This is a hack that is used until we have proper IP routing
in place. The code has now special check that makes sure that
we only route IP packets to VPN interface when the packet is
destined to that subnet. So if destination IP address does
not belong to VPN interface subnet, it is not routed there.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Instead of calling various network interface API functions to get
the network interface and related source IP address, have a single
function that can return both data.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add support for the IP_MULTICAST_LOOP socket option to control
multicast packet loopback.
Signed-off-by: AbdElRahman Khalifa <abdelrahman.5alifa@gmail.com>
Add support for the IPV6_MULTICAST_LOOP socket option.
This option allows enabling or disabling the consumption of multicast
packets by the sender. By default, the socket option will be enabled.
Co-authored-by: Pieter De Gendt <pieter.degendt@gmail.com>
Signed-off-by: Sayooj K Karun <sayooj@aerlync.com>
We drop the packet if TTL or hop limit is 0, but we should
also unref the packet in this case because we return 0 to
the caller which is not then able to free the packet because
it thinks that the packet was sent properly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The check_ip() in net_core.c did not check that the packet
Ethernet type is either IPv4 or IPv6. This meant that we for
example checked TTL also for ARP packets which is pointless as
those are not IPv4 packets.
Fix this by checking the link layer protocol type of the packet
to be either IPv4 or IPv6 before doing L3 checks.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Adding a helper to parse one or more IPv4/6 strings with optional
netmask or prefix length.
Example of the string:
2001:db8::1/64,192.0.2.1,2001:db8::2,192.0.2.2/24
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Set NET_ADDR_PREFERRED before network event is generated, so that conn_mgr
properly generates NET_EVENT_L4_CONNECTED and NET_EVENT_L4_IPV6_CONNECTED
events.
Fixes: 1a5e13a79b ("net: if: Release the interface lock early when
starting IPv4 ACD")
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
Set NET_ADDR_PREFERRED before network event is generated, so that conn_mgr
properly generates NET_EVENT_L4_CONNECTED and NET_EVENT_L4_IPV4_CONNECTED
events.
Fixes: 1a5e13a79b ("net: if: Release the interface lock early when
starting IPv4 ACD")
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
Previously the net_linkaddr struct had pointers to the link address.
This is error prone and difficult to handle if cloning the packet as
those pointers can point to wrong place. Mitigate this issue by
allocating the space for link address in net_linkaddr struct. This will
increase the size of the net_pkt by 4 octets for IEEE 802.15.4 where the
link address length is 8, but there no increase in size if link address
is 6 bytes like in Ethernet/Wi-Fi.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Use the newly added timeout in various send functions from within
net_context_sendto.
Signed-off-by: Cla Mattia Galliard <cla-mattia.galliard@zuehlke.com>
Allows to send with different timeouts to not block caller in some
situations. Stable API is kept and just calls `try`-variant with a timeout
of `K_FOREVER`.
Signed-off-by: Cla Mattia Galliard <cla-mattia.galliard@zuehlke.com>
When a TCP connection is refused during zsock_connect, errno is set
to -ENOTCONN, but errno should be set to -ECONNREFUSED. This change
causes the ECONNREFUSED status to be propagated from tcp_in to
net_tcp_connect, which eventually causes errno to be set
to -ECONNREFUSED.
Signed-off-by: Noah Olson <noah@wavelynx.com>
In order to avoid any mutex deadlocks between iface->lock and
TX lock, release the interface lock before calling a function
that will acquire TX lock. See previous commit for similar issue
in RS timer handling. So here we create a separate list of ACD
addresses that are to be started when network interface comes up
without iface->lock held.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
In order to avoid any mutex deadlocks between iface->lock and
TX lock, release the interface lock before calling a function
that will acquire TX lock. See previous commit for similar issue
in RS timer handling. So here we create a separate list of multicast
addresses that are to be rejoined when network interface comes up
and then rejoin the groups without iface->lock held.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
In order to avoid any mutex deadlocks between iface->lock and
TX lock, release the interface lock before calling a function
that will acquire TX lock. See previous commit for similar issue
in RS timer handling.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The net_if.c:rs_timeout() is sending a new IPv6 router solicitation
message to network by calling net_if_start_rs(). That function will
then acquire iface->lock and call net_ipv6_start_rs() which will try
to send the RS message and acquire TX send lock.
During this RS send, we might receive TCP data that could try to
send an ack to peer. This will then in turn cause also TX lock
to be acquired. Depending on timing, the lock ordering between
rx thread and system workq might mix which could lead to deadlock.
Fix this issue by releasing the iface->lock before starting the
RS sending process. The net_if_start_rs() does not really need to
keep the interface lock for a long time as it is the only one sending
the RS message.
Fixes#86499
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Queueing packets should be possible from the ISR context, recent changes
prevented that. Therefore add extra checks in
net_tc_submit_to_tx/rx_queue() to make them ISR friendly again.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When run the Zperf UDP throughput with '-a' (Asynchronous call),
zperf_work_q thread will generate and send the packets to tx_q thread.
When zperf_work_q and tx_q threads have same priority, if zperf_work_q
fails to take the semaphore of fifo_slot, it will not wait and directly
drop the net_pkt. Then it will allocate new net_pkt, repeat, and always
occupy the CPU, which leads to extreme low throughput.
For TX, when take the semaphore of fifo_slot, setting a wait time of
K_FOREVER to let other thread to process and free these packets.
For RX, when failed to take the semaphore of fifo_slot, yield the CPU
to let the thread of data path with same priority to run to reduce
dropping packets.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
In rare occasions when sending DAD NS packet fails, we should still
setup the DAD timer, unless we implement some kind of more advanced
retry mechanism. If we don't do that, the IPv6 address added to the
interface will never be usable in such cases.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
DAD creates an entry in the neighbor cache for the queried (own)
address. In case the address is removed from the interface while DAD is
still incomplete, we need to remove the corresponding cache entry (just
like in case of DAD timeout) to avoid stale entries in the cache.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
According to RFC 4861, ch. 7.2.5:
"If the Override flag is set, or the supplied link-layer address
is the same as that in the cache, or no Target Link-Layer Address
option was supplied, the received advertisement MUST update the
Neighbor Cache entry as follows
...
If the Solicited flag is set, the state of the entry MUST be
set to REACHABLE"
This indicates that Target Link-Layer Address option does not need to be
present in the received solicited Neighbor Advertisement to confirm
reachability. Therefore remove `tllao_offset` variable check from the
if condition responsible for updating cache entry. No further changes in
the logic are required because if TLLA option is missing,
`lladdr_changed` will be set to false, so no LL address will be updated.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
According to RFC 4861, ch. 7.3.3:
"Upon entering the PROBE state, a node sends a unicast Neighbor
Solicitation message to the neighbor using the cached link-layer
address."
Zephyr's implementation was not compliant with behavior, as instead of
sending a unicast probe for reachability confirmation, it was sending a
multicast packet instead. This commit fixes it.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When Router Advertisement with Source Link-Layer Address option is
received, host should register a new neighbor marked as STALE
(RFC 4861, ch. 6.3.4). This behavior was broken however, because
we always added a new neighbor in INCOMPLETE state before processing
SLLA option. In result, the entry was not updated to the STALE state,
and a redundant Neighbor Solicitation was sent.
Fix this by moving the code responsible for adding neighbor in
INCOMPLETE state after options processing, and only as a fallback
behavior if the SLLA option was not present.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
If an IP address already exists when it is tried to be added to the
network interface, then just return it but update ref count if it was
not updated. This could happen if the address was added and then removed,
but for example an active connection was still using it and keeping the
ref count > 0. In this case we must update the ref count so that the IP
address is not removed if the connection is closed.
Fixes#85380
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Allow user to specify the network interface where the query should
be sent, but only if the user has supplied the DNS servers in sockaddr
list. If user has specified a DNS servers in a string list, then the
possible network interface is taken from the string.
The reason for this is that it is not possible to add network interface
to the sockaddr list so an extra parameter is needed.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Allow user to specify socket service struct and port number so
that DNS servers specified in Kconfig etc are not used. This way
we can send a DNS query to arbitrary address without it affecting
the system configuration.
This is used in mDNS probing so that that mDNS responder can send
probe message and not change / configure system global DNS config.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Introduce dns_resolve_name_internal() that allows resolving a name
and not use DNS cache if caching is enabled.
This is needed in mDNS probing (RFC 6762 chapter 8.1) which needs
to send a mDNS query and not get any results from cache.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Print interface status information for "net iface" command.
This is useful information when debugging connectivity issues.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Building with clang warns:
subsys/net/ip/utils.c:600:24: error: unused function 'pkt_calc_chksum'
[-Werror,-Wunused-function]
static inline uint16_t pkt_calc_chksum(struct net_pkt *pkt, uint16_t sum)
^
pkt_calc_chksum is called by net_calc_chksum, which only exists when
CONFIG_NET_NATIVE_IP is defined.
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Since a separate CONFIG_NET_TC_RX_SKIP_FOR_HIGH_PRIO was introduced for
RX TC queues, CONFIG_NET_TC_SKIP_FOR_HIGH_PRIO became ambiguous,
rename it to CONFIG_NET_TC_TX_SKIP_FOR_HIGH_PRIO and deprecate the old
config.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
If VLAN count is set to 0, then only priority tagged VLAN frames
that have tag value 0 can be received. Also this means that VLAN
interfaces are not created which can save memory if you do not need
to receive any other VLAN frames than those tagged with value 0.
Fixes#84023
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add a configuration option to skip the rx-queues for high priority packets
analogously to the tx-side.
Signed-off-by: Cla Mattia Galliard <cla-mattia.galliard@zuehlke.com>
To avoid starvation of a traffic class by another, limit the maximum amount
of packets, that can sit in a single traffic-class-fifo to a fraction of
the maximum amount of available packets. In the tx-case also reserve
packets for direct sending, in the case, where
CONFIG_NET_TC_SKIP_FOR_HIGH_PRIO is enabled.
Signed-off-by: Cla Mattia Galliard <cla-mattia.galliard@zuehlke.com>
The conversion from IPv4 string presentation to numeric value
did not check if the individual address value was between 0 and 255
inclusive.
Add also test case for this.
Fixes#84593
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The size calculation for the first buffer, in case extra headroom is
requested, had a bug which could result in a size variable underflow
followed by net_buf exhaustion.
In case the net_buf size was larger than requested size, but smaller
than requested size + headroom, the whole buffer size was subtracted
from the requested size. This however did not take the extra headroom
into account and in effect could result in underflow.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The headroom was not taken into account for variable size data
buffers when CONFIG_NET_L2_ETHERNET_RESERVE_HEADER was enabled.
Add a test case for it to make sure the reserve allocation works
properly.
Fixes#84053
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Trust that the protocol type is set correctly by functions
called before this one. We should not set the protocol type
blindly in this generic function.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The ARP code has set the protocol type of the packet to
0x806, so do not change it when preparing to send to 0x800
which is the IP protocol type. Lets trust the previously
called functions to set the ptype correctly and do not set
it here.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Only reserve L2 header for TX case when allocating net buffer,
as for RX case, all the received headers are already in linear
buffer when the driver receives the data, and reserve extra L2
header for RX case may exceed the default buffer size.
Signed-off-by: Maochen Wang <maochen.wang@nxp.com>
Allow user to specify protocol extensions when receiving data
from Ethernet network. This means that user can register L3
protocol handler using NET_L3_REGISTER() with the desired
protocol type. Ethernet code will then call the handler if
such a protocol type packet is received. This is currently
only implemented for Ethernet. The original IPv4 and IPv6
handling is left intact even if they can be considered to
be L3 layer protocol. This could be changed in the future
if needed so that IPv4 and IPv6 handling could be made
pluggable protocols.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Instead of setting the upper protocol type in ethernet_send()
by checking the protocol type bits, use the ptype that is already
set by the caller. This allows new protocol types to be supported
and makes the system extensible.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
