There is no releavnce between CAN sockets and offloading that would
prevent one from working with another, therefore it's not right to
allow CAN sockets to be build only if offloading is disabled. Fix the
wrong dependency in socket CMakeLists.txt file.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Fix net_pkt leak by increasing net_context the reference count earlier
in the zsock_accepted_cb() with instalment of the
zsock_received_cb() callback.
And consequently flushing recv_q and decrement net_context
reference count if zsock_accept_ctx() fails.
Signed-off-by: Daniel Nejezchleb <dnejezchleb@hwg.cz>
In case system workqueue processing is delayed for any reason, and
resolver callback is executed after getaddrinfo() call already timed
out, the system would crash as the callback makes use of the user data
allocated on the stack within getaddrinfo() function.
Prevent that, by cancelling the DNS request explicitly from the
getaddrinfo() context, therefore preventing the resolver callback
from being executed after the getaddrinfo() call ends.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The previous approach to detect if the underlying transport was closed
(by checking the return value of `mbedtls_ssl_read()` was not right,
since the function call does not request any data - therefore 0 as a
return value is perfectly fine.
Instead, rely on the underlying transport ZSOCK_POLLHUP event - if it
reports that the connection ended, forward the event to the application.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Report ZSOCK_POLLHUP event if peer closed the connection, and thus the
socket is in EOF state.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
According to MbedTLS API documentation, its session must be reset if
mbedtls_ssl_handshake returns something other than:
- 0
- MBEDTLS_ERR_SSL_WANT_READ
- MBEDTLS_ERR_SSL_WANT_WRITE
- MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS
- MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS
In MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS and
MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS cases the function must be called
again when operation is ready. These cases now return -EAGIN or
continue to retry if it's a blocking call.
Signed-off-by: Ramiro Merello <rmerello@itba.edu.ar>
Add EtherCAT protocol support, now applications can
transmit/receive EtherCAT packets via RAW socket.
Signed-off-by: Hou Zhiqiang <Zhiqiang.Hou@nxp.com>
Simplify common `getsockname()` implementation by using VTABLE_CALL()
macro, in the same way as other socket calls do. This additionally
allows to cover the case, when `getsockname()` is not implemnented by
particular socket implementation, preventing the crash.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Replace unpacked in6_addr structures with raw buffers in net_ipv6_hdr
struct, to prevent compiler warnings about unaligned access.
Remove __packed parameter from `struct net_6lo_context` since the
structure isn't really serialized.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Replace unpacked in_addr structures with raw buffers in net_ipv4_hdr
struct, to prevent compiler warnings about unaligned access.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS socket option "TLS_CERT_NOCOPY" to prevent the copy of
certificates to mbedTLS heap if possible.
Add support to provide a chain of DER certificates by registering
them with multiple tags.
Signed-off-by: Lucas Dietrich <ld.adecy@gmail.com>
Change the wording of the warning printed when there is no entropy to
hopefully remove any doubt that there might be security in TLS without
an entropy source. TLS connections with insufficient entropy are
trivially decodable, and should not be relied on for any type of
security.
Signed-off-by: David Brown <david.brown@linaro.org>
`ztls_socket_data_check()` function ignored a fact when
`mbedtls_ssl_read()` indicated that the underlying TCP connection was
closed. Fix this by returning `-ENOTCONN` in such case, allowing
`poll()` to detect such event.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
With the introduction of `EXPERIMENTAL` and `WARN_EXPERIMENTAL` in
Zephyr all subsys/net and drivers/ethernet/Kconfig.e1000 settings
having `[EXPERIMENTAL]` in their prompt has has been updated to include
`select EXPERIMENTAL` so that developers can enable warnings when
experimental features are enabled.
The following settings has EXPERIMENTAL removed as they are considered
mature:
- NET_OFFLOAD
- NET_PROMISCUOUS_MODE
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
The irq_lock() usage here is incompatible with SMP systems, and one's
first reaction might be to convert it to a spinlock.
But are those irq_lock() instances really necessary?
Commit 6161ea2542 ("net: socket: socketpair: mitigate possible race
condition") doesn't say much:
> There was a possible race condition between sock_is_nonblock()
> and k_sem_take() in spair_read() and spair_write() that was
> mitigated.
A possible race without the irq_lock would be:
thread A thread B
| |
+ spair_write(): |
+ is_nonblock = sock_is_nonblock(spair); [false]
* [preemption here] |
| + spair_ioctl():
| + res = k_sem_take(&spair->sem, K_FOREVER);
| + [...]
| + spair->flags |= SPAIR_FLAG_NONBLOCK;
| * [preemption here]
+ res = k_sem_take(&spair->sem, K_NO_WAIT); [-1]
+ if (res < 0) { |
+ if (is_nonblock) { [skipped] }
* res = k_sem_take(&spair->sem, K_FOREVER); [blocks here]
| + [...]
But the version with irq_lock() isn't much better:
thread A thread B
| |
| + spair_ioctl():
| + res = k_sem_take(&spair->sem, K_FOREVER);
| + [...]
| * [preemption here]
+ spair_write(): |
+ irq_lock(); |
+ is_nonblock = sock_is_nonblock(spair); [false]
+ res = k_sem_take(&spair->sem, K_NO_WAIT); [-1]
+ irq_unlock(); |
* [preemption here] |
| + spair->flags |= SPAIR_FLAG_NONBLOCK;
| + [...]
| + k_sem_give(&spair->sem);
| + spair_read():
| + res = k_sem_take(&spair->sem, K_NO_WAIT);
| * [preemption here]
+ if (res < 0) { |
+ if (is_nonblock) { [skipped] }
* res = k_sem_take(&spair->sem, K_FOREVER); [blocks here]
In both cases the last k_sem_take(K_FOREVER) will block despite
SPAIR_FLAG_NONBLOCK being set at that moment. Other race scenarios
exist too, and on SMP they are even more likely.
The only guarantee provided by the irq_lock() is to make sure that
whenever the semaphore is acquired then the is_nonblock value is always
current. A better way to achieve that and be SMP compatible is to simply
move the initial sock_is_nonblock() *after* the k_sem_take() and remove
those irq_locks().
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Mbed TLS 3.0 removes the definition for MBED_ERR_SSL_PEER_VERIFY_FAILED,
since non of its code ever returns that value. Since there isn't really
a perfect response, instead return a somewhat generic response
indicating this was unexpected.
Signed-off-by: David Brown <david.brown@linaro.org>
Several fields of structures in mbedTLS 3.0 are now private. To access
them directly is necessary to define MBEDTLS_ALLOW_PRIVATE_ACCESS.
That is a temporary fix, the proper solution is not access directly
but using proper API.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Implements mechanism similar to the one available in net/lib/sockets.c
(since the merge of #27054) in sockets_can to enable parallel rx/tx.
Fixes#38698
Signed-off-by: Mateusz Karlic <mkarlic@internships.antmicro.com>
According to `sendmsg()` man pages, the `struct msghdr` can contain
empty records (iov_len equal to 0). Ignore them in TLS `sendmsg()`
implementation to avoid unnecessary calls to mbed TLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When creating a socket, all of the registered socket implementation are
processed in a sequence, allowing to find appropriate socket
implementation for specified family/type/protocol. So far however,
the order of processing was not clearly defined, leaving ambiguity if
multiple implmentations supported the same set of parameters.
Fix this, by registering socket priority along with implementation. This
makes the processing order of particular socket implementations
explicit, giving more flexibility to the user, for example when it's
neeed to prioritze one implementation over another if they support the
same set of parameters.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The `poll()` function did not report POLLHUP if the peer ended the DTLS
session, making it impossible to detect such event on the application
side.
On the other hand, TLS erroneusely reported POLLHUP along with each
POLLIN event, as the 0 returned by the `recv()` socket call was
wrongly interpreted (it was expected to get 0 in return as 0 bytes were
requested).
Fix this by introducing a helper function to process the mbedtls context
and verify if new application data is pendingi or session has ended.
Use this new function in the poll handler, instead of a socket `recv()`
call, to remove any ambiguity in the usage, for both TLS and DTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Notify the application when DTLS client session ends by returning
ENOTCONN on such event. Additionally, reset the mbed TLS session
structures, allowing to reinstante the session on the next send() call.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
ECONNABORTED was returned in case tls_mbedtls_reset() function for
resetting session failed, which can be caused by memory shortage. Return
ENOMEM instead.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Sending of > 2k buffers leads to split socket writes.
Current implementation is not checking for full buffer size.
ztls_sendmsg_ctx proceeds to next iov on sucessful write.
Solution: Add loop into ztls_sendmsg_ctx to process whole buffer
before proceeding to next iov.
Signed-off-by: Pavlo Hamov <pasha.gamov@gmail.com>
This migrates all the current iterable section usages to the external
API, dropping the "Z_" prefix:
Z_ITERABLE_SECTION_ROM
Z_ITERABLE_SECTION_ROM_GC_ALLOWED
Z_ITERABLE_SECTION_RAM
Z_ITERABLE_SECTION_RAM_GC_ALLOWED
Z_STRUCT_SECTION_ITERABLE
Z_STRUCT_SECTION_ITERABLE_ALTERNATE
Z_STRUCT_SECTION_FOREACH
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
k_timeout_t was converted to ticks using a nonsense function
causing poll timeout corruption for offloaded sockets; this
commit uses ticks directly from the struct instead.
Fixes#37472
Signed-off-by: Emil Lindqvist <emil@lindq.gr>
According to MbedTLS API documentation, its session must be
reset if mbedtls_ssl_handshake returns timeout error. This
commit resets the session for said return value, and that
allows us to call send() multiple times even if handshake
times out for previous calls.
Fixes#35711
Signed-off-by: Emil Lindqvist <emil@lindq.gr>
Fix `poll()` handling for DTLS clients when the underlying socket is an
offloaded socket. As in this case no `k_poll()` is used underneath, it's
not possible to monitor the handhshake status with `tls_established`
semaphore. Instead, do the following:
1. If no handhshake is in progress yet, just drop the incoming data -
it's the client who should initiate the handshake, any data incoming
before that should not be processed.
2. If handshake is currently in progress, lift the `POLLIN` flag and add
small delay to allow the other thread to proceed with the handshake.
3. Otherwise, just proceed as usual.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The TLS/DTLS handshake in most cases is a blocking process, therefore
the underlying socket should be in a blocking mode to prevent busy
looping in the handshake thread. Fix this by clearing the O_NONBLOCK
flag on the underlying socket before the handshake, and restoring it
afterards.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When zsock_close() is called, socket is freed before the mutex for the
socket is unlocked. If the freed socket is given to another thread
immediately, the mutex for the socket will be initialized by the new
socket owner, while the mutex is still locked by the thread calling
zosck_close().
Fixes#36568
Signed-off-by: Chih Hung Yu <chyu313@gmail.com>
Rename `write_signal` to `readable` and `read_signal` to `writeable`
which are more meaningful to the actual states they represent, and make
the code analysis easier.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case read or write were called before the actual poll() call, the
poll() function was not signalled correctly about such events, which in
order could lead to a deadlock if the poll() was called with infinite
timeout.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Allow caller to specify microsecond accuracy and not convert
to milliseconds.
Fixes#36072
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Make zsock_select() a syscall so that the following commit
can call the internal poll implementation directly. This is
needed as zsock_select() will not call zsock_poll() directly
in order to allow select to use microsecond timeout accuracy.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Fixed mutli-IP DNS resolution as previously the same IP address was
used to populate all AI entries and added DNS_RESOLVER_AI_MAX_ENTRIES
config entry to define max number of IP addresses per DNS name to be
handled.
Signed-off-by: Ievgen Glinchuk <john.iceblink@gmail.com>
Zephyr has introduced secure random generator API after the TLS sockets
were implemented. Use this new API in TLS sockets implementation,
instead of implementing secure RNG with mbedTLS in the module itself.
This facilitates integration of the HW RNG accelerators with the TLS
sockets module.
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Not checking return code in fcntl can result in interpreting -1 as
flags, and cause unexpected behaviour.
Fixes#35541
Signed-off-by: Emil Lindqvist <emil@lindq.gr>
The k_fifo_ prefix is meant for kernel API functions, and
not to our socket helper. So remove the k_ prefix in order
to avoid confusion.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we are waiting all the data i.e., the MSG_WAITALL flag is set,
then if we have not yet received all the data at the end of the
receive loop. We must use the condition variable to get the signal
when the data is ready to be received. Otherwise the receive loop
will not release the socket lock and receive_cb will not be able
to indicate that data is received.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Fix a regression when application is waiting data but does
not notice that because socket layer is not woken up.
This could happen because application was waiting condition
variable but the signal to wake the condvar came before the
wait started. Normally if there is constant flow of incoming
data to the socket, the signal would be given later. But if
the peer is waiting that Zephyr replies, there might be a
timeout at peer.
The solution is to add locking in socket receive callback so
that we only signal the condition variable after we have made
sure that the condition variable is actually waiting the data.
Fixes#34964
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
In Mbed TLS:
commit eccd88871767e2fba5f3a079cfdfcb77c376cf20
Author: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue Mar 10 12:19:08 2020 +0100
Rename identifiers containing double-underscore
changes the name of a symbol we use. As part of upgrading to newer
versions of Mbed TLS, change the name of the symbol we use.
A better fix would be to not use this symbol at all, and perhaps define
our own symbol the same way this internal symbol is defined within the
library.
Signed-off-by: David Brown <david.brown@linaro.org>
zsock_select() cannot poll file descriptors with number >= 32.
When a whole word in FD_SET was skipped due to being empty,
corresponding fd number was not updated, leading to wrong
fd's being passed to poll().
Fixes#34563
Signed-off-by: Chih Hung Yu <chyu313@gmail.com>
This value is used to measure the RX/TX statistics. The previous
use of the timestamp field did not work in RX path as the timestamp
value could be overwritten by the driver if gPTP timestamping
is enabled. So to fix the RX statistics, use a separate field
for the create time.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This option was only able to collect statistics of transmitted
data. The same functionality is available if one sets the
CONFIG_NET_PKT_RXTIME_STATS and/or CONFIG_NET_PKT_TXTIME_STATS
options.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The RX statistics might not get updated properly because the used
ifdef was referring the TX options.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Zephyr socket subsystem has come a long way since initial experimental
alternative to internal Zephyr networking API. Its configuration also
mirrors the usual conservative approach, where a user needs to
explicitly enable options to get "more" features. And as an
experimental API, socket subsystem was initially developed as
namespaced API, where all functions/structures are prefixed with
"zsock_", and to get standard names, CONFIG_NET_SOCKETS_POSIX_NAMES
needs to be set (or alternatively, CONFIG_POSIX_API needs to be, which
enabled full POSIX subsys overall).
However, a few years later, sockets are the standard networking API,
and in majority of cases its used under the standard POSIX names.
Necessity to explicitly set an option to achieve this effects, and
confusion which results from it - are just unneeded chores for users.
So, switch CONFIG_NET_SOCKETS_POSIX_NAMES to be on by default (unless
CONFIG_POSIX_API is already defined). It still can be explicitly
disabled if needed (but usecases for that would be peculiar and rare).
Addresses #34165
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Implement SO_BINDTODEVICE socket option which allows to bind an open
socket to a particular network interface. Once bound, the socket will
only send and receive packets through that interface.
For the TX path, simply avoid overwriting the interface pointer by
net_context_bind() in case it's already bound to an interface with an
option. For the RX path, drop the packet in case the connection handler
detects that the net_context associated with that connection is bound to
a different interface that the packet origin interface.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
An option has been added which can be passed to setsockopt
which allows the user to set & get the dtls handshake timeout,
either before first handshake or online.
Signed-off-by: Emil Lindqvist <emil@lindq.gr>
With these changes, dial up Zephyr application/driver can use
socket(AF_PACKET, SOCK_RAW, IPPROTO_RAW) for creating
a socket for sending/receiving data to/from ppp net link, i.e.
packet is going to/from PPP L2.
Signed-off-by: Jani Hirsimäki <jani.hirsimaki@nordicsemi.no>
Current implementation of poll prepare/update could end up busy looping
if `poll()` function was called before/during DTLS client handshake
(i. e. `poll()` called before an initial `send()`).
Fix this, by monitoring the handshake semaphore, already available in
the tls_context structure for DTLS client instead of underlying socket.
After the handshake is complete, switch to monitoring the underlying
socket instead.
For DTLS server this is not needed, since the handshake is initiated in
the `recv()` function, therefore any incoming data should trigger the
handshake.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When recvfrom() was called with src_addr != NULL, then source address
was fetched from beginning of net_pkt. This works with native IP stack
obviously. However with offloaded IP stack there is no IP header, so
trying to parse missing IP header results in undefined behavior.
Check if network interface has offloaded IP stack. If positive, then
figure out if there is assigned remote address to network context on
which packet was received. Return this remote address, which SHOULD be
the source address of received packet. Otherwise, return an error.
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
There was no close method implemented for AF_PACKET type
sockets. This meant that calling close() on packet socket
caused NULL pointer access.
This will allow #32949 issue to work properly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Implement MSG_WAITALL flag for stream sockets. Setting this flag on
`recv()` call will make it wait until the requested amount of data is
received.
In case both, MSG_WAITALL all is set and SO_RCVTIMEO option configured
on a socket, follow the Linux behavior, i. e. when the requested amount
of data is not received until the timeout expires, return the data
received so far w/o an error.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Currently there is no way to distinguish between a caller
explicitly asking for a semaphore with a limit that
happens to be `UINT_MAX` and a semaphore that just
has a limit "as large as possible".
Add `K_SEM_MAX_LIMIT`, currently defined to `UINT_MAX`, and akin
to `K_FOREVER` versus just passing some very large wait time.
In addition, the `k_sem_*` APIs were type-confused, where
the internal data structure was `uint32_t`, but the APIs took
and returned `unsigned int`. This changes the underlying data
structure to also use `unsigned int`, as changing the APIs
would be a (potentially) breaking change.
These changes are backwards-compatible, but it is strongly suggested
to take a quick scan for `k_sem_init` and `K_SEM_DEFINE` calls with
`UINT_MAX` (or `UINT32_MAX`) and replace them with `K_SEM_MAX_LIMIT`
where appropriate.
Signed-off-by: James Harris <james.harris@intel.com>
This patch adds implementation of socket option used to get
protocol used for given socket (e.g. IPPROTO_TCP). This option
is not defined in POSIX, but it is Linux extension.
Signed-off-by: Hubert Miś <hubert.mis@nordicsemi.no>
This patch adds implementation of socket option used to get
type of given socket (e.g. SOCK_STREAM).
Signed-off-by: Hubert Miś <hubert.mis@nordicsemi.no>
If userspace is enabled, then the TLS context needs to be
made a NET_SOCKET kernel object. Without this the userspace
cannot access TLS sockets.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
With this patch the resolver module can resolve literal IPv6
and IPv4 addresses even when DNS client is not presnet in
the system.
Signed-off-by: Hubert Miś <hubert.mis@nordicsemi.no>
If getaddrinfo() was called with AI_PASSIVE flag in hints,
returned address defaulted to SOCK_STREAM and IPPROTO_TCP.
Fixed so that SOCK_DGRAM leads to correct address type
that can be fed to bind() directly.
Same hard coding was visible when numerical IPv4 address string
was converted to binary. That is also fixed to respect hints now.
Also, added functionality to get IPv6 address, when hints contained
AF_INET6.
Fixes#30686
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Because unoconnected stream socket doesn't have any chance to receive
any data, so a blocking recv() would hang forever on it (and does
without this change).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Call mbedtls_ssl_conf_max_frag_len() on created TLS context
configuration, so that Maximum Fragment Length (MFL) will be sent to
peer using RFC 6066 max_fragment_length extension. MFL value is
automatically chosen based on MBEDTLS_SSL_OUT_CONTENT_LEN and
MBEDTLS_SSL_IN_CONTENT_LEN mbed TLS macros.
This extension is mostly useful for TLS client side to tell TLS server
what is the maximum supported receive record length.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
If there are enough tls_context objects in the system (configured by
CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS), but there are not enough file
descriptors (configured by CONFIG_POSIX_MAX_FDS) to create underneath
TCP/UDP socket, then TLS socket creation fails with leaked tls_context.
Call tls_release() in ztls_socket() error path whenever underneath
TCP/UDP socket creation fails.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Adds the socket option TLS_ALPN_LIST for SOL_TLS sockets
Passes the configured alpn list to the mbedtls config
on mbedtls init
Signed-off-by: Emil Hammarstrom <emil.hammarstrom@assaabloy.com>
If there is no space in the sending window, then return -EAGAIN
so that the caller may try later.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we run out of network buffers and cannot send data, and if
we have a blocking socket, then wait until new buffers are
available before returning. As this might lead to deadlock,
wait only max 10 seconds and return ENOMEM if we cannot get
buffers in a reasonable amount of time.
Fixes#28216
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The timeout variable in `dtls_rx()` was initialized improperly.
Coverity ID: 214219
Fixes#28161
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This new option allows to include `sockets_tls.c` into the build when
socket offloading is enabled.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Given that the offloaded poll handling differs from the poll handling of
native sockets (entire poll function call is offloaded), some
adjustements were needed to make TLS socket work with offloaded poll
calls.
To achieve this, in case socket offloading is used, instead of jumping
directly to the offloaded poll call, a TLS wrapper for the offloaded
poll will be called. This wrapper will do additional checks at the
mbedtls level, to verify that the event is only notified to the caller
when the application data is available (i. e. not to report events
during handshake or when partial data is received, not ready to
decrypt).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Separate TLS sockets implementation from net_context layer. Instead of
calling net_context functions directly, create an underlying TCP/UDP
socket, and call socket functions on it instead. This results in a
simpler design, where we don't need to duplicate specific parts of code
from the native socket implementation. Additionally, this allows to use
a different TCP/UDP stack underneath (i. e. when sockets offloading is
used).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commit adds helper function to verify protocol, which was done in
two different places in the code. The function returns the underlying
protocol information on success.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Entropy device, as being unique here, does not need to be passed through
mbedtls and can instead set static locally.
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Now that device_api attribute is unmodified at runtime, as well as all
the other attributes, it is possible to switch all device driver
instance to be constant.
A coccinelle rule is used for this:
@r_const_dev_1
disable optional_qualifier
@
@@
-struct device *
+const struct device *
@r_const_dev_2
disable optional_qualifier
@
@@
-struct device * const
+const struct device *
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Allow user to create SOCK_DGRAM type AF_PACKET socket. This
allows user to send raw IP packets without specifying
L2 (like Ethernet) headers.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
-Wimplicit-fallthrough=2 requires a fallthrough comment or a compiler
to tells gcc that this happens intentionally.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
When verifying the parameters check NULL value separately.
This will avoid nasty warning message to be printed.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Add function pointer to vtable and use that directly instead of
routing via ioctl() call. This is done as we are trying to get
rid of ioctl() calls in the system.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Do not route close() calls via ioctl() as that is error prone
and quite pointless. Instead create a callback for close() in
fdtable and use it directly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Unit tests were failing to build because random header was included by
kernel_includes.h. The problem is that rand32.h includes a generated
file that is either not generated or not included when building unit
tests. Also, it is better to limit the scope of this file to where it is
used.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This is no longer required since drivers implementing the sockets
offload interface were migrated to use pure zsock_ instead of
raw POSIX types and functions.
Signed-off-by: Adam Porter <porter.adam@gmail.com>
Under Linux when you shutdown a socket which is blocked on
an accept call the error code returned by accept is EINVAL.
Modify the socket code to be inline with this behaviour.
Signed-off-by: Léonard Bise <leonard.bise@gmail.com>
When closing a listening socket the functions waiting on the
FIFO will be unblocked this will result in receiving a NULL child
context. If that is the case return an error instead of carrying on.
Return the same error code (EINVAL) that is returned on Linux when
calling shutdown on a blocked accept call.
Signed-off-by: Léonard Bise <leonard.bise@gmail.com>
The SET_ERRNO() macro does nothing if a positive value is provided
to it, and the functions were not returning -1 or setting errno
as expected.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
APIs were returning -1 without setting errno if the file
descriptor looked up a null object or there was no function
installed in the vtable. Set to EBADF for this case.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
When `z_get_fd_obj_and_vtable()` function returns NULL (no valid entry
in the FD table for the socket), there is no need for further usermode
checks on the `ctx` pointer, as there is nothing to invalidate in that
case.
Fixes#25990Fixes#25991
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The original sockets system calls used file descriptors which
were actually net_context pointers. For all socket system calls,
any calls from user mode would check if the caller had permission
to use the net context.
This was later changed to not stuff net_context pointers into file
descriptors, but all the permission checking was unintentionally
lost, allowing all threads on the system to
read/write all socket file descriptors in the system at will, with
no way to isolate applications running on the same microcontroller
from each other's network activity.
This patch restores the permission checks on network context objects
for socket system calls that originated from user mode.
The call to z_object_recycle() was never removed from
zsock_socket_internal(); this is again leveraged to grant the
caller who opened the socket permission on the net_context
associated with the returned file descriptor.
To ensure that all socket calls do this checking, all uses of
z_get_fd_obj_and_vtable() have been routed through get_sock_vtable().
Objects have initialization state set and thread permissions
reset to just the caller in common zsock_socket() code.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The socketpair file descriptor context objects are heap allocated
and not drawn from a static pool. Register these as kernel objects
when we create them if user mode is enabled.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Zephyr running on MPU devices have a different memory model than
process-oriented OSes like Linux and require a method to set
kernel object permissions on a file descriptor's underlying
context object. Add this, and a test to show that it is working.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Used for permission validation when accessing the associated file
descriptors from user mode.
There often get defined in implementation code, expand the search
to look in drivers/ and subsys/net/.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
If we are calling sendmsg() without any aux data, then msg_controllen
is 0 and msg_control is NULL. Check these allowed values properly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we are calling sendmsg() for a connected socket, then msg_namelen
is 0 and msg_name is NULL. Check these allowed values properly.
Also modify unit tests so that we test this scenario.
Fixes#25925
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
In this, case is_nonblock is false and will_block is true.
Therefore, we *may* block, and furthermore we *expect* to
block. Checking is_nonblock is, in fact, redundant, and
passing K_FOREVER to k_sem_take() is justified.
Fixes#25727
Coverity-CID: 210611
Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
There was a possible race condition between sock_is_nonblock()
and k_sem_take() in spair_read() and spair_write() that was
mitigated.
Also clarified some of the conditional branching in those
functions.
Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
Replace CONFIG_ENTROPY_NAME with DT_CHOSEN_ZEPHYR_ENTROPY_LABEL. We now
set zephyr,entropy in the chosen node of the device tree to the entropy
device.
This allows us to remove CONFIG_ENTROPY_NAME from dts_fixup.h. Also
remove any other stale ENTROPY related defines in dts_fixup.h files.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
If we are receiving UDP packet and if there is some error happening
inside zsock_recv_dgram(), then make sure that the net_pkt received
from recv_q is freed.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
TLS sockets did not increase refcount of a net_context running TCP,
which could lead to a crash upon TCP disconnection.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
If CONFIG_NET_PKT_RXTIME_STATS is set, then update the received
packet RX time for packet sockets (SOCK_RAW). This was already
working for normal sockets but the statistics update was missing
from SOCK_RAW.
Fixes#22489
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The zsock_accept_ctx() calls z_reserve_fd() on entry but fails
to call z_free_fd() on failure. This will leak the allocated
socket descriptor.
Fixes#22366
Signed-off-by: Inbar Anson Bratspiess <inbar.anson.bratspiess@330plus.net>
When is NET_SOCKETS_SOCKOPT_TLS set, it should set TLS_CREDENTIALS
even when NET_NATIVE=n, so that platforms that use socket offloading
can continue to set TLS credentials.
We are now setting this via 'imply' instead of 'select', so that
prj.conf can opt out if necessary.
Fixes#22390
Signed-off-by: Vincent Wan <vincent.wan@linaro.org>
Instead of using a custom offloading interface, users can use
`NET_SOCKET_REGISTER` macro to register custom socket API provider. This
solution removes a limitation, that only one offloaded interface can be
registered and that it cannot be used together with native IP stack.
The only exception remainig are DNS releated operations -
`getaddrinfo`/`freeaddrinfo`, which, when offloaded, have to be
registered specifically.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Sort out mbedTLS dependencies in sockets Kconfig. mbedTLS will now
be enabled when TLS sockets and native network stack are enabled.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Make ioctl handlers of `ZFD_IOCTL_POLL_PREPARE` and
`ZFD_IOCTL_POLL_UPDATE` return an error code instead of setting errno
variable.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
If we can write to the socket in POLLOUT, then there is no need to
wait.
Note that this is not a full POLLOUT implementation but prevents
the code from waiting even if we could send data out.
Fixes#18867
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
IPv4 header options length will be stored in ipv4_opts_len
in net_pkt structure. Now IPv4 header length will be in
net_pkt ip_hdr_len + ipv4_opts_len. So modified relevant
places of ip header length calculation for IPv4.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
The TCP code expects that we know when the socket has called accept()
in order to continue connection attempt.
Fixes#21335
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Add an implementation for `sendmsg`, so secure sockets can be used
together with the WebSocket module to implement secure WebSockets
("wss").
Fixes#20431
Signed-off-by: Markus Fuchs <markus.fuchs@de.sauter-bc.com>
Use this short header style in all Kconfig files:
# <description>
# <copyright>
# <license>
...
Also change all <description>s from
# Kconfig[.extension] - Foo-related options
to just
# Foo-related options
It's clear enough that it's about Kconfig.
The <description> cleanup was done with this command, along with some
manual cleanup (big letter at the start, etc.)
git ls-files '*Kconfig*' | \
xargs sed -i -E '1 s/#\s*Kconfig[\w.-]*\s*-\s*/# /'
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Clean up space errors and use a consistent style throughout the Kconfig
files. This makes reading the Kconfig files more distraction-free, helps
with grepping, and encourages the same style getting copied around
everywhere (meaning another pass hopefully won't be needed).
Go for the most common style:
- Indent properties with a single tab, including for choices.
Properties on choices work exactly the same syntactically as
properties on symbols, so not sure how the no-indentation thing
happened.
- Indent help texts with a tab followed by two spaces
- Put a space between 'config' and the symbol name, not a tab. This
also helps when grepping for definitions.
- Do '# A comment' instead of '#A comment'
I tweaked Kconfiglib a bit to find most of the stuff.
Some help texts were reflowed to 79 columns with 'gq' in Vim as well,
though not all, because I was afraid I'd accidentally mess up
formatting.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Handle this corner case with TCP connection closing:
1) Client A connects, it is accepted and can send data to us
2) Client B connects, the application needs to call accept()
before we will receive any data from client A to the application.
The app has not yet called accept() at this point (for
whatever reason).
3) Client B then disconnects and we receive FIN. The connection
cleanup is a bit tricky as the client is in half-connected state
meaning that the connection is in established state but the
accept_q in socket queue contains still data which needs to be
cleared.
4) Client A then disconnects, all data is sent etc
The above was not working correctly as the system did not handle the
step 3) properly. The client B was accepted in the application even
if the connection was closing.
After this commit, the commit called "net: tcp: Accept connections
only in LISTENING state" and related other commits are no longer
needed and are reverted.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This reverts commit d70a854904.
The next commit fixes the original issue so this commit is no
longer needed.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Applications should use setsockopt() to setup the SOCKS5 proxy,
so the old API file, which is using net_context directly, is
moved SOCKS5 directory.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This is related to commit 1a6f4a6368 ("net: tcp: Accept
connections only in LISTENING state") which made the system
to only accept new connections if the application had called
accept(). Unfortunately the TLS accept was not fixed by that
commit so we were in wrong state when accepting TLS sockets.
This commit fixes that issue.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Calculate how long on average net_pkt has spent on its way from
network device driver to the application. The data is only
calculated for UDP and TCP network packets.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Do not try to re-use net_context.user_data field as in many places
(like in accept) it is expected to contain pointer to net_context.
Storing the socket flags will corrupt the value. To simplify and
make things less error prone, use socket specific field in net_context
to store the socket flags.
Fixes#19191
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The socket flags are stored in void* so we need to use uintptr_t
instead of u32_t when manipulating the flag variable.
Fixes#19181
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If socket is marked non-blocking, then accept() will return immediately
if there is no one connecting.
Fixes#19103
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If proto field in socket() call is set to 0, then we should have
a sane default for it that depends on the type of the socket.
Fixes#18873
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The semi-automated API changes weren't checkpatch aware. Fix up
whitespace warnings that snuck into the previous patches. Really this
should be squashed, but that's somewhat difficult given the structure
of the series.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
These calls are buildable on common sanitycheck platforms, but are not
invoked at runtime in any tests accessible to CI. The changes are
mostly mechanical, so the risk is low, but this commit is separated
from the main API change to allow for more careful review.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
System call arguments, at the arch layer, are single words. So
passing wider values requires splitting them into two registers at
call time. This gets even more complicated for values (e.g
k_timeout_t) that may have different sizes depending on configuration.
This patch adds a feature to gen_syscalls.py to detect functions with
wide arguments and automatically generates code to split/unsplit them.
Unfortunately the current scheme of Z_SYSCALL_DECLARE_* macros won't
work with functions like this, because for N arguments (our current
maximum N is 10) there are 2^N possible configurations of argument
widths. So this generates the complete functions for each handler and
wrapper, effectively doing in python what was originally done in the
preprocessor.
Another complexity is that traditional the z_hdlr_*() function for a
system call has taken the raw list of word arguments, which does not
work when some of those arguments must be 64 bit types. So instead of
using a single Z_SYSCALL_HANDLER macro, this splits the job of
z_hdlr_*() into two steps: An automatically-generated unmarshalling
function, z_mrsh_*(), which then calls a user-supplied verification
function z_vrfy_*(). The verification function is typesafe, and is a
simple C function with exactly the same argument and return signature
as the syscall impl function. It is also not responsible for
validating the pointers to the extra parameter array or a wide return
value, that code gets automatically generated.
This commit includes new vrfy/msrh handling for all syscalls invoked
during CI runs. Future commits will port the less testable code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
If we are returned IPv4 address but the hints says IPv6, then
return error as currently we do not support AI_V4MAPPED addresses.
Same check for IPv6 if we want only IPv4 address.
Fixes#18870
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Issue noticed with following scenario.
1) TCP server is listening for connections but will handle
only one connection at a time (e.g. echo-server sample)
2) Client A connects, and the connection is accepted.
3) Client B connects, instead of denying a connection,
it is "auto" accepted (this is the actual bug) even
if the application has not called accept().
4) After the connection A is closed, the connection B
gets accepted by application but now the closed
connection A will cause confusion in the net-stack
5) This confusion can cause memory leak or double free
in the TCP core.
It is not easy to trigger this issue because it depends
on timing of the connections A & B.
Fixes: #18308
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Let's use IS_ENABLED() instead of the #ifdef to get clearer code. ret
variable is used only at one place, no need for the ARG_UNUSED()
Coverity-CID: 203397
Fixes#18419
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Let's use IS_ENABLED() instead of the #ifdef to get clearer code. ret
variable is used only at one place, no need for the ARG_UNUSED()
Coverity-CID: 203468
Fixes#18420
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Rename the socket_can implementation from CANBUS to CANBUS_RAW.
This is a preperation for 6LoCAN which is a CANBUS L2 for IPv6.
Signed-off-by: Alexander Wachter <alexander.wachter@student.tugraz.at>
Before calling socket callback function, make sure the callback
function exists so that we do not get NULL pointer reference.
Fixes#18021
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Current SOCKS5 implementation is above socket level and every
higher layer protocol or application level needs to have
SOCKS5 related changes. This solution is based on socket
setsockopt(). Application caller has to set proxy details
through setsockopt() and socket:connect() will take care
creating connection.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
The SO_SOCKS5 socket option can be used by the application to
set the SOCKS5 proxy details. These details will be used when
connecting to peer.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
The SO_TXTIME socket option can be used by the application to
tell the network device driver the exact moment when the
network packet should be sent.
This feature is also implemented in Linux.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Add BSD socket sendmsg() API that can be used to send data to peer
and also pass ancillary data to lower level of the network stack.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
User could have set something to optval in getsockopt() and we
need to copy the data to kernel optval so that the socket family
code can use the value for something.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The handcrafted allocation falls victim of misaligned structures due to
toolchain padding which crashes the socket test code on 64-bit targets.
Let's move it to the iterable section utility where those issues are
already taken care of.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
Make sure the IPv4 and IPv6 socket addresses are initialized before
copying them. This avoids uninitialized memory access.
Coverity-CID: 199436
Fixes#17202
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This can be used to activate the network packet statistics
collection. Note that we do not have resources to calculate
each network packet transit times but we collect average times
instead.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Currently only setting and getting of Ethernet Qav options are
supported via this interface.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Allow application to listen network management events using
BSD socket API. Application needs to create the socket using
AF_NET_MGMT address family. At this point we only support
receiving network management events that the network subsystem
is sending.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Current socket connect call implementation always takes
K_FOREVER timeout value, which blocks TCP connections
in case failure. TCP connections waits until it receives
SYN ACK. If there is no SYC ACK means, connect call is
blocked forever.
Added a Kconfig option to define timeout value. Default
value is 3000 milliseconds. User can modify it.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
move misc/util.h to sys/util.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/math_extras.h to sys/math_extras.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/fdtable.h to sys/fdtable.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move entropy.h to drivers/entropy.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
We must query both IPv4 and IPv6 addresses if the hints parameter
is NULL i.e., user does not supply hints or if family is set to
AF_UNSPEC.
Fixes#16453
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If the socket is closed, then do CAN detach if that is needed.
This way the CAN interrupts are not received if there are no
CAN sockets listening the data.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
We need to dispatch the received CAN frame if there are multiple
sockets interested in the same CAN-IDs.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Allow user to set the socket priority using setsockopt() call.
The priority value is used to order the networking queues so
that packets with a higher priority may be processed first.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
These options are mutually exclusive, or more specifically,
CONFIG_POSIX_API has wider scope and supersedes
CONFIG_NET_SOCKETS_POSIX_NAMES. Implementation-wise, the two
options should not be defined at the same time, as that may
lead to declaration conflicts.
Fixes: #16141
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Offloaded `fcntl` implementation should be available for all offloaded
implementations, not specific for TI. `socket_offload.c` is already
conditionally compiled based on `CONFIG_NET_SOCKETS_OFFLOAD` option, so
there should not be conflicts for non-offloaded interfaces.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
If a valid numeric IP address is provided as argument, it should
be resolved without contacting DNS server.
Also, implement handling of AI_NUMERICHOST.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
From POSIX.1-2017:
The getsockname() function shall retrieve the locally-bound name of the
specified socket, store this address in the sockaddr structure pointed
to by the address argument, and store the length of this address in the
object pointed to by the address_len argument.
The address_len argument points to a socklen_t object which on input
specifies the length of the supplied sockaddr structure, and on output
specifies the length of the stored address. If the actual length of the
address is greater than the length of the supplied sockaddr structure,
the stored address shall be truncated.
If the socket has not been bound to a local name, the value stored in
the object pointed to by address is unspecified.
Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
If host is NULL and ai_flags are AI_PASSIVE in a call to
getaddrinfo(), need to return "any" address.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Use the new math_extras functions instead of calling builtins directly.
Change a few local variables to size_t after checking that all uses of
the variable actually expects a size_t.
Signed-off-by: Jakob Olesen <jolesen@fb.com>
Libraries that use mbedTLS have been invoking
zephyr_link_interface(mbedTLS). It is not clear what the intent of
this code has been, but it is redundant with the mbedTLS build
scripts, so it can be safely removed.
In addition to being redundant, it causes problems as it introduces an
ordering dependency, with this code mbedTLS must be declared before
users of mbedTLS are declared. Since this code is redundant, this
ordering dependency is also unnecessary.
This code is believed to have been added early on by accident and
copied through cargo-cult programming since.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
It is possible that the device driver API pointer is null.
For example if the device driver returns an error, the device
code will make the API pointer NULL so that the API would not
be used. This can cause errors in networking code where we
typically do not check the NULL value.
Fixes#15003
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If for some reason the DNS resolver callback is not called properly
then make sure that semaphore will not block forever.
Fixes#15197
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Update the files which contain no license information with the
'Apache-2.0' SPDX license identifier. Many source files in the tree are
missing licensing information, which makes it harder for compliance
tools to determine the correct license.
By default all files without license information are under the default
license of Zephyr, which is Apache version 2.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
We need all the socket APIs to work from user mode.
tests/net/socket/misc now runs in userspace.
Fixes: #15227
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Rename reserved function names in the subsys/ subdirectory except
for static _mod_pub_set and _mod_unbind functions in bluetooth mesh
cfg_srv.c which clash with the similarly named global functions.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
We are reverting the changes in commit
55b3f05932 given build errors are seen
when fcntl.h is included, as it declares fcntl() as a non-static
function. The same function cannot be declared as both static and
non-static.
Instead, we avoid redefining fcntl() in lib/os/fdtable.c specifically
for case of the SimpleLink family, til we have support for the new
socket_op_vtable.
Signed-off-by: Vincent Wan <vincent.wan@linaro.org>
And also to the relevant callbacks.
That parameter is not used anywhere so it is useless.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Now that legacy - and unrelated - function named net_pkt_get_data has
been removed, we can rename net_pkt_get_data_new relevantly.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Now that legacy functions are removew, let's rename the new functions by
removing the _new suffix.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
TCP context is effectively owned by both application and the stack:
stack may detect that peer closed/aborted connection, but it must
not dispose of the context behind the application back. Likewise,
when application "closes" context, it's not disposed of immediately,
there's yet closing handshake for stack to perform.
This effectively means that TCP contexts have refcount of 2 when
they're created. Without this change, following situation is
possible: peer opens connection, an app get a context (or socket)
via accept, peer sends data, closes connection. An app still holds
a reference to connection, but stack may dispose of context, and
even reuse it for a new connection. Then application holds a reference
to either free, or completely different context.
This situation was very clearly and 100% reproducible when making
Zephyr port of open62541 library, which works in async manner using
select().
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
To save binary size, currently just returns textual name of error
code, e.g. EAI_FAIL -> "EAI_FAIL". Based on real usecases, can be
replaced with user-friendly message later. (Current usecase is to
allow/help to elaborate sockets API by proof-of-concept porting
existing socket apps).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The socket-can code expects to have "struct can_frame" from
application when it calls send(). We then have to convert to
"struct zcan_frame" as that is what the driver expects.
Same thing when receiving data. We just convert to
"struct can_frame" and pass that to application.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Update reserved function names starting with one underscore, replacing
them as follows:
'_k_' with 'z_'
'_K_' with 'Z_'
'_handler_' with 'z_handl_'
'_Cstart' with 'z_cstart'
'_Swap' with 'z_swap'
This renaming is done on both global and those static function names
in kernel/include and include/. Other static function names in kernel/
are renamed by removing the leading underscore. Other function names
not starting with any prefix listed above are renamed starting with
a 'z_' or 'Z_' prefix.
Function names starting with two or three leading underscores are not
automatcally renamed since these names will collide with the variants
with two or three leading underscores.
Various generator scripts have also been updated as well as perf,
linker and usb files. These are
drivers/serial/uart_handlers.c
include/linker/kobject-text.ld
kernel/include/syscall_handler.h
scripts/gen_kobject_list.py
scripts/gen_syscall_header.py
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
This reverts commit 8cb5d083cb53627964ed72fb9fa3fb7a5219739f.
This was breaking tests on master due to missing dependency that is
still being reviewed.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This is done to conform with how the rest of the socket APIs are
implemented during socket offload. Otherwise link error would
result due to the symbol being redefined in lib/os/fdtable.c.
Signed-off-by: Vincent Wan <vincent.wan@linaro.org>
These options are oftentimes used when implementing servers, and
thus required to port existing socket apps. These options are also
safe to just ignore, e.g. SO_REUSEADDR has effect only for repeated
recreation of server socket (not an expected usecase for a Zephyr
app), while TCP_NODELAY is effectively the default for Zephyr, as we
don't implement TCP buffering (aka Nagle algorithm).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Poll descriptor was not incremented in poll update function in case it
was reported as not ready. In result, poll could end up processing the
same poll descriptor for every fd requested to monitor.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Rework detection of EOF on a socket, so that it can be detected in a
poll prepare that socket is in in a EOF state and poll can return
immediately.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When DTLS client was added to `poll` before/during the handshake, it
could throw errors and in some circumstances (when polling thread was
cooperative and had higher or equal priority to the handshake thread)
could lead to a deadlock in the application.
Prevent that, by blocking on handshake semaphore instead of fifo. Poll
will start using fifo for data poll only after handshake is complete.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Instead of simple bool value, use a semaphore to notify that TLS
handshake is complete. This way, we can monitor this value with k_poll.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This function is the opposite of getaddrinfo(), i.e. converts
struct sockaddr into a textual address. Normally (or more
specifically, based on the flags) it would perform reverse DNS
lookup, but current implementation implements only subset of
functionality, by converting to numeric textual address.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
A debug message told "Set EOF flag on pkt %p", but actually printed
net_context instead of net_pkt.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
There are issues using lowercase min and max macros when compiling a C++
application with a third-party toolchain such as GNU ARM Embedded when
using some STL headers i.e. <chrono>.
This is because there are actual C++ functions called min and max
defined in some of the STL headers and these macros interfere with them.
By changing the macros to UPPERCASE, which is consistent with almost all
other pre-processor macros this naming conflict is avoided.
All files that use these macros have been updated.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
shutdown() itself is described as just marking RX or TX path of a
socket as not available. For the first approximation, we implement
it just as a dummy function, to allow build existing POSIX
applications which use it.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
There is no need for appdata pointer: net_pkt's cursor is already at the
right position, i.e. the beginning of the payload right after all IP/TCP
headers.
Also, when reading the actual data, let's use net_pkt_read_new()
relevantly instead of going through the buffer by ourselves.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
There is no need for appdata pointer: net_pkt's cursor is already at the
right position, i.e. the beginning of the payload right after all IP/UDP
headers.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
This function is only used in sockets, thus making it a private function
of socket library and renaming it relevantly.
Note that sockets should be reviewed at some point to avoid using such
function: zsock_received_cb() already get the ip header and the protocol
header, so it could grab the src addr/port from there. It would be way
more optimized to do so, since net_pkt_get_src_addr is costly as it
parses all over again the ip/protocol headers.
utils unit test is updated and the test of the former
net_pkt_get_src_addr/net_pkt_get_dst_addr are removed.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
If a socket is in EOF, it's readable (so client can read() it, get 0
in return, figure it's in EOF, and close it). Without this change, we
had peer-closed sockets leaked (ignore) by poll() and select().
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Implemented via Zephyr's net_hostname_get(). As support for that call
is configurable and by default off, while many POSIX applications
assume that hostname is always available, we need a default value
in case CONFIG_NET_HOSTNAME_ENABLE is "n". Initial version of this
patch added that on the level of gethostname() call, but of was
suggested to move that down to net_hostname_get() instead.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
It is possible to set the filter in user application and that
information is passed to the CANBUS device driver.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This is basically a dummy layer that just passes data through.
It is needed so that we can create CANBUS type network interface
to the system.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This allows user to create a CAN socket and to read/write data
from it. From the user point of view, the BSD socket CAN support
works same way as in Linux.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This commit adds packet socket support to socket api.
This version supports basic packet socket features.
Protocol family is AF_PACKET, type of socket is
SOCK_RAW and proto type is ETH_P_ALL. The user will
receive every packet (with L2 header) on the wire.
For TX, the subsystem expects that the user has set
all the protocol headers (L2 and L3) properly.
Networking subsystem doesn't verify or alter the headers while
sending or receiving the packets. This version supports packet
socket over Etherent only. Also combination of other family
and protocols doesn't work (i.e. Application can not open
packet-socket and non packet-socket together).
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
If status is 0, both ip_hdr and proto_hdr will own a pointer to the
relevant IP and Protocol headers. In order to know which of ipv4/ipv6
and udp/tcp one will need to use respectively net_pkt_family(pkt) and
net_context_get_ip_proto(context).
Having access to those headers directly, many callbacks will not need
to parse the packet again no get the src/dst addresses or the src/dst
ports. This will be change after this commit.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
It's now up to net_context to build the net_pkt and send it.
This will become the default.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
The net-app API is removed. Users should use the BSD socket API
for application development.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The implementation code itself should not rely on plain POSIX names
and use zsock_ and ZSOCK_ prefixed versions of symbols.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
struct timeval is per POSIX defined in sys/time.h, but that also
allowed to pull sys/select.h (and indeed, it does with native_posix),
which then starts to conflict with out select implementation (if
NET_SOCKETS_POSIX_NAMES is defined, and many samples/tests have it).
So, for now follow the existing route of duplicating all definitions
needed by our code in namespaced manner. Things like struct timeval
usage will need to be revisited later, when we'll want socket
subsystem to work with POSIX subsystem, but that's a separate deep
matter.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
It's implemented on top of poll() anyway, and the current
implementation of fd_set uses array of fd's underlyingly, which
leads to O(n) complexity for FD_SET() and friends.
The purpose of select() implementation is to allow to perform
proof-of-concept port of 3rd-party code to Zephyr quickly. For
efficiency, poll() should be used instead.
Fixes: #11333
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
net_buf_linearize() used to clear the contents of output buffer,
just to fill it with data as the next step. The only effect that
would have is if less data was written to the output buffer. But
it's not reliable for a caller to rely on net_buf_linearize() for
that, instead callers should take care to handle any conditions
like that themselves. For example, a caller which wants to process
the data as zero-terminated string, must reserve a byte for it
in the output buffer explicitly (and set it to zero).
The only in-tree user which relied on clearing output buffer was
wncm14a2a.c. But either had buffer sizes calculated very precisely
to always accommodate extra trailing zero byte (without providing
code comments about this), or arguably could suffer from buffer
overruns (at least if data received from a modem was invalid and
filled up all destination buffer, leaving no space for trailing
zero).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Currently there is a mixed approach in prefixes from mbedTLS
configuration (MBEDTLS_ and TLS_). The latter was used in generic config
file and could bring up confusion that it can only be used with TLS
subsystem. Hence unify the approach to MBEDTLS_ prefix to avoid such
confusion.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
As extend fdtable usage to more cases, there regularly arises a need
to forward ioctl/fcntl arguments to another ioctl vmethod, which is
complicated because it defined as taking variadic arguments. The only
portable solution is to convert variadic arguments to va_list at the
first point of entry from client code, and then pass va_list around.
To facilitate calling ioctl with variadic arguments from system code,
z_fdtable_call_ioctl() helper function is added.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This commit reworks socket poll implementation to support multiple
socket implementations.
To achieve that, two ioctl poll helper requests were added:
ZFD_IOCTL_POLL_PREPARE and ZFD_IOCTL_POLL_UPDATE. The poll
implementation calls ioctl with these requests for each socket
requested in the fds table.
The first request is responsible for preparing k_poll_event objects
for specific socket. It can request to skip waiting in k_poll by
returning EALREADY through errno.
The latter request is responsible for processing outcome of k_poll for
each socket. It can request to retry the k_poll by returning EAGAIN
through errno.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Implement extended socket vtable for TLS sockets, therefore allowing to
integrate the implementation with socket subsystem.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commit extends socket vtable, allowing to redirect socket calls to
alternate implementations (e.g. TLS sockets).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Remove network specific default and max log level setting
and start to use the zephyr logging values for those.
Remove LOG_MODULE_REGISTER() from net_core.h and place the
calls into .c files. This is done in order to avoid weird
compiler errors in some cases and to make the code look similar
as other subsystems.
Fixes#11343Fixes#11659
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
