| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
The rbuff_destroy function asserts that we do not try to destroy an
rbuff that still contains packets. The test now empties the rbuff
before destroying it.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Packet Forwarding Function (PFF) was user-configurable using the
irm tool. However, this isn't really wanted since the PFF is dictated
by the routing algorithm. This moves the responsability for selecting
the correct PFF from the network admin to the unicast IPCP
implementation. Each routing policy now has to specify which PFF it
will use.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
|
| |
The hashtable is only used for forwarding tables in the unicast
IPCP. This moves the generic hashtable out of the library into the
unicast IPCP to prepare a more tailored implementation specific to
routing tables containing address lists.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
| |
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
| |
The node construction path is revised using gotos to avoid repetition.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
| |
In fset_add, the flow_id was passed to the shm_flow_set without
checking if it was actually valid.
Signed-off-by: Sander Vrijders <[email protected]>
Signed-off-by: Dimitri Staessens <[email protected]>
|
|
|
|
|
|
|
|
|
| |
Ubuntu 16 comes with older versions of OpenSSL, glibc and
libgcrypt. Ouroboros will now fall back to OpenSSL even if the version
is <= 1.1.0.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
| |
The cryptographic functions require at least OpenSSL 1.1.0. The build
will now check for this version and disable OpenSSL support when this
requirement is not met.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
|
| |
The client and server side were swapped. This wasn't a big issue, but
now we are sure that the flow allocation response for the server has
arrived at the client (packet reordering could cause the server key to
arrive before the flow is allocated at the client).
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
| |
The wrong pointer was being free'd in case of a derivation error.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a per-message symmetric encryption using the OpenSSL
library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange
is performed to derive a shared secret, which is then hashed using
SHA3-256 to be used as a key for symmetric AES-256 encryption. Each
message on an encrypted flow adds a small crypto header that includes
a random 128-bit Initialization Vector (IV). If the server does not
have OpenSSL enabled, the flow allocation will fail with an -ECRYPT
error.
Future optimizations are to piggyback the public keys on the flow
allocation message, and to enable per-flow encryption that maintains
the context of the encryption over multiple packets and doesn't
require sending IVs.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
|
| |
The proper initialization of libgrypt requires a call to
gcry_check_version. The library initialization should first run a
check if the application (or some other library) hasn't already
initialized libgcrypt before attempting to initialize libgcrypt.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
| |
This completes the renaming of the normal IPCP to the unicast IPCP in
the sources, to get everything consistent with the documentation.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
|
| |
This fixes a use after free in an error condition, and makes sure that
pid is set in the flow_set early on, so flow_set_destroy won't create
a prefix with an uninitialized pid in case of an error in
shm_flow_set_create.
Signed-off-by: Sander Vrijders <[email protected]>
Signed-off-by: Dimitri Staessens <[email protected]>
|
|
|
|
|
|
|
|
|
| |
This adds some tests for the shm_rbuff after some reports that the
queue length would be erroneously reported as 0 when the rbuff was
full. The test passes for the reported case.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
| |
This fixes writing at high speeds when the rbuff is smaller than the
rdrbuff. The pthread_cond_wait calls were blocking on the wrong
condition variable.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
|
| |
This allows setting the size of the rbuffs in a system independently
of the main packet buffer using SHM_RBUFF_SIZE. The benefit of setting
a smaller rbuff size is that a single process can't fully occupy the
main packet buffer.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
|
| |
The compiler flags for the SWIG target were added to the global
CMAKE_C_FLAGS used for the entire project. This sets the flags
uniquely for the SWIG target. The eth has a similar case for the c99
flag. There was a lingering include in dev.c that was removed.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
|
|
| |
The UDP IPCP now uses a fixed server UDP port (default 3435) for all
communications. This allows passing firewalls more easily since only a
single port needs to be opened. The client port can be fixed as well
if needed (default random). It uses an internal eid, so the MTU of the
UDP layer is reduced by 4 bytes, similar to the Ethernet IPCPs.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
|
|
| |
The API calls for the IPCP to inform the IRMd of IPCP creation and
incoming flow request had the pid_t in the call. This pid_t is removed
and the getpid() call is now placed inside the function. Also
refactors the cleanup for the main() functions of some of the lower
IPCPs.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a simple round-trip time estimator to FRCT. The estimate is
a weighted average with deviation. The retransmission is scheduled
after rtt + 2 times the deviation. A retransmit doubles the rtt
estimate to avoid the no-update case when rtt suddenly increases. The
rtt is estimated in microseconds and the granularity for retransmits
is 256 microseconds.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
| |
Updates the copyright notice in all sources to 2019.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
| |
This fixes the deallocation of non-initialized IPCP flows. These can
occur when some operations are not implemented.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new flow_join operaiton for broadcast, which is a much
safer solution than overloading destination name semantics. The
internal API now also has a different IPCP_FLOW_JOIN operation. The
IRMd doesn't need to query broadcasts IPCPs for the name, it can just
check if an IPCP with the layer name exists. The broadcast IPCP
doesn't need to implement the query proxy call anymore.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
| |
This moves the creation and destruction of shm_flow_set shared memory
structures from the init to the IRMd. Now the management of all shared
data objects is performed by the IRMd.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
| |
The fccntl call was reading from the RX queue instead of the TX queue.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
| |
This adds a First Fragment bit to FRCT. This small optimisation avoids
losing two packets when there is packet loss without fragmentation,
without the need to disable fragmentation at the end points.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
| |
This changes the API to the rdrbuff to treat it as a pool memory
allocator. The head and tailspace to allocate in a buffer is now set
system-wide instead of being passed as a parameter.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
|
| |
This adds a broadcast IPCP that allows us to easily create multicast
applications. The broadcast IPCP accepts flows for "<layer_name>.mc".
A tool, obc (Ouroboros broadcast), is added that sends and reads a
message to a broadcast layer.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
| |
The ipcp connect command can now set a specific qos cube for data
transfer flows. For management flows, the tool ignores this and
defaults to raw until data flows are stable enough.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
|
| |
This will check if the flow id is valid instead of asserting. It
avoids assertion failures in the IPCP if an application crashes and
the IRMd deallocates the flow while the IPCP still has pending writes.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|
|
|
|
|
|
|
| |
The integrity check mechanism was split from FRCT, this flag is not
needed anymore.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There was a bug where the hash selection for the local, raptor and
ethernet IPCPs was not passed correctly, so they were using a wrong
hash.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|\| |
|
| |
| |
| |
| |
| |
| |
| |
| | |
This adds a cleanup function in the notifier in case it gets
cancelled, which is a possibility in some callbacks.
Signed-off-by: Sander Vrijders <[email protected]>
Signed-off-by: Dimitri Staessens <[email protected]>
|
|\| |
|
| |
| |
| |
| |
| |
| |
| |
| | |
This sets the CRC check to be disabled by default, since it greatly
hampers performance and is almost never needed.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This initializes libgcrypt before use in the library. This fixes the
"called in non-operational state" error when CRC checking is enabled.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The queued packets were not correctly read. The rcv_cr->seqno now
indicates the next packet the receiver application expects. A lot more
stable now, but still some further issues to be fixed.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|\| |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Multiblock writes that require wrapping will now correctly pad
unuseable space at the end of the rdrbuff.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes rudimentary automated repeat-request ARQ to correctly
configure the both connection records and use the receiver seqno. The
rto variable is moved out of the connection record.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
|\| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The QoS specs were defined in the source file instead of in the header
file, which resulted in uninitialized structs being used, which gave
rise to weird behavior in the library.
Signed-off-by: Sander Vrijders <[email protected]>
Signed-off-by: Dimitri Staessens <[email protected]>
|
|\| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The FRCT kept only a left window edge in the receiver connection
window, however, it needs to keep track of the left window edge
(highest ACK'd sequence number) and the highest delivered sequence
number, so it can delay ACKs that cannot be piggybacked. TCP
recommends at most 500 ms for delayed ACKs (probably good to keep it
near half of RTO).
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This splits off the CRC from FRCT so it can be set
independently. Ouroboros now allows raw flows with error checking.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
| |
| |
| |
| |
| |
| |
| | |
Renames port_id to flow_id according to updated nomenclature.
Signed-off-by: Dimitri Staessens <[email protected]>
Signed-off-by: Sander Vrijders <[email protected]>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This will change SDU (Service Data Unit) to packet everywhere. SDU is
OSI terminology, whereas packet is Ouroboros terminology.
Signed-off-by: Sander Vrijders <[email protected]>
Signed-off-by: Dimitri Staessens <[email protected]>
|