If we run out of buffers and cannot create the TCP segment,
then handle it properly and do not access NULL pointer.
Coverity-CID: 187822
Fixes#9639
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If there is timeout when adding UDP data, then check this
condition and bail out by returning NULL as the packet is now
malformed.
Coverity-CID: 187825
Fixes#9636
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The previous code "optimized" and called both net_context_accept()
and net_context_recv() blindly to reset the corresponding callbacks.
But this leads to "wrong state" logging if debugging is enabled, so
clean that up.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
1. Where we calculate max size, name variable (preprocessor define)
correspondingly.
2. Calling TCP/UDP an "app protocol" is original, use "next protocol"
terminology of IPv6.
3. As headers go as IP, then "next", order calculations that way too.
4. Add more comments.
Addresses: #8723
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
CONFIG_NET_OFFLOAD was defined in Kconfig of net/ip/l2/, but actually
used by the code in net/ip/.
Fixes: #8646
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Spurious TCP retries were observed using Wireshark while continuously
sending TCP packets at an interval faster than the initial RTO.
If the send list is empty and CONFIG_NET_TCP_TIME_WAIT_DELAY is used,
the retry timer will not be correctly stopped when receiving a valid
ACK. As a consequence, the timer might be running when a new packet is
queued, but the logics in net_tcp_queue_data() will not restart the
timer as it is already running. This will make the retry timer to expire
prematurely, potentially while sending packets.
The nested condition is merged into a single condition, allowing the
final else clause to be reached when a valid ACK is received.
Signed-off-by: Florian Vaussard <florian.vaussard@gmail.com>
The code was not working properly if there was multiple timers
that were triggered in different times.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The autoconfigured IPv6 addresses that are related to removed
prefix, need also removed.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If the IPv6 address expires, then it is marked as deprecated.
If a renewal is received in router advertisement, then the address
can be re-used again and is marked as preferred.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
No functionality changes. Just moved IPv6 fragment and related functions
to ipv6_fragment.c for better readability
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
No functionality changes. Just moved IPv6 MLD and related functions
to ipv6_mld.c for better readability.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
No functionality changes. Just moved IPv6 neighbor and related functions
to ipv6_nbr.c for better readability.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Each IPv6 neighbor entry had a k_delayed_work to be used as a timer to
send ND reachable message and waiting for the reply in order to get to
the neighbor details.
But k_delayed_work is not a small object (40 bytes). Thus reworking the
IPv6 ND reachable request timer by having one central k_delayed_work
and a timestamp in every IPv6 neighbor data entry properly handled at
every timeout.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Each IPv6 neighbor entry had a k_delayed_work to be used as a timer to
send NS message and waiting for the NS reply in order to get to the
neighbor details.
But k_delayed_work is not a small object (40 bytes). Thus reworking the
IPv6 send NS request timer by having one central k_delayed_work and
a timestamp in every IPv6 neighbor data entry properly handled at every
timeout.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
This commit contains several fixes for DTLS implementation, proposed in
a post-merge review of #9338.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Instead of having one delayed_work struct / IP address, use
only one delayed_work struct for lifetime timer. This saves
over 20 bytes / allocated address struct.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Refactor usage of net_sprint_ip*() where multiple
invocations are needed per single log call.
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
The intention is to clean up the usage of net_sprint_ipv*_addr()
functions where 2 or 3 invocations are needed.
Thus, the default number of buffers is 3.
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
irq_lock returns an unsigned int, though, several places was using
signed int. This commit fix this behaviour.
In order to avoid this error happens again, a coccinelle script was
added and can be used to check violations.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Thise uses the new net_pkt_append_memset() function to generate the
required zero filling instead of calling net_pkt_append_u8() in loops.
Fixes#9287
Signed-off-by: Daniel Egger <daniel@eggers-club.de>
Some locations like DHCPv4 client create a prefilled packet by appending
new fragments in a loop with one byte each via net_pkt_append_u8() which
is wasteful and noisy. This patch adds the new functions
net_pkt_append_memset() which creates fragments as needed in the desired
size and initialises it to the specified value.
This change also adds a unittest for the new function.
Prerequisite for #9287
Signed-off-by: Daniel Egger <daniel@eggers-club.de>
Echo server crashes upon reception of fragmented packets. This
occurs when fragmentation is enabled with the default prj.conf
of echo server. The cause is that by default with logs disabled
net_sprint_ipv6_addr returns NULL.
Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
Consistently use
config FOO
bool/int/hex/string "Prompt text"
instead of
config FOO
bool/int/hex/string
prompt "Prompt text"
(...and a bunch of other variations that e.g. swapped the order of the
type and the 'prompt', or put other properties between them).
The shorthand is fully equivalent to using 'prompt'. It saves lines and
avoids tricking people into thinking there is some semantic difference.
Most of the grunt work was done by a modified version of
https://unix.stackexchange.com/questions/26284/how-can-i-use-sed-to-replace-a-multi-line-string/26290#26290, but some
of the rarer variations had to be converted manually.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
There was one extra byte sent in last chunk which caused
this error to be printed by curl
* Illegal or missing hexadecimal sequence in chunked-encoding
* stopped the pause stream!
* Closing connection 0
curl: (56) Illegal or missing hexadecimal sequence in chunked-encoding
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The 'Network type' choice always defaulted to NET_RPL_L2_ANY, because
choices prefer the first default with a satisfied condition (this was
true even when Zephyr still had the prefer-later-defaults patch).
Swap the defaults so that NET_RPL_L2_IEEE802154 becomes the default if
NET_L2_IEEE802154 is enabled, as intended.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Instead of waiting forever for a network buffer, have a timeout
when allocating net_buf. This way we cannot left hanging for a
long time waiting for a buffer and possibly deadlock the system.
This commit adds checks to L2 and network support libraries.
Fixes#7571
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Instead of waiting forever for a network buffer, have a timeout
when allocating net_buf. This way we cannot left hanging for a
long time waiting for a buffer and possibly deadlock the system.
This commit only adds checks to core IP stack in subsys/net/ip
Fixes#7571
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
There have a funtion mqtt_rx_unsuback defined but not used.
So add it into mqtt_parser and fix the missing case.
Fixes#8431
Signed-off-by: Xuan Ze <119524428@qq.com>
This finishes refactor of splitting off net_config library name from
net_app library, started in c60df1311, c89a06dbc. This commit makes
sure that Kconfig options are prefixed with CONFIG_NET_CONFIG_
instead of CONFIG_NET_APP_, and propagates these changes thru the
app configs in the tree.
Also, minor dependency, etc. tweaks are made.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Add system calls for the zsock implementations of socket,
close, bind, connect, listen, accept, sendto, recvfrom,
fcntl, poll, inet_pton, and getaddrinfo.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Originally EFAULT was used to indicate NULL pointer error in TLS option
set/get functions. EINVAL was suggested to be more apropriate error code
for this case, hence replace it.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Introduce non-blocking DTLS handshake, used during recv function call.
This prevents from blocking while waiting for initial handshake packet
on non-blocking sockets during receive.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Make TLS poll function verify if decrypted data is available after
socket has notified activity with POLLIN flag. This prevents from giving
false notifications in case data was received on socket but was consumed
by mbedTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Specify timeout value for mbedtls_ssl_read function for DTLS servers.
Adding this can prevent TLS context lockup in case blocking recv is used
and peer has shut down DTLS connection without closing it gracefully.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for DTLS recv/recvfrom function.
For DTLS client, recv function requires to have an already established
DTLS connection.
For DTLS servers, this function will try to establish DTLS connection
before receiving data. In case that DTLS handshake fails, recv function
will silently retry.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for DTLS send/sendto function.
For DTLS clients, send function will try to establish DTLS connection
before sending data. If DTLS handshake fails, it will return an error.
For DTLS servers, send function requires to have DTLS connection already
established.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
DTLS handshake can return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED, which
indicate that TLS session context should be reset.
Also, store information whether TLS connection has beed established.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add binary IO functions for DTLS connections.
dtls_rx function is more complex than it's TLS counterpart due to fact,
that DTLS does not allow blocking operation for this function. A simple
timeout mechanism was implmented basing on the zsock_poll function.
This function also verifies peer address. As currently only a single
DTLS connection is supported on a socket, if a DTLS connection is
established, and we receive datagram from different peer, it is silently
dropped.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Functions for checking flags set on sockets are needed by TLS sockets as
well, therefore extract them to a separate header file to avoid code
duplication.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add write-only socket option to set role for DTLS connection. This
option is irrelevant for TLS connections.
This options accepts and integer with a TLS role, compatible with
mbedTLS values:
0 - client,
1 - server.
By default, DTLS will assume client role.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
After it sends SYN_ACK, there is a case that the client sends the packet
with both ACK and RST bits are set, and this packet needs to be handled
if the packet is valid.
CLIENT SERVER
------ ------
|--------- SYN -------->|
|<------ SYN_ACK -------|
|------- ACK_RST ------>|
|--------- SYN -------->|
|<-------- ??? ---------|
This patch checks the RST bits even if other flags are set and process
the packet.
Signed-off-by: Tedd Ho-Jeong An <tedd.an@intel.com>
IPv6 cleanup patch introduced a regression. Misunderstood the logic.
Do not drop the packet if packet does not have ND options, just skip.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>