This function is used to get a device from an IP address which is assigned to the device. This function needs to be introduced to set the routes for IPsec correctly.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org --- src/functions/functions.device | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+)
diff --git a/src/functions/functions.device b/src/functions/functions.device index cb4911f..2de1ad9 100644 --- a/src/functions/functions.device +++ b/src/functions/functions.device @@ -1058,3 +1058,30 @@ device_queue_set_smp_affinity() {
__processor_id_to_bitmap ${processor} > ${path} } + +# Tries to find a device which has the given IP address assigned +device_get_by_assigned_ip_address() { + local ip=${1} + + assert isset ip + + local device + + # Read the first line of ip addr show to + read -r device <<< $(ip addr show to "${ip}") + + # If we did not found a device we return with ${EXIT_ERROR} + if ! isset device; then + return ${EXIT_ERROR} + fi + + # We get something like: + # 3: upl0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 + # and we want upl0 so we take the second word and removing the : + device=(${device}) + device=${device[1]} + device=${device%:} + + print "${device}" + return ${EXIT_OK} +}
This function is neede by IPsec to set the routes correctly. We can now now find a source IP for a given net. This way is ugly because the source IP is unpredictable if we get multiple IPs.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org --- src/functions/functions.ip | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
diff --git a/src/functions/functions.ip b/src/functions/functions.ip index 3b43da7..ef40bcc 100644 --- a/src/functions/functions.ip +++ b/src/functions/functions.ip @@ -205,3 +205,28 @@ ip_address_del() {
return ${EXIT_OK} } + +# Get all currently assigned addresse for a given network +ip_get_assigned_addresses_from_net() { + local net=${1} + shift + local args="$@" + + assert ip_net_is_valid ${net} + + local line + local ips + + # We read the output of $(ip addr show to ${net} ${args}) + while read -r line; do + # We are only interested in lines which start with inet or inet6 + [[ "${line}" =~ ^(inet6 |inet ) ]] || continue + + # We need the second word the line + line=(${line}) + list_append "ips" "$(ip_split_prefix "${line[1]}")" + done <<< "$(ip addr show to "${net}" ${args})" + + # We sort the list to get the lowest IP as first item + print "$(list_sort ${ips})" +}
On Fri, 2018-02-23 at 11:05 +0000, Jonatan Schlag via network wrote:
This function is neede by IPsec to set the routes correctly. We can now now find a source IP for a given net. This way is ugly because the source IP is unpredictable if we get multiple IPs.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org
src/functions/functions.ip | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
diff --git a/src/functions/functions.ip b/src/functions/functions.ip index 3b43da7..ef40bcc 100644 --- a/src/functions/functions.ip +++ b/src/functions/functions.ip @@ -205,3 +205,28 @@ ip_address_del() {
return ${EXIT_OK} }
+# Get all currently assigned addresse for a given network +ip_get_assigned_addresses_from_net() {
- local net=${1}
- shift
- local args="$@"
- assert ip_net_is_valid ${net}
I think this assertion isn't needed because "ip" will check this and just throw an error.
- local line
- local ips
It would be nicer if the "ips" variable would be called "addresses" because that is the term that we actually use most of the time.
- # We read the output of $(ip addr show to ${net} ${args})
- while read -r line; do
# We are only interested in lines which start with inet orinet6
[[ "${line}" =~ ^(inet6 |inet ) ]] || continue# We need the second word the lineline=(${line})list_append "ips" "$(ip_split_prefix "${line[1]}")"
You could also achieve this by passing the line argument up to the first space and use the "%" and "#" parameters in the brackets.
I am not sure if the conversion to the array has any implications.
- done <<< "$(ip addr show to "${net}" ${args})"
- # We sort the list to get the lowest IP as first item
- print "$(list_sort ${ips})"
You don't need to call print here. This will create a subshell for the list_sort call, but list_sort already prints the output, so you can just write:
list_sort ${ips}
That will be a lot faster.
+}
-Michael
Hi,
Am Sa, 24. Feb, 2018 um 12:53 schrieb Michael Tremer michael.tremer@ipfire.org:
On Fri, 2018-02-23 at 11:05 +0000, Jonatan Schlag via network wrote:
This function is neede by IPsec to set the routes correctly. We can now now find a source IP for a given net. This way is ugly because the source IP is unpredictable if we get multiple IPs.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org
src/functions/functions.ip | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
diff --git a/src/functions/functions.ip b/src/functions/functions.ip index 3b43da7..ef40bcc 100644 --- a/src/functions/functions.ip +++ b/src/functions/functions.ip @@ -205,3 +205,28 @@ ip_address_del() {
return ${EXIT_OK} }
+# Get all currently assigned addresse for a given network +ip_get_assigned_addresses_from_net() {
- local net=${1}
- shift
- local args="$@"
- assert ip_net_is_valid ${net}
I think this assertion isn't needed because "ip" will check this and just throw an error.
But can we catch the error in a nice way? I could have a look at this but using $? should be harder then to use our normal functions.
- local line
- local ips
It would be nicer if the "ips" variable would be called "addresses" because that is the term that we actually use most of the time.
Ok
- # We read the output of $(ip addr show to ${net} ${args})
- while read -r line; do
# We are only interested in lines which start with inet orinet6
[[ "${line}" =~ ^(inet6 |inet ) ]] || continue# We need the second word the lineline=(${line})list_append "ips" "$(ip_split_prefix "${line[1]}")"You could also achieve this by passing the line argument up to the first space and use the "%" and "#" parameters in the brackets.
I am not sure if the conversion to the array has any implications.
So how can we make shure that this has no implications?
- done <<< "$(ip addr show to "${net}" ${args})"
- # We sort the list to get the lowest IP as first item
- print "$(list_sort ${ips})"
You don't need to call print here. This will create a subshell for the list_sort call, but list_sort already prints the output, so you can just write:
list_sort ${ips}
That will be a lot faster.
Ok
+}
-Michael
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org --- src/helpers/ipsec-updown | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/src/helpers/ipsec-updown b/src/helpers/ipsec-updown index e4d704d..12ead03 100644 --- a/src/helpers/ipsec-updown +++ b/src/helpers/ipsec-updown @@ -29,6 +29,13 @@ network_settings_read # Make sure we are called by strongSwan assert isset PLUTO_VERSION
+if enabled DEBUG; then + while read line; do + [[ ${line} =~ ^PLUTO_ ]] || continue + log DEBUG " ${line}" + done <<< "$(printenv | sort)" +fi + CONNECTION="${PLUTO_CONNECTION}"
if ! ipsec_connection_read_config "${CONNECTION}"; then
*thumbs up*
On Fri, 2018-02-23 at 11:05 +0000, Jonatan Schlag via network wrote:
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org
src/helpers/ipsec-updown | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/src/helpers/ipsec-updown b/src/helpers/ipsec-updown index e4d704d..12ead03 100644 --- a/src/helpers/ipsec-updown +++ b/src/helpers/ipsec-updown @@ -29,6 +29,13 @@ network_settings_read # Make sure we are called by strongSwan assert isset PLUTO_VERSION
+if enabled DEBUG; then
- while read line; do
[[ ${line} =~ ^PLUTO_ ]] || continuelog DEBUG " ${line}"- done <<< "$(printenv | sort)"
+fi
CONNECTION="${PLUTO_CONNECTION}"
if ! ipsec_connection_read_config "${CONNECTION}"; then
Hello,
what happens when the same IP address is assigned to multiple interfaces?
That should not be because it doesn't make much sense, but people configure stupid things and we should make sure that that doesn't crash other parts of networking.
-Michael
On Fri, 2018-02-23 at 11:05 +0000, Jonatan Schlag via network wrote:
This function is used to get a device from an IP address which is assigned to the device. This function needs to be introduced to set the routes for IPsec correctly.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org
src/functions/functions.device | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+)
diff --git a/src/functions/functions.device b/src/functions/functions.device index cb4911f..2de1ad9 100644 --- a/src/functions/functions.device +++ b/src/functions/functions.device @@ -1058,3 +1058,30 @@ device_queue_set_smp_affinity() {
__processor_id_to_bitmap ${processor} > ${path} }
+# Tries to find a device which has the given IP address assigned +device_get_by_assigned_ip_address() {
- local ip=${1}
- assert isset ip
- local device
- # Read the first line of ip addr show to
- read -r device <<< $(ip addr show to "${ip}")
- # If we did not found a device we return with ${EXIT_ERROR}
- if ! isset device; then
return ${EXIT_ERROR}- fi
- # We get something like:
- # 3: upl0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state
UP group default qlen 1000
- # and we want upl0 so we take the second word and removing the :
- device=(${device})
- device=${device[1]}
- device=${device%:}
- print "${device}"
- return ${EXIT_OK}
+}
Hi,
Am Sa, 24. Feb, 2018 um 12:50 schrieb Michael Tremer michael.tremer@ipfire.org:
Hello,
what happens when the same IP address is assigned to multiple interfaces?
That should not be because it doesn't make much sense, but people configure stupid things and we should make sure that that doesn't crash other parts of networking.
-Michael
We take only the first line of the $(ip addr show to ...), so we take the first device we get. But I see no way to catch this stupid configuration. When the configuration is wrong, I see no problem when the code "fails"
Jonatan
On Fri, 2018-02-23 at 11:05 +0000, Jonatan Schlag via network wrote:
This function is used to get a device from an IP address which is assigned to the device. This function needs to be introduced to set the routes for IPsec correctly.
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org
src/functions/functions.device | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+)
diff --git a/src/functions/functions.device b/src/functions/functions.device index cb4911f..2de1ad9 100644 --- a/src/functions/functions.device +++ b/src/functions/functions.device @@ -1058,3 +1058,30 @@ device_queue_set_smp_affinity() {
__processor_id_to_bitmap ${processor} > ${path} }
+# Tries to find a device which has the given IP address assigned +device_get_by_assigned_ip_address() {
- local ip=${1}
- assert isset ip
- local device
- # Read the first line of ip addr show to
- read -r device <<< $(ip addr show to "${ip}")
- # If we did not found a device we return with ${EXIT_ERROR}
- if ! isset device; then
return ${EXIT_ERROR}- fi
- # We get something like:
- # 3: upl0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq
state UP group default qlen 1000
- # and we want upl0 so we take the second word and removing the :
- device=(${device})
- device=${device[1]}
- device=${device%:}
- print "${device}"
- return ${EXIT_OK}
+}
-
Jonatan Schlag -
Michael Tremer