genconfig.pl 2.54 KB
Newer Older
Mike Hibler's avatar
Mike Hibler committed
1
#!/usr/bin/perl -w
2
#
Mike Hibler's avatar
Mike Hibler committed
3
# EMULAB-COPYRIGHT
4
# Copyright (c) 2005, 2006 University of Utah and the Flux Group.
Mike Hibler's avatar
Mike Hibler committed
5
# All rights reserved.
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
#
use Getopt::Std;
use English;

my $datafile = "fw-rules";

my $optlist = "eMIf:";
my $domysql = 0;
my $doipfw = 1;
my $expand = 0;
my @lines;

sub usage()
{
    print "Usage: genconfig [-MI] config ...\n".
	"  -e      expand EMULAB_ variables\n".
	"  -f file specify the input rules file\n".
	"  -M      generate mysql commands\n".
24 25 26
	"  -I      generate IPFW commands\n".
	"\n".
	" Valid configs are: open, closed, basic, elabinelab\n";
27 28 29 30 31 32 33 34
    exit(1);
}

my %fwvars;

sub getfwvars()
{
    # XXX
35 36 37
    $fwvars{EMULAB_GWIP} = "155.98.36.1";
    $fwvars{EMULAB_GWMAC} = "00:b0:8e:84:69:34";
    $fwvars{EMULAB_NS} = "155.98.32.70";
38
    $fwvars{EMULAB_CNET} = "155.98.36.0/22";
39 40
    $fwvars{EMULAB_MCADDR} = "234.5.0.0/16";
    $fwvars{EMULAB_MCPORT} = "3564-65535";
41 42 43 44 45 46 47 48 49 50
}

sub expandfwvars($)
{
    my ($rule) = @_;

    getfwvars() if (!defined(%fwvars));

    if ($rule =~ /EMULAB_\w+/) {
	foreach my $key (keys %fwvars) {
51
	    $rule =~ s/$key/$fwvars{$key}/g
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83
		if (defined($fwvars{$key}));
	}
	if ($rule =~ /EMULAB_\w+/) {
	    warn("*** WARNING: Unexpanded firewall variable in: \n".
		 "    $rule\n");
	}
    }
    return $rule;
}

sub doconfig($)
{
    my ($config) = @_;
    my $ruleno = 1;
    my ($type, $style, $enabled);

    if ($doipfw) {
	print "# $config\n";
	print "ipfw -q flush\n";
    }
    if ($domysql) {
	$type = "ipfw2-vlan";
	$style = lc($config);
	# XXX
	$style = "emulab" if ($style eq "elabinelab");
	$enabled = 1;

	print "DELETE FROM default_firewall_rules WHERE ".
	    "type='$type' AND style='$style';\n";
    }

    foreach my $line (@lines) {
84
	next if ($line !~ /#.*$config/);
85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133
	next if ($line =~ /^#/);
	if ($line =~ /#\s*(\d+):.*/) {
	    $ruleno = $1;
	} else {
	    $ruleno++;
	}
	($rule = $line) =~ s/\s*#.*//;
	chomp($rule);
	$rule = expandfwvars($rule) if ($expand);
	if ($doipfw) {
	    print "ipfw add $ruleno $rule\n";
	}
	if ($domysql) {
	    print "INSERT INTO default_firewall_rules VALUES (".
		"'$type','$style',$enabled,$ruleno,'$rule');\n";
	}
    }

    print "\n";
}

%options = ();
if (! getopts($optlist, \%options)) {
    usage();
}
if (defined($options{"M"})) {
    $domysql = 1;
    $doipfw = 0;
}
if (defined($options{"I"})) {
    $doipfw = 1;
    $domysql = 0;
}
if (defined($options{"e"})) {
    $expand = 1;
}
if (defined($options{"f"})) {
    $datafile = $options{"f"};
}

if (@ARGV == 0) {
    usage();
}
@lines = `cat $datafile`;
foreach my $config (@ARGV) {
    $config = uc($config);
    doconfig($config);
}
exit(0);