#!/bin/sh +x

SLICE=$1
SLICEID=`id -u $SLICE`
NODEID=$2
KEY=$3

#
# OpenVPN uses addresses in 10.<nodeid>/16 block.  Avoid collisions with
# this block.  NAT interface is not advertised and so does not require
# unique address throughout the topology.  But the address of each slice's
# NAT interface must be unique on a single node.
#
BASE="10.0.$KEY"
EXTIP=$BASE.1
EXTNET=$EXTIP/24
INTIP=$BASE.2
INTNET=$INTIP/24
BASENET=$BASE.0/24

### Setup etun
ETUN0=nat$KEY
ETUN1=natx$KEY
ip link add name $ETUN0 type veth peer name $ETUN1
ifconfig $ETUN1 $EXTNET up

### Put a process in the vserver so we can move the interface there
su $SLICE -c "sleep 30 &"
PID=`su $SLICE -c "pgrep -n sleep"`
ip link set $ETUN0 netns $PID
naddress --add --nid $SLICEID --ip $INTNET
sleep 1

su $SLICE -c "sudo /sbin/ifconfig $ETUN0 $INTNET up; \
 sudo /sbin/route add default gw $EXTIP; \
 sudo /sbin/ifconfig lo 127.0.0.1/8 up"

ip rule add dev eth0 fwmark $KEY table $KEY
ip route add table $KEY default via $INTIP
iptables -t mangle -A PREROUTING -i $ETUN1 -j CONNMARK --set-mark $KEY