Ouroboros main repository http://www.ouroboros.rocks/cgit/ouroboros/atom?h=be 2026-05-06T07:04:55+00:00 2026-05-06T07:04:55+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-04-26T05:47:08+00:00 urn:sha1:8b5e03fff17dcfcdd73ed40d950ee998d7e9d9f1 The internal flow allocator header had no checksum protection. While it is protected by the Ethernet FCS, lacking a header checksum fails netem corruption tests. It adds protection against in-memory bitflips. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-03-14T10:23:59+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-03-07T19:54:31+00:00 urn:sha1:044da08973957b32703fe338eb95c5171ce471ba i2d_X509() allocated buf->data via OPENSSL_malloc(), but callers free it with freebuf() which uses free(). Fix by allocating with malloc() and encoding directly into the buffer. Also replaces MSGBUFSZ with CRYPT_KEY_BUFSZ (4096) for key material buffers and removes leftover debug logging. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-03-14T10:23:32+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-03-05T18:35:35+00:00 urn:sha1:03bcf516d67a72a6b019c0bcae7d088dcb701d8d When the server rejects the flow, the local didn't send the flow_alloc response back to the IRMd, causing the irmd and client to time out instead of being notified of the failed allocation immediately. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-02-22T15:05:00+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-02-21T11:22:42+00:00 urn:sha1:83533c990793b18628066196916851e6b34792df Fixes ECMP routing table to skip unreachable vertices with empty forwarding lists, avoiding uninitialized nhop access. Replace inner vertex list walk with bounded index loop instead of using a list_for_each to track indices (which confuses the static analyzer as it seems it can't prove the index remains valid). Remove spurious free(*dist) on ECMP success path (caller frees). Extract edge cleanup into free_edges helper in del_vertex to avoid a static analyzer false positive. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-02-22T15:04:16+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-02-21T11:05:11+00:00 urn:sha1:c9662b47be711c00f013ac4606dc86c9a2ad8201 Use the key in the store operation in the DHT, to avoid static analyzer seeing it as being set without being used in release builds. The length of the packet buffer is only used when tracking DT stats, so should be set within the IPCP_FLOW_STATS guard. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-02-18T07:00:14+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-02-15T14:55:37+00:00 urn:sha1:e9ac4a01f3b1389f7d4d39e0faa6936f17e881ab A recent bulk rename of sdb -> spb (shm du buff to shm pkt buff) unintentionally renamed the lsdb. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-02-18T06:58:21+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-02-15T11:26:04+00:00 urn:sha1:760e17f142eb5cc0f594f1383ae68bb63bebe9ee The DHT uses a struct {struct list_head, size_t len} pattern, which is also useful in the registry and other places. Having a struct llist (defined in list.h) with consistent macros for addition/deletion etc removes a lot of duplication and boilerplate and reduces the risk of inconsistent updates. The list management is now a macro-only implementation. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-02-18T06:54:56+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-02-15T09:21:02+00:00 urn:sha1:0d72b59c2964208ea34ce2322978344d7ff1a223 Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-02-18T06:53:35+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-02-17T21:37:39+00:00 urn:sha1:040bdfb18684d809cb5edacf9867d3378b7e093b This replaces the single HAVE_OPENSSL_PQC/DISABLE_PQC with per-algorithm CMake variables (ML-KEM, ML-DSA, SLH-DSA), gated by the OpenSSL versions: ML-KEM and ML-DSA require >= 3.4, SLH-DSA >= 3.5. SLH-DSA was already working, but now added explicit authentication tests for it with a full certificate chain (root CA, intermediate CA, server) to show full support. Rename PQC test files and cert headers to use algorithm-specific names (ml_kem, ml_dsa, slh_dsa) and move cert headers to include/test/certs/. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-02-13T08:22:29+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-02-07T12:01:42+00:00 urn:sha1:ec473cb9a6817bc748c4496a6dba719e7b751368 The IPCP_*_TARGET variables (e.g., set(IPCP_LOCAL_TARGET ipcpd-local)) were defined locally in each IPCP's CMakeLists.txt (e.g., CMakeLists.txt), but the configure_file() that substitutes @IPCP_LOCAL_TARGET@ into config.h.in runs in a sibling scope that is processed before ipcpd. Since CMake variables don't propagate between sibling directory scopes, all @IPCP_*_TARGET@ substituted to empty strings, resulting in IPCP_LOCAL_EXEC "". Moved the IPCP_*_TARGET definitions into the cmake/config/ipcp/*.cmake files so they are known when generating config.h. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>