bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
505.3.10
by Teddy Hogeborn
* network-hooks.d: New directory. |
1 |
#!/bin/sh
|
2 |
#
|
|
3 |
# This is an example of a Mandos client network hook. This hook
|
|
4 |
# brings up a bridge interface as specified in a separate
|
|
5 |
# configuration file. To be used, this file and any needed
|
|
6 |
# configuration file(s) should be copied into the
|
|
7 |
# /etc/mandos/network-hooks.d directory.
|
|
8 |
#
|
|
549
by teddy at recompile
* Makefile (install-server): Add intro(8mandos) man page. |
9 |
# Copyright © 2011 Teddy Hogeborn
|
10 |
# Copyright © 2011 Björn Påhlsson
|
|
11 |
#
|
|
505.3.10
by Teddy Hogeborn
* network-hooks.d: New directory. |
12 |
# Copying and distribution of this file, with or without modification,
|
13 |
# are permitted in any medium without royalty provided the copyright
|
|
14 |
# notice and this notice are preserved. This file is offered as-is,
|
|
15 |
# without any warranty.
|
|
16 |
||
17 |
set -e |
|
18 |
||
19 |
CONFIG="$MANDOSNETHOOKDIR/bridge.conf" |
|
20 |
||
535.1.8
by teddy at recompile
* network-hooks.s/bridge: Don't use interface names directly; search |
21 |
addrtoif(){
|
535.1.9
by teddy at recompile
* network-hooks.s/bridge: Don't use interface names directly; search |
22 |
grep -liFe "$1" /sys/class/net/*/address \ |
555
by Teddy Hogeborn
* network-hooks.d/bridge: Bug fixes: Ignore bridge interface when |
23 |
| sed -e 's,.*/\([^/]*\)/[^/]*,\1,' -e "/^${BRIDGE}\$/d" |
535.1.8
by teddy at recompile
* network-hooks.s/bridge: Don't use interface names directly; search |
24 |
}
|
25 |
||
26 |
# Read config file, which must set "BRIDGE", "PORT_ADDRESSES", and
|
|
27 |
# optionally "IPADDRS" and "ROUTES".
|
|
505.3.10
by Teddy Hogeborn
* network-hooks.d: New directory. |
28 |
if [ -e "$CONFIG" ]; then |
29 |
. "$CONFIG" |
|
30 |
fi
|
|
31 |
||
535.1.8
by teddy at recompile
* network-hooks.s/bridge: Don't use interface names directly; search |
32 |
if [ -z "$BRIDGE" -o -z "$PORT_ADDRESSES" ]; then |
505.3.10
by Teddy Hogeborn
* network-hooks.d: New directory. |
33 |
exit |
34 |
fi
|
|
35 |
||
36 |
if [ -n "$DEVICE" -a "$DEVICE" != "$BRIDGE" ]; then |
|
37 |
exit |
|
38 |
fi
|
|
39 |
||
555
by Teddy Hogeborn
* network-hooks.d/bridge: Bug fixes: Ignore bridge interface when |
40 |
brctl="/sbin/brctl" |
41 |
for b in "$brctl" /usr/sbin/brctl; do |
|
505.3.21
by Teddy Hogeborn
* network-hooks.d/bridge: Bug fix - really find brctl. |
42 |
if [ -e "$b" ]; then |
43 |
brctl="$b" |
|
505.3.20
by Teddy Hogeborn
* network-hooks.d/bridge: Look for both /sbin/brctl and /usr/sbin/brctl. |
44 |
break |
45 |
fi |
|
46 |
done
|
|
47 |
||
505.3.10
by Teddy Hogeborn
* network-hooks.d: New directory. |
48 |
case "$1" in |
49 |
start) |
|
505.3.22
by Teddy Hogeborn
* network-hooks.d/bridge: Bug fix - use the found brctl. |
50 |
"$brctl" addbr "$BRIDGE" |
535.1.8
by teddy at recompile
* network-hooks.s/bridge: Don't use interface names directly; search |
51 |
for address in $PORT_ADDRESSES; do |
52 |
interface=`addrtoif "$address"` |
|
53 |
"$brctl" addif "$BRIDGE" "$interface" |
|
54 |
ip link set dev "$interface" up |
|
505.3.10
by Teddy Hogeborn
* network-hooks.d: New directory. |
55 |
done |
535.1.1
by teddy at recompile
Add wireless network hook |
56 |
ip link set dev "$BRIDGE" up |
555
by Teddy Hogeborn
* network-hooks.d/bridge: Bug fixes: Ignore bridge interface when |
57 |
sleep "${DELAY%%.*}" |
505.3.10
by Teddy Hogeborn
* network-hooks.d: New directory. |
58 |
if [ -n "$IPADDRS" ]; then |
59 |
for ipaddr in $IPADDRS; do |
|
60 |
ip addr add "$ipaddr" dev "$BRIDGE" |
|
61 |
done |
|
62 |
fi |
|
63 |
if [ -n "$ROUTES" ]; then |
|
64 |
for route in $ROUTES; do |
|
65 |
ip route add "$route" dev "$BRIDGE" |
|
66 |
done |
|
67 |
fi |
|
68 |
;; |
|
69 |
stop) |
|
535.1.1
by teddy at recompile
Add wireless network hook |
70 |
ip link set dev "$BRIDGE" down |
535.1.8
by teddy at recompile
* network-hooks.s/bridge: Don't use interface names directly; search |
71 |
for address in $PORT_ADDRESSES; do |
72 |
interface=`addrtoif "$address"` |
|
73 |
ip link set dev "$interface" down |
|
74 |
"$brctl" delif "$BRIDGE" "$interface" |
|
505.3.10
by Teddy Hogeborn
* network-hooks.d: New directory. |
75 |
done |
505.3.22
by Teddy Hogeborn
* network-hooks.d/bridge: Bug fix - use the found brctl. |
76 |
"$brctl" delbr "$BRIDGE" |
505.3.10
by Teddy Hogeborn
* network-hooks.d: New directory. |
77 |
;; |
78 |
files) |
|
79 |
echo /bin/ip |
|
505.3.20
by Teddy Hogeborn
* network-hooks.d/bridge: Look for both /sbin/brctl and /usr/sbin/brctl. |
80 |
echo "$brctl" |
505.3.14
by teddy at bsnet
Hooks take new "modules" argument, and hook names can contain periods. |
81 |
;; |
82 |
modules) |
|
83 |
echo bridge |
|
505.3.10
by Teddy Hogeborn
* network-hooks.d: New directory. |
84 |
;; |
85 |
esac
|