diff --git a/make-linux.mk b/make-linux.mk index 5ea0049ce..67fda7a1b 100644 --- a/make-linux.mk +++ b/make-linux.mk @@ -96,6 +96,7 @@ one: $(OBJS) service/OneService.o one.o osdep/LinuxEthernetTap.o ln -sf zerotier-one zerotier-cli netcon: $(OBJS) + rm -f *.o # Need to selectively rebuild one.cpp and OneService.cpp with ZT_SERVICE_NETCON and ZT_ONE_NO_ROOT_CHECK defined, and also NetconEthernetTap $(CXX) $(CXXFLAGS) $(LDFLAGS) -DZT_SERVICE_NETCON -DZT_ONE_NO_ROOT_CHECK -Iext/lwip/src/include -Iext/lwip/src/include/ipv4 -Iext/lwip/src/include/ipv6 -o zerotier-netcon-service $(OBJS) service/OneService.cpp netcon/NetconEthernetTap.cpp one.cpp $(LDLIBS) -ldl # Build netcon/liblwip.so which must be placed in ZT home for zerotier-netcon-service to work diff --git a/netcon/Intercept.c b/netcon/Intercept.c index ad48b7d4b..5f2fa7b33 100644 --- a/netcon/Intercept.c +++ b/netcon/Intercept.c @@ -216,7 +216,7 @@ static int send_cmd(int rpc_fd, char *cmd) #endif /* Combine command flag+payload with RPC metadata */ memcpy(&metabuf[IDX_PAYLOAD], cmd, PAYLOAD_SZ); - usleep(100000); + //usleep(100000); int n_write = write(rpc_fd, &metabuf, BUF_SZ); if(n_write < 0){ dwr(MSG_DEBUG,"Error writing command to service (CMD = %d)\n", cmd[0]); @@ -395,7 +395,6 @@ int setsockopt(SETSOCKOPT_SIG) return 0; } - /*------------------------------------------------------------------------------ --------------------------------- getsockopt() --------------------------------- ------------------------------------------------------------------------------*/ @@ -689,7 +688,6 @@ int accept4(ACCEPT4_SIG) return newfd; } - /*------------------------------------------------------------------------------ ----------------------------------- accept() ----------------------------------- ------------------------------------------------------------------------------*/ @@ -761,7 +759,7 @@ int accept(ACCEPT_SIG) /* The following line is required for libuv/nodejs to accept connections properly, however, this has the side effect of causing certain webservers to max out the CPU in an accept loop */ - fcntl(sockfd, F_SETFL, O_NONBLOCK); + fcntl(sockfd, F_SETFL, SOCK_NONBLOCK); int new_conn_socket = get_new_fd(sockfd); if(new_conn_socket > 0) @@ -850,7 +848,7 @@ int listen(LISTEN_SIG) } /*------------------------------------------------------------------------------ --------------------------------------- clone()---------------------------------- +-------------------------------------- clone() --------------------------------- ------------------------------------------------------------------------------*/ /* int (*fn)(void *), void *child_stack, int flags, void *arg, ... */ @@ -867,7 +865,7 @@ int clone(CLONE_SIG) } /*------------------------------------------------------------------------------ -------------------------------------- close()----------------------------------- +------------------------------------- close() ---------------------------------- ------------------------------------------------------------------------------*/ /* int fd */ @@ -887,7 +885,7 @@ int close(CLOSE_SIG) } /*------------------------------------------------------------------------------ --------------------------------------- dup2()----------------------------------- +-------------------------------------- dup2() ---------------------------------- ------------------------------------------------------------------------------*/ /* int oldfd, int newfd */ @@ -910,7 +908,7 @@ int dup2(DUP2_SIG) } /*------------------------------------------------------------------------------ --------------------------------------- dup3()----------------------------------- +-------------------------------------- dup3() ---------------------------------- ------------------------------------------------------------------------------*/ /* int oldfd, int newfd, int flags */ @@ -933,7 +931,7 @@ int dup3(DUP3_SIG) } /*------------------------------------------------------------------------------ --------------------------------------- getsockname()---------------------------- +-------------------------------- getsockname() --------------------------------- ------------------------------------------------------------------------------*/ /* define GETSOCKNAME_SIG int sockfd, struct sockaddr *addr, socklen_t *addrlen */ @@ -977,7 +975,7 @@ int getsockname(GETSOCKNAME_SIG) } /*------------------------------------------------------------------------------ ------------------------------------- syscall()---------------------------------- +------------------------------------ syscall() --------------------------------- ------------------------------------------------------------------------------*/ long syscall(SYSCALL_SIG){ diff --git a/netcon/NetconEthernetTap.cpp b/netcon/NetconEthernetTap.cpp index cb5def326..7fd8150f9 100644 --- a/netcon/NetconEthernetTap.cpp +++ b/netcon/NetconEthernetTap.cpp @@ -57,15 +57,6 @@ namespace ZeroTier { // --------------------------------------------------------------------------- -/* -static void clearscreen(){ - fprintf(stderr, "\033[2J"); -} -static void gotoxy(int x,int y) { - fprintf(stderr, "%c[%d;%df",0x1B,y,x); -} -*/ - // Gets the process/path name associated with a pid static void get_path_from_pid(char* dest, int pid) { @@ -75,17 +66,6 @@ static void get_path_from_pid(char* dest, int pid) } } -// Gets the process/path name associated with a fd -/* -static void get_path_from_fd(char* dest, int pid, int fd) -{ - char ppfd[80]; - sprintf(ppfd, "/proc/%d/fd/%d", pid, fd); - if (readlink (ppfd, dest, 80) != -1){ - } -} -*/ - static err_t tapif_init(struct netif *netif) { // Actual init functionality is in addIp() of tap @@ -1021,14 +1001,6 @@ void NetconEthernetTap::nc_err(void *arg, err_t err) */ err_t NetconEthernetTap::nc_poll(void* arg, struct tcp_pcb *tpcb) { - //Larg *l = (Larg*)arg; - /* - Larg *l = (Larg*)arg; - TcpConnection *conn = l->conn; - NetconEthernetTap *tap = l->tap; - if(conn && conn->idx) // if valid connection and non-zero index (indicating data present) - tap->handle_write(conn); - */ return ERR_OK; } @@ -1365,7 +1337,7 @@ void NetconEthernetTap::handle_listen(PhySocket *sock, void **uptr, struct liste ? := required treatment Unknown - := Not needed - [-] EACCES - Permission to create a socket of the specified type and/or protocol is denied. + [-] EACCES - Permission to create a socket of the specified type and/or protocol is denied. [I] EAFNOSUPPORT - The implementation does not support the specified address family. [I] EINVAL - Unknown protocol, or protocol family not available. [I] EINVAL - Invalid flags in type. @@ -1524,7 +1496,6 @@ void NetconEthernetTap::handle_connect(PhySocket *sock, void **uptr, struct conn void NetconEthernetTap::handle_write(TcpConnection *conn) { - //dwr(MSG_DEBUG, " handle_write()\n"); float max = (float)TCP_SND_BUF; int r; diff --git a/netcon/README.md b/netcon/README.md index 47288a079..ac6b06ca3 100644 --- a/netcon/README.md +++ b/netcon/README.md @@ -25,11 +25,13 @@ The virtual TCP/IP stack will respond to *incoming* ICMP ECHO requests, which me #### Compatibility Test Results - sshd (debug mode -d) [ WORKS as of 20151208 ] Fedora 22/23, Centos 7, Ubuntu 14.04 - apache (debug mode -X) [ WORKS as of 20151208 ] 2.4.6 on Centos 7, 2.4.16 and 2.4.17 on Fedora 22/23 - nginx [ WORKS as of 20151208 ] 1.8.0 on both Fedora 22/23 and Ubuntu 14.04 - nodejs [ WORKS as of 20151208 ] 0.10.36 Fedora 22/23 (disabled, see note in accept() in netcon/Intercept.c) - redis-server [ WORKS as of 20151208 ] 3.0.4 on Fedora 22/23 +The following applications have been tested and confirmed to work for the beta release: + + sshd (debug mode -d) [ WORKS as of 20151215 ] Fedora 22/23, Centos 7, Ubuntu 14.04 + apache (debug mode -X) [ WORKS as of 20151215 ] 2.4.6 on Centos 7, 2.4.16 and 2.4.17 on Fedora 22/23 + nginx [ WORKS as of 20151215 ] 1.8.0 on both Fedora 22/23 and Ubuntu 14.04 + nodejs [ WORKS as of 20151215 ] (note: some LTS versions are known to have a connection accept bug) + redis-server [ WORKS as of 20151215 ] 3.0.4 on Fedora 22/23 It is *likely* to work with other things but there are no guarantees. UDP, ICMP/RAW, and IPv6 support are planned for the near future. @@ -82,23 +84,19 @@ What are you pinging? What is happening here? The *zerotier-netcon-service* binary has joined a *virtual* network and is running a *virtual* TCP/IP stack entirely in user space. As far as your system is concerned it's just another program exchanging UDP packets with a few other hosts on the Internet and nothing out of the ordinary is happening at all. That's why you never had to type *sudo*. It didn't change anything on the host. -Now you can run an application inside your network container. For testing we've included in the *misc/* subfolder a [tiny single-C-file HTTP server](https://github.com/elly/1k/blob/master/httpd.c). To build it run (from *ZeroTierOne/netcon*): - - gcc -o tiny-httpd netcon/misc/httpd.c - -That builds a very tiny HTTP server that serves static pages. Now you can run it network-containerized: +Now you can run an application inside your network container. export LD_PRELOAD=/path/to/ZeroTierOne/libzerotierintercept.so export ZT_NC_NWID=8056c2e21c000001 - ./tiny-httpd -p 80 . + zerotier-intercept python -m SimpleHTTPServer 8080 Note the lack of sudo, even to bind to port 80. That's because you're not binding to port 80, at least not as far as the Linux kernel is concerned. If all went well the HTTP server is now listening, but only inside the network container. Going to port 80 on your machine won't work. To reach it, go to the other system where you joined the same network with a conventional ZeroTier instance and try: - curl http://NETCON.INSTANCE.IP/ + curl http://NETCON.INSTANCE.IP:8080/ Replace *NETCON.INSTANCE.IP* with the IP address that *zerotier-netcon-service* was assigned on the virtual network. (This is the same IP you pinged in your first test.) If everything works, you should get back a copy of ZeroTier One's main README.md file. -In the original shell where you ran *tiny-httpd* you can type CTRL+C to kill it. To turn off network containers you can clear the environment variables: +In the original shell where you ran *python -m SimpleHTTPServer* you can type CTRL+C to kill it. To turn off network containers you can clear the environment variables: unset LD_PRELOAD unset ZT_NC_NWID diff --git a/netcon/common.inc.c b/netcon/common.inc.c index 71761b209..3a95bde34 100644 --- a/netcon/common.inc.c +++ b/netcon/common.inc.c @@ -39,7 +39,7 @@ #include -#define DEBUG_LEVEL 4 +#define DEBUG_LEVEL 0 #define MSG_WARNING 4 #define MSG_ERROR 1 // Errors diff --git a/netcon/docker-test/_build_single_image.sh b/netcon/docker-test/_build_single_image.sh index c11f611c8..aa4b77d43 100755 --- a/netcon/docker-test/_build_single_image.sh +++ b/netcon/docker-test/_build_single_image.sh @@ -20,7 +20,6 @@ cp ../../monitor_identity.secret monitor_identity.secret docker build --tag="$test_name" -f netcon_dockerfile . docker build --tag="$test_name"_monitor -f monitor_dockerfile . -rm -f zerotier-one rm -f zerotier-cli rm -f zerotier-netcon-service rm -f zerotier-intercept diff --git a/netcon/docker-test/build_zt.sh b/netcon/docker-test/build_zt.sh index 11fd0316e..d36c407f0 100755 --- a/netcon/docker-test/build_zt.sh +++ b/netcon/docker-test/build_zt.sh @@ -4,14 +4,11 @@ # copies the binaries into the test directory. cd ../../ - make clean -make netcon make one - +make netcon cd netcon/docker-test -cp ../../zerotier-one zerotier-one cp ../../zerotier-cli zerotier-cli cp ../../zerotier-netcon-service zerotier-netcon-service cp ../../libzerotierintercept.so libzerotierintercept.so @@ -19,3 +16,5 @@ cp ../../libzerotierintercept.so libzerotierintercept.so cp ../liblwip.so liblwip.so cp ../zerotier-intercept zerotier-intercept +cp ../../zerotier-one zerotier-one + diff --git a/netcon/docker-test/httpd/httpd-2.4.16-1.fc23.x86_64/netcon_dockerfile b/netcon/docker-test/httpd/httpd-2.4.16-1.fc23.x86_64/netcon_dockerfile index f0c6260d7..fe668fb79 100644 --- a/netcon/docker-test/httpd/httpd-2.4.16-1.fc23.x86_64/netcon_dockerfile +++ b/netcon/docker-test/httpd/httpd-2.4.16-1.fc23.x86_64/netcon_dockerfile @@ -27,7 +27,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept RUN /usr/bin/install -c zerotier-intercept /usr/bin -ADD zerotier-one / ADD zerotier-cli / ADD zerotier-netcon-service / diff --git a/netcon/docker-test/httpd/httpd-2.4.16-1.ub14.x86_64/netcon_dockerfile b/netcon/docker-test/httpd/httpd-2.4.16-1.ub14.x86_64/netcon_dockerfile index 8d9d1032d..76b7b7dd5 100644 --- a/netcon/docker-test/httpd/httpd-2.4.16-1.ub14.x86_64/netcon_dockerfile +++ b/netcon/docker-test/httpd/httpd-2.4.16-1.ub14.x86_64/netcon_dockerfile @@ -28,7 +28,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept RUN /usr/bin/install -c zerotier-intercept /usr/bin -ADD zerotier-one / ADD zerotier-cli / ADD zerotier-netcon-service / diff --git a/netcon/docker-test/httpd/httpd-2.4.17-3.fc23.x86_64/netcon_dockerfile b/netcon/docker-test/httpd/httpd-2.4.17-3.fc23.x86_64/netcon_dockerfile index d946e2fdc..90739f108 100644 --- a/netcon/docker-test/httpd/httpd-2.4.17-3.fc23.x86_64/netcon_dockerfile +++ b/netcon/docker-test/httpd/httpd-2.4.17-3.fc23.x86_64/netcon_dockerfile @@ -27,7 +27,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept RUN /usr/bin/install -c zerotier-intercept /usr/bin -ADD zerotier-one / ADD zerotier-cli / ADD zerotier-netcon-service / diff --git a/netcon/docker-test/httpd/httpd_demo/netcon_dockerfile b/netcon/docker-test/httpd/httpd_demo/netcon_dockerfile index a193863fb..cf50e1d92 100644 --- a/netcon/docker-test/httpd/httpd_demo/netcon_dockerfile +++ b/netcon/docker-test/httpd/httpd_demo/netcon_dockerfile @@ -30,7 +30,6 @@ ADD *.conf /var/lib/zerotier-one/networks.d/ ADD *.conf / ADD *.name / -ADD zerotier-one / ADD zerotier-cli / # Install test scripts diff --git a/netcon/docker-test/nginx/nginx-1.4.6-1.ub14.x86_64/netcon_dockerfile b/netcon/docker-test/nginx/nginx-1.4.6-1.ub14.x86_64/netcon_dockerfile index 25e2d90ed..cb9c1cc04 100644 --- a/netcon/docker-test/nginx/nginx-1.4.6-1.ub14.x86_64/netcon_dockerfile +++ b/netcon/docker-test/nginx/nginx-1.4.6-1.ub14.x86_64/netcon_dockerfile @@ -30,7 +30,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept RUN /usr/bin/install -c zerotier-intercept /usr/bin -ADD zerotier-one / ADD zerotier-cli / ADD zerotier-netcon-service / diff --git a/netcon/docker-test/nginx/nginx-1.8.0-13.fc23.x86_64/netcon_dockerfile b/netcon/docker-test/nginx/nginx-1.8.0-13.fc23.x86_64/netcon_dockerfile index 53541b3e8..8dcd5bf01 100644 --- a/netcon/docker-test/nginx/nginx-1.8.0-13.fc23.x86_64/netcon_dockerfile +++ b/netcon/docker-test/nginx/nginx-1.8.0-13.fc23.x86_64/netcon_dockerfile @@ -27,7 +27,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept RUN /usr/bin/install -c zerotier-intercept /usr/bin -ADD zerotier-one / ADD zerotier-cli / ADD zerotier-netcon-service / diff --git a/netcon/docker-test/nginx/nginx-1.8.0-14.fc23.x86_64/netcon_dockerfile b/netcon/docker-test/nginx/nginx-1.8.0-14.fc23.x86_64/netcon_dockerfile index b6678998a..05cd51fb3 100644 --- a/netcon/docker-test/nginx/nginx-1.8.0-14.fc23.x86_64/netcon_dockerfile +++ b/netcon/docker-test/nginx/nginx-1.8.0-14.fc23.x86_64/netcon_dockerfile @@ -27,7 +27,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept RUN /usr/bin/install -c zerotier-intercept /usr/bin -ADD zerotier-one / ADD zerotier-cli / ADD zerotier-netcon-service / diff --git a/netcon/docker-test/nodejs/nodejs-0.10.36-4.fc23/netcon_dockerfile b/netcon/docker-test/nodejs/nodejs-0.10.36-4.fc23/netcon_dockerfile index b8f9fa782..55f48a620 100644 --- a/netcon/docker-test/nodejs/nodejs-0.10.36-4.fc23/netcon_dockerfile +++ b/netcon/docker-test/nodejs/nodejs-0.10.36-4.fc23/netcon_dockerfile @@ -30,7 +30,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept RUN /usr/bin/install -c zerotier-intercept /usr/bin -ADD zerotier-one / ADD zerotier-cli / ADD zerotier-netcon-service / diff --git a/netcon/docker-test/redis/redis-3.0.4-1.fc23.x86_64/netcon_dockerfile b/netcon/docker-test/redis/redis-3.0.4-1.fc23.x86_64/netcon_dockerfile index 25b860b2b..c5b0773bf 100644 --- a/netcon/docker-test/redis/redis-3.0.4-1.fc23.x86_64/netcon_dockerfile +++ b/netcon/docker-test/redis/redis-3.0.4-1.fc23.x86_64/netcon_dockerfile @@ -27,7 +27,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept RUN /usr/bin/install -c zerotier-intercept /usr/bin -ADD zerotier-one / ADD zerotier-cli / Add zerotier-netcon-service / diff --git a/netcon/docker-test/sshd/openssh-server-7.1p1-3.fc23.x86_64/netcon_dockerfile b/netcon/docker-test/sshd/openssh-server-7.1p1-3.fc23.x86_64/netcon_dockerfile index 052d63039..39e00a814 100644 --- a/netcon/docker-test/sshd/openssh-server-7.1p1-3.fc23.x86_64/netcon_dockerfile +++ b/netcon/docker-test/sshd/openssh-server-7.1p1-3.fc23.x86_64/netcon_dockerfile @@ -27,7 +27,6 @@ RUN cp libzerotierintercept.so lib/libzerotierintercept.so RUN ln -sf /lib/libzerotierintercept.so /lib/libzerotierintercept RUN /usr/bin/install -c zerotier-intercept /usr/bin -ADD zerotier-one / ADD zerotier-cli / # Install test scripts