Not checking return code in fcntl can result in interpreting -1 as
flags, and cause unexpected behaviour.
Fixes#35541
Signed-off-by: Emil Lindqvist <emil@lindq.gr>
The k_fifo_ prefix is meant for kernel API functions, and
not to our socket helper. So remove the k_ prefix in order
to avoid confusion.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we are waiting all the data i.e., the MSG_WAITALL flag is set,
then if we have not yet received all the data at the end of the
receive loop. We must use the condition variable to get the signal
when the data is ready to be received. Otherwise the receive loop
will not release the socket lock and receive_cb will not be able
to indicate that data is received.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Fix a regression when application is waiting data but does
not notice that because socket layer is not woken up.
This could happen because application was waiting condition
variable but the signal to wake the condvar came before the
wait started. Normally if there is constant flow of incoming
data to the socket, the signal would be given later. But if
the peer is waiting that Zephyr replies, there might be a
timeout at peer.
The solution is to add locking in socket receive callback so
that we only signal the condition variable after we have made
sure that the condition variable is actually waiting the data.
Fixes#34964
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
In Mbed TLS:
commit eccd88871767e2fba5f3a079cfdfcb77c376cf20
Author: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue Mar 10 12:19:08 2020 +0100
Rename identifiers containing double-underscore
changes the name of a symbol we use. As part of upgrading to newer
versions of Mbed TLS, change the name of the symbol we use.
A better fix would be to not use this symbol at all, and perhaps define
our own symbol the same way this internal symbol is defined within the
library.
Signed-off-by: David Brown <david.brown@linaro.org>
zsock_select() cannot poll file descriptors with number >= 32.
When a whole word in FD_SET was skipped due to being empty,
corresponding fd number was not updated, leading to wrong
fd's being passed to poll().
Fixes#34563
Signed-off-by: Chih Hung Yu <chyu313@gmail.com>
This value is used to measure the RX/TX statistics. The previous
use of the timestamp field did not work in RX path as the timestamp
value could be overwritten by the driver if gPTP timestamping
is enabled. So to fix the RX statistics, use a separate field
for the create time.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This option was only able to collect statistics of transmitted
data. The same functionality is available if one sets the
CONFIG_NET_PKT_RXTIME_STATS and/or CONFIG_NET_PKT_TXTIME_STATS
options.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The RX statistics might not get updated properly because the used
ifdef was referring the TX options.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Zephyr socket subsystem has come a long way since initial experimental
alternative to internal Zephyr networking API. Its configuration also
mirrors the usual conservative approach, where a user needs to
explicitly enable options to get "more" features. And as an
experimental API, socket subsystem was initially developed as
namespaced API, where all functions/structures are prefixed with
"zsock_", and to get standard names, CONFIG_NET_SOCKETS_POSIX_NAMES
needs to be set (or alternatively, CONFIG_POSIX_API needs to be, which
enabled full POSIX subsys overall).
However, a few years later, sockets are the standard networking API,
and in majority of cases its used under the standard POSIX names.
Necessity to explicitly set an option to achieve this effects, and
confusion which results from it - are just unneeded chores for users.
So, switch CONFIG_NET_SOCKETS_POSIX_NAMES to be on by default (unless
CONFIG_POSIX_API is already defined). It still can be explicitly
disabled if needed (but usecases for that would be peculiar and rare).
Addresses #34165
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Implement SO_BINDTODEVICE socket option which allows to bind an open
socket to a particular network interface. Once bound, the socket will
only send and receive packets through that interface.
For the TX path, simply avoid overwriting the interface pointer by
net_context_bind() in case it's already bound to an interface with an
option. For the RX path, drop the packet in case the connection handler
detects that the net_context associated with that connection is bound to
a different interface that the packet origin interface.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
An option has been added which can be passed to setsockopt
which allows the user to set & get the dtls handshake timeout,
either before first handshake or online.
Signed-off-by: Emil Lindqvist <emil@lindq.gr>
With these changes, dial up Zephyr application/driver can use
socket(AF_PACKET, SOCK_RAW, IPPROTO_RAW) for creating
a socket for sending/receiving data to/from ppp net link, i.e.
packet is going to/from PPP L2.
Signed-off-by: Jani Hirsimäki <jani.hirsimaki@nordicsemi.no>
Current implementation of poll prepare/update could end up busy looping
if `poll()` function was called before/during DTLS client handshake
(i. e. `poll()` called before an initial `send()`).
Fix this, by monitoring the handshake semaphore, already available in
the tls_context structure for DTLS client instead of underlying socket.
After the handshake is complete, switch to monitoring the underlying
socket instead.
For DTLS server this is not needed, since the handshake is initiated in
the `recv()` function, therefore any incoming data should trigger the
handshake.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When recvfrom() was called with src_addr != NULL, then source address
was fetched from beginning of net_pkt. This works with native IP stack
obviously. However with offloaded IP stack there is no IP header, so
trying to parse missing IP header results in undefined behavior.
Check if network interface has offloaded IP stack. If positive, then
figure out if there is assigned remote address to network context on
which packet was received. Return this remote address, which SHOULD be
the source address of received packet. Otherwise, return an error.
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
There was no close method implemented for AF_PACKET type
sockets. This meant that calling close() on packet socket
caused NULL pointer access.
This will allow #32949 issue to work properly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Implement MSG_WAITALL flag for stream sockets. Setting this flag on
`recv()` call will make it wait until the requested amount of data is
received.
In case both, MSG_WAITALL all is set and SO_RCVTIMEO option configured
on a socket, follow the Linux behavior, i. e. when the requested amount
of data is not received until the timeout expires, return the data
received so far w/o an error.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Currently there is no way to distinguish between a caller
explicitly asking for a semaphore with a limit that
happens to be `UINT_MAX` and a semaphore that just
has a limit "as large as possible".
Add `K_SEM_MAX_LIMIT`, currently defined to `UINT_MAX`, and akin
to `K_FOREVER` versus just passing some very large wait time.
In addition, the `k_sem_*` APIs were type-confused, where
the internal data structure was `uint32_t`, but the APIs took
and returned `unsigned int`. This changes the underlying data
structure to also use `unsigned int`, as changing the APIs
would be a (potentially) breaking change.
These changes are backwards-compatible, but it is strongly suggested
to take a quick scan for `k_sem_init` and `K_SEM_DEFINE` calls with
`UINT_MAX` (or `UINT32_MAX`) and replace them with `K_SEM_MAX_LIMIT`
where appropriate.
Signed-off-by: James Harris <james.harris@intel.com>
This patch adds implementation of socket option used to get
protocol used for given socket (e.g. IPPROTO_TCP). This option
is not defined in POSIX, but it is Linux extension.
Signed-off-by: Hubert Miś <hubert.mis@nordicsemi.no>
This patch adds implementation of socket option used to get
type of given socket (e.g. SOCK_STREAM).
Signed-off-by: Hubert Miś <hubert.mis@nordicsemi.no>
If userspace is enabled, then the TLS context needs to be
made a NET_SOCKET kernel object. Without this the userspace
cannot access TLS sockets.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
With this patch the resolver module can resolve literal IPv6
and IPv4 addresses even when DNS client is not presnet in
the system.
Signed-off-by: Hubert Miś <hubert.mis@nordicsemi.no>
If getaddrinfo() was called with AI_PASSIVE flag in hints,
returned address defaulted to SOCK_STREAM and IPPROTO_TCP.
Fixed so that SOCK_DGRAM leads to correct address type
that can be fed to bind() directly.
Same hard coding was visible when numerical IPv4 address string
was converted to binary. That is also fixed to respect hints now.
Also, added functionality to get IPv6 address, when hints contained
AF_INET6.
Fixes#30686
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Because unoconnected stream socket doesn't have any chance to receive
any data, so a blocking recv() would hang forever on it (and does
without this change).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Call mbedtls_ssl_conf_max_frag_len() on created TLS context
configuration, so that Maximum Fragment Length (MFL) will be sent to
peer using RFC 6066 max_fragment_length extension. MFL value is
automatically chosen based on MBEDTLS_SSL_OUT_CONTENT_LEN and
MBEDTLS_SSL_IN_CONTENT_LEN mbed TLS macros.
This extension is mostly useful for TLS client side to tell TLS server
what is the maximum supported receive record length.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
If there are enough tls_context objects in the system (configured by
CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS), but there are not enough file
descriptors (configured by CONFIG_POSIX_MAX_FDS) to create underneath
TCP/UDP socket, then TLS socket creation fails with leaked tls_context.
Call tls_release() in ztls_socket() error path whenever underneath
TCP/UDP socket creation fails.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Adds the socket option TLS_ALPN_LIST for SOL_TLS sockets
Passes the configured alpn list to the mbedtls config
on mbedtls init
Signed-off-by: Emil Hammarstrom <emil.hammarstrom@assaabloy.com>
If there is no space in the sending window, then return -EAGAIN
so that the caller may try later.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we run out of network buffers and cannot send data, and if
we have a blocking socket, then wait until new buffers are
available before returning. As this might lead to deadlock,
wait only max 10 seconds and return ENOMEM if we cannot get
buffers in a reasonable amount of time.
Fixes#28216
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The timeout variable in `dtls_rx()` was initialized improperly.
Coverity ID: 214219
Fixes#28161
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This new option allows to include `sockets_tls.c` into the build when
socket offloading is enabled.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Given that the offloaded poll handling differs from the poll handling of
native sockets (entire poll function call is offloaded), some
adjustements were needed to make TLS socket work with offloaded poll
calls.
To achieve this, in case socket offloading is used, instead of jumping
directly to the offloaded poll call, a TLS wrapper for the offloaded
poll will be called. This wrapper will do additional checks at the
mbedtls level, to verify that the event is only notified to the caller
when the application data is available (i. e. not to report events
during handshake or when partial data is received, not ready to
decrypt).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Separate TLS sockets implementation from net_context layer. Instead of
calling net_context functions directly, create an underlying TCP/UDP
socket, and call socket functions on it instead. This results in a
simpler design, where we don't need to duplicate specific parts of code
from the native socket implementation. Additionally, this allows to use
a different TCP/UDP stack underneath (i. e. when sockets offloading is
used).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commit adds helper function to verify protocol, which was done in
two different places in the code. The function returns the underlying
protocol information on success.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Entropy device, as being unique here, does not need to be passed through
mbedtls and can instead set static locally.
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Now that device_api attribute is unmodified at runtime, as well as all
the other attributes, it is possible to switch all device driver
instance to be constant.
A coccinelle rule is used for this:
@r_const_dev_1
disable optional_qualifier
@
@@
-struct device *
+const struct device *
@r_const_dev_2
disable optional_qualifier
@
@@
-struct device * const
+const struct device *
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Allow user to create SOCK_DGRAM type AF_PACKET socket. This
allows user to send raw IP packets without specifying
L2 (like Ethernet) headers.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
-Wimplicit-fallthrough=2 requires a fallthrough comment or a compiler
to tells gcc that this happens intentionally.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
When verifying the parameters check NULL value separately.
This will avoid nasty warning message to be printed.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Add function pointer to vtable and use that directly instead of
routing via ioctl() call. This is done as we are trying to get
rid of ioctl() calls in the system.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Do not route close() calls via ioctl() as that is error prone
and quite pointless. Instead create a callback for close() in
fdtable and use it directly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
