ouroboros/src/ipcpd/eth, branch 0.17.3

lib, ipcpd: piggyback ECDHE on flow allocation

2020-02-25T07:21:09+00:00

The initial implementation for the ECDHE key exchange was doing the key exchange after a flow was established. The public keys are now sent allowg on the flow allocation messages, so that an encrypted tunnel can be created within 1 RTT. The flow allocation steps had to be extended to pass the opaque data ('piggybacking'). Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

ipcpd: Fix bad newline in eth.c

2020-02-16T17:25:08+00:00

Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

ipcpd: Filter fqueue events in packet handlers

2020-01-25T15:02:21+00:00

The eth, udp and local IPCPs were not filtering out the event types from the flow, causing some reads when there are no packets in the queue. The types are now also organized as flags so they can be filtered more quickly if needed. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

build: Update copyright to 2020

2020-01-02T14:07:36+00:00

Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

ipcpd: Fix length mismatch of encryption cypher

2019-08-09T17:43:07+00:00

The cypher_s field in QoS was sometimes 32 and sometimes 16 bits. This is now corrected to be 16 bits. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Add per-message encryption with OpenSSL

2019-08-03T10:10:57+00:00

This adds a per-message symmetric encryption using the OpenSSL library. At flow allocation, an Elliptic Curve Diffie-Hellman exchange is performed to derive a shared secret, which is then hashed using SHA3-256 to be used as a key for symmetric AES-256 encryption. Each message on an encrypted flow adds a small crypto header that includes a random 128-bit Initialization Vector (IV). If the server does not have OpenSSL enabled, the flow allocation will fail with an -ECRYPT error. Future optimizations are to piggyback the public keys on the flow allocation message, and to enable per-flow encryption that maintains the context of the encryption over multiple packets and doesn't require sending IVs. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

build: Set specific compiler flags for SWIG target

2019-03-21T11:33:54+00:00

The compiler flags for the SWIG target were added to the global CMAKE_C_FLAGS used for the entire project. This sets the flags uniquely for the SWIG target. The eth has a similar case for the c99 flag. There was a lingering include in dev.c that was removed. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

ipcpd: Restrict MTU for Ethernet over loopback

2019-03-21T08:42:34+00:00

This restricts the MTU for the Ethernet IPCP over loopback adapters (devices named "lo*") to avoid it allocating 65K buffers per packet and quickly filling the default RDRBUFF space. The restriction is set using the build option IPCP_ETH_LO_MTU, with a default value of 1500 bytes. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

build: Set default number of threads in eth to 1

2019-03-05T08:10:38+00:00

This makes the eth packet handler single-threaded by default, at least until stability issues that seem to be related to multi-threading are fixed. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

ipcpd: Refactor create_r and flow_req_arr

2019-03-04T07:57:57+00:00

The API calls for the IPCP to inform the IRMd of IPCP creation and incoming flow request had the pid_t in the call. This pid_t is removed and the getpid() call is now placed inside the function. Also refactors the cleanup for the main() functions of some of the lower IPCPs. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders