summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* irmd: Check if entry actually existsSander Vrijders2019-10-061-0/+5
| | | | | | | | | The prog table was consulted for a name of a program, which may not exist, thus prog_entry_del_name potentially got a NULL reference passed. Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
* lib: Add check that flow_id is validSander Vrijders2019-10-061-0/+5
| | | | | | | | In fset_add, the flow_id was passed to the shm_flow_set without checking if it was actually valid. Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
* build: Allow older OpenSSL versions for randomDimitri Staessens2019-10-053-4/+6
| | | | | | | | | Ubuntu 16 comes with older versions of OpenSSL, glibc and libgcrypt. Ouroboros will now fall back to OpenSSL even if the version is <= 1.1.0. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* Add support for appveyor CISander Vrijders2019-09-291-0/+34
| | | | | | | | | | A yml file is included in the repository, which is parsed by the appveyor CI when a build is triggered upon pushing. It allows checking the build on Ubuntu 16.04 and 18.04, on x86 and x64, and in release and debug configuration. Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
* Disable SWIG support by defaultSander Vrijders2019-09-291-2/+2
| | | | | | | | The current build fails on older Ubuntu versions. Moreover, the generated code does not wrap flow_write and flow_read correctly. Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
* build: Check OpenSSL version >= 1.1.0Dimitri Staessens2019-09-291-10/+15
| | | | | | | | | The cryptographic functions require at least OpenSSL 1.1.0. The build will now check for this version and disable OpenSSL support when this requirement is not met. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* tools: Fix name option in ovpnDimitri Staessens2019-09-151-1/+1
| | | | | | | The --name option is not of optional_argument type. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Remove duplicate ip address in udp dataDimitri Staessens2019-08-311-3/+1
| | | | | | | | | The ip address was stored twice, which is not needed. Only keeping the ip address in the sockaddr struct will make IPv6 support more homogeneous. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* tools: Add encryption option to ovpnDimitri Staessens2019-08-311-7/+15
| | | | | | | | This adds a -C, --crypt option to the ovpn tool to easily create AES encrypted IP tunnels. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* tools: Use time_utils from toolsDimitri Staessens2019-08-314-2/+7
| | | | | | | | The ocbr tool was still using the non-public time_utils from the library instead of the version in tools. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* lib: Fix swapped ECDH crypt callsDimitri Staessens2019-08-091-2/+2
| | | | | | | | | | The client and server side were swapped. This wasn't a big issue, but now we are sure that the flow allocation response for the server has arrived at the client (packet reordering could cause the server key to arrive before the flow is allocated at the client). Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* lib: Fix free in key derivationDimitri Staessens2019-08-091-1/+1
| | | | | | | The wrong pointer was being free'd in case of a derivation error. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix length mismatch of encryption cypherDimitri Staessens2019-08-093-4/+4
| | | | | | | | The cypher_s field in QoS was sometimes 32 and sometimes 16 bits. This is now corrected to be 16 bits. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* lib: Add per-message encryption with OpenSSLDimitri Staessens2019-08-0312-29/+693
| | | | | | | | | | | | | | | | | | | This adds a per-message symmetric encryption using the OpenSSL library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange is performed to derive a shared secret, which is then hashed using SHA3-256 to be used as a key for symmetric AES-256 encryption. Each message on an encrypted flow adds a small crypto header that includes a random 128-bit Initialization Vector (IV). If the server does not have OpenSSL enabled, the flow allocation will fail with an -ECRYPT error. Future optimizations are to piggyback the public keys on the flow allocation message, and to enable per-flow encryption that maintains the context of the encryption over multiple packets and doesn't require sending IVs. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* irmd, lib: Improve libgcrypt initDimitri Staessens2019-07-292-6/+20
| | | | | | | | | | The proper initialization of libgrypt requires a call to gcry_check_version. The library initialization should first run a check if the application (or some other library) hasn't already initialized libgcrypt before attempting to initialize libgcrypt. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Refactor normal to unicastDimitri Staessens2019-07-2956-117/+117
| | | | | | | | This completes the renaming of the normal IPCP to the unicast IPCP in the sources, to get everything consistent with the documentation. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix use after free and uninitalized valueSander Vrijders2019-06-212-3/+3
| | | | | | | | | | This fixes a use after free in an error condition, and makes sure that pid is set in the flow_set early on, so flow_set_destroy won't create a prefix with an uninitialized pid in case of an error in shm_flow_set_create. Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
* lib: Add tests for the shm_rbuffDimitri Staessens2019-06-212-0/+106
| | | | | | | | | This adds some tests for the shm_rbuff after some reports that the queue length would be erroneously reported as 0 when the rbuff was full. The test passes for the reported case. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* lib: Fix blocking writes to smaller rbuffDimitri Staessens2019-04-171-5/+4
| | | | | | | | | This fixes writing at high speeds when the rbuff is smaller than the rdrbuff. The pthread_cond_wait calls were blocking on the wrong condition variable. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Fix CMake 3.0 syntax in wrapperDimitri Staessens2019-04-081-2/+1
| | | | | | | | | The wrapper contained a string that was split using a backslash. This is only supported in CMake > 3.0. Removed the split so compilation resumes with older versions of CMake. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* lib: Set independent size for rbuffDimitri Staessens2019-04-067-15/+141
| | | | | | | | | | This allows setting the size of the rbuffs in a system independently of the main packet buffer using SHM_RBUFF_SIZE. The benefit of setting a smaller rbuff size is that a single process can't fully occupy the main packet buffer. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Give max priority to flow allocatorDimitri Staessens2019-03-281-2/+31
| | | | | | | | | | | The flow allocator thread was running on a low priority, causing some delay when handling packets. Usually this isn't a problem, but for congestion control updates, the delay may become problematic. The priority is now set to the maximum allowed by the scheduler policy to improve responsiveness. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Handle local IPCP case when parsing configDimitri Staessens2019-03-281-1/+3
| | | | | | | | | The default case in the configuration parsing prints an erroneous "Unknown IPCP type" message when a local IPCP is bootstrapped. The IPCP_LOCAL type is now handled separately (no action needed). Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Set specific compiler flags for SWIG target0.15.2Dimitri Staessens2019-03-215-14/+19
| | | | | | | | | | The compiler flags for the SWIG target were added to the global CMAKE_C_FLAGS used for the entire project. This sets the flags uniquely for the SWIG target. The eth has a similar case for the c99 flag. There was a lingering include in dev.c that was removed. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Don't reuse fqueue between threadsDimitri Staessens2019-03-211-10/+17
| | | | | | | | The UDP IPCP was reusing fqueues between threads. This is not supported and lead to bad reads and buffer overflows. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Restrict MTU for Ethernet over loopbackDimitri Staessens2019-03-213-0/+8
| | | | | | | | | | | This restricts the MTU for the Ethernet IPCP over loopback adapters (devices named "lo*") to avoid it allocating 65K buffers per packet and quickly filling the default RDRBUFF space. The restriction is set using the build option IPCP_ETH_LO_MTU, with a default value of 1500 bytes. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix strict aliasing warning0.15.1Dimitri Staessens2019-03-182-7/+9
| | | | | | | | | | | | | Some versions of gcc seem to give a positive on the strict aliasing rule. It's absent from newer gcc versions or clang. However, rather than disabling the check for older version, this small rewrite seems to temporarily fix the false positive. Apparently, it's undefined behaviour to simply cast a char/uint8_t buffer to a variable type pointer and then dereference the type. A more elaborate patch to fix the undefined behaviour is needed. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Fix CMake policy settingDimitri Staessens2019-03-181-1/+1
| | | | | | | | | The CMake policy setting was set to 3.13, which doesn't work on older CMake versions. The setting is now set to use the default policy of the installed version. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* version: Ouroboros 0.15.00.15.0Sander Vrijders2019-03-181-1/+1
| | | | Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* doc: Update documentation to new website URLDimitri Staessens2019-03-1810-13/+13
| | | | | | | | The documentation and package point to the imec site, which is now moved to ouroboros.rocks Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Fix build error with swigDimitri Staessens2019-03-182-3/+5
| | | | | | | | | | There is an unsafe strncpy() in the swig compilation process, which has been fixed a while back but is still not in the release version. This disables the compiler warning. It also fixes an unspecified option. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Revise UDP IPCPDimitri Staessens2019-03-189-446/+435
| | | | | | | | | | | The UDP IPCP now uses a fixed server UDP port (default 3435) for all communications. This allows passing firewalls more easily since only a single port needs to be opened. The client port can be fixed as well if needed (default random). It uses an internal eid, so the MTU of the UDP layer is reduced by 4 bytes, similar to the Ethernet IPCPs. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* irmd: Don't destroy shm_flow_set from IRMdDimitri Staessens2019-03-121-5/+0
| | | | | | | | | The shm_flow_set for the processes are now created and destroyed together with the irm_flow objects. This old code causes stack overflows in some (rare) conditions and must be removed. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Set default number of threads in eth to 1Dimitri Staessens2019-03-051-2/+2
| | | | | | | | | This makes the eth packet handler single-threaded by default, at least until stability issues that seem to be related to multi-threading are fixed. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Refactor create_r and flow_req_arrDimitri Staessens2019-03-048-55/+48
| | | | | | | | | | | The API calls for the IPCP to inform the IRMd of IPCP creation and incoming flow request had the pid_t in the call. This pid_t is removed and the getpid() call is now placed inside the function. Also refactors the cleanup for the main() functions of some of the lower IPCPs. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* lib: Add initial rtt estimator to FRCTDimitri Staessens2019-02-083-18/+90
| | | | | | | | | | | | This adds a simple round-trip time estimator to FRCT. The estimate is a weighted average with deviation. The retransmission is scheduled after rtt + 2 times the deviation. A retransmit doubles the rtt estimate to avoid the no-update case when rtt suddenly increases. The rtt is estimated in microseconds and the granularity for retransmits is 256 microseconds. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* build: Update copyright to 2019Dimitri Staessens2019-02-05192-192/+192
| | | | | | | Updates the copyright notice in all sources to 2019. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* doc: Update man page for broadcast IPCPsDimitri Staessens2019-01-162-22/+57
| | | | | | | | The Ouroboros man page will now include broadcast IPCPs and are updated to reflect the latest API. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* tools: Allow enrollment with destination IPCPDimitri Staessens2019-01-161-11/+52
| | | | | | | | | | | | | | | | | | The irm enroll tool had a semantic to enroll with a layer name, but this is not checked. Now the enroll command will retrieve the correct layer name that the IPCP got from the actual enrollment procedure. The irm enroll now has two string parameters, a dst and a layer, which cannot be both NULL. If only dst is specified, the IPCP will enroll with that name; autobind will bind with the layer name. If only layer is specified, the IPCP will enroll with the layer name, and perform a check that the layer name retrieved from enrollment is indeed the layer name before possibly autobinding. If both dst and layer are specified, the IPCP will enroll with dst and perform a check that the enrollment was in the expected layer. Basically only specifying the layer name is a shorthand for dst == layer. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* tools: Rename "normal" to "unicast"Dimitri Staessens2019-01-023-9/+9
| | | | | | | This renames the normal IPCP to unicast in the irm toolkit. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* lib: Fix deallocating non-initialized np1 flowsDimitri Staessens2018-12-294-6/+16
| | | | | | | | This fixes the deallocation of non-initialized IPCP flows. These can occur when some operations are not implemented. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* include: Add a flow_join operation for broadcastDimitri Staessens2018-12-2716-54/+178
| | | | | | | | | | | | This adds a new flow_join operaiton for broadcast, which is a much safer solution than overloading destination name semantics. The internal API now also has a different IPCP_FLOW_JOIN operation. The IRMd doesn't need to query broadcasts IPCPs for the name, it can just check if an IPCP with the layer name exists. The broadcast IPCP doesn't need to implement the query proxy call anymore. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* irmd: Manage shm_flow_set from IRMdDimitri Staessens2018-12-225-127/+112
| | | | | | | | | This moves the creation and destruction of shm_flow_set shared memory structures from the init to the IRMd. Now the management of all shared data objects is performed by the IRMd. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Wait for buffer when writing to Eth deviceDimitri Staessens2018-12-081-1/+13
| | | | | | | | This will cause the Ethernet IPCP to wait for a free buffer when using raw sockets to avoid packet drops when the network is congested. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* lib: Fix reading tx queue length0.14.0Dimitri Staessens2018-12-072-2/+2
| | | | | | | The fccntl call was reading from the RX queue instead of the TX queue. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* tools: Fix server name argument in opingDimitri Staessens2018-11-301-1/+1
| | | | | | | | The --server-name option was mistyped with an underscore in the argument parser. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* lib: Add First Fragment (FFGM) bit to FRCTDimitri Staessens2018-11-211-1/+2
| | | | | | | | | This adds a First Fragment bit to FRCT. This small optimisation avoids losing two packets when there is packet loss without fragmentation, without the need to disable fragmentation at the end points. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Fix uninitialized value for ECNSander Vrijders2018-11-201-9/+1
| | | | | | | | The ECN value in the packet was not set during write of a new packet. Also removes the outdated abstract syntax enum. Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be> Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
* ipcpd: Add Explicit Congestion Notification fieldFriedl Rubrecht2018-11-201-1/+7
| | | | | | | | This adds an extra field to the data transfer PCI which can be used to flag congestion by intermediate routers. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* lib: Revise du buff API towards a memory allocatorDimitri Staessens2018-10-264-55/+41
| | | | | | | | | This changes the API to the rdrbuff to treat it as a pool memory allocator. The head and tailspace to allocate in a buffer is now set system-wide instead of being passed as a parameter. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>