Cleaned up, tests updated, readme updated

2025-01-19 03:06:26 +00:00 · 2015-12-15 14:50:54 -08:00 · 2015-12-15 14:50:54 -08:00 · 9dc59eff76
commit 9dc59eff76
parent a6c5596782
17 changed files with 25 additions and 69 deletions
--- a/make-linux.mk
+++ b/make-linux.mk
@ -96,6 +96,7 @@ one:	$(OBJS) service/OneService.o one.o osdep/LinuxEthernetTap.o
 	ln -sf zerotier-one zerotier-cli

 netcon: $(OBJS)
+	rm -f *.o
 	# Need to selectively rebuild one.cpp and OneService.cpp with ZT_SERVICE_NETCON and ZT_ONE_NO_ROOT_CHECK defined, and also NetconEthernetTap
 	$(CXX) $(CXXFLAGS) $(LDFLAGS) -DZT_SERVICE_NETCON -DZT_ONE_NO_ROOT_CHECK -Iext/lwip/src/include -Iext/lwip/src/include/ipv4 -Iext/lwip/src/include/ipv6 -o zerotier-netcon-service $(OBJS) service/OneService.cpp netcon/NetconEthernetTap.cpp one.cpp $(LDLIBS) -ldl
 	# Build netcon/liblwip.so which must be placed in ZT home for zerotier-netcon-service to work
--- a/netcon/Intercept.c
+++ b/netcon/Intercept.c
@ -216,7 +216,7 @@ static int send_cmd(int rpc_fd, char *cmd)
 #endif
  /* Combine command flag+payload with RPC metadata */
  memcpy(&metabuf[IDX_PAYLOAD], cmd, PAYLOAD_SZ);
-  usleep(100000);
+  //usleep(100000);
  int n_write = write(rpc_fd, &metabuf, BUF_SZ);
  if(n_write < 0){
    dwr(MSG_DEBUG,"Error writing command to service (CMD = %d)\n", cmd[0]);
@ -395,7 +395,6 @@ int setsockopt(SETSOCKOPT_SIG)
  return 0;
 }

-
 /*------------------------------------------------------------------------------
 --------------------------------- getsockopt() ---------------------------------
 ------------------------------------------------------------------------------*/
@ -689,7 +688,6 @@ int accept4(ACCEPT4_SIG)
  return newfd;
 }

-
 /*------------------------------------------------------------------------------
 ----------------------------------- accept() -----------------------------------
 ------------------------------------------------------------------------------*/
@ -761,7 +759,7 @@ int accept(ACCEPT_SIG)
  /* The following line is required for libuv/nodejs to accept connections properly,
  however, this has the side effect of causing certain webservers to max out the CPU
  in an accept loop */
-  fcntl(sockfd, F_SETFL, O_NONBLOCK);
+  fcntl(sockfd, F_SETFL, SOCK_NONBLOCK);
  int new_conn_socket = get_new_fd(sockfd);

  if(new_conn_socket > 0)
@ -850,7 +848,7 @@ int listen(LISTEN_SIG)
 }

 /*------------------------------------------------------------------------------
-------------------------------------- clone()----------------------------------
+-------------------------------------- clone() ---------------------------------
 ------------------------------------------------------------------------------*/

 /* int (*fn)(void *), void *child_stack, int flags, void *arg, ... */
@ -867,7 +865,7 @@ int clone(CLONE_SIG)
 }

 /*------------------------------------------------------------------------------
------------------------------------- close()-----------------------------------
+------------------------------------- close() ----------------------------------
 ------------------------------------------------------------------------------*/

 /* int fd */
@ -887,7 +885,7 @@ int close(CLOSE_SIG)
 }

 /*------------------------------------------------------------------------------
-------------------------------------- dup2()-----------------------------------
+-------------------------------------- dup2() ----------------------------------
 ------------------------------------------------------------------------------*/

 /* int oldfd, int newfd */
@ -910,7 +908,7 @@ int dup2(DUP2_SIG)
 }

 /*------------------------------------------------------------------------------
-------------------------------------- dup3()-----------------------------------
+-------------------------------------- dup3() ----------------------------------
 ------------------------------------------------------------------------------*/

 /* int oldfd, int newfd, int flags */
@ -933,7 +931,7 @@ int dup3(DUP3_SIG)
 }

 /*------------------------------------------------------------------------------
-------------------------------------- getsockname()----------------------------
+-------------------------------- getsockname() ---------------------------------
 ------------------------------------------------------------------------------*/

 /* define GETSOCKNAME_SIG int sockfd, struct sockaddr *addr, socklen_t *addrlen */
@ -977,7 +975,7 @@ int getsockname(GETSOCKNAME_SIG)
 }

 /*------------------------------------------------------------------------------
------------------------------------ syscall()----------------------------------
+------------------------------------ syscall() ---------------------------------
 ------------------------------------------------------------------------------*/

 long syscall(SYSCALL_SIG){
--- a/netcon/NetconEthernetTap.cpp
+++ b/netcon/NetconEthernetTap.cpp
@ -57,15 +57,6 @@ namespace ZeroTier {

 // ---------------------------------------------------------------------------

-/*
-static void clearscreen(){
-	fprintf(stderr, "\033[2J");
-}
-static void gotoxy(int x,int y) {
-    fprintf(stderr, "%c[%d;%df",0x1B,y,x);
-}
-*/
-
 // Gets the process/path name associated with a pid
 static void get_path_from_pid(char* dest, int pid)
 {
@ -75,17 +66,6 @@ static void get_path_from_pid(char* dest, int pid)
  }
 }

-// Gets the process/path name associated with a fd
-/*
-static void get_path_from_fd(char* dest, int pid, int fd)
-{
-	char ppfd[80];
-	sprintf(ppfd, "/proc/%d/fd/%d", pid, fd);
-	if (readlink (ppfd, dest, 80) != -1){
-	}
-}
-*/
-
 static err_t tapif_init(struct netif *netif)
 {
  // Actual init functionality is in addIp() of tap
@ -1021,14 +1001,6 @@ void NetconEthernetTap::nc_err(void *arg, err_t err)
 */
 err_t NetconEthernetTap::nc_poll(void* arg, struct tcp_pcb *tpcb)
 {
-	//Larg *l = (Larg*)arg;
-	/*
-	Larg *l = (Larg*)arg;
-	TcpConnection *conn = l->conn;
-	NetconEthernetTap *tap = l->tap;
-	if(conn && conn->idx) // if valid connection and non-zero index (indicating data present)
-		tap->handle_write(conn);
-	*/
 	return ERR_OK;
 }

@ -1365,7 +1337,7 @@ void NetconEthernetTap::handle_listen(PhySocket *sock, void **uptr, struct liste
 ? := required treatment Unknown
 - := Not needed

-	[-] EACCES - Permission to create a socket of the specified type and/or protocol is denied.
+  [-] EACCES - Permission to create a socket of the specified type and/or protocol is denied.
  [I] EAFNOSUPPORT - The implementation does not support the specified address family.
  [I] EINVAL - Unknown protocol, or protocol family not available.
  [I] EINVAL - Invalid flags in type.
@ -1524,7 +1496,6 @@ void NetconEthernetTap::handle_connect(PhySocket *sock, void **uptr, struct conn

 void NetconEthernetTap::handle_write(TcpConnection *conn)
 {
-	//dwr(MSG_DEBUG, " handle_write()\n");
 	float max = (float)TCP_SND_BUF;
 	int r;

--- a/netcon/README.md
+++ b/netcon/README.md
@ -25,11 +25,13 @@ The virtual TCP/IP stack will respond to *incoming* ICMP ECHO requests, which me

 #### Compatibility Test Results

-	sshd (debug mode -d)     [ WORKS  as of 20151208 ] Fedora 22/23, Centos 7, Ubuntu 14.04
-	apache (debug mode -X)   [ WORKS  as of 20151208 ] 2.4.6 on Centos 7, 2.4.16 and 2.4.17 on Fedora 22/23
-	nginx                    [ WORKS  as of 20151208 ] 1.8.0 on both Fedora 22/23 and Ubuntu 14.04
-	nodejs                   [ WORKS  as of 20151208 ] 0.10.36 Fedora 22/23 (disabled, see note in accept() in netcon/Intercept.c)
-	redis-server             [ WORKS  as of 20151208 ] 3.0.4 on Fedora 22/23
+The following applications have been tested and confirmed to work for the beta release:
+
+	sshd (debug mode -d)     [ WORKS  as of 20151215 ] Fedora 22/23, Centos 7, Ubuntu 14.04
+	apache (debug mode -X)   [ WORKS  as of 20151215 ] 2.4.6 on Centos 7, 2.4.16 and 2.4.17 on Fedora 22/23
+	nginx                    [ WORKS  as of 20151215 ] 1.8.0 on both Fedora 22/23 and Ubuntu 14.04
+	nodejs                   [ WORKS  as of 20151215 ] (note: some LTS versions are known to have a connection accept bug)
+	redis-server             [ WORKS  as of 20151215 ] 3.0.4 on Fedora 22/23

 It is *likely* to work with other things but there are no guarantees. UDP, ICMP/RAW, and IPv6 support are planned for the near future.

@ -82,23 +84,19 @@ What are you pinging? What is happening here?

 The *zerotier-netcon-service* binary has joined a *virtual* network and is running a *virtual* TCP/IP stack entirely in user space. As far as your system is concerned it's just another program exchanging UDP packets with a few other hosts on the Internet and nothing out of the ordinary is happening at all. That's why you never had to type *sudo*. It didn't change anything on the host.

-Now you can run an application inside your network container. For testing we've included in the *misc/* subfolder a [tiny single-C-file HTTP server](https://github.com/elly/1k/blob/master/httpd.c). To build it run (from *ZeroTierOne/netcon*):
-
-    gcc -o tiny-httpd netcon/misc/httpd.c
-
-That builds a very tiny HTTP server that serves static pages. Now you can run it network-containerized:
+Now you can run an application inside your network container. 

    export LD_PRELOAD=/path/to/ZeroTierOne/libzerotierintercept.so
    export ZT_NC_NWID=8056c2e21c000001
-    ./tiny-httpd -p 80 .
+    zerotier-intercept python -m SimpleHTTPServer 8080

 Note the lack of sudo, even to bind to port 80. That's because you're not binding to port 80, at least not as far as the Linux kernel is concerned. If all went well the HTTP server is now listening, but only inside the network container. Going to port 80 on your machine won't work. To reach it, go to the other system where you joined the same network with a conventional ZeroTier instance and try:

-    curl http://NETCON.INSTANCE.IP/
+    curl http://NETCON.INSTANCE.IP:8080/

 Replace *NETCON.INSTANCE.IP* with the IP address that *zerotier-netcon-service* was assigned on the virtual network. (This is the same IP you pinged in your first test.) If everything works, you should get back a copy of ZeroTier One's main README.md file.

-In the original shell where you ran *tiny-httpd* you can type CTRL+C to kill it. To turn off network containers you can clear the environment variables:
+In the original shell where you ran *python -m SimpleHTTPServer* you can type CTRL+C to kill it. To turn off network containers you can clear the environment variables:

    unset LD_PRELOAD
    unset ZT_NC_NWID
--- a/netcon/common.inc.c
+++ b/netcon/common.inc.c
@ -39,7 +39,7 @@
 #include <fcntl.h>


-#define DEBUG_LEVEL 4
+#define DEBUG_LEVEL 0

 #define MSG_WARNING     4
 #define MSG_ERROR       1 // Errors
--- a/netcon/docker-test/_build_single_image.sh
+++ b/netcon/docker-test/_build_single_image.sh
@ -20,7 +20,6 @@ cp ../../monitor_identity.secret monitor_identity.secret
 docker build --tag="$test_name" -f netcon_dockerfile .
 docker build --tag="$test_name"_monitor -f monitor_dockerfile .

-rm -f zerotier-one
 rm -f zerotier-cli
 rm -f zerotier-netcon-service
 rm -f zerotier-intercept
--- a/netcon/docker-test/build_zt.sh
+++ b/netcon/docker-test/build_zt.sh
@ -4,14 +4,11 @@
 # copies the binaries into the test directory.

 cd ../../
-
 make clean
-make netcon
 make one
-
+make netcon
 cd netcon/docker-test

-cp ../../zerotier-one zerotier-one
 cp ../../zerotier-cli zerotier-cli
 cp ../../zerotier-netcon-service zerotier-netcon-service
 cp ../../libzerotierintercept.so libzerotierintercept.so
@ -19,3 +16,5 @@ cp ../../libzerotierintercept.so libzerotierintercept.so
 cp ../liblwip.so liblwip.so
 cp ../zerotier-intercept zerotier-intercept

+cp ../../zerotier-one zerotier-one
+
--- a/netcon/docker-test/httpd/httpd-2.4.16-1.fc23.x86_64/netcon_dockerfile
+++ b/netcon/docker-test/httpd/httpd-2.4.16-1.fc23.x86_64/netcon_dockerfile
@ -27,7 +27,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so
 RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept
 RUN /usr/bin/install -c zerotier-intercept /usr/bin

-ADD zerotier-one /
 ADD zerotier-cli /
 ADD zerotier-netcon-service /

--- a/netcon/docker-test/httpd/httpd-2.4.16-1.ub14.x86_64/netcon_dockerfile
+++ b/netcon/docker-test/httpd/httpd-2.4.16-1.ub14.x86_64/netcon_dockerfile
@ -28,7 +28,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so
 RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept
 RUN /usr/bin/install -c zerotier-intercept /usr/bin

-ADD zerotier-one /
 ADD zerotier-cli /
 ADD zerotier-netcon-service /

--- a/netcon/docker-test/httpd/httpd-2.4.17-3.fc23.x86_64/netcon_dockerfile
+++ b/netcon/docker-test/httpd/httpd-2.4.17-3.fc23.x86_64/netcon_dockerfile
@ -27,7 +27,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so
 RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept
 RUN /usr/bin/install -c zerotier-intercept /usr/bin

-ADD zerotier-one /
 ADD zerotier-cli /
 ADD zerotier-netcon-service /

--- a/netcon/docker-test/httpd/httpd_demo/netcon_dockerfile
+++ b/netcon/docker-test/httpd/httpd_demo/netcon_dockerfile
@ -30,7 +30,6 @@ ADD *.conf /var/lib/zerotier-one/networks.d/
 ADD *.conf /
 ADD *.name /

-ADD zerotier-one /
 ADD zerotier-cli /

 # Install test scripts
--- a/netcon/docker-test/nginx/nginx-1.4.6-1.ub14.x86_64/netcon_dockerfile
+++ b/netcon/docker-test/nginx/nginx-1.4.6-1.ub14.x86_64/netcon_dockerfile
@ -30,7 +30,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so
 RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept
 RUN /usr/bin/install -c zerotier-intercept /usr/bin

-ADD zerotier-one /
 ADD zerotier-cli /
 ADD zerotier-netcon-service /

--- a/netcon/docker-test/nginx/nginx-1.8.0-13.fc23.x86_64/netcon_dockerfile
+++ b/netcon/docker-test/nginx/nginx-1.8.0-13.fc23.x86_64/netcon_dockerfile
@ -27,7 +27,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so
 RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept
 RUN /usr/bin/install -c zerotier-intercept /usr/bin

-ADD zerotier-one /
 ADD zerotier-cli /
 ADD zerotier-netcon-service /

--- a/netcon/docker-test/nginx/nginx-1.8.0-14.fc23.x86_64/netcon_dockerfile
+++ b/netcon/docker-test/nginx/nginx-1.8.0-14.fc23.x86_64/netcon_dockerfile
@ -27,7 +27,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so
 RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept
 RUN /usr/bin/install -c zerotier-intercept /usr/bin

-ADD zerotier-one /
 ADD zerotier-cli /
 ADD zerotier-netcon-service /

--- a/netcon/docker-test/nodejs/nodejs-0.10.36-4.fc23/netcon_dockerfile
+++ b/netcon/docker-test/nodejs/nodejs-0.10.36-4.fc23/netcon_dockerfile
@ -30,7 +30,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so
 RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept
 RUN /usr/bin/install -c zerotier-intercept /usr/bin

-ADD zerotier-one /
 ADD zerotier-cli /
 ADD zerotier-netcon-service /

--- a/netcon/docker-test/redis/redis-3.0.4-1.fc23.x86_64/netcon_dockerfile
+++ b/netcon/docker-test/redis/redis-3.0.4-1.fc23.x86_64/netcon_dockerfile
@ -27,7 +27,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so
 RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept
 RUN /usr/bin/install -c zerotier-intercept /usr/bin

-ADD zerotier-one /
 ADD zerotier-cli /
 Add zerotier-netcon-service /

--- a/netcon/docker-test/sshd/openssh-server-7.1p1-3.fc23.x86_64/netcon_dockerfile
+++ b/netcon/docker-test/sshd/openssh-server-7.1p1-3.fc23.x86_64/netcon_dockerfile
@ -27,7 +27,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so
 RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept
 RUN /usr/bin/install -c zerotier-intercept /usr/bin

-ADD zerotier-one /
 ADD zerotier-cli /

 # Install test scripts