This commit adds the `srp server port` CLI command, which maps to the
`otSrpServerGetPort()` API. This new command is now used in
`thread-cert/node.py` to implement `get_srp_server_port()`, allowing
direct retrieval of the SRP server port instead of indirectly parsing
the network data entry.
This commit fixes `get_srp_server_port()` in `thread-cert/node.py`.
This function parses Network Data service entries, searching for an
SRP/DNS unicast (non-preferred) entry, and then attempts to parse the
published port number of the SRP server by examining the last bytes
of the "server data".
The SRP/DNS unicast entry was previously updated to optionally include
a "version" field at the end of the "server data". This update caused
the port number parsing to fail, as the code did not account for the
extra byte corresponding to the version field.
This commit resolves this issue by ensuring that the two bytes are
correctly read and interpreted as the port number, regardless of the
presence of the version field.
Key Changes:
* Server Prioritization: RDNSS-discovered servers are prioritized
based on their advertised lifetime. Servers with longer lifetimes
are preferred.
* Recursive DNS Server List: The resolver maintains a list of
recursive DNS servers, which now includes servers learned via RDNSS.
* DNS Query Integration: The resolver uses the RDNSS-learned servers
when forwarding DNS queries upstream.
* Border Routing Integration: The RDNSS callback is registered to the
border routing module.
Minor Changes:
* The unused function `Transaction *GetTransaction(int aFd)` is
removed.
Previously, the code relied on the return code of the `service radvd
status` command to determine if `radvd` was running. This was
unreliable because the command could succeed even if the service was
not actually active.
The `is_radvd_running` function now parses the output of `service
radvd status` and specifically checks for the line "running" to
confirm that the service is truly running.
This commit relaxes the tests that assume mDNS resolve would provide a
single IPv6 answer and explicitly check and require one address. This
behavior of the mDNS API is improved/changed in the `ot-br-posix`
implementation, allowing multiple addresses to be collected and
passed in the "resolved" callback.
This commit updates the `_assert_dig_result_matches()` function to
have an additional parameter, `allow_extra_answer`, which is then
used in specific test steps.
Previously there's a delay for every router (10 seconds) and child (3
seconds) for it to start. The serialized waiting times are
unnecessary. This commit removes such waitings to speed up the test
case. This is especially useful in the BR test
`test_srp_register_500_services_br.py` which uses non-virtual time.
This adds the `-x` flag to the `tcp send` command so send specific
data defined by a hexadecimal string. The purpose is to use this in
testing, for example to emulate HTTP GET requests.
The current diag module allows users running the 'diag send' and 'diag
repeat' concurrently. The command run later will change the settings
of the command run earlier, which will cause unexpected test results.
This commit does not allow running 'diag send' and 'diag repeat'
concurrently.
This commit introduces the `BorderAgent::EphemeralKeyManager` class,
which manages the use of the ephemeral key by the Border Agent.
The `EphemeralKeyManager` uses its own DTLS transport and CoAP secure
sessions. This allows the `EphemeralKeyManager` and the `BorderAgent`
service (which uses PSKc) to be enabled and used in parallel.
Previously, a single transport and session was shared between these
functions, requiring the normal BA service (with PSKc) to be stopped
before the ephemeral key could be used.
This is a fundamental change and improvement to the ephemeral key and
Border Agent functionality. Therefore some existing `otBorderAgent`
APIs need to be modified. For example, `otBorderAgentGetState()`,
which returned the Border Agent state to indicate whether there were
any active sessions, is no longer meaningful, as different
sessions/transports are now used for PSKc and ephemeral key, and
there can be multiple sessions. This commit intentionally renames and
changes the `otBorderAgent` public APIs, specifically all those
related to ephemeral key use, to highlight the fundamental change in
behavior. While this can cause backward incompatibility, it requires
app layer code that used the previous APIs to be updated to take into
account the new behavior.
This commit also updates `nexus/test_border_agent`, adding new tests
to validate the new behavior (e.g., BA service and ephemeral key
parallel sessions). It also includes and validates the Border Agent
counter updates under different scenarios (this enhances and replaces
`test_ephemeral_key_counters.py`).
Commit adds implementation of:
- 0x40 Tcat tlv extraction of active dataset,
- 0x25 Tcat tlv extraction of commissioner certificate.
Includes also refactoring of `BleCommand` adds new method `process_response`.
This simplifies:
- `GetPskdHash`
- `GetRandomNumberChallenge`
`TransmitPacket()` should return an error from platform Radio
implementation, as for example Radio can be in incorrect state.
If error occurs, increase `mSentErrorInvalidStatePackets` stat.
Add wrong state case to tests and fix `diag repeat stop` called
too lata.
Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
The original `diag send` command is an asynchronous command. Users
must wait for a certain period of time and then run the `diag stats`
command to query how many packets have been sent to know whether all
packets have been sent. This is very inefficient, and it is not
convenient for scripts to process this command.
This commit changes the command `diag send` from an asynchronous
command to a synchronous command, and add the asynchronous command
`diag send async`.
Previously, it prints a line `PASS x FAIL y ...` when all the runs of
a test case complete. However, such messages could be hard to find
when multiple test runs fail so the messages are interspersed between
other logs.
This commit moves such messages to the end of the output. This makes
it easier to notice which test cases are failed. Also it will list the
failed iterations, which is useful when MULTIPLY > 1.
When using the `diag frame -c xxxx` command to enable the CSMA-CA when
transmitting the frame, the command `diag send` won't output any message
the CCA failure happens. It is difficult for users to know whether
the CSMA-CA is actually effective via diag commands.
This commit counts the number of packets that are sent succeed and failed,
outputs the transmision failure reason and do not re-transmit the frame
after it fails to send.
This commit adds a version field (`uint8_t`) to DNS/SRP Anycast and
Unicast Service entries in `NetworkData::Service::Manager`.
For Unicast entries, the version the version field is placed after
the existing fields, specifically after the IPv6 address and port number fields.
For Anycast entries it is added as the in server data as part of the
Server TLV.
When processing Network Data service entries, the version field is
optional and if absent, version number zero is assumed.
The `NetworkData::Publisher` now considers entries with the same or
higher version number when deciding whether to add or remove its own
entry, preferring those with a higher version.
In SRP client, when `AutoStart` mode is used and if there are multiple
Unicast, Service entries, the client prefers the one with larger
version number.
When selecting an anycast entry, the existing rules regarding sequence
numbers are still used. If multiple entries with the same sequence
number exist, the client will assume the minimum version number among
all such entries.
This commit also updates the `test_network_data` unit test, validating
the new format and related methods.
`test_netdata_publisher.py` is also updated to check service entries
with different version numbers.
All diagnostic commands (instead of `diag start`) should fail if
device is not in diagnostic mode. Previously it was verified by
each command's process method (with a missing check in
`ProcessEcho` and `ProcessGpio`). This commit moves the check
directly to `ProcessCmd` and cleans up redundant code.
Additionally clean the documentation and align the code as for
some commands `status 0x00` was added on success and for some not.
Move `AppendErrorResult()` to `ProcessCmd()` as well.
Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
This commit expects echo of diag commands to make sure the command is
received by the node when waiting for the expected output. This helps
make this test less flaky.
This commit updates `Srp::Server` to associate its UDP socket with
`kNetifThreadInternal`, ensuring that received messages are from the
internal Thread network interface (i.e., from devices within the
Thread mesh).
There's a CI failure that the BR sends the query to 8.8.8.8 as the
upstream DNS server and responded to the DNS client. This is undesired
behavior. We want the BR to query our test DNS server instead.
The issue happened because 8.8.8.8 is already an entry in
`/etc/resolv.conf`. To avoid querying it, we should fully overwrite
the `/etc/resolv.conf` to ensure the BR queries the test DNS server.
There's another issue that `bind9` service was also running on the BR
node which taken over all incoming DNS queries. `bind9` should only
run on the upstream DNS server node. I'll try fix this in a more
generic way later.
This commit fixes an issue in DNS recursive resolver that it didn't
bind its socket to the infra network interface. This may cause the DNS
message to be sent on an unexpected network interface, depending on
the routing table of the platform.
This commit also updates the test case `test_upstream_dns.py` to make
the upstream DNS server run on a different node. Previously the
upstream DNS server ran on the same node as the BR which is a
limitation of this test case.
This commit introduces the `RouterRoleRestorer` class, nested within
`MleRouter`, to manage router/leader role restoration after an MLE
operation restart (e.g., a device reboot) by sending multicast Link
Requests. This class simplifies the code and centralizes role
restoration logic.
Specific changes:
- A new member variable `mLastSavedRole` is added to track the last
attached role (saved in non-volatile memory). This is used by
`RouterRoleRestorer` to determine the number of Link Request
attempts. This variable replaces the previous `mWasLeader`, which
was only updated after a reboot and would not account for role
changes afterward.
- The `AttachTimer` is now used for role restoration instead of the
retransmission timer, as role restoration always occurs while the
device is detached and before any attach attempts.
- The `kLinkRequestTimeout` is used for the last attempt before
considering restoration failure.
- The `mChallengeTimeout` mechanism is now removed (in earlier Thread
specification versions, multicast Link Requests could be used while
the device was attached, but this is no longer used or needed).
- `test-012-reset-recovery.py` is updated to validate the role
restoration behavior. `test_detach` is also updated and fixed.
Commit introduces implementation of missing general class commands:
- PresentPskdHash
- PresentPskcHash
- PresentInstallCodeHash
- RequestRandomNumChallenge
- RequestPskdHash
Also include minor fixes in Tcat python client and refactoring of expect
tests for tcat.
This commit adds a new IDLE state to PdPrefixManager.
PdPrefixManager enters idle state when PD is enabled and there is
already a BR requesting PD prefix. When there are multiple BRs
publishing PD prefix at the same time, the one with lexcial smaller
prefix wins.
This commit updates the `RouteingManager` to set the newly
allocated "SNAC Router Flag" (bit 6) in emitted RA messages from
Thread BR. The flag is also parsed and tracked in received RA
messages.
This replaces the previous model where an experimental flag bit
in "Flags Extension Option" indicated a "stub router". This commit
also removes the `STUB_ROUTER_FLAG_IN_EMITTED_RA_ENABLE` confg
(no longer optional/experimental) and renames `mStubRouterFlag` to
`mSnacRouterFlag`.
The test software for certification currently uses the mDNS packets of
trel service responses to find out the trel port, and then use the port
number to determine which packets in a capture should be decoded as TREL
packets. However this may not be reliable since it depends on when the
capture starts. Added a cli to get trel port, so this can be used by
a THCI function.
This commit updates the default Thread version to 1.4, so that most
latest features will be enabled by default. This commit also explicitly
enable the epskc feature just like other features in the build script.
This commit extends the `diag frame` command by adding an argument `-s`
to indicate whether the frame has been encrypted or not, so that the
diag commands can be used to test frames having security processed in
the host.
This commit:
1. update the topology to make 3 BRs running on 2 AILs;
2. specify the test name as `test_multi_backbone_infra`, which is
focusing on verifying the multiple backbone framework works good
3. fix bug that previously pinging throught ethernet does not actually
work.
For 3, previous `br1.ping(br2_infra_link_local, interface=br1_infra_link_local)`
actually send ping command via ot-ctl instead of the docker bash. The
new `br1.ping(br2_onlink_ula, backbone=True)` actually send a docker
bash command to ping another node via ethernet. Here we choose to use
onlink ULA address (9100::) instead of the link local address because
only "ping [link-local-addr]%eth0" (by specifying the zone index) can
work for link-local address, but this is not currently supported by
`LinuxHost.ping_ether()` method.
This commit modifies thread-cert scripts utilizing `pktverify` to
adopt a more flexible approach to TLV type checking. Specifically, it
replaces strict equality (`==`) or strict subset (`<`) checks with a
subset or equal check (`<=`) when verifying the presence of TLVs in a
message. This adjustment ensures that test scripts adhere to the
principle of ignoring extra or unknown TLVs, thereby future-proofing
them against potential protocol updates that might introduce new
TLVs.
This commit adds functions to read peer BRs and routers on infra link by
wrapping the ot-ctl command `br peers` and `br routers`.
`test_multi_ail.py` is also updated to test the new added functions.
This commit targets to support getting infra link-local address of a
OtbrNode in docker test, which is usefully for future test cases.
The test_multi_ail.py is also updated to test the new method added.
This commit adds support for responding to "A record" queries in the
DNS-SD server and discovery proxy.
If the query matches a host registered with the SRP server, the host's
IPv6 addresses are returned in the Additional Data section of the
response. If the query is resolved by the proxy, the `otPlatDnssd`
APIs are used to start/stop IPv4 address resolvers for the hostname
on the infrastructure network.
The `test_dnssd_discovery_proxy` unit test is updated to validate the
new functionality.
### Background
https://github.com/openthread/openthread/pull/10550 introduced a new
way to support multiple backbone nework in otbr docker test. Though it
works good while running a single test, a bug exists when running
cert-suite, which runs a batch of tests in parallel.
cert-suite allocates the name of the backbone interfaces dynamically
by setting env PORT_OFFSET for each test, so there is potentially
conflict exists if we hard code the `backbone_network` name in
TOPOLOGY. This PR is targeting to fix this potential naming conflict.
### Fix
We fix it by assigning a number for `backbone_network_id` in each BR
definition in TOPOLOGY, instead of setting a fixed `backbone network`
name. The final backbone network name is decided by both `PORT_OFFSET`
env and the number of `backbone_network` (in
`backbone{PORT_OFFSET}.{backbone_network}` format)
For example, if `PORT_OFFSET` is 0 and `backbone_network_id` is 1,
then backbone network name will be `backbone0.1`. For the tests that
only use one backbone network and the `backbone_network_id` is not
given, the backbone network name is by default
`backbone{PORT_OFFSET}.0`.
### New test case format
```
class NewTestCase(thread_cert.TestCase):
...
BR = 1
...
TOPOLOGY = {
BR: {
...
'is_otbr': True,
'backbone_network_id': <backbone-id>,
...
}
...
}
...
```
`<backbone-id>` is any integer from 0, for each BR inside a single
test, if `<backbone-id>` is different, the BR use different backbone
interfaces; the same `<backbone-id>` inside a single test case means
the same backbone network interface.
`'backbone_network_id': <backbone-id>` is optional for single backbone
test cases, when it's not given while defining a otbr node, the
backbone is default as `backbone{PORT_OFFSET}.0`.
For developers, if you are defining a new test which has multiple
backbone interfaces, please ensure `backbone_network_id` is explicitly
defined in each BR, otherwize an error is reported.