#!/bin/bash


dir=$(dirname "$0")
. "$dir"/vif-common.sh

# taken from older vif-common.sh
dev=$vif
dev_=${dev#vif}
domid=${dev_%.*}
devid=${dev_#*.}
domname=$(xm domname $domid)

source /etc/default/snf-network
source /usr/lib/snf-network/common.sh
source $GANETI_NIC_DIR/$domname/$devid

INTERFACE=$dev
INSTANCE=$domname

FROM=FROM${INTERFACE^^}
TO=TO${INTERFACE^^}


try clear_routed_setup_ipv4
try clear_routed_setup_ipv6
try clear_routed_setup_firewall
try clear_ebtables
try clear_nfdhcpd

if [ "$MODE" = "routed" ]; then
  TABLE=$LINK
  ip link set $INTERFACE up
  success
  INDEV=$INTERFACE
  DROPDHCPREQCMD="iptables -A FORWARD -i $INTERFACE -p udp --dport 67 -j DROP"
elif [ "$MODE" = "bridged" ]; then
  ip link set $INTERFACE up
  BRIDGE=$(xenstore_read_default "$XENBUS_PATH/bridge" "$LINK")
  brctl addif $BRIDGE $INTERFACE
  success
  INDEV=$BRIDGE
  try init_ebtables
  # nfdhcpd creates responses with src mac the mac of indec
  INDEV_MAC=$(cat /sys/class/net/$INDEV/address)
  DROPDHCPREQCMD="runlocked $RUNLOCKED_OPTS ebtables -A $FROM -p ipv4 --ip-protocol udp --ip-destination-port 67 -j DROP"
fi


for tag in $NETWORK_TAGS; do
  case $tag in
  $IP_LESS_ROUTED_TAG)
    try routed_setup_ipv4
    try routed_setup_ipv6
    try routed_setup_firewall
  ;;
  $NFDHCPD_TAG)
    # Drop unicast BOOTP/DHCP packets
    $DROPDHCPREQCMD
    try setup_nfdhcpd
  ;;
  $MAC_FILTERED_TAG)
    try setup_ebtables
  ;;
  $MASQ_TAG)
    try setup_masq
  ;;
  esac
done