Reversed the decryption order:
1. If link exists with session_ready, try normal decryption first
2. If normal decryption succeeds, process packet normally (goto process_decrypted)
3. If normal decryption fails OR no link OR no session, try INIT decryption
4. If INIT succeeds, create new server-side connection and link
This is more efficient because:
- Most packets are regular data (use normal decryption)
- INIT packets are rare (only during connection setup)
- Works correctly for both standard client-server and mesh topologies
All 23 tests now pass.
When receiving packets on client links, try INIT decryption first.
If it fails (e.g., for INIT_RESPONSE packets), fallback to normal
decryption using the existing link's crypto context.
This fixes mesh topology where both nodes send INIT simultaneously,
while maintaining compatibility with standard client-server mode where
client links receive INIT_RESPONSE packets.
Changes:
- If link==NULL OR link is client (is_server==0), try INIT decryption
- On any INIT decryption error, if we have an existing link, goto normal_decrypt
- Added normal_decrypt label before standard packet processing
- This allows handling both incoming INIT (create server link) and
incoming responses (use existing client link) correctly
When receiving an INIT packet, the code was looking up existing links by
address. However, in a mesh topology where each node has both client and
server connections to peers, a client link created during initialization
would be found when receiving an incoming INIT packet from that peer.
This caused the code to try decrypting the INIT packet using the client
link's crypto context, which failed because the session keys weren't
properly established yet.
The fix checks if the found link is a client link (is_server==0) and if
so, treats the packet as a new INIT connection that needs to create a
server-side link instead.
Changed condition from:
if (link==NULL)
to:
if (link==NULL || link->is_server==0)
- Создана общая функция instance_init_common() для инициализации instance
- Упрощены utun_instance_create() и utun_instance_create_from_config()
- Удалено ~90 строк дублирующегося кода
- Обе функции теперь используют общую логику инициализации
- Добавлена опция tun_test_mode в конфиг для работы без реального TUN устройства
- Добавлены функции для работы с очередями TUN в тестовом режиме
- Добавлен API для программного создания instance из структуры конфига
- Создан тест test_routing_mesh.c с 3-instance mesh топологией
- Ключи генерируются автоматически и распределяются между instance
- Add * to Wintun function pointer declarations (wintun.h defines types as functions)
- Use (void *) cast in GetProcAddress to avoid errors
- All 22 tests pass on Linux
- Fix function pointer declarations in tun_windows.c (removed broken macro)
- Use explicit GetProcAddress calls for each Wintun function
- Remove invalid fields from MIB_IPINTERFACE_ROW (PromiscuousMode, DadState, etc.)
- Add #ifndef _WIN32 around IF_NAMESIZE/if_indextoname in etcp_connections.c
- All 22 tests pass on Linux
- Wrap net/if.h include in #ifndef _WIN32 in etcp_connections.c
- Add forward declarations for ROUTE_TABLE and ROUTE_ENTRY in route_lib.h
- All 22 tests pass on Linux
- Wrap POSIX headers (netdb.h, ifaddrs.h, net/if.h) in #ifndef _WIN32 in config_parser.c
- Add Windows stub for get_netif_index() - returns 0 (no interface binding)
- Wrap daemonize() function for Windows - returns 0 (no fork/setsid support)
- Replace setlinebuf() with setvbuf() for Windows compatibility
- Wrap SIGHUP signal handler in #ifndef _WIN32
- Add explicit poll() declaration for Windows in platform_compat.h
- All 22 tests pass on Linux
- Add sa_family_t typedef for Windows in platform_compat.h
- Add forward declaration of struct ll_queue in ll_queue.h to fix warnings
- Replace arpa/inet.h includes with platform_compat.h in:
tun_linux.c, etcp_connections.c, route_lib.c, route_bgp.c,
utun_instance.c, routing.c, utun.c, packet_dump.h, config_parser.c
- All 22 tests pass on Linux
- Replace sys/socket.h with platform_compat.h in config_parser.h
- Add #include <poll.h> for Windows in platform_compat.h
- Fix localtime() type mismatch: cast tv.tv_sec to time_t
- All 22 tests pass on Linux
- Split TUN implementation into platform-specific files:
- tun_if.c: Common code (queues, callbacks, statistics)
- tun_linux.c: Linux TUN/TAP implementation (/dev/net/tun + ioctl)
- tun_windows.c: Windows Wintun implementation (wintun.dll + IP Helper)
- Update tun_if.h with platform abstraction layer:
- tun_platform_init/cleanup/read/write/get_poll_fd
- Platform handles: fd (Linux), WINTUN handles (Windows)
- Windows implementation features:
- Dynamic loading of wintun.dll with graceful error handling
- IP Helper API for IP address and MTU configuration
- HANDLE-based uasync integration
- Clear error message if wintun.dll is not found
- Update build system:
- configure.ac: Detect Windows (mingw/msys/cygwin)
- src/Makefile.am: Conditional compilation of tun_linux/tun_windows
- tests/Makefile.am: Link platform-specific TUN objects
- Add wintun.dll and wintun.h to lib/ directory
- All 22 tests pass on Linux
- Ready for MSYS2 UCRT64 Windows build
- Add socket_compat.h/c with platform abstraction for POSIX/Windows
- socket_t typedef: int on POSIX, SOCKET on Windows
- Add socket_platform_init/cleanup for WSAStartup on Windows
- Add socket operations: create_udp, sendto, recvfrom, set_nonblocking
- Add socket options: set_buffers, set_reuseaddr, set_mark (Linux), bind_to_device (Linux)
- Update u_async: add socket_t support with uasync_add_socket_t/remove_socket_t
- Update ETCP: use socket_t and socket_compat functions
- Add DEBUG_CATEGORY_SOCKET for socket debugging
- All 22 tests pass on Linux
- MSYS2 UCRT64 compatible
- Add ROUTE_BGP_CONN_ITEM structure for connection list management
- Modify route_bgp_new_conn() to add connections to senders_list
- Create route_bgp_remove_conn() for cleanup on connection close
- Add route_change_callback typedef and fields to ROUTE_TABLE
- Implement route_bgp_on_route_change() to broadcast updates
- Modify route_table_insert() to call callback on insert/update
- Modify route_table_delete_entry() to call callback on delete
- Add route_bgp_remove_conn() call in etcp_connection_close()
- Fix test: remove duplicate init_connections() calls
Features:
- Connections tracked in senders_list (ll_queue)
- Route changes broadcast to all connections
- Withdraw messages sent on connection close
- No port binding conflicts in tests
All changes working correctly - BGP route exchange functional in both directions
- Add route_bgp.c/h with BGP-like route exchange functionality
- Implement route_bgp_init/destroy for module lifecycle
- Add route_bgp_new_conn to send routing table on connection
- Implement route_bgp_receive_cbk for processing incoming routes
- Add route_table_delete_entry for individual route removal
- Extend ROUTE_ENTRY with endpoint_ip, endpoint_port, destination_node_id
- Add DEBUG_CATEGORY_BGP to debug_config.h
- Integrate BGP initialization into utun_instance_create
- Call route_bgp_new_conn from etcp_connections on link init
- Create integration test test_bgp_route_exchange.c
- Add route_bgp_delete_entry tests to test_route_lib.c
- Update Makefiles to include new module
Route exchange tested and working in both directions (client-server)
- Add peer_ipv4 (4 bytes) and peer_port (2 bytes) to INIT_RESPONSE packet
- Server now returns client's external IP:port in handshake response
- Client parses and stores NAT address in ETCP_LINK structure
- Track NAT address changes with nat_changes_count counter
- Track NAT address matches with nat_hits_count counter
- Legacy protocol support: detect old format without NAT info
- Add DEBUG logging for NAT address initialization/changes/hits
This allows clients behind NAT to discover their external address
during the ETCP handshake process.
All 21 tests pass successfully.
- Changed routing_pkt_from_etcp_cb to new signature for etcp_bind
- Register callback via etcp_bind(instance, 0, callback) in routing_create
- Implement full routing in routing_pkt_from_tun_cb using route_table_lookup
- Send packets to ETCP via etcp_send with ID prefix (0x00)
- routing_add_conn/routing_del_conn now deprecated (no-op)
- Added etcp_unbind in routing_destroy for cleanup
Changed from global bindings to per-instance bindings:
1. Added struct ETCP_BINDINGS in etcp_api.h:
- Contains array of callbacks[ETCP_MAX_BINDINGS]
- NULL means not bound
2. Updated UTUN_INSTANCE (utun_instance.h):
- Added field: struct ETCP_BINDINGS api_bindings
- Initialized to NULL by calloc in utun_instance_create
3. Updated API functions (etcp_api.h/c):
- etcp_bind(inst, id, callback) - per-instance binding
- etcp_unbind(inst, id) - per-instance unbinding
- Removed etcp_api_init/etcp_api_deinit (not needed)
- etcp_int_recv now uses conn->instance->api_bindings.callbacks[id]
4. Updated test_etcp_api.c:
- Separate callbacks for server and client
- Register via etcp_bind(server_instance, ...) and etcp_bind(client_instance, ...)
- Removed global etcp_api_init/etcp_api_deinit calls
Test passes: All 100 packets transmitted in each direction.
- Build in build/ directory instead of source tree
- Main binary (utun) copied to project root
- Tests run from build/tests/ with config files copied there
- Test output redirected to build/tests/logs/*.log files
- Console shows only [PASS]/[FAIL]/[SKIP] status
- Incremental build works correctly
- make check runs all tests with summary
Changes:
- New root Makefile as wrapper for out-of-tree build
- Updated Makefile.am files for lib, src, tests
- Added tinycrypt-objects target for test dependencies
- Tests no longer clutter project root
The pn_init() function now sets up etcp_int_recv as callback for pn->output.
Tests that manually poll pn->output need to reset this callback to NULL.
Changes:
- test_pkt_normalizer_etcp.c: Reset callback after pn_init() for client and server
- test_pkt_normalizer_standalone.c: Reset callback after pn_init()
This allows tests to manually poll output queue without conflicting
with the automatic callback mechanism.
Test Results: All 19 tests PASS
Restored queue_set_callback(etcp->output_queue, pn_unpacker_cb, pn)
which was incorrectly replaced in the previous commit.
The etcp_recv callback should be set up separately by the API user,
not by replacing the internal pkt_normalizer callback.
Test Results: All 19 tests PASS
Implemented:
- etcp_send(conn, entry) - отправляет пакет в очередь normalizer
- etcp_bind(id, callback) - подписка на пакеты с определенным ID
- etcp_unbind(id) - отписка от пакетов
- etcp_recv(queue, arg) - коллбэк для маршрутизации пакетов по ID
- etcp_api_init/deinit - инициализация API
Integration:
- pn_init() теперь устанавливает etcp_recv как callback для pn->output
- Добавлены etcp_api.c/h в src/Makefile.am
- Добавлен etcp_api.o в тестовые зависимости
API использует первый байт кодограммы (cmd) как ID для маршрутизации.
ID=0 используется как default handler если нет специфичного binding.
- Fixed race condition: routing_add_conn called before etcp->normalizer was assigned
- Moved routing_add_conn from pn_init to etcp_connection_create after normalizer init
- Added routing.h include to etcp.c
- Fixed tests: disable routing callback on output_queue to keep packets for test verification
All 19 tests now pass.
- New struct tun_if with internal queue for incoming packets
- Single tun_init() does everything: create TUN, set MTU=1500, up, register in uasync
- tun_write() for outgoing packets
- tun_close() cleans up everything including queue
- Removed: tun_create, tun_set_ip, tun_set_up, tun_set_mtu, tun_read, tun_get_config
- Removed: utun_instance_register/unregister_sockets (now internal)
- Updated utun_instance to use new tun_if* pointer
- Updated test_etcp_two_instances for new API
- Add --with-openssl configure option (default: enabled)
- Update src/Makefile.am for conditional TinyCrypt compilation
- Update tests/Makefile.am for conditional test linking
- Add config.h include to secure_channel.c for USE_OPENSSL macro
- All 19 tests pass with both OpenSSL and TinyCrypt
- Removed usleep(5000) from all test event loops
- Changed to use single shared uasync for server and client instances
- Removed uasync_destroy from utun_instance_destroy to prevent double-free
- Added explicit uasync_destroy calls in all tests and main program
- Fixed segfault in test_pkt_normalizer_etcp and test_etcp_100_packets
- Added DEBUG_TRACE to all functions in etcp.c and etcp_connections.c
Tests now run without artificial delays and complete successfully.
- Add log_name[16] field to ETCP_CONN structure for connection identification
- Add etcp_update_log_name() function to update identifier when peer_node_id is known
- Update all DEBUG_* calls in etcp.c and etcp_loadbalancer.c to include log_name prefix
- Add DEBUG_CATEGORY_NORMALIZER for packet normalizer debug output
- Change log timestamp format to [hh:mm:ss-mmm.uuu] with microseconds precision
- Reorder debug output: (file:line) function() [log_name] message
- Remove duplicate function names from log messages
- Clean up backup files from pkt_normalizer development
- Add etcp_find_free_local_link_id() function to allocate unique link IDs
- Modify etcp_link_new() to auto-assign local_link_id, fail if none available
- Update INIT_REQUEST (0x02/0x04) to send local_link_id after keepalive
- Update INIT_RESPONSE (0x03/0x05) to include local_link_id
- Parse remote_link_id from incoming handshake packets
- Update protocol documentation in doc/etcp_protocol.txt
- Add comprehensive unit test test_etcp_link_id.c
New packet format:
INIT_REQUEST: [code][node_id(8)][mtu(2)][keepalive(2)][link_id(1)][pubkey(64)]
INIT_RESPONSE: [code][node_id(8)][mtu(2)][link_id(1)]
- Changed tx_wait_time from 100ms to 1ms for faster packet delivery
- Small packets now coalesce in buffer until:
* Buffer has less than 100 bytes remaining, or
* 1ms flush timer expires
- Large packets are split across multiple fragments as before
- All 17 tests pass
- Changed frag_size from mtu-100 to data_pool->object_size (1500 bytes)
- Added packet splitting for packets larger than fragment size
- First fragment contains [2-byte size][data], subsequent fragments contain [data]
- Unpacker correctly assembles packets from multiple fragments
- packer_cb now processes all available packets in a loop instead of one at a time
- Removed manual queue processing from test, now uses callbacks properly
- All 17 tests pass including test_pkt_normalizer_standalone with 3000-byte packets
Evgeny