diff options
Diffstat (limited to 'vnfs/vFW')
-rw-r--r-- | vnfs/vFW/scripts/v_firewall_init.sh | 30 | ||||
-rw-r--r-- | vnfs/vFW/scripts/v_firewall_install.sh | 32 | ||||
-rw-r--r-- | vnfs/vFW/scripts/v_packetgen_init.sh | 26 | ||||
-rw-r--r-- | vnfs/vFW/scripts/v_packetgen_install.sh | 24 | ||||
-rw-r--r-- | vnfs/vFW/scripts/v_sink_init.sh | 12 | ||||
-rw-r--r-- | vnfs/vFW/scripts/v_sink_install.sh | 24 |
6 files changed, 123 insertions, 25 deletions
diff --git a/vnfs/vFW/scripts/v_firewall_init.sh b/vnfs/vFW/scripts/v_firewall_init.sh index d277af04..75a55bee 100644 --- a/vnfs/vFW/scripts/v_firewall_init.sh +++ b/vnfs/vFW/scripts/v_firewall_init.sh @@ -1,5 +1,26 @@ #!/bin/bash +# Convert Network CIDR to Netmask +mask2cidr() { + nbits=0 + IFS=. + for dec in $1 ; do + case $dec in + 255) let nbits+=8;; + 254) let nbits+=7;; + 252) let nbits+=6;; + 248) let nbits+=5;; + 240) let nbits+=4;; + 224) let nbits+=3;; + 192) let nbits+=2;; + 128) let nbits+=1;; + 0);; + *) echo "Error: $dec is not recognized"; exit 1 + esac + done + echo "$nbits" +} + # Start VPP start vpp sleep 1 @@ -12,6 +33,11 @@ HWADDR2=$(ifconfig eth2 | grep HWaddr | tr -s ' ' | cut -d' ' -f5) FAKE_HWADDR1=$(echo -n 00; dd bs=1 count=5 if=/dev/urandom 2>/dev/null | hexdump -v -e '/1 ":%02X"') FAKE_HWADDR2=$(echo -n 00; dd bs=1 count=5 if=/dev/urandom 2>/dev/null | hexdump -v -e '/1 ":%02X"') +IPADDR1_MASK=$(ifconfig eth1 | grep "Mask" | awk '{print $4}' | awk -F ":" '{print $2}') +IPADDR1_CIDR=$(mask2cidr $IPADDR1_MASK) +IPADDR2_MASK=$(ifconfig eth2 | grep "Mask" | awk '{print $4}' | awk -F ":" '{print $2}') +IPADDR2_CIDR=$(mask2cidr $IPADDR2_MASK) + ifconfig eth1 down ifconfig eth2 down ifconfig eth1 hw ether $FAKE_HWADDR1 @@ -22,8 +48,8 @@ ifconfig eth1 up ifconfig eth2 up vppctl tap connect tap111 hwaddr $HWADDR1 vppctl tap connect tap222 hwaddr $HWADDR2 -vppctl set int ip address tap-0 $IPADDR1"/24" -vppctl set int ip address tap-1 $IPADDR2"/24" +vppctl set int ip address tap-0 $IPADDR1"/"$IPADDR1_CIDR +vppctl set int ip address tap-1 $IPADDR2"/"$IPADDR2_CIDR vppctl set int state tap-0 up vppctl set int state tap-1 up brctl addbr br0 diff --git a/vnfs/vFW/scripts/v_firewall_install.sh b/vnfs/vFW/scripts/v_firewall_install.sh index 21164383..5ec634e4 100644 --- a/vnfs/vFW/scripts/v_firewall_install.sh +++ b/vnfs/vFW/scripts/v_firewall_install.sh @@ -6,6 +6,14 @@ DEMO_ARTIFACTS_VERSION=$(cat /opt/config/demo_artifacts_version.txt) INSTALL_SCRIPT_VERSION=$(cat /opt/config/install_script_version.txt) CLOUD_ENV=$(cat /opt/config/cloud_env.txt) +# Convert Network CIDR to Netmask +cdr2mask () { + # Number of args to shift, 255..255, first non-255 byte, zeroes + set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 + [ $1 -gt 1 ] && shift $1 || shift + echo ${1-0}.${2-0}.${3-0}.${4-0} +} + # OpenStack network configuration if [[ $CLOUD_ENV == "openstack" ]] then @@ -17,25 +25,31 @@ then MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1) - VFW_PRIVATE_IP_O=$(cat /opt/config/vfw_private_ip_0.txt) + IP=$(cat /opt/config/vfw_private_ip_0.txt) + BITS=$(cat /opt/config/unprotected_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) echo "auto eth1" >> /etc/network/interfaces echo "iface eth1 inet static" >> /etc/network/interfaces - echo " address $VFW_PRIVATE_IP_O" >> /etc/network/interfaces - echo " netmask 255.255.255.0" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces echo " mtu $MTU" >> /etc/network/interfaces - VFW_PRIVATE_IP_1=$(cat /opt/config/vfw_private_ip_1.txt) + IP=$(cat /opt/config/vfw_private_ip_1.txt) + BITS=$(cat /opt/config/protected_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) echo "auto eth2" >> /etc/network/interfaces echo "iface eth2 inet static" >> /etc/network/interfaces - echo " address $VFW_PRIVATE_IP_1" >> /etc/network/interfaces - echo " netmask 255.255.255.0" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces echo " mtu $MTU" >> /etc/network/interfaces - VFW_PRIVATE_IP_2=$(cat /opt/config/vfw_private_ip_2.txt) + IP=$(cat /opt/config/vfw_private_ip_2.txt) + BITS=$(cat /opt/config/onap_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) echo "auto eth3" >> /etc/network/interfaces echo "iface eth3 inet static" >> /etc/network/interfaces - echo " address $VFW_PRIVATE_IP_2" >> /etc/network/interfaces - echo " netmask 255.255.255.0" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces echo " mtu $MTU" >> /etc/network/interfaces ifup eth1 diff --git a/vnfs/vFW/scripts/v_packetgen_init.sh b/vnfs/vFW/scripts/v_packetgen_init.sh index ca6571b7..3b8f51ff 100644 --- a/vnfs/vFW/scripts/v_packetgen_init.sh +++ b/vnfs/vFW/scripts/v_packetgen_init.sh @@ -1,5 +1,26 @@ #!/bin/bash +# Convert Network CIDR to Netmask +mask2cidr() { + nbits=0 + IFS=. + for dec in $1 ; do + case $dec in + 255) let nbits+=8;; + 254) let nbits+=7;; + 252) let nbits+=6;; + 248) let nbits+=5;; + 240) let nbits+=4;; + 224) let nbits+=3;; + 192) let nbits+=2;; + 128) let nbits+=1;; + 0);; + *) echo "Error: $dec is not recognized"; exit 1 + esac + done + echo "$nbits" +} + # Start VPP start vpp sleep 1 @@ -12,12 +33,15 @@ PROTECTED_NET_CIDR=$(cat /opt/config/protected_net_cidr.txt) FW_IPADDR=$(cat /opt/config/fw_ipaddr.txt) SINK_IPADDR=$(cat /opt/config/sink_ipaddr.txt) +IPADDR1_MASK=$(ifconfig eth1 | grep "Mask" | awk '{print $4}' | awk -F ":" '{print $2}') +IPADDR1_CIDR=$(mask2cidr $IPADDR1_MASK) + ifconfig eth1 down ifconfig eth1 hw ether $FAKE_HWADDR1 ip addr flush dev eth1 ifconfig eth1 up vppctl tap connect tap111 hwaddr $HWADDR1 -vppctl set int ip address tap-0 $IPADDR1"/24" +vppctl set int ip address tap-0 $IPADDR1"/"$IPADDR1_CIDR vppctl set int state tap-0 up brctl addbr br0 brctl addif br0 tap111 diff --git a/vnfs/vFW/scripts/v_packetgen_install.sh b/vnfs/vFW/scripts/v_packetgen_install.sh index c3a510da..dd75278d 100644 --- a/vnfs/vFW/scripts/v_packetgen_install.sh +++ b/vnfs/vFW/scripts/v_packetgen_install.sh @@ -6,6 +6,14 @@ DEMO_ARTIFACTS_VERSION=$(cat /opt/config/demo_artifacts_version.txt) INSTALL_SCRIPT_VERSION=$(cat /opt/config/install_script_version.txt) CLOUD_ENV=$(cat /opt/config/cloud_env.txt) +# Convert Network CIDR to Netmask +cdr2mask () { + # Number of args to shift, 255..255, first non-255 byte, zeroes + set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 + [ $1 -gt 1 ] && shift $1 || shift + echo ${1-0}.${2-0}.${3-0}.${4-0} +} + # OpenStack network configuration if [[ $CLOUD_ENV == "openstack" ]] then @@ -17,18 +25,22 @@ then MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1) - VPG_PRIVATE_IP_O=$(cat /opt/config/vpg_private_ip_0.txt) + IP=$(cat /opt/config/vpg_private_ip_0.txt) + BITS=$(cat /opt/config/unprotected_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) echo "auto eth1" >> /etc/network/interfaces echo "iface eth1 inet static" >> /etc/network/interfaces - echo " address $VPG_PRIVATE_IP_O" >> /etc/network/interfaces - echo " netmask 255.255.255.0" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces echo " mtu $MTU" >> /etc/network/interfaces - VPG_PRIVATE_IP_1=$(cat /opt/config/vpg_private_ip_1.txt) + IP=$(cat /opt/config/vpg_private_ip_1.txt) + BITS=$(cat /opt/config/onap_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) echo "auto eth2" >> /etc/network/interfaces echo "iface eth2 inet static" >> /etc/network/interfaces - echo " address $VPG_PRIVATE_IP_1" >> /etc/network/interfaces - echo " netmask 255.255.255.0" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces echo " mtu $MTU" >> /etc/network/interfaces ifup eth1 diff --git a/vnfs/vFW/scripts/v_sink_init.sh b/vnfs/vFW/scripts/v_sink_init.sh index 77f4296c..7975d435 100644 --- a/vnfs/vFW/scripts/v_sink_init.sh +++ b/vnfs/vFW/scripts/v_sink_init.sh @@ -1,7 +1,17 @@ #!/bin/bash +# Convert Network CIDR to Netmask +cdr2mask () { + # Number of args to shift, 255..255, first non-255 byte, zeroes + set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 + [ $1 -gt 1 ] && shift $1 || shift + echo ${1-0}.${2-0}.${3-0}.${4-0} +} + # Set the IP address of the protected network interface of the vFirewall as a default gateway to the unprotected network PROTECTED_NET_GW=$(cat /opt/config/protected_net_gw.txt) UNPROTECTED_NET=$(cat /opt/config/unprotected_net.txt | cut -d'/' -f1) +BITS=$(cat /opt/config/unprotected_net.txt | cut -d"/" -f2) +NETMASK=$(cdr2mask $BITS) -route add -net $UNPROTECTED_NET netmask 255.255.255.0 gw $PROTECTED_NET_GW +route add -net $UNPROTECTED_NET netmask $NETMASK gw $PROTECTED_NET_GW diff --git a/vnfs/vFW/scripts/v_sink_install.sh b/vnfs/vFW/scripts/v_sink_install.sh index 32c6167f..71bab414 100644 --- a/vnfs/vFW/scripts/v_sink_install.sh +++ b/vnfs/vFW/scripts/v_sink_install.sh @@ -4,6 +4,14 @@ REPO_URL_BLOB=$(cat /opt/config/repo_url_blob.txt) INSTALL_SCRIPT_VERSION=$(cat /opt/config/install_script_version.txt) CLOUD_ENV=$(cat /opt/config/cloud_env.txt) +# Convert Network CIDR to Netmask +cdr2mask () { + # Number of args to shift, 255..255, first non-255 byte, zeroes + set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0 + [ $1 -gt 1 ] && shift $1 || shift + echo ${1-0}.${2-0}.${3-0}.${4-0} +} + # OpenStack network configuration if [[ $CLOUD_ENV == "openstack" ]] then @@ -15,18 +23,22 @@ then MTU=$(/sbin/ifconfig | grep MTU | sed 's/.*MTU://' | sed 's/ .*//' | sort -n | head -1) - VSN_PRIVATE_IP_O=$(cat /opt/config/vsn_private_ip_0.txt) + IP=$(cat /opt/config/vsn_private_ip_0.txt) + BITS=$(cat /opt/config/protected_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) echo "auto eth1" >> /etc/network/interfaces echo "iface eth1 inet static" >> /etc/network/interfaces - echo " address $VSN_PRIVATE_IP_O" >> /etc/network/interfaces - echo " netmask 255.255.255.0" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces echo " mtu $MTU" >> /etc/network/interfaces - VSN_PRIVATE_IP_1=$(cat /opt/config/vsn_private_ip_1.txt) + IP=$(cat /opt/config/vsn_private_ip_1.txt) + BITS=$(cat /opt/config/onap_private_net_cidr.txt | cut -d"/" -f2) + NETMASK=$(cdr2mask $BITS) echo "auto eth2" >> /etc/network/interfaces echo "iface eth2 inet static" >> /etc/network/interfaces - echo " address $VSN_PRIVATE_IP_1" >> /etc/network/interfaces - echo " netmask 255.255.255.0" >> /etc/network/interfaces + echo " address $IP" >> /etc/network/interfaces + echo " netmask $NETMASK" >> /etc/network/interfaces echo " mtu $MTU" >> /etc/network/interfaces ifup eth1 |