functions.m4: Allow multiple interfaces to be defined by defiface.

With the upcoming network reorganization, it will be possible for
particular networks to be routed over several different interfaces.  It
will make describing the individual routers easier if we can get
defiface to deal with the commonality.

diff --git a/functions.m4 b/functions.m4
index 0e57ffa..484c30d 100644 (file)
--- a/functions.m4
+++ b/functions.m4
@@ -331,15 +331,15 @@ defnetclass () {
   netclassindex=$(( $netclassindex + 1 ))
 }
 
-## defiface NAME NETCLASS:NETWORK/MASK...
+## defiface NAME[,NAME,...] NETCLASS:NETWORK/MASK...
 ##
-## Declares a network interface NAME and associates with it a number of
-## reachable networks.  During source classification, a packet arriving on
-## interface NAME from an address in NETWORK/MASK is classified as coming
-## from to NETCLASS.  During destination classification, all packets going to
-## NETWORK/MASK are classified as going to NETCLASS, regardless of interface
-## (which is good, because the outgoing interface hasn't been determined
-## yet).
+## Declares network interfaces with the given NAMEs and associates with them
+## a number of reachable networks.  During source classification, a packet
+## arriving on interface NAME from an address in NETWORK/MASK is classified
+## as coming from to NETCLASS.  During destination classification, all
+## packets going to NETWORK/MASK are classified as going to NETCLASS,
+## regardless of interface (which is good, because the outgoing interface
+## hasn't been determined yet).
 ##
 ## As a special case, the NETWORK/MASK can be the string `default', which
 ## indicates that all addresses not matched elsewhere should be considered.
@@ -348,34 +348,43 @@ defaultiface=none
 allnets= allnets6=
 defiface () {
   set -e
-  name=$1; shift
-  case $ifaces in
-    *:"$name":*) ;;
-    *)
-      clearchain mangle:in-$name
-      run ip46tables -t mangle -A in-classify -i $name -g in-$name
-      ;;
-  esac
-  ifaces=$ifaces$name:
-  for item; do
-    netclass=${item%:*} addr=${item#*:}
-    case $addr in
-      default)
-       defaultiface=$name
-       defaultclass=$netclass
-       run ip46tables -t mangle -A out-classify -g mark-to-$netclass
-       ;;
-      *:*)
-       run ip6tables -t mangle -A in-$name -s $addr -g mark-from-$netclass
-       run ip6tables -t mangle -A out-classify -d $addr -g mark-to-$netclass
-       allnets6="$allnets6 $name:$addr"
-       ;;
+  names=$1; shift
+  seen=:
+  for name in $(echo $names | sed 'y/,/ /'); do
+    case $seen in *:"$name":*) continue ;; esac
+    seen=$seen$name:
+    case $ifaces in
+      *:"$name":*) ;;
       *)
-       run iptables -t mangle -A in-$name -s $addr -g mark-from-$netclass
-       run iptables -t mangle -A out-classify -d $addr -g mark-to-$netclass
-       allnets="$allnets $name:$addr"
+       clearchain mangle:in-$name
+       run ip46tables -t mangle -A in-classify -i $name -g in-$name
        ;;
     esac
+    ifaces=$ifaces$name:
+    for item; do
+      netclass=${item%:*} addr=${item#*:}
+      case $addr in
+       default)
+         defaultiface=$name
+         defaultclass=$netclass
+         run ip46tables -t mangle -A out-classify -g mark-to-$netclass
+         ;;
+       *:*)
+         run ip6tables -t mangle -A in-$name -g mark-from-$netclass \
+               -s $addr
+         run ip6tables -t mangle -A out-classify -g mark-to-$netclass \
+               -d $addr
+         allnets6="$allnets6 $name:$addr"
+         ;;
+       *)
+         run iptables -t mangle -A in-$name -g mark-from-$netclass \
+               -s $addr
+         run iptables -t mangle -A out-classify -g mark-to-$netclass \
+               -d $addr
+         allnets="$allnets $name:$addr"
+         ;;
+      esac
+    done
   done
 }