Open hannesm opened 3 years ago
This is the ASN.1 grammar of the albatross 1.0.0 release.
The grammar used in client certificates (with a custom OID as key -- namely 1.3.6.1.4.1.49836.42) is (version is 4):
CertExtension DEFINITIONS ::= BEGIN CertExtension ::= SEQUENCE { version INTEGER, command CHOICE { console [0] CHOICE { add [0] NULL, subscribe [1] CHOICE { since [0] UTCTime, count [1] INTEGER } }, statistics [1] CHOICE { add [0] SEQUENCE { vmmdev UTF8String, pid INTEGER, network SEQUENCE OF SEQUENCE { bridge UTF8String, tap UTF8String } }, remove [1] NULL, subscribe [2] NULL }, log [2] CHOICE { subscribe-since [0] UTCTime, subscribe-count [1] INTEGER }, unikernel [3] CHOICE { info [0] NULL, create-OLD [1] SEQUENCE { typ CHOICE { solo5 [0] NULL, placeholder [1] NULL }, compressed BOOLEAN, image OCTET STRING, fail-behaviour CHOICE { quit [0] NULL, restart-exit-codes [1] SET OF INTEGER }, cpuid INTEGER, memory INTEGER, blocks [0] SET OF UTF8String OPTIONAL, bridges [1] SET OF UTF8String OPTIONAL, arguments [2] SEQUENCE OF UTF8String OPTIONAL }, force-create-OLD [2] SEQUENCE { typ CHOICE { solo5 [0] NULL, placeholder [1] NULL }, compressed BOOLEAN, image OCTET STRING, fail-behaviour CHOICE { quit [0] NULL, restart-exit-codes [1] SET OF INTEGER }, cpuid INTEGER, memory INTEGER, blocks [0] SET OF UTF8String OPTIONAL, bridges [1] SET OF UTF8String OPTIONAL, arguments [2] SEQUENCE OF UTF8String OPTIONAL }, destroy [3] NULL, create [4] SEQUENCE { typ CHOICE { solo5 [0] NULL, placeholder [1] NULL }, compressed BOOLEAN, image OCTET STRING, fail-behaviour CHOICE { quit [0] NULL, restart-exit-codes [1] SET OF INTEGER }, cpuid INTEGER, memory INTEGER, blocks [0] SET OF UTF8String OPTIONAL, bridges [1] SEQUENCE OF SEQUENCE { netif UTF8String, bridge UTF8String OPTIONAL } OPTIONAL, arguments [2] SEQUENCE OF UTF8String OPTIONAL }, force-create [5] SEQUENCE { typ CHOICE { solo5 [0] NULL, placeholder [1] NULL }, compressed BOOLEAN, image OCTET STRING, fail-behaviour CHOICE { quit [0] NULL, restart-exit-codes [1] SET OF INTEGER }, cpuid INTEGER, memory INTEGER, blocks [0] SET OF UTF8String OPTIONAL, bridges [1] SEQUENCE OF SEQUENCE { netif UTF8String, bridge UTF8String OPTIONAL } OPTIONAL, arguments [2] SEQUENCE OF UTF8String OPTIONAL }, get [6] NULL, placeholder [7] NULL }, policy [4] CHOICE { info [0] NULL, add [1] SEQUENCE { cpuids SEQUENCE OF INTEGER, vms INTEGER, memory INTEGER, block INTEGER OPTIONAL, bridges SEQUENCE OF UTF8String }, remove [2] NULL }, block [5] CHOICE { info [0] NULL, add [1] INTEGER, remove [2] NULL } } } END
The log data on disk:
LogEntry DEFINITIONS ::= BEGIN LogEntry ::= SEQUENCE { version INTEGER, entry SEQUENCE { timestamp UTCTime, event CHOICE { startup [0] NULL, login [1] SEQUENCE { name SEQUENCE OF UTF8String, ip OCTET STRING, port INTEGER }, logout [2] SEQUENCE { name SEQUENCE OF UTF8String, ip OCTET STRING, port INTEGER }, unikernel-start-OLD [3] SEQUENCE { name SEQUENCE OF UTF8String, pid INTEGER, taps SEQUENCE OF UTF8String, block UTF8String OPTIONAL }, unikernel-stop [4] SEQUENCE { name SEQUENCE OF UTF8String, pid INTEGER, status CHOICE { exit-code [0] INTEGER, signal [1] INTEGER, stopped [2] INTEGER } }, hup [5] NULL, unikernel-start [6] SEQUENCE { name SEQUENCE OF UTF8String, pid INTEGER, taps SEQUENCE OF SEQUENCE { bridge UTF8String, tap UTF8String }, blocks SEQUENCE OF SEQUENCE { name UTF8String, device UTF8String } }, placeholder [7] NULL } } } END
The state file on disk:
State DEFINITIONS ::= BEGIN State ::= CHOICE { unikernel-OLD1 [0] SEQUENCE OF SEQUENCE { name UTF8String, value SEQUENCE { typ CHOICE { solo5 [0] NULL, placeholder [1] NULL }, compressed BOOLEAN, image OCTET STRING, fail-behaviour CHOICE { quit [0] NULL, restart-exit-codes [1] SET OF INTEGER }, cpuid INTEGER, memory INTEGER, blocks [0] SET OF UTF8String OPTIONAL, bridges [1] SET OF UTF8String OPTIONAL, arguments [2] SEQUENCE OF UTF8String OPTIONAL } }, unikernel-OLD0 [1] SEQUENCE OF SEQUENCE { name UTF8String, value SEQUENCE { cpu INTEGER, memory INTEGER, block UTF8String OPTIONAL, network-interfaces SEQUENCE OF UTF8String OPTIONAL, image CHOICE { hvt-amd64 [0] OCTET STRING, hvt-arm64 [1] OCTET STRING, hvt-amd64-compressed [2] OCTET STRING }, arguments SEQUENCE OF UTF8String OPTIONAL } }, unikernel [2] SEQUENCE OF SEQUENCE { name UTF8String, value SEQUENCE { typ CHOICE { solo5 [0] NULL, placeholder [1] NULL }, compressed BOOLEAN, image OCTET STRING, fail-behaviour CHOICE { quit [0] NULL, restart-exit-codes [1] SET OF INTEGER }, cpuid INTEGER, memory INTEGER, blocks [0] SET OF UTF8String OPTIONAL, bridges [1] SEQUENCE OF SEQUENCE { netif UTF8String, bridge UTF8String OPTIONAL } OPTIONAL, arguments [2] SEQUENCE OF UTF8String OPTIONAL } } } END
And finally the grammar what answer(s) to expect on the TLS connection (same is the communication between the daemons):
Wire DEFINITIONS ::= BEGIN Wire ::= SEQUENCE { header SEQUENCE { version INTEGER, sequence OCTET STRING, name SEQUENCE OF UTF8String }, payload CHOICE { command [0] CHOICE { console [0] CHOICE { add [0] NULL, subscribe [1] CHOICE { since [0] UTCTime, count [1] INTEGER } }, statistics [1] CHOICE { add [0] SEQUENCE { vmmdev UTF8String, pid INTEGER, network SEQUENCE OF SEQUENCE { bridge UTF8String, tap UTF8String } }, remove [1] NULL, subscribe [2] NULL }, log [2] CHOICE { subscribe-since [0] UTCTime, subscribe-count [1] INTEGER }, unikernel [3] CHOICE { info [0] NULL, create-OLD [1] SEQUENCE { typ CHOICE { solo5 [0] NULL, placeholder [1] NULL }, compressed BOOLEAN, image OCTET STRING, fail-behaviour CHOICE { quit [0] NULL, restart-exit-codes [1] SET OF INTEGER }, cpuid INTEGER, memory INTEGER, blocks [0] SET OF UTF8String OPTIONAL, bridges [1] SET OF UTF8String OPTIONAL, arguments [2] SEQUENCE OF UTF8String OPTIONAL }, force-create-OLD [2] SEQUENCE { typ CHOICE { solo5 [0] NULL, placeholder [1] NULL }, compressed BOOLEAN, image OCTET STRING, fail-behaviour CHOICE { quit [0] NULL, restart-exit-codes [1] SET OF INTEGER }, cpuid INTEGER, memory INTEGER, blocks [0] SET OF UTF8String OPTIONAL, bridges [1] SET OF UTF8String OPTIONAL, arguments [2] SEQUENCE OF UTF8String OPTIONAL }, destroy [3] NULL, create [4] SEQUENCE { typ CHOICE { solo5 [0] NULL, placeholder [1] NULL }, compressed BOOLEAN, image OCTET STRING, fail-behaviour CHOICE { quit [0] NULL, restart-exit-codes [1] SET OF INTEGER }, cpuid INTEGER, memory INTEGER, blocks [0] SET OF UTF8String OPTIONAL, bridges [1] SEQUENCE OF SEQUENCE { netif UTF8String, bridge UTF8String OPTIONAL } OPTIONAL, arguments [2] SEQUENCE OF UTF8String OPTIONAL }, force-create [5] SEQUENCE { typ CHOICE { solo5 [0] NULL, placeholder [1] NULL }, compressed BOOLEAN, image OCTET STRING, fail-behaviour CHOICE { quit [0] NULL, restart-exit-codes [1] SET OF INTEGER }, cpuid INTEGER, memory INTEGER, blocks [0] SET OF UTF8String OPTIONAL, bridges [1] SEQUENCE OF SEQUENCE { netif UTF8String, bridge UTF8String OPTIONAL } OPTIONAL, arguments [2] SEQUENCE OF UTF8String OPTIONAL }, get [6] NULL, placeholder [7] NULL }, policy [4] CHOICE { info [0] NULL, add [1] SEQUENCE { cpuids SEQUENCE OF INTEGER, vms INTEGER, memory INTEGER, block INTEGER OPTIONAL, bridges SEQUENCE OF UTF8String }, remove [2] NULL }, block [5] CHOICE { info [0] NULL, add [1] INTEGER, remove [2] NULL } }, reply [1] CHOICE { empty [0] NULL, string [1] UTF8String, policies [2] SEQUENCE OF SEQUENCE { name SEQUENCE OF UTF8String, policy SEQUENCE { cpuids SEQUENCE OF INTEGER, vms INTEGER, memory INTEGER, block INTEGER OPTIONAL, bridges SEQUENCE OF UTF8String } }, unikernels [3] SEQUENCE OF SEQUENCE { name SEQUENCE OF UTF8String, config SEQUENCE { typ CHOICE { solo5 [0] NULL, placeholder [1] NULL }, compressed BOOLEAN, image OCTET STRING, fail-behaviour CHOICE { quit [0] NULL, restart-exit-codes [1] SET OF INTEGER }, cpuid INTEGER, memory INTEGER, blocks [0] SET OF UTF8String OPTIONAL, bridges [1] SEQUENCE OF SEQUENCE { netif UTF8String, bridge UTF8String OPTIONAL } OPTIONAL, arguments [2] SEQUENCE OF UTF8String OPTIONAL } }, block-devices [4] SEQUENCE OF SEQUENCE { name SEQUENCE OF UTF8String, size INTEGER, active BOOLEAN } }, failure [2] UTF8String, data [3] CHOICE { console [0] SEQUENCE { timestamp UTCTime, data UTF8String }, statistics [1] SEQUENCE { resource-usage SEQUENCE { utime SEQUENCE { seconds OCTET STRING, microseconds INTEGER }, stime SEQUENCE { seconds OCTET STRING, microseconds INTEGER }, maxrss OCTET STRING, ixrss OCTET STRING, idrss OCTET STRING, isrss OCTET STRING, minflt OCTET STRING, majflt OCTET STRING, nswap OCTET STRING, inblock OCTET STRING, outblock OCTET STRING, msgsnd OCTET STRING, msgrcv OCTET STRING, nsignals OCTET STRING, nvcsw OCTET STRING, nivcsw OCTET STRING }, ifdata SEQUENCE OF SEQUENCE { bridge UTF8String, flags INTEGER, send-length INTEGER, max-send-length INTEGER, send-drops INTEGER, mtu INTEGER, baudrate OCTET STRING, input-packets OCTET STRING, input-errors OCTET STRING, output-packets OCTET STRING, output-errors OCTET STRING, collisions OCTET STRING, input-bytes OCTET STRING, output-bytes OCTET STRING, input-mcast OCTET STRING, output-mcast OCTET STRING, input-dropped OCTET STRING, output-dropped OCTET STRING }, vmm-stats [0] SEQUENCE OF SEQUENCE { key UTF8String, value OCTET STRING } OPTIONAL, kinfo-mem [1] IMPLICIT SEQUENCE { bsize OCTET STRING, rss OCTET STRING, tsize OCTET STRING, dsize OCTET STRING, ssize OCTET STRING, runtime OCTET STRING, cow INTEGER, start SEQUENCE { seconds OCTET STRING, microseconds INTEGER } } OPTIONAL }, log [2] SEQUENCE { timestamp UTCTime, event CHOICE { startup [0] NULL, login [1] SEQUENCE { name SEQUENCE OF UTF8String, ip OCTET STRING, port INTEGER }, logout [2] SEQUENCE { name SEQUENCE OF UTF8String, ip OCTET STRING, port INTEGER }, unikernel-start-OLD [3] SEQUENCE { name SEQUENCE OF UTF8String, pid INTEGER, taps SEQUENCE OF UTF8String, block UTF8String OPTIONAL }, unikernel-stop [4] SEQUENCE { name SEQUENCE OF UTF8String, pid INTEGER, status CHOICE { exit-code [0] INTEGER, signal [1] INTEGER, stopped [2] INTEGER } }, hup [5] NULL, unikernel-start [6] SEQUENCE { name SEQUENCE OF UTF8String, pid INTEGER, taps SEQUENCE OF SEQUENCE { bridge UTF8String, tap UTF8String }, blocks SEQUENCE OF SEQUENCE { name UTF8String, device UTF8String } }, placeholder [7] NULL } } } } } END
This is the ASN.1 grammar of the albatross 1.0.0 release.
The grammar used in client certificates (with a custom OID as key -- namely 1.3.6.1.4.1.49836.42) is (version is 4):
The log data on disk:
The state file on disk:
And finally the grammar what answer(s) to expect on the TLS connection (same is the communication between the daemons):