bzr branch
http://bzr.recompile.se/loggerhead/mandos/release
237.16.10
by Teddy Hogeborn
* network-hooks.d: New directory. |
1 |
#!/bin/sh
|
2 |
#
|
|
3 |
# This is an example of a Mandos client network hook. This hook
|
|
4 |
# brings up a bridge interface as specified in a separate
|
|
5 |
# configuration file. To be used, this file and any needed
|
|
6 |
# configuration file(s) should be copied into the
|
|
7 |
# /etc/mandos/network-hooks.d directory.
|
|
8 |
#
|
|
237.7.111
by Teddy Hogeborn
* network-hooks.d/bridge: Move "start" and "stop" commands to separate |
9 |
# Copyright © 2012 Teddy Hogeborn
|
10 |
# Copyright © 2012 Björn Påhlsson
|
|
237.7.97
by teddy at recompile
* Makefile (install-server): Add intro(8mandos) man page. |
11 |
#
|
237.16.10
by Teddy Hogeborn
* network-hooks.d: New directory. |
12 |
# Copying and distribution of this file, with or without modification,
|
13 |
# are permitted in any medium without royalty provided the copyright
|
|
14 |
# notice and this notice are preserved. This file is offered as-is,
|
|
15 |
# without any warranty.
|
|
16 |
||
17 |
set -e |
|
18 |
||
19 |
CONFIG="$MANDOSNETHOOKDIR/bridge.conf" |
|
20 |
||
237.17.8
by teddy at recompile
* network-hooks.s/bridge: Don't use interface names directly; search |
21 |
addrtoif(){
|
237.17.9
by teddy at recompile
* network-hooks.s/bridge: Don't use interface names directly; search |
22 |
grep -liFe "$1" /sys/class/net/*/address \ |
237.7.103
by Teddy Hogeborn
* network-hooks.d/bridge: Bug fixes: Ignore bridge interface when |
23 |
| sed -e 's,.*/\([^/]*\)/[^/]*,\1,' -e "/^${BRIDGE}\$/d" |
237.17.8
by teddy at recompile
* network-hooks.s/bridge: Don't use interface names directly; search |
24 |
}
|
25 |
||
26 |
# Read config file, which must set "BRIDGE", "PORT_ADDRESSES", and
|
|
27 |
# optionally "IPADDRS" and "ROUTES".
|
|
237.16.10
by Teddy Hogeborn
* network-hooks.d: New directory. |
28 |
if [ -e "$CONFIG" ]; then |
29 |
. "$CONFIG" |
|
30 |
fi
|
|
31 |
||
237.7.452
by Teddy Hogeborn
Use || instead of -o in shell scripts. |
32 |
if [ -z "$BRIDGE" ] || [ -z "$PORT_ADDRESSES" ]; then |
237.16.10
by Teddy Hogeborn
* network-hooks.d: New directory. |
33 |
exit |
34 |
fi
|
|
35 |
||
237.22.4
by Teddy Hogeborn
* plugins.d/mandos-client.c (get_flags): Don't clobber errno. |
36 |
if [ -n "$DEVICE" ]; then |
37 |
case "$DEVICE" in |
|
38 |
*,"$BRIDGE"|*,"$BRIDGE",*|"$BRIDGE",*|"$BRIDGE") :;; |
|
39 |
*) exit;; |
|
40 |
esac |
|
237.16.10
by Teddy Hogeborn
* network-hooks.d: New directory. |
41 |
fi
|
42 |
||
237.7.103
by Teddy Hogeborn
* network-hooks.d/bridge: Bug fixes: Ignore bridge interface when |
43 |
brctl="/sbin/brctl" |
44 |
for b in "$brctl" /usr/sbin/brctl; do |
|
237.16.21
by Teddy Hogeborn
* network-hooks.d/bridge: Bug fix - really find brctl. |
45 |
if [ -e "$b" ]; then |
46 |
brctl="$b" |
|
237.16.20
by Teddy Hogeborn
* network-hooks.d/bridge: Look for both /sbin/brctl and /usr/sbin/brctl. |
47 |
break |
48 |
fi |
|
49 |
done
|
|
50 |
||
237.7.111
by Teddy Hogeborn
* network-hooks.d/bridge: Move "start" and "stop" commands to separate |
51 |
do_start(){
|
52 |
"$brctl" addbr "$BRIDGE" |
|
53 |
for address in $PORT_ADDRESSES; do |
|
54 |
interface=`addrtoif "$address"` |
|
55 |
"$brctl" addif "$BRIDGE" "$interface" |
|
56 |
ip link set dev "$interface" up |
|
57 |
done |
|
58 |
ip link set dev "$BRIDGE" up |
|
59 |
sleep "${DELAY%%.*}" |
|
60 |
if [ -n "$IPADDRS" ]; then |
|
61 |
for ipaddr in $IPADDRS; do |
|
62 |
ip addr add "$ipaddr" dev "$BRIDGE" |
|
63 |
done |
|
64 |
fi |
|
65 |
if [ -n "$ROUTES" ]; then |
|
66 |
for route in $ROUTES; do |
|
67 |
ip route add "$route" dev "$BRIDGE" |
|
68 |
done |
|
69 |
fi |
|
70 |
}
|
|
71 |
||
72 |
do_stop(){
|
|
73 |
ip link set dev "$BRIDGE" down |
|
74 |
for address in $PORT_ADDRESSES; do |
|
75 |
interface=`addrtoif "$address"` |
|
76 |
ip link set dev "$interface" down |
|
77 |
"$brctl" delif "$BRIDGE" "$interface" |
|
78 |
done |
|
79 |
"$brctl" delbr "$BRIDGE" |
|
80 |
}
|
|
81 |
||
82 |
case "${MODE:-$1}" in |
|
83 |
start|stop) |
|
84 |
do_"${MODE:-$1}" |
|
237.16.10
by Teddy Hogeborn
* network-hooks.d: New directory. |
85 |
;; |
86 |
files) |
|
87 |
echo /bin/ip |
|
237.16.20
by Teddy Hogeborn
* network-hooks.d/bridge: Look for both /sbin/brctl and /usr/sbin/brctl. |
88 |
echo "$brctl" |
237.16.14
by teddy at bsnet
Hooks take new "modules" argument, and hook names can contain periods. |
89 |
;; |
90 |
modules) |
|
91 |
echo bridge |
|
237.16.10
by Teddy Hogeborn
* network-hooks.d: New directory. |
92 |
;; |
93 |
esac
|