So far the TLS/DTLS credentials would only be validated upon first use,
i. e. when TLS/DTLS handshake was initiated. This could lead to some
confusion, especially when trying to understand the reason of the
handshake failure, as it wasn't clear whether the handshake failed due
to peer sending bad certificate or due to local configuration issues.
This commit attempts to improve this, by pre-validating the credentials
as soon as they are configured on a socket with TLS_SEC_TAG_LIST socket
option. That way, in case bad credentials are configured on a socket, or
more commonly, mbed TLS is misconfigured to handle certain credential
type, it will be caught early during socket configuration, instead of
during the handshake.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Fix the transmit timestamp value sent in SNTP queries:
* Use sys clock as a time source instead of the uptime,
* As NTP epoch is different from Unix epoch (starts in 1900), adjust
the seconds value with appropriate offset,
* Finally, adjust the fraction calculation to the nanoseconds value
from struct timespec. Do the math in 64-bit to avoid overflows and do
the division at the end for more accurate results.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
fix(coap_link_format): Correct parameter constness in func signature
For function coap_link_format:coap_well_known_core_get_len()
the request parameter is declared to be a pointer-to-const,
but the const is missing for one of the two function definitions,
that are chosen via CONFIG_COAP_WELL_KNOWN_BLOCK_WISE.
With this fix the code also compiles when enabling
CONFIG_COAP_WELL_KNOWN_BLOCK_WISE.
Signed-off-by: Felix Kolbe <felix.kolbe@gmail.com>
Add NET_QBV in Kconfig, Qbv is Enhancements for Scheduled Traffic (EST),
one feature of TSN. The PTP clock provides the time reference for Qbv
Signed-off-by: Qiang Zhao <qiang.zhao@nxp.com>
There are some cases when OpenThread opens a sockets and doesn't choose
as default it's internal interface, this leading to usage of
platform UDP module which will then send back the packet to the
OpenThread interface. In this case, the packet should not be treated as
originated from backbone interface.
Backbone router multicast listener callback functionality is improved.
A route with a prefix length of 128 is set
and a multicast address is added for each listener registration.
OpenThread interface joins that multicast address group.
Enabled forwarding capabilities for Backbone interface.
A border router should be able to perform default packet forwarding for
destination addresses with a multicast scope greater than admin-local.
In order to achieve this, multicast routes have been added to those
addreses. [https://datatracker.ietf.org/doc/rfc7346/]
For Border Router application, `ip6_addr_cb` is not installed.
otIp6SubscribeMulticastAddress call would re-register an IPV6 multicast
address which might have been registered by an OpenThread node using
`ipmadd add` command and even if that node performed `ipmaddr del`,
the address was still present in multicast listener table. This also
led to a missing MLDv2 message with that specific multicast IPV6
address.
Signed-off-by: Cristian Bulacu <cristian.bulacu@nxp.com>
Introduce `lwm2m_set_cache_filter()` so applications can drop cached
samples before they reach the LwM2M SEND path.
Fixes#91590
Signed-off-by: Julien Vermillard <julien@clunkymachines.com>
Implement idle timeouts, primarily in the common connectivity library,
with individual interfaces notifying the library when the interface has
been used.
Signed-off-by: Jordan Yates <jordan@embeint.com>
Add an interface idle timeout parameter to the connectivity
binding structure. This will be used to track idle timeouts for
interfaces.
Signed-off-by: Jordan Yates <jordan@embeint.com>
This doesn't try to optimize memory usage for QOS=-1 publications, because
it's easier to use existing structs and allocators instead of adding new
ones with less fields.
Signed-off-by: Michael Zimmermann <michael.zimmermann@sevenlab.de>
The publish and subscribe APIs allocate topics implicitly, but don't
support allocating predefined or short topics. Additionally, we don't want
to force using short topics in case the passed topic is 2 bytes long, in
case the user doesn't want that (e.g. because the server doesn't support
it).
So instead, we add a new API which works similar to
mqtt_sn_predefine_topic, which allows allocating a short topic before using
any of these APIs.
Signed-off-by: Michael Zimmermann <michael.zimmermann@sevenlab.de>
- These are independent from connections since they are always valid.
- Implicitly created topics(e.g. from publish or subscribe) can't be
deleted either, so that doesn't make things worse compared to those.
Signed-off-by: Michael Zimmermann <michael.zimmermann@sevenlab.de>
The address resoution from RFC6763 is generally a PTR, SRV, TXT, and
an A or AAAA. Records, so this change is mainly to start drawing a
clear functional change between the DNS query shell and the DNS
service shell that should be more of a "avahi-browse" or "dns-sd"
functional style.
So, this is not a very robust implementation since it is a chain of
queries when the goal should be to get additional records from the
message itself but those changes can be added iteratively.
Basic point of this change is to show the procedure for the "browse"
- PTR service resolution
- SRV query from the result of the PTR
- AAAA (or A) from the result of the SRV
TXT records are ignored for now but should be added into this as
additional record support is extended.
Signed-off-by: Charles Hardin <ckhardin@gmail.com>
Along with key-value pairs, add an option to dump vendor values as a
blob, use can choose either one or both.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Keep a separate buffer for each request context instead of having a
single common buffer for the entire client context. This allows to
simplify the retransmission logic, as parallel requests will no longer
overwrite the buffer for each other. That way, we can simply retransmit
the packet w/o a need to recreate it, and thus reach to the payload
pointer or callback.
This removes the requirement to keep the payload pointer, provided to
asynchronous coap_client_req() call, valid throughout the exchange
lifetime for simple cases (i.e. no block transfer used). In case of
block transfer, this is unavoidable and needs to be documented.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Use buffers instead of pointers for path and extra options provided in
the struct coap_client_request, so that the library keeps a copy of the
path/options instead of pointers. That way, the library can still work
correctly in case of retransmissions or block transfer in case when the
original path or options were automatic variables that went out of
context.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Revert a change that broke the stable API function shell_set_bypass.
This reverts commit 6b876dba1ba61b659b1b2d4c3ccd0ac41bd56027.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
Fix overriding the test certificates directory for enterprise mode
when using sysbuild. The override already works as expected without
sysbuild.
Signed-off-by: Triveni Danda <triveni.danda@nordicsemi.no>
mbedtls_ssl_get_peer_cid takes size_t, not socklen_t.
c546c1cad1
changed the type of socklen_t to something that is incompatible with native
offloaded sockets, which caused a compiler error.
Signed-off-by: Michael Zimmermann <michael.zimmermann@sevenlab.de>
Neighbor Advertisement (NA) messages without a link-layer address option
are now accepted on point-to-point links. See RFC 7066, ch. 2.2.
Signed-off-by: Jani Hirsimäki <jani.hirsimaki@nordicsemi.no>
Offset introduced by https://github.com/zephyrproject-rtos/zephyr/pull/72590 is missing
for write_package_cb call in SWGMGT OBJ this fixes compile issues
by adding the offset parameter
Signed-off-by: Kiril Tzvetanov Goguev <kiril.goguev@voiapp.io>
When an IPV6 message that contains an RDNSS ICMPV6 option with a lifetime
equal to 0 is received, proceed to delete the indicated recursive DNS
servers listed in that option.
Signed-off-by: Cristian Bulacu <cristian.bulacu@nxp.com>
Allow passing some context to the shell bypass callback function by
providing a void pointer user data argument.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
Add an optional payload callback field to the coap_client_request
structure, allowing the application to provide blocks of payload
interactively during the resource upload, instead of having to provide
entire payload in a single contigunous memory space.
If registered, the CoAP client library will call the payload callback
whenever a new PUT/POST message is being generated (note this is also
true for retransmissions) instead of using the payload pointer/length.
If the payload callback is NULL, then the library operates as usual.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
During block uploads, the server may respond with Block 1 option with
a smaller block size than currently used (so called block size
negotiation). The CoAP client however did not read the Block 1 option
from the response, therefore ignoring the server request to lower the
block size.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add a new sample to demonstrate usage of the newly introduced
Network MIDI 2.0 host stack.
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Add a new network protocol for MIDI2.0 over the network, using UDP sockets.
This allows Zephyr to host a UMP endpoint on the network, which can be
invited by UMP clients to exchange MIDI2.0 data.
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Pass a pointer to the CoAP packet in the response data. This allows
callback function to inspect for CoAP options.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
Make it easier to modify the response callback data by passing it as a
struct pointer rather than a long list of arguments.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
The code was writing to the dst without a verification check on
size which is not appropriate. The guard on the arguements should
be enforced and so just ensure the size is larger then the
definition of the strings from POSIX and return an error in those
cases.
Signed-off-by: Charles Hardin <ckhardin@gmail.com>
From the manpage for inet_ntop
This function converts the network address structure src in the af
address family into a character string. The resulting string is
copied to the buffer pointed to by dst, which must be a non-null
pointer. The caller specifies the number of bytes available in
this buffer in the argument size.
In an unintended misconfiguration the resolve max string ended up
being 20 and tracking thru some wierd code issues determined some
stack corruption which came back to the shell command. So, just
fix the size argument to be the sizeof which then leads to the next
problem that the size is being ignored by inet_ntop.
Signed-off-by: Charles Hardin <ckhardin@gmail.com>
zsock_recvfrom() takes as last argument a socklen_t pointer
( c546c1cad1 )
whose definition has changed.
So let's ensure we pass the right type of pointer to it.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
zsock_recvfrom() takes as last argument a socklen_t pointer
which type was changed in
c546c1cad1
as is not anymore equivalent to size_t.
So let's ensure we pass the right type of pointer to it.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
There is an issue when zephyr is compiled with native_sim_64 where
size_t is 8 bytes. The socklen_t in specified as 4 bytes in Linux
even for 64 bit builds so we have a conflict between Linux and Zephyr.
To make things work properly, define socklen_t as uint32_t in order to
align with Linux. Four bytes is enough for socket address length anyway.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
When connecting to WiFi from stored credentials, the key_passwd is never
freed.
Additionally if the connect fails, the allocated data was never freed.
Convert heap allocated memory to stack allocated buffers.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
Rename these three macros to an unprefixed lower-case variant. This is
normally not done for Zephyr macros (see container_of) but in this case
it seems like a good idea to adopt the lowercase names to:
1. have the same convention as the equivalent Linux macros, helping devs
working cross project recognizing (mis)use patterns.
2. make it somewhat intuitive that the lowercase ones are meant to be
used in functions while the uppercase ones are to be used for static
evaluation.
Add few c++ guards to avoid colliding with std::min and std::max.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
Zephyr crashes when a new websocket connection is refused by the
user supplied callback function. This is caused by multiple calls
of close_client_connection(). After the first call the file handle
and the client->service pointer are invalid.
This fix checks if the file handle is valid.
Signed-off-by: Andreas Schweigstill <andreas@schweigstill.de>
DSA switch performs L2 switching on hardware on DSA user ports.
The promisc mode requirement doesn't apply to DSA user ports.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Since the protocol doesn't have message IDs in the responses to these
update messages, there's no reliable way to know, if an update succeeded or
not. I use that fact to simplify the implementation by:
- Not providing success/failure callbacks.
- Not handling updating the variables in the client struct while
an update is in progess.
In addition to adding some tests, I tested this with the emqx server.
Signed-off-by: Michael Zimmermann <michael.zimmermann@sevenlab.de>
