Add checks that we will be able to catch invalid compression bit in
response CNAME handling.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add checks that we will be able to catch recursive name pointers and
abandon the response for CNAME handling.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Building with clang, it warns:
tests/net/lib/http_server/core/src/main.c:1400:19: error: variable
'http1_header_capture_common_response' is not needed and will not be
emitted [-Werror,-Wunneeded-internal-declaration]
static const char http1_header_capture_common_response[]
^ = "HTTP/1.1 200\r\n"
Add a check to make sure the response actually matches the expected
response.
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Add support for DICONNECT message specified in MQTT 5.0.
As with MQTT 5.0, the disconnect can now also be initiated by the
broker, it was needed to add decoder support for the message.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for PUBACK, PUBREC, PUBREL and PUBCOMP specified in MQTT
5.0. As all of these acknowledgment packets have similar format,
introduced a common encoder/decoder to handle ACK packets.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for PUBLISH message specified in MQTT 5.0. The message
encoder and decoder were updated to support MQTT properties.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add test variant which enables MQTT 5.0 support. MQTT 3.1.1 should still
work just fine in such case, so it needs to be verified that's the case.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Kconfig value LWM2M_ENGINE_MESSAGE_HEADER_SIZE added
an extra headroom for CoAP packet sizes so that
if CoAP Block-Wise transfer block-size is configured
to be same as LWM2M_COAP_MAX_MSG_SIZE, the full
payload block would usually fit to the datagram.
This causes too much confusion to be usable.
CoAP headers and options vary on sizes, and there is
no runtime limitations that we should check the
header size against.
Only real limitation is the CoAP packet size, which
must fit into the UDP datagram with typical DTLS headers.
Only limitation for CoAP block-size then is that
it must fit into the CoAP message with all the headers
and options. But as the option sizes, like path, vary,
it must be checked runtime.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Make sure we install packages with no issues, some of the issues being
reporting on packages we might install using pip:
Warn: Project is vulnerable to: PYSEC-2019-41 / GHSA-qfc5-mcwq-26q8
Warn: Project is vulnerable to: PYSEC-2014-14 / GHSA-652x-xj99-gmcc
Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56
Warn: Project is vulnerable to: PYSEC-2014-13 / GHSA-cfj3-7x9c-4p3h
Warn: Project is vulnerable to: PYSEC-2018-28 / GHSA-x84v-xcm2-53pg
Warn: Project is vulnerable to: PYSEC-2017-74
Warn: Project is vulnerable to: GHSA-55x5-fj6c-h6m8
Warn: Project is vulnerable to: PYSEC-2014-9 / GHSA-57qw-cc2g-pv5p
Warn: Project is vulnerable to: PYSEC-2021-19 / GHSA-jq4v-f5q6-mjqq
Warn: Project is vulnerable to: GHSA-pgww-xf46-h92r
Warn: Project is vulnerable to: PYSEC-2022-230 / GHSA-wrxv-2j5q-m38w
Warn: Project is vulnerable to: PYSEC-2018-12 / GHSA-xp26-p53h-6h2p
Warn: Project is vulnerable to: PYSEC-2024-4 / GHSA-2mqj-m65w-jghx
Warn: Project is vulnerable to: PYSEC-2023-165 / GHSA-cwvm-v4w8-q58c
Warn: Project is vulnerable to: PYSEC-2022-42992 / GHSA-hcpj-qp55-gfph
Warn: Project is vulnerable to: PYSEC-2023-137 / GHSA-pr76-5cm5-w9cj
Warn: Project is vulnerable to: PYSEC-2023-161 / GHSA-wfm5-v35h-vwf4
Warn: Project is vulnerable to: GHSA-3f63-hfp8-52jq
Warn: Project is vulnerable to: GHSA-44wm-f244-xhp3
Warn: Project is vulnerable to: GHSA-56pw-mpj4-fxww
Warn: Project is vulnerable to: GHSA-j7hp-h8jx-5ppr
Warn: Project is vulnerable to: PYSEC-2023-175
Warn: Project is vulnerable to: PYSEC-2018-34 / GHSA-2fc2-6r4j-p65h
Warn: Project is vulnerable to: PYSEC-2021-856 / GHSA-5545-2q6w-2gh6
Warn: Project is vulnerable to: PYSEC-2019-108 / GHSA-9fq2-x9r6-wfmf
Warn: Project is vulnerable to: PYSEC-2018-33 / GHSA-cw6w-4rcx-xphc
Warn: Project is vulnerable to: PYSEC-2021-857 / GHSA-f7c7-j99h-c22f
Warn: Project is vulnerable to: GHSA-fpfv-jqm9-f5jm
Warn: Project is vulnerable to: PYSEC-2017-1 / GHSA-frgw-fgh6-9g52
Warn: Project is vulnerable to: GHSA-c6fm-rgw4-8q73
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
TLS_CREDENTIAL_SERVER_CERTIFICATE credential type is misleading, as in
fact it just represents a public certificate, it does not matter if the
certificate belongs to a server or a client. And actually, it was
already used in-tree for clients as well, for example in LwM2M.
Therefore rename the credential type to a more generic
TLS_CREDENTIAL_PUBLIC_CERTIFICATE and deprecate the old one.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Previously the net_linkaddr struct had pointers to the link address.
This is error prone and difficult to handle if cloning the packet as
those pointers can point to wrong place. Mitigate this issue by
allocating the space for link address in net_linkaddr struct. This will
increase the size of the net_pkt by 4 octets for IEEE 802.15.4 where the
link address length is 8, but there no increase in size if link address
is 6 bytes like in Ethernet/Wi-Fi.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
To add the functionality conform rfc6762 chapter 6.7 the interface for
setup_dst_addr(...) has changed. This patch fixes the interface mismatch
Signed-off-by: Vincent van der Locht <vincent@synchronicit.nl>
Rename the driver from uart_native_posix to uart_native_pty.
Including renaming the DTS compatible, and kconfig options, deprecating
the old ones.
And refactor the driver, generalizing it, so we can have any number of
instances.
Note that, unfortunately generalizing to N instances cannot be done
without a degree of backwards compatibility breakage: This driver was
born with all its configuration and selection of the instances based on
kconfig.
When the driver was made to use DT, it was done in a way that required
both DT and kconfig needing to manually coherently enable the 2nd UART.
This has now been fixed, which it means only DT is used to decide how
many instances are avaliable, and UART_NATIVE_POSIX_PORT_1_ENABLE is
just ignored.
Including:
* Deprecate UART_NATIVE_WAIT_PTS_READY_ENABLE: the options is always on
now as it has no practical drawbacks.
* Deprecate UART_NATIVE_POSIX_PORT_1_ENABLE: DTS intanciation defines it
being available now.
* Rename a few functions and in general shorten pseudo-tty/pseudo-
terminal to PTY instead of PTTY.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
As native_posix has been removed, these tests do not need to support
anymore both native_sim and _posix targets, so we can stop using
the transitional headers, and APIs.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Make sure that if mDNS resolver is enabled, we join the mDNS
multicast group so that query responses can be received.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add tests verifying the functionality of the newly added
accept-encoding based compression support.
Signed-off-by: Carlo Kirchmeier <carlo.kirchmeier@zuehlke.com>
native_posix is being removed as it has reached its end of life in 4.2,
after being deprecated since 4.0.
Remove the twister support for native_posix[//64] and therefore all
references to them from the testcases and samples yamls, so twister
does not error out.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Both files are released by Nordic under the Apache v2.0 license, correct
the SPDX tags accordingly.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
We need to make sure that within Zephyr different users of the PSA APIs
don't interfere with each other because of using the same numerical IDs
for persistent assets.
This takes care of the PSA key IDs when using persistent keys through
the PSA Crypto API.
See the comments in `<zephyr/psa/key_ids.h>` for more information.
This removes the recently-introduced Kconfig options that allowed changing
the base IDs subsystems were using for their persistent keys.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
From the MQTT-SN spec:
6.5 Topic Name Registration Procedure
...
At any point in time a client may have only one
REGISTER message outstanding, i.e. it has to wait
for a REGACK message before it can register another
topic name.
...
6.9 Client’s Topic Subscribe/Un-subscribe Procedure
...
As for the REGISTER procedure, a client may have only
one SUBSCRIBE or one UNSUBCRIBE transaction open at a time.
...
Until now, the library did not comply with these requirements.
An additional "waiting" state for topics was introduced:
REGISTER, SUBSCRIBE and UNSUBSCRIBE as an extra step before
switching to REGISTERING, SUBSCRIBING and UNSUBSCRIBING. The
library now makes sure that only one topic can be REGISTERING
and only one topic can be in either SUBSCRIBING or UNSUBSCRIBING.
Additionally, requesting to UNSUBSCRIBE is now denied if the topic
is not yet SUBSCRIBED, to avoid weird race conditions.
Also, added two tests that verify this behavior.
This fixes#84644
Signed-off-by: Rene Beckmann <rene.bckmnn@gmail.com>
The current DNS caching logic is not aware of the IP address version.
If there is a cached address for a query, the caller of
dns_get_addr_info() will receive that address, even if it is not the
same version as the caller requested. For example:
- dns_get_addr_info() is called to resolve an IPv4 address
- the DNS client caches the IPv4 address that was received
- dns_get_addr_info() is called to resolve an IPv6 address
- the DNS client sees that there is a cached IPv4 address for the
given query
- the DNS client does not check that the cached address is of the
requested version (IPv6)
- the cached IPv4 address is returned from dns_get_addr_info()
This changes the DNS client to check IP address version when searching
cached addresses.
Signed-off-by: Noah Olson <noah@wavelynx.com>
After recent kernel changes there's some thread scheduling race when
running tests, therefore add k_yield() at the end of each test to make
sure the server thread has a chance to run and do the cleanup.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
A _res_fallback parameter to HTTP_SERVICE_DEFINE is added to optionally
specify a fallback resource detail, which will be served if no other
resource matches the URL.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
As the test coverage keeps growing, the test suite no longer fits into
smaller devices, hence add min_flash requirement for the test suite to
filter them out.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Fixes#84198.
If a '?' character is used as part of a wildcard resource, do not treat
this as the end of the string when comparing with a path from the HTTP
request. Only the path from the HTTP request may be terminated by '?'
(in the case of a request with query parameters).
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Add test case for matching pending replies with received responses.
Cover corner cases that are failing with the current implementation.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Three tests has been added for Content-Range functionality in http
parser:
- test_content_range_supplied: Checks if parser handles range correctly.
- test_content_range_asterisk_total: Checks if parser interprets
astersk as no total size supplied.
- test_double_content_range_error: Checks if parser rejects header with
repeated Content-Range field.
Signed-off-by: Piotr Radecki <piotr.radecki@jrdltd.co.uk>
Add tests cases verifying that the server replies with HTTP 500 Internal
Server Error reply in case of processing error.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add tests cases verifying that the server replies with HTTP 405 Method
Not Allowed reply in case the client tries to access the resource with a
method it does not allow.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Ensure that HTTP resources can only be served to a client connected on
the specific service(s) that the resource was registered against using
the HTTP_RESOURCE_DEFINE macro.
This allows different resources to be registered to different services,
for example to make some resources only available via an HTTPS service
and not via unencrypted HTTP.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
For waking up the poll() use eventfd() instead of socketpair()
so we save some buffer space and one file descriptor.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
When using tickless mode, the socketpair()
seem to use heap by default on native_sim, so
add some space for it.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Add additional test cases which verify that the HTTP server code can
handle PUT/PATCH/DELETE request types.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Make sure that the socket service is properly unregistered when
dispatcher is unregistered.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Testcase uses certificates from the sample application at
samples/net/sockets/http_server. These were modified and moved into a
different folder by a previous commit, causing a build failure in the
test.
Testcase updated to:
- use new path to certificates
- update available cipher suites, since certificates now use ECDSA
- update expected hostname in certificate
The CA certificate in the sample app is also converted to .der format
for inclusion in the test (the content is exactly the same as the PEM
version, just converted to DER).
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Convert them to native YAML lists. Support for space-separated
lists was deprecated in Twister a long time ago.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Concurrent HTTP POST requests on different HTTP2 concurrent streams
require that the client's header_capture_context is re-used to capture
headers on a second stream before all of the body data has been received
(and sent to the application) on the first stream.
As a result, any captured headers must be sent to the application
callback before any headers can be received on a different stream. In
practice this means that for HTTP2 the application callback is called
for the first time on receiving a headers frame, before any data frames
are received. All subsequent application callbacks will not include the
request header data.
While this mechanism is not necessary for HTTP1, it is also updated to
only send headers in the first application callback for consistency.
Fixes#82273
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Add collector parameter to metric creation macros so that it
is possible to bind the metric to collector already at built
time.
Also add optional user_data to metric macro calls so that user
can add optional data there. This will be used by network statistics
Prometheus support in subsequent commits.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
