Set up NAT for packets heading off the control network.

a3ae428d · Leigh B Stoller · bea88a10 · a3ae428d
Commit a3ae428d authored May 14, 2013 by Leigh B Stoller
--- a/clientside/tmcc/linux/xen/emulab-cnet.pl
+++ b/clientside/tmcc/linux/xen/emulab-cnet.pl
 #!/usr/bin/perl -w
 #
-# Copyright (c) 2000-2012 University of Utah and the Flux Group.
+# Copyright (c) 2000-2013 University of Utah and the Flux Group.
 # 
 # {{{EMULAB-LICENSE
 # 
@@ -26,6 +26,7 @@ use Getopt::Std;
 use English;
 use Data::Dumper;
 use POSIX qw(setsid);
+use Socket;

 #
 # Invoked by xmcreate script to configure the control network for a vnode.
@@ -91,6 +92,17 @@ my $fs_ip = `host fs | grep 'has address'`;
 if ($fs_ip =~ /has address ([0-9\.]*)$/) {
    $fs_ip = $1;
 }
+my $PCNET_IP_FILE   = "$BOOTDIR/myip";
+my $PCNET_MASK_FILE = "$BOOTDIR/mynetmask";
+my $PCNET_GW_FILE   = "$BOOTDIR/routerip";
+
+my $cnet_ip   = `cat $PCNET_IP_FILE`;
+my $cnet_mask = `cat $PCNET_MASK_FILE`;
+my $cnet_gw   = `cat $PCNET_GW_FILE`;
+chomp($cnet_ip);
+chomp($cnet_mask);
+chomp($cnet_gw);
+my $network   = inet_ntoa(inet_aton($cnet_ip) & inet_aton($cnet_mask));

 # Each container gets a tmcc proxy running on another port.
 my $local_tmcd_port = $TMCD_PORT + $vmid;
@@ -185,6 +197,25 @@ sub Online()
 	return -1
 	    if ($?);
    }
+
+    # 
+    # If the source is from the vnode, headed to the local control 
+    # net, no need for any NAT; just let it through.
+    # 
+    mysystem2("$IPTABLES -t nat -A POSTROUTING -j ACCEPT " . 
+	      " -s $vnode_ip -d $network/$cnet_mask");
+    return -1
+	if ($?);
+
+    # 
+    # Otherwise, setup NAT so that traffic leaving the vnode on its 
+    # control net IP, that has been routed out the phys host's
+    # control net iface, is NAT'd to the phys host's control
+    # net IP, using SNAT.
+    # 
+    mysystem2("$IPTABLES -t nat -A POSTROUTING ".
+	      " -s $vnode_ip -o $bridge -j SNAT --to-source $host_ip");
+    
    return 0;
 }

@@ -223,6 +254,12 @@ sub Offline()
 	       "  -o $bridge");
    }

+    mysystem2("$IPTABLES -t nat -D POSTROUTING -j ACCEPT " . 
+	      " -s $vnode_ip -d $network/$cnet_mask");
+
+    mysystem2("$IPTABLES -t nat -D POSTROUTING ".
+	      " -s $vnode_ip -o $bridge -j SNAT --to-source $host_ip");
+
    # evproxy
    mysystem2("$IPTABLES -t nat -D PREROUTING -j DNAT -p tcp ".
 	   "  --dport $EVPROXY_PORT -d $ops_ip -s $vnode_ip ".