TCP is a streaming protocol, this means it can set the packet boundary
at an arbitrary location. Therefor a re-transmitted packet may have the
packet boundary at a different location from the original missing segment.
The reordering logic should be able to deal with this situation and
throw away the overlapping data.
Signed-off-by: Sjors Hettinga <s.a.hettinga@gmail.com>
Instead of waiting for the retransmit timeout, retransmit as soon as
missing data is deduced based on a triple-duplicate ACK.
Increase the number of buffers in the testcase, to allow for at least 4
packets in flight to trigger the triple-duplicate ACK.
Signed-off-by: Sjors Hettinga <s.a.hettinga@gmail.com>
When out of order data is received, send out a duplicate ACK to notify
the sender that there is data received out of sequence, so it can
retransmit the missing section.
Also avoid sending acknowlegdement to acknowlegdement messages that are
having an out of order sequence number.
Signed-off-by: Sjors Hettinga <s.a.hettinga@gmail.com>
The IEEE 802.15.4 security implementation had several severe bugs:
* A regression introduced by 6ea225e34a
(net/ieee802154: Finally removing usage of ll_reserve in L2)
introduced a buffer leak (reading/ writing beyond the end of the frame
buffer) and led the security implementation to malfunction in all but
the simplest cases (i.e. encryption/authentication: none).
* Encryption vs. authentication modes were not properly implemented i.e.
encryption was always active even if not required by the chosen
encryption level.
* Nonce endianness was not correctly handled on decryption of packets
which led to authentication failures.
* The frame counter was not checked for overflows.
* The encryption output buffer limit (out_buf_max) was not correctly set.
* Setting an invalid key mode led to a NULL pointer deref.
* We use CCM rather than CCM* as crypto.h does not provide access to
CCM*. CCM does not support encryption-only operation, though. This
condition was not checked by the code.
Signed-off-by: Florian Grandel <jerico.dev@gmail.com>
This change makes the packet socket and ieee802154 l2 drivers aware of
AF_PACKET sockets, see https://github.com/linux-wpan/wpan-tools/tree/master/examples
for examples which inspired this change.
Signed-off-by: Florian Grandel <jerico.dev@gmail.com>
Some IEEE 802.15.4 specification constants must be made available in
userspace as they will be needed to use IEEE 802.15.4 RAW/DGRAM sockets
which will be introduced in this changeset.
Signed-off-by: Florian Grandel <jerico.dev@gmail.com>
Zephyr IEEE 802.15.4 drivers and L2 stack use the same constant names
for different MTU definitions. The intent of this change is to introduce
a consistent MTU definition which can be used everywhere in zephyr to
avoid confusion, bugs and name conflict.
Signed-off-by: Florian Grandel <jerico.dev@gmail.com>
Newly introduced Coverity scan throws a warning about duplicate tag as
per MISRA coding standards, so, use a unique tag name in the existing
code for "shell".
Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Networking statistics framework is used to define handler and the data
structure, Wi-Fi management layer implements the handler and also adds a
new offload API to get statistics from the Wi-Fi driver.
Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
A new net_mgmt command and event are added for interface status,
depending on the implementation the status can be returned when polled
or an unsolicited event can be send by driver whenever there is a change
in status.
This is planned to be implemented only by upcoming wpa_supplicant,
offload implementation is left for driver developers.
Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
Created the mutex registry_lock to:
- protect read and write operations
- protect the registry.
Only partially finished as the functions like lwm2m_engine_get_obj
warrants a larger refactoring to completely thread safe the registry.
Signed-off-by: Ola Tangen Kulseng <ola.kulseng@nordicsemi.no>
LwM2M was not reported properly case when message "Accept"
coap option was not not supported. In that case LwM2M transport
specification define 4.06 "Not Accepted"
Signed-off-by: Juha Heiskanen <juha.heiskanen@nordicsemi.no>
The update result is supposed to indicate success only after a firmware
update has been applied. The bug here was that the success was reported
already when the update image download was done.
Signed-off-by: Veijo Pesonen <veijo.pesonen@nordicsemi.no>
Many device pointers are initialized at compile and never changed. This
means that the device pointer can be constified (immutable).
Automated using:
```
perl -i -pe 's/const struct device \*(?!const)(.*)= DEVICE/const struct
device *const $1= DEVICE/g' **/*.c
```
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
This adds a Trusted Credential storage backend using the PSA
Protected Storage API, permitting storage of the credentials
offering a trusted long-term storage with integrity checks.
This implementation tries to fit the actual tls_credentials
implementation, with some slight differences:
- the buffer pointer returned by credetial_get & credential_next_get
is dynamically allocated and differs from the one given to
tls_credential_add since it's extracted from the storage at runtime.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Decouple the zephyr/net/socketcan.h and zephyr/drivers/can.h header files
by moving the SocketCAN utilities to their own header.
This is preparation for including the SocketCAN types defined in
socketcan.h in a native posix (Linux) SocketCAN driver context without name
clashes.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
Rename the SocketCAN header from socket_can.h to socketcan.h to better
match the naming of the functionality.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
Rename the SocketCAN utility functions to reflect the new naming of the CAN
controller API and SocketCAN API data types.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
Remove the "z" prefix from the public CAN controller API types as this
makes them appear as internal APIs.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
Rename the SocketCAN data types to "socketcan_*" in preparation of renaming
the low-level CAN controller API data types.
This breaks the naming compatibility with the similar SocketCAN data types
from the Linux kernel, but Zephyr and Linux SocketCAN are not 100%
compatible anyways (only the structure fields are compatible, extended
functionality such filtering, error reporting etc. are not).
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
This new implementation of pipes has a number of advantages over the
previous.
1. The schedule locking is eliminated both making it safer for SMP
and allowing for pipes to be used from ISR context.
2. The code used to be structured to have separate code for copying
to/from a wating thread's buffer and the pipe buffer. This had
unnecessary duplication that has been replaced with a simpler
scatter-gather copy model.
3. The manner in which the "working list" is generated has also been
simplified. It no longer tries to use the thread's queuing node.
Instead, the k_pipe_desc structure (whose instances are on the
part of the k_thread structure) has been extended to contain
additional fields including a node for use with a linked list. As
this impacts the k_thread structure, pipes are now configurable
in the kernel via CONFIG_PIPES.
Fixes#47061
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
mbedTLS library threshold initialization was done in native TLS socket
implementation (which tends to use mbedTLS now) and inside mbedTLS
benchmark test. Move that to mbedTLS module initialization, as this is a
global setting.
Update description of CONFIG_MBEDTLS_DEBUG_LEVEL to clarify when
mbedtls_debug_set_threshold() is called.
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
So far there was a debug log hook installed in TLS socket implementation.
However, mbedTLS (with debug enabled) might be used outside from TLS socket
and even outside from networking context.
Add new module, which implements debug log hook and makes it available
whenever CONFIG_MBEDTLS_DEBUG is enabled.
Note that debug hook needs to be installed for each mbedTLS context
separately, which means that this requires action from mbedTLS users, such
as TLS sockets implementation.
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
Persist timer should implement exponential backoff, as per RFC 1122:
The transmitting host SHOULD send the first zero-window
probe when a zero window has existed for the retransmission
timeout period (see Section 4.2.2.15), and SHOULD increase
exponentially the interval between successive probes.
Implement this, by following Linux behaviour, and simply double the
timeout or each probe transmission.
Additionally, prevent reseting the persist timer in case an
acknowledgment is received with zero window size, and the timer is
already running.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case peer does not send the MSS option, the TCP stack should assume
default peer MSS value of 536, as per RFC 1122:
If an MSS option is not received at connection setup, TCP
MUST assume a default send MSS of 536.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Client Registration update process may be reject by server
and this commit fix a case that it will jump to new state
which send registration message. Earlier RD client try
allocate message before only possible one was released.
Signed-off-by: Juha Heiskanen <juha.heiskanen@nordicsemi.no>
Queue mode without TLS cache was loosing buffered messages at
wake-up process from idle state. Now client context linked list
are initialized at rd client start process only 1 time.
Signed-off-by: Juha Heiskanen <juha.heiskanen@nordicsemi.no>
Add `OPENTHREAD_CONFIG_MESSAGE_BUFFER_SIZE` to Kconfig.
Also set the number of children to minumum possible for MTD builds
in order to save some resources (~512B of RAM).
Signed-off-by: Eduardo Montoya <eduardo.montoya@nordicsemi.no>
Remove NET_CONFIG_IEEE802154_DEV_NAME in favor of DT based choice using
zephyr,ieee802154.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Use DT choice zephyr,ieee802154 as CONFIG_NET_CONFIG_IEEE802154_DEV_NAME
is being phased out.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
In order to make the zperf to work regardless of the POSIX configuration
in the system, convert the socket API usage into Zephyr's native
zsock_* API.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Make a library out of the zperf shell sample. This makes to enable the
module in any application, not only the dedicated sample.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
ppp_send_pkt() function can be called with NULL fsm parameter (when
PPP_PROTOCOL_REJ packet was sent), howerver this was not taken into
consideration when ppp_context was retrieved. In result, this could lead
to NULL pointer dereference an crash.
Fix this, by moving the ppp_context extraction directly where it's
actually used (PPP_CODE_REJ packet type handling). In such case, fsm
point should not be NULL.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commit adds a check, in the `dns_read` function, before
dereferencing the query index returned by the `dns_validate_msg`
function.
This fixes the warnings generated by the GCC 12 such as:
error: array subscript -1 is below array bounds of
'struct dns_pending_query[5]' [-Werror=array-bounds]
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Skip IP header checksum calculation when the network interface reports
support for this feature.
Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
Wi-Fi protocol uses EAPoL ether type frames for authentication, so, add
support for that ether type so that they are not dropped.
Though we have NET_ETHERNET_FORWARD_UNRECOGNISED_ETHERTYPE to allow
unknown frames to be passed up the stack, but this might cause
performance penalty.
Signed-off-by: Krishna T <krishna.t@nordicsemi.no>
When string and opaque types are uninitialized, we should
allow their data length to be zero. However, most content
formatters seem to calculate the string length separately
so replace the pointer of empty data into a static string
that is guaranteed to be empty.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
For most of the times it is not necessary to do a full registration
once a connection is established after a network error. This is in
particular not needed if lifetime is not yet expired and the server
does not refuse a registration update.
Signed-off-by: Andreas Chmielewski <andreas.chmielewski@grandcentrix.net>
Separate closing lwm2m context from closing socket. This patch is required
for the rd client to take more control over lwm2m context and the socket.
The goal is to close the socket and to keep the lwm2m context if this is
needed.
Signed-off-by: Andreas Chmielewski <andreas.chmielewski@grandcentrix.net>
Registration should only be updated if update of the registration was
succesful.
Signed-off-by: Andreas Chmielewski <andreas.chmielewski@grandcentrix.net>
According to RFC 793, ch 3.9 Event Processing, receving SYN flag after
the connection has been established is an error codition:
If the SYN is in the window it is an error, send a reset, any
outstanding RECEIVEs and SEND should receive "reset" responses,
all segment queues should be flushed, the user should also
receive an unsolicited general "connection reset" signal, enter
the CLOSED state, delete the TCB, and return."
Currently TCP stack ignored such event, causing interoperability test
failures. Fix this, by verifying if the SYN flag is set in a packet in
any state other than TCP_LISTEN and TCP_SYN_SENT.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
While a previous change had already decoupled the IEEE 802.15.4 L2 from
IP upper layers, this only worked when at least one other interface of
the device supported IP.
This change removes this requirement and thereby fixes a build error
that occurred when disabling IP support while maintaining IEEE 802.15.4
L2 support.
Fixes: #48718
Signed-off-by: Florian Grandel <jerico.dev@gmail.com>
