Unit tests were failing to build because random header was included by
kernel_includes.h. The problem is that rand32.h includes a generated
file that is either not generated or not included when building unit
tests. Also, it is better to limit the scope of this file to where it is
used.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This is no longer required since drivers implementing the sockets
offload interface were migrated to use pure zsock_ instead of
raw POSIX types and functions.
Signed-off-by: Adam Porter <porter.adam@gmail.com>
Under Linux when you shutdown a socket which is blocked on
an accept call the error code returned by accept is EINVAL.
Modify the socket code to be inline with this behaviour.
Signed-off-by: Léonard Bise <leonard.bise@gmail.com>
When closing a listening socket the functions waiting on the
FIFO will be unblocked this will result in receiving a NULL child
context. If that is the case return an error instead of carrying on.
Return the same error code (EINVAL) that is returned on Linux when
calling shutdown on a blocked accept call.
Signed-off-by: Léonard Bise <leonard.bise@gmail.com>
The SET_ERRNO() macro does nothing if a positive value is provided
to it, and the functions were not returning -1 or setting errno
as expected.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
APIs were returning -1 without setting errno if the file
descriptor looked up a null object or there was no function
installed in the vtable. Set to EBADF for this case.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
When `z_get_fd_obj_and_vtable()` function returns NULL (no valid entry
in the FD table for the socket), there is no need for further usermode
checks on the `ctx` pointer, as there is nothing to invalidate in that
case.
Fixes#25990Fixes#25991
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The original sockets system calls used file descriptors which
were actually net_context pointers. For all socket system calls,
any calls from user mode would check if the caller had permission
to use the net context.
This was later changed to not stuff net_context pointers into file
descriptors, but all the permission checking was unintentionally
lost, allowing all threads on the system to
read/write all socket file descriptors in the system at will, with
no way to isolate applications running on the same microcontroller
from each other's network activity.
This patch restores the permission checks on network context objects
for socket system calls that originated from user mode.
The call to z_object_recycle() was never removed from
zsock_socket_internal(); this is again leveraged to grant the
caller who opened the socket permission on the net_context
associated with the returned file descriptor.
To ensure that all socket calls do this checking, all uses of
z_get_fd_obj_and_vtable() have been routed through get_sock_vtable().
Objects have initialization state set and thread permissions
reset to just the caller in common zsock_socket() code.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The socketpair file descriptor context objects are heap allocated
and not drawn from a static pool. Register these as kernel objects
when we create them if user mode is enabled.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Zephyr running on MPU devices have a different memory model than
process-oriented OSes like Linux and require a method to set
kernel object permissions on a file descriptor's underlying
context object. Add this, and a test to show that it is working.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Used for permission validation when accessing the associated file
descriptors from user mode.
There often get defined in implementation code, expand the search
to look in drivers/ and subsys/net/.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
If we are calling sendmsg() without any aux data, then msg_controllen
is 0 and msg_control is NULL. Check these allowed values properly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we are calling sendmsg() for a connected socket, then msg_namelen
is 0 and msg_name is NULL. Check these allowed values properly.
Also modify unit tests so that we test this scenario.
Fixes#25925
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
In this, case is_nonblock is false and will_block is true.
Therefore, we *may* block, and furthermore we *expect* to
block. Checking is_nonblock is, in fact, redundant, and
passing K_FOREVER to k_sem_take() is justified.
Fixes#25727
Coverity-CID: 210611
Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
There was a possible race condition between sock_is_nonblock()
and k_sem_take() in spair_read() and spair_write() that was
mitigated.
Also clarified some of the conditional branching in those
functions.
Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
Replace CONFIG_ENTROPY_NAME with DT_CHOSEN_ZEPHYR_ENTROPY_LABEL. We now
set zephyr,entropy in the chosen node of the device tree to the entropy
device.
This allows us to remove CONFIG_ENTROPY_NAME from dts_fixup.h. Also
remove any other stale ENTROPY related defines in dts_fixup.h files.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
If we are receiving UDP packet and if there is some error happening
inside zsock_recv_dgram(), then make sure that the net_pkt received
from recv_q is freed.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
TLS sockets did not increase refcount of a net_context running TCP,
which could lead to a crash upon TCP disconnection.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
If CONFIG_NET_PKT_RXTIME_STATS is set, then update the received
packet RX time for packet sockets (SOCK_RAW). This was already
working for normal sockets but the statistics update was missing
from SOCK_RAW.
Fixes#22489
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The zsock_accept_ctx() calls z_reserve_fd() on entry but fails
to call z_free_fd() on failure. This will leak the allocated
socket descriptor.
Fixes#22366
Signed-off-by: Inbar Anson Bratspiess <inbar.anson.bratspiess@330plus.net>
When is NET_SOCKETS_SOCKOPT_TLS set, it should set TLS_CREDENTIALS
even when NET_NATIVE=n, so that platforms that use socket offloading
can continue to set TLS credentials.
We are now setting this via 'imply' instead of 'select', so that
prj.conf can opt out if necessary.
Fixes#22390
Signed-off-by: Vincent Wan <vincent.wan@linaro.org>
Instead of using a custom offloading interface, users can use
`NET_SOCKET_REGISTER` macro to register custom socket API provider. This
solution removes a limitation, that only one offloaded interface can be
registered and that it cannot be used together with native IP stack.
The only exception remainig are DNS releated operations -
`getaddrinfo`/`freeaddrinfo`, which, when offloaded, have to be
registered specifically.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Sort out mbedTLS dependencies in sockets Kconfig. mbedTLS will now
be enabled when TLS sockets and native network stack are enabled.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Make ioctl handlers of `ZFD_IOCTL_POLL_PREPARE` and
`ZFD_IOCTL_POLL_UPDATE` return an error code instead of setting errno
variable.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
If we can write to the socket in POLLOUT, then there is no need to
wait.
Note that this is not a full POLLOUT implementation but prevents
the code from waiting even if we could send data out.
Fixes#18867
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
IPv4 header options length will be stored in ipv4_opts_len
in net_pkt structure. Now IPv4 header length will be in
net_pkt ip_hdr_len + ipv4_opts_len. So modified relevant
places of ip header length calculation for IPv4.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
The TCP code expects that we know when the socket has called accept()
in order to continue connection attempt.
Fixes#21335
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Add an implementation for `sendmsg`, so secure sockets can be used
together with the WebSocket module to implement secure WebSockets
("wss").
Fixes#20431
Signed-off-by: Markus Fuchs <markus.fuchs@de.sauter-bc.com>
Use this short header style in all Kconfig files:
# <description>
# <copyright>
# <license>
...
Also change all <description>s from
# Kconfig[.extension] - Foo-related options
to just
# Foo-related options
It's clear enough that it's about Kconfig.
The <description> cleanup was done with this command, along with some
manual cleanup (big letter at the start, etc.)
git ls-files '*Kconfig*' | \
xargs sed -i -E '1 s/#\s*Kconfig[\w.-]*\s*-\s*/# /'
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Clean up space errors and use a consistent style throughout the Kconfig
files. This makes reading the Kconfig files more distraction-free, helps
with grepping, and encourages the same style getting copied around
everywhere (meaning another pass hopefully won't be needed).
Go for the most common style:
- Indent properties with a single tab, including for choices.
Properties on choices work exactly the same syntactically as
properties on symbols, so not sure how the no-indentation thing
happened.
- Indent help texts with a tab followed by two spaces
- Put a space between 'config' and the symbol name, not a tab. This
also helps when grepping for definitions.
- Do '# A comment' instead of '#A comment'
I tweaked Kconfiglib a bit to find most of the stuff.
Some help texts were reflowed to 79 columns with 'gq' in Vim as well,
though not all, because I was afraid I'd accidentally mess up
formatting.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Handle this corner case with TCP connection closing:
1) Client A connects, it is accepted and can send data to us
2) Client B connects, the application needs to call accept()
before we will receive any data from client A to the application.
The app has not yet called accept() at this point (for
whatever reason).
3) Client B then disconnects and we receive FIN. The connection
cleanup is a bit tricky as the client is in half-connected state
meaning that the connection is in established state but the
accept_q in socket queue contains still data which needs to be
cleared.
4) Client A then disconnects, all data is sent etc
The above was not working correctly as the system did not handle the
step 3) properly. The client B was accepted in the application even
if the connection was closing.
After this commit, the commit called "net: tcp: Accept connections
only in LISTENING state" and related other commits are no longer
needed and are reverted.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This reverts commit d70a854904.
The next commit fixes the original issue so this commit is no
longer needed.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Applications should use setsockopt() to setup the SOCKS5 proxy,
so the old API file, which is using net_context directly, is
moved SOCKS5 directory.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>