Add TLS credential management subsystem that enables to register TLS
credentials in the system. Once specific credentials are registered in
the system, they will be available for TLS secure sockets to use.
To use a TLS credential with a socket, the following steps have to be
taken:
1. TLS credential has to be registered in a system-wide pool, using the
API provided in "net/tls_credentials.h" header file.
2. TLS credential (and other TLS parameters) should be set on a socket
using setsockopt().
Note, that there is no need to repeat step 1 for different sockets using
the same credentials. Once TLS credential is registered in the system,
it can be used with mulitple sockets, as long as it's not deleted.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Move struct members around in networking code so that we avoid
unnecessary holes inside structs. No functionality changes by
this commit.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
CONFIG_DNS_RESOLVER is the master switch for DNS resolution support,
for both native and socket APIs. Avoid confusing link errors by
compiling out both dns_resolve_name() and getaddrinfo() if that
option is not enabled.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Current implementation does not handle large extension headers
(e.g HBHO). Which resulted network stack crashes or due to
misinterpretation of lengths network packets are dropped. Also
caused issues while preparing IPv6 packet (e.g. large HBHO header
with IPv6 fragmentation support).
Issues fixed and provided more unit tests.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
During transfer of object data via OMA TLV format, we can
encounter resources which are optional or not handled in base
LwM2M engine. When these resources cannot be handled let's
read past them and continue on.
Signed-off-by: Michael Scott <mike@foundries.io>
Don't use hard-coded value of 4 for passing the # of options to
coap_find_options() in handle_request(). This can easily get
out of sync.
Signed-off-by: Michael Scott <mike@foundries.io>
LwM2M engine now supports optional resources that may need to be
setup or torn down in user-based code during object instance
creation / deletion.
Let's provide callbacks that can be used for this purpose.
Signed-off-by: Michael Scott <mike@foundries.io>
Let's rename lwm2m_engine_exec_cb_t to lwm2m_engine_user_cb_t so that
future user-code callbacks can make use of the same definition.
Signed-off-by: Michael Scott <mike@foundries.io>
Initial implementation of poll() was more of a proof of concept, so
was coded with a single-thread application in mind. As we move to
sockets as the main networking API, make it possible to use poll()
from different threads.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Implement socket poll function for TLS socket. In addition to regular
poll checks, we have to check if there is some decrypted data pending on
mbedTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add entropy source for mbedTLS. If no entropy driver is available, use
non-secure, software entropy source.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add tls_context structure that stored data required by TLS socket
implementation. This structure is allocated from global pool during
socket creation and freed during socket closure.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add switch to a socket layer that will enable switching socket API to
TLS secure sockets. At this point there is no secure sockets
implementation, so secure socket calls redirect to regular socket calls.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Bool symbols implicitly default to 'n'.
A 'default n' can make sense e.g. in a Kconfig.defconfig file, if you
want to override a 'default y' on the base definition of the symbol. It
isn't used like that on any of these symbols though.
Remove some 'default ""' properties on string symbols too.
Also make definitions more consistent by converting some
config FOO
<type>
prompt "foo"
definitions to a shorter form:
config FOO
<type> "foo"
This shorthand works for int/hex/string symbols too, not just for bool
symbols.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
If we use newlib the isdigit (and other similar functions) return an
error as char can possibly be viewed as signed:
usr/include/ctype.h:57:54: error: array subscript has type ‘char’ [-Werror=char-subscripts]
#define __ctype_lookup(__c) ((__ctype_ptr__+sizeof(""[__c]))[(int)(__c)])
Explicity cast to unsigned char so we deal with both this warning and
possible warning when -Wpointer-sign is enabled.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Split out definition of net_app_init() and its parameter flags from
net_app.h header to new net_config.h header. As we do this, rename
the function to net_config_init() and flags to NET_CONFIG_NEED_*.
This is a second step in splitting out network configuration API
out of net_app API, started in the c60df1311 commit.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This allows zephyr to listen LLMNR DNS queries sent by Windows
and respond to them. See RFC 4795 for details.
The feature requires that hostname is set properly to the
zephyr device and LLMNR is configured properly.
Typically following config options are enough for this support:
CONFIG_NET_HOSTNAME_ENABLE=y
CONFIG_NET_HOSTNAME="zephyr-device"
CONFIG_DNS_RESOLVER=y
CONFIG_LLMNR_RESPONDER=y
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This implements LLMNR client from RFC 4795. This means that caller
is able to resolve DNS resource records using multicast DNS.
The LLMNR is used in Windows networks.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Due to the fact that cmake doesn't allow to build empty "library"
(which would be the case when neither CONFIG_NET_APP_SERVER nor
CONFIG_NET_APP_CLIENT is defined).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
net_app library consisted of 2 disjoint parts: a) library to
setup/configure networking on the application startup; b) library
to setup client and server connections.
As the configuration library is universally useful and is a generic
Zephyr networking component, split it out to a seperate top-level
networking library under net/lib/config/.
Fixes: #7658
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
When the priority of the LwM2M engine was lowered, it causes an
occasional registration update to fall outside of the registration
lifetime. This shows up as the following error:
Failed with code 4.4. Retrying registration
Let's try and retry a bit earlier to account for the priority
change.
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
The ARRAY_SIZE() utility macro will actually test the parameter types,
and ensure that it is only called with arrays, and not arrays decayed
to pointers.
Changes were performed with a simple Coccinelle script.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
A typo in update_attrs() was setting every observer to a PMIN of 0.
This meant we could send observer data as often as the process was
called. This is out of spec as the default minimum is 10 seconds.
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
The LwM2M engine thread is used for various periodic triggers.
None of these are in a critical path that requires super sensitive
timing and the current K_PRIO_COOP(7) setting was causing the
Bluetooth RX thread to have to wait too long for certain actions
to complete.
Let's lower the priority to -1 (effectively) to eliminate these
conflicts.
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
Convert couple of MSEC() calls to K_MSEC() as the timeouts
when using MSEC() are just too long.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
During normal use, a CoAP packet can be resent due to network congestion
and other causes. During block transfer the LwM2M client checks to make
sure the block received is the one we expect and if not generates a
"duplicate" warning. When this happened, we were releasing the reply
handler and when the correct block was received the client would
generate a "No handler" error.
To avoid releasing the reply handler too early, let's set the coap_reply
"user_data" field to an error condition (1). Then, once the reply
processing is complete we can check the user_data field to be sure that
it's ok to release the reply handler.
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
The code was using MSEC() macro in few places instead of more
proper K_MSEC(). The MSEC() takes seconds as a parameter and
K_MSEC() takes milliseconds.
Fixes#7657
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
sin6_scope_id is not set anywhere and not used. Probably left over
from old ZOAP library. Just address, port and family type are enough
to find registered CoAP observer.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
The next error check is much more suitable to handle the error due to
the error message which lets the user know that something went wrong.
Fixes#7661.
Signed-off-by: Daniel Egger <daniel@eggers-club.de>
Current implementation hardcoded channel in received frame structure.
With this change channel can be retrieved from a OpenThread platform,
and put in the frame. In result procedures like Discovery can be
executed correctly. Change was tested with OpenThread Border Router.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commit contains bugfix for Joiner eui-64 handling and setting radio
in correct mode after calling thread stop.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When designing the registration client for LwM2M, I understood
that the LwM2M Technical Specification allows for a multi-server
connection setup where the client makes several connections
to various LwM2M servers and allows each of them to manage
various aspects of the LwM2M client based on Access Controls.
However, the way I implemented it was not well thought out and
as we look forward to adding Bootstrap support, it needs a
do over.
Let's remove all of the code dedicated to handling multiple LwM2M
client connections. This will simplify and reduce the code size
of the registration client considerably.
Later, once Bootstrap support has been added, we can implement
multi-server connections in a cleaner manner.
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
This allows a user to customize the port used for downloading
firmware via the pull method of the LwM2M client. It's default
value of 0 will select a random port during initialization.
NOTE: If set, this value should not be the same port as the
LWM2M_LOCAL_PORT setting.
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
Due to a bug where LWM2M_LOCAL_PORT was not being honored, all
outgoing traffic from the LwM2M client was coming from a random
port determined during initialization.
Now that this bug bas been fixed, let's default the client to the
behavior that most users are expecting, and let new users customize
the outgoing port if needed (which should be rarely).
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
Currently, CONFIG_LWM2M_LOCAL_PORT is never used when setting up
the LwM2M client. Let's set the port of the local address using
CONFIG_LWM2M_LOCAL_PORT, so that the client can bind to it.
NOTE: A setting of 0 will use a random port.
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
Currently, the client_addr parameter is only used to check the
sa_family at various points during the init process. Both the
IP address and the port are ignored. Let's set the local client's
port based on the port value of the passed in client_addr if one
is supplied.
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
The port parameter passed to _net_app_set_local_addr() is converted
from host byte-order to network byte-order. Here we are passing
a port value which has already been translated to network byte-order.
Let's translate the local port to host byte-order when passing it
to _net_app_set_local_addr() to fix this issue.
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
L2 could take advantage of such hardware capability, when supported by
the device. This is also required for OpenThread.
Fixes#5714
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
We only clear 3 of the 6 member variables of the coap_reply structure
in coap_reply_clear().
Let's make sure to reset all of them.
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
The base CoAP retry setting is quite fast for network technologies
such as LTE-M and LoRa. Let's add an option to delay retries
a bit longer depending on the need.
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
Using IPSO Smart Object Guideline: "Smart Objects Starter Pack 1.0"
dated May 27, 2017, let's mark the OPTIONAL resources for an
IPSO Temperature object (Section 10. "IPSO Object: Temperature").
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
Using IPSO Smart Object Guideline: "Smart Objects Starter Pack 1.0"
dated May 27, 2017, let's mark the OPTIONAL resources for an
IPSO Light Control object (Section 16. "IPSO Object: Light Control")
Signed-off-by: Michael Scott <michael@opensourcefoundries.com>
