#!/bin/sh

# Script for enabling disabling secure mode LTE593

# Init script information
INIT_NAME="start_script.conf"

TRS_SIM_DEST="/ffs/run/trs_data/sim"

OPT_DIR="/opt/trs"
CCS_DIR="/opt/CCS"

# ---------- Dest Path ------------------

NETWORKING="${OPT_DIR}/etc/networking"
PRODUCT_SETTINGS="${OPT_DIR}/etc/product_settings"

TRS_BIN_DEST="${OPT_DIR}/bin"

# Load init script configuration
[ -f "${TRS_SIM_DEST}/${INIT_NAME}" ] && . "${TRS_SIM_DEST}/${INIT_NAME}"

# Load networking script
[ -f "${NETWORKING}" ] && . "${NETWORKING}"
[ -f "${PRODUCT_SETTINGS}" ] && . "${PRODUCT_SETTINGS}"

TRS_LMP_IP=$(get_trs_lmp_ip)
FCT_SYS_IP=$(get_fct_sys_ip)
MASTEROM_IP=$(get_masterom_ip)

flag="$1"
role="$2"
module="$3"

case "$flag" in
    init)

        ip link set ${ETHIF} up
        echo 1 > /proc/sys/net/ipv4/conf/${ETHIF}/forwarding

        if [ "x$CONFIGURE_SWITCH" != "x0" ]; then
            # set up port based vlan to disable access to FTIF
            # (port 3) from all ports except from MCU (port 0)
            ${TRS_BIN_DEST}/ddal_test_tool -s 0 -d 1 -n 0 -o 11 >/dev/null 2>&1

            # initial VLAN settings
            ${TRS_BIN_DEST}/ddal_test_tool -s 0 -d 1 -n 0 -o ${INITIAL_VLAN_SWITCH_OP} >/dev/null 2>&1

            if [ "x$USE_FTIF_VLAN" != "x0" ]; then
                # enable VLAN 48 for mpls
                ${TRS_BIN_DEST}/secfg_test iptest_mpls_vlan_set 48 >/dev/null 2>&1
                if [ $PROD -eq $PROD_WCDMA ]; then
                    # enable VLAN 48 for atmse
                    ${TRS_BIN_DEST}/secfg_test test_atmgw_atm_vlan_tag_set 0 0 48 >/dev/null 2>&1
                fi

                vconfig add ${ETHIF} ${FTIF_VLAN} 2>/dev/null
                echo 0 > /proc/sys/net/ipv4/conf/${FTIF_IF}/forwarding
            fi
        fi

        case "${BTSOM_SIMULATED}${TEST_ADAPTER}" in
            *yes*|*y*|*YES*|*Y*)
                # Apply the patch to the init conf if necessary:
                if ! grep -q  "ftpd_banner=Welcome to FZM FTP service." /etc/vsftpd.conf; then
                    grep -v ftpd_banner= /etc/vsftpd.conf > /etc/vsftpd.conf_
                    echo ftpd_banner=Welcome to FZM FTP service. >> /etc/vsftpd.conf_
                    mv /etc/vsftpd.conf_ /etc/vsftpd.conf
                    if [ "x$DEBUG_IP" != "x" -a "x$DEBUG_NETMASK" != "x" ]; then
                        killall vsftpd 2>/dev/null
                        vsftpd &
                    fi
                fi
                cat /etc/ssh/sshd_config | grep -v Ciphers > /etc/ssh/sshd_config_
                echo Ciphers   aes192-cbc,aes192-ctr,aes128-cbc,aes128-ctr,aes256-cbc,aes256-ctr >> /etc/ssh/sshd_config_
                mv /etc/ssh/sshd_config_ /etc/ssh/sshd_config
                killall sshd 2>/dev/null
                /usr/sbin/sshd &
                ;;
        esac

        ;;
    1)
        if [ "x$CONFIGURE_SWITCH" != "x0" ]; then
            # Configure switch. SOE Enable.
            ${TRS_BIN_DEST}/ddal_test_tool -s 0 -d 1 -n 0 -o 34 >/dev/null 2>&1
        fi

        vconfig add ${ETHIF} 32 2>/dev/null

        INTF_OLD=${ETHIF}
        INTF_NEW=${ETHIF}.32

        ip link set ${INTF_NEW} up
        echo 1 > /proc/sys/net/ipv4/conf/${INTF_NEW}/forwarding

        ;;
    *)
        if [ "x$CONFIGURE_SWITCH" != "x0" ]; then
            # Configure switch. SOE Disable.
            ${TRS_BIN_DEST}/ddal_test_tool -s 0 -d 1 -n 0 -o 40 >/dev/null 2>&1
        fi

        INTF_OLD=${ETHIF}.32
        INTF_NEW=${ETHIF}
        ;;
esac

if [ "x$flag" != "xinit" ]; then
    NFSINTERFACE=$(check_nfsboot)
    if [ "x${NFSINTERFACE}" != "x" -a "${NFSINTERFACE}" = "${INTF_NEW}" ] ; then
        LMP_INTF="${INTF_NEW}:1"
    else
        LMP_INTF="${INTF_NEW}"
    fi

    case "${BTSOM_SIMULATED}${TEST_ADAPTER}" in
        *yes*|*y*|*YES*|*Y*)
            # reply arp requests on eth1 for 192.168.255.129
            # It will be possible to set only the IP/NETMASK or a GATEWAY or both parts:
            if [ "x$DEBUG_IP" != "x" -a "x$DEBUG_NETMASK" != "x" -a "x$DEBUG_IP" != "x$TRS_LMP_IP" ]; then
                calculate_netmask_bits $DEBUG_NETMASK
                DEBUG_NETMASK_BITS=$?
                # configure the debug port on eth1 and put the default lmp on eth1:1
                config_if ${INTF_NEW} $DEBUG_IP $DEBUG_NETMASK_BITS all up 2>/dev/null
                config_if ${INTF_NEW}:1 $TRS_LMP_IP 24 all up 2>/dev/null

                ${TRS_BIN_DEST}/test_hlEeprom setIpAddr portLMP $DEBUG_IP >/dev/null 2>&1
                arping -c 2 $DEBUG_IP -I ${INTF_NEW}
                
            else
                # test environment but no debug address defined so configure default lmp on eth1
                config_if ${LMP_INTF} $TRS_LMP_IP 24 all up 2>/dev/null
                ${TRS_BIN_DEST}/test_hlEeprom setIpAddr portLMP $TRS_LMP_IP >/dev/null 2>&1
            fi

            if [ "x$REMOTE_IP" != "x" -a "x$REMOTE_NETMASK" != "x" -a "x$REMOTE_INTF" != "x" ]; then
                calculate_netmask_bits $REMOTE_NETMASK
                REMOTE_NETMASK_BITS=$?
                config_if ${REMOTE_INTF} $REMOTE_IP $REMOTE_NETMASK_BITS all up 2>/dev/null
            fi

            if [ "x$DEFAULT_GATEWAY" != "x" ]; then
                route delete default 2>/dev/null
                route add -net 0.0.0.0 netmask 0.0.0.0 gw $DEFAULT_GATEWAY 2>/dev/null
            fi

            # for simulation expect the BTSOM IPs to be behind eth1
            config_sim_routes
            ;;
        *)
            # configure default lmp address on eth1
            config_if ${LMP_INTF} $TRS_LMP_IP 24 all up 2>/dev/null
            # eth 1:1 not used
            ${TRS_BIN_DEST}/test_hlEeprom setIpAddr portLMP $TRS_LMP_IP >/dev/null 2>&1
            ;;

    esac

    OLDROUTES=`for table in main $DCNTABLE $TRSTABLE; do
        ip route ls table $table | grep -E "dev[[:space:]]*${INTF_OLD}[[:space:]]" | while read line; do
            echo "table $table $line"
        done
    done`

    DELROUTES=`echo "$OLDROUTES" | (while read line; do
        case $line in
            *dev*)
                TARGET=$(echo $line | awk '{print $3}')
                case $TARGET in
                    192.168.254.0/23|192.168.255.0/24|192.168.255.52/30|192.168.255.0/27|192.168.255.64/27)
                        ;;
                    *)
                        DELROUTES="ip route delete $line\n$DELROUTES"
                        ;;
                esac
                ;;
        esac
    done; echo -e "$DELROUTES")`

    ADDROUTES=`echo "$OLDROUTES" | sed -e "s/dev[[:space:]]*${INTF_OLD}/dev ${INTF_NEW}/g" | (while read line; do
        case $line in
            *dev*)
                TARGET=$(echo $line | awk '{print $3}')
                case $TARGET in
                    192.168.254.0/23|192.168.255.0/24|192.168.255.52/30|192.168.255.126|192.168.255.140|192.168.255.141|192.168.255.0/27|192.168.255.64/27)
                        ;;
                    *)
                        ADDROUTES="ip route add $line\n$ADDROUTES"
                        ;;
                esac
                ;;
        esac
    done; echo -e "$ADDROUTES")`

    INTERFACE=''
    INTERFACE=`ip -4 addr show dev ${INTF_OLD} 2>/dev/null | awk '$1~/^inet/{print $NF}' | (while read oldintf; do
        newintf=$(echo $oldintf | sed -e "s/^${INTF_OLD}/${INTF_NEW}\\1/")
        addr=$(ip -4 addr show dev $oldintf label $oldintf | awk '$1~/^inet/{print $2}' | awk -F/ '{print $1}')
        mask=$(ip -4 addr show dev $oldintf label $oldintf | awk '$1~/^inet/{print $2}' | awk -F/ '{print $2}')
        if [ "x$addr" != "x" ]; then
            case $addr in
                192.168.255.1|192.168.255.3|192.168.255.5|192.168.255.16|192.168.255.54|192.168.255.129|192.168.255.127|192.168.255.128)
                    ;;
                *)
                    INTERFACE="$INTERFACE $oldintf"
                    ip addr flush dev $newintf label $newintf >/dev/null 2>&1
                    ip addr add $addr/$mask dev $newintf label $newintf >/dev/null 2>&1
                    ip link set $newintf up
                    # update ARP table on peers
                    arping -c 2 $addr -I ${INTF_NEW} >&2

                    ;;
            esac
        fi
    done; echo $INTERFACE)`

#     case "${TEST_ADAPTER}" in
#         *yes*|*y*|*YES*|*Y*)
#             config_if ${INTF_NEW} $TRS_LMP_IP 30 all up 2>/dev/null
#             ;;
#         *)
#             config_if ${INTF_NEW} $TRS_LMP_IP 24 all up 2>/dev/null
#             ;;
#     esac

    arping -c 2 $TRS_LMP_IP -I ${INTF_NEW}

    for intf in $INTERFACE; do
        ip addr flush dev $intf label $intf 2>/dev/null
    done
    ip addr flush dev ${INTF_OLD} label ${INTF_OLD} 2>/dev/null

    echo "$DELROUTES" | while read line; do
        eval $line 2>/dev/null
    done

    echo "$ADDROUTES" | while read line; do
        eval $line 2>/dev/null
    done

    case "$flag" in
        1)
            case "${BTSOM_SIMULATED}${TEST_ADAPTER}" in
                *yes*|*y*|*YES*|*Y*)
                    ;;
                *)
                    ip route add 192.168.255.126/32 dev ${INTF_NEW} proto kernel scope link
                    ;;
            esac

            ip route add 192.168.255.140/32 dev ${INTF_NEW} proto kernel scope link
            ip route add 192.168.255.141/32 dev ${INTF_NEW} proto kernel scope link
            ;;
        *)
            case "${BTSOM_SIMULATED}${TEST_ADAPTER}" in
                *yes*|*y*|*YES*|*Y*)
                    ip route add 192.168.255.140/32 dev ${INTF_NEW} proto kernel scope link
                    ip route add 192.168.255.141/32 dev ${INTF_NEW} proto kernel scope link
                    ;;
            esac

            ip link set ${INTF_OLD} down 2>/dev/null
            vconfig rem ${INTF_OLD} 2>/dev/null
            ;;
    esac

    case "${BTSOM_SIMULATED}${TEST_ADAPTER}" in
        *yes*|*y*|*YES*|*Y*)
            ip route add $MASTEROM_IP/32 src $TRS_LMP_IP dev eth1 2>/dev/null
            ;;
    esac

    config_if ${ETHIF}:2 $FCT_SYS_IP 23 all up 2>/dev/null
    arping -c 2 $FCT_SYS_IP -I ${ETHIF}

    if [[ "x$MASTEROM_IP" != "x$FCT_SYS_IP" ]];then
        config_if ${ETHIF}:3 $MASTEROM_IP 30 all up 2>/dev/null
        arping -c 2 $MASTEROM_IP -I ${ETHIF}
    fi

    clone_debug_route 2>/dev/null
fi

exit 0
