[gnunet] 02/06: TNG: Added code in the netjail scripts to enable router

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnunet] 02/06: TNG: Added code in the netjail scripts to enable router

From:	gnunet
Subject:	[gnunet] 02/06: TNG: Added code in the netjail scripts to enable router nodes to forward icmp requests and response.
Date:	Fri, 27 Jan 2023 13:17:09 +0100

This is an automated email from the git hooks/post-receive script.

t3sserakt pushed a commit to branch master
in repository gnunet.

commit a21cb18203056306fa08ecbcaf4100a6c94cc4d9
Author: t3sserakt <t3ss@posteo.de>
AuthorDate: Fri Jan 27 13:02:44 2023 +0100

    TNG: Added code in the netjail scripts to enable router nodes to forward 
icmp requests
    and response.
---
 contrib/netjail/netjail_core.sh  | 14 +++++++-------
 contrib/netjail/netjail_start.sh | 34 ++++++++++++++++++++++++++++++++--
 2 files changed, 39 insertions(+), 9 deletions(-)

diff --git a/contrib/netjail/netjail_core.sh b/contrib/netjail/netjail_core.sh
index 302ae922f..cb2a271b8 100755
--- a/contrib/netjail/netjail_core.sh
+++ b/contrib/netjail/netjail_core.sh
@@ -145,12 +145,12 @@ netjail_node_link_bridge() {
        local BRIDGE=$2
        local ADDRESS=$3
        local MASK=$4
-       
+
        netjail_next_interface
        local NUM_IF=$RESULT
        netjail_next_interface
        local NUM_BR=$RESULT
-       
+
        local LINK_IF=$(printf $INTERFACE_FORMAT_STRING $PREPREFIX $PREFIX 
$NUM_IF)
        local LINK_BR=$(printf $INTERFACE_FORMAT_STRING $PREPREFIX $PREFIX 
$NUM_BR)
 
@@ -163,18 +163,18 @@ netjail_node_link_bridge() {
        ip -n $NODE link set up dev lo
 
        ip link set $LINK_BR up
-       
-       RESULT=$LINK_BR
+
+       RESULT=$LINK_IF
 }
 
 netjail_node_link_bridge_name() {
-       
+
        netjail_next_interface
        netjail_next_interface
        local NUM_BR=$RESULT
-       
+
        local LINK_BR=$(printf $INTERFACE_FORMAT_STRING $PREPREFIX $PREFIX 
$NUM_BR)
-       
+
        RESULT=$LINK_BR
 }
 
diff --git a/contrib/netjail/netjail_start.sh b/contrib/netjail/netjail_start.sh
index e68745746..35e51abb4 100755
--- a/contrib/netjail/netjail_start.sh
+++ b/contrib/netjail/netjail_start.sh
@@ -52,6 +52,13 @@ for X in $(seq $KNOWN); do
        KNOWN_NODES[$X]=$RESULT
        netjail_node_link_bridge ${KNOWN_NODES[$X]} $NETWORK_NET 
"$KNOWN_GROUP.$X" 16
        KNOWN_LINKS[$X]=$RESULT
+
+    # Execute echo 1 > /proc/sys/net/netfilter/nf_log_all_netns to make 
itables log to the host.
+    #ip netns exec ${KNOWN_NODES[$X]} iptables -A INPUT -j LOG --log-prefix 
'** Known ${KNOWN_NODES[$X]}  **'
+    #ip netns exec ${KNOWN_NODES[$X]} iptables -A OUTPUT -j LOG --log-prefix 
'** Known ${KNOWN_NODES[$X]}  **'
+    ip netns exec ${KNOWN_NODES[$X]} iptables -A OUTPUT -p icmp -j ACCEPT
+    ip netns exec ${KNOWN_NODES[$X]} iptables -A INPUT -p icmp -j ACCEPT
+    
 done
 
 declare -A NODES
@@ -61,18 +68,36 @@ for N in $(seq $GLOBAL_N); do
        netjail_node
        ROUTERS[$N]=$RESULT
        netjail_node_link_bridge ${ROUTERS[$N]} $NETWORK_NET "$GLOBAL_GROUP.$N" 
16
-       NETWORK_LINKS[$N]=$RESULT
+       ROUTER_EXT_IF[$N]=$RESULT
        netjail_bridge
        ROUTER_NETS[$N]=$RESULT
-       
+
+    #ip netns exec ${ROUTERS[$N]} iptables -A INPUT -j LOG --log-prefix '** 
Router ${ROUTERS[$N]}  **'
+    ip netns exec ${ROUTERS[$N]} iptables -A INPUT -p icmp -j ACCEPT
+    ip netns exec ${ROUTERS[$N]} iptables -t nat -A PREROUTING -p icmp -d 
$GLOBAL_GROUP.$N -j DNAT --to $LOCAL_GROUP.1
+    ip netns exec ${ROUTERS[$N]} iptables -A FORWARD -p icmp -d $LOCAL_GROUP.1 
 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
+    #ip netns exec ${ROUTERS[$N]} iptables -A OUTPUT -j LOG --log-prefix '** 
Router ${ROUTERS[$N]}  **'
+    ip netns exec ${ROUTERS[$N]} iptables -A OUTPUT -p icmp -j ACCEPT
+    
        for M in $(seq $LOCAL_M); do
                netjail_node
                NODES[$N,$M]=$RESULT
                netjail_node_link_bridge ${NODES[$N,$M]} ${ROUTER_NETS[$N]} 
"$LOCAL_GROUP.$M" 24
                NODE_LINKS[$N,$M]=$RESULT
+
+        #ip netns exec ${NODES[$N,$M]} iptables -A INPUT -j LOG --log-prefix 
'** Node ${NODES[$N,$M]}  **'
+        #ip netns exec ${NODES[$N,$M]} iptables -A OUTPUT -j LOG --log-prefix 
'** Node ${NODES[$N,$M]}  **'
+        ip netns exec ${NODES[$N,$M]} iptables -A OUTPUT -p icmp -j ACCEPT
+        ip netns exec ${NODES[$N,$M]} iptables -A INPUT -p icmp -j ACCEPT 
        done
 
        ROUTER_ADDR="$LOCAL_GROUP.$(($LOCAL_M+1))"
+
+    let X=$KNOWN+1
+    ip netns exec ${ROUTERS[$N]} ip route add "$KNOWN_GROUP.$X" dev 
${ROUTER_EXT_IF[$N]}
+    ip netns exec ${ROUTERS[$N]} ip route add default via "$KNOWN_GROUP.$X"
+
+    
        netjail_node_link_bridge ${ROUTERS[$N]} ${ROUTER_NETS[$N]} $ROUTER_ADDR 
24
        ROUTER_LINKS[$N]=$RESULT
        
@@ -135,3 +160,8 @@ for N in $(seq $GLOBAL_N); do
         ip netns exec ${ROUTERS[$N]} ./${R_SCRIPT[$N]} ${ROUTER_NETS[$N]} 1
     fi
 done
+
+# We like to have a node acting as a gateway for all router nodes. This is 
especially needed for sending fake ICMP packets.
+netjail_node
+GATEWAY=$RESULT
+netjail_node_link_bridge $GATEWAY $NETWORK_NET "$KNOWN_GROUP.$X" 16

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[gnunet] branch master updated (56b93c5ca -> 2652a92f5), gnunet, 2023/01/27
- [gnunet] 02/06: TNG: Added code in the netjail scripts to enable router nodes to forward icmp requests and response., gnunet <=
- [gnunet] 03/06: TNG: Added nat reversal code to tcp communicator. Prepared udp communicator., gnunet, 2023/01/27
- [gnunet] 01/06: TNG: - Added topology file for tcp icmp nat hole punching test case. - Added code to configure connection attempts to natted peers., gnunet, 2023/01/27
- [gnunet] 04/06: TNG: Fixed bug happening during check for pending validation requests after nat reversal., gnunet, 2023/01/27
- [gnunet] 05/06: TNG: Added tcp icmp nat hole punching test case script, and fixed bugs occuring during shutdown., gnunet, 2023/01/27
- [gnunet] 06/06: Merge branch 'master' of ssh://git.gnunet.org/gnunet, gnunet, 2023/01/27

Prev by Date: [taler-docs] branch master updated: add DD34
Next by Date: [gnunet] 03/06: TNG: Added nat reversal code to tcp communicator. Prepared udp communicator.
Previous by thread: [gnunet] branch master updated (56b93c5ca -> 2652a92f5)
Next by thread: [gnunet] 03/06: TNG: Added nat reversal code to tcp communicator. Prepared udp communicator.
Index(es):
- Date
- Thread