Josh Triplett - Networking without an OS

Transcript

1. Networking without an OS Josh Triplett [email protected] PyCon 2016

2. None
3. None

4. Porting Python to run without an OS

5. PyCon 2015 BIOS Implementation Test Suite (BITS) Python in GRUB

   and EFI, without an OS Explore and test hardware and firmware
6. None
7. None

8. BITS Capabilities Interactive Python interpreter (with line editing and tab

   completion)

9. BITS Capabilities Interactive Python interpreter (with line editing and tab

   completion) Direct access to hardware and physical memory

10. BITS Capabilities Interactive Python interpreter (with line editing and tab

    completion) Direct access to hardware and physical memory Python can call EFI firmware protocols via ctypes

11. BITS Capabilities Interactive Python interpreter (with line editing and tab

    completion) Direct access to hardware and physical memory Python can call EFI firmware protocols via ctypes Most of the Python standard library

12. Most of the Python standard library

13. Most of the Python standard library Some modules don’t make

    sense without an OS

14. os.execve os.fork

15. os.execve os.fork multiprocessing popen2 subprocess

16. os.execve os.fork multiprocessing popen2 subprocess webbrowser

17. import antigravity

18. socket select

19. socket select urllib2 httplib SocketServer BaseHTTPServer

20. EFI networking protocols EFI_IP4_CONFIG2_PROTOCOL EFI_TCP4_PROTOCOL

21. Why networking in firmware? Send scripts or test data into

    the machine

22. Why networking in firmware? Send scripts or test data into

    the machine Read test data or logs from the machine

23. Why networking in firmware? Send scripts or test data into

    the machine Read test data or logs from the machine Avoid relying on a writable filesystem

24. Why networking in firmware? Send scripts or test data into

    the machine Read test data or logs from the machine Avoid relying on a writable filesystem Speed up edit/compile/boot/run cycle

25. Demo

26. Bridging EFI networking and Python sockets Could call EFI network

    protocols directly Want compatibility with existing Python networking code Python modules import socket and select socket (Python) imports _socket (C)

27. Sockets overview “Berkeley” sockets

28. Sockets overview “Berkeley” sockets Standard on UNIX/POSIX systems, and on

    Windows via WinSock

29. Sockets overview “Berkeley” sockets Standard on UNIX/POSIX systems, and on

    Windows via WinSock Focusing exclusively on TCP/IP connections

30. Creating a socket int s = socket(AF_INET, SOCK_STREAM, 0);

31. Creating a socket int s = socket(AF_INET, SOCK_STREAM, 0); AF_INET

    - IP

32. Creating a socket int s = socket(AF_INET, SOCK_STREAM, 0); AF_INET

    - IP SOCK_STREAM - TCP

33. Creating a socket int s = socket(AF_INET, SOCK_STREAM, 0); AF_INET

    - IP SOCK_STREAM - TCP Can use s as either client or server socket

34. Client socket socket

35. Client socket socket connect

36. Client socket socket connect struct sockaddr

37. Client socket socket connect struct sockaddr send/recv

38. Client socket socket connect struct sockaddr send/recv close

39. Server socket socket

40. Server socket socket bind

41. Server socket socket bind struct sockaddr

42. Server socket socket bind struct sockaddr listen

43. Server socket socket bind struct sockaddr listen accept - returns

    a new connected socket

44. Server socket socket bind struct sockaddr listen accept - returns

    a new connected socket send/recv

45. Server socket socket bind struct sockaddr listen accept - returns

    a new connected socket send/recv close

46. select - waiting for activity Pass sets of file descriptors

    to monitor for reading and for writing

47. select - waiting for activity Pass sets of file descriptors

    to monitor for reading and for writing And for exceptions, but ignoring that here

48. select - waiting for activity Pass sets of file descriptors

    to monitor for reading and for writing And for exceptions, but ignoring that here Pass a timeout

49. select - waiting for activity Pass sets of file descriptors

    to monitor for reading and for writing And for exceptions, but ignoring that here Pass a timeout Waits for a connected socket to have data to recv or send

50. select - waiting for activity Pass sets of file descriptors

    to monitor for reading and for writing And for exceptions, but ignoring that here Pass a timeout Waits for a connected socket to have data to recv or send Waits for a listening socket to have a connection

51. select - waiting for activity Pass sets of file descriptors

    to monitor for reading and for writing And for exceptions, but ignoring that here Pass a timeout Waits for a connected socket to have data to recv or send Waits for a listening socket to have a connection Core of the main loop in most network servers

52. select - waiting for activity Pass sets of file descriptors

    to monitor for reading and for writing And for exceptions, but ignoring that here Pass a timeout Waits for a connected socket to have data to recv or send Waits for a listening socket to have a connection Core of the main loop in most network servers Many OS-specific replacements for scalability and performance

53. Python bindings import socket, select

54. Python bindings import socket, select s = socket.socket() - defaults

    to TCP/IP

55. Python bindings import socket, select s = socket.socket() - defaults

    to TCP/IP s.connect

56. Python bindings import socket, select s = socket.socket() - defaults

    to TCP/IP s.connect s.bind, s.listen, s.accept

57. Python bindings import socket, select s = socket.socket() - defaults

    to TCP/IP s.connect s.bind, s.listen, s.accept s.sendall, s.recv

58. Python bindings import socket, select s = socket.socket() - defaults

    to TCP/IP s.connect s.bind, s.listen, s.accept s.sendall, s.recv rl,wl,xl = select.select([s],[],[]) if s in rl:

59. CPython implementation socketmodule.c and selectmodule.c

60. CPython implementation socketmodule.c and selectmodule.c Extensive dependencies on POSIX and

    on C sockets API

61. CPython implementation socketmodule.c and selectmodule.c Extensive dependencies on POSIX and

    on C sockets API Would have to implement those APIs in C

62. CPython implementation socketmodule.c and selectmodule.c Extensive dependencies on POSIX and

    on C sockets API Would have to implement those APIs in C Handle C arguments, addresses, buffer management

63. CPython implementation socketmodule.c and selectmodule.c Extensive dependencies on POSIX and

    on C sockets API Would have to implement those APIs in C Handle C arguments, addresses, buffer management Would have to call EFI protocols from C

64. CPython implementation socketmodule.c and selectmodule.c Extensive dependencies on POSIX and

    on C sockets API Would have to implement those APIs in C Handle C arguments, addresses, buffer management Would have to call EFI protocols from C Or, have many callbacks from C to Python

65. BITS implementation C helper for safe asynchronous event handling Otherwise

    entirely Python Python makes all EFI protocol calls

66. Calling EFI from Python via ctypes

67. Behind the scenes efi.system_table is a data structure

68. Behind the scenes efi.system_table is a data structure efi.system_table.ConOut is

    a pointer to a protocol

69. Behind the scenes efi.system_table is a data structure efi.system_table.ConOut is

    a pointer to a protocol .contents dereferences a ctypes pointer

70. Behind the scenes efi.system_table is a data structure efi.system_table.ConOut is

    a pointer to a protocol .contents dereferences a ctypes pointer Most EFI calls expect a “this” pointer

71. Behind the scenes efi.system_table is a data structure efi.system_table.ConOut is

    a pointer to a protocol .contents dereferences a ctypes pointer Most EFI calls expect a “this” pointer ctypes converts "Hello world\r\n" to a Unicode string

72. Behind the scenes efi.system_table is a data structure efi.system_table.ConOut is

    a pointer to a protocol .contents dereferences a ctypes pointer Most EFI calls expect a “this” pointer ctypes converts "Hello world\r\n" to a Unicode string ctypes returns the error code from EFI

73. Resource management EFI uses manual memory management

74. Resource management EFI uses manual memory management Python uses garbage

    collection

75. Resource management EFI uses manual memory management Python uses garbage

    collection Python GC doesn’t know about references from EFI

76. Resource management EFI uses manual memory management Python uses garbage

    collection Python GC doesn’t know about references from EFI Must keep Python object alive as long as EFI references it

77. Resource management EFI uses manual memory management Python uses garbage

    collection Python GC doesn’t know about references from EFI Must keep Python object alive as long as EFI references it Must explicitly free EFI resources when no longer referenced from Python

78. EFI networking protocols EFI_IP4_CONFIG2_PROTOCOL

79. EFI networking protocols EFI_IP4_CONFIG2_PROTOCOL Read current IP configuration, or start

    IP configuration

80. EFI networking protocols EFI_IP4_CONFIG2_PROTOCOL Read current IP configuration, or start

    IP configuration EFI_TCP4_SERVICE_BINDING_PROTOCOL

81. EFI networking protocols EFI_IP4_CONFIG2_PROTOCOL Read current IP configuration, or start

    IP configuration EFI_TCP4_SERVICE_BINDING_PROTOCOL Create a new EFI_TCP4_PROTOCOL, like socket()

82. EFI networking protocols EFI_IP4_CONFIG2_PROTOCOL Read current IP configuration, or start

    IP configuration EFI_TCP4_SERVICE_BINDING_PROTOCOL Create a new EFI_TCP4_PROTOCOL, like socket() EFI_TCP4_PROTOCOL

83. EFI networking protocols EFI_IP4_CONFIG2_PROTOCOL Read current IP configuration, or start

    IP configuration EFI_TCP4_SERVICE_BINDING_PROTOCOL Create a new EFI_TCP4_PROTOCOL, like socket() EFI_TCP4_PROTOCOL EFI socket API: Configure, Connect, Accept, Transmit, Receive, Close

84. EFI networking protocols EFI_IP4_CONFIG2_PROTOCOL Read current IP configuration, or start

    IP configuration EFI_TCP4_SERVICE_BINDING_PROTOCOL Create a new EFI_TCP4_PROTOCOL, like socket() EFI_TCP4_PROTOCOL EFI socket API: Configure, Connect, Accept, Transmit, Receive, Close

85. EFI networking protocols EFI_IP4_CONFIG2_PROTOCOL Read current IP configuration, or start

    IP configuration EFI_TCP4_SERVICE_BINDING_PROTOCOL Create a new EFI_TCP4_PROTOCOL, like socket() EFI_TCP4_PROTOCOL EFI socket API: Configure, Connect, Accept, Transmit, Receive, Close Glossing over quirks, bugs, error handling, workarounds, and compatibility with older versions

86. Impedance mismatch: select versus Receive/Accept select checks for pending data

    or connections

87. Impedance mismatch: select versus Receive/Accept select checks for pending data

    or connections Does not read data or accept connection

88. Impedance mismatch: select versus Receive/Accept select checks for pending data

    or connections Does not read data or accept connection EFI can only check for data by calling Receive with a valid buffer

89. Impedance mismatch: select versus Receive/Accept select checks for pending data

    or connections Does not read data or accept connection EFI can only check for data by calling Receive with a valid buffer Solution: buffer received data, call Receive when buffer empty

90. Impedance mismatch: select versus Receive/Accept select checks for pending data

    or connections Does not read data or accept connection EFI can only check for data by calling Receive with a valid buffer Solution: buffer received data, call Receive when buffer empty Likewise for Accept

91. Impedance mismatch: select versus Receive/Accept select checks for pending data

    or connections Does not read data or accept connection EFI can only check for data by calling Receive with a valid buffer Solution: buffer received data, call Receive when buffer empty Likewise for Accept Similar to the implementation of sockets in an OS kernel

92. Impedance mismatch: Poll EFI_TCP4_PROTOCOL not updated directly from low-level interrupts

93. Impedance mismatch: Poll EFI_TCP4_PROTOCOL not updated directly from low-level interrupts

    Data processed infrequently, even with asynchronous call running

94. Impedance mismatch: Poll EFI_TCP4_PROTOCOL not updated directly from low-level interrupts

    Data processed infrequently, even with asynchronous call running Caller expected to call Poll periodically if waiting

95. Impedance mismatch: Poll EFI_TCP4_PROTOCOL not updated directly from low-level interrupts

    Data processed infrequently, even with asynchronous call running Caller expected to call Poll periodically if waiting Improves performance by orders of magnitude

96. Impedance mismatch: Poll EFI_TCP4_PROTOCOL not updated directly from low-level interrupts

    Data processed infrequently, even with asynchronous call running Caller expected to call Poll periodically if waiting Improves performance by orders of magnitude Solution: call Poll inside helpers for select

97. Impedance mismatch: asynchronous callbacks All EFI socket calls asynchronous

98. Impedance mismatch: asynchronous callbacks All EFI socket calls asynchronous Calls

    take a “completion token” with EFI_EVENT to signal when done

99. Impedance mismatch: asynchronous callbacks All EFI socket calls asynchronous Calls

    take a “completion token” with EFI_EVENT to signal when done For sockets, EFI_EVENT must have a callback function

100. Impedance mismatch: asynchronous callbacks All EFI socket calls asynchronous Calls

     take a “completion token” with EFI_EVENT to signal when done For sockets, EFI_EVENT must have a callback function Need to handle callback safely from Python

101. Python concurrency model Python expects bytecode ops and C calls

     to run to completion

102. Python concurrency model Python expects bytecode ops and C calls

     to run to completion Global Interpreter Lock (GIL)

103. Python concurrency model Python expects bytecode ops and C calls

     to run to completion Global Interpreter Lock (GIL) Data may have inconsistent state when callback occurs

104. Python concurrency model Python expects bytecode ops and C calls

     to run to completion Global Interpreter Lock (GIL) Data may have inconsistent state when callback occurs Almost all CPython functions prohibited

105. Python concurrency model Python expects bytecode ops and C calls

     to run to completion Global Interpreter Lock (GIL) Data may have inconsistent state when callback occurs Almost all CPython functions prohibited Same problem arises with Ctrl-C and signals

106. Py_AddPendingCall Register a callback (with context)

107. Py_AddPendingCall Register a callback (with context) Python calls it at

     the next safe point

108. Py_AddPendingCall Register a callback (with context) Python calls it at

     the next safe point Can call arbitrary CPython functions from the callback

109. Handling events C module provides event callback function pointer

110. Handling events C module provides event callback function pointer Python

     code creates EFI_EVENT with C callback

111. Handling events C module provides event callback function pointer Python

     code creates EFI_EVENT with C callback C callback invokes universal Python callback

112. Handling events C module provides event callback function pointer Python

     code creates EFI_EVENT with C callback C callback invokes universal Python callback Python callback dispatches to event-specific callback via dict

113. Handling events C module provides event callback function pointer Python

     code creates EFI_EVENT with C callback C callback invokes universal Python callback Python callback dispatches to event-specific callback via dict dict keeps Python objects live while EFI_EVENT references them

114. Implementing select Takes read and write lists of sockets

115. Implementing select Takes read and write lists of sockets Or

     file descriptors; map to sockets via dict

116. Implementing select Takes read and write lists of sockets Or

     file descriptors; map to sockets via dict Loop over sockets until timeout expires

117. Implementing select Takes read and write lists of sockets Or

     file descriptors; map to sockets via dict Loop over sockets until timeout expires Call _read_ready or _write_ready

118. Implementing select Takes read and write lists of sockets Or

     file descriptors; map to sockets via dict Loop over sockets until timeout expires Call _read_ready or _write_ready _read_ready checks queue, calls Receive or Accept

119. Implementing select Takes read and write lists of sockets Or

     file descriptors; map to sockets via dict Loop over sockets until timeout expires Call _read_ready or _write_ready _read_ready checks queue, calls Receive or Accept If already running from previous call, call Poll

120. Implementing select Takes read and write lists of sockets Or

     file descriptors; map to sockets via dict Loop over sockets until timeout expires Call _read_ready or _write_ready _read_ready checks queue, calls Receive or Accept If already running from previous call, call Poll Handle connection closure to provide EOF from recv

121. Implementing select Takes read and write lists of sockets Or

     file descriptors; map to sockets via dict Loop over sockets until timeout expires Call _read_ready or _write_ready _read_ready checks queue, calls Receive or Accept If already running from previous call, call Poll Handle connection closure to provide EOF from recv Queues data or error when callback called

122. Implementing select Takes read and write lists of sockets Or

     file descriptors; map to sockets via dict Loop over sockets until timeout expires Call _read_ready or _write_ready _read_ready checks queue, calls Receive or Accept If already running from previous call, call Poll Handle connection closure to provide EOF from recv Queues data or error when callback called _write_ready returns true if connected

123. Implementing select Takes read and write lists of sockets Or

     file descriptors; map to sockets via dict Loop over sockets until timeout expires Call _read_ready or _write_ready _read_ready checks queue, calls Receive or Accept If already running from previous call, call Poll Handle connection closure to provide EOF from recv Queues data or error when callback called _write_ready returns true if connected Always calls Poll if connected

124. class socket __init__: Create EFI_TCP4_PROTOCOL from binding protocol

125. class socket __init__: Create EFI_TCP4_PROTOCOL from binding protocol __del__/close: Cancel

     all outstanding callbacks

126. class socket __init__: Create EFI_TCP4_PROTOCOL from binding protocol __del__/close: Cancel

     all outstanding callbacks connect: Call Configure and Connect

127. class socket __init__: Create EFI_TCP4_PROTOCOL from binding protocol __del__/close: Cancel

     all outstanding callbacks connect: Call Configure and Connect recv: Return data from queue

128. class socket __init__: Create EFI_TCP4_PROTOCOL from binding protocol __del__/close: Cancel

     all outstanding callbacks connect: Call Configure and Connect recv: Return data from queue Spin on _read_ready if queue empty; this starts a Receive

129. class socket __init__: Create EFI_TCP4_PROTOCOL from binding protocol __del__/close: Cancel

     all outstanding callbacks connect: Call Configure and Connect recv: Return data from queue Spin on _read_ready if queue empty; this starts a Receive sendall: Call Transmit; save status for

130. class socket __init__: Create EFI_TCP4_PROTOCOL from binding protocol __del__/close: Cancel

     all outstanding callbacks connect: Call Configure and Connect recv: Return data from queue Spin on _read_ready if queue empty; this starts a Receive sendall: Call Transmit; save status for bind: Save provided address and port for later calls

131. class socket __init__: Create EFI_TCP4_PROTOCOL from binding protocol __del__/close: Cancel

     all outstanding callbacks connect: Call Configure and Connect recv: Return data from queue Spin on _read_ready if queue empty; this starts a Receive sendall: Call Transmit; save status for bind: Save provided address and port for later calls listen: Call Configure for listening socket

132. class socket __init__: Create EFI_TCP4_PROTOCOL from binding protocol __del__/close: Cancel

     all outstanding callbacks connect: Call Configure and Connect recv: Return data from queue Spin on _read_ready if queue empty; this starts a Receive sendall: Call Transmit; save status for bind: Save provided address and port for later calls listen: Call Configure for listening socket accept: Return queued connection if any

133. class socket __init__: Create EFI_TCP4_PROTOCOL from binding protocol __del__/close: Cancel

     all outstanding callbacks connect: Call Configure and Connect recv: Return data from queue Spin on _read_ready if queue empty; this starts a Receive sendall: Call Transmit; save status for bind: Save provided address and port for later calls listen: Call Configure for listening socket accept: Return queued connection if any Spin on _read_ready if queue empty; this starts an Accept

134. Socket demo and walkthrough

135. High-level client demo

136. High-level server demo

137. Try it out yourself BITS: https://biosbits.org/

138. Try it out yourself BITS: https://biosbits.org/ QEMU/KVM

139. Try it out yourself BITS: https://biosbits.org/ QEMU/KVM Client works automatically

140. Try it out yourself BITS: https://biosbits.org/ QEMU/KVM Client works automatically

     For server, use hostfwd option to forward ports inside

141. Try it out yourself BITS: https://biosbits.org/ QEMU/KVM Client works automatically

     For server, use hostfwd option to forward ports inside OVMF: Open Virtual Machine Firmware, EFI for QEMU

142. Try it out yourself BITS: https://biosbits.org/ QEMU/KVM Client works automatically

     For server, use hostfwd option to forward ports inside OVMF: Open Virtual Machine Firmware, EFI for QEMU Or try it on physical hardware

143. Try it out yourself BITS: https://biosbits.org/ QEMU/KVM Client works automatically

     For server, use hostfwd option to forward ports inside OVMF: Open Virtual Machine Firmware, EFI for QEMU Or try it on physical hardware Check BIOS settings to enable EFI network stack

144. Try it out yourself BITS: https://biosbits.org/ QEMU/KVM Client works automatically

     For server, use hostfwd option to forward ports inside OVMF: Open Virtual Machine Firmware, EFI for QEMU Or try it on physical hardware Check BIOS settings to enable EFI network stack Use wired Ethernet

145. BIOS Implementation Test Suite (BITS) http://biosbits.org/ Questions?

146. Networking without an OS Demo Backup Josh Triplett [email protected] PyCon

     2016
147. None
148. None
149. None
150. None
151. None
152. None
153. None
154. None
155. None
156. None
157. None
158. None
159. None
160. None
161. None
162. None
163. None
164. None
165. None
166. None
167. None
168. None
169. None
170. None
171. None
172. None
173. None
174. None
175. None
176. None
177. None
178. None
179. None
180. None
181. None
182. None
183. None
184. None
185. None