Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

20231026-lwip-tweaks-and-fixes #58

Merged
merged 5 commits into from
Nov 13, 2023
Merged

20231026-lwip-tweaks-and-fixes #58

merged 5 commits into from
Nov 13, 2023

Conversation

douzzer
Copy link
Collaborator

@douzzer douzzer commented Oct 27, 2023

Makefile: move maintainer-only clauses (release, com-bundle, doc-sync) to new file Makefile.maintenance;

Makefile.maintenance: add lwip-patch-sync clause;

src/routes.c: add error checking to meta.connection_count decrement in wolfsentry_route_event_dispatch_0();

src/lwip/packet_filter_glue.c: add action_results and interface ID to WOLFSENTRY_DEBUG_LWIP messages, and add missing gates for LWIP_IPV6 in WOLFSENTRY_DEBUG_LWIP paths;

lwip: remove improper tcp_filter_dispatch_incoming(FILT_CLOSED, ...) in ../third/lwip/src/core/tcp_in.c:tcp_process() (FILT_CLOSED should happen only when tcp_free(pcb));

regenerate lwip/LWIP_PACKET_FILTER_API.patch rebased on upstream 5e3268cf3e (Oct 14 2023);

wolfsentry/wolfsentry_settings.h: conditionalize definition of WOLFSENTRY_ENT_ID_FMT.

@douzzer
Makefile: move maintainer-only clauses (release, com-bundle, doc-sync…
bffce17 
…) to new file Makefile.maintenance;

Makefile.maintenance: add lwip-patch-sync clause;

src/routes.c: add error checking to meta.connection_count decrement in wolfsentry_route_event_dispatch_0();

src/lwip/packet_filter_glue.c: add action_results and interface ID to WOLFSENTRY_DEBUG_LWIP messages, and add missing gates for LWIP_IPV6 in WOLFSENTRY_DEBUG_LWIP paths;

lwip: remove improper tcp_filter_dispatch_incoming(FILT_CLOSED, ...) in ../third/lwip/src/core/tcp_in.c:tcp_process() (FILT_CLOSED should happen only when tcp_free(pcb));

regenerate lwip/LWIP_PACKET_FILTER_API.patch rebased on upstream 5e3268cf3e (Oct 14 2023);

wolfsentry/wolfsentry_settings.h: conditionalize definition of WOLFSENTRY_ENT_ID_FMT.
@douzzer
src/lwip/packet_filter_glue.c: add FILT_CLOSE_WAIT handling;
273e888 
in tcp_filter_with_wolfsentry(), don't set WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN for FILT_REMOTE_RESET, and fix typo "&event" in call to wolfsentry_route_event_dispatch_with_inited_result();

routes.c: in wolfsentry_route_delete_0(), warn if a route with nonzero connection_count is deleted;

wolfsentry_route_delete_1(): if the route has a nonzero connection_count, set purge_after and return DEFERRED;

wolfsentry_route_event_dispatch_0(): don't increment/decrement counts when WOLFSENTRY_ACTION_RES_FALLTHROUGH;

wolfsentry/wolfsentry.h: add WOLFSENTRY_ACTION_RES_CLOSE_WAIT;

wolfsentry/wolfsentry_errcodes.h: add WOLFSENTRY_SUCCESS_ID_DEFERRED.
@douzzer
Makefile.analyzers: bump WOLFSENTRY_MAX_CYCLES_PER_CALL_EMPTY_TABLE i…
04120f7 
…n benchmark-singlethreaded-test from 120 to 150, and in benchmark-test from 320 to 350, to tolerate jitter.

doc/json_configuration.md: update for "max-purgeable-idle-time".

lwip/LWIP_PACKET_FILTER_API.patch: clean up TCP FILT_CLOSED callbacks: tcp_filter_dispatch_*() before tcp_pcb_remove() to keep pcb->local_port intact, and pass netif as NULL forcing lookup from pcb->netif_idx, since most FILT_CLOSED events are timer-driven, not traffic-driven.

src/actions.c, src/events.c, src/kv.c, src/routes.c: remove incorrect calls to wolfsentry_table_ent_delete_by_id_1() immediately following wolfsentry_table_ent_insert() -- the former is implicit to the latter.

src/json/load_config.c: add "max-purgeable-idle-time".

wolfsentry/wolfsentry.h: bump version to 1.6.1; add macro WOLFSENTRY_ROUTE_INTERNAL_FLAGS.

src/wolfsentry_internal.h: add max_purgeable_idle_time to struct wolfsentry_route_table.

src/routes.c:

* wolfsentry_route_init_by_exports(): clear WOLFSENTRY_ROUTE_INTERNAL_FLAGS from route_exports->flags.

* wolfsentry_route_init_by_exports(): fix pointer math in memset() clause to correctly treat route_exports->private_data_size as a byte count.

* wolfsentry_route_new_by_exports(): fix check on route_exports->private_data_size.

* wolfsentry_route_insert_1(), wolfsentry_route_insert_2(), and wolfsentry_route_insert_by_exports_2: add logic to return WOLFSENTRY_SUCCESS_ID_ALREADY_OK when inserting a duplicate route when existing one has WOLFSENTRY_ROUTE_FLAG_PENDING_DELETE (which is cleared, alongside updating meta.purge_after).

* wolfsentry_route_insert_into_table(), wolfsentry_route_insert_into_table_and_check_out(), wolfsentry_route_delete_from_table(), wolfsentry_route_event_dispatch_1(), wolfsentry_route_stale_purge_1(): accept null table arg to represent wolfsentry->routes thread-safely.

* wolfsentry_route_insert_by_exports(): add implementation.

* wolfsentry_route_table_max_purgeable_idle_time_get(), wolfsentry_route_table_max_purgeable_idle_time_set(), and wolfsentry_route_purge_time_set(): add implementations.

* wolfsentry_route_delete_0(): add defer_p argument, activating logic (relocated and revised from wolfsentry_route_delete_1()) in which a deletion request for a route with nonzero connection_count sets its WOLFSENTRY_ROUTE_FLAG_PENDING_DELETE and returns WOLFSENTRY_SUCCESS_ID_DEFERRED.

src/wolfsentry_internal.c: in wolfsentry_table_ent_delete_by_id_1(), add check that ent->id is valid, and add opportunistic logic to reclaim just-allocated ID.

tests/test-config.json and tests/test-config-numeric.json: add "max-purgeable-idle-time" clauses.

tests/unittests.c: add to test_json a workout of connection_count dynamics.

doc/wolfSentry_refman.pdf: regenerate.
@lealem47
Copy link
Contributor 

lealemamedie@Lealems-MacBook-Pro wolfsentry % make lwip-patch-sync
fatal: '20230307-LWIP_PACKET_FILTER_API' is not a commit and a branch '20230307-LWIP_PACKET_FILTER_API-92570-new' cannot be created from it
make: *** [lwip-patch-sync] Error 128

@lealem47
Copy link
Contributor

lealemamedie@Lealems-MacBook-Pro wolfsentry % make lwip-patch-sync
fatal: '20230307-LWIP_PACKET_FILTER_API' is not a commit and a branch '20230307-LWIP_PACKET_FILTER_API-92570-new' cannot be created from it
make: *** [lwip-patch-sync] Error 128

Disregard. I thought it was trying to apply the lwip patches onto ../third/lwip but looks like it's trying to do the opposite and create the patches.

lealem47
lealem47 previously approved these changes Nov 13, 2023
View reviewed changes
@douzzer
src/routes.c: in wolfsentry_route_clone(), fix allocation to use WOLF…
9b85200 
…SENTRY_MEMALIGN_1() when .route_private_data_alignment is nonzero;

Makefile.analyzers: add sanitize-all-NO_POSIX_MEMALIGN-gcc; tweak notification-demo-build-test to explicitly use the master branch of wolfssl.
@douzzer douzzer requested a review from lealem47 November 13, 2023 20:50
lealem47
lealem47 approved these changes Nov 13, 2023
View reviewed changes
Copy link
Contributor

@lealem47 lealem47 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks douzzer

@lealem47 lealem47 merged commit 2555bfb into wolfSSL:master Nov 13, 2023
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lealem47 lealem47 lealem47 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@douzzer @lealem47