summaryrefslogtreecommitdiff
path: root/src/ipcpd
Commit message (Collapse)AuthorAgeFilesLines
* ipcpd: Fix locking in link_state policyDimitri Staessens2020-03-141-7/+6
| | | | | | | | There were updates under rdlock instead of wrlock, causing data races and trouble. Also speeds up shutdown a bit. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib, ipcpd: piggyback ECDHE on flow allocationDimitri Staessens2020-02-258-100/+199
| | | | | | | | | | | The initial implementation for the ECDHE key exchange was doing the key exchange after a flow was established. The public keys are now sent allowg on the flow allocation messages, so that an encrypted tunnel can be created within 1 RTT. The flow allocation steps had to be extended to pass the opaque data ('piggybacking'). Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Add unit tests for LFA and ECMP algorithmsDimitri Staessens2020-02-231-49/+100
| | | | | | | This adds tests for LFA and ECMP to the graph_test routine. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Fix infinite recursion in LFADimitri Staessens2020-02-231-2/+2
| | | | | | | | | There were bugs introduced in the LFA algorithm refactor causing infinite recursion and SEGV. The infinite recursion check was added as an explicit compiler flag to the build. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Use int instead of enum pol_pffSander Vrijders2020-02-161-1/+1
| | | | | | | | Otherwise the compile will complain that the comparison of an unsigned enum expression < 0 is always false. Signed-off-by: Sander Vrijders <[email protected]> Signed-off-by: Dimitri Staessens <[email protected]>
* ipcpd: Fix double free, memleak and malloc checkDimitri Staessens2020-02-162-6/+7
| | | | | | | | Some fixes in the multipath implementation related to memory management that showed up with the static analyzer. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* Add equal-cost multipath routing policyDimitri Staessens2020-02-1612-15/+402
| | | | | | | | | | This adds an equal-cost multipath routing policy to Ouroboros, based on Nick Aerts' code. When selected, flows will send packets over all paths with equal cost (hop count). Path selection is round-robin. It does not yet take into account flows that are down. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Fix uninitialized variable in graphDimitri Staessens2020-02-161-1/+1
| | | | | | | During refactor a variable initialization was removed. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Rename hashtable to pftDimitri Staessens2020-02-168-352/+347
| | | | | | | | | This makes the hashtable more tailored to a packet forwarding table (PFT). In the end not much of a change was needed, but now it's clear the pft maps a destination address to a list of (outgoing) fds. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Fix bad newline in eth.cDimitri Staessens2020-02-161-2/+2
| | | | | Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Fix minor things in graph and link_stateDimitri Staessens2020-02-162-23/+74
| | | | | | | | | | The vertex was used before definition in the graph implementation. Fixed potential data race in link_state algorithm. Added missing asserts. Removed initialization of variables where not needed to let compiler warn about uninitialized uses. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Configure PFF from routing policyDimitri Staessens2020-02-167-9/+19
| | | | | | | | | | | | The Packet Forwarding Function (PFF) was user-configurable using the irm tool. However, this isn't really wanted since the PFF is dictated by the routing algorithm. This moves the responsability for selecting the correct PFF from the network admin to the unicast IPCP implementation. Each routing policy now has to specify which PFF it will use. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Move hashtable from lib to unicastDimitri Staessens2020-02-167-2/+410
| | | | | | | | | | The hashtable is only used for forwarding tables in the unicast IPCP. This moves the generic hashtable out of the library into the unicast IPCP to prepare a more tailored implementation specific to routing tables containing address lists. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Refactor graph to self-contain LFADimitri Staessens2020-02-161-72/+86
| | | | | | | | | | The LFA algorithm modifies the output of the simple routing algorithm, but the output was mixed in the general call. This moves the LFA subroutine to be self-contained. This makes for a cleaner entry point when adding more routing algorithms. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Filter fqueue events in packet handlersDimitri Staessens2020-01-253-0/+10
| | | | | | | | | | The eth, udp and local IPCPs were not filtering out the event types from the flow, causing some reads when there are no packets in the queue. The types are now also organized as flags so they can be filtered more quickly if needed. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* build: Update copyright to 20200.16.0Dimitri Staessens2020-01-0257-57/+57
| | | | | Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Remove duplicate ip address in udp dataDimitri Staessens2019-08-311-3/+1
| | | | | | | | | The ip address was stored twice, which is not needed. Only keeping the ip address in the sockaddr struct will make IPv6 support more homogeneous. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Fix length mismatch of encryption cypherDimitri Staessens2019-08-092-3/+3
| | | | | | | | The cypher_s field in QoS was sometimes 32 and sometimes 16 bits. This is now corrected to be 16 bits. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Add per-message encryption with OpenSSLDimitri Staessens2019-08-033-0/+10
| | | | | | | | | | | | | | | | | | | This adds a per-message symmetric encryption using the OpenSSL library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange is performed to derive a shared secret, which is then hashed using SHA3-256 to be used as a key for symmetric AES-256 encryption. Each message on an encrypted flow adds a small crypto header that includes a random 128-bit Initialization Vector (IV). If the server does not have OpenSSL enabled, the flow allocation will fail with an -ECRYPT error. Future optimizations are to piggyback the public keys on the flow allocation message, and to enable per-flow encryption that maintains the context of the encryption over multiple packets and doesn't require sending IVs. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* build: Refactor normal to unicastDimitri Staessens2019-07-2943-81/+81
| | | | | | | | This completes the renaming of the normal IPCP to the unicast IPCP in the sources, to get everything consistent with the documentation. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Fix use after free and uninitalized valueSander Vrijders2019-06-211-1/+1
| | | | | | | | | | This fixes a use after free in an error condition, and makes sure that pid is set in the flow_set early on, so flow_set_destroy won't create a prefix with an uninitialized pid in case of an error in shm_flow_set_create. Signed-off-by: Sander Vrijders <[email protected]> Signed-off-by: Dimitri Staessens <[email protected]>
* ipcpd: Give max priority to flow allocatorDimitri Staessens2019-03-281-2/+31
| | | | | | | | | | | The flow allocator thread was running on a low priority, causing some delay when handling packets. Usually this isn't a problem, but for congestion control updates, the delay may become problematic. The priority is now set to the maximum allowed by the scheduler policy to improve responsiveness. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Handle local IPCP case when parsing configDimitri Staessens2019-03-281-1/+3
| | | | | | | | | The default case in the configuration parsing prints an erroneous "Unknown IPCP type" message when a local IPCP is bootstrapped. The IPCP_LOCAL type is now handled separately (no action needed). Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* build: Set specific compiler flags for SWIG target0.15.2Dimitri Staessens2019-03-211-1/+4
| | | | | | | | | | The compiler flags for the SWIG target were added to the global CMAKE_C_FLAGS used for the entire project. This sets the flags uniquely for the SWIG target. The eth has a similar case for the c99 flag. There was a lingering include in dev.c that was removed. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Don't reuse fqueue between threadsDimitri Staessens2019-03-211-10/+17
| | | | | | | | The UDP IPCP was reusing fqueues between threads. This is not supported and lead to bad reads and buffer overflows. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Restrict MTU for Ethernet over loopbackDimitri Staessens2019-03-213-0/+8
| | | | | | | | | | | This restricts the MTU for the Ethernet IPCP over loopback adapters (devices named "lo*") to avoid it allocating 65K buffers per packet and quickly filling the default RDRBUFF space. The restriction is set using the build option IPCP_ETH_LO_MTU, with a default value of 1500 bytes. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Fix strict aliasing warning0.15.1Dimitri Staessens2019-03-181-6/+8
| | | | | | | | | | | | | Some versions of gcc seem to give a positive on the strict aliasing rule. It's absent from newer gcc versions or clang. However, rather than disabling the check for older version, this small rewrite seems to temporarily fix the false positive. Apparently, it's undefined behaviour to simply cast a char/uint8_t buffer to a variable type pointer and then dereference the type. A more elaborate patch to fix the undefined behaviour is needed. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Revise UDP IPCPDimitri Staessens2019-03-184-441/+397
| | | | | | | | | | | The UDP IPCP now uses a fixed server UDP port (default 3435) for all communications. This allows passing firewalls more easily since only a single port needs to be opened. The client port can be fixed as well if needed (default random). It uses an internal eid, so the MTU of the UDP layer is reduced by 4 bytes, similar to the Ethernet IPCPs. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* build: Set default number of threads in eth to 1Dimitri Staessens2019-03-051-2/+2
| | | | | | | | | This makes the eth packet handler single-threaded by default, at least until stability issues that seem to be related to multi-threading are fixed. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Refactor create_r and flow_req_arrDimitri Staessens2019-03-046-45/+42
| | | | | | | | | | | The API calls for the IPCP to inform the IRMd of IPCP creation and incoming flow request had the pid_t in the call. This pid_t is removed and the getpid() call is now placed inside the function. Also refactors the cleanup for the main() functions of some of the lower IPCPs. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* build: Update copyright to 2019Dimitri Staessens2019-02-0557-57/+57
| | | | | | | Updates the copyright notice in all sources to 2019. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Fix deallocating non-initialized np1 flowsDimitri Staessens2018-12-292-3/+4
| | | | | | | | This fixes the deallocation of non-initialized IPCP flows. These can occur when some operations are not implemented. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* include: Add a flow_join operation for broadcastDimitri Staessens2018-12-278-21/+51
| | | | | | | | | | | | This adds a new flow_join operaiton for broadcast, which is a much safer solution than overloading destination name semantics. The internal API now also has a different IPCP_FLOW_JOIN operation. The IRMd doesn't need to query broadcasts IPCPs for the name, it can just check if an IPCP with the layer name exists. The broadcast IPCP doesn't need to implement the query proxy call anymore. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Wait for buffer when writing to Eth deviceDimitri Staessens2018-12-081-1/+13
| | | | | | | | This will cause the Ethernet IPCP to wait for a free buffer when using raw sockets to avoid packet drops when the network is congested. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Fix uninitialized value for ECNSander Vrijders2018-11-201-9/+1
| | | | | | | | The ECN value in the packet was not set during write of a new packet. Also removes the outdated abstract syntax enum. Signed-off-by: Sander Vrijders <[email protected]> Signed-off-by: Dimitri Staessens <[email protected]>
* ipcpd: Add Explicit Congestion Notification fieldFriedl Rubrecht2018-11-201-1/+7
| | | | | | | | This adds an extra field to the data transfer PCI which can be used to flag congestion by intermediate routers. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Add broadcast IPCPDimitri Staessens2018-10-2411-2/+1788
| | | | | | | | | | This adds a broadcast IPCP that allows us to easily create multicast applications. The broadcast IPCP accepts flows for "<layer_name>.mc". A tool, obc (Ouroboros broadcast), is added that sends and reads a message to a broadcast layer. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* tools: Specify QoS cube for data transfer flows0.13.0Dimitri Staessens2018-10-194-6/+10
| | | | | | | | | The ipcp connect command can now set a specific qos cube for data transfer flows. For management flows, the tool ignores this and defaults to raw until data flows are stable enough. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Check if there are entries to add to pffDimitri Staessens2018-10-191-3/+3
| | | | | | | | The pff didn't check if there were actually entries in the database, causing an assertion failure in some rare cases. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd, irmd: Handle signal in main threadDimitri Staessens2018-10-183-64/+52
| | | | | | | | | The signals are now handled in the main thread instead of an asynchronous signal handler. The acceptloop is now correctly cancelled and the associated timeouts are removed. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Send link state message before lsdb update0.12.3Dimitri Staessens2018-10-121-5/+4
| | | | | | | | | | When a new link is added, the link state update will be sent before the database update, so the network is a little bit more quickly aware. This improves odds of the DHT successfully enrolling at its first attempt, reducing bootstrap time of a network. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Configure DHT slack timer at build timeDimitri Staessens2018-10-123-1/+9
| | | | | | | This allows configuration of the DHT slack timer at build time. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Make Qdisc bypass configurableSander Vrijders2018-10-123-0/+7
| | | | | | | | This will make bypassing the qdisc configurable, as it might be handy for getting fast data rates but is generally needed. Signed-off-by: Sander Vrijders <[email protected]> Signed-off-by: Dimitri Staessens <[email protected]>
* ipcpd: Call send_lsm under read lockSander Vrijders2018-10-111-0/+2
| | | | | | | | send_lsm was being called from the event handler as well as from lsupdate. The first one was not being locked properly. Signed-off-by: Sander Vrijders <[email protected]> Signed-off-by: Dimitri Staessens <[email protected]>
* ipcpd: Take correct lock when updating statsSander Vrijders2018-10-111-2/+4
| | | | | | | | The lock of the wrong fd was taken when updating the stats in the DT component. Signed-off-by: Sander Vrijders <[email protected]> Signed-off-by: Dimitri Staessens <[email protected]>
* ipcpd: Speed up enrolment of DHTDimitri Staessens2018-10-112-62/+68
| | | | | | | | | | | The link-state algorithm will now quickly recalculate for link additions (but not for removals, for stability). Upon notification of a new link, the DHT will wait for a brief moment to enroll. This reduces enrolment for large networks by some orders of magnitude. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Decouple flow allocator from dt threadDimitri Staessens2018-10-111-86/+176
| | | | | | | | The flow allocator passed a blocking callback to the forwarding component, which blocks packet processing. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Remove stale QoS cubesDimitri Staessens2018-10-103-17/+1
| | | | | | | | There were QoS cubes defined for raw and data flows, which are now run on the best effort cube. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Fix SEGV in eth IPCPDimitri Staessens2018-10-101-1/+6
| | | | | | | | The memcpy of the device name was copying a fixed set of bytes (IFNAMSIZ), but the string conf->dev is usually shorter. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* include: Fix QoS include filesDimitri Staessens2018-10-064-3/+2
| | | | | | | A lot of files were unnecessarily including qoscube.h. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>