Hi Nobuo Iwata, On 12/26/2016 12:08 AM, Nobuo Iwata wrote: > Dear all, > > This series of patches adds exporting device operation to USB/IP. > > NOTE: > This patch set modifies only userspace codes in tools/usb/usbip. > Existing operation is still available. > New operation will not be enabled unless new daemon is started. This is a quick note to say that I am on vacation for Christmas break all of this week and will review this series during the first week of January. > > 1. Background > > The motivation of this series is to utilize USB/IP as a platform for > IoT. Or a platform to serve ubiquitous devices. > Linux is major of server OS and various small linux node is distributed > everywhere. USB devices are most easy-to-use for the small nodes. > USB/IP is useful to serve USB devices of distributed linux nodes as if > they are local devices without any modification to applications. > > 2. Goal > > The goal is to add flexibility to USB/IP for the platform for IoT. > > 1) To improve usability of operations > When two Linux machines are in a small distance, it's OK to bind (makes > importable) at device side machine and attach (import) at application > side. > If application is as cloud service or in blade server, it's not > practical to attach from application side. It's useful to connect > (export) from device side. This patch set adds the new operation to > connect devices from device side machine. > > 2) To give flexibility to direction of connection > Using USB/IP in internet, there can be two cases. > a) an application is inside firewall and devices are outside. > b) devices are inside firewall and an application is inside. > In case-a, import works because the connection is from inside. > In case-b, import doesn't works because the connection is from outside. > Connection from device side is needed. This patch set adds the > direction of connection establishment. > > NOTE: > Directions of URB requests and responses are not changed. Only > direction of connection establishment initiated with usbip command is > added to exsiting one. > > 3. What's 'exporting' device > > Exporting devices is not new. The request and response PDU have already > been defined in tools/usbip/usbip/src/usbip_network.h. > #/* Export a USB device to a remote host. */ > #define OP_EXPORT 0x06 > #define OP_REQ_EXPORT (OP_REQUEST | OP_EXPORT) > #define OP_REP_EXPORT (OP_REPLY | OP_EXPORT) > # struct op_export_request > # struct op_export_reply > #/* un-Export a USB device from a remote host. */ > #define OP_UNEXPORT 0x07 > #define OP_REQ_UNEXPORT (OP_REQUEST | OP_UNEXPORT) > #define OP_REP_UNEXPORT (OP_REPLY | OP_UNEXPORT) > # struct op_unexport_request > # struct op_unexport_reply > > But they have not been used yet. This series adds new operations: > 'connect' and 'disconnect' using these PDUs. > > EXISTING) - invites devices from application(vhci)-side > +------+ +------------------+ > device--+ STUB | | application/VHCI | > +------+ +------------------+ > (server) (client) > 1) # usbipd ... start daemon > = = = > 2) # usbip list --local > 3) # usbip bind > <--- list bound devices --- 4) # usbip list --remote > <--- import a device ------ 5) # usbip attach > = = = > X disconnected 6) # usbip detach > 7) usbip unbind > > NEW) - dedicates devices from device(stub)-side > +------+ +------------------+ > device--+ STUB | | application/VHCI | > +------+ +------------------+ > (client) (server) > 1) # usbipa ... start daemon > = = = > 2) # usbip list --local > 3) # usbip connect --- export a device ------> > = = = > 4) # usbip disconnect --- un-export a device ---> > > Bind and unbind are done in connect and disconnect internally. > > 4. The use cases > > EXISTING) > > In existing way, computers in small distance, having same user account, > can be easily managed by a same user. Bind in local machine and attach > in remote machine by the user. The devices can be exporsed > automatically in the local machine, for example, at strat up. They can > be attached from remote. > > When there are distributes linux nodes with USB devices in internet, > they are exposed by bind operation at start up, server behind firewall > can list and attach the devices. > Internet > Exposed +----------+ +--------+ +--------+ > +------+ |Linux |+ |Router, | |Service | > +|device|--|Controller||-------------------|proxy, |----|on | > |+------+ +----------+| |firewall| |Linux | > +------+ +----------+ +--------+ +--------+ > (server) (client) > <--- attach(import) > USB/IP + WS proxy WS proxy + USB/IP > > NEW) > > Assuming that a server computer which runs application and VHCI is in a > server room and device side machines are small distributed nodes > outside of the server room, the operator of the server compter is > different form the distributed nodes. The server computer may be in > unattended operation. In the new way, after the daemon has been > started, device can be connected with connect command in the > distributed nodes. If the distributed nodes doesn't have user > interface, the connect command can be executed from start up procedure. > > In another senario to connect devices to a Linux based cloud service > using WebSocket proxy, it's needed to establish connection from a > device inside of firewall to a service outside. Exporting is suitable > for the senario. > > Home/SOHO/Intranet Internet > +----------+ +--------+ +--------+ > +------+ |Linux |+ |Router, | |Internet| > +|device|--|Controller||----|proxy, |-------------------|service | > |+------+ +----------+| |firewall| |on Linux| > +------+ +----------+ +--------+ +--------+ > (client) (server) > connect(export) --> > USB/IP + WS proxy WS proxy + USB/IP > ex) > Device Service > sensors ......................................... environment analysis > cameras ......................................... monitoring, recording > ID/biometric readers ............................ authentication > > Firewall, proxy, or router in front of internet usually blocks > connections from internet regarding all TCP ports. They opens some > ports, usually HTTP(80) and HTTPS(443), for connection from inside. > In combination with WebSocket proxy, USB/IP can establish connection > from inside of the firewall. > > EXISTING) > Enterprise/SOHO/Home Firewall/Proxy/Router Internet > APP# usbip attach -----------(passed)--------> DEV# usbipd > DEV# usbipd (blocked)|| <--------- APP# usbip attach > > NEW) > Enterprise/SOHO/Home Firewall/Proxy/Router Internet > DEV# usbip connect ----------(passed)--------> DEV# usbipa > APP# usbipa (blocked)|| <--------- APP# usbip connect > > Attach operation can invite devices in internet but cannot invite > devices from internet. On the other hand, connect operation can > dedicate devices to internet but cannot dedicate devices in internet. > > 5. Combination with vUDC > > New operations work with vUDC. --device option specifies vUDC mode as > well as list operaion. With stub, connect and disconnect execute bind > and unbind internally. With vUDC, they do not execute bind and unbind. > They are done by UDC interface. > > 6. Security consideration > > When application side daemon is not started, this patch set doesn't > affect exsiting security. > > 1) Connection level security > > Daemons accept following requests form network : > EXISTING) 'list --remote' and 'attach' > NEW) 'connect' and 'disconnect' > > TCP wrappers allows and/or denies network access. It is enabled when > the daemons are compiled with ./configure --with-tcp-wrappers. > > When the daemons are running with SSL or Secure WebSocket tunneling > proxy, the proxy can use client authentication with certificate files. > > 2) Device level security > > Udev rules can allow only known devices. To identify whether a device > is remote, the local bus-id (KERNEL parameter in the rule) will be > found in the last column of /sys/devices/platform/vhci_hcd/status[.N]. > When device is found, the port number of USB/IP can be found in the > first column of the matched line. The udev script can finish the > connection using detach operation with the port number. > > 7. Relationship between existing and new operation > > Both existing and new operation are independent each other. > > Existing operation is enabled when existing usbipd daemon is started. > New operation is enabled when new usbipa daemon is started. > > Both existing and new operation work in same machines simultaneously. > Status of devices and ports are controlled in stub and vhci driver. > > 8. Wording > > Adding the new operation, some inconsistnecies in wording are appeared > in documentation, function name, etc. If needed, they are fixed. > > 'export' is used for bind and 'exported' is used for bound. They are > changed to 'make importable' and 'imported' respectively. The words are > not new. For example, in the output of port operation, 'imported > devices' is already used. > > 'client' and 'server' are switched between existing and new operation. > Sometimes they implies device-side and application-side. So, words > 'device-side' and 'application-side' are used in documentations as > needed for clarity. > > 9. Dependency > > This set depends to "usbip: auto retry for concurrent attach" patch. > > --- > Version information > > This series is divided from "USB/IP over WebSocket" patch set. > Rest of the set will be sent as another series. > > v14) > # Recreated based on linux-next 20161224. > # Added dependency to "usbip: auto retry for concurrent attach" patch. > # Added background to cover letter. > # Added server/client to each diagrams. > # Updated ending part of usecase, firewall diagram and description. > # Added device level security consideration to cover letter. > # Added security consideration to README. > # Added auto retry for false no-free-port in concurrent processing of > export request. > # Removed returncode from export and un-export reply. > # Renamed abstraction of driver functions for daemons from > usbip_.*_driver() to usbipd_driver_.*(). > # Renamed usbip_update_driver() to usbipd_driver_set(). > # Introduced usbipd_driver_ops for these driver functions for daemons. > # Refactored recv_pdu functions as one. > # Introduced usbipd_recv_pdu_ops. > # Refactored libsrc/vhci_driver.c:read_record(). > # Modified not to call read_record() for unused port from > vhci_find_device. > # Modified to use driver->ndevs is used insted of counting list in > send_reply_devlist(). > # Fixed according to review comments for v13. > unnecessary zero clear for reply buffer. > unnecessary read for empty struct. > sizeof usage from struct name to variable name. > implicit size for buffer arguments. > # Added email address to copyrights. > # Moved copyright position to bottom. > > v13) > # Recreated based on linux-next 20161117. > # Updated cover letter: added goal, rewrote overview as explanation of > 'exporting' and added that this patch dosn't affect security condition > in existing usage. > # Moved protocol documentation as the last patch. > # Added explanation to each patch. > # Removed copyright from usbip_bind.c, usbip_unbind.c, usbip_network.h > and usb_list.c in which size of modification is small and functional > change is not included. > # Fixed help string about position of --parsable option. > > v12) > # Recreated based on linux-next 20161012. > # Fixed checkpatch a warning about symbolic permission. > # Fixed checkpatch warnings about traling space in a document. > > v11) > # Corrected program name of each daemon which are used in version > string, info messages and daemon name for tcp wrappers. > # Added description about tcp wrappers in security consideration of > cover letter. > # Added security consideration for existing requests in > contradistinction to new requests. > # Recreated based on linux-next 20160928. > > v10) > # Recreated based on linux-next 20160810. > > v9) > # Moved a set_nodelay() from usbipd_dev.c to usbipd.c to affect both > device side and application side daemon. > # Removed redundant blank line at the end of files. > > v8) > # Divided into smaller patches. > # Excluded low-related patches. > # Improved change log. > # Changed info level logs in usbip_ux.c to debug level logs. > # Added options to vUDC. > # Tested with vUDC. > > v7) > # Removed userspace transmission and WebSocket command/daemon. > # Fixed checkpatch errors and warnings. > > v6) > # Added __rcu annotation to a RCU pointer to clear sparse warnings. > # Corrected a copy to RCU pointer with rcu_rcu_assign_pointer(). > # Added __user annotations to arguments of read/write method. > # Added static to some functions which are not called from other files. > # Removed unnecessary EXPORT_SYMBOLs. > > v5) > # Added vendor/pruduct name conversion to port command. > # Put initial value to pool_head in name.c. > # Fixed list command exception when host option is omitted. > # Fixed exception in case gai_strerror() returns NULL. > # Fixed WebSocket connection close via proxy. > # Fixed to stop WebSocket ping-pong on connection close. > # Removed redundant usbipd daemon option. > # Removed redundant SSL code had not been deleted. > # Removed an unused local variable in WebSocket code. > # Modified C++ reserved word in names.c as same as headers. > > v4) > # Fixed regression of usbip list --remote > > v3) > # Coding style for goto err labels are fixed. > # Defined magic numbers for open_hc_device() argument. > # Corrected include .../uapi/linux/usbip_ux.h as <linux/usbip_ux.h>. > # Modified parameter notation in manuals not to use '='. > # Fixed inappropriate version definition in > tools/.../websocket/configure.ac. > # Remved unnecessary COPYING and AUTHORS fil from tools/.../websocket/. > # Added -version-info to libraries in tools/.../src. > > v2) > # Formatted patches from linux-next. > # Fixed change log word wrapping. > # Removed SSL patches. > # Fixed a bug that vendor and product names are not shown by 'usbws > list -l' because usbip_names_init() was not called in libusbip.la. > > Thank you, > > Nobuo Iwata <nobuo.iwata@xxxxxxxxxxxxxxx> > // > > *** BLURB HERE *** > > Nobuo Iwata (10): > usbip: exporting devices: modifications to network header > usbip: exporting devices: modifications to host side libraries > usbip: exporting devices: new connect operation > usbip: exporting devices: new disconnect operation > usbip: exporting devices: modifications to daemon > usbip: exporting devices: modifications to attach and detach > usbip: exporting devices: new application-side daemon > usbip: exporting devices: change to usbip_list.c > usbip: exporting devices: chage to documenattion > usbip: exporting devices: modifications to protocol text > > Documentation/usb/usbip_protocol.txt | 238 ++++++++++++++++--- > tools/usb/usbip/Makefile.am | 2 +- > tools/usb/usbip/README | 81 +++++-- > tools/usb/usbip/doc/usbip.8 | 136 +++++++++-- > tools/usb/usbip/doc/usbipa.8 | 78 +++++++ > tools/usb/usbip/doc/usbipd.8 | 38 +-- > tools/usb/usbip/libsrc/usbip_host_common.c | 6 +- > tools/usb/usbip/libsrc/usbip_host_common.h | 8 +- > tools/usb/usbip/libsrc/vhci_driver.c | 197 ++++++++++++---- > tools/usb/usbip/libsrc/vhci_driver.h | 4 + > tools/usb/usbip/src/Makefile.am | 12 +- > tools/usb/usbip/src/usbip.c | 13 ++ > tools/usb/usbip/src/usbip.h | 8 + > tools/usb/usbip/src/usbip_attach.c | 99 +++----- > tools/usb/usbip/src/usbip_bind.c | 4 +- > tools/usb/usbip/src/usbip_connect.c | 212 +++++++++++++++++ > tools/usb/usbip/src/usbip_detach.c | 17 +- > tools/usb/usbip/src/usbip_disconnect.c | 200 ++++++++++++++++ > tools/usb/usbip/src/usbip_list.c | 21 +- > tools/usb/usbip/src/usbip_network.c | 26 ++- > tools/usb/usbip/src/usbip_network.h | 8 +- > tools/usb/usbip/src/usbip_unbind.c | 4 +- > tools/usb/usbip/src/usbipd.c | 259 +++++---------------- > tools/usb/usbip/src/usbipd.h | 84 +++++++ > tools/usb/usbip/src/usbipd_app.c | 200 ++++++++++++++++ > tools/usb/usbip/src/usbipd_dev.c | 236 +++++++++++++++++++ > 26 files changed, 1743 insertions(+), 448 deletions(-) > create mode 100644 tools/usb/usbip/doc/usbipa.8 > create mode 100644 tools/usb/usbip/src/usbip_connect.c > create mode 100644 tools/usb/usbip/src/usbip_disconnect.c > create mode 100644 tools/usb/usbip/src/usbipd.h > create mode 100644 tools/usb/usbip/src/usbipd_app.c > create mode 100644 tools/usb/usbip/src/usbipd_dev.c > -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
