1. 28 Nov, 2004 1 commit
  2. 12 Apr, 2004 1 commit
    • Mike Hibler's avatar
      Getting back ETIMEDOUT from a socket read should not be fatal to capture. · 76e1528a
      Mike Hibler authored
      Now it is treaded just like ECONNRESET.
      
      Also, don't clobber the read errno with the intermediate sigsetmask call
      (though it should never fail and errno should never be affected)
      
      Change warn() to warning() to avoid conflict with standard BSD library
      routine.  This showed up when statically linking capture.
      76e1528a
  3. 06 Nov, 2003 1 commit
    • Leigh Stoller's avatar
      Minor changes to capserver authtication model; capserver now requires · ef94125e
      Leigh Stoller authored
      that capture connect on a reserved port. To do this, capture binds a
      dynamic reserved port to connect to capserver, which verifies the
      integrity of the sender by looking at the portnumber that accept
      returns.
      
      Note that this has the potential problem of burning a lot of reserved
      ports on ops (128 tiplines) since the kernel keeps the client side in
      TIME_WAIT for a minute or two after it is closed (the socket is in
      actual use for just a moment before being closed). If we try to
      restart capture too many times within a span of a minute or two, we
      might have problems. Will have to switch to a fancier protocol then.
      Yuck.
      ef94125e
  4. 15 Oct, 2003 1 commit
    • Mike Hibler's avatar
      Uniform syslog'ing. Change everything I could find to use a syslog facility · cc6d6fa7
      Mike Hibler authored
      as defined in the defs-* file (e.g. "TBLOGFACIL=local2").  The default is
      "local5" which is what we are setup to use so you shouldn't need to mess
      with your defs- file!
      
      perl scripts just get this value configured in when configure is run.
      C programs get the value in two ways.  For programs that are intimate with
      the testbed infrastructure, and include "config.h", they just get it from
      that file.  For programs that we sometimes use outside the Emulab build
      environment (e.g., frisbee, capture) and that don't include config.h,
      the value is set via a "-DLOG_TESTBED=..." in the GNUmakefile build line.
      If the value isn't set, it defaults to what it used to be (usually LOG_USER).
      
      Still to do: healthd, hmcd (whose build doesn't seem to be completely
      integrated) and plabdaemon.in (since its icky python :-)
      cc6d6fa7
  5. 02 Jun, 2003 2 commits
  6. 24 Mar, 2003 1 commit
  7. 30 Jan, 2003 2 commits
  8. 12 Jan, 2003 1 commit
  9. 10 Jan, 2003 1 commit
  10. 10 Sep, 2002 1 commit
  11. 15 Jul, 2002 1 commit
    • Mike Hibler's avatar
      Do strict serialization of signal handling. We had at least once race · eb87e17d
      Mike Hibler authored
      condition that was probably caused by unexpected parallelism.
      
      One semantic change is that we used to block SIGTERM (but not SIGINT, which
      also would quit) during read/write operations.  I don't do that anymore,
      so if you kill capture, the log could lose some console output.
      eb87e17d
  12. 10 Jul, 2002 1 commit
  13. 04 Jul, 2002 1 commit
  14. 28 Jun, 2002 1 commit
  15. 11 Jun, 2002 2 commits
    • Chad Barb's avatar
      Minor fix. · 64eab53c
      Chad Barb authored
      64eab53c
    • Chad Barb's avatar
      · 5470d280
      Chad Barb authored
      Changed default path, made it a #define.
      5470d280
  16. 04 Jun, 2002 1 commit
  17. 05 Apr, 2002 1 commit
    • Chad Barb's avatar
      Added SSL to capture (enabled with -DWITHSSL) · 2e536ba3
      Chad Barb authored
      To tip (or tiptunnel on a normal acl,) capture behaves the same.
      However, if a client connects and presents "USESSL" as the first six characters of their
      connection key, both sides initiate SSL negotiation.
      The server then attempts to get the key again. The second one is used for the check.
      
      SSL initialization is done on the first attempt by a client to connect via SSL.
      Capture assumes $(prefix)/etc/capture/cert.pem contains its certificate unless
      the '-c <certfile>' option is used.. if the certificate is not found or invalid, that
      connection fails, but normal connections will still succeed (and it will try to find the file
      again, next time an SSL connection is attempted.)
      
      On the client side, tiptunnel only uses ssl if there is a "ssl-server-cert:"
      property in the acl file. This is the SHA hash of the certificate that the capture server is
      expected to have (in hex.) If the certificate presented by the server does not hash to the
      same value, the connection is dropped.
      2e536ba3
  18. 11 Feb, 2002 1 commit
  19. 10 Jan, 2002 1 commit
    • Leigh Stoller's avatar
      A set of capture/capserver/DB changes. · 8ec05f0d
      Leigh Stoller authored
      Capserver and capture now handshake the owner/group of the tipline.
      Owner is defaults to root, and the group defaults to root when the
      node is not allocated. Capture will do the chmod after the handshake,
      so if boss is down when capture starts, the acl/run file will get 0,0,
      but will get the proper owner/group later after its able to handshake.
      As a result, console_setup.proxy was trimmed down and cleaned up a
      bit, since it no longer has to muck with some of this stuff.
      
      A second change was to support multiple tiplines per node. I have
      modified the tiplines table as such:
      
      	| Field   | Type        | Null | Key | Default | Extra |
      	+---------+-------------+------+-----+---------+-------+
      	| tipname | varchar(32) |      | PRI |         |       |
      	| node_id | varchar(10) |      |     |         |       |
      	| server  | varchar(64) |      |     |         |       |
      
      That is, the name of the tip device (given to capture) is the unique
      key, and there can be multiple tiplines associated with each node.
      console_setup now uses the tiplines table to determine what tiplines
      need to be reset; used to be just the name of the node_id passed into
      console_setup. Conversely, capserver uses the tipname to map back to
      the node_id, so that it can get the owner/group from the reserved
      table.
      
      I also removed the shark hack from nalloc, nfree, and console_reset,
      since there is no longer any need for that; this can be described
      completely now with tiplines table entries. If we ever bring the
      sharks back, we will need to generate new entries. Hah!
      8ec05f0d
  20. 09 Jan, 2002 2 commits
  21. 29 Aug, 2001 1 commit
    • Leigh Stoller's avatar
      Fixup capture/tip/power_rpc27 so that capture returns a positive · ed55f418
      Leigh Stoller authored
      ack/nak for a connection so that the connecting process knows what the
      hell is going on. Turned out to be necessary for power control since
      we do that in parallel, and because it stays busy for 10 seconds on
      each power control. I think we will end up revisiting this at some
      point, adding blocking connections instead of connect/fail status.
      ed55f418
  22. 28 Aug, 2001 1 commit
  23. 22 Aug, 2001 1 commit
  24. 16 Aug, 2001 1 commit
  25. 14 Aug, 2001 1 commit
    • Leigh Stoller's avatar
      Move .acl file into tiplogs directory since nothing in /dev/tip · 3a67ca5f
      Leigh Stoller authored
      is actually used anymore.
      Added a "generic" entry to /etc/remote so that we do not need tip
      entries for each node; they all look the same anyway.
      Change tip to lookup up generic /etc/remote entry, just to make
      tip happy. The acl file comes from the tiplogs directory, as
      set in the header file.
      3a67ca5f
  26. 13 Aug, 2001 2 commits
  27. 09 Aug, 2001 1 commit
  28. 24 Jul, 2001 1 commit
    • Leigh Stoller's avatar
      Checkpoint new version of capture/tip that is sockets based instead · 34499cb6
      Leigh Stoller authored
      of pty/tty based (since they have several annoying problems
      associated). Note that permission is granted via the use of an "acl"
      file; /dev/tip/machine.acl, which must be set to the group of the
      project the node is in, so the user can read out the process id number
      and the random bits that are used by capture to grant permission to
      use (tip sends the random bits across first thing). This handshake is
      due to change to a request/challenge scheme as described by Dave in
      email to the testbed list.
      34499cb6
  29. 26 Jun, 2001 2 commits
  30. 29 Mar, 2001 1 commit
  31. 05 Jan, 2001 1 commit
  32. 03 Jan, 2001 1 commit
  33. 02 Jan, 2001 2 commits