In an effort to shave off code size, remove out-of-the-box
enabling of crypto features (except SHA-256).
Configurations are adjusted to enable what they need.
Bonuses:
- When enabled, AES now defaults to using a smaller version
(`CONFIG_MBEDTLS_AES_ROM_TABLES` isn't default enabled anymore,
and if enabled, `CONFIG_MBEDTLS_AES_FEWER_TABLES` defaults to y).
- Conditions around Mbed TLS Kconfig options have been improved
to reflect the reality of the dependencies.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Some IPv4/IPv6 functions were ifdef-sliced internally, despite being
compiled in conditionally in top-level #ifdef block under the same
condition.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In some cases the comment after #endif did not match the opening #if, in
some cases it was missing.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Allow user to specify resource string using wildcard characters
so that multiple URL paths can be served with just one handler.
Fixes#73367
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add option for setting a random MAC address to
the net iface set_mac command. With random option
a random MAC address can be assigned to an interface.
Signed-off-by: Kapil Bhatt <kapil.bhatt@nordicsemi.no>
In order to be compatible with Linux AF_PACKET socket calls, the
protocol field needs to be in network byte order.
So for example, if user wants to receive all packets, then the
protocol field needs to be set as "htons(ETH_P_ALL)".
See Linux manual page at
https://www.man7.org/linux/man-pages/man7/packet.7.html
for details.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
When tests control the LwM2M client entirely through
shell, we should be able to set the RD client context
from the application without causing RD client to
start registration.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
For default case it should print the option character provided by user.
Extra shell_help removed as it's being called in the caller function.
Signed-off-by: Ajay Parida <ajay.parida@nordicsemi.no>
Support to set BSS parameter "max_num_sta" at compile and run time
Added support to configure `max_num_sta` BSS parameter.
Maximum number of stations allowed in station table. New stations will be
rejected after the station table is full.
Signed-off-by: Ajay Parida <ajay.parida@nordicsemi.no>
Support for configuration of AP parameter "Skip inactivity poll".
Only build time setting is supported.
Signed-off-by: Ajay Parida <ajay.parida@nordicsemi.no>
Support to set BSS parameter at compile and run time.
Added support to configure `max_inactivity` BSS parameter.
Station inactivity timeout is the period for which AP may keep a client
in associated state while there is no traffic from that particular client.
If a non-zero value is set, AP may choose to disassociate the
client after the timeout.
Signed-off-by: Ajay Parida <ajay.parida@nordicsemi.no>
Remove the `_MAC` part because those Kconfig options enable only hash
algorithms, nothing MAC-related, and the `_ENABLED` part to align the
naming to the Mbed TLS defines (plus we don't need such a part).
As a bonus, enabling SHA-256 does not automatically enable SHA-224
anymore.
See the migration guide entries for more details on the practical
changes.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
When channel range is configured in scan params, get the
channel count from `chan_idx` instead of taking a difference
of start and end of the channel range. The `difference` method
fails in case of 5GHz band since channels may not be consecutive
numbers.
Signed-off-by: Ravi Dondaputi <ravi.dondaputi@nordicsemi.no>
Namespaced the generated headers with `zephyr` to prevent
potential conflict with other headers.
Introduce a temporary Kconfig `LEGACY_GENERATED_INCLUDE_PATH`
that is enabled by default. This allows the developers to
continue the use of the old include paths for the time being
until it is deprecated and eventually removed. The Kconfig will
generate a build-time warning message, similar to the
`CONFIG_TIMER_RANDOM_GENERATOR`.
Updated the includes path of in-tree sources accordingly.
Most of the changes here are scripted, check the PR for more
info.
Signed-off-by: Yong Cong Sin <ycsin@meta.com>
When opaque resources have post-write callback set, but
the write is not a Block-Wise write, there is no block_ctx
and the code causes null pointer dereference when calculating
the offset of the data.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Add checks to make sure that we are not trying to use the socket
service library with eventfd if CONFIG_POSIX_API is not set and if
using native_sim based board. The reason is that we should always
use zephyr libc based eventfd implementation instead of host libc one.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
This reverts commit b56297bf16
because it is causing problems when using native_sim and not
having CONFIG_POSIX_API set.
The proper fix is to set CONFIG_POSIX_API when using eventfd
and native_sim so that picolibc is used instead of host libc.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
According to RFC3927 and RFC5227, an ARP probe target HW address should
be set to all-zeroes:
"The 'target hardware address' field is ignored and
SHOULD be set to all zeroes."
Hence, we should allow the ARP probes to have all-zeroes target HW
address as well.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The socket allocation count was incorrectly calculated as
we have only one socket per listened port.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
If DNS_EAI_ALLDONE is returned, it indicates that the request
was done and should not be considered an error.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
When the interface goes down, the safest thing to do is to return to
the INIT state, as there is no guarantee that any state is preserved
upon the interface coming back up again.
This is particularly the case with WiFi.
Signed-off-by: Jordan Yates <jordan@embeint.com>
If time aware system has more than 1 gptp port, because there is only
one boolean to handle callback registering, a race condition can occur
for instance in case 2 master ports are waiting for a timestamp following
sending of sync message. More in details, callback may be unregistered
by port 1 while port 2 is waiting for timestamp event.
The issue is solved by declaring as much as boolean and struct
net_if_timestamp_cb as the number of declared ports
(=CONFIG_NET_GPTP_NUM_PORTS).
Signed-off-by: Jean-Nicolas Graux <jean-nicolas.graux@st.com>
Setting a ration of 0 breaks the computation of scaled_rate_offset
in gptp_md_follow_up_prepare().
According to IEEE802.1AS 10.2.2.3.9, when sent by clock master
entity, rate_ratio shall be equal to gmRateRatio. But since
in gptp_md_follow_up_prepare(), in case we are the grand master
clock, we take the assumption that clock source is the local clock,
we may set this ratio to 1.0.
Signed-off-by: Jean-Nicolas Graux <jean-nicolas.graux@st.com>
Without this patch, in case time aware system is grand master capable
but is not the grand master clock and behave as a bridge so that it
shall ONLY relay SYNC and FUP messages from slave port to master port(s),
SYNC and FUP are mistakenly generated by ClockMasterSyncSend state
machine.
This patch only call ClockMasterSyncSend state machine in case a Grand
Master clock is present and is this time aware system.
This check is not described by IEEE802.1AS. Instead, according to
10.2.9.3, the SiteSyncSync state machine shall not take into account
information from ClockMasterSyncSend in case this time aware system is
not grand-master capable. Current implementation of ClockMasterSyncSend
state machine sends sync indication to the PortSync entities, instead of
sending it to the SiteSyncSync entity. And the SiteSyncSync state machine
does not make any check.
Signed-off-by: Jean-Nicolas Graux <jean-nicolas.graux@st.com>
Commit 413eceeddb ("net: gptp: fix follow_up message correction_field")
breaks computation of follow up correction field in case time aware system
is not the grand master clock but behave as a transparent clock which relay
sync and follow-up messages from one slave port to one or several master
port(s). In this case, according to IEEE802.AS 11.1.3 and 11.2.14.2.3,
md sync send state machine shall compute the sum of link propagation delay
and residence time, expressed in grand master time base. Then this quantity
shall be added to last received fup correction field to build value of
correction field. This patch checks whether time aware system is the grand
master clock or not, and computes value correction field accordingly.
Signed-off-by: Jean-Nicolas Graux <jean-nicolas.graux@st.com>
An earlier pull request implementing observe support was merged too
hastily. It had a few issues:
1. The predicate for whether a request should be marked not ongoing was
wrong (it checked ret != 0 instead of ret < 0)
2. Without observes in mind, MID-based deduplication is not a required
feature. Deduplication was handled implicitly - the exchange would get
dropped after the first response anyway, so duplicate responses would
not get matched to anything. But with observes, there are several
responses in an exchange. This commit adds this.
3. Using coap_request_is_observe(&internal_req->request) in the response
handler requires the whole request to stay in scope for the lifetime of
the observation, which I observed was not always the case. Adding an
is_observe bool to the internal struct improved stability significantly.
With these fixes, GETs with observe option works very well.
Signed-off-by: Benjamin Lindqvist <benjamin@eub.se>
Filtering out received packets which source address matches one of our
own addresses has broken the duplicate address detection conflict
reporting.
In case Neighbor Advertisement is sent during DAD collision, the source
address of such packet might be set to the address that triggered the
collision. This address would also be set on our interface, marked as
tentative. Therefore in order to make duplicate address detection work,
we cannot filter out packets in case our own address is still in
tentative state.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
A support for RDNSS option should not force DNS subsystem being enabled
in the system, especially that the option is enabled by default. It
should work the other way around - the option is supported only if DNS
was enabled by the user.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
With native_sim, this error is seen a lot when socket
service API is used.
<dbg> net_sock: get_sock_vtable: (net_socket_service):
Invalid access on sock 3 by thread 0x807a8e0 (net_socket_service)
If we just ignore the error, then we might get into forever
loop which is not good. So if this happens, mark the eventfd
fd as not pollable to basically ignore the eventfd support in
this case.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Print also thread name when printing socket access error.
This helps debugging what thread caused it.
Lowering the Error to Debug as we could be missing vtable
for example for eventfd descriptors, this is easily seen when using
socket service API.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Instead of using net_context API directly, the LLMNR responder is
changed to use the socket service API. This allows DNS access
for offloaded sockets and can lower overall memory consumption.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Instead of using net_context API directly, the mDNS responder is
changed to use the socket service API. This allows DNS access
for offloaded sockets and can lower overall memory consumption.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Instead of using net_context API directly, the DNS resolver is
changed to use the socket service API. This allows DNS access
for offloaded sockets and can lower overall memory consumption.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The input address originates from an RX net_buf which may
be unaligned. Consequently, word access to this unaligned buffer
can trigger an unaligned access exception on certain platforms,
such as the ARMv7 Cortex-A9.
Signed-off-by: Taras Zaporozhets <zaporozhets.taras@gmail.com>
Improve coap_client_cancel_requests(). Ensure it can be
called from a callback. Report error to waiting callbacks.
Clear active flag.
This is useful when the network becomes unavailable
or prior to disconnecting in order to save power.
Signed-off-by: Pete Skeggs <peter.skeggs@nordicsemi.no>
Fixes remote address for ping before upload. This caused the ping in zperf
upload to timeout as shown in the following output:
```
uart:~$ zperf udp upload 2001:db8::2 5001 10 50 1M
Remote port is 5001
Connecting to 2001:db8::2
Duration: 10.00 s
Packet size: 50 bytes
Rate: 1000 kbps
Starting...
ping 2001:db8::2 timeout
Rate: 1.00 Mbps
Packet duration 390 us
```
Fixes: https://github.com/zephyrproject-rtos/zephyr/issues/68674
Signed-off-by: Ayush Singh <ayushdevel1325@gmail.com>
Allow Block-Wise writes to resources that have enough buffer for
the whole content. Calculate the offset before calling the
content specific write handlers when callback is not set.
Previously only resources with post-write callback were able to
assemble the content.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
When Block-Wise transfer restarts, the post-write callback should
receive some indication that the block is actually a beginning of new,
instead of part of previous transfer.
Fixes#71351
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
When the network inteface goes operational DOWN (for example cable
unplugged), clear "joined" flag on all registered multicast addresses,
so that MLD report is sent for them when the interface goes back up.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When bringing interface down, all IPv6 multicast addresses are removed
from the interface. However, when the interface was brought back up,
rejoin_ipv6_mcast_groups() would look only for solicited node mcast
addresses already present on the interface. In result, after going back
up, the interface was missing solicited-node mcast addresses for those
unicast addresses, that were already present on the interface when
bringing up.
As net_ipv6_mld_join() does similar checks to skip MLD when not needed,
we can just skip the lookup when rejoining, and use already defined
join_mcast_nodes().
Additionally, check for IPV6 and NO_ND flags on the interface before
attempting to add the address back, those multicast addresses are not
needed if ND is disabled on the interface.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case a network interface is brought down and back up, DAD was not
performed for link-local unicast address.
This happens because the logic in the network interface code assumed
that DAD for link-local address is triggered when the address is added,
and it's explicitly omited when looping over IPv6 address. This wasn't
the case however when interface was brought back up, as the address was
already present on the interface, hence DAD skipped.
In Linux, the link-local address is removed from the interface when the
interface is brought down. Such approach solves the issue described,
hence implement it in a similar way in Zephyr.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
There is no need to check our own context when going through
the used ports in the system. This prevents error when binding
in some corner cases.
Fixes#72035
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
