diff --git a/libknet/Makefile.am b/libknet/Makefile.am index 5b412a7c..2b87ff40 100644 --- a/libknet/Makefile.am +++ b/libknet/Makefile.am @@ -1,136 +1,137 @@ # # Copyright (C) 2010-2017 Red Hat, Inc. All rights reserved. # # Authors: Fabio M. Di Nitto # Federico Simoncelli # # This software licensed under GPL-2.0+, LGPL-2.0+ # MAINTAINERCLEANFILES = Makefile.in include $(top_srcdir)/build-aux/check.mk SYMFILE = libknet_exported_syms EXTRA_DIST = $(SYMFILE) SUBDIRS = . tests man libversion = 1:0:0 # override global LIBS that pulls in lots of craft we don't need here LIBS = sources = \ common.c \ compat.c \ compress.c \ compress_zlib.c \ compress_lz4.c \ compress_lzo2.c \ compress_lzma.c \ compress_bzip2.c \ crypto.c \ crypto_nss.c \ crypto_openssl.c \ handle.c \ host.c \ links.c \ logging.c \ netutils.c \ threads_common.c \ threads_dsthandler.c \ threads_heartbeat.c \ threads_pmtud.c \ threads_rx.c \ threads_tx.c \ transports.c \ transport_common.c \ transport_loopback.c \ transport_udp.c \ transport_sctp.c include_HEADERS = libknet.h pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libknet.pc noinst_HEADERS = \ common.h \ compat.h \ compress.h \ + compress_model.h \ compress_bzip2.h \ compress_bzip2_remap.h \ compress_lz4.h \ compress_lz4_remap.h \ compress_lzma.h \ compress_lzma_remap.h \ compress_lzo2.h \ compress_lzo2_remap.h \ compress_zlib.h \ compress_zlib_remap.h \ crypto.h \ crypto_nss.h \ crypto_nss_remap.h \ crypto_openssl.h \ crypto_openssl_remap.h \ host.h \ internals.h \ links.h \ logging.h \ netutils.h \ onwire.h \ remap.h \ threads_common.h \ threads_dsthandler.h \ threads_heartbeat.h \ threads_pmtud.h \ threads_rx.h \ threads_tx.h \ transports.h \ transport_common.h \ transport_loopback.h \ transport_udp.h \ transport_sctp.h lib_LTLIBRARIES = libknet.la libknet_la_SOURCES = $(sources) libknet_la_CFLAGS = $(PTHREAD_CFLAGS) \ $(nss_CFLAGS) $(openssl_CFLAGS) \ $(zlib_CFLAGS) $(liblz4_CFLAGS) $(lzo2_CFLAGS) $(liblzma_CFLAGS) $(bzip2_CFLAGS) EXTRA_libknet_la_DEPENDENCIES = $(SYMFILE) libknet_la_LDFLAGS = -Wl,--version-script=$(srcdir)/$(SYMFILE) \ --export-dynamic \ -version-number $(libversion) libknet_la_LIBADD = $(PTHREAD_LIBS) $(dl_LIBS) $(rt_LIBS) $(m_LIBS) noinst_PROGRAMS = crypto_canary compress_canary crypto_canary_SOURCES = crypto_canary.c crypto_canary_CFLAGS = $(nss_CFLAGS) $(openssl_CFLAGS) crypto_canary_LDADD = $(nss_LIBS) $(openssl_LIBS) compress_canary_SOURCES = compress_canary.c compress_canary_CFLAGS = $(zlib_CFLAGS) $(liblz4_CFLAGS) $(lzo2_CFLAGS) $(liblzma_CFLAGS) $(bzip2_CFLAGS) compress_canary_LDADD = $(zlib_LIBS) $(liblz4_LIBS) $(lzo2_LIBS) $(liblzma_LIBS) $(bzip2_LIBS) dist_man_MANS = man update-man-pages: doxyfile.stamp doxyfile.stamp: Doxyfile if MANPAGEUPDATES $(DOXYGEN) Doxyfile $(DOXY2MAN) -o $(abs_srcdir)/man -s 3 --short-pkg @PACKAGE_NAME@ --pkg "Kronosnet Programmer's Manual" $(builddir)/xml/libknet_8h.xml else @echo this system does not have doxy2man or doxygen installed. Unable to update man pages automatically. endif touch doxyfile.stamp clean-local: rm -rf doxyfile.stamp xml diff --git a/libknet/compress.c b/libknet/compress.c index e2b4f7ba..9434b26d 100644 --- a/libknet/compress.c +++ b/libknet/compress.c @@ -1,467 +1,468 @@ /* * Copyright (C) 2017 Red Hat, Inc. All rights reserved. * * Author: Fabio M. Di Nitto * * This software licensed under GPL-2.0+, LGPL-2.0+ */ #include "config.h" #include #include #include #include #include #include "internals.h" #include "compress.h" +#include "compress_model.h" #include "logging.h" #include "threads_common.h" #ifdef BUILDCOMPZLIB #include "compress_zlib.h" #endif #ifdef BUILDCOMPLZ4 #include "compress_lz4.h" #endif #ifdef BUILDCOMPLZO2 #include "compress_lzo2.h" #endif #ifdef BUILDCOMPLZMA #include "compress_lzma.h" #endif #ifdef BUILDCOMPBZIP2 #include "compress_bzip2.h" #endif /* * internal module switch data */ /* * DO NOT CHANGE MODEL_ID HERE OR ONWIRE COMPATIBILITY * WILL BREAK! * * always add before the last NULL/NULL/NULL. */ #define empty_module 0, NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL }, compress_model_t compress_modules_cmds[] = { { "none", 0, empty_module { "zlib", 1, #ifdef BUILDCOMPZLIB 1, zlib_load_lib, 0, NULL, NULL, NULL, zlib_val_level, zlib_compress, zlib_decompress }, #else empty_module #endif { "lz4", 2, #ifdef BUILDCOMPLZ4 1, lz4_load_lib, 0, NULL, NULL, NULL, lz4_val_level, lz4_compress, lz4_decompress }, #else empty_module #endif { "lz4hc", 3, #ifdef BUILDCOMPLZ4 1, lz4_load_lib, 0, NULL, NULL, NULL, lz4hc_val_level, lz4hc_compress, lz4_decompress }, #else empty_module #endif { "lzo2", 4, #ifdef BUILDCOMPLZO2 1, lzo2_load_lib, 0, lzo2_is_init, lzo2_init, lzo2_fini, lzo2_val_level, lzo2_compress, lzo2_decompress }, #else empty_module #endif { "lzma", 5, #ifdef BUILDCOMPLZMA 1, lzma_load_lib, 0, NULL, NULL, NULL, lzma_val_level, lzma_compress, lzma_decompress }, #else empty_module #endif { "bzip2", 6, #ifdef BUILDCOMPBZIP2 1, bzip2_load_lib, 0, NULL, NULL, NULL, bzip2_val_level, bzip2_compress, bzip2_decompress }, #else empty_module #endif { NULL, 255, empty_module }; static int max_model = 0; static struct timespec last_load_failure; static int compress_get_model(const char *model) { int idx = 0; while (compress_modules_cmds[idx].model_name != NULL) { if (!strcmp(compress_modules_cmds[idx].model_name, model)) { return compress_modules_cmds[idx].model_id; } idx++; } return -1; } static int compress_get_max_model(void) { int idx = 0; while (compress_modules_cmds[idx].model_name != NULL) { idx++; } return idx - 1; } static int compress_is_valid_model(int compress_model) { int idx = 0; while (compress_modules_cmds[idx].model_name != NULL) { if ((compress_model == compress_modules_cmds[idx].model_id) && (compress_modules_cmds[idx].built_in == 1)) { return 0; } idx++; } return -1; } static int val_level( knet_handle_t knet_h, int compress_model, int compress_level) { return compress_modules_cmds[compress_model].val_level(knet_h, compress_level); } /* * compress_check_lib_is_init needs to be invoked in a locked context! */ static int compress_check_lib_is_init(knet_handle_t knet_h, int cmp_model) { /* * lack of a .is_init function means that the module does not require * init per handle so we use a fake reference in the compress_int_data * to identify that we already increased the libref for this handle */ if (compress_modules_cmds[cmp_model].loaded == 1) { if (compress_modules_cmds[cmp_model].is_init == NULL) { if (knet_h->compress_int_data[cmp_model] != NULL) { return 1; } } else { if (compress_modules_cmds[cmp_model].is_init(knet_h, cmp_model) == 1) { return 1; } } } return 0; } /* * compress_load_lib should _always_ be invoked in write lock context */ static int compress_load_lib(knet_handle_t knet_h, int cmp_model, int rate_limit) { struct timespec clock_now; unsigned long long timediff; /* * checking again for paranoia and because * compress_check_lib_is_init is usually invoked in read context * and we need to switch from read to write locking in between. * another thread might have init the library in the meantime */ if (compress_check_lib_is_init(knet_h, cmp_model)) { return 0; } /* * due to the fact that decompress can load libraries * on demand, depending on the compress model selected * on other nodes, it is possible for an attacker * to send crafted packets to attempt to load libraries * at random in a DoS fashion. * If there is an error loading a library, then we want * to rate_limit a retry to reload the library every X * seconds to avoid a lock DoS that could greatly slow * down libknet. */ if (rate_limit) { if ((last_load_failure.tv_sec != 0) || (last_load_failure.tv_nsec != 0)) { clock_gettime(CLOCK_MONOTONIC, &clock_now); timespec_diff(last_load_failure, clock_now, &timediff); if (timediff < 10000000000) { errno = EAGAIN; return -1; } } } if (compress_modules_cmds[cmp_model].loaded == 0) { if (compress_modules_cmds[cmp_model].load_lib(knet_h) < 0) { clock_gettime(CLOCK_MONOTONIC, &last_load_failure); return -1; } compress_modules_cmds[cmp_model].loaded = 1; } if (compress_modules_cmds[cmp_model].init != NULL) { if (compress_modules_cmds[cmp_model].init(knet_h, cmp_model) < 0) { return -1; } } else { knet_h->compress_int_data[cmp_model] = (void *)&"1"; } return 0; } int compress_init( knet_handle_t knet_h) { max_model = compress_get_max_model(); if (max_model > KNET_MAX_COMPRESS_METHODS) { log_err(knet_h, KNET_SUB_COMPRESS, "Too many compress methods defined in compress.c."); errno = EINVAL; return -1; } memset(&last_load_failure, 0, sizeof(struct timespec)); return 0; } int compress_cfg( knet_handle_t knet_h, struct knet_handle_compress_cfg *knet_handle_compress_cfg) { int savederrno = 0, err = 0; int cmp_model; cmp_model = compress_get_model(knet_handle_compress_cfg->compress_model); if (cmp_model < 0) { log_err(knet_h, KNET_SUB_COMPRESS, "compress model %s not supported", knet_handle_compress_cfg->compress_model); errno = EINVAL; return -1; } log_debug(knet_h, KNET_SUB_COMPRESS, "Initizializing compress module [%s/%d/%u]", knet_handle_compress_cfg->compress_model, knet_handle_compress_cfg->compress_level, knet_handle_compress_cfg->compress_threshold); if (cmp_model > 0) { if (compress_modules_cmds[cmp_model].built_in == 0) { log_err(knet_h, KNET_SUB_COMPRESS, "compress model %s support has not been built in. Please contact your vendor or fix the build", knet_handle_compress_cfg->compress_model); errno = EINVAL; return -1; } if (knet_handle_compress_cfg->compress_threshold > KNET_MAX_PACKET_SIZE) { log_err(knet_h, KNET_SUB_COMPRESS, "compress threshold cannot be higher than KNET_MAX_PACKET_SIZE (%d).", KNET_MAX_PACKET_SIZE); errno = EINVAL; return -1; } if (knet_handle_compress_cfg->compress_threshold == 0) { knet_h->compress_threshold = KNET_COMPRESS_THRESHOLD; log_debug(knet_h, KNET_SUB_COMPRESS, "resetting compression threshold to default (%d)", KNET_COMPRESS_THRESHOLD); } else { knet_h->compress_threshold = knet_handle_compress_cfg->compress_threshold; } savederrno = pthread_rwlock_rdlock(&shlib_rwlock); if (savederrno) { log_err(knet_h, KNET_SUB_COMPRESS, "Unable to get read lock: %s", strerror(savederrno)); errno = savederrno; return -1; } if (!compress_check_lib_is_init(knet_h, cmp_model)) { /* * need to switch to write lock, load the lib, and return with a write lock * this is not racy because compress_load_lib is written idempotent. */ pthread_rwlock_unlock(&shlib_rwlock); savederrno = pthread_rwlock_wrlock(&shlib_rwlock); if (savederrno) { log_err(knet_h, KNET_SUB_COMPRESS, "Unable to get write lock: %s", strerror(savederrno)); errno = savederrno; return -1; } if (compress_load_lib(knet_h, cmp_model, 0) < 0) { savederrno = errno; log_err(knet_h, KNET_SUB_COMPRESS, "Unable to load library: %s", strerror(savederrno)); err = -1; goto out_unlock; } } if (val_level(knet_h, cmp_model, knet_handle_compress_cfg->compress_level) < 0) { log_err(knet_h, KNET_SUB_COMPRESS, "compress level %d not supported for model %s", knet_handle_compress_cfg->compress_level, knet_handle_compress_cfg->compress_model); savederrno = EINVAL; err = -1; goto out_unlock; } out_unlock: pthread_rwlock_unlock(&shlib_rwlock); } if (!err) { knet_h->compress_model = cmp_model; knet_h->compress_level = knet_handle_compress_cfg->compress_level; } else { knet_h->compress_model = 0; } errno = savederrno; return err; } void compress_fini( knet_handle_t knet_h, int all) { int savederrno = 0; int idx = 0; savederrno = pthread_rwlock_wrlock(&shlib_rwlock); if (savederrno) { log_err(knet_h, KNET_SUB_COMPRESS, "Unable to get write lock: %s", strerror(savederrno)); return; } while (compress_modules_cmds[idx].model_name != NULL) { if ((compress_modules_cmds[idx].built_in == 1) && (compress_modules_cmds[idx].loaded == 1) && (compress_modules_cmds[idx].model_id > 0) && (knet_h->compress_int_data[idx] != NULL) && (idx < KNET_MAX_COMPRESS_METHODS)) { if ((all) || (compress_modules_cmds[idx].model_id == knet_h->compress_model)) { if (compress_modules_cmds[idx].fini != NULL) { compress_modules_cmds[idx].fini(knet_h, idx); } else { knet_h->compress_int_data[idx] = NULL; } } } idx++; } pthread_rwlock_unlock(&shlib_rwlock); return; } /* * compress does not require compress_check_lib_is_init * because it's protected by compress_cfg */ int compress( knet_handle_t knet_h, const unsigned char *buf_in, const ssize_t buf_in_len, unsigned char *buf_out, ssize_t *buf_out_len) { return compress_modules_cmds[knet_h->compress_model].compress(knet_h, buf_in, buf_in_len, buf_out, buf_out_len); } int decompress( knet_handle_t knet_h, int compress_model, const unsigned char *buf_in, const ssize_t buf_in_len, unsigned char *buf_out, ssize_t *buf_out_len) { int savederrno = 0, err = 0; if (compress_model > max_model) { log_err(knet_h, KNET_SUB_COMPRESS, "Received packet with unknown compress model %d", compress_model); errno = EINVAL; return -1; } if (compress_is_valid_model(compress_model) < 0) { log_err(knet_h, KNET_SUB_COMPRESS, "Received packet compressed with %s but support is not built in this version of libknet. Please contact your distribution vendor or fix the build.", compress_modules_cmds[compress_model].model_name); errno = EINVAL; return -1; } savederrno = pthread_rwlock_rdlock(&shlib_rwlock); if (savederrno) { log_err(knet_h, KNET_SUB_COMPRESS, "Unable to get read lock: %s", strerror(savederrno)); errno = savederrno; return -1; } if (!compress_check_lib_is_init(knet_h, compress_model)) { /* * need to switch to write lock, load the lib, and return with a write lock * this is not racy because compress_load_lib is written idempotent. */ pthread_rwlock_unlock(&shlib_rwlock); savederrno = pthread_rwlock_wrlock(&shlib_rwlock); if (savederrno) { log_err(knet_h, KNET_SUB_COMPRESS, "Unable to get write lock: %s", strerror(savederrno)); errno = savederrno; return -1; } if (compress_load_lib(knet_h, compress_model, 1) < 0) { savederrno = errno; err = -1; log_err(knet_h, KNET_SUB_COMPRESS, "Unable to load library: %s", strerror(savederrno)); goto out_unlock; } } err = compress_modules_cmds[compress_model].decompress(knet_h, buf_in, buf_in_len, buf_out, buf_out_len); savederrno = errno; out_unlock: pthread_rwlock_unlock(&shlib_rwlock); errno = savederrno; return err; } int knet_get_compress_list(struct knet_compress_info *compress_list, size_t *compress_list_entries) { int err = 0; int idx = 0; int outidx = 0; if (!compress_list_entries) { errno = EINVAL; return -1; } while (compress_modules_cmds[idx].model_name != NULL) { if (compress_modules_cmds[idx].built_in) { if (compress_list) { compress_list[outidx].name = compress_modules_cmds[idx].model_name; } outidx++; } idx++; } *compress_list_entries = outidx; return err; } diff --git a/libknet/compress.h b/libknet/compress.h index 717698d8..f2d0def9 100644 --- a/libknet/compress.h +++ b/libknet/compress.h @@ -1,118 +1,40 @@ /* * Copyright (C) 2017 Red Hat, Inc. All rights reserved. * * Author: Fabio M. Di Nitto * * This software licensed under GPL-2.0+, LGPL-2.0+ */ #ifndef __KNET_COMPRESS_H__ #define __KNET_COMPRESS_H__ #include "internals.h" -typedef struct { - const char *model_name; - uint8_t model_id; /* sequencial unique identifier */ - uint8_t built_in; /* set at configure/build time to 1 if available */ - - /* - * shared lib load functions - * - * both are called in shlib_rwlock write context and should - * update the loaded status below. - */ - int (*load_lib) (knet_handle_t knet_h); - - /* - * library is loaded - */ - uint8_t loaded; - - /* - * runtime bits - */ - - /* - * some libs need special init and handling of buffers etc. - * is_init is called in shlib_rwlock read only context to see if - * the module has been initialized within this knet_handle. - * Providing is_init is optional. A module that does not export - * an is_init and if the associated shared library is already loaded - * is treated as "does not require init". - */ - int (*is_init) (knet_handle_t knet_h, int method_idx); - - /* - * init is called when the library requires special init handling, - * such as memory allocation and such. - * init is invoked in shlib_rwlock write only context when - * the module exports this function. - * It is optional to provide an init function if the module - * does not require any init. - */ - int (*init) (knet_handle_t knet_h, int method_idx); - - /* - * fini is invoked only on knet_handle_free in a write only context. - * It is optional to provide this function if the module - * does not require any finalization - */ - void (*fini) (knet_handle_t knet_h, int method_idx); - - /* - * runtime config validation and compress/decompress - */ - - /* - * required functions - * - * val_level is called upon compress configuration changes - * to make sure that the requested compress_level is valid - * within the context of a given module. - */ - int (*val_level)(knet_handle_t knet_h, - int compress_level); - - /* - * hopefully those 2 don't require any explanation.... - */ - int (*compress) (knet_handle_t knet_h, - const unsigned char *buf_in, - const ssize_t buf_in_len, - unsigned char *buf_out, - ssize_t *buf_out_len); - int (*decompress)(knet_handle_t knet_h, - const unsigned char *buf_in, - const ssize_t buf_in_len, - unsigned char *buf_out, - ssize_t *buf_out_len); -} compress_model_t; - int compress_cfg( knet_handle_t knet_h, struct knet_handle_compress_cfg *knet_handle_compress_cfg); int compress_init( knet_handle_t knet_h); void compress_fini( knet_handle_t knet_h, int all); int compress( knet_handle_t knet_h, const unsigned char *buf_in, const ssize_t buf_in_len, unsigned char *buf_out, ssize_t *buf_out_len); int decompress( knet_handle_t knet_h, int compress_model, const unsigned char *buf_in, const ssize_t buf_in_len, unsigned char *buf_out, ssize_t *buf_out_len); #endif diff --git a/libknet/compress.h b/libknet/compress_model.h similarity index 80% copy from libknet/compress.h copy to libknet/compress_model.h index 717698d8..cc8ba8d3 100644 --- a/libknet/compress.h +++ b/libknet/compress_model.h @@ -1,118 +1,92 @@ /* * Copyright (C) 2017 Red Hat, Inc. All rights reserved. * * Author: Fabio M. Di Nitto * * This software licensed under GPL-2.0+, LGPL-2.0+ */ -#ifndef __KNET_COMPRESS_H__ -#define __KNET_COMPRESS_H__ +#ifndef __KNET_COMPRESS_MODEL_H__ +#define __KNET_COMPRESS_MODEL_H__ #include "internals.h" typedef struct { const char *model_name; uint8_t model_id; /* sequencial unique identifier */ uint8_t built_in; /* set at configure/build time to 1 if available */ /* * shared lib load functions * * both are called in shlib_rwlock write context and should * update the loaded status below. */ int (*load_lib) (knet_handle_t knet_h); /* * library is loaded */ uint8_t loaded; /* * runtime bits */ /* * some libs need special init and handling of buffers etc. * is_init is called in shlib_rwlock read only context to see if * the module has been initialized within this knet_handle. * Providing is_init is optional. A module that does not export * an is_init and if the associated shared library is already loaded * is treated as "does not require init". */ int (*is_init) (knet_handle_t knet_h, int method_idx); /* * init is called when the library requires special init handling, * such as memory allocation and such. * init is invoked in shlib_rwlock write only context when * the module exports this function. * It is optional to provide an init function if the module * does not require any init. */ int (*init) (knet_handle_t knet_h, int method_idx); /* * fini is invoked only on knet_handle_free in a write only context. * It is optional to provide this function if the module * does not require any finalization */ void (*fini) (knet_handle_t knet_h, int method_idx); /* * runtime config validation and compress/decompress */ /* * required functions * * val_level is called upon compress configuration changes * to make sure that the requested compress_level is valid * within the context of a given module. */ int (*val_level)(knet_handle_t knet_h, int compress_level); /* * hopefully those 2 don't require any explanation.... */ int (*compress) (knet_handle_t knet_h, const unsigned char *buf_in, const ssize_t buf_in_len, unsigned char *buf_out, ssize_t *buf_out_len); int (*decompress)(knet_handle_t knet_h, const unsigned char *buf_in, const ssize_t buf_in_len, unsigned char *buf_out, ssize_t *buf_out_len); } compress_model_t; -int compress_cfg( - knet_handle_t knet_h, - struct knet_handle_compress_cfg *knet_handle_compress_cfg); - -int compress_init( - knet_handle_t knet_h); - -void compress_fini( - knet_handle_t knet_h, - int all); - -int compress( - knet_handle_t knet_h, - const unsigned char *buf_in, - const ssize_t buf_in_len, - unsigned char *buf_out, - ssize_t *buf_out_len); - -int decompress( - knet_handle_t knet_h, - int compress_model, - const unsigned char *buf_in, - const ssize_t buf_in_len, - unsigned char *buf_out, - ssize_t *buf_out_len); - #endif