• Mike Hibler's avatar
    Further overhaul of firewall code. NOTE: required bump of tmcd version to 34. · 6a26b246
    Mike Hibler authored
    Firewalls now work with nodes which require a subboss. Had to introduce new
    firewall rules which skipped around the checks that no packets to/from
    node control net IPs should pass through the firewall, if the IP in question
    belongs to a subboss (since subboss is on the node control network). It
    actually checks for all Emulab servers (boss, ops, fs or any subboss),
    so the code should work for an Emulab install which has a non-segmented
    control network in which all servers were in the same subnet as the nodes.
    
    In addition to the new rules, we also had to pass in additional information
    via "tmcc firewallinfo" giving the IP/MAC of those server nodes that are on
    the node control network. We use this to establish ARP entries on the
    inside network so that nodes can find the servers. Since the existing
    client-side firewall code in libsetup.pm would blow up if it got a line
    that it didn't recognize, I had to bump the tmcd version number and add
    some conditional code to tmcd.c:dofwinfo() to not return the extra info for
    old versions.
    
    Added a couple of new firewall variables EMULAB_BOSSES and EMULAB_SERVERS
    that are used in the new rules. Fixed the support scripts in firewall/
    to properly initialize these variables.
    
    IMPORTANT: tmcd looks up boss, ops, fs, and subbosses in the interfaces
    table to find their IPs and MAC addresses. By default, we do not create
    such interface table entries for boss/ops/fs. We have them at Utah for
    other reasons. These entries are only needed if you have a non-segmented
    control network (or a subboss) and you want to firewall such nodes.
    The script to initialize the firewall variables (initfwvars.pl) will
    print out a warning for configurations that are affected and don't have
    the entries.
    6a26b246
Name
Last commit
Last update
account Loading commit data...
apache Loading commit data...
assign Loading commit data...
autoconf Loading commit data...
backend Loading commit data...
bugdb Loading commit data...
capture Loading commit data...
cdrom Loading commit data...
clientside Loading commit data...
collab Loading commit data...
daikon Loading commit data...
db Loading commit data...
delay Loading commit data...
dhcpd Loading commit data...
discvr Loading commit data...
doc Loading commit data...
event Loading commit data...
firewall Loading commit data...
flash Loading commit data...
hw_config Loading commit data...
hyperviewer Loading commit data...
image-test Loading commit data...
install Loading commit data...
ipod Loading commit data...
mote Loading commit data...
named Loading commit data...
node_usage Loading commit data...
os Loading commit data...
patches Loading commit data...
pelab Loading commit data...
protogeni Loading commit data...
pxe Loading commit data...
rc.d Loading commit data...
robots Loading commit data...
rpms Loading commit data...
security Loading commit data...
sensors Loading commit data...
sql Loading commit data...
ssl Loading commit data...
sysadmin Loading commit data...
tbsetup Loading commit data...
testsuite Loading commit data...
tip Loading commit data...
tmcd Loading commit data...
tools Loading commit data...
utils Loading commit data...
vis Loading commit data...
wiki Loading commit data...
www Loading commit data...
xmlrpc Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.gitmodules Loading commit data...
.loc-ignore Loading commit data...
AGPL-COPYING Loading commit data...
GNUmakefile.in Loading commit data...
GNUmakerules Loading commit data...
GPL-COPYING Loading commit data...
LGPL-COPYING Loading commit data...
MOVED-TO-WIKI Loading commit data...
Makeconf.in Loading commit data...
README Loading commit data...
TODO Loading commit data...
TODO.plab Loading commit data...
VERSION Loading commit data...
WEBtemplate.in Loading commit data...
config.h.in Loading commit data...
configure Loading commit data...
configure.in Loading commit data...
defs-aerolab Loading commit data...
defs-calfeld-emulab Loading commit data...
defs-davidand-emulab Loading commit data...
defs-default Loading commit data...
defs-duerig-emulab Loading commit data...
defs-elabinelab Loading commit data...
defs-example Loading commit data...
defs-example-privatecnet Loading commit data...
defs-fbsd7 Loading commit data...
defs-fish-emulab Loading commit data...
defs-gatech Loading commit data...
defs-gtw-emulab Loading commit data...
defs-johnsond-emulab Loading commit data...
defs-kevina-emulab Loading commit data...
defs-kwebb-emulab Loading commit data...
defs-mike-emulab Loading commit data...
defs-newbold-emulab Loading commit data...
defs-newbold-macdb Loading commit data...
defs-ricci-emulab Loading commit data...
defs-shash-emulab Loading commit data...
defs-stoller-emulab Loading commit data...
defs-stoller-home Loading commit data...
defs-stoller-lbsdb Loading commit data...
defs-uky Loading commit data...
defs-utahclient Loading commit data...
defs-wbsun-emulab Loading commit data...
defs-wide Loading commit data...