This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
[Fwd: [Bug translator/6565] network compile server, stage 1]
- From: Dave Brolley <brolley at redhat dot com>
- To: systemtap at sources dot redhat dot com
- Date: Thu, 03 Jul 2008 14:00:14 -0400
- Subject: [Fwd: [Bug translator/6565] network compile server, stage 1]
I just pushed an updated prototype stap client/server. Details below
from bz6565.
In order to set up a server, one may now simply run stap-serverd <port>.
The server will automatically advertise its presense on the network and
will use <port> and <port>+1 (see issues below). Multiple servers may be
running concurrently using different ports (I'm working on automating
this). The default ports are 65000 and 65001. stap-serverd may be killed
by sending it SIGINT.
To use the server one simply runs stap-client on a compatible (or the
same) machine on the local network. stap-client takes the same arguments
as stap and will automatically find a compatible server (see issues
below) if one is available.
My current issues with the implementation are:
o I still need to finish defining what the client should be looking for
when looking for a compatible server. There has been some loose
discussion, but I need to nail this down. Currently only `uname -r` is
checked.
o How does the client establish that a given server is trusted. I've
read Roland's remarks on the subject of client/server security and will
be reading them again to see if any of it will sink in.
o In order to get around the problem of tcp connections being closed
after a file is sent, the current implementation uses one port for
synchronization (which remains connected during the entire transaction)
and another for file transfer (which is opened and closed as each file
is transferred). My concern is that this presents an opportunity for
this second port to be hijacked by an imposter either in order to
present the server with an alternate request and/or to steal the
server's response. Any ideas on how both the client and server can
determine that the same client/server is using the second port would be
much appreciated. Perhaps thes time that this whole thing was written in
a higher level language has come. Perhaps the answer lies in Roland's
comments.
Dave
-------- Original Message --------
Subject: [Bug translator/6565] network compile server, stage 1
Date: 3 Jul 2008 17:32:50 -0000
From: brolley at redhat dot com <sourceware-bugzilla@sourceware.org>
Reply-To: sourceware-bugzilla@sourceware.org
To: brolley@redhat.com
References: <20080526195706.6565.fche@redhat.com>
------- Additional Comments From brolley at redhat dot com 2008-07-03 17:32 -------
I just pushed a new prototype version of the stap client/server. It addresses
concerns raised about the initial version, including:
o Server no longer managed by xinetd. Instead a new stap-serverd script can be
started by anyone. Multiple stap-serverd instances can run simultaneously on
separate (specified) ports. stap-serverd can be killed by sending it a SIGINT
signal.
o The /etc/avahi/services config file is now obsolete. stap-serverd now uses
avahi-publish-service to advertise its own presence on the network.
o Communication protocol has been simplified so that no trusted information is
used to synchronize the flow of communication. rsync is no longer used to
transer files. ssh access to the server machine is no longer required. nc is
used for all client/server communication.
o Both the client and the server do their own examination of the files passed in
order to verify their appropriateness.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=6565
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.