This commit refactors the Nexus tests configuration in CMakeLists.txt
by properly classifying and sorting test cases:
- Moved `inform_previous_parent_on_reattach` from the "Cert tests"
section to the "Misc tests" section, and changed its label from
"cert;nexus" to "core;nexus".
- Moved `retransmission_security` from the "Cert tests" section
to the "Misc tests" section where it belongs (retaining its
"core;nexus" label) and sorted it alphabetically.
These changes ensure the CMake file remains clean and the tests are
properly categorized.
This commit removes the thread-cert/backbone tests and cleans
up all related configurations and references.
Specifically, the following changes are made:
- Deleted tests in tests/scripts/thread-cert/backbone/
- Removed the backbone-router job from .github/workflows/otbr.yml
- Removed backbone-router dependency from upload-coverage job
- Removed setup, cleanup, and checks for backbone tests in
tests/scripts/thread-cert/run_cert_suite.py
This commit renames the `NetworkDiagnostic` namespace in `src/core/thread/`
and its related types to `NetDiag` for brevity. It updates the
corresponding filenames and header guards as well.
Retransmissions of frames containing time-dependent header Information
Elements (IEs), such as CSL or Time Sync, require updates to these
IEs to reflect the exact time of sending. If the frame counter is not
incremented for these retransmissions, it leads to nonce reuse in
AES-CCM encryption, which is a security vulnerability.
This commit addresses this issue by ensuring that every transmission
attempt (initial or retry) uses a fresh frame counter:
- Deferred security processing from `SubMac::Send()` to
`SubMac::BeginTransmit()`.
- Upon retransmission in `SubMac::HandleTransmitDone()`, the frame is
restored to plaintext via `TxFrame::DecryptTransmitAesCcm()` and
security flags are cleared.
- This allows time-dependent IEs to be updated and a new frame counter
to be assigned for every attempt.
Added a Nexus test case `retransmission_security` to verify that both
CSL and standard MAC retransmissions use incrementing frame counters
and updated CSL phases.
This commit introduces a structured state machine to `Mlr::Manager` to
coordinate Multicast Listener Registration (MLR) activities more
efficiently. The previous implementation relied on independent delay
variables and the global `TimeTicker`, which could lead to redundant
or premature registrations, especially when a Primary Backbone Router
(PBBR) was newly discovered or updated.
The new state machine (`kStateStopped`, `kStateIdle`,
`kStateToRegisterAll`, `kStateRegistering`, `kStateRegistered`,
`kStateNewAddrToRegister`) provides explicit transitions for the
entire MLR lifecycle. This ensures that registrations are properly
aggregated and that periodic renewals are correctly rescheduled after
successful out-of-band registrations.
Additionally, the manager now uses a dedicated `TimerMilli` instead of
`TimeTicker`, reducing system-wide overhead and providing more
precise timing control.
Per RFC 9664, the UL option is always included in a success response (RCODE=0).
Comment in test_srp_server is updated also to avoid suggesting the opposite.
This commit introduces a new set of template-based APIs for
non-cryptographic random number generation in the `Random::NonCrypto`
namespace. These new methods provide a cleaner, type-safe, and more
robust interface compared to the previous methods.
Key additions:
- `Generate<UintType>()`: Returns a random value of the given
unsigned integer type (`uint8_t`, `uint16_t`, or `uint32_t`).
- `GenerateUpToExcluding<UintType>(aMax)`: Returns a random value in
the range `[0, aMax)`.
- `GenerateFromMinUpToExcluding<UintType>(aMin, aMax)`: Returns a
random value in the range `[aMin, aMax)`.
- `GenerateInClosedRange<UintType>(aMin, aMax)`: Returns a random
value in the closed range `[aMin, aMax]`.
The introduction of `GenerateInClosedRange` is an improvement as it
safely handles ranges up to the maximum value of the integer type
(e.g., `0xffff`) without the risk of overflow.
All call sites across the OpenThread core stack and tests have been
updated to adopt these new APIs. The public `otRandomNonCrypto`
functions are also updated to leverage the new internal methods.
Doxygen documentation is added for all new template methods,
detailing their behavior, including edge cases where the upper bound
is smaller than or equal to the lower bound.
This commit refactors various unit tests to use `constexpr` for
defining constants instead of anonymous `enum` types.
Using `constexpr` is the modern and preferred approach in C++, as it
provides explicit types for constants and improves code clarity and
type safety.
This commit makes `Tlv::AppendTlvHeader()` public and updates call
sites to use it. This method automatically handles the formatting
of the TLV header as either a standard TLV header or an extended one
based on the provided length.
This commit removes all code, configurations, APIs, and tests related
to the OPENTHREAD_CONFIG_BACKBONE_ROUTER_DUA_NDPROXYING_ENABLE feature.
Specifically, the following changes were made:
- Removed DUA ND Proxying Backbone Router configuration option and the
related OPENTHREAD_CONFIG_NDPROXY_TABLE_ENTRY_NUM definition.
- Removed CLI commands: `bbr mgmt dua` and the proactive backbone
notification fake command `/b/ba`.
- Removed NdProxyTable and bbr_manager DUA ND Proxying implementation.
- Removed public/internal APIs for ND Proxying and proactive backbone
notifications.
- Deleted ndproxy_table source files and unit tests.
- Simplified CMake and GN build files to remove deleted targets.
This commit improves the `tests/nexus/build.sh` script by adding a
`display_usage()` function and implementing stricter command-line
argument validation.
This commit removes the obsolete Backbone Router (BBR) certification
tests:
- tests/scripts/thread-cert/backbone/bbr_5_11_01.py
- tests/scripts/thread-cert/backbone/
test_mlr_multicast_routing_across_thread_pans.py
These tests are removed because DUA (Domain Unicast Address) routing
features (specifically DUA ND Proxying) have been deprecated and
removed from the codebase. Since these features are no longer
supported, the corresponding certification and validation tests are
no longer valid or runnable.
Remove obsolete backbone test cases for Domain Unicast Address
(DUA) Duplicate Address Detection (DAD), DUA routing, DUA routing
for Minimal End Devices (MED), and Neighbor Discovery (ND) Proxy.
These features and their corresponding tests are no longer needed.
This commit removes all DUA (Domain Unicast Address) validation
and verification steps from test_firewall.py. Since DUA routing
features are being phased out or removed, this keeps the firewall
test in sync and prevents potential failures during test runs.
Specifically:
- Removed DUA ping validation from host to router.
- Removed DUA collection call (collect_duas).
- Removed the packet verifier checks checking for DUA ping traffic.
This commit introduces a new CMake option `OT_NEXUS_BUILD_TESTS`
(defaulting to `ON`) to control whether the individual Nexus test
executables are built.
When developing or debugging the OpenThread core stack within the
Nexus framework, building the large number of certification tests can
be time-consuming. This option allows developers to skip building the
tests and only compile the `ot-nexus-platform` library and OT core.
The check is implemented inside the `ot_nexus_test` macro to ensure
all test definitions automatically respect the flag without requiring
large conditional blocks in the `CMakeLists.txt` file.
Additionally, a `no_tests` argument is added to `tests/nexus/build.sh`
to easily invoke this configuration from the command line.
This commit refactors and improves the `Sntp::Client` class by
adopting common OpenThread patterns and simplifying the logic.
Key changes:
- Introduced `Sntp::Client::QueryInfo` core class to wrap the
public `otSntpQuery` structure.
- Added `Timestamp` class to handle SNTP timestamps, simplifying
the `Header` structure.
- Renamed methods and variables to be more concise and consistent
(e.g., `FinalizeSntpTransaction` to `Finalize`,
`mRetransmissionTimer` to `mTimer`).
- Simplified the `HandleUdpReceive` logic by splitting response
processing into `ProcessResponse`.
This change improves code readability and maintainability of the
SNTP client module.
This commit adds support for interacting with nodes via the CLI in the
Nexus simulation framework. This enables writing higher-level
integration tests that verify stack behavior and state through
standard CLI commands.
Key changes:
- Integrated `Cli::Interpreter` into the `Nexus::Node` class.
- Added `Node::InputCli()` to allow sending commands to a node with
`printf`-style formatting.
- Implemented output capturing logic in `Node::HandleCliOutput()` to
buffer and parse CLI responses into individual lines, stored in a
`CliOutputArray`.
- Added helper methods to `CliOutputLine` for matching and validating
the captured output.
- Added a new `cli_basic` Nexus test to demonstrate and validate the
CLI interaction functionality.
This commit introduces `Message::ReadAndAdvance()` and its template
flavor to the `Message` class. This helper method reads data from a
`Message` at a given `OffsetRange` and advances the `OffsetRange` by
the number of bytes read upon success.
Sequential parsing of structured data (such as TLVs or protocol
headers) is a common pattern across the OpenThread codebase.
Previously, this required two separate calls: one to `Read()` and
another to `AdvanceOffset()`. The new `ReadAndAdvance()` method
consolidates these into a single, safer operation that ensures the
offset is only advanced if the read operation succeeds.
This commit updates numerous call sites across the core stack
(MLE, BBR, DatasetManager, NetworkDiagnostic, DHCPv6, etc.) to use
the new helper, improving code clarity and reducing boilerplate.
This commit adds a new Nexus test (`test_mlr_redundant.cpp`) to verify
that the MLR manager correctly handles registrations when multiple
entities (e.g., a parent router and its children) subscribe to the
same multicast address, without sending redundant requests.
The test sets up a topology with a Primary Backbone Router, an FTD
Router, and three SEDs. The Router and SEDs all subscribe to the same
multicast address. The Router then subscribes to 14 additional unique
multicast addresses to exceed the single CoAP message payload limit
(`kMaxIp6Addresses`).
A CoAP interceptor is registered on the Backbone Router to parse
incoming `MLR.req` messages and count the number of times the shared
multicast address is included in the payload. The test verifies that
the shared address is requested exactly once, ensuring that fragmented
state tracking does not lead to duplicate registrations.
This commit enhances the radio URL parsing logic to detect and fail
when unused parameters are provided in the URL. This prevents typos
or unsupported parameters from being silently ignored.
The following changes were made:
- Updated ot::Url::Url to track parameter usage by appending a
trailing '&' delimiter in Init() and replacing it with '\0'
in GetValue() when a parameter is matched. This marks the
parameter as used and removes any limit on the number of
trackable parameters.
- Added a Validate() method to ot::Url::Url to verify that all
parameters in the query string were accessed.
- Refactored ot::Posix::Radio to share a single RadioUrl instance
with SpinelManager, ensuring all components track usage on the
same URL object.
- Integrated Validate() calls in otSysInit() and platformTrelInit()
to perform validation after all platform components have been
initialized.
- Updated Radio::ProcessMaxPowerTable to use a local copy of the
parameter string to avoid premature modification of the URL buffer.
- Adjusted RadioUrl and unit tests to provide sufficient buffer
space for the additional tracking delimiter.
- Added new unit tests in tests/unit/test_url.cpp to verify the
usage tracking and validation logic.
This commit introduces a recursion depth limit of 4 in
Ip6::HandleDatagram to prevent unbounded stack recursion from deeply
nested IPv6-in-IPv6 tunnel packets (NextHeader = 41).
This mirrors the safety limit fix implemented in the 6LoWPAN layer
decompress path (issue #12669).
A new Nexus test case `ipv6_recursion` has been added to construct
and verify that packets exceeding the depth limit are correctly
dropped with kErrorDrop, while valid nesting depth succeeds.
Key changes:
* Added `mle_router_role_allowed` nexus test, which includes a test of
the correct type of advertisement used by each type of node.
* Updated the `router_downgrade_on_sec_policy_change` nexus test
to also test changes of the Router role allowed/disallowed when
multiple factors are changed
* Updated checks in `verify_1_1_5_3_6.py` to verify that only Router
advertisments are sent during the test, to verify that REED
advertisements are not sent unless the unit is no longer
attempting to upgrade
Every DTLS ClientHello from an unseen port previously allocated a
dynamic CoapDtlsSession on the heap before DTLS cookie verification.
This allowed multiple connection attempts to leave allocated sessions
active indefinitely, leading to high memory utilization.
To resolve this:
- Enforce a 15-second handshake timeout on newly allocated sessions.
Connecting sessions that do not successfully finish the handshake
within 15 seconds are cleanly disconnected and freed.
- Enforce a session limit cap of 16 concurrent secure sessions on the
Border Agent. Reaching this limit immediately rejects new session
connection requests before triggering heap allocation.
- Implement Nexus test case TestBorderAgentSessionsLimit to robustly
verify both session limit rejection and handshake timeout behavior.
This commit fixes a deterministic null-pointer dereference in
CoapBase::ProcessBlock2Request when receiving a Block2 request
with block number greater than 0 without a preceding active
blockwise transfer.
Previously, when mLastResponse was null, the option copying logic
would unconditionally attempt to initialize the iterator with a
dereferenced mLastResponse pointer (iterator.Init(*mLastResponse)),
causing a segmentation fault crash.
This fix inserts a VerifyOrExit check on mLastResponse inside
ProcessBlock2Request. If mLastResponse is null, it returns the
kErrorNoFrameReceived error code. In ProcessBlockwiseRequest, this
is mapped to a 4.08 Request Entity Incomplete response, matching the
spec-compliant error handling behavior of Block1.
An automated reproduction and verification test case has also been
added to tests/nexus/test_coap_block.cpp.
This commit fixes the occasional/flaky failure of the Nexus test
1_1_5_8_4 by addressing a joiner expiration issue and strictly
verifying MLE Discovery Responses.
In test_1_1_5_8_4.cpp, the joiner was added with a timeout of 100s in
Step 1. However, the total simulated elapsed time before Step 11
(when the joiner is checked) is exactly 104s. This causes the
joiner to expire occasionally/consistently, resulting in the Leader
skipping the MLE Discovery Response in Step 12.
We increase the joiner timeout to 1000s so that it stays active
throughout the test. In addition, we update verify_1_1_5_8_4.py to
strictly verify the Step 12 Discovery Response and perform packet
matching chronologically rather than relying on seeking backward to
idx10.
This commit removes a redundant `static_cast<const uint8_t *>` when
calling `Tlv::Append<Ip6AddressesTlv>()` in `SendMlrRequest()` in
`test_1_2_MATN_TC_21.cpp`. Since the method accepts `const void *`
as its value argument, the explicit cast is unnecessary and can be
safely removed to simplify the code.
This commit resolves the flaky test failures occasionally observed
in the history_tracker Nexus test during ping verification.
The flakiness was caused by two primary issues:
1. Concurrent background Thread control traffic (e.g. multicast
Hop-by-Hop Options packets) sometimes interleaving with the Echo
Request pings, polluting the HistoryTracker queues and causing
the strict chronological checks to fail.
2. The FTD child node upgrading to a Router due to the
TooFewRouters network threshold rule, which dynamically changed
its RLOC16 and caused NeighborRloc16 history checks to fail.
To fix these, we:
1. Set the child node's router eligibility to false after joining
to prevent any unwanted topology changes or Rloc16 updates.
2. Refactored the strict Leader TX and Child RX chronological checks
with robust iterative loops filtering specifically for the
OT_ICMP6_TYPE_ECHO_REQUEST packets.
Verified 100% stable after executing a loop of 50 successful runs.
This commit enforces strictly in-order IPv6 fragment reassembly
in the core stack to improve reassembly robustness and correctness.
Previously, the reassembly engine did not track contiguous bytes
received. An out-of-order or gapped fragment containing the M=0
flag could incorrectly trigger reassembly completion, potentially
leading to the forwarding or processing of incomplete packets.
To resolve this, we now:
1. Enforce that reassembly must start with a fragment offset
of 0.
2. Verify that any subsequent fragment aligns perfectly with the
offset where the contiguous payload data currently ends
(`offset == message->GetOffset()`).
3. Safely advance `message->GetOffset()` as each fragment is
successfully appended to keep track of the contiguous
reassembled byte range.
4. Added a robust Nexus test case verifying that gapped
reassembly is properly dropped and blocked.
This strictly in-order validation approach is consistent with the
preexisting 6LoWPAN fragment reassembly in MeshForwarder.
This commit adds aRecursionDepth tracking and limit check in
Lowpan::Compress methods to prevent excessive recursive stack usage
from recursive compression of highly nested IP-in-IP headers.
Specifically:
- Threads aRecursionDepth parameter through 3-arg and 4-arg (now
5-arg) Compress wrappers.
- Enforces aRecursionDepth <= kMaxRecursionDepth (4) in Compress.
- Increments recursion depth on nested IP-in-IP calls (Ip6::kProtoIp6).
- Adds a Nexus integration test to verify that highly nested packets
are compressed up to the threshold limit, and successfully fall back
to uncompressed inline transmission without excessive stack usage.
This commit adds validation to ensure that Key ID Mode 0 (implied KEK)
secured frames are only accepted if a KEK is configured. If KEK is not
configured, the frame is rejected.
Specifically:
- Added `mIsKekSet` boolean member variable to `KeyManager` to track
KEK status.
- Implemented `KeyManager::IsKekSet()` to check if a KEK is
configured.
- Enforced a guard in `Mac::ProcessReceiveSecurity()` under
`kKeyIdMode0` to immediately reject incoming frames with
`kErrorSecurity` when the KEK is not configured.
- Added unit test `TestKeyManagerKek()` in `test_pskc.cpp` to
verify that `IsKekSet()` transitions from `false` to `true` as
expected.
This commit introduces the `Mlr` namespace to encapsulate all
Multicast Listener Registration related types and logic, improving
overall code organization and readability.
The following primary renames were performed:
- `MlrManager` to `Mlr::Manager`
- `MlrState` to `Mlr::State`
- `MlrStatus` to `Mlr::Status`
- Constants like `kMlrSuccess` to `Mlr::kStatusSuccess`
Additionally, methods within the newly scoped `Mlr::Manager` class
have been simplified by removing redundant `Mlr` prefixes (e.g.,
`SendMlr()` is now `Send()`, `FinishMlr()` is now `Finish()`).
External modules and tests have been updated to reference the new
scoped names.
This commit extracts the logic for appending an `Ip6AddressesTlv` into
a new `static` helper method, `Ip6AddressesTlv::AppendTo()`.
Previously, multiple locations in the codebase manually managed the
TLV construction and appending. This change centralizes this logic,
simplifying the call sites in `BackboneRouter::Manager` and
`MlrManager`.
Host-untrusted IP-in-IP packets could reach the local TMF socket
without the intended port checks on the receive path if destined to
the Border Router's own OMR address with an inner destination set to
the Thread-side link-local address. When the outer message is
decapsulated, it recurses through the IPv6 stack receive path while
retaining its HOST_UNTRUSTED origin, but local UDP socket dispatching
lacks equivalent origin checks.
This commit introduces a validation check in Ip6::HandleDatagram to
immediately drop any message from a host-untrusted origin with a
next header of kProtoIp6 (IP-in-IP encapsulation). This securely
prevents this receive-path processing and the corresponding
forwarding behavior.
Added the tmf_origin Nexus integration test to verify that
host-untrusted IP-in-IP packets are successfully dropped by
returning kErrorDrop.
This commit reorganizes the `Node` class declaration in
`nexus_node.hpp` to improve readability and maintainability.
The methods and members are now logically grouped into marked
sections.
This commit fixes an issue where a tasklet could not be successfully
unposted if it was already scheduled for execution in the current
event loop iteration.
Previously, `Scheduler::ProcessQueuedTasklets()` copied and cleared the
queued tasklets before running them. If a running tasklet called
`Unpost()` on another tasklet that was also in the copied list, the
unpost operation would fail to remove it because it only checked the
main queue.
To address this, the `Scheduler` now explicitly maintains two separate
queues: `mPostedQueue` and `mRuningQueue`. The `Tasklet::Unpost()`
method is updated to remove the target tasklet from both queues,
ensuring it is correctly dequeued even if it is pending in the running
list.
The queue logic is encapsulated into a nested `Queue` class to manage
the circular singly linked-list operations cleanly. Additionally, unit
tests are expanded to cover scenarios where tasklets post or unpost
other tasklets during execution.
This commit simplifies the `MulticastListenersTable` by replacing the
custom heap-based sorting logic with a standard `Array` and integrating
an internal `TimerMilli` (`mTimer`) to handle entry expirations.
Previously, the table maintained a min-heap based on expiration times
(`FixHeap`, `SiftHeapElemDown`, `SiftHeapElemUp`) and required
external calls to `Expire()` every second. The new implementation
uses `mListeners.FindMatching()` and `mListeners.RemoveAllMatching()`,
significantly reducing code complexity and maintenance overhead.
The unit tests in `test_multicast_listeners_table.cpp` are also updated
to reflect the simplified model
This commit implements rate limitation for the TCAT commands Present
PSKd Hash TLV (0x10), Present PSKc Hash TLV (0x11) and Present
Install-code Hash TLV (0x12) to prevent password guessing attacks.
It also removes the TCAT command Request PSKd Hash TLV (0x14), to
prevent offline password guessing attacks with a single Hash value
retrieved from the device.
Note: The commit does not remove the Request PSKd Hash TLV
implementation in the Python commissioner such that the non-existence
of the command TLV can still be tested.
This commit enhances MLE where a full Route TLV could be appended to
a Link Accept message sent to a child neighbor, potentially leading
to a message requiring lowpan fragmentation.
Previously, `Mle::SendLinkAccept()` relied on a `Router` pointer to
determine whether to use a full or compact Route TLV. When the Link
Request originated from a child, this pointer was null, causing a
full Route TLV to be used.
The changes in this commit include:
- Updating the `LinkAcceptInfo` struct to track the RLOC16 of the Link
Request sender.
- Updating `Mle::TxMessage::AppendRouteTlv()` and adding
`AppendCompactRouteTlv()` to replace the previous single method that
took a `Neighbor` pointer. This makes the intent clearer and
supports both router and child neighbors.
- Updating `RouterTable::FillRouteTlv()` to take an RLOC16 instead of
a `Neighbor` pointer. It uses `Mle::RouterIdFromRloc16()` to ensure
that if the destination is a child, its parent's Router ID is
included in the compact Route TLV.
- Includes new Nexus test `test_compact_route_tlv` to validate the
use of compact Route TLV in Link Accept.
This commit removes the test_ping.py test file from the
thread-cert test suite.
The ping functionality tested by this file is already
well covered by existing Nexus tests (e.g.,
test_ipv6_source_selection.cpp, test_radio_filter.cpp),
so this file is no longer needed.
This commit migrates the test_history_tracker.py test
from the thread-cert test suite to the Nexus test
framework as a new C++ test.
The new C++ test, test_history_tracker.cpp, covers:
- Role changes (detached -> leader -> disabled)
- NetInfo age up to 49 days
- Child mode Rn changes
- Ping between leader and child, verifying message
types, checksums, priority, and success flags
It directly uses HistoryTracker::Local methods instead
of the C APIs.
This commit adds a new Nexus test `TestFedRxOnlyLinkEstablishment` to
verify that a Full End Device (FED) successfully establishes rx-only
links with all its neighboring routers in the network.
The test forms a topology with a leader and 15 routers, then adds an
FED child. It uses the `NeighborTable` callback to track the addition
of routers to the FED's neighbor table and ensures that it
eventually establishes links with all available neighboring routers.
This commit migrates the functionality covered by
`tests/scripts/thread-cert/test_radio_filter.py` to a new Nexus test
`tests/nexus/test_radio_filter.cpp`.
The new test covers:
- Initial state of radio filter (disabled).
- Enabling radio filter on Router blocks pings.
- Disabling radio filter on Router restores pings.
- Enabling radio filter on SED causes it to detach.
- Disabling radio filter on SED allows it to reattach.
To make the test pass in Nexus, the following fixes were applied:
- Set external poll period to 40ms for SED to receive ping replies.
- Forced parent search on SED using `BecomeChild()` to avoid long
backoff interval.
The energy scan portion of the original test is skipped because
`otPlatRadioEnergyScan` is not implemented in the Nexus platform.
The original Python test file is removed.
This commit migrates the functionality covered by
`tests/scripts/thread-cert/test_coaps.py` to a new Nexus test
`tests/nexus/test_coaps.cpp`.
The new test covers:
- CoAP Secure with PSK.
- CoAP Secure with X.509 certificates.
The X509 test is conditionally compiled based on
`MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED`.
The original Python test file is removed.
This commit migrates the functionality covered by test_coap_observe.py
to the Nexus test framework.
- Enabled OPENTHREAD_CONFIG_COAP_OBSERVE_API_ENABLE in Nexus config.
- Created test_coap_observe.cpp to test CoAP observations and
notifications in a simulated network.
- Handled edge cases in the test to avoid segfaults during cancel
response processing.
- Removed the old Python test test_coap_observe.py.
This commit addresses an occasional failure in test 1_2_MATN_TC_10
where the Router's ping reply was not found in Step 8.
- Increased the time advanced in Step 8 from 10 seconds
(kStabilizationTime) to 20 seconds (2 * kStabilizationTime).
- This allows more time for address resolution (NS/NA) and packet
transmission in the simulated environment.
- Verified that the test passes consistently with 100 consecutive
successful runs after applying this fix.
This commit migrates the functionality covered by test_coap_block.py
to the Nexus test framework.
- Enabled OPENTHREAD_CONFIG_COAP_BLOCKWISE_TRANSFER_ENABLE in Nexus
config.
- Created test_coap_block.cpp to test CoAP GET and PUT block
transfers in a simulated network.
- Removed the old Python test test_coap_block.py.
This commit introduces support for configuring and retrieving a vendor
OUI-24 (Organizationally Unique Identifier). It defines the new
`OPENTHREAD_CONFIG_NET_DIAG_VENDOR_OUI` configuration option and adds
the `otThreadGetVendorOui()` and `otThreadSetVendorOui()` APIs.
When specified, the vendor OUI is included in the `BorderAgent`
mDNS/DNS-SD TXT data under the `vo` key.
The `VendorInfo` class is updated to manage the OUI value. This
commit also adds the `vendor oui` CLI command to get or set this
property. Finally, it updates the tests to validate the presence and
correctness of the new `vo` key in the TXT data.
This commit migrates the test_ping_lla_src.py script from thread-cert
to the Nexus test framework.
The new test_ping_lla_src.cpp implements the same test logic:
- Forms a network with a Leader and two Routers.
- Verifies that pings using a Link-Local Address (LLA) as the source
succeed when sent to a neighbor's Mesh-Local EID (ML-EID).
- Verifies that pings using an LLA source fail when sent to a
non-neighbor's ML-EID, as LLAs are only valid for single-hop
communication.
- Verifies that external routes are not used for LLA-sourced packets.
To support this migration, the Nexus Core class was enhanced with:
- Overloads for SendAndVerifyEchoRequest that allow specifying a
source address.
- New SendAndVerifyNoEchoResponse methods to verify that no echo
response is received (useful for negative test scenarios).
Changes:
- Added tests/nexus/test_ping_lla_src.cpp
- Updated tests/nexus/CMakeLists.txt to include the new test.
- Enhanced tests/nexus/platform/nexus_core.hpp/cpp with new helpers.
- Removed tests/scripts/thread-cert/test_ping_lla_src.py.
Jonathan Hui