Last active
February 3, 2018 23:45
-
-
Save bremac/9755001 to your computer and use it in GitHub Desktop.
Captive demonstration network for IPSec using Linux network namespaces.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # USAGE: | |
| # captive-network <setup|pingall|xterms|restart|teardown> | |
| # | |
| # captive-network setup create the topology | |
| # captive-network pingall check connectivity between nodes | |
| # captive-network xterms launch one terminal per node | |
| # captive-network restart delete and recreate the topology | |
| # captive-network teardown delete the topology | |
| hosts="m1a m2a m3a m1b m2b m3b" | |
| confdir=/home/bremac/coursework/sysc4502/lab-4 | |
| setup() { | |
| # Make sure that hosts will forward traffic to connected hosts | |
| echo 1 > /proc/sys/net/ipv4/ip_forward | |
| echo -n 'setting up hosts: ' | |
| for host in $hosts; do | |
| echo -n "$host " | |
| ip netns add $host | |
| ip netns exec $host ip link set dev lo up | |
| done | |
| echo | |
| echo -n 'setting up links: ' | |
| echo -n 'm1a-m2a ' | |
| ip link add m1a-m2a type veth peer name m2a-m1a | |
| ip link set m1a-m2a netns m1a | |
| ip netns exec m1a ip addr add 10.0.1.2/24 dev m1a-m2a | |
| ip netns exec m1a ip link set dev m1a-m2a up | |
| ip link set m2a-m1a netns m2a | |
| ip netns exec m2a ip addr add 10.0.1.1/24 dev m2a-m1a | |
| ip netns exec m2a ip link set dev m2a-m1a up | |
| echo -n 'm3a-m2a ' | |
| ip link add m3a-m2a type veth peer name m2a-m3a | |
| ip link set m3a-m2a netns m3a | |
| ip netns exec m3a ip addr add 10.0.2.2/24 dev m3a-m2a | |
| ip netns exec m3a ip link set dev m3a-m2a up | |
| ip link set m2a-m3a netns m2a | |
| ip netns exec m2a ip addr add 10.0.2.1/24 dev m2a-m3a | |
| ip netns exec m2a ip link set dev m2a-m3a up | |
| echo -n 'm1b-m2b ' | |
| ip link add m1b-m2b type veth peer name m2b-m1b | |
| ip link set m1b-m2b netns m1b | |
| ip netns exec m1b ip addr add 10.1.3.2/24 dev m1b-m2b | |
| ip netns exec m1b ip link set m1b-m2b up | |
| ip link set m2b-m1b netns m2b | |
| ip netns exec m2b ip addr add 10.1.3.1/24 dev m2b-m1b | |
| ip netns exec m2b ip link set m2b-m1b up | |
| echo -n 'm3b-m2b ' | |
| ip link add m3b-m2b type veth peer name m2b-m3b | |
| ip link set m3b-m2b netns m3b | |
| ip netns exec m3b ip addr add 10.1.4.2/24 dev m3b-m2b | |
| ip netns exec m3b ip link set m3b-m2b up | |
| ip link set m2b-m3b netns m2b | |
| ip netns exec m2b ip addr add 10.1.4.1/24 dev m2b-m3b | |
| ip netns exec m2b ip link set m2b-m3b up | |
| echo -n 'm2a-m2b ' | |
| ip link add m2a-m2b type veth peer name m2b-m2a | |
| ip link set m2a-m2b netns m2a | |
| ip netns exec m2a ip addr add 10.0.5.1/24 dev m2a-m2b | |
| ip netns exec m2a ip link set m2a-m2b up | |
| ip link set m2b-m2a netns m2b | |
| ip netns exec m2b ip addr add 10.1.5.1/24 dev m2b-m2a | |
| ip netns exec m2b ip link set m2b-m2a up | |
| echo '' | |
| echo -n 'configuring static routes ... ' | |
| ip netns exec m1a ip route add default via 10.0.1.1 | |
| ip netns exec m3a ip route add default via 10.0.2.1 | |
| ip netns exec m1b ip route add default via 10.1.3.1 | |
| ip netns exec m3b ip route add default via 10.1.4.1 | |
| ip netns exec m2a ip route add 10.0.1.2 dev m2a-m1a | |
| ip netns exec m2a ip route add 10.0.2.2 dev m2a-m3a | |
| ip netns exec m2a ip route add 10.1.5.1 dev m2a-m2b | |
| ip netns exec m2a ip route add 10.1.0.0/16 via 10.1.5.1 | |
| ip netns exec m2b ip route add 10.1.3.2 dev m2b-m1b | |
| ip netns exec m2b ip route add 10.1.4.2 dev m2b-m3b | |
| ip netns exec m2b ip route add 10.0.5.1 dev m2b-m2a | |
| ip netns exec m2b ip route add 10.0.0.0/16 via 10.0.5.1 | |
| echo 'ok' | |
| } | |
| tunnel() { | |
| echo -n 'setting up ipsec tunnel: ' | |
| ip netns exec m2a setkey -r -f $confdir/setkey-m2a.conf | |
| ip netns exec m2b setkey -r -f $confdir/setkey-m2b.conf | |
| echo 'ok' | |
| } | |
| pingall() { | |
| ips="10.0.1.2 10.0.2.2 10.1.3.2 10.1.4.2 10.0.5.1 10.1.5.1" | |
| echo 'pinging all hosts ...' | |
| for host in $hosts; do | |
| echo "$host: " | |
| for ip in $ips; do | |
| if ip netns exec $host ping -c 1 -W 1 $ip &> /dev/null; then | |
| echo " $ip: pass" | |
| else | |
| echo " $ip: fail" | |
| fi | |
| done | |
| done | |
| } | |
| interfaces() { | |
| host=$1 | |
| ip netns exec $host ip addr show | awk '/inet [0-9.]+\/[0-9]+/ { print $5 ": " $2 }' | |
| } | |
| shell() { | |
| host=$1 | |
| ip netns exec $host env PS1="$host$ " /bin/bash --norc -i | |
| } | |
| xterms() { | |
| echo -n 'starting terminals ... ' | |
| for host in $hosts; do | |
| ip netns exec $host xterm -T $host -e 'env TERM=ansi bash' & | |
| done | |
| echo 'ok' | |
| } | |
| teardown() { | |
| echo -n 'tearing down hosts: ' | |
| for host in $hosts; do | |
| echo -n "$host " | |
| ip netns del $host | |
| done | |
| echo | |
| } | |
| case $1 in | |
| fulltest) | |
| teardown &> /dev/null | |
| setup | |
| tunnel | |
| pingall | |
| ;; | |
| interfaces) | |
| shift | |
| interfaces $* | |
| ;; | |
| pingall) | |
| pingall | |
| ;; | |
| restart) | |
| teardown | |
| setup | |
| ;; | |
| setup) | |
| setup | |
| ;; | |
| shell) | |
| shift | |
| shell $* | |
| ;; | |
| teardown) | |
| teardown | |
| ;; | |
| tunnel) | |
| tunnel | |
| ;; | |
| xterms) | |
| xterms | |
| ;; | |
| esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Here's a diagram of the network topology: