#!/bin/sh

#
# xfrm policy add/delete for VPN
#

xfrm_policies() {
    %set %%reseau = []
    %for %%int_num in %%range(%%int(%%nombre_interfaces))
        %%reseau.append(%%getVar('adresse_network_eth' + %%str(%%int_num)) + "/" + %%calc_classe(%%getVar('adresse_netmask_eth' + %%str(%%int_num))))
    %if %%getVar('alias_eth' + %%str(%%int_num)) == 'oui'
        %for %%alias in %%getVar('alias_ip_eth' + %%str(%%int_num))
            %set %%network_key = "alias_network_eth" + %%str(%%int_num)
            %set %%netmask_key = "alias_netmask_eth" + %%str(%%int_num)
            %set %%calc_net = %%getattr(alias, %%network_key)+ "/" + %%calc_classe(%%getattr(alias, %%netmask_key))
            %%reseau.append(%%calc_net)
        %end for
    %end if
    %if %%getVar('vlan_eth' + %%str(%%int_num)) == 'oui'
        %for %%vlan_id in %%getVar('vlan_id_eth' + %%str(%%int_num))
            %set %%network_key = "vlan_network_eth" + str(%%int_num)
            %set %%netmask_key = "vlan_netmask_eth" + str(%%int_num)
            %set %%calc_net = %%getattr(%%vlan_id, %%network_key)+ "/" + %%calc_classe(%%getattr(vlan_id, %%netmask_key))
            %%reseau.append(%%calc_net)
        %end for
    %end if
    %end for
    %if %%activer_route == 'oui'
        %for %%route in %%route_adresse
            %if %%getVar('nom_zone_eth' + %%route.route_int) != %%nom_zone_eth0
                %set %%net_route = %%str(%%route) + "/" + %%str(%%calc_classe(%%route.route_netmask))
                %%reseau.append(%%net_route)
            %end if
        %end for
    %end if
    %for %%res1 in %%reseau
        %for %%res2 in %%reseau
    RET=0
    ip xfrm policy get src %%res1 dst %%res2 dir in > /dev/null 2>&1
    GET_RET=$?
    ([[ "$1" = "add" ]] && [ $GET_RET -ne 0 ]) || ([[ "$1" = "delete" ]] && [ $GET_RET -eq 0 ]) && \
        echo "$1 policy src %%res1 dst %%res2 dir in" && \
        ip xfrm policy $1 src %%res1 dst %%res2 dir in > /dev/null 2>&1
    [[ "$1" = "get" ]] && [ $GET_RET -ne 0 ] && \
        echo "Missing policy src %%res1 dst %%res2 dir in" && \
        RET=$GET_RET
    ip xfrm policy get src %%res1 dst %%res2 dir out > /dev/null 2>&1
    GET_RET=$?
    ([[ "$1" = "add" ]] && [ $GET_RET -ne 0 ]) || ([[ "$1" = "delete" ]] && [ $GET_RET -eq 0 ]) && \
        echo "$1 policy scr %%res1 dst %%res2 dir out" && \
        ip xfrm policy $1 src %%res1 dst %%res2 dir out > /dev/null 2>&1
    [[ "$1" = "get" ]] && [ $GET_RET -ne 0 ] && \
        echo "Missing policy src %%res1 dst %%res2 dir out" && \
        RET=$GET_RET
    ip xfrm policy get src %%res1 dst %%res2 dir fwd > /dev/null 2>&1
    GET_RET=$?
    ([[ "$1" = "add" ]] && [ $GET_RET -ne 0 ]) || ([[ "$1" = "delete" ]] && [ $GET_RET -eq 0 ]) && \
        echo "$1 policy src %%res1 dst %%res2 dir fwd" && \
        ip xfrm policy $1 src %%res1 dst %%res2 dir fwd > /dev/null 2>&1
    [[ "$1" = "get" ]] && [ $GET_RET -ne 0 ] && \
        echo "Missing policy src %%res1 dst %%res2 dir fwd" && \
        RET=$GET_RET
        %end for
    %end for
    return $RET
}

case "$1" in
  add)
    xfrm_policies add
    exit $?
    ;;

  delete)
    xfrm_policies delete
    exit $?
    ;;

  status)
    xfrm_policies get
    exit $?
    ;;

  *)
    echo "Usage: $0 {add|delete|status}"
    exit 1
esac
