-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathscion
executable file
·337 lines (294 loc) · 12.5 KB
/
scion
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
#!/bin/bash
# Copyright (c) 2022 Lars-Christian Schulz
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
SCRIPT_DIR=$(dirname "$(readlink -f "$0")")
PROJECT_DIR=$(readlink -f "$SCRIPT_DIR/..")
DOCKER_IMAGE=scion_host:latest
COMPOSE_FILE=$SCRIPT_DIR/docker-compose-star.yaml
COMPOSE_PROJECT=xdp-br
SCION_ROOT=${SCION_ROOT:="$HOME/scion"}
SCION_APPS=${SCION_APPS:="$HOME/scion-apps"}
# Export paths so they are visible in the compose file
export PROJECT_DIR
export TOPO_DIR=${PWD}
export BUILD_DIR=${PROJECT_DIR}/build
export SCION_ROOT
export SCION_APPS
. helper.bash
# Disable UDP checksum offload on all interfaces.
disable_checksum_offload() {
sudo ip netns exec as1br1 ethtool --offload veth0 rx off tx off > /dev/null
sudo ip netns exec as1br2 ethtool --offload veth1 rx off tx off > /dev/null
sudo ip netns exec as1br2 ethtool --offload veth2 rx off tx off > /dev/null
sudo ip netns exec as1br3 ethtool --offload veth3 rx off tx off > /dev/null
sudo ip netns exec as1br3 ethtool --offload veth4 rx off tx off > /dev/null
sudo ip netns exec as1br4 ethtool --offload veth5 rx off tx off > /dev/null
sudo ip netns exec as1br4 ethtool --offload veth6 rx off tx off > /dev/null
sudo ip netns exec as1br1 ethtool --offload veth7 rx off tx off > /dev/null
sudo ip netns exec as1br1 ethtool --offload veth8 rx off tx off > /dev/null
sudo ip netns exec as2 ethtool --offload veth9 rx off tx off > /dev/null
sudo ip netns exec as1br2 ethtool --offload veth10 rx off tx off > /dev/null
sudo ip netns exec as3 ethtool --offload veth11 rx off tx off > /dev/null
sudo ip netns exec as1br2 ethtool --offload veth12 rx off tx off > /dev/null
sudo ip netns exec as4 ethtool --offload veth13 rx off tx off > /dev/null
sudo ip netns exec as1br3 ethtool --offload veth14 rx off tx off > /dev/null
sudo ip netns exec as5 ethtool --offload veth15 rx off tx off > /dev/null
sudo ip netns exec as1br4 ethtool --offload veth16 rx off tx off > /dev/null
sudo ip netns exec as6 ethtool --offload veth17 rx off tx off > /dev/null
sudo ip netns exec as1br4 ethtool --offload veth18 rx off tx off > /dev/null
sudo ip netns exec as7 ethtool --offload veth19 rx off tx off > /dev/null
}
# Load a pass-through program on interfaces that would otherwise not have an XDP program and
# therefore could not received packets passed from another XDP program.
load_xdp_pass() {
local XDP_PASS=${BUILD_DIR}/xdp_pass/xdp_pass.c.o
sudo ip netns exec as2 ip link set dev veth9 xdp object "${XDP_PASS}" section xdp
sudo ip netns exec as3 ip link set dev veth11 xdp object "${XDP_PASS}" section xdp
sudo ip netns exec as4 ip link set dev veth13 xdp object "${XDP_PASS}" section xdp
sudo ip netns exec as5 ip link set dev veth15 xdp object "${XDP_PASS}" section xdp
sudo ip netns exec as6 ip link set dev veth17 xdp object "${XDP_PASS}" section xdp
sudo ip netns exec as7 ip link set dev veth19 xdp object "${XDP_PASS}" section xdp
}
# Configure internal routing in AS 1-ff00:0:1.
set_as1_routes() {
# BR 1
sudo ip netns exec as1br1 sysctl -w net.ipv4.ip_forward=1
# Destination BR 2
sudo ip netns exec as1br1 ip route replace 10.2.0.2/32 \
nexthop via 10.2.0.1 dev veth0
# Destination BR 4
sudo ip netns exec as1br1 ip route replace 10.2.0.5/32 \
nexthop via 10.2.0.6 dev veth7
# Destination BR 3
sudo ip netns exec as1br1 ip route replace 10.2.0.3/32 \
nexthop via 10.2.0.1 dev veth0 weight 1 \
nexthop via 10.2.0.6 dev veth7 weight 1
sudo ip netns exec as1br1 ip route replace 10.2.0.4/32 \
nexthop via 10.2.0.1 dev veth0 weight 1 \
nexthop via 10.2.0.6 dev veth7 weight 1
# BR 2
sudo ip netns exec as1br2 sysctl -w net.ipv4.ip_forward=1
# Destination BR 1
sudo ip netns exec as1br2 ip route replace 10.2.0.7/32 \
nexthop via 10.2.0.0 dev veth1
# Destination BR 3
sudo ip netns exec as1br2 ip route replace 10.2.0.4/32 \
nexthop via 10.2.0.3 dev veth2
# Destination BR 4
sudo ip netns exec as1br2 ip route replace 10.2.0.5/32 \
nexthop via 10.2.0.0 dev veth1 weight 1 \
nexthop via 10.2.0.3 dev veth2 weight 1
sudo ip netns exec as1br2 ip route replace 10.2.0.6/32 \
nexthop via 10.2.0.0 dev veth1 weight 1 \
nexthop via 10.2.0.3 dev veth2 weight 1
# BR 3
sudo ip netns exec as1br3 sysctl -w net.ipv4.ip_forward=1
# Destination BR 2
sudo ip netns exec as1br3 ip route replace 10.2.0.1/32 \
nexthop via 10.2.0.2 dev veth3
# Destination BR 4
sudo ip netns exec as1br3 ip route replace 10.2.0.6/32 \
nexthop via 10.2.0.5 dev veth4
# Destination BR 1
sudo ip netns exec as1br3 ip route replace 10.2.0.0/32 \
nexthop via 10.2.0.2 dev veth3 weight 1 \
nexthop via 10.2.0.5 dev veth4 weight 1
sudo ip netns exec as1br3 ip route replace 10.2.0.7/32 \
nexthop via 10.2.0.2 dev veth3 weight 1 \
nexthop via 10.2.0.5 dev veth4 weight 1
# BR 4
sudo ip netns exec as1br4 sysctl -w net.ipv4.ip_forward=1
# Destination BR 3
sudo ip netns exec as1br4 ip route replace 10.2.0.3/32 \
nexthop via 10.2.0.4 dev veth5
# Destination BR 1
sudo ip netns exec as1br4 ip route replace 10.2.0.0/32 \
nexthop via 10.2.0.7 dev veth6
# Destination BR 2
sudo ip netns exec as1br4 ip route replace 10.2.0.1/32 \
nexthop via 10.2.0.4 dev veth5 weight 1 \
nexthop via 10.2.0.7 dev veth6 weight 1
sudo ip netns exec as1br4 ip route replace 10.2.0.2/32 \
nexthop via 10.2.0.4 dev veth5 weight 1 \
nexthop via 10.2.0.7 dev veth6 weight 1
}
##############
## Commands ##
##############
cmd_build_image() {
# Build docker image
docker build --build-arg SCION_UID=$(id -u $LOGNAME) --build-arg SCION_GID=$(id -g $LOGNAME) \
-t ${DOCKER_IMAGE} ./scion_host
}
cmd_run() {
if [[ "$(docker images -q ${DOCKER_IMAGE} 2> /dev/null)" == "" ]]; then
cmd_build
fi
set -e
sudo -v
# Create local topology
pushd $SCION_ROOT
./scion.sh bazel_remote
./scion.sh topology -c "$SCRIPT_DIR/topologies/star.yaml"
popd
rm -f "$SCION_ROOT/gen/links_ready"
# Rewrite AS ff00:0:1 internal network IPs
set_control_addr 1-ff00:0:1 10.2.0.0:31000
set_br_internal_addr 1-ff00:0:1 br1-ff00_0_1-1 10.2.0.0:31002
set_br_internal_addr 1-ff00:0:1 br1-ff00_0_1-2 10.2.0.2:31004
set_br_internal_addr 1-ff00:0:1 br1-ff00_0_1-3 10.2.0.4:31006
set_br_internal_addr 1-ff00:0:1 br1-ff00_0_1-4 10.2.0.6:31008
# Rewrite BR interface IPs
set_link_underlay 1-ff00:0:1 10.1.0.1:50000 1-ff00:0:2 10.1.0.2:50000
set_link_underlay 1-ff00:0:1 10.1.1.1:50000 1-ff00:0:3 10.1.1.2:50000
set_link_underlay 1-ff00:0:1 10.1.2.1:50000 1-ff00:0:4 10.1.2.2:50000
set_link_underlay 1-ff00:0:1 10.1.3.1:50000 1-ff00:0:5 10.1.3.2:50000
set_link_underlay 1-ff00:0:1 10.1.4.1:50000 1-ff00:0:6 10.1.4.2:50000
set_link_underlay 1-ff00:0:1 10.1.5.1:50000 1-ff00:0:7 10.1.5.2:50000
# For convenience: Set scion daemon address to default value
for i in {1..7}
do
set_scion_daemon_address ASff00_0_$i 127.0.0.1:30255
done
# Split ASff00:0:1 into four program groups
ed "${SCION_ROOT}/gen/supervisord.conf" << EOF
/^\[group:as1-ff00_0_1]/
.,+1d
i
[group:as1-ff00_0_1_BR1]
programs = br1-ff00_0_1-1,cs1-ff00_0_1-1,sd1-ff00_0_1
[group:as1-ff00_0_1_BR2]
programs = br1-ff00_0_1-2,sd1-ff00_0_1
[group:as1-ff00_0_1_BR3]
programs = br1-ff00_0_1-3,sd1-ff00_0_1
[group:as1-ff00_0_1_BR4]
programs = br1-ff00_0_1-4,sd1-ff00_0_1
.
w
q
EOF
# Run topology using docker-compose
rm -f "$SCION_ROOT/logs/*"
docker-compose -f "$COMPOSE_FILE" -p $COMPOSE_PROJECT up -d
# Mount network namespaces of the containers
for i in {1..4}
do
mount_netns as1br$i
done
for i in {2..7}
do
mount_netns as$i
done
# Create AS 1 internal links
create_veth veth0 as1br1 10.2.0.0/31 veth1 as1br2 10.2.0.1/31
create_veth veth2 as1br2 10.2.0.2/31 veth3 as1br3 10.2.0.3/31
create_veth veth4 as1br3 10.2.0.4/31 veth5 as1br4 10.2.0.5/31
create_veth veth6 as1br4 10.2.0.6/31 veth7 as1br1 10.2.0.7/31
# Create links to other ASes
create_veth veth8 as1br1 10.1.0.1/24 veth9 as2 10.1.0.2/24
create_veth veth10 as1br2 10.1.1.1/24 veth11 as3 10.1.1.2/24
create_veth veth12 as1br2 10.1.2.1/24 veth13 as4 10.1.2.2/24
create_veth veth14 as1br3 10.1.3.1/24 veth15 as5 10.1.3.2/24
create_veth veth16 as1br4 10.1.4.1/24 veth17 as6 10.1.4.2/24
create_veth veth18 as1br4 10.1.5.1/24 veth19 as7 10.1.5.2/24
# Configure links and routing tables
disable_checksum_offload
load_xdp_pass
set_as1_routes
# Signal containers to start SCION
echo '1' > "$SCION_ROOT/gen/links_ready"
}
cmd_stop() {
# Detach XDP border router
cmd_detach_xdp
# Delete Docker containers and networks
docker-compose -f "$COMPOSE_FILE" -p $COMPOSE_PROJECT down
for i in {1..4}
do
umount_netns as1br$i
done
for i in {2..7}
do
umount_netns as$i
done
}
cmd_attach_xdp() {
docker exec -u root as1br1 bash -c \
"../bpf/br/br-loader attach ../bpf/br/xdp_br.o ../br_config/br1.toml veth8 veth0 veth7"
docker exec -u root as1br2 bash -c \
"../bpf/br/br-loader attach ../bpf/br/xdp_br.o ../br_config/br2.toml veth10 veth12 veth1 veth2"
docker exec -u root as1br3 bash -c \
"../bpf/br/br-loader attach ../bpf/br/xdp_br.o ../br_config/br3.toml veth14 veth3 veth4"
docker exec -u root as1br4 bash -c \
"../bpf/br/br-loader attach ../bpf/br/xdp_br.o ../br_config/br4.toml veth16 veth18 veth5 veth6"
}
cmd_detach_xdp() {
docker exec -u root as1br1 bash -c \
"../bpf/br/br-loader detach veth8 veth0 veth7"
docker exec -u root as1br2 bash -c \
"../bpf/br/br-loader detach veth10 veth12 veth1 veth2"
docker exec -u root as1br3 bash -c \
"../bpf/br/br-loader detach veth14 veth3 veth4"
docker exec -u root as1br4 bash -c \
"../bpf/br/br-loader detach veth16 veth18 veth5 veth6"
}
cmd_set_key() {
sudo "$BUILD_DIR/br/br-loader" key add br1-ff00_0_1-1 0 $1
sudo "$BUILD_DIR/br/br-loader" key add br1-ff00_0_1-2 0 $1
sudo "$BUILD_DIR/br/br-loader" key add br1-ff00_0_1-3 0 $1
sudo "$BUILD_DIR/br/br-loader" key add br1-ff00_0_1-4 0 $1
}
cmd_watch() {
docker exec -it -u root "$1" bash -c "../bpf/br/br-loader watch $2 $3"
}
cmd_logs() {
docker-compose logs
}
cmd_enter() {
docker exec -it $1 bash -l
}
cmd_clean() {
rm -rf $SCION_ROOT/gen* $SCION_ROOT/logs $SCION_ROOT/traces
# Delete pinned maps
sudo rm -rf /sys/fs/bpf/br1-ff00_0_1-1 /sys/fs/bpf/br1-ff00_0_1-2
sudo rm -rf /sys/fs/bpf/br1-ff00_0_1-3 /sys/fs/bpf/br1-ff00_0_1-4
}
#################
## Entry point ##
#################
HELP_MESSAGE="Usage: ./scion <command>
Commands:
- build_image : Build the SCION Docker image
- run : Run the topology
- attach_xdp : Attach the BPF border routers
- detach_xdp : Detach the BPF border routers
- set_key <key> : Set MAC verification key
- watch <cnt> <br> <if> : Watch BR statistics
- logs : Show docker-compose logs
- enter <cnt> : Start an interactive shell in the given container
- stop : Stop the topology and remove the containers and networks
- clean : Delete generated files and unpin BPF maps"
COMMAND=$1
shift
case "$COMMAND" in
build_image|run|stop|attach_xdp|detach_xdp|set_key|watch|logs|enter|clean)
"cmd_$COMMAND" "$@" ;;
*) echo "$HELP_MESSAGE"; exit 1 ;;
esac