1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
|
#!/bin/sh
#
# Copyright (c) 2010, Yavuz Gokirmak
#
# All rights reserved.
#
# This source code may be used, modified, copied, distributed, and
# sold, in both source and binary form provided that the above
# copyright and these terms are retained, verbatim, as the first
# lines of this file. Under no circumstances is the author
# responsible for the proper functioning of the software nor does
# the author assume any responsibility for damages incurred with
# its use.
#
# $FreeBSD$
#
# This script adds virtual nodes to one of the physical interfaces
# visible on your local area network (LAN). Virtual nodes seems real
# to external observers.
# If traceroute is executed to one of virtual nodes, the IP
# address of the physical interface will not be seen in the output.
# Virtual nodes are generated via jails and network connections are
# established using ng_bridge(4) and ng_eiface(4) node types.
#
# To use this script:
#
# 0. Make your own copy of this example script.
#
# 1. Edit the definition of ${ETHER_INTF} as described below
# to define your real interface connected to the LAN. Virtual nodes
# will placed on the same physical network as this interface.
#
# 2. Edit the definition of ${TARGET_TOPOLOGY} to define your virtual
# nodes. Virtual topology definition includes node names and their
# IP address. Target top. syntax: ( node1|ip1/24 node2|ip2/24 ... )
# Example 1: ( n1|122.122.122.12/24, n2|122.122.122.13/24 ...)
# Example 2: ( n1|2001:b90::14a/125, n1|2001:b90::14b/125 ...)
#
# 3. Run this script with "start" as the command line argument.
#
# 4. Stop bridging by running this script with "stop" as the
# command line argument.
#
# 5. This script uses a template file in order to carry information
# between start and stop calls.
# In the start call, the netgraph interfaces and jails are created.
# At the stop phase, all created objects should be removed.
# DO NOT delete the temporary file between the start and stop phases.
#
# To add virtual nodes for multiple independent LANs, create multiple
# copies of this script with different variable definitions.
#
# Target Topology:
#
#
# +---------------+ +---------------+ +---------------+
# | n0 (vimage) | | n1 (vimage) | | nk (vimage) |
# | | | | | |
# | +-----------+ | | +-----------+ | | +-----------+ |
# | | ngeth0 | | | | ngeth1 | | | | ngethk | |
# | |(ng_eiface)| | | |(ng_eiface)| | | |(ng_eiface)| |
# | +--+-----+--+ | | +--+-----+--+ | | +--+-----+--+ |
# | |ether| | | |ether| | | |ether| |
# | +--X--+ | | +--X--+ | | +---X-+ |
# +-----+ +--------\------+ +--------\------+ +-------/-------+
# |upper|----\ \ip_addr \ip_addr /ip_addr
# +-+-----+--+ \ \ \ \
# | em0 | \ +--------+ +-+ \
# |(ng_ether)| +-----------+ \ \ \
# +-+-----+--+ \ \ / \
# |lower| +---------\ \ \ / /
# +--X--+ / O--X--O O-X---O O---X-O O--X--O O---X---O
# \ | |link0| |link1| |link2| |link3| |linkk+2|
# \ / +-O-----O-O-----O-O-----O-O-----O-----O-------O-+
# +---+ | |
# | bridge (ng_bridge) |
# +-----------------------------------------------+
#
#
# Give the name of ethernet interface. Virtual nodes will be seen as
# local neighbours of this interface.
ETHER_INTF="em0"
# List the names of virtual nodes and their IP addresses. Use ':'
# character to separate node name from node IP address and netmask.
TARGET_TOPOLOGY="c1|10.0.2.20/24 c2|10.0.2.21/24 c3|10.0.2.22/24"
# MAC manufacturer prefix. This can be modified according to needs.
MAC_PREFIX="00:1d:92"
# Temporary file is important for proper execution of script.
TEMP_FILE="/var/tmp/.virtual.lan.tmp"
# Set root directory for jails to be created.
JAIL_PATH="/usr/jails/node"
####################################################################
#### Nothing below this point should need to be modified. ####
####################################################################
# Start/restart routine.
virtual_lan_start() {
# Load netgraph KLD's as necessary.
for KLD in ng_ether ng_bridge ng_eiface; do
if ! kldstat -v | grep -qw ${KLD}; then
echo -n "Loading ${KLD}.ko... "
kldload ${KLD} || exit 1
echo "done"
fi
done
# Reset all interfaces and jails. If temporary file can not be found
# script assumes that there is no previous configuration.
if [ ! -e ${TEMP_FILE} ]; then
echo "No previous configuration(${TEMP_FILE}) found to clean-up."
else
echo -n "Cleaning previous configuration..."
virtual_lan_stop
echo "done"
fi
# Create temporary file for usage. This file includes generated
# interface names and jail names. All bridges, interfaces and jails
# are written to file while created. In clean-up process written
# objects are cleaned (i.e. removed) from system.
if [ -e ${TEMP_FILE} ]; then
touch ${TEMP_FILE}
fi
echo -n "Verifying ethernet interface existence..."
# Verify ethernet interface exist.
if ! ngctl info ${ETHER_INTF}: >/dev/null 2>&1; then
echo "Error: interface ${ETHER_INTF} does not exist"
exit 1
fi
ifconfig ${ETHER_INTF} up || exit 1
echo "done"
# Get current number of bridge interfaces in the system. This number
# is used to create a name for new bridge.
BRIDGE_COUNT=`ngctl l | grep bridge | wc -l | sed -e "s/ //g"`
BRIDGE_NAME="bridge${BRIDGE_COUNT}"
# Create new ng_bridge(4) node and attach it to the ethernet interface.
# Connect ng_ether:lower hook to bridge:link0 when creating bridge and
# connect ng_ether:upper hook to bridge:link1 after bridge name is set.
echo "Creating bridge interface: ${BRIDGE_NAME}..."
ngctl mkpeer ${ETHER_INTF}: bridge lower link0 || exit 1
ngctl name ${ETHER_INTF}:lower ${BRIDGE_NAME} || exit 1
ngctl connect ${ETHER_INTF}: ${BRIDGE_NAME}: upper link1 || exit 1
echo "Bridge ${BRIDGE_NAME} is created and ${ETHER_INTF} is connected."
# In the above code block two hooks are connected to bridge interface,
# therefore LINKNUM is set to 2 indicating total number of connected
# hooks on the bridge interface.
LINKNUM=2
# Write name of the bridge to temp file. Clean-up procedure will use
# this name to shutdown bridge interface.
echo "bridge ${BRIDGE_NAME}" > ${TEMP_FILE}
# Attach other interfaces as well.
for NODE in ${TARGET_TOPOLOGY}; do
# Virtual nodes are defined in TARGET_TOPOLOGY variable. They
# have the form of 'nodeName|IPaddr'. Below two lines split
# node definition to get node name and node IP.
NODE_NAME=`echo ${NODE} | awk -F"|" '{print $1}'`
NODE_IP=`echo ${NODE} | awk -F"|" '{print $2}'`
# Create virtual node (jail) with given name and using
# JAIL_PATH as root directory for jail.
echo -n "Creating virtual node (jail) ${NODE_NAME}..."
jail -c vnet name=${NODE_NAME} host.hostname=${NODE_NAME} \
path=${JAIL_PATH} persist
echo "done"
# Write name of the jail to temp file. Clean-up procedure will
# use this name to remove jail.
echo "node ${NODE_NAME}" >> ${TEMP_FILE}
# Create a ng_eiface object for virtual node. ng_eiface
# object has a hook that can be connected to one of bridge
# links. After creating interface get its automatically
# generated name for further usage.
echo "Creating eiface interface for virtual node ${NODE_NAME}."
ngctl mkpeer eiface ether ether
EIFACE=`ngctl l | grep ngeth | tail -n 1| awk '{print $2}'`
echo "Interface ${EIFACE} is created."
# Write name of the interface to temp file. Clean-up procedure
# will use this name to shutdown interface.
echo "interface ${EIFACE}" >> ${TEMP_FILE}
# Move virtual interface to virtual node. Note that Interface
# name will not be changed at the end of this movement. Moved
# interface can be seen at the output of ifconfig command in
# jail: 'jexec jailname ifconfig'
echo "Moving ${EIFACE} to ${NODE_NAME}"
ifconfig ${EIFACE} vnet ${NODE_NAME}
# Make lo0 interface localhost.
jexec ${NODE_NAME} ifconfig lo0 localhost
# Generate a random mac address for virtual interface. First
# three octets can be changed by user. Last three octets are
# generated randomly.
M4=`od -An -N2 -i /dev/random | sed -e 's/ //g' | \
awk '{ print $1 % 256 }'`
M5=`od -An -N2 -i /dev/random | sed -e 's/ //g' | \
awk '{ print $1 % 256 }'`
M6=`od -An -N2 -i /dev/random | sed -e 's/ //g' | \
awk '{ print $1 % 256 }'`
MAC=`printf ${MAC_PREFIX}:%02x:%02x:%02x ${M4} ${M5} ${M6}`
# Set the link address (mac address) of virtual interface in
# virtual node to randomly generated MAC.
echo "Setting MAC address of ${EIFACE} to '${MAC}'"
jexec ${NODE_NAME} ifconfig ${EIFACE} link $MAC
# Either IPv4 or IPv6 can be used in this script. Ifconfig
# IP setting syntax differs slightly for two IP versions.
# For version 4 'inet' keyword is used whereas for version 6
# 'inet6' is used. Below line tries to decide which IP version
# is given and sets IPVER to 'inet' or 'inet6'.
IPVER=`echo ${NODE_IP} | awk -F"." '{ split($4,last,"/"); \
if( NF==4 && $1>0 && $1<256 && $2<256 && $3<256 && \
last[1]<256) print "inet"; else print "inet6"}'`
# Set IP address of virtual interface in virtual node.
echo "Setting IP address of ${EIFACE} to '${NODE_IP}'"
jexec ${NODE_NAME} ifconfig ${EIFACE} ${IPVER} ${NODE_IP}
# Connect virtual interface to bridge interface. Syntax is :
# ngctl connect INTERFACE: BRIDGE: INTERFACE_HOOK EMPTY_LINK.
# Interface has one hook named 'ether' and below line connects
# ether hook to bridge's first unconnected link.
echo -n "Connecting ${EIFACE}:ether to ${BRIDGE_NAME}:link${LINKNUM}..."
ngctl connect ${EIFACE}: ${BRIDGE_NAME}: ether link${LINKNUM} \
|| exit 1
echo "done"
# Now, bridge has one more connected link thus link count is
# incremented.
LINKNUM=`expr ${LINKNUM} + 1`
done
echo "Virtual LAN established successfully!"
}
# Stop routine.
virtual_lan_stop() {
if [ ! -e ${TEMP_FILE} ]; then
echo "Nothing to stop! ${TEMP_FILE}: temp file not found"
else
echo -n "Shutdown bridge interface.."
OBJECTS=`cat ${TEMP_FILE} | grep bridge | awk '{print $2}'`
for BRIDGE in ${OBJECTS}; do
ngctl shutdown ${BRIDGE}: >/dev/null 2>&1
done
echo "done"
echo -n "Shutdown all eiface interfaces..."
OBJECTS=`cat ${TEMP_FILE} | grep interface | awk '{print $2}'`
for INTERFACE in ${OBJECTS}; do
ngctl shutdown ${INTERFACE}: >/dev/null 2>&1
done
echo "done"
echo -n "Removing all jails..."
OBJECTS=`cat ${TEMP_FILE} | grep node | awk '{print $2}'`
for NODE in ${OBJECTS}; do
jail -r ${NODE}
done
echo "done"
echo "Removing tempfile ${TEMP_FILE}"
rm ${TEMP_FILE}
fi
echo "Virtual LAN objects removed successfully!"
}
virtual_lan_usage() {
echo "usage: $0 start [target_topology]"
echo " : $0 [ stop | help ]"
}
# Main entry point.
case $# in
1)
case $1 in
start)
echo -n "Creating default target topology:"
echo " ${TARGET_TOPOLOGY}"
virtual_lan_start
;;
stop)
if [ ! -e ${TEMP_FILE} ]; then
echo -n "Noting to stop! ${TEMP_FILE}:"
echo " temp file not found"
else
virtual_lan_stop
fi
;;
help)
virtual_lan_usage
exit 1
;;
*)
virtual_lan_usage
exit 1
esac
;;
2)
case $1 in
start)
TARGET_TOPOLOGY=$2
echo -n "Creating target topology:"
echo "${TARGET_TOPOLOGY}"
virtual_lan_start
;;
*)
virtual_lan_usage
exit 1
esac
;;
*)
virtual_lan_usage
exit 1
esac
|
