diff options
Diffstat (limited to 'dht/vnet')
-rwxr-xr-x | dht/vnet/tcp-build.sh | 32 | ||||
-rwxr-xr-x | dht/vnet/tcp-clean.sh | 13 | ||||
-rwxr-xr-x | dht/vnet/tcp-enter.sh | 15 |
3 files changed, 60 insertions, 0 deletions
diff --git a/dht/vnet/tcp-build.sh b/dht/vnet/tcp-build.sh new file mode 100755 index 00000000..fc88cb29 --- /dev/null +++ b/dht/vnet/tcp-build.sh | |||
@@ -0,0 +1,32 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | digit=${1:-0} | ||
4 | |||
5 | iface=$(ip route | awk '/^default/{ if ($4 == "dev") print($5); }') | ||
6 | iface=${iface:-wlan0} | ||
7 | num=$(ip addr show $iface | sed -n '/\s\+inet 192/ s/\s\+inet 192\.168\.[0-9]*\.\([0-9]*\).*$/\1/ p') | ||
8 | num=${num:-88} | ||
9 | |||
10 | dd=$(( 59 - $digit )) | ||
11 | |||
12 | |||
13 | set -x | ||
14 | |||
15 | ip link add tcp$digit type veth peer name tcpp$digit | ||
16 | ip netns add tcpp$digit; ip link set tcpp$digit netns tcpp$digit | ||
17 | |||
18 | nsenter --net=/var/run/netns/tcpp$digit ip addr add 127.0.0.1/8 dev lo | ||
19 | nsenter --net=/var/run/netns/tcpp$digit ip addr add ::1/128 dev lo | ||
20 | nsenter --net=/var/run/netns/tcpp$digit ip link set up dev lo | ||
21 | |||
22 | ip addr add $dd.$num.99.98/31 dev tcp$digit | ||
23 | ip link set up dev tcp$digit | ||
24 | |||
25 | nsenter --net=/var/run/netns/tcpp$digit ip addr add $dd.$num.99.99/31 dev tcpp$digit | ||
26 | nsenter --net=/var/run/netns/tcpp$digit ip link set up dev tcpp$digit | ||
27 | nsenter --net=/var/run/netns/tcpp$digit ip route add default via $dd.$num.99.98 | ||
28 | |||
29 | nsenter --net=/var/run/netns/tcpp$digit iptables -A OUTPUT -p udp -j DROP | ||
30 | nsenter --net=/var/run/netns/tcpp$digit iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | ||
31 | nsenter --net=/var/run/netns/tcpp$digit iptables -A INPUT -j DROP | ||
32 | iptables -I FORWARD 1 -i tcp$digit -o $iface -j DROP | ||
diff --git a/dht/vnet/tcp-clean.sh b/dht/vnet/tcp-clean.sh new file mode 100755 index 00000000..7ee0bcbd --- /dev/null +++ b/dht/vnet/tcp-clean.sh | |||
@@ -0,0 +1,13 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | digit=${1:-0} | ||
4 | |||
5 | set -x | ||
6 | |||
7 | iptables -D FORWARD -i tcp$digit -o $iface -j DROP | ||
8 | nsenter --net=/var/run/netns/tcpp$digit iptables -D INPUT -j DROP | ||
9 | nsenter --net=/var/run/netns/tcpp$digit iptables -D INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | ||
10 | nsenter --net=/var/run/netns/tcpp$digit iptables -D OUTPUT -p udp -j DROP | ||
11 | |||
12 | ip link del tcp$digit | ||
13 | ip netns del tcpp$digit | ||
diff --git a/dht/vnet/tcp-enter.sh b/dht/vnet/tcp-enter.sh new file mode 100755 index 00000000..970485ed --- /dev/null +++ b/dht/vnet/tcp-enter.sh | |||
@@ -0,0 +1,15 @@ | |||
1 | #!/bin/sh | ||
2 | cmd="$@" | ||
3 | digit=0 | ||
4 | user=$(id -un) | ||
5 | cmd=${cmd:-bash} | ||
6 | tmp=/tmp/env.$$ | ||
7 | mkdir -p $tmp | ||
8 | echo $user > $tmp/USER | ||
9 | echo $HOME > $tmp/HOME | ||
10 | echo tcp$digit > $tmp/debian_chroot | ||
11 | sudo -E nsenter --net=/var/run/netns/tcpp$digit chpst -e $tmp -u $user:$user:sudo $cmd | ||
12 | rm $tmp/USER | ||
13 | rm $tmp/HOME | ||
14 | rm $tmp/debian_chroot | ||
15 | rmdir $tmp | ||