From 140381ff489213ce890e660ae37a18ae7587c4fb Mon Sep 17 00:00:00 2001
From: Joe Crayne <joe@jerkface.net>
Date: Fri, 24 Jan 2020 00:12:57 -0500
Subject: vnet tests: tcp cage scripts.

---
 dht/vnet/tcp-build.sh | 32 ++++++++++++++++++++++++++++++++
 dht/vnet/tcp-clean.sh | 13 +++++++++++++
 dht/vnet/tcp-enter.sh | 15 +++++++++++++++
 3 files changed, 60 insertions(+)
 create mode 100755 dht/vnet/tcp-build.sh
 create mode 100755 dht/vnet/tcp-clean.sh
 create mode 100755 dht/vnet/tcp-enter.sh

diff --git a/dht/vnet/tcp-build.sh b/dht/vnet/tcp-build.sh
new file mode 100755
index 00000000..fc88cb29
--- /dev/null
+++ b/dht/vnet/tcp-build.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+digit=${1:-0}
+
+iface=$(ip route | awk '/^default/{ if ($4 == "dev") print($5); }')
+iface=${iface:-wlan0}
+num=$(ip addr show $iface | sed -n '/\s\+inet 192/ s/\s\+inet 192\.168\.[0-9]*\.\([0-9]*\).*$/\1/ p')
+num=${num:-88}
+
+dd=$(( 59 - $digit ))
+
+
+set -x
+
+ip link add tcp$digit type veth peer name tcpp$digit
+ip netns add tcpp$digit; ip link set tcpp$digit netns tcpp$digit
+
+nsenter --net=/var/run/netns/tcpp$digit ip addr add 127.0.0.1/8 dev lo
+nsenter --net=/var/run/netns/tcpp$digit ip addr add ::1/128 dev lo
+nsenter --net=/var/run/netns/tcpp$digit ip link set up dev lo
+
+ip addr add $dd.$num.99.98/31 dev tcp$digit
+ip link set up dev tcp$digit
+
+nsenter --net=/var/run/netns/tcpp$digit ip addr add $dd.$num.99.99/31 dev tcpp$digit
+nsenter --net=/var/run/netns/tcpp$digit ip link set up dev tcpp$digit
+nsenter --net=/var/run/netns/tcpp$digit ip route add default via $dd.$num.99.98
+
+nsenter --net=/var/run/netns/tcpp$digit iptables -A OUTPUT -p udp -j DROP
+nsenter --net=/var/run/netns/tcpp$digit iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+nsenter --net=/var/run/netns/tcpp$digit iptables -A INPUT -j DROP
+iptables -I FORWARD 1 -i tcp$digit -o $iface -j DROP
diff --git a/dht/vnet/tcp-clean.sh b/dht/vnet/tcp-clean.sh
new file mode 100755
index 00000000..7ee0bcbd
--- /dev/null
+++ b/dht/vnet/tcp-clean.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+digit=${1:-0}
+
+set -x
+
+iptables -D FORWARD -i tcp$digit -o $iface -j DROP
+nsenter --net=/var/run/netns/tcpp$digit iptables -D INPUT -j DROP
+nsenter --net=/var/run/netns/tcpp$digit iptables -D INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+nsenter --net=/var/run/netns/tcpp$digit iptables -D OUTPUT -p udp -j DROP
+
+ip link del tcp$digit
+ip netns del tcpp$digit
diff --git a/dht/vnet/tcp-enter.sh b/dht/vnet/tcp-enter.sh
new file mode 100755
index 00000000..970485ed
--- /dev/null
+++ b/dht/vnet/tcp-enter.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+cmd="$@"
+digit=0
+user=$(id -un)
+cmd=${cmd:-bash}
+tmp=/tmp/env.$$
+mkdir -p $tmp
+echo $user > $tmp/USER
+echo $HOME > $tmp/HOME
+echo tcp$digit > $tmp/debian_chroot
+sudo -E nsenter --net=/var/run/netns/tcpp$digit chpst -e $tmp -u $user:$user:sudo $cmd
+rm $tmp/USER
+rm $tmp/HOME
+rm $tmp/debian_chroot
+rmdir $tmp
-- 
cgit v1.2.3