aboutsummaryrefslogtreecommitdiff
path: root/contrib/scripts/netjail/netjail_core.sh
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/scripts/netjail/netjail_core.sh')
-rwxr-xr-xcontrib/scripts/netjail/netjail_core.sh47
1 files changed, 35 insertions, 12 deletions
diff --git a/contrib/scripts/netjail/netjail_core.sh b/contrib/scripts/netjail/netjail_core.sh
index 1bfc365e7..c93f26dc9 100755
--- a/contrib/scripts/netjail/netjail_core.sh
+++ b/contrib/scripts/netjail/netjail_core.sh
@@ -2,6 +2,7 @@
2# 2#
3 3
4JAILOR=${SUDO_USER:?must run in sudo} 4JAILOR=${SUDO_USER:?must run in sudo}
5PREFIX=${PPID:?must run from a parent process}
5 6
6# running with `sudo` is required to be 7# running with `sudo` is required to be
7# able running the actual commands as the 8# able running the actual commands as the
@@ -9,6 +10,24 @@ JAILOR=${SUDO_USER:?must run in sudo}
9 10
10export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 11export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
11 12
13# initialize the numbering to ensure unique names
14
15NAMESPACE_NUM=${NAMESPACE_FD:?must have a file for ids}
16INTERFACE_NUM=${INTERFACE_FD:?must have a file for ids}
17
18netjail_read_inc() {
19 local FD=$1
20 local NUM=$(cat $FD)
21 NUM=${NUM:-0}
22
23 local RES=$NUM
24 NUM=$(($NUM + 1))
25
26 echo $NUM > $FD
27
28 printf "$RES"
29}
30
12netjail_opt() { 31netjail_opt() {
13 local OPT=$1 32 local OPT=$1
14 shift 1 33 shift 1
@@ -73,15 +92,14 @@ netjail_check_bin() {
73 fi 92 fi
74} 93}
75 94
76netjail_print_name() {
77 printf "%s%02x%02x" $1 $2 ${3:-0}
78}
79
80netjail_bridge() { 95netjail_bridge() {
81 local BRIDGE=$1 96 local NUM=$(netjail_read_inc $INTERFACE_NUM)
97 local BRIDGE=$(printf "%06x-%08x" $PREFIX $NUM)
82 98
83 ip link add $BRIDGE type bridge 99 ip link add $BRIDGE type bridge
84 ip link set dev $BRIDGE up 100 ip link set dev $BRIDGE up
101
102 printf "%s" $BRIDGE
85} 103}
86 104
87netjail_bridge_clear() { 105netjail_bridge_clear() {
@@ -91,9 +109,12 @@ netjail_bridge_clear() {
91} 109}
92 110
93netjail_node() { 111netjail_node() {
94 local NODE=$1 112 local NUM=$(netjail_read_inc $NAMESPACE_NUM)
113 local NODE=$(printf "%06x-%08x" $PREFIX $NUM)
95 114
96 ip netns add $NODE 115 ip netns add $NODE
116
117 printf "%s" $NODE
97} 118}
98 119
99netjail_node_clear() { 120netjail_node_clear() {
@@ -108,8 +129,11 @@ netjail_node_link_bridge() {
108 local ADDRESS=$3 129 local ADDRESS=$3
109 local MASK=$4 130 local MASK=$4
110 131
111 local LINK_IF="$NODE-$BRIDGE-0" 132 local NUM_IF=$(netjail_read_inc $INTERFACE_NUM)
112 local LINK_BR="$NODE-$BRIDGE-1" 133 local NUM_BR=$(netjail_read_inc $INTERFACE_NUM)
134
135 local LINK_IF=$(printf "%06x-%08x" $PREFIX $NUM_IF)
136 local LINK_BR=$(printf "%06x-%08x" $PREFIX $NUM_BR)
113 137
114 ip link add $LINK_IF type veth peer name $LINK_BR 138 ip link add $LINK_IF type veth peer name $LINK_BR
115 ip link set $LINK_IF netns $NODE 139 ip link set $LINK_IF netns $NODE
@@ -120,13 +144,12 @@ netjail_node_link_bridge() {
120 ip -n $NODE link set up dev lo 144 ip -n $NODE link set up dev lo
121 145
122 ip link set $LINK_BR up 146 ip link set $LINK_BR up
147
148 printf "%s" $LINK_BR
123} 149}
124 150
125netjail_node_unlink_bridge() { 151netjail_node_unlink_bridge() {
126 local NODE=$1 152 local LINK_BR=$1
127 local BRIDGE=$2
128
129 local LINK_BR="$NODE-$BRIDGE-1"
130 153
131 ip link delete $LINK_BR 154 ip link delete $LINK_BR
132} 155}
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-16 08:45:13 +0000