Implements setsockopt() for the socket offload driver
to process the TLS tags sent in via the Zephyr setsockopt() API,
when CONFIG_NET_SOCKETS_SOCKOPT_TLS is chosen.
For each tag, the credential filenames are retrieved and
set via SimpleLink's sl_SetSockOpt() API.
Also, creates a new KConfig option for TLS_CREDENTIAL_FILENAMES.
This new option is used by apps/protocols to add TLS credentials
via filenames referring to the actual content stored on a secure
file system or flash.
Handles the IPPROTO_TLS_* socket protocol families in the
socket() offloaded API.
This was validated on the cc3220sf_launchxl with the http_get sockets
sample, with the globalsign_r2.der file loaded to secure flash via
the TI Uniflash tool, and using the TI Catalog of known good
root CA's.
Signed-off-by: Gil Pitney <gil.pitney@linaro.org>
net_rpl_get_interface() function which returns always NULL is
defined if NET_RPL is not enabled. so remove deprecated tag to
this particular function. Otherwise it will cause unnecessary
compilation warnings.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Two separate folders and Kconfig options causing confusion on
CoAP and CoAP_SOCK implementations. This patch simplifies it.
Current CoAP Kconfig option moved to COAP_NET_PKT.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
When resending data, we need to always check pending status first.
If the pending check returns an "expired" status, avoid sending the
data to L2 network driver entirely.
This change fixes a use after free issue, where the L2 network driver
was still handling a packet that was expired out from under it when
the pending status was checked.
Signed-off-by: Michael Scott <mike@foundries.io>
During firmware transmit timeout, we rely on the pending packet data to
reconstitute the token and token length. At this point the pending
structure may be cleared out due to multiple retries. To avoid getting
a zero token, let's use the token data from the original msg structure
instead.
Signed-off-by: Michael Scott <mike@foundries.io>
We are using msg->cpkt.pkt as the net_pkt pointer in the call to
net_app_send_pkt(). Let's keep the code clean and not expose
ourselves to "out of order" issues, by also using msg->cpkt.pkt
in the error handling unref call.
Signed-off-by: Michael Scott <mike@foundries.io>
During the retransmit cycle we take ref on the outgoing packet,
only to immediately unref it. Originally, this was to make sure
the net_context handling didn't get rid of the packet when
sendto() is called. But after checking, the ref counter is never
in danger of going to 0 at this point in the code, so the
added ref handling is useless.
Signed-off-by: Michael Scott <mike@foundries.io>
Add some extra space to the color resource buffer, to allow more
exotic and application-specific color spaces.
Signed-off-by: Marti Bolivar <marti@foundries.io>
File descriptor I freed automagically when using POSIX subsystem's
close() function, but any subsys-adhoc functions like zsock_close()
should do that explicitly.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Add new, socket based MQTT implementation, based on MQTT from Nordic
nRF5 SDK, introducing the following features:
* transport independent MQTT logic, with support for multiple transports
* support for multiple MQTT versions (3.1.0 and 3.1.1 supported)
* single event handler - no need to keep callback array in RAM
* automatic send of Ping Requests, for connection keep-alive
* message/event parameters wrapped into strucutres - easier extension
for future MQTT versions
* no separate thread needed to run MQTT - application only needs to call
mqtt_input and mqtt_live periodically
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Rename existing headers and sybols to mqtt_legacy, to allow new
implementation to keep old config and header names.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
With FD table introduction, net_context can no longer be reached by
typecasting socket descriptor. Instead, file descriptor API have to be
used.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
ztls_setsockopt and ztls_getsockopt returned error codes instead of
setting errno in particular cases. This commit fixes it.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In earlier commit 15e7e3ea4 ("net: ip: Split debug prints into
smaller pieces"), the net_pkt debug prints were split to two
lines because of the argument count limitation in logging system.
As the logging subsystem increased the limit count in
commit 62d011549a ("logging: Support for up to 15 arguments in log
message") we can restore the original version as it is easier
to read.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
These changes were obtained by running a script created by
Ulf Magnusson <Ulf.Magnusson@nordicsemi.no> for the following
specification:
1. Read the contents of all dts_fixup.h files in Zephyr
2. Check the left-hand side of the #define macros (i.e. the X in
#define X Y)
3. Check if that name is also the name of a Kconfig option
3.a If it is, then do nothing
3.b If it is not, then replace CONFIG_ with DT_ or add DT_ if it
has neither of these two prefixes
4. Replace the use of the changed #define in the code itself
(.c, .h, .ld)
Additionally, some tweaks had to be added to this script to catch some
of the macros used in the code in a parameterized form, e.g.:
- CONFIG_GPIO_STM32_GPIO##__SUFFIX##_BASE_ADDRESS
- CONFIG_UART_##idx##_TX_PIN
- I2C_SBCON_##_num##_BASE_ADDR
and to prevent adding DT_ prefix to the following symbols:
- FLASH_START
- FLASH_SIZE
- SRAM_START
- SRAM_SIZE
- _ROM_ADDR
- _ROM_SIZE
- _RAM_ADDR
- _RAM_SIZE
which are surprisingly also defined in some dts_fixup.h files.
Finally, some manual corrections had to be done as well:
- name##_IRQ -> DT_##name##_IRQ in uart_stm32.c
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
Pass the promiscuous mode OFF event properly to device driver
instead of just toggling the network interface flag.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Flush the promiscuous queue after all the clients have turned
off promiscuous mode. This makes sure that we do not leave any
RX packets hanging on the queue and waste memory.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If ARP header contains invalid fields then drop the packet.
Fixes#11257Fixes#11254Fixes#11253Fixes#11248
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Couple of findings which were revealed after changing
LOG_MODULE_REGISTER macro:
- missing semicolons after LOG_MODULE_REGISTER()
- missing LOG_LEVEL defines
- other
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Introduce new Kconfig option for selecting either slip or ethernet
connectivity to host.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Verify incoming ARP packet hardware and protocol type. Drop
unknown type of packets.
Fixes#11215Fixes#11217
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
FD method tables contain function pointers, and thus should be
const and reside in ROM. This patch fixes all cases of FD vtable
definitions: for POSIX FS API and for sockets.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
If we change the ethernet MAC address, then we must also remove
the old IPv6 interface identifier (iid) address from the
interface. Otherwise there might not be enough space in the IPv6
address array for the new iid address and beside the old iid
address is not useful any more after the MAC address is changed.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Make sure that IPv4 specific functions are callable even if
IPv4 is not enabled. This allows use of IS_ENABLED() macro
in other parts of the system.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Make sure that IPv6 specific functions are callable even if
IPv6 is not enabled. This allows use of IS_ENABLED() macro
in other parts of the system.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
No need to evaluate what's the ll reserve size here as net if has a
function to do so.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
If the destination IPv6 address is interface local scope multicast
address FF01::, then loopback those packets back to us as that is
the purpose of those addresses. They are to work same way as
localhost unicast address. See RFC 3513 ch 2.7 for details.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If IPv6 is disabled, then we can skip IPv6 checks and avoid
Coverity warnings. Same thing for IPv4.
Coverity-CID: 189506
Fixes#11100
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Previously the "socket file descriptors" were just net_context
pointers cast to int. For full POSIX compatibility and support
of generic operations line read/write/close/fcntl/ioctl, the
real file descriptors should be supported, as implemented by
fdtable mini-subsys.
Socket implementation already has userspace vs flatspace dichotomy,
and adding to that ptr-fds vs real-fds dichotomy (4 possible cases)
is just too cumbersome. So, switch sockets to real fd's regardless
if full POSIX subsystem is enabled or not.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Unify the function naming for various network checking functions.
For example:
net_is_ipv6_addr_loopback() -> net_ipv6_is_addr_loopback()
net_is_my_ipv6_maddr() -> net_ipv6_is_my_maddr()
etc.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Make sure that ICMPv6 checksum is correct before continuing
processing the packet.
Fixes#10971
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we receive an IPv6 packet with organisation scope multicast
address FF08:: then we must drop it as those addresses are
reserved for organisation network traffic only.
Fixes#10961
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we receive an IPv6 packet with site scope multicast
address FF05:: then we must drop it as those addresses are
reserved for site network traffic only.
Fixes#10960
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we receive an IPv6 packet with interface scope multicast
address FF01:: then we must drop it as those addresses are
reserved for local network traffic only.
Fixes#10959
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
For Bluetooth, the link address is set only after the Bluetooth
connection is established. Because of this, place the link address
check to net_if_up() because at that point the link address should
be set properly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
There's a lot of code which assumes net_if_get_link_addr(iface)->addr
Forgetting to set it leads to deferred, spectacular crashes. It's
impractical to assert it on every usage. So, instead let's assert
it after call to driver->init(), as that is supposed to set it.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Fixes following warning:
...
subsys/net/lib/dns/llmnr_responder.c:24:0:
subsys/net/lib/dns/llmnr_responder.c: In function ‘recv_cb’:
include/net/net_pkt.h:1203:9: warning: ‘addr’ may be used uninitialized
in this function [-Wmaybe-uninitialized]
return net_pkt_append(pkt, len, data, timeout) == len;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
subsys/net/lib/dns/llmnr_responder.c:306:14: note: ‘addr’ was declared
here
const u8_t *addr;
^~~~
...
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Fixes warning:
warning: ‘ipv6’ defined but not used [-Wunused-variable]
static struct net_context *ipv6;
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
We must drop packet that is received from outside and which has
IPv6 loopback address (::1) either as a destination address or
source address.
Fixes#10933
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
CoAP library is migrated to support over socket based
applications or other higher layer protocols. Most of the
API's and functionality is kept as it is except few changes.
net_pkt/net_buf is removed from CoAP library. Now it expects
a pre-allocated flat buffer and length. If there is not enough
space to append any data, library simply returns an error.
It's user's responsibility to allocate and free memory.
One change in functionality is, earlier coap_pending_clear()
used to clear the memory, but now it's user's responsibility
to free the memory.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
ICMPv4 checksum is not optional and thus cannot be zero. Hence, drop
packet with invalid zero ICMPv4 checksum.
Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
