1. 11 Jul, 2012 12 commits
    • Leigh B Stoller's avatar
      Cleanup in the web interface to prevent XSS attacks. · 6cf701f9
      Leigh B Stoller authored
      We had a couple of different problems actually.
      
      * We allow users to insert html into many DB fields (say, a project or
        experiment description).
      
      * We did not sanitize that output when displaying back.
      
      * We did not sanitize initial page arguments that were reflected in the
        output (say, in a form).
      
      Since no one has the time to analyze every line of code, I took a couple of
      shortcuts. The first is that I changed the regex table to not allow any <>
      chars to go from the user into the DB. Brutal, but in fact there are only a
      couple of places where a user legitimately needs them. For example, a
      startup command that includes redirection. I handle those as special
      cases. As more come up, we can fix them.
      
      I did a quick pass through all of the forms, and made sure that we run
      htmlspecialchars on everything including initial form args. This was not
      too bad cause of the way all of the forms are structured, with a
      "formfields" array.
      
      I also removed a bunch of obsolete code and added an update script to
      actually remove them from the www directory.
      
      Lastly, I purged some XMLRPC code I did a long time ago in the Begin
      Experiment path. Less complexity, easier to grok and fix.
      
      	modified:   sql/database-fill.sql
      	modified:   sql/dbfill-update.sql
      6cf701f9
    • Leigh B Stoller's avatar
      d1d3ff11
    • Leigh B Stoller's avatar
      Bug fix for handling shared vlans and trunked ports. · 52143046
      Leigh B Stoller authored
      The code to determine what ports need to be trunked or untrunked was
      blindly picking all ports for the experiment, instead of restricting
      them to those in the vlans being operated on. The result was a missing
      device from the stack.
      52143046
    • Leigh B Stoller's avatar
      fd839f77
    • Leigh B Stoller's avatar
      bd236641
    • Leigh B Stoller's avatar
      Bug fix for fixing VMs to nodes. Changes to shared vlans. · a31ae886
      Leigh B Stoller authored
      People try to fix pc433 to pc433. The former is a node in the topo,
      the later is a physical node. Causes confusion, breaks. Look for
      this corner case.
      
      Allow lans that use shared lans, to have more then one port. So now
      you can do this in your rspec:
      
         <link client_id="link0">
           <vlan:link_shared_vlan name="openflow-mesoscale" />
           <interface_ref client_id="node1:if" />
           <interface_ref client_id="node2:if" />
         </link>
      a31ae886
    • Leigh B Stoller's avatar
      Add reverse DNS lookup for the jail network. · bee73f22
      Leigh B Stoller authored
      The GPO wants this for the protogeni racks. We now build reverse
      map files for the 172.16 subnet, although we do it on a /16 boundry
      to avoid a zillion zone files.
      
      I am not planning to write an update script for this, since it would
      require scripting changes to named.conf, which I am loath to do. So I
      will do it by hand in Utah, and new sites (racks) will get it. If a
      site wants it:
      
      	boss> cd obj/named
      
      Copy all of the 172 files to /etc/named/reverse
      Copy all of the 172 zone entries from named.conf to /etc/named/named.conf
      
      	boss> named_setup
      bee73f22
    • Leigh B Stoller's avatar
    • Leigh B Stoller's avatar
      Add some time stamps. · ef21ee90
      Leigh B Stoller authored
      ef21ee90
    • Leigh B Stoller's avatar
    • Leigh B Stoller's avatar
      Minor fix. · 652bed4a
      Leigh B Stoller authored
      652bed4a
    • Leigh B Stoller's avatar
  2. 10 Jul, 2012 2 commits
  3. 08 Jul, 2012 3 commits
    • Mike Hibler's avatar
      Patch to add frisbee and pubsub dissectors to wireshark. · 388ef6bc
      Mike Hibler authored
      Did the pubsub one a long time ago, but added a frisbee one as well.
      
      The pubsub dissector has not been tested in its wireshark 1.8 incarnation,
      I just converted it from the 1.2.10 version and made sure it compiled.
      The frisbee dissector just supports the base UDP protocol (not the TCP
      master server protocol) and doesn't implement wireshark conversations.
      
      This last few commits were the result of a two-day trip into the weeds.
      This started out as getting a hack shared 10Gb LAN working on the new 820
      nodes. Then I decided to test it out by running frisbee at high bandwidth
      over that LAN. Next thing you know, I'm out in the fields, looking at
      frisbee traces and tweaking Linux sysctls...
      388ef6bc
    • Mike Hibler's avatar
      For dynamic socket buffer sizing, don't trust the return value of setsockopt · acd929c1
      Mike Hibler authored
      In at least the Linux 3.2 kernel on Ubuntu 12, setsockopt to set the socket
      buffer size does not return an error if you try to set a value higher than
      the kernel max. So we do an immediately following getsockopt to verify.
      
      This will prevent the server from over-driving the send socket (leading to
      re-requests of blocks from clients) for really high bandwidth values (i.e.,
      with large burst sizes).
      acd929c1
    • Mike Hibler's avatar
      Fix some bitrot in the tracing functions. · 58c871e1
      Mike Hibler authored
      58c871e1
  4. 06 Jul, 2012 4 commits
  5. 05 Jul, 2012 1 commit
  6. 03 Jul, 2012 6 commits
  7. 02 Jul, 2012 12 commits