#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2018  IPFire Network Development Team                         #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

BIRD_CONF="/etc/bird.conf"

bird_start() {
	service_start "bird.service"
}

bird_stop() {
	service_stop "bird.service"
}

bird_reload() {
	service_reload "bird.service"
}

# Update configuration any apply it in one go
bird_update() {
	if ! bird_generate_config; then
		log ERROR "Could not write Bird configuration"
		return ${EXIT_ERROR}
	fi

	# Reload bird
	bird_reload
}

bird_generate_config() {
	log DEBUG "Write BIRD configuration file"

	# Write header
	config_header "bird" > ${BIRD_CONF}

	# Write some basic settings
	local proto
	(
		print "# Log everything to syslog"
		print "log syslog all;"
		print

		print "# Turn on internal watchdog"
		print "watchdog warning 5s;"
		print "watchdog timeout 30s;"
		print

		print "# Define default route tables"
		print "ipv6 table master6;"
		print "ipv4 table master4;"

		print "# Enable device configuration"
		print "protocol device {}"
		print

		print "# Export all routes to kernel"
		for proto in ${IP_SUPPORTED_PROTOCOLS}; do
			print "protocol kernel {"
			print "	${proto} {"
			print "		table ${proto/ipv/master};"
			print "		export all;"
			print "	};"
			print "	learn;"
			print "}"
			print
		done
	) >> ${BIRD_CONF}

	# Static routes
	for proto in ${IP_SUPPORTED_PROTOCOLS}; do
		print "protocol static {"
		print "	${proto};"
		print

		# Read routes for this protocol from configuration
		__bird_static_routes "${proto}"

		print "}"
		print
	done >> ${BIRD_CONF}

	# Write IPv6 Router Advertisement configuration
	__bird_ipv6_radv >> ${BIRD_CONF}
}

__bird_static_routes() {
	local proto="${1}"
	assert isset proto

	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	local line
	while read line; do
		route_parse_line "${line}"
		[ $? -eq ${EXIT_OK} ] || continue

		local type
		local arg
		for arg in unreachable prohibit blackhole; do
			if enabled "${arg}"; then
				type="${arg}"
				break
			fi
		done

		# Skip all routes of another protocol
		local _proto="$(ip_detect_protocol "${network}")"
		if [ "${proto}" != "${_proto}" ]; then
			continue
		fi

		case "${type}" in
			unreachable|prohibit|blackhole)
				print "	route ${network} ${type};"
				;;

			*)
				print "	route ${network} via ${gateway};"
				;;
		esac
	done < ${NETWORK_CONFIG_ROUTES}
}

__bird_ipv6_radv() {
	print "protocol radv {"

	local zone
	for zone in $(zones_get_local); do
		log DEBUG "Writing bird radv configuration for ${zone}"

		# Skip if there is no prefix or prefix is link-local.
		local addr="$(db_get "${zone}/ipv6/local-ip-address")"
		if [ -z "${addr}" ] || [ "${addr:0:5}" = "fe80:" ]; then
			continue
		fi

		# Check if the subnet is configured by the DHCP server.
		local dhcp="false"
		local prefix="$(ipv6_get_network "${addr}")"
		if isset prefix && dhcpd_subnet_match ipv6 "${prefix}"; then
			dhcp="true"
		fi

		print "	interface \"${zone}\" {"
			# Failover to other routers within 10s
			print "		max ra interval 10;"

			# Tell clients we are running DHCP
			if enabled dhcp; then
				print "		managed yes;"
				print "		other config yes;"
			fi

			if device_exists "${zone}"; then
				# Announce link MTU
				local mtu="$(device_get_mtu "${zone}")"
				print "		link mtu ${mtu};"
			fi

			print # empty line

			# Announce all prefixes
			print "		prefix ::/0 {"

			if enabled dhcp; then
				print "			autonomous off;"
			fi

			print "		};"
		print "	};\n"
	done

	# Advertise any DNS servers
	if enabled DNS_ADVERTISE_SERVERS; then
		# Get a list of all IPv6 name servers
		local servers=()
		local server
		for server in $(dns_server_list_sorted); do
			# Skip any non-IPv6 servers
			ipv6_is_valid "${server}" || continue

			servers+=( "${server}" )
		done

		if isset servers; then
			print "	rdnss {"

			local server
			for server in ${servers}; do
				print "		ns ${server};"
			done

			print "	};"
		fi
	fi

	# DNS Search Domain
	print "	dnssl {"

	local domain
	for domain in $(dns_get_search_domains); do
		print "		domain \"${domain}\";"
	done

	print "	};"

	print "}\n"
}