summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* ipcpd: Fix leak and unitialized variable in DHTDimitri Staessens2020-05-291-1/+4
| | | | | | | | There were some issues identified by the Clang static analyzer that are now fixed. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Fix bad index in packet schedulerDimitri Staessens2020-05-291-1/+1
| | | | | | | | GCC 10 static analyzer found that the wrong index was used in the fail path of psched_create, causing double (multiple) frees. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* build: Add support for GCC 100.17.5Dimitri Staessens2020-05-2312-6/+17
| | | | | | | | | GCC 10 defaults to -fno-common, so some variables that were defined in the headers needed to be declared "extern". The GCC 10 static analyzer can now be invoked using the DebugAnalyzer build option. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Refactor FRCTDimitri Staessens2020-05-042-72/+59
| | | | | | | | | | This is a small refactor of FRCT because I found some things a bit hard to read. I tried to refactor frcti_rcv to always queue the packet, but that causes unnecessarily retaking the lock when calling queued_pdu and thus returning idx is a tiny bit faster. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Remove some unused variables0.17.4Dimitri Staessens2020-05-022-3/+2
| | | | | | | The compiler spotted some variables that weren't really used. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Fix retransmission DRF updateDimitri Staessens2020-05-021-4/+0
| | | | | | | | | | The retransmission was always disabling the DRF flag. This caused problems with the loss of the first packet, which of course needs a DRF flag set. The retransmitted packet will now contain a the original DRF flag and an updated ack number. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Create an rxmwheel per flowDimitri Staessens2020-05-024-128/+149
| | | | | | | | | The single retransmission wheel caused locking headaches as the calls for different flows could block on the same rxmwheel. This stabilizes the stack, but if the rdrbuff gets full there can now be big delays. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* tools: Stop oping client cleanly on bad writeDimitri Staessens2020-05-021-0/+1
| | | | | | | | On a bad write, the writer thread would shutdown, leaving the client hanging. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Fix updating retransmission wheelDimitri Staessens2020-05-014-23/+28
| | | | | | | | | | Fixes infinite rescheduling with RTO getting lower than the timerwheel resolution. For very low RTO values we'd need a big packet buffer with the current memory allocator implementation (rdrbuff). Setting a (configurable) minimum RTO (250 us) reduces this need. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Unmount stale RIB directoriesSander Vrijders2020-04-301-1/+10
| | | | | | | | If Ouroboros crashed, the RIB directory might still be mounted. This checks if this is the case, then unmounts it. Signed-off-by: Sander Vrijders <[email protected]> Signed-off-by: Dimitri Staessens <[email protected]>
* lib: Stabilize FRCP under packet loss conditions0.17.3Dimitri Staessens2020-04-302-59/+68
| | | | | | | | | | | There were a bunch of bugs in FRCP that urgently needed fixing. Now data QoS is usable even with heavy packet loss (within some parameters). The current RTT estimator is the IETF one. It should be updated to the improved one used in the Linux kernel once the A-timer (ACKs without data) and graceful shutdown are implemented. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* irmd: Don't always send pub key in alloc response0.17.2Dimitri Staessens2020-03-301-0/+5
| | | | | | | | The allocation response was always containing an ECDHE key, which is not needed if the client doesn't request an encrypted flow. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* irmd: Fix cleanup of shm_flow_set0.17.1Dimitri Staessens2020-03-202-1/+8
| | | | | | | | | The shm_flowset destroy was using the irmd pid, resulting in wrong unlinks. The irmd was not cleaning up the process table, resulting in shm leaks if there were still running processes on exit. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Fix thread management in thread pool managerDimitri Staessens2020-03-201-1/+1
| | | | | | | | | The thread pool manager wasn't counting working threads when deciding to create new ones, resulting in constant starting of new threads when threads were busy. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Return number of written bytes on flow_write0.17.0Dimitri Staessens2020-03-159-19/+19
| | | | | | | | | This is more in line with the write() system call and prepares for partial writes. Partial writes are disabled by default (and not yet implemented). Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Change return type of fevent to ssize_tDimitri Staessens2020-03-151-3/+3
| | | | | | | | The return type was still an int, but since it returns the number of events, it should be an ssize_t. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* irm: Revise naming APIDimitri Staessens2020-03-1515-101/+769
| | | | | | | | | | | | | | | | | | | | | | | This revises the naming API to treat names (or reg_name in the source) as first-class citizens of the architecture. This is more in line with the way they are described in the article. Operations have been added to create/destroy names independently of registering. This was previously done only as part of register, and there was no way to delete a name from the IRMd. The create call now allows specifying a policy for load-balancing incoming flows for a name. The default is the new round-robin load-balancer, the previous behaviour is still available as a spillover load-balancer. The register calls will still create a name if it doesn't exist, with the default round-robin load-balancer. The tools now have a "name" section, so the format is now irm name <operation> <name> ... Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Fix locking in link_state policyDimitri Staessens2020-03-141-7/+6
| | | | | | | | There were updates under rdlock instead of wrlock, causing data races and trouble. Also speeds up shutdown a bit. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Fix deadlock in threadpool managerDimitri Staessens2020-03-141-9/+23
| | | | | | | | There was a rare deadlock upon destruction of the threadpool manager because the threads were cancelled/joined under lock. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib, ipcpd: piggyback ECDHE on flow allocationDimitri Staessens2020-02-2520-370/+555
| | | | | | | | | | | The initial implementation for the ECDHE key exchange was doing the key exchange after a flow was established. The public keys are now sent allowg on the flow allocation messages, so that an encrypted tunnel can be created within 1 RTT. The flow allocation steps had to be extended to pass the opaque data ('piggybacking'). Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Add unit tests for LFA and ECMP algorithmsDimitri Staessens2020-02-231-49/+100
| | | | | | | This adds tests for LFA and ECMP to the graph_test routine. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Fix infinite recursion in LFADimitri Staessens2020-02-231-2/+2
| | | | | | | | | There were bugs introduced in the LFA algorithm refactor causing infinite recursion and SEGV. The infinite recursion check was added as an explicit compiler flag to the build. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Use int instead of enum pol_pffSander Vrijders2020-02-161-1/+1
| | | | | | | | Otherwise the compile will complain that the comparison of an unsigned enum expression < 0 is always false. Signed-off-by: Sander Vrijders <[email protected]> Signed-off-by: Dimitri Staessens <[email protected]>
* ipcpd: Fix double free, memleak and malloc checkDimitri Staessens2020-02-162-6/+7
| | | | | | | | Some fixes in the multipath implementation related to memory management that showed up with the static analyzer. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* Add equal-cost multipath routing policyDimitri Staessens2020-02-1613-16/+407
| | | | | | | | | | This adds an equal-cost multipath routing policy to Ouroboros, based on Nick Aerts' code. When selected, flows will send packets over all paths with equal cost (hop count). Path selection is round-robin. It does not yet take into account flows that are down. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Fix uninitialized variable in graphDimitri Staessens2020-02-161-1/+1
| | | | | | | During refactor a variable initialization was removed. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Rename hashtable to pftDimitri Staessens2020-02-168-352/+347
| | | | | | | | | This makes the hashtable more tailored to a packet forwarding table (PFT). In the end not much of a change was needed, but now it's clear the pft maps a destination address to a list of (outgoing) fds. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Fix shm_rbuff testDimitri Staessens2020-02-161-0/+8
| | | | | | | | | The rbuff_destroy function asserts that we do not try to destroy an rbuff that still contains packets. The test now empties the rbuff before destroying it. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Fix bad newline in eth.cDimitri Staessens2020-02-161-2/+2
| | | | | Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Fix minor things in graph and link_stateDimitri Staessens2020-02-162-23/+74
| | | | | | | | | | The vertex was used before definition in the graph implementation. Fixed potential data race in link_state algorithm. Added missing asserts. Removed initialization of variables where not needed to let compiler warn about uninitialized uses. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Configure PFF from routing policyDimitri Staessens2020-02-1610-33/+26
| | | | | | | | | | | | The Packet Forwarding Function (PFF) was user-configurable using the irm tool. However, this isn't really wanted since the PFF is dictated by the routing algorithm. This moves the responsability for selecting the correct PFF from the network admin to the unicast IPCP implementation. Each routing policy now has to specify which PFF it will use. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Move hashtable from lib to unicastDimitri Staessens2020-02-169-14/+70
| | | | | | | | | | The hashtable is only used for forwarding tables in the unicast IPCP. This moves the generic hashtable out of the library into the unicast IPCP to prepare a more tailored implementation specific to routing tables containing address lists. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Refactor graph to self-contain LFADimitri Staessens2020-02-161-72/+86
| | | | | | | | | | The LFA algorithm modifies the output of the simple routing algorithm, but the output was mixed in the general call. This moves the LFA subroutine to be self-contained. This makes for a cleaner entry point when adding more routing algorithms. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Filter fqueue events in packet handlersDimitri Staessens2020-01-253-0/+10
| | | | | | | | | | The eth, udp and local IPCPs were not filtering out the event types from the flow, causing some reads when there are no packets in the queue. The types are now also organized as flags so they can be filtered more quickly if needed. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* build: Update copyright to 20200.16.0Dimitri Staessens2020-01-02148-148/+148
| | | | | Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Clean up fail path in constructorsDimitri Staessens2019-10-281-15/+17
| | | | | | | The node construction path is revised using gotos to avoid repetition. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* irmd: Check if entry actually existsSander Vrijders2019-10-061-0/+5
| | | | | | | | | The prog table was consulted for a name of a program, which may not exist, thus prog_entry_del_name potentially got a NULL reference passed. Signed-off-by: Sander Vrijders <[email protected]> Signed-off-by: Dimitri Staessens <[email protected]>
* lib: Add check that flow_id is validSander Vrijders2019-10-061-0/+5
| | | | | | | | In fset_add, the flow_id was passed to the shm_flow_set without checking if it was actually valid. Signed-off-by: Sander Vrijders <[email protected]> Signed-off-by: Dimitri Staessens <[email protected]>
* build: Allow older OpenSSL versions for randomDimitri Staessens2019-10-053-4/+6
| | | | | | | | | Ubuntu 16 comes with older versions of OpenSSL, glibc and libgcrypt. Ouroboros will now fall back to OpenSSL even if the version is <= 1.1.0. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* build: Check OpenSSL version >= 1.1.0Dimitri Staessens2019-09-291-10/+15
| | | | | | | | | The cryptographic functions require at least OpenSSL 1.1.0. The build will now check for this version and disable OpenSSL support when this requirement is not met. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* tools: Fix name option in ovpnDimitri Staessens2019-09-151-1/+1
| | | | | | | The --name option is not of optional_argument type. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Remove duplicate ip address in udp dataDimitri Staessens2019-08-311-3/+1
| | | | | | | | | The ip address was stored twice, which is not needed. Only keeping the ip address in the sockaddr struct will make IPv6 support more homogeneous. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* tools: Add encryption option to ovpnDimitri Staessens2019-08-311-7/+15
| | | | | | | | This adds a -C, --crypt option to the ovpn tool to easily create AES encrypted IP tunnels. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* tools: Use time_utils from toolsDimitri Staessens2019-08-314-2/+7
| | | | | | | | The ocbr tool was still using the non-public time_utils from the library instead of the version in tools. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Fix swapped ECDH crypt callsDimitri Staessens2019-08-091-2/+2
| | | | | | | | | | The client and server side were swapped. This wasn't a big issue, but now we are sure that the flow allocation response for the server has arrived at the client (packet reordering could cause the server key to arrive before the flow is allocated at the client). Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Fix free in key derivationDimitri Staessens2019-08-091-1/+1
| | | | | | | The wrong pointer was being free'd in case of a derivation error. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* ipcpd: Fix length mismatch of encryption cypherDimitri Staessens2019-08-092-3/+3
| | | | | | | | The cypher_s field in QoS was sometimes 32 and sometimes 16 bits. This is now corrected to be 16 bits. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* lib: Add per-message encryption with OpenSSLDimitri Staessens2019-08-038-17/+615
| | | | | | | | | | | | | | | | | | | This adds a per-message symmetric encryption using the OpenSSL library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange is performed to derive a shared secret, which is then hashed using SHA3-256 to be used as a key for symmetric AES-256 encryption. Each message on an encrypted flow adds a small crypto header that includes a random 128-bit Initialization Vector (IV). If the server does not have OpenSSL enabled, the flow allocation will fail with an -ECRYPT error. Future optimizations are to piggyback the public keys on the flow allocation message, and to enable per-flow encryption that maintains the context of the encryption over multiple packets and doesn't require sending IVs. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* irmd, lib: Improve libgcrypt initDimitri Staessens2019-07-292-6/+20
| | | | | | | | | | The proper initialization of libgrypt requires a call to gcry_check_version. The library initialization should first run a check if the application (or some other library) hasn't already initialized libgcrypt before attempting to initialize libgcrypt. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>
* build: Refactor normal to unicastDimitri Staessens2019-07-2954-113/+113
| | | | | | | | This completes the renaming of the normal IPCP to the unicast IPCP in the sources, to get everything consistent with the documentation. Signed-off-by: Dimitri Staessens <[email protected]> Signed-off-by: Sander Vrijders <[email protected]>