| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Renames the allocation for head/tail to push/pop instead of
alloc/release as it's simpler and shorter. Took this approach insted
of adopting the kernel's push/pull/put/trim.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
| |
RXM_BUFFER_ON_HEAP and SSM_POOL_BLOCKS were no longer used.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add IPCP_ETH_SNDBUF/RCVBUF cmake build options so deployments can size
the AF_PACKET socket buffers without patching code. Drop the
O_NONBLOCK fcntl on the raw socket in favour of per-recvfrom
MSG_DONTWAIT so race-loser reader threads exit with EAGAIN without
spamming the log.
Track frame send failures and the SO_SNDBUF size in the eth/summary
RIB; log a one-shot warning when the kernel reports AF_PACKET drops.
Retry name queries up to NAME_QUERY_RETRIES times within
NAME_QUERY_TIMEO; a single lost ARP-style mgmt frame no longer fails
the query. Bump IRMd QUERY_TIMEOUT from 200 ms to 2200 ms so the IRMd
budget exceeds the new shim retry window.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
Mark ssm_pk_buff_get_off, _head, _tail, and _len as taking a const
struct ssm_pk_buff *. Cast through the flex array in _head and _tail
since the buffer view they return remains mutable.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
Add a -W/--timeout option to override the per-packet recv timeout.
The default is 2000 ms. Raises the receive buffer to 16 KiB so larger
SDUs aren't truncated (useful for fragmentation tests later on).
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
FRCT needs to know the MTU for fragmentation. The MTU is now passed
from the layer serving the flow to the process as part of flow
allocation.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The pthread_mutex_init and pthread_mutex_destroy were missing,
resulting in undefined behaviour.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
Introduce a generic 3-level / 256-slot deadline-ordered callback queue
(1 ms / 16 ms / 256 ms per-slot resolution at levels 0/1/2). Will
replace the existing timerwheel.c.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
Per-process flow / fd / fqueue limits are properties of a process, not
a program; align the naming. Mechanical rename of PROG_MAX_FLOWS,
PROG_RES_FDS, and PROG_MAX_FQUEUES to PROC_*.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
AF_PACKET under `tc netem duplicate`, produces an extra
PACKET_OUTGOING frame at the source that receive path didn't reject.
Read with recvfrom(2) and discard frames whose sll_pkttype is
PACKET_OUTGOING. Restores the dst-MAC check body (defense in depth,
also bumps n_bad_id) so any frame addressed neither to us nor the
broadcast MAC is dropped before flow lookup.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The threadpool manager (TPM) test unnecessarily included the source
instead of the header.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
| |
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
Moves the atomics macros that were defined between eth and ssm_pool to
their own header.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A duplicating link could deliver the same alloc request twice.
OAP detected the replay but still replied over the wire, so the
requester saw a second flow_alloc_reply on an already-allocated
flow and reg_respond_alloc tripped its PENDING-state assertion.
Add EREPLAY so the OAP server can signal replays distinctly;
flow_accept drops them silently. As a safety net, reg_respond_alloc
warn-drops late replies instead of asserting.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Adds an IPCP_ETH_FLOW_STATS cmake option (gated on HAVE_FUSE; default
off) exposing per-flow and aggregate frame counters at
/<ipcp>/eth/{summary,<fd>}.
Counters use RELAXED atomics; the macros expand to ((void) 0) when the
option is off. Per-flow and global counters live in nested stat
structs.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The test was not correctly taking the correct size class. Moved the
select_size_class to the common header so tests can use it.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The tools will now use the following convention:
0 — success
1 — runtime/I/O failure or packet loss
2 — setup failure
oping now uses a SIGALRM to exit on duration tests.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ssm_rbuff_close used to unmap the SHM page immediately, leaving any
in-flight peer-process thread that was inside pthread_mutex_lock or
pthread_cond_wait on the SHM-resident sync primitives reading freed
memory. Adds an n_users counter, bumped on entry and dropped on exit
of every function that touches the mutex / cond vars (write, write_b,
read, read_b, fini), and have ssm_rbuff_close poll-spin until the
counter drains before tearing down.
ssm_rbuff_read now re-checks IS_EMPTY after taking the mutex, plugging
a TOCTOU where two readers could both pass a lock-free fast path and
the loser would read a stale TAIL.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The RIB lock only needs to protect operations on the components
list. This avoids holding the lock on longer RIB reads.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
Asserting frame lengths coming from the wire was a severe flaw. Fixed
by gracefully dropping runt frames.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
| |
The shared memory pool is now offset based instead of block
index-based like the old shm_rdrbuff allocator. This renames the API
more consistently. Also changes variables names to off instead of idx
for consistency.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The pool_copy_spb function was consuming the packet buffer on error,
causing double free errors.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
Fixes detection of PMULL on aarch64 without crypto extensions. Adds a
crc64_nvme_step helper function in CRC64 to avoid code
duplication and cleans up the comments.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
| |
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
The internal flow allocator header had no checksum protection. While
it is protected by the Ethernet FCS, lacking a header checksum fails
netem corruption tests. It adds protection against in-memory bitflips.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
| |
These checksum will be handy for header checksums.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add CRC-64/NVMe implementation with compile-time hardware backend
selection:
x86 PCLMUL+SSE4.1 fold-by-16 (HAVE_PCLMUL)
aarch64 PMULL fold-by-16 when (HAVE_PMULL)
and a byte-table fallback.
It's added as HASH_CRC64 to enum hash_algo (in the internal-use-only
section after HASH_MD5). Both mem_hash() and hash_len() early-return
for HASH_CRC64 because libgcrypt has no CRC-64/NVMe.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add cmake/utils/CPUUtils.cmake providing detect_cpu_feature() plus
detect_pclmul() and detect_pmull() that compile-test for x86
PCLMULQDQ+SSE4.1 and aarch64 FEAT_PMULL respectively.
This will be useful for hardware accelerated CRC64/NVMe integrity
checks.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The oap.c source code was split into separate modules in the oap/
folder but some of it was never correctly removed.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
| |
i2d_X509() allocated buf->data via OPENSSL_malloc(), but callers free
it with freebuf() which uses free(). Fix by allocating with malloc()
and encoding directly into the buffer. Also replaces MSGBUFSZ with
CRYPT_KEY_BUFSZ (4096) for key material buffers and removes leftover
debug logging.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
Now uses calloc to zero the previously uninitialized security path
fields. Also fixes a check in protobuf.c
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The reg_test still had false-positive failures on slow machines /
woodpecker.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
When the server rejects the flow, the local didn't send the flow_alloc
response back to the IRMd, causing the irmd and client to time out
instead of being notified of the failed allocation immediately.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When auth_verify_crt fails (e.g., missing root CA),
crypt_get_pubkey_crt has already allocated pk but only crt was freed.
Adds a crypt_cleanup() function to wrap OpenSSL_cleanup(), as OpenSSL
lazily initializes a global decoder/provider registry the first time
PEM_read_bio or OSSL_DECODER_CTX_new_for_pkey is called, and this
leaves some memory owned by OpenSSL that triggers the leak sanitizer.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
This adds authentication tests to verify flows are rejected with a
missing root CA certificate in the store. Also adds one for the OAP
protocol.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The Global Shared Packet Pool (GSPP) was not correctly chowned to the
ouroboros group.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
| |
A merge conflict was left unresolved, resulting in compilation errors.
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
| |
Call freebuf(pbuf) before returning from each test thread
function. Since clrbuf zeroes pbuf.data to NULL on the success path,
free(NULL) is safe. On the failure path of reg_respond_*, it now
properly frees the still-allocated data.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes ECMP routing table to skip unreachable vertices with empty
forwarding lists, avoiding uninitialized nhop access. Replace inner
vertex list walk with bounded index loop instead of using a
list_for_each to track indices (which confuses the static analyzer as
it seems it can't prove the index remains valid). Remove spurious
free(*dist) on ECMP success path (caller frees).
Extract edge cleanup into free_edges helper in del_vertex to avoid a
static analyzer false positive.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
| |
Remove double-free in ssm_pool_destroy — ssm_pool_close already frees
the pool. The pool sharding test had a free spbs/ptrs on partial
malloc failure. Now initializes children array to -1 to prevent
reading uninitialized values.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
| |
The static analyzer complained about the struct in6_addr malloc being
converted to uint8_t *. Fixed by casting IN6_LEN to a size_t numeric
value instead of the direct sizeof.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
| |
Use the key in the store operation in the DHT, to avoid static
analyzer seeing it as being set without being used in release builds.
The length of the packet buffer is only used when tracking DT stats,
so should be set within the IPCP_FLOW_STATS guard.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows bypassing the IPCP for local processes that share the same
packet pool, lowering latency between processes to comparable levels
as Unix sockets (RTT in the order of a microsecond).
For local processes, no IPCPs are needed:
$ irm b prog oping n oping
$ oping -l
Ouroboros ping server started.
New flow 64.
Received 64 bytes on fd 64.
The direct IPC can be disabled with the DISABLE_DIRECT_IPC build
flag. Note that this is needed for rumba 'local' experiments to
emulate network topologies. Without this flag all processes will just
communicate directly.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Embed git commit hash into version.h and irmd --version output using
git describe. Regenerated at build time to stay current across
commits.
Ouroboros version MAJOR.MINOR.PATCH (TAG-COMMITS-GHASH-dirty)
Example for dirty work tree (uncommitted changes):
$ irmd --version
Ouroboros version 0.22.0 (0.22.0-36-g86dba544-dirty)
Example after commit:
$ sudo irmd --version
Ouroboros version 0.22.0-37-g55fa9445
Officical release (on tag):
Ouroboros version 0.22.0
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
A recent bulk rename of sdb -> spb (shm du buff to shm pkt buff)
unintentionally renamed the lsdb.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The DHT uses a struct {struct list_head, size_t len} pattern, which is
also useful in the registry and other places. Having a struct llist
(defined in list.h) with consistent macros for addition/deletion etc
removes a lot of duplication and boilerplate and reduces the risk of
inconsistent updates.
The list management is now a macro-only implementation.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
| |
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This replaces the single HAVE_OPENSSL_PQC/DISABLE_PQC with
per-algorithm CMake variables (ML-KEM, ML-DSA, SLH-DSA), gated by the
OpenSSL versions: ML-KEM and ML-DSA require >= 3.4, SLH-DSA >= 3.5.
SLH-DSA was already working, but now added explicit authentication
tests for it with a full certificate chain (root CA, intermediate CA,
server) to show full support.
Rename PQC test files and cert headers to use algorithm-specific names
(ml_kem, ml_dsa, slh_dsa) and move cert headers to
include/test/certs/.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
| |
The IRMd will now report a PQC algorithm in the enc.conf file if it is
not supported, instead of failing on KEM key generation.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When the server had no cipher configured, sk->nid was set to NID_undef
before negotiation and never updated, causing the response header to
encode NID_undef as the cipher — even though negotiate_kex() correctly
populated kcfg.c.nid from the client's request.
Adds a test for the KEM case where the client request encryption with
nothing specified server-side.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
|
