#!/usr/bin/env bash if [[ $EUID -ne 0 ]]; then echo "This script must be run as root." exit 1 fi # We are here dir=$(dirname $(realpath $0)) # Wrap into a tmux shell if it not already the case tmux rename-session babel 2> /dev/null res=$? if ! [[ "$res" == 0 ]]; then exec tmux new-session $0 exit 0 fi tmux rename-window host function reset() { echo "Reset previous configuration..." pkill -e vde_plug pkill -e babeld rm -rv /tmp/switch* /tmp/ns* ip route delete 172.17.0.0/16 ip -6 route delete 2a0c:700:3012:3::1:0/112 ip -6 route delete 2a0c:700:3012:3::2:0/112 nft flush ruleset } reset echo "Setup switches..." vde_plug --daemon switch:///tmp/ext null:// vde_plug --daemon switch:///tmp/switch1 null:// vde_plug --daemon switch:///tmp/switch2 null:// # Connect to the exterior sudo vde_plug --daemon vde:///tmp/ext tap://vde0 sudo ip link set dev vde0 up sudo ip address add 10.2.1.1/30 dev vde0 sudo ip address add 2a0c:700:3012:3::ff:0/127 dev vde0 # Setup NAT nft -f $dir/firewall/nat.conf for i in 1 2 3 4; do echo "Creating new namespace..." mkdir -p /tmp/ns$i/log tmux new-window -n ns$i "unshare --user --map-root-user --net --mount" tmux select-window -t host sleep 1 echo "Configure ns$i..." tmux send-keys -t ns$i "echo \$\$ > /tmp/ns$i/pid" Enter if [[ $i -eq 1 ]]; then tmux send-keys -t ns$i "vde_plug --daemon vde:///tmp/ext tap://vde0" Enter sleep 0.3 tmux send-keys -t ns$i "ip link set vde0 up" Enter tmux send-keys -t ns$i "ip address add 10.2.1.2/30 dev vde0" Enter tmux send-keys -t ns$i "ip address add 2a0c:700:3012:3::ff:1/127 dev vde0" Enter tmux send-keys -t ns$i "ip route add 0.0.0.0/1 via 10.2.1.1 dev vde0 proto kernel" Enter tmux send-keys -t ns$i "ip route add 128.0.0.0/1 via 10.2.1.1 dev vde0 proto kernel" Enter tmux send-keys -t ns$i "ip -6 route add 2000::/4 via 2a0c:700:3012:3::ff:0 dev vde0 proto kernel" Enter tmux send-keys -t ns$i "echo \"interface vde0 type wired\" >> /tmp/ns$i/babeld.conf" Enter tmux send-keys -t ns$i "echo \"redistribute metric 256\" >> /tmp/ns$i/babeld.conf" Enter fi tmux send-keys -t ns$i "mount --bind /tmp/ns$i/log /var/log" Enter done echo "Enable links..." # Switch 1: NS 1, 2, 3 for i in 1 2 3; do tmux send-keys -t ns$i "vde_plug --daemon vde:///tmp/switch1 tap://vde1" Enter sleep 0.3 tmux send-keys -t ns$i "ip link set vde1 up" Enter tmux send-keys -t ns$i "ip address add 172.17.1.$i/32 dev vde1" Enter tmux send-keys -t ns$i "ip address add 2a0c:700:3012:3::1:$i/128 dev vde1" Enter tmux send-keys -t ns$i "echo \"interface vde1 type wired\" >> /tmp/ns$i/babeld.conf" Enter done # Switch 2: NS 2, 3, 4 for i in 2 3 4; do tmux send-keys -t ns$i "vde_plug --daemon vde:///tmp/switch2 tap://vde2" Enter sleep 0.3 tmux send-keys -t ns$i "ip link set vde2 up" Enter tmux send-keys -t ns$i "ip address add 172.17.2.$i/32 dev vde2" Enter tmux send-keys -t ns$i "ip address add 2a0c:700:3012:3::2:$i/128 dev vde2" Enter tmux send-keys -t ns$i "echo \"interface vde2 type wired\" >> /tmp/ns$i/babeld.conf" Enter done ip route add 172.17.0.0/16 via 10.2.1.2 ip -6 route add 2a0c:700:3012:3::1:0/112 via 2a0c:700:3012:3::ff:1 ip -6 route add 2a0c:700:3012:3::2:0/112 via 2a0c:700:3012:3::ff:1 for i in 1 2 3 4; do tmux send-keys -t ns$i "touch /etc/babeld.conf && mount --bind /tmp/ns$i/babeld.conf /etc/babeld.conf" Enter tmux send-keys -t ns$i "babeld -D -I /tmp/ns$i/babeld.pid -G /tmp/ns$i/socket -S /tmp/ns1/state" Enter done for i in 2 3; do tmux send-keys -t ns$i "nft -f $dir/firewall/restrict-http.conf" Enter done bash reset tmux kill-session