Add a LOG_DBG for all aborts so that it is easier
to determine the exact reason for an aborted CAP
procedure.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Minor change to valid_unicast_to_broadcast_metadata to break
the loop earlier if the unique_metadata_cnt is already too
large.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
bt_avdtp_parse_capability_codec() returns immediately after parsing the
Media Codec service category, skipping any subsequent service categories
in the capability list. This causes the Delay Reporting service category
(0x08) to be missed when it appears after the Media Codec in a Set
Configuration command.
Fix by replacing 'return 0' with 'break' so the while loop continues
to parse remaining service categories. Also update the final return to
check whether a codec was actually found.
Signed-off-by: Zihao Gao <gaozihao@xiaomi.com>
Update the documentation for the uncast_x_complete callbacks
so that applications can better determine what `err` might be
and act according to the error.
It also makes the disconnect callback more unique, as well
as treating control point write rejects different from
invalid state changes.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
The characteristic name and definitions in the TBS spec for
the values are "optional opcodes" instead of "support features".
Additionally, the field is 16-bit, instead of the current 8-bit
in the register parameters.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Use the PRIu64 macro from inttypes.h to format the stream ID,
which is of type uint64_t. This change resolves the -Wformat
warning on 64-bit platforms:
format '%llu' expects argument of type 'long long unsigned int',
but argument 6 has type 'uint64_t' {aka 'long unsigned int'}
Signed-off-by: Tim Pambor <tim.pambor@codewrights.de>
Extends SPIN_VALIDATE feature to support up to 8 CPUs on
64-bit systems while maintaining backward compatibility with 32-bit
systems (which still support up to 4 CPUs).
Many modern SoCs have more than 4 CPU cores, yet the SPIN_VALIDATE
feature was only available for systems with MP_MAX_NUM_CPUS <= 4.
This limitation becomes increasingly relevant as multi-core designs
with 6-8 cores become common in both embedded and server applications.
The implementation leverages pointer alignment guarantees:
- On 32-bit systems: pointers are 4-byte aligned → 2 free bits →
up to 4 CPUs
- On 64-bit systems: pointers are 8-byte aligned → 3 free bits →
up to 8 CPUs
Signed-off-by: Li Jie <lijie.1996@picoheart.com>
When LCP receives a Configure-Request while in OPENED state
(peer-initiated renegotiation, RFC 1661 §4.2), the FSM core invokes
the LCP down callback (lcp_down). The previous implementation
called ppp_link_down(), which unconditionally set the PPP phase
to PPP_DEAD before lcp_down restored PPP_ESTABLISH. The
intermediate PPP_DEAD fired NET_EVENT_PPP_PHASE_DEAD; net_mgmt
subscribers (notably the modem cellular driver) treated it as link
loss and tore the carrier down even though LCP would have
renegotiated cleanly on its own.
ppp_change_phase() already detected the resulting NETWORK -> DEAD
transition as invalid via validate_phase_transition() but only
logged it.
Inline ppp_link_down() into lcp_down() and skip the intermediate
PPP_DEAD write: pick the final phase directly based on whether the
carrier is still up and LCP is still enabled. The end state matches
the previous implementation in every case; only the spurious DEAD
event between the two phase changes is removed.
ppp_link_down() had only this one caller and is therefore removed
from link.c along with its prototype in ppp_internal.h.
Also extend validate_phase_transition()'s rules table to cover the
transitions reachable through the new lcp_down:
- AUTH / NETWORK / RUNNING -> ESTABLISH: reachable when LCP
renegotiates and no NCP was OPENED at the time, so
ppp_network_all_down() does not transit the phase further.
- TERMINATE -> ESTABLISH: reachable when LCP renegotiates while
at least one NCP was OPENED. ppp_network_all_down() then
invokes the NCP cb.down callbacks, which through
ppp_network_down() decrement network_protos_up to zero and
write PPP_TERMINATE. The final change_phase(PPP_ESTABLISH) in
lcp_down is then observed as TERMINATE -> ESTABLISH.
- AUTH / NETWORK / RUNNING -> DEAD: reachable when carrier is
lost or LCP is disabled with no NCP OPENED. (When at least one
NCP was OPENED the path goes via TERMINATE -> DEAD which was
already valid; the rule is added defensively for the no-NCP
case where no intermediate TERMINATE write occurs.)
Empirically observed and verified on a Quectel BG770S over 3GPP
CMUX: after the initial LCP completes and IPCP starts, the modem
occasionally sends a fresh LCP Configure-Request mid-session;
without this fix the cellular driver tore the connection down on
the spurious PHASE_DEAD event.
Signed-off-by: Petr Hlineny <development@hlineny.cz>
Assisted-by: Claude Opus 4.7 <noreply@anthropic.com>
dns_resolve_reconfigure() skips NET_EVENT_DNS_SERVER_ADD when the new
server set is identical to the existing one, to avoid cancelling
in-flight queries on DHCP retransmit and IPv6 RA. The event is therefore
a per-slot delta, not a configuration-refresh signal: consumers that
wait on it as a "DNS is now configured" indicator after a network event
miss every reconfigure that re-applies the same servers.
Add NET_EVENT_DNS_SERVERS_RECONFIGURED, raised on every successful
reconfigure including the deduplicated case.
Signed-off-by: Paulo Santos <paulo.santos-ext@hexagon.com>
Use the same size for the URI buffer in the FW object implementation as
in the FW pull download helper module. That way, if the server writes
too long URI to handle in the FW pull mode, it'll get an error response
immediately instead of failing at firmware download start.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Verify the URI length provided to lwm2m_pull_context_start_transfer()
before use, otherwise in case the URI string is longer than the buffer,
only part of it was copied w/o NULL terminator, which could lead to
out-of-bound reads and other undefined behavior.
As the string length is now validated, just use strcpy() instead of
memcpy(), no need to copy the whole buffer.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Return an error when an SO_TIMESTAMPING control message is present but
too short to contain struct net_ptp_time. Keep the existing fallback
behavior for receive paths where no timestamp control message is present.
This makes malformed timestamp ancillary data explicit instead of hiding
it behind the missing-timestamp fallback path, and adds L2/IPv4 regression
coverage for both malformed and absent timestamp control messages.
Signed-off-by: Philipp Steiner <philipp.steiner1987@gmail.com>
move qemu network interface selection, because it fits better in
cmake/emu/qemu.cmake than in cmake/modules/kernel.cmake.
It is also put at the end because for usb network cards, the usb bus
must be created before the network interface can be added. Also true
for other network cards on buses. Currently we don't have usb network
cards in zephyr, but it is better to be prepared for that.
Also use the separate netdev and device option.
The combined command line option didn't work for "usb-net" for example.
For the riscv qemu the -nic option is broken acording to the qemu issue
(https://gitlab.com/qemu-project/qemu/-/work_items/691), so we need to
use the -netdev and -device options.
Because of the change to -netdev and -device options, we need a new
Kconfig option to specify the extra arguments for the network device,
so we add NET_QEMU_DEVICE_EXTRA_ARGS option.
this can be used to customise the network device, like the mac address,
or more device specific options like setting f.e. the addresss/slot of
a pci card.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
open_sensor() allocated a sensing_connection with k_malloc, leaving
data, next_consume_time and callback_list uninitialised. Dereferencing
the stale callback_list before sensing_register_callback() is called
causes undefined behaviour.
Replace k_malloc with k_calloc so the whole structure is zero-
initialised on allocation.
Fixes#107026
Signed-off-by: Sylvain Mosnier <sylvain.mosnier@laposte.net>
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
warning: variable 'rv' is used uninitialized whenever switch
default is taken [-Wsometimes-uninitialized]
Signed-off-by: Joakim Tjernlund <joakim.tjernlund@nokia.com>
The function explicitly states that they check for 0
or non-0, but use a boolean conversion (! or !!) to
apply this, instead of == or !=. This makes the functions
adhere to our coding guidelines.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
A pattern ending in an unescaped '\\' caused fnmatch() to read one byte
past the buffer, in two paths:
- rangematch() consumed the escape with pat++ and then dereferenced
*pat without checking for EOS (e.g. pattern "[\\").
- fnmatchx() case '\\' read *pattern++ unconditionally; with pattern
"*\\" this advanced past the NUL and the while loop wrapped back to
read it.
Bail out before the dereference: rangematch() returns RANGE_ERROR and
fnmatchx() returns FNM_NOMATCH, matching the POSIX requirement that a
pattern ending with an unescaped backslash yields a non-zero result.
Signed-off-by: Flavio Ceolin <flavio@hubblenetwork.com>
This is the old way of doing things, it's used as a means
to enable PSA Crypto as historically it was the only way.
But other PSA Crypto implementations than Mbed TLS are
available (for example, TF-M) and since CONFIG_PSA_CRYPTO
has been introduced it's what should be used when wanting
to enable PSA Crypto.
The build system automatically takes care of choosing
the correct implementation (and enabling
CONFIG_MBEDTLS_PSA_CRYPTO_C when relevant) under the hood.
Replace all occurrences by `CONFIG_PSA_CRYPTO` instead
(or just remove it in cases where nothing is needed).
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
It doesn't really serve a purpose since the addition of
CONFIG_PSA_CRYPTO.
Replace remaining uses of the former by the latter.
TF-M now implies CONFIG_PSA_CRYPTO the same way as
CONFIG_MBEDTLS because otherwise we get build failures
if we build Mbed TLS without CONFIG_PSA_CRYPTO enabled.
Hopefully we can remove these two in a later PR.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Depending on what config options are enabled, it is possible
that LOG_MODULE_REGISTER() is not called. Make sure that we register
the logger at least once for the net_route logger.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Mark old IPv6 specific route kconfig options as deprecated. They
are replaced by similar options that have IPV6 prefix in them.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
If IPv4 routing is enabled, then try to get the gateway address
from it if the target address is not in local subnet.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add initial routing support when sending IPv4 packets. This
is not implementing routing when forwarding packets.
Assisted-by: Copilot:gpt-5.4
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
As the route API is IPv6 specific, rename the functions to reflect that.
Renaming routing related Kconfig options and files and add IPv6
prefix there as the routing calls are IPv6 specific.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Populate AF_PACKET recvfrom() source metadata from the packet's
actual ingress interface instead of the socket context iface.
Wildcard packet sockets can receive traffic from multiple interfaces,
so reusing the context iface reports the wrong sll_ifindex after a
packet arrives on another interface. Use net_pkt_iface(pkt) and only
fall back to the context iface when needed.
Assisted-by: Copilot:GPT-5.4
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
When an LLEXT is loaded in memory and calls kernel or libc symbols
located in flash, the target may fall outside the range of branches
on some architectures, such as Thumb-2 BL, causing relocations to
fail.
Add CONFIG_LLEXT_VENEERS which, when enabled, generates trampoline
stubs for such out-of-range relocations.
Stubs are allocated from the LLEXT heap into a new LLEXT_MEM_VENEER
region, instead of using new state variables to track the memory, to
leverage the existing llext machinery that flushes cache, frees memory
on unload, etc.
A test extension is added, compiled with -mno-long-calls to force
direct branches on Arm and exercise the veneer path against multiple
libc symbols.
Signed-off-by: Ibrahim Abdalkader <i.abdalkader@gmail.com>
The disconnect result event's status field is overloaded with
wifi_disconn_reason values, but the shell printed it as a raw
integer and treated any non-zero value as a failure. A normal
user-initiated disconnect carries WIFI_REASON_DISCONN_USER_REQUEST
(2) and was reported as "Disconnection request failed (2)".
Add wifi_disconn_reason_txt() and use it. A user-initiated
disconnect that completes with USER_REQUEST or SUCCESS now
prints "Disconnection request done"; any other reason still
prints as a warning but with the reason text.
Signed-off-by: Sylvio Alves <sylvio.alves@espressif.com>
Fix missing static const qualifier on the version number
look up array declaration.
Without this fix, str was an automatic array inside
bt_hci_get_ver_str(), consuming stack on each call.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
The limit check on mq_attr used && instead of ||, so a request
exceeding only one of CONFIG_MSG_SIZE_MAX or CONFIG_POSIX_MQ_OPEN_MAX
was accepted. The buffer was then allocated as
msg_size * max_msgs without overflow checking, allowing the
multiplication to wrap and produce an under-sized heap buffer
that a later mq_send() would overflow.
Reject when either limit is exceeded, and use size_mul_overflow()
before k_malloc().
Signed-off-by: Flavio Ceolin <flavio@hubblenetwork.com>
When `pm_device_runtime_put*()` is called on a device whose usage
count is already zero, `runtime_suspend()` emits "Unbalanced suspend"
at warning level. The message does not include the device name,
so on a system with many runtime-managed devices the warning gives
no hint which call site to fix.
Add `dev->name` to the log message, matching the style of the
neighbouring debug logs in the file.
Signed-off-by: Petr Hlineny <development@hlineny.cz>
The delay for multicast responses was calculated in seconds but
lorawan_services_schedule_uplink() expects milliseconds.
According to RP002-1.0.3 chapter 2.3, the intended delay is 2+-1
seconds (i.e. a random value in the range [1, 3] seconds). The fix
converts to milliseconds using MSEC_PER_SEC:
uint32_t delay_ms = MSEC_PER_SEC +
(sys_rand32_get() % (2 * MSEC_PER_SEC));
The variable is also renamed from delay to delay_ms to make the unit
explicit and consistent with the fix in frag_transport.c.
Without this fix, the response is delayed by only 1-3ms instead of
1-3s, which could cause uplink collisions when multiple devices
simultaneously respond to a multicast setup command.
Signed-off-by: Dwij Patel <dwijpatel7@gmail.com>
When converting from ticks to milliseconds for zsock_poll(), infinite
timeouts need to be checked before calling k_ticks_to_ms_ceil32().
The code previously used k_ticks_to_ms_floor32(), which likely hidden
the bug as the timeout was rounded down to a very large number, but with
rounding up, an infinite timeout was converted to 0, which caused
zsock_poll() to exit immediately and report timeout.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Treat missing TX crypto context for Handshake and Application packet
protection as a transient not-ready condition instead of an invalid key
error.
This matches the earlier RX-side handling and avoids counting benign
teardown and timing cases as invalid_key failures. In practice this
removes false tx-no-crypto-context statistics hits seen in qemu_x86
runs and keeps the QUIC test suite stable.
Assisted-by: Copilot:gpt-5.4
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
A reordered 1-RTT or long packet can arrive before this endpoint
finishes installing application keys from the peer's handshake
flight. Ignore it without charging invalid-key/drop statistics.
This fixes the issues seen in CI which is processing packets
slower than when running the same tests locally.
Assisted-by: Copilot:gpt-5.4
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Implement NEW_TOKEN handling in the Quic stack.
Add server-side NEW_TOKEN generation after handshake completion and
store received NEW_TOKEN values in a client-side cache for later use.
When the cache is full, replace older entries instead of dropping new
ones.
This also wires the NEW_TOKEN frame encoding to the existing varint
helpers so that emitted frames are built with the expected token
lengths.
Assisted-by: Copilot:gpt-5.4
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The 64-bit ATE format only has a 4-byte payload union after the 8-byte
id, so empty_ate.full_cycle_cnt and empty_ate.metadata alias the same
4 bytes. zms_add_empty_ate() wrote both — metadata first (needed for
format/version detection on mount) then full_cycle_cnt — and the second
write silently clobbered the first. As a result, every empty ATE in
64-bit ID mode lost its magic/version, zms_init() failed to recognise
sectors on remount, and tests including test_zms_gc, test_zms_full_sector
and test_zms_id_64bit failed silently.
In 64-bit ID mode, skip the empty_ate.full_cycle_cnt write entirely so
metadata stays intact. The 8-bit empty_ate.cycle_cnt (a separate field
at byte offset 1, with no aliasing) is now seeded from prev_cycle_cnt
on the just-erased path so it accumulates across recycles modulo 256
and doubles as the cumulative wear counter exposed by
zms_get_num_cycles() / zms_get_sector_num_cycles(). The 32-bit ID
codepath keeps the existing 32-bit full_cycle_cnt range and behaviour.
Trade-off: in 64-bit ID mode the cycle counter wraps every 256 cycles
instead of every ~4 billion. The 32-bit ID format is unchanged.
Signed-off-by: Mircea Caprioru <mcaprioru@baylibre.com>
In zms_add_empty_ate(), use zms_get_sector_cycle() for the 8-bit
cycle_cnt (data validity) independently from the 32-bit full_cycle_cnt
(erase tracking). Previously cycle_cnt was derived from full_cycle_cnt
which broke when zms_verify_and_increment_cycle_cnt double-incremented
cycle_cnt.
In zms_wipe_partition(), read each sector's full_cycle_cnt before
erasing so the count is preserved. This is needed for RRAM/MRAM
devices where zms_flash_erase_sector is a no-op.
Signed-off-by: Mircea Caprioru <mcaprioru@baylibre.com>
In zms_gc(), the sector erase at zms_flash_erase_sector() destroyed
the empty ATE holding full_cycle_cnt before zms_add_empty_ate() could
read it, causing zms_get_full_sector_cycle() to always return -ENOENT
and resetting the count to 0 (stored as 1). The counter could never
exceed 1.
Fix by reading full_cycle_cnt before erasing and passing the saved
value to zms_add_empty_ate() via a new prev_cycle_cnt parameter.
Apply the same read-before-erase pattern in zms_init() recovery paths.
Signed-off-by: Mircea Caprioru <mcaprioru@baylibre.com>
...which calculates the maximum number of times a single
ZMS sector has been recycled. This is to enable estimation
of an RRAM lifetime based on a set of tests.
Signed-off-by: Damian Krolik <damian.krolik@nordicsemi.no>
Signed-off-by: Mircea Caprioru <mcaprioru@baylibre.com>
Add shell support for the bt_conn_br_change_packet_type() API:
- Add 'br change-packet-type <hex>' shell command to allow
changing ACL packet types on an established BR/EDR connection.
- Add br_packet_type_changed callback to print the
HCI_Connection_Packet_Type_Changed event result.
- Register the callback in conn_callbacks.
This addresses the review feedback requesting shell/test support
for the change connection packet type feature.
Signed-off-by: Kai Cheng <chengkai@xiaomi.com>
