| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
The wrong pointer was being free'd in case of a derivation error.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
| |
The cypher_s field in QoS was sometimes 32 and sometimes 16 bits. This
is now corrected to be 16 bits.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a per-message symmetric encryption using the OpenSSL
library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange
is performed to derive a shared secret, which is then hashed using
SHA3-256 to be used as a key for symmetric AES-256 encryption. Each
message on an encrypted flow adds a small crypto header that includes
a random 128-bit Initialization Vector (IV). If the server does not
have OpenSSL enabled, the flow allocation will fail with an -ECRYPT
error.
Future optimizations are to piggyback the public keys on the flow
allocation message, and to enable per-flow encryption that maintains
the context of the encryption over multiple packets and doesn't
require sending IVs.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
|
| |
The proper initialization of libgrypt requires a call to
gcry_check_version. The library initialization should first run a
check if the application (or some other library) hasn't already
initialized libgcrypt before attempting to initialize libgcrypt.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
| |
This completes the renaming of the normal IPCP to the unicast IPCP in
the sources, to get everything consistent with the documentation.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
|
| |
This fixes a use after free in an error condition, and makes sure that
pid is set in the flow_set early on, so flow_set_destroy won't create
a prefix with an uninitialized pid in case of an error in
shm_flow_set_create.
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
| |
This adds some tests for the shm_rbuff after some reports that the
queue length would be erroneously reported as 0 when the rbuff was
full. The test passes for the reported case.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
| |
This fixes writing at high speeds when the rbuff is smaller than the
rdrbuff. The pthread_cond_wait calls were blocking on the wrong
condition variable.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
| |
The wrapper contained a string that was split using a backslash. This
is only supported in CMake > 3.0. Removed the split so compilation
resumes with older versions of CMake.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
|
| |
This allows setting the size of the rbuffs in a system independently
of the main packet buffer using SHM_RBUFF_SIZE. The benefit of setting
a smaller rbuff size is that a single process can't fully occupy the
main packet buffer.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
|
|
| |
The flow allocator thread was running on a low priority, causing some
delay when handling packets. Usually this isn't a problem, but for
congestion control updates, the delay may become problematic. The
priority is now set to the maximum allowed by the scheduler policy to
improve responsiveness.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
| |
The default case in the configuration parsing prints an erroneous
"Unknown IPCP type" message when a local IPCP is bootstrapped. The
IPCP_LOCAL type is now handled separately (no action needed).
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
|
| |
The compiler flags for the SWIG target were added to the global
CMAKE_C_FLAGS used for the entire project. This sets the flags
uniquely for the SWIG target. The eth has a similar case for the c99
flag. There was a lingering include in dev.c that was removed.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
| |
The UDP IPCP was reusing fqueues between threads. This is not
supported and lead to bad reads and buffer overflows.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
|
|
| |
This restricts the MTU for the Ethernet IPCP over loopback adapters
(devices named "lo*") to avoid it allocating 65K buffers per packet
and quickly filling the default RDRBUFF space. The restriction is set
using the build option IPCP_ETH_LO_MTU, with a default value of 1500
bytes.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some versions of gcc seem to give a positive on the strict aliasing
rule. It's absent from newer gcc versions or clang. However, rather
than disabling the check for older version, this small rewrite seems to
temporarily fix the false positive. Apparently, it's undefined
behaviour to simply cast a char/uint8_t buffer to a variable type
pointer and then dereference the type. A more elaborate patch to fix
the undefined behaviour is needed.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
| |
The CMake policy setting was set to 3.13, which doesn't work on older
CMake versions. The setting is now set to use the default policy of
the installed version.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
| |
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
| |
The documentation and package point to the imec site, which is now
moved to ouroboros.rocks
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
|
| |
There is an unsafe strncpy() in the swig compilation process, which
has been fixed a while back but is still not in the release
version. This disables the compiler warning. It also fixes an
unspecified option.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
|
|
| |
The UDP IPCP now uses a fixed server UDP port (default 3435) for all
communications. This allows passing firewalls more easily since only a
single port needs to be opened. The client port can be fixed as well
if needed (default random). It uses an internal eid, so the MTU of the
UDP layer is reduced by 4 bytes, similar to the Ethernet IPCPs.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
| |
The shm_flow_set for the processes are now created and destroyed
together with the irm_flow objects. This old code causes stack
overflows in some (rare) conditions and must be removed.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
| |
This makes the eth packet handler single-threaded by default, at least
until stability issues that seem to be related to multi-threading are
fixed.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
|
|
| |
The API calls for the IPCP to inform the IRMd of IPCP creation and
incoming flow request had the pid_t in the call. This pid_t is removed
and the getpid() call is now placed inside the function. Also
refactors the cleanup for the main() functions of some of the lower
IPCPs.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a simple round-trip time estimator to FRCT. The estimate is
a weighted average with deviation. The retransmission is scheduled
after rtt + 2 times the deviation. A retransmit doubles the rtt
estimate to avoid the no-update case when rtt suddenly increases. The
rtt is estimated in microseconds and the granularity for retransmits
is 256 microseconds.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
| |
Updates the copyright notice in all sources to 2019.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
| |
The Ouroboros man page will now include broadcast IPCPs and are
updated to reflect the latest API.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The irm enroll tool had a semantic to enroll with a layer name, but
this is not checked. Now the enroll command will retrieve the correct
layer name that the IPCP got from the actual enrollment procedure.
The irm enroll now has two string parameters, a dst and a layer, which
cannot be both NULL. If only dst is specified, the IPCP will enroll
with that name; autobind will bind with the layer name. If only layer
is specified, the IPCP will enroll with the layer name, and perform a
check that the layer name retrieved from enrollment is indeed the
layer name before possibly autobinding. If both dst and layer are
specified, the IPCP will enroll with dst and perform a check that the
enrollment was in the expected layer. Basically only specifying the
layer name is a shorthand for dst == layer.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
| |
This renames the normal IPCP to unicast in the irm toolkit.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
| |
This fixes the deallocation of non-initialized IPCP flows. These can
occur when some operations are not implemented.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new flow_join operaiton for broadcast, which is a much
safer solution than overloading destination name semantics. The
internal API now also has a different IPCP_FLOW_JOIN operation. The
IRMd doesn't need to query broadcasts IPCPs for the name, it can just
check if an IPCP with the layer name exists. The broadcast IPCP
doesn't need to implement the query proxy call anymore.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
|
| |
This moves the creation and destruction of shm_flow_set shared memory
structures from the init to the IRMd. Now the management of all shared
data objects is performed by the IRMd.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
| |
This will cause the Ethernet IPCP to wait for a free buffer when using
raw sockets to avoid packet drops when the network is congested.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
| |
The fccntl call was reading from the RX queue instead of the TX queue.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
| |
The --server-name option was mistyped with an underscore in the
argument parser.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
|
| |
This adds a First Fragment bit to FRCT. This small optimisation avoids
losing two packets when there is packet loss without fragmentation,
without the need to disable fragmentation at the end points.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
| |
The ECN value in the packet was not set during write of a new
packet. Also removes the outdated abstract syntax enum.
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
|
|
|
|
|
|
|
|
| |
This adds an extra field to the data transfer PCI which can be used to
flag congestion by intermediate routers.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
|
| |
This changes the API to the rdrbuff to treat it as a pool memory
allocator. The head and tailspace to allocate in a buffer is now set
system-wide instead of being passed as a parameter.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
| |
The flag IFF_NO_PI is needed to make sure that no extra protocol
header is added to the payload that is received on the TUN interface.
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
|
|
|
|
|
|
|
|
|
|
| |
This adds a broadcast IPCP that allows us to easily create multicast
applications. The broadcast IPCP accepts flows for "<layer_name>.mc".
A tool, obc (Ouroboros broadcast), is added that sends and reads a
message to a broadcast layer.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
|
|
| |
This adds the ovpn application which allows to send TCP/IP traffic
over Ouroboros. This is done by opening a TUN interface and allocating
a flow to another ovpn application so that applications using TCP/IP
can be used over Ouroboros as well.
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
|
|
|
|
|
|
|
|
|
| |
The ipcp connect command can now set a specific qos cube for data
transfer flows. For management flows, the tool ignores this and
defaults to raw until data flows are stable enough.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
|
| |
This will check if the flow id is valid instead of asserting. It
avoids assertion failures in the IPCP if an application crashes and
the IRMd deallocates the flow while the IPCP still has pending writes.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
| |
The pff didn't check if there were actually entries in the database,
causing an assertion failure in some rare cases.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
|
| |
The signals are now handled in the main thread instead of an
asynchronous signal handler. The acceptloop is now correctly cancelled
and the associated timeouts are removed.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
| |
The integrity check mechanism was split from FRCT, this flag is not
needed anymore.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When a new link is added, the link state update will be sent before
the database update, so the network is a little bit more quickly
aware. This improves odds of the DHT successfully enrolling at its
first attempt, reducing bootstrap time of a network.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
| |
| |
| |
| |
| |
| |
| | |
This allows configuration of the DHT slack timer at build time.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|