### Local Variables: *** ### mode:perl *** ### comment-column:0 *** ### comment-start: "### " *** ### comment-end: "***" *** ### End: *** # # ****************DO NOT MOVE OR CHANGE LINES ABOVE THIS********************* # # The first set of lines runs perl from any shell. The second set of lines # identifies the rest of the file as PERL for EMACS autoformatting. # See end of copyright for more information. # # # ------------------------------------------------------------------- # X-BONE # # http://www.isi.edu/xbone # USC Information Sciences Institute (USC/ISI) # Marina del Rey, California 90292, USA # Copyright (c) 1998-2005 # # ------------------------------------------------------------------- # # Copyright (c) 1998-2005 by the University of Southern California. # All rights reserved. # # Permission to use, copy, modify, and distribute this software and # its documentation in source and binary forms for non-commercial # purposes and without fee is hereby granted, provided that the above # copyright notice appear in all copies and that both the copyright # notice and this permission notice appear in supporting # documentation, and that any documentation, advertising materials, # and other materials related to such distribution and use acknowledge # that the software was developed by the University of Southern # California, Information Sciences Institute. The name of the # University may not be used to endorse or promote products derived # from this software without specific prior written permission. # # THE UNIVERSITY OF SOUTHERN CALIFORNIA MAKES NO REPRESENTATIONS ABOUT # THE SUITABILITY OF THIS SOFTWARE FOR ANY PURPOSE. THIS SOFTWARE IS # PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, # INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. # # Other copyrights might apply to parts of this software and are so # noted when applicable. # # ------------------------------------------------------------------- # # Effort partly sponsored by the Defense Advanced Research Projects # Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel # Command, USAF, under agreement numbers F30602-98-1-0200 (X-Bone) and # F30602-01-2-0529 (DynaBone). The views and conclusions contained # herein are those of the authors and should not be interpreted as # necessarily representing the official policies or endorsements, # either expressed or implied, of the Defense Advanced Research # Projects Agency (DARPA), the Air Force Research Laboratory, or the # U.S. Government. # # This work was partly supported by the NSF STI-XTEND (ANI-0230789) # and NETFS (ANI-0129689) projects. Any opinions, findings, and # conclusions or recommendations expressed in this material are those # of the authors and do not necessarily reflect the views of the # National Science Foundation. # # ------------------------------------------------------------------- # $RCSfile: XB_Defs.pm,v $ # # $Revision: 1.117 $ # $Author: pingali $ # $Date: 2005/03/31 07:03:54 $ # $State: Exp $ # ---------------------------------------------------------------------------- # # ############################################# # # Common definitions used by XBONE Perl modules. # # Principal authors: Gregory Finn, Anindo Bannerjea # ############################################# package XB_Defs; require Exporter; @ISA = qw(Exporter); @EXPORT = qw(); @EXPORT_OK = qw(NODEOS ALLOWED_NODEOS XBONE_NET DNS_FILE_FORWARD DNS_FILE_REVERSE NAMED_PID XBONE_HOME XBONE_PROTOCOL DNS_SERVER DNS_SERVER_SECONDARY DNS_UPDATE_MODE SECURITY_CA_CERT SECURITY_SERVER_CERT SECURITY_SERVER_KEY MAX_MCAST_RADIUS XB_CTL_PORT MCAST_ADDR CA_EMAIL XB_API_PORT IPSEC_ENABLE_RANDOM_PADDING NODEOS_LABEL IP_MULTICAST_IF IP_MULTICAST_TTL IP_MULTICAST_LOOP IP_ADD_MEMBERSHIP IP_DROP_MEMBERSHIP IP_MULTICAST_VIF SOL_IP NET_TIMEOUT SO_RCVBUF ACTUATOR_MSG_LIMIT ACTUATOR_TIMEOUT LOG_DEST LOG_MASK LOG_FILE DUPLICATE_DETECTION_INTERVAL XBONE_RELEASE XBONE_OVLMGR_BACKCOMPAT XBONE_DAEMON_BACKCOMPAT IPSEC_DISABLE_REPLAY_PROTECTION LOOPBACK_IP_ADDRESS IP_ADDRESS_LENGTH REVISITATION ENABLE_FIREWALL_FORWARDING NODE_ASSIGNMENT_POLICY); use strict; use sigtrap; use FindBin; use Config; # XXX THE XBONE DIRECTORY MUST BE NAMED "xbone" FOR THIS TO WORK! $XB_Defs::XBONE_HOME = $FindBin::RealBin; if($XB_Defs::XBONE_HOME =~ /(.*\/xbone)/) { $XB_Defs::XBONE_HOME = $1; } #------------------------------------------------------------------------------ # NEW NEW NEW NEW NEW NEW NEW NEW NEW NEW NEW NEW NEW NEW NEW NEW NEW NEW NEW #------------------------------------------------------------------------------ # Default values for XBone node configuration options: # # Notes: # - Precedence: command line > configuration file > XB_Defs (default) # - Do not change this file unless it's site- or network-specific. # Use command line or configuration file to override default values # with node-specific properties. # $XB_Defs::xol_ver = "1.6"; $XB_Defs::XOL_PROTOCOL="1.5"; $XB_Defs::XBONE_RELEASE="3.0"; # conf: XBone node configuration file, full or relative path $XB_Defs::conf = "xbone.conf"; # cert & key: node certificate & key files $XB_Defs::node_cert = "cert/xbone-node-cert.pem"; $XB_Defs::node_key = "cert/xbone-node-key.pem"; # CAcert: CA cert file: $XB_Defs::ca_cert = "cert/xbone-ca-cert.pem"; $XB_Defs::ca_path = "cert"; # daemon type: specifies the role of a node in virtual networks # host host # router router # node host or router # network s/node/network|AS/ # meta-node s/node/virtual network/ # manager network + meta-node # manager+node manager + node # om old XBone OM # rd old XBone RD # $XB_Defs::daemon_type = "node"; #============================= #=> Network-Related Parameters # multicast address/group $XB_Defs::xbone_mcast_addr = "224.192.0.1"; # ports: # xbone_api_port: XBone API -> manage virtual networks # official IANA port: x-bone-api 2165 # xbone_ctl_port: XBone CTL -> configure nodes in a virtual network # official IANA port: x-bone-ctl 265 $XB_Defs::xbone_api_port = 2165; $XB_Defs::xbone_ctl_port = 265; # RTT: # Rough estimate on the timeout for RTT in seconds # Note that all timeout values are derived from RTT as listed below: $XB_Defs::xbone_rtt = 15; # logging: # log_dest: log destination(s), combine the chosen ones with logic OR '|' # operation: SYSLOG, ERR, OUT, FILE. # log_mask: log mask (copied from syslog(3)), list & suggested usages # emerg: (panic) # alert: (should be corrected immediately) # crit: (critical conditions) # err: errors # warning: warning messages # notice: not error conditions, but should be handled # info: enter/exit subroutines # debug: misc logs: stop points, traces, etc. # debug3: dump variables # debug4: dump data structure # debug5: dump pkts/messages # debug6: dump data structure # debug7: dump pkts/messages # debug0-128: gory details not suitable for human being # log_file: log file, only effective if FILE is included in LOG_DEST $XB_Defs::SYSLOG = (2**0); # log to syslog $XB_Defs::ERR = (2**1); # log to STDERR $XB_Defs::OUT = (2**2); # log to STDOUT $XB_Defs::FILE = (2**3); # log to file $XB_Defs::log_dest = $XB_Defs::FILE | $XB_Defs::OUT; $XB_Defs::log_mask = # For release: "emerg alert crit err warning notice"; # -------------------------------------------------------------- # For development: # "emerg alert crit err warning notice info debug debug0 debug1 ". # "debug2 debug3 debug4 debug5"; $XB_Defs::log_file = "/var/xbone/xbone.log"; # List of allowed parent Overlay Managers @XB_Defs::ovl_manager = (); # List of user ACL %XB_Defs::user_acl = (); # Node Resource # DEBUGGING $XB_Defs::DEBUGGING = 1; # main switch, turn on the following $XB_Defs::SSL_DEBUG = 2; # 0=none, 1=errors, 2=1+cipher # 3=2+progress, 4=3+data # XBone message delimiters $XB_Defs::msg_delimiter = "XBoneEOC"; #------------------------------------------------------------------------------ # OLD OLD OLD OLD OLD OLD OLD OLD OLD OLD OLD OLD OLD OLD OLD OLD OLD OLD OLD #------------------------------------------------------------------------------ ############################################################ # The following are used only by xb-overlay-manager # They are provided here because # - xb-overlay-manager has no config file # - this is the place for changeable constants ############################################################ $XB_Defs::XBONE_OVERLAY_MANAGER = # Hostname used by the OM to "www.xbone.net"; # identify itself in heartbeats $XB_Defs::SECURITY_SERVER_CERT = # used by the OM as its public key "$XB_Defs::XBONE_HOME/..."; # XXX no idea where this goes after reorg $XB_Defs::SECURITY_SERVER_KEY = # used by the OM as its private key "$XB_Defs::XBONE_HOME/..."; # XXX no idea where this goes after reorg $XB_Defs::DEMO_MODE = 0; # Flag for demo mode. Set this to 1 to # force the OM to pick nodes in the # reverse order. 0 is normal operation. $XB_Defs::XBONE_OVLMGR_BACKCOMPAT = # Overlay Manager is backward compatible ""; # with these XBONE_RELEASE release versions # (separated by "|", eg, "1.3|1.2") $XB_Defs::OVLMGR_PING_INTERVAL = 60*15; # Overlay Manager sweeps all hosts in # all overlays, issuing heartbeat # messages to each of them. This sweep # is performed as once every interval. # Value is seconds. ############################################################ # The following are used only by xb-daemon # This may also go into the XB_daemon.conf. # all these are valid only with REVISITATION enabled. ############################################################ $XB_Defs::ENABLE_FIREWALL_FORWARDING = 1; $XB_Defs::ACCEPT_RULE_START = 2500; $XB_Defs::ACCEPT_RULE_END = 3499; $XB_Defs::FWD_RULE_START = 3500; $XB_Defs::FWD_RULE_END = 4499; $XB_Defs::OUT_RULE_START = 4500; $XB_Defs::OUT_RULE_END = 5499; # node allocation policy. options are BLOCKED or RR (round robin). $XB_Defs::NODE_ASSIGNMENT_POLICY = "BLOCKED"; ############################################################ # The following are used only by nearly everybody :-) ############################################################ $XB_Defs::XBONE_VERSION_DATE = # Date this version was created. # "30/10/2001"; # "//" "01/01/2005"; # <- for development $XB_Defs::XBONE_OBSOLETE_LIMIT = # Seconds after the version date 60*60*24*30*6; # when the version should be obsolete. $XB_Defs::API_PROTOCOL = "2.0"; # Protocol version of the XBone API $XB_Defs::XBONE_PROTOCOL = "1.5"; # Protocol version of the XBone internal # communication (OM <-> RD) $XB_Defs::XBONE_RELEASE = "2.0"; # Version number of the XBone software # release #$XB_Defs::XBONE_RELEASE = "2.0rc1";# <- for development $XB_Defs::XBONE_NET = # The domain name associated with this "xbone.net"; # particular Xbone overlay network. $XB_Defs::NODEOS = ""; # Holds OS name read from daemon # configuration file. @XB_Defs::ALLOWED_NODEOS = # List of allowed OS names for qw(freebsd linux solaris sunos kame nist netbsd ); # Resource Daemon (RD) hosts. @XB_Defs::ALLOWED_DNS_NODEOS = # List of allowed OS names for the one qw(freebsd linux solaris sunos kame nist ); # RD host that manipulates the Xbone # DNS domain. %XB_Defs::NODEOS_LABEL = # labels (textual representation) of ( freebsd => "FreeBSD", # allowed NODEOS tags - use these when kame => "FreeBSD/KAME", # printing (e.g. web pages) linux => "Linux", nist => "Linux/NIST", sunos => "SunOS", solaris => "Solaris", netbsd => "NetBSD" ); $XB_Defs::SYSLOG = (2**0); $XB_Defs::ERR = (2**1); $XB_Defs::OUT = (2**2); $XB_Defs::FILE = (2**3); $XB_Defs::LOG_DEST = # Log to both the log file and stderr. # $XB_Defs::FILE; # Also see XB_Log.pm. $XB_Defs::FILE|$XB_Defs::OUT; # Specify the set of things to log. $XB_Defs::LOG_MASK = # emerg, alert, crit, err, warning, notice # info, debug0, debug1, ... # For debugging, info, debug, & debug1 are # useful, but very noisy. # uncomment one of the following two groups for release or coding/debugging # "emerg alert crit err warning notice"; # for release, log critical ones only "emerg alert crit err warning ". # for internal coding/debugging, show "notice info debug debug0 debug1 ". # everything "debug2 debug3 debug4 debug5"; $XB_Defs::LOG_FILE = # File name where logging data is written. "/var/log/xbone.log"; # Use only when XB_Defs::LOG_DEST & "FILE". $XB_Defs::DAEMON_CONF_FILE = "/usr/local/etc/xbone/Xbone_daemon.conf"; # location of Xbone daemon's configuration $XB_Defs::DAEMON_STATE_DIR = "/var/xbone"; $XB_Defs::REVISITATION = 0; # Should revisitation be enabled? #== XBone Runtime Directories ================================================= # - XBONE_RUN_DIR: Base for other XBone runtime directories. Must be # configurable from command line & config file. #============================================================================== $XB_Defs::XBONE_RUN_DIR = "/var/xbone"; $XB_Defs::DAEMON_STATE_FILE = "$XB_Defs::DAEMON_STATE_DIR/Xbone_daemon.state"; # File where Xbone daemon's overlay state # is kept for daemon crash recovery. %XB_Defs::DAEMON_STATE = (); # Hash of Xbone daemon's current state $XB_Defs::ERASE_AT_STARTUP = 0; # Erase Xbone daemon's tunnel, IPSec # and route state. NOTE: This should be # non-zero only at ISI. $XB_Defs::DAEMON_STATE_TIME = 1; # Last time that the Xbone daemon's state # was dumped out to the state file. $XB_Defs::OVERLAY_ALIVE_TIME = 60*120; # Seconds that the resource daemon will # allow an overlay to remain without # receiving a keep-alive message from # an overlay manager. $XB_Defs::OVERLAY_SWEEP_INTERVAL = 60*10; # Seconds that resource daemon waits # between sweeps, looking for overlays # that have not been kept alive. $XB_Defs::NET_TIMEOUT = 120; # Network timeout in seconds. Use one # instead of 5 different timeouts before. #------------------------------------------------------------ # OS dependent section to define NAMED_ZONE_PATH & NAMED_PID. #------------------------------------------------------------ if ($Config{osname} eq "linux") { $XB_Defs::NAMED_ZONE_PATH="/var/named/xbone"; # NEED VERIFICATION! if(-d "/var/run/named"){ $XB_Defs::NAMED_PID="/var/run/named/named.pid"; }else{ $XB_Defs::NAMED_PID="/var/run/named.pid"; } } if ($Config{osname} eq "solaris") { $XB_Defs::NAMED_ZONE_PATH="/var/adm/domain/xbone"; $XB_Defs::NAMED_PID="/var/adm/domain/named.pid"; } if ($Config{osname} eq "freebsd") { $XB_Defs::NAMED_ZONE_PATH="/etc/namedb/xbone"; $XB_Defs::NAMED_PID="/var/run/named.pid"; } $XB_Defs::DNS_FILE_FORWARD = # Forward DNS database file for overlays.b "$XB_Defs::NAMED_ZONE_PATH/xbone-forward.zone"; $XB_Defs::DNS_FILE_REVERSE = # Reverse DNS database file for overlays "$XB_Defs::NAMED_ZONE_PATH/xbone-reverse.zone"; $XB_Defs::DNS_SERVER = # Primary Xbone DNS name server "dns1.xbone.net"; $XB_Defs::DNS_SERVER_SECONDARY = # Secondary Xbone DNS server ""; # "dns2.xbone.net"; ################################################################### # The only allowed values for the DNS update mode are: # # $DNS_UPDATE_MODE = "update_both"; # Update both assumes that the DNS is running in two primaries # mode and that the DNS system will not update the second primary # # $DNS_UPDATE_MODE = "update_1_hup_2"; # Update 1 hup 2 assumes that we have one primary and one secondary # so we update the primary and hup the secondary to get an instantaneous # update. # # The current decision is to run as update_1_hup_2 ################################################################### $XB_Defs::DNS_UPDATE_MODE = # See above block comment. "update_1_hup_2"; $XB_Defs::DNS_TIMEOUT = 15; # Fifteen second DNS cache time. # A value lower than 15 is undefined. # used by both RD and OM when calling XB_SSL::init() $XB_Defs::SECURITY_CA_CERT = "$XB_Defs::XBONE_HOME/isi/ca/CAcert.pem"; # IPv6 peek: define mcast address $XB_Defs::MCAST_ADDR = # Multicast address used by XBONE "224.192.0.1"; $XB_Defs::XB_CTL_PORT = 265; # Multicast port used by XBone and alos # the unicast TCP and UDP ports used. # Official IANA port: x-bone-ctl $XB_Defs::XB_API_PORT = 2165; # TCP port used by XBone API # Official IANA port: x-bone-api # IPv6 peek: define address blocks $XB_Defs::XB_IP_EXTERNAL_BLOCK = # IP block for releases, from RFC 1918 "172.26.0.0/16"; # (breaks rev DNS w/o RD using XB DNS) $XB_Defs::XB_IP_INTERNAL_BLOCK = # IP block for releases, from RFC 1918 "172.27.0.0/16"; # (breaks rev DNS w/o RD using XB DNS) #$XB_Defs::XB_IP_EXTERNAL_BLOCK = # IP block owned by X-Bone project, for # "198.32.6.0/24"; # local ISI use #$XB_Defs::XB_IP_INTERNAL_BLOCK = # IP block owned by X-Bone project, for # "198.32.7.0/24"; # local ISI use # IPv6 peek: define subnet $XB_Defs::XB_OVL_SUBNET_BITS = 8; $XB_Defs::MAX_MCAST_RADIUS = 16; # The largest radius that should be used $XB_Defs::DUPLICATE_DETECTION_INTERVAL # time interval in seconds we should = 120; # keep msgs to prevent duplicates $XB_Defs::ACTUATOR_MSG_LIMIT = # Maximum size of overlay mgr's reservation 65536; # datagram $XB_Defs::ACTUATOR_TIMEOUT = 15; # Time OM waits during resource discovery $XB_Defs::IP_MULTICAST_IF = 9; $XB_Defs::IP_MULTICAST_TTL = 10; $XB_Defs::IP_MULTICAST_LOOP = 11; $XB_Defs::IP_ADD_MEMBERSHIP = 12; $XB_Defs::IP_DROP_MEMBERSHIP = 13; $XB_Defs::IP_MULTICAST_VIF = 14; ######################################################## # getsockopt() and setsockopt layer for IP protocol. # Needed due to bug in Perl version of getprotobyname(). ######################################################## $XB_Defs::SOL_IP = 0; $XB_Defs::SO_RCVBUF = 128*1024; ####################################### # Global variables used across modules ####################################### @XB_Defs::DNS_ADD_FWD_PARMS = (); # Holds DNS forward addition parameters @XB_Defs::DNS_DEL_FWD_PARMS = (); # " " forward deletion " #== Application Deployment ==================================================== $XB_Defs::ENABLE_APP_DEPLOY = 1; # set to 1 to enable app deployment code %XB_Defs::APP_LIST = (); # hash: AppName -> [ AppFile, LastTime ] $XB_Defs::APP_RUN = # absolute path for application run-time "$XB_Defs::XBONE_RUN_DIR/apps"; # directory @XB_Defs::APP_KEYWORDS = # list of known keywords to replace ("REALHOST", "OVLHOST", "OVLNAME", "OVLSUFFIX", "REALIP", "IPLIST", "IP1", "APPNAME", "APPSCRIPT"); #============================================================================== # IPv6 peek: loopback $XB_Defs::LOOPBACK_IP_ADDRESS # IP Loopback address = "127.0.0.1"; # IPv6 peek: define address length $XB_Defs::IP_ADDRESS_LENGTH # Length of IP Address = 32; $ENV{PATH} = ""; foreach my $thispath (qw(/usr/local/v6/ /usr/local/ / /usr/)) { foreach my $subdir (qw(sbin bin)) { if(-d $thispath.$subdir) { $ENV{PATH} .= ":".$thispath.$subdir; } } } $ENV{PATH} =~ s/^://; $XB_Defs::TEMP_DIR = "/tmp/"; # Temporary Directory to use $XB_Defs::CA_EMAIL = # email address of the CA that signs "X-Bone Certification Authority ".# certificates for this xbone installation ""; # (this should go somewhere else) 1; # Insure TRUE return if module is interpreted.