During stack reset in RCP, the mac keys are resseting my calling
otPlatRadioSetMacKey with aKeyId == 0. aKeyId == 0 was not handling
properly since it is not valid for mac keys. This commit fixes it.
Signed-off-by: Lukasz Maciejonczyk <lukasz.maciejonczyk@nordicsemi.no>
Change the wording of the warning printed when there is no entropy to
hopefully remove any doubt that there might be security in TLS without
an entropy source. TLS connections with insufficient entropy are
trivially decodable, and should not be relied on for any type of
security.
Signed-off-by: David Brown <david.brown@linaro.org>
As the already existing macro K_MEM_SLAB_DEFINE results in
two variable definitions, the preceding static modifier leads to
a seemingly working solution, though linkage conflicts will occur
when the same memory slab name is used across multiple modules.
The new K_MEM_SLAB_DEFINE_STATIC macro duplicates the functionality of
K_MEM_SLAB_DEFINE with the difference that the static keywords are
internally prepended before both variable definitions.
The implementation has been tested on my Zephyr project (the build
issue faded out). The documentation has been updated altogether
with all incorrect occurences of static K_MEM_SLAB_DEFINE.
Signed-off-by: Pavel Hübner <pavel.hubner@hardwario.com>
net: lwm2m: When mbedtls CONFIG_MBEDTLS_SERVER_NAME_INDICATION is
enabled, a destination hostname must be passed to socket to properly
connect do lwm2m server.
Passing lwm2m context to lwm2m_parse_peerinfo
Signed-off-by: Jair Jack <jack@icatorze.com.br>
Reason why the prority was at its lowest is unknown, but now that it may
be used to send local packets (which used to be sent right away),
it seems to affect TCP scheduling in loopback mode. Raising the prority
so it matches how it was previously (i.e. sent right away) should fix
things. (Note however that this issue was not broadly present, only
sockets.tls test seemed to be affected.)
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Closing a connection, thus calling net_context_put() will not close a
TCP connection properly, and will leak tcp connection memory.
This is because: net_context_put calls net_context_unref which calls
net_tcp_unref which leads to unref tcp connection and thus sets
ctx->tcp to NULL. Back to net_context_put, that one finally calls
net_tcp_put: but that bails out directly since ctx->tcp is NULL.
Fixing it by inverting net_tcp_put() and net_context_unref() calls
within net_context_put().
Fixes#38598
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
On any target, running a TCP server and a net shell can show the issue:
net tcp connect local_ip port
will fail. Usally it ends up by consumming all tcp connection memory.
This is because in tcp_in(), state changes will most of the time lead to
sending SYN/ACK/etc... packets under the same thread, which will run all
through net_send_data(), back to tcp_in(). Thus a forever loop on SYN ->
SYN|ACK -> SYN -> SYN|ACK until tcp connection cannot be allocated
anymore.
Fixing it by scheduling any local packet to be sent on the queue.
Fixes#38576
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
The device service creates a notification of the current time resource
every 10s. This commit adds the possibility to change this timer to a
different value thus giving more control over the way the device object
is notified.
Signed-off-by: Sebastian Salveter <sebastian.salveter@grandcentrix.net>
Firmware Update object did not initialise resources PkgName,
PkgVersion and Firmware Update Protocol Support. Initialise
Firmware Update Protocol Support on creation and report CoAP
as default transfer protocol.
Signed-off-by: Marin Jurjević <marin.jurjevic@hotmail.com>
`engine_remove_observer_by_path()` was not updated during some recent
LwM2M observer changes, still using the `engine_observer_list` which got
moved into the `lwm2m_context` structure. Update the function to align
with these changes.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
`ztls_socket_data_check()` function ignored a fact when
`mbedtls_ssl_read()` indicated that the underlying TCP connection was
closed. Fix this by returning `-ENOTCONN` in such case, allowing
`poll()` to detect such event.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Loop by LOOP_DIVIDER counts instead of the number of seconds
specified in the timeout.
Fixes#39672
Signed-off-by: Paul Gautreaux <paulgautreaux@fb.com>
- Add a `log_strdup` to the role text output for logging V1
compatibility
- Fix style issues
- Change where the documentation refers to an OpenThread device as
"himself" to "itself"
Signed-off-by: Chris Pearson <ctpearson@gmail.com>
If CONFIG_NET_LOG=y is set, OpenThread will output the current OT
role whenever the state changes.
To simplify understanding of the log output, this change replaces
the numerical role ID with the text name of the role. This also
required a change to a documentation file to replace an instance
of a numerical ID.
NOTE: This is potentially a breaking change should anyone be using
test scripts that monitor the OpenThread state changes and look
for the numerical ID. This does not seem to be the case for the
Zephyr tests, however.
Signed-off-by: Chris Pearson <ctpearson@gmail.com>
There is no need to veirfy the result value of the strtol() operation,
as we copy the result to a 64 bit buffer anyway.
CID: 240696
Fixes#39810
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add a function to update the coap block context from a
packet, according to the block option enum provided.
The existing coap_next_block does not handle block1 transfers
properly because we need to inspect the block1 option
returned by the server. This function is reworked to make use
of the newly introduced one.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
According to RFC-7959:
When uploading with coap block1 requests the server may respond
with a size1 option (together with the response code 4.13).
This to indicate the maximum size the server is able and willing
to handle.
This commit changes the total_size in the current block context
being handled to the optional size1 option value from the server.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
The OpenThread stack uses uint32_t to calculate expiry time for
alarms, while comparing to zephyr's uint64_t uptime.
This commit fixes broken milliseconds alarms after ~49.7 days of
uptime.
Fixes#39704
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
Based on on RFC 8132 -
PATCH and FETCH Methods for the Constrained Application Protocol (CoAP)
Signed-off-by: Veijo Pesonen <veijo.pesonen@nordicsemi.no>
Based on on RFC 8132 -
PATCH and FETCH Methods for the Constrained Application Protocol (CoAP)
Signed-off-by: Veijo Pesonen <veijo.pesonen@nordicsemi.no>
ipv6_prefix_find() wrongly tests if the unicast address is in use
instead of the prefix. This has two implications:
- The function can return an expired prefix to net_if_ipv6_prefix_add(),
which will do nothing more to enable it (since it assumes that it is
already enabled). As a result, the prefix will not be used by the
rest of the stack due to prefix->is_used being false.
- ipv6_prefix_find() loops using a bound of NET_IF_MAX_IPV6_PREFIX, but
the size of the unicast[] array is defined by NET_IF_MAX_IPV6_ADDR.
This could lead to an out-of-bound access if NET_IF_MAX_IPV6_ADDR is
smaller than NET_IF_MAX_IPV6_PREFIX.
Signed-off-by: Florian Vaussard <florian.vaussard@gmail.com>
With the introduction of `EXPERIMENTAL` and `WARN_EXPERIMENTAL` in
Zephyr all subsys/net and drivers/ethernet/Kconfig.e1000 settings
having `[EXPERIMENTAL]` in their prompt has has been updated to include
`select EXPERIMENTAL` so that developers can enable warnings when
experimental features are enabled.
The following settings has EXPERIMENTAL removed as they are considered
mature:
- NET_OFFLOAD
- NET_PROMISCUOUS_MODE
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
With the introduction of `EXPERIMENTAL` and `WARN_EXPERIMENTAL` in
Zephyr all subsys/canbus, subsys/net/l2/canbus, and drivers/can settings
having `[EXPERIMENTAL]` in their prompt has has been updated to include
`select EXPERIMENTAL` so that developers can enable warnings when
experimental features are enabled.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
The condition checks whether the connection was established or not. The
return value should reflect that.
Signed-off-by: Caspar Friedrich <c.s.w.friedrich@gmail.com>
OpenThread has lately got an option to provide a custom
crypto backend that replaces the default, based on mbedTLS
API. Implement a backend based on ARM PSA crypto API that
is better suited for applications willing to take advantage
of the ARM trust zone technology.
Add Kconfig option: OPENTHREAD_CRYPTO_PSA_ENABLE which
enables that backend.
Also, another Kconfig option:
OPENTHREAD_PLATFORM_KEY_REFERENCES_ENABLE, implied by the
former, which enables usage of key references instead of
literal keys in OpenThread. It will eventually allow
OpenThread applications to keep sensitive data such as
encryption keys in the secure storage, accessible from the
secure world only.
Signed-off-by: Damian Krolik <damian.krolik@nordicsemi.no>
If a firmware update is fetched from a server, and no port number is set
in the URI (e.g. coap://example.com/fw_update), the client will try
to connect on the port specified by CONFIG_LWM2M_PEER_PORT.
If a port different from the peer port is to be used for firmware
update, this has to be set explicitly in the URI:
coap://example.com:5683/fw_update.
This fix adds CONFIG_LWM2M_FIRMWARE_PORT, which will be used when
fetching a firmware update without specifying the port number in the
URI.
Signed-off-by: Tjerand Bjornsen <tjerand.bjornsen@nordicsemi.no>
Add __printf_like modifier to validate strings used by shell.
Fixing warnings triggered by this change.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Replace the custom float32_value_t LwM2M type with native double, to
facilitate LwM2M API and improve floating point precission.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The irq_lock() usage here is incompatible with SMP systems, and one's
first reaction might be to convert it to a spinlock.
But are those irq_lock() instances really necessary?
Commit 6161ea2542 ("net: socket: socketpair: mitigate possible race
condition") doesn't say much:
> There was a possible race condition between sock_is_nonblock()
> and k_sem_take() in spair_read() and spair_write() that was
> mitigated.
A possible race without the irq_lock would be:
thread A thread B
| |
+ spair_write(): |
+ is_nonblock = sock_is_nonblock(spair); [false]
* [preemption here] |
| + spair_ioctl():
| + res = k_sem_take(&spair->sem, K_FOREVER);
| + [...]
| + spair->flags |= SPAIR_FLAG_NONBLOCK;
| * [preemption here]
+ res = k_sem_take(&spair->sem, K_NO_WAIT); [-1]
+ if (res < 0) { |
+ if (is_nonblock) { [skipped] }
* res = k_sem_take(&spair->sem, K_FOREVER); [blocks here]
| + [...]
But the version with irq_lock() isn't much better:
thread A thread B
| |
| + spair_ioctl():
| + res = k_sem_take(&spair->sem, K_FOREVER);
| + [...]
| * [preemption here]
+ spair_write(): |
+ irq_lock(); |
+ is_nonblock = sock_is_nonblock(spair); [false]
+ res = k_sem_take(&spair->sem, K_NO_WAIT); [-1]
+ irq_unlock(); |
* [preemption here] |
| + spair->flags |= SPAIR_FLAG_NONBLOCK;
| + [...]
| + k_sem_give(&spair->sem);
| + spair_read():
| + res = k_sem_take(&spair->sem, K_NO_WAIT);
| * [preemption here]
+ if (res < 0) { |
+ if (is_nonblock) { [skipped] }
* res = k_sem_take(&spair->sem, K_FOREVER); [blocks here]
In both cases the last k_sem_take(K_FOREVER) will block despite
SPAIR_FLAG_NONBLOCK being set at that moment. Other race scenarios
exist too, and on SMP they are even more likely.
The only guarantee provided by the irq_lock() is to make sure that
whenever the semaphore is acquired then the is_nonblock value is always
current. A better way to achieve that and be SMP compatible is to simply
move the initial sock_is_nonblock() *after* the k_sem_take() and remove
those irq_locks().
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
While adding support for service type enumeration, a regression was
introduced which prevented mDNS ptr query responses.
1. There was an off-by-one error with label size checking
2. Valid queries were failing to match in `dns_rec_match()` due to
not checking for either NULL or 0 "wildcard" port
Fixes#39284
Signed-off-by: Christopher Friedt <chrisfriedt@gmail.com>
From the OMA LwM2M Object and Resource Registry: "When the single Device
Object Instance is initiated, there is only one error code Resource
Instance whose value is equal to 0 that means no error."
This fix creates that initial error code resource instance, and makes
sure that it doesn't get deleted by the Reset Error Code resource.
Signed-off-by: Tjerand Bjornsen <tjerand.bjornsen@nordicsemi.no>
Mbed TLS 3.0 removes the definition for MBED_ERR_SSL_PEER_VERIFY_FAILED,
since non of its code ever returns that value. Since there isn't really
a perfect response, instead return a somewhat generic response
indicating this was unexpected.
Signed-off-by: David Brown <david.brown@linaro.org>
Several fields of structures in mbedTLS 3.0 are now private. To access
them directly is necessary to define MBEDTLS_ALLOW_PRIVATE_ACCESS.
That is a temporary fix, the proper solution is not access directly
but using proper API.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Fixes#38994, ARP messages were being sent to IPvXmcast MAC addresses
rather than the expected source MAC address or the broadcast address.
Signed-off-by: Robert Melchers <rmelch@hotmail.com>
Implements mechanism similar to the one available in net/lib/sockets.c
(since the merge of #27054) in sockets_can to enable parallel rx/tx.
Fixes#38698
Signed-off-by: Mateusz Karlic <mkarlic@internships.antmicro.com>
