#! /usr/bin/lua
--[[

	Part of AREDN -- Used for creating Amateur Radio Emergency Data Networks
	Copyright (C) 2022 Tim Wilkinson
	Original Perl Copyright (C) 2015 Conrad Lara
	See Contributors file for additional contributors

	This program is free software: you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation version 3 of the License.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program.  If not, see <http://www.gnu.org/licenses/>.

	Additional Terms:

	Additional use restrictions exist on the AREDN(TM) trademark and logo.
		See AREDNLicense.txt for more info.

	Attributions to the AREDN Project must be retained in the source code.
	If importing this code into a new or existing project attribution
	to the AREDN project must be added to the source code.

	You must not misrepresent the origin of the material contained within.

	Modified versions must be modified to attribute to the original source
	and be marked in reasonable ways as differentiate it from the original
	version

--]]

require("nixio")
require("uci")

if nixio.fs.stat("/etc/config.mesh/xlink") then
    function nft_delete(list, query)
        for line in io.popen("/usr/sbin/nft -a list chain ip fw4 " .. list):lines()
        do
            local handle = line:match(query .. "%s*# handle (%d+)")
            if handle then
                os.execute("/usr/sbin/nft delete rule ip fw4 " .. list .. " handle " .. handle)
                return
            end
        end
    end
    uci.cursor("/etc/config.mesh"):foreach("xlink", "interface",
        function(section)
            local ifname = section.ifname
            nft_delete("forward", "iifname \"" .. ifname .. "\".*jump forward_dtdlink")
            nft_delete("input", "iifname \"" .. ifname .. "\".*jump input_dtdlink")
            nft_delete("output", "oifname \"" .. ifname .. "\".*jump output_dtdlink")
            nft_delete("accept_to_dtdlink", "oifname \"" .. ifname .. "\".*accept")
            nft_delete("reject_to_dtdlink", "oifname \"" .. ifname .. "\".*reject")
            nft_delete("reject_from_dtdlink", "iifname \"" .. ifname .. "\".*reject")
        end
    )
    nft_delete("forward_dtdlink", "jump accept_to_dtdlink")
    local addrule = false
    uci.cursor("/etc/config.mesh"):foreach("xlink", "interface",
        function(section)
            local ifname = section.ifname
            os.execute("/usr/sbin/nft insert rule ip fw4 forward iifname \"" .. ifname .. "\" jump forward_dtdlink")
            os.execute("/usr/sbin/nft add rule ip fw4 input iifname \"" .. ifname .. "\" jump input_dtdlink")
            os.execute("/usr/sbin/nft add rule ip fw4 output oifname \"" .. ifname .. "\" jump output_dtdlink")
            os.execute("/usr/sbin/nft add rule ip fw4 accept_to_dtdlink oifname \"" .. ifname .. "\" accept")
            os.execute("/usr/sbin/nft add rule ip fw4 reject_to_dtdlink oifname \"" .. ifname .. "\" reject")
            os.execute("/usr/sbin/nft add rule ip fw4 reject_from_dtdlink iifname \"" .. ifname .. "\" reject")
            addrule = true
        end
    )
    if addrule then
        os.execute("/usr/sbin/nft insert rule ip fw4 forward_dtdlink jump accept_to_dtdlink")
    end
end