-# main starts here
- debug "Debug activated"
- debug "$0 START"
-
- # create the DBFILE if not exist
- [ ! -e ${DBFILE} ] && touch ${DBFILE}
-
- requests=[]
- i=0
-
- # lock acquisition
- acquire_lock
-
- # A request to the vsys backend is composed by a single line of input
- while read request; do
- # read -a read arguments in array
- # XXX skip lines starting with #
- debug "Received <$request>"
- requests[$i]="$request"
- requests[$i]=`filter $request`
- debug "Filtered ${requests[$i]}"
- i=$(($i + 1))
- done
-
- # process requests
- i=0
- n_req=${#requests[*]}
- debug "Received $n_req request"
- while [ $i -lt $n_req ] ; do
- debug "processing request $i of $n_req"
- debug "<${requests[$i]}>"
- process ${requests[$i]}
- i=$(($i + 1))
- done
-
- # lock release
- release_lock
- debug "$0 END"
- exit 0
+# ALLOCATION OF PIPES AND RULES
+# pipes are always allocated in pairs
+# rules are either individual or in groups of size NUM_RULES (e.g. 4)
+# and are allocated in two different parts of the rule namespace
+# (e.g. blocks from 10000 to 49999 and individuals from 50000 to 59999)
+# Internally allocator uses the base number for each item, e.g.
+# rule 10000..49999 -> rule_base=1..10000
+# rule 50000..59999 -> rule_base=10001..20000
+# pipe 10000..59999 -> pipe_base=1..25000
+# a bit of math lets us compute the correct numbers.
+# For CLIENT, SERVER, SERVICE the database contains entries as
+# XID TYPE arg rule_base pipe_base
+# For blocks the entries are
+# XID RULE - rule_base -
+# XID PIPE - - pipe_base
+# When a rule or pipe is referenced we first check that the owner owns it.
+# more details below.
+
+#-- main starts here
+debug "--- $0 START for $SLICENAME ---"
+
+# If the db does not exist, create it and we clean rules and pipes
+[ ! -e ${DBFILE} ] && clean_db
+
+# A request to the vsys backend is composed by a single line of input
+read REQ # read one line, ignore the rest
+echo "read ${REQ}"
+set_verbose ${REQ} # use inital -v if present
+set_test ${REQ} # use inital -t if present
+REQ="`filter ${REQ}`" # remove -v and -t and invalid chars
+debug "--- processing <${REQ}>"
+acquire_lock # critical section
+process ${REQ}
+release_lock
+debug "--- $0 END ---"
+exit 0