In enum tcp_state {}, the CLOSED state was put at the last one.
When we do Sequence & Ack validation, we will need to skip the
CLOSED, LISTEN, SYNSENT states. It is easier for coding if we
put the CLOSED to the front, e.g. if state > SYNSENT. And, in
other OSes, the state sequence is normally defined like this.
Signed-off-by: Shrek Wang <inet_eman@outlook.com>
Don't reference `net_if_get_by_iface` if `CONFIG_NET_RAW_MODE=y`, since
`net_if.c` is not compiled in that case, leading to linker errors.
Signed-off-by: Jordan Yates <jordan@embeint.com>
Useful to see what prefix is being selected for a given
IPv6 address if debugging is enabled.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Always prefer preferred IPv6 address over deprecated one
regardless of prefix length. This works now same way as in
Linux.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
According to RFC793 chapter3.5 with the 'Reset Processing' part,
"In the SYN-SENT state (a RST received in response to an initial
SYN), the RST is acceptable if the ACK field acknowledges the SYN."
So, in the net_tcp_reply_rst() we should use 'ack++' if no ACK
flag but have SYN flag.
And, all the RST packet should use net_tcp_reply_rst() instead of
tcp_out().
Signed-off-by: Shrek Wang <inet_eman@outlook.com>
Add missing curly braces in if/while/for statements.
This is a style guideline we have that was not enforced in CI. All
issues fixed here were detected by sonarqube SCA.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
The NULL-pkt parameter for tcp_in() was designed for generating
a SYN packet to start the 1st TCP handshake. It is only used
in net_tcp_connect() and tp_input().
To simplify the tcp_in() code logic and make it better under-
standable, a tcp_start_handshake() is added for net_tcp_connect()
and tp_input() to use. Thus, the tcp_in() only handles the in-
coming TCP packets.
Signed-off-by: Shrek Wang <inet_eman@outlook.com>
MLD APIs are commonly used across the codebase to configure IPv6
multicast addresses on network interfaces. Sending MLD reports however
works only for native interfaces as it uses low-level APIs. Therefore,
in order to make the APIs at least semi-functional for offloaded
interfaces as well (i.e. allow to configure multicast address on
the interface), return early in case interface is offloaded.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
IGMP APIs are commonly used across the codebase to configure IPv4
multicast addresses on network interfaces. Sending IGMP reports however
works only for native interfaces as it uses low-level APIs. Therefore,
in order to make the APIs at least semi-functional for offloaded
interfaces as well (i.e. allow to configure multicast address on
the interface), return early in case interface is offloaded.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Each incoming TCP packet has been completely handled in current
state. No need to do further process by 'goto next_state'.
Signed-off-by: Shrek Wang <inet_eman@outlook.com>
According to TCP Spec. RFC793, ACK flag should be always set
after sequences of both sides are sync-ed except for RST seg-
ment. It is not necessary to send FIN only packet in the
test case, using FIN | ACK instead.
Similarly, change the tcp_out(conn, FIN | ACK) in CLOSE_WAIT.
Signed-off-by: Shrek Wang <inet_eman@outlook.com>
warning: format '%d' expects argument of type 'int', but argument 3 has
type 'size_t' {aka 'long unsigned int'} [-Wformat=]
Change the printf modifier to %zd for size_t variable will resolve the
warning.
Signed-off-by: Vijayakannan Ayyathurai <vijayakannan.ayyathurai@intel.com>
Default binding should take place before we actually make use of the
local address when registering packet socket "connection".
Also, instead of hard coding the protocol for default binding to
ETH_P_ALL, use the protocol that the socket was created with.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In order to be able to receive packets on unbound packet sockets (which
should collect packet from all interfaces in such case), it's needed to
register receive callback at the socket layer as soon as the socket is
created.
In additional to that, the default binding for packet sockets need to be
revisited. Packet socket should not be bound to the default interface,
as this way the socket would only be receiving packets from that
particular interface. Instead, leave the interface unspecified in such
case.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Allow to update the local address on a registered connection when
rebinding.
This is needed for packet sockets, as by default packet socket
will be bound to "any" interface (interface index 0), and interface
index is part of the local address registered for packet socket.
In order to be able to explicitly bind to a specific interface later, it
needs to be possible to update the local address registered for the
connection, as we need to update the interface index, which is used
by net_conn_packet_input() for packet filtering.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
keep_alive_timer_restart() only works in ESTABLISHED state. In
tcp_in() SYN_SENT and SYN_RECEIVED state, it won't work by calling
this function. So remove the call in that 2 states while adding it
in the bottom after changing the conn->state to ESTABLISHED.
Signed-off-by: Shrek Wang <inet_eman@outlook.com>
This adjust the IPv6 source address selection so that it is possible
to select deprecated IPv6 address if no better preferred address is found.
From RFC 6724 chapter 5:
Rule 3: Avoid deprecated addresses.
If one of the two source addresses is "preferred" and one of them is
"deprecated" (in the RFC 4862 sense), then prefer the one that is
"preferred".
Rule 8: Use longest matching prefix.
If CommonPrefixLen(SA, D) > CommonPrefixLen(SB, D), then prefer SA.
Similarly, if CommonPrefixLen(SB, D) > CommonPrefixLen(SA, D), then
prefer SB.
So the fix allows deprecated address to be selected if it is a better
match than the preferred one. The reasoning here is that an address with
a longer matching prefix is generally considered topologically closer to
the destination. Using such a source address can lead to more efficient
routing, as it's more likely that the source and destination are within
the same network segment or a closely related one.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Make sure RS process is stopped if network interface goes down
as there is no point doing it any more.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
It might happen that if the network interface is going up/down
fast enough, the RS timer could get inserted to the active RS
timer list twice. This would then cause a forever loop in
rs_timeout() when traversing the active list.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Update `net_arp_prepare` to return a return code instead of a pointer,
so that the various results of the function can be differentiated.
Signed-off-by: Jordan Yates <jordan@embeint.com>
Print a warning if sending a packet on the L2 interface fails. Currently
this is completely silent unless `NET_DBG` is enabled and the `context`
parameter is provided.
Signed-off-by: Jordan Yates <jordan@embeint.com>
The new DSA framework purpose and changes are as below.
- Aligned to Linux DSA framework which has been already mature framework
for many years, For now in zephyr, the DSA components were splited
as: switch, port, master(not need driver file for now), slave, and tag.
Seperated drivers were used for maintaining and developing new
features.
- The unified dts bindings (aligned to linux) were supported. The port
driver would parse DTS to decide the port type (master port, slave
port, or cpu port) to set up the switch. All the ports registered as
standard ethernet devices. (dsa port and dsa switch tree was not
supported.)
- How to add DSA device driver based on the framework? All the device
driver needing to do is providing dsa_spi implementation and private
data, and calling below initialization.
DSA_INIT_INSTANCE(n, _dapi, data)
- For switch tag case, recv/xmit helpers in dsa_api could be used for
taging/untagging. No modified ethernet drivers.
For no-tag type case, ethernet driver of master port should support
packet injection/extraction for slave ports leaving NULL recv/xmit.
The dsa_nxp_imx_netc.c driver will be the first example of the new DSA
framework.
The future work for DSA will be supporting bridge for ports. We may align
Linux to give users two options to use DSA device:
- Standalone mode: the switch ports work as regular ethernet ports.
- Bridge mode: switch mode with virtual bridge device which could be
assigned IP address.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Current DSA TX/RX way was hard-coded in ethernet devices driver
with ETH_DSA_SUPPORT and NET_DSA.
This patch is to make such way obsolete, as we actually will support
a better DSA framework to handle this in NET/DSA core driver.
To make legacy devices not affected, below options are used instead.
- ETH_DSA_SUPPORT_DEPRECATED
- NET_DSA_DEPRECATED
Once the legacy devices are converted to new DSA framework, this code
could be removed.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Part of the socket matching criteria for AF_PACKET family took place
inside conn_raw_socket() function, and some of it was redundant with
what already was checked in net_conn_packet_input(). Moreover, if the
packet cloning for packet socket failed for whatever reason, the packet
was reported as NET_DROP, which was confusing.
Finally, conn_raw_socket() updated network stats, which didn't really
work as net stats are only collected for UDP/TCP protocols and not for
L2 level protocols.
Therefore, cleanup the processing by:
* Moving all socket matching criteria into net_conn_packet_input()
for clarity,
* Drop unneeded net stats functions,
* Clarify NET_DROP strategy for packet socket input.
net_conn_packet_input() should only be responsible for delivering
packets to respective packet sockets, it should not decide whether
to drop the packet or not - it's L2/L3 processing code
responsibility. Therefore, assume this function forwards packet for
further processing by default, and only allow small optimization to
return NET_OK if the packet socket was really the only endpoint in
the system.
* And finally, since now conn_raw_socket() responsibility was to clone
the packet for the respective socket, and was almost identical to a
corresponding function for raw IP sockets, unify the two functions.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The current implementation of net_conn_input() can accept different
packet types, with completely different processing code, resulting in a
function which is pretty bloated, sliced with conditionally enabled code
and hard to understand and therefore maintain.
This commit splits that function into smaller ones, specialized for
different packet types (and entry levels). The following functions have
been extracted from the original one:
- net_conn_packet_input() for early packet processing (covering
AF_PACKET family sockets)
- net_conn_raw_ip_input() for raw IP packets processing (covering
AF_INET(6)/SOCK_RAW sockets)
- net_conn_can_input() for CAN packets processing (covering AF_CAN
family sockets)
The net_conn_input() function stripped from above cases now only takes
care of packets that have been processed by respective L4 and are
intended for regular TCP/UDP sockets.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
After L2 processing, the LL protocol type is already known and should be
set accordingly on the packet. Therefore it can be passed to the
net_packet_socket_input() function to allow proper socket filtering
based on protocol.
Additionally, as LL protocol type is 16 bit value, fix the proto
parameter type in net_packet_socket_input().
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Make sure that when sendto is being used without the socket being bound
before, a correct interface is used for transmission. As
zpacket_sendto_ctx() calls net_context_recv() to register receive
callback before sending, a default binding was used by the context
layer, which would bind the socket to the default interface. This could
lead to unexpected results, i.e. packet being sent on a default
interface, even though a different one was specified.
Make also sure that there is no ambiguity in the interface selection -
the application should be explicitly clear what interface it wants to
use when it comes to packet sockets. It's better to return an error if
no valid interface was specified.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
According to AF_PACKET man pages protocol number 0 is allowed, however
in such case the socket is only capable of transmitting packets then:
"If protocol is set to zero, no packets are received."
Therefore, allow to create sockets with such protocol, and at the
connection.c level filter out such sockets from data reception.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add a "net filter" command that will allow user to see the
current network packet filter configuration.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
As the network packet filter drops packets without any indication
that the packet is dropped, it can be difficult to monitor what
is going on in the system when receiving data. The user can
now monitor the statistics and see if packets are being dropped
because of packet filter activity.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Increase the verbosity of the message when there is no source address
in `net_context_create_ipv4_new`. This is likely the first failure point
when attempting to send data on an interface that has not yet been
assigned an IP address. Burying the fault at the DBG level makes it much
more time consuming to determine the root cause of this error.
Signed-off-by: Jordan Yates <jordan@embeint.com>
IPPROTO_RAW is not a valid protocol type for AF_PACKET sockets, which
should only use IEEE 802.3 protocol numbers. Therefore remove support
for this type of sockets.
As an alternative, users can use AF_PACKET/SOCK_DGRAM or
AF_INET(6)/SOCK_RAW, depending on the actual use case.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Introduce changes in the networking stack which allow to create raw IP
sockets, so that applications can send and receive raw IP datagrams.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Register connection type along with family and protocol, so that it's
possible to differentiate between connection listening for raw IP
datagrams and TCP/UDP/other packets.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add CONFIG_NET_CONN_PACKET_CLONE_TIMEOUT to allow for longer
timeouts. This can be used to prevent dropping packets when
transmitting large amounts of data (with PPP).
Signed-off-by: Markus Lassila <markus.lassila@nordicsemi.no>
This is a hack that is used until we have proper IP routing
in place. The code has now special check that makes sure that
we only route IP packets to VPN interface when the packet is
destined to that subnet. So if destination IP address does
not belong to VPN interface subnet, it is not routed there.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Instead of calling various network interface API functions to get
the network interface and related source IP address, have a single
function that can return both data.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add support for the IP_MULTICAST_LOOP socket option to control
multicast packet loopback.
Signed-off-by: AbdElRahman Khalifa <abdelrahman.5alifa@gmail.com>
Add support for the IPV6_MULTICAST_LOOP socket option.
This option allows enabling or disabling the consumption of multicast
packets by the sender. By default, the socket option will be enabled.
Co-authored-by: Pieter De Gendt <pieter.degendt@gmail.com>
Signed-off-by: Sayooj K Karun <sayooj@aerlync.com>
We drop the packet if TTL or hop limit is 0, but we should
also unref the packet in this case because we return 0 to
the caller which is not then able to free the packet because
it thinks that the packet was sent properly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The check_ip() in net_core.c did not check that the packet
Ethernet type is either IPv4 or IPv6. This meant that we for
example checked TTL also for ARP packets which is pointless as
those are not IPv4 packets.
Fix this by checking the link layer protocol type of the packet
to be either IPv4 or IPv6 before doing L3 checks.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Adding a helper to parse one or more IPv4/6 strings with optional
netmask or prefix length.
Example of the string:
2001:db8::1/64,192.0.2.1,2001:db8::2,192.0.2.2/24
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Set NET_ADDR_PREFERRED before network event is generated, so that conn_mgr
properly generates NET_EVENT_L4_CONNECTED and NET_EVENT_L4_IPV6_CONNECTED
events.
Fixes: 1a5e13a79b ("net: if: Release the interface lock early when
starting IPv4 ACD")
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
Set NET_ADDR_PREFERRED before network event is generated, so that conn_mgr
properly generates NET_EVENT_L4_CONNECTED and NET_EVENT_L4_IPV4_CONNECTED
events.
Fixes: 1a5e13a79b ("net: if: Release the interface lock early when
starting IPv4 ACD")
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
Previously the net_linkaddr struct had pointers to the link address.
This is error prone and difficult to handle if cloning the packet as
those pointers can point to wrong place. Mitigate this issue by
allocating the space for link address in net_linkaddr struct. This will
increase the size of the net_pkt by 4 octets for IEEE 802.15.4 where the
link address length is 8, but there no increase in size if link address
is 6 bytes like in Ethernet/Wi-Fi.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
