From patchwork Fri Feb 23 22:05:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jonatan Schlag via network X-Patchwork-Id: 1671 Return-Path: Received: from mail01.ipfire.org (mail01.ipfire.org [IPv6:2001:470:7183:25::1]) by web02.i.ipfire.org (Postfix) with ESMTP id 577C060AB7 for ; Fri, 23 Feb 2018 12:05:49 +0100 (CET) X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 2B17C108B8A1; Fri, 23 Feb 2018 11:06:04 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.ipfire.org; s=201801; t=1519383964; x=1521975964; bh=7RdgPw9le1tQS6iF5oU/MVEAAWQ+iLiOtM/STGLaJxU=; h=To:Subject:Date:Message-Id:From:Reply-To:Sender:From:To:Cc:Date: Content-Type:Message-ID:In-Reply-To:Subject:Reply-To:Sender; b=pWKuyXG9Mp20EKxERzpYmV7YsCg9b/O7ZFphRRF0nAH26UGEb0nYeWDvacn5KwtjU inHLmv9JUbXEJcpfHzvMwiafbbWFLcfSLR074S8k0UdJelwI/onRSrwqXkHYDe4kqU +kH2bu6eSctiDmN0oMEMFZSpqyfSHFDKdomVIq38z3AH2aD8LA2qeih9iO9h1FPhZH N6B+KmkjMQcW9+7H2hkW7DLxh7OJ597Q5Z+ySQGpxExUYaWhfacR017+kA3fDBGCW4 8n892zixD8Q/eE1zqSX6kRUzb5SxXFqD+zwXvi/NQylLPSX66N5Od3oAKMoaVHSEJv XFbiDHDaNVEnA== X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from localhost.localdomain (unknown [10.172.1.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 660AE108B8A1; Fri, 23 Feb 2018 11:06:00 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ipfire.org; s=201801; t=1519383960; x=1521975960; bh=7RdgPw9le1tQS6iF5oU/MVEAAWQ+iLiOtM/STGLaJxU=; h=From:To:Cc:Subject:Date:Message-Id:From:To:Cc:Date:Content-Type: Message-ID:In-Reply-To:Subject:Reply-To:Sender; b=dsiT91EMGS3TQ6tHeppZz6FqS3LoLf+N80tPSFzM1mUGxQb4YLt4+NUvyVxBbyqBe NSxhvnW/S06jqvTWt6LxJE3/REAA3On/M3+ZKo5UYHz2R73g33Bdt39VpsjxYu+lQX 8X3em6eCrXPIctpNElz5gH6t6hG34lGh1HQZ7C7pKmvWss4nao9UZCZozalId6+hsT Sxa4LXtnCXfal2QZHG8Kjo0szdpYrQrfsy+jMFGYBtBbOOp+qvtO010wS62sv8bVkD 59YSLD5rLezFJ6ac+YIhP41UzU+JuhZDSzOuYXi09cMT244QSQtrd/SkggvGRv/yaS +utceyrF57QGw== To: network@lists.ipfire.org Subject: [PATCH 1/3] Add new function: device_get_by_assigned_ip_address() Date: Fri, 23 Feb 2018 11:05:33 +0000 Message-Id: <1519383935-3556-1-git-send-email-jonatan.schlag@ipfire.org> X-Mailer: git-send-email 2.6.3 X-BeenThere: network@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List for the network package List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Jonatan Schlag via network From: Jonatan Schlag via network Reply-To: Jonatan Schlag Errors-To: network-bounces@lists.ipfire.org Sender: "network" This function is used to get a device from an IP address which is assigned to the device. This function needs to be introduced to set the routes for IPsec correctly. Signed-off-by: Jonatan Schlag --- src/functions/functions.device | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/src/functions/functions.device b/src/functions/functions.device index cb4911f..2de1ad9 100644 --- a/src/functions/functions.device +++ b/src/functions/functions.device @@ -1058,3 +1058,30 @@ device_queue_set_smp_affinity() { __processor_id_to_bitmap ${processor} > ${path} } + +# Tries to find a device which has the given IP address assigned +device_get_by_assigned_ip_address() { + local ip=${1} + + assert isset ip + + local device + + # Read the first line of ip addr show to + read -r device <<< $(ip addr show to "${ip}") + + # If we did not found a device we return with ${EXIT_ERROR} + if ! isset device; then + return ${EXIT_ERROR} + fi + + # We get something like: + # 3: upl0: mtu 1500 qdisc mq state UP group default qlen 1000 + # and we want upl0 so we take the second word and removing the : + device=(${device}) + device=${device[1]} + device=${device%:} + + print "${device}" + return ${EXIT_OK} +} From patchwork Fri Feb 23 22:05:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jonatan Schlag via network X-Patchwork-Id: 1672 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.i.ipfire.org (Postfix) with ESMTP id 0BC9660AB7 for ; Fri, 23 Feb 2018 12:05:56 +0100 (CET) X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 60033108B8A1; Fri, 23 Feb 2018 11:06:11 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.ipfire.org; s=201801; t=1519383971; x=1521975971; bh=d2aZQjFJCmw6U7895hEcqsqUkk0rt1C9G/k+8olx1rg=; h=To:Subject:Date:Message-Id:In-Reply-To:From:Reply-To:Sender:From: To:Cc:Date:Content-Type:Message-ID:In-Reply-To:Subject:Reply-To: Sender; b=iHWbybxXQCKP+q0eZSos0xzy2Fti8HA5RK7PICNBbdOXxB7uHdOApFp3Xmzt3F+bK ar5ca6WJVe0fl8yDYYAWj6/RqmKmh9pkzgIseZ4nb51iDb1ESQIQbl8HZBO0NGhJZ+ nr1SowrolJ0cyHj1jd6Uc25n7og6bFdIYpMHHHZeEuyKsZRIqhHpQzyEFiNt+NMeGZ lYCtjXgKlAI/mnrOhqwZ08Ti3Hx6D66W3AlNxZ8+u500+NI50fgDCTiMA6dzYimmEm fDOz+3A/s/Z6cZUi5BWmV9pffufdu3qAP7lgHEBDRu65sg7VRCQW5jL70knT59WfYu uj2mWxVDsQ3MQ== X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from localhost.localdomain (unknown [10.172.1.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id DB25F108B8A1; Fri, 23 Feb 2018 11:06:09 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ipfire.org; s=201801; t=1519383970; x=1521975970; bh=d2aZQjFJCmw6U7895hEcqsqUkk0rt1C9G/k+8olx1rg=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:From:To:Cc:Date: Content-Type:Message-ID:In-Reply-To:Subject:Reply-To:Sender; b=dM98805FldbQmuZ2aNWjev8gjp7NzuSNwlbD4PMrvRyCboXn2VV011PKSCEJI6szj MYB4NNZoNMyiR+iS53bXseG7qTJzuxC45ohVfH/DjNuvopcJE5znzwGJSwTKWtRJ0W +8RHPU07R2pPG5x2NzknL8J84PXY87nlszJoOXTTnBxiM8XH1FqpgJuwCqoAEd3zmH qva9Y7H26c1QRJIWPTo0PfIY19T5q/XyUfcAg18KDIUr8MFsbo5XhBOBGrj/ZK2S1N zPVpaUGbUSLTQubAT9FgunW9dAf4l9bYyP7HwyHF7tUqUxe81UrxRGqpAi/fiCQrFc FYRuRYl8uYPhw== To: network@lists.ipfire.org Subject: [PATCH 2/3] Add new function ip_get__assigned_addresses_from_net() Date: Fri, 23 Feb 2018 11:05:34 +0000 Message-Id: <1519383935-3556-2-git-send-email-jonatan.schlag@ipfire.org> X-Mailer: git-send-email 2.6.3 In-Reply-To: <1519383935-3556-1-git-send-email-jonatan.schlag@ipfire.org> References: <1519383935-3556-1-git-send-email-jonatan.schlag@ipfire.org> X-BeenThere: network@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List for the network package List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Jonatan Schlag via network From: Jonatan Schlag via network Reply-To: Jonatan Schlag Errors-To: network-bounces@lists.ipfire.org Sender: "network" This function is neede by IPsec to set the routes correctly. We can now now find a source IP for a given net. This way is ugly because the source IP is unpredictable if we get multiple IPs. Signed-off-by: Jonatan Schlag --- src/functions/functions.ip | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/src/functions/functions.ip b/src/functions/functions.ip index 3b43da7..ef40bcc 100644 --- a/src/functions/functions.ip +++ b/src/functions/functions.ip @@ -205,3 +205,28 @@ ip_address_del() { return ${EXIT_OK} } + +# Get all currently assigned addresse for a given network +ip_get_assigned_addresses_from_net() { + local net=${1} + shift + local args="$@" + + assert ip_net_is_valid ${net} + + local line + local ips + + # We read the output of $(ip addr show to ${net} ${args}) + while read -r line; do + # We are only interested in lines which start with inet or inet6 + [[ "${line}" =~ ^(inet6 |inet ) ]] || continue + + # We need the second word the line + line=(${line}) + list_append "ips" "$(ip_split_prefix "${line[1]}")" + done <<< "$(ip addr show to "${net}" ${args})" + + # We sort the list to get the lowest IP as first item + print "$(list_sort ${ips})" +} From patchwork Fri Feb 23 22:05:35 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jonatan Schlag via network X-Patchwork-Id: 1673 Return-Path: Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.i.ipfire.org (Postfix) with ESMTP id B4AD460AB7 for ; Fri, 23 Feb 2018 12:06:02 +0100 (CET) X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 242CB108B8A1; Fri, 23 Feb 2018 11:06:18 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.ipfire.org; s=201801; t=1519383978; x=1521975978; bh=5y/ZOYWcDPl8aY3fqqLiIPz+Jv+DkQoWHo104IaPqh0=; h=To:Subject:Date:Message-Id:In-Reply-To:From:Reply-To:Sender:From: To:Cc:Date:Content-Type:Message-ID:In-Reply-To:Subject:Reply-To: Sender; b=cVlJytyzo8b4RarY/j6WzH0m8RKa/bqEJtG+lLceouhF7elYX8eVR2zU3gkkOS37y X7hN/hGLp57EXLZPlapWy9fmzNL0t9+HxNuKAjb1nG1fLq/+k5h2ErBBpTdgkkGijs ufvLkvlZdMiJiOA9kLKaIimZr0sQRss15omr+qQq/YXGkftmASDQgvjjlCwTqyr2RC KXAjUmLM0qSJaPtggp7MlhetKHqBNPmI2mc813Rmwp17afSOtZjVwKlV5eJcJ9Bc2h gqCwAv2QQUsQHaYVaGZGQ0cA+qPpwTP6xUoHsd/42Po0aJjJcOHiVYqlHl28eOrMV3 DgIfqcW2r0sZA== X-Virus-Scanned: ClamAV at mail01.ipfire.org Received: from localhost.localdomain (unknown [10.172.1.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 94148108B8A1; Fri, 23 Feb 2018 11:06:15 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ipfire.org; s=201801; t=1519383975; x=1521975975; bh=5y/ZOYWcDPl8aY3fqqLiIPz+Jv+DkQoWHo104IaPqh0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:From:To:Cc:Date: Content-Type:Message-ID:In-Reply-To:Subject:Reply-To:Sender; b=YAfyeiX2ZxFD2zk4sRbAchOindCrFi2PNYG4R9sM2H0O4Ra71Pa3GpHpbVvJjSHKH Q2uY8QeEUa5ELeqP/cwrHW7JfkOcEgypD99v+FPnUoo78gPWLsCTTmiRwAl0WS2G2f SE1pakHncbCdbQZ2Vzi1M1J33zHkIrp5er53ux5egxJRYyPCnM9TMTyp0Xy+/lScj5 HJf+v/6J1L9ete/nMOJ+dhDn/UV/JxUI7RXiymXdM7HgLom0n1mQqZxRKz+FiCSttX gsr7Z1qCqbfzOCaMHshGwee2XGzwpS5DVSN5TJMFmkckAcqcnB8iQB1xEjmE7Bf6gZ 6nCkGeWDUgSvA== To: network@lists.ipfire.org Subject: [PATCH 3/3] IPsec: Log the content of all PLUTO variables in debug mode Date: Fri, 23 Feb 2018 11:05:35 +0000 Message-Id: <1519383935-3556-3-git-send-email-jonatan.schlag@ipfire.org> X-Mailer: git-send-email 2.6.3 In-Reply-To: <1519383935-3556-1-git-send-email-jonatan.schlag@ipfire.org> References: <1519383935-3556-1-git-send-email-jonatan.schlag@ipfire.org> X-BeenThere: network@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List for the network package List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Jonatan Schlag via network From: Jonatan Schlag via network Reply-To: Jonatan Schlag Errors-To: network-bounces@lists.ipfire.org Sender: "network" Signed-off-by: Jonatan Schlag --- src/helpers/ipsec-updown | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/helpers/ipsec-updown b/src/helpers/ipsec-updown index e4d704d..12ead03 100644 --- a/src/helpers/ipsec-updown +++ b/src/helpers/ipsec-updown @@ -29,6 +29,13 @@ network_settings_read # Make sure we are called by strongSwan assert isset PLUTO_VERSION +if enabled DEBUG; then + while read line; do + [[ ${line} =~ ^PLUTO_ ]] || continue + log DEBUG " ${line}" + done <<< "$(printenv | sort)" +fi + CONNECTION="${PLUTO_CONNECTION}" if ! ipsec_connection_read_config "${CONNECTION}"; then