#!/bin/bash
#   Copyright 2016 Telefónica Investigación y Desarrollo S.A.U.
#
#   Licensed under the Apache License, Version 2.0 (the "License");
#   you may not use this file except in compliance with the License.
#   You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS,
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#   See the License for the specific language governing permissions and
#   limitations under the License.

############
# Functions
############
usage(){
    echo -e "usage: $0 [OPTIONS]"
    echo -e "Install NAT rules for OSM"
    echo -e "  OPTIONS"
    echo -e "     -u:  UI/SO (rift) IP address"
    echo -e "     -r:  RO (openmano) IP address"
    echo -e "     -v:  VCA (juju) IP address"
    echo -e "     -m: MON IP address"
    echo -e "     -h:  show this help"
}

###################
# End of functions
###################

#Check root privileges
[ "$USER" != "root" ] && echo "Needed root privileges (run with sudo)" >&2 && exit 1

HERE=$(realpath $(dirname $0))
OSM_DEVOPS=$(dirname $HERE)
. $OSM_DEVOPS/common/all_funcs

#Get default IP address
. $OSM_DEVOPS/installers/export_ips

UI_IP=$DEFAULT_IP
RO_IP=$DEFAULT_IP
VCA_IP=$DEFAULT_IP
MON_IP=$DEFAULT_IP

#read input options
while getopts ":u:r:v:h-:" o; do
    case "${o}" in
        u)
            export UI_IP="$OPTARG"
            ;;
        r)
            export RO_IP="$OPTARG"
            ;;
        v)
            export VCA_IP="$OPTARG"
            ;;
        h)
            usage && exit 0
            ;;
        -)
            [ "${OPTARG}" == "help" ] && usage && exit 0
            echo -e "Invalid option: '--$OPTARG'\nTry $0 --help for more information" >&2
            exit 1
            ;;
        \?)
            echo -e "Invalid option: '-$OPTARG'\nTry $0 --help for more information" >&2
            exit 1
            ;;
        :)
            echo -e "Option '-$OPTARG' requires an argument\nTry $0 --help for more information" >&2
            exit 1
            ;;
        *)
            usage >&2
            exit -1
            ;;
    esac
done

#############
# NAT port forwarding configuration
#############
echo
echo "*** Configuring iptables rules ***"

awk -v RO_IP="$RO_IP" -v VCA_IP="$VCA_IP" -v UI_IP="$UI_IP" -v openmano_ip="$RO_CONTAINER_IP" -v MON_IP="$MON_IP" -v rift_ip="$SO_CONTAINER_IP" -v juju_ip="$VCA_CONTAINER_IP" '
BEGIN {innat=0; innatpre=0; osmpre=0; donepre=0; innatpost=0; osmpost=0; donepost=0}
/^\*nat/ {
    innat=1;
    print;
    next
}
innat==1 && /\:PREROUTING/ {
    innatpre=1;
    print;
    next;
}
innatpre==1 && /\#Autogenerated by nat_osm/ {
    osmpre=1;
    next;
}
osmpre==1 && /#End autogeneration by nat_osm/ {
    print "#Autogenerated by nat_osm"
    print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip
    print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip
    print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip
    print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8008 -j DNAT --to-destination "rift_ip
    print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8009 -j DNAT --to-destination "rift_ip
    print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 80 -j DNAT --to-destination "rift_ip
    #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip
    #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip
    print "#End autogeneration by nat_osm"
    osmpre=0;
    donepre=1;
    next;
}
osmpre==1 {next;}
innatpre==1 && /\:INPUT/ {
    innatpre=0;
    if (donepre==0) {
        print "#Autogenerated by nat_osm"
        print "-A PREROUTING -d "RO_IP" -p tcp -m tcp --dport 9090 -j DNAT --to-destination "openmano_ip
        print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8000 -j DNAT --to-destination "rift_ip
        print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8443 -j DNAT --to-destination "rift_ip
        print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8008 -j DNAT --to-destination "rift_ip
        print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 8009 -j DNAT --to-destination "rift_ip
        print "-A PREROUTING -d "UI_IP" -p tcp -m tcp --dport 80 -j DNAT --to-destination "rift_ip
        #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 443 -j DNAT --to-destination "juju_ip
        #print "-A PREROUTING -d "VCA_IP" -p tcp -m tcp --dport 17070 -j DNAT --to-destination "juju_ip
        print "#End autogeneration by nat_osm"
        donepre=1;
    }
    print;
    next;
}

innat==1 && /\:OUTPUT/ {
    innatoutput=1;
    print;
    next;
}
innatoutput==1 && /\#Autogenerated by nat_osm/ {
    osmoutput=1;
    next;
}
osmoutput==1 && /#End autogeneration by nat_osm/ {
    print "#Autogenerated by nat_osm"
    print "-A OUTPUT -p tcp -o lo --dport 8009 -j DNAT --to "rift_ip":8009"
    print "-A OUTPUT -p tcp -o lo --dport 8443 -j DNAT --to "rift_ip":8443"
    print "#End autogeneration by nat_osm"
    osmoutput=0;
    doneoutput=1;
    next;
}
osmoutput==1 {next;}
innatoutput==1 && /\:POSTROUTING/ {
    innatoutput=0;
    if (doneoutput==0) {
        print "#Autogenerated by nat_osm"
        print "-A OUTPUT -p tcp -o lo --dport 8009 -j DNAT --to "rift_ip":8009"
        print "-A OUTPUT -p tcp -o lo --dport 8443 -j DNAT --to "rift_ip":8443"
        print "#End autogeneration by nat_osm"
        doneoutput=1;
    }
    innatpost=1;
    print;
    next;
}

innat==1 && /\:POSTROUTING/ {
    innatpost=1;
    print;
    next;
}
innatpost==1 && /\#Autogenerated by nat_osm/ {
    osmpost=1;
    next;
}
osmpost==1 && /#End autogeneration by nat_osm/ {
    print "#Autogenerated by nat_osm"
    print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
    print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8009 -j MASQUERADE"
    print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
    #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
    #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
    print "#End autogeneration by nat_osm"
    osmpost=0;
    donepost=1;
    next;
}
osmpost==1 {next;}
innatpost==1 && /COMMIT/ {
    innatpost=0;
    innat=0;
    if (donepost==0) {
        print "#Autogenerated by nat_osm"
        print "-A POSTROUTING -s "rift_ip"/24 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
        print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8009 -j MASQUERADE"
        print "-A POSTROUTING -s "UI_IP"/32 -d "rift_ip" -p tcp --dport 8443 -j MASQUERADE"
        #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 9090 -d "openmano_ip" -j SNAT --to "UI_IP
        #print "-A POSTROUTING -s "rift_ip" -p tcp -m tcp --dport 17070 -d "juju_ip" -j SNAT --to "UI_IP
        print "#End autogeneration by nat_osm"
        donepost=1;
    }
    print;
    next;
}
{
    print
}
' /etc/iptables/rules.v4 > testfile.tmp && mv testfile.tmp /etc/iptables/rules.v4

service netfilter-persistent restart