This commit completely removes the local Domain Unicast Address (DUA)
registration feature flag (OPENTHREAD_CONFIG_DUA_ENABLE) and all of
its associated implementation, public APIs, CLI commands, Spinel
property handlers, and certification tests.
Thread 1.2 FTD Border Router/Router DUA proxying features for MTD
children (OPENTHREAD_CONFIG_TMF_PROXY_DUA_ENABLE) are preserved and
updated to only compile/instantiate components when proxy DUA
features are active.
Detailed Changes:
- Remove default definition of OPENTHREAD_CONFIG_DUA_ENABLE from
misc.h.
- Remove OT_DUA and openthread_config_dua_enable from CMake/GN
configs.
- Remove otThreadSetFixedDuaInterfaceIdentifier and
otThreadGetFixedDuaInterfaceIdentifier from
include/openthread/thread.h
and implementation src/core/api/thread_api.cpp.
- Remove CLI DUA interpreter from src/cli/cli.cpp.
- Remove SPINEL_CAP_DUA capability and SPINEL_PROP_THREAD_DUA_ID
Spinel property handlers and dispatchers from NCP.
- Strip local DUA management features (conflict checking, SLAAC DUA
interface identifiers, and dad info settings) from DuaManager, MLE,
Address Resolver, and settings.
- Clean up Notifier, TimeTicker, and TMF dispatcher guards.
- Clean up -DOT_DUA=ON compilation flags across build/test scripts.
- Delete obsolete DUA certification tests:
- v1_2_test_domain_unicast_address
- v1_2_test_domain_unicast_address_registration
- v1_2_test_dua_handle_address_error
This commit fixes instances of "the the" typos found in various
files across the codebase, including documentation, headers, source
files, and test scripts.
This commit removes all code, configurations, APIs, and tests related
to the OPENTHREAD_CONFIG_BACKBONE_ROUTER_DUA_NDPROXYING_ENABLE feature.
Specifically, the following changes were made:
- Removed DUA ND Proxying Backbone Router configuration option and the
related OPENTHREAD_CONFIG_NDPROXY_TABLE_ENTRY_NUM definition.
- Removed CLI commands: `bbr mgmt dua` and the proactive backbone
notification fake command `/b/ba`.
- Removed NdProxyTable and bbr_manager DUA ND Proxying implementation.
- Removed public/internal APIs for ND Proxying and proactive backbone
notifications.
- Deleted ndproxy_table source files and unit tests.
- Simplified CMake and GN build files to remove deleted targets.
When cloning the ot-br-posix repository to run the Docker-in-Docker
integration tests, the clone was shallow and did not recursively
check out nested submodules (such as cJSON and cpp-httplib). This led
to build failures inside the Docker build container since libcjson
is not pre-installed on the base build image.
This commit resolves the issue by:
1. Appending the `--recurse-submodules` flag to the git-tool clone
calls in `otbr-posix-dind.yml` and `script/test`.
2. Updating `script/git-tool`'s destination directory parsing to
robustly handle multi-line output from recursive submodule
checkouts. The new pattern extracts the path exclusively from
the first line using `sed` to prevent SIGPIPE or parsing errors.
This commit adds support for IPv6 loopback address (::1) in the
simulation platform. When the local interface is set to the IPv6
loopback address, it uses the interface-local multicast group
(ff01::116) instead of the link-local group (ff02::116) for
node-to-node communication.
It also ensures that the `sin6_scope_id` is correctly set for the
loopback address in the transmission socket.
This commit removes the `android-ndk` platform support from the
`script/cmake-build` script and deletes the associated CI job from
the GitHub Actions workflow.
The `android-ndk` build was used to verify OpenThread compatibility
with the Android NDK. However, since OpenThread is now officially
included in the Android platform, maintaining a separate NDK-based
build in this repository is no longer necessary.
Changes:
- Remove `android-ndk` from `OT_PLATFORMS` in `script/cmake-build`.
- Remove NDK-specific configuration logic in `script/cmake-build`.
- Remove the `android-ndk` job from `.github/workflows/build.yml`.
The size.yml workflow used pull_request_target with git checkout
FETCH_HEAD, which replaced the entire working directory (including
scripts) with untrusted fork code. Since pull_request_target grants
a read/write GITHUB_TOKEN even from public forks, and the workflow
had no top-level permissions restriction, this allowed arbitrary
code execution with write access to the repository.
Fix by:
1. Adding top-level permissions: contents: read (consistent with
all other workflows in this repository).
2. Replacing `git checkout FETCH_HEAD` with a fetch-only approach
that passes the PR merge commit SHA via the OT_SHA_NEW environment
variable. The check-size script uses git-archive to extract code
by SHA, so it does not need the working directory to be switched.
This ensures ./script/check-size always runs from the base branch.
3. Updating check-size to accept OT_SHA_NEW from the environment,
falling back to git rev-parse HEAD when not set (preserving
existing behavior for push-triggered and local runs).
Currently, the `run_cert()` function in `run_cert_suite.py` invokes
test scripts using `subprocess.check_call()` without a timeout. This
can cause the test suite to hang indefinitely if a test script fails
to terminate.
This commit updates `run_cert_suite.py` to support a configurable
`--timeout` argument. It passes this timeout to `check_call()` and
handles `subprocess.TimeoutExpired` to log failure and print output
upon timeout.
Additionally, this commit updates `script/test` to pass the
`TEST_TIMEOUT` environment variable to the test runner and updates
GitHub workflow configurations to define specific timeout values for
various test jobs.
When `OPENTHREAD_CONFIG_REFERENCE_DEVICE_ENABLE` is active, this
change mandates that the vendor name string MUST begin with the "RD:"
prefix. This ensures that reference devices are clearly and
consistently identifiable through network diagnostic queries.
The enforcement is applied at two levels:
- A compile-time `static_assert` is added to validate the default
`OPENTHREAD_CONFIG_NET_DIAG_VENDOR_NAME` at build time. This uses a
new `constexpr` helper utility `CheckConstStringPrefix()`.
- A runtime check is added to `otThreadSetVendorName()`, which will
now return `OT_ERROR_INVALID_ARGS` if an invalid name is provided
on a reference device build.
All related test configurations (`scan-build`, `toranj`, `nexus`) and
CLI tests are updated to reflect this new requirement and validate
it.
This change updates the netlink message handling for the infra link on
the POSIX platform to be more robust and efficient for `RTM_NEWLINK`
and `RTM_DELLINK` messages.
The logic for handling infra index changes is:
1. On `RTM_DELLINK`, the code verifies `ifinfo->ifi_index` is for the
currently infra index `mInfraIfIndex`.
2. On `RTM_NEWLINK`, it identifies the infra by its name
`if_indextoname(ifinfo->ifi_index)` and updates `mInfraIfIndex`.
This commit introduces a new script `update-header-guards.py` which
checks for the presence of header guards in `.h` and `.hpp` files and
automatically updates them, standardizing the header guard name format
across the codebase.
The new format for header guards is derived from the full path of the
file. For example, `src/core/common/notifier.hpp` will use
`OT_CORE_COMMON_NOTIFIER_HPP_`. The guard name includes additional
prefixes such as `OT_` or `OPENTHREAD_` to ensure uniqueness.
This new naming format handles cases where the same filename may be used
in different folders, such as the two `heap.hpp` files located in
`src/core/common` and `src/core/utils`.
It also ensures that public and platform OpenThread headers under
`include/openthread` have uniquely distinct header guard names to avoid
conflicts when these headers are included in other projects.
The new script helped identify issues with existing header files that
lacked header guards (e.g., `posix/system.hpp`) or had improper guards
(e.g., `openthread/link_metrics.h`).
This commit also introduces a new check script `check-header-guards` to
validate that all header guards are correctly formatted. This check is
added to the GitHub CI actions to ensure consistency moving forward.
All existing header files have been updated (using the new script)
to apply the new guard name format.
This commit enhances the build process by introducing a mechanism to
automatically clean intermediate build artifacts. Specifically, it
configures the build script to remove object and archive files, a
process that is conditionally activated, primarily within GitHub
Actions workflows, to optimize build environments and manage disk
space more efficiently.
This commit disables Discovery Proxy in otbr Backbone CI.
Because in this item, `BORDER_ROUTING` is explicitly disabled and it
is required by OT discovery proxy.
This commit removes `"-DOTBR_DNS_UPSTREAM_QUERY=ON"` in build script
because this option will automatically handled in the cmake options
file and it also depends on BORDER_ROUTING. Force it to be ON will
cause a conflict when BORDER_ROUTING is OFF.
This commit changes the mbedtls repo in openthread from source code to
git submodule.
This makes it easier for mbedtls version upgrade. This PR doesn't
upgrade the mbedtls version. v.3.6.0 is stil used to ensure nothing is
broken. The original OT specific build files (BUILD.gn, CMakeLists.txt
and config) are kept and unchanged. I've verified that the headers and
sources in the list of BUILD.gn are correct.
Since llvm-19, if we use package manager to install it, the minor
versions could be different. This commit standardizes the version on
linux to 19.1.7. This version is the same as the one installed by
homebrew.
We just updated the version from 14 to 16. But very unfortunately
clang-format-16 was just deprecated recently. So this time we update
the version to the latest available one. There are newer releases than
19 (like 20) but as I tested, sudo apt-get install -y clang-format-19
can work while 20 doesn't work.
misc-include-cleaner in clang-tidy-19 exerts a very strict check which
requires to directly include all headers for every symbols in the
source file. However in our current code we intentionally use some
indirect include. So this commit disables misc-include-cleaner.
This commit contains various enhancements to the `Otns` class:
- Makes `Otns` methods non-static. This aligns their use with the
clang-tidy `readability-static-accessed-through-instance` check,
which disallows accessing static methods through an instance.
- Updates the `make-pretty` script to enable OTNS and include it in
`clang-tidy` checks.
- Adds a stub implementation of `otPlatOtnsStatus()` in the simulation
and fake platforms. This allows the OTNS feature to be enabled in
`make-pretty` builds and covered by GitHub Action CI checks.
- Simplifies the `EmitStatus` methods to use the `String` class for
constructing the status string.
- Adds a new helper method to construct the CoAP status string,
removing duplicated code.
It would be easier to use OpenThread public headers if they are
self-contained and follows the IWYU style guide. This commit fixes some
style issues to make the public headers self-contained and IWYU. The
existing pretty check is also extended to verify the OpenThread public
headers are self-contained and follows IWYU.
This commit adds "Fast Start Mode" feature for SRP server. This
feature is designed for scenarios where a device, often a mobile
device, needs to act as a provisional SRP server (e.g., functioning
as a temporary Border Router). The SRP server function is enabled
only if no other Border Routers are already providing the SRP
service within the Thread network. A common use case is a mobile
device joining a Thread network where it may be the first, or only,
BR. Importantly, Fast Start Mode allows the device to quickly start
its SRP server functionality upon joining the network, allowing other
Thread devices to quickly connect and register their services without
the typical delays associated with standard Border Router
initialization and SRP server startup (using NetData Publisher).
This commit changes the installation of socat from using 'apt' to
manual installation.
We found the latest socat version 1.8.0.3 has an issue when running
with OTBR docker. To avoid the error caused by version and facilitate
local development, the commit provides a script to install socat of
version 1.7.4.4 and replaces the installation in CI and scripts..
We add the install script in openthread and ot-br-posix will use the
script in openthread to install socat.
This simplifies doing local check by enhancing the script to accept
extra cmake options and specifying the commit to compare.
Example usage:
```bash
OT_SHA_OLD=e4a390f34 ./script/check-size nrf52840 -DOT_FULL_LOGS=ON
```
This commit adds a new IDLE state to PdPrefixManager.
PdPrefixManager enters idle state when PD is enabled and there is
already a BR requesting PD prefix. When there are multiple BRs
publishing PD prefix at the same time, the one with lexcial smaller
prefix wins.
1. Add OT_WAKEUP_COORDINATOR and OT_WAKEUP_END_DEVICE build
options.
2. Add support for parsing and constructing 802.15.4
Multipurpose frames.
3. Add support for parsing and constructing wake-up
frames.
This commit updates the default Thread version to 1.4, so that most
latest features will be enabled by default. This commit also explicitly
enable the epskc feature just like other features in the build script.
This implementation will be used on all platforms for NCP nodes
(simulation, any vendor platforms). However the simulation platform
already has a different implementation. To avoid conflicts, the commit
adds a control flag in simulation config so that we can choose whether
to enable the simulation implementation.
This commit adds default paths for expect scripts to make it easier for
running expect scripts. With this change, we can run expect tests as
follows:
```bash
./script/cmake-build simulation
./script/cmake-build posix
./tests/scripts/expect/cli-ping.exp
OT_NODE_TYPE=rcp ./tests/scripts/expect/cli-ping.exp
```
This commit also updates an existing test to cover the change.
Jonathan Hui