Commit fd4af260 authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

Split out the firewall rule inclusion from the elabinelab inclusion.

parent ff400e49
......@@ -17,7 +17,7 @@ include $(OBJDIR)/Makeconf
LIB_STUFF = lanlink.tcl node.tcl sim.tcl tb_compat.tcl null.tcl \
nsobject.tcl traffic.tcl vtype.tcl parse.tcl program.tcl \
nsenode.tcl nstb_compat.tcl event.tcl firewall.tcl \
elabinelab.ns
elabinelab.ns fw.ns
BOSSLIBEXEC = parse-ns
USERLIBEXEC = parse.proxy
......
......@@ -6,11 +6,14 @@ set myboss [$ns node]
set myops [$ns node]
tb-set-hardware $myboss pc2000
tb-set-hardware $myops pc2000
tb-set-hardware $myops pc850
tb-set-node-inner-elab-role $myboss boss
tb-set-node-inner-elab-role $myops ops
tb-fix-node $myboss pc171
tb-make-soft-vtype pcslow {pc600 pc850}
#
# This is passed in by the parser, when wrapping an existing experiment.
# The parser wrapper gets info about the wrapped experiment and passes it
......@@ -29,7 +32,7 @@ for {set i 1} {$i <= $maxpcs} {incr i} {
append lanstr "[set $name] "
tb-set-node-os [set $name] FBSD-STD
tb-set-node-inner-elab-role [set $name] node
tb-set-hardware [set $name] pc2000
tb-set-hardware [set $name] pcslow
}
set publiclan [$ns make-lan $lanstr 100Mb 0ms]
......@@ -40,18 +43,7 @@ for {set i 1} {$i <= $maxpcs} {incr i} {
tb-set-ip-lan [set $name] $publiclan 10.200.1.$i
}
tb-set-node-os $myboss FBSD410-UPDATE
tb-set-node-os $myboss FBSD-STD
tb-set-node-cmdline $myboss /kernel.linkdelay
tb-set-node-os $myops FBSD410-UPDATE
if {${::GLOBALS::security_level} >= 2} {
# Set up a firewall
set fw [new Firewall $ns]
$fw set-type ipfw2-vlan
if {${::GLOBALS::security_level} == 2} {
$fw set-style open
} else {
$fw set-style closed
}
}
tb-set-node-os $myops FBSD-STD
#
# This file is intended to be included into another NS file. It is not
# a stand alone file.
#
if {${::GLOBALS::security_level} >= 1} {
# Set up a firewall
set fw [new Firewall $ns]
$fw set-type ipfw2-vlan
if {${::GLOBALS::security_level} == 1} {
$fw set-style open
} elseif {${::GLOBALS::security_level} == 2} {
if {${::GLOBALS::elab_in_elab}} {
$fw set-style emulab
} else {
$fw set-style basic
}
} else {
$fw set-style closed
}
}
......@@ -281,6 +281,9 @@ Simulator instproc run {} {
if {$elab_in_elab && [llength [array names node_list]] == 0} {
uplevel 1 source "@prefix@/lib/ns2ir/elabinelab.ns"
}
if {$security_level} {
uplevel 1 source "@prefix@/lib/ns2ir/fw.ns"
}
# Fill out IPs
if {! $use_ipassign } {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment