IPPROTO_RAW is not a valid protocol type for AF_PACKET sockets, which
should only use IEEE 802.3 protocol numbers. Therefore remove support
for this type of sockets.
As an alternative, users can use AF_PACKET/SOCK_DGRAM or
AF_INET(6)/SOCK_RAW, depending on the actual use case.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Register connection type along with family and protocol, so that it's
possible to differentiate between connection listening for raw IP
datagrams and TCP/UDP/other packets.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add checks that we will be able to catch invalid compression bit in
response CNAME handling.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add checks that we will be able to catch recursive name pointers and
abandon the response for CNAME handling.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Some platforms were excluded due to issues that were fixed or resolved
themselves. Enable those platforms again and remove the comments related
to the issues.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
If CONFIG_NET_DHCPV4_OPTION_PRINT_IGNORED is set, then adjust the
tests as we no longer get so many events.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Currently we ignore the broadcast address but make sure we
print it in order to avoid unknown option prints.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Building with clang, it warns:
tests/net/lib/http_server/core/src/main.c:1400:19: error: variable
'http1_header_capture_common_response' is not needed and will not be
emitted [-Werror,-Wunneeded-internal-declaration]
static const char http1_header_capture_common_response[]
^ = "HTTP/1.1 200\r\n"
Add a check to make sure the response actually matches the expected
response.
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
Add support for DICONNECT message specified in MQTT 5.0.
As with MQTT 5.0, the disconnect can now also be initiated by the
broker, it was needed to add decoder support for the message.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for PUBACK, PUBREC, PUBREL and PUBCOMP specified in MQTT
5.0. As all of these acknowledgment packets have similar format,
introduced a common encoder/decoder to handle ACK packets.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for PUBLISH message specified in MQTT 5.0. The message
encoder and decoder were updated to support MQTT properties.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add test variant which enables MQTT 5.0 support. MQTT 3.1.1 should still
work just fine in such case, so it needs to be verified that's the case.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Kconfig value LWM2M_ENGINE_MESSAGE_HEADER_SIZE added
an extra headroom for CoAP packet sizes so that
if CoAP Block-Wise transfer block-size is configured
to be same as LWM2M_COAP_MAX_MSG_SIZE, the full
payload block would usually fit to the datagram.
This causes too much confusion to be usable.
CoAP headers and options vary on sizes, and there is
no runtime limitations that we should check the
header size against.
Only real limitation is the CoAP packet size, which
must fit into the UDP datagram with typical DTLS headers.
Only limitation for CoAP block-size then is that
it must fit into the CoAP message with all the headers
and options. But as the option sizes, like path, vary,
it must be checked runtime.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Make sure we install packages with no issues, some of the issues being
reporting on packages we might install using pip:
Warn: Project is vulnerable to: PYSEC-2019-41 / GHSA-qfc5-mcwq-26q8
Warn: Project is vulnerable to: PYSEC-2014-14 / GHSA-652x-xj99-gmcc
Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56
Warn: Project is vulnerable to: PYSEC-2014-13 / GHSA-cfj3-7x9c-4p3h
Warn: Project is vulnerable to: PYSEC-2018-28 / GHSA-x84v-xcm2-53pg
Warn: Project is vulnerable to: PYSEC-2017-74
Warn: Project is vulnerable to: GHSA-55x5-fj6c-h6m8
Warn: Project is vulnerable to: PYSEC-2014-9 / GHSA-57qw-cc2g-pv5p
Warn: Project is vulnerable to: PYSEC-2021-19 / GHSA-jq4v-f5q6-mjqq
Warn: Project is vulnerable to: GHSA-pgww-xf46-h92r
Warn: Project is vulnerable to: PYSEC-2022-230 / GHSA-wrxv-2j5q-m38w
Warn: Project is vulnerable to: PYSEC-2018-12 / GHSA-xp26-p53h-6h2p
Warn: Project is vulnerable to: PYSEC-2024-4 / GHSA-2mqj-m65w-jghx
Warn: Project is vulnerable to: PYSEC-2023-165 / GHSA-cwvm-v4w8-q58c
Warn: Project is vulnerable to: PYSEC-2022-42992 / GHSA-hcpj-qp55-gfph
Warn: Project is vulnerable to: PYSEC-2023-137 / GHSA-pr76-5cm5-w9cj
Warn: Project is vulnerable to: PYSEC-2023-161 / GHSA-wfm5-v35h-vwf4
Warn: Project is vulnerable to: GHSA-3f63-hfp8-52jq
Warn: Project is vulnerable to: GHSA-44wm-f244-xhp3
Warn: Project is vulnerable to: GHSA-56pw-mpj4-fxww
Warn: Project is vulnerable to: GHSA-j7hp-h8jx-5ppr
Warn: Project is vulnerable to: PYSEC-2023-175
Warn: Project is vulnerable to: PYSEC-2018-34 / GHSA-2fc2-6r4j-p65h
Warn: Project is vulnerable to: PYSEC-2021-856 / GHSA-5545-2q6w-2gh6
Warn: Project is vulnerable to: PYSEC-2019-108 / GHSA-9fq2-x9r6-wfmf
Warn: Project is vulnerable to: PYSEC-2018-33 / GHSA-cw6w-4rcx-xphc
Warn: Project is vulnerable to: PYSEC-2021-857 / GHSA-f7c7-j99h-c22f
Warn: Project is vulnerable to: GHSA-fpfv-jqm9-f5jm
Warn: Project is vulnerable to: PYSEC-2017-1 / GHSA-frgw-fgh6-9g52
Warn: Project is vulnerable to: GHSA-c6fm-rgw4-8q73
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
TLS_CREDENTIAL_SERVER_CERTIFICATE credential type is misleading, as in
fact it just represents a public certificate, it does not matter if the
certificate belongs to a server or a client. And actually, it was
already used in-tree for clients as well, for example in LwM2M.
Therefore rename the credential type to a more generic
TLS_CREDENTIAL_PUBLIC_CERTIFICATE and deprecate the old one.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The test_send_ipv6_fragment_without_hbho() test did not set link layer
protocol type for the packet. It is needed in this case because we
are sending a ready made packet and the protocol type is unknown
otherwise.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add tests that will verify that IP address with an optional mask
string is properly parsed.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Previously the net_linkaddr struct had pointers to the link address.
This is error prone and difficult to handle if cloning the packet as
those pointers can point to wrong place. Mitigate this issue by
allocating the space for link address in net_linkaddr struct. This will
increase the size of the net_pkt by 4 octets for IEEE 802.15.4 where the
link address length is 8, but there no increase in size if link address
is 6 bytes like in Ethernet/Wi-Fi.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Make sure that source and destination link addresses are correct
after cloning and pulling net_pkt.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
To add the functionality conform rfc6762 chapter 6.7 the interface for
setup_dst_addr(...) has changed. This patch fixes the interface mismatch
Signed-off-by: Vincent van der Locht <vincent@synchronicit.nl>
The tests crash with a stack overflow on some platforms, therefore
increase the ztest stack size.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This test checks that the length returned is not altered
even if the payload resembles a valid IPv4 or IPv6 length.
Signed-off-by: Christoph Seitz <christoph.seitz@infineon.com>
Rename the driver from uart_native_posix to uart_native_pty.
Including renaming the DTS compatible, and kconfig options, deprecating
the old ones.
And refactor the driver, generalizing it, so we can have any number of
instances.
Note that, unfortunately generalizing to N instances cannot be done
without a degree of backwards compatibility breakage: This driver was
born with all its configuration and selection of the instances based on
kconfig.
When the driver was made to use DT, it was done in a way that required
both DT and kconfig needing to manually coherently enable the 2nd UART.
This has now been fixed, which it means only DT is used to decide how
many instances are avaliable, and UART_NATIVE_POSIX_PORT_1_ENABLE is
just ignored.
Including:
* Deprecate UART_NATIVE_WAIT_PTS_READY_ENABLE: the options is always on
now as it has no practical drawbacks.
* Deprecate UART_NATIVE_POSIX_PORT_1_ENABLE: DTS intanciation defines it
being available now.
* Rename a few functions and in general shorten pseudo-tty/pseudo-
terminal to PTY instead of PTTY.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
As native_posix has been removed, these tests do not need to support
anymore both native_sim and _posix targets, so we can stop using
the transitional headers, and APIs.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Make sure that if mDNS resolver is enabled, we join the mDNS
multicast group so that query responses can be received.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add tests verifying the functionality of the newly added
accept-encoding based compression support.
Signed-off-by: Carlo Kirchmeier <carlo.kirchmeier@zuehlke.com>
Rename this driver to eth_native_tap, including renaming all its
options.
The old options remain until v4.4, but as deprecated.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
When a TCP connection is refused during zsock_connect, errno is set
to -ENOTCONN, but errno should be set to -ECONNREFUSED. This change
causes the ECONNREFUSED status to be propagated from tcp_in to
net_tcp_connect, which eventually causes errno to be set
to -ECONNREFUSED.
Signed-off-by: Noah Olson <noah@wavelynx.com>
native_posix is being removed as it has reached its end of life in 4.2,
after being deprecated since 4.0.
Remove the twister support for native_posix[//64] and therefore all
references to them from the testcases and samples yamls, so twister
does not error out.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
The ARP protocol handler cannot directly access the Ethernet header
because the caller has removed the header already when the handler
is called. So change net_arp_input() and pass source and destination
MAC address there instead of bogus pointer that was pointing to ARP
header instead of Ethernet header. This requires changes to ARP tests.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Using L2 address of length 1 (invalid/unsupported one) confused IPv6
layer during LL address generation - since that length was not a valid
one, the address was not initialized properly and a part of it was set
semi-random. This could result for example in filling out the neighbor
tables.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Both files are released by Nordic under the Apache v2.0 license, correct
the SPDX tags accordingly.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
We need to make sure that within Zephyr different users of the PSA APIs
don't interfere with each other because of using the same numerical IDs
for persistent assets.
This takes care of the PSA key IDs when using persistent keys through
the PSA Crypto API.
See the comments in `<zephyr/psa/key_ids.h>` for more information.
This removes the recently-introduced Kconfig options that allowed changing
the base IDs subsystems were using for their persistent keys.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
From the MQTT-SN spec:
6.5 Topic Name Registration Procedure
...
At any point in time a client may have only one
REGISTER message outstanding, i.e. it has to wait
for a REGACK message before it can register another
topic name.
...
6.9 Client’s Topic Subscribe/Un-subscribe Procedure
...
As for the REGISTER procedure, a client may have only
one SUBSCRIBE or one UNSUBCRIBE transaction open at a time.
...
Until now, the library did not comply with these requirements.
An additional "waiting" state for topics was introduced:
REGISTER, SUBSCRIBE and UNSUBSCRIBE as an extra step before
switching to REGISTERING, SUBSCRIBING and UNSUBSCRIBING. The
library now makes sure that only one topic can be REGISTERING
and only one topic can be in either SUBSCRIBING or UNSUBSCRIBING.
Additionally, requesting to UNSUBSCRIBE is now denied if the topic
is not yet SUBSCRIBED, to avoid weird race conditions.
Also, added two tests that verify this behavior.
This fixes#84644
Signed-off-by: Rene Beckmann <rene.bckmnn@gmail.com>
Building with clang warns:
tests/net/socket/tcp/src/main.c:377:13: error: variable 'c_sock' is used
uninitialized whenever 'if' condition is false
[-Werror,-Wsometimes-uninitialized]
} else if (family == AF_INET6) {
^~~~~~~~~~~~~~~~~~
tests/net/socket/tcp/src/main.c:396:15: note: uninitialized use occurs here
test_connect(c_sock, s_saddr, addrlen);
^~~~~~
tests/net/socket/tcp/src/main.c:377:9: note: remove the 'if' if its
condition is always true
} else if (family == AF_INET6) {
^~~~~~~~~~~~~~~~~~~~~~~~
tests/net/socket/tcp/src/main.c:360:12: note: initialize the variable
'c_sock' to silence this warning
int c_sock;
^
= 0
tests/net/socket/tcp/src/main.c:377:13: error: variable 's_sock' is used
uninitialized whenever 'if' condition is false
[-Werror,-Wsometimes-uninitialized]
} else if (family == AF_INET6) {
^~~~~~~~~~~~~~~~~~
tests/net/socket/tcp/src/main.c:387:12: note: uninitialized use occurs here
test_bind(s_sock, s_saddr, addrlen);
^~~~~~
tests/net/socket/tcp/src/main.c:377:9: note: remove the 'if' if its
condition is always true
} else if (family == AF_INET6) {
^~~~~~~~~~~~~~~~~~~~~~~~
tests/net/socket/tcp/src/main.c:361:12: note: initialize the variable
's_sock' to silence this warning
int s_sock;
^
= 0
Not really needed since we have zassert_unreachable(), but doesn't hurt
to initialize the variables.
Signed-off-by: Tom Hughes <tomhughes@chromium.org>
The current DNS caching logic is not aware of the IP address version.
If there is a cached address for a query, the caller of
dns_get_addr_info() will receive that address, even if it is not the
same version as the caller requested. For example:
- dns_get_addr_info() is called to resolve an IPv4 address
- the DNS client caches the IPv4 address that was received
- dns_get_addr_info() is called to resolve an IPv6 address
- the DNS client sees that there is a cached IPv4 address for the
given query
- the DNS client does not check that the cached address is of the
requested version (IPv6)
- the cached IPv4 address is returned from dns_get_addr_info()
This changes the DNS client to check IP address version when searching
cached addresses.
Signed-off-by: Noah Olson <noah@wavelynx.com>
After recent kernel changes there's some thread scheduling race when
running tests, therefore add k_yield() at the end of the test to make
sure the network stack has a chance to run in between tests.
Make sure CONFIG_NET_TCP_TIME_WAIT_DELAY is set to 0 so that TCP
connections are released immediately.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
After recent kernel changes there's some thread scheduling race when
running tests, therefore add k_yield() at the end of each test to make
sure the server thread has a chance to run and do the cleanup.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
