* [PATCH 1/3] Add new function: device_get_by_assigned_ip_address()
@ 2018-02-23 11:05 Jonatan Schlag
2018-02-23 11:05 ` [PATCH 2/3] Add new function ip_get__assigned_addresses_from_net() Jonatan Schlag
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Jonatan Schlag @ 2018-02-23 11:05 UTC (permalink / raw)
To: network
[-- Attachment #1: Type: text/plain, Size: 1358 bytes --]
This function is used to get a device from an IP address
which is assigned to the device.
This function needs to be introduced
to set the routes for IPsec correctly.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
---
src/functions/functions.device | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/src/functions/functions.device b/src/functions/functions.device
index cb4911f..2de1ad9 100644
--- a/src/functions/functions.device
+++ b/src/functions/functions.device
@@ -1058,3 +1058,30 @@ device_queue_set_smp_affinity() {
__processor_id_to_bitmap ${processor} > ${path}
}
+
+# Tries to find a device which has the given IP address assigned
+device_get_by_assigned_ip_address() {
+ local ip=${1}
+
+ assert isset ip
+
+ local device
+
+ # Read the first line of ip addr show to
+ read -r device <<< $(ip addr show to "${ip}")
+
+ # If we did not found a device we return with ${EXIT_ERROR}
+ if ! isset device; then
+ return ${EXIT_ERROR}
+ fi
+
+ # We get something like:
+ # 3: upl0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
+ # and we want upl0 so we take the second word and removing the :
+ device=(${device})
+ device=${device[1]}
+ device=${device%:}
+
+ print "${device}"
+ return ${EXIT_OK}
+}
--
2.6.3
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 2/3] Add new function ip_get__assigned_addresses_from_net()
2018-02-23 11:05 [PATCH 1/3] Add new function: device_get_by_assigned_ip_address() Jonatan Schlag
@ 2018-02-23 11:05 ` Jonatan Schlag
2018-02-24 11:53 ` Michael Tremer
2018-02-23 11:05 ` [PATCH 3/3] IPsec: Log the content of all PLUTO variables in debug mode Jonatan Schlag
2018-02-24 11:50 ` [PATCH 1/3] Add new function: device_get_by_assigned_ip_address() Michael Tremer
2 siblings, 1 reply; 6+ messages in thread
From: Jonatan Schlag @ 2018-02-23 11:05 UTC (permalink / raw)
To: network
[-- Attachment #1: Type: text/plain, Size: 1253 bytes --]
This function is neede by IPsec to set the routes correctly.
We can now now find a source IP for a given net.
This way is ugly because the source IP
is unpredictable if we get multiple IPs.
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
---
src/functions/functions.ip | 25 +++++++++++++++++++++++++
1 file changed, 25 insertions(+)
diff --git a/src/functions/functions.ip b/src/functions/functions.ip
index 3b43da7..ef40bcc 100644
--- a/src/functions/functions.ip
+++ b/src/functions/functions.ip
@@ -205,3 +205,28 @@ ip_address_del() {
return ${EXIT_OK}
}
+
+# Get all currently assigned addresse for a given network
+ip_get_assigned_addresses_from_net() {
+ local net=${1}
+ shift
+ local args="$@"
+
+ assert ip_net_is_valid ${net}
+
+ local line
+ local ips
+
+ # We read the output of $(ip addr show to ${net} ${args})
+ while read -r line; do
+ # We are only interested in lines which start with inet or inet6
+ [[ "${line}" =~ ^(inet6 |inet ) ]] || continue
+
+ # We need the second word the line
+ line=(${line})
+ list_append "ips" "$(ip_split_prefix "${line[1]}")"
+ done <<< "$(ip addr show to "${net}" ${args})"
+
+ # We sort the list to get the lowest IP as first item
+ print "$(list_sort ${ips})"
+}
--
2.6.3
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 3/3] IPsec: Log the content of all PLUTO variables in debug mode
2018-02-23 11:05 [PATCH 1/3] Add new function: device_get_by_assigned_ip_address() Jonatan Schlag
2018-02-23 11:05 ` [PATCH 2/3] Add new function ip_get__assigned_addresses_from_net() Jonatan Schlag
@ 2018-02-23 11:05 ` Jonatan Schlag
2018-02-24 11:54 ` Michael Tremer
2018-02-24 11:50 ` [PATCH 1/3] Add new function: device_get_by_assigned_ip_address() Michael Tremer
2 siblings, 1 reply; 6+ messages in thread
From: Jonatan Schlag @ 2018-02-23 11:05 UTC (permalink / raw)
To: network
[-- Attachment #1: Type: text/plain, Size: 658 bytes --]
Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
---
src/helpers/ipsec-updown | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/helpers/ipsec-updown b/src/helpers/ipsec-updown
index e4d704d..12ead03 100644
--- a/src/helpers/ipsec-updown
+++ b/src/helpers/ipsec-updown
@@ -29,6 +29,13 @@ network_settings_read
# Make sure we are called by strongSwan
assert isset PLUTO_VERSION
+if enabled DEBUG; then
+ while read line; do
+ [[ ${line} =~ ^PLUTO_ ]] || continue
+ log DEBUG " ${line}"
+ done <<< "$(printenv | sort)"
+fi
+
CONNECTION="${PLUTO_CONNECTION}"
if ! ipsec_connection_read_config "${CONNECTION}"; then
--
2.6.3
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/3] Add new function: device_get_by_assigned_ip_address()
2018-02-23 11:05 [PATCH 1/3] Add new function: device_get_by_assigned_ip_address() Jonatan Schlag
2018-02-23 11:05 ` [PATCH 2/3] Add new function ip_get__assigned_addresses_from_net() Jonatan Schlag
2018-02-23 11:05 ` [PATCH 3/3] IPsec: Log the content of all PLUTO variables in debug mode Jonatan Schlag
@ 2018-02-24 11:50 ` Michael Tremer
2 siblings, 0 replies; 6+ messages in thread
From: Michael Tremer @ 2018-02-24 11:50 UTC (permalink / raw)
To: network
[-- Attachment #1: Type: text/plain, Size: 1719 bytes --]
Hello,
what happens when the same IP address is assigned to multiple interfaces?
That should not be because it doesn't make much sense, but people configure
stupid things and we should make sure that that doesn't crash other parts of
networking.
-Michael
On Fri, 2018-02-23 at 11:05 +0000, Jonatan Schlag via network wrote:
> This function is used to get a device from an IP address
> which is assigned to the device.
> This function needs to be introduced
> to set the routes for IPsec correctly.
>
> Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
> ---
> src/functions/functions.device | 27 +++++++++++++++++++++++++++
> 1 file changed, 27 insertions(+)
>
> diff --git a/src/functions/functions.device b/src/functions/functions.device
> index cb4911f..2de1ad9 100644
> --- a/src/functions/functions.device
> +++ b/src/functions/functions.device
> @@ -1058,3 +1058,30 @@ device_queue_set_smp_affinity() {
>
> __processor_id_to_bitmap ${processor} > ${path}
> }
> +
> +# Tries to find a device which has the given IP address assigned
> +device_get_by_assigned_ip_address() {
> + local ip=${1}
> +
> + assert isset ip
> +
> + local device
> +
> + # Read the first line of ip addr show to
> + read -r device <<< $(ip addr show to "${ip}")
> +
> + # If we did not found a device we return with ${EXIT_ERROR}
> + if ! isset device; then
> + return ${EXIT_ERROR}
> + fi
> +
> + # We get something like:
> + # 3: upl0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state
> UP group default qlen 1000
> + # and we want upl0 so we take the second word and removing the :
> + device=(${device})
> + device=${device[1]}
> + device=${device%:}
> +
> + print "${device}"
> + return ${EXIT_OK}
> +}
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/3] Add new function ip_get__assigned_addresses_from_net()
2018-02-23 11:05 ` [PATCH 2/3] Add new function ip_get__assigned_addresses_from_net() Jonatan Schlag
@ 2018-02-24 11:53 ` Michael Tremer
0 siblings, 0 replies; 6+ messages in thread
From: Michael Tremer @ 2018-02-24 11:53 UTC (permalink / raw)
To: network
[-- Attachment #1: Type: text/plain, Size: 2096 bytes --]
On Fri, 2018-02-23 at 11:05 +0000, Jonatan Schlag via network wrote:
> This function is neede by IPsec to set the routes correctly.
> We can now now find a source IP for a given net.
> This way is ugly because the source IP
> is unpredictable if we get multiple IPs.
>
> Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
> ---
> src/functions/functions.ip | 25 +++++++++++++++++++++++++
> 1 file changed, 25 insertions(+)
>
> diff --git a/src/functions/functions.ip b/src/functions/functions.ip
> index 3b43da7..ef40bcc 100644
> --- a/src/functions/functions.ip
> +++ b/src/functions/functions.ip
> @@ -205,3 +205,28 @@ ip_address_del() {
>
> return ${EXIT_OK}
> }
> +
> +# Get all currently assigned addresse for a given network
> +ip_get_assigned_addresses_from_net() {
> + local net=${1}
> + shift
> + local args="$@"
> +
> + assert ip_net_is_valid ${net}
I think this assertion isn't needed because "ip" will check this and just throw
an error.
> + local line
> + local ips
It would be nicer if the "ips" variable would be called "addresses" because that
is the term that we actually use most of the time.
> + # We read the output of $(ip addr show to ${net} ${args})
> + while read -r line; do
> + # We are only interested in lines which start with inet or
> inet6
> + [[ "${line}" =~ ^(inet6 |inet ) ]] || continue
> +
> + # We need the second word the line
> + line=(${line})
> + list_append "ips" "$(ip_split_prefix "${line[1]}")"
You could also achieve this by passing the line argument up to the first space
and use the "%" and "#" parameters in the brackets.
I am not sure if the conversion to the array has any implications.
> + done <<< "$(ip addr show to "${net}" ${args})"
> +
> + # We sort the list to get the lowest IP as first item
> + print "$(list_sort ${ips})"
You don't need to call print here. This will create a subshell for the list_sort
call, but list_sort already prints the output, so you can just write:
list_sort ${ips}
That will be a lot faster.
> +}
-Michael
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 3/3] IPsec: Log the content of all PLUTO variables in debug mode
2018-02-23 11:05 ` [PATCH 3/3] IPsec: Log the content of all PLUTO variables in debug mode Jonatan Schlag
@ 2018-02-24 11:54 ` Michael Tremer
0 siblings, 0 replies; 6+ messages in thread
From: Michael Tremer @ 2018-02-24 11:54 UTC (permalink / raw)
To: network
[-- Attachment #1: Type: text/plain, Size: 775 bytes --]
*thumbs up*
On Fri, 2018-02-23 at 11:05 +0000, Jonatan Schlag via network wrote:
> Signed-off-by: Jonatan Schlag <jonatan.schlag(a)ipfire.org>
> ---
> src/helpers/ipsec-updown | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/src/helpers/ipsec-updown b/src/helpers/ipsec-updown
> index e4d704d..12ead03 100644
> --- a/src/helpers/ipsec-updown
> +++ b/src/helpers/ipsec-updown
> @@ -29,6 +29,13 @@ network_settings_read
> # Make sure we are called by strongSwan
> assert isset PLUTO_VERSION
>
> +if enabled DEBUG; then
> + while read line; do
> + [[ ${line} =~ ^PLUTO_ ]] || continue
> + log DEBUG " ${line}"
> + done <<< "$(printenv | sort)"
> +fi
> +
> CONNECTION="${PLUTO_CONNECTION}"
>
> if ! ipsec_connection_read_config "${CONNECTION}"; then
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-02-24 11:54 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-02-23 11:05 [PATCH 1/3] Add new function: device_get_by_assigned_ip_address() Jonatan Schlag
2018-02-23 11:05 ` [PATCH 2/3] Add new function ip_get__assigned_addresses_from_net() Jonatan Schlag
2018-02-24 11:53 ` Michael Tremer
2018-02-23 11:05 ` [PATCH 3/3] IPsec: Log the content of all PLUTO variables in debug mode Jonatan Schlag
2018-02-24 11:54 ` Michael Tremer
2018-02-24 11:50 ` [PATCH 1/3] Add new function: device_get_by_assigned_ip_address() Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox