packet laundering

laundry.sh

#! /bin/bash
until (ifconfig cbr0); do
    echo waiting for cbr0
    sleep 1
done
CIDR_PREFIX="$(ifconfig cbr0 | grep inet | awk '{print $2}' | awk -F ':' '{print $2}' | awk -F '.' '{print $1"."$2"."$3}')"
echo found CIDR prefix: $CIDR_PREFIX

ip netns add k8s_hairpin_workaround
echo created packet laundering netns k8s_hairpin_workaround

R=$RANDOM
ip link add k8s_reflector type veth peer name k8s_veth$R
echo created veth pain: k8s_reflector - k8s_veth$R

ip addr add dev k8s_reflector 169.254.169.169/30
ip link set dev k8s_reflector up
ip link set k8s_veth$R netns k8s_hairpin_workaround
echo set one leg of veth pair \(k8s_veth$R\) inside k8s_hairpin_workaround the other end is in host namespace \(k8s_reflector\) with ip 169.254.169.169/30

ip netns exec k8s_hairpin_workaround ip link set dev k8s_veth$R name eth0
ip netns exec k8s_hairpin_workaround ip addr add dev eth0 169.254.169.170/30
ip netns exec k8s_hairpin_workaround ip link set dev eth0 up
ip netns exec k8s_hairpin_workaround ip route add default via 169.254.169.169
echo renamed k8s_veth$R to eth0 in netns and assigned it an ip from the 169.254.169.169/30 in the host ns

# Make the packet-launderer just reflect packets back to the sender.
# TODO: set (seq 0 255) based on subnet.
for i in $(seq 0 255); do
    cmd="iptables -t nat -A PREROUTING -s $CIDR_PREFIX.$i -j DNAT --to-destination=$CIDR_PREFIX.$i"
    echo "${cmd}"
    ip netns exec k8s_hairpin_workaround bash -c "${cmd}"
done
ip netns exec k8s_hairpin_workaround iptables -t nat -A POSTROUTING -j MASQUERADE
echo added refletor rules to DNAT source $CIDR_PREFIX to destination $CIDR_PREFIX, and MASQUERADE so source is reset to eth0 ip: 169.254.169.170/30