This adds a Trusted Credential storage backend using the PSA
Protected Storage API, permitting storage of the credentials
offering a trusted long-term storage with integrity checks.
This implementation tries to fit the actual tls_credentials
implementation, with some slight differences:
- the buffer pointer returned by credetial_get & credential_next_get
is dynamically allocated and differs from the one given to
tls_credential_add since it's extracted from the storage at runtime.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Decouple the zephyr/net/socketcan.h and zephyr/drivers/can.h header files
by moving the SocketCAN utilities to their own header.
This is preparation for including the SocketCAN types defined in
socketcan.h in a native posix (Linux) SocketCAN driver context without name
clashes.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
Rename the SocketCAN header from socket_can.h to socketcan.h to better
match the naming of the functionality.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
Rename the SocketCAN utility functions to reflect the new naming of the CAN
controller API and SocketCAN API data types.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
Remove the "z" prefix from the public CAN controller API types as this
makes them appear as internal APIs.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
Rename the SocketCAN data types to "socketcan_*" in preparation of renaming
the low-level CAN controller API data types.
This breaks the naming compatibility with the similar SocketCAN data types
from the Linux kernel, but Zephyr and Linux SocketCAN are not 100%
compatible anyways (only the structure fields are compatible, extended
functionality such filtering, error reporting etc. are not).
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
This new implementation of pipes has a number of advantages over the
previous.
1. The schedule locking is eliminated both making it safer for SMP
and allowing for pipes to be used from ISR context.
2. The code used to be structured to have separate code for copying
to/from a wating thread's buffer and the pipe buffer. This had
unnecessary duplication that has been replaced with a simpler
scatter-gather copy model.
3. The manner in which the "working list" is generated has also been
simplified. It no longer tries to use the thread's queuing node.
Instead, the k_pipe_desc structure (whose instances are on the
part of the k_thread structure) has been extended to contain
additional fields including a node for use with a linked list. As
this impacts the k_thread structure, pipes are now configurable
in the kernel via CONFIG_PIPES.
Fixes#47061
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
mbedTLS library threshold initialization was done in native TLS socket
implementation (which tends to use mbedTLS now) and inside mbedTLS
benchmark test. Move that to mbedTLS module initialization, as this is a
global setting.
Update description of CONFIG_MBEDTLS_DEBUG_LEVEL to clarify when
mbedtls_debug_set_threshold() is called.
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
So far there was a debug log hook installed in TLS socket implementation.
However, mbedTLS (with debug enabled) might be used outside from TLS socket
and even outside from networking context.
Add new module, which implements debug log hook and makes it available
whenever CONFIG_MBEDTLS_DEBUG is enabled.
Note that debug hook needs to be installed for each mbedTLS context
separately, which means that this requires action from mbedTLS users, such
as TLS sockets implementation.
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
Client Registration update process may be reject by server
and this commit fix a case that it will jump to new state
which send registration message. Earlier RD client try
allocate message before only possible one was released.
Signed-off-by: Juha Heiskanen <juha.heiskanen@nordicsemi.no>
Queue mode without TLS cache was loosing buffered messages at
wake-up process from idle state. Now client context linked list
are initialized at rd client start process only 1 time.
Signed-off-by: Juha Heiskanen <juha.heiskanen@nordicsemi.no>
Remove NET_CONFIG_IEEE802154_DEV_NAME in favor of DT based choice using
zephyr,ieee802154.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Use DT choice zephyr,ieee802154 as CONFIG_NET_CONFIG_IEEE802154_DEV_NAME
is being phased out.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
In order to make the zperf to work regardless of the POSIX configuration
in the system, convert the socket API usage into Zephyr's native
zsock_* API.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Make a library out of the zperf shell sample. This makes to enable the
module in any application, not only the dedicated sample.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commit adds a check, in the `dns_read` function, before
dereferencing the query index returned by the `dns_validate_msg`
function.
This fixes the warnings generated by the GCC 12 such as:
error: array subscript -1 is below array bounds of
'struct dns_pending_query[5]' [-Werror=array-bounds]
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
When string and opaque types are uninitialized, we should
allow their data length to be zero. However, most content
formatters seem to calculate the string length separately
so replace the pointer of empty data into a static string
that is guaranteed to be empty.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
For most of the times it is not necessary to do a full registration
once a connection is established after a network error. This is in
particular not needed if lifetime is not yet expired and the server
does not refuse a registration update.
Signed-off-by: Andreas Chmielewski <andreas.chmielewski@grandcentrix.net>
Separate closing lwm2m context from closing socket. This patch is required
for the rd client to take more control over lwm2m context and the socket.
The goal is to close the socket and to keep the lwm2m context if this is
needed.
Signed-off-by: Andreas Chmielewski <andreas.chmielewski@grandcentrix.net>
Registration should only be updated if update of the registration was
succesful.
Signed-off-by: Andreas Chmielewski <andreas.chmielewski@grandcentrix.net>
This change decouples the IEEE 802.15.4 (L2) layer from all IPv6 (L3)
concerns.
Applications may now choose to set CONFIG_NET_6LO=n and
CONFIG_NET_L2_IEEE802154=y at the same time.
Setting CONFIG_NET_6LO=n will build a vanilla IEEE 802.15.4-2006 specs
compliant L2 layer without any reference to 6LoWPAN or IPv6. This allows
application developers to design custom non-IP protocols on top of
IEEE 802.15.4-2006 and thereby makes the L2 layer much more re-usable.
Fixes#48585.
Signed-off-by: Florian Grandel <jerico.dev@gmail.com>
New API for suspend and resume LwM2M engine.
New event LWM2M_RD_CLIENT_EVENT_ENGINE_SUSPENDED for indicate
application that engine is suspended.
Simplify stack suspend and resume state same time for queue mode.
New CONFIG_LWM2M_RD_CLIENT_SUSPEND_SOCKET_AT_IDLE for enable skip socket
close at RX_OFF_IDDLE state that socket is only suspended and close is
called only when connection is resumed.
Signed-off-by: Juha Heiskanen <juha.heiskanen@nordicsemi.no>
Code was limiting observations to resources and
resource instances without any reason.
Also if resource is written, and the whole object is observer
it should trigger. Path does not have to be matching on the
same level, if parent is observed.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
The packet socket implementation did not fill the address structure
provided by the application. This commit fixes this.
Note, that the implementation needs to cover two cases: SOCK_RAW and
SOCK_DGRAM. In the first case, the information is extracted directly
from the L2 header (curently only Ethernet supported). In latter case,
the header is already removed from the packet as the L2 has already
processed the packet, so the information is obtained from the net_pkt
structure.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commit removes the resource pointer NULL check inside the resource
enumeration loop of the `coap_well_known_core_get` function because the
expression `(resource + 1)` will never evaluate to NULL (aka. 0).
This fixes the "comparison will always evaluate as ‘true’ for the
pointer operand" warning generated by the GCC 12.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
These two macros just change the name of function call
* NOTIFY_OBSERVER
* NOTIFY_OBSERVER_PATH
I don't see any benefit of those, so I dropped them.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
There is a potential, corner case scenario, where a deadlock can occur
between TCP and socket layers, when both ends of the connection transmit
data.
The scenario is as follows:
* Both ends of the connection transmit data,
* Zephyr side send() call gets blocked due to filing the TX window
* The next incoming packet is data packet, not updating the RX window
on the peer side or acknowledging new data. The TCP layer will
attepmt to notify the new data to the socket layer, by calling the
registered callback. This will block the RX thread processing the TCP
layer, as the socket mutex is already acquired by the blocked send()
call.
* No further packets are processed until the socket mutex is freed,
which does not happen as the only way to unblock send() is process
a new ACK, either updating window size or a acknowledging data.
The connection stalls until send() times out.
The deadlock is not permament, as both threads get unlocked once send()
times out. It effectively breaks the active connection though.
Fix this, by unlocking the socket mutex for the time the send() call is
idle. Once the TCP layer notifies that the window is available again,
the mutex is acquired back.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Created the variable CONFIG_LWM2M_SERVER_DEFAULT_SSID to be
the default ssid when not using bootstrap. Needed for access control.
Signed-off-by: Ola Tangen Kulseng <ola.kulseng@nordicsemi.no>
Implementation of the access control object. Core object (obj_id 2).
If used without bootstrap, the default value in
CONFIG_LWM2M_SERVER_DEFAULT_SSID will be used as access control owner.
Enable/disable ac control with CONFIG_LWM2M_ACCESS_CONTROL_ENABLE.
Signed-off-by: Ola Tangen Kulseng <ola.kulseng@nordicsemi.no>
Move the CAN bus network driver from drivers/can to drivers/net as it
implements a network driver, not a CAN controller driver.
Use a separate Kconfig for enabling the CAN bus network driver instead of
piggybacking on the SocketCAN Kconfig. This allows for other
(e.g. out-of-tree) SocketCAN transports.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
In case LWM2M cient wants to change attrs of observed obj,
it needs pointer to client_ctx.
For example:
On observer add, wants to change pmin for some obj path to 1s:
static void observe_cb(enum lwm2m_observe_event event,
struct lwm2m_obj_path *path, void *user_data)
{
struct lwm2m_ctx *ctx = (struct lwm2m_ctx *) user_data;
switch (event) {
case LWM2M_OBSERVE_EVENT_OBSERVER_ADDED:
lwm2m_engine_update_observer_min_period(ctx, "3347", 1);
...
}
Signed-off-by: Kiril Petrov <retfie@gmail.com>
Give Kconfig choices symbols names so that they can be redefined in
applications that wants to alter the choice's default value without
setting it in the project configuration.
Signed-off-by: Simen S. Røstad <simen.rostad@nordicsemi.no>
Move OpenThread's glue code along with the Kconfig files that configure
OpenThread stack itself into module directory.
Update the maintainers file to reflect this change.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Following zephyr's style guideline, all if statements, including single
line statements shall have braces.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Removed auto select from LWM2M_DTLS_SUPPORT
* TLS_CREDENTIALS
* NET_SOCKETS_SOCKOPT_TLS
* NET_SOCKETS_ENABLE_DTLS
LwM2M stack shouldn't enforce these options as they
are not needed with socket offloading.
Signed-off-by: Juha Heiskanen <juha.heiskanen@nordicsemi.no>
COAP_DEFAULT_MAX_RETRANSMIT and COAP_DEFAULT_ACK_RANDOM_FACTOR
should be configurable to determine the max transmission
timeout of a CoAP packet.
Signed-off-by: Andreas Chmielewski <andreas.chmielewski@grandcentrix.net>
Created the file lwm2m_message_handling.c, to include all
code pertaining to CoAP and allocation and deletion of messages
in general.
Signed-off-by: Ola Tangen Kulseng <ola.kulseng@nordicsemi.no>
Created the file lwm2m_observation.c, to include
all code maintaining observations and parameter handling.
Signed-off-by: Ola Tangen Kulseng <ola.kulseng@nordicsemi.no>
Created the file lwm2m_registry.c to include the
getters and setters of values and the creation
and deletion of all lwm2m objects, resources
and instances. Refactored the registry part
of lwm2m_engine.h into lwm2m_registry.h.
Signed-off-by: Ola Tangen Kulseng <ola.kulseng@nordicsemi.no>
lwm2m: Regenerate lwm2m_senml code from the CDDL description.
Reapply manual changes.
Create a sh script to perform the regeneration.
tests: zcbor_bulk: Adapt to zcbor 0.5.1
zcbor_new_decode_state() now has no return value.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Path list was replaced accidentally with free list during refactoring.
This change does fix the issue.
Signed-off-by: Veijo Pesonen <veijo.pesonen@nordicsemi.no>
Some errors can occur in the sending process that have to be handled
in a polling fasion instead of blocking using semaphores. In this case
apply an exponentially growing backoff time. This will allow for fast
reactions in most situations and prevents high system loads in case
resolving the situation takes a little longer.
Signed-off-by: Sjors Hettinga <s.a.hettinga@gmail.com>
When an operation on the socket is not supported by the implementation,
which is the case for some drivers, set errno to a value that reflects
this situation rather than signalling an error with the file descriptor.
Signed-off-by: Ulf Lilleengen <lulf@redhat.com>
