-# Add ipfw pipe and rules
-# We use the PORT number to configure the
-# pipe, and add rules for that port.
-# The default directory is the slicename root
-add_rules() { # $1 timeout value $2 delete
- local EXPIRE
-
- debug "Add a new rule, check for deletion flag";
- if [ ${2} -eq 1 ]; then
- #echo "Rules and pipes deleted";
- return;
- fi
-
- debug "Add a new rule"
- # schedule the rule deletion
- EXPIRE=`date --date="${TIMEOUT}" +%s`
- [ x"${EXPIRE}" = x"" ] && abort "Date format $1 not valid"
-
- # move in the slice root dir
- cd /vservers/${SLICE}/root
- #echo ${CONFIG_STRING} | ${SED} -e "s/ profile \(.[^ ]\)/ profile \/vservers\/${SLICE}\/\1/g"
-
- # check syntax, if ok execute
- # add rules
- local IPFW_CHECK="${IPFW} -n "
- local ERROR=0
-
- [ $ERROR -eq 0 ] && \
- ${IPFW_CHECK} add ${RULE_N} pipe ${PIPE_N} ip from ${ME} to any src-port ${PORT} // ${EXPIRE} ${SLICE}
- let "ERROR += $?"
- [ $ERROR -eq 0 ] && \
- ${IPFW_CHECK} add ${RULE_N} pipe ${PIPE_N} ip from any to ${ME} dst-port ${PORT}
-
- let "ERROR += $?"
- [ $ERROR -eq 0 ] && \
- ${IPFW_CHECK} pipe ${PIPE_N} config ${CONFIG_STRING}
-
- if [ ! $ERROR -eq 0 ]; then
- echo "Some errors occurred not executing"
- user_error "ipfw syntax error"
- fi
-
- # add rules
- ${IPFW} add ${RULE_N} pipe ${PIPE_N} ip from ${ME} to any src-port ${PORT} // ${EXPIRE} ${SLICE}
- ${IPFW} add ${RULE_N} pipe ${PIPE_N} ip from any to ${ME} dst-port ${PORT}
-
- # config pipe
- ${IPFW} pipe ${PIPE_N} config ${CONFIG_STRING}
+# Add the ipfw rule/pipe and update the database.
+# The pipe-in and pipe_out config are through global variables
+# CONFIG_IN CONFIG_OUT because they may be long.
+# Other arguments are on the command line
+add_rule() { # new_rule slice_id type port rule pipe_base timeout
+ local new_rule=$1 slice_id=$2 type=$3 port=$4 rule_nr=$5 pipe_base=$6 timeout=$7
+ local pipe_in pipe_out rule_in rule_out check_timeout
+
+ # XXX validate the timeout
+ # schedule the rule deletion
+ check_timeout=`date --date="${timeout}" +%s`
+ [ x"${check_timeout}" = x"" ] && abort "Date format $1 not valid"
+ # XXX tbd
+ timeout="fake_timeout"
+
+ # we could use a profile, so locate the user directory
+ # move in the slice root dir XXX todo
+ cd /vservers/${SLICENAME}/root
+ #echo ${CONFIG_STRING} | ${SED} -e "s/ profile \(.[^ ]\)/ profile \/vservers\/${SLICENAME}\/\1/g"
+
+ # first, call ipfw -n to check syntax
+ # check syntax, if ok move on and do the action
+ local IPFW_CHECK="${IPFW} -n "
+
+ pipe_in=$(($pipe_base + $pipe_base))
+ pipe_out=$(($pipe_in + 1))
+ local del # which one to delete ?
+ if [ x"$new_rule" != x"0" ] ; then
+ case $type in
+ SERVER)
+ rule_in="dst-port $port"
+ rule_out="src-port $port"
+ del=SERVICE
+ ;;
+ CLIENT)
+ rule_in="src-port $port"
+ rule_out="dst-port $port"
+ del=SERVICE
+ ;;
+ SERVICE)
+ rule_in="{ src-port $port or dst-port $port }"
+ rule_out="{ src-port $port or dst-port $port }"
+ del="CLI_SER"
+ ;;
+ *)
+ abort "invalid service type $type"
+ ;;
+ esac
+
+ rule_in="pipe ${pipe_in} in uid $slice_id ${rule_in}"
+ rule_out="pipe ${pipe_out} out uid $slice_id ${rule_out}"
+ ${IPFW_CHECK} add ${rule_nr} $rule_in || \
+ user_error "ipfw syntax error $rule_in"
+ ${IPFW_CHECK} add ${rule_nr} $rule_out || \
+ user_error "ipfw syntax error $rule_out"
+ fi
+
+ # XXX check error reporting
+ ${IPFW_CHECK} pipe ${pipe_in} config ${CONFIG_PIPE_IN} || \
+ user_error "ipfw syntax error pipe_in"
+ ${IPFW_CHECK} pipe ${pipe_out} config ${CONFIG_PIPE_OUT} || \
+ user_error "ipfw syntax error pipe_out"
+
+ # all good, delete and add rules if necessary
+ [ "$del" = "SERVICE" ] && delete_config $slice_id SERVICE $port
+ [ "$del" = "CLI_SER" ] && delete_config $slice_id CLIENT $port
+ [ "$del" = "CLI_SER" ] && delete_config $slice_id SERVER $port
+ [ "$new_rule" != "0" ] && ${IPFW} add ${rule_nr} $rule_in
+ [ "$new_rule" != "0" ] && ${IPFW} add ${rule_nr} $rule_out
+ # config pipes
+ ${IPFW} pipe ${pipe_in} config ${CONFIG_PIPE_IN}
+ ${IPFW} pipe ${pipe_out} config ${CONFIG_PIPE_OUT}
+
+ # add to the database, at least to adjust the timeout
+ ( grep -v -- "^${slice_id} ${type} ${port}" $DBFILE; \
+ echo "${slice_id} ${type} ${port} ${rule_nr} ${pipe_base} ${timeout}" ) > ${DBFILE}.tmp
+ mv ${DBFILE}.tmp ${DBFILE}
+