Ouroboros main repository http://133.ip-51-38-114.eu/cgit/ouroboros/atom?h=0.23.0 2026-02-18T07:02:16+00:00 2026-02-18T07:02:16+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-02-15T16:54:30+00:00 urn:sha1:079035dbf4890e667c5e931295a1c24f28d9c0df Embed git commit hash into version.h and irmd --version output using git describe. Regenerated at build time to stay current across commits. Ouroboros version MAJOR.MINOR.PATCH (TAG-COMMITS-GHASH-dirty) Example for dirty work tree (uncommitted changes): $ irmd --version Ouroboros version 0.22.0 (0.22.0-36-g86dba544-dirty) Example after commit: $ sudo irmd --version Ouroboros version 0.22.0-37-g55fa9445 Officical release (on tag): Ouroboros version 0.22.0 Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-02-13T08:22:29+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2026-02-02T21:50:17+00:00 urn:sha1:3796f6b04b5fce183e5480b57725545cda033f99 This moves the build definitions back to src/ subdirectories (CMakeLists.txt per component). Configuration and dependencies are kept out of tree. Configuration options are bundled into cmake/config/ modules. Dependencies are grouped by component (system/, crypt/, eth/, coverage/, etc.). It now consistently uses target-based commands (target_include_directories, target_link_libraries) instead of global include_directories(). Proper PRIVATE/PUBLIC visibility for executable link libraries. CONFIG_OUROBOROS_DEBUG now properly set based on being a valid debug config (not just checking the string name). It also adds OuroborosTargets export for find_package() support and CMake package config files (OuroborosConfig.cmake) for easier integration with CMake projects. The build logic now follows more idiomatic CMake practices with configuration separated from target definitions. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2026-01-07T09:00:06+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-12-23T10:59:45+00:00 urn:sha1:48c294105f5123dc876fbad199ec1e0166d82a18 This moves the CMake build logic out of the source tree and splits it up into a more modular form. The tests now have a CMakeLists.txt file in their respective source directory. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2025-12-22T11:13:08+00:00 Thijs Paelman thijs@ouroboros.rocks 2025-12-06T12:31:54+00:00 urn:sha1:512004f0a2a4a4a9b95312505202af8a7872873b A valid but empty config file is placed at install. This does not overwrite old config files. It is also not removed on uninstall. Signed-off-by: Thijs Paelman <thijs@ouroboros.rocks> Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> 2025-11-24T12:30:34+00:00 Thijs Paelman thijs@ouroboros.rocks 2025-11-11T19:57:39+00:00 urn:sha1:acdbb2901ee93aa84fbc6d740a230061e5bfaab1 Be clear that OUROBOROS_CONFIG_DIR should be an absolute path, since the systemd service file depends on this, and most defined variables in the code (security directory and derived). Signed-off-by: Thijs Paelman <thijs@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2025-11-07T07:35:48+00:00 Thijs Paelman thijs@ouroboros.rocks 2025-11-03T21:40:55+00:00 urn:sha1:ed8a62f1cdca19c09caf52f2e36f45dafaa9cff8 By default, BUILD_TESTING = ON due to the inclusion of the CTest module. Signed-off-by: Thijs Paelman <thijs@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2025-08-18T18:57:23+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-08-13T07:03:20+00:00 urn:sha1:e35302ca0ab64edd21b9d8e40d3aa74a3a4f4f7e This adds initial implementation of peer authentication as part of flow allocation. If credentials are not provided, this will be accepted and logged as info that the flow is not authenticated. Certificates and keys are passed as .pem files. The key file should not be encrypted, else the IRMd will open a prompt for the password. The default location for these .pem files is in /etc/ouroboros/security. It is strongly recommended to make this directory only accessible to root. ├── security │ ├── cacert │ │ └── ca.root.o7s.crt.pem │ ├── client │ │ ├── <name> │ │ | ├── crt.pem │ │ | └── key.pem │ │ └── <name> | | ├──... | | │ ├── server │ │ ├── <name> │ │ | ├── crt.pem │ │ | └── key.pem │ │ └── <name> | | ├── ... | | │ └── untrusted │ └── sign.root.o7s.crt.pem Trusted root CA certificates go in the /cacert directory, untrusted certificates for signature verification go in the /untrusted directory. The IRMd will load these certificates at boot. The IRMd will look for certificates in the /client and /server directories. For each name a subdirectory can be added and the credentials in that directory are used to sign the OAP header for flows at flow_alloc() on the client side and flow_accept() on the server side. These defaults can be changed at build time using the following variables (in alphabetical order): OUROBOROS_CA_CRT_DIR /etc/ouroboros/security/cacert OUROBOROS_CLI_CRT_DIR /etc/ouroboros/security/client OUROBOROS_SECURITY_DIR /etc/ouroboros/security OUROBOROS_SRV_CRT_DIR /etc/ouroboros/security/server OUROBOROS_UNTRUSTED_DIR /etc/ouroboros/security/untrusted The directories for the names can also be configured at IRMd boot using the configuraton file and at runtime when a name is created using the "irm name create" CLI tool. The user needs to have permissions to access the keyfile and certificate when specifying the paths with the "irm name create" CLI tool. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> 2025-08-11T08:06:59+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-08-09T11:57:56+00:00 urn:sha1:10f70a0ab27c8b80b1dcb501147d64a851e7ad06 Until we have a more elaborate strategy for figuring out in which Layer a service is reachable, the IRMd queries the IPCPs for names. It currently does this in the order they are stored in the registry, and the idea was to do this ordered by IPCP type. That order got messed up when the registry was rewritten. This is now fixed, with a test. The default query timeout is also lowered from 20s to 200ms. It's better to let the IRMd fail and retry the flow allocation than spend 20s waiting for the link-state routing to converge on a layer that doesn't hold the name. This does wonders for tests using Rumba... Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2025-08-06T10:34:15+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-08-06T10:29:02+00:00 urn:sha1:fa1af6aaed6a46acd0af1600f4c63e79fcf9ff84 This is a rewrite of the DHT for name-to-address resolution in the unicast layer. It is now integrated as a proper directory policy. The dir_wait_running function is removed, instead the a DHT peer is passed on during IPCP enrolment. Each DHT request/response gets a random 64-bit ID ('cookie'). DHT messages to the same peer are deduped, except in the case when the DHT is low on contacts. In that case, it will contact the per it received at enrolment for more contacts. To combat packet loss, these messages are not deduped by means of a 'magic cookie', chosen at random when the DHT starts. The DHT parameters (Kademlia) can be set using the configfile or the IRM command line tools: if DIRECTORY_POLICY == DHT [dht_alpha <search factor> (default: 3)] [dht_k <replication factor> (default: 8)] [dht_t_expire <expiration (s)> (default: 86400)] [dht_t_refresh <contact refresh (s)> (default: 900)] [dht_t_replicate <replication (s)> (default: 900)] This commit also adds support for a protocol debug level (PP). Protocol debugging for the DHT can be enabled using the DEBUG_PROTO_DHT build flag. The DHT has the following message types: DHT_STORE, sent to k peers. Not acknowledged. DHT_STORE --> [2861814146dbf9b5|ed:d9:e2:c4]. key: bcc236ab6ec69e65 [32 bytes] val: 00000000c4e2d9ed [8 bytes] exp: 2025-08-03 17:29:44 (UTC). DHT_FIND_NODE_REQ, sent to 'alpha' peers, with a corresponding response. This is used to update the peer routing table to iteratively look for the nodes with IDs closest to the requested key. DHT_FIND_NODE_REQ --> [a62f92abffb451c4|ed:d9:e2:c4]. cookie: 2d4b7acef8308210 key: a62f92abffb451c4 [32 bytes] DHT_FIND_NODE_RSP <-- [2861814146dbf9b5|ed:d9:e2:c4]. cookie: 2d4b7acef8308210 key: a62f92abffb451c4 [32 bytes] contacts: [1] [a62f92abffb451c4|9f:0d:c1:fb] DHT_FIND_VALUE_REQ, sent to 'k' peers, with a corresponding response. Used to find a value for a key. Will also send its closest known peers in the response. DHT_FIND_VALUE_REQ --> [2861814146dbf9b5|ed:d9:e2:c4]. cookie: 80a1adcb09a2ff0a key: 42dee3b0415b4f69 [32 bytes] DHT_FIND_VALUE_RSP <-- [2861814146dbf9b5|ed:d9:e2:c4]. cookie: 80a1adcb09a2ff0a key: 42dee3b0415b4f69 [32 bytes] values: [1] 00000000c4e2d9ed [8 bytes] contacts: [1] [a62f92abffb451c4|9f:0d:c1:fb] Also removes ubuntu 20 from appveyor config as it is not supported anymore. Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks> 2025-08-06T08:34:44+00:00 Dimitri Staessens dimitri@ouroboros.rocks 2025-08-05T17:48:08+00:00 urn:sha1:a5f6ab5af03d9be6f3412d4dff67748908799e21 This adds a DEBUG_PROTO_OAP option to show some information in the OAP headers received by the IRMd during flow allocation. Example for unencrypted flow (send): OAP_HDR [528b7bf81df8e9bc @ 2025-08-05 17:05:29 (UTC) ] --> Certificate: <none> Ephemeral Public Key: <none> Data: <none> Signature: <none> Example for encrypted flow (rcv): OAP_HDR [4ff83072e0ed54b3 @ 2025-08-05 17:06:23 (UTC) ] <-- Certificate: <none> Ephemeral Public Key [91 bytes]: Data: <none> Signature: <none> Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks> Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>