firewall: add sanity checks to zone default rules (patch from #5459)
[openwrt.git] / package / base-files / files / lib / network / config.sh
1 #!/bin/sh
2 # Copyright (C) 2006 OpenWrt.org
3
4 # DEBUG="echo"
5
6 find_config() {
7 local iftype device iface ifaces ifn
8 for ifn in $interfaces; do
9 config_get iftype "$ifn" type
10 config_get iface "$ifn" ifname
11 case "$iftype" in
12 bridge) config_get ifaces "$ifn" ifnames;;
13 esac
14 config_get device "$ifn" device
15 for ifc in $device $iface $ifaces; do
16 [ ."$ifc" = ."$1" ] && {
17 echo "$ifn"
18 return 0
19 }
20 done
21 done
22
23 return 1;
24 }
25
26 scan_interfaces() {
27 local cfgfile="${1:-network}"
28 interfaces=
29 config_cb() {
30 case "$1" in
31 interface)
32 config_set "$2" auto 1
33 ;;
34 esac
35 local iftype ifname device proto
36 config_get iftype "$CONFIG_SECTION" TYPE
37 case "$iftype" in
38 interface)
39 append interfaces "$CONFIG_SECTION"
40 config_get proto "$CONFIG_SECTION" proto
41 config_get iftype "$CONFIG_SECTION" type
42 config_get ifname "$CONFIG_SECTION" ifname
43 config_get device "$CONFIG_SECTION" device "$ifname"
44 config_set "$CONFIG_SECTION" device "$device"
45 case "$iftype" in
46 bridge)
47 config_set "$CONFIG_SECTION" ifnames "$device"
48 config_set "$CONFIG_SECTION" ifname br-"$CONFIG_SECTION"
49 ;;
50 esac
51 ( type "scan_$proto" ) >/dev/null 2>/dev/null && eval "scan_$proto '$CONFIG_SECTION'"
52 ;;
53 esac
54 }
55 config_load "${cfgfile}"
56 }
57
58 add_vlan() {
59 local vif="${1%\.*}"
60
61 [ "$1" = "$vif" ] || ifconfig "$1" >/dev/null 2>/dev/null || {
62 ifconfig "$vif" up 2>/dev/null >/dev/null || add_vlan "$vif"
63 $DEBUG vconfig add "$vif" "${1##*\.}"
64 return 0
65 }
66 return 1
67 }
68
69 # sort the device list, drop duplicates
70 sort_list() {
71 local arg="$*"
72 (
73 for item in $arg; do
74 echo "$item"
75 done
76 ) | sort -u
77 }
78
79 # Create the interface, if necessary.
80 # Return status 0 indicates that the setup_interface() call should continue
81 # Return status 1 means that everything is set up already.
82
83 prepare_interface() {
84 local iface="$1"
85 local config="$2"
86 local vifmac="$3"
87
88 # if we're called for the bridge interface itself, don't bother trying
89 # to create any interfaces here. The scripts have already done that, otherwise
90 # the bridge interface wouldn't exist.
91 [ "br-$config" = "$iface" -o -e "$iface" ] && return 0;
92
93 ifconfig "$iface" 2>/dev/null >/dev/null && {
94 local proto
95 config_get proto "$config" proto
96
97 # make sure the interface is removed from any existing bridge and deconfigured,
98 # (deconfigured only if the interface is not set to proto=none)
99 unbridge "$iface"
100 [ "$proto" = none ] || ifconfig "$iface" 0.0.0.0
101
102 # Change interface MAC address if requested
103 [ -n "$vifmac" ] && {
104 ifconfig "$iface" down
105 ifconfig "$iface" hw ether "$vifmac" up
106 }
107 }
108
109 # Setup VLAN interfaces
110 add_vlan "$iface" && return 1
111 ifconfig "$iface" 2>/dev/null >/dev/null || return 0
112
113 # Setup bridging
114 local iftype
115 config_get iftype "$config" type
116 case "$iftype" in
117 bridge)
118 [ -x /usr/sbin/brctl ] && {
119 ifconfig "br-$config" 2>/dev/null >/dev/null && {
120 local newdevs devices
121 config_get devices "$config" device
122 for dev in $(sort_list "$devices" "$iface"); do
123 append newdevs "$dev"
124 done
125 uci_set_state network "$config" device "$newdevs"
126 $DEBUG ifconfig "$iface" 0.0.0.0
127 $DEBUG brctl addif "br-$config" "$iface"
128 # Bridge existed already. No further processing necesary
129 } || {
130 local stp
131 config_get_bool stp "$config" stp 0
132 $DEBUG brctl addbr "br-$config"
133 $DEBUG brctl setfd "br-$config" 0
134 $DEBUG ifconfig "br-$config" up
135 $DEBUG ifconfig "$iface" 0.0.0.0
136 $DEBUG brctl addif "br-$config" "$iface"
137 $DEBUG brctl stp "br-$config" $stp
138 # Creating the bridge here will have triggered a hotplug event, which will
139 # result in another setup_interface() call, so we simply stop processing
140 # the current event at this point.
141 }
142 ifconfig "$iface" up 2>/dev/null >/dev/null
143 return 1
144 }
145 ;;
146 esac
147 return 0
148 }
149
150 set_interface_ifname() {
151 local config="$1"
152 local ifname="$2"
153
154 local device
155 config_get device "$1" device
156 uci_set_state network "$config" ifname "$ifname"
157 uci_set_state network "$config" device "$device"
158 }
159
160 setup_interface_none() {
161 env -i ACTION="ifup" INTERFACE="$2" DEVICE="$1" PROTO=none /sbin/hotplug-call "iface" &
162 }
163
164 setup_interface_static() {
165 local iface="$1"
166 local config="$2"
167
168 local ipaddr netmask ip6addr
169 config_get ipaddr "$config" ipaddr
170 config_get netmask "$config" netmask
171 config_get ip6addr "$config" ip6addr
172 [ -z "$ipaddr" -o -z "$netmask" ] && [ -z "$ip6addr" ] && return 1
173
174 local gateway ip6gw dns bcast
175 config_get gateway "$config" gateway
176 config_get ip6gw "$config" ip6gw
177 config_get dns "$config" dns
178 config_get bcast "$config" broadcast
179
180 [ -z "$ipaddr" ] || $DEBUG ifconfig "$iface" "$ipaddr" netmask "$netmask" broadcast "${bcast:-+}"
181 [ -z "$ip6addr" ] || $DEBUG ifconfig "$iface" add "$ip6addr"
182 [ -z "$gateway" ] || $DEBUG route add default gw "$gateway" dev "$iface"
183 [ -z "$ip6gw" ] || $DEBUG route -A inet6 add default gw "$ip6gw" dev "$iface"
184 [ -z "$dns" ] || {
185 for ns in $dns; do
186 grep "$ns" /tmp/resolv.conf.auto 2>/dev/null >/dev/null || {
187 echo "nameserver $ns" >> /tmp/resolv.conf.auto
188 }
189 done
190 }
191
192 config_get type "$config" TYPE
193 [ "$type" = "alias" ] && return 0
194
195 env -i ACTION="ifup" INTERFACE="$config" DEVICE="$iface" PROTO=static /sbin/hotplug-call "iface" &
196 }
197
198 setup_interface_alias() {
199 local config="$1"
200 local parent="$2"
201 local iface="$3"
202
203 local cfg
204 config_get cfg "$config" interface
205 [ "$parent" == "$cfg" ] || return 0
206
207 # alias counter
208 local ctr
209 config_get ctr "$parent" alias_count 0
210 ctr="$(($ctr + 1))"
211 config_set "$parent" alias_count "$ctr"
212
213 # alias list
214 local list
215 config_get list "$parent" aliases
216 append list "$config"
217 config_set "$parent" aliases "$list"
218
219 iface="$iface:$ctr"
220 set_interface_ifname "$config" "$iface"
221
222 local proto
223 config_get proto "$config" proto "static"
224 case "${proto}" in
225 static)
226 setup_interface_static "$iface" "$config"
227 ;;
228 *)
229 echo "Unsupported type '$proto' for alias config '$config'"
230 return 1
231 ;;
232 esac
233 }
234
235 setup_interface() {
236 local iface="$1"
237 local config="$2"
238 local proto="$3"
239 local vifmac="$4"
240
241 [ -n "$config" ] || {
242 config=$(find_config "$iface")
243 [ "$?" = 0 ] || return 1
244 }
245
246 prepare_interface "$iface" "$config" "$vifmac" || return 0
247
248 [ "$iface" = "br-$config" ] && {
249 # need to bring up the bridge and wait a second for
250 # it to switch to the 'forwarding' state, otherwise
251 # it will lose its routes...
252 ifconfig "$iface" up
253 sleep 1
254 }
255
256 # Interface settings
257 grep "$iface:" /proc/net/dev > /dev/null && {
258 local mtu macaddr
259 config_get mtu "$config" mtu
260 config_get macaddr "$config" macaddr
261 [ -n "$macaddr" ] && $DEBUG ifconfig "$iface" down
262 $DEBUG ifconfig "$iface" ${macaddr:+hw ether "$macaddr"} ${mtu:+mtu $mtu} up
263 }
264 set_interface_ifname "$config" "$iface"
265
266 pidfile="/var/run/$iface.pid"
267 [ -n "$proto" ] || config_get proto "$config" proto
268 case "$proto" in
269 static)
270 setup_interface_static "$iface" "$config"
271 ;;
272 dhcp)
273 # prevent udhcpc from starting more than once
274 lock "/var/lock/dhcp-$iface"
275 local pid="$(cat "$pidfile" 2>/dev/null)"
276 if [ -d "/proc/$pid" ] && grep udhcpc "/proc/${pid}/cmdline" >/dev/null 2>/dev/null; then
277 lock -u "/var/lock/dhcp-$iface"
278 else
279 local ipaddr netmask hostname proto1 clientid
280 config_get ipaddr "$config" ipaddr
281 config_get netmask "$config" netmask
282 config_get hostname "$config" hostname
283 config_get proto1 "$config" proto
284 config_get clientid "$config" clientid
285
286 [ -z "$ipaddr" ] || \
287 $DEBUG ifconfig "$iface" "$ipaddr" ${netmask:+netmask "$netmask"}
288
289 # don't stay running in background if dhcp is not the main proto on the interface (e.g. when using pptp)
290 local dhcpopts
291 [ ."$proto1" != ."$proto" ] && dhcpopts="-n -q"
292 $DEBUG eval udhcpc -t 0 -i "$iface" ${ipaddr:+-r $ipaddr} ${hostname:+-H $hostname} ${clientid:+-c $clientid} -b -p "$pidfile" ${dhcpopts:- -R &}
293 lock -u "/var/lock/dhcp-$iface"
294 fi
295 ;;
296 none)
297 setup_interface_none "$iface" "$config"
298 ;;
299 *)
300 if ( eval "type setup_interface_$proto" ) >/dev/null 2>/dev/null; then
301 eval "setup_interface_$proto '$iface' '$config' '$proto'"
302 else
303 echo "Interface type $proto not supported."
304 return 1
305 fi
306 ;;
307 esac
308 [ "$proto" = none ] || {
309 for ifn in `ifconfig | grep "^$iface:" | awk '{print $1}'`; do
310 ifconfig "$ifn" down
311 done
312 }
313
314 local aliases
315 config_set "$config" aliases ""
316 config_set "$config" alias_count 0
317 config_foreach setup_interface_alias alias "$config" "$iface"
318 config_get aliases "$config" aliases
319 [ -z "$aliases" ] || uci_set_state network "$config" aliases "$aliases"
320 }
321
322 unbridge() {
323 local dev="$1"
324 local brdev
325
326 [ -x /usr/sbin/brctl ] || return 0
327 brctl show | grep "$dev" >/dev/null && {
328 # interface is still part of a bridge, correct that
329
330 for brdev in $(brctl show | awk '$2 ~ /^[0-9].*\./ { print $1 }'); do
331 brctl delif "$brdev" "$dev" 2>/dev/null >/dev/null
332 done
333 }
334 }
This page took 0.061377 seconds and 5 git commands to generate.