mirror
/
devilutionX-ZeroTierOne
mirror of https://github.com/diasurgical/ZeroTierOne.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1937 Commits
2 Branches
0 Tags
159 MiB
 
 
 
 
 
 
Tree: 721d58b464
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '721d58b464'
${ noResults }
devilutionX-ZeroTierOne/netcon
Joseph Henry 721d58b464
Added support for Redis 		11 years ago
..
Common.c Added support for Redis 11 years ago
Common.h Normalized cases 11 years ago
Intercept.c Added support for Redis 11 years ago
Intercept.h Added support for Redis 11 years ago
LWIPStack.hpp Fixed recursive lock problem in closeConnection 11 years ago
NetconEthernetTap.cpp Added support for Redis 11 years ago
NetconEthernetTap.hpp Bug fix: Connection fd lookup in service 11 years ago
NetconService.hpp Improved RPC connection closure logic 11 years ago
NetconUtilities.cpp Added support for Redis 11 years ago
NetconUtilities.hpp more commenting and cleaning 11 years ago
README.md Added support for Redis 11 years ago
Sendfd.c Normalized cases 11 years ago
Sendfd.h Normalized cases 11 years ago
intercept Added intercept build file and sources 11 years ago
libintercept.so.1.0 Added support for Redis 11 years ago
make-intercept.mk Added support for Redis 11 years ago
make-liblwip.mk Added liblwip.so and libintercept build files 11 years ago

README.md

Network Containers have been tested with the following:

sshd [ WORKS as of 20151022] Long ~15-20s delay for client during connect ssh [ WORKS as of 20151022] sftp [ WORKS as of 20151022] curl [ WORKS as of 20151021] Sometimes "tcp_input: pcb->next != pcb (before cache)" is seen apache (debug mode) [ WORKS as of 20150810] apache (prefork MPM) [ WORKS as of 20151021] nginx [ WORKS as of 20151022] nodejs [ WORKS as of 20151021] java [ WORKS as of 20151010] tomcat [ WORKS as of 2015xxxx] thttpd [ WORKS as of 2015xxxx] vsftpd [BROKEN as of 20151021] Server sends 500 when 220 is expected mysql [BROKEN as of 20151021] postresql [BROKEN as of 20151021] MongoDB [BROKEN as of 20151021] Redis-server [ WORKS as of 20151027] pure-ftpd [BROKEN as of 20151021] Socket operation on non-socket

To Test:

GET many different files via HTTP (web stress)
LARGE continuous transfer (e.g. /dev/urandom all night)
Open and close many TCP connections constantly
Simulate packet loss (can be done with iptables)
Many parallel TCP transfers
Multithreaded software (e.g. apache in thread mode)

20151027 Added Redis-server support Notes:

  • Added extra logic to detect socket re-issuing and consequent service-side double mapping. Redis appears to try to set its initial listen socket to IPV6 only, this currently fails. As a result, Redis will close the socket and re-open it. The server will now test for closures during mapping and will eliminate any mappings to broken pipes.

20151021 Added Node.js support Notes:

  • syscall(long number, ...) is now intercepted and re-directs the __NR_accept4 call to our intercepted accept4() function
  • accept() now returns -EAGAIN in the case that we cannot read a signal byte from the descriptor linked to the service. This is because the uv__server_io() function in libuv used by Node.js looks for this return value upon failure, without it we were observing an innfinite loop in the I/O polling code in libuv.
  • accept4() now correctly sets given flags for descriptor returned by accept()
  • setsockopt() was modified to return success on any call with the following conditions: level == IPPROTO_TCP || (level == SOL_SOCKET && option_name == SO_KEEPALIVE) This might be unnecessary or might need a better workaround
  • Careful attention should be given to how arguments are passed in the intercepted syscall() function, this differs for 32/64-bit systems