diff options
Diffstat (limited to 'vnfs/vFW/scripts')
-rw-r--r-- | vnfs/vFW/scripts/.DS_Store | bin | 0 -> 6148 bytes | |||
-rwxr-xr-x | vnfs/vFW/scripts/run_traffic_fw_demo.sh | 13 | ||||
-rw-r--r-- | vnfs/vFW/scripts/v_firewall_init.sh | 47 | ||||
-rw-r--r-- | vnfs/vFW/scripts/v_packetgen_init.sh | 61 | ||||
-rw-r--r-- | vnfs/vFW/scripts/v_sink_init.sh | 7 | ||||
-rw-r--r-- | vnfs/vFW/scripts/vfirewall.sh | 98 | ||||
-rw-r--r-- | vnfs/vFW/scripts/vpacketgen.sh | 98 | ||||
-rw-r--r-- | vnfs/vFW/scripts/vsink.sh | 98 |
8 files changed, 422 insertions, 0 deletions
diff --git a/vnfs/vFW/scripts/.DS_Store b/vnfs/vFW/scripts/.DS_Store Binary files differnew file mode 100644 index 00000000..e97f86f1 --- /dev/null +++ b/vnfs/vFW/scripts/.DS_Store diff --git a/vnfs/vFW/scripts/run_traffic_fw_demo.sh b/vnfs/vFW/scripts/run_traffic_fw_demo.sh new file mode 100755 index 00000000..b7a356e4 --- /dev/null +++ b/vnfs/vFW/scripts/run_traffic_fw_demo.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +curl -X PUT -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -H "Postman-Token: 9005870c-900b-2e2e-0902-ef2009bb0ff7" -d '{"pg-streams":{"pg-stream": [{"id":"fw_udp1", "is-enabled":"true"},{"id":"fw_udp2", "is-enabled":"true"},{"id":"fw_udp3", "is-enabled":"true"},{"id":"fw_udp4", "is-enabled":"true"},{"id":"fw_udp5", "is-enabled":"true"}]}}' "http://localhost:8183/restconf/config/sample-plugin:sample-plugin/pg-streams" + +sleep 300 + +while [ 1 ] +do +curl -X PUT -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -H "Postman-Token: 9005870c-900b-2e2e-0902-ef2009bb0ff7" -d '{"pg-streams":{"pg-stream": [{"id":"fw_udp1", "is-enabled":"true"},{"id":"fw_udp2", "is-enabled":"true"},{"id":"fw_udp3", "is-enabled":"true"},{"id":"fw_udp4", "is-enabled":"true"},{"id":"fw_udp5", "is-enabled":"true"},{"id":"fw_udp6", "is-enabled":"true"},{"id":"fw_udp7", "is-enabled":"true"},{"id":"fw_udp8", "is-enabled":"true"},{"id":"fw_udp9", "is-enabled":"true"},{"id":"fw_udp10", "is-enabled":"true"}]}}' "http://localhost:8183/restconf/config/sample-plugin:sample-plugin/pg-streams" +sleep 300 +curl -X PUT -H "Authorization: Basic YWRtaW46YWRtaW4=" -H "Content-Type: application/json" -H "Cache-Control: no-cache" -H "Postman-Token: 9005870c-900b-2e2e-0902-ef2009bb0ff7" -d '{"pg-streams":{"pg-stream": [{"id":"fw_udp1", "is-enabled":"true"}]}}' "http://localhost:8183/restconf/config/sample-plugin:sample-plugin/pg-streams" +sleep 300 +done diff --git a/vnfs/vFW/scripts/v_firewall_init.sh b/vnfs/vFW/scripts/v_firewall_init.sh new file mode 100644 index 00000000..fe16cef5 --- /dev/null +++ b/vnfs/vFW/scripts/v_firewall_init.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +# Start VPP +start vpp +sleep 1 + +# Configure VPP for vFirewall +IPADDR1=$(ifconfig eth1 | grep "inet addr" | tr -s ' ' | cut -d' ' -f3 | cut -d':' -f2) +IPADDR2=$(ifconfig eth2 | grep "inet addr" | tr -s ' ' | cut -d' ' -f3 | cut -d':' -f2) +HWADDR1=$(ifconfig eth1 | grep HWaddr | tr -s ' ' | cut -d' ' -f5) +HWADDR2=$(ifconfig eth2 | grep HWaddr | tr -s ' ' | cut -d' ' -f5) +FAKE_HWADDR1=$(echo -n 00; dd bs=1 count=5 if=/dev/urandom 2>/dev/null | hexdump -v -e '/1 ":%02X"') +FAKE_HWADDR2=$(echo -n 00; dd bs=1 count=5 if=/dev/urandom 2>/dev/null | hexdump -v -e '/1 ":%02X"') + +ifconfig eth1 down +ifconfig eth2 down +ifconfig eth1 hw ether $FAKE_HWADDR1 +ifconfig eth2 hw ether $FAKE_HWADDR2 +ip addr flush dev eth1 +ip addr flush dev eth2 +ifconfig eth1 up +ifconfig eth2 up +vppctl tap connect tap111 hwaddr $HWADDR1 +vppctl tap connect tap222 hwaddr $HWADDR2 +vppctl set int ip address tap-0 $IPADDR1"/24" +vppctl set int ip address tap-1 $IPADDR2"/24" +vppctl set int state tap-0 up +vppctl set int state tap-1 up +brctl addbr br0 +brctl addif br0 tap111 +brctl addif br0 eth1 +brctl addbr br1 +brctl addif br1 tap222 +brctl addif br1 eth2 +ifconfig br0 up +ifconfig br1 up +sleep 1 + +# Start HoneyComb +echo "" > /var/lib/honeycomb/persist/context/data.json +echo "" > /var/lib/honeycomb/persist/config/data.json +/opt/honeycomb/sample-distribution-1.0.0/honeycomb &>/dev/null &disown +sleep 1 + +# Start VES client +cd /opt/VES/code/evel_training/VESreporting/ +./go-client.sh &>/dev/null &disown diff --git a/vnfs/vFW/scripts/v_packetgen_init.sh b/vnfs/vFW/scripts/v_packetgen_init.sh new file mode 100644 index 00000000..68469663 --- /dev/null +++ b/vnfs/vFW/scripts/v_packetgen_init.sh @@ -0,0 +1,61 @@ +#!/bin/bash + +# Start VPP +start vpp +sleep 1 + +# Configure VPP for vPacketGenerator +IPADDR1=$(ifconfig eth1 | grep "inet addr" | tr -s ' ' | cut -d' ' -f3 | cut -d':' -f2) +HWADDR1=$(ifconfig eth1 | grep HWaddr | tr -s ' ' | cut -d' ' -f5) +FAKE_HWADDR1=$(echo -n 00; dd bs=1 count=5 if=/dev/urandom 2>/dev/null | hexdump -v -e '/1 ":%02X"') +PROTECTED_NET_CIDR=$(cat /opt/config/protected_net_cidr.txt) +FW_IPADDR=$(cat /opt/config/fw_ipaddr.txt) +SINK_IPADDR=$(cat /opt/config/sink_ipaddr.txt) + +ifconfig eth1 down +ifconfig eth1 hw ether $FAKE_HWADDR1 +ip addr flush dev eth1 +ifconfig eth1 up +vppctl tap connect tap111 hwaddr $HWADDR1 +vppctl set int ip address tap-0 $IPADDR1"/24" +vppctl set int state tap-0 up +brctl addbr br0 +brctl addif br0 tap111 +brctl addif br0 eth1 +ifconfig br0 up +vppctl ip route add $PROTECTED_NET_CIDR via $FW_IPADDR +sleep 1 + +# Install packet streams +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp1 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp2 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp3 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp4 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp5 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp6 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp7 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp8 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp9 +sed -i -e "0,/UDP/ s/UDP:.*/UDP: "$IPADDR1" -> "$SINK_IPADDR"/" /opt/pg_streams/stream_fw_udp10 +vppctl exec /opt/pg_streams/stream_fw_udp1 +vppctl exec /opt/pg_streams/stream_fw_udp2 +vppctl exec /opt/pg_streams/stream_fw_udp3 +vppctl exec /opt/pg_streams/stream_fw_udp4 +vppctl exec /opt/pg_streams/stream_fw_udp5 +vppctl exec /opt/pg_streams/stream_fw_udp6 +vppctl exec /opt/pg_streams/stream_fw_udp7 +vppctl exec /opt/pg_streams/stream_fw_udp8 +vppctl exec /opt/pg_streams/stream_fw_udp9 +vppctl exec /opt/pg_streams/stream_fw_udp10 +sleep 1 + +# Start HoneyComb +echo "" > /var/lib/honeycomb/persist/context/data.json +echo "" > /var/lib/honeycomb/persist/config/data.json +/opt/honeycomb/sample-distribution-1.0.0/honeycomb &>/dev/null &disown +sleep 20 + +# Enable traffic flows +cd /opt +chmod +x run_traffic_fw_demo.sh +./run_traffic_fw_demo.sh &>/dev/null &disown diff --git a/vnfs/vFW/scripts/v_sink_init.sh b/vnfs/vFW/scripts/v_sink_init.sh new file mode 100644 index 00000000..16a67508 --- /dev/null +++ b/vnfs/vFW/scripts/v_sink_init.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Set the IP address of the protected network interface of the vFirewall as a default gateway to the unprotected network +PROTECTED_NET_GW=$(cat /opt/config/protected_net_gw.txt) +UNPROTECTED_NET=$(cat /opt/config/unprotected_net.txt) + +route add -net $UNPROTECTED_NET netmask 255.255.255.0 gw $PROTECTED_NET_GW diff --git a/vnfs/vFW/scripts/vfirewall.sh b/vnfs/vFW/scripts/vfirewall.sh new file mode 100644 index 00000000..0c57d733 --- /dev/null +++ b/vnfs/vFW/scripts/vfirewall.sh @@ -0,0 +1,98 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start daemon at boot time +# Description: Enable service provided by daemon. +### END INIT INFO + +dir="/opt" +cmd="./v_firewall_init.sh" +user="root" + +name=`basename $0` +pid_file="/var/run/$name.pid" +stdout_log="/var/log/$name.log" +stderr_log="/var/log/$name.err" + +get_pid() { + cat "$pid_file" +} + +is_running() { + [ -f "$pid_file" ] && ps `get_pid` > /dev/null 2>&1 +} + +case "$1" in + start) + if is_running; then + echo "Already started" + else + echo "Starting $name" + cd "$dir" + if [ -z "$user" ]; then + sudo $cmd >> "$stdout_log" 2>> "$stderr_log" & + else + sudo -u "$user" $cmd >> "$stdout_log" 2>> "$stderr_log" & + fi + echo $! > "$pid_file" + if ! is_running; then + echo "Unable to start, see $stdout_log and $stderr_log" + exit 1 + fi + fi + ;; + stop) + if is_running; then + echo -n "Stopping $name.." + kill `get_pid` + for i in {1..10} + do + if ! is_running; then + break + fi + + echo -n "." + sleep 1 + done + echo + + if is_running; then + echo "Not stopped; may still be shutting down or shutdown may have failed" + exit 1 + else + echo "Stopped" + if [ -f "$pid_file" ]; then + rm "$pid_file" + fi + fi + else + echo "Not running" + fi + ;; + restart) + $0 stop + if is_running; then + echo "Unable to stop, will not attempt to start" + exit 1 + fi + $0 start + ;; + status) + if is_running; then + echo "Running" + else + echo "Stopped" + exit 1 + fi + ;; + *) + echo "Usage: $0 {start|stop|restart|status}" + exit 1 + ;; +esac + +exit 0 diff --git a/vnfs/vFW/scripts/vpacketgen.sh b/vnfs/vFW/scripts/vpacketgen.sh new file mode 100644 index 00000000..bd1178a0 --- /dev/null +++ b/vnfs/vFW/scripts/vpacketgen.sh @@ -0,0 +1,98 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start daemon at boot time +# Description: Enable service provided by daemon. +### END INIT INFO + +dir="/opt" +cmd="./v_packetgen_init.sh" +user="root" + +name=`basename $0` +pid_file="/var/run/$name.pid" +stdout_log="/var/log/$name.log" +stderr_log="/var/log/$name.err" + +get_pid() { + cat "$pid_file" +} + +is_running() { + [ -f "$pid_file" ] && ps `get_pid` > /dev/null 2>&1 +} + +case "$1" in + start) + if is_running; then + echo "Already started" + else + echo "Starting $name" + cd "$dir" + if [ -z "$user" ]; then + sudo $cmd >> "$stdout_log" 2>> "$stderr_log" & + else + sudo -u "$user" $cmd >> "$stdout_log" 2>> "$stderr_log" & + fi + echo $! > "$pid_file" + if ! is_running; then + echo "Unable to start, see $stdout_log and $stderr_log" + exit 1 + fi + fi + ;; + stop) + if is_running; then + echo -n "Stopping $name.." + kill `get_pid` + for i in {1..10} + do + if ! is_running; then + break + fi + + echo -n "." + sleep 1 + done + echo + + if is_running; then + echo "Not stopped; may still be shutting down or shutdown may have failed" + exit 1 + else + echo "Stopped" + if [ -f "$pid_file" ]; then + rm "$pid_file" + fi + fi + else + echo "Not running" + fi + ;; + restart) + $0 stop + if is_running; then + echo "Unable to stop, will not attempt to start" + exit 1 + fi + $0 start + ;; + status) + if is_running; then + echo "Running" + else + echo "Stopped" + exit 1 + fi + ;; + *) + echo "Usage: $0 {start|stop|restart|status}" + exit 1 + ;; +esac + +exit 0 diff --git a/vnfs/vFW/scripts/vsink.sh b/vnfs/vFW/scripts/vsink.sh new file mode 100644 index 00000000..a6862b0d --- /dev/null +++ b/vnfs/vFW/scripts/vsink.sh @@ -0,0 +1,98 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Start daemon at boot time +# Description: Enable service provided by daemon. +### END INIT INFO + +dir="/opt" +cmd="./v_sink_init.sh" +user="root" + +name=`basename $0` +pid_file="/var/run/$name.pid" +stdout_log="/var/log/$name.log" +stderr_log="/var/log/$name.err" + +get_pid() { + cat "$pid_file" +} + +is_running() { + [ -f "$pid_file" ] && ps `get_pid` > /dev/null 2>&1 +} + +case "$1" in + start) + if is_running; then + echo "Already started" + else + echo "Starting $name" + cd "$dir" + if [ -z "$user" ]; then + sudo $cmd >> "$stdout_log" 2>> "$stderr_log" & + else + sudo -u "$user" $cmd >> "$stdout_log" 2>> "$stderr_log" & + fi + echo $! > "$pid_file" + if ! is_running; then + echo "Unable to start, see $stdout_log and $stderr_log" + exit 1 + fi + fi + ;; + stop) + if is_running; then + echo -n "Stopping $name.." + kill `get_pid` + for i in {1..10} + do + if ! is_running; then + break + fi + + echo -n "." + sleep 1 + done + echo + + if is_running; then + echo "Not stopped; may still be shutting down or shutdown may have failed" + exit 1 + else + echo "Stopped" + if [ -f "$pid_file" ]; then + rm "$pid_file" + fi + fi + else + echo "Not running" + fi + ;; + restart) + $0 stop + if is_running; then + echo "Unable to stop, will not attempt to start" + exit 1 + fi + $0 start + ;; + status) + if is_running; then + echo "Running" + else + echo "Stopped" + exit 1 + fi + ;; + *) + echo "Usage: $0 {start|stop|restart|status}" + exit 1 + ;; +esac + +exit 0 |