updates

Author: pavel-kirienko

libudpard/udpard.c

@@ -544,8 +544,8 @@ static bool header_deserialize(const udpard_bytes_mut_t dgram_payload,
         const byte_t  head    = *ptr++;
         const byte_t  version = head & 0x1FU;
         if (version == HEADER_VERSION) {
-            out_meta->priority      = (udpard_prio_t)((byte_t)(head >> 5U) & 0x07U);
-            const frame_kind_t kind = (frame_kind_t)*ptr++;
+            out_meta->priority = (udpard_prio_t)((byte_t)(head >> 5U) & 0x07U);
+            out_meta->kind     = (frame_kind_t)*ptr++;
             ptr += 2U;
             ptr = deserialize_u32(ptr, frame_index);
             ptr = deserialize_u32(ptr, frame_payload_offset);
@@ -560,14 +560,15 @@ static bool header_deserialize(const udpard_bytes_mut_t dgram_payload,
             // Finalize the fields.
             *frame_index = HEADER_FRAME_INDEX_MAX & *frame_index;
             // Validate the fields.
-            ok = ok && ((kind == frame_msg_best) || (kind == frame_msg_reliable) || (kind == frame_ack));
+            ok = ok && ((out_meta->kind == frame_msg_best) || (out_meta->kind == frame_msg_reliable) ||
+                        (out_meta->kind == frame_ack));
             ok = ok && (((uint64_t)*frame_payload_offset + (uint64_t)out_payload->size) <=
                         (uint64_t)out_meta->transfer_payload_size);
             ok = ok && ((0 == *frame_index) == (0 == *frame_payload_offset));
             // The prefix-CRC of the first frame of a transfer equals the CRC of its payload.
             ok = ok && ((0 < *frame_payload_offset) || (crc_full(out_payload->size, out_payload->data) == *prefix_crc));
             // ACK frame requires zero offset, single-frame transfer.
-            ok = ok && ((kind != frame_ack) || (*frame_payload_offset == 0U));
+            ok = ok && ((out_meta->kind != frame_ack) || (*frame_payload_offset == 0U));
         } else {
             ok = false;
         }
@@ -1092,22 +1093,23 @@ static bool tx_push(udpard_tx_t* const             tx,
 }
 
 /// Handle an ACK received from a remote node.
-static void tx_receive_ack(udpard_rx_t* const rx, const uint64_t transfer_id)
+static void tx_receive_ack(udpard_rx_t* const rx, const uint64_t sender_uid, const uint64_t transfer_id)
 {
     if (rx->tx != NULL) {
         // A transfer-ID collision is astronomically unlikely: given 10k simultaneously pending reliable transfers,
         // which is outside typical usage, the probability of a collision is about 1 in 500 billion. However, we
         // take into account that the PRNG used to seed the transfer-ID may be imperfect, so we add explicit collision
-        // handling.
-        // The disambiguation policy is very simple: given an ambiguous match, acknowledge the oldest reliable topic.
-        // In all practical scenarios at most a single iteration will be needed.
+        // handling. In all practical scenarios at most a single iteration will be needed.
         const tx_key_transfer_id_t key = { .transfer_id = transfer_id, .seq_no = 0 };
         tx_transfer_t*             tr =
           CAVL2_TO_OWNER(cavl2_lower_bound(rx->tx->index_transfer_id, &key, &tx_cavl_compare_transfer_id),
                          tx_transfer_t,
                          index_transfer_id);
         while ((tr != NULL) && (tr->transfer_id == transfer_id)) {
-            if (tr->kind == frame_msg_reliable) { // pick the first reliable and acknowledge it
+            // Outgoing reliable P2P transfers only accept acks from the intended recipient.
+            // Non-P2P accept acks from any sender.
+            const bool destination_match = !tr->is_p2p || (tr->p2p_remote.uid == sender_uid);
+            if ((tr->kind == frame_msg_reliable) && destination_match) {
                 tx_transfer_retire(rx->tx, tr, true);
                 break;
             }
@@ -1205,9 +1207,10 @@ bool udpard_tx_new(udpard_tx_t* const              self,
         self->enqueued_frames_count = 0;
         self->next_seq_no           = 0;
         self->memory                = memory;
-        self->index_staged          = NULL;
-        self->index_deadline        = NULL;
         self->index_transfer_id     = NULL;
+        self->index_deadline        = NULL;
+        self->index_staged          = NULL;
+        self->agewise               = (udpard_list_t){ NULL, NULL };
         self->user                  = NULL;
         for (size_t i = 0; i < UDPARD_IFACE_COUNT_MAX; i++) {
             self->mtu[i] = UDPARD_MTU_DEFAULT;
@@ -2425,7 +2428,7 @@ bool udpard_rx_port_push(udpard_rx_t* const       rx,
             if (frame.meta.kind != frame_ack) {
                 port->vtable_private->accept(rx, port, timestamp, source_ep, &frame, payload_deleter, iface_index);
             } else {
-                tx_receive_ack(rx, frame.meta.transfer_id);
+                tx_receive_ack(rx, frame.meta.sender_uid, frame.meta.transfer_id);
                 mem_free_payload(payload_deleter, frame.base.origin);
             }
         } else {

libudpard/udpard.h

@@ -487,8 +487,9 @@ bool udpard_tx_new(udpard_tx_t* const              self,
 /// The caller shall increment the transfer-ID counter after each successful invocation of this function per topic.
 /// There shall be a separate transfer-ID counter per topic. The initial value shall be chosen randomly
 /// such that it is likely to be distinct per application startup (embedded systems can use noinit memory sections,
-/// hash uninitialized SRAM, use timers or ADC noise, etc). It is essential to provide a monotonic contiguous
-/// counter per topic to allow remotes to recover the original publication order and detect lost messages.
+/// hash uninitialized SRAM, use timers or ADC noise, etc); hashing with the topic hash is possible for extra entropy.
+/// It is essential to provide a monotonic contiguous counter per topic to allow remotes to recover the original
+/// publication order and detect lost messages.
 /// The random starting point will ensure global uniqueness across topics.
 /// Related thread on random transfer-ID init: https://forum.opencyphal.org/t/improve-the-transfer-id-timeout/2375
 ///