jablonka.czprosek.czf

sedlo

Subversion Repositories:
[/] [trunk/] [sedlo] - Rev 4 Go to most recent revision

Compare with Previous - Blame - Download


#!/bin/bash
# author       : Petr Simandl www.simandl.cz
# release date : 07/09/2004 
# name         : sedlo
# description  : dynamic side routing tables tool
# license      : GPL

sl_version="0.0.3pre1-wsh-4"

PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin

sl_nmcnf="sedlo.conf"
sl_sedlocnf="/etc/$sl_nmcnf"
sl_sedlocache="/var/cache/sedlo"

sl_rttab="/etc/iproute2/rt_tables"
sl_rtnmin=110
sl_rtnmax=200

# sl_rule_prio_min - The lowest priority for rules created by
# sedlo. Each configured user has one or more dynamic rules for
# internet routing as specified in the config file.

sl_rule_prio_min=2000

sl_ipnodef="10.0.0.0/8"

slm_unknown="Nezname parametry : "

sl_ipcmd=`which ip`
sl_trcmd=`which tr`
sl_wgetcmd=`which wget`
sl_hnmcmd=`which hostname`
sl_awkcmd=`which awk`
sl_catcmd=`which cat`
sl_grepcmd=`which grep`

if [ -r $sl_sedlocnf ]
  then 
    sl_nop=1  
  else 
  echo "$sl_sedlocnf not found or is not readable"
  exit 1
fi

if [ -w $sl_rttab ]
  then
    sl_nop=1  
  else 
  echo "Can't write to $sl_rttab"
  exit 1
fi

# Read local configuration file
sl_local_conf_murlcfg=`cat $sl_sedlocnf | grep "^mcnf" | head -n 1 | awk '{print $2}'`
sl_local_conf_blackhole=`cat $sl_sedlocnf | grep "^blackhole" | head -n 1 | awk '{print $2}'`
sl_local_conf_me2igw=`awk '/^me2igw/ { print $2 "*" $3 "*" $4 }' < $sl_sedlocnf`
sl_local_conf_myigws=`awk '/^myigw/ { print $2; }' < $sl_sedlocnf`

######################################################################
s_flru()
{
   # Existing rules which were created by sedlo (priority
   # sl_rule_prio_min and above) are deleted. All other rules are
   # preserved.

    [ $scm_info -gt 0 ] && echo "Flushing all rules created by sedlo"
    ip rule ls \
        | awk -F ':' -v PRIO=$sl_rule_prio_min '{ if ($1 == PRIO) { print $2, " prio ", PRIO; PRIO=PRIO+1;} }' \
        | sed -e 's!all!0/0!' \
        | while read RULE; do 
        [ $scm_info -gt 1 ] && echo -n '#'
        ip rule del $RULE;
    done
    
    [ $scm_info -gt 1 ] && echo # new line after ###s

} # s_flru
######################################################################
s_fillrules()
{
s_flru                          # Flush all rules

if [ $scm_info -gt 0 ]; then echo "Creating rules" ; fi

sl_rule_prio=$sl_rule_prio_min # rules should have unique prio - see the iproute manual

# Insert rule for internal traffic
ip ru add from 0/0 to $sl_ipnodef table main prio $sl_rule_prio
sl_rule_prio=$((sl_rule_prio + 1))

# Prepare rules for later processing. Delete comments and format them
# for better parsing.

sl_ips=`awk '/^ip/ {gsub("#.*$", ""); print $2"*"$4"*"$5"*"$6}' < $sl_sedlocache/$sl_nmcnf`

# $sl_ips format: ip_range*igw1*igw2*igw3

default_rule=""
default_igws=`awk '/^default/ { print $2"*"$3"*"$4; }' < $sl_sedlocache/$sl_nmcnf`
[ "x$default_igws" != "x" ] && default_rule="DEFAULT*$default_igws"

# $default_rule format: DEFAULT*igw1name*igw2name*igw3name

this_router="ME2IGW*$sl_local_conf_me2igw"

# $this_router format: THIS_ROUTER*igw1name*igw2name*igw3name

for sl_ip in $this_router $sl_ips $default_rule
do
  sl_ipn=`echo $sl_ip | awk -F '*' '{print $1}'` # Client IP
  sl_ipgws=`echo $sl_ip | awk -F '*' '{print $2,$3,$4}'` # iGW names
  sl_attempt=1                  # Which iGW is assigned (1st, 2nd or 3rd)
  sl_rule_ok=no                 # whether there is a functional iGW for this rule
  for sl_ipgw in $sl_ipgws
  do
    sl_tbl=`ip ro ls ta $sl_ipgw`
    if [ "$sl_tbl x" != " x" ]
      then
        [ $scm_info -gt 1 ] && echo "Creating new rules to send $sl_ipn to table $sl_ipgw (attempt $sl_attempt)";
        case "$sl_ipn" in
            "DEFAULT")
                ip ru add table $sl_ipgw prio $sl_rule_prio ;;
            "ME2IGW")
                ip ru add iif lo table $sl_ipgw prio $sl_rule_prio ;;
            *)
                ip ru add from $sl_ipn table $sl_ipgw prio $sl_rule_prio ;;
        esac
        sl_rule_prio=$((sl_rule_prio + 1))
        sl_rule_ok=yes
        break
      else
        sl_attempt=$((sl_attempt + 1))
    fi
  done
  if [ "x$sl_rule_ok" = "xno" ]; then
      case "$sl_ipn" in
          "DEFAULT")        
              # Despite of there is no default iGW accessible, create
              # a rule for a default iGW. This prevents Internet
              # packets to enter the main table.

              first_igw=`echo $sl_ip|awk -F '*' '{ print $2 }'`
              [ $scm_info -gt 1 ] && echo "Creating new rule to send $sl_ipn to table $first_igw (the last attempt)";
              ip ru add table $first_igw prio $sl_rule_prio
              sl_rule_prio=$((sl_rule_prio + 1))
              ;;
      esac
  fi
  
done

# Flushing the cache is necessary in order to new rules become
# efective.

ip route flush cache

} # s_fillrules
######################################################################
s_filltables()
{
if [ $scm_info -gt 0 ]; then echo "Filling tables" ; fi

sl_igws=`awk '/^igw/ {print $3"*"$2}' < $sl_sedlocache/$sl_nmcnf`
# $sl_igws format: "name*ip_addr" for each iGW

for sl_igw in $sl_igws 
  do
    # iGW name
    sl_igwn=`echo $sl_igw | awk -F '*' '{print $1}'`
    if echo $sl_local_conf_myigws|grep --word-regexp --fixed-strings --quiet $sl_igwn; then

        # This iGW name is listed in local config as myigw. Setup
        # fixed route table.
        
        myigw_ip=`awk "/^myigw[[:space:]]+$sl_igwn/ { print \\$3; }" < $sl_sedlocnf`
        ip ro replace default via $myigw_ip table $sl_igwn
    else

        # Normal iGW - create a default route based on the main route
        # table state.

        # iGW IP with slash is escaped with a backslash 10.51.0.0/16 -> 10.21.0.0\/16
        sl_igwip=`echo $sl_igw | awk -F '*' '{gsub( "/", "\\\\/", $2); print $2}'` 
        # Where to send packets for this iGW (can be "via <ip-addres>" or "dev <dev-name>")
        sl_igwgt=`ip ro ls | awk "/^$sl_igwip/ {print \\$2, \\$3}"` 

        # TODO: Try to find IGW IP in a IP subnet. It allows an iGW to
        # publish their settings, becouse it will be the same
        # regardless # of router's cloud.

        sl_tbl=`ip ro ls ta $sl_igwn`
        if [ "$sl_igwgt x" = " x" ]     # route to igw not found
            then
            if [ $scm_info -gt 1 ]; then echo "Route not found for igw $sl_igwn - leaving table empty" ; fi
            if [ "$sl_tbl x" != " x" ] # if table is not empty, flush it
                then
                ip ro fl ta $sl_igwn 
            fi
        else
            sl_no_default_routes_count=`ip ro ls ta $sl_igwn|grep -c -v '^default'`
            if [ $sl_no_default_routes_count -gt 0 ] # if the table contains other than default routes, flush it
                then
                ip ro fl ta $sl_igwn 
            fi
            ip ro replace default $sl_igwgt table $sl_igwn
            if [ $scm_info -gt 1 ]; then echo "Table filled for igw $sl_igwn" ; fi
        fi
        sl_tbl_new=`ip ro ls ta $sl_igwn`

        # If an iGW state changes from reachable to unreachable or
        # vice versa, rules needs to be rebuilt.

        if [ "x$sl_tbl" = "x" -a "x$sl_tbl_new" != "x" -o \
            "x$sl_tbl" != "x" -a "x$sl_tbl_new" = "x" ]; then
            sl_rules_update_needed=yes
        fi
    fi
  done

} # s_filltables
######################################################################
s_mktables()
{
if [ $scm_info -gt 0 ]; then echo "Creating tables " ; fi
sl_igws=`awk '/^igw/ {print $3}' < $sl_sedlocache/$sl_nmcnf`
sl_cnt="$sl_rtnmax"
for sl_igw in $sl_igws 
  do
    sl_igwrttb=`awk "/$sl_igw/ {print \\$2}" < $sl_rttab` 
    if [ "$sl_igwrttb x" = " x" ] # Table is not present in rttab
      then
        [ $scm_info -gt 1 ] && echo "Creating table for $sl_igw"
        sl_ok="no"
        until [ "$sl_cnt" -eq "$sl_rtnmin" ] || [ "$sl_ok" = "yes" ]
        do
          sl_igwrttb=`awk "/^[^#]*$sl_cnt/ {print \\$1}" < $sl_rttab` 
          if [ "$sl_igwrttb x" = " x" ] # This number is free
            then
              sl_ok="yes"
              echo "$sl_cnt     $sl_igw" >> $sl_rttab 
          fi
          sl_cnt=$(($sl_cnt - 1 ))
        done  
      else
        [ $scm_info -gt 1 ] && echo "Table found for $sl_igw no action taken"
    fi

  done
} # s_mktables
######################################################################
s_getcfg()
{
if [ $scm_info -gt 0 ]; then echo "Getting config" ; fi
if [ $scm_info -gt 1 ]; then echo "Using main config $sl_local_conf_murlcfg" ; fi
if [ $scm_info -gt 1 ]; then echo "Using local config $sl_sedlocnf" ; fi

wget --timeout=10 --tries 1 $sl_local_conf_murlcfg -O "$sl_sedlocache/$sl_nmcnf.main.tmp" -q

if [ -s $sl_sedlocache/$sl_nmcnf.main.tmp ]
  then 
    date > $sl_sedlocache/last_getcnf.txt
    cp $sl_sedlocache/$sl_nmcnf.main.tmp $sl_sedlocache/$sl_nmcnf.main  
    if [ $scm_info -gt 1 ]; then echo "Main config accepted" ; fi
  else

    # Test if there is an old cached config file. This happens when
    # wget is not installed when run first.

    if [ ! -r $sl_sedlocache/$sl_nmcnf.main ]; then
        echo "No cached main config file found ($sl_sedlocache/${sl_nmcnf}.main)"
        exit 1;
    fi

    if [ $scm_info -gt 1 ]; then echo "Main config not accepted - using cached config" ; fi
    echo -n "Main config not found " > $sl_sedlocache/last_getcnf.txt || exit 1
    date >> $sl_sedlocache/last_getcnf.txt  
fi

# Preparing cached config from local and main one.  The ^ip lines form
# local config should have higher priority than the same lines in the
# main config. For ^igw lines, the oposite is true. The default iGW
# (first iGW in the config) should be the same for whole cloud.

echo "# generated file" > $sl_sedlocache/$sl_nmcnf || exit 1
sl_conf_main_first=`ls $sl_sedlocache/$sl_nmcnf.main $sl_sedlocnf`
sl_conf_local_first=`ls $sl_sedlocnf $sl_sedlocache/$sl_nmcnf.main`

#cat $sl_file | grep "^mcnf" | tr ';' '#' | awk '{print $1"\t"$2}' >> $sl_sedlocache/$sl_nmcnf || exit
grep --no-filename --extended-regexp "^(igw|default)" $sl_conf_main_first| tr ';' '#' | awk '{print $1"\t"$2"\t"$3}' >> $sl_sedlocache/$sl_nmcnf || exit 1
grep --no-filename "^ip" $sl_conf_local_first| tr ';' '#' | awk '{print $1"\t"$2"\t"$3"\t"$4"\t"$5"\t"$6}' >> $sl_sedlocache/$sl_nmcnf || exit 1

#cat $sl_sedlocache/$sl_nmcnf | sort | uniq  > $sl_sedlocache/$sl_nmcnf.uniq
#mv $sl_sedlocache/$sl_nmcnf.uniq $sl_sedlocache/$sl_nmcnf
}
######################################################################
s_version()
{
  echo sedlo $sl_version
} # s_version
######################################################################
s_report()
{
  echo "##### SEDLO #####"
  echo "date         : `date`"
  echo "version      : $sl_version"
  echo "local_config : $sl_sedlocnf"
  echo "main_config  : $sl_local_conf_murlcfg"
  echo "last update  : `cat $sl_sedlocache/last_getcnf.txt`"
  echo "##### TABLES #####"
  tables=`awk "/^[^#]/ { if (\\\$1 >= $sl_rtnmin && \\\$1 <= $sl_rtnmax) print \\\$2; }" < $sl_rttab`
  for table in $tables; do
      echo "${table}:"
      ip ro ls table ${table}|awk '{ print "    " $0; }'
  done
  echo "##### RULES #####"
  ip ru ls
} # s_report
######################################################################
sl_lock_filename="/tmp/sedlo.lock"
sl_tmp_lock_filename="/tmp/sedlo.$$"

sl_try_lock()
{
    echo $$ > $sl_tmp_lock_filename 2>/dev/null || {
        echo >&2 "You don't have permission to access `dirname $TEMPFILE`"
        return 1
    }
    ln $sl_tmp_lock_filename $sl_lock_filename 2>/dev/null && {
        rm -f $sl_tmp_lock_filename
        return 0
    }
    rm -f $sl_tmp_lock_filename
    return 1
}

# sl_invalid_lock: returns 0 (success) if the lock file doesn't
# contain valid PID of sedlo process.

sl_invalid_lock()
{
    local pid
    local proc_name
    [ -f $sl_lock_filename ] || return 1 # lock doesn't exist so it
                                         # can't be invalid
    pid=$(< $sl_lock_filename)
    proc_name=$(ps --pid $pid -o comm --no-headers)
    if [ "$proc_name" = "sedlo" ]; then return 1 # the lock is valid
    else return 0               # the lock is invalid
    fi;
}

sl_lock()
{
    trap sl_unlock EXIT

    timeout=10
    while [ $timeout -gt 0 ]; do
        sl_try_lock && break
        [ $timeout -eq 10 -a $scm_info -gt 0 ] && echo "Trying to lock sedlo..."
        sleep 1
        timeout=$((timeout - 1))
    done

    if [ $timeout -eq 0 ]; then
        sl_invalid_lock && rm -f $sl_lock_filename && sl_try_lock && return 0
        echo >&2 "Can't lock $sl_lock_filename."
        echo >&2 "Probably sedlo is already running with PID `< $sl_lock_filename`."
        exit 2
    fi
}

sl_unlock()
{
    if [ -f $sl_lock_filename ]; then 
        [ "`< $sl_lock_filename`" = "$$" ] && rm -f $sl_lock_filename
    fi
    [ -f $sl_tmp_lock_filename ] && rm -f $sl_tmp_lock_filename
}

######################################################################
s_help()
{
cat <<EOF
Pouziti: sedlo [param]
param:
-V         vypise verzi
-help      vypise napovedu
-v         malo upovidany
-vv        hodne upovidany
-quick     Pouze nastavi routovaci tabuly. Necte config a nemeni
           pravidla. Urceno pro caste spousteni z cronu.
-nogetcfg  zajisti ze se nedude znovu nacitat konfigurace a pouzije se
           predchozi z cache
-report    vypise prehled pravidel a tabulek
-flru      odstrani vsechny pravidla
EOF
} # s_help
######################################################################
######################################################################

sl_unknown=""
scm_nogetcfg=0
scm_quick=0
scm_flru=0
scm_info=0

# parsing input parameters
while [ "a$1" != "a" ]
do
  case $1 in
  -V)
    s_version
    exit 0
  ;;
  -h)
    s_help
    exit 0
  ;;
  -report)
    s_report
    exit 0
  ;;
  -flru)
    scm_flru=1
    shift
  ;;
  -help)
    s_help
    exit 0
  ;;
  -nogetcfg)
    scm_nogetcfg=1
    shift
  ;;
  -quick)
    scm_quick=1
    scm_nogetcfg=1
    shift
  ;;
  -v)
    scm_info=1
    shift
  ;;
  -vv)
    scm_info=2
    shift
  ;;
  *)
    sl_unknown="$sl_unknown$1 "
    shift
  esac
done

# printing the list of bad parameters (if there are some)
if [ "a$sl_unknown" != "a" ]
then
  echo "$slm_unknown $sl_unknown"
  s_help
  exit 0
fi

sl_lock

if [ $scm_flru -eq 1 ]
then
  s_flru
  exit
fi

if [ $scm_nogetcfg -eq 0 ]
then
  s_getcfg      
fi

# Test if there is a cached config file (if called with -nogetcfg)
if [ ! -r $sl_sedlocache/$sl_nmcnf ]; then
    echo "No cached config file found ($sl_sedlocache/$sl_nmcnf)"
    exit 1
fi

if [ $scm_quick -eq 1 ]
then
  sl_rules_update_needed=no
  s_filltables
  [ $sl_rules_update_needed = yes ] && s_fillrules
  exit
fi

[ $sl_local_conf_blackhole = "yes" ] && ip route replace blackhole $sl_ipnodef

s_mktables
s_filltables
s_fillrules

exit 0

Powered by WebSVN 2.2.1