diff options
67 files changed, 2434 insertions, 629 deletions
diff --git a/.ci/woodpecker/01-build.yaml b/.ci/woodpecker/01-build.yaml deleted file mode 100644 index f8109c94..00000000 --- a/.ci/woodpecker/01-build.yaml +++ /dev/null @@ -1,111 +0,0 @@ -matrix: - IMAGE: - - dstaesse/debian:o7s - - dstaesse/ubuntu:o7s - FLAGS: - - '' - - -m32 - COMPILER: - - clang - - gcc - BUILD_TYPE: - - Debug - - Release - DISABLE_FUSE: - - TRUE - - FALSE - DISABLE_OPENSSL: - - TRUE - - FALSE - DISABLE_LIBGCRYPT: - - TRUE - - FALSE - SANITIZER: - - DebugASan - - DebugUSan - - DebugLSan - -steps: - - name: build - image: ${IMAGE} - pull: true - when: - branch: [testing, be] - event: [push, pull_request] - commands: - - apt-get update -y - - apt-get install bash clang -y - - apt-get install git protobuf-c-compiler cmake -y - - apt-get install libgcrypt20-dev libssl-dev libfuse-dev dnsutils cmake-curses-gui -y - - apt-get install libprotobuf-c-dev -y || true - - mkdir build - - cd build - - CC=${COMPILER} cmake .. -DCMAKE_BUILD_TYPE=${BUILD_TYPE} -DDISABLE_FUSE=${DISABLE_FUSE} \ - -DDISABLE_OPENSSL=${DISABLE_OPENSSL} -DDISABLE_LIBGCRYPT=${DISABLE_LIBGCRYPT} - - make CFLAGS="${FLAGS}" -s -j2 - - env CTEST_OUTPUT_ON_FAILURE=1 make CFLAGS="${FLAGS}" -s check - - cd .. - - rm -rf build - - - name: sanitizers - image: ${IMAGE} - pull: true - when: - branch: [testing, be] - event: [push, pull_request] - commands: - - apt-get update -y - - apt-get install bash clang -y - - apt-get install git protobuf-c-compiler cmake -y - - apt-get install libgcrypt20-dev libssl-dev libfuse-dev dnsutils cmake-curses-gui -y - - apt-get install libprotobuf-c-dev -y || true - - mkdir build - - cd build - - CC=${COMPILER} cmake .. -DCMAKE_BUILD_TYPE=${SANITIZER} -DDISABLE_FUSE=${DISABLE_FUSE} \ - -DDISABLE_OPENSSL=${DISABLE_OPENSSL} -DDISABLE_LIBGCRYPT=${DISABLE_LIBGCRYPT} \ - - make -s -j2 - - env CTEST_OUTPUT_ON_FAILURE=1 make -s check - - cd .. - - rm -rf build - - - name: build (manual) - image: ${IMAGE} - pull: true - when: - event: manual - commands: - - apt-get update -y - - apt-get install bash clang -y - - apt-get install git protobuf-c-compiler cmake -y - - apt-get install libgcrypt20-dev libssl-dev libfuse-dev dnsutils cmake-curses-gui -y - - apt-get install libprotobuf-c-dev -y || true - - mkdir build - - cd build - - CC=${COMPILER} cmake .. -DCMAKE_BUILD_TYPE=${BUILD_TYPE} -DDISABLE_FUSE=${DISABLE_FUSE} \ - -DDISABLE_OPENSSL=${DISABLE_OPENSSL} -DDISABLE_LIBGCRYPT=${DISABLE_LIBGCRYPT} - - make CFLAGS="${FLAGS}" -s -j2 - - env CTEST_OUTPUT_ON_FAILURE=1 make CFLAGS="${FLAGS}" -s check - - cd .. - - rm -rf build - - - name: sanitizers (manual) - image: ${IMAGE} - pull: true - when: - event: manual - commands: - - apt-get update -y - - apt-get install bash clang -y - - apt-get install git protobuf-c-compiler cmake -y - - apt-get install libgcrypt20-dev libssl-dev libfuse-dev dnsutils cmake-curses-gui -y - - apt-get install libprotobuf-c-dev -y || true - - mkdir build - - cd build - - CC=${COMPILER} cmake .. -DCMAKE_BUILD_TYPE=${SANITIZER} -DDISABLE_FUSE=${DISABLE_FUSE} \ - -DDISABLE_OPENSSL=${DISABLE_OPENSSL} -DDISABLE_LIBGCRYPT=${DISABLE_LIBGCRYPT} \ - - make -s -j2 - - env CTEST_OUTPUT_ON_FAILURE=1 make -s check - - cd .. - - rm -rf build - - diff --git a/.ci/woodpecker/10-build.yaml b/.ci/woodpecker/10-build.yaml new file mode 100644 index 00000000..0a82c469 --- /dev/null +++ b/.ci/woodpecker/10-build.yaml @@ -0,0 +1,100 @@ +depends_on: + - 00-check-version + +matrix: + IMAGE: + - dstaesse/debian:o7s + - dstaesse/ubuntu:o7s + COMPILER: + - clang + - gcc + +steps: + - name: build + image: ${IMAGE} + pull: true + when: + - branch: be + event: [push, pull_request] + - event: manual + commands: + - apt-get update -y + - apt-get install bash clang -y + - apt-get install git protobuf-c-compiler cmake -y + - apt-get install libgcrypt20-dev libssl-dev libfuse-dev dnsutils cmake-curses-gui -y + - apt-get install libprotobuf-c-dev -y || true + - | + set -e + + run_build() { + mkdir build && cd build + CC=${COMPILER} cmake .. "$@" + make CFLAGS="${CFLAGS_EXTRA}" -s -j2 + env CTEST_OUTPUT_ON_FAILURE=1 \ + make CFLAGS="${CFLAGS_EXTRA}" -s check + cd .. && rm -rf build + } + + for build_type in Release Debug; do + for flags in '' -m32; do + echo "--- ${COMPILER} $build_type $flags ---" + CFLAGS_EXTRA="$flags" + run_build \ + -DCMAKE_BUILD_TYPE=$build_type + done + done + + CFLAGS_EXTRA="" + + for flow_stats in TRUE FALSE; do + echo "--- IPCP_FLOW_STATS=$flow_stats ---" + run_build \ + -DIPCP_FLOW_STATS=$flow_stats + done + + for disable_fuse in TRUE FALSE; do + echo "--- DISABLE_FUSE=$disable_fuse ---" + run_build \ + -DDISABLE_FUSE=$disable_fuse + done + + for disable_cf in TRUE FALSE; do + for build_type in Release Debug; do + echo "--- DISABLE_CONFIGFILE=$disable_cf $build_type ---" + run_build \ + -DCMAKE_BUILD_TYPE=$build_type \ + -DDISABLE_CONFIGFILE=$disable_cf + done + done + + for disable_ddns in TRUE FALSE; do + for build_type in Release Debug; do + echo "--- DISABLE_DDNS=$disable_ddns $build_type ---" + run_build \ + -DCMAKE_BUILD_TYPE=$build_type \ + -DDISABLE_DDNS=$disable_ddns + done + done + + for disable_ssl in TRUE FALSE; do + for disable_gc in TRUE FALSE; do + for build_type in Release Debug; do + echo "--- OPENSSL=$disable_ssl GCRYPT=$disable_gc $build_type ---" + run_build \ + -DCMAKE_BUILD_TYPE=$build_type \ + -DDISABLE_OPENSSL=$disable_ssl \ + -DDISABLE_LIBGCRYPT=$disable_gc + done + done + done + + for rxm_heap in TRUE FALSE; do + for rxm_block in TRUE FALSE; do + echo "--- HEAP=$rxm_heap BLOCKING=$rxm_block ---" + run_build \ + -DRXM_BUFFER_ON_HEAP=$rxm_heap \ + -DRXM_BLOCKING=$rxm_block + done + done + + diff --git a/.ci/woodpecker/20-sanitizer.yaml b/.ci/woodpecker/20-sanitizer.yaml new file mode 100644 index 00000000..b3d9f6af --- /dev/null +++ b/.ci/woodpecker/20-sanitizer.yaml @@ -0,0 +1,40 @@ +depends_on: + - 00-check-version + +matrix: + IMAGE: + - dstaesse/debian:o7s + - dstaesse/ubuntu:o7s + COMPILER: + - clang + - gcc + +steps: + - name: sanitizers + image: ${IMAGE} + pull: true + when: + - branch: be + event: [push, pull_request] + - event: manual + commands: + - apt-get update -y + - apt-get install bash clang -y + - apt-get install git protobuf-c-compiler cmake -y + - apt-get install libgcrypt20-dev libssl-dev libfuse-dev dnsutils cmake-curses-gui -y + - apt-get install libprotobuf-c-dev -y || true + - | + set -e + + for sanitizer in DebugASan DebugUSan DebugLSan; do + echo "--- ${COMPILER} $sanitizer ---" + mkdir build && cd build + CC=${COMPILER} cmake .. \ + -DCMAKE_BUILD_TYPE=$sanitizer + make -s -j2 + env CTEST_OUTPUT_ON_FAILURE=1 \ + make -s check + cd .. && rm -rf build + done + + diff --git a/cmake/config/irmd.cmake b/cmake/config/irmd.cmake index 9795e4a4..b86a40c5 100644 --- a/cmake/config/irmd.cmake +++ b/cmake/config/irmd.cmake @@ -29,6 +29,10 @@ set(IRMD_MIN_THREADS 8 CACHE STRING set(IRMD_ADD_THREADS 8 CACHE STRING "Number of extra threads to start when the IRMD faces thread starvation") +# Direct IPC +set(DISABLE_DIRECT_IPC FALSE CACHE BOOL + "Disable direct inter-process communication between local applications") + # Process management set(IRMD_PKILL_TIMEOUT 30 CACHE STRING "Number of seconds to wait before sending SIGKILL to subprocesses on exit") diff --git a/cmake/config/lib.cmake b/cmake/config/lib.cmake index 287f30dc..aba580f1 100644 --- a/cmake/config/lib.cmake +++ b/cmake/config/lib.cmake @@ -28,6 +28,17 @@ set(SOCKET_TIMEOUT 500 CACHE STRING set(QOS_DISABLE_CRC TRUE CACHE BOOL "Ignores ber setting on all QoS cubes") +include(utils/CPUUtils) +detect_pclmul() +detect_pmull() +if(HAVE_PCLMUL) + message(STATUS "CRC-64/NVMe backend: PCLMUL (x86 SSE4.1+PCLMUL)") +elseif(HAVE_PMULL) + message(STATUS "CRC-64/NVMe backend: PMULL (aarch64 crypto)") +else() + message(STATUS "CRC-64/NVMe backend: byte table (no acceleration)") +endif() + # Delta-t protocol timers set(DELTA_T_MPL 60 CACHE STRING "Maximum packet lifetime (s)") diff --git a/cmake/utils/CPUUtils.cmake b/cmake/utils/CPUUtils.cmake new file mode 100644 index 00000000..8ca7683a --- /dev/null +++ b/cmake/utils/CPUUtils.cmake @@ -0,0 +1,82 @@ +include(CheckCSourceRuns) + +# Compile + run a probe so we only enable a feature the host CPU +# actually implements (toolchains accept flags the silicon may lack). +# Cross-compile without an emulator: feature off. +function(detect_cpu_feature _result_var _flags _source) + set(_save_flags "${CMAKE_REQUIRED_FLAGS}") + set(_save_quiet "${CMAKE_REQUIRED_QUIET}") + set(CMAKE_REQUIRED_FLAGS "${_save_flags} ${_flags}") + set(CMAKE_REQUIRED_QUIET TRUE) + if(CMAKE_CROSSCOMPILING AND NOT CMAKE_CROSSCOMPILING_EMULATOR) + set(${_result_var} FALSE CACHE INTERNAL + "${_result_var} (cross-compile without emulator: off)") + else() + check_c_source_runs("${_source}" ${_result_var}) + endif() + set(CMAKE_REQUIRED_FLAGS "${_save_flags}") + set(CMAKE_REQUIRED_QUIET "${_save_quiet}") +endfunction() + +# x86 PCLMULQDQ + SSE4.1. argc-derived input defeats constant folding; +# SIGILL handler exits cleanly so the kernel skips the core dump. +function(detect_pclmul) + detect_cpu_feature(_HAVE_PCLMUL "-mpclmul" +"#include <wmmintrin.h> +#include <signal.h> +#include <unistd.h> +static void on_sigill(int sig) { (void) sig; _exit(1); } +int main(int argc, char ** argv) { + __m128i a; + __m128i b; + (void) argv; + signal(SIGILL, on_sigill); + a = _mm_set1_epi32(argc); + b = _mm_clmulepi64_si128(a, a, 0); + return _mm_cvtsi128_si32(b) & 0; +}") + detect_cpu_feature(_HAVE_SSE41 "-msse4.1" +"#include <smmintrin.h> +#include <signal.h> +#include <unistd.h> +static void on_sigill(int sig) { (void) sig; _exit(1); } +int main(int argc, char ** argv) { + __m128i a; + (void) argv; + signal(SIGILL, on_sigill); + a = _mm_set1_epi32(argc); + return _mm_extract_epi32(a, 0) & 0; +}") + if(_HAVE_PCLMUL AND _HAVE_SSE41) + set(HAVE_PCLMUL TRUE CACHE INTERNAL + "x86 PCLMUL + SSE4.1 intrinsics available") + else() + unset(HAVE_PCLMUL CACHE) + endif() +endfunction() + +# aarch64 FEAT_PMULL (vmull_p64). Pi 4's BCM2711 accepts +crypto at +# compile time but lacks the hardware — the runtime probe catches that. +function(detect_pmull) + detect_cpu_feature(_HAVE_PMULL "-march=armv8-a+crypto" +"#include <arm_neon.h> +#include <signal.h> +#include <stdint.h> +#include <unistd.h> +static void on_sigill(int sig) { (void) sig; _exit(1); } +int main(int argc, char ** argv) { + poly64_t a; + poly128_t c; + (void) argv; + signal(SIGILL, on_sigill); + a = (poly64_t) (uint64_t) argc; + c = vmull_p64(a, a); + return (int) (vgetq_lane_u64((uint64x2_t) c, 0) & 0); +}") + if(_HAVE_PMULL) + set(HAVE_PMULL TRUE CACHE INTERNAL + "aarch64 PMULL intrinsics available") + else() + unset(HAVE_PMULL CACHE) + endif() +endfunction() diff --git a/include/ouroboros/crc16.h b/include/ouroboros/crc16.h new file mode 100644 index 00000000..df4d4f57 --- /dev/null +++ b/include/ouroboros/crc16.h @@ -0,0 +1,43 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2026 + * + * 16-bit Cyclic Redundancy Check (CCITT-FALSE variant) + * + * Dimitri Staessens <dimitri@ouroboros.rocks> + * Sander Vrijders <sander@ouroboros.rocks> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., http://www.fsf.org/about/contact/. + */ + +/* + * Polynomial: ITU-T V.41 / CCITT-FALSE, CRC-16/IBM-3740. + * reveng catalog: https://reveng.sourceforge.io/crc-catalogue + * + * Intended for medium-size header check sequences (typ. <= 4 KiB). + * Hamming distance HD=4 up to 32751 message bits. + */ + +#ifndef OUROBOROS_LIB_CRC16_H +#define OUROBOROS_LIB_CRC16_H + +#include <stddef.h> +#include <stdint.h> + +#define CRC16_HASH_LEN 2 + +void crc16_ccitt_false(uint16_t * crc, + const void * buf, + size_t len); + +#endif /* OUROBOROS_LIB_CRC16_H */ diff --git a/include/ouroboros/crc64.h b/include/ouroboros/crc64.h new file mode 100644 index 00000000..f6e407a0 --- /dev/null +++ b/include/ouroboros/crc64.h @@ -0,0 +1,44 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2026 + * + * 64-bit Cyclic Redundancy Check (NVMe variant) + * + * Dimitri Staessens <dimitri@ouroboros.rocks> + * Sander Vrijders <sander@ouroboros.rocks> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., http://www.fsf.org/about/contact/. + */ + +/* + * Polynomial: NVM Express Base Spec, CRC-64/NVMe. + * reveng catalog: https://reveng.sourceforge.io/crc-catalogue + * + * Fold-by-N (PCLMUL/PMULL) algorithm: + * V. Gopal et al., "Fast CRC Computation for Generic Polynomials + * Using PCLMULQDQ", Intel white paper, 2009. + */ + +#ifndef OUROBOROS_LIB_CRC64_H +#define OUROBOROS_LIB_CRC64_H + +#include <stddef.h> +#include <stdint.h> + +#define CRC64_HASH_LEN 8 + +void crc64_nvme(uint64_t * crc, + const void * buf, + size_t len); + +#endif /* OUROBOROS_LIB_CRC64_H */ diff --git a/include/ouroboros/crc8.h b/include/ouroboros/crc8.h new file mode 100644 index 00000000..97502a25 --- /dev/null +++ b/include/ouroboros/crc8.h @@ -0,0 +1,43 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2026 + * + * 8-bit Cyclic Redundancy Check (AUTOSAR variant) + * + * Dimitri Staessens <dimitri@ouroboros.rocks> + * Sander Vrijders <sander@ouroboros.rocks> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., http://www.fsf.org/about/contact/. + */ + +/* + * Polynomial: AUTOSAR SWS_CRC, CRC-8/AUTOSAR. + * reveng catalog: https://reveng.sourceforge.io/crc-catalogue + * + * Intended for short header check sequences (typ. <= 32 bytes). + * Hamming distance HD=4 up to 119 message bits, HD=3 up to 247. + */ + +#ifndef OUROBOROS_LIB_CRC8_H +#define OUROBOROS_LIB_CRC8_H + +#include <stddef.h> +#include <stdint.h> + +#define CRC8_HASH_LEN 1 + +void crc8_autosar(uint8_t * crc, + const void * buf, + size_t len); + +#endif /* OUROBOROS_LIB_CRC8_H */ diff --git a/include/ouroboros/crypt.h b/include/ouroboros/crypt.h index 806d39ab..5e082bb9 100644 --- a/include/ouroboros/crypt.h +++ b/include/ouroboros/crypt.h @@ -33,7 +33,6 @@ #define MAX_HASH_SIZE 64 /* SHA-512/BLAKE2b max */ #define KEX_ALGO_BUFSZ 32 #define KEX_CIPHER_BUFSZ 32 -#define MSGBUFSZ 2048 /* * On OSX the OpenSSL NIDs are automatically loaded with evp.h. @@ -95,6 +94,8 @@ #define X448MLKEM1024_PKSZ 1624 /* 56 + 1568 */ #define X448MLKEM1024_SKSZ 3224 /* 56 + 3168 */ +#define CRYPT_KEY_BUFSZ 4096 /* Safe buffer for key material */ + #define KEM_MODE_SERVER_ENCAP 0 /* Server encapsulates (default) */ #define KEM_MODE_CLIENT_ENCAP 1 /* Client encapsulates */ #define IS_KEX_ALGO_SET(cfg) ((cfg)->x.nid != NID_undef) @@ -358,6 +359,8 @@ int crypt_check_crt_name(void * crt, int crypt_get_crt_name(void * crt, char * name); +void crypt_cleanup(void); + /* Secure memory allocation for sensitive data (keys, secrets) */ int crypt_secure_malloc_init(size_t max); diff --git a/include/ouroboros/hash.h b/include/ouroboros/hash.h index 0838df97..17ab98ac 100644 --- a/include/ouroboros/hash.h +++ b/include/ouroboros/hash.h @@ -38,6 +38,9 @@ enum hash_algo { HASH_SHA3_512 = DIR_HASH_SHA3_512, HASH_CRC32, HASH_MD5, + HASH_CRC64, + HASH_CRC8, + HASH_CRC16, }; #define HASH_FMT32 "%02x%02x%02x%02x" diff --git a/include/ouroboros/irm.h b/include/ouroboros/irm.h index d5e4f1ab..7cb71c21 100644 --- a/include/ouroboros/irm.h +++ b/include/ouroboros/irm.h @@ -53,13 +53,13 @@ int irm_bootstrap_ipcp(pid_t pid, const struct ipcp_config * conf); int irm_connect_ipcp(pid_t pid, - const char * component, const char * dst, + const char * component, qosspec_t qs); int irm_disconnect_ipcp(pid_t pid, - const char * component, - const char * dst); + const char * dst, + const char * component); int irm_bind_program(const char * prog, const char * name, diff --git a/include/ouroboros/ssm_pk_buff.h b/include/ouroboros/ssm_pk_buff.h index 1b779ad1..0eedd678 100644 --- a/include/ouroboros/ssm_pk_buff.h +++ b/include/ouroboros/ssm_pk_buff.h @@ -28,7 +28,7 @@ struct ssm_pk_buff; -size_t ssm_pk_buff_get_idx(struct ssm_pk_buff * spb); +size_t ssm_pk_buff_get_off(struct ssm_pk_buff * spb); uint8_t * ssm_pk_buff_head(struct ssm_pk_buff * spb); diff --git a/include/ouroboros/ssm_pool.h b/include/ouroboros/ssm_pool.h index 89eff8eb..bba76798 100644 --- a/include/ouroboros/ssm_pool.h +++ b/include/ouroboros/ssm_pool.h @@ -32,7 +32,7 @@ struct ssm_pool; -/* Pool API: uid = 0 for GSPP (privileged), uid > 0 for PUP (per-user) */ +/* Pool API: uid = 0 for GSPP (privileged), uid > 0 for PUP (per-user). */ struct ssm_pool * ssm_pool_create(uid_t uid, gid_t gid); @@ -46,13 +46,13 @@ int ssm_pool_mlock(struct ssm_pool * pool); void ssm_pool_gspp_purge(void); -/* Alloc count bytes, returns block index, a ptr and pk_buff. */ +/* Alloc count bytes, returns block offset, a ptr and pk_buff. */ ssize_t ssm_pool_alloc(struct ssm_pool * pool, size_t count, uint8_t ** ptr, struct ssm_pk_buff ** spb); -ssize_t ssm_pool_alloc_b(struct ssm_pool * pool, +ssize_t ssm_pool_alloc_b(struct ssm_pool * pool, size_t count, uint8_t ** ptr, struct ssm_pk_buff ** spb, @@ -60,13 +60,13 @@ ssize_t ssm_pool_alloc_b(struct ssm_pool * pool, ssize_t ssm_pool_read(uint8_t ** dst, struct ssm_pool * pool, - size_t idx); + size_t off); struct ssm_pk_buff * ssm_pool_get(struct ssm_pool * pool, - size_t idx); + size_t off); int ssm_pool_remove(struct ssm_pool * pool, - size_t idx); + size_t off); void ssm_pool_reclaim_orphans(struct ssm_pool * pool, pid_t pid); diff --git a/include/ouroboros/ssm_rbuff.h b/include/ouroboros/ssm_rbuff.h index ffa10b8e..2443b63d 100644 --- a/include/ouroboros/ssm_rbuff.h +++ b/include/ouroboros/ssm_rbuff.h @@ -55,10 +55,10 @@ void ssm_rbuff_fini(struct ssm_rbuff * rb); int ssm_rbuff_mlock(struct ssm_rbuff * rb); int ssm_rbuff_write(struct ssm_rbuff * rb, - size_t idx); + size_t off); int ssm_rbuff_write_b(struct ssm_rbuff * rb, - size_t idx, + size_t off, const struct timespec * abstime); ssize_t ssm_rbuff_read(struct ssm_rbuff * rb); diff --git a/include/test/test.h b/include/test/test.h index 99681384..a76fe62a 100644 --- a/include/test/test.h +++ b/include/test/test.h @@ -30,6 +30,9 @@ #include <sys/wait.h> #include <sys/types.h> #include <sys/resource.h> +#ifdef __linux__ +#include <sys/prctl.h> +#endif #define TEST_RC_SUCCESS 0 #define TEST_RC_SKIP 1 @@ -86,6 +89,9 @@ static int __attribute__((unused)) test_assert_fail(int(* testfunc)(void)) #ifdef DISABLE_TESTS_CORE_DUMPS struct rlimit rl = { .rlim_cur = 0, .rlim_max = 0 }; setrlimit(RLIMIT_CORE, &rl); +#ifdef __linux__ + prctl(PR_SET_DUMPABLE, 0); +#endif #endif return testfunc(); /* should abort */ } diff --git a/src/ipcpd/eth/eth.c b/src/ipcpd/eth/eth.c index 4be7775e..8293ac15 100644 --- a/src/ipcpd/eth/eth.c +++ b/src/ipcpd/eth/eth.c @@ -43,6 +43,7 @@ #include <ouroboros/list.h> #include <ouroboros/utils.h> #include <ouroboros/bitmap.h> +#include <ouroboros/crc8.h> #include <ouroboros/dev.h> #include <ouroboros/ipcp-dev.h> #include <ouroboros/fqueue.h> @@ -122,7 +123,8 @@ #define MGMT_EID 0 #define DIX_EID_SIZE sizeof(uint16_t) #define DIX_LENGTH_SIZE sizeof(uint16_t) -#define DIX_HEADER_SIZE (DIX_EID_SIZE + DIX_LENGTH_SIZE) +#define DIX_HCS_SIZE CRC8_HASH_LEN +#define DIX_HEADER_SIZE (DIX_EID_SIZE + DIX_LENGTH_SIZE + DIX_HCS_SIZE) #define ETH_HEADER_TOT_SIZE (ETH_HEADER_SIZE + DIX_HEADER_SIZE) #define MAX_EIDS (1 << (8 * DIX_EID_SIZE)) #define ETH_MAX_PACKET_SIZE (ETH_MTU - DIX_HEADER_SIZE) @@ -130,7 +132,9 @@ #elif defined(BUILD_ETH_LLC) #define THIS_TYPE IPCP_ETH_LLC #define MGMT_SAP 0x01 -#define LLC_HEADER_SIZE 3 +#define LLC_FIELDS_SIZE 3 +#define LLC_HCS_SIZE CRC8_HASH_LEN +#define LLC_HEADER_SIZE (LLC_FIELDS_SIZE + LLC_HCS_SIZE) #define ETH_HEADER_TOT_SIZE (ETH_HEADER_SIZE + LLC_HEADER_SIZE) #define MAX_SAPS 64 #define ETH_MAX_PACKET_SIZE (ETH_MTU - LLC_HEADER_SIZE) @@ -185,6 +189,7 @@ struct eth_frame { uint8_t ssap; uint8_t cf; #endif + uint8_t hcs; uint8_t payload; } __attribute__((packed)); @@ -409,12 +414,18 @@ static int eth_ipcp_send_frame(const uint8_t * dst_addr, e_frame->ethertype = eth_data.ethertype; e_frame->eid = htons(deid); e_frame->length = htons(len); + mem_hash(HASH_CRC8, &e_frame->hcs, + (uint8_t *) &e_frame->eid, + DIX_EID_SIZE + DIX_LENGTH_SIZE); frame_len = ETH_HEADER_TOT_SIZE + len; #elif defined(BUILD_ETH_LLC) e_frame->length = htons(LLC_HEADER_SIZE + len); e_frame->dsap = dsap; e_frame->ssap = ssap; e_frame->cf = cf; + mem_hash(HASH_CRC8, &e_frame->hcs, + (uint8_t *) &e_frame->dsap, + LLC_FIELDS_SIZE); frame_len = ETH_HEADER_TOT_SIZE + len; #endif @@ -718,13 +729,17 @@ static int eth_ipcp_mgmt_frame(const uint8_t * buf, qosspec_t qs; buffer_t data; + if (len < sizeof(*msg)) + return -1; + msg = (struct mgmt_msg *) buf; switch (msg->code) { case FLOW_REQ: msg_len = sizeof(*msg) + ipcp_dir_hash_len(); - assert(len >= msg_len); + if (len < msg_len) + return -1; qs.delay = ntoh32(msg->delay); qs.bandwidth = ntoh64(msg->bandwidth); @@ -752,8 +767,6 @@ static int eth_ipcp_mgmt_frame(const uint8_t * buf, } break; case FLOW_REPLY: - assert(len >= sizeof(*msg)); - data.data = (uint8_t *) buf + sizeof(*msg); data.len = len - sizeof(*msg); @@ -769,9 +782,13 @@ static int eth_ipcp_mgmt_frame(const uint8_t * buf, &data); break; case NAME_QUERY_REQ: + if (len < sizeof(*msg) + ipcp_dir_hash_len()) + return -1; eth_ipcp_name_query_req(buf + sizeof(*msg), r_addr); break; case NAME_QUERY_REPLY: + if (len < sizeof(*msg) + ipcp_dir_hash_len()) + return -1; eth_ipcp_name_query_reply(buf + sizeof(*msg), r_addr); break; default: @@ -844,6 +861,8 @@ static void * eth_ipcp_packet_reader(void * o) fd_set fds; int frame_len; #endif + size_t eth_len; + uint8_t hcs; struct eth_frame * e_frame; struct mgmt_frame * frame; @@ -923,17 +942,48 @@ static void * eth_ipcp_packet_reader(void * o) if (e_frame->ethertype != eth_data.ethertype) goto fail_frame; + if (length > ETH_MTU) + goto fail_frame; + deid = ntohs(e_frame->eid); - if (deid == MGMT_EID) { #elif defined (BUILD_ETH_LLC) if (length > 0x05FF) /* DIX */ goto fail_frame; + if (length < LLC_HEADER_SIZE || length > ETH_MTU) + goto fail_frame; + length -= LLC_HEADER_SIZE; dsap = reverse_bits(e_frame->dsap); ssap = reverse_bits(e_frame->ssap); +#endif + +#if defined(HAVE_NETMAP) + eth_len = hdr.len; +#elif defined(HAVE_BPF) + eth_len = ((struct bpf_hdr *) buf)->bh_caplen; +#else + eth_len = (size_t) frame_len; +#endif + if (eth_len < ETH_HEADER_TOT_SIZE + (size_t) length) + goto fail_frame; +#if defined(BUILD_ETH_DIX) + mem_hash(HASH_CRC8, &hcs, + (uint8_t *) &e_frame->eid, + DIX_EID_SIZE + DIX_LENGTH_SIZE); +#elif defined(BUILD_ETH_LLC) + mem_hash(HASH_CRC8, &hcs, + (uint8_t *) &e_frame->dsap, + LLC_FIELDS_SIZE); +#endif + if (hcs != e_frame->hcs) + goto fail_frame; + +#if defined(BUILD_ETH_DIX) + if (deid == MGMT_EID) { +#elif defined (BUILD_ETH_LLC) if (ssap == MGMT_SAP && dsap == MGMT_SAP) { #endif ipcp_spb_release(spb); /* No need for the N+1 buffer. */ diff --git a/src/ipcpd/local/main.c b/src/ipcpd/local/main.c index 377a7df3..2c867317 100644 --- a/src/ipcpd/local/main.c +++ b/src/ipcpd/local/main.c @@ -236,15 +236,6 @@ static int local_ipcp_flow_alloc_resp(int fd, return -1; } - if (response < 0) { - pthread_rwlock_wrlock(&local_data.lock); - if (local_data.in_out[fd] != -1) - local_data.in_out[local_data.in_out[fd]] = fd; - local_data.in_out[fd] = -1; - pthread_rwlock_unlock(&local_data.lock); - return 0; - } - pthread_rwlock_rdlock(&local_data.lock); out_fd = local_data.in_out[fd]; @@ -263,6 +254,12 @@ static int local_ipcp_flow_alloc_resp(int fd, return -1; } + if (response < 0) { + ipcp_flow_alloc_reply(out_fd, response, mpl, data); + log_info("Flow allocation rejected, fds (%d, %d).", out_fd, fd); + return 0; + } + fset_add(local_data.flows, fd); if (ipcp_flow_alloc_reply(out_fd, response, mpl, data) < 0) { diff --git a/src/ipcpd/unicast/dir/dht.c b/src/ipcpd/unicast/dir/dht.c index bc8fb820..8eeea800 100644 --- a/src/ipcpd/unicast/dir/dht.c +++ b/src/ipcpd/unicast/dir/dht.c @@ -2798,8 +2798,6 @@ static void do_dht_kv_store(const dht_store_msg_t * store) uint8_t * key; time_t exp; - (void) key; /* Only in logs, not used with DISABLE_TEST_LOGGING */ - assert(store != NULL); val.data = store->val.data; @@ -2807,7 +2805,7 @@ static void do_dht_kv_store(const dht_store_msg_t * store) key = store->key.data; exp = store->exp; - if (dht_kv_store(store->key.data, val, store->exp) < 0) { + if (dht_kv_store(key, val, store->exp) < 0) { log_err(KV_FMT " Failed to store.", KV_VAL(key, val)); return; } diff --git a/src/ipcpd/unicast/dt.c b/src/ipcpd/unicast/dt.c index 7ce09bde..252477f4 100644 --- a/src/ipcpd/unicast/dt.c +++ b/src/ipcpd/unicast/dt.c @@ -820,9 +820,9 @@ int dt_write_packet(uint64_t dst_addr, assert(spb); assert(dst_addr != dt.addr); +#ifdef IPCP_FLOW_STATS len = ssm_pk_buff_len(spb); -#ifdef IPCP_FLOW_STATS if (eid < PROG_RES_FDS) { pthread_mutex_lock(&dt.stat[eid].lock); diff --git a/src/ipcpd/unicast/fa.c b/src/ipcpd/unicast/fa.c index ddf78e22..c157d71c 100644 --- a/src/ipcpd/unicast/fa.c +++ b/src/ipcpd/unicast/fa.c @@ -58,12 +58,12 @@ #define CLOCK_REALTIME_COARSE CLOCK_REALTIME #endif -#define TIMEOUT 10 * MILLION /* nanoseconds */ +#define TIMEOUT 10 * MILLION /* nanoseconds */ +#define MSGBUFSZ 32768 #define FLOW_REQ 0 #define FLOW_REPLY 1 #define FLOW_UPDATE 2 -#define MSGBUFSZ 2048 #define STAT_FILE_LEN 0 diff --git a/src/ipcpd/unicast/routing/graph.c b/src/ipcpd/unicast/routing/graph.c index 13939915..0226c762 100644 --- a/src/ipcpd/unicast/routing/graph.c +++ b/src/ipcpd/unicast/routing/graph.c @@ -160,11 +160,22 @@ static struct vertex * add_vertex(struct graph * graph, return vertex; } +static void free_edges(struct list_head * edges) +{ + struct list_head * p; + struct list_head * h; + + list_for_each_safe(p, h, edges) { + struct edge * e = list_entry(p, struct edge, next); + list_del(&e->next); + free(e); + } +} + static void del_vertex(struct graph * graph, struct vertex * vertex) { struct list_head * p; - struct list_head * h; assert(graph != NULL); assert(vertex != NULL); @@ -178,10 +189,7 @@ static void del_vertex(struct graph * graph, v->index--; } - list_for_each_safe(p, h, &vertex->edges) { - struct edge * e = list_entry(p, struct edge, next); - del_edge(e); - } + free_edges(&vertex->edges); free(vertex); } @@ -687,7 +695,6 @@ static int graph_routing_table_ecmp(struct graph * graph, { struct vertex ** nhops; struct list_head * p; - struct list_head * h; size_t i; struct vertex * v; struct vertex * src_v; @@ -727,16 +734,15 @@ static int graph_routing_table_ecmp(struct graph * graph, free(nhops); - llist_for_each(h, &graph->vertices) { - v = list_entry(h, struct vertex, next); - if (tmp_dist[v->index] + 1 == (*dist)[v->index]) { + for (i = 0; i < graph->vertices.len; ++i) { + if (tmp_dist[i] + 1 == (*dist)[i]) { n = malloc(sizeof(*n)); if (n == NULL) { free(tmp_dist); goto fail_src_v; } n->nhop = e->nb->addr; - list_add_tail(&n->next, &forwarding[v->index]); + list_add_tail(&n->next, &forwarding[i]); } } @@ -747,36 +753,32 @@ static int graph_routing_table_ecmp(struct graph * graph, i = 0; llist_for_each(p, &graph->vertices) { v = list_entry(p, struct vertex, next); - if (v->addr == s_addr) { + if (v->addr == s_addr || list_is_empty(&forwarding[i])) { ++i; continue; } t = malloc(sizeof(*t)); if (t == NULL) - goto fail_t; + goto fail_malloc; t->dst = v->addr; list_head_init(&t->nhops); - if (&forwarding[i] != forwarding[i].nxt) { - t->nhops.nxt = forwarding[i].nxt; - t->nhops.prv = forwarding[i].prv; - forwarding[i].prv->nxt = &t->nhops; - forwarding[i].nxt->prv = &t->nhops; - } + t->nhops.nxt = forwarding[i].nxt; + t->nhops.prv = forwarding[i].prv; + forwarding[i].prv->nxt = &t->nhops; + forwarding[i].nxt->prv = &t->nhops; list_add(&t->next, table); ++i; } - free(*dist); - *dist = NULL; free(forwarding); return 0; - fail_t: + fail_malloc: free_routing_table(table); fail_src_v: free(*dist); diff --git a/src/irmd/config.h.in b/src/irmd/config.h.in index 2888ce37..df0cd718 100644 --- a/src/irmd/config.h.in +++ b/src/irmd/config.h.in @@ -74,6 +74,7 @@ #define IRMD_PKILL_TIMEOUT @IRMD_PKILL_TIMEOUT@ +#cmakedefine DISABLE_DIRECT_IPC #cmakedefine IRMD_KILL_ALL_PROCESSES #cmakedefine HAVE_LIBGCRYPT #cmakedefine HAVE_OPENSSL diff --git a/src/irmd/main.c b/src/irmd/main.c index c7a5715b..a85a9bf0 100644 --- a/src/irmd/main.c +++ b/src/irmd/main.c @@ -86,6 +86,7 @@ #define TIMESYNC_SLACK 100 /* ms */ #define OAP_SEEN_TIMER 20 /* s */ #define DEALLOC_TIME 300 /* s */ +#define DIRECT_MPL 1 /* s */ enum irm_state { IRMD_NULL = 0, @@ -914,21 +915,29 @@ static int flow_accept(struct flow_info * flow, goto fail_oap; } - if (ipcp_flow_alloc_resp(flow, 0, resp_hdr) < 0) { + if (reg_flow_is_direct(flow->id)) { + if (reg_respond_flow_direct(flow->id, &resp_hdr) < 0) { + log_err("Failed to respond to direct flow."); + goto fail_resp; + } + log_info("Flow %d accepted (direct) by %d for %s.", + flow->id, flow->n_pid, name); + } else if (ipcp_flow_alloc_resp(flow, 0, resp_hdr) < 0) { log_err("Failed to respond to flow allocation."); goto fail_resp; + } else { + log_info("Flow %d accepted by %d for %s (uid %d).", + flow->id, flow->n_pid, name, flow->uid); } - log_info("Flow %d accepted by %d for %s (uid %d).", - flow->id, flow->n_pid, name, flow->uid); - freebuf(req_hdr); freebuf(resp_hdr); return 0; fail_oap: - ipcp_flow_alloc_resp(flow, err, resp_hdr); + if (!reg_flow_is_direct(flow->id)) + ipcp_flow_alloc_resp(flow, err, resp_hdr); fail_wait: reg_destroy_flow(flow->id); fail_flow: @@ -1028,7 +1037,7 @@ static int get_ipcp_by_dst(const char * dst, pid_t * pid, buffer_t * hash) { - ipcp_list_msg_t ** ipcps; + ipcp_list_msg_t ** ipcps = NULL; int n; int i; int err = -EIPCP; @@ -1081,6 +1090,171 @@ static int get_ipcp_by_dst(const char * dst, return err; } +static int wait_for_accept(const char * name) +{ + struct timespec timeo = TIMESPEC_INIT_MS(IRMD_REQ_ARR_TIMEOUT); + struct timespec abstime; + char ** exec; + int ret; + + clock_gettime(PTHREAD_COND_CLOCK, &abstime); + ts_add(&abstime, &timeo, &abstime); + + ret = reg_wait_flow_accepting(name, &abstime); + if (ret == -ETIMEDOUT) { + if (reg_get_exec(name, &exec) < 0) { + log_dbg("No program bound for %s.", name); + goto fail; + } + + if (spawn_program(exec) < 0) { + log_err("Failed to start %s for %s.", exec[0], name); + goto fail_spawn; + } + + log_info("Starting %s for %s.", exec[0], name); + + ts_add(&abstime, &timeo, &abstime); + + ret = reg_wait_flow_accepting(name, &abstime); + if (ret == -ETIMEDOUT) + goto fail_spawn; + + argvfree(exec); + } + + return ret; + + fail_spawn: + argvfree(exec); + fail: + return -1; +} + +static int flow_req_arr(struct flow_info * flow, + const uint8_t * hash, + buffer_t * data) +{ + struct ipcp_info info; + struct layer_info layer; + enum hash_algo algo; + int ret; + char name[NAME_SIZE + 1]; + + info.pid = flow->n_1_pid; + + log_dbg("Flow req arrived from IPCP %d for " HASH_FMT32 ".", + info.pid, HASH_VAL32(hash)); + + if (reg_get_ipcp(&info, &layer) < 0) { + log_err("No IPCP with pid %d.", info.pid); + ret = -EIPCP; + goto fail; + } + + algo = (enum hash_algo) layer.dir_hash_algo; + + if (reg_get_name_for_hash(name, algo, hash) < 0) { + log_warn("No name for " HASH_FMT32 ".", HASH_VAL32(hash)); + ret = -ENAME; + goto fail; + } + + log_info("Flow request arrived for %s.", name); + + ret = wait_for_accept(name); + if (ret < 0) { + log_err("No active process for %s.", name); + goto fail; + } + + flow->id = ret; + flow->state = FLOW_ALLOCATED; + + ret = reg_respond_accept(flow, data); + if (ret < 0) { + log_err("Failed to respond to flow %d.", flow->id); + goto fail; + } + + return 0; + fail: + return ret; +} + +#ifndef DISABLE_DIRECT_IPC +static int flow_alloc_direct(const char * dst, + struct flow_info * flow, + buffer_t * data, + struct timespec * abstime, + struct crypt_sk * sk, + struct name_info * info) +{ + struct flow_info acc; /* server side flow */ + buffer_t req_hdr = BUF_INIT; + buffer_t resp_hdr = BUF_INIT; + void * ctx; + int err; + + acc.id = wait_for_accept(dst); + if (acc.id < 0) { + log_dbg("No accepting process for %s.", dst); + return -EAGAIN; + } + + if (oap_cli_prepare(&ctx, info, &req_hdr, *data) < 0) { + log_err("Failed to prepare OAP for %s.", dst); + return -EBADF; + } + + acc.n_1_pid = flow->n_pid; + acc.mpl = DIRECT_MPL; + acc.qs = flow->qs; + acc.state = FLOW_ALLOCATED; + + err = reg_prepare_flow_direct(&acc, &req_hdr, flow->uid); + if (err == -EPERM) { + log_dbg("UID mismatch, falling back."); + oap_ctx_free(ctx); + freebuf(req_hdr); + return -EPERM; + } + + if (err < 0) { + log_err("Failed to prepare direct flow."); + oap_ctx_free(ctx); + freebuf(req_hdr); + return -EBADF; + } + + err = reg_wait_flow_direct(acc.id, &resp_hdr, abstime); + if (err < 0) { + log_err("Timeout waiting for OAP response."); + oap_ctx_free(ctx); + return -ETIMEDOUT; + } + + err = oap_cli_complete(ctx, info, resp_hdr, data, sk); + if (err < 0) { + log_err("OAP completion failed for %s.", dst); + freebuf(resp_hdr); + return err; + } + + flow->id = acc.id; + flow->n_1_pid = acc.n_pid; + flow->mpl = DIRECT_MPL; + flow->state = FLOW_ALLOCATED; + + log_info("Flow %d allocated (direct) for %d to %s.", + flow->id, flow->n_pid, dst); + + freebuf(resp_hdr); + + return 0; +} +#endif /* DISABLE_DIRECT_IPC */ + static int flow_alloc(const char * dst, struct flow_info * flow, buffer_t * data, @@ -1104,17 +1278,25 @@ static int flow_alloc(const char * dst, goto fail_flow; } + flow->uid = reg_get_proc_uid(flow->n_pid); + + log_info("Allocating flow for %d to %s (uid %d).", + flow->n_pid, dst, flow->uid); + +#ifndef DISABLE_DIRECT_IPC + err = flow_alloc_direct(dst, flow, data, abstime, sk, &info); + if (err == 0) + return 0; + + if (err != -EPERM && err != -EAGAIN) + goto fail_flow; +#endif if (reg_create_flow(flow) < 0) { log_err("Failed to create flow."); err = -EBADF; goto fail_flow; } - flow->uid = reg_get_proc_uid(flow->n_pid); - - log_info("Allocating flow for %d to %s (uid %d).", - flow->n_pid, dst, flow->uid); - if (get_ipcp_by_dst(dst, &flow->n_1_pid, &hash) < 0) { log_err("Failed to find IPCP for %s.", dst); err = -EIPCP; @@ -1188,98 +1370,6 @@ static int flow_alloc(const char * dst, return err; } -static int wait_for_accept(const char * name) -{ - struct timespec timeo = TIMESPEC_INIT_MS(IRMD_REQ_ARR_TIMEOUT); - struct timespec abstime; - char ** exec; - int ret; - - clock_gettime(PTHREAD_COND_CLOCK, &abstime); - ts_add(&abstime, &timeo, &abstime); - - ret = reg_wait_flow_accepting(name, &abstime); - if (ret == -ETIMEDOUT) { - if (reg_get_exec(name, &exec) < 0) { - log_dbg("No program bound for %s.", name); - goto fail; - } - - if (spawn_program(exec) < 0) { - log_err("Failed to start %s for %s.", exec[0], name); - goto fail_spawn; - } - - log_info("Starting %s for %s.", exec[0], name); - - ts_add(&abstime, &timeo, &abstime); - - ret = reg_wait_flow_accepting(name, &abstime); - if (ret == -ETIMEDOUT) - goto fail_spawn; - - argvfree(exec); - } - - return ret; - - fail_spawn: - argvfree(exec); - fail: - return -1; -} - -static int flow_req_arr(struct flow_info * flow, - const uint8_t * hash, - buffer_t * data) -{ - struct ipcp_info info; - struct layer_info layer; - enum hash_algo algo; - int ret; - char name[NAME_SIZE + 1]; - - info.pid = flow->n_1_pid; - - log_dbg("Flow req arrived from IPCP %d for " HASH_FMT32 ".", - info.pid, HASH_VAL32(hash)); - - if (reg_get_ipcp(&info, &layer) < 0) { - log_err("No IPCP with pid %d.", info.pid); - ret = -EIPCP; - goto fail; - } - - algo = (enum hash_algo) layer.dir_hash_algo; - - if (reg_get_name_for_hash(name, algo, hash) < 0) { - log_warn("No name for " HASH_FMT32 ".", HASH_VAL32(hash)); - ret = -ENAME; - goto fail; - } - - log_info("Flow request arrived for %s.", name); - - ret = wait_for_accept(name); - if (ret < 0) { - log_err("No active process for %s.", name); - goto fail; - } - - flow->id = ret; - flow->state = FLOW_ALLOCATED; - - ret = reg_respond_accept(flow, data); - if (ret < 0) { - log_err("Failed to respond to flow %d.", flow->id); - goto fail; - } - - return 0; - fail: - return ret; -} - static int flow_alloc_reply(struct flow_info * flow, int response, buffer_t * data) @@ -1303,6 +1393,12 @@ static int flow_dealloc(struct flow_info * flow, reg_dealloc_flow(flow); + if (reg_flow_is_direct(flow->id)) { + if (flow->state == FLOW_DEALLOCATED) + reg_destroy_flow(flow->id); + return 0; + } + if (ipcp_flow_dealloc(flow->n_1_pid, flow->id, ts->tv_sec) < 0) { log_err("Failed to request dealloc from %d.", flow->n_1_pid); return -EIPCP; @@ -2320,6 +2416,7 @@ int main(int argc, pthread_sigmask(SIG_UNBLOCK, &sigset, NULL); crypt_secure_malloc_fini(); + crypt_cleanup(); reg_clear(); diff --git a/src/irmd/oap.c b/src/irmd/oap.c deleted file mode 100644 index 1831f533..00000000 --- a/src/irmd/oap.c +++ /dev/null @@ -1,130 +0,0 @@ -/* - * Ouroboros - Copyright (C) 2016 - 2026 - * - * OAP - Shared credential and configuration loading - * - * Dimitri Staessens <dimitri@ouroboros.rocks> - * Sander Vrijders <sander@ouroboros.rocks> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., http://www.fsf.org/about/contact/. - */ - -#if defined(__linux__) || defined(__CYGWIN__) - #define _DEFAULT_SOURCE -#else - #define _POSIX_C_SOURCE 200809L -#endif - -#define OUROBOROS_PREFIX "irmd/oap" - -#include <ouroboros/crypt.h> -#include <ouroboros/errno.h> -#include <ouroboros/logs.h> - -#include "config.h" - -#include <assert.h> -#include <string.h> -#include <sys/stat.h> - -/* - * Shared credential and configuration loading helpers - */ - -#ifndef OAP_TEST_MODE - -static bool file_exists(const char * path) -{ - struct stat s; - - if (stat(path, &s) < 0 && errno == ENOENT) { - log_dbg("File %s does not exist.", path); - return false; - } - - return true; -} - -int load_credentials(const char * name, - const struct name_sec_paths * paths, - void ** pkp, - void ** crt) -{ - assert(paths != NULL); - assert(pkp != NULL); - assert(crt != NULL); - - *pkp = NULL; - *crt = NULL; - - if (!file_exists(paths->crt) || !file_exists(paths->key)) { - log_info("No authentication certificates for %s.", name); - return 0; - } - - if (crypt_load_crt_file(paths->crt, crt) < 0) { - log_err("Failed to load %s for %s.", paths->crt, name); - goto fail_crt; - } - - if (crypt_load_privkey_file(paths->key, pkp) < 0) { - log_err("Failed to load %s for %s.", paths->key, name); - goto fail_key; - } - - log_info("Loaded authentication certificates for %s.", name); - - return 0; - - fail_key: - crypt_free_crt(*crt); - *crt = NULL; - fail_crt: - return -EAUTH; -} - -int load_kex_config(const char * name, - const char * path, - struct sec_config * cfg) -{ - assert(name != NULL); - assert(cfg != NULL); - - memset(cfg, 0, sizeof(*cfg)); - - /* Load encryption config */ - if (!file_exists(path)) - log_dbg("No encryption %s for %s.", path, name); - - if (load_sec_config_file(cfg, path) < 0) { - log_warn("Failed to load %s for %s.", path, name); - return -1; - } - - if (!IS_KEX_ALGO_SET(cfg)) { - log_info("Key exchange not configured for %s.", name); - return 0; - } - - if (cfg->c.nid == NID_undef || crypt_nid_to_str(cfg->c.nid) == NULL) { - log_err("Invalid cipher NID %d for %s.", cfg->c.nid, name); - return -ECRYPT; - } - - log_info("Encryption enabled for %s.", name); - - return 0; -} - -#endif /* OAP_TEST_MODE */ diff --git a/src/irmd/oap/auth.c b/src/irmd/oap/auth.c index a11ab158..4b86f055 100644 --- a/src/irmd/oap/auth.c +++ b/src/irmd/oap/auth.c @@ -183,7 +183,7 @@ int oap_auth_peer(char * name, const struct oap_hdr * peer_hdr) { void * crt; - void * pk; + void * pk = NULL; buffer_t sign; /* Signed region */ uint8_t * id = peer_hdr->id.data; @@ -244,8 +244,8 @@ int oap_auth_peer(char * name, return 0; fail_check_sig: - crypt_free_key(pk); fail_crt: + crypt_free_key(pk); crypt_free_crt(crt); fail_check: return -EAUTH; diff --git a/src/irmd/oap/cli.c b/src/irmd/oap/cli.c index 507f3f81..7a202da7 100644 --- a/src/irmd/oap/cli.c +++ b/src/irmd/oap/cli.c @@ -50,7 +50,7 @@ struct oap_cli_ctx { uint8_t __id[OAP_ID_SIZE]; buffer_t id; - uint8_t kex_buf[MSGBUFSZ]; + uint8_t kex_buf[CRYPT_KEY_BUFSZ]; uint8_t req_hash[MAX_HASH_SIZE]; size_t req_hash_len; int req_md_nid; @@ -311,6 +311,9 @@ int oap_cli_prepare(void ** ctx, *req_buf = s->local_hdr.hdr; clrbuf(s->local_hdr.hdr); + /* oap_hdr_encode repoints id into hdr; restore to __id */ + s->local_hdr.id = s->id; + crypt_free_crt(crt); crypt_free_key(pkp); diff --git a/src/irmd/oap/srv.c b/src/irmd/oap/srv.c index 36391e50..afc54acc 100644 --- a/src/irmd/oap/srv.c +++ b/src/irmd/oap/srv.c @@ -384,7 +384,7 @@ int oap_srv_process(const struct name_info * info, struct oap_hdr peer_hdr; struct oap_hdr local_hdr; struct sec_config kcfg; - uint8_t kex_buf[MSGBUFSZ]; + uint8_t kex_buf[CRYPT_KEY_BUFSZ]; uint8_t hash_buf[MAX_HASH_SIZE]; buffer_t req_hash = BUF_INIT; ssize_t hash_ret; diff --git a/src/irmd/oap/tests/oap_test.c b/src/irmd/oap/tests/oap_test.c index 2f0f0b4d..a324b586 100644 --- a/src/irmd/oap/tests/oap_test.c +++ b/src/irmd/oap/tests/oap_test.c @@ -1071,6 +1071,74 @@ static int test_oap_replay_packet(void) return TEST_RC_FAIL; } +/* Server rejects client certificate when root CA is missing from store */ +static int test_oap_missing_root_ca(void) +{ + struct oap_test_ctx ctx; + void * im_ca = NULL; + + test_default_cfg(); + + TEST_START(); + + memset(&ctx, 0, sizeof(ctx)); + + strcpy(ctx.srv.info.name, "test-1.unittest.o7s"); + strcpy(ctx.cli.info.name, "test-1.unittest.o7s"); + + if (oap_auth_init() < 0) { + printf("Failed to init OAP.\n"); + goto fail; + } + + /* Load intermediate CA but intentionally omit the root CA */ + if (crypt_load_crt_str(im_ca_crt_ec, &im_ca) < 0) { + printf("Failed to load intermediate CA cert.\n"); + goto fail_fini; + } + + ctx.im_ca = im_ca; + + if (oap_auth_add_ca_crt(im_ca) < 0) { + printf("Failed to add intermediate CA cert to store.\n"); + goto fail_fini; + } + + if (oap_cli_prepare_ctx(&ctx) < 0) { + printf("Client prepare failed.\n"); + goto fail_fini; + } + + /* Server processes and signs response - succeeds without root CA */ + if (oap_srv_process_ctx(&ctx) < 0) { + printf("Server process failed.\n"); + goto fail_teardown; + } + + /* Client verifies server certificate against trust store: + * should reject because root CA is not in the store */ + if (oap_cli_complete_ctx(&ctx) == 0) { + printf("Client should reject without root CA.\n"); + goto fail_teardown; + } + + oap_test_teardown(&ctx); + + TEST_SUCCESS(); + return TEST_RC_SUCCESS; + + fail_teardown: + oap_test_teardown(&ctx); + TEST_FAIL(); + return TEST_RC_FAIL; + fail_fini: + crypt_free_crt(im_ca); + oap_auth_fini(); + fail: + TEST_FAIL(); + return TEST_RC_FAIL; +} + /* Test that client rejects server with wrong certificate name */ static int test_oap_server_name_mismatch(void) { @@ -1149,6 +1217,7 @@ int oap_test(int argc, ret |= test_oap_outdated_packet(); ret |= test_oap_future_packet(); ret |= test_oap_replay_packet(); + ret |= test_oap_missing_root_ca(); ret |= test_oap_server_name_mismatch(); #else (void) test_oap_roundtrip_auth_only; @@ -1173,9 +1242,12 @@ int oap_test(int argc, (void) test_oap_outdated_packet; (void) test_oap_future_packet; (void) test_oap_replay_packet; + (void) test_oap_missing_root_ca; (void) test_oap_server_name_mismatch; ret = TEST_RC_SKIP; #endif + crypt_cleanup(); + return ret; } diff --git a/src/irmd/oap/tests/oap_test_ml_dsa.c b/src/irmd/oap/tests/oap_test_ml_dsa.c index f9e6bdb2..81b307ab 100644 --- a/src/irmd/oap/tests/oap_test_ml_dsa.c +++ b/src/irmd/oap/tests/oap_test_ml_dsa.c @@ -442,6 +442,7 @@ int oap_test_ml_dsa(int argc, ret = TEST_RC_SKIP; #endif + crypt_cleanup(); return ret; } diff --git a/src/irmd/reg/flow.c b/src/irmd/reg/flow.c index 15497d35..93c3e128 100644 --- a/src/irmd/reg/flow.c +++ b/src/irmd/reg/flow.c @@ -80,7 +80,7 @@ void reg_flow_destroy(struct reg_flow * flow) switch(flow->info.state) { case FLOW_ACCEPT_PENDING: - clrbuf(flow->data); + clrbuf(flow->req_data); /* FALLTHRU */ default: destroy_rbuffs(flow); @@ -89,8 +89,10 @@ void reg_flow_destroy(struct reg_flow * flow) assert(flow->n_rb == NULL); assert(flow->n_1_rb == NULL); - assert(flow->data.data == NULL); - assert(flow->data.len == 0); + assert(flow->req_data.data == NULL); + assert(flow->req_data.len == 0); + assert(flow->rsp_data.data == NULL); + assert(flow->rsp_data.len == 0); assert(list_is_empty(&flow->next)); @@ -186,30 +188,3 @@ int reg_flow_update(struct reg_flow * flow, fail: return -ENOMEM; } - -void reg_flow_set_data(struct reg_flow * flow, - const buffer_t * buf) -{ - assert(flow != NULL); - assert(buf != NULL); - assert(flow->data.data == NULL); - assert(flow->data.len == 0); - - flow->data = *buf; -} - -void reg_flow_get_data(struct reg_flow * flow, - buffer_t * buf) -{ - assert(flow != NULL); - assert(buf != NULL); - - *buf = flow->data; - - clrbuf(flow->data); -} - -void reg_flow_free_data(struct reg_flow * flow) -{ - freebuf(flow->data); -} diff --git a/src/irmd/reg/flow.h b/src/irmd/reg/flow.h index d0078e1b..9a4046d3 100644 --- a/src/irmd/reg/flow.h +++ b/src/irmd/reg/flow.h @@ -31,6 +31,7 @@ #include <ouroboros/ssm_rbuff.h> #include <ouroboros/utils.h> +#include <stdbool.h> #include <sys/types.h> #include <time.h> @@ -40,11 +41,14 @@ struct reg_flow { struct flow_info info; int response; - buffer_t data; + buffer_t req_data; + buffer_t rsp_data; struct timespec t0; char name[NAME_SIZE + 1]; + bool direct; + struct ssm_rbuff * n_rb; struct ssm_rbuff * n_1_rb; }; @@ -56,12 +60,4 @@ void reg_flow_destroy(struct reg_flow * flow); int reg_flow_update(struct reg_flow * flow, struct flow_info * info); -void reg_flow_set_data(struct reg_flow * flow, - const buffer_t * buf); - -void reg_flow_get_data(struct reg_flow * flow, - buffer_t * buf); - -void reg_flow_free_data(struct reg_flow * flow); - #endif /* OUROBOROS_IRMD_REG_FLOW_H */ diff --git a/src/irmd/reg/reg.c b/src/irmd/reg/reg.c index 64aa1513..0025f695 100644 --- a/src/irmd/reg/reg.c +++ b/src/irmd/reg/reg.c @@ -1785,7 +1785,8 @@ int reg_wait_flow_allocated(struct flow_info * info, } if (flow != NULL) { - reg_flow_get_data(flow, pbuf); + *pbuf = flow->rsp_data; + clrbuf(flow->rsp_data); *info = flow->info; } @@ -1820,8 +1821,8 @@ int reg_respond_alloc(struct flow_info * info, } assert(flow->info.state == FLOW_ALLOC_PENDING); - assert(flow->data.len == 0); - assert(flow->data.data == NULL); + assert(flow->rsp_data.len == 0); + assert(flow->rsp_data.data == NULL); info->n_pid = flow->info.n_pid; info->n_1_pid = flow->info.n_pid; @@ -1833,8 +1834,10 @@ int reg_respond_alloc(struct flow_info * info, flow->response = response; - if (info->state == FLOW_ALLOCATED) - reg_flow_set_data(flow, pbuf); + if (info->state == FLOW_ALLOCATED) { + flow->rsp_data = *pbuf; + clrbuf(*pbuf); + } pthread_cond_broadcast(®.cond); @@ -1944,7 +1947,8 @@ int reg_wait_flow_accepted(struct flow_info * info, pthread_cleanup_pop(true); /* __cleanup_wait_accept */ if (flow != NULL) { - reg_flow_get_data(flow, pbuf); + *pbuf = flow->req_data; + clrbuf(flow->req_data); *info = flow->info; } @@ -2004,8 +2008,63 @@ int reg_respond_accept(struct flow_info * info, info->n_pid = flow->info.n_pid; - reg_flow_set_data(flow, pbuf); - clrbuf(pbuf); + flow->req_data = *pbuf; + clrbuf(*pbuf); + + if (reg_flow_update(flow, info) < 0) { + log_err("Failed to create flow structs."); + goto fail_flow; + } + + pthread_cond_broadcast(®.cond); + + pthread_mutex_unlock(®.mtx); + + return 0; + + fail_flow: + pthread_mutex_unlock(®.mtx); + return -1; +} + +int reg_prepare_flow_direct(struct flow_info * info, + buffer_t * pbuf, + uid_t alloc_uid) +{ + struct reg_flow * flow; + struct reg_proc * proc; + uid_t accept_uid = 0; + + assert(info != NULL); + assert(info->state == FLOW_ALLOCATED); + assert(info->n_1_pid != 0); + assert(pbuf != NULL); + + pthread_mutex_lock(®.mtx); + + flow = __reg_get_flow(info->id); + if (flow == NULL) { + log_err("Flow not found: %d.", info->id); + goto fail_flow; + } + + assert(flow->info.state == FLOW_ACCEPT_PENDING); + + info->n_pid = flow->info.n_pid; + + proc = __reg_get_proc(info->n_pid); + if (proc != NULL && !is_ouroboros_member_uid(proc->info.uid)) + accept_uid = proc->info.uid; + + if (alloc_uid != accept_uid) { + pthread_mutex_unlock(®.mtx); + return -EPERM; + } + + flow->direct = true; + + flow->req_data = *pbuf; + clrbuf(*pbuf); if (reg_flow_update(flow, info) < 0) { log_err("Failed to create flow structs."); @@ -2023,6 +2082,109 @@ int reg_respond_accept(struct flow_info * info, return -1; } +bool reg_flow_is_direct(int flow_id) +{ + struct reg_flow * flow; + bool ret; + + pthread_mutex_lock(®.mtx); + + flow = __reg_get_flow(flow_id); + + ret = flow != NULL && flow->direct; + + pthread_mutex_unlock(®.mtx); + + return ret; +} + +int reg_respond_flow_direct(int flow_id, + buffer_t * pbuf) +{ + struct reg_flow * flow; + + assert(pbuf != NULL); + + pthread_mutex_lock(®.mtx); + + flow = __reg_get_flow(flow_id); + if (flow == NULL) { + log_err("Flow %d not found.", flow_id); + goto fail; + } + + assert(flow->direct); + assert(flow->rsp_data.data == NULL); + + flow->rsp_data = *pbuf; + clrbuf(*pbuf); + + pthread_cond_broadcast(®.cond); + + pthread_mutex_unlock(®.mtx); + + return 0; + fail: + pthread_mutex_unlock(®.mtx); + return -1; +} + +int reg_wait_flow_direct(int flow_id, + buffer_t * pbuf, + const struct timespec * abstime) +{ + struct reg_flow * flow; + int ret = -1; + + assert(pbuf != NULL); + + pthread_mutex_lock(®.mtx); + + flow = __reg_get_flow(flow_id); + if (flow == NULL) + goto fail; + + assert(flow->direct); + + pthread_cleanup_push(__cleanup_mutex_unlock, ®.mtx); + + while (flow != NULL && flow->rsp_data.data == NULL) { + ret = -__timedwait(®.cond, ®.mtx, abstime); + if (ret == -ETIMEDOUT) + break; + flow = __reg_get_flow(flow_id); + } + + if (flow != NULL && flow->rsp_data.data != NULL) { + *pbuf = flow->rsp_data; + clrbuf(flow->rsp_data); + ret = 0; + } + + pthread_cleanup_pop(true); + + return ret; + fail: + pthread_mutex_unlock(®.mtx); + return -1; +} + +static int direct_flow_dealloc(struct reg_flow * flow, + pid_t pid) +{ + if (!flow->direct) + return -1; + + if (pid == flow->info.n_pid && flow->info.n_pid != -1) + flow->info.n_pid = -1; + else if (pid == flow->info.n_1_pid && flow->info.n_1_pid != -1) + flow->info.n_1_pid = -1; + else + return -1; + + return 0; +} + void reg_dealloc_flow(struct flow_info * info) { struct reg_flow * flow; @@ -2036,13 +2198,32 @@ void reg_dealloc_flow(struct flow_info * info) flow = __reg_get_flow(info->id); assert(flow != NULL); - assert(flow->data.data == NULL); - assert(flow->data.len == 0); + assert(flow->req_data.data == NULL); + assert(flow->req_data.len == 0); + assert(flow->rsp_data.data == NULL); + assert(flow->rsp_data.len == 0); + + info->n_1_pid = flow->info.n_1_pid; + + if (flow->info.state == FLOW_DEALLOC_PENDING) { + if (direct_flow_dealloc(flow, info->n_pid) < 0) { + info->state = FLOW_DEALLOC_PENDING; + pthread_mutex_unlock(®.mtx); + return; + } + flow->info.state = FLOW_DEALLOCATED; + info->state = FLOW_DEALLOCATED; + reg_flow_update(flow, info); + pthread_mutex_unlock(®.mtx); + return; + } + assert(flow->info.state == FLOW_ALLOCATED); flow->info.state = FLOW_DEALLOC_PENDING; info->state = FLOW_DEALLOC_PENDING; - info->n_1_pid = flow->info.n_1_pid; + + direct_flow_dealloc(flow, info->n_pid); memset(flow->name, 0, sizeof(flow->name)); @@ -2064,8 +2245,10 @@ void reg_dealloc_flow_resp(struct flow_info * info) flow = __reg_get_flow(info->id); assert(flow != NULL); - assert(flow->data.data == NULL); - assert(flow->data.len == 0); + assert(flow->req_data.data == NULL); + assert(flow->req_data.len == 0); + assert(flow->rsp_data.data == NULL); + assert(flow->rsp_data.len == 0); assert(flow->info.state == FLOW_DEALLOC_PENDING); flow->info.state = FLOW_DEALLOCATED; diff --git a/src/irmd/reg/reg.h b/src/irmd/reg/reg.h index bda57711..6b576471 100644 --- a/src/irmd/reg/reg.h +++ b/src/irmd/reg/reg.h @@ -150,6 +150,19 @@ int reg_wait_flow_accepting(const char * name, int reg_respond_accept(struct flow_info * info, buffer_t * pbuf); +int reg_prepare_flow_direct(struct flow_info * info, + buffer_t * pbuf, + uid_t alloc_uid); + +int reg_respond_flow_direct(int flow_id, + buffer_t * pbuf); + +int reg_wait_flow_direct(int flow_id, + buffer_t * pbuf, + const struct timespec * abstime); + +bool reg_flow_is_direct(int flow_id); + void reg_dealloc_flow(struct flow_info * info); void reg_dealloc_flow_resp(struct flow_info * info); diff --git a/src/irmd/reg/tests/flow_test.c b/src/irmd/reg/tests/flow_test.c index bfdbceb5..7e1c1360 100644 --- a/src/irmd/reg/tests/flow_test.c +++ b/src/irmd/reg/tests/flow_test.c @@ -24,10 +24,6 @@ #include <test/test.h> -#include <string.h> - -#define TEST_DATA "testpiggybackdata" - static int test_reg_flow_create_destroy(void) { struct reg_flow * f; @@ -219,56 +215,6 @@ static int test_reg_flow_assert_fails(void) return ret; } -static int test_flow_data(void) -{ - struct reg_flow * f; - - struct flow_info info = { - .id = 1, - .n_pid = 1, - .qs = qos_raw, - .state = FLOW_INIT - }; - - char * data; - buffer_t buf; - buffer_t rcv = {0, NULL}; - - TEST_START(); - - data = strdup(TEST_DATA); - if (data == NULL) { - printf("Failed to strdup data.\n"); - goto fail; - } - - buf.data = (uint8_t *) data; - buf.len = strlen(data); - - f = reg_flow_create(&info); - if (f == NULL) { - printf("Failed to create flow.\n"); - goto fail; - } - - reg_flow_set_data(f, &buf); - - reg_flow_get_data(f, &rcv); - - freebuf(buf); - clrbuf(rcv); - - reg_flow_destroy(f); - - TEST_SUCCESS(); - - return TEST_RC_SUCCESS; - fail: - free(data); - TEST_FAIL(); - return TEST_RC_FAIL; -} - int flow_test(int argc, char ** argv) { @@ -280,7 +226,6 @@ int flow_test(int argc, ret |= test_reg_flow_create_destroy(); ret |= test_reg_flow_update(); ret |= test_reg_flow_assert_fails(); - ret |= test_flow_data(); return ret; } diff --git a/src/irmd/reg/tests/reg_test.c b/src/irmd/reg/tests/reg_test.c index 4d7e30ef..f4b0188b 100644 --- a/src/irmd/reg/tests/reg_test.c +++ b/src/irmd/reg/tests/reg_test.c @@ -197,6 +197,8 @@ static void * test_flow_respond_alloc(void * o) reg_respond_alloc(info, &pbuf, response); + freebuf(pbuf); + return (void *) 0; fail: return (void *) -1; @@ -216,6 +218,8 @@ static void * test_flow_respond_accept(void * o) reg_respond_accept(info, &pbuf); + freebuf(pbuf); + return (void *) 0; fail: return (void *) -1; @@ -485,6 +489,188 @@ static int test_reg_allocate_flow_fail(void) return TEST_RC_FAIL; } +struct direct_alloc_info { + struct flow_info info; + buffer_t rsp; + struct timespec abstime; +}; + +static void * test_flow_alloc_direct(void * o) +{ + struct direct_alloc_info * dai; + buffer_t req; + + dai = (struct direct_alloc_info *) o; + + req.data = (uint8_t *) strdup(TEST_DATA); + if (req.data == NULL) { + printf("Failed to strdup req data.\n"); + goto fail; + } + req.len = strlen(TEST_DATA) + 1; + + if (reg_prepare_flow_direct(&dai->info, &req, 0) < 0) { + printf("Failed to prepare direct flow.\n"); + freebuf(req); + goto fail; + } + + if (reg_wait_flow_direct(dai->info.id, &dai->rsp, &dai->abstime) < 0) { + printf("Failed to wait direct flow.\n"); + goto fail; + } + + return (void *) 0; + fail: + return (void *) -1; +} + +static int test_reg_direct_flow_success(void) +{ + pthread_t thr; + struct timespec abstime; + struct timespec timeo = TIMESPEC_INIT_S(1); + buffer_t rbuf = BUF_INIT; + buffer_t rsp; + struct direct_alloc_info dai; + void * thr_ret; + + struct flow_info info = { + .n_pid = TEST_PID, + .qs = qos_raw + }; + + TEST_START(); + + clock_gettime(PTHREAD_COND_CLOCK, &abstime); + + ts_add(&abstime, &timeo, &abstime); + + if (reg_init() < 0) { + printf("Failed to init registry.\n"); + goto fail; + } + + if (reg_create_flow(&info) < 0) { + printf("Failed to add flow.\n"); + goto fail; + } + + if (reg_prepare_flow_accept(&info) < 0) { + printf("Failed to prepare for accept.\n"); + goto fail; + } + + dai.info.id = info.id; + dai.info.n_1_pid = TEST_N_1_PID; + dai.info.mpl = TEST_MPL; + dai.info.qs = qos_data; + dai.info.state = FLOW_ALLOCATED; + dai.rsp.len = 0; + dai.rsp.data = NULL; + dai.abstime = abstime; + + pthread_create(&thr, NULL, test_flow_alloc_direct, &dai); + + if (reg_wait_flow_accepted(&info, &rbuf, &abstime) < 0) { + printf("Flow accept failed.\n"); + pthread_join(thr, NULL); + reg_destroy_flow(info.id); + reg_fini(); + goto fail; + } + + if (info.state != FLOW_ALLOCATED) { + printf("Flow not in allocated state.\n"); + goto fail; + } + + if (rbuf.data == NULL) { + printf("req_data not received.\n"); + goto fail; + } + + if (strcmp((char *) rbuf.data, TEST_DATA) != 0) { + printf("req_data content mismatch.\n"); + goto fail; + } + + freebuf(rbuf); + + if (!reg_flow_is_direct(info.id)) { + printf("Flow not marked direct.\n"); + goto fail; + } + + rsp.data = (uint8_t *) strdup(TEST_DATA2); + if (rsp.data == NULL) { + printf("Failed to strdup rsp data.\n"); + goto fail; + } + rsp.len = strlen(TEST_DATA2) + 1; + + if (reg_respond_flow_direct(info.id, &rsp) < 0) { + printf("Failed to respond direct.\n"); + freebuf(rsp); + goto fail; + } + + pthread_join(thr, &thr_ret); + + if (thr_ret != (void *) 0) { + printf("Allocator thread failed.\n"); + goto fail; + } + + if (dai.rsp.data == NULL) { + printf("rsp_data not received.\n"); + goto fail; + } + + if (strcmp((char *) dai.rsp.data, TEST_DATA2) != 0) { + printf("rsp_data content mismatch.\n"); + goto fail; + } + + freebuf(dai.rsp); + + reg_dealloc_flow(&info); + + if (info.state != FLOW_DEALLOC_PENDING) { + printf("Flow not in dealloc pending.\n"); + goto fail; + } + + info.n_pid = TEST_PID; + + reg_dealloc_flow(&info); + + if (info.state != FLOW_DEALLOC_PENDING) { + printf("Same endpoint dealloc changed state.\n"); + goto fail; + } + + info.n_pid = TEST_N_1_PID; + + reg_dealloc_flow(&info); + + if (info.state != FLOW_DEALLOCATED) { + printf("Flow not deallocated.\n"); + goto fail; + } + + reg_destroy_flow(info.id); + + reg_fini(); + + TEST_SUCCESS(); + + return TEST_RC_SUCCESS; + fail: + REG_TEST_FAIL(); + return TEST_RC_FAIL; +} + static int test_reg_flow(void) { int rc = 0; @@ -493,6 +679,7 @@ static int test_reg_flow(void) { rc |= test_reg_accept_flow_success(); rc |= test_reg_accept_flow_success_no_crypt(); rc |= test_reg_allocate_flow_fail(); + rc |= test_reg_direct_flow_success(); return rc; } @@ -1304,7 +1491,7 @@ static int test_wait_accepting_fail_name(void) static void * test_call_flow_accept(void * o) { struct timespec abstime; - struct timespec timeo = TIMESPEC_INIT_MS(10); + struct timespec timeo = TIMESPEC_INIT_MS(30); buffer_t pbuf = BUF_INIT; struct proc_info pinfo = TEST_PROC_INFO; diff --git a/src/lib/CMakeLists.txt b/src/lib/CMakeLists.txt index 79263924..f68d3601 100644 --- a/src/lib/CMakeLists.txt +++ b/src/lib/CMakeLists.txt @@ -17,7 +17,10 @@ protobuf_generate_c(IPCP_PROTO_SRCS IPCP_PROTO_HDRS set(SOURCE_FILES_COMMON bitmap.c btree.c - crc32.c + crc/crc8.c + crc/crc16.c + crc/crc32.c + crc/crc64.c crypt.c hash.c lockfile.c @@ -155,5 +158,6 @@ configure_file("${CMAKE_CURRENT_SOURCE_DIR}/ssm/ssm.h.in" if(BUILD_TESTS) add_subdirectory(tests) + add_subdirectory(crc/tests) add_subdirectory(ssm/tests) endif() diff --git a/src/lib/config.h.in b/src/lib/config.h.in index 08e9baf6..d1ae97ef 100644 --- a/src/lib/config.h.in +++ b/src/lib/config.h.in @@ -37,6 +37,8 @@ #cmakedefine QOS_DISABLE_CRC #cmakedefine HAVE_OPENSSL_RNG +#cmakedefine HAVE_PCLMUL +#cmakedefine HAVE_PMULL #define SHM_LOCKFILE_NAME "@SHM_LOCKFILE_NAME@" #define FLOW_ALLOC_TIMEOUT @FLOW_ALLOC_TIMEOUT@ diff --git a/src/lib/crc/crc16.c b/src/lib/crc/crc16.c new file mode 100644 index 00000000..9dc59429 --- /dev/null +++ b/src/lib/crc/crc16.c @@ -0,0 +1,61 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2026 + * + * 16-bit Cyclic Redundancy Check (CCITT-FALSE variant) + * + * Dimitri Staessens <dimitri@ouroboros.rocks> + * Sander Vrijders <sander@ouroboros.rocks> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., http://www.fsf.org/about/contact/. + */ + +/* + * CRC-16/CCITT-FALSE (reveng catalog, alias CRC-16/IBM-3740): + * poly = 0x1021 + * init = 0xffff + * refin = false + * refout = false + * xorout = 0x0000 + * check = crc16_ccitt_false("123456789") == 0x29b1 + */ + +#include "config.h" + +#include <ouroboros/crc16.h> + +/* Bit-by-bit MSB-first CRC. */ +void crc16_ccitt_false(uint16_t * crc, + const void * buf, + size_t len) +{ + const uint8_t * p; + uint16_t c; + size_t n; + int i; + + p = (const uint8_t *) buf; + c = *crc ^ 0xffff; + + for (n = 0; n < len; n++) { + c ^= ((uint16_t) p[n]) << 8; + for (i = 0; i < 8; i++) { + if (c & 0x8000) + c = (uint16_t) ((c << 1) ^ 0x1021); + else + c = (uint16_t) (c << 1); + } + } + + *crc = c; +} diff --git a/src/lib/crc32.c b/src/lib/crc/crc32.c index 0fdb62b1..0fdb62b1 100644 --- a/src/lib/crc32.c +++ b/src/lib/crc/crc32.c diff --git a/src/lib/crc/crc64.c b/src/lib/crc/crc64.c new file mode 100644 index 00000000..1b6fb5f6 --- /dev/null +++ b/src/lib/crc/crc64.c @@ -0,0 +1,363 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2026 + * + * 64-bit Cyclic Redundancy Check (NVMe variant) + * + * Dimitri Staessens <dimitri@ouroboros.rocks> + * Sander Vrijders <sander@ouroboros.rocks> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., http://www.fsf.org/about/contact/. + */ + +/* + * CRC-64/NVMe (reveng catalog): + * poly = 0xad93d23594c93659 + * init = 0xffffffffffffffff + * refin = true + * refout = true + * xorout = 0xffffffffffffffff + * check = crc64_nvme("123456789") == 0xae8b14860a799888 + */ + +#include "config.h" + +#include <ouroboros/crc64.h> + +/* + * Reflected CRC-64/NVMe table. Polynomial in reflected form: + * 0x9a6c9329ac4bc9b5 (bitrev of 0xad93d23594c93659). + */ +static const uint64_t crc64_nvme_tab[256] = { + 0x0000000000000000ULL, 0x7f6ef0c830358979ULL, + 0xfedde190606b12f2ULL, 0x81b31158505e9b8bULL, + 0xc962e5739841b68fULL, 0xb60c15bba8743ff6ULL, + 0x37bf04e3f82aa47dULL, 0x48d1f42bc81f2d04ULL, + 0xa61cecb46814fe75ULL, 0xd9721c7c5821770cULL, + 0x58c10d24087fec87ULL, 0x27affdec384a65feULL, + 0x6f7e09c7f05548faULL, 0x1010f90fc060c183ULL, + 0x91a3e857903e5a08ULL, 0xeecd189fa00bd371ULL, + 0x78e0ff3b88be6f81ULL, 0x078e0ff3b88be6f8ULL, + 0x863d1eabe8d57d73ULL, 0xf953ee63d8e0f40aULL, + 0xb1821a4810ffd90eULL, 0xceecea8020ca5077ULL, + 0x4f5ffbd87094cbfcULL, 0x30310b1040a14285ULL, + 0xdefc138fe0aa91f4ULL, 0xa192e347d09f188dULL, + 0x2021f21f80c18306ULL, 0x5f4f02d7b0f40a7fULL, + 0x179ef6fc78eb277bULL, 0x68f0063448deae02ULL, + 0xe943176c18803589ULL, 0x962de7a428b5bcf0ULL, + 0xf1c1fe77117cdf02ULL, 0x8eaf0ebf2149567bULL, + 0x0f1c1fe77117cdf0ULL, 0x7072ef2f41224489ULL, + 0x38a31b04893d698dULL, 0x47cdebccb908e0f4ULL, + 0xc67efa94e9567b7fULL, 0xb9100a5cd963f206ULL, + 0x57dd12c379682177ULL, 0x28b3e20b495da80eULL, + 0xa900f35319033385ULL, 0xd66e039b2936bafcULL, + 0x9ebff7b0e12997f8ULL, 0xe1d10778d11c1e81ULL, + 0x606216208142850aULL, 0x1f0ce6e8b1770c73ULL, + 0x8921014c99c2b083ULL, 0xf64ff184a9f739faULL, + 0x77fce0dcf9a9a271ULL, 0x08921014c99c2b08ULL, + 0x4043e43f0183060cULL, 0x3f2d14f731b68f75ULL, + 0xbe9e05af61e814feULL, 0xc1f0f56751dd9d87ULL, + 0x2f3dedf8f1d64ef6ULL, 0x50531d30c1e3c78fULL, + 0xd1e00c6891bd5c04ULL, 0xae8efca0a188d57dULL, + 0xe65f088b6997f879ULL, 0x9931f84359a27100ULL, + 0x1882e91b09fcea8bULL, 0x67ec19d339c963f2ULL, + 0xd75adabd7a6e2d6fULL, 0xa8342a754a5ba416ULL, + 0x29873b2d1a053f9dULL, 0x56e9cbe52a30b6e4ULL, + 0x1e383fcee22f9be0ULL, 0x6156cf06d21a1299ULL, + 0xe0e5de5e82448912ULL, 0x9f8b2e96b271006bULL, + 0x71463609127ad31aULL, 0x0e28c6c1224f5a63ULL, + 0x8f9bd7997211c1e8ULL, 0xf0f5275142244891ULL, + 0xb824d37a8a3b6595ULL, 0xc74a23b2ba0eececULL, + 0x46f932eaea507767ULL, 0x3997c222da65fe1eULL, + 0xafba2586f2d042eeULL, 0xd0d4d54ec2e5cb97ULL, + 0x5167c41692bb501cULL, 0x2e0934dea28ed965ULL, + 0x66d8c0f56a91f461ULL, 0x19b6303d5aa47d18ULL, + 0x980521650afae693ULL, 0xe76bd1ad3acf6feaULL, + 0x09a6c9329ac4bc9bULL, 0x76c839faaaf135e2ULL, + 0xf77b28a2faafae69ULL, 0x8815d86aca9a2710ULL, + 0xc0c42c4102850a14ULL, 0xbfaadc8932b0836dULL, + 0x3e19cdd162ee18e6ULL, 0x41773d1952db919fULL, + 0x269b24ca6b12f26dULL, 0x59f5d4025b277b14ULL, + 0xd846c55a0b79e09fULL, 0xa72835923b4c69e6ULL, + 0xeff9c1b9f35344e2ULL, 0x90973171c366cd9bULL, + 0x1124202993385610ULL, 0x6e4ad0e1a30ddf69ULL, + 0x8087c87e03060c18ULL, 0xffe938b633338561ULL, + 0x7e5a29ee636d1eeaULL, 0x0134d92653589793ULL, + 0x49e52d0d9b47ba97ULL, 0x368bddc5ab7233eeULL, + 0xb738cc9dfb2ca865ULL, 0xc8563c55cb19211cULL, + 0x5e7bdbf1e3ac9decULL, 0x21152b39d3991495ULL, + 0xa0a63a6183c78f1eULL, 0xdfc8caa9b3f20667ULL, + 0x97193e827bed2b63ULL, 0xe877ce4a4bd8a21aULL, + 0x69c4df121b863991ULL, 0x16aa2fda2bb3b0e8ULL, + 0xf86737458bb86399ULL, 0x8709c78dbb8deae0ULL, + 0x06bad6d5ebd3716bULL, 0x79d4261ddbe6f812ULL, + 0x3105d23613f9d516ULL, 0x4e6b22fe23cc5c6fULL, + 0xcfd833a67392c7e4ULL, 0xb0b6c36e43a74e9dULL, + 0x9a6c9329ac4bc9b5ULL, 0xe50263e19c7e40ccULL, + 0x64b172b9cc20db47ULL, 0x1bdf8271fc15523eULL, + 0x530e765a340a7f3aULL, 0x2c608692043ff643ULL, + 0xadd397ca54616dc8ULL, 0xd2bd67026454e4b1ULL, + 0x3c707f9dc45f37c0ULL, 0x431e8f55f46abeb9ULL, + 0xc2ad9e0da4342532ULL, 0xbdc36ec59401ac4bULL, + 0xf5129aee5c1e814fULL, 0x8a7c6a266c2b0836ULL, + 0x0bcf7b7e3c7593bdULL, 0x74a18bb60c401ac4ULL, + 0xe28c6c1224f5a634ULL, 0x9de29cda14c02f4dULL, + 0x1c518d82449eb4c6ULL, 0x633f7d4a74ab3dbfULL, + 0x2bee8961bcb410bbULL, 0x548079a98c8199c2ULL, + 0xd53368f1dcdf0249ULL, 0xaa5d9839ecea8b30ULL, + 0x449080a64ce15841ULL, 0x3bfe706e7cd4d138ULL, + 0xba4d61362c8a4ab3ULL, 0xc52391fe1cbfc3caULL, + 0x8df265d5d4a0eeceULL, 0xf29c951de49567b7ULL, + 0x732f8445b4cbfc3cULL, 0x0c41748d84fe7545ULL, + 0x6bad6d5ebd3716b7ULL, 0x14c39d968d029fceULL, + 0x95708ccedd5c0445ULL, 0xea1e7c06ed698d3cULL, + 0xa2cf882d2576a038ULL, 0xdda178e515432941ULL, + 0x5c1269bd451db2caULL, 0x237c997575283bb3ULL, + 0xcdb181ead523e8c2ULL, 0xb2df7122e51661bbULL, + 0x336c607ab548fa30ULL, 0x4c0290b2857d7349ULL, + 0x04d364994d625e4dULL, 0x7bbd94517d57d734ULL, + 0xfa0e85092d094cbfULL, 0x856075c11d3cc5c6ULL, + 0x134d926535897936ULL, 0x6c2362ad05bcf04fULL, + 0xed9073f555e26bc4ULL, 0x92fe833d65d7e2bdULL, + 0xda2f7716adc8cfb9ULL, 0xa54187de9dfd46c0ULL, + 0x24f29686cda3dd4bULL, 0x5b9c664efd965432ULL, + 0xb5517ed15d9d8743ULL, 0xca3f8e196da80e3aULL, + 0x4b8c9f413df695b1ULL, 0x34e26f890dc31cc8ULL, + 0x7c339ba2c5dc31ccULL, 0x035d6b6af5e9b8b5ULL, + 0x82ee7a32a5b7233eULL, 0xfd808afa9582aa47ULL, + 0x4d364994d625e4daULL, 0x3258b95ce6106da3ULL, + 0xb3eba804b64ef628ULL, 0xcc8558cc867b7f51ULL, + 0x8454ace74e645255ULL, 0xfb3a5c2f7e51db2cULL, + 0x7a894d772e0f40a7ULL, 0x05e7bdbf1e3ac9deULL, + 0xeb2aa520be311aafULL, 0x944455e88e0493d6ULL, + 0x15f744b0de5a085dULL, 0x6a99b478ee6f8124ULL, + 0x224840532670ac20ULL, 0x5d26b09b16452559ULL, + 0xdc95a1c3461bbed2ULL, 0xa3fb510b762e37abULL, + 0x35d6b6af5e9b8b5bULL, 0x4ab846676eae0222ULL, + 0xcb0b573f3ef099a9ULL, 0xb465a7f70ec510d0ULL, + 0xfcb453dcc6da3dd4ULL, 0x83daa314f6efb4adULL, + 0x0269b24ca6b12f26ULL, 0x7d0742849684a65fULL, + 0x93ca5a1b368f752eULL, 0xeca4aad306bafc57ULL, + 0x6d17bb8b56e467dcULL, 0x12794b4366d1eea5ULL, + 0x5aa8bf68aecec3a1ULL, 0x25c64fa09efb4ad8ULL, + 0xa4755ef8cea5d153ULL, 0xdb1bae30fe90582aULL, + 0xbcf7b7e3c7593bd8ULL, 0xc399472bf76cb2a1ULL, + 0x422a5673a732292aULL, 0x3d44a6bb9707a053ULL, + 0x759552905f188d57ULL, 0x0afba2586f2d042eULL, + 0x8b48b3003f739fa5ULL, 0xf42643c80f4616dcULL, + 0x1aeb5b57af4dc5adULL, 0x6585ab9f9f784cd4ULL, + 0xe436bac7cf26d75fULL, 0x9b584a0fff135e26ULL, + 0xd389be24370c7322ULL, 0xace74eec0739fa5bULL, + 0x2d545fb4576761d0ULL, 0x523aaf7c6752e8a9ULL, + 0xc41748d84fe75459ULL, 0xbb79b8107fd2dd20ULL, + 0x3acaa9482f8c46abULL, 0x45a459801fb9cfd2ULL, + 0x0d75adabd7a6e2d6ULL, 0x721b5d63e7936bafULL, + 0xf3a84c3bb7cdf024ULL, 0x8cc6bcf387f8795dULL, + 0x620ba46c27f3aa2cULL, 0x1d6554a417c62355ULL, + 0x9cd645fc4798b8deULL, 0xe3b8b53477ad31a7ULL, + 0xab69411fbfb21ca3ULL, 0xd407b1d78f8795daULL, + 0x55b4a08fdfd90e51ULL, 0x2ada5047efec8728ULL +}; + +static __inline__ uint64_t crc64_nvme_step(uint64_t c, + const uint8_t * p, + size_t len) +{ + size_t n; + + for (n = 0; n < len; n++) + c = crc64_nvme_tab[(c ^ p[n]) & 0xff] ^ (c >> 8); + + return c; +} + +void crc64_nvme_table(uint64_t * crc, + const void * buf, + size_t len) +{ + uint64_t c; + + c = crc64_nvme_step(*crc ^ UINT64_MAX, + (const uint8_t *) buf, len); + + *crc = c ^ UINT64_MAX; +} + +#ifdef HAVE_PCLMUL + +#include <smmintrin.h> +#include <wmmintrin.h> + +/* + * Fold-by-16 constants for reflected CRC-64/NVMe. Properties of the + * polynomial; identical between the PCLMUL and PMULL backends. + * k3 = bitrev64(x^(128+64) mod P) << 1 + * k4 = bitrev64(x^(128+0) mod P) << 1 + */ +static const uint64_t k3_clmul = 0xeadc41fd2ba3d420ULL; +static const uint64_t k4_clmul = 0x21e9761e252621acULL; + +__attribute__((target("pclmul,sse4.1"))) +static __m128i fold16(__m128i x, + __m128i k) +{ + __m128i lo; + __m128i hi; + + lo = _mm_clmulepi64_si128(x, k, 0x00); + hi = _mm_clmulepi64_si128(x, k, 0x11); + return _mm_xor_si128(lo, hi); +} + +/* + * Fold-by-16 over 16-byte chunks; the 128-bit folded state is then + * emitted as 16 little-endian bytes and run through the byte-table + * loop together with any tail (<=15 bytes). The 16-byte minimum on + * the bulk loop is why the short-input path uses the table directly. + */ +__attribute__((target("pclmul,sse4.1"))) +static void crc64_nvme_clmul(uint64_t * crc, + const void * buf, + size_t len) +{ + const uint8_t * p; + uint64_t seed; + uint64_t c; + size_t off; + __m128i x; + __m128i k; + uint8_t post[16]; + + p = (const uint8_t *) buf; + seed = *crc; + + if (len < 16) { + c = crc64_nvme_step(seed ^ UINT64_MAX, p, len); + *crc = c ^ UINT64_MAX; + return; + } + + x = _mm_loadu_si128((const __m128i *) p); + x = _mm_xor_si128(x, _mm_cvtsi64_si128((int64_t) + (seed ^ UINT64_MAX))); + + k = _mm_set_epi64x((int64_t) k4_clmul, (int64_t) k3_clmul); + + off = 16; + while (off + 16 <= len) { + __m128i d; + + d = _mm_loadu_si128((const __m128i *) (p + off)); + x = _mm_xor_si128(fold16(x, k), d); + off += 16; + } + + _mm_storeu_si128((__m128i *) post, x); + + c = crc64_nvme_step(0, post, 16); + c = crc64_nvme_step(c, p + off, len - off); + + *crc = c ^ UINT64_MAX; +} + +#endif /* HAVE_PCLMUL */ + +#ifdef HAVE_PMULL + +#include <arm_neon.h> + +/* Same fold-by-16 constants as the PCLMUL path (poly properties). */ +static const uint64_t k3_pmull = 0xeadc41fd2ba3d420ULL; +static const uint64_t k4_pmull = 0x21e9761e252621acULL; + +__attribute__((target("+crypto"))) +static uint64x2_t fold16_pmull(uint64x2_t x, + uint64x2_t k) +{ + poly64x2_t xp; + poly64x2_t kp; + uint64x2_t lo; + uint64x2_t hi; + + xp = vreinterpretq_p64_u64(x); + kp = vreinterpretq_p64_u64(k); + lo = vreinterpretq_u64_p128( + vmull_p64((poly64_t) vgetq_lane_u64(x, 0), + (poly64_t) vgetq_lane_u64(k, 0))); + hi = vreinterpretq_u64_p128(vmull_high_p64(xp, kp)); + return veorq_u64(lo, hi); +} + +__attribute__((target("+crypto"))) +static void crc64_nvme_pmull(uint64_t * crc, + const void * buf, + size_t len) +{ + const uint8_t * p; + uint64_t seed; + uint64_t c; + size_t off; + uint64x2_t x; + uint64x2_t k; + uint64_t seed_lane[2]; + uint64_t k_lanes[2]; + uint8_t post[16]; + + p = (const uint8_t *) buf; + seed = *crc; + + if (len < 16) { + c = crc64_nvme_step(seed ^ UINT64_MAX, p, len); + *crc = c ^ UINT64_MAX; + return; + } + + x = vld1q_u64((const uint64_t *) p); + seed_lane[0] = seed ^ UINT64_MAX; + seed_lane[1] = 0; + x = veorq_u64(x, vld1q_u64(seed_lane)); + + k_lanes[0] = k3_pmull; + k_lanes[1] = k4_pmull; + k = vld1q_u64(k_lanes); + + off = 16; + while (off + 16 <= len) { + uint64x2_t d; + + d = vld1q_u64((const uint64_t *) (p + off)); + x = veorq_u64(fold16_pmull(x, k), d); + off += 16; + } + + vst1q_u8(post, vreinterpretq_u8_u64(x)); + + c = crc64_nvme_step(0, post, 16); + c = crc64_nvme_step(c, p + off, len - off); + + *crc = c ^ UINT64_MAX; +} +#endif /* HAVE_PMULL */ + +void crc64_nvme(uint64_t * crc, + const void * buf, + size_t len) +{ +#ifdef HAVE_PCLMUL + crc64_nvme_clmul(crc, buf, len); +#elif defined(HAVE_PMULL) + crc64_nvme_pmull(crc, buf, len); +#else + crc64_nvme_table(crc, buf, len); +#endif +} diff --git a/src/lib/crc/crc8.c b/src/lib/crc/crc8.c new file mode 100644 index 00000000..20976b29 --- /dev/null +++ b/src/lib/crc/crc8.c @@ -0,0 +1,62 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2026 + * + * 8-bit Cyclic Redundancy Check (AUTOSAR variant) + * + * Dimitri Staessens <dimitri@ouroboros.rocks> + * Sander Vrijders <sander@ouroboros.rocks> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1 as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., http://www.fsf.org/about/contact/. + */ + +/* + * CRC-8/AUTOSAR (reveng catalog): + * poly = 0x2f + * init = 0xff + * refin = false + * refout = false + * xorout = 0xff + * check = crc8_autosar("123456789") == 0xdf + */ + +#include "config.h" + +#include <ouroboros/crc8.h> + + + /* Bit-by-bit MSB-first CRC. */ +void crc8_autosar(uint8_t * crc, + const void * buf, + size_t len) +{ + const uint8_t * p; + uint8_t c; + size_t n; + int i; + + p = (const uint8_t *) buf; + c = *crc ^ 0xff; + + for (n = 0; n < len; n++) { + c ^= p[n]; + for (i = 0; i < 8; i++) { + if (c & 0x80) + c = (uint8_t) ((c << 1) ^ 0x2f); + else + c = (uint8_t) (c << 1); + } + } + + *crc = c ^ 0xff; +} diff --git a/src/lib/crc/tests/CMakeLists.txt b/src/lib/crc/tests/CMakeLists.txt new file mode 100644 index 00000000..11daca5a --- /dev/null +++ b/src/lib/crc/tests/CMakeLists.txt @@ -0,0 +1,21 @@ +get_filename_component(PARENT_PATH ${CMAKE_CURRENT_SOURCE_DIR} DIRECTORY) +get_filename_component(PARENT_DIR ${PARENT_PATH} NAME) + +compute_test_prefix() + +create_test_sourcelist(${PARENT_DIR}_tests test_suite.c + # Add new tests here + crc8_test.c + crc16_test.c + crc32_test.c + crc64_test.c + ) + +add_executable(${PARENT_DIR}_test ${${PARENT_DIR}_tests}) + +disable_test_logging_for_target(${PARENT_DIR}_test) +target_link_libraries(${PARENT_DIR}_test ouroboros-common) + +add_dependencies(build_tests ${PARENT_DIR}_test) + +ouroboros_register_tests(TARGET ${PARENT_DIR}_test TESTS ${${PARENT_DIR}_tests}) diff --git a/src/lib/crc/tests/crc16_test.c b/src/lib/crc/tests/crc16_test.c new file mode 100644 index 00000000..03a5b504 --- /dev/null +++ b/src/lib/crc/tests/crc16_test.c @@ -0,0 +1,67 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2026 + * + * Test of the CRC-16/CCITT-FALSE function + * + * Dimitri Staessens <dimitri@ouroboros.rocks> + * Sander Vrijders <sander@ouroboros.rocks> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., http://www.fsf.org/about/contact/. + */ + +#include "config.h" + +#include <ouroboros/crc16.h> + +#include <test/test.h> + +#include <stddef.h> +#include <stdint.h> +#include <stdio.h> + +/* reveng-catalog smoke vectors. */ +static int test_crc16_ccitt_false_basic(void) +{ + uint16_t crc; + + TEST_START(); + + crc = 0; + crc16_ccitt_false(&crc, "", 0); + if (crc != 0xffff) + goto fail; + + crc = 0; + crc16_ccitt_false(&crc, "123456789", 9); + if (crc != 0x29b1) + goto fail; + + TEST_SUCCESS(); + return TEST_RC_SUCCESS; + fail: + TEST_FAIL(); + return TEST_RC_FAIL; +} + +int crc16_test(int argc, + char ** argv) +{ + int ret = 0; + + (void) argc; + (void) argv; + + ret |= test_crc16_ccitt_false_basic(); + return ret; +} diff --git a/src/lib/tests/crc32_test.c b/src/lib/crc/tests/crc32_test.c index 5a1ddd87..5a1ddd87 100644 --- a/src/lib/tests/crc32_test.c +++ b/src/lib/crc/tests/crc32_test.c diff --git a/src/lib/crc/tests/crc64_test.c b/src/lib/crc/tests/crc64_test.c new file mode 100644 index 00000000..cf3f5ca3 --- /dev/null +++ b/src/lib/crc/tests/crc64_test.c @@ -0,0 +1,126 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2026 + * + * Test of the CRC-64/NVMe function + * + * Dimitri Staessens <dimitri@ouroboros.rocks> + * Sander Vrijders <sander@ouroboros.rocks> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., http://www.fsf.org/about/contact/. + */ + +#include "config.h" + +#include <ouroboros/crc64.h> +#include <ouroboros/random.h> + +#include <test/test.h> + +#include <stddef.h> +#include <stdint.h> +#include <stdio.h> + +/* Reference impl, internal to libouroboros-common. */ +extern void crc64_nvme_table(uint64_t * crc, + const void * buf, + size_t len); + +/* reveng-catalog smoke vectors plus a 16-byte fold-boundary check. */ +static int test_crc64_nvme_basic(void) +{ + uint64_t crc; + + TEST_START(); + + crc = 0; + crc64_nvme(&crc, "", 0); + if (crc != 0x0000000000000000ULL) + goto fail; + + crc = 0; + crc64_nvme(&crc, "123456789", 9); + if (crc != 0xae8b14860a799888ULL) + goto fail; + + crc = 0; + crc64_nvme(&crc, "0123456789abcdef", 16); + if (crc != 0x091485ca7018730eULL) + goto fail; + + TEST_SUCCESS(); + return TEST_RC_SUCCESS; + fail: + TEST_FAIL(); + return TEST_RC_FAIL; +} + +#if defined(HAVE_PCLMUL) || defined(HAVE_PMULL) +/* Cross-check the accelerated dispatcher path against the byte-table. */ +static int test_crc64_nvme_random(void) +{ + static const size_t lens[] = { + 0, 1, 7, 8, 15, 16, 17, 31, 32, 33, 63, 64, 65, 127, 128, + 129, 255, 256, 257, 1023, 1024, 1025, 4096 + }; + uint8_t buf[4096]; + size_t i; + uint64_t ref; + uint64_t got; + + TEST_START(); + + if (random_buffer(buf, sizeof(buf)) < 0) { + printf("Failed to generate random data.\n"); + goto fail; + } + + for (i = 0; i < sizeof(lens) / sizeof(lens[0]); i++) { + ref = 0; + crc64_nvme_table(&ref, buf, lens[i]); + + got = 0; + crc64_nvme(&got, buf, lens[i]); + + if (ref == got) + continue; + + printf("Mismatch at len=%zu: table=0x%016lx disp=0x%016lx\n", + lens[i], + (unsigned long) ref, + (unsigned long) got); + goto fail; + } + + TEST_SUCCESS(); + return TEST_RC_SUCCESS; + fail: + TEST_FAIL(); + return TEST_RC_FAIL; +#endif +} + +int crc64_test(int argc, + char ** argv) +{ + int ret = 0; + + (void) argc; + (void) argv; + + ret |= test_crc64_nvme_basic(); +#if defined(HAVE_PCLMUL) || defined(HAVE_PMULL) + ret |= test_crc64_nvme_random(); +#endif + return ret; +} diff --git a/src/lib/crc/tests/crc8_test.c b/src/lib/crc/tests/crc8_test.c new file mode 100644 index 00000000..f7bb33b8 --- /dev/null +++ b/src/lib/crc/tests/crc8_test.c @@ -0,0 +1,67 @@ +/* + * Ouroboros - Copyright (C) 2016 - 2026 + * + * Test of the CRC-8/AUTOSAR function + * + * Dimitri Staessens <dimitri@ouroboros.rocks> + * Sander Vrijders <sander@ouroboros.rocks> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., http://www.fsf.org/about/contact/. + */ + +#include "config.h" + +#include <ouroboros/crc8.h> + +#include <test/test.h> + +#include <stddef.h> +#include <stdint.h> +#include <stdio.h> + +/* reveng-catalog smoke vectors. */ +static int test_crc8_autosar_basic(void) +{ + uint8_t crc; + + TEST_START(); + + crc = 0; + crc8_autosar(&crc, "", 0); + if (crc != 0x00) + goto fail; + + crc = 0; + crc8_autosar(&crc, "123456789", 9); + if (crc != 0xdf) + goto fail; + + TEST_SUCCESS(); + return TEST_RC_SUCCESS; + fail: + TEST_FAIL(); + return TEST_RC_FAIL; +} + +int crc8_test(int argc, + char ** argv) +{ + int ret = 0; + + (void) argc; + (void) argv; + + ret |= test_crc8_autosar_basic(); + return ret; +} diff --git a/src/lib/crypt.c b/src/lib/crypt.c index cd3421dd..71197f6e 100644 --- a/src/lib/crypt.c +++ b/src/lib/crypt.c @@ -1094,6 +1094,13 @@ void crypt_secure_malloc_fini(void) #endif } +void crypt_cleanup(void) +{ +#ifdef HAVE_OPENSSL + openssl_cleanup(); +#endif +} + void * crypt_secure_malloc(size_t size) { #ifdef HAVE_OPENSSL diff --git a/src/lib/crypt/openssl.c b/src/lib/crypt/openssl.c index 573bc0b3..5916e3cb 100644 --- a/src/lib/crypt/openssl.c +++ b/src/lib/crypt/openssl.c @@ -629,7 +629,7 @@ ssize_t openssl_pkp_create(const char * algo, return (ssize_t) raw.len; } else { /* DER encode standard algorithms */ - pos = pk; /* i2d_PUBKEY increments the pointer, don't use pk! */ + pos = pk; /* i2d_PUBKEY increments the ptr, don't use pk! */ len = i2d_PUBKEY(*pkp, &pos); if (len < 0) goto fail_pubkey; @@ -666,7 +666,7 @@ static ssize_t __openssl_kem_encap(EVP_PKEY * pub, /* Get required lengths */ ret = EVP_PKEY_encapsulate(ctx, NULL, &ct_len, NULL, &secret_len); - if (ret != 1 || ct_len > MSGBUFSZ) + if (ret != 1 || ct_len > CRYPT_KEY_BUFSZ) goto fail_encap; /* Allocate buffer for secret */ @@ -1283,24 +1283,14 @@ int openssl_load_privkey_file(const char * path, { FILE * fp; EVP_PKEY * pkey; - unsigned long err; - char errbuf[256]; fp = fopen(path, "r"); - if (fp == NULL) { - fprintf(stderr, "Failed to open %s\n", path); + if (fp == NULL) goto fail_file; - } pkey = PEM_read_PrivateKey(fp, NULL, NULL, ""); - if (pkey == NULL) { - err = ERR_get_error(); - ERR_error_string_n(err, errbuf, sizeof(errbuf)); - fprintf(stderr, - "OpenSSL error loading privkey from %s: %s\n", - path, errbuf); + if (pkey == NULL) goto fail_key; - } fclose(fp); @@ -1442,7 +1432,7 @@ int openssl_load_pubkey_raw_file(const char * path, buffer_t * buf) { FILE * fp; - uint8_t tmp_buf[MSGBUFSZ]; + uint8_t tmp_buf[CRYPT_KEY_BUFSZ]; size_t bytes_read; const char * algo; @@ -1453,7 +1443,7 @@ int openssl_load_pubkey_raw_file(const char * path, if (fp == NULL) goto fail_file; - bytes_read = fread(tmp_buf, 1, MSGBUFSZ, fp); + bytes_read = fread(tmp_buf, 1, CRYPT_KEY_BUFSZ, fp); if (bytes_read == 0) goto fail_read; @@ -1658,25 +1648,33 @@ int openssl_crt_str(const void * crt, int openssl_crt_der(const void * crt, buffer_t * buf) { - int len; + uint8_t * p; + int len; assert(crt != NULL); assert(buf != NULL); - len = i2d_X509((X509 *) crt, &buf->data); + /* Get the size by encoding to NULL */ + len = i2d_X509((X509 *) crt, NULL); if (len < 0) - goto fail_der; + goto fail_len; + buf->data = malloc((size_t) len); + if (buf->data == NULL) + goto fail_malloc; + + p = buf->data; /* i2d_X509 increments p */ + i2d_X509((X509 *) crt, &p); buf->len = (size_t) len; return 0; - fail_der: + fail_malloc: + fail_len: clrbuf(*buf); return -1; } - void * openssl_auth_create_store(void) { return X509_STORE_new(); @@ -1878,3 +1876,7 @@ void openssl_secure_clear(void * ptr, { OPENSSL_cleanse(ptr, size); } +void openssl_cleanup(void) +{ + OPENSSL_cleanup(); +} diff --git a/src/lib/crypt/openssl.h b/src/lib/crypt/openssl.h index b95d1b0b..af285232 100644 --- a/src/lib/crypt/openssl.h +++ b/src/lib/crypt/openssl.h @@ -169,4 +169,6 @@ void openssl_secure_free(void * ptr, void openssl_secure_clear(void * ptr, size_t size); +void openssl_cleanup(void); + #endif /* OUROBOROS_LIB_CRYPT_OPENSSL_H */ diff --git a/src/lib/dev.c b/src/lib/dev.c index 9cfc24ee..ff63b818 100644 --- a/src/lib/dev.c +++ b/src/lib/dev.c @@ -1284,7 +1284,7 @@ static int flow_tx_spb(struct flow * flow, pthread_rwlock_unlock(&proc.lock); - idx = ssm_pk_buff_get_idx(spb); + idx = ssm_pk_buff_get_off(spb); pthread_rwlock_rdlock(&proc.lock); @@ -2036,7 +2036,7 @@ int ipcp_flow_write(int fd, } static int pool_copy_spb(struct ssm_pool * src_pool, - ssize_t src_idx, + ssize_t src_off, struct ssm_pool * dst_pool, struct ssm_pk_buff ** dst_spb) { @@ -2044,16 +2044,14 @@ static int pool_copy_spb(struct ssm_pool * src_pool, uint8_t * ptr; size_t len; - src = ssm_pool_get(src_pool, src_idx); + src = ssm_pool_get(src_pool, src_off); len = ssm_pk_buff_len(src); - if (ssm_pool_alloc(dst_pool, len, &ptr, dst_spb) < 0) { - ssm_pool_remove(src_pool, src_idx); + if (ssm_pool_alloc(dst_pool, len, &ptr, dst_spb) < 0) return -ENOMEM; - } memcpy(ptr, ssm_pk_buff_head(src), len); - ssm_pool_remove(src_pool, src_idx); + ssm_pool_remove(src_pool, src_off); return 0; } @@ -2063,7 +2061,7 @@ int np1_flow_read(int fd, struct ssm_pool * pool) { struct flow * flow; - ssize_t idx = -1; + ssize_t off = -1; assert(fd >= 0 && fd < SYS_MAX_FLOWS); assert(spb); @@ -2074,20 +2072,22 @@ int np1_flow_read(int fd, pthread_rwlock_rdlock(&proc.lock); - idx = ssm_rbuff_read(flow->rx_rb); - if (idx < 0) { + off = ssm_rbuff_read(flow->rx_rb); + if (off < 0) { pthread_rwlock_unlock(&proc.lock); - return idx; + return off; } pthread_rwlock_unlock(&proc.lock); if (pool == NULL) { - *spb = ssm_pool_get(proc.pool, idx); + *spb = ssm_pool_get(proc.pool, off); } else { /* Cross-pool copy: PUP -> GSPP */ - if (pool_copy_spb(pool, idx, proc.pool, spb) < 0) + if (pool_copy_spb(pool, off, proc.pool, spb) < 0) { + ssm_pool_remove(pool, off); return -ENOMEM; + } } return 0; @@ -2100,7 +2100,8 @@ int np1_flow_write(int fd, struct flow * flow; struct ssm_pk_buff * dst; int ret; - ssize_t idx; + ssize_t src_off; + ssize_t dst_off; assert(fd >= 0 && fd < SYS_MAX_FLOWS); assert(spb); @@ -2121,27 +2122,28 @@ int np1_flow_write(int fd, pthread_rwlock_unlock(&proc.lock); - idx = ssm_pk_buff_get_idx(spb); + src_off = ssm_pk_buff_get_off(spb); if (pool == NULL) { - ret = ssm_rbuff_write_b(flow->tx_rb, idx, NULL); + ret = ssm_rbuff_write_b(flow->tx_rb, src_off, NULL); if (ret < 0) - ssm_pool_remove(proc.pool, idx); - else - ssm_flow_set_notify(flow->set, flow->info.id, FLOW_PKT); + return ret; + ssm_flow_set_notify(flow->set, flow->info.id, FLOW_PKT); } else { /* Cross-pool copy: GSPP -> PUP */ - if (pool_copy_spb(proc.pool, idx, pool, &dst) < 0) + if (pool_copy_spb(proc.pool, src_off, pool, &dst) < 0) return -ENOMEM; - idx = ssm_pk_buff_get_idx(dst); - ret = ssm_rbuff_write_b(flow->tx_rb, idx, NULL); - if (ret < 0) - ssm_pool_remove(pool, idx); - else - ssm_flow_set_notify(flow->set, flow->info.id, FLOW_PKT); + dst_off = ssm_pk_buff_get_off(dst); + ret = ssm_rbuff_write_b(flow->tx_rb, dst_off, NULL); + if (ret < 0) { + ssm_pool_remove(pool, dst_off); + return ret; + } + ssm_flow_set_notify(flow->set, flow->info.id, FLOW_PKT); + ssm_pool_remove(proc.pool, src_off); } - return ret; + return 0; } int ipcp_spb_reserve(struct ssm_pk_buff ** spb, @@ -2152,7 +2154,7 @@ int ipcp_spb_reserve(struct ssm_pk_buff ** spb, void ipcp_spb_release(struct ssm_pk_buff * spb) { - ssm_pool_remove(proc.pool, ssm_pk_buff_get_idx(spb)); + ssm_pool_remove(proc.pool, ssm_pk_buff_get_off(spb)); } int ipcp_flow_fini(int fd) @@ -2227,7 +2229,8 @@ int local_flow_transfer(int src_fd, struct ssm_pk_buff * dst_spb; struct ssm_pool * sp; struct ssm_pool * dp; - ssize_t idx; + ssize_t src_off; + ssize_t dst_off; int ret; assert(src_fd >= 0); @@ -2241,15 +2244,15 @@ int local_flow_transfer(int src_fd, pthread_rwlock_rdlock(&proc.lock); - idx = ssm_rbuff_read(src_flow->rx_rb); - if (idx < 0) { + src_off = ssm_rbuff_read(src_flow->rx_rb); + if (src_off < 0) { pthread_rwlock_unlock(&proc.lock); - return idx; + return src_off; } if (dst_flow->info.id < 0) { pthread_rwlock_unlock(&proc.lock); - ssm_pool_remove(sp, idx); + ssm_pool_remove(sp, src_off); return -ENOTALLOC; } @@ -2257,21 +2260,23 @@ int local_flow_transfer(int src_fd, if (sp == dp) { /* Same pool: zero-copy */ - ret = ssm_rbuff_write_b(dst_flow->tx_rb, idx, NULL); + ret = ssm_rbuff_write_b(dst_flow->tx_rb, src_off, NULL); if (ret < 0) - ssm_pool_remove(sp, idx); + ssm_pool_remove(sp, src_off); else ssm_flow_set_notify(dst_flow->set, dst_flow->info.id, FLOW_PKT); } else { /* Different pools: single copy */ - if (pool_copy_spb(sp, idx, dp, &dst_spb) < 0) + if (pool_copy_spb(sp, src_off, dp, &dst_spb) < 0) { + ssm_pool_remove(sp, src_off); return -ENOMEM; + } - idx = ssm_pk_buff_get_idx(dst_spb); - ret = ssm_rbuff_write_b(dst_flow->tx_rb, idx, NULL); + dst_off = ssm_pk_buff_get_off(dst_spb); + ret = ssm_rbuff_write_b(dst_flow->tx_rb, dst_off, NULL); if (ret < 0) - ssm_pool_remove(dp, idx); + ssm_pool_remove(dp, dst_off); else ssm_flow_set_notify(dst_flow->set, dst_flow->info.id, FLOW_PKT); diff --git a/src/lib/frct.c b/src/lib/frct.c index fad2cf69..4d14362e 100644 --- a/src/lib/frct.c +++ b/src/lib/frct.c @@ -815,7 +815,7 @@ static void __frcti_rcv(struct frcti * frcti, pci = (struct frct_pci *) ssm_pk_buff_head_release(spb, FRCT_PCILEN); - idx = ssm_pk_buff_get_idx(spb); + idx = ssm_pk_buff_get_off(spb); seqno = ntoh32(pci->seqno); pos = seqno & (RQ_SIZE - 1); diff --git a/src/lib/hash.c b/src/lib/hash.c index 7adee968..7ffa5bc1 100644 --- a/src/lib/hash.c +++ b/src/lib/hash.c @@ -39,6 +39,9 @@ #include <ouroboros/md5.h> #include <ouroboros/sha3.h> #endif +#include <ouroboros/crc8.h> +#include <ouroboros/crc16.h> +#include <ouroboros/crc64.h> #include <string.h> #include <assert.h> #include <stdbool.h> @@ -69,6 +72,12 @@ int hash_len_tbl [] = { uint16_t hash_len(enum hash_algo algo) { + if (algo == HASH_CRC8) + return CRC8_HASH_LEN; + if (algo == HASH_CRC16) + return CRC16_HASH_LEN; + if (algo == HASH_CRC64) + return CRC64_HASH_LEN; #ifdef HAVE_LIBGCRYPT return (uint16_t) gcry_md_get_algo_dlen(gcry_algo_tbl[algo]); #else @@ -81,6 +90,27 @@ void mem_hash(enum hash_algo algo, const uint8_t * buf, size_t len) { + if (algo == HASH_CRC8) { + uint8_t crc = 0; + + crc8_autosar(&crc, buf, len); + *(uint8_t *) dst = crc; + return; + } + if (algo == HASH_CRC16) { + uint16_t crc = 0; + + crc16_ccitt_false(&crc, buf, len); + *(uint16_t *) dst = htobe16(crc); + return; + } + if (algo == HASH_CRC64) { + uint64_t crc = 0; + + crc64_nvme(&crc, buf, len); + *(uint64_t *) dst = htobe64(crc); + return; + } #ifdef HAVE_LIBGCRYPT gcry_md_hash_buffer(gcry_algo_tbl[algo], dst, buf, len); #else diff --git a/src/lib/irm.c b/src/lib/irm.c index 594014f7..c62701aa 100644 --- a/src/lib/irm.c +++ b/src/lib/irm.c @@ -614,7 +614,7 @@ ssize_t irm_list_names(struct name_info ** names) return 0; } - *names = malloc(nr * sizeof(**names)); + *names = calloc(nr, sizeof(**names)); if (*names == NULL) { irm_msg__free_unpacked(recv_msg, NULL); return -ENOMEM; diff --git a/src/lib/protobuf.c b/src/lib/protobuf.c index 6c80cfc2..28b3aab2 100644 --- a/src/lib/protobuf.c +++ b/src/lib/protobuf.c @@ -137,7 +137,7 @@ name_info_msg_t * name_info_s_to_msg(const struct name_info * info) goto fail_msg; msg->ckey = strdup(info->c.key); - if (msg->skey == NULL) + if (msg->ckey == NULL) goto fail_msg; msg->ccrt = strdup(info->c.crt); @@ -161,6 +161,8 @@ struct name_info name_info_msg_to_s(const name_info_msg_t * msg) assert(msg != NULL); assert(strlen(msg->name) <= NAME_SIZE); + memset(&s, 0, sizeof(s)); + strcpy(s.name, msg->name); strcpy(s.s.key, msg->skey); strcpy(s.s.crt, msg->scrt); @@ -550,7 +552,7 @@ struct udp4_config udp4_config_msg_to_s(const udp4_config_msg_t * msg) return s; } -#define IN6_LEN sizeof(struct in6_addr) +#define IN6_LEN (size_t) sizeof(struct in6_addr) udp6_config_msg_t * udp6_config_s_to_msg(const struct udp6_config * s) { udp6_config_msg_t * msg; diff --git a/src/lib/ssm/pool.c b/src/lib/ssm/pool.c index 97313e7d..6829b217 100644 --- a/src/lib/ssm/pool.c +++ b/src/lib/ssm/pool.c @@ -107,6 +107,8 @@ static const struct ssm_size_class_cfg ssm_pup_cfg[SSM_POOL_MAX_CLASSES] = { : SSM_PUP_FILE_SIZE) #define GET_POOL_CFG(uid) (IS_GSPP(uid) ? ssm_gspp_cfg : ssm_pup_cfg) +#define NEEDS_CHOWN(uid, gid) ((uid) != geteuid() || (gid) != getegid()) + struct ssm_pool { uint8_t * shm_base; /* start of blocks */ struct _ssm_pool_hdr * hdr; /* shared memory header */ @@ -506,14 +508,12 @@ void ssm_pool_destroy(struct ssm_pool * pool) if (getpid() != pool->hdr->pid && kill(pool->hdr->pid, 0) == 0) { ssm_pool_close(pool); - free(pool); return; } fn = pool_filename(pool->uid); if (fn == NULL) { ssm_pool_close(pool); - free(pool); return; } @@ -550,7 +550,7 @@ static struct ssm_pool * __pool_create(const char * name, if (flags & O_CREAT) { if (ftruncate(fd, (off_t) file_size) < 0) goto fail_truncate; - if (uid != geteuid() && fchown(fd, uid, gid) < 0) + if (NEEDS_CHOWN(uid, gid) && fchown(fd, uid, gid) < 0) goto fail_truncate; } @@ -746,7 +746,7 @@ ssize_t ssm_pool_read(uint8_t ** dst, } struct ssm_pk_buff * ssm_pool_get(struct ssm_pool * pool, - size_t off) + size_t off) { struct ssm_pk_buff * blk; @@ -825,7 +825,7 @@ int ssm_pool_remove(struct ssm_pool * pool, return 0; } -size_t ssm_pk_buff_get_idx(struct ssm_pk_buff * spb) +size_t ssm_pk_buff_get_off(struct ssm_pk_buff * spb) { assert(spb != NULL); diff --git a/src/lib/ssm/rbuff.c b/src/lib/ssm/rbuff.c index e4558c31..77e23010 100644 --- a/src/lib/ssm/rbuff.c +++ b/src/lib/ssm/rbuff.c @@ -232,7 +232,7 @@ void ssm_rbuff_close(struct ssm_rbuff * rb) } int ssm_rbuff_write(struct ssm_rbuff * rb, - size_t idx) + size_t off) { size_t acl; bool was_empty; @@ -261,7 +261,7 @@ int ssm_rbuff_write(struct ssm_rbuff * rb, was_empty = IS_EMPTY(rb); - HEAD(rb) = (ssize_t) idx; + HEAD(rb) = (ssize_t) off; ADVANCE_HEAD(rb); if (was_empty) @@ -278,7 +278,7 @@ int ssm_rbuff_write(struct ssm_rbuff * rb, } int ssm_rbuff_write_b(struct ssm_rbuff * rb, - size_t idx, + size_t off, const struct timespec * abstime) { size_t acl; @@ -316,7 +316,7 @@ int ssm_rbuff_write_b(struct ssm_rbuff * rb, if (ret != -ETIMEDOUT && ret != -EFLOWDOWN) { was_empty = IS_EMPTY(rb); - HEAD(rb) = (ssize_t) idx; + HEAD(rb) = (ssize_t) off; ADVANCE_HEAD(rb); if (was_empty) pthread_cond_broadcast(rb->add); diff --git a/src/lib/ssm/tests/pool_sharding_test.c b/src/lib/ssm/tests/pool_sharding_test.c index 4ecd2b9c..f2810c53 100644 --- a/src/lib/ssm/tests/pool_sharding_test.c +++ b/src/lib/ssm/tests/pool_sharding_test.c @@ -242,6 +242,8 @@ static int test_fallback_stealing(void) ptrs = malloc(total_blocks * sizeof(uint8_t *)); if (spbs == NULL || ptrs == NULL) { printf("Failed to allocate test arrays.\n"); + free(spbs); + free(ptrs); goto fail_pool; } @@ -259,7 +261,7 @@ static int test_fallback_stealing(void) /* Free them all - they go to local_shard */ for (i = 0; i < total_blocks / 2; i++) { - size_t off = ssm_pk_buff_get_idx(spbs[i]); + size_t off = ssm_pk_buff_get_off(spbs[i]); if (ssm_pool_remove(pool, off) != 0) { printf("Remove %zu failed.\n", i); free(spbs); @@ -297,7 +299,7 @@ static int test_fallback_stealing(void) /* Now all allocated blocks are in use again */ /* Cleanup - free all allocated blocks */ for (i = 0; i < total_blocks / 2; i++) { - size_t off = ssm_pk_buff_get_idx(spbs[i]); + size_t off = ssm_pk_buff_get_off(spbs[i]); ssm_pool_remove(pool, off); } @@ -326,6 +328,9 @@ static int test_multiprocess_sharding(void) TEST_START(); + for (i = 0; i < SSM_POOL_SHARDS; i++) + children[i] = -1; + pool = ssm_pool_create(getuid(), getgid()); if (pool == NULL) { printf("Failed to create pool.\n"); diff --git a/src/lib/tests/CMakeLists.txt b/src/lib/tests/CMakeLists.txt index 5a2f2c52..337d85a6 100644 --- a/src/lib/tests/CMakeLists.txt +++ b/src/lib/tests/CMakeLists.txt @@ -10,7 +10,6 @@ create_test_sourcelist(${PARENT_DIR}_tests test_suite.c auth_test_slh_dsa.c bitmap_test.c btree_test.c - crc32_test.c crypt_test.c hash_test.c kex_test.c diff --git a/src/lib/tests/auth_test.c b/src/lib/tests/auth_test.c index 1a5a87af..0f3ef715 100644 --- a/src/lib/tests/auth_test.c +++ b/src/lib/tests/auth_test.c @@ -347,6 +347,59 @@ static int test_verify_crt(void) return TEST_RC_FAIL; } +static int test_verify_crt_missing_root_ca(void) +{ + struct auth_ctx * auth; + void * _signed_server_crt; + void * _im_ca_crt; + + TEST_START(); + + auth = auth_create_ctx(); + if (auth == NULL) { + printf("Failed to create auth context.\n"); + goto fail_create_ctx; + } + + if (crypt_load_crt_str(signed_server_crt_ec, &_signed_server_crt) < 0) { + printf("Failed to load signed crt from string.\n"); + goto fail_load_signed; + } + + if (crypt_load_crt_str(im_ca_crt_ec, &_im_ca_crt) < 0) { + printf("Failed to load intermediate crt from string.\n"); + goto fail_load_im_ca; + } + + /* Add only the intermediate CA - root CA is missing */ + if (auth_add_crt_to_store(auth, _im_ca_crt) < 0) { + printf("Failed to add intermediate ca crt to auth store.\n"); + goto fail_add; + } + + if (auth_verify_crt(auth, _signed_server_crt) == 0) { + printf("Verification should fail without root CA.\n"); + goto fail_add; + } + + crypt_free_crt(_im_ca_crt); + crypt_free_crt(_signed_server_crt); + auth_destroy_ctx(auth); + + TEST_SUCCESS(); + + return TEST_RC_SUCCESS; + fail_add: + crypt_free_crt(_im_ca_crt); + fail_load_im_ca: + crypt_free_crt(_signed_server_crt); + fail_load_signed: + auth_destroy_ctx(auth); + fail_create_ctx: + TEST_FAIL(); + return TEST_RC_FAIL; +} + int test_auth_sign(void) { uint8_t buf[TEST_MSG_SIZE]; @@ -526,6 +579,7 @@ int auth_test(int argc, ret |= test_crypt_check_pubkey_crt(); ret |= test_store_add(); ret |= test_verify_crt(); + ret |= test_verify_crt_missing_root_ca(); ret |= test_auth_sign(); ret |= test_auth_bad_signature(); ret |= test_crt_str(); @@ -538,6 +592,7 @@ int auth_test(int argc, (void) test_crypt_check_pubkey_crt; (void) test_store_add; (void) test_verify_crt; + (void) test_verify_crt_missing_root_ca; (void) test_auth_sign; (void) test_auth_bad_signature; (void) test_crt_str; diff --git a/src/lib/tests/hash_test.c b/src/lib/tests/hash_test.c index e43847e1..451d3c25 100644 --- a/src/lib/tests/hash_test.c +++ b/src/lib/tests/hash_test.c @@ -39,6 +39,74 @@ struct vec_entry { char * out; }; +static int test_crc8(void) +{ + int ret = 0; + + struct vec_entry vec [] = { + { "", "00" }, + { "123456789", "df" }, + { NULL, NULL } + }; + + struct vec_entry * cur = vec; + + TEST_START(); + + while (cur->in != NULL) { + uint8_t crc; + char res[3]; + + str_hash(HASH_CRC8, &crc, cur->in); + + sprintf(res, "%02x", crc); + if (strcmp(res, cur->out) != 0) { + printf("Hash failed %s != %s.\n", res, cur->out); + ret |= -1; + } + + ++cur; + } + + TEST_END(ret); + + return ret; +} + +static int test_crc16(void) +{ + int ret = 0; + + struct vec_entry vec [] = { + { "", "ffff" }, + { "123456789", "29b1" }, + { NULL, NULL } + }; + + struct vec_entry * cur = vec; + + TEST_START(); + + while (cur->in != NULL) { + uint8_t crc[2]; + char res[5]; + + str_hash(HASH_CRC16, crc, cur->in); + + sprintf(res, "%02x%02x", crc[0], crc[1]); + if (strcmp(res, cur->out) != 0) { + printf("Hash failed %s != %s.\n", res, cur->out); + ret |= -1; + } + + ++cur; + } + + TEST_END(ret); + + return ret; +} + static int test_crc32(void) { int ret = 0; @@ -74,6 +142,42 @@ static int test_crc32(void) return ret; } +static int test_crc64(void) +{ + int ret = 0; + + struct vec_entry vec [] = { + { "", "0000000000000000" }, + { "123456789", "ae8b14860a799888" }, + { "0123456789abcdef", + "091485ca7018730e" }, + { NULL, NULL } + }; + + struct vec_entry * cur = vec; + + TEST_START(); + + while (cur->in != NULL) { + uint8_t crc[8]; + char res[17]; + + str_hash(HASH_CRC64, crc, cur->in); + + sprintf(res, HASH_FMT64, HASH_VAL64(crc)); + if (strcmp(res, cur->out) != 0) { + printf("Hash failed %s != %s.\n", res, cur->out); + ret |= -1; + } + + ++cur; + } + + TEST_END(ret); + + return ret; +} + static int test_md5(void) { int ret = 0; @@ -192,8 +296,14 @@ int hash_test(int argc, (void) argc; (void) argv; + ret |= test_crc8(); + + ret |= test_crc16(); + ret |= test_crc32(); + ret |= test_crc64(); + ret |= test_md5(); ret |= test_sha3(); diff --git a/src/lib/tests/kex_test.c b/src/lib/tests/kex_test.c index ced760fe..6a4f802e 100644 --- a/src/lib/tests/kex_test.c +++ b/src/lib/tests/kex_test.c @@ -106,7 +106,7 @@ static int test_kex_dh_pkp_create_destroy(void) { struct sec_config kex; void * pkp; - uint8_t buf[MSGBUFSZ]; + uint8_t buf[CRYPT_KEY_BUFSZ]; TEST_START(); @@ -134,7 +134,7 @@ static int test_kex_get_algo_from_pk(const char * algo) void * pkp; buffer_t pk; ssize_t len; - uint8_t buf[MSGBUFSZ]; + uint8_t buf[CRYPT_KEY_BUFSZ]; char extracted_algo[256]; TEST_START("(%s)", algo); @@ -204,8 +204,8 @@ static int test_kex_dhe_derive(const char * algo) buffer_t pk1; buffer_t pk2; ssize_t len; - uint8_t buf1[MSGBUFSZ]; - uint8_t buf2[MSGBUFSZ]; + uint8_t buf1[CRYPT_KEY_BUFSZ]; + uint8_t buf2[CRYPT_KEY_BUFSZ]; uint8_t s1[SYMMKEYSZ]; uint8_t s2[SYMMKEYSZ]; @@ -317,7 +317,7 @@ static int test_kex_dhe_corrupted_pubkey(const char * algo) void * pkp; buffer_t pk; ssize_t len; - uint8_t buf[MSGBUFSZ]; + uint8_t buf[CRYPT_KEY_BUFSZ]; uint8_t s[SYMMKEYSZ]; TEST_START("(%s)", algo); @@ -363,8 +363,8 @@ static int test_kex_dhe_wrong_algo(void) void * pkp2; buffer_t pk2; ssize_t len; - uint8_t buf1[MSGBUFSZ]; - uint8_t buf2[MSGBUFSZ]; + uint8_t buf1[CRYPT_KEY_BUFSZ]; + uint8_t buf2[CRYPT_KEY_BUFSZ]; uint8_t s[SYMMKEYSZ]; const char * algo1 = "X25519"; const char * algo2 = "X448"; diff --git a/src/lib/tests/kex_test_ml_kem.c b/src/lib/tests/kex_test_ml_kem.c index 3bb9ae7c..7761c3dc 100644 --- a/src/lib/tests/kex_test_ml_kem.c +++ b/src/lib/tests/kex_test_ml_kem.c @@ -197,8 +197,8 @@ static int test_kex_kem(const char * algo) buffer_t ct; ssize_t len; ssize_t ct_len; - uint8_t buf1[MSGBUFSZ]; - uint8_t buf2[MSGBUFSZ]; + uint8_t buf1[CRYPT_KEY_BUFSZ]; + uint8_t buf2[CRYPT_KEY_BUFSZ]; uint8_t s1[SYMMKEYSZ]; uint8_t s2[SYMMKEYSZ]; int kdf; @@ -262,8 +262,8 @@ static int test_kex_kem_corrupted_ciphertext(const char * algo) buffer_t ct; ssize_t len; ssize_t ct_len; - uint8_t buf1[MSGBUFSZ]; - uint8_t buf2[MSGBUFSZ]; + uint8_t buf1[CRYPT_KEY_BUFSZ]; + uint8_t buf2[CRYPT_KEY_BUFSZ]; uint8_t s1[SYMMKEYSZ]; uint8_t s2[SYMMKEYSZ]; int kdf; @@ -334,9 +334,9 @@ static int test_kex_kem_wrong_keypair(const char * algo) buffer_t ct; ssize_t len; ssize_t ct_len; - uint8_t buf1[MSGBUFSZ]; - uint8_t buf2[MSGBUFSZ]; - uint8_t buf3[MSGBUFSZ]; + uint8_t buf1[CRYPT_KEY_BUFSZ]; + uint8_t buf2[CRYPT_KEY_BUFSZ]; + uint8_t buf3[CRYPT_KEY_BUFSZ]; uint8_t s1[SYMMKEYSZ]; uint8_t s2[SYMMKEYSZ]; @@ -402,8 +402,8 @@ static int test_kex_kem_truncated_ciphertext(const char * algo) buffer_t ct; ssize_t len; ssize_t ct_len; - uint8_t buf1[MSGBUFSZ]; - uint8_t buf2[MSGBUFSZ]; + uint8_t buf1[CRYPT_KEY_BUFSZ]; + uint8_t buf2[CRYPT_KEY_BUFSZ]; uint8_t s1[SYMMKEYSZ]; uint8_t s2[SYMMKEYSZ]; diff --git a/src/lib/timerwheel.c b/src/lib/timerwheel.c index 2c796c96..3cfb77e8 100644 --- a/src/lib/timerwheel.c +++ b/src/lib/timerwheel.c @@ -239,7 +239,7 @@ static void timerwheel_move(void) r->pkt = pci; ssm_pk_buff_wait_ack(spb); #endif - idx = ssm_pk_buff_get_idx(spb); + idx = ssm_pk_buff_get_off(spb); /* Retransmit the copy. */ pci->ackno = hton32(rcv_lwe); diff --git a/src/tools/oping/oping.c b/src/tools/oping/oping.c index 86796552..763c0d62 100644 --- a/src/tools/oping/oping.c +++ b/src/tools/oping/oping.c @@ -72,17 +72,19 @@ "and reports the Round Trip Time (RTT)\n" \ "\n" \ " -l, --listen Run in server mode\n" \ +" --poll Server uses polling (lower latency)\n" \ +" --busy Server uses busy-poll (single flow)\n" \ "\n" \ " -c, --count Number of packets\n" \ " -d, --duration Duration of the test (default 1s)\n" \ " -f, --flood Send back-to-back without waiting\n" \ +" -F, --flood-busy Flood with busy-polling (lower latency)\n" \ " -i, --interval Interval (default 1000ms)\n" \ " -n, --server-name Name of the oping server\n" \ -" -q, --qos QoS (raw, best, video, voice, data)\n" \ +" -q, --qos QoS (raw, best, video, voice, data)\n" \ " -s, --size Payload size (B, default 64)\n" \ " -Q, --quiet Only print final statistics\n" \ " -D, --timeofday Print time of day before each line\n" \ -" --poll Server uses polling (lower latency)\n" \ "\n" \ " --help Display this help text and exit\n" \ @@ -93,6 +95,7 @@ struct { int size; bool timestamp; bool flood; + bool flood_busy; qosspec_t qs; /* stats */ @@ -118,6 +121,7 @@ struct { bool quiet; bool poll; + bool busy; pthread_t cleaner_pt; pthread_t accept_pt; @@ -177,10 +181,12 @@ int main(int argc, client.count = INT_MAX; client.timestamp = false; client.flood = false; + client.flood_busy = false; client.qs = qos_raw; client.quiet = false; server.quiet = false; server.poll = false; + server.busy = false; while (argc > 0) { if ((strcmp(*argv, "-i") == 0 || @@ -221,6 +227,9 @@ int main(int argc, } else if (strcmp(*argv, "-f") == 0 || strcmp(*argv, "--flood") == 0) { client.flood = true; + } else if (strcmp(*argv, "-F") == 0 || + strcmp(*argv, "--flood-busy") == 0) { + client.flood_busy = true; } else if (strcmp(*argv, "-D") == 0 || strcmp(*argv, "--timeofday") == 0) { client.timestamp = true; @@ -230,6 +239,8 @@ int main(int argc, server.quiet = true; } else if (strcmp(*argv, "--poll") == 0) { server.poll = true; + } else if (strcmp(*argv, "--busy") == 0) { + server.busy = true; } else { goto fail; } diff --git a/src/tools/oping/oping_client.c b/src/tools/oping/oping_client.c index 18dd3078..23807f65 100644 --- a/src/tools/oping/oping_client.c +++ b/src/tools/oping/oping_client.c @@ -67,6 +67,26 @@ static void update_rtt_stats(double ms) client.rtt_m2 += d * (ms - client.rtt_avg); } +static double rtt_val(double ms) +{ + return ms < 0.1 ? ms * 1000 : ms; +} + +static const char * rtt_unit(double ms) +{ + return ms < 0.1 ? "µs" : "ms"; +} + +static void print_rtt(int len, int seq, + double ms, const char * suf) +{ + printf("%d bytes from %s: seq=%d " + "time=%.3f %s%s\n", + len, client.s_apn, seq, + rtt_val(ms), rtt_unit(ms), + suf != NULL ? suf : ""); +} + void * reader(void * o) { struct timespec timeout = {client.interval / 1000 + 2, 0}; @@ -127,12 +147,9 @@ void * reader(void * o) (size_t) rtc.tv_nsec / 1000); } - printf("%d bytes from %s: seq=%d time=%.3f ms%s\n", - msg_len, - client.s_apn, - ntohl(msg->id), - ms, - id < exp_id ? " [out-of-order]" : ""); + print_rtt(msg_len, ntohl(msg->id), ms, + id < exp_id ? + " [out-of-order]" : NULL); } update_rtt_stats(ms); @@ -223,16 +240,87 @@ static void print_stats(struct timespec * tic, printf("time: %.3f ms\n", ts_diff_us(toc, tic) / 1000.0); if (client.rcvd > 0) { + double a = client.rtt_avg; + double f = a < 0.1 ? 1000 : 1; printf("rtt min/avg/max/mdev = %.3f/%.3f/%.3f/", - client.rtt_min, - client.rtt_avg, - client.rtt_max); + client.rtt_min * f, client.rtt_avg * f, + client.rtt_max * f); if (client.rcvd > 1) - printf("%.3f ms\n", - sqrt(client.rtt_m2 / (client.rcvd - 1))); + printf("%.3f %s\n", + sqrt(client.rtt_m2 / + (client.rcvd - 1)) * f, + rtt_unit(a)); else - printf("NaN ms\n"); + printf("NaN %s\n", rtt_unit(a)); + } +} + +static int flood_busy_ping(int fd) +{ + char buf[OPING_BUF_SIZE]; + struct oping_msg * msg = (struct oping_msg *) buf; + struct timespec sent; + struct timespec rcvd; + double ms; + int n; + + memset(buf, 0, client.size); + + fccntl(fd, FLOWSFLAGS, + FLOWFRDWR | FLOWFRNOPART | FLOWFRNOBLOCK); + + if (!client.quiet) + printf("Pinging %s with %d bytes" + " of data (%u packets," + " busy-poll):\n\n", + client.s_apn, client.size, + client.count); + + while (!stop && client.sent < client.count) { + clock_gettime(CLOCK_MONOTONIC, &sent); + + msg->type = htonl(ECHO_REQUEST); + msg->id = htonl(client.sent); + msg->tv_sec = sent.tv_sec; + msg->tv_nsec = sent.tv_nsec; + + if (flow_write(fd, buf, + client.size) < 0) { + printf("Failed to send " + "packet.\n"); + break; + } + + ++client.sent; + + do { + n = flow_read(fd, buf, + OPING_BUF_SIZE); + } while (n == -EAGAIN && !stop); + + if (n < 0) + break; + + clock_gettime(CLOCK_MONOTONIC, &rcvd); + + if (ntohl(msg->type) != ECHO_REPLY) + continue; + + ++client.rcvd; + + sent.tv_sec = msg->tv_sec; + sent.tv_nsec = msg->tv_nsec; + ms = ts_diff_us(&rcvd, &sent) / 1000.0; + + update_rtt_stats(ms); + + if (!client.quiet) + print_rtt(client.size, + ntohl(msg->id), ms, + NULL); } + + return 0; } static int flood_ping(int fd) @@ -283,9 +371,9 @@ static int flood_ping(int fd) update_rtt_stats(ms); if (!client.quiet) - printf("%d bytes from %s: seq=%d time=%.3f ms\n", - client.size, client.s_apn, - ntohl(msg->id), ms); + print_rtt(client.size, + ntohl(msg->id), ms, + NULL); } return 0; @@ -337,7 +425,9 @@ static int client_main(void) clock_gettime(CLOCK_REALTIME, &tic); - if (client.flood) + if (client.flood_busy) + flood_busy_ping(fd); + else if (client.flood) flood_ping(fd); else threaded_ping(fd); diff --git a/src/tools/oping/oping_server.c b/src/tools/oping/oping_server.c index 1670ebf3..33af28c4 100644 --- a/src/tools/oping/oping_server.c +++ b/src/tools/oping/oping_server.c @@ -138,7 +138,10 @@ void * accept_thread(void * o) (void) o; - printf("Ouroboros ping server started.\n"); + printf("Ouroboros ping server started."); + if (server.busy) + printf(" [busy-poll]"); + printf("\n"); while (true) { fd = flow_accept(&qs, NULL); @@ -158,12 +161,56 @@ void * accept_thread(void * o) pthread_mutex_unlock(&server.lock); fccntl(fd, FLOWSFLAGS, - FLOWFRNOBLOCK | FLOWFRDWR | FLOWFRNOPART); + FLOWFRNOBLOCK | FLOWFRDWR + | FLOWFRNOPART); } return (void *) 0; } +void * busy_thread(void * o) +{ + char buf[OPING_BUF_SIZE]; + struct oping_msg * msg = (struct oping_msg *) buf; + int fd; + int msg_len; + + (void) o; + + /* Accept a single flow. */ + fd = flow_accept(NULL, NULL); + if (fd < 0) { + printf("Failed to accept flow.\n"); + return (void *) -1; + } + + printf("New flow %d (busy-poll).\n", fd); + + fccntl(fd, FLOWSFLAGS, + FLOWFRNOBLOCK | FLOWFRDWR + | FLOWFRNOPART); + + while (true) { + msg_len = flow_read(fd, buf, + OPING_BUF_SIZE); + if (msg_len == -EAGAIN) + continue; + if (msg_len < 0) + break; + + if (ntohl(msg->type) != ECHO_REQUEST) + continue; + + msg->type = htonl(ECHO_REPLY); + + flow_write(fd, buf, msg_len); + } + + flow_dealloc(fd); + + return (void *) 0; +} + int server_main(void) { struct sigaction sig_act; @@ -191,12 +238,21 @@ int server_main(void) } pthread_create(&server.cleaner_pt, NULL, cleaner_thread, NULL); - pthread_create(&server.accept_pt, NULL, accept_thread, NULL); - pthread_create(&server.server_pt, NULL, server_thread, NULL); - pthread_join(server.accept_pt, NULL); + if (server.busy) { + pthread_create(&server.server_pt, NULL, + busy_thread, NULL); + pthread_join(server.server_pt, NULL); + pthread_cancel(server.cleaner_pt); + } else { + pthread_create(&server.accept_pt, NULL, + accept_thread, NULL); + pthread_create(&server.server_pt, NULL, + server_thread, NULL); + pthread_join(server.accept_pt, NULL); + pthread_cancel(server.server_pt); + } - pthread_cancel(server.server_pt); pthread_cancel(server.cleaner_pt); fset_destroy(server.flows); |