* tls boot over aan
@ 2020-09-11 6:02 Xiao-Yong Jin
2020-09-11 17:24 ` Xiao-Yong Jin
0 siblings, 1 reply; 2+ messages in thread
From: Xiao-Yong Jin @ 2020-09-11 6:02 UTC (permalink / raw)
To: 9front
I made the following changes so that I can boot with tls over aan.
srvtlsaan connects to rcpu and start aan that trampolines to net!$fs!9fs.
diff -r d8b6a8706f51 rc/bin/srvtlsaan
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/rc/bin/srvtlsaan Fri Sep 11 00:50:11 2020 -0500
@@ -0,0 +1,82 @@
+#!/bin/rc
+rfork e
+
+fn usage {
+ echo 'usage: srvtlsaan [ -abcCnq ] [ -m aanto ] [ -p aanport ] [ -k keyspec ] [net!]system[!service] [ srvname [ mtpt ] ]' >[1=2]
+ exit usage
+}
+
+aanto=86400
+aanport=0
+mopt=()
+mtpt=()
+client=(/bin/tlsclient -a)
+
+while(~ $1 -*){
+ switch($1){
+ case -[abcCnq]*; mopt=($mopt $1)
+ case *
+ ~ $#* 1 && usage
+ switch($1){
+ case -m; aanto=$2
+ case -p; aanport=$2
+ case -k; client=($client $1 $2)
+ case *; usage
+ }
+ shift
+ }
+ shift
+}
+
+switch($#*){
+case 1; srv=/srv/$1
+case 2; srv=/srv/$2
+case 3; srv=/srv/$2; mtpt=$3
+case *; usage
+}
+
+switch($1){
+case *!*!*; host=$1
+case *!*; host=$1!rcpu
+case *; host=net!$1!rcpu
+}
+
+script='
+aanport='$aanport'
+aanto='$aanto'
+aanpipe=aan9fs
+~ $#netdir 1 || netdir=/net/tcp/clone
+netdir=`{basename -d $netdir} || exit netdir
+<>$netdir/clone {
+ netdir=$netdir/^`{read} || exit clone
+ >[3] $netdir/ctl {
+ echo -n ''announce *!''$aanport >[1=3]
+ cat $netdir/local || exit local
+ bind ''#|'' /mnt/$aanpipe || exit pipe
+ exec aan -m $aanto $netdir <>/mnt/$aanpipe/data1 >[1=0] >[2]/dev/null &
+ }
+}
+<>/mnt/$aanpipe/data >[1=0] >[2]/dev/null {
+ rm -f /env/^(''fn#server'' aanport aanto aanpipe)
+ exec tlssrv -A /bin/aux/trampoline ''net!$fs!9fs''
+}
+'
+
+aanpipe=aan9fsc
+bind '#|' /mnt/$aanpipe || exit pipe
+
+fn startaan {
+ echo $script | wc -c
+ echo $script
+ na=`{echo -n $host | sed 's|![^!]*$|!|'}^`{read | sed 's|.*!||'}
+ exec aan -c -m $aanto $na <>/mnt/$aanpipe/data1 >[1=0] >[2]/dev/null &
+}
+
+$client $host /bin/rc -c startaan
+
+fn post {
+ echo 0 >$srv
+}
+if(test -f $srv || $client -o /mnt/$aanpipe/data /bin/rc -c post){
+ ~ $#mtpt 0 || mount $mopt $srv $mtpt
+}
diff -r d8b6a8706f51 sys/src/9/boot/bootfs.proto
--- a/sys/src/9/boot/bootfs.proto Mon Sep 07 19:32:50 2020 -0700
+++ b/sys/src/9/boot/bootfs.proto Fri Sep 11 00:50:11 2020 -0500
@@ -1,6 +1,7 @@
$objtype
bin
9660srv
+ aan
awk
auth
secstore
@@ -32,6 +33,7 @@
dnsgetip
hjfs
rc
+ read
rm
sed
sleep
@@ -44,6 +46,7 @@
ether
disk
kb
+ wc
xd
rc
lib
@@ -55,6 +58,7 @@
fstype
diskparts
srvtls
+ srvtlsaan
nusbrc 555 sys sys ../boot/nusbrc
bootrc 555 sys sys ../boot/bootrc
tmp
diff -r d8b6a8706f51 sys/src/9/boot/net.rc
--- a/sys/src/9/boot/net.rc Mon Sep 07 19:32:50 2020 -0700
+++ b/sys/src/9/boot/net.rc Fri Sep 11 00:50:11 2020 -0500
@@ -65,25 +65,32 @@
}
fn connecttcp{
- while(! ~ $#fs 0 && ! srv -q tcp!$fs(1)^!564 boot)
+ while(! ~ $#fs 0 && ! srv -q $srvopt tcp!$fs(1)^!564 boot)
fs=$fs(2-);
fs=$fs(1)
}
fn connecttls{
- while(! ~ $#fs 0 && ! srvtls -q tcp!$fs(1)^!17020 boot)
+ while(! ~ $#fs 0 && ! srvtls -q $srvopt tcp!$fs(1)^!17020 boot)
+ fs=$fs(2-);
+ fs=$fs(1)
+}
+
+fn connecttlsaan{
+ while(! ~ $#fs 0 && ! srvtlsaan -q $srvopt tcp!$fs(1)^!17019 boot)
fs=$fs(2-);
fs=$fs(1)
}
fn connectil{
- while(! ~ $#fs 0 && ! srv -q il!$fs(1)^!17008 boot)
+ while(! ~ $#fs 0 && ! srv -q $srvopt il!$fs(1)^!17008 boot)
fs=$fs(2-);
fs=$fs(1)
}
mtcp=(confignet connecttcp)
mtls=(confignet connecttls)
+mtlsaan=(confignet connecttlsaan)
mil=(confignet connectil)
-mt=(mtcp mtls mil $mt)
+mt=(mtcp mtls mtlsaan mil $mt)
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: tls boot over aan
2020-09-11 6:02 tls boot over aan Xiao-Yong Jin
@ 2020-09-11 17:24 ` Xiao-Yong Jin
0 siblings, 0 replies; 2+ messages in thread
From: Xiao-Yong Jin @ 2020-09-11 17:24 UTC (permalink / raw)
To: 9front
Here is an updated patch.
I have to remove that suicidal thought inside aan,
because refused connection can be just a broken
network while the server is alive and well.
diff -r d8b6a8706f51 rc/bin/srvtlsaan
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/rc/bin/srvtlsaan Fri Sep 11 12:11:24 2020 -0500
@@ -0,0 +1,85 @@
+#!/bin/rc
+rfork e
+
+fn usage {
+ echo 'usage: srvtlsaan [ -abcCnq ] [ -d ] [ -m aanto ] [ -p aanport ] [ -k keyspec ] [net!]system[!service] [ srvname [ mtpt ] ]' >[1=2]
+ exit usage
+}
+
+aanto=86400
+aanport=0
+aandebug=()
+mopt=()
+mtpt=()
+client=(/bin/tlsclient -a)
+
+while(~ $1 -*){
+ switch($1){
+ case -[abcCnq]*; mopt=($mopt $1)
+ case -d; aandebug=(-d)
+ case *
+ ~ $#* 1 && usage
+ switch($1){
+ case -m; aanto=$2
+ case -p; aanport=$2
+ case -k; client=($client $1 $2)
+ case *; usage
+ }
+ shift
+ }
+ shift
+}
+
+switch($#*){
+case 1; srv=/srv/$1
+case 2; srv=/srv/$2
+case 3; srv=/srv/$2; mtpt=$3
+case *; usage
+}
+
+switch($1){
+case *!*!*; host=$1
+case *!*; host=$1!rcpu
+case *; host=net!$1!rcpu
+}
+
+script='
+aanport='$aanport'
+aanto='$aanto'
+aandebug=('$"aandebug')
+aanpipe=aan9fs
+~ $#netdir 1 || netdir=/net/tcp/clone
+netdir=`{basename -d $netdir} || exit netdir
+<>$netdir/clone {
+ netdir=$netdir/^`{read} || exit clone
+ >[3] $netdir/ctl {
+ echo -n ''announce *!''$aanport >[1=3]
+ cat $netdir/local || exit local
+ bind ''#|'' /mnt/$aanpipe || exit pipe
+ exec aan $aandebug -m $aanto $netdir <>/mnt/$aanpipe/data1 >[1=0] >[2]/dev/null &
+ }
+}
+<>/mnt/$aanpipe/data >[1=0] >[2]/dev/null {
+ rm -f /env/^(''fn#server'' aanport aanto aandebug aanpipe)
+ exec tlssrv -A /bin/aux/trampoline ''net!$fs!9fs''
+}
+'
+
+aanpipe=aan9fsc
+bind '#|' /mnt/$aanpipe || exit pipe
+
+fn startaan {
+ echo $script | wc -c
+ echo $script
+ na=`{echo -n $host | sed 's|![^!]*$|!|'}^`{read | sed 's|.*!||'}
+ exec aan -c $aandebug -m $aanto $na <>/mnt/$aanpipe/data1 >[1=0] >[2]/dev/null &
+}
+
+$client $host /bin/rc -c startaan
+
+fn post {
+ echo 0 >$srv
+}
+if(test -f $srv || $client -o /mnt/$aanpipe/data /bin/rc -c post){
+ ~ $#mtpt 0 || mount $mopt $srv $mtpt
+}
diff -r d8b6a8706f51 sys/src/9/boot/bootfs.proto
--- a/sys/src/9/boot/bootfs.proto Mon Sep 07 19:32:50 2020 -0700
+++ b/sys/src/9/boot/bootfs.proto Fri Sep 11 12:11:24 2020 -0500
@@ -1,6 +1,7 @@
$objtype
bin
9660srv
+ aan
awk
auth
secstore
@@ -32,6 +33,7 @@
dnsgetip
hjfs
rc
+ read
rm
sed
sleep
@@ -44,6 +46,7 @@
ether
disk
kb
+ wc
xd
rc
lib
@@ -55,6 +58,7 @@
fstype
diskparts
srvtls
+ srvtlsaan
nusbrc 555 sys sys ../boot/nusbrc
bootrc 555 sys sys ../boot/bootrc
tmp
diff -r d8b6a8706f51 sys/src/9/boot/net.rc
--- a/sys/src/9/boot/net.rc Mon Sep 07 19:32:50 2020 -0700
+++ b/sys/src/9/boot/net.rc Fri Sep 11 12:11:24 2020 -0500
@@ -65,25 +65,32 @@
}
fn connecttcp{
- while(! ~ $#fs 0 && ! srv -q tcp!$fs(1)^!564 boot)
+ while(! ~ $#fs 0 && ! srv -q $srvopt tcp!$fs(1)^!564 boot)
fs=$fs(2-);
fs=$fs(1)
}
fn connecttls{
- while(! ~ $#fs 0 && ! srvtls -q tcp!$fs(1)^!17020 boot)
+ while(! ~ $#fs 0 && ! srvtls -q $srvopt tcp!$fs(1)^!17020 boot)
+ fs=$fs(2-);
+ fs=$fs(1)
+}
+
+fn connecttlsaan{
+ while(! ~ $#fs 0 && ! srvtlsaan -q $srvopt tcp!$fs(1)^!17019 boot)
fs=$fs(2-);
fs=$fs(1)
}
fn connectil{
- while(! ~ $#fs 0 && ! srv -q il!$fs(1)^!17008 boot)
+ while(! ~ $#fs 0 && ! srv -q $srvopt il!$fs(1)^!17008 boot)
fs=$fs(2-);
fs=$fs(1)
}
mtcp=(confignet connecttcp)
mtls=(confignet connecttls)
+mtlsaan=(confignet connecttlsaan)
mil=(confignet connectil)
-mt=(mtcp mtls mil $mt)
+mt=(mtcp mtls mtlsaan mil $mt)
diff -r d8b6a8706f51 sys/src/cmd/aan.c
--- a/sys/src/cmd/aan.c Mon Sep 07 19:32:50 2020 -0700
+++ b/sys/src/cmd/aan.c Fri Sep 11 12:11:24 2020 -0500
@@ -357,10 +357,6 @@
err[0] = '\0';
errstr(err, sizeof err);
- if (strstr(err, "connection refused")) {
- if(debug) fprint(2, "reconnect; server died...\n");
- threadexitsall("server died...");
- }
if(debug) fprint(2, "reconnect: dialed %s; %s\n", dialstring, err);
sleep(1000);
}
> On Sep 11, 2020, at 1:02 AM, Xiao-Yong Jin <meta.jxy@gmail.com> wrote:
>
> I made the following changes so that I can boot with tls over aan.
> srvtlsaan connects to rcpu and start aan that trampolines to net!$fs!9fs.
>
>
> diff -r d8b6a8706f51 rc/bin/srvtlsaan
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/rc/bin/srvtlsaan Fri Sep 11 00:50:11 2020 -0500
> @@ -0,0 +1,82 @@
> +#!/bin/rc
> +rfork e
> +
> +fn usage {
> + echo 'usage: srvtlsaan [ -abcCnq ] [ -m aanto ] [ -p aanport ] [ -k keyspec ] [net!]system[!service] [ srvname [ mtpt ] ]' >[1=2]
> + exit usage
> +}
> +
> +aanto=86400
> +aanport=0
> +mopt=()
> +mtpt=()
> +client=(/bin/tlsclient -a)
> +
> +while(~ $1 -*){
> + switch($1){
> + case -[abcCnq]*; mopt=($mopt $1)
> + case *
> + ~ $#* 1 && usage
> + switch($1){
> + case -m; aanto=$2
> + case -p; aanport=$2
> + case -k; client=($client $1 $2)
> + case *; usage
> + }
> + shift
> + }
> + shift
> +}
> +
> +switch($#*){
> +case 1; srv=/srv/$1
> +case 2; srv=/srv/$2
> +case 3; srv=/srv/$2; mtpt=$3
> +case *; usage
> +}
> +
> +switch($1){
> +case *!*!*; host=$1
> +case *!*; host=$1!rcpu
> +case *; host=net!$1!rcpu
> +}
> +
> +script='
> +aanport='$aanport'
> +aanto='$aanto'
> +aanpipe=aan9fs
> +~ $#netdir 1 || netdir=/net/tcp/clone
> +netdir=`{basename -d $netdir} || exit netdir
> +<>$netdir/clone {
> + netdir=$netdir/^`{read} || exit clone
> + >[3] $netdir/ctl {
> + echo -n ''announce *!''$aanport >[1=3]
> + cat $netdir/local || exit local
> + bind ''#|'' /mnt/$aanpipe || exit pipe
> + exec aan -m $aanto $netdir <>/mnt/$aanpipe/data1 >[1=0] >[2]/dev/null &
> + }
> +}
> +<>/mnt/$aanpipe/data >[1=0] >[2]/dev/null {
> + rm -f /env/^(''fn#server'' aanport aanto aanpipe)
> + exec tlssrv -A /bin/aux/trampoline ''net!$fs!9fs''
> +}
> +'
> +
> +aanpipe=aan9fsc
> +bind '#|' /mnt/$aanpipe || exit pipe
> +
> +fn startaan {
> + echo $script | wc -c
> + echo $script
> + na=`{echo -n $host | sed 's|![^!]*$|!|'}^`{read | sed 's|.*!||'}
> + exec aan -c -m $aanto $na <>/mnt/$aanpipe/data1 >[1=0] >[2]/dev/null &
> +}
> +
> +$client $host /bin/rc -c startaan
> +
> +fn post {
> + echo 0 >$srv
> +}
> +if(test -f $srv || $client -o /mnt/$aanpipe/data /bin/rc -c post){
> + ~ $#mtpt 0 || mount $mopt $srv $mtpt
> +}
> diff -r d8b6a8706f51 sys/src/9/boot/bootfs.proto
> --- a/sys/src/9/boot/bootfs.proto Mon Sep 07 19:32:50 2020 -0700
> +++ b/sys/src/9/boot/bootfs.proto Fri Sep 11 00:50:11 2020 -0500
> @@ -1,6 +1,7 @@
> $objtype
> bin
> 9660srv
> + aan
> awk
> auth
> secstore
> @@ -32,6 +33,7 @@
> dnsgetip
> hjfs
> rc
> + read
> rm
> sed
> sleep
> @@ -44,6 +46,7 @@
> ether
> disk
> kb
> + wc
> xd
> rc
> lib
> @@ -55,6 +58,7 @@
> fstype
> diskparts
> srvtls
> + srvtlsaan
> nusbrc 555 sys sys ../boot/nusbrc
> bootrc 555 sys sys ../boot/bootrc
> tmp
> diff -r d8b6a8706f51 sys/src/9/boot/net.rc
> --- a/sys/src/9/boot/net.rc Mon Sep 07 19:32:50 2020 -0700
> +++ b/sys/src/9/boot/net.rc Fri Sep 11 00:50:11 2020 -0500
> @@ -65,25 +65,32 @@
> }
>
> fn connecttcp{
> - while(! ~ $#fs 0 && ! srv -q tcp!$fs(1)^!564 boot)
> + while(! ~ $#fs 0 && ! srv -q $srvopt tcp!$fs(1)^!564 boot)
> fs=$fs(2-);
> fs=$fs(1)
> }
>
> fn connecttls{
> - while(! ~ $#fs 0 && ! srvtls -q tcp!$fs(1)^!17020 boot)
> + while(! ~ $#fs 0 && ! srvtls -q $srvopt tcp!$fs(1)^!17020 boot)
> + fs=$fs(2-);
> + fs=$fs(1)
> +}
> +
> +fn connecttlsaan{
> + while(! ~ $#fs 0 && ! srvtlsaan -q $srvopt tcp!$fs(1)^!17019 boot)
> fs=$fs(2-);
> fs=$fs(1)
> }
>
> fn connectil{
> - while(! ~ $#fs 0 && ! srv -q il!$fs(1)^!17008 boot)
> + while(! ~ $#fs 0 && ! srv -q $srvopt il!$fs(1)^!17008 boot)
> fs=$fs(2-);
> fs=$fs(1)
> }
>
> mtcp=(confignet connecttcp)
> mtls=(confignet connecttls)
> +mtlsaan=(confignet connecttlsaan)
> mil=(confignet connectil)
>
> -mt=(mtcp mtls mil $mt)
> +mt=(mtcp mtls mtlsaan mil $mt)
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-09-11 17:24 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-11 6:02 tls boot over aan Xiao-Yong Jin
2020-09-11 17:24 ` Xiao-Yong Jin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).