diff options
| author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2026-06-14 16:00:30 +0200 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2026-06-29 08:32:58 +0200 |
| commit | c386d9b7caa56f472fdce20ff5b2841ed41dd539 (patch) | |
| tree | 81c8124854e0557ef6be4d9eda0a15f28f79350a /src/lib | |
| parent | 22e2380b09730a2f18deefd688585edb430d3299 (diff) | |
| download | ouroboros-c386d9b7caa56f472fdce20ff5b2841ed41dd539.tar.gz ouroboros-c386d9b7caa56f472fdce20ff5b2841ed41dd539.zip | |
ipcpd: Add flow-update relay
This adds an ipcp_flow_update() call to relay opaque messages between
the two IRMds (carried by FLOW_IRM_UPDATE messages), which passes it
back up to the peer IRMd via ipcp_flow_update_arr(). The broadcast
layer does not implement this.
Needed for periodic re-keying of encrypted flows via OAP.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/dev.c | 55 | ||||
| -rw-r--r-- | src/lib/pb/ipcp.proto | 1 | ||||
| -rw-r--r-- | src/lib/pb/irm.proto | 4 | ||||
| -rw-r--r-- | src/lib/serdes-irm.c | 50 |
4 files changed, 110 insertions, 0 deletions
diff --git a/src/lib/dev.c b/src/lib/dev.c index 543bd13e..cff1ebf2 100644 --- a/src/lib/dev.c +++ b/src/lib/dev.c @@ -2282,6 +2282,38 @@ int np1_flow_resp(int flow_id, return fd; } +int np1_flow_fd(int flow_id) +{ + int fd; + + if (flow_id < 0 || flow_id >= SYS_MAX_FLOWS) + return -1; + + pthread_rwlock_rdlock(&proc.lock); + + fd = proc.id_to_fd[flow_id].fd; + + pthread_rwlock_unlock(&proc.lock); + + return fd; +} + +int np1_flow_id(int fd) +{ + int flow_id; + + if (fd < 0 || fd >= PROC_MAX_FLOWS) + return -1; + + pthread_rwlock_rdlock(&proc.lock); + + flow_id = proc.flows[fd].info.id; + + pthread_rwlock_unlock(&proc.lock); + + return flow_id; +} + int ipcp_create_r(const struct ipcp_info * info) { uint8_t buf[SOCK_BUF_SIZE]; @@ -2350,6 +2382,29 @@ int ipcp_flow_req_arr(const buffer_t * dst, return flow_init(&flow, &crypt, 0); } +int ipcp_flow_update_arr(int flow_id, + const buffer_t * data) +{ + struct flow_info flow; + uint8_t buf[SOCK_BUF_SIZE]; + buffer_t msg = {SOCK_BUF_SIZE, buf}; + int err; + + memset(&flow, 0, sizeof(flow)); + + flow.id = flow_id; + flow.n_1_pid = getpid(); + + if (ipcp_flow_update_arr__irm_req_ser(&msg, &flow, data) < 0) + return -ENOMEM; + + err = send_recv_msg(&msg); + if (err < 0) + return err; + + return irm__irm_result_des(&msg); +} + int ipcp_flow_alloc_reply(int fd, int response, time_t mpl, diff --git a/src/lib/pb/ipcp.proto b/src/lib/pb/ipcp.proto index 406b8d9c..afee4f91 100644 --- a/src/lib/pb/ipcp.proto +++ b/src/lib/pb/ipcp.proto @@ -39,6 +39,7 @@ enum ipcp_msg_code { IPCP_CONNECT = 10; IPCP_DISCONNECT = 11; IPCP_REPLY = 12; + IPCP_FLOW_UPDATE = 13; } message ipcp_msg { diff --git a/src/lib/pb/irm.proto b/src/lib/pb/irm.proto index 5de860a5..98b75a95 100644 --- a/src/lib/pb/irm.proto +++ b/src/lib/pb/irm.proto @@ -53,6 +53,8 @@ enum irm_msg_code { IPCP_FLOW_REQ_ARR = 25; IPCP_FLOW_ALLOC_REPLY = 26; IRM_REPLY = 27; + IRM_FLOW_UPDATE = 28; + IPCP_FLOW_UPDATE_ARR = 29; } message timespec_msg { @@ -96,4 +98,6 @@ message irm_msg { optional sint32 result = 25; optional bytes sym_key = 26; /* symmetric encryption key */ optional sint32 cipher_nid = 27; /* cipher NID */ + optional uint32 generation = 28; /* re-key batch generation */ + optional bool rekey = 29; /* re-key watermark trigger */ } diff --git a/src/lib/serdes-irm.c b/src/lib/serdes-irm.c index 65f2c02d..a896576d 100644 --- a/src/lib/serdes-irm.c +++ b/src/lib/serdes-irm.c @@ -444,6 +444,56 @@ int ipcp_flow_alloc_reply__irm_msg_ser(buffer_t * buf, return 0; fail_msg: + /* hash/pk are borrowed from the caller; detach before free. */ + msg->hash.len = 0; + msg->hash.data = NULL; + msg->pk.len = 0; + msg->pk.data = NULL; + irm_msg__free_unpacked(msg, NULL); + fail_malloc: + return -ENOMEM; +} + +int ipcp_flow_update_arr__irm_req_ser(buffer_t * buf, + const struct flow_info * flow, + const buffer_t * data) +{ + irm_msg_t * msg; + size_t len; + + msg = malloc(sizeof(*msg)); + if (msg == NULL) + goto fail_malloc; + + irm_msg__init(msg); + + msg->code = IRM_MSG_CODE__IPCP_FLOW_UPDATE_ARR; + msg->flow_info = flow_info_s_to_msg(flow); + if (msg->flow_info == NULL) + goto fail_msg; + + msg->has_pk = true; + msg->pk.len = data->len; + msg->pk.data = data->data; + + len = irm_msg__get_packed_size(msg); + if (len == 0 || len > buf->len) + goto fail_msg; + + buf->len = len; + + irm_msg__pack(msg, buf->data); + + /* Don't free data! */ + msg->pk.len = 0; + msg->pk.data = NULL; + irm_msg__free_unpacked(msg, NULL); + + return 0; + fail_msg: + /* pk.data is borrowed from the caller; detach before free. */ + msg->pk.len = 0; + msg->pk.data = NULL; irm_msg__free_unpacked(msg, NULL); fail_malloc: return -ENOMEM; |
