#!/bin/sh
# dos (dos protection)
#
# Setting dos protection thresholds for ucast/mcast/bcast

#################################################################################################
# CHANGELOG
#===========
# 2010/06/22    CRMS00169018    Jason Zhang
#               add dos protection threshold
#
# 2010/07/27    crms00247716    Jason Zhang CFP command for eap forward on pc port no more take into account
#
# 2010/08/10    crms00250845    Alex CAO	file upload slow issue
#
# 2010/08/23    crms00254810    Jason Zhang     slow network problem
#
# 2010/12/09    crms00279336    Jason Zhang     [VHE] "dos summary" don't return right value as cfp rule show
#
# 2010/12/09    crms00278858    Jason Zhang     CFP mapping problem
#
# 2014/07/31    crqms00141322   Mngju Lai       Security NAC & VHE2: need to restart VHE after re-connexion of the PC
#
#################################################################################################
#crms00279336 jasonaz+
DOS_FUNCTIONS=/etc/dos.functions
if [ -f ${DOS_FUNCTIONS} ]; then
   . ${DOS_FUNCTIONS} 
fi
#crms00279336 jasonaz-

DOS_THRESHOLD_CONF=/etc/dos_threshold.conf
if [ -f ${DOS_THRESHOLD_CONF} ];then
   . ${DOS_THRESHOLD_CONF}
fi

#crms00279336 jasonaz+   
DOS_TMP_SCRIPT=/tmp/dosrules.script
TMP_DOSRULES_INDEX_FILE="/tmp/dosrules.index"
#crms00279336 jasonaz-   

case "$1" in
     start)
         echo "dos protection service start"
#crms00279336 jasonaz+   
         DOSRULES_INDEX=`eth cfp rule show | grep "TCAM" | wc -l`
         let DOSRULES_INDEX=${DOSRULES_INDEX}+1
         > ${TMP_DOSRULES_INDEX_FILE} 
#crms00279336 jasonaz-   
#crms00254810 jasonaz+
#crms00250845 alexca+
#crms00279336 jasonaz+   
#         DOS_TMP_SCRIPT=/tmp/dos_script
#crms00279336 jasonaz-   
         DA=`CLISettings get current ENETCFG_MACADDR`
         > $DOS_TMP_SCRIPT    
#CRMS00247716 jasonaz+ 
#         echo "cfp init" >> $DOS_TMP_SCRIPT 
#CRMS00247716 jasonaz+ 
         echo "cfp en 0 1" >> $DOS_TMP_SCRIPT
         echo "cfp en 1 1" >> $DOS_TMP_SCRIPT
#crms00477480 tingh+
         echo "cfp en 8 1" >> $DOS_TMP_SCRIPT
#crms00477480 tingh-
         echo "cfp rule struct init" >> $DOS_TMP_SCRIPT
         echo "cfp rule struct en 1" >> $DOS_TMP_SCRIPT
         echo "cfp rule struct portmap 0x03" >> $DOS_TMP_SCRIPT
         echo "cfp rule struct da nonip $DA ff:ff:ff:ff:ff:ff" >> $DOS_TMP_SCRIPT
         echo "cfp rule struct actiontype n r" >> $DOS_TMP_SCRIPT
         echo "cfp rule struct kbps ${UCAST_THRESHOLD_KBPS} ${BURST_KBYTE}" >> $DOS_TMP_SCRIPT
#crms00279336 jasonaz+   
#crms00278858 jasonaz+   
#         echo "cfp rule add -1" >> $DOS_TMP_SCRIPT
#crqms00141322 milai+
         echo "cfp rule struct sliceid 0" >> $DOS_TMP_SCRIPT
#crqms00141322 milai-
#crms00278858 jasonaz-   
         echo "cfp rule add ${DOSRULES_INDEX}" >> $DOS_TMP_SCRIPT
         echo "DOSRULES_UCAST_INDEX=${DOSRULES_INDEX}" >> ${TMP_DOSRULES_INDEX_FILE} 
         let DOSRULES_INDEX=${DOSRULES_INDEX}+1
#CRMS00247716 jasonaz+ 
         echo "cfp rule struct init" >> $DOS_TMP_SCRIPT
         echo "cfp rule struct en 1" >> $DOS_TMP_SCRIPT
         echo "cfp rule struct portmap 0x03" >> $DOS_TMP_SCRIPT
         echo "cfp rule struct da nonip 01:00:00:00:00:00 ff:00:00:00:00:00" >> $DOS_TMP_SCRIPT
         echo "cfp rule struct actiontype n r" >> $DOS_TMP_SCRIPT
#crms00477480 tingh+
         echo "cfp rule struct actiondst 0x0 0x3" >> $DOS_TMP_SCRIPT
#crms00477480 tingh-
         echo "cfp rule struct kbps ${MCAST_THRESHOLD_KBPS} ${BURST_KBYTE}" >> $DOS_TMP_SCRIPT
#crms00278858 jasonaz+   
#crqms00141322 milai+
         echo "cfp rule struct sliceid 0" >> $DOS_TMP_SCRIPT
#crqms00141322 milai-
#crms00278858 jasonaz-   
         echo "cfp rule add ${DOSRULES_INDEX}" >> $DOS_TMP_SCRIPT
         echo "DOSRULES_MCAST_INDEX=${DOSRULES_INDEX}" >> ${TMP_DOSRULES_INDEX_FILE} 
         let DOSRULES_INDEX=${DOSRULES_INDEX}+1
#crms00279336 jasonaz-   
#CRMS00247716 jasonaz-
         echo "cfp rule struct init" >> $DOS_TMP_SCRIPT
         echo "cfp rule struct en 1" >> $DOS_TMP_SCRIPT
         echo "cfp rule struct portmap 0x03" >> $DOS_TMP_SCRIPT
         echo "cfp rule struct da nonip ff:ff:ff:ff:ff:ff ff:ff:ff:ff:ff:ff" >> $DOS_TMP_SCRIPT
         echo "cfp rule struct actiontype n r" >> $DOS_TMP_SCRIPT
#crms00477480 tingh+
         echo "cfp rule struct actiondst 0x0 0x3" >> $DOS_TMP_SCRIPT
#crms00477480 tingh-
         echo "cfp rule struct kbps ${BCAST_THRESHOLD_KBPS} ${BURST_KBYTE}" >> $DOS_TMP_SCRIPT
#crms00279336 jasonaz+   
#crms00278858 jasonaz+   
#         echo "cfp rule add -1" >> $DOS_TMP_SCRIPT
#crqms00141322 milai+
         echo "cfp rule struct sliceid 0" >> $DOS_TMP_SCRIPT
#crqms00141322 milai-
         echo "cfp rule add ${DOSRULES_INDEX}" >> $DOS_TMP_SCRIPT
#crms00278858 jasonaz-   
         echo "DOSRULES_BCAST_INDEX=${DOSRULES_INDEX}" >> ${TMP_DOSRULES_INDEX_FILE} 
#crms00279336 jasonaz-   
         echo "q" >> $DOS_TMP_SCRIPT
 
         cat $DOS_TMP_SCRIPT | eth >/dev/null 2>&1
#crms00250845 alexca-
#crms00254810 jasonaz-
     ;;
     stop)
         echo "dos protection service stop"
#crms00279336 jasonaz+   
         dos_summary | while read line; do
             logger -t "DOS" -p local1.info $line
         done
         if [ -e ${TMP_DOSRULES_INDEX_FILE} ]; then
             . ${TMP_DOSRULES_INDEX_FILE} 
             > ${DOS_TMP_SCRIPT}
             if [ ! -z ${DOSRULES_UCAST_INDEX} ];then
                 echo "cfp rule del ${DOSRULES_UCAST_INDEX}" >> $DOS_TMP_SCRIPT
             fi
             if [ ! -z ${DOSRULES_MCAST_INDEX} ];then
                 echo "cfp rule del ${DOSRULES_MCAST_INDEX}" >> $DOS_TMP_SCRIPT
             fi
             if [ ! -z ${DOSRULES_BCAST_INDEX} ];then
                 echo "cfp rule del ${DOSRULES_BCAST_INDEX}" >> $DOS_TMP_SCRIPT
             fi
             echo "q" >> ${DOS_TMP_SCRIPT}
             cat $DOS_TMP_SCRIPT | eth >/dev/null 2>&1
         fi
         > ${TMP_DOSRULES_INDEX_FILE}
#crms00279336 jasonaz-   
     ;;
     *)
     echo "Usage $0 {start | stop}" 
     exit 1
     ;;
esac

