This commit adds an option to store OpenThread settings in RAM for the
case where the flash driver is not available. This can be useful
for testing openthread on new platforms which are still under
development.
Signed-off-by: Lukasz Maciejonczyk <lukasz.maciejonczyk@nordicsemi.no>
Transports should close the socket in case of `setsockopt()` failure,
otherwise we end up with a leaked socket, as it won't be closed
elsewhere.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Simplify common `getsockname()` implementation by using VTABLE_CALL()
macro, in the same way as other socket calls do. This additionally
allows to cover the case, when `getsockname()` is not implemnented by
particular socket implementation, preventing the crash.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The supported protocol must be delivered to the firmware update object
as optional, then configured in the application.
This information is device/server dependent so does not can be fixed
in library.
Signed-off-by: Jair Jack <jack@icatorze.com.br>
Replace unpacked in6_addr structures with raw buffers in net_ipv6_hdr
struct, to prevent compiler warnings about unaligned access.
Remove __packed parameter from `struct net_6lo_context` since the
structure isn't really serialized.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Replace unpacked in_addr structures with raw buffers in net_ipv4_hdr
struct, to prevent compiler warnings about unaligned access.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Added an observe callback so that the application can register to
receive events like observer added/deleted, and notification acked/
timed out. The notifications can be traced back to the exact data
contained within them by use of the user_data pointer.
Fixes#38531.
Signed-off-by: Maik Vermeulen <maik.vermeulen@innotractor.com>
Add an option in MQTT client context to take advantage of the
"TLS_CERT_NOCOPY" option when using TLS socket transport.
Signed-off-by: Lucas Dietrich <ld.adecy@gmail.com>
Add TLS socket option "TLS_CERT_NOCOPY" to prevent the copy of
certificates to mbedTLS heap if possible.
Add support to provide a chain of DER certificates by registering
them with multiple tags.
Signed-off-by: Lucas Dietrich <ld.adecy@gmail.com>
Update the macro prototype to explicitly require the length of the
desired user data. Update all in-tree usage of this macro.
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
Update the macro prototype to explicitly require the length of the
desired user data. Update all in-tree usage of this macro.
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
In case the payload and header size exceeded the network MTU size,
`websocket_send_msg()` would only send a part of the payload,
effectively leading to erronous results if called again to send the
rest. Fix the issue, by calling `sendmsg()` in a loop internally in case
it did not manage to send the entire websocket message in a single call.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
OpenThread has changed it's behaviour in terms of prompt printing in the
CLI module. Previously it was only printed on the UART CLI backend, now
it's printed on every CLI backend. This results in a double prompt being
printed when combined with Zephyr shell (one from OT and other form
Zephyr).
This commit adds a temporary fix to prevent OT prompt from being printed
in Zehpyr shell. As a long term solution we should add an option to
OpenThread to allow to disable prompt on the output.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
During stack reset in RCP, the mac keys are resseting my calling
otPlatRadioSetMacKey with aKeyId == 0. aKeyId == 0 was not handling
properly since it is not valid for mac keys. This commit fixes it.
Signed-off-by: Lukasz Maciejonczyk <lukasz.maciejonczyk@nordicsemi.no>
Change the wording of the warning printed when there is no entropy to
hopefully remove any doubt that there might be security in TLS without
an entropy source. TLS connections with insufficient entropy are
trivially decodable, and should not be relied on for any type of
security.
Signed-off-by: David Brown <david.brown@linaro.org>
net: lwm2m: When mbedtls CONFIG_MBEDTLS_SERVER_NAME_INDICATION is
enabled, a destination hostname must be passed to socket to properly
connect do lwm2m server.
Passing lwm2m context to lwm2m_parse_peerinfo
Signed-off-by: Jair Jack <jack@icatorze.com.br>
The device service creates a notification of the current time resource
every 10s. This commit adds the possibility to change this timer to a
different value thus giving more control over the way the device object
is notified.
Signed-off-by: Sebastian Salveter <sebastian.salveter@grandcentrix.net>
Firmware Update object did not initialise resources PkgName,
PkgVersion and Firmware Update Protocol Support. Initialise
Firmware Update Protocol Support on creation and report CoAP
as default transfer protocol.
Signed-off-by: Marin Jurjević <marin.jurjevic@hotmail.com>
`engine_remove_observer_by_path()` was not updated during some recent
LwM2M observer changes, still using the `engine_observer_list` which got
moved into the `lwm2m_context` structure. Update the function to align
with these changes.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
`ztls_socket_data_check()` function ignored a fact when
`mbedtls_ssl_read()` indicated that the underlying TCP connection was
closed. Fix this by returning `-ENOTCONN` in such case, allowing
`poll()` to detect such event.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Loop by LOOP_DIVIDER counts instead of the number of seconds
specified in the timeout.
Fixes#39672
Signed-off-by: Paul Gautreaux <paulgautreaux@fb.com>
There is no need to veirfy the result value of the strtol() operation,
as we copy the result to a 64 bit buffer anyway.
CID: 240696
Fixes#39810
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add a function to update the coap block context from a
packet, according to the block option enum provided.
The existing coap_next_block does not handle block1 transfers
properly because we need to inspect the block1 option
returned by the server. This function is reworked to make use
of the newly introduced one.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
According to RFC-7959:
When uploading with coap block1 requests the server may respond
with a size1 option (together with the response code 4.13).
This to indicate the maximum size the server is able and willing
to handle.
This commit changes the total_size in the current block context
being handled to the optional size1 option value from the server.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
The OpenThread stack uses uint32_t to calculate expiry time for
alarms, while comparing to zephyr's uint64_t uptime.
This commit fixes broken milliseconds alarms after ~49.7 days of
uptime.
Fixes#39704
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
Based on on RFC 8132 -
PATCH and FETCH Methods for the Constrained Application Protocol (CoAP)
Signed-off-by: Veijo Pesonen <veijo.pesonen@nordicsemi.no>
Based on on RFC 8132 -
PATCH and FETCH Methods for the Constrained Application Protocol (CoAP)
Signed-off-by: Veijo Pesonen <veijo.pesonen@nordicsemi.no>
With the introduction of `EXPERIMENTAL` and `WARN_EXPERIMENTAL` in
Zephyr all subsys/net and drivers/ethernet/Kconfig.e1000 settings
having `[EXPERIMENTAL]` in their prompt has has been updated to include
`select EXPERIMENTAL` so that developers can enable warnings when
experimental features are enabled.
The following settings has EXPERIMENTAL removed as they are considered
mature:
- NET_OFFLOAD
- NET_PROMISCUOUS_MODE
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
The condition checks whether the connection was established or not. The
return value should reflect that.
Signed-off-by: Caspar Friedrich <c.s.w.friedrich@gmail.com>
OpenThread has lately got an option to provide a custom
crypto backend that replaces the default, based on mbedTLS
API. Implement a backend based on ARM PSA crypto API that
is better suited for applications willing to take advantage
of the ARM trust zone technology.
Add Kconfig option: OPENTHREAD_CRYPTO_PSA_ENABLE which
enables that backend.
Also, another Kconfig option:
OPENTHREAD_PLATFORM_KEY_REFERENCES_ENABLE, implied by the
former, which enables usage of key references instead of
literal keys in OpenThread. It will eventually allow
OpenThread applications to keep sensitive data such as
encryption keys in the secure storage, accessible from the
secure world only.
Signed-off-by: Damian Krolik <damian.krolik@nordicsemi.no>
If a firmware update is fetched from a server, and no port number is set
in the URI (e.g. coap://example.com/fw_update), the client will try
to connect on the port specified by CONFIG_LWM2M_PEER_PORT.
If a port different from the peer port is to be used for firmware
update, this has to be set explicitly in the URI:
coap://example.com:5683/fw_update.
This fix adds CONFIG_LWM2M_FIRMWARE_PORT, which will be used when
fetching a firmware update without specifying the port number in the
URI.
Signed-off-by: Tjerand Bjornsen <tjerand.bjornsen@nordicsemi.no>
Replace the custom float32_value_t LwM2M type with native double, to
facilitate LwM2M API and improve floating point precission.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The irq_lock() usage here is incompatible with SMP systems, and one's
first reaction might be to convert it to a spinlock.
But are those irq_lock() instances really necessary?
Commit 6161ea2542 ("net: socket: socketpair: mitigate possible race
condition") doesn't say much:
> There was a possible race condition between sock_is_nonblock()
> and k_sem_take() in spair_read() and spair_write() that was
> mitigated.
A possible race without the irq_lock would be:
thread A thread B
| |
+ spair_write(): |
+ is_nonblock = sock_is_nonblock(spair); [false]
* [preemption here] |
| + spair_ioctl():
| + res = k_sem_take(&spair->sem, K_FOREVER);
| + [...]
| + spair->flags |= SPAIR_FLAG_NONBLOCK;
| * [preemption here]
+ res = k_sem_take(&spair->sem, K_NO_WAIT); [-1]
+ if (res < 0) { |
+ if (is_nonblock) { [skipped] }
* res = k_sem_take(&spair->sem, K_FOREVER); [blocks here]
| + [...]
But the version with irq_lock() isn't much better:
thread A thread B
| |
| + spair_ioctl():
| + res = k_sem_take(&spair->sem, K_FOREVER);
| + [...]
| * [preemption here]
+ spair_write(): |
+ irq_lock(); |
+ is_nonblock = sock_is_nonblock(spair); [false]
+ res = k_sem_take(&spair->sem, K_NO_WAIT); [-1]
+ irq_unlock(); |
* [preemption here] |
| + spair->flags |= SPAIR_FLAG_NONBLOCK;
| + [...]
| + k_sem_give(&spair->sem);
| + spair_read():
| + res = k_sem_take(&spair->sem, K_NO_WAIT);
| * [preemption here]
+ if (res < 0) { |
+ if (is_nonblock) { [skipped] }
* res = k_sem_take(&spair->sem, K_FOREVER); [blocks here]
In both cases the last k_sem_take(K_FOREVER) will block despite
SPAIR_FLAG_NONBLOCK being set at that moment. Other race scenarios
exist too, and on SMP they are even more likely.
The only guarantee provided by the irq_lock() is to make sure that
whenever the semaphore is acquired then the is_nonblock value is always
current. A better way to achieve that and be SMP compatible is to simply
move the initial sock_is_nonblock() *after* the k_sem_take() and remove
those irq_locks().
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
While adding support for service type enumeration, a regression was
introduced which prevented mDNS ptr query responses.
1. There was an off-by-one error with label size checking
2. Valid queries were failing to match in `dns_rec_match()` due to
not checking for either NULL or 0 "wildcard" port
Fixes#39284
Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
From the OMA LwM2M Object and Resource Registry: "When the single Device
Object Instance is initiated, there is only one error code Resource
Instance whose value is equal to 0 that means no error."
This fix creates that initial error code resource instance, and makes
sure that it doesn't get deleted by the Reset Error Code resource.
Signed-off-by: Tjerand Bjornsen <tjerand.bjornsen@nordicsemi.no>
Mbed TLS 3.0 removes the definition for MBED_ERR_SSL_PEER_VERIFY_FAILED,
since non of its code ever returns that value. Since there isn't really
a perfect response, instead return a somewhat generic response
indicating this was unexpected.
Signed-off-by: David Brown <david.brown@linaro.org>
Several fields of structures in mbedTLS 3.0 are now private. To access
them directly is necessary to define MBEDTLS_ALLOW_PRIVATE_ACCESS.
That is a temporary fix, the proper solution is not access directly
but using proper API.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Implements mechanism similar to the one available in net/lib/sockets.c
(since the merge of #27054) in sockets_can to enable parallel rx/tx.
Fixes#38698
Signed-off-by: Mateusz Karlic <mkarlic@internships.antmicro.com>
Add an option to force close the LwM2M connection
instead of always trying to deregister.
If on a cellular connection and the connection is dropped,
deregistering will never complete and take a long time
before retries fail. This option allows the app to close the
socket and quickly re-establish the connection when the
network connection is available again.
Signed-off-by: Ryan Erickson <ryan.erickson@lairdconnect.com>
If blockwise transfer is not in use it must be possible to send bigger
CoAP messages than what is the block size used with blockwise transfers.
To compensate for the increased memory usage number of in-flight packets
allowed could be decreased.
Signed-off-by: Veijo Pesonen <veijo.pesonen@nordicsemi.no>
...range for LWM2M_COAP_BLOCK_SIZE.
The range has been set to start from 64 bytes and now the help text has
been brought up to date.
Signed-off-by: Veijo Pesonen <veijo.pesonen@nordicsemi.no>
Support DNS-SD Service Type Enumeration in the dns_sd library
and mdns_responder sample application.
For more information, please see Section 9, "Service Type
Enumeration" in RFC 6763.
https://datatracker.ietf.org/doc/html/rfc6763Fixes#38673
Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
According to `sendmsg()` man pages, the `struct msghdr` can contain
empty records (iov_len equal to 0). Ignore them in TLS `sendmsg()`
implementation to avoid unnecessary calls to mbed TLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case zsock_sendmsg did not send all of the data requested, update the
`struct msghdr` content and retry.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When creating a socket, all of the registered socket implementation are
processed in a sequence, allowing to find appropriate socket
implementation for specified family/type/protocol. So far however,
the order of processing was not clearly defined, leaving ambiguity if
multiple implmentations supported the same set of parameters.
Fix this, by registering socket priority along with implementation. This
makes the processing order of particular socket implementations
explicit, giving more flexibility to the user, for example when it's
neeed to prioritze one implementation over another if they support the
same set of parameters.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
