Added limit to BR supplicant entries

Mika Leppänen · Mika Leppänen · commit c3a2c5cae523 · 2019-08-29T12:08:57.000+03:00
Limit is set by application (default 1000 supplicants). Added
garbage collecting of 5 supplicant entries on each critical
garbage collection call. Both operations affect only inactive
supplicant entries.
diff --git a/nanostack/ws_bbr_api.h b/nanostack/ws_bbr_api.h
@@ -120,4 +120,24 @@ int ws_bbr_node_keys_remove(int8_t interface_id, uint8_t *eui64);
  */
 int ws_bbr_node_access_revoke_start(int8_t interface_id);
 
+/**
+ * Set EAPOL node limit
+ *
+ * Border router stores EAPOL key information for each authenticated node.
+ * Sets the maximum number of EAPOL nodes stored by border router. If count
+ * of node's exceed the limit, border router deletes the node information
+ * starting from oldest node (node that has authenticated longest time
+ * ago), to make room for new nodes. When network keys are updated, nodes
+ * which have been removed from storage, must make full authentication again.
+ * Value for this parameter should be set to be more than maximum amount of
+ * nodes that are expected to be connected to border router.
+ *
+ * \param interface_id Network interface ID.
+ * \param limit Limit for nodes
+ *
+ * \return 0, Node limit set
+ * \return <0 Node limit set failed.
+ */
+int ws_bbr_eapol_node_limit_set(int8_t interface_id, uint16_t limit);
+
 #endif /* WS_BBR_API_H_ */
diff --git a/source/6LoWPAN/ws/ws_bbr_api.c b/source/6LoWPAN/ws/ws_bbr_api.c
@@ -609,7 +609,6 @@ int ws_bbr_node_keys_remove(int8_t interface_id, uint8_t *eui64)
 {
     (void) interface_id;
     (void) eui64;
-
 #ifdef HAVE_WS_BORDER_ROUTER
     return ws_pae_controller_node_keys_remove(interface_id, eui64);
 #else
@@ -620,11 +619,20 @@ int ws_bbr_node_keys_remove(int8_t interface_id, uint8_t *eui64)
 int ws_bbr_node_access_revoke_start(int8_t interface_id)
 {
     (void) interface_id;
-
 #ifdef HAVE_WS_BORDER_ROUTER
     return ws_pae_controller_node_access_revoke_start(interface_id);
 #else
     return -1;
 #endif
 }
 
+int ws_bbr_eapol_node_limit_set(int8_t interface_id, uint16_t limit)
+{
+    (void) interface_id;
+#ifdef HAVE_WS_BORDER_ROUTER
+    return ws_pae_controller_node_limit_set(interface_id, limit);
+#else
+    (void) limit;
+    return -1;
+#endif
+}
diff --git a/source/6LoWPAN/ws/ws_pae_auth.c b/source/6LoWPAN/ws/ws_pae_auth.c
@@ -63,6 +63,13 @@
    long to wait for previous negotiation to complete */
 #define EAP_TLS_NEGOTIATION_TRIGGER_TIMEOUT    60 * 10 // 60 seconds
 
+// Default for maximum number of supplicants
+#define SUPPLICANT_MAX_NUMBER                  1000
+
+/* Default for number of supplicants to purge per garbage collect call from
+   nanostack monitor */
+#define SUPPLICANT_NUMBER_TO_PURGE             5
+
 typedef struct {
     ns_list_link_t link;                                     /**< Link */
     kmp_service_t *kmp_service;                              /**< KMP service */
@@ -77,6 +84,7 @@ typedef struct {
     sec_prot_gtk_keys_t *next_gtks;                          /**< Next GTKs */
     const sec_prot_certs_t *certs;                           /**< Certificates */
     timer_settings_t *timer_settings;                        /**< Timer settings */
+    uint16_t supp_max_number;                                /**< Max number of stored supplicants */
     uint16_t slow_timer_seconds;                             /**< Slow timer seconds */
     bool timer_running : 1;                                  /**< Timer is running */
     bool gtk_new_inst_req_exp : 1;                           /**< GTK new install required timer expired */
@@ -140,6 +148,8 @@ int8_t ws_pae_auth_init(protocol_interface_info_entry_t *interface_ptr, sec_prot
     pae_auth->next_gtks = next_gtks;
     pae_auth->certs = certs;
     pae_auth->timer_settings = timer_settings;
+    pae_auth->supp_max_number = SUPPLICANT_MAX_NUMBER;
+
     pae_auth->slow_timer_seconds = 0;
     pae_auth->gtk_new_inst_req_exp = false;
     pae_auth->gtk_new_act_time_exp = false;
@@ -407,6 +417,38 @@ int8_t ws_pae_auth_node_access_revoke_start(protocol_interface_info_entry_t *int
     return 0;
 }
 
+int8_t ws_pae_auth_node_limit_set(protocol_interface_info_entry_t *interface_ptr, uint16_t limit)
+{
+    if (!interface_ptr) {
+        return -1;
+    }
+
+    pae_auth_t *pae_auth = ws_pae_auth_get(interface_ptr);
+    if (!pae_auth) {
+        return -1;
+    }
+
+    pae_auth->supp_max_number = limit;
+
+    return 0;
+}
+
+void ws_pae_auth_forced_gc(protocol_interface_info_entry_t *interface_ptr)
+{
+    if (!interface_ptr) {
+        return;
+    }
+
+    pae_auth_t *pae_auth = ws_pae_auth_get(interface_ptr);
+    if (!pae_auth) {
+        return;
+    }
+
+    /* Purge in maximum five entries from supplicant list (starting from oldest one)
+       per call to the function (called by nanostack monitor) */
+    ws_pae_lib_supp_list_purge(&pae_auth->active_supp_list, &pae_auth->inactive_supp_list, 0, SUPPLICANT_NUMBER_TO_PURGE);
+}
+
 static int8_t ws_pae_auth_network_keys_from_gtks_set(pae_auth_t *pae_auth)
 {
     // Authenticator keys are always fresh
@@ -758,6 +800,9 @@ static kmp_api_t *ws_pae_auth_kmp_incoming_ind(kmp_service_t *service, kmp_type_
 
     // If does not exists add it to list
     if (!supp_entry) {
+        // Checks if maximum number of supplicants is reached and purge supplicant list (starting from oldest one)
+        ws_pae_lib_supp_list_purge(&pae_auth->active_supp_list, &pae_auth->inactive_supp_list, pae_auth->supp_max_number, 0);
+
         supp_entry = ws_pae_lib_supp_list_add(&pae_auth->active_supp_list, addr);
         if (!supp_entry) {
             return 0;
diff --git a/source/6LoWPAN/ws/ws_pae_auth.h b/source/6LoWPAN/ws/ws_pae_auth.h
@@ -146,6 +146,26 @@ int8_t ws_pae_auth_node_keys_remove(protocol_interface_info_entry_t *interface_p
  */
 int8_t ws_pae_auth_node_access_revoke_start(protocol_interface_info_entry_t *interface_ptr);
 
+/**
+ * ws_pae_auth_node_limit_set set node limit
+ *
+ * \param interface_ptr interface
+ * \param limit limit for nodes
+ *
+ * \return < 0 failure
+ * \return >= 0 success
+ *
+ */
+int8_t ws_pae_auth_node_limit_set(protocol_interface_info_entry_t *interface_ptr, uint16_t limit);
+
+/**
+ * ws_pae_auth_forced_gc garbage cleanup call
+ *
+ * \param interface_ptr interface
+ *
+ */
+void ws_pae_auth_forced_gc(protocol_interface_info_entry_t *interface_ptr);
+
 /**
  * ws_pae_auth_gtk_hash_set GTK hash set callback
  *
@@ -198,6 +218,8 @@ void ws_pae_auth_cb_register(protocol_interface_info_entry_t *interface_ptr, ws_
 #define ws_pae_auth_nw_key_index_update NULL
 #define ws_pae_auth_node_keys_remove(interface_ptr, eui64) -1
 #define ws_pae_auth_node_access_revoke_start(interface_ptr)
+#define ws_pae_auth_node_limit_set(interface_ptr, limit)
+#define ws_pae_auth_forced_gc(interface_ptr)
 #define ws_pae_auth_fast_timer NULL
 #define ws_pae_auth_slow_timer NULL
 
diff --git a/source/6LoWPAN/ws/ws_pae_controller.c b/source/6LoWPAN/ws/ws_pae_controller.c
@@ -97,6 +97,11 @@ typedef struct {
     bool key_index_set : 1;                                          /**< NW key index is set */
 } pae_controller_t;
 
+typedef struct {
+    uint16_t node_limit;                                             /**< Max number of stored supplicants */
+    bool node_limit_set : 1;                                         /**< Node limit set */
+} pae_controller_config_t;
+
 static pae_controller_t *ws_pae_controller_get(protocol_interface_info_entry_t *interface_ptr);
 static void ws_pae_controller_frame_counter_timer(uint16_t seconds, pae_controller_t *entry);
 static void ws_pae_controller_frame_counter_store(pae_controller_t *entry);
@@ -119,6 +124,11 @@ static const char *FRAME_COUNTER_FILE = FRAME_COUNTER_FILE_NAME;
 
 static NS_LIST_DEFINE(pae_controller_list, pae_controller_t, link);
 
+pae_controller_config_t pae_controller_config = {
+    .node_limit = 0,
+    .node_limit_set = false
+};
+
 #if !defined(HAVE_PAE_SUPP) && !defined(HAVE_PAE_AUTH)
 
 static void ws_pae_controller_test_keys_set(sec_prot_gtk_keys_t *gtks)
@@ -204,6 +214,10 @@ int8_t ws_pae_controller_authenticator_start(protocol_interface_info_entry_t *in
         return -1;
     }
 
+    if (pae_controller_config.node_limit_set) {
+        ws_pae_auth_node_limit_set(controller->interface_ptr, pae_controller_config.node_limit);
+    }
+
     ws_pae_auth_cb_register(interface_ptr, ws_pae_controller_gtk_hash_set, ws_pae_controller_nw_key_check_and_insert, ws_pae_controller_nw_key_index_check_and_set);
 
     ws_pae_auth_start(interface_ptr);
@@ -990,6 +1004,41 @@ int8_t ws_pae_controller_node_access_revoke_start(int8_t interface_id)
     return -1;
 }
 
+int8_t ws_pae_controller_node_limit_set(int8_t interface_id, uint16_t limit)
+{
+#ifdef HAVE_PAE_AUTH
+    pae_controller_config.node_limit = limit;
+    pae_controller_config.node_limit_set = true;
+
+    pae_controller_t *controller = ws_pae_controller_get_or_create(interface_id);
+    if (!controller) {
+        return -1;
+    }
+
+    ws_pae_auth_node_limit_set(controller->interface_ptr, limit);
+
+    return 0;
+#else
+    (void) interface_id;
+    (void) limit;
+    return -1;
+#endif
+}
+
+void ws_pae_controller_forced_gc(bool full_gc)
+{
+    /* Purge only when on critical limit since node limit should handle limiting
+       of entries in normal case */
+    if (!full_gc) {
+        return;
+    }
+
+    // Purge authenticators for each interface
+    ns_list_foreach(pae_controller_t, entry, &pae_controller_list) {
+        ws_pae_auth_forced_gc(entry->interface_ptr);
+    }
+}
+
 static void ws_pae_controller_gtk_hash_set(protocol_interface_info_entry_t *interface_ptr, uint8_t *gtkhash)
 {
     pae_controller_t *controller = ws_pae_controller_get(interface_ptr);
@@ -1086,7 +1135,6 @@ static void ws_pae_controller_frame_counter_store(pae_controller_t *entry)
     }
 }
 
-
 static int8_t ws_pae_controller_nvm_frame_counter_read(uint8_t *index, uint8_t *hash, uint32_t *frame_counter)
 {
     nvm_tlv_list_t tlv_list;
diff --git a/source/6LoWPAN/ws/ws_pae_controller.h b/source/6LoWPAN/ws/ws_pae_controller.h
@@ -293,6 +293,18 @@ int8_t ws_pae_controller_node_keys_remove(int8_t interface_id, uint8_t *eui_64);
  */
 int8_t ws_pae_controller_node_access_revoke_start(int8_t interface_id);
 
+/**
+ * ws_pae_controller_node_limit_set set node limit
+ *
+ * \param interface_id interface identifier
+ * \param limit limit for nodes
+ *
+ * \return < 0 failure
+ * \return >= 0 success
+ *
+ */
+int8_t ws_pae_controller_node_limit_set(int8_t interface_id, uint16_t limit);
+
 /**
  * ws_pae_controller_active_key_update update active key (test interface)
  *
@@ -437,7 +449,6 @@ int8_t ws_pae_controller_cb_register(protocol_interface_info_entry_t *interface_
  */
 void ws_pae_controller_fast_timer(uint16_t ticks);
 
-
 /**
  * ws_pae_controller_slow_timer PAE controller slow timer call
  *
@@ -448,6 +459,14 @@ void ws_pae_controller_slow_timer(uint16_t seconds);
 
 struct nvm_tlv_entry *ws_pae_controller_nvm_tlv_get(protocol_interface_info_entry_t *interface_ptr);
 
+/**
+ * ws_pae_controller_forced_gc PAE controller garbage cleanup callback
+ *
+ * \param full_gc Full cleanup (true for critical garbage cleanup)
+ *
+ */
+void ws_pae_controller_forced_gc(bool full_gc);
+
 #else
 
 #define ws_pae_controller_set_target(interface_ptr, target_pan_id, target_dest_eui_64)
@@ -470,6 +489,8 @@ struct nvm_tlv_entry *ws_pae_controller_nvm_tlv_get(protocol_interface_info_entr
 #define ws_pae_controller_cb_register(interface_ptr, completed, nw_key_set, nw_key_clear, nw_send_key_index_set, pan_ver_increment) 1
 #define ws_pae_controller_nvm_tlv_get(interface_ptr) NULL
 
+#define ws_pae_controller_forced_gc NULL
+
 #endif
 
 #endif /* WS_PAE_CONTROLLER_H_ */
diff --git a/source/6LoWPAN/ws/ws_pae_lib.c b/source/6LoWPAN/ws/ws_pae_lib.c
@@ -316,6 +316,30 @@ void ws_pae_lib_supp_list_to_inactive(supp_list_t *active_supp_list, supp_list_t
     memset(entry->addr.relay_address, 0, 16);
 }
 
+void ws_pae_lib_supp_list_purge(supp_list_t *active_supp_list, supp_list_t *inactive_supp_list, uint16_t max_number, uint8_t max_purge)
+{
+    uint16_t active_supp = ns_list_count(active_supp_list);
+    uint16_t inactive_supp = ns_list_count(inactive_supp_list);
+
+    if (active_supp + inactive_supp > max_number) {
+        uint16_t remove_count = active_supp + inactive_supp - max_number;
+        if (max_purge > 0 && remove_count > max_purge) {
+            remove_count = max_purge;
+        }
+
+        // Remove entries from inactive list
+        ns_list_foreach_safe(supp_entry_t, entry, inactive_supp_list) {
+            if (remove_count > 0) {
+                tr_info("Inactive supplicant removed, eui-64: %s", trace_array(kmp_address_eui_64_get(&entry->addr), 8));
+                ws_pae_lib_supp_list_remove(inactive_supp_list, entry);
+                remove_count--;
+            } else {
+                break;
+            }
+        }
+    }
+}
+
 uint16_t ws_pae_lib_supp_list_kmp_count(supp_list_t *supp_list, kmp_type_e type)
 {
     uint16_t kmp_count = 0;
diff --git a/source/6LoWPAN/ws/ws_pae_lib.h b/source/6LoWPAN/ws/ws_pae_lib.h
@@ -33,7 +33,7 @@ typedef NS_LIST_HEAD(kmp_entry_t, link) kmp_list_t;
 
 typedef struct {
     kmp_list_t kmp_list;               /**< Ongoing KMP negotiations */
-    kmp_addr_t addr;                  /**< EUI-64 (Relay IP address, Relay port) */
+    kmp_addr_t addr;                   /**< EUI-64 (Relay IP address, Relay port) */
     sec_prot_keys_t sec_keys;          /**< Security keys */
     uint32_t ticks;                    /**< Ticks */
     uint16_t retry_ticks;              /**< Retry ticks */
@@ -280,6 +280,18 @@ void ws_pae_lib_supp_list_to_active(supp_list_t *active_supp_list, supp_list_t *
  */
 void ws_pae_lib_supp_list_to_inactive(supp_list_t *active_supp_list, supp_list_t *inactive_supp_list, supp_entry_t *entry);
 
+/**
+ *  ws_pae_lib_supp_list_purge purge inactive supplicants list
+ *
+ * \param active_supp_list list of active supplicants
+ * \param inactive_supp_list list of inactive supplicants
+ * \param max_number maximum number of supplicant entries, can be set to 0 in combination with max_purge
+ *                   to free list entries even when maximum number supplicant entries has not been reached
+ * \param max_purge maximum number of supplicants to purge in one call, 0 means not limited
+ *
+ */
+void ws_pae_lib_supp_list_purge(supp_list_t *active_supp_list, supp_list_t *inactive_supp_list, uint16_t max_number, uint8_t max_purge);
+
 /**
  *  ws_pae_lib_supp_list_kmp_count counts the number of KMPs of a certain type in a list of supplicants
  *
diff --git a/source/Core/ns_monitor.c b/source/Core/ns_monitor.c
@@ -33,6 +33,8 @@
 #include "nsdynmemLIB.h"
 #include "ipv6_stack/ipv6_routing_table.h"
 #include "NWK_INTERFACE/Include/protocol.h"
+#include "6LoWPAN/ws/ws_pae_controller.h"
+#include "NWK_INTERFACE/Include/protocol.h"
 
 #define TRACE_GROUP "mntr"
 
@@ -68,7 +70,8 @@ typedef void (ns_maintenance_gc_cb)(bool full_gc);
  *
  */
 static ns_maintenance_gc_cb *ns_maintenance_gc_functions[] = {
-    ipv6_destination_cache_forced_gc
+    ipv6_destination_cache_forced_gc,
+    ws_pae_controller_forced_gc
 };
 
 static void ns_monitor_heap_gc(bool full_gc)
diff --git a/test/nanostack/unittest/Core/monitor/Makefile b/test/nanostack/unittest/Core/monitor/Makefile
@@ -22,6 +22,7 @@ TEST_SRC_FILES = \
         ../../stub/ipv6_routing_table_stub.c \
         ../../stub/protocol_core_stub.c \
         ../../stub/ip6tos_stub.c \
+        ../../stub/ws_pae_controller_stub.c \
 
 include ../../MakefileWorker.mk
 
diff --git a/test/nanostack/unittest/stub/ws_pae_controller_stub.c b/test/nanostack/unittest/stub/ws_pae_controller_stub.c
