Add demo on using network namespacing and tcpdump

There are three scripts: * `create_namespace.sh`: create a namespace `mdst`; create a veth pair wiht one end in the namespace (`mdst_inner`) and the other outside of it (`mdst_outer`) * `remove_namespace.sh`: remove the namespace * `run_tcpdump.sh`: run `tcpdump` to capture packets to / from the namespace; packets are sent using `ping`. Packets are captured raw in the `ping.pcap` file. Signed-off-by: Razvan Deaconescu <[email protected]>
razvand · Oct 8, 2021 · 7bfa74c · 7bfa74c
1 parent 7296c58
commit 7bfa74c
Show file tree

Hide file tree

Showing 4 changed files with 138 additions and 0 deletions.
diff --git a/netns/.gitignore b/netns/.gitignore
@@ -0,0 +1 @@
+/ping.pcap
diff --git a/netns/create_namespace.sh b/netns/create_namespace.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+MONITORED_INTERFACE_DST=mdst
+
+# For a veth interface as monitor
+VETH_MONITOR_DST=true
+VETH_MONITOR_NAMESPACE_DST=mdst
+VETH_MONITOR_MAC_INNER_DST=22:22:22:00:00:00
+VETH_MONITOR_MAC_OUTER_DST=44:44:44:00:00:00
+VETH_MONITOR_NET_DST=10.2.0.0
+VETH_MONITOR_MASK_DST=16
+VETH_MONITOR_MASK_LONG_DST=255.255.0.0
+VETH_MONITOR_ADDRESS_OUTER_DST=10.2.0.2
+VETH_MONITOR_ADDRESS_INNER_DST=10.2.0.3
+
+create_namespace()
+{
+    MONITORED_INTERFACE=$1
+    VETH_MONITOR=$2
+    VETH_MONITOR_MAC_INNER=$3
+    VETH_MONITOR_MAC_OUTER=$4
+    VETH_MONITOR_NAMESPACE=$5
+    VETH_MONITOR_MASK=$6
+    VETH_MONITOR_NET=$7
+    VETH_MONITOR_ADDRESS_INNER=$8
+    VETH_MONITOR_ADDRESS_OUTER=$9
+
+    if [ $VETH_MONITOR == "true" ]; then
+        # Create veth pair.
+        MONITORED_INTERFACE_OUTER=${MONITORED_INTERFACE}_outer
+        MONITORED_INTERFACE_INNER=${MONITORED_INTERFACE}_inner
+        sudo ip link add name $MONITORED_INTERFACE_INNER type veth peer name $MONITORED_INTERFACE_OUTER
+        # Allocate predetermined MACs.
+        sudo ip link set dev $MONITORED_INTERFACE_INNER address $VETH_MONITOR_MAC_INNER
+        sudo ip link set dev $MONITORED_INTERFACE_OUTER address $VETH_MONITOR_MAC_OUTER
+        # Create namespace.
+        sudo ip netns add $VETH_MONITOR_NAMESPACE
+        # Add interface to namespace.
+        sudo ip link set dev $MONITORED_INTERFACE_OUTER netns $VETH_MONITOR_NAMESPACE
+        # Bring interfaces up.
+        sudo ip link set dev $MONITORED_INTERFACE_INNER up
+        sudo ip netns exec $VETH_MONITOR_NAMESPACE ip link set dev $MONITORED_INTERFACE_OUTER up
+        # Assign IP addresses
+        sudo ip netns exec $VETH_MONITOR_NAMESPACE ip addr add $VETH_MONITOR_ADDRESS_OUTER/$VETH_MONITOR_MASK dev $MONITORED_INTERFACE_OUTER
+        sudo ip addr add $VETH_MONITOR_ADDRESS_INNER/$VETH_MONITOR_MASK dev $MONITORED_INTERFACE_INNER
+        MONITORED_INTERFACE=$MONITORED_INTERFACE_INNER
+    fi
+}
+
+# Create namespace for destination node.
+create_namespace $MONITORED_INTERFACE_DST        \
+                 $VETH_MONITOR_DST               \
+                 $VETH_MONITOR_MAC_INNER_DST     \
+                 $VETH_MONITOR_MAC_OUTER_DST     \
+                 $VETH_MONITOR_NAMESPACE_DST     \
+                 $VETH_MONITOR_MASK_DST          \
+                 $VETH_MONITOR_NET_DST           \
+                 $VETH_MONITOR_ADDRESS_INNER_DST \
+                 $VETH_MONITOR_ADDRESS_OUTER_DST
diff --git a/netns/remove_namespace.sh b/netns/remove_namespace.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+MONITORED_INTERFACE_DST=mdst
+
+# For a veth interface as monitor
+VETH_MONITOR_DST=true
+VETH_MONITOR_NAMESPACE_DST=mdst
+VETH_MONITOR_MAC_INNER_DST=22:22:22:00:00:00
+VETH_MONITOR_MAC_OUTER_DST=44:44:44:00:00:00
+VETH_MONITOR_NET_DST=10.2.0.0
+VETH_MONITOR_MASK_DST=16
+VETH_MONITOR_MASK_LONG_DST=255.255.0.0
+VETH_MONITOR_ADDRESS_OUTER_DST=10.2.0.2
+VETH_MONITOR_ADDRESS_INNER_DST=10.2.0.3
+
+remove_namespace() {
+    MONITORED_INTERFACE=$1
+    VETH_MONITOR=$2
+    VETH_MONITOR_MAC_INNER=$3
+    VETH_MONITOR_MAC_OUTER=$4
+    VETH_MONITOR_NAMESPACE=$5
+    VETH_MONITOR_MASK=$6
+    VETH_MONITOR_NET=$7
+    VETH_MONITOR_ADDRESS_INNER=$8
+    VETH_MONITOR_ADDRESS_OUTER=$9
+
+    if [ $VETH_MONITOR == "true" ]; then
+        MONITORED_INTERFACE_OUTER=${MONITORED_INTERFACE}_outer
+        MONITORED_INTERFACE_INNER=${MONITORED_INTERFACE}_inner
+        # Bring interfaces down.
+        sudo ip link set dev $MONITORED_INTERFACE_INNER down
+        sudo ip netns exec $VETH_MONITOR_NAMESPACE ip link set dev $MONITORED_INTERFACE_OUTER down
+        # Flush interfaces.
+        sudo ip netns exec $VETH_MONITOR_NAMESPACE ip addr flush dev $MONITORED_INTERFACE_OUTER
+        sudo ip addr flush dev $MONITORED_INTERFACE_INNER
+        # Remove interface link.
+        sudo ip link del $MONITORED_INTERFACE_INNER
+        # Remove namespace.
+        #sudo ip netns exec $VETH_MONITOR_NAMESPACE ip link set dev $MONITORED_INTERFACE_OUTER netns 1
+        sudo ip netns del $VETH_MONITOR_NAMESPACE
+        MONITORED_INTERFACE=$MONITORED_INTERFACE_INNER
+    fi
+}
+
+# Remove namespace for destination node.
+remove_namespace $MONITORED_INTERFACE_DST        \
+                 $VETH_MONITOR_DST               \
+                 $VETH_MONITOR_MAC_INNER_DST     \
+                 $VETH_MONITOR_MAC_OUTER_DST     \
+                 $VETH_MONITOR_NAMESPACE_DST     \
+                 $VETH_MONITOR_MASK_DST          \
+                 $VETH_MONITOR_NET_DST           \
+                 $VETH_MONITOR_ADDRESS_INNER_DST \
+                 $VETH_MONITOR_ADDRESS_OUTER_DST
diff --git a/netns/run_tcpdump.sh b/netns/run_tcpdump.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+echo "Start tcpdump."
+sudo ip netns exec mdst tcpdump -i mdst_outer -e -U -w ping.pcap > /dev/null 2>&1 &
+
+echo -n "Sleeping for 5 seconds ..."
+sleep 5
+echo
+
+# Send some pings; we don't care about the ping output.
+echo -n "Pinging for 5 seconds ..."
+sudo ip netns exec mdst ping -c 5 10.2.0.3 > /dev/null
+echo
+
+# Stop tcpdump.
+echo "Stop tcpdump process (send SIGINT)."
+sudo kill -INT $!
+
+# Print captured packets.
+sleep 2
+echo
+echo
+echo "Packets captured:"
+sudo tcpdump -r ping.pcap