#!/usr/bin/perl

# Copyright (C) 2001 NEC Corporation
# All Rights Reserved.

##### 2001.01.31 BossSystem Tsuno
require "/opt/nec/wbmc/language.pl";
if($mes_language eq "Japanese"){
	require "/opt/nec/wbmc/bin/lang_j.pl";			# ܸå
} else {
	require "/opt/nec/wbmc/bin/lang_e.pl";			# Ѹå
}
$mes_work_string = "";
##### 2001.01.31 BossSystem Tsuno

require "/opt/nec/wbmc/bin/confinit.pl";
require "/opt/nec/wbmc/adm/proxy/common_roma.pl";

$NICiPaddrPath="/etc/sysconfig/network-scripts/ifcfg-eth0";
$InterscanFilePath="/etc/opt/nec/wbmc/interscan.conf";

#
#NICIPɥ쥹(eth0)
#
@IP_file= ();
$IPaddr="";
if (!&readFile("$NICiPaddrPath",ifcfg-eth0, *IP_file) ) {
        $mes_work_string = sprintf($mes_wbmcipchains_01, $NICiPaddrPath);
        &showErrorPage($mes_work_string);
        exit(1);
}
for($j=0;$j<@IP_file;$j++){
        if($IP_file[$j] =~ /IPADDR=(.*)/){
		$IPaddr= $1;
	}
}

#
#interscanξ
#
@inter_file =();
if (!&readFile("$InterscanFilePath",ifcfg-eth0, *inter_file) ) {
        $mes_work_string = sprintf($mes_wbmcipchains_01, $InterscanFilePath);
        &showErrorPage($mes_work_string);
        exit(1);
}

$interscanPath="";
$interscanState="";
@interscanIpaddr=();
$interscanPort=0;

for($i=0;$i<@inter_file;$i++){
	if($inter_file[$i]=~ /^Interscan_path\s+(.*)/){
		$interscanPath = removeSpace($1);
		##print"$interscanPath\n";
	}
	elsif($inter_file[$i] =~ /^Interscan_state\s+(.*)/){
		$interscanState = removeSpace($1);
		##print"$interscanState\n";
	}

#å奵ѤIPɥ쥹
	elsif($inter_file[$i] =~ /^Interscan_ipaddr\s+(.*)/){
		@interscanIpaddr[0] = removeSpace($1);
		##print"$interscanIpaddr[0]\n";
	}
	elsif($inter_file[$i] =~ /^Interscan_port\s+(.*)/){
		$interscanPort = removeSpace($1);
		##print"$interscanPort\n";
	}
}


# roma.confhttp_portREDIRECTͤȤ
#
#	ץեɹ
#
@file = ();
if (!&readFile($roma_conf, $roma_conf_lock, *file) ) {
	exit(0);
}

$cache_number = 0;
@cache_IP = ();
@cache_port = ();
$svtype = 0;
$svtype_old=0;

# L4/WCCPȽ
#å奵ХݡȤ򣱤ȴФ
for($j=0; $j<@file; $j++){
	$file[$j] =~ s/(.*)\n$/\1/;
	@work = split(/[\s]+/, $file[$j]);
	$key = $work[0];
	if($key eq "main_http_host_port"){
		$cache_IP[$cache_number]	= $work[1];
		$cache_port[$cache_number]	= $work[2];
		$cache_number++;
	}
	elsif($key eq "main_proxy_mode"){
		$svtype 	= $work[1];
	}
	elsif($key eq "wbmc_old_proxy_mode"){
		$svtype_old 	= $work[1];
	}
}


#
#ipchains 
#


# öԤ
system("/sbin/ipchains -F");
#print "/sbin/ipchains -F\n";

#  2001.04.16 BossSystem K.K Tsuno [ip_wccp]
# 󤬡Ʃ᷿WCCPפλѤΥޥɤ¹
if($svtype_old == 2){
	system("/sbin/modprobe -r ip_wccp");
	#print "/sbin/modprobe -r ip_wccp\n";
}
#  2001.04.16 BossSystem K.K Tsuno [ip_wccp]

# ̣Τ"Forward(Ʃ᷿L4å)","Forward(Ʃ᷿WCCP)"Τ
if($svtype == 1 || $svtype == 2){
} else {
	system("/sbin/ipchains-save > /etc/ipchains.rules");
	#print "/sbin/ipchains-save > /etc/ipchains.rules\n";
	exit(0);
}


#ipchains¹
#interscanѤʤȤ
if($interscanState eq "off"){
	&setIpchains(*cache_IP,$cache_port[0]);
}
#interscan̥ץΤȤ
elsif($interscanState eq "high"){
	&setIpchains(*cache_IP,$cache_port[0]);

}
#interscan̥ץΤȤ
elsif($interscanState eq "low"){
	&setIpchains(*interscanIpaddr,$interscanPort);
}


#  2001.04.16 BossSystem K.K Tsuno [ip_wccp]
# Ʃ᷿WCCPפꤹѤΥޥɤ¹
if($svtype == 2){
	system("/sbin/modprobe ip_wccp");
	system("/sbin/depmod -a -e");
	#print "/sbin/modprobe ip_wccp\n";
	#print "/sbin/depmod -a -e\n";
}
#  2001.04.16 BossSystem K.K Tsuno [ip_wccp]

system("/sbin/ipchains-save > /etc/ipchains.rules");
#print "/sbin/ipchains-save > /etc/ipchains.rules\n";



exit(0);





#
#̾
#	setIpchains  ipchainsԤ
#
#	setIpchains(*cache_ip,$portnum)
#
#	*cache_ip  å奵ѤꤷIPɥ쥹
#	$portnum   redirectꤹݡֹ
#
#	ΤȤ 1
#	ԤΤȤ 0

sub setIpchains
{
    local(*cache_ip,$portnum) = @_;

system("/sbin/ipchains -A input -j ACCEPT -i lo > /dev/null");
#print"/sbin/ipchains -A input -j ACCEPT -i lo > /dev/null \n";

#å奵ѤꤷIPɥ쥹ο¹
for($i=0;$i<@cache_ip;$i++){
	#ƱIPǤ˼¹ԤƤʤå
	#check=0:ƱIPʤ  check=1:ƱIP
	$check=0;
	for($j=0;$j < $i;$j++){
		if($cache_ip[$j] eq $cache_ip[$i]){
			$check =1;
		}
	}

	if ($check ==0){
        system("/sbin/ipchains -A input -j ACCEPT -p tcp -d $cache_ip[$i]  80 > /dev/null");
	#print "/sbin/ipchains -A input -j ACCEPT -p tcp -d $cache_ip[$i]  80 > /dev/null \n";
	}
}

system("/sbin/ipchains -A input -j REDIRECT $portnum -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 80 > /dev/null");
#print "/sbin/ipchains -A input -j REDIRECT $portnum -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 80 > /dev/null\n";

}

