Introduce the CONNMON_LINK_UTILIZATION resource to the Connection
Monitoring object. Add backing storage, initialize it during instance
creation, and register it in the resource table.
Signed-off-by: Zafer SEN <zafersn93@gmail.com>
Select the interface whose on-link prefix has the greatest length when
multiple prefixes match the same address. Fixes wrong iface selection
when a host has several interfaces whose on-link prefixes overlap (e.g.
a shorter prefix on one link and a longer, more specific prefix on
another). Callers that pass iface == NULL still get a boolean only; no
interface pointer is written.
Signed-off-by: Jani Hirsimäki <jani.hirsimaki@nordicsemi.no>
The support for running network TX/RX threads in pre-emptive way
was introduce in 2020. The experimental status is no longer valid
as the feature has been there for quite some time and it is being tested
also regularly by CI.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The functions that add DNS records (PTR, SRV, TXT, AAAA, A) all use a
buf_size argument which represents the size of the whole buffer, not the
remaining size. The higher function that calls these did not provide the
correct argument: it passed the remaining size in the buffer.
Signed-off-by: Sebastiaan Merckx <sebastiaan.merckx@verhaert.com>
The DHCPv4 client logs the received address with NET_INFO when an
address is successfully obtained from the server. The DHCPv6 client
had no equivalent log message, making it difficult to confirm that
DHCPv6 address assignment succeeded.
Add a NET_INFO log when a DHCPv6 address is successfully configured,
consistent with the DHCPv4 client behavior.
Signed-off-by: Ofir Shemesh <ofirshemesh777@gmail.com>
In setup_ipv6(), the net management event callback registration was
placed after the early exit for empty CONFIG_NET_CONFIG_MY_IPV6_ADDR.
This means that in DHCPv6-only configurations (no static IPv6 address),
the callback was never registered, and the IPv6 address and lifetime
were never printed when DHCPv6 obtained an address.
This is inconsistent with setup_ipv4(), which correctly registers the
callback before the empty address check, allowing DHCPv4 address
events to be handled even without a static IPv4 address.
Move the event callback registration and router flag check before the
empty address goto, and always include NET_EVENT_IPV6_ADDR_ADD in the
event mask so that DHCPv6 address additions are always captured.
Signed-off-by: Ofir Shemesh <ofirshemesh777@gmail.com>
In net_context_get(), contexts[i].local is memset to zero before
find_available_port() is called. This leaves sa_family as 0, which
causes check_used_port() to skip both the IPv6 (sa_family ==
NET_AF_INET6) and IPv4 (sa_family == NET_AF_INET) collision-detection
branches, unconditionally returning "port available".
When the PRNG produces the same random port for two consecutive
socket() calls, the collision is not detected and both contexts are
assigned the same ephemeral port. The duplicate is only caught later
during listen() → net_conn_register(), which finds the identical
connection handler and returns -EADDRINUSE (errno 112).
Fix by setting sin6_family / sin_family on the local address
immediately after the memset and before find_available_port() is
called, so that check_used_port() enters the correct address-family
branch and properly detects port collisions.
Signed-off-by: Ofir Shemesh <ofirshemesh777@gmail.com>
The exthdr_len was previously validated against the total
packet length, which did not account for the header's offset.
This could allow a crafted packet to cause an out-of-bounds
read by claiming a length that exceeds the remaining buffer.
Fixes https://github.com/zephyrproject-rtos/zephyr/issues/106331
This commit:
1. Validates exthdr_len against (pkt_len - start_offset).
2. Adds strict bounds checking for sub-options (PADN/others)
to ensure they do not exceed the extension header boundary.
3. Validates the return value of net_pkt_skip().
Signed-off-by: Nikhil Namjoshi <nikhilnamjoshi@google.com>
When logging statically configured network SSID, use the Kconfig string
instead of a SSID buffer where it was copied to, as the latter is not
guarantee to be NULL terminated.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case CONFIG_WIFI_CREDENTIALS_STATIC is used, verify the statically
configured SSID/password lengths to guarantee they don't exceed the
allowed SSID and password character limits and thus overflow credential
buffers.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
do net_if_set_link_addr() for
NET_REQUEST_ETHERNET_SET_MAC_ADDRESS
in ethernet_set_config(), that way drivers don't have
to do it themself.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
Writable string entries in ocpp_cfg_info are free'd if non NULL in
ocpp_set_cfg_val(). Thus they should not be statically allocated.
Initialise with NULL instead.
CFG_SUPPORTED_FEATURE_PROFILE is not writable and should be fine.
Signed-off-by: Markus Becker <markushx@gmail.com>
BootNotification did not transport Serial Number and other information,
because the NULL check is wrong.
Signed-off-by: Markus Becker <markushx@gmail.com>
When providing a addr in net_if_set_link_addr() it should be
constant, as this function should not change the address
in the pointer.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
Add a way to add private key, peer endpoint and keepalive
when setting up the wireguard connection using the shell.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Make blake2s private so that it cannot be used (easily) by other parts
of Zephyr codespace. The blake2s is part of the code until PSA will
have support for it. At that point the code will be removed and
replaced by the PSA calls.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Instead of using buffers for keys, use PSA key management to
store the keys. This is more safe than handling buffers in
the code directly.
Do some cleanup of the code structure and make the functions
in wg_psa.c static to disallow use outside of Wireguard.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
If running wg in native-sim, use the host clock to get the
current time. This helps to have a proper handshake when
connecting even after restarting the zephyr.exe process.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Allow user to provide a function that will need to get
the current time from a RTC or SNTP or similar.
Wireguard handshake replay prevention needs a monotonic
time so the application should get it from somewhere.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Send peer add/del network event when the peers is either added
to the system or deleted from the system.
Send VPN connected / disconnected event when a VPN connection
is successfully established or the peer connection is disconnected.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The "net wg show 1" will show detailed information of the peer
id 1. This is useful when debugging connectivity issues.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The crypto code is taken from wireguard-lwip project at
https://github.com/smartalock/wireguard-lwip
and is BSD-3-Clause licensed code.
The Blake2 RFC 7693 and XChaCha20 (from
https://datatracker.ietf.org/doc/html/draft-arciszewski-xchacha-03)
cannot currently use PSA APIs.
The XChaCha20 is found in PSA 1.2 but Zephyr is not yet using that
version.
All the other crypto usage is converted to use PSA APIs.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
As described in https://www.wireguard.com/protocol/
set DSCP to AF41 for handshake messages. The transport data
DSCP is set to 0.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
With 6GHz band, channel numbers are not unique anymore, channel 1 can
mean both 2.4GHz or 6GHz, so, take the band info as the argument from
the user.
Keep auto-detection for backwards compatibility sake.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Assisted-by: Cursor:Auto
Add support for the IPSO Magnetometer object version 1.0 (Object ID
3314) which allows an LwM2M server to read magnetic field values from
a 1-3 axis magnetometer.
The object is enabled in tests/net/all/prj.conf to ensure it is
built as part of the CI all-in networking build.
Signed-off-by: Savo Saicic <savo.saicic@gmail.com>
When calling zsock_recvmsg()/zsock_sendmsg() system calls, check if
provided msg->msg_iovlen is valid, i.e. does not cause size_t overflow
when calculating memory needed for msg->msg_iov vector.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Both PK and TLS now rely on PSA generate random to get random data
so end users (i.e. sockets_tls in this case) don't need to manually
specify this anymore.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This is useful if the application may wish to reject an address.
This works well alongside the address_provider callback, this way
you can enforce static leases based on the client id (MAC address).
Signed-off-by: Andreas Ålgård <aal@ixys.no>
- NET_EVENT_IF_UP can fire between the net_if_is_up() check and
net_mgmt_add_event_callback() in check_interface(). When this
happens (e.g. with CONFIG_SHELL_BACKEND_TELNET=y which starts a
same-priority thread that brings the interface up concurrently),
the event is missed and net_config_init_by_iface() blocks forever.
- Fix by always registering the callback first, then checking
net_if_is_up() after registration. If the interface came up in
the race window, remove the callback and signal the semaphore
immediately. Move the NET_INFO print to only fire when we are
genuinely going to wait.
Signed-off-by: Jjateen Gundesha <jjateen97@gmail.com>
The net logging helper macros are now in a separate header.
Let's have all net users to include this new header.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
as there is now a 1:1 relationship beween
struct ethernet_context and struct net_if
we can simplify the logic here,.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
use `NET_IF_OPER_UP` to check if the iface is
already up, this is also the state that corespondes with
NET_EVENT_IF_UP.
Also move `net_if_foreach(iface_cb, NULL);`
after `net_mgmt_add_event_callback()`, so we won't
miss any up event.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
