X-Git-Url: http://plrg.eecs.uci.edu/git/?a=blobdiff_plain;f=iotjava%2Fiotruntime%2Fmaster%2FRouterConfig.java;h=48bb8f691fd000026ab6a696e6d4b24ef4835da4;hb=042f511cbc02e14fe8229b493558ef828e413bea;hp=8e23ce1fec62960015799baff0cac1e2a6c181a2;hpb=7a27eab091d560ca1222d3a2652da56c97456980;p=iot2.git diff --git a/iotjava/iotruntime/master/RouterConfig.java b/iotjava/iotruntime/master/RouterConfig.java index 8e23ce1..48bb8f6 100644 --- a/iotjava/iotruntime/master/RouterConfig.java +++ b/iotjava/iotruntime/master/RouterConfig.java @@ -7,6 +7,9 @@ import java.io.BufferedWriter; import java.io.FileWriter; import java.io.PrintWriter; import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.nio.charset.StandardCharsets; import java.util.HashMap; import java.util.Map; @@ -19,6 +22,12 @@ import java.util.Map; * that doesn't require "iptables" command to be invoked many * times - each invocation of "iptables" will load the existing * table from the kernel space before appending the new rule. + *
+ * We write the core policy repeatedly for each benchmark, while
+ * the header "*filter" and tail (a bunch of closing rules and
+ * REJECT rules) are written into a different file.
+ * They are merged and deployed for every benchmark bootstrapped
+ * in the main loop.
*
* @author Rahmadi Trimananda
+ * This method is useful for MAC policy class so that it doesn't have
+ * to query the router again
+ */
+ public Map
@@ -471,7 +584,7 @@ public final class RouterConfig {
*/
public void configureRouterICMPPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A FORWARD -j ACCEPT -p icmp");
pwConfig.println("-A INPUT -j ACCEPT -p icmp");
@@ -491,7 +604,7 @@ public final class RouterConfig {
*/
public void configureRouterICMPPolicies(String strConfigHost, String strMonitorHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A FORWARD -j ACCEPT -p icmp");
pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost +
@@ -517,7 +630,7 @@ public final class RouterConfig {
*/
public void configureRouterSSHPolicies(String strConfigHost, String strMonitorHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow SSH - port 22 (only from monitor host)
pwConfig.println("-A INPUT -j ACCEPT -s " +
strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
@@ -535,8 +648,8 @@ public final class RouterConfig {
strConfigHost + " -d " + strMonitorHost + " -p tcp --dport ssh");
pwConfig.println("-A OUTPUT -j ACCEPT -s " +
strConfigHost + " -d " + strMonitorHost + " -p tcp --sport ssh");
- pwConfig.println("-A FORWARD -j ACCEPT -p tcp --dport ssh");
- pwConfig.println("-A FORWARD -j ACCEPT -p tcp --sport ssh");
+ //pwConfig.println("-A FORWARD -j ACCEPT -p tcp --dport ssh");
+ //pwConfig.println("-A FORWARD -j ACCEPT -p tcp --sport ssh");
}
@@ -552,7 +665,7 @@ public final class RouterConfig {
*/
public void configureRouterDHCPPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67
pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc");
pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc");
@@ -572,7 +685,7 @@ public final class RouterConfig {
*/
public void configureRouterDNSPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow DNS UDP and TCP port 53
pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain");
pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");
@@ -596,7 +709,7 @@ public final class RouterConfig {
*/
public void configureRejectPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Reject every other thing
pwConfig.println("-A FORWARD -j REJECT");
pwConfig.println("-A INPUT -j REJECT");
@@ -615,9 +728,12 @@ public final class RouterConfig {
*/
public void configureRouterNATPolicy(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Configure NAT
pwConfig.println("-t nat -A POSTROUTING -o eth0 -j MASQUERADE");
+ // Add the following 2 lines
+ pwConfig.println("-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT");
+ pwConfig.println("-A FORWARD -i wlan0 -o eth0 -j ACCEPT");
}
/**
@@ -679,7 +795,7 @@ public final class RouterConfig {
*/
public void configureHostICMPPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A INPUT -j ACCEPT -p icmp");
pwConfig.println("-A OUTPUT -j ACCEPT -p icmp");
@@ -695,7 +811,7 @@ public final class RouterConfig {
*/
public void configureHostSQLPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport mysql");
pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport mysql");
@@ -714,7 +830,7 @@ public final class RouterConfig {
*/
public void configureHostICMPPolicies(String strConfigHost, String strMonitorHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow ICMP
pwConfig.println("-A INPUT -j ACCEPT -s " + strMonitorHost +
" -d " + strConfigHost + " -p icmp");
@@ -737,7 +853,7 @@ public final class RouterConfig {
*/
public void configureHostSSHPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow SSH - port 22
pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport ssh");
pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport ssh");
@@ -759,7 +875,7 @@ public final class RouterConfig {
*/
public void configureHostSSHPolicies(String strConfigHost, String strMonitorHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow SSH - port 22
pwConfig.println("-A INPUT -j ACCEPT -s " +
strMonitorHost + " -d " + strConfigHost + " -p tcp --dport ssh");
@@ -790,7 +906,7 @@ public final class RouterConfig {
*/
public void configureHostDHCPPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow DHCP renew - BOOTP Client port 68 / BOOTP Server port 67
pwConfig.println("-A INPUT -j ACCEPT -p udp --dport bootpc");
pwConfig.println("-A INPUT -j ACCEPT -p udp --sport bootpc");
@@ -809,7 +925,7 @@ public final class RouterConfig {
*/
public void configureHostDNSPolicies(String strConfigHost) {
- PrintWriter pwConfig = getPrintWriter(strConfigHost);
+ PrintWriter pwConfig = getMainPrintWriter(strConfigHost);
// Allow DNS UDP and TCP port 53
pwConfig.println("-A INPUT -j ACCEPT -p tcp --dport domain");
pwConfig.println("-A INPUT -j ACCEPT -p tcp --sport domain");