summaryrefslogtreecommitdiff
path: root/src/ipcpd
Commit message (Collapse)AuthorAgeFilesLines
...
* ipcpd: Single UDP port for the ipcpd-udp0.18.0Dimitri Staessens2021-01-032-157/+72
| | | | | | | | | | | | | | | | | | The UDP layer will now use a single (configurable) UDP port, default 3435. This makes it easer to allocate flows as a client from behind a NAT firewall without having to configure port forwarding rules. So basically, from now on Ouroboros traffic is transported over a bidirectional <src><port>:<dst><port> UDP tunnel. The reason for not using/allowing different client/server ports is that it would require reading from different sockets using select() or something similar, but since we need the EID anyway (mgmt packets arrive on the same server UDP port), there's not a lot of benefit in doing it. Now the operation is similar to the ipcpd-eth, with the port somewhat functioning as a "layer name", where in UDP, the Ethertype functions as a "layer name". Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Update email addressesDimitri Staessens2021-01-0369-138/+138
| | | | | | | | The ugent email addresses are shut down, updated to Ouroboros mail addresses. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Update copyright to 2021Dimitri Staessens2021-01-0369-69/+69
| | | | | | | Happy New Year, Ouroboros! Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Pass qoscube to ECN marking functionDimitri Staessens2020-12-208-3/+13
| | | | | | | | The ECN marking function should be able to use the packet QoS to allow prioritizing traffic under congestion. Not yet implemented in MB-ECN. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Remove unused variable in MB-ECN policyDimitri Staessens2020-12-121-4/+0
| | | | | | | | The t_sent variable is a remnant from the first version and isn't needed anymore. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Pass previous ECN value in congestion APIDimitri Staessens2020-12-128-18/+30
| | | | | | | | The previous value of the ECN field should be passed to the congestion notification function. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Use 64-bit flow endpoint IDs for DTDimitri Staessens2020-12-075-53/+116
| | | | | | | | | | | | | The EIDs are now 64-bit. This makes it a tad harder to guess them (think of port scanning). The implementation has only the most significant 32 bits random to quickly map EIDs to N+1 flows. While this is equivalent to a random cookie as a check on flows, the rationale is that valid endpoint IDs should be pretty hard to guess (and thus be 64-bit random at least). Ideally one would use content-addressable memory for this kind of mapping. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix slow start in multi-bit (F)ECN policyDimitri Staessens2020-12-071-8/+11
| | | | | | | | | | | There is a check not to rapidly double the window to astronomical sizes when there is no congestion experienced for long periods of time, but the if-else logic was botched and it still grew to astronomical sizes (albeit linear instead of exponential). I also lowered the ECN threshold a bit. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Remove DT-FA bypass on receiver sideDimitri Staessens2020-12-075-63/+88
| | | | | | | | | | | | | | | | | | | | | | | | | | The DT will now post all packets for N+1 flows through the flow allocator component. This means that N+1 flows can be monitored through the flow allocator stats, and N-1 flows through the DT stats. The DT component still keeps stats for the local components (FA and DHT), but this can be removed once the DHT has its own RIB output. The flow allocator show statistics for Sent packets: total packets that were presented for sending on this specific flow Send failed: packets that were unable to be sent Received packets: total packets that were presented by the DT component on this specific flow Received failed: packets that were unable to be delivered These stats are presented as both packet counts and byte counts. To know how many were successful, the values for failed need to be subtracted from the values for total. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix off-by-one in Multi-bit (F)ECN policyDimitri Staessens2020-12-051-2/+1
| | | | | | | | Noticed an off-by-one in the packet counter because it was incremented before and the byte counter after the flow update. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Add RIB statistics for flow allocatorDimitri Staessens2020-12-058-12/+255
| | | | | | | | | | The RIB will now show some stats for the flow allocator, including congestion avoidance statistics. This is needed before decoupling the data transfer component and the flow allocator as some current stats show in DT will move to FA. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Simplify multi-bit (F)ECN policyDimitri Staessens2020-12-021-54/+69
| | | | | | | | | | | | The mb-ecn policy has a couple of divisions in the math, which I wanted to avoid. Now it measures the number of bytes sent in a window, and updates the next window with AIMD logic. If the number of bytes in the window is reached, the call blocks. To avoid long packet bursts, the window size continually scales to contain between CA_MINPS (8) and CA_MAXPS (64) packets. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Don't update for deallocated flowsDimitri Staessens2020-12-021-0/+5
| | | | | | | | | | | The dt component bypasses the flow allocator on the receiver side, and may try to update congestion context when the flow has already been deallocated by the receiver. I will fix this bypass and always pass through the flow allocator sometime soon; for now, I added a check in the flow allocator call to avoid the SEGV. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix enrollment for congestion avoidanceDimitri Staessens2020-12-021-0/+3
| | | | | | | | The enrollment procedure was not passing the policy for congestion avoidance. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Add congestion avoidance policiesDimitri Staessens2020-12-0214-73/+838
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds congestion avoidance policies to the unicast IPCP. The default policy is a multi-bit explicit congestion avoidance algorithm based on data-center TCP congestion avoidance (DCTCP) to relay information about the maximum queue depth that packets experienced to the receiver. There's also a "nop" policy to disable congestion avoidance for testing and benchmarking purposes. The (initial) API for congestion avoidance policies is: void * (* ctx_create)(void); void (* ctx_destroy)(void * ctx); These calls create / and or destroy a context for congestion control for a specific flow. Thread-safety of the context is the responsability of the flow allocator (operations on the ctx should be performed under a lock). ca_wnd_t (* ctx_update_snd)(void * ctx, size_t len); This is the sender call to update the context, and should be called for every packet that is sent on the flow. The len parameter in this API is the packet length, which allows calculating the bandwidth. It returns an opaque union type that is used for the call to check/wait if the congestion window is open or closed (and allowing to release locks before waiting). bool (* ctx_update_rcv)(void * ctx, size_t len, uint8_t ecn, uint16_t * ece); This is the call to update the flow congestion context on the receiver side. It should be called for every received packet. It gets the ecn value from the packet and its length, and returns the ECE (explicit congestion experienced) value to be sent to the sender in case of congestion. The boolean returned signals whether or not a congestion update needs to be sent. void (* ctx_update_ece)(void * ctx, uint16_t ece); This is the call for the sending side top update the context when it receives an ECE update from the receiver. void (* wnd_wait)(ca_wnd_t wnd); This is a (blocking) call that waits for the congestion window to clear. It should be stateless (to avoid waiting under locks). This may change later on if passing the context is needed for different algorithms. uint8_t (* calc_ecn)(int fd, size_t len); This is the call that intermediate IPCPs(routers) should use to update the ECN field on passing packets. The multi-bit ECN policy bases the value for the ECN field on the depth of the rbuff queue packets will be sent on. I created another call to grab the queue depth as fccntl is write-locking the application. We can further optimize this to avoid most locking on the rbuff. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Refactor DT componentDimitri Staessens2020-11-111-76/+38
| | | | | | | The flow stats had quite a lot of duplication. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix condition variable in flow allocatorDimitri Staessens2020-10-111-2/+13
| | | | | | | | The condition variable was not initialized correctly and using the wrong clock for pthread_cond_timedwait. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Improve locking np1_flow_set in eth and udpDimitri Staessens2020-09-262-13/+10
| | | | | | | A flow_set is thread-safe and doesn't need to be protected by a lock. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix assert in dhtDimitri Staessens2020-09-261-1/+1
| | | | | | | Fix assignment instead of comparison operator. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix leak and unitialized variable in DHTDimitri Staessens2020-05-291-1/+4
| | | | | | | | There were some issues identified by the Clang static analyzer that are now fixed. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix bad index in packet schedulerDimitri Staessens2020-05-291-1/+1
| | | | | | | | GCC 10 static analyzer found that the wrong index was used in the fail path of psched_create, causing double (multiple) frees. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Add support for GCC 100.17.5Dimitri Staessens2020-05-2312-6/+17
| | | | | | | | | GCC 10 defaults to -fno-common, so some variables that were defined in the headers needed to be declared "extern". The GCC 10 static analyzer can now be invoked using the DebugAnalyzer build option. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Remove some unused variables0.17.4Dimitri Staessens2020-05-021-2/+1
| | | | | | | The compiler spotted some variables that weren't really used. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* lib: Return number of written bytes on flow_write0.17.0Dimitri Staessens2020-03-152-6/+6
| | | | | | | | | This is more in line with the write() system call and prepares for partial writes. Partial writes are disabled by default (and not yet implemented). Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix locking in link_state policyDimitri Staessens2020-03-141-7/+6
| | | | | | | | There were updates under rdlock instead of wrlock, causing data races and trouble. Also speeds up shutdown a bit. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* lib, ipcpd: piggyback ECDHE on flow allocationDimitri Staessens2020-02-258-100/+199
| | | | | | | | | | | The initial implementation for the ECDHE key exchange was doing the key exchange after a flow was established. The public keys are now sent allowg on the flow allocation messages, so that an encrypted tunnel can be created within 1 RTT. The flow allocation steps had to be extended to pass the opaque data ('piggybacking'). Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Add unit tests for LFA and ECMP algorithmsDimitri Staessens2020-02-231-49/+100
| | | | | | | This adds tests for LFA and ECMP to the graph_test routine. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix infinite recursion in LFADimitri Staessens2020-02-231-2/+2
| | | | | | | | | There were bugs introduced in the LFA algorithm refactor causing infinite recursion and SEGV. The infinite recursion check was added as an explicit compiler flag to the build. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Use int instead of enum pol_pffSander Vrijders2020-02-161-1/+1
| | | | | | | | Otherwise the compile will complain that the comparison of an unsigned enum expression < 0 is always false. Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
* ipcpd: Fix double free, memleak and malloc checkDimitri Staessens2020-02-162-6/+7
| | | | | | | | Some fixes in the multipath implementation related to memory management that showed up with the static analyzer. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* Add equal-cost multipath routing policyDimitri Staessens2020-02-1612-15/+402
| | | | | | | | | | This adds an equal-cost multipath routing policy to Ouroboros, based on Nick Aerts' code. When selected, flows will send packets over all paths with equal cost (hop count). Path selection is round-robin. It does not yet take into account flows that are down. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix uninitialized variable in graphDimitri Staessens2020-02-161-1/+1
| | | | | | | During refactor a variable initialization was removed. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Rename hashtable to pftDimitri Staessens2020-02-168-352/+347
| | | | | | | | | This makes the hashtable more tailored to a packet forwarding table (PFT). In the end not much of a change was needed, but now it's clear the pft maps a destination address to a list of (outgoing) fds. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix bad newline in eth.cDimitri Staessens2020-02-161-2/+2
| | | | | Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix minor things in graph and link_stateDimitri Staessens2020-02-162-23/+74
| | | | | | | | | | The vertex was used before definition in the graph implementation. Fixed potential data race in link_state algorithm. Added missing asserts. Removed initialization of variables where not needed to let compiler warn about uninitialized uses. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Configure PFF from routing policyDimitri Staessens2020-02-167-9/+19
| | | | | | | | | | | | The Packet Forwarding Function (PFF) was user-configurable using the irm tool. However, this isn't really wanted since the PFF is dictated by the routing algorithm. This moves the responsability for selecting the correct PFF from the network admin to the unicast IPCP implementation. Each routing policy now has to specify which PFF it will use. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* lib: Move hashtable from lib to unicastDimitri Staessens2020-02-167-2/+410
| | | | | | | | | | The hashtable is only used for forwarding tables in the unicast IPCP. This moves the generic hashtable out of the library into the unicast IPCP to prepare a more tailored implementation specific to routing tables containing address lists. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Refactor graph to self-contain LFADimitri Staessens2020-02-161-72/+86
| | | | | | | | | | The LFA algorithm modifies the output of the simple routing algorithm, but the output was mixed in the general call. This moves the LFA subroutine to be self-contained. This makes for a cleaner entry point when adding more routing algorithms. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Filter fqueue events in packet handlersDimitri Staessens2020-01-253-0/+10
| | | | | | | | | | The eth, udp and local IPCPs were not filtering out the event types from the flow, causing some reads when there are no packets in the queue. The types are now also organized as flags so they can be filtered more quickly if needed. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Update copyright to 20200.16.0Dimitri Staessens2020-01-0257-57/+57
| | | | | Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Remove duplicate ip address in udp dataDimitri Staessens2019-08-311-3/+1
| | | | | | | | | The ip address was stored twice, which is not needed. Only keeping the ip address in the sockaddr struct will make IPv6 support more homogeneous. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix length mismatch of encryption cypherDimitri Staessens2019-08-092-3/+3
| | | | | | | | The cypher_s field in QoS was sometimes 32 and sometimes 16 bits. This is now corrected to be 16 bits. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* lib: Add per-message encryption with OpenSSLDimitri Staessens2019-08-033-0/+10
| | | | | | | | | | | | | | | | | | | This adds a per-message symmetric encryption using the OpenSSL library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange is performed to derive a shared secret, which is then hashed using SHA3-256 to be used as a key for symmetric AES-256 encryption. Each message on an encrypted flow adds a small crypto header that includes a random 128-bit Initialization Vector (IV). If the server does not have OpenSSL enabled, the flow allocation will fail with an -ECRYPT error. Future optimizations are to piggyback the public keys on the flow allocation message, and to enable per-flow encryption that maintains the context of the encryption over multiple packets and doesn't require sending IVs. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Refactor normal to unicastDimitri Staessens2019-07-2943-81/+81
| | | | | | | | This completes the renaming of the normal IPCP to the unicast IPCP in the sources, to get everything consistent with the documentation. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Fix use after free and uninitalized valueSander Vrijders2019-06-211-1/+1
| | | | | | | | | | This fixes a use after free in an error condition, and makes sure that pid is set in the flow_set early on, so flow_set_destroy won't create a prefix with an uninitialized pid in case of an error in shm_flow_set_create. Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
* ipcpd: Give max priority to flow allocatorDimitri Staessens2019-03-281-2/+31
| | | | | | | | | | | The flow allocator thread was running on a low priority, causing some delay when handling packets. Usually this isn't a problem, but for congestion control updates, the delay may become problematic. The priority is now set to the maximum allowed by the scheduler policy to improve responsiveness. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Handle local IPCP case when parsing configDimitri Staessens2019-03-281-1/+3
| | | | | | | | | The default case in the configuration parsing prints an erroneous "Unknown IPCP type" message when a local IPCP is bootstrapped. The IPCP_LOCAL type is now handled separately (no action needed). Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* build: Set specific compiler flags for SWIG target0.15.2Dimitri Staessens2019-03-211-1/+4
| | | | | | | | | | The compiler flags for the SWIG target were added to the global CMAKE_C_FLAGS used for the entire project. This sets the flags uniquely for the SWIG target. The eth has a similar case for the c99 flag. There was a lingering include in dev.c that was removed. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Don't reuse fqueue between threadsDimitri Staessens2019-03-211-10/+17
| | | | | | | | The UDP IPCP was reusing fqueues between threads. This is not supported and lead to bad reads and buffer overflows. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
* ipcpd: Restrict MTU for Ethernet over loopbackDimitri Staessens2019-03-213-0/+8
| | | | | | | | | | | This restricts the MTU for the Ethernet IPCP over loopback adapters (devices named "lo*") to avoid it allocating 65K buffers per packet and quickly filling the default RDRBUFF space. The restriction is set using the build option IPCP_ETH_LO_MTU, with a default value of 1500 bytes. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>