Add write-only TLS secure socket option to set hostname.
This option accepts a string containing the hostname. May be NULL, to
disable hostname verification.
By default, an empty string is set as a hostname for TLS clients,
to enforce hostname verification in mbedTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS secure socket option to select TLS credentials to use.
This option accepts and returns an array of sec_tag_t that indicate
which TLS credentials should be used with specific socket.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS credential management subsystem that enables to register TLS
credentials in the system. Once specific credentials are registered in
the system, they will be available for TLS secure sockets to use.
To use a TLS credential with a socket, the following steps have to be
taken:
1. TLS credential has to be registered in a system-wide pool, using the
API provided in "net/tls_credentials.h" header file.
2. TLS credential (and other TLS parameters) should be set on a socket
using setsockopt().
Note, that there is no need to repeat step 1 for different sockets using
the same credentials. Once TLS credential is registered in the system,
it can be used with mulitple sockets, as long as it's not deleted.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
CONFIG_DNS_RESOLVER is the master switch for DNS resolution support,
for both native and socket APIs. Avoid confusing link errors by
compiling out both dns_resolve_name() and getaddrinfo() if that
option is not enabled.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Initial implementation of poll() was more of a proof of concept, so
was coded with a single-thread application in mind. As we move to
sockets as the main networking API, make it possible to use poll()
from different threads.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Implement socket poll function for TLS socket. In addition to regular
poll checks, we have to check if there is some decrypted data pending on
mbedTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add entropy source for mbedTLS. If no entropy driver is available, use
non-secure, software entropy source.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add tls_context structure that stored data required by TLS socket
implementation. This structure is allocated from global pool during
socket creation and freed during socket closure.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add switch to a socket layer that will enable switching socket API to
TLS secure sockets. At this point there is no secure sockets
implementation, so secure socket calls redirect to regular socket calls.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Bool symbols implicitly default to 'n'.
A 'default n' can make sense e.g. in a Kconfig.defconfig file, if you
want to override a 'default y' on the base definition of the symbol. It
isn't used like that on any of these symbols though.
Remove some 'default ""' properties on string symbols too.
Also make definitions more consistent by converting some
config FOO
<type>
prompt "foo"
definitions to a shorter form:
config FOO
<type> "foo"
This shorthand works for int/hex/string symbols too, not just for bool
symbols.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
When dns_get_addr_info() returns an error it does not call the
resolve callback, and thus the semaphore will not be given.
This fix will avoid a deadlock situation for various errors.
Added some small tests for getaddrinfo().
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Do not lookup DNS AAAA entries if IPv6 is disabled. The result can not
be used anyway because "struct sockaddr" does not have enough space for
IPv6 address in that case.
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Make the service parameter optional in getaddrinfo().
The application should be able to use NULL as service when only
interested in the host lookup.
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Add support for MSG_DONTWAIT flag in send() and sendto(). This
aligns with the same flag used in recv() and recvfrom().
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Add support for MSG_PEEK flag in recv and recvfrom.
This flag is needed when using non-zephyr embedded applications with
Zephyr's socket API.
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Add support for MSG_DONTWAIT flag in recv and recvfrom.
This flag is needed when using non-zephyr embedded applications with
Zephyr's socket API.
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Refactor recvfrom code for handling SOCK_DGRAM into zsock_recv_dgram
to align with SOCK_STREAM. Add flags parameter, will be used later.
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
We use ctx->user_data to hold socket flags. As each call to
net_context_recv() and net_context_send() overwrites its previous
value, we explicitly must pass the current ctx value there.
Without this, non-blocking socket was turned into blocking after
e.g. switching from receiving to sending.
Fixes: #6309
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
If accept callback is called with error, don't treat the context
passed to the callback as a new accepted context.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
We pass normal 1-based mask, and mask invert it before logically
AND'ing with the value. This apparently a mix-up between how the
mask was intended to be passed initially and how it was in the end.
This issue actually didn't have an effect, because currently defined
flags have mutually exclusive lifetime (when "eof" flag is set,
"non-blocking" flag value is no longer import). Anyway, that's a
bug and needs fixing.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Assertions should only be used to check invariants. Things that may
change value in runtime are better left to proper checks.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
The existing implementation assumed DNS resolv callback will be
called just once, but that's not always the case (apparently,
for multi-homes hosts or something). So, apply array bounds
checking (and do pointer arithmetic only after it, as the C
standard otherwise warns of "undefined behavior"). In such a case,
the port number wasn't set in each entry too, so rework how it's
done.
The issues discovered while resolving archive.ubuntu.com.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
In 90b471fe4, there was a change to make k_poll() return EINTR error
if it was cancelled with k_fifo_cancel_wait(). Handle this change, or
otherwise sockets EOF handling was broken.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
If net_context_recv() returns a error, net pkt will not be released. For
example, net_context_recv() returns -EBADF because the TCP connection is
closed by the peer.
Handle the return value instead of using SET_ERRNO().
Signed-off-by: Aska Wu <aska.wu@linaro.org>
Introducing CMake is an important step in a larger effort to make
Zephyr easy to use for application developers working on different
platforms with different development environment needs.
Simplified, this change retains Kconfig as-is, and replaces all
Makefiles with CMakeLists.txt. The DSL-like Make language that KBuild
offers is replaced by a set of CMake extentions. These extentions have
either provided simple one-to-one translations of KBuild features or
introduced new concepts that replace KBuild concepts.
This is a breaking change for existing test infrastructure and build
scripts that are maintained out-of-tree. But for FW itself, no porting
should be necessary.
For users that just want to continue their work with minimal
disruption the following should suffice:
Install CMake 3.8.2+
Port any out-of-tree Makefiles to CMake.
Learn the absolute minimum about the new command line interface:
$ cd samples/hello_world
$ mkdir build && cd build
$ cmake -DBOARD=nrf52_pca10040 ..
$ cd build
$ make
PR: zephyrproject-rtos#4692
docs: http://docs.zephyrproject.org/getting_started/getting_started.html
Signed-off-by: Sebastian Boe <sebastian.boe@nordicsemi.no>
The addrlen of accept() and recvfrom() is a value-result argument. It
should be updated to the actual size of the source address after
calling accept() and recvfrom().
Signed-off-by: Aska Wu <aska.wu@linaro.org>
Due to parameters used, net_context_recv() call cannot fail (it just
installs a callback, no I/O performed).
Coverity-CID: 178247
Fixes: #4581
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
net_context_sendto() returns an error if dest address is NULL.
If dest address is available, net_conext_sendto() should be used.
Otherwise, net_context_send() should be used.
Fixes#4347
Signed-off-by: Aska Wu <aska.wu@linaro.org>
send()/sendto() aren't "front facing" functions, so when user calls
them, context type hopefully should be already validated by other
functions. They are also on critical path of app/network performance,
so getting rid of extra check helps a little bit too. This also
fixes a warning of "err" possibly being used non-initialized.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
sendto() and recvfrom() are often used with datagram socket.
sendto() is based on net_context_sendto() and recvfrom() is based on
zsock_recv() with parsing source address from the packet header.
Signed-off-by: Aska Wu <aska.wu@linaro.org>
This is useful to enable error/warning logging across the net
codebase (less useful for debug level logging, but that's true
for CONFIG_NET_LOG_GLOBAL already).
Implementation-wise, instead of keeping adding to long list of
"select"'s in CONFIG_NET_LOG_GLOBAL and thus introduce component
inter-dependencies, add "default y if NET_LOG_GLOBAL" to
individual components' logging options.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
When new socket context is created on accepting connection to a
listening socket, its recv_q FIFO should be initialized. Without
initialization, this worked by a chance when FIFO structure was
simple, but recent change to add dlist to it (which now needs
proper initialization) exposed this issue.
Jira: ZEP-2576
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This is how it's called in the main docs, so use this same phrase in
Kconfig and samples too.
Also, added some articles to docs.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
For an accepted socket, we should set our receive callback and start
to queue packets ASAP (in the accept callback itself). Otherwise,
(if done in accept() call like before) we may miss to queue some
packets.
This issue wasn't exposed with slow SLIP and with emulated QEMU, but
easily exposed with Ethernet on a real hardware.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Coverity complains about non-checked return values here. This is false
positive as the return values do not need checking in this special
case because we are closing the socket.
Coverity-CID: 173646
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
As we buffer incoming packets in receive callbacks, we must decrease
receive window to avoid situation that incoming stream for one socket
uses up all buffers in the system and causes deadlock. Once user app
consumes queued data using recv() call, we increase window again.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
ReST defines interpreted text roles where text enclosed by single quotes
can be "intrepreted", for example :ref:`some name` becomes a link to
a label anywhere in the doc set named "some name", :c:func:`funcname()`
becomes a link to the API documentation for "funcname", and
:option:`CONFIG_NAME` becomes a link to, in our case, the documentation
for the generated Kconfig option.
This patch fixes uses of `some name` (without a role) by either adding
an explicit role, or changing to ``some name``, which indicates inline
code block formatting (most likely what was intended).
This is a precursor to changing the default behavior of interpreted
text to treat `some name` as :any:`some name` (as configured in
doc/conf.py), which would attempt to create a link to any available
definition of "some name".
We may not change this default role behavior, but it becomes an option
after the fixes in this patch. In any case, this patch fixes incorrect
uses of single-quoted text (possibly introduced because GitHub's
markdown language uses single-quoted text for inline code formatting).
Jira: ZEP-2414
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
poll() allows to (efficiently) wait for available data on sockets,
and is essential operation for working with non-blocking sockets.
This is initial, very basic implementation, effectively supporting
just POLLIN operation. (POLLOUT implementation is dummy - it's
assumed that socket is always writable, as there's currently no
reasonable way to test that.)
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
If a socket is closed without reading all data from peer or accepting
all pending connection, they will be leaked. So, flush queues
explicitly.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
With CONFIG_NET_SOCKETS_POSIX_NAMES=y, "raw" POSIX names like
socket(), recv(), close() will be exposed (using macro defines).
The close() is the biggest culprit here, because in POSIX it
applies to any file descriptor, but in this implementation -
only to sockets.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This adds Kconfig and build infrastructure and implements
zsock_socket() and zsock_close() functions.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>