This commit introduces helper methods to `MeshCoP::Dataset` to determine
if a given Dataset affects network connectivity or the Network Key.
It also adds a corresponding public API `otDatasetAffectsConnectivity()`.
A Dataset is considered to affect connectivity if it contains a
different Channel, PAN ID, Mesh Local Prefix, or Network Key than
the current values in use.
`Mle::AnnounceHandler::HandleAnnounce` previously executed the
`kAnnounceAttachAfterDelay` action on an attached node even when
the announced channel and PAN ID already equaled the current MAC
parameters. The `!channelAndPanIdMatch` guard was only consulted
in the `IsDetached()` branch. For an attached node this scheduled
`StartAnnounceAttach`, which calls `Stop()` then `Start()` with
the same channel/PAN ID -- accomplishing nothing while disrupting
attached children.
This causes an endless role flap in a topology where two FTDs
share channel, PAN ID, and network credentials but hold different
Active Dataset Timestamps, and where their RF link is too weak to
merge partitions (Advertisements rejected with LinkMarginLow at
`mle_router.cpp`). Each side restarts on every Announce received
from the higher-timestamp peer; the reactive `kSendAnnouceBack`
path further amplifies this because the lower-timestamp side's
own outgoing Announces draw Announce responses from the peer.
Apply the channel/PAN ID match guard unconditionally in
`kAnnounceAttachAfterDelay`. Mirror it on the FTD
`kSendAnnouceBack` path (matching the existing `isFromOrphan`
behavior) so peers sharing MAC parameters are not prompted to
migrate to the channel/PAN ID they already use.
Add `addon_test_announce_no_flap_on_unmergeable_partitions.py`
which builds the topology above and asserts that both nodes
retain their original partition IDs across a 20-minute simulated
window. Without this change the lower-timestamp node is
repeatedly demoted from leader during that window.
This commit moves the state and logic for managing the maximum number
of IP addresses per child from `Mle` to `ChildTable`. The logic for
checking the limit is also moved to the `Child` class itself.
This change better encapsulates the child table properties.
This commit updates the DHCPv6 Prefix Delegation (PD) client to
comply with RFC 9915, which obsoletes the Server Unicast option
(Option 12) and the UseMulticast status code.
Changes:
- Removed `mServerAddress` and `ProcessServerUnicastOption()` from
`Dhcp6PdClient`.
- Modified `Dhcp6PdClient::SendMessage` to always transmit via
multicast to `ff02::1:2`.
- Removed `UseMulticast` status code handling in `HandleReply()`.
- Added `otMessageFree` weak stub in simulation platform's
`infra_if.c` to resolve linking errors on simulation radio-only
targets when DHCPv6 PD client is enabled.
- Updated `test_dhcp6_pd_client.cpp` to expect multicast and
removed the obsolete UseMulticast test case.
This commit updates `MacCountersTlv` and `MleCountersTlv` to use the
`SimpleTlvInfo` template. The original classes are replaced with
`MacCountersTlvValue` and `MleCountersTlvValue` which only represent
the TLV values. This helps simplify the TLV parsing and appending
logic and more importantly allows the TLV value formats to be
reused.
This commit extends the `BitSet` class with several new
methods:
- `CountElements()`
- `IsSubsetOf()` and `IsSupersetOf()`
- `Complement()`
- `UnionWith()`, `IntersectWith()`, and `SubtractWith()`
- `SetMask()`, `AppendTo()`, and `ReadFrom()` message.
This commit also introduces a new `BitSetUtils` non-template base class
for the `BitSet<kNumBits>` template class. This change helps optimize
code by moving the common implementation logic for various bit
manipulation operations out of the template, reducing template
instantiation overhead.
This commit refactors the Nexus tests configuration in CMakeLists.txt
by properly classifying and sorting test cases:
- Moved `inform_previous_parent_on_reattach` from the "Cert tests"
section to the "Misc tests" section, and changed its label from
"cert;nexus" to "core;nexus".
- Moved `retransmission_security` from the "Cert tests" section
to the "Misc tests" section where it belongs (retaining its
"core;nexus" label) and sorted it alphabetically.
These changes ensure the CMake file remains clean and the tests are
properly categorized.
This commit removes the thread-cert/backbone tests and cleans
up all related configurations and references.
Specifically, the following changes are made:
- Deleted tests in tests/scripts/thread-cert/backbone/
- Removed the backbone-router job from .github/workflows/otbr.yml
- Removed backbone-router dependency from upload-coverage job
- Removed setup, cleanup, and checks for backbone tests in
tests/scripts/thread-cert/run_cert_suite.py
This commit removes the `avahi` mDNS configurations from the
`thread-border-router` job matrix in the OpenThread Border Router
(`otbr.yml`) workflow.
With this change, the `thread-border-router` integration tests will
exclusively run using the `mDNSResponder` configuration.
This commit renames the `NetworkDiagnostic` namespace in `src/core/thread/`
and its related types to `NetDiag` for brevity. It updates the
corresponding filenames and header guards as well.
When a sleepy end device (where `Mle::IsRxOnWhenIdle()` returns
false) sends an MLR request, it initiates fast data polls via
`DataPollSender::SendFastPolls()` to quickly receive the response.
This commit updates `Manager::HandleResponse()` to call
`DataPollSender::StopFastPolls()` when the MLR response is processed
by a sleepy end device. This ensures that the device does not
unnecessarily continue fast polling.
Retransmissions of frames containing time-dependent header Information
Elements (IEs), such as CSL or Time Sync, require updates to these
IEs to reflect the exact time of sending. If the frame counter is not
incremented for these retransmissions, it leads to nonce reuse in
AES-CCM encryption, which is a security vulnerability.
This commit addresses this issue by ensuring that every transmission
attempt (initial or retry) uses a fresh frame counter:
- Deferred security processing from `SubMac::Send()` to
`SubMac::BeginTransmit()`.
- Upon retransmission in `SubMac::HandleTransmitDone()`, the frame is
restored to plaintext via `TxFrame::DecryptTransmitAesCcm()` and
security flags are cleared.
- This allows time-dependent IEs to be updated and a new frame counter
to be assigned for every attempt.
Added a Nexus test case `retransmission_security` to verify that both
CSL and standard MAC retransmissions use incrementing frame counters
and updated CSL phases.
This commit introduces a structured state machine to `Mlr::Manager` to
coordinate Multicast Listener Registration (MLR) activities more
efficiently. The previous implementation relied on independent delay
variables and the global `TimeTicker`, which could lead to redundant
or premature registrations, especially when a Primary Backbone Router
(PBBR) was newly discovered or updated.
The new state machine (`kStateStopped`, `kStateIdle`,
`kStateToRegisterAll`, `kStateRegistering`, `kStateRegistered`,
`kStateNewAddrToRegister`) provides explicit transitions for the
entire MLR lifecycle. This ensures that registrations are properly
aggregated and that periodic renewals are correctly rescheduled after
successful out-of-band registrations.
Additionally, the manager now uses a dedicated `TimerMilli` instead of
`TimeTicker`, reducing system-wide overhead and providing more
precise timing control.
Per RFC 9664, the UL option is always included in a success response (RCODE=0).
Comment in test_srp_server is updated also to avoid suggesting the opposite.
This commit introduces a new set of template-based APIs for
non-cryptographic random number generation in the `Random::NonCrypto`
namespace. These new methods provide a cleaner, type-safe, and more
robust interface compared to the previous methods.
Key additions:
- `Generate<UintType>()`: Returns a random value of the given
unsigned integer type (`uint8_t`, `uint16_t`, or `uint32_t`).
- `GenerateUpToExcluding<UintType>(aMax)`: Returns a random value in
the range `[0, aMax)`.
- `GenerateFromMinUpToExcluding<UintType>(aMin, aMax)`: Returns a
random value in the range `[aMin, aMax)`.
- `GenerateInClosedRange<UintType>(aMin, aMax)`: Returns a random
value in the closed range `[aMin, aMax]`.
The introduction of `GenerateInClosedRange` is an improvement as it
safely handles ranges up to the maximum value of the integer type
(e.g., `0xffff`) without the risk of overflow.
All call sites across the OpenThread core stack and tests have been
updated to adopt these new APIs. The public `otRandomNonCrypto`
functions are also updated to leverage the new internal methods.
Doxygen documentation is added for all new template methods,
detailing their behavior, including edge cases where the upper bound
is smaller than or equal to the lower bound.
This commit refactors various unit tests to use `constexpr` for
defining constants instead of anonymous `enum` types.
Using `constexpr` is the modern and preferred approach in C++, as it
provides explicit types for constants and improves code clarity and
type safety.
This commit fixes minor coding style issues in
`RoutingManager::RoutePublisher::StateToString()`. It adds a missing
semicolon after the `DefineEnumStringArray()` macro and corrects the
indentation of the return statement.
This commit makes `Tlv::AppendTlvHeader()` public and updates call
sites to use it. This method automatically handles the formatting
of the TLV header as either a standard TLV header or an extended one
based on the provided length.
This commit removes all code, configurations, APIs, and tests related
to the OPENTHREAD_CONFIG_BACKBONE_ROUTER_DUA_NDPROXYING_ENABLE feature.
Specifically, the following changes were made:
- Removed DUA ND Proxying Backbone Router configuration option and the
related OPENTHREAD_CONFIG_NDPROXY_TABLE_ENTRY_NUM definition.
- Removed CLI commands: `bbr mgmt dua` and the proactive backbone
notification fake command `/b/ba`.
- Removed NdProxyTable and bbr_manager DUA ND Proxying implementation.
- Removed public/internal APIs for ND Proxying and proactive backbone
notifications.
- Deleted ndproxy_table source files and unit tests.
- Simplified CMake and GN build files to remove deleted targets.
This commit improves the `tests/nexus/build.sh` script by adding a
`display_usage()` function and implementing stricter command-line
argument validation.
This commit removes the obsolete Backbone Router (BBR) certification
tests:
- tests/scripts/thread-cert/backbone/bbr_5_11_01.py
- tests/scripts/thread-cert/backbone/
test_mlr_multicast_routing_across_thread_pans.py
These tests are removed because DUA (Domain Unicast Address) routing
features (specifically DUA ND Proxying) have been deprecated and
removed from the codebase. Since these features are no longer
supported, the corresponding certification and validation tests are
no longer valid or runnable.
Remove obsolete backbone test cases for Domain Unicast Address
(DUA) Duplicate Address Detection (DAD), DUA routing, DUA routing
for Minimal End Devices (MED), and Neighbor Discovery (ND) Proxy.
These features and their corresponding tests are no longer needed.
This commit removes all DUA (Domain Unicast Address) validation
and verification steps from test_firewall.py. Since DUA routing
features are being phased out or removed, this keeps the firewall
test in sync and prevents potential failures during test runs.
Specifically:
- Removed DUA ping validation from host to router.
- Removed DUA collection call (collect_duas).
- Removed the packet verifier checks checking for DUA ping traffic.
When cloning the ot-br-posix repository to run the Docker-in-Docker
integration tests, the clone was shallow and did not recursively
check out nested submodules (such as cJSON and cpp-httplib). This led
to build failures inside the Docker build container since libcjson
is not pre-installed on the base build image.
This commit resolves the issue by:
1. Appending the `--recurse-submodules` flag to the git-tool clone
calls in `otbr-posix-dind.yml` and `script/test`.
2. Updating `script/git-tool`'s destination directory parsing to
robustly handle multi-line output from recursive submodule
checkouts. The new pattern extracts the path exclusively from
the first line using `sed` to prevent SIGPIPE or parsing errors.
This commit introduces a new GitHub Actions workflow to automate the
monthly release process using Calendar Versioning (CalVer).
The workflow:
- Runs automatically at 00:00 UTC on the 1st day of every month.
- Supports manual execution via `workflow_dispatch`.
- Automatically generates a CalVer tag (e.g., vYYYY.MM.0).
- Employs the GitHub CLI to create a release and auto-generate
release notes based on merged pull requests.
This commit fixes a potential `uint16_t` overflow in
`Config::SelectRandomReregistrationDelay()` which could occur if
`mReregistrationDelay` was set to the maximum `uint16_t` value.
The `Random::NonCrypto::GetUint16InRange(lower, upper)` function
includes the lower bound but excludes the upper bound. Previously,
the code called `GetUint16InRange(1, mReregistrationDelay + 1)`,
which would overflow the upper bound if `mReregistrationDelay` was
`0xffff`. The logic is updated to `1 + GetUint16InRange(0,
mReregistrationDelay)`, which safely produces a random value in the
range `[1, mReregistrationDelay]` without overflow.
This commit introduces a new helper method that allows appending a
TLV by copying its value directly from a specified `OffsetRange` of
another `Message`.
This helper automatically handles formatting the TLV as an Extended
TLV if the length exceeds 254 bytes, eliminating the need for manual
length checks and TLV header construction at the call sites.
Key changes:
- Added `Tlv::AppendTlvWithValueFromMessage()`.
- Refactored TLV header construction into a private helper
`Tlv::AppendTlvHeader()` to share logic between `AppendTlv` variants
and `StartTlv()`.
- Updated `Commissioner::SendRelayTransmit()` and
`JoinerRouter::HandleUdpReceive()` to use the new helper for
`JoinerDtlsEncapsulation` TLVs.
- Updated `TcatAgent::HandlePing()` to use the new helper, significantly
simplifying the payload response generation.
When logging while `Instance` has not been initialized yet, use 0 as
return value of `GetUptime` and use `OPENTHREAD_CONFIG_LOG_LEVEL_INIT`
as default log level instead of accessing raw memory.
This commit updates `BackboneRouter::Local` to receive role change
events directly from the `Notifier`. Previously, `Bbr::Local` was
indirectly relying on `BackboneRouter::Leader` to emit events even
when the PBBR configuration had not changed (e.g., during role
transitions).
The previous design was fragile and created an unnecessary dependency.
`Bbr::Local` now independently tracks role changes to ensure it
correctly evaluates its own status (e.g., deciding whether to
register as the Primary BBR).
This commit introduces `PrimaryEvent` to represent changes in the
Primary Backbone Router (PBBR) configuration, replacing the previous
`State` enum. Calling it `State` was misleading as the values
describe transitions or updates to the PBBR rather than a persistent
state.
The new `PrimaryEvent` enum provides a more descriptive way to notify
dependent modules (`Mlr::Manager`, `DuaManager`, and `Bbr::Local`)
about specific changes in the PBBR, such as when it is added,
removed, or when its configuration parameters (e.g., RLOC16, Sequence
Number, or MLR Timeout) are updated.
This commit simplifies and enhances the TLV parsing logic in
`TcatAgent` so to use the `Tlv::Info` helper class. This safely and
automatically handles both standard and extended TLVs, removing the
need for manual type checking and length/offset calculations.
Key changes:
- Updated `TcatAgent::HandleSingleTlv()` to use `Tlv::Info::ParseFrom()`.
- Replaced individual `aOffset` and `aLength` parameters with
`const OffsetRange &` across various TLV handler methods (e.g.,
`HandlePing`, `HandleSetActiveOperationalDataset`, `VerifyHash`).
This improves code readability, safety, and consistency with common
OpenThread TLV parsing patterns.
This commit simplifies the logic in `BleSecure::HandleTlsReceive`
by reducing the nesting level through the use of early `ExitNow()`
calls and replacing a complex `if-else` block with a `switch`
statement for handling `errorTcatAgent`.
Key improvements:
- Removed a large `else` block by adding `ExitNow()` after the
initial transparent mode check.
- Used a `switch` statement to handle `errorTcatAgent` returned
by `MeshCoP::TcatAgent::HandleSingleTlv()`, clearly separating
`kErrorNone`, `kErrorAbort` (disconnect), and default fatal
error handling.
- Improved code formatting and comment readability.
This commit refactors `BleSecure::HandleTransport()` to use the
`OffsetRange` and `Message::ReadAndAdvance()` helper methods. This
replaces manual length and offset tracking, resulting in cleaner
and safer message parsing logic.
Additionally:
- Simplified the payload length calculation by using nested `Min()`
calls instead of multiple `if/else` blocks.
- Added a `RadioPacket` typedef in `BleSecure` to alias the public
`otBleRadioPacket` structure, aligning with OpenThread's core
namespace conventions.
This commit introduces a new CMake option `OT_NEXUS_BUILD_TESTS`
(defaulting to `ON`) to control whether the individual Nexus test
executables are built.
When developing or debugging the OpenThread core stack within the
Nexus framework, building the large number of certification tests can
be time-consuming. This option allows developers to skip building the
tests and only compile the `ot-nexus-platform` library and OT core.
The check is implemented inside the `ot_nexus_test` macro to ensure
all test definitions automatically respect the flag without requiring
large conditional blocks in the `CMakeLists.txt` file.
Additionally, a `no_tests` argument is added to `tests/nexus/build.sh`
to easily invoke this configuration from the command line.
This commit refactors and improves the Backbone Router callback and
`Config` introducing new methods and encapsulating configuration-related
logic.
Key changes:
- Added `Leader::GetConfig()` to provide direct access to the internal
cached `Config` object.
- Renamed `Leader::GetConfig(Config &)` to `Leader::ReadConfig(Config &)`
to better reflect its purpose.
- Added `Config::SelectRandomReregistrationDelay()` to encapsulate the
logic for selecting a random re-registration delay.
- Simplified variosu `HandleBackboneRouterPrimaryUpdate()` callbacks
to remove the parameter `aConfig`, allowing these modules to use
`Leader::GetConfig()` instead.
This adds details to the Posix platform UDP bind error message, showing address and
port just like for the otPlatUdpConnect case. Also the severity is changed from Crit
to Warn, since it's not a critical failure given that otPlatUdpBind() is used in a
loop to find an available ephemeral port - i.e. probe the ports in range until one
succeeds.
It also fixes an issue where `errno` might be modified by the logging code itself.
Ideally the platform code would discern 'port in use' vs 'unrecoverable failure to
bind the port', but the currently defined OT APIs don't allow for any other errors
apart from ok/failed. If the specific port number is really needed, the caller
is responsible to log a critical failure.
If the PD client sendto() fails, e.g. because of an unroutable IPv6
destination, currently the message remains in the queue. Then the
subsequent retries cause a 100% CPU use (without end). This fixes the
issue by dropping the message in case of an unresolvable sendto()
failure.
This commit refactors and improves the `Sntp::Client` class by
adopting common OpenThread patterns and simplifying the logic.
Key changes:
- Introduced `Sntp::Client::QueryInfo` core class to wrap the
public `otSntpQuery` structure.
- Added `Timestamp` class to handle SNTP timestamps, simplifying
the `Header` structure.
- Renamed methods and variables to be more concise and consistent
(e.g., `FinalizeSntpTransaction` to `Finalize`,
`mRetransmissionTimer` to `mTimer`).
- Simplified the `HandleUdpReceive` logic by splitting response
processing into `ProcessResponse`.
This change improves code readability and maintainability of the
SNTP client module.
This commit adds support for interacting with nodes via the CLI in the
Nexus simulation framework. This enables writing higher-level
integration tests that verify stack behavior and state through
standard CLI commands.
Key changes:
- Integrated `Cli::Interpreter` into the `Nexus::Node` class.
- Added `Node::InputCli()` to allow sending commands to a node with
`printf`-style formatting.
- Implemented output capturing logic in `Node::HandleCliOutput()` to
buffer and parse CLI responses into individual lines, stored in a
`CliOutputArray`.
- Added helper methods to `CliOutputLine` for matching and validating
the captured output.
- Added a new `cli_basic` Nexus test to demonstrate and validate the
CLI interaction functionality.
This commit introduces a new core class `BackboneRouter::Config` that
inherits from the public `otBackboneRouterConfig` struct. This aligns
with the OpenThread architectural pattern of using core-internal
classes to wrap public API structures, providing a cleaner interface
and encapsulating logic.
Importantly, this commit ensures that the `MlrTimeout` is adjusted
and clamped to valid ranges before comparing the new configuration
with the existing one. This ensures that the state transition
(e.g., `kStateRefreshed`) correctly reflects the actual values
that will be used.
Other improvements:
- Added helper methods `IsPresent()`, `MarkAsAbsent()`, and getters
for configuration fields.
- Moved `MlrTimeout` adjustment logic into `Config::AdjustMlrTimeout()`.
- Added `Config::Log()` to log configuration details, and updated
`Leader` to log both old and new configurations when a Primary
Backbone Router event occurs.
Update `otbr-posix-dind.yml` workflow to run the DinD integration test
using a matrix strategy that covers both the default mDNS implementation
and `mDNSResponder`.
This mirrors the testing matrix used in `ot-br-posix` repository's
`docker-test.yml` workflow.
In Host + RCP mode, running `diag start` from the host CLI may trigger
RadioSpinel warnings: InvalidState, “Error processing result” / “Error
waiting response”.
**Root cause**
Diags::ProcessStart sent channel / power commands before enabling diag
mode. On Spinel, these are forwarded to the RCP (via
`SPINEL_PROP_NEST_STREAM_MFG`), but the RCP only accepts other diag
commands after start.
```
if (!IsEnabled() && !StringMatch(aArgs[0], "start"))
{
Output("diagnostics mode is disabled\r\n");
ExitNow(error = kErrorInvalidState);
}
```
As a result, early channel / power commands are rejected with
InvalidState.
This commit removes the `kDomainPrefixUnchanged` event from the
`DomainPrefixEvent` enum and refactors the related logic in
`BackboneRouter::Leader`. This value was redundant, as the manager
should only report events when an actual change (addition, removal,
or refresh) occurs in the Domain Prefix configuration.
This commit introduces `Message::ReadAndAdvance()` and its template
flavor to the `Message` class. This helper method reads data from a
`Message` at a given `OffsetRange` and advances the `OffsetRange` by
the number of bytes read upon success.
Sequential parsing of structured data (such as TLVs or protocol
headers) is a common pattern across the OpenThread codebase.
Previously, this required two separate calls: one to `Read()` and
another to `AdvanceOffset()`. The new `ReadAndAdvance()` method
consolidates these into a single, safer operation that ensures the
offset is only advanced if the read operation succeeds.
This commit updates numerous call sites across the core stack
(MLE, BBR, DatasetManager, NetworkDiagnostic, DHCPv6, etc.) to use
the new helper, improving code clarity and reducing boilerplate.
This commit removes the legacy `Tlv::FindTlv()` method variations
that read a TLV into a local buffer. These methods are no longer
used across the codebase, having been replaced by safer and more
efficient alternatives such as `Tlv::Find<TlvType>()`,
`Tlv::FindTlvValueOffsetRange()`, or `Tlv::Info::FindIn()`.
The removed methods were prone to misuse, as they did not always
handle Extended TLVs correctly if the caller provided a fixed-size
buffer. Removing these variations forces new code to use the modern
helper functions, which provide better validation and correctly
handle the decoupling of the TLV header from its value.
Abtin Keshavarzian