GitLab

INADDRANY: When 1, jail is allowed to bind to INADDR_ANY. When packet
           comes in, the pchlookup checks the prison IPs.

ROUTING:   Jail gets access to its routing table. This presently implies
           that the jail gets its own private routing table via new
	   jail options.

DEVMEM:    Jail gets a real /dev/mem and /dev/kmem instead of a
           symlink to /dev/null. This pretty much bypasses security so
           its not something to do on widearea nodes, but on local
           nodes that fine.

even when the delays table is not setup properly (cause its an
experiment swapped in under the old assign_wrapper).

for lan node delays). Also, return the vnode names for both delays
and linkdelays so that the agent knows what vnode it is operating on
behalf of. This is for the event subscription. The intent is ti get
away from the pipe number stuff.

tweaks.
Add IPALIASES to ifconfig when (vers > = 8). This is the initial
approach for doing emulated links.

but eventually did not use it. Current images still make a call to it
from libsetup but will get an empty string that doesn't affect anything.

be flushed (fingers crossed!).

Still updating the old table though, until the mods are complete.

made the queries.

that slow query log!

reserved table, since the vname is now stored in the reqp structure.
Speeds up those joins by quite a bit.

very interesting to look out and churns the logfile! Instead, just
print the number of routes/hosts returned.

but lets not take the chance.

into the initial query and save it. This removes one more query from
the isalive path, which happens a lot!

condense 4 queries into one and store that info in a request structure
that is passed to each routine. The only tricky part was getting the
queries correct, for the case that its a vnode, but otherwise its just
a zillion little edits to use the request structure instead of
function arguments.

are in the vnodes experiment on that node. This list of IPs is given
to the kernel as interfaces that a jail is allowed to bind too (those
kernel changes done by Mike). To construct this list, first look at
the list of virt_tunnels on that physnode for the experiment. In
addition, to support local jails, look at the IP list in the
interfaces table for the physnode. Basically like a doifconfig. At
some point local jails will change to use tunnels also, but for now
this will do.

Frisbee uses this to ensure that the DOS partition table entry has the
correct type for single-slice images.

like the remote nodes do, but for now do not update the up/down status
from that. I need to mess with db/node_status first to make sure there
is agreement between the parties. Note that remote nodes send one UDP
message every 60 seconds (isalive is done with a UDP). Local nodes
will send them at a slower rate, as is the practice in db/node_status
which wakes up every 5 minutes and fpings the world!

the widearea_accounts table for matches on the node_id, and returns
account info for approved users.

  - Fixes the routing problem
  - A new type "sim" has been created but not in the DB. node_types and
    nodes remain unchanged. This will change after we figure out how
    to represent in the DB the local multiple virtnodes in one phynode case
    The frontend tb_compat.tcl adds the sim type and ptopgen associates
    a huge number of sim nodes to all local PCs.
  - All simulated nodes go into one pc untill I finish coding the distributed
    nse case. Also, sim nodes go through assign but with an explicit
    "fix-node" directive in the top file. A random free pc is chosen using
    the avail script in assign_wrapper. If we don't fix node it, assign
    maps sim nodes to multiple phy nodes even when a valid all to one
    mapping is possible.
  - Syntax for nse:

   $ns make-simulated {

       set simnode1 [$ns node]
       set simnode2 [$ns node]

   }
   ...

   The old syntax

   set nsenode [$ns nsenode]
   $nsenode make-simulated {
   }

   is deprecated

  - All 38 frontend tests in the testsuite pass

  - A new table v2pmap has been added to handle multiple virt nodes to
    one phy node mapping. This is used in "tmcc hostnames" currently.

  - The phy node that is picked to run nse is loaded with a custom image
    FBSD45-NSE . This can use the default FBSD kernel if there is a mechanism
    to run at 1000HZ, have options IPFIREWALL_FORWARD and PERFMON turned on.
    The image is in the 'testbed' group. Do not delete this image.

  - Static routes now adds routes for the case dst == nexthop. The routing
    graph would be disconnected otherwise and I need to traverse this in
    assign_wrapper for nse. On the client side, such a route is filtered out in
    libsetup.pm

  - sim nodes are also correctly visualized

and passed back from tmcd mounts command to the nodes. If not defined
in the defs file, it will not be compiled into tmcd.

the log. Now we know if tmcd exited using an exit() call or by a signal

  iptonodeid. Currently, the only real change for jailflag is in
  doaccounts, which returns a normal accounts list for a jailed virtual
  node (pid,gid like local nodes), a set of tbadmin accounts for a
  physical node doing jails (so we can still log into any node even if
  its doing jails), and continues to do the old thing for widearea nodes
  not doing jails (pcremote_ok slot in projects table). Nasty, I know.

* Add dotarball command which returns a tarball to a widearea node via
  ssl. The filename must be in the tarballs list for the node (vnode),
  and the file must be in the gid of the experiment, or be owned by the
  experiment creator. Last bit of paranoia is that the resolved path
  must live in one of /proj, /groups, or /users. In addition, all of the
  FS commands are wrapped so that an NFS hangup to ops will not wedge
  tmcd completely.

* jailconfig command, which returns the current config for a jailed
  node so that mkjail can give the proper options to the jail command
  (requires Mike's hacks to the kernel and jail). Last 3 are hardwired
  as you can see, but will eventually come from the DB.

		"PORTRANGE=\"%s,%s\"\n"
		"SYSVIPC=1\n"
		"INETRAW=1\n"
		"BPFRO=1\n", row[0], row[1]);

* Do not return any mounts for jail nodes until we figure out the SFS
  thing.

* Change format of vnodelist so that when a node boots it determine if
  the vnodes that need to be started should be jailed or not.

* Add nodeid command so that widearea nodes can find out their emulab
  ID; useful for cvsup.

* Clear some compiler warnings Mac left behind.

Changes to watch out for:

- db calls that change boot info in nodes table are now calls to os_select

- whenever you want to change a node's pxe boot info, or def or next boot
osids or paths, use os_select.

- when you need to wait for a node to reach some point in the boot process
(like ISUP), check the state in the database using the lib calls

- Proxydhcp now sends a BOOTING state for each node that it talks to.

- OSs that don't send ISUP will have one generated for them by stated
either when they ping (if they support ping) or immediately after they get
to BOOTING.

- States now have timeouts. Actions aren't currently carried out, but they
will be soon. If you notice problems here, let me know... we're still
tuning it. (Before all timeouts were set to "none" in the db)

One temporary change:

- While I make our new free node manager daemon (freed), all nodes are
forced into reloading when they're nfreed and the calls to reset the os
are disabled (that will move into freed).

routes can be listed for each interface on a node, and so that the
route list can be converted into an ipfw chain on the client for nse.
Add tmcd command to return the entire route list for the experiment.

first talking to tmcd to get the ntpdrift and ntp server/peer lists.
This is a strict wrapper so it should be invoked from /etc/rc.conf
like this:

	xntpd_program="/usr/local/etc/emulab/ntpstart"
	xntpd_flags="/usr/sbin/ntpd -p /var/run/ntpd.pid"

which is to say that this program passes it entire argument list off
to the shell once it sets up the config file. We fire off ntp no
matter what happens though, and allow for no actual changes to the
config file if tmcd does not provide anything.

TMCD: Add ntpinfo and ntpdrift commands, as per Mike's specification.
ntpinfo returns lines like:
	SERVER=nnn.nnn.nnn.nnn
	...
	PEER=nnn.nnn.nnn.nnn
	...
	DRIFT=nnn.nn

and "ntpdrift nnn.nn" allows the current drift setting to be placed
into the DB, although thats not currently happening. In the DB,
ntpdrift is a new float slot in the nodes table, that defaults to
NULL. The servers/peers are stored in a new table that looks like
this:

	+---------+---------+--------+
	| node_id | IP      | type   |
	+---------+---------+--------+
	| wa32    | 1.1.1.1 | server |
	| wa32    | 1.1.1.2 | server |
	| wa32    | 1.1.1.3 | peer   |
	| wa32    | 1.1.1.4 | peer   |
	+---------+---------+--------+

instead of links to the pid directory, just point to the top level
project directory. Its all there anyway. Ditto for groups. Note, this
has the nice side effect that /proj/.sfs exists everywhere, and so the
certprog returns good info no matter where you are!

connected. We now set them up for all nodes that we have a route to.
But, if we have routes to more than one interface, we pick one
essentially at random - if the user cares about the route a packet
takes, they should be using IPs or the 'real' hostnames.  Handles both
host and network routes.

Also, cleaned out some old code that wasn't needed any more.