@Make(Report) @Device(LaserPrinter) @Disable(Outline, Contents, FigureContents, TableContents) @Use(Bibliography "UPDATE.BIB") @Set(Page=1) @PageHeading(Left "The new filestores", Right "@Value(Page)", Immediate) @PageFooting(Right "@Value(TimeStamp)", Immediate) @UnNumbered(The New Filestores) This document describes the implementation of the Computer Science Department's new 1976-protocol filestores, based around a Advanced Personal Machine (APM) with a Winchester disc drive. The overall structure of the filestore system is described, together with a discussion of the ways in which the functionality provided differs from that of the original Interdata-based filestore. This document should be read in conjunction with @Cite[TheFilestore], which describes the original Interdata-based implementation. @Section(Machine Configuration) The new filestores are based around a 1Mb APM, with the standard RS232 (control console) and ethernet interfaces, together with a purpose-built SMD disc interface.@Foot[A mini-filestore has also been configured, using a small (16Mb) Winchester disc.] Unlike the old filestore, the new ones have no departmental link interface, so all communication with clients proceeds via the ethernet. No provision is made in the hardware for lineprinter support, as it is assumed that any printers attached to a filestore will have sufficient intelligence to communicate in the same way as would any other client (software hooks are provided, however). The disc space is divided into partitions in such a way that they are no larger than can be addressed by 16 bits. @Section(Comparison of Facilities Provided) Although the facilities targeted towards the "normal" user of the new filestore are substantially identical to those provided by the old filestore, or are compatible, there are a number of changes in the more esoteric facilities. These are described in the following sections. @SubSection(Passwords and Permissions) Passwords may consist of any sequence of characters whatsoever, with the exception of newline and comma (these are actually valid password characters, but users may experience some difficulty in setting passwords which include them). The parity bit is significant at present. Upper case and lower case 0-parity letters are deemed to be equivalent. Passwords are limited in length to about 245 characters. Unlike the old filestore, a null directory password does not match anything for login: instead a null password must be supplied. The quoting mechanism is unchanged, however. Full, Read and None protections are implemented for both Owner and World. Obey protection is not meaningful. Archive and Vulnerable markers are implemented. Owner protection is constrained to be no more restrictive than World protection. Users quoting the system password are given either Owner or Read authority, whichever is less restrictive. @SubSection(Filenames, Ownernames and Directories) Ownernames and filenames are constructed from sequences of letters, digits, dots, underlines and dollars, with no restriction as to order. Ownernames must be at least one and no more than six characters long. Filenames must be no more than twelve characters long. Null filenames and filenames beginning with the special character '!' will be uniquified to guarantee that there are no other files of the same name currently in the directory. Directories are held in the same format as on the old filestore, and hence the same limits on the number of files apply. The datestamp records the date and time when the file was last modified. The special file DIRECTORY "contains" the names of all the files in a directory; either the Finfo or the Ninfo ('N') command should be used if more information is required. Transient and subliminal files are deleted when the directory reference count goes to zero; they are not charged to the directory's quota. @SubSection(Spool Devices) As already stated, there are no spool devices directly attached to the new filestores. Despoolers are expected to use the normal protocol to tranfer files from the filestore. Clients wishing to transfer files to a despooler's directory should normally use the uniquification scheme described in the previous section. @SubSection(Control Terminal) The control terminal attached to the APM performs several functions. @Begin(Itemise) During booting it may be used to specify some alternative action to the default boot sequence. While the filestore is running significant events are logged on the control terminal, together with a periodic report on filestore activity: such reports include use of the system password, creation and deletion of users, and disc and ether failure conditions. If the keyboard is enabled it may be used to request more detailed information on the operation of the filestore or to change its mode of operation. The following (single-character) commands are available: @Begin(Description) control-_@\(control-underline) Toggle the enable/disable state of the keyboard. It should normally be kept disabled. ?@\Report on the current filestore status. B@\Baud rates of any Qsart RS232 lines present. O@\Alter the open state of the filestore. A number should be given to indicate the desired state. The ususal values of this are 0 to close the system entirely, 3 to close the system to anyone not using the system password, and -1 to open the system completely. Q@\Qsart status. This is ignored if there is no Qsart. S@\System buffers. This gives a list of who owns them. T@\Set trace mode. The normal value for this is 0. W@\Set file system protection mode. The normal value for this is 1. Setting this to 0 disables any operations which would write to the disc. @End(Description) Note that while these commands are waiting for input the entire filestore is placed in a state of suspended animation, and hence they should be used with discretion, if at all. @End(Itemise) @Section(Protocol) For the most part the protocol used by the new filestore is compatible with that of the old, in the sense that almost anything accepted by the old filestore will also be accepted by the new one. The new filestore is slightly stricter than the old one in one or two cases, however. Furthermore, the error messages produced, while broadly similar to those of the old filestore, are not guaranteed to be identical in all cases (or even in most cases). Significant changes to the protocol are noted below. @SubSection(General enquiry) Only case zero (date and time) is implemented. @SubSection(Boot) Boot is not implemented. Clients are assumed to have sufficient intelligence built in to be able to boot themselves. @SubSection(File reading and writing) There is no distinction between "SQ" files and "DA" files. SQ and DA operations may be freely mixed, although the user should realise that DA operations will reset the current block pointers for the file. Files may be extended one block at a time by WriteSQ and WriteDA. Files opened for reading and modification will never be made any shorter; files opened for writing only will be truncated to the current block position when they are closed. Null files will be deleted on closing. Multi-block ReadSQs will produce the required number of blocks or the remainder of the file, whichever is shorter, the latter condition being indicated by the transmission of a short block. @SubSection(Set password) It is possible to specify a username as the second parameter to the pass command: in this case the spcified user's password is changed, rather than the logged-on user's. This extension is only available to privileged users. Note that it is not possible to quote one's own username to change its password unless privileged. @SubSection(Change file's datestamp) The 'C' command may be used to alter the datestamp information associated with a file. This is useful when maintaining consistency between versions of a file held on several filestores, for example. The format of the command is @w(C @i) where @i is a valid user number, @i is the name of the file being changed and @i is the new dastamp information in the form @w[dd/mm/yy hh.mm] (standard filestore date/time format). @SubSection(File status enquiry) The command 'N' may be used to enquire about the status of a particular (named) file, with the reply being in the same format as that provided by Finfo ('F'). The format of this command is @w(N @i) where @i is a valid user number and @i is the name of the file being enquired about. @SubSection(Remote control) This is not implemented in the same form as in the old filestore. The ']' command is available, with the following options (@i'U' indicates a user number, quoting the system password unless otherwise stated): @Begin(Description) ]@i1,n@\Kill Uno. Kills user number n. @i must be quoting the system password if the target Uno does not belong to the same owner. ]@i2,n@\Kill Xno. Kills transaction number n. ]@i3,n@\Kill port n. Not implemented yet. ]@i4,n@\Set diagnostic mode. Same as the console 't' command. ]@i5,n@\Set system availability. Same as the console 'o' command. ]@i6,pass@\Sets the system password. This takes immediate effect. The new password will be written out to the disc, from whence it will be read during subsequent reboots. ]@i7@\Reboot the filestore. @End(Description) @Section(Special files) A number of pseudo-files "owned" by user '$' "contain" useful information about the state of the filestore's internal tables. These are: @Begin(Description) TRACE@\The filestore's trace buffer. This should be formatted by the appropriate command run on the client. BITMAP.@i@\The bitmap for partition @i. Again, this requires to be formatted to make it more digestible. UNOS@\The user number table. XNOS@\The transaction number table. DIRECTORIES@\The directory cache. PORTS@\The ether port table. BOOTAREA@\This special file gives access to the boot area at the start of the disc. Note that this area is not accessible as part of any user partition. This file must be accessed using OpenMod, ReadDA and WriteDA. @End(Desciption) @Section(A Quick Tour through the System) The filestore system is based around a number of co-operating processes: @Begin(Itemise) ether receiver handler ether depacketiser command interpreter ether transmitter handler console log stamp @End(Itemise) Apart from the last of these, requests from clients pass through each process in turn. Processes perform their tasks and then place themselves onto one of the wait queues maintained by the scheduler. The processes are removed from their wait queues and given the CPU when the scheduler determines that there is something for them to do, either because some other process has requested that the first process on the queue should be awakened, or because the scheduler itself has detected that some event has occurred which requires a process to be resumed to handle it. Processes are scheduled strictly according to the priority of the wait queue on which they have placed themselves; however higher priority processes do not pre-empt lower priority ones, with the result that no complicated concurrency control is required. In detail, the sequence of events triggered by the arrival of a request from a client is as follows: @Begin(Enumerate) The arrival of the ether packet is detected by the ether driver in the kernel which sets the appropriate bit in the DTX bit-vector to indicate that the packet has arrived. This is detected by the scheduler, which causes the ether receiver handler to execute to read the packet into an internal buffer. The receiver handler then checks to see if there is another packet available, and if so it reads that in too. This filestore process is the only one which does not suspend itself when it has completed the task for which it was awakened. It is scheduled with the highest priority in order that packets are removed from the ether station as quickly as possible, the aim being to reduce the load on the ether station to a minimum. When it has read all the packets from currently available in the station it kicks the depacketiser process and suspends itself. The purpose of the depacketising process is to split apart the incoming requests from clients into their constituent text and data parts. This is necessitated by the filestore protocol, which considers requests as a (variable length) textual command part separated from any data by a NL character. This task is performed by a separate process from the ether receiver handler in order to keep the former as small and fast as possible. Having been depacketised, the request is queued to the interpreting processes. The interpreting process which dequeues the request determines what action to take on the basis of the command letter in the first byte of the text part. It calls one or more of the file system routines to perform this task, putting the resulting buffers onto the ether transmission queue. Finally one of the ether transmitter processes dequeues the reply buffer, transforms it into a single ether packet in a form acceptable to the client and sends it on its way. In order to ensure that the load imposed on the station is minimised, the process waits until the packet is either ACKed or NAKed before dequeueing the next buffer. @End(Enumerate) The purpose of the log stamp process is to generate and write out the console log information. @UnNumbered(References) @Bibliography