diff options
author | TheJackiMonster <thejackimonster@gmail.com> | 2021-05-07 12:21:14 +0200 |
---|---|---|
committer | TheJackiMonster <thejackimonster@gmail.com> | 2021-05-07 12:21:14 +0200 |
commit | d82d90817dc100c0005447f7513cb549fac4646d (patch) | |
tree | 0b7b14b778644657a3a2383aae923a02ff7f085f /contrib/scripts/netjail | |
parent | 35fb28b9bc616b638d9a8de31633e2d68dca26d0 (diff) | |
download | gnunet-d82d90817dc100c0005447f7513cb549fac4646d.tar.gz gnunet-d82d90817dc100c0005447f7513cb549fac4646d.zip |
-added signal handling and proper cleanup to netjail
Signed-off-by: TheJackiMonster <thejackimonster@gmail.com>
Diffstat (limited to 'contrib/scripts/netjail')
-rwxr-xr-x | contrib/scripts/netjail/netjail_core.sh | 89 | ||||
-rwxr-xr-x | contrib/scripts/netjail/netjail_setup_internet.sh | 54 |
2 files changed, 94 insertions, 49 deletions
diff --git a/contrib/scripts/netjail/netjail_core.sh b/contrib/scripts/netjail/netjail_core.sh index cbf25434b..1cdbca816 100755 --- a/contrib/scripts/netjail/netjail_core.sh +++ b/contrib/scripts/netjail/netjail_core.sh | |||
@@ -10,7 +10,7 @@ JAILOR=${SUDO_USER:?must run in sudo} | |||
10 | export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" | 10 | export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" |
11 | 11 | ||
12 | netjail_opt() { | 12 | netjail_opt() { |
13 | OPT=$1 | 13 | local OPT=$1 |
14 | shift 1 | 14 | shift 1 |
15 | 15 | ||
16 | INDEX=1 | 16 | INDEX=1 |
@@ -29,9 +29,8 @@ netjail_opt() { | |||
29 | } | 29 | } |
30 | 30 | ||
31 | netjail_check() { | 31 | netjail_check() { |
32 | NODE_COUNT=$1 | 32 | local NODE_COUNT=$1 |
33 | 33 | local FD_COUNT=$(($(ls /proc/self/fd | wc -w) - 4)) | |
34 | FD_COUNT=$(($(ls /proc/self/fd | wc -w) - 4)) | ||
35 | 34 | ||
36 | # quit if `$FD_COUNT < ($LOCAL_M * $GLOBAL_N * 2)`: | 35 | # quit if `$FD_COUNT < ($LOCAL_M * $GLOBAL_N * 2)`: |
37 | # the script also requires `sudo -C ($FD_COUNT + 4)` | 36 | # the script also requires `sudo -C ($FD_COUNT + 4)` |
@@ -45,9 +44,8 @@ netjail_check() { | |||
45 | } | 44 | } |
46 | 45 | ||
47 | netjail_check_bin() { | 46 | netjail_check_bin() { |
48 | PROGRAM=$1 | 47 | local PROGRAM=$1 |
49 | 48 | local MATCH=$(ls $(echo $PATH | tr ":" "\n") | grep "^$PROGRAM\$" | tr "\n" " " | awk '{ print $1 }') | |
50 | MATCH=$(ls $(echo $PATH | tr ":" "\n") | grep "^$PROGRAM\$" | tr "\n" " " | awk '{ print $1 }') | ||
51 | 49 | ||
52 | # quit if the required binary $PROGRAM can not be | 50 | # quit if the required binary $PROGRAM can not be |
53 | # found in the used $PATH. | 51 | # found in the used $PATH. |
@@ -63,38 +61,38 @@ netjail_print_name() { | |||
63 | } | 61 | } |
64 | 62 | ||
65 | netjail_bridge() { | 63 | netjail_bridge() { |
66 | BRIDGE=$1 | 64 | local BRIDGE=$1 |
67 | 65 | ||
68 | ip link add $BRIDGE type bridge | 66 | ip link add $BRIDGE type bridge |
69 | ip link set dev $BRIDGE up | 67 | ip link set dev $BRIDGE up |
70 | } | 68 | } |
71 | 69 | ||
72 | netjail_bridge_clear() { | 70 | netjail_bridge_clear() { |
73 | BRIDGE=$1 | 71 | local BRIDGE=$1 |
74 | 72 | ||
75 | ip link delete $BRIDGE | 73 | ip link delete $BRIDGE |
76 | } | 74 | } |
77 | 75 | ||
78 | netjail_node() { | 76 | netjail_node() { |
79 | NODE=$1 | 77 | local NODE=$1 |
80 | 78 | ||
81 | ip netns add $NODE | 79 | ip netns add $NODE |
82 | } | 80 | } |
83 | 81 | ||
84 | netjail_node_clear() { | 82 | netjail_node_clear() { |
85 | NODE=$1 | 83 | local NODE=$1 |
86 | 84 | ||
87 | ip netns delete $NODE | 85 | ip netns delete $NODE |
88 | } | 86 | } |
89 | 87 | ||
90 | netjail_node_link_bridge() { | 88 | netjail_node_link_bridge() { |
91 | NODE=$1 | 89 | local NODE=$1 |
92 | BRIDGE=$2 | 90 | local BRIDGE=$2 |
93 | ADDRESS=$3 | 91 | local ADDRESS=$3 |
94 | MASK=$4 | 92 | local MASK=$4 |
95 | 93 | ||
96 | LINK_IF="$NODE-$BRIDGE-0" | 94 | local LINK_IF="$NODE-$BRIDGE-0" |
97 | LINK_BR="$NODE-$BRIDGE-1" | 95 | local LINK_BR="$NODE-$BRIDGE-1" |
98 | 96 | ||
99 | ip link add $LINK_IF type veth peer name $LINK_BR | 97 | ip link add $LINK_IF type veth peer name $LINK_BR |
100 | ip link set $LINK_IF netns $NODE | 98 | ip link set $LINK_IF netns $NODE |
@@ -108,45 +106,70 @@ netjail_node_link_bridge() { | |||
108 | } | 106 | } |
109 | 107 | ||
110 | netjail_node_unlink_bridge() { | 108 | netjail_node_unlink_bridge() { |
111 | NODE=$1 | 109 | local NODE=$1 |
112 | BRIDGE=$2 | 110 | local BRIDGE=$2 |
113 | 111 | ||
114 | LINK_BR="$NODE-$BRIDGE-1" | 112 | local LINK_BR="$NODE-$BRIDGE-1" |
115 | 113 | ||
116 | ip link delete $LINK_BR | 114 | ip link delete $LINK_BR |
117 | } | 115 | } |
118 | 116 | ||
119 | netjail_node_add_nat() { | 117 | netjail_node_add_nat() { |
120 | NODE=$1 | 118 | local NODE=$1 |
121 | ADDRESS=$2 | 119 | local ADDRESS=$2 |
122 | MASK=$3 | 120 | local MASK=$3 |
123 | 121 | ||
124 | ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE | 122 | ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE |
125 | } | 123 | } |
126 | 124 | ||
127 | netjail_node_add_default() { | 125 | netjail_node_add_default() { |
128 | NODE=$1 | 126 | local NODE=$1 |
129 | ADDRESS=$2 | 127 | local ADDRESS=$2 |
130 | 128 | ||
131 | ip -n $NODE route add default via $ADDRESS | 129 | ip -n $NODE route add default via $ADDRESS |
132 | } | 130 | } |
133 | 131 | ||
134 | netjail_node_exec() { | 132 | netjail_node_exec() { |
135 | NODE=$1 | 133 | local NODE=$1 |
136 | FD_IN=$2 | 134 | local FD_IN=$2 |
137 | FD_OUT=$3 | 135 | local FD_OUT=$3 |
138 | shift 3 | 136 | shift 3 |
139 | 137 | ||
140 | unshare -fp --kill-child -- ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN | 138 | unshare -fp --kill-child -- ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN |
141 | } | 139 | } |
142 | 140 | ||
143 | netjail_kill() { | 141 | netjail_kill() { |
144 | PID=$1 | 142 | local PID=$1 |
143 | local MATCH=$(ps --pid $PID | awk "{ if ( \$1 == $PID ) { print \$1 } }" | wc -l) | ||
145 | 144 | ||
146 | for CHILD in $(ps -o pid,ppid -ax | awk "{ if ( \$2 == $PID ) { print \$1 } }"); do | 145 | if [ $MATCH -gt 0 ]; then |
147 | netjail_kill $CHILD | 146 | kill -n 19 $PID |
148 | done | 147 | |
148 | for CHILD in $(ps -o pid,ppid -ax | awk "{ if ( \$2 == $PID ) { print \$1 } }"); do | ||
149 | netjail_kill $CHILD | ||
150 | done | ||
151 | |||
152 | kill $PID | ||
153 | fi | ||
154 | } | ||
149 | 155 | ||
150 | kill $PID | 156 | netjail_killall() { |
157 | if [ $# -gt 0 ]; then | ||
158 | local PIDS=$1 | ||
159 | |||
160 | for PID in $PIDS; do | ||
161 | netjail_kill $PID | ||
162 | done | ||
163 | fi | ||
164 | } | ||
165 | |||
166 | netjail_waitall() { | ||
167 | if [ $# -gt 0 ]; then | ||
168 | local PIDS=$1 | ||
169 | |||
170 | for PID in $PIDS; do | ||
171 | wait $PID | ||
172 | done | ||
173 | fi | ||
151 | } | 174 | } |
152 | 175 | ||
diff --git a/contrib/scripts/netjail/netjail_setup_internet.sh b/contrib/scripts/netjail/netjail_setup_internet.sh index 7ff25c014..de8ef8f15 100755 --- a/contrib/scripts/netjail/netjail_setup_internet.sh +++ b/contrib/scripts/netjail/netjail_setup_internet.sh | |||
@@ -31,6 +31,7 @@ netjail_check_bin $1 | |||
31 | LOCAL_GROUP="192.168.15" | 31 | LOCAL_GROUP="192.168.15" |
32 | GLOBAL_GROUP="92.68.150" | 32 | GLOBAL_GROUP="92.68.150" |
33 | 33 | ||
34 | CLEANUP=0 | ||
34 | echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/24, stun: $STUN]" | 35 | echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/24, stun: $STUN]" |
35 | 36 | ||
36 | NETWORK_NET=$(netjail_print_name "n" $GLOBAL_N $LOCAL_M) | 37 | NETWORK_NET=$(netjail_print_name "n" $GLOBAL_N $LOCAL_M) |
@@ -90,26 +91,47 @@ for N in $(seq $GLOBAL_N); do | |||
90 | done | 91 | done |
91 | done | 92 | done |
92 | 93 | ||
93 | for PID in $WAITING; do wait $PID; done | 94 | cleanup() { |
94 | for PID in $KILLING; do netjail_kill $PID; done | 95 | if [ $STUN -gt 0 ]; then |
95 | wait | 96 | STUN_NODE=$(netjail_print_name "S" 254) |
96 | 97 | ||
97 | if [ $STUN -gt 0 ]; then | 98 | netjail_node_unlink_bridge $STUN_NODE $NETWORK_NET |
98 | STUN_NODE=$(netjail_print_name "S" 254) | 99 | netjail_node_clear $STUN_NODE |
100 | fi | ||
99 | 101 | ||
100 | netjail_node_unlink_bridge $STUN_NODE $NETWORK_NET | 102 | for N in $(seq $GLOBAL_N); do |
101 | netjail_node_clear $STUN_NODE | 103 | ROUTER_NET=$(netjail_print_name "r" $N) |
102 | fi | ||
103 | 104 | ||
104 | for N in $(seq $GLOBAL_N); do | 105 | for M in $(seq $LOCAL_M); do |
105 | for M in $(seq $LOCAL_M); do | 106 | NODE=$(netjail_print_name "N" $N $M) |
106 | netjail_node_clear $(netjail_print_name "N" $N $M) | 107 | |
108 | netjail_node_unlink_bridge $NODE $ROUTER_NET | ||
109 | netjail_node_clear $NODE | ||
110 | done | ||
111 | |||
112 | ROUTER=$(netjail_print_name "R" $N) | ||
113 | |||
114 | netjail_bridge_clear $ROUTER_NET | ||
115 | netjail_node_unlink_bridge $ROUTER $NETWORK_NET | ||
116 | netjail_node_clear $ROUTER | ||
107 | done | 117 | done |
108 | |||
109 | netjail_bridge_clear $(netjail_print_name "r" $N) | ||
110 | netjail_node_clear $(netjail_print_name "R" $N) | ||
111 | done | ||
112 | 118 | ||
113 | netjail_bridge_clear $NETWORK_NET | 119 | netjail_bridge_clear $NETWORK_NET |
120 | } | ||
121 | |||
122 | trapped_cleanup() { | ||
123 | netjail_killall $WAITING | ||
124 | netjail_killall $KILLING | ||
125 | |||
126 | cleanup | ||
127 | } | ||
128 | |||
129 | trap 'trapped_cleanup' 2 | ||
130 | |||
131 | netjail_waitall $WAITING | ||
132 | netjail_killall $KILLING | ||
133 | wait | ||
134 | |||
135 | cleanup | ||
114 | 136 | ||
115 | echo "Done" | 137 | echo "Done" |