From d82d90817dc100c0005447f7513cb549fac4646d Mon Sep 17 00:00:00 2001 From: TheJackiMonster Date: Fri, 7 May 2021 12:21:14 +0200 Subject: -added signal handling and proper cleanup to netjail Signed-off-by: TheJackiMonster --- contrib/scripts/netjail/netjail_core.sh | 89 ++++++++++++++--------- contrib/scripts/netjail/netjail_setup_internet.sh | 54 ++++++++++---- 2 files changed, 94 insertions(+), 49 deletions(-) (limited to 'contrib') diff --git a/contrib/scripts/netjail/netjail_core.sh b/contrib/scripts/netjail/netjail_core.sh index cbf25434b..1cdbca816 100755 --- a/contrib/scripts/netjail/netjail_core.sh +++ b/contrib/scripts/netjail/netjail_core.sh @@ -10,7 +10,7 @@ JAILOR=${SUDO_USER:?must run in sudo} export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" netjail_opt() { - OPT=$1 + local OPT=$1 shift 1 INDEX=1 @@ -29,9 +29,8 @@ netjail_opt() { } netjail_check() { - NODE_COUNT=$1 - - FD_COUNT=$(($(ls /proc/self/fd | wc -w) - 4)) + local NODE_COUNT=$1 + local FD_COUNT=$(($(ls /proc/self/fd | wc -w) - 4)) # quit if `$FD_COUNT < ($LOCAL_M * $GLOBAL_N * 2)`: # the script also requires `sudo -C ($FD_COUNT + 4)` @@ -45,9 +44,8 @@ netjail_check() { } netjail_check_bin() { - PROGRAM=$1 - - MATCH=$(ls $(echo $PATH | tr ":" "\n") | grep "^$PROGRAM\$" | tr "\n" " " | awk '{ print $1 }') + local PROGRAM=$1 + local MATCH=$(ls $(echo $PATH | tr ":" "\n") | grep "^$PROGRAM\$" | tr "\n" " " | awk '{ print $1 }') # quit if the required binary $PROGRAM can not be # found in the used $PATH. @@ -63,38 +61,38 @@ netjail_print_name() { } netjail_bridge() { - BRIDGE=$1 + local BRIDGE=$1 ip link add $BRIDGE type bridge ip link set dev $BRIDGE up } netjail_bridge_clear() { - BRIDGE=$1 + local BRIDGE=$1 ip link delete $BRIDGE } netjail_node() { - NODE=$1 + local NODE=$1 ip netns add $NODE } netjail_node_clear() { - NODE=$1 + local NODE=$1 ip netns delete $NODE } netjail_node_link_bridge() { - NODE=$1 - BRIDGE=$2 - ADDRESS=$3 - MASK=$4 + local NODE=$1 + local BRIDGE=$2 + local ADDRESS=$3 + local MASK=$4 - LINK_IF="$NODE-$BRIDGE-0" - LINK_BR="$NODE-$BRIDGE-1" + local LINK_IF="$NODE-$BRIDGE-0" + local LINK_BR="$NODE-$BRIDGE-1" ip link add $LINK_IF type veth peer name $LINK_BR ip link set $LINK_IF netns $NODE @@ -108,45 +106,70 @@ netjail_node_link_bridge() { } netjail_node_unlink_bridge() { - NODE=$1 - BRIDGE=$2 + local NODE=$1 + local BRIDGE=$2 - LINK_BR="$NODE-$BRIDGE-1" + local LINK_BR="$NODE-$BRIDGE-1" ip link delete $LINK_BR } netjail_node_add_nat() { - NODE=$1 - ADDRESS=$2 - MASK=$3 + local NODE=$1 + local ADDRESS=$2 + local MASK=$3 ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE } netjail_node_add_default() { - NODE=$1 - ADDRESS=$2 + local NODE=$1 + local ADDRESS=$2 ip -n $NODE route add default via $ADDRESS } netjail_node_exec() { - NODE=$1 - FD_IN=$2 - FD_OUT=$3 + local NODE=$1 + local FD_IN=$2 + local FD_OUT=$3 shift 3 unshare -fp --kill-child -- ip netns exec $NODE sudo -u $JAILOR -- $@ 1>& $FD_OUT 0<& $FD_IN } netjail_kill() { - PID=$1 + local PID=$1 + local MATCH=$(ps --pid $PID | awk "{ if ( \$1 == $PID ) { print \$1 } }" | wc -l) - for CHILD in $(ps -o pid,ppid -ax | awk "{ if ( \$2 == $PID ) { print \$1 } }"); do - netjail_kill $CHILD - done + if [ $MATCH -gt 0 ]; then + kill -n 19 $PID + + for CHILD in $(ps -o pid,ppid -ax | awk "{ if ( \$2 == $PID ) { print \$1 } }"); do + netjail_kill $CHILD + done + + kill $PID + fi +} - kill $PID +netjail_killall() { + if [ $# -gt 0 ]; then + local PIDS=$1 + + for PID in $PIDS; do + netjail_kill $PID + done + fi +} + +netjail_waitall() { + if [ $# -gt 0 ]; then + local PIDS=$1 + + for PID in $PIDS; do + wait $PID + done + fi } diff --git a/contrib/scripts/netjail/netjail_setup_internet.sh b/contrib/scripts/netjail/netjail_setup_internet.sh index 7ff25c014..de8ef8f15 100755 --- a/contrib/scripts/netjail/netjail_setup_internet.sh +++ b/contrib/scripts/netjail/netjail_setup_internet.sh @@ -31,6 +31,7 @@ netjail_check_bin $1 LOCAL_GROUP="192.168.15" GLOBAL_GROUP="92.68.150" +CLEANUP=0 echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/24, stun: $STUN]" NETWORK_NET=$(netjail_print_name "n" $GLOBAL_N $LOCAL_M) @@ -90,26 +91,47 @@ for N in $(seq $GLOBAL_N); do done done -for PID in $WAITING; do wait $PID; done -for PID in $KILLING; do netjail_kill $PID; done -wait +cleanup() { + if [ $STUN -gt 0 ]; then + STUN_NODE=$(netjail_print_name "S" 254) -if [ $STUN -gt 0 ]; then - STUN_NODE=$(netjail_print_name "S" 254) + netjail_node_unlink_bridge $STUN_NODE $NETWORK_NET + netjail_node_clear $STUN_NODE + fi - netjail_node_unlink_bridge $STUN_NODE $NETWORK_NET - netjail_node_clear $STUN_NODE -fi + for N in $(seq $GLOBAL_N); do + ROUTER_NET=$(netjail_print_name "r" $N) -for N in $(seq $GLOBAL_N); do - for M in $(seq $LOCAL_M); do - netjail_node_clear $(netjail_print_name "N" $N $M) + for M in $(seq $LOCAL_M); do + NODE=$(netjail_print_name "N" $N $M) + + netjail_node_unlink_bridge $NODE $ROUTER_NET + netjail_node_clear $NODE + done + + ROUTER=$(netjail_print_name "R" $N) + + netjail_bridge_clear $ROUTER_NET + netjail_node_unlink_bridge $ROUTER $NETWORK_NET + netjail_node_clear $ROUTER done - - netjail_bridge_clear $(netjail_print_name "r" $N) - netjail_node_clear $(netjail_print_name "R" $N) -done -netjail_bridge_clear $NETWORK_NET + netjail_bridge_clear $NETWORK_NET +} + +trapped_cleanup() { + netjail_killall $WAITING + netjail_killall $KILLING + + cleanup +} + +trap 'trapped_cleanup' 2 + +netjail_waitall $WAITING +netjail_killall $KILLING +wait + +cleanup echo "Done" -- cgit v1.2.3