Refactor the IP tunneling support as the input callback was removed
in previous commit. The data will flow through the recv callback now
as expected.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Modify internal L4 protocols APIs, to allow to enforce checksum
calculation, regardless of the checksum HW offloading capability.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The additional hooks provide infrastructure to construct
rules on another network stack levels. Main benefit of this
approach is packets are pre-parsed and e.g. IP filter is
easier to implement. These hooks are equivalent of prerouting
and local_in in linux's netfilter.
Signed-off-by: Marcin Gasiorek <marcin.gasiorek@nordicsemi.no>
Logging v1 has been removed and log_strdup wrapper function is no
longer needed. Removing the function and its use in the tree.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
In order to bring consistency in-tree, migrate all subsystems code to
the new prefix <zephyr/...>. Note that the conversion has been scripted,
refer to zephyrproject-rtos#45388 for more details.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Implement a concept of Route Preference, as specified in RFC 4191. The
Zephyr host will prefer routes with higher preference, if they lead to
the same prefix through different neighbours.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add support for route lifetime, as defined in RFC 4191. The existing
route adding logic remains the same, if not specified, lifetime is set
to infinite. For routes added with Route Info option from ICMPv6 RA
message, set the expiration timer, according to the route lifetime value
received.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Replace unpacked in6_addr structures with raw buffers in net_ipv6_hdr
struct, to prevent compiler warnings about unaligned access.
Remove __packed parameter from `struct net_6lo_context` since the
structure isn't really serialized.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Make sure that in_addr/in6_addr structure size match the respective
binary IP address size with BUILD_ASSERT.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Currently prev_hdr_offset always equals 6, which is the offset of
the nexthdr field in the IPv6 header. This value is used to overwrite it
when removing an IPv6 Fragment header, so it will work as long as there
is no other Extension header between the IPv6 header and the Fragment
header.
However this does not work in the other cases: the nexthdr field of the
IPv6 header will be overwritten instead of the nexthdr field of the last
Extension header before the Fragment, leading to unwanted results.
Update prev_hdr_offset so that it always point to the nexthdr field of
the previous header, either the IPv6 header or an Extension header.
Signed-off-by: Florian Vaussard <florian.vaussard@gmail.com>
The current validation code waits to process the header before rejecting
it, while some checks can be already enforced when reading the nexthdr
field of the previous header.
The main problem is a wrong pointer field in the resulting ICMPv6 error
message: the pointer should have the offset of the invalid nexthdr
field, while currently it will the offset the invalid header.
To solve that problem, reorganize the loop in two parts: the first
switch validates nexthdr, while the second switch processes the current
header. This allows to reject invalid nexthdr earlier.
The check for duplicated headers is also generalized, so that we can
catch other kind of headers (like the Fragment header).
Signed-off-by: Florian Vaussard <florian.vaussard@gmail.com>
By definition, NET_IPV6_NEXTHDR_NONE is void. So we must stop processing
before trying to read any data, since we will start reading values that
are outside the Extension Header (likely the payload, if any).
Signed-off-by: Florian Vaussard <florian.vaussard@gmail.com>
When an unknown option is encountered, an ICMPv6 error message must be
sent in some cases. The message contains a pointer field, which must be
the offset to the unknown option. Currently the offset is computed from
the beginning of the option list, while it should be computed with
respect to the beginning of the IPv6 header.
Record the offset when reading the option type and pass it later to
ipv6_drop_on_unknown_option() to correctly set the pointer field. Also
rename the argument in ipv6_drop_on_unknown_option() to make the
purpose more clear.
Signed-off-by: Florian Vaussard <florian.vaussard@gmail.com>
Currently PADN data are not skipped, which results in the stack to think
that the next header starts in the middle of the padding. We have to
skip the bytes before going on.
Also clarify the PAD1 does not have any length field.
Signed-off-by: Florian Vaussard <florian.vaussard@gmail.com>
The current names are confusing. Indeed "nexthdr" if the type of the
header currently processed, while "next_nexthdr" is the nexthdr field of
the current header.
Rename them to improve readability and make it less error-prone.
Signed-off-by: Florian Vaussard <florian.vaussard@gmail.com>
This can be used to implement tunneling, VPN etc. The virtual
interfaces can be chained together to support multilayer
network interfaces.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
A cast made assumption on how data is stored.
This commit makes the following test pass on qemu_leon3:
- net.udp
Signed-off-by: Martin Åberg <martin.aberg@gaisler.com>
-Wimplicit-fallthrough=2 requires a fallthrough comment or a compiler
to tells gcc that this happens intentionally.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Added additonal checks in net_ipv6_input to ensure that multicasts
are only passed to the upper layer if the originating interface
actually joined the destination multicast group.
Signed-off-by: Philip Serbin <philip.serbin@lemonbeat.com>
net: route: Add prefix-based ipv6 multicast forwarding
This adds/reenables the feature of multicast routing/forwarding.
The forwarding decision is based on the added multicast routes
and the new network interface flag:
NET_IF_FORWARD_MULTICASTS.
Signed-off-by: Jan Georgi <jan.georgi@lemonbeat.com>
If no other route is found, the network interface prefixes are
evaluated. If a matching interface is found, the packet is sent out on
this interface.
Signed-off-by: Christian Taedcke <christian.taedcke@lemonbeat.com>
The address family of the received packet must be set, before routing
it. E.g. the ethernet driver would drop the packet if this is not
done.
Signed-off-by: Christian Taedcke <christian.taedcke@lemonbeat.com>
Allow user to disable native IP stack and use offloaded IP
stack instead. It is also possible to enable both at the same
time if needed.
Fixes#18105
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Make sure that the extension, like HBHO, sub-option length is
not too large.
Fixes#16323
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we receive IPv6 packet where source address is unspecified
(all zeros), then we need to drop it.
Fixes#17450
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Since the new packet flow came in, payload comes at the end so udp
length for instance is known only when we "finalize" the packet.
However such finalization was still under the condition of chksum
offload, like it used to be in the former flow (udp headers were
inserted). This is obviously wrong but that was not caught with
existing driver in master as none of these drivers offloading
chksum calculation.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Now that legacy - and unrelated - function named net_pkt_get_data has
been removed, we can rename net_pkt_get_data_new relevantly.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
The ipv6_handle_ext_hdr_options() can return negative value
but we stored it into unsigned variable and then checked < 0.
Coverity-CID: 190995
Fixes#13830
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
ICMPv6 network packets are processed and consumed (if not dropped)
within `net_icmpv6_input` function. Therefore they shoud not be
passed to the `net_conn_input` function.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
It is now unused anywhere: former net_pkt_get_src/dst_addr where the
only one using it and that has been changed since.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Though these are currently used by the core only, it will be then used
by net_context as well. This one of the steps to get rid of net_pkt's
appdata/appdatalen attributes.
Also normalizing all ip/proto parameters name to ip_hdr and proto_hdr.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Only next to be removed functions like net_tcp_set_checksum() are left
untouched. All the rest is switched.
Adding net_tcp_finalize() to follow the same logic as for UDP and else.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
This optimizes the memory quite a bit since we do not need to clone nor
split the original packet at any time.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
This is meant to remove the need for macro NET_IPV6_HDR(), since we
don't know in future if accessing the header that way will be valid.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Use the new net_pkt API to proceed through IPv6 header and all the
extension header as well.
Use udp/tcp input functions relevantly, and call net_conn_input
afterwards.
Note: This commit temporarly disable IPv6 fragmentation support
in the code directly. Which support will be re-enabled afterwards.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Extension headers are specific and use nexthdr attribute from net_pkt.
next_header_proto is the user protocol (if any) that might require
finalization too (calculating the checksum).
However, if there are extension header, we need to skip those and jump
to the position where the user protocol starts.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Also, store the actual next_hdr value and not it's position.
This permits to reduce net_pkt from some bytes.
Such field was unused until now, but it will be soon.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
