Merge pull request #211 from kronosnet/stable1-proposed

stable1-proposed
kronosnet · May 9, 2019 · c8aceef · c8aceef
2 parents 1bab387 + c8522bf
commit c8aceef
Show file tree

Hide file tree

Showing 7 changed files with 104 additions and 36 deletions.
diff --git a/build-aux/knet_valgrind_memcheck.supp b/build-aux/knet_valgrind_memcheck.supp
@@ -588,3 +588,20 @@
    obj:/usr/lib64/libnss3.so
    obj:/usr/lib64/libnss3.so
 }
+{
+   nss internal leak (3.41) non recurring (spotted on f29)
+   Memcheck:Leak
+   match-leak-kinds: definite
+   fun:malloc
+   obj:*
+   obj:*
+   obj:*
+   obj:*
+   obj:*
+   obj:*
+   obj:*
+   obj:*
+   obj:*
+   obj:*
+   obj:/usr/lib64/libnss3.so
+}
diff --git a/libknet/crypto_nss.c b/libknet/crypto_nss.c
@@ -64,32 +64,28 @@ enum nsscrypto_crypt_t {
 	CRYPTO_CIPHER_TYPE_NONE = 0,
 	CRYPTO_CIPHER_TYPE_AES256 = 1,
 	CRYPTO_CIPHER_TYPE_AES192 = 2,
-	CRYPTO_CIPHER_TYPE_AES128 = 3,
-	CRYPTO_CIPHER_TYPE_3DES = 4
+	CRYPTO_CIPHER_TYPE_AES128 = 3
 };
 
 CK_MECHANISM_TYPE cipher_to_nss[] = {
 	0,				/* CRYPTO_CIPHER_TYPE_NONE */
 	CKM_AES_CBC_PAD,		/* CRYPTO_CIPHER_TYPE_AES256 */
 	CKM_AES_CBC_PAD,		/* CRYPTO_CIPHER_TYPE_AES192 */
-	CKM_AES_CBC_PAD,		/* CRYPTO_CIPHER_TYPE_AES128 */
-	CKM_DES3_CBC_PAD 		/* CRYPTO_CIPHER_TYPE_3DES */
+	CKM_AES_CBC_PAD			/* CRYPTO_CIPHER_TYPE_AES128 */
 };
 
 size_t nsscipher_key_len[] = {
 	0,				/* CRYPTO_CIPHER_TYPE_NONE */
 	AES_256_KEY_LENGTH,		/* CRYPTO_CIPHER_TYPE_AES256 */
 	AES_192_KEY_LENGTH,		/* CRYPTO_CIPHER_TYPE_AES192 */
-	AES_128_KEY_LENGTH,		/* CRYPTO_CIPHER_TYPE_AES128 */
-	24				/* CRYPTO_CIPHER_TYPE_3DES */
+	AES_128_KEY_LENGTH		/* CRYPTO_CIPHER_TYPE_AES128 */
 };
 
 size_t nsscypher_block_len[] = {
 	0,				/* CRYPTO_CIPHER_TYPE_NONE */
 	AES_BLOCK_SIZE,			/* CRYPTO_CIPHER_TYPE_AES256 */
 	AES_BLOCK_SIZE,			/* CRYPTO_CIPHER_TYPE_AES192 */
-	AES_BLOCK_SIZE,			/* CRYPTO_CIPHER_TYPE_AES128 */
-	0				/* CRYPTO_CIPHER_TYPE_3DES */
+	AES_BLOCK_SIZE			/* CRYPTO_CIPHER_TYPE_AES128 */
 };
 
 /*
@@ -155,8 +151,6 @@ static int nssstring_to_crypto_cipher_type(const char* crypto_cipher_type)
 		return CRYPTO_CIPHER_TYPE_AES192;
 	} else if (strcmp(crypto_cipher_type, "aes128") == 0) {
 		return CRYPTO_CIPHER_TYPE_AES128;
-	} else if (strcmp(crypto_cipher_type, "3des") == 0) {
-		return CRYPTO_CIPHER_TYPE_3DES;
 	}
 	return -1;
 }

diff --git a/libknet/libknet.h b/libknet/libknet.h
@@ -151,6 +151,7 @@ knet_handle_t knet_handle_new(knet_node_id_t host_id,
 
 /**
  * knet_handle_free
+ *
  * @brief Destroy a knet handle, free all resources
  *
  * knet_h   - pointer to knet_handle_t
@@ -165,6 +166,7 @@ int knet_handle_free(knet_handle_t knet_h);
 
 /**
  * knet_handle_enable_sock_notify
+ *
  * @brief Register a callback to receive socket events
  *
  * knet_h   - pointer to knet_handle_t
@@ -275,6 +277,7 @@ int knet_handle_add_datafd(knet_handle_t knet_h, int *datafd, int8_t *channel);
 
 /**
  * knet_handle_remove_datafd
+ *
  * @brief Remove a file descriptor from knet
  *
  * knet_h   - pointer to knet_handle_t
@@ -293,6 +296,7 @@ int knet_handle_remove_datafd(knet_handle_t knet_h, int datafd);
 
 /**
  * knet_handle_get_channel
+ *
  * @brief Get the channel associated with a file descriptor
  *
  * knet_h  - pointer to knet_handle_t
@@ -313,6 +317,7 @@ int knet_handle_get_channel(knet_handle_t knet_h, const int datafd, int8_t *chan
 
 /**
  * knet_handle_get_datafd
+ *
  * @brief Get the file descriptor associated with a channel
  *
  * knet_h   - pointer to knet_handle_t
@@ -333,6 +338,7 @@ int knet_handle_get_datafd(knet_handle_t knet_h, const int8_t channel, int *data
 
 /**
  * knet_recv
+ *
  * @brief Receive data from knet nodes
  *
  * knet_h   - pointer to knet_handle_t
@@ -355,6 +361,7 @@ ssize_t knet_recv(knet_handle_t knet_h,
 
 /**
  * knet_send
+ *
  * @brief Send data to knet nodes
  *
  * knet_h   - pointer to knet_handle_t
@@ -587,8 +594,7 @@ int knet_handle_pmtud_get(knet_handle_t knet_h,
 				unsigned int *data_mtu);
 
 
-
-#define KNET_MIN_KEY_LEN  256
+#define KNET_MIN_KEY_LEN  128
 #define KNET_MAX_KEY_LEN 4096
 
 struct knet_handle_crypto_cfg {
@@ -618,7 +624,7 @@ struct knet_handle_crypto_cfg {
  *                         It can be set to "none" to disable
  *                         encryption.
  *                         Currently supported by "nss" model:
- *                         "3des", "aes128", "aes192" and "aes256".
+ *                         "aes128", "aes192" and "aes256".
  *                         "openssl" model supports more modes and it strictly
  *                         depends on the openssl build. See: EVP_get_cipherbyname
  *                         openssl API call for details.
@@ -1021,10 +1027,10 @@ int knet_host_get_host_list(knet_handle_t knet_h,
 /**
  * knet_host_set_policy
  *
- * knet_h   - pointer to knet_handle_t
- *
  * @brief Set the switching policy for a host's links
  *
+ * knet_h   - pointer to knet_handle_t
+ *
  * host_id  - see knet_host_add(3)
  *
  * policy   - there are currently 3 kind of simple switching policies
@@ -1138,7 +1144,7 @@ struct knet_host_status {
 };
 
 /**
- * knet_host_status_get
+ * knet_host_get_status
  *
  * @brief Get the status of a host
  *
@@ -1933,7 +1939,7 @@ struct knet_log_msg {
 };
 
 /**
- * knet_log_set_log_level
+ * knet_log_set_loglevel
  *
  * @brief Set the logging level for a subsystem
  *
@@ -1956,7 +1962,7 @@ int knet_log_set_loglevel(knet_handle_t knet_h, uint8_t subsystem,
 			  uint8_t level);
 
 /**
- * knet_log_get_log_level
+ * knet_log_get_loglevel
  *
  * @brief Get the logging level for a subsystem
  *

diff --git a/libknet/transport_udp.c b/libknet/transport_udp.c
@@ -296,6 +296,8 @@ static int read_errs_from_sock(knet_handle_t knet_h, int sockfd)
 	struct sockaddr_storage *origin;
 	char addr_str[KNET_MAX_HOST_LEN];
 	char port_str[KNET_MAX_PORT_LEN];
+	char addr_remote_str[KNET_MAX_HOST_LEN];
+	char port_remote_str[KNET_MAX_PORT_LEN];
 
 	iov.iov_base = &icmph;
 	iov.iov_len = sizeof(icmph);
@@ -325,8 +327,8 @@ static int read_errs_from_sock(knet_handle_t knet_h, int sockfd)
 				sock_err = (struct sock_extended_err*)(void *)CMSG_DATA(cmsg);
 				if (sock_err) {
 					switch (sock_err->ee_origin) {
-						case 0: /* no origin */
-						case 1: /* local source (EMSGSIZE) */
+						case SO_EE_ORIGIN_NONE: /* no origin */
+						case SO_EE_ORIGIN_LOCAL: /* local source (EMSGSIZE) */
 							if (sock_err->ee_errno == EMSGSIZE) {
 								if (pthread_mutex_lock(&knet_h->kmtu_mutex) != 0) {
 									log_debug(knet_h, KNET_SUB_TRANSP_UDP, "Unable to get mutex lock");
@@ -358,16 +360,22 @@ static int read_errs_from_sock(knet_handle_t knet_h, int sockfd)
 							 * those errors are way too noisy
 							 */
 							break;
-						case 2: /* ICMP */
-						case 3: /* ICMP6 */
+						case SO_EE_ORIGIN_ICMP:  /* ICMP */
+						case SO_EE_ORIGIN_ICMP6: /* ICMP6 */
 							origin = (struct sockaddr_storage *)(void *)SO_EE_OFFENDER(sock_err);
 							if (knet_addrtostr(origin, sizeof(origin),
 									   addr_str, KNET_MAX_HOST_LEN,
 									   port_str, KNET_MAX_PORT_LEN) < 0) {
 								log_debug(knet_h, KNET_SUB_TRANSP_UDP, "Received ICMP error from unknown source: %s", strerror(sock_err->ee_errno));
 
 							} else {
-								log_debug(knet_h, KNET_SUB_TRANSP_UDP, "Received ICMP error from %s: %s", addr_str, strerror(sock_err->ee_errno));
+								if (knet_addrtostr(&remote, sizeof(remote),
+									       addr_remote_str, KNET_MAX_HOST_LEN,
+									       port_remote_str, KNET_MAX_PORT_LEN) < 0) {
+									log_debug(knet_h, KNET_SUB_TRANSP_UDP, "Received ICMP error from %s: %s destination unknown", addr_str, strerror(sock_err->ee_errno));
+								} else {
+									log_debug(knet_h, KNET_SUB_TRANSP_UDP, "Received ICMP error from %s: %s %s", addr_str, strerror(sock_err->ee_errno), addr_remote_str);
+								}
 							}
 							break;
 					}

diff --git a/libnozzle/libnozzle.h b/libnozzle/libnozzle.h
@@ -25,6 +25,7 @@ typedef struct nozzle_iface *nozzle_t;
 
 /**
  * nozzle_open
+ *
  * @brief create a new tap device on the system.
  *
  * devname - pointer to device name of at least size IFNAMSIZ.
@@ -55,6 +56,7 @@ nozzle_t nozzle_open(char *devname, size_t devname_size, const char *updownpath)
 
 /**
  * nozzle_close
+ *
  * @brief deconfigure and destroy a nozzle device
  *
  * nozzle - pointer to the nozzle struct to destroy
@@ -74,9 +76,8 @@ int nozzle_close(nozzle_t nozzle);
 
 /**
  * nozzle_run_updown
- * @brief execute updown commands associated with a nozzle device. It is
- *        the application responsibility to call helper scripts
- *        before or after creating/destroying interfaces or IP addresses.
+ *
+ * @brief execute updown commands associated with a nozzle device.
  *
  * nozzle - pointer to the nozzle struct
  *
@@ -86,6 +87,9 @@ int nozzle_close(nozzle_t nozzle);
  *               The string is malloc'ed, the caller needs to free the buffer.
  *               If the script generates no output this string might be NULL.
  *
+ * It is the application responsibility to call helper scripts
+ * before or after creating/destroying interfaces or IP addresses.
+ *
  * @return
  * 0 on success
  * -1 on error and errno is set (sanity checks and internal calls.
@@ -96,6 +100,7 @@ int nozzle_run_updown(const nozzle_t nozzle, uint8_t action, char **exec_string)
 
 /**
  * nozzle_set_up
+ *
  * @brief equivalent of ifconfig up
  *
  * nozzle - pointer to the nozzle struct
@@ -109,6 +114,7 @@ int nozzle_set_up(nozzle_t nozzle);
 
 /**
  * nozzle_set_down
+ *
  * @brief equivalent of ifconfig down
  *
  * nozzle - pointer to the nozzle struct
@@ -122,6 +128,7 @@ int nozzle_set_down(nozzle_t nozzle);
 
 /**
  * nozzle_add_ip
+ *
  * @brief equivalent of ip addr or ifconfig <ipaddress/prefix>
  *
  * nozzle - pointer to the nozzle struct
@@ -142,6 +149,7 @@ int nozzle_add_ip(nozzle_t nozzle, const char *ipaddr, const char *prefix);
 
 /**
  * nozzle_del_ip
+ *
  * @brief equivalent of ip addr del or ifconfig del <ipaddress/prefix>
  *
  * nozzle - pointer to the nozzle struct
@@ -170,6 +178,7 @@ struct nozzle_ip {
 
 /**
  * nozzle_get_ips
+ *
  * @brief retrieve the list of all configured ips for a given interface
  *
  * nozzle - pointer to the nozzle struct
@@ -191,6 +200,7 @@ int nozzle_get_ips(const nozzle_t nozzle, struct nozzle_ip **nozzle_ip);
 
 /**
  * nozzle_get_mtu
+ *
  * @brief retrieve mtu on a given nozzle interface
  *
  * nozzle - pointer to the nozzle struct
@@ -204,6 +214,7 @@ int nozzle_get_mtu(const nozzle_t nozzle);
 
 /**
  * nozzle_set_mtu
+ *
  * @brief set mtu on a given nozzle interface
  *
  * nozzle - pointer to the nozzle struct
@@ -219,6 +230,7 @@ int nozzle_set_mtu(nozzle_t nozzle, const int mtu);
 
 /**
  * nozzle_reset_mtu
+ *
  * @brief reset mtu on a given nozzle interface to the system default
  *
  * nozzle - pointer to the nozzle struct
@@ -232,6 +244,7 @@ int nozzle_reset_mtu(nozzle_t nozzle);
 
 /**
  * nozzle_get_mac
+ *
  * @brief retrieve mac address on a given nozzle interface
  *
  * nozzle - pointer to the nozzle struct
@@ -247,6 +260,7 @@ int nozzle_get_mac(const nozzle_t nozzle, char **ether_addr);
 
 /**
  * nozzle_set_mac
+ *
  * @brief set mac address on a given nozzle interface
  *
  * nozzle - pointer to the nozzle struct
@@ -262,6 +276,7 @@ int nozzle_set_mac(nozzle_t nozzle, const char *ether_addr);
 
 /**
  * nozzle_reset_mac
+ *
  * @brief reset mac address on a given nozzle interface to system default
  *
  * nozzle - pointer to the nozzle struct
@@ -275,6 +290,7 @@ int nozzle_reset_mac(nozzle_t nozzle);
 
 /**
  * nozzle_get_handle_by_name
+ *
  * @brief find a nozzle handle by device name
  *
  * devname - string containing the name of the interface
@@ -288,6 +304,7 @@ nozzle_t nozzle_get_handle_by_name(const char *devname);
 
 /**
  * nozzle_get_name_by_handle
+ *
  * @brief retrieve nozzle interface name by handle
  *
  * nozzle - pointer to the nozzle struct
@@ -301,6 +318,7 @@ const char *nozzle_get_name_by_handle(const nozzle_t nozzle);
 
 /**
  * nozzle_get_fd
+ *
  * @brief
  *
  * nozzle - pointer to the nozzle struct

diff --git a/man/api-to-man-page-coverage b/man/api-to-man-page-coverage
@@ -14,6 +14,21 @@ target="$2"
 headerapicalls="$(grep ${target}_ "$srcdir"/lib${target}/lib${target}.h | grep -v "^ \*" | grep -v ^struct | grep -v "^[[:space:]]" | grep -v typedef | sed -e 's/(.*//g' -e 's/^const //g' -e 's/\*//g' | awk '{print $2}')"
 manpages="$(grep ${target}_ "$srcdir"/man/Makefile.am |grep -v man3 |grep -v xml | sed -e 's/\.3.*//g')"
 
+echo "Checking for header format errors"
+
+for i in $headerapicalls; do
+	echo "Checking $i"
+	header="$(grep " \* ${i}$" "$srcdir"/lib${target}/lib${target}.h -A2)"
+	brief="$(echo "$header" | tail -n 1 |grep "@brief")"
+	if [ -z "$brief" ]; then
+		echo "Error found in $i doxy header section"
+		echo "$header"
+		echo ""
+		echo "$brief"
+		exit 1
+	fi
+done
+
 echo "Checking for symbols in header file NOT distributed as manpages"
 
 for i in $headerapicalls; do