#!/usr/bin/perl

#
#roma¦Ǽ¹Ԥ뤿ѻߡĤƤ
#


# Copyright (C) 2001 NEC Corporation
# All Rights Reserved.

##### 2001.01.31 BossSystem Tsuno
require "/opt/nec/wbmc/language.pl";
if($mes_language eq "Japanese"){
	require "/opt/nec/wbmc/bin/lang_j.pl";			# ܸå
} else {
	require "/opt/nec/wbmc/bin/lang_e.pl";			# Ѹå
}
$mes_work_string = "";
##### 2001.01.31 BossSystem Tsuno

require "/opt/nec/wbmc/bin/confinit.pl";
require "/opt/nec/wbmc/lib/wbmc.pl";
require "/opt/nec/wbmc/bin/bin.pl";
require "/opt/nec/wbmc/adm/proxy/common_roma.pl";

$NICiPaddrPath="/etc/sysconfig/network-scripts/ifcfg-eth0";
$InterscanFilePath="/etc/opt/nec/wbmc/interscan.conf";

#iptablesΥ롼ݻ
@file_iptables = ();

#iptablestransparentѤΥ롼ݻ
@transparent = ();

#IPTABLES_SAVEؤΥѥ
$iptables_path = "/opt/nec/wbmc/bin/IPTABLES_SAVE";
$iptables_path_lock = "IPTABLES_SAVE";


#IPTABLES_SAVEɤ߹
if (!&readFile("$iptables_path", $iptables_path_lock, *file_iptables) ) {
	system("echo cannot read $iptables_path");
        exit(1);
}

#
#NICIPɥ쥹(eth0)
#
@IP_file= ();
$IPaddr="";
if (!&readFile("$NICiPaddrPath",ifcfg-eth0, *IP_file) ) {
        system("echo cannot read $NICiPaddrPath");
        exit(1);
}
for($j=0;$j<@IP_file;$j++){
        if($IP_file[$j] =~ /IPADDR=(.*)/){
		$IPaddr= $1;
	}
}

#
#interscanξ
#
@inter_file =();
if (!&readFile("$InterscanFilePath",ifcfg-eth0, *inter_file) ) {
        system("echo cannot read $InterscanFilePath");
        exit(1);
}

$interscanPath="";
$interscanState="";
@interscanIpaddr=();
$interscanPort=0;

for($i=0;$i<@inter_file;$i++){
	if($inter_file[$i]=~ /^Interscan_path\s+(.*)/){
		$interscanPath = removeSpace($1);
		##print"$interscanPath\n";
	}
	elsif($inter_file[$i] =~ /^Interscan_state\s+(.*)/){
		$interscanState = removeSpace($1);
		##print"$interscanState\n";
	}

#å奵ѤIPɥ쥹
	elsif($inter_file[$i] =~ /^Interscan_ipaddr\s+(.*)/){
		@interscanIpaddr[0] = removeSpace($1);
		##print"$interscanIpaddr[0]\n";
	}
	elsif($inter_file[$i] =~ /^Interscan_port\s+(.*)/){
		$interscanPort = removeSpace($1);
		##print"$interscanPort\n";
	}
}


# roma.confhttp_portREDIRECTͤȤ
#
#	ץեɹ
#
@file = ();
if (!&readFile($roma_conf, $roma_conf_lock, *file) ) {
        system("echo cannot read $roma_conf");
	exit(0);
}

$cache_number = 0;
@cache_IP = ();
@cache_port = ();
$svtype = 0;
$svtype_old=0;

# L4/WCCPȽ
#å奵ХݡȤ򣱤ȴФ
for($j=0; $j<@file; $j++){
	$file[$j] =~ s/(.*)\n$/\1/;
	@work = split(/[\s]+/, $file[$j]);
	$key = $work[0];
	if($key eq "main_http_host_port"){
		$cache_IP[$cache_number]	= $work[1];
		$cache_port[$cache_number]	= $work[2];
		$cache_number++;
	}
	elsif($key eq "main_proxy_mode"){
		$svtype 	= $work[1];
	}
	elsif($key eq "wbmc_old_proxy_mode"){
		$svtype_old 	= $work[1];
	}
}


#
#iptables 
#


# öԤ
#system("/sbin/iptables -t nat -F");
#print "/sbin/iptables -F\n";

#wbmc_transparent_start/endεҤƺ
&BinFileDelKeys(*file_iptables,"transparent","PREROUTING");


#  2001.04.16 BossSystem K.K Tsuno [ip_wccp]
# 󤬡Ʃ᷿WCCPפλѤΥޥɤ¹
if($svtype_old == 2){
	system("/sbin/modprobe -r ip_wccp");
	#print "/sbin/modprobe -r ip_wccp\n";
}
#  2001.04.16 BossSystem K.K Tsuno [ip_wccp]

# ̣Τ"Forward(Ʃ᷿L4å)","Forward(Ʃ᷿WCCP)"Τ
if($svtype == 1 || $svtype == 2){


	#iptables¹
	#interscanѤʤȤ
	if($interscanState eq "off"){
		&setIpchains(*transparent,*cache_IP,$cache_port[0]);
	}
	#interscan̥ץΤȤ
	elsif($interscanState eq "high"){
		&setIpchains(*transparent,*cache_IP,$cache_port[0]);

	}
	#interscan̥ץΤȤ
	elsif($interscanState eq "low"){
		&setIpchains(*transparent,*interscanIpaddr,$interscanPort);
	}


	#  2001.04.16 BossSystem K.K Tsuno [ip_wccp]
	# Ʃ᷿WCCPפꤹѤΥޥɤ¹
	if($svtype == 2){
		system("/sbin/modprobe ip_wccp");
		system("/sbin/depmod -a -e");
		#print "/sbin/modprobe ip_wccp\n";
		#print "/sbin/depmod -a -e\n";
	}
	#  2001.04.16 BossSystem K.K Tsuno [ip_wccp]

	#system("/sbin/iptables-save > /etc/iptables.rules");
	#print "/sbin/iptables-save > /etc/iptables.rules\n";

	&BinFileAddKeys(*file_iptables,"transparent",*transparent);

}


#(IPTABLES_SAVEν񤭽Ф)
if (!&writeFile($iptables_path, $iptables_path_lock, @file_iptables)) {
        system("echo cannot write $iptables_path");        
	exit(1);
}

#iptables¹
	system("$iptables_path");

exit(0);





#
#̾
#	setIpchains  iptablesԤ
#
#	setIpchains(*transparent,*cache_ip,$portnum)
#
#	*transparent iptablestransparentʬ򵭽
#	*cache_ip  å奵ѤꤷIPɥ쥹
#	$portnum   redirectꤹݡֹ
#
#	ΤȤ 1
#	ԤΤȤ 0

sub setIpchains
{
    local(*transparent,*cache_ip,$portnum) = @_;

push(@transparent,"/sbin/iptables -t nat -I PREROUTING -p tcp -d 127.0.0.1 --dport 80 -j ACCEPT\n");
#system("/sbin/iptables -t nat -I PREROUTING -p tcp -d 127.0.0.1 --dport 80 -j ACCEPT > /dev/null");
#print"/sbin/iptables -A input -j ACCEPT -i lo > /dev/null \n";

#å奵ѤꤷIPɥ쥹ο¹
for($i=0;$i<@cache_ip;$i++){
	#ƱIPǤ˼¹ԤƤʤå
	#check=0:ƱIPʤ  check=1:ƱIP
	$check=0;
	for($j=0;$j < $i;$j++){
		if($cache_ip[$j] eq $cache_ip[$i]){
			$check =1;
		}
	}

	if ($check ==0){
        push(@transparent,"/sbin/iptables -t nat -I PREROUTING -p tcp -d $cache_ip[$i] --dport 80 -j ACCEPT\n");
        #system("/sbin/iptables -t nat -I PREROUTING -p tcp -d $cache_ip[$i] --dport 80 -j ACCEPT > /dev/null");
	#print "/sbin/iptables -A input -j ACCEPT -p tcp -d $cache_ip[$i]  80 > /dev/null \n";
	}
}

push(@transparent,"/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port $portnum\n");
#system("/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port $portnum > /dev/null");
#print "/sbin/iptables -A input -j REDIRECT $portnum -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 80 > /dev/null\n";

}

