Originally EFAULT was used to indicate NULL pointer error in TLS option
set/get functions. EINVAL was suggested to be more apropriate error code
for this case, hence replace it.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Introduce non-blocking DTLS handshake, used during recv function call.
This prevents from blocking while waiting for initial handshake packet
on non-blocking sockets during receive.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Make TLS poll function verify if decrypted data is available after
socket has notified activity with POLLIN flag. This prevents from giving
false notifications in case data was received on socket but was consumed
by mbedTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Specify timeout value for mbedtls_ssl_read function for DTLS servers.
Adding this can prevent TLS context lockup in case blocking recv is used
and peer has shut down DTLS connection without closing it gracefully.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for DTLS recv/recvfrom function.
For DTLS client, recv function requires to have an already established
DTLS connection.
For DTLS servers, this function will try to establish DTLS connection
before receiving data. In case that DTLS handshake fails, recv function
will silently retry.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for DTLS send/sendto function.
For DTLS clients, send function will try to establish DTLS connection
before sending data. If DTLS handshake fails, it will return an error.
For DTLS servers, send function requires to have DTLS connection already
established.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
DTLS handshake can return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED, which
indicate that TLS session context should be reset.
Also, store information whether TLS connection has beed established.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add binary IO functions for DTLS connections.
dtls_rx function is more complex than it's TLS counterpart due to fact,
that DTLS does not allow blocking operation for this function. A simple
timeout mechanism was implmented basing on the zsock_poll function.
This function also verifies peer address. As currently only a single
DTLS connection is supported on a socket, if a DTLS connection is
established, and we receive datagram from different peer, it is silently
dropped.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Functions for checking flags set on sockets are needed by TLS sockets as
well, therefore extract them to a separate header file to avoid code
duplication.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add write-only socket option to set role for DTLS connection. This
option is irrelevant for TLS connections.
This options accepts and integer with a TLS role, compatible with
mbedTLS values:
0 - client,
1 - server.
By default, DTLS will assume client role.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
After it sends SYN_ACK, there is a case that the client sends the packet
with both ACK and RST bits are set, and this packet needs to be handled
if the packet is valid.
CLIENT SERVER
------ ------
|--------- SYN -------->|
|<------ SYN_ACK -------|
|------- ACK_RST ------>|
|--------- SYN -------->|
|<-------- ??? ---------|
This patch checks the RST bits even if other flags are set and process
the packet.
Signed-off-by: Tedd Ho-Jeong An <tedd.an@intel.com>
IPv6 cleanup patch introduced a regression. Misunderstood the logic.
Do not drop the packet if packet does not have ND options, just skip.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Instead of reading or writing different icmpv4 header's individual
variables, better to read or write whole struct at a time. This
minimizes the calls to net_frag_read() or net_frag_write().
changes also removed slow and fast paths. Changes should optimize
the total flow.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
On flash NVS was stored one entry after another including the metadata
of each entry. This has the disadvantage that when an incomplete write
is performed (e.g. due to power failure) the complete sector had to be
rewritten to get a completely functional system.
The present rewrite changed the storage in flash of the data. For each
sector the data is now written as follows: the data itself at the
beginning of the sector (one after the other), the metadata (id, length,
data offset in the sector, and a crc of the metadata) is written from
the end of the sector. The metadata is of fixed size (8 byte) and for
a sector that is completely occupied a metadata entry of all zeros is
used.
Writing data to flash always is done by:
1. Writing the data,
2. Writing the metadata.
If an incomplete write is done NVS will ignore this incomplete write.
At the same time the following improvements were done:
1. NVS now support 65536 sectors of each 65536 byte.
2. The sector size no longer requires to be a power of 2 (but it
still needs to be a multiple of the flash erase page size).
3. NVS now also keeps track of the free space available.
Signed-off-by: Laczen JMS <laczenjms@gmail.com>
The nvs module has some disadvantages for larger block size. The data
header and slot are taking up to much space. A rewrite is proposed that
reduces the used storage space for systems with write block size > 4.
The data storage in flash is now one unit consisting of: data_length,
data_id, data and data_length again in a multiple of the write block
size. The data_length at the end is used to validate the correctness of
the flash write and also allows to travel backwards in the filesystem.
As a comparison, on a system with block size 8 byte, a 32 bit values
now fits 1 block including the metadata (length and id). This used to
be 3 blocks.
The data_length will occupy 1 byte if the data length is less than 128
byte, it will occupy 2 byte if the data length is 128 byte or more. The
data length is limited to 16383 byte.
Each write to flash is verified by a read back of the data.
The read performance is improved because reading is done backwards so
the latest items are found first.
When the filesystem is locked it can be unlocked by calling
reinit(), this will clear flash and setup everything for storage.
add sample documentation - README.rst
Update dtsi to include erase_block_size, use erase_block_size in sample
Update prj.conf to include CONFIG_MPU_ALLOW_FLASH_WRITE
Signed-off-by: Laczen JMS <laczenjms@gmail.com>
Up until now, Zephyr has patched Kconfig to use the last 'default' with
a satisfied condition, instead of the first one. I'm not sure why the
patch was added (it predates Kconfiglib), but I suspect it's related to
Kconfig.defconfig files.
There are at least three problems with the patch:
1. It's inconsistent with how Kconfig works in other projects, which
might confuse newcomers.
2. Due to oversights, earlier 'range' properties are still preferred,
as well as earlier 'default' properties on choices.
In addition to being inconsistent, this makes it impossible to
override 'range' properties and choice 'default' properties if the
base definition of the symbol/choice already has 'range'/'default'
properties.
I've seen errors caused by the inconsistency, and I suspect there
are more.
3. A fork of Kconfiglib that adds the patch needs to be maintained.
Get rid of the patch and go back to standard Kconfig behavior, as
follows:
1. Include the Kconfig.defconfig files first instead of last in
Kconfig.zephyr.
2. Include boards/Kconfig and arch/<arch>/Kconfig first instead of
last in arch/Kconfig.
3. Include arch/<arch>/soc/*/Kconfig first instead of last in
arch/<arch>/Kconfig.
4. Swap a few other 'source's to preserve behavior for some scattered
symbols with multiple definitions.
Swap 'source's in some no-op cases too, where it might match the
intent.
5. Reverse the defaults on symbol definitions that have more than one
default.
Skip defaults that are mutually exclusive, e.g. where each default
has an 'if <some board>' condition. They are already safe.
6. Remove the prefer-later-defaults patch from Kconfiglib.
Testing was done with a Python script that lists all Kconfig
symbols/choices with multiple defaults, along with a whitelist of fixed
symbols. The script also verifies that there are no "unreachable"
defaults hidden by defaults without conditions
As an additional test, zephyr/.config was generated before and after the
change for several samples and checked to be identical (after sorting).
This commit includes some default-related cleanups as well:
- Simplify some symbol definitions, e.g. where a default has 'if FOO'
when the symbol already has 'depends on FOO'.
- Remove some redundant 'default ""' for string symbols. This is the
implicit default.
Piggyback fixes for swapped ranges on BT_L2CAP_RX_MTU and
BT_L2CAP_TX_MTU (caused by confusing inconsistency).
Piggyback some fixes for style nits too, e.g. unindented help texts.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
This net_buf leak happends when we are low on available net_buf
count. During TCP segment preparation we do allocate IP header
successfully, but we fail to allocate TCP header. In such case
pkt->frags is not NULL anymore (it contains IP header), but we
override it during TCP header allocation error path. This results
in net_buf containing IP header to never be deallocated, because
it does not belong to any net_pkt anymore.
Use net_pkt_frag_add() function to add tail for future net_pkt
deallocation, instead of assigning tail to pkt->frags pointer.
Fixes: c6407659f3 ("net: tcp: Add the frag back to caller allocated
net_pkt")
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Instead of reading or writing different icmpv6 header's individual
variables, better to read or write whole struct at a time. This
minimizes the calls to net_frag_read() or net_frag_write().
changes also removed slow and fast paths. Changes should optimize
the total flow.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
If the driver has created start() and stop() functions, then those
are called when ethernet L2 is enabled or disabled.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
IPv6 fragmentation splits the packet into two parts, one is header
and another is payload. Every time header is cloned and part of
payload is appended. At the end original header packet is not freed.
Causes memory leak.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Current implementation only considers IP header length while setting
appdata value on a cloned packet. It will give bogus value if original
packet contains extension headers and if extension headers are large
(i.e. more than one fragment). Only consider appdata length from the
original packet.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
After a dedicated header is allocated to the simulated SOC versions
there is no need anymore to have guards in these other files
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
To avoid issues with differences between the simulated and the real
SOC let's separate the simulated one into its own header
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
The ethernet sending routine sent a corrupted ARP packet instead
of the actual IPv4 packet.
Fixes#9348
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
No need to inline the net_if_ipv6_addr_lookup_by_iface() function
as it is used multiple times in ipv6.c
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Add a function which returns proper network interface to send either
IPv4 or IPv6 network packet to corresponding destination address.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Add a function that will return the network interface that would
be used when sending a IPv6 network packet to specific IPv6 destination
address.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
For example for Bluetooth IPSP, it is not needed to join solicited
node multicast group address.
From https://tools.ietf.org/html/rfc7668#section-3.2.2 :
"""
There is no need for 6LN to join the solicited-node multicast address,
since 6LBR will know device addresses and hence link-local addresses
of all connected 6LNs.
"""
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The LLDP protocol defines 2 separate agents, the Transmitters and
the Receivers. For the context of Zephyr, we are only interested in
the Tx agent, thus we drop any LLDP frames received by Zephyr.
LLDP frames are basically composed by an ethernet header followed by
the LLDP Protocol Data Unit (LLDPDU). The LLDPDU is composed by several
TLVs, some of them being mandatory and some optional.
Our approach here is having TLVs fully configured from Kconfig, thus
having the entire LLDPDU constructed on build time.
The commit adds NET_ETH_PTYPE_LLDP definition and related handling.
If CONFIG_NET_LLDP is enabled then ethernet_context has a pointer to
the struct net_lldpdu that belongs to that ethernet interface. Also
when CONFIG_NET_LLDP is enabled, the LLDP state machine will start to
send packets when network interface is coming up.
Currently the LLDP state machine is just a k_delayed_work() sending the
LLDPDU at a given period (defined by CONFIG_NET_LLDP_TX_INTERVAL).
Fixes#3233
Signed-off-by: Jesus Sanchez-Palencia <jesus.sanchez-palencia@intel.com>
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The LwM2M engine will cleanup the net_app_ctx if there are
errors during initialization. The clean up calls here in
RD client are duplicated.
Signed-off-by: Michael Scott <mike@foundries.io>
Make sure that string to integer conversions are checked properly
so that we are not trying to use the return value from strtol()
if the string is not a number.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This change moves the logic for linearize and append_bytes from
the net_pkt sources into the net_buf sources where it can be
made available to layers which to not depend on net_pkt. It also,
adds a new net_buf_skip() function which can be used to iterated
through a list of net_buf (freeing the buffers as it goes).
For the append_bytes function to be generic in nature, a net_buf
allocator callback was created. Callers of append_bytes pass in
the callback which determines where the resulting net_buf is
allocated from.
Also, the dst buffer in linearize is now cleared prior to copy
(this was an addition from the code moved from net_pkt).
In order to preserve existing callers, the original functions are
left in the net_pkt layer, but now merely act as wrappers.
Signed-off-by: Michael Scott <mike@foundries.io>
This are all the parameters defined by the standard (12.21.1).
Additionally the parameters that are read-only are validated in the
ethernet_set_config callback.
Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
This commits adds new priority to traffic class mappings and allows
users to choose which mapping to use through menuconfig.
The new mappings are recommended in 802.1 (chapter 34.5) for
time-sensitive applications supporting the credit-based sharper
algorithm.
Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
Zephyr UART drivers offer very low-level functionality. Oftentimes,
it would be useful to provide higher-level wrappers around UART
device which would offer additional functionality. However, UART
driver irq callback routine receives just a pointer to (low-level)
UART device, and it's not possible to get to a wrapper structure
(without introducing expensive external mapping structures). This
is an indirect reason why the current UARt wrappers - uart_pipe,
console - are instantiated statically just for one underlying UART
device and cannot be reused for multiple devices.
Solve this by allowing to pass an arbitrary user data to irq
callback, set by new uart_irq_callback_user_data_set() function.
Existing uart_irq_callback_set() keeps setting a callback which
will receive pointer to the device.
While public API maintains compatibility, drivers themselves need
to be updated to support arbitrary user data storage/passing (as
legacy uart_irq_callback_set() functionality is now implemented in
terms of it).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
