misc: setup_routing.sh : read config file from api/gen_conf.php and apply routing

Crude version that does not disable routing on suspend or cancel.

1 files changed, 123 insertions, 0 deletions

diff --git a/misc/setup_routing.sh b/misc/setup_routing.sh
new file mode 100755
index 0000000..730e036
--- /dev/null
+++ b/misc/setup_routing.sh
@@ -0,0 +1,123 @@
+#!/bin/bash
+CONFFILE=/root/config_adt.bkp.sh
+if [ $# -gt 0 ]
+then	export DRY=echo
+fi
+
+function nettoyage_nat() {
+	ip4_public=$1
+
+	ip addr show dev lo | grep -q "$ip4_public/32" && $DRY ip addr del $ip4_public/32 dev lo
+
+	deleted=0
+	ruleno_pre=$(iptables -t nat -L PREROUTING -n --line-numbers | grep " $ip4_public " | cut -d' ' -f1 | head -n1)
+	if [ -n "$ruleno_pre" ]
+	then	$DRY iptables -t nat -D PREROUTING $ruleno_pre
+		deleted=1
+	fi
+	ruleno_post=$(iptables -t nat -L POSTROUTING -n --line-numbers | grep -E "to:$ip4_public$" | cut -d' ' -f1 | head -n1)
+	if [ -n "$ruleno_post" ]
+	then	$DRY iptables -t nat -D POSTROUTING $ruleno_post
+		deleted=1
+	fi
+	if [ $deleted -eq 1 ]
+	then	$DRY conntrack -L -q $ip4_public
+	fi
+}
+
+function activation_nat() {
+	ip4_nexthop=$1
+	ip4_public=$2
+
+	ip addr show dev lo | grep -q "$ip4_public/32" || $DRY ip addr add $ip4_public/32 dev lo
+
+	iptables -t nat -L PREROUTING -n --line-numbers | grep -E "to:$ip4_nexthop$" -q \
+	|| $DRY iptables -t nat -A PREROUTING -d $ip4_public -j DNAT --to-destination $ip4_nexthop
+
+	iptables -t nat -L POSTROUTING -n --line-numbers | grep " $ip4_nexthop " -q \
+	|| $DRY iptables -t nat -A POSTROUTING -s $ip4_nexthop -j SNAT --to-source $ip4_public
+}
+
+# Appelé pour chaque service à router
+function do_conf() {
+	dev=eth1
+	svc_etat=$1
+	svc_id=$2
+	ip4_nexthop=$3
+	ip4_public=$4
+	ip6_nexthop=$5
+	ip6_prefix=$6
+	mac_nexthop=$7
+	
+	# Référencer les IP du service en cours de configuration dans le fichiers hosts (résolutions DNS locales)
+	(
+		[ "$ip4_nexthop" != "-" ] && printf '%-22s %s\n' ${ip4_nexthop} ${svc_id}.nh4
+		[ "$ip6_nexthop" != "-" ] && printf '%-22s %s\n' ${ip6_nexthop} ${svc_id}.nh6
+		[ "$ip4_public" != "-" ] && printf '%-22s %s\n' ${ip4_public} ${svc_id}.ip4
+		[ "$ip6_prefix" != "-" ] && printf '%-22s %s\n' ${ip6_prefix}1 ${svc_id}.ip6
+	) >> /etc/hosts.adt
+
+	# Ajouter des entrées statiques dans /etc/ethers pour la table ARP (économie broadcast + changements IP WAN)
+	if [ "$mac_nexthop" != "-" -a "$mac_nexthop" != "" ]
+	then	if [ "$ip4_nexthop" != "-" ]
+		then	echo $mac_nexthop $ip4_nexthop >> /etc/ethers.adt
+		else	if [ "$ip4_public" != "-" ]
+			then	echo $mac_nexthop $ip4_public >> /etc/ethers.adt
+			fi
+		fi
+	fi
+
+	case $svc_etat in
+		actif)
+			# Cas CHD OpenWRT sans NAT
+			if [ ${ip4_nexthop} = "-" ]
+			then	
+				echo $svc_id CHD no NAT
+				# Nettoyage NAT éventuel
+				nettoyage_nat $ip4_public
+
+				# CHD IPv4 Internet -> ADT
+				$DRY ip -4 route replace $ip4_public/32 dev $dev
+
+				# CHD IPv6 Internet -> ADT
+				if [ $ip6_prefix != "-" -a $ip6_nexthop != "-" ]
+				then	$DRY ip -6 route replace $ip6_prefix/56 via $ip6_nexthop dev $dev
+				fi
+			else
+				# Cas CHD avec NAT (OpenWRT natté ou firmware TP-Link)
+				echo $svc_id CHD with NAT
+
+				# CHD IPv4 NAT Internet <-> ADT
+				activation_nat $ip4_nexthop $ip4_public
+
+				# CHD IPv6 Internet -> ADT
+				if [ $ip6_prefix != "-" -a $ip6_nexthop != "-" ]
+				then	$DRY ip -6 route replace $ip6_prefix/56 via $ip6_nexthop dev $dev
+				fi
+			fi
+
+		;;
+		resilie)
+			echo "Attention, durant la migration les resilies sont a decabler manuellement"
+			echo "-> $*"
+		;;
+	esac
+}
+
+#function main() {
+
+	# Initialise
+	> /etc/hosts.adt
+	> /etc/ethers.adt
+
+	# Met en place la conf de chaque adherent
+	source $CONFFILE
+
+	# Finalise
+	cat /etc/hosts.system /etc/hosts.adt > /etc/hosts
+	cat /etc/ethers.system /etc/ethers.adt > /etc/ethers
+	$DRY ip route flush cache
+	$DRY arp -f /etc/ethers
+	exit 0
+#}
+