{ + echo "Usage: $PROGNAME [user@]IP [[user@]IP ...]" 1>&2 + exit 0 +} + +# Check for correct number of parameters +test $# -gt 0 || usage; + +SSH_KEYGEN=`which ssh-keygen` +if test $? -ne 0; then + # Error message is printed by 'which' + exit 1 +fi + +SSH_DIR=~/.ssh +if ! test -d $SSH_DIR; then + mkdir $SSH_DIR +fi +chmod 700 $SSH_DIR + + +if [ ! -f $SSH_DIR/identity ] || [ ! -f $SSH_DIR/identity.pub ]; then + echo "Generating ssh1 RSA keys - please wait..." + rm -f $SSH_DIR/identity $SSH_DIR/identity.pub + $SSH_KEYGEN -t rsa1 -f $SSH_DIR/identity -P '' + if [ $? -ne 0 ]; then + echo "Command "$SSH_KEYGEN -t rsa1 -f $SSH_DIR/identity" \ + "-P ''" failed" 1>&2 + exit 1 + fi +else + echo "ssh1 RSA key is present" +fi + +if [ ! -f $SSH_DIR/id_dsa ] || [ ! -f $SSH_DIR/id_dsa.pub ]; then + echo "Generating ssh2 DSA keys - please wait..." + rm -f $SSH_DIR/id_dsa $SSH_DIR/id_dsa.pub + $SSH_KEYGEN -t dsa -f $SSH_DIR/id_dsa -P '' + if test $? -ne 0; then + echo "Command "$SSH_KEYGEN -t dsa -f $SSH_DIR/id_dsa" \ + "-P ''" failed" 1>&2 + exit 1 + fi +else + echo "ssh2 DSA key is present" +fi + +SSH1_RSA_KEY=`cat $SSH_DIR/identity.pub` +SSH2_DSA_KEY=`cat $SSH_DIR/id_dsa.pub` + +for IP in $*; do + echo "You will now be asked for password for $IP" +# set -x + ssh -oStrictHostKeyChecking=no $IP "mkdir -p ~/.ssh; chmod 700 ~/.ssh; \ + echo "$SSH1_RSA_KEY" >> ~/.ssh/authorized_keys; \ + echo "$SSH2_DSA_KEY" >> ~/.ssh/authorized_keys2; \ + chmod 600 ~/.ssh/authorized_keys ~/.ssh/authorized_keys2" +# set +x + if test $? -eq 0; then + echo "Keys were put successfully" + else + echo "Error putting keys to $IP" 1>&2 + fi +done + +for IP in $*; do + for ver in 1 2; do + echo -n "Checking $IP connectivity by ssh$ver... " + ssh -q -oProtocol=${ver} -oBatchMode=yes \ + -oStrictHostKeyChecking=no $IP /bin/true + if [ $? -eq 0 ]; then + echo "OK" + else + echo "failed" 1>&2 + fi + done +done
hooks/post-receive -- IPFire 3.x development tree