2
0
mirror of https://github.com/xcat2/xNBA.git synced 2024-11-28 12:19:46 +00:00
Commit Graph

4586 Commits

Author SHA1 Message Date
Jarrod Johnson
6962fae86e Have time check come after root certificate check
Thinking is that if the *CA* certificate is the certificate signing the server,
then they can say whatever they want.  Given the propensity of firmware
clocks to be off, this seems like a reasonably comfortable compromise.
2014-03-07 16:15:29 -05:00
Jarrod Johnson
ab7d5e8983 Revert "From: Alexander Chernyakhovsky <achernya@google.com>"
This reverts commit 7baf1781fb.
2013-11-02 08:14:37 -04:00
Jarrod Johnson
89e0b3c8ba Implement some EFI compliant entropy provider for use in SSL
For now, mimick the rtc_entropy by using timers and TSC jitter.
When UEFI 2.4 is more accessible to develop/test against, should
add a path to take advantage of the RNG protocol it provides
to supplement this scheme.
2013-10-31 18:19:42 -04:00
Jarrod Johnson
7baf1781fb From: Alexander Chernyakhovsky <achernya@google.com>
Date: Thu, 25 Jul 2013 21:35:14 -0400
        Subject: [PATCH 1/3] Implement subject-alt-name and wildcard certificates
2013-10-22 19:35:46 -04:00
Jarrod Johnson
be3c393dbf Revert "From: Alexander Chernyakhovsky <achernya@google.com>"
This reverts commit 6b435d458a.
2013-10-22 19:07:44 -04:00
Jarrod Johnson
6b435d458a From: Alexander Chernyakhovsky <achernya@google.com>
Date: Thu, 25 Jul 2013 21:35:14 -0400
Subject: [PATCH 1/3] Implement subject-alt-name and wildcard certificates
2013-10-15 13:58:41 -04:00
Jarrod Johnson
d603ea68c4 Merge branch 'master' of https://git.ipxe.org/ipxe
Conflicts:
	src/config/general.h
2013-10-01 08:46:03 -04:00
Michael Brown
7405685df2 [cmdline] Add "nstat" command
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-09-25 14:36:36 +01:00
Michael Brown
37ccbd301d [neighbour] Add nstat() function to print out neighbour table
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-09-25 14:36:30 +01:00
Michael Brown
cba22d36b7 [build] Work around bug in gcc >= 4.8
Commit 238050d ("[build] Work around bug in gcc >= 4.8") works around
one instance of a bug in recent versions of gcc, in which "ebp" cannot
be specified within an asm clobber list.

Some versions of gcc seem to exhibit the same bug on other points in
the codebase.  Fix by changing all instances of "ebp" in a clobber
list to use the push/pop %ebp workaround instead.

Originally-implemented-by: Víctor Román Archidona <contacto@victor-roman.es>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-09-25 12:55:46 +01:00
Michael Brown
a9fa0d5f2b [ipv6] Add inet6_aton()
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-09-11 11:27:13 +01:00
Michael Brown
8dd180f165 [tcp] Reduce path MTU to 1280 bytes
The path MTU is currently hardcoded to 1460 bytes, which fails to
allow space for TCP options.  Sending a maximum-sized datagram (which
is viable when using HTTP POST) will therefore fail since the Ethernet
MTU will be exceeded.

Reduce the hardcoded path MTU to produce a maximum datagram of 1280
bytes, which is the size required of data link layers by IPv6.  It is
a reasonable assumption that all intermediary data link layers will be
able to convey this packet without fragmentation, even for IPv4.

Note that this reduction has a minimal impact upon download
throughput, since it affects only the transmit data path.

Originally-fixed-by: Suresh Sundriyal <ssundriy@vmware.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-09-04 17:48:58 +01:00
Michael Brown
8aaa48beb8 [ipv6] Fix uninitialised-variable warning
Fix uninitialised-variable warning reported by gcc 4.5.2.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-09-03 20:01:17 +01:00
Michael Brown
f7f3087cc5 [ipv6] Replace IPv6 stack
Replace the existing partially-implemented IPv6 stack with a fresh
implementation.

This implementation is not yet complete.  The IPv6 transmit and
receive datapaths are functional (including fragment reassembly and
parsing of arbitrary extension headers).  NDP neighbour solicitations
and advertisements are supported.  ICMPv6 echo is supported.

At present, only link-local addresses may be used, and there is no way
to specify an IPv6 address as part of a URI (either directly or via
a DNS lookup).

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-09-03 16:30:46 +01:00
Michael Brown
43307b4e39 [ipv4] Abstract out protocol-specific portions of "route" command
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-09-03 16:30:18 +01:00
Michael Brown
c6a04085d2 [neighbour] Generalise concept of neighbour discovery
Split the protocol-independent portions of arp.c into a separate file
neighbour.c, to allow for sharing of functionality between IPv4+ARP
and IPv6+NDP.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-09-03 02:02:58 +01:00
Michael Brown
6bf36f57a0 [tcpip] Pass through network device to transport layer protocols
NDP requires knowledge of the network device on which a packet was
received.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-09-03 02:02:58 +01:00
Michael Brown
8a2dc7a588 [linux] Apply MAC address prior to registering network device
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-09-03 02:02:58 +01:00
Michael Brown
0f787df284 [ethernet] Add support for generating multicast hash for IPv6 addresses
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-09-03 02:02:51 +01:00
Michael Brown
0b65c8cad6 [netdevice] Add method for generating EUI-64 address from link-layer address
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-09-03 01:24:15 +01:00
Michael Brown
d5f69e9388 [netdevice] Add concept of a network device index
IPv6 link-local socket addresses require some way to specify a local
network device.  We cannot simply use a pointer to the network device,
since a struct sockaddr_in6 may be long-lived and has no way to hold a
reference to the network device.

Using a network device index allows a socket address to cleanly refer
to a network device without worrying about whether or not that device
continues to exist.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-09-03 01:24:15 +01:00
Michael Brown
c9ed9cb4e7 [netdevice] Increase maximum network-layer address length
IPv6 uses 16-byte network-layer addresses.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-09-03 01:24:15 +01:00
Michael Brown
22a0c4475c [ipv4] Generalise fragment reassembly mechanism
Generalise the concept of fragment reassembly to allow for code
sharing between IPv4 and IPv6 protocols.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-27 16:39:43 +01:00
Michael Brown
ae0124cd40 [linux] Give tap devices a name and bus type
Give tap devices a meaningful name, and avoid segmentation faults when
attempting to retrieve ${net0/bustype} by assigning a new bus type for
tap devices.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-27 16:39:43 +01:00
Michael Brown
3e975ecf3f [settings] Make built-in settings a linker table
Allow for configurable provision of built-in settings by placing them
in a linker table rather than an array.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-27 13:46:12 +01:00
Jarrod Johnson
6dd24974fa Merge branch 'master' of https://git.ipxe.org/ipxe
Conflicts:
	src/config/general.h
2013-08-20 11:39:22 -04:00
Thomas Miletich
6d72b498c2 [3c90x] Fix High-MTU packet reception
Prevent the card from flagging packets of 1518 bytes length as
overlength.

This fixes the High-MTU loopback test.

Signed-off-by: Thomas Miletich <thomas.miletich@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-20 14:38:33 +01:00
Thomas Miletich
e5f6471525 [3c90x] Don't round up transmit packet length
The 3c90x B and C revisions support rounding up the packet length to a
specific boundary.  Disable this feature to avoid overlength packets.

This fixes the loopback test.

Signed-off-by: Thomas Miletich <thomas.miletich@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-20 14:37:05 +01:00
Thomas Miletich
b324a9c243 [3c90x] Stall upload engine before setting RX ring address
According to the 3c90x datasheet we have to stall the upload (receive)
engine before setting the receive ring address.

Signed-off-by: Thomas Miletich <thomas.miletich@gmail.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-20 14:34:53 +01:00
Michael Brown
82e452d427 [http] Add support for HTTP POST
Allow HTTP POST requests to be generated when the URI includes a
parameter list.  For example:

  #!ipxe
  params
  param mac ${net0/mac}
  param uuid ${uuid}
  param asset ${asset}
  chain http://boot.ipxe.org/demo/boot.php##params

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-19 17:22:58 +01:00
Michael Brown
e52380fa3b [uri] Allow URIs to incorporate a parameter list
HTTP POST requires the ability to associate a parameter list with a
URI.  There is no standardised syntax for this.  Use a non-standard
URI syntax to incorporate the specification of a parameter list within
a URI:

  URI = [ absoluteURI | relativeURI ]
	[ "#" fragment ] [ "##params" [ "=" paramsName ] ]

e.g.

  http://boot.ipxe.org/demo/boot.php##params
  http://boot.ipxe.org/demo/boot.php##params=mylist

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-19 17:22:58 +01:00
Michael Brown
430c3fb900 [cmdline] Add "params" and "param" commands to manage form parameter lists
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-19 17:22:58 +01:00
Michael Brown
564419c7e1 [params] Add support for the general concept of a form parameter list
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-19 17:22:52 +01:00
Jarrod Johnson
dde0935447 Merge branch 'master' of https://git.ipxe.org/ipxe
Conflicts:
	src/config/general.h
	src/net/netdev_settings.c
	src/net/tcp.c
2013-08-15 14:43:09 -04:00
Michael Brown
c692a690da [settings] Expose memory map via settings mechanism
Allow memory map entries to be read using the syntax

  ${memmap/<region>.<properties>.<scale>}

where <region> is the index of the memory region, <properties> is a
bitmask where bit 0 represents the start address and bit 1 represents
the length (allowing the end address to be encoded by having both bits
0 and 1 set), and <scale> is the number of bits by which to shift the
result.

This allows for several values of interest to be encoded.  For
example:

  ${memmap/<region>.1.0:hexraw}   # 64-bit start address of <region>
  ${memmap/<region>.2.0:hexraw}   # 64-bit length of <region>, in bytes
  ${memmap/<region>.3.0:hexraw}   # 64-bit end address of <region>
  ${memmap/<region>.2.10:int32}   # Length of <region>, in kB
  ${memmap/<region>.2.20:int32}   # Length of <region>, in MB

The numeric encoding is slightly more sophisticated than described
here, allowing a single encoding to cover multiple regions.  (See the
source code for details.)  The primary use case for this feature is to
provide the total system memory size (in MB) via the "memsize"
predefined setting.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-12 22:00:36 +01:00
Michael Brown
55daa953fb [settings] Allow numeric_setting_value() to handle long setting values
Allow numeric_setting_value() to handle e.g. the byte sequence

  00:00:00:00:12:34:56:78

by returning -ERANGE only if the value actually overflows the return
type.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-12 18:25:18 +01:00
Michael Brown
d105627928 [test] Add self-tests for snprintf()
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-12 17:02:50 +01:00
Michael Brown
55201e2d0e [settings] Expose CPUID instruction via settings mechanism
Allow CPUID values to be read using the syntax

  ${cpuid/<register>.<function>}

For example, ${cpuid/2.0x80000001} will give the value of %ecx after
calling CPUID with %eax=0x80000001.  Values for <register> are encoded
as %eax=0, %ebx=1, %ecx=2, %edx=3.

The numeric encoding is more sophisticated than described above,
allowing for settings such as the CPU model (obtained by calling CPUID
with %eax=0x80000002-0x80000004 inclusive and concatenating the values
returned in %eax:%ebx:%ecx:%edx).  See the source code for details.

The "cpuvendor" and "cpumodel" settings provide easy access to these
more complex CPUID settings.

This functionality is intended to complement the "cpuid" command,
which allows for testing individual CPUID feature bits.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-07 12:06:28 +01:00
Marin Hannache
53c01d6444 [nfs] Fix an issue with the selection of a local port
Reported-by: Robin Smidsrød <robin@smidsrod.no>
Signed-off-by: Marin Hannache <git@mareo.fr>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-06 15:58:35 +01:00
Michael Brown
252d28f098 [tcpip] Allow binding to unspecified privileged ports (below 1024)
Originally-implemented-by: Marin Hannache <git@mareo.fr>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-06 15:56:54 +01:00
Michael Brown
0350682865 [ipv6] Rename sin_{family,port} to sin6_{family,port} in struct sockaddr_in6
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-06 15:55:23 +01:00
Michael Brown
e972057381 [udp] Move high-frequency debug messages to DBGLVL_EXTRA
This makes it possible to leave UDP debugging enabled in order to see
interesting UDP events, without flooding the console with at least one
message per packet.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-06 15:52:31 +01:00
Michael Brown
b76885165e [cmdline] Add "pciscan" command to allow iteration over PCI devices
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-05 13:51:21 +01:00
Michael Brown
6d910559b3 [pci] Add pci_find_next() to iterate over existent PCI devices
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-05 13:51:16 +01:00
Michael Brown
2b869786c5 [cmdline] Add "inc" command
The "inc" command allows the numeric value of a setting to be
incremented, allowing for the construction of simple loops within an
iPXE script.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-01 14:42:28 +01:00
Michael Brown
c70d4cb1b3 [settings] Introduce the generalised concept of a numeric setting
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-08-01 14:39:58 +01:00
Michael Brown
31f5211035 [script] Allow commands following a script label
Allow commands to be placed on the same line as a label.  This allows
for improved legibility of loop constructions by incorporating the
loop check condition into the same line as the loop label.  For
example, to iterate over network devices using the forthcoming "inc"
command:

  set idx:int16 0
  :loop isset ${net${idx}/mac} || goto loop_done
    echo net${idx} is a ${net${idx}/chip} with MAC ${net${idx}/mac}
    inc idx && goto loop
  :loop_done

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-07-25 13:22:43 +01:00
Michael Brown
7fc18ea8ab [script] Allow initial whitespace on lines containing labels
Initial whitespace is already accepted on lines containing commands,
since it gets ignored by the system() call.  Minimise surprise and
allow for neater indentation of scripts by also allowing whitespace on
lines containing labels.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-07-25 13:03:42 +01:00
Michael Brown
bd6c3a1886 [settings] Remove now-unused fetchf_named_setting() and storef_named_setting()
Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-07-22 16:39:32 +01:00
Michael Brown
652abb6706 [settings] Eliminate calls to {fetch,store}f_named_setting() in NVO commands
A deliberate side effect of this commit is that the "read" command
will now preserve the type of the setting, if the setting name
contains no type information.  For example:

  iPXE> set foo:ipv4 192.168.0.1
  iPXE> read foo
  192.168.0.100
  iPXE> show foo
  foo:ipv4 = 192.168.0.100

rather than the arguably unexpected behaviour of resetting the type to
"string".

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2013-07-22 16:39:26 +01:00