From 03dba934ceb4fd996d2d9b51875a480d11be4850 Mon Sep 17 00:00:00 2001 From: Bogdan Pricope Date: Fri, 1 May 2020 23:18:11 +0300 Subject: [PATCH] scripts: replace scripts required for using socket pktio When using linux interfaces as socket pktios we need to block access to those interfaces for applications and some functions of Linux network stack (ping, etc.). Signed-off-by: Bogdan Pricope Reviewed-by: Matias Elo --- scripts/ofp_linux_interface_acquire.sh | 38 ++++++++++++++++++++++++++ scripts/ofp_linux_interface_release.sh | 34 +++++++++++++++++++++++ scripts/reset_classifier.sh | 12 -------- scripts/reset_device.sh | 13 --------- scripts/reset_socket.sh | 12 -------- scripts/reset_webserver2.sh | 12 -------- scripts/start_classifier.sh | 15 ---------- scripts/start_conformance.sh | 20 -------------- scripts/start_device.sh | 21 -------------- scripts/start_socket.sh | 16 ----------- scripts/start_webserver.sh | 25 ----------------- scripts/start_webserver2.sh | 14 ---------- scripts/stop_conformance.sh | 13 --------- scripts/stop_webserver.sh | 16 ----------- 14 files changed, 72 insertions(+), 189 deletions(-) create mode 100755 scripts/ofp_linux_interface_acquire.sh create mode 100755 scripts/ofp_linux_interface_release.sh delete mode 100755 scripts/reset_classifier.sh delete mode 100755 scripts/reset_device.sh delete mode 100755 scripts/reset_socket.sh delete mode 100755 scripts/reset_webserver2.sh delete mode 100755 scripts/start_classifier.sh delete mode 100755 scripts/start_conformance.sh delete mode 100755 scripts/start_device.sh delete mode 100755 scripts/start_socket.sh delete mode 100755 scripts/start_webserver.sh delete mode 100755 scripts/start_webserver2.sh delete mode 100755 scripts/stop_conformance.sh delete mode 100755 scripts/stop_webserver.sh diff --git a/scripts/ofp_linux_interface_acquire.sh b/scripts/ofp_linux_interface_acquire.sh new file mode 100755 index 00000000..589f9750 --- /dev/null +++ b/scripts/ofp_linux_interface_acquire.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +# Use this script to block access to a linux interface for other +# applications before it is utilized as a socket pktio, in OFP +# example applications. + +# Check arguments +if [ "$#" -ne 1 ]; then + echo "Error: Invalid number of parameters." + echo "Usage:" + echo " "${0}" " + exit 1 +fi + +linux_intf=${1} +ifconfig $linux_intf &> /dev/null +if [ $? -ne 0 ]; then + echo "Error: Invalid interface '"$linux_intf"'." + exit 1 +fi + +# Check rights +if [ "$EUID" -ne 0 ]; then + echo "Error: Script must be executed with superuser rights." + exit 1 +fi + +# Set iptables: append drop rules +iptables -A FORWARD -i $linux_intf -j DROP +iptables -A INPUT -i $linux_intf -j DROP +ip6tables -A FORWARD -i $linux_intf -j DROP +ip6tables -A INPUT -i $linux_intf -j DROP + +# Disable arp +ifconfig $linux_intf -arp + +# Flush addresses +ip addr flush dev $linux_intf diff --git a/scripts/ofp_linux_interface_release.sh b/scripts/ofp_linux_interface_release.sh new file mode 100755 index 00000000..4b0b203a --- /dev/null +++ b/scripts/ofp_linux_interface_release.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +# Use this script to restore access to a linux interface for other +# applications after it was blocked with ofp_linux_interface_acquire.sh. + +# Check arguments +if [ "$#" -ne 1 ]; then + echo "Error: Invalid number of parameters." + echo "Usage:" + echo " "${0}" " + exit 1 +fi + +linux_intf=${1} +ifconfig $linux_intf &> /dev/null +if [ $? -ne 0 ]; then + echo "Error: Invalid interface '"$linux_intf"'." + exit 1 +fi + +# Check rights +if [ "$EUID" -ne 0 ]; then + echo "Error: Script must be executed with superuser rights." + exit 1 +fi + +# Set iptables: delete drop rules +iptables -D FORWARD -i $linux_intf -j DROP +iptables -D INPUT -i $linux_intf -j DROP +ip6tables -D FORWARD -i $linux_intf -j DROP +ip6tables -D INPUT -i $linux_intf -j DROP + +# Enable arp +ifconfig $linux_intf arp diff --git a/scripts/reset_classifier.sh b/scripts/reset_classifier.sh deleted file mode 100755 index 7f732e7f..00000000 --- a/scripts/reset_classifier.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -x - -intf=$1 -if test "X$intf" = "X"; then intf=eth0; fi - -killall classifier -sudo iptables -D FORWARD -i $intf -j DROP -sudo iptables -D INPUT -i $intf -j DROP -sudo ip6tables -D FORWARD -i $intf -j DROP -sudo ip6tables -D INPUT -i $intf -j DROP -sudo ifconfig $intf arp -sudo ifdown $intf && sudo ifup $intf diff --git a/scripts/reset_device.sh b/scripts/reset_device.sh deleted file mode 100755 index 12a74060..00000000 --- a/scripts/reset_device.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -x - -intf=$1 -if test "X$intf" = "X"; then intf=eth0; fi -echo Running FPM on intferface $intf - -killall fpm -sudo iptables -D FORWARD -i $intf -j DROP -sudo iptables -D INPUT -i $intf -j DROP -sudo ip6tables -D FORWARD -i $intf -j DROP -sudo ip6tables -D INPUT -i $intf -j DROP -sudo ifconfig $intf arp -sudo ifdown $intf && sudo ifup $intf diff --git a/scripts/reset_socket.sh b/scripts/reset_socket.sh deleted file mode 100755 index 9c80ebef..00000000 --- a/scripts/reset_socket.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -x - -intf=$1 -if test "X$intf" = "X"; then intf=eth0; fi - -killall socket -sudo iptables -D FORWARD -i $intf -j DROP -sudo iptables -D INPUT -i $intf -j DROP -sudo ip6tables -D FORWARD -i $intf -j DROP -sudo ip6tables -D INPUT -i $intf -j DROP -sudo ifconfig $intf arp -sudo ifdown $intf && sudo ifup $intf diff --git a/scripts/reset_webserver2.sh b/scripts/reset_webserver2.sh deleted file mode 100755 index 9ff28ed5..00000000 --- a/scripts/reset_webserver2.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -x - -intf=$1 -if test "X$intf" = "X"; then intf=eth0; fi - -killall webserver2 -sudo iptables -D FORWARD -i $intf -j DROP -sudo iptables -D INPUT -i $intf -j DROP -sudo ip6tables -D FORWARD -i $intf -j DROP -sudo ip6tables -D INPUT -i $intf -j DROP -sudo ifconfig $intf arp - diff --git a/scripts/start_classifier.sh b/scripts/start_classifier.sh deleted file mode 100755 index 55e8e711..00000000 --- a/scripts/start_classifier.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -x - -intf=$1 -if test "X$intf" = "X"; then intf=eth0; fi - -iptables -A FORWARD -i $intf -j DROP -iptables -A INPUT -i $intf -j DROP -ip6tables -A FORWARD -i $intf -j DROP -ip6tables -A INPUT -i $intf -j DROP -ifconfig $intf -arp -ip addr flush dev $intf - -sleep 1 - -./example/classifier/classifier -i $intf -c 2 -f ./example/classifier/ofp.cli & diff --git a/scripts/start_conformance.sh b/scripts/start_conformance.sh deleted file mode 100755 index 52a2f915..00000000 --- a/scripts/start_conformance.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -./example/fpm/fpm -i vlan103,vlan104 -c 4 & - -sleep 3 -iptables -A FORWARD -i vlan103 -j DROP -iptables -A FORWARD -i vlan104 -j DROP -iptables -A INPUT -i vlan103 -j DROP -iptables -A INPUT -i vlan104 -j DROP -ifconfig vlan103 -arp -ifconfig vlan104 -arp -ip addr flush dev vlan103 -ip addr flush dev vlan104 -#sleep 1 -#sysctl -w net.ipv6.conf.fp_vlan103.autoconf=0 -#sysctl -w net.ipv6.conf.fp_vlan104.autoconf=0 -sleep 1 -ifconfig fp0 192.168.13.15 up -ifconfig fp1 192.168.14.15 up -# arp of ixia machine is required for sending ICMP Echo Req in tests 1.3 and 4.4 -arp -i fp0 -s 192.168.13.16 10:1F:74:36:29:9A diff --git a/scripts/start_device.sh b/scripts/start_device.sh deleted file mode 100755 index 7059c466..00000000 --- a/scripts/start_device.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -intf=$1 -if test "X$intf" = "X"; then intf=eth0; fi - -./example/fpm/fpm -i $intf -c 4 & - -sleep 3 -iptables -A FORWARD -i $intf -j DROP -iptables -A INPUT -i $intf -j DROP -ip6tables -A FORWARD -i $intf -j DROP -ip6tables -A INPUT -i $intf -j DROP -ifconfig $intf -arp -ip addr flush dev $intf -sleep 3 -sysctl -w net.ipv6.conf.fp0.autoconf=0 -dhclient -v fp0 -#sysctl -w net.ipv4.conf.fp0.forwarding=0 -#sysctl -w net.ipv4.conf.fp0.mc_forwarding=0 -#sysctl -w net.ipv4.conf.fp0.arp_filter=0 -#sysctl -w net.ipv4.conf.fp0.arp_accept=0 -#sysctl -w net.ipv4.conf.fp0.arp_announce=1 diff --git a/scripts/start_socket.sh b/scripts/start_socket.sh deleted file mode 100755 index d98fae88..00000000 --- a/scripts/start_socket.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -x - -intf=$1 -if test "X$intf" = "X"; then intf=eth0; fi - -./example/socket/socket -i $intf -c 2 -f ./example/socket/ofp.cli & - -sleep 3 -iptables -A FORWARD -i $intf -j DROP -iptables -A INPUT -i $intf -j DROP -ip6tables -A FORWARD -i $intf -j DROP -ip6tables -A INPUT -i $intf -j DROP -ifconfig $intf -arp -ip addr flush dev $intf -sleep 3 -sysctl -w net.ipv6.conf.fp_$intf.autoconf=0 diff --git a/scripts/start_webserver.sh b/scripts/start_webserver.sh deleted file mode 100755 index ced4ac18..00000000 --- a/scripts/start_webserver.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -if [ "$#" -ne 2 ]; then - echo "requires two parameters. Use: ./start_webserver.sh ethX IP" - exit -1 -fi - -intf=$1 -echo Starting Web Server on interface $intf - -www_dir="${www_dir:-"/var/www/"}" -export www_dir -./example/webserver/webserver -i $intf -c 2 & - -sleep 1 - -ifconfig fp0 $2 - -sleep 1 -iptables -A FORWARD -i $intf -j DROP -iptables -A INPUT -i $intf -j DROP -ip6tables -A FORWARD -i $intf -j DROP -ip6tables -A INPUT -i $intf -j DROP -ifconfig $intf -arp -ip addr flush dev $intf - diff --git a/scripts/start_webserver2.sh b/scripts/start_webserver2.sh deleted file mode 100755 index ba2670a5..00000000 --- a/scripts/start_webserver2.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -x - -intf=$1 -if test "X$intf" = "X"; then intf=eth0; fi - -iptables -A FORWARD -i $intf -j DROP -iptables -A INPUT -i $intf -j DROP -ip6tables -A FORWARD -i $intf -j DROP -ip6tables -A INPUT -i $intf -j DROP -ifconfig $intf -arp -ip addr flush dev $intf -sleep 3 - -./example/webserver2/webserver2 -i $intf -c 2 -f ./example/webserver2/ofp.cli -r /tmp & diff --git a/scripts/stop_conformance.sh b/scripts/stop_conformance.sh deleted file mode 100755 index 2c794fde..00000000 --- a/scripts/stop_conformance.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -x - -killall fpm - -sleep 3 - -sudo iptables -D FORWARD -i vlan103 -j DROP -sudo iptables -D FORWARD -i vlan104 -j DROP -sudo iptables -D INPUT -i vlan103 -j DROP -sudo iptables -D INPUT -i vlan104 -j DROP -sudo ifconfig vlan103 arp -sudo ifconfig vlan104 arp - diff --git a/scripts/stop_webserver.sh b/scripts/stop_webserver.sh deleted file mode 100755 index 7cd4eb26..00000000 --- a/scripts/stop_webserver.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -if [ "$#" -ne 1 ]; then - echo "requires an interface parameter. Use: ./start_webserver.sh ethX" - exit -1 -fi - -intf=$1 -if test "X$intf" = "X"; then intf=eth0; fi - -killall webserver -sudo iptables -D FORWARD -i $intf -j DROP -sudo iptables -D INPUT -i $intf -j DROP -sudo ip6tables -D FORWARD -i $intf -j DROP -sudo ip6tables -D INPUT -i $intf -j DROP -sudo ifconfig $intf arp -sudo ifdown $intf && sudo ifup $intf