1
0
Fork 0
mirror of https://git.rwth-aachen.de/acs/public/villas/node/ synced 2025-03-09 00:00:00 +01:00

Merge branch 'master' of github.com:RWTH-ACS/S2SS

This commit is contained in:
Steffen Vogel 2015-05-19 16:57:07 +02:00
commit 09e888d52b
15 changed files with 158 additions and 17 deletions

View file

@ -0,0 +1 @@
0.5-turin

View file

@ -0,0 +1 @@
setup.sh

View file

@ -0,0 +1,3 @@
blacklist snd_hda_intel
blacklist nouveau
blacklist mei_me

View file

@ -0,0 +1,3 @@
# More conservative interrupt throttling for better latency
# https://www.kernel.org/doc/Documentation/networking/e1000e.txt
option e1000e InterruptThrottleRate=1

View file

@ -0,0 +1,31 @@
*filter
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
# Allow loopback traffic
-A INPUT -i lo -j ACCEPT
# Allow established connections, and those not coming from the outside
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# Allow HTTP
-A INPUT -p tcp --dport http -m conntrack --ctstate NEW -j ACCEPT
# Allow SSH
-A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j ACCEPT
# Allow Tinc
-A INPUT -p udp --dport tinc -j ACCEPT
-A INPUT -p tcp --dport tinc -j ACCEPT
# Accept Pings
-A INPUT -p icmpv6 -j ACCEPT
# Reject everything else
-A INPUT -j REJECT
# We wont act as a router
-A FORWARD -j REJECT
COMMIT

View file

@ -0,0 +1,34 @@
*filter
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
# Allow loopback traffic
-A INPUT -i lo -j ACCEPT
# Allow established connections, and those not coming from the outside
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# Allow HTTP
-A INPUT -p tcp --dport http -m conntrack --ctstate NEW -j ACCEPT
# Allow VPN
-A INPUT -s 10.0.0.0/8 -j ACCEPT
# Allow SSH
-A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -j ACCEPT
# Allow Tinc
-A INPUT -p udp --dport tinc -j ACCEPT
-A INPUT -p tcp --dport tinc -j ACCEPT
# Accept Pings
-A INPUT -p icmp -j ACCEPT
# Reject everything else
-A INPUT -j REJECT
# We wont act as a router
-A FORWARD -j REJECT
COMMIT

View file

@ -0,0 +1 @@
NETWORKING=yes

View file

@ -1,11 +1,15 @@
[Unit]
Description=dhclient on all interfaces
Wants=network.target
Before=network.target
[Service]
Type=forking
ExecStart=/sbin/dhclient -4
ExecStart=/sbin/dhclient -4 -w
Restart=on-failure
RestartSec=10
TimeoutSec=60
[Install]
WantedBy=network.target

View file

@ -1,17 +1,16 @@
[Unit]
Description=S2SS LiveUSB Image setup
Requires=dhclient.service network.service
After=dhclient.service
Requires=network-online.target
[Service]
Type=simple
ExecStart=/s2ss/contrib/liveusb/setup.sh
ExecStart=/etc/image/setup.sh
RemainAfterExit=yes
TimeoutSec=120
Restart=on-failure
RestartSec=10
TimeoutSec=60
[Install]
WantedBy=multi-user.target

View file

@ -4,12 +4,21 @@ set -e
RECIPIENTS="stvogel@eonerc.rwth-aachen.de,mstevic@eonerc.rwth-aachen.de"
SERVER=tux.0l.de
SERVER=s2ss.0l.de
USER=acs
PORT=$(shuf -i 60000-65535 -n 1)
# wait for working network connection
while ! curl http://canihazip.com/s &> /dev/null; do
sleep 1
done
IP=$(curl -s http://canihazip.com/s)
HOSTNAME=$(dig +short -x $IP)
if [ -z "$HOSTNAME" ]; then
HOSTNAME=$(hostname)
fi
# check if system has net connectivity. otherwise die...
ssh -q -o ConnectTimeout=2 $USER@$SERVER
@ -27,6 +36,7 @@ To: $RECIPIENTS
There's a new host with the S2SS LiveUSB Image running:
Version: $(cat /etc/image-release)
Reverse SSH tunnel port: $PORT
Internet IP: $IP
Hostname: $HOSTNAME

View file

@ -15,15 +15,13 @@ LDLIBS = -pthread -lrt -lm -lconfig
CFLAGS = -std=gnu99 -Iinclude/ -MMD -Wall -O3
CFLAGS += -D_XOPEN_SOURCE=500 -D_GNU_SOURCE -DV=$(V)
# Add git commit hash
ifneq (,$(shell which git))
CFLAGS += -D_GIT_REV='"$(shell git rev-parse --short HEAD)"'
endif
# Conditional debug flags
# Add more compiler flags
ifdef DEBUG
CFLAGS += -O0 -g
endif
ifneq (,$(shell which git))
CFLAGS += -D_GIT_REV='"$(shell git rev-parse --short HEAD)"'
endif
# Enabled GTFPGA support when libpci is available
ifneq (,$(wildcard /usr/include/pci/pci.h))
@ -42,7 +40,7 @@ ifneq (,$(wildcard $(OPALDIR)/include_target/AsyncApi.h))
override OBJS += opal.o
endif
.PHONY: all clean
.PHONY: all clean strip protected
# Default target: build everything
all: $(TARGETS)
@ -54,10 +52,14 @@ receive: receive.o $(OBJS)
random: random.o $(OBJS)
test: test.o $(OBJS)
protected: CFLAGS += -DPROTECT -DVALID_UNTIL=$(shell date -d "now +5months" +%s) -s -O3 -fvisibility=hidden
protected: clean strip
strip: $(TARGETS)
strip --remove-section=.comment \
--remove-section=.note \
--strip-unneeded \
--strip-debug \
--strip-all \
$(TARGETS)

47
server/include/license.h Normal file
View file

@ -0,0 +1,47 @@
#ifdef PROTECT
#include <stdio.h>
#include <string.h>
#include <time.h>
#include <sys/ptrace.h>
/** Check for correct license */
static inline __attribute__((always_inline)) int check_license()
{
const struct {
char *file, *content;
off_t offset;
} checks[] = {
{ "/sys/class/dmi/id/product_uuid", "5002E503-4904-EB05-7406-0C0700080009" },
{ "/sys/class/net/eth0/address" , "50:e5:49:eb:74:0c" },
{ "/etc/machine-id", "0d8399d0216314f083b9ed2053a354a8" },
{ "/dev/sda2", "\x53\xf6\xb5\xeb\x8b\x16\x46\xdc\x8d\x8f\x5b\x70\xb8\xc9\x1a\x2a", 0x468 }, /* EXT4 UUID */
};
if (ptrace(PTRACE_TRACEME, 0, 0, 0) < 0)
return -1;
if (time(NULL) > VALID_UNTIL)
return -1;
FILE *f;
char buf[128];
for (int i = 0; i < ARRAY_LEN(checks); i++) {
f = fopen(checks[i].file, "r");
if (!f)
return -1;
fseek(f, checks[i].offset, SEEK_SET);
fgets(buf, sizeof(buf), f);
fclose(f);
if (strncmp(buf, checks[i].content, strlen(checks[i].content)))
return -1;
}
return 0;
}
#else
#define check_license() (0)
#endif

View file

@ -14,6 +14,7 @@
#include <errno.h>
#include <sched.h>
#include <string.h>
#include <time.h>
#include <sys/types.h>
#include "log.h"

View file

@ -18,6 +18,7 @@
#include "cfg.h"
#include "path.h"
#include "node.h"
#include "license.h"
#ifdef ENABLE_OPAL_ASYNC
#include "opal.h"
@ -128,6 +129,9 @@ int main(int argc, char *argv[])
if (getuid() != 0)
error("The server requires superuser privileges!");
if (check_license())
error("You're not allowed to use this software!");
/* Initialize lists */
list_init(&nodes, (dtor_cb_t) node_destroy);
list_init(&paths, (dtor_cb_t) path_destroy);

View file

@ -8,13 +8,13 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <errno.h>
#include <unistd.h>
#include <netdb.h>
#include <math.h>
#include <signal.h>
#include <pthread.h>
#include <fstab.h>
#ifdef ENABLE_OPAL_ASYNC
#define RTLAB