vsomeip 2.10.9

CHANGES

@@ -1,5 +1,25 @@
 Changes
 =======
+v2.10.9
+- Improve handling of service discovery messages with entries
+  referencing too many options.
+- Prevent sending of duplicate remote subscriptions to local clients
+  if the local client processes incoming subscriptions too slow.
+- Remote (un)subscriptions to the same eventgroup are now queued in
+  the routing manager until the local client has processed the
+  previous (un)subscription for this eventgroup.
+- Introduce new json configuration parameter 'diagnosis_mask' to
+  control the number of bits in the client ID used for the diagnosis
+  address. This can be used to enable more than 254 concurrent clients
+  on a node. For more information see the vsomeipUserGuide.
+- If the service discovery is enabled it is is only started if a
+  matching multicast route for the configured service discovery
+  multicast group is present in the system. This applies only to
+  Linux.
+- Rework security configuration:
+    - Allow policy specifications without client specification.
+    - Allow policies to be specified for ranges of uids/gids.
+  For more information see the vsomeipUserGuide.
 
 v2.10.8
 - Change dispatching of availability states in case an availability

CMakeLists.txt

@@ -8,7 +8,7 @@ project (vsomeip)
 
 set (VSOMEIP_MAJOR_VERSION 2)
 set (VSOMEIP_MINOR_VERSION 10)
-set (VSOMEIP_PATCH_VERSION 8)
+set (VSOMEIP_PATCH_VERSION 9)
 set (VSOMEIP_VERSION ${VSOMEIP_MAJOR_VERSION}.${VSOMEIP_MINOR_VERSION}.${VSOMEIP_PATCH_VERSION})
 set (PACKAGE_VERSION ${VSOMEIP_VERSION}) # Used in documentatin/doxygen.in
 set (CMAKE_VERBOSE_MAKEFILE off)
@@ -39,6 +39,14 @@ foreach (p LIB BIN INCLUDE CMAKE)
 endforeach ()
 
 ###################################################################################################
+# Set a default build type if none was specified
+set(default_build_type "RelWithDebInfo")
+if(NOT CMAKE_BUILD_TYPE)
+  message(STATUS "Setting build type to '${default_build_type}' as none was specified.")
+  set(CMAKE_BUILD_TYPE "${default_build_type}" CACHE STRING "Choose the type of build." FORCE)
+  # Set the possible values of build type for cmake-gui
+  set_property(CACHE CMAKE_BUILD_TYPE PROPERTY STRINGS "Debug" "Release" "MinSizeRel" "RelWithDebInfo")
+endif()
 
 # OS
 if (${CMAKE_SYSTEM_NAME} MATCHES "Linux")
@@ -145,7 +153,7 @@ if (MSVC)
     link_directories(${Boost_LIBRARY_DIR_DEBUG})
     ADD_DEFINITIONS( -DBOOST_ALL_DYN_LINK )
 else()
-    set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -D${OS} ${OS_CXX_FLAGS} -DBOOST_LOG_DYN_LINK -g ${OPTIMIZE} -std=c++0x ${NO_DEPRECATED} ${EXPORTSYMBOLS}")
+    set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -D${OS} ${OS_CXX_FLAGS} -DBOOST_LOG_DYN_LINK -g ${OPTIMIZE} -std=c++11 ${NO_DEPRECATED} ${EXPORTSYMBOLS}")
     set(USE_RT "rt")
 endif()
 

documentation/vsomeipUserGuide

@@ -291,8 +291,20 @@ The netmask to specify the subnet of the host system.
 +
 * 'diagnosis'
 +
-The diagnosis address (byte) that will be used to build client identifiers.
+The diagnosis address (byte) that will be used to build client identifiers. The
+diagnosis address is assigned to the most significant byte in all client
+identifiers if not specified otherwise (for example through a predefined client
+ID).
 +
+* 'diagnosis_mask'
++
+The diagnosis mask (2 byte) is used to control the amount of bits used for the
+diagnosis address in client identifiers. The default value is `0xFF00` meaning
+the most significant byte of the client ID is reserved for the diagnosis
+address. Setting the mask to `0xFE00` allows to only use the 7 most
+significant bits of the client ID as a diagnosis address. This can be used to
+increase the maximum amount of concurrent active clients on an ECU.
+
 * 'network'
 +
 Network identifier used to support multiple routing managers on one host. This
@@ -330,16 +342,16 @@ _true, false_).
 +
 ** 'version'
 +
-Configures logging of the vSomeIP version
+Configures logging of the vsomeip version
 +
 *** 'enable'
 +
-Enable or disable cyclic logging of vSomeIP version, defaults to true (valid
+Enable or disable cyclic logging of vsomeip version, defaults to true (valid
 values: _true, false_)
 +
 *** 'interval'
 +
-Configures interval in seconds to log the vSomeIP version. Default value is 10.
+Configures interval in seconds to log the vsomeip version. Default value is 10.
 +
 ** 'memory_log_interval'
 +
@@ -742,7 +754,7 @@ reduced and starts to grow dynamically again.
 * `internal_services` (optional array)
 +
 Specifies service/instance ranges for pure internal service-instances.
-This information is used by vSomeIP to avoid sending Find-Service messages
+This information is used by vsomeip to avoid sending Find-Service messages
 via the Service-Discovery when a client is requesting a not available service-
 instance. Its can either be done on service/instance level or on service level
 only which then includes all instance from 0x0000-0xffff.
@@ -974,15 +986,15 @@ Multiple addresses can be configuered.
 
 Security
 --------
-vSomeIP has a security implementation based on UNIX credentials.
+vsomeip has a security implementation based on UNIX credentials.
 If activated every local connection is authenticated during connect using the standard UNIX credential passing mechanism.
 During authentification a client transfers its client identifier together with its credentials (UID / GID) to the server which is then matched against the configuration.
 If received credentials don't match the policy the socket will be immediately closed by the server and an message is logged.
-If accepted the client identifier is bound to the receiving socket and can therefore be used to do further security checks on incoming messages (vSomeIP messages as well as internal commands).
+If accepted the client identifier is bound to the receiving socket and can therefore be used to do further security checks on incoming messages (vsomeip messages as well as internal commands).
 
 In general clients can be configured to be allowed/denied to request (means communicate with) and offer different service instances.
-Every incoming vSomeIP message (request/response/notifcation) as well as offer service requests or local subscriptions are then checked against the policy.
-If an incoming vSomeIP message or another operation (e.g. offer/subscribe) violates the configured policies it is skipped and a message is logged.
+Every incoming vsomeip message (request/response/notifcation) as well as offer service requests or local subscriptions are then checked against the policy.
+If an incoming vsomeip message or another operation (e.g. offer/subscribe) violates the configured policies it is skipped and a message is logged.
 
 Furthermore if an application receives informations about other clients/services in the system, it must be received from the authenticated routing manager. 
 This is to avoid malicious applications faking the routing manager and therefore being able to wrongly inform other clients about services running on the system.
@@ -993,7 +1005,9 @@ Credential passing is only possible via Unix-Domain-Sockets and therefore only a
 However if security is activated method calls from remote clients to local services are checked as well which means remote clients needs to be explicitly allowed.
 Such a policy looks same in case for local clients except the _credentials_ tag can be skipped.
 
-It follows the available configuration switches for the security feature including its functional behavior: 
+Security configuration
+~~~~~~~~~~~~~~~~~~~~~~
+The available configuration switches for the security feature are: 
 
 // Security
 * anchor:config-policy[]'security' (optional)
@@ -1007,13 +1021,15 @@ Specifies whether security checks are active or not. This includes credentials c
 
 ** 'policies' (array)
 +
-Specifies the security policies. Each policy at least needs to specify _client_ and _allow_ / _deny_.
+Specifies the security policies. Each policy at least needs to specify _allow_ or _deny_.
 
-*** 'client'
+*** 'client' (optional)
 +
 Specifies a client for which a security policy will be applied (valid value: A valid client identifier in hex: e.g. _0x1234_).
 It is also possible to specify a client identifier range to easily apply a policy to a set of clients.
 A usecase is e.g. to allow a set of remote clients communicate with local services offered remote.
++
+No client specification equals to any client (_0xFFFF_). Such policies are applied if a client has no specific policy.
 
 **** 'first'
 +
@@ -1042,6 +1058,20 @@ As a wildcard "any" can be used.
 Specifies the LINUX group id of the above client(s) as decimal number.
 As a wildcard "any" can be used.
 
+**** 'allow/deny' (optional)
++
+Specifies whether the LINUX user and group ids are allowed or denied for the policy.
+
+***** 'uid' (array)
++
+Specifies a list of LINUX user ids. These may either be specified as decimal numbers or as ranges. Ranges
+are specified by the first and the last valid id (see example below).
+
+***** 'gid' (array)
++
+Specifies a list of LINUX group ids. These may either be specified as decimal numbers or as ranges. Ranges
+are specified by the first and the last valid id (see example below).
+
 *** 'allow/deny'
 +
 This tag specifies either _allow_ or _deny_ depending on white- or blacklisting is needed. Specifing _allow_ and _deny_ entries in one policy is therefore not allowed.
@@ -1072,15 +1102,75 @@ Specifies a service for the _offers_.
 +
 Specifies a instance for the _offers_
 
-In the `config/` folder are some vSomeIP configuration files to run the vSomeIP
+Security configuration example
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+[source, bash]
+----
+...
+"security" :
+{
+    ...
+    "policies" :
+    [
+        {
+            ...
+            "credentials" :
+            {
+                "uid" : "44",
+                "gid" : "any"
+             },
+             "allow" :
+             [
+                 "requests" :
+                 [
+                     {
+                         "service" : "0x6731",
+                         "instance" : "0x0001"
+                     }
+                 ]
+             ]
+         },
+         {
+            "credentials" :
+            {
+                "deny" :
+                [
+                    {
+                        "uid" : [ "1000", { "first" : "1002", "last" : "max" }],
+                        "gid" : [ "0", { "first" : "100", "last" : "243" }, "300"]
+                    },
+                    {
+                        "uid" : "55",
+                        "gid" : "55"
+                    }
+                 ]
+             },
+             "allow" :
+             [
+                 "requests" :
+                 [
+                     {
+                         "service" : "0x6732",
+                         "instance" : "0x0001"
+                     }
+                 ]
+             ]
+         }
+     ]
+}
+----
+
+The config/ folder contains some addition vsomeip configuration files to run the vsomeip
 examples with activated security checks.
 Additionally there's a security test in the `test/` subfolder which can be used
 for further reference. +
-They give a basic overview how to use the security related configuration tags described in this chapter to run a simple request/response or subscribe/notify example locally or over remote.
+They give a basic overview how to use the security related configuration tags described 
+in this chapter to run a simple request/response or subscribe/notify example locally or
+remotely.
 
 Audit Mode
 ~~~~~~~~~~
-vSomeIP's security implementation can be put in a so called 'Audit Mode' where
+vsomeip's security implementation can be put in a so called 'Audit Mode' where
 all security violations will be logged but allowed. This mode can be used to
 build a security configuration.
 
@@ -1113,7 +1203,7 @@ DIAGNOSIS_ADDRESS when compiling vsomeip. vsomeip will use the diagnosis address
 as the high byte and enumerate the connecting applications within the low byte
 of the client identifier.
 
-Autoconfiguration of client identifiers isn't meant to be used together with vSomeIP Security.
+Autoconfiguration of client identifiers isn't meant to be used together with vsomeip Security.
 Every client running locally needs to have at least its own credentials configured when security is activated to ensure the credential checks can pass.
 Practically that means if a client requests its identifier over the autoconfiguration for which no credentials are configured (at least it isn't known which client identifier is used beforehand) it is impossible for that client to establish a connection to a server endpoint.
 However if the credentials for all clients are same it's possible to configure them for the overall (or DIAGNOSIS_ADDRESS) client identifier range to mix autoconfiguration together with activated security.

implementation/configuration/include/configuration.hpp

@@ -43,6 +43,7 @@ class configuration {
 
     virtual const boost::asio::ip::address & get_unicast_address() const = 0;
     virtual unsigned short get_diagnosis_address() const = 0;
+    virtual std::uint16_t get_diagnosis_mask() const = 0;
     virtual bool is_v4() const = 0;
     virtual bool is_v6() const = 0;
 

implementation/configuration/include/configuration_impl.hpp

@@ -60,6 +60,7 @@ class configuration_impl:
 
     VSOMEIP_EXPORT const boost::asio::ip::address & get_unicast_address() const;
     VSOMEIP_EXPORT unsigned short get_diagnosis_address() const;
+    VSOMEIP_EXPORT std::uint16_t get_diagnosis_mask() const;
     VSOMEIP_EXPORT bool is_v4() const;
     VSOMEIP_EXPORT bool is_v6() const;
 
@@ -230,6 +231,8 @@ class configuration_impl:
     void load_selective_broadcasts_support(const element &_element);
     void load_policies(const element &_element);
     void load_policy(const boost::property_tree::ptree &_tree);
+    void load_credential(const boost::property_tree::ptree &_tree, ids_t &_ids);
+    void load_ranges(const boost::property_tree::ptree &_tree, ranges_t &_range);
 
     void load_debounce(const element &_element);
     void load_service_debounce(const boost::property_tree::ptree &_tree);
@@ -279,6 +282,7 @@ class configuration_impl:
     // Configuration data
     boost::asio::ip::address unicast_;
     unsigned short diagnosis_;
+    std::uint16_t diagnosis_mask_;
 
     bool has_console_log_;
     bool has_file_log_;
@@ -335,6 +339,7 @@ class configuration_impl:
         ET_NETWORK,
         ET_UNICAST,
         ET_DIAGNOSIS,
+        ET_DIAGNOSIS_MASK,
         ET_LOGGING_CONSOLE,
         ET_LOGGING_FILE,
         ET_LOGGING_DLT,
@@ -362,7 +367,7 @@ class configuration_impl:
         ET_ENDPOINT_QUEUE_LIMITS,
         ET_ENDPOINT_QUEUE_LIMIT_EXTERNAL,
         ET_ENDPOINT_QUEUE_LIMIT_LOCAL,
-        ET_MAX = 30
+        ET_MAX = 31
     };
 
     bool is_configured_[ET_MAX];

implementation/configuration/include/internal.hpp.in

@@ -103,6 +103,7 @@
 #define VSOMEIP_ID_REQUEST                      0x1E
 #define VSOMEIP_OFFERED_SERVICES_REQUEST        0x1F
 #define VSOMEIP_OFFERED_SERVICES_RESPONSE       0x20
+#define VSOMEIP_UNSUBSCRIBE_ACK                 0x21
 
 #define VSOMEIP_OFFER_SERVICE_COMMAND_SIZE      16
 #define VSOMEIP_REQUEST_SERVICE_COMMAND_SIZE    17
@@ -111,7 +112,8 @@
 #define VSOMEIP_SUBSCRIBE_COMMAND_SIZE          19
 #define VSOMEIP_SUBSCRIBE_ACK_COMMAND_SIZE      19
 #define VSOMEIP_SUBSCRIBE_NACK_COMMAND_SIZE     19
-#define VSOMEIP_UNSUBSCRIBE_COMMAND_SIZE        16
+#define VSOMEIP_UNSUBSCRIBE_COMMAND_SIZE        17
+#define VSOMEIP_UNSUBSCRIBE_ACK_COMMAND_SIZE    15
 #define VSOMEIP_REGISTER_EVENT_COMMAND_SIZE     15
 #define VSOMEIP_UNREGISTER_EVENT_COMMAND_SIZE   14
 #define VSOMEIP_ID_RESPONSE_COMMAND_SIZE        12
@@ -128,8 +130,6 @@
 #define VSOMEIP_DEFAULT_SHM_PERMISSION          0666
 #define VSOMEIP_DEFAULT_UMASK_LOCAL_ENDPOINTS   0000
 
-#define VSOMEIP_MAX_CLIENTS                     255
-
 #define VSOMEIP_ROUTING_READY_MESSAGE           "@VSOMEIP_ROUTING_READY_MESSAGE@"
 
 namespace vsomeip {
@@ -168,12 +168,11 @@ struct configuration_data_t {
     pid_t pid_;
 #endif
     unsigned short client_base_;
-
-    unsigned short used_client_ids_[VSOMEIP_MAX_CLIENTS];
+    unsigned short max_clients_;
     int max_used_client_ids_index_;
-    unsigned char max_assigned_client_id_low_byte_;
-
+    unsigned short max_assigned_client_id_without_diagnosis_;
     unsigned short routing_manager_host_;
+    // array of used client ids here, pointer to it is kept in utility class
 };
 
 const std::uint32_t MESSAGE_SIZE_UNLIMITED = (std::numeric_limits<std::uint32_t>::max)();

implementation/configuration/include/policy.hpp

@@ -7,26 +7,25 @@
 #define VSOMEIP_CFG_POLICY_HPP
 
 #include <memory>
+#include <set>
 
 #include <vsomeip/primitive_types.hpp>
 
 namespace vsomeip {
 namespace cfg {
 
+typedef std::set<std::pair<uint32_t, uint32_t>> ranges_t;
+typedef std::set<std::pair<ranges_t, ranges_t>> ids_t;
+
 struct policy {
-    policy() :
-        uid_(0), is_uid_set_(false), gid_(0), is_gid_set_(false) {
-    }
-
-    std::set<std::pair<service_t, instance_t>> allowed_services_;
-    std::set<std::pair<service_t, instance_t>> allowed_offers_;
-    std::set<std::pair<service_t, instance_t>> denied_services_;
-    std::set<std::pair<service_t, instance_t>> denied_offers_;
-    std::uint32_t uid_;
-    bool is_uid_set_;
-    std::uint32_t gid_;
-    bool is_gid_set_;
-    bool allow_;
+    policy() : allow_who_(false), allow_what_(false) {};
+
+    ids_t ids_;
+    bool allow_who_;
+
+    std::set<std::pair<service_t, instance_t>> services_;
+    std::set<std::pair<service_t, instance_t>> offers_;
+    bool allow_what_;
 };
 
 } // namespace cfg