Add http_server_normalize_url() to resolve '.' and '..' segments in
client->url_buffer once the URL is fully assembled to avoid a remote
client to read files outside the configured web root.
Signed-off-by: Flavio Ceolin <flavio@hubblenetwork.com>
when using NET_QEMU_ETHERNET or NET_QEMU_USER
enable NET_L2_ETHERNET by default, as
in this mode we need the ethernet drivers.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
Introduces K_MEM_SLAB_DEFINE_TYPE() and K_MEM_SLAB_DEFINE_STATIC_TYPE()
helpers to allow the user to declare slabs for types without having to
manually ensure the alignment is correct.
Manual slab alignment was very error-prone and this change fixes several
instances of misalignment that would be trapped by the undefined
behavior sanitizer when running on 64-bit targets.
Signed-off-by: Egill Sigurdur <egill@egill.xyz>
enable thermal_cap for cpu_freq subsystem, which allows
CPU frequency to be reduced when the die temperature
exceeds certain thresholds.
This is useful for preventing overheating and maintaining
system stability under high load or in high ambient
temperatures.
Signed-off-by: Zhaoxiang Jin <Zhaoxiang.Jin_1@nxp.com>
Add a dependency on the NETBUF size if the UART transport and the
img_mgmt group is selected.
Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no>
The foreign clock cleanup logic was incorrectly comparing the PTP
hardware timestamp against the local k_uptime_get(), resulting in
erroneous packet aging.
This introduces a 'local_uptime_ms' field to track the actual local
arrival time of ANNOUNCE messages, isolating the aging logic
from the PTP hardware clock domain.
Fixes#108479
Signed-off-by: T Madhusudhan Rao <tetakalam@aerlync.com>
This will avoid this error message
Unknown group 0x0000, defaulting to secp256r1
when generating ECDH keypair.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
393350fd65 made it so that the `mbedTLS`
library is only created when `CONFIG_MBEDTLS_BUILTIN`.
Before this commit, users of Mbed TLS did the following:
`zephyr_library_link_libraries_ifdef(CONFIG_MBEDTLS mbedTLS)`
If the `mbedTLS` CMake library doesn't exist but is still linked to
(as is the case when `CONFIG_MBEDTLS && !CONFIG_MBEDTLS_BUILTIN`),
the linker command is populated with `-lmbedTLS` which makes the build
fail because there is no `libmbedTLS.a` in the build.
Make it so that users of Mbed TLS only link to the `mbedTLS` CMake
library when the builtin version is used.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
With adding discard-tracking of extended advertising reports, the
reports are allocated from the discardable event pool instead of the
"normal" event pool. This commit sets the default value of
BT_BUF_EVT_DISCARDABLE_SIZE to BT_BUF_EVT_RX_SIZE when BT_EXT_ADV
is enabled.
Signed-off-by: Håvard Reierstad <haavard.reierstad@nordicsemi.no>
Extends the `host/scan/slow` bsim test to test that the reassembler
is able to recover from a discarded extended advertising report chain.
This requires tracking that extended advertising reports are in fact
received, and that the reassembler times out. Functions for this are
added to testing.h which is only compiled if BT_TESTING is enabled.
Signed-off-by: Håvard Reierstad <haavard.reierstad@nordicsemi.no>
Implements a method for discarding fragmented extended advertising. In
order to acheive this, we need to consider past and future fragments
of the advertising report we discard.
The future fragments are on its way from the controller, and will result
in either a complete- or incomplete event. These are handled by tracking
the adv SID and address until the controller sends either a complete or
incomplete event. Once an advertising report is marked as discarded,
consecutive fragments will be silently discarded.
The past fragments are either already in the reassembler (in scan.c),
or on their way through the rx_queue. To handle these, and allow the
reassembler to recover from a in-progress reassembly which is discarded,
we add a work item which is rescheduled when each consecutive fragment
is received. The timeout is configurable through the new Kconfig option
`CONFIG_BT_EXT_ADV_REASSEMBLY_TIMEOUT`. On timeout, the reassembler will
change its state to discard incoming fragments from the same advertiser.
The reassembler will start assembling new fragments if it recognises a
new advertiser, or if a final fragment (either marked as complete
or incomplete) from the advertiser it is currently tracking is received.
This functionality needs to be added at a HCI driver level by using the
new `hci_ext_adv_report_process` function. It is added the the
IPC HCI driver to fixzephyrproject-rtos/zephyr#50786
Signed-off-by: Håvard Reierstad <haavard.reierstad@nordicsemi.no>
In case of using ethernet as backbone interface, some NICs may want to
have checksum set to 0 for a correct computation.
This commit aims to address this issue by checking if hardware has
offload capabilities and setting IPV6 packet checksums to 0, if needed.
Signed-off-by: Cristian Bulacu <cristian.bulacu@nxp.com>
flag_reversed in crc8() is only initialized if reversed is true.
Set flag_reversed to 0 if reversed is false.
Signed-off-by: Tim Pambor <tim.pambor@codewrights.de>
When Kconfig option CONFIG_NET_CAPTURE=y is used and VLAN feature
is enabled and tested, this Kconfig creates two virtual interfaces,
IP_TUNNEL0 and NET_CAPTURE0. On "net iface" shell command, when
interfaces get listed, the IP_TUNNEL0 virtual interface for
packet capture/debug purpose, gets listed as vlan interface, which
is incorrect. On testing, before this fix, IP_TUNNEL0 interface gets
listed as vlan0, after fix it shows as net0 instead.
This fix needs to be backported to zephyr 4.4.
Signed-off-by: Malliga Moorthi <malliga.moorthi@nokia.com>
Current code was preventing all NET_IF_NO_AUTO_START interfaces for
config init.
This patch is to change that and to prevent only NET_IF_NO_AUTO_START
interfaces with link down status.
Then interfaces already manually up, like bridge can be supported.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
gPTP frame should be handled via gPTP bridge stack. So, do not
forward them or handle them by bridge interface.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
It's normal there is no gPTP device connected. We didn't have to use
warn level message for resetting pdelay request. Change to use debug
message which can avoid endless noise messages.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Qbv uses management interface, so just select NET_L2_ETHERNET_MGMT.
Qbv time is based on PTP clock. When enable Qbv shell, just select
PTP clock shell too because at least we need to check base time
via PTP clock shell.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Fix issue that would be trapped by the address sanitizer, would always
read 7 bytes even though ptr might be shorter, and would therefore
read out of bounds if e.g. the string ".org" was passed.
Signed-off-by: Egill Sigurdur <egill@egill.xyz>
The FIN packet was not counted in the number of packets sent.
This behavior differs from iperf2, which counts the FIN packet
as well. Previously, the statistics reported by iperf2 were
off by one compared to zperf, which was confusing.
Signed-off-by: Tim Pambor <tim.pambor@codewrights.de>
In iperf2, the first packet of a session has ID 1.
Change the UDP uploader to start packet IDs at one,
so that the behavior is the same as iperf2.
Signed-off-by: Tim Pambor <tim.pambor@codewrights.de>
In Zperf UDP receiver mode, the final packet of a session
was not included in the session statistics, which caused the
results to differ from those reported by iperf2.
Signed-off-by: Tim Pambor <tim.pambor@codewrights.de>
In Zperf UDP receiver mode, the first packet of a new session
was always counted as lost due to only initiating a new session
but not processing the packet as part of the new session.
Signed-off-by: Tim Pambor <tim.pambor@codewrights.de>
Add new implementations for entropy driver and random subsystem
based on ARM64 RNDRRS and RNDR instructions.
Signed-off-by: Christoph Busold <cbusold@qti.qualcomm.com>
Add new inline function entropy_get_default_device which returns
the "zephyr,entropy" device or the architectural entropy device,
if the former is not set, and use that in all places to query the
entropy device.
This allows using architectural drivers which do not have a DT
node.
Signed-off-by: Christoph Busold <cbusold@qti.qualcomm.com>
Changes CTF events to use 64bit timestamp. This enables tracing of
longer
execution as 32bit timestamps overflows after ~4s.
Signed-off-by: Mikolaj Klikowicz <mklikowicz@antmicro.com>
This PR implements support for DNS Private Resource Records (RR)
as defined in RFC 6895, enabling applications to query and
handle DNS records in the private use range (type codes 65280-65534).
This feature is not enabled by default,
CONFIG_DNS_RESOLVER_PRIVATE_RR_SUPPORT is used to enable it.
Signed-off-by: Cristian Bulacu <cristian.bulacu@nxp.com>
Use k_ticks_to_ms_ceil32 instead of k_ticks_to_ms_floor32 to prevent
premature zero-ms timeouts when remaining ticks round down to zero.
Signed-off-by: Rithic Chellaram Hariharan <gr8rithic@gmail.com>
Replace hard-coded MAX_SEND_BUF_LEN (192) with a new Kconfig option
CONFIG_HTTP_CLIENT_SEND_BUF_SIZE so applications can tune the
stack-allocated send buffer size based on their memory constraints.
Signed-off-by: Rithic Chellaram Hariharan <gr8rithic@gmail.com>
The right_ring_buf_fail_cnt field was never read.
Remove the dead field.
Assisted-by: Claude:claude-sonnet-4.6
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Apply ARG_UNUSED() to unused function arguments as per the Zephyr
coding guidelines
A few functions were modified to remove unused parameters
or to actually use the parameters.
Assisted-by: GitHub Copilot
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
The scanning field was set to false in broadcast_assistant_reset() but
never read anywhere. The scanning state is tracked via the
BAP_BA_FLAG_SCANNING atomic bit; the bool field is leftover dead code.
Assisted-by: Claude:claude-sonnet-4.6
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Introduce HAL_EVENT_TIMER_US_TO_TICKS macro to explicitly map the 1 MHz
hardware timer resolution to the radio configuration, preventing unintended
unit mixing between microseconds and hardware ticks.
Fixes#105085
Signed-off-by: Bhavin Umatiya <umatiyabhavin@gmail.com>
User must enable CONFIG_DNS_SD option to enable the "list"
sub-command for the "dns" command.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Make sure to check the return code from sh->iface->api->read()
and bail out if there is an error. The issue was noticed in ssh
client testing where the ssh shell was terminated which then caused
a forever loop.
Signed-off-by: Grant Ramsay <grant.ramsay@hotmail.com>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The broadcast_sink pointer was written in three places (set and
cleared) in bap_broadcast_sink.c but never read or dereferenced
anywhere in the codebase. Remove the field, its three write sites,
and the now-unneeded forward declaration of struct bt_bap_broadcast_sink
in bap_endpoint.h.
Assisted-by: Claude:claude-sonnet-4.6
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Refactor the QUIC TLS credential path so private-key parsing and PSA
signing-key import happen in tls_set_private_key().
The previous flow parsed the certificate in tls_add_own_cert(), parsed
the private key in tls_set_private_key(), and then called
quic_tls_set_own_cert() later from init and credential refresh paths
even though that helper no longer installed the certificate. Its real
work was importing the private key into PSA, which made the control
flow harder to follow and duplicated private-key parsing.
Move the signing-key import into tls_set_private_key(), remove the
misleading follow-up quic_tls_set_own_cert() calls, and drop the now
unused raw-key bookkeeping from the TLS context. This keeps
certificate handling in the certificate loader and private-key
handling in the private-key loader while preserving the existing
handshake behavior.
Assisted-by: Copilot:gpt-5.4
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add a dedicated STREAM frame error helper and use it at both STREAM
dispatch sites in quic_packet.c.
STREAM handling already uses -EPROTO to mean that a specific transport
close was attempted by the lower-level handler, for example on stream
limit or receive-side flow-control violations. The previous open-coded
special case worked, but it left that contract implicit and routed the
other STREAM errors differently from the rest of the frame handlers.
Make the contract explicit in one helper: keep -EPROTO as the
close-already-sent path for STREAM, and continue mapping malformed
STREAM frames through the generic frame-encoding error handling.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Avoid adding the requested send size directly to the tracked
anti-amplification TX count when checking whether an unvalidated
server endpoint may transmit.
The tracked counters are small in practice, but the helper accepts a
size_t byte count and the previous uint64_t addition could wrap for a
very large input on 64-bit builds. Rework the check to compare the
requested size against the remaining budget instead.
Add regression coverage that passes SIZE_MAX to the helper and
verifies the request is rejected rather than wrapping into an allowed
send.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Guard the flow-control error close paths in quic_stream_receive_data()
so they only send CONNECTION_CLOSE for socket-backed endpoints.
The Quic unit tests exercise receive-side flow-control handling with
synthetic endpoints that set sock = -1 and do not initialize recovery
state. Sending CONNECTION_CLOSE from those paths can reach recovery
shutdown and touch an uninitialized lock even though no transport
packet can be sent.
Keep returning -EPROTO for the protocol violation, but skip the close
when the endpoint is not fully usable for transport I/O. Add coverage
for the RX buffer overflow path and assert that synthetic endpoints do
not enter recovery shutdown on these fatal receive errors.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Process Version Negotiation and unsupported-version long headers before
applying Quic v1 Initial-specific checks in process_long_header().
Version Negotiation packets randomize the long-header type bits, so
they can look like Initial packets during early parsing. Checking the
Initial DCID minimum length first can therefore reject Version
Negotiation packets, or other unsupported versions, before they reach
the correct version-handling path.
Move the version check ahead of the Initial DCID length validation and
add regression coverage for Version Negotiation and unsupported-version
packets whose type bits decode as Initial.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
