20170906_jeffrey - silenceuncrio/diary GitHub Wiki
0920
ariel 表示 M300 firmware upgrade 到一半會跳回 login 畫面
firmware upgrade 相關的 javascript
vm.timeout_2sec = function () {
timer_2sec = $timeout(2000);
timer_2sec.then(function () {
icos.firmware.progress()
.then( function(response) {
vm.progress = response.data.progress;
var busy_sec = (Date.parse(vm.progress.curr_time) - Date.parse(vm.progress.init_time))/1000
busy_sec = Math.round(busy_sec*9/13); // magic estimate
if (vm.progress.state == "busy") {
if (busy_sec + 12 < 99) {
vm.progress_valuenow = busy_sec + 12;
} else {
vm.progress_valuenow = 99;
}
vm.timeout_2sec();
} else if (vm.progress.state == "fail") {
vm.progress_ing = false;
vm.progress_css = "progress-bar progress-bar-danger";
} else if (vm.progress.state == "ok") {
vm.progress_valuenow = 100;
vm.progress_ing = false;
vm.progress_css = "progress-bar progress-bar-success";
}
vm.progress_summary = vm.progress.status;
}, function(response) {
vm.timeout_2sec();
});
});
}
在 firmware upgrade 的持續時間
每兩秒會發一次 icos.firmware.progress()
在 icos.service.js 定義如下
firmware.progress = function() {
return $http.get('cgi-bin/firmware.cgi?act=progress');
}
對應的 CGI 為 cgi-bin/firmware.cgi?act=progress
看到 iweb .c 的 _register_endpoints()
static void _register_endpoints(struct mg_connection *nc)
{
// api
mg_register_http_endpoint(nc, "/api/login", _api_login);
mg_register_http_endpoint(nc, "/api/logout", _api_logout);
mg_register_http_endpoint(nc, "/api/wasLogin", _api_wasLogin);
mg_register_http_endpoint(nc, "/api/firmwareUpload", _api_firmwareUpload);
mg_register_http_endpoint(nc, "/api/configurationUpload", _api_configurationUpload);
mg_register_http_endpoint(nc, "/api/openvpnUpload", _api_openvpnUpload);
mg_register_http_endpoint(nc, "/api/ipsecUpload", _api_ipsecUpload);
// all cgi under '/cgi-bin' need auth
mg_register_http_endpoint(nc, "/cgi-bin", _handler_auth);
// but some cgi need not auth
mg_register_http_endpoint(nc, "/cgi-bin/icos_shm.cgi", _handler_noauth);
mg_register_http_endpoint(nc, "/cgi-bin/sntp.cgi?act=help", _handler_noauth);
mg_register_http_endpoint(nc, "/cgi-bin/connmgr.cgi?act=config", _handler_noauth);
mg_register_http_endpoint(nc, "/cgi-bin/system.cgi?act=status", _handler_noauth);
mg_register_http_endpoint(nc, "/cgi-bin/openvpn.cgi?act=status", _handler_noauth);
mg_register_http_endpoint(nc, "/cgi-bin/openvpn.cgi?act=cert_status", _handler_noauth);
mg_register_http_endpoint(nc, "/cgi-bin/ipsec.cgi?act=status", _handler_noauth);
mg_register_http_endpoint(nc, "/cgi-bin/ipsec.cgi?act=conn_status", _handler_noauth);
// some static page need auth because their controlloer has no resolve
mg_register_http_endpoint(nc, "/app/feature/configuration.html", _handler_auth);
mg_register_http_endpoint(nc, "/app/feature/restart.html", _handler_auth);
mg_register_http_endpoint(nc, "/app/feature/firmware.html", _handler_auth);
mg_register_http_endpoint(nc, "/app/feature/wanPriority.html", _handler_auth);
mg_register_http_endpoint(nc, "/app/feature/load_factory.html", _handler_auth);
}
cgi-bin/firmware.cgi?act=progress 是需要 authenticate 的
// all cgi under '/cgi-bin' need auth
mg_register_http_endpoint(nc, "/cgi-bin", _handler_auth);
也就是每一次的 cgi-bin/firmware.cgi?act=progress request 都會重置 iweb session 的 timeout 才對
而且就算 timeout 了
前端也不會自動跳到 login 才對
而是去按了什麼發出需要 authentication 的 request 才會得到 404 才導致前端跳到 login 畫面才對
1010
觀察一下 firmware upgrade 成功後停留在提醒使用者 reboot 畫面
看看放著不管會不會跳到 login 畫面
1035
放著不管是不會
不過按了 reboot 倒是會導回 login 畫面
這時再按一次 firmware upgrade 又可以讓你再做一次 firmware upgrade 的動作了
看來停留在 reboot 畫面的時候不要讓它 timeout 就好了
最簡單的方式就是持續地發送不傷大雅的 request
1100
簡單修一下 firmware.js
一旦 firmware upgrade 成功之後
就算再次 F5 網頁更新還是會顯示出 reboot 的提醒畫面
希望這樣能解決 ariel 或是其他使用者的困擾
diff --git a/proscend/prosrc/www/app/feature/firmware.js b/proscend/prosrc/www/app/feature/firmware.js
index 0a84cbf..9537e45 100644
--- a/proscend/prosrc/www/app/feature/firmware.js
+++ b/proscend/prosrc/www/app/feature/firmware.js
@@ -81,6 +81,7 @@ function firmwareController($scope, $timeout, $location, icos, Upload, progress)
vm.progress_valuenow = 100;
vm.progress_ing = false;
vm.progress_css = "progress-bar progress-bar-success";
+ vm.timeout_2sec();
}
vm.progress_summary = vm.progress.status;
@@ -116,8 +117,15 @@ function firmwareController($scope, $timeout, $location, icos, Upload, progress)
}
vm.progress_summary = vm.progress.status;
vm.timeout_2sec();
+ } else if (vm.progress.state == "ok") {
+ vm.progress_valuenow = 100;
+ vm.progress_ing = false;
+ vm.progress_css = "progress-bar progress-bar-success";
+ vm.timeout_2sec();
}
+
+
}
1105
上 code 吧
commit e488617f0654d4df0e691aebc0b3cbcfab6cddbc
Refs: [develop], {origin/develop}
Author: jeffrey <[email protected]>
Date: Wed Sep 6 11:02:32 2017 +0800
Improve the 'Firmware' web page
- after firmware upgrade succeeded, keep sending dummy request to prevent session timeout
- after firmware upgrade succeeded, even user refresh the web page or re-login, the firmware page still remind the user to reboot the device
proscend/prosrc/www/app/feature/firmware.js | 8 ++++++++
1 file changed, 8 insertions(+)
1300
直接來看 quagga 提供的 OSPF 範例吧
A simple example, with MD5 authentication enabled:
!
interface bge0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 ABCDEFGHIJK
!
router ospf
network 192.168.0.0/16 area 0.0.0.1
area 0.0.0.1 authentication message-digest
耐著性子分析
interface bge0
- 4.2.1 Standard Commands
- Command: interface ifname
ip ospf authentication message-digest
- 7.5 OSPF interface
- Interface Command: ip ospf authentication message-digest
- Specify that MD5 HMAC authentication must be used on this interface.
- MD5 keying material must also be configured.
ip ospf message-digest-key 1 md5 ABCDEFGHIJK
- 7.5 OSPF interface
- Interface Command: ip ospf message-digest-key KEYID md5 KEY
- Set OSPF authentication key to a cryptographic password.
- The cryptographic algorithm is MD5.
- KEYID identifies secret key used to create the message digest.
- This ID is part of the protocol and must be consistent across routers on a link.
- KEY is the actual message digest key, of up to 16 chars, and is associated with the given KEYID.
router ospf
- 7.3 OSPF router
- Command: router ospf
- Enable or disable the OSPF process.
network 192.168.0.0/16 area 0.0.0.1
- 7.3 OSPF router
- OSPF Command: network a.b.c.d/m area a.b.c.d
- This command specifies the OSPF enabled interface(s).
- If the interface has an address from range 192.168.1.0/24 then the command below enables ospf on this interface so router can provide network information to the other ospf routers via this interface.
area 0.0.0.1 authentication message-digest
- 7.4 OSPF area
- OSPF Command: area a.b.c.d authentication message-digest
- Specify that OSPF packets must be authenticated with MD5 HMACs within the given area.
- Keying material must also be configured on a per-interface basis (see ip ospf message-digest-key).
- MD5 authentication may also be configured on a per-interface basis (see ip ospf authentication message-digest).
- Such per-interface settings will override any per-area authentication setting.
- 這個設定先不管
1330
An ABR router, with MD5 authentication and performing summarisation of networks between the areas:
!
password ABCDEF
log file /var/log/quagga/ospfd.log
service advanced-vty
!
interface eth0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 ABCDEFGHIJK
!
interface ppp0
!
interface br0
ip ospf authentication message-digest
ip ospf message-digest-key 2 md5 XYZ12345
!
router ospf
ospf router-id 192.168.0.1
redistribute connected
passive interface ppp0
network 192.168.0.0/24 area 0.0.0.0
network 10.0.0.0/16 area 0.0.0.0
network 192.168.1.0/24 area 0.0.0.1
area 0.0.0.0 authentication message-digest
area 0.0.0.0 range 10.0.0.0/16
area 0.0.0.0 range 192.168.0.0/24
area 0.0.0.1 authentication message-digest
area 0.0.0.1 range 10.2.0.0/16
!
password ABCDEF
- 3.1.1 Basic Config Commands
- Command: password password
- Set password for vty interface. If there is no password, a vty won’t accept connections.
- 不提供
log file /var/log/quagga/ospfd.log
- 3.1.1 Basic Config Commands
- Command: log file filename
- If you want to log into a file, please specify filename as in this example:
log file /var/log/quagga/bgpd.log informational
- If the optional second argument specifying the logging level is not present, the default logging level will be used.
- 寫死不開放設定
service advanced-vty
- 3.1.1 Basic Config Commands
- Command: service advanced-vty
- Enable advanced mode VTY.
- 不實作
interface eth0
- 4.2.1 Standard Commands
- Command: interface ifname
ip ospf authentication message-digest
- 7.5 OSPF interface
- Interface Command: ip ospf authentication message-digest
- Specify that MD5 HMAC authentication must be used on this interface.
- MD5 keying material must also be configured.
ip ospf message-digest-key 1 md5 ABCDEFGHIJK
- 7.5 OSPF interface
- Interface Command: ip ospf message-digest-key KEYID md5 KEY
- Set OSPF authentication key to a cryptographic password.
- The cryptographic algorithm is MD5.
- KEYID identifies secret key used to create the message digest.
- This ID is part of the protocol and must be consistent across routers on a link.
- KEY is the actual message digest key, of up to 16 chars, and is associated with the given KEYID.
ospf router-id 192.168.0.1
- 7.3 OSPF router
- OSPF Command: ospf router-id a.b.c.d
- This sets the router-ID of the OSPF process.
- The router-ID may be an IP address of the router, but need not be - it can be any arbitrary 32bit number.
- However it MUST be unique within the entire OSPF domain to the OSPF speaker - bad things will happen if multiple OSPF speakers are configured with the same router-ID!
- If one is not specified then ospfd will obtain a router-ID automatically from zebra.
- 不實作
redistribute connected
- 5.4 How to Announce RIP route
- RIP command: redistribute connected
- Redistribute connected routes into the RIP tables.
- no redistribute connected disables the connected routes in the RIP tables.
- This command redistribute connected of the interface which RIP disabled.
- The connected route on RIP enabled interface is announced by default.
- 不做
passive interface ppp0
- 沒找到什麼說明
- 不實作
network 192.168.0.0/24 area 0.0.0.0
- 7.3 OSPF router
- OSPF Command: network a.b.c.d/m area a.b.c.d
- This command specifies the OSPF enabled interface(s).
- If the interface has an address from range 192.168.1.0/24 then the command below enables ospf on this interface so router can provide network information to the other ospf routers via this interface.
area 0.0.0.0 authentication message-digest
area 0.0.0.0 range 10.0.0.0/16
area 0.0.0.0 range 192.168.0.0/24
area 0.0.0.1 authentication message-digest
area 0.0.0.1 range 10.2.0.0/16
全部不做
1415
接下來 quagga 提供的兩個 OSPF 範例都太特殊了
跳過
不過目前看 M!DGE 的 OSPF 大概知道他們怎麼做的了
1600
這是一個我目前看到最為全面的 購物 package
後續要安排時間來演練一番才行