This commit updates the DHCPv6 Prefix Delegation (PD) client to
comply with RFC 9915, which obsoletes the Server Unicast option
(Option 12) and the UseMulticast status code.
Changes:
- Removed `mServerAddress` and `ProcessServerUnicastOption()` from
`Dhcp6PdClient`.
- Modified `Dhcp6PdClient::SendMessage` to always transmit via
multicast to `ff02::1:2`.
- Removed `UseMulticast` status code handling in `HandleReply()`.
- Added `otMessageFree` weak stub in simulation platform's
`infra_if.c` to resolve linking errors on simulation radio-only
targets when DHCPv6 PD client is enabled.
- Updated `test_dhcp6_pd_client.cpp` to expect multicast and
removed the obsolete UseMulticast test case.
Retransmissions of frames containing time-dependent header Information
Elements (IEs), such as CSL or Time Sync, require updates to these
IEs to reflect the exact time of sending. If the frame counter is not
incremented for these retransmissions, it leads to nonce reuse in
AES-CCM encryption, which is a security vulnerability.
This commit addresses this issue by ensuring that every transmission
attempt (initial or retry) uses a fresh frame counter:
- Deferred security processing from `SubMac::Send()` to
`SubMac::BeginTransmit()`.
- Upon retransmission in `SubMac::HandleTransmitDone()`, the frame is
restored to plaintext via `TxFrame::DecryptTransmitAesCcm()` and
security flags are cleared.
- This allows time-dependent IEs to be updated and a new frame counter
to be assigned for every attempt.
Added a Nexus test case `retransmission_security` to verify that both
CSL and standard MAC retransmissions use incrementing frame counters
and updated CSL phases.
In CliUartOutput, if otPlatUartFlush() fails when trying to send
buffered output to make room for new output, it logs a warning using
otLogWarnPlat. However, this warning is added to the same full
buffer, which does not help and can cause further issues.
This commit removes the offending log line as suggested in issue #7478.
This commit adds support for IPv6 loopback address (::1) in the
simulation platform. When the local interface is set to the IPv6
loopback address, it uses the interface-local multicast group
(ff01::116) instead of the link-local group (ff02::116) for
node-to-node communication.
It also ensures that the `sin6_scope_id` is correctly set for the
loopback address in the transmission socket.
This commit provides the platform-level implementation for the
instance-aware logging API `otPlatLogOutput()`. This API is used when
`OPENTHREAD_CONFIG_LOG_INSTANCE_AWARE_API_ENABLE` is enabled, allowing
the platform to receive the `otInstance` pointer with each log line.
The new API is implemented across:
- The simulation platform logging.
- The POSIX platform using `syslog()`.
- The NCP base to route logs to the NCP host.
- The CLI logging module.
- Unit tests and mock platforms.
The `OPENTHREAD_CONFIG_LOG_INSTANCE_AWARE_API_ENABLE` configuration is
also enabled for Toranj simulations to support multi-instance log
testing.
This commit updates various CMake configuration files to simplify
the check for Apple platforms. It replaces the `CMAKE_CXX_COMPILER_ID`
check for `AppleClang` with the built-in `APPLE` variable across
multiple targets (such as `ftd`, `mtd`, `cli`, and others). This
ensures that Apple-specific linker and compiler flags (like `-Wl,-map`
and `-Wimplicit-int-conversion`) are correctly applied when building
on macOS, regardless of the specific compiler used.
Additionally, this commit updates `CMakeLists.txt` to explicitly set
the `CMAKE_AR` and `CMAKE_RANLIB` paths to the default system
locations (`/usr/bin/ar` and `/usr/bin/ranlib`) when the `APPLE`
variable is set.
This commit updates the following `otPlatInfraIf` platform APIs to
include an `otInstance *` as their first parameter:
- `otPlatInfraIfHasAddress()`
- `otPlatInfraIfSendIcmp6Nd()`
- `otPlatInfraIfDiscoverNat64Prefix()`
Other APIs under `otPlatInfraIf` already follow this pattern. Passing
the `otInstance` pointer is the required standard for all platform
and public APIs; however, it was missed during the initial design of
these specific APIs.
While missing this parameter is often not a blocker on platforms using
a single OpenThread instance, it has become a blocker for simulations,
especially when multiple Border Routers are emulated in the same
simulation setup.
This change introduces a compatibility break for existing platform
implementations, however, it is necessary to support new use cases
(simulation of BRs). It also helps ensure consistent API design
across the stack.
This commit fixes the problem where OpenThread mDNS responder always
sends responses to port 5353, ignoring the source port of the query.
According to RFC 6762, a mDNS responder should support one-shot
multicast DNS queries by sending the response to the source address
and source port of the query.
Changes:
- Captured the actual source port from incoming queries in Simulation
and POSIX platforms.
- Updated otPlatMdnsSendUnicast in Simulation platform to use the
provided destination port.
- Verified that legacy unicast responses correctly cap TTL to 10
seconds as required by RFC 6762 section 6.7.
This commit introduces the Border Agent Admitter feature , which
enhances Thread MeshCoP.
A Border Admitter is an enhanced Border Agent that functions as a
traditional BA while enabling new behaviors. It acts as a proxy and
dispatcher, allowing multiple external Enrollers to connect to it. It
then petitions to become the single Active Commissioner on the Thread
mesh, forwards new joiner requests to connected Enrollers, and
manages the session between joiners and multiple Enrollers
The implementation includes three main components:
- `Admitter`: The main class that orchestrates the feature, managing
enroller sessions and aggregating steering data.
- `Arbitrator`: A distributed election mechanism that runs among
Border Admitters on the mesh to select a single "Prime Admitter" by
publishing a new Border Admitter service in the Thread Network
Data.
- `CommissionerPetitioner`: A sub-component responsible for
petitioning the Leader to be granted the commissioner role. It
handles conflicts if another commissioner is already active.
New public APIs are added in `openthread/border_agent_admitter.h`.
This commit also introduces a suite of comprehensive tests for the
Border Admitter functionality under the `nexus` test framework. It
covers various scenarios including:
- Prime Admitter election and role management
- Enroller registration, keep-alive, and timeout interactions
- Handling of commissioner conflicts and petitioner retry mechanisms
- Support for multiple enroller sessions and combined steering data
- Forwarding of Joiner `RelayRx` and `UdpProxy` messages
- Joiner acceptance, release, and expiration tracking
A default OTNS platform API function otPlatOtnsStatus() is now
provided that writes the status push to the log always (regardless of
configured log level). This is useful as a default handling for apps
built with -DOT_OTNS=ON, avoiding linker errors while not mandating
each platform to implement the API by itself.
Specifically it enables the Posix CLI app ot-cli to be built with OTNS
support, which is required to run Posix nodes in OTNS and receive the
status-push events via stdout logging.
The logging is emitted from the module named "Otns" so that a
simulator or other tool can easily detect the OTNS format status push
events in the log output.
Refactors the example CLI app and the CLI module code to provide a
default implementation of the 'APP' log output option for any CLI
apps. This default is used when log output is configured to 'APP'
output and the CLI application itself does not provide its own
implementation of `otPlatLog()`.
This extends the current logging option (syslog) for the Posix app
ot-cli with the option to direct the log output to the CLI app, which
then prints it in stdout. This logging option can be enabled using the
existing -DOT_LOG_OUTPUT=APP. Previously, this gave a build error for
the Posix platform. This logging method is useful/required for running
NCPs in OTNS, such that the simulator can capture all log output and
at the same time syslog is not overly burdened on the host machine.
This commit enables the format-nonliteral check for code missed in
`#12236`. This commit also enables the format-nonliteral warnings in
CMake to catch such warnings in future in CMake build.
This commit adds select API so that simulation and be integrated with
other mainloops.
This commit also adds a flag to disable UART on simulation platform.
The description of the method `otPlatRadioEnableCsl()` requires the platform
to include the CSL IE in the enhanced ACK when the received data frame's source
address matches the CSL receiver's peer address. This commit implements this
requirement in the simulation radio.
Commit adds check if commissioning is possible and if the tcat device is already commissioned.
Adds advertisement update on disconnected and role change.
Fixes key handling for key references.
Fixes the authorization processing.
Implements recent changes of the application TLVs.
The radio platform API otPlatDiagRadioTransmitDone() and
otPlatDiagRadioReceiveDone() are the same with the API
otPlatRadioTxDone() and otPlatRadioReceiveDone(). This commit removes
the API otPlatDiagRadioTransmitDone() and otPlatDiagRadioReceiveDone()
to let the MAC layer and the diag module to use the same radio API to
send and receive 154 frames. So that the diag module could process the
ACK frame in the future.
This commit contains various enhancements to the `Otns` class:
- Makes `Otns` methods non-static. This aligns their use with the
clang-tidy `readability-static-accessed-through-instance` check,
which disallows accessing static methods through an instance.
- Updates the `make-pretty` script to enable OTNS and include it in
`clang-tidy` checks.
- Adds a stub implementation of `otPlatOtnsStatus()` in the simulation
and fake platforms. This allows the OTNS feature to be enabled in
`make-pretty` builds and covered by GitHub Action CI checks.
- Simplifies the `EmitStatus` methods to use the `String` class for
constructing the status string.
- Adds a new helper method to construct the CoAP status string,
removing duplicated code.
This commit introduces the `Dhcp6PdClient` class, which implements
DHCPv6 Prefix Delegation (PD) client functionality. It integrates
with `BorderRouter::RoutingManager` and its `PdPrefixManager`
sub-component. The CMake `OT_BORDER_ROUTING_DHCP6_PD_CLIENT` mapped
to `OPENTHREAD_CONFIG_BORDER_ROUTING_DHCP6_PD_CLIENT_ENABLE` config
enables this feature.
Previously, the platform layer was expected to implement client
functionality, acquiring and providing the delegated prefix(es) to
the OT stack using `otPlatBorderRouter*` callbacks. This approach
continues to be supported. The `Dhcp6PdClient` feature adds native
support for this functionality in the OpenThread core.
The `Dhcp6PdClient` implementation follows RFC 8415, focusing on
prefix delegation and all required behaviors. The client follows the
standard four-message Solicit/Advertise/Request/Reply exchange to
obtain a delegated prefix, followed by a two-message Renew/Reply or
Rebind/Reply exchange to extend the lifetime of the delegated prefix.
When the prefix is no longer needed, a two-message Release/Reply
exchange ends its lease. The current client implementation does not
support the optional "Reconfigure Accept" mechanism.
A set of `otPlatInfraIfDhcp6PdClient*` platform APIs are also
introduced for use by the `Dhcp6PdClient`. These APIs are used to
enable or disable listening for DHCPv6 messages and to handle sending
and receiving them on the standard client and server UDP ports
(546 and 547), effectively acting as a UDP socket.
This commit also includes a comprehensive unit test covering various
aspects of `Dhcp6PdClient`, including common behaviors and many
specific edge cases.
This will avoid the problem that scope id or ifindex remains 0 for a
link-local transmission. If 0, the OS cannot decide which network
interface to use based on address alone.
Currently, if the platform has no upstream DNS server configured,
upstream DNS query will eventually time out. This can lead to delays
in responding to the DNS client.
The new otPlatDnsIsUpstreamQueryAvailable API provides a mechanism for
the platform to proactively signal the unavailability of upstream DNS.
This commit enhances the OpenThread DNSSD name server/resolver and its
native Discovery Proxy to support queries for arbitrary record
types.
To enable this, a new set of `otPlatDnssd` APIs are introduced for
generic `RecordQuerier`. These APIs mirror the existing APIs in the
OpenThread native mDNS module, allowing direct use of the native mDNS
implementation.
The discovery proxy implementation is updated to start and stop the
mDNS `RecordQuerier` when receiving a query for an arbitrary record
type, passing the first response record back to the client.
The unit tests `test_dnssd_discovery_proxy` and `test_dns_client`
are updated to cover all the newly added behaviors in discovery proxy.
The simulation platform radio driver doesn't set the 'mInfo.mTxInfo.mIeInfo'
field of the ACK frame. And the function 'otMacFrameUpdateTimeIe()' directly
use the 'mInfo.mTxInfo.mIeInfo' field, this may cause the program crash.
This commit checks whether 'mInfo.mTxInfo.mIeInfo' is null before using it
and sets the 'mInfo.mTxInfo.mIeInfo' field of the ACK frame to null in
simulation platform.
This commit introduces a new mechanism for the TREL link to detect and
handle discrepancies between the IPv6 address and port used by a TREL
peer in a received TREL packet, and the information previously
reported by the platform layer (through DNS-SD discovery) for the
same peer.
Ideally, the platform underlying DNS-SD should detect changes to
advertised ports and addresses by peers. However, there are
situations where this is not detected reliably.
As a received frame over the TREL radio link is processed by the MAC
or MLE layers, if the frame passes receive security checks at either
layer (indicating it is a secure and authenticated/fresh frame from a
valid neighbor), the TREL peer socket address is automatically
updated from the received TREL packet info. This ensures the TREL
peer table is updated correctly if there are changes to TREL peer
addresses of valid Thread neighbors upon rx from such neighbor,
increasing the robustness of the TREL link.
This commit also introduces a new `otPlatTrel` platform API,
`otPlatTrelNotifyPeerSocketAddressDifference()`. The TREL
implementation now notifies the platform layer whenever it detects a
discrepancy in a TREL peer's socket address, regardless of whether
the peer table is automatically updated. This allows the platform
layer to take any appropriate action, such as restarting or
confirming DNS-SD service resolution query for the peer service
instance and/or address resolution query for its associated host
name.
This commit also adds a new test that validates the newly added
behavior, including the auto-update of peer table information and
notification of the platform through the new API, triggered by either
MLE or MAC messages over the TREL radio link.
The wakeup frame is sent from the wakeup coordinator rather than the
wakeup end device. Current code processes the key id mode 2 only when
the device is the wakeup end device. This commit corrects this issue.
If the radio driver supports the `OT_RADIO_CAPS_TRANSMIT_SEC`, the
radio driver should process the security of the send frame. But the
current method `otMacFrameProcessTransmitSecurity()` doesn't process
the security of the wakeup frame. Which causes sent wakeup frame is not
encrypted.
This commit enables the method `otMacFrameProcessTransmitSecurity()`
to process the security of the wakeup frame.
This commit introduces `CslNeighbor`, a subclass of `Neighbor` that
also inherits from `IndirectSender::NeighborInfo` and
`CslTxScheduler::NeighborInfo` to manage indirect transmission and
CSL-specific information.
The `Child` class now inherits from `CslNeighbor`, inheriting all CSL
functionalities while adding extra child-specific information. The
newly added `CslNeighbor` allows extending CSL functionality to
devices in other roles, not just `Child` devices.
The `CslTxScheduler` class is updated to use `CslNeighbor` as well
(instead of `Child`), making it more general-purpose.
`IndirectSender`, its sub-components, and `Mac` are updated to enable
CSL on MTD builds when `OPENTHREAD_CONFIG_MAC_CSL_TRANSMITTER_ENABLE`
is enabled.
This restructuring provides a more flexible and scalable framework for
implementing enhanced CSL functionality on new device types.
When the ot-rcp enters the assert state, the host crashes and exits.
But the ot-rcp still runs in the dead loop and becomes an orphan
process.
This commit enables the platform assert so that the ot-rcp can
automatically exit when entering the assert state.
Sometimes `ot-rcp` will exit without any exit information in the
log. It is hard for developers to know what happens on the `ot-rcp`
side when the `ot-rcp` exits abnormally. This commit calls functions
defined in `lib/platform/exit_code.h` to exit the program and log the
exit information.
This commit introduces a mechanism for a device transitioning from
child to router role to keep receiving frames addressed to its
previous short address for a brief period.
A new radio platform API, `otPlatRadioSetAlternateShortAddress()`, is
introduced. This allows the OT stack to configure an alternate short
address. Radio platform support for this function is indicated by the
`OT_RADIO_CAPS_ALT_SHORT_ADDR` capability in `otPlatRadioGetCaps()`
The same function can be used with `OT_RADIO_INVALID_SHORT_ADDR`
(`0xfffe`) to clear a previously set alternate short address. Support
for the new API is implemented in RCP and `RadioSpinel`, ensuring
backward compatibility by dynamically checking supported radio
capabilities.
MLE code is updated to instruct the radio to use the old child RLOC16
as an alternate address upon role transition. The MLE layer will
automatically clear the alternate address after eight seconds, or if
other state/mode changes occur. This eight-second window ensures the
new router can transmit four MLE Advertisement messages.
This commit adds empty implementation for a NCP based version of
otPlatDnssd APIs.
Like NCP version of otPlatInfraIf APIs, this commit adds a control
option to enable/disable the simulation platform version of
otPlatDnssd APIs to avoid conflict. By default, the simulation version
of implementation will still be turned on.
The implementation of `otTaskletsSignalPending` in
`examples/apps/<app>/main.c` is exactly the same as the weak
implementation in `tasklet_api.cpp`. No need to repeat it and blocking
other implementations of that function.
This commit updates the default Thread version to 1.4, so that most
latest features will be enabled by default. This commit also explicitly
enable the epskc feature just like other features in the build script.
This implementation will be used on all platforms for NCP nodes
(simulation, any vendor platforms). However the simulation platform
already has a different implementation. To avoid conflicts, the commit
adds a control flag in simulation config so that we can choose whether
to enable the simulation implementation.
The length of diag output messages is limited by the diag buffer size.
Developers have to change the diag buffer size to allow diag module to
output long messages. If diag output messages become longer and
longer, developers have to keep changing the diag buffer size.
This commit adds an output callback to diag module to output diag
messages. Then the length of diag output messages won't be limited by
the diag buffer size.
Jonathan Hui