This commit changes the mbedtls repo in openthread from source code to
git submodule.
This makes it easier for mbedtls version upgrade. This PR doesn't
upgrade the mbedtls version. v.3.6.0 is stil used to ensure nothing is
broken. The original OT specific build files (BUILD.gn, CMakeLists.txt
and config) are kept and unchanged. I've verified that the headers and
sources in the list of BUILD.gn are correct.
Small change to surface any internal errors in the hash calculations
to the TCAT Commissioner as general error. If not done, such errors
are silently ignored and hard to diagnose in products.
This commit enhances mDNS to allow reprobing for registrations
currently in a conflict state. Upon an explicit `Register()` call,
the mDNS module will now restart the probing process. This allows the
device to attempt to claim the name again if the conflict has been
resolved on the network.
Unit tests are updated to verify this behavior.
This commit suppresses the undefined warnings in mbedtls. To detect
such warnings in OpenThread, this commit also enables warnings check
for gn BUILD and fixes issues found.
`ValidateName()` did not correctly handle names that were exactly the
maximum allowed length (`kMaxNameLength`). A name of this length is
only valid if it ends with a trailing dot. Otherwise, when encoded,
the added root label causes the encoded name to exceed the
`kMaxEncodedLength` of 255 bytes.
This commit updates `ValidateName()` to enforce that any name with
length equal to `kMaxNameLength` must end with a dot character.
It also updates the `TestDnsName` unit test to verify this corrected
behavior, ensuring `ValidateName()` and `AppendName()` handle such
names consistently.
Rename all fuzzer source files in `tests/fuzz` from `{name}.cpp` to
`fuzz_{name}.cpp`.
Update the `ot_nexus_test` macro in `tests/fuzz/CMakeLists.txt` to
reflect this change, using `fuzz_{name}.cpp` as the source file while
naming the test `{name}-fuzzer`.
This change improves consistency and makes it easier to distinguish
fuzzer source files from other similarly named files during searches.
This commit introduces a new configuration option
`OPENTHREAD_CONFIG_DNS_CLIENT_BIND_UDP_TO_THREAD_NETIF` to control
which network interface the DNS client's UDP socket binds to.
When this config is set to 1, the socket is bound to the Thread
network interface (`Ip6::kNetifThreadInternal`).
When the config is set to 0, the socket is bound to the unspecified
network interface (`Ip6::kNetifUnspecified`), allowing DNS messages
to be sent and received over any available network interface. By
default this new config is disabled.
A new CMake option `OT_DNS_CLIENT_BIND_UDP_THREAD_NETIF` is also added
to allow easy configuration of this feature.
The test configurations are updated to ensure both behaviors are
covered.
Remove the `CoapDtlsSession::ForwardContext::ToHeader()` helper method
and move its logic directly into the `HandleCoapResponse()` method.
This simplifies the implementation by removing an unnecessary function
call for a single-use case.
Additionally, convert `ForwardContext` from a `class` to a `struct`.
This change makes the constructor public, removing the need for a
`friend` declaration for `Heap::Allocatable`, and better reflects its
role as a simple data structure.
Moves the management of MeshCoP service TXT data from the
`BorderAgent::Manager` class into the `TxtData` class.
This change improves separation of concerns by isolating all TXT
data-related logic, including vendor TXT data, change callbacks, and
notifier event handling, within the `TxtData` class. The
`BorderAgent::Manager` is simplified and its responsibilities are
more focused.
A new public method, `Refresh()`, is introduced on `TxtData` to
provide a clear API for other modules to signal that the MeshCoP
service TXT data needs to be re-evaluated and updated.
The `HandleCoapResponse` callback in `CoapDtlsSession` is renamed to
`HandleLeaderResponseToFwdTmf`.
The new name more clearly indicates that this callback is used to
handle the response from the leader for a forwarded TMF message.
This improves code readability and makes the role of the callback
more explicit.
When using some special configurations, the ot-cli-ftd will crash. The
crash path is `MessageFramer::PrepareMacHeaders()` ->
`Get<NeighborTable>().FindNeighbor()` ->
`Get<ChildTable>().Contains()`. The crash happens in the
`ChildTable::Contains()`. Here is the system crash message: `kernel:
traps: ot-cli-ftd[122376] trap invalid opcode ip:5640b7713b8e
sp:7ffd6425c5f0 error:0 in ot-cli-ftd[313b8e,5640b7400000+426000]`.
The root cause of the crash is that the CandidateParent is a 4 bytes
aligned class and the Child is a 8 bytes aligned class. When
converting the CandidateParent to Neighbor and then converting the
Neighbor to Child, the program will crash due to the alignment issues.
This commit replace the static_cast with the reinterpret_cast in
ChildTable::Contains() to convert a Neighbor to a Child.
Consolidates the two overloaded `SendErrorMessage()` methods in the
`CoapDtlsSession` class into a single implementation.
The new `SendErrorMessage()` method now accepts the token information
directly, rather than a `Coap::Message` or a `ForwardContext` object.
This simplifies the call sites and removes the now-unused
`CoapCodeFromError()` helper function (the conversion is now done
in the consolidated `SendErrorMessage()`).
This commit adds the adb interface support to expect scripts, so that
we can easily run all expect scripts on Android devices.
Example usages: `spawn_node ${node_id} "adb" "${adb_serial_num}"`.
This commit enhances the `TestNat64PrefixSelection` unit test by
adding more detailed verification of the RA-discovered NAT64 prefix
table managed by `RxRaTracker`.
This commit simplifies the CoAP message forwarding logic within the
`CoapDtlsSession` by removing the `mPetition` and `mSeparate` boolean
flags from the `ForwardContext`.
The `Uri` of the request is now stored directly in `ForwardContext`
and used to determine the logic flow, making the code more explicit
and easier to understand.
The `ForwardToLeader()` is only used with `kUriLeaderPetition` and
`kUriLeaderKeepAlive`, both of which requires a separate
non-confirmable response in addition to an immediate CoAP Ack
(i.e., as if `mSeperate` is `true`).
This change removes the need for intermediate flags and simplifies the
implementation of `ForwardToLeader()`, `SendErrorMessage()`, and the
`ForwardContext` constructor and `ToHeader()` method. The CoAP
message initialization is now more direct, always using
`kTypeNonConfirmable` for forwarded responses and error messages.
This commit updates the `BorderAgent` implementation to consistently
use `OwnedPtr` for managing the lifecycle of `Coap::Message` and
`Message` objects.
This change improves memory safety and simplify the code. Message
objects are now automatically deallocated when the `OwnedPtr` goes
out of scope, which eliminates all manual calls to `FreeMessage()`
and `FreeMessageOnError()`, preventing potential memory leaks and
making the code more robust.
This commit enhances `RxRaTracker` by introducing a new `Events`
struct for handling callbacks. This change replaces the previous
`HandleRxRaTrackerDecisionFactorChanged()` method with a more
versatile `HandleRxRaTrackerEvents()` that accepts the `Events`
struct as an argument.
The new `Events` struct includes boolean flags for:
- `mInitialDiscoveryFinished`
- `mDecisionFactorChanged`
- `mLocalRaHeaderChanged`
This allows `RxRaTracker` to communicate more specific events to
`RoutingManager` and `MultiAilDetector`, enabling them to take
the proper action based on the events. The `SignalTask` has been
renamed to `EventTask` to better reflect its new role in handling
these events.
This commit involves a small enhancement for CSL to optimize for power
consumption after receiving a frame.
Original implementation:
- schedule next CSL window during current CSL timer handle
- even if a frame is received, the scheduled CSL timer is not reset
- SSED wakes up much earlier than required if elapsed time is large
Suggested implementation:
- recalculate CSL timer during `UpdateCslLastSyncTimestamp` if it is
currently running
- SSED can use updated mCslLastSync so that it does not wake up much
earlier after receiving a frame
This commit updates the default TTL values used for mDNS records to
better align with the recommendations.
Previously, a single `kDefaultTtl` of 120 seconds was used for all
records when the registered entry did not explicitly specify the TTL
to use. This commit introduces separate default TTLs:
- `kDefaultAddrTtl` for address records (`AAAA`, `A`) is kept at
120 seconds.
- `kDefaultServiceTtl` for all service records (`PTR`, `SRV`, `TXT`)
is set to 4500 seconds.
- `kDefaultKeyTtl` is also updated to 4500 seconds for `KEY` records.
The code is updated to use the appropriate default TTL based on the
record type.
This commit implements `otPlatDnssdStartBrowser` and
`otPlatDnssdStopBrowser` to support service discovery on NCP.
The platform APIs are intended to be used by
`ServiceDiscovery::Server::DiscoveryProxy` for discovery
functionality. This commit only supports browser for now and will
suppport Srv/Txt/Address resolver in other commits to avoid this
commit from being too large.
This commit contains these changes:
* Add new spinel property for starting / stopping service browser
* Implement encoding/decoding of the new property
* Add unit test for encoding/decoding
* Implement ncp version of dnssd platform API
`otPlatDnssdStartBrowser` and `otPlatDnssdStopBrowser`
* Add property handler to get browser result on NCP side
* Add unit test to verify that the browser callback is correctly
invoked after getting browser result.
This commit introduces support for discovering NAT64 prefixes as
specified in RFC 8781.
The key changes include:
- New `Nat64PrefixInfoOption`: A new `Nat64PrefixInfoOption` class is
added to represent the PREF64 option in ND messages. This handles
parsing the prefix and its lifetime from incoming RAs.
- `RxRaTracker` Enhancement: The `RxRaTracker` is updated to process
`Nat64PrefixInfoOption` from RAs. It now maintains a list of
discovered NAT64 prefixes from routers on the infrastructure link
and determines a "favored" prefix among them.
- `RoutingManager` Update: The `Nat64PrefixManager` is enhanced to
utilize the RA-discovered prefix.
- `test_routing_manager` Update: The `TestNat64PrefixSelection` is
updated to include cases with RA-discovered prefixes.
Adds a new state, `mInitialDiscoveryFinished`, to `RxRaTracker` to
track the completion of the initial router discovery (RS transmission)
process. A new method, `IsInitialRouterDiscoveryFinished()`, exposes
this state.
This new method replaces `IsRsTxInProgress()`, which previously
checked if any RS transmission was ongoing. The new model ensures
the initial discovery is tracked only once after `RxRaTracker`
starts, rather than every time RS messages are sent (e.g., due to
stale timer expiration).
Additionally, the `RoutingManager` now checks this state and ignores
incoming RS messages until the initial router discovery is complete.
This prevents the BR from replying to its own RS messages or sending
an RA prematurely with incomplete information before all routers
are discovered and decision factors are determined.
Multicast addresses with scope larger than `RealmLocal` are no longer
subject to the standard receive filter. They are passed directly to
the host callback, allowing delivery and forwarding by the host.
This fixes a scenario where a `Thread Border Router` receives a
larger-scope multicast from a `Thread Device`. Previously, if the
Border Router was listening on the same multicast address and port,
the receive filter could drop the packet, preventing it from being
forwarded to other interfaces.
This adds support for the TMF command to enable TCAT remotely. A test
is added that uses the 'UDP send' mechanism to send the new TMF
command to a target node.
Some fixes/additions to the test framework are made to support the new
test, including a new argument for udp_send() to send a specific byte
array and udp_rx() to receive data by a UDP client on a node.
This commit introduces a direct callback mechanism from `RxRaTracker`
to `MultiAilDetector` to signal changes in decision factors. This is
in preparation of future changes allowing `MultiAilDetector` to run
independently of `RoutingManager`.
Previously, `RxRaTracker` would signal `RoutingManager`, which in turn
would call `MultiAilDetector::Evaluate()`. This commit refactors this
interaction by adding a new `HandleRxRaTrackerDecisionFactorChanged()`
method to `MultiAilDetector`.
`RxRaTracker` can run independently of `RoutingManager`. Its stale timer
callback should check its own running state (`mIsRunning`) instead of
`RoutingManager`'s state.
This commit corrects the logic in `HandleStaleTimer()` to use the local
`mIsRunning` flag.
This commit introduces the `ChildUpdateResponseInfo` struct to
encapsulate parameters for sending "Child Update Response" messages.
The new struct holds the list of TLVs to include, the received
challenge, and the destination address.
Related methods such as `SendChildUpdateResponse()` are updated to use
the new struct. This simplifies the method signatures by reducing the
number of arguments and improves code clarity by grouping related
data.
Verifies that the peer and socket addresses in `Mle::HandleUdpReceive`
are link-local. This ensures that MLE messages are only processed
from link-local addresses, which is a requirement of the Thread
specification.
The P2P peer can be woken up using the wake-up identifier. The wake-up identifier
is included in the Connection IE. This commit implements methods to the Connection IE
and Frame to process wake-up identifier.
Adds two important notes to the main API documentation header to clarify
critical usage rules for all OpenThread APIs.
- The first note states that all API calls and callbacks must be
invoked from the same OS context (e.g., the same thread).
- The second note clarifies the behavior of output parameters when an
API call returns an error.
This change modifies the handling of incoming ICMPv6 ND messages on the
infrastructure interface. `InfraIf::HandledReceived()` now inspects the
message type and calls the appropriate handler directly.
- Router Advertisement (RA) and Neighbor Advertisement (NA) messages are
now passed directly to `RxRaTracker::HandleRouterAdvertisement()` and
`RxRaTracker::HandleNeighborAdvertisement()` respectively.
- The generic `RoutingManager::HandleReceived()` method is removed.
`RoutingManager` now only handles Router Solicit (RS) messages via
`RoutingManager::HandleRouterSolicit()`.
This simplifies code and gives `RxRaTracker` direct ownership of RA
and NA processing, which aligns better with its role of tracking
information from received RAs and allowing it to run independently of
the `RoutingManager`.
This change moves the `MultiAilDetector` class from being a nested
class within `RoutingManager` to its own dedicated `.hpp` and `.cpp`
files.
An instance of `MultiAilDetector` is now owned by the top-level
`Instance` class, making it a sibling component to `RoutingManager`
and other core components.
This is purely a code organization change and introduces no functional
or logic changes. This prepares for future changes where
`MultiAilDetector` may operate independently of `RoutingManager`.
This change introduces a mechanism to control the `RxRaTracker` from
multiple sources.
A new method `RxRaTracker::SetEnabled()` is added, which accepts a
`Requester` enum. The tracker now maintains separate enable flags for
each requester (e.g., `RoutingManager`).
The `RxRaTracker` will start only when at least one requester has
enabled it AND the infrastructure interface is initialized and running.
It stops when all requesters have disabled it or when the interface
goes down.
The `Start()` and `Stop()` methods are now private, managed by a new
`UpdateState()` method to centralize the state logic. `InfraIf` is
updated to notify `RxRaTracker` of state changes.
This commit adds fake implementations for OT dnssd platform APIs.
The background is that I'm trying to enable the OT Dnssd Server
functions (Discovery Proxy) in ot-br-posix by default. Once it's
enabled, `openthread-ftd` needs implemenation of dnssd platform
APIs. To make some unit tests (in ot-br-posix) build successfully,
these fake implementations are required.
Introduces a new private method `Mle::SendChildUpdateRejectResponse()`
to consolidate the logic for sending a reject response to a
"Child Update Request".
This new method creates a response containing the Source Address TLV,
Status TLV, and (if applicable) Response TLV.
The new method is now used in `Mle::HandleChildUpdateRequestOnChild()`
when the device is not a parent of the sender, and in
`Mle::HandleChildUpdateRequestOnParent()` when a request from an
unknown child is received. This change removes duplicated code from
both locations.
The macro MBEDTLS_SSL_EXPORT_KEYS is added to OT in PR #7025, it is used to
ensure mbedtls_ssl_key_export_type is defined. However, the macro
MBEDTLS_SSL_EXPORT_KEYS has been removed from the mbedtls since mbedtls-3.1.0.
If developers use external mbedtls repo with version 3.1.0 or higher
versions, and missed to define MBEDTLS_SSL_EXPORT_KEYS, it will cause
the KEK won't be set to the KeyManager.
This commit checks whether the mbedtls version is equal to or higher than
3.1.0 to ensure mbedtls_ssl_key_export_type is defined.
Ensure the same challenge is used for all "Child Update Request"
messages sent to the parent while trying to restore the previous
child role.
The challenge is now generated once when the child role restoration
process starts in `PrevRoleRestorer::Start`. This prevents a
situation where a new challenge from a retry could invalidate a
delayed but valid response from the parent that contained the
previous challenge.
Add `OT_BORDER_ROUTING_DHCP6_PD_MIN_LIFETIME ` cmake build option, to
allow customizing the dhcpv6 pd client's minimum lifetime requirement
for different network environments or testing scenarios.
The application of the P2P module may only record the P2P peer's
link-local address for communication. This commit adds an API to
convert the peer's link-local unicast address to the peer's extended
address for tearing down the P2P link.
Adds CLI related configs within the Nexus test build
(`openthread-core-nexus-config.h`) to support fuzz testing of
the CLI module.
The following configurations are added:
- `OPENTHREAD_CONFIG_CLI_MAX_LINE_LENGTH` is increased to 800 to
handle potentially long input strings generated by the fuzzer
without truncation.
- `OPENTHREAD_CONFIG_CLI_LOG_INPUT_OUTPUT_ENABLE` is enabled to log all
input and output through the CLI. This is helpful for debugging
and analyzing fuzzer-generated logs.
This change moves the management of the infrastructure interface state
out of the `RoutingManager` and centralizes it within the `InfraIf`
class. This makes `InfraIf` a more self-contained component and
simplifies the logic in `RoutingManager`.
The `RoutingManager` now depends on an initialized `InfraIf`. Its
`Init()` method is simplified and is now called from
`InfraIf::Init()`.
The public API `otBorderRoutingInit()` now directly initializes the
`InfraIf`. The `InfraIf::Init()` method is updated to support
re-initialization, allowing to switch to a new interface. When
switching, it ensures that components on the previous interface are
stopped before restarting on the new one.
After the P2P link is established, the P2P peer's extended address is
returned as the P2P handle. This commit adds an API to convert the
peer's extended address to the peer's link-local unicast address.
Li Cao