Utilize a code spell-checking tool to scan for and correct spelling errors
in all files within the `subsys/net/ip` directory.
Signed-off-by: Pisit Sawangvonganan <pisit@ndrsolution.com>
Supplicant create AF_PACKET proto ETH_P_PAE socket but receive other
frames like ICMP, UDP and causes following issues.
1. When frame len exceeds MTU, net_pkt_clone cannot clone pkt.
Thus dropped it and print warning log.
2. It will lower throughput performance as every packet is cloned.
Fix it by conn_raw_socket does not deliver pkts protocol not macted,
after l2 processed, unless conn is all packets.
Signed-off-by: Fengming Ye <frank.ye@nxp.com>
Running out of connection contexts is most likely due to app
misconfiguration, therefore it's useful to get an explicit information
that context allocation failed.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commit adds the new internal function for update the callback,
user data, remote address, and port for a registered connection
handle.
Signed-off-by: Takuya Sasaki <takuya.sasaki@spacecubics.com>
This commit adds the new static function for change the remote
address and port to connection, and replaces the changing process
for remote address and port in net_conn_register().
Signed-off-by: Takuya Sasaki <takuya.sasaki@spacecubics.com>
The net_conn_change_callback() is not currently being called by
anyone, so this commit moves to static function, and replaces
the change callback parameter process in net_conn_register().
Signed-off-by: Takuya Sasaki <takuya.sasaki@spacecubics.com>
Iterating over connection list w/o mutex lock could lead to a crash on
constant incoming packet flow. Fix this by:
1. Adding mutex lock when iterating over an active connection list, to
prevent list corruption.
2. Create a copy of the callback and user data pointers before releasing
lock, to prevent NULL pointer dereference in case connection is
released before callback is executed.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
We should use the NET_CONN_RANK() macro when printing the
current rank value as that macro masks the rank values properly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
This allows IPv4 and IPv6 share the same port space.
User can still control the behavior of the v4-mapping-to-v6
by using the IPV6_V6ONLY socket option at runtime.
Currently the IPv4 mapping to IPv6 is turned off by
default, and also the IPV6_V6ONLY is true by default which
means that IPv4 and IPv6 do not share the port space.
Only way to use v4-mapping-to-v6 is to enable the Kconfig
option and turn off the v6only socket option.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add Kconfig option to control TCP RST behavior on connection attempts on
unbound ports. If enabled, TCP stack will reply with RST packet (enabled
by default).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Send RST as a reply for unexpected TCP packets in the following
scenarios:
1) Unexpected ACK value received during handshake (connection still open
on the peer side),
2) Unexpected data packet on a listening port (accepted connection
closed),
3) SYN received on a closed port.
This allows the other end to detect that the connection is no longer
valid (for example due to reboot) and release the resources.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commits adds support for the SO_REUSEPORT socket option.
The implementation follows the behavior of BSD and tries to also follow
the specific additional features of linux with the following
limitations:
* SO_REUSEADDR and SO_REUSEPORT are not "the same" for client sockets,
as we do not have a trivial way so identify a socket as "client"
during binding. To get the Linux behavior, one has to use SO_REUSEPORT
with Zephyr
* No prevention of "port hijacking"
* No support for the load balancing stuff for incoming
packets/connections
There is also a new Kconfig option to control this feature, which is
enabled by default if TCP or UDP is enabled.
Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
The additional hooks provide infrastructure to construct
rules on another network stack levels. Main benefit of this
approach is packets are pre-parsed and e.g. IP filter is
easier to implement. These hooks are equivalent of prerouting
and local_in in linux's netfilter.
Signed-off-by: Marcin Gasiorek <marcin.gasiorek@nordicsemi.no>
When testing on qemu_x86_64 with e1000 Ethernet driver, there are
several crashes due to list management simultaneously executing on
different cores. Add mutexes similar to other parts on networking
stack, for example tcp_lock.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
The net_core:process_data() and connection:net_conn_input() methods are
the central network packet reception pipeline which:
1) guide network packets through all network layers,
2) decode, validate and filter packages along the way and
3) distribute packages to connections/sockets on all layers.
This code seems to have grown complex and rather cluttered over time as
all protocols, layers and socket implementations meet there in one single
place.
The code also reveals its origin as a pure IP stack which makes it hard
to introduce non-IP protocols and their supporting socket infrastructure
in a modularized way.
For an outside contributor it seems almost impossible to add another
protocol, protocol layer, filter rule or socket implementation without
breaking things.
This change doesn't try to solve all issues at once. It focuses
exclusively on aspects that maintain backwards compatibility:
* Improve modularization and encapsulation on implementation level by
disentangling code that mixes up layers, protocols and socket
implementations.
* Make IP just one protocol among others by removing assymmetry in
protocol handling logic and introduce preprocessor markup so that
IP-specific code can be eliminated by the preprocessor if not needed.
* Use preprocessor markup to delineate hook points for future
modularization or expansion without introducing structural changes (as
this would almost certainly break the API).
* Reduce cyclomatic complexity, use positive rather than negative logic,
improve variable naming, replace if/elseif/else blocks with switches,
reduce variable span, introduce inline comments where code does not
speak for itself, etc. as much as possible to make the code overall
more human-friendly.
Background: These are preparative steps for the introduction of IEEE
802.15.RAW sockets, DGRAM sockets and sockets bound to PAN IDs and device
addresses similar to what the Linux kernel does.
Signed-off-by: Florian Grandel <jerico.dev@gmail.com>
Rename the SocketCAN header from socket_can.h to socketcan.h to better
match the naming of the functionality.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
Logging v1 has been removed and log_strdup wrapper function is no
longer needed. Removing the function and its use in the tree.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Datagram AF_PACKET sockets were not processed properly by the net stack.
Instead of receving a packet already processed L2, and thus with L2
header trimmed, it was receiving a raw, unprocessed packet.
Fix this by calling net_packet_socket_input() for the second time, after
L2 has processed the packet. An updated connection handler module will
forward the packet correctly based on the corresponding socket type and
packet L2 processing status.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In order to bring consistency in-tree, migrate all subsystems code to
the new prefix <zephyr/...>. Note that the conversion has been scripted,
refer to zephyrproject-rtos#45388 for more details.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Replace unpacked in6_addr structures with raw buffers in net_ipv6_hdr
struct, to prevent compiler warnings about unaligned access.
Remove __packed parameter from `struct net_6lo_context` since the
structure isn't really serialized.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Replace unpacked in_addr structures with raw buffers in net_ipv4_hdr
struct, to prevent compiler warnings about unaligned access.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
By default ICMP desination unreachable error packets are generated when
input packets target ports that are not in a listening state. This not
only reveals the presence of the host on the network which may be
considered a security vulnerability depending on the application, it
also ends up triggering ARP lookups to respond to the sending host. With
a small ARP table and a network where there may be broadcast (or
multicast) service discovery traffic such as mDNS or uPnP, ARP table
thrashing can occur impacting network stack performance.
Signed-off-by: Berend Ozceri <berend@recogni.com>
If there are no sockets in the system, then do not drop the
packet immediately as there can be other L2 network handlers
like gPTP in the system. This will also allow ICMP messages
to pass to local handler.
Fixes#34865
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Implement SO_BINDTODEVICE socket option which allows to bind an open
socket to a particular network interface. Once bound, the socket will
only send and receive packets through that interface.
For the TX path, simply avoid overwriting the interface pointer by
net_context_bind() in case it's already bound to an interface with an
option. For the RX path, drop the packet in case the connection handler
detects that the net_context associated with that connection is bound to
a different interface that the packet origin interface.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
With these changes, dial up Zephyr application/driver can use
socket(AF_PACKET, SOCK_RAW, IPPROTO_RAW) for creating
a socket for sending/receiving data to/from ppp net link, i.e.
packet is going to/from PPP L2.
Signed-off-by: Jani Hirsimäki <jani.hirsimaki@nordicsemi.no>
This patch brings support for AF_PACKET and SOCK_RAW type of sockets.
In net_conn_input() function the new flag has been introduced -
'raw_pkt_continue' to indicate if there are other than AF_PACKET
connections registered.
If we do not have other connections than AF_PACKET, the packet is
solely handled in net_conn_input() (or to be more specific in its
helper function - conn_raw_socket()).
Otherwise, it is passed back to net_conn_input in IPv4/6 processing.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
The new function - namely conn_raw_socket(); has been introduced to
handle raw sockets processing. Its code, up till now, only was
executed when IS_ENABLED(CONFIG_NET_SOCKETS_PACKET) was defined.
After this change it can be reused when one would like to handle
raw sockets also when CONFIG_NET_{UDP|TCP} are enabled.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
If there is no handler for IPv4 broadcast packet, then ignore it
instead of trying to send an ARP message to resolve the senders
address.
Fixes#21016
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Allow user to create SOCK_DGRAM type AF_PACKET socket. This
allows user to send raw IP packets without specifying
L2 (like Ethernet) headers.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we have multiple network interfaces and we are waiting incoming
network packets, make sure to honor the bind of the socket so that
correct socket will receive data in certain network interface.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If the system has more than one network interface, then it should
be possible to bind a AF_PACKET socket to each interface if the
network interface index is set when bind() is called. This was
not possible earlier as the code was always using default network
interface with AF_PACKET socket bind().
Fixes#23153
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we receive a multicast IPv4 or IPv6 packet, then we need to
deliver it to all sockets that have installed a handler for it.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
move misc/util.h to sys/util.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
At the moment there is no real address for local CANBUS socket,
but we can still set protocol family of local socket to AF_CAN
so that for example net-shell "net conn" command can show
information about it.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
- renaming functions to better names
- reordering functions place (register, then unregister for instance)
- centralizing logs to relevant place
Fixes#8722
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Also, there is no need for unspecified address bit. If specified address
bit is not set, then it will be obvious address is unspecified. Reducing
the amount of bits from 6 to 4.
This permits to reduce net_conn structure of 4 bytes. Its size is as
before indroducing node attribute.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
This will optimize path when unused an connection is required or when
looking up a used one.
That said, at this stage, it bloats up the net_conn structure with 4
added bytes. More optimization will overcome this drawback.
Fixes#8722
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Most of present #ifdef can be removed via using IS_ENABLED() macro.
Only small part of cache related logic still require #ifdef.
Fixes#8722
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
There were various flaws in it that motivated its removal:
- No hash collision handling mechanism. In case that would happen, the
behavior of the network connection would be unknown. This is the main
drawback
- The lookup is not that much more efficient than the default one. The
only difference of gain is in connection comparison (a u32t comparison
vs a full connection compare). But the list handling is the same. It's
made worse by the presence of a negatives match array which can be
easily filled in and becomes then fully usless, appart from consuming
CPU. As well as adding a new connection: it requires the whole cache
to be cleared which is unefficient.
- Not memory efficient, even compared to a proper hash table.
Two arrays instead of one etc...
All of this could be fixed by using a proper hash table, though it
remains to be seen if such object could fit in Zephyr core.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Fix regression and allow incoming packet when source and
destination port numbers are the same.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
No need to enable IPv4 any more as that is now optional.
This saves some memory as the application can work without
IPv4, IPv6, UDP or TCP.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
