mumble server app and tcp-listener-proxy

99 views
Skip to first unread message

Jason Paryani

unread,
Jun 24, 2016, 7:35:54 PM6/24/16
to sandst...@googlegroups.com
Hi everyone,

I've worked the past couple weeks on the side packaging a non-HTTP server for Sandstorm, and wrote a useful utility binary, named sandstorm-tcp-listener-proxy, to handle the complicated Cap'n Proto RPC bits. The code is available at https://github.com/jparyani/mumble-server-sandstorm and https://github.com/jparyani/sandstorm-tcp-listener-proxy respectively.

If you want to test out the mumble server, you can download the spk from https://w1kjzj3s9ei926l7pkiz.oasis.sandstorm.io/. Note, you *must* be an admin on your Sandstorm server to run this. It requests an IpInterface capability, which only an admin can grant (at least for now...). You can download the mumble client from https://wiki.mumble.info/wiki/Main_Page.

Please let me know if you have any questions, or need help porting your own non-HTTP apps. Also note that only TCP is supported at the moment, as UDP is a bit trickier. I could be motivated to get UDP working if I hear people want it.

-Jason

Jacob Weisz

unread,
Jun 24, 2016, 7:51:29 PM6/24/16
to Jason Paryani, sandst...@googlegroups.com
As someone currently paying for a commercial Mumble server... yay.

On June 24, 2016 6:35:23 PM CDT, Jason Paryani <jpar...@sandstorm.io> wrote:
Hi everyone,

I&#39;ve worked the past couple weeks on the side packaging a non-HTTP server for Sandstorm, and wrote a useful utility binary, named sandstorm-tcp-listener-proxy, to handle the complicated Cap&#39;n Proto RPC bits. The code is available at https://github.com/jparyani/mumble-server-sandstorm and https://github.com/jparyani/sandstorm-tcp-listener-proxy respectively.

Jake Weisz

unread,
Jun 24, 2016, 8:30:34 PM6/24/16
to Sandstorm Development, jpar...@sandstorm.io, ocdtr...@gmail.com
Also, is there any chance of a process or procedure to request a grain get IpInterface capability on Oasis? Particularly if an app is packaged by a Sandstorm dev, and hence arguably relatively safe.

As mentioned, I use a Mumble server elsewhere, but beyond being able to test this, I'd love to be able to have a Mumble grain that I can open up if my provider is down and we need a backup.

Nolan Darilek

unread,
Jun 24, 2016, 8:41:50 PM6/24/16
to sandst...@googlegroups.com
This is sweet! Question about this bit in the docs:

token: This is the raw token that you get from requesting an ipInterface.


What does "requesting an ipInterface" mean? How do I as a user obtain one of these tokens, or how do I as an app developer cause it to happen?

Would love to see a Syncthing package as it's my file sync poison of choice. May give it a shot if I can understand this token bit. It only uses port 22000/TCP and has a nice, unauthenticated by default web interface.
--
You received this message because you are subscribed to the Google Groups "Sandstorm Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sandstorm-de...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Jason Paryani

unread,
Jun 24, 2016, 8:52:34 PM6/24/16
to Jake Weisz, Sandstorm Development, ocdtr...@gmail.com
Unfortunately the answer is "eventually". We'd need a way for Sandstorn to support remote capabilities, which is blocking on adding encryption to the Cap'n Proto RPC layer. I'd love to see support for this too, but I don't think it's going to happen very soon. 

--

Jason Paryani

unread,
Jun 24, 2016, 8:55:52 PM6/24/16
to Nolan Darilek, sandst...@googlegroups.com
I forgot to mention before, but there's a simple example in the tcp-proxy repo. See https://github.com/jparyani/sandstorm-tcp-listener-proxy/tree/master/example, and specifically take a look at https://github.com/jparyani/sandstorm-tcp-listener-proxy/blob/eec3904b2910330f78c2e351b622ce1ae51f6f01/example/templates/index.html#L34. It makes a postMessage request to the sandstorm shell with the ID of the IpInterface and receives in return the token you are looking for.

Nolan Darilek

unread,
Jun 25, 2016, 4:24:16 PM6/25/16
to sandst...@googlegroups.com
Nice, looks easy enough.

Just to check in, does the TCP support allow outbound connections for now because it needs admin approval, or does it restrict them like HTTP does? I'm hacking on a syncthing app because I'd like to move that into Sandstorm if possible, but it needs to be able to initiate outbound connections to the global tracker, and to peer nodes in order to sync files.

Nolan Darilek

unread,
Jun 25, 2016, 5:32:53 PM6/25/16
to sandst...@googlegroups.com

Also, I tried installing capnproto from source into a vagrant-spk VM as per https://capnproto.org/install.html. When I try `make` in the proxy directory, I get this. How do I fix it?


generating capnp files...
/opt/sandstorm/latest/usr/include/sandstorm/web-session.capnp:147: error: Parse error: Empty list item.
/opt/sandstorm/latest/usr/include/sandstorm/appid-replacements-test.capnp:39: error: Parse error: Empty list item.
/opt/sandstorm/latest/usr/include/sandstorm/appid-replacements.capnp:71: error: Parse error: Empty list item.
/opt/sandstorm/latest/usr/include/sandstorm/supervisor.capnp:59:20-30: error: Not defined: Capability
/opt/sandstorm/latest/usr/include/sandstorm/grain.capnp:506:30-40: error: Not defined: Capability
/opt/sandstorm/latest/usr/include/sandstorm/grain.capnp:621:22-32: error: Not defined: Capability
/opt/sandstorm/latest/usr/include/sandstorm/grain.capnp:623:26-36: error: Not defined: Capability
/opt/sandstorm/latest/usr/include/sandstorm/grain.capnp:635:18-28: error: Not defined: Capability
/opt/sandstorm/latest/usr/include/sandstorm/grain.capnp:648:57-67: error: Not defined: Capability
/opt/sandstorm/latest/usr/include/sandstorm/grain.capnp:689:27-37: error: Not defined: Capability
/opt/sandstorm/latest/usr/include/sandstorm/supervisor.capnp:117:79-89: error: Not defined: Capability
/opt/sandstorm/latest/usr/include/sandstorm/supervisor.capnp:206:36-67: error: Too many generic parameters.
/opt/sandstorm/latest/usr/include/sandstorm/update-tool.capnp:41: error: Parse error: Empty list item.
/opt/sandstorm/latest/usr/include/sandstorm/grain.capnp:245:21-31: error: Not defined: Capability
/opt/sandstorm/latest/usr/include/sandstorm/grain.capnp:246:27-37: error: Not defined: Capability
/opt/sandstorm/latest/usr/include/sandstorm/grain.capnp:285:73-83: error: Not defined: Capability
/opt/sandstorm/latest/usr/include/sandstorm/grain.capnp:265:17-27: error: Not defined: Capability
/opt/sandstorm/latest/usr/include/sandstorm/grain.capnp:915:47-57: error: Not defined: Capability
Makefile:22: recipe for target 'tmp/genfiles' failed
make: *** [tmp/genfiles] Error 1

Jason Paryani

unread,
Jun 25, 2016, 6:21:29 PM6/25/16
to Nolan Darilek, sandst...@googlegroups.com
Outbound TCP is currently possible using the IpNetwork interface (see https://github.com/sandstorm-io/sandstorm/blob/aa2e6718e20244112d614d9621c16ad268f87e3f/src/sandstorm/ip.capnp#L46). Unfortunately, we haven't written an easy to use binary that's analogous to the tcp-listener-proxy, but we've discussed it and will probably get around to making one at some point.

For Cap'n Proto, you have to use the latest git master with Sandstorm. Both Sandstorm and Cap'n Proto are developed in parallel, and Cap'n Proto releases will lag behind quite a bit at times. See https://github.com/jparyani/mumble-server-sandstorm/blob/45ed52c57e81a2e6e6d9e4f271022808c19e3f37/.sandstorm/setup.sh#L9 for a snippet on how I do this for Mumble.

Nolan Darilek

unread,
Jun 25, 2016, 7:18:56 PM6/25/16
to sandst...@googlegroups.com

Ah, foiled again. :) Thanks for the heads-up, I'll return to this when outbound TCP is just as easy.

Jason Paryani

unread,
Jul 18, 2016, 6:35:48 PM7/18/16
to sandst...@googlegroups.com
Recent changes in how tokens are claimed/restored broke this. https://github.com/jparyani/sandstorm-tcp-listener-proxy has been updated to support the new claimRequest flow, and an updated spk for mumble is up at https://4trxu2m00nm0akyroavu.oasis.sandstorm.io/.
Reply all
Reply to author
Forward
0 new messages