diff options
-rwxr-xr-x | contrib/scripts/netjail/netjail_core.sh | 47 | ||||
-rwxr-xr-x | contrib/scripts/netjail/netjail_setup_internet.sh | 92 |
2 files changed, 73 insertions, 66 deletions
diff --git a/contrib/scripts/netjail/netjail_core.sh b/contrib/scripts/netjail/netjail_core.sh index 1bfc365e7..c93f26dc9 100755 --- a/contrib/scripts/netjail/netjail_core.sh +++ b/contrib/scripts/netjail/netjail_core.sh | |||
@@ -2,6 +2,7 @@ | |||
2 | # | 2 | # |
3 | 3 | ||
4 | JAILOR=${SUDO_USER:?must run in sudo} | 4 | JAILOR=${SUDO_USER:?must run in sudo} |
5 | PREFIX=${PPID:?must run from a parent process} | ||
5 | 6 | ||
6 | # running with `sudo` is required to be | 7 | # running with `sudo` is required to be |
7 | # able running the actual commands as the | 8 | # able running the actual commands as the |
@@ -9,6 +10,24 @@ JAILOR=${SUDO_USER:?must run in sudo} | |||
9 | 10 | ||
10 | export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" | 11 | export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" |
11 | 12 | ||
13 | # initialize the numbering to ensure unique names | ||
14 | |||
15 | NAMESPACE_NUM=${NAMESPACE_FD:?must have a file for ids} | ||
16 | INTERFACE_NUM=${INTERFACE_FD:?must have a file for ids} | ||
17 | |||
18 | netjail_read_inc() { | ||
19 | local FD=$1 | ||
20 | local NUM=$(cat $FD) | ||
21 | NUM=${NUM:-0} | ||
22 | |||
23 | local RES=$NUM | ||
24 | NUM=$(($NUM + 1)) | ||
25 | |||
26 | echo $NUM > $FD | ||
27 | |||
28 | printf "$RES" | ||
29 | } | ||
30 | |||
12 | netjail_opt() { | 31 | netjail_opt() { |
13 | local OPT=$1 | 32 | local OPT=$1 |
14 | shift 1 | 33 | shift 1 |
@@ -73,15 +92,14 @@ netjail_check_bin() { | |||
73 | fi | 92 | fi |
74 | } | 93 | } |
75 | 94 | ||
76 | netjail_print_name() { | ||
77 | printf "%s%02x%02x" $1 $2 ${3:-0} | ||
78 | } | ||
79 | |||
80 | netjail_bridge() { | 95 | netjail_bridge() { |
81 | local BRIDGE=$1 | 96 | local NUM=$(netjail_read_inc $INTERFACE_NUM) |
97 | local BRIDGE=$(printf "%06x-%08x" $PREFIX $NUM) | ||
82 | 98 | ||
83 | ip link add $BRIDGE type bridge | 99 | ip link add $BRIDGE type bridge |
84 | ip link set dev $BRIDGE up | 100 | ip link set dev $BRIDGE up |
101 | |||
102 | printf "%s" $BRIDGE | ||
85 | } | 103 | } |
86 | 104 | ||
87 | netjail_bridge_clear() { | 105 | netjail_bridge_clear() { |
@@ -91,9 +109,12 @@ netjail_bridge_clear() { | |||
91 | } | 109 | } |
92 | 110 | ||
93 | netjail_node() { | 111 | netjail_node() { |
94 | local NODE=$1 | 112 | local NUM=$(netjail_read_inc $NAMESPACE_NUM) |
113 | local NODE=$(printf "%06x-%08x" $PREFIX $NUM) | ||
95 | 114 | ||
96 | ip netns add $NODE | 115 | ip netns add $NODE |
116 | |||
117 | printf "%s" $NODE | ||
97 | } | 118 | } |
98 | 119 | ||
99 | netjail_node_clear() { | 120 | netjail_node_clear() { |
@@ -108,8 +129,11 @@ netjail_node_link_bridge() { | |||
108 | local ADDRESS=$3 | 129 | local ADDRESS=$3 |
109 | local MASK=$4 | 130 | local MASK=$4 |
110 | 131 | ||
111 | local LINK_IF="$NODE-$BRIDGE-0" | 132 | local NUM_IF=$(netjail_read_inc $INTERFACE_NUM) |
112 | local LINK_BR="$NODE-$BRIDGE-1" | 133 | local NUM_BR=$(netjail_read_inc $INTERFACE_NUM) |
134 | |||
135 | local LINK_IF=$(printf "%06x-%08x" $PREFIX $NUM_IF) | ||
136 | local LINK_BR=$(printf "%06x-%08x" $PREFIX $NUM_BR) | ||
113 | 137 | ||
114 | ip link add $LINK_IF type veth peer name $LINK_BR | 138 | ip link add $LINK_IF type veth peer name $LINK_BR |
115 | ip link set $LINK_IF netns $NODE | 139 | ip link set $LINK_IF netns $NODE |
@@ -120,13 +144,12 @@ netjail_node_link_bridge() { | |||
120 | ip -n $NODE link set up dev lo | 144 | ip -n $NODE link set up dev lo |
121 | 145 | ||
122 | ip link set $LINK_BR up | 146 | ip link set $LINK_BR up |
147 | |||
148 | printf "%s" $LINK_BR | ||
123 | } | 149 | } |
124 | 150 | ||
125 | netjail_node_unlink_bridge() { | 151 | netjail_node_unlink_bridge() { |
126 | local NODE=$1 | 152 | local LINK_BR=$1 |
127 | local BRIDGE=$2 | ||
128 | |||
129 | local LINK_BR="$NODE-$BRIDGE-1" | ||
130 | 153 | ||
131 | ip link delete $LINK_BR | 154 | ip link delete $LINK_BR |
132 | } | 155 | } |
diff --git a/contrib/scripts/netjail/netjail_setup_internet.sh b/contrib/scripts/netjail/netjail_setup_internet.sh index 6ae047274..c9a6fd6d8 100755 --- a/contrib/scripts/netjail/netjail_setup_internet.sh +++ b/contrib/scripts/netjail/netjail_setup_internet.sh | |||
@@ -1,4 +1,10 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | |||
3 | NAMESPACE_FD=$(mktemp) | ||
4 | INTERFACE_FD=$(mktemp) | ||
5 | |||
6 | trap "rm -f $NAMESPACE_FD $INTERFACE_FD; exit" ERR EXIT | ||
7 | |||
2 | . "./netjail_core.sh" | 8 | . "./netjail_core.sh" |
3 | 9 | ||
4 | set -eu | 10 | set -eu |
@@ -6,6 +12,7 @@ set -x | |||
6 | 12 | ||
7 | export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" | 13 | export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" |
8 | 14 | ||
15 | PREFIX=$PPID | ||
9 | LOCAL_M=$1 | 16 | LOCAL_M=$1 |
10 | GLOBAL_N=$2 | 17 | GLOBAL_N=$2 |
11 | 18 | ||
@@ -32,8 +39,6 @@ if [ $STUN -gt 0 ]; then | |||
32 | netjail_check_bin stunserver | 39 | netjail_check_bin stunserver |
33 | 40 | ||
34 | shift 1 | 41 | shift 1 |
35 | |||
36 | STUN_NODE=$(netjail_print_name "S" 254) | ||
37 | fi | 42 | fi |
38 | 43 | ||
39 | netjail_check_bin $1 | 44 | netjail_check_bin $1 |
@@ -45,43 +50,33 @@ KNOWN_GROUP="92.68.151" | |||
45 | CLEANUP=0 | 50 | CLEANUP=0 |
46 | echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/16, stun: $STUN]" | 51 | echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/16, stun: $STUN]" |
47 | 52 | ||
48 | NETWORK_NET=$(netjail_print_name "n" $GLOBAL_N $LOCAL_M) | 53 | NETWORK_NET=$(netjail_bridge) |
49 | |||
50 | netjail_bridge $NETWORK_NET | ||
51 | 54 | ||
52 | for X in $(seq $KNOWN); do | 55 | for X in $(seq $KNOWN); do |
53 | KNOWN_NODE=$(netjail_print_name "K" $X) | 56 | KNOWN_NODES[$X]=$(netjail_node) |
54 | 57 | KNOWN_LINKS[$X]=$(netjail_node_link_bridge ${KNOWN_NODES[$X]} $NETWORK_NET "$KNOWN_GROUP.$X" 16) | |
55 | netjail_node $KNOWN_NODE | ||
56 | netjail_node_link_bridge $KNOWN_NODE $NETWORK_NET "$KNOWN_GROUP.$X" 16 | ||
57 | done | 58 | done |
58 | 59 | ||
59 | for N in $(seq $GLOBAL_N); do | 60 | declare -A NODES |
60 | ROUTER=$(netjail_print_name "R" $N) | 61 | declare -A NODE_LINKS |
61 | |||
62 | netjail_node $ROUTER | ||
63 | netjail_node_link_bridge $ROUTER $NETWORK_NET "$GLOBAL_GROUP.$N" 16 | ||
64 | |||
65 | ROUTER_NET=$(netjail_print_name "r" $N) | ||
66 | 62 | ||
67 | netjail_bridge $ROUTER_NET | 63 | for N in $(seq $GLOBAL_N); do |
64 | ROUTERS[$N]=$(netjail_node) | ||
65 | NETWORK_LINKS[$N]=$(netjail_node_link_bridge ${ROUTERS[$N]} $NETWORK_NET "$GLOBAL_GROUP.$N" 16) | ||
66 | ROUTER_NETS[$N]=$(netjail_bridge) | ||
68 | 67 | ||
69 | for M in $(seq $LOCAL_M); do | 68 | for M in $(seq $LOCAL_M); do |
70 | NODE=$(netjail_print_name "N" $N $M) | 69 | NODES[$N,$M]=$(netjail_node) |
71 | 70 | NODE_LINKS[$N,$M]=$(netjail_node_link_bridge ${NODES[$N,$M]} ${ROUTER_NETS[$N]} "$LOCAL_GROUP.$M" 24) | |
72 | netjail_node $NODE | ||
73 | netjail_node_link_bridge $NODE $ROUTER_NET "$LOCAL_GROUP.$M" 24 | ||
74 | done | 71 | done |
75 | 72 | ||
76 | ROUTER_ADDR="$LOCAL_GROUP.$(($LOCAL_M+1))" | 73 | ROUTER_ADDR="$LOCAL_GROUP.$(($LOCAL_M+1))" |
77 | 74 | ROUTER_LINKS[$N]=$(netjail_node_link_bridge ${ROUTERS[$N]} ${ROUTER_NETS[$N]} $ROUTER_ADDR 24) | |
78 | netjail_node_link_bridge $ROUTER $ROUTER_NET $ROUTER_ADDR 24 | 75 | |
79 | netjail_node_add_nat $ROUTER $ROUTER_ADDR 24 | 76 | netjail_node_add_nat ${ROUTERS[$N]} $ROUTER_ADDR 24 |
80 | 77 | ||
81 | for M in $(seq $LOCAL_M); do | 78 | for M in $(seq $LOCAL_M); do |
82 | NODE=$(netjail_print_name "N" $N $M) | 79 | netjail_node_add_default ${NODES[$N,$M]} $ROUTER_ADDR |
83 | |||
84 | netjail_node_add_default $NODE $ROUTER_ADDR | ||
85 | done | 80 | done |
86 | done | 81 | done |
87 | 82 | ||
@@ -89,67 +84,56 @@ WAITING="" | |||
89 | KILLING="" | 84 | KILLING="" |
90 | 85 | ||
91 | if [ $STUN -gt 0 ]; then | 86 | if [ $STUN -gt 0 ]; then |
92 | netjail_node $STUN_NODE | 87 | STUN_NODE=$(netjail_node) |
93 | netjail_node_link_bridge $STUN_NODE $NETWORK_NET "$GLOBAL_GROUP.254" 16 | 88 | STUN_LINK=$(netjail_node_link_bridge $STUN_NODE $NETWORK_NET "$GLOBAL_GROUP.254" 16) |
94 | 89 | ||
95 | netjail_node_exec $STUN_NODE 0 1 stunserver & | 90 | netjail_node_exec $STUN_NODE 0 1 stunserver & |
96 | KILLING="$!" | 91 | KILLING="$!" |
97 | fi | 92 | fi |
98 | 93 | ||
99 | for X in $(seq $KNOWN); do | 94 | for X in $(seq $KNOWN); do |
100 | KNOWN_NODE=$(netjail_print_name "K" $X) | ||
101 | INDEX=$(($X - 1)) | 95 | INDEX=$(($X - 1)) |
102 | 96 | ||
103 | FD_X=$(($INDEX * 2 + 3 + 0)) | 97 | FD_X=$(($INDEX * 2 + 3 + 0)) |
104 | FD_Y=$(($INDEX * 2 + 3 + 1)) | 98 | FD_Y=$(($INDEX * 2 + 3 + 1)) |
105 | 99 | ||
106 | netjail_node_exec $KNOWN_NODE $FD_X $FD_Y $@ & | 100 | netjail_node_exec ${KNOWN_NODES[$X]} $FD_X $FD_Y $@ & |
107 | WAITING="$! $WAITING" | 101 | WAITING="$! $WAITING" |
108 | done | 102 | done |
109 | 103 | ||
110 | for N in $(seq $GLOBAL_N); do | 104 | for N in $(seq $GLOBAL_N); do |
111 | for M in $(seq $LOCAL_M); do | 105 | for M in $(seq $LOCAL_M); do |
112 | NODE=$(netjail_print_name "N" $N $M) | ||
113 | INDEX=$(($LOCAL_M * ($N - 1) + $M - 1 + $KNOWN)) | 106 | INDEX=$(($LOCAL_M * ($N - 1) + $M - 1 + $KNOWN)) |
114 | 107 | ||
115 | FD_X=$(($INDEX * 2 + 3 + 0)) | 108 | FD_X=$(($INDEX * 2 + 3 + 0)) |
116 | FD_Y=$(($INDEX * 2 + 3 + 1)) | 109 | FD_Y=$(($INDEX * 2 + 3 + 1)) |
117 | 110 | ||
118 | netjail_node_exec $NODE $FD_X $FD_Y $@ & | 111 | netjail_node_exec ${NODES[$N,$M]} $FD_X $FD_Y $@ & |
119 | WAITING="$! $WAITING" | 112 | WAITING="$! $WAITING" |
120 | done | 113 | done |
121 | done | 114 | done |
122 | 115 | ||
123 | cleanup() { | 116 | cleanup() { |
124 | if [ $STUN -gt 0 ]; then | 117 | if [ $STUN -gt 0 ]; then |
125 | STUN_NODE=$(netjail_print_name "S" 254) | 118 | netjail_node_unlink_bridge $STUN_LINK |
126 | |||
127 | netjail_node_unlink_bridge $STUN_NODE $NETWORK_NET | ||
128 | netjail_node_clear $STUN_NODE | 119 | netjail_node_clear $STUN_NODE |
129 | fi | 120 | fi |
130 | 121 | ||
131 | for X in $(seq $KNOWN); do | 122 | for X in $(seq $KNOWN); do |
132 | KNOWN_NODE=$(netjail_print_name "K" $X) | 123 | netjail_node_unlink_bridge ${KNOWN_LINKS[$X]} |
133 | 124 | netjail_node_clear ${KNOWN_NODES[$X]} | |
134 | netjail_node_unlink_bridge $KNOWN_NODE $NETWORK_NET | ||
135 | netjail_node_clear $KNOWN_NODE | ||
136 | done | 125 | done |
137 | 126 | ||
138 | for N in $(seq $GLOBAL_N); do | 127 | for N in $(seq $GLOBAL_N); do |
139 | ROUTER_NET=$(netjail_print_name "r" $N) | ||
140 | |||
141 | for M in $(seq $LOCAL_M); do | 128 | for M in $(seq $LOCAL_M); do |
142 | NODE=$(netjail_print_name "N" $N $M) | 129 | netjail_node_unlink_bridge ${NODE_LINKS[$N,$M]} |
143 | 130 | netjail_node_clear ${NODES[$N,$M]} | |
144 | netjail_node_unlink_bridge $NODE $ROUTER_NET | ||
145 | netjail_node_clear $NODE | ||
146 | done | 131 | done |
147 | 132 | ||
148 | ROUTER=$(netjail_print_name "R" $N) | 133 | netjail_node_unlink_bridge ${ROUTER_LINKS[$N]} |
149 | 134 | netjail_bridge_clear ${ROUTER_NETS[$N]} | |
150 | netjail_bridge_clear $ROUTER_NET | 135 | netjail_node_unlink_bridge ${NETWORK_LINKS[$N]} |
151 | netjail_node_unlink_bridge $ROUTER $NETWORK_NET | 136 | netjail_node_clear ${ROUTERS[$N]} |
152 | netjail_node_clear $ROUTER | ||
153 | done | 137 | done |
154 | 138 | ||
155 | netjail_bridge_clear $NETWORK_NET | 139 | netjail_bridge_clear $NETWORK_NET |
@@ -162,7 +146,7 @@ trapped_cleanup() { | |||
162 | cleanup | 146 | cleanup |
163 | } | 147 | } |
164 | 148 | ||
165 | trap 'trapped_cleanup' 2 | 149 | trap 'trapped_cleanup' ERR |
166 | 150 | ||
167 | netjail_waitall $WAITING | 151 | netjail_waitall $WAITING |
168 | netjail_killall $KILLING | 152 | netjail_killall $KILLING |