The L2 PPP driver was not working for any other
Async-Control-Character-Map values than 0xffffffff.
This was caused by two issues:
* modem_ppp.c was expecting CONTROL field to be always escaped.
* lcp.c was decoding async_map values wrongly. Either as 16bit,
or raw 32bit, instead of big-endian 32 bit.
Now it should be safe to default my_options.async_map to a zero.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
When peer sends the Async-Control-Character-Map option on LCP
phase, Zephyr correctly responsed with Configure-Ack.
But the LCP negotiation phase have not been finnished yet,
so the remote end may not expect us to immediately
update the value.
This is seen when trying to use Zephyr's PPP stack against
PPPD from Linux, where default asyncmap option is zero.
However, if we delay the update of the asyncmap to the network phase,
it works just fine.
Fixes#105291
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
If CONFIG_HTTP_SERVER_MAX_HEADER_LEN is increased from the default of
32, a compiler warning pops in the HTTP websocket code:
zephyr/subsys/net/lib/http/http_server_http1.c:
In function 'on_header_value':
zephyr/subsys/net/lib/http/http_server_http1.c:898:33:
warning: 'strncpy' output may be truncated copying between 0 and 32
bytes from a string of length 47 [-Wstringop-truncation]
898 | strncpy(ctx->ws_sec_key, ctx->header_buffer,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
899 | MIN(sizeof(ctx->ws_sec_key), offset));
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This comes from:
if (ctx->websocket_sec_key_next) {
#if defined(CONFIG_WEBSOCKET)
strncpy(ctx->ws_sec_key, ctx->header_buffer,
MIN(sizeof(ctx->ws_sec_key), offset));
#endif
If eg. header_buffer is 48 bytes and holds a string >= 32 bytes then
ws_sec_key can end up non-nul terminated. That can then lead to buffer
overflow in handle_http1_to_websocket_upgrade().
Add a check to make sure the header value fits in ws_sec_key, if not
reject the request with a HTTP 500. The websocket key is not expected to
be > 31 bytes.
Once the check is in place, it's safe to use memcpy() for the copy, and
then add the terminating nul manually.
Signed-off-by: Michael Ellerman <mpe@oss.tenstorrent.com>
When we start uAP by specifying the network interface "-i" like this:
wifi ap enable … -i 1
(here: 1 is STA iface, 2 is uAP iface)
Currently, get_iface() uses interface index to choose the network
interface, but we do not check if the selected interface is correct
type.
So if the user specified interface is valid interface, we then verify
that it matches the given type. If there is no match, we return an
error and do not select a default type interface.
Signed-off-by: Li Long <li.long@nxp.com>
Add a new field to the `sntp_time` struct which is an estimate of the
delay between the SNTP server sending the response and the SNTP client
(the application) receiving it. This information can then be used by
the caller to correct for the systemic bias introduced by non-zero
network latencies.
Includes internal variable naming to make it clearer which timestamps
are which.
Signed-off-by: Jordan Yates <jordan@embeint.com>
Adds a Kconfig option to detect if checksum offloading
is supported by any driver and one to activate it.
Main benefit is that `net_if_need_calc_rx_checksum()` and
`net_if_need_calc_tx_checksum()` are now inline and therefore the
compiler can optimize more, when checksum offloading is not supported.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
Remove the unconditional `conn_mgr_if_used` call on data reception.
Receiving data ends up being a poor metric for "interface in use" in
many situations. This is especially the case when connected to networks
with broadcast packets that are not necessarily relevant for us, such as
ARP discovery requests.
Signed-off-by: Jordan Yates <jordan@embeint.com>
When comparing time sources for `CONFIG_SNTP_UNCERTAINTY` to validate
the server responses, `dest_ts_us` and `orig_ts_us` need to be
constructed from the same time sources and have the same offsets applied
in order for math operations to be valid.
Fixes#105101
Signed-off-by: Jordan Yates <jordan@embeint.com>
When routing packets, check if the destination address matches an
on-link prefix on any interface before using the default router.
This ensures packets destined for on-link prefixes are not
incorrectly sent to the default router.
Signed-off-by: Jani Hirsimäki <jani.hirsimaki@nordicsemi.no>
Add a dedicated Kconfig option for this previously hidden and
automatically enabled Mbed TLS configuration.
Make the relevant key exchange Kconfig options depend on it.
Enable it explicitly where needed.
Fix the condition for defining MBEDTLS_X509_USE_C (based on
mbedtls_config.h).
Check for CONFIG_MBEDTLS_X509_CRT_PARSE_C instead of
MBEDTLS_X509_CRT_PARSE_C now that we have a Kconfig option for it.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Add WEP security support in Wi-Fi mgmt ops.
Need to enable Kconfig CONFIG_WIFI_NM_WPA_SUPPLICANT_WEP.
Signed-off-by: Kapil Bhatt <kapil.bhatt@nordicsemi.no>
Replace instances of struct net_sockaddr with struct net_sockaddr_storage
for stack variables.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
Storing a socket address should be done with the designated struct
net_sockaddr_storage type instead of the opaque struct net_sockaddr.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
A CoAP client should not be limited to a single destination address for all
requests.
Store the destination address for each request or use the existing socket
directly.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
Update the return type of the ICMP callback handler to enum net_verdict.
This fixes an issue where currently all ICMP handler are passed the same
pkt. Handlers could have modified the passed packet resulting in undefined
behavior.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
Make sure autoconfigured multicast IPv6 addresses are added (and thus
referenced) only once when the interface goes up to avoid mounting refs
for a given address.
Even if address is already present and net_ipv6_mld_join() is skipped
for a given address it's not an issue as all unjoined addresses have
their reports sent on interface going up via net_ipv6_mld_rejoin().
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When allocating new multicast address, clear the is_joined flag as it
could've still be set from the previous allocation.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add helper function that allows to rejoin multicast groups without
registering an address. This is needed in case we just want to send
report w/o increasing the ref count of the multicast address (when
interface goes up for example).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add helper function that allows to rejoin multicast groups without
registering an address. This is needed in case we just want to send
report w/o increasing the ref count of the multicast address (when
interface goes up for example).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Network interface state is now checked down the line in
net_try_send_data() so a separate check in the MLD code was redudant,
hence remove it to simplify the code.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Don't send MLD report on join if the address was already joined,
only increase the ref count by calling net_if_ipv6_maddr_add().
On leave, only send report if the address was removed from the system
(i.e. is no longer in use).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Don't send IGMP report on join if the address was already joined,
only increase the ref count by calling net_if_ipv6_maddr_add().
On leave, only send report if the address was removed from the system
(i.e. is no longer in use).
For IGMPv3 specifically, if the address with non-empty include/exclude
list was already registered, return an error as registering lists from
different sources is currently not supported.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add ref counting for multicast addresses, so that if a multicast address
is registered from different subsystems, they won't interfere with each
other. That way, if one subsystem decides to remove a multicast address,
it won't affect other subsystems that may still need it.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add bounds checking to PTP management interval parameters to prevent
undefined behavior from bitwise shift operations.
The port_timer_set_timeout() and port_timer_set_timeout_random()
functions perform left and right shift operations using the
log_announce_interval and log_sync_interval values as shift counts.
Without bounds validation, these int8_t parameters could be set to
extreme values (e.g., via PTP management messages) that exceed the
valid shift range, causing undefined behavior.
(C11, 6.5.7p3)
> If the value of the right operand is negative or is greater than
or equal to the width of the promoted left operand,
the behavior is undefined
(C++11, 5.8p1)
> The behavior is undefined if the right operand is negative,
or greater than or equal to the length in bits of the promoted
left operand.
Limit both log_announce_interval and log_sync_interval to the range
[-63, 63] using MIN/MAX macros when accepting values from PTP management
frames. This range is preventing shift operations outside
the 64-bit width used in the timeout calculations.
Fixes: GHSA-3v98-458v-388r
Signed-off-by: Adam Wojasinski <awojasinski@baylibre.com>
Align the net_if_ipv6_router_add() behavior with its IPv4 counterpart,
where it is possible to specify whether the router is a default one
instead of making assumptions based on the lifetime value.
The current behavior was likely inspired by the Neighbor Discovery RFC,
where the lifetime parameter of 0 received in the Router Advertisement
message indicates that the router should not be treated as a default
router, however this is an implementation detail of the Neighbor
Discovery protocol and does not need to be enforced at the router API
level, as this can be used outside of this protocol (for example when
router is added manually from the application).
Therefore, allow to specify the "is_default" parameter separately just
like in the IPv4 case.The Router Advertisement handling routine will
just specify the "is_default" value based on the received lifetime
value.
Also, clarify in the function documentation what does it mean to specify
lifetime to 0 (which means the router never expires according to current
implementation).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This change addresses an alignment problem reported by UBSAN by
using a copy of the address. This avoids the need for extensive
rework to support net_if_ipv4_maddr_lookup_raw variant.
Signed-off-by: Tim Pambor <tim.pambor@codewrights.de>
In d45cd6716b the mayority of the
Zephyr codebased was changed to use the Zephyr native net_ prefixed
types, but some were forgotten.
Without this fix/change the code still builds as we are by now setting
CONFIG_NET_NAMESPACE_COMPAT_MODE. But when this is not set, things
fail to build.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
In d45cd6716b the mayority of this code
was changed to use the Zephyr native net_/zsock_ prefixed types/functions
but some were forgotten.
Let's fix it.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Use the ZTESTABLE_STATIC macro to define symbols which need to be
accessible from ztests, instead of redefining STATIC which causes
trouble with some hals.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Just for consistency with the code and to avoid finding them on searches,
use the actually used macro names in the log messages.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
This was a leftover from the previous commit that removed usage of
legacy crypto in favor of PSA API.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The send scheduler formatted LwM2M paths with `lwm2m_path_log_buf()` even
when debug logging was not enabled for the module, causing build issues
with CONFIG_LOG off.
Signed-off-by: Julien Vermillard <julien@clunkymachines.com>
Make sure to check packet length check before starting the
IPv4 fragmentation reassembly process. This way we can drop the
malformed packet without consuming resources.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
When receiving a DNS query, make sure that the packet contains
also query type and class fields before trying to access them.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Fixeszephyrproject-rtos/zephyr#103442
Origin: Original
Adds a separate TX traffic class for CDC-ECM and CDC-NCM in USBD Next
to prevent a deadlock during interface provisioning.
Tested with a custom nRF53-app firmware which combines CDC-ECM /
CDC-NCM (both tested) with mDNS with USB hosts MacOS, iPadOS, and
Alpine Linux.
Signed-off-by: Jay Beavers <jay@tolttechnologies.com>
