ouroboros/src, branch 0.22.0

build: Include tests in 'all' target

2025-11-07T07:36:20+00:00

When BUILD_TESTING=ON, then the default 'all' target will now build also the tests. This behaviour could be controlled by an extra variable (see https://stackoverflow.com/a/42235335), but this increases complexity without many benefits. Signed-off-by: Thijs Paelman Signed-off-by: Sander Vrijders

build: Only add tests when BUILD_TESTING is ON

2025-11-07T07:35:48+00:00

By default, BUILD_TESTING = ON due to the inclusion of the CTest module. Signed-off-by: Thijs Paelman Signed-off-by: Sander Vrijders

irmd: Fix the flow_join operation

2025-09-24T06:06:47+00:00

This fixes a regression in the code path for joining a broadcast Layer. It deprecates the qos parameter on flow_join, as the QoS is implied by the broadcast Layer itself. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Fail on encrypted PEM keys

2025-09-10T06:22:07+00:00

The IRMd currently only supports unencrypted PEM keys, and passing an encrypted one should fail instead of opening a prompt. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

lib: Move encryption control from QoS to name

2025-09-10T06:21:58+00:00

This removes the flow encryption option (cypher_s) from the qosspec. The configuration file is configured in the security options (default /etc/ouroboros/security/). For this poc, encryption can be disabled client or server side by putting an enc.cfg file. If that file is present in the client folder, the client will require encryption. If that file is present on the server side, the server will require encryption and reject non-encrypted flows. Encryption is now configured outside of any application control. Example: /etc/ouroboros/security/client/oping/enc.cfg exists: irmd(II): Encryption enabled for oping. irmd(DB): File /etc/ouroboros/security/client/oping/crt.pem does not exist. irmd(II): No security info for oping. irmd(DB): Generated ephemeral keys for 87474. irmd/oap(PP): OAP_HDR [caf203681d997941 @ 2025-09-02 17:08:05 (UTC) ] --> irmd/oap(PP): Certificate: irmd/oap(PP): Ephemeral Public Key: [91 bytes] irmd/oap(PP): Data: irmd/oap(PP): Signature: Example: /etc/ouroboros/security/client/oping/enc.cfg does not exist: irmd(II): Allocating flow for 87506 to oping. irmd(DB): File /etc/ouroboros/security/client/oping/enc.cfg does not exist. irmd(DB): File /etc/ouroboros/security/client/oping/crt.pem does not exist. irmd(II): No security info for oping. irmd/oap(PP): OAP_HDR [e84bb9d7c3d9c002 @ 2025-09-02 17:08:30 (UTC) ] --> irmd/oap(PP): Certificate: irmd/oap(PP): Ephemeral Public Key: irmd/oap(PP): Data: irmd/oap(PP): Signature: Example: /etc/ouroboros/security/server/oping/enc.cfg exists: irmd(II): Flow request arrived for oping. irmd(DB): IPCP 88112 accepting flow 7 for oping. irmd(II): Encryption enabled for oping. irmd(DB): File /etc/ouroboros/security/server/oping/crt.pem does not exist. irmd(II): No security info for oping. irmd/oap(PP): OAP_HDR [3c717b3f31dff8df @ 2025-09-02 17:13:06 (UTC) ] <-- irmd/oap(PP): Certificate: irmd/oap(PP): Ephemeral Public Key: irmd/oap(PP): Data: irmd/oap(PP): Signature: irmd(WW): Encryption required but no key provided. The server side will pass the ECRYPT to the client: $ oping -l Ouroboros ping server started. Failed to accept flow: -1008 $ oping -n oping -c 1 Failed to allocate flow: -1008. Encryption on flows can now be changed at runtime without needing to touch/reconfigure/restart the process. Note: The ECRYPT result is passed on via the flow allocator responses through the IPCP (discovered/fixed some endianness issues), but the reason for rejecting the flow can be considered N+1 information... We may move that information up into the OAP header at some point. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

ipcpd: Add ipcpd over UDP/IPv6

2025-09-10T06:19:52+00:00

This adds an IPCP that runs over UDP/IPv6. It's structured like the eth-dix and eth-llc in that it builds two separate binaries: ipcpd-udp4 and ipcpd-udp6. The IRM CLI is backwards compatible in that type 'udp' will resolve to type 'udp4'. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

irmd: Fix client certificates

2025-09-10T06:17:14+00:00

The server-side check of client certificates was checking the server side certificate instead. Now also allows client certificates with a different name than the application. Signed-off-by: Dimitri Staessens Signed-off-by: Sander Vrijders

ipcpd: Fix missing return in DHT

2025-08-24T08:23:47+00:00

The dht_kv_respond_req had a missing return statement. I'm not sure why the double mutex_unlock() never caused havoc in testing. Signed-off-by: Dimitri Staessens

ipcpd: Start the connmgr first

2025-08-24T07:34:29+00:00

The DT component (which starts the routing component) and enrollment component rely on the connmgr, and when enrolling larger networks, the link state component sometimes fails to connect because the conngmr is not fully started yet. Signed-off-by: Dimitri Staessens

build: Add some hints for scan-build

2025-08-23T12:11:39+00:00

The scan-build tool was pointing out some potential issues that were understood or false positives. Added some asserts so scan-build can complete successfully without these warnings. Signed-off-by: Dimitri Staessens