irmd: Initial Flow Allocation Protocol Header

This adds the initial version for the flow allocation protocol header
between IRMd instances. This is a step towards flow authentication.

The header supports secure and authenticated flow allocation,
supporting certificate-based authentication and ephemeral key
exchange for end-to-end encryption.

 id:          128-bit identifier for the entity.
 timestamp:   64-bit timestamp (replay protection).
 certificate: Certificate for authentication.
 public key:  ECDHE public key for key exchange.
 data:        Application data.
 signature:   Signature for integrity/authenticity.

Authentication and encryption require OpenSSL to be installed.

The IRMd compares the allocation request delay with the MPL of the
Layer over which the flow allocation was sent. MPL is now reported by
the Layer in ms instead of seconds.

Time functions revised for consistency and adds some tests.

The TPM can now print thread running times in Debug builds
(TPM_DEBUG_REPORT_INTERVAL) and abort processes with hung threads
(TPM_DEBUG_ABORT_TIMEOUT). Long running threads waiting for input
should call tpm_wait_work() to avoid trigger a process abort.

Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>

5 files changed, 18 insertions, 13 deletions

diff --git a/src/ipcpd/eth/CMakeLists.txt b/src/ipcpd/eth/CMakeLists.txt
index d57e1848..17ae74fc 100644
--- a/src/ipcpd/eth/CMakeLists.txt
+++ b/src/ipcpd/eth/CMakeLists.txt
@@ -85,8 +85,8 @@ if (HAVE_ETH)
     "Bypass the Qdisc in the kernel when using raw sockets")
   set(IPCP_ETH_LO_MTU 1500 CACHE STRING
     "Restrict Ethernet MTU over loopback interfaces")
-  set(IPCP_ETH_MPL 5 CACHE STRING
-    "Default maximum packet lifetime for the Ethernet IPCPs, in seconds")
+  set(IPCP_ETH_MPL 100 CACHE STRING
+    "Default maximum packet lifetime for the Ethernet IPCPs, in ms")
 
   set(ETH_LLC_SOURCES
     # Add source files here
diff --git a/src/ipcpd/local/CMakeLists.txt b/src/ipcpd/local/CMakeLists.txt
index 10fd0120..08abff57 100644
--- a/src/ipcpd/local/CMakeLists.txt
+++ b/src/ipcpd/local/CMakeLists.txt
@@ -13,8 +13,8 @@ include_directories(${CMAKE_SOURCE_DIR}/include)
 include_directories(${CMAKE_BINARY_DIR}/include)
 
 set(IPCP_LOCAL_TARGET ipcpd-local CACHE INTERNAL "")
-set(IPCP_LOCAL_MPL 2 CACHE STRING
-    "Default maximum packet lifetime for the Ethernet IPCPs, in seconds")
+set(IPCP_LOCAL_MPL 100 CACHE STRING
+    "Default maximum packet lifetime for the Ethernet IPCPs, in ms")
 
 set(LOCAL_SOURCES
   # Add source files here
diff --git a/src/ipcpd/udp/CMakeLists.txt b/src/ipcpd/udp/CMakeLists.txt
index 8ae5518e..5abf5a00 100644
--- a/src/ipcpd/udp/CMakeLists.txt
+++ b/src/ipcpd/udp/CMakeLists.txt
@@ -58,8 +58,8 @@ set(IPCP_UDP_RD_THR 3 CACHE STRING
   "Number of reader threads in UDP IPCP")
 set(IPCP_UDP_WR_THR 3 CACHE STRING
   "Number of writer threads in UDP IPCP")
-set(IPCP_UDP_MPL 60 CACHE STRING
-    "Default maximum packet lifetime for the UDP IPCP, in seconds")
+set(IPCP_UDP_MPL 5000 CACHE STRING
+    "Default maximum packet lifetime for the UDP IPCP, in ms")
 
 include(AddCompileFlags)
 if (CMAKE_BUILD_TYPE MATCHES "Debug*")
diff --git a/src/ipcpd/unicast/CMakeLists.txt b/src/ipcpd/unicast/CMakeLists.txt
index ca742871..b0dd3acc 100644
--- a/src/ipcpd/unicast/CMakeLists.txt
+++ b/src/ipcpd/unicast/CMakeLists.txt
@@ -13,8 +13,8 @@ include_directories(${CMAKE_SOURCE_DIR}/include)
 include_directories(${CMAKE_BINARY_DIR}/include)
 
 set(IPCP_UNICAST_TARGET ipcpd-unicast CACHE INTERNAL "")
-set(IPCP_UNICAST_MPL 60 CACHE STRING
-    "Default maximum packet lifetime for the unicast IPCP, in seconds")
+set(IPCP_UNICAST_MPL 10000 CACHE STRING
+    "Default maximum packet lifetime for the unicast IPCP, in ms")
 
 protobuf_generate_c(DHT_PROTO_SRCS DHT_PROTO_HDRS dir/dht.proto)
 
diff --git a/src/ipcpd/unicast/dir/dht.c b/src/ipcpd/unicast/dir/dht.c
index 95c5f19a..483570e8 100644
--- a/src/ipcpd/unicast/dir/dht.c
+++ b/src/ipcpd/unicast/dir/dht.c
@@ -439,6 +439,12 @@ static void cancel_req_destroy(void * o)
 
 static void kad_req_destroy(struct kad_req * req)
 {
+        struct timespec t;
+        struct timespec intv = TIMESPEC_INIT_S(20);
+
+        clock_gettime(PTHREAD_COND_CLOCK, &t);
+        ts_add(&t, &intv, &t);
+
         assert(req);
 
         pthread_mutex_lock(&req->lock);
@@ -464,7 +470,7 @@ static void kad_req_destroy(struct kad_req * req)
         pthread_cleanup_push(cancel_req_destroy, req);
 
         while (req->state != REQ_NULL && req->state != REQ_DONE)
-                pthread_cond_wait(&req->cond, &req->lock);
+                pthread_cond_timedwait(&req->cond, &req->lock, &t);
 
         pthread_cleanup_pop(true);
 }
@@ -497,7 +503,7 @@ static int kad_req_wait(struct kad_req * req,
         case REQ_DESTROY:
                 ret = -1;
                 req->state = REQ_NULL;
-                pthread_cond_signal(&req->cond);
+                pthread_cond_broadcast(&req->cond);
                 break;
         case REQ_PENDING: /* ETIMEDOUT */
         case REQ_RESPONSE:
@@ -518,7 +524,7 @@ static void kad_req_respond(struct kad_req * req)
         pthread_mutex_lock(&req->lock);
 
         req->state = REQ_RESPONSE;
-        pthread_cond_signal(&req->cond);
+        pthread_cond_broadcast(&req->cond);
 
         pthread_mutex_unlock(&req->lock);
 }
@@ -886,10 +892,9 @@ static void lookup_update(struct dht *    dht,
                         struct contact * d;
                         d = list_last_entry(&lu->contacts,
                                             struct contact, next);
+                        list_add_tail(&c->next, p);
                         list_del(&d->next);
-                        assert(lu->contacts.prv != &d->next);
                         contact_destroy(d);
-                        list_add_tail(&c->next, p);
                         mod = true;
                 }
         }