This commit completely removes the local Domain Unicast Address (DUA)
registration feature flag (OPENTHREAD_CONFIG_DUA_ENABLE) and all of
its associated implementation, public APIs, CLI commands, Spinel
property handlers, and certification tests.
Thread 1.2 FTD Border Router/Router DUA proxying features for MTD
children (OPENTHREAD_CONFIG_TMF_PROXY_DUA_ENABLE) are preserved and
updated to only compile/instantiate components when proxy DUA
features are active.
Detailed Changes:
- Remove default definition of OPENTHREAD_CONFIG_DUA_ENABLE from
misc.h.
- Remove OT_DUA and openthread_config_dua_enable from CMake/GN
configs.
- Remove otThreadSetFixedDuaInterfaceIdentifier and
otThreadGetFixedDuaInterfaceIdentifier from
include/openthread/thread.h
and implementation src/core/api/thread_api.cpp.
- Remove CLI DUA interpreter from src/cli/cli.cpp.
- Remove SPINEL_CAP_DUA capability and SPINEL_PROP_THREAD_DUA_ID
Spinel property handlers and dispatchers from NCP.
- Strip local DUA management features (conflict checking, SLAAC DUA
interface identifiers, and dad info settings) from DuaManager, MLE,
Address Resolver, and settings.
- Clean up Notifier, TimeTicker, and TMF dispatcher guards.
- Clean up -DOT_DUA=ON compilation flags across build/test scripts.
- Delete obsolete DUA certification tests:
- v1_2_test_domain_unicast_address
- v1_2_test_domain_unicast_address_registration
- v1_2_test_dua_handle_address_error
This commit renames several methods in `Ip6::Address`,
`Ip6::InterfaceIdentifier`, `Ip6::Prefix`, and `Ip4::Address` that
fully initialize the object from `Set...()` to `Init...()`.
This creates a clear semantic distinction in the API:
- `Init...()`: Fully (re-)initializing the object.
- `Set...()`: Modifies a specific property or a sub-component of
the object (e.g., `SetPrefix()`, `SetLocator()`,
`SetSubnetId()`).
Some examples of renames include:
- `SetFromExtAddress()` -> `InitFromExtAddress()`
- `SetToLocator()` -> `InitAsLocator()`
- `SetToLinkLocalAddress()` -> `InitAsLinkLocalAddress()`
- `SetToRoutingLocator()` -> `InitAsRoutingLocator()`
- `SetToAnycastLocator()` -> `InitAsAnycastLocator()`
- `SetToIp4Mapped()` -> `InitAsIp4Mapped()`
All calls to these methods across the codebase have been updated
to reflect the new names.
This commit renames the `NetworkDiagnostic` namespace in `src/core/thread/`
and its related types to `NetDiag` for brevity. It updates the
corresponding filenames and header guards as well.
This commit removes all code, configurations, APIs, and tests related
to the OPENTHREAD_CONFIG_BACKBONE_ROUTER_DUA_NDPROXYING_ENABLE feature.
Specifically, the following changes were made:
- Removed DUA ND Proxying Backbone Router configuration option and the
related OPENTHREAD_CONFIG_NDPROXY_TABLE_ENTRY_NUM definition.
- Removed CLI commands: `bbr mgmt dua` and the proactive backbone
notification fake command `/b/ba`.
- Removed NdProxyTable and bbr_manager DUA ND Proxying implementation.
- Removed public/internal APIs for ND Proxying and proactive backbone
notifications.
- Deleted ndproxy_table source files and unit tests.
- Simplified CMake and GN build files to remove deleted targets.
This commit updates Tmf::Agent::Filter to require link-layer security
for all incoming TMF requests.
Thread Management Framework (TMF) messages are used for network
management and configuration. The Thread specification requires that
all TMF messages be secured. While individual handlers often have
specific checks, enforcing this at the TMF Agent level provides a
consistent security layer for all TMF traffic.
For most TMF messages, security is provided by the Network Key. For
commissioning-related messages (like Joiner Entrust), security is
provided by the Key Encryption Key (KEK). In all cases, a valid TMF
message must have link-layer security enabled.
This change prevents unauthenticated attackers from sending unsecured
TMF messages to manipulate network state or configuration.
This commit updates the central CoAP resource handlers in TMF agents
(`Agent::HandleResource`, `BackboneTmfAgent::HandleResource`, and
`Manager::CoapDtlsSession::HandleResource`) to verify that the
incoming request method is a POST request. If the URI is recognized
but the method is not POST, a `kCodeMethodNotAllowed` response is
now sent.
Since all TMF requests are now guaranteed to be POST requests before
reaching their specific handlers, the `IsPostRequest()` checks in
individual handlers are removed. Additionally, the
`IsConfirmablePostRequest()` and `IsNonConfirmablePostRequest()`
helper methods in `Coap::Message` are removed and their usages are
simplified to `IsConfirmable()` and `IsNonConfirmable()` in the
respective handlers.
This commit removes the standalone `AnnounceBeginClient`,
`EnergyScanClient`, and `PanIdQueryClient` classes, integrating their
methods and TMF message handlers directly into the
`MeshCoP::Commissioner` class.
Since these client classes contained minimal state and primarily
served as simple wrappers for sending specific requests and handling
callbacks, merging them into the main `Commissioner` class simplifies
the architecture, removes unnecessary auxiliary classes, and shrinks
the overall codebase size.
This commit introduces new helper methods in the `Tmf::Agent` class
(`SendMessageTo()`, `SendMessageToRloc()`, `SendMessageToLeaderAloc()`,
and `SendMessageAllowMulticastLoop()`) to simplify the transmission of
TMF messages.
Previously, callers of `Tmf::Agent::SendMessage()` were required to
manually configure a `Tmf::MessageInfo` object with the appropriate
socket and peer address information before sending a message. This led
to repetitive code across the various modules utilizing TMF.
By incorporating these address resolution and message info preparation
steps directly into `Tmf::Agent`, this change significantly reduces
boilerplate code. All existing calls to `SendMessage()` have been
updated to use the new flavors.
This commit updates `Ip6::Address` to expose `static` getter methods for
common multicast addresses (e.g., `GetLinkLocalAllNodesMulticast()`)
as public API.
Consequentially, the wrapper `SetTo...` and `Is...` methods for these
multicast addresses are removed. Callers are updated to use the
`static` getters directly. This change simplifies usage by allowing
direct access to the constant address instances, often eliminating
the need for local `Ip6::Address` variables.
This commit introduces the Border Agent Admitter feature , which
enhances Thread MeshCoP.
A Border Admitter is an enhanced Border Agent that functions as a
traditional BA while enabling new behaviors. It acts as a proxy and
dispatcher, allowing multiple external Enrollers to connect to it. It
then petitions to become the single Active Commissioner on the Thread
mesh, forwards new joiner requests to connected Enrollers, and
manages the session between joiners and multiple Enrollers
The implementation includes three main components:
- `Admitter`: The main class that orchestrates the feature, managing
enroller sessions and aggregating steering data.
- `Arbitrator`: A distributed election mechanism that runs among
Border Admitters on the mesh to select a single "Prime Admitter" by
publishing a new Border Admitter service in the Thread Network
Data.
- `CommissionerPetitioner`: A sub-component responsible for
petitioning the Leader to be granted the commissioner role. It
handles conflicts if another commissioner is already active.
New public APIs are added in `openthread/border_agent_admitter.h`.
This commit also introduces a suite of comprehensive tests for the
Border Admitter functionality under the `nexus` test framework. It
covers various scenarios including:
- Prime Admitter election and role management
- Enroller registration, keep-alive, and timeout interactions
- Handling of commissioner conflicts and petitioner retry mechanisms
- Support for multiple enroller sessions and combined steering data
- Forwarding of Joiner `RelayRx` and `UdpProxy` messages
- Joiner acceptance, release, and expiration tracking
This commit updates the `CoapBase::Interceptor` function pointer type
to accept `const Msg &` instead of separate `const Message &` and
`const Ip6::MessageInfo &` arguments. It also reorders the `void *`
to match other CoAP callbacks.
Implementations in `BackboneTmfAgent::Filter` and `Agent::Filter`
have been updated to match the new signature.
This commit introduces `Coap::Msg`, a class that encapsulates
`Coap::Message` and its associated `Ip6::MessageInfo`.
`Coap` methods and TMF resource handlers are updated to use
`Coap::Msg` when handling received messages. This change simplifies
method signatures by reducing the number of parameters and enables
future extensibility for tracking additional information related to
received CoAP messages.
This commit introduces a client/server mechanism to the History
Tracker module. This allows a device to query history information
from another device over the Thread network using TMF messages.
The new functionality is composed of three main parts:
- Server (`HistoryTracker::Server`): This component is responsible for
handling incoming TMF query requests (`h/qy`). It collects the
requested local history entries (e.g., Network Info), formats them
into TLVs, and sends them back to the requester in one or more TMF
answer messages (`h/an`). It can fragment large responses into
multiple messages.
- Client (`HistoryTracker::Client`): This provides a new public API
(`otHistoryTrackerQueryNetInfo`) to send a query to a remote
device. It handles sending the request and processing the received
answer(s), passing the retrieved history entries to the user via a
callback. A function to cancel an ongoing query
(`otHistoryTrackerCancelQuery`) is also added.
- TLVs (`history_tracker_tlvs`): New TLVs are defined for the
query/answer protocol, including `RequestTlv` to specify the query
parameters, `AnswerTlv` to manage multi-message responses,
`NetworkInfoTlv` to carry the data, and `QueryIdTlv` to correlate
requests and responses.
A new CLI command, `history query netinfo`, is added to use the new
client API. The existing `history netinfo` output logic is refactored
into helper methods to be shared by both the local and remote history
commands.
The new feature can be enabled/disabled using two new configuration
flags:
- `OPENTHREAD_CONFIG_HISTORY_TRACKER_SERVER_ENABLE`
- `OPENTHREAD_CONFIG_HISTORY_TRACKER_CLIENT_ENABLE`
This adds support for the TMF command to enable TCAT remotely. A test
is added that uses the 'UDP send' mechanism to send the new TMF
command to a target node.
Some fixes/additions to the test framework are made to support the new
test, including a new argument for udp_send() to send a specific byte
array and udp_rx() to receive data by a UDP client on a node.
This change reorganizes the `BorderAgent` related classes into a new
`MeshCoP::BorderAgent` namespace to improve code structure and clarity.
The following changes are included:
- `MeshCoP::BorderAgent` class is renamed to `Manager` and placed
within the new `MeshCoP::BorderAgent` namespace.
- `MeshCoP::BorderAgentTracker` is renamed to `Tracker` under the
new namespace.
- `EphemeralKeyManager` is moved from being a nested class in
`BorderAgent` to `MeshCoP::BorderAgent::EphemeralKeyManager`.
- `EphemeralKeyManager` is now a direct member of the `Instance` class,
simplifying accessing it.
All related calls and test files are updated to reflect these
changes.
This commit refactors the `Mle` modules and combines the `MleRouter`
and `Mle` classes into a single `Mle` class which now handles both
FTD and MTD functionalities.
The `MleRouter` and `Mle` classes were originally intended as
sub-classes, where the base class `Mle` would provide MTD and common
behaviors, and `MleRouter` would implement FTD-specific behaviors.
However, over the years and as new features were implemented, these
two classes became more intertwined, and the `Mle` class began to
include many FTD-related functions and interactions with `MleRouter`
private variables and methods.
This commit simplifies the code by combining the two into a single
class. The previous `mle_router.cpp` file is also renamed to
`mle_ftd.cpp` to indicate that it implements FTD-specific MLE
behaviors.
This commit updates `SecureTransport` to support multiple
`SecureSession`s on the same transport. The transport tracks a list
of sessions that it owns and manages. Two new callbacks are
introduced:
- `AcceptCallback`: Used to accept a new connection request, providing
the `SecureSession` instance to use (passing ownership of the
session to the transport).
- `RemoveSessionCallback`: Signals that a session is removed,
releasing ownership of the session.
`BorderAgent`, `Tmf::SecureAgent`, and `ApplicationCoapSecure` are
updated to adopt the new model.
This commit also updates the Nexus `test_dtls`, adding
`TestDtlsMultiSession` to validate multiple session support
behavior.
This commit updates `BorderAgent` to utilize its own DTLS `Transport`
and CoAP `SecureSession`, separating it from the shared
`Tmf::SecureAgent` used by `Commissioner` and `Joiner` modules. This
change enables future support for multiple sessions within
`BorderAgent`.
This commit introduces the `Dtls::Transport` and `Dtls::Session`
classes, separating session-related functions from transport-related
behaviors. It also introduces the `Coap::SecureSession` class, which
handles CoAP processing over a DTLS session. This simplifies the code
by allowing `Coap::SecureSession` to inherit many of its methods from
`Dtls::Session`, avoiding repetition. It also separates CoAP-specific
message processing from transport-related functionality.
`Tmf::SecureAgent` and `ApplicationCoapSecure` are updated to act as
both a `Dtls::Transport` and a single `Coap::SecureSession`.
This commit updates `SecureTransport`. It introduces the `Extension`
class within `SecureTransport`, providing support for additional
cipher suites and related methods to configure the ciphers
(e.g., `SetPreSharedKey()`, `SetCertificate()`).
This class decouples this functionality from the common
`SecureTransport` object, allowing it to be added to any class.
Classes like `ApplicationCoapSecure` or `BleSecure` can inherit from
`Extension` to provide these methods. An `Extension` is then
associated with a `SecureTransport` (or any of its subclasses). This
approach ensures that only instances requiring extended cipher suite
support incur the associated memory cost and avoid repeated code.
This commit also introduces `Dtls`, `DtlsExtended`, and `Tls` as
subclasses of `SecureTransport` for easier use by other modules.
This commit introduces `kNetifThreadInternal` as a network interface
option for UDP sockets. Unlike other options, this disallows the use
of platform UDP for the socket, indicating that the socket should use
the OpenThread internal Thread network interface only.
This model replaces the previous approach where `ShouldUsePlatformUdp()`
would check the socket port against a set of port numbers used by
different modules (such as MLE, TMF, Joiner Router, etc) to determine
whether platform UDP APIs should be used. With the new model, each
module decides whether to associate its socket with the
`kNetifThreadInternal`.
This is a more flexible and extensible model, ensuring that sockets
that should not use the platform do not waste resources (they will
not be created or opened/closed on the platform). This also help
avoid edge cases where platform UDP operations may unintentionally
fail when the platform socket is not actually needed.
This commit refactors COAPS classes, renaming the `CoapSecure` class
as `CoapSecureBase`, which is the base class of `Tmf::SecureAgent`
and a newly added `ApplicationCoapSecure` class. This change
simplifies the code and class hierarchy and ensures that the
Application COAP secure related functions are only provided by
`ApplicationCoapSecure` and when the corresponding config feature
`OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE` is enabled.
This commit updates the `CoapSecure`, `Tmf`, and `SecureTransport`
modules to use the `LinkSecurityMode` enum and its defined constants
to indicate whether or not layer two security should be used. This
replaces the use of boolean input parameters with `kWithLinkSecurity`
or `kNoLinkSecurity` constants, improving code readability.
This commit removes unnecessary `#include` directives in core `cpp`
files that already include `instance.hpp`. The `instance.hpp` header
itself includes all necessary OT core headers and definitions as they
are contained within an `ot::Instance`.
This commit moves the locator `GetProvider::Get<Type>()` and its
related `Timer` and `Tasklet` methods to `instance.hpp`. With this
change we can remove `locator_getters.hpp` header fully thus
simplifying the code.
This commit adds `IsLinkLocalUnicastOrMulticast()` to `Ip6::Address`
to indicate whether the address is either a link-local unicast or a
link-local multicast address.
The existing `IsLinkLocal()` is renamed to `IsLinkLocalUnicast()` to
clarify its purpose and align its name with `IsLinkLocalMulticast()`
and the new method.
This commit enhances the generation of RLOC and ALOC addresses in the
`Mle` class.
Methods retrieving RLOC/ALOC addresses no longer return an `Error` and
are now `void`. The previous check for a valid `GetRloc16()` value,
which returned `kErrorDetach` if unset, is removed because this
scenario only occurred before the device's initial attachment.
Post-attachment, the RLOC16 remains valid even if the device is
detached. This change simplifies the code since RLOC/ALOC address
retrieval happens after the initial attachment.
Additional enhancements include:
- Changing the input parameter order in `GetCommissionerAloc()` to
match `GetServiceAloc()`.
- Using `Ip6::Address::SetToRoutingLocator()` to construct RLOC
addresses, harmonizing address generation and improving code
readability.
This commit renames the methods for retrieving mesh local addresses to
`GetMeshLocalRloc()` and `GetMeshLocalEid()` (from `GetMeshLocal16()`
and `GetMeshLocal64()`, respectively) to align with the terminology
used in the Thread specification. Member and local variables are also
renamed accordingly.
This commit introduces `Server` and `Client` classes breaking the
`NetworkDiagnostic` module into two components. The `Server` responds
to queries and requests (handling Net Diag TMF commands), while
`Client` issues queries/requests and processes responses. The
`Server` is available under both FTD and MTD (which follows the
requirement of Thread spec). The client is enabled using newly added
`OPENTHREAD_CONFIG_TMF_NETDIAG_CLIENT_ENABLE` config option which is
also available as `OT_NETDIAG_CLIENT` CMake option or the autoconf
build switch `NETDIAG_CLIENT`. The client functionality is by default
enabled on Border Routers (tied to `CONFIG_BORDER_ROUTING_ENABLE`
config).
The previous `TMF_NETWORK_DIAG_MTD_ENABLE` config is now removed
along with its CMake `OT_MTD_NETDIAG` and autoconf switch. This
commit adds checks to trigger build error if the previous config
and/or its related CMake option are used.
This commit adds new IPv6 header DSCP values which indicate a TMF
message priority. This allows intermediate routers forwarding TMF
message to be able to determine and use the TMF message priority that
originator of the message selects (e.g., address query/notification
use net-level priority whereas network diagnostics message use normal
priority). This replaces the previous behavior where on intermediate
routers all TMF messages were treated as net-level priority.
The new DSCP values are allocated from local codepoint range
`0bxxxx11` (per RFC 2474 - section 6). If the sender does not use
TMF-specific DSCP values, we use `kPriorityNet` as default on
intermediate router. This ensures that senders that are using older
code (do not use the new) experience the same behavior as before.
This commit adds a new class `Tmf::SecureAgent` as a sub-class of
`Coap::CoapSecure`. It also simplifies the handling of TMF URI
resources by secure agent (similar model as in `Tmf::Agent` added
in #8233.
This commit updates and simplifies the handling of TMF URI resources.
The new model centralizes the processing and dispatching of URI
handlers in `Tmf::Agent`. It should help reduce memory (RAM and
code) use as well.
- A new enumeration `Uri` type is defined specifying all the TMF
URIs along with functions to map between `Uri` and the related
URI path string.
- We use binary search in a sorted table to match a path string
(e.g., from a received CoAP message) to its corresponding URI.
- `Coap` class is updated to allow sub-classes to register an
optional `ResourceHandler` to handle URI resources.
- `Tmf::Agent` uses the new `ResourceHandler` to process the TMF URI
resources and invoke the related handlers on the proper module
(e.g., passing `kUriAddressQuery` to `AddressResolver` module,
`kUriActiveSet` to `MeshCoP::ActiveDatasetManager`, etc).
- The TMF handlers are defined as `HandleTmf<Uri>()` template method
specializations which are defined on the proper module.
- Most URI handlers can be processed at any time but some perform
additional checks, e.g., `kUriAddressSolicit` is passed to
`Mle::MleRouter` which checks that device role is leader before
processing the request.
This commit updates `Tmf::IsTmfMessage()` method to check source and
destination addresses. This change helps make this method more
generic(allow it to be used for both rx/tx messages). This commit
also simplifies the implementation (avoid using complex expression
containing multiple `&&` and `||`).
This commit adds new helper methods in `Coap` to allocate a new
message and initialize it as a confirmable or non-confirmable post to
a given URI path. It also adds a new helper method to allocate a CoAP
response message for a given request. These methods help simplify the
preparation of CoAP and TMF messages.
This commit adds `Tmf::MessageInfo` which is a sub-class of the
`Ip6::MessageInfo` class intended for use when sending TMF messages.
The peer port number is by default set to the TMF port from the
constructor. This class also provides helper methods for commonly
used patterns, e.g., source or `SockAddr` set to device's RLOC
address and/or the destination or `PeerAddr` set to leader ALOC or
RLOC, or a given address.
This commit adds a new core header files `common/error.hpp` which
defines `ot::Error` (mirroring `otError`) and `kError{Name}` constants
(mirroring the public `OT_ERROR_{NAME}` definitions). The new (C++
style) definitions are used by core modules. This commit also moves
`otThreadErrorToString()` (from `logging.hpp` to `error.hpp`) and
renames it to `ErrorToString()` which is used as the internal (to
core) function to covert an `Error` to a string.
Jonathan Hui