#!/bin/sh /etc/rc.common
#
# Copyright (C) 2015 OpenWrt-dist
#
# This is free software, licensed under the GNU General Public License v3.
# See /LICENSE for more information.
#

START=30

CONFIG=miaplus

uci_export_section_name() {
  local ret=$(uci -n export $CONFIG | grep "config $1" | awk '{print $3}' | awk -F\' '{print $2}')
  echo ${ret:=$2}
}
uci_get_by_name() {
	local ret=$(uci get $CONFIG.$1.$2 2>/dev/null)
	echo ${ret:=$3}
}
uci_get_by_type() {
	local index=0
	if [ -n "$4" ]; then
		index=$4
	fi
	local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null)
	echo ${ret:=$3}
}
uci_get_mac_by_template(){
  local ret=""
  for i in $(seq 0 100)
  do
    local enable=$(uci_get_by_type macbind enable '' $i)
    local macaddr=$(uci_get_by_type macbind macaddr '' $i)
    local template=$(uci_get_by_type macbind template '' $i)
    if [ -z $enable ] || [ -z $macaddr ] || [ -z $template ]; then
      break
    fi
    if [ "$enable" == "1" ]; then
      if [ -z "$1" ] || [ "$template" == "$1" ]; then
        if [ "$ret" == "" ]; then
          ret=$macaddr
        else
          ret="$ret $macaddr"
        fi
      fi
    fi
  done
  echo ${ret:=$2}
}

add_rules(){
  local sections=$(uci_export_section_name templates '')
  if [ -n "$sections" ]; then
    for s in $sections
    do
      local enable=$(uci_get_by_name $s enable '' $i)
      local title=$(uci_get_by_name $s title '' $i)
      if [ -z $enable ]; then
        break
      fi
      if [ "$enable" == "1" ]; then
        add_rule $s
      fi
    done
  fi
}
add_rule(){
  ipv6enable=$(uci get miaplus.@basic[0].ipv6enable)
  local macaddrs=$(uci_get_mac_by_template $1 '')
  if [ -z "$macaddrs" ]; then
    exit 0
  fi
  for macaddr in $macaddrs
  do
    iptables -t filter -A MIAPLUS  -m mac --mac-source $macaddr -j DROP
    [ $ipv6enable -eq 1 ] && ip6tables -t filter -A MIAPLUS  -m mac --mac-source $macaddr -j DROP
  done
  for i in $(seq 0 100)
  do
    local enable=$(uci_get_by_type $1 enable '' $i)
    local timeon=$(uci_get_by_type $1 timeon '' $i)
    local timeoff=$(uci_get_by_type $1 timeoff '' $i)
    local z1=$(uci_get_by_type $1 z1 '' $i)
    local z2=$(uci_get_by_type $1 z2 '' $i)
    local z3=$(uci_get_by_type $1 z3 '' $i)
    local z4=$(uci_get_by_type $1 z4 '' $i)
    local z5=$(uci_get_by_type $1 z5 '' $i)
    local z6=$(uci_get_by_type $1 z6 '' $i)
    local z7=$(uci_get_by_type $1 z7 '' $i)
    [ "$z1" == "1" ] && Z1="Mon,"
    [ "$z2" == "1" ] && Z2="Tue,"
    [ "$z3" == "1" ] && Z3="Wed,"
    [ "$z4" == "1" ] && Z4="Thu,"
    [ "$z5" == "1" ] && Z5="Fri,"
    [ "$z6" == "1" ] && Z6="Sat,"
    [ "$z7" == "1" ] && Z7="Sun"

    if [ -z $enable ] || [ -z $timeoff ] || [ -z $timeon ]; then
      break
    fi
    if [ "$enable" == "1" ]; then
      for macaddr in $macaddrs
      do
        iptables -t filter -I MIAPLUS  -m mac --mac-source $macaddr -m time --kerneltz --timestart $timeon --timestop $timeoff --weekdays $Z1$Z2$Z3$Z4$Z5$Z6$Z7 -j ACCEPT
        [ $ipv6enable -eq 1 ] && ip6tables -t filter -I MIAPLUS  -m mac --mac-source $macaddr -m time --kerneltz --timestart $timeon --timestop $timeoff --weekdays $Z1$Z2$Z3$Z4$Z5$Z6$Z7 -j ACCEPT
      done
    fi
    for n in $(seq 1 7)
    do
      unset "Z$n"
    done
  done
}

del_rule(){
	type=$1
	blackMacAdd=$(iptables -t nat -L $type | grep -w RETURN | grep -w "MAC" | awk '{print $7}')
	[ -n "$blackMacAdd" ] && {
		for macaddrb in $blackMacAdd
		do
			iptables -t nat -D $type -m mac --mac-source $macaddrb -j RETURN
		done
	}
}

start(){
  stop
	enable=$(uci get miaplus.@basic[0].enable)
	[ $enable -eq 0 ] && exit 0
  iptables -t filter -N MIAPLUS
  iptables -I INPUT -p udp --dport 53 -m comment --comment "Rule For Control" -j MIAPLUS
  iptables -I INPUT -p tcp --dport 53 -m comment --comment "Rule For Control" -j MIAPLUS
  iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "Rule For Control"
  iptables -t nat -A PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "Rule For Control"
  strict=$(uci get miaplus.@basic[0].strict)
  [ $strict -eq 1 ] && iptables -t filter -I FORWARD -m comment --comment "Rule For Control" -j MIAPLUS

  ipv6enable=$(uci get miaplus.@basic[0].ipv6enable)
  if [ "$ipv6enable" -eq 1 ]; then
    ip6tables -t filter -N MIAPLUS
    ip6tables -I INPUT -p udp --dport 53 -m comment --comment "Rule For Control" -j MIAPLUS
    ip6tables -I INPUT -p tcp --dport 53 -m comment --comment "Rule For Control" -j MIAPLUS
    ip6tables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "Rule For Control"
    ip6tables -t nat -A PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "Rule For Control"
    [ $strict -eq 1 ] && ip6tables -t filter -I FORWARD -m comment --comment "Rule For Control" -j MIAPLUS
  fi
  add_rules
}
stop(){
  iptables -t filter -D FORWARD -m comment --comment "Rule For Control" -j MIAPLUS 2>/dev/null
  iptables -D INPUT -p udp --dport 53 -m comment --comment "Rule For Control" -j MIAPLUS 2>/dev/null
  iptables -D INPUT -p tcp --dport 53 -m comment --comment "Rule For Control" -j MIAPLUS 2>/dev/null
  iptables -t nat -D PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "Rule For Control" 2>/dev/null
  iptables -t nat -D PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "Rule For Control" 2>/dev/null
  iptables -t filter -F MIAPLUS 2>/dev/null
  iptables -t filter -X MIAPLUS 2>/dev/null

  notfound=$(type ip6tables | grep not)
  if [ -z "$notfound" ]; then
    ip6tables -t filter -D FORWARD -m comment --comment "Rule For Control" -j MIAPLUS 2>/dev/null
    ip6tables -D INPUT -p udp --dport 53 -m comment --comment "Rule For Control" -j MIAPLUS 2>/dev/null
    ip6tables -D INPUT -p tcp --dport 53 -m comment --comment "Rule For Control" -j MIAPLUS 2>/dev/null
    ip6tables -t nat -D PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "Rule For Control" 2>/dev/null
    ip6tables -t nat -D PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 -m comment --comment "Rule For Control" 2>/dev/null
    ip6tables -t filter -F MIAPLUS 2>/dev/null
    ip6tables -t filter -X MIAPLUS 2>/dev/null
  fi
}
