mirror of
https://git.rwth-aachen.de/acs/public/villas/node/
synced 2025-03-09 00:00:00 +01:00
Merge branch 'master' of github.com:RWTH-ACS/S2SS
This commit is contained in:
commit
09e888d52b
15 changed files with 158 additions and 17 deletions
1
contrib/liveusb/etc/image-release
Normal file
1
contrib/liveusb/etc/image-release
Normal file
|
@ -0,0 +1 @@
|
|||
0.5-turin
|
1
contrib/liveusb/etc/image/setup.sh
Symbolic link
1
contrib/liveusb/etc/image/setup.sh
Symbolic link
|
@ -0,0 +1 @@
|
|||
setup.sh
|
3
contrib/liveusb/etc/modprobe.d/blacklist.conf
Normal file
3
contrib/liveusb/etc/modprobe.d/blacklist.conf
Normal file
|
@ -0,0 +1,3 @@
|
|||
blacklist snd_hda_intel
|
||||
blacklist nouveau
|
||||
blacklist mei_me
|
3
contrib/liveusb/etc/modprobe.d/e1000e.conf
Normal file
3
contrib/liveusb/etc/modprobe.d/e1000e.conf
Normal file
|
@ -0,0 +1,3 @@
|
|||
# More conservative interrupt throttling for better latency
|
||||
# https://www.kernel.org/doc/Documentation/networking/e1000e.txt
|
||||
option e1000e InterruptThrottleRate=1
|
31
contrib/liveusb/etc/sysconfig/ip6tables
Normal file
31
contrib/liveusb/etc/sysconfig/ip6tables
Normal file
|
@ -0,0 +1,31 @@
|
|||
*filter
|
||||
:INPUT ACCEPT
|
||||
:FORWARD ACCEPT
|
||||
:OUTPUT ACCEPT
|
||||
|
||||
# Allow loopback traffic
|
||||
-A INPUT -i lo -j ACCEPT
|
||||
|
||||
# Allow established connections, and those not coming from the outside
|
||||
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
# Allow HTTP
|
||||
-A INPUT -p tcp --dport http -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
# Allow SSH
|
||||
-A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
# Allow Tinc
|
||||
-A INPUT -p udp --dport tinc -j ACCEPT
|
||||
-A INPUT -p tcp --dport tinc -j ACCEPT
|
||||
|
||||
# Accept Pings
|
||||
-A INPUT -p icmpv6 -j ACCEPT
|
||||
|
||||
# Reject everything else
|
||||
-A INPUT -j REJECT
|
||||
|
||||
# We wont act as a router
|
||||
-A FORWARD -j REJECT
|
||||
|
||||
COMMIT
|
34
contrib/liveusb/etc/sysconfig/iptables
Normal file
34
contrib/liveusb/etc/sysconfig/iptables
Normal file
|
@ -0,0 +1,34 @@
|
|||
*filter
|
||||
:INPUT ACCEPT
|
||||
:FORWARD ACCEPT
|
||||
:OUTPUT ACCEPT
|
||||
|
||||
# Allow loopback traffic
|
||||
-A INPUT -i lo -j ACCEPT
|
||||
|
||||
# Allow established connections, and those not coming from the outside
|
||||
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
||||
|
||||
# Allow HTTP
|
||||
-A INPUT -p tcp --dport http -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
# Allow VPN
|
||||
-A INPUT -s 10.0.0.0/8 -j ACCEPT
|
||||
|
||||
# Allow SSH
|
||||
-A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
# Allow Tinc
|
||||
-A INPUT -p udp --dport tinc -j ACCEPT
|
||||
-A INPUT -p tcp --dport tinc -j ACCEPT
|
||||
|
||||
# Accept Pings
|
||||
-A INPUT -p icmp -j ACCEPT
|
||||
|
||||
# Reject everything else
|
||||
-A INPUT -j REJECT
|
||||
|
||||
# We wont act as a router
|
||||
-A FORWARD -j REJECT
|
||||
|
||||
COMMIT
|
1
contrib/liveusb/etc/sysconfig/network
Normal file
1
contrib/liveusb/etc/sysconfig/network
Normal file
|
@ -0,0 +1 @@
|
|||
NETWORKING=yes
|
|
@ -1,11 +1,15 @@
|
|||
[Unit]
|
||||
Description=dhclient on all interfaces
|
||||
Wants=network.target
|
||||
Before=network.target
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
ExecStart=/sbin/dhclient -4
|
||||
ExecStart=/sbin/dhclient -4 -w
|
||||
|
||||
Restart=on-failure
|
||||
RestartSec=10
|
||||
|
||||
TimeoutSec=60
|
||||
|
||||
[Install]
|
||||
WantedBy=network.target
|
||||
|
|
|
@ -1,17 +1,16 @@
|
|||
[Unit]
|
||||
Description=S2SS LiveUSB Image setup
|
||||
Requires=dhclient.service network.service
|
||||
After=dhclient.service
|
||||
Requires=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/s2ss/contrib/liveusb/setup.sh
|
||||
ExecStart=/etc/image/setup.sh
|
||||
RemainAfterExit=yes
|
||||
|
||||
TimeoutSec=120
|
||||
|
||||
Restart=on-failure
|
||||
RestartSec=10
|
||||
|
||||
TimeoutSec=60
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
@ -4,12 +4,21 @@ set -e
|
|||
|
||||
RECIPIENTS="stvogel@eonerc.rwth-aachen.de,mstevic@eonerc.rwth-aachen.de"
|
||||
|
||||
SERVER=tux.0l.de
|
||||
SERVER=s2ss.0l.de
|
||||
USER=acs
|
||||
|
||||
PORT=$(shuf -i 60000-65535 -n 1)
|
||||
|
||||
# wait for working network connection
|
||||
while ! curl http://canihazip.com/s &> /dev/null; do
|
||||
sleep 1
|
||||
done
|
||||
|
||||
IP=$(curl -s http://canihazip.com/s)
|
||||
HOSTNAME=$(dig +short -x $IP)
|
||||
if [ -z "$HOSTNAME" ]; then
|
||||
HOSTNAME=$(hostname)
|
||||
fi
|
||||
|
||||
# check if system has net connectivity. otherwise die...
|
||||
ssh -q -o ConnectTimeout=2 $USER@$SERVER
|
||||
|
@ -27,6 +36,7 @@ To: $RECIPIENTS
|
|||
|
||||
There's a new host with the S2SS LiveUSB Image running:
|
||||
|
||||
Version: $(cat /etc/image-release)
|
||||
Reverse SSH tunnel port: $PORT
|
||||
Internet IP: $IP
|
||||
Hostname: $HOSTNAME
|
||||
|
|
|
@ -15,15 +15,13 @@ LDLIBS = -pthread -lrt -lm -lconfig
|
|||
CFLAGS = -std=gnu99 -Iinclude/ -MMD -Wall -O3
|
||||
CFLAGS += -D_XOPEN_SOURCE=500 -D_GNU_SOURCE -DV=$(V)
|
||||
|
||||
# Add git commit hash
|
||||
ifneq (,$(shell which git))
|
||||
CFLAGS += -D_GIT_REV='"$(shell git rev-parse --short HEAD)"'
|
||||
endif
|
||||
|
||||
# Conditional debug flags
|
||||
# Add more compiler flags
|
||||
ifdef DEBUG
|
||||
CFLAGS += -O0 -g
|
||||
endif
|
||||
ifneq (,$(shell which git))
|
||||
CFLAGS += -D_GIT_REV='"$(shell git rev-parse --short HEAD)"'
|
||||
endif
|
||||
|
||||
# Enabled GTFPGA support when libpci is available
|
||||
ifneq (,$(wildcard /usr/include/pci/pci.h))
|
||||
|
@ -42,7 +40,7 @@ ifneq (,$(wildcard $(OPALDIR)/include_target/AsyncApi.h))
|
|||
override OBJS += opal.o
|
||||
endif
|
||||
|
||||
.PHONY: all clean
|
||||
.PHONY: all clean strip protected
|
||||
|
||||
# Default target: build everything
|
||||
all: $(TARGETS)
|
||||
|
@ -54,10 +52,14 @@ receive: receive.o $(OBJS)
|
|||
random: random.o $(OBJS)
|
||||
test: test.o $(OBJS)
|
||||
|
||||
protected: CFLAGS += -DPROTECT -DVALID_UNTIL=$(shell date -d "now +5months" +%s) -s -O3 -fvisibility=hidden
|
||||
protected: clean strip
|
||||
|
||||
strip: $(TARGETS)
|
||||
strip --remove-section=.comment \
|
||||
--remove-section=.note \
|
||||
--strip-unneeded \
|
||||
--strip-debug \
|
||||
--strip-all \
|
||||
$(TARGETS)
|
||||
|
||||
|
||||
|
|
47
server/include/license.h
Normal file
47
server/include/license.h
Normal file
|
@ -0,0 +1,47 @@
|
|||
#ifdef PROTECT
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
#include <sys/ptrace.h>
|
||||
|
||||
/** Check for correct license */
|
||||
static inline __attribute__((always_inline)) int check_license()
|
||||
{
|
||||
const struct {
|
||||
char *file, *content;
|
||||
off_t offset;
|
||||
} checks[] = {
|
||||
{ "/sys/class/dmi/id/product_uuid", "5002E503-4904-EB05-7406-0C0700080009" },
|
||||
{ "/sys/class/net/eth0/address" , "50:e5:49:eb:74:0c" },
|
||||
{ "/etc/machine-id", "0d8399d0216314f083b9ed2053a354a8" },
|
||||
{ "/dev/sda2", "\x53\xf6\xb5\xeb\x8b\x16\x46\xdc\x8d\x8f\x5b\x70\xb8\xc9\x1a\x2a", 0x468 }, /* EXT4 UUID */
|
||||
};
|
||||
|
||||
if (ptrace(PTRACE_TRACEME, 0, 0, 0) < 0)
|
||||
return -1;
|
||||
|
||||
if (time(NULL) > VALID_UNTIL)
|
||||
return -1;
|
||||
|
||||
FILE *f;
|
||||
char buf[128];
|
||||
|
||||
for (int i = 0; i < ARRAY_LEN(checks); i++) {
|
||||
f = fopen(checks[i].file, "r");
|
||||
if (!f)
|
||||
return -1;
|
||||
|
||||
fseek(f, checks[i].offset, SEEK_SET);
|
||||
fgets(buf, sizeof(buf), f);
|
||||
fclose(f);
|
||||
|
||||
if (strncmp(buf, checks[i].content, strlen(checks[i].content)))
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#else
|
||||
#define check_license() (0)
|
||||
#endif
|
|
@ -14,6 +14,7 @@
|
|||
#include <errno.h>
|
||||
#include <sched.h>
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
#include "log.h"
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
#include "cfg.h"
|
||||
#include "path.h"
|
||||
#include "node.h"
|
||||
#include "license.h"
|
||||
|
||||
#ifdef ENABLE_OPAL_ASYNC
|
||||
#include "opal.h"
|
||||
|
@ -128,6 +129,9 @@ int main(int argc, char *argv[])
|
|||
if (getuid() != 0)
|
||||
error("The server requires superuser privileges!");
|
||||
|
||||
if (check_license())
|
||||
error("You're not allowed to use this software!");
|
||||
|
||||
/* Initialize lists */
|
||||
list_init(&nodes, (dtor_cb_t) node_destroy);
|
||||
list_init(&paths, (dtor_cb_t) path_destroy);
|
||||
|
|
|
@ -8,13 +8,13 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
#include <errno.h>
|
||||
#include <unistd.h>
|
||||
#include <netdb.h>
|
||||
#include <math.h>
|
||||
#include <signal.h>
|
||||
#include <pthread.h>
|
||||
#include <fstab.h>
|
||||
|
||||
#ifdef ENABLE_OPAL_ASYNC
|
||||
#define RTLAB
|
||||
|
|
Loading…
Add table
Reference in a new issue