Enforcing the peer's behavior is not strictly necessary. All the host
should do is make sure it is resilient to a spec-violating peer.
Moreover, a growing number of platforms were disabling the check, as the
spec allows "batching" HCI num complete packets events, stalling ATT RX.
Signed-off-by: Jonathan Rico <jonathan.rico@nordicsemi.no>
Co-authored-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
Add GDBSTUB_TRACE config option to extend GDB backend debug logging
for remote commands received and to debug the GDB stub itself.
Signed-off-by: Dmitrii Golovanov <dmitrii.golovanov@intel.com>
Add function to get a volume controller from a connection
pointer.
This is required for the CAP to get a vol_ctlr pointer
from the provided bt_conn.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
This removes the fixed size bt_bap_base, which provides
2 improvements:
1) The RAM usage of the broadcast sink has been reduced.
For the Broadcast Sink sample it is a reduction of 120
octets, but with much better scaling for supporting
more or larger BASEs.
2) The functions to parse BASEs now support arbitrary sized
BASEs, where they were previously restricted by our
local Kconfig options. This allow us to parse any BASE
from a remote device, without encounting memory issues.
We are still memory restricted on the devices we
actually want to sync to.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Iterating over connection list w/o mutex lock could lead to a crash on
constant incoming packet flow. Fix this by:
1. Adding mutex lock when iterating over an active connection list, to
prevent list corruption.
2. Create a copy of the callback and user data pointers before releasing
lock, to prevent NULL pointer dereference in case connection is
released before callback is executed.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Eliminate race between TCP input thread and TCP work queue, when
dereferencing connection. This normally would not manifest itself during
standard TCP operation, but could be a potential opening for abuse, when
the already closed TCP connection is kept being spammed with packets.
The test scenario involved sending multiple TCP RST packets as a
response to establishing the connection, which could result in system
crash. The following changes in the TCP stack made it stable in such
scenario:
1. Use `tcp_lock` when searching for active connections, to avoid
potential data corruption when connection is being removed when
iterating.
2. Avoid memset() during connection dereference, not to destroy mutex
associated with the connection. The connection context is only
cleared during allocation now.
3. Lock the connection mutex while releasing connection.
4. In tcp_in(), after locking the mutex, verify the connection state,
and quit early if the connection has already been dereferenced.
5. When closing connection from the TCP stack as a result of RST or
malformed packet, verify connection state to make sure it's only done
once, even if multiple RST packets were received.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Silently drop the IPv6 Neighbor Advertisement if we receive it
for an unknown neighbor or if there some some issue in the packet.
Returning error here would cause the ICMP module to print an
actual error which just pollutes the log without any apparent
benefit.
Fixes#66063
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Enable the automatic power domain management to release the domain as
many times as it was claimed, instead of only once.
This fixes the domain being permanently enabled if the supported device
is claimed more than once.
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
If server registration fails, allow fallback to secondary server,
or fallback to bootstrap.
Also allow fallback to different bootstrap server.
Add API to tell RD client when server have been disabled by
executable command.
Changes to RD state machine:
* All retry logic should be handled in NETWORK_ERROR state.
* New state SERVER_DISABLED.
* Internally disable servers that reject registration
* Temporary disable server on network error.
* Clean up all "disable timers" on start.
* Select server first, then find security object for it.
* State functions return void, error handling is done using states.
* DISCONNECT event will only come when client is requested to stop.
* NETWORK_ERROR will stop engine. This is generic error for all kinds
of registration or network failures.
* BOOTSTRAP_REG_FAILURE also stops engine. This is fatal, and we cannot
recover.
Refactoring:
* Server selection logic is inside server object.
* sm_handle_timeout_state() does not require msg parameter. Unused.
* When bootstrap fail, we should NOT back off to registration.
This is a fatal error, and it stops the engine and informs application.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
React to disable executable, as well as add callback that allows
disabling server for a period of time.
Also add API that would find a next server candidate based on the
priority and server being not-disabled.
Move all server related functions into its own header.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
This board have an NXP MPU with 8 configurable regions, of which five
of them are already used by the static MPU configuration. Many of
these tests are failing due to lack of MPU regions or free partition
slots available, even when HW stack protection is disabled when
building with userspace support.
Signed-off-by: Manuel Argüelles <manuel.arguelles@nxp.com>
Fixing typo from the original implementation in
44705b698c725166834f19d6fd5db2804f9a0d60, which resulted in
the name of current shell instance getting print over and over
again.
Signed-off-by: Yong Cong Sin <ycsin@meta.com>
Zephyr has its own multicast join/leave API but for
interoperability, it is possible to use the multicast
socket API and IPV6_ADD_MEMBERSHIP and IPV6_DROP_MEMBERSHIP
socket options.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Zephyr has its own multicast join/leave API but for
interoperability, it is possible to use the multicast
socket API and IP_ADD_MEMBERSHIP and IP_DROP_MEMBERSHIP
socket options.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The current code triggers a false positive from the heuristic "Macro
compares unsigned to 0". It's triggered because of a use of `IN_RANGE`
that checks against the extremal values of a enum type.
This patch replaces the use of `IN_RANGE` with an explicit list of the
possible values of the enum.
Fixes: https://github.com/zephyrproject-rtos/zephyr/issues/65575
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
We are creating a multicast address in mDNS or LLMNR
responder so set the TTL or hoplimit using the multicast
variant API.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
We specifically set TTL/hoplimit to 1 for LLMNR,
but only want to set it if in that specific case.
We must not pass TTL/hoplimit value 0 as that would
cause the packet to be dropped.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
* Check IPv4 TTL or IPv6 hop limit and drop the packet if
the value is 0
* Check the IP addresses so that we do the loopback check
at runtime if the packet is destined to loopback interface.
* Update the statistics properly for dropped packets.
* Do not update sent packets if we drop packets.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The IPv4 TTL could only manipulated via net_context interface.
It makes sense to allow the same from socket interface via
the setsockopt/getsockopt calls.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The net_if_ipv6_set_hop_limit() API was missing the "_if_"
part in it. Fix this so that the network interface API is
consistent. The old function is deprecated and should not
be used. The old function is left to the code and it calls
the new properly named function.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Disables Mesh advertising when suspending, and enables advertising
when resuming Mesh.
Signed-off-by: Håvard Reierstad <haavard.reierstad@nordicsemi.no>
Adds a disable function for the extended advertising which stops and
deletes the advertising instances, allowing them to be properly
reinitialized when calling `bt_mesh_adv_enable()` after bluetooth has
been disabled and re-enabled.
For the legacy advertising, the function terminates the advertising
thread. If legacy advertising is used, `bt_mesh_adv_init()` must be
called before `bt_mesh_adv_enable()` to properly resume advertising
after suspension.
Signed-off-by: Håvard Reierstad <haavard.reierstad@nordicsemi.no>
This was somehow missed, but since ICMP rework, message handlers should
not dereference the packet, as it's done by the ICMP lib.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Commit 55802e5e86 fixed error handling of
TX errors, in case ARP request was generated. There are however also
other places where post-ARP cleanup should be done on the TX path (like
running out of buffers for Ethernet L2 header allocation).
This commit fixes those cases in ethernet_send(), where function would
exit early and report error after ARP prepare stage.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Long arguments are handy for new users. Also use hyphen's rather than
underscore to follow the convention.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
Newly added security types are missing from the help. Also, now that we
have two variants of PSK, use the prefix to disambiguate.
Signed-off-by: Chaitanya Tata <Chaitanya.Tata@nordicsemi.no>
When interface names are enabled, a default name is applied
after initialization. Unintuitively, this overwrites any name that is
set during the net_if init.
This change sets a default name first, and then allows net_if
init to overwrite that default name if it chooses to.
Signed-off-by: Noah Luskey <noah@silvertree.io>
Signed-off-by: Noah Luskey <LuskeyNoah@gmail.com>
When using the LLEXT buffer loader we now avoid copying extensions
from storage to allocated memory by pointing directly into the stored
image. We then also perform linking and relocation in that memory,
which modifies its contents. However, this is impossible if that
storage is read-only. Add a Kconfig flag to distinguish between
writable and read-only storage types. Also use that flag to decide,
whether the extension image in test_llext_simple.c should be defined
as const or not.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
a new llext object is completely initialised with zeros after
allocation, no need to additionally set members of an embedded into
it array to NULL.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
llext_list() is an exported function that returns a pointer to the
llext internal extension list. That list should only be accessible
directly inside llext, while holding a lock. Remove the function.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
The llext list should be internal to llext.c, remove its scanning
from shell.c, export a function for that instead.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
Use an element size explicitly when calculating the array size and
use the calculated size for memset().
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
Extensions should be able to selectively export their global symbols.
Add a LL_EXTENSION_SYMBOL() macro for that. Change the present
.sym_tab to be a temporary symbol table of all global symbols in an
extensions, used only during linking for internal purposes. Add a new
.exp_tab symbol table to store symbols, exported by an extension
permanently.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
If a function fails it should release all the resources it has
managed to acquire. Fix llext_load() to free memory that it has
allocated in case of an error.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
Extend the llext_load() / llext_unload() API to let it be called
repeatedly for the same extension to increment or decrement its
reference counter respectively. We use a mutex to protect the counter
and make both llext_load() and llext_unload() return the use-count to
let the caller identify when the first loading and the last unloading
took place.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
Loadable modules can contain global (not "static") functions, even if
they aren't exported for use by other modules, e.g. when a module is
built from multiple .c files. Such functions are then also included
in link tables and have to be re-linked.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
llext_seek(), llext_read() and llext_peek() are needed outside of the
extension code too, move them to a header.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
Some applications can decide to link their loadable objects for
exactly the same addresses, where they will be loaded. In those cases
local relocations aren't needed any more and can in fact break the
object if applied while the object is in a temporary storage. Add a
parameter to skip such local relocations.
Signed-off-by: Guennadi Liakhovetski <guennadi.liakhovetski@linux.intel.com>
