sedlo |
Subversion Repositories: |
Compare with Previous - Blame - Download
#!/bin/bash
# author : Petr Simandl www.simandl.cz
# release date : 07/09/2004
# name : sedlo
# description : dynamic side routing tables tool
# license : GPL
sl_version="0.0.3pre1-wsh-4"
PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
sl_nmcnf="sedlo.conf"
sl_sedlocnf="/etc/$sl_nmcnf"
sl_sedlocache="/var/cache/sedlo"
sl_rttab="/etc/iproute2/rt_tables"
sl_rtnmin=110
sl_rtnmax=200
# sl_rule_prio_min - The lowest priority for rules created by
# sedlo. Each configured user has one or more dynamic rules for
# internet routing as specified in the config file.
sl_rule_prio_min=2000
sl_ipnodef="10.0.0.0/8"
slm_unknown="Nezname parametry : "
sl_ipcmd=`which ip`
sl_trcmd=`which tr`
sl_wgetcmd=`which wget`
sl_hnmcmd=`which hostname`
sl_awkcmd=`which awk`
sl_catcmd=`which cat`
sl_grepcmd=`which grep`
if [ -r $sl_sedlocnf ]
then
sl_nop=1
else
echo "$sl_sedlocnf not found or is not readable"
exit 1
fi
if [ -w $sl_rttab ]
then
sl_nop=1
else
echo "Can't write to $sl_rttab"
exit 1
fi
# Read local configuration file
sl_local_conf_murlcfg=`cat $sl_sedlocnf | grep "^mcnf" | head -n 1 | awk '{print $2}'`
sl_local_conf_blackhole=`cat $sl_sedlocnf | grep "^blackhole" | head -n 1 | awk '{print $2}'`
sl_local_conf_me2igw=`awk '/^me2igw/ { print $2 "*" $3 "*" $4 }' < $sl_sedlocnf`
sl_local_conf_myigws=`awk '/^myigw/ { print $2; }' < $sl_sedlocnf`
######################################################################
s_flru()
{
# Existing rules which were created by sedlo (priority
# sl_rule_prio_min and above) are deleted. All other rules are
# preserved.
[ $scm_info -gt 0 ] && echo "Flushing all rules created by sedlo"
ip rule ls \
| awk -F ':' -v PRIO=$sl_rule_prio_min '{ if ($1 == PRIO) { print $2, " prio ", PRIO; PRIO=PRIO+1;} }' \
| sed -e 's!all!0/0!' \
| while read RULE; do
[ $scm_info -gt 1 ] && echo -n '#'
ip rule del $RULE;
done
[ $scm_info -gt 1 ] && echo # new line after ###s
} # s_flru
######################################################################
s_fillrules()
{
s_flru # Flush all rules
if [ $scm_info -gt 0 ]; then echo "Creating rules" ; fi
sl_rule_prio=$sl_rule_prio_min # rules should have unique prio - see the iproute manual
# Insert rule for internal traffic
ip ru add from 0/0 to $sl_ipnodef table main prio $sl_rule_prio
sl_rule_prio=$((sl_rule_prio + 1))
# Prepare rules for later processing. Delete comments and format them
# for better parsing.
sl_ips=`awk '/^ip/ {gsub("#.*$", ""); print $2"*"$4"*"$5"*"$6}' < $sl_sedlocache/$sl_nmcnf`
# $sl_ips format: ip_range*igw1*igw2*igw3
default_rule=""
default_igws=`awk '/^default/ { print $2"*"$3"*"$4; }' < $sl_sedlocache/$sl_nmcnf`
[ "x$default_igws" != "x" ] && default_rule="DEFAULT*$default_igws"
# $default_rule format: DEFAULT*igw1name*igw2name*igw3name
this_router="ME2IGW*$sl_local_conf_me2igw"
# $this_router format: THIS_ROUTER*igw1name*igw2name*igw3name
for sl_ip in $this_router $sl_ips $default_rule
do
sl_ipn=`echo $sl_ip | awk -F '*' '{print $1}'` # Client IP
sl_ipgws=`echo $sl_ip | awk -F '*' '{print $2,$3,$4}'` # iGW names
sl_attempt=1 # Which iGW is assigned (1st, 2nd or 3rd)
sl_rule_ok=no # whether there is a functional iGW for this rule
for sl_ipgw in $sl_ipgws
do
sl_tbl=`ip ro ls ta $sl_ipgw`
if [ "$sl_tbl x" != " x" ]
then
[ $scm_info -gt 1 ] && echo "Creating new rules to send $sl_ipn to table $sl_ipgw (attempt $sl_attempt)";
case "$sl_ipn" in
"DEFAULT")
ip ru add table $sl_ipgw prio $sl_rule_prio ;;
"ME2IGW")
ip ru add iif lo table $sl_ipgw prio $sl_rule_prio ;;
*)
ip ru add from $sl_ipn table $sl_ipgw prio $sl_rule_prio ;;
esac
sl_rule_prio=$((sl_rule_prio + 1))
sl_rule_ok=yes
break
else
sl_attempt=$((sl_attempt + 1))
fi
done
if [ "x$sl_rule_ok" = "xno" ]; then
case "$sl_ipn" in
"DEFAULT")
# Despite of there is no default iGW accessible, create
# a rule for a default iGW. This prevents Internet
# packets to enter the main table.
first_igw=`echo $sl_ip|awk -F '*' '{ print $2 }'`
[ $scm_info -gt 1 ] && echo "Creating new rule to send $sl_ipn to table $first_igw (the last attempt)";
ip ru add table $first_igw prio $sl_rule_prio
sl_rule_prio=$((sl_rule_prio + 1))
;;
esac
fi
done
# Flushing the cache is necessary in order to new rules become
# efective.
ip route flush cache
} # s_fillrules
######################################################################
s_filltables()
{
if [ $scm_info -gt 0 ]; then echo "Filling tables" ; fi
sl_igws=`awk '/^igw/ {print $3"*"$2}' < $sl_sedlocache/$sl_nmcnf`
# $sl_igws format: "name*ip_addr" for each iGW
for sl_igw in $sl_igws
do
# iGW name
sl_igwn=`echo $sl_igw | awk -F '*' '{print $1}'`
if echo $sl_local_conf_myigws|grep --word-regexp --fixed-strings --quiet $sl_igwn; then
# This iGW name is listed in local config as myigw. Setup
# fixed route table.
myigw_ip=`awk "/^myigw[[:space:]]+$sl_igwn/ { print \\$3; }" < $sl_sedlocnf`
ip ro replace default via $myigw_ip table $sl_igwn
else
# Normal iGW - create a default route based on the main route
# table state.
# iGW IP with slash is escaped with a backslash 10.51.0.0/16 -> 10.21.0.0\/16
sl_igwip=`echo $sl_igw | awk -F '*' '{gsub( "/", "\\\\/", $2); print $2}'`
# Where to send packets for this iGW (can be "via <ip-addres>" or "dev <dev-name>")
sl_igwgt=`ip ro ls | awk "/^$sl_igwip/ {print \\$2, \\$3}"`
# TODO: Try to find IGW IP in a IP subnet. It allows an iGW to
# publish their settings, becouse it will be the same
# regardless # of router's cloud.
sl_tbl=`ip ro ls ta $sl_igwn`
if [ "$sl_igwgt x" = " x" ] # route to igw not found
then
if [ $scm_info -gt 1 ]; then echo "Route not found for igw $sl_igwn - leaving table empty" ; fi
if [ "$sl_tbl x" != " x" ] # if table is not empty, flush it
then
ip ro fl ta $sl_igwn
fi
else
sl_no_default_routes_count=`ip ro ls ta $sl_igwn|grep -c -v '^default'`
if [ $sl_no_default_routes_count -gt 0 ] # if the table contains other than default routes, flush it
then
ip ro fl ta $sl_igwn
fi
ip ro replace default $sl_igwgt table $sl_igwn
if [ $scm_info -gt 1 ]; then echo "Table filled for igw $sl_igwn" ; fi
fi
sl_tbl_new=`ip ro ls ta $sl_igwn`
# If an iGW state changes from reachable to unreachable or
# vice versa, rules needs to be rebuilt.
if [ "x$sl_tbl" = "x" -a "x$sl_tbl_new" != "x" -o \
"x$sl_tbl" != "x" -a "x$sl_tbl_new" = "x" ]; then
sl_rules_update_needed=yes
fi
fi
done
} # s_filltables
######################################################################
s_mktables()
{
if [ $scm_info -gt 0 ]; then echo "Creating tables " ; fi
sl_igws=`awk '/^igw/ {print $3}' < $sl_sedlocache/$sl_nmcnf`
sl_cnt="$sl_rtnmax"
for sl_igw in $sl_igws
do
sl_igwrttb=`awk "/$sl_igw/ {print \\$2}" < $sl_rttab`
if [ "$sl_igwrttb x" = " x" ] # Table is not present in rttab
then
[ $scm_info -gt 1 ] && echo "Creating table for $sl_igw"
sl_ok="no"
until [ "$sl_cnt" -eq "$sl_rtnmin" ] || [ "$sl_ok" = "yes" ]
do
sl_igwrttb=`awk "/^[^#]*$sl_cnt/ {print \\$1}" < $sl_rttab`
if [ "$sl_igwrttb x" = " x" ] # This number is free
then
sl_ok="yes"
echo "$sl_cnt $sl_igw" >> $sl_rttab
fi
sl_cnt=$(($sl_cnt - 1 ))
done
else
[ $scm_info -gt 1 ] && echo "Table found for $sl_igw no action taken"
fi
done
} # s_mktables
######################################################################
s_getcfg()
{
if [ $scm_info -gt 0 ]; then echo "Getting config" ; fi
if [ $scm_info -gt 1 ]; then echo "Using main config $sl_local_conf_murlcfg" ; fi
if [ $scm_info -gt 1 ]; then echo "Using local config $sl_sedlocnf" ; fi
wget --timeout=10 --tries 1 $sl_local_conf_murlcfg -O "$sl_sedlocache/$sl_nmcnf.main.tmp" -q
if [ -s $sl_sedlocache/$sl_nmcnf.main.tmp ]
then
date > $sl_sedlocache/last_getcnf.txt
cp $sl_sedlocache/$sl_nmcnf.main.tmp $sl_sedlocache/$sl_nmcnf.main
if [ $scm_info -gt 1 ]; then echo "Main config accepted" ; fi
else
# Test if there is an old cached config file. This happens when
# wget is not installed when run first.
if [ ! -r $sl_sedlocache/$sl_nmcnf.main ]; then
echo "No cached main config file found ($sl_sedlocache/${sl_nmcnf}.main)"
exit 1;
fi
if [ $scm_info -gt 1 ]; then echo "Main config not accepted - using cached config" ; fi
echo -n "Main config not found " > $sl_sedlocache/last_getcnf.txt || exit 1
date >> $sl_sedlocache/last_getcnf.txt
fi
# Preparing cached config from local and main one. The ^ip lines form
# local config should have higher priority than the same lines in the
# main config. For ^igw lines, the oposite is true. The default iGW
# (first iGW in the config) should be the same for whole cloud.
echo "# generated file" > $sl_sedlocache/$sl_nmcnf || exit 1
sl_conf_main_first=`ls $sl_sedlocache/$sl_nmcnf.main $sl_sedlocnf`
sl_conf_local_first=`ls $sl_sedlocnf $sl_sedlocache/$sl_nmcnf.main`
#cat $sl_file | grep "^mcnf" | tr ';' '#' | awk '{print $1"\t"$2}' >> $sl_sedlocache/$sl_nmcnf || exit
grep --no-filename --extended-regexp "^(igw|default)" $sl_conf_main_first| tr ';' '#' | awk '{print $1"\t"$2"\t"$3}' >> $sl_sedlocache/$sl_nmcnf || exit 1
grep --no-filename "^ip" $sl_conf_local_first| tr ';' '#' | awk '{print $1"\t"$2"\t"$3"\t"$4"\t"$5"\t"$6}' >> $sl_sedlocache/$sl_nmcnf || exit 1
#cat $sl_sedlocache/$sl_nmcnf | sort | uniq > $sl_sedlocache/$sl_nmcnf.uniq
#mv $sl_sedlocache/$sl_nmcnf.uniq $sl_sedlocache/$sl_nmcnf
}
######################################################################
s_version()
{
echo sedlo $sl_version
} # s_version
######################################################################
s_report()
{
echo "##### SEDLO #####"
echo "date : `date`"
echo "version : $sl_version"
echo "local_config : $sl_sedlocnf"
echo "main_config : $sl_local_conf_murlcfg"
echo "last update : `cat $sl_sedlocache/last_getcnf.txt`"
echo "##### TABLES #####"
tables=`awk "/^[^#]/ { if (\\\$1 >= $sl_rtnmin && \\\$1 <= $sl_rtnmax) print \\\$2; }" < $sl_rttab`
for table in $tables; do
echo "${table}:"
ip ro ls table ${table}|awk '{ print " " $0; }'
done
echo "##### RULES #####"
ip ru ls
} # s_report
######################################################################
sl_lock_filename="/tmp/sedlo.lock"
sl_tmp_lock_filename="/tmp/sedlo.$$"
sl_try_lock()
{
echo $$ > $sl_tmp_lock_filename 2>/dev/null || {
echo >&2 "You don't have permission to access `dirname $TEMPFILE`"
return 1
}
ln $sl_tmp_lock_filename $sl_lock_filename 2>/dev/null && {
rm -f $sl_tmp_lock_filename
return 0
}
rm -f $sl_tmp_lock_filename
return 1
}
# sl_invalid_lock: returns 0 (success) if the lock file doesn't
# contain valid PID of sedlo process.
sl_invalid_lock()
{
local pid
local proc_name
[ -f $sl_lock_filename ] || return 1 # lock doesn't exist so it
# can't be invalid
pid=$(< $sl_lock_filename)
proc_name=$(ps --pid $pid -o comm --no-headers)
if [ "$proc_name" = "sedlo" ]; then return 1 # the lock is valid
else return 0 # the lock is invalid
fi;
}
sl_lock()
{
trap sl_unlock EXIT
timeout=10
while [ $timeout -gt 0 ]; do
sl_try_lock && break
[ $timeout -eq 10 -a $scm_info -gt 0 ] && echo "Trying to lock sedlo..."
sleep 1
timeout=$((timeout - 1))
done
if [ $timeout -eq 0 ]; then
sl_invalid_lock && rm -f $sl_lock_filename && sl_try_lock && return 0
echo >&2 "Can't lock $sl_lock_filename."
echo >&2 "Probably sedlo is already running with PID `< $sl_lock_filename`."
exit 2
fi
}
sl_unlock()
{
if [ -f $sl_lock_filename ]; then
[ "`< $sl_lock_filename`" = "$$" ] && rm -f $sl_lock_filename
fi
[ -f $sl_tmp_lock_filename ] && rm -f $sl_tmp_lock_filename
}
######################################################################
s_help()
{
cat <<EOF
Pouziti: sedlo [param]
param:
-V vypise verzi
-help vypise napovedu
-v malo upovidany
-vv hodne upovidany
-quick Pouze nastavi routovaci tabuly. Necte config a nemeni
pravidla. Urceno pro caste spousteni z cronu.
-nogetcfg zajisti ze se nedude znovu nacitat konfigurace a pouzije se
predchozi z cache
-report vypise prehled pravidel a tabulek
-flru odstrani vsechny pravidla
EOF
} # s_help
######################################################################
######################################################################
sl_unknown=""
scm_nogetcfg=0
scm_quick=0
scm_flru=0
scm_info=0
# parsing input parameters
while [ "a$1" != "a" ]
do
case $1 in
-V)
s_version
exit 0
;;
-h)
s_help
exit 0
;;
-report)
s_report
exit 0
;;
-flru)
scm_flru=1
shift
;;
-help)
s_help
exit 0
;;
-nogetcfg)
scm_nogetcfg=1
shift
;;
-quick)
scm_quick=1
scm_nogetcfg=1
shift
;;
-v)
scm_info=1
shift
;;
-vv)
scm_info=2
shift
;;
*)
sl_unknown="$sl_unknown$1 "
shift
esac
done
# printing the list of bad parameters (if there are some)
if [ "a$sl_unknown" != "a" ]
then
echo "$slm_unknown $sl_unknown"
s_help
exit 0
fi
sl_lock
if [ $scm_flru -eq 1 ]
then
s_flru
exit
fi
if [ $scm_nogetcfg -eq 0 ]
then
s_getcfg
fi
# Test if there is a cached config file (if called with -nogetcfg)
if [ ! -r $sl_sedlocache/$sl_nmcnf ]; then
echo "No cached config file found ($sl_sedlocache/$sl_nmcnf)"
exit 1
fi
if [ $scm_quick -eq 1 ]
then
sl_rules_update_needed=no
s_filltables
[ $sl_rules_update_needed = yes ] && s_fillrules
exit
fi
[ $sl_local_conf_blackhole = "yes" ] && ip route replace blackhole $sl_ipnodef
s_mktables
s_filltables
s_fillrules
exit 0