#!/bin/sh /etc/rc.common
# Copyright (C) 2016 Chen RuiWei <crwbak@gmail.com>

START=99
STOP=10

USE_PROCD=1

CONFIG=softethervpn

add_rule() {
	openvpnport=$(cat /usr/libexec/softethervpn/vpn_server.config 2>/dev/null | grep OpenVPN_UdpPortList | awk -F " " '{print $3}')
	[ -z "$openvpnport" ] && openvpnport=1194

	iptables -N SOFTETHER_VPN-SERVER
	iptables -I INPUT -j SOFTETHER_VPN-SERVER
	
	iptables -A SOFTETHER_VPN-SERVER -p udp -m multiport --dports 500,1701,4500 -m comment --comment "L2TP-IPSec" -j ACCEPT
	iptables -A SOFTETHER_VPN-SERVER -p udp --dport $openvpnport -m comment --comment "OpenVPN" -j ACCEPT
	iptables -A SOFTETHER_VPN-SERVER -p tcp --dport $openvpnport -m comment --comment "OpenVPN" -j ACCEPT
	iptables -A SOFTETHER_VPN-SERVER -p tcp --dport 5555 -j ACCEPT
	iptables -A SOFTETHER_VPN-SERVER -p tcp --dport 8888 -j ACCEPT
	iptables -A SOFTETHER_VPN-SERVER -p tcp --dport 992 -j ACCEPT
	iptables -t mangle -I OUTPUT -p udp -m multiport --sports 500,1701,4500 -m comment --comment "SOFTETHER_VPN-SERVER-L2TP-IPSec" -j RETURN
	iptables -t mangle -I OUTPUT -p udp --sport $openvpnport -m comment --comment "SOFTETHER_VPN-SERVER-OPENVPN" -j RETURN
	iptables -t mangle -I OUTPUT -p tcp --sport $openvpnport -m comment --comment "SOFTETHER_VPN-SERVER-OPENVPN" -j RETURN
}

del_rule() {
	ipt_del() {
		for i in $(seq 1 $($1 -nL $2 | grep -c "SOFTETHER_VPN-SERVER")); do
			local index=$($1 --line-number -nL $2 | grep "SOFTETHER_VPN-SERVER" | head -1 | awk '{print $1}')
			$1 -w -D $2 $index 2>/dev/null
		done
	}
	
	ipt_del "iptables -t mangle" "OUTPUT"
	ipt_del "iptables" "INPUT"

	iptables -F SOFTETHER_VPN-SERVER 2>/dev/null
	iptables -X SOFTETHER_VPN-SERVER 2>/dev/null
}

gen_include() {
	echo '#!/bin/sh' > /var/etc/$CONFIG.include
	extract_rules() {
		echo "*$1"
		iptables-save -t $1 | grep "SOFTETHER_VPN-SERVER" | \
		sed -e "s/^-A \(INPUT\)/-I \1 1/"
		echo 'COMMIT'
	}
	cat <<-EOF >> /var/etc/$CONFIG.include
		iptables-save -c | grep -v "SOFTETHER_VPN-SERVER" | iptables-restore -c
		iptables-restore -n <<-EOT
		$(extract_rules filter)
		EOT
	EOF
	return 0
}

start_service() {
	enabled=$(uci -q get $CONFIG.@softether[0].enabled || echo "0")
	[ $enabled -ne 1 ] && return 0
	
	procd_open_instance $CONFIG
	procd_set_param env LANG=en_US.UTF-8
	procd_set_param command /usr/libexec/softethervpn/vpnserver start --foreground
	procd_set_param respawn
	procd_close_instance
	
	add_rule
	gen_include
}

stop_service() {
	top -bn1 | grep "/usr/libexec/softethervpn" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1
	del_rule
	rm -rf /var/etc/$CONFIG.include
}

reload_service() {
	restart
}

service_triggers() {
	procd_add_reload_trigger $CONFIG
}