|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | 
| 
| 
| 
| 
| 
| | The send timeout was returned instead of the receive timeout.
Signed-off-by: Thijs Paelman <thijs@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | The application was generating its public keypair for its ECDHE key
exchange. This is now done by the IRMd, which will check the requested
qosspec and then apply what is needed. The flow_alloc and flow_accept
calls will just return the symmetric key to the application.
This makes it easier when we add configurations with given public key
pairs and other encryption algorithms, which can then all be
configured globally in the IRMd instead of having all the options
replicated and implemented in each and every application.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| | The irm_create_ipcp leaked the ipcp_info protobuf message.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| | The information for an IPCP is now stored in an ipcp_info struct,
containing name and type. The IRM public API is not changed.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| | The layer_info had a member layer_name which is a bit
redundant.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | The ipcp_info struct / message contains information only used for
listing IPCPs, and I will reuse the ipcp_info name for general IPCP
information common to all IPCPs such as name and type.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | The previous patch only fixed listing the contents on the fuse
filesystem. Apparently files with st_blocks = 0 as seen as empty on
Raspbian, and the FUSE read() function isn't invoked for such
files. Setting st_blocks to 1 fixes that, but st_blksize is ignored
for fuse. So, on raspbian the filesize is now a huge number, but at
least reading the fuse filesystem works.
Corrected the filesystem attributes for the IPCP output for systems
that don't rely on st_blocks to assess filesize.
Also set the file mode to 0644 as these are not executables.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| | The stderr lines had no newline. Fixed.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | For some reason, 'ls' on raspbian invoked the fuse readdir() in a loop
where the first call had fuse_file_info * info set to NULL and
subsequent calls had info->nonseekable set to 1. Since we don't check
the value the info struct, this caused an infinite loop when trying to
list the contents of the fuse filesystem subdirectories of
/tmp/ouroboros/.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | The timeout comparison for keepalives could overflow on 32-bit
systems, as times were converted to nanoseconds and be limited to a
bit over 4 seconds. This caused flow reads to fail miserably with
EFLOWPEER errors when keepalives were set higher on these systems.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | The pid of the N-1 IPCP process was needlessly stored in the flow
struct. We only need it to open the right shared memory maps, which is
done when the flow is created.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | We often have the pattern where we NULL-check abstime for
pthread_cond_timedwait to call pthread_cond_wait if it is.
Added a __timedwait function to wrap this.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | The cryptography functions were in a C source that was directly
imported into dev.c, enabling ECDHE+AES256 symmetric key encryption on
flows. Now crypt.c is an independent source file with associated
crypt.h header, to prepare for security management and configuration
in the IRMd.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | The application had a port construct, which is a leftover from the
early days implementing RINA specs, which had a "port_id" to access
flows. O7s doesn't really have a "port" concept, only flows. The
port_wait_assign function was used in the IPCP to wait for the IRMd to
assign the flow_id and return so the flow object could be created.
This renames things a bit, and also simplifies the locking to us a
single lock/condvar for managing flows. This should be further
improved to move the flow state into the flow object, maintain a
double mapping of to flow objects (id_to_flow and fd_to_flow) and
malloc flow objects at flow allocation, instead of keeping the full
table in memory at init to further reduce memory footprint.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| | The init will now print more useful errors if a process fails to
initialize. Also rearranged these procedures a little bit.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| | Doesn't make any sense to call it a port event...
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | This moves the protobuf definition in the library to a pb/
directory. Also renames the protobuf files and does a quick review of
the #define guards in the include library to specify _LIB_ for
internal/non-public library headers.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| | The enrollment messages now have a 64-bit ID to easier track
enrollments in the logs in larger scale tests.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | The code was a bit convoluted to print hashes as hex strings. Renamed
to HASH_FMT32 and HASH_VAL32 to make clear we are printing the first
32 bits only, and added options to print 64 up to 512 bits as well.
This doesn't depend on endianness anymore. Adds a small test for the
hash (printing) functions.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| | Seems like all shared memory objects were truncated to a size that
came up a byte short.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| | Off-by-one error in lockfile file length. Refactor to reduce code
duplication.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| | Compilation on raspberry pi revealed some previously undetected
signed/unsigned comparisons in the library.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Compatibility with versions of CMake older than 3.5 is deprecated from
CMake 3.27 onwards, and will be removed from a future version. Calls
to cmake_minimum_required() or cmake_policy() that set the policy
version to an older value now issue a deprecation diagnostic.
Fixed by indicating a max tested value for cmake_minimum_required().
Changed linking with OpenSSL to link with libcrypto only, we don't
require libssl.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| | There was a missing bmp_destroy, refactored exiting after a failure.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Rename internal data structures so it's clear that they are the IRMd
representation of these objects for management purposes.
Split functionality for these objects off and and move them to their
own source files.
Rename internal functions of the IRMd to reflect this, with some small
refactoring.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| | That while loop is not needed anymore.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| | Better to keep these separate during IRMd revision. Moves the qosspec
default out of the protobuf message parsing.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| | Doesn't seem to be needed, this makes it uniform in all protobuf
files.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | This adds initial support for configuration files using the C99 TOML
parser (to be installed separately from https://github.com/cktan/tomlc99).
The default location for the IRMd configuration file is
/etc/ouroboros/irmd.conf. This is configurable at build time.
An example file will be installed in the configuration directory with
the name irmd.conf.example.
Config file support can be disabled using the DISABLE_CONFIGFILE build
option.
There were some refactors and changes to the configuration messages
and protobuf files. This works towards consolidation of protobuf C as
an option for more generic handling of serialization/deserialization
of various messages.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| | The internal hash enum now matches the public one w.r.t. directory
hash policies. This removes some unnecessary conversion.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | The ipcp configuration struct now has internal structures for the
different IPCPs and for IPCP components of the unicast IPCP.
Split the very long IPCP main loop into individual handler functions.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| | 2022 was a rather slow year...
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| | Found by Clang version 15.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| | Building with Yocto was giving some package QA warnings.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | The dealloc call will now always do a non-blocking read before
attempting to destroy the rbuff, ensuring all keepalives are
processed.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | This makes it clear that we are scheduling a potential delayed
acknowledgment instead of acknowledging a packet scheduled for
retransmission. Also some small cosmetic fixes.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | This fixes the RTO doubling on timeout according to Karn/Partridge.
Exponentially increasing RTO when it times out (e.g. doubling)
fixes the problem that a sudden increase in real RTT starves the sRTT
updates by never getting out of backoff as retransmitted packets can't
update RTT.
Added an parameter to make it less aggressive, default is doubling.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| | There was an unused struct timerwheel * lingering in the application
instance.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| | Growing pains.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | The delayed ACK was wrongly measuring the delay against the receiver
activity instead of the sender activity. Also fixed receiver activity
not being updated for non-data packets (and duplicates and other
dropped traffic).
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | This adds the option to use the Round-Trip-Time (RTT) estimation
algorithm as it is implemented in the TCP implementation in Linux. It
looks like it outperforms the TCP default algorithm, so I enabled this
one by default. Also adds the option to change the RTO timeout
calculation to include more (or less) than 4 times the mdev (specified
as a power of 2. Left the default value to 2 (so, 4 mdevs), but 3 (8
mdevs) gives better results in my tests.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | If a flow was deallocated while there were still unprocessed events in
an fqueue, it would cause a SEGV in fqueue_next because it was not
checking the validity of the returned flow descriptor.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | Delayed ACKs are now sent after twice the internal tick time. Fixes
initial ACK record (rcv_cr.seqno) being uninitialized (0) when the
first ACK was to be sent. Adds some FRCT metrics for number of
received delayed (bare) ACKs and the RTT estimator.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| | The fqueues were relying on the fact that the portevent were two
integers. This cleans that up a bit.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| | The protobuf message was free'd before usage in flow_init.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Unidirectional traffic has one of the peers only send bare FRCT
packets. These never set a DRF, since they have no sequence number.
At the receiver, all these ACKs and window updates were always dropped
as the receiver connection record was timed out.
Also fixes a SEGV if flow control kicks in (passing NULL timeout to
pthread_cond_timedwait).
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | The application will now handle incoming FRCT packets even if the
application never reads data from the flow (for instance servers).  To
do this, it reserves an fset_t (id 0). When an FRCT-enabled flow is
created, it is automatically added to this fset. An rx thread will
listen for incoming events and perform necessary actions on the flow
if needed. If the FRCT flow is added to another user fset, it will be
handled by that user fset (and if the flow is removed from a user
fset, it will be re-added to the set with id 0 to be handled by the
rx_flow thread. The flow monitoring is handled by the same thread,
replacing the previous monitoring thread.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | Now the instance keeps all flows for an application in a linked list
to easily iterate over all allocated flows, which is needed by the
keepalive monitoring. This is more efficient that tracking min and max
fd.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| | We don't need to iterate fsets anymore since the removal of fset_keepalive.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | The frcti_filter was reading raw data from the buffers, causing the
frcti_rcv to operate directly on encrypted packets. It decrypt and
filter for invalid packets. I moved the function from frct to the
fqueue implementation and renamed it fqueue_filter as it filters
fqueues. Should be extended to filter out keepalives on non-FRCT
flows, as these will now still cause spurious wakeups.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> |