It is not unusual that the peer does not provide an IP address in the
ipcp negotiation. But because ppp is a peer-to-peer protocol, we do
not actually need to know the peer's address to use the network.
Signed-off-by: Göran Weinholt <goran.weinholt@endian.se>
TLS sockets did not increase refcount of a net_context running TCP,
which could lead to a crash upon TCP disconnection.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
opts_len renamed to total_opts_len in previous changes.
But it's not replaced at one place.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
If IPv4 header options has wrong options length
(e.g. options length is more that actual data),
then parser decrements opts_len without checking
actual data length. Which crashes the network stack.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Store the time difference value in u32_t variable than
abs() value in signed variable.
Fixes#22912
Coverity CID: 208406
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
net_pkt_clone() initializes the original packet cursor
and clone the packet. But it doesn't restore the cursor
back to original position.
Issue noticed when mDNS resolving fails when mdns responder
is also enabled.
net_conn_input(), in case of multicast packet, connection
handler clone the packet and deliver to matching handler.
Example case: dns_resolver and mdns_responder both register
handlers for 5353 port. After first clone original packet
cursor moved back to starting position. But first cloned
packet cursor is set properly. Second time cloning makes
cursor position to set to zero. Which makes second packet
handler header unpacking goes wrong.
Fixes#21970.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Same deal as in commit eddd98f811 ("kconfig: Replace some single-symbol
'if's with 'depends on'"), for the remaining cases outside defconfig
files. See that commit for an explanation.
Will do the defconfigs separately in case there are any complaints
there.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
If nack_idx > 0, then the count_rej must be > 0. This means that
the "code" variable will never be set to PPP_CONFIGURE_NACK.
Fixes#22436
Coverity-CID: 207975
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If CONFIG_NET_PKT_RXTIME_STATS is set, then update the received
packet RX time for packet sockets (SOCK_RAW). This was already
working for normal sockets but the statistics update was missing
from SOCK_RAW.
Fixes#22489
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
commit e3dc05f14d ("net: config: Wait network interface to come up")
introduced check_interface() function, which accidentally has 2
different signatures depending on CONFIG_NET_NATIVE selection.
Let's fix the second signature to be correct.
Fixes: https://github.com/zephyrproject-rtos/zephyr/issues/22693
Signed-off-by: Michael Scott <mike@foundries.io>
The zsock_accept_ctx() calls z_reserve_fd() on entry but fails
to call z_free_fd() on failure. This will leak the allocated
socket descriptor.
Fixes#22366
Signed-off-by: Inbar Anson Bratspiess <inbar.anson.bratspiess@330plus.net>
I think people might be reading differences into 'if' and 'depends on'
that aren't there, like maybe 'if' being needed to "hide" a symbol,
while 'depends on' just adds a dependency.
There are no differences between 'if' and 'depends on'. 'if' is just a
shorthand for 'depends on'. They work the same when it comes to creating
implicit menus too.
The way symbols get "hidden" is through their dependencies not being
satisfied ('if'/'depends on' get copied up as a dependency on the
prompt).
Since 'if' and 'depends on' are the same, an 'if' with just a single
symbol in it can be replaced with a 'depends on'. IMO, it's best to
avoid 'if' there as a style choice too, because it confuses people into
thinking there's deep Kconfig magic going on that requires 'if'.
Going for 'depends on' can also remove some nested 'if's, which
generates nicer symbol information and docs, because nested 'if's really
are so simple/dumb that they just add the dependencies from both 'if's
to all symbols within.
Replace a bunch of single-symbol 'if's with 'depends on' to despam the
Kconfig files a bit and make it clearer how things work. Also do some
other minor related dependency refactoring.
The replacement isn't complete. Will fix up the rest later. Splitting it
a bit to make it more manageable.
(Everything above is true for choices, menus, and comments as well.)
Detected by tweaking the Kconfiglib parsing code. It's impossible to
detect after parsing, because 'if' turns into 'depends on'.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
When is NET_SOCKETS_SOCKOPT_TLS set, it should set TLS_CREDENTIALS
even when NET_NATIVE=n, so that platforms that use socket offloading
can continue to set TLS credentials.
We are now setting this via 'imply' instead of 'select', so that
prj.conf can opt out if necessary.
Fixes#22390
Signed-off-by: Vincent Wan <vincent.wan@linaro.org>
Instead of using a custom offloading interface, users can use
`NET_SOCKET_REGISTER` macro to register custom socket API provider. This
solution removes a limitation, that only one offloaded interface can be
registered and that it cannot be used together with native IP stack.
The only exception remainig are DNS releated operations -
`getaddrinfo`/`freeaddrinfo`, which, when offloaded, have to be
registered specifically.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Sort out mbedTLS dependencies in sockets Kconfig. mbedTLS will now
be enabled when TLS sockets and native network stack are enabled.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Each network interface needs to have IPv6 link local address.
The ll address was not set to VLAN interfaces which then caused
some of the IPv6 neighbors to be in wrong state (INCOMPLETE) in
neighbor cache.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
When we are about to send a NS, we should not use the destination
address as that is typically the multicast address. We should use
the target address instead.
This fixes the case where a neighbor is in incomplete state, and
we send a neighbor solicitation to find out whether the neighbor
is reachable. In this case the destination address is the solicited
node multicast address which is no use when trying to figure out
the source address.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This commit fixes a problem where our own IP address
is added to the cache instead of the senders.
This bug was due to a swap of the address in the original packet.
The swapping of the address is now removed.
Signed-off-by: Alexander Wachter <alexander@wachter.cloud>
Users of mqtt_live() have no idea when it actually sends a ping.
As a result it's very hard to know when to use mqtt_input() to
process the incoming PINGACK.
Instead of returning a 0 result when a ping isn't generated in
mqtt_live(), let's return -EAGAIN.
Signed-off-by: Michael Scott <mike@foundries.io>
Make sure that if we receive websocket data in small chunks,
the parsing and returning of data to caller is done properly.
Fixes#21989
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Store the IPv4 address into the local LCP options and set it
as the interface IP address once IPCP negotiation is complete.
Fix calling the correct function when an IPCP Configure Reject
is received carrying our local IP address.
Signed-off-by: Patrik Flykt <patrik.flykt@intel.com>
The MQTT connection is closed in case an mqtt_ping fails anyway, so
it's better to let the application know early that something went
wrong.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
As mDNS requests set DNS id to 0, we cannot use it to match
the DNS response packet. In order to allow this functionality,
create a hash from query name and type, and use that together
with DNS id to match request and response.
Fixes#21914
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
A neighbor solicitation packet for an address that is not ours should
not cause the sender to be added to the neighbor cache. See RFC 4861
section 7.2.3.
Add the neighbor to the cache when we have decided to respond to the
NS packet.
Fixes#21869.
Signed-off-by: Jonas Norling <jonas.norling@greeneggs.se>
Use the same code when parsing source link-layer address option for
both RA and NS packets. It looked like handle_ns_neighbor() could
actually read too much data into lladdr.addr when handling 8-byte
addresses (802.15.4).
Signed-off-by: Jonas Norling <jonas.norling@greeneggs.se>
Make ioctl handlers of `ZFD_IOCTL_POLL_PREPARE` and
`ZFD_IOCTL_POLL_UPDATE` return an error code instead of setting errno
variable.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
A memory corruption could happen in `uncompress_IPHC_header` function,
when data was moved to make place in the net buffer for the uncompressed
IPv6/UDP header.
The size of data being moved should only contain the original data size,
not incremented by the amount of space needed to expand the header,
which was already added to the net buffer size. In result, the `memmove`
operation could exceed the allocated net buffer and cause memory
corruption.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
If no other route is found, the network interface prefixes are
evaluated. If a matching interface is found, the packet is sent out on
this interface.
Signed-off-by: Christian Taedcke <christian.taedcke@lemonbeat.com>
The address family of the received packet must be set, before routing
it. E.g. the ethernet driver would drop the packet if this is not
done.
Signed-off-by: Christian Taedcke <christian.taedcke@lemonbeat.com>
Add function that returns remaining time until next keep alive message
shall be sent. Such function could be used for instance as a source
for `poll` timeout.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
generated_dts_board.h is pretty redundant and confusing as a name. Call
it devicetree.h instead.
dts.h would be another option, but DTS stands for "devicetree source"
and is the source code format, so it's a bit confusing too.
The replacement was done by grepping for 'generated_dts_board' and
'GENERATED_DTS_BOARD'.
Two build diagram and input-output SVG files were updated as well, along
with misc. documentation.
hal_ti, mcuboot, and ci-tools updates are included too, in the west.yml
update.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
The transition from LISTEN to SYN_SENT nullifies the th,
guard on th being NULL in SYN_SENT.
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
In case the final ACK for the connection establishment arrives
out of order, evaluate the sequence number in SYN_RECEIVED,
so the data packet isn't false identified as a final ACK.
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
In order to simplify the evaluation of the incoming data,
add len and evaluate the data for the incoming packet once.
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
Create a new connection only for the SYN packet,
otherwise pass a packet into existing connection.
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
The initial logic with this check is too restrictive,
do not bail-out on unconsumed flags.
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
