#!/bin/bash

# Copyright 2016 Midokura SARL
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

set -e
set -x

FIP=<%= @fip %>
NIC=<%= @nic %>
EDGE_ROUTER=<%= @edge_router %>
VETH0_IP=<%= @veth0_ip %>
VETH1_IP=<%= @veth1_ip %>
VETH_NETWORK=<%= @veth_network %>
HOSTNAME=<%= @myhostname %>
MASQUERADE_ON=<%= @masquerade %>

HOST_ID=$(midonet-cli -A -e host list | grep ${HOSTNAME} | awk '{ print $2 }')
BINDING=$(midonet-cli -A -e host ${HOST_ID} list binding interface veth1)

# Create veth pair
if [ -z "$(ip l | /bin/grep -e veth0 -e veth1)" ]; then
  ip link add type veth
  echo "Succesfully created veth pair"
fi

ip link set dev veth0 up
ip link set dev veth1 up

# Create a bridge, set an IP address and attach veth0
if [ -z "$(ip l | /bin/grep -e uplinkbridge)" ]; then
  brctl addbr uplinkbridge
fi

if [ -z "$(brctl show | /bin/grep uplinkbridge | head -n1 | grep veth0)" ]; then
  brctl addif uplinkbridge veth0
  echo "ZzZ..."
  sleep 3
fi

IP_NETNL=$(echo ${VETH_NETWORK} | cut -d'/' -f2)
if [ -z "$(ip a | grep ${VETH0_IP})" ]; then
  ip addr add ${VETH0_IP}/$(echo ${IP_NETNL} | cut -d'/' -f2) dev uplinkbridge
  echo "ZzZ..."
  sleep 3
fi


ip link set dev uplinkbridge up

echo "ZzZ..."
sleep 3

# Enable IPv4 forwarding
sysctl -w net.ipv4.ip_forward=1

# Route packets towards floating IP network through the bridge
if [ -z "$(ip route | /bin/grep "${FIP} via ${VETH1_IP}")" ]; then
  ip route add ${FIP} via ${VETH1_IP}
  echo "Succesfully added route to send packets on the bridge"
fi

# Create a port on the edge router and bind it to the veth pair
ROUTER_ID=$(midonet-cli -A -e router list | grep ${EDGE_ROUTER} | awk '{ print $2 }')

while [ -z $(midonet-cli -A -e host ${HOST_ID} binding list | grep veth1 | awk '{ print $6}') ]; do
  echo "ZzZ..."
  sleep 5
done
PORT_ID=$(midonet-cli -A -e host ${HOST_ID} binding list | grep veth1 | awk '{ print $6}')

if [ -z "$(midonet-cli -A -e router ${ROUTER_ID} route list | grep "src 0.0.0.0/0 dst 0.0.0.0/0 gw ${VETH0_IP} port ${PORT_ID}")" ]; then
  midonet-cli -e router ${ROUTER_ID} add route src 0.0.0.0/0 dst 0.0.0.0/0 \
      type normal port router ${ROUTER_ID} port ${PORT_ID} gw ${VETH0_IP}
  echo "Successfully added default route on edge router"
fi

#midonet-cli -e host ${HOST_ID} add binding port router ${ROUTER_ID} \
    #port ${PORT_ID} interface veth1

# Add masquerading to enable NATing
if [ "${MASQUERADE_ON}" == 'on' ] && [ -z "$(iptables -v -n -L -t nat | grep "MASQUERADE" | grep "${FIP}" | grep "${NIC}")" ]; then
  iptables -t nat -I POSTROUTING -o ${NIC} -s ${FIP} -j MASQUERADE
  iptables -I FORWARD -s ${FIP} -j ACCEPT
  echo "Succesfully enabled masquerading"
fi

# Ensure there are no malicious iptables rules
if [ -f /etc/redhat-release ];
then
    iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited || true
    if [[ $(cat /etc/sysconfig/iptables | grep -v -- '-A FORWARD -j REJECT --reject-with icmp-host-prohibited') ]];
    then
        cat /etc/sysconfig/iptables | grep -v -- '-A FORWARD -j REJECT --reject-with icmp-host-prohibited' > /etc/sysconfig/iptables
    fi
fi