With the router restoration, longer delay is expected. This commit
defines the router restoration delay and apply it on the unstable test
case Cert_5_1_05_RouterAddressTimeout.
This commit updates `test_publish_meshcop_service` to relax the checks
when verifying mDNS browse response. Specifically, after `br1` is factory
reset, the Border Agent and other functions are not given the chance
to stop properly and remove previously registered mDNS entries. This
can result in stale entries remaining in the mDNS cache, leading to
more service entries appearing in `browse` results. This commit
relaxes the check from `assertEqual` to `assertGreaterEqual`,
allowing the test to pass when additional entries are observed.
This commit updates how the "ConnectionMode" field is set in the
Border Agent State Bitmap, which is advertised as the value of the
`sb` TXT key. In particular, when the Border Agent service is stopped
and therefore not accepting any connections, the value of this field
is now set to `kConnectionModeDisabled` to indicate this.
This commit also updates and enhances `test_border_agent` to validate
the State Bitmap entry in the TXT data, covering cases where the
device role changes or ePSKc support is enabled/disabled.
This commit enhances the OpenThread DNSSD name server/resolver and its
native Discovery Proxy to support queries for arbitrary record
types.
To enable this, a new set of `otPlatDnssd` APIs are introduced for
generic `RecordQuerier`. These APIs mirror the existing APIs in the
OpenThread native mDNS module, allowing direct use of the native mDNS
implementation.
The discovery proxy implementation is updated to start and stop the
mDNS `RecordQuerier` when receiving a query for an arbitrary record
type, passing the first response record back to the client.
The unit tests `test_dnssd_discovery_proxy` and `test_dns_client`
are updated to cover all the newly added behaviors in discovery proxy.
This commit adds the `srp server port` CLI command, which maps to the
`otSrpServerGetPort()` API. This new command is now used in
`thread-cert/node.py` to implement `get_srp_server_port()`, allowing
direct retrieval of the SRP server port instead of indirectly parsing
the network data entry.
This commit fixes `get_srp_server_port()` in `thread-cert/node.py`.
This function parses Network Data service entries, searching for an
SRP/DNS unicast (non-preferred) entry, and then attempts to parse the
published port number of the SRP server by examining the last bytes
of the "server data".
The SRP/DNS unicast entry was previously updated to optionally include
a "version" field at the end of the "server data". This update caused
the port number parsing to fail, as the code did not account for the
extra byte corresponding to the version field.
This commit resolves this issue by ensuring that the two bytes are
correctly read and interpreted as the port number, regardless of the
presence of the version field.
Key Changes:
* Server Prioritization: RDNSS-discovered servers are prioritized
based on their advertised lifetime. Servers with longer lifetimes
are preferred.
* Recursive DNS Server List: The resolver maintains a list of
recursive DNS servers, which now includes servers learned via RDNSS.
* DNS Query Integration: The resolver uses the RDNSS-learned servers
when forwarding DNS queries upstream.
* Border Routing Integration: The RDNSS callback is registered to the
border routing module.
Minor Changes:
* The unused function `Transaction *GetTransaction(int aFd)` is
removed.
Previously, the code relied on the return code of the `service radvd
status` command to determine if `radvd` was running. This was
unreliable because the command could succeed even if the service was
not actually active.
The `is_radvd_running` function now parses the output of `service
radvd status` and specifically checks for the line "running" to
confirm that the service is truly running.
This commit relaxes the tests that assume mDNS resolve would provide a
single IPv6 answer and explicitly check and require one address. This
behavior of the mDNS API is improved/changed in the `ot-br-posix`
implementation, allowing multiple addresses to be collected and
passed in the "resolved" callback.
This commit updates the `_assert_dig_result_matches()` function to
have an additional parameter, `allow_extra_answer`, which is then
used in specific test steps.
Previously there's a delay for every router (10 seconds) and child (3
seconds) for it to start. The serialized waiting times are
unnecessary. This commit removes such waitings to speed up the test
case. This is especially useful in the BR test
`test_srp_register_500_services_br.py` which uses non-virtual time.
This adds the `-x` flag to the `tcp send` command so send specific
data defined by a hexadecimal string. The purpose is to use this in
testing, for example to emulate HTTP GET requests.
The current diag module allows users running the 'diag send' and 'diag
repeat' concurrently. The command run later will change the settings
of the command run earlier, which will cause unexpected test results.
This commit does not allow running 'diag send' and 'diag repeat'
concurrently.
This commit introduces the `BorderAgent::EphemeralKeyManager` class,
which manages the use of the ephemeral key by the Border Agent.
The `EphemeralKeyManager` uses its own DTLS transport and CoAP secure
sessions. This allows the `EphemeralKeyManager` and the `BorderAgent`
service (which uses PSKc) to be enabled and used in parallel.
Previously, a single transport and session was shared between these
functions, requiring the normal BA service (with PSKc) to be stopped
before the ephemeral key could be used.
This is a fundamental change and improvement to the ephemeral key and
Border Agent functionality. Therefore some existing `otBorderAgent`
APIs need to be modified. For example, `otBorderAgentGetState()`,
which returned the Border Agent state to indicate whether there were
any active sessions, is no longer meaningful, as different
sessions/transports are now used for PSKc and ephemeral key, and
there can be multiple sessions. This commit intentionally renames and
changes the `otBorderAgent` public APIs, specifically all those
related to ephemeral key use, to highlight the fundamental change in
behavior. While this can cause backward incompatibility, it requires
app layer code that used the previous APIs to be updated to take into
account the new behavior.
This commit also updates `nexus/test_border_agent`, adding new tests
to validate the new behavior (e.g., BA service and ephemeral key
parallel sessions). It also includes and validates the Border Agent
counter updates under different scenarios (this enhances and replaces
`test_ephemeral_key_counters.py`).
Commit adds implementation of:
- 0x40 Tcat tlv extraction of active dataset,
- 0x25 Tcat tlv extraction of commissioner certificate.
Includes also refactoring of `BleCommand` adds new method `process_response`.
This simplifies:
- `GetPskdHash`
- `GetRandomNumberChallenge`
`TransmitPacket()` should return an error from platform Radio
implementation, as for example Radio can be in incorrect state.
If error occurs, increase `mSentErrorInvalidStatePackets` stat.
Add wrong state case to tests and fix `diag repeat stop` called
too lata.
Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
The original `diag send` command is an asynchronous command. Users
must wait for a certain period of time and then run the `diag stats`
command to query how many packets have been sent to know whether all
packets have been sent. This is very inefficient, and it is not
convenient for scripts to process this command.
This commit changes the command `diag send` from an asynchronous
command to a synchronous command, and add the asynchronous command
`diag send async`.
Previously, it prints a line `PASS x FAIL y ...` when all the runs of
a test case complete. However, such messages could be hard to find
when multiple test runs fail so the messages are interspersed between
other logs.
This commit moves such messages to the end of the output. This makes
it easier to notice which test cases are failed. Also it will list the
failed iterations, which is useful when MULTIPLY > 1.
When using the `diag frame -c xxxx` command to enable the CSMA-CA when
transmitting the frame, the command `diag send` won't output any message
the CCA failure happens. It is difficult for users to know whether
the CSMA-CA is actually effective via diag commands.
This commit counts the number of packets that are sent succeed and failed,
outputs the transmision failure reason and do not re-transmit the frame
after it fails to send.
This commit adds a version field (`uint8_t`) to DNS/SRP Anycast and
Unicast Service entries in `NetworkData::Service::Manager`.
For Unicast entries, the version the version field is placed after
the existing fields, specifically after the IPv6 address and port number fields.
For Anycast entries it is added as the in server data as part of the
Server TLV.
When processing Network Data service entries, the version field is
optional and if absent, version number zero is assumed.
The `NetworkData::Publisher` now considers entries with the same or
higher version number when deciding whether to add or remove its own
entry, preferring those with a higher version.
In SRP client, when `AutoStart` mode is used and if there are multiple
Unicast, Service entries, the client prefers the one with larger
version number.
When selecting an anycast entry, the existing rules regarding sequence
numbers are still used. If multiple entries with the same sequence
number exist, the client will assume the minimum version number among
all such entries.
This commit also updates the `test_network_data` unit test, validating
the new format and related methods.
`test_netdata_publisher.py` is also updated to check service entries
with different version numbers.
All diagnostic commands (instead of `diag start`) should fail if
device is not in diagnostic mode. Previously it was verified by
each command's process method (with a missing check in
`ProcessEcho` and `ProcessGpio`). This commit moves the check
directly to `ProcessCmd` and cleans up redundant code.
Additionally clean the documentation and align the code as for
some commands `status 0x00` was added on success and for some not.
Move `AppendErrorResult()` to `ProcessCmd()` as well.
Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
This commit expects echo of diag commands to make sure the command is
received by the node when waiting for the expected output. This helps
make this test less flaky.
This commit updates `Srp::Server` to associate its UDP socket with
`kNetifThreadInternal`, ensuring that received messages are from the
internal Thread network interface (i.e., from devices within the
Thread mesh).
There's a CI failure that the BR sends the query to 8.8.8.8 as the
upstream DNS server and responded to the DNS client. This is undesired
behavior. We want the BR to query our test DNS server instead.
The issue happened because 8.8.8.8 is already an entry in
`/etc/resolv.conf`. To avoid querying it, we should fully overwrite
the `/etc/resolv.conf` to ensure the BR queries the test DNS server.
There's another issue that `bind9` service was also running on the BR
node which taken over all incoming DNS queries. `bind9` should only
run on the upstream DNS server node. I'll try fix this in a more
generic way later.
This commit fixes an issue in DNS recursive resolver that it didn't
bind its socket to the infra network interface. This may cause the DNS
message to be sent on an unexpected network interface, depending on
the routing table of the platform.
This commit also updates the test case `test_upstream_dns.py` to make
the upstream DNS server run on a different node. Previously the
upstream DNS server ran on the same node as the BR which is a
limitation of this test case.
This commit introduces the `RouterRoleRestorer` class, nested within
`MleRouter`, to manage router/leader role restoration after an MLE
operation restart (e.g., a device reboot) by sending multicast Link
Requests. This class simplifies the code and centralizes role
restoration logic.
Specific changes:
- A new member variable `mLastSavedRole` is added to track the last
attached role (saved in non-volatile memory). This is used by
`RouterRoleRestorer` to determine the number of Link Request
attempts. This variable replaces the previous `mWasLeader`, which
was only updated after a reboot and would not account for role
changes afterward.
- The `AttachTimer` is now used for role restoration instead of the
retransmission timer, as role restoration always occurs while the
device is detached and before any attach attempts.
- The `kLinkRequestTimeout` is used for the last attempt before
considering restoration failure.
- The `mChallengeTimeout` mechanism is now removed (in earlier Thread
specification versions, multicast Link Requests could be used while
the device was attached, but this is no longer used or needed).
- `test-012-reset-recovery.py` is updated to validate the role
restoration behavior. `test_detach` is also updated and fixed.
Commit introduces implementation of missing general class commands:
- PresentPskdHash
- PresentPskcHash
- PresentInstallCodeHash
- RequestRandomNumChallenge
- RequestPskdHash
Also include minor fixes in Tcat python client and refactoring of expect
tests for tcat.
This commit adds a new IDLE state to PdPrefixManager.
PdPrefixManager enters idle state when PD is enabled and there is
already a BR requesting PD prefix. When there are multiple BRs
publishing PD prefix at the same time, the one with lexcial smaller
prefix wins.
This commit updates the `RouteingManager` to set the newly
allocated "SNAC Router Flag" (bit 6) in emitted RA messages from
Thread BR. The flag is also parsed and tracked in received RA
messages.
This replaces the previous model where an experimental flag bit
in "Flags Extension Option" indicated a "stub router". This commit
also removes the `STUB_ROUTER_FLAG_IN_EMITTED_RA_ENABLE` confg
(no longer optional/experimental) and renames `mStubRouterFlag` to
`mSnacRouterFlag`.
The test software for certification currently uses the mDNS packets of
trel service responses to find out the trel port, and then use the port
number to determine which packets in a capture should be decoded as TREL
packets. However this may not be reliable since it depends on when the
capture starts. Added a cli to get trel port, so this can be used by
a THCI function.