#!/bin/sh +x

SLICE=$1
SLICEID=`id -u $SLICE`
read KEY

### Setup etun
ETUN0=nat$KEY
ETUN1=natx$KEY
ip link add name $ETUN0 type veth peer name $ETUN1
ifconfig $ETUN1 10.0.$KEY.1/24 up

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o $ETUN1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $ETUN1 -o eth0 -j ACCEPT

### Create "grab link" script
GRAB=/vsys/local_grab-$ETUN0
echo $SLICE > $GRAB.acl 
rm -f $GRAB
cat > $GRAB <<EOF
#!/bin/sh

read PID

ip link set $ETUN0 netns \$PID 
EOF
chmod +x $GRAB

### Create "delete link" script
DELETE=/vsys/local_delete-$ETUN0
echo $SLICE > $DELETE.acl 
rm -f $DELETE
cat > $DELETE <<EOF
#!/bin/sh

read NULL

# Remove iptables rules
iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
iptables -D FORWARD -i eth0 -o $ETUN1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -D FORWARD -i $ETUN1 -o eth0 -j ACCEPT

# Get rid of etun devices, only need name of one of them
ip link delete dev $ETUN1 

# Clean up files
rm -f $GRAB $GRAB.acl
rm -f $DELETE $DELETE.acl

EOF
chmod +x $DELETE