This commit removes all Domain Prefix configuration and management logic
from the OpenThread stack, CLI commands, unit tests, and GRL harness
THCI wrapper.
- Removed public Backbone Router Domain Prefix APIs.
- Removed Domain Prefix flag ('mDp') and 'D' flag parser/formatter
from core network data types, Spinel, and CLI.
- Cleaned up local Backbone Router and Leader logic to exclude Domain
Prefix configuration, tracking, and events.
- Updated RoutingManager prefix advertisement (RIO) to exclude
special handling for Domain Prefix.
- Updated CLI documentation to remove Domain Prefix references.
- Removed domain prefix helper methods from python test certification
scripts.
- Removed auto-addition of default domain prefix and D flag support
from GRL harness OpenThread.py.
This commit updates `Name::LabelIterator::ReadLabel()` to explicitly
check that the read label from the message does not contain any embedded
`kNullChar` (`\0`) characters. It uses `StringLength()` to verify that
the length of the string matches the expected label length. If a null
character is found before the end of the label, `kErrorParse` is
returned to prevent potential string truncation issues or
misinterpretation of the label name.
This broader check replaces a recent fix in `PtrRecord::ReadPtrName()`
from #13183 which only verified that the first label was not empty
or malformed by checking for a single-character label with a null
byte. By enforcing this validation centrally at the `ReadLabel()`
level, we now ensure that labels of any length are properly
protected against embedded null characters across all DNS record
types.
This commit refactors several Nexus diagnostic test cases to use the
existing `Mle::GetMeshLocalRloc()` method instead of manually assembling
the RLOC by combining the mesh-local prefix and the node's RLOC16. This
improves code readability and adheres to the standard pattern for
retrieving a node's Routing Locator.
This commit renames several methods in the `Mle` class that construct
an IPv6 address from the mesh-local prefix and an RLOC16/ALOC16 from
`Get...()` to `Compose...()` to better reflect their behavior.
The affected methods are:
- `GetLeaderRloc()` -> `ComposeLeaderRloc()`
- `GetLeaderAloc()` -> `ComposeLeaderAloc()`
- `GetCommissionerAloc()` -> `ComposeCommissionerAloc()`
- `GetServiceAloc()` -> `ComposeServiceAloc()`
This commit updates the codebase to use the `Icmp6Header` type
directly, replacing the nested `Ip6::Icmp::Header` definition.
This change aligns the ICMPv6 header type definition with the
conventions used for other network protocol headers and simplifies
type references across the network, border router, and utility
modules.
This commit removes the OPENTHREAD_CONFIG_TMF_PROXY_DUA_ENABLE feature
and all associated code, tests, CLI commands, and harness references.
Changes:
- Removed OPENTHREAD_CONFIG_TMF_PROXY_DUA_ENABLE definition and all
assert/preprocessor checks.
- Completely deleted dua_manager.cpp and dua_manager.hpp.
- Removed DUA registration notifying and request URI paths.
- Cleaned up all references to Domain Unicast Address (DUA) across
child management, notifier, time ticker, and MLE.
- Removed DUA commands and logic from the CLI and Python cert tests
(including packet verifier).
- Verified that the entire codebase compiles clean and all tests
successfully pass using the Nexus test suite.
This commit updates the SRP registration and verification logic to pass
the 1_3_SRP_TC_1 test case in the Nexus simulator:
1. In test_1_3_SRP_TC_1.cpp, temporarily disable/enable the eth1 DNS-SD
agent during SRV, AAAA, and browser resolver queries to force a
clear of the local cache. This ensures the queries are sent over the
wire to the Border Router (DUT) instead of being answered from the
resolver's cache.
2. In verify_1_3_SRP_TC_1.py, add checks for mDNS query and response
packets for Steps 9b, 9c, 15b, and 15c. Relax the Step 15c check to
not require the ML-EID in the mDNS response, as advertising
Mesh-Local addresses on the infrastructure link is optional and not
done by the OpenThread SRP advertising proxy.
This commit wraps the contents of `tcp6.hpp` and `tcp6_ext.hpp` with
`#if OPENTHREAD_CONFIG_TCP_ENABLE` feature guards to ensure that TCP
definitions and types are cleanly excluded when TCP support is disabled
in the build configuration. Additionally, it explicitly disables the
`OPENTHREAD_CONFIG_TCP_ENABLE` feature flag in the Toranj test
configuration to validate building without TCP support.
This commit removes the deprecated `test_trel_connectivity.py`
integration test. The TREL connectivity test functionality is
already fully covered by the Nexus simulation test suite, which
provides faster and more reliable testing.
This commit migrates the legacy Thread certification test
'test_publish_meshcop_service.py' to the C++ simulation test suite
in the Nexus platform.
To avoid redundancy and keep the test suite clean, the coverage
is consolidated directly within 'tests/nexus/test_border_agent.cpp'
instead of introducing a new redundant test file.
Consolidated coverage and changes:
- Extended the state bitmap parser and 'ValidateMeshCoPTxtData' in
'test_border_agent.cpp' to verify Backbone Router (BBR) active
and primary flags (kFlagBbrIsActive, kFlagBbrIsPrimary) when
OPENTHREAD_CONFIG_BACKBONE_ROUTER_ENABLE is enabled.
- Added a new test block in 'TestBorderAgentServiceRegistration' to
enable Backbone Router on node0, verify that BBR active and primary
flags are dynamically advertised in the MeshCoP TXT record over
mDNS, and verify that disabling BBR correctly updates the TXT
record state bitmap.
- Fully deleted the legacy Python certification script
'test_publish_meshcop_service.py' from 'thread-cert'.
This commit updates the codebase to use the `Icmp4Header` type directly,
replacing the nested `Ip4::Icmp::Header` type. The empty `Ip4::Icmp`
wrapper class is removed to simplify the header definition. This change
aligns the ICMPv4 header structure with the flat naming conventions used
for other IP headers (e.g., `Ip6::Icmp6Header`, `Ip6::UpdHeader`).
This commit completely removes the local Domain Unicast Address (DUA)
registration feature flag (OPENTHREAD_CONFIG_DUA_ENABLE) and all of
its associated implementation, public APIs, CLI commands, Spinel
property handlers, and certification tests.
Thread 1.2 FTD Border Router/Router DUA proxying features for MTD
children (OPENTHREAD_CONFIG_TMF_PROXY_DUA_ENABLE) are preserved and
updated to only compile/instantiate components when proxy DUA
features are active.
Detailed Changes:
- Remove default definition of OPENTHREAD_CONFIG_DUA_ENABLE from
misc.h.
- Remove OT_DUA and openthread_config_dua_enable from CMake/GN
configs.
- Remove otThreadSetFixedDuaInterfaceIdentifier and
otThreadGetFixedDuaInterfaceIdentifier from
include/openthread/thread.h
and implementation src/core/api/thread_api.cpp.
- Remove CLI DUA interpreter from src/cli/cli.cpp.
- Remove SPINEL_CAP_DUA capability and SPINEL_PROP_THREAD_DUA_ID
Spinel property handlers and dispatchers from NCP.
- Strip local DUA management features (conflict checking, SLAAC DUA
interface identifiers, and dad info settings) from DuaManager, MLE,
Address Resolver, and settings.
- Clean up Notifier, TimeTicker, and TMF dispatcher guards.
- Clean up -DOT_DUA=ON compilation flags across build/test scripts.
- Delete obsolete DUA certification tests:
- v1_2_test_domain_unicast_address
- v1_2_test_domain_unicast_address_registration
- v1_2_test_dua_handle_address_error
`PtrRecord::ReadPtrName()` reads a PTR target's first label with
`Name::ReadLabel()`, which performs no emptiness check. A response whose
first label is a single NUL byte (wire `01 00`) is stored as an empty
C-string and cached by the browse cache as a service instance. When the
cache later builds a known-answer question, it calls
`Name::AppendLabel("")`, which returns `kErrorInvalidArgs`; the
surrounding `SuccessOrAssert()` turns that into an abort. A single
unauthenticated link-local mDNS response thus crashes any node with an
active browser.
Reject an empty first label in `ReadPtrName()` so the record is dropped
on receive and never cached. This matches the `Name::ValidateLabel`
checks already applied on the registration and resolver paths, and makes
the "ReadPtrName() validates that PTR record is well-formed" comment at
the call site accurate.
Add a regression test that delivers a PTR response with a single
NUL-byte instance label and verifies no result is reported and the
browser keeps querying without the malformed entry.
This commit updates the codebase to use `TcpHeader` and `UdpHeader` types
directly, instead of the nested `Tcp::Header` and `Udp::Header` types.
The `TcpHeader` and `UdpHeader` classes are already defined in
`ip6_headers.hpp`. This change reduces dependencies on the `Tcp` and
`Udp` class definitions, which is particularly useful when TCP
is disabled in the build configuration, avoiding the need to include
their respective class headers just for the header definitions.
This commit fixes instances of "the the" typos found in various
files across the codebase, including documentation, headers, source
files, and test scripts.
This commit implements additional vendor application or ecosystem
policy settings for TCAT including:
1) Automatic deactivation of the TCAT agent / TCAT advertisement after
the thread network has been started over TCAT
2) Automatic activation of the TCAT agent / TCAT advertisement after
the thread network has been stopped over TCAT
3) Automatic activation of the TCAT agent / TCAT advertisement after
decommissioning over TCAT
4) Blocking support of certain TCAT TLVs by the application /
ecosystem
The commit also fixes an issue with certificate storage after
decommissioning.
This commit renames several methods in `Ip6::Address`,
`Ip6::InterfaceIdentifier`, `Ip6::Prefix`, and `Ip4::Address` that
fully initialize the object from `Set...()` to `Init...()`.
This creates a clear semantic distinction in the API:
- `Init...()`: Fully (re-)initializing the object.
- `Set...()`: Modifies a specific property or a sub-component of
the object (e.g., `SetPrefix()`, `SetLocator()`,
`SetSubnetId()`).
Some examples of renames include:
- `SetFromExtAddress()` -> `InitFromExtAddress()`
- `SetToLocator()` -> `InitAsLocator()`
- `SetToLinkLocalAddress()` -> `InitAsLinkLocalAddress()`
- `SetToRoutingLocator()` -> `InitAsRoutingLocator()`
- `SetToAnycastLocator()` -> `InitAsAnycastLocator()`
- `SetToIp4Mapped()` -> `InitAsIp4Mapped()`
All calls to these methods across the codebase have been updated
to reflect the new names.
This commit fixes a frequent unit test flake in ot-test-trickle_timer
under the TestTrickleTimerMinMaxIntervalChange test case.
The test case starts the trickle timer with Imin = 2000 and
Imax = 2000. The random time t (mTimeInInterval) is chosen in
[1000, 2000), so t can range up to 1999.
When t randomly evaluates to 1999, t + 1 becomes 2000. Calling
timer.SetIntervalMax(2000) triggers an early-exit optimization
in TrickleTimer::SetIntervalMax because mIntervalMax is already 2000,
leaving the scheduled timer's fire time unchanged. The test then
crashes on the assertion expecting the fire time to have changed.
This is resolved by setting the new interval max to
Min(t + 1, interval - 1). This ensures that the requested value is
strictly less than 2000 even when t = 1999, successfully triggering
the interval shortening and rescheduling logic tested by this case.
This commit adds a brief 0.1-second sleep delay immediately after
spawning node processes (rcp, cli, and mtd types) in the expect test
harness.
Under high CPU load on GitHub Actions runner VMs, the PTY file
descriptors can take a fraction of a second to fully initialize. If
commands are sent immediately after spawn without delay, the initial
expect match can fail with an instant timeout. This triggers duplicate
retransmissions in wait_for, leaving extra "Done" strings in expect's
PTY read buffer. The leftover "Done" strings desynchronize subsequent
assertions, causing tests to match cached output instead of waiting
for actual command execution (e.g., sending "diag stats" during an
active "diag send" command, which fails).
Adding a 100ms delay gives the PTY and child process enough time to
fully initialize and stabilize, avoiding instant timeouts and
subsequent test harness desynchronization.
Increase wait delay after starting the OTBR service in the
test_publish_meshcop_service.py script.
Starting otbr-agent requires the node to re-attach to the simulated
Thread network and transition to the leader role. In virtualized CI
environments, this role transition can take up to 14.5 seconds. Using
a hardcoded 10-second delay results in a race condition where the
service is published very late, causing the subsequent browse query to
miss the service and fail with AssertionError.
Substituting the delay with BORDER_ROUTER_STARTUP_DELAY (20s) ensures
the node has sufficient time to attach, become leader, start the border
agent, and fully register the mDNS service before browsing.
The test `test_1_3_DBR_TC_7A` was failing occasionally due to
uninitialized stack memory in `NetworkData::OnMeshPrefixConfig config`.
Because `OnMeshPrefixConfig` inherits from `otBorderRouterConfig`
and does not automatically initialize its fields in its default
constructor, declaring `NetworkData::OnMeshPrefixConfig config;`
on the stack left its members (including `mDp` and `mNdDns` flags)
with arbitrary stack garbage. If `mDp` (Domain Prefix flag)
evaluated to true, it caused the registered `PRE_1` prefix to be
erroneously processed as a Domain Prefix. Consequently, the border
router did not include `PRE_1` as a Route Information Option (RIO)
in its emitted Router Advertisements, causing packet verification
to fail in Step 4.
This commit fixes the issue by explicitly initializing the
`config` struct using `config.Clear()` right after declaration.
Fixes an intermittent failure in the
`nexus_announce_no_flap_on_unmergeable_partitions` test.
Previously, only LEADER_NEW was isolated (by enabling allowlist
mode with an empty address list) in Step 2. Because LEADER_OLD
still had allowlist mode disabled, it could receive advertisements
from LEADER_NEW. If LEADER_NEW's randomly allocated partition ID
happened to be larger than LEADER_OLD's, LEADER_OLD would see it
as a "better partition" and initiate a transition to child to
attach to LEADER_NEW.
Although this attempt would initially fail in Step 2 (since
LEADER_NEW dropped all RX), it kept retrying. In Step 3, when the
allowlist was opened on both sides, the queued/retried attach
attempt from LEADER_OLD succeeded, making it a child and causing
the Leader assertion to fail.
Isolating both nodes during Step 2 ensures that LEADER_OLD never
hears LEADER_NEW's initial good-link advertisements. When Step 3
begins, it only hears LEADER_NEW through the weak link and
correctly rejects the advertisements, keeping both nodes stable
leaders of separate partitions.
`Mle::AnnounceHandler::HandleAnnounce` previously executed the
`kAnnounceAttachAfterDelay` action on an attached node even when
the announced channel and PAN ID already equaled the current MAC
parameters. The `!channelAndPanIdMatch` guard was only consulted
in the `IsDetached()` branch. For an attached node this scheduled
`StartAnnounceAttach`, which calls `Stop()` then `Start()` with
the same channel/PAN ID -- accomplishing nothing while disrupting
attached children.
This causes an endless role flap in a topology where two FTDs
share channel, PAN ID, and network credentials but hold different
Active Dataset Timestamps, and where their RF link is too weak to
merge partitions (Advertisements rejected with LinkMarginLow at
`mle_router.cpp`). Each side restarts on every Announce received
from the higher-timestamp peer; the reactive `kSendAnnouceBack`
path further amplifies this because the lower-timestamp side's
own outgoing Announces draw Announce responses from the peer.
Apply the channel/PAN ID match guard unconditionally in
`kAnnounceAttachAfterDelay`. Mirror it on the FTD
`kSendAnnouceBack` path (matching the existing `isFromOrphan`
behavior) so peers sharing MAC parameters are not prompted to
migrate to the channel/PAN ID they already use.
Add `addon_test_announce_no_flap_on_unmergeable_partitions.py`
which builds the topology above and asserts that both nodes
retain their original partition IDs across a 20-minute simulated
window. Without this change the lower-timestamp node is
repeatedly demoted from leader during that window.
This commit updates the DHCPv6 Prefix Delegation (PD) client to
comply with RFC 9915, which obsoletes the Server Unicast option
(Option 12) and the UseMulticast status code.
Changes:
- Removed `mServerAddress` and `ProcessServerUnicastOption()` from
`Dhcp6PdClient`.
- Modified `Dhcp6PdClient::SendMessage` to always transmit via
multicast to `ff02::1:2`.
- Removed `UseMulticast` status code handling in `HandleReply()`.
- Added `otMessageFree` weak stub in simulation platform's
`infra_if.c` to resolve linking errors on simulation radio-only
targets when DHCPv6 PD client is enabled.
- Updated `test_dhcp6_pd_client.cpp` to expect multicast and
removed the obsolete UseMulticast test case.
This commit extends the `BitSet` class with several new
methods:
- `CountElements()`
- `IsSubsetOf()` and `IsSupersetOf()`
- `Complement()`
- `UnionWith()`, `IntersectWith()`, and `SubtractWith()`
- `SetMask()`, `AppendTo()`, and `ReadFrom()` message.
This commit also introduces a new `BitSetUtils` non-template base class
for the `BitSet<kNumBits>` template class. This change helps optimize
code by moving the common implementation logic for various bit
manipulation operations out of the template, reducing template
instantiation overhead.
This commit refactors the Nexus tests configuration in CMakeLists.txt
by properly classifying and sorting test cases:
- Moved `inform_previous_parent_on_reattach` from the "Cert tests"
section to the "Misc tests" section, and changed its label from
"cert;nexus" to "core;nexus".
- Moved `retransmission_security` from the "Cert tests" section
to the "Misc tests" section where it belongs (retaining its
"core;nexus" label) and sorted it alphabetically.
These changes ensure the CMake file remains clean and the tests are
properly categorized.
This commit removes the thread-cert/backbone tests and cleans
up all related configurations and references.
Specifically, the following changes are made:
- Deleted tests in tests/scripts/thread-cert/backbone/
- Removed the backbone-router job from .github/workflows/otbr.yml
- Removed backbone-router dependency from upload-coverage job
- Removed setup, cleanup, and checks for backbone tests in
tests/scripts/thread-cert/run_cert_suite.py
This commit renames the `NetworkDiagnostic` namespace in `src/core/thread/`
and its related types to `NetDiag` for brevity. It updates the
corresponding filenames and header guards as well.
Retransmissions of frames containing time-dependent header Information
Elements (IEs), such as CSL or Time Sync, require updates to these
IEs to reflect the exact time of sending. If the frame counter is not
incremented for these retransmissions, it leads to nonce reuse in
AES-CCM encryption, which is a security vulnerability.
This commit addresses this issue by ensuring that every transmission
attempt (initial or retry) uses a fresh frame counter:
- Deferred security processing from `SubMac::Send()` to
`SubMac::BeginTransmit()`.
- Upon retransmission in `SubMac::HandleTransmitDone()`, the frame is
restored to plaintext via `TxFrame::DecryptTransmitAesCcm()` and
security flags are cleared.
- This allows time-dependent IEs to be updated and a new frame counter
to be assigned for every attempt.
Added a Nexus test case `retransmission_security` to verify that both
CSL and standard MAC retransmissions use incrementing frame counters
and updated CSL phases.
This commit introduces a structured state machine to `Mlr::Manager` to
coordinate Multicast Listener Registration (MLR) activities more
efficiently. The previous implementation relied on independent delay
variables and the global `TimeTicker`, which could lead to redundant
or premature registrations, especially when a Primary Backbone Router
(PBBR) was newly discovered or updated.
The new state machine (`kStateStopped`, `kStateIdle`,
`kStateToRegisterAll`, `kStateRegistering`, `kStateRegistered`,
`kStateNewAddrToRegister`) provides explicit transitions for the
entire MLR lifecycle. This ensures that registrations are properly
aggregated and that periodic renewals are correctly rescheduled after
successful out-of-band registrations.
Additionally, the manager now uses a dedicated `TimerMilli` instead of
`TimeTicker`, reducing system-wide overhead and providing more
precise timing control.
Per RFC 9664, the UL option is always included in a success response (RCODE=0).
Comment in test_srp_server is updated also to avoid suggesting the opposite.
This commit introduces a new set of template-based APIs for
non-cryptographic random number generation in the `Random::NonCrypto`
namespace. These new methods provide a cleaner, type-safe, and more
robust interface compared to the previous methods.
Key additions:
- `Generate<UintType>()`: Returns a random value of the given
unsigned integer type (`uint8_t`, `uint16_t`, or `uint32_t`).
- `GenerateUpToExcluding<UintType>(aMax)`: Returns a random value in
the range `[0, aMax)`.
- `GenerateFromMinUpToExcluding<UintType>(aMin, aMax)`: Returns a
random value in the range `[aMin, aMax)`.
- `GenerateInClosedRange<UintType>(aMin, aMax)`: Returns a random
value in the closed range `[aMin, aMax]`.
The introduction of `GenerateInClosedRange` is an improvement as it
safely handles ranges up to the maximum value of the integer type
(e.g., `0xffff`) without the risk of overflow.
All call sites across the OpenThread core stack and tests have been
updated to adopt these new APIs. The public `otRandomNonCrypto`
functions are also updated to leverage the new internal methods.
Doxygen documentation is added for all new template methods,
detailing their behavior, including edge cases where the upper bound
is smaller than or equal to the lower bound.
This commit refactors various unit tests to use `constexpr` for
defining constants instead of anonymous `enum` types.
Using `constexpr` is the modern and preferred approach in C++, as it
provides explicit types for constants and improves code clarity and
type safety.
This commit makes `Tlv::AppendTlvHeader()` public and updates call
sites to use it. This method automatically handles the formatting
of the TLV header as either a standard TLV header or an extended one
based on the provided length.
This commit removes all code, configurations, APIs, and tests related
to the OPENTHREAD_CONFIG_BACKBONE_ROUTER_DUA_NDPROXYING_ENABLE feature.
Specifically, the following changes were made:
- Removed DUA ND Proxying Backbone Router configuration option and the
related OPENTHREAD_CONFIG_NDPROXY_TABLE_ENTRY_NUM definition.
- Removed CLI commands: `bbr mgmt dua` and the proactive backbone
notification fake command `/b/ba`.
- Removed NdProxyTable and bbr_manager DUA ND Proxying implementation.
- Removed public/internal APIs for ND Proxying and proactive backbone
notifications.
- Deleted ndproxy_table source files and unit tests.
- Simplified CMake and GN build files to remove deleted targets.
This commit improves the `tests/nexus/build.sh` script by adding a
`display_usage()` function and implementing stricter command-line
argument validation.
This commit removes the obsolete Backbone Router (BBR) certification
tests:
- tests/scripts/thread-cert/backbone/bbr_5_11_01.py
- tests/scripts/thread-cert/backbone/
test_mlr_multicast_routing_across_thread_pans.py
These tests are removed because DUA (Domain Unicast Address) routing
features (specifically DUA ND Proxying) have been deprecated and
removed from the codebase. Since these features are no longer
supported, the corresponding certification and validation tests are
no longer valid or runnable.
Remove obsolete backbone test cases for Domain Unicast Address
(DUA) Duplicate Address Detection (DAD), DUA routing, DUA routing
for Minimal End Devices (MED), and Neighbor Discovery (ND) Proxy.
These features and their corresponding tests are no longer needed.
This commit removes all DUA (Domain Unicast Address) validation
and verification steps from test_firewall.py. Since DUA routing
features are being phased out or removed, this keeps the firewall
test in sync and prevents potential failures during test runs.
Specifically:
- Removed DUA ping validation from host to router.
- Removed DUA collection call (collect_duas).
- Removed the packet verifier checks checking for DUA ping traffic.
This commit introduces a new CMake option `OT_NEXUS_BUILD_TESTS`
(defaulting to `ON`) to control whether the individual Nexus test
executables are built.
When developing or debugging the OpenThread core stack within the
Nexus framework, building the large number of certification tests can
be time-consuming. This option allows developers to skip building the
tests and only compile the `ot-nexus-platform` library and OT core.
The check is implemented inside the `ot_nexus_test` macro to ensure
all test definitions automatically respect the flag without requiring
large conditional blocks in the `CMakeLists.txt` file.
Additionally, a `no_tests` argument is added to `tests/nexus/build.sh`
to easily invoke this configuration from the command line.
This commit refactors and improves the `Sntp::Client` class by
adopting common OpenThread patterns and simplifying the logic.
Key changes:
- Introduced `Sntp::Client::QueryInfo` core class to wrap the
public `otSntpQuery` structure.
- Added `Timestamp` class to handle SNTP timestamps, simplifying
the `Header` structure.
- Renamed methods and variables to be more concise and consistent
(e.g., `FinalizeSntpTransaction` to `Finalize`,
`mRetransmissionTimer` to `mTimer`).
- Simplified the `HandleUdpReceive` logic by splitting response
processing into `ProcessResponse`.
This change improves code readability and maintainability of the
SNTP client module.
This commit adds support for interacting with nodes via the CLI in the
Nexus simulation framework. This enables writing higher-level
integration tests that verify stack behavior and state through
standard CLI commands.
Key changes:
- Integrated `Cli::Interpreter` into the `Nexus::Node` class.
- Added `Node::InputCli()` to allow sending commands to a node with
`printf`-style formatting.
- Implemented output capturing logic in `Node::HandleCliOutput()` to
buffer and parse CLI responses into individual lines, stored in a
`CliOutputArray`.
- Added helper methods to `CliOutputLine` for matching and validating
the captured output.
- Added a new `cli_basic` Nexus test to demonstrate and validate the
CLI interaction functionality.
This commit introduces `Message::ReadAndAdvance()` and its template
flavor to the `Message` class. This helper method reads data from a
`Message` at a given `OffsetRange` and advances the `OffsetRange` by
the number of bytes read upon success.
Sequential parsing of structured data (such as TLVs or protocol
headers) is a common pattern across the OpenThread codebase.
Previously, this required two separate calls: one to `Read()` and
another to `AdvanceOffset()`. The new `ReadAndAdvance()` method
consolidates these into a single, safer operation that ensures the
offset is only advanced if the read operation succeeds.
This commit updates numerous call sites across the core stack
(MLE, BBR, DatasetManager, NetworkDiagnostic, DHCPv6, etc.) to use
the new helper, improving code clarity and reducing boilerplate.
This commit adds a new Nexus test (`test_mlr_redundant.cpp`) to verify
that the MLR manager correctly handles registrations when multiple
entities (e.g., a parent router and its children) subscribe to the
same multicast address, without sending redundant requests.
The test sets up a topology with a Primary Backbone Router, an FTD
Router, and three SEDs. The Router and SEDs all subscribe to the same
multicast address. The Router then subscribes to 14 additional unique
multicast addresses to exceed the single CoAP message payload limit
(`kMaxIp6Addresses`).
A CoAP interceptor is registered on the Backbone Router to parse
incoming `MLR.req` messages and count the number of times the shared
multicast address is included in the payload. The test verifies that
the shared address is requested exactly once, ensuring that fragmented
state tracking does not lead to duplicate registrations.
This commit enhances the radio URL parsing logic to detect and fail
when unused parameters are provided in the URL. This prevents typos
or unsupported parameters from being silently ignored.
The following changes were made:
- Updated ot::Url::Url to track parameter usage by appending a
trailing '&' delimiter in Init() and replacing it with '\0'
in GetValue() when a parameter is matched. This marks the
parameter as used and removes any limit on the number of
trackable parameters.
- Added a Validate() method to ot::Url::Url to verify that all
parameters in the query string were accessed.
- Refactored ot::Posix::Radio to share a single RadioUrl instance
with SpinelManager, ensuring all components track usage on the
same URL object.
- Integrated Validate() calls in otSysInit() and platformTrelInit()
to perform validation after all platform components have been
initialized.
- Updated Radio::ProcessMaxPowerTable to use a local copy of the
parameter string to avoid premature modification of the URL buffer.
- Adjusted RadioUrl and unit tests to provide sufficient buffer
space for the additional tracking delimiter.
- Added new unit tests in tests/unit/test_url.cpp to verify the
usage tracking and validation logic.
This commit introduces a recursion depth limit of 4 in
Ip6::HandleDatagram to prevent unbounded stack recursion from deeply
nested IPv6-in-IPv6 tunnel packets (NextHeader = 41).
This mirrors the safety limit fix implemented in the 6LoWPAN layer
decompress path (issue #12669).
A new Nexus test case `ipv6_recursion` has been added to construct
and verify that packets exceeding the depth limit are correctly
dropped with kErrorDrop, while valid nesting depth succeeds.
Key changes:
* Added `mle_router_role_allowed` nexus test, which includes a test of
the correct type of advertisement used by each type of node.
* Updated the `router_downgrade_on_sec_policy_change` nexus test
to also test changes of the Router role allowed/disallowed when
multiple factors are changed
* Updated checks in `verify_1_1_5_3_6.py` to verify that only Router
advertisments are sent during the test, to verify that REED
advertisements are not sent unless the unit is no longer
attempting to upgrade
Every DTLS ClientHello from an unseen port previously allocated a
dynamic CoapDtlsSession on the heap before DTLS cookie verification.
This allowed multiple connection attempts to leave allocated sessions
active indefinitely, leading to high memory utilization.
To resolve this:
- Enforce a 15-second handshake timeout on newly allocated sessions.
Connecting sessions that do not successfully finish the handshake
within 15 seconds are cleanly disconnected and freed.
- Enforce a session limit cap of 16 concurrent secure sessions on the
Border Agent. Reaching this limit immediately rejects new session
connection requests before triggering heap allocation.
- Implement Nexus test case TestBorderAgentSessionsLimit to robustly
verify both session limit rejection and handshake timeout behavior.
This commit fixes a deterministic null-pointer dereference in
CoapBase::ProcessBlock2Request when receiving a Block2 request
with block number greater than 0 without a preceding active
blockwise transfer.
Previously, when mLastResponse was null, the option copying logic
would unconditionally attempt to initialize the iterator with a
dereferenced mLastResponse pointer (iterator.Init(*mLastResponse)),
causing a segmentation fault crash.
This fix inserts a VerifyOrExit check on mLastResponse inside
ProcessBlock2Request. If mLastResponse is null, it returns the
kErrorNoFrameReceived error code. In ProcessBlockwiseRequest, this
is mapped to a 4.08 Request Entity Incomplete response, matching the
spec-compliant error handling behavior of Block1.
An automated reproduction and verification test case has also been
added to tests/nexus/test_coap_block.cpp.
This commit fixes the occasional/flaky failure of the Nexus test
1_1_5_8_4 by addressing a joiner expiration issue and strictly
verifying MLE Discovery Responses.
In test_1_1_5_8_4.cpp, the joiner was added with a timeout of 100s in
Step 1. However, the total simulated elapsed time before Step 11
(when the joiner is checked) is exactly 104s. This causes the
joiner to expire occasionally/consistently, resulting in the Leader
skipping the MLE Discovery Response in Step 12.
We increase the joiner timeout to 1000s so that it stays active
throughout the test. In addition, we update verify_1_1_5_8_4.py to
strictly verify the Step 12 Discovery Response and perform packet
matching chronologically rather than relying on seeking backward to
idx10.
Jonathan Hui