Moving the Zephyr specific config options from
modules/hostap/Kconfig to corresponding Kconfig where the
option is specified.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
When the protocol layer like TCP is blocking transmission, the socket
layer will attempt and wait for a maximum amount of time before returning
with an ENOBUFS error.
This change allows to set the maximum waiting time from the configuration
file instead of using a fixed 10 second value.
Signed-off-by: Sjors Hettinga <s.a.hettinga@gmail.com>
Updates NET_SOCKETS_TLS_MAX_APP_PROTOCOLS Kconfig option description to use
DTLS instead of DTL.
Signed-off-by: Daniel Mangum <georgedanielmangum@gmail.com>
When the target board does not have heap by default, allows
statically reserving the space for required socketpairs.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Socketpair functionality has matured enough to be used in a
consistent way now regardless of architecture or platform,
even on `native_posix`.
Remove the experimental status to reflect that.
Signed-off-by: Chris Friedt <cfriedt@meta.com>
Introducing additional socket implementations is rather involved right
now due to some more or less convoluted code that had grown over time.
This change introduces an additional configuration variable in preparation
for additional socket API drivers. The idea is to reduce redundant code
and make existing code more readable by better exposing its actual intent.
Signed-off-by: Florian Grandel <jerico.dev@gmail.com>
This new implementation of pipes has a number of advantages over the
previous.
1. The schedule locking is eliminated both making it safer for SMP
and allowing for pipes to be used from ISR context.
2. The code used to be structured to have separate code for copying
to/from a wating thread's buffer and the pipe buffer. This had
unnecessary duplication that has been replaced with a simpler
scatter-gather copy model.
3. The manner in which the "working list" is generated has also been
simplified. It no longer tries to use the thread's queuing node.
Instead, the k_pipe_desc structure (whose instances are on the
part of the k_thread structure) has been extended to contain
additional fields including a node for use with a linked list. As
this impacts the k_thread structure, pipes are now configurable
in the kernel via CONFIG_PIPES.
Fixes#47061
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
Socket offloading has been in the tree for a while and improved a lot
over time (from a simple define-based API override to a complex
vtable-based solution, supporting mutliple offloaded interfaces). As the
feature is heavily used by certain vendors (Nordic and its nRF Connect
SDK), I propose to move it out of experimental phase.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Introduce TLS socket options, which allow to configure session caching
on a socket.
The cache can be enabled on a socket with TLS_SESSION_CACHE option.
Once cache is enabled on a socket, the session will be stored for re-use
after a sucessfull handshake. If a socket is attempting to connect to a
host for which session is stored, the session will be resumed and mbed
TLS will attempt to use a simplified handshake procedure.
The server-side management of sessions is fully controlled by mbed TLS
after session caching is enabled on a socket.
The other TLS_SESSION_CACHE_PURGE option allows to clear all of the
cache entries, releasing the memory allocated for sessions.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In some cases (for examples when offloaded socket implementation does
not implement TLS functionality) it could be desired to create a native
TLS socket with an underlying offloaded socket.
This cannot be achieved with SO_BINDTODEVICE option only, as TLS socket
type is not really associated with a particular interface - it either
has to be offloaded, or a fully native socket is created (native TLS on
a native interface).
In order to address the problem, introduce TLS_NATIVE socket option.
This option instructs the socket dispatcher layer to create a native TLS
socket. As with the socket dispatcher the underlying socket
implementation is not decided during TLS socket creation, therefore it's
possible to use SO_BINDTODEVICE to choose either native or offloaded
interface for the underlying socket.
Additionally remove NET_SOCKETS_OFFLOAD_TLS Kconfig option, as it's no
longer needed with an runtime option to select whether to offload TLS or
not.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add an intermediate socket implementation called socket dispatcher. This
layer can be used along with the socket offloading, to postpone the
actual socket creation until a first operation on a socket is executed.
This approach leaves an opening to bind a socket to a particular
offloaded network interface, and thus offloaded socket implementation,
using SO_BINDTODEVICE socket option. Thanks to this, it is now possible
to use multiple offloaded sockets implementations along with native
sockets, and easily select which socket should use with network
interface (even if it's an offloaded interface).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This option will be used as default socket priority by offloaded socket
drivers.
Describe how to prioritize native TLS over offloaded TLS (and vice
versa) using sockets priorities.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
According to Kconfig guidelines, boolean prompts must not start with
"Enable...". The following command has been used to automate the changes
in this patch:
sed -i "s/bool \"[Ee]nables\? \(\w\)/bool \"\U\1/g" **/Kconfig*
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
With the introduction of `EXPERIMENTAL` and `WARN_EXPERIMENTAL` in
Zephyr all subsys/net and drivers/ethernet/Kconfig.e1000 settings
having `[EXPERIMENTAL]` in their prompt has has been updated to include
`select EXPERIMENTAL` so that developers can enable warnings when
experimental features are enabled.
The following settings has EXPERIMENTAL removed as they are considered
mature:
- NET_OFFLOAD
- NET_PROMISCUOUS_MODE
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
When creating a socket, all of the registered socket implementation are
processed in a sequence, allowing to find appropriate socket
implementation for specified family/type/protocol. So far however,
the order of processing was not clearly defined, leaving ambiguity if
multiple implmentations supported the same set of parameters.
Fix this, by registering socket priority along with implementation. This
makes the processing order of particular socket implementations
explicit, giving more flexibility to the user, for example when it's
neeed to prioritze one implementation over another if they support the
same set of parameters.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Zephyr socket subsystem has come a long way since initial experimental
alternative to internal Zephyr networking API. Its configuration also
mirrors the usual conservative approach, where a user needs to
explicitly enable options to get "more" features. And as an
experimental API, socket subsystem was initially developed as
namespaced API, where all functions/structures are prefixed with
"zsock_", and to get standard names, CONFIG_NET_SOCKETS_POSIX_NAMES
needs to be set (or alternatively, CONFIG_POSIX_API needs to be, which
enabled full POSIX subsys overall).
However, a few years later, sockets are the standard networking API,
and in majority of cases its used under the standard POSIX names.
Necessity to explicitly set an option to achieve this effects, and
confusion which results from it - are just unneeded chores for users.
So, switch CONFIG_NET_SOCKETS_POSIX_NAMES to be on by default (unless
CONFIG_POSIX_API is already defined). It still can be explicitly
disabled if needed (but usecases for that would be peculiar and rare).
Addresses #34165
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
With these changes, dial up Zephyr application/driver can use
socket(AF_PACKET, SOCK_RAW, IPPROTO_RAW) for creating
a socket for sending/receiving data to/from ppp net link, i.e.
packet is going to/from PPP L2.
Signed-off-by: Jani Hirsimäki <jani.hirsimaki@nordicsemi.no>
Call mbedtls_ssl_conf_max_frag_len() on created TLS context
configuration, so that Maximum Fragment Length (MFL) will be sent to
peer using RFC 6066 max_fragment_length extension. MFL value is
automatically chosen based on MBEDTLS_SSL_OUT_CONTENT_LEN and
MBEDTLS_SSL_IN_CONTENT_LEN mbed TLS macros.
This extension is mostly useful for TLS client side to tell TLS server
what is the maximum supported receive record length.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Adds the socket option TLS_ALPN_LIST for SOL_TLS sockets
Passes the configured alpn list to the mbedtls config
on mbedtls init
Signed-off-by: Emil Hammarstrom <emil.hammarstrom@assaabloy.com>
This new option allows to include `sockets_tls.c` into the build when
socket offloading is enabled.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Allow user to create SOCK_DGRAM type AF_PACKET socket. This
allows user to send raw IP packets without specifying
L2 (like Ethernet) headers.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This is no longer required since drivers implementing the sockets
offload interface were migrated to use pure zsock_ instead of
raw POSIX types and functions.
Signed-off-by: Adam Porter <porter.adam@gmail.com>
When is NET_SOCKETS_SOCKOPT_TLS set, it should set TLS_CREDENTIALS
even when NET_NATIVE=n, so that platforms that use socket offloading
can continue to set TLS credentials.
We are now setting this via 'imply' instead of 'select', so that
prj.conf can opt out if necessary.
Fixes#22390
Signed-off-by: Vincent Wan <vincent.wan@linaro.org>
Sort out mbedTLS dependencies in sockets Kconfig. mbedTLS will now
be enabled when TLS sockets and native network stack are enabled.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Use this short header style in all Kconfig files:
# <description>
# <copyright>
# <license>
...
Also change all <description>s from
# Kconfig[.extension] - Foo-related options
to just
# Foo-related options
It's clear enough that it's about Kconfig.
The <description> cleanup was done with this command, along with some
manual cleanup (big letter at the start, etc.)
git ls-files '*Kconfig*' | \
xargs sed -i -E '1 s/#\s*Kconfig[\w.-]*\s*-\s*/# /'
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Clean up space errors and use a consistent style throughout the Kconfig
files. This makes reading the Kconfig files more distraction-free, helps
with grepping, and encourages the same style getting copied around
everywhere (meaning another pass hopefully won't be needed).
Go for the most common style:
- Indent properties with a single tab, including for choices.
Properties on choices work exactly the same syntactically as
properties on symbols, so not sure how the no-indentation thing
happened.
- Indent help texts with a tab followed by two spaces
- Put a space between 'config' and the symbol name, not a tab. This
also helps when grepping for definitions.
- Do '# A comment' instead of '#A comment'
I tweaked Kconfiglib a bit to find most of the stuff.
Some help texts were reflowed to 79 columns with 'gq' in Vim as well,
though not all, because I was afraid I'd accidentally mess up
formatting.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Rename the socket_can implementation from CANBUS to CANBUS_RAW.
This is a preperation for 6LoCAN which is a CANBUS L2 for IPv6.
Signed-off-by: Alexander Wachter <alexander.wachter@student.tugraz.at>
Allow application to listen network management events using
BSD socket API. Application needs to create the socket using
AF_NET_MGMT address family. At this point we only support
receiving network management events that the network subsystem
is sending.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Current socket connect call implementation always takes
K_FOREVER timeout value, which blocks TCP connections
in case failure. TCP connections waits until it receives
SYN ACK. If there is no SYC ACK means, connect call is
blocked forever.
Added a Kconfig option to define timeout value. Default
value is 3000 milliseconds. User can modify it.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
We need to dispatch the received CAN frame if there are multiple
sockets interested in the same CAN-IDs.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
These options are mutually exclusive, or more specifically,
CONFIG_POSIX_API has wider scope and supersedes
CONFIG_NET_SOCKETS_POSIX_NAMES. Implementation-wise, the two
options should not be defined at the same time, as that may
lead to declaration conflicts.
Fixes: #16141
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
If for some reason the DNS resolver callback is not called properly
then make sure that semaphore will not block forever.
Fixes#15197
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This is basically a dummy layer that just passes data through.
It is needed so that we can create CANBUS type network interface
to the system.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This allows user to create a CAN socket and to read/write data
from it. From the user point of view, the BSD socket CAN support
works same way as in Linux.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This commit adds packet socket support to socket api.
This version supports basic packet socket features.
Protocol family is AF_PACKET, type of socket is
SOCK_RAW and proto type is ETH_P_ALL. The user will
receive every packet (with L2 header) on the wire.
For TX, the subsystem expects that the user has set
all the protocol headers (L2 and L3) properly.
Networking subsystem doesn't verify or alter the headers while
sending or receiving the packets. This version supports packet
socket over Etherent only. Also combination of other family
and protocols doesn't work (i.e. Application can not open
packet-socket and non packet-socket together).
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Currently there is a mixed approach in prefixes from mbedTLS
configuration (MBEDTLS_ and TLS_). The latter was used in generic config
file and could bring up confusion that it can only be used with TLS
subsystem. Hence unify the approach to MBEDTLS_ prefix to avoid such
confusion.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Adding spaces around "=" when definining Kconfig template so
that is more consistent with overall style of these template
variables.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This patch enables BSD socket offload to a dedicated
TCP/IP offload engine.
This provides a simpler, more direct mechanism than going
through NET_OFFLOAD (zsock -> net_context -> socket conversions)
for those devices which provide complete TCP/IP offload at the
BSD socket level, and whose use cases do not require
IP routing between multiple network interfaces.
To use, configure CONFIG_NET_SOCKETS_OFFLOAD=y, and register
socket_offload_ops with this module.
Fixes#3706
Signed-off-by: Gil Pitney <gil.pitney@linaro.org>
Specify timeout value for mbedtls_ssl_read function for DTLS servers.
Adding this can prevent TLS context lockup in case blocking recv is used
and peer has shut down DTLS connection without closing it gracefully.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
- Remove redundant 'n' defaults. 'n' is the default value for bool
symbols.
This makes the auto-generated documentation clearer as well: You get
"implicitly defaults to n" instead of
"- n if <propagated dependencies>".
- Shorten
<type>
prompt "foo"
to
<type> "foo"
This works for all types, not just bool.
- Various formatting nits.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Add TLS secure socket option that enables to narrow list of ciphersuites
available for TLS connection.
This option accepts an array of integers with IANA assigned ciphersuite
identifiers and returns such.
By default, every statically configured ciphersuite is available for a
socket and getsockopt returns an array of these.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS secure socket option to select TLS credentials to use.
This option accepts and returns an array of sec_tag_t that indicate
which TLS credentials should be used with specific socket.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
