This commit updates the `markdown-lint-check` job to explicitly set
the `PUPPETEER_EXECUTABLE_PATH` environment variable to use the
system-installed Google Chrome (`/usr/bin/google-chrome`) for the
`linkspector` action. This resolves issues where the action fails
to find a browser environment to execute properly.
This commit implements additional vendor application or ecosystem
policy settings for TCAT including:
1) Automatic deactivation of the TCAT agent / TCAT advertisement after
the thread network has been started over TCAT
2) Automatic activation of the TCAT agent / TCAT advertisement after
the thread network has been stopped over TCAT
3) Automatic activation of the TCAT agent / TCAT advertisement after
decommissioning over TCAT
4) Blocking support of certain TCAT TLVs by the application /
ecosystem
The commit also fixes an issue with certificate storage after
decommissioning.
This commit renames several methods in `Ip6::Address`,
`Ip6::InterfaceIdentifier`, `Ip6::Prefix`, and `Ip4::Address` that
fully initialize the object from `Set...()` to `Init...()`.
This creates a clear semantic distinction in the API:
- `Init...()`: Fully (re-)initializing the object.
- `Set...()`: Modifies a specific property or a sub-component of
the object (e.g., `SetPrefix()`, `SetLocator()`,
`SetSubnetId()`).
Some examples of renames include:
- `SetFromExtAddress()` -> `InitFromExtAddress()`
- `SetToLocator()` -> `InitAsLocator()`
- `SetToLinkLocalAddress()` -> `InitAsLinkLocalAddress()`
- `SetToRoutingLocator()` -> `InitAsRoutingLocator()`
- `SetToAnycastLocator()` -> `InitAsAnycastLocator()`
- `SetToIp4Mapped()` -> `InitAsIp4Mapped()`
All calls to these methods across the codebase have been updated
to reflect the new names.
This commit sets the SO_RCVBUF socket option to 2MB on the
multicast receiving sockets in the simulation platform.
Under heavy simulation load (such as expect tests with 15 nodes
all sending MLE advertisements and discovery packets), the default
OS UDP receive socket buffer can overflow, leading to silent
packet drops. This occasionally caused expect tests like
cli-big-table.exp to fail with "Join failed [NotFound]" because
Node 4's discovery requests or response beacons were dropped.
Increasing the receive buffer size to 2MB prevents packet loss
during dense simulation runs, resolving intermittent CI test
failures.
This commit fixes a frequent unit test flake in ot-test-trickle_timer
under the TestTrickleTimerMinMaxIntervalChange test case.
The test case starts the trickle timer with Imin = 2000 and
Imax = 2000. The random time t (mTimeInInterval) is chosen in
[1000, 2000), so t can range up to 1999.
When t randomly evaluates to 1999, t + 1 becomes 2000. Calling
timer.SetIntervalMax(2000) triggers an early-exit optimization
in TrickleTimer::SetIntervalMax because mIntervalMax is already 2000,
leaving the scheduled timer's fire time unchanged. The test then
crashes on the assertion expecting the fire time to have changed.
This is resolved by setting the new interval max to
Min(t + 1, interval - 1). This ensures that the requested value is
strictly less than 2000 even when t = 1999, successfully triggering
the interval shortening and rescheduling logic tested by this case.
This commit adds a brief 0.1-second sleep delay immediately after
spawning node processes (rcp, cli, and mtd types) in the expect test
harness.
Under high CPU load on GitHub Actions runner VMs, the PTY file
descriptors can take a fraction of a second to fully initialize. If
commands are sent immediately after spawn without delay, the initial
expect match can fail with an instant timeout. This triggers duplicate
retransmissions in wait_for, leaving extra "Done" strings in expect's
PTY read buffer. The leftover "Done" strings desynchronize subsequent
assertions, causing tests to match cached output instead of waiting
for actual command execution (e.g., sending "diag stats" during an
active "diag send" command, which fails).
Adding a 100ms delay gives the PTY and child process enough time to
fully initialize and stabilize, avoiding instant timeouts and
subsequent test harness desynchronization.
This commit adds GCC 15 (version 15.2.rel1) to the `arm-gcc` job
matrix in the OpenThread build (`build.yml`) workflow.
Including GCC 15 in the builds helps ensure that OpenThread compiles
successfully and is free from warnings or errors with the latest GCC
15.2.rel1 release.
Increase wait delay after starting the OTBR service in the
test_publish_meshcop_service.py script.
Starting otbr-agent requires the node to re-attach to the simulated
Thread network and transition to the leader role. In virtualized CI
environments, this role transition can take up to 14.5 seconds. Using
a hardcoded 10-second delay results in a race condition where the
service is published very late, causing the subsequent browse query to
miss the service and fail with AssertionError.
Substituting the delay with BORDER_ROUTER_STARTUP_DELAY (20s) ensures
the node has sufficient time to attach, become leader, start the border
agent, and fully register the mDNS service before browsing.
This commit simplifies MLR state tracking for child devices. Previously,
`Child::Ip6AddrEntry` inherited from `Ip6::Address` to encapsulate the
MLR registration check using the `Child` reference. This introduced
tight coupling between `Child` and `Ip6AddrEntry`.
The logic is refactored by removing `Ip6AddrEntry`. Instead, `Child`
now directly manages a `Child::Ip6AddressArray` and encapsulates the
MLR state querying/updating through new methods:
- `SetAddressMlrRegistrationState()`
- `GetAllMlrRegisteredAddresses()`
- `ClearAllAddressesMlrRegistrationState()`
In `Mlr::Manager`, the redundant `ChildAddressArray` typedef and
`kMaxChildAddresses` constant are removed, reusing the
`Child::Ip6AddressArray`. The method `UpdateProxiedSubscriptions()`
is renamed to the more intuitive `UpdateChildRegistrations()`, and
overloaded to allow calling it without an old address list during
initial child registration.
The test `test_1_3_DBR_TC_7A` was failing occasionally due to
uninitialized stack memory in `NetworkData::OnMeshPrefixConfig config`.
Because `OnMeshPrefixConfig` inherits from `otBorderRouterConfig`
and does not automatically initialize its fields in its default
constructor, declaring `NetworkData::OnMeshPrefixConfig config;`
on the stack left its members (including `mDp` and `mNdDns` flags)
with arbitrary stack garbage. If `mDp` (Domain Prefix flag)
evaluated to true, it caused the registered `PRE_1` prefix to be
erroneously processed as a Domain Prefix. Consequently, the border
router did not include `PRE_1` as a Route Information Option (RIO)
in its emitted Router Advertisements, causing packet verification
to fail in Step 4.
This commit fixes the issue by explicitly initializing the
`config` struct using `config.Clear()` right after declaration.
Fixes an intermittent failure in the
`nexus_announce_no_flap_on_unmergeable_partitions` test.
Previously, only LEADER_NEW was isolated (by enabling allowlist
mode with an empty address list) in Step 2. Because LEADER_OLD
still had allowlist mode disabled, it could receive advertisements
from LEADER_NEW. If LEADER_NEW's randomly allocated partition ID
happened to be larger than LEADER_OLD's, LEADER_OLD would see it
as a "better partition" and initiate a transition to child to
attach to LEADER_NEW.
Although this attempt would initially fail in Step 2 (since
LEADER_NEW dropped all RX), it kept retrying. In Step 3, when the
allowlist was opened on both sides, the queued/retried attach
attempt from LEADER_OLD succeeded, making it a child and causing
the Leader assertion to fail.
Isolating both nodes during Step 2 ensures that LEADER_OLD never
hears LEADER_NEW's initial good-link advertisements. When Step 3
begins, it only hears LEADER_NEW through the weak link and
correctly rejects the advertisements, keeping both nodes stable
leaders of separate partitions.
Explicitly cast the result of the bitwise NOT operator ~ to uint8_t in
BitSetUtils::FlipBits to resolve a build error under AppleClang.
In C++, using the bitwise NOT operator on a uint8_t value promotes it to
an int. Assigning the promoted int back to uint8_t triggers an implicit
conversion warning/error (-Wimplicit-int-conversion) under newer
compiler versions, which fails the build when compiled with -Werror.
This commit introduces helper methods to `MeshCoP::Dataset` to determine
if a given Dataset affects network connectivity or the Network Key.
It also adds a corresponding public API `otDatasetAffectsConnectivity()`.
A Dataset is considered to affect connectivity if it contains a
different Channel, PAN ID, Mesh Local Prefix, or Network Key than
the current values in use.
`Mle::AnnounceHandler::HandleAnnounce` previously executed the
`kAnnounceAttachAfterDelay` action on an attached node even when
the announced channel and PAN ID already equaled the current MAC
parameters. The `!channelAndPanIdMatch` guard was only consulted
in the `IsDetached()` branch. For an attached node this scheduled
`StartAnnounceAttach`, which calls `Stop()` then `Start()` with
the same channel/PAN ID -- accomplishing nothing while disrupting
attached children.
This causes an endless role flap in a topology where two FTDs
share channel, PAN ID, and network credentials but hold different
Active Dataset Timestamps, and where their RF link is too weak to
merge partitions (Advertisements rejected with LinkMarginLow at
`mle_router.cpp`). Each side restarts on every Announce received
from the higher-timestamp peer; the reactive `kSendAnnouceBack`
path further amplifies this because the lower-timestamp side's
own outgoing Announces draw Announce responses from the peer.
Apply the channel/PAN ID match guard unconditionally in
`kAnnounceAttachAfterDelay`. Mirror it on the FTD
`kSendAnnouceBack` path (matching the existing `isFromOrphan`
behavior) so peers sharing MAC parameters are not prompted to
migrate to the channel/PAN ID they already use.
Add `addon_test_announce_no_flap_on_unmergeable_partitions.py`
which builds the topology above and asserts that both nodes
retain their original partition IDs across a 20-minute simulated
window. Without this change the lower-timestamp node is
repeatedly demoted from leader during that window.
This commit moves the state and logic for managing the maximum number
of IP addresses per child from `Mle` to `ChildTable`. The logic for
checking the limit is also moved to the `Child` class itself.
This change better encapsulates the child table properties.
This commit updates the DHCPv6 Prefix Delegation (PD) client to
comply with RFC 9915, which obsoletes the Server Unicast option
(Option 12) and the UseMulticast status code.
Changes:
- Removed `mServerAddress` and `ProcessServerUnicastOption()` from
`Dhcp6PdClient`.
- Modified `Dhcp6PdClient::SendMessage` to always transmit via
multicast to `ff02::1:2`.
- Removed `UseMulticast` status code handling in `HandleReply()`.
- Added `otMessageFree` weak stub in simulation platform's
`infra_if.c` to resolve linking errors on simulation radio-only
targets when DHCPv6 PD client is enabled.
- Updated `test_dhcp6_pd_client.cpp` to expect multicast and
removed the obsolete UseMulticast test case.
This commit updates `MacCountersTlv` and `MleCountersTlv` to use the
`SimpleTlvInfo` template. The original classes are replaced with
`MacCountersTlvValue` and `MleCountersTlvValue` which only represent
the TLV values. This helps simplify the TLV parsing and appending
logic and more importantly allows the TLV value formats to be
reused.
This commit extends the `BitSet` class with several new
methods:
- `CountElements()`
- `IsSubsetOf()` and `IsSupersetOf()`
- `Complement()`
- `UnionWith()`, `IntersectWith()`, and `SubtractWith()`
- `SetMask()`, `AppendTo()`, and `ReadFrom()` message.
This commit also introduces a new `BitSetUtils` non-template base class
for the `BitSet<kNumBits>` template class. This change helps optimize
code by moving the common implementation logic for various bit
manipulation operations out of the template, reducing template
instantiation overhead.
This commit refactors the Nexus tests configuration in CMakeLists.txt
by properly classifying and sorting test cases:
- Moved `inform_previous_parent_on_reattach` from the "Cert tests"
section to the "Misc tests" section, and changed its label from
"cert;nexus" to "core;nexus".
- Moved `retransmission_security` from the "Cert tests" section
to the "Misc tests" section where it belongs (retaining its
"core;nexus" label) and sorted it alphabetically.
These changes ensure the CMake file remains clean and the tests are
properly categorized.
This commit removes the thread-cert/backbone tests and cleans
up all related configurations and references.
Specifically, the following changes are made:
- Deleted tests in tests/scripts/thread-cert/backbone/
- Removed the backbone-router job from .github/workflows/otbr.yml
- Removed backbone-router dependency from upload-coverage job
- Removed setup, cleanup, and checks for backbone tests in
tests/scripts/thread-cert/run_cert_suite.py
This commit removes the `avahi` mDNS configurations from the
`thread-border-router` job matrix in the OpenThread Border Router
(`otbr.yml`) workflow.
With this change, the `thread-border-router` integration tests will
exclusively run using the `mDNSResponder` configuration.
This commit renames the `NetworkDiagnostic` namespace in `src/core/thread/`
and its related types to `NetDiag` for brevity. It updates the
corresponding filenames and header guards as well.
When a sleepy end device (where `Mle::IsRxOnWhenIdle()` returns
false) sends an MLR request, it initiates fast data polls via
`DataPollSender::SendFastPolls()` to quickly receive the response.
This commit updates `Manager::HandleResponse()` to call
`DataPollSender::StopFastPolls()` when the MLR response is processed
by a sleepy end device. This ensures that the device does not
unnecessarily continue fast polling.
Retransmissions of frames containing time-dependent header Information
Elements (IEs), such as CSL or Time Sync, require updates to these
IEs to reflect the exact time of sending. If the frame counter is not
incremented for these retransmissions, it leads to nonce reuse in
AES-CCM encryption, which is a security vulnerability.
This commit addresses this issue by ensuring that every transmission
attempt (initial or retry) uses a fresh frame counter:
- Deferred security processing from `SubMac::Send()` to
`SubMac::BeginTransmit()`.
- Upon retransmission in `SubMac::HandleTransmitDone()`, the frame is
restored to plaintext via `TxFrame::DecryptTransmitAesCcm()` and
security flags are cleared.
- This allows time-dependent IEs to be updated and a new frame counter
to be assigned for every attempt.
Added a Nexus test case `retransmission_security` to verify that both
CSL and standard MAC retransmissions use incrementing frame counters
and updated CSL phases.
This commit introduces a structured state machine to `Mlr::Manager` to
coordinate Multicast Listener Registration (MLR) activities more
efficiently. The previous implementation relied on independent delay
variables and the global `TimeTicker`, which could lead to redundant
or premature registrations, especially when a Primary Backbone Router
(PBBR) was newly discovered or updated.
The new state machine (`kStateStopped`, `kStateIdle`,
`kStateToRegisterAll`, `kStateRegistering`, `kStateRegistered`,
`kStateNewAddrToRegister`) provides explicit transitions for the
entire MLR lifecycle. This ensures that registrations are properly
aggregated and that periodic renewals are correctly rescheduled after
successful out-of-band registrations.
Additionally, the manager now uses a dedicated `TimerMilli` instead of
`TimeTicker`, reducing system-wide overhead and providing more
precise timing control.
Per RFC 9664, the UL option is always included in a success response (RCODE=0).
Comment in test_srp_server is updated also to avoid suggesting the opposite.
This commit introduces a new set of template-based APIs for
non-cryptographic random number generation in the `Random::NonCrypto`
namespace. These new methods provide a cleaner, type-safe, and more
robust interface compared to the previous methods.
Key additions:
- `Generate<UintType>()`: Returns a random value of the given
unsigned integer type (`uint8_t`, `uint16_t`, or `uint32_t`).
- `GenerateUpToExcluding<UintType>(aMax)`: Returns a random value in
the range `[0, aMax)`.
- `GenerateFromMinUpToExcluding<UintType>(aMin, aMax)`: Returns a
random value in the range `[aMin, aMax)`.
- `GenerateInClosedRange<UintType>(aMin, aMax)`: Returns a random
value in the closed range `[aMin, aMax]`.
The introduction of `GenerateInClosedRange` is an improvement as it
safely handles ranges up to the maximum value of the integer type
(e.g., `0xffff`) without the risk of overflow.
All call sites across the OpenThread core stack and tests have been
updated to adopt these new APIs. The public `otRandomNonCrypto`
functions are also updated to leverage the new internal methods.
Doxygen documentation is added for all new template methods,
detailing their behavior, including edge cases where the upper bound
is smaller than or equal to the lower bound.
This commit refactors various unit tests to use `constexpr` for
defining constants instead of anonymous `enum` types.
Using `constexpr` is the modern and preferred approach in C++, as it
provides explicit types for constants and improves code clarity and
type safety.
This commit fixes minor coding style issues in
`RoutingManager::RoutePublisher::StateToString()`. It adds a missing
semicolon after the `DefineEnumStringArray()` macro and corrects the
indentation of the return statement.
This commit makes `Tlv::AppendTlvHeader()` public and updates call
sites to use it. This method automatically handles the formatting
of the TLV header as either a standard TLV header or an extended one
based on the provided length.
This commit removes all code, configurations, APIs, and tests related
to the OPENTHREAD_CONFIG_BACKBONE_ROUTER_DUA_NDPROXYING_ENABLE feature.
Specifically, the following changes were made:
- Removed DUA ND Proxying Backbone Router configuration option and the
related OPENTHREAD_CONFIG_NDPROXY_TABLE_ENTRY_NUM definition.
- Removed CLI commands: `bbr mgmt dua` and the proactive backbone
notification fake command `/b/ba`.
- Removed NdProxyTable and bbr_manager DUA ND Proxying implementation.
- Removed public/internal APIs for ND Proxying and proactive backbone
notifications.
- Deleted ndproxy_table source files and unit tests.
- Simplified CMake and GN build files to remove deleted targets.
This commit improves the `tests/nexus/build.sh` script by adding a
`display_usage()` function and implementing stricter command-line
argument validation.
This commit removes the obsolete Backbone Router (BBR) certification
tests:
- tests/scripts/thread-cert/backbone/bbr_5_11_01.py
- tests/scripts/thread-cert/backbone/
test_mlr_multicast_routing_across_thread_pans.py
These tests are removed because DUA (Domain Unicast Address) routing
features (specifically DUA ND Proxying) have been deprecated and
removed from the codebase. Since these features are no longer
supported, the corresponding certification and validation tests are
no longer valid or runnable.
Remove obsolete backbone test cases for Domain Unicast Address
(DUA) Duplicate Address Detection (DAD), DUA routing, DUA routing
for Minimal End Devices (MED), and Neighbor Discovery (ND) Proxy.
These features and their corresponding tests are no longer needed.
This commit removes all DUA (Domain Unicast Address) validation
and verification steps from test_firewall.py. Since DUA routing
features are being phased out or removed, this keeps the firewall
test in sync and prevents potential failures during test runs.
Specifically:
- Removed DUA ping validation from host to router.
- Removed DUA collection call (collect_duas).
- Removed the packet verifier checks checking for DUA ping traffic.
When cloning the ot-br-posix repository to run the Docker-in-Docker
integration tests, the clone was shallow and did not recursively
check out nested submodules (such as cJSON and cpp-httplib). This led
to build failures inside the Docker build container since libcjson
is not pre-installed on the base build image.
This commit resolves the issue by:
1. Appending the `--recurse-submodules` flag to the git-tool clone
calls in `otbr-posix-dind.yml` and `script/test`.
2. Updating `script/git-tool`'s destination directory parsing to
robustly handle multi-line output from recursive submodule
checkouts. The new pattern extracts the path exclusively from
the first line using `sed` to prevent SIGPIPE or parsing errors.
This commit introduces a new GitHub Actions workflow to automate the
monthly release process using Calendar Versioning (CalVer).
The workflow:
- Runs automatically at 00:00 UTC on the 1st day of every month.
- Supports manual execution via `workflow_dispatch`.
- Automatically generates a CalVer tag (e.g., vYYYY.MM.0).
- Employs the GitHub CLI to create a release and auto-generate
release notes based on merged pull requests.
This commit fixes a potential `uint16_t` overflow in
`Config::SelectRandomReregistrationDelay()` which could occur if
`mReregistrationDelay` was set to the maximum `uint16_t` value.
The `Random::NonCrypto::GetUint16InRange(lower, upper)` function
includes the lower bound but excludes the upper bound. Previously,
the code called `GetUint16InRange(1, mReregistrationDelay + 1)`,
which would overflow the upper bound if `mReregistrationDelay` was
`0xffff`. The logic is updated to `1 + GetUint16InRange(0,
mReregistrationDelay)`, which safely produces a random value in the
range `[1, mReregistrationDelay]` without overflow.
This commit introduces a new helper method that allows appending a
TLV by copying its value directly from a specified `OffsetRange` of
another `Message`.
This helper automatically handles formatting the TLV as an Extended
TLV if the length exceeds 254 bytes, eliminating the need for manual
length checks and TLV header construction at the call sites.
Key changes:
- Added `Tlv::AppendTlvWithValueFromMessage()`.
- Refactored TLV header construction into a private helper
`Tlv::AppendTlvHeader()` to share logic between `AppendTlv` variants
and `StartTlv()`.
- Updated `Commissioner::SendRelayTransmit()` and
`JoinerRouter::HandleUdpReceive()` to use the new helper for
`JoinerDtlsEncapsulation` TLVs.
- Updated `TcatAgent::HandlePing()` to use the new helper, significantly
simplifying the payload response generation.
When logging while `Instance` has not been initialized yet, use 0 as
return value of `GetUptime` and use `OPENTHREAD_CONFIG_LOG_LEVEL_INIT`
as default log level instead of accessing raw memory.
This commit updates `BackboneRouter::Local` to receive role change
events directly from the `Notifier`. Previously, `Bbr::Local` was
indirectly relying on `BackboneRouter::Leader` to emit events even
when the PBBR configuration had not changed (e.g., during role
transitions).
The previous design was fragile and created an unnecessary dependency.
`Bbr::Local` now independently tracks role changes to ensure it
correctly evaluates its own status (e.g., deciding whether to
register as the Primary BBR).
This commit introduces `PrimaryEvent` to represent changes in the
Primary Backbone Router (PBBR) configuration, replacing the previous
`State` enum. Calling it `State` was misleading as the values
describe transitions or updates to the PBBR rather than a persistent
state.
The new `PrimaryEvent` enum provides a more descriptive way to notify
dependent modules (`Mlr::Manager`, `DuaManager`, and `Bbr::Local`)
about specific changes in the PBBR, such as when it is added,
removed, or when its configuration parameters (e.g., RLOC16, Sequence
Number, or MLR Timeout) are updated.
This commit simplifies and enhances the TLV parsing logic in
`TcatAgent` so to use the `Tlv::Info` helper class. This safely and
automatically handles both standard and extended TLVs, removing the
need for manual type checking and length/offset calculations.
Key changes:
- Updated `TcatAgent::HandleSingleTlv()` to use `Tlv::Info::ParseFrom()`.
- Replaced individual `aOffset` and `aLength` parameters with
`const OffsetRange &` across various TLV handler methods (e.g.,
`HandlePing`, `HandleSetActiveOperationalDataset`, `VerifyHash`).
This improves code readability, safety, and consistency with common
OpenThread TLV parsing patterns.
This commit simplifies the logic in `BleSecure::HandleTlsReceive`
by reducing the nesting level through the use of early `ExitNow()`
calls and replacing a complex `if-else` block with a `switch`
statement for handling `errorTcatAgent`.
Key improvements:
- Removed a large `else` block by adding `ExitNow()` after the
initial transparent mode check.
- Used a `switch` statement to handle `errorTcatAgent` returned
by `MeshCoP::TcatAgent::HandleSingleTlv()`, clearly separating
`kErrorNone`, `kErrorAbort` (disconnect), and default fatal
error handling.
- Improved code formatting and comment readability.
This commit refactors `BleSecure::HandleTransport()` to use the
`OffsetRange` and `Message::ReadAndAdvance()` helper methods. This
replaces manual length and offset tracking, resulting in cleaner
and safer message parsing logic.
Additionally:
- Simplified the payload length calculation by using nested `Min()`
calls instead of multiple `if/else` blocks.
- Added a `RadioPacket` typedef in `BleSecure` to alias the public
`otBleRadioPacket` structure, aligning with OpenThread's core
namespace conventions.
This commit introduces a new CMake option `OT_NEXUS_BUILD_TESTS`
(defaulting to `ON`) to control whether the individual Nexus test
executables are built.
When developing or debugging the OpenThread core stack within the
Nexus framework, building the large number of certification tests can
be time-consuming. This option allows developers to skip building the
tests and only compile the `ot-nexus-platform` library and OT core.
The check is implemented inside the `ot_nexus_test` macro to ensure
all test definitions automatically respect the flag without requiring
large conditional blocks in the `CMakeLists.txt` file.
Additionally, a `no_tests` argument is added to `tests/nexus/build.sh`
to easily invoke this configuration from the command line.
Abtin Keshavarzian