If we receive a packet where the source address is our own
address, then we should drop it.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
If we receive a packet from non localhost interface, then
drop it if either source or destination address is a localhost
address.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Allow engine to give hints about ongoing CoAP transmissions.
This information can be used to control various power saving
modes for network interfaces. For example cellular networks might
support release assist indicator.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
In slow networks, like Nb-IOT, when using queue mode,
there might be significant delay between the time we
put the packet into a transmission queue and the time
we actually start transmitting.
This might cause QUEUE_RX_OFF state to be triggered earlier
than expected. Remedy the issue by updating the timestamp on the
moment where packet is accepted by zsock_send().
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
In case a waiting TLS socket reports an error in the underlying poll
call, try to read the actual error from the socket, instead of blindly
returning -EIO in all cases.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
There are several subsystems and boards which require a relatively large
system heap (used by k_malloc()) to function properly. This became even
more notable with the recent introduction of the ACPICA library, which
causes ACPI-using boards to require a system heap of up to several
megabytes in size.
Until now, subsystems and boards have tried to solve this by having
Kconfig overlays which modify the default value of HEAP_MEM_POOL_SIZE.
This works ok, except when applications start explicitly setting values
in their prj.conf files:
$ git grep CONFIG_HEAP_MEM_POOL_SIZE= tests samples|wc -l
157
The vast majority of values set by current sample or test applications
is much too small for subsystems like ACPI, which results in the
application not being able to run on such boards.
To solve this situation, we introduce support for subsystems to specify
their own custom system heap size requirement. Subsystems do
this by defining Kconfig options with the prefix HEAP_MEM_POOL_ADD_SIZE_.
The final value of the system heap is the sum of the custom
minimum requirements, or the value existing HEAP_MEM_POOL_SIZE option,
whichever is greater.
We also introduce a new HEAP_MEM_POOL_IGNORE_MIN Kconfig option which
applications can use to force a lower value than what subsystems have
specficied, however this behavior is disabled by default.
Whenever the minimum is greater than the requested value a CMake warning
will be issued in the build output.
This patch ends up modifying several places outside of kernel code,
since the presence of the system heap is no longer detected using a
non-zero CONFIG_HEAP_MEM_POOL_SIZE value, rather it's now detected using
a new K_HEAP_MEM_POOL_SIZE value that's evaluated at build.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This reverts commit 6b644dff67.
Reason: breaks Peer-to-Peer gPTP connection. A better solution should be
found to handle the optional TLV on the announce message (chapter 10.5.1
IEEE 802.1AS-2011)
Signed-off-by: Mario Paja <mario.paja@zal.aero>
Zephyr does not support MLDv1 (which has a shorter header than MLDv2),
and this resulted in log errors being printed on header access if MLDv1
queries were received. Since receiving such packet is not really an
error, just drop it silently.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Update coap_service_send and coap_resource_send to take an optional
pointer argument to the newly introduced coap_transmission_parameters.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
AP enable takes the same parameters as connect, so, update the help and
also fix the optional parameter count when security is involved.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
In case one of the networking shell backends is enabled, net arp command
could potentially trigger a deadlock, as it locks the ARP mutex before
TCP connection mutex, while TCP stack could do this in reverse order
(for instance when sending ACK or retransmission).
Mitigate this, by forcing a separate TX thread in such case, so that ARP
mutex is no longer accessed with TCP mutex locked.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Replace function parameter 'retries' with pointer to structure
holding coap transmission parameters. This allows setting the
retransmission parameters individually for each pending request.
Add coap transmission parameters to coap_pending structure.
Update migration guide and release notes.
Signed-off-by: Juha Ylinen <juha.ylinen@nordicsemi.no>
The dummy L2 layer does not implement any L2 functionality
but it does not mean that it should not implement start/stop
functions that are called when the related network interface
is brought up or taken down.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
It is pointless to take net interface up if the underlaying
device is not ready. Set also the interface status properly
in this case.
Fixes#65423
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Use correct format specifier for LOG_ERR in lwm2m_obj_device.c. The
previously used format specifier of %u was correct for 32 bit systems
but would produce a build warning for 64 bit systems.
Fixes#66441
Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
As the common.h is only meant to be used by the network
shell files, rename it to be more descriptive in order to
avoid possible conflicts with any other common.h file.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Calling the registered receive callback when releasing TCP context
doesn't make sense, as at that point the application should've already
closed the associated socket (that's one of the conditions for the
context to be released). Therefore, remove the pointless receive
callback call, while keeping the loop to unref any leftover data packets
(although again, I don' think there should be any packets left at that
point, as they're all consumed in tcp_in()).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
While improving thread safety of the TCP stack I've introduced a
possible deadlock scenario, when calling tcp_conn_close() in tcp_in().
This function shall not be called with connection mutex locked, as it
calls registered recv callback internally, which could lead to deadlock
between TCP/socket mutexes.
This commit moves the tcp_conn_close() back where it was originally
called. I've verified that the thread safety is still solid with the
test apps used originally.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add empty macro for net_if_mon functions if they are not otherwise
defined, like the other functions in the net_if.c file have.
Signed-off-by: Declan Snyder <declan.snyder@nxp.com>
Add new functions to the public CoAP API to configure CoAP packet
retransmission settings. Application may need to re-configure the
settings for example when cellular modem changes connection from
LTE-M to NB-IoT or vice versa.
Signed-off-by: Juha Ylinen <juha.ylinen@nordicsemi.no>
The number of Kconfig options for the TCP stack grew considerably,
therefore it makes sense to move them to a separate file not to bloat
the Kconfig file with generic networking options.
Take this opportunity to reorder TCP options, so that protocol
parameters (timings/buffer sizes) are not mixed up with optional
protocol features (fast retransmit/congestion avoidance etc.).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When a TCP connection is established, if there is no data exchange
between the two parties within the set time, the side that enables
TCP Keep-alive will send a TCP probe packet with the same sequence
number as the previous TCP packet. This TCP probe packet is an empty
ACK packet (the specification recommends that it should not contain
any data, but can also contain 1 nonsense byte, such as 0x00.). If
there is no response from the other side after several consecutive
probe packets are sent, it is determined that the tcp connection has
failed, and the connection is closed.
The keep-alive default parameters are aligned with Linux defaults.
Signed-off-by: Horse Ma <mawei@coltsmart.com>
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
If observed resource was written during the pMin period, it did
not schedule any wake-up event into the future. Notify message would
then only be generated as a result of any other (like Update) event.
Refactor check_notifications() to follow same pattern as retransmit_req().
Return the next event timestamp, which could be now.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
SNTP response is not analyzed for uncertainty, and no uncertainty is given
to the `struct sntp_time` returned. Fix it with a Kconfig option that adds
optional SNTP uncertainty and timestamp fields in SNTP time struct, and
calculates these when parsing the response.
Adds two helper functions to convert Q16.16/Q32.32 in seconds to `int64_t`
in microseconds to facilitate this.
Also changes combined `lvm` field in `struct sntp_pkt` to bit-fields
`li`, `vn`, and `mode`.
Signed-off-by: Jasper Smit <git@jrhrsmit.nl>
Add const prefix for service uuid and char uuid.
Since Service UUID and Char UUID should not change in the service
definition, they are most reasonably defined as rodata, also for
save some ram footprint.
The field `attr->user_data` type is `void *`, as this PR change
all Service UUID to rodata, so there must add (void *) to avoid warning.
Signed-off-by: Lingao Meng <menglingao@xiaomi.com>
Add Kconfig choice for the user to select how Network Events are
handled. It's own thread, the system work queue or synchronous when
events are emitted.
By default a separate thread is created to be backwards compatible.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
This reverts commit 5227f24815.
The coap observer events will be replaced with net_mgmt events.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
A device can be reset before the error code list is communicated
to a LwM2M server so optionally store error list in settings so it
can restored after reset.
Signed-off-by: Nick Ward <nix.ward@gmail.com>
Iterating over connection list w/o mutex lock could lead to a crash on
constant incoming packet flow. Fix this by:
1. Adding mutex lock when iterating over an active connection list, to
prevent list corruption.
2. Create a copy of the callback and user data pointers before releasing
lock, to prevent NULL pointer dereference in case connection is
released before callback is executed.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Eliminate race between TCP input thread and TCP work queue, when
dereferencing connection. This normally would not manifest itself during
standard TCP operation, but could be a potential opening for abuse, when
the already closed TCP connection is kept being spammed with packets.
The test scenario involved sending multiple TCP RST packets as a
response to establishing the connection, which could result in system
crash. The following changes in the TCP stack made it stable in such
scenario:
1. Use `tcp_lock` when searching for active connections, to avoid
potential data corruption when connection is being removed when
iterating.
2. Avoid memset() during connection dereference, not to destroy mutex
associated with the connection. The connection context is only
cleared during allocation now.
3. Lock the connection mutex while releasing connection.
4. In tcp_in(), after locking the mutex, verify the connection state,
and quit early if the connection has already been dereferenced.
5. When closing connection from the TCP stack as a result of RST or
malformed packet, verify connection state to make sure it's only done
once, even if multiple RST packets were received.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Silently drop the IPv6 Neighbor Advertisement if we receive it
for an unknown neighbor or if there some some issue in the packet.
Returning error here would cause the ICMP module to print an
actual error which just pollutes the log without any apparent
benefit.
Fixes#66063
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
If server registration fails, allow fallback to secondary server,
or fallback to bootstrap.
Also allow fallback to different bootstrap server.
Add API to tell RD client when server have been disabled by
executable command.
Changes to RD state machine:
* All retry logic should be handled in NETWORK_ERROR state.
* New state SERVER_DISABLED.
* Internally disable servers that reject registration
* Temporary disable server on network error.
* Clean up all "disable timers" on start.
* Select server first, then find security object for it.
* State functions return void, error handling is done using states.
* DISCONNECT event will only come when client is requested to stop.
* NETWORK_ERROR will stop engine. This is generic error for all kinds
of registration or network failures.
* BOOTSTRAP_REG_FAILURE also stops engine. This is fatal, and we cannot
recover.
Refactoring:
* Server selection logic is inside server object.
* sm_handle_timeout_state() does not require msg parameter. Unused.
* When bootstrap fail, we should NOT back off to registration.
This is a fatal error, and it stops the engine and informs application.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
React to disable executable, as well as add callback that allows
disabling server for a period of time.
Also add API that would find a next server candidate based on the
priority and server being not-disabled.
Move all server related functions into its own header.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Zephyr has its own multicast join/leave API but for
interoperability, it is possible to use the multicast
socket API and IPV6_ADD_MEMBERSHIP and IPV6_DROP_MEMBERSHIP
socket options.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Zephyr has its own multicast join/leave API but for
interoperability, it is possible to use the multicast
socket API and IP_ADD_MEMBERSHIP and IP_DROP_MEMBERSHIP
socket options.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
We are creating a multicast address in mDNS or LLMNR
responder so set the TTL or hoplimit using the multicast
variant API.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
We specifically set TTL/hoplimit to 1 for LLMNR,
but only want to set it if in that specific case.
We must not pass TTL/hoplimit value 0 as that would
cause the packet to be dropped.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
* Check IPv4 TTL or IPv6 hop limit and drop the packet if
the value is 0
* Check the IP addresses so that we do the loopback check
at runtime if the packet is destined to loopback interface.
* Update the statistics properly for dropped packets.
* Do not update sent packets if we drop packets.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The IPv4 TTL could only manipulated via net_context interface.
It makes sense to allow the same from socket interface via
the setsockopt/getsockopt calls.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
