[people/stevee/network.git] / functions.route

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2012  IPFire Network Development Team                         #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################
#
# Functions for static routing.
#

function route_init() {
	# Apply configured static routes.
	route_apply
}

init_register route_init

function route_add() {
	local ${NETWORK_CONFIG_ROUTES_PARAMS}

	while [ $# -gt 0 ]; do
		case "${1}" in
			--gateway=*)
				gateway=$(cli_get_val ${1})
				;;
			--unreachable)
				unreachable="true"
				;;
			--prohibit)
				prohibit="true"
				;;
			--blackhole)
				blackhole="true"
				;;
			*)
				network=${1}
				;;
		esac
		shift
	done

	assert isset network

	if ! ip_is_valid ${network}; then
		error "The given network is invalid: ${network}"
		return ${EXIT_ERROR}
	fi

	if route_find_duplicate ${network}; then
		error "A route to ${network} does already exist."
		return ${EXIT_ERROR}
	fi

	# Check if gateway and unreachable are both enabled.
	if isset gateway; then
		if enabled unreachable; then
			error "You cannot use both, --gateway=${gateway} and --unreachable at the same time."
			return ${EXIT_ERROR}
		fi

		if enabled prohibit; then
			error "You cannot use both, --gateway=${gateway} and --prohibit at the same time."
			return ${EXIT_ERROR}
		fi

		if enabled blackhole; then
			error "You cannot use both, --gateway=${gateway} and --blackhole at the same time."
			return ${EXIT_ERROR}
		fi

		# Check if network and gateway IP protocol version match.
		if ! ip_is_valid ${gateway}; then
			error "--gateway= is not a valid IP address."
			return ${EXIT_ERROR}
		fi

		local network_proto=$(ip_detect_protocol ${network})
		local gateway_proto=$(ip_detect_protocol ${gateway})

		if [ "${network_proto}" != "${gateway_proto}" ]; then
			error "The IP protocol version of the given network and gateway did not match."
			return ${EXIT_ERROR}
		fi

	else
		local counter=$(list_count true ${unreachable} ${prohibit} ${blackhole})
		if [ ${counter} -gt 1 ]; then
			error "You can only use one of --unreachable, --prohibit or --blackhole."
			return ${EXIT_ERROR}
		fi
	fi

	local line
	list_append line "network=\"${network}\""

	# Add gateway to configuration entry when it is set.
	if isset gateway; then
		list_append line "gateway=\"${gateway}\""
	fi

	# Add unreachable to configuration entry when it is set.
	local arg
	for arg in unreachable prohibit blackhole; do
		if enabled ${arg}; then
			list_append line "${arg}=\"true\""
			break
		fi
	done

	# Write line to file.
	print "${line}" >> ${NETWORK_CONFIG_ROUTES}

	log INFO "New route to network '${network}' has been added."
	return ${EXIT_OK}
}

function route_remove() {
	local _network=${1}
	assert isset _network

	local found="false"

	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	local line
	while read line; do
		route_parse_line ${line}
		[ $? -eq ${EXIT_OK} ] || continue

		# Skip the rule, we want to delete.
		if [ "${network}" = "${_network}" ]; then
			found="true"
			continue
		fi

		print "${line}"
	done < ${NETWORK_CONFIG_ROUTES} > ${NETWORK_CONFIG_ROUTES}.tmp
	mv ${NETWORK_CONFIG_ROUTES}{.tmp,}

	if enabled found; then
		log INFO "Route to network '${_network}' has been removed."
	else
		error "No route to network '${_network}' was found."
		return ${EXIT_ERROR}
	fi

	return ${EXIT_OK}
}

function route_list() {
	local protocol

	while [ $# -gt 0 ]; do
		case "${1}" in
			--protocol=*)
				protocol=$(cli_get_val ${1})
				;;
			*)
				warning "Unrecognized argument: ${1}"
				;;
		esac
		shift
	done

	if [ ! -r "${NETWORK_CONFIG_ROUTES}" ]; then
		print "No static routes defined."
		return ${EXIT_OK}
	fi

	local format="%-40s %-20s"
	print "${format}" "NETWORK/HOST" "GATEWAY"

	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	local line
	while read line; do
		route_parse_line ${line}
		[ $? -eq ${EXIT_OK} ] || continue

		local arg
		for arg in unreachable prohibit blackhole; do
			if enabled ${arg}; then
				gateway="<${arg}>"
				break
			fi
		done

		# Filter all entries with a wrong protocol.
		if isset protocol; then
			local proto=$(ip_detect_protocol ${network})
			[ "${protocol}" = "${proto}" ] || continue
		fi

		print "${format}" "${network}" "${gateway}"
	done < ${NETWORK_CONFIG_ROUTES}
}

function route_find_duplicate() {
	local _network=${1}

	[ -r "${NETWORK_CONFIG_ROUTES}" ] || return ${EXIT_FALSE}

	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	local line
	while read line; do
		route_parse_line ${line}
		[ $? -eq ${EXIT_OK} ] || continue

		# Check if the network is already in use.
		[ "${network}" = "${_network}" ] && return ${EXIT_TRUE}
	done < ${NETWORK_CONFIG_ROUTES}

	return ${EXIT_FALSE}
}

function route_parse_line() {
	local arg

	# Reset all possible settings.
	for arg in ${NETWORK_CONFIG_ROUTES_PARAMS}; do
		printf -v ${arg} "%s" ""
	done

	while read arg; do
		case "${arg}" in
			network=*)
				network=$(cli_get_val ${arg})
				;;
			gateway=*)
				gateway=$(cli_get_val ${arg})
				;;
			unreachable=*)
				unreachable=$(cli_get_val ${arg})
				;;
			prohibit=*)
				prohibit=$(cli_get_val ${arg})
				;;
			blackhole=*)
				blackhole=$(cli_get_val ${arg})
				;;
		esac
	done <<< "$(args $@)"

	### Check if all values are correctly set.

	# network must be set.
	isset network || return ${EXIT_ERROR}

	# network must be a valid.
	ip_is_network ${network} || return ${EXIT_ERROR}

	# Check gateway settings.
	if isset gateway; then
		# When gateway is set, unreachable cannot be set.
		isset unreachable && return ${EXIT_ERROR}

		# Must be a valid IP address.
		ip_is_valid ${gateway} || return ${EXIT_ERROR}
	else
		# Check if exactly one of unreachable, prohibit or blackhole is set.
		local counter=$(list_count true ${unreachable} ${prohibit} ${blackhole})
		[ ${counter} -eq 1 ] || return ${EXIT_ERROR}
	fi

	return ${EXIT_OK}
}

function route_apply() {
	local table="static"
	local type

	log INFO "Applying static routes..."

	# Flush the routing table.
	route_table_flush ${table}

	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	local line
	while read line; do
		route_parse_line ${line}
		[ $? -eq ${EXIT_OK} ] || continue

		type="unicast"
		local arg
		for arg in unreachable prohibit blackhole; do
			if enabled ${arg}; then
				type="${arg}"
				break
			fi
		done

		# Add the route.
		route_entry_add ${network} --table="static" --proto="static" \
			--type="${type}" --gateway="${gateway}"
		local ret=$?

		if [ ${ret} -ne ${EXIT_OK} ]; then
			log WARNING "Could not set route '${network}'."
		fi
	done < ${NETWORK_CONFIG_ROUTES}

	# Create a lookup rule for the static routing table.
	route_rule_add --lookup="static" --priority=1000
}

function route_entry_add() {
	local gateway
	local network
	local proto
	local table
	local type="unicast"

	local command

	while [ $# -gt 0 ]; do
		case "${1}" in
			--gateway=*)
				gateway=$(cli_get_val ${1})
				;;
			--table=*)
				table=$(cli_get_val ${1})
				;;
			--type=*)
				type=$(cli_get_val ${1})
				;;
			--proto=*)
				proto=$(cli_get_val ${1})
				;;
			*)
				if isset network; then
					warning "Unrecognized argument: ${1}"
				else
					network=${1}
				fi
				;;
		esac
		shift
	done

	# Validate input.
	assert isoneof type unicast broadcast unreachable prohibit blackhole
	assert ip_is_network ${network}

	# Detect the protocol of the given network.
	local protocol=$(ip_detect_protocol ${network})
	case "${protocol}" in
		ipv6)
			command="ip -6 route add"
			;;
		ipv4)
			command="ip route add"
			;;
	esac
	assert isset command

	# Add type.
	list_append command "${type}"

	# Add network/prefix.
	list_append command "${network}"

	if [ "${type}" = "unicast" ]; then
		assert isset gateway
		assert ip_is_valid ${gateway}

		list_append command "via ${gateway}"
	fi

	# Add table (if any).
	if isset table; then
		# Create routing table, if it does not exist, yet.
		route_table_create ${table}

		list_append command "table ${table}"
	fi

	# Add proto.
	if isset proto; then
		list_append command "proto ${proto}"
	fi

	cmd "${command}"
}

function route_table_create() {
	local table=${1}
	assert isset table

	if route_table_exists ${table}; then
		return ${EXIT_OK}
	fi

	# Get the next free id.
	local id=$(_route_table_next_id)
	assert isset id

	# Write everything to file.
	print "%d\t%s" "${id}" "${table}" >> /etc/iproute2/rt_tables

	log DEBUG "Created routing table '${table}'."

	return ${EXIT_OK}
}

function _route_table_next_id() {
	# The Linux kernel is able to manage 255 routing tables (1-255).
	# This function returns the next free id, starting from 255.
	local next_id

	for next_id in {255..1}; do
		if ! route_table_exists --id="${next_id}"; then
			print "${next_id}"
			return ${EXIT_OK}
		fi
	done

	return ${EXIT_FALSE}
}

function route_table_flush() {
	local protocol
	local table

	while [ $# -gt 0 ]; do
		case "${1}" in
			--protocol=*)
				protocol=$(cli_get_val ${1})
				;;
			*)
				table="${1}"
				;;
		esac
		shift
	done

	# If the table does not exists, there is nothing to
	# flush.
	route_table_exists ${table} || return ${EXIT_OK}

	local command
	local proto
	for proto in ${IP_SUPPORTED_PROTOCOLS}; do
		# Skip unwanted protocols.
		if isset protocol; then
			[ "${protocol}" = "${proto}" ] || continue
		fi

		command=""
		case "${proto}" in
			ipv6)
				command="ip -6 route flush"
				;;
			ipv4)
				command="ip route flush"
				;;
		esac
		assert isset command

		list_append command "table ${table}"

		# Execute command.
		cmd "${command}"
	done

	return ${EXIT_OK}
}

function route_table_exists() {
	local _id _table

	while [ $# -gt 0 ]; do
		case "${1}" in
			--id=*)
				_id=$(cli_get_val ${1})
				;;
			*)
				_table=${1}
				break
				;;
		esac
		shift
	done

	local id table
	while read -r id table; do
		# Skip all comments.
		[ "${id:0:1}" = "#" ] && continue

		if [ "${_table}" = "${table}" ] || [ "${_id}" = "${id}" ]; then
			# Found a match.
			return ${EXIT_TRUE}
		fi
	done < /etc/iproute2/rt_tables

	return ${EXIT_FALSE}
}

function route_rule_add() {
	local priority
	local protocols=${IP_SUPPORTED_PROTOCOLS}
	local lookup

	while [ $# -gt 0 ]; do
		case "${1}" in
			--lookup=*)
				lookup=$(cli_get_val ${1})
				;;
			--priority=*)
				priority=$(cli_get_val ${1})
				;;
			--protocol=*)
				protocols=$(cli_get_val ${1})

				assert isoneof protocols ${IP_SUPPORTED_PROTOCOLS}
				;;
			*)
				warning "Unhandled argument: ${1}"
				;;
		esac
		shift
	done

	local command options

	if isset lookup; then
		route_table_create ${lookup}

		list_append options "lookup ${lookup}"
	fi

	if isset priority; then
		assert isinteger priority

		list_append options "prio ${priority}"
	fi

	local proto
	for proto in ${protocols}; do
		command=
		case "${proto}" in
			ipv6)
				command="ip -6 rule add  ${options}"
				;;
			ipv4)
				command="ip rule add ${options}"
				;;
		esac
		assert isset command

		# Skip, if the rule does already exist.
		route_rule_exists \
			--protocol=${proto} \
			--lookup=${lookup} \
			--priority=${priority} \
			&& continue

		cmd "${command}"
	done
}

function route_rule_exists() {
	local from
	local lookup
	local proto
	local prio

	while [ $# -gt 0 ]; do
		case "${1}" in
			--from=*)
				from=$(cli_get_val ${1})
				;;
			--lookup=*)
				lookup=$(cli_get_val ${1})
				;;
			--priority=*)
				prio=$(cli_get_val ${1})
				;;
			--protocol=*)
				proto=$(cli_get_val ${1})
				;;
			*)
				warning "Unrecognized argument: ${1}"
				;;
		esac
		shift
	done

	local command
	case "${proto}" in
		ipv6)
			command="ip -6 rule show"
			;;
		ipv4)
			command="ip rule show"
			;;
	esac
	assert isset command

	local _lookup _from _prio
	local line
	while read -r line; do
		_route_rule_exists_parse ${line}

		if isset from; then
			[ "${from}" = "${_from}" ] || continue
		fi

		if isset prio; then
			[ "${prio}" = "${_prio}" ] || continue
		fi

		if isset lookup; then
			[ "${lookup}" = "${_lookup}" ] || continue
		fi

		return ${EXIT_TRUE}
	done <<< "$(${command})"

	return ${EXIT_FALSE}
}

function _route_rule_exists_parse() {
	# Reset all variables.
	_lookup=
	_from=
	_prio=

	while [ $# -gt 0 ]; do
		case "${1}" in
			lookup)
				_lookup=${2}
				shift 2
				;;
			from)
				_from=${2}
				shift 2
				;;
			*:)
				_prio=${1//:/}
				shift
				;;
			*)
				# Skip unknown arguments.
				shift
				;;
		esac
	done
}
Commit	Line	Data
cb965348 MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2012 IPFire Network Development Team #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21	#
	22	# Functions for static routing.
	23	#
	24
d2021e87 MT	25	function route_init() {
	26	# Apply configured static routes.
	27	route_apply
	28	}
	29
	30	init_register route_init
	31
cb965348 MT	32	function route_add() {
	33	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	34
	35	while [ $# -gt 0 ]; do
	36	case "${1}" in
	37	--gateway=*)
	38	gateway=$(cli_get_val ${1})
	39	;;
	40	--unreachable)
	41	unreachable="true"
	42	;;
55ea0266 MT	43	--prohibit)
	44	prohibit="true"
	45	;;
	46	--blackhole)
	47	blackhole="true"
	48	;;
cb965348 MT	49	*)
	50	network=${1}
	51	;;
	52	esac
	53	shift
	54	done
	55
	56	assert isset network
	57
	58	if ! ip_is_valid ${network}; then
	59	error "The given network is invalid: ${network}"
	60	return ${EXIT_ERROR}
	61	fi
	62
	63	if route_find_duplicate ${network}; then
	64	error "A route to ${network} does already exist."
	65	return ${EXIT_ERROR}
	66	fi
	67
	68	# Check if gateway and unreachable are both enabled.
cb965348	69	if isset gateway; then
55ea0266 MT	70	if enabled unreachable; then
	71	error "You cannot use both, --gateway=${gateway} and --unreachable at the same time."
	72	return ${EXIT_ERROR}
	73	fi
	74
	75	if enabled prohibit; then
	76	error "You cannot use both, --gateway=${gateway} and --prohibit at the same time."
	77	return ${EXIT_ERROR}
	78	fi
	79
	80	if enabled blackhole; then
	81	error "You cannot use both, --gateway=${gateway} and --blackhole at the same time."
	82	return ${EXIT_ERROR}
	83	fi
	84
	85	# Check if network and gateway IP protocol version match.
d2021e87 MT	86	if ! ip_is_valid ${gateway}; then
	87	error "--gateway= is not a valid IP address."
	88	return ${EXIT_ERROR}
	89	fi
	90
cb965348 MT	91	local network_proto=$(ip_detect_protocol ${network})
	92	local gateway_proto=$(ip_detect_protocol ${gateway})
	93
	94	if [ "${network_proto}" != "${gateway_proto}" ]; then
	95	error "The IP protocol version of the given network and gateway did not match."
	96	return ${EXIT_ERROR}
	97	fi
55ea0266 MT	98
	99	else
	100	local counter=$(list_count true ${unreachable} ${prohibit} ${blackhole})
	101	if [ ${counter} -gt 1 ]; then
	102	error "You can only use one of --unreachable, --prohibit or --blackhole."
	103	return ${EXIT_ERROR}
	104	fi
cb965348 MT	105	fi
	106
	107	local line
	108	list_append line "network=\"${network}\""
	109
	110	# Add gateway to configuration entry when it is set.
	111	if isset gateway; then
	112	list_append line "gateway=\"${gateway}\""
	113	fi
	114
	115	# Add unreachable to configuration entry when it is set.
55ea0266 MT	116	local arg
	117	for arg in unreachable prohibit blackhole; do
	118	if enabled ${arg}; then
	119	list_append line "${arg}=\"true\""
	120	break
	121	fi
	122	done
cb965348 MT	123
	124	# Write line to file.
	125	print "${line}" >> ${NETWORK_CONFIG_ROUTES}
	126
	127	log INFO "New route to network '${network}' has been added."
	128	return ${EXIT_OK}
	129	}
	130
	131	function route_remove() {
	132	local _network=${1}
	133	assert isset _network
	134
	135	local found="false"
	136
	137	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	138	local line
	139	while read line; do
	140	route_parse_line ${line}
	141	[ $? -eq ${EXIT_OK} ] \|\| continue
	142
	143	# Skip the rule, we want to delete.
	144	if [ "${network}" = "${_network}" ]; then
	145	found="true"
	146	continue
	147	fi
	148
	149	print "${line}"
	150	done < ${NETWORK_CONFIG_ROUTES} > ${NETWORK_CONFIG_ROUTES}.tmp
	151	mv ${NETWORK_CONFIG_ROUTES}{.tmp,}
	152
	153	if enabled found; then
	154	log INFO "Route to network '${_network}' has been removed."
	155	else
	156	error "No route to network '${_network}' was found."
	157	return ${EXIT_ERROR}
	158	fi
	159
	160	return ${EXIT_OK}
	161	}
	162
	163	function route_list() {
	164	local protocol
	165
	166	while [ $# -gt 0 ]; do
	167	case "${1}" in
	168	--protocol=*)
	169	protocol=$(cli_get_val ${1})
	170	;;
	171	*)
	172	warning "Unrecognized argument: ${1}"
	173	;;
	174	esac
	175	shift
	176	done
	177
	178	if [ ! -r "${NETWORK_CONFIG_ROUTES}" ]; then
	179	print "No static routes defined."
	180	return ${EXIT_OK}
	181	fi
	182
	183	local format="%-40s %-20s"
	184	print "${format}" "NETWORK/HOST" "GATEWAY"
	185
	186	local ${NETWORK_CONFIG_ROUTES_PARAMS}
187	local line
188	while read line; do
189	route_parse_line ${line}
190	[ $? -eq ${EXIT_OK} ] \|\| continue
191
55ea0266 MT	192	local arg
	193	for arg in unreachable prohibit blackhole; do
	194	if enabled ${arg}; then
	195	gateway="<${arg}>"
	196	break
	197	fi
	198	done
cb965348 MT	199
	200	# Filter all entries with a wrong protocol.
	201	if isset protocol; then
	202	local proto=$(ip_detect_protocol ${network})
	203	[ "${protocol}" = "${proto}" ] \|\| continue
	204	fi
	205
	206	print "${format}" "${network}" "${gateway}"
	207	done < ${NETWORK_CONFIG_ROUTES}
	208	}
	209
	210	function route_find_duplicate() {
	211	local _network=${1}
	212
	213	[ -r "${NETWORK_CONFIG_ROUTES}" ] \|\| return ${EXIT_FALSE}
	214
	215	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	216	local line
	217	while read line; do
	218	route_parse_line ${line}
d2021e87	219	[ $? -eq ${EXIT_OK} ] \|\| continue
cb965348 MT	220
	221	# Check if the network is already in use.
	222	[ "${network}" = "${_network}" ] && return ${EXIT_TRUE}
	223	done < ${NETWORK_CONFIG_ROUTES}
	224
	225	return ${EXIT_FALSE}
	226	}
	227
	228	function route_parse_line() {
	229	local arg
	230
	231	# Reset all possible settings.
	232	for arg in ${NETWORK_CONFIG_ROUTES_PARAMS}; do
	233	printf -v ${arg} "%s" ""
	234	done
	235
	236	while read arg; do
	237	case "${arg}" in
	238	network=*)
	239	network=$(cli_get_val ${arg})
	240	;;
	241	gateway=*)
	242	gateway=$(cli_get_val ${arg})
	243	;;
	244	unreachable=*)
	245	unreachable=$(cli_get_val ${arg})
	246	;;
55ea0266 MT	247	prohibit=*)
	248	prohibit=$(cli_get_val ${arg})
	249	;;
	250	blackhole=*)
	251	blackhole=$(cli_get_val ${arg})
	252	;;
cb965348 MT	253	esac
	254	done <<< "$(args $@)"
	255
	256	### Check if all values are correctly set.
	257
	258	# network must be set.
	259	isset network \|\| return ${EXIT_ERROR}
	260
	261	# network must be a valid.
	262	ip_is_network ${network} \|\| return ${EXIT_ERROR}
	263
	264	# Check gateway settings.
	265	if isset gateway; then
	266	# When gateway is set, unreachable cannot be set.
	267	isset unreachable && return ${EXIT_ERROR}
	268
	269	# Must be a valid IP address.
	270	ip_is_valid ${gateway} \|\| return ${EXIT_ERROR}
	271	else
55ea0266 MT	272	# Check if exactly one of unreachable, prohibit or blackhole is set.
	273	local counter=$(list_count true ${unreachable} ${prohibit} ${blackhole})
	274	[ ${counter} -eq 1 ] \|\| return ${EXIT_ERROR}
cb965348 MT	275	fi
	276
	277	return ${EXIT_OK}
	278	}
d2021e87 MT	279
	280	function route_apply() {
	281	local table="static"
	282	local type
	283
6cb149c5 MT	284	log INFO "Applying static routes..."
6cb149c5 MT	285
d2021e87 MT	286	# Flush the routing table.
	287	route_table_flush ${table}
	288
	289	local ${NETWORK_CONFIG_ROUTES_PARAMS}
	290	local line
	291	while read line; do
	292	route_parse_line ${line}
	293	[ $? -eq ${EXIT_OK} ] \|\| continue
	294
	295	type="unicast"
55ea0266 MT	296	local arg
	297	for arg in unreachable prohibit blackhole; do
	298	if enabled ${arg}; then
	299	type="${arg}"
	300	break
	301	fi
	302	done
d2021e87 MT	303
	304	# Add the route.
	305	route_entry_add ${network} --table="static" --proto="static" \
	306	--type="${type}" --gateway="${gateway}"
	307	local ret=$?
	308
	309	if [ ${ret} -ne ${EXIT_OK} ]; then
	310	log WARNING "Could not set route '${network}'."
	311	fi
	312	done < ${NETWORK_CONFIG_ROUTES}
	313
	314	# Create a lookup rule for the static routing table.
	315	route_rule_add --lookup="static" --priority=1000
	316	}
	317
	318	function route_entry_add() {
	319	local gateway
	320	local network
	321	local proto
	322	local table
	323	local type="unicast"
	324
	325	local command
	326
	327	while [ $# -gt 0 ]; do
	328	case "${1}" in
	329	--gateway=*)
	330	gateway=$(cli_get_val ${1})
	331	;;
	332	--table=*)
	333	table=$(cli_get_val ${1})
	334	;;
	335	--type=*)
	336	type=$(cli_get_val ${1})
	337	;;
	338	--proto=*)
	339	proto=$(cli_get_val ${1})
	340	;;
	341	*)
	342	if isset network; then
	343	warning "Unrecognized argument: ${1}"
	344	else
	345	network=${1}
	346	fi
	347	;;
	348	esac
	349	shift
	350	done
	351
	352	# Validate input.
	353	assert isoneof type unicast broadcast unreachable prohibit blackhole
	354	assert ip_is_network ${network}
	355
	356	# Detect the protocol of the given network.
	357	local protocol=$(ip_detect_protocol ${network})
	358	case "${protocol}" in
	359	ipv6)
	360	command="ip -6 route add"
	361	;;
	362	ipv4)
	363	command="ip route add"
	364	;;
	365	esac
	366	assert isset command
367
368	# Add type.
369	list_append command "${type}"
370
371	# Add network/prefix.
372	list_append command "${network}"
373
374	if [ "${type}" = "unicast" ]; then
375	assert isset gateway
376	assert ip_is_valid ${gateway}
377
378	list_append command "via ${gateway}"
379	fi
380
381	# Add table (if any).
382	if isset table; then
383	# Create routing table, if it does not exist, yet.
384	route_table_create ${table}
385
386	list_append command "table ${table}"
387	fi
388
389	# Add proto.
390	if isset proto; then
391	list_append command "proto ${proto}"
392	fi
393
394	cmd "${command}"
395	}
396
397	function route_table_create() {
398	local table=${1}
399	assert isset table
400
401	if route_table_exists ${table}; then
402	return ${EXIT_OK}
403	fi
404
405	# Get the next free id.
406	local id=$(_route_table_next_id)
407	assert isset id
408
409	# Write everything to file.
410	print "%d\t%s" "${id}" "${table}" >> /etc/iproute2/rt_tables
411
412	log DEBUG "Created routing table '${table}'."
413
414	return ${EXIT_OK}
415	}
416
417	function _route_table_next_id() {
418	# The Linux kernel is able to manage 255 routing tables (1-255).
419	# This function returns the next free id, starting from 255.
420	local next_id
421
422	for next_id in {255..1}; do
423	if ! route_table_exists --id="${next_id}"; then
424	print "${next_id}"
425	return ${EXIT_OK}
426	fi
427	done
428
429	return ${EXIT_FALSE}
430	}
431
432	function route_table_flush() {
433	local protocol
434	local table
435
436	while [ $# -gt 0 ]; do
437	case "${1}" in
438	--protocol=*)
439	protocol=$(cli_get_val ${1})
440	;;
441	*)
442	table="${1}"
443	;;
444	esac
445	shift
446	done
447
448	# If the table does not exists, there is nothing to
449	# flush.
450	route_table_exists ${table} \|\| return ${EXIT_OK}
451
452	local command
453	local proto
454	for proto in ${IP_SUPPORTED_PROTOCOLS}; do
455	# Skip unwanted protocols.
456	if isset protocol; then
457	[ "${protocol}" = "${proto}" ] \|\| continue
458	fi
459
460	command=""
461	case "${proto}" in
462	ipv6)
463	command="ip -6 route flush"
464	;;
465	ipv4)
466	command="ip route flush"
467	;;
468	esac
469	assert isset command
470
471	list_append command "table ${table}"
472
473	# Execute command.
474	cmd "${command}"
475	done
476
477	return ${EXIT_OK}
478	}
479
480	function route_table_exists() {
481	local _id _table
482
483	while [ $# -gt 0 ]; do
484	case "${1}" in
485	--id=*)
486	_id=$(cli_get_val ${1})
487	;;
488	*)
489	_table=${1}
490	break
491	;;
492	esac
493	shift
494	done
495
496	local id table
497	while read -r id table; do
498	# Skip all comments.
499	[ "${id:0:1}" = "#" ] && continue
500
501	if [ "${_table}" = "${table}" ] \|\| [ "${_id}" = "${id}" ]; then
502	# Found a match.
503	return ${EXIT_TRUE}
504	fi
505	done < /etc/iproute2/rt_tables
506
507	return ${EXIT_FALSE}
508	}
509
510	function route_rule_add() {
511	local priority
512	local protocols=${IP_SUPPORTED_PROTOCOLS}
513	local lookup
514
515	while [ $# -gt 0 ]; do
516	case "${1}" in
517	--lookup=*)
518	lookup=$(cli_get_val ${1})
519	;;
520	--priority=*)
521	priority=$(cli_get_val ${1})
522	;;
523	--protocol=*)
524	protocols=$(cli_get_val ${1})
525
526	assert isoneof protocols ${IP_SUPPORTED_PROTOCOLS}
527	;;
528	*)
529	warning "Unhandled argument: ${1}"
530	;;
531	esac
532	shift
533	done
534
535	local command options
536
537	if isset lookup; then
538	route_table_create ${lookup}
539
540	list_append options "lookup ${lookup}"
541	fi
542
543	if isset priority; then
544	assert isinteger priority
545
546	list_append options "prio ${priority}"
547	fi
548
549	local proto
550	for proto in ${protocols}; do
551	command=
552	case "${proto}" in
553	ipv6)
554	command="ip -6 rule add ${options}"
555	;;
556	ipv4)
557	command="ip rule add ${options}"
558	;;
559	esac
560	assert isset command
561
562	# Skip, if the rule does already exist.
563	route_rule_exists \
564	--protocol=${proto} \
565	--lookup=${lookup} \
566	--priority=${priority} \
567	&& continue
568
569	cmd "${command}"
570	done
571	}
572
573	function route_rule_exists() {
574	local from
575	local lookup
576	local proto
577	local prio
578
579	while [ $# -gt 0 ]; do
580	case "${1}" in
581	--from=*)
582	from=$(cli_get_val ${1})
583	;;
584	--lookup=*)
585	lookup=$(cli_get_val ${1})
586	;;
587	--priority=*)
588	prio=$(cli_get_val ${1})
589	;;
590	--protocol=*)
591	proto=$(cli_get_val ${1})
592	;;
593	*)
594	warning "Unrecognized argument: ${1}"
595	;;
596	esac
597	shift
598	done
599
600	local command
601	case "${proto}" in
602	ipv6)
603	command="ip -6 rule show"
604	;;
605	ipv4)
606	command="ip rule show"
607	;;
608	esac
609	assert isset command
610
611	local _lookup _from _prio
612	local line
613	while read -r line; do
614	_route_rule_exists_parse ${line}
615
616	if isset from; then
617	[ "${from}" = "${_from}" ] \|\| continue
618	fi
619
620	if isset prio; then
621	[ "${prio}" = "${_prio}" ] \|\| continue
622	fi
623
624	if isset lookup; then
625	[ "${lookup}" = "${_lookup}" ] \|\| continue
626	fi
627
628	return ${EXIT_TRUE}
629	done <<< "$(${command})"
630
631	return ${EXIT_FALSE}
632	}
633
634	function _route_rule_exists_parse() {
635	# Reset all variables.
636	_lookup=
637	_from=
638	_prio=
639
640	while [ $# -gt 0 ]; do
641	case "${1}" in
642	lookup)
643	_lookup=${2}
644	shift 2
645	;;
646	from)
647	_from=${2}
648	shift 2
649	;;
650	*:)
651	_prio=${1//:/}
652	shift
653	;;
654	*)
655	# Skip unknown arguments.
656	shift
657	;;
658	esac
659	done
660	}