and provide a web interface to look at them.

For InstaGeni, need to record and be able to search for history by
control net mac address. We now record this in the node_history table,
with corresponding change to the ShowNodeHistory web page.

The backend changes required are that we 1) actually generate a mac
address for VMs and stick it into the interfaces record, 2) return
that mac from tmcd in the jailconfig, and 3) have the openvz library
create the control net interface using that mac.

On the openvz image, needed to switch to using a control network
bridge for all interfaces (not just routable ones) so that traffic
leaves the node with the correct mac.

not 000000000000.

address that is assigned. For ProtoGeni.

* Get rid of all use of component_hops; this was our original syntax
  before the stitching path stuff was nailed down.

* Allow a vlan tag to be requested in the link statement:

    <link client_id="link0" vlantag="765">
      <interface_ref client_id="geni1:if0" />
  
* Support vlan tag requests in the stiching path part:

    <vlanRangeAvailability>765</vlanRangeAvailability>
    <suggestedVLANRange>765</suggestedVLANRange>

  This is the only support at the moment; none of the range stuff is
  done. Further, if you really want things to work, make sure all the
  hops have the same vlan tag cause we don't do vlan translation
  internally or at our edge points.

* Utah only change in the mapper; when trying to use a shared vlan
  whose tag is great then 1000, demand the "highvlan" feature on the
  nodes in the lan. Only some of our switches to high numbered vlans.

that are in the reserved_vlantags table, but are not referenced
by an actual lan object in the lans table.

We had a couple of different problems actually.

* We allow users to insert html into many DB fields (say, a project or
  experiment description).

* We did not sanitize that output when displaying back.

* We did not sanitize initial page arguments that were reflected in the
  output (say, in a form).

Since no one has the time to analyze every line of code, I took a couple of
shortcuts. The first is that I changed the regex table to not allow any <>
chars to go from the user into the DB. Brutal, but in fact there are only a
couple of places where a user legitimately needs them. For example, a
startup command that includes redirection. I handle those as special
cases. As more come up, we can fix them.

I did a quick pass through all of the forms, and made sure that we run
htmlspecialchars on everything including initial form args. This was not
too bad cause of the way all of the forms are structured, with a
"formfields" array.

I also removed a bunch of obsolete code and added an update script to
actually remove them from the www directory.

Lastly, I purged some XMLRPC code I did a long time ago in the Begin
Experiment path. Less complexity, easier to grok and fix.

	modified:   sql/database-fill.sql
	modified:   sql/dbfill-update.sql

The code to determine what ports need to be trunked or untrunked was
blindly picking all ports for the experiment, instead of restricting
them to those in the vlans being operated on. The result was a missing
device from the stack.

to libvtop.

People try to fix pc433 to pc433. The former is a node in the topo,
the later is a physical node. Causes confusion, breaks. Look for
this corner case.

Allow lans that use shared lans, to have more then one port. So now
you can do this in your rspec:

   <link client_id="link0">
     <vlan:link_shared_vlan name="openflow-mesoscale" />
     <interface_ref client_id="node1:if" />
     <interface_ref client_id="node2:if" />
   </link>

The GPO wants this for the protogeni racks. We now build reverse
map files for the 172.16 subnet, although we do it on a /16 boundry
to avoid a zillion zone files.

I am not planning to write an update script for this, since it would
require scripting changes to named.conf, which I am loath to do. So I
will do it by hand in Utah, and new sites (racks) will get it. If a
site wants it:

	boss> cd obj/named

Copy all of the 172 files to /etc/named/reverse
Copy all of the 172 zone entries from named.conf to /etc/named/named.conf

	boss> named_setup

Did the pubsub one a long time ago, but added a frisbee one as well.

The pubsub dissector has not been tested in its wireshark 1.8 incarnation,
I just converted it from the 1.2.10 version and made sure it compiled.
The frisbee dissector just supports the base UDP protocol (not the TCP
master server protocol) and doesn't implement wireshark conversations.

This last few commits were the result of a two-day trip into the weeds.
This started out as getting a hack shared 10Gb LAN working on the new 820
nodes. Then I decided to test it out by running frisbee at high bandwidth
over that LAN. Next thing you know, I'm out in the fields, looking at
frisbee traces and tweaking Linux sysctls...

In at least the Linux 3.2 kernel on Ubuntu 12, setsockopt to set the socket
buffer size does not return an error if you try to set a value higher than
the kernel max. So we do an immediately following getsockopt to verify.

This will prevent the server from over-driving the send socket (leading to
re-requests of blocks from clients) for really high bandwidth values (i.e.,
with large burst sizes).

Sort them by the node_id the admins assigned, rather than by the
order they were added in.

avoid warnings from the Frontier library.

Til we have snmpit working on the Arista, we statically configure a single
10Gb LAN and put one interface from each of the d820s into it.

This is controlled by setting the node_attribute.shared_lan_* attributes
for each node (ip,mask,mac,speed).