genconfig.pl 3.75 KB
Newer Older
1
#!/usr/bin/perl -w
2
#
3
# Copyright (c) 2005-2011 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
23 24 25 26 27 28 29 30 31 32
#
use Getopt::Std;
use English;

my $datafile = "fw-rules";

my $optlist = "eMIf:";
my $domysql = 0;
my $doipfw = 1;
my $expand = 0;
33
my $qualifiers = 0;
34 35 36 37 38 39 40
my @lines;

sub usage()
{
    print "Usage: genconfig [-MI] config ...\n".
	"  -e      expand EMULAB_ variables\n".
	"  -f file specify the input rules file\n".
41
	"  -q      include qualifiers\n".
42
	"  -M      generate mysql commands\n".
43 44 45
	"  -I      generate IPFW commands\n".
	"\n".
	" Valid configs are: open, closed, basic, elabinelab\n";
46 47 48 49 50 51 52
    exit(1);
}

my %fwvars;

sub getfwvars()
{
53
    # XXX for Utah Emulab as of 11/11
54
    $fwvars{EMULAB_GWIP} = "155.98.36.1";
55
    $fwvars{EMULAB_GWMAC} = "00:d0:bc:f4:14:f8";
56
    $fwvars{EMULAB_NS} = "155.98.32.70";
57
    $fwvars{EMULAB_CNET} = "155.98.36.0/22";
58
    $fwvars{EMULAB_BOSSES} = "boss,subboss";
59
    $fwvars{EMULAB_SERVERS} = "boss,subboss,ops";
60 61
    $fwvars{EMULAB_MCADDR} = "234.0.0.0/8";
    $fwvars{EMULAB_MCPORT} = "1025-65535";
62 63 64 65 66 67
}

sub expandfwvars($)
{
    my ($rule) = @_;

68
    getfwvars() if (!%fwvars);
69 70 71

    if ($rule =~ /EMULAB_\w+/) {
	foreach my $key (keys %fwvars) {
72
	    $rule =~ s/$key/$fwvars{$key}/g
73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
		if (defined($fwvars{$key}));
	}
	if ($rule =~ /EMULAB_\w+/) {
	    warn("*** WARNING: Unexpanded firewall variable in: \n".
		 "    $rule\n");
	}
    }
    return $rule;
}

sub doconfig($)
{
    my ($config) = @_;
    my $ruleno = 1;
    my ($type, $style, $enabled);

    if ($doipfw) {
	print "# $config\n";
	print "ipfw -q flush\n";
    }
    if ($domysql) {
	$type = "ipfw2-vlan";
	$style = lc($config);
	# XXX
	$style = "emulab" if ($style eq "elabinelab");
	$enabled = 1;

100
	print "DELETE FROM `default_firewall_rules` WHERE ".
101 102 103 104
	    "type='$type' AND style='$style';\n";
    }

    foreach my $line (@lines) {
105
	next if ($line !~ /#.*$config/);
106 107 108 109 110 111
	next if ($line =~ /^#/);
	if ($line =~ /#\s*(\d+):.*/) {
	    $ruleno = $1;
	} else {
	    $ruleno++;
	}
112 113 114 115 116
	my $qual;
	if ($line =~ /#.*\+(\w+)/) {
	    $qual = $1;
	}

117 118 119 120
	($rule = $line) =~ s/\s*#.*//;
	chomp($rule);
	$rule = expandfwvars($rule) if ($expand);
	if ($doipfw) {
121 122 123 124
	    print "ipfw add $ruleno $rule # config=$config";
	    print ", $qual only)"
		if ($qualifiers && $qual);
	    print "\n";
125 126
	}
	if ($domysql) {
127 128 129 130 131 132 133
	    if ($qualifiers) {
		print "INSERT INTO `default_firewall_rules` VALUES (".
		    "'$type','$style',$enabled,$qual,$ruleno,'$rule');\n";
	    } else {
		print "INSERT INTO `default_firewall_rules` VALUES (".
		    "'$type','$style',$enabled,$ruleno,'$rule');\n";
	    }
134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157
	}
    }

    print "\n";
}

%options = ();
if (! getopts($optlist, \%options)) {
    usage();
}
if (defined($options{"M"})) {
    $domysql = 1;
    $doipfw = 0;
}
if (defined($options{"I"})) {
    $doipfw = 1;
    $domysql = 0;
}
if (defined($options{"e"})) {
    $expand = 1;
}
if (defined($options{"f"})) {
    $datafile = $options{"f"};
}
158 159 160
if (defined($options{"q"})) {
    $qualifiers = 1;
}
161 162 163 164 165 166 167 168 169 170

if (@ARGV == 0) {
    usage();
}
@lines = `cat $datafile`;
foreach my $config (@ARGV) {
    $config = uc($config);
    doconfig($config);
}
exit(0);