CC=gcc
CFLAGS=-g -O2
-all: dcookie fd_bmsocket fd_udpsocket fd_fusemount fd_tuntap fd_tos
+all: dcookie fd_bmsocket fd_udpsocket fd_fusemount fd_tuntap fd_tos fd_packetseer
fd_tuntap: fd_tuntap.c
gcc fd_tuntap.c -o exec/fd_tuntap
fd_tos: fd_tos.c fdpass.o
gcc fd_tos.c fdpass.o -o exec/fd_tos
+fd_packetseer: fd_packetseer.c fdpass.o
+ gcc fd_packetseer.c fdpass.o -o exec/fd_packetseer
+
clean:
rm -f exec/*
--- /dev/null
+#!/usr/bin/perl
+
+use strict;
+
+$|=1;
+
+my $slicename;
+my $portnumber;
+my $ipaddress;
+
+$slicename = $ARGV[0];
+$portnumber = <STDIN>;
+$ipaddress = <STDIN>;
+
+chop($portnumber);
+chop($ipaddress);
+
+if (-f "/dev/shm/rawtcp-$slicename") {
+ print "Sorry, only 1 port reservation is allowed per slice. You reserved ".`cat /dev/shm/rawtcp-$slicename`;
+}
+
+if ($ipaddress!~/^\d+\.\d+\.\d+\.\d+/) {
+ die("$ipaddress is not an ip address");
+}
+
+if ($portnumber!~/^\d+$/) {
+ die("$portnumber is not a port number");
+}
+
+$portnumber=int($portnumber);
+open CMD1,"vcontext --ctx 1 --migrate -- ncontext --nid 1 --migrate fuser -n tcp $portnumber 2>/dev/null |";
+my @f = <CMD1>;
+my $fuser = join '',@f;
+$fuser=~s/\s//g;
+close CMD1;
+
+if ($fuser) {
+ open CMD2,"chcontext --ctx 1 -- cat /proc/$fuser/vinfo|";
+
+ my $vinfo = <CMD2>;
+ my @userinfo;
+ @userinfo = split /\s/,$vinfo;
+ my $uid = $userinfo[1];
+ my $slice_id = `id -u $slicename`;
+ chop($slice_id);
+
+ if ($slice_id eq $uid) {
+ my $default_route = `ip route get $ipaddress`;
+ my $dev;
+ $default_route =~ /dev ([^\s]+)/;
+ $dev = $1;
+ if ($dev !~ /$uid/) {
+ print $ipaddress;
+ print $default_route;
+ die("Sorry, you don't own the next hop for that route, which is $dev");
+ }
+
+ #### If we made it here, it means:
+ #### 1. The user is bound to the desired port, which is in the 61000+ range.
+ #### 2. There is a local device for the supplied IP address.
+ #### 3. The calling user owns that device.
+ ####
+ #### Next: Bridge the port with the device
+
+ my $iptables_cmd = "iptables -t nat -A PREROUTING -m tcp -p tcp --dport $portnumber -j DNAT --to $ipaddress:$portnumber";
+ system($iptables_cmd);
+ system("echo $portnumber > /dev/shm/rawtcp-$slicename");
+ print "Port reservation commands executed";
+ }
+ else {
+ print "$portnumber is taken by somebody else, sorry";
+ }
+ close CMD2;
+} else {
+ print "Please bind to $portnumber first."
+}
opt_txqueuelen = None
opt_rp_filter = None
+opt_snat = None
for optionline in options:
sys.exit(1)
opt_txqueuelen = intval
+ elif opt=="snat":
+ intval = int(val)
+ if val=="1":
+ opt_snat = True
else:
print >>sys.stderr, "Unknown option: \"%s\"" % (opt)
sys.exit(1)
cmd_iptables_out = "/sbin/iptables -A OUTPUT -o %s -m state --state NEW -m mark ! --mark %d -j DROP" % (vif, sliceid)
cmd_iptables_del_out = "/sbin/iptables -D OUTPUT -o %s -m state --state NEW -m mark ! --mark %d -j DROP 2>/dev/null" % (vif, sliceid)
+public_src = os.popen("ip route get 1.1.1.1 | head -1 | awk '{print $7;}'").read().rstrip();
+cmd_iptables_pr = "/sbin/iptables -t nat -A POSTROUTING -s %s/%d -j SNAT --to-source %s --random" % (vip, vmask, public_src)
+cmd_iptables_del_pr = "/sbin/iptables -t nat -D POSTROUTING -s %s/%d -j SNAT --to-source %s --random" % (vip, vmask, public_src)
+
os.system(cmd_iptables_del_in)
os.system(cmd_iptables_in)
os.system(cmd_iptables_del_out)
os.system(cmd_iptables_out)
+if (opt_snat):
+ os.system(cmd_iptables_del_pr)
+ os.system(cmd_iptables_pr)
+ #print cmd_iptables_del_pr
+ #print cmd_iptables_pr
+
# Process additional options
if opt_rp_filter is not None:
rp_cmd = "/sbin/sysctl net.ipv4.conf.%s.rp_filter=%s" % (vif, opt_rp_filter)
os.system(rp_cmd)
+
+
--- /dev/null
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <linux/if_ether.h>
+#include "fdpass.h"
+
+#define MAX_BUFSIZE (32*1024*1024)
+
+/*------------------------------------------------------------------*/
+void
+receive_argument(int control_fd, int *rcvbuf, int *sndbuf)
+{
+ if (recv(control_fd, rcvbuf, sizeof(int), 0) != sizeof(int)) {
+ fprintf(stderr, "receiving the first argument failed\n");
+ exit(-1);
+ }
+ if (recv(control_fd, sndbuf, sizeof(int), 0) != sizeof(int)) {
+ fprintf(stderr, "receiving the first argument failed\n");
+
+ exit(-1);
+ }
+}
+/*------------------------------------------------------------------*/
+int
+main(int argc, char *argv[])
+{
+ int control_channel_fd, magic_socket;
+ int rcvbufsize = 0, sndbufsize = 0;
+
+ if (argc < 3) {
+ printf("This script is called by vsys.\n");
+ exit(1);
+ }
+
+ sscanf(argv[2],"%d", &control_channel_fd);
+ magic_socket = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
+ if (magic_socket == -1) {
+ fprintf(stderr, "Error creating socket: %d\n", errno);
+ exit(1);
+ }
+ else fprintf(stderr, "Socket: %d", magic_socket);
+
+ send_fd(control_channel_fd, magic_socket);
+}
/* Open tun device */
if( (tap_fd = open("/dev/net/tun", O_RDWR)) < 0 ) {
system("modprobe tun");
+ system("ln -sf /dev/net/tun /dev/stdtun");
if( (tap_fd = open("/dev/net/tun", O_RDWR)) < 0 ) {
perror("ERROR: tun_alloc():open(/dev/net/tun)");
exit(-1);
while ((retval = sendmsg(sock_fd, &msg, 0)) == -1 && errno == EINTR);
if (retval != 1) {
perror("sending file descriptor");
+ fprintf(stderr,"File descriptor: %d", sock_fd);
return -1;
}
return 0;
--- /dev/null
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/socket.h>
+#include <linux/if.h>
+#include <linux/if_tun.h>
+
+#include "tunalloc.h"
+
+int main(void)
+{
+ printf("Allocating tap device via VSYS\n");
+
+ char if_name[IFNAMSIZ];
+
+ int tun_fd = tun_alloc(IFF_TAP, if_name);
+
+ printf("Allocated tap device: %s fd=%d\n", if_name, tun_fd);
+
+ printf("Sleeping for 120 secs...\n");
+
+ sleep(120);
+
+ printf("Closing\n");
+
+ return 0;
+}
%define name vsys-scripts
%define version 0.95
-%define taglevel 20
+%define taglevel 22
%define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}}
%postun
%changelog
+* Mon Oct 11 2010 Sapan Bhatia <sapanb@cs.princeton.edu> - vsys-scripts-0.95-22
+- vif_up has now been modified with the ability to create tap devices and to be able to SNAT over randomly selected
+- ports. Thanks to Matthias Goerner for his help developing and testing these changes.
+
+* Fri Sep 17 2010 Sapan Bhatia <sapanb@cs.princeton.edu> - vsys-scripts-0.95-21
+- Added script fd_packetseer, also updated tun/tap script to be able to create tun devices in addition to tap devices
+- and other minor changes.
+
* Mon Jul 19 2010 Baris Metin <Talip-Baris.Metin@sophia.inria.fr> - vsys-scripts-0.95-20
- fix dotsshmount