I notice that pfilter makes a rule for every OSCAR node, such that the
output of "iptables -L" shows something like:
-----
...[snipped]...
ACCEPT all -- queegvm.oscar.vmware queegvm.oscar.vmwarestate NEW
ACCEPT all -- oscarnode1.oscar.vmware queegvm.oscar.vmwarestate NEW
ACCEPT all -- oscarnode2.oscar.vmware queegvm.oscar.vmwarestate NEW
...[snipped]...
-----
Would it be possible to instead use some kind of mask to identify the
OSCAR nodes? I ask because large clusters will generate arbitrarily
large numbers of rules -- one per node.
I ask here to see if it's possible. If so, I'll file a feature
request (or should that be on the pfilter feature tracker, not the
OSCAR feature tracker?).
I realize that to *properly* do this would be a lot of work (to
organize all the groups of nodes and make the minimum set of masks
that would cover them all), but perhaps a simplistic algorithm to
generate masks may cover the majority of cases. Perhaps something
like (pseudocode):
-----
# Put the list "in order", as in:
# 192.168.0.1
# 192.168.0.2
# 192.168.10.1
# 192.168.10.11
# 192.168.20.1
# 192.168.20.2
# etc.
sort(@list_of_ip_addresses);
$first_in_seq = undef;
$last_ip = "";
$current_mask = "";
foreach my $ip (@list_of_ip_addresses) {
# If this address is sequential with the last one, save the first
# address in the sequence (if it's not already saved)
if (is_sequential($ip, $last_ip)) {
if (!defined($first_in_seq)) {
$first_in_seq = $last_ip;
}
next;
}
# If they're not sequential, it's the end of a sequence, so
# calculate a mask (or masks) that covers that sequence, and output
# corresponding rules
else {
# No sequence -- was an individual IP address
if (!defined($first_in_seq)) {
output_individual_rule($ip);
} else {
# calcualte() will return one or more base IP addresses with
# corresponding masks that can be output as rules
my (@masks, @bases) = calculate($first_in_seq)
output_mask_rules(@masks, @bases);
$first_in_seq = undef;
}
}
}
----
This shouldn't be too hard to write.
There will need to be a little math in the calculate() function,
probably generating 1 or more suitable masks (checking powers of 2,
etc.), but that's an exercise left to the reader. ;-)
--
{+} Jeff Squyres
{+} [EMAIL PROTECTED]
{+} http://www.lam-mpi.org/
-------------------------------------------------------
This SF.net email is sponsored by: Scholarships for Techies!
Can't afford IT training? All 2003 ictp students receive scholarships.
Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more.
www.ictp.com/training/sourceforge.asp
_______________________________________________
Oscar-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/oscar-devel
