Current implementation of poll prepare/update could end up busy looping
if `poll()` function was called before/during DTLS client handshake
(i. e. `poll()` called before an initial `send()`).
Fix this, by monitoring the handshake semaphore, already available in
the tls_context structure for DTLS client instead of underlying socket.
After the handshake is complete, switch to monitoring the underlying
socket instead.
For DTLS server this is not needed, since the handshake is initiated in
the `recv()` function, therefore any incoming data should trigger the
handshake.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This patch adds implementation of socket option used to get
protocol used for given socket (e.g. IPPROTO_TCP). This option
is not defined in POSIX, but it is Linux extension.
Signed-off-by: Hubert Miś <hubert.mis@nordicsemi.no>
If userspace is enabled, then the TLS context needs to be
made a NET_SOCKET kernel object. Without this the userspace
cannot access TLS sockets.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Call mbedtls_ssl_conf_max_frag_len() on created TLS context
configuration, so that Maximum Fragment Length (MFL) will be sent to
peer using RFC 6066 max_fragment_length extension. MFL value is
automatically chosen based on MBEDTLS_SSL_OUT_CONTENT_LEN and
MBEDTLS_SSL_IN_CONTENT_LEN mbed TLS macros.
This extension is mostly useful for TLS client side to tell TLS server
what is the maximum supported receive record length.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
If there are enough tls_context objects in the system (configured by
CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS), but there are not enough file
descriptors (configured by CONFIG_POSIX_MAX_FDS) to create underneath
TCP/UDP socket, then TLS socket creation fails with leaked tls_context.
Call tls_release() in ztls_socket() error path whenever underneath
TCP/UDP socket creation fails.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Adds the socket option TLS_ALPN_LIST for SOL_TLS sockets
Passes the configured alpn list to the mbedtls config
on mbedtls init
Signed-off-by: Emil Hammarstrom <emil.hammarstrom@assaabloy.com>
The timeout variable in `dtls_rx()` was initialized improperly.
Coverity ID: 214219
Fixes#28161
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Given that the offloaded poll handling differs from the poll handling of
native sockets (entire poll function call is offloaded), some
adjustements were needed to make TLS socket work with offloaded poll
calls.
To achieve this, in case socket offloading is used, instead of jumping
directly to the offloaded poll call, a TLS wrapper for the offloaded
poll will be called. This wrapper will do additional checks at the
mbedtls level, to verify that the event is only notified to the caller
when the application data is available (i. e. not to report events
during handshake or when partial data is received, not ready to
decrypt).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Separate TLS sockets implementation from net_context layer. Instead of
calling net_context functions directly, create an underlying TCP/UDP
socket, and call socket functions on it instead. This results in a
simpler design, where we don't need to duplicate specific parts of code
from the native socket implementation. Additionally, this allows to use
a different TCP/UDP stack underneath (i. e. when sockets offloading is
used).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commit adds helper function to verify protocol, which was done in
two different places in the code. The function returns the underlying
protocol information on success.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Entropy device, as being unique here, does not need to be passed through
mbedtls and can instead set static locally.
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Now that device_api attribute is unmodified at runtime, as well as all
the other attributes, it is possible to switch all device driver
instance to be constant.
A coccinelle rule is used for this:
@r_const_dev_1
disable optional_qualifier
@
@@
-struct device *
+const struct device *
@r_const_dev_2
disable optional_qualifier
@
@@
-struct device * const
+const struct device *
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
-Wimplicit-fallthrough=2 requires a fallthrough comment or a compiler
to tells gcc that this happens intentionally.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Add function pointer to vtable and use that directly instead of
routing via ioctl() call. This is done as we are trying to get
rid of ioctl() calls in the system.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Do not route close() calls via ioctl() as that is error prone
and quite pointless. Instead create a callback for close() in
fdtable and use it directly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Unit tests were failing to build because random header was included by
kernel_includes.h. The problem is that rand32.h includes a generated
file that is either not generated or not included when building unit
tests. Also, it is better to limit the scope of this file to where it is
used.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
When closing a listening socket the functions waiting on the
FIFO will be unblocked this will result in receiving a NULL child
context. If that is the case return an error instead of carrying on.
Return the same error code (EINVAL) that is returned on Linux when
calling shutdown on a blocked accept call.
Signed-off-by: Léonard Bise <leonard.bise@gmail.com>
Replace CONFIG_ENTROPY_NAME with DT_CHOSEN_ZEPHYR_ENTROPY_LABEL. We now
set zephyr,entropy in the chosen node of the device tree to the entropy
device.
This allows us to remove CONFIG_ENTROPY_NAME from dts_fixup.h. Also
remove any other stale ENTROPY related defines in dts_fixup.h files.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
TLS sockets did not increase refcount of a net_context running TCP,
which could lead to a crash upon TCP disconnection.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Make ioctl handlers of `ZFD_IOCTL_POLL_PREPARE` and
`ZFD_IOCTL_POLL_UPDATE` return an error code instead of setting errno
variable.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The TCP code expects that we know when the socket has called accept()
in order to continue connection attempt.
Fixes#21335
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Add an implementation for `sendmsg`, so secure sockets can be used
together with the WebSocket module to implement secure WebSockets
("wss").
Fixes#20431
Signed-off-by: Markus Fuchs <markus.fuchs@de.sauter-bc.com>
This reverts commit d70a854904.
The next commit fixes the original issue so this commit is no
longer needed.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This is related to commit 1a6f4a6368 ("net: tcp: Accept
connections only in LISTENING state") which made the system
to only accept new connections if the application had called
accept(). Unfortunately the TLS accept was not fixed by that
commit so we were in wrong state when accepting TLS sockets.
This commit fixes that issue.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
move misc/util.h to sys/util.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/fdtable.h to sys/fdtable.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move entropy.h to drivers/entropy.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
From POSIX.1-2017:
The getsockname() function shall retrieve the locally-bound name of the
specified socket, store this address in the sockaddr structure pointed
to by the address argument, and store the length of this address in the
object pointed to by the address_len argument.
The address_len argument points to a socklen_t object which on input
specifies the length of the supplied sockaddr structure, and on output
specifies the length of the stored address. If the actual length of the
address is greater than the length of the supplied sockaddr structure,
the stored address shall be truncated.
If the socket has not been bound to a local name, the value stored in
the object pointed to by address is unspecified.
Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
Update reserved function names starting with one underscore, replacing
them as follows:
'_k_' with 'z_'
'_K_' with 'Z_'
'_handler_' with 'z_handl_'
'_Cstart' with 'z_cstart'
'_Swap' with 'z_swap'
This renaming is done on both global and those static function names
in kernel/include and include/. Other static function names in kernel/
are renamed by removing the leading underscore. Other function names
not starting with any prefix listed above are renamed starting with
a 'z_' or 'Z_' prefix.
Function names starting with two or three leading underscores are not
automatcally renamed since these names will collide with the variants
with two or three leading underscores.
Various generator scripts have also been updated as well as perf,
linker and usb files. These are
drivers/serial/uart_handlers.c
include/linker/kobject-text.ld
kernel/include/syscall_handler.h
scripts/gen_kobject_list.py
scripts/gen_syscall_header.py
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
Poll descriptor was not incremented in poll update function in case it
was reported as not ready. In result, poll could end up processing the
same poll descriptor for every fd requested to monitor.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Rework detection of EOF on a socket, so that it can be detected in a
poll prepare that socket is in in a EOF state and poll can return
immediately.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When DTLS client was added to `poll` before/during the handshake, it
could throw errors and in some circumstances (when polling thread was
cooperative and had higher or equal priority to the handshake thread)
could lead to a deadlock in the application.
Prevent that, by blocking on handshake semaphore instead of fifo. Poll
will start using fifo for data poll only after handshake is complete.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Instead of simple bool value, use a semaphore to notify that TLS
handshake is complete. This way, we can monitor this value with k_poll.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
There are issues using lowercase min and max macros when compiling a C++
application with a third-party toolchain such as GNU ARM Embedded when
using some STL headers i.e. <chrono>.
This is because there are actual C++ functions called min and max
defined in some of the STL headers and these macros interfere with them.
By changing the macros to UPPERCASE, which is consistent with almost all
other pre-processor macros this naming conflict is avoided.
All files that use these macros have been updated.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
As extend fdtable usage to more cases, there regularly arises a need
to forward ioctl/fcntl arguments to another ioctl vmethod, which is
complicated because it defined as taking variadic arguments. The only
portable solution is to convert variadic arguments to va_list at the
first point of entry from client code, and then pass va_list around.
To facilitate calling ioctl with variadic arguments from system code,
z_fdtable_call_ioctl() helper function is added.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This commit reworks socket poll implementation to support multiple
socket implementations.
To achieve that, two ioctl poll helper requests were added:
ZFD_IOCTL_POLL_PREPARE and ZFD_IOCTL_POLL_UPDATE. The poll
implementation calls ioctl with these requests for each socket
requested in the fds table.
The first request is responsible for preparing k_poll_event objects
for specific socket. It can request to skip waiting in k_poll by
returning EALREADY through errno.
The latter request is responsible for processing outcome of k_poll for
each socket. It can request to retry the k_poll by returning EAGAIN
through errno.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Implement extended socket vtable for TLS sockets, therefore allowing to
integrate the implementation with socket subsystem.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Remove network specific default and max log level setting
and start to use the zephyr logging values for those.
Remove LOG_MODULE_REGISTER() from net_core.h and place the
calls into .c files. This is done in order to avoid weird
compiler errors in some cases and to make the code look similar
as other subsystems.
Fixes#11343Fixes#11659
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
