| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
A flow_set is thread-safe and doesn't need to be protected by a lock.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
| |
GCC 10 defaults to -fno-common, so some variables that were defined in
the headers needed to be declared "extern". The GCC 10 static analyzer
can now be invoked using the DebugAnalyzer build option.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
|
|
| |
The initial implementation for the ECDHE key exchange was doing the
key exchange after a flow was established. The public keys are now
sent allowg on the flow allocation messages, so that an encrypted
tunnel can be created within 1 RTT. The flow allocation steps had to
be extended to pass the opaque data ('piggybacking').
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
| |
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
|
| |
The eth, udp and local IPCPs were not filtering out the event types
from the flow, causing some reads when there are no packets in the
queue. The types are now also organized as flags so they can be
filtered more quickly if needed.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
| |
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
| |
The cypher_s field in QoS was sometimes 32 and sometimes 16 bits. This
is now corrected to be 16 bits.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a per-message symmetric encryption using the OpenSSL
library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange
is performed to derive a shared secret, which is then hashed using
SHA3-256 to be used as a key for symmetric AES-256 encryption. Each
message on an encrypted flow adds a small crypto header that includes
a random 128-bit Initialization Vector (IV). If the server does not
have OpenSSL enabled, the flow allocation will fail with an -ECRYPT
error.
Future optimizations are to piggyback the public keys on the flow
allocation message, and to enable per-flow encryption that maintains
the context of the encryption over multiple packets and doesn't
require sending IVs.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
|
|
| |
This restricts the MTU for the Ethernet IPCP over loopback adapters
(devices named "lo*") to avoid it allocating 65K buffers per packet
and quickly filling the default RDRBUFF space. The restriction is set
using the build option IPCP_ETH_LO_MTU, with a default value of 1500
bytes.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
|
|
|
|
| |
The API calls for the IPCP to inform the IRMd of IPCP creation and
incoming flow request had the pid_t in the call. This pid_t is removed
and the getpid() call is now placed inside the function. Also
refactors the cleanup for the main() functions of some of the lower
IPCPs.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
|
|
|
|
|
|
| |
Updates the copyright notice in all sources to 2019.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new flow_join operaiton for broadcast, which is a much
safer solution than overloading destination name semantics. The
internal API now also has a different IPCP_FLOW_JOIN operation. The
IRMd doesn't need to query broadcasts IPCPs for the name, it can just
check if an IPCP with the layer name exists. The broadcast IPCP
doesn't need to implement the query proxy call anymore.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
| |
This will cause the Ethernet IPCP to wait for a free buffer when using
raw sockets to avoid packet drops when the network is congested.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
| |
This will make bypassing the qdisc configurable, as it might be handy
for getting fast data rates but is generally needed.
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
|
|
|
|
|
|
|
|
| |
The memcpy of the device name was copying a fixed set of bytes
(IFNAMSIZ), but the string conf->dev is usually shorter.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
| |
This will change SDU (Service Data Unit) to packet everywhere. SDU is
OSI terminology, whereas packet is Ouroboros terminology.
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The flow allocator now passes the full qos specification to the
endpoint, instead of just a cube. This is a more flexible
architecture, as it makes QoS cubes internal to the layers.
Adds endianness transforms for the flow allocator protocol in the
normal IPCP.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
|
|
| |
Since the Ethernet IPCP now has multiple reader threads it was
possible that both exit the select call, which caused one of the two
threads to block on the recv call. This makes the socket non-blocking
so that the recv call simply fails.
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
|
|
|
|
|
|
|
|
| |
Since Linux kernel 3.14 there is the option to bypass the kernel
Qdisc. This will speed up the Ethernet IPCP.
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
|
|
|
|
|
|
|
|
|
| |
There were some compilation issues introduced by adding the interface
monitor to the Ethernet IPCP. Furthermore it was not possible to
select between raw sockets or netmap if both were available.
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
|
|
|
|
|
|
|
|
| |
An unlock was called twice instead of a lock/unlock sequence, causing
a data race.
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
|
|
|
|
|
|
|
|
|
| |
This adds multiple reader and writer threads, configurabe via cmake
with IPCP_ETH_RD_THR and IPCP_ETH_WR_THR. Improves ethernet IPCP
throughput, which looks to be limited by the raw socket calls.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
|
| |
There was a double close of a fd in the Ethernet IPCP. It also passes
the correct max length to a memcpy (a strlen of the source string was
used previously).
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
|
|
|
|
|
|
|
|
| |
This removes the _DEFAULT_SOURCE definition in the endian header as it
should not be there. This avoids double and conflicting definitions.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The SIOCGIFMTU command uses the ifr struct, which is a union, so it
can't store the hw address and the MTU at the same time. We now call
SIOCGIFMTU and set the MTU before SIOCGIFHWADDR.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes the MTU handling in eth. Buffers are now allocated to
smaller size.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|\| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When the SHM is in single block mode, the MTU may be bigger than a
block. The eth IPCPs reserved buffers the size of MTU, which is now
limited.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|/
|
|
|
|
|
|
| |
This adds a data qos cube that is reliable. Reliable qos can be
selected by setting the loss parameter of the qosspec to 0.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
| |
Flow allocation for raw was not yet supported in these IPCPS, causing
enrollment to fail.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
| |
The MTU was not correctly set for the eth-llc ipcp. This also fixes a
missing definition of ETH_MAX_MTU, which was introduced in kernel v4.10.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
| |
The eth-dix IPCP was using a hardcoded MTU of 1500 bytes, but could
support higher MTUs. Now jumbo frames are supported.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
| |
The truncate was setting the length to the frame length, instead of
the actual payload length to be delivered to the N+1.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
| |
An ethertype check was missing for the DIX ethernet IPCP, causing
crashes if there is other traffic on the network.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
|
| |
This writes into the Ethernet device directly from the rdrbuff to
avoid a copy on the write side in the Ethernet IPCPs. This does not
work for the netmap device.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
|
| |
This reads from the Ethernet device directly into the rdrbuff to avoid
a copy on the read side in the Ethernet IPCPs. This does not work for
the netmap device.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
|
| |
This adds a function that locks a thread to a random core. This
greatly improves performance on multi-cpu systems. There is no
portable way to do this, this only implements it for GNU/Linux.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
| |
The packets were being sent and read into a buffer that had the
payload length instead of the frame length.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
| |
This will check if the Ethertype value is a valid Ethertype in the irm
tool and the eth-dix IPCPd.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
|
|
|
|
|
|
|
| |
Some NICs added padding to the Ethernet II frames causing bad frame
lengths and GPB unpack fails. This adds a 2-byte length field to the
DIX frame to circumvent this.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|
|
This adds an IPC Process that uses DIX Ethernet with an Ethertype that
is configurable at bootstrap. This allows parallel DIX layers over the
same Ethernet network with different Ethertypes (and one LLC
layer). It allows jumbo frames in the future, and should avoid the
problems we have with some routers not handling LLC traffic very
well. The destination endpoint ID is sent as a 16 bit integer, so the
maximum payload is 1498 bytes in standard Ethernet, and 8998 bytes
when Jumbo frames are used.
The implementation is very similar to the Ethernet LLC IPCP, so it is
implemented using preprocessor macros in the single source instead of
duplicating code.
Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
|