diff options
17 files changed, 25 insertions, 69 deletions
diff --git a/make-linux.mk b/make-linux.mk index 5ea0049c..67fda7a1 100644 --- a/make-linux.mk +++ b/make-linux.mk @@ -96,6 +96,7 @@ one: $(OBJS) service/OneService.o one.o osdep/LinuxEthernetTap.o ln -sf zerotier-one zerotier-cli netcon: $(OBJS) + rm -f *.o # Need to selectively rebuild one.cpp and OneService.cpp with ZT_SERVICE_NETCON and ZT_ONE_NO_ROOT_CHECK defined, and also NetconEthernetTap $(CXX) $(CXXFLAGS) $(LDFLAGS) -DZT_SERVICE_NETCON -DZT_ONE_NO_ROOT_CHECK -Iext/lwip/src/include -Iext/lwip/src/include/ipv4 -Iext/lwip/src/include/ipv6 -o zerotier-netcon-service $(OBJS) service/OneService.cpp netcon/NetconEthernetTap.cpp one.cpp $(LDLIBS) -ldl # Build netcon/liblwip.so which must be placed in ZT home for zerotier-netcon-service to work diff --git a/netcon/Intercept.c b/netcon/Intercept.c index ad48b7d4..5f2fa7b3 100644 --- a/netcon/Intercept.c +++ b/netcon/Intercept.c @@ -216,7 +216,7 @@ static int send_cmd(int rpc_fd, char *cmd) #endif /* Combine command flag+payload with RPC metadata */ memcpy(&metabuf[IDX_PAYLOAD], cmd, PAYLOAD_SZ); - usleep(100000); + //usleep(100000); int n_write = write(rpc_fd, &metabuf, BUF_SZ); if(n_write < 0){ dwr(MSG_DEBUG,"Error writing command to service (CMD = %d)\n", cmd[0]); @@ -395,7 +395,6 @@ int setsockopt(SETSOCKOPT_SIG) return 0; } - /*------------------------------------------------------------------------------ --------------------------------- getsockopt() --------------------------------- ------------------------------------------------------------------------------*/ @@ -689,7 +688,6 @@ int accept4(ACCEPT4_SIG) return newfd; } - /*------------------------------------------------------------------------------ ----------------------------------- accept() ----------------------------------- ------------------------------------------------------------------------------*/ @@ -761,7 +759,7 @@ int accept(ACCEPT_SIG) /* The following line is required for libuv/nodejs to accept connections properly, however, this has the side effect of causing certain webservers to max out the CPU in an accept loop */ - fcntl(sockfd, F_SETFL, O_NONBLOCK); + fcntl(sockfd, F_SETFL, SOCK_NONBLOCK); int new_conn_socket = get_new_fd(sockfd); if(new_conn_socket > 0) @@ -850,7 +848,7 @@ int listen(LISTEN_SIG) } /*------------------------------------------------------------------------------ --------------------------------------- clone()---------------------------------- +-------------------------------------- clone() --------------------------------- ------------------------------------------------------------------------------*/ /* int (*fn)(void *), void *child_stack, int flags, void *arg, ... */ @@ -867,7 +865,7 @@ int clone(CLONE_SIG) } /*------------------------------------------------------------------------------ -------------------------------------- close()----------------------------------- +------------------------------------- close() ---------------------------------- ------------------------------------------------------------------------------*/ /* int fd */ @@ -887,7 +885,7 @@ int close(CLOSE_SIG) } /*------------------------------------------------------------------------------ --------------------------------------- dup2()----------------------------------- +-------------------------------------- dup2() ---------------------------------- ------------------------------------------------------------------------------*/ /* int oldfd, int newfd */ @@ -910,7 +908,7 @@ int dup2(DUP2_SIG) } /*------------------------------------------------------------------------------ --------------------------------------- dup3()----------------------------------- +-------------------------------------- dup3() ---------------------------------- ------------------------------------------------------------------------------*/ /* int oldfd, int newfd, int flags */ @@ -933,7 +931,7 @@ int dup3(DUP3_SIG) } /*------------------------------------------------------------------------------ --------------------------------------- getsockname()---------------------------- +-------------------------------- getsockname() --------------------------------- ------------------------------------------------------------------------------*/ /* define GETSOCKNAME_SIG int sockfd, struct sockaddr *addr, socklen_t *addrlen */ @@ -977,7 +975,7 @@ int getsockname(GETSOCKNAME_SIG) } /*------------------------------------------------------------------------------ ------------------------------------- syscall()---------------------------------- +------------------------------------ syscall() --------------------------------- ------------------------------------------------------------------------------*/ long syscall(SYSCALL_SIG){ diff --git a/netcon/NetconEthernetTap.cpp b/netcon/NetconEthernetTap.cpp index cb5def32..7fd8150f 100644 --- a/netcon/NetconEthernetTap.cpp +++ b/netcon/NetconEthernetTap.cpp @@ -57,15 +57,6 @@ namespace ZeroTier { // --------------------------------------------------------------------------- -/* -static void clearscreen(){ - fprintf(stderr, "\033[2J"); -} -static void gotoxy(int x,int y) { - fprintf(stderr, "%c[%d;%df",0x1B,y,x); -} -*/ - // Gets the process/path name associated with a pid static void get_path_from_pid(char* dest, int pid) { @@ -75,17 +66,6 @@ static void get_path_from_pid(char* dest, int pid) } } -// Gets the process/path name associated with a fd -/* -static void get_path_from_fd(char* dest, int pid, int fd) -{ - char ppfd[80]; - sprintf(ppfd, "/proc/%d/fd/%d", pid, fd); - if (readlink (ppfd, dest, 80) != -1){ - } -} -*/ - static err_t tapif_init(struct netif *netif) { // Actual init functionality is in addIp() of tap @@ -1021,14 +1001,6 @@ void NetconEthernetTap::nc_err(void *arg, err_t err) */ err_t NetconEthernetTap::nc_poll(void* arg, struct tcp_pcb *tpcb) { - //Larg *l = (Larg*)arg; - /* - Larg *l = (Larg*)arg; - TcpConnection *conn = l->conn; - NetconEthernetTap *tap = l->tap; - if(conn && conn->idx) // if valid connection and non-zero index (indicating data present) - tap->handle_write(conn); - */ return ERR_OK; } @@ -1365,7 +1337,7 @@ void NetconEthernetTap::handle_listen(PhySocket *sock, void **uptr, struct liste ? := required treatment Unknown - := Not needed - [-] EACCES - Permission to create a socket of the specified type and/or protocol is denied. + [-] EACCES - Permission to create a socket of the specified type and/or protocol is denied. [I] EAFNOSUPPORT - The implementation does not support the specified address family. [I] EINVAL - Unknown protocol, or protocol family not available. [I] EINVAL - Invalid flags in type. @@ -1524,7 +1496,6 @@ void NetconEthernetTap::handle_connect(PhySocket *sock, void **uptr, struct conn void NetconEthernetTap::handle_write(TcpConnection *conn) { - //dwr(MSG_DEBUG, " handle_write()\n"); float max = (float)TCP_SND_BUF; int r; diff --git a/netcon/README.md b/netcon/README.md index 47288a07..ac6b06ca 100644 --- a/netcon/README.md +++ b/netcon/README.md @@ -25,11 +25,13 @@ The virtual TCP/IP stack will respond to *incoming* ICMP ECHO requests, which me #### Compatibility Test Results - sshd (debug mode -d) [ WORKS as of 20151208 ] Fedora 22/23, Centos 7, Ubuntu 14.04 - apache (debug mode -X) [ WORKS as of 20151208 ] 2.4.6 on Centos 7, 2.4.16 and 2.4.17 on Fedora 22/23 - nginx [ WORKS as of 20151208 ] 1.8.0 on both Fedora 22/23 and Ubuntu 14.04 - nodejs [ WORKS as of 20151208 ] 0.10.36 Fedora 22/23 (disabled, see note in accept() in netcon/Intercept.c) - redis-server [ WORKS as of 20151208 ] 3.0.4 on Fedora 22/23 +The following applications have been tested and confirmed to work for the beta release: + + sshd (debug mode -d) [ WORKS as of 20151215 ] Fedora 22/23, Centos 7, Ubuntu 14.04 + apache (debug mode -X) [ WORKS as of 20151215 ] 2.4.6 on Centos 7, 2.4.16 and 2.4.17 on Fedora 22/23 + nginx [ WORKS as of 20151215 ] 1.8.0 on both Fedora 22/23 and Ubuntu 14.04 + nodejs [ WORKS as of 20151215 ] (note: some LTS versions are known to have a connection accept bug) + redis-server [ WORKS as of 20151215 ] 3.0.4 on Fedora 22/23 It is *likely* to work with other things but there are no guarantees. UDP, ICMP/RAW, and IPv6 support are planned for the near future. @@ -82,23 +84,19 @@ What are you pinging? What is happening here? The *zerotier-netcon-service* binary has joined a *virtual* network and is running a *virtual* TCP/IP stack entirely in user space. As far as your system is concerned it's just another program exchanging UDP packets with a few other hosts on the Internet and nothing out of the ordinary is happening at all. That's why you never had to type *sudo*. It didn't change anything on the host. -Now you can run an application inside your network container. For testing we've included in the *misc/* subfolder a [tiny single-C-file HTTP server](https://github.com/elly/1k/blob/master/httpd.c). To build it run (from *ZeroTierOne/netcon*): - - gcc -o tiny-httpd netcon/misc/httpd.c - -That builds a very tiny HTTP server that serves static pages. Now you can run it network-containerized: +Now you can run an application inside your network container. export LD_PRELOAD=/path/to/ZeroTierOne/libzerotierintercept.so export ZT_NC_NWID=8056c2e21c000001 - ./tiny-httpd -p 80 . + zerotier-intercept python -m SimpleHTTPServer 8080 Note the lack of sudo, even to bind to port 80. That's because you're not binding to port 80, at least not as far as the Linux kernel is concerned. If all went well the HTTP server is now listening, but only inside the network container. Going to port 80 on your machine won't work. To reach it, go to the other system where you joined the same network with a conventional ZeroTier instance and try: - curl http://NETCON.INSTANCE.IP/ + curl http://NETCON.INSTANCE.IP:8080/ Replace *NETCON.INSTANCE.IP* with the IP address that *zerotier-netcon-service* was assigned on the virtual network. (This is the same IP you pinged in your first test.) If everything works, you should get back a copy of ZeroTier One's main README.md file. -In the original shell where you ran *tiny-httpd* you can type CTRL+C to kill it. To turn off network containers you can clear the environment variables: +In the original shell where you ran *python -m SimpleHTTPServer* you can type CTRL+C to kill it. To turn off network containers you can clear the environment variables: unset LD_PRELOAD unset ZT_NC_NWID diff --git a/netcon/common.inc.c b/netcon/common.inc.c index 71761b20..3a95bde3 100644 --- a/netcon/common.inc.c +++ b/netcon/common.inc.c @@ -39,7 +39,7 @@ #include <fcntl.h> -#define DEBUG_LEVEL 4 +#define DEBUG_LEVEL 0 #define MSG_WARNING 4 #define MSG_ERROR 1 // Errors diff --git a/netcon/docker-test/_build_single_image.sh b/netcon/docker-test/_build_single_image.sh index c11f611c..aa4b77d4 100755 --- a/netcon/docker-test/_build_single_image.sh +++ b/netcon/docker-test/_build_single_image.sh @@ -20,7 +20,6 @@ cp ../../monitor_identity.secret monitor_identity.secret docker build --tag="$test_name" -f netcon_dockerfile . docker build --tag="$test_name"_monitor -f monitor_dockerfile . -rm -f zerotier-one rm -f zerotier-cli rm -f zerotier-netcon-service rm -f zerotier-intercept diff --git a/netcon/docker-test/build_zt.sh b/netcon/docker-test/build_zt.sh index 11fd0316..d36c407f 100755 --- a/netcon/docker-test/build_zt.sh +++ b/netcon/docker-test/build_zt.sh @@ -4,14 +4,11 @@ # copies the binaries into the test directory. cd ../../ - make clean -make netcon make one - +make netcon cd netcon/docker-test -cp ../../zerotier-one zerotier-one cp ../../zerotier-cli zerotier-cli cp ../../zerotier-netcon-service zerotier-netcon-service cp ../../libzerotierintercept.so libzerotierintercept.so @@ -19,3 +16,5 @@ cp ../../libzerotierintercept.so libzerotierintercept.so cp ../liblwip.so liblwip.so cp ../zerotier-intercept zerotier-intercept +cp ../../zerotier-one zerotier-one + diff --git a/netcon/docker-test/httpd/httpd-2.4.16-1.fc23.x86_64/netcon_dockerfile b/netcon/docker-test/httpd/httpd-2.4.16-1.fc23.x86_64/netcon_dockerfile index f0c6260d..fe668fb7 100644 --- a/netcon/docker-test/httpd/httpd-2.4.16-1.fc23.x86_64/netcon_dockerfile +++ b/netcon/docker-test/httpd/httpd-2.4.16-1.fc23.x86_64/netcon_dockerfile @@ -27,7 +27,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept RUN /usr/bin/install -c zerotier-intercept /usr/bin -ADD zerotier-one / ADD zerotier-cli / ADD zerotier-netcon-service / diff --git a/netcon/docker-test/httpd/httpd-2.4.16-1.ub14.x86_64/netcon_dockerfile b/netcon/docker-test/httpd/httpd-2.4.16-1.ub14.x86_64/netcon_dockerfile index 8d9d1032..76b7b7dd 100644 --- a/netcon/docker-test/httpd/httpd-2.4.16-1.ub14.x86_64/netcon_dockerfile +++ b/netcon/docker-test/httpd/httpd-2.4.16-1.ub14.x86_64/netcon_dockerfile @@ -28,7 +28,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept RUN /usr/bin/install -c zerotier-intercept /usr/bin -ADD zerotier-one / ADD zerotier-cli / ADD zerotier-netcon-service / diff --git a/netcon/docker-test/httpd/httpd-2.4.17-3.fc23.x86_64/netcon_dockerfile b/netcon/docker-test/httpd/httpd-2.4.17-3.fc23.x86_64/netcon_dockerfile index d946e2fd..90739f10 100644 --- a/netcon/docker-test/httpd/httpd-2.4.17-3.fc23.x86_64/netcon_dockerfile +++ b/netcon/docker-test/httpd/httpd-2.4.17-3.fc23.x86_64/netcon_dockerfile @@ -27,7 +27,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept RUN /usr/bin/install -c zerotier-intercept /usr/bin -ADD zerotier-one / ADD zerotier-cli / ADD zerotier-netcon-service / diff --git a/netcon/docker-test/httpd/httpd_demo/netcon_dockerfile b/netcon/docker-test/httpd/httpd_demo/netcon_dockerfile index a193863f..cf50e1d9 100644 --- a/netcon/docker-test/httpd/httpd_demo/netcon_dockerfile +++ b/netcon/docker-test/httpd/httpd_demo/netcon_dockerfile @@ -30,7 +30,6 @@ ADD *.conf /var/lib/zerotier-one/networks.d/ ADD *.conf / ADD *.name / -ADD zerotier-one / ADD zerotier-cli / # Install test scripts diff --git a/netcon/docker-test/nginx/nginx-1.4.6-1.ub14.x86_64/netcon_dockerfile b/netcon/docker-test/nginx/nginx-1.4.6-1.ub14.x86_64/netcon_dockerfile index 25e2d90e..cb9c1cc0 100644 --- a/netcon/docker-test/nginx/nginx-1.4.6-1.ub14.x86_64/netcon_dockerfile +++ b/netcon/docker-test/nginx/nginx-1.4.6-1.ub14.x86_64/netcon_dockerfile @@ -30,7 +30,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept RUN /usr/bin/install -c zerotier-intercept /usr/bin -ADD zerotier-one / ADD zerotier-cli / ADD zerotier-netcon-service / diff --git a/netcon/docker-test/nginx/nginx-1.8.0-13.fc23.x86_64/netcon_dockerfile b/netcon/docker-test/nginx/nginx-1.8.0-13.fc23.x86_64/netcon_dockerfile index 53541b3e..8dcd5bf0 100644 --- a/netcon/docker-test/nginx/nginx-1.8.0-13.fc23.x86_64/netcon_dockerfile +++ b/netcon/docker-test/nginx/nginx-1.8.0-13.fc23.x86_64/netcon_dockerfile @@ -27,7 +27,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept RUN /usr/bin/install -c zerotier-intercept /usr/bin -ADD zerotier-one / ADD zerotier-cli / ADD zerotier-netcon-service / diff --git a/netcon/docker-test/nginx/nginx-1.8.0-14.fc23.x86_64/netcon_dockerfile b/netcon/docker-test/nginx/nginx-1.8.0-14.fc23.x86_64/netcon_dockerfile index b6678998..05cd51fb 100644 --- a/netcon/docker-test/nginx/nginx-1.8.0-14.fc23.x86_64/netcon_dockerfile +++ b/netcon/docker-test/nginx/nginx-1.8.0-14.fc23.x86_64/netcon_dockerfile @@ -27,7 +27,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept RUN /usr/bin/install -c zerotier-intercept /usr/bin -ADD zerotier-one / ADD zerotier-cli / ADD zerotier-netcon-service / diff --git a/netcon/docker-test/nodejs/nodejs-0.10.36-4.fc23/netcon_dockerfile b/netcon/docker-test/nodejs/nodejs-0.10.36-4.fc23/netcon_dockerfile index b8f9fa78..55f48a62 100644 --- a/netcon/docker-test/nodejs/nodejs-0.10.36-4.fc23/netcon_dockerfile +++ b/netcon/docker-test/nodejs/nodejs-0.10.36-4.fc23/netcon_dockerfile @@ -30,7 +30,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept RUN /usr/bin/install -c zerotier-intercept /usr/bin -ADD zerotier-one / ADD zerotier-cli / ADD zerotier-netcon-service / diff --git a/netcon/docker-test/redis/redis-3.0.4-1.fc23.x86_64/netcon_dockerfile b/netcon/docker-test/redis/redis-3.0.4-1.fc23.x86_64/netcon_dockerfile index 25b860b2..c5b0773b 100644 --- a/netcon/docker-test/redis/redis-3.0.4-1.fc23.x86_64/netcon_dockerfile +++ b/netcon/docker-test/redis/redis-3.0.4-1.fc23.x86_64/netcon_dockerfile @@ -27,7 +27,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept RUN /usr/bin/install -c zerotier-intercept /usr/bin -ADD zerotier-one / ADD zerotier-cli / Add zerotier-netcon-service / diff --git a/netcon/docker-test/sshd/openssh-server-7.1p1-3.fc23.x86_64/netcon_dockerfile b/netcon/docker-test/sshd/openssh-server-7.1p1-3.fc23.x86_64/netcon_dockerfile index 052d6303..39e00a81 100644 --- a/netcon/docker-test/sshd/openssh-server-7.1p1-3.fc23.x86_64/netcon_dockerfile +++ b/netcon/docker-test/sshd/openssh-server-7.1p1-3.fc23.x86_64/netcon_dockerfile @@ -27,7 +27,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept RUN /usr/bin/install -c zerotier-intercept /usr/bin -ADD zerotier-one / ADD zerotier-cli / # Install test scripts |