This commit removes all Domain Prefix configuration and management logic
from the OpenThread stack, CLI commands, unit tests, and GRL harness
THCI wrapper.
- Removed public Backbone Router Domain Prefix APIs.
- Removed Domain Prefix flag ('mDp') and 'D' flag parser/formatter
from core network data types, Spinel, and CLI.
- Cleaned up local Backbone Router and Leader logic to exclude Domain
Prefix configuration, tracking, and events.
- Updated RoutingManager prefix advertisement (RIO) to exclude
special handling for Domain Prefix.
- Updated CLI documentation to remove Domain Prefix references.
- Removed domain prefix helper methods from python test certification
scripts.
- Removed auto-addition of default domain prefix and D flag support
from GRL harness OpenThread.py.
This commit ensures that the peer's extended address matches the stored
extended address when receiving a Link Accept for an already valid link,
preventing unintended frame counter resets and neighbor table updates.
To achieve this:
- We validate that the peer's extended address (extracted from the
IPv6 peer address IID) matches the router's stored extended address
when processing Link Accepts for a neighbor that is already in the
kStateValid state. If there is a mismatch, the packet is rejected
with kErrorSecurity.
- We gate InitNeighbor() and the resetting of MLE frame counters
so they only execute if the neighbor is not already kStateValid.
For valid neighbors, we only update link statistics (RSS, last
heard, link quality, key sequence) and clear the Link Accept
timeout without modifying the frame counters or average RSS history.
This commit renames the static helper `Utils::ParseToIp6Address()` to
`Utils::ParseOrSynthesizeIp6Address()` to better reflect its behavior
of parsing an IPv6 address or synthesizing one from an IPv4 address
via NAT64.
Additionally, the method is refactored into a non-static member of the
`Utils` class. This eliminates the need to manually pass the `otInstance`
pointer, as the `Utils` class already maintains it. The internal
implementation is also simplified to reduce nesting by exiting early
upon successful IPv6 address parsing.
All callers in the CLI module (TCP, UDP, Ping, DNS) have been updated
to use the new member method.
This commit updates `Name::LabelIterator::ReadLabel()` to explicitly
check that the read label from the message does not contain any embedded
`kNullChar` (`\0`) characters. It uses `StringLength()` to verify that
the length of the string matches the expected label length. If a null
character is found before the end of the label, `kErrorParse` is
returned to prevent potential string truncation issues or
misinterpretation of the label name.
This broader check replaces a recent fix in `PtrRecord::ReadPtrName()`
from #13183 which only verified that the first label was not empty
or malformed by checking for a single-character label with a null
byte. By enforcing this validation centrally at the `ReadLabel()`
level, we now ensure that labels of any length are properly
protected against embedded null characters across all DNS record
types.
This commit refactors several Nexus diagnostic test cases to use the
existing `Mle::GetMeshLocalRloc()` method instead of manually assembling
the RLOC by combining the mesh-local prefix and the node's RLOC16. This
improves code readability and adheres to the standard pattern for
retrieving a node's Routing Locator.
This commit renames several methods in the `Mle` class that construct
an IPv6 address from the mesh-local prefix and an RLOC16/ALOC16 from
`Get...()` to `Compose...()` to better reflect their behavior.
The affected methods are:
- `GetLeaderRloc()` -> `ComposeLeaderRloc()`
- `GetLeaderAloc()` -> `ComposeLeaderAloc()`
- `GetCommissionerAloc()` -> `ComposeCommissionerAloc()`
- `GetServiceAloc()` -> `ComposeServiceAloc()`
This commit updates the codebase to use the `Icmp6Header` type
directly, replacing the nested `Ip6::Icmp::Header` definition.
This change aligns the ICMPv6 header type definition with the
conventions used for other network protocol headers and simplifies
type references across the network, border router, and utility
modules.
This commit removes the OPENTHREAD_CONFIG_TMF_PROXY_DUA_ENABLE feature
and all associated code, tests, CLI commands, and harness references.
Changes:
- Removed OPENTHREAD_CONFIG_TMF_PROXY_DUA_ENABLE definition and all
assert/preprocessor checks.
- Completely deleted dua_manager.cpp and dua_manager.hpp.
- Removed DUA registration notifying and request URI paths.
- Cleaned up all references to Domain Unicast Address (DUA) across
child management, notifier, time ticker, and MLE.
- Removed DUA commands and logic from the CLI and Python cert tests
(including packet verifier).
- Verified that the entire codebase compiles clean and all tests
successfully pass using the Nexus test suite.
This commit updates the SRP registration and verification logic to pass
the 1_3_SRP_TC_1 test case in the Nexus simulator:
1. In test_1_3_SRP_TC_1.cpp, temporarily disable/enable the eth1 DNS-SD
agent during SRV, AAAA, and browser resolver queries to force a
clear of the local cache. This ensures the queries are sent over the
wire to the Border Router (DUT) instead of being answered from the
resolver's cache.
2. In verify_1_3_SRP_TC_1.py, add checks for mDNS query and response
packets for Steps 9b, 9c, 15b, and 15c. Relax the Step 15c check to
not require the ML-EID in the mDNS response, as advertising
Mesh-Local addresses on the infrastructure link is optional and not
done by the OpenThread SRP advertising proxy.
This commit wraps the contents of `tcp6.hpp` and `tcp6_ext.hpp` with
`#if OPENTHREAD_CONFIG_TCP_ENABLE` feature guards to ensure that TCP
definitions and types are cleanly excluded when TCP support is disabled
in the build configuration. Additionally, it explicitly disables the
`OPENTHREAD_CONFIG_TCP_ENABLE` feature flag in the Toranj test
configuration to validate building without TCP support.
This commit removes the deprecated `test_trel_connectivity.py`
integration test. The TREL connectivity test functionality is
already fully covered by the Nexus simulation test suite, which
provides faster and more reliable testing.
This commit migrates the legacy Thread certification test
'test_publish_meshcop_service.py' to the C++ simulation test suite
in the Nexus platform.
To avoid redundancy and keep the test suite clean, the coverage
is consolidated directly within 'tests/nexus/test_border_agent.cpp'
instead of introducing a new redundant test file.
Consolidated coverage and changes:
- Extended the state bitmap parser and 'ValidateMeshCoPTxtData' in
'test_border_agent.cpp' to verify Backbone Router (BBR) active
and primary flags (kFlagBbrIsActive, kFlagBbrIsPrimary) when
OPENTHREAD_CONFIG_BACKBONE_ROUTER_ENABLE is enabled.
- Added a new test block in 'TestBorderAgentServiceRegistration' to
enable Backbone Router on node0, verify that BBR active and primary
flags are dynamically advertised in the MeshCoP TXT record over
mDNS, and verify that disabling BBR correctly updates the TXT
record state bitmap.
- Fully deleted the legacy Python certification script
'test_publish_meshcop_service.py' from 'thread-cert'.
This commit updates the codebase to use the `Icmp4Header` type directly,
replacing the nested `Ip4::Icmp::Header` type. The empty `Ip4::Icmp`
wrapper class is removed to simplify the header definition. This change
aligns the ICMPv4 header structure with the flat naming conventions used
for other IP headers (e.g., `Ip6::Icmp6Header`, `Ip6::UpdHeader`).
This commit completely removes the local Domain Unicast Address (DUA)
registration feature flag (OPENTHREAD_CONFIG_DUA_ENABLE) and all of
its associated implementation, public APIs, CLI commands, Spinel
property handlers, and certification tests.
Thread 1.2 FTD Border Router/Router DUA proxying features for MTD
children (OPENTHREAD_CONFIG_TMF_PROXY_DUA_ENABLE) are preserved and
updated to only compile/instantiate components when proxy DUA
features are active.
Detailed Changes:
- Remove default definition of OPENTHREAD_CONFIG_DUA_ENABLE from
misc.h.
- Remove OT_DUA and openthread_config_dua_enable from CMake/GN
configs.
- Remove otThreadSetFixedDuaInterfaceIdentifier and
otThreadGetFixedDuaInterfaceIdentifier from
include/openthread/thread.h
and implementation src/core/api/thread_api.cpp.
- Remove CLI DUA interpreter from src/cli/cli.cpp.
- Remove SPINEL_CAP_DUA capability and SPINEL_PROP_THREAD_DUA_ID
Spinel property handlers and dispatchers from NCP.
- Strip local DUA management features (conflict checking, SLAAC DUA
interface identifiers, and dad info settings) from DuaManager, MLE,
Address Resolver, and settings.
- Clean up Notifier, TimeTicker, and TMF dispatcher guards.
- Clean up -DOT_DUA=ON compilation flags across build/test scripts.
- Delete obsolete DUA certification tests:
- v1_2_test_domain_unicast_address
- v1_2_test_domain_unicast_address_registration
- v1_2_test_dua_handle_address_error
`PtrRecord::ReadPtrName()` reads a PTR target's first label with
`Name::ReadLabel()`, which performs no emptiness check. A response whose
first label is a single NUL byte (wire `01 00`) is stored as an empty
C-string and cached by the browse cache as a service instance. When the
cache later builds a known-answer question, it calls
`Name::AppendLabel("")`, which returns `kErrorInvalidArgs`; the
surrounding `SuccessOrAssert()` turns that into an abort. A single
unauthenticated link-local mDNS response thus crashes any node with an
active browser.
Reject an empty first label in `ReadPtrName()` so the record is dropped
on receive and never cached. This matches the `Name::ValidateLabel`
checks already applied on the registration and resolver paths, and makes
the "ReadPtrName() validates that PTR record is well-formed" comment at
the call site accurate.
Add a regression test that delivers a PTR response with a single
NUL-byte instance label and verifies no result is reported and the
browser keeps querying without the malformed entry.
This commit adds the missing Doxygen groups for TCP (`core-tcp`),
TCP Extensions (`core-tcp-ext`), and UDP (`core-udp`). These groups
are used in the code but were not previously defined.
This commit updates the codebase to use `TcpHeader` and `UdpHeader` types
directly, instead of the nested `Tcp::Header` and `Udp::Header` types.
The `TcpHeader` and `UdpHeader` classes are already defined in
`ip6_headers.hpp`. This change reduces dependencies on the `Tcp` and
`Udp` class definitions, which is particularly useful when TCP
is disabled in the build configuration, avoiding the need to include
their respective class headers just for the header definitions.
This commit fixes instances of "the the" typos found in various
files across the codebase, including documentation, headers, source
files, and test scripts.
This commit updates the `markdown-lint-check` job to explicitly set
the `PUPPETEER_EXECUTABLE_PATH` environment variable to use the
system-installed Google Chrome (`/usr/bin/google-chrome`) for the
`linkspector` action. This resolves issues where the action fails
to find a browser environment to execute properly.
This commit implements additional vendor application or ecosystem
policy settings for TCAT including:
1) Automatic deactivation of the TCAT agent / TCAT advertisement after
the thread network has been started over TCAT
2) Automatic activation of the TCAT agent / TCAT advertisement after
the thread network has been stopped over TCAT
3) Automatic activation of the TCAT agent / TCAT advertisement after
decommissioning over TCAT
4) Blocking support of certain TCAT TLVs by the application /
ecosystem
The commit also fixes an issue with certificate storage after
decommissioning.
This commit renames several methods in `Ip6::Address`,
`Ip6::InterfaceIdentifier`, `Ip6::Prefix`, and `Ip4::Address` that
fully initialize the object from `Set...()` to `Init...()`.
This creates a clear semantic distinction in the API:
- `Init...()`: Fully (re-)initializing the object.
- `Set...()`: Modifies a specific property or a sub-component of
the object (e.g., `SetPrefix()`, `SetLocator()`,
`SetSubnetId()`).
Some examples of renames include:
- `SetFromExtAddress()` -> `InitFromExtAddress()`
- `SetToLocator()` -> `InitAsLocator()`
- `SetToLinkLocalAddress()` -> `InitAsLinkLocalAddress()`
- `SetToRoutingLocator()` -> `InitAsRoutingLocator()`
- `SetToAnycastLocator()` -> `InitAsAnycastLocator()`
- `SetToIp4Mapped()` -> `InitAsIp4Mapped()`
All calls to these methods across the codebase have been updated
to reflect the new names.
This commit sets the SO_RCVBUF socket option to 2MB on the
multicast receiving sockets in the simulation platform.
Under heavy simulation load (such as expect tests with 15 nodes
all sending MLE advertisements and discovery packets), the default
OS UDP receive socket buffer can overflow, leading to silent
packet drops. This occasionally caused expect tests like
cli-big-table.exp to fail with "Join failed [NotFound]" because
Node 4's discovery requests or response beacons were dropped.
Increasing the receive buffer size to 2MB prevents packet loss
during dense simulation runs, resolving intermittent CI test
failures.
This commit fixes a frequent unit test flake in ot-test-trickle_timer
under the TestTrickleTimerMinMaxIntervalChange test case.
The test case starts the trickle timer with Imin = 2000 and
Imax = 2000. The random time t (mTimeInInterval) is chosen in
[1000, 2000), so t can range up to 1999.
When t randomly evaluates to 1999, t + 1 becomes 2000. Calling
timer.SetIntervalMax(2000) triggers an early-exit optimization
in TrickleTimer::SetIntervalMax because mIntervalMax is already 2000,
leaving the scheduled timer's fire time unchanged. The test then
crashes on the assertion expecting the fire time to have changed.
This is resolved by setting the new interval max to
Min(t + 1, interval - 1). This ensures that the requested value is
strictly less than 2000 even when t = 1999, successfully triggering
the interval shortening and rescheduling logic tested by this case.
This commit adds a brief 0.1-second sleep delay immediately after
spawning node processes (rcp, cli, and mtd types) in the expect test
harness.
Under high CPU load on GitHub Actions runner VMs, the PTY file
descriptors can take a fraction of a second to fully initialize. If
commands are sent immediately after spawn without delay, the initial
expect match can fail with an instant timeout. This triggers duplicate
retransmissions in wait_for, leaving extra "Done" strings in expect's
PTY read buffer. The leftover "Done" strings desynchronize subsequent
assertions, causing tests to match cached output instead of waiting
for actual command execution (e.g., sending "diag stats" during an
active "diag send" command, which fails).
Adding a 100ms delay gives the PTY and child process enough time to
fully initialize and stabilize, avoiding instant timeouts and
subsequent test harness desynchronization.
This commit adds GCC 15 (version 15.2.rel1) to the `arm-gcc` job
matrix in the OpenThread build (`build.yml`) workflow.
Including GCC 15 in the builds helps ensure that OpenThread compiles
successfully and is free from warnings or errors with the latest GCC
15.2.rel1 release.
Increase wait delay after starting the OTBR service in the
test_publish_meshcop_service.py script.
Starting otbr-agent requires the node to re-attach to the simulated
Thread network and transition to the leader role. In virtualized CI
environments, this role transition can take up to 14.5 seconds. Using
a hardcoded 10-second delay results in a race condition where the
service is published very late, causing the subsequent browse query to
miss the service and fail with AssertionError.
Substituting the delay with BORDER_ROUTER_STARTUP_DELAY (20s) ensures
the node has sufficient time to attach, become leader, start the border
agent, and fully register the mDNS service before browsing.
This commit simplifies MLR state tracking for child devices. Previously,
`Child::Ip6AddrEntry` inherited from `Ip6::Address` to encapsulate the
MLR registration check using the `Child` reference. This introduced
tight coupling between `Child` and `Ip6AddrEntry`.
The logic is refactored by removing `Ip6AddrEntry`. Instead, `Child`
now directly manages a `Child::Ip6AddressArray` and encapsulates the
MLR state querying/updating through new methods:
- `SetAddressMlrRegistrationState()`
- `GetAllMlrRegisteredAddresses()`
- `ClearAllAddressesMlrRegistrationState()`
In `Mlr::Manager`, the redundant `ChildAddressArray` typedef and
`kMaxChildAddresses` constant are removed, reusing the
`Child::Ip6AddressArray`. The method `UpdateProxiedSubscriptions()`
is renamed to the more intuitive `UpdateChildRegistrations()`, and
overloaded to allow calling it without an old address list during
initial child registration.
The test `test_1_3_DBR_TC_7A` was failing occasionally due to
uninitialized stack memory in `NetworkData::OnMeshPrefixConfig config`.
Because `OnMeshPrefixConfig` inherits from `otBorderRouterConfig`
and does not automatically initialize its fields in its default
constructor, declaring `NetworkData::OnMeshPrefixConfig config;`
on the stack left its members (including `mDp` and `mNdDns` flags)
with arbitrary stack garbage. If `mDp` (Domain Prefix flag)
evaluated to true, it caused the registered `PRE_1` prefix to be
erroneously processed as a Domain Prefix. Consequently, the border
router did not include `PRE_1` as a Route Information Option (RIO)
in its emitted Router Advertisements, causing packet verification
to fail in Step 4.
This commit fixes the issue by explicitly initializing the
`config` struct using `config.Clear()` right after declaration.
Fixes an intermittent failure in the
`nexus_announce_no_flap_on_unmergeable_partitions` test.
Previously, only LEADER_NEW was isolated (by enabling allowlist
mode with an empty address list) in Step 2. Because LEADER_OLD
still had allowlist mode disabled, it could receive advertisements
from LEADER_NEW. If LEADER_NEW's randomly allocated partition ID
happened to be larger than LEADER_OLD's, LEADER_OLD would see it
as a "better partition" and initiate a transition to child to
attach to LEADER_NEW.
Although this attempt would initially fail in Step 2 (since
LEADER_NEW dropped all RX), it kept retrying. In Step 3, when the
allowlist was opened on both sides, the queued/retried attach
attempt from LEADER_OLD succeeded, making it a child and causing
the Leader assertion to fail.
Isolating both nodes during Step 2 ensures that LEADER_OLD never
hears LEADER_NEW's initial good-link advertisements. When Step 3
begins, it only hears LEADER_NEW through the weak link and
correctly rejects the advertisements, keeping both nodes stable
leaders of separate partitions.
Explicitly cast the result of the bitwise NOT operator ~ to uint8_t in
BitSetUtils::FlipBits to resolve a build error under AppleClang.
In C++, using the bitwise NOT operator on a uint8_t value promotes it to
an int. Assigning the promoted int back to uint8_t triggers an implicit
conversion warning/error (-Wimplicit-int-conversion) under newer
compiler versions, which fails the build when compiled with -Werror.
This commit introduces helper methods to `MeshCoP::Dataset` to determine
if a given Dataset affects network connectivity or the Network Key.
It also adds a corresponding public API `otDatasetAffectsConnectivity()`.
A Dataset is considered to affect connectivity if it contains a
different Channel, PAN ID, Mesh Local Prefix, or Network Key than
the current values in use.
`Mle::AnnounceHandler::HandleAnnounce` previously executed the
`kAnnounceAttachAfterDelay` action on an attached node even when
the announced channel and PAN ID already equaled the current MAC
parameters. The `!channelAndPanIdMatch` guard was only consulted
in the `IsDetached()` branch. For an attached node this scheduled
`StartAnnounceAttach`, which calls `Stop()` then `Start()` with
the same channel/PAN ID -- accomplishing nothing while disrupting
attached children.
This causes an endless role flap in a topology where two FTDs
share channel, PAN ID, and network credentials but hold different
Active Dataset Timestamps, and where their RF link is too weak to
merge partitions (Advertisements rejected with LinkMarginLow at
`mle_router.cpp`). Each side restarts on every Announce received
from the higher-timestamp peer; the reactive `kSendAnnouceBack`
path further amplifies this because the lower-timestamp side's
own outgoing Announces draw Announce responses from the peer.
Apply the channel/PAN ID match guard unconditionally in
`kAnnounceAttachAfterDelay`. Mirror it on the FTD
`kSendAnnouceBack` path (matching the existing `isFromOrphan`
behavior) so peers sharing MAC parameters are not prompted to
migrate to the channel/PAN ID they already use.
Add `addon_test_announce_no_flap_on_unmergeable_partitions.py`
which builds the topology above and asserts that both nodes
retain their original partition IDs across a 20-minute simulated
window. Without this change the lower-timestamp node is
repeatedly demoted from leader during that window.
This commit moves the state and logic for managing the maximum number
of IP addresses per child from `Mle` to `ChildTable`. The logic for
checking the limit is also moved to the `Child` class itself.
This change better encapsulates the child table properties.
This commit updates the DHCPv6 Prefix Delegation (PD) client to
comply with RFC 9915, which obsoletes the Server Unicast option
(Option 12) and the UseMulticast status code.
Changes:
- Removed `mServerAddress` and `ProcessServerUnicastOption()` from
`Dhcp6PdClient`.
- Modified `Dhcp6PdClient::SendMessage` to always transmit via
multicast to `ff02::1:2`.
- Removed `UseMulticast` status code handling in `HandleReply()`.
- Added `otMessageFree` weak stub in simulation platform's
`infra_if.c` to resolve linking errors on simulation radio-only
targets when DHCPv6 PD client is enabled.
- Updated `test_dhcp6_pd_client.cpp` to expect multicast and
removed the obsolete UseMulticast test case.
This commit updates `MacCountersTlv` and `MleCountersTlv` to use the
`SimpleTlvInfo` template. The original classes are replaced with
`MacCountersTlvValue` and `MleCountersTlvValue` which only represent
the TLV values. This helps simplify the TLV parsing and appending
logic and more importantly allows the TLV value formats to be
reused.
This commit extends the `BitSet` class with several new
methods:
- `CountElements()`
- `IsSubsetOf()` and `IsSupersetOf()`
- `Complement()`
- `UnionWith()`, `IntersectWith()`, and `SubtractWith()`
- `SetMask()`, `AppendTo()`, and `ReadFrom()` message.
This commit also introduces a new `BitSetUtils` non-template base class
for the `BitSet<kNumBits>` template class. This change helps optimize
code by moving the common implementation logic for various bit
manipulation operations out of the template, reducing template
instantiation overhead.
This commit refactors the Nexus tests configuration in CMakeLists.txt
by properly classifying and sorting test cases:
- Moved `inform_previous_parent_on_reattach` from the "Cert tests"
section to the "Misc tests" section, and changed its label from
"cert;nexus" to "core;nexus".
- Moved `retransmission_security` from the "Cert tests" section
to the "Misc tests" section where it belongs (retaining its
"core;nexus" label) and sorted it alphabetically.
These changes ensure the CMake file remains clean and the tests are
properly categorized.
This commit removes the thread-cert/backbone tests and cleans
up all related configurations and references.
Specifically, the following changes are made:
- Deleted tests in tests/scripts/thread-cert/backbone/
- Removed the backbone-router job from .github/workflows/otbr.yml
- Removed backbone-router dependency from upload-coverage job
- Removed setup, cleanup, and checks for backbone tests in
tests/scripts/thread-cert/run_cert_suite.py
This commit removes the `avahi` mDNS configurations from the
`thread-border-router` job matrix in the OpenThread Border Router
(`otbr.yml`) workflow.
With this change, the `thread-border-router` integration tests will
exclusively run using the `mDNSResponder` configuration.
This commit renames the `NetworkDiagnostic` namespace in `src/core/thread/`
and its related types to `NetDiag` for brevity. It updates the
corresponding filenames and header guards as well.
When a sleepy end device (where `Mle::IsRxOnWhenIdle()` returns
false) sends an MLR request, it initiates fast data polls via
`DataPollSender::SendFastPolls()` to quickly receive the response.
This commit updates `Manager::HandleResponse()` to call
`DataPollSender::StopFastPolls()` when the MLR response is processed
by a sleepy end device. This ensures that the device does not
unnecessarily continue fast polling.
Retransmissions of frames containing time-dependent header Information
Elements (IEs), such as CSL or Time Sync, require updates to these
IEs to reflect the exact time of sending. If the frame counter is not
incremented for these retransmissions, it leads to nonce reuse in
AES-CCM encryption, which is a security vulnerability.
This commit addresses this issue by ensuring that every transmission
attempt (initial or retry) uses a fresh frame counter:
- Deferred security processing from `SubMac::Send()` to
`SubMac::BeginTransmit()`.
- Upon retransmission in `SubMac::HandleTransmitDone()`, the frame is
restored to plaintext via `TxFrame::DecryptTransmitAesCcm()` and
security flags are cleared.
- This allows time-dependent IEs to be updated and a new frame counter
to be assigned for every attempt.
Added a Nexus test case `retransmission_security` to verify that both
CSL and standard MAC retransmissions use incrementing frame counters
and updated CSL phases.
This commit introduces a structured state machine to `Mlr::Manager` to
coordinate Multicast Listener Registration (MLR) activities more
efficiently. The previous implementation relied on independent delay
variables and the global `TimeTicker`, which could lead to redundant
or premature registrations, especially when a Primary Backbone Router
(PBBR) was newly discovered or updated.
The new state machine (`kStateStopped`, `kStateIdle`,
`kStateToRegisterAll`, `kStateRegistering`, `kStateRegistered`,
`kStateNewAddrToRegister`) provides explicit transitions for the
entire MLR lifecycle. This ensures that registrations are properly
aggregated and that periodic renewals are correctly rescheduled after
successful out-of-band registrations.
Additionally, the manager now uses a dedicated `TimerMilli` instead of
`TimeTicker`, reducing system-wide overhead and providing more
precise timing control.
Per RFC 9664, the UL option is always included in a success response (RCODE=0).
Comment in test_srp_server is updated also to avoid suggesting the opposite.
This commit introduces a new set of template-based APIs for
non-cryptographic random number generation in the `Random::NonCrypto`
namespace. These new methods provide a cleaner, type-safe, and more
robust interface compared to the previous methods.
Key additions:
- `Generate<UintType>()`: Returns a random value of the given
unsigned integer type (`uint8_t`, `uint16_t`, or `uint32_t`).
- `GenerateUpToExcluding<UintType>(aMax)`: Returns a random value in
the range `[0, aMax)`.
- `GenerateFromMinUpToExcluding<UintType>(aMin, aMax)`: Returns a
random value in the range `[aMin, aMax)`.
- `GenerateInClosedRange<UintType>(aMin, aMax)`: Returns a random
value in the closed range `[aMin, aMax]`.
The introduction of `GenerateInClosedRange` is an improvement as it
safely handles ranges up to the maximum value of the integer type
(e.g., `0xffff`) without the risk of overflow.
All call sites across the OpenThread core stack and tests have been
updated to adopt these new APIs. The public `otRandomNonCrypto`
functions are also updated to leverage the new internal methods.
Doxygen documentation is added for all new template methods,
detailing their behavior, including edge cases where the upper bound
is smaller than or equal to the lower bound.
This commit refactors various unit tests to use `constexpr` for
defining constants instead of anonymous `enum` types.
Using `constexpr` is the modern and preferred approach in C++, as it
provides explicit types for constants and improves code clarity and
type safety.
This commit fixes minor coding style issues in
`RoutingManager::RoutePublisher::StateToString()`. It adds a missing
semicolon after the `DefineEnumStringArray()` macro and corrects the
indentation of the return statement.
This commit makes `Tlv::AppendTlvHeader()` public and updates call
sites to use it. This method automatically handles the formatting
of the TLV header as either a standard TLV header or an extended one
based on the provided length.
This commit removes all code, configurations, APIs, and tests related
to the OPENTHREAD_CONFIG_BACKBONE_ROUTER_DUA_NDPROXYING_ENABLE feature.
Specifically, the following changes were made:
- Removed DUA ND Proxying Backbone Router configuration option and the
related OPENTHREAD_CONFIG_NDPROXY_TABLE_ENTRY_NUM definition.
- Removed CLI commands: `bbr mgmt dua` and the proactive backbone
notification fake command `/b/ba`.
- Removed NdProxyTable and bbr_manager DUA ND Proxying implementation.
- Removed public/internal APIs for ND Proxying and proactive backbone
notifications.
- Deleted ndproxy_table source files and unit tests.
- Simplified CMake and GN build files to remove deleted targets.
This commit improves the `tests/nexus/build.sh` script by adding a
`display_usage()` function and implementing stricter command-line
argument validation.
This commit removes the obsolete Backbone Router (BBR) certification
tests:
- tests/scripts/thread-cert/backbone/bbr_5_11_01.py
- tests/scripts/thread-cert/backbone/
test_mlr_multicast_routing_across_thread_pans.py
These tests are removed because DUA (Domain Unicast Address) routing
features (specifically DUA ND Proxying) have been deprecated and
removed from the codebase. Since these features are no longer
supported, the corresponding certification and validation tests are
no longer valid or runnable.
Remove obsolete backbone test cases for Domain Unicast Address
(DUA) Duplicate Address Detection (DAD), DUA routing, DUA routing
for Minimal End Devices (MED), and Neighbor Discovery (ND) Proxy.
These features and their corresponding tests are no longer needed.
This commit removes all DUA (Domain Unicast Address) validation
and verification steps from test_firewall.py. Since DUA routing
features are being phased out or removed, this keeps the firewall
test in sync and prevents potential failures during test runs.
Specifically:
- Removed DUA ping validation from host to router.
- Removed DUA collection call (collect_duas).
- Removed the packet verifier checks checking for DUA ping traffic.
When cloning the ot-br-posix repository to run the Docker-in-Docker
integration tests, the clone was shallow and did not recursively
check out nested submodules (such as cJSON and cpp-httplib). This led
to build failures inside the Docker build container since libcjson
is not pre-installed on the base build image.
This commit resolves the issue by:
1. Appending the `--recurse-submodules` flag to the git-tool clone
calls in `otbr-posix-dind.yml` and `script/test`.
2. Updating `script/git-tool`'s destination directory parsing to
robustly handle multi-line output from recursive submodule
checkouts. The new pattern extracts the path exclusively from
the first line using `sed` to prevent SIGPIPE or parsing errors.
This commit introduces a new GitHub Actions workflow to automate the
monthly release process using Calendar Versioning (CalVer).
The workflow:
- Runs automatically at 00:00 UTC on the 1st day of every month.
- Supports manual execution via `workflow_dispatch`.
- Automatically generates a CalVer tag (e.g., vYYYY.MM.0).
- Employs the GitHub CLI to create a release and auto-generate
release notes based on merged pull requests.
This commit fixes a potential `uint16_t` overflow in
`Config::SelectRandomReregistrationDelay()` which could occur if
`mReregistrationDelay` was set to the maximum `uint16_t` value.
The `Random::NonCrypto::GetUint16InRange(lower, upper)` function
includes the lower bound but excludes the upper bound. Previously,
the code called `GetUint16InRange(1, mReregistrationDelay + 1)`,
which would overflow the upper bound if `mReregistrationDelay` was
`0xffff`. The logic is updated to `1 + GetUint16InRange(0,
mReregistrationDelay)`, which safely produces a random value in the
range `[1, mReregistrationDelay]` without overflow.
This commit introduces a new helper method that allows appending a
TLV by copying its value directly from a specified `OffsetRange` of
another `Message`.
This helper automatically handles formatting the TLV as an Extended
TLV if the length exceeds 254 bytes, eliminating the need for manual
length checks and TLV header construction at the call sites.
Key changes:
- Added `Tlv::AppendTlvWithValueFromMessage()`.
- Refactored TLV header construction into a private helper
`Tlv::AppendTlvHeader()` to share logic between `AppendTlv` variants
and `StartTlv()`.
- Updated `Commissioner::SendRelayTransmit()` and
`JoinerRouter::HandleUdpReceive()` to use the new helper for
`JoinerDtlsEncapsulation` TLVs.
- Updated `TcatAgent::HandlePing()` to use the new helper, significantly
simplifying the payload response generation.
When logging while `Instance` has not been initialized yet, use 0 as
return value of `GetUptime` and use `OPENTHREAD_CONFIG_LOG_LEVEL_INIT`
as default log level instead of accessing raw memory.
This commit updates `BackboneRouter::Local` to receive role change
events directly from the `Notifier`. Previously, `Bbr::Local` was
indirectly relying on `BackboneRouter::Leader` to emit events even
when the PBBR configuration had not changed (e.g., during role
transitions).
The previous design was fragile and created an unnecessary dependency.
`Bbr::Local` now independently tracks role changes to ensure it
correctly evaluates its own status (e.g., deciding whether to
register as the Primary BBR).
This commit introduces `PrimaryEvent` to represent changes in the
Primary Backbone Router (PBBR) configuration, replacing the previous
`State` enum. Calling it `State` was misleading as the values
describe transitions or updates to the PBBR rather than a persistent
state.
The new `PrimaryEvent` enum provides a more descriptive way to notify
dependent modules (`Mlr::Manager`, `DuaManager`, and `Bbr::Local`)
about specific changes in the PBBR, such as when it is added,
removed, or when its configuration parameters (e.g., RLOC16, Sequence
Number, or MLR Timeout) are updated.
This commit simplifies and enhances the TLV parsing logic in
`TcatAgent` so to use the `Tlv::Info` helper class. This safely and
automatically handles both standard and extended TLVs, removing the
need for manual type checking and length/offset calculations.
Key changes:
- Updated `TcatAgent::HandleSingleTlv()` to use `Tlv::Info::ParseFrom()`.
- Replaced individual `aOffset` and `aLength` parameters with
`const OffsetRange &` across various TLV handler methods (e.g.,
`HandlePing`, `HandleSetActiveOperationalDataset`, `VerifyHash`).
This improves code readability, safety, and consistency with common
OpenThread TLV parsing patterns.
This commit simplifies the logic in `BleSecure::HandleTlsReceive`
by reducing the nesting level through the use of early `ExitNow()`
calls and replacing a complex `if-else` block with a `switch`
statement for handling `errorTcatAgent`.
Key improvements:
- Removed a large `else` block by adding `ExitNow()` after the
initial transparent mode check.
- Used a `switch` statement to handle `errorTcatAgent` returned
by `MeshCoP::TcatAgent::HandleSingleTlv()`, clearly separating
`kErrorNone`, `kErrorAbort` (disconnect), and default fatal
error handling.
- Improved code formatting and comment readability.
This commit refactors `BleSecure::HandleTransport()` to use the
`OffsetRange` and `Message::ReadAndAdvance()` helper methods. This
replaces manual length and offset tracking, resulting in cleaner
and safer message parsing logic.
Additionally:
- Simplified the payload length calculation by using nested `Min()`
calls instead of multiple `if/else` blocks.
- Added a `RadioPacket` typedef in `BleSecure` to alias the public
`otBleRadioPacket` structure, aligning with OpenThread's core
namespace conventions.
This commit introduces a new CMake option `OT_NEXUS_BUILD_TESTS`
(defaulting to `ON`) to control whether the individual Nexus test
executables are built.
When developing or debugging the OpenThread core stack within the
Nexus framework, building the large number of certification tests can
be time-consuming. This option allows developers to skip building the
tests and only compile the `ot-nexus-platform` library and OT core.
The check is implemented inside the `ot_nexus_test` macro to ensure
all test definitions automatically respect the flag without requiring
large conditional blocks in the `CMakeLists.txt` file.
Additionally, a `no_tests` argument is added to `tests/nexus/build.sh`
to easily invoke this configuration from the command line.
This commit refactors and improves the Backbone Router callback and
`Config` introducing new methods and encapsulating configuration-related
logic.
Key changes:
- Added `Leader::GetConfig()` to provide direct access to the internal
cached `Config` object.
- Renamed `Leader::GetConfig(Config &)` to `Leader::ReadConfig(Config &)`
to better reflect its purpose.
- Added `Config::SelectRandomReregistrationDelay()` to encapsulate the
logic for selecting a random re-registration delay.
- Simplified variosu `HandleBackboneRouterPrimaryUpdate()` callbacks
to remove the parameter `aConfig`, allowing these modules to use
`Leader::GetConfig()` instead.
This adds details to the Posix platform UDP bind error message, showing address and
port just like for the otPlatUdpConnect case. Also the severity is changed from Crit
to Warn, since it's not a critical failure given that otPlatUdpBind() is used in a
loop to find an available ephemeral port - i.e. probe the ports in range until one
succeeds.
It also fixes an issue where `errno` might be modified by the logging code itself.
Ideally the platform code would discern 'port in use' vs 'unrecoverable failure to
bind the port', but the currently defined OT APIs don't allow for any other errors
apart from ok/failed. If the specific port number is really needed, the caller
is responsible to log a critical failure.
If the PD client sendto() fails, e.g. because of an unroutable IPv6
destination, currently the message remains in the queue. Then the
subsequent retries cause a 100% CPU use (without end). This fixes the
issue by dropping the message in case of an unresolvable sendto()
failure.
This commit refactors and improves the `Sntp::Client` class by
adopting common OpenThread patterns and simplifying the logic.
Key changes:
- Introduced `Sntp::Client::QueryInfo` core class to wrap the
public `otSntpQuery` structure.
- Added `Timestamp` class to handle SNTP timestamps, simplifying
the `Header` structure.
- Renamed methods and variables to be more concise and consistent
(e.g., `FinalizeSntpTransaction` to `Finalize`,
`mRetransmissionTimer` to `mTimer`).
- Simplified the `HandleUdpReceive` logic by splitting response
processing into `ProcessResponse`.
This change improves code readability and maintainability of the
SNTP client module.
This commit adds support for interacting with nodes via the CLI in the
Nexus simulation framework. This enables writing higher-level
integration tests that verify stack behavior and state through
standard CLI commands.
Key changes:
- Integrated `Cli::Interpreter` into the `Nexus::Node` class.
- Added `Node::InputCli()` to allow sending commands to a node with
`printf`-style formatting.
- Implemented output capturing logic in `Node::HandleCliOutput()` to
buffer and parse CLI responses into individual lines, stored in a
`CliOutputArray`.
- Added helper methods to `CliOutputLine` for matching and validating
the captured output.
- Added a new `cli_basic` Nexus test to demonstrate and validate the
CLI interaction functionality.
This commit introduces a new core class `BackboneRouter::Config` that
inherits from the public `otBackboneRouterConfig` struct. This aligns
with the OpenThread architectural pattern of using core-internal
classes to wrap public API structures, providing a cleaner interface
and encapsulating logic.
Importantly, this commit ensures that the `MlrTimeout` is adjusted
and clamped to valid ranges before comparing the new configuration
with the existing one. This ensures that the state transition
(e.g., `kStateRefreshed`) correctly reflects the actual values
that will be used.
Other improvements:
- Added helper methods `IsPresent()`, `MarkAsAbsent()`, and getters
for configuration fields.
- Moved `MlrTimeout` adjustment logic into `Config::AdjustMlrTimeout()`.
- Added `Config::Log()` to log configuration details, and updated
`Leader` to log both old and new configurations when a Primary
Backbone Router event occurs.
Update `otbr-posix-dind.yml` workflow to run the DinD integration test
using a matrix strategy that covers both the default mDNS implementation
and `mDNSResponder`.
This mirrors the testing matrix used in `ot-br-posix` repository's
`docker-test.yml` workflow.
In Host + RCP mode, running `diag start` from the host CLI may trigger
RadioSpinel warnings: InvalidState, “Error processing result” / “Error
waiting response”.
**Root cause**
Diags::ProcessStart sent channel / power commands before enabling diag
mode. On Spinel, these are forwarded to the RCP (via
`SPINEL_PROP_NEST_STREAM_MFG`), but the RCP only accepts other diag
commands after start.
```
if (!IsEnabled() && !StringMatch(aArgs[0], "start"))
{
Output("diagnostics mode is disabled\r\n");
ExitNow(error = kErrorInvalidState);
}
```
As a result, early channel / power commands are rejected with
InvalidState.
This commit removes the `kDomainPrefixUnchanged` event from the
`DomainPrefixEvent` enum and refactors the related logic in
`BackboneRouter::Leader`. This value was redundant, as the manager
should only report events when an actual change (addition, removal,
or refresh) occurs in the Domain Prefix configuration.
This commit introduces `Message::ReadAndAdvance()` and its template
flavor to the `Message` class. This helper method reads data from a
`Message` at a given `OffsetRange` and advances the `OffsetRange` by
the number of bytes read upon success.
Sequential parsing of structured data (such as TLVs or protocol
headers) is a common pattern across the OpenThread codebase.
Previously, this required two separate calls: one to `Read()` and
another to `AdvanceOffset()`. The new `ReadAndAdvance()` method
consolidates these into a single, safer operation that ensures the
offset is only advanced if the read operation succeeds.
This commit updates numerous call sites across the core stack
(MLE, BBR, DatasetManager, NetworkDiagnostic, DHCPv6, etc.) to use
the new helper, improving code clarity and reducing boilerplate.
This commit removes the legacy `Tlv::FindTlv()` method variations
that read a TLV into a local buffer. These methods are no longer
used across the codebase, having been replaced by safer and more
efficient alternatives such as `Tlv::Find<TlvType>()`,
`Tlv::FindTlvValueOffsetRange()`, or `Tlv::Info::FindIn()`.
The removed methods were prone to misuse, as they did not always
handle Extended TLVs correctly if the caller provided a fixed-size
buffer. Removing these variations forces new code to use the modern
helper functions, which provide better validation and correctly
handle the decoupling of the TLV header from its value.
This commit introduces a new model for handling `RouteTlv` by
adding the `RouteTlv::Data` and `RouteTlv::Data::Entry` classes.
Previously, `RouteTlv` directly represented the packed on-wire
format, which made it difficult to work with, especially when
supporting different configurations such as
`OPENTHREAD_CONFIG_MLE_LONG_ROUTES_ENABLE`.
The new `RouteTlv::Data` class decouples the on-wire serialization
from the in-memory representation, providing a cleaner API for
parsing the TLV from a `Message` and accessing its entries and
their properties (Router ID, Route Cost, and Link Qualities).
This change improves code clarity and maintainability by providing
a structured way to handle route information.
This commit introduces a GitHub Actions workflow (OTBR DinD) to
verify that changes in the OpenThread repository do not break the
integration tests in ot-br-posix.
The workflow runs on every pull request and merge to main. It performs
the following steps:
1. Clones openthread/ot-br-posix using script/git-tool, which
automatically applies any dependent PRs specified in the PR body.
2. Replaces the openthread submodule in ot-br-posix with the local
OpenThread checkout containing the changes under test.
3. Builds the Docker-in-Docker (DinD) test runner image from
etc/docker/test/Dockerfile.dind_runner in ot-br-posix.
4. Runs test_dind_dns_sd.sh inside the DinD container to ensure that
DNS-SD advertising proxy and TREL integration tests pass
successfully.
Ideally, the mesh-local address (ML-EID) is only used when
communicating with devices in the Thread mesh. The mesh-local
address must not be used when communicating with other devices on
the infrastructure link or outside the Thread mesh.
This commit addresses this by implementing address labeling:
1. Modifying `UpdateUnicastLinux` in `src/posix/platform/netif.cpp`
to stop marking mesh-local addresses as deprecated. They are now
added as preferred addresses.
2. Implementing `AddAddressLabel` and `DeleteAddressLabel` to manage
address labels via netlink (RTM_NEWADDRLABEL/RTM_DELADDRLABEL).
3. Calling `AddAddressLabel` when a mesh-local address is added to
assign a specific label (99) to the Mesh-Local Prefix.
This ensures that the kernel prefers the ML-EID for destinations
sharing the same label (i.e., within the Thread mesh), while
avoiding its use for external traffic where other addresses with
standard labels would be a better match.
Issue: 8443
It seems that frames which are received through TREL do not have a
priority field. This creates quite some log noise when having notice log
level enabled. Lower this log entry to debug level.
This commit combines simulation-1.1.yml and simulation-1.4.yml into
a single simulation.yml workflow.
The combined workflow includes:
- ot-commissioner (from 1.1)
- simulation-local-host (from 1.1)
- channel-manager-csl (from 1.4)
- expects (renamed from 1.4's expects)
The expects job from 1.1 is removed as requested. The jobs now rely
on the project's default THREAD_VERSION instead of explicitly
setting it in the environment. Artifact naming is updated to ensure
unique coverage files are generated and correctly merged by the
unified upload-coverage job.
This commit removes the thread-cert job from the POSIX GitHub Actions
workflow. These tests have been migrated to the Nexus test framework.
The removal of the thread-cert job simplifies the POSIX workflow and
relies on the Nexus-based tests for validating Thread stack behavior.
This commit adds a new Nexus test (`test_mlr_redundant.cpp`) to verify
that the MLR manager correctly handles registrations when multiple
entities (e.g., a parent router and its children) subscribe to the
same multicast address, without sending redundant requests.
The test sets up a topology with a Primary Backbone Router, an FTD
Router, and three SEDs. The Router and SEDs all subscribe to the same
multicast address. The Router then subscribes to 14 additional unique
multicast addresses to exceed the single CoAP message payload limit
(`kMaxIp6Addresses`).
A CoAP interceptor is registered on the Backbone Router to parse
incoming `MLR.req` messages and count the number of times the shared
multicast address is included in the payload. The test verifies that
the shared address is requested exactly once, ensuring that fragmented
state tracking does not lead to duplicate registrations.
In CliUartOutput, if otPlatUartFlush() fails when trying to send
buffered output to make room for new output, it logs a warning using
otLogWarnPlat. However, this warning is added to the same full
buffer, which does not help and can cause further issues.
This commit removes the offending log line as suggested in issue #7478.
This commit simplifies the tracking of Multicast Listener Registration
(MLR) state for IPv6 addresses by removing intermediate states and
relying on the original CoAP request payload.
Previously, `Mlr::Manager` used a 3-state system (`kStateToRegister`,
`kStateRegistering`, `kStateRegistered`) which required core structures
like `Child` and `Netif` to track transient registration states.
This commit reduces the state to a single boolean (`IsMlrRegistered`)
tracked in `ChildTable` and `ThreadNetif`. When a CoAP response is
received, `Mlr::Manager` now uses `GetDispatchingRequest()` to
retrieve the original TMR MLE request message, parses the
`Ip6AddressesTlv` to determine exactly which addresses were included
in the request, and updates the registration states based purely on
this info (minus any explicitly failed addresses).
This change improves robustness, reduces RAM usage by eliminating
state-tracking arrays, and significantly cleans up the logical flow
within the MLR manager.
There exists a NULL-byte OOB in the spinel logging. The initial stack
buffer is initialized with an extra byte for the NULL-byte. However,
the full size is passed into `spinel_datatype_unpack_in_place()` which
interprets it as the valid writable size (`require_action(NULL !=
block_len_ptr && *block_len_ptr >= block_len, bail, (ret = -1, errno =
EINVAL));`).
When `block_len` is the length of the buffer, the NULL-byte write
after the function call will be OOB.
This commit moves the `AddressArray` class out of the `Mlr::Manager`
and into a dedicated `mlr_types.hpp` file as `Mlr::AddressArray`. This
decouples the type from the manager, making it available for broader
use across the module.
Additionally, the logic for parsing the `Ip6AddressesTlv` is extracted
from `Mlr::Manager::ParseResponse()` into a new `FindIn()` method on
the TLV class itself. This centralizes the TLV parsing logic within
the TLV class, which is more idiomatic. The `FindIn()` method also
provides a safety guarantee by clearing the output `AddressArray` if
parsing fails.
The build system configurations (`BUILD.gn` and `CMakeLists.txt`) are
updated to include the newly added `mlr_types.cpp` file. Doxygen
documentation is also provided for the new types and methods.
This commit updates `CoapBase::PendingRequests` to track the request
currently being processed during callback invocation via the new
`mDispatchingRequest` pointer.
It also introduces `GetDispatchingRequest()` which returns a copy of
the original request `Message`. This enables response handler
callbacks to inspect the original request (for example to read
specific TLVs). The method is restricted to confirmable requests and
must only be called from within the context of a response handler.
The method `InvokeResponseHandler` is renamed to `DispatchResponse`
to align with the new nomenclature.
This commit enhances the radio URL parsing logic to detect and fail
when unused parameters are provided in the URL. This prevents typos
or unsupported parameters from being silently ignored.
The following changes were made:
- Updated ot::Url::Url to track parameter usage by appending a
trailing '&' delimiter in Init() and replacing it with '\0'
in GetValue() when a parameter is matched. This marks the
parameter as used and removes any limit on the number of
trackable parameters.
- Added a Validate() method to ot::Url::Url to verify that all
parameters in the query string were accessed.
- Refactored ot::Posix::Radio to share a single RadioUrl instance
with SpinelManager, ensuring all components track usage on the
same URL object.
- Integrated Validate() calls in otSysInit() and platformTrelInit()
to perform validation after all platform components have been
initialized.
- Updated Radio::ProcessMaxPowerTable to use a local copy of the
parameter string to avoid premature modification of the URL buffer.
- Adjusted RadioUrl and unit tests to provide sufficient buffer
space for the additional tracking delimiter.
- Added new unit tests in tests/unit/test_url.cpp to verify the
usage tracking and validation logic.
This commit removes the `CheckInvariants()` method and all its calls
from `Mlr::Manager`.
The `CheckInvariants()` method verified internal state consistency
by checking the `kStateRegistering` status of multicast addresses
against variables like `mPending` and `mSendDelay`. As the MLR module
is being prepared for upcoming structural updates, including changes
to how address states and delays are tracked, these specific invariant
checks are no longer applicable. Removing them clears the way for
the planned redesign of the MLR state machine.
This commit introduces a cap on the number of concurrently scheduled
discovery responses in `Mle::DelayedSender`.
By adding the `CountMatchingSchedules()` method, we can now track how
many discovery responses are currently queued. The newly defined
constant `kMaxScheduledDiscoveryResponse` sets this limit to 16. If
the limit is reached, further `ScheduleDiscoveryResponse()` requests
are ignored.
This change protects the device from resource exhaustion (RAM, CPU,
and network) if it is flooded with discovery requests, preventing
potential Denial of Service (DoS) conditions.
This commit introduces the `Deprecate()` method in the `OnLinkPrefix`
class. This method properly deprecates an on-link prefix by setting
its preferred lifetime to zero and bounding the remaining valid
lifetime to a maximum of two hours from the current time.
Previously, `RxRaTracker` only called `ClearPreferredLifetime()`,
which left the valid lifetime unchanged. By replacing
`ClearPreferredLifetime()` with the new `Deprecate()` method, we
ensure that the valid lifetime of deprecated prefixes is also
bounded.
This change ensures that if a router is deemed unreachable, its
on-link prefixes will live for a maximum of 2 more hours. This
allows the state associated with an unreachable router to age out
more quickly, even if the router had previously advertised the on-link
prefix with long valid lifetime.
This commit simplifies the logic for limiting the number of messages
tracked in `MultiPacketRxMessages`.
It introduces a new cap, `kMaxRxMsgEntries` (set to 64), to restrict
the total number of unique `RxMsgEntry` items being tracked,
preventing unbounded memory growth. Additionally, the existing
message limit per entry is renamed from `kMaxNumMessages` to
`kMaxNumMessagesPerEntry` and moved within the `RxMsgEntry` scope.
The manual `for` loop used to count existing messages in
`RxMsgEntry::Add` is replaced with a clean check using
`CountAllEntries()`.
This commit simplifies the `Mlr::Manager::ParseResponse()` method and
improves its robustness.
Specific improvements include:
- Initializing the local `error` with the CoAP response result and
using `SuccessOrExit()` to cleanly handle transport-layer failures.
- Simplify parsing of of `Ip6AddressesTlv`, ensuring duplicate entries
are added only once in the `aFailedAddresses` array.
- Remove redundant `Ip6AddressesTlv` TLV length checks. Same checks are
now performed as IPv6 addresses are read from the TLV value.
- Updating `AddressArray::AddUnique()` to return an `Error`,
- Consolidating the logging logic directly into `ParseResponse()`,
removing the separate `LogResponse()` helper method.
- Explicitly clearing the `aFailedAddresses` array at the beginning of
the parsing process.
This commit refactors the logic for scheduling Multicast Listener
Registration (MLR) delays by replacing `UpdateReregistrationDelay(bool)`
with a new, more expressive method: `ScheduleNextRegistration()`.
The new method takes a `RegistrationRequest` enum (`kReregister` or
`kRenew`), clearly distinguishing between the two different scheduling
scenarios:
- `kReregister`: Triggered after re-attaching or when a Primary BBR
is added/updated. This schedules a rapid registration attempt
using a random delay between 1 and the configured BBR
reregistration delay.
- `kRenew`: Triggered periodically. This schedules a standard
registration renewal using a delay randomized between half the MLR
timeout and the timeout minus a 9-second guard time
(`kRenewGuardTime`), as mandated by Thread Spec.
This change also introduces constants for `kLongRenewTimeout` and
`kRenewGuardTime` to replace magic numbers, improving overall code
readability and maintainability.
This commit introduces an opaque `otCliInterpreter` type and a set of
new public C CLI APIs (e.g., `otCliInterpreterInit()`,
`otCliInterpreterInputLine()`) to support multiple, dynamically
allocated CLI interpreters per OpenThread instance.
This architecture allows applications to instantiate and manage
multiple concurrent CLI sessions. Backward compatibility is preserved
by retaining the original `otCli*` APIs, which now interact with a
single built-in static interpreter.
The `OPENTHREAD_CONFIG_CLI_STATIC_INTERPRETER_ENABLE` configuration
is also added. It enables support for the static interpreter and is
enabled by default. It can be disabled to save RAM in deployments
that solely use the multi-interpreter APIs.
There exists a stack OOB read in `tryProcessIcmp6RaMessage()`. The bug
originates from the posix packet processing in
`processTransmit()`. When an ICMPv6 RA packet is sent, this triggers
`tryProcessIcmp6RaMessage()`, which calculates: `raLength = length +
(ra - data)`
However, the length passed is the packet size, which can go up to the
`char packet[kMaxIp6Size];` stack buffer size. The correct calculation
is `raLength = length - (ra - data)`.
This small mistake can make `raLength` larger than the total stack
buffer size, causing a read OOB during RA processing in
`otPlatBorderRoutingProcessIcmp6Ra()`.
This commit introduces a recursion depth limit of 4 in
Ip6::HandleDatagram to prevent unbounded stack recursion from deeply
nested IPv6-in-IPv6 tunnel packets (NextHeader = 41).
This mirrors the safety limit fix implemented in the 6LoWPAN layer
decompress path (issue #12669).
A new Nexus test case `ipv6_recursion` has been added to construct
and verify that packets exceeding the depth limit are correctly
dropped with kErrorDrop, while valid nesting depth succeeds.
Key changes:
* Added `mle_router_role_allowed` nexus test, which includes a test of
the correct type of advertisement used by each type of node.
* Updated the `router_downgrade_on_sec_policy_change` nexus test
to also test changes of the Router role allowed/disallowed when
multiple factors are changed
* Updated checks in `verify_1_1_5_3_6.py` to verify that only Router
advertisments are sent during the test, to verify that REED
advertisements are not sent unless the unit is no longer
attempting to upgrade
Every DTLS ClientHello from an unseen port previously allocated a
dynamic CoapDtlsSession on the heap before DTLS cookie verification.
This allowed multiple connection attempts to leave allocated sessions
active indefinitely, leading to high memory utilization.
To resolve this:
- Enforce a 15-second handshake timeout on newly allocated sessions.
Connecting sessions that do not successfully finish the handshake
within 15 seconds are cleanly disconnected and freed.
- Enforce a session limit cap of 16 concurrent secure sessions on the
Border Agent. Reaching this limit immediately rejects new session
connection requests before triggering heap allocation.
- Implement Nexus test case TestBorderAgentSessionsLimit to robustly
verify both session limit rejection and handshake timeout behavior.
This commit adds support for IPv6 loopback address (::1) in the
simulation platform. When the local interface is set to the IPv6
loopback address, it uses the interface-local multicast group
(ff01::116) instead of the link-local group (ff02::116) for
node-to-node communication.
It also ensures that the `sin6_scope_id` is correctly set for the
loopback address in the transmission socket.
This commit fixes a deterministic null-pointer dereference in
CoapBase::ProcessBlock2Request when receiving a Block2 request
with block number greater than 0 without a preceding active
blockwise transfer.
Previously, when mLastResponse was null, the option copying logic
would unconditionally attempt to initialize the iterator with a
dereferenced mLastResponse pointer (iterator.Init(*mLastResponse)),
causing a segmentation fault crash.
This fix inserts a VerifyOrExit check on mLastResponse inside
ProcessBlock2Request. If mLastResponse is null, it returns the
kErrorNoFrameReceived error code. In ProcessBlockwiseRequest, this
is mapped to a 4.08 Request Entity Incomplete response, matching the
spec-compliant error handling behavior of Block1.
An automated reproduction and verification test case has also been
added to tests/nexus/test_coap_block.cpp.
This commit fixes the occasional/flaky failure of the Nexus test
1_1_5_8_4 by addressing a joiner expiration issue and strictly
verifying MLE Discovery Responses.
In test_1_1_5_8_4.cpp, the joiner was added with a timeout of 100s in
Step 1. However, the total simulated elapsed time before Step 11
(when the joiner is checked) is exactly 104s. This causes the
joiner to expire occasionally/consistently, resulting in the Leader
skipping the MLE Discovery Response in Step 12.
We increase the joiner timeout to 1000s so that it stays active
throughout the test. In addition, we update verify_1_1_5_8_4.py to
strictly verify the Step 12 Discovery Response and perform packet
matching chronologically rather than relying on seeking backward to
idx10.
This commit introduces a new static helper method,
`Manager::DidRegisterSuccessfully()`, to evaluate whether a specific
multicast address was successfully registered based on the MLR response
status and the list of failed addresses.
Previously, this evaluation logic was duplicated and inline within
`Manager::Finish()` using the expression:
`success = aSuccess || !aFailedAddresses.IsEmptyOrContains(addr)`.
This logic was not immediately intuitive and required reasoning through
the boolean conditions to understand the intended behavior.
Extracting this into a dedicated helper method improves code
readability and maintainability. It simplifies `Finish()` by
clearly separating the outcome evaluation from the actual state
transition logic (`kStateRegistering` to `kStateRegistered` or
`kStateToRegister`).
Additionally, the unused `AddressArray::IsEmptyOrContains()` method
has been removed.
This commit introduces a new helper method, `RxFrame::IsSecuredWith()`,
which allows callers to cleanly verify if a received MAC frame has
security enabled and uses a specific set of allowed Key ID Modes.
This eliminates redundant logic in `ThreadLinkInfo::SetFrom()`, where
the code previously had to manually check `GetSecurityEnabled()`,
extract the Key ID Mode, and validate it against `kKeyIdMode0` or
`kKeyIdMode1`. Mac::ProcessCsl()` is updated to use this new method
to cleanly enforce that CSL IE processing only occurs on frames
secured with Key ID Mode 1
Crucially, this commit also updates `DataPollHandler::HandleDataPoll()`
to use this new helper. Previously, it only checked if the frame
was secured (`GetSecurityEnabled()`), which would accept frames
using any Key ID Mode (including mode 2 with fixed/known keys). By
restricting the data poll handling to only accept Key ID Mode 1, we
ensure that data polls are only processed if they are secured with
a valid Thread network key.
This commit updates `Ip6::Filter::Apply()` to remove the exception
that allowed all unsecure link-local IPv6 datagrams to pass through
when the Thread role was disabled (e.g., when the interface is up
but Thread has not yet started).
By removing this check, the device now consistently enforces strict
port filtering at all times. Only explicitly allowed traffic, such
as MLE messages, commissioner traffic, or user-configured unsecure
ports, will be permitted, improving the overall security posture
regardless of the current Thread role state.
For testing and backward compatibility on reference devices, the
`mAllowUnsecureWhenDisabled` flag is introduced (available when
`OPENTHREAD_CONFIG_REFERENCE_DEVICE_ENABLE` is enabled). This allows
the legacy behavior to be restored via the new public APIs
`otIp6SetAllowUnsecureWhenDisabled()`. The new APIs are also provided
in CLI under `unsecureport allwhendisabled` command.
This commit introduces a new private helper method, `ShouldRegister()`,
to the `Manager` class. This method consolidates the checks required
to determine if the device should perform MLR.
This commit introduces the `KeyManager::ClearKek()` method, which clears
the `Kek` and resets the `mIsKekSet` flag.
The KEK is a temporary key used during the commissioning and entrust
phases. To improve security and key hygiene, this commit updates the
`Joiner` and `JoinerRouter` to explicitly clear the KEK once these
operations have concluded.
Specifically:
- `Joiner::Finish()` clears the KEK when finishing in `kStateEntrust`
or `kStateJoined`.
- `JoinerRouter::HandleJoinerEntrustResponse()` clears the KEK
immediately upon handling the entrust response, before scheduling
any delayed entrusts (which set their own KEK from metadata).
This commit removes a redundant `static_cast<const uint8_t *>` when
calling `Tlv::Append<Ip6AddressesTlv>()` in `SendMlrRequest()` in
`test_1_2_MATN_TC_21.cpp`. Since the method accepts `const void *`
as its value argument, the explicit cast is unnecessary and can be
safely removed to simplify the code.
This commit updates the `ContextTlv::IsValid()` method to reject
Context TLVs that specify a Context ID of zero.
According to the Thread specification, Context ID 0 is reserved for
the Mesh-Local Prefix and should not be distributed in the Network Data.
Adding this check ensures that such invalid TLVs are correctly
identified as malformed and dropped during Network Data processing.
This commit updates `AdvertisingProxy::CopyNameAndRemoveDomain()` to
properly handle potential errors returned by `Dns::Name::ExtractLabels()`.
Previously, any error returned by `ExtractLabels()` was ignored, which
could leave the output name buffer in an indeterminate state. With this
change, if extracting the labels fails, the name buffer is explicitly
cleared by setting its first character to `kNullChar`.
This prevents subsequent code from using uninitialized or partially
written data in the event of a parsing or buffer size error.
This commit resolves the flaky test failures occasionally observed
in the history_tracker Nexus test during ping verification.
The flakiness was caused by two primary issues:
1. Concurrent background Thread control traffic (e.g. multicast
Hop-by-Hop Options packets) sometimes interleaving with the Echo
Request pings, polluting the HistoryTracker queues and causing
the strict chronological checks to fail.
2. The FTD child node upgrading to a Router due to the
TooFewRouters network threshold rule, which dynamically changed
its RLOC16 and caused NeighborRloc16 history checks to fail.
To fix these, we:
1. Set the child node's router eligibility to false after joining
to prevent any unwanted topology changes or Rloc16 updates.
2. Refactored the strict Leader TX and Child RX chronological checks
with robust iterative loops filtering specifically for the
OT_ICMP6_TYPE_ECHO_REQUEST packets.
Verified 100% stable after executing a loop of 50 successful runs.
This commit enforces strictly in-order IPv6 fragment reassembly
in the core stack to improve reassembly robustness and correctness.
Previously, the reassembly engine did not track contiguous bytes
received. An out-of-order or gapped fragment containing the M=0
flag could incorrectly trigger reassembly completion, potentially
leading to the forwarding or processing of incomplete packets.
To resolve this, we now:
1. Enforce that reassembly must start with a fragment offset
of 0.
2. Verify that any subsequent fragment aligns perfectly with the
offset where the contiguous payload data currently ends
(`offset == message->GetOffset()`).
3. Safely advance `message->GetOffset()` as each fragment is
successfully appended to keep track of the contiguous
reassembled byte range.
4. Added a robust Nexus test case verifying that gapped
reassembly is properly dropped and blocked.
This strictly in-order validation approach is consistent with the
preexisting 6LoWPAN fragment reassembly in MeshForwarder.
This commit adds aRecursionDepth tracking and limit check in
Lowpan::Compress methods to prevent excessive recursive stack usage
from recursive compression of highly nested IP-in-IP headers.
Specifically:
- Threads aRecursionDepth parameter through 3-arg and 4-arg (now
5-arg) Compress wrappers.
- Enforces aRecursionDepth <= kMaxRecursionDepth (4) in Compress.
- Increments recursion depth on nested IP-in-IP calls (Ip6::kProtoIp6).
- Adds a Nexus integration test to verify that highly nested packets
are compressed up to the threshold limit, and successfully fall back
to uncompressed inline transmission without excessive stack usage.
This commit adds validation to ensure that Key ID Mode 0 (implied KEK)
secured frames are only accepted if a KEK is configured. If KEK is not
configured, the frame is rejected.
Specifically:
- Added `mIsKekSet` boolean member variable to `KeyManager` to track
KEK status.
- Implemented `KeyManager::IsKekSet()` to check if a KEK is
configured.
- Enforced a guard in `Mac::ProcessReceiveSecurity()` under
`kKeyIdMode0` to immediately reject incoming frames with
`kErrorSecurity` when the KEK is not configured.
- Added unit test `TestKeyManagerKek()` in `test_pskc.cpp` to
verify that `IsKekSet()` transitions from `false` to `true` as
expected.
This commit resolves an issue in HandleAddressSolicitResponse where
a malformed or invalid leader-supplied Router ID Mask omitting the
leader ID could trigger an assertion.
When a node receives an Address Solicit Response, it installs the new
router ID mask. If the leader's router ID is missing from the mask,
the Router entry for the leader is removed from the local router table.
Subsequently, when the node tries to ensure it has a valid next hop
and cost towards the leader, `mRouterTable.GetLeader()` returns `nullptr`,
leading to an `OT_ASSERT(leader != nullptr)` failure or a null-pointer
write when assertions are disabled.
This is resolved by safely verifying that the leader's router ID is
indeed present in the received router ID mask before applying the
routing update, ensuring `GetLeader()` is guaranteed to find it.
This commit updates `Mac::ProcessCsl` to explicitly verify that CSL IE
data frames are secured using `KeyIdMode1` (utilizing the network key
and per-neighbor frame counter freshness checks).
Fix a double-free of `mSavedResponse` in `Dns::Client` when processing
duplicate DNS responses matching an active query.
When an SRV/TXT query needs to resolve a host address (AAAA), the DNS
client allocates a chained `newQuery` to handle it. If duplicate
responses are processed before the query chain is finalized, they
trigger multiple AAAA resolution allocations for the same parent query.
Because the new query inherits `mSavedResponse` from the parent query's
`QueryInfo`, multiple chained queries end up aliasing/sharing the same
cloned `mSavedResponse` message. During finalization, `FreeQuery`
walks the chain and frees `mSavedResponse` for each query, leading to
a double-free of the shared `Message` and free-list/heap corruption.
This commit resolves the issue by:
1. Rejecting duplicate responses early in `ParseResponse` if a response
has already been received and saved for the query
(`info.mSavedResponse != nullptr`), returning `kErrorDrop`.
2. Initializing the `mSavedResponse` field of the `QueryInfo` struct
to `nullptr` before allocating the host resolution query (`newQuery`)
to prevent it from inheriting a potentially non-null saved response
from its parent.
This commit add a `OutputResult()` wrapper method in the `Utils` base
class.
Previously, several CLI sub-modules (`Dns`, `History`, `LinkMetrics`,
`MeshDiag`, and `PingSender`) implemented their own `OutputResult()`
wrappers that simply delegated to the `Interpreter`. Since all these
sub-modules inherit from `Utils`, this functionality is now provided
directly by the base class, removing redundant code and simplifying
the sub-module implementations.
This commit introduces the `Mlr` namespace to encapsulate all
Multicast Listener Registration related types and logic, improving
overall code organization and readability.
The following primary renames were performed:
- `MlrManager` to `Mlr::Manager`
- `MlrState` to `Mlr::State`
- `MlrStatus` to `Mlr::Status`
- Constants like `kMlrSuccess` to `Mlr::kStatusSuccess`
Additionally, methods within the newly scoped `Mlr::Manager` class
have been simplified by removing redundant `Mlr` prefixes (e.g.,
`SendMlr()` is now `Send()`, `FinishMlr()` is now `Finish()`).
External modules and tests have been updated to reference the new
scoped names.
This commit extracts the logic for appending an `Ip6AddressesTlv` into
a new `static` helper method, `Ip6AddressesTlv::AppendTo()`.
Previously, multiple locations in the codebase manually managed the
TLV construction and appending. This change centralizes this logic,
simplifying the call sites in `BackboneRouter::Manager` and
`MlrManager`.
RFC 7731 Section 4 specifies that the MPL Option MUST only reside
within a Hop-by-Hop Options extension header. However, previously,
Ip6::HandleOptions processed MplOption::kType regardless of whether the
enclosing header was Hop-by-Hop or Destination Options.
This commit fixes the issue by adding a boolean parameter to
Ip6::HandleOptions indicating if the enclosing header is Hop-by-Hop.
MplOption::kType is now only processed if this parameter is true.
If the MPL Option is encountered in a Destination Options header,
it is treated as unrecognized, and because its type action mandates
discarding the packet, the datagram is dropped safely.
Gate `MeshForwarder::UpdateEidRlocCacheAndStaleChild` on link
security, ensuring that the received frame has security enabled.
Adding the link security check ensures that only fully authenticated
data frames (successfully decrypted and verified at the MAC layer)
can influence the EID-to-RLOC cache and the child table states.
Host-untrusted IP-in-IP packets could reach the local TMF socket
without the intended port checks on the receive path if destined to
the Border Router's own OMR address with an inner destination set to
the Thread-side link-local address. When the outer message is
decapsulated, it recurses through the IPv6 stack receive path while
retaining its HOST_UNTRUSTED origin, but local UDP socket dispatching
lacks equivalent origin checks.
This commit introduces a validation check in Ip6::HandleDatagram to
immediately drop any message from a host-untrusted origin with a
next header of kProtoIp6 (IP-in-IP encapsulation). This securely
prevents this receive-path processing and the corresponding
forwarding behavior.
Added the tmf_origin Nexus integration test to verify that
host-untrusted IP-in-IP packets are successfully dropped by
returning kErrorDrop.
This commit reorganizes the `Node` class declaration in
`nexus_node.hpp` to improve readability and maintainability.
The methods and members are now logically grouped into marked
sections.
This commit removes an overly strict `OT_ASSERT` on child state
validity inside `ProcessAddressRegistrationTlv`.
When a valid child transitions to a link-reestablishment state
(e.g., `kStateChildUpdateRequest` or `kStateChildIdRequest`) with
registered MLR addresses, its MLR registered set is preserved. The
subsequent processing of the Child Update Response or Child ID Request
causes `ProcessAddressRegistrationTlv` to be invoked while the child
is not yet back in `kStateValid`, which triggers the assertion on the
parent router/leader.
Since the parsing logic and `MlrManager` handle non-valid child states
gracefully, this assertion is deleted.
This commit updates Tmf::Agent::Filter to require link-layer security
for all incoming TMF requests.
Thread Management Framework (TMF) messages are used for network
management and configuration. The Thread specification requires that
all TMF messages be secured. While individual handlers often have
specific checks, enforcing this at the TMF Agent level provides a
consistent security layer for all TMF traffic.
For most TMF messages, security is provided by the Network Key. For
commissioning-related messages (like Joiner Entrust), security is
provided by the Key Encryption Key (KEK). In all cases, a valid TMF
message must have link-layer security enabled.
This change prevents unauthenticated attackers from sending unsecured
TMF messages to manipulate network state or configuration.
This commit fixes an issue where a tasklet could not be successfully
unposted if it was already scheduled for execution in the current
event loop iteration.
Previously, `Scheduler::ProcessQueuedTasklets()` copied and cleared the
queued tasklets before running them. If a running tasklet called
`Unpost()` on another tasklet that was also in the copied list, the
unpost operation would fail to remove it because it only checked the
main queue.
To address this, the `Scheduler` now explicitly maintains two separate
queues: `mPostedQueue` and `mRuningQueue`. The `Tasklet::Unpost()`
method is updated to remove the target tasklet from both queues,
ensuring it is correctly dequeued even if it is pending in the running
list.
The queue logic is encapsulated into a nested `Queue` class to manage
the circular singly linked-list operations cleanly. Additionally, unit
tests are expanded to cover scenarios where tasklets post or unpost
other tasklets during execution.
This commit adds an explicit check in Joiner::HandleTmf<kUriJoinerEntrust>
to verify that the received message has link-layer security enabled.
According to the Thread specification, the Joiner Entrust message MUST
be protected by link-layer security using the Key Encryption Key (KEK).
Previously, this check was missing, allowing an unauthenticated
attacker to send unsecured Joiner Entrust messages. Such messages
could inject invalid network configuration, causing the device to
fail to attach to the correct network after a reboot.
By verifying IsLinkSecurityEnabled(), we ensure that the message
was successfully decrypted using the KEK (since the network key is
not yet known by the Joiner), thus authenticating the sender as the
valid Commissioner or Joiner Router.
This commit updates the `Interpreter::SetUserCommands()` method to
detect if a set of CLI commands is already registered. If a duplicate
registration is detected, the method now returns `OT_ERROR_NONE` and
exits early without consuming an additional slot in the user commands
table. It also ensures that `OT_ERROR_FAILED` is only returned when
there are no available slots for a new registration.
This commit simplifies the `MlrManager::SendMlrMessage()` method by
removing the `void *aContext` parameter.
Previously, all callers (`SendMlr()` and `RegisterMulticastListeners()`)
were passing `this` as the context for the CoAP response handler. The
context is now passed directly as `this` when invoking
`Tmf::Agent::SendMessageTo()`, removing the need to thread it through
the method arguments.
This commit updates the way Route TLV is constructed and appended to
messages. Previously, a `RouteTlv` object with a large fixed-size
`mRouteData` array was allocated on the stack, filled by
`RouterTable`, and then appended to the message.
To simplify the code and improve efficiently a new helper method
`RouterTable::AppendRouteTlv()` is introduced which appends the TLV
content directly in the `Message`. It uses `Tlv::StartTlv()` and
`Tlv::EndTlv()` to encapsulate the `RouterIdMask` and the iteratively
appended route data entries.
A helper method `RouteTlv::AppendRouteDataEntry()` is added which
handles encoding and adding a Route Data Entry, including the the
bit-packing logic(the staggered 1.5-byte packing under
`OPENTHREAD_CONFIG_MLE_LONG_ROUTES_ENABLE`).
This commit removes several simulation test jobs from the GitHub Actions
workflows, specifically 'simulation-1.1.yml' and 'simulation-1.4.yml'.
The following jobs were removed:
- packet-verification
- cli-ftd
- cli-mtd
- cli-time-sync
- thread-1-4
These tests have been migrated to the Nexus test framework, which
allows for more efficient and scalable network simulations by
running multiple OpenThread nodes within a single process.
This commit simplifies the `MulticastListenersTable` by replacing the
custom heap-based sorting logic with a standard `Array` and integrating
an internal `TimerMilli` (`mTimer`) to handle entry expirations.
Previously, the table maintained a min-heap based on expiration times
(`FixHeap`, `SiftHeapElemDown`, `SiftHeapElemUp`) and required
external calls to `Expire()` every second. The new implementation
uses `mListeners.FindMatching()` and `mListeners.RemoveAllMatching()`,
significantly reducing code complexity and maintenance overhead.
The unit tests in `test_multicast_listeners_table.cpp` are also updated
to reflect the simplified model
This commit updates the CLI sub-modules to use a new, non-static
`GetInterpreter()` method provided by the `Utils` base class, rather
than relying on the static `Interpreter::GetInterpreter()` which
returns a global singleton.
The `Utils::GetInterpreter()` method downcasts its associated
`OutputImplementer` reference to the specific `Interpreter` instance
it belongs to. `OutputImplementer` is a base class of `Interpreter`.
This change is a step towards adding support for multiple CLI
interpreters (per OpenThread instance).
Additionally, the `OutputImplementer` constructor is made `protected`
as it is intended to serve as a base class.
This commit refactors the instance allocation logic in `Instance` to
use `constexpr size_t` constants replacing the preprocessor macros
(`OT_DEFINE_ALIGNED_VAR` and `OT_ALIGNED_VAR_SIZE`).
The new constants `kInstanceSizeInUint64s` and
`kMultiInstanceSizeInUint64s` provide better type safety and are more
idiomatic C++. The raw storage arrays (`gInstanceRaw` and
`gMultiInstanceRaw`) are now explicitly defined as `uint64_t` arrays
using these calculated sizes.
Additionally, this commit introduces `kNumStaticInstances` to represent
the configured number of multiple static instances.
This commit introduces the `RoleTransitioner` class (renamed from
`RouterRoleTransition`) to centralize the management of router role
eligibility, thresholds, and transitions.
The following state and logic are moved from the `Mle` class into
the `RoleTransitioner`:
- Router role eligibility and allowance state (`mRouterEligible`,
`mRouterRoleAllowed`).
- Upgrade and downgrade thresholds.
- Downgrade blocking state (`mDowngradeBlocked`).
- Transition decision logic (`DecideWhetherToUpgrade()`,
`DecideWhetherToDowngrade()`).
- The transition jitter timer and its management.
By consolidating these responsibilities, the complexity of the main
`Mle` class is reduced, and the role transition process is more
explicitly managed within its own sub-component.
This commit updates `Trel::Link::ProcessReceivedPacket()` to move
channel mismatch validation until after the acknowledgment logic.
TREL ACKs serve as a mechanism to monitor link status between peers.
By deferring the channel check, we ensure that TREL packets requiring
an acknowledgment are correctly acknowledged at the TREL layer even
if they are not further processed.
A primary use case is the MLE Announce message, which is sent on a
different channel as a broadcast. At the TREL layer, this broadcast
is converted to unicast TREL packet transmissions to each peer on the
same PAN, with packets marked to request a TREL ACK. This change
ensures the receiving TREL peer sends an ACK for such packets,
maintaining link monitoring, while still dropping the packet at the
TREL link layer due to the channel mismatch.
When uart-exclusive is specified as a radio URL parameter, the UART
device is locked using flock(LOCK_EX) to prevent concurrent access,
and TIOCEXCL is set where supported.
This commit implements rate limitation for the TCAT commands Present
PSKd Hash TLV (0x10), Present PSKc Hash TLV (0x11) and Present
Install-code Hash TLV (0x12) to prevent password guessing attacks.
It also removes the TCAT command Request PSKd Hash TLV (0x14), to
prevent offline password guessing attacks with a single Hash value
retrieved from the device.
Note: The commit does not remove the Request PSKd Hash TLV
implementation in the Python commissioner such that the non-existence
of the command TLV can still be tested.
This commit enhances MLE where a full Route TLV could be appended to
a Link Accept message sent to a child neighbor, potentially leading
to a message requiring lowpan fragmentation.
Previously, `Mle::SendLinkAccept()` relied on a `Router` pointer to
determine whether to use a full or compact Route TLV. When the Link
Request originated from a child, this pointer was null, causing a
full Route TLV to be used.
The changes in this commit include:
- Updating the `LinkAcceptInfo` struct to track the RLOC16 of the Link
Request sender.
- Updating `Mle::TxMessage::AppendRouteTlv()` and adding
`AppendCompactRouteTlv()` to replace the previous single method that
took a `Neighbor` pointer. This makes the intent clearer and
supports both router and child neighbors.
- Updating `RouterTable::FillRouteTlv()` to take an RLOC16 instead of
a `Neighbor` pointer. It uses `Mle::RouterIdFromRloc16()` to ensure
that if the destination is a child, its parent's Router ID is
included in the compact Route TLV.
- Includes new Nexus test `test_compact_route_tlv` to validate the
use of compact Route TLV in Link Accept.
This commit removes the test_ping.py test file from the
thread-cert test suite.
The ping functionality tested by this file is already
well covered by existing Nexus tests (e.g.,
test_ipv6_source_selection.cpp, test_radio_filter.cpp),
so this file is no longer needed.
This commit migrates the test_history_tracker.py test
from the thread-cert test suite to the Nexus test
framework as a new C++ test.
The new C++ test, test_history_tracker.cpp, covers:
- Role changes (detached -> leader -> disabled)
- NetInfo age up to 49 days
- Child mode Rn changes
- Ping between leader and child, verifying message
types, checksums, priority, and success flags
It directly uses HistoryTracker::Local methods instead
of the C APIs.
This commit introduces `NeighborTable::Iterator` and
`NeighborTable::kIteratorInit` as core type aliases for
the public `otNeighborInfoIterator` and its initializer
`OT_NEIGHBOR_INFO_ITERATOR_INIT`.
This commit adds a new Nexus test `TestFedRxOnlyLinkEstablishment` to
verify that a Full End Device (FED) successfully establishes rx-only
links with all its neighboring routers in the network.
The test forms a topology with a leader and 15 routers, then adds an
FED child. It uses the `NeighborTable` callback to track the addition
of routers to the FED's neighbor table and ensures that it
eventually establishes links with all available neighboring routers.
This commit renames the local variable `aKeyType` to `keyType` in
`Radio::SetMacKey()` to align with the project's naming conventions.
The `a` prefix is reserved for function arguments, while local
variables use `lowerCamelCase` without a prefix.
This commit migrates the functionality covered by
`tests/scripts/thread-cert/test_radio_filter.py` to a new Nexus test
`tests/nexus/test_radio_filter.cpp`.
The new test covers:
- Initial state of radio filter (disabled).
- Enabling radio filter on Router blocks pings.
- Disabling radio filter on Router restores pings.
- Enabling radio filter on SED causes it to detach.
- Disabling radio filter on SED allows it to reattach.
To make the test pass in Nexus, the following fixes were applied:
- Set external poll period to 40ms for SED to receive ping replies.
- Forced parent search on SED using `BecomeChild()` to avoid long
backoff interval.
The energy scan portion of the original test is skipped because
`otPlatRadioEnergyScan` is not implemented in the Nexus platform.
The original Python test file is removed.
This commit migrates the functionality covered by
`tests/scripts/thread-cert/test_coaps.py` to a new Nexus test
`tests/nexus/test_coaps.cpp`.
The new test covers:
- CoAP Secure with PSK.
- CoAP Secure with X.509 certificates.
The X509 test is conditionally compiled based on
`MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED`.
The original Python test file is removed.
This commit renames the `RouterTable::FindNextHopOf()` method to
`RouterTable::FindNextHopTowards()` to more accurately reflect its
purpose: finding the next hop on the path towards a given destination
router.
This commit migrates the functionality covered by test_coap_observe.py
to the Nexus test framework.
- Enabled OPENTHREAD_CONFIG_COAP_OBSERVE_API_ENABLE in Nexus config.
- Created test_coap_observe.cpp to test CoAP observations and
notifications in a simulated network.
- Handled edge cases in the test to avoid segfaults during cancel
response processing.
- Removed the old Python test test_coap_observe.py.
This commit addresses an occasional failure in test 1_2_MATN_TC_10
where the Router's ping reply was not found in Step 8.
- Increased the time advanced in Step 8 from 10 seconds
(kStabilizationTime) to 20 seconds (2 * kStabilizationTime).
- This allows more time for address resolution (NS/NA) and packet
transmission in the simulated environment.
- Verified that the test passes consistently with 100 consecutive
successful runs after applying this fix.
This commit migrates the functionality covered by test_coap_block.py
to the Nexus test framework.
- Enabled OPENTHREAD_CONFIG_COAP_BLOCKWISE_TRANSFER_ENABLE in Nexus
config.
- Created test_coap_block.cpp to test CoAP GET and PUT block
transfers in a simulated network.
- Removed the old Python test test_coap_block.py.
This commit introduces support for configuring and retrieving a vendor
OUI-24 (Organizationally Unique Identifier). It defines the new
`OPENTHREAD_CONFIG_NET_DIAG_VENDOR_OUI` configuration option and adds
the `otThreadGetVendorOui()` and `otThreadSetVendorOui()` APIs.
When specified, the vendor OUI is included in the `BorderAgent`
mDNS/DNS-SD TXT data under the `vo` key.
The `VendorInfo` class is updated to manage the OUI value. This
commit also adds the `vendor oui` CLI command to get or set this
property. Finally, it updates the tests to validate the presence and
correctness of the new `vo` key in the TXT data.
This commit removes the `OPENTHREAD_CONFIG_MLE_IP_ADDRS_TO_REGISTER`
configuration option and the logic in `Mle` that limited the number of
IPv6 addresses registered by an MTD with its parent.
By removing this limit, MTDs will now attempt to register all their
valid unicast and multicast addresses. The parent router still
enforces its own limit on the number of addresses it accepts and
stores per child via `OPENTHREAD_CONFIG_MLE_IP_ADDRS_PER_CHILD`.
An error check is added to `openthread-core-config-check.h` to inform
users of the removal of this configuration macro.
This commit moves the constants for the minimum and maximum number of
IPv6 addresses allowed in a Multicast Listener Registration (MLR)
request from the `Ip6AddressesTlv` class to `mlr_types.hpp`.
The new constants are named `kMlrMinIp6Addresses` and
`kMlrMaxIp6Addresses`. This change decouples the protocol-specific
limits from the TLV definition, which is more appropriate as these
limits are specific to the MLR process rather than the TLV itself.
The `Ip6AddressesTlv` class is simplified to a `typedef` of `TlvInfo`.
Call sites in `MlrManager`, `BackboneRouter::Manager`, and `NcpBase`
are updated accordingly.
This commit combines the two separate definitions of the `RouteTlv`
class, which were previously conditionally compiled based on the
`OPENTHREAD_CONFIG_MLE_LONG_ROUTES_ENABLE` configuration, into a
single unified class definition.
The `#if`/`#else` preprocessor directives are now localized within the
specific getter and setter methods (e.g., `GetRouteDataEntryCount()`,
`GetRouteCost()`, `SetRouteData()`) to handle the different routing
data formats. This removes significant code duplication for shared
methods such as `Init()`, `IsValid()`, `GetRouterIdSequence()`, and
`IsSingleton()`.
This commit migrates the test_ping_lla_src.py script from thread-cert
to the Nexus test framework.
The new test_ping_lla_src.cpp implements the same test logic:
- Forms a network with a Leader and two Routers.
- Verifies that pings using a Link-Local Address (LLA) as the source
succeed when sent to a neighbor's Mesh-Local EID (ML-EID).
- Verifies that pings using an LLA source fail when sent to a
non-neighbor's ML-EID, as LLAs are only valid for single-hop
communication.
- Verifies that external routes are not used for LLA-sourced packets.
To support this migration, the Nexus Core class was enhanced with:
- Overloads for SendAndVerifyEchoRequest that allow specifying a
source address.
- New SendAndVerifyNoEchoResponse methods to verify that no echo
response is received (useful for negative test scenarios).
Changes:
- Added tests/nexus/test_ping_lla_src.cpp
- Updated tests/nexus/CMakeLists.txt to include the new test.
- Enhanced tests/nexus/platform/nexus_core.hpp/cpp with new helpers.
- Removed tests/scripts/thread-cert/test_ping_lla_src.py.
Add the jlumbroso/free-disk-space action to all jobs in the Nexus
workflow. This ensures that the runner has sufficient disk space to
complete the build and test tasks, preventing failures due to exhausted
disk resources on GitHub-hosted runners.
Added OPENTHREAD_CONFIG_PARENT_SEARCH_BACKOFF_INTERVAL with a value of
10 minutes (10 * 60 seconds) to the Nexus core configuration. This
helps in controlling the backoff behavior during parent search in the
simulator, making it more interactive.
This commit migrates the 'test_pbbr_aloc.py' script from the
thread-cert framework to the Nexus simulation framework.
The new 'test_pbbr_aloc.cpp' replicates the original test:
- Forms a network with PBBR, Leader, and Router nodes.
- Enables Backbone Router (BBR) on the PBBR node and waits for it
to become the Primary BBR.
- Verifies connectivity to the Leader ALOC (0xfc00) and the PBBR
ALOC (0xfc38) from the Router node using ICMPv6 Echo Requests.
- Confirms that the stack correctly uses Network Data for ALOC
resolution.
Nexus tests provide faster and more scalable network simulations
within a single process, improving CI efficiency and reliability.
Original Python script 'tests/scripts/thread-cert/test_pbbr_aloc.py'
is removed as its functionality is now fully covered by Nexus.
This commit migrates the test for DNSSD names with special characters
from the thread-cert functional tests to the Nexus simulation
framework.
The new Nexus test 'test_dnssd_name_with_special_chars.cpp' replicates
the logic from 'test_dnssd_name_with_special_chars.py' and covers:
- SRP service registration with an instance name containing special
and Unicode characters ("O\T 网关").
- DNS-SD browse to discover the service instance.
- DNS-SD resolution of the service instance name, including
verification of case-insensitive resolution.
* [posix] truncate settings file to last valid offset on parse error
When Init() encounters a corrupt entry, it currently truncates the
entire file to 0 bytes, destroying all settings. Since the parse loop
already knows the exact offset where corruption starts, truncate to
that offset instead, preserving all entries that were successfully
parsed.
This prevents loss of the active operational dataset (and other
settings) when only trailing bytes are corrupt — a common failure
mode when power is lost during a write.
If corruption starts at offset 0 (no valid entries), behavior is
identical to the original code.
* [posix] fsync parent directory after settings file rename
SwapPersist() calls fsync() on the data file descriptor but does not
sync the parent directory after rename(). On journaling filesystems
(ext4, overlayfs), the rename metadata may not reach stable storage
before a power loss. This can leave the old swap file in place,
which triggers a parse error on the next Init().
Add a best-effort fsync() on the parent directory after the rename.
This is non-fatal since the file data is already persisted; only the
directory entry could lag behind.
This commit exposes radio model parameters (path loss constant,
exponent, and sensitivity) and the minimum link request margin from
the Nexus simulator backend to the frontend.
Changes in backend:
- Expose constants in `RadioModel` and `Radio`.
- Add `GetRadioParameters` RPC to `simulation.proto` and implement it
in gRPC and WASM bindings.
- Expose `OPENTHREAD_CONFIG_MLE_LINK_REQUEST_MARGIN_MIN` and
`OPENTHREAD_CONFIG_MLE_PARTITION_MERGE_MARGIN_MIN` via the new RPC.
Changes in config:
- Set `OPENTHREAD_CONFIG_MLE_LINK_REQUEST_MARGIN_MIN` and
`OPENTHREAD_CONFIG_MLE_PARTITION_MERGE_MARGIN_MIN` to 5 dB in
`openthread-core-nexus-config.h`.
This allows the frontend to calculate and render circles dynamically.
This commit introduces the `DoesArrayContain()` template function to
check if a given item is present in a fixed-size C array. The template
arguments are deduced by the compiler, allowing callers to simply use
`DoesArrayContain(aArray, aItem)`.
It also updates `Manager::CoapDtlsSession::ReadSteeringDataTlv()` and
`Ip6::HandleDatagram()` to use this new helper function instead of
using manual `for` loops to iterate over `kEnrollerValidSteeringDataLengths`
and `kForwardIcmpTypes` arrays respectively.
This commit updates the `RouteTlv` implementation to use `ReadBits` and
`WriteBits` from `bit-utils` for reading and writing route data entries
(Link Quality In/Out and Route Cost). This simplifies the bitwise
operations and improves readability.
This commit migrates the DNS-SD test from the thread-cert Python
framework to the Nexus C++ framework.
The new Nexus test 'test_dnssd.cpp' replicates the original test
scenario and functionality:
- Formation of a Thread network with multiple SRP clients and a
server.
- Service registration with subtypes via SRP.
- DNS browsing for full service types and specific subtypes.
- DNS address (AAAA) and service (SRV/TXT/AAAA) resolution.
- Specific DNS record queries for SRV and KEY record types.
- Verification of DNS behavior for non-existent records.
The original Python script 'tests/scripts/thread-cert/test_dnssd.py'
is removed as its functionality is now fully covered by Nexus.
Nexus tests provide faster and more scalable network simulations
within a single process, improving CI efficiency and reliability.
This commit migrates the test_service.py script from thread-cert to the
Nexus test framework.
The new test_service.cpp implements the same test logic:
- Forms a network with a Leader and two Routers.
- Adds and removes services on different nodes.
- Verifies that Service Anycast Locators (ALOCs) are correctly
added to and removed from the nodes' unicast addresses.
- Confirms reachability of the ALOCs using ICMPv6 Echo Requests
from all nodes in the network.
- Ensures ALOCs become unreachable after the service is removed
from the network data.
Changes:
- Added tests/nexus/test_service.cpp
- Updated tests/nexus/CMakeLists.txt to include the new test.
- Removed tests/scripts/thread-cert/test_service.py.
This commit restricts the API to set a preferred router ID under
`OPENTHREAD_CONFIG_REFERENCE_DEVICE_ENABLE`. This feature is intended
for testing and therefore be excluded from standard builds to ensure
compliance with the Thread Specification.
In `Nexus::Core::HandleStateChanged`, the `lastParentId` was not
cleared when a device transitioned to the Router or Leader role. This
could cause stale parent associations to persist, leading to incorrect
link state reporting in the visualizer during subsequent role
transitions (e.g., when a former Leader merges into a partition and
becomes a Child/REED).
This fix clears `lastParentId` (sets it to `0xffff`) when the device
becomes a Router or Leader, ensuring a fresh state for parent
tracking.
This commit migrates 'test_on_mesh_prefix.py' from the thread-cert
functional tests to the Nexus simulation framework.
The new Nexus test 'test_on_mesh_prefix.cpp' covers:
- Propagation of stable and non-stable on-mesh prefixes.
- Different Network Data request behavior for MEDs and SEDs.
- MEDs receiving both stable and non-stable prefixes.
- SEDs receiving only stable prefixes.
- IPv6 address configuration (SLAAC) for all prefixes.
- Reachability verification via ICMPv6 Echo Request/Response.
Migrating to Nexus provides faster execution and improves the
reliability of the functional test suite.
This commit migrates the router multicast link request test from the
thread-cert functional tests to the Nexus simulation framework.
The new Nexus test 'test_router_multicast_link_request.cpp' covers:
- Verification of a REED node becoming a router.
- Multicast Link Request transmission to neighboring routers.
- Quick link establishment with multiple neighbors after role upgrade.
The original Python test 'test_router_multicast_link_request.py' is
removed as its functionality is now fully covered by the Nexus test.
This commit migrates the SRP server anycast mode test from the
thread-cert Python script to the Nexus test framework.
The new Nexus test `test_srp_server_anycast_mode.cpp` covers:
- SRP Server configuration in both Anycast and Unicast modes.
- Proper publication of SRP Server information in Network Data.
- SRP Client auto-start and server selection logic.
- Service registration and verification in both address modes.
- DNS browsing for registered SRP services.
Nexus tests allow for faster and more scalable network simulations
within a single process, improving CI efficiency.
Removed:
- tests/scripts/thread-cert/test_srp_server_anycast_mode.py
Migrate legacy Python test `test_reset.py` to Nexus C++ test
`test_reset.cpp`.
The test verifies that OpenThread correctly recovers network state,
specifically frame counters and datasets, after sequential resets of
nodes in a multi-hop topology (Leader <-> Router <-> ED).
The test sequence:
- Establish multi-hop topology: Leader <-> Router <-> ED.
- Send 1010 pings from ED to Leader to advance the frame counter
beyond the default storage threshold (1000).
- Reset Leader, Router, and ED sequentially.
- Verify end-to-end connectivity after resets, confirming that frame
counters were correctly recovered from non-volatile storage.
Legacy `tests/scripts/thread-cert/test_reset.py` is removed as its
functionality is now fully covered by the Nexus test.
This commit migrates the following tests from thread-cert to Nexus:
- test_router_reboot_multiple_link_request.py
- test_leader_reboot_multiple_link_request.py
New Nexus tests cover:
- Router rebooting and sending multiple Link Requests when isolated.
- Leader rebooting and sending multiple Link Requests when isolated.
The original Python cert tests are removed as they are now fully
covered by the Nexus framework.
This commit adds a new Nexus test to verify the functionality of the
MLE long routes experimental feature, which allows path costs to
exceed the standard limit of 15.
The new test `TestLongRoutes` in `test_long_routes.cpp` forms a
topology consisting of a leader and a chain of 25 routers. It then
validates that the path cost from the last router in the chain to the
leader is correctly reported as 25 using `GetPathCostToLeader()`.
Supporting changes include:
- Updating `build.sh` to support a `long_routes` build target that
enables `OT_MLE_LONG_ROUTES`.
- Adding the `long_routes` test to `CMakeLists.txt` with the
appropriate labels.
- Introducing a new GitHub workflow job `nexus-long-routes-tests` in
`nexus.yml` to automate the execution of this test.
This commit migrates the router reattach test from the thread-cert
Python framework to the Nexus C++ framework.
The new Nexus test 'test_router_reattach.cpp' replicates the
original test scenario:
- A full 32-node router network is formed.
- Router upgrade/downgrade thresholds are set to 32.
- A router is reset and verified to re-attach and reclaim its
router role.
- The test ensures the router does not downgrade after the router
selection jitter interval.
The original Python script 'tests/scripts/thread-cert/
test_router_reattach.py' is removed as its functionality is now
fully covered by Nexus.
Nexus tests provide faster and more scalable network simulations
within a single process, improving CI efficiency.
This commit migrates the anycast routing test from the thread-cert
functional tests to the Nexus simulation framework.
The new Nexus test 'test_anycast.cpp' replicates the linear topology
(R1-R2-R3-R4-R5) and verifies:
- Anycast routing for DHCPv6 Agent (ds/cs) ALOCs.
- Dynamic routing updates when multiple anycast servers are present.
- Traffic routing to the nearest anycast destination.
The original Python test 'test_anycast.py' is removed as its
functionality is now fully covered by the Nexus test.
This commit migrates the anycast locator test from the thread-cert
functional tests to the Nexus simulation framework.
The new Nexus test 'test_anycast_locator.cpp' covers:
- Anycast Locator (ALOC) resolution for the Leader from all nodes.
- Custom service ALOC resolution when only one node provides it.
- Closest-node ALOC resolution when multiple nodes provide the same
service in a line topology (LEADER-R1-R2-R3-R4).
- Verification that nodes resolve to the nearest service instance.
The original Python test 'test_anycast_locator.py' is removed as its
functionality is now fully covered by the Nexus test.
This commit simplifies the `Ip6AddressesTlv` by removing the dedicated
class definition and instead defining it as a `TlvInfo` for the
`ThreadTlv::kIp6Addresses` type.
The usage of `Ip6AddressesTlv` is updated in `BbrManager`,
`MlrManager`, and related tests to use `Tlv::StartTlv()` and
`Tlv::EndTlv()` when appending the TLV to messages.
This commit renames `GetRouteDataLength()` and `SetRouteDataLength()`
to `GetRouteDataEntryCount()` and `SetRouteDataEntryCount()` in the
`RouteTlv` class.
When `OPENTHREAD_CONFIG_MLE_LONG_ROUTES_ENABLE` is enabled, the
route data entries use a packed format (12 bits or 1.5 bytes per
entry). Consequently, the byte length of the route data field in
the TLV is no longer equal to the number of route entries.
This change ensures that `GetRouteDataEntryCount()` correctly
calculates the number of entries from the TLV length and
`SetRouteDataEntryCount()` sets the TLV length correctly based on
the entry count.
This commit migrates the SRP TTL test from the thread-cert Python
framework to the Nexus C++ framework.
The new Nexus test `test_srp_ttl.cpp` covers all four TTL clamping
cases originally implemented in `test_srp_ttl.py`:
1. CLIENT_TTL < TTL_MIN < LEASE_MAX => Clamped to TTL_MIN.
2. TTL_MIN < CLIENT_TTL < TTL_MAX < LEASE_MAX => Used CLIENT_TTL.
3. TTL_MAX < LEASE_MAX < CLIENT_TTL => Clamped to TTL_MAX.
4. LEASE_MAX < TTL_MAX < CLIENT_TTL => Clamped to LEASE_MAX.
Nexus tests provide faster and more scalable network simulations
within a single process, improving CI efficiency.
The original Python script `tests/scripts/thread-cert/test_srp_ttl.py`
is removed as its functionality is now fully covered by Nexus.
The test was failing occasionally due to the unpredictable timing of
tick-aligned timers and dataset propagation in simulations.
Specifically:
1) The router's jittered timeout (minimum 1 second) could expire
in as little as 1ms if an MLE TimeTick occurred immediately
after the security policy update.
2) Dataset propagation via MLE Advertisements could take up to
32 seconds, making immediate checks on the router's role
unreliable.
This commit fixes the flakiness by:
- Replacing flaky router role checks with `IsRouterRoleAllowed()`
assertions. This verifies that the security policy has been
successfully propagated and applied, regardless of whether the
actual role transition has completed.
- Increasing the propagation wait time to 5 seconds. This provides
a safe margin for simulated radio propagation while remaining
well within the leader's 10-second downgrade delay.
- Ensuring both the leader and router are verified for policy
application in both phases of the test.
- Maintaining the final checks to ensure both nodes eventually
become detached after the full downgrade delay (150 seconds).
The fix was verified with 1000 consecutive successful iterations.
This commit migrates the SRP server reboot port test from the
thread-cert functional tests to the Nexus simulation framework.
The new Nexus test 'test_srp_server_reboot_port.cpp' covers:
- SRP server address mode configuration (Unicast).
- SRP client auto-start discovery of the server.
- SRP server reboot (disable/enable) without node reboot.
- Verification that the server selects a new port after each reboot.
- Robustness of service re-registration over 25 reboot iterations.
The original Python test 'test_srp_server_reboot_port.py' is removed
as its functionality is now fully covered by the Nexus test.
This commit migrates the SRP register services with different
lease test from the thread-cert Python framework to the Nexus
test framework.
The new Nexus test (test_srp_register_services_diff_lease.cpp)
reproduces the functionality of the original Python test:
- Registration of multiple services with different lease/key-lease
intervals.
- Verification of per-service lease values on the SRP server.
- Ensuring key-lease is always at least as long as the lease.
- Validating lease renewal and expiry behaviors.
- Testing dynamic changes to default client lease and TTL.
Migrating to Nexus allows for faster and more scalable network
simulations within a single process.
This commit migrates the srp_client_save_server_info test from the
thread-cert Python-based test framework to the Nexus C++ simulation
framework.
The new Nexus test (test_srp_client_save_server_info.cpp) verifies:
- SRP client selects an SRP server when auto-start is enabled.
- SRP client sticks to the current server even if other SRP servers
become available.
- SRP client saves and reuses the selected server info across SRP
client stops and restarts.
- SRP client selects a new server if the current one becomes
unavailable.
- SRP client sticks to the new server even if the old one returns.
The original Python test script is removed as its functionality is
now fully covered by the new Nexus test.
This commit migrates the test_srp_register_500_services.py test from
the thread-cert test suite to the Nexus platform.
The new C++ test (tests/nexus/test_srp_scale.cpp) implements the same
functionality: it verifies that 25 SRP clients (13 routers and 12
FEDs) can successfully register a total of 500 services (20 services
per client) with a single SRP server (the leader).
The commit includes:
- Removal of the original Python test file.
- Addition of the new Nexus C++ test file.
- Integration of the new test into CMakeLists.txt and
run_nexus_tests.sh.
This commit migrates the SRP client host removal test from the
thread-cert Python-based framework to the Nexus framework.
The new C++ implementation in tests/nexus/test_srp_client_remove_host.cpp
covers the same scenarios as the original Python script:
- Successful registration of SRP host and services.
- Verification that ClearHostAndServices() does not immediately remove
server-side state.
- Verification that RemoveHostAndServices(removeKey=False,
sendUnregToServer=True) marks the host and services as deleted on the
SRP server.
- Verification that RemoveHostAndServices(removeKey=True,
sendUnregToServer=True) fully removes the host and service entries
from the SRP server.
The original Python script test_srp_client_remove_host.py is removed
as its functionality is now fully covered by the Nexus test.
This commit migrates the test_srp_many_services_mtu_check.py from
tests/scripts/thread-cert to the Nexus test framework.
The new test, tests/nexus/test_srp_many_services_mtu_check.cpp,
verifies that the SRP client correctly handles and splits SRP Update
messages when registering a large number of services that exceed
the IPv6 MTU size (1280 bytes).
Changes:
- Added tests/nexus/test_srp_many_services_mtu_check.cpp.
- Updated tests/nexus/CMakeLists.txt to include the new test.
- Removed tests/scripts/thread-cert/test_srp_many_services_mtu_check.py.
This commit stabilizes the Nexus reed_address_solicit_rejected test by
increasing the wait time for network data synchronization from 5 seconds
to 15 seconds.
The test was occasionally failing because the 5-second wait was
sometimes insufficient for the REED's service registration to reach the
leader and for the updated network data to be broadcast back to the
REED. Increasing the delay to 15 seconds provides more robust buffer for
these network events.
Verified by running the test 50 times in a loop without failures.
This commit migrates the `test_mle_msg_key_seq_jump.py` cert test to the
Nexus simulation framework.
The new Nexus test `test_mle_msg_key_seq_jump.cpp` verifies that nodes
can correctly handle jumps in the MLE key sequence and stay attached to
the network. It covers scenarios like child triggering key sequence
updates via Child Update Request and routers propagating key sequence
updates.
The original Python test script is removed as its functionality is now
fully covered by the new Nexus test.
This commit migrates the 'test_srp_client_change_lease.py' cert test
to the Nexus simulation framework.
The new Nexus test ('test_srp_client_change_lease.cpp') verifies:
- SRP registration with default lease and TTL.
- Updating the lease interval and ensuring it is reflected in SRP
Update messages.
- Updating the TTL and ensuring it is reflected in SRP Update
messages.
- Setting the TTL to 0 and ensuring the lease interval is used as
the TTL in SRP Update messages.
The original Python test script is removed as its functionality is
now fully covered by the new Nexus test.
This commit stabilizes the Nexus SRP auto-start test by increasing
the synchronization wait time from 20 seconds to 30 seconds.
The test was occasionally failing in the Nexus environment because
the 20-second wait was sometimes insufficient for the SRP server
registration to fully propagate through the network data and for
the SRP client to process the update and complete its server
selection. Increasing the wait time to 30 seconds provides a more
robust buffer for these network synchronization events.
Verified by running the test 100 times in a loop without failures.
This commit migrates the `test_ipv6_fragmentation.py` cert test to the
Nexus simulation framework.
To support this migration, the Nexus core configuration was updated to
enable IPv6 fragmentation (`OPENTHREAD_CONFIG_IP6_FRAGMENTATION_ENABLE`).
The new Nexus test `test_ipv6_fragmentation.cpp` covers the validation
of IPv6 fragmentation and reassembly. It sends large ICMPv6 Echo
Requests exceeding the 1280-byte MTU between a Leader and a Router:
- 1952 bytes payload from Leader to Router
- 1831 bytes payload from Router to Leader
The original Python test script is removed as its functionality is now
fully covered by the new Nexus test.
This commit updates the `RouterIdSet` class, renaming it to
`RouterIdMask` and expanding it to encapsulate both the router ID
sequence number and the bitmask. This allows simplifying the
definition of `ThreadRouterMaskTlv` and `RouteTlv`.
This commit simplifies the `TimeParameterTlv` implementation by
defining a `TimeParameterTlvValue` and using the `SimpleTlvInfo`
template to define `TimeParameterTlv`.
This commit migrates the SRP auto-start test from the Python-based
thread-cert test suite to the Nexus C++ test framework.
The new Nexus test replicates the logic of the original Python test:
- Forms a network with four router nodes.
- Verifies SRP client auto-start upon server discovery in netdata.
- Tests selection priority between multiple unicast and anycast
SRP servers.
- Verifies selection based on anycast sequence numbers.
- Tests selection of specific unicast addresses published in
Service Data.
- Confirms automatic failover and client stop/restart.
The original Python test file is removed as it is now covered by
the Nexus test suite.
This commit migrates the functionality of
tests/scripts/thread-cert/test_netdata_publisher.py to a new Nexus
test tests/nexus/test_netdata_publisher.cpp.
The new Nexus test covers:
- DNS/SRP Anycast entries (equal and different version numbers).
- DNS/SRP Unicast entries (service data and server data).
- Displacement of server data unicast by anycast entries.
- Publisher preference logic for DNS/SRP services.
- On-mesh prefix publisher preference and replacement.
- External route publisher preference and replacement.
Other changes:
- Add netdata_publisher to tests/nexus/CMakeLists.txt.
- Add netdata_publisher to default tests in tests/nexus/run_nexus_tests.sh.
- Remove the old tests/scripts/thread-cert/test_netdata_publisher.py.
This commit migrates the cert test script to the Nexus simulation
framework.
The new Nexus test covers:
- Initial key sequence counter and default key switch guard time.
- Dynamic updates of the key rotation time via Operational Dataset
and verification of the 93% guard time calculation rule.
- Automatic key rotation after the rotation time interval expires.
- Verification that the key switch guard time correctly prevents
nodes from updating their key sequence counter prematurely when
receiving MLE messages with a higher sequence.
- Continued communication (ICMP Echo) between nodes even when key
sequences are temporarily mismatched due to the guard timer.
The original Python test script is removed as its functionality is
now fully covered by the new Nexus test.
This commit fixes an intermittent failure in the Nexus test
'dns_client_config_auto_start'. The test was occasionally failing
because the REED node was not upgrading to the Router role within
the previous 15-second stabilization period.
The Router role transition can take up to 120 seconds due to the
default 'ROUTER_SELECTION_JITTER' parameter. This commit increases
'kStabilizationTime' to 200 seconds to ensure the node has ample
time to become a router before the test proceeds to verify its
DNS configuration.
Make `otPlatLogOutput()` `OT_TOOL_WEAK` in `cli_logging.cpp` so that
applications can provide their own strong definition to customize
instance-aware log output behaviour.
This commit migrates the 'test_mac_scan.py' cert test to the Nexus
simulation framework.
The new Nexus test 'test_mac_scan.cpp' verifies the IEEE 802.15.4
Active Scan (MAC scan) functionality. It forms a simple network
consisting of a Leader and a Router and performs an active scan
from the Leader to ensure it correctly discovers the Router's
beacon.
The original Python test script is removed as its functionality is
now fully covered by the new Nexus test.
This commit migrates the dns_client_config_auto_start test from the
thread-cert Python-based test framework to the Nexus C++ simulation
framework.
The new Nexus test (test_dns_client_config_auto_start.cpp) verifies:
- DNS client uses the SRP server address automatically when no
explicit config is set.
- Explicitly set DNS config takes precedence over auto-discovered
SRP server address.
- Clearing an explicit DNS config allows the client to fall back to
the auto-discovered SRP server address.
- DNS client updates its default config when the SRP server changes.
Changes:
- Added tests/nexus/test_dns_client_config_auto_start.cpp
- Updated tests/nexus/CMakeLists.txt to build the new test
- Updated tests/nexus/run_nexus_tests.sh to include it in default
- Removed tests/scripts/thread-cert/test_dns_client_config_auto_start.py
This commit migrates the functional test for child supervision from
the thread-cert Python-based framework to the Nexus framework.
The original test in 'tests/scripts/thread-cert/test_child_supervision.py'
has been removed and replaced with a C++ implementation in
'tests/nexus/test_child_supervision.cpp'.
The new Nexus test covers:
- Verification of initial child supervision interval on parent and child.
- Dynamically updating the supervision interval and check timeout.
- Behavior when supervision messages are blocked (child detaching).
- Verification of connectivity when child supervision is disabled.
- Handling of zero supervision interval.
'tests/nexus/CMakeLists.txt' is updated to include the new test.
This commit migrates the 'test_reed_address_solicit_rejected.py' test
from the thread-cert suite to the Nexus test framework.
The new Nexus test 'test_reed_address_solicit_rejected.cpp' covers:
- Verification that a REED node can successfully register a service and
receive the corresponding Service ALOC (0xfc10).
- Verification that when a REED node's attempt to upgrade to a router
is rejected by the Leader, it correctly remains a child while
maintaining its Service ALOC.
The original Python script is removed as its functionality is now
fully covered by the Nexus implementation.
This commit migrates the functionality of the Python-based certification
test 'test_br_upgrade_router_role.py' to a new Nexus-based C++ test
'test_br_upgrade_router_role.cpp'.
The test verifies that Border Routers (BRs) providing IP connectivity
are eligible to request a router role upgrade even when the active
router count already meets the 'router_upgrade_threshold'.
Key test steps:
- Set router upgrade threshold to 2.
- Ensure three BRs remain in child role when 2 routers already exist.
- Verify BRs upgrade to router role when they provide external routes
or prefixes, up to the limit of 2 BR routers.
- Verify that a third BR providing external routes remains a child.
- Verify that removing a route from one BR router triggers the child BR
to upgrade to a router.
The Python test is removed as it is now covered by the Nexus test.
Set the RSSI field in simulated MAC ACK frames in nexus_core.cpp.
Previously, the simulator did not populate the mRssi field in the
mInfo.mRxInfo structure of simulated ACK frames passed to
otPlatRadioTxDone. This caused OpenThread to ignore the RSSI of ACKs,
preventing the parentRss average from updating on successful data polls
from Sleepy End Devices (SEDs).
Now, the RSSI from the parent to the child is calculated using the radio
model and clamped to int8_t before being assigned to the ACK frame.
This commit migrates the test for zero-length external routes from a
Python script to the Nexus test framework. The original test was
test_zero_len_external_route.py in tests/scripts/thread-cert.
The new Nexus test test_zero_len_external_route.cpp replicates the
original test scenario:
- Forms a network with a Leader and two Routers.
- Verifies that adding a zero-length external route "::/0" on a Router
allows routing to a manually added IPv6 address on that Router.
- Verifies that explicit external routes are preferred over on-mesh
prefixes that have the default route flag set.
- Verifies that removing the external route causes traffic to be
re-routed (and in this case, fail as intended when the destination
is moved).
- Verifies that moving the address to another Router with a default
route flag allows successful routing.
This commit also fixes a bug in Core::SendAndVerifyEchoRequest in
nexus_core.cpp where the ICMP handler was not always unregistered,
especially when failures occurred. This fix ensures that subsequent
handler registrations in the same process do not fail with
kErrorAlready.
Migrating to Nexus provides faster execution and better integration with
the core OpenThread codebase.
This commit migrates the `test_ipv6_source_selection.py` cert test to
the Nexus simulation framework.
To support this migration, the Nexus framework was extended to allow
verifying the local (source) address on which an ICMP Echo Reply is
received. This is achieved by adding an overload to
`SendAndVerifyEchoRequest` that accepts an expected source address.
The new Nexus test `test_ipv6_source_selection.cpp` covers the
following scenarios:
- RLOC source for RLOC destination
- ML-EID source for ALOC destination
- ML-EID source for ML-EID destination
- Link-local source for Link-local destination
- ML-EID source for Realm-local multicast destination (ff03::1)
- GUA source for GUA destination
- GUA source for external address (via default route)
The original Python test script is removed as its functionality is now
fully covered by the new Nexus test.
Refine the event suppression logic in nexus_core.cpp when handling
NeighborTable::kChildRemoved events.
Previously, any valid neighbor found would suppress the event. Now, it
only suppresses the event if the node is found in the Router table.
This ensures that removal events for Sleepy End Devices (SEDs) are not
suppressed, allowing the link to disappear in the visualizer as
expected.
This commit fixes a compiler warning in nexus_radio.cpp where the
aFrame parameter in otPlatRadioTransmit was considered unused in
non-debug builds. The variable is only used within an OT_ASSERT.
Using OT_UNUSED_VARIABLE is the standard OpenThread pattern to
address unused parameters and ensure clean builds across different
compilers and build configurations.
This commit migrates the certification test for router downgrade on
security policy change from a Python script to the Nexus test framework.
The original test was test_router_downgrade_on_sec_policy_change.py in
tests/scripts/thread-cert.
The new Nexus test test_router_downgrade_on_sec_policy_change.cpp
replicates the original test scenario:
- Forms a network with a Leader and a Router.
- Verifies that both nodes are in the expected router/leader roles.
- Changes the security policy to disable 'R' bit (routers) and sets the
version threshold to 7.
- Verifies that the Leader and Router do not immediately downgrade,
respecting the mandatory 10-second delay.
- Verifies that restoring the original security policy before the
timeout cancels the pending downgrade.
- Verifies that re-applying the security policy change leads to both
nodes eventually downgrading to the detached state once the version
threshold and router disable flags are propagated and the timer
expires.
Migrating to Nexus provides faster execution using virtual time and a
more integrated environment for debugging core Thread logic.
This commit addresses intermittent failures in Nexus tests 1_4_DNS_TC_1,
1_4_DNS_TC_5, 1_4_PIC_TC_1, 1_4_PIC_TC_3, and 1_4_PIC_TC_4.
The issue was caused by the 'ed1' node occasionally upgrading its role
from an End Device to a Router. When 'ed1' became a router, it would
sometimes use its Routing Locator (RLOC) as the source address for DNS
queries, whereas the verification scripts expected its Mesh Local
Endpoint Identifier (MLEID), leading to packet verification failures.
To resolve this, 'ed1' is now explicitly joined as a Full End Device
(FED) using 'Node::kAsFed' instead of the default Full Thread Device
(FTD) mode. This prevents 'ed1' from becoming a router and ensures it
maintains its End Device role throughout the test, providing stable
addressing for verification.
This commit migrates the dataset_updater functional test from the
Python-based thread-cert framework to the Nexus simulation framework.
Nexus provides faster and more scalable network simulations within a
single process using virtual time.
The new test_dataset_updater.cpp covers:
- Network formation and child joining (MED and SED).
- Channel updates initiated by Leader and Router using DatasetUpdater.
- Dataset update overrides between nodes.
The legacy tests/scripts/thread-cert/test_dataset_updater.py is removed
as it is now redundant.
This commit adds a new Nexus test to verify that a Sleepy End Device
(SED) correctly informs its previous parent after reattaching to a new
parent. This replicates the functionality of the now-deleted
test_inform_previous_parent_on_reattach.py script.
The test scenario involves:
- Forming a network with a Leader and a Router.
- Attaching a SED to the Leader.
- Simulating a link failure between the SED and Leader while allowing
communication between the SED and Router.
- Verifying that the SED reattaches to the Router.
- Confirming that the SED sends an empty IPv6 message (Next Header 59)
to the Leader's RLOC to inform it of the change.
- Ensuring the SED is successfully removed from the Leader's child
table.
Migrating this test to Nexus allows for faster execution using virtual
time and single-process simulation.
The following SRP test scripts in tests/scripts/thread-cert are
redundant as their functionality is now covered by the Nexus test
framework certification suite (test_1_3_SRP_TC_*):
- test_srp_register_single_service.py: Covered by Nexus
test_1_3_SRP_TC_1.
- test_srp_lease.py: Covered by Nexus test_1_3_SRP_TC_3 (service
lease) and test_1_3_SRP_TC_4 (key lease).
- test_srp_name_conflicts.py: Covered by Nexus test_1_3_SRP_TC_2.
- test_srp_auto_host_address.py: Covered by Nexus test_1_3_SRP_TC_13.
- test_srp_sub_type.py: Covered by Nexus test_1_3_SRP_TC_15.
Nexus tests are preferred as they run in a single process using
virtual time, making them faster and more reliable than the
multi-process simulation scripts.
This commit adds support for building the Nexus simulator for
WebAssembly (WASM) using the Emscripten toolchain. This enables the
simulator to run in a web browser environment with a JavaScript-based
control interface and visualization.
Key implementation details:
- Introduced `nexus_wasm.cpp` which defines Emscripten bindings (using
Embind) for core simulation controls, including stepping time,
node creation, topology orchestration, and state manipulation.
- Implemented a `WasmObserver` and a global event queue to capture
simulation events (node state changes, link updates, packet events)
and expose them to JavaScript via a polling mechanism (`pollEvent`).
- Updated the CMake build system to support the `EMSCRIPTEN` platform,
configuring specific linker options for ES6 module export,
modularization, and memory growth.
- Enhanced `build.sh` to allow targeting WASM via `emcmake`.
- Guarded file-system-dependent operations in `nexus_pcap.cpp` and
adjusted `nexus_core.cpp` to handle WASM-specific constraints where
standard I/O or multiple observers might not be applicable.
- Added `test_wasm_bindings.mjs`, a Node.js-based smoke test that
verifies the integrity of the WASM bindings and event pipeline.
- Integrated `nexus-wasm-tests` into the GitHub Actions workflow to
ensure continuous verification of the WASM build and functionality.
This commit introduces a mechanism to temporarily override the log
level. The `Instance` class now provides `OverrideLogLevel()` and
`RestoreLogLevel()` methods. When an override is active, the
effective log level is the maximum of the original user-set level and
the override level. If `SetLogLevel()` is called while an override is
active, it updates the original level and the effective level is
recomputed.
This ensures that log messages are generated only when needed,
without permanently losing the user's original log level
configuration.
The feature is controlled by the new configuration macro
`OPENTHREAD_CONFIG_LOG_LEVEL_OVERRIDE_ENABLE`.
A new Nexus unit test `test_log_override.cpp` is added to validate
the behavior of these new feature.
The following test scripts in tests/scripts/thread-cert are now
redundant as their functionality is sufficiently covered by the Nexus
test framework:
- test_detach.py: Covered by Nexus MLE synchronization and parent
selection tests.
- test_router_upgrade.py: Covered by 5.1.x Nexus router attachment
tests.
Nexus tests are preferred for these scenarios as they execute in a
single process using virtual time, providing faster and more reliable
verification than the traditional multi-process simulation scripts.
Added `Core::AllowLinkBetween()` and `Core::UnallowLinkBetween()`
helper methods to the Nexus test platform. These methods simplify
establishing bidirectional links between nodes in simulation tests by
handling the reciprocal `AllowList()` calls in a single step.
Updated various Nexus test cases to utilize these new helpers,
replacing manual bidirectional `AllowList()` calls. This change
reduces verbosity and ensures consistency in how links are established
in the test topology.
This commit introduces `AnswerBuilder` class to track and manage
Network Diagnostic answer messages. This class is used when the
response to a query requires multiple CoAP answer messages. It
automatically manages the inclusion of the Query ID and the Answer
TLVs(providing message indexing and "more-to-follow" flags) in each
allocated answer message, while maintaining all answer messages in a
queue. The `NetworkDiagnostic::Server` is updated to use the
`AnswerBuilder`, simplifying the logic for preparing and sending
answers.
The `AnswerBuilder` class is added in a new header file
`network_diagnostic_types.hpp` to allow for its reuse by other
modules in the future.
This commit introduces gRPC support to the Nexus simulator, enabling
remote control and monitoring of simulations. This infrastructure allows
external tools and visualizers to interact with the simulated network
in real-time.
Key changes:
- Defined `simulation.proto` providing the `NexusService` definition for
simulation control and event streaming.
- Implemented `GrpcServer` in `nexus_grpc.cpp` which functions as a
Nexus simulation observer, pushing events to connected clients.
- Added RPCs for dynamic node creation, position updates, node state
control, and network orchestration (forming and joining).
- Implemented a real-time event stream that includes node state changes,
link updates, and packet captures (with basic protocol decoding).
- Introduced `nexus_native.cpp` as an entry point for a persistent
simulation server that can be controlled via gRPC.
- Updated `Core` and `Observer` interfaces to support a list of
concurrent observers instead of a single instance.
- Enhanced the CMake build system to optionally find and link against
gRPC and Protobuf, including automatic source generation.
- Updated CI (GitHub Actions) to include build and test steps for the
new gRPC functionality.
- Added comprehensive unit tests in `test_grpc.cpp` to verify all
exposed gRPC service methods.
This commit updates `CslClockAccuracyTlv` to use the `SimpleTlvInfo`
and a separate `CslClockAccuracyTlvValue` class. This change
simplifies how the TLV is appended to and read from messages
by leveraging the `Tlv::Append<TlvType>` and `Tlv::Find<TlvType>`
helper methods (avoiding the use of `FindTlv()`).
This commit removes the redundant `multiple-instance` job from the
`simulation-1.1.yml` workflow. This job was used to run Thread 1.1
certification tests with `OT_MULTIPLE_INSTANCE=ON`.
The job is being removed to streamline the CI process and reduce
redundant test coverage, as multiple-instance configurations are
sufficiently covered in other workflow files. The dependency list
for the coverage collection job is also updated to reflect this
removal.
The previous logic for suppressing CHILD_REMOVED events was flawed. It
checked if the neighbor was not in the child table. However, since the
callback is triggered after the child is removed, it was always false,
leading to false suppression for all removed children.
This caused the parent node to never emit "link removed" events to the
UI when children detached, leading to inconsistent link states (dashed
lines) when only one direction was active.
This fix updates the logic to check if a neighbor entry exists in the
neighbor table with an established link (kStateValid). This ensures we
only suppress the event when the child has successfully transitioned to
a router role and established a valid link.
This commit updates `Mle::SendMulticastAdvertisement()` to verify
that the router role is allowed by calling `IsRouterRoleAllowed()`
before proceeding to send the multicast MLE advertisement.
This commit introduces the `SimulationObserver` interface and integrates
it into the Nexus core simulation logic. This allows external systems to
observe node state changes, link updates, and packet events in real-time.
Key changes:
- Defined `SimulationObserver` interface to handle node state changes,
link updates, packet events, and event clearing.
- Added `SetObserver` and `GetObserver` methods to the `Core` class.
- Implemented `Core::HandleNeighborTableChanged` to notify the observer
of neighbor additions and removals.
- Implemented `Core::HandleStateChanged` to track node role transitions
and parent changes, updating links accordingly.
- Integrated packet event notification in `Core::ProcessRadio`,
including basic destination node ID resolution for unicast frames.
- Added `Core::SetNodeEnabled` to allow enabling or disabling Thread and
MLE on specific nodes at runtime.
- Updated `Core::Reset` to clear events via the observer.
- Increased `OPENTHREAD_CONFIG_MAX_STATECHANGE_HANDLERS` to accommodate
the new nexus state change handler.
- Added `mLastParentId` to `Node` class to correctly manage link updates
during parent switches or detachment.
RFC 8200 states that the Hop-by-Hop Options header MUST be the first
extension header and can only occur once in a packet. This commit
updates HandleExtensionHeaders to enforce this rule.
This fix prevents a potential infinite loop or exponential growth of
messages when multiple Hop-by-Hop headers (each containing an MPL
option) are processed. Previously, each MPL option could trigger its
own retransmission, and if these options were evicted from the MPL
SeedSet, they would be re-processed as new messages upon loopback,
leading to exponential growth and eventually a timeout.
This commit adds a new RadioModel class to simulate wireless propagation
characteristics between Nexus nodes. It implements a simple path-loss
model based on node distance to calculate RSSI.
Key changes include:
- Added RadioModel with CalculateRssi and ShouldDropPacket methods.
- Integrated RSSI calculation into the Core radio processing logic.
- Implemented packet dropping for signals below -100 dBm sensitivity.
- Added nexus_radio_model.cpp to the build system.
This commit introduces a new member variable `mRouterRoleAllowed` in
the `Mle` class to cache the evaluation of whether the device is
currently permitted to operate as a router.
Previously, the `IsRouterEligible()` method evaluated several
conditions (e.g., `IsFullThreadDevice()`, `mRouterEligible` config,
and various fields in `SecurityPolicy`) every time it was called.
Since this method is invoked frequently across different `Mle`
operations, re-evaluating these conditions repeatedly was
inefficient.
The new `mRouterRoleAllowed` variable caches the final computed
result. It is updated via the `UpdateRouterRoleAllowed()` method
whenever any underlying input changes, such as:
- `Mle` starting.
- Configuration parameter updates (e.g., `SetRouterEligible()`).
- Security policy changes from the `KeyManager`.
This change centralizes the logic for handling role permission updates
into a single location (`UpdateRouterRoleAllowed()`). By
consolidating the actions taken when the allowed state changes, the
codebase is cleaner and easier to maintain and update.
It also provides a clearer conceptual distinction between the user's
router configuration (`mRouterEligible`) and the effective state
used by the device.
This commit moves the TREL configuration from the build script to the
nexus-config header file. This ensures that TREL is consistently enabled
for all nexus builds and simplifies the build script.
Specifically:
- Added OPENTHREAD_CONFIG_RADIO_LINK_TREL_ENABLE to
tests/nexus/openthread-core-nexus-config.h.
- Removed OT_TREL from tests/nexus/build.sh and simplified the build
options.
This commit moves the `OPENTHREAD_CONFIG_MULTIPLE_INSTANCE_ENABLE`
configuration from the build scripts to the nexus-specific core
configuration header file.
Specifically:
- Added `#define OPENTHREAD_CONFIG_MULTIPLE_INSTANCE_ENABLE 1` to
`tests/nexus/openthread-core-nexus-config.h`.
- Removed `-DOT_MULTIPLE_INSTANCE=ON` from `tests/nexus/build.sh`.
- Removed `-DOT_MULTIPLE_INSTANCE=ON` from `tests/fuzz/oss-fuzz-build`.
This change centralizes nexus-specific configurations in the header
file, making the build scripts cleaner and ensuring consistent
configuration across different build environments that use the
nexus core config."
Due to a state retention issue in the unit test platform, TCAT tests were passing in ways they should not.
Now with the new settings/flash clearing per #12875 applied, these tests were failing.
This fixes TCAT unit tests to pass again and better express the expected behavior also.
Issue: state was retained between OT instances in the unit test platform, across tests.
This commit adds settings and flash clearing as part of testInitInstance().
This commit simplifies the Simulation 1.4 workflow by removing the
compiler and architecture matrix. Run-time issues due to compiler
differences or architecture have not been an issue, so testing a single
configuration is sufficient to reduce CI resource usage.
The workflow now uses the default environment instead of explicitly
testing both gcc/clang and m32/m64 architectures.
This commit adds a compile-time check in `time_sync_service.hpp` to
ensure that `OPENTHREAD_CONFIG_RADIO_LINK_TREL_ENABLE` is not
enabled alongside `OPENTHREAD_CONFIG_TIME_SYNC_ENABLE`. The time
synchronization feature is experimental and currently only supports
IEEE 802.15.4 radio links. Attempting to use it over TREL is
unsupported and will now result in a build failure.
This commit introduces the `Context` and `ContextWith<kContextSize>`
helper classes in the `Crypto` namespace to wrap `otCryptoContext`
and manage its storage allocation. `ContextWith<kContextSize>`
handles the buffer allocation based on the configuration
`OPENTHREAD_CONFIG_CRYPTO_PLATFORM_ALLOCS_CONTEXT`, automatically
clearing and setting the buffer.
The `AesEcb`, `HkdfSha256`, `HmacSha256`, and `Sha256` classes are
updated to use the new `ContextWith` template for their `mContext`
members. This simplifies their initialization sequences and
constructors.
This commit introduces the ability to configure whether the CLI
interpreter outputs the prompt string (`> `) at runtime.
- Adds `mPromptEnabled` boolean flag (enabled by default) under the
`OPENTHREAD_CONFIG_CLI_PROMPT_ENABLE` configuration.
- Adds the `Interpreter::SetPromptConfig()` method to toggle this
behavior.
- Updates `Interpreter::OutputPrompt()` to check `mPromptEnabled`
before emitting the prompt string.
This commit removes the following legacy 1.2 certification test scripts:
- tests/scripts/thread-cert/v1_2_router_5_1_1.py
- tests/scripts/thread-cert/v1_2_test_parent_selection.py
It also removes the 'packet-verification-1-1-on-1-4' job from the
Simulation 1.4 workflow as it is no longer required.
Now signed by the correct 'Thread Certification DeviceCA'. A 'test'
target is added in the Makefile to test chaining. The Thread
certification CA certificate is also added in the 'CA' directory,
which was missing. Documentation is updated to clarify that the
'TcatCertCa' private key is not included in this repo; and other
clarifications.
This commit introduces `testResetInstance()` in the unit test platform
layer to finalize an existing `ot::Instance` and re-initialize it
using the same underlying memory buffer, simulating a device reset.
This commit also updates `test_routing_manager.cpp` to use this new
function to streamline the test implementation.
This commit introduces static helper methods `SteeringDataTlv::FindIn()`
and `SteeringDataTlv::AppendTo()` to simplify the handling of steering
data in `Message` objects.
`SteeringDataTlv::FindIn()` encapsulates the pattern of searching for a
`SteeringDataTlv` in a `Message` and reading its value into a
`SteeringData` object. `SteeringDataTlv::AppendTo()` provides a unified
way to append steering data to a `Message`, including a validity check.
These helpers are adopted across core modules (MeshCoP, MLE, Discovery)
and various Nexus tests, replacing manual TLV manipulation with a
cleaner and safer helper methods.
This commit fixes the CLI implementation of `sntp` and `diagnostic`
commands by ensuring they use the public `otMessageInfo` type instead
of the internal `ot::Ip6::MessageInfo` class.
This commit implements the Nexus test specification 1_4_PIC_TC_4
to verify the Border Router (BR) built-in NAT64 translator.
The test verifies that the BR DUT:
- Automatically configures an IPv4 address and NAT64 prefix.
- Offers IPv4 internet connectivity to Thread devices using NAT64.
- Offers IPv4 local network connectivity to Thread devices.
- Operates a DNS recursive resolver to look up IPv4 server addresses.
New files added:
- tests/nexus/test_1_4_PIC_TC_4.cpp: C++ test execution script
- tests/nexus/verify_1_4_PIC_TC_4.py: Python pcap verification script
Integration:
- Updated tests/nexus/CMakeLists.txt to compile the test.
- Added test to default array in tests/nexus/run_nexus_tests.sh.
This commit updates the default value of the
`OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE` configuration
to be enabled automatically when `OPENTHREAD_CONFIG_CRYPTO_LIB` is
set to `OPENTHREAD_CONFIG_CRYPTO_LIB_PSA`. Additionally, it adds a
compile-time check in `crypto_platform_psa.cpp` to enforce this
requirement. This ensures that the platform key references support is
always enabled when the PSA crypto library is selected.
This commit introduces `ActiveInstanceTracker` as the first member
variable of the `Instance` class to manage the global `gActiveInstance`
pointer (when `OPENTHREAD_CONFIG_LOG_INSTANCE_AWARE_API_ENABLE` is
enabled).
By placing it as the very first member, we ensure its constructor
is called before any other member and its destructor is called after
all others. The `Instance` destructor body also explicitly sets
`gActiveInstance = this` at its start to "claim" the context during its
own destruction. This guarantees that logs emitted during both the
initialization and destruction of an `Instance` are always correctly
associated with that instance. Finally, the `ActiveInstanceTracker`
destructor sets `gActiveInstance` to `nullptr` at the very end to
prevent any potential use of a dangling pointer.
This commit introduces an overloaded version of `AppendModeTlv()`
that automatically uses the device's own `GetDeviceMode()`.
The new parameter-less version simplifies the common case where a
node reports its own mode. The parameterized version is
preserved for cases where a specific mode must be provided (e.g.,
parent reporting one of its children's mode).
This commit introduces `TxMessage::AppendSourceAddressAndLeaderDataTlvs()`
to consolidate the appending of `Source Address` and `Leader Data` TLVs.
This combination is frequently used together across various MLE messages
to provide the sender's identity and leader data. Centralizing this
into a single helper method improves code consistency.
Additionally, the `TxMessage` methods in `mle.hpp` and `mle.cpp` are
organized into "Appending single TLV" and "Appending multiple TLVs"
sections for better clarity and maintainability. Existing multi-TLV
methods like `AppendLinkAndMleFrameCounterTlvs()` and
`AppendActiveAndPendingTimestampTlvs()` are moved to the new section.
This commit updates the Nexus platform to use the internal core C++
API `Ip6::SetReceiveCallback()` instead of the public C API
`otIp6SetReceiveCallback()`.
This commit introduces `Mle::ShouldRegisterUnicastAddrWithParent()` to
centralize the logic for determining which unicast addresses should be
registered with the parent.
Previously, the filtering logic for unicast addresses was duplicated
in `HasUnregisteredAddress()` and `AppendAddressRegistrationTlv()`. By
unifying this in a single helper method, the code ensures consistent
behavior between checking for unregistered addresses and actually
appending them to the MLE messages.
Additionally, this change:
- Marks `Mle::HasUnregisteredAddress()` as `const`.
- Updates `Mle::ShouldRegisterMulticastAddrsWithParent()` to improve
readability and follow common coding patterns in the codebase.
This commit improves the address registration behavior in
`Mle::SendChildUpdateResponse()` for non-FTD devices.
Previously, the device would always append only the mesh-local address
and then unconditionally attempt to send a follow-up Child Update
Request. The updated logic now checks if the parent's request
included a Challenge TLV. If not, all addresses are appended directly
to the response, eliminating the extra message exchange. If a
Challenge is present (indicating the parent is restoring its link),
only the mesh-local address is included to prevent message
fragmentation. In this case, if the device is attached and has
unregistered addresses, a follow-up Child Update Request is scheduled
via `mDelayedSender`.
The previous implementation indirectly assumed the parent would only
request the `Address Registration` TLV when restoring its link (the
current behavior of OpenThread parents). However, such behavior on the
parent is not strictly required and could change. This update on the
child side ensures robust address registration regardless of the
parent's specific behavior.
When the Nexus test finishes, it automatically destructs all its allocated
Nodes sequentially. During this destruction phase, the OpenThread instance
attempts to destruct objects like `Nat64::Translator`, which might in turn
call logging mechanisms like `Mapping::Free()` that rely on the static
`Instance::GetActiveInstance()` pointer.
Because `Core::~Core()` did not maintain or update `gActiveInstance` while
iterating through node destructors, this pointer was left dangling, causing
segmentation faults when dereferenced by `ot::Instance::GetLogLevel()`.
This commit fixes `Core::~Core()` to manually loop through and destruct the
`mNodes` list, calling `UpdateActiveInstance(&node->GetInstance())` right
before destroying each node. This ensures that `gActiveInstance` points to
the correct context while node destruction logic runs.
This commit adds a Nexus test case 1_4_PIC_TC_3 to verify the IPv6
default route advertisement behavior of a Border Router (BR) in a
Thread 1.4 network.
The test verifies that:
- The BR correctly advertises a default route (::/0) in Thread Network
Data when it discovers a default route on the infrastructure link.
- The BR maintains the default route advertisement even if the
infrastructure default route is withdrawn, provided a non-ULA prefix
remains active on the infrastructure link.
- The default route advertisement is correctly restored or updated when
the infrastructure default route is re-enabled.
The test implementation includes:
- test_1_4_PIC_TC_3.cpp: C++ test logic using the Nexus simulation
framework, simulating BR, Router, End Device, and Infrastructure
nodes (Eth_1, Eth_2). It uses a custom ICMPv6 receive callback to
simulate "no route to host" conditions.
- verify_1_4_PIC_TC_3.py: Python verification script that analyzes
the captured packets to ensure MLE Data Responses and ICMPv6 traffic
match the expected behavior for each test step.
Integration:
- Updated tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to include the new test in the automated test suite.
This commit adds a new Nexus test that implements the test
specification in test-1-4-PIC-TC-1.md. The test verifies Border
Router functionality including:
- DHCPv6-PD client to obtain OMR prefix
- Advertising route to OMR prefix on AIL (Stub Router)
- DNS recursive resolver for public internet addresses
- Connectivity (ICMPv6, UDP, TCP/HTTP) to internet and local servers
New files:
- tests/nexus/test_1_4_PIC_TC_1.cpp: C++ test execution
- tests/nexus/verify_1_4_PIC_TC_1.py: Python pcap verification
Nexus platform enhancements:
- Enabled DHCPv6-PD client in openthread-core-nexus-config.h
- Implemented DHCPv6-PD platform APIs in nexus_infra_if.cpp
- Added RDNSS option to RA in nexus_infra_if.cpp
- Improved packet delivery on infrastructure interface in nexus_core.cpp
- Fixed upstream DNS query matching in nexus_dns.cpp
Previously, version checks used `<= 0x03060500` to guard mbedtls v3.x
APIs, incorrectly treating any version above 3.6.5 (e.g. 3.6.6+) as
v4.0. Replace these checks with `< 0x04000000` to properly cover all
v3.x releases.
This commit adds support for the Vendor OUI (`vo`) key in the Border
Agent MeshCoP service TXT data parser.
The `otBorderAgentTxtDataInfo` structure and its internal counterpart
`TxtData::Info` are updated to include a boolean flag `mHasVendorOui`
and a 3-byte array `mVendorOui` to store the 24-bit vendor OUI.
The parsing logic in `TxtData::Info::ProcessTxtEntry()` is updated to
recognize the `vo` key and extract its value. Additionally, the CLI
`Interpreter` is updated to output the vendor OUI in hexadecimal
format when it is present in the parsed information.
This commit updates the Nexus platform `InfraIf` class to inherit from
`InstanceLocator`, aligning it with the standard OpenThread architectural
patterns.
The `mNode` and `mNodeId` member variables are removed as they are now
redundant. Access to the associated `Instance` and other platform-level
components is now managed through `GetInstance()` and the newly added
`Instance::Get<T>` template specializations for `Node`, `InfraIf`,
`Udp`, `Trel`, and `Mdns`.
The `InfraIf::Init()` method is renamed to `AfterInit()` to better
reflect its role in the node initialization lifecycle. All call sites in
`nexus_infra_if.cpp` are updated to use the locator-based accessors.
This commit implements the Nexus test specification 1_4_DNS_TC_5 for
DNS record types and special cases in OpenThread 1.4.
The test verifies that the Border Router:
- Can resolve A and AAAA records from upstream DNS servers.
- Does not perform IPv6 AAAA synthesis from A records when not
specifically requested or configured.
- Can resolve mDNS records on the Adjacent Infrastructure Link (AIL).
- Supports non-typical record types (RRTypes) and "Private Use"
ranges (0xFF00-0xFFFE).
- Correctly blocks and responds with NXDomain for "ipv4only.arpa"
queries, ensuring they are not forwarded upstream.
Test Implementation:
- Created test_1_4_DNS_TC_5.cpp to simulate the network topology and
DNS query/response sequences.
- Created verify_1_4_DNS_TC_5.py to perform packet-level verification
of the DNS interactions and BR behavior.
- Integrated the new test into the Nexus build and test execution
scripts.
This commit implements the Nexus test specification 1_4_DNS_TC_3 for
upstream DNS resolver selection in OpenThread.
Nexus Platform Enhancements:
- Added OPENTHREAD_CONFIG_DNS_UPSTREAM_QUERY_ENABLE and
OPENTHREAD_CONFIG_PLATFORM_DNS_ENABLE to nexus config.
- Implemented platform DNS APIs in nexus_dns.cpp, supporting
upstream server selection based on prefix lifetimes and reachability.
- Added UdpHook to Core to allow tests to intercept and simulate
responses for backbone UDP traffic on port 53.
- Updated InfraIf::Receive to call Core::HandleUdp for generic UDP
interception.
- Added raw buffer delivery overloads for InfraIf::SendUdp.
Test Implementation:
- Created test_1_4_DNS_TC_3.cpp which performs network formation,
RA signaling (PIO/RIO/RDNSS), and DNS resolution triggers.
- Created verify_1_4_DNS_TC_3.py to validate network behavior,
RA contents, and correct upstream query routing using pktverify.
- Integrated the new test into CMakeLists.txt and the default
run_nexus_tests.sh suite.
This commit updates `Mle::HandleTimeTick()` to separate the processing
of role transitions and the checking of the leader's age into two
distinct `switch` statements.
Previously, these two checks were combined in a single `switch`
statement with complex fall-through logic. This structure contained
two issues:
1. For a device in the `kRoleChild` state, if the role transition
timeout expired, the code would execute `ExitNow()`. This
unintentionally skipped the leader age check and the rest of the
operations in `Mle::HandleTimeTick()`, such as updating the
`ChildTable` and `RouterTable`.
2. A non-router-eligible child would incorrectly fall through and
perform the leader age check. The new logic adds an explicit check
using `IsRouterEligible()` to ensure only router-eligible children
monitor the leader's age.
By separating the logic into two blocks, the code is simplified and
we avoid the brittle fall-through behavior and ensure that all time
tick operations are consistently executed regardless of the device's
role or role transition state.
This commit removes redundant calls to `mInfraIf.Init()` and
`mInfraIf.AddAddress()` from various Nexus test cases.
The infrastructure interface (`mInfraIf`) is automatically initialized
and assigned a link-local address by the core framework when a new
`Node` is added. The `InfraIf::Init()` method derives the link-local
address from the MAC address and adds it to the interface. Therefore,
these explicit manual calls in individual test scripts are unnecessary
and can be removed to simplify the test setup.
Removed redundant channel, panid, and extpanid commands. Their
information is now more comprehensively provided by the dataset active
-ns output.
Removed partitionid from the debug command list as it was redundant
with leaderdata.
Nexus test 1_4_TREL_TC_4 occasionally fails during topology formation
because the router promotion timeout (kAttachToRouterTime) was set to
120 seconds.
The MLE router selection jitter (OPENTHREAD_CONFIG_MLE_ROUTER_SELECTION
_JITTER) defaults to 120 seconds. Since the jitter timer starts after
successful attachment as a child, 120 seconds is insufficient when the
maximum jitter is selected, leading to a race condition.
This commit increases kAttachToRouterTime to 200 seconds, matching the
value used in most other Nexus tests and providing sufficient time for
router promotion to complete reliably.
This commit removes the `mSrpHostAddresses` array from the `Node`
class in the Nexus platform. The array was specific to SRP client
testing and was occupying unnecessary memory for every simulated
node instance.
Instead of keeping this state inside the `Node` abstraction, a local
`hostAddrs` array is now declared within the `Test_1_3_SRP_TC_1()` test
function. This local array safely persists for the duration of the
test, allowing `Srp::Client::SetHostAddresses()` to use the
provided pointer without relying on a global or node-level member.
This commit improves robustness and forward compatibility of Secure
Transport with newer MbedTLS/PSA configurations. There are places
where mbedtls structures are accessed directly , which can be fragile
when internal struct layouts change across Mbed TLS configurations or
versions.
To address this, this commit makes the following changes:
1. Replace direct TLS struct member access in secure transport with
mbedtls_ssl_get_peer_cert(), and tighten state/null checks to improve
robustness and forward compatibility with newer MbedTLS/PSA
configurations.
This commit updates the address-based node lookup methods in `Core`
to use the `FindMatching()` and `ContainsMatching()` methods provided
by the `LinkedList` class. This replaces manual `for` loops with
cleaner, built-in list operations.
To facilitate this, a new `AddressNetif` enum and a `Matches()` method
are added to the `Node` class. The `Matches()` method accepts an
`Ip6::Address` and an `AddressNetif` indicator, allowing it to check
if the node has the specified address on its Thread interface, its
Infrastructure interface, or any.
Additionally, a `const` overload for the `Get()` template method is
added to the `Node` class to ensure proper const-correctness.
This commit updates the IPv6 receive path in the Nexus platform to
utilize `OwnedPtr<Message>` for message lifecycle management. It
also removes the need for a large local buffer and redundant
message allocations.
Previously, `Node::HandleReceive()` copied the entire `otMessage`
payload into a local array, and `InfraIf::SendIp6()` allocated a new
`Message` to enqueue for transmission.
With this change:
- `Node::HandleIp6Receive()` wraps the received `otMessage` in an
`OwnedPtr<Message>`, ensuring proper cleanup upon exit without
explicitly calling `otMessageFree()`.
- The `Ip6::Header::ParseFrom` is used which reads and validates
the IPv6 header and the message.
- The hop limit is updated in-place within the `Message` using
`Write()` to overwrite previous header.
- `InfraIf::SendIp6()` accepts the `OwnedPtr<Message>` directly,
taking ownership and enqueuing it without requiring reallocation
or memory copying.
- Condition checks in `Node::HandleIp6Receive()` are reordered
to match the comment.
This commit simplifies the `SecureTransport` API by consolidating the
previous `Open()` and `Bind()` methods into two specialized `Open()`
flavors.
The first flavor, `Open(uint16_t aPort, ...)`, creates and binds a UDP
socket to a specific port and network interface. If the port is zero,
an ephemeral port is automatically selected.
The second flavor, `Open(TransportCallback aCallback, ...)`, enables
callback-based transmission, where outgoing messages are sent via the
provided callback and received messages are passed in through
`HandleReceive()`.
This consolidation ensures that the transport is fully initialized and
ready for traffic in a single method call. It also prevents the
creation of unused UDP sockets when a `TransportCallback` is
employed, avoiding unnecessary overhead in the `Udp` class.
All core components (`BorderAgent`, `Commissioner`, `Joiner`, and
`BleSecure`) and related tests are updated to utilize the new
patterns.
This commit adds support for handling mDNS service name conflicts by
automatically renaming the service when a collision is detected during
registration.
The new naming scheme appends a suffix based on the last two bytes of
the device's Extended Address (e.g., " #AB1E"). If this name also
conflicts, an additional index is appended (e.g., " #AB1E (1)").
Changes:
- Added `mServiceRenameIndex` to `Manager` and `EphemeralKeyManager`
to track re-naming attempts.
- Updated `otBorderAgentSetMeshCoPServiceBaseName()` and CLI documentation
to reflect the new naming and conflict resolution logic.
- Updated `OT_BORDER_AGENT_MESHCOP_SERVICE_BASE_NAME_MAX_LENGTH` to
ensure the full name fits within the 63-character DNS label limit.
- Added Nexus tests to verify the renaming logic under conflict.
This commit updates the logging in `Mle::DelayedSender` to provide
clearer information about delayed message transmissions.
The `MessageAction` enum values `kMessageDelay` and
`kMessageRemoveDelayed` are renamed to `kMessageScheduleDelayedSend`
and `kMessageRemoveDelayedSend` to better reflect their purpose. The
corresponding string mappings are also updated to "Schedule tx of"
and "Remove scheduled tx of".
Additionally, a new log entry is added to `AddSchedule()` to explicitly
record the delay duration in milliseconds, making it easier to track
when the scheduled message is expected to be sent.
This commit updates `Node::Reset()` in the Nexus platform to correctly
set the IPv6 receive callback after the OpenThread `Instance` has been
re-initialized via placement `new`.
Previously, `otIp6SetReceiveCallback()` was called before the new
`Instance` was constructed, meaning the callback registration would
be lost when the instance memory was overwritten. Additionally, the
callback registration now passes the associated `Node` object as the
context.
This change updates `Ip6::Udp::GetUdpSockets()` to return a reference
to the `LinkedList<SocketHandle>` instead of a pointer to the head of
the list. This allows for cleaner iteration using range-based for
loops and provides a more idiomatic C++ interface.
Call sites are updated accordingly. Specifically, the Nexus UDP
platform code now uses a range-based for loop to iterate through the
sockets.
In nexus tests, DNS browser and resolver objects must be initialized
using ClearAllBytes before use to ensure predictable behavior.
This commit adds missing ClearAllBytes calls for:
- Dns::Multicast::Core::Browser
- Dns::Multicast::Core::TxtResolver
- Dns::Multicast::Core::SrvResolver
- Dns::Multicast::Core::AddressResolver
In test_1_3_SRP_TC_4.cpp, ClearAllBytes is now called before browser
reuse in Step 19.
Redundant includes of common/clearable.hpp were removed as it is
available transitively.
A blank line was added after Browser declarations for consistency.
This commit enhances the `UptimeToString()` function by introducing
`UptimeStringFlags` to allow customization of the output string.
Specifically, it adds the following flags:
- `kUptimeStringIncludeMsec`: Includes milliseconds in the string.
- `kUptimeStringSkipHoursIfZero`: Omits the `<hh>:` part when hours
and days are zero.
The commit also adds a new `UptimeToString()` overload that returns
an `UptimeString` (a `String` object), simplifying usage in logging
and other areas. All existing call sites are updated to use the new
flags and the new overload where appropriate.
This commit fixes a nullptr-with-nonzero-offset runtime error in
Mac::ProcessEnhAckProbing. The error occurred because pointer
arithmetic was performed on the enhAckProbingIe pointer before
verifying if it was null.
The fix moves the pointer calculation after the null check to
ensure that it is only performed when a valid IE is present.
This was discovered by ASAN/UBSAN when processing frames without
the Enhancement ACK Probing IE.
This commit implements the Thread 1.4 Credential Sharing (CS) TC-3
Nexus test, focusing on Thread Administration Sharing using ePSKc.
The test case covers mDNS discovery, ePSKc generation/validation,
and DTLS secure transport for TMF message exchange.
Detailed changes:
- Implement full 26-step Nexus test in tests/nexus/test_1_4_CS_TC_3.cpp
covering the following procedures:
- mDNS discovery of meshcop and meshcop-e service instances.
- Validation of State Bitmap (sb) and other TXT record fields.
- Generation and Verhoeff-based validation of One-Time Passcodes.
- DTLS handshakes using correct and incorrect ePSKc values.
- MGMT_ACTIVE_GET and MGMT_PENDING_GET request/response exchanges
over the secure DTLS session.
- Testing of ephemeral key expiration and max connection attempts.
- Add Python-based packet verification script in
tests/nexus/verify_1_4_CS_TC_3.py using pktverify to ensure
protocol compliance.
- Register the 1_4_CS_TC_3 test in tests/nexus/CMakeLists.txt.
- Add 1_4_CS_TC_3 to the default test list in run_nexus_tests.sh.
This commit implements the otPlatUdp API for the Nexus simulation
environment and updates core UDP logic to facilitate it.
Changes in src/core:
- Initialize mHandle in Udp::Open with the current Instance pointer
when Nexus platform UDP is enabled. This allows the platform UDP
implementation to retrieve the instance context directly from the
otUdpSocket handle.
Changes in Nexus platform:
- Implement otPlatUdp API in nexus_udp.cpp/hpp. The implementation
routes UDP traffic through the simulated infrastructure interface
(InfraIf).
- Integrate Udp class into Nexus::Node and Nexus::Platform.
- Update InfraIf::Receive to dispatch incoming UDP packets to the
new platform UDP implementation.
- Enable OPENTHREAD_CONFIG_PLATFORM_UDP_ENABLE and related configs
in Nexus.
Changes in Nexus tests:
- Update test_border_admitter, test_border_agent, test_dtls, and
test_1_4_DNS_TC_1 to align with the new platform UDP and address/
netif usage.
- Add nexus_udp.cpp to CMakeLists.txt.
This commit updates `Manager::CoapDtlsSession::SendEnrollerResponse()`
to always include the Admitter info TLVs in responses sent to
enrollers. Previously, these TLVs were only included in responses to
registration and keep-alive requests.
This change ensures that enrollers receive consistent state updates
from the `Admitter` during all interactions, such as joiner
acceptance or release.
The test case `TestBorderAdmitterJoinerEnrollerInteraction` is
updated to validate the new behavior.
This commit enhances the `Admitter` logic for forwarding `RelayRx`
messages to connected enrollers.
If an enroller has explicitly accepted a specific joiner IID, the
`Admitter` will now always forward that joiner's relay traffic to the
owning enroller, regardless of its current `kForwardJoinerRelayRx`
flag in its registered enroller mode. The flag now strictly controls
whether the enroller receives general "multicast" forwarding for
joiners that have not yet been accepted by any enroller.
This enhancement adds a new capability to the interactions between the
`Admitter` and enrollers. Previously, if an enroller accepted a joiner
but also cleared its `kForwardJoinerRelayRx` flag, it could be
considered a misbehavior by the enroller, as it would effectively
block that joiner's traffic from reaching any other enrollers without
receiving the traffic itself. This scenario is no longer possible, and
this configuration now supports a new behavior: allowing an enroller
to accept certain joiners and receive relay traffic only from those it
has explicitly accepted.
The `test_border_admitter` is updated to validate this behavior in
detail.
This commit updates `RouterNeighborTlv` to follow the `SimpleTlvInfo`
pattern, separating the TLV value structure from its type/length
header.
Specifically, it defines `RouterNeighborTlvValue` to hold the data
fields for a router neighbor's diagnostic information, while
`RouterNeighborTlv` is redefined as a `SimpleTlvInfo` using the value
structure and the `kRouterNeighbor` type.
This allows the use of generic `Tlv::Append<RouterNeighborTlv>()` and
`tlvInfo.Read<RouterNeighborTlv>()` methods, which are generally
safer and allow value type reuse.
The `NetworkDiagnostic` and `MeshDiag` module are updated to
utilize these new methods.
This commit introduces the `LinkLayerAddress` class as a nested type
within `InfraIf`. The new class inherits from the
`otPlatInfraIfLinkLayerAddress` and provides utility methods to
simplify address manipulation and logging.
Specifically, the following capabilities are added:
- `ConvertToIid()` converts the link-layer address into an IPv6
`InterfaceIdentifier`.
- `ToString()` formats the address into a human-readable string.
- Getters like `GetLength()` and `GetBytes()` for accessing the
underlying address data.
The `nexus` platform tests are updated to leverage the newly added
`LinkLayerAddress` methods, simplifying the handling of MAC addresses
and the derivation of IPv6 interface identifiers.
This commit moves the `@addtogroup plat-infra-if` Doxygen block to the
top of the `infra_if.h` header file. Previously, it was defined
after `otPlatInfraIfLinkLayerAddress`, causing that structure and
the `OT_PLAT_INFRA_IF_MAX_LINK_LAYER_ADDR_LENGTH` macro to be excluded
from the `plat-infra-if` module in the generated documentation.
This commit updates `ChildTlv` to follow the `SimpleTlvInfo` pattern,
separating the TLV value structure from its type/length header.
Specifically, it defines `ChildTlvValue` to hold the data fields for
a child's diagnostic information, while `ChildTlv` is redefined as
a `SimpleTlvInfo` using the value structure and the `kChild` type.
This allows the use of generic `Tlv::Append<ChildTlv>()` and
`tlvInfo.Read<ChildTlv>()` methods, which are generally safer and
allow value type reuse.
The `NetworkDiagnostics` and `MeshDiag` are updated to utilize
these new definitions.
Heap::Data::UpdateBuffer() freed the existing buffer before
attempting to allocate a new one. If the allocation failed,
mData retained a dangling pointer to the already-freed buffer.
A subsequent Free() call (from the destructor or an error path)
would then free the same pointer again, causing a double-free.
This changes UpdateBuffer() to use the allocate-first pattern
(consistent with Heap::String::Set): the new buffer is allocated
first, and the old buffer is freed only after a successful
allocation. On allocation failure, the old buffer is preserved
and no dangling pointer is created.
Signed-off-by: Oblivionsage <cookieandcream560@gmail.com>
This commit updates `test-008-multicast-traffic.py` to use a strict
equality check for the number of multicast `ping` responses when the
ping originates from an SED.
The test now also verifies the `RxSuccess` IP counter on the SED to
ensure it increases by exactly the number of expected replies. This
confirms that the parent correctly avoids forwarding the original
multicast echo request back to the originating SED, even if the SED
is subscribed to the multicast address. This validates the behavior
introduced in PR #12329.
This commit adds Nexus test case 1_3_GEN_TC_2, which verifies mDNS TXT
record regeneration across factory resets in the Nexus simulation
environment.
The test ensures that key fields such as 'id' (Border Agent ID) and
'omr' (OMR prefix) are correctly updated in mDNS advertisements after
a settings wipe and network reset.
Key features of this implementation include:
- tests/nexus/test_1_3_GEN_TC_2.cpp: Sets up a Border Router, forms a
network, and validates initial mDNS state. It then performs an
otPlatSettingsWipe followed by a reset to trigger new configuration.
- tests/nexus/verify_1_3_GEN_TC_2.py: Implements robust packet
verification using hex-based marker matching for OMR prefixes to
accurately identify iteration-specific TXT records despite any
interleaved or stale mDNS packets in the capture.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh for automated build and execution.
This test validates that the Thread stack correctly manages persistent
state and re-generates unique identifiers upon a factory reset.
OpenThread's NAT64 translator assumed a fixed IPv4 header length of 20
bytes, which caused incorrect parsing and translation of IPv4 packets
containing options (IHL > 5).
Specifically, if an IPv4 packet with options was received:
1. The transport header was read from a fixed 20-byte offset, leading
to corruption of transport layer fields (e.g., UDP ports).
2. Only 20 bytes were removed from the message, leaving the IPv4
options at the beginning of the translated IPv6 payload.
3. Mandatory security checks for source route options were bypassed.
This commit fixes these issues by:
- Updating Ip4::Header to validate IHL and provide the actual header
length.
- Using the actual header length for transport header parsing and
IPv4 header removal in the NAT64 translator.
- Implementing a check to discard packets with LSRR or SSRR options
as required by RFC 7915.
A new Nexus regression test is added to verify the fix.
This commit adds Nexus test case 1_4_DNS_TC_1, which verifies that the
Thread Border Router DUT can successfully handle DNS queries with
multiple questions (QDCOUNT > 1), per the Thread 1.4 specification.
The implementation includes:
- tests/nexus/test_1_4_dns_tc_1.cpp: C++ test logic that sets up a
topology with Eth_1, BR_1 (DUT), Router_1, and ED_1. It registers
services via mDNS on Eth_1 and SRP on Router_1, and then performs
various DNS queries from ED_1, including multi-question queries.
- tests/nexus/verify_1_4_dns_tc_1.py: Python script that verifies
the DNS packet exchange in the pcap, ensuring that multi-question
queries are correctly received by the DUT and that valid responses
are returned.
- Integration into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh for automated building and execution.
This commit adds Nexus test case 1_4_TREL_TC_6, which verifies mDNS
discovery of the TREL service on a Border Router (DUT), per the Thread
1.4 specification.
The implementation includes:
- tests/nexus/test_1_4_TREL_TC_6.cpp: C++ test logic that sets up a
Border Router and a reference Ethernet device. It performs mDNS
browsing to capture the TREL service instance name and then
resolves that service.
- tests/nexus/verify_1_4_TREL_TC_6.py: Python script that verifies
the mDNS packet exchange in the pcap, including PTR, SRV, TXT, and
AAAA records, ensuring all DNS-SD parameters and fields are
correctly advertised.
- Integration into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh for automated building and execution.
This commit adds Nexus test case 1_4_TREL_TC_5, which verifies
MLE discovery scan behavior when nodes support different radio
links, per the Thread 1.4 specification.
The implementation includes:
- tests/nexus/test_1_4_TREL_TC_5.cpp: Sets up a topology with
three nodes: Node_1 (DUT) and Node_2 support both 15.4 and
TREL, while Node_3 supports 15.4 only. Each node forms its
own network. The test performs Discovery Scans from Node_2
and Node_3 and verifies that all expected peers are seen.
- tests/nexus/verify_1_4_TREL_TC_5.py: Verifies the exchange
of MLE Discovery Request and Response packets in the pcap
output, ensuring that nodes with different radio capabilities
can discover each other correctly.
- Updated tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh to include the new test in the
build and default test list.
This commit simplifies node naming in various Nexus test cases by
using the indexed `SetName(prefix, index)` flavor.
This replaces manual string formatting using `snprintf` or
`ot::String` buffers with the built-in indexed naming support.
This commit adds a new `AddTestVar` overload that accepts a
`uint32_t` value, simplifying the addition of numeric test
variables in Nexus tests.
Previously, adding a numeric test variable required manual string
formatting using a local `String` object. The new flavor handles
the uint to string conversion internally.
The change also introduces a `NewTestVar` private helper method in
the `Core` class to consolidate the logic for creating and
initializing a new `TestVar` entry.
Various Nexus test cases are updated to use the new `AddTestVar`
flavor, removing redundant string formatting code.
This commit updates `test_1_2_BBR_TC_3.cpp` to use the `Get<>()` method
when accessing the network name and extended PAN ID from the
`MeshCoP::Dataset::Info` instance.
This commit implements Thread 1.4 Test Case 8.4 (TREL-8.4), "Radio Link
(Re)discovery through Receive", using the Nexus simulation framework.
The test validates the multi-radio behavior of a Border Router (DUT)
and a Router neighbor, specifically focusing on TREL link state
transitions and rediscovery mechanisms.
Key test scenarios include:
- Initial topology formation with a multi-radio BR (DUT), a multi-radio
Router, and a 15.4-only End Device (ED).
- Preference detection for TREL vs. 802.15.4 radio links.
- Detection of TREL link failure and fallback to 802.15.4.
- TREL radio link rediscovery triggered by receiving messages from a
neighbor over the TREL interface.
- Continued reachability via TREL when the 802.15.4 radio link is
explicitly disabled.
The implementation consists of:
- tests/nexus/test_1_4_TREL_TC_4.cpp: C++ test logic for node
configuration, state transitions, and message exchange.
- tests/nexus/verify_1_4_TREL_TC_4.py: Python script for automated
packet-level verification of radio link selection.
- Integration into the Nexus build system and test runner.
This commit adds Nexus test case 1_3_GEN_TC_1, which verifies that the
Thread Version TLV uses the value '4' or higher, as required by the
Thread 1.3.x and 1.4.x specifications.
The implementation includes:
- tests/nexus/test_1_3_GEN_TC_1.cpp: C++ test logic that sets up a
topology with a Border Router, a Router, and an End Device. It
triggers MLE attachment procedures and discovery scans to generate
MLE packets containing the Version TLV. For 1.4 devices, it also
sends TMF Get Diagnostic Requests to verify the Version TLV in
DIAG_GET.rsp.
- tests/nexus/verify_1_3_GEN_TC_1.py: Python script that verifies
the MLE Version TLV in Parent Request/Response, Child ID Request,
and Discovery Response packets. It also verifies the Version TLV
in Network Diagnostic responses for 1.4 devices.
- Integration into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh for automated building and execution.
This commit adds Nexus test case 1_4_TREL_TC_3, which verifies the
multi-radio probe mechanism and TREL radio link rediscovery after a
temporary disconnect, according to the Thread 1.4 specification.
The implementation includes:
- tests/nexus/test_1_4_TREL_TC_3.cpp: Sets up a topology with a
multi-radio Border Router (DUT), a multi-radio Router, and a
15.4-only End Device. It simulates a TREL disconnect by disabling
the TREL interface on the Router, verifies that the DUT falls back
to 15.4, and then re-enables TREL to trigger and verify the probe
mechanism for link rediscovery.
- tests/nexus/verify_1_4_TREL_TC_3.py: Verifies the packet flow from
the pcap output, ensuring that TREL is used when available, 15.4
is used during the TREL disconnect, and TREL usage resumes after
rediscovery.
- Updated tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to include the new test in the build and default test list.
The test ensures that the Thread stack correctly manages link
preferences and successfully rediscovers more efficient radio links
using the multi-radio probe mechanism.
This commit adds Nexus test case 1_4_TREL_TC_2, which verifies 6LoWPAN
mesh header forwarding and fragmentation over multi-hop paths involving
both 15.4 and TREL radio links, according to the Thread 1.4 spec.
The implementation includes:
- tests/nexus/test_1_4_TREL_TC_2.cpp: Sets up a complex topology with
a multi-radio Border Router (DUT), a multi-radio Leader, and several
Routers and End Devices with varying radio capabilities (15.4-only
or multi-radio). It triggers pings with large payloads (500B) to
verify fragmentation and multi-hop routing through the DUT.
- tests/nexus/verify_1_4_TREL_TC_2.py: Verifies that packets follow the
expected multi-hop path, checking that TREL is used for infrastructure
segments (UDP) and 15.4 is used for Thread-only segments. It also
ensures that 6LoWPAN fragmentation and mesh headers are correctly
handled by the DUT when forwarding between different radio types.
- Updated tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to include the new test.
This test ensures that the Thread stack correctly handles multi-hop
routing and MTU differences across heterogeneous radio links.
This commit adds the Nexus test case 1_4_TREL_TC_1 which verifies
connectivity between multi-radio (15.4 and TREL) and single-radio
(15.4 only) devices, as per the Thread 1.4 test specification.
The implementation includes:
- tests/nexus/test_1_4_TREL_TC_1.cpp: Implements the test sequence.
It sets up a topology with a Border Router (DUT) and two Routers.
BR and Router_1 support both 15.4 and TREL, while Router_2 supports
only 15.4. The test verifies that nodes can correctly detect
neighbor radio capabilities and establishes connectivity using
both radio types.
- tests/nexus/verify_1_4_TREL_TC_1.py: Performs automated packet
verification. It ensures that traffic between multi-radio nodes
preferentially uses TREL (simulated over the infrastructure link
via UDP), while traffic involving the single-radio node uses 15.4.
It also validates successful ping exchange across the mixed-radio
topology.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test validates that the Thread stack correctly manages multiple
radio links and ensures seamless connectivity across different
physical layers.
This commit enables TREL by default for all Nexus tests to avoid
requiring multiple builds.
Key changes:
- Modified tests/nexus/build.sh to enable TREL (OT_TREL=ON) by default.
- Updated tests/nexus/test_border_admitter.cpp and
tests/nexus/test_border_agent.cpp to handle multiple mDNS services
in the platform layer, as TREL adds its own mDNS service.
- Refined tests/nexus/verify_1_2_BBR_TC_3.py to specifically filter
for MeshCoP mDNS services and made OMR prefix verification more
lenient to handle transitions in multi-radio environments.
- Updated .github/workflows/nexus.yml to use the default build for all
Nexus jobs and merged TREL tests into the cert tests job.
All 133 cert tests, core tests, and TREL tests passed successfully with
these changes.
This commit updates the TREL traffic simulation in the Nexus platform
to flow through the simulated infrastructure link. This ensures that
TREL packets are captured in the pcap file generated by the
infrastructure link, matching the behavior of mDNS traffic.
Key changes:
- Updated Trel::Send to use InfraIf::SendUdp instead of direct
delivery.
- Modified InfraIf::Receive to recognize TREL UDP packets and pass
them to the TREL platform layer.
- Removed the manual mPendingTxList from the Trel struct as
packets are now managed by the infrastructure interface's queue.
- Added initialization for the TREL platform layer in Core::CreateNode.
- Removed Core::ProcessTrel as TREL packets are now processed within
Core::ProcessInfraIf.
This change improves the realism of the TREL simulation and simplifies
packet capture for TREL-related tests.
This commit adds the Nexus test case 1_3_DPR_TC_2 which verifies
Service discovery of services on Thread and Infrastructure with
multiple Border Routers and multiple Thread networks, as per the
Thread 1.3 test specification.
The implementation includes:
- tests/nexus/test_1_3_DPR_TC_2.cpp: Implements the test sequence.
It sets up two isolated Thread networks, each with its own Border
Router (BR_1/DUT and BR_2) and End Device (ED_1 and ED_2),
attached via a shared infrastructure link. It simulates SRP
registration on both networks and verifies that services can be
discovered across networks using the Discovery Proxy function.
- tests/nexus/verify_1_3_DPR_TC_2.py: Performs automated packet
verification. It ensures both BRs correctly add SRP Server info
to their respective Network Data, SRP updates are successful,
and DNS queries (PTR and SRV) from one network successfully
discover services in the other network through the Discovery
Proxy and mDNS on the infrastructure link.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test validates that the Border Router's Discovery Proxy can
successfully discover and report services advertised by another
Border Router's Advertising Proxy function across an adjacent
infrastructure link.
This commit adds the Nexus test case 1_3_DPR_TC_1 which verifies
Discovery Proxy functionality on a Border Router, as per the
Thread 1.3 test specification.
The implementation includes:
- tests/nexus/test_1_3_DPR_TC_1.cpp: Implements the test sequence.
It sets up a topology with a Border Router (BR_1), a Thread End
Device (ED_1), and an infrastructure node (Eth_1). It simulates
Eth_1 advertising services via mDNS and ED_1 querying for those
services through the BR's Discovery Proxy.
- tests/nexus/verify_1_3_DPR_TC_1.py: Performs automated packet
verification. It ensures the BR correctly adds SRP Server info
to Network Data, Eth_1 advertises services, and ED_1 receives
a valid DNS response from the BR containing the discovered
infrastructure services.
- tests/nexus/openthread-core-nexus-config.h: Enables the
OPENTHREAD_CONFIG_DNSSD_DISCOVERY_PROXY_ENABLE configuration to
support Discovery Proxy testing in the Nexus environment.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test validates that the Border Router's Discovery Proxy can
successfully discover and report services from the infrastructure
link to Thread devices.
This commit adds the Nexus test case 1_3_DIAG_TC_2 which verifies
that an End Device correctly reports its diagnostic information and
MLE counters via Network Diagnostic queries, as per the Thread 1.4
test specification.
The implementation includes:
- tests/nexus/test_1_3_DIAG_TC_2.cpp: Sets up a topology with a Leader,
a Router, and a TD_1 (DUT) configured as a MED. It triggers Network
Diagnostic Get queries from the Leader to the DUT for various TLVs
including Max Child Timeout, EUI-64, Version, Vendor info, and MLE
Counters.
- tests/nexus/verify_1_3_DIAG_TC_2.py: Performs automated verification
of the captured traffic. It validates the presence and values of
requested TLVs (Type 19, 23-28) and ensures that MLE Counters (Type
34) reflect the expected role changes and tracking time.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures the correctness of Thread 1.4 End Device Diagnostic
and MLE Counter reporting, facilitating network health monitoring
and troubleshooting in a Thread network.
This commit hardens OpenThread against Mbed TLS/PSA ABI variation
across customer configurations. Because Mbed TLS/PSA does not
guarantee a stable ABI across build-time option sets,
application-level config changes can alter crypto context struct
size/layout, causing precompiled stack libraries to assume
incompatible memory layouts and potentially fail at runtime.
To address this, this PR makes the following changes:
1. Add OPENTHREAD_CONFIG_PLATFORM_ALLOCS_CRYPTO_CONTEXTS to let
platforms allocate/manage crypto contexts when required, while
preserving existing static context storage as the default path.
2. Update AES/HKDF/HMAC/SHA256 context initialization to support both
platform-managed and internally managed context memory models.
This commit adds the Nexus test case 1_3_DIAG_TC_1 which verifies
that a Thread Router correctly reports its child and neighbor
information via Network Diagnostic and MeshDiag queries, as per
the Thread 1.4 test specification.
The implementation includes:
- tests/nexus/test_1_3_DIAG_TC_1.cpp: Sets up a star topology with
a Leader, Router_1 (DUT), and various child nodes (FED, MED, SED,
REED). It triggers Network Diagnostic Get and MeshDiag queries
(QueryChildTable, QueryChildrenIp6Addrs, QueryRouterNeighborTable)
from the Leader to the DUT.
- tests/nexus/verify_1_3_DIAG_TC_1.py: Performs automated verification
of the captured traffic. It implements a custom TLV parser for
CoAP payloads to verify Max Child Timeout (19), Vendor/Stack info
(23-28), MLE Counters (34), Child Table (29), Child IPv6 (30),
and Router Neighbor (31) TLVs.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures the correctness of Thread 1.4 Router Diagnostic
and Child Information reporting, facilitating remote monitoring
and management of the Thread network.
This commit defines `AnswerTlvValue` to represent the value of an
Answer TLV, allowing it to be reused across different modules,
specifically `NetworkDiagnostic` and `HistoryTracker`.
The `AnswerTlv` implementation is also updated to use the
template-based `SimpleTlvInfo` pattern. This enables the use of
generic `Tlv::Append<AnswerTlv>()` and `Tlv::Find<AnswerTlv>()`
methods, which improves type safety and reduces manual TLV handling.
This commit adds the Nexus test case 1_3_SRPC_TC_7 which verifies
that a Thread device re-registers its service with the same KEY
record after a reboot, as per the Thread 1.3 test specification.
The implementation includes:
- tests/nexus/test_1_3_SRPC_TC_7.cpp: Executes the test sequence
by forming a Thread network with a Border Router (BR_1), a Router,
and a DUT (TD_1). It registers a service on the DUT, simulates a
reboot using Node::Reset(), and re-registers the same service.
- tests/nexus/verify_1_3_SRPC_TC_7.py: Performs automated verification
of the captured traffic. It ensures that the SRP Update sent after
reboot contains a KEY record identical to the one sent before
reboot. It includes a monkey-patch to access the
dns.key.public_key field in the packet verifier.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test validates that the SRP client correctly persists its key
material across reboots, which is essential for maintaining service
registration continuity.
This commit adds the Nexus test case 1_3_SRPC_TC_5 which verifies
that a DNS-SD client can correctly discover multiple services
registered via SRP, as per the Thread 1.3 test specification.
The implementation includes:
- tests/nexus/test_1_3_SRPC_TC_5.cpp: Executes the test sequence
by configuring a Border Router (BR_1), an End Device (ED_2)
registering 5 services with various TXT records, and a DUT
(TD_1). It instructs the DUT to browse for services, resolve
them, and send UDP packets to each resolved service. It verifies
the TXT record values and successful UDP transmissions.
- tests/nexus/verify_1_3_SRPC_TC_5.py: Performs automated
verification of the captured traffic (PCAP). It validates the
DNS query, the DNS response containing all 5 services, and the
subsequent UDP packets sent to the resolved addresses and ports.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures the correctness of DNS-SD client discovery logic
and its ability to handle multiple service responses in a Thread
network.
This commit adds the Nexus test case 1_3_SRPC_TC_4 which verifies
that an SRP client can correctly remove one service while leaving
other services registered, as per the Thread 1.3 test specification.
The implementation includes:
- tests/nexus/test_1_3_SRPC_TC_4.cpp: Executes the test sequence
by configuring a Border Router (BR_1) and an End Device (TD_1
as DUT). It instructs the DUT to register two services and then
remove the first service. It verifies that the SRP server handles
the removal correctly and only provides the remaining service in
subsequent DNS PTR queries.
- tests/nexus/verify_1_3_SRPC_TC_4.py: Performs automated
verification of the captured traffic (PCAP). It validates the
SRP Update messages for service registration and removal, and
checks that the DNS response from BR_1 only contains the
expected service.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures the correctness of SRP client service removal
logic and SRP server state management.
This commit adds the Nexus test case 1_3_SRPC_TC_1 which verifies
that the SRP client correctly handles re-registration with active
SRP servers, especially when multiple Border Routers are present,
as per the Thread 1.3 test specification.
The implementation includes:
- tests/nexus/test_1_3_SRPC_TC_1.cpp: Executes the test sequence
by configuring two Border Routers (BR_1 and BR_2), a Router,
and an End Device (ED_1 as DUT). It simulates BR_1 (the initial
SRP server) becoming unresponsive and verifies that the DUT
correctly switches to BR_2. It also verifies that the DUT
stays with its current server (BR_2) even when a numerically
lower server (BR_1) is re-enabled.
- tests/nexus/verify_1_3_SRPC_TC_1.py: Performs automated
verification of the captured traffic (PCAP). It checks for
correct SRP Update packets to the expected SRP servers and
validates that the DUT behavior matches the specification
criteria.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures robust SRP client behavior in dynamic networks
with multiple SRP servers.
This commit fixes an intermittent failure in the Nexus test
1_2_BBR_TC_2 by ensuring that the Backbone Router (BBR) service
is registered immediately when a node assumes the Leader role and
no primary BBR is active.
Previously, BbrLeader only tracked network data changes, and
BbrLocal applied a mandatory jitter delay before registration.
This created a race condition where another node could register
its BBR service before the new Leader, causing the Leader to
incorrectly skip its own registration.
Changes:
- Update BbrLeader to monitor role changes (kEventThreadRoleChanged).
- Modify BbrLocal to bypass registration jitter if the node is
the Leader and there is no existing primary BBR.
This commit adds the Nexus test case 1_3_SRP_TC_15 which verifies
that the SRP server and Border Router correctly handle services
that include additional subtypes, as per the Thread 1.3 test
specification.
The implementation includes:
- tests/nexus/test_1_3_SRP_TC_15.cpp: Executes the test sequence
by configuring a Border Router (BR_1 as DUT/Leader), an End
Device (ED_1), and an Infrastructure node (Eth_1). It simulates
adding, updating, and removing subtypes for a registered service
and verifies that the BR responds correctly to DNS and mDNS
queries for both basic types and subtypes.
- tests/nexus/verify_1_3_SRP_TC_15.py: Performs automated
verification of the captured traffic (PCAP). It checks SRP
updates, DNS resolutions, and mDNS responses to ensure that
subtypes are properly registered and advertised.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures robust support for SRP service subtypes and
their discovery across both Thread and Infrastructure links.
This commit adds the Nexus test case 1_3_SRP_TC_13 which verifies that
the SRP server and BR correctly handle SRP updates when a Thread
Device's IPv6 addresses change, as per the Thread 1.3 test
specification.
The implementation includes:
- tests/nexus/test_1_3_SRP_TC_13.cpp: Executes the test sequence by
configuring a Border Router (BR_1 as DUT/Leader), an End Device
(ED_1), and an Infrastructure node (Eth_1). It simulates address
updates on ED_1 and verifies that the BR updates its records and
correctly responds to DNS/mDNS queries.
- tests/nexus/verify_1_3_SRP_TC_13.py: Performs automated verification
of the captured traffic (PCAP). It checks SRP updates, DNS
resolutions, and mDNS responses to ensure they only contain the
updated addresses and not stale ones.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures that SRP and DNS discovery remain accurate when
device addresses are updated dynamically.
This commit updates recently added Nexus tests to use the new
SetGlobalLogLevel() method instead of the deprecated instance-specific
SetLogLevel(). This aligns with the recent changes in the logging
API which introduced per-instance log levels and repurposed the
global log level management.
The following test files were updated:
- tests/nexus/test_1_3_SRP_TC_11.cpp
- tests/nexus/test_1_3_SRP_TC_12.cpp
The change also wraps the call in SuccessOrQuit() to ensure that any
errors during log level configuration are caught, matching the
pattern used in other Nexus tests.
This commit simplifies the definition of `ThreadNetworkDataTlv`.
Previously, `ThreadNetworkDataTlv` included a 255-byte array to store
the Network Data TLVs. The code now relies on standard TLV parsing
methods like `Tlv::FindTlvValueOffsetRange()` and `Message::ReadBytes()`
to access the Network Data directly from the message payload.
This commit introduces the ability to set and manage log levels on a
per-instance basis when dynamic logging is enabled, while maintaining
backward compatibility with existing logging behaviors.
The existing `otLoggingGetLevel()` and `otLoggingSetLevel()` APIs are
repurposed to manage the "global" log level. They continue to behave
exactly as before in both single-instance and multi-instance
configurations, ensuring that existing users of these APIs do not need
to change their implementations. To provide more granular control, new
APIs `otGetLogLevel()` and `otSetLogLevel()` are added to handle
per-instance log levels.
Specifically, this commit makes the following changes:
- Adds `mLogLevel` to `Instance` to track the instance-specific log
level.
- Renames the global log level static variable to `sGlobalLogLevel` and
introduces `GetGlobalLogLevel()` and `SetGlobalLogLevel()` to manage
it in a multi-instance configuration.
- Updates `otGetLogLevel()` and `otSetLogLevel()` APIs to handle
per-instance log level retrieval and configuration. If a specific
level is not set for an instance, it falls back to the global
log level.
- Adds `mIsLogLevelSet` to distinguish between an explicitly set
instance log level and the global fallback in multi-instance builds.
- Introduces `otPlatLogHandleLogLevelChanged()` platform callback to
notify the platform when an instance-specific log level is updated.
- Updates Nexus tests to use `SetGlobalLogLevel()` instead of the
deprecated instance `SetLogLevel()` method.
This commit fixes an intermittent failure in the Nexus test
1_2_MATN_TC_9 by ensuring that the packet verification for Step 4b
does not advance the packet cursor prematurely.
In Step 4b, the test verifies that BR_2 (DUT) becomes the leader and
distributes its BBR dataset. It checks for both an MLE Advertisement
and an MLE Data Response from BR_2. However, these packets may arrive
in either order.
Previously, the check for the MLE Advertisement used must_next(),
which advanced the packet cursor. If the MLE Data Response arrived
before the Advertisement, the subsequent check for the Data Response
would fail because it started searching from after the Advertisement.
By using copy() for the MLE Advertisement check, we ensure that both
checks search from the same point in the packet log, making the test
robust against packet reordering.
This commit adds the Nexus test case 1_3_SRP_TC_12 which verifies
DNS/SRP service advertisement by all BRs in the Thread Network and
correct integration by the Leader, as per the Thread 1.3 test
specification.
The implementation includes:
- tests/nexus/test_1_3_SRP_TC_12.cpp: Executes the test sequence with
three Border Routers (BR_1 as DUT/Leader, BR_2, and BR_3). It
simulates adding faked high and low numerical addresses for Unicast
Datasets and adding an additional Anycast Dataset from BR_2. It
verifies the integration and withdrawal logic for SRP services.
- tests/nexus/verify_1_3_SRP_TC_12.py: Performs automated verification
of the captured traffic (PCAP). It checks the Thread Network Data
contained in MLE Data Responses for the presence of expected
Anycast and Unicast Datasets and the withdrawal of the DUT's
service when appropriate.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures that the DUT correctly manages multiple SRP server
entries in the network data based on their priority and numerical
address values.
This commit updates the `ThreadRouterMaskTlv` class definition to
include the `OT_TOOL_PACKED_BEGIN` and `OT_TOOL_PACKED_END` macros.
This class defines the structure of a TLV used in Thread messages
and directly maps to a memory buffer. Therefore, it must be properly
packed to ensure its memory footprint accurately reflects the wire
format and to prevent potential memory alignment padding.
Thankfully, this omission did not impact the format of this specific
TLV, as the alignment of its members natively matched the packed
layout.
This commit adds the Nexus test case 1_3_SRP_TC_11 which verifies that
SRP registration and mDNS discovery are correctly recovered after
various device reboots, as per the Thread 1.3 test specification.
The implementation includes:
- tests/nexus/test_1_3_SRP_TC_11.cpp: Executes the test sequence by
simulating reboots of a Thread End Device (ED_1), a Border Router
(BR_1), and an Infrastructure node (Eth_1). It ensures consistent
network datasets across reboots and uses direct method calls for
configuration.
- tests/nexus/verify_1_3_SRP_TC_11.py: Performs automated verification
of the captured traffic (PCAP). It uses specific MAC address filters
to reliably identify mDNS queries and responses across multiple
reboot scenarios where protocol exchanges may otherwise appear
identical.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures that SRP clients automatically re-register after
device or server reboots and that the BR correctly continues to
respond to mDNS queries on the infrastructure interface.
This commit adds the Nexus test case 1_3_SRP_TC_8 which verifies that
the SRP server correctly removes only selected service instances while
keeping others registered, as per the Thread 1.3 test specification.
The implementation includes:
- tests/nexus/test_1_3_SRP_TC_8.cpp: Executes the test sequence by
configuring a Thread Border Router (DUT), an End Device (ED), and
an Infrastructure node (Eth). It registers multiple services and
then removes one while verifying the remaining service.
- tests/nexus/verify_1_3_SRP_TC_8.py: Performs automated verification
of the captured traffic (PCAP), ensuring that SRP Updates, DNS
queries, and mDNS responses correctly reflect the removal of the
selected service and the persistence of the other.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures that the SRP server properly handles service
deregistration according to the SRP draft and that DNS/mDNS discovery
responses are updated correctly.
This commit adds the Nexus test case 1_3_SRP_TC_6 which verifies that
the SRP server correctly handles SRP Updates both with and without
DNS name compression, according to the Thread 1.3 test specification.
The implementation includes:
- tests/nexus/test_1_3_SRP_TC_6.cpp: Executes the test sequence by
configuring a Thread Border Router (DUT), an End Device (ED), and
an Infrastructure node (Eth). It uses SetDnsNameCompressionEnabled()
to toggle name compression for SRP Updates.
- tests/nexus/verify_1_3_SRP_TC_6.py: Performs automated verification
of the captured traffic (PCAP), ensuring that SRP Updates, DNS
queries, and mDNS responses are correctly formatted and contain the
expected resource records.
- Updating tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to integrate the new test into the build and default test suite.
The test ensures that the SRP server can successfully parse uncompressed
names in SRP Updates and that subsequent DNS/mDNS discovery remains
functional for both compressed and uncompressed registration formats.
This commit refactors the `OmrPrefixManager` to decouple it from the main
`RoutingManager` policy evaluation cycle. This allows the OMR prefix to
be managed independently and published faster into the Network Data.
Previously, `OmrPrefixManager` relied on its `Evaluate()` method being
called during the main `RoutingManager::EvaluateRoutingPolicy()` cycle.
This meant it had to wait for other components to be ready — such as
sending Router Solicitations to discover other routers on the Adjacent
Infrastructure Link (AIL)—before taking action.
With this change, `OmrPrefixManager` operates independently. It can
evaluate its state as soon as the Border Router function is enabled and
`Start()` is called.
Additional improvements supporting this independent operation include:
- Replaces the `mIsLocalAddedInNetData` boolean with a `LocalPrefixState`
enum (`kNotAdded`, `kToAdd`, `kAdded`) to manage addition state and
support delayed updates.
- Introduces a random delay (`kMinDelayToAdd` to `kMaxDelayToAdd`)
before adding a self-generated OMR prefix to Network Data. This gives
the network time to settle, allowing other BRs or the `PdPrefixManager`
time to establish a prefix.
- Implements a retry mechanism with jitter for Network Data addition
failures, rather than silently ignoring them.
- Refactors `PdPrefixManager` to batch state changes via an `mEvents`
bitmask and process them through `mEventTask`. Changes are now handled
explicitly by `OmrPrefixManager::HandlePdPrefixManagerEvent()`, further
reducing unnecessary main routing policy evaluations.
This commit adds an API otDatasetIsValid to check whether the given
Operational Dataset contains all the required TLVs (Active Timestamp,
Channel, Channel Mask, Extended PAN ID, Mesh-Local Prefix, Network
Key, Network Name, PAN ID, PSKc, and Security Policy). This API also
checks whether there are duplicated TLVs or the TLVs are not
well-formed.
This commit removes three Python-based thread-cert scripts for v1.2
backbone router and multicast registration testing:
- v1_2_test_backbone_router_service.py
- v1_2_test_multicast_listener_registration.py
- v1_2_test_multicast_registration.py
These tests have been fully migrated to the Nexus simulation
framework, providing equivalent verification in a more robust and
scalable environment.
The equivalent Nexus test cases are already part of the repository:
- 1_2_BBR_TC_1, 1_2_BBR_TC_2, 1_2_BBR_TC_3
- 1_2_MATN_TC_1, 1_2_MATN_TC_2, ..., 1_2_MATN_TC_26
C++ promotes narrow integer types to int before applying ~ or unary -,
so the result is always int even when the variable being assigned to is
narrower. Clang accepted this silently for years due to a bug in its
range tracking (LLVM #126846, fixed March 2025); Clang 21, now included
in the latest Mac OS for example, correctly flags these as errors.
Add <static_cast> to the destination type at each affected spot.
This commit adds the Nexus test case 1_3_SRP_TC_5 which verifies SRP
KEY record inclusion and omission behavior according to the Thread 1.3
test specification (SRP TC-5).
The implementation includes:
- Adding mHostKeyRecordEnabled flag to Srp::Client to control host
KEY record inclusion in SRP Updates. This is enabled only when
OPENTHREAD_CONFIG_REFERENCE_DEVICE_ENABLE is defined.
- Implementing SetHostKeyRecordEnabled() and IsHostKeyRecordEnabled()
methods in Srp::Client.
- Modifying AppendHostDescriptionInstruction() in srp_client.cpp
to conditionally include the KEY record.
- Creating tests/nexus/test_1_3_SRP_TC_5.cpp to execute the test
sequence across multiple simulated nodes (BR_1, ED_1, Eth_1).
- Creating tests/nexus/verify_1_3_SRP_TC_5.py to perform automated
verification of the captured traffic.
- Updating tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh to include the new test.
The test ensures that the SRP server correctly handles updates with
and without service KEY records, omits KEY records in DNS/mDNS
responses, and rejects updates that omit all KEY records.
This commit adds a new Nexus test case 1_3_SRP_TC_4 which implements
the test specification for SRP key lease handling.
The test verifies that:
- A service instance name cannot be claimed even after the service
instance lease has expired, as long as its key lease remains active.
- The SRP server correctly manages key leases and rejects registration
updates for hosts or services that are still claimed by a previous
registration during the key lease period.
- DNS and mDNS responses correctly reflect the state of registrations
and their expirations.
Changes:
- Add tests/nexus/test_1_3_SRP_TC_4.cpp for test execution.
- Add tests/nexus/verify_1_3_SRP_TC_4.py for pcap verification.
- Update tests/nexus/CMakeLists.txt to include the new test.
- Update tests/nexus/run_nexus_tests.sh to add it to DEFAULT_TESTS.
This commit removes the `Tlv::ReadTlvValue()` method which is no
longer needed or used. The same functionality is provided through
the `Tlv::Info` class, specifically using its `ParseFrom()` and
`ReadValue()` methods. This approach is safer and provides more
comprehensive information about the parsed TLV.
The unit tests are also updated to replace the usage of the removed
method with the new `Tlv::Info` based approach.
This commit introduces node-specific log files for Nexus tests. Each
created node can save its OpenThread logs into a separate file
`ot-logs<id>.log`.
The generation of log files is controlled by the environment variable
`OT_NEXUS_SAVE_LOGS`. By default, it is disabled, but it can be
activated by setting the environment variable to "1", "yes", "true",
"on", or "t".
This commit also refactors the Nexus platform logging logic into a new
`nexus_logging.cpp` file and improves the log message format in `stdout`
to include a standard timestamp using `UptimeToString()`.
This commit updates the `BBR_TC_3` Nexus test to use two separate host
nodes, `HOST_1` and `HOST_2`, for sending mDNS queries.
By using distinct host nodes, the packet verification script can now
unambiguously identify and track queries from different test steps
based on their source Ethernet MAC address. This improves the
robustness of the test by reducing reliance on packet sequence
numbers for isolation which can be fragile due to possible multiple
transmission of mDNS query message.
Specifically, `HOST_1` is used for queries in steps 1, 5, and 12,
while `HOST_2` is dedicated to the query in step 9. Both the C++ test
logic in `test_1_2_BBR_TC_3.cpp` and the Python verification script in
`verify_1_2_BBR_TC_3.py` are updated to reflect this change.
This commit updates `Mle::HandleUdpReceive()` to avoid logging an error
when an MLE message is received while MLE is disabled.
When `IsDisabled()` is true, the `VerifyOrExit` macro now exits the
method without setting `error` to `kErrorInvalidState`. This ensures
that the `LogProcessError()` call at the `exit` label does not emit an
error log. This reduces log spam during testing/debugging.
This commit provides the platform-level implementation for the
instance-aware logging API `otPlatLogOutput()`. This API is used when
`OPENTHREAD_CONFIG_LOG_INSTANCE_AWARE_API_ENABLE` is enabled, allowing
the platform to receive the `otInstance` pointer with each log line.
The new API is implemented across:
- The simulation platform logging.
- The POSIX platform using `syslog()`.
- The NCP base to route logs to the NCP host.
- The CLI logging module.
- Unit tests and mock platforms.
The `OPENTHREAD_CONFIG_LOG_INSTANCE_AWARE_API_ENABLE` configuration is
also enabled for Toranj simulations to support multi-instance log
testing.
This commit adds support for `OPENTHREAD_CONFIG_LOG_PREPEND_UPTIME` in
multi-instance builds.
When `OPENTHREAD_CONFIG_MULTIPLE_INSTANCE_ENABLE` is enabled, the uptime
is retrieved from the currently active `Instance` using
`Instance::GetActiveInstance()`. This requires
`OPENTHREAD_CONFIG_LOG_INSTANCE_AWARE_API_ENABLE` to be enabled so that
the `Logger` can identify the instance and access its `UptimeTracker`.
A compile-time check is added to ensure that
`OPENTHREAD_CONFIG_LOG_INSTANCE_AWARE_API_ENABLE` is set when
`OPENTHREAD_CONFIG_LOG_PREPEND_UPTIME` is used in a multi-instance
build.
This commit adds a new Nexus test case 1_3_SRP_TC_3 which implements
the test specification for service instance lease renewal and
automatic service/host removal.
The test covers:
- SRP service registration and discovery via DNS and mDNS.
- SRP lease renewal before expiration.
- Automatic removal of SRP services and hosts after lease expiration.
- Verification of DNS and mDNS responses after lease expiration,
ensuring that expired records are no longer returned.
Changes:
- Add tests/nexus/test_1_3_SRP_TC_3.cpp for test execution.
- Add tests/nexus/verify_1_3_SRP_TC_3.py for pcap verification.
- Update tests/nexus/CMakeLists.txt to include the new test.
- Update tests/nexus/run_nexus_tests.sh to add it to DEFAULT_TESTS.
This commit adds a new Nexus test case 1_3_SRP_TC_2 which implements
the test specification for handling name conflicts in SRP host and
service registrations.
The test covers:
- Handling name conflicts in Host Description records.
- Handling name conflicts in Service Description records.
- Verifying that original services are discoverable on the AIL
while conflicting services are correctly rejected and not seen.
- Validating mDNS discovery on the adjacent infrastructure link
using direct method calls for SRP and DNS-SD operations.
Changes:
- Add tests/nexus/test_1_3_SRP_TC_2.cpp for test execution.
- Add tests/nexus/verify_1_3_SRP_TC_2.py for pcap verification.
- Update tests/nexus/CMakeLists.txt to include the new test.
- Update tests/nexus/run_nexus_tests.sh to add it to DEFAULT_TESTS.
In testing I have observed some failures to attach due to a `Child ID
Request` or `Child ID Response` getting lost in the air causing the
attaching device to start it's own new partition (assuming FTD).
When attaching, after selecting a parent candidate from the responses
to a multicast `Parent Request` message, devices only have one shot to
send and receive a response to a `Child ID Request`. There is a higher
rate of failure in this sequence during high traffic periods such as
formation and reset, which will cause more devices than desired to
fail the attachment process (and become their own leader if an FTD).
This commit aims to help address this by adding 2 additional retries
to `Child ID Request` messages, which gives devices a much better
chance of attaching the first time.
This commit adds a new Nexus test case 1_3_SRP_TC_1 which verifies
SRP registration and discovery in a topology with a Border Router.
The test covers:
- SRP server registration in Thread Network Data.
- SRP service registration by a Thread End Device.
- Unicast DNS queries over the Thread interface.
- mDNS discovery over the Infrastructure interface.
Changes:
- Add tests/nexus/test_1_3_SRP_TC_1.cpp for test execution.
- Add tests/nexus/verify_1_3_SRP_TC_1.py for pcap verification.
- Update tests/nexus/CMakeLists.txt and run_nexus_tests.sh.
- Extend pktverify library (consts.py, layer_fields.py) to support
DNS/mDNS and SRP-specific fields.
This commit updates the `Mle` router role downgrade logic. When a
REED transitions to a router in response to a Child ID Request, it
indicates that the attaching child has no other viable parent options.
To ensure this child remains connected to the mesh, this commit
prevents the newly promoted router from downgrading back to a REED.
A new flag `mBlockDowngrade` is added to `Mle`, and a matching
property `mBlockParentDowngrade` is added to `Child` to track if it is
blocking its parent's downgrade. The downgrade restriction is lifted
under specific conditions: when the device detaches, when a new router
is added to the network (providing a potential alternative parent for
the child), or when all children blocking the downgrade are removed.
A new nexus test `test_mle_blocking_downgrade` is added to validate
the new behavior.
This commit removes the active node tracking logic from the Nexus
simulation framework.
Previously, `Core` maintained a pointer to the `mActiveNode` and updated
it dynamically during processing and network events. This was necessary
so that log messages could be attributed to the correct node/instance.
With the recent introduction of "instance-aware logging" in the OpenThread
core, the logging mechanism natively knows which `otInstance` generated a
log. Therefore, manually tracking and context-switching the active node
in the Nexus framework is no longer required.
This change simplifies `nexus::Core`, removes context-switching overhead
from heavily utilized inline methods like `Node::Get<Type>()`, and allows
us to simplify the signature of `InfraIf::Receive()`.
This commit adds a new Nexus test case 1_3_DBR_TC_10 which implements
the test specification for reachability, OMR address configuration,
and default route processing in a Thread network with a Border Router.
The test ensures that:
- End Devices correctly configure OMR addresses from OMR prefixes.
- Routers correctly process and route packets based on external
(default) routes advertised by Border Routers.
- Border Routers can manage default routes using both external route
TLVs (::/0) and the P_default flag in OMR prefixes.
Changes:
- Add tests/nexus/test_1_3_DBR_TC_10.cpp for test execution.
- Add tests/nexus/verify_1_3_DBR_TC_10.py for pcap verification.
- Update tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to include the new test.
This commit adds several new helper methods to tests/nexus/verify_utils.py
to simplify common verification tasks in Nexus tests:
- check_ra_has_rio: verify presence and preference of RIO in RA.
- check_ra_has_pio: verify presence of PIO in RA.
- check_nwd_has_route: verify presence and preference of external
route in Network Data.
Existing tests (1_3_DBR_TC_7A/B/C and 1_3_DBR_TC_8) are updated to use
these new helper methods, which improves code readability and
consistency across the Nexus test suite.
This commit introduces the 1_3_DBR_TC_8 Nexus test case, which
verifies bi-directional reachability in a topology with multiple
Border Routers (BRs) and the presence of OMR prefixes with different
lifetimes.
Key features of this test:
- Simulates a network with two BRs and a Thread Router.
- Configures an infrastructure link with a GUA prefix.
- Configures an OMR prefix (OMR_4, P_preferred=false) in Network
Data and ensures the DUT BR correctly generates its own OMR
prefix when existing ones are not usable.
- Verifies that the DUT BR correctly multicasts Router
Advertisements (RAs) on the infrastructure link containing OMR
routes but excluding deprecated OMR_4 routes.
- Confirms bi-directional ICMPv6 connectivity between an
infrastructure device and a Thread Router.
- Ensures the DUT BR continues to advertise OMR routes even after
the originating BR (BR_2) is disabled.
The implementation includes:
- tests/nexus/test_1_3_DBR_TC_8.cpp: Test execution logic using
direct method calls and Note-level logging.
- tests/nexus/verify_1_3_DBR_TC_8.py: PCAP-based verification script
with robust Network Data and RA checking.
- Updates to tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh to register the new test case.
This commit introduces the 1_3_DBR_TC_7C Nexus test case, which
verifies bi-directional reachability in a topology with multiple
Border Routers (BRs) and the presence of non-OMR prefixes.
Key features of this test:
- Simulates a network with two BRs and a Thread Router.
- Configures an infrastructure link with a GUA prefix.
- Configures a non-OMR prefix (PRE_1, P_on_mesh=false) in Network
Data and ensures the DUT BR correctly generates its own OMR
prefix when existing ones are not usable.
- Verifies that the DUT BR correctly multicasts Router
Advertisements (RAs) on the infrastructure link containing OMR
routes but excluding PRE_1 routes.
- Confirms bi-directional ICMPv6 connectivity between an
infrastructure device and a Thread Router.
- Ensures the DUT BR continues to advertise OMR routes even after
the originating BR (BR_2) is disabled.
The implementation includes:
- tests/nexus/test_1_3_DBR_TC_7C.cpp: Test execution logic using
direct method calls and Note-level logging.
- tests/nexus/verify_1_3_DBR_TC_7C.py: PCAP-based verification script
with robust Network Data and RA checking.
- Updates to tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh to register the new test case.
This commit adds `otPlatLogOutput()`, a new platform logging API that
provides the `otInstance` pointer along with a pre-formatted log
string. This addresses the limitation of the existing `otPlatLog()` in
multi-instance builds, where the function cannot reliably determine
which OpenThread instance generated the log.
`OPENTHREAD_CONFIG_LOG_INSTANCE_AWARE_API_ENABLE`, is introduced to
enable this behavior. When enabled, `Logger::Log()` resolves the
active instance (via a tracked global pointer `gActiveInstance`)
and passes it to `otPlatLogOutput()`.
To support tracking the active instance context,
`UpdateActiveInstance()` is added and called during standard
instance retrieval paths, such as `Locator::GetInstance()` and
`Message::GetInstance()`. The TCP endpoints and listeners are also
updated to track the active instance when their `GetInstance()` methods
are invoked.
The Nexus testing platform is updated to enable this configuration
and implement `otPlatLogOutput()` to print the instance ID alongside
the log line, simplifying log tracing in multi-node simulations.
This commit simplifies the logic for updating the local OMR prefix
within `RoutingManager::OmrPrefixManager`.
The process of updating the prefix in `UpdateLocalPrefix()` is
consolidated into a single flow. Instead of multiple paths clearing
the old prefix from `NetworkData` and logging changes, the method now
determines the appropriate `prefix`, `preference`, and `origin`
(`kSelfGenerated`, `kCustom`, `kDhcp6Pd`), and delegates the change
to a shared sequence at the end of the method.
It also adds a `Matches()` method to `OmrPrefix` to efficiently check
if a given `Ip6::Prefix` and `RoutePreference` match the current OMR
prefix, avoiding unnecessary copies during updates.
Additionally, this change standardizes the log output format for local
OMR prefix updates by utilizing `LocalToString()` and ensures
the prefix's route preference is consistently included.
This commit introduces the 1_3_DBR_TC_7B Nexus test case, which
verifies bi-directional reachability in a topology with multiple
Border Routers (BRs) and the presence of deprecated prefixes.
Key features of this test:
- Simulates a network with two BRs and a Thread Router.
- Configures an infrastructure link with a GUA prefix.
- Configures a deprecated prefix (PRE_1, P_preferred=false) in
Network Data and ensures the DUT BR correctly generates its own
OMR prefix when existing ones are not usable.
- Verifies that the DUT BR correctly multicasts Router Advertisements
(RAs) on the infrastructure link containing both OMR and PRE_1
routes.
- Confirms bi-directional ICMPv6 connectivity between an
infrastructure device and a Thread Router.
- Ensures the DUT BR continues to advertise PRE_1 routes even after
the originating BR (BR_2) is disabled, as long as the prefix
remains in Network Data.
The implementation includes:
- tests/nexus/test_1_3_DBR_TC_7B.cpp: Test execution logic using
direct method calls and Note-level logging.
- tests/nexus/verify_1_3_DBR_TC_7B.py: PCAP-based verification script
with robust Network Data flag checking.
- Updates to tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh to register the new test case.
This commit introduces the 1_3_DBR_TC_7A Nexus test case, which verifies
bi-directional reachability in a topology with multiple Border Routers
(BRs) and the presence of non-OMR prefixes.
Key features of this test:
- Simulates a network with two BRs and a Thread Router.
- Configures an infrastructure link with a GUA prefix.
- Configures a non-OMR prefix (PRE_1) in Network Data and ensures the
DUT BR correctly generates its own OMR prefix when existing ones are
not usable (e.g., SLAAC disabled).
- Verifies that the DUT BR correctly multicasts Router Advertisements
(RAs) on the infrastructure link containing both OMR and PRE_1 routes.
- Confirms bi-directional ICMPv6 connectivity between an infrastructure
device and a Thread Router.
- Ensures the DUT BR continues to advertise PRE_1 routes even after the
originating BR (BR_2) is disabled, as long as the prefix remains in
Network Data.
The implementation includes:
- tests/nexus/test_1_3_DBR_TC_7A.cpp: Test execution logic using direct
method calls and Note-level logging.
- tests/nexus/verify_1_3_DBR_TC_7A.py: PCAP-based verification script
with robust Network Data flag checking.
- Updates to tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to register the new test case.
In order to facilitate a well-staged post reset process for a larger
size link, it is important to consider the timing of devices returning
to the link.
With the changes in this PR, that timing will be as follows:
1. The leader and routers will begin sending link request messages in
an attempt to reattach to the previous partition.
2. Both the leader and routers will have 4 attempts to reconnect,
afterwords falling back to attach any.
3. The leader here is given a 2s retry window (jittered 10% either
way), for a worst-case (tightest timing vs routers) of 4x2.2s =
8.8s before starting attachment.
4. The routers here are given the normal 5s multicast retx delay with
the same 10% jitter, resulting in a tightest timing (shortest) of
4x4.5s = 18s
5. For this analysis, the jitter during the attach process is ignored
because it will not be particularly significant, so we assume both
flow through a nominal failed attachment of 2x0.75s (routers) +
4x1.25s (reeds) = 6.5s
6. This means that the previous leader will start the new partition
around 15.3s after starting.
7. The former routers would fall back to starting a new partition on
their own at 24.5s after reset.
This timing leaves 9.2s of leeway (greater than the length of the full
attachment process) for the routers to get parent responses from the
old leader which has started the new partition and attach instead of
starting their own partitions.
This also leaves sufficient time between the router attachment and
children timing out of their role restoration process to attach to
their former parents.
Additionally, 4 attempts should be more than sufficient with this
timing to successfully reattach to a partition that did not also
reset. If a link request sent in this period is not accepted, then the
old partition can be safely assumed to be gone, or removed links to
the reset device.
Routers with children and the leader will also benefit in
single-device reset cases here because they are able to rejoin more
quickly. Only routers with very few/no children are slowed down in
re-attachment by 5s.
This adds a new --settings-file launch option that allows specifying
a fixed base name for the settings file, overriding the default
EUI64-based naming scheme.
When an RCP device is replaced, the new device has a different EUI64,
which causes the host to lose access to its previously stored dataset.
By using --settings-file, the settings file name remains stable across
RCP replacements, preserving the Thread network configuration.
Ref: https://github.com/orgs/openthread/discussions/12428
This commit introduces the 1_3_DBR_TC_6 Nexus test case to verify
bi-directional reachability in a multi-BR topology with existing
IPv6 infrastructure.
Key changes:
- Implement tests/nexus/test_1_3_DBR_TC_6.cpp and its corresponding
pcap-based verification script tests/nexus/verify_1_3_DBR_TC_6.py.
- Enhance the Nexus platform InfraIf class to support constructing
and sending ICMPv6 Router Advertisements (RA) with PIO and RIO.
- Add RouterAdvertisementStart() and RouterAdvertisementStop() to
InfraIf for managed periodic unsolicited RA transmissions.
- Update Core::Process() to drive the periodic RA logic in InfraIf.
- Implement response logic for ICMPv6 Router Solicitations in
InfraIf when RA advertising is enabled.
- The 1_3_DBR_TC_6 test validates that the DUT BR correctly adopts
existing OMR prefixes, advertises an external default route (::/0),
and sends appropriate RAs on the infrastructure link.
- Register the new test case in tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
This commit updates the conditional compilation for the multiple
static instances array in `Instance`. It adds a check for
`OPENTHREAD_CONFIG_MULTIPLE_INSTANCE_ENABLE` alongside
`OPENTHREAD_CONFIG_MULTIPLE_STATIC_INSTANCE_ENABLE`.
This commit adds `CloneMessage()`, `CloneMessageWithoutFooter()`,
and `CloneMessageWithout<Footer>()` methods to the `MessageAllocator`
class. These methods simplify creating copies of messages by
automatically applying the correct `kReservedHeader` size. It also
updates existing code in `CoapBase`, `Dns::Client`, `Sntp::Client`,
and `Mle` to utilize these new methods.
Additionally, this commit updates the `Clone()` method in `Message`
to be a template method, accepting a `CloneMode` to specify whether
the cloned message should retain the reserved header or have no
reserved header. The documentation for the clone methods has also
been updated to clarify which message fields are copied during the
cloning process.
This commit introduces the 1_3_DBR_TC_3 nexus test case to verify
bi-directional reachability between multiple Thread networks connected
via a common infrastructure link.
The test verifies that independent Thread networks, each with its own
Border Router (BR) connected to the same infrastructure link, can
successfully route traffic to each other. This confirms reachability
in multi-Thread network environments where no existing IPv6
infrastructure is present.
Key changes:
- Implement test_1_3_DBR_TC_3.cpp to simulate a topology with two
Thread networks (BR_1/ED_1 and BR_2/ED_2) and verify end-to-end
ping success between End Devices.
- Implement verify_1_3_DBR_TC_3.py for pcap-based validation of:
- Network Data registration of OMR and infrastructure prefixes.
- RA multicasts on the infrastructure link with correct RIO/PIO.
- Proper mapping of Extended PAN ID into the infrastructure ULA.
- Bi-directional ICMPv6 connectivity between End Devices.
- Register the new test case in CMakeLists.txt and run_nexus_tests.sh.
Thread spec doesn't define the order of TLVs in the dataset, so that
we can't call `memcmp` to compare two dataset. If we convert the
dataset to otOperationalDataset and then compare each value of
otOperationalDataset, we will met an issue if the new Thread spec
defines new TLVs in the dataset in the future.
This commit add a new dataset API `otDatasetTlvsCompare` to check
whether two dataset contain the exact same set of TLVs (same types and
values).
This commit introduces a new `Event` enumeration in `RouterTable`
along with an `Events` bit-field to track and indicate specific changes
that occur within the table. The `SignalTableChanged()` method is
updated to accept these events, replacing the previous parameterless
version. A new `LogEvents()` method is also added to log a summary of
the changes whenever the table is updated, improving debugging and
visibility into the router table's state.
This commit refactors the verification logic for Distributed Border
Router (DBR) tests in the Nexus framework to enhance robustness and
reliability.
Key changes include:
- Introduced verify_utils.check_nwd_prefix_flags() to handle complex
Thread Network Data structures, allowing for precise verification of
Prefix TLV flags and Border Router sub-TLV flags even when multiple
prefixes are present.
- Updated verify_1_3_DBR_TC_1.py and verify_1_3_DBR_TC_2.py to use
the new helper and improved the identification of OMR and ULA
prefixes in Network Data by iterating through TLV types.
- Added verification for Preferred and Valid Lifetimes in ICMPv6 Prefix
Information Options (PIO) within Router Advertisements.
- Enhanced pktverify to support icmpv6.opt.pio_valid_lifetime and
ensured proper mapping of PIO lifetime fields.
- Simplified MLE Data Response filtering in verify_1_3_DBR_TC_1.py
for better maintainability.
This commit introduces the 1_3_DBR_TC_2 nexus test case to verify
bi-directional reachability between Thread and infrastructure devices
in a topology with multiple Border Routers.
Key changes:
- Implement test_1_3_DBR_TC_2.cpp for step-by-step execution logic.
- Implement verify_1_3_DBR_TC_2.py for pcap-based verification.
- Enable OPENTHREAD_CONFIG_BORDER_ROUTING_TESTING_API_ENABLE in nexus
platform configuration to support prefix manipulation.
- Add icmpv6.opt.pio_preferred_lifetime to pktverify layer fields.
- Register the new test case in CMakeLists.txt and the default nexus
test run script.
- Refactor verify_1_3_DBR_TC_1.py and verify_1_3_DBR_TC_2.py to move
nested helper functions to the top level for better modularity.
- Remove an unnecessary Deinit() call in test_1_3_DBR_TC_1.cpp and
its definition in nexus_infra_if.hpp.
The test verifies:
- Border Router adoption of existing OMR prefixes in the network.
- Router Advertisement (RA) behavior on the infrastructure link,
including correct RIO options and suppression of non-deprecating PIOs
when another BR is present.
- Bi-directional reachability between Thread End Devices and Adjacent
Infrastructure Link (AIL) hosts during BR transitions.
- Automatic election of a new Leader and promotion to Primary BR upon
loss of the previous Leader.
- Correct derivation of BR ULA prefixes from the Extended PAN ID.
Nexus test 1_2_BBR_TC_3 occasionally fails during Step 6 after a
device reboot. The failure occurs because the Backbone Router (BBR)
is reported as active in the mDNS state bitmap ('sb' record), but
the mandatory 'omr' record is not yet present in the response.
This transient state happens because the BBR function is enabled
immediately upon attachment, whereas the Routing Manager requires
a brief period to establish and favor an OMR prefix.
This commit updates the Python verification script to filter for
mDNS responses that include the 'omr' record in Steps 6 and 13. This
allows the test to wait for the complete state to be published
naturally, rather than failing on the first transient packet
received.
Validated with 50 successful sequential executions of the test.
This commit implements the 1_3_DBR_TC_1 nexus test case to verify
bi-directional reachability between Thread and infrastructure
devices with a single Border Router.
Key changes:
- Implement test_1_3_DBR_TC_1.cpp for step-by-step execution logic.
- Implement verify_1_3_DBR_TC_1.py for pcap-based verification.
- Enhance Nexus InfraIf platform to support Deinit() for AIL
disconnection.
- Update InfraIf::Receive() to check initialization status and
ignore kErrorDrop from SendRaw() to handle legitimate packet
drops in the stack.
- Register the new test case in CMakeLists.txt and the default
nexus test run script.
The test verifies:
- Automatic OMR and on-link prefix registration in Network Data.
- Periodic ND Router Advertisement multicast on the infrastructure
link with correct PIO/RIO options and Extended PAN ID derivation.
- Bi-directional reachability between Thread End Devices (OMR) and
Infrastructure Hosts (ULA).
- Strict enforcement of non-forwarding rules for link-local and
Mesh-Local EID traffic between the Thread and infrastructure
networks.
Nexus test 1_2_BBR_TC_2 was occasionally failing at Step 14.
In this step, the previous leader (Router_1) is disabled, and
the DUT (BR_1) is expected to become the new leader and the
Primary Backbone Router (BBR).
The original wait time was 200 seconds (kAttachToRouterTime).
However, analysis showed that routers wait for the MLE Router
ID Timeout (120 seconds) before initiating a new leader election.
Combined with election jitter and BBR registration time, this
sometimes exceeded the 200-second window.
This commit increases the wait time in Step 14 to 400 seconds
(kAttachToRouterTime * 2) to provide sufficient buffer for the
leader transition and BBR registration, effectively resolving
the flake.
This commit updates the `Tlv::Append()` method template to accept a
`uint16_t` for the `aLength` parameter instead of `uint8_t`. This
change aligns the template method with the underlying `AppendTlv()`
method, allowing it to correctly append both regular and extended
TLVs based on the provided length.
The Doxygen comments are also updated to clarify that the TLV is
appended as either a regular or an extended TLV depending on whether
the length is greater than `kBaseTlvMaxLength`.
This commit implements the BBR-TC-03 test case in the Nexus simulation
framework to verify that a Backbone Router (BBR) function can be
discovered using mDNS and that changes are correctly reflected.
Key implementation details include:
- Implementation of BBR-TC-03 in C++ simulating a topology with two
Border Routers (BR_1 as initial Primary BBR, BR_2 as Secondary)
and a non-Thread IPv6 Host used for mDNS queries.
- Use of direct method calls instead of OpenThread public APIs where
appropriate, following Nexus test conventions.
- Configuration of the test environment including fixed Operational
Datasets to ensure predictable verification.
- Simulation of various network states:
- Initial Primary/Secondary BBR discovery.
- BBR function persistence after device reboot.
- Role transition (Secondary becoming Primary) when the original
Primary BBR powers down.
- Secondary BBR discovery when the original Primary BBR rejoins.
- Addition of a Python verification script to validate mDNS packets on
the simulated infrastructure link, checking for:
- Correct mDNS query/response exchanges between Host and BBRs.
- Presence and format of mandatory TXT records (dn, bb, sq, rv, tv,
sb, nn, xp, omr).
- Proper state bitmap (sb) transitions reflecting Primary vs.
Secondary status.
- Inclusion of the full test specification as inline comments in both
C++ and Python files, adhering to strict formatting requirements.
- Registration of the new test case in tests/nexus/CMakeLists.txt and
the default test list in tests/nexus/run_nexus_tests.sh.
- Setting log level to 'note' for improved visibility into state
transitions.
This commit updates `ChildTableTlvEntry` to better support the packing
and parsing of child entries in a `ChildTableTlv`. It introduces an
`InitFrom()` method to encode an entry directly from a `Child`
object, and a `Parse()` method to extract values into a `ParseInfo`
struct, improving modularity and simplifying usage.
Additionally, it consolidates the logic for calculating the timeout
exponent and decoding it back to a timeout value directly within the
`ChildTableTlvEntry` class. It also introduces `ParseChildTable()` in
`NetworkDiagnostic::Client` to clean up the child table parsing
loop.
Update mDNS traffic simulation in the Nexus platform to flow through
the simulated infrastructure link. This ensures mDNS packets are
automatically written to the PCAP file generated by the simulated
infrastructure link.
Changes:
- Wrap mDNS messages in UDP/IPv6 headers and enqueue them on the
simulated infrastructure interface (InfraIf).
- Implement a new SendUdp overload in InfraIf that accepts a Message
payload.
- Update InfraIf::Receive to intercept mDNS UDP packets (port 5353)
and deliver them to the Mdns module.
- Remove the dedicated ProcessMdns loop and manual PendingTx list from
Core and Mdns, consolidating traffic processing through InfraIf.
- Initialize Mdns with a reference to the Node to allow access to
InfraIf.
- Add GetMulticastAddress static helper to Mdns for 'ff02::fb'.
This commit updates various CMake configuration files to simplify
the check for Apple platforms. It replaces the `CMAKE_CXX_COMPILER_ID`
check for `AppleClang` with the built-in `APPLE` variable across
multiple targets (such as `ftd`, `mtd`, `cli`, and others). This
ensures that Apple-specific linker and compiler flags (like `-Wl,-map`
and `-Wimplicit-int-conversion`) are correctly applied when building
on macOS, regardless of the specific compiler used.
Additionally, this commit updates `CMakeLists.txt` to explicitly set
the `CMAKE_AR` and `CMAKE_RANLIB` paths to the default system
locations (`/usr/bin/ar` and `/usr/bin/ranlib`) when the `APPLE`
variable is set.
This commit implements the BBR-TC-02 test case in the Nexus simulation
framework to verify that if two BBR Datasets are present in a network,
the Backbone Router (BBR) that is not elected as Primary will delete
its own BBR Dataset from the Network Data.
Key implementation details include:
- Implementation of BBR-TC-02 in C++ simulating a topology with two
Border Routers (BR_1 as DUT/initial Primary, BR_2) and a Thread
Router as Leader.
- Verification of BR_1's role switch from Primary to Secondary when it
detects a BBR Dataset with a higher sequence number (BR_2's dataset).
- Verification that BR_1 sends a Server Data notification to the Leader
to remove its BBR Dataset upon switching to the Secondary role.
- Verification that BR_1 (as Secondary BBR) correctly rejects MLR.req
messages with ST_MLR_BBR_NOT_PRIMARY.
- Verification that BR_1 automatically resumes the Primary BBR role
and becomes Leader when Router_1 and BR_2 are removed from the
network.
- Addition of a Python verification script to validate:
- Correct sequence of SVR_DATA.ntf CoAP requests for BBR Dataset
registration and removal.
- Correct handling of MLR.req with ST_MLR_BBR_NOT_PRIMARY error.
- Correct filtering of Thread Network Data TLVs in CoAP payloads.
- Inclusion of the full test specification as inline comments in both
the C++ and Python files.
- Use of direct core method calls in C++ and adherence to strict
formatting rules in both files.
- Registration of the new test case in tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The cli config `OPENTHREAD_CONFIG_CLI_BLE_SECURE_ENABLE` was
duplicated in `cli_config.h`.
Their default values were even conflicting.
Changes:
* Remove second define of `OPENTHREAD_CONFIG_CLI_BLE_SECURE_ENABLE`
(default value 0) in `cli_config.h` since it would have never
been reached.
Under interactive mode, the `ot-ctl` client treats lines starting with
"Error" as fatal command failures. It exits immediately and stop
receiving CLI output. As the `debug` command runs a sequence of
sub-commands; if one fails , the entire debug session would stop.
This change modifies the error prefix to "ERROR" for internal debug
commands, allowing ot-ctl to continue processing subsequent output.
Also, it adds an explicit `OutputLine("Done")` at the end of the debug
command processing to ensure the CLI client correctly detects the end
of the command.
This commit implements the BBR-TC-01 test case in the Nexus simulation
framework to verify that a Backbone Router (BBR) device automatically
sends its BBR dataset to the Leader if none exists in the network.
To support the Host receiving echo replies on its infrastructure
interface, the Nexus InfraIf class is extended to support custom
ICMPv6 Echo Reply handlers.
Key changes:
- Implement BBR-TC-01 C++ test case and Python verification script.
- Add EchoReplyHandler callback and registration to Nexus InfraIf.
- Update InfraIf::Receive to handle and dispatch ICMPv6 Echo Replies.
- Register 1_2_BBR_TC_1 in CMake and the test runner script.
This commit simplifies `MacCountersTlv` by replacing its individual
getter and setter methods with bulk operations:
- Adds an `Init()` method that takes a `Mac::Counters` to directly
populate the TLV fields from the MAC layer counters.
- Adds a `Read()` method to parse the TLV and populate a given
`NetworkDiagnostic::MacCounters` structure.
- Updates `NetworkDiagnostic::Server` and `Client` to use these new
methods, allowing the removal of their local helper methods
`AppendMacCounters()` and `ParseMacCounters()`.
- Introduces `Counters` as an alias for `otMacCounters` within the
`Mac` namespace.
This commit adds a new nexus test for MATN-TC-26: Multicast
registrations error handling by Thread Device.
The test verifies that a Thread Device correctly handles multicast
registration errors, such as when a Backbone Router (BBR) runs out of
resources or responds with a general failure.
Changes:
- Implemented test_1_2_MATN_TC_26.cpp to execute the test steps.
- Implemented verify_1_2_MATN_TC_26.py to verify pcap output.
- Updated CMakeLists.txt and run_nexus_tests.sh to include the
new test.
- Modified bbr_manager.cpp to correctly include failed addresses in
the MLR response when using configured error status for reference
devices.
The test ensures the DUT retries registration within the
Reregistration Delay after receiving an error and does not retry
if registration was successful until necessary.
This commit adds a new Nexus test case MATN-TC-23 to verify that a
Thread Device (DUT) automatically re-registers its multicast addresses
before the Multicast Listener Registration (MLR) timeout expires.
The test simulates a topology with two Border Routers (BR_1 and BR_2)
and a Thread Device (TD as DUT). BR_1 acts as the Primary Backbone
Router (BBR) and distributes a BBR Dataset with a configured MLR
timeout. The TD registers a multicast address and then automatically
sends a subsequent MLR.req to renew the registration before the
timeout period ends.
Implementation details:
- Added test_1_2_MATN_TC_23.cpp to execute the simulation using direct
method calls and 'note' log level.
- Added verify_1_2_MATN_TC_23.py to validate the MLR.req/rsp exchange
in the pcap output.
- Included the full test specification as inline comments in both
files, following strict indentation and formatting rules.
- Registered the new test in CMakeLists.txt and run_nexus_tests.sh.
This commit adds a new Nexus test case MATN-TC-22 to verify that a
Primary Backbone Border Router (BBR) that is configured with a low
value of Multicast Listener Registration (MLR) timeout
(< MLR_TIMEOUT_MIN) is interpreted as using an MLR timeout of
MLR_TIMEOUT_MIN by Thread Devices (DUT).
The test performs the following steps:
- Configures the Primary BBR (BR_1) with an MLR timeout of
MLR_TIMEOUT_MIN / 4.
- Verifies that the DUT registers a multicast address (MA1) at BR_1.
- Confirms that the DUT automatically re-registers for MA1 within
MLR_TIMEOUT_MIN seconds of the initial registration.
- Ensures that no more than 2 re-registrations occur within this time
period.
Included changes:
- New test implementation: test_1_2_MATN_TC_22.cpp.
- New verification script: verify_1_2_MATN_TC_22.py.
- Registration of the test in CMakeLists.txt and run_nexus_tests.sh.
The test implementation uses direct method calls in C++ and provides
step-by-step logging in both C++ and Python to match the test
specification.
This commit implements the MATN-TC-21 test case in the Nexus
simulation framework to verify that a Primary BBR correctly handles
incorrect or invalid multicast registrations from a Thread device.
Key implementation details include:
- Implementation of MATN-TC-21 in C++ simulating a topology with two
Border Routers (BR_1 as Primary/DUT, BR_2 as Secondary), a Thread
Router, and a Host.
- Verification of BR_1's handling of various invalid MLR registrations:
- Invalid unicast addresses (MAe1, MAe3) or unspecified address (MAe2).
- Link-local (MA6) and mesh-local (MA5) multicast addresses.
- Partial registration success when valid (MA1) and invalid (MA6)
addresses are mixed.
- Malformed IPv6 Addresses TLV with incorrect length (MAe4).
- Verification that only the Primary BBR (BR_1) accepts registrations,
while the Secondary BBR (BR_2) returns ST_MLR_BBR_NOT_PRIMARY.
- Addition of a Python verification script to validate:
- Correct error status codes in MLR responses (ST_MLR_INVALID,
ST_MLR_BBR_NOT_PRIMARY).
- Multicast forwarding from backbone to Thread for valid registrations.
- Handling of malformed TLVs by checking raw CoAP payloads.
- Inclusion of the full test specification as inline comments in
both the C++ and Python files.
- Registration of the new test case in tests/nexus/CMakeLists.txt
and tests/nexus/run_nexus_tests.sh.
This commit implements the MATN-TC-20 test case in the Nexus
simulation framework to verify that a Parent Router handling a
multicast registration on behalf of an MTD re-registers the
multicast address on behalf of its child before the MLR timeout
expires.
Key implementation details include:
- Implementation of the MATN-TC-20 test scenario in C++ simulating
a topology with a Router (DUT), a MED, and two Border Routers
(BR_1 as initial Primary BBR, BR_2 as Secondary BBR).
- Addition of a Python verification script to validate MLE Child
Update Request/Response exchanges and subsequent MLR.req CoAP
requests from the DUT to the Primary BBR.
- Verification that the DUT automatically re-registers the multicast
address when the MLR timeout is updated in the BBR Dataset.
- Inclusion of the full test specification as inline comments in
both the C++ and Python files, following strict formatting rules.
- Registration of the new test case in tests/nexus/CMakeLists.txt
and tests/nexus/run_nexus_tests.sh.
This commit introduces the `OPENTHREAD_CONFIG_IP6_INIT_EXT_ADDR_POOL_ENABLE`
configuration and the `otIp6Init()` API. When enabled, this feature
allows the OpenThread stack to use externally provided memory buffers for
its external unicast and multicast address pools.
By decoupling the pool sizes from build-time configurations
(`OPENTHREAD_CONFIG_IP6_MAX_EXT_UCAST_ADDRS` and
`OPENTHREAD_CONFIG_IP6_MAX_EXT_MCAST_ADDRS`), the OpenThread stack can be
compiled as a generic library without hardcoding the address pool sizes.
It delegates the memory allocation and configuration to the application
layer at run-time.
When the feature is enabled, `otIp6Init()` must be invoked to initialize
the `Netif` address pools before calling `otIp6SetEnabled()`.
This commit simplifies appending `ChannelPagesTlv` using the standard
`Tlv::Append<>()` with the the array of supported channel pages as
the TLV value.
In addition, a `ReadDiagData()` helper method is introduced in the
`NetworkDiagnostic::Client` to unify and simplify how `otNetworkDiagData`
arrays (e.g. `mNetworkData`, `mChannelPages`) are parsed and populated
from read TLVs.
This commit introduces the `MessageAllocator` template class using the
CRTP pattern to provide a unified implementation of the `NewMessage()`
methods. It standardizes the reserved header sizes for different
message types within `ReservedHeaderSize`. This removes boilerplate
code and redundant `NewMessage()` method implementations across the
`Ip6`, `Icmp`, `Udp`, `Udp::Socket`, and `CoapBase` classes.
This commit implements the Thread 1.2 test MATN-TC-19: Multicast
registration by MTD in the Nexus simulation framework. The test
verifies that an MTD can correctly register multicast addresses
through a parent Thread Router and receive multicast traffic from
the backbone.
Key implementation details:
- Created test_1_2_MATN_TC_19.cpp to simulate the network topology
(BR_1, BR_2, Router, MTD, and Host) and execute the test steps
using direct method calls.
- Implemented verify_1_2_MATN_TC_19.py for PCAP-based verification
of MLE Child Update exchanges, MLR registrations, and multicast
ICMPv6 Echo Request/Reply forwarding.
- Configured the test to use Note log level and included 1-line
log output for each step to match existing Nexus tests.
- Integrated the new test into the Nexus build system via
CMakeLists.txt and added it to the default test execution list
in run_nexus_tests.sh.
This commit adds a new Nexus test case MATN-TC-16 to verify that the
Primary Backbone Border Router (BBR) can handle a large number of
multicast group subscriptions.
The test performs 75 multicast registrations in 5 batches of 15
addresses each. It verifies the following behavior:
- The BBR correctly processes Multicast Listener Registration (MLR)
requests and returns a success status.
- Multicast packets sent to registered addresses on the backbone are
successfully forwarded to the Thread network.
- Multicast packets sent to unregistered addresses are not forwarded.
To accommodate the requirements of this test, Nexus configuration
limits are increased:
- OPENTHREAD_CONFIG_IP6_MAX_EXT_MCAST_ADDRS is increased from 4 to 80.
- The mTestVars array in Nexus Core is increased from 16 to 128
entries to support storing all multicast addresses for verification.
Included changes:
- New test files: test_1_2_MATN_TC_16.cpp and verify_1_2_MATN_TC_16.py.
- Registration of the test in CMakeLists.txt and run_nexus_tests.sh.
- Configuration updates in openthread-core-nexus-config.h and
nexus_core.hpp.
This commit implements the MATN-TC-15 test case in the Nexus simulation
framework to verify that a Thread End Device detects a change of Primary
Backbone Router (BBR) and triggers a re-registration of its multicast
groups.
Key implementation details include:
- Implementation of MATN-TC-15 in C++ simulating a topology with two
Border Routers (BR_1 and BR_2), a Thread Router, and a Thread End
Device (TD as DUT).
- Simulation of Primary BBR failover by stopping BR_1 and waiting for
BR_2 to become the new Primary BBR.
- Addition of a Python verification script to validate:
- Detection of Primary BBR change by the DUT.
- Multicast Listener Registration (MLR.req) sent by the DUT to BR_2.
- Correct forwarding of MLR.req and MLR.rsp by the intermediate
Thread Router.
- Successful registration response (MLR.rsp) from BR_2 to the DUT.
- Inclusion of the full test specification as inline comments in both
the C++ and Python files.
- Registration of the new test case in tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
This commit implements the MATN-TC-12 test case in the Nexus
simulation framework to verify that a Primary BBR correctly
decrements the IPv6 Hop Limit when forwarding multicast packets
between the backbone link and the Thread network.
Key implementation details include:
- Implementation of MATN-TC-12 in C++ simulating a topology with a
Border Router (BR_1 as DUT), a Thread Router, and a Host.
- Enhancement of the Nexus platform to support hop limit processing:
- Updated InfraIf::Receive to decrement Hop Limit when forwarding
from the backbone to the Thread network.
- Updated Node::HandleReceive to decrement Hop Limit when forwarding
from the Thread network to the backbone.
- Added support for simulating packets with Hop Limit 0 by setting
mAllowZeroHopLimit in Node::SendEchoRequest.
- Addition of a Python verification script to validate:
- Multicast forwarding from backbone to Thread with decrement.
- Multicast forwarding from Thread to backbone with decrement.
- Dropping of packets with Hop Limit 1 (or 0) during forwarding.
- Use of unique ICMPv6 identifiers to reliably distinguish between
pings in different test steps.
- Inclusion of the full test specification as inline comments in
both the C++ and Python files.
- Registration of the new test case in tests/nexus/CMakeLists.txt
and tests/nexus/run_nexus_tests.sh.
This commit implements the MATN-TC-10 test case in the Nexus
simulation framework to verify that a Secondary BBR correctly
takes over forwarding of outbound multicast transmissions when
the Primary BBR fails, specifically focusing on BBR Dataset
distribution and MLDv2/BMLR registration behavior.
Key implementation details include:
- Implementation of the MATN-TC-10 test scenario in C++ simulating
a topology with two Border Routers (BR_1 as initial Primary,
BR_2 as Secondary/DUT), a Router, and a Host.
- Verification that BR_2 takes over as the Primary BBR and Leader
after BR_1 is stopped.
- Validation of BBR Dataset (PBBR) presence in Network Data.
- Addition of a Python verification script to validate:
- Multicast ping reachability.
- Correct BBR Dataset distribution.
- Outbound multicast registration (BMLR/MLDv2) on the backbone.
- Use of explicit multicast re-subscription in Step 14 to ensure
observable registration traffic within the simulation window.
- Robust packet filters for BMLR (port 61631) and MLDv2 to handle
platform-specific dissection variances.
- Inclusion of the full test specification as inline comments in
both the C++ and Python files.
- Registration of the new test case in tests/nexus/CMakeLists.txt
and tests/nexus/run_nexus_tests.sh.
This commit implements the MATN-TC-09 test case in the Nexus
simulation framework to verify that a Secondary BBR correctly
takes over forwarding of outbound multicast transmissions when
the Primary BBR fails.
Key implementation details include:
- Implementation of the MATN-TC-09 test scenario in C++ simulating
a topology with two Border Routers (BR_1 as initial Primary,
BR_2 as Secondary/DUT) and a Thread Router.
- Verification that BR_2 takes over as the Primary BBR and Leader
after BR_1 is stopped.
- Addition of a Python verification script to validate that only
the Primary BBR forwards outbound multicast packets to the
backbone link.
- Use of distinct ICMPv6 identifiers to reliably distinguish
between multicast pings sent before and after the Primary BBR
failure.
- Inclusion of the full test specification as inline comments in
both the C++ and Python files.
- Registration of the new test case in tests/nexus/CMakeLists.txt
and tests/nexus/run_nexus_tests.sh.
This commit implements the MATN-TC-07 test case in the Nexus
simulation framework to verify default multicast forwarding
behavior on Border Routers.
Key implementation details include:
- Implementation of the MATN-TC-07 test scenario in C++ to
trigger various multicast ping requests across different
IPv6 scopes (realm-local, admin-local, site-local, global,
and link-local).
- Enhancement of the Python verification script to strictly
validate that only the Primary BBR forwards multicast
packets to the backbone link using Ethernet source address
filtering.
- Support for Ethernet link type in Nexus PCAP generation by
prepending Ethernet headers to infrastructure IPv6 packets.
- Exposure of infrastructure MAC addresses (ethaddrs) in the
test information JSON to enable identification of the
forwarding node on the backbone link.
- Support for verifying source addresses of MPL-encapsulated
multicast packets by checking both outer and inner headers.
- Addition of FindGlobalAddress() helper in the Nexus node
platform.
Implement Thread 1.2 test MATN-TC-05: Re-registration to same Multicast
Group. This test verifies that a Primary Backbone Router (BBR)
correctly manages multicast address re-registration and handles UDP
multicast traffic between the backbone and Thread network.
Key additions:
- Added SendUdp to Nexus InfraIf to support simulated UDP multicast
traffic from backbone hosts.
- Implemented test_1_2_MATN_TC_5.cpp to simulate the network topology
(DUT, BR_2, Router, and Host) and the test steps.
- Implemented verify_1_2_MATN_TC_5.py for pcap-based verification of
multicast forwarding and BBR timeout behavior.
- Integrated the new test into the Nexus build system and the default
test execution script.
This commit simplifies how the SNTP request message is allocated and
constructed in `Client::Query()`. It removes the `NewMessage()`
helper method, replacing its use with a direct message allocation from
the socket followed by `Append()` to add the header. It also updates
the error cleanup path to use the `FreeMessage()` macro.
This commit moves the definitions of `MplOption`, `UdpHeader`,
`TcpHeader`, and `Icmp6Header` from their module-specific headers into
`net/ip6_headers.hpp`. The original class definitions in `Ip6::Udp`,
`Ip6::Tcp`, and `Ip6::Icmp` are replaced with `typedef` aliases to
maintain internal compatibility.
This consolidation centralizes IPv6 protocol header definitions,
ensuring that all header sizes are available when allocating or
cloning messages. This allows for calculating the proper reserved
header length in `NewMessage()`.
This commit updates `tests/unit/test_tcat.cpp` to properly handle the
`Error` return value from `NetworkName::Set()`, resolving compiler
warnings about unhandled return types.
In `TestInitInstanceTcat()`, `IgnoreError()` is used when setting
default test values since `NetworkName::Set()` returns `kErrorNone`
or `kErrorAlready` when the same name is set again.
Add MATN-TC-04 test case to verify that a Primary BBR removes a
multicast listener entry when it expires by timeout.
- Add test_1_2_MATN_TC_4.cpp implementing the simulation of two
Border Routers (BR_1 as Primary BBR, BR_2), a Router, and a Host.
- Verify that a registered multicast address expires after the
configured MLR timeout and that the BBR stops forwarding traffic
to the group.
- Verify that a new registration to the same group is accepted
after the previous one has expired.
- Use direct method calls for BBR configuration and management.
- Add verify_1_2_MATN_TC_4.py for automated packet verification.
- Fix a loopback issue in nexus_core.cpp where infra-if packets
were being delivered back to the sender.
- Register the new test case in tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
Add MATN-TC-03 test case to verify that a Primary Backbone Router
(BBR) correctly handles Multicast Listener Registration (MLR)
requests and ignores a Timeout TLV when it is not sent by a
Commissioner.
- Add test_1_2_MATN_TC_3.cpp implementing the simulation of two
Border Routers (BR_1 as Primary BBR, BR_2), a Router, and an
external Host on the backbone.
- Verify that a Router can successfully register a multicast address.
- Verify that a Router attempting to deregister a multicast address
by sending an MLR.req with a Timeout TLV of 0 (without a
Commissioner Session ID) is handled correctly by the PBBR.
- Verify that the PBBR responds with Success and continues to
forward multicast traffic to the registered address, effectively
ignoring the invalid Timeout TLV.
- Add verify_1_2_MATN_TC_3.py for automated packet verification of
the test scenario.
- Register the new test case in tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
Add MATN-TC-02 test case to verify Multicast Listener Registration
(MLR) and multicast traffic forwarding between a Thread network and
an infrastructure link (backbone).
- Add test_1_2_MATN_TC_2.cpp implementing the simulation of two
Border Routers (BR_1 as Primary BBR, BR_2), a Thread Device (TD),
and an external host on the backbone.
- Verify TD registration of multicast addresses at BR_1 via MLR.req.
- Verify BR_1 responses and backbone notifications (BMLR.ntf).
- Verify successful forwarding of multicast ICMPv6 Echo Requests
from the backbone to the Thread network by the Primary BBR.
- Verify that non-Primary BBRs and BBRs without active registrations
do not forward multicast traffic.
- Add verify_1_2_MATN_TC_2.py for automated packet verification of
the test scenario.
- Register the new test case in tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
Add MATN-TC-01 test case to verify that a Primary BBR by default
blocks IPv6 multicast traffic from the backbone to the Thread
network when no devices have registered for the multicast groups.
- Add test_1_2_MATN_TC_1.cpp implementing the simulation of a
Border Router (BR_1 as Primary BBR), a Thread Router, and an
external host on the backbone.
- Send ICMPv6 Echo Requests from the backbone host to various
multicast addresses (admin-local, site-local, global, and
link-local).
- Add verify_1_2_MATN_TC_1.py for automated packet verification
to ensure the DUT (BR_1) does not forward these multicast
packets to its Thread Network.
- Register the new test case in tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
Implement the InfraIf class and associated platform logic to simulate
a shared infrastructure link (backbone) between Border Routers and
external hosts within the Nexus simulation environment.
Infra interface simulation:
- Implement shared Ethernet-like link for IPv6 traffic delivery.
- Add automated SLAAC address configuration based on ICMPv6 RAs.
- Support sending/receiving ICMPv6 Neighbor Discovery (RS, RA, NS, NA).
- Implement manual ICMPv6 checksum calculation for raw packets.
- Add infrastructure-level loop prevention and destination filtering.
- Provide helper methods to find nodes by infrastructure addresses.
Platform integration:
- Implement otPlatInfraIf APIs and integrate with otInstance.
- Use native Message and MessageQueue for pending traffic management.
- Add support for custom test variables in SaveTestInfo() JSON output.
- Update Node::Reset() to properly clear pending infra interface tasks.
Core enhancements:
- Add MulticastListenersTable::Has() to check for address presence.
- Add PrefixInfoOption::GetPrefixLength() and SetPrefixLength().
- Enable MLR and Backbone Router multicast routing in Nexus config.
This commit introduces `CoapBase::SendAckResponseIfUnicastRequest()`,
which sends an ACK response with a CoAP Code mapped from an `Error`
value, provided the original request was confirmable and not sent to
a multicast address. It also adds `Message::MapErrorToCoapCode()` to
handle the translation of common `Error` types into their appropriate
CoAP Code equivalents (e.g., `kErrorBusy` to `kCodeServiceUnavailable`,
or `kErrorParse` to `kCodeBadRequest`).
The TMF handlers in `AnnounceBeginServer`, `EnergyScanServer`, and
`PanIdQueryServer` are updated to use this new method. Additionally,
all three servers now explicitly reject new requests with `kErrorBusy`
if they are already running an active scan or announce operation. The
state tracking in `PanIdQueryServer` (`mIsRunning`) is also added
to correctly check its running state when starting a query.
This commit updates the `CoapBase::Request` class to encapsulate its
internal state. The `mMessage` pointer and `mMetadata` struct are
now private, and their properties are accessed and modified through
explicit getter and setter methods (e.g., `GetMessage()`,
`IsConfirmable()`, `MarkAsAcknowledged()`).
By doing so, the code that manages pending requests no longer directly
manipulates the internal metadata fields, improving code structure and
maintainability.
Extend the pktverify framework to handle Raw IPv6 packets and parse CoAP
TLVs:
- Add support for verifying Raw IPv6 packets (DLT_RAW) captured on the
infrastructure link.
- Implement parsing for CoAP TLVs used in Multicast Listener
Registration (MLR) and Backbone MLR (BMLR) messages.
- Clean up magic numbers and improve summary output for better
traceability in test reports.
Enhance the Nexus Pcap class to support the pcapng format and logging from
multiple interfaces:
- Transition from pcap to pcapng format to support multiple interface
descriptions in a single capture file.
- Add support for logging both IEEE 802.15.4 (Thread) and Raw IPv6
(Backbone) traffic.
- Implement Interface Description Blocks (IDB) and Enhanced Packet
Blocks (EPB) for pcapng compliance.
This commit updates the following `otPlatInfraIf` platform APIs to
include an `otInstance *` as their first parameter:
- `otPlatInfraIfHasAddress()`
- `otPlatInfraIfSendIcmp6Nd()`
- `otPlatInfraIfDiscoverNat64Prefix()`
Other APIs under `otPlatInfraIf` already follow this pattern. Passing
the `otInstance` pointer is the required standard for all platform
and public APIs; however, it was missed during the initial design of
these specific APIs.
While missing this parameter is often not a blocker on platforms using
a single OpenThread instance, it has become a blocker for simulations,
especially when multiple Border Routers are emulated in the same
simulation setup.
This change introduces a compatibility break for existing platform
implementations, however, it is necessary to support new use cases
(simulation of BRs). It also helps ensure consistent API design
across the stack.
This commit simplfies `thread/uri_paths.cpp` by introducing the
`UriEntryMapList` X-Macro. This macro centralizes the mapping
between the URI path string, its `kUri*` enum value and its string
name representation used in `UriToString()`.
By using this macro, we avoid redundant lists and manual template
specializations. The `kEntries[]` array, the compile-time assertions
validating the sorting of the array, and the `UriToString<>()`
template specializations are now all automatically generated from
this single list, improving maintainability and reducing the chance
of mismatches.
This change updates the `PrevRoleRestorer` logic to use an increasing
timeout when a non-sleepy device sends `Child Update Request`
messages to restore its previous child role.
The timeout starts at 4 seconds and doubles with each subsequent
retransmission. This strategy is designed to handle scenarios where
the parent may also be restarting, such as after a network-wide power
outage, by allowing more time for the parent to recover. Over four
attempts, the device waits a total of 29 seconds (4 + 8 + 16 + 1)
before abandoning the restoration process.
Sleepy devices continue to use a short and fixed 1-second timeout
between retransmissions.
Additionally, if the restoring child receives a Child Update Request
from its former parent, it switches back to the shorter 1-second
timeout to expedite the restoration process and allow at least
two more Child Update attempts.
This commit updates the Nexus test framework to use the pcapng format
for packet capture instead of the legacy pcap format.
The pcapng format provides several advantages over legacy pcap,
most importantly the ability to support multiple interface captures
within a single file. This change prepares the Nexus framework for
more comprehensive border router testing, where capturing traffic
from both the Thread (802.15.4) and infrastructure (Ethernet)
interfaces simultaneously is required.
Changes:
- Implemented Section Header Block (SHB) and Interface Description
Block (IDB) in Pcap::Open.
- Updated Pcap::WriteFrame to use Enhanced Packet Block (EPB).
- Added proper 32-bit alignment padding for EPB records as required
by the pcapng specification.
- Updated the test runner script to use the .pcapng extension.
This commit updates `EnergyScanServer` to use `Tlv::StartTlv()` and
`Tlv::EndTlv()` when constructing the Energy List TLV for the report
message. By leveraging a `Tlv::Bookmark` (`mEnergyListTlvBookmark`),
the server no longer needs to manually track the number of scan
results (`mNumScanResults`) and calculate the exact offset to update
the TLV length.
Furthermore, `Tlv::EndTlv()` automatically manages the conversion to
an Extended TLV if the payload size exceeds the maximum length of a
standard TLV (255 bytes).
This commit updates `Commissioner::HandleTmf<kUriEnergyReport>()` to
read the energy list data directly into a local array instead of
using a dedicated TLV class.
The report handler now uses `Tlv::FindTlvValueOffsetRange()` to locate
the TLV value, which works correctly whether the TLV is encoded as a
standard or extended TLV. With this change, the `EnergyListTlv` class
definition is replaced with a simple typedef to `TlvInfo`.
This commit introduces a new `TlvTypeListIterator` helper class in
the network diagnostic `Server` to simplify the parsing of Type List
TLVs. This iterator handles deduplication of requested TLV types
using a `BitSet` and centralizes the offset management and iteration
logic.
The iterator is now used in `AppendRequestedTlvs()`,
`AppendRequestedTlvsForTcat()`, `PrepareAndSendAnswers()`, and
`HandleTmf<kUriDiagnosticReset>()`, replacing redundant manual
iteration and deduplication code.
Additionally, the `TypeListTlv` definition is simplified to a
`typedef` of `TlvInfo`, as the dedicated class structure is no
longer needed.
This commit fixes a logic error in the TCP receive buffer reassembly
logic. The issue occurred when an out-of-order segment was exactly
the size of the circular buffer and the write index was non-zero.
The original logic incorrectly used modulo-wrapped indices to check
if a write should be contiguous or split:
start_index + numbytes % size. When numbytes == size, end_index ==
start_index, which evaluates to true, leading to an incorrect memory
write if start_index > 0.
This commit updates the check to use the absolute write boundary:
if (start_index + numbytes <= chdr->size). This ensures that any
write spanning the buffer boundary is correctly split.
A regression test test_cbuf_reass_boundary is added to test_all.c
to verify the fix and prevent future regressions. The test Makefile
is also updated to use $(CC) for better portability.
This commit improves the robustness of CoAP option parsing by adding
rigorous validation checks to prevent potential overflows and null
pointer dereferences.
Summary of changes:
1. In 'ReadExtendedOptionField()', added an overflow check when
calculating extended lengths for 2-byte extensions. It now returns
'kErrorParse' if the value would exceed the 16-bit range.
2. In 'ReadBlockOptionValues()', added a check to ensure the block
option exists before accessing it. This prevents a crash when
'GetOption()' returns null.
3. In 'ReadBlockOptionValues()', added length validation to ensure the
option value does not exceed the local buffer size (5 bytes) before
copying.
4. Added a new unit test 'test_coap_overflow' to verify these validation
checks and ensure they correctly handle malformed or missing options.
This commit introduces a maximum recursion depth limit for 6LoWPAN
decompression to prevent potential stack exhaustion from maliciously
crafted frames with deep IPv6-in-IPv6 encapsulation.
- Added a private constant kMaxRecursionDepth in the Lowpan
class to define the maximum allowed recursion depth.
- Updated Lowpan::Decompress() to track and validate the current
recursion depth, returning kErrorParse if the limit is exceeded.
- Added a new unit test TestLowpanDecompressRecursion in
tests/unit/test_lowpan.cpp to verify the recursion limit and
ensure it correctly handles both excessive and legitimate
encapsulation levels.
This commit simplifies and updates `Ip6::DetermineAction()` regarding
how the `aForwardThread` flag is determined for multicast messages
with a scope larger than realm-local.
Such messages are sent using IP-in-IP encapsulation destined to the
`RealmLocalAllMplForwarders` address. Both the encapsulated
(outer) and embedded (inner) messages are processed. When processing
the embedded IPv6 message, regardless of its origin, we only need to
forward it to the Thread mesh if the device has a sleepy child
subscribed to the multicast address. `MeshForwarder::SendMessage()`
on an FTD will then check for these subscriptions and schedule
indirect transmissions to those children.
The behavior for FTDs remains functionally the same as before, though
the code has been refactored to be clearer and easier to follow.
The primary change applies to MTDs: if the multicast destination scope
is larger than realm-local, the message is no longer forwarded to
Thread, as an MTD cannot have any children to support.
This commit reorganizes the member variables in the `Commissioner`
class, ordering them to optimize memory packing. Additionally, it
shortens the local typedef names for callback function pointers, such
as renaming `otCommissionerEnergyReportCallback` to the more concise
`EnergyReportCallback`, improving overall readability. Finally, it
aligns parameter formatting in method signatures like
`SendEnergyScanQuery()` and `SendPanIdQuery()`.
This commit updates `EnergyScanServer::HandleTmf<kUriEnergyScan>()`
to use a local `OwnedPtr<Coap::Message>` when allocating and preparing
the initial energy report message. Previously, the method directly
modified `mReportMessage`, potentially leaving the object in an
inconsistent state or leaking memory if subsequent `Append()` operations
failed and exited early.
By building the message in a local `newMessage` first and only taking
ownership using `PassOwnership()` after all operations succeed, we
ensure the server's internal state remains consistent.
This commit updates the `CoapBase::Receive()` and
`CoapBase::ProcessReceivedResponse()` methods to utilize early returns
via `ExitNow()` and `VerifyOrExit()`. By doing so, it flattens the
nested conditional logic and improves the overall readability of the
code.
As a result of this change in `CoapBase::Receive()`, an invalid
message that fails CoAP header parsing will exit early, correctly
skipping the `Utils::Otns::EmitCoapReceive()` signal.
This commit updates the central CoAP resource handlers in TMF agents
(`Agent::HandleResource`, `BackboneTmfAgent::HandleResource`, and
`Manager::CoapDtlsSession::HandleResource`) to verify that the
incoming request method is a POST request. If the URI is recognized
but the method is not POST, a `kCodeMethodNotAllowed` response is
now sent.
Since all TMF requests are now guaranteed to be POST requests before
reaching their specific handlers, the `IsPostRequest()` checks in
individual handlers are removed. Additionally, the
`IsConfirmablePostRequest()` and `IsNonConfirmablePostRequest()`
helper methods in `Coap::Message` are removed and their usages are
simplified to `IsConfirmable()` and `IsNonConfirmable()` in the
respective handlers.
This commit removes several thread-cert Python tests that are now
covered by the Nexus test framework. Nexus provides more efficient
and reliable testing for these scenarios.
The following tests are removed:
- Cert_8_1_01_Commissioning.py
- Cert_8_1_02_Commissioning.py
- Cert_8_1_06_Commissioning.py
- Cert_8_2_01_JoinerRouter.py
- Cert_8_2_02_JoinerRouter.py
- Cert_8_2_05_JoinerRouter.py
- Cert_8_3_01_CommissionerPetition.py
This commit adds Nexus test 1.1.8.2.2, "On Mesh Commissioner Joining
with JR, any commissioner, single (incorrect)". This test verifies
that the Commissioner correctly handles a relayed DTLS handshake
from a Joiner using an incorrect PSKd.
The test verifies that:
- The Joiner, Joiner Router, and Commissioner correctly exchange
relayed DTLS handshake records (ClientHello, HelloVerifyRequest,
ServerHello, etc.) via RLY_RX.ntf and RLY_TX.ntf messages.
- The Commissioner detects the incorrect PSKd after receiving the
Client Finished message.
- The Commissioner responds with a DTLS-Alert (handshake failure
or bad record MAC) relayed through the Joiner Router via a
RLY_TX.ntf message.
- The session is correctly terminated without fatal alerts before
the expected handshake failure.
Changes:
- Added tests/nexus/test_1_1_8_2_2.cpp to implement the test logic,
using direct internal method calls and note-level logging.
- Added tests/nexus/verify_1_1_8_2_2.py to verify the captured
pcap traffic, adhering to specified formatting and fail conditions.
- Updated tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to include the new test.
This commit adds Nexus test 1.1.8.3.1, "On Mesh Commissioner -
Commissioner Petitioning, Commissioner Keep-alive messaging, Steering
Data Updating and Commissioner Resigning". This test verifies that
a Commissioner Candidate can register itself to the network, send
periodic keep-alive messages, update steering data, and unregister
itself.
The test verifies that:
- The Commissioner correctly sends a LEAD_PET.req to the Leader.
- The Leader responds with a LEAD_PET.rsp and propagates
Commissioning Data in its Network Data.
- The Commissioner sends periodic LEAD_KA.req messages to maintain
its active state.
- The Commissioner can update Steering Data via a
MGMT_COMMISSIONER_SET.req message, and the Leader correctly
propagates this update in the Network Data.
- The Commissioner can unregister itself by sending a LEAD_KA.req
with a Reject state, which the Leader accepts.
- The Leader increments the Commissioner Session ID when a new
Commissioner session is started.
Changes:
- Added tests/nexus/test_1_1_8_3_1.cpp to implement the test logic,
using direct internal method calls and note-level logging.
- Added tests/nexus/verify_1_1_8_3_1.py to verify the captured
pcap traffic, following specified formatting and verification rules.
- Updated tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to include the new test.
This commit removes the `android-ndk` platform support from the
`script/cmake-build` script and deletes the associated CI job from
the GitHub Actions workflow.
The `android-ndk` build was used to verify OpenThread compatibility
with the Android NDK. However, since OpenThread is now officially
included in the Android platform, maintaining a separate NDK-based
build in this repository is no longer necessary.
Changes:
- Remove `android-ndk` from `OT_PLATFORMS` in `script/cmake-build`.
- Remove NDK-specific configuration logic in `script/cmake-build`.
- Remove the `android-ndk` job from `.github/workflows/build.yml`.
This commit simplifies `CoapBase::SendMessage()` by updating how
outgoing requests are processed and added to the pending request
queue.
The logic to determine the clone length (full message for
confirmable, header only for non-confirmable), initialize request
metadata, and process observe options is moved from `SendMessage()`
into the updated `PendingRequests::Add()` method (previously
`AddClone()`). This encapsulates the request preparation logic
closer to where the request is queued.
Update the `GetType()` methods to return the `Type` enumeration
instead of a raw `uint8_t`. This improves type safety and clarifies
the return type for callers. The `mType` member variable is also
updated from `uint8_t` to `Type`.
Generally, when parsing header fields, we do not map the value directly
to an `enum` since the enum may not cover all possible values present in
a received header. However, in this case, the `Type` field in the CoAP
header is a 2-bit value, and all four possible values are explicitly
defined and accounted for in the `Type` enumeration. Therefore, we can
safely cast the read bits to the `Type` enum.
This commit updates several method names in `CoapBase` to better align
with RFC 7252 terminology and clarify their behavior.
Previously, the term "empty" was used ambiguously to mean either a
message with Code 0.00 (`kCodeEmpty`) or a message that lacked a
payload but contained a response code. For example, `SendEmptyAck()`
sent an ACK (`kTypeAck`) message that actually contained a non-zero
response code (e.g., `kCodeChanged`), which is a "response" message
per the RFC, not an "empty" message.
To address this:
- `SendReset()` and `SendAck()` are removed in favor of using
`SendEmptyMessage()` directly with `kTypeReset` or `kTypeAck`.
This restricts the use of "Empty" strictly to Code 0.00 messages.
- `SendHeaderResponse()` is renamed to `SendResponse()` to clarify
that it dynamically sends a response without a payload.
- `SendEmptyAck()` is renamed to `SendAckResponse()` to indicate it
sends a piggybacked ACK `kTypeAck` response without a payload.
- `SendNotFound()` is replaced with a direct call to `SendResponse()`
using `kCodeNotFound`.
- Documentation comments for these methods are updated to explain
their purpose and requirements clearly.
- Callers across the core modules are updated to use the new method
names.
This commit adds Nexus test 1.1.8.2.1, "On Mesh Commissioner Joining
with JR, any commissioner, single (correct)". This test verifies that
the Joiner Router (DUT) correctly relays DTLS traffic between a Joiner
and an on-mesh Commissioner via RLY_RX.ntf and RLY_TX.ntf messages. It
also verifies that the JOIN_ENT.ntf message is encrypted with the KEK.
Changes:
- Added tests/nexus/test_1_1_8_2_1.cpp to implement the test logic,
including DTLS key exporting for traffic decryption.
- Added tests/nexus/verify_1_1_8_2_1.py to verify the captured traffic
using pktverify, ensuring correct relaying and encryption.
- Updated tests/nexus/verify_utils.py to support parsing Joiner-related
CoAP TLVs (DTLS Encap, UDP Port, IID, Locator, KEK) and to handle
16-bit TLV lengths.
- Integrated the test into the build system and test runner via
tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh.
This commit adds Nexus test 1.1.8.1.6, "On-Mesh Commissioner Joining,
no JR, wrong Commissioner". This test verifies that an on-mesh
Commissioner correctly rejects a Joiner when the Provisioning URL in
the JOIN_FIN.req message is not recognized.
The test verifies the following sequence:
- Successful MLE Discovery and DTLS handshake between Joiner and
Commissioner.
- Joiner sends a JOIN_FIN.req containing an unrecognized
Provisioning URL.
- Commissioner responds with a JOIN_FIN.rsp with Reject state.
- Commissioner sends an encrypted JOIN_ENT.ntf message.
- Joiner responds with an encrypted JOIN_ENT.ntf dummy response.
- Joiner terminates the DTLS session with a close_notify alert.
Changes include:
- Implemented C++ test logic in tests/nexus/test_1_1_8_1_6.cpp.
- Implemented Python verification logic in tests/nexus/verify_1_1_8_1_6.py.
- Configured DTLS key exporting in the test to allow decryption and
verification of CoAP messages in tshark.
- Updated tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to include the new test.
This commit adds Nexus test 1.1.8.1.2, "On-Mesh Commissioner Joining,
no JR, any commissioner, single (incorrect)". This test verifies that
the DUT (on-mesh Commissioner) correctly detects and handles a Joiner
using an incorrect PSKd.
The test verifies that:
- The Commissioner and Joiner correctly perform the initial DTLS
handshake up to the Client Finished message.
- The Commissioner detects the incorrect PSKd used by the Joiner.
- The Commissioner responds with a DTLS Alert (handshake failure or
bad record MAC) and terminates the session.
Changes include:
- Implemented C++ test logic in tests/nexus/test_1_1_8_1_2.cpp.
- Implemented Python verification logic in tests/nexus/verify_1_1_8_1_2.py,
which uses exported DTLS keys to decrypt and verify the handshake.
- Added code to export DTLS session keys from the Joiner node to
facilitate decryption of the Finished record in tshark.
- Added the new test to tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
This commit renames the low-level `Send()` method in `CoapBase` to
`Transmit()` to clearly differentiate it from the higher-level message
construction and scheduling logic of `SendMessage()`. The `Sender`
function pointer type and member have also been renamed to
`Transmitter` and `mTransmitter`, respectively, to align with the new
terminology.
Using `Transmit()` clearly communicates the action of handing off a
fully prepared CoAP datagram to the underlying transport layer for
transmission, resolving the naming ambiguity with `SendMessage()`.
This establishes a symmetric "Transmit/Receive" boundary between the
CoAP layer and the transport layer.
This commit addresses occasional failures in Nexus Test 1.1.8.1.1 by
improving simulation timing and packet verification robustness.
Changes:
- Increased kJoiningProcessTime from 30s to 60s in the C++ test to
provide a larger buffer for the joiner process to complete.
- Added a 1s delay after calling AddJoinerAny() to ensure the leader
processes the steering data update before discovery starts.
- Refactored the Python verification script to use pkts.copy() for
independent message exchanges (JOIN_ENT and DTLS Alert). This
allows the script to handle timing variations and out-of-order
packets in the simulated capture.
- Corrected the NM_PROVISIONING_URL_TLV constant to 32.
- Added dtls.alert_message.level to the pktverify library to enable
verification of DTLS alert severity levels.
This test was occasionally failing due to tight timing constraints.
The wait times after SSED-initiated messages were too short, causing
the CSL timer age verification to fail if the message delivery took
longer than expected.
This commit increases the wait times from 500ms to 1000ms and relaxes
the allowed CSL timer age in the verification helper to match.
This commit adds Nexus test 1.1.8.1.1, "On-Mesh Commissioner Joining, no
JR, any commissioner, single (correct)". This test verifies the MLE
discovery, DTLS handshake, and CoAP message exchange between an on-mesh
Commissioner and a Joiner.
Changes include:
- Enhanced MeshCoP::SecureTransport to support DTLS key exporting by
adding a KeylogCallback and SetKeylogCallback method.
- Exposed HandleMbedtlsExportKeys as a public method in
SecureTransport to facilitate key logging.
- Refactored SecureTransport to use named constants for internal
buffer sizes and avoid magic numbers.
- Implemented C++ test logic in tests/nexus/test_1_1_8_1_1.cpp which
uses the new key logging callback to save DTLS keys to a file.
- Implemented Python verification logic in
tests/nexus/verify_1_1_8_1_1.py which uses the exported keys to
decrypt and verify the captured network traffic.
- Used named constants and helper classes (e.g. Time) in the test
implementation and verification script to improve readability and
maintainability.
- Added the new test to tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
This commit removes several legacy Python-based certification tests for
Low Power (CSL) and Thread 1.2 features, as they have been migrated to
the Nexus test framework.
Specifically, the following tests and their associated CI workflows
(including packet verification for low power) are removed:
- CSL Transmission and Timeout
- Enhanced Frame Pending and Keep-Alive
- Single Probe and Forward Tracking Series Link Metrics
- SSED Attachment and Parent Selection
The removal of these scripts from tests/scripts/thread-cert/ and
the corresponding GitHub Action workflows reduces CI overhead while
maintaining coverage through the more scalable Nexus tests.
The packet verification script for Nexus Test 1.1.5.6.2 occasionally
failed because it expected a CoAP ACK followed by an MLE Data Response
in a specific order. Since both packets are triggered by the same
Server Data Notification event, their relative order in the PCAP can
vary.
This commit updates the script to use `pkts.copy()` when searching for
the CoAP ACK. This allows the verification to find the ACK regardless
of whether it appears before or after the MLE Data Response, making
the test more robust.
This commit updates the pyshark dependency to version 0.6 and adapts the
packet verification logic to accommodate changes in pyshark's internal
API and field mapping.
Specifically, this commit:
- Updates requirements.in and requirements.txt to pyshark 0.6.
- Adjusts pktverify and Nexus utility scripts to use the restructured
pyshark API, importing BaseLayer from pyshark.packet.layers.base
instead of the deprecated pyshark.packet.layer.Layer.
- Updates verify_1_2_LP_5_3_8.py to utilize wpan.channel for channel
filtering instead of wpan_tap.ch_num, ensuring consistency with other
Nexus tests and improving verification reliability.
This commit implements Nexus test 1.2.LP.7.2.2 to verify that the
DUT (Leader) can successfully support a minimum of 6 simultaneous
children (3 SEDs and 3 SSEDs) performing link metrics operations.
Specifically, the test verifies that:
- The DUT correctly handles simultaneous Forward Series Link Metrics
Management Requests and Enhanced ACK probing requests.
- The DUT properly aggregates metrics for multiple concurrent series
with different configurations (MAC Data Requests, Link Layer data
frames, LQI, RSSI, and Link Margin).
- Aggregated results are accurately reported in MLE Data Responses
when queried by multiple children.
- The DUT successfully provides link metrics in Enhanced ACKs for
both SED and SSED children.
Changes:
- Added test_1_2_LP_7_2_2.cpp to implement the test logic, including
node configuration, management requests, and data collection.
- Added verify_1_2_LP_7_2_2.py for automated PCAP verification of
MLE TLVs and Enhanced ACK Vendor IEs.
- Updated verify_utils.py to include necessary layer fields for
Link Metrics verification in pktverify.
- Registered the new test in CMakeLists.txt and run_nexus_tests.sh.
This commit simplifies the handling of URI paths during the processing
of block-wise CoAP requests, effectively removing duplicated code.
Previously, `CoapBase::ProcessBlockwiseRequest()` manually iterated
through CoAP options to parse and construct the URI path string. This
logic was redundant as the same functionality is provided by the
`Message::ReadUriPathOptions()` method.
By calling `ReadUriPathOptions()` earlier in the request processing flow
within `CoapBase::ProcessReceivedRequest()`, we can populate the
`uriPath` string buffer and simply pass it down. Consequently, the
`aUriPath` parameter in `ProcessBlockwiseRequest()` has been updated to
a `const Message::UriPathStringBuffer &` to reflect its new role as a
read-only input. This change leads to cleaner, more cohesive code.
This commit updates the `Otns::EmitCoapStatus()` method to use the
`Coap::Message::UriPathStringBuffer` typedef for the `uriPath` local
variable, replacing an explicit character array definition. This
improves code consistency and matches the expected parameter type of
the `Coap::Message::ReadUriPathOptions()` method.
This commit moves the execution of nexus `core` and `trel` tests from
the `toranj.yml` GitHub Actions workflow to the `nexus.yml` workflow.
It separates the tests into dedicated jobs (`nexus-core-tests` and
`nexus-trel-tests`) to improve parallelism and organization. The
existing nexus test job is also renamed to `nexus-cert-tests` to
better reflect its purpose.
This commit introduces `AllocateAndInitPostMessageTo()` and
`AllocateAndInitPriorityPostMessageTo()` methods in `CoapBase`.
These methods simplify the creation of CoAP POST messages by combining
the allocation, initialization, and appending of the payload marker
into a single call. The message type (Confirmable vs. Non-Confirmable)
is automatically determined based on whether the destination address
is multicast.
The previous `InitAsPost()` method in `Coap::Message` is removed,
and all callers in `BbrManager`, `Commissioner`, and
`AddressResolver` are updated to use the new helper methods.
Updates the TCAT class public methods for doing Commissioner
authorization checks and clarifies the code, with minor updates to
PSKc cases handling.
Unit tests are added for checking Commissioner authorization. To do
these checks, a new test class UnitTester is added which has access to
private members of the TcatAgent class. Validation/mock functions are
added in the test code to keep the unit tests readable.
Also reverts the CommCert4 fix that was made in #12151.
For more background information see JIRA BHC-766.
This commit implements Nexus test 1.2.LP.7.2.1 to validate the Forward
Tracking Series Link Metrics functionality.
Specifically, the test verifies that:
- The DUT (Leader) correctly handles Forward Series Link Metrics
Management Requests from SED and SSED children.
- The DUT properly aggregates metrics for Forward Series (MAC Data
Requests for SED, all data frames for SSED).
- Aggregated results are accurately reported in MLE Data Responses
when queried.
- Forward Series can be successfully cleared, and unknown Series IDs
result in appropriate error statuses.
Summary of changes:
- Created test_1_2_LP_7_2_1.cpp to implement the test logic.
- Created verify_1_2_LP_7_2_1.py for automated packet verification.
- Updated verify_utils.py to include MLE TLV field definitions for
Link Metrics (e.g., forward series, flags, query ID).
- Registered the new test in tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
This commit implements Nexus test 1.2.LP.7.1.2, which validates the
Single Probe Link Metrics without Enhanced ACKs functionality.
The test verifies that:
- The DUT (Leader) successfully responds to Single Probe Link Metrics
Requests from SED and SSED children using MLE Data Requests.
- The DUT correctly reports RSSI, Layer 2 LQI, and Link Margin metrics
in MLE Data Responses.
- The DUT reports different RSSI values when the transmission power
(simulated via MAC filter) is varied.
Changes:
- Add test_1_2_LP_7_1_2.cpp to implement the test logic using the
Nexus simulation platform.
- Add verify_1_2_LP_7_1_2.py for automated packet verification,
ensuring Link Metrics Query and Report TLVs are correctly formatted.
- Register the new test in tests/nexus/CMakeLists.txt.
- Add the test to the default test list in tests/nexus/run_nexus_tests.sh.
This commit implements Nexus test 1.2.LP.7.1.1, which validates the
Single Probe Link Metrics with Enhanced ACKs functionality.
The test verifies that:
- The DUT (Leader) successfully responds to Link Metrics Management
Requests from SED and SSED children.
- The DUT includes correct Link Metrics data in IEEE 802.15.4-2015
Enhanced ACKs when requested.
- The DUT correctly handles registration, clearing, and error cases
for Link Metrics configurations.
Changes:
- Add test_1_2_LP_7_1_1.cpp to implement the test logic using the
Nexus simulation platform.
- Add verify_1_2_LP_7_1_1.py for automated packet verification,
ensuring Link Metrics TLVs and Enhanced ACKs are correctly formatted.
- Register the new test in tests/nexus/CMakeLists.txt.
- Add the test to the default test list in tests/nexus/run_nexus_tests.sh.
This commit implements and verifies Nexus test case 1.2.LP.5.2.1, which
validates that the Leader (DUT) correctly manages the Frame Pending bit
in acknowledgments to MAC Data and Data Request frames for Thread V1.2
and V1.1 sleepy end devices.
Key changes:
- Created tests/nexus/test_1_2_LP_5_2_1.cpp to simulate the test
topology (Leader, Router_1, SED_1, SED_2, SED_3) and execution steps.
- Implemented tests/nexus/verify_1_2_LP_5_2_1.py to perform automated
packet verification of the test criteria.
- Integrated the new test into CMakeLists.txt and run_nexus_tests.sh.
- Used AllowList to specify links between nodes as per the test spec.
- Set log level to note and used direct method calls in C++.
- Verified that the DUT sets the Frame Pending bit correctly in ACKs
based on whether indirect messages are queued for the SEDs.
This commit extracts the common lease tracking variables (`mLease`,
`mKeyLease`, `mTtl`, and `mUpdateTime`) and their associated methods
from the `Srp::Server::Host` and `Srp::Server::Service` classes into a
new shared base class, `LeaseTracker`.
By having both `Host` and `Service` inherit from `LeaseTracker`, we
eliminate duplicated logic for calculating expiration times, handling
lease info, and processing TTL updates. This refactoring simplifies
the SRP server codebase and ensures consistent lease management
behavior across both entities.
This commit removes the redundant `Clone()` methods from `Coap::Message`.
These methods previously served to retain the `HeaderOffset` across the
cloned message, which was internally tracked by modifying `MeshDest`.
Since `ot::Message::Clone()` natively preserves the `MeshDest` property,
the specialized `Coap::Message::Clone()` wrappers are unnecessary.
Callers now directly use `ot::Message::Clone()` and type-cast the result
using `AsCoapMessagePtr()`.
Starting from Mbed TLS 4.0 legacy crypto support (which now it's moved
into TF-PSA-Crypto) has been made internal so it shoudn't be referenced
anymore. This commit add guards for this change.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Starting from Mbed TLS 4.0, TLS functions will use psa_generate_random()
inernally, so there is no need to specify it as parameter or through
mbedtls_ssl_conf_rng().
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The size.yml workflow used pull_request_target with git checkout
FETCH_HEAD, which replaced the entire working directory (including
scripts) with untrusted fork code. Since pull_request_target grants
a read/write GITHUB_TOKEN even from public forks, and the workflow
had no top-level permissions restriction, this allowed arbitrary
code execution with write access to the repository.
Fix by:
1. Adding top-level permissions: contents: read (consistent with
all other workflows in this repository).
2. Replacing `git checkout FETCH_HEAD` with a fetch-only approach
that passes the PR merge commit SHA via the OT_SHA_NEW environment
variable. The check-size script uses git-archive to extract code
by SHA, so it does not need the working directory to be switched.
This ensures ./script/check-size always runs from the base branch.
3. Updating check-size to accept OT_SHA_NEW from the environment,
falling back to git rev-parse HEAD when not set (preserving
existing behavior for push-triggered and local runs).
This commit stabilizes Nexus test 1.2.LP.5.3.8 by addressing timing
issues related to SSED polling during network transitions.
Key changes:
- In test_1_2_LP_5_3_8.cpp, added StopPolling() calls after MLE and
MeshCoP exchanges to suppress immediate Data Requests triggered by
these protocols. This ensures the SSED satisfies strict 'no Data
Request' pass criteria.
- In verify_1_2_LP_5_3_8.py, updated criteria 13.2 to allow Data
Requests on the Ternary Channel that occur during the initial
network transition (re-attachment). The script now only strictly
disallows Data Requests in the 1-second window immediately
preceding the Echo Request.
These changes make the test robust against standard OpenThread
re-synchronization behavior while still verifying that Echo Requests
are received via CSL synchronization.
- Fix pktverify index synchronization issues in Nexus tests.
Previously, some verification scripts used (pkt.number, 0) as indices
in pkts.range() calls. In Nexus tests where WPAN and ETH indices are
synchronized, this could cause the advanced index to exceed the stop
index of 0, resulting in a flaky AssertionError. Updated scripts to
use (pkt.number, pkt.number) consistently.
- Reduce kAttachAsSsedTime from 20s to 5s in test_1_2_LP_5_3_2.cpp.
The 20s wait was exactly matching the CSL Synchronized Timeout,
causing SSED_1 to trigger an auto-synchronization Data Request
immediately after the wait ended, violating test constraints.
Providing more margin ensures stable test execution.
This commit implements and verifies Nexus test case 1.2.LP.5.3.8, which
validates that a Router (DUT) correctly supports a Synchronized Sleepy
End Device (SSED) that modifies its CSL Channel TLV.
Key changes:
- Created tests/nexus/test_1_2_LP_5_3_8.cpp to simulate the test
topology (Leader, DUT, SSED_1) and execution steps.
- Implemented tests/nexus/verify_1_2_LP_5_3_8.py to perform automated
packet verification of the test criteria.
- Integrated the new test into CMakeLists.txt and run_nexus_tests.sh.
- Used descriptive constants for CSL parameters and wait times to avoid
magic numbers and ensure spec compliance (e.g., CSL timeout of 20s).
- Verified connectivity using ICMPv6 Echo exchanges across Primary,
Secondary, and Ternary channels, ensuring the SSED only polls when
expected.
This commit addresses issues where child entries could remain in the
kStateChildIdRequest indefinitely in the sequence of events during
attachment. Previously there was a timeout defined and saved for the
kStateChildIdRequest state, but will no longer be excluded from timing
out. This change additionally clears previous parents upon becoming a
router, as it could previously cause unnecessary messages to inform
previous parents. Finally, this moves the transition to the valid
state to occur after success in queuing the Child ID Response.
This commit removes the standalone `AnnounceBeginClient`,
`EnergyScanClient`, and `PanIdQueryClient` classes, integrating their
methods and TMF message handlers directly into the
`MeshCoP::Commissioner` class.
Since these client classes contained minimal state and primarily
served as simple wrappers for sending specific requests and handling
callbacks, merging them into the main `Commissioner` class simplifies
the architecture, removes unnecessary auxiliary classes, and shrinks
the overall codebase size.
This commit updates the `Dso::Connection::ProcessKeepAliveMessage()`
method to use the `OffsetRange` class for parsing TLVs. This approach
robustly validates the size of each parsed TLV against the remaining
length of the received message. Utilizing `OffsetRange::Contains()`
ensures that the reported TLV size via `GetSize()` does not exceed the
available bytes in the message, preventing potential out-of-bounds
reads or infinite loops when iterating over subsequent TLVs.
This commit implements Link Metrics support in the nexus platform,
similar to the simulation platform implementation.
Key changes include:
- Added 'LinkMetricsInfo' struct and management methods to 'Radio' in
'nexus_radio'.
- Implemented 'otPlatRadioConfigureEnhAckProbing()' and Enhanced ACK IE
generation in 'nexus_core' and 'nexus_radio'.
- Enabled Link Metrics initiator and subject configuration flags in
'openthread-core-nexus-config.h'.
- Fixed spelling of 'kRadioSensitivity' in 'nexus_radio'.
- Added 'fflush(stdout)' to the logging utility in 'nexus_misc' to
improve real-time log capture during tests.
This commit adds a new Nexus test case 1.2.LP.5.3.7 to validate that a
Router (DUT) correctly supports a Synchronized Sleepy End Device
(SSED) modifying the CSL Synchronized Timeout TLV.
Specifically, this test verifies:
- Initial CSL synchronization with a 10s timeout.
- SSED successfully updating the timeout to 20s via MLE Child Update.
- DUT maintaining connectivity beyond the original 10s timeout.
- DUT correctly buffering frames when CSL synchronization expires
after the timeout is reverted to 10s.
- Successful resynchronization and buffered frame delivery.
Detailed changes:
- tests/nexus/test_1_2_LP_5_3_7.cpp: Implemented the C++ test logic
using the Nexus simulation framework.
- tests/nexus/verify_1_2_LP_5_3_7.py: Added a Python script to
validate the packet traces and ensure protocol compliance.
- tests/nexus/CMakeLists.txt: Added the new test to the build system.
- tests/nexus/run_nexus_tests.sh: Included the test in the default
Nexus test suite.
This commit adds Nexus test case 1.2.LP.5.3.6, which validates that a
Router can support a child transitioning from a Synchronized Sleepy
End Device (SSED) to a Minimal End Device (MED) and back.
The test procedure involves:
- Forming a network with a Leader, DUT (Router), and SSED child.
- Verifying SSED attachment and initial CSL-based connectivity.
- Transitioning the child to MED mode and verifying the corresponding
MLE Child Update exchange and connectivity.
- Transitioning the child back to SSED mode and verifying that CSL
synchronization is resumed.
Changes:
- Implement tests/nexus/test_1_2_LP_5_3_6.cpp for test execution.
- Implement tests/nexus/verify_1_2_LP_5_3_6.py for pcap verification,
with logic to distinguish between synchronization and polling Data
Requests.
- Update tests/nexus/CMakeLists.txt to include the new test.
- Update tests/nexus/run_nexus_tests.sh to add the test to the default
test list.
This commit adds Nexus test 1.2.LP.5.3.5 to verify that a Router (DUT)
can reliably support a minimum of 6 Synchronized Sleepy End Device
(SSED) children simultaneously, with each child operating on a
distinct CSL channel.
The test implementation in test_1_2_LP_5_3_5.cpp (aligned with SPEC
Section 3.2.6.3.2) performs the following:
- Establishes a topology with a Leader, the DUT Router, and six SSED
children.
- Configures SSEDs with varied CSL Synchronized Timeouts (10s, 20s,
and 30s) and different radio channels, including primary (11),
secondary (26), and random channels (12-15).
- Triggers CSL synchronization through MLE Child ID and Child Update
exchanges.
- Validates bi-directional connectivity by sending ICMPv6 Echo
Requests from the Leader to each SSED, ensuring they are correctly
forwarded by the DUT.
The verification script verify_1_2_LP_5_3_5.py automates packet-level
checks, ensuring:
- Successful delivery of MLE Child ID and Child Update Response
messages from the DUT.
- Correct radio channel selection for forwarded Echo Requests to
SSED_1 and SSED_6.
- Absence of MAC Data Requests from SSED_1 prior to the arrival of
the CSL-probed Echo Request, confirming active synchronization.
- Inclusion of CSL Period and Phase IEs in the 802.15.4 frame headers
of Echo Replies from SSED_1 and SSED_6.
- Reliable forwarding of Echo Replies from all six SSEDs back to
the Leader.
Changes also include registering the new test in CMakeLists.txt and
run_nexus_tests.sh.
This commit adds the .gemini/config.yaml file to configure the Gemini
code review tool. The configuration includes settings for review
severity, comment limits, and automated review triggers for pull
requests.
The packet verification script for Nexus test 1.1.7.1.4 failed
sporadically because Step 5 (ROUTER_1 multicast MLE Data Response)
was being searched starting from the cursor position after Step 4
(Leader's MLE Data Response and CoAP ACK).
Depending on the timing/non-determinism from entropy, ROUTER_1's
response could arrive before the Leader's packets, causing it to
be skipped when searching from the Step 4 cursor.
This change saves the cursor position after Step 3 and uses it as
the starting point for the Step 5 search, ensuring the packet is
found regardless of its order relative to the Step 4 packets.
This commit fixes an occasional failure in Nexus test 1.1.6.1.4
by introducing a controlled delay during the DUT attachment
process.
The test ensures the DUT picks a REED with better connectivity
as its parent. The failure was caused by a race condition where
the intended parent (router3) could upgrade from REED to active
router before the DUT completed its parent selection. This
resulted in the DUT attaching during the first Parent Request
(active routers only), rather than the second request (including
REEDs), which is required for specification compliance.
Changes:
- Added kParentSelectionTime constant (2000ms) to define the
expected parent selection window.
- Updated test_1_1_6_1_4.cpp to use AdvanceTime() with this
constant before allowing router3 to upgrade. This ensures
router3 remains a REED long enough for the DUT to send the
multicast Parent Request with the REED scan mask.
This commit adds Nexus test case 1.2.LP.5.3.4, which validates that a
Router (DUT) maintains a robust CSL connection with a Synchronized
Sleepy End Device (SSED) even when the SSED modifies its CSL Period.
The test verifies synchronization over multiple CSL period changes:
500ms -> 3300ms -> 400ms.
Changes:
- Added CSL period constants (500ms, 3300ms, 400ms) to shared utility
modules: tests/nexus/verify_utils.py (Python) and
tests/nexus/platform/nexus_utils.hpp (C++).
- Implemented tests/nexus/test_1_2_LP_5_3_4.cpp to execute the test
procedure, including topology formation, SSED attachment, and
triggering CSL period updates.
- Implemented tests/nexus/verify_1_2_LP_5_3_4.py to validate pcap
output, ensuring the DUT correctly buffers and relays ICMPv6 Echo
Requests and that SSED_1 does not send MAC Data Requests.
- Updated tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to integrate the new test into the build system and test runner.
This commit implements Nexus test 1.2.LP.5.3.3, which validates the
behavior when a Synchronized Sleepy End Device (SSED) becomes
unsynchronized.
The test verifies that:
- When a SSED is CSL synchronized, the parent (DUT) relays frames
using CSL transmission.
- When the SSED stops sending synchronization data polls and the CSL
connection times out, the parent falls back to indirect
transmission (buffering and waiting for a Data Request).
- Once the SSED resumes synchronization, the parent returns to using
CSL transmission.
Changes:
- Add test_1_2_LP_5_3_3.cpp to implement the test logic using the
Nexus simulation platform.
- Add verify_1_2_LP_5_3_3.py for automated packet verification,
ensuring frames are sent via CSL or indirect transmission as
appropriate.
- Register the new test in tests/nexus/CMakeLists.txt.
- Add the test to the default test list in
tests/nexus/run_nexus_tests.sh.
This commit updates the names of several message allocation methods in
`CoapBase` to `AllocateAndInit*()`. This change helps to clearly
differentiate these methods from the `NewPriorityMessage()` and
`NetMessage()` overloads, which only allocate a new `Message`.
In contrast, the `AllocateAndInit` methods allocate the message and
fully prepare it by initializing the CoAP header, appending the URI
path option, the payload marker, leaving it ready for the payload.
This change clarifies the design by explicitly indicating that these
methods perform extra setup work.
All calls to these methods throughout the codebase have been updated
to reflect the new names.
This commit introduces `DetermineRemainingDurationFrom(Time aNow)` to
the `Time` class. This method calculates the duration from a given
current time (`aNow`) to the `Time` instance, handling edge cases
where the target time is in the past by returning zero.
Several instances across the codebase (e.g., `Timer::Scheduler`,
`TcatAgent`, `Translator::Mapping`, `Srp::Server`) previously
duplicated this logic using manual checks and subtraction. They have
been updated to use this new centralized helper, improving
readability and reducing the likelihood of wrap-around or negative
duration bugs.
This commit adds Nexus test 1.2.LP.5.3.2 to validate that a Router
(DUT) can maintain a CSL connection with a Synchronized Sleepy End
Device (SSED) using various message types to trigger synchronization.
Changes:
- Implemented test_1_2_LP_5_3_2.cpp to simulate the topology of
Leader, Router (DUT), and SSED.
- Added descriptive constants (kMsPerSecond, kUsPerMs, kEchoId,
kCslWaitMultiplier) to test_1_2_LP_5_3_2.cpp to replace magic
numbers.
- Implemented verify_1_2_LP_5_3_2.py for pcap-based verification of
IEEE 802.15.4-2015 frames, CSL Information Elements, and timers.
- Updated test_1_2_LP_5_3_1.cpp to set CSL period and timeout
explicitly using stack APIs instead of the removed kAsSsed mode.
- Removed kAsSsed JoinMode from Nexus::Node in favor of explicit
CSL parameter configuration within test files.
- Added wpan.header_ie.csl.phase to verify_utils.py field mappings.
- Included the new test in CMakeLists.txt and run_nexus_tests.sh.
This commit refactors Nexus test 1.2.LP.5.3.1 to better align with
the specification and improves the robustness of the test logic and
verification script. It also removes the kAsSsed join mode to favor
explicit CSL configuration in tests.
Changes:
- Removed kAsSsed from Nexus::Node::JoinMode and Node::Join() to
encourage tests to manage CSL parameters explicitly.
- Updated test_1_2_LP_5_3_1.cpp to join as a regular SED first and
enable CSL after attachment. This matches the specification's
requirement to establish synchronization via Child Update Request.
- Introduced constants in test_1_2_LP_5_3_1.cpp for CSL period,
synchronization time, and other parameters to avoid magic numbers.
- Enhanced verify_1_2_LP_5_3_1.py with comprehensive checks for:
- MLE Child Update Request/Response exchange.
- IEEE 802.15.4-2015 frame versions.
- ICMPv6 Echo Request/Response forwarding through the Leader.
- Absence of MAC Data Requests after CSL synchronization.
- Fixed an issue in verify_1_2_LP_5_3_1.py where packet numbers
were not correctly handled in pkts.range().
This commit updates the object pool implementation to support dynamically
configured pool sizes without penalizing the memory footprint of
existing static usages.
A new `PoolBase` class is introduced to encapsulate the core linked-list
management logic (`Allocate()` and `Free()`), relying on a shared
`mFreeList`.
The existing `Pool` class is updated to inherit from `PoolBase`. It
retains its statically allocated `mPool` array, ensuring zero code-size
or RAM penalty for current users of fixed-size pools.
A new `ConfigPool` class is added, also inheriting from `PoolBase`.
This class allows a pool to be initialized at run-time with an
externally provided memory buffer (`mEntryArray`) and size
(`mNumEntries`). This enables future use cases where memory allocation
for pools can be provided dynamically by the system integrator.
This commit also includes unit tests for `ConfigPool` to verify its
allocation, deallocation, and initialization behavior.
This commit adds a new Nexus test case 1.2.LP.5.3.1 which validates
SSED attachment and CSL synchronization.
Changes:
- Added kAsSsed JoinMode to Nexus::Node platform to support joining
as a Synchronized Sleepy End Device with default CSL parameters.
- Implemented test_1_2_LP_5_3_1.cpp following the test specification
for SSED attachment.
- Implemented verify_1_2_LP_5_3_1.py to verify pcap output, ensuring
correct use of 802.15.4-2015 frames and CSL synchronization.
- Updated CMakeLists.txt and run_nexus_tests.sh to include the new
test in the Nexus test suite.
This commit implements CSL transmitter and receiver functionality in
the Nexus simulation platform. It enables the necessary OpenThread
configurations and provides the platform-level support for CSL.
It also implements the otPlatRadioGetNow platform API to provide a
high-resolution 64-bit microsecond time base, which is required for
accurate CSL timing and synchronization.
Changes:
- Added GetNowMicro64() to Nexus::Core to expose the raw 64-bit
microsecond timer.
- Implemented otPlatRadioGetNow() in nexus_radio.cpp.
- Enabled OPENTHREAD_CONFIG_MAC_CSL_RECEIVER_ENABLE and
OPENTHREAD_CONFIG_MAC_CSL_TRANSMITTER_ENABLE in Nexus config.
- Added otRadioContext to Nexus::Radio to track CSL parameters and
manage security material for radio operations.
- Implemented otPlatRadioEnableCsl, otPlatRadioResetCsl,
otPlatRadioUpdateCslSampleTime, and otPlatRadioGetCslAccuracy.
- Implemented otPlatRadioSetMacKey, otPlatRadioSetMacFrameCounter,
and otPlatRadioSetAlternateShortAddress to keep radio context
synchronized with OpenThread stack.
- Updated otPlatRadioSetExtendedAddress and otPlatRadioEnableCsl to
use AsCoreType for better readability and project conventions.
- Moved Radio member initializations to the initializer list in its
constructor.
- Refactored radio SFD processing: moved otMacFrameProcessTxSfd and
UpdateFcs from otPlatRadioTransmit (radio platform) to
Core::ProcessRadio (simulation engine), ensuring CSL IEs and
security headers are updated exactly when transmission starts.
- Enhanced Nexus::Core::ProcessRadio to support generating Enhanced
ACKs with CSL IEs for 802.15.4-2015 frames.
- Updated Nexus and fuzz build systems to include necessary Nexus
platform and utils headers/utilities.
This commit addresses a timeout issue reported by a fuzzer when
processing MAC frames with malformed Header IEs.
Specifically:
- In `FindPayloadIndex()`, added validation to ensure the returned
index does not exceed `kMaxPsduSize` (254). If the index exceeds
this value, it now returns `kInvalidIndex` (255). This prevents
callers from experiencing wrap-around issues when they cast the
result to `uint8_t`.
- In `GetHeaderIe()` and `GetThreadIe()`, changed the `index` and
`payloadIndex` variables from `uint8_t` to `uint16_t`. This
ensures that any increment during the loop does not wrap around,
which was a primary cause of the infinite loop.
- Updated the loop condition from `index <= payloadIndex` to
`index < payloadIndex`. Since `payloadIndex` points to the start
of the payload (the byte after the last Header IE), a strict
less-than comparison is correct and prevents the loop from
attempting to parse the payload itself as a Header IE.
These changes ensure robust parsing of IEEE 802.15.4 frames, even
when they contain unexpected or malformed Information Elements.
This commit adds lease and remaining lease information to the output
of `srp server host` and `srp server service` CLI commands.
The information includes:
- `lease`: The total lease time in seconds.
- `key-lease`: The total key lease time in seconds.
- `remaining lease`: The remaining lease time in seconds (with
millisecond precision).
- `remaining key-lease`: The remaining key lease time in seconds
(with millisecond precision).
A new utility method `OutputMsecDurationInSec()` is added to `Utils`
class to format durations in milliseconds as seconds with a
fractional part.
The SRP server host and service output parsers in
`tests/scripts/thread-cert/node.py`, `tests/toranj/cli/cli.py`, and
`tools/otci/otci/otci.py` are updated to correctly handle the new
fields for both active and deleted entries.
This commit addresses occasional failures in Nexus Test 1.1.9.2.9 by:
1. Increasing the wait time in Step 10 from 60s to 200s
(kAttachToRouterTime). This ensures Router 1 has enough time to
upgrade from a child to a router role after attaching to the new
partition formed by Router 2. The upgrade jitter can be up to 120s,
so the previous 60s wait was insufficient. An explicit check for the
Router role is also added.
2. Refactoring the verification script to handle out-of-order MLE
packets. Some steps involve a multicast response and a triggered
unicast request/response. The relative order of these packets is not
guaranteed in the simulation. Using save_index() and a new helper
function _verify_packet_in_group() allows searching for all required
packets from the same base index within a group while reducing code
duplication.
3. Improving the logic to advance the packet index after verifying a
group of out-of-order packets. The script now tracks the maximum
index found among all verified packets in a group to ensure no
packets are skipped in subsequent searches.
These changes make the test robust against timing variations and
jitter in the simulated environment.
This commit adds a new Nexus test `test_srp_lease` to verify the
behavior of the SRP server and client regarding lease expirations and
state updates. The test creates a network with an SRP server and
multiple client nodes that randomly perform various SRP operations
including registering, updating, unregistering, and removing services,
as well as abruptly disconnecting. The test then validates that the
SRP server correctly updates the host and service states, such as
marking them as deleted or fully removing them when their leases
expire or when explicitly requested by the clients.
This commit introduces an `Init()` method to the `Mac` class and
moves the invocation of `KeyManager::UpdateKeyMaterial()` from the
`Mac` constructor into this new method. `Mac::Init()` is then called
from `Instance::AfterInit()`, immediately after `KeyManager` is
initialized.
This ensures that `KeyManager` and other OpenThread core components
are fully constructed and properly initialized before attempting to
update the key material. The key material update interacts with
`SubMac` to configure the MAC keys. Performing this operation during
the `Mac` constructor phase can be problematic because the `KeyManager`
(under `OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE`) may not be
fully initialized and ready yet.
This updates the TCAT CLI to use the configured 'vendor app URL' by default as the
TCAT Provisioning URL, instead of a dummy value. It also updates the max length of
this URL to the configured vendor app URL max length as agreed by JIRA BHC-769.
Also 2 related minor validation fixes in TCAT agent code.
Furthermore, the Get Provisioning URL TLV TCAT command is fixed to return status 'Unsupported'
in case the URL is not configured (null or zero-length), to comply to the spec.
This commit fixes a potential memory leak of the allocated `aHost`
object in `Server::CommitSrpUpdate()`.
Previously, when the granted key lease was zero (indicating a request
to remove the host), the code used `VerifyOrExit(existingHost != nullptr)`
before calling `aHost.Free()`. If `existingHost` was null (e.g., when
receiving a request to remove a non-existent host), the function
would exit early and skip freeing `aHost`, causing a memory leak.
This is updated to always call `aHost.Free()` when `grantedKeyLease`
is zero, ensuring the memory is freed regardless of whether
`existingHost` is null or not.
This commit updates `BorderAgent` to parse the provided extra vendor
TXT data (`otBorderAgentSetVendorTxtData()`) to check if the vendor
name (`vn`) and model (`mn`) keys are already present. If they are
absent, it would use and encode the values from `VendorInfo` into the
advertised TXT data. This harmonizes the use of `VendorInfo` values
across various modules, network diagnostics, and the `BorderAgent`
TXT data.
Note that this change only impacts the system when
`OPENTHREAD_CONFIG_BORDER_AGENT_MESHCOP_SERVICE_ENABLE` is enabled,
meaning the Border Agent itself directly manages the registration and
updating of the mDNS MeshCoP service.
The generated TXT data from `otBorderAgentGetMeshCoPServiceTxtData()`
remains unchanged. This API is intended for use cases where the
next-layer code manages the publishing of the mDNS MeshCoP service,
and as documented, the TXT data from this API does not include any
vendor-specific information.
This commit updates `test_border_agent` to validate the newly
added behavior.
This commit simplifies multicast address management within `Netif` by
merging the `ExternalMulticastAddress` class directly into the base
`MulticastAddress` class. The `otNetifMulticastAddress` structure is
updated to include `mAddressOrigin` and an opaque `mData` field.
The `mData` field is utilized to track the Multicast Listener
Registration (MLR) state when the `OPENTHREAD_CONFIG_MLR_ENABLE`
feature is enabled.
By consolidating these types, we eliminate the need for separate
internal and external multicast address iteration logic in
`MlrManager`, streamlining MLR subscription checks and updates.
Additionally, this provides a more unified way to track the origin of
multicast addresses natively.
This commit implements the otPlatAlarmMicro* platform APIs in the
Nexus simulation environment. It also transitions the simulation's
internal time base from millisecond to microsecond granularity to
ensure that both millisecond and microsecond alarms operate on a
consistent and shared time reference.
Changes include:
- Enabled OPENTHREAD_CONFIG_PLATFORM_USEC_TIMER_ENABLE in Nexus config.
- Updated Nexus::Core to use a 64-bit microsecond time base (mNow).
- Implemented otPlatAlarmMicroGetNow, otPlatAlarmMicroStartAt, and
otPlatAlarmMicroStop.
- Refactored Nexus::Node to support separate millisecond and
microsecond alarm instances (mAlarmMilli and mAlarmMicro).
- Updated radio timestamps and PCAP logging to use the new high-
resolution microsecond time base.
- Adjusted simulation time advancement and alarm triggering logic to
handle both alarm types correctly.
This commit enables channel-based filtering in Nexus simulation tests
by exporting node channel information and enhancing the pktverify
library to extract and use it.
Simulation Core:
- Export each node's PAN channel to the test JSON metadata in
nexus_core.cpp.
Pktverify Library:
- Update packet.py to extract channel information from 'wpan-tap' or
'wpan_tap' layers and normalize it into 'wpan.channel'.
- Update consts.py and layer_fields.py to support the new TAP layers
and their channel fields.
- Enhance NullField to be callable and iterable, and update Bytes
comparison to handle NullField, preventing script crashes when
accessing missing layers or fields.
Verification Utilities:
- Automatically load channel information from test JSON into
verification variables (e.g., {NODE_NAME}_CHANNEL).
Test Updates:
- Stabilize 1.1.9.2.14 by using channel-based filtering instead of
relying solely on RLOC16s.
- Update 1.1.9.2.17 and 1.1.9.2.8 to use the normalized
'wpan.channel' field instead of direct 'wpan_tap' access.
The MeshCoP::Timestamp class does not have a default constructor that
clears its members. When a Timestamp object is declared on the stack,
its members (seconds, ticks, and authoritative bit) contain garbage.
The SetSeconds() and SetTicks() methods only update their respective
fields and do not touch the authoritative bit. If the authoritative
bit happens to be set from stack garbage, the timestamp may be
incorrectly considered greater than another valid timestamp.
This caused intermittent failures in Nexus test 1.1.9.2.4 and others,
where a MGMT_ACTIVE_SET.req with an old timestamp was incorrectly
accepted by the Leader instead of being rejected.
This commit adds explicit Clear() calls to all MeshCoP::Timestamp
declarations in the affected Nexus tests to ensure they are properly
initialized.
This commit adds `MatchesKey()` method to `Dns::TxtEntry` class to
check if the entry's key matches a given key string using a
case-insensitive string comparison.
The new method properly handles the case where the entry's key is
`nullptr` (which can happen when the key is longer than the
recommended max length). It simplifies the TXT entry parsing logic in
`BorderAgent` and `Trel::PeerDiscoverer`.
The unit tests for `Dns::TxtEntry` are also updated to verify the new
method.
This commit updates the DNS name compression setting to be a
per-instance property rather than a global static variable.
The `otDnsSetNameCompressionEnabled()` and
`otDnsIsNameCompressionEnabled()` C APIs are updated to take an
`otInstance` pointer. Internally, the `Instance` class now uses the
`mDnsNameCompressionEnabled` member variable instead of the static
`sDnsNameCompressionEnabled`.
Additionally, this commit enforces that DNS name compression cannot
be disabled when the OpenThread mDNS module is active. The
`otDnsSetNameCompressionEnabled()` function now returns an `otError`
and will return `OT_ERROR_NOT_CAPABLE` if a user attempts to disable
compression while mDNS is enabled. When the mDNS module is enabled,
it automatically sets name compression to true.
The CLI command and related documentation are updated to reflect
these changes.
This commit moves all methods belonging to the `CoapBase::PendingRequests`
class into a dedicated section in `coap.cpp`. Recent PRs #12421 and #12527
introduced this class and shifted many methods into it, but kept them in
their original file locations to maintain reviewable `git` diffs. This
update completes the reorganization for better code structure without
any functional changes.
This commit renames all nexus test files and updates corresponding
configuration and source files to include a '1_1_' prefix.
The '1_1' prefix represents the Thread 1.1 test plan. This change
prepares the nexus test suite for the addition of tests from the
Thread 1.2, 1.3, and 1.4 test plans, ensuring a clear and organized
structure for multi-version specification testing.
Changes include:
- Renaming test_<num>.cpp to test_1_1_<num>.cpp.
- Renaming verify_<num>.py to verify_1_1_<num>.py.
- Updating CMakeLists.txt to reflect new test names.
- Updating run_nexus_tests.sh for default tests and variants.
- Updating hardcoded JSON output filenames in C++ test sources.
- Updating testcase name identification in Python verification
scripts.
This fixes the issue that the CLI CoAP server application was not
sending a Block1 option in its final 2.04 response for PUT/POST
methods. The CoAP CLI code is restructured to be more generic,
i.e. allow for NON-confirmable blockwise transfers as well as prepare
for a (future) update that supports the use of Block1/Block2
simultaneously in a POST transaction. Current code is updated to send
5.01 Not Implemented in case an (external) CoAP client would attempt
POST with both Block options together.
The number of returned blocks for this (demo) CLI is also raised to 3,
the minimum to see a start block, middle block and final block; which
is more useful for testing.
Closes#12559
This commit addresses several issues in the Nexus verification scripts
to improve test reliability and prevent runtime errors.
- Fixed a TypeError caused by NullField in MLE command checks. When
p.mle.cmd returns a NullField, it is unhashable and fails when checked
against a set or list (e.g., 'p.mle.cmd in { ... }'). A truthiness
check for p.mle.cmd was added to verify_5_6_4.py, verify_5_6_5.py,
verify_6_2_2.py, and verify_7_1_5.py.
- Improved verify_6_2_2.py robustness:
- Wrapped must_not_next() checks within 'with pkts.save_index()' to
ensure the packet iterator remains at the correct position after
verifying the absence of specific messages.
- Refactored MLE command filtering into a helper function for better
readability and consistency.
- Updated connectivity checks to allow filtering by ROUTER_1_RLOC16
and specifically look for WPAN Data Requests.
- Cleaned up verify_5_6_4.py by replacing the explicit 'nullField'
comparison with a more idiomatic truthiness check.
This commit addresses an intermittent failure in Nexus test 9.2.6
where Step 18 (MGMT_PENDING_SET.req) was occasionally not found.
The failure occurred because the verification script started
searching for the MGMT_PENDING_SET.req packet from index12. In the
simulated Nexus environment, packet capture order from different
nodes can occasionally vary slightly when events occur at nearly
the same simulation time.
The fix expands the search range by starting from index9 (the
Leader's initial update), ensuring that the MGMT_PENDING_SET.req
packet is correctly identified regardless of minor capture order
variations. Since the URI is unique to this part of the test, this
remains a precise filter.
Additionally, this change ensures the global packet index moves
forward correctly by taking the maximum of all relevant child
filter indices.
This commit introduces new helper methods in the `Tmf::Agent` class
(`SendMessageTo()`, `SendMessageToRloc()`, `SendMessageToLeaderAloc()`,
and `SendMessageAllowMulticastLoop()`) to simplify the transmission of
TMF messages.
Previously, callers of `Tmf::Agent::SendMessage()` were required to
manually configure a `Tmf::MessageInfo` object with the appropriate
socket and peer address information before sending a message. This led
to repetitive code across the various modules utilizing TMF.
By incorporating these address resolution and message info preparation
steps directly into `Tmf::Agent`, this change significantly reduces
boilerplate code. All existing calls to `SendMessage()` have been
updated to use the new flavors.
This commit increases the kMergeWaitTime from 300 to 350 seconds in
Nexus test 5.5.4.1.
Detailed analysis of debug logs during intermittent failures showed
that the MLE partition merge process could take up to 250 seconds in
some scenarios, leaving very little margin with the previous 300-second
timeout. Increasing the timeout to 350 seconds provides a more robust
buffer for the network to stabilize and for partitions to merge before
the final connectivity verification.
The fix was verified by running 200 consecutive iterations of the test
without any failures.
This commit fixes an intermittent failure in Nexus test 5.6.6 by ensuring
that the OnMeshPrefixConfig object is properly initialized before use.
The OnMeshPrefixConfig object is declared on the stack and, if not
explicitly cleared, may contain garbage values in its bit-fields (such
as mDhcp or mPreference). This can cause the subsequent call to
AddOnMeshPrefix() to fail its IsValid() check, resulting in a
kErrorInvalidArgs error and a test failure.
Changes:
- Call config.Clear() after declaring the OnMeshPrefixConfig object
in tests/nexus/test_5_6_6.cpp to ensure all fields are initialized
to zero.
This aligns the test implementation with other Nexus tests and improves
the robustness of the test suite in simulation environments.
Verified to pass in the Nexus simulation environment.
This commit removes the certification test scripts in
tests/scripts/thread-cert/ that have been successfully migrated to
the Nexus test framework.
The following tests were migrated and are now available as Nexus
tests under tests/nexus/:
- 5.8.2, 5.8.3, 5.8.4
- 9.2.1 through 9.2.19
Migrating these tests to Nexus provides faster execution, better
reliability, and easier debugging compared to the old
simulation-based scripts.
This commit fixes an intermittent failure in Nexus test 9.2.14 caused by RLOC16 conflicts between independent partitions in the simulation.
When two independent partitions occasionally share the same RLOC16, the packet verification script could incorrectly match a MGMT_PANID_CONFLICT response from the wrong network, leading to out-of-order matching and PacketNotFound errors.
The fix adds a filter to the MGMT_PANID_CONFLICT verification steps to ensure the Channel Mask TLV matches the specific conflict being reported (Channel 20). This uniquely identifies the correct packet even if RLOC16s overlap.
Implementation details:
- tests/nexus/verify_9_2_14.py: Added filtering for the exact Channel Mask TLV value using a defined `CONFLICTING_CHANNEL_MASK` bytes constant in Step 3 and 5.
- Fixed a type mismatch by converting the constant to a `bytes` object and added documentation for the big-endian channel bitmask mapping.
The fix has been verified with 200 successful test runs in the Nexus simulation environment.
Update `Publisher::Entry::UpdateState()` to support quickly removing
a published entry when the desired number of entries is explicitly
set to zero. In this case, we bypass the random removal delay and
remove the entry immediately. This situation helps with SRP/DNS
unicast entries, where if any service data unicast or anycast entry
is seen, we set the desired number to zero and want to quickly
remove any previously added server data unicast entry.
This commit adds Nexus test case 9.2.12 which verifies that networks
on different channels and having different PAN IDs can merge using
the MLE Announce command.
Implementation details:
- tests/nexus/test_9_2_12.cpp: C++ test execution logic. Implements
the 9.2.12 spec using direct core calls. Configures two distinct
partitions with different PAN IDs and channels, then triggers
an MLE Announce process via the Commissioner to merge them.
- tests/nexus/verify_9_2_12.py: PCAP verification script. Verifies
MGMT_ANNOUNCE_BEGIN.ntf, multi-channel MLE Announces, and MLE
Child ID Requests during re-attachment. Includes verification of
MLE layer security and Key Identifier Mode for Announce messages.
- tests/nexus/verify_utils.py: Added support for MLE auxiliary
security header fields in pktverify.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_12 target.
- tests/nexus/run_nexus_tests.sh: Added 9_2_12 to default test list.
This commit adds Nexus test case 9.2.19 which verifies that the DUT
can properly get Pending Operational Dataset parameters using the
MGMT_PENDING_GET.req command.
It also addresses review comments and improves the robustness of IPv6
address verification across several Nexus tests.
Implementation details:
- tests/nexus/test_9_2_19.cpp: Implemented the test procedure. Fixed
incorrectly escaped newline characters.
- tests/nexus/test_9_2_3.cpp: Fixed incorrectly escaped newline
characters.
- tests/nexus/verify_utils.py: Added a robust helper function
'is_leader_aloc_or_rloc' using the 'ipaddress' module to identify
Leader ALOC and RLOC addresses by their IID.
- tests/nexus/verify_9_2_19.py, tests/nexus/verify_9_2_3.py,
tests/nexus/verify_9_2_5.py: Replaced fragile string-slicing and
duplicated code with the shared helper in 'verify_utils.py'.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_19 target.
- tests/nexus/run_nexus_tests.sh: Added 9_2_19 to the test list.
The tests have been verified to pass in the Nexus simulation
environment.
This commit adds Nexus test 9.2.9 which verifies synchronization of
Pending Operational Datasets when two network partitions merge.
The implementation covers:
- Formation of a single partition with Commissioner, Leader, and two
Routers in a LINE topology.
- Initial Pending Operational Dataset configuration via Commissioner.
- Partition split using RF isolation and subsequent dataset updates
in both partitions.
- Verification of dataset synchronization (Active and Pending) during
partition merge per Thread specification 8.4.3.5.
- Validation of network connectivity (ICMPv6 Echo) after synchronization.
Implementation details:
- tests/nexus/test_9_2_9.cpp: C++ test execution logic. Implements the
36-step test specification using direct core calls. Uses a LINE
topology and adjusted timing parameters for partition stability.
- tests/nexus/verify_9_2_9.py: Python pcap verification script. Uses
non-linear searching to handle interleaved post-merge updates and
detailed TLV-level verification for MLE and CoAP messages.
- tests/nexus/verify_utils.py: Updated meshcop timestamp parsing to
support multiple occurrences in a single packet.
- tests/nexus/verify_9_2_11.py: Updated to match timestamp parsing
changes in verify_utils.py.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_9 target.
- tests/nexus/run_nexus_tests.sh: Added 9_2_9 to default test list.
This commit adds a new Nexus test case 9.2.18 that verifies the
rollback of the Active Timestamp via the Pending Operational Dataset
when a new Network Master Key is included.
Changes include:
- Implementation of test 9.2.18 in C++ using direct method calls.
- Implementation of verification script for 9.2.18 in Python.
- Extension of Nexus Core to support exporting multiple network keys.
- Update to verification utilities to handle multiple network keys.
- Addition of test 9.2.18 to the default Nexus test list.
- Fixes to Commissioner and Leader initialization in the Nexus test.
- Addition of AddNetworkKey() to Core to register keys for export.
- Update to SaveTestInfo() to export 'network_keys' list in JSON.
- Robust handling of multiple decryption keys in verify_utils.py.
This commit fixes improper argument usage for SPINEL_DATATYPE_DATA_WLEN_S,
SPINEL_DATATYPE_DATA_S, SPINEL_DATATYPE_EUI64_S, and SPINEL_DATATYPE_UTF8_S
in Logger::LogSpinelFrame.
Key changes:
- Use pointer-to-pointer for data and unsigned int pointer for length
when using spinel_datatype_unpack with data types.
- Switch to spinel_datatype_unpack_in_place() when unpacking into local
buffers or structures (e.g., for EUI-64 addresses and MAC keys).
- Remove redundant length arguments for SPINEL_DATATYPE_UTF8_S.
- Refactor SPINEL_PROP_RCP_MAC_KEY to use otMacKey and in-place unpacking.
These fixes prevent potential crashes, stack corruption, and incorrect
data parsing in the Spinel logging utility.
This commit adds Nexus test case 9.2.17 which verifies the behavior of
an orphaned end device as it searches for a new parent using MLE
Announce messages.
Implementation details:
- tests/nexus/test_9_2_17.cpp: C++ test execution logic. Implements the
3-node topology (Leader_1, Leader_2, ED_1) using direct method calls.
Manages RF isolation by manipulating the Mac Filter AllowList. Sets
log level to note. Uses MED mode for the DUT to enable MLE Announce
behavior. Also explicitly sets the channel mask for Leader_2 for
robustness.
- tests/nexus/verify_9_2_17.py: PCAP verification script. Verifies
initial MLE Advertisements on separate channels, DUT sending MLE
Parent Requests on the primary channel, followed by MLE Announce
on the secondary channel. Verifies Leader_2 sending MLE Announce on
the primary channel and DUT successfully attaching to Leader_2.
- tests/nexus/run_nexus_tests.sh: Added 9_2_17 to default test list.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_17 target.
- Included full test specification as inline comments in both C++ and
Python code.
This commit fixes the problem where OpenThread mDNS responder always
sends responses to port 5353, ignoring the source port of the query.
According to RFC 6762, a mDNS responder should support one-shot
multicast DNS queries by sending the response to the source address
and source port of the query.
Changes:
- Captured the actual source port from incoming queries in Simulation
and POSIX platforms.
- Updated otPlatMdnsSendUnicast in Simulation platform to use the
provided destination port.
- Verified that legacy unicast responses correctly cap TTL to 10
seconds as required by RFC 6762 section 6.7.
This commit adds Nexus test 9.2.16 which verifies synchronization of
Active and Pending Operational Datasets between nodes during attach.
The test case implementation covers:
- Formation of a network with Commissioner, Leader, and Router_1.
- Initial attachment of Router_2 (DUT) to synchronization datasets.
- Dataset updates (Pending and Active) via Commissioner while DUT is
powered down, including PAN ID and Mesh-Local Prefix changes.
- Verification that DUT synchronizes both datasets correctly upon
reattaching to the network with a new PAN ID.
- Validation of network connectivity (ICMPv6 Echo) after the dataset
migration and reattachment.
Implementation details:
- tests/nexus/test_9_2_16.cpp: C++ test execution using direct method
calls. Sets log level to note. Uses AllowList for topology control.
- tests/nexus/verify_9_2_16.py: Python pcap verification script.
Implements robust filtering for CoAP and MLE messages.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_16 target.
- tests/nexus/run_nexus_tests.sh: Added 9_2_16 to default test list.
This commit adds Nexus test case 9.2.13 which verifies that the Thread
device properly accepts and processes Energy Scan Requests and sends
the corresponding Energy Scan Reports.
Implementation details:
- tests/nexus/test_9_2_13.cpp: C++ test execution logic. Implements
the 9.2.13 spec using direct core calls. Manages two separate
networks (Network 1 on channel 11 and Network 2 on channel 12).
Configures a topology with Leader, Commissioner, Router, and FED
nodes in Network 1, and Leader and SED nodes in Network 2.
- tests/nexus/verify_9_2_13.py: PCAP verification script. Verifies
unicast and multicast MGMT_ED_SCAN.qry messages and the resulting
MGMT_ED_REPORT.ans responses. Uses strict CoAP URI path and ICMPv6
type filtering.
- tests/nexus/platform/nexus_core.hpp/cpp: Added an optional leader
node parameter to SaveTestInfo() to allow specifying which network
partition information (like Network Key and Mesh-Local Prefix)
should be exported to the JSON file for verification. This ensures
correct packet dissection in multi-partition test scenarios.
- tests/nexus/run_nexus_tests.sh: Added 9_2_13 to default test list.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_13 target.
This commit fixes and stabilizes Nexus test case 9.2.7. It ensures full
compliance with the test specification and improves resilience against
timing variations in the simulated environment.
Changes:
- tests/nexus/test_9_2_7.cpp: Corrected the node sending the pending
dataset update in Step 11 to the Router, matching the spec. Ensured the
full Pending Operational Dataset is included in the request. Fixed
misleading comments regarding timestamp values and ensured Step 11 uses
a strictly higher active timestamp than Step 5.
- tests/nexus/verify_9_2_7.py: Relaxed delay timer verification slack to
improve test stability. Added explicit checks for Active and Pending
Timestamps in multicast MLE Data Responses. Corrected expected timestamp
values and comments.
This commit fixes flakiness in Nexus test 7.1.4 by addressing a race
condition in the packet verification script.
The verification logic previously advanced the global packet index
after identifying the Border Router's multicast MLE Data Response.
However, if a child (MED_1) sent its Child Update Request slightly
before the multicast response was processed or captured in that
specific order, the verification script would miss it because the
index had already moved forward.
The fix refactors 'verify_7_1_4.py' to use 'pkts.copy()' for major
verification blocks (Steps 5 through 8). This ensures that each step
searches from a consistent base index, making the verification robust
against variations in packet delivery and capture order.
Additionally, this commit:
- Extracts the duplicated Child Update Request/Response exchange
logic into a helper function '_verify_child_update_exchange' to
improve code reuse and maintainability.
- Adds a destination filter to Step 7 to improve verification
specificity for SED_1 notifications.
This commit adds Nexus test case 9.2.15 which verifies the
synchronization of a Pending Operational Dataset between an attaching
Router and an existing Router.
Implementation details:
- tests/nexus/test_9_2_15.cpp: Implemented the test procedure using
direct core method calls. Sets node connectivity via AllowList and
log level to note. Implements power-down simulation by stopping MLE
and bringing down the network interface. Extracted MGMT_PENDING_SET
logic into a SendPendingSet helper function for better maintainability.
- tests/nexus/verify_9_2_15.py: Implemented robust verification logic
to validate end-to-end CoAP MGMT_PENDING_SET and MGMT_ACTIVE_GET
messages, along with MLE Parent Request/Response and Child ID
Request/Response exchanges.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_15 target to the build
configuration.
- tests/nexus/run_nexus_tests.sh: Added 9_2_15 to the default test list.
This commit adds Nexus test case 9.2.14 which verifies that the DUT
properly accepts and processes PAN ID Query requests and responds
when a conflict is found.
Implementation details:
- tests/nexus/test_9_2_14.cpp: C++ test execution logic. Implements
a 4-node topology (Leader_1, Router_1, Commissioner, Leader_2).
Leader_2 forms a separate network on a secondary channel with the
same PAN ID. Test uses direct core method calls and sets log level
to note.
- tests/nexus/verify_9_2_14.py: Python pcap verification script.
Verifies MGMT_PANID_QUERY requests (unicast and multicast) from
the Commissioner and MGMT_PANID_CONFLICT responses from Router_1.
Ensures correct TLVs are present in CoAP payloads.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_14 target.
- tests/nexus/run_nexus_tests.sh: Added 9_2_14 to default test list.
The test has been verified to pass in the Nexus simulation environment.
This commit removes calls to `SetSockPortToTmf()` from the Border
Agent prior to sending messages via `Tmf::Agent`. Setting the
local socket port is unnecessary because the `Tmf::Agent` is already
bound to the TMF port number when sending CoAP messages.
Additionally, since these removals eliminate the last uses of the
`SetSockPortToTmf()` method within the codebase, the method itself
has been completely removed from `Tmf::MessageInfo` class to clean up
dead code.
This commit adds Nexus test 9.2.11 which verifies the Leader's
management of the Delay Timer during Pending Dataset updates.
The test case implementation covers:
- Formation of a network with Leader (DUT), Commissioner, Router,
MED, and SED.
- Simulation of MGMT_PENDING_SET.req via otDatasetSetPending on the
Leader node.
- Verification of multicast MLE Data Responses triggered by dataset
updates.
- Propagation of Pending Operational Dataset information across the
network.
- Validation of network stability and connectivity (ICMPv6 Echo)
across long wait periods defined by the Delay Timer.
Stable network timing and polling parameters were adjusted to ensure
reliable execution in the Nexus simulation environment.
Files modified:
- tests/nexus/test_9_2_11.cpp: C++ test execution logic.
- tests/nexus/verify_9_2_11.py: Python pcap verification script.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_11 target.
- tests/nexus/run_nexus_tests.sh: Added 9_2_11 to the test list.
This commit adds Nexus test case 5.8.4 which verifies the Security Policy
TLV bits (O, N, R, B) being disabled and the resulting network behavior.
Implementation details:
- tests/nexus/test_5_8_4.cpp: Implemented the test procedure using
direct core method calls. The test procedure implements all 20 steps
from the specification with cumulative Security Policy bit updates.
Removed unused constant kExternalCommissioningMask to fix build error.
- tests/nexus/verify_5_8_4.py: Implemented robust Python verification
logic that handles out-of-order packets and verifies individual
Security Policy and Discovery Response bits.
- tests/nexus/verify_utils.py: Enhanced the parser to support granular
Security Policy bits and Discovery Response Native Commissioning bit.
Replaced magic numbers with constants and registered additional
Security Policy flags (C, e, p) for completeness.
- tests/nexus/platform/nexus_core.cpp: Refactored SaveTestInfo to
use the Leader node as the authoritative source for network keys
and prefixes, ensuring correct decryption in verification scripts.
- Included full test specification as inline comments in both C++ and
Python code.
This commit adds Nexus test case 9.2.10 which verifies that the Thread
device maintains a delay timer after partitioning.
Implementation details:
- tests/nexus/test_9_2_10.cpp: C++ test execution logic. Implements the
5-node topology (Commissioner, Leader, Router_1, MED_1, SED_1) using
direct method calls. Manages RF isolation by manipulating the Mac Filter
AllowList. Sets log level to note.
- tests/nexus/verify_9_2_10.py: PCAP verification script. Verifies
MGMT_PENDING_SET.req/rsp, MLE Data Response dissemination, and
network-wide channel/PAN ID migration across partitions.
- tests/nexus/run_nexus_tests.sh: Added 9_2_10 to default test list.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_10 target.
This commit fixes occasional failures in Nexus test 7.1.8 by making
the verification script more robust against interleaved packets.
The implementation details:
- tests/nexus/verify_7_1_8.py: Refactored Step 3 to use separate
filter copies to find the Leader's MLE Data Response and CoAP ACK
independently of their order.
- Correctly updated the main packet filter index to ensure that
subsequent verification steps proceed from the point after both
packets have been identified.
This commit adds Nexus test case 9.2.8 which verifies that the Leader
correctly manages and persists both Active and Pending Operational
Datasets, including behavior across node re-attachments.
Implementation details:
- tests/nexus/test_9_2_8.cpp: C++ test execution logic. Implements
the 9.2.8 spec using direct core calls. Simulates power down using
Node::Reset() to verify parameter persistence across a full stack
re-initialization. Standardized node initialization by removing
explicit extended address and network key configuration, relying on
platform defaults and GenerateRandom(). Aligned leader startup to use
Up() and Start() for consistency with other tests.
- tests/nexus/verify_9_2_8.py: PCAP verification script. Verifies
MGMT_PENDING_SET.req/rsp, MGMT_ACTIVE_SET.req/rsp, and MLE
dissemination. Uses relaxed address filtering to handle short
address usage in Child ID Requests. Updated to use constants from
pktverify.consts. Improved verification robustness by checking
each DUT individually for re-attachment and connectivity.
- tests/nexus/verify_utils.py: Added support for parsing Pending
Timestamp and Delay Timer TLVs in CoAP payloads. Patched pktverify
to support wpan_tap layer for channel verification.
- tests/nexus/run_nexus_tests.sh: Added 9_2_8 to default test list.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_8 target.
This commit updates GEMINI.md to include instructions for building and
running Nexus tests. Nexus is a test framework that enables faster and
more scalable network simulations within a single process.
The updated documentation provides:
- A brief overview of the Nexus test framework.
- The command to build Nexus tests using 'tests/nexus/build.sh'.
- Commands to run all Nexus tests or a specific test using
'tests/nexus/run_nexus_tests.sh'.
- A reference to 'tests/nexus/README.md' for further details.
This commit updates `Manager::SendBackboneAnswer()` to use
`Coap::Message::InitAsPost()`, which automatically determines the
CoAP message type (Confirmable vs. Non-Confirmable) based on whether
the destination address is multicast. This simplifies the code and
removes the need for the local `proactive` boolean variable.
This commit updates `AddressResolver::SendAddressError()` to accept the
destination address as a `const Ip6::Address &` instead of a pointer.
This allows the implementation to be simplified by using
`Coap::Message::InitAsPost()`, which automatically determines the
CoAP message type (confirmable vs. non-confirmable) based on whether
the destination address is multicast.
All callers of `SendAddressError()` are updated accordingly. When
sending to all routers, `GetRealmLocalAllRoutersMulticast()` is now
explicitly passed.
This commit introduces a new set of logging macros, `LogCritOnError`,
`LogWarnOnError`, `LogNoteOnError`, `LogInfoOnError`, and
`LogDebgOnError`, to provide a consistent and streamlined way to log
errors across the codebase.
The new macros automatically prepend "Failed to " and append the error
string (using `ErrorToString()`) to the log message, reducing
boilerplate code and ensuring a uniform log format. These macros only
emit a log if the provided `Error` is not `kErrorNone`.
This change improves code readability and maintainability by
consolidating error logging logic into the logging framework.
This commit enhances the `batracker agents` command to display parsed,
human-readable information from the Border Agent TXT data by default.
This allows users to easily inspect the Border Agent State Bitmap
(Connection Mode, Thread Interface Status, Availability, Role, etc.)
and other fields like Thread Version, Network Name, Vendor Name,
or Vendor Model without manually decoding the raw bytes.
The `rawtxt` argument is introduced to optionally display the TXT data
in the raw key/value pair format.
To support this, new public APIs are added to convert Border Agent
State Bitmap enum values to their string representations.
This commit adds Nexus test 9.2.7 and improves the pktverify framework
to correctly handle Thread timestamp parsing.
The implementation includes:
- tests/nexus/test_9_2_7.cpp:
- C++ execution logic using direct core method calls.
- Implements a real Commissioner session to correctly authorize
Dataset updates.
- Documents a deviation in Step 5 where the Active Timestamp is set
to 15s (instead of 20s) to satisfy strictly increasing timestamp
requirements for subsequent steps.
- tests/nexus/verify_9_2_7.py:
- Python verification with strict field checks for timestamps and
timers.
- Handles interleaved traffic using save_index().
- Updates verification logic to accommodate timer decrements.
- Integration:
- tests/nexus/CMakeLists.txt: Added nexus_9_2_7 target.
- tests/nexus/run_nexus_tests.sh: Added 9_2_7 to default test list.
The pktverify fixes include:
- tests/scripts/thread-cert/pktverify/layer_fields.py:
- Added _thread_timestamp parser to handle raw 8-byte Thread timestamps,
avoiding fragility and timezone issues associated with date string
parsing.
- Fixed _auto parser to use calendar.timegm() for UTC date strings
instead of time.mktime(), ensuring correct epoch values regardless
of the local system timezone.
- Mapped active and pending timestamp fields to use the new
_thread_timestamp parser.
This commit updates 'tests/nexus/README.md' to provide detailed
instructions on how to build and run the Nexus tests, including
the recently added automated testing and packet verification
scripts.
Changes:
- Added instructions for building TREL tests using 'build.sh trel'.
- Added a section on automated testing and packet verification
using the 'run_nexus_tests.sh' script.
- Explained how to run individual C++ tests and Python verification
scripts manually.
- Clarified the usage of topology names and JSON output filenames
as arguments for Nexus C++ tests.
This commit fixes intermittent failures in Nexus test 7.1.7 by
improving test stability and making the verification script more
robust.
Implementation details:
- tests/nexus/test_7_1_7.cpp: Added a 500ms external poll period for
SED_1 to ensure it remains active and reachable during the test.
Replaced the magic number with a named constant `kSedPollPeriod`.
Added a stabilization delay after Step 17 to ensure network data
updates are fully propagated.
- tests/nexus/verify_7_1_7.py: Added source filtering for the Leader
(DUT) in network data update checks to avoid matching packets from
other nodes. Used Border Router sub-TLV count checks to reliably
distinguish between initial prefix additions and subsequent
removals. Improved CoAP ACK verification to handle interleaved
packets and ensure correct destination filtering. Refactored
verification chains to follow project-specific formatting standards.
This commit adds Nexus test case 9.2.6 which verifies that the Leader
properly collects and disseminates Active and Pending Operational
Datasets through the Thread network.
Implementation details:
- tests/nexus/test_9_2_6.cpp: C++ test execution logic. Includes both
MED_1 and SED_1 in the topology to simultaneously verify
dissemination to different child types in a single run. Uses direct
core calls and sets a 500ms external poll period for SED_1.
- tests/nexus/verify_9_2_6.py: PCAP verification script. Implements
robust MLE and CoAP filtering to handle short address usage and out-
of-order packet delivery. Includes monkey-patching for MeshCoP TLV
parsing in CoAP. Improved MGMT_PENDING_SET filter robustness and
removed full range reset in Step 18.
- tests/nexus/verify_9_2_4.py: Fixed regressions in MGMT_ACTIVE_SET
verification logic introduced during refactoring.
- tests/nexus/verify_utils.py: Added support for parsing
mesh_local_prefix and NM_FUTURE_TLV in CoAP payloads.
- tests/scripts/thread-cert/pktverify/consts.py: Added NM_FUTURE_TLV.
- tests/nexus/run_nexus_tests.sh: Added 9_2_6 to default test list.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_6 target.
This commit updates `PendingRequests::HandleTimer()` and
`PendingRequests::AbortAllMatching()` to perform request finalization
(which invokes user callbacks) outside of the main loop iterating over
the `mRequestMessages` queue.
Iterating over `mRequestMessages` while invoking user callbacks is
unsafe because the callback may modify the request queue (e.g., abort
other transactions), potentially invalidating the iterator. This change
protects against this by moving requests to be finalized into a separate
local `MessageQueue`. The requests in the local queue are then
finalized and freed after the main loop finishes.
This commit fixes intermittent failures in Nexus test 9.2.5 and aligns
its implementation and documentation with the authoritative test
specification.
Intermittent failures were caused by disruptive network identity
changes (Extended PAN ID and Network Name) that resulted in
inconsistent node detachment and re-attachment in the simulation.
Wait times and timeouts were adjusted to improve stability.
Changes:
- Updated operational dataset values in 'test_9_2_5.cpp' to match
'Cert_9_2_05_ActiveDataset.py'.
- Adjusted 'kResponseTime' and 'kEchoTimeout' for better reliability.
- Enhanced 'verify_9_2_5.py' to strictly verify all mandated TLV
types in 'MGMT_ACTIVE_SET.req' payloads.
- Aligned inline comments and print statements in both C++ and Python
files with the authoritative spec in 'test-9-2-5.txt'.
- Corrected a typo note in the Step 5 description as per the spec.
Test 9.2.4 could occasionally fail due to the random selection of
the initial channel by the Leader. If the randomly selected channel
matched the 'Secondary' channel (12) used in MGMT_ACTIVE_SET.req in
step 6, the request would be accepted instead of rejected, causing
a verification failure.
This commit fixes the issue by explicitly configuring the Leader's
initial Operational Dataset with a fixed set of parameters (Channel
11, PAN ID 0xABCD, etc.) that are guaranteed to be different from
the parameters tested in the MGMT_ACTIVE_SET.req steps.
The fix was verified by running the test 20 times in a loop without
any failures.
This commit replaces instances of IgnoreError with SuccessOrQuit in
several Nexus test files to ensure that errors from core methods are
properly handled and cause test failure if they occur.
Modified files:
- tests/nexus/test_5_1_5.cpp
- tests/nexus/test_5_1_9.cpp
- tests/nexus/test_5_1_10.cpp
- tests/nexus/test_5_6_4.cpp
- tests/nexus/test_6_1_5.cpp
- tests/nexus/test_7_1_2.cpp
- tests/nexus/test_7_1_8.cpp
This commit adds a new Nexus test case 9.2.5 which verifies the DUT's
behavior when receiving MGMT_ACTIVE_SET.req from an active Thread node.
The test ensures that the Leader (DUT) correctly processes updates to
Active Operational Dataset parameters and disseminates them via MLE.
The test implementation includes:
- tests/nexus/test_9_2_5.cpp:
- C++ execution logic using direct core method calls.
- tests/nexus/verify_9_2_5.py:
- Python script to verify pcap output against the test specification.
- Implements strict validation of CoAP payload TLVs and response states.
- Infrastructure improvements:
- tests/nexus/verify_utils.py: Added parsing for MeshCoP TLVs in CoAP.
- tests/scripts/thread-cert/pktverify/layer_fields.py: Fixed ISO timestamp
parsing for compatibility with newer tshark versions.
Currently, `KeyManager` generates and stores a random `NetworkKey` in its
constructor when `OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE` is
enabled. This invokes `StoreNetworkKey()`, which interacts with
`KeyRefManager`. Accessing other components during construction can be
unsafe if they are not yet fully initialized.
This commit introduces a `KeyManager::Init()` method to handle this
initialization. This method is called from `Instance::AfterInit()`,
ensuring that the `Instance` and all dependencies, such as
`KeyRefManager`, are fully constructed before the `KeyManager` attempts
to access them.
This commit adds Nexus test 9.2.4 which verifies that the Active
Operational Dataset can be updated via the Commissioner using
MGMT_ACTIVE_SET.req.
The test implementation includes:
- test_9_2_4.cpp: C++ test execution for both Topology A (DUT as
Leader) and Topology B (DUT as Commissioner). It performs 22
steps, including various validation cases for MGMT_ACTIVE_SET.req
(invalid TLVs, old timestamps, invalid session ID, steering data,
and future TLVs).
- verify_9_2_4.py: Python script to verify the pcap output from the
test against the specification. It includes a custom CoAP TLV
parser to handle MeshCoP TLVs.
Key implementation details:
- Use direct method calls instead of OpenThread public APIs.
- Configure node connectivity using AllowList between Leader and
Commissioner.
- Set log level to 'note' for detailed output.
- Include full test specification as inline comments in both C++
and Python code.
- Added 9_2_4 to CMakeLists.txt and the default test list in
run_nexus_tests.sh.
This commit adds a new Nexus test case 7.1.7 which verifies that
network data is properly updated when a server (Border Router)
leaves and rejoins the network with modified information.
The test verifies that:
- The Leader (DUT) correctly processes CoAP Server Data
Notifications from two Border Routers.
- The Leader multicasts updated network data to neighbors and MEDs.
- The Leader sends unicast updates (Child Update Request or Data
Response) to SEDs.
- When a Border Router (Router 2) leaves and starts its own
partition, then rejoins with a new prefix (Prefix 2), the Leader
correctly updates the network data and disseminates it.
- Connectivity is maintained via ICMPv6 Echo Requests to addresses
based on the new prefixes.
- When a prefix is removed, the network data is correctly updated.
Summary of changes:
- Created tests/nexus/test_7_1_7.cpp:
- Implements test logic using direct core method calls.
- Sets log level to note.
- Configures AllowList for specified links (Leader-Router1,
Leader-Router2, Leader-MED1, Leader-SED1).
- Includes 1-line log outputs for each test step.
- Adheres to block comment formatting and 120-char line limits.
- Created tests/nexus/verify_7_1_7.py:
- Implements pcap-based verification of PASS criteria.
- Validates prefix updates and disseminations.
- Follows Python filter formatting style and 120-char limits.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 7_1_7 to the
default test list.
This commit adds a new Nexus test case for 'Getting the Active
Operational Dataset' (9.2.3) as specified in the Thread test
specification.
The test verifies that the active Commissioner can read Active
Operational Dataset parameters direct from the Leader using the
MGMT_ACTIVE_GET.req command, and that the Leader responds correctly
with the requested TLVs.
Summary of changes:
- Implemented Nexus test 9.2.3:
- Added tests/nexus/test_9_2_3.cpp: Implements the test execution
for both Topology A (DUT as Leader) and Topology B (DUT as
Commissioner). Uses direct core method calls and sets log level
to note. Configures the link between Leader and Commissioner
using AllowList.
- Added tests/nexus/verify_9_2_3.py: PCAP verification script
validating the MGMT_ACTIVE_GET request/response handshake for
various payload configurations (empty, specific TLVs, and mixed
allowed/not-allowed TLVs).
- Enhanced MeshCoP TLV support in nexus test framework:
- Updated verify_9_2_3.py with a monkey-patch for CoapTlvParser
to support MeshCoP TLV Request (Get) TLVs.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 9_2_3 in the
default test list and expanded tests loop.
This commit fixes an intermittent failure in Nexus test 5.5.5. The
failure occurred when Router_1 performed a late upgrade from child to
router after re-attaching to the DUT. This caused a mismatch between
the RLOC16 in the captured ping packets and the RLOC16 saved in the
test info JSON at the end of the test.
Changes:
- Disabled router eligibility for Router_1 in test_5_5_5.cpp after it
becomes isolated. This ensures it remains a child of the DUT and
maintains a consistent RLOC16 for the duration of the test.
This commit enhances the `PendingRequest` class by moving more functionality
regarding the management of pending CoAP requests into this nested class
within `CoapBase`.
Specifically, this change moves the handling of the retransmission timer,
retransmission of requests, finalizing a request, and aborting all or a
subset of requests. This helps organize the code and simplifies the
`CoapBase` class implementation.
Updates `SetOffset()` to ensure the offset is always clamped to the
current message length. This guarantees that the offset remains valid
and does not exceed the message size.
Updates `MoveOffset()` to accept `int16_t` as the delta and ensures
the calculated new offset is clamped within `0` and
`NumericLimits<uint16_t>::kMax` before setting it.
Updates `SetLength()` to rely on the new `SetOffset()` behavior to
automatically adjust the offset when the message length is reduced.
This commit adds `DetermineLengthAfterOffset()` helper method to
`Message` which returns the number of bytes in the message from the
current offset to the end of the message. This pattern is commonly used
in many places to determine the remaining length of the payload.
This commit updates various core modules including MeshCoP, 6LoWPAN,
IPv6, TCP, and MeshForwarder to use this new helper.
This commit enhances the `Message::Clone()` method to support a custom
configuration. This allows callers to specify a different length and
reserved header size for the cloned message via the new overload
`Clone(uint16_t aLength, uint16_t aReserveHeader)`.
The existing `Clone()` overloads have been updated to utilize this new
configuration mechanism. Additionally, `Coap::Message::Clone()`
methods are updated to align with these changes.
A new unit test `TestCloning()` is added to `test_message.cpp` to
verify the behavior of `Clone()` with various configurations.
This commit adds a new Nexus test case 7.1.8 which verifies that
when global prefix information is set on a Full End Device (FED),
the DUT (Router) properly disseminates the associated network data.
It also verifies that the DUT sends revised server data information
to the Leader when the FED is removed.
The test setup uses:
- Leader: Forms the network.
- Router 1 (DUT): Attached to the Leader.
- FED 1: Attached to the DUT.
The test verifies that:
- FED 1 sends a CoAP Server Data Notification to the Leader after
prefixes (2001::/64 stable and 2002::/64 non-stable) are added.
- The Leader and DUT multicast MLE Data Responses containing the
new network data.
- When FED 1 is removed, the DUT unicasts a CoAP Server Data
Notification to the Leader containing only the removed server's
RLOC16.
Summary of changes:
- Created tests/nexus/test_7_1_8.cpp:
- Implements test logic using direct core method calls.
- Sets log level to note.
- Configures AllowList for specified links (Leader-Router1,
Router1-FED1).
- Includes 1-line log outputs for each test step.
- Adheres to requested block comment formatting and line length.
- Created tests/nexus/verify_7_1_8.py:
- Implements pcap-based verification of PASS criteria.
- Validates CoAP and MLE message exchanges.
- Follows requested Python filter and line length formatting.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 7_1_8 to the
default test list.
This commit adds Nexus test 5.6.9 which verifies that a router
properly forwards data packets to a Border Router based on
Network Data information.
The test implementation includes:
- test_5_6_9.cpp: C++ test execution that sets up the topology
using Leader, two Routers (one as DUT), a MED, and a SED. It
configures external routes and triggers ICMPv6 Echo Requests.
- verify_5_6_9.py: Python script to verify the pcap output
against the test specification.
Key implementation details:
- Use direct method calls instead of OpenThread APIs where
applicable.
- Configure node connectivity using AllowList.
- Set log level to 'note'.
- Follow specific comment and logging formats as required by the
nexus test framework.
- Avoid magic numbers by using constants for time and identifiers.
- Added 5_6_9 to CMakeLists.txt and run_nexus_tests.sh default list.
This commit adds a new Nexus test case for 'On Mesh Commissioner -
MGMT_COMMISSIONER_SET.req & rsp' (9.2.2) as specified in the Thread
test specification.
Summary of changes:
- Implemented Nexus test 9.2.2:
- Added tests/nexus/test_9_2_2.cpp: Implements the test execution
for Topology A (Leader DUT). The test verifies Leader's behavior
when receiving MGMT_COMMISSIONER_SET.req directly from the active
Commissioner, including validation of missing or invalid TLVs.
Uses MeshCoP::SteeringData and Tmf::MessageInfo for more idiomatic
implementation as per review feedback.
- Added tests/nexus/verify_9_2_2.py: PCAP verification script
validating the MGMT_COMMISSIONER_SET request/response handshake
and subsequent MLE Data Response.
- Enhanced MeshCoP TLV support in nexus test framework:
- Updated tests/nexus/verify_utils.py to robustly parse MeshCoP TLVs
(Commissioner Session ID, State, Steering Data, etc.) and handle
type overlaps with existing Diagnostic TLVs.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 9_2_2 in the
default test list.
This commit adds a new Nexus test case 7.1.6 which verifies network
data propagation when a Border Router leaves the network, rejoins,
and updates its server data.
The test verifies that when the DUT (Border Router) leaves, its
registered prefixes are removed from the network data after a timeout.
Upon rejoining and updating its server data, the test ensures that
the new prefixes are correctly propagated to other routers and
their children (MED and SED).
Summary of changes:
- Created tests/nexus/test_7_1_6.cpp:
- Implements the 17-step test specification.
- Handles DUT reset and rejoin as a Router (FED).
- Uses direct OpenThread core method calls.
- Configures AllowList for controlled topology.
- Addressed review comments by using more idiomatic `FromString()`
and removing redundant constants.
- Created tests/nexus/verify_7_1_6.py:
- Implements PCAP-based verification of the test steps.
- Validates prefix removal and subsequent propagation of updated
data.
- Uses non-sequential packet search for robust verification.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 7_1_6 in the
default test list.
This commit adds a new Nexus test case 5.6.7 which verifies that a
REED device (DUT) correctly identifies an outdated version of the
Network Data and automatically requests an update from its parent
after hearing an incremented Data Version in MLE Advertisements.
The test setup uses:
- Leader: Configured as a Border Router.
- Routers 1-15: Attached to the Leader to form a network with 16
active routers.
- REED 1 (DUT): Attached to Router 1.
The test verifies that:
- The DUT correctly handles RF isolation during Network Data updates.
- The DUT identifies the incremented Data Version in its parent's
(Router 1) MLE Advertisements.
- The DUT sends an MLE Data Request to its parent with a TLV Request
TLV for the Network Data TLV.
- The DUT receives the updated Network Data and subsequently
broadcasts its own MLE Advertisement with an incremented Data
Version in the Leader Data TLV.
Summary of changes:
- Created tests/nexus/test_5_6_7.cpp:
- Implements test logic using direct core method calls.
- Sets log level to note.
- Configures AllowList for specified links to create the
required topology.
- Includes 1-line log outputs for each test step.
- Created tests/nexus/verify_5_6_7.py:
- Implements pcap-based verification of PASS criteria.
- Follows requested Python filter formatting style.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 5_6_7 to the
default test list.
This commit implements a more robust mechanism to differentiate between
overlapping TLV types in CoAP payloads, specifically for TLV type 8,
which is used for both NM_STEERING_DATA_TLV (MeshCoP) and
DG_IPV6_ADDRESS_LIST_TLV (Diagnostic).
The logic previously relied solely on TLV length, which was fragile
and caused 16-byte Steering Data TLVs to be misinterpreted.
Key changes:
- Enhanced CoapTlvParser.parse() and CoapLayer to accept and pass the
CoapLayer instance as context during parsing.
- Added a 'uri_path' property to CoapLayer for easier access to the
CoAP URI path (recon).
- Updated thread_coap_tlv_parse in verify_utils.py to use the URI path
to correctly identify Diagnostic TLVs (if URI starts with '/d/') vs.
MeshCoP or other Thread TLVs.
- Updated verify_9_2_1.py monkey-patches to match the new parser
signature.
This commit adds a new Nexus test case for 'Network data expiration'
(5.6.6) as specified in the test specification.
The test verifies that network data is properly updated when deleting
a prefix or removing a server from the network.
Summary of changes:
- Implemented Nexus test 5.6.6:
- Added tests/nexus/test_5_6_6.cpp: Implements the test execution
including topology formation, on-mesh prefix configuration, and
silent power-off of a border router. The test uses direct method
calls, sets log level to note, and uses AllowList for
connectivity.
- Added tests/nexus/verify_5_6_6.py: PCAP verification script.
Validates CoAP Server Data notifications, MLE Data Responses,
and Child Update exchanges, ensuring correct network data
propagation and expiration.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 5_6_6 in the
default test list.
This commit adds a new Nexus test case 7.1.5 which verifies that the
DUT (Router) correctly sends a Server Data Notification CoAP frame when
a third global prefix is configured. It also verifies that the DUT
properly propagates the updated Network Data to its children (MED and
SED) and handles their address registration.
The test setup uses:
- Leader: Forms the network.
- Router 1 (DUT): Attached to the Leader. Acts as a Border Router with
three prefixes:
- Prefix 1 (stable)
- Prefix 2 (non-stable)
- Prefix 3 (stable)
- MED 1: Attached to the DUT, configured to require complete data.
- SED 1: Attached to the DUT, configured to request only stable data.
Summary of changes:
- Created tests/nexus/test_7_1_5.cpp:
- Implements test logic using direct core method calls.
- Sets log level to note.
- Configures AllowList for Router1-Leader, Router1-MED1, and
Router1-SED1 links.
- Sets poll period for SED 1 to ensure timely communication.
- Includes 1-line log outputs for each test step.
- Adheres to requested block comment formatting and line length.
- Created tests/nexus/verify_7_1_5.py:
- Implements pcap-based verification of PASS criteria.
- Validates selective prefix propagation based on child mode (MED
receives all prefixes, SED receives only stable prefixes 1 and 3).
- Verifies Server Data Notification and subsequent Child Update
exchanges.
- Follows requested Python filter formatting style.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 7_1_5 to the default
test list.
This commit adds a new Nexus test case 7.1.4 which verifies that
global prefix information can be set on the DUT (Router) after the
network is formed, and that the DUT correctly notifies the Leader
via CoAP and propagates the updated Network Data (stable/non-stable)
to its attached children (MED and SED).
The test setup uses:
- Leader: Already formed network.
- Router 1 (DUT): Attached to the Leader.
- MED 1: Attached to the DUT, requires complete network data.
- SED 1: Attached to the DUT, requests only stable network data.
The test verifies that:
- The DUT unicasts a CoAP Server Data Notification to the Leader
after prefixes (2001::/64 stable and 2002::/64 non-stable) are
added.
- The Leader multicasts the new network data.
- The DUT propagates the updated data to its children.
- MED 1 receives both prefixes and registers its addresses.
- SED 1 receives only the stable prefix (Prefix 1) and registers
its addresses.
Summary of changes:
- Created tests/nexus/test_7_1_4.cpp:
- Implements test logic using direct core method calls.
- Sets log level to note.
- Configures AllowList for specified links (Router1-Leader,
Router1-MED1, Router1-SED1).
- Includes 1-line log outputs for each test step.
- Adheres to requested block comment formatting.
- Created tests/nexus/verify_7_1_4.py:
- Implements pcap-based verification of PASS criteria.
- Validates selective prefix propagation based on child mode.
- Follows requested Python filter formatting style.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 7_1_4 to the
default test list.
This commit adds a new Nexus test case for 'Network data updates –
Router as BR' (5.6.5) as specified in the test specification.
The test verifies that the DUT, as Leader, properly updates and
disseminates network data after receiving new information from a
Router acting as a Border Router with three prefix configurations.
Summary of changes:
- Implemented Nexus test 5.6.5:
- Added tests/nexus/test_5_6_5.cpp: Implements test execution.
The test forms a network with a Leader (DUT), Router 1 (BR),
MED 1, and SED 1. It configures Router 1 as a BR with three
on-mesh prefixes and verifies the Leader disseminates this
information. The test uses direct method calls, sets log
level to note, and uses AllowList for connectivity.
- Added tests/nexus/verify_5_6_5.py: PCAP verification script.
Validates CoAP Server Data Notification, CoAP Response, MLE
Data Responses (multicast and unicast), and MLE Child Update
exchanges, ensuring all required TLVs and prefix information
are present.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 5_6_5 in
the default test list.
Renames LINK_LOCAL_All_THREAD_NODES_MULTICAST_ADDRESS to
LINK_LOCAL_ALL_THREAD_NODES_MULTICAST_ADDRESS and
REALM_LOCAL_All_THREAD_NODES_MULTICAST_ADDRESS to
REALM_LOCAL_ALL_THREAD_NODES_MULTICAST_ADDRESS across the test
scripts to ensure consistent ALL_CAPS_WITH_UNDERSCORES casing
for constants, adhering to PEP 8 and project conventions.
This commit adds a new Nexus test case for 'Commissioner -
MGMT_COMMISSIONER_GET.req & rsp' (9.2.1) as specified in the Thread
test specification.
Summary of changes:
- Implemented Nexus test 9.2.1:
- Added tests/nexus/test_9_2_1.cpp: Implements the test execution
for both Topology A (DUT as Leader) and Topology B (DUT as
Commissioner). The test verifies that MGMT_COMMISSIONER_GET
requests can retrieve the entire Commissioner Dataset or specific
TLVs.
- Added tests/nexus/verify_9_2_1.py: PCAP verification script.
Uses custom monkey-patching to correctly parse and verify MeshCoP
TLVs within CoAP payloads.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 9_2_1 in the
default list and handle its A/B topologies.
This commit implements otPlatDnssdStartSrvResolver and
otPlatDnssdStopSrvResolver to support service discovery on NCP.
This commit contains these changes:
* Add new spinel property for starting / stopping service resolver
* Implement encoding/decoding of the new property
* Add unit test for encoding/decoding
* Implement ncp version of dnssd platform API
otPlatDnssdStartSrvResolver and otPlatDnssdStopSrvResolver
* Add property handler to get resolver result on NCP side
* Add unit test to verify that the resolver callback is correctly
invoked after getting resolver result.
This commit adds `ReadAtAndAdvanceOffset()` to the `Message` class to
simplify reading data from the message at the current message offset
and then advancing the message offset. This pattern is commonly used
when processing message headers sequentially. The new method helps
reduce code verbosity and ensures the offset is always advanced by
the correct size.
The new helper is adopted in various core modules including DHCPv6,
IPv6, 6LoWPAN, MLE, and UDP processing.
This commit simplifies `IsPortInUse()` by using `LinkedList` helper
`ContainsMatching()` instead of manually iterating over the
list of sockets. A `SocketHandle::Matches(uint16_t aSockPort)`
is added to support this.
This commit adds a new Nexus test case for 'Network data propagation –
Router as Border Router' (5.6.4) as specified in the test
specification.
Summary of changes:
- Implemented Nexus test 5.6.4:
- Added tests/nexus/test_5_6_4.cpp: Implements the test execution
for the DUT acting as a Border Router. The test verifies that
prefixes added by the DUT are properly propagated to Router 1
and its children (MED and SED). The test uses direct method
calls, sets log level to note, and uses AllowList for
connectivity.
- Added tests/nexus/verify_5_6_4.py: PCAP verification script.
Validates the propagation of stable and non-stable prefixes
via MLE Data Response messages from Router 1 to its children,
and verifies subsequent Child Update Request/Response
exchanges for address registration.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 5_6_4 in the
default test list.
This commit adds a new Nexus test case 7.1.3 which verifies that global
prefix information can be set on the DUT (Leader) and that the DUT
correctly sets and propagates the Network Data (stable/non-stable) to
neighbors and children in an already formed network.
The test setup uses a Leader (DUT) configured as a Border Router with
both stable (2001::/64) and non-stable (2002::/64) prefixes. It
verifies that neighbors and MED_1 (requesting complete data) receive
both prefixes via MLE Data Response, while SED_1 (requesting only
stable data) receives only the stable prefix via MLE Child Update
Request.
Summary of changes:
- Created tests/nexus/test_7_1_3.cpp:
- Implements test logic using direct core method calls.
- Sets log level to note.
- Configures AllowList for Leader-Router1, Leader-MED1, and
Leader-SED1 links.
- Includes 1-line log outputs for each test step.
- Adheres to requested block comment formatting.
- Created tests/nexus/verify_7_1_3.py:
- Implements pcap-based verification of PASS criteria.
- Validates selective prefix propagation based on child mode.
- Verifies MLE Child ID and Child Update exchanges.
- Follows requested Python filter formatting style.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 7_1_3 to the
default test list.
This commit adds a new Nexus test case 5.6.3 which verifies that
the DUT, as a Router, correctly collects network data information
(stable/non-stable) from the Leader (acting as Border Router) and
propagates it properly to its children (MED and SED).
The test setup uses:
- Leader: Configured as a Border Router with both stable
(2001::/64) and non-stable (2002::/64) prefixes.
- Router 1 (DUT): Attached to the Leader.
- MED 1: Attached to the DUT, requests complete network data.
- SED 1: Attached to the DUT, requests only stable network data.
The test verifies that:
- The DUT multicasts both prefixes received from the Leader.
- MED 1 receives and registers both prefixes.
- SED 1 receives and registers only the stable prefix (Prefix 1).
- The selective propagation follows either MLE Child Update Request
or MLE Data Response paths.
Summary of changes:
- Created tests/nexus/test_5_6_3.cpp:
- Implements test logic using direct C++ method calls.
- Configures AllowList for specified links.
- Includes 1-line log outputs for each test step.
- Adheres to requested block comment formatting.
- Created tests/nexus/verify_5_6_3.py:
- Implements pcap-based verification of PASS criteria.
- Validates selective prefix propagation based on child mode.
- Follows requested Python filter formatting style.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 5_6_3 to the
default test list.
This commit fixes an issue in the Nexus simulation core where alarms
could fire multiple times at the same simulation timestamp. This occurred
because the `mScheduled` flag was not cleared upon firing, and if the
simulation time remained static (e.g., due to pending tasklets), the
`ShouldTrigger` condition would remain true across multiple iterations
of the simulation loop.
By clearing the `mScheduled` flag before invoking the fired callback,
we ensure that each scheduled alarm triggers exactly once unless it is
explicitly rescheduled by the stack. This improvement stabilizes Nexus
tests (such as 6.2.2) that were previously flaky due to this
non-deterministic behavior.
This commit adds a new Nexus test case for 'Child Synchronization
after Reset - MLE Child Update Request' (6.5.3) as specified in the
Thread test specification.
It also corrects and improves the verification of Sleepy End Device
(SED) polling behavior across Nexus tests.
Summary of changes:
- Implemented Nexus test 6.5.3:
- Added tests/nexus/test_6_5_3.cpp: Implements the test
execution for Topology B (SED_1). The test simulates a DUT
reset for a time shorter than its Child Timeout and verifies
correct synchronization with its parent.
- Added tests/nexus/verify_6_5_3.py: PCAP verification script
validating the MLE Child Update Request and SED polling.
- Fixed SED polling verification:
- Updated verify_6_5_3.py and verify_6_5_1.py to correctly
check for MAC Data Request frames (WPAN_DATA_REQUEST) instead
of MLE Data Requests.
- Switched to RLOC16-based filtering for MAC Data Requests to
reliably match packets even when 64-bit addresses are not
available due to encryption or short addressing.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_5_3.
This commit adds a new Nexus test case for 'Child Synchronization
after Reset - No Parent Response' (6.5.2) as specified in the test
specification.
Summary of changes:
- Implemented Nexus test 6.5.2:
- Added tests/nexus/test_6_5_2.cpp: Implements the test execution
for both Topology A (End Device 'ED_1') and Topology B (Sleepy
End Device 'SED_1'). The test simulates a DUT reset and a
subsequent parent failure (Router 1), verifying that the DUT
correctly reattaches to a different parent (Leader). The test
uses direct method calls, sets log level to note, and uses
AllowList for connectivity.
- Added tests/nexus/verify_6_5_2.py: PCAP verification script.
Validates the MLE Child Update Request TLVs, confirms the DUT
resumes polling if it is a SED, and verifies the subsequent
reattachment handshake with the Leader and ICMPv6 connectivity.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_5_2 in the
default test list and added expansion logic for A/B topologies.
This commit updates run_nexus_tests.sh to improve the readability
and utility of test execution:
- Capture test execution output in a log file.
- Only print the captured logs if the test fails.
- Provide a concise one-line status (PASSED/FAILED) for each test.
- Automatically clean up temporary work directories for passing tests.
- Preserve artifacts (PCAP, JSON, logs) for failed tests and print
the path to the preserved artifacts.
This commit ensures that the NetworkData::OnMeshPrefixConfig structure
is cleared using config.Clear() before it is used in Nexus tests.
Since OnMeshPrefixConfig is a local variable on the stack, its fields
can contain garbage values if not explicitly initialized. The core
validity check OnMeshPrefixConfig::IsValid() fails if both mDhcp and
mSlaac are set to true, which can happen with uninitialized memory.
Updated tests:
- tests/nexus/test_6_3_2.cpp: Fixed RunTest6_3_2.
- tests/nexus/test_5_6_1.cpp: Fixed RunTest5_6_1.
This commit adds a new Nexus test case 7.1.2 which verifies that when
global prefix information is set on the DUT (Router), it properly
unicasts information to the Leader using CoAP (Server Data Notification)
and that the DUT correctly propagates the aggregated Network Data to its
children during the attach procedure.
The test setup uses Router_1 (DUT) configured as a Border Router with
both stable (2001::/64) and non-stable (2002::/64) prefixes. It
verifies that MED_1 (requesting complete data) receives both prefixes,
while SED_1 (requesting only stable data) receives only the stable
prefix.
Summary of changes:
- Created tests/nexus/test_7_1_2.cpp:
- Implements test logic using direct C++ method calls.
- Sets log level to note.
- Configures AllowList for Router1-Leader, Router1-MED1, and
Router1-SED1 links.
- Includes 1-line log outputs for each test step.
- Adheres to requested block comment formatting.
- Created tests/nexus/verify_7_1_2.py:
- Implements pcap-based verification of PASS criteria.
- Validates selective prefix propagation based on child mode.
- Verifies MLE Child ID and Child Update exchanges.
- Follows requested Python filter formatting style.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 7_1_2 to the
default test list.
This commit adds a new Nexus test case for 'Attaching to a REED with
Better Link Quality' (6.1.6) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 6.1.6:
- Added tests/nexus/test_6_1_6.cpp: Implements the test execution
for both Topology A (End Device 'ED_1') and Topology B (Sleepy
End Device 'SED_1'). The test configures a topology where the
DUT has a bad link (LQ=1) to an active Router and a good link
(LQ=3) to a REED. It verifies that the DUT correctly sends a
second Parent Request including REEDs when the initial attempt
yields a poor quality parent. The test uses direct method calls,
sets log level to note, and uses AllowList for connectivity.
- Added tests/nexus/verify_6_1_6.py: PCAP verification script.
Validates that the DUT sends the first Parent Request with Scan
Mask set for Routers only, followed by a second Parent Request
with Scan Mask set for both Routers and REEDs. It then confirms
the DUT attaches to the REED via a Child ID Request.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_1_6 in the
default test list and added expansion logic for A/B topologies.
This commit adds a new Nexus test case for 'Key Increment of 1 with
Roll-over' (6.6.2) as specified in the test specification.
The test verifies that the DUT properly decrypts MAC and MLE packets
secured with a Key Index incremented by 1 (causing a rollover) and
switches to the new key.
Summary of changes:
- Implemented Nexus test 6.6.2:
- Added tests/nexus/test_6_6_2.cpp: Implements the test execution
for both Topology A (End Device 'ED_1') and Topology B (Sleepy
End Device 'SED_1'). The test initializes the network with
KeySequenceCounter = 127, then increments it to 128 to force
a key switch and rollover. The test uses direct method calls,
sets log level to note, and uses AllowList for connectivity.
- Added tests/nexus/verify_6_6_2.py: PCAP verification script.
Validates MLE Child ID Request and ICMPv6 Echo packets use the
expected Key Index (128 then 1), Key Source (127), and
Key ID Mode.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_6_2 in the
default test list and added expansion logic for A/B topologies.
This commit adds a new Nexus test case for 'End Device Synchronization'
(6.1.7) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 6.1.7:
- Added tests/nexus/test_6_1_7.cpp: Implements the test execution
for DUT as a Full End Device (FED). The test verifies that the DUT
automatically sends Link Requests to neighboring routers after
attaching to the Leader. The test uses direct method calls, sets
log level to note, and uses AllowList for connectivity.
- Added tests/nexus/verify_6_1_7.py: PCAP verification script.
Validates the MLE Child ID Request to the Leader and subsequent
unicast Link Requests to Router 1, 2, and 3, ensuring they contain
all required TLVs. Also verifies receipt of Link Accepts from the
routers.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_1_7 in the
default test list.
This commit adds a new Nexus test case for 'Key Increment of 1,
Single Hop' (6.6.1) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 6.6.1:
- Added tests/nexus/test_6_6_1.cpp: Implements the test execution
for both Topology A (End Device 'ED_1') and Topology B (Sleepy
End Device 'SED_1'). The test verifies that the DUT properly
decrypts MAC and MLE packets secured with a Key Index
incremented by 1 and switches to the new key. The test uses
direct method calls to KeyManager, sets log level to note,
and uses AllowList for connectivity.
- Added tests/nexus/verify_6_6_1.py: PCAP verification script.
Validates MLE Child ID Request and ICMPv6 Echo packets use the
expected Key Index (1 then 2) and Key ID Mode.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_6_1 in the
default test list and added expansion logic for A/B topologies.
This commit adds a new Nexus test case for 'Realm-Local Addressing'
(6.4.2) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 6.4.2:
- Added tests/nexus/test_6_4_2.cpp: Implements the test execution
for both Topology A (End Device 'ED_1') and Topology B (Sleepy End
Device 'SED_1'). The test verifies ICMPv6 Echo Request/Reply
using Realm-Local addresses (ML-EID, All-Nodes, and All Thread
Nodes). Fragmented (1200 bytes) and non-fragmented packets are
tested. The test uses direct method calls, sets log level to
note, and uses AllowList for connectivity (Leader <-> Router 1
<-> DUT).
- Added tests/nexus/verify_6_4_2.py: PCAP verification script.
Validates the exchange of ICMPv6 Echo packets for ML-EID,
Realm-Local All-Nodes (FF03::1), and Realm-Local All Thread
Nodes addresses. Correctly derives the Realm-Local All Thread
Nodes address from the mesh-local prefix.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_4_2 in the
default test list and added expansion logic for A/B topologies.
This commit adds a new Nexus test case 5.6.2 which verifies that
the DUT, as Leader, collects network data information (stable/
non-stable) from the network and propagates it properly during
the attach procedure.
The test setup uses Router_1 configured as a Border Router with
both stable (2001::/64) and non-stable (2002::/64) prefixes. It
verifies that SED_1 (requesting stable data) and MED_1 (requesting
complete data) receive the correct subset of network data during
the attach procedure to the Leader (DUT).
Summary of changes:
- Created tests/nexus/test_5_6_2.cpp:
- Implements test logic using direct C++ method calls.
- Configures AllowList for Leader-Router1, Leader-MED1, and
Leader-SED1 links.
- Includes 1-line log outputs for each test step.
- Adheres to requested block comment formatting.
- Created tests/nexus/verify_5_6_2.py:
- Implements pcap-based verification of PASS criteria.
- Validates selective prefix propagation based on child mode.
- Verifies MLE Child ID and Child Update exchanges.
- Follows requested Python filter formatting style.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 5_6_2 to the
default test list.
This commit adds a new Nexus test case for 'Child Synchronization after
Reset - Reattach' (6.5.1) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 6.5.1:
- Added tests/nexus/test_6_5_1.cpp: Implements the test execution
for both Topology A (Minimal End Device 'MED_1') and Topology B
(Sleepy End Device 'SED_1'). The test simulates a DUT reset for
a time longer than its Child Timeout and verifies that it
correctly reattaches to its parent (Leader). The test uses direct
method calls, sets log level to note, and uses AllowList for
connectivity.
- Added tests/nexus/verify_6_5_1.py: PCAP verification script.
Validates the MLE Child Update Request TLVs, handles the 'Error'
status response from the Leader, and confirms the subsequent
reattachment handshake and ICMPv6 connectivity. Patches
pktverify to support the mle.tlv.status field.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_5_1 in the
default test list and added expansion logic for A/B topologies.
This commit adds a default implementation of the OpenThread crypto
platform API for the PSA Crypto API.
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
This commit adds a new Nexus test case for 'Network data propagation'
(7.1.1) as specified in the Thread Test Specification.
The test verifies that the DUT, acting as a Border Router and Leader,
correctly sets Network Data (stable and non-stable) and successfully
propagates it to various child types (Router, MED, and SED) during the
attach and child update processes.
Summary of changes:
- tests/nexus/test_7_1_1.cpp: Implements the test logic.
- Configures a network with a Leader (DUT), Router_1, MED_1, and
SED_1.
- Sets up On-Mesh Prefixes on the Leader (one stable, one non-stable)
and registers them.
- Sequentially attaches Router_1, SED_1, and MED_1.
- Advances time to allow for MLE Child ID and Child Update
exchanges.
- Uses direct core method calls and sets log level to note.
- tests/nexus/verify_7_1_1.py: Python PCAP verification script.
- Verifies MLE Advertisements from the Leader.
- Validates MLE Child ID Responses to Router_1 and MED_1 contain
both prefixes.
- Validates MLE Child ID Response to SED_1 contains only the stable
prefix and ensures P_border_router_16 is 0xFFFE.
- Verifies the Child Update exchange with required TLVs for MED_1
and SED_1.
- tests/nexus/CMakeLists.txt: Added the new test to the build system.
- tests/nexus/run_nexus_tests.sh: Added 7_1_1 to the default test list.
This commit adds a new nexus test that implements the test
specification for 6.3.2 Network Data Update.
The test covers both Topology A (Minimal End Device - MED) and
Topology B (Sleepy End Device - SED). It validates that the child
device correctly identifies updated network data and requests the
full network data if necessary.
Changes:
- Added tests/nexus/test_6_3_2.cpp to execute the test.
- Added tests/nexus/verify_6_3_2.py to verify packet captures.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_3_2.
The C++ code uses direct core method calls and handles RF isolation
between node pairs using AllowList/UnallowList. The Python script
performs rigorous verification of MLE Data Response, Child Update
Request/Response, and Data Request packets, including Address
Registration TLV content verification.
This commit adds a new Nexus test case for 'Attaching to a Router with
Better Link Quality' (6.1.5) as specified in the test specification.
Summary of changes:
- Added tests/nexus/test_6_1_5.cpp:
- Implements test 6.1.5 using direct method calls from the core.
- Sets up a topology with a Leader, one Router, and one REED.
- Uses AllowList to configure connectivity as specified.
- Adjusts RSSI between DUT and REED to ensure lower link quality.
- Sets log level to note and includes 1-line log output for each
test step.
- Avoids magic numbers by using descriptive constants.
- Added tests/nexus/verify_6_1_5.py:
- PCAP verification script for test 6.1.5.
- Validates MLE Parent Request and Child ID Request TLVs.
- Verifies that the DUT selects Router 1 (better link quality) as
its parent.
- Confirms ICMPv6 Echo connectivity between Router 1 and the DUT.
- Follows one-condition-per-line style for verification logic.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to include nexus_6_1_5.
- Updated tests/nexus/run_nexus_tests.sh to add 6_1_5 to the
default test list.
Increase kAttachToChildTime to 100s to ensure neighbor discovery
completes for REEDs. Also set kReedThreshold to 0 to prevent
premature router upgrades during the discovery phase.
This commit updates `tests/unit/test_seeker.cpp` to use `ot::Array`
instead of C-style arrays with initializer lists for passing expected
selection orders in `CheckSelection()`.
The previous approach of passing initializer lists to a function
expecting a reference to a constant array caused compilation issues
on certain toolchains due to template deduction rules or temporary
object handling. By explicitly populating an `ot::Array` and passing
it, the test code becomes more portable and robust across different
compilers.
This commit adds a new Nexus test case for 'Orphan Reattach' (6.3.1)
as specified in the Thread Test Specification.
The test validates that the DUT (ED or SED) will correctly detach
and re-attach to the Leader after its parent (Router_1) is silently
removed from the network.
Summary of changes:
- tests/nexus/test_6_3_1.cpp: Implements the test logic.
- Sets up a network with Leader, Router_1, and DUT.
- Initially attaches DUT to Router_1.
- Silently stops Router_1 to simulate parent loss.
- Advances time to allow the DUT to detect the loss and re-attach
to the Leader.
- Verifies connectivity via ICMPv6 Echo between Leader and DUT.
- tests/nexus/verify_6_3_1.py: Python PCAP verification script.
- Validates optional Child Update Request or Data Request
messages sent during the detachment phase.
- Exhaustively verifies the MLE attach sequence (Parent Request,
Parent Response, Child ID Request, Child ID Response) with the
new parent (Leader).
- Verifies the final ICMPv6 Echo Request/Reply exchange.
- tests/nexus/CMakeLists.txt: Integrated the new test into the build
system.
- tests/nexus/run_nexus_tests.sh: Added 6_3_1_A and 6_3_1_B to the
default test list.
This commit adds a new Nexus test case for 'Link-Local Addressing'
(6.4.1) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 6.4.1:
- Added tests/nexus/test_6_4_1.cpp: Implements the test execution
for both Topology A (End Device 'ED_1') and Topology B (Sleepy End
Device 'SED_1'). The test verifies unicast and multicast ICMPv6 Echo
Request/Reply using Link-Local addresses. Fragmented and
non-fragmented packets are tested. The test uses direct method
calls, sets log level to note, and uses AllowList for
connectivity.
- Added tests/nexus/verify_6_4_1.py: PCAP verification script.
Validates the exchange of ICMPv6 Echo packets for unicast
(Extended Address-based LLA) and multicast (All Thread Nodes and
All Nodes) addresses.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_4_1 in the
default test list and added expansion logic for A/B topologies.
This commit adds a new Nexus test case for 'Attaching to a REED with
Better Connectivity' (6.1.4) as specified in the test specification.
Summary of changes:
- Added tests/nexus/test_6_1_4.cpp:
- Implements test 6.1.4 using direct method calls from Mle class.
- Sets up a topology with a Leader, one Router, and two REEDs.
- Uses AllowList to configure connectivity so REED_1 (Router 3)
has better connectivity than REED_2 (Router 2).
- Sets log level to note and includes 1-line log output for each
test step.
- Avoids magic numbers by using constants for router upgrade
thresholds.
- Added tests/nexus/verify_6_1_4.py:
- PCAP verification script for test 6.1.4.
- Validates MLE Parent Request TLVs (Scan Mask) in steps 2 and 4.
- Verifies that the DUT selects REED_1 as its parent and sends a
unicast Child ID Request with required TLVs.
- Confirms ICMPv6 Echo exchange between REED_1 and the DUT.
- Follows requested style for line continuation and logging.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to include nexus_6_1_4.
- Updated tests/nexus/run_nexus_tests.sh to add 6_1_4 to the
default test list.
This commit adds a new Nexus test case 5.6.1 which verifies that
the DUT correctly sets the Network Data (stable/non-stable) received
during the attaching procedure and propagates it properly to
devices that attach to it.
The test setup uses a Leader configured as a Border Router with
both stable and non-stable prefixes. It verifies that children
attaching to the DUT (Router_1) receive the appropriate network
data based on their requested mode (full vs. stable-only).
Summary of changes:
- Created tests/nexus/test_5_6_1.cpp:
- Implements test execution using direct C++ method calls.
- Uses AllowList to define specific node links.
- Includes 1-line log outputs for each test specification step.
- Created tests/nexus/verify_5_6_1.py:
- Implements pcap-based verification of PASS criteria.
- Checks for stable/non-stable Network Data propagation.
- Validates 6LoWPAN fragmentation and MAC security.
- Verifies address registration and ICMPv6 connectivity.
- Updated tests/nexus/CMakeLists.txt to include the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 5_6_1 to the default
test list.
This commit updates the Nexus workflow to install TShark version 4.6.2
or later by adding the 'wireshark-dev/stable' PPA. This is required
to support modern Wireshark features in Nexus tests.
This commit adds a new Nexus test case for 'Connectivity when Parent
Joins Partition' (6.2.2) as specified in the Thread Test
Specification.
The test verifies that a Child (End Device or Sleepy End Device)
maintains connectivity when the current Leader is removed and its
parent Router joins a new partition created by another Router.
Summary of changes:
- tests/nexus/test_6_2_2.cpp: C++ test execution script.
- Implements support for Topology A (MED) and Topology B (SED).
- Sets up a network with a Leader, Router_1, Router_2, and the
DUT attached to Router_1.
- Configures Router_2 with a shorter NETWORK_ID_TIMEOUT and a
maximum Partition ID preference.
- Simulates Leader removal and verifies that Router_2 creates a
new partition and Router_1 joins it.
- Verifies that the DUT maintains connectivity via MLE Child
Update (MED) or periodic data requests (SED).
- Verifies bidirectional connectivity using ICMPv6 Echo Request.
- tests/nexus/verify_6_2_2.py: Python PCAP verification script.
- Validates that Router_2 creates a new partition with the
expected maximum Partition ID.
- Validates that Router_1 joins the new partition.
- For MED, verifies the MLE Child Update Request contains correct
TLVs (Source Address, Leader Data, Mode) and Partition ID.
- For SED, verifies periodic connectivity to the parent.
- Validates the ICMPv6 Echo Request and Reply exchange.
- tests/nexus/run_nexus_tests.sh: Updated test runner.
- Added 6_2_2 to the default test list.
- Added expansion logic to run both A and B topologies.
- tests/nexus/CMakeLists.txt: Added the new test to the build system.
This commit updates `Node::Join()` to allow specifying whether a node
joining as an SED should request the full network data or only the
stable subset via the `JoinMode` parameter.
Previously, `kAsSed` implicitly requested full network data. This
change updates `kAsSed` to request only the stable subset (the
default behavior for an SED). A new `kAsSedWithFullNetData` mode is
introduced to explicitly request full network data when joining as
an SED.
This change provides more flexibility in test scenarios, allowing
validation of SEDs with different network data requirements.
This commit adds a new Nexus test case for 'CoAP Diagnostic Query and
Answer Commands – Router, FED' (5.7.3) as specified in the test
specification.
Summary of changes:
- Implemented Nexus test 5.7.3:
- Added tests/nexus/test_5_7_3.cpp: Sets up a network topology
with a Leader, Router 1, and three children (FED 1, MED 1,
SED 1) attached to Router 1. Implemented internal callback
to validate that diagnostic responses contain essential TLVs
(MAC Address, RLOC16, Mode) and verified that at least two
nodes (Router and FED) respond.
- Added tests/nexus/verify_5_7_3.py: PCAP verification script.
Validates the multicast query and the subsequent answers from
the Router and FED DUTs. Performed deep validation of returned
TLVs (MAC Address, RLOC16, Mode, Leader Router ID, IPv6 Address
List, Child Table).
- Enhanced packet verification utilities:
- Updated tests/nexus/verify_utils.py to support parsing and
registering more Thread Diagnostic TLVs (MAC Address, IPv6
Address List, Child Table, Channel Pages).
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt and run_nexus_tests.sh to
include the new test.
Review fixes:
- tests/nexus/test_5_7_3.cpp: Use Tlv::Find() for more concise and
idiomatic parsing of Network Diagnostic TLVs.
- tests/nexus/verify_5_7_3.py: Include MED_1 in Router 1's child table
verification.
This commit adds a new Nexus test case for 'Attaching to a Router
with better connectivity' (6.1.3) as specified in the test
specification.
Summary of changes:
- Implemented Nexus test 6.1.3:
- Added tests/nexus/test_6_1_3.cpp: Sets up a topology with a
Leader, three Routers (Router 1, 2, 3), and a DUT (ED/SED).
Configures the AllowList so that Router 3 has better
connectivity than Router 2. Executes the test sequence for
both Topology A (End Device) and Topology B (Sleepy End
Device). Sets log level to note. Refactored 'main' to reduce
code duplication.
- Added tests/nexus/verify_6_1_3.py: PCAP verification script.
Validates that the DUT sends a MLE Parent Request to the
All-Routers multicast address with required TLVs, and
subsequently sends a unicast MLE Child ID Request to Router 3
due to better connectivity. Also verifies ICMPv6 Echo
Request/Reply between Router 3 and the DUT.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_1_3 in the
default test list and added expansion logic for A/B topologies.
- Code cleanup and review fixes:
- Refactored 'main' in test_6_1_3.cpp to improve topology and
JSON filename handling.
- Removed redundant include of 'mac/data_poll_sender.hpp'.
- Fixed code style issues identified by 'make-pretty'.
Updates various Nexus test cases to utilize the `kAsFed` `JoinMode`
when calling `Node::Join`. Previously, these tests manually called
`Mle::SetRouterEligible(false)` before joining to configure the device
as a Full End Device (FED). Using the `kAsFed` parameter simplifies
the test code and leverages the existing logic within `Node::Join` to
handle the configuration.
This commit adds a new Nexus test case for 'Connectivity when Parent
Creates Partition' (6.2.1) as specified in the Thread Test
Specification.
The test verifies that a Child (End Device or Sleepy End Device)
maintains connectivity or reattaches to its parent when the current
Leader is removed and the parent Router creates a new partition.
Summary of changes:
- tests/nexus/test_6_2_1.cpp: C++ test execution script.
- Implements support for Topology A (ED) and Topology B (SED).
- Sets up a network with a Leader, Router_1, and the DUT.
- Simulates Leader power-down and verifies that Router_1 becomes
the new Leader.
- Confirms the DUT remains attached or reattaches to Router_1.
- Verifies bidirectional connectivity using ICMPv6 Echo Request.
- tests/nexus/verify_6_2_1.py: Python PCAP verification script.
- Validates the network formation and DUT attachment.
- Verifies that Router_1 creates a new partition with a new ID
after the Leader is removed.
- Validates the ICMPv6 Echo Request and Reply exchange between
Router_1 and the DUT.
- tests/nexus/run_nexus_tests.sh: Updated test runner.
- Added 6_2_1_A and 6_2_1_B to the default test list.
- Added expansion logic to run both topologies for 6_2_1.
- tests/nexus/CMakeLists.txt: Added the new test to the build system.
This commit adds a new Nexus test case for 'CoAP Diagnostic Get
Query and Answer Commands – REED' (5.7.2) as specified in the
test specification.
Summary of changes:
- Implemented Nexus test 5.7.2:
- Added tests/nexus/test_5_7_2.cpp: Sets up a topology with a
Leader, 15 Routers, and 1 REED (DUT) attached to Router 1.
Executes the test sequence by sending CoAP Diagnostic Get,
Reset, and Query commands using direct method calls to the
Network Diagnostic Client. Uses AllowList for topology
management and sets log level to note.
- Added tests/nexus/verify_5_7_2.py: PCAP verification script.
Validates that the REED DUT correctly handles diagnostic
requests, ensuring the Timeout TLV is absent in responses
and verifying MAC counter reset functionality. Also validates
multicast query and unicast answer flows.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 5.7.2 in
the default test list.
This commit introduces the `ScanResult` class, which inherits from
`otActiveScanResult`. This new class provides C++ idiomatic getter
methods that return core OpenThread types (e.g., `ExtAddress`,
`ExtendedPanId`, `NetworkName`) instead of raw C structures.
The logic for parsing a received Beacon frame and populating the
result fields is moved into `ScanResult::PopulateFromBeacon()`.
This centralizes the parsing logic and allows it to be reused
across different modules.
Consequently, `Mac`, `DiscoverScanner`, `Seeker`, and
`PanIdQueryServer` are updated to utilize `ScanResult`. The `Mac`
class is also updated to use the `Callback` template for the active
scan handler, replacing the previous raw function pointer and context.
Step 6 of test 5.8.3 requires the DUT to send an MLE Advertisement
reflecting the updated Key Sequence Counter. The previous 10-second
simulation time in this step was occasionally insufficient, as the
default MLE advertisement interval can be up to 32 seconds.
This commit increases the simulation time in Step 6 to 35 seconds
(kMaxAdvertisementTime) to ensure that at least one periodic MLE
Advertisement is captured in the pcap for verification.
This commit introduces a new nested class `Request` within `CoapBase`
to represent a pending CoAP request. The `Request` class encapsulates
the `Message` pointer and its associated `Metadata`, providing helper
methods to manage the metadata stored in the message footer.
It also introduces the `PendingRequests` helper class to manage the
queue of pending requests. This class wraps the underlying
`MessageQueue` and provides typed access to `Request` objects, along
with methods to add, remove, and search for requests.
`CoapBase` is updated to utilize these new classes for tracking
pending requests. This streamlines the logic in
`HandleRetransmissionTimer`, `ProcessReceivedResponse`, and other
methods by abstracting the low-level message and metadata manipulations.
`FinalizeCoapTransaction` is renamed to `FinalizeRequest`.
This commit fixes an intermittent failure in Nexus test 6.1.2 by
setting the REED's router upgrade threshold to 0.
By default, a REED may attempt to upgrade to a Router if the number of
active routers in the network is below a certain threshold. In this
test scenario, we want to ensure the REED remains a child until the
appropriate point in the test sequence. Setting the threshold to 0
prevents premature promotion due to low router count, ensuring more
deterministic test behavior.
This commit fixes an intermittent failure in Nexus Test 5.5.5 where
the verification script failed to find the Address Solicit Request.
The failure was caused by two main factors:
1. Re-attachment timing: The original 120s re-attachment window in
the C++ test was occasionally too short for Router 1 to detect
isolation, perform a new parent search, and complete attachment,
especially when combined with protocol jitter and router timeout.
2. Packet ordering: The Python verification script searched for the
Address Solicit Request only after the Child ID Request. However,
due to randomized router selection jitter, the DUT (REED 1) could
occasionally send the Address Solicit Request before Router 1 had
finished its attachment process.
To fix this:
- Increased kReattachTime from 120s to 140s in the C++ test to
provide a safer margin for re-attachment.
- Updated the verification script to search for the Address Solicit
Request and Link Request starting from the beginning of the
re-attachment process (Step 4), using cascade=False to maintain
the sequential search index for other mandatory packets.
Verified by running multiple repeated iterations of the test.
Previously, `PdPrefixManager::Stop()` was implemented as a call to
`Evaluate()`. The `Evaluate()` method calls `UpdateState()`, which
checks `RoutingManager::IsRunning()` to determine if the state should
be switched to `kDhcp6PdStateStopped`.
However, `RoutingManager::Stop()` calls `PdPrefixManager::Stop()`
before updating its own running state (setting `mIsRunning` to
`false`). As a result, `PdPrefixManager` would incorrectly remain in
`Running` or `Idle` state instead of stopping.
This commit updates `PdPrefixManager::Stop()` to explicitly set the
state to `kDhcp6PdStateStopped`.
This commit adds a new Nexus test case for 'Attaching to a REED'
(6.1.2) as specified in the Thread Test Specification.
The test verifies that both an End Device (ED) and a Sleepy End Device
(SED) can successfully attach to a network through a Router Eligible
End Device (REED). The test ensures that the REED correctly upgrades
to a Router to serve as the device's parent.
Summary of changes:
- tests/nexus/test_6_1_2.cpp: C++ test execution script.
- Refactored to support topology selection via command-line arguments.
- Saves topology-specific JSON metadata (e.g., test_6_1_2_A.json).
- tests/nexus/verify_6_1_2.py: Python PCAP verification script.
- Topology-aware verification supporting both ED and SED keep-alives.
- tests/nexus/run_nexus_tests.sh: Updated test runner.
- Added support for sub-tests with topology suffixes (e.g., 6_1_2_A).
- Automatically expands '6_1_2' into both '6_1_2_A' and '6_1_2_B' runs.
- Isolates artifacts (JSON/PCAP) for each topology run.
- tests/nexus/CMakeLists.txt: Added the new test to the build system.
This commit adds a new Nexus test case for 'Key Increment of 1 With
Roll-over' (5.8.3) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.8.3:
- Added test_5_8_3.cpp: Sets up a network with a Leader and a
Router_1 (DUT). Initializes the network with
KeySequenceCounter = 127. Verifies initial MLE and MAC security
parameters. Increments KeySequenceCounter by 1 to trigger a key
rollover and verifies that the DUT correctly switches to the new
key (Key Index = 1).
- Added verify_5_8_3.py: PCAP verification script for test 5.8.3.
Validates MLE Auxiliary Security Header (Key ID Mode, Key
Source, Key Index) and MAC Auxiliary Security Header in Echo
Replies.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.8.3 test executable.
- Updated run_nexus_tests.sh to include 5.8.3 in the default test
list.
This commit adds a new Nexus test case for 'CoAP Diagnostic Get
Request, Response and Reset Commands' (5.7.1) as specified in the
test specification.
Summary of changes:
- Implemented Nexus test 5.7.1:
- Added test_5_7_1.cpp: Sets up a network topology with a Leader,
Router 1 (DUT), and various child nodes (FED, MED, SED, REED).
Executes the 8-step test sequence by sending CoAP Diagnostic
Get and Reset commands from the Leader to the DUT using direct
method calls. Uses AllowList for topology management and sets
log level to note.
- Added verify_5_7_1.py: PCAP verification script for test 5.7.1.
Validates the presence and values of requested Network
Diagnostic TLVs in CoAP requests and responses. Ensures the
DUT correctly handles requests for MAC Counters, Timeout
(omitted), and Child Table, and verifies the reset functionality.
- Enhanced verification utilities:
- Updated verify_utils.py: Added length checks during Thread TLV
parsing in CoAP payloads to handle overlapping TLV types
correctly and prevent verification failures.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.7.1 test executable.
- Updated run_nexus_tests.sh to include 5.7.1 in the default test
list.
This commit adds a new Nexus test case for 'Attaching to a Router'
(6.1.1) as specified in the Thread Test Specification.
The test verifies that both an End Device (ED) and a Sleepy End Device
(SED) can successfully attach to a network.
Summary of changes:
- tests/nexus/test_6_1_1.cpp: C++ test execution script.
- Refactored to support topology selection via command-line arguments.
- Saves topology-specific JSON metadata (e.g., test_6_1_1_A.json).
- tests/nexus/verify_6_1_1.py: Python PCAP verification script.
- Topology-aware verification supporting both ED and SED.
- tests/nexus/run_nexus_tests.sh: Updated test runner.
- Added support for sub-tests with topology suffixes (e.g., 6_1_1_A).
- Automatically expands '6_1_1' into both '6_1_1_A' and '6_1_1_B' runs.
- Isolates artifacts (JSON/PCAP) for each topology run.
- tests/nexus/CMakeLists.txt: Added the new test to the build system.
This commit adds a new Nexus test case for 'Key Increment Of 1' (5.8.2)
as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.8.2:
- Added tests/nexus/test_5_8_2.cpp: Sets up a network topology
with a Leader and Router_1 (DUT). Verifies proper decryption
of MAC and MLE packets secured with an incremented key index.
- Added tests/nexus/verify_5_8_2.py: PCAP verification script for
test 5.8.2. Validates key index transitions in MLE Parent Request,
Child ID Request, ICMPv6 Echo, and MLE Advertisements.
- Enhanced pktverify framework:
- Added 'number' property to Packet class and 'frame' object to filter
evaluation context, enabling 'frame.number' checks in verification scripts.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 5.8.2 in the
default test list.
This commit implements Nexus test case 5.5.7 which verifies the
behavior of a Thread network when three routers are separated from
the leader and eventually merge back into a single partition.
Test details:
- Topology: Leader and three Routers (Router 1, Router 2, Router 3).
- Description: The Leader acts as the sole link between each router.
When the Leader is removed for longer than the leader timeout,
each router forms its own partition. When the Leader returns, it
reattaches to any available router, and eventually all routers
merge back.
Implementation:
- Added tests/nexus/test_5_5_7.cpp for C++ test logic.
- Updated Step 12 to include exhaustive bidirectional connectivity
verification between the leader and all router nodes.
- Added tests/nexus/verify_5_5_7.py for pcap-based verification.
- Updated rejoin steps to correctly handle non-deterministic parent
selection by the leader.
- Improved pcap verification robustness by using pkts.copy() and
handling potential NullFields.
- Added _verify_ping helper to refactor ping verification logic.
- Updated Step 12 to verify full bidirectional connectivity.
- Updated CMakeLists.txt and run_nexus_tests.sh to include the test.
This commit fixes a flakiness issue in Nexus Test 5.5.1 where valid
MLE Advertisements from the Leader were occasionally caught by the
"must not send advertisements" check during reset.
The issue was caused by using the ICMPv6 Echo Request as the start
boundary for the "no advertisement" check. Since there is a small
delay between the Echo Request and the actual Leader reset, the
Leader might send a perfectly valid advertisement during this window.
To fix this, the verification script now:
1. Captures the Echo Reply to ensure the network is responsive
before the reset.
2. Uses the Echo Reply timestamp plus a 2.0-second buffer as the
actual start time for the "no advertisement" check.
3. Filters advertisements in the reset range to only trigger if
they occur after this buffered reset time.
This approach robustly distinguishes between pre-reset and
post-reset packet flows, even with timing jitter or pcap delivery
delays.
This commit adds a new Nexus test case for 'Split and Merge with REED'
(5.5.5) as specified in the Thread Test Specification.
The test demonstrates that a REED will upgrade to a Router when it
becomes a necessary parent for an isolated Router after its previous
neighbor (Router 3) is removed from the network.
Summary of changes:
- tests/nexus/test_5_5_5.cpp: C++ test execution script.
- Sets up a topology with 16 active routers total.
- Uses AllowList to specify exact links between nodes.
- Powerdowns Router 3 to isolate Router 1.
- Verifies REED 1 (DUT) upgrades to router and Router 1 reattaches.
- Includes 1-line log outputs for each test step.
- Uses mesh-local EID for ICMP Echo connectivity verification.
- tests/nexus/verify_5_5_5.py: Python PCAP verification script.
- Verifies all MLE messages and CoAP Address Solicit Request.
- Ensures proper TLVs are present in MLE and CoAP messages.
- Tracks ICMPv6 Echo Request/Reply hop-by-hop through the DUT.
- Follows "one condition per line" style for better readability.
- tests/nexus/CMakeLists.txt: Added the new test to the build system.
- tests/nexus/run_nexus_tests.sh: Added 5_5_5 to the default test list.
Adds a new Nexus test case for 'Split and Merge with Routers' (5.5.4.2)
as specified in the test specification. This test verifies that the
DUT (Router_1) correctly joins a new higher-priority partition when
the Leader is removed and later merges back when the Leader returns.
Summary of changes:
- Implemented Nexus test 5.5.4.2:
- Added test_5_5_4_2.cpp: Sets up a topology with a Leader,
DUT (Router_1), Router_2, Router_3, and Router_4. Verifies
partitioning behavior, ensuring the DUT joins the higher-priority
partition formed by Router_3 and later merges with the original
Leader. Uses direct method calls, sets log level to note, and
defines links via AllowList.
- Added verify_5_5_4_2.py: PCAP verification script for test
5.5.4.2. Ensures properly formatted MLE Advertisements, verifies
the DUT does not join a lower-priority singleton partition
prematurely, and validates the reattachment and merge process.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.5.4.2 test executable.
- Updated run_nexus_tests.sh to include 5_5_4_2 in the default test
list.
This commit addresses the occasional failure of Nexus test 5.5.4.1 by
increasing the merge wait time and improving the robustness of the
packet verification script.
Summary of changes:
- In test_5_5_4_1.cpp, increased kMergeWaitTime from 200s to 300s.
This provides sufficient time for all nodes to synchronize their
Mesh-Local Prefix and update their routing tables after the network
partitions merge.
- In verify_5_5_4_1.py, updated Step 6 verification to filter ICMPv6
Echo Request and Reply packets by their specific identifier (0xabcd).
This ensures that the verifier correctly identifies the packets from
the intended test step and avoids matching stale or transient
packets from earlier parts of the test.
This commit updates the Nexus::Node::SetName(prefix, index) method
to use an underscore ('_') instead of a space between the prefix
and the index when generating the node name.
Corresponding verification scripts verify_5_2_3.py and
verify_5_2_4.py are also updated to match the new naming convention
when looking up nodes in the test environment.
All Nexus tests have been verified to pass with this change.
This commit adds a new Nexus test case for 'Split and Merge with
Routers' (5.5.4.1) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.5.4.1:
- Added test_5_5_4_1.cpp: Sets up a network topology with a Leader
(DUT), Router_1, Router_2, Router_3, and Router_4. Verifies
MLE Advertisements from the DUT. Resets the DUT to trigger
network partitions and then merges them back. Uses direct method
calls, AllowList for topology management, and ping markers for
accurate verification.
- Added verify_5_5_4_1.py: PCAP verification script for test
5.5.4.1. Verifies DUT advertisements and ensures they stop during
the reset period. Validates successful communication after the
network merges.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.5.4.1 test executable.
- Updated run_nexus_tests.sh to include 5.5.4.1 in the default test
list.
This commit adds the `Node::FindMatchingAddress()` helper method to the
`Nexus::Node` class. This method simplifies the process of finding a
unicast address on a node that matches a given IPv6 prefix.
This commit adds a new Nexus test case for 'Split and Merge: Branch
with Child' (5.5.3) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.5.3:
- Added tests/nexus/test_5_5_3.cpp: Sets up a network topology
with a Leader, two Routers, and two MEDs. Simulates a network
split by stopping the Leader and allows Routers to form new
partitions. Reintroduces the Leader and verifies that partitions
successfully merge back together. Uses direct method calls,
sets log level to note, and uses AllowList for topology.
- Added tests/nexus/verify_5_5_3.py: PCAP verification script for
test 5.5.3. Ensures correct MLE Advertisement, Parent Request,
Child ID Request, and Address Solicit exchanges during split
and merge. Validates end-to-end ICMPv6 Echo connectivity after
the merge.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new 5.5.3 test.
- Updated tests/nexus/run_nexus_tests.sh to include 5.5.3 in the
default test list.
This commit implements Nexus test case 5.5.2 which verifies the
behavior of a Thread network when the Leader reboots and remains
offline longer than the leader timeout.
Test details:
- Topology: Leader, Router_1, and MED (attached to Router_1).
- Description: When the Leader is restarted and stays rebooted
longer than the leader timeout, Router_1 becomes the new Leader.
When the original Leader returns, it reattaches to the network as
a Router.
Implementation:
- Added tests/nexus/test_5_5_2.cpp for C++ test logic.
- Added tests/nexus/verify_5_5_2.py for pcap-based verification.
- Updated CMakeLists.txt and run_nexus_tests.sh to include the test.
This commit adds a new Nexus test case for 'Leader Reboot < timeout'
(5.5.1) as specified in the Thread Test Specification.
The test demonstrates that when a Leader reboots for a period shorter
than the leader timeout, it successfully reattaches to the network
and remains the Leader without causing partition changes.
Summary of changes:
- tests/nexus/test_5_5_1.cpp: C++ test execution script.
- Sets up a topology with a Leader and a Router.
- Reboots the Leader for 80 seconds (less than the 120s timeout).
- Uses direct method calls and block comments.
- Includes 1-line log outputs for each test step.
- tests/nexus/verify_5_5_1.py: Python PCAP verification script.
- Verifies MLE Advertisements and correct TLVs.
- Ensures Leader stops advertisements during reboot.
- Validates multicast Link Request formatting after reboot.
- Confirms no Parent Request is sent by the Leader.
- Verifies ICMPv6 connectivity after reattachment.
- tests/nexus/CMakeLists.txt: Added the new test to the build system.
- tests/nexus/run_nexus_tests.sh: Added 5_5_1 to the default test list.
This commit removes redundant `p.coap.code == consts.COAP_CODE_ACK`
checks in several Nexus test verification scripts.
The `filter_coap_ack()` function in the `pktverify` framework already
filters for CoAP ACK messages, which involves checking the message
type and the CoAP code. Therefore, adding a manual filter for the same
CoAP code is redundant and can be removed for conciseness.
Summary of changes:
- tests/nexus/verify_5_1_1.py: Remove redundant CoAP ACK code check.
- tests/nexus/verify_5_1_5.py: Remove redundant CoAP ACK code checks.
- tests/nexus/verify_5_1_6.py: Remove redundant CoAP ACK code check.
- tests/nexus/verify_5_2_3.py: Remove redundant CoAP ACK code checks.
- tests/nexus/verify_5_2_6.py: Remove redundant CoAP ACK code check.
This commit adds the filter_ipv6_src() method to the PacketFilter
class in the pktverify framework. This method improves the symmetry
of the filtering API, complementing the existing filter_ipv6_dst().
The new method is used to update several verification scripts in
tests/nexus, replacing manual lambda filters for IPv6 source
addresses with a cleaner and more readable API call.
Updated scripts:
- tests/nexus/verify_5_3_3.py
- tests/nexus/verify_5_3_7.py
- tests/nexus/verify_5_3_8.py
- tests/nexus/verify_5_3_10.py
This commit removes the Python-based thread-cert tests for sections 5.1,
5.2, and 5.3. These tests have been replaced by C++ Nexus tests in
tests/nexus/, which offer better performance, reliability, and
integration with the core OpenThread codebase.
The following Python scripts have been removed from
tests/scripts/thread-cert/:
- Cert_5_1_01 through Cert_5_1_13
- Cert_5_2_01, Cert_5_2_03 through Cert_5_2_07
- Cert_5_3_01 through Cert_5_3_11
The corresponding Nexus tests are available in tests/nexus/ along with
their respective PCAP verification scripts.
Adds a new Nexus test case 5.3.11 to validate 'AQ_TIMEOUT' and
'AQ_RETRY_TIMEOUT' intervals in the Address Query transmission
algorithm.
The test verifies that the DUT:
- Correctly generates Address Query Requests on behalf of its MED
child when sending Echo Requests to a non-existent mesh-local
address.
- Correctly implements the retry delay by NOT initiating a new Address
Query frame if a subsequent Echo Request is sent before the
'ADDRESS_QUERY_INITIAL_RETRY_DELAY' expires.
- Initiates a new Address Query Request if an Echo Request is sent
after the 'ADDRESS_QUERY_INITIAL_RETRY_DELAY' has expired.
Summary of changes:
- tests/nexus/test_5_3_11.cpp: Implemented test logic using direct
method calls and 'AllowList' for topology control.
- tests/nexus/verify_5_3_11.py: Added PCAP verification ensuring correct
Address Query generation and retry interval logic.
- tests/nexus/CMakeLists.txt: Included the new test in the build system.
- tests/nexus/run_nexus_tests.sh: Added 5_3_11 to the default nexus
test list.
Adds a new Nexus test case 5.3.10 to validate that the DUT (Router_2)
correctly generates Address Query messages and responds with Address
Notification messages for SLAAC Global Unicast Addresses (GUAs).
The test verifies that:
- The DUT correctly generates Address Query Requests on behalf of its
child (MED_1) to find Router_1's GUA.
- The DUT properly responds to Address Query Requests from the Border
Router for MED_1's GUA with a CON POST Address Notification.
- The DUT correctly caches mappings and avoids redundant Address Queries
for subsequent requests.
- The DUT removes cached entries when the target's Router ID expires.
- The DUT does not respond with Address Notification after its child
(MED_1) has timed out.
Summary of changes:
- tests/nexus/test_5_3_10.cpp: Implemented test logic using direct
method calls and kLogLevelNote.
- tests/nexus/verify_5_3_10.py: Added PCAP verification script with
robust RLOC16 and IID-based packet identification.
- tests/nexus/CMakeLists.txt: Included the new test in the build system.
- tests/nexus/run_nexus_tests.sh: Added 5_3_10 to the default list.
This commit adds a new Nexus test case for 'Address Query - DHCP GUA'
(5.3.9) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.3.9:
- test_5_3_9.cpp: Sets up a topology with Leader (DHCPv6 Border
Router), Router_1, DUT (Router_2), Router_3, and SED_1
(attached to DUT). Configures DHCPv6 prefixes 2001:: and 2002::
as on-mesh prefixes. Implements test logic using direct method
calls and sets log level to NOTE. Verifies Address Query
generation on behalf of child, Address Notification responding,
caching, and cache eviction.
- verify_5_3_9.py: PCAP verification script for test 5.3.9.
Ensures correct formatting of Address Query (NON POST /a/aq) and
Address Notification (CON POST /a/an) messages. Verifies that
DUT correctly caches addresses and evicts them when Router ID
is expired by the Leader. Also verifies that DUT does not respond
to Address Query for a child that has timed out.
- Updated supporting files:
- CMakeLists.txt: Added building of the 5_3_9 test executable.
- run_nexus_tests.sh: Added 5_3_9 to the default test list.
The test verifies that the DUT is able to generate Address Query
messages on behalf of its children and properly respond with Address
Notification messages to other routers, while correctly managing its
address cache for DHCPv6 GUA addresses.
This commit updates `Seeker` to use `MessageBackedArray` for storing
discovered candidates. This moves candidate storage from statically
allocated RAM in the `Seeker` instance to a `Message` buffer,
reducing the resident memory footprint.
The connection logic is enhanced to prioritize network diversity. The
`Seeker` now attempts to connect to the most favored candidate of
each unique network (Extended PAN ID) first. After exhausting unique
networks, it proceeds to remaining backup candidates. This improves
the likelihood of finding the correct network quickly in multi-network
environments.
The candidate storage policy is updated to limit entries per network
(defined by `kMaxCandidatesPerNetwork`). When storage is full, the
`Seeker` evicts a redundant entry from a well-represented network to
accommodate new network discoveries.
A detailed unit test `test_seeker` is included to validate candidate
tracking and selection order under various scenarios.
Updated the code style in all tests/nexus/verify_5_*.py files to use one
condition per line with the dot operator at the end of the line.
This aligns the scripts with the established pattern in verify_5_1_1.py
and improves readability.
This commit introduces a new helper method `Utils::ToYesNo()` in the
CLI module to convert boolean values into "yes" or "no" strings.
Previously, this conversion was performed using inline ternary
operators (e.g., `val ? "yes" : "no"`) scattered throughout the CLI
implementation. This change replaces these instances with the new
helper method, improving code readability and consistency.
This commit adds CLI support for the Border Agent Admitter feature.
The new commands allow users to enable/disable the admitter, check
its state, configure the joiner UDP port, and list active enrollers
and their accepted joiners.
This change also includes the corresponding documentation in
`src/cli/cli_ba.cpp` and `src/cli/README.md`.
This commit adds a new Nexus test implementing test specification 5.3.8
(MTD Child Address Set).
The test validates that the DUT MTD Child Address Set can hold at least
4 IPv6 non-link-local addresses and that the DUT does not send Address
Query requests for target addresses that should be in its child address
set.
Changes:
- Add tests/nexus/test_5_3_8.cpp to implement the test logic.
- Add tests/nexus/verify_5_3_8.py to verify pcap output.
- Update tests/nexus/CMakeLists.txt to include the new test.
- Update tests/nexus/run_nexus_tests.sh to include 5.3.8 in the default
test list.
This commit adds a new Nexus test case for 'Duplicate Address Detection'
(5.3.7) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.3.7:
- Added test_5_3_7.cpp: Sets up a network topology with a Leader
(DUT), two Routers, two MEDs, and one SED. Configures an on-mesh
prefix and assigns the same IPv6 address to two different nodes
(MED_1 and SED_1). Instructs MED_2 to send an Echo Request to
the duplicate address and verifies the resulting Address Query
and Address Error Notification exchanges. Uses direct method calls
and sets log level to note.
- Added verify_5_3_7.py: PCAP verification script for test 5.3.7.
Ensures that the Leader sends MLE Advertisements, multicasts an
Address Query (/aq) to FF03::2, receives Address Notifications
(/an) from Routers, and finally multicasts an Address Error
Notification (/ae) to FF03::2.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.3_7 test executable.
- Updated run_nexus_tests.sh to include 5_3_7 in the default test
list.
Adds a new Nexus test case for 'Router ID Mask' (5.3.6) as specified
in the test specification. This test verifies that the router ID mask
is managed correctly as connectivity to routers is lost and regained.
Summary of changes:
- Implemented Nexus test 5.3.6:
- Added test_5_3_6.cpp: Sets up a Leader (DUT) and two Routers.
Verifies that the Leader correctly removes Router IDs from its
routing table after connectivity is lost for a prolonged period
and updates them when routers reattach. Uses direct method calls
and AllowList for topology management.
- Added verify_5_3_6.py: PCAP verification script for test 5.3.6.
Ensures MLE Advertisements correctly reflect the addition and
removal of Router IDs from the ID mask.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.3.6 test executable.
- Updated run_nexus_tests.sh to include 5.3.6 in the default test
list.
This commit updates `Ip6::Address` to expose `static` getter methods for
common multicast addresses (e.g., `GetLinkLocalAllNodesMulticast()`)
as public API.
Consequentially, the wrapper `SetTo...` and `Is...` methods for these
multicast addresses are removed. Callers are updated to use the
`static` getters directly. This change simplifies usage by allowing
direct access to the constant address instances, often eliminating
the need for local `Ip6::Address` variables.
This commit adds a new Nexus test case for 'Routing - Link Quality'
(5.3.5) as specified in the Thread Test Specification.
The test validates that the DUT properly routes traffic when link
qualities between nodes are adjusted. It ensures that the shortest
path is chosen based on link costs and that direct neighbors are
prioritized for equal-cost paths.
Summary of changes:
- Implemented Nexus test 5.3.5:
- Added test_5_3_5.cpp: Sets up a multi-hop topology using
AllowList (Leader, DUT, Router 2, Router 3). Adjusts RSSI
to simulate Link Quality levels 3, 2, 1, and 0 between the
Leader and DUT. Initiates pings from Router 3 to Leader.
- Added verify_5_3_5.py: PCAP verification script that validates
multi-hop paths and ensures the 'hopsLft' field in the 6LoWPAN
Mesh Header is correctly maintained.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.3.5 test executable.
- Updated run_nexus_tests.sh to include 5.3.5 in the default list.
Adds a new Nexus test case 5.3.4 to validate that an MTD (Router_1
acting as DUT) correctly maintains an EID-to-RLOC Map Cache for its
Sleepy End Device (SED) child.
The test verifies that the DUT:
- Correctly generates Address Query Requests on behalf of its SED
child when the child sends Echo Requests to multiple MED nodes.
- Properly caches the EID-to-RLOC mappings after receiving Address
Notifications from the Leader.
- Reuses the cached mappings for subsequent Echo Requests from the
SED, without sending additional Address Queries.
Summary of changes:
- tests/nexus/test_5_3_4.cpp: Implemented test logic, refactored with
loops for maintainability.
- tests/nexus/verify_5_3_4.py: Added order-independent verification
for Address Queries and Notifications.
- tests/nexus/CMakeLists.txt: Included the new test in the build
system.
- tests/nexus/run_nexus_tests.sh: Added 5_3_4 to the default nexus
test list.
This commit updates `tests/nexus/CMakeLists.txt` to include
`${OT_CFLAGS}` in `target_compile_options` for `ot-nexus-platform`
and test executables. This enables stricter compiler warnings and
errors during the build process.
It also addresses issues exposed by the new flags, including unused
variables and constants, shadow variable declarations, and member
variable initialization order in constructors.
Adds a new Nexus test case for 'Address Query - ML-EID' (5.3.3) as
specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.3.3:
- test_5_3_3.cpp: Sets up a topology with Leader, Router_1, DUT
(Router_2), Router_3, and MED_1 (attached to DUT). Implements
the test logic using direct method calls and sets log level to
NOTE. Verifies Address Query generation, Address Notification
responding, caching, and cache eviction.
Note: Step 6 is modified to use ML-EID instead of GUA 2001::
as 2001:: is not configured as an on-mesh prefix in the test.
- verify_5_3_3.py: PCAP verification script for test 5.3.3.
Ensures correct formatting of Address Query (NON POST /a/aq) and
Address Notification (CON POST /a/an) messages. Verifies that
DUT correctly caches addresses and evicts them when Router ID
is expired by the Leader.
- Updated supporting files:
- verify_utils.py: Added support for parsing 'NL_ML_EID_TLV' in
CoAP payloads.
- CMakeLists.txt: Added building of the 5_3_3 test executable.
- run_nexus_tests.sh: Added 5_3_3 to the default test list.
The test verifies that the DUT is able to generate Address Query
messages on behalf of its children and properly respond with Address
Notification messages to other routers, while correctly managing its
address cache.
This commit fixes a flakiness in Nexus test 5.2.3 'Leader rejects CoAP
Address Solicit (2-hops from Leader)'.
The test builds a topology with 32 routers (the maximum allowed).
Occasionally, some routers would spontaneously downgrade to REEDs
during the setup phase because the default Router Downgrade Threshold
is 23. This led to failures when the test verified that all 31 joining
nodes had become routers.
The fix sets both 'RouterUpgradeThreshold' and 'RouterDowngradeThreshold'
to 'kMaxRouters' (32) for the leader and all routers, ensuring they
remain in the router role throughout the test.
Additionally, this commit wraps the 'BecomeRouter' call with
'SuccessOrQuit' to resolve a compiler warning and ensure the
operation's success is verified.
Summary of changes:
- Modified tests/nexus/test_5_2_3.cpp to set appropriate router
thresholds and use SuccessOrQuit for role transition.
Adds a new Nexus test case for 'Realm-Local Addressing' (5.3.2) as
specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.3.2:
- Added test_5_3_2.cpp: Sets up a topology with a Leader,
Router 1, Router 2 (DUT), and SED 1. Verifies that the DUT
correctly handles and responds to ICMPv6 Echo Requests sent to
its ML-EID and various Realm-Local multicast addresses
(FF03::1, FF03::2, and Realm-Local All Thread Nodes).
- Added verify_5_3_2.py: PCAP verification script for test 5.3.2.
Ensures that the DUT MUST NOT forward multicast Echo Requests
(FF03::1, FF03::2) to the SED, and that it MUST use IEEE
802.15.4 indirect transmissions to forward the Realm-Local All
Thread Nodes multicast packet to the SED.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.3.2 test executable.
- Updated run_nexus_tests.sh to include 5.3.2 in the default
test list.
This commit fixes a flakiness in Nexus test 5.2.1 'REED Attach'.
The test occasionally failed due to the non-deterministic timing of the
REED_1 upgrade process. In some runs, REED_1 would upgrade to a router
(Step 7) before MED_1 sent its initial Parent Request (Step 6),
causing a mismatch in the strict chronological packet sequence
expected by the verification script.
The verification script is updated to handle Step 6 and Steps 7/8
independently. It now uses separate packet filter copies to find both
sets of events regardless of their relative order. The main packet
index is then advanced to the end of all confirmed activities.
Summary of changes:
- Modified tests/nexus/verify_5_2_1.py to implement flexible order
verification for MED_1 join and REED_1 upgrade events.
Adds a new Nexus test case for 'Link-Local Addressing' (5.3.1) as
specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.3.1:
- Added test_5_3_1.cpp: Sets up a Leader and a Router (DUT)
topology. Leader sends various ICMPv6 Echo Requests (standard and
fragmented, unicast and multicast) to the DUT. Verifies that the
DUT responds with ICMPv6 Echo Replies. Uses direct method calls to
access the core stack.
- Added verify_5_3_1.py: PCAP verification script for test 5.3.1.
Ensures that all Echo Request/Reply exchanges are present in the
pcap and use the correct source and destination addresses.
Follows the one-condition-per-line style for packet filters.
- Updated verify_utils.py to dynamically update the All Thread Nodes
multicast address based on the mesh-local prefix.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.3.1 test executable.
- Updated run_nexus_tests.sh to include 5.3.1 in the default test
list.
- Cleaned up unused constants kEchoResponseTime and kEchoIdentifier in
test_5_3_1.cpp.
This commit fixes a logic error in `test_border_admitter` where the
assignment operator `=` was used instead of the equality operator
`==` inside `VerifyOrQuit()` checks.
Adds a new Nexus test case for 'REED Synchronization' (5.2.7) as
specified in the test specification.
The test validates the REED's Synchronization procedure after
attaching to a network with multiple Routers. A REED must process
incoming Advertisements and perform a one-way frame-counter
synchronization with at least 3 neighboring Routers.
Summary of changes:
- Implemented Nexus test 5.2.7:
- Added test_5_2_7.cpp: Sets up a topology with 16 active
routers (Leader + 15 Routers) and adds a REED last.
Verifies the REED joins and remains a child.
- Added verify_5_2_7.py: PCAP verification script for test
5.2.7, ensuring the REED sends Link Requests and receives
Link Accepts from at least three distinct neighbors with
mandatory TLVs.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.2.7 test
executable.
- Updated run_nexus_tests.sh to include 5.2.7 in the default
test list.
This commit adds a new Nexus test case 5_2_6 which implements the
"Router Downgrade Threshold - REED" test specification.
The test verifies that a router (DUT) will downgrade to a REED when
the network becomes too dense (exceeding the Router Downgrade
Threshold).
Summary of changes:
- Added tests/nexus/test_5_2_6.cpp to execute the test.
- Added tests/nexus/verify_5_2_6.py to verify the pcap output.
- Updated tests/nexus/CMakeLists.txt to include the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 5_2_6 to default tests.
The test builds a topology with 23 initial routers and then adds a 24th
router to trigger the downgrade condition on the DUT, which uses
default thresholds (16/23).
This commit adds a new Nexus test case 5.2.5 which validates that
a Router Eligible End Device (REED) correctly generates Address
Notification messages in response to Address Query messages.
The test implementation includes:
- test_5_2_5.cpp: Sets up a 16-router topology using AllowList
constraints and executes the test procedure.
- verify_5_2_5.py: Verifies the resulting pcap to ensure correct
Address Notification format (Target EID, RLOC16, and ML-EID TLVs)
and Echo Reply sequence.
Summary of changes:
- Added tests/nexus/test_5_2_5.cpp and tests/nexus/verify_5_2_5.py.
- Updated tests/nexus/CMakeLists.txt to include the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 5_2_5 to default tests.
- Enabled OPENTHREAD_CONFIG_DHCP6_CLIENT_ENABLE and
OPENTHREAD_CONFIG_DHCP6_SERVER_ENABLE in
tests/nexus/openthread-core-nexus-config.h to support DHCPv6
prefixes used in the test.
This commit adds helper methods in Nexus to simplify ICMPv6 echo
exchanges:
- `Node::SendEchoRequest()`: sends an ICMPv6 Echo Request with
configurable parameters such as payload size and hop limit.
- `Core::SendAndVerifyEchoRequest()`: sends an Echo Request and
validates the matching Echo Reply within a timeout.
This commit also update various certification tests to use these
helpers, removing duplicate local utility functions.
This commit updates Test5_1_11 in tests/nexus/test_5_1_11.cpp to
properly check the return value of AddRssIn() calls using the
SuccessOrQuit() macro. This ensures that any failure in configuring
the RSSI filters during the test setup is immediately caught.
Adds a new Nexus test case for 'Router Upgrade Threshold - REED' (5.2.4)
as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.2.4:
- test_5_2_4.cpp: Sets up a topology with 16 routers (including Leader)
and verifies that a REED DUT does not upgrade to a router until a
minimal end device (MED) attempts to attach to it.
- verify_5_2_4.py: PCAP verification script for test 5.2.4, ensuring
correct MLE advertisements, Parent/Child ID exchange, Address Solicit
Request formatting, and ICMPv6 Echo connectivity.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5_2_4 test executable.
- Updated run_nexus_tests.sh to include 5_2_4 in the default test list.
The test verifies that the DUT correctly manages the router upgrade
threshold and transitions to the router role when required to support a
child.
Changes 'IsChild()' check to 'IsAttached()' for REED_1 in test 5.2.1.
REED_1 may quickly transition beyond the child state (e.g., to router)
after attaching, causing 'IsChild()' to occasionally fail depending
on the timing of the check. Using 'IsAttached()' ensures the node is
successfully connected to the network regardless of its specific role.
Adds a new Nexus test case for 'Leader rejects CoAP Address Solicit
(2-hops from Leader)' (5.2.3) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.2.3:
- Added test_5_2_3.cpp: Sets up a topology with a Leader, 31 routers
(fully connected to Leader), and a 32nd router (Router 32) that is
2-hops away from the Leader via Router 1. Verifies that the Leader
rejects the Address Solicit Request from the 33rd router with a
'No Address Available' status (1).
- Added verify_5_2_3.py: PCAP verification script for test 5.2.3.
Ensures the Address Solicit Request is sent by Router 32 to the
Leader, and that the Leader responds with a CoAP ACK containing
a Status TLV with value 1 (NL_NO_ADDRESS_AVAILABLE).
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.2.3 test executable.
- Updated run_nexus_tests.sh to include 5.2.3 in the default test
list.
This commit introduces the Border Agent Admitter feature , which
enhances Thread MeshCoP.
A Border Admitter is an enhanced Border Agent that functions as a
traditional BA while enabling new behaviors. It acts as a proxy and
dispatcher, allowing multiple external Enrollers to connect to it. It
then petitions to become the single Active Commissioner on the Thread
mesh, forwards new joiner requests to connected Enrollers, and
manages the session between joiners and multiple Enrollers
The implementation includes three main components:
- `Admitter`: The main class that orchestrates the feature, managing
enroller sessions and aggregating steering data.
- `Arbitrator`: A distributed election mechanism that runs among
Border Admitters on the mesh to select a single "Prime Admitter" by
publishing a new Border Admitter service in the Thread Network
Data.
- `CommissionerPetitioner`: A sub-component responsible for
petitioning the Leader to be granted the commissioner role. It
handles conflicts if another commissioner is already active.
New public APIs are added in `openthread/border_agent_admitter.h`.
This commit also introduces a suite of comprehensive tests for the
Border Admitter functionality under the `nexus` test framework. It
covers various scenarios including:
- Prime Admitter election and role management
- Enroller registration, keep-alive, and timeout interactions
- Handling of commissioner conflicts and petitioner retry mechanisms
- Support for multiple enroller sessions and combined steering data
- Forwarding of Joiner `RelayRx` and `UdpProxy` messages
- Joiner acceptance, release, and expiration tracking
Adds a new Nexus test case for 'REED Attach' (5.2.1) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.2.1:
- Added test_5_2_1.cpp: Sets up a Leader, REED_1, and MED_1 (DUT) topology.
Ensures REED_1 upgrades to a Router when the DUT attaches. Verifies
connectivity from the Leader to the DUT via REED_1 using ICMP Echo.
- Added verify_5_2_1.py: PCAP verification script for test 5.2.1,
ensuring MLE Parent Requests, Address Solicit/Responses, and ICMP
Echo Request/Replies are correctly exchanged and forwarded.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.2.1 test executable.
- Updated run_nexus_tests.sh to include 5.2.1 in the default test list.
Currently, the `run_cert()` function in `run_cert_suite.py` invokes
test scripts using `subprocess.check_call()` without a timeout. This
can cause the test suite to hang indefinitely if a test script fails
to terminate.
This commit updates `run_cert_suite.py` to support a configurable
`--timeout` argument. It passes this timeout to `check_call()` and
handles `subprocess.TimeoutExpired` to log failure and print output
upon timeout.
Additionally, this commit updates `script/test` to pass the
`TEST_TIMEOUT` environment variable to the test runner and updates
GitHub workflow configurations to define specific timeout values for
various test jobs.
Updates the `ot_nexus_test` macro to accept a list of labels for each
test case. This allows for categorizing tests and executing specific
subsets using `ctest -L`.
The tests are now assigned labels such as `core`, `cert`, and `trel`.
The `core` label is used for tests that verify OpenThread core logic
and behavior, distinguishing them from `cert` tests which cover
certification scenarios.
The GitHub workflow is updated to utilize `ctest -L` for running the
tests, replacing the previous `ninja test` command.
This commit adds `MessageBackedArray`, which implements a dynamic
array backed by a `Message` for data storage.
The new array class supports:
- Pushing new elements to the end.
- Reading and writing elements at specific indices.
- Searching in the array to find matching entries.
- Iterating over array elements.
- Clearing the array and freeing the underlying message.
Unit tests are added in `tests/unit/test_msg_backed_array.cpp` to
verify its functionality.
This commit updates `Joiner::Start()` to explicitly call
`SetIdFromIeeeEui64()` when `mDiscerner` is empty. This ensures that
the Joiner ID is freshly derived from the current IEEE EUI-64 address,
guaranteeing correctness even if the address was not ready during
initialization or has changed since the instance was created.
This commit optimizes the CoAP retransmission timer logic by removing
the `ScheduleRetransmissionTimer()` method, which iterated over all
pending requests to determine the next fire time.
The logic is updated as follows:
- `HandleRetransmissionTimer()` now determines the next fire time
while iterating over the `mPendingRequests` list to process
retransmissions. This avoids a redundant second pass over the list.
- `NextFireTime` is used to track the earliest fire time.
- `CopyAndEnqueueMessage()` uses `Timer::FireAtIfEarlier()` to
update the timer only if the new message's fire time is earlier
than the current schedule.
- `DequeueMessage()` no longer triggers a schedule update. If the
dequeued message was the next to expire, the timer will fire,
perform no actions, and then reschedule itself.
This commit removes a debug print statement in the Bytes.__eq__
method that was causing excessive output to stderr during packet
verification. The print statement was logging every byte comparison,
leading to cluttered logs and potentially impacting performance or
causing issues with log analysis.
- Removed print statement from Bytes.__eq__ in
tests/scripts/thread-cert/pktverify/bytes.py.
This commit updates `FreeJoinerFinalizeMessage()` to remove the state
check, allowing the message to be freed regardless of the current
state. It also removes the redundant cleanup in
`PrepareJoinerFinalizeMessage()` since `Joiner::Start()` handles the
cleanup upon error.
The `Joiner::Start()` method allocates the Joiner Finalize message and
then transitions the state to `kStateDiscover` before starting the
Seeker. If starting the Seeker fails, the exit label performs
cleanup, including calling `FreeJoinerFinalizeMessage()`. Previously,
`FreeJoinerFinalizeMessage()` checked that the state was `kStateIdle`
before freeing the message. Since the state had already been updated
to `kStateDiscover`, the message would not be freed, leading to a
message leak on failure.
Adds SuccessOrQuit() around SetRouterEligible() calls in Nexus tests to
properly handle potential errors and ensure test robustness.
Summary of changes:
- Modified tests/nexus/test_5_1_8.cpp, test_5_1_9.cpp, test_5_1_10.cpp,
and test_5_1_11.cpp to wrap SetRouterEligible(false) calls in SuccessOrQuit().
- Verified that tests build and pass correctly with these changes.
Adds a new Nexus test case for 'Router Synchronization after Reset' (5.1.13)
as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.13:
- test_5_1_13.cpp: Sets up a Leader and Router_1 topology,
simulates a router reset, and verifies successful re-synchronization.
- verify_5_1_13.py: PCAP verification script for test 5.1.13, ensuring
correct MLE advertisements, Link Request/Accept exchange, and
proper response timing and TLV validation.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.13 test executable.
- Updated run_nexus_tests.sh to include 5.1.13 in the default test list.
Adds a new Nexus test case for 'New Router Neighbor Synchronization' (5.1.12)
as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.12:
- Added test_5_1_12.cpp: Sets up a topology with a Leader, Router_2,
and DUT. DUT and Router_2 first attach to the Leader, then the
harness enables a direct link between them to trigger the
New Router Neighbor Synchronization procedure.
- Added verify_5_1_12.py: PCAP verification script for test 5.1.12,
ensuring that the DUT sends properly formatted MLE Advertisements
and exchanges Link Request/Accept messages with Router_2 as
required by the specification.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.12 test executable,
inserting it after 5.1.6.
- Updated run_nexus_tests.sh to include 5.1.12 in the default test list.
Adds a new Nexus test case for 'Attaching to a REED with better link
quality' (5.1.11) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.11:
- Added test_5_1_11.cpp: Sets up a topology with Leader, REED_1,
Router_2, and Router_1 (DUT). Configures RSSI to ensure REED_1
has a higher link quality than Router_2. Verifies that the DUT
attaches to REED_1 as its parent.
- Added verify_5_1_11.py: PCAP verification script for test 5.1.11,
validating the MLE Parent Request sequence (Routers then REEDs)
and the final attachment to REED_1.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.11 test executable.
- Updated run_nexus_tests.sh to include 5.1.11 in the default test list.
Adds a new Nexus test case for 'Parent Selection - Superior Link Quality'
(5.1.10) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.10:
- Added test_5_1_10.cpp: Sets up a Leader, Router_1, Router_2, and
Router_3 (DUT) topology. Uses AddRssIn to configure Router_1 with
superior link quality (LQ3) and Router_2/Leader with LQ2 relative
to the DUT. Verifies that the DUT selects Router_1 as its parent
during attachment.
- Added verify_5_1_10.py: PCAP verification script for test 5.1.10,
ensuring that the MLE Parent Request contains the mandatory TLVs
and that the Child ID Request is correctly sent to the superior
link-quality router (Router_1).
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.10 test executable.
- Updated run_nexus_tests.sh to include 5.1.10 in the default test
list.
Adds a new Nexus test case for 'Attaching to a REED with better
connectivity' (5.1.9) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.9:
- Added test_5_1_9.cpp: Sets up a Leader, Router_1, REED_1, REED_2, and
Router_2 (DUT). Configures REED_1 with better connectivity (links to
both Leader and Router_1) than REED_2 (link only to Leader). Verifies
that the DUT selects REED_1 as its parent.
- Added verify_5_1_9.py: PCAP verification script for test 5.1.9,
verifying MLE Parent Requests (Scan Masks 0x80 and 0xC0), Key ID Mode
0x02 in Step 5, ensuring REEDs do not respond to the first Parent
Request, comparing Connectivity TLV contents in Parent Responses to
ensure REED_1 is correctly selected, and ensuring Address Registration
TLV is absent in the Child ID Request.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.9 test executable.
- Updated run_nexus_tests.sh to include 5.1.9 in the default test list.
This commit fixes and enhances `test_coap_block.py`. Previously, the
test masked failures by using multiple trials and suppressing
exceptions. It appeared to pass even though an incorrect regex match
in `coap_wait_request()` caused it to consistently fail.
The regex in `coap_wait_request()` is updated to correctly match CLI
output and capture the CoAP method (GET, PUT, POST, DELETE).
The test script is enhanced by:
- Removing trial/retry logic and exception suppression that masked
previous failures.
- Verifying both request and response messages for GET, PUT, and
POST.
- Validating source IPv6 addresses in requests and responses.
- Ensuring the payload presence matches the expected behavior for each
CoAP method.
Adds a new Nexus test case for 'Attaching to a Router with better
connectivity' (5.1.8) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.8:
- Added test_5_1_8.cpp: Sets up a multi-router topology (Leader <-> R3 <->
R1 <-> R2). Uses AllowList to enforce path costs, verifying that the
DUT (Router_4) selects R3 as its parent since it has the best
connectivity (1 hop to Leader).
- Added verify_5_1_8.py: PCAP verification script for test 5.1.8,
ensuring MLE Parent Request, Parent Responses, and Child ID Request
follow the specification. Validates mandatory TLVs and the absence
of the Address Registration TLV in the Child ID Request.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.8 test executable.
- Updated run_nexus_tests.sh to include 5.1.8 in the default test list.
This commit updates `Coap::BlockwiseTransmitHook` to calculate the
current block count based on the block position (`aPosition`) and
block length (`*aBlockLength`), rather than relying on a `static`
variable.
The previous implementation used a `static uint32_t blockCount` to
track the progress of the block-wise transfer. This approach caused
issues when multiple transfers occurred concurrently or when the
process persisted across test retries (as in the simulation
environment). In such cases, the static variable could become out of
sync, leading to incorrect transfer termination or infinite loops.
By deriving `blockCount` from `aPosition`, the hook becomes stateless
and correctly handles retransmissions and concurrent transfers.
Adds a new Nexus test case for 'Minimum Supported Children – IPv6 Datagram
Buffering' (5.1.7) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.7:
- Added test_5_1_7.cpp: Sets up a Leader, Router_1 (DUT), 4 MEDs, and 6
SEDs. Verifies the DUT can handle the minimum required number of
children and buffers multiple concurrent IPv6 datagrams (including
a 1280-octet MTU packet) destined for SEDs.
- Added verify_5_1_7.py: PCAP verification script for test 5.1.7,
ensuring proper MLE attachment, correct forwarding of ICMPv6 Echo
Requests/Replies, and verification of buffered traffic to SEDs.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.7 test executable.
- Updated run_nexus_tests.sh to include 5.1.7 in the default test list.
This commit updates `CoapBase::ProcessBlockwiseSend()` to ensure a
Payload Marker is appended before adding the first block of data.
`SendMessage()` always calls `ParseHeaderAndOptions()` with
`kRemovePayloadMarkerIfNoPayload`, which removes any existing payload
marker if the message body is empty. However, for block-wise transfers,
the payload is added later via the block-wise transmit hook in
`ProcessBlockwiseSend()`. If the marker was removed, the first
block would be appended directly after the options without a
separator, resulting in a malformed CoAP message.
This change ensures that `ProcessBlockwiseSend()` explicitly restores
or adds the payload marker before appending the block data. The
documentation for `Message::AppendPayloadMarker()` is also updated to
clarify that the method is idempotent, making no changes if a marker
is already present.
Adds a new Nexus test case for 'Leader removes Router ID' (5.1.6) as
specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.6:
- Added test_5_1_6.cpp: Sets up a Leader and Router_1 (DUT) topology.
Verifies that when the Leader de-allocates a Router ID, the DUT
automatically re-attaches.
- Added verify_5_1_6.py: PCAP verification script for test 5.1.6,
ensuring that MLE Parent Request, MLE Child ID Request, and
Address Solicit Request messages follow the specification.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.6 test executable.
- Updated run_nexus_tests.sh to include 5.1.6 in the default test list.
Adds a new Nexus test case for 'Router Address Timeout' (5.1.5) as
specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.5:
- Added test_5_1_5.cpp: Sets up a Leader (DUT) and Router_1 topology.
Verifies that after deallocating a Router ID, the Leader does not
reassign that same Router ID for at least ID_REUSE_DELAY seconds.
Uses direct core method calls and nexus.AdvanceTime() for precise
timing control.
- Added verify_5_1_5.py: PCAP verification script for test 5.1.5,
ensuring that the Address Solicit Response contains a different
Router ID when requested before ID_REUSE_DELAY, and the requested
Router ID when requested after ID_REUSE_DELAY.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.5 test executable.
- Updated run_nexus_tests.sh to include 5.1.5 in the default test list.
Adds a new Nexus test case for 'Router Address Reallocation – DUT creates
new partition' (5.1.4) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.4:
- Added test_5_1_4.cpp: Sets up a Leader, Router_1 (DUT), and Router_2
topology. Uses AllowList to dynamically control connectivity,
verifying that Router_1 creates a new partition when the original
Leader is removed and Router_1 fails to reattach.
- Added verify_5_1_4.py: PCAP verification script for test 5.1.4,
verifying MLE Parent Requests (reattach attempts), new partition
creation, and Address Solicit Response.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.4 test executable.
- Updated run_nexus_tests.sh to include 5.1.4 in the default test list.
This commit introduces Seeker APIs in OpenThread. An earlier commit
extracted the discovery and candidate selection logic from the `Joiner`
role into a new, standalone `Seeker` module.
The `Seeker` is responsible for performing MLE Discover Scans to find
nearby Joiner Router candidates. It prioritizes these candidates based
on RSSI and steering data (indicating whether the Joiner is preferred)
and manages the list of candidates for connection attempts.
This separation allows the `Seeker` functionality to be utilized
independently of the full `Joiner` role, enabling the development of
custom joining mechanisms over Thread.
A new configuration option `OPENTHREAD_CONFIG_SEEKER_ENABLE` has been
added to control the presence of `otSeeker` APIs.
Adds a new Nexus test case for 'Router Address Reallocation – DUT attaches
to new partition' (5.1.3) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.3:
- Added test_5_1_3.cpp: Sets up a Leader, Router_1 (DUT), and Router_2
topology. Uses AllowList to dynamically control connectivity,
verifying that Router_1 reattaches to a new partition formed by
Router_2 after the original Leader is removed. Uses direct core
method calls and avoids magic numbers.
- Added verify_5_1_3.py: PCAP verification script for test 5.1.3,
ensuring MLE Parent Requests, Child ID Requests, and Address Solicit
messages follow the specification.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.3 test executable.
- Updated run_nexus_tests.sh to include 5.1.3 in the default test list.
This commit adds methods to `CoapBase::Metadata` to encapsulate logic
related to initialization, retransmission checks, and updating
retransmission counters. It also renames member variables for brevity
(e.g., `mRetransmissionsRemaining` to `mRetxRemaining`) and moves
`IsObserveSubscription()` to be a method of `Metadata`.
These changes simplify implementation by delegating metadata-specific
operations to the `Metadata` struct itself.
This commit enhances the DHCPv6 PD prefix conflict detection logic
to check against Route Information Options (RIOs) present in received
Router Advertisements, in addition to the existing check against
on-link prefixes (PIOs).
The conflict detection behavior is event-driven to correctly handle
network propagation delays and valid advertisements:
1. On new prefix assignment (`kPdPrefixChanged`): A strict check is
performed. If the prefix matches any existing RIO from another
router, it is flagged as a conflict.
2. On RA table updates (`kRxRaPrefixTableChanged`): The check focuses
on conflict resolution. Crucially, it ignores new RIO matches
appearing after the prefix has been adopted. This is necessary
because once the BR publishes the PD prefix in Thread Network
Data as the OMR prefix, other BRs will naturally start
advertising it as a RIO to announce reachability.
The unit test `TestDhcp6PdConflict` is updated to verify both the
detection of conflict, its resolution, and that the subsequent RIO
advertisements do not cause a conflict after PD prefix is published
as OMR.
This change introduces a new `Seeker` class to encapsulate the logic
for discovering and prioritizing Joiner Router candidates.
The `Joiner` class is updated to use the `Seeker` to perform the
discovery scan. The `Joiner` provides a callback `EvaluateScanResult`
to the `Seeker` to filter and evaluate scan results based on
Steering Data, preserving the existing behavior.
This change separates the discovery mechanism from the `Joiner` state
machine. This simplifies the `Joiner` implementation and facilitates
future enhancements to the joining process.
This commit makes to changes to how the Joiner Router candidates are
tracked or prioritized.
Adds a new Nexus test case for 'Child Address Timeout' (5.1.2) and
performs several refactorings to improve the nexus test framework.
Summary of changes:
- Implemented Nexus test 5.1.2 (Child Address Timeout):
- Added test_5_1_2.cpp: Sets up a Leader, Router (DUT), MED, and SED
topology with restricted connectivity using AllowList. Verifies
that the parent stops responding to Address Queries for children
after their timeout interval expires.
- Added verify_5_1_2.py: PCAP verification script for test 5.1.2.
- Refactored Nexus verification infrastructure:
- Created verify_utils.py: Shared module for common verification
logic, including monkey-patches for CoapTlvParser and
which_tshark, and a generic 'run_main' test runner function.
- Updated verify_5_1_1.py and verify_5_1_2.py to use verify_utils.py,
significantly reducing boilerplate code.
- Cleaned up imports in verify_utils.py by removing unused logging.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.2 test executable.
- Updated run_nexus_tests.sh to include 5.1.2 in the default test list.
Automates the execution of Nexus tests on CI using Ubuntu 24.04.
The workflow installs necessary dependencies including ninja-build,
tshark, and pyshark to support both simulation and packet-level
verification.
This script provides a unified entry point for executing Nexus C++
simulations and their corresponding Python packet verification scripts.
It supports running individual test cases or a default suite, handles
PCAP logging, and ensures proper error propagation.
The fix moves the necessary includes outside the FTD/MTD conditional block:
- Added explicit include: #include "common/uptime.hpp" is now included
when OPENTHREAD_CONFIG_UPTIME_ENABLE is defined, regardless of
FTD/MTD mode.
- Extended namespace usage: The using namespace ot; directive now
applies when either FTD/MTD is enabled OR uptime is enabled,
ensuring the namespace is available for the uptime functions.
This ensures that when OPENTHREAD_CONFIG_UPTIME_ENABLE is enabled, the
required headers are included even in RADIO mode, allowing the uptime
functionality to work correctly across all device types.
This commit updates `tests/nexus/test_discover_scan.cpp` to use
`MeshCoP::NetworkIdentity` instead of `MeshCoP::ExtendedPanIdManager`.
The latter was renamed in the core codebase, leading to a build
failure in the nexus discovery scan test.
Introduces `OPENTHREAD_CONFIG_MLE_DISCOVERY_SCAN_REQUEST_CALLBACK_ENABLE`
to conditionally compile the MLE Discovery Request callback feature.
Disabling this feature allows for code size reduction on builds where
it is not needed.
A new Nexus test (`test_discover_scan.cpp`) is added to directly
validate the `otThreadSetDiscoveryRequestCallback()` API behavior.
This new test replaces a now-removed CLI-based test which used
(`discover reqcallback`). This CLI command was originally added for
testing purposes. The CLI command is not helpful as an async event
would produce unsolicited output in the CLI. The new direct C++ test
is a cleaner approach.
This commit adds a Python script to perform automated packet verification
for the Nexus test case 5.1.1 (Attaching), following the Thread
certification specification.
Changes:
- Added tests/nexus/verify_5_1_1.py:
- Implements all steps (1-11) of the 5.1.1 test specification.
- Includes a custom CoAP TLV parser to extract Thread-specific fields
(Status, RLOC16, Router Mask) from CoAP payloads.
- Automatically configures Wireshark preferences for decryption
based on the test's JSON output.
- Includes the full test specification as inline comments.
- Updated tests/scripts/thread-cert/pktverify/layer_fields.py:
- Enhanced the _auto parser to handle boolean strings ('True', 'False')
returned by newer versions of tshark, preventing parsing errors
during verification.
This commit updates `RoutingManager` to detect if a delegated DHCPv6
PD prefix conflicts with any on-link prefix advertised on the
infrastructure link.
This protects against potential DHCPv6 server misbehavior and bugs
where the same prefix might be assigned to multiple requesters.
If a conflict is detected, the delegated PD prefix is marked as
conflicted and is no longer used as the OMR prefix. Instead, we
revert to using the locally generated OMR prefix. If the conflict
is resolved, the delegated PD prefix is used again.
A new unit test `TestDhcp6PdConflict()` is added to verify this
behavior.
This commit adds support for writing test_info.json in the Nexus platform.
The test_info.json file contains information about the test topology,
including node names, roles, and addresses. This information is used by
the packet verification framework to verify the behavior of the network.
Changes:
- Added `Core::SaveTestInfo` to `nexus_core.cpp` to write node information to JSON.
- Added `SetName` and `GetName` to `Node` class in `nexus_node.hpp`.
- Updated `test_5_1_1.cpp` to set node names and call `SaveTestInfo`.
This commit adds a new Nexus test case to verify the "5.1.1 Attaching"
scenario from the Thread certification specification.
The test case verifies that:
1. A node can form a network and become a Leader.
2. A second node can join the network and become a Router.
3. Connectivity between the Leader and Router is functional using ICMPv6 Echo
to Link-Local addresses, verifying both roles as DUT.
The test ensures basic network formation and attachment functionality
within the Nexus simulation environment.
This commit enables PCAP output in the Nexus platform by adding a
Nexus::Pcap utility class and integrating it into the Nexus::Core.
PCAP logging can be enabled by setting the OT_NEXUS_PCAP_FILE
environment variable.
This marks a simulation node as 'awake' whenever an event is sent to
it. This is required because the event will induce processing on the
node followed by an alarm-event sent back to the simulator. The
simulator needs to wait to properly catch this final alarm-event;
otherwise, this alarm-event may be mistakenly processed as
confirmation of a newer event that follows later, in case the OT node
process is lagging in processing as may happen typically in CI
environments.
Also the case of unknown event type is now raised as an exception, to
avoid undetected errors in the simulation. This could cause an event
to be not sent to the node at all while the node's time is updated by
the simulator (using `self.devices[port]['time'] = event_time`) as if
the node is up to date on the latest virtual time, which it isn't,
because an event is not sent to the node.
Also fixes a potential undefined local variable 'data' flagged by the
IDE.
This commit introduces `NetworkIdentity` class to track the network
identity parameters, specifically Extended PAN ID, Network Name and
Domain Name.
The new class replaces the `ExtendedPanIdManager` and
`NetworkNameManager` which are removed by this commit.
This change simplifies `extended_panid.hpp` and `network_name.hpp`.
They now contain only basic type definitions (`ExtendedPanId` and
`NetworkName`). This allows these headers to be included in other
modules without pulling in unnecessary header dependencies.
The IEEE 802.15.4 standard specifies that the FCS is a 16-bit ITU-T
CRC calculated over the bits in the order they are transmitted (LSB
first). The previous implementation used the CrcCalculator with the
CCITT polynomial but processed bytes in an MSB-first manner, which is
incorrect for 802.15.4.
This commit updates Radio::Frame::UpdateFcs() to implement the
reflected CRC-16-CCITT algorithm correctly by processing bits LSB-first
using the reflected polynomial 0x8408.
This commit adds IEEE 802.15.4 FCS (Frame Check Sequence) computation
to the Nexus radio driver. Each frame to be transmitted is updated
with the proper CRC16-CCITT before being passed to the simulation.
Motivation for this change is to ensure that frames captured from
the Nexus simulation have a valid FCS, enabling proper decoding and
display in Wireshark when using pcap output.
This commit updates `Coap::ResponseHandler` to use a single
`Coap::Msg` pointer instead of separate `Message` and `MessageInfo`
pointers. The `Msg` class encapsulates both the CoAP message and its
associated IP message info, simplifying the handler signature and
usage.
It retains support for the legacy `otCoapResponseHandler` signature
(which uses separate parameters) for the public API by introducing
`SendMessageWithResponseHandlerSeparateParams`. This ensures that
public APIs like `otCoapSendRequest` continue to work without
breaking changes while allowing internal modules to benefit from the
simplified interface.
It introduces `CoapBase::SendCallbacks` to consolidate the storage and
invocation logic for different callback types, including the new
`ResponseHandler`, the legacy `ResponseHandlerSeparateParams`, and
block-wise transfer hooks.
All internal modules (MLE, MeshCoP, Network Data, etc.) are updated to
define their response handlers using the new `ResponseHandler`
signature with `Msg` input.
This commit adds a `GenerateRandom()` method to the `ExtendedPanId`
class, enabling the generation of a cryptographically secure random
Extended PAN Identifier.
The `ExtAddress` class inherits from `Equatable<ExtAddress>`, which
already provides an `operator==` implementation that compares
the object's memory content.
This commit adds a `@note` to the documentation of
`otPlatInfraIfDiscoverNat64Prefix` functions to make it clear that any
prefix it supplies will have a lower priority than one discovered via
RA PREF64 option (RFC 8781).
This enables the TCAT Commissioner to receive data such as TLS Alerts,
or asynchronously sent 'event' TLVs, over TLS. Processing TLS Alert
is required to detect the sending of Alert by the TCAT Device, which
is a requirement to be verified in cert tests. An async background
process is started to receive and log the received events.
Also some minor improvements in connection state management: when
certain commands are given after the TCAT link is disconnected, or
when a TCAT link could not be established, a message will be printed
to clearly say it's disconnected, instead of a cryptic error. Error
messages are now clearly prefixed with 'Error:'.
The CA certificate store for CommCert3 is extended with an additional
CA certificate, so that it can be verified in cert tests that a TCAT
Device rejects a wrong Commissioner with a TLS Alert (previously this
couldn't be tested).
Also includes a fix of the pyproject.toml such that Poetry does not
display the long warning on installation.
Also includes an improvement of TLV displaying to the user with a
STRING field, if the value is a string.
Also includes some syntax fixes that were flagged by the IDE, such as
missing return types for methods, or member variables that were not
initialized in the __init__().
This commit introduces a new `otMessageClone()` API to create a
full clone/copy of a message.
Additionally, the documentation for the `otUdpReceive` and
`otUdpHandler` callbacks is polished to improve clarity on message
ownership and lifetime.
This updates the Joiner CLI to use the correct VendorInfo data which
is configured in the build or set at runtime. Benefit is that this
data is also length-checked. Previously, the command could fail when
PACKAGE_VERSION was length > 16.
This commit updates `ApplyDirectTxQueueLimit()` to improve how the
direct tx queue handles frame limits.
Previously, when the direct tx queue reached its configured frame
count threshold, the code attempted to remove aged messages. If this
was insufficient, the new incoming message was dropped.
With this change, after attempting to remove aged messages, the code
now attempts to evict an existing lower-priority message (and all its
frames) from the direct tx queue to make room for a new higher
priority message. If no existing message can be evicted (i.e., all
messages are of higher or equal priority), the new message is
dropped.
This commit updates the `CoapBase::Interceptor` function pointer type
to accept `const Msg &` instead of separate `const Message &` and
`const Ip6::MessageInfo &` arguments. It also reorders the `void *`
to match other CoAP callbacks.
Implementations in `BackboneTmfAgent::Filter` and `Agent::Filter`
have been updated to match the new signature.
This commit introduces a new `VendorInfo` class to encapsulate
vendor-related information such as vendor name, model, and software
version.
Previously, these parameters were managed within the `NetworkDiagnostic`
module. Moving them to a dedicated class facilitates sharing and
utilization by other modules across the OT core (e.g., Border Agent,
TCAT, Joiner).
This change simplifies the `Coap::Message` implementation and removes
the fragile `HelpData` struct which was used to cache header
information within reserved portion of message.
The `Coap::Msg` class is updated to hold the parsed CoAP header
information (type, code, message ID, token). It now inherits from a
new `HeaderInfo` class which contains the parsed fields. This change
helps to simplify many of the call sites which previously had to parse
the header information themselves.
The key changes are:
- The `HelpData` struct is removed from `Coap::Message`.
- `Coap::Msg` is updated to track parsed header info in `HeaderInfo`.
- `otCoapMessageInit()` and `otCoapMessageInitResponse()` now return an
`otError`.
- Methods are renamed to harmonize their names.
- A new unit test `test_coap_message.cpp` is added to verify the
`Coap::Message` implementation.
This commit updates `Mpl::ProcessOption()` to skip MPL processing on
Sleepy End Devices (SEDs) as an optimization. Along with this it
introduces a check to prevent SEDs from processing their own
multicast messages.
Since MPL is now skipped on SEDs, they no longer have a mechanism
for multicast duplicate detection. This can cause an issue when an
SED sends a multicast message to a group it is subscribed to, as its
parent can forward the message back to the SED.
To handle this, `Ip6::DetermineAction()` is updated. For SEDs, it now
checks if the source address of a subscribed multicast message
belongs to the device itself. If it does, the message is not
received, preventing the SED from processing its own looped-back
messages.
The behavior for non-sleepy devices remains unchanged. They continue
to rely on MPL for duplicate suppression.
A default OTNS platform API function otPlatOtnsStatus() is now
provided that writes the status push to the log always (regardless of
configured log level). This is useful as a default handling for apps
built with -DOT_OTNS=ON, avoiding linker errors while not mandating
each platform to implement the API by itself.
Specifically it enables the Posix CLI app ot-cli to be built with OTNS
support, which is required to run Posix nodes in OTNS and receive the
status-push events via stdout logging.
The logging is emitted from the module named "Otns" so that a
simulator or other tool can easily detect the OTNS format status push
events in the log output.
This change moves the TLV value reading logic from static methods in
the `Tlv` class to member methods of the nested `Tlv::Info` class.
The new methods `Tlv::Info::ReadValue()`, `Tlv::Info::ReadStringValue()`,
`Tlv::Info::ReadUintValue()`, and the templated `Tlv::Info::Read<T>()`
operate on an existing `Tlv::Info` object that has already parsed a
TLV from a message.
This improves the API design by having the read operations use the
pre-parsed and validated state within a `Tlv::Info` instance. It
avoids the need to pass the TLV offset to read functions and
eliminates redundant re-parsing of the TLV header on each read,
making the code cleaner and more efficient.
The previous static methods `Tlv::Read<T>()`, `Tlv::ReadStringTlv()`,
and `Tlv::ReadUintTlv()` are removed, and all call sites are updated
to the new pattern.
Refactors the example CLI app and the CLI module code to provide a
default implementation of the 'APP' log output option for any CLI
apps. This default is used when log output is configured to 'APP'
output and the CLI application itself does not provide its own
implementation of `otPlatLog()`.
This extends the current logging option (syslog) for the Posix app
ot-cli with the option to direct the log output to the CLI app, which
then prints it in stdout. This logging option can be enabled using the
existing -DOT_LOG_OUTPUT=APP. Previously, this gave a build error for
the Posix platform. This logging method is useful/required for running
NCPs in OTNS, such that the simulator can capture all log output and
at the same time syslog is not overly burdened on the host machine.
This change renames `Tlv::ParsedInfo` to `Tlv::Info` to make it more
concise and to better reflect its purpose as a metadata holder for a
TLV in a message.
The member variables of `Tlv::Info` are made private and public
accessor methods are introduced to interact with the object's
contenet. This helps ensure that the internal representation of the
parsed TLV information is not modified directly by external modules.
All existing caller are updated to use the new name and the public
helper getter methods.
The Doxygen comments of `Tlv::Info` are also improved for better
clarity. Unit test `test_tlv` is also updated to validate all the
new methods.
When `OPENTHREAD_CONFIG_REFERENCE_DEVICE_ENABLE` is active, this
change mandates that the vendor name string MUST begin with the "RD:"
prefix. This ensures that reference devices are clearly and
consistently identifiable through network diagnostic queries.
The enforcement is applied at two levels:
- A compile-time `static_assert` is added to validate the default
`OPENTHREAD_CONFIG_NET_DIAG_VENDOR_NAME` at build time. This uses a
new `constexpr` helper utility `CheckConstStringPrefix()`.
- A runtime check is added to `otThreadSetVendorName()`, which will
now return `OT_ERROR_INVALID_ARGS` if an invalid name is provided
on a reference device build.
All related test configurations (`scan-build`, `toranj`, `nexus`) and
CLI tests are updated to reflect this new requirement and validate
it.
Radio recovery that does not fully reset the firmware leads to tables
filling up with duplicate entries. After a few resets, future resets no
longer work. Clearing the tables before inserting entries allows for
their state to be consistent during recovery.
Group mbedTLS configuration macros into logical sections and improve
formatting.
This commit helps prepare for PSA API backend introduction.
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
This change separates the Connectivity TLV value format from its
logical structure by introducing `ConnectivityTlvValue` (raw format)
and `Connectivity` (parsed info). This replaces the `ConnectivityTlv`
class and enables value format sharing between MLE and Network
Diagnostics (without improper TLV inheritance).
It also updates `ParentCandidate` to use the new `Connectivity` class
for better field encapsulation. It also updates `ConnectivityTlvValue`
parsing to handle optional fields and enforce spec-defined minimums
for these fields.
Replace the include of `<openthread/platform/memory.h>` with
`<openthread/platform/crypto.h>` in the mbedTLS config header file.
Recent PR #12290 introduced `otPlatCryptoCAlloc()` and
`otPlatCryptoFree()` platform APIs and updated the mbedTLS config to
use them. This commit ensures the correct header is included to
prevent build errors regarding use of undeclared functions
(e.g. "error: use of undeclared identifier 'otPlatCryptoCAlloc'").
The router processes its child table every second. After a child
gracefully detaches, wait some time to ensure that the router has
processed the child table entry.
This change simplifies the TLV parsing logic within the
`Client::GetNextDiagTlv()` method.
The manual parsing of basic and extended TLVs is replaced by using the
`Tlv::ParsedInfo` helper method. This encapsulates the parsing
logic, making the `GetNextDiagTlv()` method cleaner and easier to
follow.
Additionally, the `TlvInfo` typedef is renamed to `DiagTlv` to
prevent any confusion with the new `Tlv::ParsedInfo tlvInfo` variable
and to better reflect its purpose.
This commit enhances the parsing of discovery response messages in
`DiscoverScanner::HandleDiscoveryResponse()`.
The parsing logic is updated to first restrict the message to the
content of the `Discovery` TLV. This allows for a simpler and more
robust processing of the nested MeshCoP sub-TLVs. Instead of looping
through all sub-TLVs, the new approach directly looks for each expected
sub-TLV.
This change provides a clearer distinction between required TLVs
(`DiscoveryResponseTlv`, `ExtendedPanIdTlv`, `NetworkNameTlv`) and
optional ones. The handling of optional TLVs like `JoinerUdpPortTlv`
and `SteeringDataTlv` is improved to explicitly manage the case where
they are not found.
Additionally, this commit includes minor cleanups to `SteeringDataTlv`
to simplify its implementation.
This commit introduces `Coap::Msg`, a class that encapsulates
`Coap::Message` and its associated `Ip6::MessageInfo`.
`Coap` methods and TMF resource handlers are updated to use
`Coap::Msg` when handling received messages. This change simplifies
method signatures by reducing the number of parameters and enables
future extensibility for tracking additional information related to
received CoAP messages.
This commit introduces two new platform functions:
- otPlatCryptoCAlloc()
- otPlatCryptoFree()
It also provides a default implementation using the OpenThread Heap.
This API is necessary for the upcoming work related to PSA API
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
This commit introduces `LeaderDataTlvValue` as a distinct type to
represent the content of a Leader Data TLV. This allows the same value
format to be shared between the MLE and Network Diagnostic modules.
Previously, `NetworkDiagnostic::LeaderDataTlv` inherited from
`Mle::LeaderDataTlv` to reuse the implementation of the value format.
This inheritance was semantically incorrect, as a Network Diagnostic
TLV is not a specialization of an MLE TLV. The new approach of using
a shared `LeaderDataTlvValue` type provides a cleaner and more
accurate design.
With this change, `LeaderDataTlv` in both modules is now defined as a
`SimpleTlvInfo` type. This enables replacing manual TLV manipulation
with the generic `Tlv::Append<T>()` and `Tlv::Find<T>()` helpers,
making the code at the call sites cleaner and less error-prone.
This change simplifies `DiscoveryRequestTlv` and `DiscoveryResponseTlv`
generation and processing.
New types `DiscoveryRequestTlvValue` and `DiscoveryResponseTlvValue` are
introduced to represent the value (payload) of these TLVs. This s
simplifies the call sites by using the generic `Tlv::Append<T>()` and
`Tlv::Read<T>()`.
This change introduces a new build-time configuration flag,
`OPENTHREAD_CONFIG_JOINER_ADV_EXPERIMENTAL_ENABLE`, to control the
inclusion of the experimental Joiner Advertisement feature.
This behavior was first added in PR #5299. It allows optional
inclusion of a newly proposed Joiner Adv TLV in an MLE Discovery Scan
Request message.
This is an experimental feature and is not part of the Thread
specification. OpenThread's implementation is limited and partial: it
only provides the mechanism for a Joiner to include a new Joiner Adv
TLV in its emitted Discovery Scan Request messages, but does not
include the corresponding logic for the receiver of Scan Request to
read or parse this TLV.
The new flag conditionally compiles this behavior. It allows for the
entire feature to be compiled out, reducing code size and memory
usage for devices that do not require this experimental
functionality. Additionally, this change clarifies the experimental
status of the feature in the documentation.
By default, this is now disabled. It is enabled under posix build for
`toranj` tests so that it is covered in GitHub CI.
This change updates the netlink message handling for the infra link on
the POSIX platform to be more robust and efficient for `RTM_NEWLINK`
and `RTM_DELLINK` messages.
The logic for handling infra index changes is:
1. On `RTM_DELLINK`, the code verifies `ifinfo->ifi_index` is for the
currently infra index `mInfraIfIndex`.
2. On `RTM_NEWLINK`, it identifies the infra by its name
`if_indextoname(ifinfo->ifi_index)` and updates `mInfraIfIndex`.
There was a mistake with the ot_option macro usage. It shall not
contain `,` between arguments.
Signed-off-by: Arkadiusz Balys <arkadiusz.balys@nordicsemi.no>
This change introduces two new CLI commands to the Border Agent module
for managing Thread Administration One-Time Passcodes (TAPs).
The new commands are:
- `ba ephemeralkey generate-tap`: This command generates and outputs a
cryptographically secure random TAP string. Note that it does not
start ephemeral key use with this TAP string.
- `ba ephemeralkey validate-tap <keystring>`: This command validates a
given TAP string by checking its length, character set, and the
Verhoeff checksum.
The change also includes documentation updates and a new test case to
verify the functionality.
The `SteeringData` class and its related methods are moved from
`meshcop.hpp` and `meshcop.cpp` to new dedicated files
`steering_data.hpp` and `steering_data.cpp`.
This change addresses a circular include dependency issue, allowing
`SteeringData` to be included more easily in other parts of the
codebase, such as `meshcop_tlvs.hpp`, without requiring forward
declarations or pulling in unnecessary dependencies from the larger
`meshcop.hpp` header.
This commit introduces a new `otCoapToken` struct and a corresponding
`Coap::Token` class to provide a clear and type-safe representation
of a CoAP message token.
The CoAP APIs are updated to use these new types, replacing the use
of raw `uint8_t` pointers and separate length parameters. This
encapsulation enhances robustness and reduces the potential for
errors in token handling.
The following new APIs are added:
- `otCoapMessageReadToken()`
- `otCoapMessageWriteToken()`
- `otCoapMessageAreTokensEqual()`
Importantly, several older APIs are now marked as deprecated (some
returned pointers directly into `otMessage` data which is unsafe).
While these APIs remain supported for now, their use is discouraged,
and applications should migrate to the new APIs. Deprecated APIs:
- `otCoapMessageGetTokenLength()`
- `otCoapMessageGetToken()`
- `otCoapMessageSetToken()`
The internal implementation is updated to utilize the new `Token`
class, and the CLI implementation is updated to use the new public
APIs. Additionally, Doxygen documentations are updated for the new
and updated APIs.
This commit fixes incorrect return type in doxygen generated doc by
telling doxygen `OT_TOOL_PRINTF_STYLE_FORMAT_ARG_CHECK` should be
expanded. Doxygen got confused with macros following function
declarations.
This commit adds the nullptr check in `SettingsFile::SetSettingsPath`.
If the nullptr is passed to `SettingsFile::SetSettingsPath`, it will
set the settings path to a default path
(OPENTHREAD_CONFIG_POSIX_SETTINGS_PATH).
This commit improves the structure and readability of the CoAP public
API header(`coap.h`) and its implementation (`coap_api.cpp`).
- Reorganizes function and type declarations in `coap.h` and their
corresponding definitions in `coap_api.cpp` into logical groups to
improve clarity. For example, group all block-wise transfer APIs
together. There is no change to the API documentation.
- Moves the definitions of several `static inline` functions
(e.g., `otCoapSendRequest`, `otCoapSendResponse`, and block-wise
transfer variants) from `coap.h` to `coap_api.cpp`.
- Updates `otCoapOptionContentFormat` enum comments to use the `///<`
style for better consistency and alignment.
This commit enables the format-nonliteral check for code missed in
`#12236`. This commit also enables the format-nonliteral warnings in
CMake to catch such warnings in future in CMake build.
This change enhances the CoAP message implementation by enhancing
the nested `Message::Header` class.
This class encapsulates the logic for parsing and managing CoAP
header fields, including version, type, token, code, and message ID.
The main `Message` class methods are updated to delegate header
manipulation to the `Header` class.
The direct bitwise operations for header fields are replaced with the
`ReadBits<>()` and `WriteBits<>()` utility functions for better
clarity and maintainability.
This commit adjusts how the `MAC Mode2 key` is cleared to avoid
invalidating it in certain runtime flows.
In the previous behavior, when the OpenThread instance is initialized,
Mac is constructed and sets the Mode2 key. If
otInstanceErasePersistentInfo is called afterwards, the call chain
reaches KeyManager::DestroyTemporaryKeys(), where the Mode2 key is
cleared. However, there is no subsequent point where the Mode2 key is
re-set. If Thread is then enabled and a frame using Key ID Mode 2 is
received, the Mode2 key remains invalid, which can lead to incorrect
behavior.
To fix this, this commit removes the Mode2 key clearing from
`KeyManager::DestroyTemporaryKeys()` and clears the Mode2 key in the
Mac destructor. This ensures that the Mode2 key stays valid for the
lifetime of the Mac (and thus the OpenThread instance) after
initialization, and is only cleared when Mac is destroyed.
This commit introduces a new `DefineEnumStringArray` macro to simplify
the conversion of enums to their string representations. This
utility uses the X-Macro pattern to generate a `constexpr` lookup
array and validates the enum-to-string mapping at compile time using
`static_assert` checks.
This approach replaces a more verbose and error-prone pattern that
required manual definition of a string array and a separate code for
validation.
This commit enhances the CoAP block-wise transfer implementation by
removing the `BlockWiseData` struct within `Message::HelpData` and its
associated getter/setter methods (e.g., `GetBlockWiseBlockNumber()`,
`SetBlockWiseBlockNumber()`). The `Message` object is no longer
responsible for carrying temporary state related to block-wise transfers,
addressing the fragility of the previous design which used the reserved
header portion of the `Message` to store these properties.
A new `BlockInfo` struct has been introduced to cleanly encapsulate the
three pieces of information from a Block option: `mBlockNumber`,
`mBlockSzx` (size exponent), and `mMoreBlocks` flag. It also includes
utility methods like `GetBlockSize()` and `GetBlockOffsetPosition()` to
simplify calculations.
All methods involved in block-wise transfers in `coap.cpp` (e.g.,
`ProcessBlockwiseSend`, `SendNextBlock1Request`) have been updated to
use the new `BlockInfo` struct. They now create local `BlockInfo`
variables and call `ReadBlockOptionValues()` to populate them.
This commit also includes minor cleanups and improvements:
- "Block size" is now used consistently instead of block length (e.g.,
`kMaxBlockLength` is renamed to `kMaxBlockSize`).
- `OffsetRange` is now used to read the payload in
`SendNextBlock2Request` and `ProcessBlock1Request`, simplifying the
code.
This commit extracts observe-related logic from several methods into
new dedicated helper functions `ProcessObserveSend()` and
`IsObserveSubscription()`.
This change improves the clarity and maintainability of the main CoAP
methods:
- `SendMessage()` now delegates observe cancellation logic to
`ProcessObserveSend()`.
- `ScheduleRetransmissionTimer()` and `HandleRetransmissionTimer()`
use the new `IsObserveSubscription()` helper to determine if a
pending request is an active subscription that should not time
out.
- `ProcessReceivedResponse()` is simplified by separating the control
flow for observe notifications from multicast responses.
This commit allows users to pass the settings path through a command
line flag (`--data-path`) when starting the daemon / cli.
- It introduces `ot::Posix::PlatformSettingsGetPath()` and
`ot::Posix::PlatformSettingsSetPath` to unify the method of getting
/ setting the settings file path.
- If users doesn't not set this flag, the settings path will be
default to OPENTHREAD_CONFIG_POSIX_SETTINGS_PATH.
Introduces a new helper `Tlv::AppendEmptyTlv()` and a templated
version `Tlv::AppendEmpty<TlvType>()` to simplify appending empty TLVs
to a message.
This avoids repetitive manual construction of empty TLVs in different
parts of the codebase.
This commit introduces a new set of static methods to simplify
writing TLVs with variable lengths to a `Message`.
The new mechanism consists of three methods:
- `Tlv::StartTlv()`: Appends a placeholder TLV header and returns a
`Bookmark`.
- `Tlv::AdjustTlv()`: Optionally promotes the TLV to an extended TLV
if the length grows beyond the standard TLV limit. This is an
optimization to avoid large copies within a message.
- `Tlv::EndTlv()`: Calculates the final length and updates the TLV
header, promoting to an extended TLV if necessary.
This new set replaces the common but cumbersome pattern of manually
saving the start offset, appending data, and then back-patching the
length field.
The existing code is updated to use this new, simpler, and more
robust mechanism.
This commit also adds unit tests to validate the new functionality.
Increase the simulation wait time from 2 to 5 seconds in the
`test_mle_msg_key_seq_jump` after child restart.
This larger time window accounts for randomness in the timing of the
Child Update transmission. This makes the test more robust by ensuring
the child has sufficient time to send its "Child Update Request".
This change reorganizes the CoAP blockwise transfer implementation to
improve code structure and readability.
The logic for handling blockwise transfers is extracted from
`ProcessReceivedRequest()` and `ProcessReceivedResponse()` into two new
private helper methods: `ProcessBlockwiseRequest()` and
`ProcessBlockwiseResponse()`.
This separation makes the main request and response processing methods
simpler and more focused on their primary role, delegating the
complexities of blockwise transfers to dedicated functions.
Additionally, this change introduces `Message::UriPathStringBuffer` as a
`typedef` to provide a clear and consistent type for handling URI path
string buffers.
This commit introduces a new generic method `Tlv::ValidateStringValue()`
to provide a unified way of validating string values intended for use
in string-valued TLVs.
This new method checks that a given C string is a valid UTF-8 string
and that its length does not exceed the maximum length defined by the
`StringTlvType`.
The `Joiner::Start()` method is updated to use this new validation
method, which simplifies the code by replacing several explicit and
repetitive checks. This improves code clarity and maintainability by
centralizing the string validation logic.
This commit also adds missing validation for `aVendorModel` in
`Joiner::Start()`
This commit contain style fixes for the `Joiner` for improved
clarity and consistency. Changes include:
- Rename `mCallback` to `mCompletionCallback` and introduce a new
`CompletionCallback` typedef for `otJoinerCallback` to more clearly
indicate its purpose.
- Improve Doxygen comments for the `State` enum to make them more
descriptive.
- Replace the use of `OPENTHREAD_CONFIG_JOINER_MAX_CANDIDATES` macro
with a new private constant `kMaxJoinerRouterCandidates`.
- Reorder private method and member variable declarations in
`joiner.hpp` to follow a more consistent style.
This commit simplifies the block-wise transfer implementation within
`CoapBase::SendMessage()`.
It extract the logic for handling the initial block of an outgoing
block-wise transfer from `CoapBase::SendMessage()` into a new private
method, `ProcessBlockwiseSend()`. This improves readability and
maintainability while removing code duplication when processing
block-wise sends for different message types.
It also cleans up `coap.hpp` by consolidating several declarations
related to block-wise transfers under a single
`OPENTHREAD_CONFIG_COAP_BLOCKWISE_TRANSFER_ENABLE` block.
This change improves the internal implementation of CoAP block-wise
transfers.
Introduces an internal `Coap::BlockSzx` enum to mirror the public
`otCoapBlockSzx` enum, improving the separation between the API and
the implementation. All internal functions are updated to use the new
`BlockSzx` enum.
The logic from `otCoapBlockSizeFromExponent()` is moved into a new
core `Coap::BlockSizeFromExponent()` function. The public function
becomes a simple wrapper.
A new helper function, `CoapBase::DetermineBlockSzxFromSize()`, is
added to replace a `switch` statement, simplifying the logic for
determining block size from a given buffer length.
`ResourceBlockWise` is updated to inherit from `LinkedListEntry`,
aligning it with the common pattern used for managing resource lists.
This commit introduces enhanced format string checking. It activates a
new compiler warning to identify potential issues with non-literal
format strings and systematically applies format attribute macros to
functions that handle variable arguments.
This commit simplifies the validation of `Coap::TxParameters`.
The primary `SendMessage()` method is updated to accept `TxParameters`
as a pointer, where `nullptr` is mapped to the default `TxParameters`.
The user-provided `TxParameters` are now validated in the primary
`SendMessage()` method by calling `TxParameters::ValidateFor()` replacing
checks previously performed in `coap_api.cpp` source file.
This commit also adds a set of `static_assert()` checks to validate the
default `TxParameters` at compile-time, ensuring all its properties are
within valid ranges and that duration calculations will not cause
an overflow.
This approach simplifies the API by removing the `TxParameters::From()`
helper and centralizes `TxParameters` selection and validation logic
within the core `CoapBase` class.
This commit improves the accuracy of CSL timer fire time by taking
into account the accuracy drift introduced between the current CSL
window and next CSL window.
Original implementation:
- calculate CSL window edges based on current elapsed time
- CSL window edges used to obtain next CSL timer fireAt time
- does not account for additional drift due to accuracy from now until
next CSL window
- undesired outcome: if CSL period is large (e.g. 10s) and accuracy is
poor (e.g. 200ppm), then the additional accuracy drift could be
significant (e.g. 2ms) and the SSED may wake up too late
Suggested implementation:
- calculate the additional expected drift between now and next CSL
window (i.e. periodUs) and account for this difference by setting
CSL timer to fireAt earlier
This commit introduces a new script `update-header-guards.py` which
checks for the presence of header guards in `.h` and `.hpp` files and
automatically updates them, standardizing the header guard name format
across the codebase.
The new format for header guards is derived from the full path of the
file. For example, `src/core/common/notifier.hpp` will use
`OT_CORE_COMMON_NOTIFIER_HPP_`. The guard name includes additional
prefixes such as `OT_` or `OPENTHREAD_` to ensure uniqueness.
This new naming format handles cases where the same filename may be used
in different folders, such as the two `heap.hpp` files located in
`src/core/common` and `src/core/utils`.
It also ensures that public and platform OpenThread headers under
`include/openthread` have uniquely distinct header guard names to avoid
conflicts when these headers are included in other projects.
The new script helped identify issues with existing header files that
lacked header guards (e.g., `posix/system.hpp`) or had improper guards
(e.g., `openthread/link_metrics.h`).
This commit also introduces a new check script `check-header-guards` to
validate that all header guards are correctly formatted. This check is
added to the GitHub CI actions to ensure consistency moving forward.
All existing header files have been updated (using the new script)
to apply the new guard name format.
This commit reorders block-wise related methods in both header and
source files to group them within the same `#if` block. This is a
purely stylistic change to improve code organization and readability
and do not alter any functionality.
This commit updates `Server::PrepareAndSendAnswers()` to utilize
`Tlv::ParsedInfo` for more robust TLV parsing and validation. This
ensures correct validation and size calculation for both standard and
extended TLVs when iterating over TLVs through the received message.
This change also adds an explicit check to skip over extended TLVs,
ensuring the implementation correctly handles cases where extended
TLVs may be present.
This change improves the design and implementation of the CoAP response
caching mechanism.
The main changes are:
- `ResponsesQueue` is renamed to `ResponseCache` to better reflect its
purpose.
- `ResponseCache` is moved to be a private nested class within
`CoapBase` to improve encapsulation.
- The responsibility of sending a cached response is moved into the
`ResponseCache` class. A new `SendCachedResponse()` method handles
finding, cloning, and sending the cached response, which simplifies
the `ProcessReceivedRequest()` method in `CoapBase`.
- Method names within `ResponseCache` are updated for better clarity
(e.g., `DequeueAllResponses()` to `RemoveAll()`).
- Comments are updated to align with the new design.
This change results in a cleaner design with better-defined
responsibilities for the `ResponseCache` and `CoapBase` classes.
This change introduces new overloads for `Coap::SendMessage()` that
accept an `OwnedPtr<Message>`, transferring ownership of the message
to the CoAP layer upon being called.
The modules `BorderAgent` and `Commissioner` are updated to use this
new method. The use of `OwnedPtr<Message>` simplifies the message
allocation and cleanup. This removes the need for manual clean up
calls(e.g., `FreeMessageOnError()`) and makes the code safer.
This commit introduces a new public NAT66 related API function,
`otNat64StateToString()`, to convert an `otNat64State` enum value
into a human-readable string.
The `nat64 state` CLI command is updated to use this new function,
removing its local and duplicated enum-to-string logic.
This commit adds a compile-time check to ensure that
the Linux kernel version is 4.18 or newer for prefix
route metric as `IFA_RT_PRIORITY` attribute for netlink
messages was introduced in v4.18.
`OPENTHREAD_POSIX_CONFIG_INSTALL_OMR_ROUTES_ENABLE` can
be an alternative for prioritizing Off-Mesh-Routable (OMR)
prefixes for older kernels.
This commit enhances the `TestMessage()` unit test by parameterizing
it to run with various reserved length values. The test is now
executed in a loop with a set of different headroom reservation
values.
This change improves test coverage for the `Message` class by
verifying that all its core operations function correctly when
messages are allocated with various initial reserved header lengths.
This commit moves the implementation of `InvokeResponseFallback()` to
the `cpp` file. It also ensures that the implementation follows the
style guide requirement of single `return` from any method/function.
This commit introduces `SafeMultiply()` in `num_utils.hpp` as a
centralized and safe way to multiply two unsigned integers while
checking for overflow.
It updates `Coap::TxParameters::IsValid()` to use this new helper for
validating `TxParameters`, replacing a less robust local `Multiply`
implementation.
It also updates `Heap::CAlloc()` to use this function for safely
calculating the total allocation size.
Unit tests are updated to verify `SafeMultiply()` implementation.
This change moves all public APIs related to the Border Agent's
ephemeral key feature out of `border_agent.h` and into a new,
dedicated header file `border_agent_ephemeral_key.h`.
The corresponding C API implementations are also moved from
`border_agent_api.cpp` into a new dedicated
`border_agent_ephemeral_key_api.cpp` file.
This improves the organization and modularity of the public API,
making the codebase easier to navigate and understand.
This change moves the CLI implementation for the Border Agent from
the main `cli.cpp` into a new dedicated `Ba` class within
`cli_ba.cpp` and `cli_ba.hpp`.
The new `Ba` module is integrated into the main `Interpreter` class,
following the same pattern used by other CLI modules such as `Bbr`
and `Br`. This improves code organization and modularity, making the
CLI codebase easier to navigate and maintain.
The functionality of the `ba` commands remains unchanged.
This commit enhances the build process by introducing a mechanism to
automatically clean intermediate build artifacts. Specifically, it
configures the build script to remove object and archive files, a
process that is conditionally activated, primarily within GitHub
Actions workflows, to optimize build environments and manage disk
space more efficiently.
This commit clarifies the expected platform behavior for handling a
DNS upstream query cancellation.
The previous documentation was inconsistent. The documentation of
`otPlatDnsStartUpstreamQuery()` incorrectly stated that the platform
must not call `otPlatDnsUpstreamQueryDone()` on a cancelled
transaction, while the opposite was mentioned in
`otPlatDnsCancelUpstreamQuery()`.
This is now corrected to state that the platform MUST always invoke
the `otPlatDnsUpstreamQueryDone()` callback for every
`otPlatDnsStartUpstreamQuery()`, even if the query is cancelled using
`otPlatDnsCancelUpstreamQuery()`.
This commit enhances the robustness of interface management with two
improvements:
1. The `SendIcmp6Nd` function now explicitly handles `EADDRNOTAVAIL`
and `ENODEV` errors from the `sendmsg()` system call. These errors
often indicate that the interface is down or has lost its
addresses. Upon that, we trigger an immediate re-evaluation of the
interface's state by calling `otPlatInfraIfStateChanged()`.
2. The `GetFlags` function has been updated to also verify mInfraIndex
and mInfraName not changed.
This commit introduces new APIs to handle Thread Administration
One-Time Passcodes (TAP).
The new `otBorderAgentEphemeralKeyGenerateTap()` API generates a
cryptographically secure 9-character TAP string. This consists of
eight random numeric digits and a final check digit calculated using
the Verhoeff algorithm for error detection.
The corresponding `otBorderAgentEphemeralKeyValidateTap()` API
validates a given TAP string by checking its length, ensuring it
contains only digits, and verifying the Verhoeff checksum.
A new test is added to ensure the correctness of both the generation
and validation logic, covering success and failure scenarios.
This commit introduces a client/server mechanism to the History
Tracker module. This allows a device to query history information
from another device over the Thread network using TMF messages.
The new functionality is composed of three main parts:
- Server (`HistoryTracker::Server`): This component is responsible for
handling incoming TMF query requests (`h/qy`). It collects the
requested local history entries (e.g., Network Info), formats them
into TLVs, and sends them back to the requester in one or more TMF
answer messages (`h/an`). It can fragment large responses into
multiple messages.
- Client (`HistoryTracker::Client`): This provides a new public API
(`otHistoryTrackerQueryNetInfo`) to send a query to a remote
device. It handles sending the request and processing the received
answer(s), passing the retrieved history entries to the user via a
callback. A function to cancel an ongoing query
(`otHistoryTrackerCancelQuery`) is also added.
- TLVs (`history_tracker_tlvs`): New TLVs are defined for the
query/answer protocol, including `RequestTlv` to specify the query
parameters, `AnswerTlv` to manage multi-message responses,
`NetworkInfoTlv` to carry the data, and `QueryIdTlv` to correlate
requests and responses.
A new CLI command, `history query netinfo`, is added to use the new
client API. The existing `history netinfo` output logic is refactored
into helper methods to be shared by both the local and remote history
commands.
The new feature can be enabled/disabled using two new configuration
flags:
- `OPENTHREAD_CONFIG_HISTORY_TRACKER_SERVER_ENABLE`
- `OPENTHREAD_CONFIG_HISTORY_TRACKER_CLIENT_ENABLE`
This commit disables Discovery Proxy in otbr Backbone CI.
Because in this item, `BORDER_ROUTING` is explicitly disabled and it
is required by OT discovery proxy.
This commit removes `"-DOTBR_DNS_UPSTREAM_QUERY=ON"` in build script
because this option will automatically handled in the cmake options
file and it also depends on BORDER_ROUTING. Force it to be ON will
cause a conflict when BORDER_ROUTING is OFF.
This commit updates `RxMessage::Init()` to handle failures when
reserving capacity for the questions array. Previously, an allocation
failure would trigger an assertion.
By switching to `SuccessOrExit`, the method can now gracefully handle
the allocation failure by returning an error and dropping the
message. This aligns with the general error handling strategy for
received messages and makes the implementation more robust against
out-of-memory conditions.
This commit fixes an issue with `Utils::Heap::CAlloc()` method. This
method performs a multiplication of `aCount` and `aSize` input and
then casts the result to `uint16_t`. This commit adds a check to
ensure that this conversion does not result in an integer overflow,
which would cause the size to warp to an unexpected smaller value.
This change adds `EvictActiveCommissioner()` to the Border Agent,
which sends a `LeaderKeepAlive` TMF message with a `StateTlv` of
`kReject` to the Leader, causing the current active commissioner
to be evicted.
The feature is exposed through:
- A new public C API `otBorderAgentEvictActiveCommissioner()`.
- A new CLI command `ba evictcommissioner`.
The entire feature is guarded by a new configuration flag,
`OPENTHREAD_CONFIG_BORDER_AGENT_COMMISSIONER_EVICTION_API_ENABLE`,
which is disabled by default.
This provides an administrator-level tool to remove a stale or
misbehaving commissioner, which is particularly useful when the
commissioner is connected through a different border agent and cannot be
managed locally.
A new test is also added to verify the eviction behavior.
This commit introduces validation for names provided to mDNS browser,
resolver, and querier start and stop functions.
New `ValidateNamesIn()` overloads are added to check the validity of
service types, instance names, and host names passed to APIs like
`otMdnsStartBrowser()`, `otMdnsStartSrvResolver()`, etc.
This commit introduces a set of public APIs to allow manipulation
of `otSteeringData`. The new APIs are provided when the configuration
`OPENTHREAD_CONFIG_MESHCOP_STEERING_DATA_API_ENABLE` is enabled.
The internal `SteeringData` is also improved to enhance robustness.
Methods such as `Init()`, `UpdateBloomFilter()` now return an `Error`
to signal failures on invalid arguments (e.g., invalid length)
instead of asserting.
This commit allows users to pass the POSIX TUN device path
through a command line flag when starting the daemon / cli
when `OT_PLATFORM_NETIF` is enabled.
This commit introduces two new macros, `DeclareTmfResponseHandlerIn`
and `DeclareTmfResponseHandlerFullParamIn`, to simplify the
definition of TMF/CoAP response handlers.
These macros generate the boilerplate code for the `static` callback
method within a class and delegate the call to a non-static member
method with the same name. This removes the repetitive pattern of
manually defining the `static` wrapper in each class.
The existing response handlers across various core components are
updated to use the new helper macros.
This commit removes the build-time check for the order of the `Uri`
enum values. This check is now redundant as the `static_assert` calls
added in #12017 use `AreConstStringsEqual()` to validate the
correctness of the `kEntries` array, ensuring that each URI path is
correctly associated with its corresponding enum value.
This change introduces the Multi-AIL (Adjacent Infrastructure Link) detection state into the Border Agent's state bitmap, which is advertised in the MeshCoP service TXT data.
The new state is encoded in the `sb` (state bitmap) key and has the following values:
0: Multi-AIL detection is disabled.
1: Multi-AIL detection is enabled, but not detected.
2: Multi-AIL detection is enabled, and is detected.
Updates in error handling to ensure that recoverable BLE errors are
logged, failures don't lead to partial TLVs being generated or
processed, and internal allocation failures lead to a GeneralError
status response back to the TCAT Commissioner. In case of likely
unrecoverable TLV damage, or cases where the GeneralError status
response even couldn't be generated, the secure TLS connection is
closed (Disconnect).
BLE ATT MTU handling is updated to use default MTU 23 if fetching the
MTU fails; and more clear check on min MTU. If the platform reports a
very high MTU (above max) this is not seen as an error, but BleSecure
will simply uses the highest usable MTU that it has configured,
whether the platform's report is correct or not.
Close#11536
This change improves type safety and code clarity when handling uptime
values. It introduces two new named types in the `ot` namespace:
- `UptimeMsec`: representing uptime in milliseconds (`uint64_t`)
- `UptimeSec`: representing uptime in seconds (`uint32_t`).
To complement this, the `Uptime` class is renamed to `UptimeTracker` to
clarify its role as the entity that tracks uptime.
The methods within `UptimeTracker` and member variables and parameters
throughout the codebase are updated to use these new, more descriptive
types instead of generic integer types.
Additionally, `UptimeToString()` is now a free function within the `ot`
namespace.
This commit adds a new method, `MergeBloomFilterWith()`, to
`SteeringData` to allow combining two Bloom filters.
The method performs a bitwise OR operation between the current
Steering Data Bloom filter and a given one. It handles cases where
the given filter to merge has a shorter length than the target Bloom
filter. It requires the target filter's length to be a multiple of
the source's length.
A new unit test, `TestSteeringDataBloomFilterMerge()`, is included to
validate the merge logic with various filter length combinations.
This commit introduces a session index tracked by each session
(`CoapDtlsSession`) to uniquely identify sessions in log messages.
The `Manager` now maintains a counter to assign a new index to each
session upon allocation.
Logs are added to track the lifecycle of a session (allocation,
connection, disconnection, deletion, and timeout), with each event
including the session's unique index.
A new templated helper, `Log<kUri>()`, is added to standardize logging
for TMF messages, including response handling. The session index is
included in such logs to provide clearer insight into the processing
of specific TMF commands by Border Agent sessions.
When the CSL feature is first enabled on a child device, the
OpenThread stack starts CSL sampling before sending the Child Update
Request packet. The last CSL sync sample time, initialized as `0`, is
updated only when the Child Update Request is sent. However, since CSL
sampling begins earlier, the first CSL receive operation calculates
the elapsed time in `GetCslWindowEdges` using `0` as the last sync
time.
Similarly, when CSL parameters are re-initialized, the stack should
update `mCslLastSync`. Continuing to use an outdated sync time results
in inaccurate calculations and is not reasonable behavior.
This commit fixed this issue.
This change relocates the `mDelayTimerMinimal` member and its
associated accessor methods, `GetDelayTimerMinimal()` and
`SetDelayTimerMinimal()`, from the `MeshCoP::Leader` class to the
`PendingDatasetManager` class.
This functionality is specific to the handling of the pending
operational dataset. Placing it within `PendingDatasetManager`
improves code structure and cohesion by grouping related parameters
together.
This change renames the `mInfraIfPrefix` in Nat64PrefixManager to
`mPlatformPrefix`.
The original name was ambiguous because both the RA-discovered prefix
`mRaTrackerPrefix` and this prefix are sourced from the infrastructure
link. The new name `mPlatformPrefix` clarifies that this prefix is
discovered through a platform-specific mechanism (e.g., DNS-based
discovery per RFC 7050), distinguishing it from prefixes discovered
directly via RA.
This commit introduces a new API
`otBorderRoutingGetNextNat64PrefixEntry`, which allows iterating
through the table of RA-discovered NAT64 prefixes on the
infrastructure link.
The `br nat64prefixtable command` is added to the CLI to display the
contents of the RA-discovered NAT64 prefix table.
This change moves the state and logic for managing the active
commissioner from `CoapDtlsSession` to the `BorderAgent::Manager`
class.
Previously, each `CoapDtlsSession` instance tracked whether it was the
active commissioner using its own `mIsActiveCommissioner` flag, and
managed its own `mCommissionerAloc` and `mUdpReceiver`.
This commit introduces a single `mCommissionerSession` pointer in the
`Manager` to act as the sole source of truth for the currently active
commissioner. The responsibility for managing the commissioner ALOC and
the associated UDP receiver is also moved to the `Manager`.
This approach reinforces the Thread mesh rule of a single active
commissioner at a time and simplifies the code by centralizing ALOC and
UDP receiver management in one place.
This commit adds select API so that simulation and be integrated with
other mainloops.
This commit also adds a flag to disable UART on simulation platform.
This commit contains some improvements and fixes to the CoAP-observe
(RFC 7641) messaging model implementation.
It also adds an 'expect' test for using the CoAP-observe related CLI
commands.
Specific items:
- ensure that a NON observe request is not acknowledged with an Ack.
- enable a NON observe request to never time out, unless cancelled
explicitly, or unless 0 observe responses are received within the
NON request's timeout period. This fixes an issue that responses
were not recognized anymore by the client after some time.
- allow an observe request to be silently cancelled by the client,
which is the suggested way per RFC 7641, in case a new observe
request is started and the CLI user did not explicitly cancel the
previous observe. This leaves the choice to the CLI user whether to
explicitly cancel or just forget the request.
- ensure that the client accepts CON notifications which are
interspersed with NON notifications per RFC 7641. Previously, this
caused the client to send RST instead of ACK.
- avoids the error 28 ResponseTimeout popping up in various cases by
keeping the observe request active.
- implements the mandatory interspersing of CON notifications when a
NON observe relation is ongoing, per RFC 7641. This is done by
sending a CON notification after every 5 NON notifications, same as
done by libcoap. When such CON notification times out
(i.e. undelivered/unack'ed) then the observe subscription is
automatically cleared after all its retries have been made. During
this effort of trying to deliver the notification, the NON
notifications (in case these follow) are still being sent in
fire-and-forget mode as usual.
- if already one subscription is ongoing, the server will ignore
further subscription requests (Observe Option) per RFC 7641 Section
4.1 and treat the request normally.
- log message at server side when a subscriber is cancelled.
Fixes#11971
This commit introduces a new mDNS OpenThread configuration,
`OPENTHREAD_CONFIG_MULTICAST_DNS_PERSIST_STATE_ON_POST_PROBE_CONFLICT`,
to control behavior when a late conflict is detected for an already
registered mDNS entry.
When this option is enabled (the default), the mDNS entry remains in
the `kRegistered` state, and the device continues to advertise and
answer for the name. This prioritizes advertisement stability, which
is desirable in use cases like the SRP Advertising Proxy where
post-probe conflicts can be transient. If the option is disabled,
the entry's state transitions to `kConflict`, and the device stops
advertising the name.
Regardless of this configuration, the conflict callback is still
invoked, informing other modules (such as the module that requested
the registration) so they can decide on a higher-level resolution
action.
This commit updates `BorderAgent` to correctly handle the `StateTlv`
in a forwarded response from the leader specifically for the response
to a forwarded `kUriLeaderKeepAlive` message.
The leader can reject a previously accepted active commissioner in the
Keep-Alive response by including the `StateTlv` with a `kReject`
status.
This commit ensures that if the `StateTlv` indicates the commissioner
is rejected, the session is properly cleaned up. This cleanup
involves removing the previously added commissioner ALOC and marking
the session as no longer the active commissioner.
This commit replaces `kTimeoutLeaderPetition` (in seconds) with
`kLeaderPetitionTimeout` (in milliseconds). This change avoids
repeated calls to `Time::SecToMsec()` when starting the commissioner
session timer.
Moves `EphemeralKeyManager` class and its implementation from
`border_agent.hpp` and `border_agent.cpp` to their own separate files
`border_agent_ephemeral_key.hpp/cpp`.
This is a structural change to improve code organization and does not
introduce any functional changes.
This commit updates the mDNS initial query logic to allow queries to
continue indefinitely (for shared resource records), instead of
stopping after a fixed number of initial attempts. This is applicable
while there are active browsers/resolvers associated with the query.
The previous implementation already used an exponential backoff but
was limited by `kNumberOfInitialQueries = 3`
This change removes that limit. The exponential backoff strategy is
retained, doubling the query retry interval from 1 second up to a
max of 1 hour, after which queries continue at the max interval. A
random jitter of `1/32` of the interval is also applied to each
retry interval.
This commit forces mLinks.SetRxOnWhenIdle to true when performing an
active scan.
Previously, when we have an SED which is connected to a thread network
(i.e. state == child), it is unable to perform scan command because rx
is turned off.
This commit updates the gn BUILD file so that it's guaranteed to build
according to gn args instead of ignoring them based on default value
assumptions. This ensures setting a gn argument would take effect when
building OpenThread.
This commit also sorts the source file lists.
This commit adds checks in `BorderAgent::HandleTmfProxyTx()` and
`BorderAgent::HandleTmfRelayTx()` to verify that the session belongs
to the current active commissioner rather than a candidate.
Specifically, `HandleTmfProxyTx()` uses the commissioner ALOC as
the sender address, which is available only when commissioner
petition is accepted.
This commit updates the Multi-AIL Detection feature to operate
independently of the Border Routing Manager. This fundamental change
allows the detector to be enabled/disabled on its own, rather than
being tied to the Border Routing Manager's state.
This change also moves the Multi-AIL detection API into a separate
`openthread/multi_ail_detection.h` header and introduces new APIs to
control the detector independently. Corresponding CLI commands are
also added.
The `test-505-multi-ail-detection.py` is also updated to validate
this new independent behavior. In particular that a device that is
not enabled to act as a BR can independently run multi-AIL detection
and determine whether, if it becomes a BR, it will cause multi-AIL
issues.
Add `SuccessOrQuit()` to check the return `Error` value of
`RoutingManager::SetEnabled()` in `fuzz_*.cpp` source files. This
addresses warnings about ignoring the return value.
This commit validates that the Channel Mask TLVs in a TMF Energy
Scan request are non-zero.
Additionally, this commit clamps the Count TLV value to the valid
range (1, 2, and 3) as required by the Thread specification.
The `test_otci` is updated to use count 3 (previously 4).
An Energy Scan request with a zero `Channel Mask` is invalid and
can cause the device to start a scan that takes a long time or
never completes. This change rejects such requests, preventing the
device from getting stuck. This was discovered by
fuzzer test.
This commit changes the mbedtls repo in openthread from source code to
git submodule.
This makes it easier for mbedtls version upgrade. This PR doesn't
upgrade the mbedtls version. v.3.6.0 is stil used to ensure nothing is
broken. The original OT specific build files (BUILD.gn, CMakeLists.txt
and config) are kept and unchanged. I've verified that the headers and
sources in the list of BUILD.gn are correct.
Small change to surface any internal errors in the hash calculations
to the TCAT Commissioner as general error. If not done, such errors
are silently ignored and hard to diagnose in products.
This commit enhances mDNS to allow reprobing for registrations
currently in a conflict state. Upon an explicit `Register()` call,
the mDNS module will now restart the probing process. This allows the
device to attempt to claim the name again if the conflict has been
resolved on the network.
Unit tests are updated to verify this behavior.
This commit suppresses the undefined warnings in mbedtls. To detect
such warnings in OpenThread, this commit also enables warnings check
for gn BUILD and fixes issues found.
`ValidateName()` did not correctly handle names that were exactly the
maximum allowed length (`kMaxNameLength`). A name of this length is
only valid if it ends with a trailing dot. Otherwise, when encoded,
the added root label causes the encoded name to exceed the
`kMaxEncodedLength` of 255 bytes.
This commit updates `ValidateName()` to enforce that any name with
length equal to `kMaxNameLength` must end with a dot character.
It also updates the `TestDnsName` unit test to verify this corrected
behavior, ensuring `ValidateName()` and `AppendName()` handle such
names consistently.
Rename all fuzzer source files in `tests/fuzz` from `{name}.cpp` to
`fuzz_{name}.cpp`.
Update the `ot_nexus_test` macro in `tests/fuzz/CMakeLists.txt` to
reflect this change, using `fuzz_{name}.cpp` as the source file while
naming the test `{name}-fuzzer`.
This change improves consistency and makes it easier to distinguish
fuzzer source files from other similarly named files during searches.
This commit introduces a new configuration option
`OPENTHREAD_CONFIG_DNS_CLIENT_BIND_UDP_TO_THREAD_NETIF` to control
which network interface the DNS client's UDP socket binds to.
When this config is set to 1, the socket is bound to the Thread
network interface (`Ip6::kNetifThreadInternal`).
When the config is set to 0, the socket is bound to the unspecified
network interface (`Ip6::kNetifUnspecified`), allowing DNS messages
to be sent and received over any available network interface. By
default this new config is disabled.
A new CMake option `OT_DNS_CLIENT_BIND_UDP_THREAD_NETIF` is also added
to allow easy configuration of this feature.
The test configurations are updated to ensure both behaviors are
covered.
Remove the `CoapDtlsSession::ForwardContext::ToHeader()` helper method
and move its logic directly into the `HandleCoapResponse()` method.
This simplifies the implementation by removing an unnecessary function
call for a single-use case.
Additionally, convert `ForwardContext` from a `class` to a `struct`.
This change makes the constructor public, removing the need for a
`friend` declaration for `Heap::Allocatable`, and better reflects its
role as a simple data structure.
Moves the management of MeshCoP service TXT data from the
`BorderAgent::Manager` class into the `TxtData` class.
This change improves separation of concerns by isolating all TXT
data-related logic, including vendor TXT data, change callbacks, and
notifier event handling, within the `TxtData` class. The
`BorderAgent::Manager` is simplified and its responsibilities are
more focused.
A new public method, `Refresh()`, is introduced on `TxtData` to
provide a clear API for other modules to signal that the MeshCoP
service TXT data needs to be re-evaluated and updated.
The `HandleCoapResponse` callback in `CoapDtlsSession` is renamed to
`HandleLeaderResponseToFwdTmf`.
The new name more clearly indicates that this callback is used to
handle the response from the leader for a forwarded TMF message.
This improves code readability and makes the role of the callback
more explicit.
When using some special configurations, the ot-cli-ftd will crash. The
crash path is `MessageFramer::PrepareMacHeaders()` ->
`Get<NeighborTable>().FindNeighbor()` ->
`Get<ChildTable>().Contains()`. The crash happens in the
`ChildTable::Contains()`. Here is the system crash message: `kernel:
traps: ot-cli-ftd[122376] trap invalid opcode ip:5640b7713b8e
sp:7ffd6425c5f0 error:0 in ot-cli-ftd[313b8e,5640b7400000+426000]`.
The root cause of the crash is that the CandidateParent is a 4 bytes
aligned class and the Child is a 8 bytes aligned class. When
converting the CandidateParent to Neighbor and then converting the
Neighbor to Child, the program will crash due to the alignment issues.
This commit replace the static_cast with the reinterpret_cast in
ChildTable::Contains() to convert a Neighbor to a Child.
Consolidates the two overloaded `SendErrorMessage()` methods in the
`CoapDtlsSession` class into a single implementation.
The new `SendErrorMessage()` method now accepts the token information
directly, rather than a `Coap::Message` or a `ForwardContext` object.
This simplifies the call sites and removes the now-unused
`CoapCodeFromError()` helper function (the conversion is now done
in the consolidated `SendErrorMessage()`).
This commit adds the adb interface support to expect scripts, so that
we can easily run all expect scripts on Android devices.
Example usages: `spawn_node ${node_id} "adb" "${adb_serial_num}"`.
This commit enhances the `TestNat64PrefixSelection` unit test by
adding more detailed verification of the RA-discovered NAT64 prefix
table managed by `RxRaTracker`.
This commit simplifies the CoAP message forwarding logic within the
`CoapDtlsSession` by removing the `mPetition` and `mSeparate` boolean
flags from the `ForwardContext`.
The `Uri` of the request is now stored directly in `ForwardContext`
and used to determine the logic flow, making the code more explicit
and easier to understand.
The `ForwardToLeader()` is only used with `kUriLeaderPetition` and
`kUriLeaderKeepAlive`, both of which requires a separate
non-confirmable response in addition to an immediate CoAP Ack
(i.e., as if `mSeperate` is `true`).
This change removes the need for intermediate flags and simplifies the
implementation of `ForwardToLeader()`, `SendErrorMessage()`, and the
`ForwardContext` constructor and `ToHeader()` method. The CoAP
message initialization is now more direct, always using
`kTypeNonConfirmable` for forwarded responses and error messages.
This commit updates the `BorderAgent` implementation to consistently
use `OwnedPtr` for managing the lifecycle of `Coap::Message` and
`Message` objects.
This change improves memory safety and simplify the code. Message
objects are now automatically deallocated when the `OwnedPtr` goes
out of scope, which eliminates all manual calls to `FreeMessage()`
and `FreeMessageOnError()`, preventing potential memory leaks and
making the code more robust.
This commit enhances `RxRaTracker` by introducing a new `Events`
struct for handling callbacks. This change replaces the previous
`HandleRxRaTrackerDecisionFactorChanged()` method with a more
versatile `HandleRxRaTrackerEvents()` that accepts the `Events`
struct as an argument.
The new `Events` struct includes boolean flags for:
- `mInitialDiscoveryFinished`
- `mDecisionFactorChanged`
- `mLocalRaHeaderChanged`
This allows `RxRaTracker` to communicate more specific events to
`RoutingManager` and `MultiAilDetector`, enabling them to take
the proper action based on the events. The `SignalTask` has been
renamed to `EventTask` to better reflect its new role in handling
these events.
This commit involves a small enhancement for CSL to optimize for power
consumption after receiving a frame.
Original implementation:
- schedule next CSL window during current CSL timer handle
- even if a frame is received, the scheduled CSL timer is not reset
- SSED wakes up much earlier than required if elapsed time is large
Suggested implementation:
- recalculate CSL timer during `UpdateCslLastSyncTimestamp` if it is
currently running
- SSED can use updated mCslLastSync so that it does not wake up much
earlier after receiving a frame
This commit updates the default TTL values used for mDNS records to
better align with the recommendations.
Previously, a single `kDefaultTtl` of 120 seconds was used for all
records when the registered entry did not explicitly specify the TTL
to use. This commit introduces separate default TTLs:
- `kDefaultAddrTtl` for address records (`AAAA`, `A`) is kept at
120 seconds.
- `kDefaultServiceTtl` for all service records (`PTR`, `SRV`, `TXT`)
is set to 4500 seconds.
- `kDefaultKeyTtl` is also updated to 4500 seconds for `KEY` records.
The code is updated to use the appropriate default TTL based on the
record type.
This commit implements `otPlatDnssdStartBrowser` and
`otPlatDnssdStopBrowser` to support service discovery on NCP.
The platform APIs are intended to be used by
`ServiceDiscovery::Server::DiscoveryProxy` for discovery
functionality. This commit only supports browser for now and will
suppport Srv/Txt/Address resolver in other commits to avoid this
commit from being too large.
This commit contains these changes:
* Add new spinel property for starting / stopping service browser
* Implement encoding/decoding of the new property
* Add unit test for encoding/decoding
* Implement ncp version of dnssd platform API
`otPlatDnssdStartBrowser` and `otPlatDnssdStopBrowser`
* Add property handler to get browser result on NCP side
* Add unit test to verify that the browser callback is correctly
invoked after getting browser result.
This commit introduces support for discovering NAT64 prefixes as
specified in RFC 8781.
The key changes include:
- New `Nat64PrefixInfoOption`: A new `Nat64PrefixInfoOption` class is
added to represent the PREF64 option in ND messages. This handles
parsing the prefix and its lifetime from incoming RAs.
- `RxRaTracker` Enhancement: The `RxRaTracker` is updated to process
`Nat64PrefixInfoOption` from RAs. It now maintains a list of
discovered NAT64 prefixes from routers on the infrastructure link
and determines a "favored" prefix among them.
- `RoutingManager` Update: The `Nat64PrefixManager` is enhanced to
utilize the RA-discovered prefix.
- `test_routing_manager` Update: The `TestNat64PrefixSelection` is
updated to include cases with RA-discovered prefixes.
Adds a new state, `mInitialDiscoveryFinished`, to `RxRaTracker` to
track the completion of the initial router discovery (RS transmission)
process. A new method, `IsInitialRouterDiscoveryFinished()`, exposes
this state.
This new method replaces `IsRsTxInProgress()`, which previously
checked if any RS transmission was ongoing. The new model ensures
the initial discovery is tracked only once after `RxRaTracker`
starts, rather than every time RS messages are sent (e.g., due to
stale timer expiration).
Additionally, the `RoutingManager` now checks this state and ignores
incoming RS messages until the initial router discovery is complete.
This prevents the BR from replying to its own RS messages or sending
an RA prematurely with incomplete information before all routers
are discovered and decision factors are determined.
Multicast addresses with scope larger than `RealmLocal` are no longer
subject to the standard receive filter. They are passed directly to
the host callback, allowing delivery and forwarding by the host.
This fixes a scenario where a `Thread Border Router` receives a
larger-scope multicast from a `Thread Device`. Previously, if the
Border Router was listening on the same multicast address and port,
the receive filter could drop the packet, preventing it from being
forwarded to other interfaces.
This adds support for the TMF command to enable TCAT remotely. A test
is added that uses the 'UDP send' mechanism to send the new TMF
command to a target node.
Some fixes/additions to the test framework are made to support the new
test, including a new argument for udp_send() to send a specific byte
array and udp_rx() to receive data by a UDP client on a node.
This commit introduces a direct callback mechanism from `RxRaTracker`
to `MultiAilDetector` to signal changes in decision factors. This is
in preparation of future changes allowing `MultiAilDetector` to run
independently of `RoutingManager`.
Previously, `RxRaTracker` would signal `RoutingManager`, which in turn
would call `MultiAilDetector::Evaluate()`. This commit refactors this
interaction by adding a new `HandleRxRaTrackerDecisionFactorChanged()`
method to `MultiAilDetector`.
`RxRaTracker` can run independently of `RoutingManager`. Its stale timer
callback should check its own running state (`mIsRunning`) instead of
`RoutingManager`'s state.
This commit corrects the logic in `HandleStaleTimer()` to use the local
`mIsRunning` flag.
This commit introduces the `ChildUpdateResponseInfo` struct to
encapsulate parameters for sending "Child Update Response" messages.
The new struct holds the list of TLVs to include, the received
challenge, and the destination address.
Related methods such as `SendChildUpdateResponse()` are updated to use
the new struct. This simplifies the method signatures by reducing the
number of arguments and improves code clarity by grouping related
data.
Verifies that the peer and socket addresses in `Mle::HandleUdpReceive`
are link-local. This ensures that MLE messages are only processed
from link-local addresses, which is a requirement of the Thread
specification.
The P2P peer can be woken up using the wake-up identifier. The wake-up identifier
is included in the Connection IE. This commit implements methods to the Connection IE
and Frame to process wake-up identifier.
Adds two important notes to the main API documentation header to clarify
critical usage rules for all OpenThread APIs.
- The first note states that all API calls and callbacks must be
invoked from the same OS context (e.g., the same thread).
- The second note clarifies the behavior of output parameters when an
API call returns an error.
This change modifies the handling of incoming ICMPv6 ND messages on the
infrastructure interface. `InfraIf::HandledReceived()` now inspects the
message type and calls the appropriate handler directly.
- Router Advertisement (RA) and Neighbor Advertisement (NA) messages are
now passed directly to `RxRaTracker::HandleRouterAdvertisement()` and
`RxRaTracker::HandleNeighborAdvertisement()` respectively.
- The generic `RoutingManager::HandleReceived()` method is removed.
`RoutingManager` now only handles Router Solicit (RS) messages via
`RoutingManager::HandleRouterSolicit()`.
This simplifies code and gives `RxRaTracker` direct ownership of RA
and NA processing, which aligns better with its role of tracking
information from received RAs and allowing it to run independently of
the `RoutingManager`.
This change moves the `MultiAilDetector` class from being a nested
class within `RoutingManager` to its own dedicated `.hpp` and `.cpp`
files.
An instance of `MultiAilDetector` is now owned by the top-level
`Instance` class, making it a sibling component to `RoutingManager`
and other core components.
This is purely a code organization change and introduces no functional
or logic changes. This prepares for future changes where
`MultiAilDetector` may operate independently of `RoutingManager`.
This change introduces a mechanism to control the `RxRaTracker` from
multiple sources.
A new method `RxRaTracker::SetEnabled()` is added, which accepts a
`Requester` enum. The tracker now maintains separate enable flags for
each requester (e.g., `RoutingManager`).
The `RxRaTracker` will start only when at least one requester has
enabled it AND the infrastructure interface is initialized and running.
It stops when all requesters have disabled it or when the interface
goes down.
The `Start()` and `Stop()` methods are now private, managed by a new
`UpdateState()` method to centralize the state logic. `InfraIf` is
updated to notify `RxRaTracker` of state changes.
This commit adds fake implementations for OT dnssd platform APIs.
The background is that I'm trying to enable the OT Dnssd Server
functions (Discovery Proxy) in ot-br-posix by default. Once it's
enabled, `openthread-ftd` needs implemenation of dnssd platform
APIs. To make some unit tests (in ot-br-posix) build successfully,
these fake implementations are required.
Introduces a new private method `Mle::SendChildUpdateRejectResponse()`
to consolidate the logic for sending a reject response to a
"Child Update Request".
This new method creates a response containing the Source Address TLV,
Status TLV, and (if applicable) Response TLV.
The new method is now used in `Mle::HandleChildUpdateRequestOnChild()`
when the device is not a parent of the sender, and in
`Mle::HandleChildUpdateRequestOnParent()` when a request from an
unknown child is received. This change removes duplicated code from
both locations.
The macro MBEDTLS_SSL_EXPORT_KEYS is added to OT in PR #7025, it is used to
ensure mbedtls_ssl_key_export_type is defined. However, the macro
MBEDTLS_SSL_EXPORT_KEYS has been removed from the mbedtls since mbedtls-3.1.0.
If developers use external mbedtls repo with version 3.1.0 or higher
versions, and missed to define MBEDTLS_SSL_EXPORT_KEYS, it will cause
the KEK won't be set to the KeyManager.
This commit checks whether the mbedtls version is equal to or higher than
3.1.0 to ensure mbedtls_ssl_key_export_type is defined.
Ensure the same challenge is used for all "Child Update Request"
messages sent to the parent while trying to restore the previous
child role.
The challenge is now generated once when the child role restoration
process starts in `PrevRoleRestorer::Start`. This prevents a
situation where a new challenge from a retry could invalidate a
delayed but valid response from the parent that contained the
previous challenge.
Add `OT_BORDER_ROUTING_DHCP6_PD_MIN_LIFETIME ` cmake build option, to
allow customizing the dhcpv6 pd client's minimum lifetime requirement
for different network environments or testing scenarios.
The application of the P2P module may only record the P2P peer's
link-local address for communication. This commit adds an API to
convert the peer's link-local unicast address to the peer's extended
address for tearing down the P2P link.
Adds CLI related configs within the Nexus test build
(`openthread-core-nexus-config.h`) to support fuzz testing of
the CLI module.
The following configurations are added:
- `OPENTHREAD_CONFIG_CLI_MAX_LINE_LENGTH` is increased to 800 to
handle potentially long input strings generated by the fuzzer
without truncation.
- `OPENTHREAD_CONFIG_CLI_LOG_INPUT_OUTPUT_ENABLE` is enabled to log all
input and output through the CLI. This is helpful for debugging
and analyzing fuzzer-generated logs.
This change moves the management of the infrastructure interface state
out of the `RoutingManager` and centralizes it within the `InfraIf`
class. This makes `InfraIf` a more self-contained component and
simplifies the logic in `RoutingManager`.
The `RoutingManager` now depends on an initialized `InfraIf`. Its
`Init()` method is simplified and is now called from
`InfraIf::Init()`.
The public API `otBorderRoutingInit()` now directly initializes the
`InfraIf`. The `InfraIf::Init()` method is updated to support
re-initialization, allowing to switch to a new interface. When
switching, it ensures that components on the previous interface are
stopped before restarting on the new one.
After the P2P link is established, the P2P peer's extended address is
returned as the P2P handle. This commit adds an API to convert the
peer's extended address to the peer's link-local unicast address.
This commit introduces a new feature to parse the MeshCoP service TXT
data from a Border Agent.
The new API `otBorderAgentTxtDataParse()` allows parsing the raw TXT
data into a structured `otBorderAgentTxtDataInfo` object. This can be
used by applications to inspect the capabilities and status of a
discovered Border Agent.
Config `OPENTHREAD_CONFIG_BORDER_AGENT_TXT_DATA_PARSER_ENABLE` controls
this new feature.
The existing test for the Border Agent is updated to validate the new
parser and its output.
This change refines the content of the `ChildUpdateResponse` message
to avoid sending additional TLVs when rejecting a request.
The `ChildUpdateResponse` message is now tailored based on the
triggering `ChildUpdateRequest`. Specifically:
- When rejecting a `ChildUpdateRequest` (and including a Status TLV),
the response will only include a Source Address TLV, a Status TLV,
and, if sent in response to a `ChildUpdateRequest` that contained a
Challenge TLV, a Response TLV.
- The reject response will no longer include the Leader Data, MLE
Frame Counter, and Link Frame Counter TLVs.
- Any requested TLVs (from the `TLV Request TLV` in the
`ChildUpdateRequest`) are now only included in the response when
the request is accepted.
This change updates the jitter calculation for the SRP client's retry
mechanism.
Previously, a fixed jitter value was used. This could lead to
synchronized retries from multiple clients, especially as the retry
interval grows.
The new implementation calculates the jitter as a fraction of the
current retry interval (1/5th), ensuring that the jitter scales with
the wait time. This helps to better decorrelate retries from different
clients.
A new constant `kRetryJitterDivisor` is introduced for this
calculation. The jitter is clamped to a minimum value given by
`kRetryIntervalJitter`.
This commit adds `Dns::Name::ValidateName()` and `ValidateLabel()`
helper methods to validate a DNS name or label.
These methods are used at the entry of the mDNS `Register*()` and
`Unregister*()` public APIs to validate the provided host, service,
and key names. This prevents issues with malformed names and improves
the robustness of the mDNS module.
Includes unit tests for the new validation methods.
This commit adds CMake Presets. The features used in this CMake Presets
requires CMake 3.25. This allows good integration with IDEs including VS
Code.
These presets also works in command line:
```bash
cmake --preset simulation
cmake --build --preset simulation
ctest --preset simulation -R ot-test-message
```
Introduces a new method `ValidateTlvs()` on `NetworkData` to perform
structural validation of all TLVs within the network data.
This new validation is invoked from `Leader::SetNetworkData()` when
receiving new network data. If the new data fails validation, it is
rejected, and the previous network data is restored. This prevents a
device from accepting and propagating malformed network data, which
could lead to parsing errors or undefined behavior on devices.
The validation checks include:
- All TLVs and sub-TLVs are within the network data buffer bounds.
- Known TLV types like `PrefixTlv` and `ServiceTlv` are well-formed
by calling their respective `IsValid()` methods.
- Container TLVs like `BorderRouterTlv` and `HasRouteTlv` have a
length that is an exact multiple of their entry size.
This commit removes a misleading TODO comment in the NAT64 prefix
manager.
The TODO suggested changing the NAT64 prefix publisher check to use
the RLOC16 of the entry in the Network Data. However, this approach is
flawed in scenarios with multiple Border Routers.
When multiple BRs publish the same NAT64 prefix with the same
preference, `FindPreferredNat64Prefix()` may return an entry published
by a different BR. An RLOC16 check would then incorrectly cause the
current BR to believe it did not publish the prefix, potentially
leading it to withdraw its entry and cause network instability.
This commit renames NAT64 prefix discovery handler functions in
`RoutingManager` and `Nat64PrefixManager` to be more specific. This is
a non-functional refactoring that improves code clarity and
maintainability.
The new names, `HandleInfraIfDiscoverNat64PrefixDone` and
`HandleInfraIfDiscoverDone`, clarify that these handlers are for NAT64
prefixes discovered on the infrastructure interface.
This change makes the code easier to understand and prepares it for
potential future enhancements, such as discovering NAT64 prefixes from
Router Advertisements.
This commit makes the callback handlers in `InfraIf` private and
declares the C-style platform functions as friends.
This change improves encapsulation by restricting the visibility of
these internal handler methods. The public API of `InfraIf` is made
cleaner, and only the intended callers (the platform callbacks) are
granted access.
This change modifies `HandleChildUpdateRequest()` to allow a detached
child that is restoring its previous role to process a "Child Update
Request" from its former parent.
When in this state, the device will respond to the request but will
not save any of the content (TLVs) from the message, as the child has
not yet established trust with any device (including its former
parent) and therefore cannot authenticate the freshness of the
received request.
This change handles the scenario where a child and its parent may be
reset simultaneously. It allows the parent to first restore its link
with the child through a "Child Update" exchange, which can then be
followed by the child sending its own "Child Update Request" to
re-establish the link. Without this change, a communication impasse
could occur where the parent rejects the child's request (as the
child is not yet valid), and the child ignores the parent's request
(as it is not yet attached). This change prevents devices from
resorting to a full re-attachment, thereby improving network
resilience and recovery time.
A new test is added to emulate this scenario and verify that the child
restores its role correctly without performing a full attach.
Adds a destructor to the `Dns::Client` class to ensure that `Stop()`
is called when a `Client` object is destroyed (freeing all allocated
queries).
This change prevents false memory leak reports from fuzzer tests when
an `ot::Instance` is destroyed during ongoing DNS queries (retries).
This commit moves the `InfraIf` member from `RoutingManager` to be
owned directly by the `Instance`.
This change aligns the ownership of `InfraIf` with other core
components and simplifies dependencies. Decoupling `InfraIf` from
`RoutingManager` allows it to be accessed separately.
This change makes the NAT64-related method in `InfraIf`
conditionally compiled based on the configuration
`OPENTHREAD_CONFIG_NAT64_BORDER_ROUTING_ENABLE`.
The methods `DiscoverNat64Prefix()`, `DiscoverNat64PrefixDone()`,
and are now entirely excluded from the build when NAT64 border
routing is disabled.
This change introduces compile-time validation for the `kEntries`
array in `uri_paths.cpp` to ensure the array's order matches the
`Uri` enum definitions.
A new `constexpr` function, `AreConstStringsEqual()`, is added to allow
for string comparisons at compile time, which is necessary for use
within `static_assert` in C++11.
A series of `static_assert()` checks are added to `uri_paths.cpp`.
These assertions verify that each URI path string in the `kEntries`
lookup table is correctly placed at the index corresponding to its
`UriPath` enum value.
This prevents potential bugs caused by accidental reordering of either
the enum or the array, ensuring the mapping between them remains
correct. If the order is changed incorrectly, the build will now fail,
immediately alerting the developer.
`cli_coap.cpp` and `cli_coap_secure.cpp` both try to print `uint32_t`
values with `%i`, which causes build errors on some systems.
This commit uses `%lu` together with `ToUlong` to fix this and make
the code more portable.
Additionally, `%u` was used to print unsigned values instead of `%i`
This commit introduces a new `MeshCoP::BorderAgent::TxtData` class to
encapsulate the logic for preparing the Border Agent's MeshCoP
service TXT data.
The TXT data generation logic is moved from the `BorderAgent::Manager`
into the new `TxtData` class. This refactoring improves modularity
and maintainability and prepares for the future addition of a MeshCoP
TXT data parser.
This change moves the `RsSender` class from `RoutingManager` to
`RxRaTracker`.
The `RxRaTracker` is responsible for tracking received Router
Advertisements (RAs). Since sending Router Solicitations (RS) is the
mechanism to discover routers and solicit RAs, it is more appropriate
for `RxRaTracker` to own the `RsSender`.
This improves the separation of concerns by centralizing the logic for
both sending RS messages and processing the resulting RAs within the
`RxRaTracker` class. The `RoutingManager` is now decoupled from the
details of the RS transmission process.
The `IsRsTxInProgress()` method is also moved to `RxRaTracker` and its
Doxygen documentation is improved to provide more detail on the RS
transmission process.
Renames the callback used by `RxRaTracker` to inform `RoutingManager`
to `HandleRxRaTrackerDecisionFactorChanged()`.
This name more accurately reflects the triggering condition, as the
callback is invoked whenever any of the "decision factors" change,
not just when the on-link prefix table is updated.
For consistency, the related method in `OnLinkPrefixManager` is also
renamed to `HandleRxRaTrackerChanged()`.
This change replaces all instances of the null character literal
'\0' with the `kNullChar` constant throughout the `src/core/` files.
This improves code readability and consistency, making the intent
of the code more explicit.
This change makes the `RxRaTracker` a direct listener of network data
change events from the `Notifier`.
Previously, the `RoutingManager` would receive the network data change
event and then call `RxRaTracker::HandleNetDataChange()`. This
created an unnecessary dependency between the two components.
By making `RxRaTracker` a direct listener, we decouple it from
`RoutingManager`. The `HandleNetDataChange()` method in `RxRaTracker`
is also made private as it is now only called from within the class.
This commit introduces new Network Diagnostic TLVs to report Border
Router information. It implements the server and client side logic to
support these new TLVs:
- BR state (38) - `uint8` value as `otBorderRoutingState`.
- BR Infra Interface Addresses (39) - list of IPv6 addresses
- BR Local OMR Prefix (40) - local (ULA) OMR prefix
- BR DHCPv6-PD OMR prefix (41) - DHCPv6-PD prefix (if any)
- BR Local On-link Prefix (42) - local on-link prefix
- BR Favored On-link Prefix (43) -favored discovered on-link on AIL
The various BR prefix TLV values are encoded as a fixed 8 bytes value
corresponding to the IPv6 prefix bytes (`/64`) in big-endian order.
This commit updates the `networkdiagnostic get` CLI command to display
the information from these new TLVs.
It also includes a test (added in `test-503-peer-tbr-discovery.py`) to
verify the new TLVs and the CLI commands.
This change reorganizes the `BorderAgent` related classes into a new
`MeshCoP::BorderAgent` namespace to improve code structure and clarity.
The following changes are included:
- `MeshCoP::BorderAgent` class is renamed to `Manager` and placed
within the new `MeshCoP::BorderAgent` namespace.
- `MeshCoP::BorderAgentTracker` is renamed to `Tracker` under the
new namespace.
- `EphemeralKeyManager` is moved from being a nested class in
`BorderAgent` to `MeshCoP::BorderAgent::EphemeralKeyManager`.
- `EphemeralKeyManager` is now a direct member of the `Instance` class,
simplifying accessing it.
All related calls and test files are updated to reflect these
changes.
This commit separates the `RxRaTracker` logic from `RoutingManager`
into its own class and source files.
Previously, `RxRaTracker` was a nested class within `RoutingManager`.
This change moves it to `src/core/border_router/rx_ra_tracker.hpp`
and `src/core/border_router/rx_ra_tracker.cpp`, making it a
standalone class within the `ot::BorderRouter` namespace.
This separation improves modularity and prepares for future changes
where `RxRaTracker` may operate independently of `RoutingManager`.
This change adds a check at the beginning of `RegisterService()`
to ensure that the border agent is enabled before attempting to
register a service.
Previously, methods like `SetServiceBaseName()` would call
`RegisterService()` regardless of whether the agent was enabled,
leading to unintended service registration attempts on a disabled
agent.
This commit also adds a new test case to verify that changing the
service base name on a disabled border agent does not result in a
service being registered.
This fixes the issue that some required Python modules were missing in
pyproject.toml. To avoid Python version conflicts with the
cryptography module, the minimum Python version is raised to
3.10. Also, the name, version and description of the project are
updated. Module versions are updated to recent (2025) versions.
For Windows, a platform-specific import of pyreadline3 is added. Due
to this conditional dependency, the poetry.lock file is removed from
the repository: it is now necessarily specific to each platform and
has to be locally generated.
host-RCP time sync interval is in configuration file.
Added in cmake to use user defined RCP time sync internval during build.
Signed-off-by: ashish <ashish.vara@nxp.com>
Introduces a new `BorderAgentTracker` module to discover and track
Border Agents on the infrastructure link.
The tracker browses for the `_meshcop._udp` mDNS service and maintains
a list of discovered Border Agents. For each discovered service, it
resolves the port, host name, TXT record, and host addresses.
This change also adds new public otBorderAgentTracker APIs,
corresponding `batracker` CLI commands, and a new Nexus test case to
validate the behavior.
Increases the `nexus.AdvanceTime()` in the CLI fuzzer test from 10 to
60 seconds to make the test more robust.
For example, the previous 10-second wait was not sufficient for
`Dns::Client` operations to complete, especially considering retries.
This could cause false fuzzer memory leak reports.
This change introduces new files `br_log.cpp` and `br_log.hpp` to
house common logging helper functions for the border router modules.
Helper functions for logging Router Advertisement (RA) headers, Prefix
Information Options (PIO), Route Information Options (RIO), and other
related options are moved into this new module.
The log module name is also updated from `RoutingManager` to a more
general `BorderRouting`.
This change improves code structure by decoupling logging
functionalities from the `RoutingManager`.
Introduces a new `br_types.hpp` header and `br_types.cpp` source
file to centralize common data structures and type definitions used
across border router modules.
This change moves several classes from `routing_manager.hpp` to the
new `br_types.hpp` header. The moved classes include
`LifetimedPrefix`, `OnLinkPrefix`, `RoutePrefix`, `RdnssAddress`,
`IfAddress`, `OmrPrefix`, and `FavoredOmrPrefix`.
Additionally, common `typedef`s (e.g., `RoutePreference`,
`PrefixTableEntry`) and helper functions like `IsValidOmrPrefix()` are
relocated to the new files.
This improves the code structure by decoupling these shared types from
the main `RoutingManager` class, making them more reusable and easier
to maintain.
When handling a parent request, a response is not sent if the device
is not attached, or if it is attaching. However if the device starts
the attachment process between queuing the parent response and
actually sending it, the parent response will be sent from an invalid
state.
This commit causes all queued parent response messages to be removed
when the device begins the attachment process, to avoid stale messages
from being sent on the link.
This change enhances the `DelayedSender::Match()` method to support a
wildcard destination address. When the unspecified address (`::`) is
provided, the address check is skipped, allowing a match against any
destination.
A new private helper method, `LogRemove()`, is introduced to ensure
accurate logging when removing a delayed message schedule. Previously,
`RemoveMatchingSchedules()` would log the address passed to it, which
could be the wildcard `::` address. The new `LogRemove()` method
logs the actual destination from the scheduled message header
before it is removed.
This adds a BLE 'non-advertising' state in which BLE is enabled for connections, but not advertising.
- If the TCAT agent is not started and BLE is started, BLE advertising will be enabled by default.
- If the TCAT agent is started, then BLE advertising is under control of the TCAT agent - depending on its state.
The TCAT agent, while started, can be now in standby mode or in active mode. In standby, it doesn't
advertise and doesn't allow incoming TCAT connections. In active mode, it allows both advertising and incoming
connections. Timed activation of the active mode is also possible. CLI commands are added to test the new modes and
timed activation.
Existing architecture is not changed (BLE-Secure is in control and has all APIs to access TCAT agent).
It also fixes some (API) documentation and clarifies this where needed. Also, an error-value bugfix is done.
The TcatAgent is now added to instance.hpp/cpp, because that is required to use a timer from within
TcatAgent.
Log messages of TcatAgent are shortened and more often try to use an identical constant string value.
This saves memory in the binary, due to string re-use.
The "join callback" is clarified and extended to support callback to the application when the TCAT Commissioner
instructs the TCAT Device to try join a Thread network, or leave a Thread network.
This commit provides more structured logging for ssl.py errors, and
displays the OpenSSL verify error code. This is used for certification
to validate reasons of handshake failure.
This commit allows compiling the OpenThread RCP in OTNS mode.
This allows OTBR to attach seamlessly to OTNS.
* Add the mOtns attribute to Instance::Instance when compiled
with OPENTHREAD_RADIO=1
* Add src/core/utils/otns.cpp to the RCP build.
Only the necessary functions are compiled in RCP mode.
Other functions such as EmitPingRequest and EmitPingReply
that require IPv6 stack support are not compiled in RCP
and are therefore moved into adequate
`#if OPENTHREAD_MTD || OPENTHREAD_FTD` guards.
* Ensure the RCP emits the needed events in src/core/radio/radio.cpp
when compiled with OTNS support.
This change updates `BorderAgent::PrepareServiceTxtData()` to read the
Network Name (`nn` key) and Extended PAN ID (`xp` key) from the
Active Dataset, after verifying that the dataset is valid and has an
active timestamp.
Previously, these values were read directly from `NetworkNameManager`
and `ExtendedPanIdManager`, which could provide default or initial
values (during stack initialization). Reading from the Active Dataset
ensures that the advertised service TXT data is consistent with the
dataset currently in use by the device.
The `ValidateMeshCoPTxtData()` test is updated to reflect this
behavior.
This commit adds public getter functions to acquire a pointer for
the single OpenThread instance or one associated with a provided index.
An index to instance reference getter function was previously implemented
in the core instance interface, but this capability was not publicly accessible.
The accessor function introduced in this commit will now allow for platforms
or application code to perform this mapping. Corresponding changes for the
single instance case are also included.
This commit adds a field UDP port in the property
SPINEL_PROP_BORDER_AGENT_EPHEMERAL_KEY_STATE.
Similar as `SPINEL_PROP_BORDER_AGENT_MESHCOP_SERVICE_STATE`, NCP needs
to sync the UDP port number to the host as well so that the UDP proxy
on the host can correctly map the port and forward the UDP packet to
the NCP.
I missed the field in the previous commit. But since the spinel
property was just added recently and it hasn't been put into usage, I
think it's fine to change the existing spinel protocol.
This prevents the leader from allowing FTD devices' address solicit to
succeed while it is in the attaching state.
Upon processing an advertisement from a different partition, the
leader may evaluate it's own partition to be a singleton vs another
partition with routers and choose to start attaching. If a router is
upgraded during that time, the leader is committed to leaving already
and the other devices on that partition may get stranded if the router
is upgraded.
i.e. The router and other devices may now see the partition as
non-singleton, and if it has a higher partition ID than other
partitions, they will be stuck for the duration of the network ID
timeout.
Introduces a new template helper function `SetToUintMax()` in
`common/num_utils.hpp`. This function sets a given unsigned integer
variable to its maximum possible value.
The `SetToUintMax()` function infers the type of the variable,
ensuring that the correct `NumericLimits<...>::kMax` is used. This
prevents potential bugs where a variable could be assigned the max
value of a wrong `uint` type.
Existing code across different modules is updated to use this new
helper function, improving code safety and robustness.
Make `RoutingManager::GetNextRdnssAddrEntry()` and
`RoutingManager::GetNextIfAddrEntry()` const.
These methods are simple getters that do not modify the state of
`RoutingManager` and call const methods on `mRxRaTracker`. This change
makes them consistent with other similar getter methods in
RoutingManager like `GetNextPrefixTableEntry()` and
`GetNextRouterEntry()`.
The description of the method `otPlatRadioEnableCsl()` requires the platform
to include the CSL IE in the enhanced ACK when the received data frame's source
address matches the CSL receiver's peer address. This commit implements this
requirement in the simulation radio.
Note that `otPlatInfraIfDiscoverNat64Prefix` has an empty
implementation now and it always returns UNIMPLEMENTED error. So now
we constantly see the warn log on devices, which is confusing.
Expands and reorganizes the `cli debug` commands list to provide a
more comprehensive diagnostic snapshot of a device's state.
Key enhancements include:
- Expanded State Information: Adds commands for general device state
(uptime, netstat), detailed neighbor connection times, and mesh
topology diagnostics.
- Comprehensive Border Router Data: Includes detailed information for
multi-AIL status, discovered peer BRs, infrastructure routers, and
DNS-SD tables.
- Detailed Counters & History: Adds specific counters for IP, MAC,
MLE, and BR modules, along with network history for prefixes,
routes, and neighbors.
Consolidates the two overloaded `Peer::Matches()` methods for service
and host name matching into a single method.
This change introduces a new `NameMatchType` enum, which is used to
specify whether to match against a service name or a host name. This
removes the need for the now-unnecessary `ServiceNameMatcher` and
`HostNameMatcher` structs, simplifying the calling code and the `Peer`
class.
This change enhances `NetDataBrTracker` to support filtering of Border
Routers.
The `NetDataPeerBrTracker` is renamed to `NetDataBrTracker` to reflect
that it can now track all Border Routers, not just peers.
A new `Filter` enum is introduced with `kAllBorderRouters` and
`kExcludeThisDevice` options. This allows callers to specify whether
to include the current device in the list of Border Routers.
The `CountPeerBrs()` and `GetNext()` methods are updated to
`CountBrs()` and `GetNext()` respectively, and now accept a `Filter`
parameter.
This change provides more flexibility to the `NetDataBrTracker` and
makes the code more reusable. The unit tests are also updated to
clean up resources to avoid heap allocation leaks at the end of
tests.
This change enhances the move semantics for heap-allocated container
classes (`Array`, `Data`, and `String`) by introducing a consistent
pattern.
A new `Move()` method is added to `Heap::Array`, `Heap::Data`, and
`Heap::String`. This method returns an rvalue reference to the object,
making the intent to transfer ownership explicit at the call site.
The existing `TakeFrom()` methods are updated to accept an rvalue
reference and now include a check to prevent self-assignment, which
improves robustness.
For consistency, `Heap::Data::SetFrom(Data&&)` and
`Heap::String::Set(String&&)` are renamed to `TakeFrom()`.
All call sites are updated to use the new `foo.TakeFrom(bar.Move())`
pattern, replacing the more verbose and less clear
`static_cast<...&&>(bar)`.
Unit tests are updated to validate the new `TakeFrom()` and `Move()`
semantics, including tests for self-assignment and moving from a
null (empty) container
In `NetDataPeerBrTracker::CountPeerBrs()` method, the `aMinAge`
output parameter is a `uint32_t` but it was incorrectly
initialized to `NumericLimits<uint16_t>::kMax`.
This change corrects the initialization to use the
`NumericLimits<uint32_t>::kMax` to ensure the minimum age
calculation functions correctly over the full 32-bit range.
This change moves the logic for iterating over the `NetDataPeerBrTracker`
entries from `RoutingManager::RxRaTracker::Iterator` directly into the
`NetDataPeerBrTracker::GetNext()` method.
This decouples the `NetDataPeerBrTracker` from the `RoutingManager`'s
iterator implementation, allowing the removal of `RoutingManager` as a
friend class of `NetDataPeerBrTracker`.
This commit also includes smaller enhancements and changes to the
`RoutingManager::RxRaTracker::Iterator`:
- `Iterator::EntryType` is renamed to `PrefixType` for clarity.
- `Iterator::AdvanceToNextEntry()` is renamed to
`AdvanceToNextPrefixEntry()`.
Moves the nested `RoutingManager::NetDataPeerBrTracker` class into its
own standalone class `BorderRouter::NetDataPeerBrTracker` in new
files `br_tracker.cpp` and `br_tracker.hpp`.
`NetDataPeerBrTracker` is now instantiated as a member of `Instance`
and is no longer owned by `RoutingManager`.
There is no logical/behavioral change in the `NetDataPeerBrTracker`
functionality.
Public C APIs `otBorderRoutingGetNextPeerBrEntry()` and
`otBorderRoutingCountPeerBrs()` are updated to get and use the
`NetDataPeerBrTracker` component.
This commit moves the `SlaacAddress` module from `src/core/utils`
to `src/core/net`.
This change also updates the namespace from `ot::Utils` to
`ot::Ip6` and updates all includes and usages throughout the
codebase.
The `SlaacAddress` module was originally placed in `core/utils`
as SLAAC management was historically handled by the platform.
Now that the OpenThread stack manages SLAAC directly, this logic
is better placed under `core/net`.
This allows a node to asses its LinkQuality In to its neighbors.
Similar to what is already available via router info.
Useful when not all its neighbors are routers.
Previously, when the translator ran out of IPv4 addresses or mapping
pool entries, any new NAT64 translation attempt would fail until
earlier entries reached their expiration time. The default expiration
time is long (7200 seconds / 2 hours).
This commit introduces a mechanism to evict existing "stale" mappings
(old but not yet expired) to make room for new ones.
This is handled by the new `EvictStaleMapping()` method, which is
called from `AllocateIp4Address()` and `AllocateMapping()` when
resources are full. A mapping is only eligible for eviction after a
minimum idle period (`kMinEvictTimeout`) which is set to 2 minutes
(matching `UDP_MIN` in RFC 6146).
The eviction logic prioritizes mappings based on protocol usage and
last use time. The preference for eviction, from most to least
preferred, is:
1. ICMP-only mappings
2. UDP (and possibly ICMP) mappings
3. TCP (and possibly other) mappings
If two mappings are in the same category, the one that has been
idle for the longest time is evicted.
This commit also adds a detailed `TestNat64Evict` test case to
validate the eviction logic and priority.
This commit makes NCP send notification to the host when the netif
state changes.
At the beginning we use ThreadHost API to start the thread network on
OTBR NCP which explicitly sends spinel property set command to the NCP
and get response. So the host side can get the latest state of netif
in the response. However if we use the cli command (`ifconfig up`) to
start the thread network, we need the NCP to send a notification to
the host that netif state changes.
I have verified that with the change, the host can receive the update
if we issue `ifconfig up` command.
The noexcept placement new is standard in c++11. This commit adds a
config OPENTHREAD_CONFIG_USE_STD_NEW to allow using <new>. The default
behavior is still using OpenThread's own placement new implementation.
Removes the `IsValidOnLinkPrefix()` helper functions which required a PIO
to have both the on-link (`L`) flag and either the autonomous address
configuration (`A`) or DHCPv6-PD preferred (`P`) flag to be considered
valid.
The `RxRaTracker` is updated to track any received valid PIO as long as
the on-link (`L`) flag is set, regardless of the `A` or `P` flags.
The `OnLinkPrefix` class is updated to store the state of the `A` and
`P` flags from the PIO. These flags are now checked within
`OnLinkPrefix::IsFavoredOver()` to determine if a prefix is eligible
to be a "favored" on-link prefix, but their absence no longer prevents
the prefix from being tracked.
This change ensures that the routing manager is aware of all non-ULA
on-link prefixes (even those with only the L flag set), which correctly
informs the decision to publish a default route.
This commit also:
- Updates `PrefixInfoOption` in `nd6.hpp` to use a `Flags` typedef and
named constants instead of bitmasks.
- Updates `LogPrefixInfoOption` to log the state of L, A, and P flags.
- Adds a new unit test, `TestNonUlaPioWithOnlyOnLinkFlag`, to verify
the new behavior.
This change updates the TREL interface enable logic to depend on two
requesters: the user (via `otTrelSetEnabled` API or CLI) and the
stack (internal, e.g., when the Thread protocol is running).
The TREL interface is now considered enabled only when both the user
and the stack have requested to enable it. By default, the user
preference is 'enabled', allowing the stack to control the state.
A key behavior change is that a user's request to disable TREL is now
persistent. If the user explicitly disables TREL, it will remain
disabled even if the stack stops and restarts (e.g., `ifconfig down`
then `ifconfig up`). The user must explicitly re-enable the TREL
(calling `otTrelSetEnabled(true)`) to allow TREL to operate again.
This is implemented by `Trel::Interface::SetEnabled()` method now
taking a `Requester` enum (`kRequesterUser` or `kRequesterStack`) as
input and tracking `mUserEnabled` and `mStackEnabled` flags
separately.
This commit also updates API/CLI documentation and adds a new test
(`TestTrelUserDisableRenable`) to verify this new behavior.
The current history tracker only records direct transmissions, but
indirect transmissions are also required for debugging. This commit
adds support for tracking indirect transmissions.
This change updates `Radio::Init()` to avoid passing
zero-initialized temporary objects of `Mac::ExtAddress` and
`Mac::KeyMaterial` types.
Instead, it declares local variables and passes them to the setter
methods. This improves code readability and makes the intent more
explicit.
This commit updates the logic in MLE `HandleAnnounce()` for processing
a received Announce message with an older (stale) timestamp.
Previously, only an Announce with a newer timestamp would be
considered for processing and announce attach (trying to attach using
the channel and/or PANID from the received announce). Also, any
device receiving a stale Announce with an older timestamp would send
its own Announce back to inform the sender.
This change updates the behavior regarding the processing of stale
Announce messages:
- A router-eligible FTD still sends an Announce back to help inform
the other device.
- A detached MTD will now process the Announce (wait for a short delay
before trying to attach to the older Dataset). This is useful when
an MTD child device has a newer Dataset but the routers it can hear
are still on a previous, older Dataset.
- An attached MTD now ignores the stale Announce. Since an MTD cannot
become a router to help the device with the older Dataset join the
new Dataset, sending an Announce back from the MTD would be
pointless.
This commit also introduces a test to verify this exact scenario.
A Minimal End Device (MED) is defined by the spec as an MTD whose
receiver is enabled all the time.
This commit fixes the implementation of `IsMinimalEndDevice()` to
match this definition. The previous implementation of this method
would incorrectly accept any MTD config (including SED or MED).
Within the core modules, `IsMinimalEndDevice()` is only used in
`MeshForwarder::UpdateIp6Route()`. This commit updates the logic
in this method to differentiate between an FTD (calling
`UpdateIp6RouteFtd`()) and an MTD (forwarding to parent) by
checking `IsFullThreadDevice()` instead of the previous check
against `IsMinimalEndDevice()` (which was effectively checking
MTD).
This commit also adds a new unit test, `TestDeviceMode()`, to
validate all configurations of `DeviceMode` (SED, MED, FTD) and
verify the behavior of `IsMinimalEndDevice()`.
This change modifies the NAT64 translator to dynamically allocate IPv4
addresses by tracking a range of host IDs within the configured CIDR.
This approach replaces the pre-allocated `mIp4AddressPool`, making it
more memory-efficient by avoiding the storage of an entire address
array.
The translator now maintains `mMinHostId` and `mMaxHostId` derived
from the configured CIDR. When allocating an IPv4 address for a new
mapping:
- If `PORT_TRANSLATION_ENABLE` is enabled, addresses are assigned
sequentially by cycling through the host ID range. Mappings can
share an IPv4 address as they are distinguished by translated port
numbers.
- If `PORT_TRANSLATION_ENABLE` is disabled, a 1-to-1 address mapping
is used. The translator cycles through host IDs to find an unused
IPv4 address. If all addresses are allocated, it attempts to free
expired mappings before failing.
A new test case, `TestNat64CidrAddressReuse`, is added to validate the
address allocation and reuse logic. The test ensures that all
available addresses from a CIDR are used, new requests fail when the
pool is exhausted, and addresses are correctly reused after mappings
expire. It is run against multiple CIDR sizes (`/32`, `/31`, `/30`,
and `/27`) to verify behavior across various configurations.
The definition of the function `HandleMbedtlsExportKeys()` is wrapped
by the macro `MBEDTLS_SSL_EXPORT_KEYS`, but the implementation of the
function `HandleMbedtlsExportKeys()` is not wrapped by the macro
`MBEDTLS_SSL_EXPORT_KEYS`. Which causes `out-of-line definition` compiling errors.
This commit wraps the implementation of the function `HandleMbedtlsExportKeys()`
and the code that calls it with the macro `MBEDTLS_SSL_EXPORT_KEYS`.
The commit adds new spinel properties for ephemeral key feature:
* SPINEL_PROP_BORDER_AGENT_EPHEMERAL_KEY_STATE, for the NCP to update
the ePSKc state to the host
* SPINEL_PROP_BORDER_AGENT_EPHEMERAL_KEY_ENABLE, for the host to
enable/disable the ePSKc feature
* SPINEL_PROP_BORDER_AGENT_EPHEMERAL_KEY_ACTIVATE, for the host to
start the ePSKc mode
* SPINEL_PROP_BORDER_AGENT_EPHEMERAL_KEY_DEACTIVATE, for the host to
stop the ePSKc mode
The commit adds the NCP properties handler in NCP and also adds some
unit tests for the handlers.
This change simplifies the state management logic in the NAT64
translator by removing the `mEnabled` boolean flag. The `mState` enum
is now the single source of truth for the translator's operational
status.
A new `SetState()` method centralizes the actions performed when
transitioning to a new state, such as logging, signaling notifiers,
and clearing active mappings. The `IsEnabled()` helper is introduced
to check if the current state is not `kStateDisabled`.
Consequently, functions like `SetEnabled()` and `UpdateState()` are
updated to use the new `SetState()` function, making state
transitions more explicit and maintainable.
Clang warns that mMetricsValue is less aligned that its
union type. Make the union packed to fix this.
Signed-off-by: Damian Krolik <damian.krolik@nordicsemi.no>
This commit allows binding to multicast address, which means the socket
would only accept frames targeting to a particular multicast address.
This prevents other datagrams destined to the same port being delivered
to this socket.
Note that binding to a multicast address doesn't automatically subscribe
to the multicast group.
This improves debuggability of TCAT client and server, by using one
unified format (hex + ASCII) to show transmitted and received TCAT
data within the TLS session, as well as showing size of the encrypted
(TLS) data. For encrypted data, only size is now shown to avoid
clutter. Showing the hex + ASCII dump allows devs/testers to visually
read TCAT TLVs from screen and identify how all TCAT commands are
processed by the Thread device.
This change replaces the `Translator::Result` enum with the standard
`Error` type to report the outcome of a translation attempt. This
simplifies the implementation and aligns it with the rest of the
codebase.
The mapping from the old `Result` to the new `Error` is as follows:
- `kForward` is replaced by `kErrorNone`
- `kDrop` is replaced by `kErrorDrop`
- `kNotTranslated` is replaced by `kErrorAbort`
The `kErrorAbort` return value signals to the caller that no
translation was performed, and it can proceed with normal processing
of the message.
Additionally, the translation methods are renamed for better clarity.
This commit introduces new types `otNetworkDiagData`,
`otNetworkDiagIp6AddrList`, and `otNetworkDiagChildTable` to
represent common data structures within Network Diagnostic TLVs.
These new types replace the previous anonymous structs within the
`otNetworkDiagTlv` union, improving code structure and readability.
The `mNetworkData`, `mIp6AddrList`, `mChildTable`, and
`mChannelPages` fields now use these named types.
This change adds an explicit check for `mState == kStateActive` at the
beginning of the translation functions.
This single check replaces individual validations for a valid IPv4
CIDR and NAT64 prefix. This simplifies the entry logic and fixes a
bug where the `Translator` could continue performing translations
even after it was explicitly disabled via `SetEnabled(false)`.
Additionally, this change fixes a bug in `TranslateToIp6()` where an
IPv4 message would be incorrectly marked as `kForward` when no IPv4
CIDR was configured (`mIp4Cidr.mLength == 0`). The correct behavior
is to drop the packet, so the result is now set to `kDrop`.
This change renames `GetIp6Prefix()` to `GetNat64Prefix()` to more
accurately reflect its purpose and to harmonize its name with the
existing `SetNat64Prefix()` and `ClearNat64Prefix()` methods.
The related getter methods in the header and implementation files are
also reordered for better organization.
This change introduces a new utility function `CountMatchingBits()` to
calculate the number of matching leading bits between two byte
arrays.
This new fn replaces the now-removed `Ip6::Prefix::MatchLength()`.
The previous implementation was specific to the `Ip6::Prefix`
class. The new generic function is placed in `common/bit_utils` and
is used to update `Ip6::Prefix`, `Ip6::Address`, `Ip4::Cidr`, and
`PrefixTlv`.
A new unit test `test_bit_utils` is added with comprehensive tests for
the new function. The existing tests for `CountBitsInMask` are also
moved into this new test file.
This change moves the `kBitsPerByte` constant and the `BitSizeOf()`
and `BytesForBitSize()` macros from `numeric_limits.hpp` to the
more specialized `bit_utils.hpp` header.
This consolidation places common bit-utility definitions into a more
appropriate, dedicated header, improving code organization and
logical grouping. Headers that relied on these definitions are
updated accordingly.
This commit introduces a mechanism within the `RoutingManager` to
track the IPv6 addresses used by the Border Router itself on the
infrastructure interface, particularly when sending Router
Advertisements. This provides visibility for debugging and
monitoring purposes.
A new data structure, `otBorderRoutingIfAddrEntry`, is added to
represent an address and the time elapsed since it was last used as
the source of an RA.
The tracked addresses can be retrieved using the new public API
`otBorderRoutingGetNextIfAddrEntry` or CLI command `br ifaddrs`.
When `OPENTHREAD_CONFIG_NAT64_PORT_TRANSLATION_ENABLE` is enabled,
multiple `Mapping` entries can exist for the same IPv6 and IPv4
addresses, differing only by their protocol ports.
To distinguish between these entries in logs and diagnostics, this
change updates `Mapping::ToString()` to include the source and
translated port numbers in the generated string output.
This commit introduces a new header file, `common/bit_utils.hpp`, to
consolidate bit manipulation utility functions.
These functions were previously located in `common/num_utils.hpp`.
Moving them to a dedicated file improves code organization and
clarity by separating them from general numerical utilities. All
files that used these functions have been updated to include the new
header.
This commit introduces a new Nexus test to validate the functionality
of the NAT64 translator.
The test is divided into two main parts:
- `TestNat64StateChanges`: Verifies the state management of the
translator. It checks that the translator transitions correctly
between `kStateDisabled`, `kStateNotRunning`, and `kStateActive`
when the feature is enabled/disabled or when the IPv4 CIDR and
NAT64 prefix are configured or cleared. This test also confirms
that state change notifications are properly signaled.
- `TestNat64Mapping`: Validates the address mapping and translation
logic. It ensures that address mappings are correctly created for
new IPv6-to-IPv4 traffic, reused for subsequent packets from the
same IPv6 source, and eventually expire and are removed after a
period of inactivity. It also verifies that the mapping table is
cleared when the configured IPv4 CIDR is changed.
This commit moves two global constants, `kBufferSize` and
`kNumBuffers`, into their respective class scopes to improve
encapsulation and avoid potential name conflicts.
The `kBufferSize` constant is moved into the `Buffer` class as
`Buffer::kSize`. As `kBufferSize` is a generic and commonly used
name, this change prevents potential symbol collisions.
Similarly, the `kNumBuffers` constant is moved into the `MessagePool`
class, as it is exclusively used within that class.
All usages of these constants have been updated throughout the
codebase to reflect their new names.
This commit introduces a new common helper class `ExpirationChecker`.
This class is designed to be used as a "matcher" for finding expired
entries in collections like `LinkedList` or `Array`. It encapsulates
a "now" time and provides an `IsExpired()` method to check if a given
time has passed.
This change consolidates duplicated private similar structs that
previously existed in `RoutingManager`, `Mdns`, and
`SrpAdvertisingProxy`, updating all users to the new common
implementation. This simplifies the code by removing redundancy.
This change updates the management of active NAT64 mappings to use an
`OwningList`.
To support this, the `Mapping` struct now inherits from
`InstanceLocatorInit` and includes a new `Free()` method. This method
encapsulates the logic for releasing the associated IPv4 address and
the `Mapping` entry back to their corresponding pools.
This new design simplifies the `Translator` class by removing the
redundant `ReleaseMapping()`, `ReleaseMappings()`, and
`ReleaseExpiredMappings()` methods. All mapping cleanup operations
are now handled by the `OwningList` class (which invokes
`Mapping::Free()` on entries as they are removed).
Adding two extensions:
1. Add an api function to configure a response fallback callback with
`otCoapSetResponseFallback`.
2. Enable fire and forget for NON requests, supporting requests which
do not expect a response.
The mix-in helper classes like `Clearable<T>`, `Equatable<T>`, and
`Unequatable<T>` are intended for CRTP style inheritance, where `T`
is the derived class itself. A mistaken inheritance, such as `class
Foo : public Clearable<Bar>`, can compile successfully but lead to
subtle bugs.
This change enforces the correct CRTP usage at compile time. By making
the constructors of these helper classes `private` and declaring the
derived template class `T` as a `friend`, any incorrect inheritance
will now result in a build failure. This approach correctly detects
such a mistake, even if `Foo` and `Bar` happen to be `friend`s of
each other.
Additionally, `Equatable<T>` is updated to provide both `operator==`
and `operator!=`, removing its dependency on `Unequatable<T>`. This
change allows us to apply the `private` constructor enforcement to
`Equatable<T>` as well.
This commit simplifies the implementation of `SendMessage()` by
changing its parameter from a `Message` reference to an `OwnedPtr`.
The `OwnedPtr` now manages the lifetime of the message, ensuring it is
always freed, whether the translation and send operation succeed or
fail. This change removes the need for a manual tracking flag and an
explicit `Free()` call in the error path, resulting in cleaner and
more robust code.
This change enhances the unit tests for the NAT64 `Translator` to
improve readability. The key improvements include:
- Replaced raw hex dumps of packets with new helper functions that
parse and log IPv4/IPv6 headers in a human-readable format.
- Simplified the counter tests and validation of the
`ProtocolCounters`.
- Reworked the main test case functions, `Verify6To4()` and
`Verify4To6()`, to leverage the new logging and verification
helpers for better output.
The `Cidr` class was incorrectly inheriting from `Clearable<Address>`
instead of `Clearable<Cidr>`. This oversight meant that calling
`Clear()` on a `Cidr` object would not clear its `mLength` member,
only the `mAddress` field. This change corrects the template
parameter for the `Clearable` base class to `Cidr`, ensuring the
entire object is properly zeroed out.
This bug could cause issues in the NAT64 translator. When a user calls
`otNat64ClearIp4Cidr()` to disable translation, the underlying
`mIp4Cidr.Clear()` method would fail to clear the CIDR length. The
`Nat64::Translator` would check `mIp4Cidr.mLength > 0` in its
`UpdateState()` method to determine if a valid CIDR is configured.
Because `mLength` was not cleared, this check would pass incorrectly,
causing NAT64 translation to continue with an invalid,
partially-cleared CIDR instead of stopping as expected.
This change updates multiple modules to consistently use
`Get<Mle::Mle>()` for accessing the MLE component, removing the need
for local `Mle::Mle &mle` references.
This approach aligns with the common `Get<Module>()` access pattern
used across the codebase, improving consistency.
Previously, a NAT64 mapping's lifetime was only extended upon its
initial allocation. This meant that if an existing mapping was found
and reused, its expiration timer would not be refreshed, potentially
leading to its premature removal.
This change moves the `mapping->Touch()` call from `AllocateMapping()` to
`TranslateFromIp6()`. This ensures that a mapping's lifetime is
extended every time it is used for translation, whether it is newly
allocated or an existing one being reused.
This change introduces `ShouldRegisterMulticastAddrsWithParent()` to
consolidate the logic for determining when a child should register
its multicast addresses with its parent, thereby avoiding repeated
code.
The criteria for registration remain the same: a child registers its
multicast addresses if it is a Sleepy End Device (SED), or if it is a
Minimal End Device (MED) and its parent is running Thread 1.2 or a
later version.
The logic for sharing an IPv4 address, intended for scenarios with a
small address pool (CIDR prefix > /28), was incorrectly being applied
even when port translation was disabled.
When `OPENTHREAD_CONFIG_NAT64_PORT_TRANSLATION_ENABLE` is disabled,
each mapping requires a unique IPv4 address. The previous
implementation would incorrectly reuse the same address from the
pool.
This commit makes the address sharing logic conditional on the
`OPENTHREAD_CONFIG_NAT64_PORT_TRANSLATION_ENABLE` configuration. When
disabled, the translator now correctly allocates a unique IPv4
address for each mapping and returns it to the pool upon release.
This commit improves the NAT64 address mapping iterator to ensure the
remaining lifetime for all mapping entries is reported consistently.
The iterator now internally stores a timestamp upon initialization.
This timestamp is then used as a common reference to calculate the
remaining lifetime for each `otNat64AddressMapping` entry, ensuring
consistent values throughout a single iteration.
The public C APIs remain unchanged, while the underlying implementation
and the `otNat64AddressMappingIterator` struct are updated.
This change introduces `RouterUpgradeReasonToString()` to provide
human-readable strings for router upgrade reasons, which is used to
enhance logging in `BecomeRouter()` and `ProcessAddressSolicit()`.
These additions provide clearer insight into why a device is
attempting to become a router, aiding in debugging and network
analysis.
This commit places the `mSrcPortOrId` and `mTranslatedPortOrId`
members of the `Translator::Mapping` struct under the
`OPENTHREAD_CONFIG_NAT64_PORT_TRANSLATION_ENABLE` build-time flag.
This optimization reduces the memory footprint of each `Mapping` entry
and the `mMappingPool` when the NAT64 port translation feature is
disabled.
This change streamlines NAT64 mapping management by removing the
`FindMapping()` and `FindOrAllocateMapping()` helper methods.
Following recent simplifications, such as adding new `Matches()`
flavors, the logic within these `Find` methods became much
simpler. Their functionality is now incorporated directly into
`TranslateToIp6()` and `TranslateFromIp6()`, respectively.
Additionally, the `Mapping::Touch()` method is simplified to no longer
require the current time as an argument. It now retrieves the time
internally.
This commit introduces several cleanups and smaller improvements to
the IPv4 types.
- Optimizes `Cidr::ToString(StringWriter&)` by writing the address
directly to the provided writer, avoiding the allocation of a
temporary `String` object.
- Moves the IPv4 header field offset constants from the public
`ip4_types.hpp` header into the unit test file, as this was their
only place of use. This cleans up the `Ip4::Header` public API.
- Replaces hardcoded values for address and string sizes with the
corresponding `OT_IP4_*` definitions for consistency.
- Corrects the format specifier in `Address::ToString()` from `%d` to
`%u` to properly print unsigned octet values.
This change introduces a new history list to record the DHCPv6 Prefix
Delegation (PD) state and the delegated prefix.
The recorded history can be iterated using the new API
`otHistoryTrackerIterateDhcp6PdHistory()` and viewed from the CLI
using the new `history dhcp6pd` command.
This commit adds a test case to `TestMultiPacket` to validate the
correct eviction of pending truncated queries.
The test scenario sends the same truncated query multiple times,
followed by a query containing a matching known answer. It then
verifies that no response is sent, confirming that the initial
pending queries were successfully evicted from the message queue.
This validates the fix from #11854.
This change updates the `Mapping::Matches` methods to accept
`Ip4::Headers` and `Ip6::Headers` objects instead of separate IP
address and port arguments.
This simplifies the callers `FindOrAllocateMapping` and `FindMapping`
by encapsulating the conditional logic for port translation within
the `Mapping::Matches` methods. This allows for a single, unified
`FindMatching` method on the active mappings list.
This commit changes the `RxMsgEntry` allocation check from `OT_ASSERT`
to `VerifyOrExit`. This ensures that a heap allocation failure for a
multi-packet RX message results in the message being gracefully
dropped, allowing network operation to continue instead of
asserting.
Additionally, `AddNew()` now removes any existing multi-packet message
entries from the same sender before attempting to allocate a new
`RxMsgEntry`. This helps to reclaim resources and prevent stale
entries.
This change also fixes a use-after-release bug by ensuring
that the `aRxMessagePtr` (an `OwnedPtr`) is not accessed after its
ownership is transferred by the `newEntry->Add(aRxMessagePtr)`
call.
This commit simplifies and enhances the NAT64 translator's counter
implementation.
- The `mProtocolCounters` and `mErrorCounters` are explicitly cleared
in the `Translator` constructor, ensuring they are properly
zero-initialized.
- The `ErrorCounters` C++ wrapper class is removed, and the counters
are now updated directly based on `DropReason`.
- The `ProtocolCounters::Count*Packet()` methods are updated to accept
`Ip6::Headers` and `Ip4::Headers` inputs directly, which simplifies
the call sites.
- Private helper methods, `Update6To4()` and `Update4To6()`, are
introduced in `ProtocolCounters` to reduce code duplication when
incrementing packet and byte counts.
This commit introduces two new `static` helper methods,
`GetSourcePortOrIcmp6Id()` and `GetDestinationPortOrIcmp4Id()`, to
the `Translator` class. This eliminates repeated similar code and
improves overall readability.
This commit enhances the `HistoryTracker` to record information about
routers discovered on the Adjacent Infrastructure Link (AIL).
This feature is applicable when the device operates as a Border
Router, providing a mechanism to monitor the history of changes to
the discovered AIL routers for debugging and network analysis.
The history tracker records events when an AIL router is added,
removed, or when its tracked information changes. The recorded
information includes:
- The IPv6 address of the router
- Default router status and its preference
- RA flags: 'M' (Managed Addr), 'O' (Other), 'S' (SNAC Router)
- Operational information:
- Whether the router is a local entity (on same device)
- Reachability status
- Whether it is a peer Border Router on the same Thread mesh
- The favored advertised on-link prefix by this router (if any)
A new public API, `otHistoryTrackerIterateAilRoutersHistory()`, is
added to iterate over the recorded AIL router history. A
corresponding CLI command, `history ailrouters`, is also included to
display this information.
This commit updates the `Translator` class to improve code style,
readability, and consistency with the OpenThread coding conventions.
This is a pure refactoring commit with no intended logic changes. Key
changes include:
- Renamed types and variables for brevity (e.g., `AddressMapping` to
`Mapping`).
- Renamed members within the `Mapping` struct for clarity(e.g., `mIp4`
to `mIp4Address`).
- Standardized local variable names (e.g., `err` to `error`).
- Added `const` to methods that do not modify the class state.
- Improved and reformatted Doxygen and inline comments.
This commit improves the organization of `mle.cpp` by grouping all
`Attacher` method definitions together.
When the `Attacher` class was introduced in #11835, its method
definitions were intentionally kept in their previous order to
minimize the `git diff` for easier review. This resulted in the
`Attacher` methods being interleaved with other `Mle` methods.
This commit acts as a follow-up to rearrange the file and group all
`Attacher` methods into a dedicated section for better readability
and organization.
No logic changes are included in this commit.
This change introduces a `--log-level` option to the `build.sh`
script, allowing the `OPENTHREAD_CONFIG_LOG_LEVEL` to be specified at
build time.
The supported log levels are `NONE`, `CRIT`, `WARN`, `NOTE`, `INFO`,
and `DEBG`. The default level is set to `INFO`.
The CI workflow is updated to test builds with all the supported log
levels.
This commit enhances the `FindContext()` methods and converts the
`Lowpan::Context` struct into a class.
The `FindContext()` methods are updated as follows:
- Renamed to `FindContextForAddress()` and `FindContextForId()` to
more accurately reflect their function.
- The return type is changed from `Error` to `void`. Success is now
indicated by checking the `IsValid()` state of the output `Context`
object (matching how `Lowpan` class uses the `Context`). This
change simplifies the callers and harmonizes the context check
across different modules.
The `Lowpan::Context` struct is converted into a class, encapsulating
its members by making them private and introducing public getters.
This commit makes several updates to enable and fix NAT64 unit test
- Enables the NAT64 translator in `toranj` test configs, ensuring
that the `test_nat64` unit test is now covered by the GitHub
Actions CI (under the `toranj` workflow).
- Enable `OPENTHREAD_CONFIG_NAT64_PORT_TRANSLATION_ENABLE` for the POSIX
`toranj` build while disabling it for the simulation build, ensuring
both configurations are built and covered by CI.
- Fixes the `test_nat64` unit test by removing an incorrect
"mapping pool exhausted" step. This step is now invalid as the pool
size is configured to a much larger value (254) via
`OPENTHREAD_CONFIG_NAT64_MAX_MAPPINGS`.
This commit resolves compiler warnings/errors related to potential
integer overflows and unsafe narrowing conversions.
- The type of `mTxRequestAheadTimeUs` is changed from `uint16_t` to
`uint32_t` to avoid potential overflow when calculating the TX
time.
- A `ClampToUint16()` utility is now used before setting the
rendezvous time. This safely converts the calculated
`rendezvousTimeUs` to a 16-bit integer, preventing a narrowing
conversion warning.
This commit introduces `Publish()` and `Unpublish()` private helper
methods in `Nat64PrefixManager` to encapsulate and centralize the
logic for managing the published NAT64 prefix in the Network Data.
- `Publish(aPrefix, aPreference)` adds the given prefix to the Network
Data. It handles removing any previously published prefix if the
new prefix or preference differs.
- `Unpublish()` removes the currently published NAT64 prefix from the
Network Data, if one exists.
These new helpers simplify the logic within the `Evaluate()` and
`Stop()` methods, reduce code duplication, and improve overall
clarity.
This commit fixes a build failure that occurs when the log level is
set to `NOTE`.
A previous change (#11507) updated some `MeshForwarder` logging
methods from the `NOTE` to `INFO` level (e.g., `LogFrame()`).
However, these methods remained grouped with `NOTE`-level methods
under a single `OT_SHOULD_LOG_AT(OT_LOG_LEVEL_NOTE)` preprocessor
guard.
This mismatch caused a build failure when `OT_LOG_LEVEL_NOTE` was
enabled (unused parameter warnings).
To resolve this, this commit separates the logging methods into their
respective `OT_SHOULD_LOG_AT()` guards based on their actual log
level (`INFO` or `NOTE`).
This commit renames `GetPreferredNat64Prefix()` to
`FindPreferredNat64Prefix()`.
The new name better aligns with the method's behavior, as it searches
for a preferred NAT64 prefix in the Network Data and can return
`kErrorNotFound`. This change also harmonizes the method name with
other similar `Find...()` methods in the `NetworkData` class.
This commit introduces a new `Mle::Attacher` class to encapsulate all
logic and state related to the device attach process.
This change moves the attach state machine, parent candidate
management, attach timer, and message handling for Parent Request,
Parent Response, Child ID Request, and Child ID Response from `Mle`
into the new nested `Attacher` class.
This refactoring improves code organization and modularity by
separating the attach logic from the main `Mle` class.
This commit adds checks to prevent potential integer overflow issues
within the `Message` class.
Previously, calculations involving message offset and length, such as
`offset + length`, assumed the caller would provide values within a
safe range. However, in some edge cases where larger values are
given, this addition could wrap around. This could lead to incorrect
behavior, potential memory corruption, or assertion failures.
To address this, this change introduces a new generic utility
function, `CanAddSafely()`, to detect unsigned integer addition
overflows. This check is now applied in the following `Message`
methods to validate lengths and offsets before performing
arithmetic:
- `AppendBytes()`: Returns an error if `offset + length` overflows.
- `AppendBytesFromMessage()`: Returns an error on overflow.
- `GetFirstChunk()`: Safely clamps the read length to the available
message length.
- `WriteBytes()`: Asserts if `offset + length` overflows.
Unit tests for the new `CanAddSafely()` utility are included, covering
`uint8_t` and `uint16_t` cases.
This commit adds checks to prevent potential integer overflow issues
within the `Message` class.
Previously, calculations involving message offset and length, such as
`offset + length`, assumed the caller would provide values within a
safe range. However, in some edge cases where larger values are
given, this addition could wrap around. This could lead to incorrect
behavior, potential memory corruption, or assertion failures.
To address this, this change introduces a new generic utility
function, `CanAddSafely()`, to detect unsigned integer addition
overflows. This check is now applied in the following `Message`
methods to validate lengths and offsets before performing
arithmetic:
- `AppendBytes()`: Returns an error if `offset + length` overflows.
- `AppendBytesFromMessage()`: Returns an error on overflow.
- `GetFirstChunk()`: Safely clamps the read length to the available
message length.
- `WriteBytes()`: Asserts if `offset + length` overflows.
Unit tests for the new `CanAddSafely()` utility are included, covering
`uint8_t` and `uint16_t` cases.
Introduces macros to suppress a known false-positive GCC warning
"-Wstringop-overflow=0" which can be triggered when manipulating
network data.
The `AddHasRoute()`, `AddBorderRouter()`, and `AddServer()` methods
shift and update the network data bytes, which may involve inserting
or updating a sub-TLV within an existing TLV. This can trigger a
"writing x byte into a region of size 0" error on some GCC
toolchains.
This change adds the `OT_SUPPRESS_GCC_STRING_OP_BEGIN` and
`OT_SUPPRESS_GCC_STRING_OP_END` macros to silence this specific
warning within these code blocks.
This change updates the `NetworkDataTlv` class to use common bit
manipulation helper functions (`ReadBits`, `WriteBits`, `SetBit`,
`GetBit`, `ClearBit`).
This change replaces the manual bit masking and shifting for accessing
the `Type` value and the `Stable` flag with calls to the new helpers.
The member variable `mType` is also renamed to `mTypeAndStableFlag` to
more accurately reflect its contents.
This commit ensures that the Network Diagnostic server correctly
handles duplicate TLV types within a "Diagnostic Get" request.
Previously, if the `TypeList` TLV in a request contained duplicate
type entries, the server would process each one, leading to redundant
diagnostic TLVs being appended to the response message.
This is now fixed by using a `BitSet` to track the TLV types that have
already been processed from the request. If a duplicate type is
encountered, it is skipped, ensuring that each requested diagnostic
TLV is added to the response only once. This logic is applied to both
the standard and TCAT-specific request handling paths.
This commit introduces a new `AddrSolicitInfo` struct to encapsulate
all parameters related to an Address Solicit request and its
processing outcome.
The processing of a TMF Address Solicit is broken down into two new
methods:
- `AddrSolicitInfo::ParseFrom()`: Handles parsing the incoming CoAP
message.
- `ProcessAddressSolicit()`: Contains the logic for deciding whether
to grant a router ID based on the parsed request.
This change separates parsing from processing logic, improving code
structure and readability without any functional changes.
This commit introduces the `Mle::Aloc16` helper class to encapsulate
constants and helper methods related to Anycast Locators (ALOC16).
The new class provides static helpers for:
- Checking if a given ALOC16 has a specific purpose (e.g., Service,
DHCPv6 Agent, Commissioner, Primary BBR).
- Converting between an ALOC16 and its related service, context, or
session ID.
All existing code is updated to use the new helper methods. This
improves code readability and centralizes ALOC16 management.
This commit extracts the logic for selecting a leader ID and a
partition ID out of the `BecomeLeader()` method into two new private
helper methods: `SelectLeaderId()` and `SelectPartitionId()`.
This is a pure refactoring that does not alter behavior. It improves
the readability and maintainability of the `BecomeLeader()` method by
simplifying its implementation.
This change introduces a new `MessageFramer` class to encapsulate the
logic for preparing MAC data frames.
This change improves code modularity and separation of concerns by
isolating the frame preparation logic (MAC headers, mesh headers,
6LoWPAN compression, and fragmentation) from the message forwarding
responsibilities of `MeshForwarder`.
Classes such as `MeshForwarder`, `IndirectSender`, and
`DataPollSender` are updated to use the new `MessageFramer` class.
This commit enhances MPL option processing and validation.
Previously, the MPL option was processed immediately upon being found,
and multiple MPL options in the same message were accepted. This
could allow a malformed IPv6 message to be buffered for MPL
re-transmission multiple times with different seed IDs.
This change ensures the code first iterates through and validates all
included options within a Hop-by-Hop extension header, enforcing that
at most one MPL option is present before processing.
This is implemented by splitting `Mpl::ProcessOption()` into
`ReadAndValidateOption()` and a new version of `ProcessOption()` that
acts on a pre-validated `MplOption`.
This commit adds support to `HistoryTracker` to record the history of
favored on-link prefixes on the AIL.
It introduces the `otHistoryTrackerFavoredOnLinkPrefix` structure and
a new API, `otHistoryTrackerIterateFavoredOnLinkPrefixHistory()`, to
access the recorded data. The new CLI command `history onlinkprefix`
is added to display the tracked history, showing the prefix, its age,
and whether it is local to the Border Router.
This change moves the service ALOC management logic from the `Mle`
module to `NetworkData::Service::Manager`.
This change simplifies the code by consolidating responsibilities.
Since the `NetworkData::Service` module manages service entries in
the Network Data, it is the logical owner for managing the associated
service ALOCs.
This commit reorders method implementations in the source file
`network_data_service.cpp` to group them within their respective
`Iterator` and `Manager` class sections.
In PR #11680, the `Iterator` class was enhanced to be a separate class
from `Manager`. The method definitions in the `.cpp` file were kept
in their original order at that time to simplify the review by
keeping the `git diff` smaller.
Separator comments are also added to both the `.cpp` and `.hpp` files
to improve code structure and readability.
No functional changes are introduced.
This commit replaces hardcoded magic numbers for RLOC addresses with
their corresponding named constants from the `Mle` namespace.
- The DHCP Agent RLOC is now set using `Mle::kAloc16DhcpAgentStart`.
- The invalid RLOC address `0xfffe` is replaced by `Mle::kInvalidRloc16`.
This change improves code readability and maintainability. Redundant
comments were also removed.
This change updates the `NetworkData` iteration methods to reduce
redundant code and simplify their use.
Previously, separate methods were defined to iterate over different
types of network data entries (e.g., `GetNextOnMeshPrefix()`,
`GetNextExternalRoute()`). This change unifies these into a single
template method, `NetworkData::GetNext<EntryType>()`. A similar
change is applied to unify the corresponding `Contains...()`
methods into a single template.
This commit replaces the boolean `aIsLast` parameter in the
`AnswerTlv::Init()` method with an `enum IsLastFlag`.
This change improves the readability and type-safety of the code when
specifying whether an answer is the last one in a network diagnostic
query.
This change ensures that a parent device in the process of detaching
from the network ignores incoming "Parent Request" and "Child Update
Request" messages.
A new `Detacher::IsDetaching()` method is added to check for this
state. This prevents potential inefficiencies that could arise if
these requests were responded during the detachment procedure.
Since llvm-19, if we use package manager to install it, the minor
versions could be different. This commit standardizes the version on
linux to 19.1.7. This version is the same as the one installed by
homebrew.
fix parsing of
* dns_resolve4 returns a synthesized ipv6 address, but parsing expected an ipv4 address
fix csl methods
* add support for getting csl uncertainty/accuracy
* add support for setting the csl channel
* remove the non existing get_csl_period
renames variables/arguments that had a python builtin name
This commit introduces a verbose logging feature in the mDNS module to
aid in development and debugging by providing detailed logs of mDNS
traffic.
The feature is enabled at build-time via the config option
`OPENTHREAD_CONFIG_MULTICAST_DNS_VERBOSE_LOGGING_ENABLE`
(mapping to the `OT_MDNS_VERBOSE` CMake option). When enabled,
logging can be controlled at run-time using the new
`otMdnsSetVerboseLoggingEnabled()` API and the corresponding
`mdns verboselogging` CLI command.
The initial state on startup can be configured using
`OPENTHREAD_CONFIG_MULTICAST_DNS_DEFAULT_VERBOSE_LOGGING_STATE`
(mapping to the `OT_MDNS_VERBOSE_STATE` CMake option).
When active, this feature logs the content of every sent and received
mDNS message, including the header, questions, and all resource
records. The logs are emitted at the `OT_LOG_LEVEL_NONE` level to
ensure they are always captured, regardless of the active log level
configuration.
Adds a new `README_MDNS.md` file to provide a comprehensive guide for
the `mdns` CLI command.
The guide includes:
- A quick start section with examples.
- A full list of all available sub-commands.
- Detailed explanation and usage examples for each sub-command.
This commit updates the challenge/response mechanism used when a
detached device sends a "Child Update Request" to restore its role as
a child.
Previously, this process shared the `mParentRequestChallenge` with the
parent search mechanism. This logic is now consolidated within the
`PrevRoleRestorer` class, which now manages the generation and
tracking of the `TxChallenge` used in "Child Update Request".
This change simplifies the `Mle` class design and makes the child role
restoration logic separate from the parent search and attach process.
This separation allows for future enhancements where a device may run
both mechanisms in parallel.
This commit adds support for tracking the history of the favored OMR
prefix on a border router. A new public API and the corresponding
`history omrprefix` CLI command are added to retrieve the recorded
history.
A new `otHistoryTrackerFavoredOmrPrefix` type is introduced to
represent an entry in the history. Each entry includes the OMR
prefix, its preference, and a boolean flag `mIsLocal` indicating
whether the prefix is the same as the one maintained locally by the
border router. The local OMR prefix can be based on either a randomly
generated ULA or a prefix delegated via DHCPv6-PD.
This commit updates `AesCcm::Payload()` to support a `nullptr` for the
output buffer. When decrypting, the `aPlainText` can be null, and
when encrypting, `aCipherText` can be null.
This change is useful when the caller only needs the authentication
tag and does not require the actual decrypted or encrypted payload,
thus avoiding the need to provide a temporary output buffer.
This is leveraged to simplify the MAC frame processing under fuzzing
build (`OPENTHREAD_FUZZ_FUZZER_BUILD`), removing a large
stack-allocated buffer (`kFuzzMaxFrameSize`).
This change enhances the favored on-link prefix selection logic within
the `RoutingManager::OnLinkPrefixManager`.
It introduces two new prefix state variables:
- `mAilPrefix`: Tracks the on-link prefix discovered from Router
Advertisements received on the Adjacent Infrastructure Link
(AIL). This renames the previous `mFavoredDiscoveredPrefix`.
- `mFavoredPrefix`: Tracks the final selected favored prefix, which
can be either the local prefix or the `mAilPrefix`.
The setters `SetAilPrefix()` and `SetFavoredPrefix()` are added to
manage these state changes and provide additional logging.
The temporary buffer used in `RxFrame::ProcessReceiveAesCcm` under
fuzzing build is increased to 1280 bytes. This change allows for
fuzzing of larger TREL frames. A new constant `kFuzzMaxFrameSize` is
introduced for this purpose.
When using OPENTHREAD_CONFIG_TREL_MANAGE_DNSSD_ENABLE the TREL peer
discovery platform code is not needed anymore.
Added otPlatTrelNotifyPeerSocketAddressDifference under the same
logic as the rest of the TREL platform API that is not used
when OPENTHREAD_CONFIG_TREL_MANAGE_DNSSD_ENABLE is true.
Signed-off-by: Marius Preda <marius.preda@nxp.com>
The treatment of the Command ID field in a MAC command frame is
dependent on the IEEE 802.15.4 version. In the 2015 specification,
it is part of the encrypted payload, while in earlier versions, it
is part of the unencrypted MAC header. The `FindPayloadIndex()`
method correctly accounts for both cases.
This commit enhances the frame parsing and validation logic to account
for this difference.
- `ValidatePsdu()` is updated to ensure the frame is long enough to
contain the Command ID when validating a 2015-version frame.
- `GetCommandId()` is updated to validate the presence of the Command
ID field before access, fixing a potential out-of-bounds read.
- A new `IsMacCommand()` helper method is introduced to improve code
clarity and replace direct frame type checks.
The Status TLV is used in several TMF messages (Address Solicit, DUA
Registration, MLR), and the meaning of its value is
context-dependent.
This commit refactors the TLV definitions by moving the status enums
from the generic `ThreadStatusTlv` class into the modules where they
are used.
The main changes are:
- The Address Solicit status is split into two more specific enums:
- `RouterUpgradeReason` for Address Solicit requests.
- `AddrSolicitResponse` for Address Solicit responses.
- `MlrStatus` and `DuaStatus` enums are moved to `mlr` and `dua`
modules respectively.
- `ThreadStatusTlv` is simplified to a `typedef`.
This change improves code clarity, modularity, and type safety by
ensuring that status codes are defined and used within their proper
context.
We just updated the version from 14 to 16. But very unfortunately
clang-format-16 was just deprecated recently. So this time we update
the version to the latest available one. There are newer releases than
19 (like 20) but as I tested, sudo apt-get install -y clang-format-19
can work while 20 doesn't work.
misc-include-cleaner in clang-tidy-19 exerts a very strict check which
requires to directly include all headers for every symbols in the
source file. However in our current code we intentionally use some
indirect include. So this commit disables misc-include-cleaner.
This change fixes a potential use-after-free issue in the
`PeerDiscoverer::HandleTxtResult()` method.
When processing a TXT record, the corresponding `Peer` object could be
removed if it was identified as the device itself. However, a
subsequent call to `UpdatePeerState()` would still use the dangling
reference to the removed `Peer` object.
The fix merges the logic from the now-removed `ProcessPeerTxtData()`
method directly into `HandleTxtResult()`. After a `Peer` is removed,
the local `peer` pointer is set to `nullptr`, and the call to
`UpdatePeerState()` is guarded by a null check to prevent using
the invalid pointer.
This commit renames `IsExpectedToBecomeRouterSoon()` to
`WillBecomeRouterSoon()` to better reflect its behavior.
The implementation is simplified by using the `VerifyOrExit` pattern
instead of a single complex boolean expression, which improves code
readability.
This change introduces new APIs to allow configuration of the response
timeout for mesh diagnostic queries. A corresponding CLI command
`meshdiag responsetimeout` is also added to get or set the timeout
value.
When set, the new response timeout is used for subsequent queries and
does not affect any that are ongoing. The timeout value is clamped
between 50 milliseconds and 10 minutes to ensure it stays within a
reasonable range.
This commit refactors `Utils::HistoryTracker` by moving it into its
own dedicated `ot::HistoryTracker` namespace for better code
organization.
The main implementation class is renamed from `HistoryTracker` to
`Local`, making the new class `ot::HistoryTracker::Local`. This
allows additional components (like server and client) to be defined
within the `HistoryTracker` namespace.
Nested types, such as `Iterator`, are now direct members of the new
`HistoryTracker` namespace.
Commit adds check if commissioning is possible and if the tcat device is already commissioned.
Adds advertisement update on disconnected and role change.
Fixes key handling for key references.
Fixes the authorization processing.
Implements recent changes of the application TLVs.
This commit moves the child ID allocation logic from `Mle` to
`ChildTable`.
A new `AllocateNewChildRloc16()` method is added to `ChildTable` to
contain the allocation logic, and the `mNextChildId` counter is moved
to `ChildTable`. `Mle` is updated to use this new method.
This refactoring improves code encapsulation by making the
`ChildTable` responsible for managing all aspects of the children it
contains, including ID allocation.
The `kIndexMask` within `AnswerTlv` was incorrectly defined as `0x7f`,
which only covers the lower 7 bits of the `mFlagsIndex` field. This
would improperly truncate the message index value.
This change corrects the mask to `0x7fff`, which properly utilizes the
lower 15 bits for the index, while the most significant bit remains
reserved for the `kIsLastFlag`.
This commit introduces `Mle::PrevRoleRestorer` to consolidate the
logic for restoring a device's previous role (child or router/leader)
after an MLE restart.
This new class replaces and encapsulates the functionality from the
now-removed `RouterRoleRestorer` class and `RestorePrevRole()` method.
`PrevRoleRestorer` manages its own timer and retransmission logic. It
handles sending Child Update Requests to restore a child role, or
multicast Link Requests to restore a router/leader role. It also adds
a small random delay before the first transmission attempt to avoid
synchronized transmissions when multiple devices restart at once.
This change simplifies the `Mle` class by centralizing all role
restoration logic into a single component, making future enhancements
to this process easier.
This commit introduces a new feature in `HistoryTracker` to track
Network Data DNS/SRP unicast/anycast address entries. This new
functionality records when different Border Routers add or remove
these entries in the Network Data. This change also introduces new
public APIs and CLI command `history dnssrpaddr` to expose this
information.
This commit simplifies the `Settings` API by modifying all "Save"
and "Delete" methods to return `void` instead of `Error`.
Settings operations are required for a Thread device to function, so a
failure to save or delete from non-volatile storage should be treated
as a critical error. Previously, the code effectively ignored these
errors using `IgnoreError()`. This change instead treats any such
failure as a critical error, triggering an assert within the
`Settings` module.
The key changes include:
- `Settings::Save<T>()`, `Delete<T>()`, `DeleteAllChildInfo()`, and
similar methods now return `void`.
- Internal `Settings` methods use `SuccessOrAssert()` to assert on
errors.
- The responsibility for asserting on `kErrorNotImplemented` is moved
to the `SettingsDriver` layer.
This update simplifies the caller logic by removing the need for
`IgnoreError()` at many call sites. Consequently, several methods
that primarily wrapped `Settings` calls, such as `Mle::Store()` and
`BorderAgent::SetId()`, have also been updated to return `void`.
This commit increases the default DNS response timeout config,
`OPENTHREAD_CONFIG_DNS_CLIENT_DEFAULT_RESPONSE_TIMEOUT`, to 7000
milliseconds.
The default value of 7000 is selected to be longer than the
six-second wait time for queries resolved by the Discovery Proxy
(per RFC 8766, Section 5.6, first bullet).
This commit updates the handling of discovery request transmission
completion by using a `TxCallback`.
Previously, `MeshForwarder` contained special-case logic to identify a
discovery request message and would then explicitly call into
`DiscoverScanner::HandleDiscoveryRequestFrameTxDone()`.
This is changed so that `DiscoverScanner` now registers a `TxCallback`
directly on the discovery request message itself.
This commit moves the `Detacher::Detach()` method implementation to
group it with other `Detacher` method definitions.
When the `Detacher` class was added in PR #11723, its methods were
intentionally kept in their original locations to keep the `git diff`
smaller and easier to review.
This is a pure code-move refactoring to improve code organization and
has no functional changes.
This commit introduces `GenerateRandomDelay()`, to simplify the
logic for generating a random delay up to a given max delay.
This is then used through `Mle` class.
This commit implements `ot::Posix::Dhcp6PdSocket`, which provides the
`otPlatInfraIfDhcp6PdClient*` socket-like APIs for use by the core
`Dhcp6PdClient` module.
The `Posix::Dhcp6PdSocket` is a sub-component of `Posix::InfraNetif`.
This commit modifies TREL to disregard mDNS (DNS-SD) service removal
events when updating the peer table. Since mDNS peer removal signals
can be unreliable, this change prevents such signals from causing a
peer's removal. Instead, a peer entry is retained as long as TREL
packets and acks are successfully exchanged, moving towards the goal
of eliminating TREL's dependency on mDNS for peer discovery and
tracking.
This commit also introduces a new mechanism to track the last
interaction time with each peer. This information is used to evict
the least recently used entry when the peer table gets full and to
remove inactive peers after a long expiration period (7.5 min)
passes.
The `test_trel` Nexus test is updated to validate these new
behaviors.
This commit updates `RestorePrevRole()` to directly start the
`RouterRoleRestorer` instead of calling `BecomeRouter()`.
Consequently, `BecomeRouter()` is simplified by removing the logic for
handling the `kRoleDetached` state. The method now focuses on the
child-to-router transition by sending an Address Solicit message, and
its initial role validation is made more explicit.
This change ensures the logic for restoring a previous router/leader
role is separate from the child-to-router transition logic.
This commit introduces a new `Mle::Detacher` class to encapsulate all
state and logic for the graceful detach process. By managing its own
internal state, timer, and completion callback, the `Detacher` class
centralizes the detach logic, improving code clarity and
maintainability.
This commit updates the mechanism for notifying the transmit
completion of a Child ID Request message.
Instead of `MeshForwarder` checking the message type and calling into
`Mle` upon transmit completion, `Mle::SendChildIdRequest()` now
registers a `TxCallback` directly on the message.
This change simplifies `MeshForwarder` by removing the need for it to
be aware of specific `Mle` message types.
This commit resolves a potential unsafe integer conversion warning by
explicitly casting the size of the status sub-TLV to `uint8_t` before
setting the length of the main TLV in
`SendLinkMetricsManagementResponse`.
Additionally, this change enables MLE_LINK_METRICS_SUBJECT_ENABLE`
feature in the `toranj` test configuration, allowing this feature to
be covered under its builds.
This commit adds a check in `RetxTracker::ScheduleTimer()` to ensure
the timer is not scheduled if MLE operations are disabled.
This change improves safety by handling an edge case during the
graceful detach process. In this scenario, a child sends a "Child
Update Request" with a zero timeout and, upon receiving a response,
immediately stops MLE. The added check prevents the retransmission
timer from being incorrectly scheduled after MLE has been stopped.
This commit refactors the IPv6 filter by renaming `Filter::Accept()`
to `Filter::Apply()` and changing its return type from `bool` to
`Error`.
The new method now returns `kErrorNone` for an accepted message and
`kErrorDrop` for a message that should be dropped. This change
improves clarity and aligns the filter's logic with the common
`SuccessOrExit` error handling pattern used throughout the codebase.
This commit changes the workflow trigger event from `pull_request` to
`pull_request_target` so to match the event type that triggers the
`check-size` workflow.
This commit enables the `-Wimplicit-int-conversion` compiler flag for
`ftd`, `mtd`, and `radio` to improve code quality by detecting
potential data loss from implicit type conversions. This is enabled
when clang toolchain is used.
All resulting warnings have been addressed by either:
- Changing variable, parameter, or return types to ensure consistency
and prevent overflows.
- Adding explicit `static_cast` where the type conversion is intended
and safe.
This commit simplifies the `HandleParentRequest()`.
- The logic for detecting duplicate Parent Requests is made more
readable by introducing the `kParentRequestDuplicateTimeout`
constant.
- To reduce unnecessary log noise, checks like `IsRouterEligible()`
or `!IsDetached()` no longer set and return an error. This
prevents logging failure messages for conditions that are not
actual errors.
- Verbose comments are removed in favor of self-documenting code.
This commit changes the `aDelay` parameter type in
`Mle::DelayedSender` methods from `uint16_t` to `uint32_t`.
This update supports specifying message transmission delays longer
than the previous 65-second limit and avoids potential implicit
integer downcasting.
The `test_publish_meshcop_service` is updated to explicitly disable
the border agent before factory resetting `br`. This makes the
test more reliable by ensuring the MeshCoP service is unpublished.
The `test_publish_meshcop_service` is updated to explicitly disable
the border agent before stopping the `otbr-service`. This makes the
test more reliable by ensuring the MeshCoP service is unpublished
before stopping `otbr-service`.
This commit removes the explicit call to disable the `BorderAgent`
during instance finalization. This change prevents issues where the
call may trigger platform interactions that can fail due to the
platform layer being deinitialized before the `Finalize` is called.
This commit enhances the instance shutdown sequence by explicitly
disabling the Border Agent in `Instance::Finalize()`.
Additionally, direct calls to the OpenThread C API, such as
`otThreadSetEnabled()`, are replaced with their corresponding C++
method calls, like `Get<Mle::Mle>().Stop()`.
This commit refactors the `Mle::BecomeLeader()` method to use a new
`LeaderWeightCheck` enum instead of a boolean parameter for checking
the leader weight.
The new enum, with values `kCheckLeaderWeight` and
`kIgnoreLeaderWeight`, makes the intent at the call sites more
explicit and improves code readability by avoiding the ambiguity of a
`true`/`false` flag. The functional behavior remains unchanged.
This commit moves the `Message::Ownership` enum definition to the
`Ip6` class. This enum is exclusively used by the `Ip6` class to
determine whether to clone a message or take direct custody. This
model is not intended for use by other components. `OwnerPtr<>` is
the recommended approach for conveying ownership transfers.
This commit simplifies the `Reattach()` method to improve readability.
The nested `if-else` statements are replaced with a `switch()` to
check `mReattachState`, and specific situations are handled with `if
(condition) { action; ExitNow(); }`.
This commit relaxes the `border_router` test scripts that check mDNS
query results. The test will no longer fail if an expected record
does not appear in the additional section.
This change aligns with RFC 6763 section 12, which specifies that
additional records are recommended but not required. Particularly, a
TXT record is not recommended for an SRV query (section 12.2), and a
TXT query has no recommended additional records (section 12.3).
The test will now validate the additional record if it is present but
will not fail if it is absent.
This commit changes the `SetEnabled()` API to return `kErrorNone` when
the component is already in the requested state (enabled or
disabled). Previously, the method would return `kErrorAlready` in
this scenario. Making this API idempotent simplifies caller logic, as
they no longer need to handle the `kErrorAlready` case.
The radio platform API otPlatDiagRadioTransmitDone() and
otPlatDiagRadioReceiveDone() are the same with the API
otPlatRadioTxDone() and otPlatRadioReceiveDone(). This commit removes
the API otPlatDiagRadioTransmitDone() and otPlatDiagRadioReceiveDone()
to let the MAC layer and the diag module to use the same radio API to
send and receive 154 frames. So that the diag module could process the
ACK frame in the future.
This commit refactors `Mle::Start()` by moving the logic for restoring
the previous role into a new method, `RestorePrevRole()`.
This change simplifies the startup process and improves robustness by
adding more validation checks within `RestorePrevRole()`. The new
method ensures that the previously saved state information is
consistent before it is applied. For example, it verifies that
`mLastSavedRole` matches the saved RLOC16 and that parent information
is valid if the saved role was Child. These checks protect against
loading invalid settings and allow the device to start more quickly
by ignoring inconsistent state.
This commit introduces "auto-enable mode" in mDNS module. When this
mode is enabled, the mDNS module uses the same infrastructure network
interface as the Border Routing manager. The mDNS module is then
automatically enabled or disabled based on the operational state of
that interface. It is recommended to use the auto-enable mode on
Border Routers. New APIs and CLI commands are added to manage this
mode.
This commit also makes the if-index argument optional in `mdns enable`
CLI command. If an index is not provided, the command defaults to
using the Border Router's infrastructure interface. This help
simplify controlling the mDNS state in test scripts.
This commit enhances the `NetworkData::Service::Iterator` class.
The `Iterator` is now a separate class from `Service::Manager`. It
provides `GetNextDnsSrpAnycastInfo()` & `GetNextDnsSrpUnicastInfo()`
methods, simplifying the code for iterating over these service
entries. The `Iterator` is also generalized to track a given
`NetworkData` instance, allowing it to iterate over service entries
on any `NetworkData` object, not just the Leader's.
This commit updates the `EnergyScanServer` to use an `OwnedPtr<>` for
its `mReportMessage` member.
This change ensures that the allocated report message is correctly
freed when the `otInstance` is destroyed, preventing a potential
memory leak.
This commit adds a new mechanism to emulate a node reset on
`Nexus::Node`. This is realized by resetting all platform components
while ensuring the non-volatile `mSettings` remains unchanged, then
reinitializing the `ot::Instance` by invoking its constructor.
This is used to add a new `test_full_network_reset` test, which
emulates a full simultaneous reset of all nodes in a large network,
tracking how long it takes for the network to stabilize after the
reset event.
This commit introduces `otBorderRoutingGetInfraIfInfo()` to get the
interface index and running state of the configured infrastructure
interface. A corresponding CLI command is also added to retrieve this
information.
This commit introduces `Mle::RetxTracker`, a new nested class that
encapsulates the state and logic for managing MLE message
retransmissions. It specifically handles retx of Child Update and
Data Request messages sent from a child to its parent, as well as the
periodic keep-alive Child Update tx from an rx-on-when-idle child.
This change centralizes all retransmission logic within
`RetxTracker`, replacing direct state manipulation and leading to a
cleaner, more modular design.
This change also includes the following improvements and fixes:
- The retransmission timeout (`kUnicastRetxDelay`) now includes a
small random jitter.
- Fixes the logic for tracking the number of transmission attempts,
ensuring the child detaches after `kMaxAttempts` (4) are reached.
The previous code would incorrectly try one additional time
(5 attempts).
- Tracks the transmission time of Data Requests and Child Updates
separately. This ensures that periodic keep-alive Child Updates are
sent at the correct time, even after a recent Data Request
transmission.
- The `RetxTracker` is designed to be extensible for managing
retransmissions of other message types in the future.
This commit updates the `Nexus::Node` to initialize platform-specific
components first. This is achieved by defining them in a `Platform`
struct, which is inherited before `ot::Instance`.
This change ensures all platform components are ready and can be
safely used from the `Instance` constructor and any of its
sub-components.
This commit updates the wait time in the `test_mdns` unit test to
handle a rare timing failure.
When a truncated message is sent, mDNS is expected to wait for a
random delay of at least 400ms. The test previously waited exactly
400ms before checking for emitted messages, leading to rare failures
if the random delay was precisely 400ms.
This change reduces the test's wait time to 399ms, ensuring it
correctly verifies that no message is emitted during the initial
delay period and making the test more robust.
Previously we were relying on the platform to call
`otPlatInfraIfDiscoverNat64PrefixDone` to trigger the evaluation of
NAT64 prefix. Since
https://github.com/openthread/openthread/pull/11481, we're no longer
doing proactive DNS-based prefix discoveries and it never calls the
callback `otPlatInfraIfDiscoverNat64PrefixDone`.
That means NAT64 evaluation can only happen when
`RoutingManager::EvaluateRoutingPolicy` is triggered, which can cause
a at most 3-minute delay (`kRaBeaconInterval`), between enabling NAT64
feature and the feature starts to work.
This commit triggers the evaluation of routing policy when
`Nat64PrefixManager::Discover()` fails to ensure the feature starts to
work on time.
The definition of sMicroTimer and sRealTimeSignal are wrapped by the
__linux__, OPENTHREAD_CONFIG_PLATFORM_USEC_TIMER_ENABLE and
!OPENTHREAD_POSIX_VIRTUAL_TIME. But the code using these two
variables is not completely wrapped by these three macros. It causes
the compile errors in some conditions.
This commit wraps all the code that uses these two variables with
these three macros.
This commit updates `Mle` to ensure that a device ignores a
received "Child Update Request" message if it is currently detached.
This prevents the device from sending a "Child Update Response" in
this state. This behavior is particularly important when a device is
trying to restore its previous role as a router or leader.
This commit introduces new `Mainloop` helper functions. These helpers
can be used to update or check the read, write, and error file
descriptor sets (`fd_set`) or the timeout value within a
`Mainloop::Context`.
This commit refines the logging of local host address events in the
`Mdns` module.
Address update events signaled from the platform layer are now logged
at the `Debug` level instead of `Info`. This avoids excessive logging
from platform implementations that use periodic polling for address
monitoring.
Instead, after the events are processed, an `Info` level log is now
generated only if the address list has changed. This new log
specifies which addresses were added or removed. Additionally, the
format for IPv4 addresses (tracked as IPv4-mapped IPv6 addresses) is
updated to use the standard dotted-decimal notation, making the logs
easier to read.
This commit adds a netlink-based address monitoring strategy,
`OT_POSIX_MDNS_ADDR_MONITOR_NETLINK`, to `Posix::MdnsSocket`. This is
provided as an alternative to the periodic poll-based approach
introduced in PR #11641.
With this model, `MdnsSocket` reports the initial list of IPv4/IPv6
addresses on the infrastructure network interface. It then uses a
`NETLINK_ROUTE` socket to listen for `RTM_NEWADDR` and `RTM_DELADDR`
events, signaling any subsequent address changes to the mDNS module.
This commit contains various enhancements to the `Otns` class:
- Makes `Otns` methods non-static. This aligns their use with the
clang-tidy `readability-static-accessed-through-instance` check,
which disallows accessing static methods through an instance.
- Updates the `make-pretty` script to enable OTNS and include it in
`clang-tidy` checks.
- Adds a stub implementation of `otPlatOtnsStatus()` in the simulation
and fake platforms. This allows the OTNS feature to be enabled in
`make-pretty` builds and covered by GitHub Action CI checks.
- Simplifies the `EmitStatus` methods to use the `String` class for
constructing the status string.
- Adds a new helper method to construct the CoAP status string,
removing duplicated code.
This commit introduces an initial implementation in `Posix::MdnsSocket`
to monitor and report all IPv4 and IPv6 addresses assigned to the
infrastructure network interface. This mechanism is used by OpenThread's
native mDNS module and was added in PRs #11353 and #11394.
A new configuration, `OPENTHREAD_POSIX_CONFIG_MDNS_ADDR_MONITOR`, is
added to select the monitoring strategy. This commit implements the
`OT_POSIX_MDNS_ADDR_MONITOR_PERIODIC` approach, where `getifaddrs()`
is used to enumerate addresses periodically. The polling interval
is configured by `OPENTHREAD_POSIX_CONFIG_MDNS_ADDR_MONITOR_PERIOD`.
Note that the OpenThread mDNS module itself tracks the list of
reported addresses and will only take action when there is a change
from what was previously announced. This allows the platform to
simply report the full list of current addresses at each interval.
This commit fixes formatting issues in the netdata CLI README files to
improve clarity and correctness of the documentation.
The changes include:
- Adding the '>' prompt character to CLI command examples where it was
missing.
- Specifying 'bash' as the language for code blocks to enable proper
syntax highlighting.
- Remove an extra colon
This commit rearranges the method and member variable declarations in
the `Posix::MdnsSocket` class to follow the recommended order, i.e.,
methods before member variables.
This commit enhances the `Srp::Client` "single service mode". This
mode is enabled when a prepared SRP update message exceeds the IPv6
MTU size. In this mode, the client registers its services one by one,
with each SRP update containing only a single service.
The implementation is simplified by changing the `mSingleServiceMode`
flag from a persistent member variable of the `Client` class to a
field within the `MsgInfo` struct, making its scope
message-specific.
State transitions are now correctly applied to host and service
entries when operating in single service mode. This, in turn, helps
ensure that SRP message transaction IDs are managed correctly: the
same ID is used for retries of an unchanged service, while a new ID
is used if the service information has changed.
Finally, a new test case, `TestSrpClientSingleServiceMode`, is added
to `test_srp_server` to cover this behavior and its associated retry
logic in detail.
This commit updates the `MessageQueue` and `PriorityQueue`
implementations to use non-circular doubly linked lists instead of
the previous circular ones. Using a non-circular list requires the
queue to track the head element, but it simplifies common operations
like getting the head and iterating over the messages.
Particularly, `Message::GetNext()` now simply returns the `mNext`
pointer. Previously, `Message` had to store a pointer to its `mQueue`
within its `Metadata` to identify the tail of the queue and stop the
iteration correctly.
This commit also updates the unit tests. In particular,
`test_priority_queue` is significantly enhanced to cover many
scenarios, such as multiple messages with the same priority, and
messages with different priorities being added and removed in various
orders.
This commit updates the SRP client message ID assignment model.
Message IDs are now selected randomly, ensuring they differ from the
last ID used. The same message ID is reused when a message is
retried.
This replaces the earlier design where all messages, including
retries, used sequential message IDs.
The unit test is also updated to validate the new behavior.
This commit introduces new public APIs to register a `TxCallback` on a
message to be notified of its transmission outcome.
The callback is invoked with an error code indicating the transmission
status of the IPv6 message to an immediate neighbor (a one-hop
transmission). It does not indicate that the message was received by
its final, multi-hop destination.
For a unicast IPv6 message, a success (`OT_ERROR_NONE`) indicates that
the message, including all its corresponding fragments if applicable,
was successfully delivered to the immediate neighbor and a MAC layer
acknowledgment was received for all fragments. This is reported
regardless of whether the message is sent using direct or indirect
transmission (e.g., to a sleepy child via CSL or a data poll).
For a multicast message, an `OT_ERROR_NONE` status indicates that the
message and all its fragments were successfully broadcast. Note that
no MAC-level acknowledgment is required for a broadcast frame
transmission.
This commit updates `SendMessage()` to initialize the `msgType`
variable before the `switch` statement.
This change addresses a compiler warning for a possibly uninitialized
variable, flagged by `-Werror=maybe-uninitialized`.
Note that the situation where `mState` would be an undefined value is
not technically possible in the current logic. However, the compiler
cannot guarantee this and therefore generates a warning. Initializing
the variable upfront resolves this issue.
This commit modifies `Message::SetPriority()` to prevent changing a
message's priority after it has been enqueued in a `PriorityQueue`.
Attempting to do so will now return `kErrorInvalidState`.
The functionality for altering the priority of an already-enqueued
message is not currently used or required. Should this behavior
become necessary in the future, the recommended approach is to
explicitly dequeue the message first, then change its priority, and
finally re-add it to the queue. This makes the intended behavior
clearer and more explicit within the code.
This commit also updates the `test_priority_queue` unit test to
reflect this change.
This commit simplifies the code by removing the `kReattachStart` state
from the `ReattachState` enumeration. This enum is used after MLE
`Start()` to track whether to attempt to attach using a persisted
Active or Pending Dataset.
Previously, `kReattachStart` was a transitory state set in `Start()`
and then changed in the `Attach()` method to either `kReattachActive`
or `kReattachStop`, based on whether the device had a saved Active
Dataset.
This change simplifies the code by determining the state directly in
`Mle::Start()`, which allows for the removal of the now unnecessary
`kReattachStart` case.
This commit introduces the `Dhcp6PdClient` class, which implements
DHCPv6 Prefix Delegation (PD) client functionality. It integrates
with `BorderRouter::RoutingManager` and its `PdPrefixManager`
sub-component. The CMake `OT_BORDER_ROUTING_DHCP6_PD_CLIENT` mapped
to `OPENTHREAD_CONFIG_BORDER_ROUTING_DHCP6_PD_CLIENT_ENABLE` config
enables this feature.
Previously, the platform layer was expected to implement client
functionality, acquiring and providing the delegated prefix(es) to
the OT stack using `otPlatBorderRouter*` callbacks. This approach
continues to be supported. The `Dhcp6PdClient` feature adds native
support for this functionality in the OpenThread core.
The `Dhcp6PdClient` implementation follows RFC 8415, focusing on
prefix delegation and all required behaviors. The client follows the
standard four-message Solicit/Advertise/Request/Reply exchange to
obtain a delegated prefix, followed by a two-message Renew/Reply or
Rebind/Reply exchange to extend the lifetime of the delegated prefix.
When the prefix is no longer needed, a two-message Release/Reply
exchange ends its lease. The current client implementation does not
support the optional "Reconfigure Accept" mechanism.
A set of `otPlatInfraIfDhcp6PdClient*` platform APIs are also
introduced for use by the `Dhcp6PdClient`. These APIs are used to
enable or disable listening for DHCPv6 messages and to handle sending
and receiving them on the standard client and server UDP ports
(546 and 547), effectively acting as a UDP socket.
This commit also includes a comprehensive unit test covering various
aspects of `Dhcp6PdClient`, including common behaviors and many
specific edge cases.
This commit simplifies the `Message::Metadata` so that it no longer
tracks the `MessagePool`. Instead the `Message` now tracks the
`ot::Instance` it is associated with and acts as a `GetProvider`,
allowing access to any component within `Instance`, including
the `MessagePool`.
This commit enhances how changes in the number of reachable peer
Border Routers (BRs) are tracked and signaled. This tracking is
handled by `RxRaTracker` and utilized by the `MultiAilDetector` to
determine if BRs are connected to different AILs.
The `RxRaTracker::DecisionFactors` class now includes and tracks
`mReachablePeerBrCount`. This value is updated in the `Evaluate()`
method, which is invoked upon any change to the internal state
tracked by `RxRaTracker` (e.g., changes in discovered prefixes or
routers). This ensures that any change in the number of peer BRs is
promptly detected and signaled to other sub-components, allowing them
to update their state or take necessary actions.
This commit updates how `MdnsSocket::SendQueuedMessages()` iterates
over the message queue. The iteration is changed to get the next
message before processing the current one. This is necessary because
the current message may be dequeued and freed within the loop, which
would invalidate the pointer to the next message.
This commit moves the `Mle::AnnounceHandler` methods to be located
together in the same section.
The `AnnounceHandler` sub-component was added in a previous commit,
but its methods were intentionally left in their original locations
to keep the `git diff` small and easy to review. This change simply
relocates the methods to their proper place and includes no logical
modifications.
This commit addresses an issue where the fractional part of the ping
average round-trip time (RTT) was not consistently formatted.
Previously, it used ".%u" with `(avgRoundTripTime % 1000)` which
could omit leading zeros for fractional values. It now uses ".%03u"
to ensure three digits are always displayed, padding with leading
zeros when necessary.
Fix the initialization order in ProcessRadioUrl() to ensure that
configuration files are loaded before region settings are applied.
Previously, the region code was set before configuration files
(product-config-file and factory-config-file) were processed. This
caused region-specific settings such as target power to be applied
from stale configuration data rather than the newly loaded
configuration file.
The fix reorders the parameter processing sequence:
1. Basic radio parameters (fem-lnagain, cca-threshold)
2. Configuration file loading (product-config-file, factory-config-file)
3. Region setting (region)
4. Other parameters (bus-latency, max-power-table, coex settings)
This ensures that when a region is set, it will use the correct
configuration data from the newly loaded files, allowing region-specific
power settings and other parameters to be properly refreshed.
Change-Id: Idcf16d194eea65d3efe3ae380d6fa90e71bd5499
It would be easier to use OpenThread public headers if they are
self-contained and follows the IWYU style guide. This commit fixes some
style issues to make the public headers self-contained and IWYU. The
existing pretty check is also extended to verify the OpenThread public
headers are self-contained and follows IWYU.
With the router restoration, longer delay is expected. This commit
defines the router restoration delay and apply it on the unstable test
case Cert_5_1_05_RouterAddressTimeout.
This commit renames DHCPv6-PD related types and methods in
`RoutingManager` to consistently use the `Dhcp6Pd` term.
This commit also updates the related unit test in
`test_routing_manager`. The test is renamed to `TestDhcp6Pd()`, and
the code style is updated to align with other test cases in the same
file. No changes are made to the actual test steps or what is covered
by the test itself. The method for reporting PD prefixes to the
OpenThread stack is modified within the unit test. Instead of using
`otPlat` APIs, `RoutingManager` methods are now directly invoked.
This helps make the unit tests independent of the configuration,
allowing for more flexible models where platform-provided APIs may
not be provided (e.g., DHCPv6 client as part of OpenThread code).
This commit adds the `Option::Iterator` class for searching for and
iterating over DHCPv6 options with a specific code within a message.
The iteration can cover the entire message or be constrained to a
given `OffsetRange`.
The `Option::Iterator` is used to simplify the `Dhcp6::Client` and
`Dhcp6.Server` implementations, particularly when iterating over
`IaAddressOption`s within an `IaNaOption`.
This commit adds a destructor for `SecureTransport` that closes the
socket, and disconnects and removes any tracked sessions.
Removing the sessions ensures that the `SecureSession` instances and
any data allocated within them are properly freed. This handles the
case where the `otInstance` itself is destroyed, ensuring that all
heap-allocated items are cleaned up correctly to prevent memory
leaks.
This commit introduces the `AnnounceHandler` class within `Mle` to
encapsulate logic for handling Announce messages. This change
simplifies the `Mle` module and makes the code easier to read and
follow.
The `AnnounceHandler` class handles received Announce messages with a
newer timestamp and different channel and/or PAN ID. It can delay
processing to collect and handle subsequent Announce messages.
It also manages starting the "announce attach" process, where the device
attempts to attach using the parameters from a processed Announce
message.
- If the attach is successful, this class sends an Announce on the old
channel to inform other devices. This is done immediately after
attaching as a MTD child or after a router transition attempt
completes (on FTD).
- If the attach fails, the class ensures the channel and PAN ID are
restored to their original values.
In particular, the new `AnnounceHandler` uses its own `Timer` to delay
the start of an announce attach. Previously, the `AttachTimer` was
repurposed for this, in addition to its use for attach state
management.
This commit updates and enhances the parsing and generation of the
DHCPv6 DUID in Client/Server Identifier Options.
DHCPv6 DUIDs can be specified in a variety of ways, and clients and
servers must treat them as opaque values that are compared for
equality. This change adds an `Eui64Duid` type to represent a DHCPv6
DUID based on the EUI-64 Link-Layer address format (DUID-LL).
A set of common helper methods are added to parse, match, and append
the DUID in a Client or Server Identifier option:
- `ReadDuid()`: Reads the raw DUID as a blob of data.
- `ReadAsEui64Duid()`: Reads a DUID, validating that it follows the
DUID-LL format, and parses the EUI-64 address.
- `MatchesEui64Duid()`: Reads a DUID and checks that it matches a
given EUI-64 address.
- `AppendWithEui64Duid()`: Appends a Client/Server ID option with a
DUI using the DUID-LL format.
This commit also introduces `Option::AppendOption()` which appends a
DHCPv6 Option with a given code and data to a message.
These methods are then used to simplify the `Dhcp6::Server` and
`Dhcp6::Client` code.
This will avoid the problem that scope id or ifindex remains 0 for a
link-local transmission. If 0, the OS cannot decide which network
interface to use based on address alone.
This aims to fix some instances in core/tcp6 and posix/udp where the
complete struct was not initialized. In otPlatUdpJoinMulticastGroup
and otPlatUdpLeaveMulticastGroup an explicit redundant setting to '0'
is added just for clarity for people reading the code.
This commit adds some new statistics for ePSKc to show the time
duration of various sub process during the credential sharing.
A Nexus unit test is added to verify the stats are counted correctly.
A few small points to be noted:
* The `StopReason` which was used internally in `EphemeralKeyManager`
is renamed as `DeactivationReason`, defined as public and is mapped
to the public enum `otHistoryTrackerEpskcDeactivationReason`.
* The original reason `Timeout` is renamed to `SessionTimeout` to
indicate this is a timeout of the secure session. This is to
differentiate with the epskc mode timeout.
* A new reason `EpskcTimeout` to indicate the timeout is due to epskc
mode timeout.
The log message "No domain name servers found in %s, default to
127.0.0.1" is misleading because the code does not actually default to
127.0.0.1 if no nameservers are found.
This commit updates the log message to accurately reflect the
behavior.
This commit simplifies the processing of PD prefixes provided by the
platform to `PdPrefixManager`. The platform can report DHCPv6 PD
prefixes in two ways: through a Router Advertisement (RA) message
containing Prefix Information Options (PIOs) or by providing a PD
prefix directly.
Previously, these two paths were processed in a single method, which
made the code harder to read and follow. This commit refactors the
logic to separate these two paths while using common helper methods.
This change introduces `EvaluateCandidatePrefix()`, which evaluates a
single candidate prefix and tracks the most favored one. After all
candidates are evaluated, `ApplyFavoredPrefix()` is called to apply
the most favored prefix and update the current PD prefix if
necessary.
This commit introduces new helper methods for DHCPv6 Option parsing
and generation.
- It adds `Option::FindOption()` to search and parse the first DHCPv6
option with a given code within a specified range of a `Message`.
- It also adds `Option::UpdateOptionLengthInMessage()`, which updates
the Option length in a message based on the number of bytes
appended, simplifying the appending of variable-length options
(e.g., `IaNaOption`, which can contain multiple sub-options).
- Additionally, `StatusCodeOption::ReadStatusFrom()` is added to read
the status code from a Status Code Option in a specified range
within a `Message`. The absence of a Status Code option implies
success.
- Helper methods to search for and append `RapidCommitOption` are also
included.
These new helper methods are then used by `Dhcp6::Server` and
`Dhcp6::Client`, simplifying the code, particularly for processing
options in received DHCPv6 messages.
This commit also adds a new `test-036-dhcp-prefix-netdata.py` test to
validate the publishing of prefixes with the DHCP flag in Network
Data and the behavior of the DHCPv6 client and server.
This commit enhances the TREL module to manage mDNS/DNSSD service
registration and peer discovery (browse and resolving for TREL
services). This feature can be controlled through
`OPENTHREAD_CONFIG_TREL_MANAGE_DNSSD_ENABLE` (and/or the CMake option
`OT_TREL_MANAGE_DNSSD`).
When enabled, TREL will utilize the `Dnssd` module, which provides
mDNS-related APIs. This can be tied to OpenThread's native mDNS
implementation or to `otPlatDnssd` (i.e., provided by the platform
layer).
This commit also adds support for the TREL platform in the `Nexus`
test framework and uses this to add a detailed `test_trel` case. This
test covers basic TREL peer discovery and operation, along with
specific scenarios such as peer removal delay, delayed mDNS start,
TREL service name conflict resolution, host address changes, and
supporting multiple services on the same host (while unlikely in
actual deployments, this can be useful for testing and simulation
where a single machine may act as multiple Thread nodes, thus
advertising multiple TREL services from the same hostname. This is
explicitly supported by the implementation and covered in the
tests).
This commit adds a destructor for `SecureSession` which ensures the
freeing of any mbedTls allocated items. This addresses memory leaks
detected by fuzzer tests when `otInstance` is destroyed, though this
situation is unlikely in typical OpenThread stack integrations.
This commit adds destructors for `MessageQueue` and `PriorityQueue`.
This ensures that allocated `Message` instances in different queues
are freed when the `ot::Instance` is destroyed.
This commit updates the `Notifier` to directly signal events to
`BackboneRouter::Leader`, `Dhcp6::Server`, `Dhcp6::Client`, and
`NeighborDiscovery::Agent`. These classes were previously notified
indirectly through `Mle::HandleNotifierEvent()`.
This commit enhances the POSIX platform configuration system to support
dynamic configuration file paths at runtime instead of only build-time paths.
ConfigFile class:
- Replace const char* mFilePath with char mFilePath[kFilePathMaxSize] to allow
dynamic path updates after construction
- Add SetFilePath() and GetFilePath() methods
- Update constructor to use SetFilePath() with proper bounds checking
Configuration class:
- Add SetFactoryConfigFile() and SetProductConfigFile() methods to update
factory and product config file paths
Radio URL parameter support:
- Add support for 'product-config-file' parameter in radio URL
- Add support for 'factory-config-file' parameter in radio URL
This commit contains style fixes and smaller enhancements in
DHCP6-related definitions and types. Mainly, the DHCP6 `Option`
sub-classes are renamed to include the `Option` suffix
(e.g., `IaAddressOption`), harmonizing the naming style with `Tlv`
and other `Option` classes (e.g., `Nd6` or `Dns` options).
This commit modifies the TREL module to explicitly request TREL acknowledgements
for broadcast transmissions directed to known neighbors. This ensures quicker
discovery of when a TREL peer is no longer available.
This commit updates `Nexus` simulation platform to implement and
emulate `otPlatMdns` APIs. This allows Nexus test cases to be
written which require and use the OpenThread's native mDNS.
This commit also enhances `test_border_agent` to validate that the
Border Agent's registered `_meshcop._udp` can be queried and
resolved (using mDNS) from other devices.
Added comprehensive Python virtual environment setup guide to the
cp-caps README.md file.
This includes detailed sections for creation, activation, dependency
installation, and deactivation of virtual environments to help users
properly set up their testing environment and avoid package conflicts.
This commit adds `TypeTraits::IsUint<Type>` and `IsInt<Type>` to
determine (at compile time) whether a given `Type` is an unsigned or
signed integer type (8, 16, 32, or 64 bit length). These help
simplify `static_assert()` checks in template methods that work
with integer types.
This commit updates `test_publish_meshcop_service` to relax the checks
when verifying mDNS browse response. Specifically, after `br1` is factory
reset, the Border Agent and other functions are not given the chance
to stop properly and remove previously registered mDNS entries. This
can result in stale entries remaining in the mDNS cache, leading to
more service entries appearing in `browse` results. This commit
relaxes the check from `assertEqual` to `assertGreaterEqual`,
allowing the test to pass when additional entries are observed.
This commit updates the DNS-SD server to support responding to SOA and
NS record queries (including `ANY` record type queries) for the
default service domain. The recommended values for SOA record data
from RFC-8766 section 6.1 are used. The server name included in
SOA/NS answers is derived from the Extended Address of the device,
ensuring it remains fixed and consistent over reboots as long as the
device's Extended Address stays the same.
A new detailed test case is added in the `test_dns_client` unit test
to cover all the newly added behavior.
Currently, if the platform has no upstream DNS server configured,
upstream DNS query will eventually time out. This can lead to delays
in responding to the DNS client.
The new otPlatDnsIsUpstreamQueryAvailable API provides a mechanism for
the platform to proactively signal the unavailability of upstream DNS.
This commit updates `Trel::Peer` and `PeerTable` to allow scheduling a
`Peer` for removal from the table after a given delay. This enables
smoother peer removal, especially for transient issues, by avoiding
abrupt disconnections.
To implement this, a `State` has been added to the `Peer` class,
tracking whether a peer is in `kStateValid` or `kStateRemoving`. If a
peer scheduled for removal is discovered again, it will be re-added
and marked as valid. Logging is also updated to show these new state
transitions. Additionally, `EvictPeer()` is updated to prioritize
evicting peers already scheduled for removal.
To ensure consistent API behavior, peers that are scheduled for
removal are skipped when iterating over the peer table using
`otTrelGetNextPeer()` or `otTrelGetNumberOfPeers()`.
This adds comments to DNS types, to ensure that official names from
the IANA DNS parameters registry can be found in the OT source code
when starting to search from that starting point. This will make
development and code analysis easier for those not familiar with OT,
or coming from the DNS world. The IANA names (which may deviate from
RFC names) are from: https://www.iana.org/assignments/dns-parameters
This commit updates the DNSSD server/resolver to ensure it includes
the questions in the response message when the returned RCODE is
`NameError` (NXDOMAIN). It also clears the question count and any
partially appended content if there is a failure to append all
questions (when `kResponseServerFailure` (SERVFAIL) is returned).
It also adds a test case in `test_dns_client` to resolve a
non-existent name and validate the included questions.
Previously, the `VerifyOrExit()` macro's condition caused clang-tidy to
issue issue false positives regarding "boolean readability," suggesting
simplifications via De Morgan's Theorem. This occurred because the macro
wrapped the entire condition and then checked its negative.
This commit refactors the macro to evaluate the condition directly, which:
1. Eliminates the erroneous clang-tidy warnings.
2. Potentially enhances CPU branch prediction performance, as the
condition is more likely to evaluate to true.
This commit updates `BorderAgent::PrepareServiceTxtData()` to include
the "rv" key. This key represents the version of the TXT record
format. Per the Thread specification, it must be set to "1". Values
other than "1" are reserved for the future and MUST NOT be used.
This commit also updates `test_border_agent` to validate this key.
This commit addresses a defect in the Resolver::Query function where
it would error out if the attempt to send a DNS query to any single
configured server failed. This could lead to query failures even if
other DNS servers were available and operational.
This commit introduces `TxtData` and `TxtDataEncoder` as nested types
in `Trel::PeerDiscoverer`. These classes handle the decoding and
encoding of TXT data for the TREL service, separating this TXT
data-related logic from the rest of the code. This helps simplify the
code and enables future extensions, allowing the TXT data logic to be
used irrespective of how services are registered or discovered.
This commit introduces `PeerDiscoverer` as a class responsible for
TREL peer discovery, separating this logic from `Trel::Interface`.
The new class currently handles the preparation of TXT data, calling
the platform API to register the TREL service, and handling callbacks
from the platform layer with newly discovered or updated peer
information.
This separation helps with TREL module organization and enables future
extensions, such as performing discovery using the native OpenThread
mDNS module or the platform-specific DNS-SD (`otPlatDnssd`) module,
in addition to the existing approach where discovery is delegated to
the platform layer.
This commit introduces a new API to allow setting vendor-specific
extra TXT data to be included when the Border Agent advertises its
mDNS `_meshcop._udp` service.
The provided vendor TXT data is appended as given to the TXT data
generated by the Border Agent and included in the `_meshcop._udp`
mDNS service advertisement.
This vendor TXT data can be set at any time, regardless of the Border
Agent's state. Any change from a previously set value will trigger an
update of the registered mDNS service to advertise the new TXT data.
This commit also updates `test_border_agent` by generalizing and
simplifying the validation of the Border Agent's `_meshcop._udp`
service TXT data. The tests are also expanded to validate the
complete registered service TXT data, including the newly added
support for vendor-specific extra TXT data.
This commit allows to configure the link-local route's metric via
macro on Linux. By using a larger metric, we can prevent host
processes from accidentally sending traffic to Thread network
interface.
For example, when the mDNS daemon on the BR wants to respond to a `QU`
mDNS question, it will send the mDNS response to a link-local
address. In a multi-network environment, it could wrongly go to the
Thread network interface if the socket is not explicitly bound to the
desired interface.
This commit introduces `PeerTable` as a separate class to track TREL
peers, separating this logic from `Trel::Interface`. The peer table
uses `OwningList`, ensuring that `Peer` entries are properly freed
upon removal.
The logic for allocating a new peer is simplified, including the
mechanism to evict a peer to make room for a new one.
This commit also adds a new configuration option to allow TREL to use
heap-allocated `Peer` entries instead of a `Pool<Peer>` with a fixed
size. The `Peer` class now has a `Free()` method to ensure `Peer`
instances are properly freed, regardless of whether they are heap or
pool allocated. This, combined with the use of `OwningList`,
simplifies memory management.
To cover all configurations, `toranj` build configurations for the
POSIX platform are configured to disallow TREL heap usage, while
`toranj` configurations for the simulation platform enable it.
This commit updates `BorderAgent` modules to directly manage the
registration of mDNS MeshCoP services. Previously, this was the
responsibility of the platform or higher-level code. This behavior is
enabled using `OPENTHREAD_CONFIG_BORDER_AGENT_MESHCOP_SERVICE_ENABLE`
configuration option.
When enabled, the `BorderAgent` module itself will register the
`_meshcop._udp` service name with properly formatted TXT data. As the
state changes, the service registration is updated accordingly.
If the ephemeral key feature is enabled and used, the `BorderAgent`
will also manage the registration of the `_meshcop-e._udp` service.
The implementation allows the service instance name to be configured
in different ways. The Thread specification recommends using a
user-friendly name, such as "<VendorName> <ProductName>". The
name can be set using a newly added configuration option, or
alternatively, using a newly added public API for projects where the
name needs to be set at run-time after device initialization.
This commit also updates `test_border_agent`, validating all the
newly added behaviors related to MeshCoP service registrations.
In `PerformNextRegistration()`, there are many reasons why no
registration message will be sent. For example, device is not attached
or there are no DUAs to register.
This commit suppresses warn-level log messages when no registration
message is expected and normal behavior.
This commit contains smaller changes related to the TREL `Peer` class
and the parsing of TXT data within the `PeerInfo` class.
The `Peer` class definition is now moved into its own `trel_peer.hpp`
and `trel_peer.cpp` header and source files, separating it from the
`Trel::Interface` class. Additionally, the `Log()` method within the
`Peer` class has been enhanced (now using an `Action` enum).
The `PeerInfo` class remains a nested class of `Interface` and now
provides a `ParseTxtData()` method to parse the included TXT data
entries.
This commit updates the internal data structure used for tracking TREL
peers. Peer tracking now uses a `LinkedList` of `Peer` objects
allocated from a pre-allocated `Pool<Peer>`, instead of using a
fixed-size `Array<Peer>`.
This change allows for future enhancements, such as using
heap-allocated `Peer` entries and/or extending the `Peer` object to
track additional (dynamically allocated) information.
This commit relaxes the parsing of TREL TXT data entries to allow
extra bytes to be present at the end of a value.
Currently, these extra bytes are simply ignored. This change provides
safer forward compatibility, allowing for future additions to the
format of the TXT data entries.
This commit moves and enhances the `TxtDataEncoder` class, relocating
it to the common `dns_types.hpp` header file.
The new `TxtDataEncoder` provides helper methods to append TXT entries
with a variety of value types, including `NameData`, C-strings, or an
unsigned integer (in big-endian format). This enhanced encoder is
then used by the `BorderAgent` when preparing MeshCoP TXT data and
also by the TREL module.
This commit relaxes the `SocketHandle::Matches()` method to allow a
socket associated with `kNetifUnspecified` to match when
`IsHostInterface()` is set. This is in addition to the existing
behavior of matching a backbone socket under the same condition.
This commit simplifies the preparation of the State Bitmap, which is
included in the Border Agent's TXT data using the `sb` key.
Specifically, constants for field values are now directly used to
construct the `uint32_t` bitmap, making the process more
straightforward.
Additionally, relevant constants are converted to use `static
constexpr`, avoiding the use of unnamed `enum` definitions.
This commit updates how the "ConnectionMode" field is set in the
Border Agent State Bitmap, which is advertised as the value of the
`sb` TXT key. In particular, when the Border Agent service is stopped
and therefore not accepting any connections, the value of this field
is now set to `kConnectionModeDisabled` to indicate this.
This commit also updates and enhances `test_border_agent` to validate
the State Bitmap entry in the TXT data, covering cases where the
device role changes or ePSKc support is enabled/disabled.
This commit adds a new API to allow the Border Agent service to be
enabled or disabled. By default, the Border Agent service is enabled
when the `OPENTHREAD_CONFIG_BORDER_AGENT_ENABLE` feature is used.
This new API allows the user to explicitly control its state. This
can be useful in scenarios such as:
- The user code wishes to delay the start of the Border Agent service
(and its mDNS advertisement of the `_meshcop._udp` service on the
infrastructure link). This allows time to prepare or determine
vendor-specific TXT data entries for inclusion.
- Unit tests or test scripts might disable the Border Agent service to
prevent it from interfering with specific test steps. For example,
tests validating mDNS or DNS-SD functionality may disable the
Border Agent to prevent its registration of the MeshCoP service.
This commit also adds a corresponding CLI command for the new API and
updates `test_border_agent` to validate this functionality.
This commit updates the mDNS service registration to allow services
for the local host. The `mHostName` field in an `otMdnsService`
structure can now be set to `NULL` to indicate that the service
if for the local host.
The `test_mdns` unit test is also updated to verify this new
functionality.
This commit updates the `BorderAgent` to ensure that if its `Id` is
changed using the `SetId()` method, any consequent changes to the
generated TXT data for the MeshCoP service are correctly signaled.
This signaling is performed using the "Service TXT Data changed
callback". This commit also updates `test_border_agent` to validate
this.
This commit updates `BorderAgent` method and variable names to use
shorter forms where possible. Specifically, the term `MeshCoP` is
removed from many variable and method names, as the `BorderAgent`
class itself is already defined within the `MeshCoP` namespace.
This commit is purely a style and naming change and contains no
modification to the code logic.
This commit updates the DNS-SD `Server` implementation to support
queries for the `ANY` record type. This is supported whether a query
is resolved using the SRP server or the OpenThread native Discovery
Proxy.
When a query is resolved using the SRP server database, all known
records that match the query name and type are included in the
response (e.g., AAAA and KEY records for a hostname; SRV, TXT and
KEY records for a service instance name; and PTR records for service
type or sub-type query names).
Note that unlike mDNS, where an `ANY` query is expected to elicit all
known matching records, in the case of a unicast DNS query for `ANY`,
the response is only required to contain at least one matching
record, not necessarily all of them. This will be the behavior when
the Discovery Proxy is used to resolve a unicast DNS `ANY` query
(i.e., once the first answer is received from the Discovery Proxy
(mDNS), a response is prepared and sent to the client).
The unit tests `test_dns_client` and `test_dnssd_discovery_proxy` are
updated to validate the new `ANY` query behavior.
This commit adds a safeguard check in `Mle::HandleTimeTick()` to
protect against cases where scheduling or sending a Link Request
message to a new neighboring router fails. This can happen, for
example, if the device is temporarily out of message buffers.
This scenario is determined by checking if `router.IsStateLinkRequest()`
is true, there is no Link Request message scheduled to be sent to
this router, and the device is not waiting for a Link Accept
(`!router.IsWaitingForLinkAccept()`). In such a case, the neighbor is
removed using `RemoveNeighbor()`.
This commit adds implementation for RDATA translation in the
OpenThread native discovery proxy. Specifically, for certain record
types (like CNAME) where the record data includes one or more
embedded DNS names, this translation applies. If the embedded DNS
name in RDATA uses the local mDNS domain (`local.`), it is replaced
with the corresponding domain name for the Thread mesh network
(`default.service.arpa.`). Otherwise, the name is included unchanged
in the record data.
A new method, `AppendTranslatedRecordDataTo()`, is added to perform
this translation. It utilizes the `DataRecipe` table, similar to
`DecompressRecordData()`, to parse the record data and update the
embedded DNS names as needed.
The `test_dnssd_discovery_proxy` unit test is updated to cover the new
record data translation behavior.
This commit refactors the `ThreadLinkInfo` definition by moving it
into its own dedicated header (`thread_link_info.hpp`) and source
(`.cpp`) files. Previously, this definition was part of
`mesh_forwarder.hpp`.
This change simplifies the overall code structure. It also allows the
new `thread_link_info.hpp` header to be included by other modules,
such as `message.hpp`, thereby avoiding the need for forward
declarations.
This commit introduces a template helper `AppendServiceRecords()`
designed to append service-related records (SRV, TXT, and host
AAAA addresses) to the appropriate sections within a DNS `Response`
message.
This helper simplifies the codebase by removing repeated patterns.
These patterns occur when resolving queries using either SRP service
data or `ServiceInstanceInfo` retrieved from the platform (when the
platform implements discovery proxy function).
This commit contains a few smaller enhancements in the DNS-SD server
implementation:
- `ShouldForwardToUpstream()` now checks the `mEnableUpstreamQuery`.
- The `ResolveByUpstream()` method now handles its own error logging.
- Comments are added/updated to improve code readability.
This commit updates the DNS client to use `DecompressRecordData()`
helper method when processing `QueryRecord()` responses for
arbitrary record types.
This enables decompression of embedded DNS names within the received
record data for a wider range of record types. In particular, name
decompression is now supported for PTR, CNAME, DNAME, NS, SRV, SOA,
MX, RP, AFSDB, RT, PX, KX, and NSEC records.
This commit updates the DNS callbacks `HandleDnsBrowseResponse()`,
`HandleDnsServiceResponse()`, `HandleDnsRecordResponse()`, etc.,
to output an error if the query name is invalid or too long.
This change replaces previous `IgnoreError()` calls with specific
error handling code for these cases. This should help address CLI
Fuzzer test failures where long or invalid names might be generated
as CLI input.
This commit enhances the OpenThread DNSSD name server/resolver and its
native Discovery Proxy to support queries for arbitrary record
types.
To enable this, a new set of `otPlatDnssd` APIs are introduced for
generic `RecordQuerier`. These APIs mirror the existing APIs in the
OpenThread native mDNS module, allowing direct use of the native mDNS
implementation.
The discovery proxy implementation is updated to start and stop the
mDNS `RecordQuerier` when receiving a query for an arbitrary record
type, passing the first response record back to the client.
The unit tests `test_dnssd_discovery_proxy` and `test_dns_client`
are updated to cover all the newly added behaviors in discovery proxy.
This commit corrects the timing of Transmission Control Block (TCB)
re-initialization to ensure proper RST packet sending during TCP
connection aborts and to prevent potential issues due to incomplete
TCB cleanup.
This commit introduces the `MultiAilDetector` feature within the
`RoutingManager`. This feature detects whether Border Routers(BRs) on
the Thread mesh might be connected to different Adjacent
Infrastructure Links (AILs).
The feature can be enabled using the configuration option
`OPENTHREAD_CONFIG_BORDER_ROUTING_MULTI_AIL_DETECTION_ENABLE`.
The detection mechanism operates as follows: The Routing Manager
monitors the number of peer BRs listed in the Thread Network Data and
compares this with the number of peer BRs discovered by processing
received Router Advertisements (RAs) on its local AIL.
If the count derived from Network Data consistently exceeds the count
derived from RAs for a detection period of 5 minutes, the detector
concludes that BRs are likely connected to different AILs. This
triggers a detection state change, and a registered callback is
invoked. To clear this state, a shorter window of 1 minute is used.
Public APIs and corresponding CLI commands have been added to allow
checking the current detection state and registering a callback for
state change notifications.
This commit also includes test coverage for the newly added feature.
With Thread 1.4 the cli application not can also (dns) resolve
IPv4 addresses. This commit adds the same support in otci
* dns_resolve4
Implements support for vendor operations in otci get/set
* vendor_name
* vendor_model
* vendor_sw_version
Implements network diagnostic commands
* get
* reset
* non_preferred_channels
Various other (small changes)"
* allow setting read timeout on serial connections
* allow replacing read routine filter
* expose latest thread versions in the public module api
* expand the definition of dns_get_config
* replaces mgmtget/mgmtset with the correct mgmtgetcommand and mgmtsetcommand
* replaces addressmode with the correct addrmode
* adds an `ignore_result` option to `execute_command`
* adds a missing `diag` command
* removes some unexisting getters
This commit updates the mDNS `RecordQuerier` to handle record types
where the RDATA contains one or more potentially compressed DNS
names. For these types, the reported record data is now decompressed
to include the full DNS names. This enhancement applies to the
following record types: NS, CNAME, SOA, PTR, MX, RP, AFSDB, RT, PX,
SRV, KX, DNAME, and NSEC.
To achieve this, a helper `ResourceRecord::DecompressRecordData()`
method is introduced. This method uses a "recipe" formula specific
to each supported record type. The recipe defines the number of
prefix bytes before the first embedded name, the number of DNS
names, and the minimum number of suffix bytes after the names. A
common implementation then uses this recipe to parse and decompress
the RDATA. This approach makes the implementation flexible and allows
for easier addition of new record types and formats in the future.
Unit test `test_dns` is updated to validate the newly added method.
This commit enhances the `openthread-posix-config.h` header by:
- Moving configurations defined in other headers
(`platform-posix.h`) into this common header.
- Making sure the section containing guard checks for removed or
renamed POSIX configurations is at the end of the header file.
This commit refactors the `Mle` modules and combines the `MleRouter`
and `Mle` classes into a single `Mle` class which now handles both
FTD and MTD functionalities.
The `MleRouter` and `Mle` classes were originally intended as
sub-classes, where the base class `Mle` would provide MTD and common
behaviors, and `MleRouter` would implement FTD-specific behaviors.
However, over the years and as new features were implemented, these
two classes became more intertwined, and the `Mle` class began to
include many FTD-related functions and interactions with `MleRouter`
private variables and methods.
This commit simplifies the code by combining the two into a single
class. The previous `mle_router.cpp` file is also renamed to
`mle_ftd.cpp` to indicate that it implements FTD-specific MLE
behaviors.
This commit introduces an API to iterate over the local host IPv6 and
IPv4 addresses known to the OpenThread mDNS module.
The platform layer is responsible for monitoring and reporting all
host IPv4 and IPv6 addresses to the OpenThread mDNS module, which
then tracks the full address list
(see `otPlatMdnsHandleHostAddressEvent()`). The newly added function
allows iteration through this tracked list, primarily intended for
information and debugging purposes.
This commit also adds a CLI command to utilize the new API.
Additionally, the `test_mdns` unit test has been updated to validate
the functionality of the newly added API.
This commit enhances the posix `otPlatAlarm` implementation by:
- Avoiding casting from unsigned int to signed int. While this usually
works, it's technically undefined behavior.
- Adding new `IsExpired()` and `CalculateDuration()` methods to avoid
unsigned to signed casting and simplify the code.
- Ensuring `static_cast<>` is used instead of C-style casts.
This commit adds the `-Wundef` compiler flag to the OpenThread core,
CLI, and NCP builds when configured for MTD, FTD, or Radio types.
This flag helps ensure that no undefined macros are used within the
source code, protecting against potential typos in conditional
compilation checks (`#if` checks).
Due to CVE-2025-27809, on newer versions of mbedtls, handshake
will fail unless hostname is set earlier.
TLS clients are not affected if they operate in a closed ecosystem
where the trusted certificate authority only issues certificates
to trusted hosts.
In this case, `mbedtls_ssl_set_hostname` with nullptr should
be called to avoid failures.
Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
This commit adds `ResourceRecord::UpdateRecordLengthInMessage()`
helper method in `dns_types.hpp`.
This common helper is then used in the SRP client, DNSSD server, and
mDNS modules, replacing similar methods previously implemented within
these modules.
This commit introduces an alternate mechanism for the platform layer
to signal local host address changes to the OpenThread mDNS module.
The existing approach, where the platform invokes
`otPlatMdnsHandleHostAddressEvent()` for each added or removed
address, remains supported.
The new approach allows the platform to call the newly added
`otPlatMdnsHandleHostAddressRemoveAll()` callback once, immediately
followed by invoking `otPlatMdnsHandleHostAddressEvent` for every
currently assigned IPv4 and IPv6 address on the interface.
These two approaches offer flexibility for platforms with varying
capabilities accommodating different operating systems and network
stacks. Some network stacks may provide mechanisms to identify the
added or removed addresses, while others may only provide the new
list upon a change.
The `test_mdns` unit test is updated to validate this newly added
mechanism.
This commit introduces a new feature in `Dns::Client` to support
sending DNS queries for arbitrary record types. Callers are notified
of received response via a callback. New methods are provided to
parse and read all records in the response. Public APIs and related
CLI commands for this new feature are also added.
The `OPENTHREAD_CONFIG_DNS_CLIENT_ARBITRARY_RECORD_QUERY_ENABLE` build
configuration is added to control this feature. This allows projects
that do not require arbitrary DNS query functionality to disable it,
avoiding its associated firmware code size overhead.
Importantly, if a retrieved record type is PTR, CNAME, DNAME, NS, or
SRV, the record data in the received response contains a DNS name
which may use DNS name compression. For these specific record types,
the record data is first decompressed such that it contains the
uncompressed DNS name. For all other record types, the record data is
read and provided as it appears in the received response message.
This commit simplifies how information about the message queue, such
as the number of messages, data buffers, or total bytes in the queue,
is retrieved. The `MessageQueue::GetInfo()` method is changed to
clear the passed-in `Info` structure (instead of adding the counts to
the existing fields and expecting the caller to clear it).
A new helper method, `MessageQueue::AddQueueInfos()`, is added to
aggregate queue information when needed.
Various modules, such as `MeshForwarder`, `Ip6`, and `Mle`, are
updated to provide methods to retrieve their queue information
instead of exposing a reference to their internal queues.
In particular, `Coap` is updated to provide combined information for
all its queues, including request and cached response queues. This
simplifies the `Instance::GetBufferInfo()` method, which retrieves
information about all queues across all components.
This commit renames methods related to reachability checks and the
sending of ICMP unreachable errors for better clarity and
consistency. The primary method for determining reachability is
renamed to `IsReachable()`. Methods that perform a reachability check
and, upon failure, send an ICMP unreachable error are renamed as
`CheckReachabilityToSendIcmpError()`, clearly indicating their
additional action of sending an ICMP error.
This commit simplifies the `Ip6::DetermineAction()` method, which
determines the appropriate actions (`forwardThread`, `forwardHost`,
`receive`) for an IPv6 message based on its destination address and
origin.
- The code now uses `ExitNow()` to exit the method as soon as a
specific action is determined. This avoids deeply nested `if/else`
blocks and makes the control flow easier to understand.
- Some negative conditional checks have been refactored into positive
checks with early exits. For example, a condition like `if
(!cond1 || !cond2)` that guarded further processing is now
expressed as `if (cond1 && cond2) { ExitNow(); }`, making the logic
more direct.
- New comments have been added to clarify more complex checks and
conditions within the method.
- The `RouteLookup()` method has been removed and its logic inlined
directly into `DetermineAction()`. This improves code readability
and allows for clearer distinction between forwarding to a host due
to Border Router functionality versus forwarding as a last resort
when no specific route exists.
This commit introduces the `DetermineAction()` method to refactor the
code within `HandleDatagram()`. This new method centralizes the logic
for determining the appropriate action (e.g., `forwardThread`,
`forwardHost`, `receive`) for an IPv6 message based on its
destination address and origin.
This commit only focuses on code refactoring and does not introduce
any changes to the existing message processing logic.
This method inspects a received message to perform two key actions:
- Updating the EID-to-RLOC cache (for snoop optimization) and
- Detecting whether a former child device has moved to a new parent.
The renaming clarifies the specific responsibilities of this method.
This commit simplifies the process of determining the destination MAC
address. Specifically, when the destination is a link-local unicast
address, the MAC address is derived directly from its Interface
Identifier (IID). This commit replaces and removes the
`GetMacDestinationAddress()` method, with the calling code now
directly determining the destination MAC address.
This commit adds support for the "non-preferred channels" TLV in
Network Diagnostics. New APIs and their related CLI commands are
added to allow users to get/set this value, which is then used to
respond to Diagnostic Get/Query messages requesting this TLV. This
commit also introduces a mechanism to monitor and notify the caller
when a Network Diagnostic Reset command is received for this TLV.
The `test-020-net-diag` test is updated to validate the new TLV and
its API.
This commit updates the template method `Instance::Get<Type>()` to
support retrieving the `ApplicationCoap` and `ApplicationCoapSecure`
sub-components within the `Instance` hierarchy. This change replaces
the previous direct methods used to access these CoAP components,
providing a more consistent approach to accessing sub-components.
This commit introduces a new method, `Uptime::GetUptimeInSeconds
()`, which returns the device's uptime in seconds. This new method
simplifies existing code that performed manual conversion of the
uptime from milliseconds to seconds.
This commit adds a check in `instance.cpp` to ensure that exactly one
of the `OPENTHREAD_CONFIG_FTD`, `OPENTHREAD_CONFIG_MTD`, or
`OPENTHREAD_CONFIG_RADIO` configuration options is enabled. This
enforces a clear definition of the build type and prevents potential
conflicts or unexpected behavior arising from ambiguous or incorrect
configurations.
This commit introduces a new mechanism in `RoutingManager` to
configure OMR prefix handling on a Border Router. This provides
manual administration options to explicitly set a custom OMR prefix
or disable it, in addition to the existing default behavior where the
BR automatically selects and manages the OMR prefix. These new
administrative configurations can also be used during testing,
particularly for certification tests.
This commit adds new public OpenThread APIs and a CLI command,
`br omrconfig`, for this functionality. Notably, the new APIs allow
updating the OMR configuration while the BR is enabled and running,
and the implementation correctly adjusts to the new requested
behavior.
A new detailed test case is added to the `test_routing_manager` unit
test, covering the new behavior.
This commit add new helper methods `Mac::ExtAddress::SetFromIid()`
and `Mac::Address::SetExtendedFromIid()` which set the Extended
MAC Address from a given IPv6 Interface Identifier (IID). These
methods replace similar ones on `Ip6::InterfaceIdentifier` class
(`ConvertToExtAddress()` and `ConvertToMacAddress()`) to improve code
readability. It is more intuitive to call a `Set` method on the
object being modified rather than passing it as input to a `Convert`
method.
Resolves:
CMake Error at third_party/googletest/repo/CMakeLists.txt:4 (cmake_minimum_required):
Compatibility with CMake < 3.5 has been removed from CMake.
Update the VERSION argument <min> value. Or, use the <min>...<max> syntax
to tell CMake that the project requires at least <min> but has been updated
to work with policies introduced by <max> or earlier.
Or, add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to try configuring anyway.
This commit adds the `srp server port` CLI command, which maps to the
`otSrpServerGetPort()` API. This new command is now used in
`thread-cert/node.py` to implement `get_srp_server_port()`, allowing
direct retrieval of the SRP server port instead of indirectly parsing
the network data entry.
This commit enhances the native OpenThread mDNS implementation to
streamline the registration of the local host and its IPv6/IPv4
addresses.
Previously, registering the local host required tracking host
addresses and using `otMdnsRegisterHost()`, similar to registering
any other host. This commit introduces a simpler alternative that
handles both IPv6 and IPv4 addresses.
The changes in this PR include:
- The local host name can be explicitly set by the caller using new
API `otMdnsSetLocalHostName`. However, if not provided, the mDNS
module automatically generates a name derived from the device's
Extended MAC address.
- A new platform API callback, `otPlatMdnsHandleHostAddressEvent`, is
introduced to notify the OpenThread mDNS module of host address
changes.
- The OpenThread mDNS maintains an internal list of host addresses,
automatically updating it based on platform callbacks. A short
guard time is used to group multiple changes before announcing
them. Transient changes (e.g., address removal and re-addition) are
handled to prevent unnecessary announcements.
- Host IPv4 addresses (A records) are now supported. The `HostEntry`
class is updated to optionally include IPv4 addresses, in addition
to the required IPv6 addresses.
- A detailed test case in `test_mdns` covers all new local
host-related behaviors.
This commit adds support for the Network Diagnostics Enhanced Route
TLV (TLV number 37). This TLV provides information about established
links between routers, including the next hop and associated cost for
routes to all routers. This commit also adds CLI support and test
coverage for the new TLV.
This commit enhances the documentation of certain `otPlatRadio` APIs
for improved clarity.
Most importantly, regarding the `otExtAddress` input parameters,
earlier APIs such as `otPlatRadioSetExtendedAddress()`, `otPlatRadio
{Add/Clear}SrcMatchExtEntry()` assume little-endian byte order. This
is already noted in their documentation. However, some more recent
APIs, namely `otPlatRadioConfigureEnhAckProbing()` and
`otPlatRadioEnableCsl()` do not explicitly specify the byte order.
Common radio platform implementations (and how the APIs are used)
assume big-endian byte order. While this discrepancy is unfortunate,
changing it would create backward compatibility with existing
platform implementations. This commit updates the documentation of
these APIs to mention the byte order and highlight their difference
from other APIs.
This commit also clarifies `otPlatGetRssi()` expected behavior.
This commit fixes `get_srp_server_port()` in `thread-cert/node.py`.
This function parses Network Data service entries, searching for an
SRP/DNS unicast (non-preferred) entry, and then attempts to parse the
published port number of the SRP server by examining the last bytes
of the "server data".
The SRP/DNS unicast entry was previously updated to optionally include
a "version" field at the end of the "server data". This update caused
the port number parsing to fail, as the code did not account for the
extra byte corresponding to the version field.
This commit resolves this issue by ensuring that the two bytes are
correctly read and interpreted as the port number, regardless of the
presence of the version field.
The WED listener only supports calling the `Radio::ReceiveAt()` for
periodic sampling.
This commit adds support for the WED to perform periodic sampling by calling
`Radio::Sleep()` and `Radio::Receive()`.
2025-03-27 09:10:37 -07:00
3547 changed files with 235677 additions and 717688 deletions
@@ -109,7 +109,7 @@ This will open up a text editor where you can specify which commits to squash.
#### Coding Conventions and Style
OpenThread uses and enforces the [OpenThread Coding Conventions and Style](STYLE_GUIDE.md) on all code, except for code located in [third_party](third_party). Use `script/make-pretty` and `script/make-pretty check` to automatically reformat code and check for code-style compliance, respectively. OpenThread currently requires [clang-format v14.0.0](https://releases.llvm.org/download.html#14.0.0) for C/C++ and [yapf v0.31.0](https://github.com/google/yapf) for Python.
OpenThread uses and enforces the [OpenThread Coding Conventions and Style](STYLE_GUIDE.md) on all code, except for code located in [third_party](third_party). Use `script/make-pretty` and `script/make-pretty check` to automatically reformat code and check for code-style compliance, respectively. OpenThread currently requires [clang-format v19](https://github.com/llvm/llvm-project/releases/tag/llvmorg-19.1.7) for C/C++ and [yapf v0.43.0](https://github.com/google/yapf) for Python.
As part of the cleanup process, you should also run `script/make-pretty check` to ensure that your code passes the baseline code style checks.
OpenThread is an open-source implementation of the Thread networking protocol, released by Google. It is designed to be OS and platform-agnostic, with a small memory footprint, making it highly portable. It supports both system-on-chip (SoC) and network co-processor (NCP) designs and is a Thread Certified Component.
The project is primarily written in C and C++, with Python used for scripting and tooling. It uses a variety of build systems, including CMake and GN, and is actively maintained with a strong emphasis on code quality and style, enforced through continuous integration.
## Building and Running
The project uses both CMake and GN as build systems. A collection of scripts in the `script/` directory simplifies the build and test process.
A bootstrap script is provided to install the required tools:
```bash
./script/bootstrap
```
### Building with CMake
The project provides CMake presets for easier configuration.
**Configure:**
```bash
cmake --preset simulation
```
**Build:**
```bash
cmake --build --preset simulation
```
### Building with Scripts
The `script/` directory contains several scripts for building the project for different configurations:
- **Simulation Build:**
```bash
script/check-simulation-build
```
- **POSIX Build:**
```bash
script/check-posix-build
```
- **ARM Build:**
```bash
script/check-arm-build
```
- **GN Build:**
```bash
script/check-gn-build
```
## Testing
The project uses CTest for testing.
To run the tests after building with the simulation preset:
```bash
ctest --preset simulation
```
### Nexus Tests
Nexus is a test framework that allows simulating multiple OpenThread nodes within a single process, enabling faster and more scalable network simulations.
For more details, see [tests/nexus/README.md](tests/nexus/README.md).
## Development Conventions
### Code Style
The project has a strict coding style, which is enforced by the `script/make-pretty` script. Before submitting a pull request, ensure your code is formatted correctly.
**Check code style:**
```bash
script/make-pretty check
```
**Format code:**
```bash
script/make-pretty
```
Key style points:
- **Indentation:** 4 spaces.
- **Naming:**
- `UpperCamelCase` for types (classes, structs, enums), methods, functions.
- `lowerCamelCase` for variables.
- `g` prefix for globals, `s` for statics, `m` for members, `a` for arguments.
- **Comments:** Doxygen is used for API documentation.
For more details, see the [STYLE_GUIDE.md](STYLE_GUIDE.md).
### Commits and Pull Requests
The project follows the "Fork-and-Pull" model. All contributions must be accompanied by a Contributor License Agreement (CLA). Pull requests are tested using GitHub Actions, and all checks must pass before merging.
For more details, see the [CONTRIBUTING.md](CONTRIBUTING.md).
- OpenThread uses `script/make-pretty` to reformat code and enforce code format and style. `script/make-pretty check` build target is included in OpenThread's continuous integration and must pass before a pull request is merged.
-`script/make-pretty` requires [clang-format v14.0.0](https://releases.llvm.org/download.html#14.0.0) for C/C++ and [yapf v0.31.0](https://github.com/google/yapf) for Python.
-`script/make-pretty` requires [clang-format v19](https://github.com/llvm/llvm-project/releases/tag/llvmorg-19.1.7) for C/C++ and [yapf v0.43.0](https://github.com/google/yapf) for Python.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Jonathan Hui
