summaryrefslogtreecommitdiff
path: root/src/ipcpd/eth/eth.c
Commit message (Collapse)AuthorAgeFilesLines
* lib, ipcpd: piggyback ECDHE on flow allocationDimitri Staessens2020-02-251-30/+63
| | | | | | | | | | | The initial implementation for the ECDHE key exchange was doing the key exchange after a flow was established. The public keys are now sent allowg on the flow allocation messages, so that an encrypted tunnel can be created within 1 RTT. The flow allocation steps had to be extended to pass the opaque data ('piggybacking'). Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix bad newline in eth.cDimitri Staessens2020-02-161-2/+2
| | | | | Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Filter fqueue events in packet handlersDimitri Staessens2020-01-251-0/+3
| | | | | | | | | | The eth, udp and local IPCPs were not filtering out the event types from the flow, causing some reads when there are no packets in the queue. The types are now also organized as flags so they can be filtered more quickly if needed. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Update copyright to 20200.16.0Dimitri Staessens2020-01-021-1/+1
| | | | | Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix length mismatch of encryption cypherDimitri Staessens2019-08-091-1/+1
| | | | | | | | The cypher_s field in QoS was sometimes 32 and sometimes 16 bits. This is now corrected to be 16 bits. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* lib: Add per-message encryption with OpenSSLDimitri Staessens2019-08-031-0/+3
| | | | | | | | | | | | | | | | | | | This adds a per-message symmetric encryption using the OpenSSL library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange is performed to derive a shared secret, which is then hashed using SHA3-256 to be used as a key for symmetric AES-256 encryption. Each message on an encrypted flow adds a small crypto header that includes a random 128-bit Initialization Vector (IV). If the server does not have OpenSSL enabled, the flow allocation will fail with an -ECRYPT error. Future optimizations are to piggyback the public keys on the flow allocation message, and to enable per-flow encryption that maintains the context of the encryption over multiple packets and doesn't require sending IVs. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Restrict MTU for Ethernet over loopbackDimitri Staessens2019-03-211-0/+5
| | | | | | | | | | | This restricts the MTU for the Ethernet IPCP over loopback adapters (devices named "lo*") to avoid it allocating 65K buffers per packet and quickly filling the default RDRBUFF space. The restriction is set using the build option IPCP_ETH_LO_MTU, with a default value of 1500 bytes. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Refactor create_r and flow_req_arrDimitri Staessens2019-03-041-3/+3
| | | | | | | | | | | The API calls for the IPCP to inform the IRMd of IPCP creation and incoming flow request had the pid_t in the call. This pid_t is removed and the getpid() call is now placed inside the function. Also refactors the cleanup for the main() functions of some of the lower IPCPs. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Update copyright to 2019Dimitri Staessens2019-02-051-1/+1
| | | | | | | Updates the copyright notice in all sources to 2019. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* include: Add a flow_join operation for broadcastDimitri Staessens2018-12-271-0/+1
| | | | | | | | | | | | This adds a new flow_join operaiton for broadcast, which is a much safer solution than overloading destination name semantics. The internal API now also has a different IPCP_FLOW_JOIN operation. The IRMd doesn't need to query broadcasts IPCPs for the name, it can just check if an IPCP with the layer name exists. The broadcast IPCP doesn't need to implement the query proxy call anymore. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Wait for buffer when writing to Eth deviceDimitri Staessens2018-12-081-1/+13
| | | | | | | | This will cause the Ethernet IPCP to wait for a free buffer when using raw sockets to avoid packet drops when the network is congested. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Make Qdisc bypass configurableSander Vrijders2018-10-121-0/+4
| | | | | | | | This will make bypassing the qdisc configurable, as it might be handy for getting fast data rates but is generally needed. Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be> Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
* ipcpd: Fix SEGV in eth IPCPDimitri Staessens2018-10-101-1/+6
| | | | | | | | The memcpy of the device name was copying a fixed set of bytes (IFNAMSIZ), but the string conf->dev is usually shorter. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd, lib, irmd, tools: Change SDU to packetSander Vrijders2018-10-051-23/+23
| | | | | | | | This will change SDU (Service Data Unit) to packet everywhere. SDU is OSI terminology, whereas packet is Ouroboros terminology. Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be> Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
* lib: Pass qosspec at flow allocationDimitri Staessens2018-10-051-14/+37
| | | | | | | | | | | | The flow allocator now passes the full qos specification to the endpoint, instead of just a cube. This is a more flexible architecture, as it makes QoS cubes internal to the layers. Adds endianness transforms for the flow allocator protocol in the normal IPCP. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Use non-blocking socket in Ethernet IPCPSander Vrijders2018-10-031-3/+17
| | | | | | | | | | Since the Ethernet IPCP now has multiple reader threads it was possible that both exit the select call, which caused one of the two threads to block on the recv call. This makes the socket non-blocking so that the recv call simply fails. Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be> Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
* ipcpd: Bypass Qdisc in Ethernet IPCPSander Vrijders2018-10-031-0/+8
| | | | | | | | Since Linux kernel 3.14 there is the option to bypass the kernel Qdisc. This will speed up the Ethernet IPCP. Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be> Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
* ipcpd: Fix build for netmap enabled Ethernet IPCPSander Vrijders2018-10-031-3/+7
| | | | | | | | | There were some compilation issues introduced by adding the interface monitor to the Ethernet IPCP. Furthermore it was not possible to select between raw sockets or netmap if both were available. Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be> Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
* ipcpd: Fix bad lock in Ethernet IPCPSander Vrijders2018-10-031-1/+1
| | | | | | | | An unlock was called twice instead of a lock/unlock sequence, causing a data race. Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be> Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
* ipcpd: Add multithreading to Ethernet IPCPDimitri Staessens2018-10-031-31/+56
| | | | | | | | | This adds multiple reader and writer threads, configurabe via cmake with IPCP_ETH_RD_THR and IPCP_ETH_WR_THR. Improves ethernet IPCP throughput, which looks to be limited by the raw socket calls. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Remove double close in Ethernet IPCPSander Vrijders2018-09-271-2/+1
| | | | | | | | | There was a double close of a fd in the Ethernet IPCP. It also passes the correct max length to a memcpy (a strlen of the source string was used previously). Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be> Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
* include: Remove _DEFAULT_SOURCE in endian.hDimitri Staessens2018-09-271-0/+2
| | | | | | | | This removes the _DEFAULT_SOURCE definition in the endian header as it should not be there. This avoids double and conflicting definitions. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* Merge branch 'testing' into beSander Vrijders2018-06-131-22/+28
|\
| * ipcpd: Get mtu using ioctl before hw addressDimitri Staessens2018-06-131-6/+6
| | | | | | | | | | | | | | | | | | The SIOCGIFMTU command uses the ifr struct, which is a union, so it can't store the hw address and the MTU at the same time. We now call SIOCGIFMTU and set the MTU before SIOCGIFHWADDR. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
| * ipcpd: Fix MTU handling in ethDimitri Staessens2018-06-131-16/+22
| | | | | | | | | | | | | | | | This fixes the MTU handling in eth. Buffers are now allocated to smaller size. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* | Merge branch 'testing' into beSander Vrijders2018-06-081-1/+12
|\|
| * ipcpd: Limit eth MTU to rdrb in single-block modeDimitri Staessens2018-06-081-1/+12
| | | | | | | | | | | | | | | | | | When the SHM is in single block mode, the MTU may be bigger than a block. The eth IPCPs reserved buffers the size of MTU, which is now limited. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* | lib: Add a data qos cubeDimitri Staessens2018-06-081-1/+1
|/ | | | | | | | This adds a data qos cube that is reliable. Reliable qos can be selected by setting the loss parameter of the qosspec to 0. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Support raw qos in eth and udp IPCPsDimitri Staessens2018-06-081-1/+1
| | | | | | | | Flow allocation for raw was not yet supported in these IPCPS, causing enrollment to fail. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Fix setting MTU for eth-llcDimitri Staessens2018-05-081-3/+12
| | | | | | | | The MTU was not correctly set for the eth-llc ipcp. This also fixes a missing definition of ETH_MAX_MTU, which was introduced in kernel v4.10. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Use correct MTU for eth-dixDimitri Staessens2018-05-071-4/+24
| | | | | | | | The eth-dix IPCP was using a hardcoded MTU of 1500 bytes, but could support higher MTUs. Now jumbo frames are supported. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Fix truncate of small packetsDimitri Staessens2018-04-051-1/+1
| | | | | | | | The truncate was setting the length to the frame length, instead of the actual payload length to be delivered to the N+1. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Add ethertype checkDimitri Staessens2018-04-051-1/+7
| | | | | | | | An ethertype check was missing for the DIX ethernet IPCP, causing crashes if there is other traffic on the network. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Avoid unnecessary copy in eth writerDimitri Staessens2018-04-051-25/+45
| | | | | | | | | This writes into the Ethernet device directly from the rdrbuff to avoid a copy on the write side in the Ethernet IPCPs. This does not work for the netmap device. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Avoid unnecessary copy in eth readerDimitri Staessens2018-04-051-31/+70
| | | | | | | | | This reads from the Ethernet device directly into the rdrbuff to avoid a copy on the read side in the Ethernet IPCPs. This does not work for the netmap device. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Enable locking threads to a CPU coreDimitri Staessens2018-04-051-0/+4
| | | | | | | | | This adds a function that locks a thread to a random core. This greatly improves performance on multi-cpu systems. There is no portable way to do this, this only implements it for GNU/Linux. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Fix frame buffer in eth ipcpsDimitri Staessens2018-04-051-2/+2
| | | | | | | | The packets were being sent and read into a buffer that had the payload length instead of the frame length. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Add validity checks for eth-dixDimitri Staessens2018-03-121-0/+4
| | | | | | | | This will check if the Ethertype value is a valid Ethertype in the irm tool and the eth-dix IPCPd. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Add length field to eth-dixDimitri Staessens2018-03-101-62/+57
| | | | | | | | | Some NICs added padding to the Ethernet II frames causing bad frame lengths and GPB unpack fails. This adds a 2-byte length field to the DIX frame to circumvent this. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Add IPCP over DIX EthernetDimitri Staessens2018-03-101-0/+1640
This adds an IPC Process that uses DIX Ethernet with an Ethertype that is configurable at bootstrap. This allows parallel DIX layers over the same Ethernet network with different Ethertypes (and one LLC layer). It allows jumbo frames in the future, and should avoid the problems we have with some routers not handling LLC traffic very well. The destination endpoint ID is sent as a 16 bit integer, so the maximum payload is 1498 bytes in standard Ethernet, and 8998 bytes when Jumbo frames are used. The implementation is very similar to the Ethernet LLC IPCP, so it is implemented using preprocessor macros in the single source instead of duplicating code. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>