The return value variable was initialized but always overwritten
before being read.
Remove the redundant initialization to simplify the code and avoid
misleading default values.
No functional change.
Signed-off-by: Gaetan Perrot <gaetan.perrot@spacecubics.com>
Coverity found a REVERSE_INULL defect (CID 551615).
The 'hasher' pointer was used before it was checked
for NULL in crypto_query_hwcaps().
This patch reorders the logic to check the pointer
immediately after device_get_binding().
Fixes CID 551615
Signed-off-by: Shreya Kulkarni <kulkarnishreya2421@gmail.com>
- Use the minimum of our and peer MRU as the MTU of the link.
Allows for cases where our MRU is < 1500.
- Move all of the MRU handling under CONFIG_NET_L2_PPP_OPTION_MRU.
So that we handle both sending the LCP_OPTION_MRU in Configure-Request
and receiving it in Configure-Request.
- Remove CONFIG_NET_L2_PPP_OPTION_MAX_MRU.
From RFC 1661, 6.1 Implementation note:
... The peer need not Configure-Nak to indicate that it will only send
smaller packets, since the implementation will always require
support for at least 1500 octets.
- Set ppp_my_options_parse_conf_ack so that ack's are parsed.
Signed-off-by: Markus Lassila <markus.lassila@nordicsemi.no>
Do direct resource path comparison on all registered resources before
falling back to fnmatch() so that exact path matches get always
preference.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Both cases use a large static buffer, we can optimize here and use a
single mutex-protected buffer for both.
sendmsg() test case needed adjustments, as it was also testing a buffer
overflow scenario. This can only be properly tested however if CID
feature is disabled, as otherwise the common helper buffer size is
increased for the CID use case, preventing the overflow from taking
place.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
For options that return the handshake status, make sure they work in
multi-client DTLS server case, by returning the status for the session
that completed handshake most recently. For TLS and DTLS client cases
that should make no difference, as there should only be one session per
context.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
With support for multiple client sessions for DTLS server socket, the
session timeout can no longer rely on built-in mbed TLS timing out
mechanism, as this only works for the session that is currently active.
Background sessions would never time out if the client just went silent.
Therefore, allocate a per-session timestamp, that keeps track of the
last activity on the session. Then, whenever poll() or recv() is called
loop over all sessions to identify those that timed and should be
released.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case a client address changes, but a session uses Connection ID
extension, the server should verify if the packet belongs to any of the
established sessions based on the CID value.
Therefore, before attempting to allocate a new session in such case,
loop over sessions and try to match the packet to one of the existing
sessions based on CID. In case of success, update the corresponding peer
address.
If no session is found based on CID, only then try to allocate a new
one.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case of errors on an active session (in most cases peer closing the
session), the session should be freed. Note, that as mbed TLS needs some
session context to work with, the last session on a socket is not freed,
but only reset instead.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
For TX, the DTLS server needs to check the peer address before passing
the packet to mbed TLS. In case the peer address doesn't match the
active session, it needs to switch sessions.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Refactor RX side for DTLS server to allow session switching when a
datagram from a peer that does not match current session. The server
needs to loop over established sessions, and in case no session is
found allocate a new one.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Split DTLS BIO RX functions for client and server case, given the
functionality will differ heavily. DTLS server needs to peek packet
before passing it to mbed TLS to allow to switch DTLS sessions in case
peer address doesn't match.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Separate TLS session context from the TLS socket context so that a
single DTLS server socket can support multiple client sessions.
Other socket types will only have a single session per TLS socket.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Enforce the minimum TLS version on mbed TLS, based on the protocol
version provided by the application when creating socket. This ensures
that when application creates a TLS 1.3 socket, mbed TLS won't downgrade
the session to TLS 1.2 for instance.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Moved dsa_tag.h to include folder as common header file.
And we will support iterable section for vendor dsa tag
protocol drivers registering.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
The SenML-JSON specification mentions base64-encoded data with the
URL-safe alphabet and padding omitted.
For sending data, zephyr used normal base64 with padding. Change the
base64 data to use the URL-safe format without padding when sending opaque
data via SenML-JSON.
Fixes#102390
Signed-off-by: Jeroen Broersen <jeroen.broersen@wioniq.com>
There was a Kconfig option defined to limit the number of additional DNS
queries sent for aliases received in CNAME records (to avoid potential
query loops), however it was not implemented. This commit implements the
feature - the resolver will now only send up to
CONFIG_DNS_RESOLVER_ADDITIONAL_QUERIES follow-up queries after
receiving CNAME record with an alias w/o any IP addresses.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case CNAME record is received with no IP addresses, DNS resolver will
attempt to re-send the query for the name indicated by the CNAME record.
The logic for scheduling the new query was inconsistent though:
dispatcher_cb() assumes that it'll reuse the query context with the same
query id, while dns_read() cancelled the query, which shouldn't really
happen, as that would cause an error to be reported to the application
via callback.
Fix that by skipping the query cancel in case of DNS_EAI_AGAIN result.
The query context will be properly reused then, and freed either when
reply for another query arrives, or the query times out.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Don't report CNAME records via application callback (as it used to be
done). They don't carry any data in the info struct and are only used
internally to redirect DNS queries.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When Ethernet management is not enabled, the respective calls should
also be compiled out. In case there are no callers the toolchain will
remove this, hence it worked till date.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
This helps in benchamrking raw socket (packet socket) performance in the
lines of UDP/TCP.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
coap_client_schedule_poll() never reports errors and always returns
0.
The error check at the call site is therefore dead code.
Make the function void and drop the unused error handling.
Signed-off-by: Gaetan Perrot <gaetan.perrot@spacecubics.com>
process_advertise() never reports errors and always returns 0.
The error check at the call site is therefore dead code.
Make the function void and drop the unused error handling.
Signed-off-by: Gaetan Perrot <gaetan.perrot@spacecubics.com>
process_search() never reports errors and always returns 0.
The error check at the call site is therefore dead code.
Make the function void and drop the unused error handling.
Signed-off-by: Gaetan Perrot <gaetan.perrot@spacecubics.com>
Instead of processing loopback packets from the TX thread directly,
queue them for further processing by RX thread (if possible), just as
regular packets. It's now possible as the information regarding the
packet is a loopback one or not is stored directly in the net_pkt
structure.
This allows to avoid unexpected stack consumption increases if packets
are sent for loopback destinations.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Fix inconsistencies in the QBV (IEEE 802.1Qbv Time-Aware Shaper) shell
command documentation and help messages:
1. Add missing "net qbv" command documentation to net_shell.rst
2. Correct command examples in help text - add missing "net" prefix
to "qbv set_gc" commands
3. Fix command usage descriptions for set_config and set_gc to match
actual command names
This ensures users see correct command syntax in both documentation
and interactive help.
Signed-off-by: Qiang Zhao <qiang.zhao@nxp.com>
If peer lowered its receive window and advertised zero-window length,
TCP stack would pause the retransmission timer until non-empty window is
advertised again. This however could trigger an assertion, that verified
that the retransmission timer is running whenever there is data to
transmit. Add an exception to the assertion for the zero-window case.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
As described in RFC5227 ch. 2.1.1 ARP Probes are broadcasted.
ARP requests not being broadcasted should not be detected as
ARP Probes.
Signed-off-by: Andreas Huber <andreas.huber@sautergroup.com>
Make sure that if the connection is closed but we still received
a SYN packet, we do not try to access already closed connection.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Avoid accessing request fields before validating input arguments in
coap_client_req().
The request path length is now checked only after validating the
request pointer, preventing a potential NULL pointer dereference.
No functional change intended.
Signed-off-by: Gaetan Perrot <gaetan.perrot@spacecubics.com>
Use PSA Crypto API for SHA-1 computation instead of legacy Mbed TLS crypto.
The latter is going to be removed soon.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Remove optional use of legacy Mbed TLS crypto in favor of the already
existing PSA Crypto API alternative. This is required in order to jump
to the next version of Mbed TLS (i.e. 4.0) where all this legacy crypto
support is no more available.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
If we have more than one IP on an interface we should choose the IP
corresponding to the same network as the target IP.
Signed-off-by: Andreas Huber <andreas.huber@sautergroup.com>
Follow coding guidelines rule 78:
A full expression containing an increment (++) or decrement (–) operator
should have no other potential side effects other than that caused by the
increment or decrement operator
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
If the underlying listening TCP context reported an error, it's no
longer usable, therefore accept() call for such a socket should report
an error as well, otherwise it may block indefinitely.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case network interface goes down, all underlying TCP contexts are
being dereferenced, however they are not released until application
dereferences them as well (i.e. closed the socket). If the application
does not do so however timely, and network interface goes down again,
the TCP context would still be present on the active contexts list and
could've been dereferenced for the second time.
Fix this by checking the context state before dereferencing it on the
stack behalf. Non-listening TCP context are being set to CLOSED state
upon dereferencing. For the listening contexts, the TCP context has
only one ref from the application side, so use the `accept_cb` pointer
value as an indicator that the accept callback, indicating an error,
has already been called for the context.
Additionally, add a mutex lock when releasing listening context on
network down even, to avoid potential races with yet unprocessed
incoming packets.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
75ef6392 removed the only call to coap_client_init_request() where
reconstruct==true. All remaining calls have reconstruct==false.
This commit removes the parameter.
Signed-off-by: Sam Friedman <sam@golioth.io>
