1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
|
#!/bin/sh
#
# Copyright (c) 2010, Yavuz Gokirmak
#
# All rights reserved.
#
# This source code may be used, modified, copied, distributed, and
# sold, in both source and binary form provided that the above
# copyright and these terms are retained, verbatim, as the first
# lines of this file. Under no circumstances is the author
# responsible for the proper functioning of the software nor does
# the author assume any responsibility for damages incurred with
# its use.
#
# $FreeBSD$
#
# This script creates and connects n router like nodes. Complex wide
# area topologies can be created with the help of script.
#
# Virtual nodes are generated via jails and network connections are
# established using ng_eiface(4) node types.
#
# To use this script:
#
# 0. Make your own copy of this example script.
#
# 1. Edit the definition of ${TARGET_TOPOLOGY} to define your virtual
# nodes. Virtual topology definition includes node names and their
# IP address. Target top. syntax: ( name|ip<->name|ip ... )
# Example 1: ( n1|10.0.2.1/30<->n2|10.0.2.2/30 ...)
# Example 2: ( n1|2001:b90::14a/125<->n1|2001:b90::14b/125 ...)
#
# 2. Run this script with "start" as the command line argument.
#
# 3. Add necessary static route commands for each virtual node. For
# example assume you have three virtual nodes connected each other
# like a chain (n1 is connected to n2, n2 is connected to n3).
# In order to establish connectivity among these virtual nodes,
# you have to add default routes to node n1 and node n3. Example
# static route command is:
# STATIC_ROUTE0="jexec n1 route add -inet default 10.0.2.2"
# STATIC_ROUTE1="jexec n3 route add -inet default 10.0.2.5"
# After defining default routes with above format you have to set
# the total number of static route commands as:
# STATIC_ROUTE_CNT=2
#
# 4. Stop bridging by running this script with "stop" as the
# command line argument.
#
# 5. This script uses a template file in order to carry information
# between start and stop calls.
# In the start call, the netgraph interfaces and jails are created.
# At the stop phase, all created objects should be removed.
# DO NOT delete the temporary file between the start and stop phases.
#
# Target Topology:
#
# +---------------+ +---------------------------------------------+
# | n1 (vimage) | | n2 (vimage) |
# | | | |
# | +-----------+ | | +-----------+ +-----------+ +-----------+ |
# | | ngeth0 | | | | ngeth1 | | ngeth2 | | ngeth4 | |
# | |(ng_eiface)| | | |(ng_eiface)| |(ng_eiface)| |(ng_eiface)| |
# | +--+-----+--+ | | +--+-----+--+ +--+-----+--+ +--+-----+--+ |
# | |ether| | | |ether| |ether| |ether| |
# | +-X---+ | | +--X--+ +--X--+ +--X--+ |
# +-------X-------+ +------X--------------X---------------X-------+
# X X X X
# X X X X
# XXXXXXXXXXXXXXX X X
# X X
# +--------X------+ +--------X------+
# | -+--X--+- | | -+--X--+- |
# | |ether| | | |ether| |
# | +--+-----+--+ | | +--+-----+--+ |
# | | ngeth3 | | | | ngeth5 | |
# | |(ng_eiface)| | | |(ng_eiface)| |
# | +-----------+ | | +-----------+ |
# | | | |
# | n3 (vimage) | | n4 (vimage) |
# +---------------+ +---------------+
#
#
#
# List the names of virtual nodes and their IP addresses. Use ':'
# character to separate node name from node IP address and netmask.
TARGET_TOPOLOGY="n1|10.0.2.1/30<->n2|10.0.2.2/30 n2|10.0.2.5/30<->n3|10.0.2.6/30 n2|10.0.2.9/30<->n4|10.0.2.10/30"
STATIC_ROUTE0="jexec n1 route add -inet default 10.0.2.2"
STATIC_ROUTE1="jexec n3 route add -inet default 10.0.2.5"
STATIC_ROUTE2="jexec n4 route add -inet default 10.0.2.9"
STATIC_ROUTE_CNT=3
# MAC manufacturer prefix. This can be modified according to needs.
MAC_PREFIX="00:1d:92"
# Temporary file is important for proper execution of script.
TEMP_FILE="/var/tmp/.virtual.chain.tmp"
# Set root directory for jails to be created.
JAIL_PATH="/usr/jails/router"
####################################################################
#### Nothing below this point should need to be modified. ####
####################################################################
# Start/restart routine.
virtual_chain_start() {
# Load netgraph KLD's as necessary.
for KLD in ng_ether ng_bridge ng_eiface; do
if ! kldstat -v | grep -qw ${KLD}; then
echo -n "Loading ${KLD}.ko... "
kldload ${KLD} || exit 1
echo "done"
fi
done
# Reset all interfaces and jails. If temporary file can not be found
# script assumes that there is no previous configuration.
if [ ! -e ${TEMP_FILE} ]; then
echo "No previous configuration(${TEMP_FILE}) found to clean-up."
else
echo -n "Cleaning previous configuration..."
virtual_chain_stop
echo "done"
fi
# Create temporary file for usage. This file includes generated
# interface names and jail names. All bridges, interfaces and jails
# are written to file while created. In clean-up process written
# objects are cleaned (i.e. removed) from system.
if [ -e ${TEMP_FILE} ]; then
touch ${TEMP_FILE}
fi
# Attach other interfaces as well.
for CONNECTION in ${TARGET_TOPOLOGY}; do
# Virtual connections are defined in TARGET_TOPOLOGY variable.
# They have the form of 'nodeName|IPaddr'. Below two lines split
PEER1=`echo ${CONNECTION} | awk -F"<->" '{print $1}'`
PEER1_NAME=`echo ${PEER1} | awk -F"|" '{print $1}'`
PEER1_IP=`echo ${PEER1} | awk -F"|" '{print $2}'`
PEER2=`echo ${CONNECTION} | awk -F"<->" '{print $2}'`
PEER2_NAME=`echo ${PEER2} | awk -F"|" '{print $1}'`
PEER2_IP=`echo ${PEER2} | awk -F"|" '{print $2}'`
# !!! if not created already..
# Create virtual node (jail) with given name and using
# JAIL_PATH as root directory for jail.
virtual_chain_create_peer_if_necessary ${PEER1_NAME}
virtual_chain_create_peer_if_necessary ${PEER2_NAME}
# create an interface for peer with the given peer IP. Get interface
# for future use; you will connect this interface to the other
# peers' (PEER2) interface.
virtual_chain_create_interface_with_ip ${PEER1_NAME} ${PEER1_IP}
PEER1_INTERFACE=${RET_INTERFACE}
# create an interface for peer with the given peer IP. Get interface
# for future use; you will connect this interface to the other
# peers' (PEER2) interface.
virtual_chain_create_interface_with_ip ${PEER2_NAME} ${PEER2_IP}
PEER2_INTERFACE=${RET_INTERFACE}
# Connect virtual interface to other interface. Syntax is :
# ngctl connect INTERFACE1: INTERFACE2: ether ether.
echo -n "Connecting ${PEER1_INTERFACE}:ether to ${PEER2_INTERFACE}:ether..."
ngctl connect ${PEER1_INTERFACE}: ${PEER2_INTERFACE}: ether ether \
|| exit 1
echo "done"
done
# Executes static route add commands.
i=0
while [ $i != $STATIC_ROUTE_CNT ]; do
eval ROUTE=\${STATIC_ROUTE${i}}
ret=`${ROUTE}`
i=`expr $i + 1`
done
echo "Virtual WAN established successfully!"
}
virtual_chain_create_interface_with_ip() {
NODE_NAME=$1
NODE_IP=$2
# Create a ng_eiface object for virtual node. ng_eiface
# object has a hook that can be connected to one of bridge
# links. After creating interface get its automatically
# generated name for further usage.
echo "Creating eiface interface for virtual node ${NODE_NAME}."
ngctl mkpeer eiface ether ether
EIFACE=`ngctl l | grep ngeth | tail -n 1| awk '{print $2}'`
echo "Interface ${EIFACE} is created."
# Write name of the interface to temp file. Clean-up procedure
# will use this name to shutdown interface.
echo "interface ${EIFACE}" >> ${TEMP_FILE}
# Move virtual interface to virtual node. Note that Interface
# name will not be changed at the end of this movement. Moved
# interface can be seen at the output of ifconfig command in
# jail: 'jexec jailname ifconfig'
echo "Moving ${EIFACE} to ${NODE_NAME}"
ifconfig ${EIFACE} vnet ${NODE_NAME}
# Make lo0 interface localhost.
jexec ${NODE_NAME} ifconfig lo0 localhost
# Generate a random mac address for virtual interface. First
# three octets can be changed by user. Last three octets are
# generated randomly.
M4=`od -An -N2 -i /dev/random | sed -e 's/ //g' | \
awk '{ print $1 % 256 }'`
M5=`od -An -N2 -i /dev/random | sed -e 's/ //g' | \
awk '{ print $1 % 256 }'`
M6=`od -An -N2 -i /dev/random | sed -e 's/ //g' | \
awk '{ print $1 % 256 }'`
MAC=`printf ${MAC_PREFIX}:%02x:%02x:%02x ${M4} ${M5} ${M6}`
# Set the link address (mac address) of virtual interface in
# virtual node to randomly generated MAC.
echo "Setting MAC address of ${EIFACE} to '${MAC}'"
jexec ${NODE_NAME} ifconfig ${EIFACE} link $MAC
# Either IPv4 or IPv6 can be used in this script. Ifconfig
# IP setting syntax differs slightly for two IP versions.
# For version 4 'inet' keyword is used whereas for version 6
# 'inet6' is used. Below line tries to decide which IP version
# is given and sets IPVER to 'inet' or 'inet6'.
IPVER=`echo ${NODE_IP} | awk -F"." '{ split($4,last,"/"); \
if( NF==4 && $1>0 && $1<256 && $2<256 && $3<256 && \
last[1]<256) print "inet"; else print "inet6"}'`
# Set IP address of virtual interface in virtual node.
echo "Setting IP address of ${EIFACE} to '${NODE_IP}'"
jexec ${NODE_NAME} ifconfig ${EIFACE} ${IPVER} ${NODE_IP}
RET_INTERFACE=${EIFACE}
}
virtual_chain_create_peer_if_necessary() {
if ! grep -q $1 ${TEMP_FILE} ; then
echo -n "Creating virtual node (jail) ${1}..."
jail -c vnet name=${1} host.hostname=${1} \
path=${JAIL_PATH} persist
jexec ${1} sysctl -w net.inet.ip.forwarding=1
jexec ${1} sysctl -w net.inet6.ip6.forwarding=1
echo "done"
# Write name of the jail to temp file. Clean-up
# procedure will use this name to remove jail.
echo "node ${1}" >> ${TEMP_FILE}
fi
}
# Stop routine.
virtual_chain_stop() {
if [ ! -e ${TEMP_FILE} ]; then
echo "Nothing to stop! ${TEMP_FILE}: temp file not found"
else
echo -n "Shutdown bridge interface.."
OBJECTS=`cat ${TEMP_FILE} | grep bridge | awk '{print $2}'`
for BRIDGE in ${OBJECTS}; do
ngctl shutdown ${BRIDGE}: >/dev/null 2>&1
done
echo "done"
echo -n "Shutdown all eiface interfaces..."
OBJECTS=`cat ${TEMP_FILE} | grep interface | awk '{print $2}'`
for INTERFACE in ${OBJECTS}; do
ngctl shutdown ${INTERFACE}: >/dev/null 2>&1
done
echo "done"
echo -n "Removing all jails..."
OBJECTS=`cat ${TEMP_FILE} | grep node | awk '{print $2}'`
for NODE in ${OBJECTS}; do
jail -r ${NODE}
done
echo "done"
echo "Removing tempfile ${TEMP_FILE}"
rm ${TEMP_FILE}
fi
echo "Virtual LAN objects removed successfully!"
}
virtual_chain_usage() {
echo "usage: $0 start [target_topology]"
echo " : $0 [ stop | help ]"
}
# Main entry point.
case $# in
1)
case $1 in
start)
echo -n "Creating default target topology:"
echo " ${TARGET_TOPOLOGY}"
virtual_chain_start
;;
stop)
if [ ! -e ${TEMP_FILE} ]; then
echo -n "Noting to stop! ${TEMP_FILE}:"
echo " temp file not found"
else
virtual_chain_stop
fi
;;
help)
virtual_chain_usage
exit 1
;;
*)
virtual_chain_usage
exit 1
esac
;;
2)
case $1 in
start)
TARGET_TOPOLOGY=$2
echo -n "Creating target topology:"
echo "${TARGET_TOPOLOGY}"
virtual_chain_start
;;
*)
virtual_chain_usage
exit 1
esac
;;
*)
virtual_chain_usage
exit 1
esac
|
