#!/bin/zsh
umask 022
if lsmod|grep -qw tun;then
sleep .01
else
modprobe tun
fi
export lasttap=$2
if [ -z $lasttap ];then
export lasttap=0
fi
export tapnum=14
export tapmask=24
while [ $tapnum -le 254 ];do
export tapaddr=10.$tapnum".0.1"
if ifconfig|grep -q `echo $tapaddr|cut -f 1-2 -d .`;then
export tapnum=$(($tapnum+1))
continue
else
break
fi
done
case "$1" in
start)
if [ -e /run/vde.ctl ];then
sleep .01
else
mkdir -p /run/vde.ctl
fi
vde_switch -tap tap$lasttap -d -p /run/vde.ctl/tap$lasttap".ctl/pid" -s /run/vde.ctl/tap$lasttap".ctl" -m 0664 -g network
ip addr add $tapaddr"/"$tapmask dev tap"$lasttap"
ip link set tap$lasttap up
iptables-save > /run/vde.ctl/tap$lasttap".ctl/iptables"
iptables -A INPUT -i tap$lasttap -p udp --sport 67:68 --dport 67:68 -j ACCEPT
iptables -A OUTPUT -o tap$lasttap -p udp --sport 67:68 --dport 67:68 -j ACCEPT
iptables -A INPUT -i tap$lasttap -p all -s 10.$tapnum.0.0/$tapmask -j ACCEPT
iptables -A OUTPUT -o tap$lasttap -p all -s 10.$tapnum.0.0/$tapmask -j ACCEPT
iptables -A INPUT -i tap$lasttap -j DROP
iptables -A OUTPUT -o tap$lasttap -j DROP
dnsmasq --pid-file=/run/vde.ctl/tap$lasttap".ctl/tap"$lasttap".dhcp.pid" -a 10.$tapnum.0.1 --dhcp-range=10.$tapnum.0.2,10.$tapnum.0.254,12h --except-interface=lo --bind-interfaces --dhcp-sequential-ip -p 65533
;;
stop)
export tapaddr=`ifconfig tap$lasttap|grep -w inet|cut -f 10 -d \  `
export tapmask=`ip addr show dev tap$lasttap|grep inet|head -n 1|cut -f 6 -d \  |cut -f 2 -d /`
cat /run/vde.ctl/tap$lasttap".ctl/iptables"|iptables-restore
ip addr del $tapaddr"/"$tapmask dev tap"$lasttap"
ip link set tap$lasttap down
kill -9 `cat /run/vde.ctl/tap$lasttap".ctl/tap"$lasttap".dhcp.pid"`
kill -9 `cat /run/vde.ctl/tap$lasttap".ctl/pid"`
rm /run/vde.ctl/tap$lasttap".ctl/pid" /run/vde.ctl/tap$lasttap".ctl/tap"$lasttap".dhcp.pid" /run/vde.ctl/tap$lasttap".ctl/ctl" /run/vde.ctl/tap$lasttap".ctl/iptables"
rmdir /run/vde.ctl/tap$lasttap".ctl"
if ls /run/vde.ctl|wc -l|grep -qw 0;then
rmdir /run/vde.ctl
fi
;;
esac