.\" Automatically generated by Pandoc 2.2.1
.nh
.\"
.TH "vnetbuild" "1" "Built 12 Apr 2019" "VNetBuild Reference" "3.1.6"
.hy
.SH NAME
.PP
vnetbuild \- an easy to use but powerful namespace setup tool
.SH SYNOPSIS
.PP
sudo vnetbuild \f[I]CONFIGFILE\f[] { start | stop | status }
.PP
vnetbuild \f[I]CONFIGFILE\f[] graphviz \f[I]OUTFILE\f[].{gv|png|pdf|ps}
.SH DESCRIPTION
.PP
VNetBuild is a program that helps you set up groups of interconnected
network namespaces, to simulate networks of any complexity without
resorting to using real or virtual machines.
.PP
This is ideal for testing complex multi\-host configurations with a
minimal amount of resources on a single machine:
.IP \[bu] 2
Each namespace can have its own network setup, including firewall and
QOS configuration.
.IP \[bu] 2
Commands can be run in the namespace and will have that specific view of
the network, including running standard network tools and daemons.
.PP
Run without any arguments, \f[C]vnetbuild\f[] will present some help on
usage.
.SH COMMANDS
.TP
.B start
Sets up a series of network namespaces as defined in
\f[I]CONFIGFILE\f[].
\f[C]vnetbuild\f[] creates interconnected network devices as specified
in the configuration, sets up routing and runs any custom commands that
are given within the namespace.
.RS
.RE
.TP
.B stop
Removes any devices from the namespaces defined in \f[I]CONFIGFILE\f[]
and kills any processes running with the namespaces, then removes the
namespaces themselves.
.RS
.RE
.TP
.B status
For each namespace defined in \f[I]CONFIGFILE\f[], shows if it is active
and if so its network devices and their configuration.
.RS
.RE
.TP
.B graphviz \f[I]OUTFILE\f[]
Generates a graph of the network defined in \f[I]CONFIGFILE\f[].
This does not need root access, nor does it require the namespaces to
have been started.
.RS
.PP
\f[I]OUTFILE\f[] can be \f[C]png\f[] \f[C]pdf\f[] or \f[C]ps\f[].
If the extension \f[C]gv\f[] is given the output is a graphviz(7) file
which you can process separately.
.RE
.SH RUNNING COMMANDS IN A NAMESPACE
.PP
Once you have created a set of network namespaces, you can easily run
any commands you want within them.
If for instance you defined three hosts (\f[C]host_a\f[] with IP
\f[C]10.0.0.1\f[], \f[C]host_b\f[] with IP \f[C]10.0.0.2\f[] and
\f[C]host_c\f[] with IP \f[C]10.0.0.3\f[]) connected via a common switch
\f[C]sw0\f[]:
.IP
.nf
\f[C]
\ #\ ping\ host_b\ and\ host_c\ from\ host_a
\ sudo\ ip\ netns\ exec\ host_a\ ping\ 10.0.0.2
\ sudo\ ip\ netns\ exec\ host_a\ ping\ 10.0.0.3

\ #\ use\ netcat\ to\ listen\ on\ host_a\ and\ send\ data\ from\ host_b
\ #\ (use\ two\ terminals\ to\ run\ the\ commands\ simultaneously)
\ sudo\ ip\ netns\ exec\ host_a\ nc\ \-l\ \-p\ 23
\ sudo\ ip\ netns\ exec\ host_b\ nc\ \-q\ 0\ 10.0.0.1\ 23\ <\ /etc/hosts

\ #\ capture\ traffic\ passing\ through\ the\ switch,\ then\ view\ it
\ sudo\ ip\ netns\ exec\ sw0\ tcpdump\ \-i\ switch\ \-w\ capfile
\ wireshark\ capfile

\ #\ Use\ \[aq]firehol\ panic\[aq]\ in\ host_b\ to\ block\ all\ traffic
\ #\ (you\ could\ equally\ load\ a\ full\ config\ etc.)
\ sudo\ ip\ netns\ exec\ host_b\ firehol\ panic

\ #\ this\ is\ now\ blocked
\ sudo\ ip\ netns\ exec\ host_a\ ping\ 10.0.0.2

\ #\ not\ blocked\ (host_b\ not\ involved)
\ sudo\ ip\ netns\ exec\ host_a\ ping\ 10.0.0.3

\ #\ obtain\ a\ shell\ for\ your\ regular\ user,\ only\ "in"\ host_c
\ sudo\ ip\ netns\ exec\ host_c\ sudo\ \-i\ \-u\ $USER
\ ip\ a\ |\ grep\ 10.0.0.3
\f[]
.fi
.SH SEE ALSO
.IP \[bu] 2
vnetbuild.conf(5) \- VNetBuild configuration file
.IP \[bu] 2
firehol(1) \- FireHOL program
.IP \[bu] 2
fireqos(1) \- FireQOS program
.IP \[bu] 2
FireHOL Website (http://firehol.org/)
.IP \[bu] 2
VNetBuild Online PDF Manual (http://firehol.org/vnetbuild-manual.pdf)
.IP \[bu] 2
VNetBuild Online Documentation (http://firehol.org/documentation/)
.SH AUTHORS
FireHOL Team.