From: Sapan Bhatia <sapanb@cs.princeton.edu>
Date: Wed, 9 Jul 2008 20:03:38 +0000 (+0000)
Subject: Iptables script that starts up tuntap also.
X-Git-Tag: iptables-1.3.8-2~2
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=55ff91acf63c9b4135d15e6e587f770db510bad1;p=iptables.git

Iptables script that starts up tuntap also.
---

diff --git a/iptables.init b/iptables.init
index 5c99246..cf4c477 100755
--- a/iptables.init
+++ b/iptables.init
@@ -167,6 +167,51 @@ start() {
 	failure; echo; return 1
     fi
     
+    # Tuntap initialization
+
+    if [ -z "$taps" -a -r /etc/planetlab/node_id ] ; then
+        # If this node is not "virtually multi-homed", just bring up
+        # the tap interface with a PLB private address. The PLB
+        # convention is to assign a unique 10.x.y.0/24 network to each
+        # node where x.y is the PlanetLab node ID of the machine in
+        # host order:
+        #
+        # x = (node_id / 256) % 256
+        # y = node_id % 256
+        #
+        node_id=$(cat /etc/planetlab/node_id)
+        taps="tap0"
+        tap0=$(printf 10.%d.%d.1 $((($node_id / 256) % 256)) $(($node_id % 256)))
+        tapmask=255.0.0.0
+    fi
+
+    for tap in $taps ; do
+        # Configuration for this tap (address/proxy)
+        eval cfg=\$$tap
+        addr=${cfg%/*}
+        proxy=${cfg#*/}
+
+        # Set MAC address to something predictable
+        mac=$(printf 00:FF:%X:%X:%X:%X $(echo $addr | sed -e 's/\./ /g'))
+
+        # Bring up this interface. Optimize the MTU for the PlanetLab
+        # Backbone (1500/Ethernet - 4/GRE - 8/UDP - 20/IP = 1468).
+            ifconfig $tap down && \
+            ifconfig $tap hw ether $mac mtu 1468 && \
+            ifconfig $tap $addr ${proxy:+pointopoint $proxy} netmask ${tapmask:=255.255.255.255} up
+
+        # Stuffing the proxy for this address in the pointopoint field
+        # creates a static route to the proxy that we do not want
+        # present.
+        if [ -n "$proxy" -a "$proxy" != "$addr" ] ; then
+                ip route del $proxy
+        fi
+
+        # Enable route through this interface
+            ip route add default dev $tap tab 1 && \
+            ip rule add from $addr tab 1
+    done
+
     # Load additional modules (helpers)
     if [ -n "$IPTABLES_MODULES" ]; then
 	echo -n $"Loading additional $IPTABLES modules: "
@@ -185,7 +230,8 @@ start() {
 }
 
 stop() {
-    # Do not stop if iptables module is not loaded.
+    
+        # Do not stop if iptables module is not loaded.
     [ -e "$PROC_IPTABLES_NAMES" ] || return 1
 
     flush_n_delete
@@ -201,7 +247,13 @@ stop() {
 	[ $ret -eq 0 ] && success || failure
 	echo
     fi
-    
+
+    # Take down vnet interfaces
+    for dev in $taps tap0 ; do
+        action $"Shutting down interface $dev: " \
+            ifconfig $dev 0.0.0.0 down
+    done		
+
     rm -f $VAR_SUBSYS_IPTABLES
     return $ret
 }