When `z_get_fd_obj_and_vtable()` function returns NULL (no valid entry
in the FD table for the socket), there is no need for further usermode
checks on the `ctx` pointer, as there is nothing to invalidate in that
case.
Fixes#25990Fixes#25991
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The original sockets system calls used file descriptors which
were actually net_context pointers. For all socket system calls,
any calls from user mode would check if the caller had permission
to use the net context.
This was later changed to not stuff net_context pointers into file
descriptors, but all the permission checking was unintentionally
lost, allowing all threads on the system to
read/write all socket file descriptors in the system at will, with
no way to isolate applications running on the same microcontroller
from each other's network activity.
This patch restores the permission checks on network context objects
for socket system calls that originated from user mode.
The call to z_object_recycle() was never removed from
zsock_socket_internal(); this is again leveraged to grant the
caller who opened the socket permission on the net_context
associated with the returned file descriptor.
To ensure that all socket calls do this checking, all uses of
z_get_fd_obj_and_vtable() have been routed through get_sock_vtable().
Objects have initialization state set and thread permissions
reset to just the caller in common zsock_socket() code.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The socketpair file descriptor context objects are heap allocated
and not drawn from a static pool. Register these as kernel objects
when we create them if user mode is enabled.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Zephyr running on MPU devices have a different memory model than
process-oriented OSes like Linux and require a method to set
kernel object permissions on a file descriptor's underlying
context object. Add this, and a test to show that it is working.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Used for permission validation when accessing the associated file
descriptors from user mode.
There often get defined in implementation code, expand the search
to look in drivers/ and subsys/net/.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Need to use %zd in formatter string for net_pkt_get_len since it returns
a size_t otherwise we get something like:
error: format ‘%d’ expects argument of type ‘int’, but argument
3 has type ‘size_t’ {aka ‘long unsigned int’} [-Werror=format=]
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
If we are calling sendmsg() without any aux data, then msg_controllen
is 0 and msg_control is NULL. Check these allowed values properly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we are calling sendmsg() for a connected socket, then msg_namelen
is 0 and msg_name is NULL. Check these allowed values properly.
Also modify unit tests so that we test this scenario.
Fixes#25925
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
In this, case is_nonblock is false and will_block is true.
Therefore, we *may* block, and furthermore we *expect* to
block. Checking is_nonblock is, in fact, redundant, and
passing K_FOREVER to k_sem_take() is justified.
Fixes#25727
Coverity-CID: 210611
Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
Due to new checks in mbedTLS config sanitizer, TLS option can no longer
be left enabled, when TLS is not used. OpenThread needs MBEDTLS_MD_C
and MBEDTLS_CIPHER_C even without TLS being used, so we need an option
to enable them manually.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The Router Advertisement can have prefix option. It's length
is 4 but the code did not check that which meant that we could
accept malformed packet. See RFC 4861 chapter 4.6.2 for details.
Fixes#25694
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Make sure that we do not add same IPv6 prefix, received from RA,
multiple times to prefix timer list. This avoids possible
denial-of-service issue if we receive suitably crafted RA packet.
Fixes#25698
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
OpenThread moved from 4 to 5 debug levels and it was not possible
to configure all of them with Kconfig.
Signed-off-by: Eduardo Montoya <eduardo.montoya@nordicsemi.no>
In order to support the retransmission for the outgoing data:
1. The outgoing data packet is appended to the send_data queue
in net_tcp_queue_data().
2. tcp_send_queued_data() is called and will use tcp_send_data()
to sends queued but unsent data packet by packet
until there's an unsent data and the receiver's window isn't full.
tcp_send_queued_data() subscribes send_data_timer
that will handle retrasmissions with tcp_resend_data().
3. tcp_send_data() peeks a single chunk of data from the send_data
queue that will not exceed the maximum segment size
until the the receiver's window is full.
tcp_send_data() uses conn->seq and conn->unack_len as the sequence
number for the TCP packet.
conn->unacked_len is advanced on each send.
4. On data acknowledgment:
- acknowledged amount of data is removed from the beginning
of the send_data queue
- conn->seq is advanced by the acknowledged amount
- conn->unacked_len is decremented by the acknowledged amount
- send_data_timer is cancelled
- tcp_send_queued_data() is called to send queued but
prevoiusly unsent data
5. On timeout, tcp_resend_data() will reset conn->unack_len,
peek one packet from the beginning of the send_queue and resend,
terminating the connection on retries exceeded.
Meanwhile the outgoing data tcp_send_queued_data() is just
appended to the send_data but not sent.
In case of the acknowledgement, tcp_send_queued_data() will
start sending multiple packets until the receiver's window
is full.
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
In order to support the retransmission for the outgoind data,
add the following into the TCP connection:
- struct net_pkt *send_data (used as a queue)
- send_data_total
- unack_len
- send_data_timer
- send_data_retries
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
In order to support the send window, add send_win into
the TCP connection.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
In order to support the data retransmission, refactor tcp_out()
into tcp_out_ext() which supports passing the sequence number.
In addition drop modifications of the connection sequence number
from tcp_out_ext(), this is the responsibility of data retransmission.
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
In order to use struct net_pkt for the outgoing data queue,
update tcp_pkt_alloc() macros, so they support allocation
without buffer.
Additionally, merge tcp_pkt_alloc() macros macros into one.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
Unsuccessfull packet clone in tcp_data_get() isn't handled,
add an error handling and don't ACK the incoming data in this case.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
In order to handle sequence overflow cases, use
net_tcp_seq_greater() to check if the sequence is greater/lower.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
The initial sequence number for a connection should be randomized
to prevent easy guesses.
Do not randomize the sequence number if network test or
test protocol is enabled.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
There was a possible race condition between sock_is_nonblock()
and k_sem_take() in spair_read() and spair_write() that was
mitigated.
Also clarified some of the conditional branching in those
functions.
Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
The link address was not printed correctly as log_strdup() was
missing from the debug print.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Print detailed information about a given net_pkt. This is
useful if there is a memory leak and you want to see more
detailed information about the data inside the buffer.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Added support for Qemu User Networking and tested with
qemu_x86 model. The support is kept simple assuming that
the TAP interface will always be preferred for more
sophisticated / practical use cases.
QEMU User Networking is implemented using "slirp", which
provides a full TCP/IP stack within QEMU and uses that
stack to implement a virtual NAT'd network. As this
support is built into QEMU, it can be used with any model
and requires no admin privileges on the host machine,
unlike TAP.
Added documentation to facilitate the user.
Signed-off-by: Bilal Wasim <bilalwasim676@gmail.com>
The LLDP packet was created but its type was not set to LLDP
and was sent as ARP message.
Fixes#25084
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Add OpenThread configuration option, which allows to configure and start
OpenThread stack operation manually. This mode should be used in NCP
devices, as well as is needed for certification purposes, where
OpenTread stack have to be configured by the test framework and not
initialize and join the network on its own.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Frame format was validated, but its length should be also validated
relevantly against the format.
Fixes#24970
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Convert all canbus related API/samples/tests/subsys
to the new timeout API with k_timeout_t.
Signed-off-by: Alexander Wachter <alexander@wachter.cloud>
If we have removed first net_buf, then we must not restore the
original cursor as that will point to wrong head net_buf.
Add also unit test to check that the packets are removed
properly.
Clarify the documentation that we are removing data from
beginning of the function, also document that the cursor
is reset after this call.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Replace:
DT_FLASH_ERASE_BLOCK_SIZE ->
DT_PROP(DT_CHOSEN(zephyr_flash), erase_block_size)
DT_FLASH_WRITE_BLOCK_SIZE ->
DT_PROP(DT_CHOSEN(zephyr_flash), write_block_size)
As this allows us to phase out the old generator.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>