Add new TLS socket option, TLS_CERT_VERIFY_CALLBACK, which allows to
register an application callback to verify certificates obtained during
the TLS handshake.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Turn the MBEDTLS_RSA_FULL selects into depends on.
This is how the other MBEDTLS_KEY_EXCHANGE_* Kconfig options are defined.
This is done to avoid circular dependencies.
At the same time update uses of the affected MBEDTLS_KEY_EXCHANGE_*
Kconfig options to enable/disable the dependencies which used to be
automatically handled.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Increased the heap mempool size for the socketpairs. This way there will
be enough memory available to allocate 2 * struct spair.
Signed-off-by: Ibe Van de Veire <ibe.vandeveire@basalte.be>
According to `f9901e8e` and validated by testing, the supplicant only
use case only requires 4 socket pairs. 6 pairs are required for the
`hostapd` use case.
Signed-off-by: Jordan Yates <jordan@embeint.com>
Introduce changes in the networking stack which allow to create raw IP
sockets, so that applications can send and receive raw IP datagrams.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Replaced the k_pipe-based implementation in sockpair with ring_buffer
based implementation instead.
The move to ring_buffer is done to avoid overhead of k_pipe and to align
with the new k_pipe API.
This does not pose any added risk to concurrency as the read and write
functions are protected by semaphores for both spairs.
Signed-off-by: Måns Ansgariusson <Mansgariusson@gmail.com>
Latest supplicant uses 1K buffer size for sending control message via
socketpair, so reducing the NET_SOCKETPAIR_BUFFER_SIZE to save memory
footprint. There are 4 socketpairs for supplicant only case, and 6
socketpairs for hostapd case, update the heap size correspondingly.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Don't check 'HEAP_MEM_POOL_SIZE != 0', as HEAP_MEM_POOL_SIZE might be 0,
but HEAP_MEM_POOL_ADD_SIZE_xxx is defined, which means the actual heap
size is not zero. So check KERNEL_MEM_POOL instead.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
The deprecated CONFIG_NET_SOCKETS_POSIX_NAMES option is removed.
If one wishes to use POSIX API socket calls, then CONFIG_POSIX_API
option needs to be enabled.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
As the socket service API is currently used by mutiple applications
(dhcpv4 server, dns, telnet), it should be marked as unstable,
according to the docs:
https://docs.zephyrproject.org/latest/develop/api/api_lifecycle.html
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
CONFIG_ZVFS_POLL_MAX is now used to control the maximum number of poll()
entires. Thereby, CONFIG_NET_SOCKETS_POLL_MAX is redundant and shall
be deprecated.
Modify the defaults for NET_SOCKETS_POLL_MAX and ZVS_POLL_MAX so that
the deprecation actually makes sense instead of symbol removal. In case
the application still sets the old config, it will modify the
ZVS_POLL_MAX default.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
Move the implementation of zsock_select() to zvfs_select(). This
allows other types of file descriptors to also make use of
select() functionality even when the network subsystem is not
enabled.
Additionally, it partially removes a dependency cycle between
posix and networking by moving functionality into a mutual
dependency.
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
Move the implementation of zsock_poll to zvfs_poll. This allows
other types of file descriptors to also make use of poll()
functionality even when the network subsystem is not enabled.
Additionally, it partially removes a dependency cycle between
posix and networking by moving functionality into a mutual
dependency.
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
The dispatcher table needs to be large enough to have support
for all file descriptor values.
Fixes#79042
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The memory allocation for socketpairs is not conformant to the new
MEM_POOL_ADD_SIZE_ mechanism for allocating heap memory.
Specifically CONFIG_NET_SOCKETPAIR_HEAP can not be selected unless
the user has specified CONFIG_HEAP_MEM_POOL_SIZE. We should be
using MEM_POOL_ADD_SIZE_ to add to the heap if the user wants to
use it for socketpair allocation.
Additionally increase the size of pre-allocated sockets to 8 from 1
to support larger devices by default, taking into consideration the
required socketpairs and buffer sizes when using
WIFI_NM_WPA_SUPPLICANT.
Signed-off-by: Bjarki Arge Andreasen <bjarki.andreasen@nordicsemi.no>
Utilize a code spell-checking tool to scan for and correct spelling errors
in all files within the `subsys/net/lib` directory.
Signed-off-by: Pisit Sawangvonganan <pisit@ndrsolution.com>
This reverts commit 93973e2ead.
PR #73978 introduced a regression.
Unfortunately this PR cannot be reverted without reverting also
Let's revert both PRs to stabilize main again towards the 3.7 release.
For more details on the issue see
https://github.com/zephyrproject-rtos/zephyr/issues/75205
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
This reverts commit 49ac1912b2.
PR #73978 introduced a regression.
Unfortunately this PR cannot be reverted without reverting also
Let's revert both PRs to stabilize main again towards the 3.7 release.
For more details on the issue see
https://github.com/zephyrproject-rtos/zephyr/issues/75205
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Move the implementation of zsock_select() to zvfs_select(). This
allows other types of file descriptors to also make use of
select() functionality even when the network subsystem is not
enabled.
Additionally, it partially removes a dependency cycle between
posix and networking by moving functionality into a mutual
dependency.
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
Move the implementation of zsock_poll to zvfs_poll. This allows
other types of file descriptors to also make use of poll()
functionality even when the network subsystem is not enabled.
Additionally, it partially removes a dependency cycle between
posix and networking by moving functionality into a mutual
dependency.
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
Add a note about the thread priority requirements in the help string of
the Kconfig option enabling net_mgmt sockets.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Tests showed that mDNS responder needs slightly more stack on certain
platforms, hence increase the default for such case.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add proper PSA_WANT kconfigs for TLS sockets and RSA key exchanges
when CONFIG_PSA_CRYPTO_CLIENT is set.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Do not depend on init level but start the socket service
already in net core init because DNS init code depends on
socket service API to be ready to serve. And we call DNS
init at the net core init.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
In an effort to shave off code size, remove out-of-the-box
enabling of crypto features (except SHA-256).
Configurations are adjusted to enable what they need.
Bonuses:
- When enabled, AES now defaults to using a smaller version
(`CONFIG_MBEDTLS_AES_ROM_TABLES` isn't default enabled anymore,
and if enabled, `CONFIG_MBEDTLS_AES_FEWER_TABLES` defaults to y).
- Conditions around Mbed TLS Kconfig options have been improved
to reflect the reality of the dependencies.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Add checks to make sure that we are not trying to use the socket
service library with eventfd if CONFIG_POSIX_API is not set and if
using native_sim based board. The reason is that we should always
use zephyr libc based eventfd implementation instead of host libc one.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
TLS socket have now been in Zephyr for a few years already and are
widely adopted across the codebase. Given above, they should no longer
be considered an experimental feature.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The CONFIG_NET_SOCKETS_POSIX_NAMES option is marked as deprecated in
favor of using normal POSIX socket API includes found under the
include/zephyr/posix directory. If you want to use BSD socket API calls,
you need to select POSIX_API and use the socket headers found in the
POSIX subsystem. If you do not want to or cannot enable POSIX_API,
then you must use zsock_ prefix when working with BSD socket calls.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Rework TELNET shell backend to use socket API for communication and
socket service library for socket monitoring.
Additionally, rework the TX part so that non-blocking TX is used when
sending from the system work queue. In case transfer is not possible at
the moment, the TX work is rescheduled instead of blocking the system
work queue.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
If getaddrinfo() is called with a long DNS timeout, then split
the timeout to smaller pieces with exponential backoff. Reason
for this is that if a DNS query is lost, then we do not need
to wait for a long time to find it out.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
DTLS socket should be able to combine more than one message into a
single datagram when calling sendmsg().
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add CONFIG_NET_SOCKETS_DTLS_MAX_FRAGMENT_LENGTH for limiting
the Maximum Fragment Length (MFL) for DTLS with Mbed TLS.
This is needed when MBEDTLS_SSL_OUT_CONTENT_LEN and
MBEDTLS_SSL_IN_CONTENT_LEN are set to larger values than the MTU
of the network and IP fragmentation is not supported.
Signed-off-by: Markus Lassila <markus.lassila@nordicsemi.no>
Make sure that socket service is started earlier than
config library. This is enforced in config libs init.c
but set the default value here too.
The reason for this is that the config library might need
to start dhcpv4 server which needs socket service to work,
so the ordering is important here.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Increase socket services thread default stack size when DHCPv4 server is
enabled, as it uses synchronous processing.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
User is able to tweak the socket service dispatcher thread
priority in order to get better performance from the system
if needed. By default the dispatcher thread runs in lowest
application thread priority (K_LOWEST_APPLICATION_THREAD_PRIO).
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The socket service provides a similar functionality as what
initd provides in Linux. It listens user registered sockets
for any activity and then launches a k_work for it. This way
each application does not need to create a thread to listen
a blocking socket.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Moving the Zephyr specific config options from
modules/hostap/Kconfig to corresponding Kconfig where the
option is specified.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
When the protocol layer like TCP is blocking transmission, the socket
layer will attempt and wait for a maximum amount of time before returning
with an ENOBUFS error.
This change allows to set the maximum waiting time from the configuration
file instead of using a fixed 10 second value.
Signed-off-by: Sjors Hettinga <s.a.hettinga@gmail.com>
Updates NET_SOCKETS_TLS_MAX_APP_PROTOCOLS Kconfig option description to use
DTLS instead of DTL.
Signed-off-by: Daniel Mangum <georgedanielmangum@gmail.com>
When the target board does not have heap by default, allows
statically reserving the space for required socketpairs.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Socketpair functionality has matured enough to be used in a
consistent way now regardless of architecture or platform,
even on `native_posix`.
Remove the experimental status to reflect that.
Signed-off-by: Chris Friedt <cfriedt@meta.com>
Introducing additional socket implementations is rather involved right
now due to some more or less convoluted code that had grown over time.
This change introduces an additional configuration variable in preparation
for additional socket API drivers. The idea is to reduce redundant code
and make existing code more readable by better exposing its actual intent.
Signed-off-by: Florian Grandel <jerico.dev@gmail.com>
This new implementation of pipes has a number of advantages over the
previous.
1. The schedule locking is eliminated both making it safer for SMP
and allowing for pipes to be used from ISR context.
2. The code used to be structured to have separate code for copying
to/from a wating thread's buffer and the pipe buffer. This had
unnecessary duplication that has been replaced with a simpler
scatter-gather copy model.
3. The manner in which the "working list" is generated has also been
simplified. It no longer tries to use the thread's queuing node.
Instead, the k_pipe_desc structure (whose instances are on the
part of the k_thread structure) has been extended to contain
additional fields including a node for use with a linked list. As
this impacts the k_thread structure, pipes are now configurable
in the kernel via CONFIG_PIPES.
Fixes#47061
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
