mpsocks_lib

#!/bin/bash

IMG=${IMG:-"mpsocks.img"}
DIR="mount_${IMG}"

SUBNET16=${SUBNET16:-"10.66"}
SUBNETSTART=${SUBNETSTART:-"6"}

TABLESTART=665

TAP_PREFIX=${TAP_PREFIX:-"mptcp"}

SOCK_PORT=${SOCK_PORT:-6666}

subnet24() {
	local n=${1:-0}
	echo "${SUBNET16}.$(($n + $SUBNETSTART))"
}

# $1 24's subnet idx, $2 nth subnet's ip
nth_ip() {
	echo "$(subnet24 ${1}).${2}"
}

subnet() {
	echo "$(nth_ip ${1:-0} 0)/24"
}

host_ip() {
	nth_ip ${1:-0} 1
}

host_cidr() {
	echo "$(host_ip ${1:-0})/24"
}

guest_ip() {
	nth_ip ${1:-0} 2
}

guest_cidr() {
	echo "$(guest_ip ${1:-0})/24"
}

build_image() {
	qemu-img create $IMG 10g
	mkfs.ext3 $IMG
	mkdir $DIR
	sudo mount -o loop $IMG $DIR

	git clone https://salsa.debian.org/installer-team/debootstrap.git
	sudo DEBOOTSTRAP_DIR=$(pwd)/debootstrap ./debootstrap/debootstrap --arch amd64 stretch $DIR

	sudo chroot $DIR passwd root

	# auto up our mgmt interface
	#TODO check EOF when rerun, due to align change
	sudo bash -c "grep -q enp0s3 $DIR/etc/network/interfaces ||
	cat >> $DIR/etc/network/interfaces <<EOF

auto enp0s3
allow-hotplug enp0s3
iface enp0s3 inet dhcp
EOF"

	# install SSH and our key.

	sudo chroot $DIR apt-get install -y openssh-server --allow-unauthenticated
	sudo mkdir $DIR/root/.ssh
	sudo chmod 700 $DIR/root/.ssh
	sudo bash -c "cat $HOME/.ssh/id_rsa.pub >> $DIR/root/.ssh/authorized_keys"
	sudo chmod 600 $DIR/root/.ssh/authorized_keys

	# TODO integrate this, i did this to cancel the default route learn over dhcp for mgmt
	# we won't use it.
	# cat /etc/dhcp/dhclient-exit-hooks.d/drop_default
	# if [ "${reason}" = "BOUND" -a "${interface}" = "enp0s3" ] ; then
	#         if [ "$(ip r | grep default | awk '{print $3}')" = "${new_routers}" ] ; then
	#                 ip route del default
	#         fi
	# fi
	sudo umount $DIR
	rmdir $DIR
}

build_kernel() {
	git clone https://github.com/multipath-tcp/mptcp.git
	cd mptcp
	make O=build-kvm x86_64_defconfig
	make O=build-kvm kvmconfig

	scripts/config --file build-kvm/.config --enable MPTCP
	scripts/config --file build-kvm/.config --enable MPTCP_PM_ADVANCED
	scripts/config --file build-kvm/.config --enable MPTCP_FULLMESH
	scripts/config --file build-kvm/.config --enable MPTCP_NDIFFPORTS
	scripts/config --file build-kvm/.config --enable MPTCP_BINDER
	scripts/config --file build-kvm/.config --enable MPTCP_NETLINK
	scripts/config --file build-kvm/.config --enable DEFAULT_FULLMESH
	scripts/config --file build-kvm/.config --set-str DEFAULT_MPTCP_PM "fullmesh"
	scripts/config --file build-kvm/.config --enable MPTCP_SCHED_ADVANCED
	scripts/config --file build-kvm/.config --enable MPTCP_BLEST
	scripts/config --file build-kvm/.config --enable MPTCP_ROUNDROBIN
	scripts/config --file build-kvm/.config --enable MPTCP_REDUNDANT
	scripts/config --file build-kvm/.config --enable DEFAULT_SCHEDULER
	scripts/config --file build-kvm/.config --set-str DEFAULT_MPTCP_SCHED "default"

	scripts/config --file build-kvm/.config --disable RETPOLINE

	scripts/config --file build-kvm/.config --enable NETFILTER_ADVANCED
	scripts/config --file build-kvm/.config --module IP_NF_TARGET_REDIRECT

	make O=build-kvm olddefconfig
	make O=build-kvm -j 8
	cd -

	build_kernel_modules
}

build_kernel_modules() {
	cd mptcp
	make O=build-kvm -j 8 modules
	make O=build-kvm INSTALL_MOD_PATH=$PWD/build-kvm/mymodules/ -j 8 modules_install
	cd -
}

tap_name() {
	echo "${TAP_PREFIX}${1:-0}"
}

configure_host_tap() {
	local n=${1:-0}
	local tap=$(tap_name $n)

	sudo ip tuntap add mode tap user $(whoami) name $tap
	sudo ip address add $(host_cidr $n) dev $tap
	sudo ip l set dev $tap up
}

clean_host_tap() {
	local tap=$(tap_name ${1:-0})
	sudo ip link del $tap
}

ssh_vm() {
	ssh -o "UserKnownHostsFile /dev/null" -o "StrictHostKeyChecking no" -p 6222 root@localhost $@
}

ssh_vm_pseudoterm() {
	ssh -t -o "UserKnownHostsFile /dev/null" -o "StrictHostKeyChecking no" -p 6222 root@localhost $@
}

guest_itf() {
	echo "enp0s$((4 + ${1:-0}))"
}

guest_table() {
	local n=${1:-0}

	if [ "$n" = 0 ] ; then
		echo "main"
	else
		echo $(($TABLESTART + $n))
	fi
}

host_table() {
	local n=${1:-0}
	echo $(($TABLESTART + $n))
}

configure_guest_nw() {
	local n=${1:-0}
	local itf=$(guest_itf $n)
	local table=$(guest_table $n)

	ssh_vm ip addr add $(guest_cidr $n) dev $itf
	ssh_vm ip link set dev $itf up

	ssh_vm ip rule add from $(guest_ip $n) table $table
	ssh_vm ip route del default table $table
	ssh_vm ip route add default via $(host_ip $n) table $table
}

configure_host_nat() {
	local n=${1:-0}
	sudo iptables -t nat -A POSTROUTING -s $(guest_ip $n)/32 -j MASQUERADE
	sudo iptables -A FORWARD -i $(tap_name $n) -j ACCEPT
	sudo iptables -A FORWARD -o $(tap_name $n) -j ACCEPT
}

clean_host_nat() {
	local n=${1:-0}
	sudo iptables -t nat -D POSTROUTING -s $(guest_ip $n)/32 -j MASQUERADE
	sudo iptables -D FORWARD -i $(tap_name $n) -j ACCEPT
	sudo iptables -D FORWARD -o $(tap_name $n) -j ACCEPT
}

# $1 where to get out from src routing
configure_host_source_routing() {
	local itf=${1?Which itf should I use to go out ???}
	local n=${2:-1}
	local tap=$(tap_name $n)
	local table=$(host_table $n)

	sudo ip rule add iif $tap table $table

	local gw=$(ip route | grep default | grep $itf | awk '{ print $3}')
	sudo ip route add default via $gw table $table
}

clean_host_source_routing() {
	local n=${1:-1}
	local tap=$(tap_name $n)
	local table=$(host_table $n)

	sudo ip rule del iif $tap table $table
	sudo ip route del default table $table
}

check_mptcp() {
	# wget into an identity crisis obviously
	ssh_vm wget -O- -U curl multipath-tcp.org 2>/dev/null
}

run_ssh_socks() {
	ssh -o "UserKnownHostsFile /dev/null" -o "StrictHostKeyChecking no" -p 6222 -D $SOCK_PORT -N  root@localhost
}

run_socks() {
	echo "Starting ^C to kill it !"
	local method=${1:-ssh}
	run_${method}_socks
}

install_dante() {
	ssh_vm ip r del default
	ssh_vm ip r add default via 10.0.2.2
	ssh_vm apt-get install -y --allow-unauthenticated build-essential
	ssh_vm mkdir tools
	ssh_vm "wget -O- https://www.inet.no/dante/files/dante-1.4.2.tar.gz | tar -ixz --directory tools"
	ssh_vm "cd tools/dante-1.4.2 && ./configure && make"
}

run_dante_socks() {
	cat <<EOF | ssh_vm "cat - > /tmp/sockd.conf"
logoutput: stderr

internal: $(guest_ip) port = $SOCK_PORT

external: $(guest_ip)

socksmethod: none

client pass {
        from: $(subnet) port 1-65535 to: 0.0.0.0/0
}

socks pass {
        from: $(subnet) to: 0.0.0.0/0
        protocol: tcp udp
}
EOF
	ssh_vm_pseudoterm tools/dante-1.4.2/sockd/sockd -f /tmp/sockd.conf
}

qemu_vm_netdev() {
	local n=${1:-1}
	local i

	for i in $(seq 0 $(($n - 1))); do
		echo -n "-device e1000,netdev=network${i} "
		echo -n "-netdev tap,id=network${i},ifname=$(tap_name $i),script=no,downscript=no "
	done
}

boot_vm() {
	local n=${1:-1}
	local quiet=${2:-no}
	local display

	if [ $quiet = "yes" ]; then
		display="-display none"
	else
		display="-nographic"
	fi

	qemu-system-x86_64 -m 512 -kernel ./mptcp/build-kvm/arch/x86/boot/bzImage -hda $IMG -append "root=/dev/sda rw console=ttyS0" --enable-kvm $display -device e1000,netdev=mgmt -netdev user,id=mgmt,hostfwd=tcp:127.0.0.1:6222-:22 $(qemu_vm_netdev $n) \
		-fsdev local,security_model=mapped-xattr,id=fsdev0,path=$PWD/mptcp/build-kvm/mymodules/lib/modules,readonly -device virtio-9p-pci,id=fs0,fsdev=fsdev0,mount_tag=modules
}

wait_vm_ssh() {
	echo -n "Waiting for ssh's vm to be ready..."

	while ! ssh_vm echo "Ready!" 2>/dev/null ; do
		echo -n ".";
		sleep 1;
	done
}

mount_vm_modules() {
	ssh_vm mkdir -p /lib/modules
	ssh_vm mount -t 9p -o trans=virtio,version=9p2000.L modules /lib/modules
}

# $1: comma-separated list of interface to use
boot_socks() {
	local itfs=${1?First params is comma-separated list of interface}
	local itfa=($(echo ${itfs} | tr ',' ' '))
	local n=${#itfa[@]}
	local maxidx=$((n - 1))
	local i

	for i in $(seq 0 $maxidx); do
		configure_host_tap $i
		configure_host_nat $i
		configure_host_source_routing ${itfa[$i]} $i
	done

	boot_vm $n yes &

	wait_vm_ssh

	mount_vm_modules

	for i in $(seq 0 $maxidx); do
		configure_guest_nw $i
	done

	run_socks dante

	ssh_vm shutdown -h now

	for i in $(seq 0 $maxidx); do
		clean_host_tap $i
		clean_host_nat $i
		clean_host_source_routing $i
	done
}