| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a first step towards the Secure Shared Memory (SSM)
infrastructure for Ouroboros, which will allow proper resource
separation for non-privileged processes.
This replaces the rdrbuff (random-deletion ring buffer) PoC allocator
with a sharded slab allocator for the packet buffer pool to avoid the
head-of-line blocking behaviour of the rdrb and reduce lock contention
in multi-process scenarios. Each size class contains multiple
independent shards, allowing parallel allocations without blocking.
- Configurable shard count per size class (default: 4, set via
SSM_POOL_SHARDS in CMake). The configured number of blocks are
spread over the number of shards. As an example:
SSM_POOL_512_BLOCKS = 768 blocks total
These 768 blocks are shared among 4 shards
(not 768 × 4 = 3072 blocks)
- Lazy block distribution: all blocks initially reside in shard 0
and naturally migrate to process-local shards upon first
allocation and subsequent free operations
- Fallback with work stealing: processes attempt allocation from
their local shard (pid % SSM_POOL_SHARDS) first, then steal
from other shards if local is exhausted, eliminating
fragmentation while maintaining low contention
- Round-robin condvar signaling: blocking allocations cycle
through all shard condition variables to ensure fairness
- Blocks freed to allocator's shard: uses allocator_pid to
determine target shard, enabling natural load balancing as
process allocation patterns stabilize over time
Maintains existing robust mutex semantics including EOWNERDEAD
handling for dead process recovery. Internal structures exposed in
ssm.h for testing purposes. Adds some tests (pool_test,
pool_sharding_test.c. etc) verifying lazy distribution, migration,
fallback stealing, and multiprocess behavior.
Updates the ring buffer (rbuff) to use relaxed/acquire/release
ordering on atomic indices. The ring buffer requires the (robust)
mutex to ensure cross-structure synchronization between pool buffer
writes and ring buffer index publication.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The reg_tests didn't clean up on timeouts, now fixed. Increased
timeouts to deal with slower CI/CD builds.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
| |
There was a previous version of the authentication tests lingering in
the irmd/test folder (it was moved to irmd/oap/tests/).
Also enables the disabling of the Ouroboros logging in the oap tests.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Noticed a test fail with SEGV on codeberg:
23/23 Test #23: irmd/reg/reg_test ................
Subprocess aborted***Exception: 1.11 sec
Wait accept did not return a flow id: -110.
test_wait_accepting_success failed.
Root cause was a missing unbind_process call in the cleanup.
The test can now wait for 10 seconds, and will take less on fast
systems:
23/23 Test #23: irmd/reg/reg_test ................
Passed 0.01 sec
The test_wait_ipcp_boot_fail was also wrong, a failed IPCP
returns/sets state to IPCP_NULL.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The test_oap_piggyback_data was not cleaning up the passed data
correctly.
Also, a FILE * was not properly closed in the openssl
load_pubkey_raw_file_to_der() wrapper. Refactored some fail paths to
make them easier to read.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
This prevents them from swapping to disk and killing performance. It
also enhances security a little bit by reducing the risk of sensitive
(even encrypted) data being paged out and captured.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds initial support for runtime-configurable encryption and
post-quantum Key Encapsulation Mechanisms (KEMs) and authentication
(ML-DSA).
Supported key exchange algorithms:
ECDH: prime256v1, secp384r1, secp521r1, X25519, X448
Finite Field DH: ffdhe2048, ffdhe3072, ffdhe4096
ML-KEM (FIPS 203): ML-KEM-512, ML-KEM-768, ML-KEM-1024
Hybrid KEMs: X25519MLKEM768, X448MLKEM1024
Supported ciphers:
AEAD: aes-128-gcm, aes-192-gcm, aes-256-gcm, chacha20-poly1305
CTR: aes-128-ctr, aes-192-ctr, aes-256-ctr
Supported HKDFs:
sha256, sha384, sha512, sha3-256, sha3-384, sha3-512,
blake2b512, blake2s256
Supported Digests for DSA:
sha256, sha384, sha512, sha3-256, sha3-384, sha3-512,
blake2b512, blake2s256
PQC support requires OpenSSL 3.4.0+ and is detected automatically via
CMake. A DISABLE_PQC option allows building without PQC even when
available.
KEMs differ from traditional DH in that they require asymmetric roles:
one party encapsulates to the other's public key. This creates a
coordination problem during simultaneous reconnection attempts. The
kem_mode configuration parameter resolves this by pre-assigning roles:
kem_mode=server # Server encapsulates (1-RTT, full forward secrecy)
kem_mode=client # Client encapsulates (0-RTT, cached server key)
The enc.conf file format supports:
kex=<algorithm> # Key exchange algorithm
cipher=<algorithm> # Symmetric cipher
kdf=<KDF> # Key derivation function
digest=<digest> # Digest for DSA
kem_mode=<mode> # Server (default) or client
none # Disable encryption
The OAP protocol is extended to negotiate algorithms and exchange KEX
data. All KEX messages are signed using existing authentication
infrastructure for integrity and replay protection.
Tests are split into base and _pqc variants to handle conditional PQC
compilation (kex_test.c/kex_test_pqc.c, oap_test.c/oap_test_pqc.c).
Bumped minimum required OpenSSL version for encryption to 3.0
(required for HKDF API). 1.1.1 is long time EOL.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The test output is a bit polluted with logs originating fomr the
logging system, e.g.:
23: test_bind_prog started.
23: ==16636== reg/name(DB): Add prog reg_test to name testname.
23: ==16636== reg(EE): Removing from names.
23: test_bind_prog succeeded.
This adds a flag DISABLE_TEST_LOGGING that suppresses log_* output in
tests to keep them clean:
23: test_bind_prog started.
23: test_bind_prog succeeded.
The status is printed in CMake output:
-- Ouroboros logging in test output disabled
-- Ouroboros logging in test output enabled
By default the flag is ON (clean test output).
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
This moves the CMake build logic out of the source tree and splits it
up into a more modular form. The tests now have a CMakeLists.txt file
in their respective source directory.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
A valid but empty config file is placed at install. This does not
overwrite old config files. It is also not removed on uninstall.
Signed-off-by: Thijs Paelman <thijs@ouroboros.rocks>
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
Be clear that OUROBOROS_CONFIG_DIR should be an absolute path, since
the systemd service file depends on this, and most defined variables in
the code (security directory and derived).
Signed-off-by: Thijs Paelman <thijs@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
This intermediate target only builds all the tests, it doesn't run them.
It is added for clarifying the different steps involved in testing.
The 'check' target still builds AND runs the tests as before.
Signed-off-by: Thijs Paelman <thijs@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When BUILD_TESTING=ON, then the default 'all' target will now build also
the tests.
This behaviour could be controlled by an extra variable
(see https://stackoverflow.com/a/42235335), but this increases
complexity without many benefits.
Signed-off-by: Thijs Paelman <thijs@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
| |
By default, BUILD_TESTING = ON due to the inclusion of the CTest module.
Signed-off-by: Thijs Paelman <thijs@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
This fixes a regression in the code path for joining a broadcast
Layer. It deprecates the qos parameter on flow_join, as the QoS is
implied by the broadcast Layer itself.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes the flow encryption option (cypher_s) from the qosspec.
The configuration file is configured in the security options (default
/etc/ouroboros/security/). For this poc, encryption can be disabled
client or server side by putting an enc.cfg file. If that file is
present in the client folder, the client will require encryption. If
that file is present on the server side, the server will require
encryption and reject non-encrypted flows.
Encryption is now configured outside of any application control.
Example: /etc/ouroboros/security/client/oping/enc.cfg exists:
irmd(II): Encryption enabled for oping.
irmd(DB): File /etc/ouroboros/security/client/oping/crt.pem does not exist.
irmd(II): No security info for oping.
irmd(DB): Generated ephemeral keys for 87474.
irmd/oap(PP): OAP_HDR [caf203681d997941 @ 2025-09-02 17:08:05 (UTC) ] -->
irmd/oap(PP): Certificate: <none>
irmd/oap(PP): Ephemeral Public Key: [91 bytes]
irmd/oap(PP): Data: <none>
irmd/oap(PP): Signature: <none>
Example: /etc/ouroboros/security/client/oping/enc.cfg does not exist:
irmd(II): Allocating flow for 87506 to oping.
irmd(DB): File /etc/ouroboros/security/client/oping/enc.cfg does not exist.
irmd(DB): File /etc/ouroboros/security/client/oping/crt.pem does not exist.
irmd(II): No security info for oping.
irmd/oap(PP): OAP_HDR [e84bb9d7c3d9c002 @ 2025-09-02 17:08:30 (UTC) ] -->
irmd/oap(PP): Certificate: <none>
irmd/oap(PP): Ephemeral Public Key: <none>
irmd/oap(PP): Data: <none>
irmd/oap(PP): Signature: <none>
Example: /etc/ouroboros/security/server/oping/enc.cfg exists:
irmd(II): Flow request arrived for oping.
irmd(DB): IPCP 88112 accepting flow 7 for oping.
irmd(II): Encryption enabled for oping.
irmd(DB): File /etc/ouroboros/security/server/oping/crt.pem does not exist.
irmd(II): No security info for oping.
irmd/oap(PP): OAP_HDR [3c717b3f31dff8df @ 2025-09-02 17:13:06 (UTC) ] <--
irmd/oap(PP): Certificate: <none>
irmd/oap(PP): Ephemeral Public Key: <none>
irmd/oap(PP): Data: <none>
irmd/oap(PP): Signature: <none>
irmd(WW): Encryption required but no key provided.
The server side will pass the ECRYPT to the client:
$ oping -l
Ouroboros ping server started.
Failed to accept flow: -1008
$ oping -n oping -c 1
Failed to allocate flow: -1008.
Encryption on flows can now be changed at runtime without needing to
touch/reconfigure/restart the process.
Note: The ECRYPT result is passed on via the flow allocator responses
through the IPCP (discovered/fixed some endianness issues), but the
reason for rejecting the flow can be considered N+1 information... We
may move that information up into the OAP header at some point.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
| |
This adds an IPCP that runs over UDP/IPv6. It's structured like the
eth-dix and eth-llc in that it builds two separate binaries:
ipcpd-udp4 and ipcpd-udp6. The IRM CLI is backwards compatible in that
type 'udp' will resolve to type 'udp4'.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
The server-side check of client certificates was checking the server
side certificate instead. Now also allows client certificates with a
different name than the application.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
| |
Fixes some printf formatting, which was failing the build on raspbian.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The IPCP states were not entirely correct causing some operations to
be serviced during shutdown. This caused some use-after-free in the
pff. States in the IPCP are now correctly set. IRMd states updated to
the same strategy. The IRMd registry tracks if the IPCP was ENROLLED
or BOOTSTRAPPED, the IPCP just goes to OPERATIONAL.
IPCP state diagram::
NULL -> init() -> INIT -> start() -> BOOT ->
bootstrap/enroll() -> OPERATIONAL -> shutdown()
-> SHUTDOWN -> stop_components() -> BOOT ->
stop() -> INIT -> fini() -> NULL
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
Moved the conversion and check to a small function to avoid code
duplication. Also moved the checks to a small function in the irm name
create tool.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds initial implementation of peer authentication as part of
flow allocation. If credentials are not provided, this will be
accepted and logged as info that the flow is not authenticated.
Certificates and keys are passed as .pem files. The key file should
not be encrypted, else the IRMd will open a prompt for the password.
The default location for these .pem files is in
/etc/ouroboros/security. It is strongly recommended to make this
directory only accessible to root.
├── security
│ ├── cacert
│ │ └── ca.root.o7s.crt.pem
│ ├── client
│ │ ├── <name>
│ │ | ├── crt.pem
│ │ | └── key.pem
│ │ └── <name>
| | ├──...
| |
│ ├── server
│ │ ├── <name>
│ │ | ├── crt.pem
│ │ | └── key.pem
│ │ └── <name>
| | ├── ...
| |
│ └── untrusted
│ └── sign.root.o7s.crt.pem
Trusted root CA certificates go in the /cacert directory, untrusted
certificates for signature verification go in the /untrusted
directory. The IRMd will load these certificates at boot. The IRMd
will look for certificates in the /client and /server directories. For
each name a subdirectory can be added and the credentials in that
directory are used to sign the OAP header for flows at flow_alloc() on
the client side and flow_accept() on the server side.
These defaults can be changed at build time using the following
variables (in alphabetical order):
OUROBOROS_CA_CRT_DIR /etc/ouroboros/security/cacert
OUROBOROS_CLI_CRT_DIR /etc/ouroboros/security/client
OUROBOROS_SECURITY_DIR /etc/ouroboros/security
OUROBOROS_SRV_CRT_DIR /etc/ouroboros/security/server
OUROBOROS_UNTRUSTED_DIR /etc/ouroboros/security/untrusted
The directories for the names can also be configured at IRMd boot
using the configuraton file and at runtime when a name is created
using the "irm name create" CLI tool. The user needs to have
permissions to access the keyfile and certificate when specifying the
paths with the "irm name create" CLI tool.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
The link-state component had some values defined in the source such as
link-state advertisement interval, link timeout period and the PFF
recalculation time. These can now be configured from the config file
or via "irm ipcp bootstrap" on the command line.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The registry wait_flow_accepted asserts the flow state to be pending,
but this is not always true as the thread that accepts can be faster
in execution than the one waiting for it.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
|
| |
|
|
|
|
| |
Fixes memory leaks in the tests that had escaped detection.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
| |
This makes the IRMd a bit simpler, and we only need to do the lookup
to resolve the name for a hash on the server side only once. The
logging is also symmetric now:
irmd(II): Allocating flow for 93317 to unicast.1.
irmd(II): Flow request arrived for unicast.1.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The IPCP_CONN_WAIT_DIR build option is not needed anymore with the
recent update to the DHT. Also cleans up some logging in the IPCP.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until we have a more elaborate strategy for figuring out in which
Layer a service is reachable, the IRMd queries the IPCPs for names.
It currently does this in the order they are stored in the registry,
and the idea was to do this ordered by IPCP type. That order got
messed up when the registry was rewritten. This is now fixed, with a
test.
The default query timeout is also lowered from 20s to 200ms. It's
better to let the IRMd fail and retry the flow allocation than spend
20s waiting for the link-state routing to converge on a layer that
doesn't hold the name. This does wonders for tests using Rumba...
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
| |
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a rewrite of the DHT for name-to-address resolution in the
unicast layer. It is now integrated as a proper directory policy. The
dir_wait_running function is removed, instead the a DHT peer is passed
on during IPCP enrolment.
Each DHT request/response gets a random 64-bit ID ('cookie'). DHT
messages to the same peer are deduped, except in the case when the DHT
is low on contacts. In that case, it will contact the per it received
at enrolment for more contacts. To combat packet loss, these messages
are not deduped by means of a 'magic cookie', chosen at random when
the DHT starts.
The DHT parameters (Kademlia) can be set using the configfile or the
IRM command line tools:
if DIRECTORY_POLICY == DHT
[dht_alpha <search factor> (default: 3)]
[dht_k <replication factor> (default: 8)]
[dht_t_expire <expiration (s)> (default: 86400)]
[dht_t_refresh <contact refresh (s)> (default: 900)]
[dht_t_replicate <replication (s)> (default: 900)]
This commit also adds support for a protocol debug level (PP).
Protocol debugging for the DHT can be enabled using the
DEBUG_PROTO_DHT build flag.
The DHT has the following message types:
DHT_STORE, sent to k peers. Not acknowledged.
DHT_STORE --> [2861814146dbf9b5|ed:d9:e2:c4].
key: bcc236ab6ec69e65 [32 bytes]
val: 00000000c4e2d9ed [8 bytes]
exp: 2025-08-03 17:29:44 (UTC).
DHT_FIND_NODE_REQ, sent to 'alpha' peers, with a corresponding
response. This is used to update the peer routing table to iteratively
look for the nodes with IDs closest to the requested key.
DHT_FIND_NODE_REQ --> [a62f92abffb451c4|ed:d9:e2:c4].
cookie: 2d4b7acef8308210
key: a62f92abffb451c4 [32 bytes]
DHT_FIND_NODE_RSP <-- [2861814146dbf9b5|ed:d9:e2:c4].
cookie: 2d4b7acef8308210
key: a62f92abffb451c4 [32 bytes]
contacts: [1]
[a62f92abffb451c4|9f:0d:c1:fb]
DHT_FIND_VALUE_REQ, sent to 'k' peers, with a corresponding
response. Used to find a value for a key. Will also send its closest
known peers in the response.
DHT_FIND_VALUE_REQ --> [2861814146dbf9b5|ed:d9:e2:c4].
cookie: 80a1adcb09a2ff0a
key: 42dee3b0415b4f69 [32 bytes]
DHT_FIND_VALUE_RSP <-- [2861814146dbf9b5|ed:d9:e2:c4].
cookie: 80a1adcb09a2ff0a
key: 42dee3b0415b4f69 [32 bytes]
values: [1]
00000000c4e2d9ed [8 bytes]
contacts: [1]
[a62f92abffb451c4|9f:0d:c1:fb]
Also removes ubuntu 20 from appveyor config as it is not supported anymore.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a DEBUG_PROTO_OAP option to show some information in the OAP
headers received by the IRMd during flow allocation.
Example for unencrypted flow (send):
OAP_HDR [528b7bf81df8e9bc @ 2025-08-05 17:05:29 (UTC) ] -->
Certificate: <none>
Ephemeral Public Key: <none>
Data: <none>
Signature: <none>
Example for encrypted flow (rcv):
OAP_HDR [4ff83072e0ed54b3 @ 2025-08-05 17:06:23 (UTC) ] <--
Certificate: <none>
Ephemeral Public Key [91 bytes]:
Data: <none>
Signature: <none>
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The TPM was just printing when debugging, but it's cleaner to just log
it. Cleaned up the debug code a bit as well. Fixed timing bug in IRMd.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
| |
The static analyzer is complaining about a leak of strdup in
reg_list_names. The reg_lists_ipcps function has identical logic and
does not trigger it.
Both tests succeed with address sanitizer.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
This is how the ProtoBufCBinary data type is defined, so it will allow
easier conversion until we get rid of it. But it makes sense, as the
size_t will always be aligned.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
The timestamp check was not correcly updated when changing MPL from
seconds to milliseconds. IRMd now also warns if the allocation was
sent from the future.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the initial version for the flow allocation protocol header
between IRMd instances. This is a step towards flow authentication.
The header supports secure and authenticated flow allocation,
supporting certificate-based authentication and ephemeral key
exchange for end-to-end encryption.
id: 128-bit identifier for the entity.
timestamp: 64-bit timestamp (replay protection).
certificate: Certificate for authentication.
public key: ECDHE public key for key exchange.
data: Application data.
signature: Signature for integrity/authenticity.
Authentication and encryption require OpenSSL to be installed.
The IRMd compares the allocation request delay with the MPL of the
Layer over which the flow allocation was sent. MPL is now reported by
the Layer in ms instead of seconds.
Time functions revised for consistency and adds some tests.
The TPM can now print thread running times in Debug builds
(TPM_DEBUG_REPORT_INTERVAL) and abort processes with hung threads
(TPM_DEBUG_ABORT_TIMEOUT). Long running threads waiting for input
should call tpm_wait_work() to avoid trigger a process abort.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
| |
Adds functions needed for authentication using X509 certificates,
implemented using OpenSSL.
Refactors some library internals, and adds some unit tests for them.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
On OS X, user-installed libraries will have their headers in
/usr/local/include/ which is not automatically included.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
| |
AF_INET is defined in <sys/socket.h> on FreeBSD.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
There was a logline printing tv_sec as a ssize_t instead of a
long, causing compilation on raspbian 32-bit to fail.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The state was set to IRMD_NULL, so the IRMd was still waiting for a
signal to actually shut down. It should be set to IRMD_SHUTDOWN.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removing the testdriver source by the driver name doesn't work anymore
in CMake 3.29 because of the following (breaking) change:
Changed in version 3.29: The test driver source is listed by absolute
path in the build tree. Previously it was listed only as <driverName>.
https://cmake.org/cmake/help/latest/command/create_test_sourcelist.html
When using CMake 3.29 or above, Ouroboros will use the list POP_FRONT
function (introduced in CMake 3.15) to get rid of it.
https://cmake.org/cmake/help/latest/command/list.html#pop-front
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The argc counter was improperly reset before building the arguments
list.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The object must be refreshed from the list to see if it wasn't yet
destroyed if the wait times out.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The get_ipcpd_by_dst function was returning the hash length of the
last IPCP in the list instead of the length of the actual hash.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
| |
If the mainloop is cancelled during a write, the response buffer
leaks.
The IRMd now warns about failed writes only when the error is not
EPIPE, as EPIPE is expected to happen with timed out requests.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The timeout was set to a value calculated as abstime for a cond_wait
instead of a timeout, causing flows to linger in the IPCP.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
| |
Destroying a process will now always be done with reg_destroy_proc,
regardless of whether it was an IPCP or spawned. This makes it easier
to keep the registry consistent and avoid races.
Also improves some logs and updates some default settings.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
If a flow allocation times out just before the response, there is a
short window where the response will still find the flow, but in
DEALLOCATED state.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This revises the application flow allocator to use the flow_info
struct/message between the components. Revises the messaging to move
the use protocol buffers to its own source (serdes-irm).
Adds a timeout to the IRMd flow allocator to make sure flow
allocations don't hang forever (this was previously taken care of by
the sanitize thread).
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
