Unify the function naming for various network checking functions.
For example:
net_is_ipv6_addr_loopback() -> net_ipv6_is_addr_loopback()
net_is_my_ipv6_maddr() -> net_ipv6_is_my_maddr()
etc.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Make sure that ICMPv6 checksum is correct before continuing
processing the packet.
Fixes#10971
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we receive an IPv6 packet with organisation scope multicast
address FF08:: then we must drop it as those addresses are
reserved for organisation network traffic only.
Fixes#10961
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we receive an IPv6 packet with site scope multicast
address FF05:: then we must drop it as those addresses are
reserved for site network traffic only.
Fixes#10960
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we receive an IPv6 packet with interface scope multicast
address FF01:: then we must drop it as those addresses are
reserved for local network traffic only.
Fixes#10959
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
We must drop packet that is received from outside and which has
IPv6 loopback address (::1) either as a destination address or
source address.
Fixes#10933
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Cache the used transport protocol in net_pkt. This way we can
avoid traversing IP header to get the last protocol in network
packet. This is mostly an issue in IPv6 which can have a long
list of extension headers after IPv6 header and before the
transport protocol header.
Fixes#10853
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
As the debugging print calls are async, all the strings that might
be overwritten must use log_strdup() which will create a copy
of the printable string.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Instead of one global log level option and one on/off boolean
config option / module, this commit creates one log level option
for each module. This simplifies the logging as it is now possible
to enable different level of debugging output for each network
module individually.
The commit also converts the code to use the new logger
instead of the old sys_log.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
pkt properties should be set prior to routing.
If packet routing is turned on and the packet is
forwarded to an interface, the pkt properties like
ipv6_ext_len or ip_hdr_len will not be initialized.
If a UDP packet is forwarded to an 6lo interface,
it leads to incorrect calculation of UDP header
during UDP header compression (net_udp_get_hdr).
Fixes#10204
Signed-off-by: Johann Fischer <j.fischer@phytec.de>
If a malformed packet with multiple HBHO is received by the Zephyr IP
stack it replies with ICMPv6 type 4 code 1: "Parameter problem
unrecognized Next Header type encountered". This ICMPv6 message has
wrong IPv6 payload length and ICMPv6 checksum.
RFC 8200 in chapter 4.1 states:
Each extension header should occur at most once, except for the
Destination Options header, which should occur at most twice (once
before a Routing header and once before the upper-layer header).
There are two possible solutions to the problem at hand:
1) Respond with ICMPv6 Parameter problem, in this case IPv6 length and
ICMPv6 checksum need to be fixed
2) Drop the malformed packet
This patch implements the easy solution - 2. Basically it changes the
code to drop the malformed packet instead of sending ICMPv6 type 4
code 1.
Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
No functionality changes. Just moved IPv6 fragment and related functions
to ipv6_fragment.c for better readability
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
No functionality changes. Just moved IPv6 MLD and related functions
to ipv6_mld.c for better readability.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
No functionality changes. Just moved IPv6 neighbor and related functions
to ipv6_nbr.c for better readability.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Each IPv6 neighbor entry had a k_delayed_work to be used as a timer to
send ND reachable message and waiting for the reply in order to get to
the neighbor details.
But k_delayed_work is not a small object (40 bytes). Thus reworking the
IPv6 ND reachable request timer by having one central k_delayed_work
and a timestamp in every IPv6 neighbor data entry properly handled at
every timeout.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Each IPv6 neighbor entry had a k_delayed_work to be used as a timer to
send NS message and waiting for the NS reply in order to get to the
neighbor details.
But k_delayed_work is not a small object (40 bytes). Thus reworking the
IPv6 send NS request timer by having one central k_delayed_work and
a timestamp in every IPv6 neighbor data entry properly handled at every
timeout.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Instead of having one delayed_work struct / IP address, use
only one delayed_work struct for lifetime timer. This saves
over 20 bytes / allocated address struct.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Refactor usage of net_sprint_ip*() where multiple
invocations are needed per single log call.
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
Echo server crashes upon reception of fragmented packets. This
occurs when fragmentation is enabled with the default prj.conf
of echo server. The cause is that by default with logs disabled
net_sprint_ipv6_addr returns NULL.
Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
Instead of waiting forever for a network buffer, have a timeout
when allocating net_buf. This way we cannot left hanging for a
long time waiting for a buffer and possibly deadlock the system.
This commit only adds checks to core IP stack in subsys/net/ip
Fixes#7571
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
IPv6 cleanup patch introduced a regression. Misunderstood the logic.
Do not drop the packet if packet does not have ND options, just skip.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Instead of reading or writing different icmpv6 header's individual
variables, better to read or write whole struct at a time. This
minimizes the calls to net_frag_read() or net_frag_write().
changes also removed slow and fast paths. Changes should optimize
the total flow.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
IPv6 fragmentation splits the packet into two parts, one is header
and another is payload. Every time header is cloned and part of
payload is appended. At the end original header packet is not freed.
Causes memory leak.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
When an echo request is sent to an unknown neighbor, a Neighbor
Solicitation request is sent, however if the source address
cannot be determined the NS request is dropped but the pending
packet is not freed.
Signed-off-by: Léonard Bise <leonard.bise@gmail.com>
Current implementation does not handle large extension headers
(e.g HBHO). Which resulted network stack crashes or due to
misinterpretation of lengths network packets are dropped. Also
caused issues while preparing IPv6 packet (e.g. large HBHO header
with IPv6 fragmentation support).
Issues fixed and provided more unit tests.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
If Neighbor Advertisement cannot be sent, then print info about it.
Earlier we printed info when NA succeeded.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Because per-interface statistics rely on interface pointer stored in a
net_pkt, it should not be unreferenced before stats are updated.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The hop limit value in net_pkt was not updated according to
received IPv6 header.
Fixes#8182
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This one converts "raw" timeout value to use K_MSEC() macro
in order to make clear how long the timeout is.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Use of K_SECONDS() macro is more intuitive so use that instead of
plain MSEC_PER_SEC define.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Convert couple of MSEC() calls to K_MSEC() as the timeouts
when using MSEC() are just too long.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Similar to UDP, some drivers can make use of the following functions:
net_tcp_get_hdr()
net_tcp_set_hdr()
Let's expose them as <net/tcp.h> and change all internal references
to "tcp_internal.h".
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
This commit fixes crash caused by double free from message sequence
fragmentation. When double free happens the call stack is:
0 reassembly_cancel
1 handle_fragment_hdr
2 net_ipv6_process_pkt
3 process_data
4 processing_data
5 net_rx
6 process_rx_packet
7 work_q_main
8 _thread_entry
So at first packet is unrefed in reassembly_cancel and then also in
processing_data.
Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
Instead of one global statistics, collect statistics information
separately for each network interface. This per interface statistics
collection is optional but turned on by default. It can be turned
off if needed, in which case only global statistics are collected.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Instead of always allocating both IPv6 and IPv4 address information
to every network interface, allow more fine grained address
configuration. So it is possible to have IPv6 or IPv4 only network
interfaces.
This commit introduces two new config options:
CONFIG_NET_IF_MAX_IPV4_COUNT and CONFIG_NET_IF_MAX_IPV6_COUNT
which tell how many IP address information structs are allocated
statically. At runtime when network interface is setup, it is then
possible to attach this IP address info struct to a specific
network interface. This can save considerable amount of memory
as the IP address information struct can be quite large (depends
on how many IP addresses user configures in the system).
Note that the value of CONFIG_NET_IF_MAX_IPV4_COUNT and
CONFIG_NET_IF_MAX_IPV6_COUNT should reflect the estimated number of
network interfaces in the system. So if if CONFIG_NET_IF_MAX_IPV6_COUNT
is set to 1 and there are two network interfaces that need IPv6
addresses, then the system will not be able to setup IPv6 addresses to
the second network interface in this case. This scenario might be
just fine if the second network interface is IPv4 only. The net_if.c
will print a warning during startup if mismatch about the counts and
the actual number of network interface is detected.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Move IP address settings from net_if to separate structs.
This is needed for VLAN support.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Create infrastructure that allows ethernet device driver to tell
if it supports network packet checksum offloading. This applies only
to IPv4, UDP or TCP checksums. The driver can enable/disable checksum
offloading separately for Tx and Rx network packets.
If the device (ethernet in this case) can calculate the network
packet checksum for IPv4, UDP or TCP, then do not calculate the
corresponding checksum by the stack itself.
Fixes#2987
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Memory leak occurs if neighbor table is full and echo request from an
unknown neighbor is received. Hence, on an attempt to send NS unref of
pending is not done, causing the memory leak.
Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
If net-shell is enabled then it could try to access neighbor state
names. This would cause compile error as net_ipv6_nbr_state2str()
function is then missing.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This commit fixes incorrect Ethernet frame check sequence and ICMPv6
checksum caused by MTU set to zero in RA
Fixes#6342
Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
This commit fixes the crash of echo server from unsolicited RA with
reachable time set to 2147483648. The crash was in
net_if_ipv6_calc_reachable_time because such large value resulted in
modulus by zero due to integer overflow.
Fixes#6382
Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
Assertions should only be used to check invariants. Things that may
change value in runtime are better left to proper checks.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
