Commit 92ce268f authored by Mike Hibler's avatar Mike Hibler

Firewall support part II: ns file parsing and database entry

parent d17e32b2
......@@ -2874,6 +2874,8 @@ sub TBGetSiteVar($;$)
"nseconfigs",
"eventlist",
"event_groups",
"firewalls",
"firewall_rules",
"ipsubnets",
"nsfiles");
......
......@@ -114,7 +114,16 @@ my %virtual_tables =
"event_groups" => { rows => undef,
tag => "event_groups",
row => "event_group",
attrs => [ "group_name", "agent-name" ]});
attrs => [ "group_name", "agent-name" ]},
"firewalls" => { rows => undef,
tag => "firewalls",
row => "firewall",
attrs => [ "fwname", "type", "style" ]},
"firewall_rules" => { rows => undef,
tag => "firewall_rules",
row => "firewall_rule",
attrs => [ "fwname", "ruleno", "rule" ]}
);
# XXX
# The experiment table is special. Only certain fields are allowed to
......
......@@ -16,7 +16,7 @@ include $(OBJDIR)/Makeconf
LIB_STUFF = lanlink.tcl node.tcl sim.tcl tb_compat.tcl null.tcl \
nsobject.tcl traffic.tcl vtype.tcl parse.tcl program.tcl \
nsenode.tcl nstb_compat.tcl event.tcl
nsenode.tcl nstb_compat.tcl event.tcl firewall.tcl
BOSSLIBEXEC = parse-ns
USERLIBEXEC = parse.proxy
......
# -*- tcl -*-
#
# EMULAB-COPYRIGHT
# Copyright (c) 2004 University of Utah and the Flux Group.
# All rights reserved.
#
######################################################################
#
# Firewall support.
#
######################################################################
Class Firewall -superclass NSObject
namespace eval GLOBALS {
set new_classes(Firewall) {}
}
Firewall instproc init {s} {
global ::GLOBALS::last_class
$self set sim $s
$self set style "basic"
$self set parent ""
$self set next_rule 1
$self instvar rules
array set rules {}
# Link simulator to this new object.
if {[$s add_firewall $self] == 0} {
set ::GLOBALS::last_class $self
}
}
Firewall instproc rename {old new} {
$self instvar sim
$sim rename_firewall $old $new
}
#
# Set the style of the firewall
#
Firewall instproc set-style {starg} {
$self instvar style
if {$starg == "open" || $starg == "closed" || $starg == "basic"} {
set style $starg
} else {
punsup "firewall: unsupported style: $starg"
}
}
#
# Add rules to the firewall.
#
Firewall instproc add-rule {rule} {
$self instvar next_rule
$self instvar rules
set rules($next_rule) $rule
incr next_rule
}
#
# Add numbered rules to the firewall.
#
Firewall instproc add-numbered-rule {num rule} {
$self instvar rules
if {$num >= 50000} {
perror "\[add-numbered-rule] rule number must be < 50000!"
return
}
if {[info exists rules($num)]} {
perror "\[add-numbered-rule] rule $num already exists!"
return
}
set rules($num) $rule
}
Firewall instproc child-of {pfw} {
$self instvar parent
if {[$pfw info class] != "Firewall"} {
perror "\[child-of] $pfw is not a Firewall"
return
}
if {$pfw == $self} {
perror "\[child-of] cannot father yourself"
return
}
if {$parent != {}} {
perror "\[child-of] $self already a child of $parent"
return
}
set parent $pfw
}
# updatedb DB
Firewall instproc updatedb {DB} {
var_import ::GLOBALS::pid
var_import ::GLOBALS::eid
$self instvar rules
$self instvar sim
$self instvar style
# XXX add the firewall to the virt_nodes table to avoid assign hacking
$sim spitxml_data "virt_nodes" [list "vname" "type" "ips" "osname" "cmd_line" "rpms" "startupcmd" "tarfiles" "fixed" ] [list "$self" "pc" "" "FW-IPFW" "" "" "" "" "" ]
$sim spitxml_data "firewalls" [list "fwname" "type" "style"] [list $self "ipfw" $style]
foreach rule [array names rules] {
set names [list "fwname" "ruleno" "rule"]
set vals [list $self $rule $rules($rule)]
$sim spitxml_data "firewall_rules" $names $vals
}
}
......@@ -265,6 +265,7 @@ source ${GLOBALS::libdir}/traffic.tcl
source ${GLOBALS::libdir}/vtype.tcl
source ${GLOBALS::libdir}/program.tcl
source ${GLOBALS::libdir}/event.tcl
source ${GLOBALS::libdir}/firewall.tcl
##################################################
# Redifing Assignment
......
......@@ -24,6 +24,7 @@
Class Simulator
Class Program -superclass NSObject
Class EventGroup -superclass NSObject
Class Firewall -superclass NSObject
Simulator instproc init {args} {
# A counter for internal ids
......@@ -67,6 +68,10 @@ Simulator instproc init {args} {
$self instvar eventgroup_list;
array set eventgroup_list {}
# Firewall.
$self instvar firewall_list;
array set firewall_list {}
var_import ::GLOBALS::last_class
set last_class $self
}
......@@ -232,6 +237,7 @@ Simulator instproc run {} {
$self instvar event_list
$self instvar prog_list
$self instvar eventgroup_list
$self instvar firewall_list
$self instvar simulated
$self instvar nseconfig
var_import ::GLOBALS::pid
......@@ -390,6 +396,9 @@ Simulator instproc run {} {
foreach egroup [array names eventgroup_list] {
$egroup updatedb "sql"
}
foreach fw [array names firewall_list] {
$fw updatedb "sql"
}
set fields [list "mem_usage" "cpu_usage" "forcelinkdelays" "uselinkdelays" "usewatunnels" "uselatestwadata" "wa_delay_solverweight" "wa_bw_solverweight" "wa_plr_solverweight" "veth_encapsulate" "allowfixnode"]
set values [list $mem_usage $cpu_usage $forcelinkdelays $uselinkdelays $usewatunnels $uselatestwadata $wa_delay_solverweight $wa_bw_solverweight $wa_plr_solverweight $veth_encapsulate $fix_current_resources]
......@@ -870,6 +879,12 @@ Simulator instproc rename_eventgroup {old new} {
set eventgroup_list($new) {}
}
Simulator instproc rename_firewall {old new} {
$self instvar firewall_list
unset firewall_list($old)
set firewall_list($new) {}
}
# find_link <node1> <node2>
# This is just an accesor to the link_map datastructure. If no
# link is known between <node1> and <node2> the empty list is returned.
......@@ -1032,6 +1047,20 @@ Simulator instproc add_eventgroup {group} {
set eventgroup_list($group) {}
}
# add_firewall
# Link to a Firewall object.
Simulator instproc add_firewall {fw} {
$self instvar firewall_list
if {[array size firewall_list] > 0} {
perror "\[add_firewall]: only one firewall per experiment right now"
return -1
}
set firewall_list($fw) {}
return 0
}
# cost
# Set the cost for a link
Simulator instproc cost {src dst c} {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment