diff options
Diffstat (limited to 'contrib/scripts')
-rw-r--r-- | contrib/scripts/Makefile.am | 2 | ||||
-rwxr-xr-x | contrib/scripts/netjail/netjail_core.sh | 217 | ||||
-rwxr-xr-x | contrib/scripts/netjail/netjail_setup_internet.sh | 166 |
3 files changed, 0 insertions, 385 deletions
diff --git a/contrib/scripts/Makefile.am b/contrib/scripts/Makefile.am index 756119ada..b03f69894 100644 --- a/contrib/scripts/Makefile.am +++ b/contrib/scripts/Makefile.am | |||
@@ -45,8 +45,6 @@ EXTRA_DIST = \ | |||
45 | lint/lint-man.sh \ | 45 | lint/lint-man.sh \ |
46 | lint/lint-python.sh \ | 46 | lint/lint-python.sh \ |
47 | revisionary.sh \ | 47 | revisionary.sh \ |
48 | netjail/netjail_core.sh \ | ||
49 | netjail/netjail_setup_internet.sh \ | ||
50 | regression.sh \ | 48 | regression.sh \ |
51 | doc/texinfo-hacks.el \ | 49 | doc/texinfo-hacks.el \ |
52 | afferify \ | 50 | afferify \ |
diff --git a/contrib/scripts/netjail/netjail_core.sh b/contrib/scripts/netjail/netjail_core.sh deleted file mode 100755 index d53315052..000000000 --- a/contrib/scripts/netjail/netjail_core.sh +++ /dev/null | |||
@@ -1,217 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | # | ||
3 | |||
4 | JAILOR=${SUDO_USER:?must run in sudo} | ||
5 | PREFIX=${PPID:?must run from a parent process} | ||
6 | |||
7 | # running with `sudo` is required to be | ||
8 | # able running the actual commands as the | ||
9 | # original user. | ||
10 | |||
11 | export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" | ||
12 | |||
13 | export RESULT= | ||
14 | export NAMESPACE_NUM=0 | ||
15 | export INTERFACE_NUM=0 | ||
16 | |||
17 | netjail_next_namespace() { | ||
18 | local NUM=$NAMESPACE_NUM | ||
19 | NAMESPACE_NUM=$(($NAMESPACE_NUM + 1)) | ||
20 | RESULT=$NUM | ||
21 | } | ||
22 | |||
23 | netjail_next_interface() { | ||
24 | local NUM=$INTERFACE_NUM | ||
25 | INTERFACE_NUM=$(($INTERFACE_NUM + 1)) | ||
26 | RESULT=$NUM | ||
27 | } | ||
28 | |||
29 | netjail_opt() { | ||
30 | local OPT=$1 | ||
31 | shift 1 | ||
32 | |||
33 | INDEX=1 | ||
34 | |||
35 | while [ $# -gt 0 ]; do | ||
36 | if [ "$1" = "$OPT" ]; then | ||
37 | RESULT=$INDEX | ||
38 | return | ||
39 | fi | ||
40 | |||
41 | INDEX=$(($INDEX + 1)) | ||
42 | shift 1 | ||
43 | done | ||
44 | |||
45 | RESULT=0 | ||
46 | } | ||
47 | |||
48 | netjail_opts() { | ||
49 | local OPT=$1 | ||
50 | local DEF=$2 | ||
51 | shift 2 | ||
52 | |||
53 | while [ $# -gt 0 ]; do | ||
54 | if [ "$1" = "$OPT" ]; then | ||
55 | printf "$2" | ||
56 | return | ||
57 | fi | ||
58 | |||
59 | shift 1 | ||
60 | done | ||
61 | |||
62 | RESULT="$DEF" | ||
63 | } | ||
64 | |||
65 | netjail_check() { | ||
66 | local NODE_COUNT=$1 | ||
67 | local FD_COUNT=$(($(ls /proc/self/fd | wc -w) - 4)) | ||
68 | |||
69 | # quit if `$FD_COUNT < ($LOCAL_M * $GLOBAL_N * 2)`: | ||
70 | # the script also requires `sudo -C ($FD_COUNT + 4)` | ||
71 | # so you need 'Defaults closefrom_override' in the | ||
72 | # sudoers file. | ||
73 | |||
74 | if [ $FD_COUNT -lt $(($NODE_COUNT * 2)) ]; then | ||
75 | echo "File descriptors do not match requirements!" >&2 | ||
76 | exit 1 | ||
77 | fi | ||
78 | } | ||
79 | |||
80 | netjail_check_bin() { | ||
81 | local PROGRAM=$1 | ||
82 | local MATCH=$(ls $(echo $PATH | tr ":" "\n") | grep "^$PROGRAM\$" | tr "\n" " " | awk '{ print $1 }') | ||
83 | |||
84 | # quit if the required binary $PROGRAM can not be | ||
85 | # found in the used $PATH. | ||
86 | |||
87 | if [ "$MATCH" != "$PROGRAM" ]; then | ||
88 | echo "Required binary not found: $PROGRAM" >&2 | ||
89 | exit 1 | ||
90 | fi | ||
91 | } | ||
92 | |||
93 | netjail_bridge() { | ||
94 | netjail_next_interface | ||
95 | local NUM=$RESULT | ||
96 | local BRIDGE=$(printf "%06x-%08x" $PREFIX $NUM) | ||
97 | |||
98 | ip link add $BRIDGE type bridge | ||
99 | ip link set dev $BRIDGE up | ||
100 | |||
101 | RESULT=$BRIDGE | ||
102 | } | ||
103 | |||
104 | netjail_bridge_clear() { | ||
105 | local BRIDGE=$1 | ||
106 | |||
107 | ip link delete $BRIDGE | ||
108 | } | ||
109 | |||
110 | netjail_node() { | ||
111 | netjail_next_namespace | ||
112 | local NUM=$RESULT | ||
113 | local NODE=$(printf "%06x-%08x" $PREFIX $NUM) | ||
114 | |||
115 | ip netns add $NODE | ||
116 | |||
117 | RESULT=$NODE | ||
118 | } | ||
119 | |||
120 | netjail_node_clear() { | ||
121 | local NODE=$1 | ||
122 | |||
123 | ip netns delete $NODE | ||
124 | } | ||
125 | |||
126 | netjail_node_link_bridge() { | ||
127 | local NODE=$1 | ||
128 | local BRIDGE=$2 | ||
129 | local ADDRESS=$3 | ||
130 | local MASK=$4 | ||
131 | |||
132 | netjail_next_interface | ||
133 | local NUM_IF=$RESULT | ||
134 | netjail_next_interface | ||
135 | local NUM_BR=$RESULT | ||
136 | |||
137 | local LINK_IF=$(printf "%06x-%08x" $PREFIX $NUM_IF) | ||
138 | local LINK_BR=$(printf "%06x-%08x" $PREFIX $NUM_BR) | ||
139 | |||
140 | ip link add $LINK_IF type veth peer name $LINK_BR | ||
141 | ip link set $LINK_IF netns $NODE | ||
142 | ip link set $LINK_BR master $BRIDGE | ||
143 | |||
144 | ip -n $NODE addr add "$ADDRESS/$MASK" dev $LINK_IF | ||
145 | ip -n $NODE link set $LINK_IF up | ||
146 | ip -n $NODE link set up dev lo | ||
147 | |||
148 | ip link set $LINK_BR up | ||
149 | |||
150 | RESULT=$LINK_BR | ||
151 | } | ||
152 | |||
153 | netjail_node_unlink_bridge() { | ||
154 | local LINK_BR=$1 | ||
155 | |||
156 | ip link delete $LINK_BR | ||
157 | } | ||
158 | |||
159 | netjail_node_add_nat() { | ||
160 | local NODE=$1 | ||
161 | local ADDRESS=$2 | ||
162 | local MASK=$3 | ||
163 | |||
164 | ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE | ||
165 | } | ||
166 | |||
167 | netjail_node_add_default() { | ||
168 | local NODE=$1 | ||
169 | local ADDRESS=$2 | ||
170 | |||
171 | ip -n $NODE route add default via $ADDRESS | ||
172 | } | ||
173 | |||
174 | netjail_node_exec() { | ||
175 | local NODE=$1 | ||
176 | local FD_IN=$2 | ||
177 | local FD_OUT=$3 | ||
178 | shift 3 | ||
179 | |||
180 | ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN | ||
181 | } | ||
182 | |||
183 | netjail_kill() { | ||
184 | local PID=$1 | ||
185 | local MATCH=$(ps --pid $PID | awk "{ if ( \$1 == $PID ) { print \$1 } }" | wc -l) | ||
186 | |||
187 | if [ $MATCH -gt 0 ]; then | ||
188 | kill -n 19 $PID | ||
189 | |||
190 | for CHILD in $(ps -o pid,ppid -ax | awk "{ if ( \$2 == $PID ) { print \$1 } }"); do | ||
191 | netjail_kill $CHILD | ||
192 | done | ||
193 | |||
194 | kill $PID | ||
195 | fi | ||
196 | } | ||
197 | |||
198 | netjail_killall() { | ||
199 | if [ $# -gt 0 ]; then | ||
200 | local PIDS=$1 | ||
201 | |||
202 | for PID in $PIDS; do | ||
203 | netjail_kill $PID | ||
204 | done | ||
205 | fi | ||
206 | } | ||
207 | |||
208 | netjail_waitall() { | ||
209 | if [ $# -gt 0 ]; then | ||
210 | local PIDS=$1 | ||
211 | |||
212 | for PID in $PIDS; do | ||
213 | wait $PID | ||
214 | done | ||
215 | fi | ||
216 | } | ||
217 | |||
diff --git a/contrib/scripts/netjail/netjail_setup_internet.sh b/contrib/scripts/netjail/netjail_setup_internet.sh deleted file mode 100755 index ea820f38c..000000000 --- a/contrib/scripts/netjail/netjail_setup_internet.sh +++ /dev/null | |||
@@ -1,166 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | . "./netjail_core.sh" | ||
4 | |||
5 | set -eu | ||
6 | set -x | ||
7 | |||
8 | export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" | ||
9 | |||
10 | PREFIX=$PPID | ||
11 | LOCAL_M=$1 | ||
12 | GLOBAL_N=$2 | ||
13 | |||
14 | shift 2 | ||
15 | |||
16 | netjail_check $(($LOCAL_M * $GLOBAL_N)) | ||
17 | |||
18 | # Starts optionally an amount of nodes without NAT starting with "92.68.151.1" | ||
19 | netjail_opt '--known' $@ | ||
20 | KNOWN=$RESULT | ||
21 | netjail_opts '--known' 0 $@ | ||
22 | KNOWN_NUM=$RESULT | ||
23 | |||
24 | # Starts optionally 'stunserver' on "92.68.150.254": | ||
25 | netjail_opt '--stun' $@ | ||
26 | STUN=$RESULT | ||
27 | |||
28 | if [ $KNOWN -gt 0 ]; then | ||
29 | shift 2 | ||
30 | |||
31 | KNOWN=$KNOWN_NUM | ||
32 | |||
33 | netjail_check $(($LOCAL_M * $GLOBAL_N + $KNOWN)) | ||
34 | fi | ||
35 | |||
36 | if [ $STUN -gt 0 ]; then | ||
37 | netjail_check_bin stunserver | ||
38 | |||
39 | shift 1 | ||
40 | fi | ||
41 | |||
42 | netjail_check_bin $1 | ||
43 | |||
44 | LOCAL_GROUP="192.168.15" | ||
45 | GLOBAL_GROUP="92.68.150" | ||
46 | KNOWN_GROUP="92.68.151" | ||
47 | |||
48 | CLEANUP=0 | ||
49 | echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/16, stun: $STUN]" | ||
50 | |||
51 | netjail_bridge | ||
52 | NETWORK_NET=$RESULT | ||
53 | |||
54 | for X in $(seq $KNOWN); do | ||
55 | netjail_node | ||
56 | KNOWN_NODES[$X]=$RESULT | ||
57 | netjail_node_link_bridge ${KNOWN_NODES[$X]} $NETWORK_NET "$KNOWN_GROUP.$X" 16 | ||
58 | KNOWN_LINKS[$X]=$RESULT | ||
59 | done | ||
60 | |||
61 | declare -A NODES | ||
62 | declare -A NODE_LINKS | ||
63 | |||
64 | for N in $(seq $GLOBAL_N); do | ||
65 | netjail_node | ||
66 | ROUTERS[$N]=$RESULT | ||
67 | netjail_node_link_bridge ${ROUTERS[$N]} $NETWORK_NET "$GLOBAL_GROUP.$N" 16 | ||
68 | NETWORK_LINKS[$N]=$RESULT | ||
69 | netjail_bridge | ||
70 | ROUTER_NETS[$N]=$RESULT | ||
71 | |||
72 | for M in $(seq $LOCAL_M); do | ||
73 | netjail_node | ||
74 | NODES[$N,$M]=$RESULT | ||
75 | netjail_node_link_bridge ${NODES[$N,$M]} ${ROUTER_NETS[$N]} "$LOCAL_GROUP.$M" 24 | ||
76 | NODE_LINKS[$N,$M]=$RESULT | ||
77 | done | ||
78 | |||
79 | ROUTER_ADDR="$LOCAL_GROUP.$(($LOCAL_M+1))" | ||
80 | netjail_node_link_bridge ${ROUTERS[$N]} ${ROUTER_NETS[$N]} $ROUTER_ADDR 24 | ||
81 | ROUTER_LINKS[$N]=$RESULT | ||
82 | |||
83 | netjail_node_add_nat ${ROUTERS[$N]} $ROUTER_ADDR 24 | ||
84 | |||
85 | for M in $(seq $LOCAL_M); do | ||
86 | netjail_node_add_default ${NODES[$N,$M]} $ROUTER_ADDR | ||
87 | done | ||
88 | done | ||
89 | |||
90 | WAITING="" | ||
91 | KILLING="" | ||
92 | |||
93 | if [ $STUN -gt 0 ]; then | ||
94 | netjail_node | ||
95 | STUN_NODE=$RESULT | ||
96 | netjail_node_link_bridge $STUN_NODE $NETWORK_NET "$GLOBAL_GROUP.254" 16 | ||
97 | STUN_LINK=$RESULT | ||
98 | |||
99 | netjail_node_exec $STUN_NODE 0 1 stunserver & | ||
100 | KILLING="$!" | ||
101 | fi | ||
102 | |||
103 | for X in $(seq $KNOWN); do | ||
104 | INDEX=$(($X - 1)) | ||
105 | |||
106 | FD_X=$(($INDEX * 2 + 3 + 0)) | ||
107 | FD_Y=$(($INDEX * 2 + 3 + 1)) | ||
108 | |||
109 | netjail_node_exec ${KNOWN_NODES[$X]} $FD_X $FD_Y $@ & | ||
110 | WAITING="$! $WAITING" | ||
111 | done | ||
112 | |||
113 | for N in $(seq $GLOBAL_N); do | ||
114 | for M in $(seq $LOCAL_M); do | ||
115 | INDEX=$(($LOCAL_M * ($N - 1) + $M - 1 + $KNOWN)) | ||
116 | |||
117 | FD_X=$(($INDEX * 2 + 3 + 0)) | ||
118 | FD_Y=$(($INDEX * 2 + 3 + 1)) | ||
119 | |||
120 | netjail_node_exec ${NODES[$N,$M]} $FD_X $FD_Y $@ & | ||
121 | WAITING="$! $WAITING" | ||
122 | done | ||
123 | done | ||
124 | |||
125 | cleanup() { | ||
126 | if [ $STUN -gt 0 ]; then | ||
127 | netjail_node_unlink_bridge $STUN_LINK | ||
128 | netjail_node_clear $STUN_NODE | ||
129 | fi | ||
130 | |||
131 | for X in $(seq $KNOWN); do | ||
132 | netjail_node_unlink_bridge ${KNOWN_LINKS[$X]} | ||
133 | netjail_node_clear ${KNOWN_NODES[$X]} | ||
134 | done | ||
135 | |||
136 | for N in $(seq $GLOBAL_N); do | ||
137 | for M in $(seq $LOCAL_M); do | ||
138 | netjail_node_unlink_bridge ${NODE_LINKS[$N,$M]} | ||
139 | netjail_node_clear ${NODES[$N,$M]} | ||
140 | done | ||
141 | |||
142 | netjail_node_unlink_bridge ${ROUTER_LINKS[$N]} | ||
143 | netjail_bridge_clear ${ROUTER_NETS[$N]} | ||
144 | netjail_node_unlink_bridge ${NETWORK_LINKS[$N]} | ||
145 | netjail_node_clear ${ROUTERS[$N]} | ||
146 | done | ||
147 | |||
148 | netjail_bridge_clear $NETWORK_NET | ||
149 | } | ||
150 | |||
151 | trapped_cleanup() { | ||
152 | netjail_killall $WAITING | ||
153 | netjail_killall $KILLING | ||
154 | |||
155 | cleanup | ||
156 | } | ||
157 | |||
158 | trap 'trapped_cleanup' ERR | ||
159 | |||
160 | netjail_waitall $WAITING | ||
161 | netjail_killall $KILLING | ||
162 | wait | ||
163 | |||
164 | cleanup | ||
165 | |||
166 | echo "Done" | ||