2 files changed, 163 insertions, 32 deletions
diff --git a/contrib/scripts/netjail/netjail_core.sh b/contrib/scripts/netjail/netjail_core.sh
index 6a18ea902..1cdbca816 100755
--- a/contrib/scripts/netjail/netjail_core.sh
+++ b/contrib/scripts/netjail/netjail_core.sh
@@ -9,10 +9,28 @@ JAILOR=${SUDO_USER:?must run in sudo}
 export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-netjail_check() {
+netjail_opt() {
-        NODE_COUNT=$1
+        local OPT=$1
+        shift 1
+        INDEX=1
+        while [ $# -gt 0 ]; do
+                if [ "$1" = "$OPT" ]; then
+                        printf "%d" $INDEX
+                        return
+                fi
+                INDEX=$(($INDEX + 1))
+                shift 1
+        done
-        FD_COUNT=$(($(ls /proc/self/fd | wc -w) - 4))
+        printf "%d" 0
+}
+netjail_check() {
+        local NODE_COUNT=$1
+        local FD_COUNT=$(($(ls /proc/self/fd | wc -w) - 4))
        # quit if `$FD_COUNT < ($LOCAL_M * $GLOBAL_N * 2)`:
        # the script also requires `sudo -C ($FD_COUNT + 4)`
@@ -25,43 +43,56 @@ netjail_check() {
        fi
 }
+netjail_check_bin() {
+        local PROGRAM=$1
+        local MATCH=$(ls $(echo $PATH | tr ":" "\n") | grep "^$PROGRAM\$" | tr "\n" " " | awk '{ print $1 }')
+        # quit if the required binary $PROGRAM can not be
+        # found in the used $PATH.
+        if [ "$MATCH" != "$PROGRAM" ]; then
+                echo "Required binary not found: $PROGRAM" >&2
+                exit 1
+        fi
+}
 netjail_print_name() {
        printf "%s%02x%02x" $1 $2 ${3:-0}
 }
 netjail_bridge() {
-        BRIDGE=$1
+        local BRIDGE=$1
        ip link add $BRIDGE type bridge
        ip link set dev $BRIDGE up
 }
 netjail_bridge_clear() {
-        BRIDGE=$1
+        local BRIDGE=$1
        ip link delete $BRIDGE
 }
 netjail_node() {
-        NODE=$1
+        local NODE=$1
        ip netns add $NODE
 }
 netjail_node_clear() {
-        NODE=$1
+        local NODE=$1
        ip netns delete $NODE
 }
 netjail_node_link_bridge() {
-        NODE=$1
+        local NODE=$1
-        BRIDGE=$2
+        local BRIDGE=$2
-        ADDRESS=$3
+        local ADDRESS=$3
-        MASK=$4
+        local MASK=$4
        
-        LINK_IF="$NODE-$BRIDGE-0"
+        local LINK_IF="$NODE-$BRIDGE-0"
-        LINK_BR="$NODE-$BRIDGE-1"
+        local LINK_BR="$NODE-$BRIDGE-1"
        ip link add $LINK_IF type veth peer name $LINK_BR
        ip link set $LINK_IF netns $NODE
@@ -74,27 +105,71 @@ netjail_node_link_bridge() {
        ip link set $LINK_BR up
 }
+netjail_node_unlink_bridge() {
+        local NODE=$1
+        local BRIDGE=$2
+        
+        local LINK_BR="$NODE-$BRIDGE-1"
+        ip link delete $LINK_BR
+}
 netjail_node_add_nat() {
-        NODE=$1
+        local NODE=$1
-        ADDRESS=$2
+        local ADDRESS=$2
-        MASK=$3
+        local MASK=$3
        ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE
 }
 netjail_node_add_default() {
-        NODE=$1
+        local NODE=$1
-        ADDRESS=$2
+        local ADDRESS=$2
        ip -n $NODE route add default via $ADDRESS
 }
 netjail_node_exec() {
-        NODE=$1
+        local NODE=$1
-        FD_IN=$2
+        local FD_IN=$2
-        FD_OUT=$3
+        local FD_OUT=$3
        shift 3
        unshare -fp --kill-child -- ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN
 }
+netjail_kill() {
+        local PID=$1
+        local MATCH=$(ps --pid $PID | awk "{ if ( \$1 == $PID ) { print \$1 } }" | wc -l)
+        if [ $MATCH -gt 0 ]; then
+                kill -n 19 $PID
+                for CHILD in $(ps -o pid,ppid -ax | awk "{ if ( \$2 == $PID ) { print \$1 } }"); do
+                        netjail_kill $CHILD
+                done
+                kill $PID
+        fi
+}
+netjail_killall() {
+        if [ $# -gt 0 ]; then
+                local PIDS=$1
+                for PID in $PIDS; do
+                        netjail_kill $PID
+                done
+        fi
+}
+netjail_waitall() {
+        if [ $# -gt 0 ]; then
+                local PIDS=$1
+                for PID in $PIDS; do
+                        wait $PID
+                done
+        fi
+}
diff --git a/contrib/scripts/netjail/netjail_setup_internet.sh b/contrib/scripts/netjail/netjail_setup_internet.sh
index d99709555..de8ef8f15 100755
--- a/contrib/scripts/netjail/netjail_setup_internet.sh
+++ b/contrib/scripts/netjail/netjail_setup_internet.sh
@@ -9,16 +9,30 @@ export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 LOCAL_M=$1
 GLOBAL_N=$2
-# TODO: stunserver? ..and globally known peer?
+# TODO: globally known peer?
 shift 2
 netjail_check $(($LOCAL_M * $GLOBAL_N))
+# Starts optionally 'stunserver' on "92.68.150.$(($GLOBAL_N + 1))":
+STUN=$(netjail_opt '--stun' $@)
+if [ $STUN -gt 0 ]; then
+        netjail_check_bin stunserver
+        
+        shift 1
+        
+        STUN_NODE=$(netjail_print_name "S" 254)
+fi
+netjail_check_bin $1
 LOCAL_GROUP="192.168.15"
 GLOBAL_GROUP="92.68.150"
-echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/24]"
+CLEANUP=0
+echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/24, stun: $STUN]"
 NETWORK_NET=$(netjail_print_name "n" $GLOBAL_N $LOCAL_M)
@@ -53,6 +67,17 @@ for N in $(seq $GLOBAL_N); do
        done
 done
+WAITING=""
+KILLING=""
+if [ $STUN -gt 0 ]; then
+        netjail_node $STUN_NODE
+        netjail_node_link_bridge $STUN_NODE $NETWORK_NET "$GLOBAL_GROUP.254" 24
+        netjail_node_exec $STUN_NODE 0 1 stunserver &
+        KILLING="$!"
+fi
 for N in $(seq $GLOBAL_N); do
        for M in $(seq $LOCAL_M); do
                NODE=$(netjail_print_name "N" $N $M)
@@ -62,20 +87,51 @@ for N in $(seq $GLOBAL_N); do
                FD_Y=$(($INDEX * 2 + 3 + 1))
                netjail_node_exec $NODE $FD_X $FD_Y $@ &
+                WAITING="$! $WAITING"
        done
 done
-wait
+cleanup() {
+        if [ $STUN -gt 0 ]; then
+                STUN_NODE=$(netjail_print_name "S" 254)
-for N in $(seq $GLOBAL_N); do
+                netjail_node_unlink_bridge $STUN_NODE $NETWORK_NET
-        for M in $(seq $LOCAL_M); do
+                netjail_node_clear $STUN_NODE
-                netjail_node_clear $(netjail_print_name "N" $N $M)
+        fi
+        for N in $(seq $GLOBAL_N); do
+                ROUTER_NET=$(netjail_print_name "r" $N)
+                for M in $(seq $LOCAL_M); do
+                        NODE=$(netjail_print_name "N" $N $M)
+                        netjail_node_unlink_bridge $NODE $ROUTER_NET
+                        netjail_node_clear $NODE
+                done
+                ROUTER=$(netjail_print_name "R" $N)
+                
+                netjail_bridge_clear $ROUTER_NET
+                netjail_node_unlink_bridge $ROUTER $NETWORK_NET
+                netjail_node_clear $ROUTER
        done
-        
-        netjail_bridge_clear $(netjail_print_name "r" $N)
-        netjail_node_clear $(netjail_print_name "R" $N)
-done
-netjail_bridge_clear $NETWORK_NET
+        netjail_bridge_clear $NETWORK_NET
+}
+trapped_cleanup() {
+        netjail_killall $WAITING
+        netjail_killall $KILLING
+        cleanup
+}
+trap 'trapped_cleanup' 2
+netjail_waitall $WAITING
+netjail_killall $KILLING
+wait
+cleanup
 echo "Done"

diff --git a/contrib/scripts/netjail/netjail_core.sh b/contrib/scripts/netjail/netjail_core.sh index 6a18ea902..1cdbca816 100755 --- a/contrib/scripts/netjail/netjail_core.sh +++ b/contrib/scripts/netjail/netjail_core.sh
@@ -9,10 +9,28 @@ JAILOR=${SUDO_USER:?must run in sudo}
9		9
10	export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"	10	export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
11		11
12	netjail_check() {	12	netjail_opt() {
13	NODE_COUNT=$1	13	local OPT=$1
		14	shift 1
		15
		16	INDEX=1
		17
		18	while [ $# -gt 0 ]; do
		19	if [ "$1" = "$OPT" ]; then
		20	printf "%d" $INDEX
		21	return
		22	fi
		23
		24	INDEX=$(($INDEX + 1))
		25	shift 1
		26	done
14		27
15	FD_COUNT=$(($(ls /proc/self/fd \| wc -w) - 4))	28	printf "%d" 0
		29	}
		30
		31	netjail_check() {
		32	local NODE_COUNT=$1
		33	local FD_COUNT=$(($(ls /proc/self/fd \| wc -w) - 4))
16		34
17	# quit if `$FD_COUNT < ($LOCAL_M * $GLOBAL_N * 2)`:	35	# quit if `$FD_COUNT < ($LOCAL_M * $GLOBAL_N * 2)`:
18	# the script also requires `sudo -C ($FD_COUNT + 4)`	36	# the script also requires `sudo -C ($FD_COUNT + 4)`
@@ -25,43 +43,56 @@ netjail_check() {
25	fi	43	fi
26	}	44	}
27		45
		46	netjail_check_bin() {
		47	local PROGRAM=$1
		48	local MATCH=$(ls $(echo $PATH \| tr ":" "\n") \| grep "^$PROGRAM\$" \| tr "\n" " " \| awk '{ print $1 }')
		49
		50	# quit if the required binary $PROGRAM can not be
		51	# found in the used $PATH.
		52
		53	if [ "$MATCH" != "$PROGRAM" ]; then
		54	echo "Required binary not found: $PROGRAM" >&2
		55	exit 1
		56	fi
		57	}
		58
28	netjail_print_name() {	59	netjail_print_name() {
29	printf "%s%02x%02x" $1 $2 ${3:-0}	60	printf "%s%02x%02x" $1 $2 ${3:-0}
30	}	61	}
31		62
32	netjail_bridge() {	63	netjail_bridge() {
33	BRIDGE=$1	64	local BRIDGE=$1
34		65
35	ip link add $BRIDGE type bridge	66	ip link add $BRIDGE type bridge
36	ip link set dev $BRIDGE up	67	ip link set dev $BRIDGE up
37	}	68	}
38		69
39	netjail_bridge_clear() {	70	netjail_bridge_clear() {
40	BRIDGE=$1	71	local BRIDGE=$1
41		72
42	ip link delete $BRIDGE	73	ip link delete $BRIDGE
43	}	74	}
44		75
45	netjail_node() {	76	netjail_node() {
46	NODE=$1	77	local NODE=$1
47		78
48	ip netns add $NODE	79	ip netns add $NODE
49	}	80	}
50		81
51	netjail_node_clear() {	82	netjail_node_clear() {
52	NODE=$1	83	local NODE=$1
53		84
54	ip netns delete $NODE	85	ip netns delete $NODE
55	}	86	}
56		87
57	netjail_node_link_bridge() {	88	netjail_node_link_bridge() {
58	NODE=$1	89	local NODE=$1
59	BRIDGE=$2	90	local BRIDGE=$2
60	ADDRESS=$3	91	local ADDRESS=$3
61	MASK=$4	92	local MASK=$4
62		93
63	LINK_IF="$NODE-$BRIDGE-0"	94	local LINK_IF="$NODE-$BRIDGE-0"
64	LINK_BR="$NODE-$BRIDGE-1"	95	local LINK_BR="$NODE-$BRIDGE-1"
65		96
66	ip link add $LINK_IF type veth peer name $LINK_BR	97	ip link add $LINK_IF type veth peer name $LINK_BR
67	ip link set $LINK_IF netns $NODE	98	ip link set $LINK_IF netns $NODE
@@ -74,27 +105,71 @@ netjail_node_link_bridge() {
74	ip link set $LINK_BR up	105	ip link set $LINK_BR up
75	}	106	}
76		107
		108	netjail_node_unlink_bridge() {
		109	local NODE=$1
		110	local BRIDGE=$2
		111
		112	local LINK_BR="$NODE-$BRIDGE-1"
		113
		114	ip link delete $LINK_BR
		115	}
		116
77	netjail_node_add_nat() {	117	netjail_node_add_nat() {
78	NODE=$1	118	local NODE=$1
79	ADDRESS=$2	119	local ADDRESS=$2
80	MASK=$3	120	local MASK=$3
81		121
82	ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE	122	ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE
83	}	123	}
84		124
85	netjail_node_add_default() {	125	netjail_node_add_default() {
86	NODE=$1	126	local NODE=$1
87	ADDRESS=$2	127	local ADDRESS=$2
88		128
89	ip -n $NODE route add default via $ADDRESS	129	ip -n $NODE route add default via $ADDRESS
90	}	130	}
91		131
92	netjail_node_exec() {	132	netjail_node_exec() {
93	NODE=$1	133	local NODE=$1
94	FD_IN=$2	134	local FD_IN=$2
95	FD_OUT=$3	135	local FD_OUT=$3
96	shift 3	136	shift 3
97		137
98	unshare -fp --kill-child -- ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN	138	unshare -fp --kill-child -- ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN
99	}	139	}
100		140
		141	netjail_kill() {
		142	local PID=$1
		143	local MATCH=$(ps --pid $PID \| awk "{ if ( \$1 == $PID ) { print \$1 } }" \| wc -l)
		144
		145	if [ $MATCH -gt 0 ]; then
		146	kill -n 19 $PID
		147
		148	for CHILD in $(ps -o pid,ppid -ax \| awk "{ if ( \$2 == $PID ) { print \$1 } }"); do
		149	netjail_kill $CHILD
		150	done
		151
		152	kill $PID
		153	fi
		154	}
		155
		156	netjail_killall() {
		157	if [ $# -gt 0 ]; then
		158	local PIDS=$1
		159
		160	for PID in $PIDS; do
		161	netjail_kill $PID
		162	done
		163	fi
		164	}
		165
		166	netjail_waitall() {
		167	if [ $# -gt 0 ]; then
		168	local PIDS=$1
		169
		170	for PID in $PIDS; do
		171	wait $PID
		172	done
		173	fi
		174	}
		175


diff --git a/contrib/scripts/netjail/netjail_setup_internet.sh b/contrib/scripts/netjail/netjail_setup_internet.sh index d99709555..de8ef8f15 100755 --- a/contrib/scripts/netjail/netjail_setup_internet.sh +++ b/contrib/scripts/netjail/netjail_setup_internet.sh
@@ -9,16 +9,30 @@ export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
9	LOCAL_M=$1	9	LOCAL_M=$1
10	GLOBAL_N=$2	10	GLOBAL_N=$2
11		11
12	# TODO: stunserver? ..and globally known peer?	12	# TODO: globally known peer?
13		13
14	shift 2	14	shift 2
15		15
16	netjail_check $(($LOCAL_M * $GLOBAL_N))	16	netjail_check $(($LOCAL_M * $GLOBAL_N))
17		17
		18	# Starts optionally 'stunserver' on "92.68.150.$(($GLOBAL_N + 1))":
		19	STUN=$(netjail_opt '--stun' $@)
		20
		21	if [ $STUN -gt 0 ]; then
		22	netjail_check_bin stunserver
		23
		24	shift 1
		25
		26	STUN_NODE=$(netjail_print_name "S" 254)
		27	fi
		28
		29	netjail_check_bin $1
		30
18	LOCAL_GROUP="192.168.15"	31	LOCAL_GROUP="192.168.15"
19	GLOBAL_GROUP="92.68.150"	32	GLOBAL_GROUP="92.68.150"
20		33
21	echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/24]"	34	CLEANUP=0
		35	echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/24, stun: $STUN]"
22		36
23	NETWORK_NET=$(netjail_print_name "n" $GLOBAL_N $LOCAL_M)	37	NETWORK_NET=$(netjail_print_name "n" $GLOBAL_N $LOCAL_M)
24		38
@@ -53,6 +67,17 @@ for N in $(seq $GLOBAL_N); do
53	done	67	done
54	done	68	done
55		69
		70	WAITING=""
		71	KILLING=""
		72
		73	if [ $STUN -gt 0 ]; then
		74	netjail_node $STUN_NODE
		75	netjail_node_link_bridge $STUN_NODE $NETWORK_NET "$GLOBAL_GROUP.254" 24
		76
		77	netjail_node_exec $STUN_NODE 0 1 stunserver &
		78	KILLING="$!"
		79	fi
		80
56	for N in $(seq $GLOBAL_N); do	81	for N in $(seq $GLOBAL_N); do
57	for M in $(seq $LOCAL_M); do	82	for M in $(seq $LOCAL_M); do
58	NODE=$(netjail_print_name "N" $N $M)	83	NODE=$(netjail_print_name "N" $N $M)
@@ -62,20 +87,51 @@ for N in $(seq $GLOBAL_N); do
62	FD_Y=$(($INDEX * 2 + 3 + 1))	87	FD_Y=$(($INDEX * 2 + 3 + 1))
63		88
64	netjail_node_exec $NODE $FD_X $FD_Y $@ &	89	netjail_node_exec $NODE $FD_X $FD_Y $@ &
		90	WAITING="$! $WAITING"
65	done	91	done
66	done	92	done
67		93
68	wait	94	cleanup() {
		95	if [ $STUN -gt 0 ]; then
		96	STUN_NODE=$(netjail_print_name "S" 254)
69		97
70	for N in $(seq $GLOBAL_N); do	98	netjail_node_unlink_bridge $STUN_NODE $NETWORK_NET
71	for M in $(seq $LOCAL_M); do	99	netjail_node_clear $STUN_NODE
72	netjail_node_clear $(netjail_print_name "N" $N $M)	100	fi
		101
		102	for N in $(seq $GLOBAL_N); do
		103	ROUTER_NET=$(netjail_print_name "r" $N)
		104
		105	for M in $(seq $LOCAL_M); do
		106	NODE=$(netjail_print_name "N" $N $M)
		107
		108	netjail_node_unlink_bridge $NODE $ROUTER_NET
		109	netjail_node_clear $NODE
		110	done
		111
		112	ROUTER=$(netjail_print_name "R" $N)
		113
		114	netjail_bridge_clear $ROUTER_NET
		115	netjail_node_unlink_bridge $ROUTER $NETWORK_NET
		116	netjail_node_clear $ROUTER
73	done	117	done
74
75	netjail_bridge_clear $(netjail_print_name "r" $N)
76	netjail_node_clear $(netjail_print_name "R" $N)
77	done
78		118
79	netjail_bridge_clear $NETWORK_NET	119	netjail_bridge_clear $NETWORK_NET
		120	}
		121
		122	trapped_cleanup() {
		123	netjail_killall $WAITING
		124	netjail_killall $KILLING
		125
		126	cleanup
		127	}
		128
		129	trap 'trapped_cleanup' 2
		130
		131	netjail_waitall $WAITING
		132	netjail_killall $KILLING
		133	wait
		134
		135	cleanup
80		136
81	echo "Done"	137	echo "Done"