Unpack nativ functions

NFs/native/NAT/start

@@ -0,0 +1,35 @@
+#!/bin/bash
+
+#Author: Roberto Bonafiglia
+#
+
+#command line: 
+#	sudo ./start $1 $2 $3 $4 $5
+
+#dependencies: strongswan 
+
+#$1 LSI ID								(e.g., 2)
+#$2 NF name								(e.g., firewall)
+#$3 number_of_ports							(it is supposed to be 2 for this NF)
+#$4 and $5 names of port1 and port2 respectively			(e.g., vEth0 vEth1)
+
+if (( $EUID != 0 )) 
+then
+    echo "[nativeNF_example_start] This script must be executed with ROOT privileges"
+    exit 0
+fi
+
+#enable ipv4 forwarding
+sysctl -w net.ipv4.ip_forward=1
+
+#debug
+#set -x
+
+br_name=$1_$2_br
+namespace_name=$1_$2_ns
+
+ifconfig $4 192.168.1.1 netmask 255.255.255.0
+ifconfig $5 192.168.2.1 netmask 255.255.255.0
+iptables -A FORWARD -i $4 -j ACCEPT
+iptables -t nat -A POSTROUTING -o $5 -j MASQUERADE
+exit 1

NFs/native/NAT/stop

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+#Author: Roberto Bonafiglia
+#
+
+#command line: 
+#	sudo ./start $1 $2 $3 $4 $5
+
+#dependencies: strongswan 
+
+#$1 LSI ID								(e.g., 2)
+#$2 NF name								(e.g., firewall)
+#$3 number_of_ports							(it is supposed to be 2 for this NF)
+#$4 and $5 names of port1 and port2 respectively			(e.g., vEth0 vEth1)
+
+if (( $EUID != 0 )) 
+then
+    echo "[nativeNF_example_start] This script must be executed with ROOT privileges"
+    exit 0
+fi
+
+
+
+namespace_name=$1_$2_ns
+
+
+exit 1

NFs/native/VPNStrongswan/configure.sh

@@ -0,0 +1,24 @@
+#! /bin/bash
+
+# $port1 $port2 $namespace $path
+
+
+
+SCRIPTPATH=$4
+
+mkdir -p /etc/netns/$3/ipsec.d/run
+mkdir -p /etc/netns/$3/strongswan
+mkdir -p /etc/netns/$3/iproute2
+
+cp -r $SCRIPTPATH/rt_tables /etc/netns/$3/iproute2
+
+ip netns exec $3 ifconfig $1 192.168.1.1 netmask 255.255.255.0
+#ip netns exec $3 route add default gw 130.192.225.254
+ip netns exec $3 ifconfig $2 1.1.1.1 netmask 255.255.255.0
+#ip netns exec $3 ip route add 10.2.0.0/16 dev $2 scope link table tapIPSEC
+#ip netns exec $3 ip route add default via 10.2.2.252 dev $2 table tapIPSEC
+#ip netns exec $3 ip rule add from 10.2.1.0/24 table tapIPSEC pref 2
+#ip netns exec $3 ip rule add to 10.2.1.0/24 table tapIPSEC pref 2
+
+cp -r /etc/strongswan* /etc/netns/$3/
+cp -r $SCRIPTPATH/strongswan/ipsec.* /etc/netns/$3/

NFs/native/VPNStrongswan/rt_tables

@@ -0,0 +1,12 @@
+#
+# reserved values
+#
+255	local
+254	main
+253	default
+0	unspec
+#
+# local
+#
+#1	inr.ruhep
+250 tapIPSEC

NFs/native/VPNStrongswan/start

@@ -0,0 +1,38 @@
+#!/bin/bash
+
+#Author: Roberto Bonafiglia
+#
+
+#command line: 
+#	sudo ./start $1 $2 $3 $4 $5
+
+#dependencies: strongswan 
+
+#$1 LSI ID								(e.g., 2)
+#$2 NF name								(e.g., firewall)
+#$3 number_of_ports							(it is supposed to be 2 for this NF)
+#$4 and $5 names of port1 and port2 respectively			(e.g., vEth0 vEth1)
+
+if (( $EUID != 0 )) 
+then
+    echo "[nativeNF_example_start] This script must be executed with ROOT privileges"
+    exit 0
+fi
+
+#enable ipv4 forwarding
+sysctl -w net.ipv4.ip_forward=1
+
+#debug
+#set -x
+
+br_name=$1_$2_br
+namespace_name=$1_$2_ns
+
+SCRIPTPATH="$1_$1_$2_tmp_$2"
+
+bash $SCRIPTPATH/configure.sh $4 $5 $namespace_name $SCRIPTPATH
+
+ip netns exec $namespace_name ipsec start 
+echo "[nativeNF_strongswan_start] script executed"
+
+exit 1

NFs/native/VPNStrongswan/stop

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+#Author: Roberto Bonafiglia
+#
+
+#command line: 
+#	sudo ./start $1 $2 $3 $4 $5
+
+#dependencies: strongswan 
+
+#$1 LSI ID								(e.g., 2)
+#$2 NF name								(e.g., firewall)
+#$3 number_of_ports							(it is supposed to be 2 for this NF)
+#$4 and $5 names of port1 and port2 respectively			(e.g., vEth0 vEth1)
+
+if (( $EUID != 0 )) 
+then
+    echo "[nativeNF_example_start] This script must be executed with ROOT privileges"
+    exit 0
+fi
+
+
+
+namespace_name=$1_$2_ns
+
+ip netns exec $namespace_name ipsec stop
+rm -rf /etc/netns/$namespace_name
+
+echo "[nativeNF_strongswan_start] script executed"
+
+exit 1

NFs/native/VPNStrongswan/strongswan/ipsec.conf

@@ -0,0 +1,47 @@
+# ipsec.conf - strongSwan IPsec configuration file
+
+# basic configuration
+
+config setup
+	# strictcrlpolicy=yes
+	uniqueids = never
+
+# Add connections here.
+
+# Sample VPN connections
+
+#conn sample-self-signed
+#      leftsubnet=10.1.0.0/16
+#      leftcert=selfCert.der
+#      leftsendcert=never
+#      right=192.168.0.2
+#      rightsubnet=10.2.0.0/16
+#      rightcert=peerCert.der
+#      auto=start
+
+#conn sample-with-ca-cert
+#      leftsubnet=10.1.0.0/16
+#      leftcert=myCert.pem
+#      right=192.168.0.2
+#      rightsubnet=10.2.0.0/16
+#      rightid="C=CH, O=Linux strongSwan CN=peer name"
+#      auto=start
+
+conn %default
+	ikelifetime=60m
+	keylife=20m
+	rekeymargin=3m
+	keyingtries=1
+	authby=secret
+	keyexchange=ikev2
+	mobike=no
+
+conn net-net
+	left=1.1.1.1
+	[email protected]
+	leftsubnet=192.168.1.0/24
+	leftfirewall=yes
+	right=1.1.1.2
+	rightsubnet=10.0.0.0/24
+	[email protected]
+	auto=start

NFs/native/VPNStrongswan/strongswan/ipsec.secrets

@@ -0,0 +1,3 @@
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
+
+@moon.strongswan.org @sun.strongswan.org : PSK 0sv+NkxY9LLZvwj4qCC2o/gGrWDF2d21jL

NFs/native/bridge/start

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+#Author: Roberto Bonafiglia
+#
+
+#command line: 
+#	sudo ./start $1 $2 $3 $4 $5
+
+#dependencies: strongswan 
+
+#$1 LSI ID								(e.g., 2)
+#$2 NF name								(e.g., firewall)
+#$3 number_of_ports							(it is supposed to be 2 for this NF)
+#$4 and $5 names of port1 and port2 respectively			(e.g., vEth0 vEth1)
+
+if (( $EUID != 0 )) 
+then
+    echo "[nativeNF_example_start] This script must be executed with ROOT privileges"
+    exit 0
+fi
+
+#debug
+#set -x
+
+br_name=$1_$2_br
+namespace_name=$1_$2_ns
+
+brctl addbr br0
+ifconfig br0 up
+ifconfig lo up
+current=4
+for (( c=0; c<$3; c++ ))
+do
+	brctl addif br0 ${!current}
+	current=`expr $current + 1`
+done
+exit 1

NFs/native/bridge/stop

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+#Author: Roberto Bonafiglia
+#
+
+#command line: 
+#	sudo ./start $1 $2 $3 $4 $5
+
+#dependencies: strongswan 
+
+#$1 LSI ID								(e.g., 2)
+#$2 NF name								(e.g., firewall)
+#$3 number_of_ports							(it is supposed to be 2 for this NF)
+#$4 and $5 names of port1 and port2 respectively			(e.g., vEth0 vEth1)
+
+if (( $EUID != 0 )) 
+then
+    echo "[nativeNF_example_start] This script must be executed with ROOT privileges"
+    exit 0
+fi
+
+
+
+namespace_name=$1_$2_ns
+
+brctl delbr br0
+exit 1

NFs/native/dhcp/start

@@ -0,0 +1,33 @@
+#!/bin/bash
+
+#Author: Roberto Bonafiglia
+#
+
+#command line: 
+#	sudo ./start $1 $2 $3 $4 $5
+
+#dependencies: strongswan 
+
+#$1 LSI ID								(e.g., 2)
+#$2 NF name								(e.g., firewall)
+#$3 number_of_ports							(it is supposed to be 2 for this NF)
+#$4 and $5 names of port1 and port2 respectively			(e.g., vEth0 vEth1)
+
+if (( $EUID != 0 )) 
+then
+    echo "[nativeNF_example_start] This script must be executed with ROOT privileges"
+    exit 0
+fi
+
+#debug
+#set -x
+
+br_name=$1_$2_br
+namespace_name=$1_$2_ns
+
+ifconfig lo up
+ifconfig $4 192.168.1.50 netmask 255.255.255.0
+
+dnsmasq --dhcp-range=192.168.1.10,192.168.1.49,72h --interface=$4 --dhcp-option=3,192.168.1.1
+
+exit 1

NFs/native/dhcp/stop

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+#Author: Roberto Bonafiglia
+#
+
+#command line: 
+#	sudo ./start $1 $2 $3 $4 $5
+
+#dependencies: strongswan 
+
+#$1 LSI ID								(e.g., 2)
+#$2 NF name								(e.g., firewall)
+#$3 number_of_ports							(it is supposed to be 2 for this NF)
+#$4 and $5 names of port1 and port2 respectively			(e.g., vEth0 vEth1)
+
+if (( $EUID != 0 )) 
+then
+    echo "[nativeNF_example_start] This script must be executed with ROOT privileges"
+    exit 0
+fi
+
+
+
+namespace_name=$1_$2_ns
+
+exit 1