+def exempt_init():
+ # Who are we?
+ try:
+ node_id = int(file('/etc/planetlab/node_id').readline().strip())
+ except:
+ return False
+
+ api = plcapi.PLCAPI()
+
+ # All nodes that have access to Internet2
+ node_ids = []
+ for node_group in api.AnonAdmGetNodeGroups(api.auth):
+ if node_group['name'] == "Internet2":
+ node_ids += api.AnonAdmGetNodeGroupNodes(api.auth, node_group['nodegroup_id'])
+
+ # Remove duplicates
+ node_ids = list(Set(node_ids))
+
+ # Continue only if we ourselves have access to Internet2
+ if node_id not in node_ids:
+ return True
+
+ # Exempt the following destinations from the node bandwidth cap
+ node_ips = [node['ip'] for node in api.AnonAdmGetNodes(api.auth, node_ids, ['ip'])]
+
+ # Clean up
+ run("/sbin/iptables -t vnet -F POSTROUTING")
+ run("/sbin/ipset -X Internet2")
+
+ # Create a hashed IP set of all of these destinations
+ run("/sbin/modprobe ip_set_iphash")
+ lines = ["-N Internet2 iphash"]
+ lines += ["-A Internet2 " + ip for ip in node_ips]
+ lines += ["COMMIT"]
+ restore = "\n".join(lines) + "\n"
+ run("/sbin/ipset -R", restore)
+
+ # Add rule to match on destination IP set
+ run("/sbin/iptables -t vnet -A POSTROUTING -m set --set Internet2 dst -j CLASSIFY --set-class 1:%x" %
+ exempt_minor)
+
+