aboutsummaryrefslogtreecommitdiff
path: root/contrib/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/scripts')
-rwxr-xr-xcontrib/scripts/netjail/netjail_core.sh89
-rwxr-xr-xcontrib/scripts/netjail/netjail_setup_internet.sh54
2 files changed, 94 insertions, 49 deletions
diff --git a/contrib/scripts/netjail/netjail_core.sh b/contrib/scripts/netjail/netjail_core.sh
index cbf25434b..1cdbca816 100755
--- a/contrib/scripts/netjail/netjail_core.sh
+++ b/contrib/scripts/netjail/netjail_core.sh
@@ -10,7 +10,7 @@ JAILOR=${SUDO_USER:?must run in sudo}
10export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 10export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
11 11
12netjail_opt() { 12netjail_opt() {
13 OPT=$1 13 local OPT=$1
14 shift 1 14 shift 1
15 15
16 INDEX=1 16 INDEX=1
@@ -29,9 +29,8 @@ netjail_opt() {
29} 29}
30 30
31netjail_check() { 31netjail_check() {
32 NODE_COUNT=$1 32 local NODE_COUNT=$1
33 33 local FD_COUNT=$(($(ls /proc/self/fd | wc -w) - 4))
34 FD_COUNT=$(($(ls /proc/self/fd | wc -w) - 4))
35 34
36 # quit if `$FD_COUNT < ($LOCAL_M * $GLOBAL_N * 2)`: 35 # quit if `$FD_COUNT < ($LOCAL_M * $GLOBAL_N * 2)`:
37 # the script also requires `sudo -C ($FD_COUNT + 4)` 36 # the script also requires `sudo -C ($FD_COUNT + 4)`
@@ -45,9 +44,8 @@ netjail_check() {
45} 44}
46 45
47netjail_check_bin() { 46netjail_check_bin() {
48 PROGRAM=$1 47 local PROGRAM=$1
49 48 local MATCH=$(ls $(echo $PATH | tr ":" "\n") | grep "^$PROGRAM\$" | tr "\n" " " | awk '{ print $1 }')
50 MATCH=$(ls $(echo $PATH | tr ":" "\n") | grep "^$PROGRAM\$" | tr "\n" " " | awk '{ print $1 }')
51 49
52 # quit if the required binary $PROGRAM can not be 50 # quit if the required binary $PROGRAM can not be
53 # found in the used $PATH. 51 # found in the used $PATH.
@@ -63,38 +61,38 @@ netjail_print_name() {
63} 61}
64 62
65netjail_bridge() { 63netjail_bridge() {
66 BRIDGE=$1 64 local BRIDGE=$1
67 65
68 ip link add $BRIDGE type bridge 66 ip link add $BRIDGE type bridge
69 ip link set dev $BRIDGE up 67 ip link set dev $BRIDGE up
70} 68}
71 69
72netjail_bridge_clear() { 70netjail_bridge_clear() {
73 BRIDGE=$1 71 local BRIDGE=$1
74 72
75 ip link delete $BRIDGE 73 ip link delete $BRIDGE
76} 74}
77 75
78netjail_node() { 76netjail_node() {
79 NODE=$1 77 local NODE=$1
80 78
81 ip netns add $NODE 79 ip netns add $NODE
82} 80}
83 81
84netjail_node_clear() { 82netjail_node_clear() {
85 NODE=$1 83 local NODE=$1
86 84
87 ip netns delete $NODE 85 ip netns delete $NODE
88} 86}
89 87
90netjail_node_link_bridge() { 88netjail_node_link_bridge() {
91 NODE=$1 89 local NODE=$1
92 BRIDGE=$2 90 local BRIDGE=$2
93 ADDRESS=$3 91 local ADDRESS=$3
94 MASK=$4 92 local MASK=$4
95 93
96 LINK_IF="$NODE-$BRIDGE-0" 94 local LINK_IF="$NODE-$BRIDGE-0"
97 LINK_BR="$NODE-$BRIDGE-1" 95 local LINK_BR="$NODE-$BRIDGE-1"
98 96
99 ip link add $LINK_IF type veth peer name $LINK_BR 97 ip link add $LINK_IF type veth peer name $LINK_BR
100 ip link set $LINK_IF netns $NODE 98 ip link set $LINK_IF netns $NODE
@@ -108,45 +106,70 @@ netjail_node_link_bridge() {
108} 106}
109 107
110netjail_node_unlink_bridge() { 108netjail_node_unlink_bridge() {
111 NODE=$1 109 local NODE=$1
112 BRIDGE=$2 110 local BRIDGE=$2
113 111
114 LINK_BR="$NODE-$BRIDGE-1" 112 local LINK_BR="$NODE-$BRIDGE-1"
115 113
116 ip link delete $LINK_BR 114 ip link delete $LINK_BR
117} 115}
118 116
119netjail_node_add_nat() { 117netjail_node_add_nat() {
120 NODE=$1 118 local NODE=$1
121 ADDRESS=$2 119 local ADDRESS=$2
122 MASK=$3 120 local MASK=$3
123 121
124 ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE 122 ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE
125} 123}
126 124
127netjail_node_add_default() { 125netjail_node_add_default() {
128 NODE=$1 126 local NODE=$1
129 ADDRESS=$2 127 local ADDRESS=$2
130 128
131 ip -n $NODE route add default via $ADDRESS 129 ip -n $NODE route add default via $ADDRESS
132} 130}
133 131
134netjail_node_exec() { 132netjail_node_exec() {
135 NODE=$1 133 local NODE=$1
136 FD_IN=$2 134 local FD_IN=$2
137 FD_OUT=$3 135 local FD_OUT=$3
138 shift 3 136 shift 3
139 137
140 unshare -fp --kill-child -- ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN 138 unshare -fp --kill-child -- ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN
141} 139}
142 140
143netjail_kill() { 141netjail_kill() {
144 PID=$1 142 local PID=$1
143 local MATCH=$(ps --pid $PID | awk "{ if ( \$1 == $PID ) { print \$1 } }" | wc -l)
145 144
146 for CHILD in $(ps -o pid,ppid -ax | awk "{ if ( \$2 == $PID ) { print \$1 } }"); do 145 if [ $MATCH -gt 0 ]; then
147 netjail_kill $CHILD 146 kill -n 19 $PID
148 done 147
148 for CHILD in $(ps -o pid,ppid -ax | awk "{ if ( \$2 == $PID ) { print \$1 } }"); do
149 netjail_kill $CHILD
150 done
151
152 kill $PID
153 fi
154}
149 155
150 kill $PID 156netjail_killall() {
157 if [ $# -gt 0 ]; then
158 local PIDS=$1
159
160 for PID in $PIDS; do
161 netjail_kill $PID
162 done
163 fi
164}
165
166netjail_waitall() {
167 if [ $# -gt 0 ]; then
168 local PIDS=$1
169
170 for PID in $PIDS; do
171 wait $PID
172 done
173 fi
151} 174}
152 175
diff --git a/contrib/scripts/netjail/netjail_setup_internet.sh b/contrib/scripts/netjail/netjail_setup_internet.sh
index 7ff25c014..de8ef8f15 100755
--- a/contrib/scripts/netjail/netjail_setup_internet.sh
+++ b/contrib/scripts/netjail/netjail_setup_internet.sh
@@ -31,6 +31,7 @@ netjail_check_bin $1
31LOCAL_GROUP="192.168.15" 31LOCAL_GROUP="192.168.15"
32GLOBAL_GROUP="92.68.150" 32GLOBAL_GROUP="92.68.150"
33 33
34CLEANUP=0
34echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/24, stun: $STUN]" 35echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/24, stun: $STUN]"
35 36
36NETWORK_NET=$(netjail_print_name "n" $GLOBAL_N $LOCAL_M) 37NETWORK_NET=$(netjail_print_name "n" $GLOBAL_N $LOCAL_M)
@@ -90,26 +91,47 @@ for N in $(seq $GLOBAL_N); do
90 done 91 done
91done 92done
92 93
93for PID in $WAITING; do wait $PID; done 94cleanup() {
94for PID in $KILLING; do netjail_kill $PID; done 95 if [ $STUN -gt 0 ]; then
95wait 96 STUN_NODE=$(netjail_print_name "S" 254)
96 97
97if [ $STUN -gt 0 ]; then 98 netjail_node_unlink_bridge $STUN_NODE $NETWORK_NET
98 STUN_NODE=$(netjail_print_name "S" 254) 99 netjail_node_clear $STUN_NODE
100 fi
99 101
100 netjail_node_unlink_bridge $STUN_NODE $NETWORK_NET 102 for N in $(seq $GLOBAL_N); do
101 netjail_node_clear $STUN_NODE 103 ROUTER_NET=$(netjail_print_name "r" $N)
102fi
103 104
104for N in $(seq $GLOBAL_N); do 105 for M in $(seq $LOCAL_M); do
105 for M in $(seq $LOCAL_M); do 106 NODE=$(netjail_print_name "N" $N $M)
106 netjail_node_clear $(netjail_print_name "N" $N $M) 107
108 netjail_node_unlink_bridge $NODE $ROUTER_NET
109 netjail_node_clear $NODE
110 done
111
112 ROUTER=$(netjail_print_name "R" $N)
113
114 netjail_bridge_clear $ROUTER_NET
115 netjail_node_unlink_bridge $ROUTER $NETWORK_NET
116 netjail_node_clear $ROUTER
107 done 117 done
108
109 netjail_bridge_clear $(netjail_print_name "r" $N)
110 netjail_node_clear $(netjail_print_name "R" $N)
111done
112 118
113netjail_bridge_clear $NETWORK_NET 119 netjail_bridge_clear $NETWORK_NET
120}
121
122trapped_cleanup() {
123 netjail_killall $WAITING
124 netjail_killall $KILLING
125
126 cleanup
127}
128
129trap 'trapped_cleanup' 2
130
131netjail_waitall $WAITING
132netjail_killall $KILLING
133wait
134
135cleanup
114 136
115echo "Done" 137echo "Done"