- Adds platform API `trelDnssdInitialize` to initialize TREL
DNS-SD module.
- Adds `test_trel_connectivity.py` test.
- Fixed `Border Router` TREL test to really use TREL.
This commit caches Border Router test results so that success BR tests
will be skipped when re-running the workflow.
The cache keys are chosen in a way that:
- Each new PR push will trigger cache miss and run the tests
- Each ot-br-posix change will trigger cache miss and run the tests
This commit introduces a number of enhancements to `thread-cert`
Border Router tests to improve reliability:
- Checks `ot-rcp` process status for OTBR tests to help catch errors
earlier
- Make sure `ot-rcp` processes are terminated after one test to avoid
corrupting subsequent tests
- Upload core dump as artifacts if otbr-agent crashed
This commit implements OTBR firewall. This implementation focuses on
ingress filtering. We may also introduce egress filtering when
necessary.
For security purpose, there are some packet forwarding rules to
follow, which were originally introduced in the spec.
- Inbound packets initiated with On-Link addresses source (OMR and
mesh local prefix based addresses) should be blocked.
- Inbound unicast packets whose destination address is not OMR address
or DUA should be blocked.
- Inbound unicast packets whose source address or destination address
is link-local should be blocked. Note that we don’t need to
explicitly add rules for link-local addresses since this should
already be handled by the kernel.
These rules can be easily implemented by iptables and ipset.
Before otbr-agent starts, there is a script creating the iptables
rules. The rules themselves are constant so we don't need to change
them dynamically. During the runtime of otbr-agent, otbr-agent updates
ipsets accordingly whenever there's a change of on-link prefixes.
The spec asks border router to publish meshcop service even when
thread interface is inactive. This commit adds test case to verify the
feature.
This commit also introduces boot_delay to add delays between booting
nodes. In this way we can let border routers not starting at the same
time, so that there will be fewer renaming conflicts. This can make
the test more stable.
Added new API/CLI for reference devices to set allowed ranges of
router IDs. When the allowed ID range is set, the leader will only
assign router IDs in the range. In this way, we can assign
non-overlapping router ID ranges to different thread networks so that
no RLOC16s will collide across multiple thread networks.
This commit adds two simulation tests to verify that SRP clients can
register 500 services to one SRP server:
- Virtual time simulation test with one SRP server and 25 SRP clients,
each client registering 20 SRP services.
- OTBR simulation test same as above, but run SRP server on OTBR
(Docker).
This commit implements part of the OTBR firewall. This implementation
focuses on the ingress filtering part. We may also introduce egress
filtering part when necessary.
For security purpose, there are some packet forwarding rules to
follow, which were originally introduced in the spec.
- Inbound packets initiated with On-Link addresses source (OMR and
mesh local prefix based addresses) should be blocked.
- Inbound unicast packets whose destination address is not OMR address
or DUA should be blocked.
- Inbound unicast packets whose source address or destination address
is link-local should be blocked. Note that we don’t need to
explicitly add rules for link-local addresses since this should
already be handled by the kernel.
These rules can be easily implemented by iptables and ipset.
- Before otbr-agent starts, there is a script creating the iptables
rules. The rules themselves are constant so we don't need to change
them dynamically.
- During the runtime of otbr-agent, otbr-agent updates ipsets
accordingly whenever there's a change of on-link prefixes.
This commits updates `thread-cert/Makefile.am` adding some existing
tests that were not included in the Makefile when the tests were
added. It also sorts the entries to be in alphabetical order.
This commit also updates the access control mode for all script files
to be executable by all (`chmod 755` or "-rwxr-xr-x").
In BMLR test, the commissioner may fail to start because the /c/ps
COAP message failed to reach Leader due to unstable links. This
commit makes sure the links are established before starting the
commissioner.
When initializing, we should use randomly generated network parameters
instead of default ones, to eliminate the possibility of unintentional
use of default credentials.
If user doesn't set the Partition Id using the command
'leaderpartitionid xxx', the current cli command 'leaderpartitionid'
always return 0. This commit renames the command 'leaderpartitionid'
to partitionid and let the command partitionid returns the current
leader Partition Id and add command partitionid preferred to set or
get preferred Partition Id.
This commit implements DUA features of Thread 1.2 DUA that involves
sending and processing Backbone query and answer:
- Extend address query to the Backbone Link
- Send BB.qry for Thread address query
- Send ADDR_ANS.ntf for BB.ans
- DAD process
- PBBR to send BB.qry on the Backbone link (3 times if not answered)
- PBBR to receive and handle BB.qry and sends BB.ans
- PBBR to receive BB.ans and sends ADDR_ERR.ntf if duplicated
- PRO_BB.ntf
- Send PRO_BB.ntf when DUA registration is updated
- Handle PRO_BB.ntf
- Add test_dua_dad.py to test the DAD process when it was successful
or duplicated
- Verify the normal DAD process
- Verify Address Query can be extended to the Backbone link
- Verify DAD duplicate is handled correctly
- Verify PRO_BB.ntf for duplicated DUA is handled correctly
- backbone/test_mlr_multicast_routing.py verifies the basic features
of Backbone multicast routing
- backbone/test_mlr_multicast_routing_timeout.py verifies that MLR
timeout works
- backbone/test_mlr_multicast_routing_commissioner_timeout.py verifies
that Commissioner MLR timeout works
This commit enhances Backbone Router to send BMLR.ntf on the backbone
link for Multicast Listeners.
- Send BMLR.ntf to the Backbone link
- Add Backbone test with packet verification
- Includes some revision to the Thread 1.2 Backbone CI scripts to make
it more stable
This commit allows running packet verification on a test info (.json)
directly without running the test procedure, which can be helpful for
developing and debugging packet verification code.
Thread 1.2 CI with OTBR and Backbone link:
- Run OTBR in Dockers with Backbone link
- Enhance node.py to work with OTBR Docker
- Add Packet Verification for 5.11.1
- incomplete, some steps can not pass yet, just to make sure
Backbone traffic verification works
- Support running multiple tests simultaneously (default: each test
run 3 instances)
- Build OTBR Docker using OpenThread PR code
- Upload code coverage in Docker
Some implementation details:
- Most existing code of node.py is shared by OTBR Docker
- Backbone related test scripts are found in
tests/scripts/thread-cert/backbone
- A new script tests/scripts/thread-cert/run_bbr_tests.py is added to
manage multiple running tests
- Test configuration differs according to PORT_OFFSET
- Backbone interface name: Backbone{PORT_OFFSET}
- Backbone network prefix: 91{PORT_OFFSET:02x}::/64
- Docker instance name: otbr_{PORT_OFFSET}_{nodeid}
- Output Files:
- Pcap:
- Thread: {test_name}_{PORT_OFFSET}.pcap
- Backbone: {test_name}_{PORT_OFFSET}_backbone.pcap
- Merged: {test_name}_{PORT_OFFSET}_merged.pcap
- Log: {test_name}_{PORT_OFFSET}.log
This commit runs Thread 1.1 certification tests with packet
verification for 1.2 build because Thread 1.2 certified devices are
supposed to be able to pass Thread 1.1 certification first.
Note: changes to test TOPOLOGY:
- Original: nodes use version=1.1 by default
- Now: nodes use version according to ENV, except explicitly specified
This commit introduces the packet verification (PV) framework for
certification tests.
- Add packet verification framework code
- Implement packet verification for cert 5.1.7 as a minimal
example. There will be more 1.1/1.2 tests with PV submitted in the
future.
- Download pre-built thread-wireshark binaries from
openthread/wireshark/releases for packet dissecting (used by
pyshark)
- Added a Github Action job for Packet Verification
According to PEP8, constants should be written in all capital letters.
This commit capitalizes these constants:
- thread_cert.TestCase.topology
- thread_cert.TestCase.support_ncp
- Update all test cases to inherit thread_cert.TestCase and update
topologies accordingly. The topologies should all be correct because
they are automatically generated, not hand written.
- Use default Thread version: 1.1
- Cleanup node tmp files in tmp directory according to the current
PORT_OFFSET in setUp. This is required by
test_reed_address_solicit_rejected.py and test_coap_observe.py since
they define multiple test functions in one TestCase.
- Removed call to set_extaddr64 because it's not necessary and causing
failures.
- Introduce BACKBONE_ROUTER option for Backbone Router function.
- Implement Backbone Router service registration.
- Add basic Backbone Router service.
- Primary Backbone Router restores its Dataset when reattached after
short reset, increases sequence number and re-register to Leader.
- Add configurable jitter for Backbone Router service registration.
- Add Backbone Router service test.
This commit introduces the first Thread 1.2 feature - enhanced keep
alive.
This commit also introduces the build config
OPENTHREAD_CONFIG_THREAD_VERSION to include/exclude Thread 1.2 code.