This adds a function k_object_is_valid() to check if a kernel
object exists, of certain type, and has been initialized.
This replaces the same (or very similar) code that has been
copied from kernel into the network subsystem.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Code using sys_csrand_get should depend on CONFIG_CSPRNG_ENABLED symbol
and not in ENTROPY_HAS_DRIVER since they are not using the entropy
device directly.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commits adds support for the SO_REUSEPORT socket option.
The implementation follows the behavior of BSD and tries to also follow
the specific additional features of linux with the following
limitations:
* SO_REUSEADDR and SO_REUSEPORT are not "the same" for client sockets,
as we do not have a trivial way so identify a socket as "client"
during binding. To get the Linux behavior, one has to use SO_REUSEPORT
with Zephyr
* No prevention of "port hijacking"
* No support for the load balancing stuff for incoming
packets/connections
There is also a new Kconfig option to control this feature, which is
enabled by default if TCP or UDP is enabled.
Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
This commit adds support for the SO_REUSEADDR option to be enabled for
a socket using setsockopt(). With this option, it is possible to bind
multiple sockets to the same local IP address / port combination, when
one of the IP address is unspecified (ANY_ADDR).
The implementation strictly follows the BSD implementation and tries to
follow the Linux implementation as close as possible. However, there is
one limitation: for client sockets, the Linux implementation of
SO_REUSEADDR behaves exactly like the one for SO_REUSEPORT and enables
multiple sockets to have exactly the same specific IP address / port
combination. This behavior is not possible with this implementation, as
there is no trivial way to identify a socket to be a client socket
during the bind() call. For this behavior, one has to use the
SO_REUSEPORT option in Zephyr.
There is also a new Kconfig to control this feature similar to other
socket options: CONFIG_NET_CONTEXT_REUSEADDR. This option is enabled by
default if TCP or UDP are enabled. However, it can still be disabled
explicitly.
Signed-off-by: Tobias Frauenschläger <t.frauenschlaeger@me.com>
Releasing the lock before notifying condvar led to a race condition
between a thread calling k_condvar_wait to wait for a condition variable
and another thread signalling for this same condition variable. This
resulted in the waiting thread to stay pending and the handle to it
getting removed from the notifyq, meaning it couldn't get woken up
again.
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
In low memory conditions, its possible for socketpair memory allocation
to fail and then the socketpair is freed but after that the remote
semaphore is released causing a crash.
Fix this by freeing the socketpair after releasing the semaphore. Add a
test case to induce low memory conditions (low HEAP and high socketpair
buffer size), with the fix issue is not seen.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
The errors are printed in hex, but no prefix was used. This could be
confused with usual errno return values. The 0x prefix makes clear
that it's a hex value.
Also a missing minus sign is added to one log message.
Signed-off-by: Martin Jäger <martin@libre.solar>
Modify the signature of the k_mem_slab_free() function with a new one,
replacing the old void **mem with void *mem as a parameter.
The following function:
void k_mem_slab_free(struct k_mem_slab *slab, void **mem);
has the wrong signature. mem is only used as a regular pointer, so there
is no need to use a double-pointer. The correct signature should be:
void k_mem_slab_free(struct k_mem_slab *slab, void *mem);
The issue with the current signature, although functional, is that it is
extremely confusing. I myself, a veteran Zephyr developer, was confused
by this parameter when looking at it recently.
All in-tree uses of the function have been adapted.
Fixes#61888.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Make sure we use the network interface name (if configured)
instead of device name when binding to certain network
interface.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add TLS_DTLS_CID socket option, which enables to use the Connection ID
extension for the DTLS session.
The option provides control of the use of CID with the `setsockopt()`
function. The value provided can disable, enable, and control whether to
provide a CID to the peer. It uses a random self CID (if told to provide
one to the peer) unless TLS_DTLS_CID_VALUE set previously.
Add TLS_DTLS_CID_VALUE to get or set the CID sent to the peer, if any.
Add TLS_DTLS_PEER_CID_VALUE to get the CID value provided by the peer,
if any.
Add TLS_DTLS_CID_STATUS to determine if CID used, and whether
bidirectional or one way.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Signed-off-by: Pete Skeggs <peter.skeggs@nordicsemi.no>
getsockname() did not work properly on bound sockets, as it verified
whether the socket has an active connection before retuning result. This
is not correct, as socket after bound may not have a connection yet.
Fix this, by verifying that local_addr on an underlying net_context is
set, to determine whether socket has a local address assigned, before
returning result.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The previous patch to address race condition on STREAM sockets had a
side effect on DGRAM socket, where net_context_recv() is not only
installing recv callback, but also registering a connection at net_conn
level. Doing so before setting remote address first (which is done in
net_context_connect()) had an impact on the connected DGRAM socket
operation, which now accepted packets from any remote peer, and not only
the one socket was connected to.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The `ioctl()` interface is already supported by the network
subsystem but there was no `zsock_` interface available for it.
Add the `zsock_ioctl()` syscall.
Implement two somewhat commont ioctl requests for socket
file descriptors; namely
- `FIONBIO` set non-blocking I/O mode
- `FIONREAD` get the number of available bytes
In the process, added `net_pkt_ip_proto_hdr_len()`
Signed-off-by: Christopher Friedt <cfriedt@meta.com>
In order to get a semi-accurate assessment of how many
bytes are available on a socket prior to performing a read,
BSD and POSIX systems have typically used
`ioctl(fd, FIONREAD, &avail)`
We can support this in Zephyr as well with little effort, so
add support for `socketpair()` sockets as an example.
Signed-off-by: Christopher Friedt <cfriedt@meta.com>
Previously, if a net_context had multiple packets already in
the receive queue, and a call to zsock_recvfrom() was made with
a buffer large enough to receive content from multiple packets,
only the content from a single receive buffer would be received.
Since zsock_recvfrom() is a system call, which has a
non-negligible overhead, it makes sense to receive as many bytes
as possible per system call.
Add zsock_recv_stream_immediate() as a shorthand for
"fill this receive buffer with as many bytes as possible without
blocking". Allow nullable buffer parameters so that we can also
have a shorthand for "count how many bytes are immediately
available".
With minor refactoring, zsock_recv_stream_timed() is a simple
wrapper around zsock_recv_stream_immediate() that handles timing
and error conditions.
Signed-off-by: Christopher Friedt <cfriedt@meta.com>
When the protocol layer like TCP is blocking transmission, the socket
layer will attempt and wait for a maximum amount of time before returning
with an ENOBUFS error.
This change allows to set the maximum waiting time from the configuration
file instead of using a fixed 10 second value.
Signed-off-by: Sjors Hettinga <s.a.hettinga@gmail.com>
Updates NET_SOCKETS_TLS_MAX_APP_PROTOCOLS Kconfig option description to use
DTLS instead of DTL.
Signed-off-by: Daniel Mangum <georgedanielmangum@gmail.com>
When the target board does not have heap by default, allows
statically reserving the space for required socketpairs.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
This adds a few line use zephyr_syscall_header() to include
headers containing syscall function prototypes.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
In order to allow the TLS accept() call to be interrupted, it should
release the top-level TLS socket mutex before blocking. As the
underlying TCP accept() makes no use of TLS resources, and has its own
mutex protection, it should be safe to do so.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The accept() so far would block with mutex held, making it impossible to
interrupt it from another thread when the socket was closed.
Fix this, by reusing the condvar mechanism used for receiving. It's OK
to use the same routine, as underneath accept() is monitoring the same
FIFO as recv().
Additionally, simplify k_fifo_get() handling in accept() - as the
waiting now takes place on condvar, it can be used in a non-blocking
manner. Blocking accept() call should not reach this place if there's no
new incoming connection waiting on the FIFO.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Installing recv callback with net_context_recv() after
net_context_connect() left an opening for a possible race - in case the
server send some data immediately after establishing TCP connection, and
Zephyr did not manage to install the callback on time, the data would be
lost, corrupting the stream.
This can be avoided, by installing the recv callback before the
connection is triggered. As net_context_recv() called w/o timeout only
registers the callback function, it should have no negative impact. The
only change on the TCP side is when the connection is closed - in case
TCP is in connect stage, do not call the recv callback (before this
change it'd be NULL at that point).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case recv() call was waiting for data, and the socket was closed from
another thread, the recv() call would not be interrupted, causing the
receiving thread to be blocked indefinitely.
Fix this, by signalling the condvar the recv() call is waiting on
close(). Additionally, close will now set the socket into error mode,
with EINTR as the error condition, allowing the blocked calls to
recognise that the call was interrupted, and return a proper error code
on the event.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Until now iterable sections APIs have been part of the toolchain
(common) headers. They are not strictly related to a toolchain, they
just rely on linker providing support for sections. Most files relied on
indirect includes to access the API, now, it is included as needed.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
For offloaded iface net_tcp_get is never called, so context->tcp
is always NULL. In that case net_tcp_tx_sem_get will return wrong pointer.
For pollout k_poll will be called with NULL semph,
which cause HardFault.
Signed-off-by: Wojciech Slenska <wsl@trackunit.com>
Calls put instead of unref on net contexts
in the socket accept function.
Mere unref didn't subtract the reference
count of net context which leaves
it in used state. This situation happens
in case of accepting already
closed connection.
Signed-off-by: Daniel Nejezchleb <dnejezchleb@hwg.cz>
Added a feature of socket connect
being asynchronous. If socket is set
to nonblock with O_NONBLOCK flag,
then connect() is non-blocking aswell.
App can normally poll the socket to
test when the connection is established.
Signed-off-by: Daniel Nejezchleb <dnejezchleb@hwg.cz>
The init infrastructure, found in `init.h`, is currently used by:
- `SYS_INIT`: to call functions before `main`
- `DEVICE_*`: to initialize devices
They are all sorted according to an initialization level + a priority.
`SYS_INIT` calls are really orthogonal to devices, however, the required
function signature requires a `const struct device *dev` as a first
argument. The only reason for that is because the same init machinery is
used by devices, so we have something like:
```c
struct init_entry {
int (*init)(const struct device *dev);
/* only set by DEVICE_*, otherwise NULL */
const struct device *dev;
}
```
As a result, we end up with such weird/ugly pattern:
```c
static int my_init(const struct device *dev)
{
/* always NULL! add ARG_UNUSED to avoid compiler warning */
ARG_UNUSED(dev);
...
}
```
This is really a result of poor internals isolation. This patch proposes
a to make init entries more flexible so that they can accept sytem
initialization calls like this:
```c
static int my_init(void)
{
...
}
```
This is achieved using a union:
```c
union init_function {
/* for SYS_INIT, used when init_entry.dev == NULL */
int (*sys)(void);
/* for DEVICE*, used when init_entry.dev != NULL */
int (*dev)(const struct device *dev);
};
struct init_entry {
/* stores init function (either for SYS_INIT or DEVICE*)
union init_function init_fn;
/* stores device pointer for DEVICE*, NULL for SYS_INIT. Allows
* to know which union entry to call.
*/
const struct device *dev;
}
```
This solution **does not increase ROM usage**, and allows to offer clean
public APIs for both SYS_INIT and DEVICE*. Note that however, init
machinery keeps a coupling with devices.
**NOTE**: This is a breaking change! All `SYS_INIT` functions will need
to be converted to the new signature. See the script offered in the
following commit.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
init: convert SYS_INIT functions to the new signature
Conversion scripted using scripts/utils/migrate_sys_init.py.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
manifest: update projects for SYS_INIT changes
Update modules with updated SYS_INIT calls:
- hal_ti
- lvgl
- sof
- TraceRecorderSource
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
tests: devicetree: devices: adjust test
Adjust test according to the recently introduced SYS_INIT
infrastructure.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
tests: kernel: threads: adjust SYS_INIT call
Adjust to the new signature: int (*init_fn)(void);
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Currently, the handshake operation could only be fully blocking or
non-blocking. This did not play well if SO_RCVTIMEO was set for DTLS
server, as the recv() call where the blocking handshake was used, could
block indefinitely, ignoring the timeout parameter. Fix this, by
allowing for the handshake operation to timeout.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
As the underlying socket operations for TLS/DTLS are now non-blocking,
it's no longer possible to rely on the underlying socket timeout
handling. Instead, implement SO_RCVTIMEO/SO_SNDTIMEO at the TLS socket
layer.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
As for TLS, switch to use non-blocking operations on underlying socket.
This is a bit tricker for DTLS, as there were not truly blocking bio
(binary input/output) function for DTLS, as timeout had to been
implemented. It is possible though to implement non-blocking mbedTLS bio
function instead, and handle timeout outside of mbedTLS context, which
has been done in this commit.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Switch TLS sockets to use non-blocking socket operations underneath.
This allows to implement the socket blocking outside of the mbedTLS
context (using poll()), and therefore release the mutex for the time the
underlying socket is waiting for data. In result, it's now possible to
do blocking TLS RX/TX operations simultaneously from separate threads.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Implement ZFD_IOCTL_SET_LOCK so that TLS socket layer gets access to the
mutex protecting socket calls.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Socketpair functionality has matured enough to be used in a
consistent way now regardless of architecture or platform,
even on `native_posix`.
Remove the experimental status to reflect that.
Signed-off-by: Chris Friedt <cfriedt@meta.com>
The TX timeout configured with SO_SNDTIMEO on a socket did not work
properly. If the timeout was set on a socket, the TX would work as if
the socket was put into non-blocking mode. This commit fixes this.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The timeout recalculation logic was duplicated across several routines,
therefore it makes sense to make a helper function out of it,
especially, that the same functionality would be needed for the send
routines.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Minor refactoring in getaddrinfo() to make the code easier to
read and to make handling IPv4 and IPv6 support more equal.
- Move common wait and error handling code to exec_query()
- Use the same check for CONFIG_NET_IPV4 and CONFIG_NET_IPV6
- Add extra sanity check for family before exec_query()
- Do not set errno when return DNS_EAI_ADDRFAMILY
Fix issue with setting port number for all DNS servers.
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
If we are using `CONFIG_ARCH_POSIX`, then include
`<fcntl.h>`. Otherwise, include `<zephyr/posix/fcntl.h>`
since there are no requirements to use `CONFIG_POSIX_API`
internally.
Signed-off-by: Chris Friedt <cfriedt@meta.com>
* include `<zephyr/posix/fcntl.h>` instead of `<fcntl.h>`
* drop unused logging header and module declaration
* reorder headers alphabetically
Signed-off-by: Chris Friedt <cfriedt@meta.com>
Fixes issue where a build warning would be emmited for sockets_tls.c due
to usage of the deprecated fcntl.h header file.
Signed-off-by: Jared Baumann <jared.baumann8@t-mobile.com>
The POSIX spec requires that `SO_LINGER`, `SO_RCVLOWAT`,
and `SO_SNDLOWAT`, and `SOMAXCONN` are defined in
`<sys/socket.h>`. However, most of the existing socket
options and related constants are defined in
`<zephyr/net/socket.h>`.
For now, we'll co-locate them. It would be
good to properly namespace things.
Additionally, a no-op for setsockopt for `SO_LINGER` to
make things Just Work (TM) for now.
Signed-off-by: Chris Friedt <cfriedt@meta.com>
Setting `hints.ai_family` to `AF_UNSPEC` was causing
`net_getaddrinfo_addr_str()` and in turn `getaddrinfo()` to resolve the
literal SNTP SERVER first into IPv4 and then (if supported) IPv6 addresses.
This was causing useless waste of time and memory in case IPv4 was not
supported. In addition, in case IPv4 addresses were not supported, other
system components (eg. SNTP) could fail due to the DNS returning IP
addresses with unsupported family type (ie. IPv4).
Now, if address family is not explicitly set to `AF_INET` (ie. IPv4), then
no attempt is made to resolve SNTP server address into an IPv4 address.
Signed-off-by: Marco Argiolas <marco.argiolas@ftpsolutions.com.au>
If gcc compiler option -Werror is used the warning,
declared inside parameter list will not be visible outside of this
definition or declaration [-Werror]
is treated as error, for
sockets_internal.h:18:28: ‘struct net_context’
sockets_internal.h:19:32: ‘struct zsock_pollfd’
fdtable.h:108:17: ‘struct k_mutex’
Signed-off-by: Christoph Schnetzler <christoph.schnetzler@husqvarnagroup.com>
Using a socketpair for communication in an ISR is not a great
solution, but the implementation should be robust in that case
as well.
It is not acceptible to block in ISR context, so robustness here
means to return -1 to indicate an error, setting errno to `EAGAIN`
(which is synonymous with `EWOULDBLOCK`).
Fixes#25417
Signed-off-by: Chris Friedt <cfriedt@meta.com>
Add new socket options IP_TOS and IPV6_TCLASS which allows to set
DSCP/ECN values on a socket for an outgoing packet IPv4/IPv6 headers.
The options are compatible with Linux behaviour, where both DSCP and ECN
are set with a single socket option.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
SOL_SOCKET and IPPROTO_TCP levels were missing the break statement at
the end of their processing logic, which could cause unexpected
fallthrough on unhandled optname value.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This is a follow-up to commit a418ad4bb4.
Since the path to zephyr_mbedtls_priv.h is added to include directories
only when CONFIG_MBEDTLS_BUILTIN is enabled, the inclusion of the file
needs to be done under the same condition. Otherwise, an error occurs
when socket_tls.c is compiled without CONFIG_MBEDTLS_BUILTIN.
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
* reduced cyclomatic complexity
* group validation by family to make the validation easier to understand
and extend
* change preprocessor markup where possible to allow for complete code
elimination when features (esp. IP) are disabled
* renamed net_context_get/set_ip_proto() to net_context_get_proto()
While the latter is formally part of the public API and might therefore
have to be deprecated rather than renamed, it is considered internal API
by the net developers, see
https://github.com/zephyrproject-rtos/zephyr/pull/48751#discussion_r942402612
Signed-off-by: Florian Grandel <jerico.dev@gmail.com>
The net_core:process_data() and connection:net_conn_input() methods are
the central network packet reception pipeline which:
1) guide network packets through all network layers,
2) decode, validate and filter packages along the way and
3) distribute packages to connections/sockets on all layers.
This code seems to have grown complex and rather cluttered over time as
all protocols, layers and socket implementations meet there in one single
place.
The code also reveals its origin as a pure IP stack which makes it hard
to introduce non-IP protocols and their supporting socket infrastructure
in a modularized way.
For an outside contributor it seems almost impossible to add another
protocol, protocol layer, filter rule or socket implementation without
breaking things.
This change doesn't try to solve all issues at once. It focuses
exclusively on aspects that maintain backwards compatibility:
* Improve modularization and encapsulation on implementation level by
disentangling code that mixes up layers, protocols and socket
implementations.
* Make IP just one protocol among others by removing assymmetry in
protocol handling logic and introduce preprocessor markup so that
IP-specific code can be eliminated by the preprocessor if not needed.
* Use preprocessor markup to delineate hook points for future
modularization or expansion without introducing structural changes (as
this would almost certainly break the API).
* Reduce cyclomatic complexity, use positive rather than negative logic,
improve variable naming, replace if/elseif/else blocks with switches,
reduce variable span, introduce inline comments where code does not
speak for itself, etc. as much as possible to make the code overall
more human-friendly.
Background: These are preparative steps for the introduction of IEEE
802.15.RAW sockets, DGRAM sockets and sockets bound to PAN IDs and device
addresses similar to what the Linux kernel does.
Signed-off-by: Florian Grandel <jerico.dev@gmail.com>
Introducing additional socket implementations is rather involved right
now due to some more or less convoluted code that had grown over time.
This change introduces an additional configuration variable in preparation
for additional socket API drivers. The idea is to reduce redundant code
and make existing code more readable by better exposing its actual intent.
Signed-off-by: Florian Grandel <jerico.dev@gmail.com>
The code contained several repeated composite IPv4/v6 and UDP/TCP
preprocessor statements that can be simplified by introducing a hidden
NET_IP preprocessor constant that captures what probably is actually
"meant" by this code.
While we were on it we also used the new constant to further isolate
IP-specific code from non-IP specific generics.
Signed-off-by: Florian Grandel <jerico.dev@gmail.com>
This change makes the packet socket and ieee802154 l2 drivers aware of
AF_PACKET sockets, see https://github.com/linux-wpan/wpan-tools/tree/master/examples
for examples which inspired this change.
Signed-off-by: Florian Grandel <jerico.dev@gmail.com>
Decouple the zephyr/net/socketcan.h and zephyr/drivers/can.h header files
by moving the SocketCAN utilities to their own header.
This is preparation for including the SocketCAN types defined in
socketcan.h in a native posix (Linux) SocketCAN driver context without name
clashes.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
Rename the SocketCAN header from socket_can.h to socketcan.h to better
match the naming of the functionality.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
Rename the SocketCAN utility functions to reflect the new naming of the CAN
controller API and SocketCAN API data types.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
Remove the "z" prefix from the public CAN controller API types as this
makes them appear as internal APIs.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
Rename the SocketCAN data types to "socketcan_*" in preparation of renaming
the low-level CAN controller API data types.
This breaks the naming compatibility with the similar SocketCAN data types
from the Linux kernel, but Zephyr and Linux SocketCAN are not 100%
compatible anyways (only the structure fields are compatible, extended
functionality such filtering, error reporting etc. are not).
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
This new implementation of pipes has a number of advantages over the
previous.
1. The schedule locking is eliminated both making it safer for SMP
and allowing for pipes to be used from ISR context.
2. The code used to be structured to have separate code for copying
to/from a wating thread's buffer and the pipe buffer. This had
unnecessary duplication that has been replaced with a simpler
scatter-gather copy model.
3. The manner in which the "working list" is generated has also been
simplified. It no longer tries to use the thread's queuing node.
Instead, the k_pipe_desc structure (whose instances are on the
part of the k_thread structure) has been extended to contain
additional fields including a node for use with a linked list. As
this impacts the k_thread structure, pipes are now configurable
in the kernel via CONFIG_PIPES.
Fixes#47061
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
mbedTLS library threshold initialization was done in native TLS socket
implementation (which tends to use mbedTLS now) and inside mbedTLS
benchmark test. Move that to mbedTLS module initialization, as this is a
global setting.
Update description of CONFIG_MBEDTLS_DEBUG_LEVEL to clarify when
mbedtls_debug_set_threshold() is called.
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
So far there was a debug log hook installed in TLS socket implementation.
However, mbedTLS (with debug enabled) might be used outside from TLS socket
and even outside from networking context.
Add new module, which implements debug log hook and makes it available
whenever CONFIG_MBEDTLS_DEBUG is enabled.
Note that debug hook needs to be installed for each mbedTLS context
separately, which means that this requires action from mbedTLS users, such
as TLS sockets implementation.
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
The packet socket implementation did not fill the address structure
provided by the application. This commit fixes this.
Note, that the implementation needs to cover two cases: SOCK_RAW and
SOCK_DGRAM. In the first case, the information is extracted directly
from the L2 header (curently only Ethernet supported). In latter case,
the header is already removed from the packet as the L2 has already
processed the packet, so the information is obtained from the net_pkt
structure.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
There is a potential, corner case scenario, where a deadlock can occur
between TCP and socket layers, when both ends of the connection transmit
data.
The scenario is as follows:
* Both ends of the connection transmit data,
* Zephyr side send() call gets blocked due to filing the TX window
* The next incoming packet is data packet, not updating the RX window
on the peer side or acknowledging new data. The TCP layer will
attepmt to notify the new data to the socket layer, by calling the
registered callback. This will block the RX thread processing the TCP
layer, as the socket mutex is already acquired by the blocked send()
call.
* No further packets are processed until the socket mutex is freed,
which does not happen as the only way to unblock send() is process
a new ACK, either updating window size or a acknowledging data.
The connection stalls until send() times out.
The deadlock is not permament, as both threads get unlocked once send()
times out. It effectively breaks the active connection though.
Fix this, by unlocking the socket mutex for the time the send() call is
idle. Once the TCP layer notifies that the window is available again,
the mutex is acquired back.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Move the CAN bus network driver from drivers/can to drivers/net as it
implements a network driver, not a CAN controller driver.
Use a separate Kconfig for enabling the CAN bus network driver instead of
piggybacking on the SocketCAN Kconfig. This allows for other
(e.g. out-of-tree) SocketCAN transports.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
Some errors can occur in the sending process that have to be handled
in a polling fasion instead of blocking using semaphores. In this case
apply an exponentially growing backoff time. This will allow for fast
reactions in most situations and prevents high system loads in case
resolving the situation takes a little longer.
Signed-off-by: Sjors Hettinga <s.a.hettinga@gmail.com>
When an operation on the socket is not supported by the implementation,
which is the case for some drivers, set errno to a value that reflects
this situation rather than signalling an error with the file descriptor.
Signed-off-by: Ulf Lilleengen <lulf@redhat.com>
Logging v1 has been removed and log_strdup wrapper function is no
longer needed. Removing the function and its use in the tree.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Prevent local "addrlen_copy" variable from being used uninitialized in
accept() userspace verification function.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
To improve the performance with small chunks send, implement Nagle's
algorithm. Provide the option TCP_NODELAY to disable the algorithm.
Signed-off-by: Sjors Hettinga <s.a.hettinga@gmail.com>
Fragmented data passed to sendmsg() should be sent as a single datagram in
case of datagram sockets (i.e. DTLS connection). Right now that is not
happening now, as each fragment is sent separately, which works fine only
for stream sockets.
There is no mbedTLS API for 'gather' write at this moment. This means that
implementing sendmsg() would require allocating contiguous memory area at
Zephyr TLS socket level and copying all data fragments before passing to
mbedTLS library. While this might be a good option for future, let's just
check if data passed to sendmsg() API consists of a single memory region
and can be sent using single send request. Return EMSGSIZE error if there
are more then one data fragments.
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
Implement POLLOUT for stream sockets, based on newly introduced tx_sem
functionality of the TCP stack.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Utilize the TCP semaphore monitoring transmit status at the socket
layer. This allows to resume transfer as soon as possible instead of
waiting blindly.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Make use of the status field, reported by TCP, in the socket receive
callback. This allows to differentiate a graceful connection shutdown
from actual errors at TCP level (transmission timeout or RST received).
In case of error reported from TCP layer, set a new SOCK_ERROR flag on
the socket, and store the error code in the net_context user_data.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In order to bring consistency in-tree, migrate all subsystems code to
the new prefix <zephyr/...>. Note that the conversion has been scripted,
refer to zephyrproject-rtos#45388 for more details.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Socket offloading has been in the tree for a while and improved a lot
over time (from a simple define-based API override to a complex
vtable-based solution, supporting mutliple offloaded interfaces). As the
feature is heavily used by certain vendors (Nordic and its nRF Connect
SDK), I propose to move it out of experimental phase.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Introduce TLS socket options, which allow to configure session caching
on a socket.
The cache can be enabled on a socket with TLS_SESSION_CACHE option.
Once cache is enabled on a socket, the session will be stored for re-use
after a sucessfull handshake. If a socket is attempting to connect to a
host for which session is stored, the session will be resumed and mbed
TLS will attempt to use a simplified handshake procedure.
The server-side management of sessions is fully controlled by mbed TLS
after session caching is enabled on a socket.
The other TLS_SESSION_CACHE_PURGE option allows to clear all of the
cache entries, releasing the memory allocated for sessions.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The function setsockopt() option TLS_CIPHERSUITE_LIST
allows the user to set a specific list of ciphersuites
when using the Zephyr native + Mbed TLS stack. However, the
list provided was not actually being used later for
handshaking.
This adds the missing calls to mbedtls_ssl_conf_ciphersuites()
to use the list provided. If none was provided, fall back
to the default list as determined by Mbed TLS from Kconfig
values.
Signed-off-by: Pete Skeggs <peter.skeggs@nordicsemi.no>
In some cases (for examples when offloaded socket implementation does
not implement TLS functionality) it could be desired to create a native
TLS socket with an underlying offloaded socket.
This cannot be achieved with SO_BINDTODEVICE option only, as TLS socket
type is not really associated with a particular interface - it either
has to be offloaded, or a fully native socket is created (native TLS on
a native interface).
In order to address the problem, introduce TLS_NATIVE socket option.
This option instructs the socket dispatcher layer to create a native TLS
socket. As with the socket dispatcher the underlying socket
implementation is not decided during TLS socket creation, therefore it's
possible to use SO_BINDTODEVICE to choose either native or offloaded
interface for the underlying socket.
Additionally remove NET_SOCKETS_OFFLOAD_TLS Kconfig option, as it's no
longer needed with an runtime option to select whether to offload TLS or
not.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add an intermediate socket implementation called socket dispatcher. This
layer can be used along with the socket offloading, to postpone the
actual socket creation until a first operation on a socket is executed.
This approach leaves an opening to bind a socket to a particular
offloaded network interface, and thus offloaded socket implementation,
using SO_BINDTODEVICE socket option. Thanks to this, it is now possible
to use multiple offloaded sockets implementations along with native
sockets, and easily select which socket should use with network
interface (even if it's an offloaded interface).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Introduce set/get SO_SNDBUF option using the setsockopt
function. In addition, for TCP, check the sndbuf value
before queuing data.
Signed-off-by: Mohan Kumar Kumar <mohankm@fb.com>
'optval' in setsockopt(..., SO_BINDTODEVICE, ...) was casted explicitly
from 'const void *' to 'struct ifreq *'. Rely on C implicit casting from
'const void *' to 'const struct ifreq *' and simply update variable
type. This prevents unwanted modification of ifreq value in the future.
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
This option will be used as default socket priority by offloaded socket
drivers.
Describe how to prioritize native TLS over offloaded TLS (and vice
versa) using sockets priorities.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Introduce set/get SO_RCVBUF option using the setsockopt
function. In addition, use the rcvbuf value to set the
tcp recv window.
Signed-off-by: Mohan Kumar Kumar <mohankm@fb.com>
The ARRAY_SIZE macro uses sizeof and thus the return
type should be an unsigned value. size_t is typically
the type used for sizeof and fits well for the
ARRAY_SIZE macro as well.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
The verification function for accept() did not take into account that
addr and addrlen pointers provided could be NULL.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
TCP module can report EAGAIN in case TX window is full. This should not
be forwarded to the application, as blocking socket is not supposed to
return EAGAIN.
Fix this for sendmsg by implementing the same mechanism for handling TX
errors as for regular send/sendto operations.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
According to Kconfig guidelines, boolean prompts must not start with
"Enable...". The following command has been used to automate the changes
in this patch:
sed -i "s/bool \"[Ee]nables\? \(\w\)/bool \"\U\1/g" **/Kconfig*
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Add basic shutdown() implementation of TLS sockets, which basically
calls shutdown() on underlying wrapped sockets.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Add basic shutdown() implementation for net_context sockets, which
handles only SHUT_RD as 'how' parameter and returns -ENOTSUP for SHUT_WR
and SHUT_RDWR. The main use case to cover is to allow race-free wakeup
of threads calling recv() on the same socket.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
So far shutdown() implementation was a noop and just resulted in warning
logs. Add shutdown() method into socket vtable. Call it if provided and
fallback into returning -ENOTSUP if not.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Add implementation of net_tcp_update_recv_wnd() function.
Move the window deacreasing code to the tcp module - receive window
has to be decreased before sending ACK, which was not possible when
window was decreased in the receive callback function.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
There is no releavnce between CAN sockets and offloading that would
prevent one from working with another, therefore it's not right to
allow CAN sockets to be build only if offloading is disabled. Fix the
wrong dependency in socket CMakeLists.txt file.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Fix net_pkt leak by increasing net_context the reference count earlier
in the zsock_accepted_cb() with instalment of the
zsock_received_cb() callback.
And consequently flushing recv_q and decrement net_context
reference count if zsock_accept_ctx() fails.
Signed-off-by: Daniel Nejezchleb <dnejezchleb@hwg.cz>
In case system workqueue processing is delayed for any reason, and
resolver callback is executed after getaddrinfo() call already timed
out, the system would crash as the callback makes use of the user data
allocated on the stack within getaddrinfo() function.
Prevent that, by cancelling the DNS request explicitly from the
getaddrinfo() context, therefore preventing the resolver callback
from being executed after the getaddrinfo() call ends.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The previous approach to detect if the underlying transport was closed
(by checking the return value of `mbedtls_ssl_read()` was not right,
since the function call does not request any data - therefore 0 as a
return value is perfectly fine.
Instead, rely on the underlying transport ZSOCK_POLLHUP event - if it
reports that the connection ended, forward the event to the application.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Report ZSOCK_POLLHUP event if peer closed the connection, and thus the
socket is in EOF state.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
According to MbedTLS API documentation, its session must be reset if
mbedtls_ssl_handshake returns something other than:
- 0
- MBEDTLS_ERR_SSL_WANT_READ
- MBEDTLS_ERR_SSL_WANT_WRITE
- MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS
- MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS
In MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS and
MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS cases the function must be called
again when operation is ready. These cases now return -EAGIN or
continue to retry if it's a blocking call.
Signed-off-by: Ramiro Merello <rmerello@itba.edu.ar>
Add EtherCAT protocol support, now applications can
transmit/receive EtherCAT packets via RAW socket.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Simplify common `getsockname()` implementation by using VTABLE_CALL()
macro, in the same way as other socket calls do. This additionally
allows to cover the case, when `getsockname()` is not implemnented by
particular socket implementation, preventing the crash.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Replace unpacked in6_addr structures with raw buffers in net_ipv6_hdr
struct, to prevent compiler warnings about unaligned access.
Remove __packed parameter from `struct net_6lo_context` since the
structure isn't really serialized.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Replace unpacked in_addr structures with raw buffers in net_ipv4_hdr
struct, to prevent compiler warnings about unaligned access.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS socket option "TLS_CERT_NOCOPY" to prevent the copy of
certificates to mbedTLS heap if possible.
Add support to provide a chain of DER certificates by registering
them with multiple tags.
Signed-off-by: Lucas Dietrich <ld.adecy@gmail.com>
Change the wording of the warning printed when there is no entropy to
hopefully remove any doubt that there might be security in TLS without
an entropy source. TLS connections with insufficient entropy are
trivially decodable, and should not be relied on for any type of
security.
Signed-off-by: David Brown <david.brown@linaro.org>
`ztls_socket_data_check()` function ignored a fact when
`mbedtls_ssl_read()` indicated that the underlying TCP connection was
closed. Fix this by returning `-ENOTCONN` in such case, allowing
`poll()` to detect such event.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
With the introduction of `EXPERIMENTAL` and `WARN_EXPERIMENTAL` in
Zephyr all subsys/net and drivers/ethernet/Kconfig.e1000 settings
having `[EXPERIMENTAL]` in their prompt has has been updated to include
`select EXPERIMENTAL` so that developers can enable warnings when
experimental features are enabled.
The following settings has EXPERIMENTAL removed as they are considered
mature:
- NET_OFFLOAD
- NET_PROMISCUOUS_MODE
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
The irq_lock() usage here is incompatible with SMP systems, and one's
first reaction might be to convert it to a spinlock.
But are those irq_lock() instances really necessary?
Commit 6161ea2542 ("net: socket: socketpair: mitigate possible race
condition") doesn't say much:
> There was a possible race condition between sock_is_nonblock()
> and k_sem_take() in spair_read() and spair_write() that was
> mitigated.
A possible race without the irq_lock would be:
thread A thread B
| |
+ spair_write(): |
+ is_nonblock = sock_is_nonblock(spair); [false]
* [preemption here] |
| + spair_ioctl():
| + res = k_sem_take(&spair->sem, K_FOREVER);
| + [...]
| + spair->flags |= SPAIR_FLAG_NONBLOCK;
| * [preemption here]
+ res = k_sem_take(&spair->sem, K_NO_WAIT); [-1]
+ if (res < 0) { |
+ if (is_nonblock) { [skipped] }
* res = k_sem_take(&spair->sem, K_FOREVER); [blocks here]
| + [...]
But the version with irq_lock() isn't much better:
thread A thread B
| |
| + spair_ioctl():
| + res = k_sem_take(&spair->sem, K_FOREVER);
| + [...]
| * [preemption here]
+ spair_write(): |
+ irq_lock(); |
+ is_nonblock = sock_is_nonblock(spair); [false]
+ res = k_sem_take(&spair->sem, K_NO_WAIT); [-1]
+ irq_unlock(); |
* [preemption here] |
| + spair->flags |= SPAIR_FLAG_NONBLOCK;
| + [...]
| + k_sem_give(&spair->sem);
| + spair_read():
| + res = k_sem_take(&spair->sem, K_NO_WAIT);
| * [preemption here]
+ if (res < 0) { |
+ if (is_nonblock) { [skipped] }
* res = k_sem_take(&spair->sem, K_FOREVER); [blocks here]
In both cases the last k_sem_take(K_FOREVER) will block despite
SPAIR_FLAG_NONBLOCK being set at that moment. Other race scenarios
exist too, and on SMP they are even more likely.
The only guarantee provided by the irq_lock() is to make sure that
whenever the semaphore is acquired then the is_nonblock value is always
current. A better way to achieve that and be SMP compatible is to simply
move the initial sock_is_nonblock() *after* the k_sem_take() and remove
those irq_locks().
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Mbed TLS 3.0 removes the definition for MBED_ERR_SSL_PEER_VERIFY_FAILED,
since non of its code ever returns that value. Since there isn't really
a perfect response, instead return a somewhat generic response
indicating this was unexpected.
Signed-off-by: David Brown <david.brown@linaro.org>
Several fields of structures in mbedTLS 3.0 are now private. To access
them directly is necessary to define MBEDTLS_ALLOW_PRIVATE_ACCESS.
That is a temporary fix, the proper solution is not access directly
but using proper API.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Implements mechanism similar to the one available in net/lib/sockets.c
(since the merge of #27054) in sockets_can to enable parallel rx/tx.
Fixes#38698
Signed-off-by: Mateusz Karlic <mkarlic@internships.antmicro.com>
According to `sendmsg()` man pages, the `struct msghdr` can contain
empty records (iov_len equal to 0). Ignore them in TLS `sendmsg()`
implementation to avoid unnecessary calls to mbed TLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When creating a socket, all of the registered socket implementation are
processed in a sequence, allowing to find appropriate socket
implementation for specified family/type/protocol. So far however,
the order of processing was not clearly defined, leaving ambiguity if
multiple implmentations supported the same set of parameters.
Fix this, by registering socket priority along with implementation. This
makes the processing order of particular socket implementations
explicit, giving more flexibility to the user, for example when it's
neeed to prioritze one implementation over another if they support the
same set of parameters.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The `poll()` function did not report POLLHUP if the peer ended the DTLS
session, making it impossible to detect such event on the application
side.
On the other hand, TLS erroneusely reported POLLHUP along with each
POLLIN event, as the 0 returned by the `recv()` socket call was
wrongly interpreted (it was expected to get 0 in return as 0 bytes were
requested).
Fix this by introducing a helper function to process the mbedtls context
and verify if new application data is pendingi or session has ended.
Use this new function in the poll handler, instead of a socket `recv()`
call, to remove any ambiguity in the usage, for both TLS and DTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Notify the application when DTLS client session ends by returning
ENOTCONN on such event. Additionally, reset the mbed TLS session
structures, allowing to reinstante the session on the next send() call.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
ECONNABORTED was returned in case tls_mbedtls_reset() function for
resetting session failed, which can be caused by memory shortage. Return
ENOMEM instead.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Sending of > 2k buffers leads to split socket writes.
Current implementation is not checking for full buffer size.
ztls_sendmsg_ctx proceeds to next iov on sucessful write.
Solution: Add loop into ztls_sendmsg_ctx to process whole buffer
before proceeding to next iov.
Signed-off-by: Pavlo Hamov <pasha.gamov@gmail.com>
This migrates all the current iterable section usages to the external
API, dropping the "Z_" prefix:
Z_ITERABLE_SECTION_ROM
Z_ITERABLE_SECTION_ROM_GC_ALLOWED
Z_ITERABLE_SECTION_RAM
Z_ITERABLE_SECTION_RAM_GC_ALLOWED
Z_STRUCT_SECTION_ITERABLE
Z_STRUCT_SECTION_ITERABLE_ALTERNATE
Z_STRUCT_SECTION_FOREACH
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
k_timeout_t was converted to ticks using a nonsense function
causing poll timeout corruption for offloaded sockets; this
commit uses ticks directly from the struct instead.
Fixes#37472
Signed-off-by: Emil Lindqvist <emil@lindq.gr>
According to MbedTLS API documentation, its session must be
reset if mbedtls_ssl_handshake returns timeout error. This
commit resets the session for said return value, and that
allows us to call send() multiple times even if handshake
times out for previous calls.
Fixes#35711
Signed-off-by: Emil Lindqvist <emil@lindq.gr>
Fix `poll()` handling for DTLS clients when the underlying socket is an
offloaded socket. As in this case no `k_poll()` is used underneath, it's
not possible to monitor the handhshake status with `tls_established`
semaphore. Instead, do the following:
1. If no handhshake is in progress yet, just drop the incoming data -
it's the client who should initiate the handshake, any data incoming
before that should not be processed.
2. If handshake is currently in progress, lift the `POLLIN` flag and add
small delay to allow the other thread to proceed with the handshake.
3. Otherwise, just proceed as usual.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The TLS/DTLS handshake in most cases is a blocking process, therefore
the underlying socket should be in a blocking mode to prevent busy
looping in the handshake thread. Fix this by clearing the O_NONBLOCK
flag on the underlying socket before the handshake, and restoring it
afterards.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When zsock_close() is called, socket is freed before the mutex for the
socket is unlocked. If the freed socket is given to another thread
immediately, the mutex for the socket will be initialized by the new
socket owner, while the mutex is still locked by the thread calling
zosck_close().
Fixes#36568
Signed-off-by: Chih Hung Yu <chyu313@gmail.com>
Rename `write_signal` to `readable` and `read_signal` to `writeable`
which are more meaningful to the actual states they represent, and make
the code analysis easier.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case read or write were called before the actual poll() call, the
poll() function was not signalled correctly about such events, which in
order could lead to a deadlock if the poll() was called with infinite
timeout.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Allow caller to specify microsecond accuracy and not convert
to milliseconds.
Fixes#36072
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Make zsock_select() a syscall so that the following commit
can call the internal poll implementation directly. This is
needed as zsock_select() will not call zsock_poll() directly
in order to allow select to use microsecond timeout accuracy.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Fixed mutli-IP DNS resolution as previously the same IP address was
used to populate all AI entries and added DNS_RESOLVER_AI_MAX_ENTRIES
config entry to define max number of IP addresses per DNS name to be
handled.
Signed-off-by: Ievgen Glinchuk <john.iceblink@gmail.com>
Zephyr has introduced secure random generator API after the TLS sockets
were implemented. Use this new API in TLS sockets implementation,
instead of implementing secure RNG with mbedTLS in the module itself.
This facilitates integration of the HW RNG accelerators with the TLS
sockets module.
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Not checking return code in fcntl can result in interpreting -1 as
flags, and cause unexpected behaviour.
Fixes#35541
Signed-off-by: Emil Lindqvist <emil@lindq.gr>
The k_fifo_ prefix is meant for kernel API functions, and
not to our socket helper. So remove the k_ prefix in order
to avoid confusion.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we are waiting all the data i.e., the MSG_WAITALL flag is set,
then if we have not yet received all the data at the end of the
receive loop. We must use the condition variable to get the signal
when the data is ready to be received. Otherwise the receive loop
will not release the socket lock and receive_cb will not be able
to indicate that data is received.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Fix a regression when application is waiting data but does
not notice that because socket layer is not woken up.
This could happen because application was waiting condition
variable but the signal to wake the condvar came before the
wait started. Normally if there is constant flow of incoming
data to the socket, the signal would be given later. But if
the peer is waiting that Zephyr replies, there might be a
timeout at peer.
The solution is to add locking in socket receive callback so
that we only signal the condition variable after we have made
sure that the condition variable is actually waiting the data.
Fixes#34964
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
In Mbed TLS:
commit eccd88871767e2fba5f3a079cfdfcb77c376cf20
Author: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue Mar 10 12:19:08 2020 +0100
Rename identifiers containing double-underscore
changes the name of a symbol we use. As part of upgrading to newer
versions of Mbed TLS, change the name of the symbol we use.
A better fix would be to not use this symbol at all, and perhaps define
our own symbol the same way this internal symbol is defined within the
library.
Signed-off-by: David Brown <david.brown@linaro.org>
zsock_select() cannot poll file descriptors with number >= 32.
When a whole word in FD_SET was skipped due to being empty,
corresponding fd number was not updated, leading to wrong
fd's being passed to poll().
Fixes#34563
Signed-off-by: Chih Hung Yu <chyu313@gmail.com>
This value is used to measure the RX/TX statistics. The previous
use of the timestamp field did not work in RX path as the timestamp
value could be overwritten by the driver if gPTP timestamping
is enabled. So to fix the RX statistics, use a separate field
for the create time.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This option was only able to collect statistics of transmitted
data. The same functionality is available if one sets the
CONFIG_NET_PKT_RXTIME_STATS and/or CONFIG_NET_PKT_TXTIME_STATS
options.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The RX statistics might not get updated properly because the used
ifdef was referring the TX options.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Zephyr socket subsystem has come a long way since initial experimental
alternative to internal Zephyr networking API. Its configuration also
mirrors the usual conservative approach, where a user needs to
explicitly enable options to get "more" features. And as an
experimental API, socket subsystem was initially developed as
namespaced API, where all functions/structures are prefixed with
"zsock_", and to get standard names, CONFIG_NET_SOCKETS_POSIX_NAMES
needs to be set (or alternatively, CONFIG_POSIX_API needs to be, which
enabled full POSIX subsys overall).
However, a few years later, sockets are the standard networking API,
and in majority of cases its used under the standard POSIX names.
Necessity to explicitly set an option to achieve this effects, and
confusion which results from it - are just unneeded chores for users.
So, switch CONFIG_NET_SOCKETS_POSIX_NAMES to be on by default (unless
CONFIG_POSIX_API is already defined). It still can be explicitly
disabled if needed (but usecases for that would be peculiar and rare).
Addresses #34165
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Implement SO_BINDTODEVICE socket option which allows to bind an open
socket to a particular network interface. Once bound, the socket will
only send and receive packets through that interface.
For the TX path, simply avoid overwriting the interface pointer by
net_context_bind() in case it's already bound to an interface with an
option. For the RX path, drop the packet in case the connection handler
detects that the net_context associated with that connection is bound to
a different interface that the packet origin interface.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>