The new command is "net http" which shows all services and
related resources defined in the system.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Doing a normal close for a websocket does not close the underlying
real socket. If we do not have fd for the real socket, then it is
not possible to fully close a websocket connection. As we are allocating
a websocket using websocket_register() in HTTP server use case,
create a websocket_unregister() that will close both the real
socket and the websocket socket.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
It is meant specifically for configuration of the PSA crypto library.
The underlying PSA configuration items are guarded by the condition
that a PSA crypto provider must be present, which is the case when
either TF-M is in use or MbedTLS's PSA core is built as part of
the application image.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Add option for zperf tcp upload that will enable periodic result reporting.
This is useful for monitoring performance swings during a longer session.
Signed-off-by: Adam Matus <adam.matus@nxp.com>
TCP nodelay option is part of zperf upload params, but was not being
set in common zperf_prepare_upload_sock function. Move it there
to align with how other options are set.
Signed-off-by: Adam Matus <adam.matus@nxp.com>
TLS socket have now been in Zephyr for a few years already and are
widely adopted across the codebase. Given above, they should no longer
be considered an experimental feature.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
According to the RFC, MODE_IS_INCLUDE/MODE_IS_EXCLUDE codes should be
used while sendling Multicast Listener Reports in response to a query.
When performing a transition between states (e.g., when joining or
leaving a multicast group) CHANGE_TO_INCLUDE_MODE/CHANGE_TO_EXCLUDE_MODE
have to be used.
Signed-off-by: Konrad Derda <konrad.derda@nordicsemi.no>
From RFC:
* "source list" is an unordered list of zero or more unicast
addresses from which multicast reception is desired or not desired [...]
It means that there is no need to add any special address to specify
"block all" and "allow all" states explicitly. This commit removes the
unnecessary addition.
Signed-off-by: Konrad Derda <konrad.derda@nordicsemi.no>
When BUILD_WITH_TFM is enabled we can dispatch hash computation
to TFM. This allows to remove the built-in support of SHA256 from
the non-secure side (if it's not used for any other purpose, of course).
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Moving toward the adoption of PSA crypto APIs, TinyCrypt is going
to be deprecated so we can remove it in favor of newer APIs.
Moreover tls_credentials is mostly meant to store data in the
protected storage meaning that there is a TFM implementation
providing this service. The same TFM can of course be used to
compute sha256 hashing thus saving memory footprint on the NS
side by removing TC.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
When using the TLS_CREDENTIALS_BACKEND_PROTECTED_STORAGE there is
BUILD_WITH_TFM enabled which means that we can take advantage of
TFM (thorugh PSA interface) to compute the SHA256 hash.
This removes the need for the built-in implementation of
mbedtls_sha256() on the non-secure image (unless it's used somewhere
else, of course) and therefore it helps in reducing the memory
footprint.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Add support for gratuitous ARP transmission by Zephyr network stack.
This allows to prematurely fill the peer ARP table, so there's no need
to send an explicit request when peer needs to send an actual packet.
The gratuitous ARP is send when the network interface is brought up
(joins the network) or a new IP address is added. The gratuitous ARP
request is also sent periodically, with a configurable interval time.
The gratuitous ARP should also be sent whenever MAC address of the
interface is changed, but as Zephyr only allows to do this when
interface is down, this is already covered by the first case (interface
brought up).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Fixing the websocket command output to align the fields and
printing interface index instead of a pointer value.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add socket obj_core support to websocket so that the socket
information can be viewed by "net sockets" command.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
After upgrading the HTTP connection to websocket, call the
application registered callback to transfer the ownership of
the socket to the application.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
If the other end closes the connection, it is not exactly an
error so downgrade the print to debug level.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The http_server needs a way to bind a websocket socket to the
upgraded http connection socket. So websocket_register() is used
for that.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Use normal "config" in order to avoid this error from compliance
check script:
Found pointless 'menuconfig' symbols without children.
Use regular 'config' symbols instead.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Allow connection to be upgraded from HTTP/1.1 to websocket.
This commit does nothing yet with the upgraded connection.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Check what kind of upgrading we are doing and return error
if we receive upgrade that we do not support.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
`OPENTHREAD_PLATFORM_KEY_REF` should not be selected for RCP
architecture, as keys are handled on host's side and passed to
device over Spinel, and therefore they cannot be exported
on platform from reference with PSA Crypto API.
Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
Two issues fixed:
When pull-context is created, it does not have to wake up the RD
client context. Ignore the EPERM warning.
When new pull-context creates a new socket, sometimes socket-loop
gets to recvfrom() before we have set O_NONBLOCK on the socket.
So use ZSOCK_MSG_DONTWAIT on zsock_recvfrom() so it does not
block the socket loop.
Fixes#71450
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
It may happen that the interface is up but not yet running
when we issue the rejoin_ipv6_mcast_groups(). This can be
fixed by calling this function again right after the iface
is set to 'running' state in the notify_iface_up handler.
Signed-off-by: Marcin Kajor <marcin.kajor@nordicsemi.no>
When calling net_if_get_default(), print a warning if no
network interfaces are found. This helps debugging mysterious
crashes.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
When trying to get IPv6 prefix, if there are no network interfaces
then the net_if_get_default() will return NULL but we should not
crash at that point but return gracefully.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Making default preferred time much closer to default valid time
so that the served addresses are much shorter time in deprecated
state where they cannot be utilized. This is important in Zephyr
as there are limited number of IPv6 addresses that can be allocated
to the network interface.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The local address used for established TCP socket needs to be
dig out from TCP internals and not from context->local.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
We usually cannot use context->local for established TCP connections
because the local address is not updated for TCP if we are bound to
any address. So create helper that try to figure out the end point
addresses.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add support for IPv6 Source Address Selection defined in RFC 5014.
This commit does not add any address selection support to getaddrinfo()
as described in the RFC. The AI_EXTFLAGS symbol and also the ai_eflags
to hints is added but they are not used by the code.
The public/temporary address selection is only done internally by
the net_if_ipv6_select_src_addr_hint() according to flags set by
setsockopt().
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
When printing IPv4 and IPv6 address information in "net ipv4" and
"net ipv6" commands, print also reference count of the IP address.
This is useful for debugging purposes.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add reference counting to network interface address (for both
IPv4 and IPv6) so that the address is not removed if there are
sockets using it. If the interface address is removed while there
are sockets using it, the connectivity will fail for the said
socket.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add events to be generated when privacy extension is enabled
or disabled, or when allow/deny filter is added or deleted.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
When executing "net iface" command, print current status of
IPv6 privacy extension if it is enabled in config file.
The "net ipv6 ..." command prints IPv6 privacy extension
information, and can add or delete IPv6 prefix filters.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
If IPv6 privacy extension is enabled, then we need to select
proper public or temporary IPv6 source address when sending the
packet.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
This creates support for IPv6 privacy extensions which is described
in RFC 8981. This will also add API that can be used to add IPv6
prefixes to a allow or deny list privacy extension filter.
The code will create temporary IPv6 addresses from prefixes that
are advertised by Router Advertisement messages. The temporary
IPv6 addresses are then expired according to lifetime and removed.
Fixes#9349
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
If IPv6 address expires and moves to deprecated state, then
send a mgmt event so that listeners can act on it.
One such action is to close a socket bound to that source address
so that the address can be released.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
This commit adds transmission of MLDv2 reports whenever a multicast
routing entry is added or removed when suitable (it checks if the
given interface itself has joined the group).
Signed-off-by: Konrad Derda <konrad.derda@nordicsemi.no>
This commit introduces a new option CONFIG_NET_MCAST_ROUTE_MLD_REPORTS
which appends multiacst routes to MLDv2 reports. These records are
intended to inform reports' recipients about potential listeners on
the other interfaces.
Signed-off-by: Konrad Derda <konrad.derda@nordicsemi.no>
The coap_client lib only handled "one-shot" requests properly. This
patch allows it to keep listening for additional responses to a request,
if the request was made with the CoAP OBSERVE option appended.
An API for canceling such requests is also added.
Signed-off-by: Benjamin Lindqvist <benjamin@eub.se>
The size field in net_buf should not be used directly as then
the optional headroom will not be taken into account.
There is the net_buf_max_len() API that should be used instead.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Kconfig option to enable object version reporting should
be moved into sub section "Engine features" so
it does not clutter up the main LwM2M menu.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
