#!/bin/sh

# Script for configuring ethernet interfaces

OPT_DIR="/opt/trs"
CCS_DIR="/opt/CCS"
OPT_TRSSHAREDLIBS_DIR="/opt/trssharedlibs"
if [ ! -d "${OPT_TRSSHAREDLIBS_DIR}" ]; then
    OPT_TRSSHAREDLIBS_DIR=''
fi

DAEMON=/sbin/ip
IPROUTE=/sbin/ip
IPCALC=/bin/ipcalc

DCNTABLE=20
TRSTABLE=40

# ---------- Dest Path ------------------

TRS_LIB_DEST="${OPT_TRSSHAREDLIBS_DIR}/usr/lib64"
if [ ! -d "${TRS_LIB_DEST}" ]; then
    TRS_LIB_DEST="${OPT_TRSSHAREDLIBS_DIR}/usr/lib"
fi

TRS_BIN_DEST="${OPT_DIR}/bin"

TEST_ENVINFO="${TRS_BIN_DEST}/test_envInfo"

check_nfsboot()
{
    local nfsroot
    local nfs_addr
    local nfs_iface
    local dev
    local mtpt
    local fstype
    local rest

    nfsroot=0

    exec 9<&0 < /proc/mounts
    while read dev mtpt fstype rest; do
        if test $mtpt = "/"; then
            case $fstype in
                nfs | nfs4)
                    nfsroot=1
                    nfs_addr=`echo $rest | sed -e 's/^.*addr=\([0-9.]*\).*$/\1/'`
                    break
                    ;;
                *)
                    ;;
            esac
        fi
    done
    exec 0<&9 9<&-

    if [ $nfsroot -ne 0 ]; then
        if [ -x /bin/ip -o -x /sbin/ip ] ; then
            nfs_iface=`ip route get $nfs_addr | grep dev | sed -e 's/^.*dev \([-a-z0-9.]*\).*$/\1/'`
            echo $nfs_iface
        fi
    fi
}

# Fix for PR 66678ESPE03
enable_tcp_syncookie()
{
    if [ -e /proc/sys/net/ipv4/tcp_syncookies ]; then
        echo 1 > /proc/sys/net/ipv4/tcp_syncookies
    fi
}

enable_tcp_syncookie

configure_tcp_keepalive()	
{
    echo 30 > /proc/sys/net/ipv4/tcp_keepalive_time
    echo  2 > /proc/sys/net/ipv4/tcp_keepalive_intvl
    echo  2 > /proc/sys/net/ipv4/tcp_keepalive_probes	
    echo  9 > /proc/sys/net/ipv4/tcp_retries2
	
}
	
configure_tcp_keepalive

calculate_netmask_bits()
{
    if [ "x$1" = "x0.0.0.0" ]; then
        return 0;
    elif [ "x$1" = "x255.0.0.0" ]; then
        return 8;
    elif [ "x$1" = "x255.255.0.0" ]; then
        return 16;
    elif [ "x$1" = "x255.255.128.0" ]; then
        return 17;
    elif [ "x$1" = "x255.255.192.0" ]; then
        return 18;
    elif [ "x$1" = "x255.255.224.0" ]; then
        return 19;
    elif [ "x$1" = "x255.255.240.0" ]; then
        return 20;
    elif [ "x$1" = "x255.255.248.0" ]; then
        return 21;
    elif [ "x$1" = "x255.255.252.0" ]; then
        return 22;
    elif [ "x$1" = "x255.255.254.0" ]; then
        return 23;
    elif [ "x$1" = "x255.255.255.0" ]; then
        return 24;
    elif [ "x$1" = "x255.255.255.252" ]; then
        return 30;
    elif [ "x$1" = "x255.255.255.255" ]; then
        return 32;
    else 
        echo "Unknown netmask $1"
        return 24;
    fi
}

# Calculates netmask depending on mask bits
# arg1     <# bits for netmask>
create_netmask() 
{
    case "$1" in
        0)
            NETMASK=0.0.0.0
            ;;
        8)
            NETMASK=255.0.0.0
            ;;
        16)
            NETMASK=255.255.0.0
            ;;
        17)
            NETMASK=255.255.128.0
            ;;
        18)
            NETMASK=255.255.192.0
            ;;
        19)
            NETMASK=255.255.224.0
            ;;
        20)
            NETMASK=255.255.240.0
            ;;
        21)
            NETMASK=255.255.248.0
            ;;
        22)
            NETMASK=255.255.252.0
            ;;
        23)
            NETMASK=255.255.254.0
            ;;
        24)
            NETMASK=255.255.255.0
            ;;
        30)
            NETMASK=255.255.255.252
            ;;
        32)
            NETMASK=255.255.255.255
            ;;
        *)
            echo "Incorrect NETMASK"
            NETMASK=255.255.255.255
            return -1
            ;;
    esac
}

# Add to specification to set accept_redirect
set_accept_redirects()
{
    if [ -e /proc/sys/net/ipv4/conf/all/accept_redirects ]
        then
        f=0
        for f in /proc/sys/net/ipv4/conf/*/accept_redirects
          do
          echo 0 > $f
        done
    fi

}
set_accept_redirects

# Add to specification to set send_redirect
set_send_redirects()
{
     if [ -e /proc/sys/net/ipv4/conf/all/send_redirects ]
        then
        f=0
        for f in /proc/sys/net/ipv4/conf/*/send_redirects
          do
          echo 0 > $f
        done
    fi

}

set_send_redirects




# Detect product type
is_prod_wcdma()
{
    export LD_LIBRARY_PATH="${TRS_LIB_DEST}:${CCS_DIR}:/usr/lib64:/lib64:/lib:$LD_LIBRARY_PATH"
    export PATH="${TRS_BIN_DEST}:$PATH"

    local prod_type
    ${TEST_ENVINFO} envInfoProductType >/dev/null 2>&1
    prod_type=$?
    case $prod_type in
        1)
            # prod_type is WCDMA
            return 1
            ;;
        *)     
            return 0
            ;;
    esac
}

# add routes to dcn/trs routing table
# arg1      <interface name>
# arg2      <network ip addr>
# arg3      <# bits for netmask>
# arg4      <"dcn" | "trs" | "all">
# arg5      <src ip addr>
add_route()
{
    if [ "$4" = "all" ]; then
        $IPROUTE ro add t $DCNTABLE $2/$3 dev $1 proto kernel scope link src $5
        $IPROUTE ro add t $TRSTABLE $2/$3 dev $1 proto kernel scope link src $5
    else
        $IPROUTE ro add t $4 $2/$3 dev $1 proto kernel scope link src $5
    fi
}

# configure interface and also clone route to dcn/trs routing table
# arg1      <interface name>
# arg2      <ip addr>
# arg3      <# bits for netmask>
# arg4      <"dcn" | "trs" | "all">
# arg5      <"up" | "down">
config_if() 
{
    local RET=

    if [ "$5" = "up" ]; then
        echo "Starting network interface $1 with $2/$3"
        $DAEMON addr add $2/$3 dev $1 label $1 > /dev/null 2>&1
        $DAEMON link set $1 up
        RET=$?
        if [ $RET -eq 0 ]; then
            return 0
        else
            echo "failed ($RET: $ERROR)."
            return 1
        fi
    else
        echo "Stopping network interface $1"
        # routing entry in other tables will automatically removed by kernel
        $DAEMON link set $1 down > /dev/null 2>&1
    fi
}

clone_debug_route()
{
    DEBUG_IP=`ip -4 addr show eth1 label eth1 | awk '$1~/^inet/{print $2}' | awk -F/ '{print $1}'`
    NETMASK_BITS=`ip -4 addr show eth1 label eth1 | awk '$1~/^inet/{print $2}' | awk -F/ '{print $2}'`

    echo "Debug interface IpAddr:$DEBUG_IP/$NETMASK_BITS"

}

config_sim_routes()
{
    role=$1

    ip route add 192.168.255.1/32   src 192.168.255.129 dev eth1
    ip route add 192.168.255.126/32 src 192.168.255.129 dev eth1

}

arptimers()
{
    echo "set arp cache entry hold and retransmit timers for all interfaces"
    sysctl -n -w net.ipv4.neigh.default.base_reachable_time_ms=400000
    sysctl -n -w net.ipv4.neigh.default.retrans_time_ms=1000
    sysctl -n -w net.ipv4.neigh.default.mcast_solicit=5
    sysctl -n -w net.ipv4.conf.all.arp_announce=2
    sysctl -n -w net.ipv4.conf.all.arp_ignore=1
    sysctl -n -w net.ipv4.neigh.default.gc_stale_time=60
    sysctl -n -w net.ipv4.neigh.default.delay_first_probe_time=5
    sysctl -n -w net.ipv4.neigh.default.ucast_solicit=3
}

# Increasing queue length for unresolved arp entries because by default it is 3 
# and when we flow SSE traffic for 32 IP rules at a time,arp request was getting 
# delayed due to less length
arp_unres_qlen () 
{
    echo "Setting arp queue length to 140 for LMP in tmgr"
    echo 140 > /proc/sys/net/ipv4/neigh/eth0/unres_qlen
    echo 140 > /proc/sys/net/ipv4/neigh/eth1/unres_qlen
}

# set the ICMP Egress Rate Limiting 
# 3 - Destination Unreachable, 8 - Echo Request, B - Time Exceeded
icmp_rate_limit ()
{
    echo "Setting ICMP rate Limiting to 25/sec"
    sysctl -n -w net.ipv4.icmp_ratelimit=40  #minimum gap between ICMP messages in ms
    sysctl -n -w net.ipv4.icmp_ratemask=6424 #Bits: 1100100011000
}


# spoofprotect_rp_filter () 
# {
#     # This is the best method: turn on Source Address Verification and get
#     # spoof protection on all current and future interfaces.
#     if [ -e /proc/sys/net/ipv4/conf/eth3/rp_filter ]; then
#         echo "Setting up IP spoofing protection: done"
#         echo 1 > /proc/sys/net/ipv4/conf/eth3/rp_filter
#     fi
# }

# syncookies () 
# {
#     if [ -e /proc/sys/net/ipv4/tcp_syncookies ]; then
#         echo "Enabling TCP/IP SYN cookies: done"
#         echo 1 > /proc/sys/net/ipv4/tcp_syncookies
#     fi
# }

icmpecho_ignore_on_brdcast () 
{
    if [ -e /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts ]; then
        echo "Setting ICMP ECHO ignore on broadcast: done"
        echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
    fi
}

clear_rp_filter()

{
    echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter	
    echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
    for file in /proc/sys/net/ipv4/conf/eth*/rp_filter; do echo 0 > $file; done
    echo 0 > /proc/sys/net/ipv4/conf/pan0/rp_filter
}

set_ipv6_hop_limit()
{
    echo 255 >/proc/sys/net/ipv6/conf/br0/hop_limit
}

protect_dos_ddos_attacks() 
{
    echo "Setting up DOS/DDOS attacks protection: "
    clear_rp_filter
    # Enable Smurf DOS attack protection
    #spoofprotect_rp_filter

    # Enable TCP syn cookies
    # taken care as part of the PR 66678ESPE03 
    #syncookies

    # Enable ICMP echo on boardcast
    icmpecho_ignore_on_brdcast
}

#Function to map ipaddresses to the set , set by BTSOM. TRS reset is required for this.
identifyLmpIpAddress()
{
    TRS_LMP_IP_SET=/ffs/run/config/IPAddressSet.txt

    TRS_LMP_IP=192.168.255.129
    FCT_SYS_IP=192.168.255.1
    MASTEROM_IP=192.168.255.16
    if [ -e $TRS_LMP_IP_SET ];then
        IPSET=`awk '{print $1}' $TRS_LMP_IP_SET`  
        if [ $IPSET = "2" ];
        then
            TRS_LMP_IP=192.168.255.128
            FCT_SYS_IP=192.168.255.3
            MASTEROM_IP=192.168.255.3
        elif [ $IPSET = "3" ];
        then
            TRS_LMP_IP=192.168.255.127
            FCT_SYS_IP=192.168.255.5
            MASTEROM_IP=192.168.255.5
        fi
    fi

    echo "TRS_LMP_IP=$TRS_LMP_IP" > /tmp/lmp_addr.conf
    echo "FCT_SYS_IP=$FCT_SYS_IP" >> /tmp/lmp_addr.conf      
    echo "MASTEROM_IP=$MASTEROM_IP" >> /tmp/lmp_addr.conf

}

#Return TRS LMP IP 
get_trs_lmp_ip()
{
    local result=192.168.255.129
    if [ -e /tmp/lmp_addr.conf ]; then
        result=`grep TRS_LMP_IP /tmp/lmp_addr.conf |awk -F"=" '{print $2}'`
    fi
    echo "$result"
}

#Returns FCT system IP
get_fct_sys_ip()
{
    local result=192.168.255.1
    if [ -e /tmp/lmp_addr.conf ]; then
        result=`grep FCT_SYS_IP /tmp/lmp_addr.conf |awk -F"=" '{print $2}'`
    fi
    echo "$result"
}

#Returns Master OM IP
get_masterom_ip()
{
    local result=192.168.255.16
    if [ -e /tmp/lmp_addr.conf ]; then
        result=`grep MASTEROM_IP /tmp/lmp_addr.conf |awk -F"=" '{print $2}'`
    fi
    echo "$result"
}
