If user application calls the new API, then SSH server is
automatically started when the device boots.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add support for SSH client and server connections.
Original code is from https://github.com/grantramsay/zephyr-ssh
Following modifications are done by this commit compared to original
one:
- Coding style issues, like converting // comments to /* */ ones
- Converting to use PSA APIs
- Add IPv6 support
Signed-off-by: Grant Ramsay <grant.ramsay@hotmail.com>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
When calling other functions, pass "struct net_sockaddr" instead of
"struct net_sockaddr_storage" as the former is usually passed around
between functions. This is a style issue and there is no functionality
changes by this commit.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Some of the statistical collector functions were checking null
pointers without a reason. The pointers cannot be null at this point
and the callers already have those checked.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The CONFIG_NET_SOCKETS_POLL_MAX Kconfig option was deprecated in
Zephyr 4.0.0, remove it and any leftover in-tree option use.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The CONFIG_NET_TC_SKIP_FOR_HIGH_PRIO Kconfig option was deprecated in
Zephyr 4.1.0, remove it.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add http_server_normalize_url() to resolve '.' and '..' segments in
client->url_buffer once the URL is fully assembled to avoid a remote
client to read files outside the configured web root.
Signed-off-by: Flavio Ceolin <flavio@hubblenetwork.com>
when using NET_QEMU_ETHERNET or NET_QEMU_USER
enable NET_L2_ETHERNET by default, as
in this mode we need the ethernet drivers.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
Introduces K_MEM_SLAB_DEFINE_TYPE() and K_MEM_SLAB_DEFINE_STATIC_TYPE()
helpers to allow the user to declare slabs for types without having to
manually ensure the alignment is correct.
Manual slab alignment was very error-prone and this change fixes several
instances of misalignment that would be trapped by the undefined
behavior sanitizer when running on 64-bit targets.
Signed-off-by: Egill Sigurdur <egill@egill.xyz>
The foreign clock cleanup logic was incorrectly comparing the PTP
hardware timestamp against the local k_uptime_get(), resulting in
erroneous packet aging.
This introduces a 'local_uptime_ms' field to track the actual local
arrival time of ANNOUNCE messages, isolating the aging logic
from the PTP hardware clock domain.
Fixes#108479
Signed-off-by: T Madhusudhan Rao <tetakalam@aerlync.com>
This will avoid this error message
Unknown group 0x0000, defaulting to secp256r1
when generating ECDH keypair.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
393350fd65 made it so that the `mbedTLS`
library is only created when `CONFIG_MBEDTLS_BUILTIN`.
Before this commit, users of Mbed TLS did the following:
`zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS)`
If the `mbedTLS` CMake library doesn't exist but is still linked to
(as is the case when `CONFIG_MBEDTLS && !CONFIG_MBEDTLS_BUILTIN`),
the linker command is populated with `-lmbedTLS` which makes the build
fail because there is no `libmbedTLS.a` in the build.
Make it so that users of Mbed TLS only link to the `mbedTLS` CMake
library when the builtin version is used.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
In case of using ethernet as backbone interface, some NICs may want to
have checksum set to 0 for a correct computation.
This commit aims to address this issue by checking if hardware has
offload capabilities and setting IPV6 packet checksums to 0, if needed.
Signed-off-by: Cristian Bulacu <cristian.bulacu@nxp.com>
When Kconfig option CONFIG_NET_CAPTURE=y is used and VLAN feature
is enabled and tested, this Kconfig creates two virtual interfaces,
IP_TUNNEL0 and NET_CAPTURE0. On "net iface" shell command, when
interfaces get listed, the IP_TUNNEL0 virtual interface for
packet capture/debug purpose, gets listed as vlan interface, which
is incorrect. On testing, before this fix, IP_TUNNEL0 interface gets
listed as vlan0, after fix it shows as net0 instead.
This fix needs to be backported to zephyr 4.4.
Signed-off-by: Malliga Moorthi <malliga.moorthi@nokia.com>
Current code was preventing all NET_IF_NO_AUTO_START interfaces for
config init.
This patch is to change that and to prevent only NET_IF_NO_AUTO_START
interfaces with link down status.
Then interfaces already manually up, like bridge can be supported.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
gPTP frame should be handled via gPTP bridge stack. So, do not
forward them or handle them by bridge interface.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
It's normal there is no gPTP device connected. We didn't have to use
warn level message for resetting pdelay request. Change to use debug
message which can avoid endless noise messages.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Qbv uses management interface, so just select NET_L2_ETHERNET_MGMT.
Qbv time is based on PTP clock. When enable Qbv shell, just select
PTP clock shell too because at least we need to check base time
via PTP clock shell.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Fix issue that would be trapped by the address sanitizer, would always
read 7 bytes even though ptr might be shorter, and would therefore
read out of bounds if e.g. the string ".org" was passed.
Signed-off-by: Egill Sigurdur <egill@egill.xyz>
The FIN packet was not counted in the number of packets sent.
This behavior differs from iperf2, which counts the FIN packet
as well. Previously, the statistics reported by iperf2 were
off by one compared to zperf, which was confusing.
Signed-off-by: Tim Pambor <tim.pambor@codewrights.de>
In iperf2, the first packet of a session has ID 1.
Change the UDP uploader to start packet IDs at one,
so that the behavior is the same as iperf2.
Signed-off-by: Tim Pambor <tim.pambor@codewrights.de>
In Zperf UDP receiver mode, the final packet of a session
was not included in the session statistics, which caused the
results to differ from those reported by iperf2.
Signed-off-by: Tim Pambor <tim.pambor@codewrights.de>
In Zperf UDP receiver mode, the first packet of a new session
was always counted as lost due to only initiating a new session
but not processing the packet as part of the new session.
Signed-off-by: Tim Pambor <tim.pambor@codewrights.de>
This PR implements support for DNS Private Resource Records (RR)
as defined in RFC 6895, enabling applications to query and
handle DNS records in the private use range (type codes 65280-65534).
This feature is not enabled by default,
CONFIG_DNS_RESOLVER_PRIVATE_RR_SUPPORT is used to enable it.
Signed-off-by: Cristian Bulacu <cristian.bulacu@nxp.com>
Use k_ticks_to_ms_ceil32 instead of k_ticks_to_ms_floor32 to prevent
premature zero-ms timeouts when remaining ticks round down to zero.
Signed-off-by: Rithic Chellaram Hariharan <gr8rithic@gmail.com>
Replace hard-coded MAX_SEND_BUF_LEN (192) with a new Kconfig option
CONFIG_HTTP_CLIENT_SEND_BUF_SIZE so applications can tune the
stack-allocated send buffer size based on their memory constraints.
Signed-off-by: Rithic Chellaram Hariharan <gr8rithic@gmail.com>
User must enable CONFIG_DNS_SD option to enable the "list"
sub-command for the "dns" command.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Refactor the QUIC TLS credential path so private-key parsing and PSA
signing-key import happen in tls_set_private_key().
The previous flow parsed the certificate in tls_add_own_cert(), parsed
the private key in tls_set_private_key(), and then called
quic_tls_set_own_cert() later from init and credential refresh paths
even though that helper no longer installed the certificate. Its real
work was importing the private key into PSA, which made the control
flow harder to follow and duplicated private-key parsing.
Move the signing-key import into tls_set_private_key(), remove the
misleading follow-up quic_tls_set_own_cert() calls, and drop the now
unused raw-key bookkeeping from the TLS context. This keeps
certificate handling in the certificate loader and private-key
handling in the private-key loader while preserving the existing
handshake behavior.
Assisted-by: Copilot:gpt-5.4
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add a dedicated STREAM frame error helper and use it at both STREAM
dispatch sites in quic_packet.c.
STREAM handling already uses -EPROTO to mean that a specific transport
close was attempted by the lower-level handler, for example on stream
limit or receive-side flow-control violations. The previous open-coded
special case worked, but it left that contract implicit and routed the
other STREAM errors differently from the rest of the frame handlers.
Make the contract explicit in one helper: keep -EPROTO as the
close-already-sent path for STREAM, and continue mapping malformed
STREAM frames through the generic frame-encoding error handling.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Avoid adding the requested send size directly to the tracked
anti-amplification TX count when checking whether an unvalidated
server endpoint may transmit.
The tracked counters are small in practice, but the helper accepts a
size_t byte count and the previous uint64_t addition could wrap for a
very large input on 64-bit builds. Rework the check to compare the
requested size against the remaining budget instead.
Add regression coverage that passes SIZE_MAX to the helper and
verifies the request is rejected rather than wrapping into an allowed
send.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Guard the flow-control error close paths in quic_stream_receive_data()
so they only send CONNECTION_CLOSE for socket-backed endpoints.
The Quic unit tests exercise receive-side flow-control handling with
synthetic endpoints that set sock = -1 and do not initialize recovery
state. Sending CONNECTION_CLOSE from those paths can reach recovery
shutdown and touch an uninitialized lock even though no transport
packet can be sent.
Keep returning -EPROTO for the protocol violation, but skip the close
when the endpoint is not fully usable for transport I/O. Add coverage
for the RX buffer overflow path and assert that synthetic endpoints do
not enter recovery shutdown on these fatal receive errors.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Process Version Negotiation and unsupported-version long headers before
applying Quic v1 Initial-specific checks in process_long_header().
Version Negotiation packets randomize the long-header type bits, so
they can look like Initial packets during early parsing. Checking the
Initial DCID minimum length first can therefore reject Version
Negotiation packets, or other unsupported versions, before they reach
the correct version-handling path.
Move the version check ahead of the Initial DCID length validation and
add regression coverage for Version Negotiation and unsupported-version
packets whose type bits decode as Initial.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Reject empty TLS Certificate messages when peer verification is
required, instead of accepting them and continuing without a captured
peer certificate.
Also add a defensive check in the Finished path so a peer cannot
complete the handshake without ever providing a certificate when the
effective verify policy requires one.
Add focused regression coverage for both cases: an empty Certificate
message and a Finished message received without any peer certificate.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Rename the per-stream RX flow-control counter to fc_bytes_received
to make it clear that the value tracks consumed flow-control credit,
not only contiguous payload bytes delivered to the application.
Document in quic_stream_receive_data() that Quic RX flow control is
based on absolute byte offsets. When a newly received frame advances
the highest received offset on a stream, any gap up to that offset
also consumes flow-control credit, while duplicate data must not be
counted twice.
Add regression coverage for gap accounting. The new test verifies
that out-of-order data consumes stream and connection flow-control
credit up to the new highest offset, that later filling the gap does
not double-count, and that further extension past the limit is
rejected.
Assisted-by: Copilot:gpt-5.4
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
When quic_stream_receive_data() cannot buffer a new out-of-order
STREAM segment, it currently returns -EAGAIN. The packet is then
treated as valid and ACKable even though the data was dropped and
not counted toward stream or connection flow control.
Treat queue-full and oversized out-of-order segments as
FLOW_CONTROL_ERROR instead. Keep duplicate already-buffered segments
non-fatal, but stop ACKing new data that could not be retained.
Add regression coverage for duplicate, queue-full, and oversized
out-of-order receive cases.
Assisted-by: Copilot:gpt-5.4
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Reload TLS credentials when ZSOCK_TLS_SEC_TAG_LIST is updated on an
already initialized Quic TLS context, and make the Quic test helper
apply the configured security tags through setsockopt().
This keeps certificate configuration consistent between server and
client paths and avoids stale credential state when TLS options are
set after endpoint creation.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Compare overlapping CRYPTO data against buffered bytes and fail
closed on mismatches.
Map CRYPTO reassembly overflow to CRYPTO_BUFFER_EXCEEDED, stop
silently ignoring out-of-order reassembly bookkeeping failures, and
add compile-time guards for the current metadata widths.
Add tests for duplicate overlap, conflicting overlap, and buffer
overflow handling.
Assisted-by: Copilot:gpt-5.4
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Recovery state is now serialized with a per-endpoint mutex.
PTO runs on a private QUIC recovery workqueue instead of
k_sys_work_q, and endpoint teardown / connection close now use
synchronous PTO cancellation.
The PTO handler no longer drops the endpoint reference from inside
the running work item. On excessive PTO it marks recovery closed,
notifies streams, and defers final unref through separate work so
the embedded delayable is not freed while active.
Recovery tracking is also gated once shutdown begins, and a new test
verifies that shutdown suppresses new in-flight tracking.
Assisted-by: Copilot:gpt-5.4
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Make quic_put_varint() return an error when the destination buffer
is too small and update callers to validate the result.
Validate frame types by packet number space so forbidden frames
close with PROTOCOL_VIOLATION and unknown or malformed frames close
with FRAME_ENCODING_ERROR.
Also harden malformed CONNECTION_CLOSE parsing and add direct tests
for the new parser behavior.
Assisted-by: Copilot:gpt-5.4
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Peer certificate verification follows the same default policy as
Zephyr TLS sockets: clients require successful peer verification
by default, while servers default to not verifying client
certificates unless ZSOCK_TLS_PEER_VERIFY is explicitly enabled.
A client that does not load a CA certificate therefore fails the
handshake by default; applications that deliberately skip server
authentication must opt out by setting
ZSOCK_TLS_PEER_VERIFY = MBEDTLS_SSL_VERIFY_NONE.
Assisted-by: Copilot:gpt-5.4
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Wake any client-side stream_open() waiters that are still blocked on
the handshake outcome.
Assisted-by: Copilot:gpt-5.4
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
A receiver advertises two credits, per-stream
(initial_max_stream_data_*, updated by MAX_STREAM_DATA) and
per-connection (initial_max_data, updated by MAX_DATA). An
endpoint MUST NOT allow the largest received byte offset on a
stream to exceed the stream limit (§4.1), MUST NOT allow the sum of
received offsets across streams to exceed the connection limit (§4.1),
and MUST close with FLOW_CONTROL_ERROR (0x03, §11.2) on
violation. The check is on wire offsets, not on what fits locally.
The code did not do the checks properly for RX data.
Assisted-by: Copilot:gpt-5.4
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
