diff options
| author |   Luca Muscariello <lumuscar@cisco.com> | 2022-03-30 22:29:28 +0200 |
|---|---|---|
| committer |   Mauro Sardara <msardara@cisco.com> | 2022-03-31 19:51:47 +0200 |
| commit | c46e5df56b67bb8ea7a068d39324c640084ead2b (patch) | |
| tree | eddeb17785938e09bc42eec98ee09b8a28846de6 /hicn-light/src/hicn/socket | |
| parent | 18fa668f25d3cc5463417ce7df6637e31578e898 (diff) | |
feat: boostrap hicn 22.02
The current patch provides several new features, improvements,
bug fixes and also complete rewrite of entire components.
- lib
The hicn packet parser has been improved with a new packet
format fully based on UDP. The TCP header is still temporarily
supported but the UDP header will replace completely the new hicn
packet format. Improvements have been made to make sure every
packet parsing operation is made via this library. The current
new header can be used as header between the payload and the
UDP header or as trailer in the UDP surplus area to be tested
when UDP options will start to be used.
- hicn-light
The portable packet forwarder has been completely rewritten from
scratch with the twofold objective to improve performance and
code size but also to drop dependencies such as libparc which is
now removed by the current implementation.
- hicn control
the control library is the agent that is used to program the
packet forwarders via their binary API. This component has
benefited from significant improvements in terms of interaction
model which is now event driven and more robust to failures.
- VPP plugin has been updated to support VPP 22.02
- transport
Major improvement have been made to the RTC protocol, to the
support of IO modules and to the security sub system. Signed
manifests are the default data authenticity and integrity framework.
Confidentiality can be enabled by sharing the encryption key to the
prod/cons layer. The library has been tested with group key based
applications such as broadcast/multicast and real-time on-line
meetings with trusted server keys or MLS.
- testing
Unit testing has been introduced using GoogleTest. One third of
the code base is covered by unit testing with priority on
critical features. Functional testing has also been introduce
using Docker, linux bridging and Robot Framework to define
test with Less Code techniques to facilitate the extension
of the coverage.
Co-authored-by: Mauro Sardara <msardara@cisco.com>
Co-authored-by: Jordan Augé <jordan.auge+fdio@cisco.com>
Co-authored-by: Michele Papalini <micpapal@cisco.com>
Co-authored-by: Angelo Mantellini <manangel@cisco.com>
Co-authored-by: Jacques Samain <jsamain@cisco.com>
Co-authored-by: Olivier Roques <oroques+fdio@cisco.com>
Co-authored-by: Enrico Loparco <eloparco@cisco.com>
Co-authored-by: Giulio Grassi <gigrassi@cisco.com>
Change-Id: I75d0ef70f86d921e3ef503c99271216ff583c215
Signed-off-by: Luca Muscariello <muscariello@ieee.org>
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Diffstat (limited to 'hicn-light/src/hicn/socket')
| -rw-r--r-- | hicn-light/src/hicn/socket/CMakeLists.txt | 8 | ||||
| -rw-r--r-- | hicn-light/src/hicn/socket/api.c | 54 | ||||
| -rw-r--r-- | hicn-light/src/hicn/socket/api.h | 3 | ||||
| -rw-r--r-- | hicn-light/src/hicn/socket/ops_linux.c | 81 |
4 files changed, 73 insertions, 73 deletions
diff --git a/hicn-light/src/hicn/socket/CMakeLists.txt b/hicn-light/src/hicn/socket/CMakeLists.txt index 8c8a757fb..41dbd2342 100644 --- a/hicn-light/src/hicn/socket/CMakeLists.txt +++ b/hicn-light/src/hicn/socket/CMakeLists.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2017-2019 Cisco and/or its affiliates. +# Copyright (c) 2021-2022 Cisco and/or its affiliates. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: @@ -25,11 +25,5 @@ if (UNIX AND NOT APPLE) ) endif() -set(TO_INSTALL_HEADER_FILES - ${TO_INSTALL_HEADER_FILES} - ${HEADER_FILES} - PARENT_SCOPE -) - set(SOURCE_FILES ${SOURCE_FILES} PARENT_SCOPE) set(HEADER_FILES ${HEADER_FILES} PARENT_SCOPE) diff --git a/hicn-light/src/hicn/socket/api.c b/hicn-light/src/hicn/socket/api.c index 34c0aae54..e39ebf4b5 100644 --- a/hicn-light/src/hicn/socket/api.c +++ b/hicn-light/src/hicn/socket/api.c @@ -10,8 +10,12 @@ #include <unistd.h> // close #include "api.h" -#include "error.h" #include "ops.h" +#include <hicn/util/sstrncpy.h> + +#if __linux__ +#include "error.h" +#endif #define INET_MAX_ADDRSTRLEN INET6_ADDRSTRLEN @@ -72,8 +76,7 @@ hicn_socket_helper_t *hicn_create() { } hicn->conf = malloc(sizeof(hicn_conf_t)); - if (hicn->conf < 0) - goto ERR_CONF; + if (hicn->conf < 0) goto ERR_CONF; memcpy(hicn->conf, &hicn_default_conf, sizeof(hicn_conf_t)); /* Initialize socket tree to empty */ @@ -133,20 +136,16 @@ void hicn_destroy() { /* Restore default rules */ printf("Restoring default configuration.\n"); rc = ops.del_lo_prio_rule(NULL, AF_INET6, LOCAL_PRIORITY); - if (rc < 0) - ret = -1; + if (rc < 0) ret = -1; rc = ops.del_lo_prio_rule(NULL, AF_INET, LOCAL_PRIORITY); - if (rc < 0) - ret = -1; + if (rc < 0) ret = -1; rc = ops.add_lo_prio_rule(NULL, AF_INET6, 0); - if (rc < 0) - ret = -1; + if (rc < 0) ret = -1; rc = ops.add_lo_prio_rule(NULL, AF_INET, 0); - if (rc < 0) - ret = -1; + if (rc < 0) ret = -1; for (i = 0; i < rules_counter; i++) { if (strcmp(rules_to_remove[i].tun_name, "NONE") != 0) { @@ -158,20 +157,17 @@ void hicn_destroy() { &rules_to_remove[i].prefix, rules_to_remove[i].address_family, rules_to_remove[i].priority, rules_to_remove[i].table_id); } - if (rc < 0) - ret = -1; + if (rc < 0) ret = -1; } for (i = 0; i < routes_counter; i++) { rc = ops.del_out_route(routes_to_remove[i].remote_ip_address, routes_to_remove[i].address_family, routes_to_remove[i].table_id); - if (rc < 0) - ret = -1; + if (rc < 0) ret = -1; } - if (ret < 0) - printf("Unexpected exit. Some state may not be deleted.\n"); + if (ret < 0) printf("Unexpected exit. Some state may not be deleted.\n"); } void hicn_free(hicn_socket_helper_t *hicn) { @@ -259,10 +255,10 @@ int hicn_get_local_address(const ip_prefix_t *remote_address, ip_prefix_t *local_address) { int rc = 0; uint32_t interface_id; - char remote_address_str[INET_MAX_ADDRSTRLEN + 4 ]; + char remote_address_str[INET_MAX_ADDRSTRLEN + 4]; rc = ip_prefix_ntop_short(remote_address, remote_address_str, - sizeof(remote_address_str)); + sizeof(remote_address_str)); if (rc < 0) { rc = HICN_SOCKET_ERROR_BIND_REMOTE_REPR; goto ERR; @@ -331,7 +327,8 @@ int hicn_set_remote_endpoint(hicn_socket_t *socket, ///// /* Convert to representation format */ - rc = ip_prefix_ntop_short(&addr, local_ip_address, sizeof(local_ip_address)); + rc = + ip_prefix_ntop_short(&addr, local_ip_address, sizeof(local_ip_address)); if (rc < 0) { rc = HICN_SOCKET_ERROR_BIND_REMOTE_REPR; goto ERR; @@ -466,7 +463,9 @@ int hicn_listen(hicn_socket_helper_t *hicn, int fd, const char *prefix) { return rc; } - strcpy(rules_to_remove[rules_counter].tun_name, "NONE"); + rc = strcpy_s(rules_to_remove[rules_counter].tun_name, + sizeof(rules_to_remove[rules_counter].tun_name), "NONE"); + if (rc != EOK) return -1; rules_to_remove[rules_counter].prefix = ip_prefix; rules_to_remove[rules_counter].address_family = ip_prefix.family; @@ -533,7 +532,10 @@ int hicn_bind(hicn_socket_helper_t *hicn, int fd, goto ERR; } - strcpy(rules_to_remove[rules_counter].tun_name, socket->tun_name); + rc = strcpy_s(rules_to_remove[rules_counter].tun_name, + sizeof(rules_to_remove[rules_counter].tun_name), + socket->tun_name); + if (rc != EOK) return -1; rules_to_remove[rules_counter].address_family = addr_family; rules_to_remove[rules_counter].table_id = socket->connection.table_id; ++rules_counter; @@ -563,7 +565,13 @@ int hicn_bind(hicn_socket_helper_t *hicn, int fd, goto ERR; } - strcpy(routes_to_remove[routes_counter].remote_ip_address, remote_ip_address); + rc = strcpy_s(routes_to_remove[routes_counter].remote_ip_address, + sizeof(rules_to_remove[rules_counter].tun_name), + remote_ip_address); + if (rc != EOK) { + rc = HICN_SOCKET_ERROR_UNSPEC; + goto ERR; + } routes_to_remove[routes_counter].table_id = socket->connection.table_id; routes_to_remove[routes_counter].address_family = (uint8_t)addr_family; ++routes_counter; diff --git a/hicn-light/src/hicn/socket/api.h b/hicn-light/src/hicn/socket/api.h index 1a7f5c700..a0356e035 100644 --- a/hicn-light/src/hicn/socket/api.h +++ b/hicn-light/src/hicn/socket/api.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2019 Cisco and/or its affiliates. + * Copyright (c) 2021 Cisco and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,7 +29,6 @@ #include <stdlib.h> #include <hicn/hicn.h> -#include "error.h" #define BUFSIZE 4096 #define MAX_CONNECTIONS \ diff --git a/hicn-light/src/hicn/socket/ops_linux.c b/hicn-light/src/hicn/socket/ops_linux.c index 8bfc438f3..d741fd2e6 100644 --- a/hicn-light/src/hicn/socket/ops_linux.c +++ b/hicn-light/src/hicn/socket/ops_linux.c @@ -24,6 +24,8 @@ #include <stdint.h> #include <stdlib.h> +#include <hicn/ctrl/api.h> +#include <hicn/util/sstrncpy.h> /* Public interface */ @@ -338,7 +340,8 @@ uint32_t _nl_get_ifid(const char *interface_name) { struct nlmsghdr *hdr = (struct nlmsghdr *)buffer; size_t n; int fd; - size_t len = interface_name ? strlen(interface_name) + 1 : 0; + size_t len = + interface_name ? strnlen_s(interface_name, INTERFACE_LEN) + 1 : 0; uint8_t padding[RTA_ALIGNTO] = {0, 0, 0, 0}; if (len == 0) { @@ -353,8 +356,8 @@ uint32_t _nl_get_ifid(const char *interface_name) { .hdr.nlmsg_flags = FLAGS_GET, .payload.ifi_family = AF_UNSPEC, .payload.ifi_index = 0}; - struct rtattr a_ifname = {RTA_LENGTH(strlen(interface_name) + 1), - IFLA_IFNAME}; + struct rtattr a_ifname = { + RTA_LENGTH(strnlen_s(interface_name, INTERFACE_LEN) + 1), IFLA_IFNAME}; struct iovec iov[] = {{&msg, sizeof(msg)}, {&a_ifname, sizeof(a_ifname)}, @@ -621,13 +624,12 @@ int _nl_set_ip_addr(uint32_t interface_id, ip_prefix_t *prefix) { /* Set attributes = length/type/value */ struct rtattr ifa_address = {RTA_LENGTH(ip_address_len(prefix->family)), IFA_ADDRESS}; - const void * address = ip_address_get_buffer(&prefix->address, prefix->family); - if (!address) - goto ERR_ADDRESS; + const void *address = ip_address_get_buffer(&prefix->address, prefix->family); + if (!address) goto ERR_ADDRESS; const struct iovec iov[] = { {&msg, sizeof(msg)}, {&ifa_address, sizeof(ifa_address)}, - {(void*)address, ip_address_len(prefix->family)}, + {(void *)address, ip_address_len(prefix->family)}, }; msg.hdr.nlmsg_len = iov_length(iov, ARRAY_SIZE(iov)); @@ -993,17 +995,15 @@ int _nl_del_lo_route(const ip_prefix_t *prefix) { uint32_t one = 1; struct rtattr a_dst = {RTA_LENGTH(ip_address_len(prefix->family)), RTA_DST}; struct rtattr a_ifid_lo = {RTA_LENGTH(sizeof(uint32_t)), RTA_OIF}; - const void * address = ip_address_get_buffer(&prefix->address, prefix->family); - if (!address) - goto ERR; - const struct iovec iov[] = { - {&msg, sizeof(msg)}, - /* Ip address */ - {&a_dst, sizeof(a_dst)}, - {(void*)address, ip_address_len(prefix->family)}, - /* Interface id */ - {&a_ifid_lo, sizeof(a_ifid_lo)}, - {&one, sizeof(one)}}; + const void *address = ip_address_get_buffer(&prefix->address, prefix->family); + if (!address) goto ERR; + const struct iovec iov[] = {{&msg, sizeof(msg)}, + /* Ip address */ + {&a_dst, sizeof(a_dst)}, + {(void *)address, ip_address_len(prefix->family)}, + /* Interface id */ + {&a_ifid_lo, sizeof(a_ifid_lo)}, + {&one, sizeof(one)}}; msg.hdr.nlmsg_len = iov_length(iov, ARRAY_SIZE(iov)); fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE); @@ -1048,7 +1048,7 @@ int _nl_add_rule(const char *interface_name, uint8_t address_family, _nl_payload_rule(table_id, address_family, (uint8_t *)buffer, BUFSIZE); addAttr(hdr, BUFSIZE, FRA_IIFNAME, (void *)interface_name, - strlen(interface_name)); + strnlen_s(interface_name, INTERFACE_LEN)); fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE); if (fd < 0) { @@ -1094,7 +1094,7 @@ int _nl_del_rule(const char *interface_name, uint8_t address_family, _nl_payload_rule(table_id, address_family, (uint8_t *)buffer, BUFSIZE); addAttr(hdr, BUFSIZE, FRA_IIFNAME, (void *)interface_name, - strlen(interface_name)); + strnlen_s(interface_name, INTERFACE_LEN)); fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_ROUTE); if (fd < 0) { @@ -1158,16 +1158,15 @@ int _nl_add_neigh_proxy(const ip_prefix_t *prefix, /* Message attributes = length/type/value */ struct rtattr a_dst = {RTA_LENGTH(ip_address_len(prefix->family)), NDA_DST}; - const void * address = ip_address_get_buffer(&prefix->address, prefix->family); - if (!address) - goto ERR; + const void *address = ip_address_get_buffer(&prefix->address, prefix->family); + if (!address) goto ERR; /* Iovec describing the packets */ const struct iovec iov[] = { {&msg, sizeof(msg)}, /* Ip address */ {&a_dst, sizeof(a_dst)}, - {(void*)address, ip_address_len(prefix->family)}, + {(void *)address, ip_address_len(prefix->family)}, }; msg.hdr.nlmsg_len = iov_length(iov, ARRAY_SIZE(iov)); @@ -1240,16 +1239,15 @@ int _nl_add_in_route_table(const ip_prefix_t *prefix, struct rtattr a_dst = {RTA_LENGTH(ip_address_len(prefix->family)), RTA_DST}; struct rtattr a_oif = {RTA_LENGTH(sizeof(uint32_t)), RTA_OIF}; - const void * address = ip_address_get_buffer(&prefix->address, prefix->family); - if (!address) - goto ERR; + const void *address = ip_address_get_buffer(&prefix->address, prefix->family); + if (!address) goto ERR; /* Iovec describing the packets */ const struct iovec iov[] = { {&msg, sizeof(msg)}, /* Destination prefix / ip address */ {&a_dst, sizeof(a_dst)}, - {(void*)address, ip_address_len(prefix->family)}, + {(void *)address, ip_address_len(prefix->family)}, /* Output interface */ {&a_oif, sizeof(a_oif)}, {(void *)&interface_id, sizeof(uint32_t)}, @@ -1346,15 +1344,15 @@ int _nl_add_prio_rule(const ip_prefix_t *prefix, uint8_t address_family, struct rtattr a_src = {RTA_LENGTH(ip_address_len(prefix->family)), FRA_SRC}; struct rtattr a_prio = {RTA_LENGTH(sizeof(uint32_t)), FRA_PRIORITY}; - const void * address = ip_address_get_buffer(&prefix->address, prefix->family); - if (!address) - goto ERR; + const void *address = + ip_address_get_buffer(&prefix->address, prefix->family); + if (!address) goto ERR; /* Iovec describing the packets */ const struct iovec iov[] = { {&msg, sizeof(msg)}, /* Source prefix / prefix */ {&a_src, sizeof(a_src)}, - {(void*)address, ip_address_len(prefix->family)}, + {(void *)address, ip_address_len(prefix->family)}, /* Priority */ {&a_prio, sizeof(a_prio)}, {(void *)&priority, sizeof(uint32_t)}, @@ -1407,8 +1405,7 @@ ERR: int _nl_add_lo_prio_rule(const ip_prefix_t *prefix, uint8_t address_family, const uint32_t priority) { - return _nl_add_prio_rule(prefix, address_family, priority, - RT_TABLE_LOCAL); + return _nl_add_prio_rule(prefix, address_family, priority, RT_TABLE_LOCAL); } /* ip -6 rule del from all prio 0 table local */ @@ -1450,16 +1447,16 @@ int _nl_del_prio_rule(const ip_prefix_t *prefix, uint8_t address_family, struct rtattr a_src = {RTA_LENGTH(ip_address_len(prefix->family)), FRA_SRC}; struct rtattr a_prio = {RTA_LENGTH(sizeof(uint32_t)), FRA_PRIORITY}; - const void * address = ip_address_get_buffer(&prefix->address, prefix->family); - if (!address) - goto ERR; + const void *address = + ip_address_get_buffer(&prefix->address, prefix->family); + if (!address) goto ERR; /* Iovec describing the packets */ const struct iovec iov[] = { {&msg, sizeof(msg)}, /* Source prefix / prefix */ {&a_src, sizeof(a_src)}, - {(void*)address, ip_address_len(prefix->family)}, + {(void *)address, ip_address_len(prefix->family)}, /* Priority */ {&a_prio, sizeof(a_prio)}, {(void *)&priority, sizeof(uint32_t)}, @@ -1539,7 +1536,7 @@ int _nl_del_lo_prio_rule(const ip_prefix_t *ip_address, uint8_t address_family, int tun_alloc(char *dev, int flags) { struct ifreq ifr; - int fd, err; + int fd, err, rc; char *clonedev = "/dev/net/tun"; /* Arguments taken by the function: @@ -1563,7 +1560,8 @@ int tun_alloc(char *dev, int flags) { /* if a device name was specified, put it in the structure; otherwise, * the kernel will try to allocate the "next" device of the * specified type */ - strncpy(ifr.ifr_name, dev, IF_NAMESIZE - 1); + rc = strcpy_s(ifr.ifr_name, IF_NAMESIZE - 1, dev); + if (rc != EOK) return -1; } /* try to create the device */ @@ -1576,7 +1574,8 @@ int tun_alloc(char *dev, int flags) { * interface to the variable "dev", so the caller can know * it. Note that the caller MUST reserve space in *dev (see calling * code below) */ - strcpy(dev, ifr.ifr_name); + rc = strcpy_s(dev, IF_NAMESIZE, ifr.ifr_name); + if (rc != EOK) return -1; /* this is the special file descriptor that the caller will use to talk * with the virtual interface */ |