[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] branch master updated: -first netjail setup with NATs integrate
|
From: |
gnunet |
|
Subject: |
[gnunet] branch master updated: -first netjail setup with NATs integrated |
|
Date: |
Mon, 19 Apr 2021 21:23:24 +0200 |
This is an automated email from the git hooks/post-receive script.
thejackimonster pushed a commit to branch master
in repository gnunet.
The following commit(s) were added to refs/heads/master by this push:
new 1fc1b732d -first netjail setup with NATs integrated
1fc1b732d is described below
commit 1fc1b732d334d86d16c5284a9363033bce678096
Author: TheJackiMonster <thejackimonster@gmail.com>
AuthorDate: Mon Apr 19 21:21:09 2021 +0200
-first netjail setup with NATs integrated
Signed-off-by: TheJackiMonster <thejackimonster@gmail.com>
---
contrib/scripts/netjail/netjail_core.sh | 100 ++++++++++++++++++++++
contrib/scripts/netjail/netjail_setup_internet.sh | 81 ++++++++++++++++++
2 files changed, 181 insertions(+)
diff --git a/contrib/scripts/netjail/netjail_core.sh
b/contrib/scripts/netjail/netjail_core.sh
new file mode 100755
index 000000000..6a18ea902
--- /dev/null
+++ b/contrib/scripts/netjail/netjail_core.sh
@@ -0,0 +1,100 @@
+#!/bin/sh
+#
+
+JAILOR=${SUDO_USER:?must run in sudo}
+
+# running with `sudo` is required to be
+# able running the actual commands as the
+# original user.
+
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+netjail_check() {
+ NODE_COUNT=$1
+
+ FD_COUNT=$(($(ls /proc/self/fd | wc -w) - 4))
+
+ # quit if `$FD_COUNT < ($LOCAL_M * $GLOBAL_N * 2)`:
+ # the script also requires `sudo -C ($FD_COUNT + 4)`
+ # so you need 'Defaults closefrom_override' in the
+ # sudoers file.
+
+ if [ $FD_COUNT -lt $(($NODE_COUNT * 2)) ]; then
+ echo "File descriptors do not match requirements!" >&2
+ exit 1
+ fi
+}
+
+netjail_print_name() {
+ printf "%s%02x%02x" $1 $2 ${3:-0}
+}
+
+netjail_bridge() {
+ BRIDGE=$1
+
+ ip link add $BRIDGE type bridge
+ ip link set dev $BRIDGE up
+}
+
+netjail_bridge_clear() {
+ BRIDGE=$1
+
+ ip link delete $BRIDGE
+}
+
+netjail_node() {
+ NODE=$1
+
+ ip netns add $NODE
+}
+
+netjail_node_clear() {
+ NODE=$1
+
+ ip netns delete $NODE
+}
+
+netjail_node_link_bridge() {
+ NODE=$1
+ BRIDGE=$2
+ ADDRESS=$3
+ MASK=$4
+
+ LINK_IF="$NODE-$BRIDGE-0"
+ LINK_BR="$NODE-$BRIDGE-1"
+
+ ip link add $LINK_IF type veth peer name $LINK_BR
+ ip link set $LINK_IF netns $NODE
+ ip link set $LINK_BR master $BRIDGE
+
+ ip -n $NODE addr add "$ADDRESS/$MASK" dev $LINK_IF
+ ip -n $NODE link set $LINK_IF up
+ ip -n $NODE link set up dev lo
+
+ ip link set $LINK_BR up
+}
+
+netjail_node_add_nat() {
+ NODE=$1
+ ADDRESS=$2
+ MASK=$3
+
+ ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK"
-j MASQUERADE
+}
+
+netjail_node_add_default() {
+ NODE=$1
+ ADDRESS=$2
+
+ ip -n $NODE route add default via $ADDRESS
+}
+
+netjail_node_exec() {
+ NODE=$1
+ FD_IN=$2
+ FD_OUT=$3
+ shift 3
+
+ unshare -fp --kill-child -- ip netns exec $NODE sudo -u $JAILOR -- $@
1>& $FD_OUT 0<& $FD_IN
+}
+
diff --git a/contrib/scripts/netjail/netjail_setup_internet.sh
b/contrib/scripts/netjail/netjail_setup_internet.sh
new file mode 100755
index 000000000..d99709555
--- /dev/null
+++ b/contrib/scripts/netjail/netjail_setup_internet.sh
@@ -0,0 +1,81 @@
+#!/bin/sh
+. "./netjail_core.sh"
+
+set -eu
+set -x
+
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+LOCAL_M=$1
+GLOBAL_N=$2
+
+# TODO: stunserver? ..and globally known peer?
+
+shift 2
+
+netjail_check $(($LOCAL_M * $GLOBAL_N))
+
+LOCAL_GROUP="192.168.15"
+GLOBAL_GROUP="92.68.150"
+
+echo "Start [local: $LOCAL_GROUP.0/24, global: $GLOBAL_GROUP.0/24]"
+
+NETWORK_NET=$(netjail_print_name "n" $GLOBAL_N $LOCAL_M)
+
+netjail_bridge $NETWORK_NET
+
+for N in $(seq $GLOBAL_N); do
+ ROUTER=$(netjail_print_name "R" $N)
+
+ netjail_node $ROUTER
+ netjail_node_link_bridge $ROUTER $NETWORK_NET "$GLOBAL_GROUP.$N" 24
+
+ ROUTER_NET=$(netjail_print_name "r" $N)
+
+ netjail_bridge $ROUTER_NET
+
+ for M in $(seq $LOCAL_M); do
+ NODE=$(netjail_print_name "N" $N $M)
+
+ netjail_node $NODE
+ netjail_node_link_bridge $NODE $ROUTER_NET "$LOCAL_GROUP.$M" 24
+ done
+
+ ROUTER_ADDR="$LOCAL_GROUP.$(($LOCAL_M+1))"
+
+ netjail_node_link_bridge $ROUTER $ROUTER_NET $ROUTER_ADDR 24
+ netjail_node_add_nat $ROUTER $ROUTER_ADDR 24
+
+ for M in $(seq $LOCAL_M); do
+ NODE=$(netjail_print_name "N" $N $M)
+
+ netjail_node_add_default $NODE $ROUTER_ADDR
+ done
+done
+
+for N in $(seq $GLOBAL_N); do
+ for M in $(seq $LOCAL_M); do
+ NODE=$(netjail_print_name "N" $N $M)
+ INDEX=$(($LOCAL_M * ($N - 1) + $M - 1))
+
+ FD_X=$(($INDEX * 2 + 3 + 0))
+ FD_Y=$(($INDEX * 2 + 3 + 1))
+
+ netjail_node_exec $NODE $FD_X $FD_Y $@ &
+ done
+done
+
+wait
+
+for N in $(seq $GLOBAL_N); do
+ for M in $(seq $LOCAL_M); do
+ netjail_node_clear $(netjail_print_name "N" $N $M)
+ done
+
+ netjail_bridge_clear $(netjail_print_name "r" $N)
+ netjail_node_clear $(netjail_print_name "R" $N)
+done
+
+netjail_bridge_clear $NETWORK_NET
+
+echo "Done"
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [gnunet] branch master updated: -first netjail setup with NATs integrated,
gnunet <=