1 """network configuration"""
3 # system provided modules
4 import os, string, time, socket
5 from socket import inet_aton
7 # PlanetLab system modules
11 import plnode.bwlimit as bwlimit
12 import logger, iptables, tools
15 # we can't do anything without a network
18 dev_default = tools.get_default_if()
22 logger.log("net: plugin starting up...")
24 def GetSlivers(data, config, plc):
26 # band-aid for short period as old API returns networks instead of interfaces
28 KEY_NAME = "interfaces"
31 logger.verbose("net: GetSlivers called.")
32 if not 'interfaces' in data:
34 # band-aid for short period as old API returns networks instead of interfaces
35 # logger.log_missing_data('net.GetSlivers','interfaces')
37 if not 'networks' in data:
38 logger.log_missing_data('net.GetSlivers','interfaces')
44 plnet.InitInterfaces(logger, plc, data)
47 if 'OVERRIDES' in dir(config):
48 if config.OVERRIDES.get('net_max_rate') == '-1':
49 logger.log("net: Slice and node BW Limits disabled.")
50 if len(bwlimit.tc("class show dev %s" % dev_default)):
51 logger.verbose("net: *** DISABLING NODE BW LIMITS ***")
62 InitPlanetStack(plc, data)
65 def InitNodeLimit(data):
67 # query running network interfaces
69 ips = dict(zip(devs.values(), devs.keys()))
72 macs[sioc.gifhwaddr(dev).lower()] = dev
74 for interface in data[KEY_NAME]:
75 # Get interface name preferably from MAC address, falling
77 hwaddr=interface['mac']
78 if hwaddr <> None: hwaddr=hwaddr.lower()
80 dev = macs[interface['mac']]
81 elif interface['ip'] in ips:
82 dev = ips[interface['ip']]
84 logger.log('net: %s: no such interface with address %s/%s' % (interface['hostname'], interface['ip'], interface['mac']))
87 # Get current node cap
89 old_bwlimit = bwlimit.get_bwcap(dev)
93 # Get desired node cap
94 if interface['bwlimit'] is None or interface['bwlimit'] < 0:
95 new_bwlimit = bwlimit.bwmax
97 new_bwlimit = interface['bwlimit']
99 if old_bwlimit != new_bwlimit:
100 # Reinitialize bandwidth limits
101 bwlimit.init(dev, new_bwlimit)
103 # XXX This should trigger an rspec refresh in case
104 # some previously invalid sliver bwlimit is now valid
105 # again, or vice-versa.
107 def InitI2(plc, data):
108 if not 'groups' in data: return
110 if "Internet2" in data['groups']:
111 logger.log("net: This is an Internet2 node. Setting rules.")
113 i2nodeids = plc.GetNodeGroups(["Internet2"])[0]['node_ids']
114 for node in plc.GetInterfaces({"node_id": i2nodeids}, ["ip"]):
116 i2nodes.append(node['ip'])
117 # this will create the set if it doesn't already exist
118 # and add IPs that don't exist in the set rather than
119 # just recreateing the set.
120 bwlimit.exempt_init('Internet2', i2nodes)
122 # set the iptables classification rule if it doesnt exist.
123 cmd = '-A POSTROUTING -m set --set Internet2 dst -j CLASSIFY --set-class 0001:2000 --add-mark'
125 ipt = os.popen("/sbin/iptables-save")
126 for line in ipt.readlines(): rules.append(line.strip(" \n"))
129 logger.verbose("net: Adding iptables rule for Internet2")
130 os.popen("/sbin/iptables -t mangle " + cmd)
132 def InitNAT(plc, data):
134 # query running network interfaces
135 devs = sioc.gifconf()
136 ips = dict(zip(devs.values(), devs.keys()))
139 macs[sioc.gifhwaddr(dev).lower()] = dev
141 ipt = iptables.IPTables()
142 for interface in data[KEY_NAME]:
143 # Get interface name preferably from MAC address, falling
144 # back on IP address.
145 hwaddr=interface['mac']
146 if hwaddr <> None: hwaddr=hwaddr.lower()
148 dev = macs[interface['mac']]
149 elif interface['ip'] in ips:
150 dev = ips[interface['ip']]
152 logger.log('net: %s: no such interface with address %s/%s' % (interface['hostname'], interface['ip'], interface['mac']))
156 settings = plc.GetInterfaceTags({'interface_tag_id': interface['interface_tag_ids']})
160 for setting in settings:
161 if setting['category'].upper() != 'FIREWALL':
163 if setting['name'].upper() == 'EXTERNAL':
164 # Enable NAT for this interface
166 elif setting['name'].upper() == 'INTERNAL':
168 elif setting['name'].upper() == 'PF': # XXX Uglier code is hard to find...
169 for pf in setting['value'].split("\n"):
171 for field in pf.split(","):
172 (key, val) = field.split("=", 2)
174 if 'new_dport' not in fields:
175 fields['new_dport'] = fields['dport']
176 if 'source' not in fields:
177 fields['source'] = "0.0.0.0/0"
181 # Helper functions for converting to CIDR notation
182 def get_net_size(netmask):
184 for octet in netmask:
185 binary_str += bin(int(octet))[2:].zfill(8)
186 return str(len(binary_str.rstrip('0')))
188 def to_cidr(ipaddr, netmask):
193 ipaddr = ipaddr.split('.')
194 netmask = netmask.split('.')
196 net_start = [str(int(ipaddr[x]) & int(netmask[x])) for x in range(0,4)]
197 return '.'.join(net_start) + '/' + get_net_size(netmask)
199 def ipaddr_range(network, broadcast):
200 start = network.split('.')
201 end = broadcast.split('.')
203 # Assume interface always claims the first address in the block
204 start[3] = str(int(start[3]) + 2)
205 end[3] = str(int(end[3]) - 1)
207 return '.'.join(start) + ',' + '.'.join(end)
209 def InitPlanetStack(plc, data):
211 for interface in data[KEY_NAME]:
213 settings = plc.GetInterfaceTags({'interface_tag_id': interface['interface_tag_ids']})
218 for setting in settings:
219 tags[setting['tagname'].upper()] = setting['value']
224 # Skip devices that don't have names
225 logger.log('net:InitPlanetStack: Device has no name, skipping...')
228 logger.log('net:InitPlanetStack: Processing device %s' % dev)
231 # Enable iptables MASQ on this device
232 # Right now the subnet is hardcoded, should instead use interface's subnet
233 ipaddr = interface['ip']
234 netmask = interface['netmask']
236 if (ipaddr and netmask):
238 cidr = to_cidr(ipaddr, netmask)
240 logger.log('net:InitPlanetStack: could not convert ipaddr %s and netmask %s to CIDR' % (ipaddr, netmask))
243 cmd = ['/sbin/iptables', '-t', 'nat', '-C', 'POSTROUTING', '-s', cidr,
244 '!', '-d', cidr, '-j', 'MASQUERADE']
246 logger.log('net:InitPlanetStack: checking if NAT iptables rule present for device %s' % dev)
247 subprocess.check_call(cmd)
249 logger.log('net:InitPlanetStack: adding NAT iptables NAT for device %s' % dev)
252 subprocess.check_call(cmd)
254 logger.log('net:InitPlanetStack: failed to add NAT iptables rule for device %s' % dev)
256 # Enable dnsmasq for this interface
257 # Check if dnsmasq already running
259 pidfile = '/var/run/dnsmasq-%s.pid' % dev
261 pid = open(pidfile, 'r').read().strip()
262 if os.path.exists('/proc/%s' % pid):
263 start_dnsmasq = False
264 logger.log('net:InitPlanetStack: dnsmasq already running on device %s' % dev)
270 logger.log('net:InitPlanetStack: starting dnsmasq on device %s' % dev)
271 iprange = ipaddr_range(interface['network'], interface['broadcast'])
272 logger.log('net:InitPlanetStack: IP range: %s' % iprange)
273 subprocess.check_call(['/usr/sbin/dnsmasq',
278 '--pid-file=%s' % pidfile,
280 '--interface=%s' % dev,
281 '--dhcp-range=%s' % iprange,
282 '--dhcp-leasefile=/var/lib/dnsmasq/%s.leases' % dev,
283 '--dhcp-no-override'])
286 logger.log('net:InitPlanetStack: failed to start dnsmasq for device %s' % dev)