diff options
Diffstat (limited to 'src/testing')
| -rwxr-xr-x | src/testing/netjail_core.sh | 107 | ||||
| -rwxr-xr-x | src/testing/netjail_exec.sh | 2 | ||||
| -rwxr-xr-x | src/testing/netjail_start.sh | 2 | ||||
| -rwxr-xr-x | src/testing/netjail_stop.sh | 2 |
4 files changed, 110 insertions, 3 deletions
diff --git a/src/testing/netjail_core.sh b/src/testing/netjail_core.sh new file mode 100755 index 000000000..f49d4b312 --- /dev/null +++ b/src/testing/netjail_core.sh @@ -0,0 +1,107 @@ +#!/bin/sh +# + +JAILOR=${SUDO_USER:?must run in sudo} + +# running with `sudo` is required to be +# able running the actual commands as the +# original user. + +export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +netjail_check() { + NODE_COUNT=$1 + + FD_COUNT=$(($(ls /proc/self/fd | wc -w) - 4)) + + # quit if `$FD_COUNT < ($LOCAL_M * $GLOBAL_N * 2)`: + # the script also requires `sudo -C ($FD_COUNT + 4)` + # so you need 'Defaults closefrom_override' in the + # sudoers file. + + if [ $FD_COUNT -lt $(($NODE_COUNT * 2)) ]; then + echo "File descriptors do not match requirements!" >&2 + exit 1 + fi +} + +netjail_print_name() { + printf "%s%02x%02x" $1 $2 ${3:-0} +} + +netjail_bridge() { + BRIDGE=$1 + + ip link add $BRIDGE type bridge + ip link set dev $BRIDGE up +} + +netjail_bridge_clear() { + BRIDGE=$1 + + ip link delete $BRIDGE +} + +netjail_node() { + NODE=$1 + + ip netns add $NODE +} + +netjail_node_clear() { + NODE=$1 + + ip netns delete $NODE +} + +netjail_node_link_bridge() { + NODE=$1 + BRIDGE=$2 + ADDRESS=$3 + MASK=$4 + + LINK_IF="$NODE-$BRIDGE-0" + LINK_BR="$NODE-$BRIDGE-1" + + ip link add $LINK_IF type veth peer name $LINK_BR + ip link set $LINK_IF netns $NODE + ip link set $LINK_BR master $BRIDGE + + ip -n $NODE addr add "$ADDRESS/$MASK" dev $LINK_IF + ip -n $NODE link set $LINK_IF up + ip -n $NODE link set up dev lo + + ip link set $LINK_BR up +} + +netjail_node_add_nat() { + NODE=$1 + ADDRESS=$2 + MASK=$3 + + ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE +} + +netjail_node_add_default() { + NODE=$1 + ADDRESS=$2 + + ip -n $NODE route add default via $ADDRESS +} + +netjail_node_exec() { + NODE=$1 + FD_IN=$2 + FD_OUT=$3 + shift 3 + + ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN +} + +netjail_node_exec_without_fds() { + NODE=$1 + shift 1 + + ip netns exec $NODE sudo -u $JAILOR -- $@ +} + diff --git a/src/testing/netjail_exec.sh b/src/testing/netjail_exec.sh index b76d2e444..c20a8c117 100755 --- a/src/testing/netjail_exec.sh +++ b/src/testing/netjail_exec.sh @@ -1,5 +1,5 @@ #!/bin/sh -. "./../testbed/netjail_core.sh" +. "./../testing/netjail_core.sh" set -eu set -x diff --git a/src/testing/netjail_start.sh b/src/testing/netjail_start.sh index 4c1c33c83..0984a3c42 100755 --- a/src/testing/netjail_start.sh +++ b/src/testing/netjail_start.sh @@ -1,5 +1,5 @@ #!/bin/sh -. "./../testbed/netjail_core.sh" +. "./../testing/netjail_core.sh" set -eu set -x diff --git a/src/testing/netjail_stop.sh b/src/testing/netjail_stop.sh index 689bf7ae9..08f68cf7f 100755 --- a/src/testing/netjail_stop.sh +++ b/src/testing/netjail_stop.sh @@ -1,5 +1,5 @@ #!/bin/sh -. "./../testbed/netjail_core.sh" +. "./../testing/netjail_core.sh" set -eu set -x |