[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnunet] 02/06: TNG: Added code in the netjail scripts to enable router
From: |
gnunet |
Subject: |
[gnunet] 02/06: TNG: Added code in the netjail scripts to enable router nodes to forward icmp requests and response. |
Date: |
Fri, 27 Jan 2023 13:17:09 +0100 |
This is an automated email from the git hooks/post-receive script.
t3sserakt pushed a commit to branch master
in repository gnunet.
commit a21cb18203056306fa08ecbcaf4100a6c94cc4d9
Author: t3sserakt <t3ss@posteo.de>
AuthorDate: Fri Jan 27 13:02:44 2023 +0100
TNG: Added code in the netjail scripts to enable router nodes to forward
icmp requests
and response.
---
contrib/netjail/netjail_core.sh | 14 +++++++-------
contrib/netjail/netjail_start.sh | 34 ++++++++++++++++++++++++++++++++--
2 files changed, 39 insertions(+), 9 deletions(-)
diff --git a/contrib/netjail/netjail_core.sh b/contrib/netjail/netjail_core.sh
index 302ae922f..cb2a271b8 100755
--- a/contrib/netjail/netjail_core.sh
+++ b/contrib/netjail/netjail_core.sh
@@ -145,12 +145,12 @@ netjail_node_link_bridge() {
local BRIDGE=$2
local ADDRESS=$3
local MASK=$4
-
+
netjail_next_interface
local NUM_IF=$RESULT
netjail_next_interface
local NUM_BR=$RESULT
-
+
local LINK_IF=$(printf $INTERFACE_FORMAT_STRING $PREPREFIX $PREFIX
$NUM_IF)
local LINK_BR=$(printf $INTERFACE_FORMAT_STRING $PREPREFIX $PREFIX
$NUM_BR)
@@ -163,18 +163,18 @@ netjail_node_link_bridge() {
ip -n $NODE link set up dev lo
ip link set $LINK_BR up
-
- RESULT=$LINK_BR
+
+ RESULT=$LINK_IF
}
netjail_node_link_bridge_name() {
-
+
netjail_next_interface
netjail_next_interface
local NUM_BR=$RESULT
-
+
local LINK_BR=$(printf $INTERFACE_FORMAT_STRING $PREPREFIX $PREFIX
$NUM_BR)
-
+
RESULT=$LINK_BR
}
diff --git a/contrib/netjail/netjail_start.sh b/contrib/netjail/netjail_start.sh
index e68745746..35e51abb4 100755
--- a/contrib/netjail/netjail_start.sh
+++ b/contrib/netjail/netjail_start.sh
@@ -52,6 +52,13 @@ for X in $(seq $KNOWN); do
KNOWN_NODES[$X]=$RESULT
netjail_node_link_bridge ${KNOWN_NODES[$X]} $NETWORK_NET
"$KNOWN_GROUP.$X" 16
KNOWN_LINKS[$X]=$RESULT
+
+ # Execute echo 1 > /proc/sys/net/netfilter/nf_log_all_netns to make
itables log to the host.
+ #ip netns exec ${KNOWN_NODES[$X]} iptables -A INPUT -j LOG --log-prefix
'** Known ${KNOWN_NODES[$X]} **'
+ #ip netns exec ${KNOWN_NODES[$X]} iptables -A OUTPUT -j LOG --log-prefix
'** Known ${KNOWN_NODES[$X]} **'
+ ip netns exec ${KNOWN_NODES[$X]} iptables -A OUTPUT -p icmp -j ACCEPT
+ ip netns exec ${KNOWN_NODES[$X]} iptables -A INPUT -p icmp -j ACCEPT
+
done
declare -A NODES
@@ -61,18 +68,36 @@ for N in $(seq $GLOBAL_N); do
netjail_node
ROUTERS[$N]=$RESULT
netjail_node_link_bridge ${ROUTERS[$N]} $NETWORK_NET "$GLOBAL_GROUP.$N"
16
- NETWORK_LINKS[$N]=$RESULT
+ ROUTER_EXT_IF[$N]=$RESULT
netjail_bridge
ROUTER_NETS[$N]=$RESULT
-
+
+ #ip netns exec ${ROUTERS[$N]} iptables -A INPUT -j LOG --log-prefix '**
Router ${ROUTERS[$N]} **'
+ ip netns exec ${ROUTERS[$N]} iptables -A INPUT -p icmp -j ACCEPT
+ ip netns exec ${ROUTERS[$N]} iptables -t nat -A PREROUTING -p icmp -d
$GLOBAL_GROUP.$N -j DNAT --to $LOCAL_GROUP.1
+ ip netns exec ${ROUTERS[$N]} iptables -A FORWARD -p icmp -d $LOCAL_GROUP.1
-m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
+ #ip netns exec ${ROUTERS[$N]} iptables -A OUTPUT -j LOG --log-prefix '**
Router ${ROUTERS[$N]} **'
+ ip netns exec ${ROUTERS[$N]} iptables -A OUTPUT -p icmp -j ACCEPT
+
for M in $(seq $LOCAL_M); do
netjail_node
NODES[$N,$M]=$RESULT
netjail_node_link_bridge ${NODES[$N,$M]} ${ROUTER_NETS[$N]}
"$LOCAL_GROUP.$M" 24
NODE_LINKS[$N,$M]=$RESULT
+
+ #ip netns exec ${NODES[$N,$M]} iptables -A INPUT -j LOG --log-prefix
'** Node ${NODES[$N,$M]} **'
+ #ip netns exec ${NODES[$N,$M]} iptables -A OUTPUT -j LOG --log-prefix
'** Node ${NODES[$N,$M]} **'
+ ip netns exec ${NODES[$N,$M]} iptables -A OUTPUT -p icmp -j ACCEPT
+ ip netns exec ${NODES[$N,$M]} iptables -A INPUT -p icmp -j ACCEPT
done
ROUTER_ADDR="$LOCAL_GROUP.$(($LOCAL_M+1))"
+
+ let X=$KNOWN+1
+ ip netns exec ${ROUTERS[$N]} ip route add "$KNOWN_GROUP.$X" dev
${ROUTER_EXT_IF[$N]}
+ ip netns exec ${ROUTERS[$N]} ip route add default via "$KNOWN_GROUP.$X"
+
+
netjail_node_link_bridge ${ROUTERS[$N]} ${ROUTER_NETS[$N]} $ROUTER_ADDR
24
ROUTER_LINKS[$N]=$RESULT
@@ -135,3 +160,8 @@ for N in $(seq $GLOBAL_N); do
ip netns exec ${ROUTERS[$N]} ./${R_SCRIPT[$N]} ${ROUTER_NETS[$N]} 1
fi
done
+
+# We like to have a node acting as a gateway for all router nodes. This is
especially needed for sending fake ICMP packets.
+netjail_node
+GATEWAY=$RESULT
+netjail_node_link_bridge $GATEWAY $NETWORK_NET "$KNOWN_GROUP.$X" 16
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [gnunet] branch master updated (56b93c5ca -> 2652a92f5), gnunet, 2023/01/27
- [gnunet] 02/06: TNG: Added code in the netjail scripts to enable router nodes to forward icmp requests and response.,
gnunet <=
- [gnunet] 03/06: TNG: Added nat reversal code to tcp communicator. Prepared udp communicator., gnunet, 2023/01/27
- [gnunet] 01/06: TNG: - Added topology file for tcp icmp nat hole punching test case. - Added code to configure connection attempts to natted peers., gnunet, 2023/01/27
- [gnunet] 04/06: TNG: Fixed bug happening during check for pending validation requests after nat reversal., gnunet, 2023/01/27
- [gnunet] 05/06: TNG: Added tcp icmp nat hole punching test case script, and fixed bugs occuring during shutdown., gnunet, 2023/01/27
- [gnunet] 06/06: Merge branch 'master' of ssh://git.gnunet.org/gnunet, gnunet, 2023/01/27