#!/bin/sh

#
# xfrm policy add/delete for VPN
#

xfrm_policies() {
    %set %%reseau = []
    %for %%int_num in %%range(%%int(%%nombre_interfaces))
        %%reseau.append(%%getVar('adresse_network_eth' + %%str(%%int_num)) + "/" + %%calc_classe(%%getVar('adresse_netmask_eth' + %%str(%%int_num))))
    %if %%getVar('alias_eth' + %%str(%%int_num)) == 'oui'
        %for %%alias in %%getVar('alias_ip_eth' + %%str(%%int_num))
            %set %%network_key = "alias_network_eth" + %%str(%%int_num)
            %set %%netmask_key = "alias_netmask_eth" + %%str(%%int_num)
            %set %%calc_net = %%getattr(alias, %%network_key)+ "/" + %%calc_classe(%%getattr(alias, %%netmask_key))
            %%reseau.append(%%calc_net)
        %end for
    %end if
    %if %%getVar('vlan_eth' + %%str(%%int_num)) == 'oui'
        %for %%vlan_id in %%getVar('vlan_id_eth' + %%str(%%int_num))
            %set %%network_key = "vlan_network_eth" + str(%%int_num)
            %set %%netmask_key = "vlan_netmask_eth" + str(%%int_num)
            %set %%calc_net = %%getattr(%%vlan_id, %%network_key)+ "/" + %%calc_classe(%%getattr(vlan_id, %%netmask_key))
            %%reseau.append(%%calc_net)
        %end for
    %end if
    %end for
    %if %%activer_route == 'oui'
        %for %%route in %%route_adresse
            %if %%getVar('nom_zone_eth' + %%route.route_int) != %%nom_zone_eth0
                %set %%net_route = %%str(%%route) + "/" + %%str(%%calc_classe(%%route.route_netmask))
                %%reseau.append(%%net_route)
            %end if
        %end for
    %end if
    %for %%res1 in %%reseau
        %for %%res2 in %%reseau
    ip xfrm policy $1 src %%res1 dst %%res2 dir in
    ip xfrm policy $1 src %%res1 dst %%res2 dir out
    ip xfrm policy $1 src %%res1 dst %%res2 dir fwd
        %end for
    %end for
}

case "$1" in
  add)
    xfrm_policies add
    exit 0
    ;;

  delete)
    xfrm_policies delete
    exit 0
    ;;

  *)
    echo "Usage: $0 {add|delete}"
    exit 1
esac
