#!/bin/sh
#
# manage network interfaces and configure some networking options

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

brdrev=$(cat /var/run/boardrev)
razorl_rev_p2i=3

if ! [ -x /sbin/ifup ]; then
    exit 0
fi

spoofprotect_rp_filter () {
    # This is the best method: turn on Source Address Verification and get
    # spoof protection on all current and future interfaces.

    if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
        for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
            echo 1 > $f
        done

        #BURT 932283 HACK (2015-Aug-06): Disable rp_filter to get eth0.64
        #   vlan to work again after kernel upgrade in 5.0X13002
        echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
        return 0
    else
        return 1
    fi
}

spoofprotect () {
    echo -n "Setting up IP spoofing protection: "
    if spoofprotect_rp_filter; then
        echo "rp_filter."
    else
        echo "FAILED."
    fi
}

ip_forward () {
    if [ -e /proc/sys/net/ipv4/ip_forward ]; then
        echo -n "Enabling packet forwarding..."
        echo 1 > /proc/sys/net/ipv4/ip_forward
        echo "done."
    fi
}

syncookies () {
    if [ -e /proc/sys/net/ipv4/tcp_syncookies ]; then
        echo -n "Enabling TCP/IP SYN cookies..."
        echo 1 > /proc/sys/net/ipv4/tcp_syncookies
        echo "done."
    fi
}

doopt () {
    optname=$1
    default=$2
    opt=`grep "^$optname=" /etc/network/options`
    if [ -z "$opt" ]; then
        opt="$optname=$default"
    fi
    optval=${opt#$optname=}
    if [ "$optval" = "yes" ]; then
        eval $optname
    fi
}

switch_version () {
    /usr/local/bin/switch_config_version.sh -f > /var/run/switch_version_controller
    chmod 666 /var/run/switch_version_controller
}

case "$1" in
    start)
        doopt spoofprotect yes
        doopt syncookies no
        doopt ip_forward no
        switch_version
        echo "Bringup loopback interface"
        ifconfig lo 127.0.0.1 up

        echo -n "Configuring network interfaces..."
        ifup eth0
        ifup eth1

        if [ ! -f "/var/run/RazorL" ] || [ "$brdrev" -ge "$razorl_rev_p2i" ] ; then

            # enable/disable ipv6 accept_ra now, before starting adapter
            # so it is in the right state on reboot
            grep "ra_disable.*1" < /mnt/logs/etc/rlm_config_from_filer
            accept_ra=$?
            echo ${accept_ra}  > /proc/sys/net/ipv6/conf/eth0.32/accept_ra
            echo 1  > /proc/sys/net/ipv4/conf/eth0.32/arp_ignore

            ifup eth0.64
            ifup eth0.16

            if ! ip route show | grep "127.0.0.0/8" &> /dev/null ; then
                route add -net 127.0.0.0 netmask 255.0.0.0 gw 127.0.0.1
            fi
        fi

        # Start eth0.32 networking setup in the background
        (/etc/init.d/do_eth032_networking.sh | /usr/bin/logger)&

        echo "done."
        ;;
    stop)
        if sed -n 's/^[^ ]* \([^ ]*\) \([^ ]*\) .*$/\1 \2/p' /proc/mounts |
          grep -q "^/ nfs$"; then
            echo "NOT deconfiguring network interfaces: / is an NFS mount"
        elif sed -n 's/^[^ ]* \([^ ]*\) \([^ ]*\) .*$/\1 \2/p' /proc/mounts |
          grep -q "^/ smbfs$"; then
            echo "NOT deconfiguring network interfaces: / is an SMB mount"
        elif sed -n 's/^[^ ]* \([^ ]*\) \([^ ]*\) .*$/\2/p' /proc/mounts |
          grep -qE '^(nfs[1234]?|smbfs|ncp|ncpfs|coda|cifs)$'; then
            echo "NOT deconfiguring network interfaces: network shares still mounted."
        else
            echo -n "Deconfiguring network interfaces..."
            ifdown eth0
            echo "done."
        fi

        if [ ! -f "/var/run/RazorL" ] || [ "$brdrev" -ge "$razorl_rev_p2i" ] ; then
            ifdown eth0.32
            ifdown eth0.64
            ifdown eth0.16
        fi
    ;;
    force-reload|restart)
        doopt spoofprotect yes
        doopt syncookies no
        doopt ip_forward no
        echo -n "Reconfiguring network interfaces..."
        ifdown eth0
        ifup eth0
        ifdown eth1
        ifup eth1

        if [ ! -f "/var/run/RazorL" ] || [ "$brdrev" -ge "$razorl_rev_p2i" ] ; then
            ifdown eth0.32
            ifdown eth0.64
            ifdown eth0.16
            ifup eth0.32
            ifup eth0.64
            ifup eth0.16
        fi

        echo "done."
    ;;
    *)
    echo "Usage: /etc/init.d/networking {start|stop|restart|force-reload}"
    exit 1
    ;;
esac

exit 0

