The least significant bit of the first octet of a MAC address is a
unicast/multicast bit. The bit should be cleared when generating a
random link address for a virtual interface. Any frames from such
interface/address will be dropped by the network as invalid if
the multicast bit is set.
Signed-off-by: Jack Chistyakov <jack.chistyakov@outlook.com>
Allow only 0xc (0b11) as two highest bit to mark the compression
when parsing the CNAME response. See RFC 9267 ch. 2 for details.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Make sure that the CNAME handling checks recursive name pointers
and fails the response if recursion is detected.
See RFC 9267 ch. 2 for details.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The check for index out of bound is missing, It turns into a crash
for input channel more than WIFI_MGMT_SCAN_CHAN_MAX_MANUAL.
Signed-off-by: Kapil Bhatt <kapil.bhatt@nordicsemi.no>
This is a hack that is used until we have proper IP routing
in place. The code has now special check that makes sure that
we only route IP packets to VPN interface when the packet is
destined to that subnet. So if destination IP address does
not belong to VPN interface subnet, it is not routed there.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Instead of calling various network interface API functions to get
the network interface and related source IP address, have a single
function that can return both data.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add support for setting up VPN enablers in the network stack.
These are to be used by the VPN implementation like Wireguard.
Signed-off-by: Jukka Rissanen <jukka.rissanen@gmail.com>
Currently we ignore the received domain name but make sure we
print it in order to avoid unknown option prints.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Currently we ignore the received host name but make sure we
print it in order to avoid unknown option prints.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Currently we ignore the broadcast address but make sure we
print it in order to avoid unknown option prints.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Avoid compiler warnings for zero-length-arrays in the http-server. By using
memcpy instead of strcpy.
Signed-off-by: Cla Mattia Galliard <cla-mattia.galliard@zuehlke.com>
Fix compiler warning by adjusting the number of chars copied to the
destination. Compiler does not like if the destination size of the
`strncpy`-operation is the same as the number of characters written. Even
though it is not a bug in this case. Only copying size-1 characters fixes
the warning and exhibits the same behavior.
Signed-off-by: Cla Mattia Galliard <cla-mattia.galliard@zuehlke.com>
If socket call fails when mdns_responder creates listeners, then
print the return value to make it easier to figure out what is
wrong. Typically one needs to increase the size of
CONFIG_ZVFS_OPEN_MAX if errno is ENFILE.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The simple backend returns the size of the credential,
even if it is too big.
The secure backend should do the same,
our libraries depend on this behaviour.
Signed-off-by: Maximilian Deubel <maximilian.deubel@nordicsemi.no>
The help text for connect says
[-b, --band] 0: any band (2:2.4GHz, 5:5GHz, 6:6GHz]
but it disallows setting band to 0. Change this and allow
band 0 option when doing normal connect. Disallow setting
the band 0 when enabling AP mode.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The negative status code is actually the errno which we might
get returned from lower levels. For example if user sets -t
(timeout) option, the -ETIMEDOUT might be returned. In this case
map the errno value to connection timeout status value.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
If "wifi connect" fails, tell user why in textual format.
This helps debugging connectivity issues.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
As MQTT 5.0 allows to specify the disconnect reason in the Disconnect
packet, use this new feature to improve error notification to the
broker, according to the error guidelines in the MQTT 5.0 spec.
For most cases, a generic arbitrary mapping between errno values and
reason codes is used, however the parser can specify the disconnect
reason code manually to better handle certain corner cases (like invalid
topic alias used).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for handling topic aliases received from the broker.
The MQTT client implementation will store received topic for further use
in case consecutive PUBLISH received from the broker contains no topic
but alias only.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for a new AUTH message introduced in MQTT 5.0.
This is a new mechanism specified by MQTT 5.0, which allows clients and
brokers for enhanced authentication in between CONNECT and CONNACK
exchange. An additional MQTT event (MQTT_EVT_AUTH) was specified which
is triggered when the AUTH packet arrives from the broker.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for DICONNECT message specified in MQTT 5.0.
As with MQTT 5.0, the disconnect can now also be initiated by the
broker, it was needed to add decoder support for the message.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for PUBACK, PUBREC, PUBREL and PUBCOMP specified in MQTT
5.0. As all of these acknowledgment packets have similar format,
introduced a common encoder/decoder to handle ACK packets.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for PUBLISH message specified in MQTT 5.0. The message
encoder and decoder were updated to support MQTT properties.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for CONNACK message specified in MQTT 5.0, along with
property decoders required to decode MQTT properties. Decoded properties
are provided to the application within mqtt_connack_param structure,
accompanying the CONNACK event.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for CONNECT message specified in MQTT 5.0, along with
property encoders required to encode MQTT properties which is a new
concept in MQTT 5.0. Connect and will properties can be specified by the
application in the mqtt_client structure before connecting.
Introduce a helper function which allows to verify whether MQTT 5.0 is
used or not, so that it's still possible to use MQTT 3.1 even if MQTT
5.0 support is enabled in Kconfig.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The macro did not take into account the 2-byte binary data length
encoded before the actual binary data.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
It should be possible to select maximum supported MQTT version, so that
for example MQTT 5.0 features can be compiled-out in case they're not
needed.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Kconfig value LWM2M_ENGINE_MESSAGE_HEADER_SIZE added
an extra headroom for CoAP packet sizes so that
if CoAP Block-Wise transfer block-size is configured
to be same as LWM2M_COAP_MAX_MSG_SIZE, the full
payload block would usually fit to the datagram.
This causes too much confusion to be usable.
CoAP headers and options vary on sizes, and there is
no runtime limitations that we should check the
header size against.
Only real limitation is the CoAP packet size, which
must fit into the UDP datagram with typical DTLS headers.
Only limitation for CoAP block-size then is that
it must fit into the CoAP message with all the headers
and options. But as the option sizes, like path, vary,
it must be checked runtime.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Convert the socket poll logic to use a more lightweight eventfd file
descriptor instead of a socket pair.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
Add support for the IP_MULTICAST_LOOP socket option to control
multicast packet loopback.
Signed-off-by: AbdElRahman Khalifa <abdelrahman.5alifa@gmail.com>
Following warning is printed if using strncpy(), so use memcpy()
instead. Note that this is false positive as there is no error here but
in order to avoid the warning, change the copy function.
subsys/net/lib/dns/mdns_responder.c:1371:25: warning:
'strncpy' output may be truncated copying 7 bytes from a string
of length 8 [-Wstringop-truncation]
1468 | strncpy(if_req.ifr_name, name, sizeof(if_req.ifr_name) - 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
subsys/net/lib/dns/mdns_responder.c:1468:25: warning:
'strncpy' output may be truncated copying 7 bytes from a string
of length 8 [-Wstringop-truncation]
1468 | strncpy(if_req.ifr_name, name, sizeof(if_req.ifr_name) - 1);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add support for the IPV6_MULTICAST_LOOP socket option.
This option allows enabling or disabling the consumption of multicast
packets by the sender. By default, the socket option will be enabled.
Co-authored-by: Pieter De Gendt <pieter.degendt@gmail.com>
Signed-off-by: Sayooj K Karun <sayooj@aerlync.com>
TLS_CREDENTIAL_SERVER_CERTIFICATE credential type is misleading, as in
fact it just represents a public certificate, it does not matter if the
certificate belongs to a server or a client. And actually, it was
already used in-tree for clients as well, for example in LwM2M.
Therefore rename the credential type to a more generic
TLS_CREDENTIAL_PUBLIC_CERTIFICATE and deprecate the old one.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
If there are no virtual interfaces attached to this virtual
interface, check if there is a RX handler for this virtual
interface and pass data to it.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Clear all previous events when register is called a second time. This is
the same behavior as before, if the call happens with `len` equal or
greater then the previous call but in the case if `len` is less then the
first call, now, all events are cleared. This is more predictable behavior.
Signed-off-by: Cla Mattia Galliard <cla-mattia.galliard@zuehlke.com>
We drop the packet if TTL or hop limit is 0, but we should
also unref the packet in this case because we return 0 to
the caller which is not then able to free the packet because
it thinks that the packet was sent properly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
