/mandos/trunk : contents of network-hooks.d/bridge at revision 535.1.8

: (revision 535.1.8)

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

#!/bin/sh
#
# This is an example of a Mandos client network hook.  This hook
# brings up a bridge interface as specified in a separate
# configuration file.  To be used, this file and any needed
# configuration file(s) should be copied into the
# /etc/mandos/network-hooks.d directory.
# 
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved.  This file is offered as-is,
# without any warranty.

set -e

CONFIG="$MANDOSNETHOOKDIR/bridge.conf"

addrtoif(){
    grep -liFe "$1" /sys/class/net/*/address | sed -e 's,.*/\([^/]*\)/[^/]*,\1,'
}

# Read config file, which must set "BRIDGE", "PORT_ADDRESSES", and
# optionally "IPADDRS" and "ROUTES".
if [ -e "$CONFIG" ]; then
    . "$CONFIG"
fi

if [ -z "$BRIDGE" -o -z "$PORT_ADDRESSES" ]; then
    exit
fi

if [ -n "$DEVICE" -a "$DEVICE" != "$BRIDGE" ]; then
    exit
fi

for b in /sbin/brctl /usr/sbin/brctl; do
    if [ -e "$b" ]; then
	brctl="$b"
	break
    fi
done

case "$1" in
    start)
	"$brctl" addbr "$BRIDGE"
	for address in $PORT_ADDRESSES; do
	    interface=`addrtoif "$address"`
	    "$brctl" addif "$BRIDGE" "$interface"
	    ip link set dev "$interface" up
	done
	ip link set dev "$BRIDGE" up
	sleep "$DELAY"
	if [ -n "$IPADDRS" ]; then
            for ipaddr in $IPADDRS; do
		ip addr add "$ipaddr" dev "$BRIDGE"
	    done
	fi
	if [ -n "$ROUTES" ]; then
            for route in $ROUTES; do
		ip route add "$route" dev "$BRIDGE"
	    done
	fi
	;;
    stop)
	ip link set dev "$BRIDGE" down
	for address in $PORT_ADDRESSES; do
	    interface=`addrtoif "$address"`
	    ip link set dev "$interface" down
	    "$brctl" delif "$BRIDGE" "$interface"
	done
	"$brctl" delbr "$BRIDGE"
	;;
    files)
	echo /bin/ip
	echo "$brctl"
	;;
    modules)
	echo bridge
	;;
esac

505.3.10 by Teddy Hogeborn * network-hooks.d: New directory.	1	#!/bin/sh
	2	#
	3	# This is an example of a Mandos client network hook. This hook
	4	# brings up a bridge interface as specified in a separate
	5	# configuration file. To be used, this file and any needed
	6	# configuration file(s) should be copied into the
	7	# /etc/mandos/network-hooks.d directory.
	8	#
	9	# Copying and distribution of this file, with or without modification,
	10	# are permitted in any medium without royalty provided the copyright
	11	# notice and this notice are preserved. This file is offered as-is,
	12	# without any warranty.
	13
	14	set -e
	15
	16	CONFIG="$MANDOSNETHOOKDIR/bridge.conf"
	17
535.1.8 by teddy at recompile * network-hooks.s/bridge: Don't use interface names directly; search	18	addrtoif(){
	19	grep -liFe "$1" /sys/class/net//address \| sed -e 's,./\([^/]\)/[^/],\1,'
	20	}
	21
	22	# Read config file, which must set "BRIDGE", "PORT_ADDRESSES", and
	23	# optionally "IPADDRS" and "ROUTES".
505.3.10 by Teddy Hogeborn * network-hooks.d: New directory.	24	if [ -e "$CONFIG" ]; then
	25	. "$CONFIG"
	26	fi
	27
535.1.8 by teddy at recompile * network-hooks.s/bridge: Don't use interface names directly; search	28	if [ -z "$BRIDGE" -o -z "$PORT_ADDRESSES" ]; then
505.3.10 by Teddy Hogeborn * network-hooks.d: New directory.	29	exit
	30	fi
	31
	32	if [ -n "$DEVICE" -a "$DEVICE" != "$BRIDGE" ]; then
	33	exit
	34	fi
	35
505.3.21 by Teddy Hogeborn * network-hooks.d/bridge: Bug fix - really find brctl.	36	for b in /sbin/brctl /usr/sbin/brctl; do
	37	if [ -e "$b" ]; then
	38	brctl="$b"
505.3.20 by Teddy Hogeborn * network-hooks.d/bridge: Look for both /sbin/brctl and /usr/sbin/brctl.	39	break
	40	fi
	41	done
	42
505.3.10 by Teddy Hogeborn * network-hooks.d: New directory.	43	case "$1" in
	44	start)
505.3.22 by Teddy Hogeborn * network-hooks.d/bridge: Bug fix - use the found brctl.	45	"$brctl" addbr "$BRIDGE"
535.1.8 by teddy at recompile * network-hooks.s/bridge: Don't use interface names directly; search	46	for address in $PORT_ADDRESSES; do
	47	interface=`addrtoif "$address"`
	48	"$brctl" addif "$BRIDGE" "$interface"
	49	ip link set dev "$interface" up
505.3.10 by Teddy Hogeborn * network-hooks.d: New directory.	50	done
535.1.1 by teddy at recompile Add wireless network hook	51	ip link set dev "$BRIDGE" up
505.3.23 by Teddy Hogeborn * network-hooks.d/bridge: Bug fix - take up (and down) the bound	52	sleep "$DELAY"
505.3.10 by Teddy Hogeborn * network-hooks.d: New directory.	53	if [ -n "$IPADDRS" ]; then
	54	for ipaddr in $IPADDRS; do
	55	ip addr add "$ipaddr" dev "$BRIDGE"
	56	done
	57	fi
	58	if [ -n "$ROUTES" ]; then
	59	for route in $ROUTES; do
	60	ip route add "$route" dev "$BRIDGE"
	61	done
	62	fi
	63	;;
	64	stop)
535.1.1 by teddy at recompile Add wireless network hook	65	ip link set dev "$BRIDGE" down
535.1.8 by teddy at recompile * network-hooks.s/bridge: Don't use interface names directly; search	66	for address in $PORT_ADDRESSES; do
	67	interface=`addrtoif "$address"`
	68	ip link set dev "$interface" down
	69	"$brctl" delif "$BRIDGE" "$interface"
505.3.10 by Teddy Hogeborn * network-hooks.d: New directory.	70	done
505.3.22 by Teddy Hogeborn * network-hooks.d/bridge: Bug fix - use the found brctl.	71	"$brctl" delbr "$BRIDGE"
505.3.10 by Teddy Hogeborn * network-hooks.d: New directory.	72	;;
	73	files)
	74	echo /bin/ip
505.3.20 by Teddy Hogeborn * network-hooks.d/bridge: Look for both /sbin/brctl and /usr/sbin/brctl.	75	echo "$brctl"
505.3.14 by teddy at bsnet Hooks take new "modules" argument, and hook names can contain periods.	76	;;
	77	modules)
	78	echo bridge
505.3.10 by Teddy Hogeborn * network-hooks.d: New directory.	79	;;
	80	esac