- added configuration to be able to start executables on a router node

- added barrier functionality
author: t3sserakt <t3ss@posteo.de> 2022-12-07 12:42:31 +0100
committer: t3sserakt <t3ss@posteo.de> 2022-12-07 12:42:31 +0100
commit: 34e1c58cb39a649c9a4c551681cedf19807b85f0 (patch)
tree: 79ea7222958c3ae086b2b2367f22cb66936ad045 /contrib/scripts/netjail/netjail_core.sh
parent: 8804d3efd5bccce3a5d7638a5fcb33450ade2f07 (diff)
download: gnunet-34e1c58cb39a649c9a4c551681cedf19807b85f0.tar.gz
gnunet-34e1c58cb39a649c9a4c551681cedf19807b85f0.zip
1 files changed, 0 insertions, 217 deletions
diff --git a/contrib/scripts/netjail/netjail_core.sh b/contrib/scripts/netjail/netjail_core.sh
deleted file mode 100755
index d53315052..000000000
--- a/contrib/scripts/netjail/netjail_core.sh
+++ /dev/null
@@ -1,217 +0,0 @@
-#!/bin/sh
-# 
-JAILOR=${SUDO_USER:?must run in sudo}
-PREFIX=${PPID:?must run from a parent process}
-# running with `sudo` is required to be
-# able running the actual commands as the
-# original user.
-export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-export RESULT=
-export NAMESPACE_NUM=0
-export INTERFACE_NUM=0
-netjail_next_namespace() {
-        local NUM=$NAMESPACE_NUM
-        NAMESPACE_NUM=$(($NAMESPACE_NUM + 1))
-        RESULT=$NUM
-}
-netjail_next_interface() {
-        local NUM=$INTERFACE_NUM
-        INTERFACE_NUM=$(($INTERFACE_NUM + 1))
-        RESULT=$NUM
-}
-netjail_opt() {
-        local OPT=$1
-        shift 1
-        INDEX=1
-        while [ $# -gt 0 ]; do
-                if [ "$1" = "$OPT" ]; then
-                        RESULT=$INDEX
-                        return
-                fi
-                INDEX=$(($INDEX + 1))
-                shift 1
-        done
-        RESULT=0
-}
-netjail_opts() {
-        local OPT=$1
-        local DEF=$2
-        shift 2
-        
-        while [ $# -gt 0 ]; do
-                if [ "$1" = "$OPT" ]; then
-                        printf "$2"
-                        return
-                fi
-                shift 1
-        done
-        
-        RESULT="$DEF"
-}
-netjail_check() {
-        local NODE_COUNT=$1
-        local FD_COUNT=$(($(ls /proc/self/fd | wc -w) - 4))
-        # quit if `$FD_COUNT < ($LOCAL_M * $GLOBAL_N * 2)`:
-        # the script also requires `sudo -C ($FD_COUNT + 4)`
-        # so you need 'Defaults closefrom_override' in the
-        # sudoers file.
-        if [ $FD_COUNT -lt $(($NODE_COUNT * 2)) ]; then
-                echo "File descriptors do not match requirements!" >&2
-                exit 1
-        fi
-}
-netjail_check_bin() {
-        local PROGRAM=$1
-        local MATCH=$(ls $(echo $PATH | tr ":" "\n") | grep "^$PROGRAM\$" | tr "\n" " " | awk '{ print $1 }')
-        # quit if the required binary $PROGRAM can not be
-        # found in the used $PATH.
-        if [ "$MATCH" != "$PROGRAM" ]; then
-                echo "Required binary not found: $PROGRAM" >&2
-                exit 1
-        fi
-}
-netjail_bridge() {
-        netjail_next_interface
-        local NUM=$RESULT
-        local BRIDGE=$(printf "%06x-%08x" $PREFIX $NUM)
-        ip link add $BRIDGE type bridge
-        ip link set dev $BRIDGE up
-        
-        RESULT=$BRIDGE
-}
-netjail_bridge_clear() {
-        local BRIDGE=$1
-        ip link delete $BRIDGE
-}
-netjail_node() {
-        netjail_next_namespace
-        local NUM=$RESULT
-        local NODE=$(printf "%06x-%08x" $PREFIX $NUM)
-        ip netns add $NODE
-        
-        RESULT=$NODE
-}
-netjail_node_clear() {
-        local NODE=$1
-        ip netns delete $NODE
-}
-netjail_node_link_bridge() {
-        local NODE=$1
-        local BRIDGE=$2
-        local ADDRESS=$3
-        local MASK=$4
-        
-        netjail_next_interface
-        local NUM_IF=$RESULT
-        netjail_next_interface
-        local NUM_BR=$RESULT
-        
-        local LINK_IF=$(printf "%06x-%08x" $PREFIX $NUM_IF)
-        local LINK_BR=$(printf "%06x-%08x" $PREFIX $NUM_BR)
-        ip link add $LINK_IF type veth peer name $LINK_BR
-        ip link set $LINK_IF netns $NODE
-        ip link set $LINK_BR master $BRIDGE
-        ip -n $NODE addr add "$ADDRESS/$MASK" dev $LINK_IF
-        ip -n $NODE link set $LINK_IF up
-        ip -n $NODE link set up dev lo
-        ip link set $LINK_BR up
-        
-        RESULT=$LINK_BR
-}
-netjail_node_unlink_bridge() {
-        local LINK_BR=$1
-        ip link delete $LINK_BR
-}
-netjail_node_add_nat() {
-        local NODE=$1
-        local ADDRESS=$2
-        local MASK=$3
-        ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE
-}
-netjail_node_add_default() {
-        local NODE=$1
-        local ADDRESS=$2
-        ip -n $NODE route add default via $ADDRESS
-}
-netjail_node_exec() {
-        local NODE=$1
-        local FD_IN=$2
-        local FD_OUT=$3
-        shift 3
-        ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN
-}
-netjail_kill() {
-        local PID=$1
-        local MATCH=$(ps --pid $PID | awk "{ if ( \$1 == $PID ) { print \$1 } }" | wc -l)
-        if [ $MATCH -gt 0 ]; then
-                kill -n 19 $PID
-                for CHILD in $(ps -o pid,ppid -ax | awk "{ if ( \$2 == $PID ) { print \$1 } }"); do
-                        netjail_kill $CHILD
-                done
-                kill $PID
-        fi
-}
-netjail_killall() {
-        if [ $# -gt 0 ]; then
-                local PIDS=$1
-                for PID in $PIDS; do
-                        netjail_kill $PID
-                done
-        fi
-}
-netjail_waitall() {
-        if [ $# -gt 0 ]; then
-                local PIDS=$1
-                for PID in $PIDS; do
-                        wait $PID
-                done
-        fi
-}
author	t3sserakt <t3ss@posteo.de>	2022-12-07 12:42:31 +0100
committer	t3sserakt <t3ss@posteo.de>	2022-12-07 12:42:31 +0100
commit	34e1c58cb39a649c9a4c551681cedf19807b85f0 (patch)
tree	79ea7222958c3ae086b2b2367f22cb66936ad045 /contrib/scripts/netjail/netjail_core.sh
parent	8804d3efd5bccce3a5d7638a5fcb33450ade2f07 (diff)
download	gnunet-34e1c58cb39a649c9a4c551681cedf19807b85f0.tar.gz gnunet-34e1c58cb39a649c9a4c551681cedf19807b85f0.zip

diff --git a/contrib/scripts/netjail/netjail_core.sh b/contrib/scripts/netjail/netjail_core.sh deleted file mode 100755 index d53315052..000000000 --- a/contrib/scripts/netjail/netjail_core.sh +++ /dev/null
@@ -1,217 +0,0 @@
1	#!/bin/sh
2	#
3
4	JAILOR=${SUDO_USER:?must run in sudo}
5	PREFIX=${PPID:?must run from a parent process}
6
7	# running with `sudo` is required to be
8	# able running the actual commands as the
9	# original user.
10
11	export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
12
13	export RESULT=
14	export NAMESPACE_NUM=0
15	export INTERFACE_NUM=0
16
17	netjail_next_namespace() {
18	local NUM=$NAMESPACE_NUM
19	NAMESPACE_NUM=$(($NAMESPACE_NUM + 1))
20	RESULT=$NUM
21	}
22
23	netjail_next_interface() {
24	local NUM=$INTERFACE_NUM
25	INTERFACE_NUM=$(($INTERFACE_NUM + 1))
26	RESULT=$NUM
27	}
28
29	netjail_opt() {
30	local OPT=$1
31	shift 1
32
33	INDEX=1
34
35	while [ $# -gt 0 ]; do
36	if [ "$1" = "$OPT" ]; then
37	RESULT=$INDEX
38	return
39	fi
40
41	INDEX=$(($INDEX + 1))
42	shift 1
43	done
44
45	RESULT=0
46	}
47
48	netjail_opts() {
49	local OPT=$1
50	local DEF=$2
51	shift 2
52
53	while [ $# -gt 0 ]; do
54	if [ "$1" = "$OPT" ]; then
55	printf "$2"
56	return
57	fi
58
59	shift 1
60	done
61
62	RESULT="$DEF"
63	}
64
65	netjail_check() {
66	local NODE_COUNT=$1
67	local FD_COUNT=$(($(ls /proc/self/fd \| wc -w) - 4))
68
69	# quit if `$FD_COUNT < ($LOCAL_M * $GLOBAL_N * 2)`:
70	# the script also requires `sudo -C ($FD_COUNT + 4)`
71	# so you need 'Defaults closefrom_override' in the
72	# sudoers file.
73
74	if [ $FD_COUNT -lt $(($NODE_COUNT * 2)) ]; then
75	echo "File descriptors do not match requirements!" >&2
76	exit 1
77	fi
78	}
79
80	netjail_check_bin() {
81	local PROGRAM=$1
82	local MATCH=$(ls $(echo $PATH \| tr ":" "\n") \| grep "^$PROGRAM\$" \| tr "\n" " " \| awk '{ print $1 }')
83
84	# quit if the required binary $PROGRAM can not be
85	# found in the used $PATH.
86
87	if [ "$MATCH" != "$PROGRAM" ]; then
88	echo "Required binary not found: $PROGRAM" >&2
89	exit 1
90	fi
91	}
92
93	netjail_bridge() {
94	netjail_next_interface
95	local NUM=$RESULT
96	local BRIDGE=$(printf "%06x-%08x" $PREFIX $NUM)
97
98	ip link add $BRIDGE type bridge
99	ip link set dev $BRIDGE up
100
101	RESULT=$BRIDGE
102	}
103
104	netjail_bridge_clear() {
105	local BRIDGE=$1
106
107	ip link delete $BRIDGE
108	}
109
110	netjail_node() {
111	netjail_next_namespace
112	local NUM=$RESULT
113	local NODE=$(printf "%06x-%08x" $PREFIX $NUM)
114
115	ip netns add $NODE
116
117	RESULT=$NODE
118	}
119
120	netjail_node_clear() {
121	local NODE=$1
122
123	ip netns delete $NODE
124	}
125
126	netjail_node_link_bridge() {
127	local NODE=$1
128	local BRIDGE=$2
129	local ADDRESS=$3
130	local MASK=$4
131
132	netjail_next_interface
133	local NUM_IF=$RESULT
134	netjail_next_interface
135	local NUM_BR=$RESULT
136
137	local LINK_IF=$(printf "%06x-%08x" $PREFIX $NUM_IF)
138	local LINK_BR=$(printf "%06x-%08x" $PREFIX $NUM_BR)
139
140	ip link add $LINK_IF type veth peer name $LINK_BR
141	ip link set $LINK_IF netns $NODE
142	ip link set $LINK_BR master $BRIDGE
143
144	ip -n $NODE addr add "$ADDRESS/$MASK" dev $LINK_IF
145	ip -n $NODE link set $LINK_IF up
146	ip -n $NODE link set up dev lo
147
148	ip link set $LINK_BR up
149
150	RESULT=$LINK_BR
151	}
152
153	netjail_node_unlink_bridge() {
154	local LINK_BR=$1
155
156	ip link delete $LINK_BR
157	}
158
159	netjail_node_add_nat() {
160	local NODE=$1
161	local ADDRESS=$2
162	local MASK=$3
163
164	ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE
165	}
166
167	netjail_node_add_default() {
168	local NODE=$1
169	local ADDRESS=$2
170
171	ip -n $NODE route add default via $ADDRESS
172	}
173
174	netjail_node_exec() {
175	local NODE=$1
176	local FD_IN=$2
177	local FD_OUT=$3
178	shift 3
179
180	ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN
181	}
182
183	netjail_kill() {
184	local PID=$1
185	local MATCH=$(ps --pid $PID \| awk "{ if ( \$1 == $PID ) { print \$1 } }" \| wc -l)
186
187	if [ $MATCH -gt 0 ]; then
188	kill -n 19 $PID
189
190	for CHILD in $(ps -o pid,ppid -ax \| awk "{ if ( \$2 == $PID ) { print \$1 } }"); do
191	netjail_kill $CHILD
192	done
193
194	kill $PID
195	fi
196	}
197
198	netjail_killall() {
199	if [ $# -gt 0 ]; then
200	local PIDS=$1
201
202	for PID in $PIDS; do
203	netjail_kill $PID
204	done
205	fi
206	}
207
208	netjail_waitall() {
209	if [ $# -gt 0 ]; then
210	local PIDS=$1
211
212	for PID in $PIDS; do
213	wait $PID
214	done
215	fi
216	}
217