--- /dev/null
+#!/usr/bin/perl
+
+use strict;
+
+$|=1;
+
+my $slicename;
+my $portnumber;
+my $ipaddress;
+
+$slicename = $ARGV[0];
+$portnumber = <STDIN>;
+$ipaddress = <STDIN>;
+
+chop($portnumber);
+chop($ipaddress);
+
+if (-f "/dev/shm/rawtcp-$slicename") {
+ print "Sorry, only 1 port reservation is allowed per slice. You reserved ".`cat /dev/shm/rawtcp-$slicename`;
+}
+
+if ($ipaddress!~/^\d+\.\d+\.\d+\.\d+/) {
+ die("$ipaddress is not an ip address");
+}
+
+if ($portnumber!~/^\d+$/) {
+ die("$portnumber is not a port number");
+}
+
+$portnumber=int($portnumber);
+open CMD1,"vcontext --ctx 1 --migrate -- ncontext --nid 1 --migrate fuser -n tcp $portnumber 2>/dev/null |";
+my @f = <CMD1>;
+my $fuser = join '',@f;
+$fuser=~s/\s//g;
+close CMD1;
+
+if ($fuser) {
+ open CMD2,"chcontext --ctx 1 -- cat /proc/$fuser/vinfo|";
+
+ my $vinfo = <CMD2>;
+ my @userinfo;
+ @userinfo = split /\s/,$vinfo;
+ my $uid = $userinfo[1];
+ my $slice_id = `id -u $slicename`;
+ chop($slice_id);
+
+ if ($slice_id eq $uid) {
+ my $default_route = `ip route get $ipaddress`;
+ my $dev;
+ $default_route =~ /dev ([^\s]+)/;
+ $dev = $1;
+ if ($dev !~ /$uid/) {
+ print $ipaddress;
+ print $default_route;
+ die("Sorry, you don't own the next hop for that route, which is $dev");
+ }
+
+ #### If we made it here, it means:
+ #### 1. The user is bound to the desired port, which is in the 61000+ range.
+ #### 2. There is a local device for the supplied IP address.
+ #### 3. The calling user owns that device.
+ ####
+ #### Next: Bridge the port with the device
+
+ my $iptables_cmd = "iptables -t nat -A PREROUTING -m tcp -p tcp --dport $portnumber -j DNAT --to $ipaddress:$portnumber";
+ system($iptables_cmd);
+ system("echo $portnumber > /dev/shm/rawtcp-$slicename");
+ print "Port reservation commands executed";
+ }
+ else {
+ print "$portnumber is taken by somebody else, sorry";
+ }
+ close CMD2;
+} else {
+ print "Please bind to $portnumber first."
+}
git://git.onelab.eu / vsys-scripts.git / commitdiff