This API makes it possible to delete an existing identity and to flag
its storage slot as unused.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Make sure the application doesn't pass existing identity addresses to
bt_id_create() and bt_id_reset(). Also make sure we don't accidentally
create a duplicate when generating random identity addresses.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Add a new API which can be used to reclaim an identity slot for a new
identity. When called, any previous pairings, connections, or other
data will be cleared, and then a new identity will be generated in the
place of the old one.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
None of the callers of these APIs do anything with the return value,
so just remove it to produce more efficient code.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This wasn't used anywhere and was typed incorrectly (the foreach
callback takes two parameters). There was also one user of this which
was triggering compiler warnings of mismatched callback type.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
When doing bt_unpair() we need to pass the given identity when
disconnecting and clearing keys, in case all associated pairings were
requested to be cleared.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Update the storage handling to take into account multiple identities.
We can save a bit of code by using the new bt_id_create() API from
within settings.c.
Also make the treatment of addr & irk parameters to bt_id_create()
consistent, in that NULL is acceptable for both of them.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This flag was both redundant and creates confusion with potentially
multiple identity addresses (it was only referring to the first
identity address). We can simply just look at the type of the identity
address wanting to be used.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Make it possible to have multiple identity addresses as an LE
peripheral. For central role only the default identity is supported
for now. This also extends the flash storage in a backward compatible
way.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Add system calls for the zsock implementations of socket,
close, bind, connect, listen, accept, sendto, recvfrom,
fcntl, poll, inet_pton, and getaddrinfo.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Originally EFAULT was used to indicate NULL pointer error in TLS option
set/get functions. EINVAL was suggested to be more apropriate error code
for this case, hence replace it.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Introduce non-blocking DTLS handshake, used during recv function call.
This prevents from blocking while waiting for initial handshake packet
on non-blocking sockets during receive.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Make TLS poll function verify if decrypted data is available after
socket has notified activity with POLLIN flag. This prevents from giving
false notifications in case data was received on socket but was consumed
by mbedTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Specify timeout value for mbedtls_ssl_read function for DTLS servers.
Adding this can prevent TLS context lockup in case blocking recv is used
and peer has shut down DTLS connection without closing it gracefully.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for DTLS recv/recvfrom function.
For DTLS client, recv function requires to have an already established
DTLS connection.
For DTLS servers, this function will try to establish DTLS connection
before receiving data. In case that DTLS handshake fails, recv function
will silently retry.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for DTLS send/sendto function.
For DTLS clients, send function will try to establish DTLS connection
before sending data. If DTLS handshake fails, it will return an error.
For DTLS servers, send function requires to have DTLS connection already
established.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
DTLS handshake can return MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED, which
indicate that TLS session context should be reset.
Also, store information whether TLS connection has beed established.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add binary IO functions for DTLS connections.
dtls_rx function is more complex than it's TLS counterpart due to fact,
that DTLS does not allow blocking operation for this function. A simple
timeout mechanism was implmented basing on the zsock_poll function.
This function also verifies peer address. As currently only a single
DTLS connection is supported on a socket, if a DTLS connection is
established, and we receive datagram from different peer, it is silently
dropped.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Functions for checking flags set on sockets are needed by TLS sockets as
well, therefore extract them to a separate header file to avoid code
duplication.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add write-only socket option to set role for DTLS connection. This
option is irrelevant for TLS connections.
This options accepts and integer with a TLS role, compatible with
mbedTLS values:
0 - client,
1 - server.
By default, DTLS will assume client role.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
After it sends SYN_ACK, there is a case that the client sends the packet
with both ACK and RST bits are set, and this packet needs to be handled
if the packet is valid.
CLIENT SERVER
------ ------
|--------- SYN -------->|
|<------ SYN_ACK -------|
|------- ACK_RST ------>|
|--------- SYN -------->|
|<-------- ??? ---------|
This patch checks the RST bits even if other flags are set and process
the packet.
Signed-off-by: Tedd Ho-Jeong An <tedd.an@intel.com>
IPv6 cleanup patch introduced a regression. Misunderstood the logic.
Do not drop the packet if packet does not have ND options, just skip.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Instead of reading or writing different icmpv4 header's individual
variables, better to read or write whole struct at a time. This
minimizes the calls to net_frag_read() or net_frag_write().
changes also removed slow and fast paths. Changes should optimize
the total flow.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
On flash NVS was stored one entry after another including the metadata
of each entry. This has the disadvantage that when an incomplete write
is performed (e.g. due to power failure) the complete sector had to be
rewritten to get a completely functional system.
The present rewrite changed the storage in flash of the data. For each
sector the data is now written as follows: the data itself at the
beginning of the sector (one after the other), the metadata (id, length,
data offset in the sector, and a crc of the metadata) is written from
the end of the sector. The metadata is of fixed size (8 byte) and for
a sector that is completely occupied a metadata entry of all zeros is
used.
Writing data to flash always is done by:
1. Writing the data,
2. Writing the metadata.
If an incomplete write is done NVS will ignore this incomplete write.
At the same time the following improvements were done:
1. NVS now support 65536 sectors of each 65536 byte.
2. The sector size no longer requires to be a power of 2 (but it
still needs to be a multiple of the flash erase page size).
3. NVS now also keeps track of the free space available.
Signed-off-by: Laczen JMS <laczenjms@gmail.com>
The nvs module has some disadvantages for larger block size. The data
header and slot are taking up to much space. A rewrite is proposed that
reduces the used storage space for systems with write block size > 4.
The data storage in flash is now one unit consisting of: data_length,
data_id, data and data_length again in a multiple of the write block
size. The data_length at the end is used to validate the correctness of
the flash write and also allows to travel backwards in the filesystem.
As a comparison, on a system with block size 8 byte, a 32 bit values
now fits 1 block including the metadata (length and id). This used to
be 3 blocks.
The data_length will occupy 1 byte if the data length is less than 128
byte, it will occupy 2 byte if the data length is 128 byte or more. The
data length is limited to 16383 byte.
Each write to flash is verified by a read back of the data.
The read performance is improved because reading is done backwards so
the latest items are found first.
When the filesystem is locked it can be unlocked by calling
reinit(), this will clear flash and setup everything for storage.
add sample documentation - README.rst
Update dtsi to include erase_block_size, use erase_block_size in sample
Update prj.conf to include CONFIG_MPU_ALLOW_FLASH_WRITE
Signed-off-by: Laczen JMS <laczenjms@gmail.com>
Up until now, Zephyr has patched Kconfig to use the last 'default' with
a satisfied condition, instead of the first one. I'm not sure why the
patch was added (it predates Kconfiglib), but I suspect it's related to
Kconfig.defconfig files.
There are at least three problems with the patch:
1. It's inconsistent with how Kconfig works in other projects, which
might confuse newcomers.
2. Due to oversights, earlier 'range' properties are still preferred,
as well as earlier 'default' properties on choices.
In addition to being inconsistent, this makes it impossible to
override 'range' properties and choice 'default' properties if the
base definition of the symbol/choice already has 'range'/'default'
properties.
I've seen errors caused by the inconsistency, and I suspect there
are more.
3. A fork of Kconfiglib that adds the patch needs to be maintained.
Get rid of the patch and go back to standard Kconfig behavior, as
follows:
1. Include the Kconfig.defconfig files first instead of last in
Kconfig.zephyr.
2. Include boards/Kconfig and arch/<arch>/Kconfig first instead of
last in arch/Kconfig.
3. Include arch/<arch>/soc/*/Kconfig first instead of last in
arch/<arch>/Kconfig.
4. Swap a few other 'source's to preserve behavior for some scattered
symbols with multiple definitions.
Swap 'source's in some no-op cases too, where it might match the
intent.
5. Reverse the defaults on symbol definitions that have more than one
default.
Skip defaults that are mutually exclusive, e.g. where each default
has an 'if <some board>' condition. They are already safe.
6. Remove the prefer-later-defaults patch from Kconfiglib.
Testing was done with a Python script that lists all Kconfig
symbols/choices with multiple defaults, along with a whitelist of fixed
symbols. The script also verifies that there are no "unreachable"
defaults hidden by defaults without conditions
As an additional test, zephyr/.config was generated before and after the
change for several samples and checked to be identical (after sorting).
This commit includes some default-related cleanups as well:
- Simplify some symbol definitions, e.g. where a default has 'if FOO'
when the symbol already has 'depends on FOO'.
- Remove some redundant 'default ""' for string symbols. This is the
implicit default.
Piggyback fixes for swapped ranges on BT_L2CAP_RX_MTU and
BT_L2CAP_TX_MTU (caused by confusing inconsistency).
Piggyback some fixes for style nits too, e.g. unindented help texts.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
This net_buf leak happends when we are low on available net_buf
count. During TCP segment preparation we do allocate IP header
successfully, but we fail to allocate TCP header. In such case
pkt->frags is not NULL anymore (it contains IP header), but we
override it during TCP header allocation error path. This results
in net_buf containing IP header to never be deallocated, because
it does not belong to any net_pkt anymore.
Use net_pkt_frag_add() function to add tail for future net_pkt
deallocation, instead of assigning tail to pkt->frags pointer.
Fixes: c6407659f3 ("net: tcp: Add the frag back to caller allocated
net_pkt")
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Instead of reading or writing different icmpv6 header's individual
variables, better to read or write whole struct at a time. This
minimizes the calls to net_frag_read() or net_frag_write().
changes also removed slow and fast paths. Changes should optimize
the total flow.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
If the driver has created start() and stop() functions, then those
are called when ethernet L2 is enabled or disabled.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
IPv6 fragmentation splits the packet into two parts, one is header
and another is payload. Every time header is cloned and part of
payload is appended. At the end original header packet is not freed.
Causes memory leak.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Current implementation only considers IP header length while setting
appdata value on a cloned packet. It will give bogus value if original
packet contains extension headers and if extension headers are large
(i.e. more than one fragment). Only consider appdata length from the
original packet.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
After a dedicated header is allocated to the simulated SOC versions
there is no need anymore to have guards in these other files
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
To avoid issues with differences between the simulated and the real
SOC let's separate the simulated one into its own header
Signed-off-by: Alberto Escolar Piedras <alpi@oticon.com>
The ethernet sending routine sent a corrupted ARP packet instead
of the actual IPv4 packet.
Fixes#9348
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
No need to inline the net_if_ipv6_addr_lookup_by_iface() function
as it is used multiple times in ipv6.c
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Add a function which returns proper network interface to send either
IPv4 or IPv6 network packet to corresponding destination address.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Add a function that will return the network interface that would
be used when sending a IPv6 network packet to specific IPv6 destination
address.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
