end host, router: dispatch UDP in router, remove dispatcher socket (#…

…4344) Implement the dispatcher-less end host with the UDP port dispatch in the router, as discussed in #4280. Applications (using snet) now open underlay UDP ports directly, and use the same port number for the underlay UDP and SCION/UDP. This SCION_UDP.dst_port number is used by the router as underlay port when forwarding packets to destination hosts. The `dispatcher` has been completely refactored and pruned. It now serves only as a responder for SCMP echo/traceroute requests, and, as a transition mechanism, acts as a stateless "shim" that forwards UDP datagrams. The `reliable/sock` packages has been removed.
scionproto · May 17, 2024 · 15bdf63 · 15bdf63
1 parent 3446efd
commit 15bdf63
Show file tree

Hide file tree

Showing 213 changed files with 3,067 additions and 11,037 deletions.
diff --git a/.golangcilint.yml b/.golangcilint.yml
@@ -63,8 +63,3 @@ issues:
     - path: pkg/scrypto/cms
       linters: [goheader]
 
-    # Exceptions to errcheck for some old-ish convey tests.
-    - linters: [errcheck]
-      path: "^pkg/sock/reliable/reconnect/conn_io_test.go$|\
-             ^pkg/sock/reliable/reconnect/network_test.go$|\
-             ^pkg/sock/reliable/reconnect/reconnecter_test.go$"
diff --git a/acceptance/app_vs_endhost_br_dispatch/BUILD.bazel b/acceptance/app_vs_endhost_br_dispatch/BUILD.bazel
@@ -0,0 +1,9 @@
+load("//acceptance/common:topogen.bzl", "topogen_test")
+
+topogen_test(
+    name = "test",
+    src = "test.py",
+    args = ["--executable=end2end_integration:$(location //tools/end2end_integration)"],
+    data = ["//tools/end2end_integration"],
+    topo = "//acceptance/app_vs_endhost_br_dispatch/testdata:topology.topo",
+)
diff --git a/acceptance/app_vs_endhost_br_dispatch/test.py b/acceptance/app_vs_endhost_br_dispatch/test.py
@@ -0,0 +1,53 @@
+#!/usr/bin/env python3
+
+# Copyright 2023 ETH Zurich
+
+from acceptance.common import base
+from acceptance.common import scion
+
+
+class Test(base.TestTopogen):
+    """
+    Constructs a simple test topology with one core, two leaf ASes.
+    Each of them will run a different mix between BR that will replicate
+    the legacy endhost-port-dispatch behaviour (i.e., they will send
+    traffic to its own AS to the endhost default port) and
+    application-port-dispatch routers (i.e., they will rewrite the underlay
+    UDP/IP destination port with the UDP/SCION port).
+
+    AS 1-ff00:0:1 is core.
+    AS 1-ff00:0:2, 1-ff00:0:3 are leaves.
+
+    We use the shortnames AS1, AS2, etc. for the ASes above.
+
+    AS1 contains a BR with the port rewriting configuration to the default
+    range. It also includes a shim dispatcher.
+    AS2 contains a BR with a configuration that imitates the old
+    behaviour, i.e., sending all traffic to default endhost port 30041.
+    It also includes a shim dispatcher.
+    AS3 contains a BR with the port rewriting configuration to the default
+    range. It does not include the shim dispatcher.
+    """
+
+    def setup_prepare(self):
+        super().setup_prepare()
+
+        br_as_2_id = "br1-ff00_0_2-1"
+
+        br_as_2_file = self.artifacts / "gen" / "ASff00_0_2" \
+            / ("%s.toml" % br_as_2_id)
+        scion.update_toml({"router.dispatched_port_start": 0,
+                          "router.dispatched_port_end": 0},
+                          [br_as_2_file])
+
+    def setup_start(self):
+        super().setup_start()
+        self.await_connectivity()
+
+    def _run(self):
+        ping_test = self.get_executable("end2end_integration")
+        ping_test["-d", "-outDir", self.artifacts].run_fg()
+
+
+if __name__ == "__main__":
+    base.main(Test)
diff --git a/acceptance/app_vs_endhost_br_dispatch/testdata/BUILD.bazel b/acceptance/app_vs_endhost_br_dispatch/testdata/BUILD.bazel
@@ -0,0 +1,3 @@
+exports_files([
+    "topology.topo",
+])
diff --git a/acceptance/app_vs_endhost_br_dispatch/testdata/topology.topo b/acceptance/app_vs_endhost_br_dispatch/testdata/topology.topo
@@ -0,0 +1,15 @@
+--- # Test Topology
+ASes:
+  "1-ff00:0:1":
+    core: true
+    voting: true
+    authoritative: true
+    issuing: true
+  "1-ff00:0:2":
+    cert_issuer: 1-ff00:0:1
+  "1-ff00:0:3":
+    cert_issuer: 1-ff00:0:1
+    test_dispatcher: False
+links:
+  - {a: "1-ff00:0:1#2", b: "1-ff00:0:2#1", linkAtoB: CHILD}
+  - {a: "1-ff00:0:1#3", b: "1-ff00:0:3#1", linkAtoB: CHILD}
diff --git a/acceptance/common/docker.py b/acceptance/common/docker.py
@@ -61,8 +61,9 @@ def collect_logs(self, out_dir: str = "logs/docker"):
         for svc in self("config", "--services").splitlines():
             # Collect logs.
             dst_f = out_p / "%s.log" % svc
+            print(svc)
             with open(dst_f, "w") as log_file:
-                cmd.docker.run(args=("logs", svc), stdout=log_file,
+                cmd.docker.run(args=("logs", "scion-"+svc+"-1"), stdout=log_file,
                                stderr=subprocess.STDOUT, retcode=None)
             # Collect coredupms.
             coredump_f = out_p / "%s.coredump" % svc

diff --git a/acceptance/router_benchmark/conf/topology.json b/acceptance/router_benchmark/conf/topology.json
@@ -4,6 +4,7 @@
   ],
   "isd_as": "1-ff00:0:1",
   "mtu": 1400,
+  "dispatched_ports": "1024-65535",
   "border_routers": {
     "br1a": {
       "internal_addr": "10.123.10.1:30042",

diff --git a/acceptance/router_multi/conf/topology.json b/acceptance/router_multi/conf/topology.json
@@ -2,6 +2,7 @@
   "isd_as": "1-ff00:0:1",
   "mtu": 1472,
   "attributes": [],
+  "dispatched_ports": "1024-65535",
   "border_routers": {
     "brA": {
       "internal_addr": "192.168.0.11:30001",

diff --git a/acceptance/sig_short_exp_time/BUILD.bazel b/acceptance/sig_short_exp_time/BUILD.bazel
@@ -4,7 +4,6 @@ sh_test(
     srcs = ["test"],
     data = [
         "docker-compose.yml",
-        "//docker:dispatcher.tarball",
         "//docker:gateway.tarball",
         "//tools/udpproxy:udpproxy.tarball",
     ] + glob(["testdata/**"]),

diff --git a/acceptance/sig_short_exp_time/docker-compose.yml b/acceptance/sig_short_exp_time/docker-compose.yml
@@ -47,7 +47,6 @@ services:
       bridge1:
         ipv4_address: 242.254.100.2
     volumes:
-    - vol_scion_disp_sig1-ff00_0_110:/run/shm/dispatcher:rw
     - ./testdata/1-ff00_0_110/dispatcher:/etc/scion/
     command: [ "--config", "/etc/scion/disp.toml" ]
   dispatcher2:
@@ -56,45 +55,46 @@ services:
       bridge2:
         ipv4_address: 242.254.200.2
     volumes:
-    - vol_scion_disp_sig1-ff00_0_111:/run/shm/dispatcher:rw
     - ./testdata/1-ff00_0_111/dispatcher:/etc/scion/
     command: [ "--config", "/etc/scion/disp.toml" ]
   sig1:
     cap_add:
     - NET_ADMIN
-    depends_on:
-    - dispatcher1
+    container_name: sig1
     image: scion/gateway:latest
-    network_mode: service:dispatcher1
+    networks:
+      bridge1:
+        ipv4_address: 242.254.100.2
     privileged: true
     volumes:
-    - vol_scion_disp_sig1-ff00_0_110:/run/shm/dispatcher:rw
     - /dev/net/tun:/dev/net/tun
     - ./testdata/1-ff00_0_110/sig:/etc/scion/
     command: [ "--config", "/etc/scion/sig.toml" ]
   sig2:
     cap_add:
     - NET_ADMIN
-    depends_on:
-    - dispatcher2
+    container_name: sig2
     image: scion/gateway:latest
-    network_mode: service:dispatcher2
+    networks:
+      bridge2:
+        ipv4_address: 242.254.200.2
     privileged: true
     volumes:
-    - vol_scion_disp_sig1-ff00_0_111:/run/shm/dispatcher:rw
     - /dev/net/tun:/dev/net/tun
     - ./testdata/1-ff00_0_111/sig:/etc/scion/
     command: [ "--config", "/etc/scion/sig.toml" ]
   tester1:
     image: alpine
-    network_mode: service:dispatcher1
+    networks:
+      bridge1:
+        ipv4_address: 242.254.100.10
     privileged: true
   tester2:
     image: alpine
-    network_mode: service:dispatcher2
+    networks:
+      bridge2:
+        ipv4_address: 242.254.200.10
     privileged: true
 version: '2.4'
 volumes:
   vol_logs: null
-  vol_scion_disp_sig1-ff00_0_110: null
-  vol_scion_disp_sig1-ff00_0_111: null
diff --git a/acceptance/sig_short_exp_time/test b/acceptance/sig_short_exp_time/test
@@ -44,7 +44,7 @@
 #     |                                                     |
 #     |   +---------------------------------------------+   |
 #     +---+                    pathb                    +----
-#         | 242.254.100.3:50000 <-> 242.254.200.4:50000 |
+#         | 242.254.100.4:50000 <-> 242.254.200.4:50000 |
 #         +---------------------------------------------+
 
 run_test() {(set -e

diff --git a/acceptance/topo_common/topology.json b/acceptance/topo_common/topology.json
@@ -1,6 +1,7 @@
 {
   "isd_as": "1-ff00:0:110",
   "mtu": 1400,
+  "dispatched_ports": "1024-65535",
   "attributes": [
     "core"
   ],

diff --git a/acceptance/topo_cs_reload/BUILD.bazel b/acceptance/topo_cs_reload/BUILD.bazel
@@ -15,7 +15,6 @@ go_test(
         "docker-compose.yml",
         "testdata/topology_reload.json",
         ":control.tar",
-        ":dispatcher.tar",
         ":invalid_changed_ip",
         ":invalid_changed_port",
         ":testdata/gen_crypto.sh",
@@ -36,32 +35,6 @@ go_test(
     ],
 )
 
-# dispatcher container
-oci_tarball(
-    name = "dispatcher.tar",
-    format = "docker",
-    image = ":dispatcher_image",
-    repo_tags = ["scion/" + package_name() + ":dispatcher"],
-)
-
-oci_image(
-    name = "dispatcher_image",
-    base = "//docker:dispatcher",
-    cmd = [
-        "--config",
-        "/disp.toml",
-    ],
-    entrypoint = ["/app/dispatcher"],
-    tars = [
-        ":dispatcher_data",
-    ],
-)
-
-pkg_tar(
-    name = "dispatcher_data",
-    srcs = ["testdata/disp.toml"],
-)
-
 # control container
 oci_tarball(
     name = "control.tar",

diff --git a/acceptance/topo_cs_reload/docker-compose.yml b/acceptance/topo_cs_reload/docker-compose.yml
@@ -7,23 +7,13 @@ networks:
       config:
       - subnet: 242.253.100.0/24
 services:
-  topo_cs_reload_dispatcher:
-    image: scion/acceptance/topo_cs_reload:dispatcher
-    networks:
-      bridge1:
-        ipv4_address: 242.253.100.2
-    volumes:
-    - vol_topo_cs_reload_disp:/run/shm/dispatcher:rw
   topo_cs_reload_control_srv:
     image: scion/acceptance/topo_cs_reload:control
-    depends_on:
-      - topo_cs_reload_dispatcher
     volumes:
-    - vol_topo_cs_reload_disp:/run/shm/dispatcher:ro
     - "${TOPO_CS_RELOAD_CONFIG_DIR}/certs:/certs:ro"
     - "${TOPO_CS_RELOAD_CONFIG_DIR}/keys:/keys:ro"
     - "${TOPO_CS_RELOAD_CONFIG_DIR}/crypto:/crypto:ro"
-    network_mode: service:topo_cs_reload_dispatcher
+    networks:
+      bridge1:
+        ipv4_address: 242.253.100.2
 version: '2.4'
-volumes:
-  vol_topo_cs_reload_disp: null
diff --git a/acceptance/topo_cs_reload/reload_test.go b/acceptance/topo_cs_reload/reload_test.go
@@ -100,10 +100,6 @@ func setupTest(t *testing.T) testState {
 	s.mustExec(t, "tar", "-xf", "crypto.tar", "-C", tmpDir)
 	// first load the docker images from bazel into the docker deamon, the
 	// tars are in the same folder as this test runs in bazel.
-	s.mustExec(t, "docker", "image", "load", "-i", "dispatcher.tar/tarball.tar")
-	t.Cleanup(func() {
-		s.mustExec(t, "docker", "image", "rm", "scion/acceptance/topo_cs_reload:dispatcher")
-	})
 	s.mustExec(t, "docker", "image", "load", "-i", "control.tar/tarball.tar")
 	t.Cleanup(func() {
 		s.mustExec(t, "docker", "image", "rm", "scion/acceptance/topo_cs_reload:control")
@@ -126,7 +122,6 @@ func (s testState) collectLogs(t *testing.T) {
 	require.NoError(t, os.MkdirAll(fmt.Sprintf("%s/logs", outdir), os.ModePerm|os.ModeDir))
 	// collect logs
 	for service, file := range map[string]string{
-		"topo_cs_reload_dispatcher":  "disp.log",
 		"topo_cs_reload_control_srv": "control.log",
 	} {
 		cmd := exec.Command("docker", "compose",

diff --git a/acceptance/topo_cs_reload/testdata/cs.toml b/acceptance/topo_cs_reload/testdata/cs.toml
@@ -1,5 +1,4 @@
 [general]
-reconnect_to_dispatcher = true
 config_dir = "/"
 id = "cs1-ff00_0_110-1"
 

diff --git a/acceptance/topo_cs_reload/testdata/disp.toml b/acceptance/topo_cs_reload/testdata/disp.toml
diff --git a/acceptance/topo_cs_reload/testdata/sd.toml b/acceptance/topo_cs_reload/testdata/sd.toml
@@ -1,5 +1,4 @@
 [general]
-reconnect_to_dispatcher = true
 config_dir = "/"
 id = "sd1-ff00_0_110"
 

diff --git a/acceptance/topo_cs_reload/testdata/topology_reload.json b/acceptance/topo_cs_reload/testdata/topology_reload.json
@@ -1,6 +1,7 @@
 {
   "isd_as": "1-ff00:0:110",
   "mtu": 1400,
+  "dispatched_ports": "1024-65535",
   "attributes": [
     "core"
   ],

diff --git a/acceptance/topo_daemon_reload/BUILD.bazel b/acceptance/topo_daemon_reload/BUILD.bazel
@@ -8,7 +8,6 @@ go_test(
     data = [
         "testdata/topology_reload.json",
         ":daemon.tar",
-        ":dispatcher.tar",
         ":docker-compose.yml",
         "//acceptance/topo_common:invalid_reloads",
         "//acceptance/topo_common:topology",
@@ -24,32 +23,6 @@ go_test(
     ],
 )
 
-# dispatcher container
-oci_tarball(
-    name = "dispatcher.tar",
-    format = "docker",
-    image = ":dispatcher_image",
-    repo_tags = ["scion/" + package_name() + ":dispatcher"],
-)
-
-oci_image(
-    name = "dispatcher_image",
-    base = "//docker:dispatcher",
-    cmd = [
-        "--config",
-        "/disp.toml",
-    ],
-    entrypoint = ["/app/dispatcher"],
-    tars = [
-        ":dispatcher_data",
-    ],
-)
-
-pkg_tar(
-    name = "dispatcher_data",
-    srcs = ["testdata/disp.toml"],
-)
-
 # daemon container
 oci_tarball(
     name = "daemon.tar",

diff --git a/acceptance/topo_daemon_reload/docker-compose.yml b/acceptance/topo_daemon_reload/docker-compose.yml
@@ -7,22 +7,14 @@ networks:
       config:
       - subnet: 242.254.100.0/24
 services:
-  topo_daemon_reload_dispatcher:
-    container_name: topo_daemon_reload_dispatcher
-    image: scion/acceptance/topo_daemon_reload:dispatcher
-    networks:
-      bridge1:
-        ipv4_address: 242.254.100.2
-    volumes:
-    - vol_topo_daemon_reload_disp:/run/shm/dispatcher:rw
   topo_daemon_reload_daemon:
     container_name: topo_daemon_reload_daemon
     image: scion/acceptance/topo_daemon_reload:daemon
     volumes:
-    - vol_topo_daemon_reload_disp:/run/shm/dispatcher:ro
     - vol_topo_daemon_reload_certs:/certs:ro
-    network_mode: service:topo_daemon_reload_dispatcher
+    networks:
+      bridge1:
+        ipv4_address: 242.254.100.2
 version: '2.4'
 volumes:
-  vol_topo_daemon_reload_disp: null
   vol_topo_daemon_reload_certs: null