#!/bin/bash

# Do not edit this file, use ip-up.local instead.

# (C) 1997-2004 SuSE Linux AG, Nuernberg, Germany
# Klaus Franken 25.02.1998
# Remo Behn 18.07.1998
# Arvin Schnell 28.02.2002
# Ludwig Nussel 26.02.2004
# Send suggestions and comments to http://www.suse.de/feedback/

BASENAME=${0##*/}
INTERFACE=$1
DEVICE=$2
SPEED=$3
LOCALIP=$4
REMOTEIP=$5
IPPARAM=$6

# send all output to syslog
exec > >(logger -p security.notice -t "$BASENAME") 2>&1

if [ -z "$REMOTEIP" ]; then
    echo "Usage: $0 <INTERFACE> <DEVICE> <SPEED> <LOCALIP> <REMOTEIP>"
    exit 1
fi

TERM=raw
export TERM

# smpppd-1.14 passes two single quoted paramters in $IPPARAM. The first one is
# the ifcfg filename, the second the provider.
parse_ipparam()
{
	case "$IPPARAM" in
		\'ifcfg-*) ;;
		*) return ;;
	esac
	eval set -- $IPPARAM
	[ "$#" -ne 2 ] && return
	
	ifcfg=${1##ifcfg-}
	provider=$2

	export ifcfg provider
}

# Automatic configuration of your resolv.conf for peer supplied DNS addresses
# when using the 'usepeerdns' option ('ms-get-dns' for ipppd). Original
# resolv.conf is restored when ip-down is called by pppd when the link goes
# down.
add_nameservers()
{
	[ -z "$USEPEERDNS" ] && return

	if [ -z "$isdn" ]; then
		[ ! -f /etc/ppp/resolv.conf ] && return
		/sbin/modify_resolvconf modify -s pppd -p pppd -e "$INTERFACE" \
		    -f /etc/ppp/ip-up -n "$DNS1 $DNS2" -t - <<-EOT
		    If you do not want the pppd to change your nameserver settings
		    set MODIFYDNS=no in the config file for this provider in
		    /etc/sysconfig/network/providers/ and ensure that the option
		    usepeerdns is not set in /etc/ppp/options.
		EOT
	else
		[ -z "$MS_DNS1" ] && return
		/sbin/modify_resolvconf modify -s ipppd -p ipppd -e "$INTERFACE" \
		    -f /etc/ppp/ip-up -n "$MS_DNS1 $MS_DNS2" -t - <<-EOT
		    If you do not like the ipppd to change your nameserver
		    settings remove the option MODIFYDNS for this provider
		EOT
	fi

}

# restore the original resolv.conf saved when ip-up was called by the
# pppd which uses the `usepeerdns' option and resolv.conf was modified
# for the supplied dns server adresses.
restore_nameservers()
{
	[ -z "$USEPEERDNS" ] && return

	if [ -z "$isdn" ]; then
		[ ! -f /etc/ppp/resolv.conf ] && return
		/sbin/modify_resolvconf restore -s pppd -e "$INTERFACE"
	else
		[ -z "$MS_DNS1" ] && return
		/sbin/modify_resolvconf restore -s ipppd -e "$INTERFACE"
	fi
}

# using this function currently breaks Dial On Demand setups, because
# ifdown finally removes the device so the function calls are disabled
# now (bug #39048)
# run ifdown script to execute additional scripts
run_ifdown()
{
	[ -z "$ifcfg" -o -z "$INTERFACE" ] && return
	 /sbin/ifdown $ifcfg $INTERFACE -o dhcp 2>&1 | logger -t ifdown
}

# run ifup script to execute additional scripts
run_ifup()
{
	[ -z "$ifcfg" -o -z "$INTERFACE" ] && return
	 /sbin/ifup $ifcfg $INTERFACE -o dhcp 2>&1 | logger -t ifup
}

# start SuSEfirewall2 if configured
# TODO: let ifup/ifdown handle this
start_firewall()
{
	test "$FIREWALL" = "no" && return

	if /sbin/chkconfig --check SuSEfirewall2_setup; then
		/sbin/SuSEfirewall2 start
	fi
}

# /etc/ppp/poll.tcpip as shipped is able to set the system clock using
# ntpdate (see the NTPD_INITIAL_NTPDATE setting in
# /etc/sysconfig/ntp). It supports fetchmail with a system-wide
# /etc/fetchmailrc and can use UUCP to fetch mail over TCP/IP, provided
# that UUCP is configured properly. Last not least it also calls
# sendmail to send any queued mail
run_poll_tcpip()
{
	[ "$RUN_POLL_TCPIP" = "no" ] && return

	/etc/ppp/poll.tcpip | logger -p security.notice -t poll.tcpip > /dev/null &
}

isdn_restartinterface()
{
	[ -z "$isdn" ] && return;

	LINK_OPT=""
	test "$DYNAMICIP" = "yes" && LINK_OPT="$LINK_OPT dynamic on"
	/sbin/ip addr flush dev $INTERFACE
	/sbin/ip link set $INTERFACE down
	/sbin/ip link set $INTERFACE up $LINK_OPT
	/sbin/ip addr add dev $INTERFACE local $IPADDR peer $PTPADDR

	# set routes from /etc/sysconfig/network/routes (only for dod)
	if [ "$DIALMODE" = "auto" ] ; then
	    /etc/sysconfig/network/scripts/ifup-route $INTERFACE
	fi
}


parse_ipparam


isdn="" # non-zero if called by ipppd
case "$INTERFACE" in
    ippp*)
	[ -z "$ifcfg" ] && ifcfg="$INTERFACE"
	isdn=yes
	;;
    *)
	;;
esac

#########
# TODO: let ifup/ifdown handle this

# config file common to all interfaces, needed for global firewall setting
. /etc/sysconfig/network/config

# interface specific config file if any
if [ -n "$ifcfg" -a -r /etc/sysconfig/network/ifcfg-"$ifcfg" ]; then
    . /etc/sysconfig/network/ifcfg-"$ifcfg"
fi

#########

case "$BASENAME" in
    ip-up)
	add_nameservers
	
	# ip_resend hook
	test "$IP_RESEND" = "yes" -a -x /usr/sbin/ip_resend_wakeup && \
	    /usr/sbin/ip_resend_wakeup -m $LOCALIP -o $INTERFACE

	start_firewall

	run_poll_tcpip

	# call ip-up.local if it exists and is executable:
	if test -x /etc/ppp/ip-up.local ; then
	    /etc/ppp/ip-up.local "$@" | logger -p security.notice -t ip-up.local > /dev/null &
	fi

	# run additional scripts if they exist
	if [ -d /etc/ppp/ip-up.d ]; then
		for SCRIPT in /etc/ppp/ip-up.d/*; do
			[ -d $SCRIPT -o ! -x $SCRIPT ] && continue;
			# ignore backup files and leftovers from rpm
			case $SCRIPT in
			    *.rpmsave|*.rpmnew|*rpmorig|*~) continue ;;
			esac
			$SCRIPT "$@" | logger -p security.notice -t $SCRIPT > /dev/null &
		done
	fi

	#run_ifup

	;;
    ip-down)

	restore_nameservers

	isdn_restartinterface
	
	start_firewall

	# call ip-down.local if it exists and is executable:
	if test -x /etc/ppp/ip-down.local ; then
	    /etc/ppp/ip-down.local "$@" | logger -p security.notice -t ip-down.local > /dev/null &
	fi

	# ip_resend hook
	test "$IP_RESEND" = "yes" -a -x /usr/sbin/ip_resend && \
	    /usr/sbin/ip_resend -o $INTERFACE $IP_RESEND_PARAMETER

	# run additional scripts if they exist
	if [ -d /etc/ppp/ip-down.d ]; then
		for SCRIPT in /etc/ppp/ip-down.d/*; do
			[ -d $SCRIPT -o ! -x $SCRIPT ] && continue;
			# ignore backup files and leftovers from rpm
			case $SCRIPT in
			    *.rpmsave|*.rpmnew|*rpmorig|*~) continue ;;
			esac
			$SCRIPT "$@" | logger -p security.notice -t $SCRIPT > /dev/null &
		done
	fi

	#run_ifdown

	;;
    *)
	;;
esac
