aboutsummaryrefslogtreecommitdiff
path: root/contrib
diff options
context:
space:
mode:
authorTheJackiMonster <thejackimonster@gmail.com>2021-04-19 21:21:09 +0200
committerTheJackiMonster <thejackimonster@gmail.com>2021-04-19 21:21:09 +0200
commit1fc1b732d334d86d16c5284a9363033bce678096 (patch)
tree48d7f1dad827b589513f4a56df15568dc0f4ac7c /contrib
parentf022b206a5378f4c9d0e12c4cffc51801fbc83bf (diff)
downloadgnunet-1fc1b732d334d86d16c5284a9363033bce678096.tar.gz
gnunet-1fc1b732d334d86d16c5284a9363033bce678096.zip
-first netjail setup with NATs integrated
Signed-off-by: TheJackiMonster <thejackimonster@gmail.com>
Diffstat (limited to 'contrib')
-rwxr-xr-xcontrib/scripts/netjail/netjail_core.sh100
-rwxr-xr-xcontrib/scripts/netjail/netjail_setup_internet.sh81
2 files changed, 181 insertions, 0 deletions
diff --git a/contrib/scripts/netjail/netjail_core.sh b/contrib/scripts/netjail/netjail_core.sh
new file mode 100755
index 000000000..6a18ea902
--- /dev/null
+++ b/contrib/scripts/netjail/netjail_core.sh
@@ -0,0 +1,100 @@
1#!/bin/sh
2#
3
4JAILOR=${SUDO_USER:?must run in sudo}
5
6# running with `sudo` is required to be
7# able running the actual commands as the
8# original user.
9
10export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
11
12netjail_check() {
13 NODE_COUNT=$1
14
15 FD_COUNT=$(($(ls /proc/self/fd | wc -w) - 4))
16
17 # quit if `$FD_COUNT < ($LOCAL_M * $GLOBAL_N * 2)`:
18 # the script also requires `sudo -C ($FD_COUNT + 4)`
19 # so you need 'Defaults closefrom_override' in the
20 # sudoers file.
21
22 if [ $FD_COUNT -lt $(($NODE_COUNT * 2)) ]; then
23 echo "File descriptors do not match requirements!" >&2
24 exit 1
25 fi
26}
27
28netjail_print_name() {
29 printf "%s%02x%02x" $1 $2 ${3:-0}
30}
31
32netjail_bridge() {
33 BRIDGE=$1
34
35 ip link add $BRIDGE type bridge
36 ip link set dev $BRIDGE up
37}
38
39netjail_bridge_clear() {
40 BRIDGE=$1
41
42 ip link delete $BRIDGE
43}
44
45netjail_node() {
46 NODE=$1
47
48 ip netns add $NODE
49}
50
51netjail_node_clear() {
52 NODE=$1
53
54 ip netns delete $NODE
55}
56
57netjail_node_link_bridge() {
58 NODE=$1
59 BRIDGE=$2
60 ADDRESS=$3
61 MASK=$4
62
63 LINK_IF="$NODE-$BRIDGE-0"
64 LINK_BR="$NODE-$BRIDGE-1"
65
66 ip link add $LINK_IF type veth peer name $LINK_BR
67 ip link set $LINK_IF netns $NODE
68 ip link set $LINK_BR master $BRIDGE
69
70 ip -n $NODE addr add "$ADDRESS/$MASK" dev $LINK_IF
71 ip -n $NODE link set $LINK_IF up
72 ip -n $NODE link set up dev lo
73
74 ip link set $LINK_BR up
75}
76
77netjail_node_add_nat() {
78 NODE=$1
79 ADDRESS=$2
80 MASK=$3
81
82 ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE
83}
84
85netjail_node_add_default() {
86 NODE=$1
87 ADDRESS=$2
88
89 ip -n $NODE route add default via $ADDRESS
90}
91
92netjail_node_exec() {
93 NODE=$1
94 FD_IN=$2
95 FD_OUT=$3
96 shift 3
97
98 unshare -fp --kill-child -- ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN
99}
100
diff --git a/contrib/scripts/netjail/netjail_setup_internet.sh b/contrib/scripts/netjail/netjail_setup_internet.sh
new file mode 100755
index 000000000..d99709555
--- /dev/null
+++ b/contrib/scripts/netjail/netjail_setup_internet.sh
@@ -0,0 +1,81 @@
1#!/bin/sh
2. "./netjail_core.sh"
3
4set -eu
5set -x
6
7export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
8
9LOCAL_M=$1
10GLOBAL_N=$2
11
12# TODO: stunserver? ..and globally known peer?
13
14shift 2
15
16netjail_check $(($LOCAL_M * $GLOBAL_N))
17
18LOCAL_GROUP="192.168.15"
19GLOBAL_GROUP="92.68.150"
20
21echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/24]"
22
23NETWORK_NET=$(netjail_print_name "n" $GLOBAL_N $LOCAL_M)
24
25netjail_bridge $NETWORK_NET
26
27for N in $(seq $GLOBAL_N); do
28 ROUTER=$(netjail_print_name "R" $N)
29
30 netjail_node $ROUTER
31 netjail_node_link_bridge $ROUTER $NETWORK_NET "$GLOBAL_GROUP.$N" 24
32
33 ROUTER_NET=$(netjail_print_name "r" $N)
34
35 netjail_bridge $ROUTER_NET
36
37 for M in $(seq $LOCAL_M); do
38 NODE=$(netjail_print_name "N" $N $M)
39
40 netjail_node $NODE
41 netjail_node_link_bridge $NODE $ROUTER_NET "$LOCAL_GROUP.$M" 24
42 done
43
44 ROUTER_ADDR="$LOCAL_GROUP.$(($LOCAL_M+1))"
45
46 netjail_node_link_bridge $ROUTER $ROUTER_NET $ROUTER_ADDR 24
47 netjail_node_add_nat $ROUTER $ROUTER_ADDR 24
48
49 for M in $(seq $LOCAL_M); do
50 NODE=$(netjail_print_name "N" $N $M)
51
52 netjail_node_add_default $NODE $ROUTER_ADDR
53 done
54done
55
56for N in $(seq $GLOBAL_N); do
57 for M in $(seq $LOCAL_M); do
58 NODE=$(netjail_print_name "N" $N $M)
59 INDEX=$(($LOCAL_M * ($N - 1) + $M - 1))
60
61 FD_X=$(($INDEX * 2 + 3 + 0))
62 FD_Y=$(($INDEX * 2 + 3 + 1))
63
64 netjail_node_exec $NODE $FD_X $FD_Y $@ &
65 done
66done
67
68wait
69
70for N in $(seq $GLOBAL_N); do
71 for M in $(seq $LOCAL_M); do
72 netjail_node_clear $(netjail_print_name "N" $N $M)
73 done
74
75 netjail_bridge_clear $(netjail_print_name "r" $N)
76 netjail_node_clear $(netjail_print_name "R" $N)
77done
78
79netjail_bridge_clear $NETWORK_NET
80
81echo "Done"