- moved global netjail methods to its own header file.dev/t3ss/tng

- added configuration by string in test skript instead of config file. - moved netjail scripts to contrib/netjail and install them into the share/gnunet directory.
author: t3sserakt <t3ss@posteo.de> 2021-11-09 17:38:47 +0100
committer: t3sserakt <t3ss@posteo.de> 2021-11-09 17:43:25 +0100
commit: 8cd4dadfb9ebd4db232fda79d5c4353eacb15690 (patch)
tree: a063e52d71d1b6611371f6c129c6ae1b0215cf99 /contrib
parent: 6fb788ca2ec44837ea10a36be7fd0030fb08955b (diff)
download: gnunet-8cd4dadfb9ebd4db232fda79d5c4353eacb15690.tar.gz
gnunet-8cd4dadfb9ebd4db232fda79d5c4353eacb15690.zip
6 files changed, 544 insertions, 0 deletions
diff --git a/contrib/Makefile.am b/contrib/Makefile.am
index 464016ee8..44b0ff76d 100644
--- a/contrib/Makefile.am
+++ b/contrib/Makefile.am
@@ -24,6 +24,10 @@ dist_pkgdata_DATA = \
  branding/logo/gnunet-logo-big.png \
  branding/logo/gnunet-logo.pdf \
  testing_hostkeys.ecc \
+  netjail/netjail_core.sh \
+  netjail/netjail_start.sh \
+  netjail/netjail_stop.sh \
+  netjail/topo.sh \
  $(BUILDCOMMON_SHLIB_FILES)
 INITD_FILES = \
@@ -240,4 +244,11 @@ aclocaldir = $(datadir)/aclocal
 aclocal_DATA = \
  gnunet.m4
+install-data-hook:
+        chmod o+x $(pkgdatadir)/netjail_core.sh
+        chmod o+x $(pkgdatadir)/netjail_start.sh
+        chmod o+x $(pkgdatadir)/netjail_stop.sh
+        chmod o+x $(pkgdatadir)/netjail_exec.sh
+        chmod o+x $(pkgdatadir)/topo.sh
 ## EOF
diff --git a/contrib/netjail/netjail_core.sh b/contrib/netjail/netjail_core.sh
new file mode 100755
index 000000000..ed363cf35
--- /dev/null
+++ b/contrib/netjail/netjail_core.sh
@@ -0,0 +1,260 @@
+#!/bin/sh
+# 
+PREFIX=${PPID:?must run from a parent process}
+# running with `sudo` is required to be
+# able running the actual commands as the
+# original user.
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+export RESULT=
+export NAMESPACE_NUM=0
+export INTERFACE_NUM=0
+netjail_next_namespace() {
+        local NUM=$NAMESPACE_NUM
+        NAMESPACE_NUM=$(($NAMESPACE_NUM + 1))
+        RESULT=$NUM
+}
+netjail_next_interface() {
+        local NUM=$INTERFACE_NUM
+        INTERFACE_NUM=$(($INTERFACE_NUM + 1))
+        RESULT=$NUM
+}
+netjail_opt() {
+        local OPT=$1
+        shift 1
+        INDEX=1
+        while [ $# -gt 0 ]; do
+                if [ "$1" = "$OPT" ]; then
+                        RESULT=$INDEX
+                        return
+                fi
+                INDEX=$(($INDEX + 1))
+                shift 1
+        done
+        RESULT=0
+}
+netjail_opts() {
+        local OPT=$1
+        local DEF=$2
+        shift 2
+        
+        while [ $# -gt 0 ]; do
+                if [ "$1" = "$OPT" ]; then
+                        printf "$2"
+                        return
+                fi
+                shift 1
+        done
+        
+        RESULT="$DEF"
+}
+netjail_check() {
+        local NODE_COUNT=$1
+        local FD_COUNT=$(($(ls /proc/self/fd | wc -w) - 4))
+        # quit if `$FD_COUNT < ($LOCAL_M * $GLOBAL_N * 2)`:
+        # the script also requires `sudo -C ($FD_COUNT + 4)`
+        # so you need 'Defaults closefrom_override' in the
+        # sudoers file.
+        if [ $FD_COUNT -lt $(($NODE_COUNT * 2)) ]; then
+                echo "File descriptors do not match requirements!" >&2
+                exit 1
+        fi
+}
+netjail_check_bin() {
+        local PROGRAM=$1
+        local MATCH=$(ls $(echo $PATH | tr ":" "\n") | grep "^$PROGRAM\$" | tr "\n" " " | awk '{ print $1 }')
+        # quit if the required binary $PROGRAM can not be
+        # found in the used $PATH.
+        if [ "$MATCH" != "$PROGRAM" ]; then
+                echo "Required binary not found: $PROGRAM" >&2
+                exit 1
+        fi
+}
+netjail_bridge() {
+        netjail_next_interface
+        local NUM=$RESULT
+        local BRIDGE=$(printf "%06x-%08x" $PREFIX $NUM)
+        ip link add $BRIDGE type bridge
+        ip link set dev $BRIDGE up
+        
+        RESULT=$BRIDGE
+}
+netjail_bridge_name() {
+        netjail_next_interface
+        local NUM=$RESULT
+        local BRIDGE=$(printf "%06x-%08x" $PREFIX $NUM)
+        
+        RESULT=$BRIDGE
+}
+netjail_bridge_clear() {
+        local BRIDGE=$1
+        ip link delete $BRIDGE
+}
+netjail_node() {
+        netjail_next_namespace
+        local NUM=$RESULT
+        local NODE=$(printf "%06x-%08x" $PREFIX $NUM)
+        ip netns add $NODE
+        
+        RESULT=$NODE
+}
+netjail_node_name() {
+        netjail_next_namespace
+        local NUM=$RESULT
+        local NODE=$(printf "%06x-%08x" $PREFIX $NUM)
+        
+        RESULT=$NODE
+}
+netjail_node_clear() {
+        local NODE=$1
+        ip netns delete $NODE
+}
+netjail_node_link_bridge() {
+        local NODE=$1
+        local BRIDGE=$2
+        local ADDRESS=$3
+        local MASK=$4
+        
+        netjail_next_interface
+        local NUM_IF=$RESULT
+        netjail_next_interface
+        local NUM_BR=$RESULT
+        
+        local LINK_IF=$(printf "%06x-%08x" $PREFIX $NUM_IF)
+        local LINK_BR=$(printf "%06x-%08x" $PREFIX $NUM_BR)
+        ip link add $LINK_IF type veth peer name $LINK_BR
+        ip link set $LINK_IF netns $NODE
+        ip link set $LINK_BR master $BRIDGE
+        ip -n $NODE addr add "$ADDRESS/$MASK" broadcast + dev $LINK_IF
+        ip -n $NODE link set $LINK_IF up
+        ip -n $NODE link set up dev lo
+        ip link set $LINK_BR up
+        
+        RESULT=$LINK_BR
+}
+netjail_node_link_bridge_name() {
+        
+        netjail_next_interface
+        netjail_next_interface
+        local NUM_BR=$RESULT
+        
+        local LINK_BR=$(printf "%06x-%08x" $PREFIX $NUM_BR)
+        
+        RESULT=$LINK_BR
+}
+netjail_node_unlink_bridge() {
+        local LINK_BR=$1
+        ip link delete $LINK_BR
+}
+netjail_node_add_nat() {
+        local NODE=$1
+        local ADDRESS=$2
+        local MASK=$3
+        ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE
+}
+netjail_node_add_default() {
+        local NODE=$1
+        local ADDRESS=$2
+        ip -n $NODE route add default via $ADDRESS
+}
+netjail_node_exec() {
+    JAILOR=${SUDO_USER:?must run in sudo}
+        local NODE=$1
+        local FD_IN=$2
+        local FD_OUT=$3
+        shift 3
+        ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN
+}
+netjail_node_exec_without_fds() {
+    JAILOR=${SUDO_USER:?must run in sudo}
+        NODE=$1
+        shift 1
+        ip netns exec $NODE sudo -u $JAILOR -- $@
+}
+netjail_node_exec_without_fds_and_sudo() {
+        NODE=$1
+        shift 1
+        ip netns exec $NODE $@
+}
+netjail_kill() {
+        local PID=$1
+        local MATCH=$(ps --pid $PID | awk "{ if ( \$1 == $PID ) { print \$1 } }" | wc -l)
+        if [ $MATCH -gt 0 ]; then
+                kill -n 19 $PID
+                for CHILD in $(ps -o pid,ppid -ax | awk "{ if ( \$2 == $PID ) { print \$1 } }"); do
+                        netjail_kill $CHILD
+                done
+                kill $PID
+        fi
+}
+netjail_killall() {
+        if [ $# -gt 0 ]; then
+                local PIDS=$1
+                for PID in $PIDS; do
+                        netjail_kill $PID
+                done
+        fi
+}
+netjail_waitall() {
+        if [ $# -gt 0 ]; then
+                local PIDS=$1
+                for PID in $PIDS; do
+                        wait $PID
+                done
+        fi
+}
diff --git a/contrib/netjail/netjail_exec.sh b/contrib/netjail/netjail_exec.sh
new file mode 100755
index 000000000..ab4aad5b8
--- /dev/null
+++ b/contrib/netjail/netjail_exec.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+. "$(dirname $0)/netjail_core.sh"
+set -eu
+set -x
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+M=$1
+N=$2
+NODE=$6
+netjail_node_exec_without_fds_and_sudo $NODE $3 $4 $5 $1 $2 $7 $8
diff --git a/contrib/netjail/netjail_start.sh b/contrib/netjail/netjail_start.sh
new file mode 100755
index 000000000..997ad0a95
--- /dev/null
+++ b/contrib/netjail/netjail_start.sh
@@ -0,0 +1,81 @@
+#!/bin/bash
+. "$(dirname $0)/netjail_core.sh"
+. "$(dirname $0)/topo.sh"
+set -eu
+set -x
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+filename=$1
+PREFIX=$2
+readfile=$3
+if [ $readfile -eq 0 ]
+then
+    read_topology_string "$filename"
+else
+    echo read file
+    read_topology $filename
+fi
+shift 2
+LOCAL_GROUP="192.168.15"
+GLOBAL_GROUP="92.68.150"
+KNOWN_GROUP="92.68.151"
+echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/16]"
+netjail_bridge
+NETWORK_NET=$RESULT
+for X in $(seq $KNOWN); do
+        netjail_node
+        KNOWN_NODES[$X]=$RESULT
+        netjail_node_link_bridge ${KNOWN_NODES[$X]} $NETWORK_NET "$KNOWN_GROUP.$X" 16
+        KNOWN_LINKS[$X]=$RESULT
+done
+declare -A NODES
+declare -A NODE_LINKS
+for N in $(seq $GLOBAL_N); do
+        netjail_node
+        ROUTERS[$N]=$RESULT
+        netjail_node_link_bridge ${ROUTERS[$N]} $NETWORK_NET "$GLOBAL_GROUP.$N" 16
+        NETWORK_LINKS[$N]=$RESULT
+        netjail_bridge
+        ROUTER_NETS[$N]=$RESULT
+        
+        for M in $(seq $LOCAL_M); do
+                netjail_node
+                NODES[$N,$M]=$RESULT
+                netjail_node_link_bridge ${NODES[$N,$M]} ${ROUTER_NETS[$N]} "$LOCAL_GROUP.$M" 24
+                NODE_LINKS[$N,$M]=$RESULT
+        done
+        ROUTER_ADDR="$LOCAL_GROUP.$(($LOCAL_M+1))"
+        netjail_node_link_bridge ${ROUTERS[$N]} ${ROUTER_NETS[$N]} $ROUTER_ADDR 24
+        ROUTER_LINKS[$N]=$RESULT
+        
+        netjail_node_add_nat ${ROUTERS[$N]} $ROUTER_ADDR 24
+        
+        for M in $(seq $LOCAL_M); do
+                netjail_node_add_default ${NODES[$N,$M]} $ROUTER_ADDR
+        done
+    # TODO Topology configuration must be enhanced to configure forwarding to more than one subnet node via different ports.
+    
+    if [ "1" == "${R_TCP[$N]}" ]
+    then
+        ip netns exec ${ROUTERS[$N]} iptables -t nat -A PREROUTING -p tcp -d $GLOBAL_GROUP.$N --dport 60002 -j DNAT --to $LOCAL_GROUP.1
+        ip netns exec ${ROUTERS[$N]} iptables -A FORWARD -d $LOCAL_GROUP.1  -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
+    fi
+    if [ "1" == "${R_UDP[$N]}" ]
+    then
+        ip netns exec ${ROUTERS[$N]} iptables -t nat -A PREROUTING -p udp -d $GLOBAL_GROUP.$N --dport 60002 -j DNAT --to $LOCAL_GROUP.1
+        ip netns exec ${ROUTERS[$N]} iptables -A FORWARD -d $LOCAL_GROUP.1  -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
+    fi
+done
diff --git a/contrib/netjail/netjail_stop.sh b/contrib/netjail/netjail_stop.sh
new file mode 100755
index 000000000..c8739dc94
--- /dev/null
+++ b/contrib/netjail/netjail_stop.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+. "$(dirname $0)/netjail_core.sh"
+. "$(dirname $0)/topo.sh"
+set -eu
+set -x
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+filename=$1
+PREFIX=$2
+readfile=$3
+if [ $readfile -eq 0 ]
+then
+    read_topology_string $filename
+else
+    read_topology $filename
+fi
+declare -A NODES
+declare -A NODE_LINKS
+netjail_bridge_name
+NETWORK_NET=$RESULT
+for X in $(seq $KNOWN); do
+    netjail_node_name
+        KNOWN_NODES[$X]=$RESULT
+    netjail_node_link_bridge_name
+    KNOWN_LINKS[$X]=$RESULT
+    netjail_node_unlink_bridge ${KNOWN_LINKS[$X]}
+        netjail_node_clear ${KNOWN_NODES[$X]}
+done
+for N in $(seq $GLOBAL_N); do
+    netjail_node_name
+        ROUTERS[$N]=$RESULT
+    netjail_node_link_bridge_name
+    NETWORK_LINKS[$N]=$RESULT
+    netjail_bridge_name
+    ROUTER_NETS[$N]=$RESULT
+    netjail_node_link_bridge_name
+    ROUTER_LINKS[$N]=$RESULT
+    netjail_node_unlink_bridge ${ROUTER_LINKS[$N]}
+    
+        for M in $(seq $LOCAL_M); do
+        netjail_node_name
+                NODES[$N,$M]=$RESULT
+        netjail_node_link_bridge_name
+        NODE_LINKS[$N,$M]=$RESULT
+                netjail_node_unlink_bridge ${NODE_LINKS[$N,$M]}
+                netjail_node_clear ${NODES[$N,$M]}
+        done
+        
+        netjail_bridge_clear ${ROUTER_NETS[$N]}
+        netjail_node_unlink_bridge ${NETWORK_LINKS[$N]}
+        netjail_node_clear ${ROUTERS[$N]}
+done
+netjail_bridge_clear $NETWORK_NET
+echo "Done"
diff --git a/contrib/netjail/topo.sh b/contrib/netjail/topo.sh
new file mode 100755
index 000000000..9af017ff0
--- /dev/null
+++ b/contrib/netjail/topo.sh
@@ -0,0 +1,113 @@
+#!/bin/bash
+declare -A K_PLUGIN
+declare -A R_TCP
+declare -A R_UDP
+declare -A P_PLUGIN
+extract_attributes()
+{
+    line_key=$1
+    line=$2
+    
+    if [ "$line_key" = "P" ]
+    then
+        n=$(echo $line|cut -d \| -f 1|awk -F: '{print $2}')
+        echo $n
+        m=$(echo $line|cut -d \| -f 1|awk -F: '{print $3}')
+        echo $m
+    else
+        number=$(echo $line|cut -d \| -f 1| cut -c 2-|cut -d : -f 2 )
+        echo $number
+    fi
+    nf=$(echo $line|awk -F: '{print NF}')
+    for ((i=2;i<=$nf;i++))
+    do
+        entry=$(echo $line |awk -v i=$i -F\| '{print $i}')
+        key=$(echo $entry|cut -d { -f 2|cut -d } -f 1|cut -d : -f 1)
+        value=$(echo $entry|cut -d { -f 2|cut -d } -f 1|cut -d : -f 2)
+        if [ "$key" = "tcp_port" ]
+        then
+            echo tcp port: $value
+            R_TCP[$number]=$value
+        elif [ "$key" = "udp_port" ]
+        then
+            echo udp port: $value
+            R_UDP[$number]=$value
+        elif [ "$key" = "plugin" ]
+        then
+            echo plugin: $value
+            echo $line_key
+            if [ "$line_key" = "P" ]
+            then
+                P_PLUGIN[$n,$m]=$value
+                echo $n $m ${P_PLUGIN[$n,$m]}
+            elif [ "$line_key" = "K" ]
+            then
+                K_PLUGIN[$number]=$value
+            fi
+        fi
+    done
+}
+parse_line(){
+    line=$1
+    echo $line
+    key=$(cut -c -1 <<< $line)
+    if [ "$key" = "M" ]
+    then
+        LOCAL_M=$(cut -d : -f 2 <<< $line)
+        echo $LOCAL_M
+    elif [ "$key" = "N" ]
+    then
+        GLOBAL_N=$(cut -d : -f 2 <<< $line)
+        echo $GLOBAL_N
+    for ((i=1;i<=$GLOBAL_N;i++))
+    do
+        R_TCP[$i]=0
+        R_UDP[$i]=0
+    done    
+    elif [ "$key" = "X" ]
+    then
+        KNOWN=$(cut -d : -f 2 <<< $line)
+        echo $KNOWN
+    elif [ "$key" = "T" ]
+    then
+        PLUGIN=$(cut -d : -f 2 <<< $line)
+        echo $PLUGIN
+    elif [ "$key" = "K" ]
+    then
+        echo know node
+        extract_attributes $key $line
+    elif [ "$key" = "R" ]
+    then
+        echo router
+        extract_attributes $key $line
+    elif [ "$key" = "P" ]
+    then
+        echo node
+        extract_attributes $key $line
+    fi
+}
+read_topology_string(){
+    string=$1
+    IFS=' ' read -r -a array <<< $string
+    for element in "${array[@]}"
+    do
+        echo $element
+        parse_line $element
+    done
+}
+read_topology(){
+    local filename=$1
+    while read line; do
+        # reading each line
+        parse_line $line
+    done < $filename
+}
author	t3sserakt <t3ss@posteo.de>	2021-11-09 17:38:47 +0100
committer	t3sserakt <t3ss@posteo.de>	2021-11-09 17:43:25 +0100
commit	8cd4dadfb9ebd4db232fda79d5c4353eacb15690 (patch)
tree	a063e52d71d1b6611371f6c129c6ae1b0215cf99 /contrib
parent	6fb788ca2ec44837ea10a36be7fd0030fb08955b (diff)
download	gnunet-8cd4dadfb9ebd4db232fda79d5c4353eacb15690.tar.gz gnunet-8cd4dadfb9ebd4db232fda79d5c4353eacb15690.zip

diff --git a/contrib/Makefile.am b/contrib/Makefile.am index 464016ee8..44b0ff76d 100644 --- a/contrib/Makefile.am +++ b/contrib/Makefile.am
@@ -24,6 +24,10 @@ dist_pkgdata_DATA = \
24	branding/logo/gnunet-logo-big.png \	24	branding/logo/gnunet-logo-big.png \
25	branding/logo/gnunet-logo.pdf \	25	branding/logo/gnunet-logo.pdf \
26	testing_hostkeys.ecc \	26	testing_hostkeys.ecc \
		27	netjail/netjail_core.sh \
		28	netjail/netjail_start.sh \
		29	netjail/netjail_stop.sh \
		30	netjail/topo.sh \
27	$(BUILDCOMMON_SHLIB_FILES)	31	$(BUILDCOMMON_SHLIB_FILES)
28		32
29	INITD_FILES = \	33	INITD_FILES = \
@@ -240,4 +244,11 @@ aclocaldir = $(datadir)/aclocal
240	aclocal_DATA = \	244	aclocal_DATA = \
241	gnunet.m4	245	gnunet.m4
242		246
		247	install-data-hook:
		248	chmod o+x $(pkgdatadir)/netjail_core.sh
		249	chmod o+x $(pkgdatadir)/netjail_start.sh
		250	chmod o+x $(pkgdatadir)/netjail_stop.sh
		251	chmod o+x $(pkgdatadir)/netjail_exec.sh
		252	chmod o+x $(pkgdatadir)/topo.sh
		253
243	## EOF	254	## EOF


diff --git a/contrib/netjail/netjail_core.sh b/contrib/netjail/netjail_core.sh new file mode 100755 index 000000000..ed363cf35 --- /dev/null +++ b/contrib/netjail/netjail_core.sh
@@ -0,0 +1,260 @@
		1	#!/bin/sh
		2	#
		3
		4
		5	PREFIX=${PPID:?must run from a parent process}
		6
		7	# running with `sudo` is required to be
		8	# able running the actual commands as the
		9	# original user.
		10
		11	export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
		12
		13	export RESULT=
		14	export NAMESPACE_NUM=0
		15	export INTERFACE_NUM=0
		16
		17	netjail_next_namespace() {
		18	local NUM=$NAMESPACE_NUM
		19	NAMESPACE_NUM=$(($NAMESPACE_NUM + 1))
		20	RESULT=$NUM
		21	}
		22
		23	netjail_next_interface() {
		24	local NUM=$INTERFACE_NUM
		25	INTERFACE_NUM=$(($INTERFACE_NUM + 1))
		26	RESULT=$NUM
		27	}
		28
		29	netjail_opt() {
		30	local OPT=$1
		31	shift 1
		32
		33	INDEX=1
		34
		35	while [ $# -gt 0 ]; do
		36	if [ "$1" = "$OPT" ]; then
		37	RESULT=$INDEX
		38	return
		39	fi
		40
		41	INDEX=$(($INDEX + 1))
		42	shift 1
		43	done
		44
		45	RESULT=0
		46	}
		47
		48	netjail_opts() {
		49	local OPT=$1
		50	local DEF=$2
		51	shift 2
		52
		53	while [ $# -gt 0 ]; do
		54	if [ "$1" = "$OPT" ]; then
		55	printf "$2"
		56	return
		57	fi
		58
		59	shift 1
		60	done
		61
		62	RESULT="$DEF"
		63	}
		64
		65	netjail_check() {
		66	local NODE_COUNT=$1
		67	local FD_COUNT=$(($(ls /proc/self/fd \| wc -w) - 4))
		68
		69	# quit if `$FD_COUNT < ($LOCAL_M * $GLOBAL_N * 2)`:
		70	# the script also requires `sudo -C ($FD_COUNT + 4)`
		71	# so you need 'Defaults closefrom_override' in the
		72	# sudoers file.
		73
		74	if [ $FD_COUNT -lt $(($NODE_COUNT * 2)) ]; then
		75	echo "File descriptors do not match requirements!" >&2
		76	exit 1
		77	fi
		78	}
		79
		80	netjail_check_bin() {
		81	local PROGRAM=$1
		82	local MATCH=$(ls $(echo $PATH \| tr ":" "\n") \| grep "^$PROGRAM\$" \| tr "\n" " " \| awk '{ print $1 }')
		83
		84	# quit if the required binary $PROGRAM can not be
		85	# found in the used $PATH.
		86
		87	if [ "$MATCH" != "$PROGRAM" ]; then
		88	echo "Required binary not found: $PROGRAM" >&2
		89	exit 1
		90	fi
		91	}
		92
		93	netjail_bridge() {
		94	netjail_next_interface
		95	local NUM=$RESULT
		96	local BRIDGE=$(printf "%06x-%08x" $PREFIX $NUM)
		97
		98	ip link add $BRIDGE type bridge
		99	ip link set dev $BRIDGE up
		100
		101	RESULT=$BRIDGE
		102	}
		103
		104	netjail_bridge_name() {
		105	netjail_next_interface
		106	local NUM=$RESULT
		107	local BRIDGE=$(printf "%06x-%08x" $PREFIX $NUM)
		108
		109	RESULT=$BRIDGE
		110	}
		111
		112	netjail_bridge_clear() {
		113	local BRIDGE=$1
		114
		115	ip link delete $BRIDGE
		116	}
		117
		118	netjail_node() {
		119	netjail_next_namespace
		120	local NUM=$RESULT
		121	local NODE=$(printf "%06x-%08x" $PREFIX $NUM)
		122
		123	ip netns add $NODE
		124
		125	RESULT=$NODE
		126	}
		127
		128	netjail_node_name() {
		129	netjail_next_namespace
		130	local NUM=$RESULT
		131	local NODE=$(printf "%06x-%08x" $PREFIX $NUM)
		132
		133	RESULT=$NODE
		134	}
		135
		136	netjail_node_clear() {
		137	local NODE=$1
		138
		139	ip netns delete $NODE
		140	}
		141
		142	netjail_node_link_bridge() {
		143	local NODE=$1
		144	local BRIDGE=$2
		145	local ADDRESS=$3
		146	local MASK=$4
		147
		148	netjail_next_interface
		149	local NUM_IF=$RESULT
		150	netjail_next_interface
		151	local NUM_BR=$RESULT
		152
		153	local LINK_IF=$(printf "%06x-%08x" $PREFIX $NUM_IF)
		154	local LINK_BR=$(printf "%06x-%08x" $PREFIX $NUM_BR)
		155
		156	ip link add $LINK_IF type veth peer name $LINK_BR
		157	ip link set $LINK_IF netns $NODE
		158	ip link set $LINK_BR master $BRIDGE
		159
		160	ip -n $NODE addr add "$ADDRESS/$MASK" broadcast + dev $LINK_IF
		161	ip -n $NODE link set $LINK_IF up
		162	ip -n $NODE link set up dev lo
		163
		164	ip link set $LINK_BR up
		165
		166	RESULT=$LINK_BR
		167	}
		168
		169	netjail_node_link_bridge_name() {
		170
		171	netjail_next_interface
		172	netjail_next_interface
		173	local NUM_BR=$RESULT
		174
		175	local LINK_BR=$(printf "%06x-%08x" $PREFIX $NUM_BR)
		176
		177	RESULT=$LINK_BR
		178	}
		179
		180	netjail_node_unlink_bridge() {
		181	local LINK_BR=$1
		182
		183	ip link delete $LINK_BR
		184	}
		185
		186	netjail_node_add_nat() {
		187	local NODE=$1
		188	local ADDRESS=$2
		189	local MASK=$3
		190
		191	ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE
		192	}
		193
		194	netjail_node_add_default() {
		195	local NODE=$1
		196	local ADDRESS=$2
		197
		198	ip -n $NODE route add default via $ADDRESS
		199	}
		200
		201	netjail_node_exec() {
		202	JAILOR=${SUDO_USER:?must run in sudo}
		203	local NODE=$1
		204	local FD_IN=$2
		205	local FD_OUT=$3
		206	shift 3
		207
		208	ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN
		209	}
		210
		211	netjail_node_exec_without_fds() {
		212	JAILOR=${SUDO_USER:?must run in sudo}
		213	NODE=$1
		214	shift 1
		215
		216	ip netns exec $NODE sudo -u $JAILOR -- $@
		217	}
		218
		219	netjail_node_exec_without_fds_and_sudo() {
		220	NODE=$1
		221	shift 1
		222
		223	ip netns exec $NODE $@
		224	}
		225
		226	netjail_kill() {
		227	local PID=$1
		228	local MATCH=$(ps --pid $PID \| awk "{ if ( \$1 == $PID ) { print \$1 } }" \| wc -l)
		229
		230	if [ $MATCH -gt 0 ]; then
		231	kill -n 19 $PID
		232
		233	for CHILD in $(ps -o pid,ppid -ax \| awk "{ if ( \$2 == $PID ) { print \$1 } }"); do
		234	netjail_kill $CHILD
		235	done
		236
		237	kill $PID
		238	fi
		239	}
		240
		241	netjail_killall() {
		242	if [ $# -gt 0 ]; then
		243	local PIDS=$1
		244
		245	for PID in $PIDS; do
		246	netjail_kill $PID
		247	done
		248	fi
		249	}
		250
		251	netjail_waitall() {
		252	if [ $# -gt 0 ]; then
		253	local PIDS=$1
		254
		255	for PID in $PIDS; do
		256	wait $PID
		257	done
		258	fi
		259	}
		260


diff --git a/contrib/netjail/netjail_exec.sh b/contrib/netjail/netjail_exec.sh new file mode 100755 index 000000000..ab4aad5b8 --- /dev/null +++ b/contrib/netjail/netjail_exec.sh
@@ -0,0 +1,14 @@
		1	#!/bin/sh
		2	. "$(dirname $0)/netjail_core.sh"
		3
		4	set -eu
		5	set -x
		6
		7	export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
		8
		9	M=$1
		10	N=$2
		11
		12	NODE=$6
		13
		14	netjail_node_exec_without_fds_and_sudo $NODE $3 $4 $5 $1 $2 $7 $8


diff --git a/contrib/netjail/netjail_start.sh b/contrib/netjail/netjail_start.sh new file mode 100755 index 000000000..997ad0a95 --- /dev/null +++ b/contrib/netjail/netjail_start.sh
@@ -0,0 +1,81 @@
		1	#!/bin/bash
		2	. "$(dirname $0)/netjail_core.sh"
		3	. "$(dirname $0)/topo.sh"
		4
		5	set -eu
		6	set -x
		7
		8	export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
		9
		10	filename=$1
		11	PREFIX=$2
		12	readfile=$3
		13
		14	if [ $readfile -eq 0 ]
		15	then
		16	read_topology_string "$filename"
		17	else
		18	echo read file
		19	read_topology $filename
		20	fi
		21
		22	shift 2
		23
		24	LOCAL_GROUP="192.168.15"
		25	GLOBAL_GROUP="92.68.150"
		26	KNOWN_GROUP="92.68.151"
		27
		28
		29	echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/16]"
		30
		31	netjail_bridge
		32	NETWORK_NET=$RESULT
		33
		34	for X in $(seq $KNOWN); do
		35	netjail_node
		36	KNOWN_NODES[$X]=$RESULT
		37	netjail_node_link_bridge ${KNOWN_NODES[$X]} $NETWORK_NET "$KNOWN_GROUP.$X" 16
		38	KNOWN_LINKS[$X]=$RESULT
		39	done
		40
		41	declare -A NODES
		42	declare -A NODE_LINKS
		43
		44	for N in $(seq $GLOBAL_N); do
		45	netjail_node
		46	ROUTERS[$N]=$RESULT
		47	netjail_node_link_bridge ${ROUTERS[$N]} $NETWORK_NET "$GLOBAL_GROUP.$N" 16
		48	NETWORK_LINKS[$N]=$RESULT
		49	netjail_bridge
		50	ROUTER_NETS[$N]=$RESULT
		51
		52	for M in $(seq $LOCAL_M); do
		53	netjail_node
		54	NODES[$N,$M]=$RESULT
		55	netjail_node_link_bridge ${NODES[$N,$M]} ${ROUTER_NETS[$N]} "$LOCAL_GROUP.$M" 24
		56	NODE_LINKS[$N,$M]=$RESULT
		57	done
		58
		59	ROUTER_ADDR="$LOCAL_GROUP.$(($LOCAL_M+1))"
		60	netjail_node_link_bridge ${ROUTERS[$N]} ${ROUTER_NETS[$N]} $ROUTER_ADDR 24
		61	ROUTER_LINKS[$N]=$RESULT
		62
		63	netjail_node_add_nat ${ROUTERS[$N]} $ROUTER_ADDR 24
		64
		65	for M in $(seq $LOCAL_M); do
		66	netjail_node_add_default ${NODES[$N,$M]} $ROUTER_ADDR
		67	done
		68
		69	# TODO Topology configuration must be enhanced to configure forwarding to more than one subnet node via different ports.
		70
		71	if [ "1" == "${R_TCP[$N]}" ]
		72	then
		73	ip netns exec ${ROUTERS[$N]} iptables -t nat -A PREROUTING -p tcp -d $GLOBAL_GROUP.$N --dport 60002 -j DNAT --to $LOCAL_GROUP.1
		74	ip netns exec ${ROUTERS[$N]} iptables -A FORWARD -d $LOCAL_GROUP.1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
		75	fi
		76	if [ "1" == "${R_UDP[$N]}" ]
		77	then
		78	ip netns exec ${ROUTERS[$N]} iptables -t nat -A PREROUTING -p udp -d $GLOBAL_GROUP.$N --dport 60002 -j DNAT --to $LOCAL_GROUP.1
		79	ip netns exec ${ROUTERS[$N]} iptables -A FORWARD -d $LOCAL_GROUP.1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
		80	fi
		81	done


diff --git a/contrib/netjail/netjail_stop.sh b/contrib/netjail/netjail_stop.sh new file mode 100755 index 000000000..c8739dc94 --- /dev/null +++ b/contrib/netjail/netjail_stop.sh
@@ -0,0 +1,65 @@
		1	#!/bin/bash
		2	. "$(dirname $0)/netjail_core.sh"
		3	. "$(dirname $0)/topo.sh"
		4
		5	set -eu
		6	set -x
		7
		8	export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
		9
		10	filename=$1
		11	PREFIX=$2
		12	readfile=$3
		13
		14	if [ $readfile -eq 0 ]
		15	then
		16	read_topology_string $filename
		17	else
		18	read_topology $filename
		19	fi
		20
		21	declare -A NODES
		22	declare -A NODE_LINKS
		23
		24	netjail_bridge_name
		25	NETWORK_NET=$RESULT
		26
		27	for X in $(seq $KNOWN); do
		28	netjail_node_name
		29	KNOWN_NODES[$X]=$RESULT
		30	netjail_node_link_bridge_name
		31	KNOWN_LINKS[$X]=$RESULT
		32	netjail_node_unlink_bridge ${KNOWN_LINKS[$X]}
		33	netjail_node_clear ${KNOWN_NODES[$X]}
		34	done
		35
		36	for N in $(seq $GLOBAL_N); do
		37	netjail_node_name
		38	ROUTERS[$N]=$RESULT
		39	netjail_node_link_bridge_name
		40	NETWORK_LINKS[$N]=$RESULT
		41	netjail_bridge_name
		42	ROUTER_NETS[$N]=$RESULT
		43	netjail_node_link_bridge_name
		44	ROUTER_LINKS[$N]=$RESULT
		45
		46	netjail_node_unlink_bridge ${ROUTER_LINKS[$N]}
		47
		48	for M in $(seq $LOCAL_M); do
		49	netjail_node_name
		50	NODES[$N,$M]=$RESULT
		51	netjail_node_link_bridge_name
		52	NODE_LINKS[$N,$M]=$RESULT
		53	netjail_node_unlink_bridge ${NODE_LINKS[$N,$M]}
		54	netjail_node_clear ${NODES[$N,$M]}
		55	done
		56
		57
		58	netjail_bridge_clear ${ROUTER_NETS[$N]}
		59	netjail_node_unlink_bridge ${NETWORK_LINKS[$N]}
		60	netjail_node_clear ${ROUTERS[$N]}
		61	done
		62
		63	netjail_bridge_clear $NETWORK_NET
		64
		65	echo "Done"


diff --git a/contrib/netjail/topo.sh b/contrib/netjail/topo.sh new file mode 100755 index 000000000..9af017ff0 --- /dev/null +++ b/contrib/netjail/topo.sh
@@ -0,0 +1,113 @@
		1	#!/bin/bash
		2
		3	declare -A K_PLUGIN
		4	declare -A R_TCP
		5	declare -A R_UDP
		6	declare -A P_PLUGIN
		7
		8	extract_attributes()
		9	{
		10	line_key=$1
		11	line=$2
		12
		13	if [ "$line_key" = "P" ]
		14	then
		15	n=$(echo $line\|cut -d \\| -f 1\|awk -F: '{print $2}')
		16	echo $n
		17	m=$(echo $line\|cut -d \\| -f 1\|awk -F: '{print $3}')
		18	echo $m
		19	else
		20	number=$(echo $line\|cut -d \\| -f 1\| cut -c 2-\|cut -d : -f 2 )
		21	echo $number
		22	fi
		23
		24	nf=$(echo $line\|awk -F: '{print NF}')
		25	for ((i=2;i<=$nf;i++))
		26	do
		27	entry=$(echo $line \|awk -v i=$i -F\\| '{print $i}')
		28	key=$(echo $entry\|cut -d { -f 2\|cut -d } -f 1\|cut -d : -f 1)
		29	value=$(echo $entry\|cut -d { -f 2\|cut -d } -f 1\|cut -d : -f 2)
		30	if [ "$key" = "tcp_port" ]
		31	then
		32	echo tcp port: $value
		33	R_TCP[$number]=$value
		34	elif [ "$key" = "udp_port" ]
		35	then
		36	echo udp port: $value
		37	R_UDP[$number]=$value
		38	elif [ "$key" = "plugin" ]
		39	then
		40	echo plugin: $value
		41	echo $line_key
		42	if [ "$line_key" = "P" ]
		43	then
		44	P_PLUGIN[$n,$m]=$value
		45	echo $n $m ${P_PLUGIN[$n,$m]}
		46	elif [ "$line_key" = "K" ]
		47	then
		48	K_PLUGIN[$number]=$value
		49	fi
		50	fi
		51	done
		52	}
		53
		54	parse_line(){
		55	line=$1
		56	echo $line
		57	key=$(cut -c -1 <<< $line)
		58	if [ "$key" = "M" ]
		59	then
		60	LOCAL_M=$(cut -d : -f 2 <<< $line)
		61	echo $LOCAL_M
		62	elif [ "$key" = "N" ]
		63	then
		64	GLOBAL_N=$(cut -d : -f 2 <<< $line)
		65	echo $GLOBAL_N
		66	for ((i=1;i<=$GLOBAL_N;i++))
		67	do
		68	R_TCP[$i]=0
		69	R_UDP[$i]=0
		70	done
		71	elif [ "$key" = "X" ]
		72	then
		73	KNOWN=$(cut -d : -f 2 <<< $line)
		74	echo $KNOWN
		75	elif [ "$key" = "T" ]
		76	then
		77	PLUGIN=$(cut -d : -f 2 <<< $line)
		78	echo $PLUGIN
		79	elif [ "$key" = "K" ]
		80	then
		81	echo know node
		82	extract_attributes $key $line
		83	elif [ "$key" = "R" ]
		84	then
		85	echo router
		86	extract_attributes $key $line
		87	elif [ "$key" = "P" ]
		88	then
		89	echo node
		90	extract_attributes $key $line
		91	fi
		92	}
		93
		94	read_topology_string(){
		95	string=$1
		96	IFS=' ' read -r -a array <<< $string
		97	for element in "${array[@]}"
		98	do
		99	echo $element
		100	parse_line $element
		101	done
		102	}
		103
		104	read_topology(){
		105	local filename=$1
		106	while read line; do
		107	# reading each line
		108	parse_line $line
		109	done < $filename
		110	}
		111
		112
		113