summaryrefslogtreecommitdiff
path: root/src/irmd
diff options
context:
space:
mode:
Diffstat (limited to 'src/irmd')
-rw-r--r--src/irmd/CMakeLists.txt93
-rw-r--r--src/irmd/config.h.in89
-rw-r--r--src/irmd/configfile.c1133
-rw-r--r--src/irmd/configfile.h29
-rw-r--r--src/irmd/ipcp.c477
-rw-r--r--src/irmd/ipcp.h59
-rw-r--r--src/irmd/irm_flow.c226
-rw-r--r--src/irmd/irm_flow.h81
-rw-r--r--src/irmd/irmd.h54
-rw-r--r--src/irmd/main.c3286
-rw-r--r--src/irmd/oap.c130
-rw-r--r--src/irmd/oap.h67
-rw-r--r--src/irmd/oap/auth.c252
-rw-r--r--src/irmd/oap/auth.h (renamed from src/irmd/utils.h)30
-rw-r--r--src/irmd/oap/cli.c553
-rw-r--r--src/irmd/oap/hdr.c456
-rw-r--r--src/irmd/oap/hdr.h159
-rw-r--r--src/irmd/oap/internal.h133
-rw-r--r--src/irmd/oap/io.c132
-rw-r--r--src/irmd/oap/io.h40
-rw-r--r--src/irmd/oap/srv.c462
-rw-r--r--src/irmd/oap/tests/CMakeLists.txt64
-rw-r--r--src/irmd/oap/tests/common.c457
-rw-r--r--src/irmd/oap/tests/common.h100
-rw-r--r--src/irmd/oap/tests/oap_test.c951
-rw-r--r--src/irmd/oap/tests/oap_test_pqc.c363
-rw-r--r--src/irmd/proc_table.c303
-rw-r--r--src/irmd/proc_table.h84
-rw-r--r--src/irmd/prog_table.c164
-rw-r--r--src/irmd/prog_table.h60
-rw-r--r--src/irmd/reg/flow.c215
-rw-r--r--src/irmd/reg/flow.h67
-rw-r--r--src/irmd/reg/ipcp.c91
-rw-r--r--src/irmd/reg/ipcp.h47
-rw-r--r--src/irmd/reg/name.c381
-rw-r--r--src/irmd/reg/name.h88
-rw-r--r--src/irmd/reg/pool.c101
-rw-r--r--src/irmd/reg/pool.h48
-rw-r--r--src/irmd/reg/proc.c193
-rw-r--r--src/irmd/reg/proc.h58
-rw-r--r--src/irmd/reg/prog.c174
-rw-r--r--src/irmd/reg/prog.h53
-rw-r--r--src/irmd/reg/reg.c2242
-rw-r--r--src/irmd/reg/reg.h165
-rw-r--r--src/irmd/reg/tests/CMakeLists.txt33
-rw-r--r--src/irmd/reg/tests/flow_test.c286
-rw-r--r--src/irmd/reg/tests/ipcp_test.c84
-rw-r--r--src/irmd/reg/tests/name_test.c301
-rw-r--r--src/irmd/reg/tests/proc_test.c119
-rw-r--r--src/irmd/reg/tests/prog_test.c115
-rw-r--r--src/irmd/reg/tests/reg_test.c1731
-rw-r--r--src/irmd/registry.c615
-rw-r--r--src/irmd/registry.h126
-rw-r--r--src/irmd/tests/CMakeLists.txt19
-rw-r--r--src/irmd/utils.c64
55 files changed, 14031 insertions, 3872 deletions
diff --git a/src/irmd/CMakeLists.txt b/src/irmd/CMakeLists.txt
index 59d0d103..d65635af 100644
--- a/src/irmd/CMakeLists.txt
+++ b/src/irmd/CMakeLists.txt
@@ -1,52 +1,65 @@
-include_directories(${CMAKE_CURRENT_SOURCE_DIR})
-include_directories(${CMAKE_CURRENT_BINARY_DIR})
-
-include_directories(${CMAKE_SOURCE_DIR}/include)
-include_directories(${CMAKE_BINARY_DIR}/include)
-
-set(IRMD_REQ_ARR_TIMEOUT 500 CACHE STRING
- "Timeout for an application to respond to a new flow (ms)")
-set(IRMD_FLOW_TIMEOUT 5000 CACHE STRING
- "Timeout for a flow allocation response (ms)")
-set(BOOTSTRAP_TIMEOUT 5000 CACHE STRING
- "Timeout for an IPCP to bootstrap (ms)")
-set(ENROLL_TIMEOUT 60000 CACHE STRING
- "Timeout for an IPCP to enroll (ms)")
-set(REG_TIMEOUT 10000 CACHE STRING
- "Timeout for registering a name (ms)")
-set(QUERY_TIMEOUT 3000 CACHE STRING
- "Timeout to query a name with an IPCP (ms)")
-set(CONNECT_TIMEOUT 60000 CACHE STRING
- "Timeout to connect an IPCP to another IPCP (ms)")
-set(IRMD_MIN_THREADS 8 CACHE STRING
- "Minimum number of worker threads in the IRMd.")
-set(IRMD_ADD_THREADS 8 CACHE STRING
- "Number of extra threads to start when the IRMD faces thread starvation")
+# IRMd (IPC Resource Manager daemon) build configuration
+# Configuration options are in cmake/config/global.cmake and cmake/config/irmd.cmake
+
+# Generate and install configuration files if TOML support available
+# HAVE_TOML is set in cmake/dependencies/irmd/libtoml.cmake
+if(HAVE_TOML)
+ set(INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_BINDIR}")
+ configure_file("${CMAKE_SOURCE_DIR}/irmd.conf.in"
+ "${CMAKE_BINARY_DIR}/${OUROBOROS_CONFIG_FILE}.example" @ONLY)
+ configure_file("${CMAKE_SOURCE_DIR}/enc.conf.in"
+ "${CMAKE_BINARY_DIR}/enc.conf.example" @ONLY)
+ install(FILES "${CMAKE_BINARY_DIR}/${OUROBOROS_CONFIG_FILE}.example"
+ DESTINATION "${OUROBOROS_CONFIG_DIR}")
+ install(FILES "${CMAKE_BINARY_DIR}/enc.conf.example"
+ DESTINATION "${OUROBOROS_CONFIG_DIR}")
+ install(CODE "
+ if(NOT EXISTS \"${OUROBOROS_CONFIG_DIR}/${OUROBOROS_CONFIG_FILE}\")
+ file(WRITE \"${OUROBOROS_CONFIG_DIR}/${OUROBOROS_CONFIG_FILE}\" \"\")
+ endif()
+ ")
+ unset(INSTALL_DIR)
+endif()
configure_file("${CMAKE_CURRENT_SOURCE_DIR}/config.h.in"
"${CMAKE_CURRENT_BINARY_DIR}/config.h" @ONLY)
-set(SOURCE_FILES
- # Add source files here
- proc_table.c
- prog_table.c
+set(IRMD_SOURCES
ipcp.c
- irm_flow.c
+ configfile.c
main.c
- registry.c
- utils.c
- )
+ oap/io.c
+ oap/hdr.c
+ oap/auth.c
+ oap/srv.c
+ oap/cli.c
+ reg/flow.c
+ reg/ipcp.c
+ reg/pool.c
+ reg/proc.c
+ reg/prog.c
+ reg/name.c
+ reg/reg.c
+)
+
+add_executable(irmd ${IRMD_SOURCES})
-add_executable (irmd ${SOURCE_FILES})
+target_include_directories(irmd PRIVATE
+ ${CMAKE_CURRENT_SOURCE_DIR}
+ ${CMAKE_CURRENT_BINARY_DIR}
+ ${CMAKE_SOURCE_DIR}/include
+ ${CMAKE_BINARY_DIR}/include)
-target_link_libraries (irmd LINK_PUBLIC ouroboros-common)
+target_link_libraries(irmd PRIVATE ouroboros-common)
+if(HAVE_TOML)
+ target_link_libraries(irmd PRIVATE toml::toml)
+endif()
-include(AddCompileFlags)
-if (CMAKE_BUILD_TYPE MATCHES "Debug*")
- add_compile_flags(irmd -DCONFIG_OUROBOROS_DEBUG)
-endif ()
+ouroboros_target_debug_definitions(irmd)
install(TARGETS irmd RUNTIME DESTINATION ${CMAKE_INSTALL_SBINDIR})
-# Enable once irmd has tests
-# add_subdirectory(tests)
+if(BUILD_TESTS)
+ add_subdirectory(oap/tests)
+ add_subdirectory(reg/tests)
+endif()
diff --git a/src/irmd/config.h.in b/src/irmd/config.h.in
index a7bd9066..e1072193 100644
--- a/src/irmd/config.h.in
+++ b/src/irmd/config.h.in
@@ -1,5 +1,5 @@
/*
- * Ouroboros - Copyright (C) 2016 - 2021
+ * Ouroboros - Copyright (C) 2016 - 2024
*
* Configuration for the IPC Resource Manager
*
@@ -20,36 +20,83 @@
* Foundation, Inc., http://www.fsf.org/about/contact/.
*/
-#define IPCP_UDP_EXEC "@IPCP_UDP_TARGET@"
-#define IPCP_ETH_LLC_EXEC "@IPCP_ETH_LLC_TARGET@"
-#define IPCP_ETH_DIX_EXEC "@IPCP_ETH_DIX_TARGET@"
-#define IPCP_UNICAST_EXEC "@IPCP_UNICAST_TARGET@"
-#define IPCP_BROADCAST_EXEC "@IPCP_BROADCAST_TARGET@"
-#define IPCP_LOCAL_EXEC "@IPCP_LOCAL_TARGET@"
-#define INSTALL_PREFIX "@CMAKE_INSTALL_PREFIX@"
+#define IPCP_UDP4_EXEC "@IPCP_UDP4_TARGET@"
+#define IPCP_UDP6_EXEC "@IPCP_UDP6_TARGET@"
+#define IPCP_ETH_LLC_EXEC "@IPCP_ETH_LLC_TARGET@"
+#define IPCP_ETH_DIX_EXEC "@IPCP_ETH_DIX_TARGET@"
+#define IPCP_UNICAST_EXEC "@IPCP_UNICAST_TARGET@"
+#define IPCP_BROADCAST_EXEC "@IPCP_BROADCAST_TARGET@"
+#define IPCP_LOCAL_EXEC "@IPCP_LOCAL_TARGET@"
-#define PTHREAD_COND_CLOCK @PTHREAD_COND_CLOCK@
+#define INSTALL_PREFIX "@CMAKE_INSTALL_PREFIX@"
+#define INSTALL_SBINDIR "@CMAKE_INSTALL_SBINDIR@"
-#define SOCKET_TIMEOUT @SOCKET_TIMEOUT@
+#define PTHREAD_COND_CLOCK @PTHREAD_COND_CLOCK@
-#define IRMD_REQ_ARR_TIMEOUT @IRMD_REQ_ARR_TIMEOUT@
-#define IRMD_FLOW_TIMEOUT @IRMD_FLOW_TIMEOUT@
+#define SOCKET_TIMEOUT @SOCKET_TIMEOUT@
-#define BOOTSTRAP_TIMEOUT @BOOTSTRAP_TIMEOUT@
-#define ENROLL_TIMEOUT @ENROLL_TIMEOUT@
-#define REG_TIMEOUT @REG_TIMEOUT@
-#define QUERY_TIMEOUT @QUERY_TIMEOUT@
-#define CONNECT_TIMEOUT @CONNECT_TIMEOUT@
+#define IRMD_REQ_ARR_TIMEOUT @IRMD_REQ_ARR_TIMEOUT@
-#define SYS_MAX_FLOWS @SYS_MAX_FLOWS@
+#define FLOW_ALLOC_TIMEOUT @FLOW_ALLOC_TIMEOUT@
+#define FLOW_DEALLOC_TIMEOUT @FLOW_DEALLOC_TIMEOUT@
-#define IRMD_MIN_THREADS @IRMD_MIN_THREADS@
-#define IRMD_ADD_THREADS @IRMD_ADD_THREADS@
+#define OAP_REPLAY_TIMER @OAP_REPLAY_TIMER@
+
+#define BOOTSTRAP_TIMEOUT @BOOTSTRAP_TIMEOUT@
+#define ENROLL_TIMEOUT @ENROLL_TIMEOUT@
+#define REG_TIMEOUT @REG_TIMEOUT@
+#define QUERY_TIMEOUT @QUERY_TIMEOUT@
+#define CONNECT_TIMEOUT @CONNECT_TIMEOUT@
+
+#define SYS_MAX_FLOWS @SYS_MAX_FLOWS@
+#define IRMD_MIN_THREADS @IRMD_MIN_THREADS@
+#define IRMD_ADD_THREADS @IRMD_ADD_THREADS@
+
+#define SSM_PID_GSPP 0
#cmakedefine HAVE_FUSE
#ifdef HAVE_FUSE
-#define FUSE_PREFIX "@FUSE_PREFIX@"
+#define FUSE_PREFIX "@FUSE_PREFIX@"
#endif
+#cmakedefine HAVE_TOML
+#ifdef HAVE_TOML
+#define OUROBOROS_CONFIG_DIR "@OUROBOROS_CONFIG_DIR@"
+#define OUROBOROS_CONFIG_FILE "@OUROBOROS_CONFIG_FILE@"
+#endif
+
+#define OUROBOROS_SECURITY_DIR "@OUROBOROS_SECURITY_DIR@"
+#define OUROBOROS_CA_CRT_DIR "@OUROBOROS_CA_CRT_DIR@"
+#define OUROBOROS_SRV_CRT_DIR "@OUROBOROS_SRV_CRT_DIR@"
+#define OUROBOROS_CLI_CRT_DIR "@OUROBOROS_CLI_CRT_DIR@"
+#define OUROBOROS_CHAIN_DIR "@OUROBOROS_UNTRUSTED_DIR@"
+
+#define IRMD_PKILL_TIMEOUT @IRMD_PKILL_TIMEOUT@
+
+#cmakedefine IRMD_KILL_ALL_PROCESSES
#cmakedefine HAVE_LIBGCRYPT
+#cmakedefine HAVE_OPENSSL
+#ifdef HAVE_OPENSSL
+#cmakedefine HAVE_OPENSSL_PQC
+#endif
+#define IRMD_SECMEM_MAX @IRMD_SECMEM_MAX@
+#ifdef CONFIG_OUROBOROS_DEBUG
+#cmakedefine DEBUG_PROTO_OAP
+#endif
+
+#define _B ""
+#define _G ""
+#define RST ""
+
+#define O7S_ASCII_ART \
+RST "\n" \
+_B " ▄▄█████▄▄▄ \n" \
+_B " ▄█▀▀ ▀▀███▄ " _G " █ \n" \
+_B " ██ ▄▄▄ ▄███▄ " _G "▄ ▄ ▄ ▄ ▄▄ █▄▄ ▄▄ ▄ ▄ ▄▄ ▄▄ \n" \
+_B " ██ █ █ █████ " _G "█ █ █▀ ▀ █ █ █ █ █ █ █▀ ▀ █ █ ▀▄ ▀\n" \
+_B " ██ ▀▄▄▄▀ ▀█▀ " _G "█ █ █ █ █ █ █ █ █ █ █ █ ▄ ▀▄\n" \
+_B " █▄ █ " _G " ▀▀ ▀ ▀ ▀▀ ▀▀▀ ▀▀ ▀ ▀▀ ▀▀ \n" \
+_B " ▀█▄▄▄▄▄▄▄▄▀ \n" \
+_B " ▀▀▀▀▀▀ \n" \
+RST "\n"
diff --git a/src/irmd/configfile.c b/src/irmd/configfile.c
new file mode 100644
index 00000000..ce9fc8fc
--- /dev/null
+++ b/src/irmd/configfile.c
@@ -0,0 +1,1133 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager / Configuration from file
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+
+#include "config.h"
+
+#if defined (HAVE_TOML)
+
+#define _POSIX_C_SOURCE 200809L
+#define _XOPEN_SOURCE 500
+
+#define OUROBOROS_PREFIX "irmd/configuration"
+
+#include <ouroboros/errno.h>
+#include <ouroboros/ipcp.h>
+#include <ouroboros/logs.h>
+#include <ouroboros/utils.h>
+
+#include "irmd.h"
+#include "configfile.h"
+
+#include "reg/reg.h"
+
+#include <assert.h>
+#include <errno.h>
+#include <inttypes.h>
+#include <stdlib.h>
+#include <string.h>
+#include <toml.h>
+#include <arpa/inet.h>
+#ifdef __FreeBSD__
+#include <sys/socket.h>
+#endif
+
+#define ERRBUFSZ 200
+#define DATUMSZ 256
+
+static int toml_hash(toml_table_t * table,
+ struct layer_info * info)
+{
+ toml_datum_t hash;
+
+ hash = toml_string_in(table, "hash");
+ if (!hash.ok) {
+ log_dbg("No hash specified, using default.");
+ return 0;
+ }
+
+ if (strcmp(hash.u.s, "SHA3_224") == 0) {
+ info->dir_hash_algo = DIR_HASH_SHA3_224;
+ } else if (strcmp(hash.u.s, "SHA3_256") == 0) {
+ info->dir_hash_algo = DIR_HASH_SHA3_256;
+ } else if (strcmp(hash.u.s, "SHA3_384") == 0) {
+ info->dir_hash_algo = DIR_HASH_SHA3_384;
+ } else if (strcmp(hash.u.s, "SHA3_512") == 0) {
+ info->dir_hash_algo = DIR_HASH_SHA3_512;
+ } else {
+ log_err("Unknown hash algorithm: %s.", hash.u.s);
+ free(hash.u.s);
+ return -1;
+ }
+
+ free(hash.u.s);
+
+ return 0;
+}
+
+static int toml_local(toml_table_t * table,
+ struct ipcp_config * conf)
+{
+ *conf = local_default_conf;
+
+ return toml_hash(table, &conf->layer_info);
+}
+
+static int toml_eth_dev(toml_table_t * table,
+ struct eth_config * conf)
+{
+ toml_datum_t dev;
+
+ dev = toml_string_in(table, "dev");
+ if (!dev.ok) {
+ log_err("Missing device.");
+ return -1;
+ }
+
+ if (strlen(dev.u.s) > DEV_NAME_SIZE) {
+ log_err("Device name too long: %s", dev.u.s);
+ free(dev.u.s);
+ return -1;
+ }
+
+ strcpy(conf->dev, dev.u.s);
+ free(dev.u.s);
+
+ return 0;
+}
+
+static int toml_eth_llc(toml_table_t * table,
+ struct ipcp_config * conf)
+{
+ *conf = eth_llc_default_conf;
+
+ if (toml_hash(table, &conf->layer_info) < 0)
+ return -1;
+
+ return toml_eth_dev(table, &conf->eth);
+}
+
+
+static int toml_ethertype(toml_table_t * table,
+ struct eth_config * conf)
+{
+ toml_datum_t ethertype;
+
+ ethertype = toml_int_in(table, "ethertype");
+ if (ethertype.ok)
+ conf->ethertype = ethertype.u.i;
+
+ if (conf->ethertype < 0x0600 || conf->ethertype == 0xFFFF)
+ return -1;
+
+ return 0;
+}
+
+static int toml_eth_dix(toml_table_t * table,
+ struct ipcp_config * conf)
+{
+ *conf = eth_dix_default_conf;
+
+ if (toml_hash(table, &conf->layer_info) < 0)
+ return -1;
+
+ if (toml_eth_dev(table, &conf->eth) < 0)
+ return -1;
+
+ if (toml_ethertype(table, &conf->eth) < 0) {
+ log_err("Ethertype not in valid range.");
+ return -1;
+ }
+
+ return 0;
+}
+
+static int toml_udp4(toml_table_t * table,
+ struct ipcp_config * conf)
+{
+ struct udp4_config * udp4;
+ toml_datum_t ip;
+ toml_datum_t port;
+ toml_datum_t dns;
+
+ *conf = udp4_default_conf;
+ udp4 = &conf->udp4;
+
+ ip = toml_string_in(table, "ip");
+ if (!ip.ok) {
+ log_err("No IP address specified!");
+ goto fail_ip;
+ }
+
+ if (inet_pton (AF_INET, ip.u.s, &udp4->ip_addr.s_addr) != 1) {
+ log_err("Failed to parse IPv4 address %s.", ip.u.s);
+ goto fail_addr;
+ }
+
+ port = toml_int_in(table, "port");
+ if (port.ok)
+ udp4->port = port.u.i;
+
+ dns = toml_string_in(table, "dns");
+ if (dns.ok) {
+ if (inet_pton(AF_INET, dns.u.s, &udp4->dns_addr.s_addr) < 0) {
+ log_err("Failed to parse DNS address %s.", ip.u.s);
+ goto fail_dns;
+ }
+
+ free(dns.u.s);
+ }
+
+ free(ip.u.s);
+
+ return 0;
+
+ fail_dns:
+ free(dns.u.s);
+ fail_addr:
+ free(ip.u.s);
+ fail_ip:
+ return -1;
+}
+
+static int toml_udp6(toml_table_t * table,
+ struct ipcp_config * conf)
+{
+ struct in6_addr ip6;
+ struct in6_addr dns6;
+ toml_datum_t ip;
+ toml_datum_t port;
+ toml_datum_t dns;
+
+ *conf = udp6_default_conf;
+ ip6 = conf->udp6.ip_addr;
+ dns6 = conf->udp6.dns_addr;
+
+ ip = toml_string_in(table, "ip");
+ if (!ip.ok) {
+ log_err("No IP address specified!");
+ goto fail_ip;
+ }
+
+ if (inet_pton (AF_INET6, ip.u.s, &ip6.s6_addr) != 1) {
+ log_err("Failed to parse IPv4 address %s.", ip.u.s);
+ goto fail_addr;
+ }
+
+ port = toml_int_in(table, "port");
+ if (port.ok)
+ conf->udp6.port = port.u.i;
+
+ dns = toml_string_in(table, "dns");
+ if (dns.ok) {
+ if (inet_pton(AF_INET6, dns.u.s, &dns6.s6_addr) < 0) {
+ log_err("Failed to parse DNS address %s.", ip.u.s);
+ goto fail_dns;
+ }
+
+ free(dns.u.s);
+ }
+
+ free(ip.u.s);
+
+ return 0;
+
+ fail_dns:
+ free(dns.u.s);
+ fail_addr:
+ free(ip.u.s);
+ fail_ip:
+ return -1;
+}
+
+static int toml_broadcast(toml_table_t * table,
+ struct ipcp_config * conf)
+{
+ (void) table;
+ (void) conf;
+
+ /* Nothing to do here. */
+
+ return 0;
+}
+
+#define BETWEEN(a, b, c) ((a) >= (b) && (a) <= (c))
+#define DHT(conf, x) (conf)->dht.params.x
+static int toml_dir(toml_table_t * table,
+ struct dir_config * conf)
+{
+ toml_datum_t dir;
+ toml_datum_t alpha;
+ toml_datum_t t_expire;
+ toml_datum_t t_refresh;
+ toml_datum_t t_replicate;
+ toml_datum_t k;
+
+ dir = toml_string_in(table, "directory");
+ if (dir.ok) {
+ log_dbg("Found directory type: %s", dir.u.s);
+ if (strlen(dir.u.s) > DATUMSZ) {
+ log_err("Directory name too long: %s", dir.u.s);
+ free(dir.u.s);
+ return -1;
+ }
+ if (strcmp(dir.u.s, "DHT") == 0)
+ conf->pol = DIR_DHT;
+ else if (strcmp(dir.u.s, "dht") == 0)
+ conf->pol = DIR_DHT;
+ else {
+ log_err("Unknown directory type: %s", dir.u.s);
+ free(dir.u.s);
+ return -EINVAL;
+ }
+ free(dir.u.s);
+ }
+
+ switch(conf->pol) {
+ case DIR_DHT:
+ log_info("Using DHT directory policy.");
+ alpha = toml_int_in(table, "dht_alpha");
+ if (alpha.ok) {
+ if (!BETWEEN(alpha.u.i,
+ DHT_ALPHA_MIN, DHT_ALPHA_MAX)) {
+ log_err("Invalid alpha value: %ld",
+ (long) alpha.u.i);
+ return -EINVAL;
+ }
+ DHT(conf, alpha) = alpha.u.i;
+ }
+ t_expire = toml_int_in(table, "dht_t_expire");
+ if (t_expire.ok) {
+ if (!BETWEEN(t_expire.u.i,
+ DHT_T_EXPIRE_MIN, DHT_T_EXPIRE_MAX)) {
+ log_err("Invalid expire time: %ld",
+ (long) t_expire.u.i);
+ return -EINVAL;
+ }
+ DHT(conf, t_expire) = t_expire.u.i;
+ }
+ t_refresh = toml_int_in(table, "dht_t_refresh");
+ if (t_refresh.ok) {
+ if (!BETWEEN(t_refresh.u.i,
+ DHT_T_REFRESH_MIN, DHT_T_REFRESH_MAX)) {
+ log_err("Invalid refresh time: %ld",
+ (long) t_refresh.u.i);
+ return -EINVAL;
+ }
+ DHT(conf, t_refresh) = t_refresh.u.i;
+ }
+ t_replicate = toml_int_in(table, "dht_t_replicate");
+ if (t_replicate.ok) {
+ if (!BETWEEN(t_replicate.u.i,
+ DHT_T_REPLICATE_MIN, DHT_T_REPLICATE_MAX)) {
+ log_err("Invalid replication time: %ld",
+ (long) t_replicate.u.i);
+ return -EINVAL;
+ }
+ DHT(conf, t_replicate) = t_replicate.u.i;
+ }
+ k = toml_int_in(table, "dht_k");
+ if (k.ok) {
+ if (!BETWEEN(k.u.i, DHT_K_MIN, DHT_K_MAX)) {
+ log_err("Invalid replication factor: %ld",
+ (long) k.u.i);
+ return -EINVAL;
+ }
+ DHT(conf, k) = k.u.i;
+ }
+ break;
+ default:
+ assert(false);
+ break;
+ }
+
+ return 0;
+}
+
+static int toml_routing(toml_table_t * table,
+ struct dt_config * conf)
+{
+ toml_datum_t routing;
+ toml_datum_t t_recalc;
+ toml_datum_t t_update;
+ toml_datum_t t_timeo;
+
+ routing = toml_string_in(table, "routing");
+ if (routing.ok) {
+ if (strcmp(routing.u.s, "link-state") == 0) {
+ conf->routing.pol = ROUTING_LINK_STATE;
+ conf->routing.ls.pol = LS_SIMPLE;
+ } else if (strcmp(routing.u.s, "lfa") == 0) {
+ conf->routing.pol = ROUTING_LINK_STATE;
+ conf->routing.ls.pol = LS_LFA;
+ } else if (strcmp(routing.u.s, "ecmp") == 0) {
+ conf->routing.pol = ROUTING_LINK_STATE;
+ conf->routing.ls.pol = LS_ECMP;
+ } else {
+ conf->routing.pol = ROUTING_INVALID;
+ return -EINVAL;
+ }
+ free(routing.u.s);
+ }
+
+ switch (conf->routing.pol) {
+ case ROUTING_LINK_STATE:
+ log_info("Using Link State routing policy.");
+ t_recalc = toml_int_in(table, "ls_t_recalc");
+ if (t_recalc.ok) {
+ if (t_recalc.u.i < 1) {
+ log_err("Invalid ls_t_recalc value: %ld",
+ (long) t_recalc.u.i);
+ return -EINVAL;
+ }
+ conf->routing.ls.t_recalc = t_recalc.u.i;
+ }
+ t_update = toml_int_in(table, "ls_t_update");
+ if (t_update.ok) {
+ if (t_update.u.i < 1) {
+ log_err("Invalid ls_t_update value: %ld",
+ (long) t_update.u.i);
+ return -EINVAL;
+ }
+ conf->routing.ls.t_update = t_update.u.i;
+ }
+ t_timeo = toml_int_in(table, "ls_t_timeo");
+ if (t_timeo.ok) {
+ if (t_timeo.u.i < 1) {
+ log_err("Invalid ls_t_timeo value: %ld",
+ (long) t_timeo.u.i);
+ return -EINVAL;
+ }
+ conf->routing.ls.t_timeo = t_timeo.u.i;
+ }
+ break;
+ default:
+ log_err("Invalid routing policy: %d", conf->routing.pol);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+static int toml_addr_auth(toml_table_t * table,
+ struct uni_config * conf)
+{
+ toml_datum_t addr_auth;
+
+ addr_auth = toml_string_in(table, "addr-auth");
+ if (addr_auth.ok) {
+ if (strcmp(addr_auth.u.s, "flat") == 0)
+ conf->addr_auth_type = ADDR_AUTH_FLAT_RANDOM;
+ else
+ conf->addr_auth_type = ADDR_AUTH_INVALID;
+ free(addr_auth.u.s);
+ }
+
+ if (conf->addr_auth_type == ADDR_AUTH_INVALID)
+ return -1;
+
+ return 0;
+}
+
+static int toml_congestion(toml_table_t * table,
+ struct uni_config * conf)
+{
+ toml_datum_t congestion;
+
+ congestion = toml_string_in(table, "congestion");
+ if (congestion.ok) {
+ if (strcmp(congestion.u.s, "none") == 0)
+ conf->cong_avoid = CA_NONE;
+ else if (strcmp(congestion.u.s, "lfa") == 0)
+ conf->cong_avoid = CA_MB_ECN;
+ else
+ conf->cong_avoid = CA_INVALID;
+ free(congestion.u.s);
+
+ }
+
+ if (conf->cong_avoid == CA_INVALID)
+ return -1;
+
+ return 0;
+}
+
+static int toml_dt(toml_table_t * table,
+ struct dt_config * conf)
+{
+ toml_datum_t addr;
+ toml_datum_t eid;
+ toml_datum_t ttl;
+
+ addr = toml_int_in(table, "addr_size");
+ if (addr.ok)
+ conf->addr_size = addr.u.i;
+
+ eid = toml_int_in(table, "eid_size");
+ if (eid.ok)
+ conf->eid_size = eid.u.i;
+
+ ttl = toml_int_in(table, "max_ttl");
+ if (ttl.ok)
+ conf->max_ttl = ttl.u.i;
+
+ if (toml_routing(table, conf) < 0) {
+ log_err("Invalid routing option.");
+ return -1;
+ }
+
+ return 0;
+}
+
+static int toml_unicast(toml_table_t * table,
+ struct ipcp_config * conf)
+{
+ *conf = uni_default_conf;
+
+ if (toml_dir(table, &conf->unicast.dir) < 0) {
+ log_err("Invalid directory configuration.");
+ return -1;
+ }
+
+ if (toml_dt(table, &conf->unicast.dt) < 0) {
+ log_err("Invalid DT configuration.");
+ return -1;
+ }
+
+ if (toml_addr_auth(table, &conf->unicast) < 0) {
+ log_err("Invalid address authority");
+ return -1;
+ }
+
+ if (toml_congestion(table, &conf->unicast) < 0) {
+ log_err("Invalid congestion avoidance algorithm.");
+ return -1;
+ }
+
+
+ return 0;
+}
+
+static int toml_autobind(toml_table_t * table,
+ pid_t pid,
+ const char * name,
+ const char * layer)
+{
+ toml_datum_t autobind;
+
+ autobind = toml_bool_in(table, "autobind");
+ if (!autobind.ok)
+ return 0;
+
+ if (bind_process(pid, name) < 0) {
+ log_err("Failed to bind IPCP process %d to %s.", pid, name);
+ return -1;
+ }
+
+ if (layer != NULL && bind_process(pid, layer) < 0) {
+ log_err("Failed to bind IPCP process %d to %s.", pid, layer);
+ return -1;
+ }
+
+ return 0;
+}
+
+static int toml_register(toml_table_t * table,
+ pid_t pid)
+{
+ toml_array_t * reg;
+ int i;
+ int ret = 0;
+ struct name_info info = {
+ .pol_lb = LB_SPILL
+ };
+
+ reg = toml_array_in(table, "reg");
+ if (reg == NULL)
+ return 0;
+
+ for (i = 0; ret == 0; i++) {
+ toml_datum_t name;
+
+ name = toml_string_at(reg, i);
+ if (!name.ok)
+ break;
+
+ log_dbg("Registering %s in %d", name.u.s, pid);
+
+ strcpy(info.name, name.u.s);
+
+ ret = name_create(&info);
+ if (ret < 0 && ret != -ENAME) {
+ free(name.u.s);
+ break;
+ }
+
+ ret = name_reg(name.u.s, pid);
+ free(name.u.s);
+ }
+
+ return ret;
+}
+
+static int toml_connect(toml_table_t * table,
+ pid_t pid)
+{
+ toml_array_t * conn;
+ int i;
+ int ret = 0;
+
+ conn = toml_array_in(table, "conn");
+ if (conn == NULL)
+ return 0;
+
+ for (i=0; ret == 0; i++) {
+ toml_datum_t dst;
+ qosspec_t qs = qos_raw;
+
+ dst = toml_string_at(conn, i);
+ if (!dst.ok)
+ break;
+
+ log_dbg("Connecting %d to %s", pid, dst.u.s);
+
+ ret = connect_ipcp(pid, dst.u.s, MGMT_COMP, qs);
+ if (ret == 0)
+ ret = connect_ipcp(pid, dst.u.s, DT_COMP, qs);
+
+ free(dst.u.s);
+ }
+
+ return ret;
+}
+
+static int toml_ipcp(toml_table_t * table,
+ struct ipcp_info * info,
+ struct ipcp_config * conf)
+{
+ toml_datum_t bootstrap;
+ toml_datum_t enrol;
+ int ret;
+
+ log_dbg("Found IPCP %s in configuration file.", info->name);
+
+ if (create_ipcp(info) < 0) {
+ log_err("Failed to create IPCP %s.", info->name);
+ return -1;
+ }
+
+ bootstrap = toml_string_in(table, "bootstrap");
+ enrol = toml_string_in(table, "enrol");
+
+ if (bootstrap.ok && enrol.ok) {
+ log_err("Ignoring bootstrap for IPCP %s.", info->name);
+ free(bootstrap.u.s);
+ bootstrap.ok = false;
+ }
+
+ if (!bootstrap.ok && !enrol.ok) {
+ log_dbg("Nothing more to do for %s.", info->name);
+ return 0;
+ }
+
+ if (enrol.ok) {
+ struct layer_info layer;
+ ret = enroll_ipcp(info->pid, enrol.u.s);
+ free(enrol.u.s);
+ if (ret < 0) {
+ log_err("Failed to enrol %s.", info->name);
+ return -1;
+ }
+
+ if (reg_get_ipcp(info, &layer) < 0)
+ return -1;
+
+ if (toml_autobind(table, info->pid, info->name, layer.name))
+ return -1;
+
+ if (toml_register(table, info->pid) < 0) {
+ log_err("Failed to register names.");
+ return -1;
+ }
+
+ if (toml_connect(table, info->pid) < 0) {
+ log_err("Failed to register names.");
+ return -1;
+ }
+
+ return 0;
+ }
+
+ assert(bootstrap.ok);
+
+ if (strlen(bootstrap.u.s) > LAYER_NAME_SIZE) {
+ log_err("Layer name too long: %s", bootstrap.u.s);
+ free(bootstrap.u.s);
+ return -1;
+ }
+
+ switch (conf->type) {
+ case IPCP_LOCAL:
+ ret = toml_local(table, conf);
+ break;
+ case IPCP_ETH_DIX:
+ ret = toml_eth_dix(table, conf);
+ break;
+ case IPCP_ETH_LLC:
+ ret = toml_eth_llc(table, conf);
+ break;
+ case IPCP_UDP4:
+ ret = toml_udp4(table, conf);
+ break;
+ case IPCP_UDP6:
+ ret = toml_udp6(table, conf);
+ break;
+ case IPCP_BROADCAST:
+ ret = toml_broadcast(table, conf);
+ break;
+ case IPCP_UNICAST:
+ ret = toml_unicast(table, conf);
+ break;
+ default:
+ log_err("Invalid IPCP type");
+ ret = -1;
+ }
+
+ if (ret < 0)
+ return -1;
+
+ strcpy(conf->layer_info.name, bootstrap.u.s);
+ free(bootstrap.u.s);
+
+ if (bootstrap_ipcp(info->pid, conf) < 0)
+ return -1;
+
+ if (toml_autobind(table, info->pid, info->name,
+ conf->layer_info.name) < 0)
+ return -1;
+
+ if (toml_register(table, info->pid) < 0) {
+ log_err("Failed to register names.");
+ return -1;
+ }
+
+ return 0;
+}
+
+static int toml_ipcp_list(toml_table_t * table,
+ enum ipcp_type type)
+{
+ int i = 0;
+ int ret = 0;
+
+ for (i = 0; ret == 0; i++) {
+ const char * key;
+ struct ipcp_info info;
+ struct ipcp_config conf;
+
+ memset(&conf, 0, sizeof(conf));
+ memset(&info, 0, sizeof(info));
+
+ key = toml_key_in(table, i);
+ if (key == NULL)
+ break;
+
+ if (strlen(key) > IPCP_NAME_SIZE) {
+ log_err("IPCP name too long: %s,", key);
+ return -1;
+ }
+
+ info.type = type;
+ strcpy(info.name, key);
+ conf.type = type;
+
+ ret = toml_ipcp(toml_table_in(table, key), &info, &conf);
+ }
+
+ return ret;
+}
+
+static int args_to_argv(const char * prog,
+ const char * args,
+ char *** argv)
+{
+ char * tok;
+ char * str;
+ int argc = 0;
+
+ str = (char *) args;
+
+ if (str != NULL) {
+ tok = str;
+ while (*(tok += strspn(tok, " ")) != '\0') {
+ tok += strcspn(tok, " ");
+ argc++;
+ }
+ }
+
+ *argv = malloc((argc + 2) * sizeof(**argv));
+ if (*argv == NULL)
+ goto fail_malloc;
+
+ (*argv)[0] = strdup(prog);
+ if ((*argv)[0] == NULL)
+ goto fail_malloc2;
+
+ argc = 1;
+
+ if (str == NULL)
+ goto finish;
+
+ tok = str;
+ while (*(tok += strspn(tok, " ")) != '\0') {
+ size_t toklen = strcspn(tok, " ");
+ (*argv)[argc] = malloc((toklen + 1) * sizeof(***argv));
+ if ((*argv)[argc] == NULL)
+ goto fail_malloc2;
+
+ strncpy((*argv)[argc], tok, toklen);
+ (*argv)[argc++][toklen] = '\0';
+ tok += toklen;
+ }
+
+ finish:
+ (*argv)[argc] = NULL;
+
+ return argc;
+
+ fail_malloc2:
+ argvfree(*argv);
+ fail_malloc:
+ return -1;
+
+}
+
+static int toml_prog(const char * prog,
+ const char * args,
+ const char * name)
+{
+ uint16_t flags = 0;
+ int argc;
+ char ** exec;
+ int ret;
+
+ if (args != NULL)
+ flags |= BIND_AUTO;
+
+ argc = args_to_argv(prog, args, &exec);
+ if (argc < 0) {
+ log_err("Failed to parse arguments: %s", args);
+ return -1;
+ }
+
+ ret = bind_program(exec, name, flags);
+ if (ret < 0)
+ log_err("Failed to bind program %s %s for name %s.",
+ prog, args, name);
+
+ argvfree(exec);
+
+ return ret;
+}
+
+static int toml_prog_list(toml_array_t * progs,
+ toml_array_t * args,
+ const char * name)
+{
+ int ret = 0;
+ int i;
+
+ for (i = 0; ret == 0; i++) {
+ toml_datum_t prog;
+ toml_datum_t arg;
+
+ prog = toml_string_at(progs, i);
+ if (!prog.ok)
+ break;
+
+ if (args == NULL) {
+ ret = toml_prog(prog.u.s, NULL, name);
+ } else {
+ arg = toml_string_at(args, i);
+ if (!arg.ok) {
+ args = NULL; /* no more arguments in list. */
+ assert(arg.u.s == NULL);
+ }
+
+ ret = toml_prog(prog.u.s, arg.u.s, name);
+
+ if (arg.ok)
+ free(arg.u.s);
+ }
+
+ free(prog.u.s);
+ }
+
+ return ret;
+}
+
+static int cp_chk_path(char * buf,
+ char * path)
+{
+ char * rp;
+
+ assert(path != NULL);
+
+ rp = realpath(path, NULL);
+ if (rp == NULL) {
+ log_err("Failed to check path %s: %s.", path, strerror(errno));
+ goto fail_rp;
+ }
+
+ if (strlen(rp) > NAME_PATH_SIZE) {
+ log_err("File path too long: %s.", rp);
+ goto fail_len;
+ }
+
+ strcpy(buf, rp);
+ free(rp);
+ free(path);
+
+ return 0;
+
+ fail_len:
+ free(rp);
+ fail_rp:
+ free(path);
+ return -1;
+}
+
+static int toml_name(toml_table_t * table,
+ const char * name)
+{
+ toml_array_t * progs;
+ toml_array_t * args;
+ toml_datum_t lb;
+ toml_datum_t senc;
+ toml_datum_t scrt;
+ toml_datum_t skey;
+ toml_datum_t cenc;
+ toml_datum_t ccrt;
+ toml_datum_t ckey;
+
+ struct name_info info = {
+ .pol_lb = LB_SPILL
+ };
+
+ log_dbg("Found service name %s in configuration file.", name);
+
+ if (strlen(name) > NAME_SIZE) {
+ log_err("Name too long: %s", name);
+ return -1;
+ }
+
+ strcpy(info.name, name);
+
+ lb = toml_string_in(table, "lb");
+ if (lb.ok) {
+ if (strcmp(lb.u.s, "spill") == 0)
+ info.pol_lb = LB_SPILL;
+ else if (strcmp(lb.u.s, "round-robin") == 0)
+ info.pol_lb = LB_RR;
+ else
+ info.pol_lb = LB_INVALID;
+ free(lb.u.s);
+ }
+
+ if (info.pol_lb == LB_INVALID) {
+ log_err("Invalid load-balancing policy for %s.", name);
+ return -1;
+ }
+ senc = toml_string_in(table, "server_enc_file");
+ if (senc.ok && cp_chk_path(info.s.enc, senc.u.s) < 0)
+ return -1;
+
+ scrt = toml_string_in(table, "server_crt_file");
+ if (scrt.ok && cp_chk_path(info.s.crt, scrt.u.s) < 0)
+ return -1;
+
+ skey = toml_string_in(table, "server_key_file");
+ if (skey.ok && cp_chk_path(info.s.key, skey.u.s) < 0)
+ return -1;
+
+ cenc = toml_string_in(table, "client_enc_file");
+ if (cenc.ok && cp_chk_path(info.c.enc, cenc.u.s) < 0)
+ return -1;
+
+ ccrt = toml_string_in(table, "client_crt_file");
+ if (ccrt.ok && cp_chk_path(info.c.crt, ccrt.u.s) < 0)
+ return -1;
+
+ ckey = toml_string_in(table, "client_key_file");
+ if (ckey.ok && cp_chk_path(info.c.key, ckey.u.s) < 0)
+ return -1;
+
+ if (name_create(&info) < 0) {
+ log_err("Failed to create name %s.", name);
+ return -1;
+ }
+
+ progs = toml_array_in(table, "prog");
+ if (progs == NULL)
+ return 0;
+
+ args = toml_array_in(table, "args");
+ if (toml_prog_list(progs, args, name) < 0)
+ return -1;
+
+ return 0;
+}
+
+static int toml_name_list(toml_table_t * table)
+{
+ int i = 0;
+ int ret = 0;
+
+ for (i = 0; ret == 0; i++) {
+ const char * key;
+
+ key = toml_key_in(table, i);
+ if (key == NULL)
+ break;
+
+ ret = toml_name(toml_table_in(table, key), key);
+ }
+
+ return ret;
+ return 0;
+}
+
+static int toml_toplevel(toml_table_t * table,
+ const char * key)
+{
+ toml_table_t * subtable;
+
+ subtable = toml_table_in(table, key);
+ if (strcmp(key, "name") == 0)
+ return toml_name_list(subtable);
+ else if (strcmp(key, "local") == 0)
+ return toml_ipcp_list(subtable, IPCP_LOCAL);
+ else if (strcmp(key, "eth-dix") == 0)
+ return toml_ipcp_list(subtable, IPCP_ETH_DIX);
+ else if (strcmp(key, "eth-llc") == 0)
+ return toml_ipcp_list(subtable, IPCP_ETH_LLC);
+ else if (strcmp(key, "udp4") == 0)
+ return toml_ipcp_list(subtable, IPCP_UDP4);
+ else if (strcmp(key, "udp6") == 0)
+ return toml_ipcp_list(subtable, IPCP_UDP6);
+ else if (strcmp(key, "broadcast") == 0)
+ return toml_ipcp_list(subtable, IPCP_BROADCAST);
+ else if (strcmp(key, "unicast") == 0)
+ return toml_ipcp_list(subtable, IPCP_UNICAST);
+ else
+ log_err("Unkown toplevel key: %s.", key);
+ return -1;
+}
+
+static int toml_load(toml_table_t * table)
+{
+ int i = 0;
+ int ret = 0;
+
+ for (i = 0; ret == 0; i++) {
+ const char * key;
+
+ key = toml_key_in(table, i);
+ if (key == NULL)
+ break;
+
+ ret = toml_toplevel(table, key);
+ }
+
+ return ret;
+}
+
+static int toml_cfg(FILE * fp)
+{
+ toml_table_t * table;
+ char errbuf[ERRBUFSZ + 1];
+
+ assert(fp != NULL);
+
+ table = toml_parse_file(fp, errbuf, sizeof(errbuf));
+ if (table == NULL) {
+ log_err("Failed to parse config file: %s.", errbuf);
+ goto fail_parse;
+ }
+
+ if (toml_load(table) < 0) {
+ log_err("Failed to load configuration.");
+ goto fail_load;
+ }
+
+ toml_free(table);
+
+ return 0;
+
+ fail_load:
+ toml_free(table);
+ fail_parse:
+ return -1;
+}
+
+int irm_configure(const char * path)
+{
+ FILE * fp;
+ char * rp;
+
+ if (path == NULL)
+ return 0;
+
+ rp = realpath(path, NULL);
+ if (rp == NULL) {
+ log_err("Failed to check path for %s: %s.",
+ path, strerror(errno));
+ goto fail_resolve;
+ }
+
+ log_info("Reading configuration from file %s", rp);
+
+ fp = fopen(rp, "r");
+ if (fp == NULL) {
+ log_err("Failed to open config file: %s\n", strerror(errno));
+ goto fail_fopen;
+ }
+
+ if (toml_cfg(fp) < 0) {
+ log_err("Failed to load config file.");
+ goto fail_cfg;
+ }
+
+ fclose(fp);
+ free(rp);
+
+ return 0;
+
+ fail_cfg:
+ fclose(fp);
+ fail_fopen:
+ free(rp);
+ fail_resolve:
+ return -1;
+}
+
+#endif /* HAVE_TOML */
diff --git a/src/irmd/configfile.h b/src/irmd/configfile.h
new file mode 100644
index 00000000..3ccf53fd
--- /dev/null
+++ b/src/irmd/configfile.h
@@ -0,0 +1,29 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager / Configuration from file
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+
+#ifndef OUROBOROS_IRMD_CONFIGURATION_H
+#define OUROBOROS_IRMD_CONFIGURATION_H
+
+int irm_configure(const char * path);
+
+#endif /* OUROBOROS_IRMD_CONFIGURATION_H */
diff --git a/src/irmd/ipcp.c b/src/irmd/ipcp.c
index ae5325c5..d261fc57 100644
--- a/src/irmd/ipcp.c
+++ b/src/irmd/ipcp.c
@@ -1,5 +1,5 @@
/*
- * Ouroboros - Copyright (C) 2016 - 2021
+ * Ouroboros - Copyright (C) 2016 - 2024
*
* The API to instruct IPCPs
*
@@ -20,195 +20,183 @@
* Foundation, Inc., http://www.fsf.org/about/contact/.
*/
-#define _POSIX_C_SOURCE 199309L
+#define _POSIX_C_SOURCE 200112L
#include "config.h"
#define OUROBOROS_PREFIX "irmd/ipcp"
-#include <ouroboros/logs.h>
#include <ouroboros/errno.h>
-#include <ouroboros/utils.h>
+#include <ouroboros/flow.h>
+#include <ouroboros/logs.h>
#include <ouroboros/sockets.h>
+#include <ouroboros/time.h>
+#include <ouroboros/utils.h>
#include "ipcp.h"
-#include <stdlib.h>
-#include <string.h>
+#include <fcntl.h>
+#include <pthread.h>
#include <signal.h>
+#include <spawn.h>
#include <stdbool.h>
-#include <pthread.h>
+#include <stdlib.h>
+#include <string.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/socket.h>
#include <sys/time.h>
-#include <spawn.h>
-ipcp_msg_t * send_recv_ipcp_msg(pid_t pid,
- ipcp_msg_t * msg)
+static char * str_ipcp_cmd(int code)
{
- int sockfd = 0;
- uint8_t buf[SOCK_BUF_SIZE];
- char * sock_path = NULL;
- ssize_t len;
- ipcp_msg_t * recv_msg = NULL;
- struct timeval tv;
-
- if (kill(pid, 0) < 0)
- return NULL;
-
- sock_path = ipcp_sock_path(pid);
- if (sock_path == NULL)
- return NULL;
-
- sockfd = client_socket_open(sock_path);
- if (sockfd < 0) {
- free(sock_path);
- return NULL;
- }
-
- free(sock_path);
-
- len = ipcp_msg__get_packed_size(msg);
- if (len == 0) {
- close(sockfd);
- return NULL;
- }
-
- switch (msg->code) {
- case IPCP_MSG_CODE__IPCP_BOOTSTRAP:
- tv.tv_sec = BOOTSTRAP_TIMEOUT / 1000;
- tv.tv_usec = (BOOTSTRAP_TIMEOUT % 1000) * 1000;
- break;
- case IPCP_MSG_CODE__IPCP_ENROLL:
- tv.tv_sec = ENROLL_TIMEOUT / 1000;
- tv.tv_usec = (ENROLL_TIMEOUT % 1000) * 1000;
- break;
- case IPCP_MSG_CODE__IPCP_REG:
- tv.tv_sec = REG_TIMEOUT / 1000;
- tv.tv_usec = (REG_TIMEOUT % 1000) * 1000;
- break;
- case IPCP_MSG_CODE__IPCP_QUERY:
- tv.tv_sec = QUERY_TIMEOUT / 1000;
- tv.tv_usec = (QUERY_TIMEOUT % 1000) * 1000;
- break;
- case IPCP_MSG_CODE__IPCP_CONNECT:
- tv.tv_sec = CONNECT_TIMEOUT / 1000;
- tv.tv_usec = (CONNECT_TIMEOUT % 1000) * 1000;
- break;
- default:
- tv.tv_sec = SOCKET_TIMEOUT / 1000;
- tv.tv_usec = (SOCKET_TIMEOUT % 1000) * 1000;
- break;
- }
-
- if (setsockopt(sockfd, SOL_SOCKET, SO_RCVTIMEO,
- (void *) &tv, sizeof(tv)))
- log_warn("Failed to set timeout on socket.");
-
- pthread_cleanup_push(__cleanup_close_ptr, (void *) &sockfd);
-
- ipcp_msg__pack(msg, buf);
-
- if (write(sockfd, buf, len) != -1)
- len = read(sockfd, buf, SOCK_BUF_SIZE);
-
- if (len > 0)
- recv_msg = ipcp_msg__unpack(NULL, len, buf);
-
- pthread_cleanup_pop(true);
-
- return recv_msg;
+ switch (code) {
+ case IPCP_MSG_CODE__IPCP_BOOTSTRAP:
+ return "bootstrap";
+ case IPCP_MSG_CODE__IPCP_ENROLL:
+ return "enroll";
+ case IPCP_MSG_CODE__IPCP_CONNECT:
+ return "connect";
+ case IPCP_MSG_CODE__IPCP_DISCONNECT:
+ return "disconnect";
+ case IPCP_MSG_CODE__IPCP_REG:
+ return "reg";
+ case IPCP_MSG_CODE__IPCP_UNREG:
+ return "unreg";
+ case IPCP_MSG_CODE__IPCP_QUERY:
+ return "query";
+ case IPCP_MSG_CODE__IPCP_FLOW_JOIN:
+ return "join";
+ case IPCP_MSG_CODE__IPCP_FLOW_ALLOC:
+ return "alloc";
+ case IPCP_MSG_CODE__IPCP_FLOW_ALLOC_RESP:
+ return "alloc_resp";
+ case IPCP_MSG_CODE__IPCP_FLOW_DEALLOC:
+ return "dealloc";
+ default:
+ assert(false);
+ return "unknown";
+ }
}
-pid_t ipcp_create(const char * name,
- enum ipcp_type ipcp_type)
+ipcp_msg_t * send_recv_ipcp_msg(pid_t pid,
+ ipcp_msg_t * msg)
{
- pid_t pid = -1;
- char * ipcp_dir = "/sbin/";
- char * exec_name = NULL;
- char irmd_pid[10];
- char full_name[256];
- char * argv[5];
-
- switch(ipcp_type) {
- case IPCP_UNICAST:
- exec_name = IPCP_UNICAST_EXEC;
+ int sockfd;
+ uint8_t buf[SOCK_BUF_SIZE];
+ char * spath;
+ ssize_t len;
+ struct timeval tv;
+ struct timespec tic;
+ struct timespec toc;
+ bool may_fail = false;
+
+ if (kill(pid, 0) < 0)
+ return NULL;
+
+ spath = sock_path(pid, IPCP_SOCK_PATH_PREFIX);
+ if (spath == NULL) {
+ log_err("Failed to get IPCP socket path for pid %d.", pid);
+ return NULL;
+ }
+
+ sockfd = client_socket_open(spath);
+ if (sockfd < 0) {
+ log_err("Failed to open client socket at %s.", spath);
+ free(spath);
+ return NULL;
+ }
+
+ free(spath);
+
+ len = ipcp_msg__get_packed_size(msg);
+ if (len == 0 || len >= SOCK_BUF_SIZE) {
+ log_warn("IPCP message has invalid size: %zd.", len);
+ close(sockfd);
+ return NULL;
+ }
+
+ switch (msg->code) {
+ case IPCP_MSG_CODE__IPCP_BOOTSTRAP:
+ tv.tv_sec = BOOTSTRAP_TIMEOUT / 1000;
+ tv.tv_usec = (BOOTSTRAP_TIMEOUT % 1000) * 1000;
+ break;
+ case IPCP_MSG_CODE__IPCP_ENROLL:
+ tv.tv_sec = ENROLL_TIMEOUT / 1000;
+ tv.tv_usec = (ENROLL_TIMEOUT % 1000) * 1000;
break;
- case IPCP_BROADCAST:
- exec_name = IPCP_BROADCAST_EXEC;
+ case IPCP_MSG_CODE__IPCP_REG:
+ tv.tv_sec = REG_TIMEOUT / 1000;
+ tv.tv_usec = (REG_TIMEOUT % 1000) * 1000;
break;
- case IPCP_UDP:
- exec_name = IPCP_UDP_EXEC;
+ case IPCP_MSG_CODE__IPCP_QUERY:
+ may_fail = true; /* name not always in Layer */
+ tv.tv_sec = QUERY_TIMEOUT / 1000;
+ tv.tv_usec = (QUERY_TIMEOUT % 1000) * 1000;
break;
- case IPCP_ETH_LLC:
- exec_name = IPCP_ETH_LLC_EXEC;
+ case IPCP_MSG_CODE__IPCP_CONNECT:
+ tv.tv_sec = CONNECT_TIMEOUT / 1000;
+ tv.tv_usec = (CONNECT_TIMEOUT % 1000) * 1000;
break;
- case IPCP_ETH_DIX:
- exec_name = IPCP_ETH_DIX_EXEC;
+ case IPCP_MSG_CODE__IPCP_FLOW_ALLOC:
+ tv.tv_sec = FLOW_ALLOC_TIMEOUT / 1000;
+ tv.tv_usec = (FLOW_ALLOC_TIMEOUT % 1000) * 1000;
break;
- case IPCP_LOCAL:
- exec_name = IPCP_LOCAL_EXEC;
+ case IPCP_MSG_CODE__IPCP_FLOW_DEALLOC:
+ may_fail = true;
+ tv.tv_sec = 0; /* FIX DEALLOC: don't wait for dealloc */
+ tv.tv_usec = 500;
break;
default:
- return -1;
+ tv.tv_sec = SOCKET_TIMEOUT / 1000;
+ tv.tv_usec = (SOCKET_TIMEOUT % 1000) * 1000;
+ break;
}
- if (strlen(exec_name) == 0) {
- log_err("IPCP type not installed.");
- return -1;
- }
+ if (setsockopt(sockfd, SOL_SOCKET, SO_RCVTIMEO,
+ (void *) &tv, sizeof(tv)))
+ log_warn("Failed to set timeout on socket.");
- sprintf(irmd_pid, "%u", getpid());
+ pthread_cleanup_push(__cleanup_close_ptr, (void *) &sockfd);
- strcpy(full_name, INSTALL_PREFIX);
- strcat(full_name, ipcp_dir);
- strcat(full_name, exec_name);
+ ipcp_msg__pack(msg, buf);
- /* log_file to be placed at the end */
- argv[0] = full_name;
- argv[1] = irmd_pid;
- argv[2] = (char *) name;
- if (log_syslog)
- argv[3] = "1";
- else
- argv[3] = NULL;
+ clock_gettime(CLOCK_REALTIME, &tic);
- argv[4] = NULL;
+ if (write(sockfd, buf, len) != -1)
+ len = read(sockfd, buf, SOCK_BUF_SIZE);
- if (posix_spawn(&pid, argv[0], NULL, NULL, argv, NULL)) {
- log_err("Failed to spawn new process");
- return -1;
- }
+ clock_gettime(CLOCK_REALTIME, &toc);
- return pid;
-}
+ pthread_cleanup_pop(true); /* close socket */
-int ipcp_destroy(pid_t pid)
-{
- if (kill(pid, SIGTERM)) {
- log_err("Failed to destroy IPCP");
- return -1;
+ if (len > 0)
+ return ipcp_msg__unpack(NULL, len, buf);
+
+ if (errno == EAGAIN && !may_fail) {
+ int diff = ts_diff_ms(&toc, &tic);
+ log_warn("IPCP %s timed out after %d ms.",
+ str_ipcp_cmd(msg->code), diff);
}
- return 0;
+ return NULL;
}
-int ipcp_bootstrap(pid_t pid,
- ipcp_config_msg_t * conf,
- struct layer_info * info)
+int ipcp_bootstrap(pid_t pid,
+ struct ipcp_config * conf,
+ struct layer_info * info)
{
- ipcp_msg_t msg = IPCP_MSG__INIT;
- ipcp_msg_t * recv_msg = NULL;
- int ret = -1;
+ ipcp_msg_t msg = IPCP_MSG__INIT;
+ ipcp_msg_t * recv_msg;
+ int ret;
if (conf == NULL)
return -EINVAL;
msg.code = IPCP_MSG_CODE__IPCP_BOOTSTRAP;
- msg.conf = conf;
+ msg.conf = ipcp_config_s_to_msg(conf);
recv_msg = send_recv_ipcp_msg(pid, &msg);
+ ipcp_config_msg__free_unpacked(msg.conf, NULL);
if (recv_msg == NULL)
return -EIPCP;
@@ -229,7 +217,7 @@ int ipcp_bootstrap(pid_t pid,
}
info->dir_hash_algo = recv_msg->layer_info->dir_hash_algo;
- strcpy(info->layer_name, recv_msg->layer_info->layer_name);
+ strcpy(info->name, recv_msg->layer_info->name);
ret = recv_msg->result;
ipcp_msg__free_unpacked(recv_msg, NULL);
@@ -241,9 +229,9 @@ int ipcp_enroll(pid_t pid,
const char * dst,
struct layer_info * info)
{
- ipcp_msg_t msg = IPCP_MSG__INIT;
- ipcp_msg_t * recv_msg = NULL;
- int ret = -1;
+ ipcp_msg_t msg = IPCP_MSG__INIT;
+ ipcp_msg_t * recv_msg;
+ int ret;
if (dst == NULL)
return -EINVAL;
@@ -272,7 +260,7 @@ int ipcp_enroll(pid_t pid,
}
info->dir_hash_algo = recv_msg->layer_info->dir_hash_algo;
- strcpy(info->layer_name, recv_msg->layer_info->layer_name);
+ strcpy(info->name, recv_msg->layer_info->name);
ipcp_msg__free_unpacked(recv_msg, NULL);
@@ -284,20 +272,19 @@ int ipcp_connect(pid_t pid,
const char * component,
qosspec_t qs)
{
- ipcp_msg_t msg = IPCP_MSG__INIT;
- qosspec_msg_t qs_msg = QOSSPEC_MSG__INIT;
- int ret = -1;
+ ipcp_msg_t msg = IPCP_MSG__INIT;
ipcp_msg_t * recv_msg;
+ int ret;
msg.code = IPCP_MSG_CODE__IPCP_CONNECT;
msg.dst = (char *) dst;
msg.comp = (char *) component;
msg.has_pid = true;
msg.pid = pid;
- qs_msg = spec_to_msg(&qs);
- msg.qosspec = &qs_msg;
+ msg.qosspec = qos_spec_s_to_msg(&qs);
recv_msg = send_recv_ipcp_msg(pid, &msg);
+ free(msg.qosspec);
if (recv_msg == NULL)
return -EIPCP;
@@ -316,9 +303,9 @@ int ipcp_disconnect(pid_t pid,
const char * dst,
const char * component)
{
- ipcp_msg_t msg = IPCP_MSG__INIT;
- ipcp_msg_t * recv_msg = NULL;
- int ret = -1;
+ ipcp_msg_t msg = IPCP_MSG__INIT;
+ ipcp_msg_t * recv_msg;
+ int ret;
msg.code = IPCP_MSG_CODE__IPCP_DISCONNECT;
msg.dst = (char *) dst;
@@ -341,20 +328,17 @@ int ipcp_disconnect(pid_t pid,
return ret;
}
-int ipcp_reg(pid_t pid,
- const uint8_t * hash,
- size_t len)
+int ipcp_reg(pid_t pid,
+ const buffer_t hash)
{
- ipcp_msg_t msg = IPCP_MSG__INIT;
- ipcp_msg_t * recv_msg = NULL;
- int ret = -1;
-
- assert(hash);
+ ipcp_msg_t msg = IPCP_MSG__INIT;
+ ipcp_msg_t * recv_msg;
+ int ret;
msg.code = IPCP_MSG_CODE__IPCP_REG;
msg.has_hash = true;
- msg.hash.len = len;
- msg.hash.data = (uint8_t *)hash;
+ msg.hash.data = (uint8_t *) hash.data;
+ msg.hash.len = hash.len;
recv_msg = send_recv_ipcp_msg(pid, &msg);
if (recv_msg == NULL)
@@ -371,18 +355,17 @@ int ipcp_reg(pid_t pid,
return ret;
}
-int ipcp_unreg(pid_t pid,
- const uint8_t * hash,
- size_t len)
+int ipcp_unreg(pid_t pid,
+ const buffer_t hash)
{
- ipcp_msg_t msg = IPCP_MSG__INIT;
- ipcp_msg_t * recv_msg = NULL;
- int ret = -1;
+ ipcp_msg_t msg = IPCP_MSG__INIT;
+ ipcp_msg_t * recv_msg;
+ int ret;
msg.code = IPCP_MSG_CODE__IPCP_UNREG;
msg.has_hash = true;
- msg.hash.len = len;
- msg.hash.data = (uint8_t *) hash;
+ msg.hash.data = (uint8_t *) hash.data;
+ msg.hash.len = hash.len;
recv_msg = send_recv_ipcp_msg(pid, &msg);
if (recv_msg == NULL)
@@ -399,18 +382,17 @@ int ipcp_unreg(pid_t pid,
return ret;
}
-int ipcp_query(pid_t pid,
- const uint8_t * hash,
- size_t len)
+int ipcp_query(pid_t pid,
+ const buffer_t dst)
{
- ipcp_msg_t msg = IPCP_MSG__INIT;
- ipcp_msg_t * recv_msg = NULL;
- int ret = -1;
+ ipcp_msg_t msg = IPCP_MSG__INIT;
+ ipcp_msg_t * recv_msg;
+ int ret;
msg.code = IPCP_MSG_CODE__IPCP_QUERY;
msg.has_hash = true;
- msg.hash.len = len;
- msg.hash.data = (uint8_t *) hash;
+ msg.hash.data = (uint8_t *) dst.data;
+ msg.hash.len = dst.len;
recv_msg = send_recv_ipcp_msg(pid, &msg);
if (recv_msg == NULL)
@@ -427,39 +409,27 @@ int ipcp_query(pid_t pid,
return ret;
}
-static int __ipcp_flow_alloc(pid_t pid,
- int flow_id,
- pid_t n_pid,
- const uint8_t * dst,
- size_t len,
- qosspec_t qs,
- bool join,
- const void * data,
- size_t dlen)
+int ipcp_flow_join(const struct flow_info * flow,
+ const buffer_t dst)
{
- ipcp_msg_t msg = IPCP_MSG__INIT;
- qosspec_msg_t qs_msg;
- ipcp_msg_t * recv_msg = NULL;
- int ret = -1;
-
- assert(dst);
+ ipcp_msg_t msg = IPCP_MSG__INIT;
+ ipcp_msg_t * recv_msg;
+ int ret;
- msg.code = join ? IPCP_MSG_CODE__IPCP_FLOW_JOIN
- : IPCP_MSG_CODE__IPCP_FLOW_ALLOC;
+ msg.code = IPCP_MSG_CODE__IPCP_FLOW_JOIN;
msg.has_flow_id = true;
- msg.flow_id = flow_id;
+ msg.flow_id = flow->id;
msg.has_pid = true;
- msg.pid = n_pid;
+ msg.pid = flow->n_pid;
+ msg.has_uid = true;
+ msg.uid = flow->uid;
msg.has_hash = true;
- msg.hash.len = len;
- msg.hash.data = (uint8_t *) dst;
- qs_msg = spec_to_msg(&qs);
- msg.qosspec = &qs_msg;
- msg.has_pk = true;
- msg.pk.data = (uint8_t *) data;
- msg.pk.len = (uint32_t) dlen;
+ msg.hash.data = (uint8_t *) dst.data;
+ msg.hash.len = dst.len;
+ msg.has_pk = false;
- recv_msg = send_recv_ipcp_msg(pid, &msg);
+ recv_msg = send_recv_ipcp_msg(flow->n_1_pid, &msg);
+ free(msg.qosspec);
if (recv_msg == NULL)
return -EIPCP;
@@ -474,53 +444,70 @@ static int __ipcp_flow_alloc(pid_t pid,
return ret;
}
-int ipcp_flow_alloc(pid_t pid,
- int flow_id,
- pid_t n_pid,
- const uint8_t * dst,
- size_t len,
- qosspec_t qs,
- const void * data,
- size_t dlen)
+int ipcp_flow_alloc(const struct flow_info * flow,
+ const buffer_t dst,
+ const buffer_t data)
{
- return __ipcp_flow_alloc(pid, flow_id, n_pid, dst, len, qs, false,
- data, dlen);
-}
+ ipcp_msg_t msg = IPCP_MSG__INIT;
+ ipcp_msg_t * recv_msg;
+ int ret;
-int ipcp_flow_join(pid_t pid,
- int flow_id,
- pid_t n_pid,
- const uint8_t * dst,
- size_t len,
- qosspec_t qs)
-{
- return __ipcp_flow_alloc(pid, flow_id, n_pid, dst, len, qs, true,
- NULL, 0);
+ msg.code = IPCP_MSG_CODE__IPCP_FLOW_ALLOC;
+ msg.has_flow_id = true;
+ msg.flow_id = flow->id;
+ msg.has_pid = true;
+ msg.pid = flow->n_pid;
+ msg.has_uid = true;
+ msg.uid = flow->uid;
+ msg.qosspec = qos_spec_s_to_msg(&flow->qs);
+ msg.has_hash = true;
+ msg.hash.data = (uint8_t *) dst.data;
+ msg.hash.len = dst.len;
+ msg.has_pk = true;
+ msg.pk.data = data.data;
+ msg.pk.len = data.len;
+
+ recv_msg = send_recv_ipcp_msg(flow->n_1_pid, &msg);
+ free(msg.qosspec);
+ if (recv_msg == NULL) {
+ log_err("Did not receive message.");
+ return -EIPCP;
+ }
+
+ if (!recv_msg->has_result) {
+ log_err("Message has no result");
+ ipcp_msg__free_unpacked(recv_msg, NULL);
+ return -EIPCP;
+ }
+
+ ret = recv_msg->result;
+ ipcp_msg__free_unpacked(recv_msg, NULL);
+
+ return ret;
}
-int ipcp_flow_alloc_resp(pid_t pid,
- int flow_id,
- pid_t n_pid,
- int response,
- const void * data,
- size_t len)
+int ipcp_flow_alloc_resp(const struct flow_info * flow,
+ int response,
+ const buffer_t data)
{
- ipcp_msg_t msg = IPCP_MSG__INIT;
- ipcp_msg_t * recv_msg = NULL;
- int ret = -1;
+ ipcp_msg_t msg = IPCP_MSG__INIT;
+ ipcp_msg_t * recv_msg;
+ int ret;
msg.code = IPCP_MSG_CODE__IPCP_FLOW_ALLOC_RESP;
msg.has_flow_id = true;
- msg.flow_id = flow_id;
+ msg.flow_id = flow->id;
msg.has_pid = true;
- msg.pid = n_pid;
+ msg.pid = flow->n_pid;
+ msg.has_uid = true;
+ msg.uid = flow->uid;
msg.has_response = true;
msg.response = response;
- msg.has_pk = true;
- msg.pk.data = (uint8_t *) data;
- msg.pk.len = (uint32_t) len;
+ msg.has_pk = response == 0;
+ msg.pk.data = data.data;
+ msg.pk.len = data.len;
- recv_msg = send_recv_ipcp_msg(pid, &msg);
+ recv_msg = send_recv_ipcp_msg(flow->n_1_pid, &msg);
if (recv_msg == NULL)
return -EIPCP;
@@ -539,9 +526,9 @@ int ipcp_flow_dealloc(pid_t pid,
int flow_id,
time_t timeo)
{
- ipcp_msg_t msg = IPCP_MSG__INIT;
- ipcp_msg_t * recv_msg = NULL;
- int ret = -1;
+ ipcp_msg_t msg = IPCP_MSG__INIT;
+ ipcp_msg_t * recv_msg;
+ int ret;
msg.code = IPCP_MSG_CODE__IPCP_FLOW_DEALLOC;
msg.has_flow_id = true;
diff --git a/src/irmd/ipcp.h b/src/irmd/ipcp.h
index eb2361c7..b7413cd2 100644
--- a/src/irmd/ipcp.h
+++ b/src/irmd/ipcp.h
@@ -1,5 +1,5 @@
/*
- * Ouroboros - Copyright (C) 2016 - 2021
+ * Ouroboros - Copyright (C) 2016 - 2024
*
* The API for the IRM to instruct IPCPs
*
@@ -21,25 +21,19 @@
*/
#include <ouroboros/ipcp.h>
+#include <ouroboros/protobuf.h>
#include <ouroboros/sockets.h>
-#include <sys/types.h>
-
#ifndef OUROBOROS_IRMD_IPCP_H
#define OUROBOROS_IRMD_IPCP_H
-pid_t ipcp_create(const char * name,
- enum ipcp_type ipcp_type);
-
-int ipcp_destroy(pid_t pid);
-
int ipcp_enroll(pid_t pid,
const char * dst,
struct layer_info * info);
-int ipcp_bootstrap(pid_t pid,
- ipcp_config_msg_t * conf,
- struct layer_info * info);
+int ipcp_bootstrap(pid_t pid,
+ struct ipcp_config * conf,
+ struct layer_info * info);
int ipcp_connect(pid_t pid,
const char * dst,
@@ -50,40 +44,25 @@ int ipcp_disconnect(pid_t pid,
const char * dst,
const char * component);
-int ipcp_reg(pid_t pid,
- const uint8_t * hash,
- size_t len);
+int ipcp_reg(pid_t pid,
+ const buffer_t hash);
-int ipcp_unreg(pid_t pid,
- const uint8_t * hash,
- size_t len);
+int ipcp_unreg(pid_t pid,
+ const buffer_t hash);
-int ipcp_query(pid_t pid,
- const uint8_t * hash,
- size_t len);
+int ipcp_query(pid_t pid,
+ const buffer_t dst);
-int ipcp_flow_alloc(pid_t pid,
- int flow_id,
- pid_t n_pid,
- const uint8_t * dst,
- size_t len,
- qosspec_t qs,
- const void * data,
- size_t dlen);
+int ipcp_flow_alloc(const struct flow_info * flow,
+ const buffer_t hash,
+ const buffer_t data);
-int ipcp_flow_join(pid_t pid,
- int flow_id,
- pid_t n_pid,
- const uint8_t * dst,
- size_t len,
- qosspec_t qs);
+int ipcp_flow_join(const struct flow_info * flow,
+ const buffer_t dst);
-int ipcp_flow_alloc_resp(pid_t pid,
- int flow_id,
- pid_t n_pid,
- int response,
- const void * data,
- size_t len);
+int ipcp_flow_alloc_resp(const struct flow_info * flow,
+ int response,
+ const buffer_t data);
int ipcp_flow_dealloc(pid_t pid,
int flow_id,
diff --git a/src/irmd/irm_flow.c b/src/irmd/irm_flow.c
deleted file mode 100644
index 75df7a80..00000000
--- a/src/irmd/irm_flow.c
+++ /dev/null
@@ -1,226 +0,0 @@
-/*
- * Ouroboros - Copyright (C) 2016 - 2021
- *
- * The IPC Resource Manager - Flows
- *
- * Dimitri Staessens <dimitri@ouroboros.rocks>
- * Sander Vrijders <sander@ouroboros.rocks>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., http://www.fsf.org/about/contact/.
- */
-
-#define _POSIX_C_SOURCE 200112L
-
-#include "config.h"
-
-#define OUROBOROS_PREFIX "irm_flow"
-
-#include <ouroboros/errno.h>
-#include <ouroboros/logs.h>
-#include <ouroboros/time_utils.h>
-#include <ouroboros/pthread.h>
-
-#include "irm_flow.h"
-
-#include <stdlib.h>
-#include <stdbool.h>
-#include <assert.h>
-
-struct irm_flow * irm_flow_create(pid_t n_pid,
- pid_t n_1_pid,
- int flow_id,
- qosspec_t qs)
-{
- pthread_condattr_t cattr;
- struct irm_flow * f = malloc(sizeof(*f));
- if (f == NULL)
- goto fail_malloc;
-
- if (pthread_condattr_init(&cattr))
- goto fail_cattr;
-
-#ifndef __APPLE__
- pthread_condattr_setclock(&cattr, PTHREAD_COND_CLOCK);
-#endif
- if (pthread_cond_init(&f->state_cond, &cattr))
- goto fail_state_cond;
-
- if (pthread_mutex_init(&f->state_lock, NULL))
- goto fail_mutex;
-
- f->n_pid = n_pid;
- f->n_1_pid = n_1_pid;
- f->flow_id = flow_id;
- f->qs = qs;
- f->data = NULL;
- f->len = 0;
-
- f->n_rb = shm_rbuff_create(n_pid, flow_id);
- if (f->n_rb == NULL) {
- log_err("Could not create ringbuffer for process %d.", n_pid);
- goto fail_n_rbuff;
- }
-
- f->n_1_rb = shm_rbuff_create(n_1_pid, flow_id);
- if (f->n_1_rb == NULL) {
- log_err("Could not create ringbuffer for process %d.", n_1_pid);
- goto fail_n_1_rbuff;
- }
-
- f->state = FLOW_ALLOC_PENDING;
-
- if (clock_gettime(CLOCK_MONOTONIC, &f->t0) < 0)
- log_warn("Failed to set timestamp.");
-
- pthread_condattr_destroy(&cattr);
-
- return f;
-
- fail_n_1_rbuff:
- shm_rbuff_destroy(f->n_rb);
- fail_n_rbuff:
- pthread_mutex_destroy(&f->state_lock);
- fail_mutex:
- pthread_cond_destroy(&f->state_cond);
- fail_state_cond:
- pthread_condattr_destroy(&cattr);
- fail_cattr:
- free(f);
- fail_malloc:
- return NULL;
-}
-
-static void cancel_irm_destroy(void * o)
-{
- struct irm_flow * f = (struct irm_flow *) o;
-
- pthread_mutex_unlock(&f->state_lock);
-
- pthread_cond_destroy(&f->state_cond);
- pthread_mutex_destroy(&f->state_lock);
-
- shm_rbuff_destroy(f->n_rb);
- shm_rbuff_destroy(f->n_1_rb);
-
- free(f);
-}
-
-void irm_flow_destroy(struct irm_flow * f)
-{
- assert(f);
-
- pthread_mutex_lock(&f->state_lock);
-
- assert(f->len == 0);
-
- if (f->state == FLOW_DESTROY) {
- pthread_mutex_unlock(&f->state_lock);
- return;
- }
-
- if (f->state == FLOW_ALLOC_PENDING)
- f->state = FLOW_DESTROY;
- else
- f->state = FLOW_NULL;
-
- pthread_cond_signal(&f->state_cond);
-
- pthread_cleanup_push(cancel_irm_destroy, f);
-
- while (f->state != FLOW_NULL)
- pthread_cond_wait(&f->state_cond, &f->state_lock);
-
- pthread_cleanup_pop(true);
-}
-
-enum flow_state irm_flow_get_state(struct irm_flow * f)
-{
- enum flow_state state;
-
- assert(f);
-
- pthread_mutex_lock(&f->state_lock);
-
- state = f->state;
-
- pthread_mutex_unlock(&f->state_lock);
-
- return state;
-}
-
-void irm_flow_set_state(struct irm_flow * f,
- enum flow_state state)
-{
- assert(f);
- assert(state != FLOW_DESTROY);
-
- pthread_mutex_lock(&f->state_lock);
-
- f->state = state;
- pthread_cond_broadcast(&f->state_cond);
-
- pthread_mutex_unlock(&f->state_lock);
-}
-
-int irm_flow_wait_state(struct irm_flow * f,
- enum flow_state state,
- struct timespec * timeo)
-{
- int ret = 0;
- int s;
-
- struct timespec dl;
-
- assert(f);
- assert(state != FLOW_NULL);
- assert(state != FLOW_DESTROY);
- assert(state != FLOW_DEALLOC_PENDING);
-
- if (timeo != NULL) {
- clock_gettime(PTHREAD_COND_CLOCK, &dl);
- ts_add(&dl, timeo, &dl);
- }
-
- pthread_mutex_lock(&f->state_lock);
-
- assert(f->state != FLOW_NULL);
-
- pthread_cleanup_push(__cleanup_mutex_unlock, &f->state_lock);
-
- while (!(f->state == state ||
- f->state == FLOW_DESTROY ||
- f->state == FLOW_DEALLOC_PENDING) &&
- ret != -ETIMEDOUT) {
- if (timeo == NULL)
- ret = -pthread_cond_wait(&f->state_cond,
- &f->state_lock);
- else
- ret = -pthread_cond_timedwait(&f->state_cond,
- &f->state_lock,
- &dl);
- }
-
- if (f->state == FLOW_DESTROY ||
- f->state == FLOW_DEALLOC_PENDING ||
- ret == -ETIMEDOUT) {
- f->state = FLOW_NULL;
- pthread_cond_broadcast(&f->state_cond);
- }
-
- s = f->state;
-
- pthread_cleanup_pop(true);
-
- return ret ? ret : s;
-}
diff --git a/src/irmd/irm_flow.h b/src/irmd/irm_flow.h
deleted file mode 100644
index 35e7dc2c..00000000
--- a/src/irmd/irm_flow.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Ouroboros - Copyright (C) 2016 - 2021
- *
- * The IPC Resource Manager - Flows
- *
- * Dimitri Staessens <dimitri@ouroboros.rocks>
- * Sander Vrijders <sander@ouroboros.rocks>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., http://www.fsf.org/about/contact/.
- */
-
-#ifndef OUROBOROS_IRMD_IRM_FLOW_H
-#define OUROBOROS_IRMD_IRM_FLOW_H
-
-#include <ouroboros/list.h>
-#include <ouroboros/qos.h>
-#include <ouroboros/shm_rbuff.h>
-
-#include <sys/types.h>
-#include <pthread.h>
-#include <time.h>
-
-enum flow_state {
- FLOW_NULL = 0,
- FLOW_ALLOC_PENDING,
- FLOW_ALLOCATED,
- FLOW_DEALLOC_PENDING,
- FLOW_DESTROY
-};
-
-struct irm_flow {
- struct list_head next;
-
- int flow_id;
-
- pid_t n_pid;
- pid_t n_1_pid;
-
- qosspec_t qs;
- void * data;
- size_t len;
-
- struct shm_rbuff * n_rb;
- struct shm_rbuff * n_1_rb;
-
- struct timespec t0;
-
- enum flow_state state;
- pthread_cond_t state_cond;
- pthread_mutex_t state_lock;
-};
-
-struct irm_flow * irm_flow_create(pid_t n_pid,
- pid_t n_1_pid,
- int flow_id,
- qosspec_t qs);
-
-void irm_flow_destroy(struct irm_flow * f);
-
-enum flow_state irm_flow_get_state(struct irm_flow * f);
-
-
-void irm_flow_set_state(struct irm_flow * f,
- enum flow_state state);
-
-int irm_flow_wait_state(struct irm_flow * f,
- enum flow_state state,
- struct timespec * timeo);
-
-#endif /* OUROBOROS_IRMD_IRM_FLOW_H */
diff --git a/src/irmd/irmd.h b/src/irmd/irmd.h
new file mode 100644
index 00000000..3e54904a
--- /dev/null
+++ b/src/irmd/irmd.h
@@ -0,0 +1,54 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#ifndef OUROBOROS_IRMD_H
+#define OUROBOROS_IRMD_H
+
+#include <ouroboros/ipcp.h>
+#include <ouroboros/irm.h>
+
+int create_ipcp(struct ipcp_info * info);
+
+int bootstrap_ipcp(pid_t pid,
+ struct ipcp_config * conf);
+
+int enroll_ipcp(pid_t pid,
+ const char * dst);
+
+int connect_ipcp(pid_t pid,
+ const char * dst,
+ const char * component,
+ qosspec_t qs);
+
+int name_create(struct name_info * info);
+
+int name_reg(const char * name,
+ pid_t pid);
+
+int bind_process(pid_t pid,
+ const char * name);
+
+int bind_program(char ** exec,
+ const char * name,
+ uint8_t flags);
+
+#endif /* OUROBOROS_IRMD_H*/
diff --git a/src/irmd/main.c b/src/irmd/main.c
index 22d94136..ccb16017 100644
--- a/src/irmd/main.c
+++ b/src/irmd/main.c
@@ -1,5 +1,5 @@
/*
- * Ouroboros - Copyright (C) 2016 - 2021
+ * Ouroboros - Copyright (C) 2016 - 2024
*
* The IPC Resource Manager
*
@@ -22,6 +22,7 @@
#if defined(__linux__) || defined(__CYGWIN__)
#define _DEFAULT_SOURCE
+#define _GNU_SOURCE
#else
#define _POSIX_C_SOURCE 200809L
#endif
@@ -30,29 +31,35 @@
#define OUROBOROS_PREFIX "irmd"
-#include <ouroboros/hash.h>
+#include <ouroboros/bitmap.h>
+#include <ouroboros/crypt.h>
#include <ouroboros/errno.h>
-#include <ouroboros/sockets.h>
-#include <ouroboros/list.h>
-#include <ouroboros/utils.h>
+#include <ouroboros/flow.h>
+#include <ouroboros/hash.h>
#include <ouroboros/irm.h>
+#include <ouroboros/list.h>
#include <ouroboros/lockfile.h>
-#include <ouroboros/shm_rbuff.h>
-#include <ouroboros/shm_rdrbuff.h>
-#include <ouroboros/bitmap.h>
-#include <ouroboros/qos.h>
-#include <ouroboros/time_utils.h>
-#include <ouroboros/tpm.h>
#include <ouroboros/logs.h>
-#include <ouroboros/version.h>
+#include <ouroboros/protobuf.h>
#include <ouroboros/pthread.h>
+#include <ouroboros/random.h>
+#include <ouroboros/rib.h>
+#include <ouroboros/ssm_pool.h>
+#include <ouroboros/sockets.h>
+#include <ouroboros/time.h>
+#include <ouroboros/tpm.h>
+#include <ouroboros/utils.h>
+#include <ouroboros/version.h>
-#include "utils.h"
-#include "registry.h"
-#include "irm_flow.h"
-#include "proc_table.h"
+#include "irmd.h"
#include "ipcp.h"
+#include "oap.h"
+#include "reg/reg.h"
+#include "configfile.h"
+#include <dirent.h>
+#include <grp.h>
+#include <pwd.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <signal.h>
@@ -69,62 +76,34 @@
#define IRMD_CLEANUP_TIMER ((IRMD_FLOW_TIMEOUT / 20) * MILLION) /* ns */
#define SHM_SAN_HOLDOFF 1000 /* ms */
-#define IPCP_HASH_LEN(e) hash_len(e->dir_hash_algo)
-#define IB_LEN SOCK_BUF_SIZE
+#define IPCP_HASH_LEN(p) hash_len((p)->dir_hash_algo)
#define BIND_TIMEOUT 10 /* ms */
+#define TIMESYNC_SLACK 100 /* ms */
+#define OAP_SEEN_TIMER 20 /* s */
#define DEALLOC_TIME 300 /* s */
-enum init_state {
- IPCP_NULL = 0,
- IPCP_BOOT,
- IPCP_LIVE
-};
-
-struct ipcp_entry {
- struct list_head next;
-
- char * name;
- pid_t pid;
- enum ipcp_type type;
- enum hash_algo dir_hash_algo;
- char * layer;
-
- enum init_state state;
- pthread_cond_t cond;
- pthread_mutex_t lock;
-};
-
enum irm_state {
IRMD_NULL = 0,
- IRMD_RUNNING
+ IRMD_INIT,
+ IRMD_RUNNING,
+ IRMD_SHUTDOWN
};
struct cmd {
struct list_head next;
- uint8_t cbuf[IB_LEN];
+ uint8_t cbuf[SOCK_BUF_SIZE];
size_t len;
int fd;
};
struct {
- struct list_head registry; /* registered names known */
- size_t n_names; /* number of names */
-
- struct list_head ipcps; /* list of ipcps in system */
- size_t n_ipcps; /* number of ipcps */
-
- struct list_head proc_table; /* processes */
- struct list_head prog_table; /* programs known */
- struct list_head spawned_pids; /* child processes */
- pthread_rwlock_t reg_lock; /* lock for registration info */
-
- struct bmp * flow_ids; /* flow_ids for flows */
- struct list_head irm_flows; /* flow information */
- pthread_rwlock_t flows_lock; /* lock for flows */
-
+ bool log_stdout; /* log to stdout */
+#ifdef HAVE_TOML
+ char * cfg_file; /* configuration file path */
+#endif
struct lockfile * lf; /* single irmd per system */
- struct shm_rdrbuff * rdrb; /* rdrbuff for packets */
+ struct ssm_pool * gspp; /* pool for packets */
int sockfd; /* UNIX socket */
@@ -163,492 +142,265 @@ static void irmd_set_state(enum irm_state state)
pthread_rwlock_unlock(&irmd.state_lock);
}
-static void clear_irm_flow(struct irm_flow * f) {
- ssize_t idx;
-
- assert(f);
-
- if (f->len != 0) {
- free(f->data);
- f->len = 0;
- }
-
- while ((idx = shm_rbuff_read(f->n_rb)) >= 0)
- shm_rdrbuff_remove(irmd.rdrb, idx);
-
- while ((idx = shm_rbuff_read(f->n_1_rb)) >= 0)
- shm_rdrbuff_remove(irmd.rdrb, idx);
-}
-
-static struct irm_flow * get_irm_flow(int flow_id)
+static pid_t spawn_program(char ** argv)
{
- struct list_head * pos = NULL;
+ pid_t pid;
+ struct stat s;
- list_for_each(pos, &irmd.irm_flows) {
- struct irm_flow * e = list_entry(pos, struct irm_flow, next);
- if (e->flow_id == flow_id)
- return e;
+ if (stat(argv[0], &s) != 0) {
+ log_warn("Program %s does not exist.", argv[0]);
+ return -1;
}
- return NULL;
-}
-
-static struct irm_flow * get_irm_flow_n(pid_t n_pid)
-{
- struct list_head * pos = NULL;
-
- list_for_each(pos, &irmd.irm_flows) {
- struct irm_flow * e = list_entry(pos, struct irm_flow, next);
- if (e->n_pid == n_pid &&
- irm_flow_get_state(e) == FLOW_ALLOC_PENDING)
- return e;
+ if (!(s.st_mode & S_IXUSR)) {
+ log_warn("Program %s is not executable.", argv[0]);
+ return -1;
}
- return NULL;
-}
-
-static struct ipcp_entry * ipcp_entry_create(const char * name,
- enum ipcp_type type)
-{
- struct ipcp_entry * e;
- pthread_condattr_t cattr;
-
- e = malloc(sizeof(*e));
- if (e == NULL)
- goto fail_malloc;
-
- e->layer = NULL;
- e->type = type;
- e->state = IPCP_BOOT;
- e->name = strdup(name);
- if (e->name == NULL)
- goto fail_name;
-
- if (pthread_condattr_init(&cattr))
- goto fail_cattr;
-#ifndef __APPLE__
- pthread_condattr_setclock(&cattr, PTHREAD_COND_CLOCK);
-#endif
- if (pthread_cond_init(&e->cond, &cattr))
- goto fail_cond;
-
- if (pthread_mutex_init(&e->lock, NULL))
- goto fail_mutex;
-
-
- list_head_init(&e->next);
-
- pthread_condattr_destroy(&cattr);
-
- return e;
-
- fail_mutex:
- pthread_cond_destroy(&e->cond);
- fail_cond:
- pthread_condattr_destroy(&cattr);
- fail_cattr:
- free(e->name);
- fail_name:
- free(e);
- fail_malloc:
- return NULL;
-}
-
-static void ipcp_entry_destroy(struct ipcp_entry * e)
-{
- assert(e);
-
- pthread_mutex_lock(&e->lock);
-
- while (e->state == IPCP_BOOT)
- pthread_cond_wait(&e->cond, &e->lock);
-
- pthread_mutex_unlock(&e->lock);
+ if (posix_spawn(&pid, argv[0], NULL, NULL, argv, NULL)) {
+ log_err("Failed to spawn new process for %s.", argv[0]);
+ return -1;
+ }
- free(e->name);
- free(e->layer);
- free(e);
-}
+ log_info("Instantiated %s as process %d.", argv[0], pid);
-static void ipcp_entry_set_state(struct ipcp_entry * e,
- enum init_state state)
-{
- pthread_mutex_lock(&e->lock);
- e->state = state;
- pthread_cond_broadcast(&e->cond);
- pthread_mutex_unlock(&e->lock);
+ return pid;
}
-static int ipcp_entry_wait_boot(struct ipcp_entry * e)
+static pid_t spawn_ipcp(struct ipcp_info * info)
{
- int ret = 0;
- struct timespec dl;
- struct timespec to = {SOCKET_TIMEOUT / 1000,
- (SOCKET_TIMEOUT % 1000) * MILLION};
-
- clock_gettime(PTHREAD_COND_CLOCK, &dl);
- ts_add(&dl, &to, &dl);
-
- pthread_mutex_lock(&e->lock);
-
- while (e->state == IPCP_BOOT && ret != ETIMEDOUT)
- ret = pthread_cond_timedwait(&e->cond, &e->lock, &dl);
-
- if (ret == ETIMEDOUT) {
- kill(e->pid, SIGTERM);
- e->state = IPCP_NULL;
- pthread_cond_signal(&e->cond);
+ char * exec_name = NULL;
+ char irmd_pid[10];
+ char full_name[256];
+ char * argv[5];
+ pid_t pid;
+
+ switch(info->type) {
+ case IPCP_UNICAST:
+ exec_name = IPCP_UNICAST_EXEC;
+ break;
+ case IPCP_BROADCAST:
+ exec_name = IPCP_BROADCAST_EXEC;
+ break;
+ case IPCP_UDP4:
+ exec_name = IPCP_UDP4_EXEC;
+ break;
+ case IPCP_UDP6:
+ exec_name = IPCP_UDP6_EXEC;
+ break;
+ case IPCP_ETH_LLC:
+ exec_name = IPCP_ETH_LLC_EXEC;
+ break;
+ case IPCP_ETH_DIX:
+ exec_name = IPCP_ETH_DIX_EXEC;
+ break;
+ case IPCP_LOCAL:
+ exec_name = IPCP_LOCAL_EXEC;
+ break;
+ default:
+ assert(false);
}
- if (e->state != IPCP_LIVE) {
- pthread_mutex_unlock(&e->lock);
+ if (exec_name == NULL) {
+ log_err("IPCP type not installed.");
return -1;
}
- pthread_mutex_unlock(&e->lock);
-
- return 0;
-}
-
-static struct ipcp_entry * get_ipcp_entry_by_pid(pid_t pid)
-{
- struct list_head * p;
+ sprintf(irmd_pid, "%u", getpid());
- list_for_each(p, &irmd.ipcps) {
- struct ipcp_entry * e = list_entry(p, struct ipcp_entry, next);
- if (e->pid == pid)
- return e;
- }
+ strcpy(full_name, INSTALL_PREFIX"/"INSTALL_SBINDIR"/");
+ strcat(full_name, exec_name);
- return NULL;
-}
+ /* log_file to be placed at the end */
+ argv[0] = full_name;
+ argv[1] = irmd_pid;
+ argv[2] = (char *) info->name;
+ if (log_syslog)
+ argv[3] = "1";
+ else
+ argv[3] = NULL;
-static struct ipcp_entry * get_ipcp_entry_by_name(const char * name)
-{
- struct list_head * p;
+ argv[4] = NULL;
- list_for_each(p, &irmd.ipcps) {
- struct ipcp_entry * e = list_entry(p, struct ipcp_entry, next);
- if (strcmp(name, e->name) == 0)
- return e;
+ pid = spawn_program(argv);
+ if (pid < 0) {
+ log_err("Failed to spawn IPCP %s.", info->name);
+ return -1;
}
- return NULL;
-}
-
-static struct ipcp_entry * get_ipcp_entry_by_layer(const char * layer)
-{
- struct list_head * p;
-
- list_for_each(p, &irmd.ipcps) {
- struct ipcp_entry * e = list_entry(p, struct ipcp_entry, next);
- if (strcmp(layer, e->layer) == 0)
- return e;
- }
+ info->pid = pid;
+ info->state = IPCP_INIT;
- return NULL;
+ return 0;
}
-static struct ipcp_entry * get_ipcp_by_dst_name(const char * name,
- pid_t src)
+static int kill_ipcp(pid_t pid)
{
- struct list_head * p;
- struct list_head * h;
- uint8_t * hash;
- pid_t pid;
- size_t len;
-
- pthread_rwlock_rdlock(&irmd.reg_lock);
-
- list_for_each_safe(p, h, &irmd.ipcps) {
- struct ipcp_entry * e = list_entry(p, struct ipcp_entry, next);
- if (e->layer == NULL || e->pid == src)
- continue;
-
- len = IPCP_HASH_LEN(e);
-
- hash = malloc(len);
- if (hash == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- return NULL;
- }
+ int status;
- str_hash(e->dir_hash_algo, hash, name);
-
- pid = e->pid;
-
- pthread_rwlock_unlock(&irmd.reg_lock);
-
- if (ipcp_query(pid, hash, len) == 0) {
- free(hash);
- return e;
- }
-
- free(hash);
-
- pthread_rwlock_rdlock(&irmd.reg_lock);
+ if (kill(pid, SIGTERM) < 0) {
+ log_err("Failed to destroy IPCP: %s.", strerror(errno));
+ return -1;
}
- pthread_rwlock_unlock(&irmd.reg_lock);
+ waitpid(pid, &status, 0);
- return NULL;
+ return 0;
}
-static pid_t create_ipcp(const char * name,
- enum ipcp_type type)
+int create_ipcp(struct ipcp_info * info)
{
- struct pid_el * ppid;
- struct ipcp_entry * entry;
- struct list_head * p;
- pid_t pid;
+ struct timespec abstime;
+ struct timespec timeo = TIMESPEC_INIT_MS(SOCKET_TIMEOUT);
+ int status;
- pthread_rwlock_rdlock(&irmd.reg_lock);
+ assert(info->pid == 0);
- entry = get_ipcp_entry_by_name(name);
- if (entry != NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- log_err("IPCP by that name already exists.");
- return -EPERM;
- }
-
- pthread_rwlock_unlock(&irmd.reg_lock);
-
- ppid = malloc(sizeof(*ppid));
- if (ppid == NULL)
- goto fail_ppid;
-
- entry = ipcp_entry_create(name, type);
- if (entry == NULL) {
- log_err("Failed to create IPCP entry.");
- goto fail_ipcp_entry;
- }
+ clock_gettime(PTHREAD_COND_CLOCK, &abstime);
+ ts_add(&abstime, &timeo, &abstime);
- pid = ipcp_create(name, type);
- if (pid == -1) {
+ if (spawn_ipcp(info) < 0) {
log_err("Failed to create IPCP.");
goto fail_ipcp;
}
- entry->pid = pid;
-
- pthread_rwlock_wrlock(&irmd.reg_lock);
-
- list_for_each(p, &irmd.ipcps) {
- if (list_entry(p, struct ipcp_entry, next)->type > type)
- break;
+ if (reg_create_ipcp(info) < 0) {
+ log_err("Failed to create IPCP entry.");
+ goto fail_reg_ipcp;
}
- list_add_tail(&entry->next, p);
- ++irmd.n_ipcps;
-
- ppid->pid = entry->pid;
- list_add(&ppid->next, &irmd.spawned_pids);
-
- pthread_rwlock_unlock(&irmd.reg_lock);
-
- /* IRMd maintenance will clean up if booting fails. */
- if (ipcp_entry_wait_boot(entry)) {
- log_err("IPCP %d failed to boot.", pid);
- return -1;
+ if (reg_wait_ipcp_boot(info, &abstime)) {
+ log_err("IPCP %d failed to boot.", info->pid);
+ goto fail_boot;
}
- log_info("Created IPCP %d.", pid);
+ log_info("Created IPCP %d.", info->pid);
- return pid;
+ return 0;
- fail_ipcp:
- ipcp_entry_destroy(entry);
- fail_ipcp_entry:
- free(ppid);
- fail_ppid:
+ fail_boot:
+ waitpid(info->pid, &status, 0);
+ reg_destroy_proc(info->pid);
return -1;
-}
-
-static int create_ipcp_r(pid_t pid,
- int result)
-{
- struct list_head * p;
-
- pthread_rwlock_rdlock(&irmd.reg_lock);
- list_for_each(p, &irmd.ipcps) {
- struct ipcp_entry * e = list_entry(p, struct ipcp_entry, next);
- if (e->pid == pid) {
- ipcp_entry_set_state(e, result ? IPCP_NULL : IPCP_LIVE);
- break;
- }
- }
-
- pthread_rwlock_unlock(&irmd.reg_lock);
-
- return 0;
+ fail_reg_ipcp:
+ kill_ipcp(info->pid);
+ fail_ipcp:
+ return -1;
}
-static void clear_spawned_process(pid_t pid)
+static int create_ipcp_r(struct ipcp_info * info)
{
- struct list_head * p;
- struct list_head * h;
-
- list_for_each_safe(p, h, &(irmd.spawned_pids)) {
- struct pid_el * a = list_entry(p, struct pid_el, next);
- if (a->pid == pid) {
- list_del(&a->next);
- free(a);
- }
- }
+ return reg_respond_ipcp(info);
}
static int destroy_ipcp(pid_t pid)
{
- struct list_head * p;
- struct list_head * h;
-
- pthread_rwlock_wrlock(&irmd.reg_lock);
-
- list_for_each_safe(p, h, &irmd.ipcps) {
- struct ipcp_entry * e = list_entry(p, struct ipcp_entry, next);
- if (e->pid == pid) {
- clear_spawned_process(pid);
- if (ipcp_destroy(pid))
- log_err("Could not destroy IPCP.");
- list_del(&e->next);
- ipcp_entry_destroy(e);
- --irmd.n_ipcps;
- log_info("Destroyed IPCP %d.", pid);
- }
+ if (kill_ipcp(pid)) {
+ log_err("Could not destroy IPCP.");
+ goto fail;
}
- pthread_rwlock_unlock(&irmd.reg_lock);
+ if (reg_destroy_proc(pid)) {
+ log_err("Failed to remove IPCP from registry.");
+ goto fail;
+ }
return 0;
+ fail:
+ return -1;
}
-static int bootstrap_ipcp(pid_t pid,
- ipcp_config_msg_t * conf)
+int bootstrap_ipcp(pid_t pid,
+ struct ipcp_config * conf)
{
- struct ipcp_entry * entry;
- struct layer_info info;
+ struct ipcp_info info;
+ struct layer_info layer;
- pthread_rwlock_wrlock(&irmd.reg_lock);
+ info.pid = pid;
- entry = get_ipcp_entry_by_pid(pid);
- if (entry == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- log_err("No such IPCP.");
- return -1;
+ if (reg_get_ipcp(&info, NULL) < 0) {
+ log_err("Could not find IPCP %d.", pid);
+ goto fail;
}
- if (entry->type != (enum ipcp_type) conf->ipcp_type) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- log_err("Configuration does not match IPCP type.");
- return -1;
- }
+ if (conf->type == IPCP_UDP4 || conf->type == IPCP_UDP6)
+ conf->layer_info.dir_hash_algo = (enum pol_dir_hash) HASH_MD5;
- if (ipcp_bootstrap(entry->pid, conf, &info)) {
- pthread_rwlock_unlock(&irmd.reg_lock);
+ if (ipcp_bootstrap(pid, conf, &layer)) {
log_err("Could not bootstrap IPCP.");
- return -1;
- }
-
- entry->layer = strdup(info.layer_name);
- if (entry->layer == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- log_warn("Failed to set name of layer.");
- return -ENOMEM;
+ goto fail;
}
- entry->dir_hash_algo = info.dir_hash_algo;
+ info.state = IPCP_BOOT;
- pthread_rwlock_unlock(&irmd.reg_lock);
+ if (reg_set_layer_for_ipcp(&info, &layer) < 0) {
+ log_err("Failed to set layer info for IPCP.");
+ goto fail;
+ }
- log_info("Bootstrapped IPCP %d in layer %s.",
- pid, conf->layer_info->layer_name);
+ log_info("Bootstrapped IPCP %d.", pid);
return 0;
+ fail:
+ return -1;
}
-static int enroll_ipcp(pid_t pid,
- char * dst)
+int enroll_ipcp(pid_t pid,
+ const char * dst)
{
- struct ipcp_entry * entry = NULL;
- struct layer_info info;
+ struct layer_info layer;
+ struct ipcp_info info;
- pthread_rwlock_wrlock(&irmd.reg_lock);
-
- entry = get_ipcp_entry_by_pid(pid);
- if (entry == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- log_err("No such IPCP.");
- return -1;
- }
+ info.pid = pid;
- if (entry->layer != NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- log_err("IPCP in wrong state");
- return -1;
+ if (reg_get_ipcp(&info, NULL) < 0) {
+ log_err("Could not find IPCP.");
+ goto fail;
}
- pthread_rwlock_unlock(&irmd.reg_lock);
-
- if (ipcp_enroll(pid, dst, &info) < 0) {
+ if (ipcp_enroll(pid, dst, &layer) < 0) {
log_err("Could not enroll IPCP %d.", pid);
- return -1;
+ goto fail;
}
- pthread_rwlock_wrlock(&irmd.reg_lock);
+ info.state = IPCP_BOOT;
- entry = get_ipcp_entry_by_pid(pid);
- if (entry == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- log_err("No such IPCP.");
- return -1;
- }
-
- entry->layer = strdup(info.layer_name);
- if (entry->layer == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- log_err("Failed to strdup layer_name.");
- return -ENOMEM;
+ if (reg_set_layer_for_ipcp(&info, &layer) < 0) {
+ log_err("Failed to set layer info for IPCP.");
+ goto fail;
}
- entry->dir_hash_algo = info.dir_hash_algo;
-
- pthread_rwlock_unlock(&irmd.reg_lock);
-
- log_info("Enrolled IPCP %d in layer %s.",
- pid, info.layer_name);
+ log_info("Enrolled IPCP %d in layer %s.", pid, layer.name);
return 0;
+ fail:
+ return -1;
}
-static int connect_ipcp(pid_t pid,
- const char * dst,
- const char * component,
- qosspec_t qs)
+int connect_ipcp(pid_t pid,
+ const char * dst,
+ const char * component,
+ qosspec_t qs)
{
- struct ipcp_entry * entry = NULL;
+ struct ipcp_info info;
- pthread_rwlock_rdlock(&irmd.reg_lock);
+ info.pid = pid;
- entry = get_ipcp_entry_by_pid(pid);
- if (entry == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
+ if (reg_get_ipcp(&info, NULL) < 0) {
log_err("No such IPCP.");
return -EIPCP;
}
- if (entry->type != IPCP_UNICAST && entry->type != IPCP_BROADCAST) {
- pthread_rwlock_unlock(&irmd.reg_lock);
+ if (info.type != IPCP_UNICAST && info.type != IPCP_BROADCAST) {
log_err("Cannot establish connections for this IPCP type.");
return -EIPCP;
}
- pthread_rwlock_unlock(&irmd.reg_lock);
-
log_dbg("Connecting %s to %s.", component, dst);
if (ipcp_connect(pid, dst, component, qs)) {
- log_err("Could not connect IPCP.");
+ log_err("Could not connect IPCP %d to %s.", pid, dst);
return -EPERM;
}
@@ -662,25 +414,20 @@ static int disconnect_ipcp(pid_t pid,
const char * dst,
const char * component)
{
- struct ipcp_entry * entry = NULL;
+ struct ipcp_info info;
- pthread_rwlock_rdlock(&irmd.reg_lock);
+ info.pid = pid;
- entry = get_ipcp_entry_by_pid(pid);
- if (entry == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
+ if (reg_get_ipcp(&info, NULL) < 0) {
log_err("No such IPCP.");
return -EIPCP;
}
- if (entry->type != IPCP_UNICAST) {
- pthread_rwlock_unlock(&irmd.reg_lock);
+ if (info.type != IPCP_UNICAST && info.type != IPCP_BROADCAST) {
log_err("Cannot tear down connections for this IPCP type.");
return -EIPCP;
}
- pthread_rwlock_unlock(&irmd.reg_lock);
-
if (ipcp_disconnect(pid, dst, component)) {
log_err("Could not disconnect IPCP.");
return -EPERM;
@@ -692,1302 +439,900 @@ static int disconnect_ipcp(pid_t pid,
return 0;
}
-static int bind_program(char * prog,
- char * name,
- uint16_t flags,
- int argc,
- char ** argv)
+static void name_update_sec_paths(struct name_info * info)
{
- char * progs;
- char ** argv_dup = NULL;
- int i;
- char * name_dup = NULL;
- struct prog_entry * e = NULL;
- struct reg_entry * re = NULL;
-
- if (prog == NULL || name == NULL)
- return -EINVAL;
-
- pthread_rwlock_wrlock(&irmd.reg_lock);
-
- e = prog_table_get(&irmd.prog_table, path_strip(prog));
- if (e == NULL) {
- progs = strdup(path_strip(prog));
- if (progs == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- return -ENOMEM;
- }
+ char * srv_dir = OUROBOROS_SRV_CRT_DIR;
+ char * cli_dir = OUROBOROS_CLI_CRT_DIR;
- if ((flags & BIND_AUTO) && argc) {
- /* We need to duplicate argv and set argv[0] to prog. */
- argv_dup = malloc((argc + 2) * sizeof(*argv_dup));
- argv_dup[0] = strdup(prog);
- for (i = 1; i <= argc; ++i) {
- argv_dup[i] = strdup(argv[i - 1]);
- if (argv_dup[i] == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- argvfree(argv_dup);
- log_err("Failed to bind program "
- "%s to %s.",
- prog, name);
- free(progs);
- return -ENOMEM;
- }
- }
- argv_dup[argc + 1] = NULL;
- }
- e = prog_entry_create(progs, flags, argv_dup);
- if (e == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- free(progs);
- argvfree(argv_dup);
- return -ENOMEM;
- }
- prog_table_add(&irmd.prog_table, e);
- }
+ assert(info != NULL);
- name_dup = strdup(name);
- if (name_dup == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- return -ENOMEM;
- }
+ if (strlen(info->s.enc) == 0)
+ sprintf(info->s.enc, "%s/%s/enc.conf", srv_dir, info->name);
- if (prog_entry_add_name(e, name_dup)) {
- log_err("Failed adding name.");
- pthread_rwlock_unlock(&irmd.reg_lock);
- free(name_dup);
- return -ENOMEM;
- }
+ if (strlen(info->s.crt) == 0)
+ sprintf(info->s.crt, "%s/%s/crt.pem", srv_dir, info->name);
- re = registry_get_entry(&irmd.registry, name);
- if (re != NULL && reg_entry_add_prog(re, e) < 0)
- log_err("Failed adding program %s for name %s.", prog, name);
+ if (strlen(info->s.key) == 0)
+ sprintf(info->s.key, "%s/%s/key.pem", srv_dir, info->name);
- pthread_rwlock_unlock(&irmd.reg_lock);
+ if (strlen(info->c.enc) == 0)
+ sprintf(info->c.enc, "%s/%s/enc.conf", cli_dir, info->name);
- log_info("Bound program %s to name %s.", prog, name);
+ if (strlen(info->c.crt) == 0)
+ sprintf(info->c.crt, "%s/%s/crt.pem", cli_dir, info->name);
- return 0;
+ if (strlen(info->c.key) == 0)
+ sprintf(info->c.key, "%s/%s/key.pem", cli_dir, info->name);
}
-static int bind_process(pid_t pid,
- char * name)
+int name_create(struct name_info * info)
{
- char * name_dup = NULL;
- struct proc_entry * e = NULL;
- struct reg_entry * re = NULL;
- struct timespec now;
- struct timespec dl = {0, 10 * MILLION};
+ int ret;
- if (name == NULL)
- return -EINVAL;
-
- clock_gettime(PTHREAD_COND_CLOCK, &now);
+ assert(info != NULL);
- ts_add(&dl, &now, &dl);
-
- pthread_rwlock_wrlock(&irmd.reg_lock);
-
- while (!kill(pid, 0)) {
- e = proc_table_get(&irmd.proc_table, pid);
- if (e != NULL || ts_diff_ms(&now, &dl) > 0)
- break;
- clock_gettime(PTHREAD_COND_CLOCK, &now);
- sched_yield();
- }
+ name_update_sec_paths(info);
- if (e == NULL) {
- log_err("Process %d does not %s.", pid,
- kill(pid, 0) ? "exist" : "respond");
- pthread_rwlock_unlock(&irmd.reg_lock);
- return -1;
- }
-
- name_dup = strdup(name);
- if (name_dup == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- return -ENOMEM;
+ ret = reg_create_name(info);
+ if (ret == -EEXIST) {
+ log_info("Name %s already exists.", info->name);
+ return 0;
}
- if (proc_entry_add_name(e, name_dup)) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- log_err("Failed to add name %s to process %d.", name, pid);
- free(name_dup);
+ if (ret < 0) {
+ log_err("Failed to create name %s.", info->name);
return -1;
}
- re = registry_get_entry(&irmd.registry, name);
- if (re != NULL && reg_entry_add_pid(re, pid) < 0)
- log_err("Failed adding process %d for name %s.", pid, name);
-
- pthread_rwlock_unlock(&irmd.reg_lock);
-
- log_info("Bound process %d to name %s.", pid, name);
+ log_info("Created new name: %s.", info->name);
return 0;
}
-static int unbind_program(char * prog,
- char * name)
+static int name_destroy(const char * name)
{
- struct reg_entry * e;
- if (prog == NULL)
- return -EINVAL;
+ assert(name != NULL);
- pthread_rwlock_wrlock(&irmd.reg_lock);
-
- if (name == NULL)
- prog_table_del(&irmd.prog_table, prog);
- else {
- struct prog_entry * en = prog_table_get(&irmd.prog_table, prog);
- if (en == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- return -EINVAL;
- }
-
- prog_entry_del_name(en, name);
-
- e = registry_get_entry(&irmd.registry, name);
- if (e != NULL)
- reg_entry_del_prog(e, prog);
+ if (reg_destroy_name(name) < 0) {
+ log_err("Failed to destroy name %s.", name);
+ return -1;
}
- pthread_rwlock_unlock(&irmd.reg_lock);
-
- if (name == NULL)
- log_info("Program %s unbound.", prog);
- else
- log_info("All names matching %s unbound for %s.", name, prog);
+ log_info("Destroyed name: %s.", name);
return 0;
}
-static int unbind_process(pid_t pid,
- const char * name)
+int bind_program(char ** exec,
+ const char * name,
+ uint8_t flags)
{
- struct reg_entry * e;
+ struct prog_info prog;
+ struct name_info ni;
- pthread_rwlock_wrlock(&irmd.reg_lock);
+ if (name == NULL || exec == NULL || exec[0] == NULL)
+ return -EINVAL;
- if (name == NULL)
- proc_table_del(&irmd.proc_table, pid);
- else {
- struct proc_entry * en = proc_table_get(&irmd.proc_table, pid);
- if (en != NULL)
- proc_entry_del_name(en, name);
+ memset(&prog, 0, sizeof(prog));
+ memset(&ni, 0, sizeof(ni));
- e = registry_get_entry(&irmd.registry, name);
- if (e != NULL)
- reg_entry_del_pid(e, pid);
+ if (!reg_has_prog(exec[0])) {
+ strcpy(prog.name, path_strip(exec[0]));
+ strcpy(prog.path, exec[0]);
+ if (reg_create_prog(&prog) < 0)
+ goto fail_prog;
}
- pthread_rwlock_unlock(&irmd.reg_lock);
+ if (!reg_has_name(name)) {
+ ni.pol_lb = LB_SPILL;
+ strcpy(ni.name, name);
+ if (name_create(&ni) < 0)
+ goto fail_name;
+ }
- if (name == NULL)
- log_info("Process %d unbound.", pid);
- else
- log_info("All names matching %s unbound for %d.", name, pid);
+ if (reg_bind_prog(name, exec, flags) < 0) {
+ log_err("Failed to bind program %s to name %s", exec[0], name);
+ goto fail_bind;
+ }
+
+ log_info("Bound program %s to name %s.", exec[0], name);
return 0;
+
+ fail_bind:
+ if (strlen(ni.name) > 0)
+ reg_destroy_name(name);
+ fail_name:
+ if (strlen(prog.name) > 0)
+ reg_destroy_prog(exec[0]);
+ fail_prog:
+ return -1;
}
-static ssize_t list_ipcps(ipcp_info_msg_t *** ipcps,
- size_t * n_ipcps)
+int bind_process(pid_t pid,
+ const char * name)
{
- struct list_head * p;
- int i = 0;
+ struct timespec abstime;
+ struct timespec timeo = TIMESPEC_INIT_MS(10);
+ struct name_info ni;
- pthread_rwlock_rdlock(&irmd.reg_lock);
+ if (name == NULL)
+ return -EINVAL;
- *n_ipcps = irmd.n_ipcps;
- if (*n_ipcps == 0) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- return 0;
- }
+ clock_gettime(PTHREAD_COND_CLOCK, &abstime);
+ ts_add(&abstime, &timeo, &abstime);
- *ipcps = malloc(irmd.n_ipcps * sizeof(**ipcps));
- if (*ipcps == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- *n_ipcps = 0;
- return -ENOMEM;
+ if (reg_wait_proc(pid, &abstime) < 0) {
+ log_err("Process %d does not %s.", pid,
+ kill(pid, 0) ? "exist" : "respond");
+ goto fail;
}
- list_for_each(p, &irmd.ipcps) {
- struct ipcp_entry * e = list_entry(p, struct ipcp_entry, next);
- (*ipcps)[i] = malloc(sizeof(***ipcps));
- if ((*ipcps)[i] == NULL) {
- --i;
- goto fail;
- }
-
- ipcp_info_msg__init((*ipcps)[i]);
- (*ipcps)[i]->name = strdup(e->name);
- if ((*ipcps)[i]->name == NULL)
- goto fail;
+ memset(&ni, 0, sizeof(ni));
- (*ipcps)[i]->layer = strdup(
- e->layer != NULL ? e->layer : "Not enrolled");
- if ((*ipcps)[i]->layer == NULL)
+ if (!reg_has_name(name)) {
+ ni.pol_lb = LB_SPILL;
+ strcpy(ni.name, name);
+ if (name_create(&ni) < 0)
goto fail;
+ }
- (*ipcps)[i]->pid = e->pid;
- (*ipcps)[i++]->type = e->type;
- }
+ if (reg_bind_proc(name, pid) < 0) {
+ log_err("Failed to add name %s to process %d.", name, pid);
+ goto fail_bind;
+ }
- pthread_rwlock_unlock(&irmd.reg_lock);
+ log_info("Bound process %d to name %s.", pid, name);
return 0;
+ fail_bind:
+ if (strlen(ni.name) > 0)
+ reg_destroy_name(name);
fail:
- pthread_rwlock_unlock(&irmd.reg_lock);
- while (i >= 0) {
- free((*ipcps)[i]->layer);
- free((*ipcps)[i]->name);
- free(*ipcps[i--]);
- }
- free(*ipcps);
- *n_ipcps = 0;
- return -ENOMEM;
+ return -1;
+
}
-static int name_create(const char * name,
- enum pol_balance pol)
+static int unbind_program(const char * prog,
+ const char * name)
{
- struct reg_entry * re;
- struct list_head * p;
-
- assert(name);
-
- pthread_rwlock_wrlock(&irmd.reg_lock);
-
- if (registry_has_name(&irmd.registry, name)) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- log_err("Registry entry for %s already exists.", name);
- return -ENAME;
- }
+ if (prog == NULL)
+ return -EINVAL;
- re = registry_add_name(&irmd.registry, name);
- if (re == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- log_err("Failed creating registry entry for %s.", name);
- return -ENOMEM;
- }
- ++irmd.n_names;
- reg_entry_set_policy(re, pol);
-
- /* check the tables for existing bindings */
- list_for_each(p, &irmd.proc_table) {
- struct list_head * q;
- struct proc_entry * e;
- e = list_entry(p, struct proc_entry, next);
- list_for_each(q, &e->names) {
- struct str_el * s;
- s = list_entry(q, struct str_el, next);
- if (!strcmp(s->str, name))
- reg_entry_add_pid(re, e->pid);
+ if (name == NULL) {
+ if (reg_destroy_prog(prog) < 0) {
+ log_err("Failed to unbind %s.", prog);
+ goto fail;
}
- }
-
- list_for_each(p, &irmd.prog_table) {
- struct list_head * q;
- struct prog_entry * e;
- e = list_entry(p, struct prog_entry, next);
- list_for_each(q, &e->names) {
- struct str_el * s;
- s = list_entry(q, struct str_el, next);
- if (!strcmp(s->str, name))
- reg_entry_add_prog(re, e);
+ log_info("Program %s unbound.", prog);
+ } else {
+ if (reg_unbind_prog(name, prog) < 0) {
+ log_err("Failed to unbind %s from %s", prog, name);
+ goto fail;
}
+ log_info("Name %s unbound for %s.", name, prog);
}
- pthread_rwlock_unlock(&irmd.reg_lock);
-
- log_info("Created new name: %s.", name);
-
return 0;
+
+ fail:
+ return -1;
}
-static int name_destroy(const char * name)
+static int unbind_process(pid_t pid,
+ const char * name)
{
- assert(name);
-
- pthread_rwlock_wrlock(&irmd.reg_lock);
-
- if (!registry_has_name(&irmd.registry, name)) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- log_warn("Registry entry for %s does not exist.", name);
- return -ENAME;
+ if (name == NULL) {
+ if (reg_destroy_proc(pid) < 0) {
+ log_err("Failed to unbind %d.", pid);
+ goto fail;
+ }
+ log_info("Process %d unbound.", pid);
+ } else {
+ if (reg_unbind_proc(name, pid) < 0) {
+ log_err("Failed to unbind %d from %s", pid, name);
+ goto fail;
+ }
+ log_info("Name %s unbound for process %d.", name, pid);
}
- registry_del_name(&irmd.registry, name);
- --irmd.n_names;
-
- pthread_rwlock_unlock(&irmd.reg_lock);
-
- log_info("Destroyed name: %s.", name);
-
return 0;
+
+ fail:
+ return -1;
}
-static ssize_t list_names(name_info_msg_t *** names,
- size_t * n_names)
+static int list_ipcps(ipcp_list_msg_t *** ipcps,
+ size_t * n_ipcps)
{
- struct list_head * p;
- int i = 0;
+ int n;
- pthread_rwlock_rdlock(&irmd.reg_lock);
-
- *n_names = irmd.n_names;
- if (*n_names == 0) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- return 0;
- }
-
- *names = malloc(irmd.n_names * sizeof(**names));
- if (*names == NULL) {
- *n_names = 0;
- pthread_rwlock_unlock(&irmd.reg_lock);
- return -ENOMEM;
- }
+ n = reg_list_ipcps(ipcps);
+ if (n < 0)
+ goto fail;
- list_for_each(p, &irmd.registry) {
- struct reg_entry * e = list_entry(p, struct reg_entry, next);
+ *n_ipcps = (size_t) n;
- (*names)[i] = malloc(sizeof(***names));
- if ((*names)[i] == NULL) {
- --i;
- goto fail;
- }
+ return 0;
+ fail:
+ *ipcps = NULL;
+ *n_ipcps = 0;
+ return -1;
+}
- name_info_msg__init((*names)[i]);
- (*names)[i]->name = strdup(e->name);
- if ((*names)[i]->name == NULL)
- goto fail;
+static int list_names(name_info_msg_t *** names,
+ size_t * n_names)
+{
+ int n;
- (*names)[i++]->pol_lb = e->pol_lb;
- }
+ n = reg_list_names(names);
+ if (n < 0)
+ goto fail;
- pthread_rwlock_unlock(&irmd.reg_lock);
+ *n_names = (size_t) n;
return 0;
-
fail:
- pthread_rwlock_unlock(&irmd.reg_lock);
- while (i >= 0) {
- free((*names)[i]->name);
- free(*names[i--]);
- }
- free(*names);
+ *names = NULL;
*n_names = 0;
- return -ENOMEM;
+ return -1;
}
-static int name_reg(const char * name,
- pid_t pid)
+int name_reg(const char * name,
+ pid_t pid)
{
- size_t len;
- struct ipcp_entry * ipcp;
- uint8_t * hash;
- int err;
+ struct ipcp_info info;
+ struct layer_info layer;
+ buffer_t hash;
assert(name);
- pthread_rwlock_wrlock(&irmd.reg_lock);
-
- if (!registry_has_name(&irmd.registry, name)) {
- err = -ENAME;
- goto fail;
- }
+ info.pid = pid;
- ipcp = get_ipcp_entry_by_pid(pid);
- if (ipcp == NULL) {
- err = -EIPCP;
- goto fail;
+ if (!reg_has_name(name)) {
+ log_err("Failed to get name %s.", name);
+ return -ENAME;
}
- if (ipcp->layer == NULL) {
- err = -EPERM;
- goto fail;
+ if (reg_get_ipcp(&info, &layer) < 0) {
+ log_err("Failed to get IPCP %d.", pid);
+ return -EIPCP;
}
- len = IPCP_HASH_LEN(ipcp);
-
- hash = malloc(len);
- if (hash == NULL) {
- err = -ENOMEM;
- goto fail;
+ hash.len = hash_len((enum hash_algo) layer.dir_hash_algo);
+ hash.data = malloc(hash.len);
+ if (hash.data == NULL) {
+ log_err("Failed to malloc hash.");
+ return -ENOMEM;
}
- str_hash(ipcp->dir_hash_algo, hash, name);
- pthread_rwlock_unlock(&irmd.reg_lock);
+ str_hash((enum hash_algo) layer.dir_hash_algo, hash.data, name);
- if (ipcp_reg(pid, hash, len)) {
- log_err("Could not register " HASH_FMT " with IPCP %d.",
- HASH_VAL(hash), pid);
- free(hash);
- return -1;
+ if (ipcp_reg(pid, hash)) {
+ log_err("Could not register " HASH_FMT32 " with IPCP %d.",
+ HASH_VAL32(hash.data), pid);
+ goto fail_hash;
}
- log_info("Registered %s with IPCP %d as " HASH_FMT ".",
- name, pid, HASH_VAL(hash));
+ log_info("Registered %s with IPCP %d as " HASH_FMT32 ".",
+ name, pid, HASH_VAL32(hash.data));
- free(hash);
+ freebuf(hash);
return 0;
-fail:
- pthread_rwlock_unlock(&irmd.reg_lock);
- return err;
+ fail_hash:
+ freebuf(hash);
+ return -1;
}
static int name_unreg(const char * name,
pid_t pid)
{
- struct ipcp_entry * ipcp;
- int err;
- uint8_t * hash;
- size_t len;
+ struct ipcp_info info;
+ struct layer_info layer;
+ buffer_t hash;
assert(name);
- pthread_rwlock_wrlock(&irmd.reg_lock);
+ info.pid = pid;
- ipcp = get_ipcp_entry_by_pid(pid);
- if (ipcp == NULL) {
- err = -EIPCP;
- goto fail;
+ if (!reg_has_name(name)) {
+ log_err("Failed to get name %s.", name);
+ return -ENAME;
}
- if (ipcp->layer == NULL) {
- err = -EPERM;
- goto fail;
+ if (reg_get_ipcp(&info, &layer) < 0) {
+ log_err("Failed to get IPCP %d.", pid);
+ return -EIPCP;
}
- len = IPCP_HASH_LEN(ipcp);
-
- hash = malloc(len);
- if (hash == NULL) {
- err = -ENOMEM;
- goto fail;
+ hash.len = hash_len((enum hash_algo) layer.dir_hash_algo);
+ hash.data = malloc(hash.len);
+ if (hash.data == NULL) {
+ log_err("Failed to malloc hash.");
+ return -ENOMEM;
}
- str_hash(ipcp->dir_hash_algo, hash, name);
-
- pthread_rwlock_unlock(&irmd.reg_lock);
+ str_hash((enum hash_algo) layer.dir_hash_algo, hash.data, name);
- if (ipcp_unreg(pid, hash, len)) {
+ if (ipcp_unreg(pid, hash)) {
log_err("Could not unregister %s with IPCP %d.", name, pid);
- free(hash);
- return -1;
+ goto fail_hash;
}
log_info("Unregistered %s from %d.", name, pid);
- free(hash);
+ freebuf(hash);
return 0;
- fail:
- pthread_rwlock_unlock(&irmd.reg_lock);
- return err;
+ fail_hash:
+ freebuf(hash);
+ return -1;
}
-static int proc_announce(pid_t pid,
- char * prog)
+static int get_peer_ids(int fd,
+ uid_t * uid,
+ gid_t * gid)
{
- struct proc_entry * e;
- struct prog_entry * a;
- char * prog_dup;
-
- assert(prog);
-
- prog_dup = strdup(prog);
- if (prog_dup == NULL)
- return -ENOMEM;
-
- e = proc_entry_create(pid, prog_dup);
- if (e == NULL) {
- free(prog_dup);
- return -ENOMEM;
- }
+#if defined(__linux__)
+ struct ucred ucred;
+ socklen_t len;
- pthread_rwlock_wrlock(&irmd.reg_lock);
+ len = sizeof(ucred);
- proc_table_add(&irmd.proc_table, e);
+ if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &len) < 0)
+ goto fail;
- /* Copy listen names from program if it exists. */
- a = prog_table_get(&irmd.prog_table, e->prog);
- if (a != NULL) {
- struct list_head * p;
- list_for_each(p, &a->names) {
- struct str_el * s = list_entry(p, struct str_el, next);
- struct str_el * n = malloc(sizeof(*n));
- if (n == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- return -ENOMEM;
- }
+ *uid = ucred.uid;
+ *gid = ucred.gid;
+#else
+ if (getpeereid(fd, uid, gid) < 0)
+ goto fail;
+#endif
+ return 0;
+ fail:
+ return -1;
+}
- n->str = strdup(s->str);
- if (n->str == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- free(n);
- return -ENOMEM;
- }
+static int proc_announce(const struct proc_info * info)
+{
+ if (reg_prepare_pool(info->uid, info->gid) < 0) {
+ log_err("Failed to prepare pool for uid %d.", info->uid);
+ goto fail;
+ }
- list_add(&n->next, &e->names);
- log_dbg("Process %d inherits name %s from program %s.",
- pid, n->str, e->prog);
- }
+ if (reg_create_proc(info) < 0) {
+ log_err("Failed to add process %d.", info->pid);
+ goto fail;
}
- pthread_rwlock_unlock(&irmd.reg_lock);
+ log_info("Process added: %d (%s).", info->pid, info->prog);
return 0;
+
+ fail:
+ return -1;
}
-static int flow_accept(pid_t pid,
- struct timespec * timeo,
- struct irm_flow * f_out,
- const void * data,
- size_t len)
+static int proc_exit(pid_t pid)
{
- struct irm_flow * f = NULL;
- struct proc_entry * pe = NULL;
- struct reg_entry * re = NULL;
- struct list_head * p = NULL;
-
- pid_t pid_n;
- pid_t pid_n_1;
- int flow_id;
- int ret;
-
- pthread_rwlock_wrlock(&irmd.reg_lock);
-
- pe = proc_table_get(&irmd.proc_table, pid);
- if (pe == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- log_err("Unknown process %d calling accept.", pid);
- return -EINVAL;
- }
+ if (reg_destroy_proc(pid) < 0)
+ log_err("Failed to remove process %d.", pid);
- log_dbg("New instance (%d) of %s added.", pid, pe->prog);
- log_dbg("This process accepts flows for:");
+ log_info("Process removed: %d.", pid);
- list_for_each(p, &pe->names) {
- struct str_el * s = list_entry(p, struct str_el, next);
- log_dbg(" %s", s->str);
- re = registry_get_entry(&irmd.registry, s->str);
- if (re != NULL)
- reg_entry_add_pid(re, pid);
- }
+ return 0;
+}
- pthread_rwlock_unlock(&irmd.reg_lock);
+static void __cleanup_flow(void * flow)
+{
+ reg_destroy_flow(((struct flow_info *) flow)->id);
+}
- ret = proc_entry_sleep(pe, timeo);
- if (ret == -ETIMEDOUT)
- return -ETIMEDOUT;
+static int flow_accept(struct flow_info * flow,
+ buffer_t * data,
+ struct timespec * abstime,
+ struct crypt_sk * sk)
+{
+ buffer_t req_hdr;
+ buffer_t resp_hdr;
+ char name[NAME_SIZE + 1];
+ struct name_info info;
+ int err;
- if (ret == -1)
- return -EPIPE;
+ assert(data != NULL && BUF_IS_EMPTY(data));
- if (irmd_get_state() != IRMD_RUNNING)
- return -EIRMD;
+ clrbuf(req_hdr);
+ clrbuf(resp_hdr);
- pthread_rwlock_rdlock(&irmd.flows_lock);
+ if (!reg_has_proc(flow->n_pid)) {
+ log_err("Unknown process %d calling accept.", flow->n_pid);
+ err = -EINVAL;
+ goto fail_flow;
+ }
- f = get_irm_flow_n(pid);
- if (f == NULL) {
- pthread_rwlock_unlock(&irmd.flows_lock);
- log_warn("Port_id was not created yet.");
- return -EPERM;
+ if (reg_create_flow(flow) < 0) {
+ log_err("Failed to create flow.");
+ err = -EBADF;
+ goto fail_flow;
}
- pid_n = f->n_pid;
- pid_n_1 = f->n_1_pid;
- flow_id = f->flow_id;
-
- pthread_rwlock_unlock(&irmd.flows_lock);
- pthread_rwlock_rdlock(&irmd.reg_lock);
-
- pe = proc_table_get(&irmd.proc_table, pid);
- if (pe == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- pthread_rwlock_wrlock(&irmd.flows_lock);
- list_del(&f->next);
- bmp_release(irmd.flow_ids, f->flow_id);
- pthread_rwlock_unlock(&irmd.flows_lock);
- ipcp_flow_alloc_resp(pid_n_1, flow_id, pid_n, -1, NULL, 0);
- clear_irm_flow(f);
- irm_flow_set_state(f, FLOW_NULL);
- irm_flow_destroy(f);
- log_dbg("Process gone while accepting flow.");
- return -EPERM;
+ if (reg_prepare_flow_accept(flow) < 0) {
+ log_err("Failed to prepare accept.");
+ err = -EBADF;
+ goto fail_wait;
}
- pthread_mutex_lock(&pe->lock);
+ pthread_cleanup_push(__cleanup_flow, flow);
- re = pe->re;
+ err = reg_wait_flow_accepted(flow, &req_hdr, abstime);
- pthread_mutex_unlock(&pe->lock);
+ pthread_cleanup_pop(false);
- if (reg_entry_get_state(re) != REG_NAME_FLOW_ARRIVED) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- pthread_rwlock_wrlock(&irmd.flows_lock);
- list_del(&f->next);
- bmp_release(irmd.flow_ids, f->flow_id);
- pthread_rwlock_unlock(&irmd.flows_lock);
- ipcp_flow_alloc_resp(pid_n_1, flow_id, pid_n, -1, NULL, 0);
- clear_irm_flow(f);
- irm_flow_set_state(f, FLOW_NULL);
- irm_flow_destroy(f);
- log_err("Entry in wrong state.");
- return -EPERM;
+ if (err == -ETIMEDOUT) {
+ log_err("Flow accept timed out.");
+ goto fail_wait;
}
- registry_del_process(&irmd.registry, pid);
-
- pthread_rwlock_unlock(&irmd.reg_lock);
-
- pthread_rwlock_wrlock(&irmd.flows_lock);
-
- f_out->flow_id = f->flow_id;
- f_out->n_pid = f->n_pid;
- f_out->n_1_pid = f->n_1_pid;
- f_out->data = f->data; /* pass owner */
- f_out->len = f->len;
- f_out->qs = f->qs;
- f->data = NULL;
- f->len = 0;
+ if (err == -1) {
+ log_dbg("Flow accept terminated.");
+ err = -EPIPE;
+ goto fail_wait;
+ }
- pthread_rwlock_unlock(&irmd.flows_lock);
+ assert(err == 0);
- if (f->qs.cypher_s == 0) { /* no crypto requested, don't send pubkey */
- data = NULL;
- len = 0;
+ if (reg_get_name_for_flow_id(name, flow->id) < 0) {
+ log_err("Failed to get name for flow %d.", flow->id);
+ err = -EIPCP;
+ goto fail_oap;
}
- if (ipcp_flow_alloc_resp(pid_n_1, flow_id, pid_n, 0, data, len)) {
- pthread_rwlock_wrlock(&irmd.flows_lock);
- list_del(&f->next);
- pthread_rwlock_unlock(&irmd.flows_lock);
- log_dbg("Failed to respond to alloc. Port_id invalidated.");
- clear_irm_flow(f);
- irm_flow_set_state(f, FLOW_NULL);
- irm_flow_destroy(f);
- return -EPERM;
+ if (reg_get_name_info(name, &info) < 0) {
+ log_err("Failed to get name info for %s.", name);
+ err = -ENAME;
+ goto fail_oap;
}
- irm_flow_set_state(f, FLOW_ALLOCATED);
+ log_dbg("IPCP %d accepting flow %d for %s.",
+ flow->n_pid, flow->id, name);
- log_info("Flow on flow_id %d allocated.", f->flow_id);
-
- return 0;
-}
+ flow->uid = reg_get_proc_uid(flow->n_pid);
-static int flow_alloc(pid_t pid,
- const char * dst,
- qosspec_t qs,
- struct timespec * timeo,
- struct irm_flow * f_out,
- bool join,
- const void * data,
- size_t len)
-{
- struct irm_flow * f;
- struct ipcp_entry * ipcp;
- int flow_id;
- int state;
- uint8_t * hash;
-
- ipcp = join ? get_ipcp_entry_by_layer(dst)
- : get_ipcp_by_dst_name(dst, pid);
- if (ipcp == NULL) {
- log_info("Destination %s unreachable.", dst);
- return -1;
+ err = oap_srv_process(&info, req_hdr, &resp_hdr, data, sk);
+ if (err < 0) {
+ log_err("OAP processing failed for %s.", name);
+ goto fail_oap;
}
- pthread_rwlock_wrlock(&irmd.flows_lock);
-
- flow_id = bmp_allocate(irmd.flow_ids);
- if (!bmp_is_id_valid(irmd.flow_ids, flow_id)) {
- pthread_rwlock_unlock(&irmd.flows_lock);
- log_err("Could not allocate flow_id.");
- return -EBADF;
+ if (ipcp_flow_alloc_resp(flow, 0, resp_hdr) < 0) {
+ log_err("Failed to respond to flow allocation.");
+ goto fail_resp;
}
- f = irm_flow_create(pid, ipcp->pid, flow_id, qs);
- if (f == NULL) {
- bmp_release(irmd.flow_ids, flow_id);
- pthread_rwlock_unlock(&irmd.flows_lock);
- log_err("Could not allocate flow_id.");
- return -ENOMEM;
- }
+ log_info("Flow %d accepted by %d for %s (uid %d).",
+ flow->id, flow->n_pid, name, flow->uid);
- list_add(&f->next, &irmd.irm_flows);
+ freebuf(req_hdr);
+ freebuf(resp_hdr);
- pthread_rwlock_unlock(&irmd.flows_lock);
+ return 0;
- assert(irm_flow_get_state(f) == FLOW_ALLOC_PENDING);
+ fail_oap:
+ ipcp_flow_alloc_resp(flow, err, resp_hdr);
+ fail_wait:
+ reg_destroy_flow(flow->id);
+ fail_flow:
+ return err;
- hash = malloc(IPCP_HASH_LEN(ipcp));
- if (hash == NULL)
- /* sanitizer cleans this */
- return -ENOMEM;
+ fail_resp:
+ flow->state = FLOW_NULL;
+ freebuf(req_hdr);
+ freebuf(resp_hdr);
+ reg_destroy_flow(flow->id);
+ return -EIPCP;
+}
- str_hash(ipcp->dir_hash_algo, hash, dst);
+static int flow_join(struct flow_info * flow,
+ const char * dst,
+ struct timespec * abstime)
+{
+ struct ipcp_info ipcp;
+ struct layer_info layer;
+ buffer_t hash;
+ buffer_t pbuf = BUF_INIT; /* nothing to piggyback */
+ int err;
- if (join) {
- if (ipcp_flow_join(ipcp->pid, flow_id, pid, hash,
- IPCP_HASH_LEN(ipcp), qs)) {
- /* sanitizer cleans this */
- log_info("Flow_join failed.");
- free(hash);
- return -EAGAIN;
- }
- } else {
- if (ipcp_flow_alloc(ipcp->pid, flow_id, pid, hash,
- IPCP_HASH_LEN(ipcp), qs, data, len)) {
- /* sanitizer cleans this */
- log_info("Flow_allocation failed.");
- free(hash);
- return -EAGAIN;
- }
+ if (reg_create_flow(flow) < 0) {
+ log_err("Failed to create flow.");
+ err = -EBADF;
+ goto fail_flow;
}
- free(hash);
+ flow->uid = reg_get_proc_uid(flow->n_pid);
- state = irm_flow_wait_state(f, FLOW_ALLOCATED, timeo);
- if (state != FLOW_ALLOCATED) {
- if (state == -ETIMEDOUT) {
- log_dbg("Flow allocation timed out");
- return -ETIMEDOUT;
- }
+ log_info("Allocating flow for %d to %s (uid %d).",
+ flow->n_pid, dst, flow->uid);
- log_info("Pending flow to %s torn down.", dst);
- return -EPIPE;
+ strcpy(layer.name, dst);
+ if (reg_get_ipcp_by_layer(&ipcp, &layer) < 0) {
+ log_err("Failed to get IPCP for layer %s.", dst);
+ err = -EIPCP;
+ goto fail_ipcp;
}
- pthread_rwlock_wrlock(&irmd.flows_lock);
+ flow->n_1_pid = ipcp.pid;
- assert(irm_flow_get_state(f) == FLOW_ALLOCATED);
-
- f_out->flow_id = f->flow_id;
- f_out->n_pid = f->n_pid;
- f_out->n_1_pid = f->n_1_pid;
- f_out->data = f->data; /* pass owner */
- f_out->len = f->len;
- f->data = NULL;
- f->len = 0;
+ hash.len = hash_len((enum hash_algo) layer.dir_hash_algo);
+ hash.data = malloc(hash.len);
+ if (hash.data == NULL) {
+ log_err("Failed to malloc hash buffer.");
+ err = -ENOMEM;
+ goto fail_ipcp;
+ }
- pthread_rwlock_unlock(&irmd.flows_lock);
+ str_hash((enum hash_algo) layer.dir_hash_algo, hash.data, dst);
- log_info("Flow on flow_id %d allocated.", flow_id);
+ reg_prepare_flow_alloc(flow);
- return 0;
-}
+ if (ipcp_flow_join(flow, hash)) {
+ log_err("Flow join with layer %s failed.", dst);
+ err = -ENOTALLOC;
+ goto fail_alloc;
+ }
-static int flow_dealloc(pid_t pid,
- int flow_id,
- time_t timeo)
-{
- pid_t n_1_pid = -1;
- int ret = 0;
+ pthread_cleanup_push(__cleanup_flow, flow);
+ pthread_cleanup_push(free, hash.data);
- struct irm_flow * f = NULL;
+ err = reg_wait_flow_allocated(flow, &pbuf, abstime);
- pthread_rwlock_wrlock(&irmd.flows_lock);
+ pthread_cleanup_pop(false);
+ pthread_cleanup_pop(false);
- f = get_irm_flow(flow_id);
- if (f == NULL) {
- pthread_rwlock_unlock(&irmd.flows_lock);
- log_dbg("Deallocate unknown port %d by %d.", flow_id, pid);
- return 0;
+ if (err == -ETIMEDOUT) {
+ log_err("Flow join timed out.");
+ goto fail_alloc;
}
- if (pid == f->n_pid) {
- f->n_pid = -1;
- n_1_pid = f->n_1_pid;
- } else if (pid == f->n_1_pid) {
- f->n_1_pid = -1;
- } else {
- pthread_rwlock_unlock(&irmd.flows_lock);
- log_dbg("Dealloc called by wrong process.");
- return -EPERM;
+ if (err == -1) {
+ log_dbg("Flow join terminated.");
+ err = -EPIPE;
+ goto fail_alloc;
}
- if (irm_flow_get_state(f) == FLOW_DEALLOC_PENDING) {
- list_del(&f->next);
- if ((kill(f->n_pid, 0) < 0 && f->n_1_pid == -1) ||
- (kill(f->n_1_pid, 0) < 0 && f->n_pid == -1))
- irm_flow_set_state(f, FLOW_NULL);
- clear_irm_flow(f);
- irm_flow_destroy(f);
- bmp_release(irmd.flow_ids, flow_id);
- log_info("Completed deallocation of flow_id %d by process %d.",
- flow_id, pid);
- } else {
- irm_flow_set_state(f, FLOW_DEALLOC_PENDING);
- log_dbg("Partial deallocation of flow_id %d by process %d.",
- flow_id, pid);
- }
+ assert(pbuf.data == NULL && pbuf.len == 0);
+ assert(err == 0);
- pthread_rwlock_unlock(&irmd.flows_lock);
+ freebuf(hash);
- if (n_1_pid != -1)
- ret = ipcp_flow_dealloc(n_1_pid, flow_id, timeo);
+ return 0;
- return ret;
+ fail_alloc:
+ freebuf(hash);
+ fail_ipcp:
+ reg_destroy_flow(flow->id);
+ fail_flow:
+ return err;
}
-static pid_t auto_execute(char ** argv)
+static int get_ipcp_by_dst(const char * dst,
+ pid_t * pid,
+ buffer_t * hash)
{
- pid_t pid;
- struct stat s;
+ ipcp_list_msg_t ** ipcps;
+ int n;
+ int i;
+ int err = -EIPCP;
- if (stat(argv[0], &s) != 0) {
- log_warn("Program %s does not exist.", argv[0]);
- return -1;
- }
+ n = reg_list_ipcps(&ipcps);
- if (!(s.st_mode & S_IXUSR)) {
- log_warn("Program %s is not executable.", argv[0]);
- return -1;
- }
+ /* Clean up the ipcp_msgs in this loop */
+ for (i = 0; i < n; ++i) {
+ enum hash_algo algo;
+ enum ipcp_type type;
+ pid_t tmp;
+ bool enrolled;
- if (posix_spawn(&pid, argv[0], NULL, NULL, argv, NULL)) {
- log_err("Failed to spawn new process");
- return -1;
- }
+ type = ipcps[i]->type;
+ algo = ipcps[i]->hash_algo;
+ tmp = ipcps[i]->pid;
- log_info("Instantiated %s as process %d.", argv[0], pid);
+ enrolled = strcmp(ipcps[i]->layer, "Not enrolled.") != 0;
- return pid;
-}
+ ipcp_list_msg__free_unpacked(ipcps[i], NULL);
-static int flow_req_arr(pid_t pid,
- struct irm_flow * f_out,
- const uint8_t * hash,
- qosspec_t qs,
- const void * data,
- size_t len)
-{
- struct reg_entry * re = NULL;
- struct prog_entry * a = NULL;
- struct proc_entry * pe = NULL;
- struct irm_flow * f = NULL;
+ if (type == IPCP_BROADCAST)
+ continue;
- struct pid_el * c_pid;
- struct ipcp_entry * ipcp;
- pid_t h_pid;
- int flow_id;
+ if (err == 0 /* solution found */ || !enrolled)
+ continue;
- struct timespec wt = {IRMD_REQ_ARR_TIMEOUT / 1000,
- (IRMD_REQ_ARR_TIMEOUT % 1000) * MILLION};
+ hash->len = hash_len(algo);
+ hash->data = malloc(hash->len);
+ if (hash->data == NULL) {
+ log_warn("Failed to malloc hash for query.");
+ err = -ENOMEM;
+ continue;
+ }
- log_dbg("Flow req arrived from IPCP %d for " HASH_FMT ".",
- pid, HASH_VAL(hash));
+ str_hash(algo, hash->data, dst);
- pthread_rwlock_rdlock(&irmd.reg_lock);
+ if (ipcp_query(tmp, *hash) < 0) {
+ freebuf(*hash);
+ continue;
+ }
- ipcp = get_ipcp_entry_by_pid(pid);
- if (ipcp == NULL) {
- log_err("IPCP died.");
- return -EIPCP;
- }
+ *pid = tmp;
- re = registry_get_entry_by_hash(&irmd.registry, ipcp->dir_hash_algo,
- hash, IPCP_HASH_LEN(ipcp));
- if (re == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- log_err("Unknown hash: " HASH_FMT ".", HASH_VAL(hash));
- return -1;
+ err = 0;
}
- log_info("Flow request arrived for %s.", re->name);
+ free(ipcps);
- pthread_rwlock_unlock(&irmd.reg_lock);
+ return err;
+}
- /* Give the process a bit of slop time to call accept */
- if (reg_entry_leave_state(re, REG_NAME_IDLE, &wt) == -1) {
- log_err("No processes for " HASH_FMT ".", HASH_VAL(hash));
- return -1;
+static int flow_alloc(const char * dst,
+ struct flow_info * flow,
+ buffer_t * data,
+ struct timespec * abstime,
+ struct crypt_sk * sk)
+{
+ buffer_t req_hdr = BUF_INIT;
+ buffer_t resp_hdr = BUF_INIT;
+ buffer_t hash = BUF_INIT;
+ struct name_info info;
+ void * ctx;
+ int err;
+
+ /* piggyback of user data not yet implemented */
+ assert(data != NULL && BUF_IS_EMPTY(data));
+
+ /* Look up name_info for dst */
+ if (reg_get_name_info(dst, &info) < 0) {
+ log_err("Failed to get name info for %s.", dst);
+ err = -ENAME;
+ goto fail_flow;
}
- pthread_rwlock_wrlock(&irmd.reg_lock);
-
- switch (reg_entry_get_state(re)) {
- case REG_NAME_IDLE:
- pthread_rwlock_unlock(&irmd.reg_lock);
- log_err("No processes for " HASH_FMT ".", HASH_VAL(hash));
- return -1;
- case REG_NAME_AUTO_ACCEPT:
- c_pid = malloc(sizeof(*c_pid));
- if (c_pid == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- return -1;
- }
-
- reg_entry_set_state(re, REG_NAME_AUTO_EXEC);
- a = prog_table_get(&irmd.prog_table,
- reg_entry_get_prog(re));
-
- if (a == NULL || (c_pid->pid = auto_execute(a->argv)) < 0) {
- reg_entry_set_state(re, REG_NAME_AUTO_ACCEPT);
- pthread_rwlock_unlock(&irmd.reg_lock);
- log_err("Could not start program for reg_entry %s.",
- re->name);
- free(c_pid);
- return -1;
- }
-
- list_add(&c_pid->next, &irmd.spawned_pids);
-
- pthread_rwlock_unlock(&irmd.reg_lock);
+ if (reg_create_flow(flow) < 0) {
+ log_err("Failed to create flow.");
+ err = -EBADF;
+ goto fail_flow;
+ }
- if (reg_entry_leave_state(re, REG_NAME_AUTO_EXEC, NULL))
- return -1;
+ flow->uid = reg_get_proc_uid(flow->n_pid);
- pthread_rwlock_wrlock(&irmd.reg_lock);
- /* FALLTHRU */
- case REG_NAME_FLOW_ACCEPT:
- h_pid = reg_entry_get_pid(re);
- if (h_pid == -1) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- log_err("Invalid process id returned.");
- return -1;
- }
+ log_info("Allocating flow for %d to %s (uid %d).",
+ flow->n_pid, dst, flow->uid);
- break;
- default:
- pthread_rwlock_unlock(&irmd.reg_lock);
- log_err("IRMd in wrong state.");
- return -1;
+ if (get_ipcp_by_dst(dst, &flow->n_1_pid, &hash) < 0) {
+ log_err("Failed to find IPCP for %s.", dst);
+ err = -EIPCP;
+ goto fail_ipcp;
}
- pthread_rwlock_unlock(&irmd.reg_lock);
- pthread_rwlock_wrlock(&irmd.flows_lock);
-
- flow_id = bmp_allocate(irmd.flow_ids);
- if (!bmp_is_id_valid(irmd.flow_ids, flow_id)) {
- pthread_rwlock_unlock(&irmd.flows_lock);
- return -1;
+ if (reg_prepare_flow_alloc(flow) < 0) {
+ log_err("Failed to prepare flow allocation.");
+ err = -EBADF;
+ goto fail_prepare;
}
- f = irm_flow_create(h_pid, pid, flow_id, qs);
- if (f == NULL) {
- bmp_release(irmd.flow_ids, flow_id);
- pthread_rwlock_unlock(&irmd.flows_lock);
- log_err("Could not allocate flow_id.");
- return -1;
+ if (oap_cli_prepare(&ctx, &info, &req_hdr, *data) < 0) {
+ log_err("Failed to prepare OAP request for %s.", dst);
+ err = -EBADF;
+ goto fail_prepare;
}
- if (len != 0) {
- assert(data);
- f->data = malloc(len);
- if (f->data == NULL) {
- bmp_release(irmd.flow_ids, flow_id);
- pthread_rwlock_unlock(&irmd.flows_lock);
- log_err("Could not piggyback data.");
- return -1;
- }
-
- f->len = len;
-
- memcpy(f->data, data, len);
+ if (ipcp_flow_alloc(flow, hash, req_hdr)) {
+ log_err("Flow allocation %d failed.", flow->id);
+ err = -EIPCP;
+ goto fail_alloc;
}
- list_add(&f->next, &irmd.irm_flows);
+ pthread_cleanup_push(__cleanup_flow, flow);
+ pthread_cleanup_push(free, hash.data);
- pthread_rwlock_unlock(&irmd.flows_lock);
- pthread_rwlock_rdlock(&irmd.reg_lock);
+ err = reg_wait_flow_allocated(flow, &resp_hdr, abstime);
- reg_entry_set_state(re, REG_NAME_FLOW_ARRIVED);
+ pthread_cleanup_pop(false);
+ pthread_cleanup_pop(false);
- pe = proc_table_get(&irmd.proc_table, h_pid);
- if (pe == NULL) {
- pthread_rwlock_unlock(&irmd.reg_lock);
- pthread_rwlock_wrlock(&irmd.flows_lock);
- clear_irm_flow(f);
- bmp_release(irmd.flow_ids, f->flow_id);
- list_del(&f->next);
- pthread_rwlock_unlock(&irmd.flows_lock);
- log_err("Could not get process table entry for %d.", h_pid);
- free(f->data);
- f->len = 0;
- irm_flow_destroy(f);
- return -1;
+ if (err == -ETIMEDOUT) {
+ log_err("Flow allocation timed out.");
+ goto fail_wait;
}
- proc_entry_wake(pe, re);
+ log_dbg("Response for flow %d to %s.", flow->id, dst);
- pthread_rwlock_unlock(&irmd.reg_lock);
+ if (err < 0) {
+ log_warn("Allocation rejected: %s (%d).", dst, err);
+ goto fail_peer;
+ }
- reg_entry_leave_state(re, REG_NAME_FLOW_ARRIVED, NULL);
+ err = oap_cli_complete(ctx, &info, resp_hdr, data, sk);
+ if (err < 0) {
+ log_err("OAP completion failed for %s.", dst);
+ goto fail_complete;
+ }
- f_out->flow_id = flow_id;
- f_out->n_pid = h_pid;
+ freebuf(req_hdr);
+ freebuf(resp_hdr);
+ freebuf(hash);
return 0;
+
+ fail_complete:
+ ctx = NULL; /* freee'd on complete */
+ fail_peer:
+ flow->state = FLOW_DEALLOCATED;
+ fail_wait:
+ freebuf(resp_hdr);
+ fail_alloc:
+ freebuf(req_hdr);
+ oap_ctx_free(ctx);
+ fail_prepare:
+ freebuf(hash);
+ fail_ipcp:
+ reg_destroy_flow(flow->id);
+ fail_flow:
+ return err;
}
-static int flow_alloc_reply(int flow_id,
- int response,
- const void * data,
- size_t len)
+static int wait_for_accept(const char * name)
{
- struct irm_flow * f;
+ struct timespec timeo = TIMESPEC_INIT_MS(IRMD_REQ_ARR_TIMEOUT);
+ struct timespec abstime;
+ char ** exec;
+ int ret;
+
+ clock_gettime(PTHREAD_COND_CLOCK, &abstime);
+ ts_add(&abstime, &timeo, &abstime);
+
+ ret = reg_wait_flow_accepting(name, &abstime);
+ if (ret == -ETIMEDOUT) {
+ if (reg_get_exec(name, &exec) < 0) {
+ log_dbg("No program bound for %s.", name);
+ goto fail;
+ }
- pthread_rwlock_wrlock(&irmd.flows_lock);
+ if (spawn_program(exec) < 0) {
+ log_err("Failed to start %s for %s.", exec[0], name);
+ goto fail_spawn;
+ }
- f = get_irm_flow(flow_id);
- if (f == NULL) {
- pthread_rwlock_unlock(&irmd.flows_lock);
- return -1;
- }
+ log_info("Starting %s for %s.", exec[0], name);
- if (!response)
- irm_flow_set_state(f, FLOW_ALLOCATED);
- else
- irm_flow_set_state(f, FLOW_NULL);
+ ts_add(&abstime, &timeo, &abstime);
- f->data = malloc(len);
- if (f->data == NULL) {
- pthread_rwlock_unlock(&irmd.flows_lock);
- return -1;
- }
+ ret = reg_wait_flow_accepting(name, &abstime);
+ if (ret == -ETIMEDOUT)
+ goto fail_spawn;
- memcpy(f->data, data, len);
- f->len = len;
+ argvfree(exec);
+ }
- pthread_rwlock_unlock(&irmd.flows_lock);
+ return ret;
- return 0;
+ fail_spawn:
+ argvfree(exec);
+ fail:
+ return -1;
}
-static void irm_fini(void)
+static int flow_req_arr(struct flow_info * flow,
+ const uint8_t * hash,
+ buffer_t * data)
{
- struct list_head * p;
- struct list_head * h;
+ struct ipcp_info info;
+ struct layer_info layer;
+ enum hash_algo algo;
+ int ret;
+ char name[NAME_SIZE + 1];
- if (irmd_get_state() != IRMD_NULL)
- log_warn("Unsafe destroy.");
+ info.pid = flow->n_1_pid;
- pthread_rwlock_wrlock(&irmd.reg_lock);
+ log_dbg("Flow req arrived from IPCP %d for " HASH_FMT32 ".",
+ info.pid, HASH_VAL32(hash));
- /* Clear the lists. */
- list_for_each_safe(p, h, &irmd.ipcps) {
- struct ipcp_entry * e = list_entry(p, struct ipcp_entry, next);
- list_del(&e->next);
- ipcp_entry_destroy(e);
+ if (reg_get_ipcp(&info, &layer) < 0) {
+ log_err("No IPCP with pid %d.", info.pid);
+ ret = -EIPCP;
+ goto fail;
}
- list_for_each(p, &irmd.spawned_pids) {
- struct pid_el * e = list_entry(p, struct pid_el, next);
- if (kill(e->pid, SIGTERM))
- log_dbg("Could not send kill signal to %d.", e->pid);
- }
+ algo = (enum hash_algo) layer.dir_hash_algo;
- list_for_each_safe(p, h, &irmd.spawned_pids) {
- struct pid_el * e = list_entry(p, struct pid_el, next);
- int status;
- if (waitpid(e->pid, &status, 0) < 0)
- log_dbg("Error waiting for %d to exit.", e->pid);
- list_del(&e->next);
- registry_del_process(&irmd.registry, e->pid);
- free(e);
+ if (reg_get_name_for_hash(name, algo, hash) < 0) {
+ log_warn("No name for " HASH_FMT32 ".", HASH_VAL32(hash));
+ ret = -ENAME;
+ goto fail;
}
- list_for_each_safe(p, h, &irmd.prog_table) {
- struct prog_entry * e = list_entry(p, struct prog_entry, next);
- list_del(&e->next);
- prog_entry_destroy(e);
- }
+ log_info("Flow request arrived for %s.", name);
- list_for_each_safe(p, h, &irmd.proc_table) {
- struct proc_entry * e = list_entry(p, struct proc_entry, next);
- list_del(&e->next);
- e->state = PROC_INIT; /* sanitizer already joined */
- proc_entry_destroy(e);
+ ret = wait_for_accept(name);
+ if (ret < 0) {
+ log_err("No active process for %s.", name);
+ goto fail;
}
- registry_destroy(&irmd.registry);
-
- pthread_rwlock_unlock(&irmd.reg_lock);
-
- close(irmd.sockfd);
-
- if (unlink(IRM_SOCK_PATH))
- log_dbg("Failed to unlink %s.", IRM_SOCK_PATH);
-
- pthread_rwlock_wrlock(&irmd.flows_lock);
-
- if (irmd.flow_ids != NULL)
- bmp_destroy(irmd.flow_ids);
+ flow->id = ret;
+ flow->state = FLOW_ALLOCATED;
- list_for_each_safe(p, h, &irmd.irm_flows) {
- struct irm_flow * f = list_entry(p, struct irm_flow, next);
- list_del(&f->next);
- irm_flow_destroy(f);
+ ret = reg_respond_accept(flow, data);
+ if (ret < 0) {
+ log_err("Failed to respond to flow %d.", flow->id);
+ goto fail;
}
- pthread_rwlock_unlock(&irmd.flows_lock);
-
-
- if (irmd.rdrb != NULL)
- shm_rdrbuff_destroy(irmd.rdrb);
-
- if (irmd.lf != NULL)
- lockfile_destroy(irmd.lf);
-
- pthread_mutex_destroy(&irmd.cmd_lock);
- pthread_cond_destroy(&irmd.cmd_cond);
- pthread_rwlock_destroy(&irmd.flows_lock);
- pthread_rwlock_destroy(&irmd.reg_lock);
- pthread_rwlock_destroy(&irmd.state_lock);
-
-#ifdef HAVE_FUSE
- if (rmdir(FUSE_PREFIX))
- log_dbg("Failed to remove " FUSE_PREFIX);
-#endif
+ return 0;
+ fail:
+ return ret;
}
-void * irm_sanitize(void * o)
+static int flow_alloc_reply(struct flow_info * flow,
+ int response,
+ buffer_t * data)
{
- struct timespec now;
- struct list_head * p = NULL;
- struct list_head * h = NULL;
+ flow->state = response != 0 ? FLOW_DEALLOCATED : FLOW_ALLOCATED;
- struct timespec timeout = {IRMD_CLEANUP_TIMER / BILLION,
- IRMD_CLEANUP_TIMER % BILLION};
- int s;
+ if (reg_respond_alloc(flow, data, response) < 0) {
+ log_err("Failed to reply to flow %d.", flow->id);
+ flow->state = FLOW_DEALLOCATED;
+ return -EBADF;
+ }
- (void) o;
+ return 0;
+}
- while (true) {
- if (clock_gettime(CLOCK_MONOTONIC, &now) < 0)
- log_warn("Failed to get time.");
-
- if (irmd_get_state() != IRMD_RUNNING)
- return (void *) 0;
-
- pthread_rwlock_wrlock(&irmd.reg_lock);
-
- list_for_each_safe(p, h, &irmd.spawned_pids) {
- struct pid_el * e = list_entry(p, struct pid_el, next);
- waitpid(e->pid, &s, WNOHANG);
- if (kill(e->pid, 0) >= 0)
- continue;
- log_dbg("Child process %d died, error %d.", e->pid, s);
- list_del(&e->next);
- free(e);
- }
+static int flow_dealloc(struct flow_info * flow,
+ struct timespec * ts)
+{
+ log_info("Deallocating flow %d for process %d (timeout: %ld s).",
+ flow->id, flow->n_pid, ts->tv_sec);
- list_for_each_safe(p, h, &irmd.proc_table) {
- struct proc_entry * e =
- list_entry(p, struct proc_entry, next);
- if (kill(e->pid, 0) >= 0)
- continue;
- log_dbg("Dead process removed: %d.", e->pid);
- list_del(&e->next);
- proc_entry_destroy(e);
- }
+ reg_dealloc_flow(flow);
- list_for_each_safe(p, h, &irmd.ipcps) {
- struct ipcp_entry * e =
- list_entry(p, struct ipcp_entry, next);
- if (kill(e->pid, 0) >= 0)
- continue;
- log_dbg("Dead IPCP removed: %d.", e->pid);
- list_del(&e->next);
- ipcp_entry_destroy(e);
- }
+ if (ipcp_flow_dealloc(flow->n_1_pid, flow->id, ts->tv_sec) < 0) {
+ log_err("Failed to request dealloc from %d.", flow->n_1_pid);
+ return -EIPCP;
+ }
- list_for_each_safe(p, h, &irmd.registry) {
- struct list_head * p2;
- struct list_head * h2;
- struct reg_entry * e =
- list_entry(p, struct reg_entry, next);
- list_for_each_safe(p2, h2, &e->reg_pids) {
- struct pid_el * a =
- list_entry(p2, struct pid_el, next);
- if (kill(a->pid, 0) >= 0)
- continue;
- log_dbg("Dead process removed from: %d %s.",
- a->pid, e->name);
- reg_entry_del_pid_el(e, a);
- }
- }
+ return 0;
+}
- pthread_rwlock_unlock(&irmd.reg_lock);
- pthread_rwlock_wrlock(&irmd.flows_lock);
-
- list_for_each_safe(p, h, &irmd.irm_flows) {
- int ipcpi;
- int flow_id;
- struct irm_flow * f =
- list_entry(p, struct irm_flow, next);
-
- if (irm_flow_get_state(f) == FLOW_ALLOC_PENDING
- && ts_diff_ms(&f->t0, &now) > IRMD_FLOW_TIMEOUT) {
- log_dbg("Pending flow_id %d timed out.",
- f->flow_id);
- f->n_pid = -1;
- irm_flow_set_state(f, FLOW_DEALLOC_PENDING);
- continue;
- }
+static int flow_dealloc_resp(struct flow_info * flow)
+{
+ reg_dealloc_flow_resp(flow);
- if (kill(f->n_pid, 0) < 0) {
- log_dbg("Process %d gone, deallocating "
- "flow %d.",
- f->n_pid, f->flow_id);
- f->n_pid = -1;
- irm_flow_set_state(f, FLOW_DEALLOC_PENDING);
- ipcpi = f->n_1_pid;
- flow_id = f->flow_id;
- pthread_rwlock_unlock(&irmd.flows_lock);
- ipcp_flow_dealloc(ipcpi, flow_id, DEALLOC_TIME);
- pthread_rwlock_wrlock(&irmd.flows_lock);
- continue;
- }
+ assert(flow->state == FLOW_DEALLOCATED);
- if (kill(f->n_1_pid, 0) < 0) {
- struct shm_flow_set * set;
- log_err("IPCP %d gone, flow %d removed.",
- f->n_1_pid, f->flow_id);
- set = shm_flow_set_open(f->n_pid);
- if (set != NULL)
- shm_flow_set_destroy(set);
- f->n_1_pid = -1;
- irm_flow_set_state(f, FLOW_DEALLOC_PENDING);
- }
- }
+ reg_destroy_flow(flow->id);
- pthread_rwlock_unlock(&irmd.flows_lock);
+ log_info("Completed deallocation of flow_id %d by process %d.",
+ flow->id, flow->n_1_pid);
- nanosleep(&timeout, NULL);
- }
+ return 0;
}
static void * acceptloop(void * o)
{
int csockfd;
- struct timeval tv = {(SOCKET_TIMEOUT / 1000),
- (SOCKET_TIMEOUT % 1000) * 1000};
(void) o;
- while (irmd_get_state() == IRMD_RUNNING) {
+ while (true) {
struct cmd * cmd;
csockfd = accept(irmd.sockfd, 0, 0);
if (csockfd < 0)
continue;
- if (setsockopt(csockfd, SOL_SOCKET, SO_RCVTIMEO,
- (void *) &tv, sizeof(tv)))
- log_warn("Failed to set timeout on socket.");
-
cmd = malloc(sizeof(*cmd));
if (cmd == NULL) {
log_err("Out of memory.");
@@ -2024,40 +1369,256 @@ static void * acceptloop(void * o)
return (void *) 0;
}
-static void free_msg(void * o)
+static void __cleanup_irm_msg(void * o)
{
irm_msg__free_unpacked((irm_msg_t *) o, NULL);
}
-static void * mainloop(void * o)
+static irm_msg_t * do_command_msg(irm_msg_t * msg,
+ int fd)
{
- int sfd;
- irm_msg_t * msg;
- buffer_t buffer;
+ struct ipcp_config conf;
+ struct ipcp_info ipcp;
+ struct flow_info flow;
+ struct proc_info proc;
+ struct name_info name;
+ struct crypt_sk sk;
+ uint8_t kbuf[SYMMKEYSZ]; /* stack buffer for OAP */
+ uint8_t * hbuf = NULL; /* heap copy for response */
+ struct timespec * abstime;
+ struct timespec max = TIMESPEC_INIT_MS(FLOW_ALLOC_TIMEOUT);
+ struct timespec now;
+ struct timespec ts = TIMESPEC_INIT_S(0); /* static analysis */
+ int res;
+ irm_msg_t * ret_msg;
+ buffer_t data;
- (void) o;
+ memset(&flow, 0, sizeof(flow));
- while (true) {
- irm_msg_t * ret_msg;
- struct irm_flow e;
- struct timespec * timeo = NULL;
- struct timespec ts = {0, 0};
- struct cmd * cmd;
- int result;
+ clock_gettime(PTHREAD_COND_CLOCK, &now);
+
+ if (msg->timeo != NULL) {
+ ts = timespec_msg_to_s(msg->timeo);
+ ts_add(&ts, &now, &ts);
+ abstime = &ts;
+ } else {
+ ts_add(&max, &now, &max);
+ abstime = NULL;
+ }
+
+ ret_msg = malloc(sizeof(*ret_msg));
+ if (ret_msg == NULL) {
+ log_err("Failed to malloc return msg.");
+ return NULL;
+ }
+
+ irm_msg__init(ret_msg);
+
+ ret_msg->code = IRM_MSG_CODE__IRM_REPLY;
+
+ pthread_cleanup_push(__cleanup_irm_msg, ret_msg);
+
+ switch (msg->code) {
+ case IRM_MSG_CODE__IRM_CREATE_IPCP:
+ ipcp = ipcp_info_msg_to_s(msg->ipcp_info);
+ res = create_ipcp(&ipcp);
+ break;
+ case IRM_MSG_CODE__IPCP_CREATE_R:
+ ipcp = ipcp_info_msg_to_s(msg->ipcp_info);
+ res = create_ipcp_r(&ipcp);
+ break;
+ case IRM_MSG_CODE__IRM_DESTROY_IPCP:
+ res = destroy_ipcp(msg->pid);
+ break;
+ case IRM_MSG_CODE__IRM_BOOTSTRAP_IPCP:
+ conf = ipcp_config_msg_to_s(msg->conf);
+ res = bootstrap_ipcp(msg->pid, &conf);
+ break;
+ case IRM_MSG_CODE__IRM_ENROLL_IPCP:
+ res = enroll_ipcp(msg->pid, msg->dst);
+ break;
+ case IRM_MSG_CODE__IRM_CONNECT_IPCP:
+ flow.qs = qos_spec_msg_to_s(msg->qosspec);
+ res = connect_ipcp(msg->pid, msg->dst, msg->comp, flow.qs);
+ break;
+ case IRM_MSG_CODE__IRM_DISCONNECT_IPCP:
+ res = disconnect_ipcp(msg->pid, msg->dst, msg->comp);
+ break;
+ case IRM_MSG_CODE__IRM_BIND_PROGRAM:
+ /* Terminate with NULL instead of "" */
+ free(msg->exec[msg->n_exec - 1]);
+ msg->exec[msg->n_exec - 1] = NULL;
+ res = bind_program(msg->exec, msg->name, msg->opts);
+ break;
+ case IRM_MSG_CODE__IRM_UNBIND_PROGRAM:
+ res = unbind_program(msg->prog, msg->name);
+ break;
+ case IRM_MSG_CODE__IRM_PROC_ANNOUNCE:
+ proc.pid = msg->pid;
+ strcpy(proc.prog, msg->prog);
+ res = get_peer_ids(fd, &proc.uid, &proc.gid);
+ if (res < 0)
+ log_err("Failed to get UID/GID for pid %d.", msg->pid);
+ else
+ res = proc_announce(&proc);
+ break;
+ case IRM_MSG_CODE__IRM_PROC_EXIT:
+ res = proc_exit(msg->pid);
+ break;
+ case IRM_MSG_CODE__IRM_BIND_PROCESS:
+ res = bind_process(msg->pid, msg->name);
+ break;
+ case IRM_MSG_CODE__IRM_UNBIND_PROCESS:
+ res = unbind_process(msg->pid, msg->name);
+ break;
+ case IRM_MSG_CODE__IRM_LIST_IPCPS:
+ res = list_ipcps(&ret_msg->ipcps, &ret_msg->n_ipcps);
+ break;
+ case IRM_MSG_CODE__IRM_CREATE_NAME:
+ name = name_info_msg_to_s(msg->name_info);
+ res = name_create(&name);
+ break;
+ case IRM_MSG_CODE__IRM_DESTROY_NAME:
+ res = name_destroy(msg->name);
+ break;
+ case IRM_MSG_CODE__IRM_LIST_NAMES:
+ res = list_names(&ret_msg->names, &ret_msg->n_names);
+ break;
+ case IRM_MSG_CODE__IRM_REG_NAME:
+ res = name_reg(msg->name, msg->pid);
+ break;
+ case IRM_MSG_CODE__IRM_UNREG_NAME:
+ res = name_unreg(msg->name, msg->pid);
+ break;
+ case IRM_MSG_CODE__IRM_FLOW_ACCEPT:
+ tpm_wait_work(irmd.tpm);
+ data.len = msg->pk.len;
+ data.data = msg->pk.data;
+ msg->has_pk = false;
+ assert(data.len > 0 ? data.data != NULL : data.data == NULL);
+ flow = flow_info_msg_to_s(msg->flow_info);
+ sk.key = kbuf;
+ res = flow_accept(&flow, &data, abstime, &sk);
+ if (res == 0) {
+ ret_msg->flow_info = flow_info_s_to_msg(&flow);
+ ret_msg->has_pk = data.len != 0;
+ ret_msg->pk.data = data.data;
+ ret_msg->pk.len = data.len;
+ ret_msg->has_cipher_nid = true;
+ ret_msg->cipher_nid = sk.nid;
+ if (sk.nid != NID_undef) {
+ hbuf = malloc(SYMMKEYSZ);
+ if (hbuf == NULL) {
+ log_err("Failed to malloc key buf");
+ return NULL;
+ }
+
+ memcpy(hbuf, kbuf, SYMMKEYSZ);
+ ret_msg->sym_key.data = hbuf;
+ ret_msg->sym_key.len = SYMMKEYSZ;
+ ret_msg->has_sym_key = true;
+ }
+ }
+ break;
+ case IRM_MSG_CODE__IRM_FLOW_ALLOC:
+ data.len = msg->pk.len;
+ data.data = msg->pk.data;
+ msg->has_pk = false;
+ assert(data.len > 0 ? data.data != NULL : data.data == NULL);
+ flow = flow_info_msg_to_s(msg->flow_info);
+ abstime = abstime == NULL ? &max : abstime;
+ sk.key = kbuf;
+ res = flow_alloc(msg->dst, &flow, &data, abstime, &sk);
+ if (res == 0) {
+ ret_msg->flow_info = flow_info_s_to_msg(&flow);
+ ret_msg->has_pk = data.len != 0;
+ ret_msg->pk.data = data.data;
+ ret_msg->pk.len = data.len;
+ ret_msg->has_cipher_nid = true;
+ ret_msg->cipher_nid = sk.nid;
+ if (sk.nid != NID_undef) {
+ hbuf = malloc(SYMMKEYSZ);
+ if (hbuf == NULL) {
+ log_err("Failed to malloc key buf");
+ return NULL;
+ }
+ memcpy(hbuf, kbuf, SYMMKEYSZ);
+ ret_msg->sym_key.data = hbuf;
+ ret_msg->sym_key.len = SYMMKEYSZ;
+ ret_msg->has_sym_key = true;
+ }
+ }
+ break;
+ case IRM_MSG_CODE__IRM_FLOW_JOIN:
+ assert(msg->pk.len == 0 && msg->pk.data == NULL);
+ flow = flow_info_msg_to_s(msg->flow_info);
+ abstime = abstime == NULL ? &max : abstime;
+ res = flow_join(&flow, msg->dst, abstime);
+ if (res == 0)
+ ret_msg->flow_info = flow_info_s_to_msg(&flow);
+ break;
+ case IRM_MSG_CODE__IRM_FLOW_DEALLOC:
+ flow = flow_info_msg_to_s(msg->flow_info);
+ ts = timespec_msg_to_s(msg->timeo);
+ res = flow_dealloc(&flow, &ts);
+ break;
+ case IRM_MSG_CODE__IPCP_FLOW_DEALLOC:
+ flow = flow_info_msg_to_s(msg->flow_info);
+ res = flow_dealloc_resp(&flow);
+ break;
+ case IRM_MSG_CODE__IPCP_FLOW_REQ_ARR:
+ data.len = msg->pk.len;
+ data.data = msg->pk.data;
+ msg->pk.data = NULL; /* pass data */
+ msg->pk.len = 0;
+ assert(data.len > 0 ? data.data != NULL : data.data == NULL);
+ flow = flow_info_msg_to_s(msg->flow_info);
+ res = flow_req_arr(&flow, msg->hash.data, &data);
+ if (res == 0)
+ ret_msg->flow_info = flow_info_s_to_msg(&flow);
+ break;
+ case IRM_MSG_CODE__IPCP_FLOW_ALLOC_REPLY:
+ data.len = msg->pk.len;
+ data.data = msg->pk.data;
+ msg->pk.data = NULL; /* pass data */
+ msg->pk.len = 0;
+ assert(data.len > 0 ? data.data != NULL : data.data == NULL);
+ flow = flow_info_msg_to_s(msg->flow_info);
+ res = flow_alloc_reply(&flow, msg->response, &data);
+ break;
+ default:
+ log_err("Don't know that message code.");
+ res = -1;
+ break;
+ }
+
+ pthread_cleanup_pop(false);
+
+ ret_msg->has_result = true;
+ if (abstime == &max && res == -ETIMEDOUT)
+ ret_msg->result = -EPERM; /* No timeout requested */
+ else
+ ret_msg->result = res;
- memset(&e, 0, sizeof(e));
+ crypt_secure_clear(kbuf, SYMMKEYSZ);
- ret_msg = malloc(sizeof(*ret_msg));
- if (ret_msg == NULL)
- return (void *) -1;
+ return ret_msg;
+}
+
+static void * mainloop(void * o)
+{
+ int sfd;
+ irm_msg_t * msg;
+ buffer_t buffer;
- irm_msg__init(ret_msg);
+ (void) o;
- ret_msg->code = IRM_MSG_CODE__IRM_REPLY;
+ while (true) {
+ irm_msg_t * ret_msg;
+ struct cmd * cmd;
pthread_mutex_lock(&irmd.cmd_lock);
- pthread_cleanup_push(free_msg, ret_msg);
pthread_cleanup_push(__cleanup_mutex_unlock, &irmd.cmd_lock);
while (list_is_empty(&irmd.cmds))
@@ -2067,7 +1628,6 @@ static void * mainloop(void * o)
list_del(&cmd->next);
pthread_cleanup_pop(true);
- pthread_cleanup_pop(false);
msg = irm_msg__unpack(NULL, cmd->len, cmd->cbuf);
sfd = cmd->fd;
@@ -2075,177 +1635,35 @@ static void * mainloop(void * o)
free(cmd);
if (msg == NULL) {
+ log_err("Failed to unpack command message.");
close(sfd);
- irm_msg__free_unpacked(msg, NULL);
continue;
}
- tpm_dec(irmd.tpm);
-
- if (msg->has_timeo_sec) {
- assert(msg->has_timeo_nsec);
-
- ts.tv_sec = msg->timeo_sec;
- ts.tv_nsec = msg->timeo_nsec;
- timeo = &ts;
- }
+ tpm_begin_work(irmd.tpm);
pthread_cleanup_push(__cleanup_close_ptr, &sfd);
- pthread_cleanup_push(free_msg, msg);
- pthread_cleanup_push(free_msg, ret_msg);
+ pthread_cleanup_push(__cleanup_irm_msg, msg);
- switch (msg->code) {
- case IRM_MSG_CODE__IRM_CREATE_IPCP:
- result = create_ipcp(msg->name, msg->ipcp_type);
- break;
- case IRM_MSG_CODE__IPCP_CREATE_R:
- result = create_ipcp_r(msg->pid, msg->result);
- break;
- case IRM_MSG_CODE__IRM_DESTROY_IPCP:
- result = destroy_ipcp(msg->pid);
- break;
- case IRM_MSG_CODE__IRM_BOOTSTRAP_IPCP:
- result = bootstrap_ipcp(msg->pid, msg->conf);
- break;
- case IRM_MSG_CODE__IRM_ENROLL_IPCP:
- result = enroll_ipcp(msg->pid, msg->dst);
- break;
- case IRM_MSG_CODE__IRM_CONNECT_IPCP:
- result = connect_ipcp(msg->pid, msg->dst, msg->comp,
- msg_to_spec(msg->qosspec));
- break;
- case IRM_MSG_CODE__IRM_DISCONNECT_IPCP:
- result = disconnect_ipcp(msg->pid, msg->dst, msg->comp);
- break;
- case IRM_MSG_CODE__IRM_BIND_PROGRAM:
- result = bind_program(msg->prog,
- msg->name,
- msg->opts,
- msg->n_args,
- msg->args);
- break;
- case IRM_MSG_CODE__IRM_UNBIND_PROGRAM:
- result = unbind_program(msg->prog, msg->name);
- break;
- case IRM_MSG_CODE__IRM_PROC_ANNOUNCE:
- result = proc_announce(msg->pid, msg->prog);
- break;
- case IRM_MSG_CODE__IRM_BIND_PROCESS:
- result = bind_process(msg->pid, msg->name);
- break;
- case IRM_MSG_CODE__IRM_UNBIND_PROCESS:
- result = unbind_process(msg->pid, msg->name);
- break;
- case IRM_MSG_CODE__IRM_LIST_IPCPS:
- result = list_ipcps(&ret_msg->ipcps, &ret_msg->n_ipcps);
- break;
- case IRM_MSG_CODE__IRM_CREATE_NAME:
- result = name_create(msg->names[0]->name,
- msg->names[0]->pol_lb);
- break;
- case IRM_MSG_CODE__IRM_DESTROY_NAME:
- result = name_destroy(msg->name);
- break;
- case IRM_MSG_CODE__IRM_LIST_NAMES:
- result = list_names(&ret_msg->names, &ret_msg->n_names);
- break;
- case IRM_MSG_CODE__IRM_REG_NAME:
- result = name_reg(msg->name, msg->pid);
- break;
- case IRM_MSG_CODE__IRM_UNREG_NAME:
- result = name_unreg(msg->name, msg->pid);
- break;
- case IRM_MSG_CODE__IRM_FLOW_ACCEPT:
- assert(msg->pk.len > 0 ? msg->pk.data != NULL
- : msg->pk.data == NULL);
- result = flow_accept(msg->pid, timeo, &e,
- msg->pk.data, msg->pk.len);
- if (result == 0) {
- qosspec_msg_t qs_msg;
- ret_msg->has_flow_id = true;
- ret_msg->flow_id = e.flow_id;
- ret_msg->has_pid = true;
- ret_msg->pid = e.n_1_pid;
- qs_msg = spec_to_msg(&e.qs);
- ret_msg->qosspec = &qs_msg;
- ret_msg->has_pk = true;
- ret_msg->pk.data = e.data;
- ret_msg->pk.len = e.len;
- }
- break;
- case IRM_MSG_CODE__IRM_FLOW_ALLOC:
- assert(msg->pk.len > 0 ? msg->pk.data != NULL
- : msg->pk.data == NULL);
- result = flow_alloc(msg->pid, msg->dst,
- msg_to_spec(msg->qosspec),
- timeo, &e, false, msg->pk.data,
- msg->pk.len);
- if (result == 0) {
- ret_msg->has_flow_id = true;
- ret_msg->flow_id = e.flow_id;
- ret_msg->has_pid = true;
- ret_msg->pid = e.n_1_pid;
- ret_msg->has_pk = true;
- ret_msg->pk.data = e.data;
- ret_msg->pk.len = e.len;
- }
- break;
- case IRM_MSG_CODE__IRM_FLOW_JOIN:
- assert(msg->pk.len == 0 && msg->pk.data == NULL);
- result = flow_alloc(msg->pid, msg->dst,
- msg_to_spec(msg->qosspec),
- timeo, &e, true, NULL, 0);
- if (result == 0) {
- ret_msg->has_flow_id = true;
- ret_msg->flow_id = e.flow_id;
- ret_msg->has_pid = true;
- ret_msg->pid = e.n_1_pid;
- }
- break;
- case IRM_MSG_CODE__IRM_FLOW_DEALLOC:
- result = flow_dealloc(msg->pid,
- msg->flow_id,
- msg->timeo_sec);
- break;
- case IRM_MSG_CODE__IPCP_FLOW_REQ_ARR:
- assert(msg->pk.len > 0 ? msg->pk.data != NULL
- : msg->pk.data == NULL);
- result = flow_req_arr(msg->pid,
- &e,
- msg->hash.data,
- msg_to_spec(msg->qosspec),
- msg->pk.data,
- msg->pk.len);
- if (result == 0) {
- ret_msg->has_flow_id = true;
- ret_msg->flow_id = e.flow_id;
- ret_msg->has_pid = true;
- ret_msg->pid = e.n_pid;
- }
- break;
- case IRM_MSG_CODE__IPCP_FLOW_ALLOC_REPLY:
- assert(msg->pk.len > 0 ? msg->pk.data != NULL
- : msg->pk.data == NULL);
- result = flow_alloc_reply(msg->flow_id,
- msg->response,
- msg->pk.data,
- msg->pk.len);
- break;
- default:
- log_err("Don't know that message code.");
- result = -1;
- break;
- }
+ ret_msg = do_command_msg(msg, sfd);
- pthread_cleanup_pop(false);
pthread_cleanup_pop(true);
pthread_cleanup_pop(false);
- if (result == -EPIPE)
+ if (ret_msg == NULL) {
+ log_err("Failed to create return message.");
+ goto fail_msg;
+ }
+
+ if (ret_msg->result == -EPIPE) {
+ log_dbg("Terminated command: remote closed socket.");
goto fail;
+ }
- ret_msg->has_result = true;
- ret_msg->result = result;
+ if (ret_msg->result == -EIRMD) {
+ log_dbg("Terminated command: IRMd not running.");
+ goto fail;
+ }
buffer.len = irm_msg__get_packed_size(ret_msg);
if (buffer.len == 0) {
@@ -2261,55 +1679,231 @@ static void * mainloop(void * o)
irm_msg__pack(ret_msg, buffer.data);
- /* Can't free the qosspec. */
- ret_msg->qosspec = NULL;
irm_msg__free_unpacked(ret_msg, NULL);
pthread_cleanup_push(__cleanup_close_ptr, &sfd);
+ pthread_cleanup_push(free, buffer.data);
+
+ if (write(sfd, buffer.data, buffer.len) == -1) {
+ if (errno != EPIPE)
+ log_warn("Failed to send reply message: %s.",
+ strerror(errno));
+ else
+ log_dbg("Failed to send reply message: %s.",
+ strerror(errno));
+ }
- if (write(sfd, buffer.data, buffer.len) == -1)
- if (result != -EIRMD)
- log_warn("Failed to send reply message.");
-
- free(buffer.data);
-
+ pthread_cleanup_pop(true);
pthread_cleanup_pop(true);
- tpm_inc(irmd.tpm);
+ tpm_end_work(irmd.tpm);
continue;
fail:
irm_msg__free_unpacked(ret_msg, NULL);
+ fail_msg:
close(sfd);
- tpm_inc(irmd.tpm);
+ tpm_end_work(irmd.tpm);
continue;
}
return (void *) 0;
}
+#ifdef HAVE_FUSE
+static void destroy_mount(char * mnt)
+{
+ struct stat st;
+
+ if (stat(mnt, &st) == -1){
+ switch(errno) {
+ case ENOENT:
+ log_dbg("Fuse mountpoint %s not found: %s",
+ mnt, strerror(errno));
+ break;
+ case ENOTCONN:
+ /* FALLTHRU */
+ case ECONNABORTED:
+ log_dbg("Cleaning up fuse mountpoint %s.",
+ mnt);
+ rib_cleanup(mnt);
+ break;
+ default:
+ log_err("Unhandled fuse error on mnt %s: %s.",
+ mnt, strerror(errno));
+ }
+ }
+}
+#endif
+
+static int ouroboros_reset(void)
+{
+ ssm_pool_gspp_purge();
+ lockfile_destroy(irmd.lf);
+
+ return 0;
+}
+
+static void cleanup_pid(pid_t pid)
+{
+#ifdef HAVE_FUSE
+ char mnt[RIB_PATH_LEN + 1];
+
+ if (reg_has_ipcp(pid)) {
+ struct ipcp_info info;
+ info.pid = pid;
+ reg_get_ipcp(&info, NULL);
+ sprintf(mnt, FUSE_PREFIX "/%s", info.name);
+ } else {
+ sprintf(mnt, FUSE_PREFIX "/proc.%d", pid);
+ }
+
+ destroy_mount(mnt);
+#endif
+ ssm_pool_reclaim_orphans(irmd.gspp, pid);
+}
+
+void * irm_sanitize(void * o)
+{
+ pid_t pid;
+ struct timespec ts = TIMESPEC_INIT_MS(FLOW_ALLOC_TIMEOUT / 20);
+
+ (void) o;
+
+ while (true) {
+ while((pid = reg_get_dead_proc()) != -1) {
+ log_info("Process %d died.", pid);
+ cleanup_pid(pid);
+ reg_destroy_proc(pid);
+ }
+
+ nanosleep(&ts, NULL);
+ }
+
+ return (void *) 0;
+}
+
+static int irm_load_store(char * dpath)
+{
+ struct stat st;
+ struct dirent * dent;
+ DIR * dir;
+ void * crt;
+
+ if (stat(dpath, &st) == -1) {
+ log_dbg("Store directory %s not found.", dpath);
+ return 0;
+ }
+
+ if (!S_ISDIR(st.st_mode)) {
+ log_err("%s is not a directory.", dpath);
+ goto fail_dir;
+ }
+
+ /* loop through files in directory and load certificates */
+ dir = opendir(dpath);
+ if (dir == NULL) {
+ log_err("Failed to open %s.", dpath);
+ goto fail_dir;
+ }
+
+ while ((dent = readdir(dir)) != NULL) {
+ char path[NAME_PATH_SIZE + 1];
+
+ if (strcmp(dent->d_name, ".") == 0 ||
+ strcmp(dent->d_name, "..") == 0)
+ continue;
+
+ snprintf(path, sizeof(path), "%s/%s", dpath,
+ dent->d_name);
+
+ if (stat(path, &st) == -1) {
+ log_dbg("Failed to stat %s.", path);
+ continue;
+ }
+
+ if (!S_ISREG(st.st_mode)) {
+ log_dbg("%s is not a regular file.", path);
+ goto fail_file;
+ }
+
+ if (crypt_load_crt_file(path, &crt) < 0) {
+ log_err("Failed to load certificate from %s.", path);
+ goto fail_file;
+ }
+
+ if (oap_auth_add_ca_crt(crt) < 0) {
+ log_err("Failed to add certificate from %s to store.",
+ path);
+ goto fail_crt_add;
+ }
+
+ log_dbg("Loaded certificate: %s.", path);
+
+ crypt_free_crt(crt);
+ }
+
+ closedir(dir);
+
+ log_info("Loaded certificates from %s.", dpath);
+
+ return 0;
+
+ fail_crt_add:
+ crypt_free_crt(crt);
+ fail_file:
+ closedir(dir);
+ fail_dir:
+ return -1;
+}
+
static int irm_init(void)
{
struct stat st;
+ struct group * grp;
+ gid_t gid;
pthread_condattr_t cattr;
#ifdef HAVE_FUSE
mode_t mask;
#endif
memset(&st, 0, sizeof(st));
- if (pthread_rwlock_init(&irmd.state_lock, NULL)) {
- log_err("Failed to initialize rwlock.");
- goto fail_state_lock;
+ log_init(!irmd.log_stdout);
+
+ irmd.lf = lockfile_create();
+ if (irmd.lf == NULL) {
+ irmd.lf = lockfile_open();
+ if (irmd.lf == NULL) {
+ log_err("Lockfile error.");
+ goto fail_lockfile;
+ }
+
+ if (kill(lockfile_owner(irmd.lf), 0) < 0) {
+ log_warn("IRMd didn't properly shut down last time.");
+ if (ouroboros_reset() < 0) {
+ log_err("Failed to clean stale resources.");
+ lockfile_close(irmd.lf);
+ goto fail_lockfile;
+ }
+
+ log_warn("Stale resources cleaned.");
+ irmd.lf = lockfile_create();
+ } else {
+ log_warn("IRMd already running (%d), exiting.",
+ lockfile_owner(irmd.lf));
+ lockfile_close(irmd.lf);
+ goto fail_lockfile;
+ }
}
- if (pthread_rwlock_init(&irmd.reg_lock, NULL)) {
- log_err("Failed to initialize rwlock.");
- goto fail_reg_lock;
+ if (irmd.lf == NULL) {
+ log_err("Failed to create lockfile.");
+ goto fail_lockfile;
}
- if (pthread_rwlock_init(&irmd.flows_lock, NULL)) {
+ if (pthread_rwlock_init(&irmd.state_lock, NULL)) {
log_err("Failed to initialize rwlock.");
- goto fail_flows_lock;
+ goto fail_state_lock;
}
if (pthread_mutex_init(&irmd.cmd_lock, NULL)) {
@@ -2333,45 +1927,8 @@ static int irm_init(void)
pthread_condattr_destroy(&cattr);
- list_head_init(&irmd.ipcps);
- list_head_init(&irmd.proc_table);
- list_head_init(&irmd.prog_table);
- list_head_init(&irmd.spawned_pids);
- list_head_init(&irmd.registry);
- list_head_init(&irmd.irm_flows);
list_head_init(&irmd.cmds);
- irmd.flow_ids = bmp_create(SYS_MAX_FLOWS, 0);
- if (irmd.flow_ids == NULL) {
- log_err("Failed to create flow_ids bitmap.");
- goto fail_flow_ids;
- }
-
- if ((irmd.lf = lockfile_create()) == NULL) {
- if ((irmd.lf = lockfile_open()) == NULL) {
- log_err("Lockfile error.");
- goto fail_lockfile;
- }
-
- if (kill(lockfile_owner(irmd.lf), 0) < 0) {
- log_info("IRMd didn't properly shut down last time.");
- shm_rdrbuff_purge();
- log_info("Stale resources cleaned.");
- lockfile_destroy(irmd.lf);
- irmd.lf = lockfile_create();
- } else {
- log_info("IRMd already running (%d), exiting.",
- lockfile_owner(irmd.lf));
- lockfile_close(irmd.lf);
- goto fail_lockfile;
- }
- }
-
- if (irmd.lf == NULL) {
- log_err("Failed to create lockfile.");
- goto fail_lockfile;
- }
-
if (stat(SOCK_PATH, &st) == -1) {
if (mkdir(SOCK_PATH, 0777)) {
log_err("Failed to create sockets directory.");
@@ -2390,10 +1947,45 @@ static int irm_init(void)
goto fail_sock_path;
}
- if ((irmd.rdrb = shm_rdrbuff_create()) == NULL) {
- log_err("Failed to create rdrbuff.");
- goto fail_rdrbuff;
+ grp = getgrnam("ouroboros");
+ if (grp == NULL) {
+ log_warn("ouroboros group not found, using gid %d.", getgid());
+ gid = getgid();
+ } else {
+ gid = grp->gr_gid;
+ }
+
+ irmd.gspp = ssm_pool_create(getuid(), gid);
+ if (irmd.gspp == NULL) {
+ log_err("Failed to create GSPP.");
+ goto fail_pool;
+ }
+
+ if (ssm_pool_mlock(irmd.gspp) < 0)
+ log_warn("Failed to mlock pool.");
+
+ irmd.tpm = tpm_create(IRMD_MIN_THREADS, IRMD_ADD_THREADS,
+ mainloop, NULL);
+ if (irmd.tpm == NULL) {
+ log_err("Failed to greate thread pool.");
+ goto fail_tpm_create;
+ }
+
+ if (oap_auth_init() < 0) {
+ log_err("Failed to initialize OAP module.");
+ goto fail_oap;
}
+
+ if (irm_load_store(OUROBOROS_CA_CRT_DIR) < 0) {
+ log_err("Failed to load CA certificates.");
+ goto fail_load_store;
+ }
+
+ if (irm_load_store(OUROBOROS_CHAIN_DIR) < 0) {
+ log_err("Failed to load intermediate certificates.");
+ goto fail_load_store;
+ }
+
#ifdef HAVE_FUSE
mask = umask(0);
@@ -2418,68 +2010,180 @@ static int irm_init(void)
gcry_control(GCRYCTL_INITIALIZATION_FINISHED);
#endif
- irmd_set_state(IRMD_RUNNING);
- log_info("Ouroboros IPC Resource Manager daemon started...");
+ irmd_set_state(IRMD_INIT);
return 0;
#ifdef HAVE_LIBGCRYPT
fail_gcry_version:
-#ifdef HAVE_FUSE
+ #ifdef HAVE_FUSE
rmdir(FUSE_PREFIX);
+ #endif
#endif
- shm_rdrbuff_destroy(irmd.rdrb);
-#endif
- fail_rdrbuff:
+ fail_load_store:
+ oap_auth_fini();
+ fail_oap:
+ tpm_destroy(irmd.tpm);
+ fail_tpm_create:
+ ssm_pool_destroy(irmd.gspp);
+ fail_pool:
close(irmd.sockfd);
fail_sock_path:
unlink(IRM_SOCK_PATH);
fail_stat:
- lockfile_destroy(irmd.lf);
- fail_lockfile:
- bmp_destroy(irmd.flow_ids);
- fail_flow_ids:
pthread_cond_destroy(&irmd.cmd_cond);
fail_cmd_cond:
pthread_mutex_destroy(&irmd.cmd_lock);
fail_cmd_lock:
- pthread_rwlock_destroy(&irmd.flows_lock);
- fail_flows_lock:
- pthread_rwlock_destroy(&irmd.reg_lock);
- fail_reg_lock:
pthread_rwlock_destroy(&irmd.state_lock);
fail_state_lock:
+ lockfile_destroy(irmd.lf);
+ fail_lockfile:
+ log_fini();
return -1;
}
+static void irm_fini(void)
+{
+ struct list_head * p;
+ struct list_head * h;
+#ifdef HAVE_FUSE
+ struct timespec wait = TIMESPEC_INIT_MS(1);
+ int retries = 5;
+#endif
+ if (irmd_get_state() != IRMD_INIT)
+ log_warn("Unsafe destroy.");
+
+ oap_auth_fini();
+
+ tpm_destroy(irmd.tpm);
+
+ close(irmd.sockfd);
+
+ if (unlink(IRM_SOCK_PATH))
+ log_dbg("Failed to unlink %s.", IRM_SOCK_PATH);
+
+ ssm_pool_destroy(irmd.gspp);
+
+ if (irmd.lf != NULL)
+ lockfile_destroy(irmd.lf);
+
+ pthread_mutex_lock(&irmd.cmd_lock);
+
+ list_for_each_safe(p, h, &irmd.cmds) {
+ struct cmd * cmd = list_entry(p, struct cmd, next);
+ list_del(&cmd->next);
+ close(cmd->fd);
+ free(cmd);
+ }
+
+ pthread_mutex_unlock(&irmd.cmd_lock);
+
+ pthread_mutex_destroy(&irmd.cmd_lock);
+ pthread_cond_destroy(&irmd.cmd_cond);
+ pthread_rwlock_destroy(&irmd.state_lock);
+
+#ifdef HAVE_FUSE
+ while (rmdir(FUSE_PREFIX) < 0 && retries-- > 0)
+ nanosleep(&wait, NULL);
+ if (retries < 0)
+ log_err("Failed to remove " FUSE_PREFIX);
+#endif
+ assert(list_is_empty(&irmd.cmds));
+
+ irmd.state = IRMD_NULL;
+}
+
static void usage(void)
{
printf("Usage: irmd \n"
+#ifdef HAVE_TOML
+ " [--config <path> (Path to configuration file)]\n"
+#endif
" [--stdout (Log to stdout instead of system log)]\n"
" [--version (Print version number and exit)]\n"
"\n");
}
-int main(int argc,
- char ** argv)
+static int irm_start(void)
{
- sigset_t sigset;
- bool use_stdout = false;
- int sig;
+ irmd_set_state(IRMD_RUNNING);
- sigemptyset(&sigset);
- sigaddset(&sigset, SIGINT);
- sigaddset(&sigset, SIGQUIT);
- sigaddset(&sigset, SIGHUP);
- sigaddset(&sigset, SIGTERM);
- sigaddset(&sigset, SIGPIPE);
+ if (tpm_start(irmd.tpm))
+ goto fail_tpm_start;
+
+ if (pthread_create(&irmd.irm_sanitize, NULL, irm_sanitize, NULL))
+ goto fail_irm_sanitize;
+ if (pthread_create(&irmd.acceptor, NULL, acceptloop, NULL))
+ goto fail_acceptor;
+
+ log_info("Ouroboros IPC Resource Manager daemon started...");
+
+ return 0;
+
+ fail_acceptor:
+ pthread_cancel(irmd.irm_sanitize);
+ pthread_join(irmd.irm_sanitize, NULL);
+ fail_irm_sanitize:
+ tpm_stop(irmd.tpm);
+ fail_tpm_start:
+ irmd_set_state(IRMD_INIT);
+ return -1;
+}
+
+static void irm_sigwait(sigset_t sigset)
+{
+ int sig;
+
+ while (irmd_get_state() != IRMD_SHUTDOWN) {
+ if (sigwait(&sigset, &sig) != 0) {
+ log_warn("Bad signal.");
+ continue;
+ }
+
+ switch(sig) {
+ case SIGINT:
+ case SIGQUIT:
+ case SIGTERM:
+ case SIGHUP:
+ log_info("IRMd shutting down...");
+ irmd_set_state(IRMD_SHUTDOWN);
+ break;
+ case SIGPIPE:
+ log_dbg("Ignored SIGPIPE.");
+ break;
+ default:
+ break;
+ }
+ }
+}
+
+static void irm_stop(void)
+{
+ pthread_cancel(irmd.acceptor);
+ pthread_cancel(irmd.irm_sanitize);
+
+ pthread_join(irmd.acceptor, NULL);
+ pthread_join(irmd.irm_sanitize, NULL);
+
+ tpm_stop(irmd.tpm);
+
+ irmd_set_state(IRMD_INIT);
+}
+
+static void irm_argparse(int argc,
+ char ** argv)
+{
+#ifdef HAVE_TOML
+ irmd.cfg_file = NULL;
+#endif
argc--;
argv++;
while (argc > 0) {
if (strcmp(*argv, "--stdout") == 0) {
- use_stdout = true;
+ irmd.log_stdout = true;
argc--;
argv++;
} else if (strcmp(*argv, "--version") == 0) {
@@ -2488,96 +2192,148 @@ int main(int argc,
OUROBOROS_VERSION_MINOR,
OUROBOROS_VERSION_PATCH);
exit(EXIT_SUCCESS);
+#ifdef HAVE_TOML
+ } else if (strcmp (*argv, "--config") == 0) {
+ irmd.cfg_file = *(argv + 1);
+ argc -= 2;
+ argv += 2;
+#endif
} else {
usage();
exit(EXIT_FAILURE);
}
}
+}
- if (geteuid() != 0) {
- printf("IPC Resource Manager must be run as root.\n");
- exit(EXIT_FAILURE);
+static void * kill_dash_nine(void * o)
+{
+ time_t slept = 0;
+#ifdef IRMD_KILL_ALL_PROCESSES
+ struct timespec ts = TIMESPEC_INIT_MS(FLOW_ALLOC_TIMEOUT / 19);
+#endif
+ (void) o;
+
+ while (slept < IRMD_PKILL_TIMEOUT) {
+ time_t intv = 1;
+ if (reg_first_spawned() == -1)
+ goto finish;
+ sleep(intv);
+ slept += intv;
}
- log_init(!use_stdout);
+ log_dbg("I guess I’ll have to shut you down for good this time,");
+ log_dbg("already tried a SIGQUIT, so now it’s KILL DASH 9.");
+#ifdef IRMD_KILL_ALL_PROCESSES
+ reg_kill_all_proc(SIGKILL);
+ nanosleep(&ts, NULL);
+#else
+ reg_kill_all_spawned(SIGKILL);
+#endif
+ finish:
+ return (void *) 0;
+}
- if (irm_init() < 0)
- goto fail_irm_init;
+static void kill_all_spawned(void)
+{
+ pid_t pid;
+ pthread_t grimreaper;
- irmd.tpm = tpm_create(IRMD_MIN_THREADS, IRMD_ADD_THREADS,
- mainloop, NULL);
- if (irmd.tpm == NULL) {
- irmd_set_state(IRMD_NULL);
- goto fail_tpm_create;
+#ifdef IRMD_KILL_ALL_PROCESSES
+ reg_kill_all_proc(SIGTERM);
+#else
+ reg_kill_all_spawned(SIGTERM);
+#endif
+ pthread_create(&grimreaper, NULL, kill_dash_nine, NULL);
+
+ pid = reg_first_spawned();
+ while (pid != -1) {
+ int s;
+ if (kill(pid, 0) == 0)
+ waitpid(pid, &s, 0);
+ else {
+ log_warn("Child process %d died.", pid);
+ cleanup_pid(pid);
+ reg_destroy_proc(pid);
+ }
+ pid = reg_first_spawned();
}
- pthread_sigmask(SIG_BLOCK, &sigset, NULL);
+ pthread_join(grimreaper, NULL);
+}
- if (tpm_start(irmd.tpm)) {
- irmd_set_state(IRMD_NULL);
- goto fail_tpm_start;
+int main(int argc,
+ char ** argv)
+{
+ sigset_t sigset;
+ int ret = EXIT_SUCCESS;
+
+ sigemptyset(&sigset);
+ sigaddset(&sigset, SIGINT);
+ sigaddset(&sigset, SIGQUIT);
+ sigaddset(&sigset, SIGHUP);
+ sigaddset(&sigset, SIGTERM);
+ sigaddset(&sigset, SIGPIPE);
+
+ irm_argparse(argc, argv);
+
+ if (irmd.log_stdout)
+ printf(O7S_ASCII_ART);
+
+ if (geteuid() != 0) {
+ printf("IPC Resource Manager must be run as root.\n");
+ goto fail_irm_init;
}
- if (pthread_create(&irmd.irm_sanitize, NULL, irm_sanitize, NULL)) {
- irmd_set_state(IRMD_NULL);
- goto fail_irm_sanitize;
+ if (irm_init() < 0)
+ goto fail_irm_init;
+
+ if (reg_init() < 0) {
+ log_err("Failed to initialize registry.");
+ goto fail_reg;
}
- if (pthread_create(&irmd.acceptor, NULL, acceptloop, NULL)) {
- irmd_set_state(IRMD_NULL);
- goto fail_acceptor;
+ if (crypt_secure_malloc_init(IRMD_SECMEM_MAX) < 0) {
+ log_err("Failed to initialize secure memory allocation.");
+ goto fail_reg;
}
- while (irmd_get_state() != IRMD_NULL) {
- if (sigwait(&sigset, &sig) != 0) {
- log_warn("Bad signal.");
- continue;
- }
+ pthread_sigmask(SIG_BLOCK, &sigset, NULL);
- switch(sig) {
- case SIGINT:
- case SIGQUIT:
- case SIGTERM:
- case SIGHUP:
- log_info("IRMd shutting down...");
- irmd_set_state(IRMD_NULL);
- break;
- case SIGPIPE:
- log_dbg("Ignored SIGPIPE.");
- break;
- default:
- break;
- }
+ if (irm_start() < 0)
+ goto fail_irm_start;
+
+#ifdef HAVE_TOML
+ if (irm_configure(irmd.cfg_file) < 0) {
+ irmd_set_state(IRMD_SHUTDOWN);
+ ret = EXIT_FAILURE;
}
+#endif
+ irm_sigwait(sigset);
- pthread_cancel(irmd.acceptor);
+ kill_all_spawned();
- pthread_join(irmd.acceptor, NULL);
- pthread_join(irmd.irm_sanitize, NULL);
+ irm_stop();
- tpm_stop(irmd.tpm);
+ pthread_sigmask(SIG_UNBLOCK, &sigset, NULL);
- tpm_destroy(irmd.tpm);
+ crypt_secure_malloc_fini();
- irm_fini();
+ reg_clear();
- pthread_sigmask(SIG_UNBLOCK, &sigset, NULL);
+ reg_fini();
+
+ irm_fini();
- log_info("Bye.");
+ log_info("Ouroboros IPC Resource Manager daemon exited. Bye.");
log_fini();
- exit(EXIT_SUCCESS);
+ exit(ret);
- fail_acceptor:
- pthread_join(irmd.irm_sanitize, NULL);
- fail_irm_sanitize:
- tpm_stop(irmd.tpm);
- fail_tpm_start:
- tpm_destroy(irmd.tpm);
- fail_tpm_create:
+ fail_irm_start:
+ reg_fini();
+ fail_reg:
irm_fini();
fail_irm_init:
- log_fini();
exit(EXIT_FAILURE);
}
diff --git a/src/irmd/oap.c b/src/irmd/oap.c
new file mode 100644
index 00000000..085e06a3
--- /dev/null
+++ b/src/irmd/oap.c
@@ -0,0 +1,130 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * OAP - Shared credential and configuration loading
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#if defined(__linux__) || defined(__CYGWIN__)
+ #define _DEFAULT_SOURCE
+#else
+ #define _POSIX_C_SOURCE 200809L
+#endif
+
+#define OUROBOROS_PREFIX "irmd/oap"
+
+#include <ouroboros/crypt.h>
+#include <ouroboros/errno.h>
+#include <ouroboros/logs.h>
+
+#include "config.h"
+
+#include <assert.h>
+#include <string.h>
+#include <sys/stat.h>
+
+/*
+ * Shared credential and configuration loading helpers
+ */
+
+#ifndef OAP_TEST_MODE
+
+static bool file_exists(const char * path)
+{
+ struct stat s;
+
+ if (stat(path, &s) < 0 && errno == ENOENT) {
+ log_dbg("File %s does not exist.", path);
+ return false;
+ }
+
+ return true;
+}
+
+int load_credentials(const char * name,
+ const struct name_sec_paths * paths,
+ void ** pkp,
+ void ** crt)
+{
+ assert(paths != NULL);
+ assert(pkp != NULL);
+ assert(crt != NULL);
+
+ *pkp = NULL;
+ *crt = NULL;
+
+ if (!file_exists(paths->crt) || !file_exists(paths->key)) {
+ log_info("No authentication certificates for %s.", name);
+ return 0;
+ }
+
+ if (crypt_load_crt_file(paths->crt, crt) < 0) {
+ log_err("Failed to load %s for %s.", paths->crt, name);
+ goto fail_crt;
+ }
+
+ if (crypt_load_privkey_file(paths->key, pkp) < 0) {
+ log_err("Failed to load %s for %s.", paths->key, name);
+ goto fail_key;
+ }
+
+ log_info("Loaded authentication certificates for %s.", name);
+
+ return 0;
+
+ fail_key:
+ crypt_free_crt(*crt);
+ *crt = NULL;
+ fail_crt:
+ return -EAUTH;
+}
+
+int load_kex_config(const char * name,
+ const char * path,
+ struct sec_config * cfg)
+{
+ assert(name != NULL);
+ assert(cfg != NULL);
+
+ memset(cfg, 0, sizeof(*cfg));
+
+ /* Load encryption config */
+ if (!file_exists(path))
+ log_dbg("No encryption %s for %s.", path, name);
+
+ if (load_sec_config_file(cfg, path) < 0) {
+ log_warn("Failed to load %s for %s.", path, name);
+ return -1;
+ }
+
+ if (!IS_KEX_ALGO_SET(cfg)) {
+ log_info("Key exchange not configured for %s.", name);
+ return 0;
+ }
+
+ if (cfg->c.nid == NID_undef || crypt_nid_to_str(cfg->c.nid) == NULL) {
+ log_err("Invalid cipher NID %d for %s.", cfg->c.nid, name);
+ return -ECRYPT;
+ }
+
+ log_info("Encryption enabled for %s.", name);
+
+ return 0;
+}
+
+#endif /* OAP_TEST_MODE */
diff --git a/src/irmd/oap.h b/src/irmd/oap.h
new file mode 100644
index 00000000..25c07408
--- /dev/null
+++ b/src/irmd/oap.h
@@ -0,0 +1,67 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * Ouroboros Allocation Protocol (OAP) Component
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#ifndef OUROBOROS_IRMD_OAP_H
+#define OUROBOROS_IRMD_OAP_H
+
+#include <ouroboros/crypt.h>
+#include <ouroboros/flow.h>
+#include <ouroboros/name.h>
+#include <ouroboros/utils.h>
+
+/* OAP authentication state (in oap/auth.c) */
+int oap_auth_init(void);
+
+void oap_auth_fini(void);
+
+int oap_auth_add_ca_crt(void * crt);
+
+/*
+* Prepare OAP request header for server, returns context
+* Passes client data for srv, returns srv data for client
+*/
+int oap_cli_prepare(void ** ctx,
+ const struct name_info * info,
+ buffer_t * req_buf,
+ buffer_t data);
+
+/*
+ * Server processes header, creates response header, returns secret key.
+ * data is in/out: input=srv data to send, output=cli data received.
+ */
+int oap_srv_process(const struct name_info * info,
+ buffer_t req_buf,
+ buffer_t * rsp_buf,
+ buffer_t * data,
+ struct crypt_sk * sk);
+
+/* Complete OAP, returns secret key and server data, frees ctx */
+int oap_cli_complete(void * ctx,
+ const struct name_info * info,
+ buffer_t rsp_buf,
+ buffer_t * data,
+ struct crypt_sk * sk);
+
+/* Free OAP state (on failure before complete) */
+void oap_ctx_free(void * ctx);
+
+#endif /* OUROBOROS_IRMD_OAP_H */
diff --git a/src/irmd/oap/auth.c b/src/irmd/oap/auth.c
new file mode 100644
index 00000000..cea7b7a0
--- /dev/null
+++ b/src/irmd/oap/auth.c
@@ -0,0 +1,252 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * OAP - Authentication, replay detection, and validation
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#if defined(__linux__) || defined(__CYGWIN__)
+ #define _DEFAULT_SOURCE
+#else
+ #define _POSIX_C_SOURCE 200809L
+#endif
+
+#define OUROBOROS_PREFIX "irmd/oap"
+
+#include <ouroboros/crypt.h>
+#include <ouroboros/errno.h>
+#include <ouroboros/list.h>
+#include <ouroboros/logs.h>
+#include <ouroboros/pthread.h>
+#include <ouroboros/time.h>
+
+#include "config.h"
+
+#include "auth.h"
+#include "hdr.h"
+
+#include <assert.h>
+#include <stdlib.h>
+#include <string.h>
+
+struct oap_replay_entry {
+ struct list_head next;
+ uint64_t timestamp;
+ uint8_t id[OAP_ID_SIZE];
+};
+
+static struct {
+ struct auth_ctx * ca_ctx;
+ struct {
+ struct list_head list;
+ pthread_mutex_t mtx;
+ } replay;
+} oap_auth;
+
+int oap_auth_init(void)
+{
+ oap_auth.ca_ctx = auth_create_ctx();
+ if (oap_auth.ca_ctx == NULL) {
+ log_err("Failed to create OAP auth context.");
+ goto fail_ctx;
+ }
+
+ list_head_init(&oap_auth.replay.list);
+
+ if (pthread_mutex_init(&oap_auth.replay.mtx, NULL)) {
+ log_err("Failed to init OAP replay mutex.");
+ goto fail_mtx;
+ }
+
+ return 0;
+
+ fail_mtx:
+ auth_destroy_ctx(oap_auth.ca_ctx);
+ fail_ctx:
+ return -1;
+}
+
+void oap_auth_fini(void)
+{
+ struct list_head * p;
+ struct list_head * h;
+
+ pthread_mutex_lock(&oap_auth.replay.mtx);
+
+ list_for_each_safe(p, h, &oap_auth.replay.list) {
+ struct oap_replay_entry * e;
+ e = list_entry(p, struct oap_replay_entry, next);
+ list_del(&e->next);
+ free(e);
+ }
+
+ pthread_mutex_unlock(&oap_auth.replay.mtx);
+ pthread_mutex_destroy(&oap_auth.replay.mtx);
+
+ auth_destroy_ctx(oap_auth.ca_ctx);
+}
+
+int oap_auth_add_ca_crt(void * crt)
+{
+ return auth_add_crt_to_store(oap_auth.ca_ctx, crt);
+}
+
+#define TIMESYNC_SLACK 100 /* ms */
+#define ID_IS_EQUAL(id1, id2) (memcmp(id1, id2, OAP_ID_SIZE) == 0)
+int oap_check_hdr(const struct oap_hdr * hdr)
+{
+ struct list_head * p;
+ struct list_head * h;
+ struct timespec now;
+ struct oap_replay_entry * new;
+ uint64_t stamp;
+ uint64_t cur;
+ uint8_t * id;
+ ssize_t delta;
+
+ assert(hdr != NULL);
+
+ stamp = hdr->timestamp;
+ id = hdr->id.data;
+
+ clock_gettime(CLOCK_REALTIME, &now);
+
+ cur = TS_TO_UINT64(now);
+
+ delta = (ssize_t)(cur - stamp) / MILLION;
+ if (delta < -TIMESYNC_SLACK) {
+ log_err_id(id, "OAP header from %zd ms into future.", -delta);
+ goto fail_stamp;
+ }
+
+ if (delta > OAP_REPLAY_TIMER * 1000) {
+ log_err_id(id, "OAP header too old (%zd ms).", delta);
+ goto fail_stamp;
+ }
+
+ new = malloc(sizeof(*new));
+ if (new == NULL) {
+ log_err_id(id, "Failed to allocate memory for OAP element.");
+ goto fail_stamp;
+ }
+
+ pthread_mutex_lock(&oap_auth.replay.mtx);
+
+ list_for_each_safe(p, h, &oap_auth.replay.list) {
+ struct oap_replay_entry * e;
+ e = list_entry(p, struct oap_replay_entry, next);
+ if (cur > e->timestamp + OAP_REPLAY_TIMER * BILLION) {
+ list_del(&e->next);
+ free(e);
+ continue;
+ }
+
+ if (e->timestamp == stamp && ID_IS_EQUAL(e->id, id)) {
+ log_warn_id(id, "OAP header already known.");
+ goto fail_replay;
+ }
+ }
+
+ memcpy(new->id, id, OAP_ID_SIZE);
+ new->timestamp = stamp;
+
+ list_add_tail(&new->next, &oap_auth.replay.list);
+
+ pthread_mutex_unlock(&oap_auth.replay.mtx);
+
+ return 0;
+
+ fail_replay:
+ pthread_mutex_unlock(&oap_auth.replay.mtx);
+ free(new);
+ fail_stamp:
+ return -EAUTH;
+}
+
+int oap_auth_peer(char * name,
+ const struct oap_hdr * local_hdr,
+ const struct oap_hdr * peer_hdr)
+{
+ void * crt;
+ void * pk;
+ buffer_t sign; /* Signed region */
+ uint8_t * id = peer_hdr->id.data;
+
+ assert(name != NULL);
+ assert(local_hdr != NULL);
+ assert(peer_hdr != NULL);
+
+ if (memcmp(peer_hdr->id.data, local_hdr->id.data, OAP_ID_SIZE) != 0) {
+ log_err_id(id, "OAP ID mismatch in flow allocation.");
+ goto fail_check;
+ }
+
+ if (peer_hdr->crt.len == 0) {
+ log_dbg_id(id, "No crt provided.");
+ name[0] = '\0';
+ return 0;
+ }
+
+ if (crypt_load_crt_der(peer_hdr->crt, &crt) < 0) {
+ log_err_id(id, "Failed to load crt.");
+ goto fail_check;
+ }
+
+ log_dbg_id(id, "Loaded peer crt.");
+
+ if (crypt_get_pubkey_crt(crt, &pk) < 0) {
+ log_err_id(id, "Failed to get pubkey from crt.");
+ goto fail_crt;
+ }
+
+ log_dbg_id(id, "Got public key from crt.");
+
+ if (auth_verify_crt(oap_auth.ca_ctx, crt) < 0) {
+ log_err_id(id, "Failed to verify peer with CA store.");
+ goto fail_crt;
+ }
+
+ log_dbg_id(id, "Successfully verified peer crt.");
+
+ sign = peer_hdr->hdr;
+ sign.len -= peer_hdr->sig.len;
+
+ if (auth_verify_sig(pk, peer_hdr->md_nid, sign, peer_hdr->sig) < 0) {
+ log_err_id(id, "Failed to verify signature.");
+ goto fail_check_sig;
+ }
+
+ if (crypt_get_crt_name(crt, name) < 0) {
+ log_warn_id(id, "Failed to extract name from certificate.");
+ name[0] = '\0';
+ }
+
+ crypt_free_key(pk);
+ crypt_free_crt(crt);
+
+ log_dbg_id(id, "Successfully authenticated peer.");
+
+ return 0;
+
+ fail_check_sig:
+ crypt_free_key(pk);
+ fail_crt:
+ crypt_free_crt(crt);
+ fail_check:
+ return -EAUTH;
+}
diff --git a/src/irmd/utils.h b/src/irmd/oap/auth.h
index 5af918fd..07c33a23 100644
--- a/src/irmd/utils.h
+++ b/src/irmd/oap/auth.h
@@ -1,7 +1,7 @@
/*
- * Ouroboros - Copyright (C) 2016 - 2021
+ * Ouroboros - Copyright (C) 2016 - 2024
*
- * Utils of the IPC Resource Manager
+ * OAP - Authentication functions
*
* Dimitri Staessens <dimitri@ouroboros.rocks>
* Sander Vrijders <sander@ouroboros.rocks>
@@ -20,24 +20,16 @@
* Foundation, Inc., http://www.fsf.org/about/contact/.
*/
-#ifndef OUROBOROS_IRMD_UTILS_H
-#define OUROBOROS_IRMD_UTILS_H
+#ifndef OUROBOROS_IRMD_OAP_AUTH_H
+#define OUROBOROS_IRMD_OAP_AUTH_H
-#include <sys/types.h>
+#include "hdr.h"
-struct str_el {
- struct list_head next;
- char * str;
-};
+int oap_check_hdr(const struct oap_hdr * hdr);
-struct pid_el {
- struct list_head next;
- pid_t pid;
-};
+/* name is updated with the peer's certificate name if available */
+int oap_auth_peer(char * name,
+ const struct oap_hdr * local_hdr,
+ const struct oap_hdr * peer_hdr);
-/* functions for copying and destroying arguments list */
-char ** argvdup(char ** argv);
-
-void argvfree(char ** argv);
-
-#endif /* OUROBOROS_IRM_UTILS_H */
+#endif /* OUROBOROS_IRMD_OAP_AUTH_H */
diff --git a/src/irmd/oap/cli.c b/src/irmd/oap/cli.c
new file mode 100644
index 00000000..ea2a25d1
--- /dev/null
+++ b/src/irmd/oap/cli.c
@@ -0,0 +1,553 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * OAP - Client-side processing
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#if defined(__linux__) || defined(__CYGWIN__)
+ #define _DEFAULT_SOURCE
+#else
+ #define _POSIX_C_SOURCE 200809L
+#endif
+
+#define OUROBOROS_PREFIX "irmd/oap"
+
+#include <ouroboros/crypt.h>
+#include <ouroboros/errno.h>
+#include <ouroboros/logs.h>
+#include <ouroboros/random.h>
+
+#include "config.h"
+
+#include "auth.h"
+#include "hdr.h"
+#include "io.h"
+#include "../oap.h"
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/* Client context between oap_cli_prepare and oap_cli_complete */
+struct oap_cli_ctx {
+ uint8_t __id[OAP_ID_SIZE];
+ buffer_t id;
+ uint8_t kex_buf[MSGBUFSZ];
+ uint8_t req_hash[MAX_HASH_SIZE];
+ size_t req_hash_len;
+ int req_md_nid;
+ struct sec_config kcfg;
+ struct oap_hdr local_hdr;
+ void * pkp; /* Ephemeral keypair */
+ uint8_t * key; /* For client-encap KEM */
+};
+
+#define OAP_CLI_CTX_INIT(s) \
+ do { s->id.len = OAP_ID_SIZE; s->id.data = s->__id; } while (0)
+
+/* Client-side credential loading, mocked in tests */
+
+#ifdef OAP_TEST_MODE
+extern int load_cli_credentials(const struct name_info * info,
+ void ** pkp,
+ void ** crt);
+extern int load_cli_kex_config(const struct name_info * info,
+ struct sec_config * cfg);
+extern int load_server_kem_pk(const char * name,
+ struct sec_config * cfg,
+ buffer_t * buf);
+#else
+
+int load_cli_credentials(const struct name_info * info,
+ void ** pkp,
+ void ** crt)
+{
+ assert(info != NULL);
+ assert(pkp != NULL);
+ assert(crt != NULL);
+
+ return load_credentials(info->name, &info->c, pkp, crt);
+}
+
+int load_cli_kex_config(const struct name_info * info,
+ struct sec_config * cfg)
+{
+ assert(info != NULL);
+ assert(cfg != NULL);
+
+ return load_kex_config(info->name, info->c.enc, cfg);
+}
+
+int load_server_kem_pk(const char * name,
+ struct sec_config * cfg,
+ buffer_t * pk)
+{
+ char path[PATH_MAX];
+ const char * ext;
+
+ assert(name != NULL);
+ assert(cfg != NULL);
+ assert(pk != NULL);
+
+ ext = IS_HYBRID_KEM(cfg->x.str) ? "raw" : "pem";
+
+ snprintf(path, sizeof(path),
+ OUROBOROS_CLI_CRT_DIR "/%s/kex.srv.pub.%s", name, ext);
+
+ if (IS_HYBRID_KEM(cfg->x.str)) {
+ if (crypt_load_pubkey_raw_file(path, pk) < 0) {
+ log_err("Failed to load %s pubkey from %s.", ext, path);
+ return -1;
+ }
+ } else {
+ if (crypt_load_pubkey_file_to_der(path, pk) < 0) {
+ log_err("Failed to load %s pubkey from %s.", ext, path);
+ return -1;
+ }
+ }
+
+ log_dbg("Loaded %s pubkey from %s (%zu bytes).", ext, path, pk->len);
+
+ return 0;
+}
+
+#endif /* OAP_TEST_MODE */
+
+static int do_client_kex_prepare_dhe(struct oap_cli_ctx * s)
+{
+ struct sec_config * kcfg = &s->kcfg;
+ buffer_t * kex = &s->local_hdr.kex;
+ uint8_t * id = s->id.data;
+ ssize_t len;
+
+ /* Generate ephemeral keypair, send PK */
+ len = kex_pkp_create(kcfg, &s->pkp, kex->data);
+ if (len < 0) {
+ log_err_id(id, "Failed to generate DHE keypair.");
+ return -ECRYPT;
+ }
+
+ kex->len = (size_t) len;
+ log_dbg_id(id, "Generated ephemeral %s keys (%zd bytes).",
+ kcfg->x.str, len);
+
+ return 0;
+}
+
+static int do_client_kex_prepare_kem_encap(const char * server_name,
+ struct oap_cli_ctx * s)
+{
+ struct sec_config * kcfg = &s->kcfg;
+ buffer_t * kex = &s->local_hdr.kex;
+ uint8_t * id = s->id.data;
+ buffer_t server_pk = BUF_INIT;
+ uint8_t key_buf[SYMMKEYSZ];
+ ssize_t len;
+
+ if (load_server_kem_pk(server_name, kcfg, &server_pk) < 0) {
+ log_err_id(id, "Failed to load server KEM pk.");
+ return -ECRYPT;
+ }
+
+ if (IS_HYBRID_KEM(kcfg->x.str))
+ len = kex_kem_encap_raw(server_pk, kex->data,
+ kcfg->k.nid, key_buf);
+ else
+ len = kex_kem_encap(server_pk, kex->data,
+ kcfg->k.nid, key_buf);
+
+ freebuf(server_pk);
+
+ if (len < 0) {
+ log_err_id(id, "Failed to encapsulate KEM.");
+ return -ECRYPT;
+ }
+
+ kex->len = (size_t) len;
+ log_dbg_id(id, "Client encaps: CT len=%zd.", len);
+
+ /* Store derived key */
+ s->key = crypt_secure_malloc(SYMMKEYSZ);
+ if (s->key == NULL) {
+ log_err_id(id, "Failed to allocate secure key.");
+ return -ENOMEM;
+ }
+ memcpy(s->key, key_buf, SYMMKEYSZ);
+ crypt_secure_clear(key_buf, SYMMKEYSZ);
+
+ return 0;
+}
+
+static int do_client_kex_prepare_kem_decap(struct oap_cli_ctx * s)
+{
+ struct sec_config * kcfg = &s->kcfg;
+ buffer_t * kex = &s->local_hdr.kex;
+ uint8_t * id = s->id.data;
+ ssize_t len;
+
+ /* Server encaps: generate keypair, send PK */
+ len = kex_pkp_create(kcfg, &s->pkp, kex->data);
+ if (len < 0) {
+ log_err_id(id, "Failed to generate KEM keypair.");
+ return -ECRYPT;
+ }
+
+ kex->len = (size_t) len;
+ log_dbg_id(id, "Client PK for server encaps (%zd bytes).", len);
+
+ return 0;
+}
+
+static int do_client_kex_prepare(const char * server_name,
+ struct oap_cli_ctx * s)
+{
+ struct sec_config * kcfg = &s->kcfg;
+
+ if (!IS_KEX_ALGO_SET(kcfg))
+ return 0;
+
+ if (IS_KEM_ALGORITHM(kcfg->x.str)) {
+ if (kcfg->x.mode == KEM_MODE_CLIENT_ENCAP)
+ return do_client_kex_prepare_kem_encap(server_name, s);
+ else
+ return do_client_kex_prepare_kem_decap(s);
+ }
+
+ return do_client_kex_prepare_dhe(s);
+}
+
+int oap_cli_prepare(void ** ctx,
+ const struct name_info * info,
+ buffer_t * req_buf,
+ buffer_t data)
+{
+ struct oap_cli_ctx * s;
+ void * pkp = NULL;
+ void * crt = NULL;
+ ssize_t ret;
+
+ assert(ctx != NULL);
+ assert(info != NULL);
+ assert(req_buf != NULL);
+
+ clrbuf(*req_buf);
+ *ctx = NULL;
+
+ /* Allocate ctx to carry between prepare and complete */
+ s = malloc(sizeof(*s));
+ if (s == NULL) {
+ log_err("Failed to allocate OAP client ctx.");
+ return -ENOMEM;
+ }
+
+ memset(s, 0, sizeof(*s));
+ OAP_CLI_CTX_INIT(s);
+
+ /* Generate session ID */
+ if (random_buffer(s->__id, OAP_ID_SIZE) < 0) {
+ log_err("Failed to generate OAP session ID.");
+ goto fail_id;
+ }
+
+ log_dbg_id(s->id.data, "Preparing OAP request for %s.", info->name);
+
+ /* Load client credentials */
+ if (load_cli_credentials(info, &pkp, &crt) < 0) {
+ log_err_id(s->id.data, "Failed to load credentials for %s.",
+ info->name);
+ goto fail_id;
+ }
+
+ /* Load KEX config */
+ if (load_cli_kex_config(info, &s->kcfg) < 0) {
+ log_err_id(s->id.data, "Failed to load KEX config for %s.",
+ info->name);
+ goto fail_kex;
+ }
+
+ log_dbg_id(s->id.data, "KEX config: algo=%s, mode=%s, cipher=%s.",
+ s->kcfg.x.str != NULL ? s->kcfg.x.str : "none",
+ s->kcfg.x.mode == KEM_MODE_CLIENT_ENCAP ? "client-encap" :
+ s->kcfg.x.mode == KEM_MODE_SERVER_ENCAP ? "server-encap" :
+ "none",
+ s->kcfg.c.str != NULL ? s->kcfg.c.str : "none");
+
+ oap_hdr_init(&s->local_hdr, s->id, s->kex_buf, data, s->kcfg.c.nid);
+
+ if (do_client_kex_prepare(info->name, s) < 0) {
+ log_err_id(s->id.data, "Failed to prepare client KEX.");
+ goto fail_kex;
+ }
+
+ if (oap_hdr_encode(&s->local_hdr, pkp, crt, &s->kcfg,
+ (buffer_t) BUF_INIT, NID_undef)) {
+ log_err_id(s->id.data, "Failed to create OAP request header.");
+ goto fail_hdr;
+ }
+
+ debug_oap_hdr_snd(&s->local_hdr);
+
+ /* Compute and store hash of request for verification in complete */
+ s->req_md_nid = s->kcfg.d.nid != NID_undef ? s->kcfg.d.nid : NID_sha384;
+ ret = md_digest(s->req_md_nid, s->local_hdr.hdr, s->req_hash);
+ if (ret < 0) {
+ log_err_id(s->id.data, "Failed to hash request.");
+ goto fail_hash;
+ }
+ s->req_hash_len = (size_t) ret;
+
+ /* Transfer ownership of request buffer */
+ *req_buf = s->local_hdr.hdr;
+ clrbuf(s->local_hdr.hdr);
+
+ crypt_free_crt(crt);
+ crypt_free_key(pkp);
+
+ *ctx = s;
+
+ log_dbg_id(s->id.data, "OAP request prepared for %s.", info->name);
+
+ return 0;
+
+ fail_hash:
+ fail_hdr:
+ crypt_secure_free(s->key, SYMMKEYSZ);
+ crypt_free_key(s->pkp);
+ fail_kex:
+ crypt_free_crt(crt);
+ crypt_free_key(pkp);
+ fail_id:
+ free(s);
+ return -ECRYPT;
+}
+
+void oap_ctx_free(void * ctx)
+{
+ struct oap_cli_ctx * s = ctx;
+
+ if (s == NULL)
+ return;
+
+ oap_hdr_fini(&s->local_hdr);
+
+ if (s->pkp != NULL)
+ crypt_free_key(s->pkp);
+
+ if (s->key != NULL)
+ crypt_secure_free(s->key, SYMMKEYSZ);
+
+ memset(s, 0, sizeof(*s));
+ free(s);
+}
+
+static int do_client_kex_complete_kem(struct oap_cli_ctx * s,
+ const struct oap_hdr * peer_hdr,
+ struct crypt_sk * sk)
+{
+ struct sec_config * kcfg = &s->kcfg;
+ uint8_t * id = s->id.data;
+ uint8_t key_buf[SYMMKEYSZ];
+
+ if (kcfg->x.mode == KEM_MODE_SERVER_ENCAP) {
+ buffer_t ct;
+
+ if (peer_hdr->kex.len == 0) {
+ log_err_id(id, "Server did not send KEM CT.");
+ return -ECRYPT;
+ }
+
+ ct.data = peer_hdr->kex.data;
+ ct.len = peer_hdr->kex.len;
+
+ if (kex_kem_decap(s->pkp, ct, kcfg->k.nid, key_buf) < 0) {
+ log_err_id(id, "Failed to decapsulate KEM.");
+ return -ECRYPT;
+ }
+
+ log_dbg_id(id, "Client decapsulated server CT.");
+
+ } else if (kcfg->x.mode == KEM_MODE_CLIENT_ENCAP) {
+ /* Key already derived during prepare */
+ memcpy(sk->key, s->key, SYMMKEYSZ);
+ sk->nid = kcfg->c.nid;
+ log_info_id(id, "Negotiated %s + %s.", kcfg->x.str,
+ kcfg->c.str);
+ return 0;
+ }
+
+ memcpy(sk->key, key_buf, SYMMKEYSZ);
+ sk->nid = kcfg->c.nid;
+ crypt_secure_clear(key_buf, SYMMKEYSZ);
+
+ log_info_id(id, "Negotiated %s + %s.", kcfg->x.str, kcfg->c.str);
+
+ return 0;
+}
+
+static int do_client_kex_complete_dhe(struct oap_cli_ctx * s,
+ const struct oap_hdr * peer_hdr,
+ struct crypt_sk * sk)
+{
+ struct sec_config * kcfg = &s->kcfg;
+ uint8_t * id = s->id.data;
+ uint8_t key_buf[SYMMKEYSZ];
+
+ /* DHE: derive from server's public key */
+ if (peer_hdr->kex.len == 0) {
+ log_err_id(id, "Server did not send DHE public key.");
+ return -ECRYPT;
+ }
+
+ if (kex_dhe_derive(kcfg, s->pkp, peer_hdr->kex, key_buf) < 0) {
+ log_err_id(id, "Failed to derive DHE secret.");
+ return -ECRYPT;
+ }
+
+ log_dbg_id(id, "DHE: derived shared secret.");
+
+ memcpy(sk->key, key_buf, SYMMKEYSZ);
+ sk->nid = kcfg->c.nid;
+ crypt_secure_clear(key_buf, SYMMKEYSZ);
+
+ log_info_id(id, "Negotiated %s + %s.", kcfg->x.str, kcfg->c.str);
+
+ return 0;
+}
+
+
+static int do_client_kex_complete(struct oap_cli_ctx * s,
+ const struct oap_hdr * peer_hdr,
+ struct crypt_sk * sk)
+{
+ struct sec_config * kcfg = &s->kcfg;
+ uint8_t * id = s->id.data;
+
+ if (!IS_KEX_ALGO_SET(kcfg))
+ return 0;
+
+ /* Accept server's cipher choice */
+ if (peer_hdr->cipher_str == NULL) {
+ log_err_id(id, "Server did not provide cipher.");
+ return -ECRYPT;
+ }
+
+ SET_KEX_CIPHER(kcfg, peer_hdr->cipher_str);
+ if (crypt_validate_nid(kcfg->c.nid) < 0) {
+ log_err_id(id, "Server cipher '%s' not supported.",
+ peer_hdr->cipher_str);
+ return -ENOTSUP;
+ }
+
+ log_dbg_id(id, "Accepted server cipher %s.", peer_hdr->cipher_str);
+
+ /* Derive shared secret */
+ if (IS_KEM_ALGORITHM(kcfg->x.str))
+ return do_client_kex_complete_kem(s, peer_hdr, sk);
+
+ return do_client_kex_complete_dhe(s, peer_hdr, sk);
+}
+
+int oap_cli_complete(void * ctx,
+ const struct name_info * info,
+ buffer_t rsp_buf,
+ buffer_t * data,
+ struct crypt_sk * sk)
+{
+ struct oap_cli_ctx * s = ctx;
+ struct oap_hdr peer_hdr;
+ char peer[NAME_SIZE + 1];
+ uint8_t * id;
+
+ assert(ctx != NULL);
+ assert(info != NULL);
+ assert(data != NULL);
+ assert(sk != NULL);
+
+ sk->nid = NID_undef;
+
+ clrbuf(*data);
+
+ memset(&peer_hdr, 0, sizeof(peer_hdr));
+
+ id = s->id.data;
+
+ log_dbg_id(id, "Completing OAP for %s.", info->name);
+
+ /* Decode response header using client's md_nid for hash length */
+ if (oap_hdr_decode(&peer_hdr, rsp_buf, s->req_md_nid) < 0) {
+ log_err_id(id, "Failed to decode OAP response header.");
+ goto fail_oap;
+ }
+
+ debug_oap_hdr_rcv(&peer_hdr);
+
+ /* Verify response ID matches request */
+ if (memcmp(peer_hdr.id.data, id, OAP_ID_SIZE) != 0) {
+ log_err_id(id, "OAP response ID mismatch.");
+ goto fail_oap;
+ }
+
+ /* Authenticate server */
+ if (oap_auth_peer(peer, &s->local_hdr, &peer_hdr) < 0) {
+ log_err_id(id, "Failed to authenticate server.");
+ goto fail_oap;
+ }
+
+ /* Verify request hash in authenticated response */
+ if (peer_hdr.req_hash.len == 0) {
+ log_err_id(id, "Response missing req_hash.");
+ goto fail_oap;
+ }
+
+ if (memcmp(peer_hdr.req_hash.data, s->req_hash, s->req_hash_len) != 0) {
+ log_err_id(id, "Response req_hash mismatch.");
+ goto fail_oap;
+ }
+
+ /* Verify peer certificate name matches expected destination */
+ if (peer_hdr.crt.len > 0 && strcmp(peer, info->name) != 0) {
+ log_err_id(id, "Peer crt for '%s' does not match '%s'.",
+ peer, info->name);
+ goto fail_oap;
+ }
+
+ /* Complete key exchange */
+ if (do_client_kex_complete(s, &peer_hdr, sk) < 0) {
+ log_err_id(id, "Failed to complete key exchange.");
+ goto fail_oap;
+ }
+
+ /* Copy piggybacked data from server response */
+ if (oap_hdr_copy_data(&peer_hdr, data) < 0) {
+ log_err_id(id, "Failed to copy server data.");
+ goto fail_oap;
+ }
+
+ log_info_id(id, "OAP completed for %s.", info->name);
+
+ oap_ctx_free(s);
+
+ return 0;
+
+ fail_oap:
+ oap_ctx_free(s);
+ return -ECRYPT;
+}
diff --git a/src/irmd/oap/hdr.c b/src/irmd/oap/hdr.c
new file mode 100644
index 00000000..cdff7ab6
--- /dev/null
+++ b/src/irmd/oap/hdr.c
@@ -0,0 +1,456 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * OAP - Header encoding, decoding, and debugging
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#if defined(__linux__) || defined(__CYGWIN__)
+ #define _DEFAULT_SOURCE
+#else
+ #define _POSIX_C_SOURCE 200809L
+#endif
+
+#define OUROBOROS_PREFIX "irmd/oap"
+
+#include <ouroboros/crypt.h>
+#include <ouroboros/endian.h>
+#include <ouroboros/hash.h>
+#include <ouroboros/logs.h>
+#include <ouroboros/rib.h>
+#include <ouroboros/time.h>
+
+#include "config.h"
+
+#include "hdr.h"
+
+#include <assert.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+int oap_hdr_decode(struct oap_hdr * oap_hdr,
+ buffer_t hdr,
+ int req_md_nid)
+{
+ off_t offset;
+ uint16_t kex_len;
+ uint16_t ciph_nid;
+ size_t crt_len;
+ size_t data_len;
+ size_t hash_len;
+ size_t sig_len;
+
+ assert(oap_hdr != NULL);
+ memset(oap_hdr, 0, sizeof(*oap_hdr));
+
+ if (hdr.len < OAP_HDR_MIN_SIZE)
+ goto fail_decode;
+
+ /* Parse fixed header (36 bytes) */
+ oap_hdr->id.data = hdr.data;
+ oap_hdr->id.len = OAP_ID_SIZE;
+
+ offset = OAP_ID_SIZE;
+
+ oap_hdr->timestamp = ntoh64(*(uint64_t *)(hdr.data + offset));
+ offset += sizeof(uint64_t);
+
+ /* cipher NID */
+ ciph_nid = ntoh16(*(uint16_t *)(hdr.data + offset));
+ oap_hdr->nid = ciph_nid;
+ oap_hdr->cipher_str = crypt_nid_to_str(ciph_nid);
+ offset += sizeof(uint16_t);
+
+ /* kdf NID */
+ oap_hdr->kdf_nid = ntoh16(*(uint16_t *)(hdr.data + offset));
+ oap_hdr->kdf_str = md_nid_to_str(oap_hdr->kdf_nid);
+ offset += sizeof(uint16_t);
+
+ /* md NID (signature hash) */
+ oap_hdr->md_nid = ntoh16(*(uint16_t *)(hdr.data + offset));
+ oap_hdr->md_str = md_nid_to_str(oap_hdr->md_nid);
+ offset += sizeof(uint16_t);
+
+ /* Validate NIDs: NID_undef is valid at parse time, else must be known.
+ * Note: md_nid=NID_undef only valid for PQC; enforced at sign/verify.
+ */
+ if (ciph_nid != NID_undef && crypt_validate_nid(ciph_nid) < 0)
+ goto fail_decode;
+ if (oap_hdr->kdf_nid != NID_undef &&
+ md_validate_nid(oap_hdr->kdf_nid) < 0)
+ goto fail_decode;
+ if (oap_hdr->md_nid != NID_undef &&
+ md_validate_nid(oap_hdr->md_nid) < 0)
+ goto fail_decode;
+
+ /* crt_len */
+ crt_len = (size_t) ntoh16(*(uint16_t *)(hdr.data + offset));
+ offset += sizeof(uint16_t);
+
+ /* kex_len + flags */
+ kex_len = ntoh16(*(uint16_t *)(hdr.data + offset));
+ oap_hdr->kex.len = (size_t) (kex_len & OAP_KEX_LEN_MASK);
+ oap_hdr->kex_flags.fmt = (kex_len & OAP_KEX_FMT_BIT) ? 1 : 0;
+ oap_hdr->kex_flags.role = (kex_len & OAP_KEX_ROLE_BIT) ? 1 : 0;
+ offset += sizeof(uint16_t);
+
+ /* data_len */
+ data_len = (size_t) ntoh16(*(uint16_t *)(hdr.data + offset));
+ offset += sizeof(uint16_t);
+
+ /* Response includes req_hash when md_nid is set */
+ hash_len = (req_md_nid != NID_undef) ?
+ (size_t) md_len(req_md_nid) : 0;
+
+ /* Validate total length */
+ if (hdr.len < (size_t) offset + crt_len + oap_hdr->kex.len +
+ data_len + hash_len)
+ goto fail_decode;
+
+ /* Derive sig_len from remaining bytes */
+ sig_len = hdr.len - offset - crt_len - oap_hdr->kex.len -
+ data_len - hash_len;
+
+ /* Unsigned packets must not have trailing bytes */
+ if (crt_len == 0 && sig_len != 0)
+ goto fail_decode;
+
+ /* Parse variable fields */
+ oap_hdr->crt.data = hdr.data + offset;
+ oap_hdr->crt.len = crt_len;
+ offset += crt_len;
+
+ oap_hdr->kex.data = hdr.data + offset;
+ offset += oap_hdr->kex.len;
+
+ oap_hdr->data.data = hdr.data + offset;
+ oap_hdr->data.len = data_len;
+ offset += data_len;
+
+ oap_hdr->req_hash.data = hdr.data + offset;
+ oap_hdr->req_hash.len = hash_len;
+ offset += hash_len;
+
+ oap_hdr->sig.data = hdr.data + offset;
+ oap_hdr->sig.len = sig_len;
+
+ oap_hdr->hdr = hdr;
+
+ return 0;
+
+ fail_decode:
+ memset(oap_hdr, 0, sizeof(*oap_hdr));
+ return -1;
+}
+
+void oap_hdr_fini(struct oap_hdr * oap_hdr)
+{
+ assert(oap_hdr != NULL);
+
+ freebuf(oap_hdr->hdr);
+ memset(oap_hdr, 0, sizeof(*oap_hdr));
+}
+
+int oap_hdr_copy_data(const struct oap_hdr * hdr,
+ buffer_t * out)
+{
+ assert(hdr != NULL);
+ assert(out != NULL);
+
+ if (hdr->data.len == 0) {
+ clrbuf(*out);
+ return 0;
+ }
+
+ out->data = malloc(hdr->data.len);
+ if (out->data == NULL)
+ return -ENOMEM;
+
+ memcpy(out->data, hdr->data.data, hdr->data.len);
+ out->len = hdr->data.len;
+
+ return 0;
+}
+
+void oap_hdr_init(struct oap_hdr * hdr,
+ buffer_t id,
+ uint8_t * kex_buf,
+ buffer_t data,
+ uint16_t nid)
+{
+ assert(hdr != NULL);
+ assert(id.data != NULL && id.len == OAP_ID_SIZE);
+
+ memset(hdr, 0, sizeof(*hdr));
+
+ hdr->id = id;
+ hdr->kex.data = kex_buf;
+ hdr->kex.len = 0;
+ hdr->data = data;
+ hdr->nid = nid;
+}
+
+int oap_hdr_encode(struct oap_hdr * hdr,
+ void * pkp,
+ void * crt,
+ struct sec_config * kcfg,
+ buffer_t req_hash,
+ int req_md_nid)
+{
+ struct timespec now;
+ uint64_t stamp;
+ buffer_t out;
+ buffer_t der = BUF_INIT;
+ buffer_t sig = BUF_INIT;
+ buffer_t sign;
+ uint16_t len;
+ uint16_t ciph_nid;
+ uint16_t kdf_nid;
+ uint16_t md_nid;
+ uint16_t kex_len;
+ off_t offset;
+
+ assert(hdr != NULL);
+ assert(hdr->id.data != NULL && hdr->id.len == OAP_ID_SIZE);
+ assert(kcfg != NULL);
+
+ clock_gettime(CLOCK_REALTIME, &now);
+ stamp = hton64(TS_TO_UINT64(now));
+
+ if (crt != NULL && crypt_crt_der(crt, &der) < 0)
+ goto fail_der;
+
+ ciph_nid = hton16(hdr->nid);
+ kdf_nid = hton16(kcfg->k.nid);
+ md_nid = hton16(kcfg->d.nid);
+
+ /* Build kex_len with flags */
+ kex_len = (uint16_t) hdr->kex.len;
+ if (hdr->kex.len > 0 && IS_KEM_ALGORITHM(kcfg->x.str)) {
+ if (IS_HYBRID_KEM(kcfg->x.str))
+ kex_len |= OAP_KEX_FMT_BIT;
+ if (kcfg->x.mode == KEM_MODE_CLIENT_ENCAP)
+ kex_len |= OAP_KEX_ROLE_BIT;
+ }
+ kex_len = hton16(kex_len);
+
+ /* Fixed header (36 bytes) + variable fields + req_hash (if auth) */
+ out.len = OAP_HDR_MIN_SIZE + der.len + hdr->kex.len + hdr->data.len +
+ req_hash.len;
+
+ out.data = malloc(out.len);
+ if (out.data == NULL)
+ goto fail_out;
+
+ offset = 0;
+
+ /* id (16 bytes) */
+ memcpy(out.data + offset, hdr->id.data, hdr->id.len);
+ offset += hdr->id.len;
+
+ /* timestamp (8 bytes) */
+ memcpy(out.data + offset, &stamp, sizeof(stamp));
+ offset += sizeof(stamp);
+
+ /* cipher_nid (2 bytes) */
+ memcpy(out.data + offset, &ciph_nid, sizeof(ciph_nid));
+ offset += sizeof(ciph_nid);
+
+ /* kdf_nid (2 bytes) */
+ memcpy(out.data + offset, &kdf_nid, sizeof(kdf_nid));
+ offset += sizeof(kdf_nid);
+
+ /* md_nid (2 bytes) */
+ memcpy(out.data + offset, &md_nid, sizeof(md_nid));
+ offset += sizeof(md_nid);
+
+ /* crt_len (2 bytes) */
+ len = hton16((uint16_t) der.len);
+ memcpy(out.data + offset, &len, sizeof(len));
+ offset += sizeof(len);
+
+ /* kex_len + flags (2 bytes) */
+ memcpy(out.data + offset, &kex_len, sizeof(kex_len));
+ offset += sizeof(kex_len);
+
+ /* data_len (2 bytes) */
+ len = hton16((uint16_t) hdr->data.len);
+ memcpy(out.data + offset, &len, sizeof(len));
+ offset += sizeof(len);
+
+ /* Fixed header complete (36 bytes) */
+ assert((size_t) offset == OAP_HDR_MIN_SIZE);
+
+ /* certificate (variable) */
+ if (der.len != 0)
+ memcpy(out.data + offset, der.data, der.len);
+ offset += der.len;
+
+ /* kex data (variable) */
+ if (hdr->kex.len != 0)
+ memcpy(out.data + offset, hdr->kex.data, hdr->kex.len);
+ offset += hdr->kex.len;
+
+ /* data (variable) */
+ if (hdr->data.len != 0)
+ memcpy(out.data + offset, hdr->data.data, hdr->data.len);
+ offset += hdr->data.len;
+
+ /* req_hash (variable, only for authenticated responses) */
+ if (req_hash.len != 0)
+ memcpy(out.data + offset, req_hash.data, req_hash.len);
+ offset += req_hash.len;
+
+ assert((size_t) offset == out.len);
+
+ /* Sign the entire header (fixed + variable, excluding signature) */
+ sign.data = out.data;
+ sign.len = out.len;
+
+ if (pkp != NULL && auth_sign(pkp, kcfg->d.nid, sign, &sig) < 0)
+ goto fail_sig;
+
+ hdr->hdr = out;
+
+ /* Append signature */
+ if (sig.len > 0) {
+ hdr->hdr.len += sig.len;
+ hdr->hdr.data = realloc(out.data, hdr->hdr.len);
+ if (hdr->hdr.data == NULL)
+ goto fail_realloc;
+
+ memcpy(hdr->hdr.data + offset, sig.data, sig.len);
+ clrbuf(out);
+ }
+
+ if (oap_hdr_decode(hdr, hdr->hdr, req_md_nid) < 0)
+ goto fail_decode;
+
+ freebuf(der);
+ freebuf(sig);
+
+ return 0;
+
+ fail_decode:
+ oap_hdr_fini(hdr);
+ fail_realloc:
+ freebuf(sig);
+ fail_sig:
+ freebuf(out);
+ fail_out:
+ freebuf(der);
+ fail_der:
+ return -1;
+}
+
+#ifdef DEBUG_PROTO_OAP
+static void debug_oap_hdr(const struct oap_hdr * hdr)
+{
+ assert(hdr);
+
+ if (hdr->crt.len > 0)
+ log_proto(" crt: [%zu bytes]", hdr->crt.len);
+ else
+ log_proto(" crt: <none>");
+
+ if (hdr->kex.len > 0)
+ log_proto(" Key Exchange Data: [%zu bytes] [%s]",
+ hdr->kex.len, hdr->kex_flags.role ?
+ "Client encaps" : "Server encaps");
+ else
+ log_proto(" Ephemeral Public Key: <none>");
+
+ if (hdr->cipher_str != NULL)
+ log_proto(" Cipher: %s", hdr->cipher_str);
+ else
+ log_proto(" Cipher: <none>");
+
+ if (hdr->kdf_str != NULL)
+ log_proto(" KDF: HKDF-%s", hdr->kdf_str);
+ else
+ log_proto(" KDF: <none>");
+
+ if (hdr->md_str != NULL)
+ log_proto(" Digest: %s", hdr->md_str);
+ else
+ log_proto(" Digest: <none>");
+
+ if (hdr->data.len > 0)
+ log_proto(" Data: [%zu bytes]", hdr->data.len);
+ else
+ log_proto(" Data: <none>");
+
+ if (hdr->req_hash.len > 0)
+ log_proto(" Req Hash: [%zu bytes]", hdr->req_hash.len);
+ else
+ log_proto(" Req Hash: <none>");
+
+ if (hdr->sig.len > 0)
+ log_proto(" Signature: [%zu bytes]", hdr->sig.len);
+ else
+ log_proto(" Signature: <none>");
+}
+#endif
+
+void debug_oap_hdr_rcv(const struct oap_hdr * hdr)
+{
+#ifdef DEBUG_PROTO_OAP
+ struct tm * tm;
+ char tmstr[RIB_TM_STRLEN];
+ time_t stamp;
+
+ assert(hdr);
+
+ stamp = (time_t) hdr->timestamp / BILLION;
+
+ tm = gmtime(&stamp);
+ strftime(tmstr, sizeof(tmstr), RIB_TM_FORMAT, tm);
+
+ log_proto("OAP_HDR [" HASH_FMT64 " @ %s ] <--",
+ HASH_VAL64(hdr->id.data), tmstr);
+
+ debug_oap_hdr(hdr);
+#else
+ (void) hdr;
+#endif
+}
+
+void debug_oap_hdr_snd(const struct oap_hdr * hdr)
+{
+#ifdef DEBUG_PROTO_OAP
+ struct tm * tm;
+ char tmstr[RIB_TM_STRLEN];
+ time_t stamp;
+
+ assert(hdr);
+
+ stamp = (time_t) hdr->timestamp / BILLION;
+
+ tm = gmtime(&stamp);
+ strftime(tmstr, sizeof(tmstr), RIB_TM_FORMAT, tm);
+
+ log_proto("OAP_HDR [" HASH_FMT64 " @ %s ] -->",
+ HASH_VAL64(hdr->id.data), tmstr);
+
+ debug_oap_hdr(hdr);
+#else
+ (void) hdr;
+#endif
+}
diff --git a/src/irmd/oap/hdr.h b/src/irmd/oap/hdr.h
new file mode 100644
index 00000000..f603b169
--- /dev/null
+++ b/src/irmd/oap/hdr.h
@@ -0,0 +1,159 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * OAP - Header definitions and functions
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#ifndef OUROBOROS_IRMD_OAP_HDR_H
+#define OUROBOROS_IRMD_OAP_HDR_H
+
+#include <ouroboros/crypt.h>
+#include <ouroboros/utils.h>
+
+#include <stdbool.h>
+#include <stdint.h>
+
+#define OAP_ID_SIZE (16)
+#define OAP_HDR_MIN_SIZE (OAP_ID_SIZE + sizeof(uint64_t) + 6 * sizeof(uint16_t))
+
+#define OAP_KEX_FMT_BIT 0x8000 /* bit 15: 0=X.509 DER, 1=Raw */
+#define OAP_KEX_ROLE_BIT 0x4000 /* bit 14: 0=Server encaps, 1=Client encaps */
+#define OAP_KEX_LEN_MASK 0x3FFF /* bits 0-13: Length (0-16383 bytes) */
+
+#define OAP_KEX_ROLE(hdr) (hdr->kex_flags.role)
+#define OAP_KEX_FMT(hdr) (hdr->kex_flags.fmt)
+
+#define OAP_KEX_IS_X509_FMT(hdr) (((hdr)->kex_flags.fmt) == 0)
+#define OAP_KEX_IS_RAW_FMT(hdr) (((hdr)->kex_flags.fmt) == 1)
+
+/*
+ * 0 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ---+
+ * | | |
+ * + + |
+ * | | |
+ * + id (128 bits) + |
+ * | Unique flow allocation ID | |
+ * + + |
+ * | | |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
+ * | | |
+ * + timestamp (64 bits) + |
+ * | UTC nanoseconds since epoch | |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
+ * | cipher_nid (16 bits) | kdf_nid (16 bits) | |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
+ * | md_nid (16 bits) | crt_len (16 bits) | |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
+ * |F|R| kex_len (14 bits) | data_len (16 bits) | | Signed
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Region
+ * | | |
+ * + certificate (variable) + |
+ * | X.509 certificate, DER encoded | |
+ * + + |
+ * | | |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
+ * | | |
+ * + kex_data (variable) + |
+ * | public key (DER/raw) or ciphertext (KEM) | |
+ * + + |
+ * | | |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
+ * | | |
+ * + data (variable) + |
+ * | Piggybacked application data | |
+ * + + |
+ * | | |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
+ * | | |
+ * + req_hash (variable, response only) + |
+ * | H(request) using req md_nid / sha384 | |
+ * | | |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ---+
+ * | |
+ * + signature (variable) +
+ * | DSA signature over signed region |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ * cipher_nid: NID value for symmetric cipher (0 = none)
+ * kdf_nid: NID value for KDF function (0 = none)
+ * md_nid: NID value for signature hash (0 = PQC/no signature)
+ *
+ * kex_len field bit layout:
+ * F (bit 15): Format - 0 = X.509 DER, 1 = Raw/Hybrid
+ * R (bit 14): Role - 0 = Server encaps, 1 = Client encaps
+ * (R is ignored for non-KEM algorithms)
+ * Bits 0-13: Length (0-16383 bytes)
+ *
+ * Request: sig_len = total - 36 - crt_len - kex_len - data_len
+ * Response: sig_len = total - 36 - crt_len - kex_len - data_len - hash_len
+ * where hash_len = md_len(req_md_nid / sha384)
+ */
+
+/* Parsed OAP header - buffers pointing to a single memory region */
+struct oap_hdr {
+ const char * cipher_str;
+ const char * kdf_str;
+ const char * md_str;
+ uint64_t timestamp;
+ uint16_t nid;
+ uint16_t kdf_nid;
+ uint16_t md_nid;
+ struct {
+ bool fmt; /* Format */
+ bool role; /* Role */
+ } kex_flags;
+ buffer_t id;
+ buffer_t crt;
+ buffer_t kex;
+ buffer_t data;
+ buffer_t req_hash; /* H(request) - response only */
+ buffer_t sig;
+ buffer_t hdr;
+};
+
+
+void oap_hdr_init(struct oap_hdr * hdr,
+ buffer_t id,
+ uint8_t * kex_buf,
+ buffer_t data,
+ uint16_t nid);
+
+void oap_hdr_fini(struct oap_hdr * oap_hdr);
+
+int oap_hdr_encode(struct oap_hdr * hdr,
+ void * pkp,
+ void * crt,
+ struct sec_config * kcfg,
+ buffer_t req_hash,
+ int req_md_nid);
+
+int oap_hdr_decode(struct oap_hdr * hdr,
+ buffer_t buf,
+ int req_md_nid);
+
+void debug_oap_hdr_rcv(const struct oap_hdr * hdr);
+
+void debug_oap_hdr_snd(const struct oap_hdr * hdr);
+
+int oap_hdr_copy_data(const struct oap_hdr * hdr,
+ buffer_t * out);
+
+#endif /* OUROBOROS_IRMD_OAP_HDR_H */
diff --git a/src/irmd/oap/internal.h b/src/irmd/oap/internal.h
new file mode 100644
index 00000000..8363e3a2
--- /dev/null
+++ b/src/irmd/oap/internal.h
@@ -0,0 +1,133 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * OAP internal definitions
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#ifndef OUROBOROS_IRMD_OAP_INTERNAL_H
+#define OUROBOROS_IRMD_OAP_INTERNAL_H
+
+#include <ouroboros/crypt.h>
+#include <ouroboros/list.h>
+#include <ouroboros/name.h>
+#include <ouroboros/pthread.h>
+#include <ouroboros/utils.h>
+
+#include "hdr.h"
+
+#include <stdbool.h>
+#include <stdint.h>
+
+/*
+ * Authentication functions (auth.c)
+ */
+int oap_check_hdr(const struct oap_hdr * hdr);
+
+int oap_auth_peer(char * name,
+ const struct oap_hdr * local_hdr,
+ const struct oap_hdr * peer_hdr);
+
+/*
+ * Key exchange functions (kex.c)
+ */
+int oap_negotiate_cipher(const struct oap_hdr * peer_hdr,
+ struct sec_config * kcfg);
+
+/*
+ * Credential loading (oap.c) - shared between client and server
+ */
+#ifndef OAP_TEST_MODE
+int load_credentials(const char * name,
+ const struct name_sec_paths * paths,
+ void ** pkp,
+ void ** crt);
+
+int load_kex_config(const char * name,
+ const char * path,
+ struct sec_config * cfg);
+#endif
+
+/*
+ * Server functions (srv.c)
+ */
+#ifndef OAP_TEST_MODE
+int load_srv_credentials(const struct name_info * info,
+ void ** pkp,
+ void ** crt);
+
+int load_srv_kex_config(const struct name_info * info,
+ struct sec_config * cfg);
+
+int load_server_kem_keypair(const char * name,
+ struct sec_config * cfg,
+ void ** pkp);
+#else
+extern int load_srv_credentials(const struct name_info * info,
+ void ** pkp,
+ void ** crt);
+extern int load_srv_kex_config(const struct name_info * info,
+ struct sec_config * cfg);
+extern int load_server_kem_keypair(const char * name,
+ struct sec_config * cfg,
+ void ** pkp);
+#endif
+
+int do_server_kex(const struct name_info * info,
+ struct oap_hdr * peer_hdr,
+ struct sec_config * kcfg,
+ buffer_t * kex,
+ struct crypt_sk * sk);
+
+/*
+ * Client functions (cli.c)
+ */
+#ifndef OAP_TEST_MODE
+int load_cli_credentials(const struct name_info * info,
+ void ** pkp,
+ void ** crt);
+
+int load_cli_kex_config(const struct name_info * info,
+ struct sec_config * cfg);
+
+int load_server_kem_pk(const char * name,
+ struct sec_config * cfg,
+ buffer_t * pk);
+#else
+extern int load_cli_credentials(const struct name_info * info,
+ void ** pkp,
+ void ** crt);
+extern int load_cli_kex_config(const struct name_info * info,
+ struct sec_config * cfg);
+extern int load_server_kem_pk(const char * name,
+ struct sec_config * cfg,
+ buffer_t * pk);
+#endif
+
+int oap_client_kex_prepare(struct sec_config * kcfg,
+ buffer_t server_pk,
+ buffer_t * kex,
+ uint8_t * key,
+ void ** ephemeral_pkp);
+
+int oap_client_kex_complete(const struct oap_hdr * peer_hdr,
+ struct sec_config * kcfg,
+ void * pkp,
+ uint8_t * key);
+
+#endif /* OUROBOROS_IRMD_OAP_INTERNAL_H */
diff --git a/src/irmd/oap/io.c b/src/irmd/oap/io.c
new file mode 100644
index 00000000..e4189d4d
--- /dev/null
+++ b/src/irmd/oap/io.c
@@ -0,0 +1,132 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * OAP - File I/O for credentials and configuration
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#if defined(__linux__) || defined(__CYGWIN__)
+ #define _DEFAULT_SOURCE
+#else
+ #define _POSIX_C_SOURCE 200809L
+#endif
+
+#define OUROBOROS_PREFIX "irmd/oap"
+
+#include <ouroboros/crypt.h>
+#include <ouroboros/errno.h>
+#include <ouroboros/logs.h>
+
+#include "config.h"
+
+#include "io.h"
+
+#include <assert.h>
+#include <string.h>
+#include <sys/stat.h>
+
+/*
+ * Shared credential and configuration loading helpers
+ */
+
+#ifndef OAP_TEST_MODE
+
+static bool file_exists(const char * path)
+{
+ struct stat s;
+
+ if (stat(path, &s) < 0 && errno == ENOENT) {
+ log_dbg("File %s does not exist.", path);
+ return false;
+ }
+
+ return true;
+}
+
+int load_credentials(const char * name,
+ const struct name_sec_paths * paths,
+ void ** pkp,
+ void ** crt)
+{
+ assert(paths != NULL);
+ assert(pkp != NULL);
+ assert(crt != NULL);
+
+ *pkp = NULL;
+ *crt = NULL;
+
+ if (!file_exists(paths->crt) || !file_exists(paths->key)) {
+ log_info("No authentication certificates for %s.", name);
+ return 0;
+ }
+
+ if (crypt_load_crt_file(paths->crt, crt) < 0) {
+ log_err("Failed to load %s for %s.", paths->crt, name);
+ goto fail_crt;
+ }
+
+ if (crypt_load_privkey_file(paths->key, pkp) < 0) {
+ log_err("Failed to load %s for %s.", paths->key, name);
+ goto fail_key;
+ }
+
+ log_info("Loaded authentication certificates for %s.", name);
+
+ return 0;
+
+ fail_key:
+ crypt_free_crt(*crt);
+ *crt = NULL;
+ fail_crt:
+ return -EAUTH;
+}
+
+int load_kex_config(const char * name,
+ const char * path,
+ struct sec_config * cfg)
+{
+ assert(name != NULL);
+ assert(cfg != NULL);
+
+ memset(cfg, 0, sizeof(*cfg));
+
+ /* Load encryption config */
+ if (!file_exists(path))
+ log_dbg("No encryption %s for %s.", path, name);
+
+ if (load_sec_config_file(cfg, path) < 0) {
+ log_warn("Failed to load %s for %s.", path, name);
+ return -1;
+ }
+
+ if (!IS_KEX_ALGO_SET(cfg)) {
+ log_info("Key exchange not configured for %s.", name);
+ return 0;
+ }
+
+ if (cfg->c.nid == NID_undef || crypt_nid_to_str(cfg->c.nid) == NULL) {
+ log_err("Invalid cipher NID %d for %s.", cfg->c.nid, name);
+ return -ECRYPT;
+ }
+
+ log_info("Encryption enabled for %s.", name);
+
+ return 0;
+}
+
+#endif /* OAP_TEST_MODE */
diff --git a/src/irmd/oap/io.h b/src/irmd/oap/io.h
new file mode 100644
index 00000000..a31ddf85
--- /dev/null
+++ b/src/irmd/oap/io.h
@@ -0,0 +1,40 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * OAP - Credential and configuration file I/O
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#ifndef OUROBOROS_IRMD_OAP_IO_H
+#define OUROBOROS_IRMD_OAP_IO_H
+
+#include <ouroboros/crypt.h>
+#include <ouroboros/name.h>
+
+#ifndef OAP_TEST_MODE
+int load_credentials(const char * name,
+ const struct name_sec_paths * paths,
+ void ** pkp,
+ void ** crt);
+
+int load_kex_config(const char * name,
+ const char * path,
+ struct sec_config * cfg);
+#endif
+
+#endif /* OUROBOROS_IRMD_OAP_IO_H */
diff --git a/src/irmd/oap/srv.c b/src/irmd/oap/srv.c
new file mode 100644
index 00000000..c5a4453f
--- /dev/null
+++ b/src/irmd/oap/srv.c
@@ -0,0 +1,462 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * OAP - Server-side processing
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#if defined(__linux__) || defined(__CYGWIN__)
+ #define _DEFAULT_SOURCE
+#else
+ #define _POSIX_C_SOURCE 200809L
+#endif
+
+#define OUROBOROS_PREFIX "irmd/oap"
+
+#include <ouroboros/crypt.h>
+#include <ouroboros/errno.h>
+#include <ouroboros/logs.h>
+
+#include "config.h"
+
+#include "auth.h"
+#include "hdr.h"
+#include "io.h"
+#include "oap.h"
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef OAP_TEST_MODE
+extern int load_srv_credentials(const struct name_info * info,
+ void ** pkp,
+ void ** crt);
+extern int load_srv_kex_config(const struct name_info * info,
+ struct sec_config * cfg);
+extern int load_server_kem_keypair(const char * name,
+ bool raw_fmt,
+ void ** pkp);
+#else
+
+int load_srv_credentials(const struct name_info * info,
+ void ** pkp,
+ void ** crt)
+{
+ assert(info != NULL);
+ assert(pkp != NULL);
+ assert(crt != NULL);
+
+ return load_credentials(info->name, &info->s, pkp, crt);
+}
+
+int load_srv_kex_config(const struct name_info * info,
+ struct sec_config * cfg)
+{
+ assert(info != NULL);
+ assert(cfg != NULL);
+
+ return load_kex_config(info->name, info->s.enc, cfg);
+}
+
+int load_server_kem_keypair(const char * name,
+ bool raw_fmt,
+ void ** pkp)
+{
+ char path[PATH_MAX];
+ const char * ext;
+
+ assert(name != NULL);
+ assert(pkp != NULL);
+
+ ext = raw_fmt ? "raw" : "pem";
+
+ snprintf(path, sizeof(path),
+ OUROBOROS_SRV_CRT_DIR "/%s/kex.key.%s", name, ext);
+
+ if (raw_fmt) {
+ if (crypt_load_privkey_raw_file(path, pkp) < 0) {
+ log_err("Failed to load %s keypair from %s.",
+ ext, path);
+ return -ECRYPT;
+ }
+ } else {
+ if (crypt_load_privkey_file(path, pkp) < 0) {
+ log_err("Failed to load %s keypair from %s.",
+ ext, path);
+ return -ECRYPT;
+ }
+ }
+
+ log_dbg("Loaded server KEM keypair from %s.", path);
+ return 0;
+}
+
+#endif /* OAP_TEST_MODE */
+
+static int get_algo_from_peer_key(const struct oap_hdr * peer_hdr,
+ char * algo_buf)
+{
+ uint8_t * id = peer_hdr->id.data;
+ int ret;
+
+ if (OAP_KEX_IS_RAW_FMT(peer_hdr)) {
+ ret = kex_get_algo_from_pk_raw(peer_hdr->kex, algo_buf);
+ if (ret < 0) {
+ log_err_id(id, "Failed to get algo from raw key.");
+ return -ECRYPT;
+ }
+ } else {
+ ret = kex_get_algo_from_pk_der(peer_hdr->kex, algo_buf);
+ if (ret < 0) {
+ log_err_id(id, "Failed to get algo from DER key.");
+ return -ECRYPT;
+ }
+ }
+
+ return 0;
+}
+
+static int negotiate_kex(const struct oap_hdr * peer_hdr,
+ struct sec_config * kcfg)
+{
+ uint8_t * id = peer_hdr->id.data;
+
+ if (kcfg->c.nid == NID_undef) {
+ if (peer_hdr->cipher_str != NULL) {
+ SET_KEX_CIPHER(kcfg, peer_hdr->cipher_str);
+ if (kcfg->c.nid == NID_undef) {
+ log_err_id(id, "Unsupported cipher '%s'.",
+ peer_hdr->cipher_str);
+ return -ENOTSUP;
+ }
+ log_dbg_id(id, "Peer requested cipher %s.",
+ peer_hdr->cipher_str);
+ } else {
+ log_err_id(id, "Encryption requested, no cipher.");
+ return -ECRYPT;
+ }
+ } else {
+ log_dbg_id(id, "Using local cipher %s.", kcfg->c.str);
+ }
+
+ /* Negotiate KDF - server overrides client if configured */
+ if (kcfg->k.nid != NID_undef) {
+ log_dbg_id(id, "Using local KDF %s.",
+ md_nid_to_str(kcfg->k.nid));
+ } else if (peer_hdr->kdf_nid != NID_undef) {
+ if (md_validate_nid(peer_hdr->kdf_nid) == 0) {
+ kcfg->k.nid = peer_hdr->kdf_nid;
+ log_dbg_id(id, "Using peer KDF %s.",
+ md_nid_to_str(peer_hdr->kdf_nid));
+ } else {
+ log_err_id(id, "Unsupported KDF NID %d.",
+ peer_hdr->kdf_nid);
+ return -ENOTSUP;
+ }
+ }
+
+ if (IS_KEX_ALGO_SET(kcfg))
+ log_info_id(id, "Negotiated %s + %s.",
+ kcfg->x.str, kcfg->c.str);
+ else
+ log_info_id(id, "No key exchange.");
+
+ return 0;
+}
+
+static int do_server_kem_decap(const struct name_info * info,
+ const struct oap_hdr * peer_hdr,
+ struct sec_config * kcfg,
+ struct crypt_sk * sk)
+{
+ buffer_t ct;
+ void * server_pkp = NULL;
+ int ret;
+ uint8_t * id = peer_hdr->id.data;
+
+ ret = load_server_kem_keypair(info->name,
+ peer_hdr->kex_flags.fmt,
+ &server_pkp);
+ if (ret < 0)
+ return ret;
+
+ ct.data = peer_hdr->kex.data;
+ ct.len = peer_hdr->kex.len;
+
+ ret = kex_kem_decap(server_pkp, ct, kcfg->k.nid, sk->key);
+
+ crypt_free_key(server_pkp);
+
+ if (ret < 0) {
+ log_err_id(id, "Failed to decapsulate KEM.");
+ return -ECRYPT;
+ }
+
+ log_dbg_id(id, "Client encaps: decapsulated CT.");
+
+ return 0;
+}
+
+static int do_server_kem_encap(const struct oap_hdr * peer_hdr,
+ struct sec_config * kcfg,
+ buffer_t * kex,
+ struct crypt_sk * sk)
+{
+ buffer_t client_pk;
+ ssize_t ct_len;
+ uint8_t * id = peer_hdr->id.data;
+
+ client_pk.data = peer_hdr->kex.data;
+ client_pk.len = peer_hdr->kex.len;
+
+ if (IS_HYBRID_KEM(kcfg->x.str))
+ ct_len = kex_kem_encap_raw(client_pk, kex->data,
+ kcfg->k.nid, sk->key);
+ else
+ ct_len = kex_kem_encap(client_pk, kex->data,
+ kcfg->k.nid, sk->key);
+
+ if (ct_len < 0) {
+ log_err_id(id, "Failed to encapsulate KEM.");
+ return -ECRYPT;
+ }
+
+ kex->len = (size_t) ct_len;
+
+ log_dbg_id(id, "Server encaps: generated CT, len=%zd.", ct_len);
+
+ return 0;
+}
+
+static int do_server_kex_kem(const struct name_info * info,
+ struct oap_hdr * peer_hdr,
+ struct sec_config * kcfg,
+ buffer_t * kex,
+ struct crypt_sk * sk)
+{
+ int ret;
+
+ kcfg->x.mode = peer_hdr->kex_flags.role;
+
+ if (kcfg->x.mode == KEM_MODE_CLIENT_ENCAP) {
+ ret = do_server_kem_decap(info, peer_hdr, kcfg, sk);
+ kex->len = 0;
+ } else {
+ ret = do_server_kem_encap(peer_hdr, kcfg, kex, sk);
+ }
+
+ return ret;
+}
+
+static int do_server_kex_dhe(const struct oap_hdr * peer_hdr,
+ struct sec_config * kcfg,
+ buffer_t * kex,
+ struct crypt_sk * sk)
+{
+ ssize_t key_len;
+ void * epkp;
+ int ret;
+ uint8_t * id = peer_hdr->id.data;
+
+ key_len = kex_pkp_create(kcfg, &epkp, kex->data);
+ if (key_len < 0) {
+ log_err_id(id, "Failed to generate key pair.");
+ return -ECRYPT;
+ }
+
+ kex->len = (size_t) key_len;
+
+ log_dbg_id(id, "Generated %s ephemeral keys.", kcfg->x.str);
+
+ ret = kex_dhe_derive(kcfg, epkp, peer_hdr->kex, sk->key);
+ if (ret < 0) {
+ log_err_id(id, "Failed to derive secret.");
+ kex_pkp_destroy(epkp);
+ return -ECRYPT;
+ }
+
+ kex_pkp_destroy(epkp);
+
+ return 0;
+}
+
+int do_server_kex(const struct name_info * info,
+ struct oap_hdr * peer_hdr,
+ struct sec_config * kcfg,
+ buffer_t * kex,
+ struct crypt_sk * sk)
+{
+ char algo_buf[KEX_ALGO_BUFSZ];
+ uint8_t * id;
+
+ id = peer_hdr->id.data;
+
+ /* No KEX data from client */
+ if (peer_hdr->kex.len == 0) {
+ if (IS_KEX_ALGO_SET(kcfg)) {
+ log_warn_id(id, "KEX requested without info.");
+ return -ECRYPT;
+ }
+ return 0;
+ }
+
+ if (negotiate_kex(peer_hdr, kcfg) < 0)
+ return -ECRYPT;
+
+ if (OAP_KEX_ROLE(peer_hdr) != KEM_MODE_CLIENT_ENCAP) {
+ /* Server encapsulation or DHE: extract algo from DER PK */
+ if (get_algo_from_peer_key(peer_hdr, algo_buf) < 0)
+ return -ECRYPT;
+
+ SET_KEX_ALGO(kcfg, algo_buf);
+ }
+
+ /* Dispatch based on algorithm type */
+ if (IS_KEM_ALGORITHM(kcfg->x.str))
+ return do_server_kex_kem(info, peer_hdr, kcfg, kex, sk);
+ else
+ return do_server_kex_dhe(peer_hdr, kcfg, kex, sk);
+}
+
+int oap_srv_process(const struct name_info * info,
+ buffer_t req_buf,
+ buffer_t * rsp_buf,
+ buffer_t * data,
+ struct crypt_sk * sk)
+{
+ struct oap_hdr peer_hdr;
+ struct oap_hdr local_hdr;
+ struct sec_config kcfg;
+ uint8_t kex_buf[MSGBUFSZ];
+ uint8_t hash_buf[MAX_HASH_SIZE];
+ buffer_t req_hash = BUF_INIT;
+ ssize_t hash_ret;
+ char cli_name[NAME_SIZE + 1]; /* TODO */
+ uint8_t * id;
+ void * pkp = NULL;
+ void * crt = NULL;
+ int req_md_nid;
+
+ assert(info != NULL);
+ assert(rsp_buf != NULL);
+ assert(data != NULL);
+ assert(sk != NULL);
+
+ sk->nid = NID_undef;
+
+ memset(&peer_hdr, 0, sizeof(peer_hdr));
+ memset(&local_hdr, 0, sizeof(local_hdr));
+ clrbuf(*rsp_buf);
+
+ log_dbg("Processing OAP request for %s.", info->name);
+
+ /* Load server credentials */
+ if (load_srv_credentials(info, &pkp, &crt) < 0) {
+ log_err("Failed to load security keys for %s.", info->name);
+ goto fail_cred;
+ }
+
+ /* Load KEX config */
+ if (load_srv_kex_config(info, &kcfg) < 0) {
+ log_err("Failed to load KEX config for %s.", info->name);
+ goto fail_kex;
+ }
+
+ sk->nid = kcfg.c.nid;
+
+ /* Decode incoming header (NID_undef = request, no hash) */
+ if (oap_hdr_decode(&peer_hdr, req_buf, NID_undef) < 0) {
+ log_err("Failed to decode OAP header.");
+ goto fail_auth;
+ }
+
+ debug_oap_hdr_rcv(&peer_hdr);
+
+ id = peer_hdr.id.data; /* Logging */
+
+ /* Check for replay */
+ if (oap_check_hdr(&peer_hdr) < 0) {
+ log_err_id(id, "OAP header failed replay check.");
+ goto fail_auth;
+ }
+
+ /* Authenticate client before processing KEX data */
+ oap_hdr_init(&local_hdr, peer_hdr.id, kex_buf, *data, NID_undef);
+
+ if (oap_auth_peer(cli_name, &local_hdr, &peer_hdr) < 0) {
+ log_err_id(id, "Failed to authenticate client.");
+ goto fail_auth;
+ }
+
+ if (do_server_kex(info, &peer_hdr, &kcfg, &local_hdr.kex, sk) < 0)
+ goto fail_kex;
+
+ /* Build response header with hash of client request */
+ local_hdr.nid = sk->nid;
+
+ /* Use client's md_nid, defaulting to SHA-384 for PQC */
+ req_md_nid = peer_hdr.md_nid != NID_undef ? peer_hdr.md_nid : NID_sha384;
+
+ /* Compute request hash using client's md_nid */
+ hash_ret = md_digest(req_md_nid, req_buf, hash_buf);
+ if (hash_ret < 0) {
+ log_err_id(id, "Failed to hash request.");
+ goto fail_auth;
+ }
+ req_hash.data = hash_buf;
+ req_hash.len = (size_t) hash_ret;
+
+ if (oap_hdr_encode(&local_hdr, pkp, crt, &kcfg,
+ req_hash, req_md_nid) < 0) {
+ log_err_id(id, "Failed to create OAP response header.");
+ goto fail_auth;
+ }
+
+ debug_oap_hdr_snd(&local_hdr);
+
+ if (oap_hdr_copy_data(&peer_hdr, data) < 0) {
+ log_err_id(id, "Failed to copy client data.");
+ goto fail_data;
+ }
+
+ /* Transfer ownership of response buffer */
+ *rsp_buf = local_hdr.hdr;
+
+ log_info_id(id, "OAP request processed for %s.", info->name);
+
+ crypt_free_crt(crt);
+ crypt_free_key(pkp);
+
+ return 0;
+
+ fail_data:
+ oap_hdr_fini(&local_hdr);
+ fail_auth:
+ crypt_free_crt(crt);
+ crypt_free_key(pkp);
+ fail_cred:
+ return -EAUTH;
+
+ fail_kex:
+ crypt_free_crt(crt);
+ crypt_free_key(pkp);
+ return -ECRYPT;
+}
diff --git a/src/irmd/oap/tests/CMakeLists.txt b/src/irmd/oap/tests/CMakeLists.txt
new file mode 100644
index 00000000..2bf23821
--- /dev/null
+++ b/src/irmd/oap/tests/CMakeLists.txt
@@ -0,0 +1,64 @@
+get_filename_component(PARENT_PATH ${CMAKE_CURRENT_SOURCE_DIR} DIRECTORY)
+get_filename_component(PARENT_DIR ${PARENT_PATH} NAME)
+
+get_filename_component(OAP_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}" DIRECTORY)
+get_filename_component(OAP_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}" DIRECTORY)
+get_filename_component(IRMD_SOURCE_DIR "${OAP_SOURCE_DIR}" DIRECTORY)
+get_filename_component(IRMD_BINARY_DIR "${OAP_BINARY_DIR}" DIRECTORY)
+
+compute_test_prefix()
+
+create_test_sourcelist(${PARENT_DIR}_tests test_suite.c
+ # Add new tests here
+ oap_test.c
+)
+
+create_test_sourcelist(${PARENT_DIR}_pqc_tests test_suite_pqc.c
+ # PQC-specific tests
+ oap_test_pqc.c
+)
+
+# OAP test needs io.c compiled with OAP_TEST_MODE
+set(OAP_TEST_SOURCES
+ ${OAP_SOURCE_DIR}/io.c
+ ${OAP_SOURCE_DIR}/hdr.c
+ ${OAP_SOURCE_DIR}/auth.c
+ ${OAP_SOURCE_DIR}/srv.c
+ ${OAP_SOURCE_DIR}/cli.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/common.c
+)
+
+# Regular test executable (ECDSA)
+add_executable(${PARENT_DIR}_test ${${PARENT_DIR}_tests} ${OAP_TEST_SOURCES})
+set_source_files_properties(${OAP_TEST_SOURCES}
+ PROPERTIES COMPILE_DEFINITIONS "OAP_TEST_MODE"
+)
+
+disable_test_logging_for_target(${PARENT_DIR}_test)
+target_link_libraries(${PARENT_DIR}_test ouroboros-irm)
+target_include_directories(${PARENT_DIR}_test PRIVATE
+ ${IRMD_SOURCE_DIR}
+ ${IRMD_BINARY_DIR}
+)
+
+# PQC test executable (ML-DSA)
+add_executable(${PARENT_DIR}_pqc_test ${${PARENT_DIR}_pqc_tests} ${OAP_TEST_SOURCES})
+set_source_files_properties(${OAP_TEST_SOURCES}
+ TARGET_DIRECTORY ${PARENT_DIR}_pqc_test
+ PROPERTIES COMPILE_DEFINITIONS "OAP_TEST_MODE"
+)
+
+disable_test_logging_for_target(${PARENT_DIR}_pqc_test)
+target_link_libraries(${PARENT_DIR}_pqc_test ouroboros-irm)
+target_include_directories(${PARENT_DIR}_pqc_test PRIVATE
+ ${IRMD_SOURCE_DIR}
+ ${IRMD_BINARY_DIR}
+)
+
+add_dependencies(build_tests ${PARENT_DIR}_test ${PARENT_DIR}_pqc_test)
+
+# Regular tests
+ouroboros_register_tests(TARGET ${PARENT_DIR}_test TESTS ${${PARENT_DIR}_tests})
+
+# PQC tests
+ouroboros_register_tests(TARGET ${PARENT_DIR}_pqc_test TESTS ${${PARENT_DIR}_pqc_tests})
diff --git a/src/irmd/oap/tests/common.c b/src/irmd/oap/tests/common.c
new file mode 100644
index 00000000..0a1af100
--- /dev/null
+++ b/src/irmd/oap/tests/common.c
@@ -0,0 +1,457 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2026
+ *
+ * Common test helper functions for OAP tests
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#include "common.h"
+
+#include <ouroboros/crypt.h>
+
+#include "oap.h"
+
+#include <string.h>
+#include <stdio.h>
+
+int load_srv_kex_config(const struct name_info * info,
+ struct sec_config * cfg)
+{
+ (void) info;
+
+ memset(cfg, 0, sizeof(*cfg));
+
+ if (test_cfg.srv.kex == NID_undef)
+ return 0;
+
+ SET_KEX_ALGO_NID(cfg, test_cfg.srv.kex);
+ SET_KEX_CIPHER_NID(cfg, test_cfg.srv.cipher);
+ SET_KEX_KDF_NID(cfg, test_cfg.srv.kdf);
+ SET_KEX_DIGEST_NID(cfg, test_cfg.srv.md);
+ SET_KEX_KEM_MODE(cfg, test_cfg.srv.kem_mode);
+
+ return 0;
+}
+
+int load_cli_kex_config(const struct name_info * info,
+ struct sec_config * cfg)
+{
+ (void) info;
+
+ memset(cfg, 0, sizeof(*cfg));
+
+ if (test_cfg.cli.kex == NID_undef)
+ return 0;
+
+ SET_KEX_ALGO_NID(cfg, test_cfg.cli.kex);
+ SET_KEX_CIPHER_NID(cfg, test_cfg.cli.cipher);
+ SET_KEX_KDF_NID(cfg, test_cfg.cli.kdf);
+ SET_KEX_DIGEST_NID(cfg, test_cfg.cli.md);
+ SET_KEX_KEM_MODE(cfg, test_cfg.cli.kem_mode);
+
+ return 0;
+}
+
+int load_srv_credentials(const struct name_info * info,
+ void ** pkp,
+ void ** crt)
+{
+ (void) info;
+
+ *pkp = NULL;
+ *crt = NULL;
+
+ if (!test_cfg.srv.auth)
+ return 0;
+
+ return mock_load_credentials(pkp, crt);
+}
+
+int load_cli_credentials(const struct name_info * info,
+ void ** pkp,
+ void ** crt)
+{
+ (void) info;
+
+ *pkp = NULL;
+ *crt = NULL;
+
+ if (!test_cfg.cli.auth)
+ return 0;
+
+ return mock_load_credentials(pkp, crt);
+}
+
+int oap_test_setup(struct oap_test_ctx * ctx,
+ const char * root_ca_str,
+ const char * im_ca_str)
+{
+ memset(ctx, 0, sizeof(*ctx));
+
+ strcpy(ctx->srv.info.name, "test-1.unittest.o7s");
+ strcpy(ctx->cli.info.name, "test-1.unittest.o7s");
+
+ if (oap_auth_init() < 0) {
+ printf("Failed to init OAP.\n");
+ goto fail_init;
+ }
+
+ if (crypt_load_crt_str(root_ca_str, &ctx->root_ca) < 0) {
+ printf("Failed to load root CA cert.\n");
+ goto fail_root_ca;
+ }
+
+ if (crypt_load_crt_str(im_ca_str, &ctx->im_ca) < 0) {
+ printf("Failed to load intermediate CA cert.\n");
+ goto fail_im_ca;
+ }
+
+ if (oap_auth_add_ca_crt(ctx->root_ca) < 0) {
+ printf("Failed to add root CA cert to store.\n");
+ goto fail_add_ca;
+ }
+
+ if (oap_auth_add_ca_crt(ctx->im_ca) < 0) {
+ printf("Failed to add intermediate CA cert to store.\n");
+ goto fail_add_ca;
+ }
+
+ return 0;
+
+ fail_add_ca:
+ crypt_free_crt(ctx->im_ca);
+ fail_im_ca:
+ crypt_free_crt(ctx->root_ca);
+ fail_root_ca:
+ oap_auth_fini();
+ fail_init:
+ memset(ctx, 0, sizeof(*ctx));
+ return -1;
+}
+
+void oap_test_teardown(struct oap_test_ctx * ctx)
+{
+ struct crypt_sk res;
+ buffer_t dummy = BUF_INIT;
+
+ if (ctx->cli.state != NULL) {
+ res.key = ctx->cli.key;
+ oap_cli_complete(ctx->cli.state, &ctx->cli.info, dummy,
+ &ctx->data, &res);
+ ctx->cli.state = NULL;
+ }
+
+ freebuf(ctx->data);
+ freebuf(ctx->resp_hdr);
+ freebuf(ctx->req_hdr);
+
+ crypt_free_crt(ctx->im_ca);
+ crypt_free_crt(ctx->root_ca);
+
+ oap_auth_fini();
+ memset(ctx, 0, sizeof(*ctx));
+}
+
+int oap_cli_prepare_ctx(struct oap_test_ctx * ctx)
+{
+ return oap_cli_prepare(&ctx->cli.state, &ctx->cli.info, &ctx->req_hdr,
+ ctx->data);
+}
+
+int oap_srv_process_ctx(struct oap_test_ctx * ctx)
+{
+ struct crypt_sk res = { .nid = NID_undef, .key = ctx->srv.key };
+ int ret;
+
+ ret = oap_srv_process(&ctx->srv.info, ctx->req_hdr,
+ &ctx->resp_hdr, &ctx->data, &res);
+ if (ret == 0)
+ ctx->srv.nid = res.nid;
+
+ return ret;
+}
+
+int oap_cli_complete_ctx(struct oap_test_ctx * ctx)
+{
+ struct crypt_sk res = { .nid = NID_undef, .key = ctx->cli.key };
+ int ret;
+
+ ret = oap_cli_complete(ctx->cli.state, &ctx->cli.info, ctx->resp_hdr,
+ &ctx->data, &res);
+ ctx->cli.state = NULL;
+
+ if (ret == 0)
+ ctx->cli.nid = res.nid;
+
+ return ret;
+}
+
+int roundtrip_auth_only(const char * root_ca,
+ const char * im_ca_str)
+{
+ struct oap_test_ctx ctx;
+
+ TEST_START();
+
+ if (oap_test_setup(&ctx, root_ca, im_ca_str) < 0)
+ goto fail;
+
+ if (oap_cli_prepare_ctx(&ctx) < 0) {
+ printf("Client prepare failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (oap_srv_process_ctx(&ctx) < 0) {
+ printf("Server process failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (oap_cli_complete_ctx(&ctx) < 0) {
+ printf("Client complete failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (ctx.cli.nid != NID_undef || ctx.srv.nid != NID_undef) {
+ printf("Cipher should not be set for auth-only.\n");
+ goto fail_cleanup;
+ }
+
+ oap_test_teardown(&ctx);
+
+ TEST_SUCCESS();
+ return TEST_RC_SUCCESS;
+
+ fail_cleanup:
+ oap_test_teardown(&ctx);
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+int roundtrip_kex_only(void)
+{
+ struct name_info cli_info;
+ struct name_info srv_info;
+ struct crypt_sk res;
+ uint8_t cli_key[SYMMKEYSZ];
+ uint8_t srv_key[SYMMKEYSZ];
+ int cli_nid;
+ int srv_nid;
+ buffer_t req_hdr = BUF_INIT;
+ buffer_t resp_hdr = BUF_INIT;
+ buffer_t data = BUF_INIT;
+ void * cli_state = NULL;
+
+ TEST_START();
+
+ memset(&cli_info, 0, sizeof(cli_info));
+ memset(&srv_info, 0, sizeof(srv_info));
+
+ strcpy(cli_info.name, "test-1.unittest.o7s");
+ strcpy(srv_info.name, "test-1.unittest.o7s");
+
+ if (oap_auth_init() < 0) {
+ printf("Failed to init OAP.\n");
+ goto fail;
+ }
+
+ if (oap_cli_prepare(&cli_state, &cli_info, &req_hdr,
+ data) < 0) {
+ printf("Client prepare failed.\n");
+ goto fail_cleanup;
+ }
+
+ res.key = srv_key;
+
+ if (oap_srv_process(&srv_info, req_hdr, &resp_hdr, &data, &res) < 0) {
+ printf("Server process failed.\n");
+ goto fail_cleanup;
+ }
+
+ srv_nid = res.nid;
+
+ res.key = cli_key;
+
+ if (oap_cli_complete(cli_state, &cli_info, resp_hdr, &data, &res) < 0) {
+ printf("Client complete failed.\n");
+ cli_state = NULL;
+ goto fail_cleanup;
+ }
+
+ cli_nid = res.nid;
+ cli_state = NULL;
+
+ if (memcmp(cli_key, srv_key, SYMMKEYSZ) != 0) {
+ printf("Client and server keys do not match!\n");
+ goto fail_cleanup;
+ }
+
+ if (cli_nid == NID_undef || srv_nid == NID_undef) {
+ printf("Cipher should be set for kex-only.\n");
+ goto fail_cleanup;
+ }
+
+ freebuf(resp_hdr);
+ freebuf(req_hdr);
+ oap_auth_fini();
+
+ TEST_SUCCESS();
+ return TEST_RC_SUCCESS;
+
+ fail_cleanup:
+ if (cli_state != NULL) {
+ res.key = cli_key;
+ oap_cli_complete(cli_state, &cli_info, resp_hdr, &data, &res);
+ }
+ freebuf(resp_hdr);
+ freebuf(req_hdr);
+ oap_auth_fini();
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+int corrupted_request(const char * root_ca,
+ const char * im_ca_str)
+{
+ struct oap_test_ctx ctx;
+
+ TEST_START();
+
+ if (oap_test_setup(&ctx, root_ca, im_ca_str) < 0)
+ goto fail;
+
+ if (oap_cli_prepare_ctx(&ctx) < 0) {
+ printf("Client prepare failed.\n");
+ goto fail_cleanup;
+ }
+
+ /* Corrupt the request */
+ if (ctx.req_hdr.len > 100) {
+ ctx.req_hdr.data[50] ^= 0xFF;
+ ctx.req_hdr.data[51] ^= 0xAA;
+ ctx.req_hdr.data[52] ^= 0x55;
+ }
+
+ if (oap_srv_process_ctx(&ctx) == 0) {
+ printf("Server should reject corrupted request.\n");
+ goto fail_cleanup;
+ }
+
+ oap_test_teardown(&ctx);
+
+ TEST_SUCCESS();
+ return TEST_RC_SUCCESS;
+
+ fail_cleanup:
+ oap_test_teardown(&ctx);
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+int corrupted_response(const char * root_ca,
+ const char * im_ca_str)
+{
+ struct oap_test_ctx ctx;
+ struct crypt_sk res;
+
+ TEST_START();
+
+ if (oap_test_setup(&ctx, root_ca, im_ca_str) < 0)
+ goto fail;
+
+ if (oap_cli_prepare_ctx(&ctx) < 0) {
+ printf("Client prepare failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (oap_srv_process_ctx(&ctx) < 0) {
+ printf("Server process failed.\n");
+ goto fail_cleanup;
+ }
+
+ /* Corrupt the response */
+ if (ctx.resp_hdr.len > 100) {
+ ctx.resp_hdr.data[50] ^= 0xFF;
+ ctx.resp_hdr.data[51] ^= 0xAA;
+ ctx.resp_hdr.data[52] ^= 0x55;
+ }
+
+ res.key = ctx.cli.key;
+
+ if (oap_cli_complete(ctx.cli.state, &ctx.cli.info, ctx.resp_hdr,
+ &ctx.data, &res) == 0) {
+ printf("Client should reject corrupted response.\n");
+ ctx.cli.state = NULL;
+ goto fail_cleanup;
+ }
+
+ ctx.cli.state = NULL;
+
+ oap_test_teardown(&ctx);
+
+ TEST_SUCCESS();
+ return TEST_RC_SUCCESS;
+
+ fail_cleanup:
+ oap_test_teardown(&ctx);
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+int truncated_request(const char * root_ca,
+ const char * im_ca_str)
+{
+ struct oap_test_ctx ctx;
+ size_t orig_len;
+
+ TEST_START();
+
+ if (oap_test_setup(&ctx, root_ca, im_ca_str) < 0)
+ goto fail;
+
+ if (oap_cli_prepare_ctx(&ctx) < 0) {
+ printf("Client prepare failed.\n");
+ goto fail_cleanup;
+ }
+
+ /* Truncate the request buffer */
+ orig_len = ctx.req_hdr.len;
+ ctx.req_hdr.len = orig_len / 2;
+
+ if (oap_srv_process_ctx(&ctx) == 0) {
+ printf("Server should reject truncated request.\n");
+ ctx.req_hdr.len = orig_len;
+ goto fail_cleanup;
+ }
+
+ ctx.req_hdr.len = orig_len;
+
+ oap_test_teardown(&ctx);
+
+ TEST_SUCCESS();
+ return TEST_RC_SUCCESS;
+
+ fail_cleanup:
+ oap_test_teardown(&ctx);
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
diff --git a/src/irmd/oap/tests/common.h b/src/irmd/oap/tests/common.h
new file mode 100644
index 00000000..d4b6733a
--- /dev/null
+++ b/src/irmd/oap/tests/common.h
@@ -0,0 +1,100 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2026
+ *
+ * Common test helper functions for OAP tests
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#ifndef IRMD_TESTS_COMMON_H
+#define IRMD_TESTS_COMMON_H
+
+#include <ouroboros/utils.h>
+#include <ouroboros/flow.h>
+#include <ouroboros/name.h>
+#include <test/test.h>
+
+#include <stdbool.h>
+
+/* Per-side security configuration for tests */
+struct test_sec_cfg {
+ int kex; /* KEX algorithm NID */
+ int cipher; /* Cipher NID for encryption */
+ int kdf; /* KDF NID for key derivation */
+ int md; /* Digest NID for signatures */
+ int kem_mode; /* KEM encapsulation mode (0 for ECDH) */
+ bool auth; /* Use authentication (certificates) */
+};
+
+/* Test configuration - set by each test before running roundtrip */
+extern struct test_cfg {
+ struct test_sec_cfg srv;
+ struct test_sec_cfg cli;
+} test_cfg;
+
+/* Each test file defines this with its own certificates */
+extern int mock_load_credentials(void ** pkp,
+ void ** crt);
+
+/* Per-side test context */
+struct oap_test_side {
+ struct name_info info;
+ struct flow_info flow;
+ uint8_t key[SYMMKEYSZ];
+ int nid;
+ void * state;
+};
+
+/* Test context - holds all common state for OAP tests */
+struct oap_test_ctx {
+ struct oap_test_side srv;
+ struct oap_test_side cli;
+
+ buffer_t req_hdr;
+ buffer_t resp_hdr;
+ buffer_t data;
+ void * root_ca;
+ void * im_ca;
+};
+
+int oap_test_setup(struct oap_test_ctx * ctx,
+ const char * root_ca_str,
+ const char * im_ca_str);
+
+void oap_test_teardown(struct oap_test_ctx * ctx);
+
+int oap_cli_prepare_ctx(struct oap_test_ctx * ctx);
+
+int oap_srv_process_ctx(struct oap_test_ctx * ctx);
+
+int oap_cli_complete_ctx(struct oap_test_ctx * ctx);
+
+int roundtrip_auth_only(const char * root_ca,
+ const char * im_ca_str);
+
+int roundtrip_kex_only(void);
+
+int corrupted_request(const char * root_ca,
+ const char * im_ca_str);
+
+int corrupted_response(const char * root_ca,
+ const char * im_ca_str);
+
+int truncated_request(const char * root_ca,
+ const char * im_ca_str);
+
+#endif /* IRMD_TESTS_COMMON_H */
diff --git a/src/irmd/oap/tests/oap_test.c b/src/irmd/oap/tests/oap_test.c
new file mode 100644
index 00000000..70f0a248
--- /dev/null
+++ b/src/irmd/oap/tests/oap_test.c
@@ -0,0 +1,951 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * Unit tests of Ouroboros Allocation Protocol (OAP)
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#if defined(__linux__) || defined(__CYGWIN__)
+ #ifndef _DEFAULT_SOURCE
+ #define _DEFAULT_SOURCE
+ #endif
+#else
+#define _POSIX_C_SOURCE 200809L
+#endif
+
+#include "config.h"
+
+#include <ouroboros/crypt.h>
+#include <ouroboros/endian.h>
+#include <ouroboros/flow.h>
+#include <ouroboros/name.h>
+#include <ouroboros/random.h>
+#include <ouroboros/time.h>
+
+#include <test/test.h>
+#include <test/certs.h>
+
+#include "oap.h"
+#include "common.h"
+
+#include <stdbool.h>
+#include <string.h>
+
+#ifdef HAVE_OPENSSL
+#include <openssl/evp.h>
+#endif
+
+#define AUTH true
+#define NO_AUTH false
+
+extern const uint16_t kex_supported_nids[];
+extern const uint16_t md_supported_nids[];
+
+struct test_cfg test_cfg;
+
+/* Mock load - called by load_*_credentials in common.c */
+int mock_load_credentials(void ** pkp,
+ void ** crt)
+{
+ *crt = NULL;
+
+ if (crypt_load_privkey_str(server_pkp_ec, pkp) < 0)
+ goto fail_privkey;
+
+ if (crypt_load_crt_str(signed_server_crt_ec, crt) < 0)
+ goto fail_crt;
+
+ return 0;
+
+ fail_crt:
+ crypt_free_key(*pkp);
+ fail_privkey:
+ *pkp = NULL;
+ return -1;
+}
+
+/* Stub KEM functions - ECDSA tests don't use KEM */
+int load_server_kem_keypair(__attribute__((unused)) const char * name,
+ __attribute__((unused)) bool raw_fmt,
+ __attribute__((unused)) void ** pkp)
+{
+ return -1;
+}
+
+int load_server_kem_pk(__attribute__((unused)) const char * name,
+ __attribute__((unused)) struct sec_config * cfg,
+ __attribute__((unused)) buffer_t * pk)
+{
+ return -1;
+}
+
+static void test_default_cfg(void)
+{
+ memset(&test_cfg, 0, sizeof(test_cfg));
+
+ /* Server: X25519, AES-256-GCM, SHA-256, with auth */
+ test_cfg.srv.kex = NID_X25519;
+ test_cfg.srv.cipher = NID_aes_256_gcm;
+ test_cfg.srv.kdf = NID_sha256;
+ test_cfg.srv.md = NID_sha256;
+ test_cfg.srv.auth = AUTH;
+
+ /* Client: same KEX/cipher/kdf/md, no auth */
+ test_cfg.cli.kex = NID_X25519;
+ test_cfg.cli.cipher = NID_aes_256_gcm;
+ test_cfg.cli.kdf = NID_sha256;
+ test_cfg.cli.md = NID_sha256;
+ test_cfg.cli.auth = NO_AUTH;
+}
+
+static int test_oap_auth_init_fini(void)
+{
+ TEST_START();
+
+ if (oap_auth_init() < 0) {
+ printf("Failed to init OAP.\n");
+ goto fail;
+ }
+
+ oap_auth_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_oap_roundtrip(int kex)
+{
+ struct oap_test_ctx ctx;
+ const char * kex_str = kex_nid_to_str(kex);
+
+ TEST_START("(%s)", kex_str);
+
+ test_default_cfg();
+ test_cfg.srv.kex = kex;
+ test_cfg.cli.kex = kex;
+
+ if (oap_test_setup(&ctx, root_ca_crt_ec, im_ca_crt_ec) < 0)
+ goto fail;
+
+ if (oap_cli_prepare_ctx(&ctx) < 0) {
+ printf("Client prepare failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (oap_srv_process_ctx(&ctx) < 0) {
+ printf("Server process failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (oap_cli_complete_ctx(&ctx) < 0) {
+ printf("Client complete failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (memcmp(ctx.cli.key, ctx.srv.key, SYMMKEYSZ) != 0) {
+ printf("Client and server keys do not match!\n");
+ goto fail_cleanup;
+ }
+
+ if (ctx.cli.nid == NID_undef || ctx.srv.nid == NID_undef) {
+ printf("Cipher not set in flow.\n");
+ goto fail_cleanup;
+ }
+
+ oap_test_teardown(&ctx);
+
+ TEST_SUCCESS("(%s)", kex_str);
+ return TEST_RC_SUCCESS;
+
+ fail_cleanup:
+ oap_test_teardown(&ctx);
+ fail:
+ TEST_FAIL("(%s)", kex_str);
+ return TEST_RC_FAIL;
+}
+
+static int test_oap_roundtrip_auth_only(void)
+{
+ memset(&test_cfg, 0, sizeof(test_cfg));
+
+ /* Server: auth only, no encryption */
+ test_cfg.srv.md = NID_sha256;
+ test_cfg.srv.auth = AUTH;
+
+ /* Client: no auth, no encryption */
+ test_cfg.cli.md = NID_sha256;
+ test_cfg.cli.auth = NO_AUTH;
+
+ return roundtrip_auth_only(root_ca_crt_ec, im_ca_crt_ec);
+}
+
+static int test_oap_roundtrip_kex_only(void)
+{
+ memset(&test_cfg, 0, sizeof(test_cfg));
+
+ /* Server: KEX only, no auth */
+ test_cfg.srv.kex = NID_X25519;
+ test_cfg.srv.cipher = NID_aes_256_gcm;
+ test_cfg.srv.kdf = NID_sha256;
+ test_cfg.srv.md = NID_sha256;
+ test_cfg.srv.auth = NO_AUTH;
+
+ /* Client: KEX only, no auth */
+ test_cfg.cli.kex = NID_X25519;
+ test_cfg.cli.cipher = NID_aes_256_gcm;
+ test_cfg.cli.kdf = NID_sha256;
+ test_cfg.cli.md = NID_sha256;
+ test_cfg.cli.auth = NO_AUTH;
+
+ return roundtrip_kex_only();
+}
+
+static int test_oap_piggyback_data(void)
+{
+ struct oap_test_ctx ctx;
+ const char * cli_data_str = "client_data";
+ const char * srv_data_str = "server_data";
+ buffer_t srv_data = BUF_INIT;
+
+ TEST_START();
+
+ test_default_cfg();
+
+ if (oap_test_setup(&ctx, root_ca_crt_ec, im_ca_crt_ec) < 0)
+ goto fail;
+
+ /* Client prepares request with piggybacked data */
+ ctx.data.len = strlen(cli_data_str);
+ ctx.data.data = malloc(ctx.data.len);
+ if (ctx.data.data == NULL)
+ goto fail_cleanup;
+ memcpy(ctx.data.data, cli_data_str, ctx.data.len);
+
+ if (oap_cli_prepare_ctx(&ctx) < 0)
+ goto fail_cleanup;
+
+ /* Set server's response data (ctx.data will take cli data) */
+ srv_data.len = strlen(srv_data_str);
+ srv_data.data = (uint8_t *) srv_data_str;
+
+ freebuf(ctx.data);
+ ctx.data.data = srv_data.data;
+ ctx.data.len = srv_data.len;
+ srv_data.data = NULL;
+ srv_data.len = 0;
+
+ if (oap_srv_process_ctx(&ctx) < 0)
+ goto fail_cleanup;
+
+ /* Verify server received client's piggybacked data */
+ if (ctx.data.len != strlen(cli_data_str) ||
+ memcmp(ctx.data.data, cli_data_str, ctx.data.len) != 0) {
+ printf("Server did not receive correct client data.\n");
+ goto fail_cleanup;
+ }
+
+ freebuf(ctx.data);
+
+ if (oap_cli_complete_ctx(&ctx) < 0)
+ goto fail_cleanup;
+
+ /* Verify client received server's piggybacked data */
+ if (ctx.data.len != strlen(srv_data_str) ||
+ memcmp(ctx.data.data, srv_data_str, ctx.data.len) != 0) {
+ printf("Client did not receive correct server data.\n");
+ goto fail_cleanup;
+ }
+
+ /* Free the copied data */
+ free(ctx.data.data);
+ ctx.data.data = NULL;
+ ctx.data.len = 0;
+
+ if (memcmp(ctx.cli.key, ctx.srv.key, SYMMKEYSZ) != 0) {
+ printf("Client and server keys do not match!\n");
+ goto fail_cleanup;
+ }
+
+ oap_test_teardown(&ctx);
+
+ TEST_SUCCESS();
+ return TEST_RC_SUCCESS;
+
+ fail_cleanup:
+ freebuf(srv_data);
+ oap_test_teardown(&ctx);
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_oap_corrupted_request(void)
+{
+ test_default_cfg();
+ test_cfg.cli.auth = AUTH;
+
+ return corrupted_request(root_ca_crt_ec, im_ca_crt_ec);
+}
+
+static int test_oap_corrupted_response(void)
+{
+ test_default_cfg();
+
+ return corrupted_response(root_ca_crt_ec, im_ca_crt_ec);
+}
+
+static int test_oap_truncated_request(void)
+{
+ test_default_cfg();
+
+ return truncated_request(root_ca_crt_ec, im_ca_crt_ec);
+}
+
+/* After ID (16), timestamp (8), cipher_nid (2), kdf_nid (2), md (2) */
+#define OAP_CERT_LEN_OFFSET 30
+static int test_oap_inflated_length_field(void)
+{
+ struct oap_test_ctx ctx;
+ uint16_t fake;
+
+ test_default_cfg();
+
+ TEST_START();
+
+ if (oap_test_setup(&ctx, root_ca_crt_ec, im_ca_crt_ec) < 0)
+ goto fail;
+
+ if (oap_cli_prepare_ctx(&ctx) < 0) {
+ printf("Client prepare failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (ctx.req_hdr.len < OAP_CERT_LEN_OFFSET + 2) {
+ printf("Request too short for test.\n");
+ goto fail_cleanup;
+ }
+
+ /* Set cert length to claim more bytes than packet contains */
+ fake = hton16(60000);
+ memcpy(ctx.req_hdr.data + OAP_CERT_LEN_OFFSET, &fake, sizeof(fake));
+
+ if (oap_srv_process_ctx(&ctx) == 0) {
+ printf("Server should reject inflated length field.\n");
+ goto fail_cleanup;
+ }
+
+ oap_test_teardown(&ctx);
+
+ TEST_SUCCESS();
+ return TEST_RC_SUCCESS;
+
+ fail_cleanup:
+ oap_test_teardown(&ctx);
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+/* Attacker claims cert is smaller - causes misparse of subsequent fields */
+static int test_oap_deflated_length_field(void)
+{
+ struct oap_test_ctx ctx;
+ uint16_t fake;
+
+ test_default_cfg();
+
+ TEST_START();
+
+ if (oap_test_setup(&ctx, root_ca_crt_ec, im_ca_crt_ec) < 0)
+ goto fail;
+
+ if (oap_cli_prepare_ctx(&ctx) < 0) {
+ printf("Client prepare failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (ctx.req_hdr.len < OAP_CERT_LEN_OFFSET + 2) {
+ printf("Request too short for test.\n");
+ goto fail_cleanup;
+ }
+
+ /* Set cert length to claim fewer bytes - will misparse rest */
+ fake = hton16(1);
+ memcpy(ctx.req_hdr.data + OAP_CERT_LEN_OFFSET, &fake, sizeof(fake));
+
+ if (oap_srv_process_ctx(&ctx) == 0) {
+ printf("Server should reject deflated length field.\n");
+ goto fail_cleanup;
+ }
+
+ oap_test_teardown(&ctx);
+
+ TEST_SUCCESS();
+ return TEST_RC_SUCCESS;
+
+ fail_cleanup:
+ oap_test_teardown(&ctx);
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+/* Header field offsets for byte manipulation */
+#define OAP_CIPHER_NID_OFFSET 24
+#define OAP_KEX_LEN_OFFSET 32
+
+/* Server rejects request when cipher NID set but no KEX data provided */
+static int test_oap_nid_without_kex(void)
+{
+ struct oap_test_ctx ctx;
+ uint16_t cipher_nid;
+ uint16_t zero = 0;
+
+ TEST_START();
+
+ /* Configure unsigned KEX-only mode */
+ memset(&test_cfg, 0, sizeof(test_cfg));
+ test_cfg.srv.kex = NID_X25519;
+ test_cfg.srv.cipher = NID_aes_256_gcm;
+ test_cfg.srv.kdf = NID_sha256;
+ test_cfg.srv.md = NID_sha256;
+ test_cfg.srv.auth = NO_AUTH;
+ test_cfg.cli.kex = NID_X25519;
+ test_cfg.cli.cipher = NID_aes_256_gcm;
+ test_cfg.cli.kdf = NID_sha256;
+ test_cfg.cli.md = NID_sha256;
+ test_cfg.cli.auth = NO_AUTH;
+
+ if (oap_test_setup(&ctx, root_ca_crt_ec, im_ca_crt_ec) < 0)
+ goto fail;
+
+ if (oap_cli_prepare_ctx(&ctx) < 0) {
+ printf("Client prepare failed.\n");
+ goto fail_cleanup;
+ }
+
+ /* Tamper: keep cipher_nid but set kex_len=0, truncate KEX data */
+ cipher_nid = hton16(NID_aes_256_gcm);
+ memcpy(ctx.req_hdr.data + OAP_CIPHER_NID_OFFSET, &cipher_nid,
+ sizeof(cipher_nid));
+ memcpy(ctx.req_hdr.data + OAP_KEX_LEN_OFFSET, &zero, sizeof(zero));
+ ctx.req_hdr.len = 36; /* Fixed header only, no KEX data */
+
+ if (oap_srv_process_ctx(&ctx) == 0) {
+ printf("Server should reject cipher NID without KEX data.\n");
+ goto fail_cleanup;
+ }
+
+ oap_test_teardown(&ctx);
+
+ TEST_SUCCESS();
+ return TEST_RC_SUCCESS;
+
+ fail_cleanup:
+ oap_test_teardown(&ctx);
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+/* Server rejects OAP request with unsupported cipher NID */
+static int test_oap_unsupported_nid(void)
+{
+ struct oap_test_ctx ctx;
+ uint16_t bad_nid;
+
+ TEST_START();
+
+ /* Configure unsigned KEX-only mode */
+ memset(&test_cfg, 0, sizeof(test_cfg));
+ test_cfg.srv.kex = NID_X25519;
+ test_cfg.srv.cipher = NID_aes_256_gcm;
+ test_cfg.srv.kdf = NID_sha256;
+ test_cfg.srv.md = NID_sha256;
+ test_cfg.srv.auth = NO_AUTH;
+ test_cfg.cli.kex = NID_X25519;
+ test_cfg.cli.cipher = NID_aes_256_gcm;
+ test_cfg.cli.kdf = NID_sha256;
+ test_cfg.cli.md = NID_sha256;
+ test_cfg.cli.auth = NO_AUTH;
+
+ if (oap_test_setup(&ctx, root_ca_crt_ec, im_ca_crt_ec) < 0)
+ goto fail;
+
+ if (oap_cli_prepare_ctx(&ctx) < 0) {
+ printf("Client prepare failed.\n");
+ goto fail_cleanup;
+ }
+
+ /* Tamper: set cipher_nid to unsupported value */
+ bad_nid = hton16(9999);
+ memcpy(ctx.req_hdr.data + OAP_CIPHER_NID_OFFSET, &bad_nid,
+ sizeof(bad_nid));
+
+ if (oap_srv_process_ctx(&ctx) == 0) {
+ printf("Server should reject unsupported cipher NID.\n");
+ goto fail_cleanup;
+ }
+
+ oap_test_teardown(&ctx);
+
+ TEST_SUCCESS();
+ return TEST_RC_SUCCESS;
+
+ fail_cleanup:
+ oap_test_teardown(&ctx);
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_oap_roundtrip_all(void)
+{
+ int ret = 0;
+ int i;
+
+ for (i = 0; kex_supported_nids[i] != NID_undef; i++) {
+ const char * algo = kex_nid_to_str(kex_supported_nids[i]);
+
+ /* Skip KEM algorithms - they're tested in oap_test_pqc */
+ if (IS_KEM_ALGORITHM(algo))
+ continue;
+
+ ret |= test_oap_roundtrip(kex_supported_nids[i]);
+ }
+
+ return ret;
+}
+
+/* Cipher negotiation - client should accept server's chosen cipher */
+static int test_oap_cipher_mismatch(void)
+{
+ struct oap_test_ctx ctx;
+
+ TEST_START();
+
+ memset(&test_cfg, 0, sizeof(test_cfg));
+
+ /* Server: ChaCha20-Poly1305, SHA3-256, SHA-384 */
+ test_cfg.srv.kex = NID_X25519;
+ test_cfg.srv.cipher = NID_chacha20_poly1305;
+ test_cfg.srv.kdf = NID_sha3_256;
+ test_cfg.srv.md = NID_sha384;
+ test_cfg.srv.auth = AUTH;
+
+ /* Client: AES-256-GCM, SHA-256, SHA-256 */
+ test_cfg.cli.kex = NID_X25519;
+ test_cfg.cli.cipher = NID_aes_256_gcm;
+ test_cfg.cli.kdf = NID_sha256;
+ test_cfg.cli.md = NID_sha256;
+ test_cfg.cli.auth = NO_AUTH;
+
+ if (oap_test_setup(&ctx, root_ca_crt_ec, im_ca_crt_ec) < 0)
+ goto fail;
+
+ if (oap_cli_prepare_ctx(&ctx) < 0) {
+ printf("Client prepare failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (oap_srv_process_ctx(&ctx) < 0) {
+ printf("Server process failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (oap_cli_complete_ctx(&ctx) < 0) {
+ printf("Client complete failed.\n");
+ goto fail_cleanup;
+ }
+
+ /* Verify: both should have the server's chosen cipher and KDF */
+ if (ctx.srv.nid != test_cfg.srv.cipher) {
+ printf("Server cipher mismatch: expected %s, got %s\n",
+ crypt_nid_to_str(test_cfg.srv.cipher),
+ crypt_nid_to_str(ctx.srv.nid));
+ goto fail_cleanup;
+ }
+
+ if (ctx.cli.nid != test_cfg.srv.cipher) {
+ printf("Client cipher mismatch: expected %s, got %s\n",
+ crypt_nid_to_str(test_cfg.srv.cipher),
+ crypt_nid_to_str(ctx.cli.nid));
+ goto fail_cleanup;
+ }
+
+ /* Parse response header to check negotiated KDF */
+ if (ctx.resp_hdr.len > 26) {
+ uint16_t resp_kdf_nid;
+ /* KDF NID at offset 26: ID(16) + ts(8) + cipher(2) */
+ resp_kdf_nid = ntoh16(*(uint16_t *)(ctx.resp_hdr.data + 26));
+
+ if (resp_kdf_nid != test_cfg.srv.kdf) {
+ printf("Response KDF mismatch: expected %s, got %s\n",
+ md_nid_to_str(test_cfg.srv.kdf),
+ md_nid_to_str(resp_kdf_nid));
+ goto fail_cleanup;
+ }
+ }
+
+ oap_test_teardown(&ctx);
+
+ TEST_SUCCESS();
+ return TEST_RC_SUCCESS;
+
+ fail_cleanup:
+ oap_test_teardown(&ctx);
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+/* Test roundtrip with different signature digest algorithms */
+static int test_oap_roundtrip_md(int md)
+{
+ struct oap_test_ctx ctx;
+ const char * md_str = md_nid_to_str(md);
+
+ TEST_START("(%s)", md_str ? md_str : "default");
+
+ memset(&test_cfg, 0, sizeof(test_cfg));
+
+ /* Server: auth + KEX with specified md */
+ test_cfg.srv.kex = NID_X25519;
+ test_cfg.srv.cipher = NID_aes_256_gcm;
+ test_cfg.srv.kdf = NID_sha256;
+ test_cfg.srv.md = md;
+ test_cfg.srv.auth = AUTH;
+
+ /* Client: no auth */
+ test_cfg.cli.kex = NID_X25519;
+ test_cfg.cli.cipher = NID_aes_256_gcm;
+ test_cfg.cli.kdf = NID_sha256;
+ test_cfg.cli.md = md;
+ test_cfg.cli.auth = NO_AUTH;
+
+ if (oap_test_setup(&ctx, root_ca_crt_ec, im_ca_crt_ec) < 0)
+ goto fail;
+
+ if (oap_cli_prepare_ctx(&ctx) < 0) {
+ printf("Client prepare failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (oap_srv_process_ctx(&ctx) < 0) {
+ printf("Server process failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (oap_cli_complete_ctx(&ctx) < 0) {
+ printf("Client complete failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (memcmp(ctx.cli.key, ctx.srv.key, SYMMKEYSZ) != 0) {
+ printf("Client and server keys do not match!\n");
+ goto fail_cleanup;
+ }
+
+ oap_test_teardown(&ctx);
+
+ TEST_SUCCESS("(%s)", md_str ? md_str : "default");
+ return TEST_RC_SUCCESS;
+
+ fail_cleanup:
+ oap_test_teardown(&ctx);
+ fail:
+ TEST_FAIL("(%s)", md_str ? md_str : "default");
+ return TEST_RC_FAIL;
+}
+
+static int test_oap_roundtrip_md_all(void)
+{
+ int ret = 0;
+ int i;
+
+ /* Test with default (0) */
+ ret |= test_oap_roundtrip_md(0);
+
+ /* Test with all supported digest NIDs */
+ for (i = 0; md_supported_nids[i] != NID_undef; i++)
+ ret |= test_oap_roundtrip_md(md_supported_nids[i]);
+
+ return ret;
+}
+
+/* Timestamp is at offset 16 (after the 16-byte ID) */
+#define OAP_TIMESTAMP_OFFSET 16
+/* Test that packets with outdated timestamps are rejected */
+static int test_oap_outdated_packet(void)
+{
+ struct oap_test_ctx ctx;
+ struct timespec old_ts;
+ uint64_t old_stamp;
+
+ test_default_cfg();
+
+ TEST_START();
+
+ if (oap_test_setup(&ctx, root_ca_crt_ec, im_ca_crt_ec) < 0)
+ goto fail;
+
+ if (oap_cli_prepare_ctx(&ctx) < 0) {
+ printf("Client prepare failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (ctx.req_hdr.len < OAP_TIMESTAMP_OFFSET + sizeof(uint64_t)) {
+ printf("Request too short for test.\n");
+ goto fail_cleanup;
+ }
+
+ /* Set timestamp to 30 seconds in the past (> 20s replay timer) */
+ clock_gettime(CLOCK_REALTIME, &old_ts);
+ old_ts.tv_sec -= OAP_REPLAY_TIMER + 10;
+ old_stamp = hton64(TS_TO_UINT64(old_ts));
+ memcpy(ctx.req_hdr.data + OAP_TIMESTAMP_OFFSET, &old_stamp,
+ sizeof(old_stamp));
+
+ if (oap_srv_process_ctx(&ctx) == 0) {
+ printf("Server should reject outdated packet.\n");
+ goto fail_cleanup;
+ }
+
+ oap_test_teardown(&ctx);
+
+ TEST_SUCCESS();
+ return TEST_RC_SUCCESS;
+
+ fail_cleanup:
+ oap_test_teardown(&ctx);
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+/* Test that packets from the future are rejected */
+static int test_oap_future_packet(void)
+{
+ struct oap_test_ctx ctx;
+ struct timespec future_ts;
+ uint64_t future_stamp;
+
+ test_default_cfg();
+
+ TEST_START();
+
+ if (oap_test_setup(&ctx, root_ca_crt_ec, im_ca_crt_ec) < 0)
+ goto fail;
+
+ if (oap_cli_prepare_ctx(&ctx) < 0) {
+ printf("Client prepare failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (ctx.req_hdr.len < OAP_TIMESTAMP_OFFSET + sizeof(uint64_t)) {
+ printf("Request too short for test.\n");
+ goto fail_cleanup;
+ }
+
+ /* Set timestamp to 1 second in the future (> 100ms slack) */
+ clock_gettime(CLOCK_REALTIME, &future_ts);
+ future_ts.tv_sec += 1;
+ future_stamp = hton64(TS_TO_UINT64(future_ts));
+ memcpy(ctx.req_hdr.data + OAP_TIMESTAMP_OFFSET, &future_stamp,
+ sizeof(future_stamp));
+
+ if (oap_srv_process_ctx(&ctx) == 0) {
+ printf("Server should reject future packet.\n");
+ goto fail_cleanup;
+ }
+
+ oap_test_teardown(&ctx);
+
+ TEST_SUCCESS();
+ return TEST_RC_SUCCESS;
+
+ fail_cleanup:
+ oap_test_teardown(&ctx);
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+/* Test that replayed packets (same ID + timestamp) are rejected */
+static int test_oap_replay_packet(void)
+{
+ struct oap_test_ctx ctx;
+ buffer_t saved_req;
+
+ test_default_cfg();
+
+ TEST_START();
+
+ if (oap_test_setup(&ctx, root_ca_crt_ec, im_ca_crt_ec) < 0)
+ goto fail;
+
+ if (oap_cli_prepare_ctx(&ctx) < 0) {
+ printf("Client prepare failed.\n");
+ goto fail_cleanup;
+ }
+
+ /* Save the request for replay */
+ saved_req.len = ctx.req_hdr.len;
+ saved_req.data = malloc(saved_req.len);
+ if (saved_req.data == NULL) {
+ printf("Failed to allocate saved request.\n");
+ goto fail_cleanup;
+ }
+ memcpy(saved_req.data, ctx.req_hdr.data, saved_req.len);
+
+ /* First request should succeed */
+ if (oap_srv_process_ctx(&ctx) < 0) {
+ printf("First request should succeed.\n");
+ free(saved_req.data);
+ goto fail_cleanup;
+ }
+
+ /* Free response from first request before replay */
+ freebuf(ctx.resp_hdr);
+
+ /* Restore the saved request for replay */
+ freebuf(ctx.req_hdr);
+ ctx.req_hdr = saved_req;
+
+ /* Replayed request should fail */
+ if (oap_srv_process_ctx(&ctx) == 0) {
+ printf("Server should reject replayed packet.\n");
+ goto fail_cleanup;
+ }
+
+ oap_test_teardown(&ctx);
+
+ TEST_SUCCESS();
+ return TEST_RC_SUCCESS;
+
+ fail_cleanup:
+ oap_test_teardown(&ctx);
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+/* Test that client rejects server with wrong certificate name */
+static int test_oap_server_name_mismatch(void)
+{
+ struct oap_test_ctx ctx;
+
+ test_default_cfg();
+
+ TEST_START();
+
+ if (oap_test_setup(&ctx, root_ca_crt_ec, im_ca_crt_ec) < 0)
+ goto fail;
+
+ /* Set client's expected name to something different from cert name */
+ strcpy(ctx.cli.info.name, "wrong.server.name");
+
+ if (oap_cli_prepare_ctx(&ctx) < 0) {
+ printf("Client prepare failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (oap_srv_process_ctx(&ctx) < 0) {
+ printf("Server process failed.\n");
+ goto fail_cleanup;
+ }
+
+ /* Client should reject due to name mismatch */
+ if (oap_cli_complete_ctx(&ctx) == 0) {
+ printf("Client should reject server with wrong cert name.\n");
+ goto fail_cleanup;
+ }
+
+ oap_test_teardown(&ctx);
+
+ TEST_SUCCESS();
+ return TEST_RC_SUCCESS;
+
+ fail_cleanup:
+ oap_test_teardown(&ctx);
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+int oap_test(int argc,
+ char **argv)
+{
+ int ret = 0;
+
+ (void) argc;
+ (void) argv;
+
+ ret |= test_oap_auth_init_fini();
+
+#ifdef HAVE_OPENSSL
+ ret |= test_oap_roundtrip_auth_only();
+ ret |= test_oap_roundtrip_kex_only();
+ ret |= test_oap_piggyback_data();
+
+ ret |= test_oap_roundtrip_all();
+ ret |= test_oap_roundtrip_md_all();
+
+ ret |= test_oap_corrupted_request();
+ ret |= test_oap_corrupted_response();
+ ret |= test_oap_truncated_request();
+ ret |= test_oap_inflated_length_field();
+ ret |= test_oap_deflated_length_field();
+ ret |= test_oap_nid_without_kex();
+ ret |= test_oap_unsupported_nid();
+
+ ret |= test_oap_cipher_mismatch();
+
+ ret |= test_oap_outdated_packet();
+ ret |= test_oap_future_packet();
+ ret |= test_oap_replay_packet();
+ ret |= test_oap_server_name_mismatch();
+#else
+ (void) test_oap_roundtrip_auth_only;
+ (void) test_oap_roundtrip_kex_only;
+ (void) test_oap_piggyback_data;
+ (void) test_oap_roundtrip;
+ (void) test_oap_roundtrip_all;
+ (void) test_oap_roundtrip_md;
+ (void) test_oap_roundtrip_md_all;
+ (void) test_oap_corrupted_request;
+ (void) test_oap_corrupted_response;
+ (void) test_oap_truncated_request;
+ (void) test_oap_inflated_length_field;
+ (void) test_oap_deflated_length_field;
+ (void) test_oap_nid_without_kex;
+ (void) test_oap_unsupported_nid;
+ (void) test_oap_cipher_mismatch;
+ (void) test_oap_outdated_packet;
+ (void) test_oap_future_packet;
+ (void) test_oap_replay_packet;
+ (void) test_oap_server_name_mismatch;
+
+ ret = TEST_RC_SKIP;
+#endif
+ return ret;
+}
diff --git a/src/irmd/oap/tests/oap_test_pqc.c b/src/irmd/oap/tests/oap_test_pqc.c
new file mode 100644
index 00000000..ed51a6b4
--- /dev/null
+++ b/src/irmd/oap/tests/oap_test_pqc.c
@@ -0,0 +1,363 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2026
+ *
+ * Unit tests of OAP post-quantum key exchange
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#if defined(__linux__) || defined(__CYGWIN__)
+#define _DEFAULT_SOURCE
+#else
+#define _POSIX_C_SOURCE 200809L
+#endif
+
+#include "config.h"
+
+#include <ouroboros/crypt.h>
+#include <ouroboros/flow.h>
+#include <ouroboros/name.h>
+#include <ouroboros/random.h>
+#include <test/test.h>
+
+#include <test/certs_pqc.h>
+
+#include "oap.h"
+#include "common.h"
+
+#include <stdbool.h>
+#include <string.h>
+
+#ifdef HAVE_OPENSSL
+#include <openssl/evp.h>
+#endif
+
+#define CLI_AUTH 1
+#define NO_CLI_AUTH 0
+#define CLI_ENCAP KEM_MODE_CLIENT_ENCAP
+#define SRV_ENCAP KEM_MODE_SERVER_ENCAP
+
+extern const uint16_t kex_supported_nids[];
+extern const uint16_t md_supported_nids[];
+
+static int get_random_kdf(void)
+{
+ static int idx = 0;
+ int count;
+
+ if (md_supported_nids[0] == NID_undef)
+ return NID_undef;
+
+ for (count = 0; md_supported_nids[count] != NID_undef; count++)
+ ;
+
+ return md_supported_nids[(idx++) % count];
+}
+
+struct test_cfg test_cfg;
+
+/* KEM keypair storage for tests (server-side keypair for KEM modes) */
+static void * test_kem_pkp = NULL; /* Private key pair */
+static uint8_t test_kem_pk[4096]; /* Public key buffer */
+static size_t test_kem_pk_len = 0;
+
+/* Mock load - called by load_*_credentials in common.c */
+int mock_load_credentials(void ** pkp,
+ void ** crt)
+{
+ *pkp = NULL;
+ *crt = NULL;
+
+ if (crypt_load_privkey_str(server_pkp_ml, pkp) < 0)
+ return -1;
+
+ if (crypt_load_crt_str(signed_server_crt_ml, crt) < 0) {
+ crypt_free_key(*pkp);
+ *pkp = NULL;
+ return -1;
+ }
+
+ return 0;
+}
+
+int load_server_kem_keypair(const char * name,
+ bool raw_fmt,
+ void ** pkp)
+{
+#ifdef HAVE_OPENSSL
+ struct sec_config local_cfg;
+ ssize_t pk_len;
+
+ (void) name;
+ (void) raw_fmt;
+
+ /*
+ * Uses reference counting. The caller will call
+ * EVP_PKEY_free which decrements the count.
+ */
+ if (test_kem_pkp != NULL) {
+ if (EVP_PKEY_up_ref((EVP_PKEY *)test_kem_pkp) != 1)
+ return -1;
+
+ *pkp = test_kem_pkp;
+ return 0;
+ }
+
+ /*
+ * Generate a new KEM keypair from test_cfg.srv.kex.
+ */
+ memset(&local_cfg, 0, sizeof(local_cfg));
+ if (test_cfg.srv.kex == NID_undef)
+ goto fail;
+
+ SET_KEX_ALGO_NID(&local_cfg, test_cfg.srv.kex);
+
+ pk_len = kex_pkp_create(&local_cfg, &test_kem_pkp, test_kem_pk);
+ if (pk_len < 0)
+ goto fail;
+
+ test_kem_pk_len = (size_t) pk_len;
+
+ if (EVP_PKEY_up_ref((EVP_PKEY *)test_kem_pkp) != 1)
+ goto fail_ref;
+
+ *pkp = test_kem_pkp;
+
+ return 0;
+ fail_ref:
+ kex_pkp_destroy(test_kem_pkp);
+ test_kem_pkp = NULL;
+ test_kem_pk_len = 0;
+ fail:
+ return -1;
+
+#else
+ (void) name;
+ (void) raw_fmt;
+ (void) pkp;
+ return -1;
+#endif
+}
+
+int load_server_kem_pk(const char * name,
+ struct sec_config * cfg,
+ buffer_t * pk)
+{
+ ssize_t len;
+
+ (void) name;
+
+ if (test_kem_pk_len > 0) {
+ pk->data = malloc(test_kem_pk_len);
+ if (pk->data == NULL)
+ return -1;
+ memcpy(pk->data, test_kem_pk, test_kem_pk_len);
+ pk->len = test_kem_pk_len;
+ return 0;
+ }
+
+ /* Generate keypair on demand if not already done */
+ len = kex_pkp_create(cfg, &test_kem_pkp, test_kem_pk);
+ if (len < 0)
+ return -1;
+
+ test_kem_pk_len = (size_t) len;
+ pk->data = malloc(test_kem_pk_len);
+ if (pk->data == NULL)
+ return -1;
+ memcpy(pk->data, test_kem_pk, test_kem_pk_len);
+ pk->len = test_kem_pk_len;
+
+ return 0;
+}
+
+static void reset_kem_state(void)
+{
+ if (test_kem_pkp != NULL) {
+ kex_pkp_destroy(test_kem_pkp);
+ test_kem_pkp = NULL;
+ }
+ test_kem_pk_len = 0;
+}
+
+static void test_cfg_init(int kex,
+ int cipher,
+ int kdf,
+ int kem_mode,
+ bool cli_auth)
+{
+ memset(&test_cfg, 0, sizeof(test_cfg));
+
+ /* Server config */
+ test_cfg.srv.kex = kex;
+ test_cfg.srv.cipher = cipher;
+ test_cfg.srv.kdf = kdf;
+ test_cfg.srv.kem_mode = kem_mode;
+ test_cfg.srv.auth = true;
+
+ /* Client config */
+ test_cfg.cli.kex = kex;
+ test_cfg.cli.cipher = cipher;
+ test_cfg.cli.kdf = kdf;
+ test_cfg.cli.kem_mode = kem_mode;
+ test_cfg.cli.auth = cli_auth;
+}
+
+static int oap_test_setup_kem(struct oap_test_ctx * ctx,
+ const char * root_ca,
+ const char * im_ca)
+{
+ reset_kem_state();
+ return oap_test_setup(ctx, root_ca, im_ca);
+}
+
+static void oap_test_teardown_kem(struct oap_test_ctx * ctx)
+{
+ oap_test_teardown(ctx);
+}
+
+static int test_oap_roundtrip_auth_only(void)
+{
+ test_cfg_init(NID_undef, NID_undef, NID_undef, 0, false);
+
+ return roundtrip_auth_only(root_ca_crt_ml, im_ca_crt_ml);
+}
+
+static int test_oap_corrupted_request(void)
+{
+ test_cfg_init(NID_MLKEM768, NID_aes_256_gcm, get_random_kdf(),
+ SRV_ENCAP, CLI_AUTH);
+
+ return corrupted_request(root_ca_crt_ml, im_ca_crt_ml);
+}
+
+static int test_oap_corrupted_response(void)
+{
+ test_cfg_init(NID_MLKEM768, NID_aes_256_gcm, get_random_kdf(),
+ SRV_ENCAP, NO_CLI_AUTH);
+
+ return corrupted_response(root_ca_crt_ml, im_ca_crt_ml);
+}
+
+static int test_oap_truncated_request(void)
+{
+ test_cfg_init(NID_MLKEM768, NID_aes_256_gcm, get_random_kdf(),
+ SRV_ENCAP, NO_CLI_AUTH);
+
+ return truncated_request(root_ca_crt_ml, im_ca_crt_ml);
+}
+
+static int test_oap_roundtrip_kem(int kex,
+ int kem_mode)
+{
+ struct oap_test_ctx ctx;
+ const char * kex_str = kex_nid_to_str(kex);
+ const char * mode_str = kem_mode == CLI_ENCAP ? "cli" : "srv";
+
+ test_cfg_init(kex, NID_aes_256_gcm, get_random_kdf(),
+ kem_mode, NO_CLI_AUTH);
+
+ TEST_START("(%s, %s encaps)", kex_str, mode_str);
+
+ if (oap_test_setup_kem(&ctx, root_ca_crt_ml, im_ca_crt_ml) < 0)
+ goto fail;
+
+ if (oap_cli_prepare_ctx(&ctx) < 0) {
+ printf("Client prepare failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (oap_srv_process_ctx(&ctx) < 0) {
+ printf("Server process failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (oap_cli_complete_ctx(&ctx) < 0) {
+ printf("Client complete failed.\n");
+ goto fail_cleanup;
+ }
+
+ if (memcmp(ctx.cli.key, ctx.srv.key, SYMMKEYSZ) != 0) {
+ printf("Client and server keys do not match!\n");
+ goto fail_cleanup;
+ }
+
+ if (ctx.cli.nid == NID_undef ||
+ ctx.srv.nid == NID_undef) {
+ printf("Cipher not set in flow.\n");
+ goto fail_cleanup;
+ }
+
+ oap_test_teardown_kem(&ctx);
+
+ TEST_SUCCESS("(%s, %s encaps)", kex_str, mode_str);
+ return TEST_RC_SUCCESS;
+
+ fail_cleanup:
+ oap_test_teardown_kem(&ctx);
+ fail:
+ TEST_FAIL("(%s, %s encaps)", kex_str, mode_str);
+ return TEST_RC_FAIL;
+}
+
+static int test_oap_roundtrip_kem_all(void)
+{
+ int ret = 0;
+ int i;
+
+ for (i = 0; kex_supported_nids[i] != NID_undef; i++) {
+ const char * algo = kex_nid_to_str(kex_supported_nids[i]);
+
+ if (!IS_KEM_ALGORITHM(algo))
+ continue;
+
+ ret |= test_oap_roundtrip_kem(kex_supported_nids[i], SRV_ENCAP);
+ ret |= test_oap_roundtrip_kem(kex_supported_nids[i], CLI_ENCAP);
+ }
+
+ return ret;
+}
+
+int oap_test_pqc(int argc,
+ char **argv)
+{
+ int ret = 0;
+
+ (void) argc;
+ (void) argv;
+
+#ifdef HAVE_OPENSSL_PQC
+ ret |= test_oap_roundtrip_auth_only();
+
+ ret |= test_oap_roundtrip_kem_all();
+
+ ret |= test_oap_corrupted_request();
+ ret |= test_oap_corrupted_response();
+ ret |= test_oap_truncated_request();
+#else
+ (void) test_oap_roundtrip_auth_only;
+ (void) test_oap_roundtrip_kem;
+ (void) test_oap_roundtrip_kem_all;
+ (void) test_oap_corrupted_request;
+ (void) test_oap_corrupted_response;
+ (void) test_oap_truncated_request;
+
+ ret = TEST_RC_SKIP;
+#endif
+
+ return ret;
+}
diff --git a/src/irmd/proc_table.c b/src/irmd/proc_table.c
deleted file mode 100644
index a80e8d27..00000000
--- a/src/irmd/proc_table.c
+++ /dev/null
@@ -1,303 +0,0 @@
-/*
- * Ouroboros - Copyright (C) 2016 - 2021
- *
- * The IPC Resource Manager - Process Table
- *
- * Dimitri Staessens <dimitri@ouroboros.rocks>
- * Sander Vrijders <sander@ouroboros.rocks>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., http://www.fsf.org/about/contact/.
- */
-
-#if defined(__linux__) || defined(__CYGWIN__)
-#define _DEFAULT_SOURCE
-#else
-#define _POSIX_C_SOURCE 200112L
-#endif
-
-#include "config.h"
-
-#include <ouroboros/list.h>
-#include <ouroboros/errno.h>
-#include <ouroboros/time_utils.h>
-
-#include "proc_table.h"
-#include "registry.h"
-
-#include <stdlib.h>
-#include <unistd.h>
-#include <limits.h>
-#include <assert.h>
-
-struct proc_entry * proc_entry_create(pid_t pid,
- char * prog)
-{
- struct proc_entry * e;
- pthread_condattr_t cattr;
-
- assert(prog);
-
- e = malloc(sizeof(*e));
- if (e == NULL)
- goto fail_malloc;
-
- if (pthread_condattr_init(&cattr))
- goto fail_condattr;
-
-#ifndef __APPLE__
- pthread_condattr_setclock(&cattr, PTHREAD_COND_CLOCK);
-#endif
-
- if (pthread_mutex_init(&e->lock, NULL))
- goto fail_mutex;
-
- if (pthread_cond_init(&e->cond, &cattr))
- goto fail_cond;
-
- e->set = shm_flow_set_create(pid);
- if (e->set == NULL)
- goto fail_set;
-
- list_head_init(&e->next);
- list_head_init(&e->names);
-
- e->pid = pid;
- e->prog = prog;
- e->re = NULL;
- e->state = PROC_INIT;
-
- return e;
- fail_set:
- pthread_cond_destroy(&e->cond);;
- fail_cond:
- pthread_mutex_destroy(&e->lock);
- fail_mutex:
- pthread_condattr_destroy(&cattr);
- fail_condattr:
- free(e);
- fail_malloc:
- return NULL;
-}
-
-static void cancel_proc_entry(void * o)
-{
- struct proc_entry * e = (struct proc_entry *) o;
-
- e->state = PROC_NULL;
-
- pthread_mutex_unlock(&e->lock);
-}
-
-void proc_entry_destroy(struct proc_entry * e)
-{
- struct list_head * p;
- struct list_head * h;
-
- assert(e);
-
- pthread_mutex_lock(&e->lock);
-
- if (e->state == PROC_DESTROY) {
- pthread_mutex_unlock(&e->lock);
- return;
- }
-
- if (e->state == PROC_SLEEP)
- e->state = PROC_DESTROY;
-
- pthread_cond_signal(&e->cond);
-
- pthread_cleanup_push(cancel_proc_entry, e);
-
- while (e->state != PROC_INIT)
- pthread_cond_wait(&e->cond, &e->lock);
-
- pthread_cleanup_pop(false);
-
- pthread_mutex_unlock(&e->lock);
-
- shm_flow_set_destroy(e->set);
-
- pthread_cond_destroy(&e->cond);
- pthread_mutex_destroy(&e->lock);
-
- if (e->prog != NULL)
- free(e->prog);
-
- list_for_each_safe(p, h, &e->names) {
- struct str_el * n = list_entry(p, struct str_el, next);
- list_del(&n->next);
- if (n->str != NULL)
- free(n->str);
- free(n);
- }
-
- free(e);
-}
-
-int proc_entry_add_name(struct proc_entry * e,
- char * name)
-{
- struct str_el * s;
-
- assert(e);
- assert(name);
-
- s = malloc(sizeof(*s));
- if (s == NULL)
- return -ENOMEM;
-
- s->str = name;
- list_add(&s->next, &e->names);
-
- return 0;
-}
-
-void proc_entry_del_name(struct proc_entry * e,
- const char * name)
-{
- struct list_head * p = NULL;
- struct list_head * h = NULL;
-
- assert(e);
- assert(name);
-
- list_for_each_safe(p, h, &e->names) {
- struct str_el * s = list_entry(p, struct str_el, next);
- if (!strcmp(name, s->str)) {
- list_del(&s->next);
- free(s->str);
- free(s);
- }
- }
-}
-
-int proc_entry_sleep(struct proc_entry * e,
- struct timespec * timeo)
-{
- struct timespec dl;
-
- int ret = 0;
-
- assert(e);
-
- if (timeo != NULL) {
- clock_gettime(PTHREAD_COND_CLOCK, &dl);
- ts_add(&dl, timeo, &dl);
- }
-
- pthread_mutex_lock(&e->lock);
-
- if (e->state != PROC_WAKE && e->state != PROC_DESTROY)
- e->state = PROC_SLEEP;
-
- pthread_cleanup_push(cancel_proc_entry, e);
-
- while (e->state == PROC_SLEEP && ret != -ETIMEDOUT)
- if (timeo)
- ret = -pthread_cond_timedwait(&e->cond, &e->lock, &dl);
- else
- ret = -pthread_cond_wait(&e->cond, &e->lock);
-
- pthread_cleanup_pop(false);
-
- if (e->state == PROC_DESTROY) {
- if (e->re != NULL)
- reg_entry_del_pid(e->re, e->pid);
- ret = -1;
- }
-
- e->state = PROC_INIT;
-
- pthread_cond_broadcast(&e->cond);
- pthread_mutex_unlock(&e->lock);
-
- return ret;
-}
-
-void proc_entry_wake(struct proc_entry * e,
- struct reg_entry * re)
-{
- assert(e);
- assert(re);
-
- pthread_mutex_lock(&e->lock);
-
- if (e->state != PROC_SLEEP) {
- pthread_mutex_unlock(&e->lock);
- return;
- }
-
- e->state = PROC_WAKE;
- e->re = re;
-
- pthread_cond_broadcast(&e->cond);
-
- pthread_cleanup_push(cancel_proc_entry, e);
-
- while (e->state == PROC_WAKE)
- pthread_cond_wait(&e->cond, &e->lock);
-
- pthread_cleanup_pop(false);
-
- if (e->state == PROC_DESTROY)
- e->state = PROC_INIT;
-
- pthread_mutex_unlock(&e->lock);
-}
-
-int proc_table_add(struct list_head * proc_table,
- struct proc_entry * e)
-{
-
- assert(proc_table);
- assert(e);
-
- list_add(&e->next, proc_table);
-
- return 0;
-}
-
-void proc_table_del(struct list_head * proc_table,
- pid_t pid)
-{
- struct list_head * p;
- struct list_head * h;
-
- assert(proc_table);
-
- list_for_each_safe(p, h, proc_table) {
- struct proc_entry * e = list_entry(p, struct proc_entry, next);
- if (pid == e->pid) {
- list_del(&e->next);
- proc_entry_destroy(e);
- }
- }
-}
-
-struct proc_entry * proc_table_get(struct list_head * proc_table,
- pid_t pid)
-{
- struct list_head * h;
-
- assert(proc_table);
-
- list_for_each(h, proc_table) {
- struct proc_entry * e = list_entry(h, struct proc_entry, next);
- if (pid == e->pid)
- return e;
- }
-
- return NULL;
-}
diff --git a/src/irmd/proc_table.h b/src/irmd/proc_table.h
deleted file mode 100644
index 9b81a111..00000000
--- a/src/irmd/proc_table.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/*
- * Ouroboros - Copyright (C) 2016 - 2021
- *
- * The IPC Resource Manager - Process Table
- *
- * Dimitri Staessens <dimitri@ouroboros.rocks>
- * Sander Vrijders <sander@ouroboros.rocks>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., http://www.fsf.org/about/contact/.
- */
-
-#ifndef OUROBOROS_IRMD_PROC_TABLE_H
-#define OUROBOROS_IRMD_PROC_TABLE_H
-
-#include <ouroboros/shm_flow_set.h>
-
-#include "utils.h"
-
-#include <unistd.h>
-#include <pthread.h>
-
-enum proc_state {
- PROC_NULL = 0,
- PROC_INIT,
- PROC_SLEEP,
- PROC_WAKE,
- PROC_DESTROY
-};
-
-struct proc_entry {
- struct list_head next;
- pid_t pid;
- char * prog; /* program instantiated */
- struct list_head names; /* names for which process accepts flows */
- struct shm_flow_set * set;
-
- struct reg_entry * re; /* reg_entry for which a flow arrived */
-
- /* The process will block on this */
- enum proc_state state;
- pthread_cond_t cond;
- pthread_mutex_t lock;
-};
-
-struct proc_entry * proc_entry_create(pid_t proc,
- char * prog);
-
-void proc_entry_destroy(struct proc_entry * e);
-
-int proc_entry_sleep(struct proc_entry * e,
- struct timespec * timeo);
-
-void proc_entry_wake(struct proc_entry * e,
- struct reg_entry * re);
-
-void proc_entry_cancel(struct proc_entry * e);
-
-int proc_entry_add_name(struct proc_entry * e,
- char * name);
-
-void proc_entry_del_name(struct proc_entry * e,
- const char * name);
-
-int proc_table_add(struct list_head * proc_table,
- struct proc_entry * e);
-
-void proc_table_del(struct list_head * proc_table,
- pid_t pid);
-
-struct proc_entry * proc_table_get(struct list_head * proc_table,
- pid_t pid);
-
-#endif /* OUROBOROS_IRMD_PROC_TABLE_H */
diff --git a/src/irmd/prog_table.c b/src/irmd/prog_table.c
deleted file mode 100644
index eb2b1966..00000000
--- a/src/irmd/prog_table.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * Ouroboros - Copyright (C) 2016 - 2021
- *
- * The IPC Resource Manager - Program Table
- *
- * Dimitri Staessens <dimitri@ouroboros.rocks>
- * Sander Vrijders <sander@ouroboros.rocks>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., http://www.fsf.org/about/contact/.
- */
-
-#include <ouroboros/errno.h>
-#include <ouroboros/irm.h>
-
-#include "prog_table.h"
-#include "utils.h"
-
-#include <assert.h>
-#include <stdlib.h>
-#include <string.h>
-
-struct prog_entry * prog_entry_create(char * prog,
- uint32_t flags,
- char ** argv)
-{
- struct prog_entry * e;
-
- assert(prog);
-
- e = malloc(sizeof(*e));
- if (e == NULL)
- return NULL;
-
- list_head_init(&e->next);
- list_head_init(&e->names);
-
- e->prog = prog;
- e->flags = flags;
-
- if (flags & BIND_AUTO) {
- e->argv = argv;
- } else {
- e->argv = NULL;
- argvfree(argv);
- argv = NULL;
- }
-
- return e;
-}
-void prog_entry_destroy(struct prog_entry * e)
-{
- struct list_head * p = NULL;
- struct list_head * h = NULL;
-
- if (e == NULL)
- return;
-
- if (e->prog != NULL)
- free(e->prog);
-
- if (e->argv != NULL)
- argvfree(e->argv);
-
- list_for_each_safe(p, h, &e->names) {
- struct str_el * s = list_entry(p, struct str_el, next);
- list_del(&s->next);
- free(s->str);
- free(s);
- }
-
- free(e);
-}
-
-int prog_entry_add_name(struct prog_entry * e,
- char * name)
-{
- struct str_el * s;
-
- if (e == NULL || name == NULL)
- return -EINVAL;
-
- s = malloc(sizeof(*s));
- if (s == NULL)
- return -ENOMEM;
-
- s->str = name;
- list_add(&s->next, &e->names);
-
- return 0;
-}
-
-void prog_entry_del_name(struct prog_entry * e,
- char * name)
-{
- struct list_head * p = NULL;
- struct list_head * h = NULL;
-
- list_for_each_safe(p, h, &e->names) {
- struct str_el * s = list_entry(p, struct str_el, next);
- if (!strcmp(name, s->str)) {
- list_del(&s->next);
- if (s->str != NULL)
- free(s->str);
- free(s);
- }
- }
-}
-
-int prog_table_add(struct list_head * prog_table,
- struct prog_entry * e)
-{
- assert(prog_table);
- assert(e);
-
- list_add(&e->next, prog_table);
-
- return 0;
-}
-
-void prog_table_del(struct list_head * prog_table,
- char * prog)
-{
- struct list_head * p;
- struct list_head * h;
-
- assert(prog_table);
- assert(prog);
-
- list_for_each_safe(p, h, prog_table) {
- struct prog_entry * e = list_entry(p, struct prog_entry, next);
- if (!strcmp(prog, e->prog)) {
- list_del(&e->next);
- prog_entry_destroy(e);
- }
- }
-}
-
-struct prog_entry * prog_table_get(struct list_head * prog_table,
- char * prog)
-{
- struct list_head * p;
-
- assert(prog_table);
- assert(prog);
-
- list_for_each(p, prog_table) {
- struct prog_entry * e = list_entry(p, struct prog_entry, next);
- if (!strcmp(e->prog, prog))
- return e;
- }
-
- return NULL;
-}
diff --git a/src/irmd/prog_table.h b/src/irmd/prog_table.h
deleted file mode 100644
index eed046c8..00000000
--- a/src/irmd/prog_table.h
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Ouroboros - Copyright (C) 2016 - 2021
- *
- * The IPC Resource Manager - Program Table
- *
- * Dimitri Staessens <dimitri@ouroboros.rocks>
- * Sander Vrijders <sander@ouroboros.rocks>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., http://www.fsf.org/about/contact/.
- */
-
-#ifndef OUROBOROS_IRMD_PROG_TABLE_H
-#define OUROBOROS_IRMD_PROG_TABLE_H
-
-#include <ouroboros/list.h>
-
-#include <unistd.h>
-#include <stdint.h>
-
-struct prog_entry {
- struct list_head next;
- char * prog; /* name of binary */
- uint32_t flags;
- char ** argv;
- struct list_head names; /* names that all instances will listen for */
-};
-
-struct prog_entry * prog_entry_create(char * prog,
- uint32_t flags,
- char ** argv);
-
-void prog_entry_destroy(struct prog_entry * e);
-
-int prog_entry_add_name(struct prog_entry * e,
- char * name);
-
-void prog_entry_del_name(struct prog_entry * e,
- char * name);
-
-int prog_table_add(struct list_head * prog_table,
- struct prog_entry * e);
-
-void prog_table_del(struct list_head * prog_table,
- char * prog);
-
-struct prog_entry * prog_table_get(struct list_head * prog_table,
- char * prog);
-
-#endif /* OUROBOROS_IRMD_PROG_TABLE_H */
diff --git a/src/irmd/reg/flow.c b/src/irmd/reg/flow.c
new file mode 100644
index 00000000..52b03e61
--- /dev/null
+++ b/src/irmd/reg/flow.c
@@ -0,0 +1,215 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager - Registry - Flows
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#define _POSIX_C_SOURCE 200809L
+
+#define OUROBOROS_PREFIX "reg/flow"
+
+#include <ouroboros/logs.h>
+
+#include "flow.h"
+
+#include <assert.h>
+#include <errno.h>
+#include <stdbool.h>
+#include <stdlib.h>
+
+struct reg_flow * reg_flow_create(const struct flow_info * info)
+{
+ struct reg_flow * flow;
+
+ assert(info != NULL);
+ assert(info->id > 0);
+ assert(info->n_pid != 0);
+ assert(info->n_1_pid == 0);
+ assert(info->mpl == 0);
+ assert(info->state == FLOW_INIT);
+
+ flow = malloc(sizeof(*flow));
+ if (flow == NULL) {
+ log_err("Failed to malloc flow.");
+ goto fail_malloc;
+ }
+
+ memset(flow, 0, sizeof(*flow));
+
+ clock_gettime(PTHREAD_COND_CLOCK, &flow->t0);
+ list_head_init(&flow->next);
+
+ flow->info = *info;
+
+ return flow;
+
+ fail_malloc:
+ return NULL;
+}
+
+static void destroy_rbuffs(struct reg_flow * flow)
+{
+ if (flow->n_rb != NULL)
+ ssm_rbuff_destroy(flow->n_rb);
+ flow->n_rb = NULL;
+
+ if (flow->n_1_rb != NULL)
+ ssm_rbuff_destroy(flow->n_1_rb);
+ flow->n_1_rb = NULL;
+}
+
+void reg_flow_destroy(struct reg_flow * flow)
+{
+ assert(flow != NULL);
+
+ switch(flow->info.state) {
+ case FLOW_ACCEPT_PENDING:
+ clrbuf(flow->data);
+ /* FALLTHRU */
+ default:
+ destroy_rbuffs(flow);
+ break;
+ }
+
+ assert(flow->n_rb == NULL);
+ assert(flow->n_1_rb == NULL);
+ assert(flow->data.data == NULL);
+ assert(flow->data.len == 0);
+
+ assert(list_is_empty(&flow->next));
+
+ free(flow);
+}
+
+static int create_rbuffs(struct reg_flow * flow,
+ struct flow_info * info)
+{
+ assert(flow != NULL);
+ assert(info != NULL);
+
+ flow->n_rb = ssm_rbuff_create(info->n_pid, info->id);
+ if (flow->n_rb == NULL)
+ goto fail_n_rb;
+
+ if (ssm_rbuff_mlock(flow->n_rb) < 0)
+ log_warn("Failed to mlock n_rb for flow %d.", info->id);
+
+ assert(flow->info.n_1_pid == 0);
+ assert(flow->n_1_rb == NULL);
+
+ flow->info.n_1_pid = info->n_1_pid;
+ flow->n_1_rb = ssm_rbuff_create(info->n_1_pid, info->id);
+ if (flow->n_1_rb == NULL)
+ goto fail_n_1_rb;
+
+ if (ssm_rbuff_mlock(flow->n_1_rb) < 0)
+ log_warn("Failed to mlock n_1_rb for flow %d.", info->id);
+
+ return 0;
+
+ fail_n_1_rb:
+ ssm_rbuff_destroy(flow->n_rb);
+ fail_n_rb:
+ return -ENOMEM;
+}
+
+int reg_flow_update(struct reg_flow * flow,
+ struct flow_info * info)
+{
+ assert(flow != NULL);
+ assert(info != NULL);
+
+ assert(flow->info.id == info->id);
+
+ switch(info->state) {
+ case FLOW_ACCEPT_PENDING:
+ assert(flow->info.state == FLOW_INIT);
+ flow->info.n_pid = info->n_pid;
+ break;
+ case FLOW_ALLOC_PENDING:
+ assert(flow->info.state == FLOW_INIT);
+ assert(info->n_1_pid != 0);
+
+ if (create_rbuffs(flow, info) < 0)
+ goto fail;
+
+ break;
+ case FLOW_ALLOCATED:
+ assert(info->n_1_pid != 0);
+ assert(flow->info.state > FLOW_INIT);
+ assert(flow->info.state < FLOW_ALLOCATED);
+ assert(flow->info.n_pid != 0);
+ assert(info->mpl != 0);
+
+ flow->info.mpl = info->mpl;
+
+ if (flow->info.state == FLOW_ALLOC_PENDING)
+ break;
+
+ flow->info.qs = info->qs;
+
+ if (create_rbuffs(flow, info) < 0)
+ goto fail;
+ break;
+ case FLOW_DEALLOCATED:
+ destroy_rbuffs(flow);
+ break;
+ case FLOW_DEALLOC_PENDING:
+ break;
+ default:
+ assert(false);
+ return -EPERM;
+ }
+
+ flow->info.state = info->state;
+ flow->info.uid = info->uid;
+
+ *info = flow->info;
+
+ return 0;
+ fail:
+ return -ENOMEM;
+}
+
+void reg_flow_set_data(struct reg_flow * flow,
+ const buffer_t * buf)
+{
+ assert(flow != NULL);
+ assert(buf != NULL);
+ assert(flow->data.data == NULL);
+ assert(flow->data.len == 0);
+
+ flow->data = *buf;
+}
+
+void reg_flow_get_data(struct reg_flow * flow,
+ buffer_t * buf)
+{
+ assert(flow != NULL);
+ assert(buf != NULL);
+
+ *buf = flow->data;
+
+ clrbuf(flow->data);
+}
+
+void reg_flow_free_data(struct reg_flow * flow)
+{
+ freebuf(flow->data);
+}
diff --git a/src/irmd/reg/flow.h b/src/irmd/reg/flow.h
new file mode 100644
index 00000000..b671d486
--- /dev/null
+++ b/src/irmd/reg/flow.h
@@ -0,0 +1,67 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager - Registry - Flows
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#ifndef OUROBOROS_IRMD_REG_FLOW_H
+#define OUROBOROS_IRMD_REG_FLOW_H
+
+#include <ouroboros/list.h>
+#include <ouroboros/flow.h>
+#include <ouroboros/name.h>
+#include <ouroboros/pthread.h>
+#include <ouroboros/qos.h>
+#include <ouroboros/ssm_rbuff.h>
+#include <ouroboros/utils.h>
+
+#include <sys/types.h>
+#include <time.h>
+
+struct reg_flow {
+ struct list_head next;
+
+ struct flow_info info;
+ int response;
+
+ buffer_t data;
+ struct timespec t0;
+
+ char name[NAME_SIZE + 1];
+
+ struct ssm_rbuff * n_rb;
+ struct ssm_rbuff * n_1_rb;
+};
+
+struct reg_flow * reg_flow_create(const struct flow_info * info);
+
+void reg_flow_destroy(struct reg_flow * flow);
+
+int reg_flow_update(struct reg_flow * flow,
+ struct flow_info * info);
+
+void reg_flow_set_data(struct reg_flow * flow,
+ const buffer_t * buf);
+
+void reg_flow_get_data(struct reg_flow * flow,
+ buffer_t * buf);
+
+void reg_flow_free_data(struct reg_flow * flow);
+
+#endif /* OUROBOROS_IRMD_REG_FLOW_H */
diff --git a/src/irmd/reg/ipcp.c b/src/irmd/reg/ipcp.c
new file mode 100644
index 00000000..74ec4939
--- /dev/null
+++ b/src/irmd/reg/ipcp.c
@@ -0,0 +1,91 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager - Registry - IPCPs
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#define _POSIX_C_SOURCE 200809L
+
+#define OUROBOROS_PREFIX "reg/ipcp"
+
+#include <ouroboros/logs.h>
+#include <ouroboros/time.h>
+
+#include "ipcp.h"
+
+#include <assert.h>
+#include <errno.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <string.h>
+
+struct reg_ipcp * reg_ipcp_create(const struct ipcp_info * info)
+{
+ struct reg_ipcp * ipcp;
+
+ assert(info != NULL);
+ assert(info->state == IPCP_INIT);
+
+ ipcp = malloc(sizeof(*ipcp));
+ if (ipcp == NULL) {
+ log_err("Failed to malloc ipcp.");
+ goto fail_malloc;
+ }
+
+ memset(ipcp, 0, sizeof(*ipcp));
+ memset(&ipcp->layer, 0, sizeof(ipcp->layer));
+
+ list_head_init(&ipcp->next);
+
+ ipcp->info = *info;
+ ipcp->info.state = IPCP_INIT;
+
+ strcpy(ipcp->layer.name, "Not enrolled.");
+
+ return ipcp;
+
+ fail_malloc:
+ return NULL;
+}
+
+void reg_ipcp_destroy(struct reg_ipcp * ipcp)
+{
+ assert(ipcp != NULL);
+
+ assert(list_is_empty(&ipcp->next));
+
+ free(ipcp);
+}
+
+void reg_ipcp_update(struct reg_ipcp * ipcp,
+ const struct ipcp_info * info)
+{
+ assert(ipcp != NULL);
+
+ ipcp->info = *info;
+}
+
+void reg_ipcp_set_layer(struct reg_ipcp * ipcp,
+ const struct layer_info * info)
+{
+ assert(ipcp != NULL);
+ assert(ipcp->info.state == IPCP_BOOT);
+
+ ipcp->layer = *info;
+}
diff --git a/src/irmd/reg/ipcp.h b/src/irmd/reg/ipcp.h
new file mode 100644
index 00000000..375973a7
--- /dev/null
+++ b/src/irmd/reg/ipcp.h
@@ -0,0 +1,47 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager - Registry - IPCPs
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#ifndef OUROBOROS_IRMD_REG_IPCP_H
+#define OUROBOROS_IRMD_REG_IPCP_H
+
+#include <ouroboros/list.h>
+#include <ouroboros/ipcp.h>
+
+struct reg_ipcp {
+ struct list_head next;
+
+ struct ipcp_info info;
+
+ struct layer_info layer;
+};
+
+struct reg_ipcp * reg_ipcp_create(const struct ipcp_info * info);
+
+void reg_ipcp_destroy(struct reg_ipcp * ipcp);
+
+void reg_ipcp_update(struct reg_ipcp * ipcp,
+ const struct ipcp_info * info);
+
+void reg_ipcp_set_layer(struct reg_ipcp * ipcp,
+ const struct layer_info * info);
+
+#endif /* OUROBOROS_IRMD_REG_IPCP_H */
diff --git a/src/irmd/reg/name.c b/src/irmd/reg/name.c
new file mode 100644
index 00000000..4e609711
--- /dev/null
+++ b/src/irmd/reg/name.c
@@ -0,0 +1,381 @@
+
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager - Registry - Names
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#define _POSIX_C_SOURCE 200809L
+
+#define OUROBOROS_PREFIX "reg/name"
+
+#include <ouroboros/logs.h>
+#include <ouroboros/utils.h>
+
+#include "name.h"
+
+#include <assert.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+
+struct prog_entry {
+ struct list_head next;
+ char ** exec;
+};
+
+struct proc_entry {
+ struct list_head next;
+ pid_t pid;
+};
+
+static void __free_prog_entry(struct prog_entry * entry)
+{
+ assert(entry != NULL);
+ assert(entry->exec != NULL);
+
+ argvfree(entry->exec);
+ free(entry);
+}
+
+struct reg_name * reg_name_create(const struct name_info * info)
+{
+ struct reg_name * name;
+
+ assert(info != NULL);
+
+ name = malloc(sizeof(*name));
+ if (name == NULL) {
+ log_err("Failed to malloc name.");
+ goto fail_malloc;
+ }
+
+ memset(name, 0, sizeof(*name));
+
+ list_head_init(&name->next);
+ list_head_init(&name->progs.list);
+ list_head_init(&name->procs.list);
+ list_head_init(&name->active.list);
+
+ name->info = *info;
+
+ return name;
+
+ fail_malloc:
+ return NULL;
+}
+
+void reg_name_destroy(struct reg_name * name)
+{
+ assert(name != NULL);
+
+ assert(list_is_empty(&name->next));
+
+ assert(name->progs.len == 0);
+ assert(name->procs.len == 0);
+ assert(name->active.len == 0);
+
+ assert(list_is_empty(&name->progs.list));
+ assert(list_is_empty(&name->procs.list));
+ assert(list_is_empty(&name->active.list));
+
+ free(name);
+}
+
+static struct proc_entry * __reg_name_get_active(const struct reg_name * name,
+ pid_t pid)
+{
+ struct list_head * p;
+
+ assert(name != NULL);
+ assert(pid > 0);
+
+ list_for_each(p, &name->active.list) {
+ struct proc_entry * entry;
+ entry = list_entry(p, struct proc_entry, next);
+ if (entry->pid == pid)
+ return entry;
+ }
+
+ return NULL;
+}
+
+static void __reg_name_del_all_active(struct reg_name * name,
+ pid_t pid)
+{
+ struct list_head * p;
+ struct list_head * h;
+
+ list_for_each_safe(p, h, &name->active.list) {
+ struct proc_entry * entry;
+ entry = list_entry(p, struct proc_entry, next);
+ if (entry->pid == pid) {
+ list_del(&entry->next);
+ free(entry);
+ --name->active.len;
+ }
+ }
+}
+
+static struct proc_entry * __reg_name_get_proc(const struct reg_name * name,
+ pid_t pid)
+{
+ struct list_head * p;
+
+ assert(name != NULL);
+ assert(pid > 0);
+
+ list_for_each(p, &name->procs.list) {
+ struct proc_entry * entry;
+ entry = list_entry(p, struct proc_entry, next);
+ if (entry->pid == pid)
+ return entry;
+ }
+
+ return NULL;
+}
+
+static struct prog_entry * __reg_name_get_prog(const struct reg_name * name,
+ const char * prog)
+{
+ struct list_head * p;
+
+ assert(name != NULL);
+ assert(prog != NULL);
+
+ list_for_each(p, &name->progs.list) {
+ struct prog_entry * entry;
+ entry = list_entry(p, struct prog_entry, next);
+ if (strcmp(entry->exec[0], prog) == 0)
+ return entry;
+ }
+
+ return NULL;
+}
+
+int reg_name_add_active(struct reg_name * name,
+ pid_t pid)
+{
+ struct proc_entry * entry;
+
+ assert(name != NULL);
+ assert(pid > 0);
+
+ assert(__reg_name_get_proc(name, pid) != NULL);
+
+ log_dbg("Process %d accepting flows for %s.", pid, name->info.name);
+
+ if (__reg_name_get_active(name, pid) != NULL)
+ log_dbg("Process calling accept from multiple threads.");
+
+ entry = malloc(sizeof(*entry));
+ if (entry == NULL) {
+ log_err("Failed to malloc active.");
+ goto fail_malloc;
+ }
+
+ entry->pid = pid;
+
+ switch (name->info.pol_lb) {
+ case LB_RR: /* Round robin policy. */
+ list_add_tail(&entry->next, &name->active.list);
+ break;
+ case LB_SPILL: /* Keep accepting flows on the current process */
+ list_add(&entry->next, &name->active.list);
+ break;
+ default:
+ goto fail_unreachable;
+ }
+
+ ++name->active.len;
+
+ return 0;
+
+ fail_unreachable:
+ free(entry);
+ assert(false);
+ fail_malloc:
+ return -1;
+}
+
+void reg_name_del_active(struct reg_name * name,
+ pid_t pid)
+{
+ struct proc_entry * entry;
+
+ entry = __reg_name_get_active(name, pid);
+ if (entry == NULL)
+ return;
+
+ list_del(&entry->next);
+
+ --name->active.len;
+
+ free(entry);
+}
+
+pid_t reg_name_get_active(struct reg_name * name)
+{
+ struct proc_entry * e;
+
+ assert(name != NULL);
+
+ if (list_is_empty(&name->active.list))
+ return -1;
+
+ e = list_first_entry(&name->active.list, struct proc_entry, next);
+
+ return e->pid;
+}
+
+int reg_name_add_proc(struct reg_name * name,
+ pid_t pid)
+{
+ struct proc_entry * entry;
+
+ assert(name != NULL);
+ assert(pid > 0);
+
+ assert(__reg_name_get_proc(name, pid) == NULL);
+
+ entry = malloc(sizeof(*entry));
+ if (entry == NULL) {
+ log_err("Failed to malloc proc.");
+ goto fail_malloc;
+ }
+
+ entry->pid = pid;
+
+ list_add(&entry->next, &name->procs.list);
+
+ ++name->procs.len;
+
+ return 0;
+
+ fail_malloc:
+ return -1;
+}
+
+void reg_name_del_proc(struct reg_name * name,
+ pid_t pid)
+{
+ struct proc_entry * entry;
+
+ assert(name != NULL);
+ assert(pid > 0);
+
+ entry = __reg_name_get_proc(name, pid);
+ if (entry == NULL)
+ return;
+
+ __reg_name_del_all_active(name, pid);
+
+ list_del(&entry->next);
+
+ free(entry);
+
+ --name->procs.len;
+
+ assert(__reg_name_get_proc(name, pid) == NULL);
+}
+
+bool reg_name_has_proc(const struct reg_name * name,
+ pid_t pid)
+{
+ return __reg_name_get_proc(name, pid) != NULL;
+}
+
+int reg_name_add_prog(struct reg_name * name,
+ char ** exec)
+{
+ struct prog_entry * entry;
+
+ assert(name != NULL);
+ assert(exec != NULL);
+ assert(exec[0] != NULL);
+
+ assert(__reg_name_get_prog(name, exec[0]) == NULL);
+
+ entry = malloc(sizeof(*entry));
+ if (entry == NULL) {
+ log_err("Failed to malloc prog.");
+ goto fail_malloc;
+ }
+
+ entry->exec = argvdup(exec);
+ if (entry->exec == NULL) {
+ log_err("Failed to argvdup prog.");
+ goto fail_exec;
+ }
+
+ list_add(&entry->next, &name->progs.list);
+
+ log_dbg("Add prog %s to name %s.", exec[0], name->info.name);
+
+ ++name->progs.len;
+
+ return 0;
+
+ fail_exec:
+ free(entry);
+ fail_malloc:
+ return -1;
+}
+
+void reg_name_del_prog(struct reg_name * name,
+ const char * prog)
+{
+ struct prog_entry * entry;
+
+ assert(name != NULL);
+ assert(prog != NULL);
+
+ entry = __reg_name_get_prog(name, prog);
+ if (entry == NULL)
+ return;
+
+ list_del(&entry->next);
+
+ __free_prog_entry(entry);
+
+ --name->progs.len;
+
+ assert(__reg_name_get_prog(name, prog) == NULL);
+}
+
+bool reg_name_has_prog(const struct reg_name * name,
+ const char * prog)
+{
+ assert(name != NULL);
+ assert(prog != NULL);
+
+ return __reg_name_get_prog(name, prog) != NULL;
+}
+
+char ** reg_name_get_exec(const struct reg_name * name)
+{
+ struct prog_entry * e;
+
+ if (list_is_empty(&name->progs.list))
+ return NULL;
+
+ e = list_first_entry(&name->progs.list, struct prog_entry, next);
+
+ return e->exec;
+}
diff --git a/src/irmd/reg/name.h b/src/irmd/reg/name.h
new file mode 100644
index 00000000..30a64e1c
--- /dev/null
+++ b/src/irmd/reg/name.h
@@ -0,0 +1,88 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager - Registry - Names
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#ifndef OUROBOROS_IRMD_REG_NAME_H
+#define OUROBOROS_IRMD_REG_NAME_H
+
+#include <ouroboros/list.h>
+#include <ouroboros/name.h>
+
+#define BIND_AUTO 0x01
+
+struct reg_name {
+ struct list_head next;
+
+ struct name_info info;
+
+ struct {
+ void * key;
+ void * crt;
+ } cache;
+
+ struct {
+ struct list_head list;
+ size_t len;
+ } progs; /* autostart programs for this name */
+
+ struct {
+ struct list_head list;
+ size_t len;
+ } procs; /* processes bound to this name */
+
+ struct {
+ struct list_head list;
+ size_t len;
+ } active; /* processes actively calling accept */
+};
+
+struct reg_name * reg_name_create(const struct name_info * info);
+
+void reg_name_destroy(struct reg_name * name);
+
+int reg_name_add_proc(struct reg_name * name,
+ pid_t proc);
+
+void reg_name_del_proc(struct reg_name * name,
+ pid_t proc);
+
+bool reg_name_has_proc(const struct reg_name * name,
+ pid_t proc);
+
+int reg_name_add_prog(struct reg_name * name,
+ char ** exec);
+
+void reg_name_del_prog(struct reg_name * name,
+ const char * prog);
+
+bool reg_name_has_prog(const struct reg_name * name,
+ const char * prog);
+
+char ** reg_name_get_exec(const struct reg_name * name);
+
+int reg_name_add_active(struct reg_name * name,
+ pid_t proc);
+
+pid_t reg_name_get_active(struct reg_name * name);
+
+void reg_name_del_active(struct reg_name * name,
+ pid_t proc);
+#endif /* OUROBOROS_IRMD_REG_NAME_H */
diff --git a/src/irmd/reg/pool.c b/src/irmd/reg/pool.c
new file mode 100644
index 00000000..fd983db8
--- /dev/null
+++ b/src/irmd/reg/pool.c
@@ -0,0 +1,101 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2026
+ *
+ * The IPC Resource Manager - Registry - Per-User Pools
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#define _POSIX_C_SOURCE 200809L
+
+#define OUROBOROS_PREFIX "reg/pool"
+
+#include <ouroboros/logs.h>
+#include <ouroboros/ssm_pool.h>
+
+#include "pool.h"
+
+#include <assert.h>
+#include <stdlib.h>
+
+struct reg_pool * reg_pool_create(uid_t uid,
+ gid_t gid)
+{
+ struct reg_pool * pool;
+
+ pool = malloc(sizeof(*pool));
+ if (pool == NULL) {
+ log_err("Failed to malloc pool.");
+ goto fail_malloc;
+ }
+
+ pool->ssm = ssm_pool_create(uid, gid);
+ if (pool->ssm == NULL) {
+ log_err("Failed to create PUP for uid %d.", uid);
+ goto fail_ssm;
+ }
+
+ list_head_init(&pool->next);
+ pool->uid = uid;
+ pool->gid = gid;
+ pool->refcount = 1;
+
+ log_dbg("Created PUP for uid %d gid %d.", uid, gid);
+
+ return pool;
+
+ fail_ssm:
+ free(pool);
+ fail_malloc:
+ return NULL;
+}
+
+void reg_pool_destroy(struct reg_pool * pool)
+{
+ assert(pool != NULL);
+ assert(pool->refcount == 0);
+
+ log_dbg("Destroying PUP for uid %d.", pool->uid);
+
+ ssm_pool_destroy(pool->ssm);
+
+ assert(list_is_empty(&pool->next));
+
+ free(pool);
+}
+
+void reg_pool_ref(struct reg_pool * pool)
+{
+ assert(pool != NULL);
+ assert(pool->refcount > 0);
+
+ pool->refcount++;
+
+ log_dbg("PUP uid %d refcount++ -> %zu.", pool->uid, pool->refcount);
+}
+
+int reg_pool_unref(struct reg_pool * pool)
+{
+ assert(pool != NULL);
+ assert(pool->refcount > 0);
+
+ pool->refcount--;
+
+ log_dbg("PUP uid %d refcount-- -> %zu.", pool->uid, pool->refcount);
+
+ return pool->refcount == 0 ? 0 : 1;
+}
diff --git a/src/irmd/reg/pool.h b/src/irmd/reg/pool.h
new file mode 100644
index 00000000..576f491c
--- /dev/null
+++ b/src/irmd/reg/pool.h
@@ -0,0 +1,48 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2026
+ *
+ * The IPC Resource Manager - Registry - Per-User Pools
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#ifndef OUROBOROS_IRMD_REG_POOL_H
+#define OUROBOROS_IRMD_REG_POOL_H
+
+#include <ouroboros/list.h>
+#include <ouroboros/ssm_pool.h>
+
+#include <sys/types.h>
+
+struct reg_pool {
+ struct list_head next;
+ uid_t uid;
+ gid_t gid;
+ size_t refcount;
+ struct ssm_pool * ssm;
+};
+
+struct reg_pool * reg_pool_create(uid_t uid,
+ gid_t gid);
+
+void reg_pool_destroy(struct reg_pool * pool);
+
+void reg_pool_ref(struct reg_pool * pool);
+
+int reg_pool_unref(struct reg_pool * pool);
+
+#endif /* OUROBOROS_IRMD_REG_POOL_H */
diff --git a/src/irmd/reg/proc.c b/src/irmd/reg/proc.c
new file mode 100644
index 00000000..b97dcf2d
--- /dev/null
+++ b/src/irmd/reg/proc.c
@@ -0,0 +1,193 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager - Registry - Processes
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This procram is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This procram is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this procram; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#define _POSIX_C_SOURCE 200809L
+
+#define OUROBOROS_PREFIX "reg/proc"
+
+#include <ouroboros/logs.h>
+#include <ouroboros/utils.h>
+
+#include "proc.h"
+
+#include <assert.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+
+struct name_entry {
+ struct list_head next;
+ char * name;
+};
+
+static void __free_name_entry(struct name_entry * entry)
+{
+ assert(entry != NULL);
+ assert(entry->name != NULL);
+
+ free(entry->name);
+ free(entry);
+}
+
+static void __reg_proc_clear_names(struct reg_proc * proc)
+{
+ struct list_head * p;
+ struct list_head * h;
+
+ assert(proc != NULL);
+
+ list_for_each_safe(p, h, &proc->names) {
+ struct name_entry * entry;
+ entry = list_entry(p, struct name_entry, next);
+ list_del(&entry->next);
+ __free_name_entry(entry);
+ proc->n_names--;
+ }
+}
+
+struct reg_proc * reg_proc_create(const struct proc_info * info)
+{
+ struct reg_proc * proc;
+
+ assert(info != NULL);
+
+ proc = malloc(sizeof(*proc));
+ if (proc == NULL) {
+ log_err("Failed to malloc proc.");
+ goto fail_malloc;
+ }
+
+ memset(proc, 0, sizeof(*proc));
+
+ proc->set = ssm_flow_set_create(info->pid);
+ if (proc->set == NULL) {
+ log_err("Failed to create flow set for %d.", info->pid);
+ goto fail_set;
+ }
+
+ list_head_init(&proc->next);
+ list_head_init(&proc->names);
+
+ proc->info = *info;
+ proc->n_names = 0;
+
+ return proc;
+
+ fail_set:
+ free(proc);
+ fail_malloc:
+ return NULL;
+}
+
+void reg_proc_destroy(struct reg_proc * proc)
+{
+ assert(proc != NULL);
+
+ ssm_flow_set_destroy(proc->set);
+
+ __reg_proc_clear_names(proc);
+
+ assert(list_is_empty(&proc->next));
+
+ assert(proc->n_names == 0);
+
+ assert(list_is_empty(&proc->names));
+
+ free(proc);
+}
+
+static struct name_entry * __reg_proc_get_name(const struct reg_proc * proc,
+ const char * name)
+{
+ struct list_head * p;
+
+ list_for_each(p, &proc->names) {
+ struct name_entry * entry;
+ entry = list_entry(p, struct name_entry, next);
+ if (strcmp(entry->name, name) == 0)
+ return entry;
+ }
+
+ return NULL;
+}
+
+int reg_proc_add_name(struct reg_proc * proc,
+ const char * name)
+{
+ struct name_entry * entry;
+
+ assert(__reg_proc_get_name(proc, name) == NULL);
+
+ entry = malloc(sizeof(*entry));
+ if (entry == NULL) {
+ log_err("Failed to malloc name.");
+ goto fail_malloc;
+ }
+
+ entry->name = strdup(name);
+ if (entry == NULL) {
+ log_err("Failed to strdup name.");
+ goto fail_name;
+ }
+
+ list_add(&entry->next, &proc->names);
+
+ proc->n_names++;
+
+ return 0;
+
+ fail_name:
+ free(entry);
+ fail_malloc:
+ return -1;
+}
+
+void reg_proc_del_name(struct reg_proc * proc,
+ const char * name)
+{
+ struct name_entry * entry;
+
+ entry = __reg_proc_get_name(proc, name);
+ if(entry == NULL)
+ return;
+
+ list_del(&entry->next);
+
+ __free_name_entry(entry);
+
+ proc->n_names--;
+
+ assert(__reg_proc_get_name(proc, name) == NULL);
+}
+
+bool reg_proc_has_name(const struct reg_proc * proc,
+ const char * name)
+{
+ return __reg_proc_get_name(proc, name) != NULL;
+}
+
+bool reg_proc_is_privileged(const struct reg_proc * proc)
+{
+ assert(proc != NULL);
+
+ return is_ouroboros_member_uid(proc->info.uid);
+}
diff --git a/src/irmd/reg/proc.h b/src/irmd/reg/proc.h
new file mode 100644
index 00000000..be4c1161
--- /dev/null
+++ b/src/irmd/reg/proc.h
@@ -0,0 +1,58 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager - Registry - Processes
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#ifndef OUROBOROS_IRMD_REG_PROC_H
+#define OUROBOROS_IRMD_REG_PROC_H
+
+#include <ouroboros/list.h>
+#include <ouroboros/proc.h>
+#include <ouroboros/ssm_flow_set.h>
+
+struct reg_proc {
+ struct list_head next;
+
+ struct proc_info info;
+
+ struct list_head names; /* process accepts flows for names */
+ size_t n_names; /* number of names */
+
+ struct ssm_flow_set * set;
+};
+
+struct reg_proc * reg_proc_create(const struct proc_info * info);
+
+void reg_proc_destroy(struct reg_proc * proc);
+
+void reg_proc_clear(struct reg_proc * proc);
+
+int reg_proc_add_name(struct reg_proc * proc,
+ const char * name);
+
+void reg_proc_del_name(struct reg_proc * proc,
+ const char * name);
+
+bool reg_proc_has_name(const struct reg_proc * proc,
+ const char * name);
+
+bool reg_proc_is_privileged(const struct reg_proc * proc);
+
+#endif /* OUROBOROS_IRMD_REG_PROC_H */
diff --git a/src/irmd/reg/prog.c b/src/irmd/reg/prog.c
new file mode 100644
index 00000000..9b9e7510
--- /dev/null
+++ b/src/irmd/reg/prog.c
@@ -0,0 +1,174 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager - Registry - Programs
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#define _POSIX_C_SOURCE 200809L
+
+#define OUROBOROS_PREFIX "reg/prog"
+
+#include <ouroboros/logs.h>
+#include <ouroboros/utils.h>
+
+#include "prog.h"
+
+#include <assert.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+
+struct name_entry {
+ struct list_head next;
+ char * name;
+};
+
+static void __free_name_entry(struct name_entry * entry)
+{
+ assert(entry != NULL);
+ assert(entry->name != NULL);
+
+ free(entry->name);
+ free(entry);
+}
+
+static void __reg_prog_clear_names(struct reg_prog * prog)
+{
+ struct list_head * p;
+ struct list_head * h;
+
+ assert(prog != NULL);
+
+ list_for_each_safe(p, h, &prog->names) {
+ struct name_entry * entry;
+ entry = list_entry(p, struct name_entry, next);
+ list_del(&entry->next);
+ __free_name_entry(entry);
+ prog->n_names--;
+ }
+}
+
+struct reg_prog * reg_prog_create(const struct prog_info * info)
+{
+ struct reg_prog * p;
+
+ assert(info != NULL);
+
+ p = malloc(sizeof(*p));
+ if (p == NULL) {
+ log_err("Failed to malloc prog.");
+ goto fail_malloc;
+ }
+
+ list_head_init(&p->next);
+ list_head_init(&p->names);
+
+ p->info = *info;
+ p->n_names = 0;
+
+ return p;
+
+ fail_malloc:
+ return NULL;
+}
+
+void reg_prog_destroy(struct reg_prog * prog)
+{
+ assert(prog != NULL);
+
+ __reg_prog_clear_names(prog);
+
+ assert(list_is_empty(&prog->next));
+
+ assert(prog->n_names == 0);
+
+ assert(list_is_empty(&prog->names));
+
+ free(prog);
+}
+
+static struct name_entry * __reg_prog_get_name(const struct reg_prog * prog,
+ const char * name)
+{
+ struct list_head * p;
+
+ list_for_each(p, &prog->names) {
+ struct name_entry * entry;
+ entry = list_entry(p, struct name_entry, next);
+ if (strcmp(entry->name, name) == 0)
+ return entry;
+ }
+
+ return NULL;
+}
+
+int reg_prog_add_name(struct reg_prog * prog,
+ const char * name)
+{
+ struct name_entry * entry;
+
+ assert(__reg_prog_get_name(prog, name) == NULL);
+
+ entry = malloc(sizeof(*entry));
+ if (entry == NULL) {
+ log_err("Failed to malloc name.");
+ goto fail_malloc;
+ }
+
+ entry->name = strdup(name);
+ if (entry == NULL) {
+ log_err("Failed to strdup name.");
+ goto fail_name;
+ }
+
+ list_add(&entry->next, &prog->names);
+
+ prog->n_names++;
+
+ return 0;
+
+ fail_name:
+ free(entry);
+ fail_malloc:
+ return -1;
+}
+
+void reg_prog_del_name(struct reg_prog * prog,
+ const char * name)
+{
+ struct name_entry * entry;
+
+ entry = __reg_prog_get_name(prog, name);
+ if (entry == NULL)
+ return;
+
+ list_del(&entry->next);
+
+ __free_name_entry(entry);
+
+ prog->n_names--;
+
+ assert(__reg_prog_get_name(prog, name) == NULL);
+}
+
+bool reg_prog_has_name(const struct reg_prog * prog,
+ const char * name)
+{
+ return __reg_prog_get_name(prog, name) != NULL;
+}
diff --git a/src/irmd/reg/prog.h b/src/irmd/reg/prog.h
new file mode 100644
index 00000000..a98fc6a1
--- /dev/null
+++ b/src/irmd/reg/prog.h
@@ -0,0 +1,53 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager - Registry - Programs
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#ifndef OUROBOROS_IRMD_REG_PROG_H
+#define OUROBOROS_IRMD_REG_PROG_H
+
+#include <ouroboros/list.h>
+#include <ouroboros/proc.h>
+
+#include <stdint.h>
+
+struct reg_prog {
+ struct list_head next;
+
+ struct prog_info info;
+
+ struct list_head names; /* names to listen for */
+ size_t n_names; /* number of names in list */
+ };
+
+struct reg_prog * reg_prog_create(const struct prog_info * info);
+
+void reg_prog_destroy(struct reg_prog * prog);
+
+int reg_prog_add_name(struct reg_prog * prog,
+ const char * name);
+
+void reg_prog_del_name(struct reg_prog * prog,
+ const char * name);
+
+bool reg_prog_has_name(const struct reg_prog * prog,
+ const char * name);
+
+#endif /* OUROBOROS_IRMD_REG_PROG_H */
diff --git a/src/irmd/reg/reg.c b/src/irmd/reg/reg.c
new file mode 100644
index 00000000..e89b492b
--- /dev/null
+++ b/src/irmd/reg/reg.c
@@ -0,0 +1,2242 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+The IPC Resource Manager - Registry
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#define _POSIX_C_SOURCE 200809L
+
+#define OUROBOROS_PREFIX "reg"
+
+#include <ouroboros/bitmap.h>
+#include <ouroboros/errno.h>
+#include <ouroboros/list.h>
+#include <ouroboros/logs.h>
+#include <ouroboros/protobuf.h>
+#include <ouroboros/pthread.h>
+
+#include "reg.h"
+#include "flow.h"
+#include "ipcp.h"
+#include "name.h"
+#include "pool.h"
+#include "proc.h"
+#include "prog.h"
+
+#include <assert.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define ID_OFFT 1 /* reserve some flow_ids */
+
+struct {
+ struct bmp * flow_ids; /* flow_ids for flows */
+
+ struct list_head flows; /* flow information */
+ size_t n_flows; /* number of flows */
+
+ struct list_head ipcps; /* list of ipcps in system */
+ size_t n_ipcps; /* number of ipcps */
+
+ struct list_head names; /* registered names known */
+ size_t n_names; /* number of names */
+
+ struct list_head pools; /* per-user pools */
+ size_t n_pools; /* number of pools */
+
+ struct list_head procs; /* processes */
+ size_t n_procs; /* number of processes */
+
+ struct list_head progs; /* programs known */
+ size_t n_progs; /* number of programs */
+
+ struct list_head spawned; /* child processes */
+ size_t n_spawned; /* number of child processes */
+
+ pthread_mutex_t mtx; /* registry lock */
+ pthread_cond_t cond; /* condvar for reg changes */
+} reg;
+
+struct pid_entry {
+ struct list_head next;
+ pid_t pid;
+};
+
+static struct reg_flow * __reg_get_flow(int flow_id)
+{
+ struct list_head * p;
+
+ assert(flow_id >= ID_OFFT);
+
+ list_for_each(p, &reg.flows) {
+ struct reg_flow * entry;
+ entry = list_entry(p, struct reg_flow, next);
+ if (entry->info.id == flow_id)
+ return entry;
+ }
+
+ return NULL;
+}
+
+static struct reg_flow * __reg_get_accept_flow(pid_t pid)
+{
+ struct list_head * p;
+
+ list_for_each(p, &reg.flows) {
+ struct reg_flow * entry;
+ entry = list_entry(p, struct reg_flow, next);
+ if (entry->info.state != FLOW_ACCEPT_PENDING)
+ continue;
+ if (entry->info.n_pid == pid)
+ return entry;
+ }
+
+ return NULL;
+}
+
+static struct list_head * __reg_after_flow(int flow_id)
+{
+ struct list_head * p;
+
+ assert(flow_id >= ID_OFFT);
+
+ list_for_each(p, &reg.flows) {
+ struct reg_flow * entry;
+ entry = list_entry(p, struct reg_flow, next);
+ if (entry->info.id > flow_id)
+ break;
+ }
+
+ return p;
+}
+
+static struct reg_ipcp * __reg_get_ipcp(pid_t pid)
+{
+ struct list_head * p;
+
+ assert(pid > 0);
+
+ list_for_each(p, &reg.ipcps) {
+ struct reg_ipcp * entry;
+ entry = list_entry(p, struct reg_ipcp, next);
+ if (entry->info.pid == pid)
+ return entry;
+ }
+
+ return NULL;
+}
+
+static struct reg_ipcp * __reg_get_ipcp_by_layer(const char * layer)
+{
+ struct list_head * p;
+
+ list_for_each(p, &reg.ipcps) {
+ struct reg_ipcp * entry;
+ entry = list_entry(p, struct reg_ipcp, next);
+ if (strcmp(entry->layer.name, layer) == 0)
+ return entry;
+ }
+
+ return NULL;
+}
+
+
+static struct list_head * __reg_after_ipcp(const struct ipcp_info * info)
+{
+ struct list_head * p;
+
+ assert(info != NULL);
+
+ list_for_each(p, &reg.ipcps) {
+ struct reg_ipcp * entry;
+ entry = list_entry(p, struct reg_ipcp, next);
+ if (entry->info.type < info->type)
+ continue;
+
+ if (entry->info.type > info->type)
+ break;
+
+ if (entry->info.pid > info->pid)
+ break;
+ }
+
+ return p;
+}
+
+static struct reg_name * __reg_get_name(const char * name)
+{
+ struct list_head * p;
+
+ assert(name != NULL);
+
+ list_for_each(p, &reg.names) {
+ struct reg_name * entry;
+ entry = list_entry(p, struct reg_name, next);
+ if (strcmp(entry->info.name, name) == 0)
+ return entry;
+ }
+
+ return NULL;
+}
+
+static int __reg_get_pending_flow_id(const char * name)
+{
+ struct reg_name * entry;
+ struct reg_flow * flow;
+ pid_t pid;
+
+ assert(name != NULL);
+ assert(strlen(name) > 0);
+ assert(strlen(name) < NAME_SIZE + 1);
+
+ entry =__reg_get_name(name);
+ if (entry == NULL)
+ return -ENAME;
+
+ pid = reg_name_get_active(entry);
+ if (pid < 0)
+ return -EAGAIN;
+
+ flow = __reg_get_accept_flow(pid);
+ if (flow == NULL) /* compiler barks, this can't be NULL */
+ return -EAGAIN;
+
+ strcpy(flow->name, name);
+
+ return flow->info.id;
+}
+
+static struct list_head * __reg_after_name(const char * name)
+{
+ struct list_head * p;
+
+ assert(name != NULL);
+
+ list_for_each(p, &reg.names) {
+ struct reg_name * entry;
+ entry = list_entry(p, struct reg_name, next);
+ if (strcmp(entry->info.name, name) > 0)
+ break;
+ }
+
+ return p;
+}
+
+static struct reg_pool * __reg_get_pool(uid_t uid)
+{
+ struct list_head * p;
+
+ list_for_each(p, &reg.pools) {
+ struct reg_pool * entry;
+ entry = list_entry(p, struct reg_pool, next);
+ if (entry->uid == uid)
+ return entry;
+ }
+
+ return NULL;
+}
+
+static struct reg_proc * __reg_get_proc(pid_t pid)
+{
+ struct list_head * p;
+
+ list_for_each(p, &reg.procs) {
+ struct reg_proc * entry;
+ entry = list_entry(p, struct reg_proc, next);
+ if (entry->info.pid == pid)
+ return entry;
+ }
+
+ return NULL;
+}
+
+static struct list_head * __reg_after_proc(pid_t pid)
+{
+ struct list_head * p;
+
+ list_for_each(p, &reg.procs) {
+ struct reg_proc * entry;
+ entry = list_entry(p, struct reg_proc, next);
+ if (entry->info.pid > pid)
+ break;
+ }
+
+ return p;
+}
+
+static void __reg_kill_all_proc(int signal)
+{
+ struct list_head * p;
+
+ list_for_each(p, &reg.procs) {
+ struct reg_proc * entry;
+ entry = list_entry(p, struct reg_proc, next);
+ kill(entry->info.pid, signal);
+ }
+}
+
+static pid_t __reg_get_dead_proc(void)
+{
+ struct list_head * p;
+
+ list_for_each(p, &reg.procs) {
+ struct reg_proc * entry;
+ entry = list_entry(p, struct reg_proc, next);
+ if (kill(entry->info.pid, 0) < 0)
+ return entry->info.pid;
+ }
+
+ return -1;
+}
+
+static void __reg_cancel_flows_for_proc(pid_t pid)
+{
+ struct list_head * p;
+ bool changed = false;
+
+ list_for_each(p, &reg.flows) {
+ struct reg_flow * entry;
+ entry = list_entry(p, struct reg_flow, next);
+ if (entry->info.n_pid != pid)
+ continue;
+
+ switch (entry->info.state) {
+ case FLOW_ALLOC_PENDING:
+ /* FALLTHRU */
+ case FLOW_ACCEPT_PENDING:
+ entry->info.state = FLOW_DEALLOCATED;
+ changed = true;
+ break;
+ default:
+ continue;
+ }
+ }
+
+ if (changed)
+ pthread_cond_broadcast(&reg.cond);
+}
+
+static struct pid_entry * __reg_get_spawned(pid_t pid)
+{
+ struct list_head * p;
+
+ list_for_each(p, &reg.spawned) {
+ struct pid_entry * entry;
+ entry = list_entry(p, struct pid_entry, next);
+ if (entry->pid == pid)
+ return entry;
+ }
+
+ return NULL;
+}
+
+static struct list_head * __reg_after_spawned(pid_t pid)
+{
+ struct list_head * p;
+
+ list_for_each(p, &reg.spawned) {
+ struct pid_entry * entry;
+ entry = list_entry(p, struct pid_entry, next);
+ if (entry->pid > pid)
+ break;
+ }
+
+ return p;
+}
+
+static void __reg_kill_all_spawned(int signal)
+{
+ struct list_head * p;
+
+ list_for_each(p, &reg.spawned) {
+ struct pid_entry * entry;
+ entry = list_entry(p, struct pid_entry, next);
+ kill(entry->pid, signal);
+ }
+}
+
+static pid_t __reg_first_spawned(void)
+{
+ if (list_is_empty(&reg.spawned))
+ return -1;
+
+ return list_first_entry(&reg.spawned, struct pid_entry, next)->pid;
+}
+
+static struct reg_prog * __reg_get_prog(const char * name)
+{
+ struct list_head * p;
+
+ list_for_each(p, &reg.progs) {
+ struct reg_prog * entry;
+ entry = list_entry(p, struct reg_prog, next);
+ if (strcmp(entry->info.name, name) == 0)
+ return entry;
+ }
+
+ return NULL;
+}
+
+static char ** __reg_get_exec(const char * name)
+{
+ struct list_head * p;
+
+ list_for_each(p, &reg.names) {
+ struct reg_name * entry;
+ entry = list_entry(p, struct reg_name, next);
+ if (strcmp(entry->info.name, name) == 0)
+ return reg_name_get_exec(entry);
+ }
+
+ return NULL;
+}
+
+static struct list_head * __reg_after_prog(const char * name)
+{
+ struct list_head * p;
+
+ list_for_each(p, &reg.progs) {
+ struct reg_prog * entry;
+ entry = list_entry(p, struct reg_prog, next);
+ if (strcmp(entry->info.name, name) > 0)
+ break;
+ }
+
+ return p;
+}
+
+static void __reg_del_name_from_procs(const char * name)
+{
+ struct list_head * p;
+
+ list_for_each(p, &reg.procs) {
+ struct reg_proc * proc;
+ proc = list_entry(p, struct reg_proc, next);
+ reg_proc_del_name(proc, name);
+ }
+}
+
+static void __reg_del_name_from_progs(const char * name)
+{
+ struct list_head * p;
+
+ list_for_each(p, &reg.progs) {
+ struct reg_prog * prog;
+ prog = list_entry(p, struct reg_prog, next);
+ reg_prog_del_name(prog, name);
+ }
+}
+
+static void __reg_proc_update_names(struct reg_proc * proc)
+{
+ struct list_head * p;
+ struct reg_prog * prog;
+
+ assert(list_is_empty(&proc->names));
+
+ prog = __reg_get_prog(proc->info.prog);
+ if (prog == NULL)
+ return;
+
+ list_for_each(p, &reg.names) {
+ struct reg_name * name;
+ name = list_entry(p, struct reg_name, next);
+ assert(!reg_name_has_proc(name, proc->info.pid));
+ if (reg_prog_has_name(prog, name->info.name)) {
+ reg_proc_add_name(proc, name->info.name);
+ reg_name_add_proc(name, proc->info.pid);
+ }
+ }
+}
+
+static void __reg_del_proc_from_names(pid_t pid)
+{
+ struct list_head * p;
+
+ list_for_each(p, &reg.names) {
+ struct reg_name * name;
+ name = list_entry(p, struct reg_name, next);
+ reg_name_del_proc(name, pid);
+ }
+}
+
+static void __reg_del_prog_from_names(const char * prog)
+{
+ struct list_head * p;
+
+ list_for_each(p, &reg.names) {
+ struct reg_name * name;
+ name = list_entry(p, struct reg_name, next);
+ reg_name_del_prog(name, prog);
+ }
+}
+
+static int __reg_add_active_proc(pid_t pid)
+{
+ struct list_head * p;
+ size_t n_names = 0;
+ size_t failed = 0;
+
+ assert(pid > 0);
+
+ list_for_each(p, &reg.names) {
+ struct reg_name * name;
+ name = list_entry(p, struct reg_name, next);
+ if (reg_name_has_proc(name, pid)) {
+ if (reg_name_add_active(name, pid) < 0)
+ failed++;
+ n_names++;
+ }
+ }
+
+ if (n_names > 0 && failed == n_names)
+ return -1;
+
+ return 0; /* some were marked */
+}
+
+static void __reg_del_active_proc(pid_t pid)
+{
+ struct list_head * p;
+
+ assert(pid > 0);
+
+ list_for_each(p, &reg.names) {
+ struct reg_name * name;
+ name = list_entry(p, struct reg_name, next);
+ reg_name_del_active(name, pid);
+ }
+}
+
+int reg_init(void)
+{
+ pthread_condattr_t cattr;
+
+ if (pthread_mutex_init(&reg.mtx, NULL) != 0) {
+ log_err("Failed to initialize mutex.");
+ goto fail_mtx;
+ }
+
+ if (pthread_condattr_init(&cattr) != 0) {
+ log_err("Failed to initialize condattr.");
+ goto fail_cattr;
+ }
+
+#ifndef __APPLE__
+ pthread_condattr_setclock(&cattr, PTHREAD_COND_CLOCK);
+#endif
+ if (pthread_cond_init(&reg.cond, &cattr) != 0) {
+ log_err("Failed to initialize condvar.");
+ goto fail_cond;
+ }
+
+ reg.flow_ids = bmp_create(SYS_MAX_FLOWS -ID_OFFT, ID_OFFT);
+ if (reg.flow_ids == NULL) {
+ log_err("Failed to create flow_ids bitmap.");
+ goto fail_flow_ids;
+ }
+
+ pthread_condattr_destroy(&cattr);
+
+ list_head_init(&reg.flows);
+ list_head_init(&reg.ipcps);
+ list_head_init(&reg.names);
+ list_head_init(&reg.pools);
+ list_head_init(&reg.procs);
+ list_head_init(&reg.progs);
+ list_head_init(&reg.spawned);
+
+ return 0;
+
+ fail_flow_ids:
+ pthread_cond_destroy(&reg.cond);
+ fail_cond:
+ pthread_condattr_destroy(&cattr);
+ fail_cattr:
+ pthread_mutex_destroy(&reg.mtx);
+ fail_mtx:
+ return -1;
+}
+
+void reg_clear(void)
+{
+ struct list_head * p;
+ struct list_head * h;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ list_for_each_safe(p, h, &reg.spawned) {
+ struct pid_entry * entry;
+ entry = list_entry(p, struct pid_entry, next);
+ list_del(&entry->next);
+ free(entry);
+ reg.n_spawned--;
+ }
+
+ list_for_each_safe(p, h, &reg.progs) {
+ struct reg_prog * entry;
+ entry = list_entry(p, struct reg_prog, next);
+ list_del(&entry->next);
+ __reg_del_prog_from_names(entry->info.path);
+ reg_prog_destroy(entry);
+ reg.n_progs--;
+ }
+
+ list_for_each_safe(p, h, &reg.procs) {
+ struct reg_proc * entry;
+ entry = list_entry(p, struct reg_proc, next);
+ list_del(&entry->next);
+ __reg_del_proc_from_names(entry->info.pid);
+ reg_proc_destroy(entry);
+ reg.n_procs--;
+ }
+
+ list_for_each_safe(p, h, &reg.pools) {
+ struct reg_pool * entry;
+ entry = list_entry(p, struct reg_pool, next);
+ list_del(&entry->next);
+ entry->refcount = 0; /* Force destroy during cleanup */
+ reg_pool_destroy(entry);
+ reg.n_pools--;
+ }
+
+ list_for_each_safe(p, h, &reg.flows) {
+ struct reg_flow * entry;
+ entry = list_entry(p, struct reg_flow, next);
+ list_del(&entry->next);
+ reg_flow_destroy(entry);
+ reg.n_flows--;
+ }
+
+ list_for_each_safe(p, h, &reg.names) {
+ struct reg_name * entry;
+ entry = list_entry(p, struct reg_name, next);
+ list_del(&entry->next);
+ reg_name_destroy(entry);
+ reg.n_names--;
+ }
+
+ list_for_each_safe(p, h, &reg.ipcps) {
+ struct reg_ipcp * entry;
+ entry = list_entry(p, struct reg_ipcp, next);
+ list_del(&entry->next);
+ reg_ipcp_destroy(entry);
+ reg.n_ipcps--;
+ }
+
+ pthread_mutex_unlock(&reg.mtx);
+}
+
+void reg_fini(void)
+{
+ assert(list_is_empty(&reg.spawned));
+ assert(list_is_empty(&reg.progs));
+ assert(list_is_empty(&reg.procs));
+ assert(list_is_empty(&reg.pools));
+ assert(list_is_empty(&reg.names));
+ assert(list_is_empty(&reg.ipcps));
+ assert(list_is_empty(&reg.flows));
+
+ assert(reg.n_spawned == 0);
+ assert(reg.n_progs == 0);
+ assert(reg.n_procs == 0);
+ assert(reg.n_pools == 0);
+ assert(reg.n_names == 0);
+ assert(reg.n_ipcps == 0);
+ assert(reg.n_flows == 0);
+
+ bmp_destroy(reg.flow_ids);
+
+ if (pthread_cond_destroy(&reg.cond) != 0)
+ log_warn("Failed to destroy condvar.");
+
+ if (pthread_mutex_destroy(&reg.mtx) != 0)
+ log_warn("Failed to destroy mutex.");
+}
+
+int reg_create_flow(struct flow_info * info)
+{
+ struct reg_flow * f;
+
+ assert(info != NULL);
+ assert(info->id == 0);
+ assert(info->n_pid != 0);
+ assert(info->state == FLOW_INIT);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ info->id = bmp_allocate(reg.flow_ids);
+ if (!bmp_is_id_valid(reg.flow_ids, info->id)) {
+ log_err("Failed to allocate flow id.");
+ goto fail_id;
+ }
+
+ f = reg_flow_create(info);
+ if (f == NULL) {
+ log_err("Failed to create flow %d.", info->id);
+ goto fail_flow;
+ }
+
+ list_add(&f->next, __reg_after_flow(info->id));
+
+ reg.n_flows++;
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return 0;
+
+ fail_flow:
+ bmp_release(reg.flow_ids, info->id);
+ info->id = 0;
+ fail_id:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+}
+
+int reg_destroy_flow(int flow_id)
+{
+ struct reg_flow * f;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ f = __reg_get_flow(flow_id);
+ if (f == NULL) {
+ log_err("Flow %d does not exist.", flow_id);
+ goto no_flow;
+ }
+
+ list_del(&f->next);
+
+ reg.n_flows--;
+
+ bmp_release(reg.flow_ids, flow_id);
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ pthread_cond_broadcast(&reg.cond);
+
+ reg_flow_destroy(f);
+
+ return 0;
+
+ no_flow:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+
+}
+
+bool reg_has_flow(int flow_id)
+{
+ bool ret;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ ret = __reg_get_flow(flow_id) != NULL;
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return ret;
+}
+
+int reg_create_ipcp(const struct ipcp_info * info)
+{
+ struct reg_ipcp * ipcp;
+ struct pid_entry * entry;
+
+ assert(info != NULL);
+ assert(info->pid != 0);
+ assert(info->state == IPCP_INIT);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ if (__reg_get_ipcp(info->pid) != NULL) {
+ log_err("IPCP %d already exists.", info->pid);
+ goto fail_ipcp;
+ }
+
+ ipcp = reg_ipcp_create(info);
+ if (ipcp == NULL) {
+ log_err("Failed to create ipcp %s.", info->name);
+ goto fail_ipcp;
+ }
+
+ entry = malloc(sizeof(*entry));
+ if (entry == NULL) {
+ log_err("Failed to create spawn entry.\n");
+ goto fail_spawn;
+ }
+
+ entry->pid = info->pid;
+
+ list_add_tail(&ipcp->next, __reg_after_ipcp(info));
+ list_add(&entry->next, __reg_after_spawned(info->pid));
+
+ reg.n_ipcps++;
+ reg.n_spawned++;
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return 0;
+
+ fail_spawn:
+ reg_ipcp_destroy(ipcp);
+ fail_ipcp:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+
+}
+
+int reg_update_ipcp(struct ipcp_info * info)
+{
+ struct reg_ipcp * ipcp;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ ipcp = __reg_get_ipcp(info->pid);
+ if (ipcp == NULL) {
+ log_err("IPCP %d does not exist.", info->pid);
+ goto no_ipcp;
+
+ }
+
+ reg_ipcp_update(ipcp, info);
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ reg_ipcp_destroy(ipcp);
+
+ return 0;
+
+ no_ipcp:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+}
+
+bool reg_has_ipcp(pid_t pid)
+{
+ bool ret;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ ret = __reg_get_ipcp(pid) != NULL;
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return ret;
+}
+
+static int __get_ipcp_info(ipcp_list_msg_t ** msg,
+ struct reg_ipcp * ipcp)
+{
+ *msg = malloc(sizeof(**msg));
+ if (*msg == NULL)
+ goto fail;
+
+ ipcp_list_msg__init(*msg);
+
+ (*msg)->name = strdup(ipcp->info.name);
+ if ((*msg)->name == NULL)
+ goto fail_msg;
+
+ (*msg)->layer = strdup(ipcp->layer.name);
+ if ((*msg)->layer == NULL)
+ goto fail_msg;
+
+ (*msg)->pid = ipcp->info.pid;
+ (*msg)->type = ipcp->info.type;
+ (*msg)->hash_algo = ipcp->layer.dir_hash_algo;
+
+ return 0;
+
+ fail_msg:
+ ipcp_list_msg__free_unpacked(*msg, NULL);
+ *msg = NULL;
+ fail:
+ return -1;
+}
+
+int reg_list_ipcps(ipcp_list_msg_t *** ipcps)
+{
+ struct list_head * p;
+ int i = 0;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ if (reg.n_ipcps == 0)
+ goto finish;
+
+ *ipcps = malloc(reg.n_ipcps * sizeof(**ipcps));
+ if (*ipcps == NULL) {
+ log_err("Failed to malloc ipcps.");
+ goto fail_malloc;
+ }
+
+ list_for_each(p, &reg.ipcps) {
+ struct reg_ipcp * entry;
+ entry = list_entry(p, struct reg_ipcp, next);
+ if (__get_ipcp_info(&(*ipcps)[i], entry) < 0)
+ goto fail;
+
+ i++;
+ }
+ finish:
+ pthread_mutex_unlock(&reg.mtx);
+
+ return i;
+
+ fail:
+ while (i-- > 0)
+ ipcp_list_msg__free_unpacked((*ipcps)[i], NULL);
+ free(*ipcps);
+ fail_malloc:
+ pthread_mutex_unlock(&reg.mtx);
+ *ipcps = NULL;
+ return -ENOMEM;
+}
+
+int reg_create_name(const struct name_info * info)
+{
+ struct reg_name * n;
+
+ assert(info != NULL);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ if (__reg_get_name(info->name) != NULL) {
+ log_dbg("Name %s already exists.", info->name);
+ goto exists;
+ }
+
+ n = reg_name_create(info);
+ if (n == NULL) {
+ log_err("Failed to create name %s.", info->name);
+ goto fail_name;
+ }
+
+ list_add(&n->next, __reg_after_name(info->name));
+
+ reg.n_names++;
+
+ pthread_mutex_unlock(&reg.mtx);
+ return 0;
+ exists:
+ pthread_mutex_unlock(&reg.mtx);
+ return -EEXIST;
+
+ fail_name:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+
+}
+
+int reg_destroy_name(const char * name)
+{
+ struct reg_name * n;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ n = __reg_get_name(name);
+ if (n == NULL) {
+ log_err("Name %s does not exist.", name);
+ goto no_name;
+ }
+
+ __reg_del_name_from_procs(name);
+ __reg_del_name_from_progs(name);
+
+ list_del(&n->next);
+
+ reg.n_names--;
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ reg_name_destroy(n);
+
+ return 0;
+
+ no_name:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+}
+
+bool reg_has_name(const char * name)
+{
+ bool ret;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ ret = __reg_get_name(name) != NULL;
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return ret;
+}
+
+int reg_get_name_info(const char * name,
+ struct name_info * info)
+{
+ struct reg_name * n;
+
+ assert(name != NULL);
+ assert(info != NULL);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ n = __reg_get_name(name);
+ if (n == NULL) {
+ log_err("Name %s does not exist.", name);
+ goto no_name;
+ }
+
+ *info = n->info;
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return 0;
+
+ no_name:
+ pthread_mutex_unlock(&reg.mtx);
+ return -ENOENT;
+
+}
+
+int reg_get_name_for_hash(char * buf,
+ enum hash_algo algo,
+ const uint8_t * hash)
+{
+ struct list_head * p;
+ uint8_t * thash;
+ size_t len;
+ char * name = NULL;
+
+ len = hash_len(algo);
+
+ thash = malloc(len);
+ if (thash == NULL)
+ return -ENOMEM;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ list_for_each(p, &reg.names) {
+ struct reg_name * n = list_entry(p, struct reg_name, next);
+ str_hash(algo, thash, n->info.name);
+ if (memcmp(thash, hash, len) == 0) {
+ name = n->info.name;
+ break;
+ }
+ }
+
+ if (name != NULL)
+ strcpy(buf, name);
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ free(thash);
+
+ return name == NULL ? -ENOENT : 0;
+}
+
+int reg_get_name_for_flow_id(char * buf,
+ int flow_id)
+{
+ struct reg_flow * f;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ f = __reg_get_flow(flow_id);
+ if (f != NULL)
+ strcpy(buf, f->name);
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return f == NULL ? -ENOENT : 0;
+}
+
+int reg_list_names(name_info_msg_t *** names)
+{
+ struct list_head * p;
+ int i = 0;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ if (reg.n_names == 0)
+ goto finish;
+
+ *names = malloc(reg.n_names * sizeof(**names));
+ if (*names == NULL) {
+ log_err("Failed to malloc names.");
+ goto fail_malloc;
+ }
+
+ list_for_each(p, &reg.names) {
+ struct reg_name * entry;
+ entry = list_entry(p, struct reg_name, next);
+ (*names)[i] = name_info_s_to_msg(&entry->info);
+ if ((*names)[i] == NULL) {
+ log_err("Failed to create name list info.");
+ goto fail;
+ }
+ /* wipe security info to avoid huge messages */
+ free((*names)[i]->scrt);
+ (*names)[i]->scrt = NULL;
+ free((*names)[i]->skey);
+ (*names)[i]->skey = NULL;
+ free((*names)[i]->ccrt);
+ (*names)[i]->ccrt = NULL;
+ free((*names)[i]->ckey);
+ (*names)[i]->ckey = NULL;
+
+ i++;
+ }
+ finish:
+ pthread_mutex_unlock(&reg.mtx);
+
+ return i;
+
+ fail:
+ while (i-- > 0)
+ name_info_msg__free_unpacked((*names)[i], NULL);
+ free(*names);
+ fail_malloc:
+ pthread_mutex_unlock(&reg.mtx);
+ *names = NULL;
+ return -ENOMEM;
+}
+
+int reg_prepare_pool(uid_t uid,
+ gid_t gid)
+{
+ struct reg_pool * pool;
+
+ if (is_ouroboros_member_uid(uid))
+ return 0;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ pool = __reg_get_pool(uid);
+ if (pool == NULL) {
+ pool = reg_pool_create(uid, gid);
+ if (pool == NULL) {
+ log_err("Failed to create pool for uid %d.", uid);
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+ }
+ list_add(&pool->next, &reg.pools);
+ reg.n_pools++;
+ }
+
+ reg_pool_ref(pool);
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return 0;
+}
+
+int reg_create_proc(const struct proc_info * info)
+{
+ struct reg_proc * proc;
+
+ assert(info != NULL);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ if (__reg_get_proc(info->pid) != NULL) {
+ log_err("Process %d already exists.", info->pid);
+ goto fail;
+ }
+
+ proc = reg_proc_create(info);
+ if (proc == NULL) {
+ log_err("Failed to create process %d.", info->pid);
+ goto fail;
+ }
+
+ __reg_proc_update_names(proc);
+
+ list_add(&proc->next, __reg_after_proc(info->pid));
+
+ reg.n_procs++;
+
+ pthread_cond_broadcast(&reg.cond);
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return 0;
+
+ fail:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+}
+
+int reg_destroy_proc(pid_t pid)
+{
+ struct reg_proc * proc;
+ struct reg_pool * pool = NULL;
+ struct pid_entry * spawn;
+ struct reg_ipcp * ipcp;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ proc = __reg_get_proc(pid);
+ if (proc != NULL) {
+ if (!is_ouroboros_member_uid(proc->info.uid))
+ pool = __reg_get_pool(proc->info.uid);
+ list_del(&proc->next);
+ reg.n_procs--;
+ reg_proc_destroy(proc);
+ __reg_del_proc_from_names(pid);
+ __reg_cancel_flows_for_proc(pid);
+ if (pool != NULL && reg_pool_unref(pool) == 0) {
+ list_del(&pool->next);
+ reg.n_pools--;
+ reg_pool_destroy(pool);
+ }
+ }
+
+ spawn = __reg_get_spawned(pid);
+ if (spawn != NULL) {
+ list_del(&spawn->next);
+ reg.n_spawned--;
+ free(spawn);
+ }
+
+ ipcp = __reg_get_ipcp(pid);
+ if (ipcp != NULL) {
+ list_del(&ipcp->next);
+ reg.n_ipcps--;
+ reg_ipcp_destroy(ipcp);
+ }
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return 0;
+}
+
+bool reg_has_proc(pid_t pid)
+{
+ bool ret;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ ret = __reg_get_proc(pid) != NULL;
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return ret;
+}
+
+bool reg_is_proc_privileged(pid_t pid)
+{
+ struct reg_proc * proc;
+ bool ret = false;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ proc = __reg_get_proc(pid);
+ if (proc != NULL)
+ ret = reg_proc_is_privileged(proc);
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return ret;
+}
+
+uid_t reg_get_proc_uid(pid_t pid)
+{
+ struct reg_proc * proc;
+ uid_t ret = 0;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ proc = __reg_get_proc(pid);
+ if (proc != NULL && !is_ouroboros_member_uid(proc->info.uid))
+ ret = proc->info.uid;
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return ret;
+}
+
+void reg_kill_all_proc(int signal)
+{
+ pthread_mutex_lock(&reg.mtx);
+
+ __reg_kill_all_proc(signal);
+
+ pthread_mutex_unlock(&reg.mtx);
+}
+
+pid_t reg_get_dead_proc(void)
+{
+ pid_t ret;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ ret = __reg_get_dead_proc();
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return ret;
+}
+
+int reg_create_spawned(pid_t pid)
+{
+ struct pid_entry * entry;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ if (__reg_get_spawned(pid) != NULL) {
+ log_err("Spawned process %d already exists.", pid);
+ goto fail_proc;
+ }
+
+ entry = malloc(sizeof(*entry));
+ if (entry == NULL) {
+ log_err("Failed to create pid_entry %d.", pid);
+ goto fail_proc;
+ }
+
+ entry->pid = pid;
+
+ list_add(&entry->next, __reg_after_spawned(pid));
+
+ reg.n_spawned++;
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return 0;
+ fail_proc:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+}
+
+bool reg_has_spawned(pid_t pid)
+{
+ bool ret;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ ret = __reg_get_spawned(pid) != NULL;
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return ret;
+}
+
+void reg_kill_all_spawned(int signal)
+{
+ pthread_mutex_lock(&reg.mtx);
+
+ __reg_kill_all_spawned(signal);
+
+ pthread_mutex_unlock(&reg.mtx);
+}
+
+pid_t reg_first_spawned(void)
+{
+ pid_t pid;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ pid = __reg_first_spawned();
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return pid;
+}
+
+int reg_bind_proc(const char * name,
+ pid_t pid)
+{
+ struct reg_name * n;
+ struct reg_proc * p;
+
+ assert(name != NULL);
+ assert(pid > 0);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ n = __reg_get_name(name);
+ if (n == NULL) {
+ log_err("Could not find name %s.", name);
+ goto fail;
+ }
+
+ p = __reg_get_proc(pid);
+ if (p == NULL) {
+ log_err("Could not find process %d.", pid);
+ goto fail;
+ }
+
+ if (reg_name_has_proc(n, pid)) {
+ log_err("Process %d already bound to name %s.", pid, name);
+ goto fail;
+ }
+
+ if (reg_proc_has_name(p, name)) {
+ log_err("Name %s already bound to process %d.", name, pid);
+ }
+
+ if (reg_name_add_proc(n, pid) < 0) {
+ log_err("Failed to add process %d to name %s.", pid, name);
+ goto fail;
+ }
+
+ if (reg_proc_add_name(p, name) < 0) {
+ log_err("Failed to add name %s to process %d.", name, pid);
+ goto fail_proc;
+ }
+
+ if (__reg_get_accept_flow(pid) != NULL) {
+ if (reg_name_add_active(n, pid) < 0) {
+ log_warn("Failed to update name %s with active %d",
+ name, pid);
+ }
+ }
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return 0;
+
+ fail_proc:
+ reg_name_del_proc(n, pid);
+ fail:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+}
+
+int reg_unbind_proc(const char * name,
+ pid_t pid)
+{
+ struct reg_name * n;
+ struct reg_proc * p;
+
+ assert(name != NULL);
+ assert(pid > 0);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ n = __reg_get_name(name);
+ if (n == NULL) {
+ log_err("Could not find name %s.", name);
+ goto fail;
+ }
+
+ p = __reg_get_proc(pid);
+ if (p == NULL) {
+ log_err("Could not find process %d.", pid);
+ goto fail;
+ }
+
+ if (!reg_name_has_proc(n, pid)) {
+ log_err("Process %d not bound to name %s.", pid, name);
+ goto fail;
+ }
+
+ if (!reg_proc_has_name(p, name)) {
+ log_err("Name %s not bound to process %d.", name, pid);
+ goto fail;
+ }
+
+ reg_name_del_proc(n, pid);
+
+ reg_proc_del_name(p, name);
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return 0;
+
+ fail:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+}
+
+int reg_create_prog(const struct prog_info * info)
+{
+ struct reg_prog * prog;
+
+ assert(info != NULL);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ if (__reg_get_prog(info->name) != NULL) {
+ log_dbg("Program %s already exists.", info->name);
+ goto exists;
+ }
+
+ prog = reg_prog_create(info);
+ if (prog == NULL) {
+ log_err("Failed to create program %s.", info->name);
+ goto fail_prog;
+ }
+
+ list_add(&prog->next, __reg_after_prog(info->name));
+
+ reg.n_progs++;
+ exists:
+ pthread_mutex_unlock(&reg.mtx);
+
+ return 0;
+
+ fail_prog:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+
+}
+
+int reg_destroy_prog(const char * name)
+{
+ struct reg_prog * prog;
+
+ pthread_mutex_lock(&reg.mtx);
+
+ prog = __reg_get_prog(name);
+ if (prog == NULL) {
+ log_err("Program %s does not exist.", name);
+ goto no_prog;
+ }
+
+ log_err("Removing %s from names.", prog->info.path);
+
+ __reg_del_prog_from_names(prog->info.path);
+
+ list_del(&prog->next);
+
+ reg.n_progs--;
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ reg_prog_destroy(prog);
+
+ return 0;
+
+ no_prog:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+}
+
+bool reg_has_prog(const char * name)
+{
+ bool ret;
+
+ assert(name != NULL);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ ret = __reg_get_prog(name) != NULL;
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return ret;
+}
+
+int reg_get_exec(const char * name,
+ char *** prog)
+{
+ char ** exec;
+ int ret = 0;
+
+ assert(name != NULL);
+ assert(prog != NULL);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ exec = __reg_get_exec(name);
+ if (exec == NULL) {
+ ret = -EPERM;
+ goto finish;
+ }
+
+ *prog = argvdup(exec);
+ if (*prog == NULL) {
+ log_err("Failed to argvdup exec.");
+ ret = -ENOMEM;
+ goto finish;
+ }
+
+ finish:
+ pthread_mutex_unlock(&reg.mtx);
+
+ return ret;
+}
+
+int reg_bind_prog(const char * name,
+ char ** exec,
+ uint8_t flags)
+{
+ struct reg_name * n;
+ struct reg_prog * p;
+
+ assert(name != NULL);
+ assert(exec != NULL);
+ assert(exec[0] != NULL);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ n = __reg_get_name(name);
+ if (n == NULL) {
+ log_err("Could not find name %s.", name);
+ goto fail;
+ }
+
+ p = __reg_get_prog(path_strip(exec[0]));
+ if (p == NULL) {
+ log_err("Could not find program %s.", exec[0]);
+ goto fail;
+ }
+
+ if (reg_name_has_prog(n, exec[0])) {
+ log_err("Program %s already bound to %s.", exec[0], name);
+ goto fail;
+ }
+
+ if (reg_prog_has_name(p, name)) {
+ log_err("Name %s already bound to program %s.", name, exec[0]);
+ goto fail;
+ }
+
+
+ if (flags & BIND_AUTO && reg_name_add_prog(n, exec) < 0) {
+ log_err("Failed to set autostart %s for %s.", exec[0], name);
+ goto fail;
+ }
+
+ if (reg_prog_add_name(p, name) < 0) {
+ log_err("Failed to add %s to program %s.", name, exec[0]);
+ goto fail_prog;
+ }
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return 0;
+
+ fail_prog:
+ reg_name_del_prog(n, exec[0]);
+ fail:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+}
+
+int reg_unbind_prog(const char * name,
+ const char * prog)
+{
+ struct reg_name * n;
+ struct reg_prog * p;
+
+ assert(name != NULL);
+ assert(prog != NULL);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ n = __reg_get_name(name);
+ if (n == NULL) {
+ log_err("Could not find name %s.", name);
+ goto fail;
+ }
+
+ p = __reg_get_prog(prog);
+ if (p == NULL) {
+ log_err("Could not find program %s.", prog);
+ goto fail;
+ }
+
+ if (!reg_prog_has_name(p, name)) {
+ log_err("Name %s not bound to program %s.", name, prog);
+ goto fail;
+ }
+
+ reg_name_del_prog(n, prog);
+
+ reg_prog_del_name(p, name);
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return 0;
+
+ fail:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+}
+
+int reg_set_layer_for_ipcp(struct ipcp_info * info,
+ const struct layer_info * layer)
+{
+ struct reg_ipcp * ipcp;
+
+ assert(info != NULL);
+ assert(info->state == IPCP_BOOT);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ ipcp = __reg_get_ipcp(info->pid);
+ if (ipcp == NULL) {
+ log_err("IPCP %d not found.", info->pid);
+ goto fail_ipcp;
+ }
+
+ reg_ipcp_set_layer(ipcp, layer);
+
+ ipcp->info.state = info->state;
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return 0;
+ fail_ipcp:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+}
+
+int reg_get_ipcp(struct ipcp_info * info,
+ struct layer_info * layer)
+{
+ struct reg_ipcp * ipcp;
+
+ assert(info != NULL);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ ipcp = __reg_get_ipcp(info->pid);
+ if (ipcp == NULL) {
+ log_err("IPCP %d not found.", info->pid);
+ goto fail_ipcp;
+ }
+
+ *info = ipcp->info;
+ if (layer != NULL)
+ *layer = ipcp->layer;
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return 0;
+ fail_ipcp:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+}
+
+int reg_get_ipcp_by_layer(struct ipcp_info * info,
+ struct layer_info * layer)
+{
+ struct reg_ipcp * ipcp;
+
+ assert(info != NULL);
+ assert(layer != NULL);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ ipcp = __reg_get_ipcp_by_layer(layer->name);
+ if (ipcp == NULL) {
+ log_err("No IPCP for %s not found.", layer->name);
+ goto fail_ipcp;
+ }
+
+ *info = ipcp->info;
+ *layer = ipcp->layer;
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return 0;
+ fail_ipcp:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+}
+
+int reg_prepare_flow_alloc(struct flow_info * info)
+{
+ struct reg_flow * flow;
+ int ret;
+
+ assert(info != NULL);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ flow = __reg_get_flow(info->id);
+
+ assert(flow != NULL);
+ assert(flow->info.state == FLOW_INIT);
+
+ info->state = FLOW_ALLOC_PENDING;
+
+ ret = reg_flow_update(flow, info);
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return ret;
+}
+
+int reg_wait_flow_allocated(struct flow_info * info,
+ buffer_t * pbuf,
+ const struct timespec * abstime)
+{
+ struct reg_flow * flow;
+ int ret = -1;
+ bool stop = false;
+
+ assert(info != NULL);
+ assert(info->id >= ID_OFFT);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ flow = __reg_get_flow(info->id);
+
+ assert(flow != NULL);
+ assert(info->id == flow->info.id);
+ assert(info->n_pid == flow->info.n_pid);
+
+ assert(info->state == FLOW_ALLOC_PENDING);
+
+ pthread_cleanup_push(__cleanup_mutex_unlock, &reg.mtx);
+
+ while (!stop) {
+ switch(flow->info.state) {
+ case FLOW_ALLOC_PENDING:
+ ret = -__timedwait(&reg.cond, &reg.mtx, abstime);
+ break;
+ case FLOW_ALLOCATED:
+ ret = 0;
+ stop = true;
+ break;
+ case FLOW_DEALLOCATED:
+ ret = flow->response;
+ stop = true;
+ break;
+ default:
+ assert(false);
+ }
+
+ flow = __reg_get_flow(flow->info.id);
+ if (flow == NULL) {
+ info->state = FLOW_DEALLOCATED;
+ ret = -1;
+ break;
+ }
+
+ if (ret == -ETIMEDOUT) {
+ info->state = FLOW_DEALLOCATED;
+ reg_flow_update(flow, info);
+ break;
+ }
+ }
+
+ if (flow != NULL) {
+ reg_flow_get_data(flow, pbuf);
+ *info = flow->info;
+ }
+
+ pthread_cleanup_pop(true); /* __cleanup_mutex_unlock */
+
+ return ret;
+}
+
+int reg_respond_alloc(struct flow_info * info,
+ buffer_t * pbuf,
+ int response)
+{
+ struct reg_flow * flow;
+
+ assert(info != NULL);
+ assert(info->state == FLOW_ALLOCATED ||
+ info->state == FLOW_DEALLOCATED);
+ assert(pbuf != NULL);
+ assert(!(info->state == FLOW_DEALLOCATED && pbuf->data != NULL));
+
+ pthread_mutex_lock(&reg.mtx);
+
+ flow = __reg_get_flow(info->id);
+ if (flow == NULL) {
+ log_warn("Flow %d already destroyed.", info->id);
+ goto fail_flow;
+ }
+
+ if (flow->info.state == FLOW_DEALLOCATED) {
+ log_warn("Flow %d already deallocated.", info->id);
+ goto fail_flow;
+ }
+
+ assert(flow->info.state == FLOW_ALLOC_PENDING);
+ assert(flow->data.len == 0);
+ assert(flow->data.data == NULL);
+
+ info->n_pid = flow->info.n_pid;
+ info->n_1_pid = flow->info.n_pid;
+
+ if (reg_flow_update(flow, info) < 0) {
+ log_err("Failed to create flow structs.");
+ goto fail_flow;
+ }
+
+ flow->response = response;
+
+ if (info->state == FLOW_ALLOCATED)
+ reg_flow_set_data(flow, pbuf);
+
+ pthread_cond_broadcast(&reg.cond);
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return 0;
+
+ fail_flow:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+}
+
+int reg_prepare_flow_accept(struct flow_info * info)
+{
+ struct reg_flow * flow;
+ int ret;
+
+ assert(info != NULL);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ flow = __reg_get_flow(info->id);
+
+ assert(flow != NULL);
+ assert(info->n_pid != 0);
+
+ info->state = FLOW_ACCEPT_PENDING;
+
+ ret = reg_flow_update(flow, info);
+
+ pthread_cond_broadcast(&reg.cond);
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return ret;
+}
+
+void __cleanup_wait_accept(void * o)
+{
+ struct reg_flow * flow;
+
+ flow = (struct reg_flow *) o;
+
+ __reg_del_active_proc(flow->info.n_pid);
+}
+
+int reg_wait_flow_accepted(struct flow_info * info,
+ buffer_t * pbuf,
+ const struct timespec * abstime)
+{
+ struct reg_flow * flow;
+ int ret = -1;
+ bool stop = false;
+
+ assert(info != NULL);
+ assert(info->id >= ID_OFFT);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ flow = __reg_get_flow(info->id);
+
+ assert(flow != NULL);
+ assert(info->id == flow->info.id);
+ assert(info->n_pid == flow->info.n_pid);
+
+ if (__reg_add_active_proc(info->n_pid) < 0) {
+ log_err("Failed to mark pid %d active.", info->n_pid);
+ goto fail;
+ }
+
+ pthread_cond_broadcast(&reg.cond);
+
+ pthread_cleanup_push(__cleanup_mutex_unlock, &reg.mtx);
+ pthread_cleanup_push(__cleanup_wait_accept, flow);
+
+ while (!stop) {
+ switch(flow->info.state) {
+ case FLOW_ACCEPT_PENDING:
+ ret = -__timedwait(&reg.cond, &reg.mtx, abstime);
+ break;
+ case FLOW_ALLOCATED:
+ ret = 0;
+ stop = true;
+ break;
+ case FLOW_DEALLOCATED:
+ ret = -1;
+ stop = true;
+ break;
+ default:
+ assert(false);
+ }
+
+ flow = __reg_get_flow(flow->info.id);
+ if (flow == NULL) {
+ info->state = FLOW_DEALLOCATED;
+ ret = -1;
+ break;
+ }
+
+ if (ret == -ETIMEDOUT) {
+ info->state = FLOW_DEALLOCATED;
+ reg_flow_update(flow, info);
+ break;
+ }
+ }
+
+ pthread_cleanup_pop(true); /* __cleanup_wait_accept */
+
+ if (flow != NULL) {
+ reg_flow_get_data(flow, pbuf);
+ *info = flow->info;
+ }
+
+ pthread_cleanup_pop(true); /* __cleanup_mutex_unlock */
+
+ return ret;
+ fail:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+}
+
+int reg_wait_flow_accepting(const char * name,
+ const struct timespec * abstime)
+{
+ int ret;
+
+ assert(name != NULL);
+ assert(abstime != NULL);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ pthread_cleanup_push(__cleanup_mutex_unlock, &reg.mtx);
+
+ while (true) {
+ ret = __reg_get_pending_flow_id(name);
+ if (ret != -EAGAIN)
+ break;
+
+ ret = -__timedwait(&reg.cond, &reg.mtx, abstime);
+ if (ret == -ETIMEDOUT)
+ break;
+ }
+
+ pthread_cleanup_pop(true);
+
+ return ret;
+}
+
+int reg_respond_accept(struct flow_info * info,
+ buffer_t * pbuf)
+{
+ struct reg_flow * flow;
+
+ assert(info != NULL);
+ assert(info->state == FLOW_ALLOCATED);
+ assert(pbuf != NULL);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ flow = __reg_get_flow(info->id);
+ if (flow == NULL) {
+ log_err("Flow not found for request: %d", info->id);
+ goto fail_flow;
+ }
+
+ assert(flow->info.state == FLOW_ACCEPT_PENDING);
+
+ info->n_pid = flow->info.n_pid;
+
+ reg_flow_set_data(flow, pbuf);
+ clrbuf(pbuf);
+
+ if (reg_flow_update(flow, info) < 0) {
+ log_err("Failed to create flow structs.");
+ goto fail_flow;
+ }
+
+ pthread_cond_broadcast(&reg.cond);
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return 0;
+
+ fail_flow:
+ pthread_mutex_unlock(&reg.mtx);
+ return -1;
+}
+
+void reg_dealloc_flow(struct flow_info * info)
+{
+ struct reg_flow * flow;
+
+ assert(info != NULL);
+ assert(info->id != 0);
+ assert(info->n_pid != 0);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ flow = __reg_get_flow(info->id);
+
+ assert(flow != NULL);
+ assert(flow->data.data == NULL);
+ assert(flow->data.len == 0);
+ assert(flow->info.state == FLOW_ALLOCATED);
+
+ flow->info.state = FLOW_DEALLOC_PENDING;
+ info->state = FLOW_DEALLOC_PENDING;
+ info->n_1_pid = flow->info.n_1_pid;
+
+ memset(flow->name, 0, sizeof(flow->name));
+
+ reg_flow_update(flow, info);
+
+ pthread_mutex_unlock(&reg.mtx);
+}
+
+void reg_dealloc_flow_resp(struct flow_info * info)
+{
+ struct reg_flow * flow;
+
+ assert(info != NULL);
+ assert(info->id != 0);
+ assert(info->n_1_pid != 0);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ flow = __reg_get_flow(info->id);
+
+ assert(flow != NULL);
+ assert(flow->data.data == NULL);
+ assert(flow->data.len == 0);
+
+ assert(flow->info.state == FLOW_DEALLOC_PENDING);
+ flow->info.state = FLOW_DEALLOCATED;
+ info->state = FLOW_DEALLOCATED;
+
+ reg_flow_update(flow, info);
+
+ pthread_mutex_unlock(&reg.mtx);
+}
+
+int reg_wait_proc(pid_t pid,
+ const struct timespec * abstime)
+{
+ struct reg_proc * proc = NULL;
+ int ret;
+
+ assert(pid > 0);
+ assert(abstime != NULL);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ pthread_cleanup_push(__cleanup_mutex_unlock, &reg.mtx);
+
+ while (true) {
+ proc = __reg_get_proc(pid);
+ if (proc != NULL) {
+ ret = 0;
+ break;
+ }
+
+ ret = -__timedwait(&reg.cond, &reg.mtx, abstime);
+ if (ret == -ETIMEDOUT)
+ break;
+ }
+
+ pthread_cleanup_pop(true);
+
+ return ret;
+}
+
+int reg_wait_ipcp_boot(struct ipcp_info * info,
+ const struct timespec * abstime)
+{
+ struct reg_ipcp * ipcp;
+ int ret;
+ bool stop = false;
+
+ assert(info->state == IPCP_INIT);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ ipcp = __reg_get_ipcp(info->pid);
+
+ if (ipcp->info.state == IPCP_INIT)
+ reg_ipcp_update(ipcp, info);
+
+ pthread_cleanup_push(__cleanup_mutex_unlock, &reg.mtx);
+
+ while (!stop) {
+ if (ipcp == NULL)
+ break;
+
+ switch(ipcp->info.state) {
+ case IPCP_NULL:
+ ret = -1;
+ stop = true;
+ break;
+ case IPCP_BOOT:
+ /* FALLTHRU*/
+ case IPCP_OPERATIONAL:
+ ret = 0;
+ stop = true;
+ break;
+ case IPCP_INIT:
+ ret = -__timedwait(&reg.cond, &reg.mtx, abstime);
+ break;
+ default:
+ assert(false);
+ break; /* Shut up static analyzer. */
+ }
+
+ ipcp = __reg_get_ipcp(info->pid);
+
+ if (ret == -ETIMEDOUT)
+ break;
+ }
+
+ if (ipcp != NULL)
+ *info = ipcp->info;
+
+ pthread_cleanup_pop(true);
+
+ return ipcp == NULL? -EIPCP : ret;
+}
+
+int reg_respond_ipcp(const struct ipcp_info * info)
+{
+ struct reg_ipcp * ipcp;
+
+ assert(info != NULL);
+
+ pthread_mutex_lock(&reg.mtx);
+
+ ipcp = __reg_get_ipcp(info->pid);
+ if (ipcp == NULL) {
+ log_err("IPCP %d not found for response.", info->pid);
+ goto fail_ipcp;
+ }
+
+ assert(strcmp(info->name, ipcp->info.name) == 0);
+ assert(info->type == ipcp->info.type);
+
+ reg_ipcp_update(ipcp, info);
+
+ pthread_cond_broadcast(&reg.cond);
+
+ pthread_mutex_unlock(&reg.mtx);
+
+ return 0;
+
+ fail_ipcp:
+ pthread_mutex_unlock(&reg.mtx);
+ return -EIPCP;
+}
diff --git a/src/irmd/reg/reg.h b/src/irmd/reg/reg.h
new file mode 100644
index 00000000..77264fde
--- /dev/null
+++ b/src/irmd/reg/reg.h
@@ -0,0 +1,165 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager - Registry
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#ifndef OUROBOROS_IRMD_REG_H
+#define OUROBOROS_IRMD_REG_H
+
+#include <ouroboros/flow.h>
+#include <ouroboros/ipcp.h>
+#include <ouroboros/name.h>
+#include <ouroboros/proc.h>
+#include <ouroboros/protobuf.h>
+#include <ouroboros/time.h>
+#include <ouroboros/utils.h>
+
+#include "pool.h"
+
+int reg_init(void);
+
+void reg_clear(void);
+
+void reg_fini(void);
+
+int reg_create_flow(struct flow_info * info);
+
+int reg_destroy_flow(int flow_id);
+
+bool reg_has_flow(int flow_id);
+
+int reg_create_proc(const struct proc_info * info);
+
+/* Use this for all processes, including ipcps */
+int reg_destroy_proc(pid_t pid);
+
+bool reg_has_proc(pid_t pid);
+
+bool reg_is_proc_privileged(pid_t pid);
+
+int reg_prepare_pool(uid_t uid,
+ gid_t gid);
+
+uid_t reg_get_proc_uid(pid_t pid);
+
+void reg_kill_all_proc(int signal);
+
+pid_t reg_get_dead_proc(void);
+
+int reg_create_spawned(pid_t pid);
+
+bool reg_has_spawned(pid_t pid);
+
+void reg_kill_all_spawned(int signal);
+
+int reg_first_spawned(void);
+
+int reg_bind_proc(const char * name,
+ pid_t proc);
+
+int reg_unbind_proc(const char * name,
+ pid_t proc);
+
+int reg_create_ipcp(const struct ipcp_info * info);
+
+bool reg_has_ipcp(pid_t pid);
+
+int reg_set_layer_for_ipcp(struct ipcp_info * info,
+ const struct layer_info * layer);
+
+int reg_get_ipcp(struct ipcp_info * info,
+ struct layer_info * layer);
+
+int reg_get_ipcp_by_layer(struct ipcp_info * info,
+ struct layer_info * layer);
+
+/* TODO don't rely on protobuf here */
+int reg_list_ipcps(ipcp_list_msg_t *** msg);
+
+int reg_create_name(const struct name_info * info);
+
+int reg_destroy_name(const char * name);
+
+bool reg_has_name(const char * name);
+
+int reg_get_name_info(const char * name,
+ struct name_info * info);
+
+int reg_get_name_for_hash(char * buf,
+ enum hash_algo algo,
+ const uint8_t * hash);
+
+int reg_get_name_for_flow_id(char * buf,
+ int flow_id);
+
+/* TODO don't rely on protobuf here */
+int reg_list_names(name_info_msg_t *** names);
+
+int reg_create_prog(const struct prog_info * info);
+
+int reg_destroy_prog(const char * name);
+
+bool reg_has_prog(const char * name);
+
+int reg_get_exec(const char * name,
+ char *** exec);
+
+int reg_bind_prog(const char * name,
+ char ** exec,
+ uint8_t flags);
+
+int reg_unbind_prog(const char * name,
+ const char * prog);
+
+int reg_prepare_flow_alloc(struct flow_info * info);
+
+int reg_wait_flow_allocated(struct flow_info * info,
+ buffer_t * pbuf,
+ const struct timespec * abstime);
+
+int reg_respond_alloc(struct flow_info * info,
+ buffer_t * pbuf,
+ int response);
+
+int reg_prepare_flow_accept(struct flow_info * info);
+
+int reg_wait_flow_accepted(struct flow_info * info,
+ buffer_t * pbuf,
+ const struct timespec * abstime);
+
+int reg_wait_flow_accepting(const char * name,
+ const struct timespec * abstime);
+
+int reg_respond_accept(struct flow_info * info,
+ buffer_t * pbuf);
+
+void reg_dealloc_flow(struct flow_info * info);
+
+void reg_dealloc_flow_resp(struct flow_info * info);
+
+int reg_wait_proc(pid_t pid,
+ const struct timespec * abstime);
+
+int reg_wait_ipcp_boot(struct ipcp_info * ipcp,
+ const struct timespec * abstime);
+
+int reg_respond_ipcp(const struct ipcp_info * info);
+
+#endif /* OUROBOROS_IRMD_REG_H */
diff --git a/src/irmd/reg/tests/CMakeLists.txt b/src/irmd/reg/tests/CMakeLists.txt
new file mode 100644
index 00000000..e8521545
--- /dev/null
+++ b/src/irmd/reg/tests/CMakeLists.txt
@@ -0,0 +1,33 @@
+get_filename_component(PARENT_PATH ${CMAKE_CURRENT_SOURCE_DIR} DIRECTORY)
+get_filename_component(PARENT_DIR ${PARENT_PATH} NAME)
+
+compute_test_prefix()
+
+create_test_sourcelist(${PARENT_DIR}_tests test_suite.c
+ # Add new tests here
+ flow_test.c
+ ipcp_test.c
+ name_test.c
+ proc_test.c
+ prog_test.c
+ reg_test.c
+)
+
+add_executable(${PARENT_DIR}_test ${${PARENT_DIR}_tests})
+
+target_include_directories(${PARENT_DIR}_test PRIVATE
+ ${CMAKE_CURRENT_SOURCE_DIR}
+ ${CMAKE_CURRENT_BINARY_DIR}
+ ${CMAKE_SOURCE_DIR}/include
+ ${CMAKE_BINARY_DIR}/include
+ ${CMAKE_SOURCE_DIR}/src/irmd
+ ${CMAKE_BINARY_DIR}/src/irmd
+)
+
+disable_test_logging_for_target(${PARENT_DIR}_test)
+target_link_libraries(${PARENT_DIR}_test PRIVATE ouroboros-common)
+ouroboros_target_debug_definitions(${PARENT_DIR}_test)
+
+add_dependencies(build_tests ${PARENT_DIR}_test)
+
+ouroboros_register_tests(TARGET ${PARENT_DIR}_test TESTS ${${PARENT_DIR}_tests})
diff --git a/src/irmd/reg/tests/flow_test.c b/src/irmd/reg/tests/flow_test.c
new file mode 100644
index 00000000..2066c811
--- /dev/null
+++ b/src/irmd/reg/tests/flow_test.c
@@ -0,0 +1,286 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager - Registry - Flows - Unit Tests
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#include "../flow.c"
+
+#include <test/test.h>
+
+#include <string.h>
+
+#define TEST_DATA "testpiggybackdata"
+
+static int test_reg_flow_create_destroy(void)
+{
+ struct reg_flow * f;
+
+ struct flow_info info = {
+ .id = 1,
+ .n_pid = 1,
+ .qs = qos_raw,
+ .state = FLOW_INIT
+ };
+
+ TEST_START();
+
+ f = reg_flow_create(&info);
+ if (f == NULL) {
+ printf("Failed to create flow.\n");
+ goto fail;
+ }
+
+ reg_flow_destroy(f);
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_flow_create_no_id(void) {
+ struct flow_info info = {
+ .id = 0,
+ .n_pid = 1,
+ .qs = qos_raw,
+ .state = FLOW_INIT
+ };
+
+ reg_flow_create(&info); /* assert fail */
+
+ return TEST_RC_SUCCESS;
+}
+
+static int test_reg_flow_create_no_pid(void) {
+ struct flow_info info = {
+ .id = 1,
+ .n_pid = 0,
+ .qs = qos_raw,
+ .state = FLOW_INIT
+ };
+
+ reg_flow_create(&info); /* assert fail */
+
+ return TEST_RC_SUCCESS;
+}
+
+static int test_reg_flow_create_has_n_1_pid(void) {
+ struct flow_info info = {
+ .id = 1,
+ .n_pid = 0,
+ .n_1_pid = 1,
+ .qs = qos_raw,
+ .state = FLOW_INIT
+ };
+
+ reg_flow_create(&info); /* assert fail */
+
+ return TEST_RC_SUCCESS;
+}
+
+static int test_reg_flow_create_wrong_state(void) {
+ struct flow_info info = {
+ .id = 1,
+ .n_pid = 0,
+ .n_1_pid = 1,
+ .qs = qos_raw,
+ .state = FLOW_ALLOC_PENDING
+ };
+
+ reg_flow_create(&info); /* assert fail */
+
+ return TEST_RC_SUCCESS;
+}
+
+static int test_reg_flow_create_has_mpl(void) {
+ struct flow_info info = {
+ .id = 1,
+ .n_pid = 1,
+ .n_1_pid = 0,
+ .mpl = 10,
+ .qs = qos_raw,
+ .state = FLOW_ALLOC_PENDING
+ };
+
+ reg_flow_create(&info); /* assert fail */
+
+ return TEST_RC_SUCCESS;
+}
+
+static int test_reg_flow_update(void)
+{
+ struct reg_flow * f;
+
+ struct flow_info info = {
+ .id = 1,
+ .n_pid = 1,
+ .qs = qos_raw,
+ .state = FLOW_INIT
+ };
+
+ struct flow_info upd = {
+ .id = 1,
+ .n_pid = 1,
+ .qs = qos_data,
+ .state = FLOW_DEALLOCATED
+ };
+
+ TEST_START();
+
+ f = reg_flow_create(&info);
+ if (f == NULL) {
+ printf("Failed to create flow.\n");
+ goto fail;
+ }
+
+ reg_flow_update(f, &upd);
+
+ if (memcmp(&f->info, &upd, sizeof(upd)) != 0) {
+ printf("Flow info not updated.\n");
+ goto fail;
+ }
+
+ reg_flow_destroy(f);
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_flow_update_wrong_id(void)
+{
+ struct reg_flow * f;
+
+ struct flow_info info = {
+ .id = 1,
+ .n_pid = 1,
+ .qs = qos_raw,
+ .state = FLOW_INIT
+ };
+
+ struct flow_info upd = {
+ .id = 2,
+ .n_pid = 1,
+ .qs = qos_data,
+ .state = FLOW_DEALLOCATED
+ };
+
+ TEST_START();
+
+ f = reg_flow_create(&info);
+ if (f == NULL) {
+ printf("Failed to create flow.\n");
+ goto fail;
+ }
+
+ reg_flow_update(f, &upd); /* assert fail */
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_flow_assert_fails(void)
+{
+ int ret = 0;
+
+ ret |= test_assert_fail(test_reg_flow_create_no_id);
+ ret |= test_assert_fail(test_reg_flow_create_no_pid);
+ ret |= test_assert_fail(test_reg_flow_create_has_n_1_pid);
+ ret |= test_assert_fail(test_reg_flow_create_wrong_state);
+ ret |= test_assert_fail(test_reg_flow_create_has_mpl);
+ ret |= test_assert_fail(test_reg_flow_update_wrong_id);
+
+ return ret;
+}
+
+static int test_flow_data(void)
+{
+ struct reg_flow * f;
+
+ struct flow_info info = {
+ .id = 1,
+ .n_pid = 1,
+ .qs = qos_raw,
+ .state = FLOW_INIT
+ };
+
+ char * data;
+ buffer_t buf;
+ buffer_t rcv = {0, NULL};
+
+ TEST_START();
+
+ data = strdup(TEST_DATA);
+ if (data == NULL) {
+ printf("Failed to strdup data.\n");
+ goto fail;
+ }
+
+ buf.data = (uint8_t *) data;
+ buf.len = strlen(data);
+
+ f = reg_flow_create(&info);
+ if (f == NULL) {
+ printf("Failed to create flow.\n");
+ goto fail;
+ }
+
+ reg_flow_set_data(f, &buf);
+
+ reg_flow_get_data(f, &rcv);
+
+ freebuf(buf);
+ clrbuf(rcv);
+
+ reg_flow_destroy(f);
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ free(data);
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+int flow_test(int argc,
+ char ** argv)
+{
+ int ret = 0;
+
+ (void) argc;
+ (void) argv;
+
+ ret |= test_reg_flow_create_destroy();
+ ret |= test_reg_flow_update();
+ ret |= test_reg_flow_assert_fails();
+ ret |= test_flow_data();
+
+ return ret;
+}
diff --git a/src/irmd/reg/tests/ipcp_test.c b/src/irmd/reg/tests/ipcp_test.c
new file mode 100644
index 00000000..6ab6443d
--- /dev/null
+++ b/src/irmd/reg/tests/ipcp_test.c
@@ -0,0 +1,84 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager - Registry - IPCPs - Unit Tests
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#include <test/test.h>
+
+#include "../ipcp.c"
+
+#define TEST_PID 65535
+
+static int test_reg_ipcp_create(void)
+{
+ struct reg_ipcp * ipcp;
+ struct ipcp_info info = {
+ .pid = TEST_PID,
+ .state = IPCP_INIT
+ };
+ struct layer_info layer = {
+ .name = "testlayer",
+ .dir_hash_algo = DIR_HASH_SHA3_224
+ };
+
+ TEST_START();
+
+ ipcp = reg_ipcp_create(&info);
+ if (ipcp == NULL) {
+ printf("Failed to create ipcp.\n");
+ goto fail;
+ }
+
+ if (strcmp(ipcp->layer.name, "Not enrolled.") != 0) {
+ printf("Layer name was not set.\n");
+ goto fail;
+ }
+
+ ipcp->info.state = IPCP_BOOT;
+
+ reg_ipcp_set_layer(ipcp, &layer);
+
+ if (strcmp(ipcp->layer.name, layer.name) != 0) {
+ printf("Layer name was not set.\n");
+ goto fail;
+ }
+
+ reg_ipcp_destroy(ipcp);
+
+ TEST_SUCCESS();
+
+ return 0;
+ fail:
+ TEST_FAIL();
+ return -1;
+}
+
+int ipcp_test(int argc,
+ char ** argv)
+{
+ int res = 0;
+
+ (void) argc;
+ (void) argv;
+
+ res |= test_reg_ipcp_create();
+
+ return res;
+}
diff --git a/src/irmd/reg/tests/name_test.c b/src/irmd/reg/tests/name_test.c
new file mode 100644
index 00000000..5b42875e
--- /dev/null
+++ b/src/irmd/reg/tests/name_test.c
@@ -0,0 +1,301 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager - Registry - Names - Unit Tests
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+
+#include "../name.c"
+
+#include <test/test.h>
+
+#define TEST_PID 65534
+#define TEST_PROG "/usr/bin/testprog"
+#define TEST_NAME "testservicename"
+
+static int test_reg_name_create(void)
+{
+ struct reg_name * n;
+ struct name_info info = {
+ .name = TEST_NAME,
+ .pol_lb = LB_RR,
+ };
+
+ TEST_START();
+
+ n = reg_name_create(&info);
+ if (n == NULL) {
+ printf("Failed to create name %s.\n", info.name);
+ goto fail;
+ }
+
+ reg_name_destroy(n);
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_name_add_proc(void)
+{
+ struct reg_name * n;
+ struct name_info info = {
+ .name = TEST_NAME,
+ .pol_lb = LB_RR,
+ };
+
+ TEST_START();
+
+ n = reg_name_create(&info);
+ if (n == NULL) {
+ printf("Failed to create name %s.\n", info.name);
+ goto fail;
+ }
+
+ if (reg_name_add_proc(n, TEST_PID) < 0) {
+ printf("Failed to add proc.\n");
+ goto fail;
+ }
+
+ if (n->procs.len != 1) {
+ printf("Proc not added to list.\n");
+ goto fail;
+ }
+
+ if (!reg_name_has_proc(n, TEST_PID)) {
+ printf("Proc not found.\n");
+ goto fail;
+ }
+
+ reg_name_del_proc(n, TEST_PID);
+
+ if (n->procs.len != 0) {
+ printf("Proc not removed from list.\n");
+ goto fail;
+ }
+
+ reg_name_destroy(n);
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_name_add_prog(void)
+{
+ struct reg_name * n;
+ struct name_info info = {
+ .name = TEST_NAME,
+ .pol_lb = LB_RR,
+ };
+
+ char * exec[] = { TEST_PROG, "--argswitch", "argvalue", NULL};
+
+ TEST_START();
+
+ n = reg_name_create(&info);
+ if (n == NULL) {
+ printf("Failed to create name %s.\n", info.name);
+ goto fail;
+ }
+
+ if (reg_name_add_prog(n, exec) < 0) {
+ printf("Failed to add prog.\n");
+ goto fail;
+ }
+
+ if (n->progs.len != 1) {
+ printf("Prog not added to list.\n");
+ goto fail;
+ }
+
+ if (!reg_name_has_prog(n, TEST_PROG)) {
+ printf("Prog not found.\n");
+ goto fail;
+ }
+
+ reg_name_del_prog(n, TEST_PROG);
+
+ if (n->progs.len != 0) {
+ printf("Prog not removed from list.\n");
+ goto fail;
+ }
+
+ reg_name_destroy(n);
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_name_add_active(enum pol_balance lb)
+{
+ struct reg_name * n;
+ pid_t pid;
+ struct name_info info = {
+ .name = TEST_NAME,
+ .pol_lb = lb,
+ };
+
+ TEST_START();
+
+ n = reg_name_create(&info);
+ if (n == NULL) {
+ printf("Failed to create name %s.\n", info.name);
+ goto fail;
+ }
+
+ if (reg_name_get_active(n) != -1) {
+ printf("Got active from empty actives.\n");
+ goto fail;
+ }
+
+ if (reg_name_add_proc(n, TEST_PID) < 0) {
+ printf("Failed to add proc 0.\n");
+ goto fail;
+ }
+
+ if (reg_name_add_proc(n, TEST_PID + 1) < 0) {
+ printf("Failed to add proc 1.\n");
+ goto fail;
+ }
+
+ if (reg_name_add_proc(n, TEST_PID + 2) < 0) {
+ printf("Failed to add proc 2.\n");
+ goto fail;
+ }
+
+ if (reg_name_add_active(n, TEST_PID) < 0) {
+ printf("Failed to add active.\n");
+ goto fail;
+ }
+
+ if (n->active.len != 1) {
+ printf("Active list not updated.\n");
+ goto fail;
+ }
+
+ if (reg_name_get_active(n) != TEST_PID) {
+ printf("Failed to get active.\n");
+ goto fail;
+ }
+
+ if (reg_name_get_active(n) != TEST_PID) {
+ printf("Failed to get active.\n");
+ goto fail;
+ }
+
+ if (reg_name_add_active(n, TEST_PID + 1) < 0) {
+ printf("Failed to add active 3.\n");
+ goto fail;
+ }
+
+ if (reg_name_add_active(n, TEST_PID + 1) < 0) {
+ printf("Failed to add active 3.\n");
+ goto fail;
+ }
+
+
+ if (reg_name_add_active(n, TEST_PID + 2) < 0) {
+ printf("Failed to add active 4.\n");
+ goto fail;
+ }
+
+ if (n->procs.len != 3) {
+ printf("Procs list not updated.\n");
+ goto fail;
+ }
+
+ if (n->active.len != 4) {
+ printf("Active list not updated.\n");
+ goto fail;
+ }
+
+ pid = info.pol_lb == LB_RR ? TEST_PID : TEST_PID + 2;
+
+ if (reg_name_get_active(n) != pid) {
+ printf("Got wrong active pid 1.\n");
+ goto fail;
+ }
+
+ reg_name_del_active(n, pid);
+
+ if (reg_name_add_active(n, pid) < 0) {
+ printf("Failed to add active 4.\n");
+ goto fail;
+ }
+
+ pid = info.pol_lb == LB_RR ? TEST_PID + 1 : TEST_PID + 2;
+
+ if (reg_name_get_active(n) != pid) {
+ printf("Got wrong active pid 2 %d.\n", pid);
+ goto fail;
+ }
+
+ reg_name_del_proc(n, TEST_PID + 2);
+
+ reg_name_del_proc(n, TEST_PID + 1);
+
+ reg_name_del_proc(n, TEST_PID);
+
+ if (n->procs.len != 0) {
+ printf("Procs list not cleared.\n");
+ goto fail;
+ }
+
+ if (n->active.len != 0) {
+ printf("Active list not cleared.\n");
+ goto fail;
+ }
+
+ reg_name_destroy(n);
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+int name_test(int argc,
+ char ** argv)
+{
+ int rc = 0;
+
+ (void) argc;
+ (void) argv;
+
+ rc |= test_reg_name_create();
+ rc |= test_reg_name_add_proc();
+ rc |= test_reg_name_add_prog();
+ rc |= test_reg_name_add_active(LB_RR);
+ rc |= test_reg_name_add_active(LB_SPILL);
+
+ return rc;
+}
diff --git a/src/irmd/reg/tests/proc_test.c b/src/irmd/reg/tests/proc_test.c
new file mode 100644
index 00000000..c4e689f0
--- /dev/null
+++ b/src/irmd/reg/tests/proc_test.c
@@ -0,0 +1,119 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager - Registry - Processes - Unit Tests
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#include "../proc.c"
+
+#include <test/test.h>
+
+#define TEST_PID 65534
+#define TEST_PROG "usr/bin/testprog"
+
+#define TEST_PROC { \
+ .pid = TEST_PID, \
+ .prog = TEST_PROG, \
+ .uid = getuid(), \
+ .gid = getgid() \
+}
+
+static int test_reg_proc_create_destroy(void)
+{
+ struct reg_proc * proc;
+ struct proc_info info = TEST_PROC;
+
+ TEST_START();
+
+ proc = reg_proc_create(&info);
+ if (proc == NULL) {
+ printf("Failed to create proc.\n");
+ goto fail;
+ }
+
+ reg_proc_destroy(proc);
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_proc_add_name(void)
+{
+ struct reg_proc * proc;
+ struct proc_info info = TEST_PROC;
+
+ char * name = "testname";
+
+ TEST_START();
+
+ proc = reg_proc_create(&info);
+ if (proc == NULL) {
+ printf("Failed to create proc.\n");
+ goto fail;
+ }
+
+ if (reg_proc_add_name(proc, name) < 0) {
+ printf("Failed to add name.");
+ goto fail;
+ }
+
+ if (proc->n_names != 1) {
+ printf("n_names not updated.\n");
+ goto fail;
+ }
+
+ if (!reg_proc_has_name(proc, name)) {
+ printf("Name not found.\n");
+ goto fail;
+ }
+
+ reg_proc_del_name(proc, name);
+
+ if (proc->n_names != 0) {
+ printf("n_names not updated.\n");
+ goto fail;
+ }
+
+ reg_proc_destroy(proc);
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+int proc_test(int argc,
+ char ** argv)
+{
+ int res = 0;
+
+ (void) argc;
+ (void) argv;
+
+ res |= test_reg_proc_create_destroy();
+ res |= test_reg_proc_add_name();
+
+ return res;
+}
diff --git a/src/irmd/reg/tests/prog_test.c b/src/irmd/reg/tests/prog_test.c
new file mode 100644
index 00000000..3900e7d7
--- /dev/null
+++ b/src/irmd/reg/tests/prog_test.c
@@ -0,0 +1,115 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager - Registry - Programs - Unit Tests
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+#include "../prog.c"
+
+#include <test/test.h>
+
+#define TEST_PROG "usr/bin/testprog"
+
+static int test_reg_prog_create(void)
+{
+ struct reg_prog * prog;
+ struct prog_info info = {
+ .name = TEST_PROG
+ };
+
+ TEST_START();
+
+ prog = reg_prog_create(&info);
+ if (prog == NULL) {
+ printf("Failed to create prog.\n");
+ goto fail;
+ }
+
+ reg_prog_destroy(prog);
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_prog_add_name(void)
+{
+ struct reg_prog * prog;
+ struct prog_info info = {
+ .name = TEST_PROG
+ };
+
+ char * name = "testname";
+
+ TEST_START();
+
+ prog = reg_prog_create(&info);
+ if (prog == NULL) {
+ printf("Failed to create prog.\n");
+ goto fail;
+ }
+
+ if (reg_prog_add_name(prog, name) < 0) {
+ printf("Failed to add name.");
+ goto fail;
+ }
+
+ if (prog->n_names != 1) {
+ printf("n_names not updated.\n");
+ goto fail;
+ }
+
+ if (!reg_prog_has_name(prog, name)) {
+ printf("Name not found.\n");
+ goto fail;
+ }
+
+ reg_prog_del_name(prog, name);
+
+ if (prog->n_names != 0) {
+ printf("n_names not updated.\n");
+ goto fail;
+ }
+
+ reg_prog_destroy(prog);
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+int prog_test(int argc,
+ char ** argv)
+{
+ int ret = 0;
+
+ (void) argc;
+ (void) argv;
+
+ ret |= test_reg_prog_create();
+ ret |= test_reg_prog_add_name();
+
+ return ret;
+}
diff --git a/src/irmd/reg/tests/reg_test.c b/src/irmd/reg/tests/reg_test.c
new file mode 100644
index 00000000..f7a4de8e
--- /dev/null
+++ b/src/irmd/reg/tests/reg_test.c
@@ -0,0 +1,1731 @@
+/*
+ * Ouroboros - Copyright (C) 2016 - 2024
+ *
+ * The IPC Resource Manager - Registry - Unit Tests
+ *
+ * Dimitri Staessens <dimitri@ouroboros.rocks>
+ * Sander Vrijders <sander@ouroboros.rocks>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., http://www.fsf.org/about/contact/.
+ */
+
+
+#include "../pool.c"
+#undef OUROBOROS_PREFIX
+#include "../reg.c"
+
+#include <test/test.h>
+
+#define TEST_PID 3666
+#define TEST_N_1_PID 3999
+#define TEST_FAKE_ID 9128349
+#define TEST_MPL 5
+#define TEST_PROG "reg_test" /* own binary for binary check */
+#define TEST_IPCP "testipcp"
+#define TEST_NAME "testname"
+#define TEST_DATA "testpbufdata"
+#define TEST_DATA2 "testpbufdata2"
+#define TEST_LAYER "testlayer"
+#define TEST_PROC_INFO { \
+ .pid = TEST_PID, \
+ .prog = TEST_PROG, \
+ .uid = 0, \
+ .gid = 0 \
+}
+#define REG_TEST_FAIL() \
+ do { TEST_FAIL(); reg_clear(); return TEST_RC_FAIL;} while(0)
+
+static int test_reg_init(void)
+{
+ TEST_START();
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_create_flow(void)
+{
+ struct flow_info info = {
+ .n_pid = TEST_PID,
+ .qs = qos_raw,
+ };
+
+ TEST_START();
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_flow(&info) < 0) {
+ printf("Failed to create flow.\n");
+ goto fail;
+ }
+
+ if (info.id == 0) {
+ printf("Failed to update id.'n");
+ goto fail;
+ }
+
+ if (reg.n_flows != 1) {
+ printf("n_flows was not updated.\n");
+ goto fail;
+ }
+
+ if (!reg_has_flow(info.id)) {
+ printf("Failed to find flow.\n");
+ goto fail;
+ }
+
+ if (reg_destroy_flow(info.id) < 0) {
+ printf("Failed to destroy flow.\n");
+ goto fail;
+ }
+
+ if (reg.n_flows != 0) {
+ printf("n_flows was not updated.\n");
+ goto fail;
+ }
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_allocate_flow_timeout(void)
+{
+ struct timespec abstime;
+ struct timespec timeo = TIMESPEC_INIT_MS(1);
+ buffer_t rbuf = BUF_INIT;
+
+ struct flow_info info = {
+ .n_pid = TEST_PID,
+ .qs = qos_raw
+ };
+
+ TEST_START();
+
+ clock_gettime(PTHREAD_COND_CLOCK, &abstime);
+
+ ts_add(&abstime, &timeo, &abstime);
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_flow(&info) < 0) {
+ printf("Failed to add flow.\n");
+ goto fail;
+ }
+
+ if (reg_prepare_flow_accept(&info) < 0) {
+ printf("Failed to prepare flow for accept.\n");
+ goto fail;
+ }
+
+ if (reg_wait_flow_accepted(&info, &rbuf, &abstime) != -ETIMEDOUT) {
+ printf("Wait allocated did not timeout.\n");
+ goto fail;
+ }
+
+ if (info.state != FLOW_DEALLOCATED) {
+ printf("Flow did not timeout in deallocated state.\n");
+ goto fail;
+ }
+
+ reg_destroy_flow(info.id);
+
+ if (reg.n_flows != 0) {
+ printf("Flow did not destroy.\n");
+ goto fail;
+ }
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static void * test_flow_respond_alloc(void * o)
+{
+ struct flow_info * info = (struct flow_info *) o;
+ buffer_t pbuf = BUF_INIT;
+ int response;
+
+ response = (info->state == FLOW_ALLOCATED) ? 0 : -1;
+
+ if (info->state == FLOW_ALLOCATED) {
+ pbuf.data = (uint8_t *) strdup(TEST_DATA2);
+ if (pbuf.data == NULL) {
+ printf("Failed to strdup data2.\n");
+ goto fail;
+ }
+ pbuf.len = strlen((char *) pbuf.data) + 1;
+ }
+
+ reg_respond_alloc(info, &pbuf, response);
+
+ return (void *) 0;
+ fail:
+ return (void *) -1;
+}
+
+static void * test_flow_respond_accept(void * o)
+{
+ struct flow_info * info = (struct flow_info *) o;
+ buffer_t pbuf;
+
+ pbuf.data = (uint8_t *) strdup(TEST_DATA2);
+ if (pbuf.data == NULL) {
+ printf("Failed to strdup data2.\n");
+ goto fail;
+ }
+ pbuf.len = strlen((char *) pbuf.data) + 1;
+
+ reg_respond_accept(info, &pbuf);
+
+ return (void *) 0;
+ fail:
+ return (void *) -1;
+}
+
+static int test_reg_accept_flow_success(void)
+{
+ pthread_t thr;
+ struct timespec abstime;
+ struct timespec timeo = TIMESPEC_INIT_S(1);
+ buffer_t rbuf = BUF_INIT;
+
+ struct flow_info info = {
+ .n_pid = TEST_PID,
+ .qs = qos_raw
+ };
+
+ struct flow_info n_1_info = {
+ .n_1_pid = TEST_N_1_PID,
+ .qs = qos_data,
+ .state = FLOW_ALLOCATED /* RESPONSE SUCCESS */
+ };
+
+ TEST_START();
+
+ clock_gettime(PTHREAD_COND_CLOCK, &abstime);
+
+ ts_add(&abstime, &timeo, &abstime);
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_flow(&info) < 0) {
+ printf("Failed to add flow.\n");
+ goto fail;
+ }
+
+ if (reg_prepare_flow_accept(&info) < 0) {
+ printf("Failed to prepare flow for accept.\n");
+ goto fail;
+ }
+
+ n_1_info.id = info.id;
+ n_1_info.mpl = 1;
+
+ pthread_create(&thr, NULL, test_flow_respond_accept, &n_1_info);
+
+ if (reg_wait_flow_accepted(&info, &rbuf, &abstime) < 0) {
+ printf("Flow allocation failed.\n");
+ pthread_join(thr, NULL);
+ reg_destroy_flow(info.id);
+ reg_fini();
+ goto fail;
+ }
+
+ pthread_join(thr, NULL);
+
+ if (info.state != FLOW_ALLOCATED) {
+ printf("Flow succeeded but not in allocated state.\n");
+ goto fail;
+ }
+
+ if (rbuf.data == NULL) {
+ printf("rbuf data not returned.\n");
+ goto fail;
+ }
+
+ if (strcmp((char *) rbuf.data, TEST_DATA2) != 0) {
+ printf("Data2 was not passed correctly.\n");
+ goto fail;
+ }
+
+ freebuf(rbuf);
+
+ reg_dealloc_flow(&info);
+
+ if (info.state != FLOW_DEALLOC_PENDING) {
+ printf("Flow dealloc requested but not in pending state.\n");
+ goto fail;
+ }
+
+ reg_dealloc_flow_resp(&info);
+
+ if (info.state != FLOW_DEALLOCATED) {
+ printf("Flow deallocated but not in deallocated state.\n");
+ goto fail;
+ }
+
+ reg_destroy_flow(n_1_info.id);
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_accept_flow_success_no_crypt(void)
+{
+ pthread_t thr;
+ struct timespec abstime;
+ struct timespec timeo = TIMESPEC_INIT_S(1);
+ buffer_t rbuf = BUF_INIT;
+
+ struct flow_info info = {
+ .n_pid = TEST_PID,
+ .qs = qos_raw
+ };
+
+ struct flow_info n_1_info = {
+ .n_1_pid = TEST_N_1_PID,
+ .qs = qos_data,
+ .state = FLOW_ALLOCATED /* RESPONSE SUCCESS */
+ };
+
+ TEST_START();
+
+ clock_gettime(PTHREAD_COND_CLOCK, &abstime);
+
+ ts_add(&abstime, &timeo, &abstime);
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_flow(&info) < 0) {
+ printf("Failed to add flow.\n");
+ goto fail;
+ }
+
+ if (reg_prepare_flow_accept(&info) < 0) {
+ printf("Failed to prepare flow for accept.\n");
+ goto fail;
+ }
+
+ n_1_info.id = info.id;
+ n_1_info.mpl = 1;
+
+ pthread_create(&thr, NULL, test_flow_respond_accept, &n_1_info);
+
+ if (reg_wait_flow_accepted(&info, &rbuf, &abstime) < 0 ) {
+ printf("Flow allocation failed.\n");
+ pthread_join(thr, NULL);
+ reg_destroy_flow(info.id);
+ reg_fini();
+ goto fail;
+ }
+
+ pthread_join(thr, NULL);
+
+ if (info.state != FLOW_ALLOCATED) {
+ printf("Flow succeeded but not in allocated state.\n");
+ goto fail;
+ }
+
+ if (rbuf.data == NULL) {
+ printf("rbuf data was not returned.\n");
+ goto fail;
+ }
+
+ freebuf(rbuf);
+
+ n_1_info.state = FLOW_DEALLOCATED;
+
+ reg_dealloc_flow(&info);
+
+ if (info.state != FLOW_DEALLOC_PENDING) {
+ printf("Flow dealloc requested but not in pending state.\n");
+ goto fail;
+ }
+
+ reg_dealloc_flow_resp(&info);
+
+ if (info.state != FLOW_DEALLOCATED) {
+ printf("Flow deallocated but not in deallocated state.\n");
+ goto fail;
+ }
+
+ reg_destroy_flow(n_1_info.id);
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+
+static int test_reg_allocate_flow_fail(void)
+{
+ buffer_t buf = BUF_INIT;
+ pthread_t thr;
+ struct timespec abstime;
+ struct timespec timeo = TIMESPEC_INIT_S(1);
+
+ struct flow_info info = {
+ .n_pid = TEST_PID,
+ .qs = qos_raw
+ };
+
+ struct flow_info n_1_info = {
+ .n_1_pid = TEST_N_1_PID,
+ .qs = qos_data,
+ .state = FLOW_DEALLOCATED /* RESPONSE FAIL */
+ };
+
+ TEST_START();
+
+ clock_gettime(PTHREAD_COND_CLOCK, &abstime);
+
+ ts_add(&abstime, &timeo, &abstime);
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_flow(&info) < 0) {
+ printf("Failed to add flow.\n");
+ goto fail;
+ }
+
+ info.n_1_pid = TEST_N_1_PID;
+
+ if (reg_prepare_flow_alloc(&info) < 0) {
+ printf("Failed to prepare flow for alloc.\n");
+ goto fail;
+ }
+
+ n_1_info.id = info.id;
+
+ pthread_create(&thr, NULL, test_flow_respond_alloc, &n_1_info);
+
+ if (reg_wait_flow_allocated(&info, &buf, &abstime) == 0 ) {
+ printf("Flow allocation succeeded.\n");
+ pthread_join(thr, NULL);
+ reg_destroy_flow(info.id);
+ reg_fini();
+ goto fail;
+ }
+
+ pthread_join(thr, NULL);
+
+ if (info.state != FLOW_DEALLOCATED) {
+ printf("Flow failed but not in deallocated state.\n");
+ goto fail;
+ }
+
+ reg_destroy_flow(n_1_info.id);
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_flow(void) {
+ int rc = 0;
+
+ rc |= test_reg_create_flow();
+ rc |= test_reg_allocate_flow_timeout();
+ rc |= test_reg_accept_flow_success();
+ rc |= test_reg_accept_flow_success_no_crypt();
+ rc |= test_reg_allocate_flow_fail();
+
+ return rc;
+}
+
+static int test_reg_create_ipcp(void)
+{
+ struct ipcp_info info = {
+ .name = TEST_IPCP,
+ .pid = TEST_PID,
+ .state = IPCP_INIT /* set by spawn_ipcp */
+ };
+
+ TEST_START();
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_ipcp(&info) < 0) {
+ printf("Failed to create ipcp.\n");
+ goto fail;
+ }
+
+ if (reg.n_ipcps != 1) {
+ printf("n_ipcps was not updated.\n");
+ goto fail;
+ }
+
+ if (!reg_has_ipcp(info.pid)) {
+ printf("Failed to find ipcp.\n");
+ goto fail;
+ }
+
+ if (reg_destroy_proc(info.pid) < 0) {
+ printf("Failed to destroy ipcp.\n");
+ goto fail;
+ }
+
+ if (reg.n_ipcps != 0) {
+ printf("n_ipcps was not updated.\n");
+ goto fail;
+ }
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_list_ipcps(void)
+{
+ ipcp_list_msg_t ** ipcps;
+ int i;
+ ssize_t len;
+
+ TEST_START();
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ for (i = 0; i < 10; i++) {
+ struct ipcp_info info = {
+ .pid = TEST_PID + i,
+ .state = IPCP_INIT /* set by spawn_ipcp */
+ };
+
+ sprintf(info.name, "%s%d", TEST_IPCP, i);
+
+ if (reg_create_ipcp(&info) < 0) {
+ printf("Failed to create ipcp %d.\n", i);
+ goto fail;
+ }
+ }
+
+ len = reg_list_ipcps(&ipcps);
+ if (len < 0) {
+ printf("Failed to list ipcps.\n");
+ goto fail;
+ }
+
+ if (len != 10) {
+ printf("Failed to list all ipcps.\n");
+ goto fail;
+ }
+
+ while (len-- > 0)
+ ipcp_list_msg__free_unpacked(ipcps[len], NULL);
+ free(ipcps);
+
+ for (i = 0; i < 10; i++)
+ reg_destroy_proc(TEST_PID + i);
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_insert_ipcps(void)
+{
+ ipcp_list_msg_t ** ipcps;
+ struct ipcp_info info;
+ size_t i;
+ size_t len;
+
+ TEST_START();
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ for (i = 0; i < 100; i++) {
+ sprintf(info.name, "%s-%zd", TEST_IPCP, i);
+ info.pid = TEST_PID + rand() % 10000;
+ info.type = rand() % IPCP_INVALID;
+ info.state = IPCP_INIT; /* set by spawn_ipcp */
+
+ if (reg_create_ipcp(&info) < 0) {
+ printf("Failed to create ipcp %s.\n", info.name);
+ goto fail;
+ }
+ }
+
+ len = reg_list_ipcps(&ipcps);
+ if (len != 100) {
+ printf("Failed to list all ipcps.\n");
+ goto fail;
+ }
+
+ for (i = 1; i < len; i++) {
+ if (ipcps[i]->type < ipcps[i - 1]->type) {
+ printf("IPCPS not sorted by type.\n");
+ goto fail;
+ }
+
+ if (ipcps[i]->type != ipcps[i - 1]->type)
+ continue;
+
+ /* allow occasional duplicate PID in test */
+ if (ipcps[i]->pid < ipcps[i - 1]->pid) {
+ printf("IPCPS not sorted by pid.\n");
+ goto fail;
+ }
+ }
+
+ while (len-- > 0)
+ ipcp_list_msg__free_unpacked(ipcps[len], NULL);
+ free(ipcps);
+
+ reg_clear();
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_set_layer(void)
+{
+ struct reg_ipcp * ipcp;
+ struct ipcp_info info = {
+ .name = TEST_IPCP,
+ .pid = TEST_PID,
+ .state = IPCP_INIT /* set by spawn_ipcp */
+ };
+ struct layer_info layer = {
+ .name = TEST_LAYER,
+ };
+
+ struct ipcp_info get_info = {
+ .pid = TEST_PID
+ };
+ struct layer_info get_layer;
+
+ TEST_START();
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_ipcp(&info) < 0) {
+ printf("Failed to create ipcp.\n");
+ goto fail;
+ }
+
+ ipcp = __reg_get_ipcp(info.pid);
+
+ ipcp->info.state = IPCP_BOOT;
+ info.state = IPCP_BOOT;
+
+ reg_set_layer_for_ipcp(&info, &layer);
+
+ reg_get_ipcp(&get_info, &get_layer);
+
+ if (memcmp(&get_info, &info, sizeof(ipcp)) != 0) {
+ printf("Failed to set ipcp info.\n");
+ goto fail;
+ }
+
+ if (memcmp(&get_layer, &layer, sizeof(layer)) != 0) {
+ printf("Failed to set layer info.\n");
+ goto fail;
+ }
+
+ if (reg_destroy_proc(info.pid) < 0) {
+ printf("Failed to destroy ipcp.\n");
+ goto fail;
+ }
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_ipcp(void)
+{
+ int rc = 0;
+
+ rc |= test_reg_create_ipcp();
+ rc |= test_reg_list_ipcps();
+ rc |= test_insert_ipcps();
+ rc |= test_set_layer();
+
+ return rc;
+}
+
+static int test_reg_create_name(void)
+{
+ struct name_info info = {
+ .name = TEST_NAME,
+ .pol_lb = LB_RR
+ };
+
+ TEST_START();
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_name(&info) < 0) {
+ printf("Failed to create name.\n");
+ goto fail;
+ }
+
+ if (reg.n_names != 1) {
+ printf("n_names was not updated.\n");
+ goto fail;
+ }
+
+ if (!reg_has_name(info.name)) {
+ printf("Failed to find name.\n");
+ goto fail;
+ }
+
+ if (reg_destroy_name(info.name) < 0) {
+ printf("Failed to destroy name.\n");
+ goto fail;
+ }
+
+ if (reg.n_names != 0) {
+ printf("n_names was not updated.\n");
+ goto fail;
+ }
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_list_names(void)
+{
+ name_info_msg_t ** names;
+ int i;
+ ssize_t len;
+
+ TEST_START();
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ for (i = 0; i < 10; i++) {
+ struct name_info info = {
+ .pol_lb = LB_RR
+ };
+
+ sprintf(info.name, "%s%d", TEST_NAME, i);
+
+ if (reg_create_name(&info) < 0) {
+ printf("Failed to create name %d.\n", i);
+ goto fail;
+ }
+ }
+
+ len = reg_list_names(&names);
+ if (len < 0) {
+ printf("Failed to list names.\n");
+ goto fail;
+ }
+
+ if (len != 10) {
+ printf("Failed to list all names.\n");
+ goto fail;
+ }
+
+ for (i = 0; i < len; i++)
+ name_info_msg__free_unpacked(names[i], NULL);
+ free(names);
+
+ for (i = 0; i < 10; i++) {
+ char name[NAME_MAX];
+ sprintf(name, "%s%d", TEST_NAME, i);
+ reg_destroy_name(name);
+ }
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_name(void)
+{
+ int rc = 0;
+
+ rc |= test_reg_create_name();
+ rc |= test_reg_list_names();
+
+ return rc;
+}
+
+static int test_reg_create_proc(void)
+{
+ struct proc_info info = TEST_PROC_INFO;
+
+ TEST_START();
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_proc(&info) < 0) {
+ printf("Failed to create process.\n");
+ goto fail;
+ }
+
+ if (reg.n_procs != 1) {
+ printf("n_procs was not updated.\n");
+ goto fail;
+ }
+
+ if (!reg_has_proc(info.pid)) {
+ printf("Failed to find process.\n");
+ goto fail;
+ }
+
+ if (reg_destroy_proc(info.pid) < 0) {
+ printf("Failed to destroy process.\n");
+ goto fail;
+ }
+
+ if (reg.n_procs != 0) {
+ printf("n_procs was not updated.\n");
+ goto fail;
+ }
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_proc(void)
+{
+ int rc = 0;
+
+ rc |= test_reg_create_proc();
+
+ return rc;
+}
+
+static int test_reg_spawned(void)
+{
+ TEST_START();
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_spawned(TEST_PID) < 0) {
+ printf("Failed to create process.\n");
+ goto fail;
+ }
+
+ if (reg.n_spawned != 1) {
+ printf("n_spawned was not updated.\n");
+ goto fail;
+ }
+
+ if (!reg_has_spawned(TEST_PID)) {
+ printf("Failed to find spawned.\n");
+ goto fail;
+ }
+
+ if (reg_destroy_proc(TEST_PID) < 0) {
+ printf("Failed to destroy spawned.\n");
+ goto fail;
+ }
+
+ if (reg.n_spawned != 0) {
+ printf("n_spawned was not updated.\n");
+ goto fail;
+ }
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_create_prog(void)
+{
+ struct prog_info info = {
+ .name = TEST_PROG
+ };
+
+ TEST_START();
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_prog(&info) < 0) {
+ printf("Failed to create program.\n");
+ goto fail;
+ }
+
+ if (reg.n_progs != 1) {
+ printf("n_progs was not updated.\n");
+ goto fail;
+ }
+
+ if (!reg_has_prog(info.name)) {
+ printf("Failed to find program.\n");
+ goto fail;
+ }
+
+ if (reg_destroy_prog(info.name) < 0) {
+ printf("Failed to destroy program.\n");
+ goto fail;
+ }
+
+ if (reg.n_progs != 0) {
+ printf("n_progs was not updated.\n");
+ goto fail;
+ }
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_reg_prog(void)
+{
+ int rc = 0;
+
+ rc |= test_reg_create_prog();
+
+ return rc;
+}
+
+static int test_bind_proc(void)
+{
+ struct proc_info pinfo = TEST_PROC_INFO;
+
+ struct name_info ninfo = {
+ .name = TEST_NAME,
+ .pol_lb = LB_RR
+ };
+
+ TEST_START();
+
+ if (reg_init()) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_name(&ninfo) < 0) {
+ printf("Failed to create name.\n");
+ goto fail;
+ }
+
+ if (reg_create_proc(&pinfo) < 0) {
+ printf("Failed to create proc.\n");
+ goto fail;
+ }
+
+ if (reg_bind_proc(TEST_NAME, TEST_PID) < 0) {
+ printf("Failed to bind proc.\n");
+ goto fail;
+ }
+
+ if (reg_unbind_proc(TEST_NAME, TEST_PID) < 0) {
+ printf("Failed to unbind proc.\n");
+ goto fail;
+ }
+
+ reg_destroy_proc(TEST_PID);
+
+ if (reg_name_has_proc( __reg_get_name(TEST_NAME), TEST_PID)) {
+ printf("Proc still in name after destroy.\n");
+ goto fail;
+ }
+
+ reg_destroy_name(TEST_NAME);
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_bind_prog(void)
+{
+ struct prog_info pinfo = {
+ .name = TEST_PROG
+ };
+
+ struct name_info ninfo = {
+ .name = TEST_NAME,
+ .pol_lb = LB_RR
+ };
+
+ char * exec[] = { TEST_PROG, "--argswitch", "argvalue", NULL};
+
+ TEST_START();
+
+ if (reg_init()) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_name(&ninfo) < 0) {
+ printf("Failed to create name.\n");
+ goto fail;
+ }
+
+ if (reg_create_prog(&pinfo) < 0) {
+ printf("Failed to create prog.\n");
+ goto fail;
+ }
+
+ if (reg_bind_prog(TEST_NAME, exec, BIND_AUTO) < 0) {
+ printf("Failed to bind prog.\n");
+ goto fail;
+ }
+
+ if (!reg_name_has_prog( __reg_get_name(TEST_NAME), TEST_PROG)) {
+ printf("Prog not found in name.\n");
+ goto fail;
+ }
+
+ if (!reg_prog_has_name( __reg_get_prog(TEST_PROG), TEST_NAME)) {
+ printf("Name not found in prog.\n");
+ goto fail;
+ }
+
+ if (reg_unbind_prog(TEST_NAME, TEST_PROG) < 0) {
+ printf("Failed to unbind prog.\n");
+ goto fail;
+ }
+
+ if (reg_name_has_prog( __reg_get_name(TEST_NAME), TEST_PROG)) {
+ printf("Prog still in name after unbind.\n");
+ goto fail;
+ }
+
+ if (reg_prog_has_name( __reg_get_prog(TEST_PROG), TEST_NAME)) {
+ printf("Name still in prog after unbind.\n");
+ goto fail;
+ }
+
+ if (reg_bind_prog(TEST_NAME, exec, 0) < 0) {
+ printf("Failed to bind prog.\n");
+ goto fail;
+ }
+
+ if (reg_name_has_prog( __reg_get_name(TEST_NAME), TEST_PROG)) {
+ printf("Non-auto prog found in name.\n");
+ goto fail;
+ }
+
+ if (reg_unbind_prog(TEST_NAME, TEST_PROG) < 0) {
+ printf("Failed to unbind prog.\n");
+ goto fail;
+ }
+
+ reg_destroy_prog(TEST_PROG);
+
+ reg_destroy_name(TEST_NAME);
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_inherit_prog(void)
+{
+ struct name_info nameinfo = {
+ .name = TEST_NAME,
+ .pol_lb = LB_RR
+ };
+
+ struct prog_info proginfo = {
+ .name = TEST_PROG
+ };
+
+ struct proc_info procinfo = TEST_PROC_INFO;
+
+ char * exec[] = { TEST_PROG, NULL};
+
+ TEST_START();
+
+ if (reg_init()) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_name(&nameinfo) < 0) {
+ printf("Failed to create name.\n");
+ goto fail;
+ }
+
+ if (reg_create_prog(&proginfo) < 0) {
+ printf("Failed to create prog.\n");
+ goto fail;
+ }
+
+ if (reg_bind_prog(TEST_NAME, exec, 0) < 0) {
+ printf("Failed to bind prog.\n");
+ goto fail;
+ }
+
+ if (reg_create_proc(&procinfo) < 0) {
+ printf("Failed to create proc.\n");
+ goto fail;
+ }
+
+ if (!reg_name_has_proc(__reg_get_name(TEST_NAME), TEST_PID)) {
+ printf("Failed to update name from prog.\n");
+ goto fail;
+ }
+
+ if (!reg_proc_has_name(__reg_get_proc(TEST_PID), TEST_NAME)) {
+ printf("Failed to update proc from prog.\n");
+ goto fail;
+ }
+
+ reg_destroy_proc(TEST_PID);
+
+ reg_destroy_prog(TEST_PROG);
+
+ reg_destroy_name(TEST_NAME);
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_wait_accepting_timeout(void)
+{
+ struct timespec abstime;
+ struct timespec timeo = TIMESPEC_INIT_MS(1);
+ int flow_id;
+ struct name_info ninfo = {
+ .name = TEST_NAME,
+ .pol_lb = LB_RR
+ };
+
+ TEST_START();
+
+ if (reg_init()) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_name(&ninfo) < 0) {
+ printf("Failed to create name.\n");
+ goto fail;
+ }
+
+ clock_gettime(PTHREAD_COND_CLOCK, &abstime);
+ ts_add(&abstime, &timeo, &abstime);
+
+ flow_id = reg_wait_flow_accepting(ninfo.name, &abstime);
+ if (flow_id != -ETIMEDOUT) {
+ printf("Wait accept did not time out: %d.\n", flow_id);
+ goto fail;
+ }
+
+ reg_destroy_name(TEST_NAME);
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_wait_accepting_fail_name(void)
+{
+ struct timespec abstime;
+ struct timespec timeo = TIMESPEC_INIT_S(1);
+ int flow_id;
+
+ TEST_START();
+
+ if (reg_init()) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ clock_gettime(PTHREAD_COND_CLOCK, &abstime);
+ ts_add(&abstime, &timeo, &abstime);
+
+ flow_id = reg_wait_flow_accepting(TEST_NAME, &abstime);
+ if (flow_id != -ENAME) {
+ printf("Wait accept did not fail: %d.\n", flow_id);
+ goto fail;
+ }
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static void * test_call_flow_accept(void * o)
+{
+ struct timespec abstime;
+ struct timespec timeo = TIMESPEC_INIT_MS(10);
+ buffer_t pbuf = BUF_INIT;
+
+ struct proc_info pinfo = TEST_PROC_INFO;
+
+ struct flow_info info = {
+ .n_pid = pinfo.pid,
+ .qs = qos_raw,
+ };
+
+ if (reg_create_proc(&pinfo) < 0) {
+ printf("Failed to create proc.\n");
+ goto fail;
+ }
+
+ if (reg_bind_proc((char *) o, TEST_PID) < 0) {
+ printf("Failed to bind proc.\n");
+ goto fail;
+ }
+
+ if (reg_create_flow(&info) < 0) {
+ printf("Failed to create flow.\n");
+ goto fail;
+ }
+
+ info.state = FLOW_ACCEPT_PENDING;
+
+ reg_prepare_flow_accept(&info);
+
+ clock_gettime(PTHREAD_COND_CLOCK, &abstime);
+ ts_add(&abstime, &timeo, &abstime);
+
+ if (reg_wait_flow_accepted(&info, &pbuf, &abstime) != -ETIMEDOUT) {
+ printf("Wait allocated did not timeout.\n");
+ goto fail;
+ }
+
+ if (reg_unbind_proc((char *) o, pinfo.pid) < 0) {
+ printf("Failed to unbind proc.\n");
+ goto fail;
+ }
+
+ reg_destroy_flow(info.id);
+ reg_destroy_proc(pinfo.pid);
+
+ return (void *) 0;
+ fail:
+ return (void *) -1;
+}
+
+static int test_wait_accepting_success(void)
+{
+ struct timespec abstime;
+ struct timespec timeo = TIMESPEC_INIT_S(10);
+ pthread_t thr;
+ int flow_id;
+ struct name_info ninfo = {
+ .name = TEST_NAME,
+ .pol_lb = LB_RR
+ };
+
+
+ TEST_START();
+
+ if (reg_init()) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_name(&ninfo) < 0) {
+ printf("Failed to create name.\n");
+ goto fail;
+ }
+
+ pthread_create(&thr, NULL, test_call_flow_accept, ninfo.name);
+
+ clock_gettime(PTHREAD_COND_CLOCK, &abstime);
+ ts_add(&abstime, &timeo, &abstime);
+
+ flow_id = reg_wait_flow_accepting(ninfo.name, &abstime);
+ if (flow_id < 0) {
+ printf("Wait accept did not return a flow id: %d.\n", flow_id);
+ pthread_join(thr, NULL);
+ reg_destroy_name(TEST_NAME);
+ reg_fini();
+ goto fail;
+ }
+
+ pthread_join(thr, NULL);
+
+ reg_destroy_name(TEST_NAME);
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_wait_accepting(void)
+{
+ int rc = 0;
+
+ rc |= test_wait_accepting_timeout();
+ rc |= test_wait_accepting_fail_name();
+ rc |= test_wait_accepting_success();
+
+ return rc;
+}
+
+static int test_wait_ipcp_boot_timeout(void)
+{
+ struct timespec abstime;
+ struct timespec timeo = TIMESPEC_INIT_MS(1);
+ struct ipcp_info info = {
+ .name = TEST_IPCP,
+ .pid = TEST_PID,
+ .state = IPCP_INIT /* set by spawn_ipcp */
+ };
+
+ TEST_START();
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_ipcp(&info) < 0) {
+ printf("Failed to create ipcp.\n");
+ goto fail;
+ }
+
+ clock_gettime(PTHREAD_COND_CLOCK, &abstime);
+ ts_add(&abstime, &timeo, &abstime);
+
+ if (reg_wait_ipcp_boot(&info, &abstime) != -ETIMEDOUT) {
+ printf("Wait boot did not timeout.\n");
+ goto fail;
+ }
+
+ if (reg_destroy_proc(info.pid) < 0) {
+ printf("Failed to destroy ipcp.\n");
+ goto fail;
+ }
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static void * test_ipcp_respond(void * o)
+{
+ (void) o;
+
+ reg_respond_ipcp((struct ipcp_info *) o);
+
+ return (void *) 0;
+}
+
+static int test_wait_ipcp_boot_fail(void)
+{
+ struct timespec abstime;
+ struct timespec timeo = TIMESPEC_INIT_S(10);
+ pthread_t thr;
+ struct ipcp_info info = {
+ .name = TEST_IPCP,
+ .pid = TEST_PID,
+ .state = IPCP_INIT /* set by spawn_ipcp */
+ };
+ struct ipcp_info resp_info = {
+ .name = TEST_IPCP,
+ .pid = TEST_PID,
+ .state = IPCP_NULL
+ };
+
+ TEST_START();
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_ipcp(&info) < 0) {
+ printf("Failed to create ipcp.\n");
+ goto fail;
+ }
+
+ pthread_create(&thr, NULL, test_ipcp_respond, &resp_info);
+
+ clock_gettime(PTHREAD_COND_CLOCK, &abstime);
+ ts_add(&abstime, &timeo, &abstime);
+
+ info.state = IPCP_INIT;
+
+ if (reg_wait_ipcp_boot(&info, &abstime) == 0) {
+ printf("IPCP boot reported success.\n");
+ pthread_join(thr, NULL);
+ reg_destroy_proc(info.pid);
+ reg_fini();
+ goto fail;
+ }
+
+ pthread_join(thr, NULL);
+
+ if (reg_destroy_proc(info.pid) < 0) {
+ printf("Failed to destroy ipcp.\n");
+ goto fail;
+ }
+
+ if (reg.n_ipcps != 0) {
+ printf("n_ipcps was not updated.\n");
+ goto fail;
+ }
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_wait_ipcp_boot_success(void)
+{
+ pthread_t thr;
+ struct timespec abstime;
+ struct timespec timeo = TIMESPEC_INIT_S(10);
+ struct ipcp_info info = {
+ .name = TEST_IPCP,
+ .pid = TEST_PID,
+ .state = IPCP_INIT /* set by spawn_ipcp */
+ };
+ struct ipcp_info resp_info = {
+ .name = TEST_IPCP,
+ .pid = TEST_PID,
+ .state = IPCP_OPERATIONAL
+ };
+
+ TEST_START();
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ if (reg_create_ipcp(&info) < 0) {
+ printf("Failed to create ipcp.\n");
+ goto fail;
+ }
+
+ pthread_create(&thr, NULL, test_ipcp_respond, &resp_info);
+
+ clock_gettime(PTHREAD_COND_CLOCK, &abstime);
+ ts_add(&abstime, &timeo, &abstime);
+
+ info.state = IPCP_INIT;
+
+ if (reg_wait_ipcp_boot(&info, &abstime) < 0) {
+ printf("IPCP boot failed.\n");
+ pthread_join(thr, NULL);
+ reg_destroy_proc(info.pid);
+ reg_fini();
+ goto fail;
+ }
+
+ pthread_join(thr, NULL);
+
+ if (info.state != IPCP_OPERATIONAL) {
+ printf("IPCP boot succeeded in non-operational state.\n");
+ reg_destroy_proc(info.pid);
+ reg_fini();
+ goto fail;
+ }
+
+ if (reg_destroy_proc(info.pid) < 0) {
+ printf("Failed to destroy ipcp.\n");
+ goto fail;
+ }
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_wait_ipcp_boot(void)
+{
+ int rc = 0;
+
+ rc |= test_wait_ipcp_boot_timeout();
+ rc |= test_wait_ipcp_boot_fail();
+ rc |= test_wait_ipcp_boot_success();
+
+ return rc;
+}
+
+static int test_wait_proc_timeout(void)
+{
+ struct timespec abstime;
+ struct timespec timeo = TIMESPEC_INIT_MS(1);
+
+ TEST_START();
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+
+ clock_gettime(PTHREAD_COND_CLOCK, &abstime);
+ ts_add(&abstime, &timeo, &abstime);
+
+ if (reg_wait_proc(TEST_PID, &abstime) != -ETIMEDOUT) {
+ printf("Wait proc did not timeout.\n");
+ goto fail;
+ }
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static void * test_proc(void * o)
+{
+ (void) o;
+
+ reg_create_proc((struct proc_info *) o);
+
+ return (void *) 0;
+}
+
+static int test_wait_proc_success(void)
+{
+ struct timespec abstime;
+ struct timespec timeo = TIMESPEC_INIT_S(10);
+ pthread_t thr;
+ struct proc_info info = TEST_PROC_INFO;
+
+ TEST_START();
+
+ if (reg_init() < 0) {
+ printf("Failed to init registry.\n");
+ goto fail;
+ }
+
+ pthread_create(&thr, NULL, test_proc, &info);
+
+ clock_gettime(PTHREAD_COND_CLOCK, &abstime);
+ ts_add(&abstime, &timeo, &abstime);
+
+ if (reg_wait_proc(info.pid, &abstime) < 0) {
+ printf("Waiting for proc failed.\n");
+ pthread_join(thr, NULL);
+ reg_destroy_proc(info.pid);
+ reg_fini();
+ goto fail;
+ }
+
+ pthread_join(thr, NULL);
+
+ reg_destroy_proc(info.pid);
+
+ reg_fini();
+
+ TEST_SUCCESS();
+
+ return TEST_RC_SUCCESS;
+ fail:
+ REG_TEST_FAIL();
+ return TEST_RC_FAIL;
+}
+
+static int test_wait_proc(void)
+{
+ int rc = 0;
+
+ rc |= test_wait_proc_timeout();
+ rc |= test_wait_proc_success();
+
+ return rc;
+}
+
+int reg_test(int argc,
+ char ** argv)
+{
+ int rc = 0;
+
+ (void) argc;
+ (void) argv;
+
+ rc |= test_reg_init();
+ rc |= test_reg_flow();
+ rc |= test_reg_ipcp();
+ rc |= test_reg_name();
+ rc |= test_reg_proc();
+ rc |= test_reg_prog();
+ rc |= test_reg_spawned();
+ rc |= test_bind_proc();
+ rc |= test_bind_prog();
+ rc |= test_inherit_prog();
+ rc |= test_wait_accepting();
+ rc |= test_wait_ipcp_boot();
+ rc |= test_wait_proc();
+
+ return rc;
+}
diff --git a/src/irmd/registry.c b/src/irmd/registry.c
deleted file mode 100644
index 69e3ae97..00000000
--- a/src/irmd/registry.c
+++ /dev/null
@@ -1,615 +0,0 @@
-/*
- * Ouroboros - Copyright (C) 2016 - 2021
- *
- * The IPC Resource Manager - Registry
- *
- * Dimitri Staessens <dimitri@ouroboros.rocks>
- * Sander Vrijders <sander@ouroboros.rocks>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., http://www.fsf.org/about/contact/.
- */
-
-#if defined(__linux__) || defined(__CYGWIN__)
-#define _DEFAULT_SOURCE
-#else
-#define _POSIX_C_SOURCE 200809L
-#endif
-
-#include "config.h"
-
-#define OUROBOROS_PREFIX "registry"
-
-#include <ouroboros/errno.h>
-#include <ouroboros/logs.h>
-#include <ouroboros/time_utils.h>
-#include <ouroboros/pthread.h>
-
-#include "registry.h"
-#include "utils.h"
-
-#include <stdlib.h>
-#include <stdbool.h>
-#include <string.h>
-#include <signal.h>
-#include <unistd.h>
-#include <limits.h>
-#include <assert.h>
-
-static struct reg_entry * reg_entry_create(void)
-{
- struct reg_entry * e;
-
- e = malloc(sizeof(*e));
- if (e == NULL)
- return NULL;
-
- e->name = NULL;
- e->state = REG_NAME_NULL;
-
- return e;
-}
-
-static int reg_entry_init(struct reg_entry * e,
- char * name)
-{
- pthread_condattr_t cattr;
-
- assert(e);
- assert(name);
-
- list_head_init(&e->next);
- list_head_init(&e->reg_progs);
- list_head_init(&e->reg_pids);
-
- e->name = name;
- e->pol_lb = 0;
-
- if (pthread_condattr_init(&cattr))
- goto fail_cattr;
-
-#ifndef __APPLE__
- pthread_condattr_setclock(&cattr, PTHREAD_COND_CLOCK);
-#endif
- if (pthread_cond_init(&e->state_cond, &cattr))
- goto fail_cond;
-
- if (pthread_mutex_init(&e->state_lock, NULL))
- goto fail_mutex;
-
- pthread_condattr_destroy(&cattr);
-
- e->state = REG_NAME_IDLE;
-
- return 0;
-
- fail_mutex:
- pthread_cond_destroy(&e->state_cond);
- fail_cond:
- pthread_condattr_destroy(&cattr);
- fail_cattr:
- return -1;
-}
-
-static void cancel_reg_entry_destroy(void * o)
-{
- struct reg_entry * e;
- struct list_head * p;
- struct list_head * h;
-
- e = (struct reg_entry *) o;
-
- pthread_mutex_unlock(&e->state_lock);
-
- pthread_cond_destroy(&e->state_cond);
- pthread_mutex_destroy(&e->state_lock);
-
- if (e->name != NULL)
- free(e->name);
-
- list_for_each_safe(p, h, &e->reg_pids) {
- struct pid_el * pe = list_entry(p, struct pid_el, next);
- list_del(&pe->next);
- free(pe);
- }
-
- list_for_each_safe(p, h, &e->reg_progs) {
- struct str_el * a = list_entry(p, struct str_el, next);
- list_del(&a->next);
- free(a->str);
- free(a);
- }
-
- free(e);
-}
-
-static void reg_entry_destroy(struct reg_entry * e)
-{
- if (e == NULL)
- return;
-
- pthread_mutex_lock(&e->state_lock);
-
- if (e->state == REG_NAME_DESTROY) {
- pthread_mutex_unlock(&e->state_lock);
- return;
- }
-
- if (e->state != REG_NAME_FLOW_ACCEPT)
- e->state = REG_NAME_NULL;
- else
- e->state = REG_NAME_DESTROY;
-
- pthread_cond_broadcast(&e->state_cond);
-
- pthread_cleanup_push(cancel_reg_entry_destroy, e);
-
- while (e->state != REG_NAME_NULL)
- pthread_cond_wait(&e->state_cond, &e->state_lock);
-
- pthread_cleanup_pop(true);
-}
-
-static bool reg_entry_has_prog(struct reg_entry * e,
- const char * prog)
-{
- struct list_head * p;
-
- list_for_each(p, &e->reg_progs) {
- struct str_el * e = list_entry(p, struct str_el, next);
- if (!strcmp(e->str, prog))
- return true;
- }
-
- return false;
-}
-
-int reg_entry_add_prog(struct reg_entry * e,
- struct prog_entry * a)
-{
- struct str_el * n;
-
- if (reg_entry_has_prog(e, a->prog)) {
- log_warn("Program %s already accepting flows for %s.",
- a->prog, e->name);
- return 0;
- }
-
- if (!(a->flags & BIND_AUTO)) {
- log_dbg("Program %s cannot be auto-instantiated.", a->prog);
- return 0;
- }
-
- n = malloc(sizeof(*n));
- if (n == NULL)
- return -ENOMEM;
-
- n->str = strdup(a->prog);
- if (n->str == NULL) {
- free(n);
- return -ENOMEM;
- }
-
- list_add(&n->next, &e->reg_progs);
-
- pthread_mutex_lock(&e->state_lock);
-
- if (e->state == REG_NAME_IDLE)
- e->state = REG_NAME_AUTO_ACCEPT;
-
- pthread_mutex_unlock(&e->state_lock);
-
- return 0;
-}
-
-void reg_entry_del_prog(struct reg_entry * e,
- const char * prog)
-{
- struct list_head * p;
- struct list_head * h;
-
- list_for_each_safe(p, h, &e->reg_progs) {
- struct str_el * e = list_entry(p, struct str_el, next);
- if (!strcmp(prog, e->str)) {
- list_del(&e->next);
- free(e->str);
- free(e);
- }
- }
-
- pthread_mutex_lock(&e->state_lock);
-
- if (e->state == REG_NAME_AUTO_ACCEPT && list_is_empty(&e->reg_progs)) {
- e->state = REG_NAME_IDLE;
- pthread_cond_broadcast(&e->state_cond);
- }
-
- pthread_mutex_unlock(&e->state_lock);
-}
-
-char * reg_entry_get_prog(struct reg_entry * e)
-{
- if (!list_is_empty(&e->reg_pids) || list_is_empty(&e->reg_progs))
- return NULL;
-
- return list_first_entry(&e->reg_progs, struct str_el, next)->str;
-}
-
-static bool reg_entry_has_pid(struct reg_entry * e,
- pid_t pid)
-{
- struct list_head * p;
-
- list_for_each(p, &e->reg_progs) {
- struct pid_el * e = list_entry(p, struct pid_el, next);
- if (e->pid == pid)
- return true;
- }
-
- return false;
-}
-
-int reg_entry_add_pid(struct reg_entry * e,
- pid_t pid)
-{
- struct pid_el * i;
-
- assert(e);
-
- if (reg_entry_has_pid(e, pid)) {
- log_dbg("Process already registered with this name.");
- return -EPERM;
- }
-
- pthread_mutex_lock(&e->state_lock);
-
- if (e->state == REG_NAME_NULL) {
- pthread_mutex_unlock(&e->state_lock);
- log_dbg("Tried to add instance in NULL state.");
- return -EPERM;
- }
-
- i = malloc(sizeof(*i));
- if (i == NULL) {
- pthread_mutex_unlock(&e->state_lock);
- return -ENOMEM;
- }
-
- i->pid = pid;
-
- /* load balancing policy assigns queue order for this process. */
- switch(e->pol_lb) {
- case LB_RR: /* Round robin policy. */
- list_add_tail(&i->next, &e->reg_pids);
- break;
- case LB_SPILL: /* Keep accepting flows on the current process */
- list_add(&i->next, &e->reg_pids);
- break;
- default:
- assert(false);
- };
-
- if (e->state == REG_NAME_IDLE ||
- e->state == REG_NAME_AUTO_ACCEPT ||
- e->state == REG_NAME_AUTO_EXEC) {
- e->state = REG_NAME_FLOW_ACCEPT;
- pthread_cond_broadcast(&e->state_cond);
- }
-
- pthread_mutex_unlock(&e->state_lock);
-
- return 0;
-}
-
-void reg_entry_set_policy(struct reg_entry * e,
- enum pol_balance p)
-{
- e->pol_lb = p;
-}
-
-
-static void reg_entry_check_state(struct reg_entry * e)
-{
- assert(e);
-
- if (e->state == REG_NAME_DESTROY) {
- e->state = REG_NAME_NULL;
- pthread_cond_broadcast(&e->state_cond);
- return;
- }
-
- if (list_is_empty(&e->reg_pids)) {
- if (!list_is_empty(&e->reg_progs))
- e->state = REG_NAME_AUTO_ACCEPT;
- else
- e->state = REG_NAME_IDLE;
- } else {
- e->state = REG_NAME_FLOW_ACCEPT;
- }
-
- pthread_cond_broadcast(&e->state_cond);
-}
-
-void reg_entry_del_pid_el(struct reg_entry * e,
- struct pid_el * p)
-{
- assert(e);
- assert(p);
-
- list_del(&p->next);
- free(p);
-
- reg_entry_check_state(e);
-}
-
-void reg_entry_del_pid(struct reg_entry * e,
- pid_t pid)
-{
- struct list_head * p;
- struct list_head * h;
-
- assert(e);
-
- if (e == NULL)
- return;
-
- list_for_each_safe(p, h, &e->reg_pids) {
- struct pid_el * a = list_entry(p, struct pid_el, next);
- if (a->pid == pid) {
- list_del(&a->next);
- free(a);
- }
- }
-
- reg_entry_check_state(e);
-}
-
-pid_t reg_entry_get_pid(struct reg_entry * e)
-{
- if (e == NULL)
- return -1;
-
- if (list_is_empty(&e->reg_pids))
- return -1;
-
- return list_first_entry(&e->reg_pids, struct pid_el, next)->pid;
-}
-
-enum reg_name_state reg_entry_get_state(struct reg_entry * e)
-{
- enum reg_name_state state;
-
- assert(e);
-
- pthread_mutex_lock(&e->state_lock);
-
- state = e->state;
-
- pthread_mutex_unlock(&e->state_lock);
-
- return state;
-}
-
-int reg_entry_set_state(struct reg_entry * e,
- enum reg_name_state state)
-{
- assert(state != REG_NAME_DESTROY);
-
- pthread_mutex_lock(&e->state_lock);
-
- e->state = state;
- pthread_cond_broadcast(&e->state_cond);
-
- pthread_mutex_unlock(&e->state_lock);
-
- return 0;
-}
-
-int reg_entry_leave_state(struct reg_entry * e,
- enum reg_name_state state,
- struct timespec * timeout)
-{
- struct timespec abstime;
- int ret = 0;
-
- assert(e);
- assert(state != REG_NAME_DESTROY);
-
- if (timeout != NULL) {
- clock_gettime(PTHREAD_COND_CLOCK, &abstime);
- ts_add(&abstime, timeout, &abstime);
- }
-
- pthread_mutex_lock(&e->state_lock);
-
- pthread_cleanup_push(__cleanup_mutex_unlock, &e->state_lock);
-
- while (e->state == state && ret != -ETIMEDOUT)
- if (timeout)
- ret = -pthread_cond_timedwait(&e->state_cond,
- &e->state_lock,
- &abstime);
- else
- ret = -pthread_cond_wait(&e->state_cond,
- &e->state_lock);
-
- if (e->state == REG_NAME_DESTROY) {
- ret = -1;
- e->state = REG_NAME_NULL;
- pthread_cond_broadcast(&e->state_cond);
- }
-
- pthread_cleanup_pop(true);
-
- return ret;
-}
-
-int reg_entry_wait_state(struct reg_entry * e,
- enum reg_name_state state,
- struct timespec * timeout)
-{
- struct timespec abstime;
- int ret = 0;
-
- assert(e);
- assert(state != REG_NAME_DESTROY);
-
- if (timeout != NULL) {
- clock_gettime(PTHREAD_COND_CLOCK, &abstime);
- ts_add(&abstime, timeout, &abstime);
- }
-
- pthread_mutex_lock(&e->state_lock);
-
- while (e->state != state &&
- e->state != REG_NAME_DESTROY &&
- ret != -ETIMEDOUT)
- if (timeout)
- ret = -pthread_cond_timedwait(&e->state_cond,
- &e->state_lock,
- &abstime);
- else
- ret = -pthread_cond_wait(&e->state_cond,
- &e->state_lock);
-
- if (e->state == REG_NAME_DESTROY) {
- ret = -1;
- e->state = REG_NAME_NULL;
- pthread_cond_broadcast(&e->state_cond);
- }
-
- pthread_mutex_unlock(&e->state_lock);
-
- return ret;
-}
-
-struct reg_entry * registry_get_entry(struct list_head * registry,
- const char * name)
-{
- struct list_head * p = NULL;
-
- assert(registry);
-
- list_for_each(p, registry) {
- struct reg_entry * e = list_entry(p, struct reg_entry, next);
- if (!strcmp(name, e->name))
- return e;
- }
-
- return NULL;
-}
-
-struct reg_entry * registry_get_entry_by_hash(struct list_head * registry,
- enum hash_algo algo,
- const uint8_t * hash,
- size_t len)
-{
- struct list_head * p = NULL;
- uint8_t * thash;
-
- thash = malloc(len);
- if (thash == NULL)
- return NULL;
-
- assert(registry);
-
- list_for_each(p, registry) {
- struct reg_entry * e = list_entry(p, struct reg_entry, next);
- str_hash(algo, thash, e->name);
- if (memcmp(thash, hash, len) == 0) {
- free(thash);
- return e;
- }
- }
-
- free(thash);
-
- return NULL;
-}
-
-struct reg_entry * registry_add_name(struct list_head * registry,
- const char * name)
-{
- struct reg_entry * e = NULL;
-
- assert(registry);
- assert(name);
-
- if (registry_has_name(registry, name)) {
- log_dbg("Name %s already registered.", name);
- return NULL;
- }
-
- e = reg_entry_create();
- if (e == NULL) {
- log_dbg("Could not create registry entry.");
- return NULL;
- }
-
- if (reg_entry_init(e, strdup(name))) {
- reg_entry_destroy(e);
- log_dbg("Could not initialize registry entry.");
- return NULL;
- }
-
- list_add(&e->next, registry);
-
- return e;
-}
-
-void registry_del_name(struct list_head * registry,
- const char * name)
-{
- struct reg_entry * e = registry_get_entry(registry, name);
- if (e == NULL)
- return;
-
- list_del(&e->next);
- reg_entry_destroy(e);
-
- return;
-}
-
-void registry_del_process(struct list_head * registry,
- pid_t pid)
-{
- struct list_head * p;
-
- assert(registry);
- assert(pid > 0);
-
- list_for_each(p, registry) {
- struct reg_entry * e = list_entry(p, struct reg_entry, next);
- pthread_mutex_lock(&e->state_lock);
- assert(e);
- reg_entry_del_pid(e, pid);
- pthread_mutex_unlock(&e->state_lock);
- }
-
- return;
-}
-
-void registry_destroy(struct list_head * registry)
-{
- struct list_head * p = NULL;
- struct list_head * h = NULL;
-
- assert(registry);
-
- list_for_each_safe(p, h, registry) {
- struct reg_entry * e = list_entry(p, struct reg_entry, next);
- list_del(&e->next);
- reg_entry_set_state(e, REG_NAME_NULL);
- reg_entry_destroy(e);
- }
-}
diff --git a/src/irmd/registry.h b/src/irmd/registry.h
deleted file mode 100644
index af34cffc..00000000
--- a/src/irmd/registry.h
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Ouroboros - Copyright (C) 2016 - 2021
- *
- * The IPC Resource Manager - Registry
- *
- * Dimitri Staessens <dimitri@ouroboros.rocks>
- * Sander Vrijders <sander@ouroboros.rocks>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., http://www.fsf.org/about/contact/.
- */
-
-#ifndef OUROBOROS_IRMD_REGISTRY_H
-#define OUROBOROS_IRMD_REGISTRY_H
-
-#include <ouroboros/hash.h>
-#include <ouroboros/ipcp.h>
-#include <ouroboros/list.h>
-#include <ouroboros/irm.h>
-
-#include "proc_table.h"
-#include "prog_table.h"
-
-#include <stdint.h>
-#include <stdbool.h>
-#include <pthread.h>
-#include <string.h>
-#include <sys/types.h>
-
-#define registry_has_name(r, name) \
- (registry_get_entry(r, name) != NULL)
-
-enum reg_name_state {
- REG_NAME_NULL = 0,
- REG_NAME_IDLE,
- REG_NAME_AUTO_ACCEPT,
- REG_NAME_AUTO_EXEC,
- REG_NAME_FLOW_ACCEPT,
- REG_NAME_FLOW_ARRIVED,
- REG_NAME_DESTROY
-};
-
-/* An entry in the registry */
-struct reg_entry {
- struct list_head next;
- char * name;
-
- /* Policies for this name. */
- enum pol_balance pol_lb; /* Load balance incoming flows. */
- /* Programs that can be instantiated by the irmd. */
- struct list_head reg_progs;
- /* Processes that are listening for this name. */
- struct list_head reg_pids;
-
- enum reg_name_state state;
- pthread_cond_t state_cond;
- pthread_mutex_t state_lock;
-};
-
-int reg_entry_add_prog(struct reg_entry * e,
- struct prog_entry * a);
-
-void reg_entry_del_prog(struct reg_entry * e,
- const char * prog);
-
-char * reg_entry_get_prog(struct reg_entry * e);
-
-int reg_entry_add_pid(struct reg_entry * e,
- pid_t pid);
-
-void reg_entry_del_pid(struct reg_entry * e,
- pid_t pid);
-
-void reg_entry_del_pid_el(struct reg_entry * e,
- struct pid_el * a);
-
-pid_t reg_entry_get_pid(struct reg_entry * e);
-
-void reg_entry_set_policy(struct reg_entry * e,
- enum pol_balance p);
-
-enum reg_name_state reg_entry_get_state(struct reg_entry * e);
-
-int reg_entry_set_state(struct reg_entry * e,
- enum reg_name_state state);
-
-int reg_entry_leave_state(struct reg_entry * e,
- enum reg_name_state state,
- struct timespec * timeout);
-
-int reg_entry_wait_state(struct reg_entry * e,
- enum reg_name_state state,
- struct timespec * timeout);
-
-struct reg_entry * registry_add_name(struct list_head * registry,
- const char * name);
-
-void registry_del_name(struct list_head * registry,
- const char * name);
-
-void registry_del_process(struct list_head * registry,
- pid_t pid);
-
-void registry_sanitize_pids(struct list_head * registry);
-
-struct reg_entry * registry_get_entry(struct list_head * registry,
- const char * name);
-
-struct reg_entry * registry_get_entry_by_hash(struct list_head * registry,
- enum hash_algo algo,
- const uint8_t * hash,
- size_t len);
-
-void registry_destroy(struct list_head * registry);
-
-#endif /* OUROBOROS_IRMD_REGISTRY_H */
diff --git a/src/irmd/tests/CMakeLists.txt b/src/irmd/tests/CMakeLists.txt
deleted file mode 100644
index 68bd762d..00000000
--- a/src/irmd/tests/CMakeLists.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-get_filename_component(tmp ".." ABSOLUTE)
-get_filename_component(src_folder "${tmp}" NAME)
-
-create_test_sourcelist(${src_folder}_tests test_suite.c
- # Add new tests here
-)
-
-add_executable(${src_folder}_test EXCLUDE_FROM_ALL ${${src_folder}_tests})
-target_link_libraries(${src_folder}_test ouroboros)
-
-add_dependencies(check ${src_folder}_test)
-
-set(tests_to_run ${${src_folder}_tests})
-remove(tests_to_run test_suite.c)
-
-foreach(test ${tests_to_run})
- get_filename_component(test_name ${test} NAME_WE)
- add_test(${test_name} ${C_TEST_PATH}/${src_folder}_test ${test_name})
-endforeach(test)
diff --git a/src/irmd/utils.c b/src/irmd/utils.c
deleted file mode 100644
index 976dcfa2..00000000
--- a/src/irmd/utils.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Ouroboros - Copyright (C) 2016 - 2021
- *
- * The IPC Resource Manager - Utilities
- *
- * Dimitri Staessens <dimitri@ouroboros.rocks>
- * Sander Vrijders <sander@ouroboros.rocks>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., http://www.fsf.org/about/contact/.
- */
-
-#define _POSIX_C_SOURCE 200809L
-
-#include <stdlib.h>
-#include <string.h>
-
-void argvfree(char ** argv)
-{
- char ** argv_dup = argv;
- if (argv == NULL)
- return;
-
- while (*argv_dup != NULL)
- free(*(argv_dup++));
-
- free(argv);
-}
-
-char ** argvdup(char ** argv)
-{
- int argc = 0;
- char ** argv_dup = argv;
- int i;
-
- if (argv == NULL)
- return NULL;
-
- while (*(argv_dup++) != NULL)
- argc++;
-
- if (argc != 0) {
- argv_dup = malloc((argc + 1) * sizeof(*argv_dup));
- for (i = 0; i < argc; ++i) {
- argv_dup[i] = strdup(argv[i]);
- if (argv_dup[i] == NULL) {
- argvfree(argv_dup);
- return NULL;
- }
- }
- }
- argv_dup[argc] = NULL;
- return argv_dup;
-}
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-05 06:05:57 +0000