Add TLS secure socket option that enables to narrow list of ciphersuites
available for TLS connection.
This option accepts an array of integers with IANA assigned ciphersuite
identifiers and returns such.
By default, every statically configured ciphersuite is available for a
socket and getsockopt returns an array of these.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add write-only TLS secure socket option to set hostname.
This option accepts a string containing the hostname. May be NULL, to
disable hostname verification.
By default, an empty string is set as a hostname for TLS clients,
to enforce hostname verification in mbedTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS secure socket option to select TLS credentials to use.
This option accepts and returns an array of sec_tag_t that indicate
which TLS credentials should be used with specific socket.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS credential management subsystem that enables to register TLS
credentials in the system. Once specific credentials are registered in
the system, they will be available for TLS secure sockets to use.
To use a TLS credential with a socket, the following steps have to be
taken:
1. TLS credential has to be registered in a system-wide pool, using the
API provided in "net/tls_credentials.h" header file.
2. TLS credential (and other TLS parameters) should be set on a socket
using setsockopt().
Note, that there is no need to repeat step 1 for different sockets using
the same credentials. Once TLS credential is registered in the system,
it can be used with mulitple sockets, as long as it's not deleted.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When an echo request is sent to an unknown neighbor, a Neighbor
Solicitation request is sent, however if the source address
cannot be determined the NS request is dropped but the pending
packet is not freed.
Signed-off-by: Léonard Bise <leonard.bise@gmail.com>
Move struct members around in networking code so that we avoid
unnecessary holes inside structs. No functionality changes by
this commit.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Reduces the logic as well as the ipv4 header checksum needs to be
computed either way.
Fixes#8720
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Use modular arithmetic in statistics prints so that wraparounds are
automatically handled.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Allow user to set the network interface into promiscuous mode
and then receive all the network packets that are received by
that interface.
Fixes#7595
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
User is able to set the network interface to promiscuous mode
and query the promisc mode status.
Note that currently this is only supported for ethernet bearer.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
CONFIG_DNS_RESOLVER is the master switch for DNS resolution support,
for both native and socket APIs. Avoid confusing link errors by
compiling out both dns_resolve_name() and getaddrinfo() if that
option is not enabled.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Current implementation does not handle large extension headers
(e.g HBHO). Which resulted network stack crashes or due to
misinterpretation of lengths network packets are dropped. Also
caused issues while preparing IPv6 packet (e.g. large HBHO header
with IPv6 fragmentation support).
Issues fixed and provided more unit tests.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
We might access NULL pointer if strchr() return value is not
checked properly.
Coverity-CID: 187073
Fixes#8993
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Make sure that it is clear that we are suppose to fall through
a case statement.
Coverity-CID: 187078
Fixes#8989
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Make sure that we do not overflow when creating UScaledNS
value for interval.
Coverity-CID: 187079
Fixes#8988
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The advantage to this approach allows drivers for
devices that already keep statistics data on hardware
registers to use those instead, rather than try to
replicate it the same counters again within the driver
itself.
The eth_native_posix.c driver though do not benefit
from this, is modified to use the new callback system.
Suggested-by: Jukka Rissanen <jukka.rissanen@intel.com>
Signed-off-by: Jonathan Yong <jonathan.yong@intel.com>
If Neighbor Advertisement cannot be sent, then print info about it.
Earlier we printed info when NA succeeded.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
During transfer of object data via OMA TLV format, we can
encounter resources which are optional or not handled in base
LwM2M engine. When these resources cannot be handled let's
read past them and continue on.
Signed-off-by: Michael Scott <mike@foundries.io>
Don't use hard-coded value of 4 for passing the # of options to
coap_find_options() in handle_request(). This can easily get
out of sync.
Signed-off-by: Michael Scott <mike@foundries.io>
LwM2M engine now supports optional resources that may need to be
setup or torn down in user-based code during object instance
creation / deletion.
Let's provide callbacks that can be used for this purpose.
Signed-off-by: Michael Scott <mike@foundries.io>
Let's rename lwm2m_engine_exec_cb_t to lwm2m_engine_user_cb_t so that
future user-code callbacks can make use of the same definition.
Signed-off-by: Michael Scott <mike@foundries.io>
Initial implementation of poll() was more of a proof of concept, so
was coded with a single-thread application in mind. As we move to
sockets as the main networking API, make it possible to use poll()
from different threads.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
A condition can be but on a prompt to make a symbol conditionally
user-assignable (visible).
Kconfig note:
'default's don't care whether the symbol is visible (has a prompt with a
satisfied condition) or not. 'if'/'depends on' just puts the same
condition on all the properties, disabling both the defaults and the
prompt at the same time. That might make it look like they're connected.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Implement socket poll function for TLS socket. In addition to regular
poll checks, we have to check if there is some decrypted data pending on
mbedTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add entropy source for mbedTLS. If no entropy driver is available, use
non-secure, software entropy source.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add tls_context structure that stored data required by TLS socket
implementation. This structure is allocated from global pool during
socket creation and freed during socket closure.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add switch to a socket layer that will enable switching socket API to
TLS secure sockets. At this point there is no secure sockets
implementation, so secure socket calls redirect to regular socket calls.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Bool symbols implicitly default to 'n'.
A 'default n' can make sense e.g. in a Kconfig.defconfig file, if you
want to override a 'default y' on the base definition of the symbol. It
isn't used like that on any of these symbols though.
Remove some 'default ""' properties on string symbols too.
Also make definitions more consistent by converting some
config FOO
<type>
prompt "foo"
definitions to a shorter form:
config FOO
<type> "foo"
This shorthand works for int/hex/string symbols too, not just for bool
symbols.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
