#!/bin/sh

. ../common/ajax_common


load_system_interface()
{
    #extport=`${FLOWEYE} netpipe stat | grep extport | cut -d"=" -f2`
    #intport=`${FLOWEYE} netpipe stat | grep intport | cut -d"=" -f2`

    printf "["

    ${FLOWEYE} if list | cut -d" " -f1,3 | while read name zone
    do
        #is_add=`${FLOWEYE} netpipe list node=1 | grep " ${name} "`
        #[ "${is_add}" != "" ] && continue
        #[ "${name}" = "${extport}" ] && continue
        #[ "${name}" = "${intport}" ] && continue

        printf "${dot}{"
        printf "\"name\":\"${name}\""
        printf ",\"zone\":\"${zone}\""
        printf "}"

        [ "${dot}" = "" ] && dot=","
    done

    printf "]"
}


get_netpipe_stat()
{
    ${FLOWEYE} netpipe stat | awk -F"=" \
    'BEGIN{
        dot = "";
        printf "{";
    }{
        printf "%s\"%s\":\"%s\"", dot, $1, $2;
        if(dot == "") dot = ",";
    }END{
        printf "}";
    }'
}


load_netpipe_config()
{
    printf "{"
    printf "\"config\":`get_netpipe_stat`"
    printf ",\"interface\":`load_system_interface`"
    printf "}"
}


set_netpipe_stat()
{
    ${FLOWEYE} if set name=${CGI_extport} mode=1 zone=outside
    ${FLOWEYE} if set name=${CGI_intport} mode=1 zone=inside

    errmsg=`${FLOWEYE} netpipe config enable=${CGI_enable} extport=${CGI_extport} intport=${CGI_intport}`

    [ $? -ne 0 ] && retjson 1 "ɹ:${errmsg}"

    # intport, extport˿ڣ
    ${FLOWEYE} netpipe add acl=1 group=_sysext id=100 app=any dir=both action=permit >/dev/null
    ${FLOWEYE} netpipe add acl=1 group=_sysint id=100 app=any dir=both action=permit >/dev/null

    # ͬ
    sync_floweye "if set name=${CGI_extport} mode=1 zone=outside"
    sync_floweye "if set name=${CGI_intport} mode=1 zone=inside"
    sync_floweye "netpipe config enable=${CGI_enable} extport=${CGI_extport} intport=${CGI_intport}"
    sync_floweye "netpipe add acl=1 group=_sysext id=100 app=any dir=both action=permit"
    sync_floweye "netpipe add acl=1 group=_sysint id=100 app=any dir=both action=permit"

    WEB_LOGGER "" "enable=${CGI_enable} extport=${CGI_extport} intport=${CGI_intport}"
    retjson 0 "ɹ"
}


load_netpipe_list()
{
    local key=$1

    ${FLOWEYE} netpipe list ${key}=1 | awk \
    'BEGIN{
        dot = "";
        printf "[";
    }{
        if(NR == 1){
            for(i = 1; i <= NF; i++){
                tabhead[i] = $i;
            }
            next;
        }

        col = 1;
        printf "%s{", dot;
        printf "\"_\":\"_\"";

        for(i = 1; i <= NF; i++)
            printf ",\"%s\":\"%s\"", tabhead[i], $i;

        printf "}";
        
        if(dot == "") dot = ",";
    }END{
        printf "]";
    }'
}


schdev_list()
{
    printf "{"
    printf "\"node\":`load_netpipe_list node`"
    printf ",\"group\":`load_netpipe_list group`"
    printf "}"
}


schdev_add()
{
    cmdargs="name=${CGI_name} prio=${CGI_prio}"
    cmdargs="${cmdargs} extport=${CGI_extport} intport=${CGI_intport}"
    cmdargs="${cmdargs} enable=${CGI_enable} desc=${CGI_desc}"
   
    if [ "${TAP}" = "1" ]; then
       cmdargs="${cmdargs} icon=${CGI_devicon} test_method=${CGI_test_method} loss_thresh=${CGI_loss_thresh} icmp_thresh=${CGI_icmp_thresh} dns_thresh=${CGI_dns_thresh}"
    fi

    for ext in `echo ${CGI_extport} | tr "," " "`
    do
        ${FLOWEYE} if set name=${ext} mode=0 zone=inside
        sync_floweye "if set name=${ext} mode=0 zone=inside"
    done

    for int in `echo ${CGI_intport} | tr "," " "`
    do
        ${FLOWEYE} if set name=${int} mode=0 zone=outside
        sync_floweye "if set name=${int} mode=0 zone=outside"
    done

    errmsg=`${FLOWEYE} netpipe add node=1 ${cmdargs}`

    if [ $? -ne 0 ]; then
        retjson 1 "ʧ:${errmsg}"
    else
        sync_floweye "netpipe add node=1 ${cmdargs}"
        WEB_LOGGER "豸" "${cmdargs}"
        retjson 0 "ɹ"
    fi

}


schdev_edit()
{
    cmdargs="edit=${CGI_oldname} name=${CGI_name} prio=${CGI_prio}"
    cmdargs="${cmdargs} extport=${CGI_extport} intport=${CGI_intport}"
    cmdargs="${cmdargs} enable=${CGI_enable} desc=${CGI_desc}"

    if [ "${TAP}" = "1" ]; then
       cmdargs="${cmdargs} icon=${CGI_devicon} test_method=${CGI_test_method} loss_thresh=${CGI_loss_thresh} icmp_thresh=${CGI_icmp_thresh} dns_thresh=${CGI_dns_thresh}"
    fi

    for ext in `echo ${CGI_extport} | tr "," " "`
    do
        ${FLOWEYE} if set name=${ext} mode=0 zone=inside
        sync_floweye "if set name=${ext} mode=0 zone=inside"
    done

    for int in `echo ${CGI_intport} | tr "," " "`
    do
        ${FLOWEYE} if set name=${int} mode=0 zone=outside
        sync_floweye "if set name=${int} mode=0 zone=outside"
    done

    errmsg=`${FLOWEYE} netpipe set node=1 ${cmdargs}`

    if [ $? -ne 0 ]; then
        retjson 1 "ʧ:${errmsg}"
    else
        sync_floweye "netpipe set node=1 ${cmdargs}"
        WEB_LOGGER "༭豸" "cmdargs=${cmdargs}"
        retjson 0 "ɹ"
    fi
}


schdev_edit_data(){
    ${FLOWEYE} netpipe get node=1 name=${CGI_name} | awk -F"=" \
    'BEGIN{
        dot = "";
        printf "{";
    }{
        printf "%s\"%s\":\"%s\"", dot, $1, $2;
        if(dot == "") dot = ",";
    }END{
        printf "}";
    }'
}


schdev_bypass()
{
    exist=`${FLOWEYE} netpipe list node=1 | grep "${CGI_name} "`
    [ "${exist}" = "" ] && retjson 1 "豸"

    for item in `${FLOWEYE} netpipe get node=1 name=${CGI_name}`
    do
        eval ${item}
    done

    cmdargs="edit=${name} name=${name} prio=${prio} extport=${extport} intport=${intport} enable=${CGI_enable} desc=${desc}"
    errmsg=`${FLOWEYE} netpipe set node=1 ${cmdargs}`

    if [ $? -ne 0 ]; then
        retjson 1 "ʧ:${errmsg}"
    else
        sync_floweye "netpipe set node=1 ${cmdargs}"
        WEB_LOGGER "Bypass豸" "enable=${CGI_enable}"
        retjson 0 "ɹ"
    fi
}


schdev_rmv()
{
    errmsg=`${FLOWEYE} netpipe remove node=1 name=${CGI_name}`
   
   if [ $? -ne 0 ]; then
        retjson 1 "ʧ:${errmsg}"
    else
        sync_floweye "netpipe remove node=1 name=${CGI_name}"
        WEB_LOGGER "ɾ豸" "name=${CGI_name}"
        retjson 0 "ɹ" 
    fi
}


schdev_btnrmv()
{
    for name in ${CGI_names}
    do
        ${FLOWEYE} netpipe remove node=1 name=${name}
        
        [ $? -ne 0 ] && retjson 1 "ʧ:${errmsg}"

        sync_floweye "netpipe remove node=1 name=${name}"
    done

    WEB_LOGGER "ɾ豸" "${CGI_name}"
    retjson 0 "ɹ"
}


schdev_move()
{
    # set src to 60000
    for item in `${FLOWEYE} netpipe get node=1 name=${CGI_src_dev}`
    do
        eval src_${item}
    done

    cmdargs="edit=${src_name} name=${src_name} prio=60000 extport=${src_extport} intport=${src_intport} enable=${src_enable} desc=${src_desc}"
    ${FLOWEYE} netpipe set node=1 ${cmdargs}
    sync_floweye "netpipe set node=1 ${cmdargs}"

    # set dst to src_prio
    for item in `${FLOWEYE} netpipe get node=1 name=${CGI_dst_dev}`
    do
        eval dst_${item}
    done

    cmdargs="edit=${dst_name} name=${dst_name} prio=${src_prio} extport=${dst_extport} intport=${dst_intport} enable=${dst_enable} desc=${dst_desc}"
    ${FLOWEYE} netpipe set node=1 ${cmdargs}
    sync_floweye "netpipe set node=1 ${cmdargs}"

    # set src to dst_prio
    cmdargs="edit=${src_name} name=${src_name} prio=${dst_prio} extport=${src_extport} intport=${src_intport} enable=${src_enable} desc=${src_desc}"
    ${FLOWEYE} netpipe set node=1 ${cmdargs}
    sync_floweye "netpipe set node=1 ${cmdargs}"

    WEB_LOGGER "豸ȼ" "src=${CGI_src_dev} dst=${CGI_dst_dev}"
    retjson 0 "ɹ"
}


get_policy()
{
    ${FLOWEYE} netpipe get acl=1 group=${CGI_group} id=${CGI_id} | awk -F "=" \
    'BEGIN{
        dot = "";
        printf "{";
    }{
        printf "%s", dot;
        printf "\"%s\":\"%s\"", $1, $2;
        if (dot == "") dot = ",";
    }END{
        printf "}";
    }'
}


load_addpolicy_env()
{
    . ../common/ajax_object_lib

    printf "{"
    printf "\"ippool_list\":`lib_ippool_list`"
    printf ",\"proxy_list\":`lib_proxy_list`"
    printf ",\"plink_list\":`lib_plink_list`"
    printf ",\"wangroup_list\":`lib_wangroup_list`"
    printf ",\"interface_list\":`lib_interface_list`"

    if [ "${CGI_id}" != "" ]; then
        printf ",\"policy\":`get_policy`"
    fi

    printf "}"
}


policy_list()
{
    printf "["

    ${FLOWEYE} netpipe list acl=1 group=${CGI_group} json=1

    printf "]"
}


policy_add()
{
    [ "${CGI_group}" = "" ] && retjson 1 "INV_GROUP"
    if [ "${CGI_action}" = "policy_edit" ]; then
        action="set acl=1 id=${CGI_oldid} newid=${CGI_id} "
    else
        action="add acl=1 id=${CGI_id}"
    fi

    [ "${CGI_inip}" = "" ] && CGI_inip="any"
    [ "${CGI_outip}" = "" ] && CGI_outip="any"
    [ "${CGI_priority}" = "" ] && CGI_priority=0
    [ "${CGI_natip}" = "" ] && CGI_natip="0"
    [ "${CGI_tos}" = "" ] && CGI_tos="0"
    [ "${CGI_priority}" = "" ] && CGI_priority="0"
    [ "${CGI_iprate}" = "" ] && CGI_iprate="0"
    [ "${CGI_hasms}" = "" ] && CGI_hasms="0"
    [ "${CGI_qqcnt}" = "" ] && CGI_qqcnt="0"
    [ "${CGI_appnot}" = "" ] && CGI_appnot="0"
    [ "${CGI_ttl}" = "" -o "${CGI_ttl}" = "0" ] && CGI_ttl="0-255"
    [ "${CGI_matchact}" = "continue" ] && next=1 || next=0

    if [ "${CGI_proto}" != "any" ]; then
        app="${CGI_appid}.${CGI_proto}"
    else
        app="${CGI_appid}"
    fi

    id=${CGI_id}
    [ "${CGI_oldid}" != "" ] && id=${CGI_oldid}
    [ "${CGI_inpxy}" != "" -a "${CGI_inpxy}" != "any" ] && CGI_inif="${CGI_inif}/${CGI_inpxy}"

    cmdargs="${cmdargs} group=${CGI_group} id=${id} newid=${CGI_id} bridge=${CGI_bridge} dir=${CGI_dir} macgid=${CGI_macgid}"
    cmdargs="${cmdargs} inport=${CGI_inport} outport=${CGI_outport} app=${app} inip=${CGI_submit_srcip} outip=${CGI_submit_dstip}"
    cmdargs="${cmdargs} action=${CGI_pact} iprate=${CGI_iprate} next=${next} ifname=${CGI_ifname} inif=${CGI_inif} pktno=${CGI_pktno}"
    cmdargs="${cmdargs} pri=${CGI_priority} natip=${CGI_natip} hasms=${CGI_hasms} qqcnt=${CGI_qqcnt} vlan=${CGI_vlan}"
    cmdargs="${cmdargs} ttl=${CGI_ttl} soid=${CGI_soid} disable=${CGI_disable} appnot=${CGI_appnot}"

    if [ "${CGI_desc}" != "NULL" -o "${CGI_desc}" != "" ]; then
        [ "${PALANG}" = "en" ] && CGI_desc=`echo ${CGI_desc} | sed -r 's/ /\%20/g'`
        cmdargs="${cmdargs} desc=${CGI_desc}"
    fi

    errmsg=`${FLOWEYE} netpipe ${action} ${cmdargs}`

    if [ $? -ne 0 ]; then
        retjson 1 "${LANG001:=ʧ}${errmsg}"
    else
        sync_floweye "netpipe ${action} ${cmdargs}"
        WEB_LOGGER "Ź˲" "action=${CGI_action} ${cmdargs}"
        retjson 0 "ɹ"
    fi
}


policy_rmv()
{
    [ "${CGI_group}" = "" ] && retjson 1 "INV_GROUP"
    [ "${CGI_id}" = "" ] && retjson 1 "INV_ID"

    errmsg=`${FLOWEYE} netpipe remove acl=1 group=${CGI_group} id=${CGI_id}`

    if [ $? -ne 0 ]; then
        retjson 1 "${LANG001:=ʧ}${errmsg}"
    else
        sync_floweye "netpipe remove acl=1 group=${CGI_group} id=${CGI_id}"
        WEB_LOGGER "ɾŹ˲" "group=${CGI_group},id=${CGI_id}"
        retjson 0 "ɹ"
    fi
}


policy_disable()
{
    [ "${CGI_group}" = "" ] && retjson 1 "INV_GROUP"
    [ "${CGI_id}" = "" ] && retjson 1 "INV_ID"

    errmsg=`${FLOWEYE} netpipe set acl=1 deactivate=1 group=${CGI_group} id=${CGI_id} disable=1`

    if [ $? -ne 0 ]; then
        retjson 1 "ʧܣ${errmsg}"
    else
        sync_floweye "policy disable group=${CGI_group} id=${CGI_id} disable=1"
        WEB_LOGGER "Ź˲" "group=${CGI_group},id=${CGI_id}"
        retjson 0 "ɹ"
    fi
}


policy_enable()
{
    [ "${CGI_group}" = "" ] && retjson 1 "INV_GROUP"
    [ "${CGI_id}" = "" ] && retjson 1 "INV_ID"

    errmsg=`${FLOWEYE} netpipe set acl=1 deactivate=1 group=${CGI_group} id=${CGI_id} disable=0`

    if [ $? -ne 0 ]; then
        retjson 1 "ʧܣ${errmsg}"
    else
        sync_floweye "policy disable group=${CGI_group} id=${CGI_id} disable=0"
        WEB_LOGGER "Ź˲" "group=${CGI_group},id=${CGI_id}"
        retjson 0 "ɹ"
    fi
}


policy_btnrmv()
{
    for id in `echo ${CGI_items} | tr ";" " "`
    do
        errmsg=`${FLOWEYE} netpipe remove acl=1 group=${CGI_group} id=${id}`
        [ $? -ne 0 ] && retjson 1 "ʧܣ${errmsg}"
        sync_floweye "policy rmvrule ${CGI_group} ${id}"
    done

    WEB_LOGGER "ɾŹ˲" "group=${CGI_group} ids=${CGI_items}"
	retjson 0 "ɹ"
}


policy_btndisable()
{
    for item in ${CGI_items}
    do
        errmsg=`${FLOWEYE} netpipe set acl=1 deactivate=1 group=${CGI_group} id=${item} disable=1`
        [ $? -ne 0 ] && retjson 1 "ʧܣ${errmsg}"
    done

    WEB_LOGGER "Ź˲" "group=${CGI_group} ids=${CGI_items}"
	retjson 0 "ɹ"
}


policy_btnenable()
{
    for item in ${CGI_items}
    do
        errmsg=`${FLOWEYE} netpipe set acl=1 deactivate=1 group=${CGI_group} id=${item} disable=0`
        [ $? -ne 0 ] && retjson 1 "ʧܣ${errmsg}"
    done

    WEB_LOGGER "Ź˲" "group=${CGI_group}  ids=${CGI_items}"
	retjson 0 "ɹ"
}


load_interface_stat()
{
    ${FLOWEYE} if list | awk \
    'BEGIN{
        dot = "";
        printf "{";
    }{
        printf "%s\"%s\":\"%s\"", dot, $1, $4;
        if(dot == "") dot = ",";
    }END{
        printf "}";
    }'
}


load_canvas_data()
{
    printf "{"
    printf "\"node\":`load_netpipe_list node`"
    printf ",\"group\":`load_netpipe_list group`"
    printf ",\"netpipe\":`get_netpipe_stat`"
    printf ",\"interface\":`load_interface_stat`"
    printf "}"
}




case "${CGI_action}" in

    "load_netpipe_config")
        retjson 0 "OK" "`load_netpipe_config`"
        ;;

    "set_netpipe_stat")
        action_check
        set_netpipe_stat
        ;;

    "load_system_interface")
        retjson 0 "OK" "`load_system_interface`"
        ;;

    "schdev_list")
        retjson 0 "OK" "`schdev_list`"
        ;;

    "schdev_add")
        action_check
        schdev_add
        ;;

    "schdev_edit")
        action_check
        schdev_edit
        ;;

    "schdev_rmv")
        action_check
        schdev_rmv
        ;;

    "schdev_btnrmv")
        action_check
        schdev_btnrmv
        ;;
    
    "schdev_bypass")
        action_check
        schdev_bypass
        ;;

    "schdev_move")
        action_check
        schdev_move
        ;;
        
    "policy_list")
        retjson 0 "OK" "`policy_list`"
        ;;

    "load_addpolicy_env")
        retjson 0 "OK" "`load_addpolicy_env`"
        ;;

    "policy_add"|"policy_edit")
        action_check
        policy_add
        ;;

    "policy_rmv")
        action_check
        policy_rmv
        ;;

    "policy_enable")
        action_check
        policy_enable
        ;;

    "policy_disable")
        action_check
        policy_disable
        ;;

    "policy_btnrmv")
        action_check
        policy_btnrmv
        ;;

    "policy_btndisable")
        action_check
        policy_btndisable
        ;;

    "policy_btnenable")
        action_check
        policy_btnenable
        ;;

    "load_canvas_data")
        retjson 0 "OK" "`load_canvas_data`"
        ;;

    "schdev_edit_data")
        retjson 0 "OK" "`schdev_edit_data`"
        ;;

    *)
        retjson 1 "UNKNOW_ACTION"
        ;;

esac
