This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via 7faf73f4ff14eb316f2438248c16c48ab0fea4de (commit) via a1a82f095792f82ecd90c345c215f65add71be41 (commit) via 2e90ebc450c32d8d65df857c8e215f497b9a1dc3 (commit) via 7579115a9aeb19e57c4a4d2e895003eab03907c2 (commit) via 0d4179df1c2bd4f5f86e496198e38eb96dc7f5e2 (commit) via 8080abd8606acdcea4edf439f65a7486b05e70f6 (commit) via a15a49bda1cfb0956a7d80b8517aa82f3f24755b (commit) via 085ea969bf036398f4ba3a227376675767ef5c8c (commit) via 2616f098db61924e8b1d34ed75fb74095e399229 (commit) via 635283e7008eed8a8e9d96bf6e3aaa7d5f36c2de (commit) via 15efb3c6bf647889bebaa2d37a029568ce715f93 (commit) via 238d9f3fb87d593d1827c6a0ed2e0cb67062cb35 (commit) via 38a3a980832cec5ac58f2cc19a9cd26a3c8dd45d (commit) via a28d22a399cf6143eeffb63af3115a7a872e1294 (commit) via 6db6d0cc9d17d2dad7c9962512b1b60fd8be480a (commit) via e6938f3fb8e47bffd097f4a5b9086206a883c927 (commit) via b22c4186d23a4cd895c02ee2abe08740a6430a69 (commit) via 07ec17c6dcb7bdadb874139836131d8f43ba2520 (commit) via 3dd7fd6c8d422b89a2a81cc0b4da6af8a2854dc5 (commit) via b02ee3be7e184f163428910046a4b46bc9870ad0 (commit) via b157415fc568783f4f3ae33762ce2bab849b936c (commit) via eb5b2454231815b4086c5e175cca9f1fe70f9441 (commit) via e88293f23b49f0b0f6957e646886fa5b580eb274 (commit) via 6efc9a539009b7ba8eecd6b9d3dbdc0789422672 (commit) via eb60fda12acfecf0c9cd8acae02a1df85124bd1f (commit) via f01b38fb9c77d49eba3f7b79bc4c3f39744dd0da (commit) via 85da413e2a5d420e23d5100dfc7df1e3c46d28b2 (commit) via b9feeb0ce538bf298de68bb42996403b3458cdba (commit) via ba5d899259105df48fa030f4b9e29ec8a16c536d (commit) via 2e148756f0e3f85b117ddb528f3b0be5ffbd064d (commit) via 57f4971fe0187653edc15a56e0ba161f52cb4cc5 (commit) via 60f043fee47c2a07e45f4115137d60fa29e6ffc1 (commit) via 1daf4dfca254b9d046635aa45b5055082370951f (commit) via 2564613bbf9cb09eec467adb8b38af50bb86a1d6 (commit) via 79fcf0f2c27be613db1e4a75e3842df5e9ad3c30 (commit) via 1e0dd141119835468c9f315b4186fef383ca669f (commit) via aa3f4b2ba861d79e3b85589ee93550b993478e84 (commit) via ebc61dd8d468f9b7e1f5527ee80e496862ac6de1 (commit) via e82c4c6f5adb2b8cfbe9e9c42058e541e4017401 (commit) via 79811173f45233009f65eea24e5e3f354519afef (commit) via 72858cdcf72ffb8245d8de93ed3dee697321fe44 (commit) via 25078d908ae2d40d61aa080cc17b5e77d36fa6ee (commit) via 22795965344c1e39f04b7534444c3feee646d751 (commit) via c9594ae2d6697d97fd51986a83887d4de0a5c23b (commit) via a09414632d33e0fbcd48dc55421df72561146fb5 (commit) via 90a302827b4ae7c2cec7ec476fcade81981a681e (commit) via ec50511a03bd160a7c834de1a9e55d57739cdd95 (commit) via 0f482a1905725205a4819b9d2d86d92fe79defc2 (commit) via 08b657f0cce6e9605040e01ebb3fc2db1940face (commit) via 64ec9852b47be6febfebbe6341754c00d51d169e (commit) via 99b748e8f4c372dce460a63232209a6f09530a63 (commit) via 60e827825ea92186296e2cccc7b0f878c8686b7b (commit) via e75939cd6975fac8c523008049d5330497623a4f (commit) via 23c0a2d74f9b5d40421d0e5c182c8b4a5a7568b3 (commit) via 8260119b1455fda8bb422342783c2271be8a453a (commit) via 689dccf210b7ee706559fb2cdf932250d686656e (commit) via e7522825f5ecb6f3b432d6b868b046f511a414e4 (commit) via ae71e48259b65ef2a590f5c8827288aee8394597 (commit) via 635debdacdd44a0605c57545c1898207705672ed (commit) via aba91fd4ed79ac439749177cb9473c293390c586 (commit) via 013062dcf3c9d3c28e9feffe0be3eefbbbb6ce81 (commit) via 3a120f7f1c2d047393cfae9c094c17222f6c4eba (commit) via c85faa63d2dee63fce84ec2a4d2fcf8e32520590 (commit) via 2652e4d562f8bdb6d6a72ca5e90cdc01ab869e10 (commit) via 82add07d33db26afca0221e58f7f18f99b718436 (commit) via 03042358ed0aa9471e608e45bada699c812978ff (commit) via d53c10b8d38aa56a76977028902d773bf76e8cfc (commit) via e7cf744a4ddd5d97258f80928c6f23fc4c2beb1f (commit) via 47a8462cdff43c9de35958af6e231e87cabeab38 (commit) via e6e189311afe0d673d2ceb9000fef5a17b7b29fa (commit) via d54187732f876e72d72f6de1f9324417d04ebb62 (commit) via 91e7f89ed1d1bf49fe64551dc2af764f40d5fad5 (commit) via ecd9c9693f9565c32eed97ab86a394ed1f302679 (commit) via d4166b79b1cd955a0cf022714a3b91a03e49bfa4 (commit) via 0064e474130c557aed7564ba6e1d748e46dc04ec (commit) via 9e25a79f6574cca4c606397eff43f45ed8e6a3b7 (commit) via 52b4687dbe45cfce305cd5595e568b276cec6442 (commit) via 9742aad68a4d5c3bac7b82363b48105bd66140df (commit) via a72738b02ce188195ca6901ab74aefbf1ac3fd22 (commit) via 04796f5eeb38d4b6a39d8e490658f2333a7ad319 (commit) via d1a9be93159a4c9f4690c647807d37d73279d4fd (commit) via 0f554771a981821c685b1f3ab7e2af520300d9c9 (commit) from efbe55a543e7bb97348ca1cf394185e6876fbfa6 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 7faf73f4ff14eb316f2438248c16c48ab0fea4de Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 17 15:16:12 2010 +0200
network: Some work on configuration code.
commit a1a82f095792f82ecd90c345c215f65add71be41 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 17 10:49:43 2010 +0200
netwrk: Remove unused function.
commit 2e90ebc450c32d8d65df857c8e215f497b9a1dc3 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 17 10:45:58 2010 +0200
network: Replace listsort by a function that doesn't use /usr/bin/sort.
commit 7579115a9aeb19e57c4a4d2e895003eab03907c2 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 17 10:12:35 2010 +0200
network: Code cleanup.
We cannot use sort. There was an unknown function. Don't know if we must keep it.
commit 0d4179df1c2bd4f5f86e496198e38eb96dc7f5e2 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jul 16 19:50:10 2010 +0200
network: Optimize help function.
commit 8080abd8606acdcea4edf439f65a7486b05e70f6 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jul 16 18:15:24 2010 +0200
network: Add reset option.
commit a15a49bda1cfb0956a7d80b8517aa82f3f24755b Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jul 16 10:03:41 2010 +0200
freeradius: Update to 2.1.9.
commit 085ea969bf036398f4ba3a227376675767ef5c8c Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jul 16 10:02:23 2010 +0200
ccache: Update to 3.0.1.
commit 2616f098db61924e8b1d34ed75fb74095e399229 Merge: 635283e 15efb3c Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jul 11 18:37:39 2010 +0200
Merge branch 'master' of ssh://git.ipfire.org/pub/git/people/ms/ipfire-3.x into next
commit 635283e7008eed8a8e9d96bf6e3aaa7d5f36c2de Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jul 11 18:37:10 2010 +0200
network: Oops. Forgot some files.
commit 15efb3c6bf647889bebaa2d37a029568ce715f93 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jul 11 18:17:36 2010 +0200
ethtool: New package.
commit 238d9f3fb87d593d1827c6a0ed2e0cb67062cb35 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jul 11 11:40:36 2010 +0200
naoki: Fix installation of kernel in installer system.
commit 38a3a980832cec5ac58f2cc19a9cd26a3c8dd45d Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jul 11 11:17:28 2010 +0200
naoki: Add notice for LZMA compression.
commit a28d22a399cf6143eeffb63af3115a7a872e1294 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jul 11 11:01:44 2010 +0200
squashfs-tools: Update to 4.1.
Has got XZ support.
commit 6db6d0cc9d17d2dad7c9962512b1b60fd8be480a Merge: efbe55a e6938f3 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 10 23:02:32 2010 +0200
Merge branch 'network' into next
commit e6938f3fb8e47bffd097f4a5b9086206a883c927 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 10 20:07:59 2010 +0200
network: Initialize bonding at start.
commit b22c4186d23a4cd895c02ee2abe08740a6430a69 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 10 19:56:44 2010 +0200
network: Add possibility to remove ports from zone of type bridge.
commit 07ec17c6dcb7bdadb874139836131d8f43ba2520 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 10 19:56:23 2010 +0200
network: Add some more checks if detatching a device from a bridge.
commit 3dd7fd6c8d422b89a2a81cc0b4da6af8a2854dc5 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 10 19:37:43 2010 +0200
network: Add some initialization handlers.
commit b02ee3be7e184f163428910046a4b46bc9870ad0 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 10 19:33:39 2010 +0200
network: Move virtual functions to seperate file and rename them.
commit b157415fc568783f4f3ae33762ce2bab849b936c Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 10 19:21:23 2010 +0200
network: Put bridge functions into extra file.
commit eb5b2454231815b4086c5e175cca9f1fe70f9441 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 10 19:15:55 2010 +0200
network: Fix bridge functions.
commit e88293f23b49f0b0f6957e646886fa5b580eb274 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 10 18:59:41 2010 +0200
network: Proper exit codes for bridge hook.
commit 6efc9a539009b7ba8eecd6b9d3dbdc0789422672 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 10 18:55:08 2010 +0200
network: Again very much changes that are hard to break down.
commit eb60fda12acfecf0c9cd8acae02a1df85124bd1f Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jul 10 10:34:04 2010 +0200
network: Remove some unneeded functions.
commit f01b38fb9c77d49eba3f7b79bc4c3f39744dd0da Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jul 9 21:37:47 2010 +0200
network: Magnificent changes on code.
commit 85da413e2a5d420e23d5100dfc7df1e3c46d28b2 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jun 20 12:27:21 2010 +0200
network: Make two groups of hooks, again.
commit b9feeb0ce538bf298de68bb42996403b3458cdba Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jun 19 15:15:44 2010 +0200
network: New hook ipv6-static.
commit ba5d899259105df48fa030f4b9e29ec8a16c536d Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jun 19 15:14:46 2010 +0200
network: Change status output of ipv4-static hook.
This will make the output more readable when there are IP addresses with different length.
commit 2e148756f0e3f85b117ddb528f3b0be5ffbd064d Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jun 19 15:13:39 2010 +0200
network: Faster implementation of seq and lowercase.
commit 57f4971fe0187653edc15a56e0ba161f52cb4cc5 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 21:03:22 2010 +0200
network: Don't wait that zone gets in forwarding state.
We should catch this in the config hook.
commit 60f043fee47c2a07e45f4115137d60fa29e6ffc1 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 21:00:24 2010 +0200
network: New function beautify_time.
This functions does pretty printing for the topology change time. (No very precise but okay as far as I can see.)
EDIT: Also committed STP_PRIORITY by accident.
commit 1daf4dfca254b9d046635aa45b5055082370951f Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 19:54:16 2010 +0200
network: Make code shorter (no functional changes).
commit 2564613bbf9cb09eec467adb8b38af50bb86a1d6 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 19:53:01 2010 +0200
network: Allow -h and --help to request help.
commit 79fcf0f2c27be613db1e4a75e3842df5e9ad3c30 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 19:52:32 2010 +0200
network: Only jump to help if the --help parameter is the next parameter.
commit 1e0dd141119835468c9f315b4186fef383ca669f Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 19:40:19 2010 +0200
network: Cleanup colour namespace.
commit aa3f4b2ba861d79e3b85589ee93550b993478e84 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 19:37:36 2010 +0200
network: Add shortcut "network status <zone>".
commit ebc61dd8d468f9b7e1f5527ee80e496862ac6de1 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 00:58:10 2010 +0200
network: Update routing functions.
Bigger commit, sorry.
commit e82c4c6f5adb2b8cfbe9e9c42058e541e4017401 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 00:57:01 2010 +0200
network: New function device_is_promisc.
commit 79811173f45233009f65eea24e5e3f354519afef Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 00:36:18 2010 +0200
network: pppoe: Add some nice status output.
commit 72858cdcf72ffb8245d8de93ed3dee697321fe44 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 00:35:53 2010 +0200
network: bridge ipv4-static: Add some nice status output.
commit 25078d908ae2d40d61aa080cc17b5e77d36fa6ee Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 00:33:59 2010 +0200
network: bridge virtual: Add some nice status output.
commit 22795965344c1e39f04b7534444c3feee646d751 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 00:33:40 2010 +0200
network: bridge ethernet: Add some nice status output.
commit c9594ae2d6697d97fd51986a83887d4de0a5c23b Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 00:32:08 2010 +0200
network: bridge: Add some nice status output.
commit a09414632d33e0fbcd48dc55421df72561146fb5 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 00:27:15 2010 +0200
network: ipv4-static: Set gateway only on nonlocal connections.
commit 90a302827b4ae7c2cec7ec476fcade81981a681e Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 00:25:36 2010 +0200
network: Add two functions to make very nice status output.
commit ec50511a03bd160a7c834de1a9e55d57739cdd95 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 00:24:52 2010 +0200
network: pppoe: Kill pppd daemon in a better way.
commit 0f482a1905725205a4819b9d2d86d92fe79defc2 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 00:22:54 2010 +0200
network: New function zone_is_up, zone_is_down, zone_is_nonlocal.
These are only shortcut functions that make life easier.
commit 08b657f0cce6e9605040e01ebb3fc2db1940face Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 00:20:30 2010 +0200
network: New function uppercase (very fast).
commit 64ec9852b47be6febfebbe6341754c00d51d169e Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 00:20:04 2010 +0200
network: Speedup function uuid.
commit 99b748e8f4c372dce460a63232209a6f09530a63 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 00:19:16 2010 +0200
network: New function mac_format.
commit 60e827825ea92186296e2cccc7b0f878c8686b7b Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 00:15:27 2010 +0200
network: Speedup function mac_generate.
commit e75939cd6975fac8c523008049d5330497623a4f Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 00:14:16 2010 +0200
network: Speedup function device_get_mac.
commit 23c0a2d74f9b5d40421d0e5c182c8b4a5a7568b3 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 00:11:41 2010 +0200
network: Speedup function device_hash.
commit 8260119b1455fda8bb422342783c2271be8a453a Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 18 00:02:07 2010 +0200
network: Enhance colour functions.
Automatically enabled/disable colours.
Add some preset colours.
commit 689dccf210b7ee706559fb2cdf932250d686656e Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jun 10 22:59:31 2010 +0200
network: Catch exit code of pppd.
commit e7522825f5ecb6f3b432d6b868b046f511a414e4 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jun 6 16:59:33 2010 +0200
network: Remove deprecated function device_set_mac.
commit ae71e48259b65ef2a590f5c8827288aee8394597 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jun 6 16:47:17 2010 +0200
network: device_set_{down,up} do set-up/tear-down their parent devices.
commit 635debdacdd44a0605c57545c1898207705672ed Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jun 6 15:37:11 2010 +0200
network: Improve function that creates virtual devices.
This function grabs unused and preconfigured devices and does a lot more checking if it operates correctly.
commit aba91fd4ed79ac439749177cb9473c293390c586 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jun 6 15:36:26 2010 +0200
network: Log assertion errors.
commit 013062dcf3c9d3c28e9feffe0be3eefbbbb6ce81 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jun 6 14:54:17 2010 +0200
firewall: Fix upstart firewall-reload job file.
commit 3a120f7f1c2d047393cfae9c094c17222f6c4eba Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jun 5 01:37:45 2010 +0200
network: Add help for zone command.
commit c85faa63d2dee63fce84ec2a4d2fcf8e32520590 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jun 5 01:34:21 2010 +0200
network: Remove running an event if a network device is attached.
We have got a bridge for udev that runs upstart events.
commit 2652e4d562f8bdb6d6a72ca5e90cdc01ab869e10 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jun 5 01:32:52 2010 +0200
network+udev: Move 60-net.rules to network package.
commit 82add07d33db26afca0221e58f7f18f99b718436 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 4 23:47:55 2010 +0200
network: Enhanced the logging and did minor code cleanups.
commit 03042358ed0aa9471e608e45bada699c812978ff Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 4 03:19:33 2010 +0200
network: Make restart timeout configureable.
commit d53c10b8d38aa56a76977028902d773bf76e8cfc Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 4 03:17:00 2010 +0200
network: Add help for restart command.
commit e7cf744a4ddd5d97258f80928c6f23fc4c2beb1f Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 4 03:06:47 2010 +0200
network: Add some small databases for status monitoring and accounting.
commit 47a8462cdff43c9de35958af6e231e87cabeab38 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 4 00:50:39 2010 +0200
network: Remove some unused functions.
commit e6e189311afe0d673d2ceb9000fef5a17b7b29fa Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 4 00:39:46 2010 +0200
network: Add updetach option to pppoe hook.
This won't detach pppd unless the connection was successfully established.^
commit d54187732f876e72d72f6de1f9324417d04ebb62 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 4 00:38:39 2010 +0200
network: Add restart command.
commit 91e7f89ed1d1bf49fe64551dc2af764f40d5fad5 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 4 00:18:18 2010 +0200
network: Don't explicitely load the ppp_generic module.
This should be done on system boot.
commit ecd9c9693f9565c32eed97ab86a394ed1f302679 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 4 00:17:25 2010 +0200
network: Add dependency to upstart (because of the event framework).
commit d4166b79b1cd955a0cf022714a3b91a03e49bfa4 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 4 00:11:36 2010 +0200
network: Create some default actions for the ppp events.
commit 0064e474130c557aed7564ba6e1d748e46dc04ec Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jun 3 23:28:37 2010 +0200
network: Handle pppd ip-up and ip-down events sober in hook.
commit 9e25a79f6574cca4c606397eff43f45ed8e6a3b7 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jun 3 22:57:52 2010 +0200
network: Add help texts for config command.
commit 52b4687dbe45cfce305cd5595e568b276cec6442 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jun 3 22:35:55 2010 +0200
network: Add help tests for start and stop command.
commit 9742aad68a4d5c3bac7b82363b48105bd66140df Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jun 3 17:10:49 2010 +0200
firewall: Add reload event (for upstart).
commit a72738b02ce188195ca6901ab74aefbf1ac3fd22 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jun 3 17:10:12 2010 +0200
network: Copy files to DIR_APP so we don't touch the source in the working directory.
commit 04796f5eeb38d4b6a39d8e490658f2333a7ad319 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jun 3 16:56:52 2010 +0200
network: Create empty configuration directory.
commit d1a9be93159a4c9f4690c647807d37d73279d4fd Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jun 3 16:56:37 2010 +0200
network: Update dependency information.
commit 0f554771a981821c685b1f3ab7e2af520300d9c9 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Jun 3 16:53:02 2010 +0200
network: Update codebase.
-----------------------------------------------------------------------
Summary of changes: pkgs/core/ccache/ccache.nm | 2 +- pkgs/core/{htop/htop.nm => ethtool/ethtool.nm} | 22 +- pkgs/core/firewall/firewall-reload.init | 8 + pkgs/core/freeradius/freeradius.nm | 4 +- pkgs/core/initscripts/sysctl.conf | 4 + pkgs/core/network/60-network.rules | 1 + pkgs/core/network/network.nm | 18 +- pkgs/core/network/src/functions | 708 +------------------ pkgs/core/network/src/functions.bonding | 140 ++++ pkgs/core/network/src/functions.bridge | 117 ++++ pkgs/core/network/src/functions.cli | 507 ++++++++++++++ .../zones.green => network/src/functions.colors} | 39 +- .../src/functions.constants} | 84 ++-- pkgs/core/network/src/functions.db | 113 ++++ pkgs/core/network/src/functions.device | 582 ++++++++++++++++ pkgs/core/network/src/functions.ethernet | 15 + pkgs/core/network/src/functions.events | 29 + pkgs/core/network/src/functions.hook | 211 ++++++ pkgs/core/network/src/functions.ipv6 | 229 +++++++ pkgs/core/network/src/functions.logging | 21 + pkgs/core/network/src/functions.ports | 144 ++++ pkgs/core/network/src/functions.ppp | 114 ++-- .../src/functions => network/src/functions.red} | 126 ++-- .../functions => network/src/functions.routing} | 123 ++-- pkgs/core/network/src/functions.stp | 253 +++++++ pkgs/core/network/src/functions.util | 378 +++++++++++ pkgs/core/network/src/functions.virtual | 192 ++++++ pkgs/core/network/src/functions.zone | 645 ++++++++++++++++++ .../core/network/src/header-config | 45 +- .../network/src/{ppp/ip-updown => header-port} | 42 +- pkgs/core/network/src/header-zone | 334 +++++++++ pkgs/core/network/src/hook-header | 38 - pkgs/core/network/src/hooks/README | 86 --- pkgs/core/network/src/hooks/bonding | 177 ----- pkgs/core/network/src/hooks/ethernet | 137 ---- pkgs/core/network/src/hooks/ipv4-dhcp | 84 --- pkgs/core/network/src/hooks/ipv4-static | 169 ----- pkgs/core/network/src/hooks/ipv4-static-route | 141 ---- pkgs/core/network/src/hooks/mtu | 85 --- pkgs/core/network/src/hooks/ports/bonding | 203 ++++++ pkgs/core/network/src/hooks/ports/ethernet | 105 +++ pkgs/core/network/src/hooks/ports/virtual | 152 +++++ pkgs/core/network/src/hooks/pppoe | 191 ------ pkgs/core/network/src/hooks/pppoe.helper | 73 -- pkgs/core/network/src/hooks/stp | 97 --- pkgs/core/network/src/hooks/vlan | 120 ---- pkgs/core/network/src/hooks/zones/bridge | 176 +++++ .../src/hooks/zones/bridge.configs/ipv4-static | 162 +++++ .../src/hooks/zones/bridge.configs/ipv6-static | 138 ++++ .../network/src/hooks/zones/bridge.ports/bonding | 1 + .../network/src/hooks/zones/bridge.ports/ethernet | 155 +++++ .../network/src/hooks/zones/bridge.ports/virtual | 1 + pkgs/core/network/src/hooks/zones/pppoe | 288 ++++++++ .../network/src/hooks/zones/pppoe.ports/bonding | 1 + .../src/hooks/zones/pppoe.ports/ethernet} | 140 ++-- .../network/src/hooks/zones/pppoe.ports/virtual | 1 + pkgs/core/network/src/network | 616 +---------------- pkgs/core/network/src/ppp/ip-updown | 43 +- pkgs/core/network/src/zone | 93 --- .../squashfs-tools/patches/squashfs-cflags.patch | 13 + pkgs/core/squashfs-tools/patches/squashfs-xz.patch | 11 + pkgs/core/squashfs-tools/squashfs-tools.nm | 17 +- pkgs/core/udev/rules/60-net.rules | 2 - tools/generator | 3 +- 64 files changed, 5814 insertions(+), 3155 deletions(-) copy pkgs/core/{htop/htop.nm => ethtool/ethtool.nm} (81%) create mode 100644 pkgs/core/firewall/firewall-reload.init create mode 100644 pkgs/core/network/60-network.rules create mode 100644 pkgs/core/network/src/functions.bonding create mode 100644 pkgs/core/network/src/functions.bridge create mode 100644 pkgs/core/network/src/functions.cli copy pkgs/core/{firewall/src/zones.green => network/src/functions.colors} (66%) copy pkgs/core/{firewall/src/functions.config => network/src/functions.constants} (56%) create mode 100644 pkgs/core/network/src/functions.db create mode 100644 pkgs/core/network/src/functions.device create mode 100644 pkgs/core/network/src/functions.ethernet create mode 100644 pkgs/core/network/src/functions.events create mode 100644 pkgs/core/network/src/functions.hook create mode 100644 pkgs/core/network/src/functions.ipv6 create mode 100644 pkgs/core/network/src/functions.logging create mode 100644 pkgs/core/network/src/functions.ports copy pkgs/core/{firewall/src/functions => network/src/functions.red} (50%) copy pkgs/core/{firewall/src/functions => network/src/functions.routing} (53%) create mode 100644 pkgs/core/network/src/functions.stp create mode 100644 pkgs/core/network/src/functions.util create mode 100644 pkgs/core/network/src/functions.virtual create mode 100644 pkgs/core/network/src/functions.zone copy src/install/root/.bash_profile => pkgs/core/network/src/header-config (76%) copy pkgs/core/network/src/{ppp/ip-updown => header-port} (75%) create mode 100644 pkgs/core/network/src/header-zone delete mode 100644 pkgs/core/network/src/hook-header delete mode 100644 pkgs/core/network/src/hooks/README delete mode 100755 pkgs/core/network/src/hooks/bonding delete mode 100755 pkgs/core/network/src/hooks/ethernet delete mode 100755 pkgs/core/network/src/hooks/ipv4-dhcp delete mode 100755 pkgs/core/network/src/hooks/ipv4-static delete mode 100755 pkgs/core/network/src/hooks/ipv4-static-route delete mode 100755 pkgs/core/network/src/hooks/mtu create mode 100755 pkgs/core/network/src/hooks/ports/bonding create mode 100755 pkgs/core/network/src/hooks/ports/ethernet create mode 100755 pkgs/core/network/src/hooks/ports/virtual delete mode 100755 pkgs/core/network/src/hooks/pppoe delete mode 100755 pkgs/core/network/src/hooks/pppoe.helper delete mode 100755 pkgs/core/network/src/hooks/stp delete mode 100755 pkgs/core/network/src/hooks/vlan create mode 100755 pkgs/core/network/src/hooks/zones/bridge create mode 100755 pkgs/core/network/src/hooks/zones/bridge.configs/ipv4-static create mode 100755 pkgs/core/network/src/hooks/zones/bridge.configs/ipv6-static create mode 120000 pkgs/core/network/src/hooks/zones/bridge.ports/bonding create mode 100755 pkgs/core/network/src/hooks/zones/bridge.ports/ethernet create mode 120000 pkgs/core/network/src/hooks/zones/bridge.ports/virtual create mode 100755 pkgs/core/network/src/hooks/zones/pppoe create mode 120000 pkgs/core/network/src/hooks/zones/pppoe.ports/bonding copy pkgs/core/{firewall/src/functions => network/src/hooks/zones/pppoe.ports/ethernet} (51%) create mode 120000 pkgs/core/network/src/hooks/zones/pppoe.ports/virtual mode change 100644 => 100755 pkgs/core/network/src/network mode change 100644 => 100755 pkgs/core/network/src/ppp/ip-updown delete mode 100755 pkgs/core/network/src/zone create mode 100644 pkgs/core/squashfs-tools/patches/squashfs-cflags.patch create mode 100644 pkgs/core/squashfs-tools/patches/squashfs-xz.patch delete mode 100644 pkgs/core/udev/rules/60-net.rules
Difference in files: diff --git a/pkgs/core/ccache/ccache.nm b/pkgs/core/ccache/ccache.nm index c9b5372..e8a8768 100644 --- a/pkgs/core/ccache/ccache.nm +++ b/pkgs/core/ccache/ccache.nm @@ -25,7 +25,7 @@ include $(PKGROOT)/Include
PKG_NAME = ccache -PKG_VER = 3.0 +PKG_VER = 3.0.1 PKG_REL = 0
PKG_MAINTAINER = diff --git a/pkgs/core/ethtool/ethtool.nm b/pkgs/core/ethtool/ethtool.nm new file mode 100644 index 0000000..74a03a4 --- /dev/null +++ b/pkgs/core/ethtool/ethtool.nm @@ -0,0 +1,46 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include $(PKGROOT)/Include + +PKG_NAME = ethtool +PKG_VER = 2.6.34 +PKG_REL = 0 + +PKG_MAINTAINER = +PKG_GROUP = Applications/System +PKG_URL = http://sourceforge.net/projects/gkernel/ +PKG_LICENSE = GPLv2 +PKG_SUMMARY = Ethernet settings tool for PCI ethernet cards. + +define PKG_DESCRIPTION + This utility allows querying and changing settings such as speed, \ + port, autonegotiation, PCI locations and checksum offload on many \ + network devices, especially of ethernet devices. +endef + +PKG_TARBALL = $(THISAPP).tar.gz + +CONFIGURE_OPTIONS += \ + --sbindir=/sbin diff --git a/pkgs/core/firewall/firewall-reload.init b/pkgs/core/firewall/firewall-reload.init new file mode 100644 index 0000000..1f8c078 --- /dev/null +++ b/pkgs/core/firewall/firewall-reload.init @@ -0,0 +1,8 @@ +description "Reloads the firewall" +author "IPFire Team" + +start on firewall-reload and started firewall + +script + firewall restart +end script diff --git a/pkgs/core/freeradius/freeradius.nm b/pkgs/core/freeradius/freeradius.nm index 95f9924..eadaad0 100644 --- a/pkgs/core/freeradius/freeradius.nm +++ b/pkgs/core/freeradius/freeradius.nm @@ -25,7 +25,7 @@ include $(PKGROOT)/Include
PKG_NAME = freeradius-server -PKG_VER = 2.1.6 +PKG_VER = 2.1.9 PKG_REL = 0
PKG_MAINTAINER = @@ -45,7 +45,7 @@ define PKG_DESCRIPTION Network Access Servers to perform authentication for dial-up users. endef
-PKG_TARBALL = $(THISAPP).tar.bz2 +PKG_TARBALL = $(THISAPP).tar.gz
define QUALITY_AGENT_WHITELIST_RPATH /usr/lib/freeradius diff --git a/pkgs/core/initscripts/sysctl.conf b/pkgs/core/initscripts/sysctl.conf index bcf90e8..25d8c92 100644 --- a/pkgs/core/initscripts/sysctl.conf +++ b/pkgs/core/initscripts/sysctl.conf @@ -21,4 +21,8 @@ net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.all.log_martians = 1
+# IPv6 settings +net.ipv6.conf.default.forwarding = 1 +net.ipv6.conf.default.autoconf = 0 + kernel.printk = 1 4 1 7 diff --git a/pkgs/core/network/60-network.rules b/pkgs/core/network/60-network.rules new file mode 100644 index 0000000..39bf4cd --- /dev/null +++ b/pkgs/core/network/60-network.rules @@ -0,0 +1 @@ +KERNEL=="eth*", NAME="port%n" diff --git a/pkgs/core/network/network.nm b/pkgs/core/network/network.nm index 161923c..cd2aacc 100644 --- a/pkgs/core/network/network.nm +++ b/pkgs/core/network/network.nm @@ -34,30 +34,34 @@ PKG_URL = http://www.ipfire.org/ PKG_LICENSE = GPLv3+ PKG_SUMMARY = The IPFire Networking Scripts.
-PKG_DEPS += dhcp iproute2 ppp sqlite vlan +PKG_DEPS += bash brctl coreutils dhcp grep iproute2 ppp sqlite upstart vlan
define PKG_DESCRIPTION This script installs the IPFire Networking Scripts. endef
-DIR_APP = $(DIR_SOURCE)/src - PKG_TARBALL =
-STAGE_PREPARE = # Do nothing +define STAGE_PREPARE + cp -vrf $(DIR_SOURCE)/src $(DIR_APP) +endef + STAGE_BUILD = # Do nothing
define STAGE_INSTALL - -mkdir -pv $(BUILDROOT)/etc/ppp - -mkdir -pv $(BUILDROOT)/lib/network + -mkdir -pv $(BUILDROOT)/etc/{network,ppp} + -mkdir -pv $(BUILDROOT)/lib/{network,udev/rules.d} -mkdir -pv $(BUILDROOT)/sbin -mkdir -pv $(BUILDROOT)/var/log/network
install -m 755 -v $(DIR_APP)/network $(BUILDROOT)/sbin
- cp -rfv $(DIR_APP)/{hooks,hook-header,functions*,zone} $(BUILDROOT)/lib/network/ + cp -rfv $(DIR_APP)/{hooks,header*,functions*} $(BUILDROOT)/lib/network/
install -m 755 -v $(DIR_APP)/ppp/ip-updown $(BUILDROOT)/etc/ppp + ln -svf ip-updown $(BUILDROOT)/etc/ppp/ip-pre-up ln -svf ip-updown $(BUILDROOT)/etc/ppp/ip-up ln -svf ip-updown $(BUILDROOT)/etc/ppp/ip-down + + cp -vf $(DIR_SOURCE)/60-network.rules $(BUILDROOT)/lib/udev/rules.d/ endef diff --git a/pkgs/core/network/src/functions b/pkgs/core/network/src/functions index f4a7fa1..89a4ed0 100644 --- a/pkgs/core/network/src/functions +++ b/pkgs/core/network/src/functions @@ -1,678 +1,46 @@ -#!/bin/sh -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2009 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### +#!/bin/bash
-HOME_DIR=${HOME_DIR-/lib/network} -CONFIG_DIR=/etc/network -HOOKS_DIR=${HOME_DIR}/hooks -LOG_DIR=/var/log/network +INIT_FUNCTIONS=""
-CONNECTIONS_FILE=/var/log/network/connections.db - -CONFIG_ZONES=${CONFIG_DIR}/zones -CONFIG_PORTS=${CONFIG_DIR}/ports -CONFIG_HOOKS=${CONFIG_DIR}/hooks -CONFIG_PPP=${CONFIG_DIR}/ppp -CONFIG_UUIDS=${CONFIG_DIR}/uuids - -# Create config directories -for dir in ${CONFIG_ZONES} ${CONFIG_PORTS} ${CONFIG_HOOKS} ${CONFIG_PPP} ${CONFIG_UUIDS}; do - [ -d "${dir}" ] && continue - mkdir -p "${dir}" -done - -COMMON_DEVICE=port+ - -EXIT_OK=0 -EXIT_ERROR=1 -EXIT_CONF_ERROR=2 - -VALID_ZONES="green orange red grey" - -[ -n "${DEBUG}" ] || DEBUG= -[ -n "${VERBOSE}" ] || VERBOSE= - -function is_mac() { - [[ $1 =~ ^[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]:[0-9a-f][0-9a-f]$ ]] -} - -function is_uuid() { - local string=${1} - - # Length must be 37 characters - if [ ${#string} -eq 36 ] \ - && [ "${string:8:1}" = "-" ] \ - && [ "${string:13:1}" = "-" ] \ - && [ "${string:18:1}" = "-" ] \ - && [ "${string:23:1}" = "-" ]; then - return ${EXIT_OK} - fi - return ${EXIT_ERROR} -} - -function get_device_by_mac() { - local mac=${1} - local device - - for device in /sys/class/net/*; do - [ -d "${device}" ] || continue - if [ "$(cat $device/address)" = "$mac" ]; then - device=${device##*/} - # Skip virtual devices - if [ -e "/proc/net/vlan/$device" ]; then - continue - fi - # Skip zones - if zone_exists ${device}; then - continue - fi - echo ${device} - return 0 - fi - done - return 1 -} - -function get_device_by_mac_and_vid() { - local mac=$1 - local vid=$2 - - local i - local VID - local DEVICE - if [ -e "/proc/net/vlan/config" ]; then - grep '|' /proc/net/vlan/config | sed "s/|//g" | \ - while read DEVICE VID PARENT; do - if [ "${vid}" = "${VID}" ] && [ "$(macify ${PARENT})" = "${mac}" ]; then - echo "${DEVICE}" - return 0 - fi - done - fi - return 1 -} - -function get_device() { - if [ ${#@} -gt 1 ]; then - get_device_by_mac_and_vid $@ - else - get_device_by_mac $@ - fi -} - -function get_mac_by_device() { - local device - device=$1 - if [ -d "/sys/class/net/$device" ]; then - cat /sys/class/net/$device/address - return 0 - fi - return 1 -} - -function get_mac() { - get_mac_by_device $@ -} - -function devicify() { - local device=${1} - local mac - - [ -n "${device}" ] || return 1 - - if is_mac ${device}; then - mac=${device} - device=$(get_device_by_mac ${device}) - fi - if [ -n "${device}" ]; then - echo ${device} - return 0 - else - echo "devicify: Could not find device of $@" >&2 - return 1 - fi -} - -function macify() { - local input=${1} - local mac - - if is_mac ${input}; then - mac=${input} - else - mac=$(get_mac_by_device ${input}) - fi - echo ${mac} -} - -function device_exists() { - [ -n "${1}" ] || return ${EXIT_ERROR} - local device=$(devicify ${1}) - [ -n "${device}" ] || return ${EXIT_ERROR} - ip link show ${device} &>/dev/null -} - -function device_is_bonding() { - [ -d "/sys/class/net/${1}/bonding" ] -} - -function device_is_bonded() { - local dev - for dev in /sys/class/net/*; do - # Skip crappy files - [ -d "${dev}" ] || continue - - # Continue if not a bonding device - device_is_bonding "${dev##*/}" || continue - - if grep -q "<${1}>" ${dev}/bonding/slaves; then - return 0 - fi - done - return 1 -} - -function device_is_bridge() { - [ -d "/sys/class/net/${1}/bridge" ] -} - -function device_is_up() { - ip link show $(devicify ${1}) 2>/dev/null | grep -qE "<.*UP.*>" -} - -function device_is_vlan() { - if [ ! -e "/proc/net/vlan/config" ]; then - return 1 - fi - grep -q "^${1}" /proc/net/vlan/config -} - -function device_is_ppp() { - # XXX need something better - [ "${1:0:3}" = "ppp" ] -} - -function device_is_loopback() { - local device=$(devicify ${1}) - [ "${device}" = "lo" ] -} - -function device_is_real() { - local device=${1} - - device_is_loopback ${device} && \ - return ${EXIT_ERROR} - - device_is_bonding ${device} && \ - return ${EXIT_ERROR} - - device_is_bridge ${device} && \ - return ${EXIT_ERROR} - - device_is_ppp ${device} && \ - return ${EXIT_ERROR} - - device_is_vlan ${device} && \ - return ${EXIT_ERROR} - - return ${EXIT_OK} -} - -function device_type() { - local device=$(devicify ${1}) - - if device_is_vlan ${device}; then - echo "vlan" - - elif device_is_bonding ${device}; then - echo "bonding" - - elif device_is_bridge ${device}; then - echo "bridge" - - elif device_is_ppp ${device}; then - echo "ppp" - - elif device_is_loopback ${device}; then - echo "loopback" - - elif device_is_real ${device}; then - echo "real" - - else - echo "unknown" - fi -} - -function device_has_vlans() { - if [ ! -e "/proc/net/vlan/config" ]; then - return 1 - fi - grep -q "${1}$" /proc/net/vlan/config -} - -function device_has_carrier() { - local device=$(devicify ${1}) - [ "$(</sys/class/net/${device}/carrier)" = "1" ] -} - -function device_get_free() { - local destination=${1} - - # Replace + by a valid number - if grep -q "+$" <<<${destination}; then - local number=0 - destination=$(sed -e "s/+//" <<<$destination) - while [ "${number}" -le "100" ]; do - if ! device_exists "${destination}${number}"; then - destination="${destination}${number}" - break - fi - number=$(($number + 1)) - done - fi - echo "${destination}" -} - -function device_rename() { - local source=$1 - local destination=$(device_get_free ${2}) - - # Check if devices exists - if ! device_exists ${source} || device_exists ${destination}; then - return 4 - fi - - local up - if device_is_up ${source}; then - ip link set ${source} down - up=1 - fi - - ip link set ${source} name ${destination} - - if [ "${up}" = "1" ]; then - ip link set ${destination} up - fi -} - -function hook_exists() { - [ -x "${HOOKS_DIR}/${1}" ] -} - -function port_exists() { - device_exists $@ -} - -function port_is_up() { - port_exists $@ && device_is_up $@ -} - -function zone_exists() { - [ -e "$CONFIG_ZONES/${1}" ] -} - -function zone_is_up() { - zone_exists $@ && device_is_up $@ -} - -function zone_is_forwarding() { - local seconds=45 - local zone=${1} - - local device - while [ ${seconds} -gt 0 ]; do - for device in /sys/class/net/${zone}/brif/*; do - [ -e "${device}/state" ] || continue - if [ "$(<${device}/state)" = "3" ]; then - return ${EXIT_OK} - fi - done - sleep 1 - seconds=$((${seconds} - 1)) - done - return ${EXIT_ERROR} -} - -function bridge_devices() { - local bridge=$1 - [ -z "${bridge}" ] && return 2 - brctl show | grep "^${bridge}" | awk '{ print $NF }' | grep -v "^interfaces$" -} - -function zone_add_port() { - local zone=${1} - local port=${2} - - brctl addif ${zone} ${port} -} - -function zone_del_port() { - local zone=${1} - local port=${2} - - brctl delif ${zone} ${port} -} - -function zone_list() { - local zone - for zone in $(find ${CONFIG_ZONES}/* 2>/dev/null); do - [ -d "${zone}" ] && echo ${zone} - done -} - -function zone_is_red() { - local zone=${1} - [ "${zone#red}" != "${zone}" ] +function init_register() { + INIT_FUNCTIONS="${INIT_FUNCTIONS} $@" }
-function _run_hooks() { - local action - local type - - while [ $# -gt 0 ]; do - case "${1}" in - --type=*) - type=${1#--type=} - ;; - *) - action="${1}" - shift; break - ;; - esac - shift - done - - local dir=${1}; shift - local failed - local hook - local hooks - - if [ -z "${action}" ] || [ -z "${dir}" ]; then - echo "Not enough parameters given." >&2 - return 1 - fi - - for hook in $(find ${dir}); do - # Skip dirs - [ -d "${hook}" ] && continue - - ( - . ${hook} - # Skip hooks that are not of the given type - if [ -n "${type}" ] && [ "$(hook_type ${HOOK})" != "${type}" ]; then - continue - fi - if [ -n "${HOOK}" ]; then - hook_run ${HOOK} --config=${hook} $@ ${action} - RET=$? - else - echo -e "${FAILURE}Unable to process ${hook}. Either" - echo -e "${FAILURE}the HOOK variable was not set," - echo -e "${FAILURE}or the specified hook cannot be executed." - message="" - log_failure_msg - fi - exit ${RET} - ) || failed=1 +function init_run() { + local init + for init in ${INIT_FUNCTIONS}; do + ${init} done - - return ${failed} -} - -function hooks_run_all() { - _run_hooks $@ -} - -function hooks_run_ports() { - _run_hooks --type="port" $@ -} - -function hooks_run_zones() { - _run_hooks --type="zone" $@ -} - -function hook_type() { - local hook=${1} - ( - eval $(${HOOKS_DIR}/${hook} info) - echo "${HOOK_TYPE}" - ) -} - -function hook_list() { - local type=${1} - local hook - for hook in ${HOOKS_DIR}/*; do - [ -x "${hook}" ] || continue - - hook=${hook##*/} - - [[ ${hook} =~ helper$ ]] && continue - - if [ -n "${type}" ] && [ "$(hook_type ${hook})" != "${type}" ]; then - continue - fi - echo "${hook}" - done -} - -function config_get_hook() { - local config=${1} - if [ ! -e "${config}" ]; then - log_failure_msg "Config file "${config}" does not exist." - return ${EXIT_ERROR} - fi - ( . ${config}; echo ${HOOK} ) }
-function hook_run() { - local hook=${1} - shift - - if ! hook_exists ${hook}; then - log_failure_msg "Hook ${hook} cannot be found or is not executeable." - return ${EXIT_ERROR} - fi - [ -n "${DEBUG}" ] && echo "Running hook: ${hook} $@" - DEBUG=${DEBUG} VERBOSE=${VERBOSE} ${HOOKS_DIR}/${hook} $@ - return $? -} - -function hook_run_multiple() { - local zone - local config - local hook - local hook_type2 - local type - - while [ "$#" -gt "0" ]; do - case "${1}" in - --type=*) - type=${1#--type=} - ;; - *) - zone=${1} - break - ;; - esac - shift - done - - if ! zone_exists ${zone}; then - return ${EXIT_ERROR} - fi - - for config in $(find ${CONFIG_ZONES}/${zone} 2>/dev/null); do - hook=$(config_get_hook ${config}) - if [ -n "${type}" ]; then - hook_type2=$(hook_type ${hook}) - if [ "${type}" != "${hook_type2}" ]; then - continue - fi - fi - hook_run ${hook} $@ - done -} - -function zone_run() { - local zone=${1} - shift - - if ! zone_exists ${zone}; then - log_failure_msg "Zone ${zone} does not exist." - exit ${EXIT_ERROR} - fi - decho "Running zone: ${zone} $@" - DEBUG=${DEBUG} VERBOSE=${VERBOSE} ${HOME_DIR}/zone --zone=${zone} $@ -} - -function zone_valid_name() { - local zone=${1} - local match - - local i - for i in ${VALID_ZONES}; do - match="${match}|${i}[0-9]{1,5}" - done - [[ ${zone} =~ ${match:1:${#match}} ]] -} - -function isset() { - local key=${1} - [ -n "${!key}" ] && return - if [[ ${key} =~ port|zone ]]; then - echo "ERROR: The --${key} flag is not set." >&2 - else - echo "ERROR: The "${key}" variable is not set properly." >&2 - fi - return 1 -} - -# Test if device is attached to the given bridge -function zone_has_device_attached () { - local zone=${1} - local device=${2} - - [ -d "/sys/class/net/${zone}/brif/${device}" ] -} - -function device_has_ipv4() { - local device=${1} - local ip=${2} - ip addr show ${device} | grep inet | fgrep -q ${ip} -} - -function check_config() { - local failed - local i - - for i in $@; do - isset ${i} || failed=1 - done - if [ "${failed}" = "1" ]; then - echo "Exiting..." - exit ${EXIT_ERROR} - fi -} - -function mac_generate() { - local mac="00" - while [ "${#mac}" -lt 15 ]; do - mac="${mac}:$(cut -c 1-2 /proc/sys/kernel/random/uuid)" - done - echo "${mac}" -} - -function connection() { - local action - - local dns - local interface - local iplocal - local ipremote - local name - local status - local weight - local zone - - while [ $# -gt 0 ]; do - case "${1}" in - --up) - action="up" - ;; - --down) - action="down" - ;; - --starting) - action="starting" - ;; - --stopping) - action="stopping" - ;; - --name=*) - name=${1#--name=} - ;; - --zone=*) - zone=${1#--zone=} - zone_is_red ${zone} || return 0 - ;; - --interface=*) - interface=${1#--interface=} - ;; - --iplocal=*) - iplocal=${1#--iplocal=} - ;; - --ipremote=*) - ipremote=${1#--ipremote=} - ;; - --weight=*) - weight=${1#--weight=} - ;; - --dns=*) - dns=${1#--dns=} - ;; - esac - shift - done - - if [ ! -e "${CONNECTIONS_FILE}" ]; then - sqlite3 -batch ${CONNECTIONS_FILE} <<EOF -CREATE TABLE connections(name, zone, interface, iplocal, ipremote, weight, dns, status); -EOF - fi - - if [ -z "${zone}" ]; then - return 2 - fi - - status=${action} - - sqlite3 -batch ${CONNECTIONS_FILE} <<EOF -DELETE FROM connections WHERE zone = '${zone}'; -INSERT INTO connections(name, zone, interface, iplocal, ipremote, weight, dns, status) - VALUES('${name}', '${zone}', '${interface}', '${iplocal}', '${ipremote}', '${weight}', '${dns}', '${status}'); -EOF - -} +for file in /lib/network/functions.*; do + . ${file} +done
-function uuid() { - cat /proc/sys/kernel/random/uuid -} +# Reading in network tool configuration +network_config_read + +# Create run dir +if ! [ -d "${RUN_DIR}" ]; then + mkdir ${RUN_DIR} +fi + +# Set colour mode +case "${COLOURS}" in + auto) + colours_auto_disable + ;; + off|0) + colours_disable + ;; + on|1) + # Do nothing + ;; + *) + warning_log "Unknown parameter given for COLOURS: ${COLOURS}" + ;; +esac + +if [ "$(basename ${0})" = "network" ]; then + init_run +fi diff --git a/pkgs/core/network/src/functions.bonding b/pkgs/core/network/src/functions.bonding new file mode 100644 index 0000000..74a4d09 --- /dev/null +++ b/pkgs/core/network/src/functions.bonding @@ -0,0 +1,140 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +function bonding_init() { + if ! grep -q "^bonding" /proc/modules; then + modprobe bonding + + bonding_remove bond0 + fi +} + +init_register bonding_init + +function bonding_create() { + local device=${1} + local mac=${2} + + [ -z "${mac}" ] && mac=$(mac_generate) + + log INFO "Creating bonding device '${device}' (${mac})." + + echo "+${device}" > /sys/class/net/bonding_masters + device_set_address ${device} ${mac} + device_set_up ${device} +} + +function bonding_remove() { + local device=$(devicify ${1}) + + assert isset device + + log INFO "Remove bonding device '${device}'." + + device_set_down ${device} + echo "-${device}" > /sys/class/net/bonding_masters +} + +function bonding_set_mode() { + local device=${1} + local mode=${2} + + log INFO "Setting bonding mode on '${device}' '${mode}'." + + echo "${mode}" > /sys/class/net/${device}/bonding/mode +} + +function bonding_get_mode() { + local device=${1} + + local mode mode_num + read mode mode_num < ${SYS_CLASS_NET}/${device}/bonding/mode + echo "${mode}" +} + +function bonding_enslave_device() { + local device=$(devicify ${1}) + local slave=$(devicify ${2}) + shift 2 + + assert isset device + assert isset slave + + log INFO "Enslaving slave '${slave}' to '${device}'." + + device_set_down ${slave} + echo "+${slave}" > /sys/class/net/${device}/bonding/slaves +} + +function bonding_get_slaves() { + local device=${1} + + cat ${SYS_CLASS_NET}/${device}/bonding/slaves +} + +function bonding_get_active_slave() { + local device=${1} + + cat ${SYS_CLASS_NET}/${device}/bonding/active_slave +} + +# XXX function bonding_get_lacp_rate? + +function bonding_get_miimon() { + local device=${1} + + cat ${SYS_CLASS_NET}/${device}/bonding/miimon +} + +function bonding_set_miimon() { + local device=${1} + local miimon=${2} + + echo "${miimon}" > ${SYS_CLASS_NET}/${device}/bonding/miimon +} + +function bonding_device_print() { + local device=${1} + + ethernet_device_print ${device} + + echo # Empty line + + printf "${DEVICE_PRINT_LINE1}" "Mode:" "$(bonding_get_mode ${device})" + printf "${DEVICE_PRINT_LINE1}" "Slaves:" "$(bonding_get_slaves ${device})" +} + +function bonding_slave_get_master() { + local slave=${1} + + assert isset slave + assert device_is_bonded ${slave} + + local device + for device in $(devices_get_all); do + if device_is_bonding ${device} && listmatch ${slave} $(bonding_get_slaves ${device}); then + echo "${device}" + return ${EXIT_OK} + fi + done + + return ${EXIT_ERROR} +} diff --git a/pkgs/core/network/src/functions.bridge b/pkgs/core/network/src/functions.bridge new file mode 100644 index 0000000..edf54be --- /dev/null +++ b/pkgs/core/network/src/functions.bridge @@ -0,0 +1,117 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +function bridge_attach_device() { + local bridge=${1} + local device=${2} + + assert isset bridge + assert isset device + + assert device_exists ${bridge} + assert device_exists ${device} + + # If device is already attached, exit silently + if listmatch ${device} $(bridge_get_members ${bridge}); then + return ${EXIT_OK} + fi + + log INFO "Attaching device '${device}' to bridge '${bridge}'." + + brctl addif ${bridge} ${device} +} + +function bridge_detach_device() { + local bridge=${1} + local device=${2} + + assert isset bridge + assert isset device + + if ! device_exists ${bridge}; then + error "Bridge '${bridge}' does not exist." + return ${EXIT_ERROR} + fi + + if ! device_exists ${device}; then + return ${EXIT_OK} + fi + + # If device is not attached, exit silently + if ! listmatch ${device} $(bridge_get_members ${bridge}); then + return ${EXIT_OK} + fi + + log INFO "Detaching device '${device}' from bridge '${bridge}'." + + brctl delif ${bridge} ${device} +} + +function bridge_get_members() { + local bridge=${1} + + assert isset bridge + + local member + for member in ${SYS_CLASS_NET}/${bridge}/brif/*; do + member=$(basename ${member}) + if device_exists ${member}; then + echo "${member}" + fi + done +} + +function bridge_is_forwarding() { + local seconds=45 + local zone=${1} + + bridge_has_carrier ${zone} || return ${EXIT_ERROR} + + local device + while [ ${seconds} -gt 0 ]; do + for device in ${SYS_CLASS_NET}/${zone}/brif/*; do + [ -e "${device}/state" ] || continue + if [ "$(<${device}/state)" = "3" ]; then + return ${EXIT_OK} + fi + done + sleep 1 + seconds=$((${seconds} - 1)) + done + + return ${EXIT_ERROR} +} + +function bridge_has_carrier() { + local zone=${1} + + local has_carrier=${EXIT_ERROR} + + local device + for device in ${SYS_CLASS_NET}/${zone}/brif/*; do + device=$(basename ${device}) + device_exists ${device} || continue + + device_has_carrier ${device} && has_carrier=${EXIT_OK} + done + + return ${has_carrier} +} diff --git a/pkgs/core/network/src/functions.cli b/pkgs/core/network/src/functions.cli new file mode 100644 index 0000000..9339a7b --- /dev/null +++ b/pkgs/core/network/src/functions.cli @@ -0,0 +1,507 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +function cli_config() { + if cli_help_requested $@; then + cli_usage root-config + exit ${EXIT_OK} + fi + + if [ -n "${1}" ]; then + network_config_set $@ + else + network_config_print + fi +} + +function cli_device() { + if device_config_exists ${1}; then + local device=${1} + local action=${2} + shift 2 + + case "${action}" in + down|up) + device_${action} ${device} $@ + ;; + esac + else + local action=${1} + shift + + case "${action}" in + create) + device_${action} $@ + ;; + + discover) + echo "# XXX need to implement --raw here" + local device + for device in ${devices}; do + cli_device_discover ${device} $@ + done + ;; + + show|"") + local device + for device in $(device_get $@); do + device_print ${device} + done + ;; + *) + cli_usage device + ;; + esac + fi +} + +function cli_device_discover() { + local device=${1} + shift + + local device_type=$(device_get_type ${device}) + if [ "${device_type}" != "real" ]; then + return ${EXIT_OK} + fi + + local raw + + while [ $# -gt 0 ]; do + case "${1}" in + --raw) + raw=1 + ;; + esac + shift + done + + local up + device_is_up ${device} && up=1 + device_set_up ${device} + + enabled raw || echo "${device}" + + local hook + local out + local ret + for hook in $(hook_zone_get_all); do + out=$(hook_zone_exec ${hook} discover ${device}) + ret=$? + + [ ${ret} -eq ${DISCOVER_NOT_SUPPORTED} ] && continue + + if enabled raw; then + case "${ret}" in + ${DISCOVER_OK}) + echo "${hook}: OK" + local line + while read line; do + echo "${hook}: ${line}" + done <<<"${out}" + ;; + + ${DISCOVER_ERROR}) + echo "${hook}: FAILED" + ;; + esac + else + case "${ret}" in + ${DISCOVER_OK}) + echo " ${hook} was successful." + local line + while read line; do + echo " ${line}" + done <<<"${out}" + ;; + + ${DISCOVER_ERROR}) + echo " ${hook} failed." + ;; + esac + fi + done + + echo # New line + + [ "${up}" = "1" ] || device_set_down ${device} +} + +function cli_port() { + if cli_help_requested $@; then + cli_usage root-port + exit ${EXIT_OK} + fi + + local action + local port + + if port_exists ${1}; then + port=${1} + action=${2} + shift 2 + + # Action aliases + case "${action}" in + start) + action="up" + ;; + stop) + action="down" + ;; + show) + action="status" + ;; + esac + + case "${action}" in + edit|up|down|status) + port_${action} ${port} $@ + ;; + *) + error "Unrecognized argument: ${action}" + exit ${EXIT_ERROR} + ;; + esac + else + action=${1} + shift + + case "${action}" in + create|destroy) + port_${action} $@ + ;; + *) + error "Unrecognized argument: ${action}" + exit ${EXIT_ERROR} + ;; + esac + fi +} + +function cli_zone() { + if cli_help_requested $@; then + cli_usage root-zone + exit ${EXIT_OK} + fi + + local action + local zone + + if zone_name_is_valid ${1}; then + zone=${1} + action=${2} + shift 2 + + # Action aliases + case "${action}" in + start) + action="up" + ;; + stop) + action="down" + ;; + show) + action="status" + ;; + esac + + case "${action}" in + config|down|edit|port|status|up) + zone_${action} ${zone} $@ + ;; + *) + error "Unrecognized argument: ${action}" + cli_usage root-zone-subcommands + exit ${EXIT_ERROR} + ;; + esac + else + action=${1} + shift + + case "${action}" in + create|remove) + zone_${action} $@ + ;; + ""|*) + if [ -n "${action}" ]; then + error "Unrecognized argument: '${action}'" + echo + fi + + cli_usage root-zone + exit ${EXIT_ERROR} + ;; + esac + fi +} + +function cli_start() { + if cli_help_requested $@; then + cli_usage root-start + exit ${EXIT_OK} + fi + + local zones=$(zones_get $@) + + local zone + for zone in ${zones}; do + zone_up ${zone} + done +} + +function cli_stop() { + if cli_help_requested $@; then + cli_usage root-stop + exit ${EXIT_OK} + fi + + local zones=$(zones_get $@) + + local zone + for zone in ${zones}; do + zone_down ${zone} + done +} + +function cli_restart() { + if cli_help_requested $@; then + cli_usage root-restart + exit ${EXIT_OK} + fi + + cli_stop $@ + + # Give the system some time to calm down + sleep ${TIMEOUT_RESTART} + + cli_start $@ +} + +function cli_status() { + if cli_help_requested $@; then + cli_usage root-status + exit ${EXIT_OK} + fi + + local zones=$(zones_get $@) + + local zone + for zone in ${zones}; do + zone_status ${zone} + done +} + +function cli_reset() { + if cli_help_requested $@; then + cli_usage root-reset + exit ${EXIT_OK} + fi + + warning_log "Will reset the whole network configuration!!!" + + # Force mode is disabled by default + local force=0 + + while [ $# -gt 0 ]; do + case "${1}" in + --force|-f) + force=1 + ;; + esac + shift + done + + # If we are not running in force mode, we ask the user if he does know + # what he is doing. + if ! enabled force; then + if ! cli_yesno "Do you really want to reset the whole network configuration?"; then + exit ${EXIT_ERROR} + fi + fi + + local zone + for zone in $(zones_get --all); do + zone_remove ${zone} + done + + local port + for port in $(ports_get --all); do + port_remove ${port} + done + + # XXX recreate ethernet ports + + exit ${EXIT_OK} +} + +function cli_help_requested() { + local argument="${1}" + + if [ -n "${argument}" ]; then + if listmatch ${argument} help -h --help; then + return ${EXIT_OK} + fi + fi + + return ${EXIT_ERROR} +} + +function cli_usage() { + local what=${1} + + case "${what}" in + root) + echo "${0}: [command] <options ...>" + echo + echo " start - ..." + echo " stop - ..." + echo " restart - ..." + echo " status - ..." + echo + echo " config - ..." + echo + echo " device - ..." + echo " zone - ..." + echo + ;; + root-config) + echo "${0}: ${what#root-} [KEY=VAL, ...]" + echo + echo " This command allows setting of global configuration parameters." + echo + echo " If no additional arguments are passed it will list the current configuration." + echo + echo " You can overwrite the settings like the following:" + echo + echo " ${0} ${what#root-} DEBUG=1 ..." + echo + ;; + root-reset) + echo "${0}: ${what#root-} [--force | -f]" + echo + echo " This command resets the network configuration." + echo + echo " Will delete all zones and ports." + echo + echo -e " ${COLOUR_RED}USE WITH CAUTION!${COLOUR_NORMAL}" + echo + ;; + root-start|root-stop|root-restart) + echo "${0}: ${what#root-} [--local-only|--remote-only|--all|<zone>...]" + echo + echo " This commands ${what#root-}s all zones by default." + echo " One can pass several parameters to only process a subset of all" + echo " available zones:" + echo + echo -e " ${COLOUR_BOLD}--local-only${COLOUR_NORMAL}" + echo " Process all local zones which includes every zone without red." + echo + echo -e " ${COLOUR_BOLD}--remote-only${COLOUR_NORMAL}" + echo " Process all remote zones which means only the red ones." + echo + echo -e " ${COLOUR_BOLD}--all${COLOUR_NORMAL}" + echo " Process all zones. This is the default parameter." + echo + echo " Additionally, you can pass one or more zone names which will" + echo " be processed." + echo + ;; + root-status) + echo "${0}: ${what#root-} [--local-only|--remote-only|--all|<zone>...]" + echo + echo " This commands shows status information of all zones by default." + echo " One can pass several parameters to only process a subset of all" + echo " available zones:" + echo + echo -e " ${COLOUR_BOLD}--local-only${COLOUR_NORMAL}" + echo " Process all local zones which includes every zone without red." + echo + echo -e " ${COLOUR_BOLD}--remote-only${COLOUR_NORMAL}" + echo " Process all remote zones which means only the red ones." + echo + echo -e " ${COLOUR_BOLD}--all${COLOUR_NORMAL}" + echo " Process all zones. This is the default parameter." + echo + echo " Additionally, you can pass one or more zone names which will" + echo " be processed." + echo + ;; + root-zone) + echo "${0}: ${what#root-} <create|remove> <zone> [<type> <options...>]" + echo + echo " Create or remove a zone." + echo + echo -e " ${COLOUR_BOLD}create <zone> <type> <options>${COLOUR_NORMAL}" + echo " Create a new zone of type <type> where <zone> is an allowed" + echo " zone name." + echo + echo -e " ${COLOUR_BOLD}remove <zone>${COLOUR_NORMAL}" + echo " Remove the zone <zone>." + echo + echo " You may also edit the configuration of the zones." + echo + echo -e " ${COLOUR_BOLD}<zone> ...${COLOUR_NORMAL}" + echo " Edit the zone <zone>." + echo + ;; + usage) + echo + echo " Run '${0} help' to get information how to use this tool." + echo + ;; + *) + error "No help available for this command '${what}'." + echo + ;; + esac + + echo "Network configuration tool. Report all bugs to http://bugs.ipfire.org." +} + +function cli_status_headline() { + local zone=${1} + + local state="${COLOUR_DOWN}DOWN${COLOUR_NORMAL}" + zone_is_up ${zone} && state="${COLOUR_UP}UP${COLOUR_NORMAL}" + + echo -e "${zone} - ${state} - $(zone_get_hook ${zone})" +} + +function cli_headline() { + echo + echo -e "${COLOUR_BOLD}$@${COLOUR_NORMAL}" +} + +function cli_yesno() { + local message="$@ [y/N] " + local yesno + + echo + echo -ne "${message}" + read yesno + + if listmatch ${yesno} y Y j J yes YES Yes; then + return ${EXIT_OK} + fi + + return ${EXIT_ERROR} +} diff --git a/pkgs/core/network/src/functions.colors b/pkgs/core/network/src/functions.colors new file mode 100644 index 0000000..c0de260 --- /dev/null +++ b/pkgs/core/network/src/functions.colors @@ -0,0 +1,53 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +COLOUR_GREEN="\033[1;32m" +COLOUR_RED="\033[1;31m" +COLOUR_NORMAL="\033[0;39m" +COLOUR_YELLOW="\033[1;35m" + +COLOUR_BOLD="\033[1;39m" +COLOUR_DOWN=${COLOUR_RED} +COLOUR_ERROR=${COLOUR_RED} +COLOUR_OK=${COLOUR_GREEN} +COLOUR_UP=${COLOUR_GREEN} +COLOUR_WARN=${COLOUR_YELLOW} + +COLOUR_ENABLED=${COLOUR_GREEN} +COLOUR_DISABLED=${COLOUR_RED} + +COLOUR_STP_FORWARDING=${COLOUR_GREEN} +COLOUR_STP_DISCARDING=${COLOUR_RED} +COLOUR_STP_LEARNING=${COLOUR_YELLOW} +COLOUR_STP_BLOCKING=${COLOUR_YELLOW} + +function colours_disable() { + local line + for line in $(set | grep "^COLOUR_"); do + unset ${line%%=*} + done +} + +function colours_auto_disable() { + if [ "${TERM}" = "dumb" ]; then + colours_disable + fi +} diff --git a/pkgs/core/network/src/functions.constants b/pkgs/core/network/src/functions.constants new file mode 100644 index 0000000..75ad577 --- /dev/null +++ b/pkgs/core/network/src/functions.constants @@ -0,0 +1,72 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +# Enable colors by default +COLOURS="auto" + +BASE_DIR=/lib/network +CONFIG_DIR=/etc/network +HOOKS_DIR=${BASE_DIR}/hooks +LOG_DIR=/var/log/network +RUN_DIR=/var/run/network +ZONE_DIR=${CONFIG_DIR} + +RED_RUN=${RUN_DIR}/red +PPP_SECRETS=/etc/ppp/secrets + +CONFIG_FILE=${CONFIG_DIR}/network_config +CONFIG_FILE_PARAMS="COLOURS DEBUG SHELL TIMEOUT_RESTART" + +RED_DB_DIR=${RUN_DIR}/red + +DB_CONNECTION_FILE="${LOG_DIR}/connections.db" + +# Proper error codes +EXIT_OK=0 +EXIT_ERROR=1 +EXIT_CONF_ERROR=2 +EXIT_ERROR_ASSERT=3 # XXX needs check + +STATUS_UP=0 +STATUS_DOWN=1 +STATUS_NOCARRIER=2 + +STATUS_TEXT[${STATUS_UP}]="UP" +STATUS_TEXT[${STATUS_DOWN}]="DOWN" +STATUS_TEXT[${STATUS_NOCARRIER}]="NO CARRIER" + +STATUS_COLOUR[${STATUS_UP}]=${COLOUR_GREEN} +STATUS_COLOUR[${STATUS_DOWN}]=${COLOUR_RED} +STATUS_COLOUR[${STATUS_NOCARRIER}]=${COLOUR_YELLOW} + +DISCOVER_OK=0 +DISCOVER_ERROR=1 +DISCOVER_NOT_SUPPORTED=2 + +# The user is able to create zones that begin with these names +VALID_ZONES="green orange red grey" + +SYS_CLASS_NET="/sys/class/net" + +# Timeout values +TIMEOUT_RESTART=2 + +DEVICE_PRINT_LINE1=" %-20s %s\n" diff --git a/pkgs/core/network/src/functions.db b/pkgs/core/network/src/functions.db new file mode 100644 index 0000000..23e0e35 --- /dev/null +++ b/pkgs/core/network/src/functions.db @@ -0,0 +1,113 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +function db_connection_init() { + if [ -e "${DB_CONNECTION_FILE}" ]; then + return ${EXIT_OK} + fi + + log DEBUG "Creating connection database ${DB_CONNECTION_FILE}." + + sqlite3 -batch ${DB_CONNECTION_FILE} <<EOF +CREATE TABLE log( + id INTEGER PRIMARY KEY AUTOINCREMENT, + zone TEXT, + time INTEGER, + state TEXT +); + +CREATE VIEW current as + SELECT zone, time, state FROM log GROUP BY zone; + +EOF +} + +function db_connection_update() { + local zone=${1} + local action=${2} + shift 2 + + db_connection_init + + log DEBUG "Writing connection to database: zone=${zone} action=${action}." + + sqlite3 -batch ${DB_CONNECTION_FILE} <<EOF +INSERT INTO log(zone, time, state) + VALUES('${zone}', strftime('%s', 'now', 'utc'), '${action}'); +EOF +} + +function db_ppp_init() { + local file=${1} + + if [ -e "${file}" ]; then + return ${EXIT_OK} + fi + + log DEBUG "Creating ppp database ${file}." + + sqlite3 -batch ${file} <<EOF +CREATE TABLE accounting( + id INTEGER PRIMARY KEY AUTOINCREMENT, + time INTEGER, + duration INTEGER, + rcvd INTEGER, + sent INTEGER +); +EOF +} + +function db_ppp_update() { + local zone=${1} + shift + + local rcvd + local sent + local duration + + while [ $# -gt 0 ]; do + case "${1}" in + --rcvd=*) + rcvd=${1#--rcvd=} + ;; + --sent=*) + sent=${1#--sent=} + ;; + --duration=*) + duration=${1#--duration=} + ;; + esac + shift + done + + local file="${LOG_DIR}/ppp_${zone}.db" + + db_ppp_init ${file} + + local time=$(( $(date -u +"%s") - ${duration} )) + + log DEBUG "Writing accounting data: time=${time} duration=${duration} rcvd=${rcvd} sent=${sent}." + + sqlite3 -batch ${file} <<EOF +INSERT INTO accounting(time, duration, rcvd, sent) + VALUES('${time}', '${duration}', '${rcvd}', '${sent}'); +EOF +} diff --git a/pkgs/core/network/src/functions.device b/pkgs/core/network/src/functions.device new file mode 100644 index 0000000..70346c4 --- /dev/null +++ b/pkgs/core/network/src/functions.device @@ -0,0 +1,582 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +function devicify() { + local device=${1} + + assert isset device + + if device_exists ${device}; then + echo "${device}" + return ${EXIT_OK} + fi + + local d + for d in $(devices_get_all); do + if [ "$(device_get_address ${d})" = "${device}" ]; then + echo "${d}" + return ${EXIT_OK} + fi + done + + return ${EXIT_ERROR} +} + +function macify() { + local device=${1} + + assert isset device + + if mac_is_valid ${device}; then + echo "${device}" + return ${EXIT_OK} + fi + + if device_exists ${device}; then + device_get_address ${device} + return ${EXIT_OK} + fi + + return ${EXIT_ERROR} +} + +# Check if the device exists +function device_exists() { + local device=${1} + + # If device name was not found, exit. + [ -n "${device}" ] || return ${EXIT_ERROR} + + [ -d "${SYS_CLASS_NET}/${device}" ] +} + +# Check if the device is up +function device_is_up() { + local device=${1} + + device_exists ${device} || return ${EXIT_ERROR} + + ip link show ${device} 2>/dev/null | grep -qE "<.*UP.*>" +} + +# Check if the device is a bonding device +function device_is_bonding() { + [ -d "/sys/class/net/${1}/bonding" ] +} + +# Check if the device bonded in a bonding device +function device_is_bonded() { + local device=${1} + + [ -d "${SYS_CLASS_NET}/${device}/master" ] +} + +# Check if the device is a bridge +function device_is_bridge() { + [ -d "/sys/class/net/${1}/bridge" ] +} + +function device_is_bridge_attached() { + local device=${1} + + [ -d "${SYS_CLASS_NET}/${device}/brport" ] +} + +# Check if the device is a virtual device +function device_is_virtual() { + local device=${1} + + [ -e "/proc/net/vlan/${device}" ] +} + +# Check if the device has virtual devices +function device_has_virtuals() { + local device=${1} + + if device_is_virtual ${device}; then + return 1 + fi + + if [ ! -e "/proc/net/vlan/config" ]; then + return 1 + fi + grep -q "${1}$" /proc/net/vlan/config +} + +function device_is_vlan() { # XXX Compat function + log DEBUG "Deprecated function device_is_vlan() was used." + + device_is_virtual $@ +} + +# Check if the device is a ppp device +function device_is_ppp() { + local device=${1} + + ip link show ${device} 2>/dev/null | grep -qE "<.*POINTOPOINT.*>" +} + +# Check if the device is a loopback device +function device_is_loopback() { + local device=$(devicify ${1}) + [ "${device}" = "lo" ] +} + +# Check if the device is a physical network interface +function device_is_real() { + local device=${1} + + device_is_loopback ${device} && \ + return ${EXIT_ERROR} + + device_is_bonding ${device} && \ + return ${EXIT_ERROR} + + device_is_bridge ${device} && \ + return ${EXIT_ERROR} + + device_is_ppp ${device} && \ + return ${EXIT_ERROR} + + device_is_virtual ${device} && \ + return ${EXIT_ERROR} + + return ${EXIT_OK} +} + +# Get the device type +function device_get_type() { + local device=$(devicify ${1}) + + if device_is_vlan ${device}; then + echo "vlan" + + elif device_is_bonding ${device}; then + echo "bonding" + + elif device_is_bridge ${device}; then + echo "bridge" + + elif device_is_ppp ${device}; then + echo "ppp" + + elif device_is_loopback ${device}; then + echo "loopback" + + elif device_is_real ${device}; then + echo "real" + + else + echo "unknown" + fi +} + +function device_get_status() { + local device=${1} + + assert isset device + + local status=${STATUS_UNKNOWN} + + if ! device_has_carrier ${device}; then + status=${STATUS_NOCARRIER} + elif device_is_up ${device}; then + status=${STATUS_UP} + elif device_is_down ${device}; then + status=${STATUS_DOWN} + fi + + assert isset status + + echo "${status}" +} + +function device_get_address() { + local device=${1} + + cat ${SYS_CLASS_NET}/${device}/address 2>/dev/null +} + +function device_set_address() { + local device=${1} + local addr=${2} + + if ! device_exists ${device}; then + error "Device '${device}' does not exist." + return ${EXIT_ERROR} + fi + + log INFO "Setting address of '${device}' to '${addr}' - was $(device_get_address ${device})." + + local up + if device_is_up ${device}; then + device_set_down ${device} + up=1 + fi + + ip link set ${device} address ${addr} + local ret=$? + + if [ "${up}" = "1" ]; then + device_set_up ${device} + fi + + if [ "${ret}" != "0" ]; then + error_log "Could not set address '${addr}' on device '${device}'." + fi + + return ${ret} +} + +function device_get() { + local from_config + + while [ $# -gt 0 ]; do + case "${1}" in + --from-config) + from_config=1 + ;; + --no-config) + from_config=0 + ;; + esac + shift + done + + local devices + + if [ "${from_config}" != "0" ]; then + devices="${devices} $(device_config_list)" + fi + + if [ "${from_config}" != "1" ]; then + local device + for device in ${SYS_CLASS_NET}/*; do + devices="${devices} $(basename ${device})" + done + fi + + echo ${devices} + return ${EXIT_OK} +} + +function devices_get_all() { + device_get +} + +# Check if a device has a cable plugged in +function device_has_carrier() { + local device=$(devicify ${1}) + [ "$(<${SYS_CLASS_NET}/${device}/carrier)" = "1" ] +} + +function device_is_promisc() { + local device=${1} + + ip link show ${device} | grep -qE "<.*PROMISC.*>" +} + +# Check if the device is free +function device_is_free() { + ! device_is_used $@ +} + +# Check if the device is used +function device_is_used() { + local device=$(devicify ${1}) + + device_has_virtuals ${device} && \ + return ${EXIT_OK} + device_is_bonded ${device} && \ + return ${EXIT_OK} + device_is_bridge_attached ${device} && \ + return ${EXIT_OK} + + return ${EXIT_ERROR} +} + +# XXX to be removed I think +function device_get_free() { + local destination=${1} + + # Replace + by a valid number + if grep -q "+$" <<<${destination}; then + local number=0 + destination=$(sed -e "s/+//" <<<$destination) + while [ "${number}" -le "100" ]; do + if ! device_exists "${destination}${number}"; then + destination="${destination}${number}" + break + fi + number=$(($number + 1)) + done + fi + echo "${destination}" +} + +function device_rename() { + warning_log "Called deprecated function 'device_rename'" + + device_set_name $@ +} + +function device_hash() { + local device=${1} + + # Get mac address of device and remove all colons (:) + # that will result in a hash. + device=$(macify ${device}) + + echo "${device//:/}" +} + +# Give the device a new name +function device_set_name() { + local source=$1 + local destination=$(device_get_free ${2}) + + # Check if devices exists + if ! device_exists ${source} || device_exists ${destination}; then + return 4 + fi + + local up + if device_is_up ${source}; then + ip link set ${source} down + up=1 + fi + + ip link set ${source} name ${destination} + + if [ "${up}" = "1" ]; then + ip link set ${destination} up + fi +} + +# Set device up +function device_set_up() { + local device=$(devicify ${1}) + + # Silently fail if device was not found + [ -z "${device}" ] && return ${EXIT_ERROR} + + # Do nothing if device is already up + device_is_up ${device} && return ${EXIT_OK} + + device_set_parent_up ${device} + + log DEBUG "Setting up device '${device}'" + + ip link set ${device} up +} + +function device_set_parent_up() { + local device=${1} + local parent + + if device_is_virtual ${device}; then + parent=$(device_virtual_get_parent ${device}) + + device_is_up ${parent} && return ${EXIT_OK} + + log DEBUG "Setting up parent device '${parent}' of '${device}'" + + device_set_up ${parent} + return $? + fi + + return ${EXIT_OK} +} + +# Set device down +function device_set_down() { + local device=$(devicify ${1}) + + local ret=${EXIT_OK} + + if device_is_up ${device}; then + log DEBUG "Tearing down device '${device}'" + + ip link set ${device} down + ret=$? + fi + + device_set_parent_down ${device} + + return ${ret} +} + +function device_set_parent_down() { + local device=${1} + local parent + + if device_is_virtual ${device}; then + parent=$(device_virtual_get_parent ${device}) + + device_is_up ${parent} || return ${EXIT_OK} + + if device_is_free ${parent}; then + log DEBUG "Tearing down parent device '${parent}' of '${device}'" + + device_set_down ${parent} + fi + fi + + return ${EXIT_OK} +} + +function device_get_mtu() { + local device=${1} + + if ! device_exists ${device}; then + error "Device '${device}' does not exist." + return ${EXIT_ERROR} + fi + + echo $(<${SYS_CLASS_NET}/${device}/mtu) +} + +# Set mtu to a device +function device_set_mtu() { + local device=${1} + local mtu=${2} + + if ! device_exists ${device}; then + error "Device '${device}' does not exist." + return ${EXIT_ERROR} + fi + + local oldmtu=$(device_get_mtu ${device}) + + if [ "${oldmtu}" = "${mtu}" ]; then + # No need to set mtu. + return ${EXIT_OK} + fi + + log INFO "Setting mtu of '${device}' to '${mtu}' - was ${oldmtu}." + + local up + if device_is_up ${device}; then + device_set_down ${device} + up=1 + fi + + ip link set ${device} mtu ${mtu} + local ret=$? + + if [ "${up}" = "1" ]; then + device_set_up ${device} + fi + + if [ "${ret}" != "0" ]; then + error_log "Could not set mtu '${mtu}' on device '${device}'." + fi + + return ${ret} +} + +function device_discover() { + local device=${1} + + log INFO "Running discovery process on device '${device}'." + + local hook + for hook in $(hook_zone_get_all); do + hook_zone_exec ${hook} discover ${device} + done +} + +function device_has_ipv4() { + local device=${1} + local addr=${2} + + if ! device_exists ${device}; then + error "Device '${device}' does not exist." + return ${EXIT_ERROR} + fi + + ip addr show ${device} | grep -q -e "inet " -e "${addr}" +} + +function device_has_ipv6() { + local device=${1} + local addr=${2} + + if ! device_exists ${device}; then + error "Device '${device}' does not exist." + return ${EXIT_ERROR} + fi + + local prefix=${addr##*/} + addr=$(ipv6_implode ${addr%%/*}) + + if [ -n "${prefix}" ]; then + addr="${addr}/${prefix}" + fi + + ip addr show ${device} | grep -q "inet6 ${addr}" +} + +function __device_get_file() { + local device=${1} + local file=${2} + + assert isset device + assert isset file + + cat ${SYS_CLASS_NET}/${device}/${file} +} + +function device_get_rx_bytes() { + local device=${1} + + __device_get_file ${device} statistics/rx_bytes +} + +function device_get_tx_bytes() { + local device=${1} + + __device_get_file ${device} statistics/tx_bytes +} + +function device_get_rx_packets() { + local device=${1} + + __device_get_file ${device} statistics/rx_packets +} + +function device_get_tx_packets() { + local device=${1} + + __device_get_file ${device} statistics/tx_packets +} + +function device_get_rx_errors() { + local device=${1} + + __device_get_file ${device} statistics/rx_errors +} + +function device_get_tx_errors() { + local device=${1} + + __device_get_file ${device} statistics/tx_errors +} diff --git a/pkgs/core/network/src/functions.ethernet b/pkgs/core/network/src/functions.ethernet new file mode 100644 index 0000000..f0bfbc0 --- /dev/null +++ b/pkgs/core/network/src/functions.ethernet @@ -0,0 +1,15 @@ +#!/bin/bash +# XXX header missing + +function ethernet_device_print() { + local device=${1} + + printf "${DEVICE_PRINT_LINE1}" "Address:" "$(device_get_address ${device})" + printf "${DEVICE_PRINT_LINE1}" "MTU:" "$(device_get_mtu ${device})" +} + +function real_device_print() { + warning_log "Deprecated function called: real_device_print" + + ethernet_device_print $@ +} diff --git a/pkgs/core/network/src/functions.events b/pkgs/core/network/src/functions.events new file mode 100644 index 0000000..7ba44e8 --- /dev/null +++ b/pkgs/core/network/src/functions.events @@ -0,0 +1,29 @@ +#!/bin/bash + +function event_emit() { + local event=${1} + shift + + log DEBUG "Emitting event '${event}' ($@)" + + initctl emit ${event} $@ +} + +function event_firewall_reload() { + event_emit firewall-reload +} + +function event_interface_up() { + local iface=${1} + + event_emit network-interface-up IFACE=${iface} + + # XXX Just for now + routing_default_update +} + +function event_interface_down() { + local iface=${1} + + event_emit network-interface-down IFACE=${iface} +} diff --git a/pkgs/core/network/src/functions.hook b/pkgs/core/network/src/functions.hook new file mode 100644 index 0000000..d193266 --- /dev/null +++ b/pkgs/core/network/src/functions.hook @@ -0,0 +1,211 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +function hook_dir() { + local type=${1} + + if [ -n "${type}" ]; then + type="/${type}s" + fi + + echo "${HOOKS_DIR}${type}" +} + +function hook_exists() { + local type=${1} + local hook=${2} + + assert isset type + assert isset hook + + local hook_dir=$(hook_dir ${type}) + + [ -d "${hook_dir}/${hook}" ] && return ${EXIT_ERROR} + + [ -x "${hook_dir}/${hook}" ] +} + +function hook_exec() { + local type=${1} + local hook=${2} + shift 2 + + assert isset type + assert isset hook + + if ! hook_exists ${type} ${hook}; then + error "Hook '${hook}' does not exist." + return ${EXIT_ERROR} + fi + + exec_cmd $(hook_dir ${type})/${hook} $@ +} + +function config_get_hook() { + local config=${1} + + assert isset config + assert [ -e "${config}" ] + + ( + . ${config} + echo "${HOOK}" + ) +} + +## Wrappers around the hook functions for zones + +function hook_zone_exists() { + hook_exists zone $@ +} + +function hook_zone_port_exists() { + local hook_zone=${1} + local hook_port=${2} + + hook_zone_exists ${hook_zone} || return ${EXIT_ERROR} + + [ -x "$(hook_dir zone)/${hook_zone}.ports/${hook_port}" ] +} + +function hook_zone_config_exists() { + local hook_zone=${1} + local hook_config=${2} + + hook_zone_exists ${hook_zone} || return ${EXIT_ERROR} + + [ -x "$(hook_dir zone)/${hook_zone}.configs/${hook_config}" ] +} + +function hook_zone_has_ports() { + local hook=${1} + + [ -d "$(hook_dir zone)/${hook}.ports" ] +} + +function hook_zone_port_exists() { + : # XXX WANTED +} + +function hook_zone_has_configs() { + local hook=${1} + + [ -d "$(hook_dir zone)/${hook}.configs" ] +} + +function hook_zone_exec() { + hook_exec zone $@ +} + +function hook_zone_port_exec() { + local hook_zone=${1} + local hook_port=${2} + shift 2 + + if ! hook_exists zone ${hook_zone}; then + error "Hook '${hook_zone}' does not exist." + return ${EXIT_ERROR} + fi + + if ! hook_zone_port_exists ${hook_zone} ${hook_port}; then + error "Port hook '${hook_port}' does not exist." + return ${EXIT_ERROR} + fi + + exec_cmd $(hook_dir zone)/${hook_zone}.ports/${hook_port} $@ +} + +function hook_zone_config_exec() { + local hook_zone=${1} + local hook_config=${2} + shift 2 + + assert isset hook_zone + assert isset hook_config + + if ! hook_zone_exists ${hook_zone}; then + error "Hook '${hook_zone}' does not exist." + return ${EXIT_ERROR} + fi + + if ! hook_zone_config_exists ${hook_zone} ${hook_config}; then + error "Config hook '${hook_config}' does not exist." + return ${EXIT_ERROR} + fi + + exec_cmd $(hook_dir zone)/${hook_zone}.configs/${hook_config} $@ +} + +function hook_zone_get_all() { + local type=${1} + + local hook + for hook in $(hook_dir zone)/*; do + hook=$(basename ${hook}) + hook_zone_exists ${hook} && echo "${hook}" + done +} + +function hook_zone_ports_get_all() { + local hook=${1} + + if ! hook_exists zone ${hook}; then + error "Hook '${hook}' does not exist." + return ${EXIT_ERROR} + fi + + # If the zone hook has got no ports we exit silently + if ! hook_zone_has_ports ${hook}; then + return ${EXIT_OK} + fi + + local h + for h in $(hook_dir zone)/${hook}.ports/*; do + h=$(basename ${h}) + if hook_zone_port_exists ${hook} ${h}; then + echo "${h}" + fi + done +} + +function hook_zone_configs_get_all() { + local hook=${1} + + if ! hook_exists zone ${hook}; then + error "Hook '${hook}' does not exist." + return ${EXIT_ERROR} + fi + + # If the zone hook has got no configurations we exit silently + if ! hook_zone_has_configs ${hook}; then + return ${EXIT_OK} + fi + + local h + for h in $(hook_dir zone)/${hook}.configs/*; do + h=$(basename ${h}) + if hook_zone_config_exists ${hook} ${h}; then + echo "${h}" + fi + done + + return ${EXIT_OK} +} diff --git a/pkgs/core/network/src/functions.ipv6 b/pkgs/core/network/src/functions.ipv6 new file mode 100644 index 0000000..4932184 --- /dev/null +++ b/pkgs/core/network/src/functions.ipv6 @@ -0,0 +1,229 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +function ipv6_device_autoconf_enable() { + local device=${1} + + if ! device_exists ${device}; then + error "Device '${device}' does not exist." + return ${EXIT_ERROR} + fi + + echo 1 > /proc/sys/net/ipv6/conf/${device}/autoconf +} + +function ipv6_device_autoconf_disable() { + local device=${1} + + if ! device_exists ${device}; then + error "Device '${device}' does not exist." + return ${EXIT_ERROR} + fi + + echo 0 > /proc/sys/net/ipv6/conf/${device}/autoconf +} + +function ipv6_is_valid() { + local address=${1} + + # Check length + [ ${#address} -gt 39 ] && return ${EXIT_ERROR} + + # XXX find :: twice? + # XXX check for documentation prefix? + + # Check for bad characters + local char + for char in 0 1 2 3 4 5 6 7 8 9 a b c d e f :; do + address=${address//${char}/} + done + [ -n "${address}" ] && return ${EXIT_ERROR} + + return ${EXIT_OK} +} + +function ipv6_implode() { + local address=${1} + + if ! ipv6_is_valid ${address}; then + error "IPv6 address is invalid: ${address}" + return ${EXIT_ERROR} + fi + + # Make proper address in exploded format + address=$(ipv6_explode ${address}) + + local block + local char + local i + + local address_new + local block_new + + for block in ${address//:/\ }; do + block_new= + for i in $(seq 0 ${#block}); do + char="${block:${i}:1}" + + [ -z "${char}" ] && continue + + if [ -z "${block_new}" ] && [ "${char}" = "0" ]; then + continue + fi + + block_new="${block_new}${char}" + done + + [ -z "${block_new}" ] && block_new="0" + + address_new="${address_new}:${block_new}" + done + + # Cut first colon (:) + address="${address_new:1:${#address_new}}" + + local match + local matches=() + local pattern + local pos_start + local pos_next + for pos_start in $(seq 0 ${#address}); do + matches["${pos_start}"]=0 + + for pos_next in $(seq ${pos_start} 2 ${#address}); do + case "${pos_start}" in + 0) + match="${address:${pos_next}:2}" + pattern="0:" + ;; + *) + match="${address:${pos_next}:2}" + pattern=":0" + ;; + esac + + [ -z "${match}" ] && continue + + if [ "${match}" = "${pattern}" ]; then + matches[${pos_start}]=$(( matches[${pos_start}] + 1)) + else + break + fi + done + done + + local pos_best + local pos_best_val=0 + for i in $(seq 0 ${#matches[@]}); do + [ -z "${matches[${i}]}" ] && continue + + if [ ${matches[${i}]} -gt ${pos_best_val} ]; then + pos_best=${i} + pos_best_val=${matches[${i}]} + fi + done + + if [ -n "${pos_best}" ]; then + address_new="${address:0:${pos_best}}::" + + local pos_end=$(( ${pos_best_val} * 2 + ${pos_best} + 1)) + + if [ "${pos_best}" = "0" ]; then + pos_end=$(( ${pos_end} - 1 )) + fi + + address="${address_new}${address:${pos_end}:${#address}}" + fi + + assert ipv6_is_valid ${address} + + echo "${address}" +} + +function ipv6_explode() { + local address=${1} + + if [ ${#address} -eq 39 ]; then + echo "${address}" + return ${EXIT_OK} + fi + + address=${address//::/:X:} + + local block + local block_count=0 + local block_id + local block_max=8 + local blocks=() + + for block in ${address//:/\ }; do + blocks[${block_count}]=${block} + + block_count=$(( ${block_count} + 1 )) + done + + if [ ${#blocks[@]} -lt ${block_max} ]; then + for block_id in $(seq ${#blocks[@]} -1 0); do + block=${blocks[${block_id}]} + + [ -z "${block}" ] && continue + + if [ "${block}" = "X" ]; then + blocks[${block_id}]="0000" + break + fi + + blocks[$(( ${block_max} - ${block_count} + ${block_id} ))]=${block} + blocks[${block_id}]="0000" + done + fi + + for block_id in $(seq 0 ${#blocks[@]}); do + block=${blocks[${block_id}]} + + [ -z "${block}" ] && block="0000" + + while [ "${#block}" -lt 4 ]; do + block="0${block}" + done + + blocks[${block_id}]=${block} + done + + address= + for block in ${blocks[@]}; do + address="${address}:${block}" + done + address=${address:1:39} + + assert ipv6_is_valid ${address} + + echo "${address}" +} + +function ipv6_hash() { + local address=${1} + + # Explode address + address=$(ipv6_explode ${address}) + + echo "${address//:/}" +} diff --git a/pkgs/core/network/src/functions.logging b/pkgs/core/network/src/functions.logging new file mode 100644 index 0000000..db5c8ef --- /dev/null +++ b/pkgs/core/network/src/functions.logging @@ -0,0 +1,21 @@ +#!/bin/bash + +LOG_FACILITY="network" +LOG_LEVEL="DEBUG" + +function log() { + local level=${1} + shift + local message="$@" + + if [ -z "${DEBUG}" ] && [ "${level}" = "DEBUG" ]; then + return + fi + + # Set a prefix if we are in a hook. + if [ -n "${HOOK}" ]; then + message="${HOOK}: ${message}" + fi + + logger -t ${LOG_FACILITY} "${message}" +} diff --git a/pkgs/core/network/src/functions.ports b/pkgs/core/network/src/functions.ports new file mode 100644 index 0000000..d0d7dee --- /dev/null +++ b/pkgs/core/network/src/functions.ports @@ -0,0 +1,144 @@ +#!/bin/bash +# XXX header missing + +function port_dir() { + echo "${CONFIG_DIR}/ports" +} + +function port_file() { + local port=${1} + + assert isset port + + echo "$(port_dir)/${port}" +} + +function port_exists() { + local port=${1} + + [ -f "${CONFIG_DIR}/ports/${port}" ] +} + +function port_get_hook() { + local port=${1} + + assert isset port + + config_get_hook $(port_file ${port}) +} + +function port_is_attached() { + local port=${1} + shift + + assert isset port + + local zone + for zone in $(zones_get_all); do + + assert isset zone + assert zone_exists ${zone} + + if listmatch ${port} $(zone_get_ports ${zone}); then + echo "${zone}" + return ${EXIT_OK} + fi + done + + return ${EXIT_ERROR} +} + +function port_create() { + #local port=${1} + #shift + # + #if port_exists ${port}; then + # error "Port '${port}' does already exist." + # return ${EXIT_ERROR} + #fi + + local hook=${1} + shift + + if ! hook_exists port ${hook}; then + error "Port hook '${hook}' does not exist." + return ${EXIT_ERROR} + fi + + #port_edit ${port} ${hook} $@ + # + #if [ $? -ne ${EXIT_OK} ]; then + # port_destroy ${port} + #fi + + hook_exec port ${hook} create $@ +} + +function port_destroy() { + local port=${1} + + assert isset port + + port_exists ${port} || return ${EXIT_OK} + + local attached_zone=$(port_is_attached ${port}) + + if [ -n "${attached_zone}" ]; then + error "Cannot destroy port '${port}' which is attached to zone '${attached_zone}'." + return ${EXIT_ERROR} + fi + + port_down ${port} + + rm -f $(port_file ${port}) +} + +function port_remove() { + port_destroy $@ +} + +function port_edit() { + port_cmd edit $@ +} + +# XXX? Compatibility function +function port_show() { + port_status $@ +} + +function port_up() { + port_cmd up $@ +} + +function port_down() { + port_cmd down $@ +} + +function port_status() { + port_cmd status $@ +} + +function port_cmd() { + local cmd=${1} + local port=${2} + shift 2 + + assert isset cmd + assert isset port + + local hook=$(port_get_hook ${port}) + + assert isset hook + + hook_exec port ${hook} ${cmd} ${port} $@ +} + +function ports_get() { + local port + for port in $(port_dir)/*; do + port=$(basename ${port}) + if port_exists ${port}; then + echo "${port}" + fi + done +} diff --git a/pkgs/core/network/src/functions.ppp b/pkgs/core/network/src/functions.ppp index 7598f0b..c1c5dae 100644 --- a/pkgs/core/network/src/functions.ppp +++ b/pkgs/core/network/src/functions.ppp @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2009 Michael Tremer & Christian Schmidt # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -19,26 +19,61 @@ # # ###############################################################################
-RED_RUN=/var/run/network/red -PPP_SECRETS=/etc/ppp/secrets +function ppp_init() { + mkdir -p /var/run/ppp 2>/dev/null +}
-function ppp_pre_up() { - # Load the ppp_generic module if not already done - grep -q ^ppp_generic /proc/modules || modprobe ppp_generic +function ppp_common_ip_pre_up() { + local zone=${1} + shift
- connection --starting --zone=${zone} -} + if ! zone_exists ${zone}; then + error "Zone '${zone}' does not exist." + return ${EXIT_ERROR} + fi
-function ppp_post_up() { - : #connection --up --zone=${zone} + red_db_from_ppp ${zone} + + # Request firewall reload + event_firewall_reload + + return ${EXIT_OK} }
-function ppp_pre_down() { - connection --stopping --zone=${zone} +function ppp_common_ip_up() { + local zone=${1} + shift + + if ! zone_exists ${zone}; then + error "Zone '${zone}' does not exist." + return ${EXIT_ERROR} + fi + + red_db_set ${zone} active 1 + red_routing_update ${zone} + + # Emit interface-up event + event_interface_up ${zone} + + return ${EXIT_OK} }
-function ppp_post_down() { - : #connection --down --zone=${zone} +function ppp_common_ip_down() { + local zone=${1} + shift + + if ! zone_exists ${zone}; then + error "Zone '${zone}' does not exist." + return ${EXIT_ERROR} + fi + + # Save accounting information + ppp_accounting ${zone} + + # Emit interface-up event + event_interface_down ${zone} + + return ${EXIT_OK} }
function ppp_secret() { @@ -60,51 +95,18 @@ function ppp_secret() { rm -f ${PPP_SECRETS}.tmp }
-function ppp_stat() { - local name=${1} - local time=${2} - local rcvd=${3} - local sent=${4} - - local file="${LOG_DIR}/ppp_${name}.db" - if ! [ -e "${file}" ]; then - sqlite3 -batch ${file} <<EOF -CREATE TABLE connections(date, duration, rcvd, sent); -EOF - fi - ppp_stat_init ${file} +function ppp_accounting() { + local zone=${1} + shift
- sqlite3 -batch ${file} <<EOF -INSERT INTO connections(date, duration, rcvd, sent) VALUES('$(date -u '+%s')', '${time}', '${rcvd}', '${sent}'); -EOF + db_ppp_update ${zone} --duration="${CONNECT_TIME}" \ + --rcvd="${BYTES_RCVD}" --sent="${BYTES_SENT}" }
-function ppp_linkname_get() { - local config=${1} - ( - . ${config} - echo "${LINKNAME}" - ) -} +function pppd_exec() { + ppp_init
-function red_defaultroute_update() { - local command="ip route replace default" - - for uplink in ${RED_RUN}/*; do - [ -d "${uplink}" ] || continue - - # Skip if no gateway given - [ -e "${uplink}/gateway" ] || continue - - command="${command} nexthop via $(<${uplink}/gateway)" - if [ -e "${uplink}/weight" ]; then - command="${command} weight $(<${uplink}/weight)" - fi - done - $command - ip route flush cache -} + log DEBUG "Running pppd with parameters '$@'."
-function red_dns_update() { - : # XXX todo + pppd $@ > /dev/null } diff --git a/pkgs/core/network/src/functions.red b/pkgs/core/network/src/functions.red new file mode 100644 index 0000000..849e6a0 --- /dev/null +++ b/pkgs/core/network/src/functions.red @@ -0,0 +1,97 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +function red_db_path() { + local zone=${1} + + echo "${RED_DB_DIR}/${zone}" +} + +function red_db_exists() { + local zone=${1} + + [ -d "$(red_db_path ${zone})" ] +} + +function red_db_create() { + local zone=${1} + + red_db_exists ${zone} && return ${EXIT_OK} + + mkdir -p $(red_db_path ${zone}) +} + +function red_db_remove() { + local zone=${1} + + [ -z "${zone}" ] && return ${EXIT_ERROR} + + rm -rf ${RED_DB_DIR} +} + +function red_db_set() { + local zone=${1} + local parameter=${2} + shift 2 + + local value="$@" + + red_db_create ${zone} + + echo "${value}" > $(red_db_path ${zone})/${parameter} +} + +function red_db_get() { + local zone=${1} + local parameter=${2} + shift 2 + + cat $(red_db_path ${zone})/${parameter} 2>/dev/null +} + +function red_db_from_ppp() { + local zone=${1} + + # Save ppp configuration + red_db_set ${zone} type "ppp" + red_db_set ${zone} local-ip-address ${PPP_IPLOCAL} + red_db_set ${zone} remote-ip-address ${PPP_IPREMOTE} + + red_db_set ${zone} dns ${PPP_DNS1} ${PPP_DNS2} + + red_db_set ${zone} remote-address ${PPP_MACREMOTE,,} +} + +function red_routing_update() { + local zone=${1} + + local table=${zone} + + # Create routing table if not exists + routing_table_create ${table} + + local remote_ip_address=$(red_db_get ${zone} remote-ip-address) + local local_ip_address=$(red_db_get ${zone} local-ip-address) + + ip route replace table ${table} default nexthop via ${remote_ip_address} + + ip rule add from ${local_ip_address} lookup ${table} +} diff --git a/pkgs/core/network/src/functions.routing b/pkgs/core/network/src/functions.routing new file mode 100644 index 0000000..1733ede --- /dev/null +++ b/pkgs/core/network/src/functions.routing @@ -0,0 +1,90 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +function routing_has_default() { + ip route | grep -q "^default" +} + +function routing_default_update() { + local zone + local routes + + local gateway + local weight + + log INFO "Updating default route." + + for zone in $(zones_get_nonlocal); do + # Skip if zone is not up + red_db_exists ${zone} || continue + + if [ "$(red_db_get ${zone} active)" = "1" ]; then + gateway=$(red_db_get ${zone} remote-ip-address) + weight=$(red_db_get ${zone} weight) + + routes="${routes} nexthop via ${gateway}" + + if [ -n "${weight}" ]; then + routes="${routes} weight ${weight}" + fi + else + log DEBUG "Ignoring zone '${zone}' which is not active." + fi + done + + if [ -z "${routes}" ]; then + if routing_has_default; then + ip route del default + fi + return ${EXIT_OK} + fi + + ip route replace default ${routes} +} + +function routing_table_exists() { + local zone=${1} + + grep -q "${zone}$" < /etc/iproute2/rt_tables +} + +function routing_table_create() { + local zone=${1} + + if ! zone_is_nonlocal ${zone}; then + error_log "Can only create routing tables for non-local zones." + return ${EXIT_ERROR} + fi + + if routing_table_exists ${zone}; then + return ${EXIT_OK} + fi + + log INFO "Creating routing table for zone '${zone}'" + + local id=$(( ${zone#red} + 1 )) + + echo "${id} ${zone}" >> /etc/iproute2/rt_tables +} + +function routing_table_remove() { + : # XXX do we need this? +} diff --git a/pkgs/core/network/src/functions.stp b/pkgs/core/network/src/functions.stp new file mode 100644 index 0000000..3474f09 --- /dev/null +++ b/pkgs/core/network/src/functions.stp @@ -0,0 +1,253 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +# XXX Very slow thing, caching? +function __rstpctl_cmd() { + local command=$@ + + local line + local key + local val + + rstpctl ${command} | \ + sed -e "s/\t\t\t/\n/g" \ + -e "s/^ //g" \ + -e "s/\t\s*/___/g" | \ + while read line; do + [ "${line}" = "${line/___/_}" ] && continue + + key=${line%%___*} + key=${key// /_} + key=${key^^} + + val=${line#*___} + + echo "${key}="${val}"" + done +} + +function __rstpctl_showbridge_get() { + local bridge=${1} + local param=${2^^} + + local line + for line in $(__rstpctl_cmd showbridge ${bridge}); do + if [ "${line%%=*}" = "${param}" ]; then + line="${line##*=}" + echo "${line//"/}" + return ${EXIT_OK} + fi + done + + return ${EXIT_ERROR} +} + +function __rstpctl_showportdetail_get() { + local bridge=${1} + local port=${2} + local param=${3^^} + + local line + for line in $(__rstpctl_cmd showportdetail ${bridge} ${port}); do + if [ "${line%%=*}" = "${param}" ]; then + line="${line##*=}" + echo "${line//"/}" + return ${EXIT_OK} + fi + done + + return ${EXIT_ERROR} +} + +function __rstp_port_enabled() { + local bridge=${1} + local port=${2} + + local status=$(__rstpctl_showportdetail_get ${bridge} ${port} enabled) + + if [ "${status}" = "yes" ]; then + return ${EXIT_OK} + fi + + return ${EXIT_ERROR} +} + +function __rstp_port_state() { + local bridge=${1} + local port=${2} + + local output=$(__rstpctl_showportdetail_get ${bridge} ${port} state) + echo "${output^^}" +} + +function __rstp_port_pathcost() { + local bridge=${1} + local port=${2} + + __rstpctl_showportdetail_get ${bridge} ${port} path_cost +} + +function __rstp_port_designated_root() { + local bridge=${1} + local port=${2} + + __rstpctl_showportdetail_get ${bridge} ${port} designated_root +} + +function __rstp_port_designated_bridge() { + local bridge=${1} + local port=${2} + + __rstpctl_showportdetail_get ${bridge} ${port} designated_bridge +} + +function __rstp_topology_change() { + local bridge=${1} + + local state=$(__rstpctl_showbridge_get ${bridge} topology_change) + + case "${state}" in + yes) + echo "${state}" + return ${EXIT_OK} + ;; + no) + echo "${state}" + return ${EXIT_ERROR} + ;; + esac +} + +function __rstp_topology_change_count() { + local bridge=${1} + + # XXX typo in rstpctl -> toplogy + __rstpctl_showbridge_get ${bridge} toplogy_change_count +} + +function __rstp_topology_change_time() { + local bridge=${1} + + __rstpctl_showbridge_get ${bridge} time_since_topology_change +} + +function __rstp_bridge_id() { + local bridge=${1} + + local id=$(__rstpctl_showbridge_get ${bridge} bridge_id) + id=${id:5:12} + + mac_format "${id}" +} + +function __rstp_designated_root() { + local bridge=${1} + + local root=$(__rstpctl_showbridge_get ${bridge} designated_root) + root=${root:5:12} + + mac_format "${root}" +} + +function __rstp_pathcost() { + local bridge=${1} + + __rstpctl_showbridge_get ${bridge} path_cost +} + +function __stp_port_enabled() { + : # XXX TBD +} + +function __stp_port_state() { + : # XXX TBD +} + +function __stp_port_pathcost() { + : # XXX TBD +} + +function __stp_port_designated_root() { + : # XXX TBD +} + +function __stp_port_designated_bridge() { + : # XXX TBD +} + +function stp_port_enabled() { + __stp_wrapper port_enabled $@ +} + +function stp_port_state() { + __stp_wrapper port_state $@ +} + +function stp_port_pathcost() { + __stp_wrapper port_pathcost $@ +} + +function stp_port_designated_root() { + local root=$(__stp_wrapper port_designated_root $@) + + # Cut prefix 8000. and format mac + root="${root:5:12}" + mac_format "${root}" +} + +function stp_port_designated_bridge() { + __stp_wrapper port_designated_bridge $@ +} + +function stp_topology_change() { + __stp_wrapper topology_change $@ +} + +function stp_topology_change_count() { + __stp_wrapper topology_change_count $@ +} + +function stp_topology_change_time() { + __stp_wrapper topology_change_time $@ +} + +function stp_bridge_id() { + __stp_wrapper bridge_id $@ +} + +function stp_designated_root() { + __stp_wrapper designated_root $@ +} + +function stp_pathcost() { + __stp_wrapper pathcost $@ +} + +function __stp_wrapper() { + local func=${1} + shift + + # XXX we will detect what kind of protocol the + # bridge is running and process the correct funtions + local proto_version="rstp" + + __${proto_version}_${func} $@ +} diff --git a/pkgs/core/network/src/functions.util b/pkgs/core/network/src/functions.util new file mode 100644 index 0000000..1163634 --- /dev/null +++ b/pkgs/core/network/src/functions.util @@ -0,0 +1,378 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +# Print a pretty error message +function error() { + echo -e " ${COLOUR_ERROR}ERROR${COLOUR_NORMAL} : $@" >&2 +} + +function error_log() { + error "$@" + log ERROR "$@" +} + +# Print a pretty warn message +function warning() { + echo -e " ${COLOUR_WARN}WARNING${COLOUR_NORMAL}: $@" >&2 +} + +function warning_log() { + warning "$@" + log WARNING "$@" +} + +# This function does not exist because we cannot use /usr/bin/sort. +# It implements some kind of bubble sort which is generally very slow +# but we only have to sort very small data. +function listsort() { + local list=($@) + local list_prev + + local i + local j + local var + while [ "${list[*]}" != "${list_prev}" ]; do + list_prev="${list[*]}" + for j in $(seq 1 ${#list[*]}); do + [ ${j} -ge ${#list[*]} ] && continue + i=$(( ${j} - 1 )) + if [[ "${list[${j}]}" < "${list[${i}]}" ]]; then + var="${list[${i}]}" + list[${i}]="${list[${j}]}" + list[${j}]="${var}" + fi + done + done + + echo "${list[*]}" +} + +function listmatch() { + local match=${1} + shift + + assert isset match + + local i + for i in $@; do + [ "${match}" = "${i}" ] && return ${EXIT_OK} + done + + return ${EXIT_ERROR} +} + +function listlength() { + local length=0 + + local i + for i in $@; do + length=$(( ${length} + 1 )) + done + + echo "${length}" +} + +function config_read() { + local config_file=${1} + + if [ -e "${config_file}" ]; then + . ${config_file} + config_check + fi +} + +function config_write() { + local config_file=${1} + shift + + # Check if all values to be written are sane + config_check + + log DEBUG "Writing configuration file ${config_file}." + + > ${config_file} + + local param + for param in $(listsort $@); do + echo "${param}="${!param}"" >> ${config_file} + done +} + +function config_print() { + local param + + for param in $(listsort $@); do + printf "%-16s = %s\n" "${param}" "${!param}" + done +} + +function config_check() { + # If there is a function defined that is called __check + # we call that function + [ -n "$(type -t _check)" ] && _check +} + +function network_config_set() { + while [ $# -gt 0 ]; do + case "${1}" in + *=*) + log INFO "Setting configuration option '${1}'". + eval ${1} + ;; + *) + warning "Invalid parameter given: ${1}" + ;; + esac + shift + done + + # Write configuration to disk + network_config_write +} + +function network_config_read() { + config_read ${CONFIG_FILE} +} + +function network_config_write() { + config_write ${CONFIG_FILE} ${CONFIG_FILE_PARAMS} +} + +function network_config_print() { + config_print ${CONFIG_FILE_PARAMS} +} + +# Speedup function to avoid a call of the basename binary +function basename() { + echo "${1##*/}" +} + +function enabled() { + local param=${1} + + [ "${!param}" = "yes" ] || [ "${!param}" = "on" ] || [ "${!param}" = "1" ] +} + +function mac_generate() { + local mac=() + for i in $(seq 0 5); do + mac[i]="$(uuid)" + mac[i]="0x${mac[i]:0:2}" + done + + # Remove multicast bit + # and set address is software assigned + # XXX must doublecheck if this works + mac[0]=$((mac[0] & 0xfe)) + mac[0]=$((mac[0] | 0x02)) + + local output + for i in ${mac[*]}; do + if [ -n "${output}" ]; then + output="${output}:" + fi + + output="${output}$(printf "%02x" ${i})" + done + + # Check if output is valid + assert mac_is_valid ${output} + + echo ${output} +} + +function mac_format() { + local mac=${1} + + local output + + if [ "${#mac}" = "12" ]; then + # Add colons (:) to mac address + output=${mac:0:2} + local i + for i in 2 4 6 8 10; do + output="${output}:${mac:${i}:2}" + done + fi + + assert mac_is_valid ${output} + + echo "${output}" +} + +function mac_is_valid() { + local mac=${1} + + [[ ${mac} =~ ^([0-9a-f]{2}:){5}[0-9a-f]{2}$ ]] +} + +function uuid() { + echo $(</proc/sys/kernel/random/uuid) +} + +function isset() { + local var=${1} + + [ -n "${!var}" ] +} + +# XXX Nearly same as listmatch +function isoneof() { + local var=${!1} + shift + + for i in $@; do + [ "${var}" = "${i}" ] && return ${EXIT_OK} + done + + return ${EXIT_ERROR} +} + +function isbool() { + local var=${1} + + isoneof ${var} 0 1 no yes on off +} + +function isinteger() { + local var=${!1} + + [[ ${var} =~ ^[0-9]+$ ]] +} + +function ismac() { + local mac=${!1} + + mac_is_valid ${mac} +} + +function backtrace() { + local start=1 + + echo # Empty line + error_log "Backtrace (most recent call in first line):" + + local i + for i in $(seq ${start} ${#BASH_SOURCE[*]}); do + [ -z "${FUNCNAME[${i}]}" ] && continue + [ "${FUNCNAME[${i}]}" == "main" ] && continue + + error_log " $(printf "%20s" "'${FUNCNAME[${i}]}'") called from ${BASH_SOURCE[$(( ${i} + 1 ))]}:${BASH_LINENO[${i}]}" + done +} + +function assert() { + local assertion="$@" + + if ! ${assertion}; then + error_log "Assertion '${assertion}' failed." + backtrace + exit ${EXIT_ERROR} + fi + + return ${EXIT_OK} +} + +function exec_cmd() { + local cmd=$@ + + log DEBUG "Running command: ${cmd}" + + ${SHELL} ${cmd} + local ret=$? + + #log DEBUG "Returned with code '${ret}'" + + if [ ${ret} -eq ${EXIT_ERROR_ASSERT} ]; then + error_log "Stopping parent process due to assertion error in child process: ${cmd}" + exit ${EXIT_ERROR_ASSERT} + fi + + return ${ret} +} + +function uppercase() { + local input + read input + echo "${input^^}" +} + +function lowercase() { + local input + read input + echo "${input,,}" +} + +function seq() { + if [ $# -eq 2 ]; then + eval echo {${1}..${2}} + elif [ $# -eq 3 ]; then + eval echo {${1}..${3}..${2}} + fi +} + +function beautify_time() { + local value=${1} + + local unit + local limit + for unit in s m h d w; do + case "${unit}" in + s|m|h) + limit=60 + ;; + d) + limit=24 + ;; + w) + limit=7 + ;; + esac + + [ ${value} -lt ${limit} ] && break + + value=$(( ${value} / ${limit} )) + done + + echo "${value}${unit}" +} + +function beautify_bytes() { + local value=${1} + + local unit + local limit=1024 + for unit in B k M G T; do + [ ${value} -lt ${limit} ] && break + value=$(( ${value} / ${limit} )) + done + + echo "${value}${unit}" +} + +function module_load() { + local module=${1} + + if ! grep -q "^${module}" /proc/modules; then + log DEBUG "Loading module '${module}'." + modprobe ${module} + fi +} diff --git a/pkgs/core/network/src/functions.virtual b/pkgs/core/network/src/functions.virtual new file mode 100644 index 0000000..9d35e4e --- /dev/null +++ b/pkgs/core/network/src/functions.virtual @@ -0,0 +1,192 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +function virtual_init() { + module_load 8021q +} + +init_register virtual_init + +function device_create_virtual() { + log WARN "Called deprecated function device_create_virtual" + device_virtual_create $@ +} + +function virtual_create() { + local port=$(devicify ${1}) + local vid=${2} + local mac=${3} + local newport=${port}v${vid} + + if [ -z "${mac}" ]; then + mac=$(mac_generate) + fi + + log INFO "Creating virtual device '${newport}' with address '${mac}'." + + local oldport=$(virtual_get_by_parent_and_vid ${port} ${vid}) + + if device_exists ${oldport}; then + local differences + + if [ "${oldport}" != "${newport}" ]; then + differences="${differences} name" + fi + if [ "$(device_get_address ${oldport})" != "${mac}" ]; then + differences="${differences} address" + fi + + echo "differences: $differences" + + if [ -n "${differences}" ]; then + if device_is_used ${oldport}; then + error_log "There was a device '${oldport}' set up with VID '${vid}' and parent '${port}' which is used somewhere else. Cannot go on." + return ${EXIT_ERROR} + else + log DEBUG "There is a device '${oldport}' but it not used, so we grab it to ourselves." + fi + else + log DEBUG "Device '${newport}' already exists and reflects our configuration. Go on." + + device_set_up ${oldport} + return ${EXIT_OK} + fi + + else + log DEBUG "Virtual device '${newport}' does not exist, yet." + + vconfig set_name_type DEV_PLUS_VID_NO_PAD >/dev/null + vconfig add ${port} ${vid} >/dev/null + + if [ $? -ne ${EXIT_OK} ]; then + error_log "Could not create virtual device '${newport}'." + return ${EXIT_ERROR} + fi + + oldport=$(virtual_get_by_parent_and_vid ${port} ${vid}) + + fi + + assert device_exists ${oldport} + + if ! device_exists ${oldport}; then + error "Could not determine the created virtual device '${newport}'." + return ${EXIT_ERROR} + fi + + # The device is expected to be named like ${port}.${vid} + # and will be renamed to the virtual schema + device_set_name ${oldport} ${newport} + + if [ $? -ne ${EXIT_OK} ]; then + error_log "Could not set name of virtual device '${newport}'." + return ${EXIT_ERROR} + fi + + assert device_exists ${newport} + + # Setting new mac address + device_set_address ${newport} ${mac} + + if [ $? -ne ${EXIT_OK} ]; then + error_log "Could not set address '${mac}' to virtual device '${newport}'." + return ${EXIT_ERROR} + fi + + # Bring up the new device + device_set_up ${newport} + + return ${EXIT_OK} +} + +function virtual_remove() { + local device=$(devicify ${1}) + + log INFO "Removing virtual device '${device}' with address '$(macify ${device})'." + + device_set_down ${device} + + vconfig rem ${device} >/dev/null + + if [ $? -ne ${EXIT_OK} ]; then + error_log "Could not remote virtual device '${newport}'." + return ${EXIT_ERROR} + fi + + return ${EXIT_OK} +} + +function virtual_get_parent() { + local device=${1} + + local parent=$(grep "^${device}" < /proc/net/vlan/config | awk '{ print $NF }') + + if device_exists ${parent}; then + echo "${parent}" + return ${EXIT_OK} + fi + + return ${EXIT_ERROR} +} + +function virtual_get_by_parent_and_vid() { + local parent=${1} + local vid=${2} + + assert isset parent + assert isset vid + + local v_port + local v_id + local v_parent + + assert [ -e "/proc/net/vlan/config" ] + + fgrep '|' < /proc/net/vlan/config | tr -d '|' | \ + while read v_port v_id v_parent; do + if [ "${v_parent}" = "${parent}" ] && [ "${v_id}" = "${vid}" ]; then + echo "${v_port}" + return ${EXIT_OK} + fi + done + + return ${EXIT_ERROR} +} + +function device_virtual_create() { + log WARN "Called deprecated function device_virtual_create" + virtual_create $@ +} + +function device_virtual_remove() { + log WARN "Called deprecated function device_virtual_remove" + virtual_remove $@ +} + +function device_virtual_get_parent() { + log WARN "Called deprecated function device_virtual_get_parent" + virtual_get_parent $@ +} + +function device_virtual_get_by_parent_and_vid() { + log WARN "Called deprecated function device_virtual_get_by_parent_and_vid" + virtual_get_by_parent_and_vid $@ +} diff --git a/pkgs/core/network/src/functions.zone b/pkgs/core/network/src/functions.zone new file mode 100644 index 0000000..770ce99 --- /dev/null +++ b/pkgs/core/network/src/functions.zone @@ -0,0 +1,645 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +function zone_dir() { + local zone=${1} + + #assert isset zone + + echo "${ZONE_DIR}/zones/${zone}" +} + +function zone_exists() { + local zone=${1} + + assert isset zone + + [ -d "$(zone_dir ${zone})" ] +} + +function zone_match() { + local match + + local i + for i in ${VALID_ZONES}; do + match="${match}|${i}[0-9]{1,5}" + done + + echo "${match:1:${#match}}" +} + +function zone_name_is_valid() { + local zone=${1} + + assert isset zone + + [[ ${zone} =~ $(zone_match) ]] +} + +function zone_is_local() { + local zone=${1} + + ! zone_is_nonlocal ${zone} +} + +function zone_is_nonlocal() { + local zone=${1} + + assert isset zone + + [[ ${zone} =~ ^red[0-9]{1,5} ]] +} + +function zone_get_hook() { + local zone=${1} + + assert isset zone + + config_get_hook $(zone_dir ${zone})/settings +} + +function zone_create() { + local zone=${1} + local hook=${2} + shift 2 + + if ! zone_name_is_valid ${zone}; then + error "Zone name '${zone}' is not valid." + return ${EXIT_ERROR} + fi + + if zone_exists ${zone}; then + error "Zone '${zone}' does already exist." + return ${EXIT_ERROR} + fi + + if ! hook_zone_exists ${hook}; then + error "Hook '${hook}' does not exist." + return ${EXIT_ERROR} + fi + + mkdir -p $(zone_dir ${zone}) + + # Create directories for configs and ports + mkdir -p $(zone_dir ${zone})/{configs,ports} + + hook_zone_exec ${hook} create ${zone} $@ + local ret=$? + + # Maybe the zone create hook did not exit correctly. + # If this is the case we remove the created zone immediately. + if [ "${ret}" = "${EXIT_ERROR}" ]; then + zone_remove ${zone} + fi +} + +function zone_edit() { + local zone=${1} + shift + + if ! zone_exists ${zone}; then + error "Zone '${zone}' does not exist." + return ${EXIT_ERROR} + fi + + local hook=$(config_get_hook $(zone_dir ${zone})/settings) + + if [ -z "${hook}" ]; then + error "Config file did not provide any hook." + return ${EXIT_ERROR} + fi + + if ! hook_zone_exists ${hook}; then + error "Hook '${hook}' does not exist." + return ${EXIT_ERROR} + fi + + hook_zone_exec ${hook} edit ${zone} $@ +} + +function zone_remove() { + local zone=${1} + shift + + if ! zone_exists ${zone}; then + error "Zone '${zone}' does not exist." + return ${EXIT_ERROR} + fi + + # XXX Tear this down here? + + rm -rf $(zone_dir ${zone}) +} + +function zone_up() { + local zone=${1} + shift + + if ! zone_exists ${zone}; then + error "Zone '${zone}' does not exist." + return ${EXIT_ERROR} + fi + + local hook=$(config_get_hook $(zone_dir ${zone})/settings) + + if [ -z "${hook}" ]; then + error "Config file did not provide any hook." + return ${EXIT_ERROR} + fi + + if ! hook_zone_exists ${hook}; then + error "Hook '${hook}' does not exist." + return ${EXIT_ERROR} + fi + + zone_db ${zone} starting + + hook_zone_exec ${hook} up ${zone} $@ + + zone_db ${zone} started +} + +function zone_down() { + local zone=${1} + shift + + if ! zone_exists ${zone}; then + error "Zone '${zone}' does not exist." + return ${EXIT_ERROR} + fi + + local hook=$(config_get_hook $(zone_dir ${zone})/settings) + + if [ -z "${hook}" ]; then + error "Config file did not provide any hook." + return ${EXIT_ERROR} + fi + + if ! hook_zone_exists ${hook}; then + error "Hook '${hook}' does not exist." + return ${EXIT_ERROR} + fi + + zone_db ${zone} stopping + + hook_zone_exec ${hook} down ${zone} $@ + + zone_db ${zone} stopped +} + +function zone_status() { + local zone=${1} + shift + + if ! zone_exists ${zone}; then + error "Zone '${zone}' does not exist." + return ${EXIT_ERROR} + fi + + local hook=$(config_get_hook $(zone_dir ${zone})/settings) + + if [ -z "${hook}" ]; then + error "Config file did not provide any hook." + return ${EXIT_ERROR} + fi + + if ! hook_zone_exists ${hook}; then + error "Hook '${hook}' does not exist." + return ${EXIT_ERROR} + fi + + hook_zone_exec ${hook} status ${zone} $@ +} + +function zone_port() { + local zone=${1} + local action=${2} + shift 2 + + assert isset zone + assert isset action + assert zone_exists ${zone} + + # Aliases + case "${action}" in + del|delete|remove) + action="rem" + ;; + esac + + case "${action}" in + add|edit|rem) + zone_port_${action} ${zone} $@ + ;; + *) + error "Unrecognized argument: ${action}" + cli_usage root-zone-port-subcommands + exit ${EXIT_ERROR} + ;; + esac +} + +function zone_port_add() { + local zone=${1} + shift + + assert isset zone + + local hook=$(zone_get_hook ${zone}) + + assert isset hook + + hook_zone_exec ${hook} port_add ${zone} $@ +} + +function zone_port_edit() { + zone_port_cmd edit $@ +} + +function zone_port_rem() { + zone_port_cmd rem $@ +} + +function zone_port_cmd() { + local cmd=${1} + local zone=${2} + local port=${3} + shift 3 + + assert isset zone + assert isset port + + local hook_zone=$(zone_get_hook ${zone}) + local hook_port=$(port_get_hook ${port}) + + assert isset hook_zone + assert isset hook_port + + assert hook_zone_port_exists ${hook_zone} ${hook_port} + + hook_zone_port_exec ${hook_zone} ${hook_port} ${cmd} ${zone} ${port} $@ +} + +function zone_port_up() { + zone_port_cmd up $@ +} + +function zone_port_down() { + zone_port_cmd down $@ +} + +function zone_get_ports() { + local zone=${1} + + assert isset zone + + local port + for port in $(zone_dir ${zone})/ports/*; do + port=$(basename ${port}) + + if port_exists ${port}; then + echo "${port}" + fi + done +} + +# XXX overwritten some lines below +function zone_config() { + local zone=${1} + shift + + if ! zone_exists ${zone}; then + error "Zone '${zone}' does not exist." + return ${EXIT_ERROR} + fi + + local hook=$(config_get_hook $(zone_dir ${zone})/settings) + + if [ -z "${hook}" ]; then + error "Config file did not provide any hook." + return ${EXIT_ERROR} + fi + + if ! hook_zone_exists ${hook}; then + error "Hook '${hook}' does not exist." + return ${EXIT_ERROR} + fi + + hook_zone_exec ${hook} config ${zone} $@ +} + +function zone_config() { + local zone=${1} + local action=${2} + shift 2 + + assert isset zone + assert isset action + assert zone_exists ${zone} + + # Aliases + case "${action}" in + del|delete|remove) + action="rem" + ;; + esac + + case "${action}" in + create|edit|rem) + zone_config_${action} ${zone} $@ + ;; + *) + error "Unrecognized argument: ${action}" + cli_usage root-zone-config-subcommands + exit ${EXIT_ERROR} + ;; + esac +} + +function zone_config_create() { + local zone=${1} + shift + + assert isset zone + + local hook=$(zone_get_hook ${zone}) + + assert isset hook + + hook_zone_exec ${hook} config_create ${zone} $@ +} + +function zone_show() { + local zone=${1} + + echo "${zone}" + echo " Type: $(zone_get_hook ${zone})" + echo +} + +function zones_show() { + local zone + + for zone in $(zones_get $@); do + zone_show ${zone} + done +} + +function zones_get_all() { + local zone + for zone in $(zone_dir)/*; do + zone=$(basename ${zone}) + zone_exists ${zone} || continue + + echo "${zone}" + done +} + +function zones_get_local() { + local zone + for zone in $(zones_get_all); do + zone_is_local ${zone} && echo "${zone}" + done +} + +function zones_get_nonlocal() { + local zone + for zone in $(zones_get_all); do + zone_is_nonlocal ${zone} && echo "${zone}" + done +} + +function zones_get() { + local local=1 + local remote=1 + + local zones + + while [ $# -gt 0 ]; do + case "${1}" in + --local-only) + local=1 + remote=0 + ;; + --remote-only) + local=0 + remote=1 + ;; + --all) + local=1 + remote=1 + ;; + *) + if zone_name_is_valid ${1}; then + zones="${zones} ${1}" + else + warning "Unrecognized argument '${1}'" + fi + ;; + esac + shift + done + + if [ -n "${zones}" ]; then + local zone + for zone in ${zones}; do + zone_exists ${zone} && echo "${zone}" + done + exit ${EXIT_OK} + fi + + if [ ${local} -eq 1 ] && [ ${remote} -eq 1 ]; then + zones_get_all + elif [ ${local} -eq 1 ]; then + zones_get_local + elif [ ${remote} -eq 1 ]; then + zones_get_nonlocal + fi +} + +function zone_ports_list() { + local zone=${1} + + local port + for port in $(zone_dir ${zone})/ports/*; do + [ -e "${port}" ] || continue + + echo $(basename ${port}) + done +} + +function zone_ports_cmd() { + local cmd=${1} + local zone=${2} + shift 2 + + assert isset cmd + assert isset zone + + assert zone_exists ${zone} + + local hook=$(zone_get_hook ${zone}) + + local port + for port in $(zone_get_ports ${zone}); do + #zone_port_cmd ${cmd} ${zone} ${port} $@ + hook_zone_exec ${hook} ${cmd} ${zone} ${port} $@ + done +} + +function zone_ports_up() { + zone_ports_cmd port_up $@ +} + +function zone_ports_down() { + zone_ports_cmd port_down $@ +} + +function zone_ports_status() { + zone_ports_cmd port_status $@ +} + +function zone_configs_list() { + local zone=${1} + + local config + for config in $(zone_dir ${zone})/configs/*; do + [ -e "${config}" ] || continue + + echo $(basename ${config}) + done +} + +function zone_configs_cmd() { + local cmd=${1} + local zone=${2} + shift 2 + + local hook_zone=$(config_get_hook $(zone_dir ${zone})/settings) + + local hook_config + local config + for config in $(zone_configs_list ${zone}); do + hook_config=$(config_get_hook $(zone_dir ${zone})/configs/${config}) + + hook_zone_config_exec ${hook_zone} ${hook_config} ${cmd} ${zone} ${config} $@ + done +} + +function zone_configs_up() { + zone_configs_cmd up $@ +} + +function zone_configs_down() { + zone_configs_cmd down $@ +} + +function zone_configs_status() { + zone_configs_cmd config_status $@ +} + +function zone_has_ipv4() { + device_has_ipv4 $@ +} + +function zone_has_ipv6() { + device_has_ipv6 $@ +} + +function zone_db() { + local zone=${1} + local action=${2} + shift 2 + + case "${action}" in + starting|started|stopping|stopped) + db_connection_update ${zone} ${action} + ;; + esac +} + +function zone_is_up() { + local zone=${1} + + device_is_up ${zone} +} + +function zone_is_down() { + ! zone_is_up $@ +} + +function zone_get_supported_port_hooks() { + local zone=${1} + + local hook=$(zone_get_hook ${zone}) + + hook_zone_ports_get_all ${hook} +} + +function zone_get_supported_config_hooks() { + local zone=${1} + + local hook=$(zone_get_hook ${zone}) + + hook_zone_configs_get_all ${hook} +} + +function zone_file() { + local zone=${1} + + assert isset zone + + echo "$(zone_dir ${zone})/settings" +} + +function zone_config_read() { + local zone=${1} + + assert isset zone + + config_read $(zone_file ${zone}) +} + +function zone_config_write() { + local zone=${1} + + assert isset zone + + config_write $(zone_file ${zone}) ${HOOK_SETTINGS} +} + +function zone_config_set() { + local zone=${1} + shift + local args="$@" + + assert isset zone + + ( + zone_config_read ${zone} + + for arg in ${args}; do + eval "${arg}" + done + + zone_config_write ${zone} + ) +} diff --git a/pkgs/core/network/src/header-config b/pkgs/core/network/src/header-config new file mode 100644 index 0000000..47e9921 --- /dev/null +++ b/pkgs/core/network/src/header-config @@ -0,0 +1,49 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +. /lib/network/functions + +HOOK=$(basename ${0}) + +while [ $# -gt 0 ]; do + case "${1}" in + -*) + error "Unrecognized option: ${1}" + exit ${EXIT_ERROR} + ;; + *) + action=${1} + ;; + esac + shift + [ -n "${action}" ] && break +done + +function run() { + case "${action}" in + edit|create|rem|up|down|status) + _${action} $@ + ;; + esac + + error "Config hook '${HOOK}' didn't exit properly." + exit ${EXIT_ERROR} +} diff --git a/pkgs/core/network/src/header-port b/pkgs/core/network/src/header-port new file mode 100644 index 0000000..d06b2e1 --- /dev/null +++ b/pkgs/core/network/src/header-port @@ -0,0 +1,49 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +. /lib/network/functions + +HOOK=$(basename ${0}) + +while [ $# -gt 0 ]; do + case "${1}" in + -*) + error "Unrecognized option: ${1}" + exit ${EXIT_ERROR} + ;; + *) + action=${1} + ;; + esac + shift + [ -n "${action}" ] && break +done + +function run() { + case "${action}" in + edit|add|create|rem|up|down|status) + _${action} $@ + ;; + esac + + error "Port hook '${HOOK}' didn't exit properly." + exit ${EXIT_ERROR} +} diff --git a/pkgs/core/network/src/header-zone b/pkgs/core/network/src/header-zone new file mode 100644 index 0000000..9407c97 --- /dev/null +++ b/pkgs/core/network/src/header-zone @@ -0,0 +1,334 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### +# +# Notes: +# - All functions in this scope must start with an underline (_) to not +# conflict with any functions that were defined somewhere else. +# + +. /lib/network/functions + +HOOK=$(basename ${0}) + +while [ $# -gt 0 ]; do + case "${1}" in + -*) + error "Unrecognized option: ${1}" + exit ${EXIT_ERROR} + ;; + *) + action=${1} + ;; + esac + shift + + # If action argument was given, we will exit. + [ -n "${action}" ] && break +done + +# _notimplemented +# Returns a soft error if a function was not implemented, yet. +# +function _notimplemented() { + warning "'$@' was not implemented." + exit ${EXIT_CONF_ERROR} +} + +function _info() { + echo "HOOK="${HOOK}"" +} + +function _create() { + local zone=${1} + shift + + config_read $(zone_dir ${zone})/settings + + _parse_cmdline $@ + + config_write $(zone_dir ${zone})/settings ${HOOK_SETTINGS} + + exit ${EXIT_OK} +} + +function _edit() { + _create $@ +} + +function _rem() { + _notimplemented _rem +} + +function _status() { + local zone=${1} + + if device_is_up ${zone}; then + exit ${STATUS_UP} + fi + + exit ${STATUS_DOWN} +} + +function _up() { + _notimplemented _up +} + +function _down() { + _notimplemented _down +} + +function _discover() { + # This hook does not support a discovery + exit ${DISCOVER_NOT_SUPPORTED} +} + +# Do nothing +function _parse_cmdline() { + return ${EXIT_OK} +} + +function _port() { + local zone=${1} + local action=${2} + shift 2 + + local ret + + case "${action}" in + add|create|edit|rem|show) + _port_${action} ${zone} $@ + ret=$? + ;; + *) + error "Unrecognized argument: '${action}'" + exit ${EXIT_ERROR} + ;; + esac + + exit ${ret} +} + +function _port_add() { + _port_cmd add $@ +} + +function _port_edit() { + _port_cmd edit $@ +} + +function _port_rem() { + _port_cmd rem $@ +} + +function _port_show() { + _notimplemented _port_show +} + +function _port_status() { + _port_cmd status $@ +} + +function _port_cmd() { + local cmd=${1} + local zone=${2} + local port=${3} + shift 3 + + assert isset cmd + assert isset zone + assert isset port + + local hook_zone=$(zone_get_hook ${zone}) + local hook_port=$(port_get_hook ${port}) + + assert isset hook_zone + assert isset hook_port + + if ! listmatch ${hook_port} $(zone_get_supported_port_hooks ${zone}); then + error_log "Zone '${zone}' does not support port of type '${hook_port}'." + exit ${EXIT_ERROR} + fi + + hook_zone_port_exec ${hook_zone} ${hook_port} ${cmd} ${zone} ${port} $@ + + exit $? +} + +function _port_up() { + _port_cmd up $@ +} + +function _port_down() { + _port_cmd down $@ +} + +function _config() { + local zone=${1} + local action=${2} + shift 2 + + local ret + + case "${action}" in + create|edit|rem|show) + _config_${action} ${zone} $@ + ret=$? + ;; + *) + error "Unrecognized argument: '${action}'" + exit ${EXIT_ERROR} + ;; + esac + + exit ${ret} +} + +# This function is not a public one +function __configcmd() { + local cmd=${1} + local zone=${2} + local hook_config=${3} + shift 3 + + local hook_zone=$(zone_get_hook ${zone}) + + if ! hook_zone_exists ${hook_zone}; then + error "Hook '${hook}' does not exist." + exit ${EXIT_ERROR} + fi + + if ! hook_config_exists ${hook_zone} ${hook_config}; then + error "Hook '${hook_config}' is not supported for zone '${zone}'." + exit ${EXIT_ERROR} + fi + + hook_zone_config_exec ${hook_zone} ${hook_config} ${cmd} ${zone} $@ +} + +function _config_create() { + local zone=${1} + local hook_config=${2} + shift 2 + + assert isset zone + assert isset hook_config + assert zone_exists ${zone} + + if ! listmatch ${hook_config} $(zone_get_supported_config_hooks ${zone}); then + error_log "Zone '${zone}' does not support configuration of type '${hook_config}'." + exit ${EXIT_ERROR} + fi + + local hook_zone=$(zone_get_hook ${zone}) + assert isset hook_zone + + hook_zone_config_exec ${hook_zone} ${hook_config} create ${zone} $@ + + exit $? +} + +function _config_edit() { + __configcmd edit $@ +} + +function _config_rem() { + _notimplemented _config_rem +} + +function _config_show() { + _notimplemented _config_show +} + +function _ppp-ip-pre-up() { + local zone=${1} + shift + + if ! zone_exists ${zone}; then + error "Zone '${zone}' does not exist." + exit ${EXIT_ERROR} + fi + + ppp_common_ip_pre_up ${zone} $@ + + exit $? +} + +function _ppp-ip-up() { + local zone=${1} + shift + + if ! zone_exists ${zone}; then + error "Zone '${zone}' does not exist." + exit ${EXIT_ERROR} + fi + + ppp_common_ip_up ${zone} $@ + + exit $? +} + +function _ppp-ip-down() { + local zone=${1} + shift + + if ! zone_exists ${zone}; then + error "Zone '${zone}' does not exist." + exit ${EXIT_ERROR} + fi + + ppp_common_ip_down ${zone} $@ + + exit $? +} + +function run() { + # Replace all dashes by an underscore + #action=${action//-/_} + + case "${action}" in + # Main functions + create|discover|down|edit|info|rem|status|up) + _${action} $@ + ;; + + # Port callbacks + port_add|port_rem|port_up|port_down|port_status) + _${action} $@ + ;; + + # Configuration callbacks + config_create) + _${action} $@ + ;; + + # ppp daemon callbacks + ppp-ip-pre-up|ppp-ip-up|ppp-ip-down) + _${action} $@ + ;; + + *) + error "Unknown action: ${action}" + ;; + esac + + error "Hook did not exit properly." + exit ${EXIT_ERROR} +} diff --git a/pkgs/core/network/src/hook-header b/pkgs/core/network/src/hook-header deleted file mode 100644 index b2693b8..0000000 --- a/pkgs/core/network/src/hook-header +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh - -. /etc/init/functions -. /lib/network/functions - -INDENT=" " - -HOOK_PRIO=100 - -# Parse the command line -action= -port= -zone= - -while [ $# -gt 0 ]; do - case "${1}" in - --zone=*) - zone=${1#--zone=} - ;; - --config=*) - . ${1#--config=} - ;; - --port=*) - port=${1#--port=} - ;; - -*) - log_failure_msg "Unrecognized option: ${1}" - exit ${EXIT_ERROR} - ;; - *) - action=${1} - shift - break - ;; - esac - shift -done - diff --git a/pkgs/core/network/src/hooks/README b/pkgs/core/network/src/hooks/README deleted file mode 100644 index 09ca230..0000000 --- a/pkgs/core/network/src/hooks/README +++ /dev/null @@ -1,86 +0,0 @@ -HOOKS README - -A hook is file that can configure a specific network connection (e.g. ethernet) -or protocol (e.g. ipv4-static). - -They are expandable and standalone. Means, when you call a file, you will -run it and pass some options and an action to it. - - /lib/network/hooks/HOOOK [options] <action> [options to action] - -There are two types of hooks: - zone - These hooks applies to a zone and does configuration on it. - Mainly, it configures the IP protocol or something else. - - port - These hooks add ports to zones. - -DEFINES: - So, to know what type of hook this is, we have to define some variables - in the header of the file. - - HOOK_NAME - The name of the hook. This is normally the file name. - - HOOK_TYPE - zone or port. See section above. - - -INLCUDES: - These files get included in the header. - - /lib/lsb/init-functions - For pretty messages - - /lib/network/functions - Our networking funktions. - - -OPTIONS: - Options have at least to be for zone file: - - --config=CONFIG - Includes the given config file CONFIG. - If there is an error when loading the config file or the parameters are - wrong or invalid, the script will pass an error with code ${EXIT_CONF_ERROR}! - - --port=PORT - Takes a port (either as device (eth0) or as mac (00:11:22:33:44:55)). - - --zone=ZONE - Takes the name of a zone. - - -ACTION: - Actions that always have to be defined: - help - Gives the user a short help how to use the command and its arguments. - - info - Gives some information about the hook (mainly for internal use of the scripts). - See below. - - status - Gives information if the hook is active or not. - - config - This is the command that creates the configuration for each hook. - It will accept some more arguments in the command line - and return either ${EXIT_OK} or ${EXIT_ERROR}. - - Actions that have to be defined for a zone hook: - pre-up - This gets runned before the zone gets up. - - pre-down. - This is runned before the zone is set down. - - post-up - After setting up the zone, this command will be executed. - - post-down - After the zone has vanished, this part of the script is called. - - All these actions will return ${EXIT_OK} when everything went fine. - If not, they will return ${EXIT_ERROR}. diff --git a/pkgs/core/network/src/hooks/bonding b/pkgs/core/network/src/hooks/bonding deleted file mode 100755 index 03f0a70..0000000 --- a/pkgs/core/network/src/hooks/bonding +++ /dev/null @@ -1,177 +0,0 @@ -#!/bin/sh -######################################################################## -# Begin $NETWORK_DEVICES/services/bonding -# -# Description : Bonding Script -# -# Authors : Michael Tremer - michael.tremer@ipfire.org -# -# Version : 00.00 -# -# Notes : This script adds bonding support. -# -######################################################################## - -. /lib/network/hook-header - -HOOK_NAME=bonding -HOOK_TYPE=port -HOOK_PRIO=50 - -DEFAULT_MODE= - -function port_name() { - echo "${zone}t+" -} - -case "${action}" in - help) - ;; - - info) - echo "HOOK_NAME=${HOOK_NAME}" - echo "HOOK_TYPE=${HOOK_TYPE}" - ;; - - pre-up) - if ! grep -q ^bonding /proc/modules; then - modprobe bonding - echo "-bond0" > /sys/class/net/bonding_masters - fi - - if device_exists ${MAC}; then - device=$(devicify ${MAC}) - if ! device_is_bonding ${device}; then - log_failure_msg "Device "${device}" is up, but not a bonding device." - exit ${EXIT_ERR} - fi - exit ${EXIT_OK} - fi - - device=$(device_get_free $(port_name)) - echo "+${device}" > /sys/class/net/bonding_masters - ip link set ${device} address ${MAC} - - [ -n "${MODE}" ] && \ - echo "${MODE}" > /sys/class/net/${device}/bonding/mode - - echo "${MIIMON-100}" > /sys/class/net/${device}/bonding/miimon - - for slave in ${SLAVES}; do - if device_exists ${slave}; then - if device_is_up ${slave}; then - log_warning_msg "Cannot enslave device "${slave}"." - continue - fi - device_rename "$(devicify ${slave})" "${device}s+" - echo "+$(devicify ${slave})" > /sys/class/net/${device}/bonding/slaves - else - log_warning_msg "Device ${slave} does not exist." - fi - done - - ip link set ${device} up - - log_success_msg "Setting up trunk ${MAC}..." - ;; - - post-up) - device=$(devicify ${MAC}) - if ! zone_has_device_attached ${zone} ${device}; then - zone_add_port ${zone} ${device} - fi - ;; - - pre-down) - device=$(devicify ${MAC}) - if zone_has_device_attached ${zone} ${device}; then - zone_del_port ${zone} ${device} - fi - ;; - - post-down) - device=$(devicify ${MAC}) - if port_is_up ${device}; then - MESSAGE="Pulling down trunk ${MAC}..." - ip link set ${device} down - evaluate_retval - echo "-${device}" > /sys/class/net/bonding_masters - fi - ;; - - add) - MAC=$(mac_generate) - MODE=${DEFAULT_MODE} - - while [ $# -gt 0 ]; do - case "${1}" in - --mac=*) - MAC=${1#--mac=} - ;; - --mode=*) - MODE=${1#--mode=} - ;; - *) - SLAVES="${SLAVES} $(macify ${1})" - ;; - esac - shift - done - - UUID=$(uuid) - cat <<EOF > ${CONFIG_UUIDS}/${UUID} -HOOK="${HOOK_NAME}" -MAC="${MAC}" -MODE="${MODE}" -SLAVES="$(echo ${SLAVES})" -EOF - ln -sf ${CONFIG_UUIDS}/${UUID} \ - ${CONFIG_ZONES}/${zone}/${HOOK_NAME}-${UUID} - - log_success_msg "Configuration successfully saved!" - echo " MAC address : ${MAC}" - echo " Mode : ${MODE}" - echo " Slaves : $(echo ${SLAVES})" - ;; - - rem) - ;; - - status) - DEVICE=$(devicify ${MAC}) - echo -e "# ${CLR_BOLD_CYN}Trunk ${DEVICE} (${MAC})${NORMAL}" - if device_is_up ${MAC}; then - echo -e "# State: ${CLR_BOLD_GRN}up${NORMAL}" - echo "#" - for slave in $(</sys/class/net/${DEVICE}/bonding/slaves); do - echo -e "# ${CLR_BOLD_CYN}Slave port ${slave}${NORMAL}" - - echo -n "# State: " - if device_is_up ${slave}; then - echo -e "${CLR_BOLD_GRN}up${NORMAL}" - else - echo -e "${CLR_BOLD_RED}down${NORMAL}" - fi - - echo -n "# Link : " - if device_has_carrier ${slave}; then - echo -e "${CLR_BOLD_GRN}yes${NORMAL}" - else - echo -e "${CLR_BOLD_RED}no${NORMAL}" - fi - done - else - echo -e "# State: ${CLR_BOLD_RED}down${NORMAL}" - fi - - device_is_up ${MAC} - exit ${?} - ;; - - *) - echo "Usage: ${0} [interface] {up|down|add|remove|attach|detach|status}" - exit 1 - ;; -esac - -# End $NETWORK_DEVICES/services/bonding diff --git a/pkgs/core/network/src/hooks/ethernet b/pkgs/core/network/src/hooks/ethernet deleted file mode 100755 index e6e364f..0000000 --- a/pkgs/core/network/src/hooks/ethernet +++ /dev/null @@ -1,137 +0,0 @@ -#!/bin/sh -######################################################################## -# Begin $NETWORK_DEVICES/services/ethernet -# -# Description : Ethernet Script -# -# Authors : Michael Tremer - michael.tremer@ipfire.org -# -# Version : 00.00 -# -# Notes : This script adds ethernet support. -# -######################################################################## - -. /lib/network/hook-header - -HOOK_NAME=ethernet -HOOK_TYPE=port - -function port_name() { - echo ${zone}p+ -} - -case "${action}" in - help) - echo -e "${BOLD}Hook (${HOOK_NAME}) help:" - echo - echo -e " ${BOLD}Summary:${NORMAL}" - echo " The ethernet-hook controls connection via ethernet." - echo " You will need this to access your local lan." - echo - echo -e " ${BOLD}Usage:${NORMAL}" - #echo " --config=<FILE>" - #echo " Includes a config file." - #echo " Example: --config=/etc/sysconfig/network/green0/port-00:11:22:33:44:55" - #echo " --port=<MAC or Name>" - #echo " Passes the port to the script." - #echo " Example: --port=port0 or --port=00:11:22:33:44:55" - #echo " --zone=<zone>" - #echo " Passes the zone to the script." - #echo " Example: --zone=green0" - #echo - #echo -e " ${BOLD}Commands:${NORMAL}" - #echo - echo " This hook only needs the name of the network device" - echo " that should be attached to the zone." - echo " The device identifier can either be a mac address or" - echo " a device name." - echo - echo " Example: network zone addport green0 ethernet port0" - echo " network zone addport green0 ethernet 00:11:22:33:44:55" - echo - ;; - - info) - echo "HOOK_NAME=${HOOK_NAME}" - echo "HOOK_TYPE=${HOOK_TYPE}" - ;; - - pre-up) - device_is_up ${MAC} || ip link set $(devicify ${MAC}) up - ;; - - post-up) - if zone_has_device_attached ${zone} $(get_device ${MAC}); then - # Device is already attached to the bridge - exit ${EXIT_OK} - fi - message="Attaching ethernet port ${MAC}..." - device_rename $(get_device ${MAC}) $(port_name) - zone_add_port ${zone} $(get_device_by_mac ${MAC}) - evaluate_retval - ;; - - pre-down) - if zone_has_device_attached ${zone} $(get_device ${MAC}); then - message="Detatching ethernet port ${MAC}..." - zone_del_port ${zone} $(get_device_by_mac ${MAC}) - device_rename $(get_device_by_mac ${MAC}) ${COMMON_DEVICE} - evaluate_retval - fi - ;; - - post-down) - ## Possibly pull down the device (if there are no more vlan devices up...) - ;; - - add) - ### XXX error handling - - for dev in $@; do - MAC=$(macify ${dev}) - UUID=$(uuid) - cat <<EOF > ${CONFIG_UUIDS}/${UUID} -HOOK="${HOOK_NAME}" -MAC="${MAC}" -EOF - ln -sf ${CONFIG_UUIDS}/${UUID} \ - ${CONFIG_ZONES}/${zone}/${HOOK_NAME}-${UUID} - - log_success_msg "Configuration successfully saved!" - echo " Device : $(devicify ${MAC})" - echo " MAC address : ${MAC}" - done - ;; - - rem) - # XXX to be done - ;; - - status) - echo -e "# ${CLR_BOLD_CYN}Ethernet port $(devicify ${MAC}) (${MAC})${NORMAL}" - echo -n "# State: " - if device_is_up ${MAC}; then - echo -e "${CLR_BOLD_GRN}up${NORMAL}" - else - echo -e "${CLR_BOLD_RED}down${NORMAL}" - fi - echo -n "# Link : " - if device_has_carrier ${MAC}; then - echo -e "${CLR_BOLD_GRN}yes${NORMAL}" - else - echo -e "${CLR_BOLD_RED}no${NORMAL}" - fi - echo "#" - - device_is_up ${MAC} - exit ${?} - ;; - - *) - echo "Usage: ${0} [interface] {up|down|add|remove|attach|detach|status}" - exit 1 - ;; -esac - -# End $NETWORK_DEVICES/services/ethernet diff --git a/pkgs/core/network/src/hooks/ipv4-dhcp b/pkgs/core/network/src/hooks/ipv4-dhcp deleted file mode 100755 index 43c4419..0000000 --- a/pkgs/core/network/src/hooks/ipv4-dhcp +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/sh - -. /lib/network/hook-header - -HOOK_NAME="ipv4-dhcp" -HOOK_TYPE="zone" - -MESSAGE="DHCP Daemon..." -EXECUTEABLE="/sbin/dhclient" - -case "${action}" in - help) - ;; - - info) - echo "HOOK_NAME=$HOOK_NAME" - echo "HOOK_TYPE=$HOOK_TYPE" - ;; - - status) - check_config zone - pidfile="/var/run/dhclient_${zone}.pid" - pidofproc -p ${pidfile} ${EXECUTEABLE} &>/dev/null - exit $? - ;; - - pre-up) - ;; - - post-up) - check_config zone - pidfile="/var/run/dhclient_${zone}.pid" - if [ -e "${pidfile}" ]; then - kill $(<${pidfile}) &>/dev/null - sleep 1 - fi - ${EXECUTEABLE} -pf ${pidfile} ${zone} - evaluate_retval start - ;; - - pre-down) - check_config zone - pidfile="/var/run/dhclient_${zone}.pid" - killproc -p ${pidfile} ${EXECUTEABLE} - evaluate_retval stop - ;; - - post-down) - ;; - - add) - while [ $# -gt 0 ]; do - case "$1" in - --hostname=*) - HOSTNAME=${1#--hostname=} - ;; - *) - echo "Unknown option: $1" >&2 - exit 1 - ;; - esac - shift - done - cat <<EOF >${CONFIG_ZONES}/${zone}/ipv4-dhcp -HOOK="${HOOK_NAME}" -HOSTNAME="${HOSTNAME}" -EOF - [ "$?" = "0" ] && exit ${EXIT_OK} || exit ${EXIT_ERROR} - ;; - - rem) - ;; - - discover) - exit ${EXIT_ERROR} - ;; - - *) - echo "Usage: ${0} {config|pre-up|post-up|pre-down|post-down|status} [interface]" - exit ${EXIT_ERROR} - ;; -esac - -# End $NETWORK_DEVICES/services/ipv4-dhcp diff --git a/pkgs/core/network/src/hooks/ipv4-static b/pkgs/core/network/src/hooks/ipv4-static deleted file mode 100755 index 34af557..0000000 --- a/pkgs/core/network/src/hooks/ipv4-static +++ /dev/null @@ -1,169 +0,0 @@ -#!/bin/sh -######################################################################## -# Begin $NETWORK_DEVICES/services/ipv4-static -# -# Description : IPV4 Static Boot Script -# -# Authors : Nathan Coulson - nathan@linuxfromscratch.org -# Kevin P. Fleming - kpfleming@linuxfromscratch.org -# -# Version : 00.00 -# -# Notes : -# -######################################################################## - -. /lib/network/hook-header - -HOOK_NAME="ipv4-static" -HOOK_TYPE="zone" - -function check_config() { - args= - if [ -z "${IP}" ]; then - log_failure_msg "IP variable missing, cannot continue." - exit ${EXIT_CONF_ERROR} - fi - - if [ -z "${PREFIX}" -a -z "${PEER}" ]; then - log_warning_msg "PREFIX variable missing, assuming 24." - PREFIX=24 - args="${args} ${IP}/${PREFIX}" - elif [ -n "${PREFIX}" -a -n "${PEER}" ]; then - log_failure_msg "PREFIX and PEER both specified, cannot continue." - exit ${EXIT_CONF_ERROR} - elif [ -n "${PREFIX}" ]; then - args="${args} ${IP}/${PREFIX}" - elif [ -n "${PEER}" ]; then - args="${args} ${IP} peer ${PEER}" - fi - - if [ -n "${BROADCAST}" ]; then - args="${args} broadcast ${BROADCAST}" - fi - - if [ -n "${SOURCE}" ]; then - args="${args} src ${SOURCE}" - fi -} - -case "${action}" in - help) - ;; - - info) - echo "HOOK_NAME=$HOOK_NAME" - echo "HOOK_TYPE=$HOOK_TYPE" - ;; - - status) - check_config - echo -e "# ${CLR_BOLD_CYN}IPv4 static: ${IP}/${PREFIX}${NORMAL}" - if [ -n "${GATEWAY}" ]; then - echo "# Gateway: ${GATEWAY}" - echo -n "# Reachable: " - if ping -c1 -w1 -I ${zone} ${GATEWAY} &>/dev/null; then - echo -e "${CLR_BOLD_GRN}yes${NORMAL}" - else - echo -e "${CLR_BOLD_RED}no${NORMAL}" - fi - fi - ip addr show ${zone} | grep "inet " | fgrep -q "${IP}/${PREFIX}" - exit ${?} - ;; - - pre-up) - ;; - - post-up) - check_config - if ! device_has_ipv4 ${zone} ${IP}; then - MESSAGE="Adding IPv4 address ${IP} to zone ${zone} interface..." - ip addr add ${args} dev ${zone} - evaluate_retval - fi - - if [ -n "${GATEWAY}" ]; then - if ip route | grep -q default; then - log_warning_msg "Gateway already setup; skipping." ${WARNING} - else - MESSAGE="Setting up default gateway..." - ip route add default via ${GATEWAY} dev ${zone} - evaluate_retval - fi - fi - ;; - - pre-down) - check_config - if [ -n "${GATEWAY}" ]; then - MESSAGE="Removing default gateway..." - ip route del default - evaluate_retval - fi - - if device_has_ipv4 ${zone} ${IP}; then - MESSAGE="Removing IPv4 address ${IP} from zone ${zone}..." - ip addr del ${args} dev ${zone} - evaluate_retval - fi - ;; - - post-down) - ;; - - add) - while [ $# -gt 0 ]; do - case "$1" in - --ip=*) - IP=${1#--ip=} - ;; - --prefix=*) - PREFIX=${1#--prefix=} - ;; - --peer=*) - PEER=${1#--peer=} - ;; - --broadcast=*) - BROADCAST=${1#--broadcast=} - ;; - --source=*) - SOURCE=${1#--source=} - ;; - --gateway=*) - GATEWAY=${1#--gateway=} - ;; - *) - echo "Unknown option: $1" >&2 - exit 1 - ;; - esac - shift - done - #check_config - cat <<EOF >${CONFIG_ZONES}/${zone}/ipv4-static_$IP -HOOK="${HOOK_NAME}" -IP="${IP}" -PREFIX="${PREFIX}" -PEER="${PEER}" -BROADCAST="${BROADCAST}" -SOURCE="${SOURCE}" -GATEWAY="${GATEWAY}" -EOF - [ "$?" = "0" ] && exit ${EXIT_OK} || exit ${EXIT_ERROR} - ;; - - rem) - ;; - - discover) - exit ${EXIT_ERROR} - ;; - - *) - echo "Usage: ${0} {config|pre-up|post-up|pre-down|post-down|status} [interface]" - exit ${EXIT_ERROR} - ;; -esac - -# End $NETWORK_DEVICES/services/ipv4-static diff --git a/pkgs/core/network/src/hooks/ipv4-static-route b/pkgs/core/network/src/hooks/ipv4-static-route deleted file mode 100755 index 9e38986..0000000 --- a/pkgs/core/network/src/hooks/ipv4-static-route +++ /dev/null @@ -1,141 +0,0 @@ -#!/bin/sh -######################################################################## -# Begin $NETWORK_DEVICES/services/ipv4-static-route -# -# Description : IPV4 Static Route Script -# -# Authors : Kevin P. Fleming - kpfleming@linuxfromscratch.org -# -# Version : 00.00 -# -# Notes : -# -######################################################################## - -. /lib/network/hook-header - -HOOK_NAME=ipv4-static-route -HOOK_TYPE=zone - -function check_config() { - args= - case "${TYPE}" in - ""|network) - need_ip=1 - need_gateway=1 - ;; - - default) - need_gateway=1 - args="${args} default" - desc="default" - ;; - - host) - need_ip=1 - ;; - - unreachable) - need_ip=1 - args="${args} unreachable" - desc="unreachable" - ;; - - *) - log_failure_msg "Unknown route type (${TYPE}) in ${CONFIG}, cannot continue." - exit ${EXIT_CONF_ERROR} - ;; - esac - - if [ -n "${need_ip}" ]; then - if [ -z "${IP}" ]; then - log_failure_msg "IP variable missing from ${CONFIG}, cannot continue." - exit ${EXIT_CONF_ERROR} - fi - - if [ -z "${PREFIX}" ]; then - log_failure_msg "PREFIX variable missing from ${CONFIG}, cannot continue." - exit ${EXIT_CONF_ERROR} - fi - - args="${args} ${IP}/${PREFIX}" - desc="${desc}${IP}/${PREFIX}" - fi - - if [ -n "${need_gateway}" ]; then - if [ -z "${GATEWAY}" ]; then - log_failure_msg "GATEWAY variable missing from ${CONFIG}, cannot continue." - exit ${EXIT_CONF_ERROR} - fi - args="${args} via ${GATEWAY}" - fi -} - -case "${action}" in - add) - while [ $# -gt 0 ]; do - case "${1}" in - --ip=*) - IP=${1#--ip=} - ;; - --gateway=*) - GATEWAY=${1#--gateway=} - ;; - --prefix=*) - PREFIX=${1#--prefix=} - ;; - --type=*) - TYPE=${1#--type=} - ;; - esac - shift - done - check_config - cat <<EOF >${CONFIG_ZONES}/${zone}/${HOOK_NAME}_${IP-${GATEWAY}} -HOOK="${HOOK_NAME}" -IP="${IP}" -GATEWAY="${GATEWAY}" -PREFIX="${PREFIX}" -TYPE="${TYPE}" -EOF - [ "$?" = "0" ] && exit ${EXIT_OK} || exit ${EXIT_ERROR} - ;; - - help) - ;; - - info) - echo "HOOK_NAME=${HOOK_NAME}" - echo "HOOK_TYPE=${HOOK_TYPE}" - ;; - - pre-up) - ;; - - post-up) - boot_mesg "Adding '${desc}' route to zone ${zone}..." - ip route add ${args} dev ${zone} - evaluate_retval - ;; - - pre-down) - boot_mesg "Removing '${desc}' route from zone ${zone}..." - ip route del ${args} dev ${zone} - evaluate_retval - ;; - - post-down) - ;; - - discover) - - exit ${EXIT_ERROR} - ;; - - *) - echo "Usage: ${0} [interface] {up|down}" - exit 1 - ;; -esac - -# End $NETWORK_DEVICES/services/ipv4-static-route diff --git a/pkgs/core/network/src/hooks/mtu b/pkgs/core/network/src/hooks/mtu deleted file mode 100755 index 707345a..0000000 --- a/pkgs/core/network/src/hooks/mtu +++ /dev/null @@ -1,85 +0,0 @@ -#!/bin/sh -######################################################################## -# Begin $NETWORK_DEVICES/services/mtu -# -# Description : Sets MTU per interface -# -# Authors : Nathan Coulson - nathan@linuxfromscratch.org -# Jim Gifford - jim@linuxfromscratch.org -# -# Version : 00.00 -# -# Notes : This sets the maximum amount of bytes that can be -# transmitted within a packet. By default, this -# value is set to 1500. -# -######################################################################## - -. /lib/network/hook-header - -HOOK_NAME=mtu -HOOK_TYPE=zone - -DEFAULT_MTU=1500 - -function usage() { - echo "Usage: ${0} {pre-up|post-up|pre-down|post-down|config} [interface]" -} - -case "${action}" in - help) - ;; - - info) - echo "HOOK_NAME=$HOOK_NAME" - echo "HOOK_TYPE=$HOOK_TYPE" - ;; - - status) - check_config zone MTU - mtu=$(cat /sys/class/net/${zone}/mtu 2>/dev/null) - [ "$MTU" = "$mtu" ] - exit $? - ;; - - pre-up) - ;; - - post-up) - check_config zone MTU - message="Setting the MTU for ${zone} to ${MTU}..." - echo "${MTU}" > "/sys/class/net/${zone}/mtu" - evaluate_retval standard - ;; - - pre-down) - check_config zone MTU - message="Resetting MTU for ${zone} to 1500..." - echo ${DEFAULT_MTU} > "/sys/class/net/${zone}/mtu" - evaluate_retval standard - ;; - - post-down) - ;; - - config) - MTU=$1 - check_config zone MTU - cat << EOF >> ${CONFIG_ZONES}/${zone}/${HOOK_NAME} -HOOK="${HOOK_NAME}" -MTU="${MTU}" -EOF - exit $? - ;; - - discover) - exit ${EXIT_ERROR} - ;; - - *) - usage - exit 1 - ;; -esac - -# End $NETWORK_DEVICES/services/mtu diff --git a/pkgs/core/network/src/hooks/ports/bonding b/pkgs/core/network/src/hooks/ports/bonding new file mode 100755 index 0000000..9e04435 --- /dev/null +++ b/pkgs/core/network/src/hooks/ports/bonding @@ -0,0 +1,203 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +. /lib/network/header-port + +HOOK_SETTINGS="HOOK DEVICE_MAC MIIMON MODE SLAVES" + +DEVICE_MAC=$(mac_generate) +MIIMON=100 + +function _check() { + assert isset DEVICE_MAC + assert ismac DEVICE_MAC + + #assert isset SLAVES + assert isinteger MIIMON +} + +function _create() { + _edit $@ +} + +function _edit() { + local port=${1} + shift + + while [ $# -gt 0 ]; do + case "${1}" in + --mac=*) + DEVICE_MAC=${1#--mac=} + ;; + --miimon=*) + MIIMON=${1#--miimon=} + ;; + --mode=*) + MODE=${1#--mode=} + ;; + --slave=*) + slave=${1#--slave=} + SLAVES="${SLAVES} $(macify ${slave})" + ;; + *) + warning "Unknown argument '${1}'" + ;; + esac + shift + done + + DEVICE=${port} + + # XXX think this must move to _check() + if ! isset DEVICE; then + error "You must set a device name." + exit ${EXIT_ERROR} + fi + + if ! isset SLAVES; then + error "You need to specify at least one slave port (e.g. --slave=port0)." + exit ${EXIT_ERROR} + fi + + local slave + for slave in ${SLAVES}; do + if ! device_is_real $(devicify ${slave}); then + error "Slave device '${slave}' is not an ethernet device." + exit ${EXIT_ERROR} + fi + done + + # Remove any whitespace + SLAVES=$(echo ${SLAVES}) + + config_write $(port_file ${port}) ${HOOK_SETTINGS} + + exit ${EXIT_OK} +} + +function _up() { + local device=${1} + + config_read $(port_file ${device}) + + if device_exists ${device}; then + log DEBUG "Bonding device '${device}' does already exist." + + device_set_address ${DEVICE_MAC} + device_set_up ${device} + + exit ${EXIT_OK} + fi + + bonding_create ${device} ${DEVICE_MAC} + + if [ -n "${MODE}" ]; then + bonding_set_mode ${device} ${MODE} + fi + + bonding_set_miimon ${device} ${MIIMON} + + local slave + for slave in ${SLAVES}; do + if ! device_exists $(devicify ${slave}); then + warning_log "${device}: configured slave '${slave}' is not available." + continue + fi + + slave=$(devicify ${slave}) + assert isset slave + + bonding_enslave_device ${device} ${slave} + done + + exit ${EXIT_OK} +} + +function _down() { + local device=${1} + + bonding_remove ${device} + + local slave + for slave in ${SLAVES}; do + device_set_down ${slave} + done + + exit ${EXIT_OK} +} + +function _status() { + local port=${1} + shift + + assert isset port + + echo "${port}" + + local status=$(device_get_status ${port}) + printf "${DEVICE_PRINT_LINE1}" "Status:" "$(echo -ne ${STATUS_COLOUR[${status}]}${STATUS_TEXT[${status}]}${COLOUR_NORMAL})" + + cli_headline " Ethernet information:" + printf "${DEVICE_PRINT_LINE1}" "Address:" $(device_get_address ${port}) + printf "${DEVICE_PRINT_LINE1}" "MTU:" $(device_get_mtu ${port}) + printf "${DEVICE_PRINT_LINE1}" "Promisc mode:" $(device_is_promisc ${port} && echo "yes" || echo "no") + + if device_is_bonded ${port}; then + cli_headline " Bonding information:" + + local master=$(bonding_slave_get_master ${port}) + printf "${DEVICE_PRINT_LINE1}" "Master:" "${master}" + + local active + if [ "$(bonding_get_active_slave ${master})" = "${port}" ]; then + active="yes" + else + active="no" + fi + printf "${DEVICE_PRINT_LINE1}" "Active slave:" "${active}" + fi + + if device_is_bonding ${port}; then + cli_headline " Bonding information:" + + printf "${DEVICE_PRINT_LINE1}" "Mode:" "$(bonding_get_mode ${port})" + # XXX lacp rate + echo + + local slave + local slave_active=$(bonding_get_active_slave ${port}) + for slave in $(bonding_get_slaves ${port}); do + printf "${DEVICE_PRINT_LINE1}" "Slave$([ "${slave}" = "${slave_active}" ] && echo " (active)"):" "${slave}" + done + fi + + cli_headline " Statistics:" + printf "${DEVICE_PRINT_LINE1}" "Received:" \ + "$(beautify_bytes $(device_get_rx_bytes ${port})) ($(device_get_rx_packets ${port}) packets)" + printf "${DEVICE_PRINT_LINE1}" "Sent:" \ + "$(beautify_bytes $(device_get_tx_bytes ${port})) ($(device_get_tx_packets ${port}) packets)" + + echo + + exit ${EXIT_OK} +} + +run $@ diff --git a/pkgs/core/network/src/hooks/ports/ethernet b/pkgs/core/network/src/hooks/ports/ethernet new file mode 100755 index 0000000..2d49f49 --- /dev/null +++ b/pkgs/core/network/src/hooks/ports/ethernet @@ -0,0 +1,105 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +. /lib/network/header-port + +HOOK_SETTINGS="HOOK DEVICE_MAC" + +function _check() { + assert ismac DEVICE_MAC +} + +function _create() { + local port=${1} + shift + + assert isset port + + DEVICE_MAC=$(device_get_address ${port}) + + config_write $(port_file ${port}) ${HOOK_SETTINGS} + + exit ${EXIT_OK} +} + +function _up() { + local port=${1} + + assert isset port + + device_set_up ${port} + + exit ${EXIT_OK} +} + +function _down() { + local port=${1} + + assert isset port + + device_set_down ${port} + + exit ${EXIT_OK} +} + +function _status() { + local port=${1} + shift + + assert isset port + + echo "${port}" + + local status=$(device_get_status ${port}) + printf "${DEVICE_PRINT_LINE1}" "Status:" "$(echo -ne ${STATUS_COLOUR[${status}]}${STATUS_TEXT[${status}]}${COLOUR_NORMAL})" + + cli_headline " Ethernet information:" + printf "${DEVICE_PRINT_LINE1}" "Address:" $(device_get_address ${port}) + printf "${DEVICE_PRINT_LINE1}" "MTU:" $(device_get_mtu ${port}) + printf "${DEVICE_PRINT_LINE1}" "Promisc mode:" $(device_is_promisc ${port} && echo "yes" || echo "no") + + if device_is_bonded ${port}; then + cli_headline " Bonding information:" + + local master=$(bonding_slave_get_master ${port}) + printf "${DEVICE_PRINT_LINE1}" "Master:" "${master}" + + local active + if [ "$(bonding_get_active_slave ${master})" = "${port}" ]; then + active="yes" + else + active="no" + fi + printf "${DEVICE_PRINT_LINE1}" "Active slave:" "${active}" + fi + + cli_headline " Statistics:" + printf "${DEVICE_PRINT_LINE1}" "Received:" \ + "$(beautify_bytes $(device_get_rx_bytes ${port})) ($(device_get_rx_packets ${port}) packets)" + printf "${DEVICE_PRINT_LINE1}" "Sent:" \ + "$(beautify_bytes $(device_get_tx_bytes ${port})) ($(device_get_tx_packets ${port}) packets)" + + echo + + exit ${EXIT_OK} +} + +run $@ diff --git a/pkgs/core/network/src/hooks/ports/virtual b/pkgs/core/network/src/hooks/ports/virtual new file mode 100755 index 0000000..4c35ebc --- /dev/null +++ b/pkgs/core/network/src/hooks/ports/virtual @@ -0,0 +1,152 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +. /lib/network/header-port + +HOOK_SETTINGS="HOOK DEVICE DEVICE_MAC DEVICE_VID" + +DEVICE_MAC=$(mac_generate) + +function _check() { + assert isset DEVICE + assert ismac DEVICE_MAC + assert isinteger DEVICE_VID + + if [ ${DEVICE_VID} -gt 4096 ]; then + error "DEVICE_VID is greater than 4096." + exit ${EXIT_ERROR} + fi + + local reserved + for reserved in 0 4095; do + if [ "${DEVICE_VID}" = "${reserved}" ]; then + error "DEVICE_VID=${reserved} is reserved." + exit ${EXIT_ERROR} + fi + done +} + +function _create() { + while [ $# -gt 0 ]; do + case "${1}" in + --device=*) + DEVICE=${1#--device=} + ;; + --mac=*) + DEVICE_MAC=${1#--mac=} + ;; + --id=*) + DEVICE_VID=${1#--id=} + ;; + *) + warning "Unknown argument '${1}'" + ;; + esac + shift + done + + local port="${DEVICE}v${DEVICE_VID}" + + config_write $(port_file ${port}) ${HOOK_SETTINGS} + + exit ${EXIT_OK} +} + +function _edit() { + local port=${1} + shift + + assert isset port + + config_read $(port_file ${port}) + + while [ $# -gt 0 ]; do + case "${1}" in + --mac=*) + DEVICE_MAC=${1#--mac=} + ;; + *) + warning "Unknown argument '${1}'" + ;; + esac + shift + done + + config_write $(port_file ${port}) ${HOOK_SETTINGS} + + exit ${EXIT_OK} +} + +function _up() { + local port=${1} + + assert isset port + + config_read $(port_file ${port}) + + if ! device_exists ${port}; then + device_virtual_create ${DEVICE} ${DEVICE_VID} ${DEVICE_MAC} + fi + + exit ${EXIT_OK} +} + +function _down() { + local port=${1} + + assert isset port + + config_read $(port_file ${port}) + + if ! device_exists ${port}; then + exit ${EXIT_OK} + fi + + device_virtual_remove ${port} + + exit ${EXIT_OK} +} + +function _status() { + local zone=${1} + local port=${2} + +config_read $(zone_dir ${zone})/${port} + + local device=$(devicify ${DEVICE_MAC}) + + printf " %-10s - " "${device}" + if ! device_is_up ${device}; then + echo -ne "${COLOUR_DOWN} DOWN ${COLOUR_NORMAL}" + else + local state=$(stp_port_state ${zone} ${device}) + local colour="COLOUR_STP_${state}" + printf "${!colour}%10s${COLOUR_NORMAL}" ${state} + fi + + echo -n " - DSR: $(stp_port_designated_root ${zone} ${device})" + echo -n " - Cost: $(stp_port_pathcost ${zone} ${device})" + echo + + exit ${EXIT_OK} +} + +run $@ diff --git a/pkgs/core/network/src/hooks/pppoe b/pkgs/core/network/src/hooks/pppoe deleted file mode 100755 index d27a517..0000000 --- a/pkgs/core/network/src/hooks/pppoe +++ /dev/null @@ -1,191 +0,0 @@ -#!/bin/sh -######################################################################## -# Begin $NETWORK_DEVICES/services/ipv4-static -# -# Description : IPV4 Static Boot Script -# -# Authors : Nathan Coulson - nathan@linuxfromscratch.org -# Kevin P. Fleming - kpfleming@linuxfromscratch.org -# -# Version : 00.00 -# -# Notes : -# -######################################################################## - -. /lib/network/hook-header -. /lib/network/functions.ppp - -HOOK_NAME="pppoe" -HOOK_TYPE="zone" - -PPPOE_PLUGIN=rp-pppoe.so - -case "${action}" in - help) - ;; - - info) - echo "HOOK_NAME=$HOOK_NAME" - echo "HOOK_TYPE=$HOOK_TYPE" - ;; - - status) - echo -e "# ${CLR_BOLD_CYN}PPPoE: ${NAME}${NORMAL}" - echo -n "# pppd's PID: " - pid=$(head -n1 /var/run/ppp-${NAME}.pid 2>/dev/null) - if [ -n "${pid}" ] && [ -d "/proc/${pid}" ]; then - echo -e "${CLR_BOLD_GRN}${pid}${NORMAL}" - exit ${EXIT_OK} - else - echo -e "${CLR_BOLD_RED}${pid-off}${NORMAL}" - exit ${EXIT_OK} - fi - ;; - - pre-up) - ppp_pre_up - - check_config NAME - # Creating necessary files - [ -d "${RED_RUN}/${NAME}" ] || mkdir -p ${RED_RUN}/${NAME} - - ppp_secret "${USER}" "${SECRET}" - - cat <<EOF >${RED_RUN}/${NAME}/options -# Naming options -name ${NAME} -linkname ${NAME} - -plugin ${PPPOE_PLUGIN} ${zone} - -# User configuration -user ${USER} - -$([ "${PEERDNS}" = "1" ] && echo "usepeerdns") -$([ "${DEFAULTROUTE}" = "1" ] && echo "defaultroute") - -noauth -$([ -n "${AUTH}" ] && echo "require-${AUTH}") - -noipdefault - -# Maximum transmission/receive unit -mtu ${MTU} -mru ${MTU} - -# Disable the compression -noaccomp nodeflate nopcomp novj novjccomp nobsdcomp - -debug -EOF - ;; - - post-up) - check_config zone NAME - MESSAGE="Starting PPP Daemon on interface ${zone}..." - if zone_is_forwarding ${zone}; then - pppd file ${RED_RUN}/${NAME}/options >/dev/null - evaluate_retval - else - log_failure_msg "Zone ${zone} is not forwaring any traffic..." - exit ${EXIT_ERROR} - fi - - ppp_post_up - ;; - - pre-down) - ppp_pre_down - - MESSAGE="Stopping PPP Daemon on interface ${zone}..." - pid=$(head -n1 /var/run/ppp-${NAME}.pid 2>/dev/null) - if [ -n "${pid}" ]; then - kill ${pid} &>/dev/null - evaluate_retval - fi - ;; - - post-down) - ppp_post_down - ;; - - add) - # A pregenerated connection name - NAME=$(</proc/sys/kernel/random/uuid) - DEFAULTROUTE=1 - PEERDNS=1 - MTU=1492 - - while [ $# -gt 0 ]; do - case "$1" in - --user=*) - USER=${1#--user=} - ;; - --secret=*) - SECRET=${1#--secret=} - ;; - --name=*) - NAME=${1#--name=} - ;; - --mtu=*) - MTU=${1#--mtu=} - ;; - --no-defaultroute) - DEFAULTROUTE=0 - ;; - --no-dns) - PEERDNS=0 - ;; - --auth=*) - AUTH=${1#--auth=} - ;; - *) - echo "Unknown option: $1" >&2 - exit 1 - ;; - esac - shift - done - - UUID=$(uuid) - cat <<EOF >${CONFIG_UUIDS}/${UUID} -HOOK="${HOOK_NAME}" -USER="${USER}" -SECRET="${SECRET}" -NAME="${NAME}" -MTU="${MTU}" -DEFAULTROUTE="${DEFAULTROUTE}" -PEERDNS="${PEERDNS}" -AUTH="${AUTH}" -EOF - - ln -sf ${CONFIG_UUIDS}/${UUID} \ - ${CONFIG_ZONES}/${zone}/${HOOK_NAME}-${UUID} - - exit ${EXIT_OK} - ;; - - discover) - output=$(pppoe-discovery -I ${zone} \ - -U $(</proc/sys/kernel/random/uuid) 2>&1) - if grep -q "Timeout" <<<${output}; then - echo "${HOOK_NAME}: FAILED" - exit ${EXIT_ERROR} - else - echo "${HOOK_NAME}: OK" - echo "${output}" | while read line; do - [ "${line:0:1}" = "A" ] || continue - echo "${HOOK_NAME}: ${line}" - done - exit ${EXIT_OK} - fi - ;; - - *) - echo "Usage: ${0} {config|pre-up|post-up|pre-down|post-down|status} [interface]" - exit ${EXIT_ERROR} - ;; -esac - -# End $NETWORK_DEVICES/services/ipv4-static diff --git a/pkgs/core/network/src/hooks/pppoe.helper b/pkgs/core/network/src/hooks/pppoe.helper deleted file mode 100755 index 693ba3d..0000000 --- a/pkgs/core/network/src/hooks/pppoe.helper +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/bash - -. /lib/network/functions -. /lib/network/functions.ppp - -while [ $# -gt 0 ]; do - case "${1}" in - --config=*) - . ${1#--config=} - ;; - *) - action=${1} - break - ;; - esac - shift -done - -zone=${DEVICE} - -DIR=${RED_RUN}/${LINKNAME} - -case "${action}" in - ip-up) - mkdir -p ${DIR} 2>/dev/null - - echo "${IPREMOTE}" > ${DIR}/remote-ip-address - echo "${IPLOCAL}" > ${DIR}/local-ip-address - - # Update firewall with new IP address(es) - - # Prepare main routing table - ip route add ${IPREMOTE}/32 dev ${IFNAME} src ${IPLOCAL} - - # Configure our own routing table - ip route add table ${zone} default via ${IPREMOTE} dev ${IFNAME} - - if [ "${DEFAULTROUTE}" = "1" ]; then - ln -sf remote-ip-address ${DIR}/gateway - [ -n "${WEIGHT}" ] && \ - echo "${WEIGHT}" > ${DIR}/weight - - red_defaultroute_update - fi - - if [ "${PEERDNS}" = "1" ]; then - echo "${DNS1}" > ${DIR}/dns - if [ -n "${DNS2}" ] && [ "${DNS1}" != "${DNS2}" ]; then - echo "${DNS2}" > ${DIR}/dns - fi - red_dns_update - fi - ;; - - ip-down) - # Flush firewall - - if [ "${DEFAULTROUTE}" = "1" ]; then - : - fi - - ip route flush table ${zone} - - if [ "${PEERDNS}" = "1" ]; then - : - fi - - # Save statistics - ppp_stat "${NAME}" "${CONNECT_TIME}" "${BYTES_RCVD}" "${BYTES_SENT}" - ;; -esac - -exit 0 diff --git a/pkgs/core/network/src/hooks/stp b/pkgs/core/network/src/hooks/stp deleted file mode 100755 index 9e1c465..0000000 --- a/pkgs/core/network/src/hooks/stp +++ /dev/null @@ -1,97 +0,0 @@ -#!/bin/sh -######################################################################## -# Begin $NETWORK_DEVICES/services/stp -# -# Description : Spanning Tree Protocol Script -# -# Authors : Michael Tremer - michael.tremer@ipfire.org -# -# Version : 00.00 -# -# Notes : This script adds stp support to a bridge. -# -######################################################################## - -. /lib/network/hook-header - -HOOK_NAME=stp -HOOK_TYPE=zone - -case "${action}" in - help) - ;; - - info) - echo "HOOK_NAME=$HOOK_NAME" - echo "HOOK_TYPE=$HOOK_TYPE" - ;; - - pre-up) - ;; - - post-up) - MESSAGE="Enabling Spanning Tree Protocol on zone ${zone}..." - brctl stp ${zone} on - evaluate_retval - ;; - - pre-down) - MESSAGE="Disabling Spanning Tree Protocol on zone ${zone}..." - brctl stp ${zone} off - evaluate_retval - ;; - - post-down) - ;; - - add) - shift 2 - while [ $# -gt 0 ]; do - case "$1" in - --ageing=*) - AGEING=${1#--ageing=} - ;; - --priority=*) - PRIORITY=${1#--priority=} - ;; - --delay=*) - DELAY=${1#--delay=} - ;; - --hello=*) - HELLO=${1#--hello=} - ;; - --maxage=*) - MAXAGE=${1#--maxage=} - ;; - *) - echo "Unknown option: $1" >&2 - exit 1 - ;; - esac - shift - done - cat <<EOF >${CONFIG_ZONES}/${zone}/${HOOK_NAME} -HOOK="${HOOK_NAME}" -AGEING="${AGEING}" -PRIORITY="${PRIORITY}" -DELAY="${DELAY}" -HELLO="${HELLO}" -MAXAGE="${MAXAGE}" -EOF - exit $? - ;; - - rem) - ;; - - discover) - exit ${EXIT_ERROR} - ;; - - *) - echo "Usage: ${0} {pre-up|post-up|pre-down|post-down|config} [interface]" - exit 1 - ;; -esac - -# End $NETWORK_DEVICES/services/stp diff --git a/pkgs/core/network/src/hooks/vlan b/pkgs/core/network/src/hooks/vlan deleted file mode 100755 index e4d99e6..0000000 --- a/pkgs/core/network/src/hooks/vlan +++ /dev/null @@ -1,120 +0,0 @@ -#!/bin/sh -######################################################################## -# Begin $NETWORK_DEVICES/services/vlan -# -# Description : VLAN Script -# -# Authors : Michael Tremer - michael.tremer@ipfire.org -# -# Version : 00.00 -# -# Notes : This script adds vlan support. -# -######################################################################## - -. /lib/network/hook-header - -HOOK_NAME=vlan -HOOK_TYPE=port - -function port_name() { - echo "${zone}v${ID}" -} - -case "${action}" in - help) - ;; - - info) - echo "HOOK_NAME=${HOOK_NAME}" - echo "HOOK_TYPE=${HOOK_TYPE}" - ;; - - pre-up) - # Load the kernel module - grep -q ^8021q /proc/modules || modprobe 8021q - - if ! port_is_up $(port_name); then - MESSAGE="Adding VLAN ${ID} to port ${MAC}..." - - if ! device_is_up $(devicify ${MAC}); then - ip link set $(devicify ${MAC}) up - fi - vconfig add $(devicify ${MAC}) ${ID} >/dev/null - evaluate_retval - - device_rename $(get_device_by_mac_and_vid ${MAC} ${ID}) $(port_name) - ip link set $(port_name) up - - ebtables -t broute -A BROUTING -p 802_1Q --vlan-id=${ID} -j DROP - fi - ;; - - post-up) - if ! zone_has_device_attached ${zone} $(port_name); then - zone_add_port ${zone} $(get_device ${MAC} ${ID}) - fi - ;; - - pre-down) - if zone_has_device_attached ${zone} $(port_name); then - zone_del_port ${zone} $(get_device_by_mac_and_vid ${MAC} ${ID}) - fi - ;; - - post-down) - if port_is_up $(port_name); then - MESSAGE="Removing VLAN ${ID} from port ${MAC}..." - - vconfig rem $(get_device_by_mac_and_vid ${MAC} ${ID}) >/dev/null - evaluate_retval - - ebtables -t broute -D BROUTING -p 802_1Q --vlan-id=${ID} -j DROP - fi - ;; - - add) - MAC=$(macify ${1}) - ID=${2} # Must be integer between 1 and 4096 - - UUID=$(uuid) - cat <<EOF > ${CONFIG_UUIDS}/${UUID} -HOOK="${HOOK_NAME}" -ID="${ID}" -MAC="${MAC}" -EOF - ln -sf ${CONFIG_UUIDS}/${UUID} \ - ${CONFIG_ZONES}/${zone}/${HOOK_NAME}-${UUID} - - log_success_msg "Configuration successfully saved!" - echo " Device : $(devicify ${MAC})" - echo " MAC address : ${MAC}" - echo " VLAN tag : ${ID}" - ;; - - rem) - # XXX to be done - ;; - - status) - echo -e "# ${CLR_BOLD_CYN}VLAN port $(port_name)${NORMAL}" - echo -n "# State: " - if device_is_up $(port_name); then - echo -e "${CLR_BOLD_GRN}up${NORMAL}" - RET=${EXIT_OK} - else - echo -e "${CLR_BOLD_RED}down${NORMAL}" - RET=${EXIT_ERROR} - fi - echo "# ID : ${ID}" - echo "#" - exit ${RET} - ;; - - *) - echo "Usage: ${0} [interface] {up|down|add|remove|attach|detach|status}" - exit 1 - ;; -esac - -# End $NETWORK_DEVICES/services/vlan diff --git a/pkgs/core/network/src/hooks/zones/bridge b/pkgs/core/network/src/hooks/zones/bridge new file mode 100755 index 0000000..a09f755 --- /dev/null +++ b/pkgs/core/network/src/hooks/zones/bridge @@ -0,0 +1,176 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +. /lib/network/header-zone + +HOOK_SETTINGS="HOOK STP STP_FORWARD_DELAY STP_HELLO STP_MAXAGE STP_PRIORITY" +HOOK_SETTINGS="${HOOK_SETTINGS} MAC MTU" + +# Default values +MAC=$(mac_generate) +MTU=1500 +STP="on" +STP_FORWARD_DELAY=0 +STP_HELLO=2 +STP_MAXAGE=20 +STP_PRIORITY=512 # XXX check out better value + +function _check() { + assert ismac MAC + assert isbool STP + assert isinteger STP_HELLO + assert isinteger STP_FORWARD_DELAY + assert isinteger STP_PRIORITY + assert isinteger MTU +} + +function _parse_cmdline() { + while [ $# -gt 0 ]; do + case "${1}" in + --stp=*) + STP=${1#--stp=} + ;; + --stp-hello=*) + STP_HELLO=${1#--stp-hello=} + ;; + --stp-forward-delay=*) + STP_FORWARD_DELAY=${1#--stp-forward-delay=} + ;; + --stp-priority=*) + STP_PRIORITY=${1#--stp-priority=} + ;; + --mtu=*) + MTU=${1#--mtu=} + ;; + --mac=*) + MAC=${1#--mac=} + ;; + *) + warning "Ignoring unknown option '${1}'" + ;; + esac + shift + done +} + +function _up() { + local zone=${1} + shift + + config_read ${ZONE_DIR}/${zone}/settings + + if ! device_exists ${zone}; then + brctl addbr ${zone} + fi + + [ -n "${MAC}" ] && device_set_address ${zone} ${MAC} + [ -n "${MTU}" ] && device_set_mtu ${zone} ${MTU} + + # Enable STP + if enabled STP; then + brctl stp ${zone} on + + if [ -n "${STP_FORWARD_DELAY}" ]; then + brctl setfd ${zone} ${STP_FORWARD_DELAY} + fi + + if [ -n "${STP_HELLO}" ]; then + brctl sethello ${zone} ${STP_HELLO} + fi + + if [ -n "${STP_MAXAGE}" ]; then + brctl setmaxage ${zone} ${STP_MAXAGE} + fi + + if [ -n "${STP_PRIORITY}" ]; then + brctl setbridgeprio ${zone} ${STP_PRIORITY} + fi + else + brctl stp ${zone} off + fi + + device_set_up ${zone} + + # Bring all ports up + zone_ports_up ${zone} + zone_configs_up ${zone} + + event_interface_up ${zone} + + exit ${EXIT_OK} +} + +function _down() { + local zone=${1} + shift + + if ! device_is_up ${zone}; then + warning "Zone '${zone}' is not up" + exit ${EXIT_OK} + fi + + event_interface_down ${zone} + + zone_configs_down ${zone} + zone_ports_down ${zone} + + device_set_down ${zone} + brctl delbr ${zone} + + exit ${EXIT_OK} +} + +function _status() { + local zone=${1} + + cli_status_headline ${zone} + + # Exit if zone is down + if ! zone_is_up ${zone}; then + echo # Empty line + exit ${EXIT_ERROR} + fi + + # XXX Add bridge stp priority here + # brctl does not give any information about that + + cli_headline " Spanning Tree Protocol information:" + echo " Bridge ID : $(stp_bridge_id ${zone})" + echo " Designated root : $(stp_designated_root ${zone})" + echo " Path cost : $(stp_pathcost ${zone})" + echo # Empty line + + # Topology information + printf " Topology changing : %6s\n" $(stp_topology_change ${zone}) + printf " Topology change time : %6s\n" $(beautify_time $(stp_topology_change_time ${zone})) + printf " Topology change count : %6s\n" $(stp_topology_change_count ${zone}) + + cli_headline " Ports:" + zone_ports_status ${zone} + + cli_headline " Configurations:" + zone_configs_cmd status ${zone} + + echo # Empty line + exit ${EXIT_OK} +} + +run $@ diff --git a/pkgs/core/network/src/hooks/zones/bridge.configs/ipv4-static b/pkgs/core/network/src/hooks/zones/bridge.configs/ipv4-static new file mode 100755 index 0000000..9ea7288 --- /dev/null +++ b/pkgs/core/network/src/hooks/zones/bridge.configs/ipv4-static @@ -0,0 +1,162 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +. /lib/network/header-config + +HOOK_SETTINGS="HOOK ADDRESS PREFIX GATEWAY" + +function _check() { + assert isset ADDRESS + assert isinteger PREFIX + + if [ ${PREFIX} -gt 30 ]; then + error "PREFIX is greater than 30." + exit ${EXIT_ERROR} + fi +} + +function _create() { + local zone=${1} + shift + + while [ $# -gt 0 ]; do + case "${1}" in + --address=*) + ADDRESS=${1#--address=} + ;; + --netmask=*) + NETMASK=${1#--netmask=} + ;; + --prefix=*) + PREFIX=${1#--prefix=} + ;; + --gateway=*) + GATEWAY=${1#--gateway=} + ;; + esac + shift + done + + if [ -z "${PREFIX}" -a -n "${NETMASK}" ]; then + PREFIX=$(ipv4_mask_to_cidr ${NETMASK}) + fi + + # XXX maybe we can add some hashing to identify a configuration again + config_write $(zone_dir ${zone})/configs/${HOOK}.$(uuid) ${HOOK_SETTINGS} + + exit ${EXIT_OK} +} + +function _up() { + local zone=${1} + local config=${2} + shift 2 + + if ! device_exists ${zone}; then + error "Zone '${zone}' doesn't exist." + exit ${EXIT_ERROR} + fi + + config_read $(zone_dir ${zone})/configs/${config} + + if ! zone_has_ipv4 ${zone} ${ADDRESS}/${PREFIX}; then + ip addr add ${ADDRESS}/${PREFIX} dev ${zone} + else + warning "Do not set IPv4 address '${ADDRESS}/${PREFIX}' because it was already configured on zone '${zone}'." + fi + + if zone_is_nonlocal ${zone} && [ -n "${GATEWAY}" ]; then + : # XXX to be done + fi + + exit ${EXIT_OK} +} + +function _down() { + local zone=${1} + local config=${2} + shift 2 + + if ! device_exists ${zone}; then + error "Zone '${zone}' doesn't exist." + exit ${EXIT_ERROR} + fi + + config_read $(zone_dir ${zone})/configs/${config} + + if zone_has_ipv4 ${zone} ${ADDRESS}/${PREFIX}; then + ip addr del ${ADDRESS}/${PREFIX} dev ${zone} + fi + + exit ${EXIT_OK} +} + +function _status() { + local zone=${1} + local config=${2} + shift 2 + + if ! device_exists ${zone}; then + error "Zone '${zone}' doesn't exist." + exit ${EXIT_ERROR} + fi + + config_read $(zone_dir ${zone})/configs/${config} + + printf " %10s - " "${HOOK}" + if zone_has_ipv4 ${zone} ${ADDRESS}/${PREFIX}; then + echo -ne "${COLOUR_ENABLED}ENABLED ${COLOUR_NORMAL}" + else + echo -ne "${COLOUR_DISABLED}DISABLED${COLOUR_NORMAL}" + fi + echo " - ${ADDRESS}/${PREFIX}" + + if [ -n "${GATEWAY}" ]; then + echo " Gateway: ${GATEWAY}" + fi + + exit ${EXIT_OK} +} + +function ipv4_mask_to_cidr() { + local mask=0 + + local field + for field in $(tr '.' ' ' <<<${1}); do + mask=$(( $(( ${mask} << 8 )) | ${field} )) + done + + local cidr=0 + local x=$(( 128 << 24 )) # 0x80000000 + + while [ $(( ${x} & ${mask} )) -ne 0 ]; do + [ ${mask} -eq ${x} ] && mask=0 || mask=$(( ${mask} << 1 )) + cidr=$((${cidr} + 1)) + done + + if [ $(( ${mask} & 2147483647 )) -ne 0 ]; then # 2147483647 = 0x7fffffff + echo "Invalid net mask: $1" >&2 + else + echo ${cidr} + fi +} + +run $@ diff --git a/pkgs/core/network/src/hooks/zones/bridge.configs/ipv6-static b/pkgs/core/network/src/hooks/zones/bridge.configs/ipv6-static new file mode 100755 index 0000000..f39a293 --- /dev/null +++ b/pkgs/core/network/src/hooks/zones/bridge.configs/ipv6-static @@ -0,0 +1,138 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +. /lib/network/header-port + +HOOK_SETTINGS="HOOK ADDRESS PREFIX GATEWAY" + +function _check() { + assert isset ADDRESS + assert isinteger PREFIX + + if [ ${PREFIX} -gt 64 ]; then + error "PREFIX is greater than 64." + exit ${EXIT_ERROR} + fi +} + +function _create() { + local zone=${1} + shift + + while [ $# -gt 0 ]; do + case "${1}" in + --address=*) + ADDRESS=${1#--address=} + ;; + --prefix=*) + PREFIX=${1#--prefix=} + ;; + --gateway=*) + GATEWAY=${1#--gateway=} + ;; + esac + shift + done + + # Store IPv6 address in full format + ADDRESS=$(ipv6_explode ${ADDRESS}) + + if [ -n "${GATEWAY}" ]; then + GATEWAY=$(ipv6_explode ${GATEWAY}) + fi + + config_write $(zone_dir ${zone})/config.${HOOK}.$(ipv6_hash ${ADDRESS}).${PREFIX} ${HOOK_SETTINGS} + + exit ${EXIT_OK} +} + +function _up() { + local zone=${1} + local config=${2} + shift 2 + + if ! device_exists ${zone}; then + error "Zone '${zone}' doesn't exist." + exit ${EXIT_ERROR} + fi + + config_read $(zone_dir ${zone})/${config} + + if ! zone_has_ipv6 ${zone} ${ADDRESS}/${PREFIX}; then + ip addr add ${ADDRESS}/${PREFIX} dev ${zone} + else + warning "Do not set IPv6 address '${ADDRESS}/${PREFIX}' because it was already configured on zone '${zone}'." + fi + + if zone_is_nonlocal ${zone} && [ -n "${GATEWAY}" ]; then + : # XXX to be done + fi + + exit ${EXIT_OK} +} + +function _down() { + local zone=${1} + local config=${2} + shift 2 + + if ! device_exists ${zone}; then + error "Zone '${zone}' doesn't exist." + exit ${EXIT_ERROR} + fi + + config_read $(zone_dir ${zone})/${config} + + if zone_has_ipv6 ${zone} ${ADDRESS}/${PREFIX}; then + ip addr del ${ADDRESS}/${PREFIX} dev ${zone} + fi + + exit ${EXIT_OK} +} + +function _status() { + local zone=${1} + local config=${2} + shift 2 + + if ! device_exists ${zone}; then + error "Zone '${zone}' doesn't exist." + exit ${EXIT_ERROR} + fi + + config_read $(zone_dir ${zone})/${config} + + printf " %10s - " "${HOOK}" + if zone_has_ipv6 ${zone} ${ADDRESS}/${PREFIX}; then + echo -ne "${COLOUR_OK} OK ${COLOUR_NORMAL}" + else + echo -ne "${COLOUR_ERROR}ERROR${COLOUR_NORMAL}" + fi + echo " - $(ipv6_implode ${ADDRESS})/${PREFIX}" + + if [ -n "${GATEWAY}" ]; then + echo " Gateway: ${GATEWAY}" + fi + + exit ${EXIT_OK} +} + +run $@ diff --git a/pkgs/core/network/src/hooks/zones/bridge.ports/bonding b/pkgs/core/network/src/hooks/zones/bridge.ports/bonding new file mode 120000 index 0000000..3857774 --- /dev/null +++ b/pkgs/core/network/src/hooks/zones/bridge.ports/bonding @@ -0,0 +1 @@ +ethernet \ No newline at end of file diff --git a/pkgs/core/network/src/hooks/zones/bridge.ports/ethernet b/pkgs/core/network/src/hooks/zones/bridge.ports/ethernet new file mode 100755 index 0000000..f7dd506 --- /dev/null +++ b/pkgs/core/network/src/hooks/zones/bridge.ports/ethernet @@ -0,0 +1,155 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +. /lib/network/header-port + +HOOK_SETTINGS="COST PRIORITY" + +function _check() { + local i + for i in COST PRIORITY; do + if isset ${i}; then + assert isinteger ${i} + fi + done +} + +function _add() { + local zone=${1} + local port=${2} + shift 2 + + assert isset zone + assert isset port + + if ! port_exists ${port}; then + error "Port '${port}' does not exist." + exit ${EXIT_ERROR} + fi + + config_read $(zone_dir ${zone})/ports/${port} + + while [ $# -gt 0 ]; do + case "${1}" in + --priority=*) + PRIORITY=${1#--priority=} + ;; + --cost=*) + COST=${1#--cost=} + ;; + esac + shift + done + + config_write $(zone_dir ${zone})/ports/${port} ${HOOK_SETTINGS} + + exit ${EXIT_OK} +} + +function _edit() { + _add $@ +} + +function _rem() { + local zone=${1} + local port=${2} + + assert isset zone + assert isset port + + assert zone_exists ${zone} + + if ! listmatch ${port} $(zone_get_ports ${zone}); then + error "Port '${port}' does not belong to '${zone}'." + error "Won't remove anything." + exit ${EXIT_ERROR} + fi + + if port_exists ${port}; then + ( _down ${zone} ${port} ) + fi + + rm -f $(zone_dir ${zone})/ports/${port} + + exit ${EXIT_OK} +} + +function _up() { + local zone=${1} + local port=${2} + + assert isset zone + assert isset port + + assert zone_exists ${zone} + assert port_exists ${port} + + port_up ${port} + + # Set same MTU to device that the bridge has got + device_set_mtu ${port} $(device_get_mtu ${zone}) + + bridge_attach_device ${zone} ${port} + + # XXX must set cost and prio here + + exit ${EXIT_OK} +} + +function _down() { + local zone=${1} + local port=${2} + + assert isset zone + assert isset port + + assert zone_exists ${zone} + assert port_exists ${port} + + bridge_detach_device ${zone} ${port} + + port_down ${port} + + exit ${EXIT_OK} +} + +function _status() { + local zone=${1} + local port=${2} + + printf " %-10s - " "${port}" + if ! device_is_up ${port}; then + echo -ne "${COLOUR_DOWN} DOWN ${COLOUR_NORMAL}" + else + local state=$(stp_port_state ${zone} ${port}) + local colour="COLOUR_STP_${state}" + printf "${!colour}%10s${COLOUR_NORMAL}" ${state} + + echo -n " - DSR: $(stp_port_designated_root ${zone} ${port})" + echo -n " - Cost: $(stp_port_pathcost ${zone} ${port})" + fi + + echo + + exit ${EXIT_OK} +} + +run $@ diff --git a/pkgs/core/network/src/hooks/zones/bridge.ports/virtual b/pkgs/core/network/src/hooks/zones/bridge.ports/virtual new file mode 120000 index 0000000..3857774 --- /dev/null +++ b/pkgs/core/network/src/hooks/zones/bridge.ports/virtual @@ -0,0 +1 @@ +ethernet \ No newline at end of file diff --git a/pkgs/core/network/src/hooks/zones/pppoe b/pkgs/core/network/src/hooks/zones/pppoe new file mode 100755 index 0000000..bc14d82 --- /dev/null +++ b/pkgs/core/network/src/hooks/zones/pppoe @@ -0,0 +1,288 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +. /lib/network/header-zone + +# TODO XXX AC name, service name, sync? + +HOOK_SETTINGS="HOOK AUTH LINKNAME USER SECRET PEERDNS DEFAULTROUTE MTU" + +AUTH= +DEFAULTROUTE=1 +LINKNAME="$(uuid)" +MTU=1492 +PEERDNS=1 +SECRET= +USER= + +PPPOE_ALLOWED_AUTHS="chap pap" +PPPOE_PLUGIN="rp-pppoe.so" + +function pppd_pid() { + local zone=${1} + shift + + cat /var/run/${zone}.pid 2>/dev/null +} + +function _check() { + assert isset USER + assert isset SECRET + assert isset LINKNAME + assert isset DEFAULTROUTE + assert isset PEERDNS + #assert isset DEVICE + #assert isset DEVICE_TYPE + + assert isbool DEFAULTROUTE + assert isbool PEERDNS + #assert ismac DEVICE + #assert isoneof DEVICE_TYPE real virtual + + local ports_num=$(listlength ${PORTS}) + assert isoneof ports_num 0 1 + + isset AUTH && assert isoneof AUTH ${PPPOE_ALLOWED_AUTHS} + isset DEVICE_ID && assert isinteger DEVICE_VID +} + +function _parse_cmdline() { + local value + + while [ $# -gt 0 ]; do + case "$1" in + --user=*) + USER=${1#--user=} + ;; + --secret=*) + SECRET=${1#--secret=} + ;; + --linkname=*) + LINKNAME=${1#--name=} + ;; + --mtu=*) + MTU=${1#--mtu=} + ;; + --defaultroute=*) + value=${1#--defaultroute=} + if enabled value; then + DEFAULTROUTE=1 + else + DEFAULTROUTE=0 + fi + ;; + --dns=*) + value=${1#--dns=} + if enabled value; then + PEERDNS=1 + else + PEERDNS=0 + fi + ;; + --auth=*) + AUTH=${1#--auth=} + ;; + *) + echo "Unknown option: $1" >&2 + exit ${EXIT_ERROR} + ;; + esac + shift + done +} + +function _up() { + local zone=${1} + shift + + assert isset zone + + zone_config_read ${zone} + + local port=$(zone_get_ports ${zone}) + + assert isset port + + if ! port_exists ${port}; then + error_log "Parent device '${port}' does not exist. Cannot bring up zone '${zone}'." + exit ${EXIT_ERROR} + fi + + # Creating necessary files + # XXX must be PPP_RUN + [ -d "${RED_RUN}/${LINKNAME}" ] || mkdir -p ${RED_RUN}/${LINKNAME} + + # Setting up the device + zone_ports_up ${zone} + + ppp_secret "${USER}" "${SECRET}" + + # XXX AC and service on plugin command line + + cat <<EOF >${RED_RUN}/${LINKNAME}/options +# Naming options +ifname ${zone} +name ${LINKNAME} +linkname ${LINKNAME} + +plugin ${PPPOE_PLUGIN} ${port} + +# User configuration +user ${USER} + +$(enabled PEERDNS && echo "usepeerdns") +$(enabled DEFAULTROUTE && echo "defaultroute") + +noauth +$(isset AUTH && echo "require-${AUTH}") + +noipdefault + +# Maximum transmission/receive unit +mtu ${MTU} +mru ${MTU} + +# Disable the compression +noccp noaccomp nodeflate nopcomp novj novjccomp nobsdcomp nomppe + +updetach debug +EOF + + pppd_exec file ${RED_RUN}/${LINKNAME}/options + + local ret=$? + + # Get exit code from ppp daemon and handle it: + case "${ret}" in + 0) + log DEBUG "pppd detached successfully" + exit ${EXIT_OK} + ;; + esac + + error_log "pppd exited with unknown exit code '${ret}'" + + exit ${EXIT_ERROR} +} + +function _down() { + local zone=${1} + shift + + # Kill pppd + # XXX very ugly + kill $(pppd_pid ${zone}) &>/dev/null + + zone_ports_down ${zone} + + exit ${EXIT_OK} +} + +function _discover() { + local device=${1} + + if [ "$(device_get_type ${device})" != "real" ]; then + exit ${EXIT_ERROR} + fi + + local output + output=$(pppoe-discovery -I ${device} -U $(uuid) 2>&1) + + # Exit if there was not output + [ -z "${output}" ] && exit ${DISCOVER_ERROR} + + # Exit if PADI timed out + grep -q "Timeout" <<<${output} && exit ${DISCOVER_ERROR} + + local ac + while read line; do + case "${line}" in + Access-Concentrator:*) + ac="${line#Access-Concentrator: }" + ;; + esac + done <<<"${output}" + + echo "ACCESS_CONCENTRATOR="$ac"" + + exit ${DISCOVER_OK} +} + +function _status() { + local zone=${1} + + assert isset zone + + cli_status_headline ${zone} + + zone_config_read ${zone} + + cli_headline " Configuration:" + printf "${DEVICE_PRINT_LINE1}" "User:" "${USER}" + printf "${DEVICE_PRINT_LINE1}" "Secret:" "<hidden>" + echo + printf "${DEVICE_PRINT_LINE1}" "MTU:" "${MTU}" + printf "${DEVICE_PRINT_LINE1}" "Use default route?" "$(enabled DEFAULTROUTE && echo "enabled" || echo "disabled")" + printf "${DEVICE_PRINT_LINE1}" "Use peer DNS?" "$(enabled PEERDNS && echo "enabled" || echo "disabled")" + echo + cli_headline " Ports:" + zone_ports_status ${zone} + if [ -z "$(zone_get_ports ${zone})" ]; then + echo -e " ${COLOUR_WARN}No ports attached. Won't be able to start.${COLOUR_NORMAL}" + fi + + # Exit if zone is down + if ! zone_is_up ${zone}; then + echo # Empty line + exit ${EXIT_ERROR} + fi + + # XXX display time since connection started + + cli_headline " Point-to-Point-over-Ethernet protocol:" + echo " IP-Address : $(red_db_get ${zone} local-ip-address)" + echo " Gateway : $(red_db_get ${zone} remote-ip-address)" + echo " DNS-Server : $(red_db_get ${zone} dns)" + echo + echo " MAC-Remote : $(red_db_get ${zone} remote-address)" + echo + echo " MTU : $(device_get_mtu ${zone})" + echo # Empty line + exit ${EXIT_OK} +} + +function _port_add() { + local zone=${1} + local port=${2} + shift 2 + + if [ $(listlength $(zone_get_ports ${zone})) -ge 1 ]; then + error "This hook only supports one port at a time." + error "Please remove any existant port(s) and try again." + exit ${EXIT_ERROR} + fi + + _port_cmd add ${zone} ${port} $@ + + exit ${EXIT_OK} +} + +run $@ diff --git a/pkgs/core/network/src/hooks/zones/pppoe.ports/bonding b/pkgs/core/network/src/hooks/zones/pppoe.ports/bonding new file mode 120000 index 0000000..3857774 --- /dev/null +++ b/pkgs/core/network/src/hooks/zones/pppoe.ports/bonding @@ -0,0 +1 @@ +ethernet \ No newline at end of file diff --git a/pkgs/core/network/src/hooks/zones/pppoe.ports/ethernet b/pkgs/core/network/src/hooks/zones/pppoe.ports/ethernet new file mode 100644 index 0000000..67a781f --- /dev/null +++ b/pkgs/core/network/src/hooks/zones/pppoe.ports/ethernet @@ -0,0 +1,115 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +. /lib/network/header-port + +function _add() { + local zone=${1} + local port=${2} + shift 2 + + assert isset zone + assert isset port + + if ! port_exists ${port}; then + error "Port '${port}' does not exist." + exit ${EXIT_ERROR} + fi + + touch $(zone_dir ${zone})/ports/${port} + + exit ${EXIT_OK} +} + +function _edit() { + _add $@ +} + +function _rem() { + local zone=${1} + local port=${2} + shift 2 + + assert isset zone + assert isset port + + if ! listmatch ${port} $(zone_get_ports ${zone}); then + error "Port '${port}' does not belong to '${zone}'." + error "Won't remove anything." + exit ${EXIT_ERROR} + fi + + warning "Removing port '${port}' from '${zone}' will shutdown the zone." + + # Shut down this zone + zone_down ${zone} + + rm -f $(zone_dir ${zone})/ports/${port} + + exit ${EXIT_OK} +} + +function _up() { + local zone=${1} + local port=${2} + + assert isset zone + assert isset port + + assert zone_exists ${zone} + assert port_exists ${port} + + port_up ${port} + + exit ${EXIT_OK} +} + +function _down() { + local zone=${1} + local port=${2} + + assert isset zone + assert isset port + + assert zone_exists ${zone} + assert port_exists ${port} + + port_down ${port} + + exit ${EXIT_OK} +} + +function _status() { + local zone=${1} + local port=${2} + + printf " %-10s - " "${port}" + if device_is_up ${port}; then + echo -ne "${COLOUR_UP} UP ${COLOUR_NORMAL}" + else + echo -ne "${COLOUR_DOWN} DOWN ${COLOUR_NORMAL}" + fi + echo + + exit ${EXIT_OK} +} + +run $@ diff --git a/pkgs/core/network/src/hooks/zones/pppoe.ports/virtual b/pkgs/core/network/src/hooks/zones/pppoe.ports/virtual new file mode 120000 index 0000000..3857774 --- /dev/null +++ b/pkgs/core/network/src/hooks/zones/pppoe.ports/virtual @@ -0,0 +1 @@ +ethernet \ No newline at end of file diff --git a/pkgs/core/network/src/network b/pkgs/core/network/src/network old mode 100644 new mode 100755 index 2bcbbe1..d4a75b8 --- a/pkgs/core/network/src/network +++ b/pkgs/core/network/src/network @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2009 Michael Tremer & Christian Schmidt # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -19,597 +19,37 @@ # # ###############################################################################
-BOLD="\033[1;39m" -NORMAL="\033[0;39m" -ERROR="\033[1;31m" +. /lib/network/functions
-. /etc/init/functions - -if [ -e "/lib/network/functions" ]; then - . /lib/network/functions -elif [ -e "lib/functions" ]; then - HOME_DIR="lib" - . lib/functions -else - echo "Cannot find functions library. Exiting." >&2 - exit 1 -fi - -function usage() { - echo -e "${BOLD}Usage $0${NORMAL}:\n" - case "$1" in - main|"") - echo "This script will help you configuring your network." - echo - echo "You should know that there are three different things:" - echo - echo " hook: A script to control connections and protocols." - echo " port: A physical connection to somewhere." - echo " zone: A group of ports." - echo - echo " $0 [global flags] <hook|port|zone> ... or" - echo " $0 [global flags] <cmd line options...>" - echo - echo -e "${BOLD}Global flags:${NORMAL}" - echo " --verbose -v - Turn on verbose mode." - echo " --debug -d - Turn on debug mode." - echo - echo -e "${BOLD}Command line options:${NORMAL}" - echo " help - Prints this help message." - echo " start - Starts the whole network." - echo " stop - Stops the whole network." - echo " restart - Restarts the whole network." - echo " reload - Reloads the whole network." - echo - echo " hook - Run "$0 hook help" for more information." - echo " port - Run "$0 port help" for more information." - echo " zone - Run "$0 zone help" for more information." - echo - ;; - hook*) - echo -e "${BOLD}Hook configuration:${NORMAL}" - echo - echo " ${0} [global options] hook <command>" - echo - echo -e "${BOLD}1st level commands:${NORMAL}" - echo -e " ${BOLD}list:${NORMAL}" - echo " Returns a list of all available hooks." - echo - echo - echo " ${0} [global options] hook <hook> <command>" - echo - echo -e "${BOLD}2nd level commands:${NORMAL}" - echo -e " ${BOLD}help:${NORMAL}" - echo " Displays some help about the given hook." - echo - echo " Example: $0 hook ethernet help" - echo +# Parse the command line +while [ $# -gt 0 ]; do + case "${1}" in + -d|--debug) + DEBUG=1 + log DEBUG "Enabled debugging mode" ;; - port) - echo -e "${BOLD}Port Configuration:${NORMAL}" - echo - echo " $0 [global options] port <command> ..." - echo - echo -e "${BOLD}Commands:${NORMAL}" - echo -e " ${BOLD}show:${NORMAL}" - echo " Displays information about a given port." - echo - echo " Requires a "port"." - echo " Example: $0 port show 00:11:22:33:44:55" - echo " $0 port show port0" - echo + *) + action=${1} ;; - zone) - echo -e "${BOLD}Zone Configuration:${NORMAL}" - echo - echo " $0 [global options] zone <command> ..." - echo - echo -e "${BOLD}Commands:${NORMAL}" - echo -e " ${BOLD}show:${NORMAL}" - echo " Displays information about a given zone." - echo - echo " Requires a "zone"." - echo " Example: $0 zone show green0" - echo - echo -e " ${BOLD}add:${NORMAL}" - echo " Adds a new zone." - echo - echo " Requires a "zone"." - echo " Example: $0 zone add green0" - echo - echo -e " ${BOLD}del:${NORMAL}" - echo " Deletes a zone." - echo - echo " Requires a "zone"." - echo " Example: $0 zone del green0" - echo - echo -e " ${BOLD}addport:${NORMAL}" - echo " Adds a port to a zone." - echo - echo " Requires a "zone" and "port"." - echo " Example: $0 zone addport green0 port0" - echo - echo " You may also pass a hook and its parameters:" - echo " $0 zone addport green0 port0 vlan 10" - echo - echo -e " ${BOLD}delport:${NORMAL}" - echo " Deletes a port from a zone." - echo - echo " Requires a "zone" and "port"." - echo " Example: $0 zone delport green0" - echo - echo " You may also pass a hook and its parameters:" - echo " $0 zone delport green0 port0 vlan 10" - echo esac - _exit ${2-1} -} - -function debug() { - if [ -n "$1" ]; then - DEBUG=$1 - verbose $1 - return - else - if [ "$DEBUG" = "1" ]; then - return 0 - else - return 1 - fi - fi -} - -function verbose() { - if [ -n "$1" ]; then - VERBOSE=$1 - return - else - if [ "$VERBOSE" = "1" ]; then - return 0 - else - return 1 - fi - fi -} - -function decho() { - debug && echo -e "${ERROR}$@${NORMAL}" >&2 -} - -function vecho() { - verbose && echo -e "$@" >&2 -} - -function error() { - echo -e "${ERROR}ERROR${NORMAL}: $@" >&2 - _exit 1 -} - -function _exit() { - local code - local reload - - while [ $# -gt 0 ]; do - case "$1" in - --reload) - reload=1 - ;; - [0-9]*) - code=$1 - ;; - *) - error "Unrecognized argument: $1" - ;; - esac - shift - done - - if [ "${reload}" = "1" ]; then - # Reloading network to apply changes immediately - vecho "Reloading network settings..." - cmd $0 reload - - # Reload firewall, too - firewall=$(which firewall 2>/dev/null) - if [ -n "${firewall}" ]; then - vecho "Reloading firewall..." - cmd ${firewall} reload - fi - fi - - decho "Exiting with code ${code}." - exit ${code} -} - -function cmd() { - decho "Running command: $@" - if debug; then - DEBUG=${DEBUG} VERBOSE=${VERBOSE} $@ - else - DEBUG=${DEBUG} VERBOSE=${VERBOSE} $@ >/dev/null - fi -} - -function size() { - local size=${1} - - local units - units[0]="Bytes " - units[1]="kBytes" - units[2]="MBytes" - units[3]="GBytes" - units[4]="TBytes" - - local count=${#units} - while [ ${count} -gt 0 ]; do - if [ ${size} -lt 1024 ]; then - break - fi - size=$((${size} / 1024)) - count=$((${count} - 1)) - done - printf "%4d %s\n" "${size}" "${units[$((${#units} - ${count}))]}" -} - -function port_show() { - local port - if [ $# -eq 0 ]; then - for port in /sys/class/net/*; do - port=${port##*/} - device_is_real ${port} || continue - port_show ${port} - done - return - fi - - port=$(devicify $1) - - echo "##################################################" - echo "#" - echo -e "# Port ${CLR_BOLD_BLU}${port}${NORMAL}" - echo "# ------------------------------------------------" - - echo -n "# State: " - if device_is_up ${port}; then - echo -e "${CLR_BOLD_GRN}up${NORMAL}" - else - echo -e "${CLR_BOLD_RED}down${NORMAL}" - fi - - echo -n "# Link : " - if device_has_carrier ${port}; then - echo -e "${CLR_BOLD_GRN}yes${NORMAL}" - else - echo -e "${CLR_BOLD_RED}no${NORMAL}" - fi - - if device_is_up ${port}; then - echo "#" - echo "# Statistics:" - echo -n "# RX: $(size $(</sys/class/net/${port}/statistics/rx_bytes))" - echo " ($(</sys/class/net/${port}/statistics/rx_packets) packets)" - echo -n "# TX: $(size $(</sys/class/net/${port}/statistics/tx_bytes))" - echo " ($(</sys/class/net/${port}/statistics/tx_packets) packets)" - fi - - echo "#" -} - -function port_raw() { - local port - if [ $# -eq 0 ]; then - for port in /sys/class/net/*; do - port=${port##*/} - device_is_real ${port} || continue - port_raw ${port} - done - return - fi - - port=$(devicify $1) - - cat <<EOF -[${port}] -type=$(device_type ${port}) -mac=$(macify ${port}) -carrier=$(device_has_carrier ${port} && echo "1" || echo "0") -up=$(device_is_up ${port} && echo "1" || echo "0") - -EOF -} - -function port_add() { - local zone=${1} - local hook=${2} - shift 2 - - if ! zone_exists ${zone}; then - error "Zone ${BOLD}${zone}${NORMAL} does not exist." - return 1 - fi - - mkdir -p ${CONFIG_PORTS}/${port} 2>/dev/null - if hook_exists ${hook}; then - /lib/network/hooks/${hook} --zone=${zone} add $@ - RET=$? - if [ "$RET" -eq "0" ]; then - vecho "Successfully added port to ${BOLD}${zone}${NORMAL}." - else - error "Hook ${BOLD}${hook}${NORMAL} exited with $RET." - return $RET - fi - else - error "Hook ${BOLD}${hook}${NORMAL} does not exist or is not executeable." - return 1 - fi -} - -function port_del() { - local config - local hook - local uuid - - local zone=${1} shift - - if is_uuid ${1}; then - uuid=${1} - config="${CONFIG_UUIDS}/${uuid}" - - if [ -e "${config}" ]; then - hook=$(config_get_hook ${config}) - else - error "Given config file does not exist: ${config}." - return 1 - fi - fi - - hook_run --config=${config} pre-down - hook_run --config=${config} post-down - hook_run --config=${config} rem -} - -function zone_discover() { - local zone=${1} - - for hook in $(hook_list zone); do - hook_run ${hook} --zone=${zone} discover - done -} - -function zone_show() { - local zone - zone=$1 - - if [ -z "$zone" ]; then - for zone in ${CONFIG_ZONES}/*; do - zone_show $(basename $zone) - done - return - fi - - if ! zone_exists ${zone}; then - error "Zone ${BOLD}${zone}${NORMAL} does not exist." - return 2 - fi - - echo "##################################################" - echo "#" - echo -e "# Zone ${CLR_BOLD_BLU}${zone}${NORMAL}" - echo "# ------------------------------------------------" - - # Up or down? - if zone_is_up ${zone}; then - echo -e "# Status: ${CLR_BOLD_GRN}up${NORMAL}" - else - echo -e "# Status: ${CLR_BOLD_RED}down${NORMAL}" - fi - echo "#" - - # Ports - echo -e "# ${CLR_BOLD_BLU}Ports:${NORMAL}" - hooks_run_ports status ${CONFIG_ZONES}/${zone} --zone=${zone} - - echo "#" - echo -e "# ${CLR_BOLD_BLU}Zone configurations:${NORMAL}" - hooks_run_zones status ${CONFIG_ZONES}/${zone} --zone=${zone} - echo "#" - -} - -function zone_raw() { - local zone - if [ $# -eq 0 ]; then - for zone in $(zone_list); do - zone_raw ${zone##*/} - done - return - fi - - zone=${1} - -cat <<EOF -[${zone}] -up=$(zone_is_up ${zone} && echo "1" || echo "0") - -EOF -} - -function zone_add() { - local zone=$1 - - if zone_exists ${zone}; then - error "Zone ${BOLD}${zone}${NORMAL} already exists." - return 1 - fi - - if ! zone_valid_name ${zone}; then - error "The given zone name is not valid." - return 1 - fi - - mkdir -p ${CONFIG_ZONES}/${zone} - vecho "Successfully added zone ${BOLD}${zone}${NORMAL}." -} - -function zone_del() { - local zone=$1 - - if ! zone_exists ${zone}; then - error "Zone ${BOLD}${zone}${NORMAL} does not exist." - return 1 - fi - - cmd /lib/network/zone --zone=${zone} down - rm -rf ${CONFIG_ZONES}/${zone} - vecho "Successfully removed zone ${BOLD}${zone}${NORMAL}." -} - -# See what to do -while [ "$#" -gt 0 ]; do - arg=$1 - shift - - case "$arg" in - --debug|-d) - debug 1 - decho "Debug mode enabled." - ;; - --verbose|-v) - verbose 1 - vecho "${BOLD}Verbose mode enabled.${NORMAL}" - ;; - help|-h|--help) - usage main 0 - ;; - start|stop|reload) - action=${arg} - for zone in $(zone_list); do - zone=${zone##*/} - decho "Running command: ${HOME_DIR}/zone --zone=${zone} ${action}" - DEBUG=${DEBUG} VERBOSE=${VERBOSE} ${HOME_DIR}/zone --zone=${zone} ${action} - done - _exit $? - ;; - restart) - DEBUG=${DEBUG} VERBOSE=${VERBOSE} $0 stop $@ - sleep 1 - DEBUG=${DEBUG} VERBOSE=${VERBOSE} $0 start $@ - _exit $? - ;; - hook|hooks) - case "$1" in - list) - hook_list - _exit $? - ;; - *) - if hook_exists ${1}; then - hook=${1} - else - usage hook - fi - esac - shift - case "$1" in - help|info) - if hook_exists ${hook}; then - hook_run ${hook} ${1} - _exit $? - else - error "Hook ${hook} does not exist or is not executeable." - _exit 1 - fi - ;; - *) - usage hook - ;; - esac - ;; - p*) - arg=$1 - shift - case "$arg" in - help) - usage port 0 - ;; - show) - port_show $@ - _exit $? - ;; - _raw) - port_raw $@ - _exit $? - ;; - esac - ;; - z*) - arg=$1 - shift - case "$arg" in - add) - zone_add $@ - _exit --reload $? - ;; - addport) - port_add $@ - _exit --reload $? - ;; - config) - zone=$1; hook=$2; shift 2 - if [ -z "${zone}" ] || [ -z "${hook}" ]; then - usage config - fi - hook_run ${hook} --zone=${zone} add $@ - _exit --reload $? - ;; - del) - zone_del $@ - _exit --reload $? - ;; - delport) - port_del $@ - _exit --reload $? - ;; - discover) - zone_discover $@ - _exit $? - ;; - help) - usage zone 0 - ;; - list) - zone_list - _exit $? - ;; - show) - zone_show $@ - _exit $? - ;; - start|stop) - zone=$1; shift - zone_run --zone=${zone} ${arg} $@ - ;; - _raw) - zone_raw $@ - _exit $? - ;; - esac - ;; - show) - arg=${1} - shift - case "${arg}" in - ports) - port_show $@ - _exit 0 - ;; - esac - ;; - -*) - error "Option "$arg" is not known." - ;; - esac + [ -n "${action}" ] && break done
-usage main +# Process the given action +case "${action}" in + config|port|device|zone|start|stop|restart|status|reset) + cli_${action} $@ + ;; + + ""|help|--help|-h) + cli_usage root + exit ${EXIT_OK} + ;; + + *) + error "Invalid command given: ${action}" + cli_usage usage + exit ${EXIT_CONF_ERROR} + ;; +esac diff --git a/pkgs/core/network/src/ppp/ip-updown b/pkgs/core/network/src/ppp/ip-updown old mode 100644 new mode 100755 index 24f60d3..cc746a1 --- a/pkgs/core/network/src/ppp/ip-updown +++ b/pkgs/core/network/src/ppp/ip-updown @@ -1,8 +1,8 @@ -#!/bin/sh +#!/bin/bash ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2010 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -22,20 +22,33 @@ umask 022 export PATH=/usr/sbin:/sbin:/usr/bin:/bin
-. /lib/network/functions -. /lib/network/functions.ppp - -for config in ${CONFIG_ZONES}/${DEVICE}/*; do - if [ "$(ppp_linkname_get ${config})" = "${LINKNAME}" ]; then - CONFIG=${config} - . ${CONFIG} - break - fi +exec &>/tmp/network.$(basename $0) + +# Give the variables we get passed by pppd an own namespace +for i in IFNAME IPLOCAL IPREMOTE DNS1 DNS2 MACREMOTE; do + export PPP_${i}=${!i} + unset ${i} done
-if [ -n "${HOOK}" ] && [ -x "${HOOKS_DIR}/${HOOK}.helper" ]; then - exec ${HOOKS_DIR}/${HOOK}.helper --config=${CONFIG} \ - $(basename $0) $@ +. /lib/network/functions + +# Zone equals IFNAME +ZONE=${PPP_IFNAME} + +assert isset ZONE + +if ! zone_exists ${ZONE}; then + error "Zone '${ZONE}' does not exist." + exit ${EXIT_ERROR} +fi + +HOOK=$(zone_get_hook ${ZONE}) + +assert isset HOOK + +if ! hook_zone_exists ${HOOK}; then + error "Hook '${HOOK}' does not exist." + exit ${EXIT_ERROR} fi
-exit ${EXIT_ERROR} +hook_zone_exec ${HOOK} ppp-$(basename ${0}) ${ZONE} diff --git a/pkgs/core/network/src/zone b/pkgs/core/network/src/zone deleted file mode 100755 index 0f5b355..0000000 --- a/pkgs/core/network/src/zone +++ /dev/null @@ -1,93 +0,0 @@ -#!/bin/bash -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2009 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### - -. /etc/init/functions -. /lib/network/functions - -while [ "$#" -gt "0" ]; do - case "${1}" in - --zone=*) - zone=${1#--zone=} - ;; - *) - action=${1} - break - ;; - esac - shift -done - -if [ -z "${zone}" ] || [ -z "${action}" ]; then - log_failure_msg "Wrong number of arguments." - exit ${EXIT_ERROR} -fi - -if ! zone_exists ${zone}; then - echo "Zone ${zone} does not exist." - exit ${EXIT_ERROR} -fi - -case "$action" in - start|up|reload) - message="Bringing up zone ${zone}..." - - hooks_run_all pre-up ${CONFIG_ZONES}/${zone} --zone=${zone} - - if ! zone_is_up ${zone}; then - # Create and bring up the zone - brctl addbr ${zone} || failed=1 - brctl stp ${zone} on || failed=1 - brctl setfd ${zone} 0 || failed=1 - ip link set ${zone} up || failed=1 - (exit ${failed}) - evaluate_retval standard - fi - - # First bring up the ports to be able to start something like - # a dhcp client that needs a running interface. - hooks_run_ports post-up ${CONFIG_ZONES}/${zone} --zone=${zone} - hooks_run_zones post-up ${CONFIG_ZONES}/${zone} --zone=${zone} - ;; - - stop|down) - message="Bringing down zone ${zone}..." - - if zone_is_up ${zone}; then - hooks_run_zones pre-down ${CONFIG_ZONES}/${zone} --zone=${zone} - hooks_run_ports pre-down ${CONFIG_ZONES}/${zone} --zone=${zone} - - # Bring down the zone and delete it - ip link set ${zone} down || failed=1 - brctl delbr ${zone} || failed=1 - (exit ${failed}) - evaluate_retval standard - - hooks_run_all post-down ${CONFIG_ZONES}/${zone} --zone=${zone} - else - log_warning_msg ${message} - log_warning_msg "Zone ${zone} does not exist." - fi - ;; - - *) - exit 1 - ;; -esac diff --git a/pkgs/core/squashfs-tools/patches/squashfs-cflags.patch b/pkgs/core/squashfs-tools/patches/squashfs-cflags.patch new file mode 100644 index 0000000..bb325d4 --- /dev/null +++ b/pkgs/core/squashfs-tools/patches/squashfs-cflags.patch @@ -0,0 +1,13 @@ +--- squashfs-tools/Makefile.orig 2010-02-13 14:00:54.000000000 -0600 ++++ squashfs-tools/Makefile 2010-02-13 14:02:58.000000000 -0600 +@@ -27,8 +27,8 @@ + UNSQUASHFS_OBJS = unsquashfs.o unsquash-1.o unsquash-2.o unsquash-3.o \ + unsquash-4.o swap.o compressor.o gzip_wrapper.o + +-CFLAGS = $(INCLUDEDIR) -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE \ +- -D_GNU_SOURCE -DCOMP_DEFAULT="$(COMP_DEFAULT)" -O2 -Wall ++CFLAGS = $(RPM_OPT_FLAGS) $(INCLUDEDIR) -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE \ ++ -D_GNU_SOURCE -DCOMP_DEFAULT="$(COMP_DEFAULT)" + + LIBS = + ifdef LZMA_SUPPORT diff --git a/pkgs/core/squashfs-tools/patches/squashfs-xz.patch b/pkgs/core/squashfs-tools/patches/squashfs-xz.patch new file mode 100644 index 0000000..71fda95 --- /dev/null +++ b/pkgs/core/squashfs-tools/patches/squashfs-xz.patch @@ -0,0 +1,11 @@ +--- squashfs-tools/Makefile.orig 2010-02-13 14:05:21.000000000 -0600 ++++ squashfs-tools/Makefile 2010-02-13 14:05:29.000000000 -0600 +@@ -11,7 +11,7 @@ + # work) - download and unpack it, uncomment and set LZMA_DIR to unpacked source, + # and uncomment the LZMA_SUPPORT line below. + +-#XZ_SUPPORT = 1 ++XZ_SUPPORT = 1 + #LZMA_SUPPORT = 1 + #LZMA_DIR = ../../../LZMA/lzma465 + diff --git a/pkgs/core/squashfs-tools/squashfs-tools.nm b/pkgs/core/squashfs-tools/squashfs-tools.nm index f9f6382..b77b62a 100644 --- a/pkgs/core/squashfs-tools/squashfs-tools.nm +++ b/pkgs/core/squashfs-tools/squashfs-tools.nm @@ -25,7 +25,7 @@ include $(PKGROOT)/Include
PKG_NAME = squashfs-tools -PKG_VER = 4.0 +PKG_VER = 4.1 PKG_REL = 0
PKG_MAINTAINER = @@ -34,25 +34,22 @@ PKG_URL = http://squashfs.sf.net/ PKG_LICENSE = GPLv2+ PKG_SUMMARY = Utility for the creation of squashfs filesystems.
-PKG_BUILD_DEPS+= zlib +PKG_DEPS += xz zlib
define PKG_DESCRIPTION Squashfs is a highly compressed read-only filesystem for Linux. endef
-PKG_BUILD_DEPS += zlib +PKG_TARBALL = squashfs-$(PKG_VER).tar.gz
-PKG_TARBALL = squashfs$(PKG_VER).tar.gz +DIR_APP = $(DIR_SRC)/squashfs/squashfs-tools
define STAGE_BUILD - mv /usr/src/squashfs4.0 $(DIR_APP) - cd $(DIR_APP)/$(PKG_NAME) && sed -e "s/^CFLAGS := /& $(CFLAGS) /" -i Makefile - $(DO_FIX_LIBTOOL) - cd $(DIR_APP)/$(PKG_NAME) && make $(PARALLELISMFLAGS) + cd $(DIR_APP) && make $(PARALLELISMFLAGS) RPM_OPT_FLAGS="$(CFLAGS)" endef
define STAGE_INSTALL -mkdir -pv $(BUILDROOT)/usr/bin - cd $(DIR_APP)/$(PKG_NAME) && install -m 755 mksquashfs $(BUILDROOT)/usr/bin - cd $(DIR_APP)/$(PKG_NAME) && install -m 755 unsquashfs $(BUILDROOT)/usr/bin + cd $(DIR_APP) && install -m 755 mksquashfs $(BUILDROOT)/usr/bin + cd $(DIR_APP) && install -m 755 unsquashfs $(BUILDROOT)/usr/bin endef diff --git a/pkgs/core/udev/rules/60-net.rules b/pkgs/core/udev/rules/60-net.rules deleted file mode 100644 index 980e8f0..0000000 --- a/pkgs/core/udev/rules/60-net.rules +++ /dev/null @@ -1,2 +0,0 @@ -KERNEL=="eth*", NAME="port%n" -SUBSYSTEM=="net", RUN+="/etc/init.d/networking/net-hotplug" diff --git a/tools/generator b/tools/generator index 38b72da..c6d3937 100755 --- a/tools/generator +++ b/tools/generator @@ -56,7 +56,7 @@ install_kernel() { return 1 fi
- cp -f /boot/${DISTRO_SNAME}kernel-${release} ${dest}/${DISTRO_SNAME}0 + cp -f /boot/vmlinuz-${release} ${dest}/${DISTRO_SNAME}0
# Create liveramfs ${MKLIVERAMFS} -v --with-net -f ${dest}/initrd0 ${release} @@ -89,6 +89,7 @@ make_installer() { done install -dv -m 1777 tmp var/tmp
+ # XXX add -comp lzma here when kernel supports it mksquashfs * ${dest}/installer.sfs -no-progress
popd
hooks/post-receive -- IPFire 3.x development tree