clang-format: update latest spec and reformat

Copy the latest format file from the docs repository and apply.

Change-Id: I2a188ebd3faf376ecba3e20ef6a28ffbaa986628
Signed-off-by: Patrick Williams <p

clang-format: update latest spec and reformat

Copy the latest format file from the docs repository and apply.

Change-Id: I2a188ebd3faf376ecba3e20ef6a28ffbaa986628
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda forma

clang-format: re-format for clang-18

clang-format-18 isn't compatible with the clang-format-17 output, so we
need to reformat the code with the latest version. The way clang-18
handles lambda formatting also changed, so we have made changes to the
organization default style format to better handle lambda formatting.

See I5e08687e696dd240402a2780158664b7113def0e for updated style.
See Iea0776aaa7edd483fa395e23de25ebf5a6288f71 for clang-18 enablement.

Change-Id: I8d0072c279e4de87dc001190845d0ca6da233345
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

clang-format: copy latest and re-format

clang-format-17 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-17 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.

Change-Id: I5278656122f19da46fcd0a84bc96af420d4cb8bd
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest

clang-format: copy latest and re-format

clang-format-16 has some backwards incompatible changes that require
additional settings for best compatibility and re-running the formatter.
Copy the latest .clang-format from the docs repository and reformat the
repository.

Change-Id: I862ed296ce1f42dba7047a74540d9004ad78130c
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

show more ...

Change expires_from_now to expires_after

This allows the code to compile with BOOST_ASIO_NO_DEPRECATED, which
deprecated this timer method a few years ago.

Change-Id: I4318788fe1034290b509a79135053

Change expires_from_now to expires_after

This allows the code to compile with BOOST_ASIO_NO_DEPRECATED, which
deprecated this timer method a few years ago.

Change-Id: I4318788fe1034290b509a79135053d39835c6de5
Signed-off-by: Ed Tanous <edtanous@google.com>

show more ...

logging: switch to lg2

After switching to C++20, it is recommended to use `phosphor::lg2`
to format log, and the correct `CODE_LINE` and `CODE_FUNC` values
can be used in log tracking.

Signed-off-b

logging: switch to lg2

After switching to C++20, it is recommended to use `phosphor::lg2`
to format log, and the correct `CODE_LINE` and `CODE_FUNC` values
can be used in log tracking.

Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I4aabaafe997e13c10d655a83a9ef0071ad11126e

show more ...

sdbusplus: use shorter type aliases

The sdbusplus headers provide shortened aliases for many types.
Switch to using them to provide better code clarity and shorter
lines. Possible replacements are

sdbusplus: use shorter type aliases

The sdbusplus headers provide shortened aliases for many types.
Switch to using them to provide better code clarity and shorter
lines. Possible replacements are for:
* bus_t
* exception_t
* manager_t
* match_t
* message_t
* object_t
* slot_t

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: Ic68a12ef7c12222b1300981282161c971b561dc1

show more ...

Update to latest clang-format

Refer:https://github.com/openbmc/docs/blob/ac5d544553934f8083c61c5986a1420261bc8a4c/style/cpp/.clang-format

Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id:

Update to latest clang-format

Refer:https://github.com/openbmc/docs/blob/ac5d544553934f8083c61c5986a1420261bc8a4c/style/cpp/.clang-format

Signed-off-by: George Liu <liuxiwei@inspur.com>
Change-Id: I1e06864afc29ce7de463e62fa2a0eb6f70e8fd93

show more ...

Session cleaner is active until sessions close

The session cleaner needs to be active as long as there are active
sessions. This is what culls stale sessions, whether fully set up or
only a partial

Session cleaner is active until sessions close

The session cleaner needs to be active as long as there are active
sessions. This is what culls stale sessions, whether fully set up or
only a partial set up. The timeout needed for the next cleanup depends
on how many active sessions there are, with a faster cleanup time when
the BMC is short on resources, hoping to close idle sessions sooner.

Previously there was a corner case that did not get caught, which is
that if there is only one session, the cleaner would fail to run unless
another session started. This is because the first session would call
cleanup prior to fully activating the session, but then because it was
not activated, the cleanup code would not reschedule the cleaner.

Now the new session calls cleanup and then also schedules a clean for
later. But with each new session doing that, code needed to be added so
that during times of stress, the new sessions did not increase the next
cleaning timeout. So a new cleanup is only scheduled if one is not
already scheduled or if it is sooner than the currently scheduled
timeout.

Tested:
ran a single RMCPP connection and waited for an idle timeout
ran many concurrent RMCPP connections to see that the idle timeout
decreased as the number of sessions increased.

Change-Id: I33347f62b8a14835e711bd0e7dbe6e50bb8bce64
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

Fix Klocwork Issue:bitwise operation size mismatch

Bitwise operation on different bit sizes.
Fixed by static_cast to larger integer size.

Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kum

Fix Klocwork Issue:bitwise operation size mismatch

Bitwise operation on different bit sizes.
Fixed by static_cast to larger integer size.

Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Change-Id: I1f225e487f1b9f3a06fb992aa949fe1a229b5e91

show more ...

Be more proactive at removing stale sessions

The maximum number of sessions is set to limit total resources that
netipmid is allowed to use. But it also opens a door to DoS attacks that
would use up

Be more proactive at removing stale sessions

The maximum number of sessions is set to limit total resources that
netipmid is allowed to use. But it also opens a door to DoS attacks that
would use up all the sessions and then never close them. This new
mechanism will allow extra sessions, especially if they are short and
active. As the number of sessions grows beyond the desired maximum, the
reaping time becomes shorter and shorter to ensure that only actual
active sessions are kept.

This introduces a variable max idle time that starts at 60s, according
to the IPMI spec, for up to the desired maximum number of sessions per
channel (currently 15). Beyond 15 sessions, The idle time is reduced
proportionally to the inverse^3 of the number of sessions beyond the
desired maximum.

Some sample maximum idle times for active sessions this new scheme:
Idle time for up to 15 sessions stays at 60s
Idle time for 16 sessions is reduced to 7.5s
Idle time for 20 sessions is reduced to 277ms
Idle time for 24 sessions is reduced to 60ms

For sessions in setup, the idle times are calculated the same as for
active sessions, but use the full session count (active and setup) and
are limited to a maximum idle time of 3 seconds.

One other feature added is to schedule session cleaning when a Close
Session command is received. Without this, sessions that are in the
shutDownPending state would live on for much longer than needed. Really,
the session only needs to live long enough to prepare the response
message, but curretly there is no mechanism to remove just that one
session from that context.

Tested: Open lots of sessions and wait for them to get reaped
$ for ((i=0; i<16; i++)); do \
ipmitool -C 17 -I lanplus -H $HOST -U $USR -P $PW sensor list & \
done
$ for ((i=0; i<10; i++)); do \
ipmitool -C 17 -I lanplus -H $HOST -U $USR -P $PW mc info & \
done

In this case, the first 16 sessions will open just fine, but with
a slightly shorted idle time (no problems). The next ten sessions
may or may not all get to open, because the number of setup
sessions open simultaneously will severely limit the idle time of
the setup sessions, causing some of them to fail to fully open.

Change-Id: Iae2e68c7192f3f5a2cafa8e825aa025454405c84
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

netipmid: Manage and expose session object

Session (RMCP+) is managed by net-ipmid directly, but
session commands has to be supported in both LAN & other
session-less interfaces. In order to make se

netipmid: Manage and expose session object

Session (RMCP+) is managed by net-ipmid directly, but
session commands has to be supported in both LAN & other
session-less interfaces. In order to make session commands
to work in other interfaces, session objects must be
exposed as D-Bus objects, so that ipmi-providers can
query the same.

Tested:
1. Verified that RMCP+ session are perfectly working
2. Verified RMCP+ session establishment fails for wrong
password
3. Verified that session privilege level are maintained
and access are restricted accordingly
4. Verified session timeout and sessions are destroyed
accordingly after timeout
5. verified max session count working behavior
6. verified ipmi-providers responding with proper response for this
(or D-Bus objects are exposed correctly during session creation,
session deletion,session update,
(like privilege, - say even set session privilege level command)
7.Session objects are created dynamically.

Change-Id: I78a8449359877ef6cc4cd8161d8c67e6e54eb52b
Signed-off-by: Suryakanth Sekar <suryakanth.sekar@linux.intel.com>

show more ...

netipmid: replace std::cerr with phosphor::logging calls

This is part of a cleanup and standardization effort of code to get
existing code up to date.

Change-Id: I0c982ef8d7afa2f56a9cd204bb8ac31127

netipmid: replace std::cerr with phosphor::logging calls

This is part of a cleanup and standardization effort of code to get
existing code up to date.

Change-Id: I0c982ef8d7afa2f56a9cd204bb8ac3112769641c
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

netipmid: startSession does not need to call getSession

Change-Id: Id0e482705e8fda39270ec2e6c3534f81d11797b3
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

netipmid: use libcrypto prng instead of insecure std::rand

std::rand is insecure. Add a simple openssl-crypto wrapper for a similar
interface that can replace it.

Tested-by: Run ipmitool six times

netipmid: use libcrypto prng instead of insecure std::rand

std::rand is insecure. Add a simple openssl-crypto wrapper for a similar
interface that can replace it.

Tested-by: Run ipmitool six times in parallel to see that five
independent sessions are created and the sixth one causes the
BMC to dump the session list on the console. Note that the
session numbers are still random.

Change-Id: I0b387f1343abefc45be0d62cf9af45fbd5563047
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

netipmid: use std::shared_ptr instead of weak_ptr/lock

All of the instances of getSession and startSession were assigning the
result to a local shared_ptr via lock on the weak_ptr. It doesn't make
s

netipmid: use std::shared_ptr instead of weak_ptr/lock

All of the instances of getSession and startSession were assigning the
result to a local shared_ptr via lock on the weak_ptr. It doesn't make
sense to demote the shared_ptr (from the sessionsMap) to a weak_ptr via
the return, only to promote to a shared_ptr again via lock.

Tested-by: running ipmitool -H a.b.c.d -P 0penBmc -I lanplus mc info
Sessions start and stop, same as before.

Change-Id: Ic10779285891d73ee51115f16ed0000b38d1c52a
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

netipmid: apply clang-format rules

Lots of whitespace change. Let clang-format do its job and keep the code
looking nice.

Change-Id: Idfcad1a99cab8170d55a06163de8ad3f420b68b7
Signed-off-by: Vernon

netipmid: apply clang-format rules

Lots of whitespace change. Let clang-format do its job and keep the code
looking nice.

Change-Id: Idfcad1a99cab8170d55a06163de8ad3f420b68b7
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

Spelling fixes

Spelling errors found using github.com/lucasdemarchi/codespell
A tool to fix common misspellings.
This tool is licensed under GNU General Public License, version 2.

Change-Id: I30765

Spelling fixes

Spelling errors found using github.com/lucasdemarchi/codespell
A tool to fix common misspellings.
This tool is licensed under GNU General Public License, version 2.

Change-Id: I30765c0f799dabdb44b705a9720014db9a1b21df
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>

show more ...

Add support for cipher suite 17

cipher suite 17 uses RAKP_HMAC_SHA256 for authentication and
RAKP_HMAC_SHA256_128 for integrity. This adds those in and fixes up the
lookups so the stack knows about

Add support for cipher suite 17

cipher suite 17 uses RAKP_HMAC_SHA256 for authentication and
RAKP_HMAC_SHA256_128 for integrity. This adds those in and fixes up the
lookups so the stack knows about the new algorithms.

Change-Id: Icdc66563d08060fc0e541ceaf3bee9dd5f89fdb2
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

Prepare for adding RMCP+ cipher suite 17

In many places, there are baked-in assumptions about algorithms that tie
the session initiation to cipher suite 3. This commit teases out those
assumptions a

Prepare for adding RMCP+ cipher suite 17

In many places, there are baked-in assumptions about algorithms that tie
the session initiation to cipher suite 3. This commit teases out those
assumptions and prepares for the next patch that actually adds in the
new authentication and integrity algorithms to support cipher suite 17.

Change-Id: I2ee3672a7c503b89c5ff0aba30cf7a4601e24d04
Signed-off-by: Vernon Mauery <vernon.mauery@linux.intel.com>

show more ...

sol: Handle deactivate payload correctly when session is closed

Resolves openbmc/openbmc#1781
Resolves openbmc/openbmc#2053

Change-Id: Iabb61fc510d33a4132e7ad07184eb8847301b686
Signed-off-by: Tom J

sol: Handle deactivate payload correctly when session is closed

Resolves openbmc/openbmc#1781
Resolves openbmc/openbmc#2053

Change-Id: Iabb61fc510d33a4132e7ad07184eb8847301b686
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

show more ...

Authentication Algo keeps record of the Confidentiality algo

The confidentiality algo negotiated during Open Session Request
would be stored in the Authentication algorithm and is activated
once the

Authentication Algo keeps record of the Confidentiality algo

The confidentiality algo negotiated during Open Session Request
would be stored in the Authentication algorithm and is activated
once the session setup is successful.

Change-Id: I4d5efd71a992dd0cf505bcf7a6d9ebb394bcb880
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

show more ...

Authentication Algorithm keeps record of the Integrity algo

The Integrity algorithm negotiated during Open Session Request
would be stored in the Authentication algorithm and is
activated once the s

Authentication Algorithm keeps record of the Integrity algo

The Integrity algorithm negotiated during Open Session Request
would be stored in the Authentication algorithm and is
activated once the session setup is successful.

Change-Id: I780680c8991487f8fd9030217793f2b0d0fa8a25
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

show more ...

Session Commands Implementation

Implements Set Session Privilege Command and Close Session
command.

Change-Id: I18aeee7bcae48db3eb8a61292c9333ca2304dcf1
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.

Session Commands Implementation

Implements Set Session Privilege Command and Close Session
command.

Change-Id: I18aeee7bcae48db3eb8a61292c9333ca2304dcf1
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

show more ...

Sessions Manager to manage IPMI sessions

IPMI Sessions manager is responsible for managing IPMI sessions and
routines for starting and stopping sessions.

Change-Id: Ic5c559fdc0dab0145e463689026c2f1

Sessions Manager to manage IPMI sessions

IPMI Sessions manager is responsible for managing IPMI sessions and
routines for starting and stopping sessions.

Change-Id: Ic5c559fdc0dab0145e463689026c2f1c66f24a59
Signed-off-by: Tom Joseph <tomjoseph@in.ibm.com>

show more ...