#!/bin/sh

. /lib/functions.sh
. /lib/functions/network.sh

[ "$INTERFACE" = ffuplink ] || exit

config_load ffwizard
config_get sharenet settings sharenet
[ "$sharenet" = 1 ] || exit

config_load freifunk-policyrouting
config_get pr_enable pr enable
config_get fallback pr fallback
config_get strict pr strict
config_get zones pr zones
[ "$pr_enable" = 1 ] || exit

if [ "$ACTION" = ifup ]; then
  logger -t ff-userlog "ffuplink interface is up"
  logger -t ff-userlog "creating ffuplink ip-rules"
  ifaces=$(uci -q get firewall.zone_freifunk.network) 
  network_get_subnet uplink_net ffuplink
  if [ -z $uplink_net ]; then
    logger -t ff-userlog "UCI did not return a valid IP-net for ffuplink; querying directly with ip-tool"
    uplink_net=$(ip -4 -o addr show dev ffuplink|awk '{print $4}')
  fi
  if [ -z $uplink_net ]; then
    logger -t ff-userlog "no valid IP-net found for ffuplink; TRAFFIC FOR UPLINK-NETWORK WILL NOT BE BLOCKED"
  fi
  eval $(/bin/ipcalc.sh $uplink_net)
  for iface in $ifaces; do
    network_get_physdev netdev $iface
    [ ! '0.0.0.0' = $NETWORK ] && ip rule add prio 19989 to $NETWORK/$PREFIX iif $netdev prohibit
    ip rule add prio 19990 iif $netdev lookup ffuplink
  done
  logger -t ff-userlog "ffuplink-interface is setup"
fi

if [ "$ACTION" = ifdown ]; then
  logger -t ff-userlog "ffuplink interface going down"
  ip route flush table ffuplink
  while true; do
    ip rule show | grep -q "^19990:" || break
    ip rule del prio 19990
  done
  while true; do
    ip rule show | grep -q "^19989:" || break
    ip rule del prio 19989
  done
fi