diff options
| author | t3sserakt <t3ss@posteo.de> | 2023-01-27 13:02:44 +0100 |
|---|---|---|
| committer | t3sserakt <t3ss@posteo.de> | 2023-01-27 13:02:44 +0100 |
| commit | a21cb18203056306fa08ecbcaf4100a6c94cc4d9 (patch) | |
| tree | 5dd194edc938c7b8e2b2c508824e0d1dd71d1bce | |
| parent | 6de2cb8f7a78d9bf1132100f51c19a6a1cb223c5 (diff) | |
| download | gnunet-a21cb18203056306fa08ecbcaf4100a6c94cc4d9.tar.gz gnunet-a21cb18203056306fa08ecbcaf4100a6c94cc4d9.zip | |
TNG: Added code in the netjail scripts to enable router nodes to forward icmp requests
and response.
| -rwxr-xr-x | contrib/netjail/netjail_core.sh | 14 | ||||
| -rwxr-xr-x | contrib/netjail/netjail_start.sh | 34 |
2 files changed, 39 insertions, 9 deletions
diff --git a/contrib/netjail/netjail_core.sh b/contrib/netjail/netjail_core.sh index 302ae922f..cb2a271b8 100755 --- a/contrib/netjail/netjail_core.sh +++ b/contrib/netjail/netjail_core.sh | |||
| @@ -145,12 +145,12 @@ netjail_node_link_bridge() { | |||
| 145 | local BRIDGE=$2 | 145 | local BRIDGE=$2 |
| 146 | local ADDRESS=$3 | 146 | local ADDRESS=$3 |
| 147 | local MASK=$4 | 147 | local MASK=$4 |
| 148 | 148 | ||
| 149 | netjail_next_interface | 149 | netjail_next_interface |
| 150 | local NUM_IF=$RESULT | 150 | local NUM_IF=$RESULT |
| 151 | netjail_next_interface | 151 | netjail_next_interface |
| 152 | local NUM_BR=$RESULT | 152 | local NUM_BR=$RESULT |
| 153 | 153 | ||
| 154 | local LINK_IF=$(printf $INTERFACE_FORMAT_STRING $PREPREFIX $PREFIX $NUM_IF) | 154 | local LINK_IF=$(printf $INTERFACE_FORMAT_STRING $PREPREFIX $PREFIX $NUM_IF) |
| 155 | local LINK_BR=$(printf $INTERFACE_FORMAT_STRING $PREPREFIX $PREFIX $NUM_BR) | 155 | local LINK_BR=$(printf $INTERFACE_FORMAT_STRING $PREPREFIX $PREFIX $NUM_BR) |
| 156 | 156 | ||
| @@ -163,18 +163,18 @@ netjail_node_link_bridge() { | |||
| 163 | ip -n $NODE link set up dev lo | 163 | ip -n $NODE link set up dev lo |
| 164 | 164 | ||
| 165 | ip link set $LINK_BR up | 165 | ip link set $LINK_BR up |
| 166 | 166 | ||
| 167 | RESULT=$LINK_BR | 167 | RESULT=$LINK_IF |
| 168 | } | 168 | } |
| 169 | 169 | ||
| 170 | netjail_node_link_bridge_name() { | 170 | netjail_node_link_bridge_name() { |
| 171 | 171 | ||
| 172 | netjail_next_interface | 172 | netjail_next_interface |
| 173 | netjail_next_interface | 173 | netjail_next_interface |
| 174 | local NUM_BR=$RESULT | 174 | local NUM_BR=$RESULT |
| 175 | 175 | ||
| 176 | local LINK_BR=$(printf $INTERFACE_FORMAT_STRING $PREPREFIX $PREFIX $NUM_BR) | 176 | local LINK_BR=$(printf $INTERFACE_FORMAT_STRING $PREPREFIX $PREFIX $NUM_BR) |
| 177 | 177 | ||
| 178 | RESULT=$LINK_BR | 178 | RESULT=$LINK_BR |
| 179 | } | 179 | } |
| 180 | 180 | ||
diff --git a/contrib/netjail/netjail_start.sh b/contrib/netjail/netjail_start.sh index e68745746..35e51abb4 100755 --- a/contrib/netjail/netjail_start.sh +++ b/contrib/netjail/netjail_start.sh | |||
| @@ -52,6 +52,13 @@ for X in $(seq $KNOWN); do | |||
| 52 | KNOWN_NODES[$X]=$RESULT | 52 | KNOWN_NODES[$X]=$RESULT |
| 53 | netjail_node_link_bridge ${KNOWN_NODES[$X]} $NETWORK_NET "$KNOWN_GROUP.$X" 16 | 53 | netjail_node_link_bridge ${KNOWN_NODES[$X]} $NETWORK_NET "$KNOWN_GROUP.$X" 16 |
| 54 | KNOWN_LINKS[$X]=$RESULT | 54 | KNOWN_LINKS[$X]=$RESULT |
| 55 | |||
| 56 | # Execute echo 1 > /proc/sys/net/netfilter/nf_log_all_netns to make itables log to the host. | ||
| 57 | #ip netns exec ${KNOWN_NODES[$X]} iptables -A INPUT -j LOG --log-prefix '** Known ${KNOWN_NODES[$X]} **' | ||
| 58 | #ip netns exec ${KNOWN_NODES[$X]} iptables -A OUTPUT -j LOG --log-prefix '** Known ${KNOWN_NODES[$X]} **' | ||
| 59 | ip netns exec ${KNOWN_NODES[$X]} iptables -A OUTPUT -p icmp -j ACCEPT | ||
| 60 | ip netns exec ${KNOWN_NODES[$X]} iptables -A INPUT -p icmp -j ACCEPT | ||
| 61 | |||
| 55 | done | 62 | done |
| 56 | 63 | ||
| 57 | declare -A NODES | 64 | declare -A NODES |
| @@ -61,18 +68,36 @@ for N in $(seq $GLOBAL_N); do | |||
| 61 | netjail_node | 68 | netjail_node |
| 62 | ROUTERS[$N]=$RESULT | 69 | ROUTERS[$N]=$RESULT |
| 63 | netjail_node_link_bridge ${ROUTERS[$N]} $NETWORK_NET "$GLOBAL_GROUP.$N" 16 | 70 | netjail_node_link_bridge ${ROUTERS[$N]} $NETWORK_NET "$GLOBAL_GROUP.$N" 16 |
| 64 | NETWORK_LINKS[$N]=$RESULT | 71 | ROUTER_EXT_IF[$N]=$RESULT |
| 65 | netjail_bridge | 72 | netjail_bridge |
| 66 | ROUTER_NETS[$N]=$RESULT | 73 | ROUTER_NETS[$N]=$RESULT |
| 67 | 74 | ||
| 75 | #ip netns exec ${ROUTERS[$N]} iptables -A INPUT -j LOG --log-prefix '** Router ${ROUTERS[$N]} **' | ||
| 76 | ip netns exec ${ROUTERS[$N]} iptables -A INPUT -p icmp -j ACCEPT | ||
| 77 | ip netns exec ${ROUTERS[$N]} iptables -t nat -A PREROUTING -p icmp -d $GLOBAL_GROUP.$N -j DNAT --to $LOCAL_GROUP.1 | ||
| 78 | ip netns exec ${ROUTERS[$N]} iptables -A FORWARD -p icmp -d $LOCAL_GROUP.1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT | ||
| 79 | #ip netns exec ${ROUTERS[$N]} iptables -A OUTPUT -j LOG --log-prefix '** Router ${ROUTERS[$N]} **' | ||
| 80 | ip netns exec ${ROUTERS[$N]} iptables -A OUTPUT -p icmp -j ACCEPT | ||
| 81 | |||
| 68 | for M in $(seq $LOCAL_M); do | 82 | for M in $(seq $LOCAL_M); do |
| 69 | netjail_node | 83 | netjail_node |
| 70 | NODES[$N,$M]=$RESULT | 84 | NODES[$N,$M]=$RESULT |
| 71 | netjail_node_link_bridge ${NODES[$N,$M]} ${ROUTER_NETS[$N]} "$LOCAL_GROUP.$M" 24 | 85 | netjail_node_link_bridge ${NODES[$N,$M]} ${ROUTER_NETS[$N]} "$LOCAL_GROUP.$M" 24 |
| 72 | NODE_LINKS[$N,$M]=$RESULT | 86 | NODE_LINKS[$N,$M]=$RESULT |
| 87 | |||
| 88 | #ip netns exec ${NODES[$N,$M]} iptables -A INPUT -j LOG --log-prefix '** Node ${NODES[$N,$M]} **' | ||
| 89 | #ip netns exec ${NODES[$N,$M]} iptables -A OUTPUT -j LOG --log-prefix '** Node ${NODES[$N,$M]} **' | ||
| 90 | ip netns exec ${NODES[$N,$M]} iptables -A OUTPUT -p icmp -j ACCEPT | ||
| 91 | ip netns exec ${NODES[$N,$M]} iptables -A INPUT -p icmp -j ACCEPT | ||
| 73 | done | 92 | done |
| 74 | 93 | ||
| 75 | ROUTER_ADDR="$LOCAL_GROUP.$(($LOCAL_M+1))" | 94 | ROUTER_ADDR="$LOCAL_GROUP.$(($LOCAL_M+1))" |
| 95 | |||
| 96 | let X=$KNOWN+1 | ||
| 97 | ip netns exec ${ROUTERS[$N]} ip route add "$KNOWN_GROUP.$X" dev ${ROUTER_EXT_IF[$N]} | ||
| 98 | ip netns exec ${ROUTERS[$N]} ip route add default via "$KNOWN_GROUP.$X" | ||
| 99 | |||
| 100 | |||
| 76 | netjail_node_link_bridge ${ROUTERS[$N]} ${ROUTER_NETS[$N]} $ROUTER_ADDR 24 | 101 | netjail_node_link_bridge ${ROUTERS[$N]} ${ROUTER_NETS[$N]} $ROUTER_ADDR 24 |
| 77 | ROUTER_LINKS[$N]=$RESULT | 102 | ROUTER_LINKS[$N]=$RESULT |
| 78 | 103 | ||
| @@ -135,3 +160,8 @@ for N in $(seq $GLOBAL_N); do | |||
| 135 | ip netns exec ${ROUTERS[$N]} ./${R_SCRIPT[$N]} ${ROUTER_NETS[$N]} 1 | 160 | ip netns exec ${ROUTERS[$N]} ./${R_SCRIPT[$N]} ${ROUTER_NETS[$N]} 1 |
| 136 | fi | 161 | fi |
| 137 | done | 162 | done |
| 163 | |||
| 164 | # We like to have a node acting as a gateway for all router nodes. This is especially needed for sending fake ICMP packets. | ||
| 165 | netjail_node | ||
| 166 | GATEWAY=$RESULT | ||
| 167 | netjail_node_link_bridge $GATEWAY $NETWORK_NET "$KNOWN_GROUP.$X" 16 | ||