#!/bin/bash
#

# Copyright (C) 2011, 2012, 2013 Google Inc.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
# EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

# Allow overriding for tests
readonly LOCALSTATEDIR=${LOCALSTATEDIR:-${GANETI_ROOTDIR:-}/var}
readonly SYSCONFDIR=${SYSCONFDIR:-${GANETI_ROOTDIR:-}/etc}

readonly PKGLIBDIR=/usr/lib/ganeti
readonly LOG_DIR="$LOCALSTATEDIR/log/ganeti"
readonly RUN_DIR="$LOCALSTATEDIR/run/ganeti"
readonly DATA_DIR="$LOCALSTATEDIR/lib/ganeti"
readonly CONF_DIR="$SYSCONFDIR/ganeti"

readonly GANETI_TAP="gnt.com"

function check {
  if [ -z "$INTERFACE" ]; then
    echo "No network interface specified"
    exit 1
  fi

  if [ -z "$MODE" ]; then
    echo "MODE not specified"
    exit 1
  fi
}

function is_instance_communication_tap {
  COMMUNICATION=$(echo "$INTERFACE" | cut -d "." -f 1-2)

  if [ "$MODE" = "routed" -a "$COMMUNICATION" = "$GANETI_TAP" ]
  then
    return 0
  else
    return 1
  fi
}

function fix_mac {
  # Fix the autogenerated MAC to have the first octet set to "fe"
  # to discourage the bridge from using the TAP dev's MAC
  FIXED_MAC=$(ip link show $INTERFACE | \
    awk '{if ($1 == "link/ether") printf("fe%s",substr($2,3,15))}')
  # in case of a vif (xen_netback device) this action is not allowed
  ip link set $INTERFACE address $FIXED_MAC || true
}

function log_info() {
  echo "${@}" >&2
  logger -p local1.info -t ${0}[$$] -- "${@}"
}

function bridge_vlan_add {
  local VID="${1}"
  shift

  # when the VID is in use by traditional VLAN interface, then the
  # tap on the VLAN aware bridge will not receive traffic
  if [ -r /proc/net/vlan/config ]; then
    local vlan_interface="$(awk -F '[| ]*' -v vlan="^${VID}$" 'match($2, vlan) { print $1 }' /proc/net/vlan/config)"
    local lower_devs="$(awk -F '[| ]*' -v vlan="^${VID}$" 'match($2, vlan) { print $3 }' /proc/net/vlan/config)"
    if [ -n "${vlan_interface}" ]; then
      for i in ${lower_devs}; do
        # allow bridge stacking and vlan overlap for veth devices
        if [ "$(ip -o link show dev ${i} type veth | wc -l)" -ne 1 ]; then
          echo "VLAN ${VID} is in use by lower interface ${i}"
          exit 1
        fi
      done
    fi
  fi

  # add the VLAN to the tap
  # $@ is either empty or contains "pvid untagged"
  bridge vlan add dev ${INTERFACE} vid ${VID} "${@}" master
  # add the VLAN to the bridge uplinks
  local uplink
  for uplink in ${BRIDGE_UPLINKS}; do
    log_info "configuring VLAN ${VID} on interface ${uplink} (reason: instance ${INSTANCE})"
    bridge vlan add dev ${uplink} vid ${VID} master
  done
}

function setup_bridge_vlan_aware {
  # enforce the admin to configure vlan filtering explicit
  if [ $(</sys/class/net/${LINK}/bridge/vlan_filtering) -ne 1 ]; then
    echo "Instance ${INSTANCE} NIC ${INTERFACE_INDEX} configured for VLAN support, but bridge ${LINK} has VLAN filtering disabled"
    exit 1
  fi

  # VLANs must be added one by one to the bridge's uplink ports
  # find them once here
  local i dev
  BRIDGE_UPLINKS=""
  for i in /sys/class/net/${LINK}/lower_*; do
    dev=${i#/sys/class/net/${LINK}/lower_}
    case ${dev} in
      tap*) :;;
      *)    BRIDGE_UPLINKS="${BRIDGE_UPLINKS} ${dev}";;
    esac
  done

  # array of VLANs to number them
  local VLANS=( ${VLAN//:/ } )
  local i
  # loop over array keys
  for i in "${!VLANS[@]}"; do
    # handle the first VLAN special
    if [ ${i} -eq 0 ]; then
      # does not start with a colon? -> must be untagged (access or hybrid)
      if [ "${VLAN:0:1}" != ":" ]; then
        bridge_vlan_add ${VLANS[$i]#.} pvid untagged
      else
        bridge_vlan_add ${VLANS[$i]}
      fi
    # all other VLANs are tagged
    else
      bridge_vlan_add ${VLANS[$i]}
    fi
  done
}

function setup_bridge {
  if [ "$MODE" = "bridged" ]; then
    fix_mac
    ip link set $INTERFACE up
    ip link set $INTERFACE mtu $(</sys/class/net/${LINK}/mtu)

    # Connect the interface to the bridge
    ip link set $INTERFACE master $LINK

    # VLAN aware bridge?
    # https://developers.redhat.com/blog/2017/09/14/vlan-filter-support-on-bridge/
    if [ -n "${VLAN}" ]; then
      setup_bridge_vlan_aware
    fi
  fi
}

function setup_ovs {
  if [ "$MODE" = "openvswitch" ]; then
    # Remove stale port
    ovs-vsctl del-port $INTERFACE || true
    # Bring interface up
    ip link set $INTERFACE up
    # Add port
    ovs-vsctl add-port ${LINK} $INTERFACE
    # Set up access port
    # From gnt-instance man page vlan should be either .VLAN_ID or VLAN_ID
    ACPORT=${VLAN%%:*}  # remove any trunk info
    [ -n "$ACPORT" ] && ovs-vsctl set port $INTERFACE tag=${ACPORT#.}
    # Set up trunk port
    # From gnt-instance man page vlan should be :VLAN_ID[:VLAN_ID2..]
    TRUNKS=${VLAN#.*:}  # remove any access info
    TRUNKS=${TRUNKS#:}  # remove leading ':', if still present
    [ -n "$TRUNKS" ] && ovs-vsctl set port $INTERFACE trunks=${TRUNKS//:/,}

  fi
}

function setup_route {
  if [ "$MODE" = "routed" ]; then
    ip link set $INTERFACE up

    if [ -z "$IP" ]; then
      echo "Routed NIC but no IP address specified"
      exit 1
    fi

    # Route traffic targeted at the IP to the interface
    if [ -n "$LINK" ]; then
      while ip rule del dev $INTERFACE; do :; done
      ip rule add dev $INTERFACE table $LINK
      ip route replace $IP table $LINK proto static dev $INTERFACE

    else
      ip route replace $IP proto static dev $INTERFACE
    fi

    # Allow routing and arp proxying, or ndp proxying (IPv6)
    if [ -d "/proc/sys/net/ipv4/conf/$INTERFACE" ]; then
      echo 1 > /proc/sys/net/ipv4/conf/$INTERFACE/proxy_arp
      echo 1 > /proc/sys/net/ipv4/conf/$INTERFACE/forwarding
    fi

    if [ -d "/proc/sys/net/ipv6/conf/$INTERFACE" ]; then
      echo 1 > /proc/sys/net/ipv6/conf/$INTERFACE/proxy_ndp
      echo 1 > /proc/sys/net/ipv6/conf/$INTERFACE/forwarding
    fi
  fi
}
