#
# * Outsource configuration to sourceable script fragment.
#
-# * Add config options to specify guest network and gw/bridge IP.
-# (Run dhclient to obtain bridge IP, if none was specified?)
-#
-# * Add config option(s) to specify name server(s).
+# * (Run dhclient to obtain bridge IP, if none was specified?)
#
# * Add config option to disable IP forwarding on stop?
#
set -x
-# It will open an xterm window in the new network namespace; if anything
-# else is required, change the statement below.
-
-export XTERM1=xterm
-
# The script will temporarily activate ip forwarding for you. If you
# do not wish to retain this feature, you will have to issue, at the
# end of this session, the command
###############################################################################
+###############################
+# Configuration variables
+
BASE_IF=vpn_tap1
+BASE_NET=192.168.30.0/24
+BR_NAME=br0
+BR_IP=192.168.30.3
+
+# List of nameservers to provide DNS in the new network namespace:
+NAMESRV="8.8.8.8 8.8.4.4"
+
+# Program to run in the new network namespace:
+XTERM1=xterm
+
+# Virtual Ethernet to connect new network namespace to default namespace:
VETH_HOST=veth_host
VETH_GUEST=veth_guest
-export WHEREIS=/usr/bin/whereis
-
-# First of all, check that the script is run by root:
+#
+###############################
-[ "root" != "$USER" ] && exec sudo -E $0 "$@"
+SHORTNAME=${0##*/}
-if [ $# != 2 ]; then
- echo "Usage $0 name action"
+if [ $# -lt 2 ]; then
+ echo "Usage $SHORTNAME name action"
echo "where name is the network namespace name,"
echo " and action is one of start| stop| reload."
exit 1
fi
-# Do we have all it takes?
-
-IERROR1=0
-IERROR2=0
-IERROR3=0
-
-export IP=$($WHEREIS -b ip | /usr/bin/awk '{print $2}')
-export IPTABLES=$($WHEREIS -b iptables | /usr/bin/awk '{print $2}')
-export XTERM=$($WHEREIS -b $XTERM1 | /usr/bin/awk '{print $2}')
+# Become root if not already:
+[ "root" != "$USER" ] && exec sudo -E $0 "$@"
-if [ "x$IP" = "x" ] ; then
+# Locate essential commands:
+IP=$(command -v ip)
+if [ -z $IP ] ; then
echo "please install the iproute2 package"
- IERROR1=1
+ exit 1
fi
-
-if [ "x$IPTABLES" = "x" ] ; then
+IPTABLES=$(command -v iptables)
+if [ -z $IPTABLES ] ; then
echo "please install the iptables package"
- IERROR2=1
-fi
-
-if [ "x$XTERM" = "x" ] ; then
- echo "please install the xterm package"
- IERROR3=1
+ exit 1
fi
-
-if [[ $IERROR1 == 0 && $IERROR2 == 0 && $IERROR3 == 0 ]]
-then
- :
-else
+XTERM=$(command -v $XTERM1)
+if [ -z $XTERM ] ; then
+ echo "please install the $XTERM1 package"
exit 1
fi
prelim() {
-
# Perform some preliminary setup. First, clear the proposed
# namespace name of blank characters; then create a directory
# for logging info, and a pid file in it; lastly, enable IPv4
}
-start_nns() {
-
-# Check whether a namespace with the same name already exists.
-
+# Check whether a namespace with given name exists:
+exist_nns() {
$IP netns list | /bin/grep $1 2> /dev/null
- if [ $? == 0 ]; then
+}
+
+# Create and configure a new network namespace:
+start_nns() {
+ if exist_nns $1 ; then
echo "Network namespace $1 already exists,"
- echo "please choose another name"
+ echo "please choose another name."
exit 1
fi
-# Here we take care of DNS
-
+ # Take care of DNS:
/bin/mkdir -p /etc/netns/$1
- echo "nameserver 8.8.8.8" > /etc/netns/$1/resolv.conf
- echo "nameserver 8.8.4.4" >> /etc/netns/$1/resolv.conf
-
-# The following creates the new namespace, and the veth interface
+ /bin/rm /etc/netns/$1/resolv.conf 2> /dev/null
+ for NS in $NAMESRV ; do
+ echo "nameserver $NS" >> /etc/netns/$1/resolv.conf
+ done
+ # Create the new namespace, the veth interface and the bridge:
$IP netns add $1
- ip link add $VETH_HOST type veth peer name $VETH_GUEST
- brctl addbr br0
- brctl addif br0 $BASE_IF
- brctl addif br0 $VETH_HOST
+ $IP link add $VETH_HOST type veth peer name $VETH_GUEST
+ brctl addbr $BR_NAME
+ brctl addif $BR_NAME $BASE_IF
+ brctl addif $BR_NAME $VETH_HOST
ifconfig $VETH_HOST up
- ifconfig br0 192.168.30.3 up
+ ifconfig $BR_NAME $BR_IP up
+
# This assigns the macvlan interface, mac$1, to the new
# namespace, asks for an IP address via a call to dhclient,
# brings up this and the (essential) lo interface,
# creates a new terminal in the new namespace and
# stores its pid for the purpose of tearing it cleanly, later.
-# $IP link set mac$1 netns $1
$IP link set $VETH_GUEST netns $1
-# $IP netns exec $1 /sbin/dhclient -pf /var/run/dhclient_$1.pid -v mac$1 1> /dev/null 2>&1
$IP netns exec $1 /sbin/dhclient -pf /var/run/dhclient_$1.pid -v $VETH_GUEST 1> /dev/null 2>&1
$IP netns exec $1 $IP link set dev lo up
$IP netns exec $1 su -p -c $XTERM $SUDO_USER &
$IP netns exec $1 echo "$!" > $PID
- iptables -t nat -A POSTROUTING --source 192.168.30.0/24 --jump MASQUERADE
- $IP netns exec $1 /sbin/route add default gw 192.168.30.3
+ $IPTABLES -t nat -A POSTROUTING --source $BASE_NET --jump MASQUERADE
+ $IP netns exec $1 /sbin/route add default gw $BR_IP
}
stop_nns() {
-
-# Check that the namespace to be torn down really exists
-
- $IP netns list | /bin/grep $1 2>&1 1> /dev/null
- if [ ! $? == 0 ]; then
+ if ! exist_nns $1 ; then
echo "Network namespace $1 does not exist,"
echo "please choose another name"
exit 1
/bin/rm $PID
/bin/rmdir $OUTDIR
- ifconfig br0 down
- brctl delif br0 $BASE_IF
- brctl delif br0 $VETH_HOST
- brctl delbr br0
+ ifconfig $BR_NAME down
+ brctl delif $BR_NAME $BASE_IF
+ brctl delif $BR_NAME $VETH_HOST
+ brctl delbr $BR_NAME
$IP netns exec $1 $IP link del $VETH_GUEST
$IP netns del $1
$IP link del $VETH_HOST
- iptables -t nat -D POSTROUTING --source 192.168.30.0/24 --jump MASQUERADE
+ $IPTABLES -t nat -D POSTROUTING --source $BASE_NET --jump MASQUERADE
# This deletes the file and direcotory connected with the DNSes.
prelim "$1"
stop_nns $NNSNAME
;;
- reload)
+ reload|restart)
prelim "$1"
stop_nns $NNSNAME
prelim "$1"
start_nns $NNSNAME
;;
+ run)
+ echo "TO-DO: implement '$SHORTNAME run <command>' action."
+ ;;
*)
-# This removes the absolute path from the command name
- NAME1=$0
- NAMESHORT=${NAME1##*/}
- echo "Usage:" $NAMESHORT "name action,"
+ echo "Usage: $SHORTNAME name action,"
echo "where name is the name of the network namespace,"
echo "and action is one of start|stop|reload"
;;
projects / netutil.git / commitdiff