aboutsummaryrefslogtreecommitdiff
path: root/contrib
diff options
context:
space:
mode:
authorMartin Schanzenbach <schanzen@gnunet.org>2022-12-08 15:12:29 +0900
committerMartin Schanzenbach <schanzen@gnunet.org>2022-12-08 15:12:29 +0900
commit17608233d4b1f32591b84a2c980b4361a993d995 (patch)
tree39f06e4f434379903eb52e58d8d6db75466ae920 /contrib
parent3889a387e6f911805ecaf188e7338cdf510c9286 (diff)
parent65d7019e81eec00796065c64d4d6dc278201167a (diff)
downloadgnunet-17608233d4b1f32591b84a2c980b4361a993d995.tar.gz
gnunet-17608233d4b1f32591b84a2c980b4361a993d995.zip
Merge branch 'master' of git+ssh://git.gnunet.org/gnunet
Diffstat (limited to 'contrib')
-rwxr-xr-xcontrib/netjail/netjail_exec.sh2
-rwxr-xr-xcontrib/netjail/netjail_start.sh4
-rwxr-xr-xcontrib/netjail/topo.sh7
-rw-r--r--contrib/scripts/Makefile.am2
-rwxr-xr-xcontrib/scripts/netjail/netjail_core.sh217
-rwxr-xr-xcontrib/scripts/netjail/netjail_setup_internet.sh166
6 files changed, 12 insertions, 386 deletions
diff --git a/contrib/netjail/netjail_exec.sh b/contrib/netjail/netjail_exec.sh
index fa68d90d4..a08f7324b 100755
--- a/contrib/netjail/netjail_exec.sh
+++ b/contrib/netjail/netjail_exec.sh
@@ -11,5 +11,5 @@ N=$2
11 11
12NODE=$6 12NODE=$6
13 13
14#netjail_node_exec_without_fds_and_sudo $NODE valgrind --leak-check=full --track-origins=yes --trace-children=yes $3 $4 $5 $1 $2 $7 $8 14#netjail_node_exec_without_fds_and_sudo $NODE valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --trace-children=yes $3 $4 $5 $1 $2 $7 $8
15netjail_node_exec_without_fds_and_sudo $NODE $3 $4 $5 $1 $2 $7 $8 15netjail_node_exec_without_fds_and_sudo $NODE $3 $4 $5 $1 $2 $7 $8
diff --git a/contrib/netjail/netjail_start.sh b/contrib/netjail/netjail_start.sh
index cdd576f57..5e613048f 100755
--- a/contrib/netjail/netjail_start.sh
+++ b/contrib/netjail/netjail_start.sh
@@ -121,4 +121,8 @@ for N in $(seq $GLOBAL_N); do
121 fi 121 fi
122 ip netns exec ${ROUTERS[$N]} iptables -A FORWARD -d $LOCAL_GROUP.1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 122 ip netns exec ${ROUTERS[$N]} iptables -A FORWARD -d $LOCAL_GROUP.1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
123 fi 123 fi
124 if [ "" != "${R_SCRIPT[$N]}" ]
125 then
126 ip netns exec ${ROUTERS[$N]} ./${R_SCRIPT[$N]}
127 fi
124done 128done
diff --git a/contrib/netjail/topo.sh b/contrib/netjail/topo.sh
index d94fa0bac..de3296b45 100755
--- a/contrib/netjail/topo.sh
+++ b/contrib/netjail/topo.sh
@@ -8,6 +8,7 @@ declare -A R_UDP
8declare -A R_UDP_ALLOWED 8declare -A R_UDP_ALLOWED
9declare -i -A R_UDP_ALLOWED_NUMBER 9declare -i -A R_UDP_ALLOWED_NUMBER
10declare -A P_PLUGIN 10declare -A P_PLUGIN
11declare -A R_SCRIPT
11 12
12extract_attributes() 13extract_attributes()
13{ 14{
@@ -58,6 +59,11 @@ extract_attributes()
58 then 59 then
59 K_PLUGIN[$number]=$value 60 K_PLUGIN[$number]=$value
60 fi 61 fi
62 elif [ "$key" = "script" ]
63 then
64 echo script: $value
65 echo $line_key
66 R_SCRIPT[$number]=$value
61 fi 67 fi
62 else 68 else
63 p1=$(echo $entry|cut -d P -f 2|cut -d } -f 1|cut -d : -f 2) 69 p1=$(echo $entry|cut -d P -f 2|cut -d } -f 1|cut -d : -f 2)
@@ -105,6 +111,7 @@ parse_line(){
105 do 111 do
106 R_TCP[$i]=0 112 R_TCP[$i]=0
107 R_UDP[$i]=0 113 R_UDP[$i]=0
114 R_SCRIPT[$i]=""
108 done 115 done
109 elif [ "$key" = "X" ] 116 elif [ "$key" = "X" ]
110 then 117 then
diff --git a/contrib/scripts/Makefile.am b/contrib/scripts/Makefile.am
index 756119ada..b03f69894 100644
--- a/contrib/scripts/Makefile.am
+++ b/contrib/scripts/Makefile.am
@@ -45,8 +45,6 @@ EXTRA_DIST = \
45 lint/lint-man.sh \ 45 lint/lint-man.sh \
46 lint/lint-python.sh \ 46 lint/lint-python.sh \
47 revisionary.sh \ 47 revisionary.sh \
48 netjail/netjail_core.sh \
49 netjail/netjail_setup_internet.sh \
50 regression.sh \ 48 regression.sh \
51 doc/texinfo-hacks.el \ 49 doc/texinfo-hacks.el \
52 afferify \ 50 afferify \
diff --git a/contrib/scripts/netjail/netjail_core.sh b/contrib/scripts/netjail/netjail_core.sh
deleted file mode 100755
index d53315052..000000000
--- a/contrib/scripts/netjail/netjail_core.sh
+++ /dev/null
@@ -1,217 +0,0 @@
1#!/bin/sh
2#
3
4JAILOR=${SUDO_USER:?must run in sudo}
5PREFIX=${PPID:?must run from a parent process}
6
7# running with `sudo` is required to be
8# able running the actual commands as the
9# original user.
10
11export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
12
13export RESULT=
14export NAMESPACE_NUM=0
15export INTERFACE_NUM=0
16
17netjail_next_namespace() {
18 local NUM=$NAMESPACE_NUM
19 NAMESPACE_NUM=$(($NAMESPACE_NUM + 1))
20 RESULT=$NUM
21}
22
23netjail_next_interface() {
24 local NUM=$INTERFACE_NUM
25 INTERFACE_NUM=$(($INTERFACE_NUM + 1))
26 RESULT=$NUM
27}
28
29netjail_opt() {
30 local OPT=$1
31 shift 1
32
33 INDEX=1
34
35 while [ $# -gt 0 ]; do
36 if [ "$1" = "$OPT" ]; then
37 RESULT=$INDEX
38 return
39 fi
40
41 INDEX=$(($INDEX + 1))
42 shift 1
43 done
44
45 RESULT=0
46}
47
48netjail_opts() {
49 local OPT=$1
50 local DEF=$2
51 shift 2
52
53 while [ $# -gt 0 ]; do
54 if [ "$1" = "$OPT" ]; then
55 printf "$2"
56 return
57 fi
58
59 shift 1
60 done
61
62 RESULT="$DEF"
63}
64
65netjail_check() {
66 local NODE_COUNT=$1
67 local FD_COUNT=$(($(ls /proc/self/fd | wc -w) - 4))
68
69 # quit if `$FD_COUNT < ($LOCAL_M * $GLOBAL_N * 2)`:
70 # the script also requires `sudo -C ($FD_COUNT + 4)`
71 # so you need 'Defaults closefrom_override' in the
72 # sudoers file.
73
74 if [ $FD_COUNT -lt $(($NODE_COUNT * 2)) ]; then
75 echo "File descriptors do not match requirements!" >&2
76 exit 1
77 fi
78}
79
80netjail_check_bin() {
81 local PROGRAM=$1
82 local MATCH=$(ls $(echo $PATH | tr ":" "\n") | grep "^$PROGRAM\$" | tr "\n" " " | awk '{ print $1 }')
83
84 # quit if the required binary $PROGRAM can not be
85 # found in the used $PATH.
86
87 if [ "$MATCH" != "$PROGRAM" ]; then
88 echo "Required binary not found: $PROGRAM" >&2
89 exit 1
90 fi
91}
92
93netjail_bridge() {
94 netjail_next_interface
95 local NUM=$RESULT
96 local BRIDGE=$(printf "%06x-%08x" $PREFIX $NUM)
97
98 ip link add $BRIDGE type bridge
99 ip link set dev $BRIDGE up
100
101 RESULT=$BRIDGE
102}
103
104netjail_bridge_clear() {
105 local BRIDGE=$1
106
107 ip link delete $BRIDGE
108}
109
110netjail_node() {
111 netjail_next_namespace
112 local NUM=$RESULT
113 local NODE=$(printf "%06x-%08x" $PREFIX $NUM)
114
115 ip netns add $NODE
116
117 RESULT=$NODE
118}
119
120netjail_node_clear() {
121 local NODE=$1
122
123 ip netns delete $NODE
124}
125
126netjail_node_link_bridge() {
127 local NODE=$1
128 local BRIDGE=$2
129 local ADDRESS=$3
130 local MASK=$4
131
132 netjail_next_interface
133 local NUM_IF=$RESULT
134 netjail_next_interface
135 local NUM_BR=$RESULT
136
137 local LINK_IF=$(printf "%06x-%08x" $PREFIX $NUM_IF)
138 local LINK_BR=$(printf "%06x-%08x" $PREFIX $NUM_BR)
139
140 ip link add $LINK_IF type veth peer name $LINK_BR
141 ip link set $LINK_IF netns $NODE
142 ip link set $LINK_BR master $BRIDGE
143
144 ip -n $NODE addr add "$ADDRESS/$MASK" dev $LINK_IF
145 ip -n $NODE link set $LINK_IF up
146 ip -n $NODE link set up dev lo
147
148 ip link set $LINK_BR up
149
150 RESULT=$LINK_BR
151}
152
153netjail_node_unlink_bridge() {
154 local LINK_BR=$1
155
156 ip link delete $LINK_BR
157}
158
159netjail_node_add_nat() {
160 local NODE=$1
161 local ADDRESS=$2
162 local MASK=$3
163
164 ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE
165}
166
167netjail_node_add_default() {
168 local NODE=$1
169 local ADDRESS=$2
170
171 ip -n $NODE route add default via $ADDRESS
172}
173
174netjail_node_exec() {
175 local NODE=$1
176 local FD_IN=$2
177 local FD_OUT=$3
178 shift 3
179
180 ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN
181}
182
183netjail_kill() {
184 local PID=$1
185 local MATCH=$(ps --pid $PID | awk "{ if ( \$1 == $PID ) { print \$1 } }" | wc -l)
186
187 if [ $MATCH -gt 0 ]; then
188 kill -n 19 $PID
189
190 for CHILD in $(ps -o pid,ppid -ax | awk "{ if ( \$2 == $PID ) { print \$1 } }"); do
191 netjail_kill $CHILD
192 done
193
194 kill $PID
195 fi
196}
197
198netjail_killall() {
199 if [ $# -gt 0 ]; then
200 local PIDS=$1
201
202 for PID in $PIDS; do
203 netjail_kill $PID
204 done
205 fi
206}
207
208netjail_waitall() {
209 if [ $# -gt 0 ]; then
210 local PIDS=$1
211
212 for PID in $PIDS; do
213 wait $PID
214 done
215 fi
216}
217
diff --git a/contrib/scripts/netjail/netjail_setup_internet.sh b/contrib/scripts/netjail/netjail_setup_internet.sh
deleted file mode 100755
index ea820f38c..000000000
--- a/contrib/scripts/netjail/netjail_setup_internet.sh
+++ /dev/null
@@ -1,166 +0,0 @@
1#!/bin/bash
2
3. "./netjail_core.sh"
4
5set -eu
6set -x
7
8export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
9
10PREFIX=$PPID
11LOCAL_M=$1
12GLOBAL_N=$2
13
14shift 2
15
16netjail_check $(($LOCAL_M * $GLOBAL_N))
17
18# Starts optionally an amount of nodes without NAT starting with "92.68.151.1"
19netjail_opt '--known' $@
20KNOWN=$RESULT
21netjail_opts '--known' 0 $@
22KNOWN_NUM=$RESULT
23
24# Starts optionally 'stunserver' on "92.68.150.254":
25netjail_opt '--stun' $@
26STUN=$RESULT
27
28if [ $KNOWN -gt 0 ]; then
29 shift 2
30
31 KNOWN=$KNOWN_NUM
32
33 netjail_check $(($LOCAL_M * $GLOBAL_N + $KNOWN))
34fi
35
36if [ $STUN -gt 0 ]; then
37 netjail_check_bin stunserver
38
39 shift 1
40fi
41
42netjail_check_bin $1
43
44LOCAL_GROUP="192.168.15"
45GLOBAL_GROUP="92.68.150"
46KNOWN_GROUP="92.68.151"
47
48CLEANUP=0
49echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/16, stun: $STUN]"
50
51netjail_bridge
52NETWORK_NET=$RESULT
53
54for X in $(seq $KNOWN); do
55 netjail_node
56 KNOWN_NODES[$X]=$RESULT
57 netjail_node_link_bridge ${KNOWN_NODES[$X]} $NETWORK_NET "$KNOWN_GROUP.$X" 16
58 KNOWN_LINKS[$X]=$RESULT
59done
60
61declare -A NODES
62declare -A NODE_LINKS
63
64for N in $(seq $GLOBAL_N); do
65 netjail_node
66 ROUTERS[$N]=$RESULT
67 netjail_node_link_bridge ${ROUTERS[$N]} $NETWORK_NET "$GLOBAL_GROUP.$N" 16
68 NETWORK_LINKS[$N]=$RESULT
69 netjail_bridge
70 ROUTER_NETS[$N]=$RESULT
71
72 for M in $(seq $LOCAL_M); do
73 netjail_node
74 NODES[$N,$M]=$RESULT
75 netjail_node_link_bridge ${NODES[$N,$M]} ${ROUTER_NETS[$N]} "$LOCAL_GROUP.$M" 24
76 NODE_LINKS[$N,$M]=$RESULT
77 done
78
79 ROUTER_ADDR="$LOCAL_GROUP.$(($LOCAL_M+1))"
80 netjail_node_link_bridge ${ROUTERS[$N]} ${ROUTER_NETS[$N]} $ROUTER_ADDR 24
81 ROUTER_LINKS[$N]=$RESULT
82
83 netjail_node_add_nat ${ROUTERS[$N]} $ROUTER_ADDR 24
84
85 for M in $(seq $LOCAL_M); do
86 netjail_node_add_default ${NODES[$N,$M]} $ROUTER_ADDR
87 done
88done
89
90WAITING=""
91KILLING=""
92
93if [ $STUN -gt 0 ]; then
94 netjail_node
95 STUN_NODE=$RESULT
96 netjail_node_link_bridge $STUN_NODE $NETWORK_NET "$GLOBAL_GROUP.254" 16
97 STUN_LINK=$RESULT
98
99 netjail_node_exec $STUN_NODE 0 1 stunserver &
100 KILLING="$!"
101fi
102
103for X in $(seq $KNOWN); do
104 INDEX=$(($X - 1))
105
106 FD_X=$(($INDEX * 2 + 3 + 0))
107 FD_Y=$(($INDEX * 2 + 3 + 1))
108
109 netjail_node_exec ${KNOWN_NODES[$X]} $FD_X $FD_Y $@ &
110 WAITING="$! $WAITING"
111done
112
113for N in $(seq $GLOBAL_N); do
114 for M in $(seq $LOCAL_M); do
115 INDEX=$(($LOCAL_M * ($N - 1) + $M - 1 + $KNOWN))
116
117 FD_X=$(($INDEX * 2 + 3 + 0))
118 FD_Y=$(($INDEX * 2 + 3 + 1))
119
120 netjail_node_exec ${NODES[$N,$M]} $FD_X $FD_Y $@ &
121 WAITING="$! $WAITING"
122 done
123done
124
125cleanup() {
126 if [ $STUN -gt 0 ]; then
127 netjail_node_unlink_bridge $STUN_LINK
128 netjail_node_clear $STUN_NODE
129 fi
130
131 for X in $(seq $KNOWN); do
132 netjail_node_unlink_bridge ${KNOWN_LINKS[$X]}
133 netjail_node_clear ${KNOWN_NODES[$X]}
134 done
135
136 for N in $(seq $GLOBAL_N); do
137 for M in $(seq $LOCAL_M); do
138 netjail_node_unlink_bridge ${NODE_LINKS[$N,$M]}
139 netjail_node_clear ${NODES[$N,$M]}
140 done
141
142 netjail_node_unlink_bridge ${ROUTER_LINKS[$N]}
143 netjail_bridge_clear ${ROUTER_NETS[$N]}
144 netjail_node_unlink_bridge ${NETWORK_LINKS[$N]}
145 netjail_node_clear ${ROUTERS[$N]}
146 done
147
148 netjail_bridge_clear $NETWORK_NET
149}
150
151trapped_cleanup() {
152 netjail_killall $WAITING
153 netjail_killall $KILLING
154
155 cleanup
156}
157
158trap 'trapped_cleanup' ERR
159
160netjail_waitall $WAITING
161netjail_killall $KILLING
162wait
163
164cleanup
165
166echo "Done"