Created
July 8, 2023 10:13
-
-
Save PinkD/44ddd6198c6c3f02733d15ae4c500731 to your computer and use it in GitHub Desktop.
setup a netns and connect to host network with veth
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| netns=proxy | |
| veth=veth-proxy | |
| host_addr="172.16.233.1/24" | |
| ns_addr="172.16.233.2/24" | |
| user=$(whoami) | |
| help() { | |
| cat <<EOF | |
| setup a netns and connect to host network with veth. | |
| you can add \`ip rule\` to proxy all the traffic in this netns. | |
| usage: | |
| $0 [option] command | |
| options: | |
| -h, --help show help | |
| -n, --netns netns name | |
| -i, --veth-interface veth interface name on host network | |
| -u, --user username(default is current user) | |
| --host-addr host interface address | |
| --ns-addr netns interface address | |
| commands: | |
| setup, init setup netns | |
| destroy destroy netns | |
| enter, exec, run enter netns, will call setup if not setup | |
| EOF | |
| } | |
| set -e | |
| OPTS=$(getopt -n "$0" -o "hn:i:u:-" -l "help,netns,veth-interface,user,host-addr,ns-addr" -- "$@") | |
| eval set -- "$OPTS" | |
| while true; do | |
| case $1 in | |
| -n | --netns) | |
| netns=$2 | |
| shift 2 | |
| ;; | |
| -i | --veth-interface) | |
| veth=$2 | |
| shift 2 | |
| ;; | |
| -u | --user) | |
| user=$2 | |
| shift 2 | |
| ;; | |
| --host-addr) | |
| host_addr=$2 | |
| shift 2 | |
| ;; | |
| --ns-addr) | |
| ns_addr=$2 | |
| shift 2 | |
| ;; | |
| -h | --help) | |
| help | |
| exit | |
| ;; | |
| --) | |
| # end of options | |
| shift | |
| break | |
| ;; | |
| esac | |
| done | |
| _a=(${host_addr//// }) | |
| default_route=${_a[0]} | |
| # debug msg | |
| # | |
| # echo "netns: $netns" | |
| # echo "veth: $veth" | |
| # echo "user: $user" | |
| # echo "host_addr: $host_addr" | |
| # echo "ns_addr: $ns_addr" | |
| # echo "default_route: $default_route" | |
| # echo "extra args: $@" | |
| if [[ "$UID" -ne 0 ]]; then | |
| exec sudo "$0" -u "$user" "$@" | |
| fi | |
| ip() { | |
| echo "[#] ip" "$@" | |
| command ip "$@" | |
| } | |
| ipns() { | |
| ip -n "$netns" "$@" | |
| } | |
| ipnsexec() { | |
| ip netns exec "$netns" "$@" | |
| } | |
| setup() { | |
| [ -f "/run/netns/$netns" ] && exit | |
| ip netns add "$netns" | |
| ip link add "$veth" type veth peer name eth0 netns "$netns" | |
| ip link set "$veth" up | |
| ipns link set eth0 up | |
| ip addr add "$host_addr" dev "$veth" | |
| ipns addr add "$ns_addr" dev eth0 | |
| ipns route add default via "$default_route" | |
| } | |
| destroy() { | |
| [ -f "/run/netns/$netns" ] && ip netns del "$netns" | |
| } | |
| enter() { | |
| [ ! -f "/run/netns/$netns" ] && setup | |
| # TODO: add venv note to PS1 | |
| ipnsexec sudo -Es -u "$user" | |
| } | |
| case $1 in | |
| setup | init) | |
| setup | |
| ;; | |
| destroy) | |
| destroy | |
| ;; | |
| enter | exec | run) | |
| enter | |
| ;; | |
| *) | |
| help | |
| exit | |
| ;; | |
| esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
setup route, then all your traffic in this netns is under proxy: