From 19d254bbbb3ab319d15891ff7287f5182980c105 Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Fri, 21 May 2021 11:14:51 +0200 Subject: passt: Add support for multiple instances in different network namespaces ...sharing the same filesystem. Instead of a fixed path for the UNIX domain socket, passt now uses a path with a counter, probing for existing instances, and picking the first free one. The demo script is updated accordingly -- it can now be started several times to create multiple namespaces with an instance of passt each, with addressing reflecting separate subnets, and NDP proxying between them. Signed-off-by: Stefano Brivio --- doc/demo.sh | 84 +++++++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 57 insertions(+), 27 deletions(-) (limited to 'doc') diff --git a/doc/demo.sh b/doc/demo.sh index 5aed7f0..c7d2eac 100755 --- a/doc/demo.sh +++ b/doc/demo.sh @@ -30,7 +30,7 @@ ipv6_mangle() { if [ ${__c} -lt 7 ]; then printf "${__16b}:" else - printf "abcd\n" && break + printf "%04x\n" $((0xabc0 + ${2})) && break fi __c=$((__c + 1)) done @@ -40,43 +40,66 @@ ipv6_mangle() { ndp_setup() { sysctl -w net.ipv6.conf.all.proxy_ndp=1 ip -6 neigh add proxy "${1}" dev "$(ipv6_dev)" + + for i in `seq 1 63`; do + __neigh="$(ipv6_mangle ${1} ${i})" + if [ "${__neigh}" != "${1}" ]; then + ip -6 neigh add proxy "${__neigh}" dev "${2}" + fi + done } -ip netns del passt 2>/dev/null || : -ip link del veth_passt 2>/dev/null || : -ip netns add passt -ip link add veth_passt up netns passt type veth peer name veth_passt -ip link set dev veth_passt up -ip -n passt link set dev lo up +ns_idx=0 +for i in `seq 1 63`; do + ns="passt_${i}" + ns_idx=${i} + + busy=0 + for p in $(pidof passt); do + [ "$(ip netns identify ${p})" = "${ns}" ] && busy=1 && break + done + [ ${busy} -eq 0 ] && break +done + +[ ${busy} -ne 0 ] && echo "Couldn't create namespace" && exit 1 + +ip netns del "${ns}" 2>/dev/null || : +ip netns add "${ns}" +ip link del "veth_${ns}" 2>/dev/null || : +ip link add "veth_${ns}" up netns "${ns}" type veth peer name "veth_${ns}" +ip link set dev "veth_${ns}" up +ip -n "${ns}" link set dev lo up +ipv4_main="192.0.2.$(((ns_idx - 1) * 4 + 1))" +ipv4_ns="192.0.2.$(((ns_idx - 1) * 4 + 2))" -ip -n passt addr add 192.0.2.2/24 dev veth_passt -ip addr add 192.0.2.1/24 dev veth_passt -ip -n passt route add default via 192.0.2.1 +ip -n "${ns}" addr add "${ipv4_ns}/30" dev "veth_${ns}" +ip addr add "${ipv4_main}/30" dev "veth_${ns}" +ip -n "${ns}" route add default via "${ipv4_main}" sysctl -w net.ipv4.ip_forward=1 -nft delete table passt_nat 2>/dev/null || : -nft add table passt_nat -nft 'add chain passt_nat postrouting { type nat hook postrouting priority -100 ; }' -nft add rule passt_nat postrouting ip saddr 192.0.2.2 masquerade +nft delete table "${ns}_nat" 2>/dev/null || : +nft add table "${ns}_nat" +nft add chain "${ns}_nat" postrouting '{ type nat hook postrouting priority -100 ; }' +nft add rule "${ns}_nat" postrouting ip saddr "${ipv4_ns}" masquerade ipv6_addr="$(ipv6_devaddr "$(ipv6_dev)")" -ipv6_passt="$(ipv6_mangle "${ipv6_addr}")" -ndp_setup "${ipv6_passt}" -ip -n passt addr add "${ipv6_passt}/$(ipv6_mask "${ipv6_addr}")" dev veth_passt -ip addr add "${ipv6_addr}" dev veth_passt -ip route add "${ipv6_passt}" dev veth_passt -passt_ll="$(ipv6_ll_addr "veth_passt")" -main_ll="$(get_token "link/ether" $(ip -o li sh veth_passt))" -ip neigh add "${passt_ll%%/*}" dev veth_passt lladdr "${main_ll}" -ip -n passt route add default via "${passt_ll%%/*}" dev veth_passt +ipv6_passt="$(ipv6_mangle "${ipv6_addr}" ${ns_idx})" +ndp_setup "${ipv6_passt}" "veth_${ns}" +ip -n "${ns}" addr add "${ipv6_passt}/$(ipv6_mask "${ipv6_addr}")" dev "veth_${ns}" +ip addr add "${ipv6_addr}" dev "veth_${ns}" +ip route add "${ipv6_passt}" dev "veth_${ns}" +passt_ll="$(ipv6_ll_addr "veth_${ns}")" +main_ll="$(get_token "link/ether" $(ip -o li sh "veth_${ns}"))" +ip neigh add "${passt_ll%%/*}" dev "veth_${ns}" lladdr "${main_ll}" +ip -n "${ns}" route add default via "${passt_ll%%/*}" dev "veth_${ns}" sysctl -w net.ipv6.conf.all.forwarding=1 -ethtool -K veth_passt tx off -ip netns exec passt ethtool -K veth_passt tx off -ip netns exec passt sysctl -w net.ipv4.ping_group_range="0 2147483647" +ethtool -K "veth_${ns}" tx off +ip netns exec "${ns}" ethtool -K "veth_${ns}" tx off +ip netns exec "${ns}" sysctl -w net.ipv4.ping_group_range="0 2147483647" sysctl -w net.core.rmem_max=16777216 @@ -84,5 +107,12 @@ sysctl -w net.core.wmem_max=16777216 sysctl -w net.core.rmem_default=16777216 sysctl -w net.core.wmem_default=16777216 +echo +echo "Namespace ${ns} set up, addresses:" +echo " ${ipv4_ns}" +echo " ${ipv6_passt}" +echo +echo "Starting passt..." +echo -ip netns exec passt ./passt +ip netns exec "${ns}" ./passt -- cgit v1.2.3