[people/stevee/network.git] / functions.route

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2012  IPFire Network Development Team                         #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################
#
# Functions for static routing.
#

function route_init() {
	# Apply configured static routes.
	route_apply
}

init_register route_init

function route_add() {
	local ${NETWORK_CONFIG_ROUTES_PARAMS}

	while [ $# -gt 0 ]; do
		case "${1}" in
			--gateway=*)
				gateway=$(cli_get_val ${1})
				;;
			--unreachable)
				unreachable="true"
				;;
			--prohibit)
				prohibit="true"
				;;
			--blackhole)
				blackhole="true"
				;;
			*)
				network=${1}
				;;
		esac
		shift
	done

	assert isset network

	if ! ip_is_valid ${network}; then
		error "The given network is invalid: ${network}"
		return ${EXIT_ERROR}
	fi

	if route_find_duplicate ${network}; then
		error "A route to ${network} does already exist."
		return ${EXIT_ERROR}
	fi

	# Check if gateway and unreachable are both enabled.
	if isset gateway; then
		if enabled unreachable; then
			error "You cannot use both, --gateway=${gateway} and --unreachable at the same time."
			return ${EXIT_ERROR}
		fi

		if enabled prohibit; then
			error "You cannot use both, --gateway=${gateway} and --prohibit at the same time."
			return ${EXIT_ERROR}
		fi

		if enabled blackhole; then
			error "You cannot use both, --gateway=${gateway} and --blackhole at the same time."
			return ${EXIT_ERROR}
		fi

		# Check if network and gateway IP protocol version match.
		if ! ip_is_valid ${gateway}; then
			error "--gateway= is not a valid IP address."
			return ${EXIT_ERROR}
		fi

		local network_proto=$(ip_detect_protocol ${network})
		local gateway_proto=$(ip_detect_protocol ${gateway})

		if [ "${network_proto}" != "${gateway_proto}" ]; then
			error "The IP protocol version of the given network and gateway did not match."
			return ${EXIT_ERROR}
		fi

	else
		local counter=$(list_count true ${unreachable} ${prohibit} ${blackhole})
		if [ ${counter} -gt 1 ]; then
			error "You can only use one of --unreachable, --prohibit or --blackhole."
			return ${EXIT_ERROR}
		fi
	fi

	local line
	list_append line "network=\"${network}\""

	# Add gateway to configuration entry when it is set.
	if isset gateway; then
		list_append line "gateway=\"${gateway}\""
	fi

	# Add unreachable to configuration entry when it is set.
	local arg
	for arg in unreachable prohibit blackhole; do
		if enabled ${arg}; then
			list_append line "${arg}=\"true\""
			break
		fi
	done

	# Write line to file.
	print "${line}" >> ${NETWORK_CONFIG_ROUTES}

	log INFO "New route to network '${network}' has been added."
	return ${EXIT_OK}
}

function route_remove() {
	local _network=${1}
	assert isset _network

	local found="false"

	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	local line
	while read line; do
		route_parse_line ${line}
		[ $? -eq ${EXIT_OK} ] || continue

		# Skip the rule, we want to delete.
		if [ "${network}" = "${_network}" ]; then
			found="true"
			continue
		fi

		print "${line}"
	done < ${NETWORK_CONFIG_ROUTES} > ${NETWORK_CONFIG_ROUTES}.tmp
	mv ${NETWORK_CONFIG_ROUTES}{.tmp,}

	if enabled found; then
		log INFO "Route to network '${_network}' has been removed."
	else
		error "No route to network '${_network}' was found."
		return ${EXIT_ERROR}
	fi

	return ${EXIT_OK}
}

function route_list() {
	local protocol

	while [ $# -gt 0 ]; do
		case "${1}" in
			--protocol=*)
				protocol=$(cli_get_val ${1})
				;;
			*)
				warning "Unrecognized argument: ${1}"
				;;
		esac
		shift
	done

	if [ ! -r "${NETWORK_CONFIG_ROUTES}" ]; then
		print "No static routes defined."
		return ${EXIT_OK}
	fi

	local format="%-40s %-20s"
	print "${format}" "NETWORK/HOST" "GATEWAY"

	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	local line
	while read line; do
		route_parse_line ${line}
		[ $? -eq ${EXIT_OK} ] || continue

		local arg
		for arg in unreachable prohibit blackhole; do
			if enabled ${arg}; then
				gateway="<${arg}>"
				break
			fi
		done

		# Filter all entries with a wrong protocol.
		if isset protocol; then
			local proto=$(ip_detect_protocol ${network})
			[ "${protocol}" = "${proto}" ] || continue
		fi

		print "${format}" "${network}" "${gateway}"
	done < ${NETWORK_CONFIG_ROUTES}
}

function route_find_duplicate() {
	local _network=${1}

	[ -r "${NETWORK_CONFIG_ROUTES}" ] || return ${EXIT_FALSE}

	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	local line
	while read line; do
		route_parse_line ${line}
		[ $? -eq ${EXIT_OK} ] || continue

		# Check if the network is already in use.
		[ "${network}" = "${_network}" ] && return ${EXIT_TRUE}
	done < ${NETWORK_CONFIG_ROUTES}

	return ${EXIT_FALSE}
}

function route_parse_line() {
	local arg

	# Reset all possible settings.
	for arg in ${NETWORK_CONFIG_ROUTES_PARAMS}; do
		printf -v ${arg} "%s" ""
	done

	while read arg; do
		case "${arg}" in
			network=*)
				network=$(cli_get_val ${arg})
				;;
			gateway=*)
				gateway=$(cli_get_val ${arg})
				;;
			unreachable=*)
				unreachable=$(cli_get_val ${arg})
				;;
			prohibit=*)
				prohibit=$(cli_get_val ${arg})
				;;
			blackhole=*)
				blackhole=$(cli_get_val ${arg})
				;;
		esac
	done <<< "$(args $@)"

	### Check if all values are correctly set.

	# network must be set.
	isset network || return ${EXIT_ERROR}

	# network must be a valid.
	ip_is_network ${network} || return ${EXIT_ERROR}

	# Check gateway settings.
	if isset gateway; then
		# When gateway is set, unreachable cannot be set.
		isset unreachable && return ${EXIT_ERROR}

		# Must be a valid IP address.
		ip_is_valid ${gateway} || return ${EXIT_ERROR}
	else
		# Check if exactly one of unreachable, prohibit or blackhole is set.
		local counter=$(list_count true ${unreachable} ${prohibit} ${blackhole})
		[ ${counter} -eq 1 ] || return ${EXIT_ERROR}
	fi

	return ${EXIT_OK}
}

function route_apply() {
	local table="static"
	local type

	# Flush the routing table.
	route_table_flush ${table}

	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	local line
	while read line; do
		route_parse_line ${line}
		[ $? -eq ${EXIT_OK} ] || continue

		type="unicast"
		local arg
		for arg in unreachable prohibit blackhole; do
			if enabled ${arg}; then
				type="${arg}"
				break
			fi
		done

		# Add the route.
		route_entry_add ${network} --table="static" --proto="static" \
			--type="${type}" --gateway="${gateway}"
		local ret=$?

		if [ ${ret} -ne ${EXIT_OK} ]; then
			log WARNING "Could not set route '${network}'."
		fi
	done < ${NETWORK_CONFIG_ROUTES}

	# Create a lookup rule for the static routing table.
	route_rule_add --lookup="static" --priority=1000
}

function route_entry_add() {
	local gateway
	local network
	local proto
	local table
	local type="unicast"

	local command

	while [ $# -gt 0 ]; do
		case "${1}" in
			--gateway=*)
				gateway=$(cli_get_val ${1})
				;;
			--table=*)
				table=$(cli_get_val ${1})
				;;
			--type=*)
				type=$(cli_get_val ${1})
				;;
			--proto=*)
				proto=$(cli_get_val ${1})
				;;
			*)
				if isset network; then
					warning "Unrecognized argument: ${1}"
				else
					network=${1}
				fi
				;;
		esac
		shift
	done

	# Validate input.
	assert isoneof type unicast broadcast unreachable prohibit blackhole
	assert ip_is_network ${network}

	# Detect the protocol of the given network.
	local protocol=$(ip_detect_protocol ${network})
	case "${protocol}" in
		ipv6)
			command="ip -6 route add"
			;;
		ipv4)
			command="ip route add"
			;;
	esac
	assert isset command

	# Add type.
	list_append command "${type}"

	# Add network/prefix.
	list_append command "${network}"

	if [ "${type}" = "unicast" ]; then
		assert isset gateway
		assert ip_is_valid ${gateway}

		list_append command "via ${gateway}"
	fi

	# Add table (if any).
	if isset table; then
		# Create routing table, if it does not exist, yet.
		route_table_create ${table}

		list_append command "table ${table}"
	fi

	# Add proto.
	if isset proto; then
		list_append command "proto ${proto}"
	fi

	cmd "${command}"
}

function route_table_create() {
	local table=${1}
	assert isset table

	if route_table_exists ${table}; then
		return ${EXIT_OK}
	fi

	# Get the next free id.
	local id=$(_route_table_next_id)
	assert isset id

	# Write everything to file.
	print "%d\t%s" "${id}" "${table}" >> /etc/iproute2/rt_tables

	log DEBUG "Created routing table '${table}'."

	return ${EXIT_OK}
}

function _route_table_next_id() {
	# The Linux kernel is able to manage 255 routing tables (1-255).
	# This function returns the next free id, starting from 255.
	local next_id

	for next_id in {255..1}; do
		if ! route_table_exists --id="${next_id}"; then
			print "${next_id}"
			return ${EXIT_OK}
		fi
	done

	return ${EXIT_FALSE}
}

function route_table_flush() {
	local protocol
	local table

	while [ $# -gt 0 ]; do
		case "${1}" in
			--protocol=*)
				protocol=$(cli_get_val ${1})
				;;
			*)
				table="${1}"
				;;
		esac
		shift
	done

	# If the table does not exists, there is nothing to
	# flush.
	route_table_exists ${table} || return ${EXIT_OK}

	local command
	local proto
	for proto in ${IP_SUPPORTED_PROTOCOLS}; do
		# Skip unwanted protocols.
		if isset protocol; then
			[ "${protocol}" = "${proto}" ] || continue
		fi

		command=""
		case "${proto}" in
			ipv6)
				command="ip -6 route flush"
				;;
			ipv4)
				command="ip route flush"
				;;
		esac
		assert isset command

		list_append command "table ${table}"

		# Execute command.
		cmd "${command}"
	done

	return ${EXIT_OK}
}

function route_table_exists() {
	local _id _table

	while [ $# -gt 0 ]; do
		case "${1}" in
			--id=*)
				_id=$(cli_get_val ${1})
				;;
			*)
				_table=${1}
				break
				;;
		esac
		shift
	done

	local id table
	while read -r id table; do
		# Skip all comments.
		[ "${id:0:1}" = "#" ] && continue

		if [ "${_table}" = "${table}" ] || [ "${_id}" = "${id}" ]; then
			# Found a match.
			return ${EXIT_TRUE}
		fi
	done < /etc/iproute2/rt_tables

	return ${EXIT_FALSE}
}

function route_rule_add() {
	local priority
	local protocols=${IP_SUPPORTED_PROTOCOLS}
	local lookup

	while [ $# -gt 0 ]; do
		case "${1}" in
			--lookup=*)
				lookup=$(cli_get_val ${1})
				;;
			--priority=*)
				priority=$(cli_get_val ${1})
				;;
			--protocol=*)
				protocols=$(cli_get_val ${1})

				assert isoneof protocols ${IP_SUPPORTED_PROTOCOLS}
				;;
			*)
				warning "Unhandled argument: ${1}"
				;;
		esac
		shift
	done

	local command options

	if isset lookup; then
		route_table_create ${lookup}

		list_append options "lookup ${lookup}"
	fi

	if isset priority; then
		assert isinteger priority

		list_append options "prio ${priority}"
	fi

	local proto
	for proto in ${protocols}; do
		command=
		case "${proto}" in
			ipv6)
				command="ip -6 rule add  ${options}"
				;;
			ipv4)
				command="ip rule add ${options}"
				;;
		esac
		assert isset command

		# Skip, if the rule does already exist.
		route_rule_exists \
			--protocol=${proto} \
			--lookup=${lookup} \
			--priority=${priority} \
			&& continue

		cmd "${command}"
	done
}

function route_rule_exists() {
	local from
	local lookup
	local proto
	local prio

	while [ $# -gt 0 ]; do
		case "${1}" in
			--from=*)
				from=$(cli_get_val ${1})
				;;
			--lookup=*)
				lookup=$(cli_get_val ${1})
				;;
			--priority=*)
				prio=$(cli_get_val ${1})
				;;
			--protocol=*)
				proto=$(cli_get_val ${1})
				;;
			*)
				warning "Unrecognized argument: ${1}"
				;;
		esac
		shift
	done

	local command
	case "${proto}" in
		ipv6)
			command="ip -6 rule show"
			;;
		ipv4)
			command="ip rule show"
			;;
	esac
	assert isset command

	local _lookup _from _prio
	local line
	while read -r line; do
		_route_rule_exists_parse ${line}

		if isset from; then
			[ "${from}" = "${_from}" ] || continue
		fi

		if isset prio; then
			[ "${prio}" = "${_prio}" ] || continue
		fi

		if isset lookup; then
			[ "${lookup}" = "${_lookup}" ] || continue
		fi

		return ${EXIT_TRUE}
	done <<< "$(${command})"

	return ${EXIT_FALSE}
}

function _route_rule_exists_parse() {
	# Reset all variables.
	_lookup=
	_from=
	_prio=

	while [ $# -gt 0 ]; do
		case "${1}" in
			lookup)
				_lookup=${2}
				shift 2
				;;
			from)
				_from=${2}
				shift 2
				;;
			*:)
				_prio=${1//:/}
				shift
				;;
			*)
				# Skip unknown arguments.
				shift
				;;
		esac
	done
}
Commit	Line	Data
cb965348 MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2012 IPFire Network Development Team #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21	#
	22	# Functions for static routing.
	23	#
	24
d2021e87 MT	25	function route_init() {
	26	# Apply configured static routes.
	27	route_apply
	28	}
	29
	30	init_register route_init
	31
cb965348 MT	32	function route_add() {
	33	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	34
	35	while [ $# -gt 0 ]; do
	36	case "${1}" in
	37	--gateway=*)
	38	gateway=$(cli_get_val ${1})
	39	;;
	40	--unreachable)
	41	unreachable="true"
	42	;;
55ea0266 MT	43	--prohibit)
	44	prohibit="true"
	45	;;
	46	--blackhole)
	47	blackhole="true"
	48	;;
cb965348 MT	49	*)
	50	network=${1}
	51	;;
	52	esac
	53	shift
	54	done
	55
	56	assert isset network
	57
	58	if ! ip_is_valid ${network}; then
	59	error "The given network is invalid: ${network}"
	60	return ${EXIT_ERROR}
	61	fi
	62
	63	if route_find_duplicate ${network}; then
	64	error "A route to ${network} does already exist."
	65	return ${EXIT_ERROR}
	66	fi
	67
	68	# Check if gateway and unreachable are both enabled.
cb965348	69	if isset gateway; then
55ea0266 MT	70	if enabled unreachable; then
	71	error "You cannot use both, --gateway=${gateway} and --unreachable at the same time."
	72	return ${EXIT_ERROR}
	73	fi
	74
	75	if enabled prohibit; then
	76	error "You cannot use both, --gateway=${gateway} and --prohibit at the same time."
	77	return ${EXIT_ERROR}
	78	fi
	79
	80	if enabled blackhole; then
	81	error "You cannot use both, --gateway=${gateway} and --blackhole at the same time."
	82	return ${EXIT_ERROR}
	83	fi
	84
	85	# Check if network and gateway IP protocol version match.
d2021e87 MT	86	if ! ip_is_valid ${gateway}; then
	87	error "--gateway= is not a valid IP address."
	88	return ${EXIT_ERROR}
	89	fi
	90
cb965348 MT	91	local network_proto=$(ip_detect_protocol ${network})
	92	local gateway_proto=$(ip_detect_protocol ${gateway})
	93
	94	if [ "${network_proto}" != "${gateway_proto}" ]; then
	95	error "The IP protocol version of the given network and gateway did not match."
	96	return ${EXIT_ERROR}
	97	fi
55ea0266 MT	98
	99	else
	100	local counter=$(list_count true ${unreachable} ${prohibit} ${blackhole})
	101	if [ ${counter} -gt 1 ]; then
	102	error "You can only use one of --unreachable, --prohibit or --blackhole."
	103	return ${EXIT_ERROR}
	104	fi
cb965348 MT	105	fi
	106
	107	local line
	108	list_append line "network=\"${network}\""
	109
	110	# Add gateway to configuration entry when it is set.
	111	if isset gateway; then
	112	list_append line "gateway=\"${gateway}\""
	113	fi
	114
	115	# Add unreachable to configuration entry when it is set.
55ea0266 MT	116	local arg
	117	for arg in unreachable prohibit blackhole; do
	118	if enabled ${arg}; then
	119	list_append line "${arg}=\"true\""
	120	break
	121	fi
	122	done
cb965348 MT	123
	124	# Write line to file.
	125	print "${line}" >> ${NETWORK_CONFIG_ROUTES}
	126
	127	log INFO "New route to network '${network}' has been added."
	128	return ${EXIT_OK}
	129	}
	130
	131	function route_remove() {
	132	local _network=${1}
	133	assert isset _network
	134
	135	local found="false"
	136
	137	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	138	local line
	139	while read line; do
	140	route_parse_line ${line}
	141	[ $? -eq ${EXIT_OK} ] \|\| continue
	142
	143	# Skip the rule, we want to delete.
	144	if [ "${network}" = "${_network}" ]; then
	145	found="true"
	146	continue
	147	fi
	148
	149	print "${line}"
	150	done < ${NETWORK_CONFIG_ROUTES} > ${NETWORK_CONFIG_ROUTES}.tmp
	151	mv ${NETWORK_CONFIG_ROUTES}{.tmp,}
	152
	153	if enabled found; then
	154	log INFO "Route to network '${_network}' has been removed."
	155	else
	156	error "No route to network '${_network}' was found."
	157	return ${EXIT_ERROR}
	158	fi
	159
	160	return ${EXIT_OK}
	161	}
	162
	163	function route_list() {
	164	local protocol
	165
	166	while [ $# -gt 0 ]; do
	167	case "${1}" in
	168	--protocol=*)
	169	protocol=$(cli_get_val ${1})
	170	;;
	171	*)
	172	warning "Unrecognized argument: ${1}"
	173	;;
	174	esac
	175	shift
	176	done
	177
	178	if [ ! -r "${NETWORK_CONFIG_ROUTES}" ]; then
	179	print "No static routes defined."
	180	return ${EXIT_OK}
	181	fi
	182
	183	local format="%-40s %-20s"
	184	print "${format}" "NETWORK/HOST" "GATEWAY"
	185
	186	local ${NETWORK_CONFIG_ROUTES_PARAMS}
187	local line
188	while read line; do
189	route_parse_line ${line}
190	[ $? -eq ${EXIT_OK} ] \|\| continue
191
55ea0266 MT	192	local arg
	193	for arg in unreachable prohibit blackhole; do
	194	if enabled ${arg}; then
	195	gateway="<${arg}>"
	196	break
	197	fi
	198	done
cb965348 MT	199
	200	# Filter all entries with a wrong protocol.
	201	if isset protocol; then
	202	local proto=$(ip_detect_protocol ${network})
	203	[ "${protocol}" = "${proto}" ] \|\| continue
	204	fi
	205
	206	print "${format}" "${network}" "${gateway}"
	207	done < ${NETWORK_CONFIG_ROUTES}
	208	}
	209
	210	function route_find_duplicate() {
	211	local _network=${1}
	212
	213	[ -r "${NETWORK_CONFIG_ROUTES}" ] \|\| return ${EXIT_FALSE}
	214
	215	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	216	local line
	217	while read line; do
	218	route_parse_line ${line}
d2021e87	219	[ $? -eq ${EXIT_OK} ] \|\| continue
cb965348 MT	220
	221	# Check if the network is already in use.
	222	[ "${network}" = "${_network}" ] && return ${EXIT_TRUE}
	223	done < ${NETWORK_CONFIG_ROUTES}
	224
	225	return ${EXIT_FALSE}
	226	}
	227
	228	function route_parse_line() {
	229	local arg
	230
	231	# Reset all possible settings.
	232	for arg in ${NETWORK_CONFIG_ROUTES_PARAMS}; do
	233	printf -v ${arg} "%s" ""
	234	done
	235
	236	while read arg; do
	237	case "${arg}" in
	238	network=*)
	239	network=$(cli_get_val ${arg})
	240	;;
	241	gateway=*)
	242	gateway=$(cli_get_val ${arg})
	243	;;
	244	unreachable=*)
	245	unreachable=$(cli_get_val ${arg})
	246	;;
55ea0266 MT	247	prohibit=*)
	248	prohibit=$(cli_get_val ${arg})
	249	;;
	250	blackhole=*)
	251	blackhole=$(cli_get_val ${arg})
	252	;;
cb965348 MT	253	esac
	254	done <<< "$(args $@)"
	255
	256	### Check if all values are correctly set.
	257
	258	# network must be set.
	259	isset network \|\| return ${EXIT_ERROR}
	260
	261	# network must be a valid.
	262	ip_is_network ${network} \|\| return ${EXIT_ERROR}
	263
	264	# Check gateway settings.
	265	if isset gateway; then
	266	# When gateway is set, unreachable cannot be set.
	267	isset unreachable && return ${EXIT_ERROR}
	268
	269	# Must be a valid IP address.
	270	ip_is_valid ${gateway} \|\| return ${EXIT_ERROR}
	271	else
55ea0266 MT	272	# Check if exactly one of unreachable, prohibit or blackhole is set.
	273	local counter=$(list_count true ${unreachable} ${prohibit} ${blackhole})
	274	[ ${counter} -eq 1 ] \|\| return ${EXIT_ERROR}
cb965348 MT	275	fi
	276
	277	return ${EXIT_OK}
	278	}
d2021e87 MT	279
	280	function route_apply() {
	281	local table="static"
	282	local type
	283
	284	# Flush the routing table.
	285	route_table_flush ${table}
	286
	287	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	288	local line
	289	while read line; do
	290	route_parse_line ${line}
	291	[ $? -eq ${EXIT_OK} ] \|\| continue
	292
	293	type="unicast"
55ea0266 MT	294	local arg
	295	for arg in unreachable prohibit blackhole; do
	296	if enabled ${arg}; then
	297	type="${arg}"
	298	break
	299	fi
	300	done
d2021e87 MT	301
	302	# Add the route.
	303	route_entry_add ${network} --table="static" --proto="static" \
	304	--type="${type}" --gateway="${gateway}"
	305	local ret=$?
	306
	307	if [ ${ret} -ne ${EXIT_OK} ]; then
	308	log WARNING "Could not set route '${network}'."
	309	fi
	310	done < ${NETWORK_CONFIG_ROUTES}
	311
	312	# Create a lookup rule for the static routing table.
	313	route_rule_add --lookup="static" --priority=1000
	314	}
	315
	316	function route_entry_add() {
	317	local gateway
	318	local network
	319	local proto
	320	local table
	321	local type="unicast"
	322
	323	local command
	324
	325	while [ $# -gt 0 ]; do
	326	case "${1}" in
	327	--gateway=*)
	328	gateway=$(cli_get_val ${1})
	329	;;
	330	--table=*)
	331	table=$(cli_get_val ${1})
	332	;;
	333	--type=*)
	334	type=$(cli_get_val ${1})
	335	;;
	336	--proto=*)
	337	proto=$(cli_get_val ${1})
	338	;;
	339	*)
	340	if isset network; then
	341	warning "Unrecognized argument: ${1}"
	342	else
	343	network=${1}
	344	fi
	345	;;
	346	esac
	347	shift
	348	done
	349
	350	# Validate input.
	351	assert isoneof type unicast broadcast unreachable prohibit blackhole
	352	assert ip_is_network ${network}
	353
	354	# Detect the protocol of the given network.
	355	local protocol=$(ip_detect_protocol ${network})
	356	case "${protocol}" in
	357	ipv6)
	358	command="ip -6 route add"
	359	;;
	360	ipv4)
	361	command="ip route add"
	362	;;
	363	esac
	364	assert isset command
365
366	# Add type.
367	list_append command "${type}"
368
369	# Add network/prefix.
370	list_append command "${network}"
371
372	if [ "${type}" = "unicast" ]; then
373	assert isset gateway
374	assert ip_is_valid ${gateway}
375
376	list_append command "via ${gateway}"
377	fi
378
379	# Add table (if any).
380	if isset table; then
381	# Create routing table, if it does not exist, yet.
382	route_table_create ${table}
383
384	list_append command "table ${table}"
385	fi
386
387	# Add proto.
388	if isset proto; then
389	list_append command "proto ${proto}"
390	fi
391
392	cmd "${command}"
393	}
394
395	function route_table_create() {
396	local table=${1}
397	assert isset table
398
399	if route_table_exists ${table}; then
400	return ${EXIT_OK}
401	fi
402
403	# Get the next free id.
404	local id=$(_route_table_next_id)
405	assert isset id
406
407	# Write everything to file.
408	print "%d\t%s" "${id}" "${table}" >> /etc/iproute2/rt_tables
409
410	log DEBUG "Created routing table '${table}'."
411
412	return ${EXIT_OK}
413	}
414
415	function _route_table_next_id() {
416	# The Linux kernel is able to manage 255 routing tables (1-255).
417	# This function returns the next free id, starting from 255.
418	local next_id
419
420	for next_id in {255..1}; do
421	if ! route_table_exists --id="${next_id}"; then
422	print "${next_id}"
423	return ${EXIT_OK}
424	fi
425	done
426
427	return ${EXIT_FALSE}
428	}
429
430	function route_table_flush() {
431	local protocol
432	local table
433
434	while [ $# -gt 0 ]; do
435	case "${1}" in
436	--protocol=*)
437	protocol=$(cli_get_val ${1})
438	;;
439	*)
440	table="${1}"
441	;;
442	esac
443	shift
444	done
445
446	# If the table does not exists, there is nothing to
447	# flush.
448	route_table_exists ${table} \|\| return ${EXIT_OK}
449
450	local command
451	local proto
452	for proto in ${IP_SUPPORTED_PROTOCOLS}; do
453	# Skip unwanted protocols.
454	if isset protocol; then
455	[ "${protocol}" = "${proto}" ] \|\| continue
456	fi
457
458	command=""
459	case "${proto}" in
460	ipv6)
461	command="ip -6 route flush"
462	;;
463	ipv4)
464	command="ip route flush"
465	;;
466	esac
467	assert isset command
468
469	list_append command "table ${table}"
470
471	# Execute command.
472	cmd "${command}"
473	done
474
475	return ${EXIT_OK}
476	}
477
478	function route_table_exists() {
479	local _id _table
480
481	while [ $# -gt 0 ]; do
482	case "${1}" in
483	--id=*)
484	_id=$(cli_get_val ${1})
485	;;
486	*)
487	_table=${1}
488	break
489	;;
490	esac
491	shift
492	done
493
494	local id table
495	while read -r id table; do
496	# Skip all comments.
497	[ "${id:0:1}" = "#" ] && continue
498
499	if [ "${_table}" = "${table}" ] \|\| [ "${_id}" = "${id}" ]; then
500	# Found a match.
501	return ${EXIT_TRUE}
502	fi
503	done < /etc/iproute2/rt_tables
504
505	return ${EXIT_FALSE}
506	}
507
508	function route_rule_add() {
509	local priority
510	local protocols=${IP_SUPPORTED_PROTOCOLS}
511	local lookup
512
513	while [ $# -gt 0 ]; do
514	case "${1}" in
515	--lookup=*)
516	lookup=$(cli_get_val ${1})
517	;;
518	--priority=*)
519	priority=$(cli_get_val ${1})
520	;;
521	--protocol=*)
522	protocols=$(cli_get_val ${1})
523
524	assert isoneof protocols ${IP_SUPPORTED_PROTOCOLS}
525	;;
526	*)
527	warning "Unhandled argument: ${1}"
528	;;
529	esac
530	shift
531	done
532
533	local command options
534
535	if isset lookup; then
536	route_table_create ${lookup}
537
538	list_append options "lookup ${lookup}"
539	fi
540
541	if isset priority; then
542	assert isinteger priority
543
544	list_append options "prio ${priority}"
545	fi
546
547	local proto
548	for proto in ${protocols}; do
549	command=
550	case "${proto}" in
551	ipv6)
552	command="ip -6 rule add ${options}"
553	;;
554	ipv4)
555	command="ip rule add ${options}"
556	;;
557	esac
558	assert isset command
559
560	# Skip, if the rule does already exist.
561	route_rule_exists \
562	--protocol=${proto} \
563	--lookup=${lookup} \
564	--priority=${priority} \
565	&& continue
566
567	cmd "${command}"
568	done
569	}
570
571	function route_rule_exists() {
572	local from
573	local lookup
574	local proto
575	local prio
576
577	while [ $# -gt 0 ]; do
578	case "${1}" in
579	--from=*)
580	from=$(cli_get_val ${1})
581	;;
582	--lookup=*)
583	lookup=$(cli_get_val ${1})
584	;;
585	--priority=*)
586	prio=$(cli_get_val ${1})
587	;;
588	--protocol=*)
589	proto=$(cli_get_val ${1})
590	;;
591	*)
592	warning "Unrecognized argument: ${1}"
593	;;
594	esac
595	shift
596	done
597
598	local command
599	case "${proto}" in
600	ipv6)
601	command="ip -6 rule show"
602	;;
603	ipv4)
604	command="ip rule show"
605	;;
606	esac
607	assert isset command
608
609	local _lookup _from _prio
610	local line
611	while read -r line; do
612	_route_rule_exists_parse ${line}
613
614	if isset from; then
615	[ "${from}" = "${_from}" ] \|\| continue
616	fi
617
618	if isset prio; then
619	[ "${prio}" = "${_prio}" ] \|\| continue
620	fi
621
622	if isset lookup; then
623	[ "${lookup}" = "${_lookup}" ] \|\| continue
624	fi
625
626	return ${EXIT_TRUE}
627	done <<< "$(${command})"
628
629	return ${EXIT_FALSE}
630	}
631
632	function _route_rule_exists_parse() {
633	# Reset all variables.
634	_lookup=
635	_from=
636	_prio=
637
638	while [ $# -gt 0 ]; do
639	case "${1}" in
640	lookup)
641	_lookup=${2}
642	shift 2
643	;;
644	from)
645	_from=${2}
646	shift 2
647	;;
648	*:)
649	_prio=${1//:/}
650	shift
651	;;
652	*)
653	# Skip unknown arguments.
654	shift
655	;;
656	esac
657	done
658	}