[RFC,2/2] network: add vpn security policies commands
| Message ID | 1499970814-14953-3-git-send-email-jonatan.schlag@ipfire.org |
|---|---|
| State | Superseded |
| Headers |
Return-Path: <network-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.ipfire.org (Postfix) with ESMTP id 49BDD60366 for <patchwork@ipfire.org>; Thu, 13 Jul 2017 20:33:45 +0200 (CEST) Received: from mail01.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 1A54C2599; Thu, 13 Jul 2017 20:33:45 +0200 (CEST) Received: from ipfire.localdomain (dslb-088-073-208-102.088.073.pools.vodafone-ip.de [88.73.208.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id B360A27C5; Thu, 13 Jul 2017 20:33:42 +0200 (CEST) From: Jonatan Schlag <jonatan.schlag@ipfire.org> To: network@lists.ipfire.org Subject: [RFC 2/2] network: add vpn security policies commands Date: Thu, 13 Jul 2017 20:33:34 +0200 Message-Id: <1499970814-14953-3-git-send-email-jonatan.schlag@ipfire.org> X-Mailer: git-send-email 2.6.3 In-Reply-To: <1499970814-14953-1-git-send-email-jonatan.schlag@ipfire.org> References: <1499970814-14953-1-git-send-email-jonatan.schlag@ipfire.org> X-BeenThere: network@lists.ipfire.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: List for the network package <network.lists.ipfire.org> List-Unsubscribe: <http://lists.ipfire.org/mailman/options/network>, <mailto:network-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/network/> List-Post: <mailto:network@lists.ipfire.org> List-Help: <mailto:network-request@lists.ipfire.org?subject=help> List-Subscribe: <http://lists.ipfire.org/mailman/listinfo/network>, <mailto:network-request@lists.ipfire.org?subject=subscribe> Errors-To: network-bounces@lists.ipfire.org Sender: "network" <network-bounces@lists.ipfire.org> |
Message
Jonatan Schlag
July 14, 2017, 4:33 a.m. UTC
Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
---
src/network | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 65 insertions(+), 2 deletions(-)
Comments
Hi, On Thu, 2017-07-13 at 20:33 +0200, Jonatan Schlag wrote: > Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> > --- > src/network | 67 > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- > 1 file changed, 65 insertions(+), 2 deletions(-) > > diff --git a/src/network b/src/network > index 154d253..e7b637c 100644 > --- a/src/network > +++ b/src/network > @@ -1194,7 +1194,6 @@ cli_reset() { > fi > > warning_log "Will reset the whole network configuration!!!" > - > # Force mode is disabled by default > local force=0 > This change doesn't have anything to do with the sec pols. > @@ -1384,13 +1383,77 @@ cli_raw() { > exit ${EXIT_OK} > } > > +cli_vpn() { > + > + local action > + action=${1} > + shift 1 Just no :) > + > + case "${action}" in > + security-policies) > + cli_vpn_security-policies $@ > + ;; > + *) > + error "Unrecognized argument: ${action}" > + exit ${EXIT_ERROR} > + ;; > + esac > +} > + > +cli_vpn_security-policies() { Try to avoid a dash in the function name. > + > + local action > + local security_policy > + > + if vpn_security_policy_exists ${1}; then > + > + security_policy=${1} > + key=${2} > + shift 2 > + > + case "${key}" in > + cipher|compression|integrity|lifetime|pfs|sh > ow) > + vpn_security_policies_${key} > ${security_policy} $@ > + ;; > + group-type) > + vpn_security_policies_group_type > ${security_policy} $@ > + ;; > + key-exchange) > + vpn_security_policies_key_exchange > ${security_policy} $@ > + ;; > + *) > + error "Unrecognized argument: > ${key}" > + exit ${EXIT_ERROR} > + ;; > + esac > + else > + action=${1} > + shift > + > + case "${action}" in > + new) > + vpn_security_policies_new $@ > + ;; > + destroy) > + vpn_security_policies_destroy $@ > + ;; > + ""|*) > + if [ -n "${action}" ]; then > + error "Unrecognized > argument: '${action}'" > + fi > + exit ${EXIT_ERROR} > + ;; > + esac > + fi > +} > + > # Process the given action > case "${action}" in > init) > init_run > ;; > > - settings|hostname|port|device|zone|start|stop|restart|status > |reset|route) > + settings|hostname|port|device|zone|start|stop|restart|status > |reset|route|vpn) > cli_${action} $@ > ;; > -Michael
Am Fr, 14. Jul, 2017 um 1:25 schrieb Michael Tremer <michael.tremer@ipfire.org>: > Hi, > > On Thu, 2017-07-13 at 20:33 +0200, Jonatan Schlag wrote: >> Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> >> --- >> src/network | 67 >> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- >> 1 file changed, 65 insertions(+), 2 deletions(-) >> >> diff --git a/src/network b/src/network >> index 154d253..e7b637c 100644 >> --- a/src/network >> +++ b/src/network >> @@ -1194,7 +1194,6 @@ cli_reset() { >> fi >> >> warning_log "Will reset the whole network configuration!!!" >> - >> # Force mode is disabled by default >> local force=0 >> > > This change doesn't have anything to do with the sec pols. > >> @@ -1384,13 +1383,77 @@ cli_raw() { >> exit ${EXIT_OK} >> } >> >> +cli_vpn() { >> + >> + local action >> + action=${1} >> + shift 1 > > Just no :) This is not understandable :). What just no or why? > > >> + >> + case "${action}" in >> + security-policies) >> + cli_vpn_security-policies $@ >> + ;; >> + *) >> + error "Unrecognized argument: ${action}" >> + exit ${EXIT_ERROR} >> + ;; >> + esac >> +} >> + >> +cli_vpn_security-policies() { > > Try to avoid a dash in the function name. > >> + >> + local action >> + local security_policy >> + >> + if vpn_security_policy_exists ${1}; then >> + >> + security_policy=${1} >> + key=${2} >> + shift 2 >> + >> + case "${key}" in >> + cipher|compression|integrity|lifetime|pfs|sh >> ow) >> + vpn_security_policies_${key} >> ${security_policy} $@ >> + ;; >> + group-type) >> + vpn_security_policies_group_type >> ${security_policy} $@ >> + ;; >> + key-exchange) >> + vpn_security_policies_key_exchange >> ${security_policy} $@ >> + ;; >> + *) >> + error "Unrecognized argument: >> ${key}" >> + exit ${EXIT_ERROR} >> + ;; >> + esac >> + else >> + action=${1} >> + shift >> + >> + case "${action}" in >> + new) >> + vpn_security_policies_new $@ >> + ;; >> + destroy) >> + vpn_security_policies_destroy $@ >> + ;; >> + ""|*) >> + if [ -n "${action}" ]; then >> + error "Unrecognized >> argument: '${action}'" >> + fi >> + exit ${EXIT_ERROR} >> + ;; >> + esac >> + fi >> +} >> + >> # Process the given action >> case "${action}" in >> init) >> init_run >> ;; >> >> - settings|hostname|port|device|zone|start|stop|restart|status >> |reset|route) >> + settings|hostname|port|device|zone|start|stop|restart|status >> |reset|route|vpn) >> cli_${action} $@ >> ;; >> > > -Michael Jonatan
On Fri, 2017-07-14 at 13:58 +0200, Jonatan Schlag wrote: > > > Am Fr, 14. Jul, 2017 um 1:25 schrieb Michael Tremer <michael.tremer@i > pfire.org>: > > Hi, > > > > On Thu, 2017-07-13 at 20:33 +0200, Jonatan Schlag wrote: > > Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org> > > --- > > src/network | 67 > > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- > > 1 file changed, 65 insertions(+), 2 deletions(-) > > > > diff --git a/src/network b/src/network > > index 154d253..e7b637c 100644 > > --- a/src/network > > +++ b/src/network > > @@ -1194,7 +1194,6 @@ cli_reset() { > > fi > > > > warning_log "Will reset the whole network > > configuration!!!" > > - > > # Force mode is disabled by default > > local force=0 > > > > > > This change doesn't have anything to do with the sec pols. > > > > @@ -1384,13 +1383,77 @@ cli_raw() { > > exit ${EXIT_OK} > > } > > > > +cli_vpn() { > > + > > + local action > > + action=${1} > > + shift 1 > > > > Just no :) > > This is not understandable :). What just no or why? It should be: local action=${1} shift 1 We always do the assignment of the arguments of a function in one line. > > > > + > > + case "${action}" in > > + security-policies) > > + cli_vpn_security-policies $@ > > + ;; > > + *) > > + error "Unrecognized argument: ${action}" > > + exit ${EXIT_ERROR} > > + ;; > > + esac > > +} > > + > > +cli_vpn_security-policies() { > > > > Try to avoid a dash in the function name. > > > > + > > + local action > > + local security_policy > > + > > + if vpn_security_policy_exists ${1}; then > > + > > + security_policy=${1} > > + key=${2} > > + shift 2 > > + > > + case "${key}" in > > + cipher|compression|integrity|lifetime|pfs > > |sh > > ow) > > + vpn_security_policies_${key} > > ${security_policy} $@ > > + ;; > > + group-type) > > + vpn_security_policies_group_type > > ${security_policy} $@ > > + ;; > > + key-exchange) > > + vpn_security_policies_key_exchang > > e > > ${security_policy} $@ > > + ;; > > + *) > > + error "Unrecognized argument: > > ${key}" > > + exit ${EXIT_ERROR} > > + ;; > > + esac > > + else > > + action=${1} > > + shift > > + > > + case "${action}" in > > + new) > > + vpn_security_policies_new $@ > > + ;; > > + destroy) > > + vpn_security_policies_destroy $@ > > + ;; > > + ""|*) > > + if [ -n "${action}" ]; then > > + error "Unrecognized > > argument: '${action}'" > > + fi > > + exit ${EXIT_ERROR} > > + ;; > > + esac > > + fi > > +} > > + > > # Process the given action > > case "${action}" in > > init) > > init_run > > ;; > > > > - settings|hostname|port|device|zone|start|stop|restart|sta > > tus > > |reset|route) > > + settings|hostname|port|device|zone|start|stop|restart|sta > > tus > > |reset|route|vpn) > > cli_${action} $@ > > ;; > > > > > > -Michael > > Jonatan