Commit Graph

10263 Commits

Author SHA1 Message Date
Alexander Boettcher
79506e4494 vbox5: disable xsave
some more adjustments are needed for xsave support, but this port is scheduled
to be removed. Just disable xsave for the time being to make nightly test
happy.

Issue #5314
2024-08-27 15:29:37 +02:00
Christian Helmuth
666a66e327 pc_wifi.run: spend 2M RAM for platform driver
Issue #5264
2024-08-27 15:29:37 +02:00
Josef Söntgen
2b3a2b875b wifi: fix double free during FW loading
The commit that added firmware loading via the VFS (see #4861)
introduces a double-free bug where the memory that contains the
image is freed twice, once from the callback and once from the
work function.

As alle examined drivers call 'release_firmware' from the callback
function themselves, remove the erroneous 'kfree' call from the
work function.

Issue #5264.
2024-08-27 15:29:37 +02:00
Josef Söntgen
572d406d66 sculpt_manager: remove inactive use_11n attribute
This is a follow-up commit to #4506 where the inactive 'use_11n'
attribute was already removed.

Issue #5262.
2024-08-27 15:29:37 +02:00
Josef Söntgen
978e82e893 sculpt_manager: enable updating of wifi quality
The 'update_quality_interval' instructs the wifi driver to update
the approximated link quality to the currently connected AP every
30 seconds.

Issue #5262.
2024-08-27 15:29:37 +02:00
Josef Söntgen
bc64d53a77 driver/wifi: update the connected signal quality
This commit introduces support for querying and updating the signal
quality of the established connection to the current accesspoint.

By setting the 'update_quality_interval' to a non-zero value specified
in seconds the 'state' report will be updated to incorporate the
current signal quality. It uses the same approximation as is already
in use by the scan results.

Fixes #5262.
2024-08-27 15:29:37 +02:00
Stefan Kalkowski
672179c3b8 usb: correct order of index, value in Alt_setting
Fix genodelabs/genode#5315
2024-08-27 15:29:37 +02:00
Norman Feske
89446084f3 test/nitpicker: fix interaction in non-alpha mode
Commit "gui_session,nitpicker,testnit: update coding style" broke the
user-input handling of the test when configured w/o alpha.
2024-08-27 15:29:37 +02:00
Christian Helmuth
d40f9b712e genode_c_api: do not match HID in AUDIO devices
Now, USB audio class devices become available in Sculpt, e.g., for vbox
passthrough, and are not automatically grabbed by the usb_hid class=3
policy. In the future, interface/endpoint level policies will enable
driving the HID interface only from usb_hid while a usb_audio driver
controls the rest of the device.
2024-08-27 15:29:37 +02:00
Spencer
91e81591fe Update documentation for hello_tutorial
Bring the docs up to date with the current run definition at
https://github.com/genodelabs/genode/blob/master/repos/hello_tutorial/run/hello.run
as well as changes to the imports of
https://github.com/genodelabs/genode/blob/master/repos/hello_tutorial/src/hello/server/main.cc

Fix #5291
Fix #5292
2024-08-27 15:29:37 +02:00
Christian Helmuth
e64b07d7a4 internet_checksum.run: don't use bad trafgen seeds 2024-08-27 15:29:37 +02:00
Stefan Kalkowski
e5c0d5247e simplify interactive USB HID test metric
To circumvent recurring false-positives whenever things
in the USB drivers or its environment changes, limit
the checks to the event listener itself.
2024-08-27 15:29:36 +02:00
Martin Stein
af78376627 tresor: add readme file
Fix #5311
2024-08-27 15:29:36 +02:00
Stefan Kalkowski
a7b4add27c hw: move cpu kernel object into cpu local area
Fix genodelabs/genode#5310
2024-08-27 15:29:36 +02:00
Stefan Kalkowski
9258004cc7 hw: move stack into cpu local mem area
Ref genodelabs/genode#5310
2024-08-27 15:29:36 +02:00
Stefan Kalkowski
6afe4f79a2 base: tie quota_lim_downscale template to size_t
* Always use size_t instead of template type
* Thereby we can remove 128-bit type from all architectures in base-hw

Ref genodelabs/genode#5310
2024-08-27 15:26:51 +02:00
Stefan Kalkowski
7770285aed hw: remove duplicated definition of x86 local APIC
Ref genodelabs/genode#5310
2024-08-27 15:26:51 +02:00
Josef Söntgen
6889959f59 linux-firmware: add AX200, 9560 and T430/T530
This commit adds the firmware image for the AX200 device as found
in the Tuxedo Pulse 15 Gen1, the 9560 as found in the Starlite and
the for devices found in the T430/T530.

Fixes #5282.
2024-08-27 15:26:51 +02:00
Alexander Boettcher
99667de35b nova: limit assertions during early boot
Turn some of the current assertions into warnings/error messages and
continue boot. Print the messages as soon as core_log is initialized,
so that on live/release systems (Sculpt OS) it may be inspected later on.

Related to issue #5307
2024-08-27 15:26:51 +02:00
Alexander Boettcher
eaadc6aad6 nova: support to run on e-core only SOCs
The code to group together SMT threads of one CPU and to move P-Core to
the beginning of Genode's affinity-space, did not consider to run on
SOCs with only E-Core CPUs.

Re-structure the code to support e-Core only SOCs.

Additionally, provide a fallback mapping in case of CPU id reordering problems.
Track faulty re-mapping and delay the reporting until core_log is initialized,
so that the warnings is visible to consumers, e.g. on Sculpt OS.

Related to discussion of #5304

Fixes #5307
2024-08-27 15:26:51 +02:00
Christian Helmuth
044d8bca44 dde_linux: improve handling of IRQ masking and ack
Unmasking of a pending interrupt did not lead to immediate IRQ handler
execution in all cases.

This commit also addresses some style concerns risen during the issue
discussion.

- Replace multi-boolean IRQ state by state enum
- EOI and ACK should be same in DDE context
- Unify x86 and ARM irqchip.c
- Remove Pending_irq type
- Remove dde_irq_set_wake()

Fixes #5164
2024-08-27 15:26:51 +02:00
Alexander Boettcher
56ee01bc8c vbox6: clear screen on guest triggered blanking
An invalid bitmap is exactly once set during blanking, use this as hint
to clear the GUI content. Same as done in vbox5.

Fixes #5263
2024-08-27 15:26:51 +02:00
Sebastian Sumpf
f552b26fb9 vfs_lwip: check _pcb for null in write_ready
_pcb may be zero due to shutdown or error in Tcp_socket_dir
2024-08-27 15:26:51 +02:00
Christian Helmuth
a441bdf59a lx_emul: enable SLUB allocator (pc, virt)
The use of the Linux-internal SLUB allocator is supported by lx_emul and
drivers may now decide between the Linux implementation or our emulation
of kmem_cache. Drivers for pc and virt already use SLUB, while other
drivers still use the emulation and may be adapted step-by-step incl.
the testing on the devices.

Fixes #5236
2024-08-27 15:26:51 +02:00
Alexander Boettcher
a798f70284 libc: add limited sigaltstack support
Allocate a Genode known stack via alloc_secondary_stack and register it
as alternative stack via Signal:use_alternative_stack().

The original semantic of Posix, where the caller may choose arbitary stack
pointers is currently not possible. Warn about the fact.

Issue #5305
2024-08-27 15:26:51 +02:00
Alexander Boettcher
0c5df0036c libc: support to execute signal on separate stack
With the commit LibC signals will be executed on a separate stack and
not anymore on the kernel or user stack.

Fixes #5305
2024-08-27 15:24:20 +02:00
Christian Helmuth
992b412be2 lx_emul: silently drop KEY_FN in evdev
The Fn key on keyboards should never be reported as real scancode event,
as it is just a hardware switch that changes the reported scancodes of
other keys. The behavior of Linux hid-apple.c is wrong as it on one hand
reports different scancodes for the same hard key depending on the Fn
state but sends the Fn press and release events too. Thus from now on,
we just drop KEY_FN events for all drivers as otherwise, scancodes
generated generated by Fn+key combinations would never be single-key
events on upper layers, for example KEY_FN + KEY_F12 on the Matias Apple
keyboard clone in the fixed issue.

Fixes #5288
2024-08-27 15:24:20 +02:00
Roman Iten
110a24f650 run/sntp_client: adjust run_genode_until condition
By calling run_genode_until twice, we take into account that the boot
time on some boards might long than on others, while still verifying
that the second "set_rtc" is reported within about 1min (+10s).

Fixes #5306
2024-08-27 15:24:20 +02:00
Johannes Schlatow
86848d2868 sculpt: add debug monitor to goa testbed
This also adds policies and domains to the nic router config for gdb and
vnc.

Fixes #5293
2024-08-27 15:24:20 +02:00
Christian Helmuth
62061c5596 wg_fetchurl.run: create data file early (fix linux) 2024-08-27 15:24:20 +02:00
Christian Helmuth
c0f6d9ba7e lx_emul: cache_line_size and cpufeature on arm64
Issue #5236
2024-08-27 15:24:20 +02:00
Christian Prochaska
ae8eb37ca2 qt5: QPA plugin improvements
Fixes #5285
2024-08-27 15:24:20 +02:00
Christian Prochaska
6acfe8a41e wm: forward mode change signal to viewless clients
Fixes #5284
2024-08-27 15:24:20 +02:00
Johannes Schlatow
8ef88ae084 monitor: skip wait for terminal connection
Waiting for the terminal connection (e.g. if routed to a tcp_terminal)
can cause the monitor to get stuck in the '_handle_config' method.

Fixes #5275
2024-08-27 15:24:20 +02:00
Johannes Schlatow
5bc6c9f2d0 tcp_terminal: fix destruction of Open_socket
The socket API close() must be called within a libc context. Moreover,
the socket for listening needs to be closed as well.

Fixes #5270
2024-08-27 15:24:20 +02:00
Johannes Schlatow
7b8a2e77e4 socket_fs: invalidate fd on context destruction
This prevents accesses to `Socket_fs::Context::_fd_ready_ready()` that
caused a "__cxa_pure_virtual called" error.

Fixes #5265
2024-08-27 15:24:20 +02:00
Pirmin Duss
96ef527436 Gpio::Connection accept a session label
This allows a component to access GPIOs from different banks of
an SOC.

Issue genodelabs#5273
2024-08-27 15:24:20 +02:00
Johannes Schlatow
09c40688e1 platform/pc: remove translations after Out_of_ram
Since page tables might need to be allocated during
insert_translation(), Out_of_ram or Out_of_caps exceptions might occur.
Entries that have already been added by insert_translation() must thus be
removed once one of those exceptions occurred.

Fixes #5254
2024-08-27 15:24:20 +02:00
Sebastian Sumpf
190d49527c rump: add reproducible option to newvers.sh
issue #5255
2024-07-02 12:00:11 +02:00
Sebastian Sumpf
eb656bf40c libcrypto: add support for SOURCE_DATE_EPOCH
Use SOURCE_DATE_EPOCH for build date if present.

issue #5255
2024-07-02 12:00:11 +02:00
Sebastian Sumpf
cfe27e07de themed_decorator: use TAR_OPT for archive
This commit produces a consistent tar archive.

issue #5255
2024-07-02 12:00:11 +02:00
Sebastian Sumpf
458cb25d6c qt5: use TAR_OPT for archives
This commit produces consistent tar archives.

issue #5255
2024-07-02 12:00:11 +02:00
Sebastian Sumpf
ddcfe51ef5 base/global.mk: TAR_OPT
Add TAR_OPT to global.mk that defaults to user and group 1, while
setting mtime to 0 for tar archives. This can be used in components to
produce consistent (reproducible) tar archives.

issue #5255
2024-07-02 12:00:11 +02:00
Norman Feske
943dfa10e7 base/child.h: remove exceptions from process init
This patch replaces the former Child::Process and
Child::Process::Loaded_executable classes by static functions that
return failure conditions as return values.

Issue #5245
2024-07-02 12:00:11 +02:00
Norman Feske
0288cffaee Remove exceptions from 'Parent' interface
Issue #5245
2024-07-02 12:00:11 +02:00
Norman Feske
19c13877ca Replace use of 'typedef' by 'using'
Issue #5227
2024-07-02 12:00:11 +02:00
Norman Feske
361557e1f0 base-*: omit () for lambas w/o argument
Issue #5227
2024-07-02 12:00:11 +02:00
Norman Feske
a2b0553c51 base-*: use C++20 function template syntax
Issue #5227
2024-07-02 12:00:11 +02:00
Johannes Schlatow
b5c9107465 use /depot as depot directory in debug info
By using GCC's --debug-prefix-map argument, we can make sure that debug
archives always refer to source files at /depot. With this change, GDB
can be pointed to the correct source-file location by using the `set
substitute-path /depot /path/to/local/depot`.

Fixes #5260
2024-07-02 12:00:10 +02:00
Norman Feske
d44ec53cd3 core: tie Platform_thread to Platform_pd
This patch tightens the coupling of the 'Platform_thread' objects
with their corresponding 'Platform_pd' objects by specifying the
'Platform_pd' as constructor argument, keeping the relationship
as a reference (instead of a pointer), and constraining the
lifetime of 'Platform_pd' objects to the lifetime of the PD.

It thereby clears the way to simplify the thread creation since all
PD-related information (like quota budgets) are now known at the
construction time of the 'Platform_thread'.

The return value of 'Platform_thread::start' has been removed because it
is not evaluated by 'Cpu_thread_component'.

Related to #5256
2024-07-02 11:59:16 +02:00
Alexander Boettcher
c18f7c7594 timer: remove old timer infrastructure
Fixes #5138
2024-07-02 11:59:16 +02:00
Alexander Boettcher
462718bcf0 epit: move timer to imx repository
Issue #5138
2024-07-02 11:59:16 +02:00
Stefan Kalkowski
969a0583ee qemu-usb: handle smaller isochronous packets
Fix the wrong assumption about isochronous packets being always send
with maximum EP's packet size. Instead the isochronous cache now contains
a sizes array to deal with arbitrary packet sizes.

Fix genodelabs/genode#5257
2024-07-02 11:59:16 +02:00
Stefan Kalkowski
f1f2d759af libusb: re-enable timeout setting for control urbs
Fix genodelabs/genode#5259
2024-07-02 11:59:16 +02:00
Stefan Kalkowski
73b65084e2 pin_session: add missing header
Fix genodelabs/genode#5258
2024-07-02 11:59:16 +02:00
Christian Prochaska
37e0d20bf2 qt5: adaptation to 'Genode::Region_map' changes
Issue #5245
2024-07-02 11:59:16 +02:00
Norman Feske
5a6c4d6ff2 base-hw: handle cap-slab exhaust in Thread::start
This interim solution for issue #5256 solves the problem for the
thread.run script.

Issue #5256
2024-07-02 11:59:16 +02:00
Stefan Kalkowski
d9d2a7584e base-hw: remove cortex spec directories
For consistency reasons, remove the cortex_a8, cortex_a9, and cortex_a15
spec directories. Such SPEC variables do not exist since a while.
Also rename remaining translation_table.h header to page_table.h to
stay consistent with the class names inside.

Fix genodelabs/genode#5253
2024-07-02 11:59:16 +02:00
Norman Feske
0105494223 Rework Region_map interface
- Remove exceptions
- Use 'Attr' struct for attach arguments
- Let 'attach' return 'Range' instead of 'Local_addr'
- Renamed 'Region_map::State' to 'Region_map::Fault'

Issue #5245
Fixes #5070
2024-07-02 11:59:16 +02:00
Norman Feske
d866b6b053 Remove exceptions from Cpu_session interface
The 'Thread_creation_failed' error is now reflected as
'Thread::Start_result' return value. This change also removes the
use of 'Invalid_thread' within core as this exception is an alias
of Cpu_session::Thread_creation_failed.

Issue #5245
2024-07-02 11:59:16 +02:00
Martin Stein
e7f564cd3b nic_router: use C++20 function template syntax
Fix #4534
2024-06-20 13:51:26 +02:00
Martin Stein
7d576b4f15 nic_router: re-use ARP waiters for same IP address
For each packet that got stuck with an ARP-cache miss, the router used to send
one ARP request and create one ARP waiter. However, in situations where many
packets target the same IP at one destination domain and during a short period
of time, this causes unnecessary session-quota consumption and network traffic.
This issue becomes especially pressing when taking malicious source peers,
absent destination peers, and packet batching into account.

Therefore, with this commit, the router can accumulate multiple source packets
with the same destination IP at one ARP waiter. This means, that only the first
packet with an ARP-cache for a certain IP sends an ARP request and creates an
ARP waiter. For situations where the ARP request is not answered, this
essentially rate-limits ARP requests for one IP at one destination domain
according to the lifetime of ARP waiters (default: 10s)

Ref #4534
2024-06-20 13:50:55 +02:00
Martin Stein
31a438edf6 nic_router: prevent ARP request without ARP waiter
The router used to send an ARP request for a packet before allocating the
corresponding ARP waiter. If the ARP waiter could not be allocated due to
resource exhaustion plus emergency free failed, the packet got dropped and the
router had produced unnecessary network traffic. The commit fixes this by
sending only after successful allocation.

Ref #4534
2024-06-20 13:49:53 +02:00
Martin Stein
682dedb2e1 nic_router: lower packet-batch count to 50
The previous default packet-batch count of 150 (<config
max_packets_per_signal>) was choosen with the only goal of preventing
starvation by huge amounts of packets from one session.

However, there is something else to keep in mind. A packet that is found to
require ARP sends an ARP request and becomes blocked after having consumed
resources. This means, that, in the worst case, the router used to send 150 ARP
requests and consume resources 150 times before making it even possible for the
outer world to react and cause resources to be freed.

With this additional scenario in mind, the default batch size should be
significantly lower.

Ref #4534
2024-06-20 13:49:24 +02:00
Stefan Kalkowski
e93f5fe8e0 base-hw: move imx53-specifics to imx repository
Ref genodelabs/genode#5252
2024-06-20 13:25:06 +02:00
Stefan Kalkowski
0c8abf9b50 os: move imx sd_card driver to imx repository
Ref genodelabs/genode#5252
2024-06-20 13:24:44 +02:00
Stefan Kalkowski
d1123ebe4c os: move imx8q_evk's i2c driver to imx repo
Ref genodelabs/genode#5252
2024-06-20 13:24:44 +02:00
Stefan Kalkowski
86386548c0 os: move synaptics_dsx touch driver to imx repo
Ref genodelabs/genode#5252
2024-06-20 13:24:44 +02:00
Stefan Kalkowski
6162eae9e0 os: move tz_vmm example to imx repository
Ref genodelabs/genode#5252
2024-06-20 13:24:44 +02:00
Stefan Kalkowski
5a8d149fe3 hw: move all imx7d specifics to imx repository
Ref genodelabs/genode#5252
2024-06-20 13:24:41 +02:00
Alexander Boettcher
ed522d51c8 linux: use new timer scheme
Issue #5138
2024-06-20 13:19:43 +02:00
Alexander Boettcher
32c5ef32e9 foc: use new timer scheme
Issue #5138
2024-06-20 13:19:43 +02:00
Norman Feske
299951ced5 depot: update recipe hashes 2024-06-20 12:59:00 +02:00
Christian Helmuth
65957e024d Transfer 2x16 MiB in wg_fetchurl test 2024-06-20 12:56:20 +02:00
Stefan Kalkowski
f0e9ce7422 stdcxx: add missing symbol for std::basic_fstream 2024-06-20 12:56:20 +02:00
Benjamin Lamowski
e153f44ce8 libc: handle invalid file descriptors in poll()
poll(2) needs to handle invalid file descriptors in the pollfd struct,
specifically -1 as it may be used to disable entries in the fds[] array.

Fix a possible nullptr dereference by checking the File_descriptor
pointer returned by find_by_libc_fd() for validity and skip processing
of any unresolved FDs, effectively implementing standard POSIX
semantics.

Fixes #5249
2024-06-20 12:56:20 +02:00
Christian Helmuth
9d42890fbf fetchurl: remove Genode:: prefixing 2024-06-20 12:56:20 +02:00
Christian Helmuth
258c06df03 virt/lx_emul: init boot_cpu_data on x86
Values are used by arch/x86/lib/delay.c and slub allocator.

Issue #5236
2024-06-20 12:56:20 +02:00
Norman Feske
14d3c4cb5e Remove Cpu_session::State_access_failed exception
This patch removes the exception formerly thrown by 'Cpu_thread::state'
and turns the 'Thread_state' structure into a plain compound type w/o a
constructor.

Issue #5245
Fixes #5250
2024-06-20 12:56:20 +02:00
Johannes Schlatow
16b863fc6e tool/run: use xmlcatalog for xsd file paths
With libxml2 >= 2.13, the `-path` argument can no longer be used for
setting search paths for xsd files. Instead, we use an XML catalog to
replace genode:// URIs with absolute paths.

Fixes #5248
2024-06-20 12:56:20 +02:00
Norman Feske
5181d08d05 Remove exceptions from Rm_session interface
Issue #5245
2024-06-20 12:56:20 +02:00
Norman Feske
0d7d60a1f4 Remove exceptions from Pd_session interface
This patch replaces exceptions of the PD session RPC interface with
result types.
The change of the quota-transfer RPC functions required the adaptation
of base/quota_transfer.h and base/child.h.
The 'alloc_signal_source' method has been renamed to 'signal_source'
to avoid an exceedingly long name of the corresponding result type.
The Pd_session::map function takes a 'Virt_range' instead of basic-type
arguments.
The 'Signal_source_capability' alias for 'Capability<Signal_source>' has
been removed.

Issue #5245
2024-06-20 12:56:19 +02:00
Alexander Boettcher
08066269ba fiasco: update to new timer scheme
Issue #5138
2024-06-20 12:56:19 +02:00
Martin Stein
a450110b97 run/nic_router_uplinks: use test component
So far, this test used dynamic_rom for the re-configuration of the nic router
and tested for the expected ping results by inspecting the log with the run
tool. However, this approach had two issues:

* Timing differs significantly on different targets and so the dynamic_rom had
  the difficult task of compensating with heuristics without bloating the test
  duration too much.

* In case of a failing test, it was difficult to determine the cause as the
  test kept running and produced output for quite some time and there was also
  no specific error message but only a generic timeout.

These two issues are now fixed by introducing a test component that listens to
the ping-result report and manages the nic router configuration. The new
component exits early on failure and provides information on the error
circumstances. Furthermore, the component advances to the next test step only
after having seen the expected result of the active test step and thereby
removes the need for heuristics about target timing.

Fixes #5192
2024-06-20 12:56:19 +02:00
Martin Stein
a935a733ab ping: support reporting results
This feature simplifies automated testing. It was added to enable the creation
of the test/nic_router_uplink component.

Ref #5192
2024-06-20 12:56:19 +02:00
Norman Feske
24342db476 base/signal.h: remove pointers from API
This patch updates the signal API to avoid raw pointers, and
replaces the Context_already_in_use and Context_not_associated
exceptions by diagnostic messages.

Fixes #5247
2024-06-20 12:56:19 +02:00
Norman Feske
dcddeccccc app/acpi_event: update coding style
Remove exceptions, replace pointer lookup by with_ pattern,
use Xml_node::attribute_value, constness, naming of signal handlers

Issue #5245
2024-06-20 12:56:19 +02:00
Norman Feske
8a0689d832 Remove Pd_session::Invalid_signal_source exception
While changing 'Pd_session::alloc_context', this patch also tightens the
type of the imprint argument.

Issue #5245
2024-06-20 12:56:19 +02:00
Norman Feske
a52c2ce141 Remove exceptions from TRACE session interface
- Use attempt pattern for error handling
- Replace lookup of pointers by with_ pattern
- Remove virtual Trace::Session methods
- Merge client.h into connection.h
- Update coding style of test/trace

Issue #5245
2024-06-20 12:56:19 +02:00
Norman Feske
7de2f57ef2 Remove Xml_node::attribute accessors
This patch removes the two 'Xml_node::attribute' accessors along with
the 'Nonexistent_attribute' exception.

Issue #5245
Fixes #5246
2024-06-20 12:56:19 +02:00
Martin Stein
84bbde2879 nic_router: fix interface-local quota reporting
The router used to ignore the value of the <report quota=".."/> attribute when
it came to determining whether an interface's report is empty or not.
Therefore, merely configuring <report quota="yes"/> didn't cause interfaces
(and their quota) to show up in the report. Instead, interface quota was
reported as side effect of <report stats="yes"/>. The commit fixes this
inconsistency with the README.
2024-06-20 12:56:19 +02:00
Martin Stein
09b3fa389d nic_router: destroy timed out ARP waiters
The only object that is dynamically allocated by a network interface and that
was not equipped with a self-destruct timeout was the ARP waiter. This commit
closes this gap by adding a timeout to each ARP waiter that is set to 10
seconds by default but can be configured via the new <config> attribute
'arp_request_timeout_sec'.

Ref #4729
2024-06-20 12:56:19 +02:00
Martin Stein
20371d0445 nic_router: drop closed tcp links immediately
RFCs recommend to keep TCP connections for a certain time even after they
finished a close handshake, AFAIK, in order to be able to recognize astray
packets when they arrive later. This seems overambitious especially when in
the context of the router where session quota is pretty limited. Therefore,
this commit drops this final timeout and drops closed connections immediately.

Ref #4729
2024-06-20 12:56:19 +02:00
Martin Stein
58726a6707 nic_router: lower non-open tcp timeout to 30 sec
The previous value of 60 seconds was never observed in real-time scenarios and
UDP, for instance always used a timeout of 30 seconds without causing issues.
Note that this applies only to TCP connections in a state other than
ESTABLISHED, i.e., while it is still safe to early-drop the connection.

Ref #4729
2024-06-20 12:56:19 +02:00
Martin Stein
0a33168733 nic_router: mark tcp open only with full handshake
The TCP connection state "ESTABLISHED" (in the router "OPEN") is a privileged
one for peers because it lasts very long without any peer interaction (in the
NIC router it's only 10 minutes, but RFCs recommend not less than 2 hours and
4 minutes). Furthermore, TCP connections in this state are normally not
available for early-drop on resource exhaustion. This means that this state
binds resources to a connection potentially for a long time without the option
of regaining them under stress. Therefore, this state should be entered with
care.

Up to now, the router marked a TCP connection with this state as soon as it had
seen one matching packet in both directions, which is rather quick. However,
implementing a very precise tracking of the exact TCP states of both peers and
only marking the connection "ESTABLISHED" when both peers are "ESTABLISHED" is
a difficult task with lots of corner cases.

That said, this commit implements a compromise. The router now has two flags
for each peer of a TCP connection - FIN sent and FIN acked - and sets them
according to the observed TCP flags. The "ESTABLISHED" state is entered only
when FIN acked is set for both peers (without having observed an RST or FIN
flag meanwhile).

Ref #4729
2024-06-20 12:56:19 +02:00
Martin Stein
93c3f6371b nic_router: remove reference utilities
The Reference and Const_reference utility were introduced in order to express
that something is a reference (no null value) but can be changed dynamically
(not possible with built-in C++ references). However, the idea of preventing
every possibility for null pointer faults, with which the router was built
initially, has not prevailed and using pointers instead of the utility saves
logic and makes the code more readable to other C++ developers.

Ref #4729
2024-06-20 12:55:47 +02:00
Martin Stein
f7f171e457 nic_router: fix leak on domain deinit
The deinitialization method of Domain used to rely on Domain::with_dhcp_server
in order to dissolve and destroy a present DHCP server. However, this method
skipped calling its functor argument also when there was a DHCP server but an
invalid one. This commt replaces the with_dhcp_server with a pointer null-check
in order to fix the leak.

Ref #4729
2024-06-20 12:54:31 +02:00
Martin Stein
c96150bc70 nic_router: smarter emergency free on exhaustion
Re-implements an emergency freeing of resources on exhaustion of session quota.
In contrast to the past one, the new algorithm is executed directly where the
exhaustion occurs. Instead of interupting the packet handling and restart it
from the beginning after the freeing action, packet handling is now continued
at the point of exhaustion (if enough resources could be freed). Furthermore,
the new algorithm frees only 100 objects (instead of 1024) at a max as we found
this to better match real-life observations. And finally, the router now drops
ICMP first, then UDP, then TCP - as this better reflects priorities - and
refrains from dropping TCP connections in the ESTABLISHED state. If the router
cannot free a sufficient amount of resources, the packet that caused the
exhaustion is dropped with a warning (verbose_packet_drop="yes").

Ref #4729
2024-06-20 12:54:31 +02:00
Martin Stein
ac42ade48c nic_router: remove use of exception handling
Remove the use of C++ exception as much as possible from the router as C++
exception handling can be resource intensive and can make code hard to
understand.

This also removes the garbage collection that the router used to do when a
session ran out of quota. This is motivated by the fact that the garbage
collection was rather simple and removed connection states regardless of their
current state, thereby causing broken connections. The change is part of this
commit as the approach to integrating garbage collection relied strongly on
exception handling.

The user story behind removing garbage collection: The router emergency-dropped
an established TCP connection (with NAPT) and on the next matching packet
re-created it with a different NAPT port, thereby breaking the connection. With
this commit, existing connections are prioritized over new ones during resource
exhaustion and the packets that attempt to create a new connection in such a
state are dropped with a warning in the log (verbose_packet_drop="yes").

Note that the state resolves itself with time as existing connections time out
or are closed by peers.

Ref #4729
2024-06-20 12:54:31 +02:00
Martin Stein
0faec6afaa net/port.h: default constructor
Adds default constructor to Net::Port that initializes the value to 0. This
allows for using Net::Port with the Genode::Attempt utility.

Ref #4729
2024-06-20 12:54:30 +02:00