summaryrefslogtreecommitdiff
path: root/src/ipcpd/udp
Commit message (Collapse)AuthorAgeFilesLines
* ipcpd: Fix length mismatch of encryption cypherDimitri Staessens2019-08-091-2/+2
| | | | | | | | The cypher_s field in QoS was sometimes 32 and sometimes 16 bits. This is now corrected to be 16 bits. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Add per-message encryption with OpenSSLDimitri Staessens2019-08-031-0/+4
| | | | | | | | | | | | | | | | | | | This adds a per-message symmetric encryption using the OpenSSL library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange is performed to derive a shared secret, which is then hashed using SHA3-256 to be used as a key for symmetric AES-256 encryption. Each message on an encrypted flow adds a small crypto header that includes a random 128-bit Initialization Vector (IV). If the server does not have OpenSSL enabled, the flow allocation will fail with an -ECRYPT error. Future optimizations are to piggyback the public keys on the flow allocation message, and to enable per-flow encryption that maintains the context of the encryption over multiple packets and doesn't require sending IVs. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Don't reuse fqueue between threadsDimitri Staessens2019-03-211-10/+17
| | | | | | | | The UDP IPCP was reusing fqueues between threads. This is not supported and lead to bad reads and buffer overflows. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Fix strict aliasing warning0.15.1Dimitri Staessens2019-03-181-6/+8
| | | | | | | | | | | | | Some versions of gcc seem to give a positive on the strict aliasing rule. It's absent from newer gcc versions or clang. However, rather than disabling the check for older version, this small rewrite seems to temporarily fix the false positive. Apparently, it's undefined behaviour to simply cast a char/uint8_t buffer to a variable type pointer and then dereference the type. A more elaborate patch to fix the undefined behaviour is needed. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Revise UDP IPCPDimitri Staessens2019-03-182-422/+374
| | | | | | | | | | | The UDP IPCP now uses a fixed server UDP port (default 3435) for all communications. This allows passing firewalls more easily since only a single port needs to be opened. The client port can be fixed as well if needed (default random). It uses an internal eid, so the MTU of the UDP layer is reduced by 4 bytes, similar to the Ethernet IPCPs. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Refactor create_r and flow_req_arrDimitri Staessens2019-03-041-18/+17
| | | | | | | | | | | The API calls for the IPCP to inform the IRMd of IPCP creation and incoming flow request had the pid_t in the call. This pid_t is removed and the getpid() call is now placed inside the function. Also refactors the cleanup for the main() functions of some of the lower IPCPs. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* build: Update copyright to 2019Dimitri Staessens2019-02-051-1/+1
| | | | | | | Updates the copyright notice in all sources to 2019. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* include: Add a flow_join operation for broadcastDimitri Staessens2018-12-271-0/+1
| | | | | | | | | | | | This adds a new flow_join operaiton for broadcast, which is a much safer solution than overloading destination name semantics. The internal API now also has a different IPCP_FLOW_JOIN operation. The IRMd doesn't need to query broadcasts IPCPs for the name, it can just check if an IPCP with the layer name exists. The broadcast IPCP doesn't need to implement the query proxy call anymore. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd, lib, irmd, tools: Change SDU to packetSander Vrijders2018-10-051-32/+32
| | | | | | | | This will change SDU (Service Data Unit) to packet everywhere. SDU is OSI terminology, whereas packet is Ouroboros terminology. Signed-off-by: Sander Vrijders <[email protected]> Signed-off-by: Dimitri Staessens <[email protected]>
* lib: Pass qosspec at flow allocationDimitri Staessens2018-10-051-15/+33
| | | | | | | | | | | | The flow allocator now passes the full qos specification to the endpoint, instead of just a cube. This is a more flexible architecture, as it makes QoS cubes internal to the layers. Adds endianness transforms for the flow allocator protocol in the normal IPCP. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Add return value checks to UDP IPCPSander Vrijders2018-09-271-17/+37
| | | | | | | Some return value checks were missing in the UDP IPCP. Signed-off-by: Sander Vrijders <[email protected]> Signed-off-by: Dimitri Staessens <[email protected]>
* include: Remove _DEFAULT_SOURCE in endian.hDimitri Staessens2018-09-271-0/+4
| | | | | | | | This removes the _DEFAULT_SOURCE definition in the endian header as it should not be there. This avoids double and conflicting definitions. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Support data QoS cube in UDP shimSander Vrijders2018-06-081-1/+1
| | | | | | | | This will also allow flows with the data QoS cube to be allocated over the UDP shim. Signed-off-by: Sander Vrijders <[email protected]> Signed-off-by: Dimitri Staessens <[email protected]>
* ipcpd: Support raw qos in eth and udp IPCPsDimitri Staessens2018-06-081-1/+1
| | | | | | | | Flow allocation for raw was not yet supported in these IPCPS, causing enrollment to fail. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* build: Check for variable length arraysDimitri Staessens2018-05-281-4/+32
| | | | | | | | | | The clang and gcc compilers don't complain about variable length arrays using the -c89 flag unless the flag -Wvla or -Wpedantic is set. This also fixes a memleak and two false positive uninitialized variable warnings reported by the clang static analyzer in graph.c. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Fix false positive incompatible malloc typeDimitri Staessens2018-05-271-6/+4
| | | | | | | | | A malloc was performed with a mgmt_msg type and converted to a uint8_t buffer for serialization, which triggers a false positive warning with the clang static analyzer. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Enable locking threads to a CPU coreDimitri Staessens2018-04-051-0/+4
| | | | | | | | | This adds a function that locks a thread to a random core. This greatly improves performance on multi-cpu systems. There is no portable way to do this, this only implements it for GNU/Linux. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* build: Use GNUInstallDirs instead of hardcoded values0.9.9Sander Vrijders2018-02-061-1/+1
| | | | | | | | This changes the build to use GNUInstallDirs instead of hardcoded values. Package maintainers can then override these defaults by passing the correct value to cmake on the command line. Signed-off-by: Sander Vrijders <[email protected]>
* include, src: Update copyright to 2018Dimitri Staessens2018-01-091-1/+1
| | | | | | | Happy New Year, Ouroboros. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Use the term "layer" and deprecate "shim"Dimitri Staessens2017-12-192-0/+1227
This changes the terminology to use layer instead of DIF and deprecate the word "shim" for the IPCPs that attach to Ethernet LLC and UDP .The terminology has not yet been changed in the variable names etc. This reflects the design choices in Ouroboros to make IPCPs pure resource allocators instead of also providing an "IPC service". The Ouroboros IPCPs that attach to Ethernet and UDP implement the allocator and are thus not really shims. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>