summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordimitri staessens <dimitri.staessens@intec.ugent.be>2017-02-20 15:54:45 +0000
committerSander Vrijders <sander.vrijders@intec.ugent.be>2017-02-20 15:54:45 +0000
commitbf27d8fec3c8051f0518420b4b0ef2957147a887 (patch)
tree3a821503a23a81354bf6f5a77ee4b9b977d26706
parent16db00220f6fd1be618f4a38272888f6ac144d20 (diff)
parent354554c76cc2f9f30c7fd8edaeb2e3cc91c85332 (diff)
downloadouroboros-bf27d8fec3c8051f0518420b4b0ef2957147a887.tar.gz
ouroboros-bf27d8fec3c8051f0518420b4b0ef2957147a887.zip
Merged in dstaesse/ouroboros/be-cdap-flow (pull request #382)
ipcpd: Allocation of authenticated CDAP flows
-rw-r--r--src/ipcpd/normal/CMakeLists.txt4
-rw-r--r--src/ipcpd/normal/cdap_flow.c153
-rw-r--r--src/ipcpd/normal/cdap_flow.h49
-rw-r--r--src/ipcpd/normal/enroll.c139
4 files changed, 254 insertions, 91 deletions
diff --git a/src/ipcpd/normal/CMakeLists.txt b/src/ipcpd/normal/CMakeLists.txt
index f2e48cbc..7e10cc0d 100644
--- a/src/ipcpd/normal/CMakeLists.txt
+++ b/src/ipcpd/normal/CMakeLists.txt
@@ -14,12 +14,12 @@ include_directories(${CMAKE_BINARY_DIR}/include)
set(IPCP_NORMAL_TARGET ipcpd-normal CACHE STRING "IPCP_NORMAL_TARGET")
-protobuf_generate_c(FLOW_ALLOC_SRCS FLOW_ALLOC_HDRS
- flow_alloc.proto)
+protobuf_generate_c(FLOW_ALLOC_SRCS FLOW_ALLOC_HDRS flow_alloc.proto)
set(SOURCE_FILES
# Add source files here
addr_auth.c
+ cdap_flow.c
dir.c
enroll.c
fmgr.c
diff --git a/src/ipcpd/normal/cdap_flow.c b/src/ipcpd/normal/cdap_flow.c
new file mode 100644
index 00000000..2895af0d
--- /dev/null
+++ b/src/ipcpd/normal/cdap_flow.c
@@ -0,0 +1,153 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2017
+ *
+ * Normal IPC Process - Authenticated CDAP Flow Allocator
+ *
+ * Sander Vrijders <sander.vrijders@ugent.be>
+ * Dimitri Staessens <dimitri.staessens@ugent.be>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#define OUROBOROS_PREFIX "cdap-flow"
+
+#include <ouroboros/config.h>
+#include <ouroboros/dev.h>
+#include <ouroboros/logs.h>
+
+#include "cdap_flow.h"
+
+#include <stdlib.h>
+#include <assert.h>
+
+static void cdap_flow_destroy(struct cdap_flow * flow)
+{
+ assert(flow);
+
+ if (flow->ci != NULL)
+ cdap_destroy(flow->ci);
+
+ if (flow->info != NULL) {
+ if (flow->info->name != NULL)
+ free(flow->info->name);
+ if (flow->info->data != NULL)
+ free(flow->info->data);
+ }
+
+ free(flow);
+}
+
+struct cdap_flow * cdap_flow_arr(int fd,
+ int resp,
+ enum pol_cacep pc,
+ const struct cacep_info * info)
+{
+ struct cdap_flow * flow;
+
+ if (flow_alloc_resp(fd, resp) < 0) {
+ log_err("Could not respond to new flow.");
+ return NULL;
+ }
+
+ if (resp)
+ return NULL;
+
+ flow = malloc(sizeof(*flow));
+ if (flow == NULL) {
+ log_err("Failed to malloc.");
+ return NULL;
+ }
+
+ flow->fd = fd;
+ flow->ci = NULL;
+
+ flow->info = cacep_auth_wait(fd, pc, info);
+ if (flow->info == NULL) {
+ log_err("Other side failed to authenticate.");
+ cdap_flow_destroy(flow);
+ return NULL;
+ }
+
+ flow->ci = cdap_create(fd);
+ if (flow->ci == NULL) {
+ log_err("Failed to create CDAP instance.");
+ cdap_flow_destroy(flow);
+ return NULL;
+ }
+
+ return flow;
+}
+
+struct cdap_flow * cdap_flow_alloc(const char * dst_name,
+ const char * ae_name,
+ qosspec_t * qs,
+ enum pol_cacep pc,
+ const struct cacep_info * info)
+{
+ struct cdap_flow * flow;
+ int fd;
+
+ log_dbg("Allocating flow to %s.", dst_name);
+
+ if (dst_name == NULL || ae_name == NULL) {
+ log_err("Not enough info to establish flow.");
+ return NULL;
+ }
+
+ fd = flow_alloc(dst_name, ae_name, qs);
+ if (fd < 0) {
+ log_err("Failed to allocate flow to %s.", dst_name);
+ return NULL;
+ }
+
+ if (flow_alloc_res(fd)) {
+ log_err("Flow allocation to %s failed.", dst_name);
+ return NULL;
+ }
+
+ flow = malloc(sizeof(*flow));
+ if (flow == NULL) {
+ log_err("Failed to malloc.");
+ flow_dealloc(fd);
+ return NULL;
+ }
+
+ flow->fd = fd;
+ flow->ci = NULL;
+
+ flow->info = cacep_auth(fd, pc, info);
+ if (flow->info == NULL) {
+ log_err("Failed to authenticate.");
+ cdap_flow_dealloc(flow);
+ return NULL;
+ }
+
+ flow->ci = cdap_create(fd);
+ if (flow->ci == NULL) {
+ log_err("Failed to create CDAP instance.");
+ cdap_flow_dealloc(flow);
+ return NULL;
+ }
+
+ return flow;
+}
+
+void cdap_flow_dealloc(struct cdap_flow * flow)
+{
+ int fd = flow->fd;
+
+ cdap_flow_destroy(flow);
+
+ flow_dealloc(fd);
+}
diff --git a/src/ipcpd/normal/cdap_flow.h b/src/ipcpd/normal/cdap_flow.h
new file mode 100644
index 00000000..c5ca2ab4
--- /dev/null
+++ b/src/ipcpd/normal/cdap_flow.h
@@ -0,0 +1,49 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2017
+ *
+ * Normal IPC Process - Authenticated CDAP Flow Allocator
+ *
+ * Sander Vrijders <sander.vrijders@ugent.be>
+ * Dimitri Staessens <dimitri.staessens@ugent.be>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#ifndef OUROBOROS_IPCPD_NORMAL_CDAP_FLOW_H
+#define OUROBOROS_IPCPD_NORMAL_CDAP_FLOW_H
+
+#include <ouroboros/cacep.h>
+#include <ouroboros/cdap.h>
+#include <ouroboros/qos.h>
+
+struct cdap_flow {
+ int fd;
+ struct cdap * ci;
+ struct cacep_info * info;
+};
+
+struct cdap_flow * cdap_flow_arr(int fd,
+ int resp,
+ enum pol_cacep pc,
+ const struct cacep_info * info);
+
+struct cdap_flow * cdap_flow_alloc(const char * dst_name,
+ const char * ae_name,
+ qosspec_t * qs,
+ enum pol_cacep pc,
+ const struct cacep_info * info);
+
+void cdap_flow_dealloc(struct cdap_flow * flow);
+
+#endif /* OUROBOROS_IPCPD_NORMAL_CDAP_FLOW_H */
diff --git a/src/ipcpd/normal/enroll.c b/src/ipcpd/normal/enroll.c
index bc5d2a20..e8c085a8 100644
--- a/src/ipcpd/normal/enroll.c
+++ b/src/ipcpd/normal/enroll.c
@@ -23,12 +23,12 @@
#include <ouroboros/config.h>
#include <ouroboros/endian.h>
#include <ouroboros/time_utils.h>
-#include <ouroboros/cdap.h>
#include <ouroboros/dev.h>
#include <ouroboros/logs.h>
#include <ouroboros/rib.h>
#include "ae.h"
+#include "cdap_flow.h"
#include "ribconfig.h"
#include <assert.h>
@@ -42,14 +42,14 @@
int enroll_handle(int fd)
{
- struct cdap * ci;
- cdap_key_t key;
- enum cdap_opcode oc;
- char * name;
- uint8_t * buf;
- uint8_t * data;
- ssize_t len;
- uint32_t flags;
+ struct cdap_flow * flow;
+ cdap_key_t key;
+ enum cdap_opcode oc;
+ char * name;
+ uint8_t * buf;
+ uint8_t * data;
+ ssize_t len;
+ uint32_t flags;
bool boot_r = false;
bool members_r = false;
@@ -59,21 +59,15 @@ int enroll_handle(int fd)
char * members_ro = MEMBERS_PATH;
char * dif_ro = DIF_PATH;
- if (flow_alloc_resp(fd, 0) < 0) {
+ flow = cdap_flow_arr(fd, 0, ANONYMOUS_AUTH, NULL);
+ if (flow == NULL) {
+ log_err("Failed to auth enrollment request.");
flow_dealloc(fd);
- log_err("Could not respond to request.");
- return -1;
- }
-
- ci = cdap_create(fd);
- if (ci == NULL) {
- flow_dealloc(fd);
- log_err("Failed to create CDAP instance.");
return -1;
}
while (!(boot_r && members_r && dif_name_r)) {
- key = cdap_request_wait(ci, &oc, &name, &data,
+ key = cdap_request_wait(flow->ci, &oc, &name, &data,
(size_t *) &len , &flags);
assert(key >= 0);
assert(name);
@@ -85,9 +79,8 @@ int enroll_handle(int fd)
if (oc != CDAP_READ) {
log_warn("Invalid request.");
- cdap_reply_send(ci, key, -1, NULL, 0);
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_reply_send(flow->ci, key, -1, NULL, 0);
+ cdap_flow_dealloc(flow);
free(name);
return -1;
}
@@ -104,14 +97,13 @@ int enroll_handle(int fd)
clock_gettime(CLOCK_REALTIME, &t);
buf[0] = hton64(t.tv_sec);
buf[1] = hton64(t.tv_nsec);
- cdap_reply_send(ci, key, 0, buf, sizeof(buf));
+ cdap_reply_send(flow->ci, key, 0, buf, sizeof(buf));
free(name);
continue;
} else {
log_warn("Illegal read: %s.", name);
- cdap_reply_send(ci, key, -1, NULL, 0);
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_reply_send(flow->ci, key, -1, NULL, 0);
+ cdap_flow_dealloc(flow);
free(name);
return -1;
}
@@ -119,9 +111,8 @@ int enroll_handle(int fd)
len = rib_pack(name, &buf, PACK_HASH_ROOT);
if (len < 0) {
log_err("Failed to pack %s.", name);
- cdap_reply_send(ci, key, -1, NULL, 0);
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_reply_send(flow->ci, key, -1, NULL, 0);
+ cdap_flow_dealloc(flow);
free(name);
return -1;
}
@@ -130,10 +121,9 @@ int enroll_handle(int fd)
free(name);
- if (cdap_reply_send(ci, key, 0, buf, len)) {
+ if (cdap_reply_send(flow->ci, key, 0, buf, len)) {
log_err("Failed to send CDAP reply.");
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
@@ -142,20 +132,17 @@ int enroll_handle(int fd)
log_dbg("Sent boot info to new member.");
- cdap_destroy(ci);
-
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return 0;
}
int enroll_boot(char * dst_name)
{
- struct cdap * ci;
- cdap_key_t key;
- uint8_t * data;
- size_t len;
- int fd;
+ struct cdap_flow * flow;
+ cdap_key_t key;
+ uint8_t * data;
+ size_t len;
struct timespec t0;
struct timespec rtt;
@@ -166,22 +153,9 @@ int enroll_boot(char * dst_name)
char * members_ro = MEMBERS_PATH;
char * dif_ro = DIF_PATH;
- fd = flow_alloc(dst_name, ENROLL_AE, NULL);
- if (fd < 0) {
- log_err("Failed to allocate flow.");
- return -1;
- }
-
- if (flow_alloc_res(fd)) {
- log_err("Flow allocation failed.");
- flow_dealloc(fd);
- return -1;
- }
-
- ci = cdap_create(fd);
- if (ci == NULL) {
- log_err("Failed to create CDAP instance.");
- flow_dealloc(fd);
+ flow = cdap_flow_alloc(dst_name, ENROLL_AE, NULL, ANONYMOUS_AUTH, NULL);
+ if (flow == NULL) {
+ log_err("Failed to allocate flow for enrollment request.");
return -1;
}
@@ -189,18 +163,16 @@ int enroll_boot(char * dst_name)
clock_gettime(CLOCK_REALTIME, &t0);
- key = cdap_request_send(ci, CDAP_READ, TIME_PATH, NULL, 0, 0);
+ key = cdap_request_send(flow->ci, CDAP_READ, TIME_PATH, NULL, 0, 0);
if (key < 0) {
log_err("Failed to send CDAP request.");
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
- if (cdap_reply_wait(ci, key, &data, &len)) {
+ if (cdap_reply_wait(flow->ci, key, &data, &len)) {
log_err("Failed to get CDAP reply.");
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
@@ -218,18 +190,16 @@ int enroll_boot(char * dst_name)
free(data);
- key = cdap_request_send(ci, CDAP_READ, boot_ro, NULL, 0, 0);
+ key = cdap_request_send(flow->ci, CDAP_READ, boot_ro, NULL, 0, 0);
if (key < 0) {
log_err("Failed to send CDAP request.");
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
- if (cdap_reply_wait(ci, key, &data, &len)) {
+ if (cdap_reply_wait(flow->ci, key, &data, &len)) {
log_err("Failed to get CDAP reply.");
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
@@ -239,25 +209,22 @@ int enroll_boot(char * dst_name)
log_warn("Error unpacking RIB data.");
rib_del(boot_ro);
free(data);
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
log_dbg("Packed information inserted into RIB.");
- key = cdap_request_send(ci, CDAP_READ, members_ro, NULL, 0, 0);
+ key = cdap_request_send(flow->ci, CDAP_READ, members_ro, NULL, 0, 0);
if (key < 0) {
log_err("Failed to send CDAP request.");
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
- if (cdap_reply_wait(ci, key, &data, &len)) {
+ if (cdap_reply_wait(flow->ci, key, &data, &len)) {
log_err("Failed to get CDAP reply.");
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
@@ -267,25 +234,22 @@ int enroll_boot(char * dst_name)
log_warn("Error unpacking RIB data.");
rib_del(boot_ro);
free(data);
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
log_dbg("Packed information inserted into RIB.");
- key = cdap_request_send(ci, CDAP_READ, dif_ro, NULL, 0, 0);
+ key = cdap_request_send(flow->ci, CDAP_READ, dif_ro, NULL, 0, 0);
if (key < 0) {
log_err("Failed to send CDAP request.");
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
- if (cdap_reply_wait(ci, key, &data, &len)) {
+ if (cdap_reply_wait(flow->ci, key, &data, &len)) {
log_err("Failed to get CDAP reply.");
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
@@ -295,16 +259,13 @@ int enroll_boot(char * dst_name)
log_warn("Error unpacking RIB data.");
rib_del(boot_ro);
free(data);
- cdap_destroy(ci);
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return -1;
}
log_dbg("Packed information inserted into RIB.");
- cdap_destroy(ci);
-
- flow_dealloc(fd);
+ cdap_flow_dealloc(flow);
return 0;
}