路由原理

    1. #!/bin/sh
    3. # Author: fasion
    4. # Created time: 2020-10-11 15:39:21
    5. # Last Modified by: fasion
    6. # Last Modified time: 2020-12-23 18:51:23
    8. NS_ROOT='/var/run'
    9. NS_ROOT='/data/run'
    11. NETNS_ROOT="$NS_ROOT/netns"
    12. UTSNS_ROOT="$NS_ROOT/utsns"
    13. MNTNS_ROOT="$NS_ROOT/mntns"
    14. # MNTNS_ROOT="/data/mntns"
    16. NSFS_ROOT='/data/nsfs'
    18. err_exit() {
    19.     retcode="$1"
    20.     shift
    21.     echo "$@"
    22.     exit "$retcode"
    23. }
    25. err_return() {
    26.     retcode="$1"
    27.     shift
    28.     echo "$@"
    29.     return "$retcode"
    30. }
    32. create-hub() {
    33.     local name="$1"
    34.     ip link add "$name" type bridge ageing_time 0 &&
    35.         ip link set "$name" up ||
    36.         err_return 1 "cat not create hub $name"
    37. }
    39. # 创建一个交换机(网桥)
    40. create-switch() {
    41.     local name="$1"
    42.     ip link add "$name" type bridge &&
    43.         ip link set "$name" up ||
    44.         err_return 1 "cat not create switch $name"
    45. }
    47. create-netns-for-nsvm() {
    48.     local vm_name="$1"
    49.     mkdir -p "$NETNS_ROOT" &&
    50.         touch "$NETNS_ROOT/$vm_name" &&
    51.         unshare --net="$NETNS_ROOT/$vm_name" true ||
    52.         err_return 1 "cat not create netns for vm $vm_name"
    53. }
    55. create-utsns-for-nsvm() {
    56.     local vm_name="$1"
    57.     mkdir -p "$UTSNS_ROOT" &&
    58.         touch "$UTSNS_ROOT/$vm_name" &&
    59.         unshare --uts="$UTSNS_ROOT/$vm_name" hostname "$vm_name" ||
    60.         err_return 1 "cat not create utsns for vm $vm_name"
    61. }
    63. create-mntns-for-nsvm() {
    64.     local vm_name="$1"
    65.     mkdir -p "$MNTNS_ROOT" &&
    66.         touch "$MNTNS_ROOT/$vm_name" &&
    67.         unshare --mount="$MNTNS_ROOT/$vm_name" true ||
    68.         err_return 1 "cat not create utsns for vm $vm_name"
    69. }
    71. create-rootfs-for-nsvm() {
    72.     local rootfs="/data/rootfs"
    73.     if [ ! -e "$rootfs" ]; then
    74.         mkdir -p "$rootfs" || exit
    75.         mount -o bind,ro / "$rootfs" || exit
    76.     fi
    78.     local vm_name="$1"
    79.     local ns_path="$NSFS_ROOT/$vm_name"
    80.     local upperdir="$ns_path/upperdir"
    81.     local workdir="$ns_path/workdir"
    82.     local vmroot="$ns_path/rootfs"
    84.     mkdir -p "$ns_path" || return
    85.     mkdir -p "$upperdir" || return
    86.     mkdir -p "$workdir" || return
    87.     mkdir -p "$vmroot" || return
    89.     mkdir -p "$upperdir/etc" &&
    90.         cp /etc/resolv.conf "$upperdir/etc" &&
    91.         echo "$vm_name" > "$upperdir/etc/hostname" &&
    92.         echo "127.0.0.1    localhost" > "$upperdir/etc/hosts" || return
    94.     mount -t overlay -o "lowerdir="$rootfs",upperdir=$upperdir,workdir=$workdir" overlay "$vmroot" || return
    95. }
    97. mount-rootfs-for-nsvm() {
    98.     local vm_name="$1"
    99.     local ns_path="$NSFS_ROOT/$vm_name"
    100.     local vmroot="$ns_path/rootfs"
    102.     exec-in-nsvm "$vm_name" mount --bind "$vmroot" / || return
    103.     exec-in-nsvm "$vm_name" mount -t proc proc /proc || return
    104.     exec-in-nsvm "$vm_name" mount -t sysfs sysfs /sys || return
    105. }
    107. # 创建namespace
    108. # 分别是net/UTS/rootfs/mount/挂载
    109. create-nsvm() {
    110.     local vm_name="$1"
    111.     create-netns-for-nsvm "$vm_name" || return 1
    112.     create-utsns-for-nsvm "$vm_name" || return 1
    113.     create-rootfs-for-nsvm "$vm_name" || return 1
    114.     create-mntns-for-nsvm "$vm_name" || return 1
    115.     mount-rootfs-for-nsvm "$vm_name" || return 1
    116. }
    118. init-nsvm() {
    119.     local vm_name="$1"
    121.     nsenter --net="$NETNS_ROOT/$vm_name" ip addr add 127.0.0.1/8 dev lo &&
    122.         nsenter --net="$NETNS_ROOT/$vm_name" ip link set lo up ||
    123.         err_return 1 "cat not bring lo up for vm $vm_name"
    125.     while [ -n "$2" ]; do
    126.         nsenter --net="$NETNS_ROOT/$vm_name" ip link set "$2" up ||
    127.             err_return 1 "cat not bring $2 up for vm $vm_name"
    128.         shift
    129.     done
    130. }
    132. disable-ipv6-for-nsvm() {
    133.     while [ -n "$1" ]; do
    134.         exec-in-nsvm "$1" bash -c "echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6"
    135.         shift
    136.     done
    137. }
    139. exec-in-nsvm() {
    140.     local name="$1"
    141.     shift
    142.     nsenter --uts="$UTSNS_ROOT/$name" --net="$NETNS_ROOT/$name" --mount="$MNTNS_ROOT/$name"  "$@"
    143. }
    145. add-routes-for-nsvm() {
    146.     groups=(${2//;/ })
    147.     for group in ${groups[@]}; do
    148.         # echo "group=$group"
    149.         if [ -z "$group" ]; then
    150.             continue
    151.         fi
    153.         gw=`echo "$group" | cut -d : -f 1`
    154.         if [ -z "$gw" ]; then
    155.             continue
    156.         fi
    157.         # echo "gw=$gw"
    159.         routestr=`echo "$group" | cut -d : -f 2`
    160.         if [ -z "$routestr" ]; then
    161.             continue
    162.         fi
    163.         # echo "routestr=$routestr"
    165.         routes=(${routestr//,/ })
    166.         for route in ${routes[@]}; do
    167.             # echo "route=$route"
    168.             if [ -z "$route" ]; then
    169.                 continue
    170.             fi
    172.             exec-in-nsvm $1 ip route add "$route" via "$gw"
    173.         done
    174.     done
    175. }
    177. enter-nsvm() {
    178.     local name="$1"
    179.     exec-in-nsvm "$name" bash -c "cd; exec zsh"
    180. }
    182. move-iface-to-nsvm() {
    183.     local iface_name="$1"
    184.     local vm_name="$2"
    185.     ip link set "$iface_name" netns "$NETNS_ROOT/$vm_name"
    186. }
    188. connect-two-nsvm() {
    189.     local vm_name1="$1"
    190.     local dev_name1="$2"
    191.     local vm_name2="$3"
    192.     local dev_name2="$4"
    194.     local link_name="$vm_name1-$vm_name2"
    195.     local peer_name="$vm_name2-$vm_name1"
    197.     ip link add "$link_name" type veth peer name "$peer_name" &&
    198.         ip link set "$link_name" netns "$NETNS_ROOT/$vm_name1" name "$dev_name1" &&
    199.         ip link set "$peer_name" netns "$NETNS_ROOT/$vm_name2" name "$dev_name2" ||
    200.         err_return 1 "can not connect vm1 $vm_name1/$dev_name1 to vm2 $vm_name2/$dev_name2"
    201. }
    203. connect-nsvm-to-bridge() {
    204.     local vm_name="$1"
    205.     local dev_name="$2"
    206.     local bridge_name="$3"
    208.     local link_name="$vm_name-$dev_name"
    209.     local peer_name="$vm_name-$dev_name-p"
    211.     ip link add "$link_name" type veth peer name "$peer_name" &&
    212.         ip link set "$link_name" netns "$NETNS_ROOT/$vm_name" name "$dev_name" &&
    213.         ip link set "$peer_name" up master "$bridge_name" ||
    214.         err_return 1 "cat not connect vm $vm_name to $bridge_name through $dev_name"
    215. }
    217. connect-nsvm-to-hub() {
    218.     connect-nsvm-to-bridge "$@"
    219. }
    221. connect-nsvm-to-switch() {
    222.     connect-nsvm-to-bridge "$@"
    223. }
    225. connect-two-bridge() {
    226.     local bridge_name1="$1"
    227.     local bridge_name2="$2"
    229.     local link_name="$bridge_name1-$bridge_name2"
    230.     local peer_name="$bridge_name2-$bridge_name1"
    232.     ip link add "$link_name" type veth peer name "$peer_name" &&
    233.         ip link set "$link_name" master "$bridge_name1" up &&
    234.         ip link set "$peer_name" master "$bridge_name2" up ||
    235.         err_return 1 "cat not connect bridge1 $bridge_name1 to bridge2 $bridge_name2"
    236. }
    238. # 创建一个网络节点,一台机器
    239. create-node() {
    240.     name="$1"
    241.     # 创建namespace?
    242.     create-nsvm "$name" || exit
    243.     # 初始化namespace?
    244.     init-nsvm "$name" || exit
    245. }
    247. network-switch-name() {
    248.     echo "$1-switch"
    249. }
    251. create-network() {
    252.     name="$1"
    253.     switch_name=`network-switch-name "$name"`
    254.     create-switch "$switch_name" || exit
    255. }
    257. connect-node-to-network() {
    258.     node="$1"
    259.     network="$2"
    260.     iface="$3"
    261.     mac="$4"
    262.     ip="$5"
    264.     switch=`network-switch-name "$network"`
    266.     connect-nsvm-to-switch "$node" "$iface" "$switch" || exit
    268.     exec-in-nsvm "$node" ip link set "$iface" up || exit
    270.     if [ -n "$mac" ]; then
    271.         exec-in-nsvm "$node" ip link set dev "$iface" address "$mac" || exit
    272.     fi
    274.     if [ -n "$ip" ]; then
    275.         exec-in-nsvm "$node" ip addr add "$ip" dev "$iface" || exit
    276.     fi
    277. }
    279. default-iface() {
    280.     ip route | grep default | awk '{print $5}'
    281. }
    283. iface-ip() {
    284.     ip addr show "$1" |grep inet | awk '{print $2}' | cut -f 1 -d /
    285. }
    287. setup-snat-for-default-iface() {
    288.     iface=`default-iface`
    289.     [ -n "$iface" ] || return
    291.     ip=`iface-ip "$iface"`
    292.     [ -n "$ip" ] || return
    295.     iptables -t nat -A POSTROUTING -o "$iface" -j MASQUERADE
    296.     #iptables -t nat -A POSTROUTING -o "$iface" -s 192.168.0.0/16 -j SNAT --to "$ip" || return
    297. }
    299. if [ -n "$1" ]; then
    300.     "$@"
    301. fi