VPP/HostStack/LDP/sshd

From fd.io
< VPP‎ | HostStack
Revision as of 01:12, 5 December 2018 by Florin.coras (Talk | contribs)

Jump to: navigation, search

Example of how to run sshd via LDP and VCL on top of VPP's host stack. This is known to work as of vpp gerrit 16342 with OpenSSH 7.6p1 and on Ubuntu 18.04.1.

To run the test two hosts with networking connectivity are needed: - server where vpp and sshd run - client where the ssh client runs on top of the linux host stack

Server configuration

Since this is experimental work, it is recommended to start vpp in debug mode with the following additions to startup.conf:

unix { gid vpp }
session { evt_qs_memfd_seg  }
socksvr { socket-name /tmp/vpp-api.sock}

These ensure that vpp starts with gid vpp, the session layer uses a memfd segment for event queues and that the binary api can work with a socket transport. It is also important that the user that starts vpp is a member of the vpp group.

The minimal vcl startup configuration in /etc/vpp/vcl.conf should be:

vcl {
  heapsize 64M
  rx-fifo-size 4000000
  tx-fifo-size 4000000
  api-socket-name /tmp/vpp-api.sock
}

To startup sshd run:

sudo LD_PRELOAD=$LDP_PATH sshd -f $CFG_FILE -4 -r -D

LDP_PATH is the path to the LD_PRELOAD library built by vpp. Typically you can find this under build-root/build-vpp_debug-native/vpp/lib/libvcl_ldpreload.so. The CFG_FILE is a customized sshd file. In particular, the following things have been changed compared to the default /etc/sshd/sshd_config:

Port 2222
HostKey /path/to/valid/ssh_host_rsa_key
PidFile /tmp/vcl_sshd.pid

The rest of the options limit network connectivity to IPv4 and set flags that avoid force sshd not to re-execute and daemonize.

Running the client

Assuming that the client will do public key authentication with the server and that the keys have been properly configured, on the client linux host do:

ssh -p 2222 <server_ip>

At this point you should be logged into the server. To see the ssh session in vpp do:

sh session verbose