Get TLS_DTLS_CID_STATUS and TLS_DTLS_PEER_CID_VALUE utilize
mbedtls_ssl_get_peer_cid, which expects that mbedtls_ssl_setup
has been done.
Signed-off-by: Markus Lassila <markus.lassila@nordicsemi.no>
User is able to tweak the socket service dispatcher thread
priority in order to get better performance from the system
if needed. By default the dispatcher thread runs in lowest
application thread priority (K_LOWEST_APPLICATION_THREAD_PRIO).
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The thread name output field was a bit too short in "net sockets"
command, so make it 25 char long.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The "net sockets" command was not checking if there is any
sockets in the system before trying to access them.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The place where TF-M places its non-secure api header files has changed
Therefore changing it for for all applications that use it.
Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
If user has not supplied address pointer when calling accept(),
then we would not be able to figure out the used socket domain
properly. But as there is now SO_DOMAIN option supported, use
that to get the correct socket domain.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The getsockopt() will return the address domain of the given
socket like AF_INET or AF_INET6.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
gcc prints this warning message
'strncat' specified bound 1 equals source length [-Wstringop-overflow=]
58 | strncat(fd, "C", 1);
There was no error in the code but avoid the warning by not using
strncat().
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The socket service provides a similar functionality as what
initd provides in Linux. It listens user registered sockets
for any activity and then launches a k_work for it. This way
each application does not need to create a thread to listen
a blocking socket.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
According to the POSIX specification, null pointer
is a valid value for the `address` argument
of the `accept` function.
This commit adds a check to prevent a null pointer
dereference inside `z_impl_zsock_accept`.
Signed-off-by: Mirko Covizzi <mirko.covizzi@nordicsemi.no>
Adding a callback for handling lwm2m messages with prefixed paths defined
by the gateway object. If CONFIG_LWM2M_GATEWAY_OBJ_SUPPORT is set,
each path is checked for the prefix stored in the object instances of the
gateway object 25. If prefixes match the msg is passed to the gw_msg_cb.
Signed-off-by: Simon Walz <simon.walz@autosen.com>
lwm2m_engine_pause() caused deadlock if it was called within
engine thread.
Remove while loop from lwm2m_engine_resume().
Signed-off-by: Juha Ylinen <juha.ylinen@nordicsemi.no>
Add short delay before triggering registration update. This allows
postponing the update from application side if needed.
Signed-off-by: Juha Ylinen <juha.ylinen@nordicsemi.no>
DTLS socket is not really connection-less as UDP, as it required the
DTLS handshake to take place before the socket is usable. Therefore,
align the DTLS connect() behavior with regular TLS.
The change is backward compatible. connect() call is still optional for
DTLS socket (the handshake can still take place from send()/recv()) and
a socket option was provided to disable DTLS handshake on connect().
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When using DTLS socket, the application may choose to monitor socket
with poll() before handshake has been complete. This could lead to
potential crash (as the TLS context may have been left uninitialized)
and unexpected POLLIN reports (while handshake was still not complete).
This commit fixes the above - POLLIN will only be reported once
handshake is complete and data is available
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case a socket error was caused by TLS layer, it was not reported with
POLLERR. This commit fixes this.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
In case TLS session is closed at the TLS level (and thus recv() reports
0 to the application) a certain race occurs between consecutive recv()
call, and TCP session teardown. As mbedtls_ssl_read() only reports
session close upon receiving CLOSE alert, consecutive non-blocking
recv() calls would report EAGAIN instead of connection closed, if called
before underlying TCP connection was closed.
Fix this, by storing the information that TLS session has ended at TLS
socket level. The new flag will be checked before attempting further
mbed TLS actions, so that connection status is reported correctly.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Make sure iovec is initialized to a value so that there
is no possibility that it is accessed uninitialized.
Fixes: #66838
Coverity-CID: 334911
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
The original idea was to check that we have enough network
interfaces in the system. The check needs to verify max IPv4
and IPv6 supported interfaces instead of always checking
IPv6 one.
Fixes: #66843
Coverity-CID: 334899
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Refactored the socket state indication into its own function
that checks the state of TX queues as well as number of
pending CoAP responses.
Check the state after receiving a packet, as it might
have been a last Ack packet we have been waiting.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Deprecate lwm2m_set_u64() and lwm2m_get_u64 as only
LWM2M_RES_TYPE_S64 exist. Unsigned variant is not defined.
Technically these might have worked OK, but it is undefined
what happens to large unsigned values when those are
converted to various payload formats (like CBOR) that might
decode numbers differently depending of their signedness.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Allow engine to give hints about ongoing CoAP transmissions.
This information can be used to control various power saving
modes for network interfaces. For example cellular networks might
support release assist indicator.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
In slow networks, like Nb-IOT, when using queue mode,
there might be significant delay between the time we
put the packet into a transmission queue and the time
we actually start transmitting.
This might cause QUEUE_RX_OFF state to be triggered earlier
than expected. Remedy the issue by updating the timestamp on the
moment where packet is accepted by zsock_send().
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
In case a waiting TLS socket reports an error in the underlying poll
call, try to read the actual error from the socket, instead of blindly
returning -EIO in all cases.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
There are several subsystems and boards which require a relatively large
system heap (used by k_malloc()) to function properly. This became even
more notable with the recent introduction of the ACPICA library, which
causes ACPI-using boards to require a system heap of up to several
megabytes in size.
Until now, subsystems and boards have tried to solve this by having
Kconfig overlays which modify the default value of HEAP_MEM_POOL_SIZE.
This works ok, except when applications start explicitly setting values
in their prj.conf files:
$ git grep CONFIG_HEAP_MEM_POOL_SIZE= tests samples|wc -l
157
The vast majority of values set by current sample or test applications
is much too small for subsystems like ACPI, which results in the
application not being able to run on such boards.
To solve this situation, we introduce support for subsystems to specify
their own custom system heap size requirement. Subsystems do
this by defining Kconfig options with the prefix HEAP_MEM_POOL_ADD_SIZE_.
The final value of the system heap is the sum of the custom
minimum requirements, or the value existing HEAP_MEM_POOL_SIZE option,
whichever is greater.
We also introduce a new HEAP_MEM_POOL_IGNORE_MIN Kconfig option which
applications can use to force a lower value than what subsystems have
specficied, however this behavior is disabled by default.
Whenever the minimum is greater than the requested value a CMake warning
will be issued in the build output.
This patch ends up modifying several places outside of kernel code,
since the presence of the system heap is no longer detected using a
non-zero CONFIG_HEAP_MEM_POOL_SIZE value, rather it's now detected using
a new K_HEAP_MEM_POOL_SIZE value that's evaluated at build.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Update coap_service_send and coap_resource_send to take an optional
pointer argument to the newly introduced coap_transmission_parameters.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
Replace function parameter 'retries' with pointer to structure
holding coap transmission parameters. This allows setting the
retransmission parameters individually for each pending request.
Add coap transmission parameters to coap_pending structure.
Update migration guide and release notes.
Signed-off-by: Juha Ylinen <juha.ylinen@nordicsemi.no>
Use correct format specifier for LOG_ERR in lwm2m_obj_device.c. The
previously used format specifier of %u was correct for 32 bit systems
but would produce a build warning for 64 bit systems.
Fixes#66441
Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
As the common.h is only meant to be used by the network
shell files, rename it to be more descriptive in order to
avoid possible conflicts with any other common.h file.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Add new functions to the public CoAP API to configure CoAP packet
retransmission settings. Application may need to re-configure the
settings for example when cellular modem changes connection from
LTE-M to NB-IoT or vice versa.
Signed-off-by: Juha Ylinen <juha.ylinen@nordicsemi.no>
When a TCP connection is established, if there is no data exchange
between the two parties within the set time, the side that enables
TCP Keep-alive will send a TCP probe packet with the same sequence
number as the previous TCP packet. This TCP probe packet is an empty
ACK packet (the specification recommends that it should not contain
any data, but can also contain 1 nonsense byte, such as 0x00.). If
there is no response from the other side after several consecutive
probe packets are sent, it is determined that the tcp connection has
failed, and the connection is closed.
The keep-alive default parameters are aligned with Linux defaults.
Signed-off-by: Horse Ma <mawei@coltsmart.com>
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
If observed resource was written during the pMin period, it did
not schedule any wake-up event into the future. Notify message would
then only be generated as a result of any other (like Update) event.
Refactor check_notifications() to follow same pattern as retransmit_req().
Return the next event timestamp, which could be now.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
SNTP response is not analyzed for uncertainty, and no uncertainty is given
to the `struct sntp_time` returned. Fix it with a Kconfig option that adds
optional SNTP uncertainty and timestamp fields in SNTP time struct, and
calculates these when parsing the response.
Adds two helper functions to convert Q16.16/Q32.32 in seconds to `int64_t`
in microseconds to facilitate this.
Also changes combined `lvm` field in `struct sntp_pkt` to bit-fields
`li`, `vn`, and `mode`.
Signed-off-by: Jasper Smit <git@jrhrsmit.nl>
This reverts commit 5227f24815.
The coap observer events will be replaced with net_mgmt events.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
A device can be reset before the error code list is communicated
to a LwM2M server so optionally store error list in settings so it
can restored after reset.
Signed-off-by: Nick Ward <nix.ward@gmail.com>
If server registration fails, allow fallback to secondary server,
or fallback to bootstrap.
Also allow fallback to different bootstrap server.
Add API to tell RD client when server have been disabled by
executable command.
Changes to RD state machine:
* All retry logic should be handled in NETWORK_ERROR state.
* New state SERVER_DISABLED.
* Internally disable servers that reject registration
* Temporary disable server on network error.
* Clean up all "disable timers" on start.
* Select server first, then find security object for it.
* State functions return void, error handling is done using states.
* DISCONNECT event will only come when client is requested to stop.
* NETWORK_ERROR will stop engine. This is generic error for all kinds
of registration or network failures.
* BOOTSTRAP_REG_FAILURE also stops engine. This is fatal, and we cannot
recover.
Refactoring:
* Server selection logic is inside server object.
* sm_handle_timeout_state() does not require msg parameter. Unused.
* When bootstrap fail, we should NOT back off to registration.
This is a fatal error, and it stops the engine and informs application.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
React to disable executable, as well as add callback that allows
disabling server for a period of time.
Also add API that would find a next server candidate based on the
priority and server being not-disabled.
Move all server related functions into its own header.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Zephyr has its own multicast join/leave API but for
interoperability, it is possible to use the multicast
socket API and IPV6_ADD_MEMBERSHIP and IPV6_DROP_MEMBERSHIP
socket options.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>