aboutsummaryrefslogtreecommitdiff
path: root/contrib/scripts
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/scripts')
-rwxr-xr-xcontrib/scripts/netjail/netjail_core.sh47
-rwxr-xr-xcontrib/scripts/netjail/netjail_setup_internet.sh92
2 files changed, 73 insertions, 66 deletions
diff --git a/contrib/scripts/netjail/netjail_core.sh b/contrib/scripts/netjail/netjail_core.sh
index 1bfc365e7..c93f26dc9 100755
--- a/contrib/scripts/netjail/netjail_core.sh
+++ b/contrib/scripts/netjail/netjail_core.sh
@@ -2,6 +2,7 @@
2# 2#
3 3
4JAILOR=${SUDO_USER:?must run in sudo} 4JAILOR=${SUDO_USER:?must run in sudo}
5PREFIX=${PPID:?must run from a parent process}
5 6
6# running with `sudo` is required to be 7# running with `sudo` is required to be
7# able running the actual commands as the 8# able running the actual commands as the
@@ -9,6 +10,24 @@ JAILOR=${SUDO_USER:?must run in sudo}
9 10
10export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 11export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
11 12
13# initialize the numbering to ensure unique names
14
15NAMESPACE_NUM=${NAMESPACE_FD:?must have a file for ids}
16INTERFACE_NUM=${INTERFACE_FD:?must have a file for ids}
17
18netjail_read_inc() {
19 local FD=$1
20 local NUM=$(cat $FD)
21 NUM=${NUM:-0}
22
23 local RES=$NUM
24 NUM=$(($NUM + 1))
25
26 echo $NUM > $FD
27
28 printf "$RES"
29}
30
12netjail_opt() { 31netjail_opt() {
13 local OPT=$1 32 local OPT=$1
14 shift 1 33 shift 1
@@ -73,15 +92,14 @@ netjail_check_bin() {
73 fi 92 fi
74} 93}
75 94
76netjail_print_name() {
77 printf "%s%02x%02x" $1 $2 ${3:-0}
78}
79
80netjail_bridge() { 95netjail_bridge() {
81 local BRIDGE=$1 96 local NUM=$(netjail_read_inc $INTERFACE_NUM)
97 local BRIDGE=$(printf "%06x-%08x" $PREFIX $NUM)
82 98
83 ip link add $BRIDGE type bridge 99 ip link add $BRIDGE type bridge
84 ip link set dev $BRIDGE up 100 ip link set dev $BRIDGE up
101
102 printf "%s" $BRIDGE
85} 103}
86 104
87netjail_bridge_clear() { 105netjail_bridge_clear() {
@@ -91,9 +109,12 @@ netjail_bridge_clear() {
91} 109}
92 110
93netjail_node() { 111netjail_node() {
94 local NODE=$1 112 local NUM=$(netjail_read_inc $NAMESPACE_NUM)
113 local NODE=$(printf "%06x-%08x" $PREFIX $NUM)
95 114
96 ip netns add $NODE 115 ip netns add $NODE
116
117 printf "%s" $NODE
97} 118}
98 119
99netjail_node_clear() { 120netjail_node_clear() {
@@ -108,8 +129,11 @@ netjail_node_link_bridge() {
108 local ADDRESS=$3 129 local ADDRESS=$3
109 local MASK=$4 130 local MASK=$4
110 131
111 local LINK_IF="$NODE-$BRIDGE-0" 132 local NUM_IF=$(netjail_read_inc $INTERFACE_NUM)
112 local LINK_BR="$NODE-$BRIDGE-1" 133 local NUM_BR=$(netjail_read_inc $INTERFACE_NUM)
134
135 local LINK_IF=$(printf "%06x-%08x" $PREFIX $NUM_IF)
136 local LINK_BR=$(printf "%06x-%08x" $PREFIX $NUM_BR)
113 137
114 ip link add $LINK_IF type veth peer name $LINK_BR 138 ip link add $LINK_IF type veth peer name $LINK_BR
115 ip link set $LINK_IF netns $NODE 139 ip link set $LINK_IF netns $NODE
@@ -120,13 +144,12 @@ netjail_node_link_bridge() {
120 ip -n $NODE link set up dev lo 144 ip -n $NODE link set up dev lo
121 145
122 ip link set $LINK_BR up 146 ip link set $LINK_BR up
147
148 printf "%s" $LINK_BR
123} 149}
124 150
125netjail_node_unlink_bridge() { 151netjail_node_unlink_bridge() {
126 local NODE=$1 152 local LINK_BR=$1
127 local BRIDGE=$2
128
129 local LINK_BR="$NODE-$BRIDGE-1"
130 153
131 ip link delete $LINK_BR 154 ip link delete $LINK_BR
132} 155}
diff --git a/contrib/scripts/netjail/netjail_setup_internet.sh b/contrib/scripts/netjail/netjail_setup_internet.sh
index 6ae047274..c9a6fd6d8 100755
--- a/contrib/scripts/netjail/netjail_setup_internet.sh
+++ b/contrib/scripts/netjail/netjail_setup_internet.sh
@@ -1,4 +1,10 @@
1#!/bin/sh 1#!/bin/sh
2
3NAMESPACE_FD=$(mktemp)
4INTERFACE_FD=$(mktemp)
5
6trap "rm -f $NAMESPACE_FD $INTERFACE_FD; exit" ERR EXIT
7
2. "./netjail_core.sh" 8. "./netjail_core.sh"
3 9
4set -eu 10set -eu
@@ -6,6 +12,7 @@ set -x
6 12
7export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 13export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
8 14
15PREFIX=$PPID
9LOCAL_M=$1 16LOCAL_M=$1
10GLOBAL_N=$2 17GLOBAL_N=$2
11 18
@@ -32,8 +39,6 @@ if [ $STUN -gt 0 ]; then
32 netjail_check_bin stunserver 39 netjail_check_bin stunserver
33 40
34 shift 1 41 shift 1
35
36 STUN_NODE=$(netjail_print_name "S" 254)
37fi 42fi
38 43
39netjail_check_bin $1 44netjail_check_bin $1
@@ -45,43 +50,33 @@ KNOWN_GROUP="92.68.151"
45CLEANUP=0 50CLEANUP=0
46echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/16, stun: $STUN]" 51echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/16, stun: $STUN]"
47 52
48NETWORK_NET=$(netjail_print_name "n" $GLOBAL_N $LOCAL_M) 53NETWORK_NET=$(netjail_bridge)
49
50netjail_bridge $NETWORK_NET
51 54
52for X in $(seq $KNOWN); do 55for X in $(seq $KNOWN); do
53 KNOWN_NODE=$(netjail_print_name "K" $X) 56 KNOWN_NODES[$X]=$(netjail_node)
54 57 KNOWN_LINKS[$X]=$(netjail_node_link_bridge ${KNOWN_NODES[$X]} $NETWORK_NET "$KNOWN_GROUP.$X" 16)
55 netjail_node $KNOWN_NODE
56 netjail_node_link_bridge $KNOWN_NODE $NETWORK_NET "$KNOWN_GROUP.$X" 16
57done 58done
58 59
59for N in $(seq $GLOBAL_N); do 60declare -A NODES
60 ROUTER=$(netjail_print_name "R" $N) 61declare -A NODE_LINKS
61
62 netjail_node $ROUTER
63 netjail_node_link_bridge $ROUTER $NETWORK_NET "$GLOBAL_GROUP.$N" 16
64
65 ROUTER_NET=$(netjail_print_name "r" $N)
66 62
67 netjail_bridge $ROUTER_NET 63for N in $(seq $GLOBAL_N); do
64 ROUTERS[$N]=$(netjail_node)
65 NETWORK_LINKS[$N]=$(netjail_node_link_bridge ${ROUTERS[$N]} $NETWORK_NET "$GLOBAL_GROUP.$N" 16)
66 ROUTER_NETS[$N]=$(netjail_bridge)
68 67
69 for M in $(seq $LOCAL_M); do 68 for M in $(seq $LOCAL_M); do
70 NODE=$(netjail_print_name "N" $N $M) 69 NODES[$N,$M]=$(netjail_node)
71 70 NODE_LINKS[$N,$M]=$(netjail_node_link_bridge ${NODES[$N,$M]} ${ROUTER_NETS[$N]} "$LOCAL_GROUP.$M" 24)
72 netjail_node $NODE
73 netjail_node_link_bridge $NODE $ROUTER_NET "$LOCAL_GROUP.$M" 24
74 done 71 done
75 72
76 ROUTER_ADDR="$LOCAL_GROUP.$(($LOCAL_M+1))" 73 ROUTER_ADDR="$LOCAL_GROUP.$(($LOCAL_M+1))"
77 74 ROUTER_LINKS[$N]=$(netjail_node_link_bridge ${ROUTERS[$N]} ${ROUTER_NETS[$N]} $ROUTER_ADDR 24)
78 netjail_node_link_bridge $ROUTER $ROUTER_NET $ROUTER_ADDR 24 75
79 netjail_node_add_nat $ROUTER $ROUTER_ADDR 24 76 netjail_node_add_nat ${ROUTERS[$N]} $ROUTER_ADDR 24
80 77
81 for M in $(seq $LOCAL_M); do 78 for M in $(seq $LOCAL_M); do
82 NODE=$(netjail_print_name "N" $N $M) 79 netjail_node_add_default ${NODES[$N,$M]} $ROUTER_ADDR
83
84 netjail_node_add_default $NODE $ROUTER_ADDR
85 done 80 done
86done 81done
87 82
@@ -89,67 +84,56 @@ WAITING=""
89KILLING="" 84KILLING=""
90 85
91if [ $STUN -gt 0 ]; then 86if [ $STUN -gt 0 ]; then
92 netjail_node $STUN_NODE 87 STUN_NODE=$(netjail_node)
93 netjail_node_link_bridge $STUN_NODE $NETWORK_NET "$GLOBAL_GROUP.254" 16 88 STUN_LINK=$(netjail_node_link_bridge $STUN_NODE $NETWORK_NET "$GLOBAL_GROUP.254" 16)
94 89
95 netjail_node_exec $STUN_NODE 0 1 stunserver & 90 netjail_node_exec $STUN_NODE 0 1 stunserver &
96 KILLING="$!" 91 KILLING="$!"
97fi 92fi
98 93
99for X in $(seq $KNOWN); do 94for X in $(seq $KNOWN); do
100 KNOWN_NODE=$(netjail_print_name "K" $X)
101 INDEX=$(($X - 1)) 95 INDEX=$(($X - 1))
102 96
103 FD_X=$(($INDEX * 2 + 3 + 0)) 97 FD_X=$(($INDEX * 2 + 3 + 0))
104 FD_Y=$(($INDEX * 2 + 3 + 1)) 98 FD_Y=$(($INDEX * 2 + 3 + 1))
105 99
106 netjail_node_exec $KNOWN_NODE $FD_X $FD_Y $@ & 100 netjail_node_exec ${KNOWN_NODES[$X]} $FD_X $FD_Y $@ &
107 WAITING="$! $WAITING" 101 WAITING="$! $WAITING"
108done 102done
109 103
110for N in $(seq $GLOBAL_N); do 104for N in $(seq $GLOBAL_N); do
111 for M in $(seq $LOCAL_M); do 105 for M in $(seq $LOCAL_M); do
112 NODE=$(netjail_print_name "N" $N $M)
113 INDEX=$(($LOCAL_M * ($N - 1) + $M - 1 + $KNOWN)) 106 INDEX=$(($LOCAL_M * ($N - 1) + $M - 1 + $KNOWN))
114 107
115 FD_X=$(($INDEX * 2 + 3 + 0)) 108 FD_X=$(($INDEX * 2 + 3 + 0))
116 FD_Y=$(($INDEX * 2 + 3 + 1)) 109 FD_Y=$(($INDEX * 2 + 3 + 1))
117 110
118 netjail_node_exec $NODE $FD_X $FD_Y $@ & 111 netjail_node_exec ${NODES[$N,$M]} $FD_X $FD_Y $@ &
119 WAITING="$! $WAITING" 112 WAITING="$! $WAITING"
120 done 113 done
121done 114done
122 115
123cleanup() { 116cleanup() {
124 if [ $STUN -gt 0 ]; then 117 if [ $STUN -gt 0 ]; then
125 STUN_NODE=$(netjail_print_name "S" 254) 118 netjail_node_unlink_bridge $STUN_LINK
126
127 netjail_node_unlink_bridge $STUN_NODE $NETWORK_NET
128 netjail_node_clear $STUN_NODE 119 netjail_node_clear $STUN_NODE
129 fi 120 fi
130 121
131 for X in $(seq $KNOWN); do 122 for X in $(seq $KNOWN); do
132 KNOWN_NODE=$(netjail_print_name "K" $X) 123 netjail_node_unlink_bridge ${KNOWN_LINKS[$X]}
133 124 netjail_node_clear ${KNOWN_NODES[$X]}
134 netjail_node_unlink_bridge $KNOWN_NODE $NETWORK_NET
135 netjail_node_clear $KNOWN_NODE
136 done 125 done
137 126
138 for N in $(seq $GLOBAL_N); do 127 for N in $(seq $GLOBAL_N); do
139 ROUTER_NET=$(netjail_print_name "r" $N)
140
141 for M in $(seq $LOCAL_M); do 128 for M in $(seq $LOCAL_M); do
142 NODE=$(netjail_print_name "N" $N $M) 129 netjail_node_unlink_bridge ${NODE_LINKS[$N,$M]}
143 130 netjail_node_clear ${NODES[$N,$M]}
144 netjail_node_unlink_bridge $NODE $ROUTER_NET
145 netjail_node_clear $NODE
146 done 131 done
147 132
148 ROUTER=$(netjail_print_name "R" $N) 133 netjail_node_unlink_bridge ${ROUTER_LINKS[$N]}
149 134 netjail_bridge_clear ${ROUTER_NETS[$N]}
150 netjail_bridge_clear $ROUTER_NET 135 netjail_node_unlink_bridge ${NETWORK_LINKS[$N]}
151 netjail_node_unlink_bridge $ROUTER $NETWORK_NET 136 netjail_node_clear ${ROUTERS[$N]}
152 netjail_node_clear $ROUTER
153 done 137 done
154 138
155 netjail_bridge_clear $NETWORK_NET 139 netjail_bridge_clear $NETWORK_NET
@@ -162,7 +146,7 @@ trapped_cleanup() {
162 cleanup 146 cleanup
163} 147}
164 148
165trap 'trapped_cleanup' 2 149trap 'trapped_cleanup' ERR
166 150
167netjail_waitall $WAITING 151netjail_waitall $WAITING
168netjail_killall $KILLING 152netjail_killall $KILLING