We should use the NET_CONN_RANK() macro when printing the
current rank value as that macro masks the rank values properly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
This allows IPv4 and IPv6 share the same port space.
User can still control the behavior of the v4-mapping-to-v6
by using the IPV6_V6ONLY socket option at runtime.
Currently the IPv4 mapping to IPv6 is turned off by
default, and also the IPV6_V6ONLY is true by default which
means that IPv4 and IPv6 do not share the port space.
Only way to use v4-mapping-to-v6 is to enable the Kconfig
option and turn off the v6only socket option.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add Kconfig option to control TCP RST behavior on connection attempts on
unbound ports. If enabled, TCP stack will reply with RST packet (enabled
by default).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Send RST as a reply for unexpected TCP packets in the following
scenarios:
1) Unexpected ACK value received during handshake (connection still open
on the peer side),
2) Unexpected data packet on a listening port (accepted connection
closed),
3) SYN received on a closed port.
This allows the other end to detect that the connection is no longer
valid (for example due to reboot) and release the resources.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commits adds support for the SO_REUSEPORT socket option.
The implementation follows the behavior of BSD and tries to also follow
the specific additional features of linux with the following
limitations:
* SO_REUSEADDR and SO_REUSEPORT are not "the same" for client sockets,
as we do not have a trivial way so identify a socket as "client"
during binding. To get the Linux behavior, one has to use SO_REUSEPORT
with Zephyr
* No prevention of "port hijacking"
* No support for the load balancing stuff for incoming
packets/connections
There is also a new Kconfig option to control this feature, which is
enabled by default if TCP or UDP is enabled.
Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
The additional hooks provide infrastructure to construct
rules on another network stack levels. Main benefit of this
approach is packets are pre-parsed and e.g. IP filter is
easier to implement. These hooks are equivalent of prerouting
and local_in in linux's netfilter.
Signed-off-by: Marcin Gasiorek <marcin.gasiorek@nordicsemi.no>
When testing on qemu_x86_64 with e1000 Ethernet driver, there are
several crashes due to list management simultaneously executing on
different cores. Add mutexes similar to other parts on networking
stack, for example tcp_lock.
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
The net_core:process_data() and connection:net_conn_input() methods are
the central network packet reception pipeline which:
1) guide network packets through all network layers,
2) decode, validate and filter packages along the way and
3) distribute packages to connections/sockets on all layers.
This code seems to have grown complex and rather cluttered over time as
all protocols, layers and socket implementations meet there in one single
place.
The code also reveals its origin as a pure IP stack which makes it hard
to introduce non-IP protocols and their supporting socket infrastructure
in a modularized way.
For an outside contributor it seems almost impossible to add another
protocol, protocol layer, filter rule or socket implementation without
breaking things.
This change doesn't try to solve all issues at once. It focuses
exclusively on aspects that maintain backwards compatibility:
* Improve modularization and encapsulation on implementation level by
disentangling code that mixes up layers, protocols and socket
implementations.
* Make IP just one protocol among others by removing assymmetry in
protocol handling logic and introduce preprocessor markup so that
IP-specific code can be eliminated by the preprocessor if not needed.
* Use preprocessor markup to delineate hook points for future
modularization or expansion without introducing structural changes (as
this would almost certainly break the API).
* Reduce cyclomatic complexity, use positive rather than negative logic,
improve variable naming, replace if/elseif/else blocks with switches,
reduce variable span, introduce inline comments where code does not
speak for itself, etc. as much as possible to make the code overall
more human-friendly.
Background: These are preparative steps for the introduction of IEEE
802.15.RAW sockets, DGRAM sockets and sockets bound to PAN IDs and device
addresses similar to what the Linux kernel does.
Signed-off-by: Florian Grandel <jerico.dev@gmail.com>
Rename the SocketCAN header from socket_can.h to socketcan.h to better
match the naming of the functionality.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
Logging v1 has been removed and log_strdup wrapper function is no
longer needed. Removing the function and its use in the tree.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Datagram AF_PACKET sockets were not processed properly by the net stack.
Instead of receving a packet already processed L2, and thus with L2
header trimmed, it was receiving a raw, unprocessed packet.
Fix this by calling net_packet_socket_input() for the second time, after
L2 has processed the packet. An updated connection handler module will
forward the packet correctly based on the corresponding socket type and
packet L2 processing status.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In order to bring consistency in-tree, migrate all subsystems code to
the new prefix <zephyr/...>. Note that the conversion has been scripted,
refer to zephyrproject-rtos#45388 for more details.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Replace unpacked in6_addr structures with raw buffers in net_ipv6_hdr
struct, to prevent compiler warnings about unaligned access.
Remove __packed parameter from `struct net_6lo_context` since the
structure isn't really serialized.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Replace unpacked in_addr structures with raw buffers in net_ipv4_hdr
struct, to prevent compiler warnings about unaligned access.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
By default ICMP desination unreachable error packets are generated when
input packets target ports that are not in a listening state. This not
only reveals the presence of the host on the network which may be
considered a security vulnerability depending on the application, it
also ends up triggering ARP lookups to respond to the sending host. With
a small ARP table and a network where there may be broadcast (or
multicast) service discovery traffic such as mDNS or uPnP, ARP table
thrashing can occur impacting network stack performance.
Signed-off-by: Berend Ozceri <berend@recogni.com>
If there are no sockets in the system, then do not drop the
packet immediately as there can be other L2 network handlers
like gPTP in the system. This will also allow ICMP messages
to pass to local handler.
Fixes#34865
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Implement SO_BINDTODEVICE socket option which allows to bind an open
socket to a particular network interface. Once bound, the socket will
only send and receive packets through that interface.
For the TX path, simply avoid overwriting the interface pointer by
net_context_bind() in case it's already bound to an interface with an
option. For the RX path, drop the packet in case the connection handler
detects that the net_context associated with that connection is bound to
a different interface that the packet origin interface.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
With these changes, dial up Zephyr application/driver can use
socket(AF_PACKET, SOCK_RAW, IPPROTO_RAW) for creating
a socket for sending/receiving data to/from ppp net link, i.e.
packet is going to/from PPP L2.
Signed-off-by: Jani Hirsimäki <jani.hirsimaki@nordicsemi.no>
This patch brings support for AF_PACKET and SOCK_RAW type of sockets.
In net_conn_input() function the new flag has been introduced -
'raw_pkt_continue' to indicate if there are other than AF_PACKET
connections registered.
If we do not have other connections than AF_PACKET, the packet is
solely handled in net_conn_input() (or to be more specific in its
helper function - conn_raw_socket()).
Otherwise, it is passed back to net_conn_input in IPv4/6 processing.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
The new function - namely conn_raw_socket(); has been introduced to
handle raw sockets processing. Its code, up till now, only was
executed when IS_ENABLED(CONFIG_NET_SOCKETS_PACKET) was defined.
After this change it can be reused when one would like to handle
raw sockets also when CONFIG_NET_{UDP|TCP} are enabled.
Signed-off-by: Lukasz Majewski <lukma@denx.de>
If there is no handler for IPv4 broadcast packet, then ignore it
instead of trying to send an ARP message to resolve the senders
address.
Fixes#21016
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Allow user to create SOCK_DGRAM type AF_PACKET socket. This
allows user to send raw IP packets without specifying
L2 (like Ethernet) headers.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we have multiple network interfaces and we are waiting incoming
network packets, make sure to honor the bind of the socket so that
correct socket will receive data in certain network interface.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If the system has more than one network interface, then it should
be possible to bind a AF_PACKET socket to each interface if the
network interface index is set when bind() is called. This was
not possible earlier as the code was always using default network
interface with AF_PACKET socket bind().
Fixes#23153
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we receive a multicast IPv4 or IPv6 packet, then we need to
deliver it to all sockets that have installed a handler for it.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
move misc/util.h to sys/util.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
At the moment there is no real address for local CANBUS socket,
but we can still set protocol family of local socket to AF_CAN
so that for example net-shell "net conn" command can show
information about it.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
- renaming functions to better names
- reordering functions place (register, then unregister for instance)
- centralizing logs to relevant place
Fixes#8722
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Also, there is no need for unspecified address bit. If specified address
bit is not set, then it will be obvious address is unspecified. Reducing
the amount of bits from 6 to 4.
This permits to reduce net_conn structure of 4 bytes. Its size is as
before indroducing node attribute.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
This will optimize path when unused an connection is required or when
looking up a used one.
That said, at this stage, it bloats up the net_conn structure with 4
added bytes. More optimization will overcome this drawback.
Fixes#8722
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Most of present #ifdef can be removed via using IS_ENABLED() macro.
Only small part of cache related logic still require #ifdef.
Fixes#8722
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
There were various flaws in it that motivated its removal:
- No hash collision handling mechanism. In case that would happen, the
behavior of the network connection would be unknown. This is the main
drawback
- The lookup is not that much more efficient than the default one. The
only difference of gain is in connection comparison (a u32t comparison
vs a full connection compare). But the list handling is the same. It's
made worse by the presence of a negatives match array which can be
easily filled in and becomes then fully usless, appart from consuming
CPU. As well as adding a new connection: it requires the whole cache
to be cleared which is unefficient.
- Not memory efficient, even compared to a proper hash table.
Two arrays instead of one etc...
All of this could be fixed by using a proper hash table, though it
remains to be seen if such object could fit in Zephyr core.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Fix regression and allow incoming packet when source and
destination port numbers are the same.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
No need to enable IPv4 any more as that is now optional.
This saves some memory as the application can work without
IPv4, IPv6, UDP or TCP.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The function did not take the address family into account
when printing protocol name. The protocol value depends on
address family.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This commit adds basic packet socket support to net_context and
allows application to receive or send network packets in raw
format.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
As we are adding more protocol families and protocol types
to connection handlers, some values might be same across
different types. Current connection handler only stores
proto type to match the handler, which is not enough if
we add more types. Also combination of family and types
may vary too. So adding family to connection handler to
figure out best match.
Also changing proto variable in net_conn from u8_t to u16_t.
net_context has 16 bit proto.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Though these are currently used by the core only, it will be then used
by net_context as well. This one of the steps to get rid of net_pkt's
appdata/appdatalen attributes.
Also normalizing all ip/proto parameters name to ip_hdr and proto_hdr.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
As these were parsed already by IPv4/6 input functions let's use them.
Applying the change on trivial UDP usage. TCP usage will have its own
commit.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Verifying udp/tcp checksum should be done before calling this function.
Also, up to ipv4 and ipv6 to provide a pointer to their respective
header.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
