route: Add prohibit and blackhole routes.

diff --git a/functions.constants b/functions.constants
index 1fcc3a7d67a3433f3633dd892ea6eb1a978de6a5..0165fc729186a333016fff5d380e91b0c487260f 100644 (file)
--- a/functions.constants
+++ b/functions.constants
@@ -45,7 +45,7 @@ DB_CONNECTION_FILE="${LOG_DIR}/connections.db"
 
 # (Static) route settings.
 NETWORK_CONFIG_ROUTES="${NETWORK_CONFIG_DIR}/routes"
-NETWORK_CONFIG_ROUTES_PARAMS="network gateway unreachable"
+NETWORK_CONFIG_ROUTES_PARAMS="network gateway unreachable prohibit blackhole"
 
 # Proper error codes
 EXIT_OK=0

diff --git a/functions.list b/functions.list
index bf5ab0e3c03bd97c8341065593e55314e6e753fb..2308b1e9b9ac1145959971be5a5166bdbccc977c 100644 (file)
--- a/functions.list
+++ b/functions.list
@@ -81,3 +81,20 @@ function list_length() {
 
        print "${length}"
 }
+
+# Count how often $1 occurs in the list.
+function list_count() {
+       local what=${1}
+       shift
+
+       local counter=0
+
+       local arg
+       for arg in $@; do
+               if [ "${arg}" = "${what}" ]; then
+                       counter=$(( ${counter} + 1 ))
+               fi
+       done
+
+       print "${counter}"
+}

diff --git a/functions.route b/functions.route
index 8cac6ed1e5acc23d05d18a1f466dbeb0c0212347..6648e3e2decd30575c35b541eacb7b3974b64ef6 100644 (file)
--- a/functions.route
+++ b/functions.route
@@ -40,6 +40,12 @@ function route_add() {
                        --unreachable)
                                unreachable="true"
                                ;;
+                       --prohibit)
+                               prohibit="true"
+                               ;;
+                       --blackhole)
+                               blackhole="true"
+                               ;;
                        *)
                                network=${1}
                                ;;
@@ -60,13 +66,23 @@ function route_add() {
        fi
 
        # Check if gateway and unreachable are both enabled.
-       if isset gateway && enabled unreachable; then
-               error "You cannot use both, --gateway=${gateway} and --unreachable at the same time."
-               return ${EXIT_ERROR}
-       fi
-
-       # Check if network and gateway IP protocol version match.
        if isset gateway; then
+               if enabled unreachable; then
+                       error "You cannot use both, --gateway=${gateway} and --unreachable at the same time."
+                       return ${EXIT_ERROR}
+               fi
+
+               if enabled prohibit; then
+                       error "You cannot use both, --gateway=${gateway} and --prohibit at the same time."
+                       return ${EXIT_ERROR}
+               fi
+
+               if enabled blackhole; then
+                       error "You cannot use both, --gateway=${gateway} and --blackhole at the same time."
+                       return ${EXIT_ERROR}
+               fi
+
+               # Check if network and gateway IP protocol version match.
                if ! ip_is_valid ${gateway}; then
                        error "--gateway= is not a valid IP address."
                        return ${EXIT_ERROR}
@@ -79,6 +95,13 @@ function route_add() {
                        error "The IP protocol version of the given network and gateway did not match."
                        return ${EXIT_ERROR}
                fi
+
+       else
+               local counter=$(list_count true ${unreachable} ${prohibit} ${blackhole})
+               if [ ${counter} -gt 1 ]; then
+                       error "You can only use one of --unreachable, --prohibit or --blackhole."
+                       return ${EXIT_ERROR}
+               fi
        fi
 
        local line
@@ -90,9 +113,13 @@ function route_add() {
        fi
 
        # Add unreachable to configuration entry when it is set.
-       if enabled unreachable; then
-               list_append line "unreachable=\"true\""
-       fi
+       local arg
+       for arg in unreachable prohibit blackhole; do
+               if enabled ${arg}; then
+                       list_append line "${arg}=\"true\""
+                       break
+               fi
+       done
 
        # Write line to file.
        print "${line}" >> ${NETWORK_CONFIG_ROUTES}
@@ -162,9 +189,13 @@ function route_list() {
                route_parse_line ${line}
                [ $? -eq ${EXIT_OK} ] || continue
 
-               if enabled unreachable; then
-                       gateway="<unreachable>"
-               fi
+               local arg
+               for arg in unreachable prohibit blackhole; do
+                       if enabled ${arg}; then
+                               gateway="<${arg}>"
+                               break
+                       fi
+               done
 
                # Filter all entries with a wrong protocol.
                if isset protocol; then
@@ -213,6 +244,12 @@ function route_parse_line() {
                        unreachable=*)
                                unreachable=$(cli_get_val ${arg})
                                ;;
+                       prohibit=*)
+                               prohibit=$(cli_get_val ${arg})
+                               ;;
+                       blackhole=*)
+                               blackhole=$(cli_get_val ${arg})
+                               ;;
                esac
        done <<< "$(args $@)"
 
@@ -232,8 +269,9 @@ function route_parse_line() {
                # Must be a valid IP address.
                ip_is_valid ${gateway} || return ${EXIT_ERROR}
        else
-               # Either gateway or unreachable must be set.
-               isset unreachable || return ${EXIT_ERROR}
+               # Check if exactly one of unreachable, prohibit or blackhole is set.
+               local counter=$(list_count true ${unreachable} ${prohibit} ${blackhole})
+               [ ${counter} -eq 1 ] || return ${EXIT_ERROR}
        fi
 
        return ${EXIT_OK}
@@ -253,9 +291,13 @@ function route_apply() {
                [ $? -eq ${EXIT_OK} ] || continue
 
                type="unicast"
-               if enabled unreachable; then
-                       type="unreachable"
-               fi
+               local arg
+               for arg in unreachable prohibit blackhole; do
+                       if enabled ${arg}; then
+                               type="${arg}"
+                               break
+                       fi
+               done
 
                # Add the route.
                route_entry_add ${network} --table="static" --proto="static" \