niklas/cyclonedds
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #279 from martinbremmer/merge4

Browse source 
Merge master into security
This commit is contained in:
eboasson 2019-10-22 20:31:12 +02:00 committed by GitHub
commit 5399e5103c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
93 changed files with 7999 additions and 13305 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/core/ddsc/src/dds_domain.c
View file

@ -51,7 +51,6 @@ static const ddsrt_avl_treedef_t dds_domaintree_def = DDSRT_AVL_TREEDEF_INITIALI
static dds_return_t dds_domain_init (dds_domain *domain, dds_domainid_t domain_id, const char *config)
{
dds_return_t ret = DDS_RETCODE_OK;
char * uri = NULL;
uint32_t len;
dds_entity_t domain_handle;
@ -90,7 +89,7 @@ static dds_return_t dds_domain_init (dds_domain *domain, dds_domainid_t domain_i
domain->cfgst = config_init (config, &domain->gv.config, domain_id);
if (domain->cfgst == NULL)
{
DDS_ILOG (DDS_LC_CONFIG, domain_id, "Failed to parse configuration XML file %s\n", uri);
DDS_ILOG (DDS_LC_CONFIG, domain_id, "Failed to parse configuration\n");
ret = DDS_RETCODE_ERROR;
goto fail_config;
}

2
src/core/ddsi/CMakeLists.txt
View file

@ -47,7 +47,6 @@ PREPEND(srcs_ddsi "${CMAKE_CURRENT_LIST_DIR}/src"
q_qosmatch.c
q_radmin.c
q_receive.c
q_security.c
q_sockwaitset.c
q_thread.c
q_time.c
@ -106,7 +105,6 @@ PREPEND(hdrs_private_ddsi "${CMAKE_CURRENT_LIST_DIR}/include/dds/ddsi"
q_radmin.h
q_receive.h
q_rtps.h
q_security.h
q_sockwaitset.h
q_thread.h
q_time.h

5
src/core/ddsi/include/dds/ddsi/ddsi_iid.h
View file

@ -21,12 +21,7 @@ extern "C" {
#endif
struct ddsi_iid {
#if DDSRT_ATOMIC64_SUPPORT
ddsrt_atomic_uint64_t counter;
#else
ddsrt_mutex_t lock;
uint64_t counter;
#endif
uint32_t key[4];
};

38
src/core/ddsi/include/dds/ddsi/q_config.h
View file

@ -14,9 +14,6 @@
#include "dds/ddsi/q_log.h"
#include "dds/ddsi/q_thread.h"
#ifdef DDSI_INCLUDE_ENCRYPTION
#include "dds/ddsi/q_security.h"
#endif /* DDSI_INCLUDE_ENCRYPTION */
#include "dds/ddsi/q_xqos.h"
#include "dds/ddsi/q_feature_check.h"
@ -73,34 +70,6 @@ struct config_listelem {
struct config_listelem *next;
};
#ifdef DDSI_INCLUDE_ENCRYPTION
struct q_security_plugins
{
c_bool (*encode) (q_securityEncoderSet, uint32_t, void *, uint32_t, uint32_t *);
c_bool (*decode) (q_securityDecoderSet, void *, size_t, size_t *);
q_securityEncoderSet (*new_encoder) (void);
q_securityDecoderSet (*new_decoder) (void);
c_bool (*free_encoder) (q_securityEncoderSet);
c_bool (*free_decoder) (q_securityDecoderSet);
ssize_t (*send_encoded) (ddsi_tran_conn_t, const nn_locator_t *dst, size_t niov, ddsrt_iovec_t *iov, q_securityEncoderSet *, uint32_t, uint32_t);
char * (*cipher_type) (q_cipherType);
c_bool (*cipher_type_from_string) (const char *, q_cipherType *);
uint32_t (*header_size) (q_securityEncoderSet, uint32_t);
q_cipherType (*encoder_type) (q_securityEncoderSet, uint32_t);
c_bool (*valid_uri) (q_cipherType, const char *);
};
struct q_security_plugins q_security_plugin;
struct config_securityprofile_listelem
{
struct config_securityprofile_listelem *next;
char *name;
q_cipherType cipher;
char *key;
};
#endif /* DDSI_INCLUDE_ENCRYPTION */
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
struct config_networkpartition_listelem {
struct config_networkpartition_listelem *next;
@ -108,10 +77,6 @@ struct config_networkpartition_listelem {
char *address_string;
struct addrset *as;
int connected;
#ifdef DDSI_INCLUDE_ENCRYPTION
char *profileName;
struct config_securityprofile_listelem *securityProfile;
#endif /* DDSI_INCLUDE_ENCRYPTION */
uint32_t partitionHash;
uint32_t partitionId;
};
@ -346,9 +311,6 @@ struct config
struct config_channel_listelem *channels;
struct config_channel_listelem *max_channel; /* channel with highest prio; always computed */
#endif /* DDSI_INCLUDE_NETWORK_CHANNELS */
#ifdef DDSI_INCLUDE_ENCRYPTION
struct config_securityprofile_listelem *securityProfiles;
#endif /* DDSI_INCLUDE_ENCRYPTION */
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
struct config_networkpartition_listelem *networkPartitions;
unsigned nof_networkPartitions;

33
src/core/ddsi/include/dds/ddsi/q_entity.h
View file

@ -203,28 +203,7 @@ enum writer_state {
WRST_DELETING /* writer is actually being deleted (removed from hash table) */
};
#if DDSRT_ATOMIC64_SUPPORT
typedef ddsrt_atomic_uint64_t seq_xmit_t;
#define INIT_SEQ_XMIT(wr, v) ddsrt_atomic_st64(&(wr)->seq_xmit, (uint64_t) (v))
#define READ_SEQ_XMIT(wr) ((seqno_t) ddsrt_atomic_ld64(&(wr)->seq_xmit))
#define UPDATE_SEQ_XMIT_LOCKED(wr, nv) do { uint64_t ov_; do { \
ov_ = ddsrt_atomic_ld64(&(wr)->seq_xmit); \
if ((uint64_t) nv <= ov_) break; \
} while (!ddsrt_atomic_cas64(&(wr)->seq_xmit, ov_, (uint64_t) nv)); } while (0)
#define UPDATE_SEQ_XMIT_UNLOCKED(sx, nv) UPDATE_SEQ_XMIT_LOCKED(sx, nv)
#else
typedef seqno_t seq_xmit_t;
#define INIT_SEQ_XMIT(wr, v) ((wr)->seq_xmit = (v))
#define READ_SEQ_XMIT(wr) ((wr)->seq_xmit)
#define UPDATE_SEQ_XMIT_LOCKED(wr, nv) do { \
if ((nv) > (wr)->seq_xmit) { (wr)->seq_xmit = (nv); } \
} while (0)
#define UPDATE_SEQ_XMIT_UNLOCKED(wr, nv) do { \
ddsrt_mutex_lock (&(wr)->e.lock); \
if ((nv) > (wr)->seq_xmit) { (wr)->seq_xmit = (nv); } \
ddsrt_mutex_unlock (&(wr)->e.lock); \
} while (0)
#endif
struct writer
{
@ -276,6 +255,18 @@ struct writer
struct local_reader_ary rdary; /* LOCAL readers for fast-pathing; if not fast-pathed, fall back to scanning local_readers */
};
inline seqno_t writer_read_seq_xmit (const struct writer *wr) {
return (seqno_t) ddsrt_atomic_ld64 (&wr->seq_xmit);
}
inline void writer_update_seq_xmit (struct writer *wr, seqno_t nv) {
uint64_t ov;
do {
ov = ddsrt_atomic_ld64 (&wr->seq_xmit);
if ((uint64_t) nv <= ov) break;
} while (!ddsrt_atomic_cas64 (&wr->seq_xmit, ov, (uint64_t) nv));
}
struct reader
{
struct entity_common e;

9
src/core/ddsi/include/dds/ddsi/q_feature_check.h
View file

@ -11,9 +11,6 @@
*/
/* Feature macros:
- ENCRYPTION: support for encryption
requires: NETWORK_PARTITIONS
- SSM: support for source-specific multicast
requires: NETWORK_PARTIITONS
also requires platform support; SSM is silently disabled if the
@ -31,12 +28,6 @@
*/
#ifdef DDSI_INCLUDE_ENCRYPTION
#ifndef DDSI_INCLUDE_NETWORK_PARTITIONS
#error "ENCRYPTION requires NETWORK_PARTITIONS"
#endif
#endif
#ifdef DDSI_INCLUDE_SSM
#ifndef DDSI_INCLUDE_NETWORK_PARTITIONS
#error "SSM requires NETWORK_PARTITIONS"

11
src/core/ddsi/include/dds/ddsi/q_globals.h
View file

@ -26,10 +26,6 @@
#include "dds/ddsi/q_sockwaitset.h"
#include "dds/ddsi/q_config.h"
#ifdef DDSI_INCLUDE_ENCRYPTION
#include "dds/ddsi/q_security.h" /* for q_securityDecoderSet */
#endif /* DDSI_INCLUDE_ENCRYPTION */
#if defined (__cplusplus)
extern "C" {
#endif
@ -288,13 +284,6 @@ struct q_globals {
int sendq_stop;
struct thread_state1 *sendq_ts;
#ifdef DDSI_INCLUDE_ENCRYPTION
/* Codecs needed for decoding incoming encrypted messages
FIXME: should be a property of the receiver thread, and pass down
while processing messages. For now made global */
q_securityDecoderSet recvSecurityCodec;
#endif /* DDSI_INCLUDE_ENCRYPTION */
/* File for dumping captured packets, NULL if disabled */
FILE *pcap_fp;
ddsrt_mutex_t pcap_lock;

46
src/core/ddsi/include/dds/ddsi/q_security.h
View file

@ -1,46 +0,0 @@
/*
* Copyright(c) 2006 to 2018 ADLINK Technology Limited and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0 which is available at
* http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License
* v. 1.0 which is available at
* http://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
*/
#ifdef DDSI_INCLUDE_ENCRYPTION
#ifndef Q_SECURITY_H
#define Q_SECURITY_H
#include "c_typebase.h"
#if defined (__cplusplus)
extern "C" {
#endif
/* Generic class */
C_CLASS(q_securityEncoderSet);
C_CLASS(q_securityDecoderSet);
/* Set of supported ciphers */
typedef enum
{
Q_CIPHER_UNDEFINED,
Q_CIPHER_NULL,
Q_CIPHER_BLOWFISH,
Q_CIPHER_AES128,
Q_CIPHER_AES192,
Q_CIPHER_AES256,
Q_CIPHER_NONE,
Q_CIPHER_MAX
} q_cipherType;
void ddsi_security_plugin (void);
#if defined (__cplusplus)
}
#endif
#endif
#endif

34
src/core/ddsi/src/ddsi_iid.c
View file

@ -15,7 +15,7 @@
#include "dds/ddsrt/sync.h"
#include "dds/ddsi/ddsi_iid.h"
static struct ddsi_iid dds_iid;
static struct ddsi_iid ddsi_iid;
static void dds_tea_encrypt (uint32_t v[2], const uint32_t k[4])
{
@ -48,16 +48,8 @@ uint64_t ddsi_iid_gen (void)
{
uint64_t iid;
union { uint64_t u64; uint32_t u32[2]; } tmp;
#if DDSRT_ATOMIC64_SUPPORT
tmp.u64 = ddsrt_atomic_inc64_nv (&dds_iid.counter);
#else
ddsrt_mutex_lock (&dds_iid.lock);
tmp.u64 = ++dds_iid.counter;
ddsrt_mutex_unlock (&dds_iid.lock);
#endif
dds_tea_encrypt (tmp.u32, dds_iid.key);
tmp.u64 = ddsrt_atomic_inc64_nv (&ddsi_iid.counter);
dds_tea_encrypt (tmp.u32, ddsi_iid.key);
iid = tmp.u64;
return iid;
}
@ -65,26 +57,14 @@ uint64_t ddsi_iid_gen (void)
void ddsi_iid_init (void)
{
union { uint64_t u64; uint32_t u32[2]; } tmp;
#if ! DDSRT_ATOMIC64_SUPPORT
ddsrt_mutex_init (&dds_iid.lock);
#endif
for (size_t i = 0; i < sizeof (dds_iid.key) / sizeof (dds_iid.key[0]); i++)
dds_iid.key[0] = ddsrt_random ();
for (size_t i = 0; i < sizeof (ddsi_iid.key) / sizeof (ddsi_iid.key[0]); i++)
ddsi_iid.key[i] = ddsrt_random ();
tmp.u64 = 0;
dds_tea_decrypt (tmp.u32, dds_iid.key);
#if DDSRT_ATOMIC64_SUPPORT
ddsrt_atomic_st64 (&dds_iid.counter, tmp.u64);
#else
dds_iid.counter = tmp.u64;
#endif
dds_tea_decrypt (tmp.u32, ddsi_iid.key);
ddsrt_atomic_st64 (&ddsi_iid.counter, tmp.u64);
}
void ddsi_iid_fini (void)
{
#if ! DDSRT_ATOMIC64_SUPPORT
ddsrt_mutex_destroy (&dds_iid.lock);
#endif
}

232
src/core/ddsi/src/q_config.c
View file

@ -52,10 +52,6 @@ typedef enum update_result (*update_fun_t) (struct cfgst *cfgst, void *parent, s
typedef void (*free_fun_t) (struct cfgst *cfgst, void *parent, struct cfgelem const * const cfgelem);
typedef void (*print_fun_t) (struct cfgst *cfgst, void *parent, struct cfgelem const * const cfgelem, uint32_t sources);
#ifdef DDSI_INCLUDE_ENCRYPTION
struct q_security_plugins q_security_plugin = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL };
#endif
struct unit {
const char *name;
int64_t multiplier;
@ -120,6 +116,10 @@ struct cfgst {
been inserted */
enum implicit_toplevel implicit_toplevel;
/* Whether unique prefix matching on a name is allowed (again for environment
variables) */
bool partial_match_allowed;
/* current input, mask with 1 bit set */
uint32_t source;
@ -142,7 +142,7 @@ static const ddsrt_avl_treedef_t cfgst_found_treedef =
#define DU(fname) static enum update_result uf_##fname (struct cfgst *cfgst, void *parent, struct cfgelem const * const cfgelem, int first, const char *value)
#define PF(fname) static void pf_##fname (struct cfgst *cfgst, void *parent, struct cfgelem const * const cfgelem, uint32_t sources)
#define DUPF(fname) DU(fname) ; PF(fname)
PF(nop);
DUPF(nop);
DUPF(networkAddress);
DUPF(networkAddresses);
DU(ipv4);
@ -181,9 +181,6 @@ DUPF(retransmit_merging);
DUPF(sched_class);
DUPF(maybe_memsize);
DUPF(maybe_int32);
#ifdef DDSI_INCLUDE_ENCRYPTION
DUPF(cipher);
#endif
#ifdef DDSI_INCLUDE_BANDWIDTH_LIMITING
DUPF(bandwidth);
#endif
@ -207,9 +204,6 @@ DF(ff_networkAddresses);
#ifdef DDSI_INCLUDE_NETWORK_CHANNELS
DI(if_channel);
#endif /* DDSI_INCLUDE_NETWORK_CHANNELS */
#ifdef DDSI_INCLUDE_ENCRYPTION
DI(if_security_profile);
#endif
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
DI(if_network_partition);
DI(if_ignored_partition);
@ -290,33 +284,6 @@ static const struct cfgelem general_cfgelems[] = {
END_MARKER
};
#ifdef DDSI_INCLUDE_ENCRYPTION
static const struct cfgelem securityprofile_cfgattrs[] = {
{ ATTR("Name"), 1, NULL, RELOFF(config_securityprofile_listelem, name), 0, uf_string, ff_free, pf_string,
BLURB("<p>This attribute specifies the name of this DDSI2E security profile. Two security profiles cannot have the same name.</p>") },
{ ATTR("Cipher"), 1, "null", RELOFF(config_securityprofile_listelem, cipher), 0, uf_cipher, 0, pf_cipher,
BLURB("<p>This attribute specifies the cipher to be used for encrypting traffic over network partitions secured by this security profile. The possible ciphers are:</p>\n\
<ul><li><i>aes128</i>: AES with a 128-bit key;</li>\n\
<li><i>aes192</i>: AES with a 192-bit key;</li>\n\
<li><i>aes256</i>: AES with a 256-bit key;</li>\n\
<li><i>blowfish</i>: the Blowfish cipher with a 128 bit key;</li>\n\
<li><i>null</i>: no encryption;</li></ul>\n\
<p>SHA1 is used on conjunction with all ciphers except \"null\" to ensure data integrity.</p>") },
{ ATTR("CipherKey"), 1, "", RELOFF(config_securityprofile_listelem, key), 0, uf_string, ff_free, pf_key,
BLURB("<p>The CipherKey attribute is used to define the secret key required by the cipher selected using the Cipher attribute. The value can be a URI referencing an external file containing the secret key, or the secret key can be defined in-place as a string value.</p>\n\
<p>The key must be specified as a hexadecimal string with each character representing 4 bits of the key. E.g., 1ABC represents the 16-bit key 0001 1010 1011 1100. The key should not follow a well-known pattern and must exactly match the key length of the selected cipher.</p>\n\
<p>A malformed key will cause the security profile to be marked as invalid, and disable all network partitions secured by the (invalid) security profile to prevent information leaks.</p>\n\
<p>As all DDS applications require read access to the XML configuration file, for security reasons it is recommended to store the secret key in an external file in the file system, referenced by its URI. The file should be protected against read and write access from other users on the host.</p>") },
END_MARKER
};
static const struct cfgelem security_cfgelems[] = {
{ LEAF_W_ATTRS("SecurityProfile", securityprofile_cfgattrs), INT_MAX, 0, ABSOFF(securityProfiles), if_security_profile, 0, 0, 0,
BLURB("<p>This element defines a DDSI2E security profile.</p>") },
END_MARKER
};
#endif /* DDSI_INCLUDE_ENCRYPTION */
#ifdef DDSI_INCLUDE_SECURITY
/** Security Configuration */
static const struct cfgelem authentication_library_attributes[] = {
@ -468,10 +435,6 @@ static const struct cfgelem networkpartition_cfgattrs[] = {
BLURB("<p>This attribute specifies the multicast addresses associated with the network partition as a comma-separated list. Readers matching this network partition (cf. Partitioning/PartitionMappings) will listen for multicasts on all of these addresses and advertise them in the discovery protocol. The writers will select the most suitable address from the addresses advertised by the readers.</p>") },
{ ATTR("Connected"), 1, "true", RELOFF(config_networkpartition_listelem, connected), 0, uf_boolean, 0, pf_boolean,
BLURB("<p>This attribute is a placeholder.</p>") },
#ifdef DDSI_INCLUDE_ENCRYPTION
{ ATTR("SecurityProfile"), 1, "null", RELOFF(config_networkpartition_listelem, profileName), 0, uf_string, ff_free, pf_string,
BLURB("<p>This attribute selects the DDSI2E security profile for encrypting the traffic mapped to this DDSI2E network partition. The default \"null\" means the network partition is unsecured; any other name refers to a security profile defined using the Security/SecurityProfile elements.</p>") },
#endif /* DDSI_INCLUDE_ENCRYPTION */
END_MARKER
};
@ -907,7 +870,7 @@ static const struct cfgelem discovery_cfgelems[] = {
};
static const struct cfgelem tracing_cfgelems[] = {
{ LEAF("EnableCategory"), 1, "", 0, 0, 0, uf_tracemask, 0, pf_tracemask,
{ LEAF("Category|EnableCategory"), 1, "", 0, 0, 0, uf_tracemask, 0, pf_tracemask,
BLURB("<p>This element enables individual logging categories. These are enabled in addition to those enabled by Tracing/Verbosity. Recognised categories are:</p>\n\
<ul><li><i>fatal</i>: all fatal errors, errors causing immediate termination</li>\n\
<li><i>error</i>: failures probably impacting correctness but not necessarily causing immediate termination</li>\n\
@ -926,7 +889,7 @@ static const struct cfgelem tracing_cfgelems[] = {
<p>In addition, there is the keyword <i>trace</i> that enables all but <i>radmin</i>, <i>topic</i>, <i>plist</i> and <i>whc</i></p>.\n\
<p>The categorisation of tracing output is incomplete and hence most of the verbosity levels and categories are not of much use in the current release. This is an ongoing process and here we describe the target situation rather than the current situation. Currently, the most useful is <i>trace</i>.</p>") },
{ LEAF("Verbosity"), 1, "none", 0, 0, 0, uf_verbosity, 0, pf_nop,
BLURB("<p>This element enables standard groups of categories, based on a desired verbosity level. This is in addition to the categories enabled by the Tracing/EnableCategory setting. Recognised verbosity levels and the categories they map to are:</p>\n\
BLURB("<p>This element enables standard groups of categories, based on a desired verbosity level. This is in addition to the categories enabled by the Tracing/Category setting. Recognised verbosity levels and the categories they map to are:</p>\n\
<ul><li><i>none</i>: no DDSI2E log</li>\n\
<li><i>severe</i>: error and fatal</li>\n\
<li><i>warning</i>: <i>severe</i> + warning</li>\n\
@ -947,7 +910,7 @@ static const struct cfgelem tracing_cfgelems[] = {
};
static const struct cfgelem domain_cfgattrs[] = {
{ LEAF("Id"), 0, "any", ABSOFF(domainId), 0, uf_domainId, 0, pf_domainId,
{ ATTR("Id"), 0, "any", ABSOFF(domainId), 0, uf_domainId, 0, pf_domainId,
BLURB("<p>Domain id this configuration applies to, or \"any\" if it applies to all domain ids.</p>") },
END_MARKER
};
@ -956,10 +919,6 @@ static const struct cfgelem domain_cfgelems[] = {
{ MOVED("Id", "CycloneDDS/Domain[@Id]") },
{ GROUP("General", general_cfgelems),
BLURB("<p>The General element specifies overall DDSI2E service settings.</p>") },
#ifdef DDSI_INCLUDE_ENCRYPTION
{ GROUP("Security", security_cfgelems),
BLURB("<p>The Security element specifies DDSI2E security profiles that can be used to encrypt traffic mapped to DDSI2E network partitions.</p>") },
#endif
#ifdef DDSI_INCLUDE_SECURITY
{ MGROUP ("DDSSecurity", security_omg_config_elements, NULL), INT_MAX, NULL, ABSOFF(omg_security_configuration), if_omg_security, 0, 0, 0,
BLURB("<p>This element is used to configure DDSI2E with the DDS Security specification plugins and settings.</p>") },
@ -999,9 +958,6 @@ static const struct cfgelem root_cfgelems[] = {
{ GROUP_W_ATTRS("Domain", domain_cfgelems, domain_cfgattrs),
BLURB("<p>The General element specifying Domain related settings.</p>") },
{ MOVED("General", "CycloneDDS/Domain/General") },
#ifdef DDSI_INCLUDE_ENCRYPTION
{ MOVED("Security", "CycloneDDS/Domain/Security") },
#endif
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
{ MOVED("Partitioning", "CycloneDDS/Domain/Partitioning") },
#endif
@ -1026,8 +982,14 @@ static const struct cfgelem root_cfgelems[] = {
END_MARKER
};
static const struct cfgelem root_cfgattrs[] = {
{ ATTR("xmlns:xsi"), 0, "", 0, 0, 0, uf_nop, 0, pf_nop, NULL },
{ ATTR("xsi:noNamespaceSchemaLocation"), 0, "", 0, 0, 0, uf_nop, 0, pf_nop, NULL },
END_MARKER
};
static const struct cfgelem cyclonedds_root_cfgelems[] = {
{ "CycloneDDS", root_cfgelems, NULL, NODATA, BLURB("CycloneDDS configuration") },
{ "CycloneDDS", root_cfgelems, root_cfgattrs, NODATA, BLURB("CycloneDDS configuration") },
END_MARKER
};
@ -1416,15 +1378,6 @@ static int if_channel(struct cfgst *cfgst, void *parent, struct cfgelem const *
}
#endif /* DDSI_INCLUDE_NETWORK_CHANNELS */
#ifdef DDSI_INCLUDE_ENCRYPTION
static int if_security_profile (struct cfgst *cfgst, void *parent, struct cfgelem const * const cfgelem)
{
if (if_common (cfgst, parent, cfgelem, sizeof (struct config_securityprofile_listelem)) == NULL)
return -1;
return 0;
}
#endif /* DDSI_INCLUDE_ENCRYPTION */
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
static int if_network_partition (struct cfgst *cfgst, void *parent, struct cfgelem const * const cfgelem)
{
@ -1432,10 +1385,6 @@ static int if_network_partition (struct cfgst *cfgst, void *parent, struct cfgel
if (new == NULL)
return -1;
new->address_string = NULL;
#ifdef DDSI_INCLUDE_ENCRYPTION
new->profileName = NULL;
new->securityProfile = NULL;
#endif /* DDSI_INCLUDE_ENCRYPTION */
return 0;
}
@ -1480,6 +1429,11 @@ static void ff_free (struct cfgst *cfgst, void *parent, struct cfgelem const * c
ddsrt_free (*elem);
}
static enum update_result uf_nop (UNUSED_ARG (struct cfgst *cfgst), UNUSED_ARG (void *parent), UNUSED_ARG (struct cfgelem const * const cfgelem), UNUSED_ARG (int first), UNUSED_ARG (const char *value))
{
return URES_SUCCESS;
}
static void pf_nop (UNUSED_ARG (struct cfgst *cfgst), UNUSED_ARG (void *parent), UNUSED_ARG (struct cfgelem const * const cfgelem), UNUSED_ARG (uint32_t sources))
{
}
@ -1722,7 +1676,7 @@ static enum update_result uf_verbosity (struct cfgst *cfgst, UNUSED_ARG (void *p
static void pf_tracemask (struct cfgst *cfgst, UNUSED_ARG (void *parent), UNUSED_ARG (struct cfgelem const * const cfgelem), uint32_t sources)
{
/* EnableCategory is also (and often) set by Verbosity, so make an effort to locate the sources for verbosity and merge them in */
/* Category is also (and often) set by Verbosity, so make an effort to locate the sources for verbosity and merge them in */
struct cfgst_node *n;
struct cfgst_nodekey key;
bool isattr;
@ -1847,31 +1801,6 @@ static void pf_memsize (struct cfgst *cfgst, void *parent, struct cfgelem const
pf_int64_unit (cfgst, *elem, sources, unittab_memsize, "B");
}
#ifdef DDSI_INCLUDE_ENCRYPTION
static enum update_result uf_cipher(struct cfgst *cfgst, void *parent, struct cfgelem const * const cfgelem, UNUSED_ARG(int first), const char *value)
{
if (q_security_plugin.cipher_type_from_string)
{
q_cipherType * const elem = cfg_address (cfgst, parent, cfgelem);
if (! q_security_plugin.cipher_type_from_string (value, elem))
return cfg_error (cfgst, "%s: undefined value", value);
}
return URES_SUCCESS;
}
static void pf_cipher (struct cfgst *cfgst, void *parent, struct cfgelem const * const cfgelem, uint32_t sources)
{
q_cipherType const * const p = cfg_address (cfgst, parent, cfgelem);
if (q_security_plugin.cipher_type)
cfg_logelem (cfgst, sources, "%s", (q_security_plugin.cipher_type) (*p));
}
static void pf_key (struct cfgst *cfgst, UNUSED_ARG (void *parent), UNUSED_ARG (struct cfgelem const * const cfgelem), uint32_t sources)
{
cfg_logelem (cfgst, sources, "<hidden, see configfile>");
}
#endif /* DDSI_INCLUDE_ENCRYPTION */
static enum update_result uf_tracingOutputFileName (struct cfgst *cfgst, UNUSED_ARG (void *parent), UNUSED_ARG (struct cfgelem const * const cfgelem), UNUSED_ARG (int first), const char *value)
{
struct config * const cfg = cfgst->cfg;
@ -2476,10 +2405,17 @@ static void free_configured_elements (struct cfgst *cfgst, void *parent, struct
free_configured_element (cfgst, parent, ce);
}
static int matching_name_index (const char *name_w_aliases, const char *name)
static int matching_name_index (const char *name_w_aliases, const char *name, size_t *partial)
{
const char *ns = name_w_aliases, *p = strchr (ns, '|');
const char *ns = name_w_aliases;
const char *aliases = strchr (ns, '|');
const char *p = aliases;
int idx = 0;
if (partial)
{
/* may be set later on */
*partial = 0;
}
while (p)
{
if (ddsrt_strncasecmp (ns, name, (size_t) (p - ns)) == 0 && name[p - ns] == 0)
@ -2492,7 +2428,24 @@ static int matching_name_index (const char *name_w_aliases, const char *name)
p = strchr (ns, '|');
idx++;
}
return (ddsrt_strcasecmp (ns, name) == 0) ? idx : -1;
if (ddsrt_strcasecmp (ns, name) == 0)
return idx;
else
{
if (partial)
{
/* try a partial match on the primary name (the aliases are for backwards compatibility,
and as partial matches are for hackability, I am of the opinion that backwards
compatibility on those is a bit over the top) */
size_t max_len = strlen (name);
if (aliases && (size_t) (aliases - name_w_aliases) < max_len)
max_len = (size_t) (aliases - name_w_aliases);
if (ddsrt_strncasecmp (name_w_aliases, name, max_len) == 0)
*partial = max_len;
/* it may be a partial match, but it is still not a match */
}
return -1;
}
}
static const struct cfgelem *lookup_element (const char *target, bool *isattr)
@ -2523,7 +2476,7 @@ static const struct cfgelem *lookup_element (const char *target, bool *isattr)
}
for (; cfgelem->name; cfgelem++)
{
if (matching_name_index (cfgelem->name, p) >= 0)
if (matching_name_index (cfgelem->name, p, NULL) >= 0)
{
/* not supporting chained redirects */
assert (cfgelem->name[0] != '>');
@ -2566,6 +2519,8 @@ static int proc_elem_open (void *varg, UNUSED_ARG (uintptr_t parentinfo), UNUSED
const struct cfgelem *cfgelem = cfgst_tos (cfgst);
const struct cfgelem *cfg_subelem;
int moved = 0;
size_t partial = 0;
const struct cfgelem *partial_match = NULL;
if (cfgelem == NULL)
{
@ -2576,11 +2531,12 @@ static int proc_elem_open (void *varg, UNUSED_ARG (uintptr_t parentinfo), UNUSED
for (cfg_subelem = cfgelem->children; cfg_subelem && cfg_subelem->name && strcmp (cfg_subelem->name, "*") != 0; cfg_subelem++)
{
const char *csename = cfg_subelem->name;
size_t partial1;
int idx;
moved = (csename[0] == '>');
if (moved)
csename++;
idx = matching_name_index (csename, name);
idx = matching_name_index (csename, name, &partial1);
if (idx > 0)
{
if (csename[0] == '|')
@ -2594,15 +2550,34 @@ static int proc_elem_open (void *varg, UNUSED_ARG (uintptr_t parentinfo), UNUSED
}
}
if (idx >= 0)
{
/* an exact match is always good */
break;
}
if (partial1 > partial)
{
/* a longer prefix match is a candidate ... */
partial = partial1;
partial_match = cfg_subelem;
}
else if (partial1 > 0 && partial1 == partial)
{
/* ... but an ambiguous prefix match won't do */
partial_match = NULL;
}
}
if (cfg_subelem == NULL || cfg_subelem->name == NULL)
{
cfg_error (cfgst, "%s: unknown element", name);
cfgst_push (cfgst, 0, NULL, NULL);
return 0;
if (partial_match != NULL && cfgst->partial_match_allowed)
cfg_subelem = partial_match;
else
{
cfg_error (cfgst, "%s: unknown element", name);
cfgst_push (cfgst, 0, NULL, NULL);
return 0;
}
}
else if (strcmp (cfg_subelem->name, "*") == 0)
if (strcmp (cfg_subelem->name, "*") == 0)
{
/* Push a marker that we are to ignore this part of the DOM tree */
cfgst_push (cfgst, 0, NULL, NULL);
@ -2934,6 +2909,7 @@ struct cfgst *config_init (const char *config, struct config *cfg, uint32_t domi
}
cfgst->implicit_toplevel = (fp == NULL) ? ITL_ALLOWED : ITL_DISALLOWED;
cfgst->partial_match_allowed = (fp == NULL);
cfgst->first_data_in_source = true;
cfgst_push (cfgst, 0, &root_cfgelem, cfgst->cfg);
ok = (ddsrt_xmlp_parse (qx) >= 0) && !cfgst->error;
@ -3012,67 +2988,13 @@ struct cfgst *config_init (const char *config, struct config *cfg, uint32_t domi
ok = 0;
#endif
#ifdef DDSI_INCLUDE_ENCRYPTION
/* Check security profiles */
{
struct config_securityprofile_listelem *s = cfgst->cfg->securityProfiles;
while (s)
{
switch (s->cipher)
{
case Q_CIPHER_UNDEFINED:
case Q_CIPHER_NULL:
/* nop */
if (s->key && strlen(s->key) > 0)
DDS_ILOG (DDS_LC_INFO, domid, "config: DDSI2Service/Security/SecurityProfile[@cipherkey]: %s: cipher key not required\n", s->key);
break;
default:
/* read the cipherkey if present */
if (!s->key || strlen(s->key) == 0)
{
DDS_ILOG (DDS_LC_ERROR, domid, "config: DDSI2Service/Security/SecurityProfile[@cipherkey]: cipher key missing\n");
ok = 0;
}
else if (q_security_plugin.valid_uri && !(q_security_plugin.valid_uri) (s->cipher, s->key))
{
DDS_ILOG (DDS_LC_ERROR, domid, "config: DDSI2Service/Security/SecurityProfile[@cipherkey]: %s : incorrect key\n", s->key);
ok = 0;
}
}
s = s->next;
}
}
#endif /* DDSI_INCLUDE_ENCRYPTION */
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
/* Assign network partition ids */
#ifdef DDSI_INCLUDE_ENCRYPTION
/* also create links from the network partitions to the
securityProfiles and signal errors if profiles do not exist */
#endif /* DDSI_INCLUDE_ENCRYPTION */
{
struct config_networkpartition_listelem *p = cfgst->cfg->networkPartitions;
cfgst->cfg->nof_networkPartitions = 0;
while (p)
{
#ifdef DDSI_INCLUDE_ENCRYPTION
if (ddsrt_strcasecmp(p->profileName, "null") == 0)
p->securityProfile = NULL;
else
{
struct config_securityprofile_listelem *s = cfgst->cfg->securityProfiles;
while (s && ddsrt_strcasecmp(p->profileName, s->name) != 0)
s = s->next;
if (s)
p->securityProfile = s;
else
{
DDS_ILOG (DDS_LC_ERROR, domid, "config: DDSI2Service/Partitioning/NetworkPartitions/NetworkPartition[@securityprofile]: %s: unknown securityprofile\n", p->profileName);
ok = 0;
}
}
#endif /* DDSI_INCLUDE_ENCRYPTION */
cfgst->cfg->nof_networkPartitions++;
/* also use crc32 just like native nw and ordinary ddsi2e, only
for interoperability because it is asking for trouble &

2
src/core/ddsi/src/q_debmon.c
View file

@ -195,7 +195,7 @@ static int print_participants (struct thread_state1 * const ts1, struct q_global
whcst.min_seq, whcst.max_seq, whcst.unacked_bytes,
w->throttling ? " THROTTLING" : "",
w->whc_low, w->whc_high,
w->seq, READ_SEQ_XMIT(w), w->cs_seq);
w->seq, writer_read_seq_xmit (w), w->cs_seq);
if (w->reliable)
{
x += cpf (conn, " hb %"PRIu32" ackhb %"PRId64" hb %"PRId64" wr %"PRId64" sched %"PRId64" #rel %"PRId32"\n",

5
src/core/ddsi/src/q_entity.c
View file

@ -110,6 +110,9 @@ extern inline bool builtintopic_is_builtintopic (const struct ddsi_builtin_topic
extern inline struct ddsi_tkmap_instance *builtintopic_get_tkmap_entry (const struct ddsi_builtin_topic_interface *btif, const struct ddsi_guid *guid);
extern inline void builtintopic_write (const struct ddsi_builtin_topic_interface *btif, const struct entity_common *e, nn_wctime_t timestamp, bool alive);
extern inline seqno_t writer_read_seq_xmit (const struct writer *wr);
extern inline void writer_update_seq_xmit (struct writer *wr, seqno_t nv);
static int compare_guid (const void *va, const void *vb)
{
return memcmp (va, vb, sizeof (ddsi_guid_t));
@ -2735,7 +2738,7 @@ static void new_writer_guid_common_init (struct writer *wr, const struct ddsi_se
ddsrt_cond_init (&wr->throttle_cond);
wr->seq = 0;
wr->cs_seq = 0;
INIT_SEQ_XMIT(wr, 0);
ddsrt_atomic_st64 (&wr->seq_xmit, (uint64_t) 0);
wr->hbcount = 0;
wr->state = WRST_OPERATIONAL;
wr->hbfragcount = 0;

18
src/core/ddsi/src/q_init.c
View file

@ -1001,14 +1001,6 @@ int rtps_init (struct q_globals *gv)
gv->xmsgpool = nn_xmsgpool_new ();
gv->serpool = ddsi_serdatapool_new ();
#ifdef DDSI_INCLUDE_ENCRYPTION
if (q_security_plugin.new_decoder)
{
gv->recvSecurityCodec = (q_security_plugin.new_decoder) ();
GVLOG (DDS_LC_CONFIG, "decoderset created\n");
}
#endif
nn_plist_init_default_participant (&gv->default_plist_pp);
nn_plist_init_default_participant (&gv->default_local_plist_pp);
nn_xqos_init_default_reader (&gv->default_xqos_rd);
@ -1337,10 +1329,6 @@ err_unicast_sockets:
ddsrt_cond_destroy (&gv->participant_set_cond);
ddsrt_mutex_destroy (&gv->participant_set_lock);
free_special_topics (gv);
#ifdef DDSI_INCLUDE_ENCRYPTION
if (q_security_plugin.free_decoder)
q_security_plugin.free_decoder (gv->recvSecurityCodec);
#endif
nn_xqos_fini (&gv->builtin_endpoint_xqos_wr);
nn_xqos_fini (&gv->builtin_endpoint_xqos_rd);
nn_xqos_fini (&gv->spdp_endpoint_xqos);
@ -1498,12 +1486,6 @@ void rtps_stop (struct q_globals *gv)
nn_reorder_free (gv->spdp_reorder);
nn_defrag_free (gv->spdp_defrag);
ddsrt_mutex_destroy (&gv->spdp_lock);
#ifdef DDSI_INCLUDE_ENCRYPTION
if (q_security_plugin.free_decoder)
{
(q_security_plugin.free_decoder) (gv->recvSecurityCodec);
}
#endif /* DDSI_INCLUDE_ENCRYPTION */
{
struct ephash_enum_proxy_participant est;

70
src/core/ddsi/src/q_receive.c
View file

@ -206,19 +206,6 @@ static int valid_InfoTS (InfoTS_t *msg, size_t size, int byteswap)
}
}
static int valid_PT_InfoContainer (PT_InfoContainer_t *msg, size_t size, int byteswap)
{
if (size < sizeof (PT_InfoContainer_t))
return 0;
#if 0
if (msg->smhdr.flags)
return 0;
#endif
if (byteswap)
msg->id = bswap4u (msg->id);
return 1;
}
static int valid_Heartbeat (Heartbeat_t *msg, size_t size, int byteswap)
{
if (size < sizeof (*msg))
@ -568,7 +555,7 @@ static void force_heartbeat_to_peer (struct writer *wr, const struct whc_state *
static seqno_t grow_gap_to_next_seq (const struct writer *wr, seqno_t seq)
{
seqno_t next_seq = whc_next_seq (wr->whc, seq - 1);
seqno_t seq_xmit = READ_SEQ_XMIT(wr);
seqno_t seq_xmit = writer_read_seq_xmit (wr);
if (next_seq == MAX_SEQ_NUMBER) /* no next sample */
return seq_xmit + 1;
else if (next_seq > seq_xmit) /* next is beyond last actually transmitted */
@ -849,7 +836,7 @@ static int handle_AckNack (struct receiver_state *rst, nn_etime_t tnow, const Ac
that issue; if it has, then the timing is terribly unlucky, but
a future request'll fix it. */
enqueued = 1;
seq_xmit = READ_SEQ_XMIT(wr);
seq_xmit = writer_read_seq_xmit (wr);
const bool gap_for_already_acked = vendor_is_eclipse (rst->vendor) && prd->c.xqos->durability.kind == DDS_DURABILITY_VOLATILE && seqbase <= rn->seq;
const seqno_t min_seq_to_rexmit = gap_for_already_acked ? rn->seq + 1 : 0;
for (uint32_t i = 0; i < numbits && seqbase + i <= seq_xmit && enqueued; i++)
@ -1473,7 +1460,7 @@ static int handle_NackFrag (struct receiver_state *rst, nn_etime_t tnow, const N
qxev_msg (wr->evq, m);
}
}
if (seq < READ_SEQ_XMIT(wr))
if (seq < writer_read_seq_xmit (wr))
{
/* Not everything was retransmitted yet, so force a heartbeat out
to give the reader a chance to nack the rest and make sure
@ -2474,22 +2461,6 @@ static int handle_DataFrag (struct receiver_state *rst, nn_etime_t tnow, struct
return 1;
}
#ifdef DDSI_INCLUDE_ENCRYPTION
static size_t decode_container (unsigned char *submsg, size_t len)
{
size_t result = len;
if (gv.recvSecurityCodec && len > 0)
{
if (! (q_security_plugin.decode)
(gv.recvSecurityCodec, submsg, len, &result /* in/out, decrements the length*/))
{
result = 0;
}
}
return result;
}
#endif /* DDSI_INCLUDE_ENCRYPTION */
static void malformed_packet_received_nosubmsg (const struct q_globals *gv, const unsigned char * msg, ssize_t len, const char *state, nn_vendorid_t vendorid
)
{
@ -2829,41 +2800,6 @@ static int handle_submsg_sequence
ts_for_latmeas = 0;
}
break;
case SMID_PT_INFO_CONTAINER:
if (vendor_is_eclipse_or_prismtech (rst->vendor))
{
state = "parse:pt_info_container";
GVTRACE ("PT_INFO_CONTAINER(");
if (!valid_PT_InfoContainer (&sm->pt_infocontainer, submsg_size, byteswap))
goto malformed;
switch (sm->pt_infocontainer.id)
{
case PTINFO_ID_ENCRYPT:
#ifdef DDSI_INCLUDE_ENCRYPTION
if (q_security_plugin.decode)
{
/* we have: msg .. submsg .. submsg+submsg_size-1 submsg .. msg+len-1
our container: data starts immediately following the pt_infocontainer */
const size_t len1 = submsg_size - sizeof (PT_InfoContainer_t);
unsigned char * const submsg1 = submsg + sizeof (PT_InfoContainer_t);
size_t len2 = decode_container (submsg1, len1);
if ( len2 != 0 ) {
TRACE ((")\n"));
thread_state_asleep (ts1);
if (handle_submsg_sequence (conn, srcloc, tnowWC, tnowE, src_prefix, dst_prefix, msg, (size_t) (submsg1 - msg) + len2, submsg1, rmsg) < 0)
goto malformed_asleep;
thread_state_awake (ts1);
}
TRACE (("PT_INFO_CONTAINER END"));
}
#endif /* DDSI_INCLUDE_ENCRYPTION */
break;
default:
GVTRACE ("(unknown id %"PRIu32"?)\n", sm->pt_infocontainer.id);
}
}
break;
case SMID_PT_MSG_LEN:
{
#if 0

1743
src/core/ddsi/src/q_security.c
View file

File diff suppressed because it is too large Load diff

5
src/core/ddsi/src/q_thread.c
View file

@ -251,10 +251,7 @@ static struct thread_state1 *init_thread_state (const char *tname, const struct
ts = &thread_states.ts[cand];
ddsrt_atomic_stvoidp (&ts->gv, (struct q_globals *) gv);
assert (vtime_asleep_p (ddsrt_atomic_ld32 (&ts->vtime)));
DDSRT_WARNING_MSVC_OFF(4996);
strncpy (ts->name, tname, sizeof (ts->name));
DDSRT_WARNING_MSVC_ON(4996);
ts->name[sizeof (ts->name) - 1] = 0;
ddsrt_strlcpy (ts->name, tname, sizeof (ts->name));
ts->state = state;
return ts;

6
src/core/ddsi/src/q_transmit.c
View file

@ -307,7 +307,7 @@ struct nn_xmsg *writer_hbcontrol_piggyback (struct writer *wr, const struct whc_
(hbc->tsched.v == T_NEVER) ? INFINITY : (double) (hbc->tsched.v - tnow.v) / 1e9,
ddsrt_avl_is_empty (&wr->readers) ? -1 : root_rdmatch (wr)->min_seq,
ddsrt_avl_is_empty (&wr->readers) || root_rdmatch (wr)->all_have_replied_to_hb ? "" : "!",
whcst->max_seq, READ_SEQ_XMIT(wr));
whcst->max_seq, writer_read_seq_xmit (wr));
}
return msg;
@ -354,7 +354,7 @@ void add_Heartbeat (struct nn_xmsg *msg, struct writer *wr, const struct whc_sta
seqno_t seq_xmit;
min = whcst->min_seq;
max = wr->seq;
seq_xmit = READ_SEQ_XMIT(wr);
seq_xmit = writer_read_seq_xmit (wr);
assert (min <= max);
/* Informing readers of samples that haven't even been transmitted makes little sense,
but for transient-local data, we let the first heartbeat determine the time at which
@ -1125,7 +1125,7 @@ static int write_sample_eot (struct thread_state1 * const ts1, struct nn_xpack *
(Note that no network destination is very nearly the same as no
matching proxy readers. The exception is the SPDP writer.) */
UPDATE_SEQ_XMIT_LOCKED (wr, seq);
writer_update_seq_xmit (wr, seq);
ddsrt_mutex_unlock (&wr->e.lock);
if (plist != NULL)
{

2
src/core/ddsi/src/q_xevent.c
View file

@ -622,7 +622,7 @@ static void handle_xevk_heartbeat (struct nn_xpack *xp, struct xevent *ev, nn_mt
(t_next.v == T_NEVER) ? INFINITY : (double)(t_next.v - tnow.v) / 1e9,
ddsrt_avl_is_empty (&wr->readers) ? (seqno_t) -1 : ((struct wr_prd_match *) ddsrt_avl_root_non_empty (&wr_readers_treedef, &wr->readers))->min_seq,
ddsrt_avl_is_empty (&wr->readers) || ((struct wr_prd_match *) ddsrt_avl_root_non_empty (&wr_readers_treedef, &wr->readers))->all_have_replied_to_hb ? "" : "!",
whcst.max_seq, READ_SEQ_XMIT(wr));
whcst.max_seq, writer_read_seq_xmit (wr));
resched_xevent_if_earlier (ev, t_next);
wr->hbcontrol.tsched = t_next;
ddsrt_mutex_unlock (&wr->e.lock);

83
src/core/ddsi/src/q_xmsg.c
View file

@ -223,13 +223,6 @@ struct nn_xpack
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
uint32_t encoderId;
#endif /* DDSI_INCLUDE_NETWORK_PARTITIONS */
#ifdef DDSI_INCLUDE_ENCRYPTION
/* each partion is associated with a SecurityPolicy, this codecset will serve */
/* all of them, different cipher for each partition */
q_securityEncoderSet codec;
PT_InfoContainer_t SecurityHeader;
#endif /* DDSI_INCLUDE_ENCRYPTION */
};
static size_t align4u (size_t x)
@ -868,7 +861,7 @@ static void nn_xmsg_chain_release (struct q_globals *gv, struct nn_xmsg_chain *c
assert (m->kindspecific.data.wrseq != 0);
wrguid = m->kindspecific.data.wrguid;
if ((wr = ephash_lookup_writer_guid (gv->guid_hash, &m->kindspecific.data.wrguid)) != NULL)
UPDATE_SEQ_XMIT_UNLOCKED(wr, m->kindspecific.data.wrseq);
writer_update_seq_xmit (wr, m->kindspecific.data.wrseq);
}
}
@ -1001,16 +994,6 @@ struct nn_xpack * nn_xpack_new (ddsi_tran_conn_t conn, uint32_t bw_limit, bool a
if (xp->gv->thread_pool)
ddsi_sem_init (&xp->sem, 0);
#ifdef DDSI_INCLUDE_ENCRYPTION
if (q_security_plugin.new_encoder)
{
xp->codec = (q_security_plugin.new_encoder) ();
xp->SecurityHeader.smhdr.submessageId = SMID_PT_INFO_CONTAINER;
xp->SecurityHeader.smhdr.flags = (DDSRT_LITTLE_ENDIAN ? SMFLAG_ENDIANNESS : 0);
xp->SecurityHeader.smhdr.octetsToNextHeader = 4;
xp->SecurityHeader.id = PTINFO_ID_ENCRYPT;
}
#endif
#ifdef DDSI_INCLUDE_BANDWIDTH_LIMITING
nn_bw_limit_init (&xp->limiter, bw_limit);
#else
@ -1023,12 +1006,6 @@ void nn_xpack_free (struct nn_xpack *xp)
{
assert (xp->niov == 0);
assert (xp->included_msgs.latest == NULL);
#ifdef DDSI_INCLUDE_ENCRYPTION
if (q_security_plugin.free_encoder)
{
(q_security_plugin.free_encoder) (xp->codec);
}
#endif
if (xp->gv->thread_pool)
ddsi_sem_destroy (&xp->sem);
ddsrt_free (xp->iov);
@ -1059,34 +1036,23 @@ static ssize_t nn_xpack_send1 (const nn_locator_t *loc, void * varg)
}
}
#ifdef DDSI_INCLUDE_ENCRYPTION
if (q_security_plugin.send_encoded && xp->encoderId != 0 && (q_security_plugin.encoder_type) (xp->codec, xp->encoderId) != Q_CIPHER_NONE)
if (!gv->mute)
{
struct iovec iov[NN_XMSG_MAX_MESSAGE_IOVECS];
memcpy (iov, xp->iov, sizeof (iov));
nbytes = (q_security_plugin.send_encoded) (xp->conn, loc, xp->niov, iov, &xp->codec, xp->encoderId, xp->call_flags);
nbytes = ddsi_conn_write (xp->conn, loc, xp->niov, xp->iov, xp->call_flags);
#ifndef NDEBUG
{
size_t i, len;
for (i = 0, len = 0; i < xp->niov; i++) {
len += xp->iov[i].iov_len;
}
assert (nbytes == -1 || (size_t) nbytes == len);
}
#endif
}
else
#endif
{
if (!gv->mute)
{
nbytes = ddsi_conn_write (xp->conn, loc, xp->niov, xp->iov, xp->call_flags);
#ifndef NDEBUG
{
size_t i, len;
for (i = 0, len = 0; i < xp->niov; i++) {
len += xp->iov[i].iov_len;
}
assert (nbytes == -1 || (size_t) nbytes == len);
}
#endif
}
else
{
GVTRACE ("(dropped)");
nbytes = (ssize_t) xp->msg_len.length;
}
GVTRACE ("(dropped)");
nbytes = (ssize_t) xp->msg_len.length;
}
/* Clear call flags, as used on a per call basis */
@ -1352,16 +1318,6 @@ static int nn_xpack_mayaddmsg (const struct nn_xpack *xp, const struct nn_xmsg *
payload_size = m->refd_payload ? (unsigned) m->refd_payload_iov.iov_len : 0;
#ifdef DDSI_INCLUDE_ENCRYPTION
if (xp->encoderId)
{
unsigned security_header;
security_header = (q_security_plugin.header_size) (xp->codec, xp->encoderId);
assert (security_header < max_msg_size);
max_msg_size -= security_header;
}
#endif
/* Check if max message size exceeded */
if (xp->msg_len.length + m->sz + payload_size > max_msg_size)
@ -1477,17 +1433,6 @@ int nn_xpack_addmsg (struct nn_xpack *xp, struct nn_xmsg *m, const uint32_t flag
#ifdef DDSI_INCLUDE_NETWORK_PARTITIONS
xp->encoderId = m->encoderid;
#endif
#ifdef DDSI_INCLUDE_ENCRYPTION
if (xp->encoderId > 0 && (q_security_plugin.encoder_type) (xp->codec, xp->encoderId) != Q_CIPHER_NONE)
{
/* Insert a reference to the security header
the correct size will be set upon encryption in q_xpack_sendmsg_encoded */
xp->iov[niov].iov_base = (void*) &xp->SecurityHeader;
xp->iov[niov].iov_len = sizeof (xp->SecurityHeader);
sz += xp->iov[niov].iov_len;
niov++;
}
#endif
xp->last_src = &xp->hdr.guid_prefix;
xp->last_dst = NULL;