Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Each incoming request contains up to max_batch_up bytes of payload.
It's a multipart/form-data.
Each incoming request contains up to max_batch_up bytes of payload.
It's a multipart/form-data.
-Authentication: for now, plaintext password
+Authentication: for now, plaintext secret
Routing assistance: none in hippotat; can be requested on client
from userv-ipif via `vroutes' parameter. Use with secnet polypath
Routing assistance: none in hippotat; can be requested on client
from userv-ipif via `vroutes' parameter. Use with secnet polypath
Used by server to select the appropriate parts of the
rest of the configuration. Ignored by the client.
Used by server to select the appropriate parts of the
rest of the configuration. Ignored by the client.
Looked up in the usual way, but used by client and server to
determine which possible peerings to try to set up, and which to
ignore.
Looked up in the usual way, but used by client and server to
determine which possible peerings to try to set up, and which to
ignore.
(LIMIT sections do not count.)
The server queue packets for, and accept requests from, each
(LIMIT sections do not count.)
The server queue packets for, and accept requests from, each
- putative client for which the config search yields a password.
+ putative client for which the config search yields a secret.
Each client will create a local interface, and try to communicate
with the server, for each possible pair (putative server,
Each client will create a local interface, and try to communicate
with the server, for each possible pair (putative server,
- putative client) for which the config search yields a password.
+ putative client) for which the config search yields a secret.
ipif
Command to run to create and communicate with local network
ipif
Command to run to create and communicate with local network
-pd=/etc/hippotat/passwords.d
+pd=/etc/hippotat/secrets.d
test -d $pd || \
install -m 750 -o root -g Debian-hippotat -d $pd
test -d $pd || \
install -m 750 -o root -g Debian-hippotat -d $pd
b'Content-Type: text/plain; charset="utf-8"' + crlf +
b'Content-Disposition: form-data; name="m"' + crlf + crlf +
str(cl.c.client) .encode('ascii') + crlf +
b'Content-Type: text/plain; charset="utf-8"' + crlf +
b'Content-Disposition: form-data; name="m"' + crlf + crlf +
str(cl.c.client) .encode('ascii') + crlf +
str(cl.c.target_requests_outstanding)
.encode('ascii') + crlf +
str(cl.c.http_timeout) .encode('ascii') + crlf +
str(cl.c.target_requests_outstanding)
.encode('ascii') + crlf +
str(cl.c.http_timeout) .encode('ascii') + crlf +
ci = ipaddr(ci_s)
desca['ci'] = ci
cl = clients[ci]
ci = ipaddr(ci_s)
desca['ci'] = ci
cl = clients[ci]
- if pw != cl.cc.password: raise ValueError('bad password')
+ if pw != cl.cc.secret: raise ValueError('bad secret')
desca['pwok']=True
if tro != cl.cc.target_requests_outstanding:
desca['pwok']=True
if tro != cl.cc.target_requests_outstanding:
# [<client-ip4-or-ipv6-address>]
# [<client-ip4-or-ipv6-address>]
-# password = <password> # used by both, must match
+# secret = <secret> # used by both, must match
[LIMIT]
max_batch_down = 262144
[LIMIT]
max_batch_down = 262144
cc.__dict__[key] = min(val,lim)
def cfg_process_client_common(cc,ss,cs,ci):
cc.__dict__[key] = min(val,lim)
def cfg_process_client_common(cc,ss,cs,ci):
- # returns sections to search in, iff password is defined, otherwise None
+ # returns sections to search in, iff secret is defined, otherwise None
cc.ci = ci
sections = ['%s %s' % (ss,cs),
cc.ci = ci
sections = ['%s %s' % (ss,cs),
- try: pwsection = cfg_search_section('password', sections)
+ try: pwsection = cfg_search_section('secret', sections)
except NoOptionError: return None
except NoOptionError: return None
- pw = cfg1get(pwsection, 'password')
- cc.password = pw.encode('utf-8')
+ pw = cfg1get(pwsection, 'secret')
+ cc.secret = pw.encode('utf-8')
cfg_process_client_limited(cc,ss,sections,'target_requests_outstanding')
cfg_process_client_limited(cc,ss,sections,'http_timeout')
cfg_process_client_limited(cc,ss,sections,'target_requests_outstanding')
cfg_process_client_limited(cc,ss,sections,'http_timeout')
def read_defconfig():
readconfig('/etc/hippotat/config.d', False)
def read_defconfig():
readconfig('/etc/hippotat/config.d', False)
- readconfig('/etc/hippotat/passwords.d', False)
+ readconfig('/etc/hippotat/secrets.d', False)
readconfig('/etc/hippotat/master.cfg', False)
def oc_defconfig(od,os, value, op):
readconfig('/etc/hippotat/master.cfg', False)
def oc_defconfig(od,os, value, op):
-# -- in passwords.d/chiark-zealot (on zealot and chiark)
+# -- in secrets.d/chiark-zealot (on zealot and chiark)
# zealot knows it's 192.0.2.4 because that's the only client
# zealot knows it's 192.0.2.4 because that's the only client
-# for which it has a password
+# for which it has a secret
[SERVER]
addrs = 203.0.113.46
[SERVER]
addrs = 203.0.113.46
-# -- in passwords.d/password (on both client and server)
+# -- in secrets.d/secret (on both client and server)
# nc -n -v -l -p 8100 -c 'dd of=/dev/null'
[192.0.2.3]
# nc -n -v -l -p 8100 -c 'dd of=/dev/null'
[192.0.2.3]
[192.0.2.3]
ipif = PATH=/usr/local/sbin:/sbin:/usr/sbin:$PATH really ./fake-userv /home/ian/things/Userv/userv-utils.git/ipif/service \* -- %(local)s,%(peer)s,%(mtu)s,slip '%(rnets)s'
[192.0.2.3]
ipif = PATH=/usr/local/sbin:/sbin:/usr/sbin:$PATH really ./fake-userv /home/ian/things/Userv/userv-utils.git/ipif/service \* -- %(local)s,%(peer)s,%(mtu)s,slip '%(rnets)s'
# ./hippotat -D -c test.cfg
[192.0.2.4]
# ./hippotat -D -c test.cfg
[192.0.2.4]
# dd if=/dev/urandom bs=1024 count=16384 | nc -q 0 -n -v 192.0.2.1 8100
# dd if=/dev/urandom bs=1024 count=16384 | nc -q 0 -n -v 192.0.2.1 8100