This commit adds a new Nexus test that implements the test
specification in test-1-4-PIC-TC-1.md. The test verifies Border
Router functionality including:
- DHCPv6-PD client to obtain OMR prefix
- Advertising route to OMR prefix on AIL (Stub Router)
- DNS recursive resolver for public internet addresses
- Connectivity (ICMPv6, UDP, TCP/HTTP) to internet and local servers
New files:
- tests/nexus/test_1_4_PIC_TC_1.cpp: C++ test execution
- tests/nexus/verify_1_4_PIC_TC_1.py: Python pcap verification
Nexus platform enhancements:
- Enabled DHCPv6-PD client in openthread-core-nexus-config.h
- Implemented DHCPv6-PD platform APIs in nexus_infra_if.cpp
- Added RDNSS option to RA in nexus_infra_if.cpp
- Improved packet delivery on infrastructure interface in nexus_core.cpp
- Fixed upstream DNS query matching in nexus_dns.cpp
This commit fixes a logic error in the TCP receive buffer reassembly
logic. The issue occurred when an out-of-order segment was exactly
the size of the circular buffer and the write index was non-zero.
The original logic incorrectly used modulo-wrapped indices to check
if a write should be contiguous or split:
start_index + numbytes % size. When numbytes == size, end_index ==
start_index, which evaluates to true, leading to an incorrect memory
write if start_index > 0.
This commit updates the check to use the absolute write boundary:
if (start_index + numbytes <= chdr->size). This ensures that any
write spanning the buffer boundary is correctly split.
A regression test test_cbuf_reass_boundary is added to test_all.c
to verify the fix and prevent future regressions. The test Makefile
is also updated to use $(CC) for better portability.
Group mbedTLS configuration macros into logical sections and improve
formatting.
This commit helps prepare for PSA API backend introduction.
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
Replace the include of `<openthread/platform/memory.h>` with
`<openthread/platform/crypto.h>` in the mbedTLS config header file.
Recent PR #12290 introduced `otPlatCryptoCAlloc()` and
`otPlatCryptoFree()` platform APIs and updated the mbedTLS config to
use them. This commit ensures the correct header is included to
prevent build errors regarding use of undeclared functions
(e.g. "error: use of undeclared identifier 'otPlatCryptoCAlloc'").
This commit introduces two new platform functions:
- otPlatCryptoCAlloc()
- otPlatCryptoFree()
It also provides a default implementation using the OpenThread Heap.
This API is necessary for the upcoming work related to PSA API
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
This commit introduces enhanced format string checking. It activates a
new compiler warning to identify potential issues with non-literal
format strings and systematically applies format attribute macros to
functions that handle variable arguments.
This commit changes the mbedtls repo in openthread from source code to
git submodule.
This makes it easier for mbedtls version upgrade. This PR doesn't
upgrade the mbedtls version. v.3.6.0 is stil used to ensure nothing is
broken. The original OT specific build files (BUILD.gn, CMakeLists.txt
and config) are kept and unchanged. I've verified that the headers and
sources in the list of BUILD.gn are correct.
This commit suppresses the undefined warnings in mbedtls. To detect
such warnings in OpenThread, this commit also enables warnings check
for gn BUILD and fixes issues found.
This commit corrects the timing of Transmission Control Block (TCB)
re-initialization to ensure proper RST packet sending during TCP
connection aborts and to prevent potential issues due to incomplete
TCB cleanup.
This commit redefines tcplp symbols that conflict with LWIP's TCP implementation:
- tcp_input has been renamed tcplp_input
- tcp_output has be renamed tcplp_output
- tcp_close has been renamed tcp_close_tcb
- tcp_init was already removed but the prototype was still present and was deleted
- TCP_MSS and TCP6_MSS have been renamed to TCP_MAXSS and TCP6_MAXSS
Signed-off-by: Marius Preda <marius.preda@nxp.com>
When building and linking with link time optimizations and TCP is
not enabled (OPENTHREAD_CONFIG_TCP_ENABLE = 0) the following error
occurs:
tcp_subr.c:96: undefined reference to tcplp_sys_get_ticks'
To address the problem we are removing the __attribute__((used))
annotation on the initialize_tcb function which will prevent the
function from being retained when no one references it.
This commit fixes mbedTLS config where MBEDTLS_OID_C is not set
together with MBEDTLS_PK_PARSE_C in some OpenThread configurations.
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
As per the mbedTLS v3.5.0 release notes:
Ref: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0
MBEDTLS_CIPHER_BLKSIZE_MAX is deprecated in favor of
MBEDTLS_MAX_BLOCK_LENGTH (if you intended what the name suggests:
maximum size of any supported block cipher) or the new name
MBEDTLS_CMAC_MAX_BLOCK_SIZE (if you intended the actual semantics:
maximum size of a block cipher supported by the CMAC module).
This commit fixes the build issue keeping the backward compatibility
intact.
This commit adds support for TCP Fast Open, without cookie management.
To add support for this, I looked at the FreeBSD codebase and brought
in some code from FreeBSD 12.0 that implements TCP Fast Open --- the
version of FreeBSD that TCPlp is based on did not fully support TCP
Fast Open.
Normally, a part of TFO is cookie management --- the server generates
a cookie and includes it in the initial handshake, and client is
expected to present this cookie on future handshakes. This part is not
yet implemented, and I changed the logic from FreeBSD to allow data to
be exchanged in the TFO handshake even if the client does not present
a cookie. If we implement this functionality for TFO later, it is
probably worth departing from FreeBSD's data structures and policies
for maintaining cookie state in favor of something that is simpler and
more memory-efficient.
This commit migrate tests not targeting autotool to cmake.
* removed openthread-test-driver
* removed functional tests from autotool based check
* corrected file permission of python scripts
* added --run-directory to specify directory to collect logs and captures
* get test-ot-test-srp-server pass on POSIX platform
This commit adds two small changes to address new warnings when
building with clang-14.
It also updates `mbedtls` CMakeLists to set `MBEDTLS_FATAL_WARNINGS`
option as `OFF` (so that compiler warnings are not treated as errors).
This avoid issues with new warning for `unused-but-set-variable` emitted
by clang-14.
This commit adds support for TLS in the TCP CLI tool, along with a
test of TLS functionality.
The main purpose of this is to provide an example of how to use
mbedTLS with TCPlp to run TLS. I felt it is important to have an
example because I expect that many applications that use TCP,
particularly those in which a Thread device exchanges data with a
device outside the Thread mesh, will need to run TLS over TCP for
security reasons.
A secondary benefit is to add TCP functionality to the TCP CLI
tool. Additionally, by having the example code be part of a "real"
application (the CLI tool), there is less risk of the code going stale
as OpenThread evolves.
I added an "expects" test for the TLS functionality in the CLI tool. I
also ran the code on two Nordic NRF52840-DK boards to make sure it
works.
The performance impact of TLS appears to be small. When using TCP
without TLS, I am able to achieve ~80 kb/s goodput between two
NRF52840-DK boards. With TLS in the same setup, I am able to achieve
~70-75 kb/s goodput.
This commit adds separate `tpclp-ftd` and `tcplp-mtd` libraries.
Each library is then `target_link_libraries()` with the related
`openthread-ftd/mtd`. This should help avoid situation where both
`openthread-ftd` and `openthread-mtd` are included as dependency
and linked and address linker failures under certain versions of
`clang`.
There is no hard dependency in the Thread specification which requires
the use of deterministic signatures. On the contrary, looking at the
tinycrypt implementation, that one issues randomized ECDSA signatures
and seems to be quite happy with that.
This change does not change the default behaviour, which is to use
deterministic ECDSA when using the default MbedTLS backend. It does
however make it possible for platforms which have qualified hardware
entropy to select 'plain' ECDSA instead, which gives both a performance
and code size improvement on those platforms.
This commit adds support for the remaining TCP callback, which was not
yet supported.
Originally, the unimplemented callback was otTcpSendReady, which would
indicate to the application when new data added to the TCP send buffer
would be sent out immediately. There was also discussion of adding an
otTcpBytesAcked callback, which, together with the
otTcpSendByExtension() call, would allow a circular buffer to be
implemented efficiently on top of the otLinkedBuffer API.
Ultimately, it seemed best to generalize the otTcpSendReady callback
to include both cases where bytes are acked by the connection peer,
and where the send buffer drains, allowing new data to be sent
immediately. The reasoning behind this decision is that both the
otTcpSendReady and otTcpBytesAcked callbacks are triggered by the same
event --- an ACK received from the connection peer --- and that it may
require the application to have to "coordinate state" across
callbacks. Having a single callback function to indicate both
conditions seemed like it could simplify applications significantly.
The new, combined, callback is otTcpForwardProgress. This commit
implements support and documentation for this callback function.
* Avoid printf, and omit newline at end of tcplp_sys_log calls
* Add new tcplp_sys_panic call to use for assertion failures
* Fix code in "#ifdef INSTRUMENT_TCP" so that it can be used
* update TCPlp #include guards to be TCPlp-specific
* do not use sys/queue.h in tcp_var.h, to avoid polluting global namespace
* avoid bitfields in TCP header structure
* use int32_t instead of int in tcpcb and reorder fields to eliminate padding
This commit fixes minor bugs in TCP.
1. The first change fixes a bug where the TCP CLI prints out an
incorrect message when a connection is terminated. This appears to
have been introduced in #7279.
2. The second change fixes a null pointer dereference when accepting a
TCP connection. This issue is purely theoretical at the moment,
because in the case where the dereferenced pointer is NULL, the
dereferenced value is not used, and so the compiler optimizes out the
memory access (so it seems). As a result, TCP actually runs without
issues. But I've fixed it anyway, to avoid depending on that behavior.
Add the following options `-Wno-sign-compare` and
`-Wno-unused-parameter` with target_compile_options to suppress
warnings. These options will be appended to the end of options
inherited from COMPILE_OPTIONS and CMAKE_C_FLAGS.
Jonathan Hui