SYSTEM COMPONENTS:

overlay manager (was executor): (program)
	'back-end' of the GUI, manages an overlay requested by the user

resource manager (was effector): (daemon)
	daemon that runs at each component that is shared,
	and keeps the local state of that component

security: (library)
	establishes keys
	sends and receives keyed messages (UDP)
	opens and closes keyed sessions (TCP)
		question - how is a TCP session keyed?

tester: (library) (LATER)
	tests the state of an overlay (presumably refreshing the state)

state_mgr: (library)
	keeps a table of the state, and maintains 
	2-phase locking on the components, in three states:
		AVAIL - resource currently available
		PEND  - pending, i.e., responded "OK" to a 
			request, but hasn't yet been contacted
			to commit
		COMMIT - committed to an overlay

	There are two timeouts:
		PEND -> AVAIL - release partially committed resources
		COMMIT -> AVAIL - release committed resrouces that haven't
			been refreshed

------------------------------------------------------------

overlay manager (was executor)
	run resource discovery
		uses mcast w/increasing TTLs
			fails when diameter too big if not enough respond

	run control protocol to setup components
		send commands to the effector

	test them to make sure it's still there (later)
		uses the tester to find out the state of the
		components, and indicate whether the current
		known state continues to be valid

resource manager (was effector)
	gets commands and runs them
		ifconfig
		route
		tunnel
		dns

	NB: tunnel and dns are not FreeBSD commands, but scripts,
	e.g.:
		tunnel A B =
			ifconfig tunN A B
			route add (?)
			start decapsulator daemon on divert port
			start encapsulator on tunN

	runs the TABLE - 2 lists
		static list of permissions

		2-phase lock of resources
			get "want" -> give "offer", set PENDING lock
			get "takes" (TCP for control) -> set COMMIT lock

			timeout from PENDING -> AVAIL
			timeout from COMMIT -> AVAIL

tools:
	security
	state table manipulator
