Commit graph

21541 commits

Author SHA1 Message Date
Robert Lubos
7c487ba04a net: tls: Use EINVAL for NULL pointer error in option setters
Originally EFAULT was used to indicate NULL pointer error in TLS option
set/get functions. EINVAL was suggested to be more apropriate error code
for this case, hence replace it.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2018-08-13 15:24:34 +03:00
Robert Lubos
800392e128 net: tls: Enable non-blocking DTLS handshake
Introduce non-blocking DTLS handshake, used during recv function call.
This prevents from blocking while waiting for initial handshake packet
on non-blocking sockets during receive.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2018-08-13 15:24:34 +03:00
Robert Lubos
ae41ec1f35 net: tls: Make TLS poll implementation check mbedTLS data
Make TLS poll function verify if decrypted data is available after
socket has notified activity with POLLIN flag. This prevents from giving
false notifications in case data was received on socket but was consumed
by mbedTLS.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2018-08-13 15:24:34 +03:00
Robert Lubos
8697cc946f net: tls: Add timeout for mbetTLS read
Specify timeout value for mbedtls_ssl_read function for DTLS servers.
Adding this can prevent TLS context lockup in case blocking recv is used
and peer has shut down DTLS connection without closing it gracefully.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2018-08-13 15:24:34 +03:00
Robert Lubos
b1d8271152 net: tls: Support DTLS recv and handshake
Add support for DTLS recv/recvfrom function.

For DTLS client, recv function requires to have an already established
DTLS connection.

For DTLS servers, this function will try to establish DTLS connection
before receiving data. In case that DTLS handshake fails, recv function
will silently retry.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2018-08-13 15:24:34 +03:00
Robert Lubos
bdc56cfe89 net: tls: Support DTLS send and handshake
Add support for DTLS send/sendto function.

For DTLS clients, send function will try to establish DTLS connection
before sending data. If DTLS handshake fails, it will return an error.

For DTLS servers, send function requires to have DTLS connection already
established.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2018-08-13 15:24:34 +03:00
Robert Lubos
d021b8c60f net: tls: Adapt connect for DTLS
Extend connect function with DTLS functionality.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2018-08-13 15:24:34 +03:00
Robert Lubos
6c5aaa070c net: tls: Handle HELLO_VERIFY_REQUIRED during DTLS handshake
DTLS handshake can return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED, which
indicate that TLS session context should be reset.

Also, store information whether TLS connection has beed established.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2018-08-13 15:24:34 +03:00
Robert Lubos
4c235dea73 net: tls: Add DTLS bio functions
Add binary IO functions for DTLS connections.

dtls_rx function is more complex than it's TLS counterpart due to fact,
that DTLS does not allow blocking operation for this function. A simple
timeout mechanism was implmented basing on the zsock_poll function.

This function also verifies peer address. As currently only a single
DTLS connection is supported on a socket, if a DTLS connection is
established, and we receive datagram from different peer, it is silently
dropped.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2018-08-13 15:24:34 +03:00
Robert Lubos
8719f9a802 net: socket: Extract flag related functions to internal header file
Functions for checking flags set on sockets are needed by TLS sockets as
well, therefore extract them to a separate header file to avoid code
duplication.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2018-08-13 15:24:34 +03:00
Robert Lubos
4aaffaff8a net: tls: Add DTLS peer address helpers
Add helper functions to handle stored DTLS peer address.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2018-08-13 15:24:34 +03:00
Robert Lubos
3ad2bbceda net: tls: Add cookie for DTLS
Add DTLS cookie to TLS context, required by DTLS servers.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2018-08-13 15:24:34 +03:00
Robert Lubos
011b4f4265 net: tls: Add timer handling for DTLS
Add timer functions required by DTLS.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2018-08-13 15:24:34 +03:00
Robert Lubos
b03a388d73 net: tls: Add socket option to set DTLS role
Add write-only socket option to set role for DTLS connection. This
option is irrelevant for TLS connections.

This options accepts and integer with a TLS role, compatible with
mbedTLS values:
0 - client,
1 - server.

By default, DTLS will assume client role.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2018-08-13 15:24:34 +03:00
Robert Lubos
85db974ec3 net: tls: Add DTLS protocol types
Define DTLS protocol types and and Kconfig option to enable DTLS
support.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2018-08-13 15:24:34 +03:00
Tedd Ho-Jeong An
8b1f966b12 net: tcp: Handle RST packet when multiple flags are set
After it sends SYN_ACK, there is a case that the client sends the packet
with both ACK and RST bits are set, and this packet needs to be handled
if the packet is valid.

   CLIENT                 SERVER
   ------                 ------
     |--------- SYN -------->|
     |<------ SYN_ACK -------|
     |------- ACK_RST ------>|
     |--------- SYN -------->|
     |<-------- ??? ---------|

This patch checks the RST bits even if other flags are set and process
the packet.

Signed-off-by: Tedd Ho-Jeong An <tedd.an@intel.com>
2018-08-13 15:23:18 +03:00
Ravi kumar Veeramally
0aa437a16c net: ipv6: Fix regression in IPv6 cleanup
IPv6 cleanup patch introduced a regression. Misunderstood the logic.
Do not drop the packet if packet does not have ND options, just skip.

Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
2018-08-13 14:41:34 +03:00
Oleg Zhurakivskyy
ac92a01f5a net: ipv6: Refactor IPv6 header length handling
Change the length to uint16_t and work with it
through standard htons/ntohs() macros.

Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2018-08-13 13:53:14 +03:00
Ravi kumar Veeramally
7d55b7f11a net: icmpv4: Simplify the flow at net_icmpv4_get/set_xxx() calls
Instead of reading or writing different icmpv4 header's individual
variables, better to read or write whole struct at a time. This
minimizes the calls to net_frag_read() or net_frag_write().
changes also removed slow and fast paths. Changes should optimize
the total flow.

Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
2018-08-13 13:52:57 +03:00
Laczen JMS
7d2e59813f subsys: fs/nvs: Rewrite for improved robustness
On flash NVS was stored one entry after another including the metadata
of each entry. This has the disadvantage that when an incomplete write
is performed (e.g. due to power failure) the complete sector had to be
rewritten to get a completely functional system.

The present rewrite changed the storage in flash of the data. For each
sector the data is now written as follows: the data itself at the
beginning of the sector (one after the other), the metadata (id, length,
data offset in the sector, and a crc of the metadata) is written from
the end of the sector. The metadata is of fixed size (8 byte) and for
a sector that is completely occupied a metadata entry of all zeros is
used.

Writing data to flash always is done by:
1. Writing the data,
2. Writing the metadata.

If an incomplete write is done NVS will ignore this incomplete write.

At the same time the following improvements were done:
1. NVS now support 65536 sectors of each 65536 byte.
2. The sector size no longer requires to be a power of 2 (but it
still needs to be a multiple of the flash erase page size).
3. NVS now also keeps track of the free space available.

Signed-off-by: Laczen JMS <laczenjms@gmail.com>
2018-08-10 14:16:06 -07:00
Laczen JMS
b9dead0a42 subsys: fs/nvs: Improved nvs for larger blocksizes
The nvs module has some disadvantages for larger block size. The data
header and slot are taking up to much space. A rewrite is proposed that
reduces the used storage space for systems with write block size > 4.

The data storage in flash is now one unit consisting of: data_length,
data_id, data and data_length again in a multiple of the write block
size. The data_length at the end is used to validate the correctness of
the flash write and also allows to travel backwards in the filesystem.

As a comparison, on a system with block size 8 byte, a 32 bit values
now fits 1 block including the metadata (length and id). This used to
be 3 blocks.

The data_length will occupy 1 byte if the data length is less than 128
byte, it will occupy 2 byte if the data length is 128 byte or more. The
data length is limited to 16383 byte.

Each write to flash is verified by a read back of the data.

The read performance is improved because reading is done backwards so
the latest items are found first.

When the filesystem is locked it can be unlocked by calling
reinit(), this will clear flash and setup everything for storage.

add sample documentation - README.rst

Update dtsi to include erase_block_size, use erase_block_size in sample

Update prj.conf to include CONFIG_MPU_ALLOW_FLASH_WRITE

Signed-off-by: Laczen JMS <laczenjms@gmail.com>
2018-08-10 14:16:06 -07:00
Ulf Magnusson
ec3eff57e0 Kconfig: Use the first default with a satisfied condition
Up until now, Zephyr has patched Kconfig to use the last 'default' with
a satisfied condition, instead of the first one. I'm not sure why the
patch was added (it predates Kconfiglib), but I suspect it's related to
Kconfig.defconfig files.

There are at least three problems with the patch:

  1. It's inconsistent with how Kconfig works in other projects, which
     might confuse newcomers.

  2. Due to oversights, earlier 'range' properties are still preferred,
     as well as earlier 'default' properties on choices.

     In addition to being inconsistent, this makes it impossible to
     override 'range' properties and choice 'default' properties if the
     base definition of the symbol/choice already has 'range'/'default'
     properties.

     I've seen errors caused by the inconsistency, and I suspect there
     are more.

  3. A fork of Kconfiglib that adds the patch needs to be maintained.

Get rid of the patch and go back to standard Kconfig behavior, as
follows:

  1. Include the Kconfig.defconfig files first instead of last in
     Kconfig.zephyr.

  2. Include boards/Kconfig and arch/<arch>/Kconfig first instead of
     last in arch/Kconfig.

  3. Include arch/<arch>/soc/*/Kconfig first instead of last in
     arch/<arch>/Kconfig.

  4. Swap a few other 'source's to preserve behavior for some scattered
     symbols with multiple definitions.

     Swap 'source's in some no-op cases too, where it might match the
     intent.

  5. Reverse the defaults on symbol definitions that have more than one
     default.

     Skip defaults that are mutually exclusive, e.g. where each default
     has an 'if <some board>' condition. They are already safe.

  6. Remove the prefer-later-defaults patch from Kconfiglib.

Testing was done with a Python script that lists all Kconfig
symbols/choices with multiple defaults, along with a whitelist of fixed
symbols. The script also verifies that there are no "unreachable"
defaults hidden by defaults without conditions

As an additional test, zephyr/.config was generated before and after the
change for several samples and checked to be identical (after sorting).

This commit includes some default-related cleanups as well:

  - Simplify some symbol definitions, e.g. where a default has 'if FOO'
    when the symbol already has 'depends on FOO'.

  - Remove some redundant 'default ""' for string symbols. This is the
    implicit default.

Piggyback fixes for swapped ranges on BT_L2CAP_RX_MTU and
BT_L2CAP_TX_MTU (caused by confusing inconsistency).

Piggyback some fixes for style nits too, e.g. unindented help texts.

Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
2018-08-10 12:38:28 -07:00
Marcin Niestroj
6521b9e4fa net: tcp: Fix net_buf leak in case of low available net_buf count
This net_buf leak happends when we are low on available net_buf
count. During TCP segment preparation we do allocate IP header
successfully, but we fail to allocate TCP header. In such case
pkt->frags is not NULL anymore (it contains IP header), but we
override it during TCP header allocation error path. This results
in net_buf containing IP header to never be deallocated, because
it does not belong to any net_pkt anymore.

Use net_pkt_frag_add() function to add tail for future net_pkt
deallocation, instead of assigning tail to pkt->frags pointer.

Fixes: c6407659f3 ("net: tcp: Add the frag back to caller allocated
  net_pkt")
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
2018-08-10 13:38:08 +03:00
Ravi kumar Veeramally
06c4a9504f net: icmpv6: Simplify the flow at net_icmpv6_get/set_xxx() calls
Instead of reading or writing different icmpv6 header's individual
variables, better to read or write whole struct at a time. This
minimizes the calls to net_frag_read() or net_frag_write().
changes also removed slow and fast paths. Changes should optimize
the total flow.

Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
2018-08-10 12:53:59 +03:00
Jukka Rissanen
31f89b0303 net: eth: Add start and stop L2 functions
If the driver has created start() and stop() functions, then those
are called when ethernet L2 is enabled or disabled.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2018-08-10 12:36:19 +03:00
Ravi kumar Veeramally
c8b589045d net: ipv6: Fix memory leak
IPv6 fragmentation splits the packet into two parts, one is header
and another is payload. Every time header is cloned and part of
payload is appended. At the end original header packet is not freed.
Causes memory leak.

Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
2018-08-09 16:25:52 +03:00
Ravi kumar Veeramally
bfa7516851 net: Do not set appdata on a cloned packet
Current implementation only considers IP header length while setting
appdata value on a cloned packet. It will give bogus value if original
packet contains extension headers and if extension headers are large
(i.e. more than one fragment). Only consider appdata length from the
original packet.

Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
2018-08-09 16:25:52 +03:00
Oleg Zhurakivskyy
fbac80bb94 net: ipv4: Refactor IPv4 header length handling
Change the length to uint16_t and work with it
through standard htons/ntohs() macros.

Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2018-08-09 16:25:17 +03:00
Oleg Zhurakivskyy
33e06441ba net: ipv4: Minor refactoring
Trivial refactoring, no functionality changes.

Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2018-08-09 16:25:17 +03:00
Alberto Escolar Piedras
3712fd3415 Bluetooth: controller: remove unnecessary guards in hal headers
After a dedicated header is allocated to the simulated SOC versions
there is no need anymore to have guards in these other files

Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
2018-08-09 12:15:45 +02:00
Alberto Escolar Piedras
e0864a9338 Bluetooth: controller: HAL: Separate simulated SOC in own header
To avoid issues with differences between the simulated and the real
SOC let's separate the simulated one into its own header

Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
2018-08-09 12:15:45 +02:00
Jukka Rissanen
d003d0e6a6 net: ipv4: Corrupted ARP pkt was sent instead of real IPv4 pkt
The ethernet sending routine sent a corrupted ARP packet instead
of the actual IPv4 packet.

Fixes #9348

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2018-08-09 11:56:44 +03:00
Jukka Rissanen
f39ff76ced net: if: Do not inline net_if_ipv6_addr_lookup_by_iface()
No need to inline the net_if_ipv6_addr_lookup_by_iface() function
as it is used multiple times in ipv6.c

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2018-08-08 14:54:27 +03:00
Jukka Rissanen
d0205693ae net: if: Add net_if_select_src_iface() function
Add a function which returns proper network interface to send either
IPv4 or IPv6 network packet to corresponding destination address.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2018-08-08 14:54:27 +03:00
Jukka Rissanen
b8fdf3c67a net: if: Add net_if_ipv6_select_src_iface() function
Add a function that will return the network interface that would
be used when sending a IPv6 network packet to specific IPv6 destination
address.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2018-08-08 14:54:27 +03:00
Tomasz Gorochowik
e75b607131 net: Fix credit-based shaper typos
The same typo copied to two places, do a: s/sharper/shaper/

Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
2018-08-08 13:01:37 +03:00
Jukka Rissanen
1f855095b4 net: l2: Add promiscuous mode to L2 flags when applicable
This allows more bearers than just ethernet to have promiscuous
mode support.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2018-08-08 11:02:30 +03:00
Jukka Rissanen
66244a0e67 net: if: No need to always join solicit node mcast group
For example for Bluetooth IPSP, it is not needed to join solicited
node multicast group address.

From https://tools.ietf.org/html/rfc7668#section-3.2.2 :

"""
There is no need for 6LN to join the solicited-node multicast address,
since 6LBR will know device addresses and hence link-local addresses
of all connected 6LNs.
"""

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2018-08-08 11:02:30 +03:00
Jukka Rissanen
ccfcdabaf6 net: l2: Add flags to tell if L2 supports multicast
If multicast is not supported, then we do not need to join
multicast group.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2018-08-08 11:02:30 +03:00
Jesus Sanchez-Palencia
598276262c net: l2: Add support for Link Layer Discovery Protocol (LLDP)
The LLDP protocol defines 2 separate agents, the Transmitters and
the Receivers. For the context of Zephyr, we are only interested in
the Tx agent, thus we drop any LLDP frames received by Zephyr.

LLDP frames are basically composed by an ethernet header followed by
the LLDP Protocol Data Unit (LLDPDU). The LLDPDU is composed by several
TLVs, some of them being mandatory and some optional.

Our approach here is having TLVs fully configured from Kconfig, thus
having the entire LLDPDU constructed on build time.

The commit adds NET_ETH_PTYPE_LLDP definition and related handling.

If CONFIG_NET_LLDP is enabled then ethernet_context has a pointer to
the struct net_lldpdu that belongs to that ethernet interface. Also
when CONFIG_NET_LLDP is enabled, the LLDP state machine will start to
send packets when network interface is coming up.

Currently the LLDP state machine is just a k_delayed_work() sending the
LLDPDU at a given period (defined by CONFIG_NET_LLDP_TX_INTERVAL).

Fixes #3233

Signed-off-by: Jesus Sanchez-Palencia <jesus.sanchez-palencia@intel.com>
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2018-08-08 09:53:24 +03:00
David B. Kinder
7c89b63b7c doc: fix kconfig misspellings
Fix misspellings in Kconfig files missed during normal reviews

Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
2018-08-08 01:48:24 -05:00
Michael Scott
9c26c3fa3b net: lwm2m: no need to cleanup net_app_ctx in RD client
The LwM2M engine will cleanup the net_app_ctx if there are
errors during initialization.  The clean up calls here in
RD client are duplicated.

Signed-off-by: Michael Scott <mike@foundries.io>
2018-08-07 19:55:49 +03:00
Jukka Rissanen
2ff503b7c8 net: shell: Check strtol() conversion errors
Make sure that string to integer conversions are checked properly
so that we are not trying to use the return value from strtol()
if the string is not a number.

Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
2018-08-06 14:21:26 +03:00
Robert Lubos
b7e686648b net: sockets: Fix setsockopt coverity issues
Minor refactoring to satisfy Coverity.

Fixes #9291 (CID 187324)
Fixes #9296 (CID 187319)

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2018-08-06 12:40:40 +03:00
Michael Scott
db577f00b1 net: buf: add linearize, append_bytes and skip APIs to net_buf
This change moves the logic for linearize and append_bytes from
the net_pkt sources into the net_buf sources where it can be
made available to layers which to not depend on net_pkt.  It also,
adds a new net_buf_skip() function which can be used to iterated
through a list of net_buf (freeing the buffers as it goes).

For the append_bytes function to be generic in nature, a net_buf
allocator callback was created.  Callers of append_bytes pass in
the callback which determines where the resulting net_buf is
allocated from.

Also, the dst buffer in linearize is now cleared prior to copy
(this was an addition from the code moved from net_pkt).

In order to preserve existing callers, the original functions are
left in the net_pkt layer, but now merely act as wrappers.

Signed-off-by: Michael Scott <mike@foundries.io>
2018-08-06 10:43:46 +03:00
Tomasz Gorochowik
b6852e5a3a net: eth: mgmt: Add remaining 802.1Qav parameter types
This are all the parameters defined by the standard (12.21.1).

Additionally the parameters that are read-only are validated in the
ethernet_set_config callback.

Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
2018-08-06 10:37:09 +03:00
Tomasz Gorochowik
126602ac43 net: tc: Add other priority to traffic class mappings
This commits adds new priority to traffic class mappings and allows
users to choose which mapping to use through menuconfig.

The new mappings are recommended in 802.1 (chapter 34.5) for
time-sensitive applications supporting the credit-based sharper
algorithm.

Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
2018-08-06 10:23:57 +03:00
Tomasz Gorochowik
c0487a0608 net: tc: Fix priority to traffic class mappings
Priority 0 is the default, but 1 is the lowest. See 802.1Q tables I-1
and I-2.

Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
2018-08-06 10:23:57 +03:00
Szymon Janc
504584a998 Bluetooth: att: Add option to disable GATT writable name
This allow to set name at runtime while leaving GAP name characteristic
read only.

Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
2018-08-03 10:41:01 +02:00
Paul Sokolovsky
57286afdd6 drivers: uart: Allow to pass arbitrary user data to irq callback
Zephyr UART drivers offer very low-level functionality. Oftentimes,
it would be useful to provide higher-level wrappers around UART
device which would offer additional functionality. However, UART
driver irq callback routine receives just a pointer to (low-level)
UART device, and it's not possible to get to a wrapper structure
(without introducing expensive external mapping structures). This
is an indirect reason why the current UARt wrappers - uart_pipe,
console - are instantiated statically just for one underlying UART
device and cannot be reused for multiple devices.

Solve this by allowing to pass an arbitrary user data to irq
callback, set by new uart_irq_callback_user_data_set() function.
Existing uart_irq_callback_set() keeps setting a callback which
will receive pointer to the device.

While public API maintains compatibility, drivers themselves need
to be updated to support arbitrary user data storage/passing (as
legacy uart_irq_callback_set() functionality is now implemented in
terms of it).

Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
2018-08-02 19:20:12 +02:00