summaryrefslogtreecommitdiff
path: root/src/ipcpd/udp
Commit message (Collapse)AuthorAgeFilesLines
* ipcpd: Fix deadlock on exit in udp, local, ethDimitri Staessens2022-05-221-2/+2
| | | | | | | | | | | The IPCP flow_set was getting destroyed with the IPCP main loop still running, causing potential deadlocks. Reported-by: Thijs Paelman Confirmed-by: Dimitri Staessens <dimitri@ouroboros.rocks> Tested-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Update copyright to 2022Dimitri Staessens2022-04-031-1/+1
| | | | | | | Growing pains. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* lib: Add np1_flow_read and np1_flow_write callsDimitri Staessens2022-03-301-5/+15
| | | | | | | | | | | | | | | | Reading/writing to (N + 1)-flows from the IPCP was using a raw QoS flow to bypass some functions in the ipcp_flow_read call. But this call was broken for keepalive packets. Fixing the ipcp_flow_read call for (N - 1) flows causes the IPCPs to drop 0-byte keepalive packets coming from (N + 1) client flows. >From now on, there is a dedicated call for (N + 1) reads/writes from the IPCPs that's more efficient and cleaner. The (N + 1) flow internal QoS is now also defaulted to a qos_np1 qosspec, instead of tampering with the qosspec requested by the (N + 1) client. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* lib: Refactor reading packet from rbuffDimitri Staessens2022-03-301-1/+1
| | | | | | | | | | | | Reading packets from the rbuff and checking their validity (non-zero size, pass crc check, pass decryption) is now extracted into a function. Also adds a function to get the length of an sdu_du_buff instead of subtracting the tail and head pointers. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix memcpy with NULL in piggyback APIDimitri Staessens2022-03-081-2/+4
| | | | | | | | If there is no piggyback data, memcpy was passed a NULL pointer in memcpy(buf, NULL, 0) calls, which is undefined behaviour. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipdpd: Pass MPL to application at flow_allocationDimitri Staessens2022-03-082-2/+7
| | | | | | | | | | | | The maximum packet lifetime (MPL) is a property of the flow that needs to be passed to the reliable transmission protocol (FRCP) for its correct operation. Previously, the value of MPL was set fixed as one of the (fixed) Delta-t parameters. This patch makes the MPL a property of the layer, and it can now be set per layer-type at build time. This is a step towards a proper MPL estimator in the flow allocator. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* lib: Make flow liveness timeout configurableDimitri Staessens2022-03-031-0/+4
| | | | | | | | | The qosspec_t now has a timeout value that sets the timeout value of the flow. Flows with a peer that has timed out will now return -EFLOWPEER on flow_read() or flow_write(). Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix some unchecked return valuesDimitri Staessens2022-03-031-1/+1
| | | | | | | Fixes some unchecked and wrongly checked return values. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix potential overflow in DDNS resolverDimitri Staessens2022-02-181-1/+1
| | | | | | | The count value could be IPCP_UDP_BUF_SIZE, overflowing buf. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Fix compilation with fuse (RIB) on FreeBSDDimitri Staessens2021-06-281-3/+9
| | | | | | | | | | | Compilation failed on FreeBSD 14 with fuse enabled because of some missing definitions. __XSI_VISIBLE must be set before including <ouroboros/rib.h> for some definitions in <sys/stat.h>. FreeBSD doesn't know the MSG_CONFIRM flag to sendto() or CLOCK_REALTIME_COARSE, which are Linux-specific. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* lib, ipcpd, irmd: Wrap pthread unlocks for cleanupDimitri Staessens2021-06-231-8/+11
| | | | | | | | | | | | This add an ouroboros/pthread.h header that wraps the pthread_..._unlock() functions for cleanup using pthread_cleanup_push() as this casting is not safe (and there were definitely bad casts in the code). The close() function is now also wrapped for cleanup in ouroboros/sockets.h. This allows enabling more compiler checks. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Move RIB initialization to common groundDimitri Staessens2021-06-211-1/+8
| | | | | | | | | | | | | | This moves Resource Information Base (RIB) initialization into the ipcp_init() function, so all IPCPs initialize a RIB. The RIB not shows some common IPCP information, such as the IPCP name, IPCP state and the layer name if the IPCP is part of a layer. The initialization of the hash algorithm and layer name was moved out of the common ipcp source because IPCPs may only know this information after enrollment. Some IPCPs were not even storing this information. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Single UDP port for the ipcpd-udp0.18.0Dimitri Staessens2021-01-031-155/+71
| | | | | | | | | | | | | | | | | | The UDP layer will now use a single (configurable) UDP port, default 3435. This makes it easer to allocate flows as a client from behind a NAT firewall without having to configure port forwarding rules. So basically, from now on Ouroboros traffic is transported over a bidirectional <src><port>:<dst><port> UDP tunnel. The reason for not using/allowing different client/server ports is that it would require reading from different sockets using select() or something similar, but since we need the EID anyway (mgmt packets arrive on the same server UDP port), there's not a lot of benefit in doing it. Now the operation is similar to the ipcpd-eth, with the port somewhat functioning as a "layer name", where in UDP, the Ethertype functions as a "layer name". Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Update email addressesDimitri Staessens2021-01-031-2/+2
| | | | | | | | The ugent email addresses are shut down, updated to Ouroboros mail addresses. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Update copyright to 2021Dimitri Staessens2021-01-031-1/+1
| | | | | | | Happy New Year, Ouroboros! Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Improve locking np1_flow_set in eth and udpDimitri Staessens2020-09-261-11/+8
| | | | | | | A flow_set is thread-safe and doesn't need to be protected by a lock. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Add support for GCC 100.17.5Dimitri Staessens2020-05-231-0/+2
| | | | | | | | | GCC 10 defaults to -fno-common, so some variables that were defined in the headers needed to be declared "extern". The GCC 10 static analyzer can now be invoked using the DebugAnalyzer build option. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* lib, ipcpd: piggyback ECDHE on flow allocationDimitri Staessens2020-02-251-30/+62
| | | | | | | | | | | The initial implementation for the ECDHE key exchange was doing the key exchange after a flow was established. The public keys are now sent allowg on the flow allocation messages, so that an encrypted tunnel can be created within 1 RTT. The flow allocation steps had to be extended to pass the opaque data ('piggybacking'). Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Filter fqueue events in packet handlersDimitri Staessens2020-01-251-0/+4
| | | | | | | | | | The eth, udp and local IPCPs were not filtering out the event types from the flow, causing some reads when there are no packets in the queue. The types are now also organized as flags so they can be filtered more quickly if needed. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Update copyright to 20200.16.0Dimitri Staessens2020-01-021-1/+1
| | | | | Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Remove duplicate ip address in udp dataDimitri Staessens2019-08-311-3/+1
| | | | | | | | | The ip address was stored twice, which is not needed. Only keeping the ip address in the sockaddr struct will make IPv6 support more homogeneous. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix length mismatch of encryption cypherDimitri Staessens2019-08-091-2/+2
| | | | | | | | The cypher_s field in QoS was sometimes 32 and sometimes 16 bits. This is now corrected to be 16 bits. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* lib: Add per-message encryption with OpenSSLDimitri Staessens2019-08-031-0/+4
| | | | | | | | | | | | | | | | | | | This adds a per-message symmetric encryption using the OpenSSL library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange is performed to derive a shared secret, which is then hashed using SHA3-256 to be used as a key for symmetric AES-256 encryption. Each message on an encrypted flow adds a small crypto header that includes a random 128-bit Initialization Vector (IV). If the server does not have OpenSSL enabled, the flow allocation will fail with an -ECRYPT error. Future optimizations are to piggyback the public keys on the flow allocation message, and to enable per-flow encryption that maintains the context of the encryption over multiple packets and doesn't require sending IVs. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Don't reuse fqueue between threadsDimitri Staessens2019-03-211-10/+17
| | | | | | | | The UDP IPCP was reusing fqueues between threads. This is not supported and lead to bad reads and buffer overflows. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix strict aliasing warning0.15.1Dimitri Staessens2019-03-181-6/+8
| | | | | | | | | | | | | Some versions of gcc seem to give a positive on the strict aliasing rule. It's absent from newer gcc versions or clang. However, rather than disabling the check for older version, this small rewrite seems to temporarily fix the false positive. Apparently, it's undefined behaviour to simply cast a char/uint8_t buffer to a variable type pointer and then dereference the type. A more elaborate patch to fix the undefined behaviour is needed. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Revise UDP IPCPDimitri Staessens2019-03-182-422/+374
| | | | | | | | | | | The UDP IPCP now uses a fixed server UDP port (default 3435) for all communications. This allows passing firewalls more easily since only a single port needs to be opened. The client port can be fixed as well if needed (default random). It uses an internal eid, so the MTU of the UDP layer is reduced by 4 bytes, similar to the Ethernet IPCPs. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Refactor create_r and flow_req_arrDimitri Staessens2019-03-041-18/+17
| | | | | | | | | | | The API calls for the IPCP to inform the IRMd of IPCP creation and incoming flow request had the pid_t in the call. This pid_t is removed and the getpid() call is now placed inside the function. Also refactors the cleanup for the main() functions of some of the lower IPCPs. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Update copyright to 2019Dimitri Staessens2019-02-051-1/+1
| | | | | | | Updates the copyright notice in all sources to 2019. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* include: Add a flow_join operation for broadcastDimitri Staessens2018-12-271-0/+1
| | | | | | | | | | | | This adds a new flow_join operaiton for broadcast, which is a much safer solution than overloading destination name semantics. The internal API now also has a different IPCP_FLOW_JOIN operation. The IRMd doesn't need to query broadcasts IPCPs for the name, it can just check if an IPCP with the layer name exists. The broadcast IPCP doesn't need to implement the query proxy call anymore. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd, lib, irmd, tools: Change SDU to packetSander Vrijders2018-10-051-32/+32
| | | | | | | | This will change SDU (Service Data Unit) to packet everywhere. SDU is OSI terminology, whereas packet is Ouroboros terminology. Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be> Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
* lib: Pass qosspec at flow allocationDimitri Staessens2018-10-051-15/+33
| | | | | | | | | | | | The flow allocator now passes the full qos specification to the endpoint, instead of just a cube. This is a more flexible architecture, as it makes QoS cubes internal to the layers. Adds endianness transforms for the flow allocator protocol in the normal IPCP. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Add return value checks to UDP IPCPSander Vrijders2018-09-271-17/+37
| | | | | | | Some return value checks were missing in the UDP IPCP. Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be> Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
* include: Remove _DEFAULT_SOURCE in endian.hDimitri Staessens2018-09-271-0/+4
| | | | | | | | This removes the _DEFAULT_SOURCE definition in the endian header as it should not be there. This avoids double and conflicting definitions. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Support data QoS cube in UDP shimSander Vrijders2018-06-081-1/+1
| | | | | | | | This will also allow flows with the data QoS cube to be allocated over the UDP shim. Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be> Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be>
* ipcpd: Support raw qos in eth and udp IPCPsDimitri Staessens2018-06-081-1/+1
| | | | | | | | Flow allocation for raw was not yet supported in these IPCPS, causing enrollment to fail. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* build: Check for variable length arraysDimitri Staessens2018-05-281-4/+32
| | | | | | | | | | The clang and gcc compilers don't complain about variable length arrays using the -c89 flag unless the flag -Wvla or -Wpedantic is set. This also fixes a memleak and two false positive uninitialized variable warnings reported by the clang static analyzer in graph.c. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Fix false positive incompatible malloc typeDimitri Staessens2018-05-271-6/+4
| | | | | | | | | A malloc was performed with a mgmt_msg type and converted to a uint8_t buffer for serialization, which triggers a false positive warning with the clang static analyzer. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Enable locking threads to a CPU coreDimitri Staessens2018-04-051-0/+4
| | | | | | | | | This adds a function that locks a thread to a random core. This greatly improves performance on multi-cpu systems. There is no portable way to do this, this only implements it for GNU/Linux. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* build: Use GNUInstallDirs instead of hardcoded values0.9.9Sander Vrijders2018-02-061-1/+1
| | | | | | | | This changes the build to use GNUInstallDirs instead of hardcoded values. Package maintainers can then override these defaults by passing the correct value to cmake on the command line. Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* include, src: Update copyright to 2018Dimitri Staessens2018-01-091-1/+1
| | | | | | | Happy New Year, Ouroboros. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>
* ipcpd: Use the term "layer" and deprecate "shim"Dimitri Staessens2017-12-192-0/+1227
This changes the terminology to use layer instead of DIF and deprecate the word "shim" for the IPCPs that attach to Ethernet LLC and UDP .The terminology has not yet been changed in the variable names etc. This reflects the design choices in Ouroboros to make IPCPs pure resource allocators instead of also providing an "IPC service". The Ouroboros IPCPs that attach to Ethernet and UDP implement the allocator and are thus not really shims. Signed-off-by: Dimitri Staessens <dimitri.staessens@ugent.be> Signed-off-by: Sander Vrijders <sander.vrijders@ugent.be>