Use fixed TFTP ports for robustness

This way we can cleanup old iptables entries in case or crash/termination

7 files changed, 59 insertions, 45 deletions

diff --git a/bbot/agent b/bbot/agent
index b88c892..990ad2d 100644
--- a/bbot/agent
+++ b/bbot/agent
@@ -18,9 +18,9 @@ namespace bbot
 
   extern const string bs_prot; // Bootstrap protocol version.
 
-  extern string tc_name; // Toolchain name.
-  extern size_t tc_num;  // Toolchain number.
-  extern string tc_id;   // Toolchain id.
+  extern string   tc_name; // Toolchain name.
+  extern uint16_t tc_num;  // Toolchain number.
+  extern string   tc_id;   // Toolchain id.
 
   extern string hname; // Our host name.
   extern uid_t  uid;   // Our effective user id.
diff --git a/bbot/agent.cli b/bbot/agent.cli
index b71db4e..497b841 100644
--- a/bbot/agent.cli
+++ b/bbot/agent.cli
@@ -48,7 +48,7 @@ namespace bbot
       "Toolchain name, \cb{default} by default."
     }
 
-    size_t --toolchain-num = 1
+    uint16_t --toolchain-num = 1
     {
       "<num>",
       "Toolchain number, 1 by default."
@@ -92,6 +92,13 @@ namespace bbot
       "The location of the TFTP server root, \cb{/build/tftp/} by default."
     }
 
+    uint16_t --tftp-port = 23400
+    {
+      "<num>",
+      "TFTP server port base, 23400 by default. The actual port is calculated
+       by adding the toolchain number \c{--toolchain-num} to this value."
+    }
+
     size_t --bootstrap-timeout = 600
     {
       "<sec>",
diff --git a/bbot/agent.cxx b/bbot/agent.cxx
index a40e9e9..7e0021a 100644
--- a/bbot/agent.cxx
+++ b/bbot/agent.cxx
@@ -43,9 +43,9 @@ namespace bbot
 
   const string bs_prot ("1");
 
-  string tc_name;
-  size_t tc_num;
-  string tc_id;
+  string   tc_name;
+  uint16_t tc_num;
+  string   tc_id;
 
   string hname;
   uid_t  uid;
@@ -122,7 +122,8 @@ bootstrap_machine (const dir_path& md,
     try_rmfile (mf);
 
     tftp_server tftpd ("Gr  ^/?(.+)$  /toolchains/" + tc_name + "/\\1\n" +
-                       "Pr  ^/?(.+)$  /bootstrap/" + tc_name + "/\\1\n");
+                       "Pr  ^/?(.+)$  /bootstrap/" + tc_name + "/\\1\n",
+                       ops.tftp_port () + tc_num);
 
     l3 ([&]{trace << "tftp server on port " << tftpd.port ();});
 
@@ -582,7 +583,8 @@ try
     // Start the TFTP server.
     //
     tftp_server tftpd ("Gr  ^/?(.+)$  /build/" + tc_name + "/get/\\1\n" +
-                       "Pr  ^/?(.+)$  /build/" + tc_name + "/put/\\1\n");
+                       "Pr  ^/?(.+)$  /build/" + tc_name + "/put/\\1\n",
+                       ops.tftp_port () + tc_num);
 
     l3 ([&]{trace << "tftp server on port " << tftpd.port ();});
 
diff --git a/bbot/machine.cxx b/bbot/machine.cxx
index ce07c94..86448cf 100644
--- a/bbot/machine.cxx
+++ b/bbot/machine.cxx
@@ -31,45 +31,49 @@ namespace bbot
             const char* a,
             const string& tap,
             const string& br,
-            uint16_t port)
+            uint16_t port,
+            bool ignore_errors = false)
   {
     string addr (iface_addr (br));
 
+    auto_fd fdn (ignore_errors ? fdnull () : nullfd);
+    int ofd (ignore_errors ? fdn.get () : 2);
+
     process_exit::code_type e;
 
-    e = run_exit (t,
-                  "sudo",             "iptables",
-                  "-t",               "nat",
-                  a,                  "PREROUTING",
-                  "-m",               "udp",
-                  "-p",               "udp",
-                  "-m",               "physdev",
-                  "-i",               br,
-                  "--physdev-in",     tap,
-                  "--dport",          69,
-                  "-j",               "DNAT",
-                  "--to-destination", addr + ':' + to_string (port));
-
-    if (e != 0 && port != 0)
+    e = run_io_exit (t, 0, ofd, ofd,
+                     "sudo",             "iptables",
+                     "-t",               "nat",
+                     a,                  "PREROUTING",
+                     "-m",               "udp",
+                     "-p",               "udp",
+                     "-m",               "physdev",
+                     "-i",               br,
+                     "--physdev-in",     tap,
+                     "--dport",          69,
+                     "-j",               "DNAT",
+                     "--to-destination", addr + ':' + to_string (port));
+
+    if (e != 0 && !ignore_errors)
       fail << "process iptables terminated with non-zero exit code";
 
     // Nobody really knows whether this is really needed (really)...
     //
-    e = run_exit (t,
-                  "sudo",             "iptables",
-                  a,                  "FORWARD",
-                  "-m",               "udp",
-                  "-p",               "udp",
-                  "-m",               "physdev",
-                  "-o",               br,
-                  "--physdev-out",    tap,
-                  "-d",               addr,
-                  "--dport",          port,
-                  "-m",               "state",
-                  "--state",          "NEW,ESTABLISHED,RELATED",
-                  "-j",               "ACCEPT");
-
-    if (e != 0 && port != 0)
+    e = run_io_exit (t, 0, ofd, ofd,
+                     "sudo",             "iptables",
+                     a,                  "FORWARD",
+                     "-m",               "udp",
+                     "-p",               "udp",
+                     "-m",               "physdev",
+                     "-o",               br,
+                     "--physdev-out",    tap,
+                     "-d",               addr,
+                     "--dport",          port,
+                     "-m",               "state",
+                     "--state",          "NEW,ESTABLISHED,RELATED",
+                     "-j",               "ACCEPT");
+
+    if (e != 0 && !ignore_errors)
       fail << "process iptables terminated with non-zero exit code";
   }
 
@@ -82,7 +86,7 @@ namespace bbot
 
     // First try to delete it in case there is one from a previous run.
     //
-    //iptables (trace, "-D", t, br, 0); // Any port.
+    iptables (trace, "-D", t, br, port, true); // Ignore errors.
     run_exit (trace, "sudo", "ip", "tuntap", "delete", t, "mode", "tap");
 
     run (trace, "sudo", "ip", "tuntap", "add", t, "mode", "tap", "user", uid);
diff --git a/bbot/tftp b/bbot/tftp
index 581d41c..5433b89 100644
--- a/bbot/tftp
+++ b/bbot/tftp
@@ -19,9 +19,10 @@ namespace bbot
   {
   public:
     // The map argument specifies the path mapping rules, one per line (see
-    // the tftpd-hpa --map-file|-m option for details).
+    // the tftpd-hpa --map-file|-m option for details). If port is 0, then
+    // it is automatically assigned.
     //
-    tftp_server (const string& map);
+    tftp_server (const string& map, uint16_t port);
 
     // Return the assigned port.
     //
diff --git a/bbot/tftp.cxx b/bbot/tftp.cxx
index 3304356..862a0e4 100644
--- a/bbot/tftp.cxx
+++ b/bbot/tftp.cxx
@@ -19,7 +19,7 @@ using namespace butl;
 namespace bbot
 {
   tftp_server::
-  tftp_server (const string& map)
+  tftp_server (const string& map, uint16_t port)
   {
     int fd (socket (AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0));
 
@@ -34,7 +34,7 @@ namespace bbot
     memset (&addr, 0, sizeof (addr));
     addr.sin_family = AF_INET;
     addr.sin_addr.s_addr = htonl (INADDR_ANY);
-    addr.sin_port = htons (0);
+    addr.sin_port = htons (port);
 
     // Not to confuse with std::bind().
     //
diff --git a/bbot/worker.cli b/bbot/worker.cli
index 56c7c6b..09e09a3 100644
--- a/bbot/worker.cli
+++ b/bbot/worker.cli
@@ -90,7 +90,7 @@ namespace bbot
       "<addr>",
       "The TFTP host address and, optionally, port to use to download the
        build task and to upload the build result. By default the link-local
-       address 196.254.111.222 with the default TFTP port (69) is used."
+       address 196.254.111.222 with the standard TFTP port (69) is used."
     }
   };