If for some reason the DNS resolver callback is not called properly
then make sure that semaphore will not block forever.
Fixes#15197
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Update the files which contain no license information with the
'Apache-2.0' SPDX license identifier. Many source files in the tree are
missing licensing information, which makes it harder for compliance
tools to determine the correct license.
By default all files without license information are under the default
license of Zephyr, which is Apache version 2.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
We need all the socket APIs to work from user mode.
tests/net/socket/misc now runs in userspace.
Fixes: #15227
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Rename reserved function names in the subsys/ subdirectory except
for static _mod_pub_set and _mod_unbind functions in bluetooth mesh
cfg_srv.c which clash with the similarly named global functions.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
We are reverting the changes in commit
55b3f05932 given build errors are seen
when fcntl.h is included, as it declares fcntl() as a non-static
function. The same function cannot be declared as both static and
non-static.
Instead, we avoid redefining fcntl() in lib/os/fdtable.c specifically
for case of the SimpleLink family, til we have support for the new
socket_op_vtable.
Signed-off-by: Vincent Wan <vincent.wan@linaro.org>
And also to the relevant callbacks.
That parameter is not used anywhere so it is useless.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Now that legacy - and unrelated - function named net_pkt_get_data has
been removed, we can rename net_pkt_get_data_new relevantly.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Now that legacy functions are removew, let's rename the new functions by
removing the _new suffix.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
TCP context is effectively owned by both application and the stack:
stack may detect that peer closed/aborted connection, but it must
not dispose of the context behind the application back. Likewise,
when application "closes" context, it's not disposed of immediately,
there's yet closing handshake for stack to perform.
This effectively means that TCP contexts have refcount of 2 when
they're created. Without this change, following situation is
possible: peer opens connection, an app get a context (or socket)
via accept, peer sends data, closes connection. An app still holds
a reference to connection, but stack may dispose of context, and
even reuse it for a new connection. Then application holds a reference
to either free, or completely different context.
This situation was very clearly and 100% reproducible when making
Zephyr port of open62541 library, which works in async manner using
select().
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
To save binary size, currently just returns textual name of error
code, e.g. EAI_FAIL -> "EAI_FAIL". Based on real usecases, can be
replaced with user-friendly message later. (Current usecase is to
allow/help to elaborate sockets API by proof-of-concept porting
existing socket apps).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The socket-can code expects to have "struct can_frame" from
application when it calls send(). We then have to convert to
"struct zcan_frame" as that is what the driver expects.
Same thing when receiving data. We just convert to
"struct can_frame" and pass that to application.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Update reserved function names starting with one underscore, replacing
them as follows:
'_k_' with 'z_'
'_K_' with 'Z_'
'_handler_' with 'z_handl_'
'_Cstart' with 'z_cstart'
'_Swap' with 'z_swap'
This renaming is done on both global and those static function names
in kernel/include and include/. Other static function names in kernel/
are renamed by removing the leading underscore. Other function names
not starting with any prefix listed above are renamed starting with
a 'z_' or 'Z_' prefix.
Function names starting with two or three leading underscores are not
automatcally renamed since these names will collide with the variants
with two or three leading underscores.
Various generator scripts have also been updated as well as perf,
linker and usb files. These are
drivers/serial/uart_handlers.c
include/linker/kobject-text.ld
kernel/include/syscall_handler.h
scripts/gen_kobject_list.py
scripts/gen_syscall_header.py
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
This reverts commit 8cb5d083cb53627964ed72fb9fa3fb7a5219739f.
This was breaking tests on master due to missing dependency that is
still being reviewed.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This is done to conform with how the rest of the socket APIs are
implemented during socket offload. Otherwise link error would
result due to the symbol being redefined in lib/os/fdtable.c.
Signed-off-by: Vincent Wan <vincent.wan@linaro.org>
These options are oftentimes used when implementing servers, and
thus required to port existing socket apps. These options are also
safe to just ignore, e.g. SO_REUSEADDR has effect only for repeated
recreation of server socket (not an expected usecase for a Zephyr
app), while TCP_NODELAY is effectively the default for Zephyr, as we
don't implement TCP buffering (aka Nagle algorithm).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Poll descriptor was not incremented in poll update function in case it
was reported as not ready. In result, poll could end up processing the
same poll descriptor for every fd requested to monitor.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Rework detection of EOF on a socket, so that it can be detected in a
poll prepare that socket is in in a EOF state and poll can return
immediately.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When DTLS client was added to `poll` before/during the handshake, it
could throw errors and in some circumstances (when polling thread was
cooperative and had higher or equal priority to the handshake thread)
could lead to a deadlock in the application.
Prevent that, by blocking on handshake semaphore instead of fifo. Poll
will start using fifo for data poll only after handshake is complete.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Instead of simple bool value, use a semaphore to notify that TLS
handshake is complete. This way, we can monitor this value with k_poll.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This function is the opposite of getaddrinfo(), i.e. converts
struct sockaddr into a textual address. Normally (or more
specifically, based on the flags) it would perform reverse DNS
lookup, but current implementation implements only subset of
functionality, by converting to numeric textual address.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
A debug message told "Set EOF flag on pkt %p", but actually printed
net_context instead of net_pkt.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
There are issues using lowercase min and max macros when compiling a C++
application with a third-party toolchain such as GNU ARM Embedded when
using some STL headers i.e. <chrono>.
This is because there are actual C++ functions called min and max
defined in some of the STL headers and these macros interfere with them.
By changing the macros to UPPERCASE, which is consistent with almost all
other pre-processor macros this naming conflict is avoided.
All files that use these macros have been updated.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
shutdown() itself is described as just marking RX or TX path of a
socket as not available. For the first approximation, we implement
it just as a dummy function, to allow build existing POSIX
applications which use it.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
There is no need for appdata pointer: net_pkt's cursor is already at the
right position, i.e. the beginning of the payload right after all IP/TCP
headers.
Also, when reading the actual data, let's use net_pkt_read_new()
relevantly instead of going through the buffer by ourselves.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
There is no need for appdata pointer: net_pkt's cursor is already at the
right position, i.e. the beginning of the payload right after all IP/UDP
headers.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
This function is only used in sockets, thus making it a private function
of socket library and renaming it relevantly.
Note that sockets should be reviewed at some point to avoid using such
function: zsock_received_cb() already get the ip header and the protocol
header, so it could grab the src addr/port from there. It would be way
more optimized to do so, since net_pkt_get_src_addr is costly as it
parses all over again the ip/protocol headers.
utils unit test is updated and the test of the former
net_pkt_get_src_addr/net_pkt_get_dst_addr are removed.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
If a socket is in EOF, it's readable (so client can read() it, get 0
in return, figure it's in EOF, and close it). Without this change, we
had peer-closed sockets leaked (ignore) by poll() and select().
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Implemented via Zephyr's net_hostname_get(). As support for that call
is configurable and by default off, while many POSIX applications
assume that hostname is always available, we need a default value
in case CONFIG_NET_HOSTNAME_ENABLE is "n". Initial version of this
patch added that on the level of gethostname() call, but of was
suggested to move that down to net_hostname_get() instead.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
It is possible to set the filter in user application and that
information is passed to the CANBUS device driver.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This is basically a dummy layer that just passes data through.
It is needed so that we can create CANBUS type network interface
to the system.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This allows user to create a CAN socket and to read/write data
from it. From the user point of view, the BSD socket CAN support
works same way as in Linux.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This commit adds packet socket support to socket api.
This version supports basic packet socket features.
Protocol family is AF_PACKET, type of socket is
SOCK_RAW and proto type is ETH_P_ALL. The user will
receive every packet (with L2 header) on the wire.
For TX, the subsystem expects that the user has set
all the protocol headers (L2 and L3) properly.
Networking subsystem doesn't verify or alter the headers while
sending or receiving the packets. This version supports packet
socket over Etherent only. Also combination of other family
and protocols doesn't work (i.e. Application can not open
packet-socket and non packet-socket together).
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
If status is 0, both ip_hdr and proto_hdr will own a pointer to the
relevant IP and Protocol headers. In order to know which of ipv4/ipv6
and udp/tcp one will need to use respectively net_pkt_family(pkt) and
net_context_get_ip_proto(context).
Having access to those headers directly, many callbacks will not need
to parse the packet again no get the src/dst addresses or the src/dst
ports. This will be change after this commit.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
It's now up to net_context to build the net_pkt and send it.
This will become the default.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
The net-app API is removed. Users should use the BSD socket API
for application development.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The implementation code itself should not rely on plain POSIX names
and use zsock_ and ZSOCK_ prefixed versions of symbols.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
struct timeval is per POSIX defined in sys/time.h, but that also
allowed to pull sys/select.h (and indeed, it does with native_posix),
which then starts to conflict with out select implementation (if
NET_SOCKETS_POSIX_NAMES is defined, and many samples/tests have it).
So, for now follow the existing route of duplicating all definitions
needed by our code in namespaced manner. Things like struct timeval
usage will need to be revisited later, when we'll want socket
subsystem to work with POSIX subsystem, but that's a separate deep
matter.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
It's implemented on top of poll() anyway, and the current
implementation of fd_set uses array of fd's underlyingly, which
leads to O(n) complexity for FD_SET() and friends.
The purpose of select() implementation is to allow to perform
proof-of-concept port of 3rd-party code to Zephyr quickly. For
efficiency, poll() should be used instead.
Fixes: #11333
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
net_buf_linearize() used to clear the contents of output buffer,
just to fill it with data as the next step. The only effect that
would have is if less data was written to the output buffer. But
it's not reliable for a caller to rely on net_buf_linearize() for
that, instead callers should take care to handle any conditions
like that themselves. For example, a caller which wants to process
the data as zero-terminated string, must reserve a byte for it
in the output buffer explicitly (and set it to zero).
The only in-tree user which relied on clearing output buffer was
wncm14a2a.c. But either had buffer sizes calculated very precisely
to always accommodate extra trailing zero byte (without providing
code comments about this), or arguably could suffer from buffer
overruns (at least if data received from a modem was invalid and
filled up all destination buffer, leaving no space for trailing
zero).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Currently there is a mixed approach in prefixes from mbedTLS
configuration (MBEDTLS_ and TLS_). The latter was used in generic config
file and could bring up confusion that it can only be used with TLS
subsystem. Hence unify the approach to MBEDTLS_ prefix to avoid such
confusion.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
As extend fdtable usage to more cases, there regularly arises a need
to forward ioctl/fcntl arguments to another ioctl vmethod, which is
complicated because it defined as taking variadic arguments. The only
portable solution is to convert variadic arguments to va_list at the
first point of entry from client code, and then pass va_list around.
To facilitate calling ioctl with variadic arguments from system code,
z_fdtable_call_ioctl() helper function is added.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This commit reworks socket poll implementation to support multiple
socket implementations.
To achieve that, two ioctl poll helper requests were added:
ZFD_IOCTL_POLL_PREPARE and ZFD_IOCTL_POLL_UPDATE. The poll
implementation calls ioctl with these requests for each socket
requested in the fds table.
The first request is responsible for preparing k_poll_event objects
for specific socket. It can request to skip waiting in k_poll by
returning EALREADY through errno.
The latter request is responsible for processing outcome of k_poll for
each socket. It can request to retry the k_poll by returning EAGAIN
through errno.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Implement extended socket vtable for TLS sockets, therefore allowing to
integrate the implementation with socket subsystem.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commit extends socket vtable, allowing to redirect socket calls to
alternate implementations (e.g. TLS sockets).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Remove network specific default and max log level setting
and start to use the zephyr logging values for those.
Remove LOG_MODULE_REGISTER() from net_core.h and place the
calls into .c files. This is done in order to avoid weird
compiler errors in some cases and to make the code look similar
as other subsystems.
Fixes#11343Fixes#11659
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Implements setsockopt() for the socket offload driver
to process the TLS tags sent in via the Zephyr setsockopt() API,
when CONFIG_NET_SOCKETS_SOCKOPT_TLS is chosen.
For each tag, the credential filenames are retrieved and
set via SimpleLink's sl_SetSockOpt() API.
Also, creates a new KConfig option for TLS_CREDENTIAL_FILENAMES.
This new option is used by apps/protocols to add TLS credentials
via filenames referring to the actual content stored on a secure
file system or flash.
Handles the IPPROTO_TLS_* socket protocol families in the
socket() offloaded API.
This was validated on the cc3220sf_launchxl with the http_get sockets
sample, with the globalsign_r2.der file loaded to secure flash via
the TI Uniflash tool, and using the TI Catalog of known good
root CA's.
Signed-off-by: Gil Pitney <gil.pitney@linaro.org>
File descriptor I freed automagically when using POSIX subsystem's
close() function, but any subsys-adhoc functions like zsock_close()
should do that explicitly.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
With FD table introduction, net_context can no longer be reached by
typecasting socket descriptor. Instead, file descriptor API have to be
used.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
ztls_setsockopt and ztls_getsockopt returned error codes instead of
setting errno in particular cases. This commit fixes it.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
FD method tables contain function pointers, and thus should be
const and reside in ROM. This patch fixes all cases of FD vtable
definitions: for POSIX FS API and for sockets.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Previously the "socket file descriptors" were just net_context
pointers cast to int. For full POSIX compatibility and support
of generic operations line read/write/close/fcntl/ioctl, the
real file descriptors should be supported, as implemented by
fdtable mini-subsys.
Socket implementation already has userspace vs flatspace dichotomy,
and adding to that ptr-fds vs real-fds dichotomy (4 possible cases)
is just too cumbersome. So, switch sockets to real fd's regardless
if full POSIX subsystem is enabled or not.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Current TLS socket implementation assumed that PSK ID stored in
credential manager is NULL terminated. It's actually better to store
only the string content, as the string length is stored as well. This
approach is less confusing, when a user is not operating on C strings
but on a non-NULL terminated byte array.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Also, defines one LOG_MODULE_NAME for the simplelink WiFi driver, and
uses the same name for all files in this driver (module).
Signed-off-by: Gil Pitney <gil.pitney@linaro.org>
Placing it at sys/fcntl.h was due to mimicking internal newlib's
layout, but what we need is this file at the standard location,
for reuse.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This commit fixes the issue that if a thread is waiting on recv for
data and the user closes the socket, the waiting thread is not
unblocked.
Signed-off-by: Léonard Bise <leonard.bise@gmail.com>
Adding spaces around "=" when definining Kconfig template so
that is more consistent with overall style of these template
variables.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
As the debugging print calls are async, all the strings that might
be overwritten must use log_strdup() which will create a copy
of the printable string.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
When no certificate-based ciphersuites are used, mbedTLS compiles out
hostname field and associated functions from its SSL context. This
resulted in compilation error when only PSK-based ciphersuites were
configured.
This commit resolves the issue by compiling-out hostname-related code
from secure sockets implementation on the same basis as mbedTLS does.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The return of memset is never checked. This patch explicitly ignore
the return to avoid MISRA-C violations.
The only directory excluded directory was ext/* since it contains
only imported code.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
sockets_tls subsystem uses entropy driver, yet it does not include
entropy header. This commit fixes this.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This patch enables BSD socket offload to a dedicated
TCP/IP offload engine.
This provides a simpler, more direct mechanism than going
through NET_OFFLOAD (zsock -> net_context -> socket conversions)
for those devices which provide complete TCP/IP offload at the
BSD socket level, and whose use cases do not require
IP routing between multiple network interfaces.
To use, configure CONFIG_NET_SOCKETS_OFFLOAD=y, and register
socket_offload_ops with this module.
Fixes#3706
Signed-off-by: Gil Pitney <gil.pitney@linaro.org>
This is similar to change which was done in 21f31e90ec, unfortunately
this case was missed.
Fixes: #9032
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The previous code "optimized" and called both net_context_accept()
and net_context_recv() blindly to reset the corresponding callbacks.
But this leads to "wrong state" logging if debugging is enabled, so
clean that up.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This commit contains several fixes for DTLS implementation, proposed in
a post-merge review of #9338.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add system calls for the zsock implementations of socket,
close, bind, connect, listen, accept, sendto, recvfrom,
fcntl, poll, inet_pton, and getaddrinfo.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Originally EFAULT was used to indicate NULL pointer error in TLS option
set/get functions. EINVAL was suggested to be more apropriate error code
for this case, hence replace it.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Introduce non-blocking DTLS handshake, used during recv function call.
This prevents from blocking while waiting for initial handshake packet
on non-blocking sockets during receive.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Make TLS poll function verify if decrypted data is available after
socket has notified activity with POLLIN flag. This prevents from giving
false notifications in case data was received on socket but was consumed
by mbedTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Specify timeout value for mbedtls_ssl_read function for DTLS servers.
Adding this can prevent TLS context lockup in case blocking recv is used
and peer has shut down DTLS connection without closing it gracefully.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for DTLS recv/recvfrom function.
For DTLS client, recv function requires to have an already established
DTLS connection.
For DTLS servers, this function will try to establish DTLS connection
before receiving data. In case that DTLS handshake fails, recv function
will silently retry.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for DTLS send/sendto function.
For DTLS clients, send function will try to establish DTLS connection
before sending data. If DTLS handshake fails, it will return an error.
For DTLS servers, send function requires to have DTLS connection already
established.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
DTLS handshake can return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED, which
indicate that TLS session context should be reset.
Also, store information whether TLS connection has beed established.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add binary IO functions for DTLS connections.
dtls_rx function is more complex than it's TLS counterpart due to fact,
that DTLS does not allow blocking operation for this function. A simple
timeout mechanism was implmented basing on the zsock_poll function.
This function also verifies peer address. As currently only a single
DTLS connection is supported on a socket, if a DTLS connection is
established, and we receive datagram from different peer, it is silently
dropped.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Functions for checking flags set on sockets are needed by TLS sockets as
well, therefore extract them to a separate header file to avoid code
duplication.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add write-only socket option to set role for DTLS connection. This
option is irrelevant for TLS connections.
This options accepts and integer with a TLS role, compatible with
mbedTLS values:
0 - client,
1 - server.
By default, DTLS will assume client role.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
- Remove redundant 'n' defaults. 'n' is the default value for bool
symbols.
This makes the auto-generated documentation clearer as well: You get
"implicitly defaults to n" instead of
"- n if <propagated dependencies>".
- Shorten
<type>
prompt "foo"
to
<type> "foo"
This works for all types, not just bool.
- Various formatting nits.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Add write only TLS secure option to set peer verification level for
TLS connection.
This option accepts an integer with a peer verification
level, compatible with mbedtls values (0 - none, 1 - optional, 2 -
required.
By default, socket mimics mebdTLS behavior - (none for server, required
for client).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS secure socket option to read a ciphersuite chosen during TLS
handshake. Might be useful during development.
This is a read-only option that returns an integer containing an
IANA assigned ciphersuite identifier of chosen ciphersuite.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS secure socket option that enables to narrow list of ciphersuites
available for TLS connection.
This option accepts an array of integers with IANA assigned ciphersuite
identifiers and returns such.
By default, every statically configured ciphersuite is available for a
socket and getsockopt returns an array of these.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add write-only TLS secure socket option to set hostname.
This option accepts a string containing the hostname. May be NULL, to
disable hostname verification.
By default, an empty string is set as a hostname for TLS clients,
to enforce hostname verification in mbedTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS secure socket option to select TLS credentials to use.
This option accepts and returns an array of sec_tag_t that indicate
which TLS credentials should be used with specific socket.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS credential management subsystem that enables to register TLS
credentials in the system. Once specific credentials are registered in
the system, they will be available for TLS secure sockets to use.
To use a TLS credential with a socket, the following steps have to be
taken:
1. TLS credential has to be registered in a system-wide pool, using the
API provided in "net/tls_credentials.h" header file.
2. TLS credential (and other TLS parameters) should be set on a socket
using setsockopt().
Note, that there is no need to repeat step 1 for different sockets using
the same credentials. Once TLS credential is registered in the system,
it can be used with mulitple sockets, as long as it's not deleted.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
CONFIG_DNS_RESOLVER is the master switch for DNS resolution support,
for both native and socket APIs. Avoid confusing link errors by
compiling out both dns_resolve_name() and getaddrinfo() if that
option is not enabled.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Initial implementation of poll() was more of a proof of concept, so
was coded with a single-thread application in mind. As we move to
sockets as the main networking API, make it possible to use poll()
from different threads.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Implement socket poll function for TLS socket. In addition to regular
poll checks, we have to check if there is some decrypted data pending on
mbedTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add entropy source for mbedTLS. If no entropy driver is available, use
non-secure, software entropy source.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add tls_context structure that stored data required by TLS socket
implementation. This structure is allocated from global pool during
socket creation and freed during socket closure.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add switch to a socket layer that will enable switching socket API to
TLS secure sockets. At this point there is no secure sockets
implementation, so secure socket calls redirect to regular socket calls.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Bool symbols implicitly default to 'n'.
A 'default n' can make sense e.g. in a Kconfig.defconfig file, if you
want to override a 'default y' on the base definition of the symbol. It
isn't used like that on any of these symbols though.
Remove some 'default ""' properties on string symbols too.
Also make definitions more consistent by converting some
config FOO
<type>
prompt "foo"
definitions to a shorter form:
config FOO
<type> "foo"
This shorthand works for int/hex/string symbols too, not just for bool
symbols.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
When dns_get_addr_info() returns an error it does not call the
resolve callback, and thus the semaphore will not be given.
This fix will avoid a deadlock situation for various errors.
Added some small tests for getaddrinfo().
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Do not lookup DNS AAAA entries if IPv6 is disabled. The result can not
be used anyway because "struct sockaddr" does not have enough space for
IPv6 address in that case.
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Make the service parameter optional in getaddrinfo().
The application should be able to use NULL as service when only
interested in the host lookup.
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Add support for MSG_DONTWAIT flag in send() and sendto(). This
aligns with the same flag used in recv() and recvfrom().
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Add support for MSG_PEEK flag in recv and recvfrom.
This flag is needed when using non-zephyr embedded applications with
Zephyr's socket API.
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Add support for MSG_DONTWAIT flag in recv and recvfrom.
This flag is needed when using non-zephyr embedded applications with
Zephyr's socket API.
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Refactor recvfrom code for handling SOCK_DGRAM into zsock_recv_dgram
to align with SOCK_STREAM. Add flags parameter, will be used later.
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
We use ctx->user_data to hold socket flags. As each call to
net_context_recv() and net_context_send() overwrites its previous
value, we explicitly must pass the current ctx value there.
Without this, non-blocking socket was turned into blocking after
e.g. switching from receiving to sending.
Fixes: #6309
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
If accept callback is called with error, don't treat the context
passed to the callback as a new accepted context.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
We pass normal 1-based mask, and mask invert it before logically
AND'ing with the value. This apparently a mix-up between how the
mask was intended to be passed initially and how it was in the end.
This issue actually didn't have an effect, because currently defined
flags have mutually exclusive lifetime (when "eof" flag is set,
"non-blocking" flag value is no longer import). Anyway, that's a
bug and needs fixing.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Assertions should only be used to check invariants. Things that may
change value in runtime are better left to proper checks.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
The existing implementation assumed DNS resolv callback will be
called just once, but that's not always the case (apparently,
for multi-homes hosts or something). So, apply array bounds
checking (and do pointer arithmetic only after it, as the C
standard otherwise warns of "undefined behavior"). In such a case,
the port number wasn't set in each entry too, so rework how it's
done.
The issues discovered while resolving archive.ubuntu.com.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
In 90b471fe4, there was a change to make k_poll() return EINTR error
if it was cancelled with k_fifo_cancel_wait(). Handle this change, or
otherwise sockets EOF handling was broken.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
If net_context_recv() returns a error, net pkt will not be released. For
example, net_context_recv() returns -EBADF because the TCP connection is
closed by the peer.
Handle the return value instead of using SET_ERRNO().
Signed-off-by: Aska Wu <aska.wu@linaro.org>
Introducing CMake is an important step in a larger effort to make
Zephyr easy to use for application developers working on different
platforms with different development environment needs.
Simplified, this change retains Kconfig as-is, and replaces all
Makefiles with CMakeLists.txt. The DSL-like Make language that KBuild
offers is replaced by a set of CMake extentions. These extentions have
either provided simple one-to-one translations of KBuild features or
introduced new concepts that replace KBuild concepts.
This is a breaking change for existing test infrastructure and build
scripts that are maintained out-of-tree. But for FW itself, no porting
should be necessary.
For users that just want to continue their work with minimal
disruption the following should suffice:
Install CMake 3.8.2+
Port any out-of-tree Makefiles to CMake.
Learn the absolute minimum about the new command line interface:
$ cd samples/hello_world
$ mkdir build && cd build
$ cmake -DBOARD=nrf52_pca10040 ..
$ cd build
$ make
PR: zephyrproject-rtos#4692
docs: http://docs.zephyrproject.org/getting_started/getting_started.html
Signed-off-by: Sebastian Boe <sebastian.boe@nordicsemi.no>
The addrlen of accept() and recvfrom() is a value-result argument. It
should be updated to the actual size of the source address after
calling accept() and recvfrom().
Signed-off-by: Aska Wu <aska.wu@linaro.org>
Due to parameters used, net_context_recv() call cannot fail (it just
installs a callback, no I/O performed).
Coverity-CID: 178247
Fixes: #4581
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
net_context_sendto() returns an error if dest address is NULL.
If dest address is available, net_conext_sendto() should be used.
Otherwise, net_context_send() should be used.
Fixes#4347
Signed-off-by: Aska Wu <aska.wu@linaro.org>
send()/sendto() aren't "front facing" functions, so when user calls
them, context type hopefully should be already validated by other
functions. They are also on critical path of app/network performance,
so getting rid of extra check helps a little bit too. This also
fixes a warning of "err" possibly being used non-initialized.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
sendto() and recvfrom() are often used with datagram socket.
sendto() is based on net_context_sendto() and recvfrom() is based on
zsock_recv() with parsing source address from the packet header.
Signed-off-by: Aska Wu <aska.wu@linaro.org>
This is useful to enable error/warning logging across the net
codebase (less useful for debug level logging, but that's true
for CONFIG_NET_LOG_GLOBAL already).
Implementation-wise, instead of keeping adding to long list of
"select"'s in CONFIG_NET_LOG_GLOBAL and thus introduce component
inter-dependencies, add "default y if NET_LOG_GLOBAL" to
individual components' logging options.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
When new socket context is created on accepting connection to a
listening socket, its recv_q FIFO should be initialized. Without
initialization, this worked by a chance when FIFO structure was
simple, but recent change to add dlist to it (which now needs
proper initialization) exposed this issue.
Jira: ZEP-2576
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This is how it's called in the main docs, so use this same phrase in
Kconfig and samples too.
Also, added some articles to docs.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
For an accepted socket, we should set our receive callback and start
to queue packets ASAP (in the accept callback itself). Otherwise,
(if done in accept() call like before) we may miss to queue some
packets.
This issue wasn't exposed with slow SLIP and with emulated QEMU, but
easily exposed with Ethernet on a real hardware.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>