From 1364413cee696ff60f4dd1e3ac1eb281ac7a4e8f Mon Sep 17 00:00:00 2001 From: Boris Kolpackov Date: Sat, 29 Apr 2017 15:14:33 +0200 Subject: Use fixed TFTP ports for robustness This way we can cleanup old iptables entries in case or crash/termination --- bbot/agent | 6 +++--- bbot/agent.cli | 9 +++++++- bbot/agent.cxx | 12 ++++++----- bbot/machine.cxx | 66 ++++++++++++++++++++++++++++++-------------------------- bbot/tftp | 5 +++-- bbot/tftp.cxx | 4 ++-- bbot/worker.cli | 2 +- 7 files changed, 59 insertions(+), 45 deletions(-) (limited to 'bbot') diff --git a/bbot/agent b/bbot/agent index b88c892..990ad2d 100644 --- a/bbot/agent +++ b/bbot/agent @@ -18,9 +18,9 @@ namespace bbot extern const string bs_prot; // Bootstrap protocol version. - extern string tc_name; // Toolchain name. - extern size_t tc_num; // Toolchain number. - extern string tc_id; // Toolchain id. + extern string tc_name; // Toolchain name. + extern uint16_t tc_num; // Toolchain number. + extern string tc_id; // Toolchain id. extern string hname; // Our host name. extern uid_t uid; // Our effective user id. diff --git a/bbot/agent.cli b/bbot/agent.cli index b71db4e..497b841 100644 --- a/bbot/agent.cli +++ b/bbot/agent.cli @@ -48,7 +48,7 @@ namespace bbot "Toolchain name, \cb{default} by default." } - size_t --toolchain-num = 1 + uint16_t --toolchain-num = 1 { "", "Toolchain number, 1 by default." @@ -92,6 +92,13 @@ namespace bbot "The location of the TFTP server root, \cb{/build/tftp/} by default." } + uint16_t --tftp-port = 23400 + { + "", + "TFTP server port base, 23400 by default. The actual port is calculated + by adding the toolchain number \c{--toolchain-num} to this value." + } + size_t --bootstrap-timeout = 600 { "", diff --git a/bbot/agent.cxx b/bbot/agent.cxx index a40e9e9..7e0021a 100644 --- a/bbot/agent.cxx +++ b/bbot/agent.cxx @@ -43,9 +43,9 @@ namespace bbot const string bs_prot ("1"); - string tc_name; - size_t tc_num; - string tc_id; + string tc_name; + uint16_t tc_num; + string tc_id; string hname; uid_t uid; @@ -122,7 +122,8 @@ bootstrap_machine (const dir_path& md, try_rmfile (mf); tftp_server tftpd ("Gr ^/?(.+)$ /toolchains/" + tc_name + "/\\1\n" + - "Pr ^/?(.+)$ /bootstrap/" + tc_name + "/\\1\n"); + "Pr ^/?(.+)$ /bootstrap/" + tc_name + "/\\1\n", + ops.tftp_port () + tc_num); l3 ([&]{trace << "tftp server on port " << tftpd.port ();}); @@ -582,7 +583,8 @@ try // Start the TFTP server. // tftp_server tftpd ("Gr ^/?(.+)$ /build/" + tc_name + "/get/\\1\n" + - "Pr ^/?(.+)$ /build/" + tc_name + "/put/\\1\n"); + "Pr ^/?(.+)$ /build/" + tc_name + "/put/\\1\n", + ops.tftp_port () + tc_num); l3 ([&]{trace << "tftp server on port " << tftpd.port ();}); diff --git a/bbot/machine.cxx b/bbot/machine.cxx index ce07c94..86448cf 100644 --- a/bbot/machine.cxx +++ b/bbot/machine.cxx @@ -31,45 +31,49 @@ namespace bbot const char* a, const string& tap, const string& br, - uint16_t port) + uint16_t port, + bool ignore_errors = false) { string addr (iface_addr (br)); + auto_fd fdn (ignore_errors ? fdnull () : nullfd); + int ofd (ignore_errors ? fdn.get () : 2); + process_exit::code_type e; - e = run_exit (t, - "sudo", "iptables", - "-t", "nat", - a, "PREROUTING", - "-m", "udp", - "-p", "udp", - "-m", "physdev", - "-i", br, - "--physdev-in", tap, - "--dport", 69, - "-j", "DNAT", - "--to-destination", addr + ':' + to_string (port)); - - if (e != 0 && port != 0) + e = run_io_exit (t, 0, ofd, ofd, + "sudo", "iptables", + "-t", "nat", + a, "PREROUTING", + "-m", "udp", + "-p", "udp", + "-m", "physdev", + "-i", br, + "--physdev-in", tap, + "--dport", 69, + "-j", "DNAT", + "--to-destination", addr + ':' + to_string (port)); + + if (e != 0 && !ignore_errors) fail << "process iptables terminated with non-zero exit code"; // Nobody really knows whether this is really needed (really)... // - e = run_exit (t, - "sudo", "iptables", - a, "FORWARD", - "-m", "udp", - "-p", "udp", - "-m", "physdev", - "-o", br, - "--physdev-out", tap, - "-d", addr, - "--dport", port, - "-m", "state", - "--state", "NEW,ESTABLISHED,RELATED", - "-j", "ACCEPT"); - - if (e != 0 && port != 0) + e = run_io_exit (t, 0, ofd, ofd, + "sudo", "iptables", + a, "FORWARD", + "-m", "udp", + "-p", "udp", + "-m", "physdev", + "-o", br, + "--physdev-out", tap, + "-d", addr, + "--dport", port, + "-m", "state", + "--state", "NEW,ESTABLISHED,RELATED", + "-j", "ACCEPT"); + + if (e != 0 && !ignore_errors) fail << "process iptables terminated with non-zero exit code"; } @@ -82,7 +86,7 @@ namespace bbot // First try to delete it in case there is one from a previous run. // - //iptables (trace, "-D", t, br, 0); // Any port. + iptables (trace, "-D", t, br, port, true); // Ignore errors. run_exit (trace, "sudo", "ip", "tuntap", "delete", t, "mode", "tap"); run (trace, "sudo", "ip", "tuntap", "add", t, "mode", "tap", "user", uid); diff --git a/bbot/tftp b/bbot/tftp index 581d41c..5433b89 100644 --- a/bbot/tftp +++ b/bbot/tftp @@ -19,9 +19,10 @@ namespace bbot { public: // The map argument specifies the path mapping rules, one per line (see - // the tftpd-hpa --map-file|-m option for details). + // the tftpd-hpa --map-file|-m option for details). If port is 0, then + // it is automatically assigned. // - tftp_server (const string& map); + tftp_server (const string& map, uint16_t port); // Return the assigned port. // diff --git a/bbot/tftp.cxx b/bbot/tftp.cxx index 3304356..862a0e4 100644 --- a/bbot/tftp.cxx +++ b/bbot/tftp.cxx @@ -19,7 +19,7 @@ using namespace butl; namespace bbot { tftp_server:: - tftp_server (const string& map) + tftp_server (const string& map, uint16_t port) { int fd (socket (AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0)); @@ -34,7 +34,7 @@ namespace bbot memset (&addr, 0, sizeof (addr)); addr.sin_family = AF_INET; addr.sin_addr.s_addr = htonl (INADDR_ANY); - addr.sin_port = htons (0); + addr.sin_port = htons (port); // Not to confuse with std::bind(). // diff --git a/bbot/worker.cli b/bbot/worker.cli index 56c7c6b..09e09a3 100644 --- a/bbot/worker.cli +++ b/bbot/worker.cli @@ -90,7 +90,7 @@ namespace bbot "", "The TFTP host address and, optionally, port to use to download the build task and to upload the build result. By default the link-local - address 196.254.111.222 with the default TFTP port (69) is used." + address 196.254.111.222 with the standard TFTP port (69) is used." } }; -- cgit v1.1