+#
+# initialize the firewall with PlanetLab default rules
+ipfw_init() {
+ ${IPFW} add $S skipto tablearg lookup jail $SLICE_TABLE
+ ${IPFW} add $D allow all from any to any
+}
+
+#
+# if present, call a hook function
+# Arguments are:
+# slice_id type port rule_base pipe_base timeout
+hook_call() {
+ if [ -n "${HOOK}" -a -x "${HOOK}" ]; then
+ ${HOOK} ${SLICE_ID} "$*" &
+ fi
+}
+
+do_help() {
+ cat << EOF
+Usage:
+ ./neconfig [SERVER|CLIENT|SERVICE] port [-t timeout] \
+ PIPE_IN <pipe in configuration> PIPE_OUT <pipe out configuration>
+ ./netconfig show [rules|pipes]
+ ./netconfig delete [SERVER|CLIENT|SERVICE] port
+ ./netconfig refresh [-t timeout] [SERVER|CLIENT|SERVICE] port
+
+We assume three type of connections
+ SERVER we know the local port P, and do the
+ bind/listen/accept on the local socket.
+ pipe_in in dst-port P
+ pipe_out out src-port P
+
+ CLIENT we know the remote port P, and do a connect to it
+ (src and dst are swapped wrt the previous case)
+ pipe_in in src-port P
+ pipe_out out dst-port P
+
+ SERVICE we run a server on local port P, and also connect
+ from local clients to remote servers on port P.
+ pipe_in in { dst-port P or src-port P }
+ pipe_out out { src-port P or dst-port P }
+
+ On a given port a user can have one CLIENT and/or one SERVER
+ configuration or one SERVICE configuration.
+ When a SERVICE configuration is installed any existing CLIENT
+ and SERVER configuration on the same port are removed.
+ When a CLIENT or SERVER configuration is installed any existing
+ SERVICE configuration on the same port is removed.
+
+The pipe configuration, both for the upstream and downstream link,
+follow the dummynet syntax. A quick and not exaustive example
+of the parameters that can be used to configure the delay,
+the bandwidth and the packet loss rate for a link follow:
+
+ PIPE_IN|PIPE_OUT delay 100ms bw 1Mbit/s plr 0.1
+
+The full documentation is on the manpage[1].
+
+The timeout value follow the linux 'date' command format[2]
+and can be specified as follow:
+ 1week
+ 2hours
+ 3days
+
+--- References:
+[1] http://www.freebsd.org/cgi/man.cgi?query=ipfw
+[2] http://linuxmanpages.com/man1/date.1.php
+EOF
+}
+