VDE Support?

[b4]

Any plans to implement VDE support? (vde2, http://sourceforge.net/projects/vde/files/vde2/) It would greatly simply my running of VMs on BSD. ;)

[Rhialto]

On Wed 25 Nov 2015 at 23:50:21 -0800, Cory Smelosky wrote:

Any plans to implement VDE support? (vde2, http://sourceforge.net/projects/vde/files/vde2/) It would greatly simply my running of VMs on BSD. ;)

I wasn't planning it so far, but I had a quick look :-)

pkgsrc has vde 1.x which is marked "only for linux", so for my own convenience I would first create a package for vde2.

Then I hope the way you use it is similar enough to one of the other existing methods, since the whole networking thing in klh10 is a bit of an #ifdef hell actually.

Maybe it is a nice project for the christmas vacation :)

-Olaf.

___ Olaf 'Rhialto' Seibert -- The Doctor: No, 'eureka' is Greek for \X/ rhialto/at/xs4all.nl -- 'this bath is too hot.'

[Rhialto]

I prepared a patch to compile vde2 for NetBSD, and posted it to the sourceforge ticket system: https://sourceforge.net/p/vde/bugs/77/ . It seems however that vde2 support is dead. There are years old open tickets that have no reply, and the mailing list archives show no activity there either (apart from some patches posted by users with no apparent effect).

Under these circumstances, trying to support vde2 seems futile.

Any particular reason why tun/tap support does not work for you?

[b4]

It's a jail VM where creating a tap interface for each is fiffidult

Sent from my iPhone

On Nov 30, 2015, at 14:51, Rhialto The M. notifications@github.com wrote:

I prepared a patch to compile vde2 for NetBSD, and posted it to the sourceforge ticket system. It seems however that vde2 support is dead. There are years old open tickets that have no reply, and the mailing list archives show no activity there either (apart from some patches posted by users with no apparent effect).

Under these circumstances, trying to support vde2 seems futile.

Any particular reason why tun/tap support does not work for you?

— Reply to this email directly or view it on GitHub.

[Rhialto]

On Mon 30 Nov 2015 at 15:38:08 -0800, Cory Smelosky wrote:

It's a jail VM where creating a tap interface for each is fiffidult

I see. But they're created automatically, if it doesn't exist yet (you can pre-create them). Also I think that even with VDE, you need to gain access to the VDE socket, if I understand it correctly. So you'd still need to provide a hard link to the socket, or something along those lines.

I briefly thought that maybe you could use hard-links to a single tap0 for all jails and emulators. But I suspect that all openers of the same tap get to share the incoming packets amongst them, instead of receiving a copy each.

The bears on the road that I see are the unmaintained status of VDE (I don't want to get stuck with maintaining NetBSD patches), and the mess of #ifdefs in src/osdnet.c. That code should really be reorganized. As it is, it is also limited to providing only one connectivity method, as chosen at compile time. What simh does is much better; it has nicely separated code and chooses at runtime which method to use. But refactoring that would be a lot of work, and I can't test KLH10_NET_NIT, KLH10_NET_DLPI or KLH10_NET_PFLT. So we'd lose those.

-Olaf.

___ Olaf 'Rhialto' Seibert -- The Doctor: No, 'eureka' is Greek for \X/ rhialto/at/xs4all.nl -- 'this bath is too hot.'

[Rhialto]

Ok, here is my current plan (time permitting, etc). I'm going to use libpcap for packet capture. This can replace support of BPF, DLPI, and NIT. Support for KLH10_NET_PFLT will be dropped (a comment remarks "Really DECOSF"). I expect that it is quite possible that with the abstraction from "borrowing a particular ethernet interface" we can also get rid of "looking up the ethernet interface's link-layer address" since we can simply invent one in more/most/all cases. I will also make the packet access method run-time selectable instead of compile-time selectable. After that, VDE support should be easy :-)

[Rhialto]

It's been a bit longer than expected, but I got a bit sidetracked in making the changes easier :-) I've overhauled the configuration process (there is now a configure script) and the structure of the networking code. After that, adding VDE was almost disappointingly trivial...

Note that I have only compile-tested it on a virtual FreeBSD 10.2 install. I have no experience with VDE so I'd need to find out how to test it. Better leave it to you. Building is the fairly usual autogen.sh from a fresh new directory, then make in 3 directories, one for each model. Let me know how it goes!

edit: it's in the libpcap branch...

[b4]

[dpni20: Warning - cannot set high priority - Permission denied]

[dpni20: Fatal error: Interface method "vde" not supported - Permission denied]

Despite successful linking against vdeplug.

Need further tracing...I believe EPERM is the wrong error.

[b4]

KLH10# devdef ni0 564 ni20 dedic=true ifmeth=vde ifc=/tmp/vde enaddr=aa:00:04:00:02:24

root 22246 0.0 0.0 9948 1744 ?? SsJ 7:33PM 0:00.05 vde_switch -d -s /tmp/vde -M /tmp/vde-mgmt -tap tap2 -m 660 -g wheel --mgmtmode 660 --mgmtgroup wheel

[b4]

Okay, I overrode the autodetection so it found <libvdeplug.h>

Now:

[dpni20: Warning - cannot set high priority - Permission denied] [dpni20: ifc "/tmp/vde" => ether f2:b:a4:a4:4e:48] [dpni20: VHOST 0.0.0.0]

[dpni20-W: "/tmp/vde" SIOCSIFLLADDR failed - Device not configured]

[dpni20-W: "/tmp/vde" E/N addr change failed, Old=f2:b:a4:a4:4e:48 New=aa:0:4:0:2:24]

[dpni20-W: "/tmp/vde" SIOCSIFLLADDR failed - Device not configured]

[dpni20-W: "/tmp/vde" E/N addr change failed, Old=f2:b:a4:a4:4e:48 New=aa:0:4:0:2:24]

devdef ni0 564 ni20 dedic=true ifmeth=vde ifc=/tmp/vde enaddr=aa:00:04:00:02:24

[b4]

Aside from the (seemingly benign "interrupted system call") it seems to operate:

26593: lstat("/tmp/vde",{ mode=drwxrws--- ,inode=258491,size=7,blksize=4096 }) = 0 (0x0) 26593: socket(PF_LOCAL,SOCK_STREAM,0) = 3 (0x3) 26593: socket(PF_LOCAL,SOCK_DGRAM,0) = 4 (0x4) 26593: connect(3,{ AF_UNIX "/tmp/vde/ctl" },106) = 0 (0x0) 26593: bind(4,{ AF_UNIX "/tmp/vde/.26593-00000" },106) = 0 (0x0) 26593: stat("/tmp/vde/ctl",{ mode=srw-rw---- ,inode=371254,size=0,blksize=131072 }) = 0 (0x0) 26593: chmod("/tmp/vde/.26593-00000",00) = 0 (0x0) 26593: sendto(3,"\M-N\M-z\M-m\M-~^C\0\0\0\0\0\0"...,158,0x0,NULL,0x0) = 158 (0x9e) 26593: recvfrom(3,"\0^A/tmp/vde/002.8\0\0\0\0\0\0"...,106,0x0,NULL,0x0) = 106 (0x6a) 26593: connect(4,{ AF_UNIX "/tmp/vde/002.8" },106) = 0 (0x0) 26593: chmod("/tmp/vde/002.8",00) = 0 (0x0) 26593: write(2,"[dpni20: ",9) ERR#4 'Interrupted system call' 26580: nanosleep({4.999000356 }) = 9 (0x9) 26593: write(2,"ifc "/tmp/vde" => ether f2:b:a4:"...,40) ERR#4 'Interrupted system call'

26593: socket(PF_INET,SOCK_DGRAM,0) ERR#4 'Interrupted system call' 26595: recvfrom(4,"\0\0\0\0\0\0D\M-Y\M-gA\M^K^]\b"...,1600,0x0,NULL,0x0) = 5 (0x5) 26593: ioctl(5,SIOCSIFLLADDR,0xffffe8a0) = 0 (0x0) 26580: kill(26581,SIGURG) = 60 (0x3c) 26595: kill(26580,SIGUSR1) = 0 (0x0) 26581: SIGNAL 16 (SIGURG) 26581: sigsuspend(0x7fffffffe970,0x1e,0x0,0x60,0x802c0a900,0x801178000) = 0 (0x0) 26580: SIGNAL 30 (SIGUSR1) 26580: sigreturn(0x7fffffffe390,0x10001,0x7fffffffe390,0x2800,0x2b,0x200) ERR#6 'Device not configured' 26593: write(2,"\n[dpni20-W: ",12) ERR#4 'Interrupted system call' 26581: sigreturn(0x7fffffffe520,0x10001,0x7fffffffe520,0x1,0x802c0a900,0x801178000) = 0 (0x0) 26580: SIGNAL 23 (SIGIO) 26580: ioctl(0,FIONREAD,0xffffe364) = 12 (0xc) 26593: write(2,""/tmp/vde" SIOCSIFLLADDR failed",31) ERR#4 'Interrupted system call' 26581: lseek(4,0xf8ae100,SEEK_SET) = 0 (0x0) 26580: sigreturn(0x7fffffffe390,0x4004667f,0x0,0x2800,0x2b,0x200) = 31 (0x1f) 26593: write(2," - Device not configured]\r\n",27) = 0 (0x0) 26580: SIGNAL 23 (SIGIO) 26580: ioctl(0,FIONREAD,0xffffe364) = 27 (0x1b) 26593: close(5) = 0 (0x0) 26580: sigreturn(0x7fffffffe390,0x4004667f,0x0,0x2800,0x2b,0x200) = 0 (0x0)

It seems to be trying ioctl() on a non-socket, though... klt20.truss.txt

[Rhialto]

On Sat 23 Jan 2016 at 20:10:49 -0800, Cory Smelosky wrote:

Okay, I overrode the autodetection so it found

I think you could export CFLAGS="-I /usr/local/include" before running configure. Possibly also LDFLAGS="-L /usr/local/lib".

Now:

[dpni20: Warning - cannot set high priority - Permission denied] [dpni20: ifc "/tmp/vde" => ether f2:b:a4:a4:4e:48] [dpni20: VHOST 0.0.0.0] [dpni20-W: "/tmp/vde" SIOCSIFLLADDR failed - Device not configured] [dpni20-W: "/tmp/vde" E/N addr change failed, Old=f2:b:a4:a4:4e:48 New=aa:0:4:0:2:24] [dpni20-W: "/tmp/vde" SIOCSIFLLADDR failed - Device not configured] [dpni20-W: "/tmp/vde" E/N addr change failed, Old=f2:b:a4:a4:4e:48 New=aa:0:4:0:2:24] devdef ni0 564 ni20 dedic=true ifmeth=vde ifc=/tmp/vde enaddr=aa:00:04:00:02:24

Ah yes the functions to change the ethernet address were not quite adapted yet. I was already expecting some weirdness here and there when a supposed interface name suddenly contains a pathname. Hopefully is a bit better now.

The interrupted system calls had be puzzled for a bit, but I suspect that this is part of the IPC mechanism that is used. See dpsup.c.

Edited to add: now you can use configure --with-vde=PATH to point it to the right location for include and lib dirs.

[b4]

checking libvdeplug.h usability... yes checking libvdeplug.h presence... no configure: WARNING: libvdeplug.h: accepted by the compiler, rejected by the preprocessor! configure: WARNING: libvdeplug.h: proceeding with the compiler's result checking for libvdeplug.h... yes

configure:3954: checking libvdeplug.h usability configure:3954: gcc -c -g3 -O3 -I /usr/local/include conftest.c >&5 configure:3954: $? = 0 configure:3954: result: yes configure:3954: checking libvdeplug.h presence configure:3954: gcc -E conftest.c conftest.c:41:24: error: libvdeplug.h: No such file or directory configure:3954: $? = 1 configure: failed program was: | /* confdefs.h _/ | #define PACKAGE_NAME "klh10" | #define PACKAGE_TARNAME "klh10" | #define PACKAGE_VERSION "2.0i-Rhialto" | #define PACKAGE_STRING "klh10 2.0i-Rhialto" | #define PACKAGE_BUGREPORT "https://github.com/Rhialto/klh10" | #define PACKAGE_URL "https://github.com/Rhialto/klh10" | #define HAVE_LIBPCAP 1 | #define HAVE_PCAP_SET_IMMEDIATE_MODE 1 | #define HAVE_LIBVDEPLUG 1 | #define STDC_HEADERS 1 | #define HAVE_SYS_TYPES_H 1 | #define HAVE_SYS_STAT_H 1 | #define HAVE_STDLIB_H 1 | #define HAVE_STRING_H 1 | #define HAVE_MEMORY_H 1 | #define HAVE_STRINGS_H 1 | #define HAVE_INTTYPES_H 1 | #define HAVE_STDINT_H 1 | #define HAVE_UNISTD_H 1 | #define HAVE_ARPA_INET_H 1 | #define HAVE_ERRNO_H 1 | #define HAVE_FCNTL_H 1 | #define HAVE_LIMITS_H 1 | #define HAVE_NETINET_IN_H 1 | #define HAVE_STDDEF_H 1 | #define HAVE_STDLIB_H 1 | #define HAVE_STRING_H 1 | #define HAVE_SYS_FILE_H 1 | #define HAVE_SYS_IOCTL_H 1 | #define HAVE_SYS_SOCKET_H 1 | #define HAVE_SYS_TIME_H 1 | #define HAVE_TERMIOS_H 1 | #define HAVE_UNISTD_H 1 | #define HAVE_NET_IF_TUN_H 1 | #define HAVE_NET_IF_TAP_H 1 | #define HAVE_SYS_MTIO_H 1 | #define HAVE_NET_IF_DL_H 1 | #define HAVE_NET_IF_TYPESH 1 | / end confdefs.h. */ | #include configure:3954: result: no configure:3954: WARNING: libvdeplug.h: accepted by the compiler, rejected by the preprocessor! configure:3954: WARNING: libvdeplug.h: proceeding with the compiler's result configure:3954: checking for libvdeplug.h configure:3954: result: yes configure:3966: checking for inline configure:3982: gcc -c -g3 -O3 -I /usr/local/include conftest.c >&5 configure:3982: $? = 0 configure:3990: result: inline configure:4008: checking for off_t configure:4008: gcc -c -g3 -O3 -I /usr/local/include conftest.c >&5 configure:4008: $? = 0 configure:4008: gcc -c -g3 -O3 -I /usr/local/include conftest.c >&5 conftest.c: In function 'main': conftest.c:78: error: expected expression before ')' token

The interrupted system calls could be related to use of a jail, as well.

[b4]

root@green:/home/csmelosky/vm/PDP-10/panda-dist # ./klt20 KLH10 2.0i-Rhialto (MyKL) built Jan 24 2016 12:09:19 Copyright ? 2002 Kenneth L. Harrenstien -- All Rights Reserved. This program comes "AS IS" with ABSOLUTELY NO WARRANTY.

Compiled for unknown-freebsd9.3 on x86_64 with word model USEINT Emulated config: CPU: KL10-extend SYS: T20 Pager: KL APRID: 3600 Memory: 8192 pages of 512 words (SHARED) Time interval: INTRP Base: OSGET Interval default: 60Hz Internal clock: OSINT Other: MCA25 CIRC JPC DEBUG PCCACHE CTYINT EVHINT Devices: DTE RH20 RPXX(DP) TM03(DP) NI20(DP) [MEM: Allocating 8192 pages shared memory, clearing...done]

KLH10# ; Define basic device config - one DTE, one disk, one tape KLH10# devdef dte0 200 dte master KLH10# devdef rh0 540 rh20 KLH10# devdef rh1 544 rh20 KLH10# devdef dsk0 rh0.0 rp type=rp07 format=dbd9 path=tops20-ps-1 KLH10# devdef dsk1 rh0.1 rp type=rp07 format=dbd9 path=tops20-ps-2 KLH10# devdef dsk2 rh0.2 rp type=rp07 format=dbd9 path=SRC-rp07-1 KLH10# devdef dsk3 rh0.3 rp type=rp07 format=dbd9 path=SRC-rp07-2 KLH10# devdef dsk4 rh0.4 rp type=rp07 format=dbd9 path=USERS-rp07-1 KLH10# devdef dsk5 rh0.5 rp type=rp07 format=dbd9 path=USERS-rp07-2 KLH10# devdef mta0 rh1.0 tm03 type=tu45 KLH10# KLH10# ; Set Ethernet address KLH10# ;devdef ni0 564 ni20 ipaddr=10.20.3.5 KLH10# ;devdef ni0 564 ni20 dedic=true ifc=epair4b enaddr=aa:00:04:00:02:24 KLH10# devdef ni0 564 ni20 dedic=true ifmeth=vde ifc=/tmp/vde enaddr=aa:00:04:00:02:24 KLH10# ;devdef ni0 564 ni20 dedic=true enaddr=aa:00:04:00:02:24 dpdelay=5 backlog=25 KLH10# KLH10# ; Define the idle device on 700 KLH10# devdef idler 700 host KLH10# KLH10# ; Set switch register KLH10# set sw=254200,,147 sw: 0,,0 => 254200,,147 KLH10# KLH10# set fe_runenable=on fe_runenable: Off => On KLH10# KLH10# ; Set console lights I/O base register KLH10# ;Uncomment the following line if you have a Panda display. KLH10# ;lights 378 KLH10# KLH10# ; Load disk bootstrap directly KLH10# load boot.sav Using word format "c36"... Loaded "boot.sav": Format: DEC-CSAV Data: 4630, Symwds: 0, Low: 040000, High: 054641, Startaddress: 040000 Entvec: JRST (120 ST: 0, 124 RE: 0, 137 VR: 0,,0) KLH10# KLH10# ; Ready to GO KLH10# [EOF on klt20.ini] KLH10# go Starting KN10 at loc 040000...

BOOT V11.0(315)

BOOT>

[BOOT: Loading] [OK]

[TOPS20 mounted] MINDY, PANDA TOPS-20 Monitor 7.1(21733)-4 Internet: Loading host names [OK]

System restarting, wait... Date and time is: Sunday, 24-January-2016 3:11PM Why reload? opr Run CHECKD? no DDMP: Started [KNILDR: Loading microcode version 1(172) into Ethernet channel 0]

[dpni20: Warning - cannot set high priority - Permission denied] [dpni20: ifc "/tmp/vde" => ether f2:b:a4:a5:30:6] [dpni20: VHOST 0.0.0.0] [dpni20-W: "/tmp/vde" E/N addr changed: Old=f2:b:a4:a5:30:6 New=aa:0:4:0:2:24]

SYSJOB 7A(88)-4 started at 24-Jan-2016 1511 SJ 0: @LOGIN OPERATOR SJ 0: @ENABLE SJ 0: $SYSTEM:STSJ1 24-Jan-2016 15:11:54 SYSJB1: SYSJB1 started. SJ 0: $^ESET LOGIN ANY SJ 0: $OPR

[NCP]: Waiting for ORION to start 24-Jan-2016 15:11:55 SYSJB1: Job 0: 24-Jan-2016 15:11:55 SYSJB1: Job 0: MINDY, PANDA TOPS-20 Monitor 7.1(21733)-4 24-Jan-2016 15:11:55 SYSJB1: Job 1: 24-Jan-2016 15:11:55 SYSJB1: Job 1: MINDY, PANDA TOPS-20 Monitor 7.1(21733)-4 24-Jan-2016 15:11:55 SYSJB1: Job 2: 24-Jan-2016 15:11:55 SYSJB1: Job 2: MINDY, PANDA TOPS-20 Monitor 7.1(21733)-4 24-Jan-2016 15:11:55 SYSJB1: Job 3: 24-Jan-2016 15:11:55 SYSJB1: Job 3: MINDY, PANDA TOPS-20 Monitor 7.1(21733)-4 24-Jan-2016 15:11:55 SYSJB1: Job 4: 24-Jan-2016 15:11:55 SYSJB1: Job 4: MINDY, PANDA TOPS-20 Monitor 7.1(21733)-4 24-Jan-2016 15:11:55 SYSJB1: Job 5: 24-Jan-2016 15:11:55 SYSJB1: Job 5: MINDY, PANDA TOPS-20 Monitor 7.1(21733)-4 24-Jan-2016 15:11:55 SYSJB1: Job 0: @LOGIN OPERATOR 24-Jan-2016 15:11:55 SYSJB1: Job 0: @ENABLE 24-Jan-2016 15:11:55 SYSJB1: Job 1: @LOGIN OPERATOR 24-Jan-2016 15:11:55 SYSJB1: Job 2: @LOGIN OPERATOR 24-Jan-2016 15:11:55 SYSJB1: Job 3: @LOGIN OPERATOR 24-Jan-2016 15:11:55 SYSJB1: Job 4: @LOGIN OPERATOR 24-Jan-2016 15:11:55 SYSJB1: Job 4: @ENABLE 24-Jan-2016 15:11:55 SYSJB1: Job 5: @LOGIN OPERATOR 24-Jan-2016 15:11:55 SYSJB1: Job 0: $RESOLV 24-Jan-2016 15:11:55 SYSJB1: Job 1: @ENABLE 24-Jan-2016 15:11:55 SYSJB1: Job 2: @ENABLE 24-Jan-2016 15:11:55 SYSJB1: Job 2: $SMTJFN 24-Jan-2016 15:11:55 SYSJB1: Job 3: @ENABLE 24-Jan-2016 15:11:55 SYSJB1: Job 4: $IMAPSV 24-Jan-2016 15:11:55 SYSJB1: Job 5: @ENABLE 24-Jan-2016 15:11:55 SYSJB1: Job 1: $NETSRV 24-Jan-2016 15:11:55 SYSJB1: Job 3: $MMAILR 24-Jan-2016 15:11:55 SYSJB1: Job 5: $FTS 24-Jan-2016 15:11:56 SYSJB1: Job 5: FTS>TAKE FTS.CMD 24-Jan-2016 15:11:56 SYSJB1: Job 5: [FTS20: FTS event 38: spooler started]

% [Logger 24-Jan-2016 15:11:57 ]: Started at 24-Jan-2016 15:11:55 SJ 0: SJ 0: 15:11:56 -- Too many operator LOG files -- SJ 0: Current LOG file will be appended SJ 0: OPR>TAKE SYSTEM:SYSTEM.CMD SJ 0: SJ 0: 15:11:58 --ORION logging disabled by job 1 OPERATOR at terminal 13-- SJ 0: SJ 0: 15:11:58 --Output display for OPR modified-- SJ 0: SJ 0: 15:11:58 --Output display for OPR modified-- SJ 0: SJ 0: 15:11:58 --Output display for OPR modified-- SJ 0: SJ 0: 15:11:58 --Output display for OPR modified-- SJ 0: SJ 0: 15:11:58 Batch-Stream 0 -- Set Accepted -- SJ 0: SJ 0: 15:11:58 Batch-Stream 1 -- Set Accepted -- SJ 0: SJ 0: 15:11:58 Batch-Stream 2 -- Set Accepted -- SJ 0: SJ 0: 15:11:58 Batch-Stream 3 -- Set Accepted -- SJ 0: SJ 0: 15:11:58 Batch-Stream 0 -- Set Accepted -- SJ 0: SJ 0: 15:11:58 Batch-Stream 1 -- Set Accepted -- SJ 0: SJ 0: 15:11:58 Batch-Stream 2 -- Set Accepted -- SJ 0: SJ 0: 15:11:58 Batch-Stream 3 -- Set Accepted -- SJ 0: SJ 0: 15:11:58 Batch-Stream 0 -- Startup Scheduled -- SJ 0: SJ 0: 15:11:58 Batch-Stream 1 -- Startup Scheduled -- SJ 0: SJ 0: 15:11:58 Batch-Stream 2 -- Startup Scheduled -- SJ 0: SJ 0: 15:11:58 Batch-Stream 3 -- Startup Scheduled -- 24-Jan-2016 15:11:54 Internet: Network 10.0.0.0 on, Output on

15:12:03 From operator terminal 13 on node MINDY:: =>System in operation SJ 0: SJ 0: 15:12:03 [LCP] -- Start Accepted --

SJ 0: SJ 0: SJ 0: 15:12:03 --SEND command completed-- SJ 0: SJ 0: 15:12:03 NCP SJ 0: SJ 0: Request # 1; Set Circuit Completed SJ 0: SJ 0: 15:12:03 NCP SJ 0: SJ 0: Request # 2; Set Circuit Completed SJ 0: OPR> SJ 0: 15:12:03 -- Structure Status Change Detected -- SJ 0: Previously mounted structure TOPS20: detected SJ 0: SJ 0: 15:12:03 -- Structure Status Change Detected -- SJ 0: Structure state for structure TOPS20 is incorrect SJ 0: EXCLUSIVE/SHARED attribute set incorrectly SJ 0: Status of structure TOPS20: is set: SJ 0: Domestic, Unregulated, Shared, Available, Dumpable SJ 0: SJ 0: OPR> SJ 0: 15:12:03 -- Structure Mounted -- SJ 0: Structure SRC mounted SJ 0: OPR> SJ 0: 15:12:03 -- Structure Mounted -- SJ 0: Structure USERS mounted

Trying 10.12.3.5... Connected to 10.12.3.5. Escape character is '^]'.

MINDY, PANDA TOPS-20 Monitor 7.1(21733)-4

This system is for the use of authorized users only. Usage of this system may be monitored and recorded by system personnel.

Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of criminal activity, system personnel may provide the evidence from such monitoring to law enforcement officials.

@

? (10.12.3.5) at aa:0:4:0:2:24 on en0 ifscope [ethernet]

Onwards to test DECnet.

[b4]

DECnet confirmed to be sending packets on the wire:

12:21:02.212008 aa:00:04:00:0a:24 (oui Unknown) > 09:00:2b:00:00:0f (oui Unknown), ethertype LAT (0x6004), length 123: 0x0000: 2808 0505 0501 9300 ee05 1e00 2001 0000 (............... 0x0010: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0020: 0000 0000 0000 0000 0000 0000 0006 4d41 ..............MA 0x0030: 524c 4559 164d 4152 4c45 5920 544f 5053 RLEY.MARLEY.TOPS 0x0040: 2d31 3020 4d4f 4e49 544f 5201 0106 4d41 -10.MONITOR...MA 0x0050: 524c 4559 164d 4152 4c45 5920 544f 5053 RLEY.MARLEY.TOPS 0x0060: 2d31 3020 4d4f 4e49 544f 5201 01 -10.MONITOR..

$sethost Escape character(^Y): Host name: marley

? JSYS ERROR: Node name not assigned to a network node

Host name: Host name: Host name: ^C $r \r\ $opr OPR>ent ncp NCP>set nod 9.10 nam marley NCP> 15:23:00 NCP

Request # 3; Set Node Completed NCP>exit $sethost marley

[Type ^Y to return to node MINDY]

MARLEY TOPS-10 MONITOR 12:21:59 TTY4 system 3600 Connected to Node 9.2 Please LOGIN

.

[Rhialto]

Looks good! To be honest, I've never tried DECnet with anything so far so I'm happy that it seems to work :-) I have a suspicion for the warnings about the preprocessor: the makefile system doesn't use CPPFLAGS for the -I... options, it is merged in the CFLAGS. I think configure assumes the separation. I haven't overhauled the makefiles to split this up.

[b4]

When dpni20 is setuid root and everything else is run as an unprivileged user, the VDE addr change will silently fail and networking will not come up

Do you want the syscall tracing run again or do you have an idea?

[Rhialto]

That used to work when I tried it a long time ago with the then-existing networking methods (but I admit it is usually easer to test everything by running it with sudo, so that's what I've done). And with VDE the address and therefore the address change is purely fictional, so there is even less reason for it to fail, really. Yes, I'd like to see a trace for that.

[b4]

64907: connect(4,{ AF_UNIX "/tmp/vde/002.8" },106) = 0 (0x0) 64907: chmod("/tmp/vde/002.8",00) = 0 (0x0) 64907: write(2,"[dpni20: ",9) ERR#4 'Interrupted system call' 64879: nanosleep({4.998999572 }) = 9 (0x9) 64907: write(2,"ifc "/tmp/vde" => ether f2:b:a4:"...,40) ERR#4 'Interrupted system call' 64879: SIGNAL 23 (SIGIO) 64879: ioctl(0,FIONREAD,0xffffe3e4) = 40 (0x28) 64907: write(2,"]\r\n",3) = 0 (0x0) 64879: sigreturn(0x7fffffffe410,0x4004667f,0x0,0x0,0x411a,0x7fffffffe549) = 3 (0x3) 64907: write(2,"[dpni20: ",9) ERR#4 'Interrupted system call' 64879: SIGNAL 23 (SIGIO) 64879: ioctl(0,FIONREAD,0xffffe3e4) = 9 (0x9) 64907: write(2," VHOST 0.0.0.0",15) = 0 (0x0) 64879: sigreturn(0x7fffffffe410,0x4004667f,0x0,0x0,0x411a,0x7fffffffe549) = 15 (0xf) 64907: write(2,"]\r\n",3) ERR#4 'Interrupted system call' 64879: SIGNAL 23 (SIGIO) 64879: ioctl(0,FIONREAD,0xffffe3e4) = 0 (0x0) 64879: sigreturn(0x7fffffffe410,0x4004667f,0x0,0x0,0x411a,0x7fffffffe549) = 3 (0x3) 64907: fork() ERR#4 'Interrupted system call' 64879: SIGNAL 23 (SIGIO) 64879: ioctl(0,FIONREAD,0xffffe3e4) = 0 (0x0) 64879: SIGNAL 30 (SIGUSR1) 64879: sigreturn(0x7fffffffdf80,0x10001,0x7fffffffdf80,0x0,0x411a,0x7fffffffe549) = 0 (0x0) 64879: sigreturn(0x7fffffffe410,0x4004667f,0x0,0x0,0x411a,0x7fffffffe549) ERR#4 'Interrupted system call' 64879: SIGNAL 23 (SIGIO) 64879: ioctl(0,FIONREAD,0xffffe3e4) = 0 (0x0) 64879: sigreturn(0x7fffffffe410,0x4004667f,0x0,0x0,0x411a,0x7fffffffe549) ERR#4 'Interrupted system call' 64879: SIGNAL 23 (SIGIO) 64879: ioctl(0,FIONREAD,0xffffe3e4) = 0 (0x0) 64879: sigreturn(0x7fffffffe410,0x4004667f,0x0,0x0,0x411a,0x7fffffffe549) ERR#4 'Interrupted system call' 64879: nanosleep({4.990001178 }) = 0 (0x0) 64879: kill(64909,SIGURG) ERR#1 'Operation not permitted' 64879: kill(64907,SIGURG) ERR#1 'Operation not permitted' 64879: kill(64880,SIGURG) = 0 (0x0) 64879: SIGNAL 30 (SIGUSR1) 64879: sigreturn(0x7fffffffe490,0x10001,0x7fffffffe490,0xfffffffff,0x40000,0x1) = 16774 (0x4186) 64879: kill(64880,SIGURG) = 0 (0x0) 64879: SIGNAL 30 (SIGUSR1) 64879: sigreturn(0x7fffffffe480,0x10001,0x7fffffffe480,0xfffffffff,0x0,0x0) = 6738272 (0x66d160) 64879: kill(64880,SIGURG) = 0 (0x0) 64879: SIGNAL 30 (SIGUSR1) 64879: sigreturn(0x7fffffffe3c0,0x10001,0x7fffffffe3c0,0x23,0x2b,0x200) = 0 (0x0) 64879: kill(64880,SIGURG) = 0 (0x0) 64879: SIGNAL 30 (SIGUSR1)

The kill() is interesting

[b4]

I'm not even seeing any MAC change calls, even though they're effectively NOP ;)

[Rhialto]

On Sun 24 Jan 2016 at 13:26:05 -0800, Cory Smelosky wrote:

64879: kill(64909,SIGURG) ERR#1 'Operation not permitted' 64879: kill(64907,SIGURG) ERR#1 'Operation not permitted' ... The kill() is interesting

The main process runs dpni20 which forks into dpni20-R and dpni20-W. It send messages (most of them with an ethernet packet to send) to -W and receives messages (most of them with received packets) from -R. When a message is to be sent, the sender signals the receiver. When the receiver is done with it, it signals back.

It may well be that with today's stricter permission checks, it is no longer allowed to signal a setuid process, even if it is your own child. In that case, 64879 would be the main process, and 64909 and 64907 the -R and -W processes.

I wonder if there is something that can be done about that... it would be a pity if the whole thing really needs to run as root.

Ah yes, I read in FreeBSD's kill(2):

 [...]  In
 addition, if the security.bsd.conservative_signals sysctl is set to 1,
 the user is not a super-user, and the receiver is set-uid, then only job
 control and terminal control signals may be sent (in particular, only
 SIGKILL, SIGINT, SIGTERM, SIGALRM, SIGSTOP, SIGTTIN, SIGTTOU, SIGTSTP,
 SIGHUP, SIGUSR1, SIGUSR2).

and that sysctl seems to be 1 by default, and the failing signal was SIGURG. Hmmm.

Furthermore, the exact required conditions to allow sending a signal seem to differ between NetBSD and FreeBSD. Here is FreeBSD from kill(2) again:

 For a process to have permission to send a signal to a process designated
 by pid, the user must be the super-user, or the real or saved user ID of
 the receiving process must match the real or effective user ID of the
 sending process.

but NetBSD:

 For a process to have permission to send a signal to a process designated
 by pid, the real or effective user ID of the receiving process must match
 that of the sending process or the user must have appropriate privileges
 (such as given by a set-user-ID program or the user is the super-user).

and [EPERM] The sending process is not the super-user and its effective user id does not match the effective user-id of the receiving process.

which does not seem to match the other paragraph. Maybe it actually does the same as FreeBSD but is just badly worded.

-Olaf.

___ Olaf 'Rhialto' Seibert -- The Doctor: No, 'eureka' is Greek for \X/ rhialto/at/xs4all.nl -- 'this bath is too hot.'

[b4]

Starting to think this is a misdirect - why would not receiving SIGURG cause the mac change to fail?

On a related note, I believe ITS works with the VDE patches, too.

[Rhialto]

I would expect to see some process hanging indefinitely if the message signal is not received. Although I got the impression somewhere in the comments that the signal isn't strictly needed but an optimization. So the message passing may use more cpu. If the messages are not received by the (setuid!) dpni20-W process, then it will never even attempt the mac change. It would also not send out any packets. If observations contradict this, the problem must be something else. If not, is SIGUSR2 in use? It might be usable instead. Or change the sysctl mentioned some message up, to see if that makes it work.

[b4]

I am unsure if changing the syscall would have an effect due to running jailed.

[Rhialto]

I was just thinking... do you actually need root to access the VDE switch? I thought the point was that you wouldn't. So if you take away the setuid bit and run the whole thing as a plain user, that should take away the problem with the kill(2). At least in your configuration.

[b4]

Correct - root isn't necessary for VDE.

It is, however, necessary for dpni20.

[dpni20: Warning - cannot set high priority - Permission denied]

[dpni20: Fatal error: Must be superuser!]

[Rhialto]

On Sun 24 Jan 2016 at 17:03:38 -0800, Cory Smelosky wrote:

[dpni20: Fatal error: Must be superuser!]

You could try taking that check out... the message about priority is harmless in any case.

[b4]

I bypassed the check and it works as intended.

[Rhialto]

I've made the check for root into a warning. It is done so early that we can't be sure yet if root is really needed.

I've also mentioned the signal vs. setuid issue in install.txt.

[b4]

Working much better now!

-DKLH10_VDE=1 is still not making it in to any generated Makefiles, though

[Rhialto]

-DKLH10_VDE=1 should not be necessary; it is derived in osdnet.c from HAVE_LIBVDEPLUG_H && HAVE_LIBVDEPLUG. You might need to pass configure --with-vde=/usr/local though for the script to find those though.

[b4]

I had been doing that - it still required it

On Fri, Feb 12, 2016 at 11:42 AM, Rhialto The M. notifications@github.com wrote:

(I had some internet connection troubles for a week which distracted me "a bit"...)

-DKLH10_VDE=1 should not be necessary; it is derived in osdnet.c from HAVE_LIBVDEPLUG_H && HAVE_LIBVDEPLUG. You might need to pass configure --with-vde=/usr/local though for the script to find those though.

— Reply to this email directly or view it on GitHub https://github.com/Rhialto/klh10/issues/2#issuecomment-183462220.

[Rhialto]

I installed a virtual FreeBSD 10.2:

$ uname -a FreeBSD fbsd 10.2-RELEASE FreeBSD 10.2-RELEASE #0 r286666: Wed Aug 12 15:26:37 UTC 2015 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64

Configured like this:

$ ../configure --with-vde=/usr/local # this is in a tmp directory

or ../autogen.sh --with-vde=/usr/local

... checking for vde_send in -lvdeplug... yes ... checking libvdeplug.h usability... yes checking libvdeplug.h presence... yes checking for libvdeplug.h... yes ... $ make ... $ bld-kl/dpni20 -debug [dpni20: Starting] [dpni20: Supported ifmeth= pcap tap tap+bridge vde] ... $ bld-ks-its/dpimp -debug [dpimp: Starting] [dpimp: Supported ifmeth= pcap tun tap tap+bridge vde] ...

If it doesn't work like that for you, maybe there is a difference in FreeBSD version or something like that?

[b4]

I'm running 9.3.

Sent from my iPhone

On Feb 17, 2016, at 14:34, Rhialto The M. notifications@github.com wrote:

I installed a virtual FreeBSD 10.2:

$ uname -a FreeBSD fbsd 10.2-RELEASE FreeBSD 10.2-RELEASE #0 r286666: Wed Aug 12 15:26:37 UTC 2015 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64

Configured like this:

$ ../configure --with-vde=/usr/local # this is in a tmp directory

or ../autogen.sh --with-vde=/usr/local

... checking for vde_send in -lvdeplug... yes ... checking libvdeplug.h usability... yes checking libvdeplug.h presence... yes checking for libvdeplug.h... yes ... $ make ... $ bld-kl/dpni20 -debug [dpni20: Starting] [dpni20: Supported ifmeth= pcap tap tap+bridge vde] ... $ bld-ks-its/dpimp -debug [dpimp: Starting] [dpimp: Supported ifmeth= pcap tun tap tap+bridge vde] ...

If it doesn't work like that for you, maybe there is a difference in FreeBSD version or something like that?

— Reply to this email directly or view it on GitHub.

[Rhialto]

It would help if you could identify in which step it starts to differ for you. Installing yet another FreeBSD VM seems overkill...

[Rhialto]

Closing as "works for me".