#!/bin/bash
# /usr/share/bonding/configure-system
# Set critical system properties before starting Bonding.
# © 2012, Multapplied Networks, Inc.

CLEAR_PPP_SECRETS="1"  # 1 to clear, 0 to not clear PPP secrets files
LOAD_MODULES=$1  # --load-modules

test -f /etc/default/bonding-system && . /etc/default/bonding-system

if [ -f "/etc/frr/daemons" ] ; then
    quagga=frr
else
    quagga=quagga
fi

function set_sysctl() {
    file="$1"
    val="$2"
    test -f $file && echo -n "$val" > $file
}

function load_modules() {
    for module in $@ ; do
        /sbin/modprobe $module &> /dev/null
    done
}

set_sysctl /proc/sys/net/ipv6/conf/all/forwarding 1

set_sysctl /proc/sys/net/ipv4/ip_forward 1
set_sysctl /proc/sys/net/ipv4/conf/all/rp_filter 0
set_sysctl /proc/sys/net/ipv4/conf/default/rp_filter 0

# Allow binding to IPs that aren't currently present on an interface
# Needed to circumvent BIRD sometimes binding to an address prematurely
set_sysctl /proc/sys/net/ipv4/ip_nonlocal_bind 1
set_sysctl /proc/sys/net/ipv6/ip_nonlocal_bind 1

# Early demux is slower for pure-routing scenarios and may result in a crash on
# some kernel versions
set_sysctl /proc/sys/net/ipv4/ip_early_demux 0
set_sysctl /proc/sys/net/netfilter/nf_conntrack_helper 1

# Make sure that /dev/net/tun exists and has the proper permissions
mkdir --parents /dev/net
mknod /dev/net/tun c 10 200 2>/dev/null
chmod 0666 /dev/net/tun

if [ "$LOAD_MODULES" = "--load-modules" ]; then
    # Ensure some extra modules are available for bonding
    load_modules \
        8021q \
        ebtable_broute \
        ifb \
        ip_gre \
        nf_conntrack_ftp \
        nf_conntrack_pptp \
        nf_conntrack_proto_gre \
        nf_nat_ftp \
        nf_nat_pptp \
        nf_nat_proto_gre \
        tun \
        vxlan \
        wireguard
fi

if [ "$CLEAR_PPP_SECRETS" = "1" ]; then
    touch /var/run/bonding/ppp-secrets
    chown bonding:bonding /var/run/bonding/ppp-secrets
    chmod 0600 /var/run/bonding/ppp-secrets
    ln -snf /var/run/bonding/ppp-secrets /etc/ppp/pap-secrets
    ln -snf /var/run/bonding/ppp-secrets /etc/ppp/chap-secrets
fi

# Allow the bonding user to change the CPU governors
chown bonding:root /sys/devices/system/cpu/cpufreq/policy*/scaling_governor 2>/dev/null ||:

# Ensure that zebra is enabled in quagga
if [ -f /etc/$quagga/daemons ] ; then
    # Setup used by Debian init.d and FRR
    test -f /etc/$quagga/zebra.conf
    zebra_conf_exists=$?
    grep --quiet zebra=yes /etc/$quagga/daemons
    zebra_enabled=$?
    ps -C zebra > /dev/null
    zebra_running=$?
    if [ "$zebra_enabled" = "1" ] || [ "$zebra_conf_exists" = "1" ] || [ "$zebra_running" = "1" ] ; then
        echo "Enabling zebra and restarting quagga"
        touch /etc/$quagga/zebra.conf
        sed -i 's/zebra=no/zebra=yes/' /etc/$quagga/daemons
        service $quagga restart
    fi
else
    if [ ! -f /etc/quagga/zebra.conf ] ; then
        echo "Enabling and starting zebra"
        touch /etc/quagga/zebra.conf
        systemctl enable --now zebra
    fi
fi

install -o root -g bonding -m 0775 -d /var/run/netns

if [ -f /usr/sbin/bird ]; then
    setcap "CAP_NET_ADMIN,CAP_NET_BIND_SERVICE,CAP_NET_RAW+eip" /usr/sbin/bird
fi
