NFU Specification
Jump to navigation
Jump to search
Simple overview:
- NFU server -- "adjacent" to IBP depot, runs NFU Ops
- NFU Op -- lightweight program, written in C, or Java, depending on server.
- NFU client -- initiates launch of an nfu Op and exchanges data with it.
- NFU API -- Two iotypes for data exchange between nfu_op and nfu_client:
- IBP_VAL_[IN, OUT, INOUT]
- variable/values exchanged directly between nfu client and nfu Op
- IBP_REF_[RD, WR, RDWR]
- NFU Server (not nfuOp) processes IBP Caps
- E.G. _RD: client sends readCap to server, NFU server provides nfuOp a pointer to mmap of the allocation
- nfuOp does not receive readCap string
- IBP_VAL_[IN, OUT, INOUT]
- security issues
- Java NFU server has VM isolation of nfuOp
- UTK NFU server has option to run Cap as process to isolate nfuOp from server
- UTK NFU server mmaps allocations from readCaps, i.e. nfuOp has no direct knowledge of allocation file names.
- compatibility issues:
- Java NFU server currently has no way to run C nfuOps
- if nfu server is not part of the ibp depot, then all IBP_REF_* exchanges need to be changed to IBP_VAL_* exchanges forcing the nfuOp to process IBP caps which would otherwise be processed by the nfuServer.
- this disables 1/2 of the NFU api