diff options
Diffstat (limited to 'scripts/vyatta-interfaces.pl')
-rwxr-xr-x | scripts/vyatta-interfaces.pl | 596 |
1 files changed, 596 insertions, 0 deletions
diff --git a/scripts/vyatta-interfaces.pl b/scripts/vyatta-interfaces.pl new file mode 100755 index 00000000..a496e66b --- /dev/null +++ b/scripts/vyatta-interfaces.pl @@ -0,0 +1,596 @@ +#!/usr/bin/perl +# +# Module: vyatta-interfaces.pl +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# A copy of the GNU General Public License is available as +# `/usr/share/common-licenses/GPL' in the Debian GNU/Linux distribution +# or on the World Wide Web at `http://www.gnu.org/copyleft/gpl.html'. +# You can also obtain it by writing to the Free Software Foundation, +# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2007 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Stig Thormodsrud +# Date: November 2007 +# Description: Script to assign addresses to interfaces. +# +# **** End License **** +# + +use lib "/opt/vyatta/share/perl5/"; +use Vyatta::Config; +use Vyatta::Misc qw(generate_dhclient_intf_files + getInterfaces getIP get_sysfs_value + is_address_enabled is_dhcp_enabled is_ip_v4_or_v6); +use Vyatta::Interface; + +use Getopt::Long; +use POSIX; +use NetAddr::IP; +use Fcntl; + +use strict; +use warnings; + +my $dhcp_daemon = '/sbin/dhclient'; + +my ($eth_update, $eth_delete, $addr_set, @addr_commit, $dev, $mac, $mac_update); +my ($check_name, $show_names, $intf_cli_path, $vif_name, $warn_name); +my ($check_up, $show_path, $dhcp_command); +my @speed_duplex; + +sub usage { + print <<EOF; +Usage: $0 --dev=<interface> --check=<type> + $0 --dev=<interface> --warn + $0 --dev=<interface> --valid-mac=<aa:aa:aa:aa:aa:aa> + $0 --dev=<interface> --eth-addr-update=<aa:aa:aa:aa:aa:aa> + $0 --dev=<interface> --eth-addr-delete=<aa:aa:aa:aa:aa:aa> + $0 --dev=<interface> --valid-addr-set={<a.b.c.d>|dhcp} + $0 --dev=<interface> --valid-addr-commit={addr1 addr2 ...} + $0 --dev=<interface> --speed-duplex=speed,duplex + $0 --dev=<interface> --path + $0 --dev=<interface> --isup + $0 --show=<type> +EOF + exit 1; +} + +GetOptions("eth-addr-update=s" => \$eth_update, + "eth-addr-delete=s" => \$eth_delete, + "valid-addr=s" => \$addr_set, + "valid-addr-set=s" => \$addr_set, + "valid-addr-commit=s{,}" => \@addr_commit, + "dev=s" => \$dev, + "valid-mac=s" => \$mac, + "set-mac=s" => \$mac_update, + "dhcp=s" => \$dhcp_command, + "check=s" => \$check_name, + "show=s" => \$show_names, + "vif=s" => \$vif_name, + "warn" => \$warn_name, + "path" => \$show_path, + "isup" => \$check_up, + "speed-duplex=s{2}" => \@speed_duplex, +) or usage(); + +update_eth_addrs($eth_update, $dev) if ($eth_update); +delete_eth_addrs($eth_delete, $dev) if ($eth_delete); +is_valid_addr_set($addr_set, $dev) if ($addr_set); +is_valid_addr_commit($dev, @addr_commit) if (@addr_commit); +is_valid_mac($mac, $dev) if ($mac); +update_mac($mac_update, $dev) if ($mac_update); +dhcp($dhcp_command, $dev) if ($dhcp_command); +is_valid_name($check_name, $dev) if ($check_name); +exists_name($dev) if ($warn_name); +show_interfaces($show_names) if ($show_names); +show_config_path($dev) if ($show_path); +is_up($dev) if ($check_up); +set_speed_duplex($dev, @speed_duplex) if (@speed_duplex); +exit 0; + +sub is_ip_configured { + my ($intf, $ip) = @_; + my $found = grep { $_ eq $ip } Vyatta::Misc::getIP($intf); + return ($found > 0); +} + +sub is_ip_duplicate { + my ($intf, $ip) = @_; + + # get a map of all ipv4 and ipv6 addresses + my %ipaddrs_hash = map { $_ => 1 } getIP(); + + return unless($ipaddrs_hash{$ip}); + + # allow dup if it's the same interface + return !is_ip_configured($intf, $ip); +} + +sub is_up { + my $name = shift; + my $intf = new Vyatta::Interface($name); + + die "Unknown interface type for $name" unless $intf; + + exit 0 if ($intf->up()); + exit 1; +} + +sub touch { + my $file = shift; + my $t = time; + + sysopen (my $f, $file, O_RDWR|O_CREAT) + or die "Can't touch $file: $!"; + close $f; + utime $t, $t, $file; +} + +sub dhcp_write_file { + my ($file, $data) = @_; + + open(my $fh, '>', $file) || die "Couldn't open $file - $!"; + print $fh $data; + close $fh; +} + +sub dhcp_conf_header { + my $output; + + my $date = `date`; + chomp $date; + $output = "#\n# autogenerated by vyatta-interfaces.pl on $date\n#\n"; + return $output; +} + +sub get_hostname { + my $config = new Vyatta::Config; + $config->setLevel("system"); + return $config->returnValue("host-name"); +} + +sub is_domain_name_set { + my $config = new Vyatta::Config; + $config->setLevel("system"); + return $config->returnValue("domain-name"); +} + +sub get_mtu { + my $name = shift; + my $intf = new Vyatta::Interface($name); + return $intf->mtu(); +} + +sub dhcp_update_config { + my ($conf_file, $intf) = @_; + + my $output = dhcp_conf_header(); + my $hostname = get_hostname(); + + $output .= "interface \"$intf\" {\n"; + if (defined($hostname)) { + $output .= "\tsend host-name \"$hostname\";\n"; + } + $output .= "\trequest subnet-mask, broadcast-address, routers, domain-name-servers"; + my $domainname = is_domain_name_set(); + if (!defined($domainname)) { + $output .= ", domain-name"; + } + + my $mtu = get_mtu($intf); + $output .= ", interface-mtu" unless $mtu; + + $output .= ";\n"; + $output .= "}\n\n"; + + dhcp_write_file($conf_file, $output); +} + +# Is interface disabled in configuration (only valid in config mode) +sub is_intf_disabled { + my $name = shift; + my $intf = new Vyatta::Interface($name); + $intf or die "Unknown interface name/type: $name\n"; + + my $config = new Vyatta::Config; + $config->setLevel($intf->path()); + + return $config->exists("disable"); +} + +sub run_dhclient { + my $intf = shift; + + my ($intf_config_file, $intf_process_id_file, $intf_leases_file) + = generate_dhclient_intf_files($intf); + dhcp_update_config($intf_config_file, $intf); + + return is_intf_disabled($intf); + + my $cmd = "$dhcp_daemon -pf $intf_process_id_file -x $intf 2> /dev/null; rm -f $intf_process_id_file 2> /dev/null;"; + $cmd .= "$dhcp_daemon -q -nw -cf $intf_config_file -pf $intf_process_id_file -lf $intf_leases_file $intf 2> /dev/null &"; + # adding & at the end to make the process into a daemon immediately + system ($cmd) == 0 + or warn "start $dhcp_daemon failed: $?\n"; +} + +sub stop_dhclient { + my $intf = shift; + + return if is_intf_disabled($intf); + + my ($intf_config_file, $intf_process_id_file, $intf_leases_file) + = generate_dhclient_intf_files($intf); + my $release_cmd = "$dhcp_daemon -q -cf $intf_config_file -pf $intf_process_id_file -lf $intf_leases_file -r $intf 2> /dev/null;"; + $release_cmd .= "rm -f $intf_process_id_file 2> /dev/null"; + system ($release_cmd) == 0 + or warn "stop $dhcp_daemon failed: $?\n"; +} + +sub update_eth_addrs { + my ($addr, $intf) = @_; + + if ($addr eq "dhcp") { + touch("/var/lib/dhcp3/$intf"); + run_dhclient($intf); + return; + } + my $version = is_ip_v4_or_v6($addr); + die "Unknown address not IPV4 or IPV6" unless $version; + + if (is_ip_configured($intf, $addr)) { + # + # treat this as informational, don't fail + # + print "Address $addr already configured on $intf\n"; + exit 0; + } + + if ($version == 4) { + exec (qw(ip addr add),$addr,qw(broadcast + dev), $intf) + or die "ip addr command failed: $!"; + } + if ($version == 6) { + exec (qw(ip -6 addr add), $addr, 'dev', $intf) + or die "ip addr command failed: $!"; + } + die "Error: Invalid address/prefix [$addr] for interface $intf\n"; +} + +sub delete_eth_addrs { + my ($addr, $intf) = @_; + + if ($addr eq "dhcp") { + stop_dhclient($intf); + unlink("/var/lib/dhcp3/dhclient_$intf\_lease"); + unlink("/var/lib/dhcp3/$intf"); + unlink("/var/run/vyatta/dhclient/dhclient_release_$intf"); + unlink("/var/lib/dhcp3/dhclient_$intf\.conf"); + exit 0; + } + my $version = is_ip_v4_or_v6($addr); + if ($version == 6) { + exec 'ip', '-6', 'addr', 'del', $addr, 'dev', $intf + or die "Could not exec ip?"; + } + + ($version == 4) or die "Bad ip version"; + + if (is_ip_configured($intf, $addr)) { + # Link is up, so just delete address + # Zebra is watching for netlink events and will handle it + exec 'ip', 'addr', 'del', $addr, 'dev', $intf + or die "Could not exec ip?"; + } + + exit 0; +} + +sub update_mac { + my ($mac, $intf) = @_; + + open my $fh, "<", "/sys/class/net/$intf/flags" + or die "Error: $intf is not a network device\n"; + + my $flags = <$fh>; + chomp $flags; + close $fh or die "Error: can't read state\n"; + + if (POSIX::strtoul($flags) & 1) { + # NB: Perl 5 system return value is bass-ackwards + system "sudo ip link set $intf down" + and die "Could not set $intf down ($!)\n"; + system "sudo ip link set $intf address $mac" + and die "Could not set $intf address ($!)\n"; + system "sudo ip link set $intf up" + and die "Could not set $intf up ($!)\n"; + } else { + system "sudo ip link set $intf address $mac" + and die "Could not set $intf address ($!)\n"; + } + exit 0; +} + +sub is_valid_mac { + my ($mac, $intf) = @_; + my @octets = split /:/, $mac; + + ($#octets == 5) or die "Error: wrong number of octets: $#octets\n"; + + (($octets[0] & 1) == 0) or die "Error: $mac is a multicast address\n"; + + my $sum = 0; + $sum += strtoul('0x' . $_) foreach @octets; + ( $sum != 0 ) or die "Error: zero is not a valid address\n"; + + exit 0; +} + +# Validate an address parameter at the time the user enters it via +# a "set" command. This validates the parameter for syntax only. +# It does not validate it in combination with other parameters. +# Valid values are: "dhcp", <ipv4-address>/<prefix-len>, or +# <ipv6-address>/<prefix-len> +# +sub is_valid_addr_set { + my ($addr_net, $intf) = @_; + + if ($addr_net eq "dhcp") { + if ($intf eq "lo") { + print "Error: can't use dhcp client on loopback interface\n"; + exit 1; + } + exit 0; + } + + my ($addr, $net); + if ($addr_net =~ m/^([0-9a-fA-F\.\:]+)\/(\d+)$/) { + $addr = $1; + $net = $2; + } else { + exit 1; + } + + my $version = is_ip_v4_or_v6($addr_net); + if (!defined $version) { + exit 1; + } + + my $ip = NetAddr::IP->new($addr_net); + my $network = $ip->network(); + my $bcast = $ip->broadcast(); + + if ($ip->version == 4 and $ip->masklen() == 31) { + # + # RFC3021 allows for /31 to treat both address as host addresses + # + } elsif ($ip->masklen() != $ip->bits()) { + # + # allow /32 for ivp4 and /128 for ipv6 + # + if ($ip->addr() eq $network->addr()) { + print "Can not assign network address as the IP address\n"; + exit 1; + } + if ($ip->addr() eq $bcast->addr()) { + print "Can not assign broadcast address as the IP address\n"; + exit 1; + } + } + + if (is_ip_duplicate($intf, $addr_net)) { + print "Error: duplicate address/prefix [$addr_net]\n"; + exit 1; + } + + if ($version == 4) { + if ($net > 0 && $net <= 32) { + exit 0; + } + } + if ($version == 6) { + if ($net > 1 && $net <= 128) { + exit 0; + } + } + + exit 1; +} + +# Validate the set of address values configured on an interface at commit +# time. Syntax of address values is checked at set time, so is not +# checked here. Instead, we check that full set of address address +# values are consistent. The only rule that we enforce here is that +# one may not configure an interface with both a DHCP address and a static +# IPv4 address. +# +sub is_valid_addr_commit { + my ($intf, @addrs) = @_; + + my $static_v4 = 0; + my $dhcp = 0; + + foreach my $addr (@addrs) { + if ($addr eq "dhcp") { + $dhcp = 1; + } else { + my $version = is_ip_v4_or_v6($addr); + if ($version == 4) { + $static_v4 = 1; + } + } + } + + if ($static_v4 == 1 && $dhcp == 1) { + printf("Error configuring interface $intf: Can't configure static\n"); + printf("IPv4 address and DHCP on the same interface.\n"); + exit 1; + } + + exit 0; +} + +# Is interface currently in admin down state? +sub is_intf_down { + my $name = shift; + my $intf = new Vyatta::Interface($name); + + return 1 unless $intf; + return ! $intf->up(); +} + +sub dhcp { + my ($request, $intf) = @_; + + die "$intf is not using DHCP to get an IP address\n" + unless is_dhcp_enabled($intf); + + die "$intf is disabled. Unable to release/renew lease\n" + if is_intf_down($intf); + + my $tmp_dhclient_dir = '/var/run/vyatta/dhclient/'; + my $release_file = $tmp_dhclient_dir . 'dhclient_release_' . $intf; + if ($request eq "release") { + die "IP address for $intf has already been released.\n" + if (-e $release_file); + + print "Releasing DHCP lease on $intf ...\n"; + stop_dhclient($intf); + mkdir ($tmp_dhclient_dir) if (! -d $tmp_dhclient_dir ); + touch ($release_file); + } elsif ($request eq "renew") { + print "Renewing DHCP lease on $intf ...\n"; + run_dhclient($intf); + unlink ($release_file); + } else { + die "Unknown DHCP request: $request\n"; + } + + exit 0; +} + +sub is_valid_name { + my ($type, $name) = @_; + die "Missing --dev argument\n" unless $name; + + my $intf = new Vyatta::Interface($name); + die "$name does not match any known interface name type\n" + unless $intf; + die "$name is a ", $intf->type(), " interface not an $type interface\n" + if ($type ne 'all' and $intf->type() ne $type); + die "$type interface $name does not exist on system\n" + unless grep { $name eq $_ } getInterfaces(); + exit 0; +} + +sub exists_name { + my $name = shift; + die "Missing --dev argument\n" unless $name; + + warn "interface $name does not exist on system\n" + unless grep { $name eq $_ } getInterfaces(); + exit 0; +} + +# generate one line with all known interfaces (for allowed) +sub show_interfaces { + my $type = shift; + my @interfaces = getInterfaces(); + my @match; + + foreach my $name (@interfaces) { + my $intf = new Vyatta::Interface($name); + next unless $intf; # skip unknown types + next unless ($type eq 'all' || $type eq $intf->type()); + + if ($vif_name) { + next unless $intf->vif(); + push @match, $intf->vif() + if ($vif_name eq $intf->physicalDevice()); + } else { + push @match, $name + unless $intf->vif() and $type ne 'all'; + } + } + print join(' ', @match), "\n"; +} + +sub show_config_path { + my $name = shift; + die "Missing --dev argument\n" unless $name; + my $intf = new Vyatta::Interface($name); + die "$name does not match any known interface name type\n" + unless $intf; + my $level = $intf->path(); + $level =~ s/ /\//g; + print "/opt/vyatta/config/active/$level\n"; +} + +sub get_ethtool { + my $dev = shift; + + open( my $ethtool, "sudo /usr/sbin/ethtool $dev 2>/dev/null |" ) + or die "ethtool failed: $!\n"; + + # ethtool produces: + # + # Settings for eth1: + # Supported ports: [ TP ] + # ... + # Speed: 1000Mb/s + # Duplex: Full + # ... + # Auto-negotiation: on + my ($rate, $duplex, $autoneg); + while (<$ethtool>) { + chomp; + if ( /^\s+Speed:\s([0-9]+)Mb\/s/ ) { + $rate = $1; + } elsif ( /^\s+Duplex:\s(.*)$/ ) { + $duplex = lc $1; + } elsif ( /^\s+Auto-negotiation: on/ ) { + $autoneg = 1; + } + } + close $ethtool; + return ($rate, $duplex, $autoneg); +} + +sub set_speed_duplex { + my ($intf, $nspeed, $nduplex) = @_; + die "Missing --dev argument\n" unless $intf; + + my ($ospeed, $oduplex, $autoneg) = get_ethtool($intf); + + # Don't change settings if already okay. + if ($autoneg) { + return if ($nspeed eq 'auto'); + } else { + return if (defined $ospeed && defined $oduplex && + $nspeed eq $ospeed && $nduplex eq $oduplex); + } + + my @cmd = ('sudo', 'ethtool', '-s', $intf ); + if ($nspeed eq 'auto') { + push @cmd, qw(autoneg on); + } else { + push @cmd, 'speed', $nspeed, 'duplex', $nduplex, 'autoneg', 'off'; + } + exec @cmd; + + die "Command failed: ", join(' ', @cmd); +} |