#!/bin/sh

. ../common/ajax_common


if [ "${PALANG}" = "en" ]; then
	LANG_001="There is a VPN line on the line, please delete the VPN line first!"	#·VPN·ɾVPN·!
	LANG_002="Error"	#ʧ
	LANG_003="Total"	#ܹ
	LANG_004="It is possible that the line is in use and cannot be deleted."	#·ʹУ޷ɾ
	LANG_005="Success"	#ɹ
	LANG_006="Set_Virtual_Interface"	#༭·
	LANG_007="Add_Virtual_Interface"	#·
	LANG_008="Set_PPPOE_SERVER"			#PPPOE
	LANG_009="Add_LAN"					#LAN·
	LANG_010="num"	#
	LANG_011="."	#
	LANG_012="fail"	#ʧ
	LANG_013="ok"	#ɹ
	LANG_014="Add_Static_Interface"			#Ӿ̬IP·
	LANG_015="Add_DHCP_Interface"			#DHCP·
	LANG_016="INV_FILE"						#ѡPPPOE˺ļ
	LANG_017="ADD_PPPOE_Interface"			#PPPOE·
	LANG_018="Delete_Virtual_Interface"		#ɾ·
	LANG_019="Reload_Virtual_Interface"		#ֶز·
	LANG_020="Enable_Virtual_Interface"		#·
	LANG_021="Disable_Virtual_Interface"	#·
	LANG_022="Enable_Virtual_Interface"		#·
	LANG_023="Disabe_Virtual_Interface"		#·
	LANG_024="Delete_Virtual_Interface"		#ɾ·
	LANG_025="Set_Virtual_Interface"		#༭·
	LANG_026="Import_Virtual_Interface"		#·
	LANG_027="Import Success"	#ɹ
	LANG_028="num"				#
	LANG_029="Only one line can be added to the vMGT"	#vMGTֻһ·
fi


PROXY_DESC=${PGETC}/remark/remark_list.conf
VMGT_CONF="${PGETC}/web/vmgt.conf"
WEBUI_CTRL="${RAMDISK}/app/webui/appctrl"


desc_list()
{
	if [ ! -f "${PROXY_DESC}" ]; then
		printf "{}"
		return
	fi

	awk \
	'BEGIN{
		dot = "";
		printf "{";
	}{
		printf "%s\"%s\":\"%s\"", dot, $1, $2;
		if(dot == "") dot = ",";
	}END{
		printf "}";
	}' ${PROXY_DESC}
}


ifstat_list()
{
	${FLOWEYE} if list | awk \
	'BEGIN{
		dot = "";
		printf "{";
	}{
		printf "%s\"%s\":\"%s\"", dot, $1, $4;
		if(dot == "") dot = ",";
	}END{
		printf "}";
	}'
}


proxy_list()
{
	printf  "{"
	printf "\"proxy\":[`${FLOWEYE} nat listproxy type=${CGI_type} json=1 group=${CGI_group}`]"
	printf ",\"desc\":`desc_list`"
	printf ",\"ifstat\":`ifstat_list`"
	printf "}"
}


list_nat_ippool()
{
	[ "${CGI_proxy}" = "" ] && retjson 1 "NO_PROXY"

	${FLOWEYE} nat getproxy name=${CGI_proxy} getnatpool=1 | awk \
	'BEGIN{
		dot="";
		printf "[";
	}{
        if (group != "" && $4 != group) next;
    
		printf "%s{", dot;
		printf "\"ip\":\"%s\",", $1;
		printf "\"dead\":\"%s\",", $2;
		printf "\"hits\":%d,", $3;
		printf "\"delay\":\"%s\"", $4;
		printf "}";
		if(dot == "") dot=","
	}END{
		printf "]";
	}'
}


get_proxy_info()
{	
	if [ "${CGI_name}" != "" ]; then
		pxy_name="${CGI_name}"
		CGI_id="${CGI_name}"
	else
		pxy_name="`${FLOWEYE} nat getproxy ${CGI_id} | grep "^name=" | cut -d"=" -f2`"
	fi
	
	desc="`awk -v name="${pxy_name}" '{if($1 == name) print $2}' ${PROXY_DESC}`"
	desc="`echo ${desc} | sed -r 's/\%20/ /g'`"

	printf "{"
	printf "\"desc\":\"${desc}\""

	${FLOWEYE} nat getproxy ${CGI_id} | awk -F"=" \
	'{
		if($1 == "dhcp_option") {
			# dhcp_option=60,str,33
			# dhcp_option=61,hex,22
			split($2, t, ",");
			$1 = $1 "_" t[1];
		}

		gsub(/%/, "%%", $2);

		printf ",\"%s\":\"%s\"", $1, $2;
	}'
	
	printf "}"
}


set_vmgt_conf()
{
	mkdir -p "${PGETC}/web"

	if [ "${CGI_action}" = "proxy_add" ]; then
		num=`${FLOWEYE} nat listproxy | awk \
		'BEGIN{
			find=0
		}{
			if($5 == "vMGT" || $5 == "vMGT0") find=1
		} END {
			print find
		}'`
		[ ${num} -eq 1 ] && retjson 1 "vMGTֻһ·"
	fi

	echo "vmgt_ip=${CGI_vmgt_ip}" > ${VMGT_CONF}
	echo "vmgt_mask=${CGI_vmgt_mask}" >> ${VMGT_CONF}
	echo "vmgt_lanip=${CGI_addr}" >> ${VMGT_CONF}
	echo "vmgt_cloudip=${CGI_vmgt_cloudip}" >> ${VMGT_CONF}

	# 汾vMGT
	sendto_webui_pipe cact_vmgt
}


load_vmgt_conf()
{
	if [ ! -f "${VMGT_CONF}" ]; then
		printf "{}"
		return
	fi

	awk -F"=" \
	'BEGIN{
		dot = "";
		printf "{";
	}{
		printf "%s\"%s\":\"%s\"", dot, $1, $2;
		if(dot == "") dot = ",";
	}END{
		printf "}";
	}' ${VMGT_CONF}
}


get_nat_stat()
{
	${FLOWEYE} nat stat | awk -F "=" \
	'BEGIN{
		dot = "";
		printf "{";	
	}{
		printf "%s\"%s\":\"%s\"", dot, $1, $2;
		if(dot == "") dot = ",";
	}END{
		printf "}";
	}'
}


get_ipsec_stat()
{
	${FLOWEYE} ipsecwan list encr=1 | awk \
	'BEGIN{
		dot = "";
		printf "{\"encr\":[";
	}{
		if(NR < 3) next;
		printf "%s\"%s\"", dot, $3;
		if(dot == "") dot = ",";
	}END{
		printf "]";
	}'

	${FLOWEYE} ipsecwan list prf=1 | awk \
	'BEGIN{
		dot = "";
		printf ",\"prf\":[";
	}{
		if(NR < 3) next;
		printf "%s\"%s\"", dot, $2;
		if(dot == "") dot = ",";
	}END{
		printf "]";
	}'

	${FLOWEYE} ipsecwan list auth=1 | awk \
	'BEGIN{
		dot = "";
		printf ",\"auth\":[";
	}{
		if(NR < 3) next;
		printf "%s\"%s\"", dot, $2;
		if(dot == "") dot = ",";
	}END{
		printf "]";
	}'

	${FLOWEYE} ipsecwan list dh=1 | awk \
	'BEGIN{
		dot = "";
		printf ",\"dh\":[";
	}{
		if(NR < 3) next;

		#ʱ
		if($2 == "Group18(MODP-8192)") next;

		printf "%s\"%s\"", dot, $2;
		if(dot == "") dot = ",";
	}END{
		printf "]}";
	}'
}


load_addproxy_env()
{
	. ../common/ajax_object_lib

	pxypool_size=`${FLOWEYE} nat stat | grep natflow_proxystat | cut -d"=" -f2 | cut -d'/' -f2 | cut -d'[' -f1`

	printf "{"
	printf "\"wan\":`lib_proxy_list proxy.pppoe.dhcpwan.proxy6.dhcpwan6`"
	printf ",\"lan\":`lib_proxy_list lan`"
	printf ",\"radius_list\":`lib_radsvr_list`"
	printf ",\"ippool_list\":`lib_ippool_list`"
    printf ",\"interface_list\":`lib_interface_list`"
	printf ",\"vmgt\":`load_vmgt_conf`"
	printf ",\"ipsec\":`get_ipsec_stat`"
	printf ",\"natstat\":`get_nat_stat`"
	printf ",\"pxypool_size\":\"${pxypool_size}\""

	if [ "${CGI_id}" != "" ]; then
		printf ",\"proxy\":`get_proxy_info`"
	fi

	printf "}"
}


proxy_add()
{
	ping_disable=0

	[ "${CGI_newname}" = "" ] && retjson 1 "INV_NAME"

	if [ "${CGI_mtu}" = "" ]; then
		[ "${CGI_type}" = "pppoe" ] && CGI_mtu=1460
		[ "${CGI_type}" = "grelan" -o "${CGI_type}" = "grewan" ] && CGI_mtu=1460
		[ "${CGI_type}" = "l2tpwan" -o "${CGI_type}" = "iwan" ] && CGI_mtu=1420
	fi

	if [ "${CGI_action}" = "proxy_edit" ]; then
		action="set"
		pxyid=$((${CGI_linkid} - 4)) #ռ1-4
		LOGMSG="${LANG_006:=༭·}"
		RETMSG="${LANG_005:=ɹ}"
		cmdargs="name=${CGI_name} newname=${CGI_newname} ifname=${CGI_ifname}"
	else
		action="add"
		LOGMSG="${LANG_007:=·}"
		RETMSG="${LANG_005:=ɹ}"
		cmdargs="name=${CGI_newname} ifname=${CGI_ifname}"
	fi

	[ "${CGI_vlan}"     = "" ] && CGI_vlan="0"
	[ "${CGI_vlan1}"    = "" ] && CGI_vlan1="0"
	[ "${CGI_pingip}"   = "" ] && CGI_pingip="0.0.0.0"
	[ "${CGI_pingip2}"  = "" ] && CGI_pingip2="0.0.0.0"
	[ "${CGI_maxdelay}"  = "" ] && CGI_maxdelay="0"
	[ "${CGI_clonemac}" = "" ] && CGI_clonemac="00:00:00:00:00:00"
	[ "${CGI_ping_disable}" = "on" ] && ping_disable=1

	cmdargs="${cmdargs} mtu=${CGI_mtu} ping_disable=${ping_disable} pingip=${CGI_pingip} pingip2=${CGI_pingip2} maxdelay=${CGI_maxdelay}"

	case "${CGI_type}" in
	"rtif")
		[ "${CGI_ifname}" = "vMGT" ] && set_vmgt_conf
		[ "${CGI_ifname}" = "vMGT0" ] && set_vmgt_conf
		[ "${CGI_mode}" = "standby" ] && standby="${CGI_standby}" || standby="NULL"
		cmdargs="${cmdargs} vlan=${CGI_vlan} mtu=${CGI_mtu} clonemac=${CGI_clonemac} standby=${standby}"
		cmdargs="nat ${action}rtif ${cmdargs} addr=${CGI_addr} mask=${CGI_netmask}"
		;;

	"rtif6")
		cmdargs="${cmdargs} vlan=${CGI_vlan} mtu=${CGI_mtu} clonemac=${CGI_clonemac} dhcp_enable=${CGI_dhcp_enable}" 
		cmdargs="nat ${action}rtif6 ${cmdargs} addr=${CGI_addr} mask=${CGI_netmask} ${cmdargs} ra_enable=${CGI_ra_enable}"
		[ "${CGI_ra_vlan}" != "" ] && cmdargs="${cmdargs} ra_vlan=${CGI_ra_vlan}"
		[ "${CGI_dns0}" != "" ] && cmdargs="${cmdargs} dns0=${CGI_dns0}"
		[ "${CGI_dns1}" != "" ] && cmdargs="${cmdargs} dns1=${CGI_dns1}"
		[ "${CGI_action}" != "proxy_edit" -a "${CGI_pdpxy}" = "NULL" ] && CGI_pdpxy=""
		if [ "${CGI_pdpxy}" != "" ]; then
			cmdargs="${cmdargs} pdpxy=${CGI_pdpxy}"
			[ "${CGI_subprefix}" != "" ] && cmdargs="${cmdargs} subprefix=${CGI_subprefix}"
			[ "${CGI_sublen}" != "" ] && cmdargs="${cmdargs} sublen=${CGI_sublen}"
		fi
		cmdargs="${cmdargs} dhcp_start=${CGI_dhcp_start} dhcp_end=${CGI_dhcp_end}"
		;;

	"vrif"|"vrif6")
		[ "${CGI_vrrp_preempt}" = "on" ] && preempt=1 || preempt=0
		[ "${CGI_type}" = "vrif" ] && action="${action}vrif" || action="${action}vrif6"
		cmdargs="${cmdargs} vlan=${CGI_vlan} mtu=${CGI_mtu}"
		cmdargs="nat ${action} ${cmdargs} addr=${CGI_addr} mask=${CGI_netmask} priority=${CGI_vrrp_priority} preempt=${preempt} vrid=${CGI_vrrp_vrid}"
		;;

	"grelan")
		[ "${CGI_peer_addr}" = "" ] && retjson 1 "INV_PEER_ADDR"
		[ "${CGI_keepalive}" = "" ] && CGI_keepalive=15
		[ "${CGI_keyon}" = "on" ] && CGI_keyon=1 || CGI_keyon=0
		cmdargs="nat ${action}grelan ${cmdargs} my_addr=${CGI_my_addr} peer_addr=${CGI_peer_addr}  keepalive=${CGI_keepalive}"
		cmdargs="${cmdargs} nexthop=${CGI_nexthop} checksum=${CGI_checksum} keyon=${CGI_keyon} key=${CGI_key}"
		[ "${CGI_mss}" != "0" ] && cmdargs="${cmdargs} mss=${CGI_mss}"
		;;

	"proxy6")
		cmdargs="nat ${action}proxy6 ${cmdargs} addr=${CGI_addr} gateway=${CGI_gateway}"
		cmdargs="${cmdargs} vlan=${CGI_vlan} vlan1=${CGI_vlan1} gwpxy=${CGI_gwpxy} clonemac=${CGI_clonemac}"
		[ "${CGI_dnsaddr}" != "" ] && cmdargs="${cmdargs} dns=${CGI_dnsaddr} dnspxy=${CGI_dnspxy}"
		;;

	"proxy")
		[ "${CGI_natip}" = "" ] && CGI_natip="0.0.0.0"

		cmdargs="nat ${action}proxy ${cmdargs} addr=${CGI_addr} gateway=${CGI_gateway}"
		cmdargs="${cmdargs} dns=${CGI_dnsaddr} vlan=${CGI_vlan} vlan1=${CGI_vlan1} clonemac=${CGI_clonemac}"
		cmdargs="${cmdargs} natip=${CGI_natip} gwpxy=${CGI_gwpxy} dnspxy=${CGI_dnspxy}"
		;;

	"dhcpwan")
		if [ "${CGI_action}" = "proxy_edit" ]; then
			for opt in `${FLOWEYE} nat getproxy ${CGI_name} | grep dhcp_option | cut -d"=" -f2 | cut -d"," -f1`
			do
				${FLOWEYE} nat setdhcpwan name=${CGI_name} dhcp_option=${opt},NULL
				sync_floweye "nat setdhcpwan name=${CGI_name} dhcp_option=${opt},NULL"
			done
		fi

		cmdargs="nat ${action}dhcpwan ${cmdargs} vlan=${CGI_vlan} vlan1=${CGI_vlan1} clonemac=${CGI_clonemac} dnspxy=${CGI_dnspxy}"
		for opt in `echo ${CGI_dhcpwan_option_list} | tr ";" " "`
		do
			cmdargs="${cmdargs} dhcp_option=${opt}"
		done
		;;

	"dhcpwan6")
		cmdargs="nat ${action}dhcpwan6 ${cmdargs} vlan=${CGI_vlan} vlan1=${CGI_vlan1} clonemac=${CGI_clonemac} dnspxy=${CGI_dnspxy}"
		;;

	"pppoe")
		[ "${CGI_waitime}" = "" ] && CGI_waitime=5
		[ "${CGI_acname}"  = "" ] && CGI_acname="NULL"
		[ "${CGI_svcname}" = "" ] && CGI_svcname="NULL"

		cmdargs="nat ${action}pppoe ${cmdargs} username=${CGI_username} password=${CGI_password} waitime=${CGI_waitime} ipv6=${CGI_ipv6en}"
		cmdargs="${cmdargs} vlan=${CGI_vlan} vlan1=${CGI_vlan1} clonemac=${CGI_clonemac} acname=${CGI_acname} svcname=${CGI_svcname}"
		cmdargs="${cmdargs} dnspxy=${CGI_dnspxy}"
		;;

	"grewan")
		[ "${CGI_peer_addr}" = "" ] && retjson 1 "INV_PEER_ADDR"
		[ "${CGI_keepalive}" = "" ] && CGI_keepalive=15
		[ "${CGI_keyon}" = "on" ] && CGI_keyon=1 || CGI_keyon=0
		cmdargs="nat ${action}grewan ${cmdargs}  my_addr=${CGI_my_addr} peer_addr=${CGI_peer_addr} keepalive=${CGI_keepalive}"
		cmdargs="${cmdargs} checksum=${CGI_checksum} keyon=${CGI_keyon} key=${CGI_key}"
		[ "${CGI_mss}" != "0" ] && cmdargs="${cmdargs} mss=${CGI_mss} dnspxy=${CGI_dnspxy}"
		;;

	"l2tpwan")
		[ "${CGI_svrport}" = "" ] && CGI_svrport="1701"
		[ "${CGI_waitime}" = "" ] && CGI_waitime=5
		cmdargs="nat ${action}l2tpwan ${cmdargs} svraddr=${CGI_svraddr} svrport=${CGI_svrport}"
		cmdargs="${cmdargs} username=${CGI_username} password=${CGI_password} waitime=${CGI_waitime} dnspxy=${CGI_dnspxy}"
		;;

	"iwan")
		[ "${CGI_cfgencrypt}" = "on" ] && cfgencrypt="1" || cfgencrypt="0"

		[ "${CGI_svrport}" = "" ] && CGI_svrport="8000"
		cmdargs="nat ${action}iwan ${cmdargs} ipv6=${CGI_ipv6} svraddr=${CGI_svraddr} svrport=${CGI_svrport}"
		cmdargs="${cmdargs} username=${CGI_username} password=${CGI_password} encrypt=${cfgencrypt} srid=${CGI_srid} dnspxy=${CGI_dnspxy} link=${CGI_link}"
		[ "${CGI_pipeid}" != "" ] && cmdargs="${cmdargs} pipe=${CGI_pipeid}.${CGI_pipeidx}"
		[ "${CGI_ifname2}" != "" ] && cmdargs="${cmdargs} ifname2=${CGI_ifname2}"
 
		if [ "${CGI_switch_control}" = "1" ]; then
			cmdargs="${cmdargs} l2vlan=${CGI_brg_l2vlan} brgif=${CGI_brg_if} ifvlan=${CGI_brg_ifvlan}"
		else
			[ "${CGI_action}" = "proxy_edit" ] && cmdargs="${cmdargs} l2vlan=0"
		fi
		;;

	"ipsecwan")
		[ "${CGI_peer_id}" = "" ] && CGI_peer_id=${CGI_peer_addr}

		if [ "${CGI_my_id}" = "" ]; then
			CGI_my_id=`${FLOWEYE} nat getproxy ${CGI_ifname} | grep "^addr=" | cut -d"=" -f2`
			[ "${CGI_my_id}" = "0.0.0.0" ] && retjson 1 "ӿ·״̬ͨȡIPʧܣ뱾ID"
		fi

		cmdargs="${cmdargs} peer_addr=${CGI_peer_addr} my_net=${CGI_my_net} ike_version=${CGI_ike_version} esp_dh=${CGI_esp_dh}"
		cmdargs="${cmdargs} peer_net=${CGI_peer_net} psk=${CGI_psk} ike_encr=${CGI_ike_encr} my_id=${CGI_my_id} peer_id=${CGI_peer_id}"
		cmdargs="${cmdargs} ike_prf=${CGI_ike_prf} ike_auth=${CGI_ike_auth} ike_dh=${CGI_ike_dh} dpd_freq=${CGI_dpd_freq}"
		cmdargs="nat ${action}ipsecwan ${cmdargs} esp_encr=${CGI_esp_encr} esp_auth=${CGI_esp_auth} role=${CGI_role}"

		if [ "${CGI_ike_version}" = "1" ]; then
			cmdargs="${cmdargs} ike_mode=${CGI_ike_mode} ike_live=${CGI_ike_lifetime} esp_live=${CGI_esp_lifetime}"
		fi
		;;

	"posvrif")
		LOGMSG="${LANG_008:=PPPOE}"
		[ "${CGI_action}" = "proxy_add" ] && action="addposvrif name=${CGI_newname}" || action="setposvrif name=${CGI_name} newname=${CGI_newname}"
		cmdargs="nat ${action} ifname=${CGI_ifname} addr=${CGI_addr}"
		cmdargs="${cmdargs} dns0=${CGI_dns0} dns1=${CGI_dns1} vlan=${CGI_vlan} mtu=${CGI_mtu}"
		cmdargs="${cmdargs} service=${CGI_service} auth=${CGI_auth} pool=${CGI_pool} maxclnt=${CGI_maxclnt}"
		cmdargs="${cmdargs} radsvr=${CGI_radsvrid} mactype=${CGI_mactype} macdelay=${CGI_macdelay}"
		cmdargs="${cmdargs} ipv6=${CGI_ipv6} mask6=${CGI_mask6} addr6=${CGI_addr6} v6dns0=${CGI_v6dns0} v6dns1=${CGI_v6dns1}"
		;;

	"srpxy")
		
        if [ "${UNISASE}" = "1" ];then
           cmdargs="nat ${action}srpxy ${cmdargs}"
        else
           [ "${CGI_fromin}" = "on" ] && fromin=1 || fromin=0
		   [ "${CGI_keepalive}" = "on" ] && keepalive=1 || keepalive=0
		   cmdargs="nat ${action}srpxy ${cmdargs} links=${CGI_links} fromin=${fromin} keepalive=${keepalive}"
		   cmdargs="${cmdargs} encrypt=${CGI_encrypt_algo} password=${CGI_encrypt_password}"
        fi

		if [ "${CGI_encrypt_algo}" = "GMT" ];then
			cmdargs="${cmdargs} ike_role=${CGI_ike_role} ike_ttl=${CGI_ike_ttl} ike_retry=${CGI_ike_retry} ike_ph1ttl=${CGI_ike_ph1ttl} ike_ph2ttl=${CGI_ike_ph2ttl}"
		fi
		;;

	*)
		retjson 1 "INV_TYPE"
		;;
		
	esac
	
	errmsg=`${FLOWEYE} ${cmdargs}`

	if [ "$?" != "0" ]; then
		retjson 1 "${LANG_002:=ʧ}:${errmsg}"
	else
		handle_pxy_desc
		sync_floweye "${cmdargs}"
		WEB_LOGGER "${LOGMSG}" "${cmdargs}"
		retjson 0 "${RETMSG}"
	fi
}


handle_pxy_desc()
{
	mkdir -p "${PGETC}/remark"
	
	if [ "${CGI_action}" = "proxy_edit" ]; then
		grep -v "${CGI_name} " ${PROXY_DESC} > ${PROXY_DESC}.bak
		mv ${PROXY_DESC}.bak ${PROXY_DESC}
	fi

	if [ "${CGI_desc}" != "" ]; then
		echo "${CGI_newname} ${CGI_desc}" >> ${PROXY_DESC}
	fi
}


proxy_addm()
{
	ping_disable=0
	[ "${CGI_ping_disable}" = "on" ] && ping_disable=1
	[ "${CGI_add_num}" = "" ] && CGI_add_num=0

	pxypool_size=`${FLOWEYE} nat stat | grep natflow_proxystat | cut -d"=" -f2 | cut -d'/' -f2 | cut -d'[' -f1`
	[ ${CGI_add_num} -gt ${pxypool_size} ] && retjson 1 "${pxypool_size}·"

	succ_cnt=0
	loop_num=0
	natcmd="pingip=${CGI_pingip} pingip2=${CGI_pingip2} ping_disable=${ping_disable}"

	case "${CGI_type}" in
	"rtif")
		natcmd="nat addrtif netmask=${CGI_netmask} mtu=${CGI_mtu} ${natcmd}"

		addr1=`echo ${CGI_addr} | cut -d"." -f1`
		addr2=`echo ${CGI_addr} | cut -d"." -f2`
		addr3=`echo ${CGI_addr} | cut -d"." -f3`
		addr4=`echo ${CGI_addr} | cut -d"." -f4`
		src4=${addr4}

		while [ ${loop_num} -lt ${CGI_add_num} ]
		do
			loop_num=$((${loop_num} + 1))
			addrs="${addr1}.${addr2}.${addr3}.${addr4}"
			addr4=$((${addr4} + ${CGI_ipadd_num}))

			if [ ${addr4} -gt 254 ]; then 
				addr4=${src4}
				addr3=$((${addr3} + 1))
				if [ ${addr3} -gt 254 ]; then 
					addr3=1
					addr2=$(( ${addr2}+1 ))
				fi
			fi

			[ "${addrs}" = "${CGI_gateway}" ] && continue

			errmsg=`${FLOWEYE} ${natcmd} ifname=${CGI_ifname} name=${CGI_name}${loop_num} addr=${addrs} vlan=${CGI_vlan}`

			if [ $? -ne 0 ]; then
				if [ "${errmsg}" != "PXY_EXIST" -o "${CGI_repeat}" != "ignore" ]; then
					retjson 1 "${LANG_012:=ʧ}${errmsg}${LANG_013:=ɹ}${succ_cnt}${LANG_011:=}"
				fi
			else
				succ_cnt=$((${succ_cnt} + 1))
			fi

			[ "${CGI_vlan_add}" = "on" ] && CGI_vlan=$((${CGI_vlan}+1))
		done
		WEB_LOGGER "${LANG_009:=LAN·}" "${LANG_010:=}=${succ_cnt}${LANG_011:=}"
		;;

	"proxy")
		natcmd="nat addproxy gateway=${CGI_gateway} mtu=${CGI_mtu} gwpxy=${CGI_gwpxy} dns=${CGI_dnsaddr} ${natcmd}"

		addr1=`echo ${CGI_addr} | cut -d"." -f1`
		addr2=`echo ${CGI_addr} | cut -d"." -f2`
		addr3=`echo ${CGI_addr} | cut -d"." -f3`
		addr4=`echo ${CGI_addr} | cut -d"." -f4`

		while [ ${loop_num} -lt ${CGI_add_num} ]
		do
			loop_num=$((${loop_num} + 1))
			addrs="${addr1}.${addr2}.${addr3}.${addr4}"
			addr4=$((${addr4}+1))

			if [ ${addr4} -gt 254 ]; then 
				addr4=1
				addr3=$((${addr3}+1))
				if [ ${addr3} -gt 255 ]; then 
					addr3=1
					addr2=$(( ${addr2}+1 ))
				fi
			fi

			[ "${addrs}" = "${CGI_gateway}" ] && continue

			errmsg=`${FLOWEYE} ${natcmd} ifname=${CGI_ifname} name=${CGI_name}${loop_num} addr=${addrs} vlan=${CGI_vlan} vlan1=${CGI_vlan1}`

			if [ $? -ne 0 ]; then
				if [ "${errmsg}" != "PXY_EXIST" -o "${CGI_repeat}" != "ignore" ]; then
					retjson 1 "${LANG_012:=ʧ}${errmsg}${LANG_013:=ɹ}${succ_cnt}${LANG_011:=}"
				fi
			else
				succ_cnt=$((${succ_cnt} + 1))
			fi

			[ "${CGI_vlan_add}" = "on" ] && CGI_vlan=$((${CGI_vlan}+1))
			[ "${CGI_vlan1_add}" = "on" ] && CGI_vlan1=$((${CGI_vlan1}+1))
		done
		WEB_LOGGER "LANG_014:=Ӿ̬IP·}" "${LANG_010:=}=${succ_cnt}${LANG_011:=}"
		;;

	"dhcpwan")
		natcmd="nat adddhcpwan ${natcmd} mtu=${CGI_mtu}"

		while [ ${loop_num} -lt ${CGI_add_num} ]
		do
			loop_num=$((${loop_num} + 1))

			errmsg=`${FLOWEYE} ${natcmd} ifname=${CGI_ifname} name=${CGI_name}${loop_num} vlan=${CGI_vlan} vlan1=${CGI_vlan1}`
			if [ $? -ne 0 ]; then
				if [ "${errmsg}" != "PXY_EXIST" -o "${CGI_repeat}" != "ignore" ]; then
					retjson 1 "${LANG_012:=ʧ}${errmsg}${LANG_013:=ɹ}${succ_cnt}${LANG_011:=}"
				fi
			else
				succ_cnt=$((${succ_cnt} + 1))
			fi
			
			[ "${CGI_vlan_add}" = "on" ] && CGI_vlan=$((${CGI_vlan}+1))
			[ "${CGI_vlan1_add}" = "on" ] && CGI_vlan1=$((${CGI_vlan1}+1))
		done
		WEB_LOGGER "${LANG_015:=DHCP·}" "${LANG_010:=}=${succ_cnt}${LANG_011:=}"
		;;

	"pppoe")
		[ ! -f "${CGI_file}" ] && retjson 1 "${LANG_016:=ѡPPPOE˺ļ}"
		natcmd="nat addpppoe ${natcmd} mtu=${CGI_mtu}"

		while read acct pass f_if f_vlan
		do
			loop_num=$((${loop_num} + 1))
			_vlan1="${CGI_vlan}"
			_vlan2="${CGI_vlan1}"
			_ifname="${CGI_ifname}"
			
			[ "${f_if}" != "" ] && _ifname="${f_if}"

			if [ "${f_vlan}" != "" ]; then
				is_qinq=`echo ${f_vlan} | grep "/"`
				if [ "${is_qinq}" != "" ]; then
					_vlan1="`echo ${f_vlan} | cut -d"/" -f1`"
					_vlan2="`echo ${f_vlan} | cut -d"/" -f2`"
				else
					_vlan1="${f_vlan}"
					_vlan2=0
				fi
			fi

			errmsg=`${FLOWEYE} ${natcmd} ifname=${_ifname} name=${CGI_name}${loop_num} username=${acct} password=${pass} vlan=${_vlan1} vlan1=${_vlan2}`
			if [ $? -ne 0 ]; then
				if [ "${errmsg}" != "PXY_EXIST" -o "${CGI_repeat}" != "ignore" ]; then	
					rm ${CGI_file}
					retjson 1 "${LANG_012:=ʧ}${errmsg}${LANG_013:=ɹ}${succ_cnt}${LANG_011:=}"
				fi
			else
				succ_cnt=$((${succ_cnt} + 1))
			fi
			
			[ "${CGI_vlan_add}" = "on" ] && CGI_vlan=$((${CGI_vlan}+1))
			[ "${CGI_vlan1_add}" = "on" ] && CGI_vlan1=$((${CGI_vlan1}+1))
		done << EOF
`cat ${CGI_file} | tr -d "\r"`
EOF

		WEB_LOGGER "${LANG_017:=PPPOE·}" "${LANG_010:=}=${succ_cnt}${LANG_011:=}"
		rm ${CGI_file}
		;;
	esac

	retjson 0 "${LANG_005:=ɹ}${LANG_010:=}=${succ_cnt}${LANG_011:=}"
}


proxy_editm()
{
	row=0

	cmdargs=""
	[ "${CGI_ifname}" != "" ] && cmdargs="${cmdargs} ifname=${CGI_ifname}"
	[ "${CGI_dnsaddr}" != "" ] && cmdargs="${cmdargs} dns=${CGI_dnsaddr}"
	[ "${CGI_pingip}" != "" ] && cmdargs="${cmdargs} pingip=${CGI_pingip}"
	[ "${CGI_pingip2}" != "" ] && cmdargs="${cmdargs} pingip2=${CGI_pingip2}"
	[ "${CGI_ping_disable}" != "" ] && cmdargs="${cmdargs} ping_disable=${CGI_ping_disable}"
	
	for name in `echo ${CGI_names} | tr "," " "`
	do
		type=`${FLOWEYE} nat getproxy ${name} | grep "^type=" | cut -d"=" -f2`
		errmsg=`${FLOWEYE} nat set${type} name=${name} ${cmdargs}`

		[ $? -ne 0 ] && retjson 1 "${LANG_006:=༭·}->${name}${LANG_012:=ʧ}:${errmsg}"
		row=$((${row}+1))
	done

	WEB_LOGGER "${LANG_025:=༭·}" "${LANG_010:=}=${row}${LANG_011:=}"
	retjson 0 "${LANG_005:=ɹ}${LANG_010:=}=${row}${LANG_011:=}"
}


clear_dnsfail()
{
	init=0

	for pid in `${FLOWEYE} nat listproxy type=wan | cut -d" " -f2`
	do
		${FLOWEYE} nat config cleardns=${pid}
		init=$(($init+1))
	done

	retjson 0 "${LANG_005:=ɹ}${LANG_010:=}=${init}${LANG_011:=}"
}


proxy_remove()
{
	errmsg=`${FLOWEYE} nat rmvproxy ${CGI_id}`

	if [ "$?" != "0" ]; then
		if [ "${errmsg}" = "HAS_CHILDREN" ]; then
			retjson 1 "${LANG_001:=·VPN·ɾVPN·!}"
		else
			retjson 1 "${LANG_002:=ʧ}:${errmsg}"
		fi
	fi

	sync_floweye "nat rmvproxy ${CGI_id}"
	grep -v "${CGI_name} " ${PROXY_DESC} > ${PROXY_DESC}.bak
	mv ${PROXY_DESC}.bak ${PROXY_DESC}
	WEB_LOGGER "${LANG_018:=ɾ·}" "name=${CGI_name}"
	retjson 0 "${LANG_005:=ɹ}"
}


proxy_reload()
{
	errmsg=`${FLOWEYE} nat config redial=${CGI_id}`

	if [ "$?" != "0" ]; then
		retjson 1 "${LANG_002:=ʧ}:${errmsg}"
	fi

	WEB_LOGGER "${LANG_019:=ֶز·}" "name=${CGI_name}"
	retjson 0 "${LANG_005:=ɹ}"
}


proxy_enable()
{
	errmsg=`${FLOWEYE} nat config enableproxy=${CGI_id}`

	if [ "$?" != "0" ]; then
		retjson 1 "${LANG_002:=ʧ}:${errmsg}"
	else
		sync_floweye "nat config enableproxy=${CGI_id}"
		WEB_LOGGER "${LANG_020:=·}" "name=${CGI_name}"
		retjson 0 "${LANG_005:=ɹ}"
	fi
}


proxy_disable()
{
	errmsg=`${FLOWEYE} nat config disableproxy=${CGI_id}`

	if [ "$?" != "0" ]; then
		retjson 1 "${LANG_002:=ʧ}:${errmsg}"
	else
		sync_floweye "nat config disableproxy=${CGI_id}"
		WEB_LOGGER "${LANG_021:=·}" "name=${CGI_name}"
		retjson 0 "${LANG_005:=ɹ}"
	fi
}


bantch_enable()
{
	CGI_items=`echo ${CGI_items} | tr ',' ' '`
	cmdargs=""

	for name in ${CGI_items}
	do
		cmdargs="${cmdargs} enableproxy=${name}"
	done

	errmsg=`${FLOWEYE} nat config ${cmdargs}`

	if [ $? -ne 0 ]; then
		retjson 1 "${errmsg}"
	else
		sync_floweye "nat config ${cmdargs}"
		WEB_LOGGER "${LANG_022:=·}" "${LANG_010:=}=${CGI_num}"
		retjson 0 "${LANG_005:=ɹ}"
	fi
}


bantch_disable()
{
	CGI_items=`echo ${CGI_items} | tr ',' ' '`
	cmdargs=""

	for name in ${CGI_items}
	do
		cmdargs="${cmdargs} disableproxy=${name}"
	done

	errmsg=`${FLOWEYE} nat config ${cmdargs}`

	if [ $? -ne 0 ]; then
		retjson 1 "${errmsg}"
	else
		sync_floweye "nat config ${cmdargs}"
		WEB_LOGGER "${LANG_023:=·}" "${LANG_010:=}=${CGI_num}"
		retjson 0 "${LANG_005:=ɹ}"
	fi
}


bantch_remove()
{
	errcount=0
	allcount=0
	CGI_items=`echo ${CGI_items} | tr ',' ' '`
	for id in ${CGI_items}
	do
		errmsg=`${FLOWEYE} nat rmvproxy ${id}`
		[ "$?" != "0" ] && errcount=$((${errcount}+1))
		allcount=$((${allcount}+1))
		sync_floweye "nat rmvproxy ${id}"
	done

	if [ "${errcount}" != "0" ]; then
		retjson 1 "${LANG_003:=ܹ}${allcount}${LANG_002:=ʧ}${errcount}${LANG_004:=·ʹУ޷ɾ}"
	else
		WEB_LOGGER "${LANG_024:=ɾ·}" "${LANG_010:=}=${CGI_num}"
		retjson 0 "${LANG_005:=ɹ}"
	fi
}


bantch_reload()
{
	cmdargs=""
	CGI_items=`echo ${CGI_items} | tr ',' ' '`
	for name in ${CGI_items}
	do
		cmdargs="${cmdargs} redial=${name}"
	done

	errmsg=`${FLOWEYE} nat config ${cmdargs}`

	WEB_LOGGER "${LANG_0025:=ز·}" "${LANG_010:=}=${CGI_num}"
	retjson 0 "${LANG_005:=ɹ}"
}


add_group()
{
	CGI_items=`echo ${CGI_items} | tr ',' ' '`
	cmdargs=""

	for pxyid in ${CGI_items}
	do
		cmdargs="${cmdargs} pxygrp_${pxyid}=${CGI_group}"
	done

	errmsg=`${FLOWEYE} nat config ${cmdargs}`

	if [ $? -ne 0 ]; then
		retjson 1 "${errmsg}"
	else
		sync_floweye "nat config ${cmdargs}"
		WEB_LOGGER "add_proxy_group" "nat config ${cmdargs}"
		retjson 0 "${LANG_005:=ɹ}"
	fi
}


load_group()
{
	${FLOWEYE} nat config listgroup=1 | awk \
	'BEGIN{
		dot = "";
		printf "[";
	}{
		printf "%s\"%s\"", dot, $1;
		if ( dot == "") dot = ",";
	}END{
		printf "]";
	}'
}


proxy_log_list()
{
	en=0
	[ "${PALANG}" = "en" ] && en=1
	
	end=$((${CGI_limit} * ${CGI_page}))
	start=$((${end} - ${CGI_limit}))

	if [ "${CGI_pxy_id}" != "" ]; then
		pxy_name=`${FLOWEYE} nat getproxy ${CGI_pxy_id} | grep "^name=" | cut -d"=" -f2`
	fi

	${FLOWEYE} syslog list proxy en=${en} | grep "${CGI_keyword}" | awk \
	-v name="${pxy_name}" -v start=${start} -v end=${end} \
	'BEGIN{
		row = 0;
		dot = "";
		printf "{\"data\":[";
	}{
		if(name != "" && $2 != name) next;

		row++;
		if(row > end || row < start) next;
		
		printf "%s{", dot;
		printf "\"time\":\"%s\",", $1;
		printf "\"name\":\"%s\",", $2;
		printf "\"event\":\"%s\"", $3;
		printf "}"
		
		if(dot == "") dot = ",";
	}END{
		printf "],\"total\":\"%s\"}", row;
	}'
}


export_proxy_log()
{
	en=0
	[ "${PALANG}" = "en" ] && en=1
	
	file_name="·־.conf"
    file_path="${WEB_DOWNLOAD}/${file_name}"

    mkdir -p ${WEB_DOWNLOAD}

	if [ "${CGI_pxy_id}" != "" ]; then
		pxy_name=`${FLOWEYE} nat getproxy ${CGI_pxy_id} | grep "^name=" | cut -d"=" -f2`
	fi

	${FLOWEYE} syslog list proxy en=${en} | grep "${CGI_keyword}" | awk \
	-v name="${pxy_name}" \
	'{
		if(name != "" && $2 != name) next;
		print $0;
	}' > ${file_path}

    WEB_LOGGER "·־"
    retjson 0 "OK" "{\"file_name\":\"${file_name}\"}"
}


import_local()
{
	row=1

	while read type name ifname other
	do
		is_name=`echo ${name} | grep "^name="`
		[ "${is_name}" = "" ] && retjson 1 "INV_FILE"

		is_ifname=`echo ${ifname} | grep "^ifname="`
		[ "${is_name}" = "" ] && retjson 1 "INV_FILE"
		
		[ "${type}" = "natproxy" ] && type="proxy"
		[ "${type}" = "pppoeif" ] && type="pppoe"
	
		errmsg=`${FLOWEYE} nat add${type} ${name} ${ifname} ${other}`

		if [ $? -ne 0 ]; then
			if [ "${errmsg}" = "PXY_EXIST" ] ;then
				[ "${CGI_exist}" = "next" ] && continue

				errmsg=`${FLOWEYE} nat set${type} ${name} ${ifname} ${other}`
				[ $? -ne 0 ] && retjson 1 "${row}г${errmsg}"
				
			elif [ "${errmsg}" = "IF_NEXIST" ]; then
				errmsg=`${FLOWEYE} nat add${type} ${name} ifname=${CGI_ifname} ${other}`
				[ $? -ne 0 ] && retjson 1 "${row}г${errmsg}"
				
			else
				retjson 1 "${row}г${errmsg}"
			fi
		fi

		row=$((${row}+1))
	done << EOF
`cat ${CGI_file} | tr -d "\r"`
EOF

	rm ${CGI_file}
	WEB_LOGGER "${LANG_026:=·}" "${LANG_028:=}=${row}"
	retjson 0 "${LANG_027:=ɹ}"
}


import_proxy()
{
	case "${CGI_type}" in
	"local")
		import_local
		;;

	*)
		retjson 1 "UNKNOW_TYPE"
		;;
	esac
}


export_wan()
{
	file_name="pa_wan.conf"
	
	mkdir -p ${WEB_DOWNLOAD}

	awk -v pxyidx_list="${CGI_pxyidx_list}" \
	'BEGIN{
		wan["proxy6"] = 1;
		wan["natproxy"] = 1;
		wan["dhcpwan"] = 1;
		wan["dhcpwan6"] = 1;
		wan["pppoeif"] = 1;
		wan["l2tpwan"] = 1;
		wan["iwan"] = 1;
		wan["grewan"] = 1;
		wan["ipsecwan"] = 1;
		wan["srpxy"] = 1;
	}{
		if( !($1 in wan) )
			next;

		if($1 == "natproxy" && $2 !~ "^name=") # ̬IP͵WAN·
			next;

		if(pxyidx_list == ""){
			print $0;
			next;
		}

		# ύID·Ԥļ idx ֶελ
		for(i = 1; i <= length($0); i++){
			split($i, item, "=");
			if(item[1] == "idx" && match(pxyidx_list, $i",") > 0){
				print $0;
				next;
			}
		}
	}' ${PGETC}/panabit.conf >> ${WEB_DOWNLOAD}/${file_name}

	retjson 0 "OK" "\"${file_name}\""
}


export_lan()
{
	file_name="pa_lan.conf"
	
	mkdir -p ${WEB_DOWNLOAD}

	awk -v pxyidx_list="${CGI_pxyidx_list}" '{
		if($1 != "rtif" && $1 == "rtif6" && $1 == "grelan" && $1 == "vrif" && $1 == "vrif6")
			next;

		if(pxyidx_list == ""){
			print $0;
			next;
		}

		# ύID·Ԥļ idx ֶελ
		for(i = 1; i <= length($0); i++){
			split($i, item, "=");
			if(item[1] == "idx" && match(pxyidx_list, $i",") > 0){
				print $0;
				next;
			}
		}
	}' ${PGETC}/panabit.conf >> ${WEB_DOWNLOAD}/${file_name}

	retjson 0 "OK" "\"${file_name}\""
}


load_curflow_chart()
{
	[ "${CGI_id}" = "" ] && retjson 1 "NO_ID"
	
	name=`${FLOWEYE} nat getproxy ${CGI_id} | grep "^name=" | cut -d"=" -f2`

	printf "["
	printf "`${FLOWEYE} dbifpxy get name=${name} type=in`,"
	printf "`${FLOWEYE} dbifpxy get name=${name} type=out`"
	printf "]"
}


load_hisflow_chart()
{
	tag="tag=pxyinbps_${CGI_id} tag=pxyoutbps_${CGI_id} tag=pxyflow_${CGI_id}"
	hours=24
	tmend=`date +%s`

	chart_dump "${hours}" "${tmend}" "${tag}"
}


get_vrrp_standby()
{
	printf "{"
	printf "\"vrif\":[`${FLOWEYE} nat listproxy type=vrif json=1`]"
	printf ",\"vrif6\":[`${FLOWEYE} nat listproxy type=vrif6 json=1`]"
	printf ",\"vrrp\":"

	${FLOWEYE} vrrpsdby stat | awk -F"=" \
	'BEGIN{
		dot = "";
		printf "{";
	}{
		printf "%s\"%s\":\"%s\"", dot, $1, $2;
		if(dot == "") dot = ",";
	}END{
		printf "}";
	}'

	printf "}"
}


set_vrrp_standby()
{
	[ "${CGI_trackpxy}" = "" ] && CGI_trackpxy="NULL"
	
	errmsg=`${FLOWEYE} vrrpsdby config trackpxy=${CGI_trackpxy}`

	if [ $? -ne 0 ]; then
		retjson 1 "ʧܣ${errmsg}"
	else
		WEB_LOGGER "VRRP" "trackpxy=${CGI_trackpxy}"
		retjson 0 "ɹ"
	fi
}


load_vrrp_standby_log()
{
	${FLOWEYE} vrrpsdby list | sort -nrk1 | awk \
	'BEGIN{
		dot = "";
		printf "[";
	}{
		printf "%s", dot;
		printf "{";
		printf "\"time\":\"%s\",", $1;
		printf "\"event\":\"%s\"", $2;
		printf "}";
		if(dot == "") dot = ",";
	}END{
		printf "]";
	}'
}


case "${CGI_action}" in
	"proxy_list")
		retjson 0 "OK" "`proxy_list`"
		;;

	"list_nat_ippool")
		retjson 0 "OK" "`list_nat_ippool`"
		;;

	"get_proxy_info")
		retjson 0 "OK" "`get_proxy_info`"
		;;

	"proxy_log_list")
		retjson 0 "OK" "`proxy_log_list`"
		;;

	"export_proxy_log")
		action_check
		export_proxy_log
		;;
		
	"load_addproxy_env")
		retjson 0 "OK" "`load_addproxy_env`"
		;;
	
	"proxy_add"|"proxy_copy"|"proxy_edit")
		action_check
		proxy_add
		;;

	"proxy_addm")
		action_check
		proxy_addm
		;;

	"proxy_editm")
		action_check
		proxy_editm
		;;

	"clear_dnsfail")
		action_check
		clear_dnsfail
		;;

	"proxy_remove")
		action_check
		proxy_remove
		;;

	"proxy_reload")
		action_check
		proxy_reload
		;;

	"proxy_enable")
		action_check
		proxy_enable
		;;

	"proxy_disable")
		action_check
		proxy_disable
		;;

	"bantch_enable")
		action_check
		bantch_enable
		;;
	
	"bantch_disable")
		action_check
		bantch_disable
		;;
	
	"bantch_remove")
		action_check
		bantch_remove
		;;
	
	"bantch_reload")
		action_check
		bantch_reload
		;;
	
	"add_group")
		action_check
		add_group
		;;
	
	"load_group")
		retjson 0 "OK" "`load_group`"
		;;

	"import_proxy")
		action_check
		import_proxy
		;;

	"export_wan")
		action_check
		export_wan
		;;

	"export_lan")
		action_check
		export_lan
		;;

	"load_curflow_chart")
		retjson 0 "OK" "`load_curflow_chart`"
		;;

	"load_hisflow_chart")
		retjson 0 "OK" "`load_hisflow_chart`"
		;;

	"get_vrrp_standby")
		retjson 0 "OK" "`get_vrrp_standby`"
		;;
		
	"set_vrrp_standby")
		action_check
		set_vrrp_standby
		;;

	"load_vrrp_standby_log")
		retjson 0 "OK" "`load_vrrp_standby_log`"
		;;
		
	*)
		retjson 1 "UNKNOW_ACTION"
		;;
esac
