add bash scripts

scripts/connect.py

@@ -0,0 +1,60 @@
+#!/usr/bin/env python3
+import subprocess,os
+newenv = os.environ.copy()
+newenv["LD_PRELOAD"] = "/snacks/wireguard/bin/resolve.so"
+
+def wireguard():
+    try:
+        os.mkdir("/run/netns")
+    except FileExistsError:
+        pass
+    try:
+        os.symlink("/run/vpn/net", "/run/netns/vpn")
+        os.symlink("/proc/1/ns/net", "/run/netns/default")
+    except FileExistsError:
+        pass
+
+    with open("/proc/sys/net/ipv4/conf/all/forwarding", "w") as f:
+        f.write("1")
+    with open("/proc/sys/net/ipv6/conf/all/forwarding", "w") as f:
+        f.write("1")
+    with open("/proc/sys/net/ipv4/ping_group_range", "w") as f:
+        f.write("0 2147483647")
+
+    with open("/proc/self/net/dev", "r") as f:
+        vpn_devices = f.read()
+    with open("/proc/1/net/dev", "r") as f:
+        default_devices = f.read()
+
+    if "veth-inner" in vpn_devices:
+        subprocess.run(["ip", "link", "del", "dev", "veth-inner"])
+    if "veth-outer" in vpn_devices:
+        subprocess.run(["ip", "link", "del", "dev", "veth-outer"])
+    if "vpn" in vpn_devices:
+        subprocess.run(["ip", "link", "del", "dev", "vpn"])
+    
+    if "veth-inner" in default_devices:
+        subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "del", "dev", "veth-inner"])
+    if "veth-outer" in default_devices:
+        subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "del", "dev", "veth-outer"])
+    if "vpn" in default_devices:
+        subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "del", "dev", "vpn"])
+
+    subprocess.run(["modprobe", "wireguard"])
+    subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "add", "dev", "vpn", "type", "wireguard"])
+    subprocess.run(["nsenter", "--net=/proc/1/ns/net", "ip", "link", "set", "dev", "vpn", "netns", "vpn"])
+    
+    subprocess.run(["nsenter", "--net=/run/vpn/net", "/snacks/wireguard/bin/inner.sh"], newenv)
+    subprocess.run(["nsenter", "--net=/proc/1/ns/net", "/snacks/wireguard/bin/outer.sh"], newenv)
+
+try:
+    self_ns = os.readlink("/proc/1/ns/net")
+    vpn_ns = os.readlink("/run/vpn/net")
+except Exception as e:
+    print(e)
+else:
+    if self_ns == vpn_ns:
+        wireguard()
+    else:
+        print("This script should be called from the VPN network namespace.")
+

scripts/inner.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env python3
+ip link add name mynet0 type bridge
+ip link add veth-inner type veth peer name veth-outer
+ip link set dev veth-inner master mynet0
+
+ip link set dev veth-inner up
+ip link set dev mynet0 up
+ip link set dev veth-inner up
+
+wg setconf vpn /snacks/wireguard/wg.conf
+ip link set dev vpn up
+ip addr flush dev vpn
+ip route flush dev vpn
+
+ip addr add ${VPN_IPV4_ADDRESS} dev vpn
+ip addr add ${VPN_IPV6_ADDRESS} dev vpn
+ip -4 route add default dev vpn
+ip -6 route add default dev vpn

scripts/outer.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+ip link set dev veth-outer up
+ip addr add ${VETH_IPV4_ADDRESS} dev veth-outer
+ip addr add ${VETH_IPV6_ADDRESS} dev veth-outer