This commit refactors the `AesCcm` class to simplify its public interface,
decoupling the high-level API from the underlying cryptographic execution.
Key improvements:
- Redesigned the API from a series of procedural method calls
(`Init()`, `Header()`, `Payload()`, `Finalize()`) into a unified,
stateful model. Callers now pre-configure the operation parameters using
dedicated setters (`SetKey()`, `SetNonce()`, `SetAuthData()`,
`SetTagLength()`) and execute the entire cryptographic operation in a
single step via unified `Process()` methods.
- Introduced a nested `Engine` class to encapsulate the low-level AES-CCM
mathematical and cryptographic state. The `Engine` provides clean internal
interfaces for both optimized one-shot (single-part) and multi-part
operations.
- This architectural separation allows the outer `AesCcm` class to focus on
parameter validation, high-level buffer management, and complex `Message`
chunk iterations, while the `Engine` remains focused purely on the
cryptographic core. This also provides a clean extension point to easily
route one-shot operations to platform-specific hardware acceleration APIs
in the future.
- Updated `Mac` and `Mle` modules to use the simplified APIs, reducing
boilerplate code.
- Retained a static `Perform()` wrapper to support the legacy public
`otCrypto` API.
- Updated unit tests to validate the new stateful interfaces, including
robust in-place message chunk processing and separate-buffer
validations.
This commit introduces a new platform abstraction layer for TCP
connections and listeners, enabling OpenThread to leverage platform-
provided TCP stacks. The API is designed for asynchronous, event-driven
environments and can easily support POSIX as well as various embedded
network stacks.
In the core, `Ip6::PlatTcp` and its nested `Connection` and `Listener`
classes are introduced to manage these platform interactions, providing
a clean C++ interface for the OpenThread core. The `PlatTcp` manager
is integrated into the `Instance` class and utilizes `Tasklet` for
asynchronous resource cleanup.
Additionally, this commit adds a comprehensive unit test to verify the
TCP platform abstraction and `Ip6::PlatTcp` implementation. The tests
cover listener and connection lifecycles, data flow, flow control,
incoming connection acceptance, and active object iteration.
This commit refactors `Mle::ProcessMessageSecurity()` to use a new packed
structure, `AesCcmAuthData`, to represent the authenticated data used during
AES-CCM security processing.
The `AesCcmAuthData` structure encapsulates the sender and receiver IPv6
addresses along with the Auxiliary Security Header. By packing these fields
together, we can pass them as a single contiguous buffer to `AesCcm::Header()`.
This eliminates the need for multiple separate calls to `AesCcm::Header()`
and allows the removal of the generic template-based `Header<ObjectType>()`
method in the `AesCcm` class.
Callers to `ProcessMessageSecurity()` have been updated to populate the
`AesCcmAuthData` structure before passing it for processing.
This commit introduces a new `ComposeMeshLocalAddress()` helper method
in the `Mle` class. This method constructs a full IPv6 Address by
combining the Mesh-Local Prefix with a provided Interface Identifier (IID).
By using this helper, we eliminate the repetitive two-step process of
calling `SetPrefix()` followed by `SetIid()` previously scattered across
`Commissioner`, `AddressResolver`, `Child`, and unit tests. This
improves code readability and correctly encapsulates address composition
logic within the `Mle` module.
This commit replaces `Ip6::Address::InitAsRoutingLocator()` and
the now unused `Ip6::Address::InitAsAnycastLocator()` with the
single unified method `Ip6::Address::InitAsLocator()`.
Callers in `Mle` have been updated to use the unified method.
This commit refactors the `FrameBuilder` and `FrameData` modules,
replacing multiple distinct endian-specific methods with a unified,
type-safe templated API.
Key changes:
- Introduced `enum Encoding` (`kBigEndian`, `kLittleEndian`) and a
templated `HostSwap<Encoding, UintType>` helper in `encoding.hpp` to
centralize byte-swapping logic.
- Replaced `AppendBigEndianUint16()`, `AppendLittleEndianUint32()`,
and other variations in `FrameBuilder` with a single templated
method: `AppendUint<Encoding, UintType>()`.
- Replaced `ReadBigEndianUint16()`, `ReadLittleEndianUint32()`,
and other variations in `FrameData` with a single templated
method: `ReadUint<Encoding, UintType>()`.
- Updated all callers in `Lowpan` and `Mac` modules to use the new
templated encoding APIs.
- Updated `test_frame_builder.cpp` to validate the new syntax.
This commit replaces the raw array `mChildren` in `ChildTable` with
the `Array` class from the common utilities.
By switching to `Array`, we can leverage its built-in array management,
bounds checking, and iterator support. This removes boilerplate code
associated with keeping track of `mMaxChildrenAllowed` and simplifies
methods like `GetChildAtIndex`, `FindChild`, `HasChildren`, and
`GetNumChildren` by using `Array` methods.
Additionally, the commit renames `Neighbor::MatchesFilter()` to simply
`Neighbor::Matches()`, which aligns with the expected indicator matching
API used by `Array` and `LinkedList`.
This commit introduces two robustness improvements to Header Information
Element (IE) parsing in Frame:
1. Aligned HasCslIe() with GetCslIe():
Previously, HasCslIe() returned true if a Header IE matching the CSL ID
was present, regardless of whether its declared content length was valid
(>= 4 bytes). Updating HasCslIe() to check GetCslIe() != nullptr ensures
that presence checks enforce the same length validation as retrieval,
preventing callers from assuming a malformed CSL IE is valid.
2. Robust Multi-Vendor IE Iteration in GetTimeIe():
GetTimeIe() previously retrieved the Vendor IE by matching ID 0x00
using GetHeaderIe(), which returns only the first matching element. If
a frame contained multiple Vendor IEs (e.g., a standard Thread Vendor IE
followed by a Nest Time Vendor IE), GetTimeIe() inspected only the
first element, failed the OUI check, and returned nullptr. GetTimeIe()
is refactored to iterate through all Header IEs until a matching Nest
OUI and Time SubType are found, ensuring correct discovery across
multi-vendor frames.
Both otPlatBleGapAdvSetData() and otPlatBleGapAdvUpdateData() now have the same set of retvals.
The aInterval parameter is explained better: it's a request/hint to the BLE platform for the
advertising interval, but not a requirement.
This adds sIsEnabled for more realistic BLE simulation platform behavior. Also
improves internal disconnection state management, per review comments.
Adds asynchronous calling of otPlatBleGapOnDisconnected() to avoid doing the
'disconnected' callback twice, per review comments. A unit test is extended to
verify that the callback happens once.
For test_platform.cpp 2 instances of '#ifdef' are fixed to '#if'.
To get an update of TCAT advertisement data when the active dataset changes, notifier events are
introduced. This also refactors the existing adv update on MLE role change to use a notifier event.
This update now covers all cases where an application/CLI/user changes the active dataset, which should
be then reflected in TCAT advertisement flag values.
The 'requested advertising state' is refactored from a BleState to a bool, to make the code more
readable and avoid subtle errors.
This fixes the issue observed in tests, that the BLE advertisement contents (flags) were not updated
after a TCAT Commissioner disconnects. A unit test is added for BLE advertisement contents to
validate the advertisement data changes.
It also adds an explicit 'disconnect' CLI command to the TCAT expect tests, which wasn't tested
before.
This fixes some ble.h issues and makes explicit that BLE advertising will stop once a client connects.
The TCAT agent is updated to re-enable advertising after a client disconnects (in the default case).
This fixes an issue observed in cert tests. For easier testing in the future, debug log messages are
added for the simulation BLE platform.
The simulation platform (ble.c) is improved to act more like a real BLE platform, by now supporting
client connection state and calling of otPlatBleGapOnConnected() and otPlatBleGapOnDisconnected().
This is required to manually test the TCAT Commissioner/Device flow in Posix simulation.
GetThreadIe(), GetCslIe(), and GetTimeIe() read a fixed content struct
(VendorIeHeader / CslIe / TimeIe) at `ie + sizeof(HeaderIe)` after
matching the IE id, without first checking that the IE's Length field
covers that struct. FindPayloadIndex() only guarantees the IE header
plus its declared Length fit within the frame, so a matching IE whose
Length is shorter than the content struct (e.g. a zero-length vendor IE
placed at the end of the header-IE region) causes a read past the IE
content, and past the PSDU buffer when the IE ends at the frame
boundary.
Gate each content read on the IE Length being at least the
corresponding kIeContentSize before dereferencing the struct.
This commit introduces the `AesCcm::Nonce` class to represent the IEEE
802.15.4 nonce byte sequence, replacing the previous `GenerateNonce()`
method which operated on a raw byte array.
Replacing `uint8_t *` buffers and `kNonceSize` with a dedicated, packed
`Nonce` class makes the code cleaner and prevents potential buffer size
mismatches at call sites. The new class provides an `InitFrom()` method
to safely initialize the nonce from an extended address, frame counter,
and security level.
All callers in `Mac` (frame transmission and reception) and `Mle`
(message security) have been updated to use the new `Nonce` class.
Enhance `MeshForwarder::EvictMessage` to prioritize evicting messages
from `mReassemblyList` that were received without link security when
reclaiming message buffers (reason `kEvictReasonNoMessageBuffer`).
This helps protect secure messages in the send queue from being
evicted due to buffer exhaustion, by prioritizing the dropping of
insecure, potentially incomplete, reassembled fragments.
Both FTD and MTD implementations of `EvictMessage` are updated.
This commit updates the commit hash pin for codecov/codecov-action
from 671740a (v5.5.2) to fb8b358 (v7.0.0) across all CI workflows.
Workflows updated:
- otbr.yml
- posix.yml
- simulation.yml
- toranj.yml
- unit.yml
This commit introduces `ComposeRloc()` and `ComposeAloc()` in the `Mle`
module and updates the codebase to use them.
These methods streamline the construction of Routing Locators and
Anycast Locators by automatically combining the Mesh-Local Prefix with
the provided RLOC16 or ALOC16. This centralizes address composition
logic within `Mle` instead of relying on manually formatting
`Ip6::Address` instances across various modules.
This commit removes all Domain Prefix configuration and management logic
from the OpenThread stack, CLI commands, unit tests, and GRL harness
THCI wrapper.
- Removed public Backbone Router Domain Prefix APIs.
- Removed Domain Prefix flag ('mDp') and 'D' flag parser/formatter
from core network data types, Spinel, and CLI.
- Cleaned up local Backbone Router and Leader logic to exclude Domain
Prefix configuration, tracking, and events.
- Updated RoutingManager prefix advertisement (RIO) to exclude
special handling for Domain Prefix.
- Updated CLI documentation to remove Domain Prefix references.
- Removed domain prefix helper methods from python test certification
scripts.
- Removed auto-addition of default domain prefix and D flag support
from GRL harness OpenThread.py.
This commit ensures that the peer's extended address matches the stored
extended address when receiving a Link Accept for an already valid link,
preventing unintended frame counter resets and neighbor table updates.
To achieve this:
- We validate that the peer's extended address (extracted from the
IPv6 peer address IID) matches the router's stored extended address
when processing Link Accepts for a neighbor that is already in the
kStateValid state. If there is a mismatch, the packet is rejected
with kErrorSecurity.
- We gate InitNeighbor() and the resetting of MLE frame counters
so they only execute if the neighbor is not already kStateValid.
For valid neighbors, we only update link statistics (RSS, last
heard, link quality, key sequence) and clear the Link Accept
timeout without modifying the frame counters or average RSS history.
This commit renames the static helper `Utils::ParseToIp6Address()` to
`Utils::ParseOrSynthesizeIp6Address()` to better reflect its behavior
of parsing an IPv6 address or synthesizing one from an IPv4 address
via NAT64.
Additionally, the method is refactored into a non-static member of the
`Utils` class. This eliminates the need to manually pass the `otInstance`
pointer, as the `Utils` class already maintains it. The internal
implementation is also simplified to reduce nesting by exiting early
upon successful IPv6 address parsing.
All callers in the CLI module (TCP, UDP, Ping, DNS) have been updated
to use the new member method.
This commit updates `Name::LabelIterator::ReadLabel()` to explicitly
check that the read label from the message does not contain any embedded
`kNullChar` (`\0`) characters. It uses `StringLength()` to verify that
the length of the string matches the expected label length. If a null
character is found before the end of the label, `kErrorParse` is
returned to prevent potential string truncation issues or
misinterpretation of the label name.
This broader check replaces a recent fix in `PtrRecord::ReadPtrName()`
from #13183 which only verified that the first label was not empty
or malformed by checking for a single-character label with a null
byte. By enforcing this validation centrally at the `ReadLabel()`
level, we now ensure that labels of any length are properly
protected against embedded null characters across all DNS record
types.
This commit refactors several Nexus diagnostic test cases to use the
existing `Mle::GetMeshLocalRloc()` method instead of manually assembling
the RLOC by combining the mesh-local prefix and the node's RLOC16. This
improves code readability and adheres to the standard pattern for
retrieving a node's Routing Locator.
This commit renames several methods in the `Mle` class that construct
an IPv6 address from the mesh-local prefix and an RLOC16/ALOC16 from
`Get...()` to `Compose...()` to better reflect their behavior.
The affected methods are:
- `GetLeaderRloc()` -> `ComposeLeaderRloc()`
- `GetLeaderAloc()` -> `ComposeLeaderAloc()`
- `GetCommissionerAloc()` -> `ComposeCommissionerAloc()`
- `GetServiceAloc()` -> `ComposeServiceAloc()`
This commit updates the codebase to use the `Icmp6Header` type
directly, replacing the nested `Ip6::Icmp::Header` definition.
This change aligns the ICMPv6 header type definition with the
conventions used for other network protocol headers and simplifies
type references across the network, border router, and utility
modules.
This commit removes the OPENTHREAD_CONFIG_TMF_PROXY_DUA_ENABLE feature
and all associated code, tests, CLI commands, and harness references.
Changes:
- Removed OPENTHREAD_CONFIG_TMF_PROXY_DUA_ENABLE definition and all
assert/preprocessor checks.
- Completely deleted dua_manager.cpp and dua_manager.hpp.
- Removed DUA registration notifying and request URI paths.
- Cleaned up all references to Domain Unicast Address (DUA) across
child management, notifier, time ticker, and MLE.
- Removed DUA commands and logic from the CLI and Python cert tests
(including packet verifier).
- Verified that the entire codebase compiles clean and all tests
successfully pass using the Nexus test suite.
This commit updates the SRP registration and verification logic to pass
the 1_3_SRP_TC_1 test case in the Nexus simulator:
1. In test_1_3_SRP_TC_1.cpp, temporarily disable/enable the eth1 DNS-SD
agent during SRV, AAAA, and browser resolver queries to force a
clear of the local cache. This ensures the queries are sent over the
wire to the Border Router (DUT) instead of being answered from the
resolver's cache.
2. In verify_1_3_SRP_TC_1.py, add checks for mDNS query and response
packets for Steps 9b, 9c, 15b, and 15c. Relax the Step 15c check to
not require the ML-EID in the mDNS response, as advertising
Mesh-Local addresses on the infrastructure link is optional and not
done by the OpenThread SRP advertising proxy.
This commit wraps the contents of `tcp6.hpp` and `tcp6_ext.hpp` with
`#if OPENTHREAD_CONFIG_TCP_ENABLE` feature guards to ensure that TCP
definitions and types are cleanly excluded when TCP support is disabled
in the build configuration. Additionally, it explicitly disables the
`OPENTHREAD_CONFIG_TCP_ENABLE` feature flag in the Toranj test
configuration to validate building without TCP support.
This commit removes the deprecated `test_trel_connectivity.py`
integration test. The TREL connectivity test functionality is
already fully covered by the Nexus simulation test suite, which
provides faster and more reliable testing.
This commit migrates the legacy Thread certification test
'test_publish_meshcop_service.py' to the C++ simulation test suite
in the Nexus platform.
To avoid redundancy and keep the test suite clean, the coverage
is consolidated directly within 'tests/nexus/test_border_agent.cpp'
instead of introducing a new redundant test file.
Consolidated coverage and changes:
- Extended the state bitmap parser and 'ValidateMeshCoPTxtData' in
'test_border_agent.cpp' to verify Backbone Router (BBR) active
and primary flags (kFlagBbrIsActive, kFlagBbrIsPrimary) when
OPENTHREAD_CONFIG_BACKBONE_ROUTER_ENABLE is enabled.
- Added a new test block in 'TestBorderAgentServiceRegistration' to
enable Backbone Router on node0, verify that BBR active and primary
flags are dynamically advertised in the MeshCoP TXT record over
mDNS, and verify that disabling BBR correctly updates the TXT
record state bitmap.
- Fully deleted the legacy Python certification script
'test_publish_meshcop_service.py' from 'thread-cert'.
This commit updates the codebase to use the `Icmp4Header` type directly,
replacing the nested `Ip4::Icmp::Header` type. The empty `Ip4::Icmp`
wrapper class is removed to simplify the header definition. This change
aligns the ICMPv4 header structure with the flat naming conventions used
for other IP headers (e.g., `Ip6::Icmp6Header`, `Ip6::UpdHeader`).
This commit completely removes the local Domain Unicast Address (DUA)
registration feature flag (OPENTHREAD_CONFIG_DUA_ENABLE) and all of
its associated implementation, public APIs, CLI commands, Spinel
property handlers, and certification tests.
Thread 1.2 FTD Border Router/Router DUA proxying features for MTD
children (OPENTHREAD_CONFIG_TMF_PROXY_DUA_ENABLE) are preserved and
updated to only compile/instantiate components when proxy DUA
features are active.
Detailed Changes:
- Remove default definition of OPENTHREAD_CONFIG_DUA_ENABLE from
misc.h.
- Remove OT_DUA and openthread_config_dua_enable from CMake/GN
configs.
- Remove otThreadSetFixedDuaInterfaceIdentifier and
otThreadGetFixedDuaInterfaceIdentifier from
include/openthread/thread.h
and implementation src/core/api/thread_api.cpp.
- Remove CLI DUA interpreter from src/cli/cli.cpp.
- Remove SPINEL_CAP_DUA capability and SPINEL_PROP_THREAD_DUA_ID
Spinel property handlers and dispatchers from NCP.
- Strip local DUA management features (conflict checking, SLAAC DUA
interface identifiers, and dad info settings) from DuaManager, MLE,
Address Resolver, and settings.
- Clean up Notifier, TimeTicker, and TMF dispatcher guards.
- Clean up -DOT_DUA=ON compilation flags across build/test scripts.
- Delete obsolete DUA certification tests:
- v1_2_test_domain_unicast_address
- v1_2_test_domain_unicast_address_registration
- v1_2_test_dua_handle_address_error
`PtrRecord::ReadPtrName()` reads a PTR target's first label with
`Name::ReadLabel()`, which performs no emptiness check. A response whose
first label is a single NUL byte (wire `01 00`) is stored as an empty
C-string and cached by the browse cache as a service instance. When the
cache later builds a known-answer question, it calls
`Name::AppendLabel("")`, which returns `kErrorInvalidArgs`; the
surrounding `SuccessOrAssert()` turns that into an abort. A single
unauthenticated link-local mDNS response thus crashes any node with an
active browser.
Reject an empty first label in `ReadPtrName()` so the record is dropped
on receive and never cached. This matches the `Name::ValidateLabel`
checks already applied on the registration and resolver paths, and makes
the "ReadPtrName() validates that PTR record is well-formed" comment at
the call site accurate.
Add a regression test that delivers a PTR response with a single
NUL-byte instance label and verifies no result is reported and the
browser keeps querying without the malformed entry.
This commit adds the missing Doxygen groups for TCP (`core-tcp`),
TCP Extensions (`core-tcp-ext`), and UDP (`core-udp`). These groups
are used in the code but were not previously defined.
This commit updates the codebase to use `TcpHeader` and `UdpHeader` types
directly, instead of the nested `Tcp::Header` and `Udp::Header` types.
The `TcpHeader` and `UdpHeader` classes are already defined in
`ip6_headers.hpp`. This change reduces dependencies on the `Tcp` and
`Udp` class definitions, which is particularly useful when TCP
is disabled in the build configuration, avoiding the need to include
their respective class headers just for the header definitions.
This commit fixes instances of "the the" typos found in various
files across the codebase, including documentation, headers, source
files, and test scripts.
This commit updates the `markdown-lint-check` job to explicitly set
the `PUPPETEER_EXECUTABLE_PATH` environment variable to use the
system-installed Google Chrome (`/usr/bin/google-chrome`) for the
`linkspector` action. This resolves issues where the action fails
to find a browser environment to execute properly.
This commit implements additional vendor application or ecosystem
policy settings for TCAT including:
1) Automatic deactivation of the TCAT agent / TCAT advertisement after
the thread network has been started over TCAT
2) Automatic activation of the TCAT agent / TCAT advertisement after
the thread network has been stopped over TCAT
3) Automatic activation of the TCAT agent / TCAT advertisement after
decommissioning over TCAT
4) Blocking support of certain TCAT TLVs by the application /
ecosystem
The commit also fixes an issue with certificate storage after
decommissioning.
This commit renames several methods in `Ip6::Address`,
`Ip6::InterfaceIdentifier`, `Ip6::Prefix`, and `Ip4::Address` that
fully initialize the object from `Set...()` to `Init...()`.
This creates a clear semantic distinction in the API:
- `Init...()`: Fully (re-)initializing the object.
- `Set...()`: Modifies a specific property or a sub-component of
the object (e.g., `SetPrefix()`, `SetLocator()`,
`SetSubnetId()`).
Some examples of renames include:
- `SetFromExtAddress()` -> `InitFromExtAddress()`
- `SetToLocator()` -> `InitAsLocator()`
- `SetToLinkLocalAddress()` -> `InitAsLinkLocalAddress()`
- `SetToRoutingLocator()` -> `InitAsRoutingLocator()`
- `SetToAnycastLocator()` -> `InitAsAnycastLocator()`
- `SetToIp4Mapped()` -> `InitAsIp4Mapped()`
All calls to these methods across the codebase have been updated
to reflect the new names.
This commit sets the SO_RCVBUF socket option to 2MB on the
multicast receiving sockets in the simulation platform.
Under heavy simulation load (such as expect tests with 15 nodes
all sending MLE advertisements and discovery packets), the default
OS UDP receive socket buffer can overflow, leading to silent
packet drops. This occasionally caused expect tests like
cli-big-table.exp to fail with "Join failed [NotFound]" because
Node 4's discovery requests or response beacons were dropped.
Increasing the receive buffer size to 2MB prevents packet loss
during dense simulation runs, resolving intermittent CI test
failures.
This commit fixes a frequent unit test flake in ot-test-trickle_timer
under the TestTrickleTimerMinMaxIntervalChange test case.
The test case starts the trickle timer with Imin = 2000 and
Imax = 2000. The random time t (mTimeInInterval) is chosen in
[1000, 2000), so t can range up to 1999.
When t randomly evaluates to 1999, t + 1 becomes 2000. Calling
timer.SetIntervalMax(2000) triggers an early-exit optimization
in TrickleTimer::SetIntervalMax because mIntervalMax is already 2000,
leaving the scheduled timer's fire time unchanged. The test then
crashes on the assertion expecting the fire time to have changed.
This is resolved by setting the new interval max to
Min(t + 1, interval - 1). This ensures that the requested value is
strictly less than 2000 even when t = 1999, successfully triggering
the interval shortening and rescheduling logic tested by this case.
This commit adds a brief 0.1-second sleep delay immediately after
spawning node processes (rcp, cli, and mtd types) in the expect test
harness.
Under high CPU load on GitHub Actions runner VMs, the PTY file
descriptors can take a fraction of a second to fully initialize. If
commands are sent immediately after spawn without delay, the initial
expect match can fail with an instant timeout. This triggers duplicate
retransmissions in wait_for, leaving extra "Done" strings in expect's
PTY read buffer. The leftover "Done" strings desynchronize subsequent
assertions, causing tests to match cached output instead of waiting
for actual command execution (e.g., sending "diag stats" during an
active "diag send" command, which fails).
Adding a 100ms delay gives the PTY and child process enough time to
fully initialize and stabilize, avoiding instant timeouts and
subsequent test harness desynchronization.
This commit adds GCC 15 (version 15.2.rel1) to the `arm-gcc` job
matrix in the OpenThread build (`build.yml`) workflow.
Including GCC 15 in the builds helps ensure that OpenThread compiles
successfully and is free from warnings or errors with the latest GCC
15.2.rel1 release.
Increase wait delay after starting the OTBR service in the
test_publish_meshcop_service.py script.
Starting otbr-agent requires the node to re-attach to the simulated
Thread network and transition to the leader role. In virtualized CI
environments, this role transition can take up to 14.5 seconds. Using
a hardcoded 10-second delay results in a race condition where the
service is published very late, causing the subsequent browse query to
miss the service and fail with AssertionError.
Substituting the delay with BORDER_ROUTER_STARTUP_DELAY (20s) ensures
the node has sufficient time to attach, become leader, start the border
agent, and fully register the mDNS service before browsing.
This commit simplifies MLR state tracking for child devices. Previously,
`Child::Ip6AddrEntry` inherited from `Ip6::Address` to encapsulate the
MLR registration check using the `Child` reference. This introduced
tight coupling between `Child` and `Ip6AddrEntry`.
The logic is refactored by removing `Ip6AddrEntry`. Instead, `Child`
now directly manages a `Child::Ip6AddressArray` and encapsulates the
MLR state querying/updating through new methods:
- `SetAddressMlrRegistrationState()`
- `GetAllMlrRegisteredAddresses()`
- `ClearAllAddressesMlrRegistrationState()`
In `Mlr::Manager`, the redundant `ChildAddressArray` typedef and
`kMaxChildAddresses` constant are removed, reusing the
`Child::Ip6AddressArray`. The method `UpdateProxiedSubscriptions()`
is renamed to the more intuitive `UpdateChildRegistrations()`, and
overloaded to allow calling it without an old address list during
initial child registration.
The test `test_1_3_DBR_TC_7A` was failing occasionally due to
uninitialized stack memory in `NetworkData::OnMeshPrefixConfig config`.
Because `OnMeshPrefixConfig` inherits from `otBorderRouterConfig`
and does not automatically initialize its fields in its default
constructor, declaring `NetworkData::OnMeshPrefixConfig config;`
on the stack left its members (including `mDp` and `mNdDns` flags)
with arbitrary stack garbage. If `mDp` (Domain Prefix flag)
evaluated to true, it caused the registered `PRE_1` prefix to be
erroneously processed as a Domain Prefix. Consequently, the border
router did not include `PRE_1` as a Route Information Option (RIO)
in its emitted Router Advertisements, causing packet verification
to fail in Step 4.
This commit fixes the issue by explicitly initializing the
`config` struct using `config.Clear()` right after declaration.
Fixes an intermittent failure in the
`nexus_announce_no_flap_on_unmergeable_partitions` test.
Previously, only LEADER_NEW was isolated (by enabling allowlist
mode with an empty address list) in Step 2. Because LEADER_OLD
still had allowlist mode disabled, it could receive advertisements
from LEADER_NEW. If LEADER_NEW's randomly allocated partition ID
happened to be larger than LEADER_OLD's, LEADER_OLD would see it
as a "better partition" and initiate a transition to child to
attach to LEADER_NEW.
Although this attempt would initially fail in Step 2 (since
LEADER_NEW dropped all RX), it kept retrying. In Step 3, when the
allowlist was opened on both sides, the queued/retried attach
attempt from LEADER_OLD succeeded, making it a child and causing
the Leader assertion to fail.
Isolating both nodes during Step 2 ensures that LEADER_OLD never
hears LEADER_NEW's initial good-link advertisements. When Step 3
begins, it only hears LEADER_NEW through the weak link and
correctly rejects the advertisements, keeping both nodes stable
leaders of separate partitions.
Explicitly cast the result of the bitwise NOT operator ~ to uint8_t in
BitSetUtils::FlipBits to resolve a build error under AppleClang.
In C++, using the bitwise NOT operator on a uint8_t value promotes it to
an int. Assigning the promoted int back to uint8_t triggers an implicit
conversion warning/error (-Wimplicit-int-conversion) under newer
compiler versions, which fails the build when compiled with -Werror.
This commit introduces helper methods to `MeshCoP::Dataset` to determine
if a given Dataset affects network connectivity or the Network Key.
It also adds a corresponding public API `otDatasetAffectsConnectivity()`.
A Dataset is considered to affect connectivity if it contains a
different Channel, PAN ID, Mesh Local Prefix, or Network Key than
the current values in use.
`Mle::AnnounceHandler::HandleAnnounce` previously executed the
`kAnnounceAttachAfterDelay` action on an attached node even when
the announced channel and PAN ID already equaled the current MAC
parameters. The `!channelAndPanIdMatch` guard was only consulted
in the `IsDetached()` branch. For an attached node this scheduled
`StartAnnounceAttach`, which calls `Stop()` then `Start()` with
the same channel/PAN ID -- accomplishing nothing while disrupting
attached children.
This causes an endless role flap in a topology where two FTDs
share channel, PAN ID, and network credentials but hold different
Active Dataset Timestamps, and where their RF link is too weak to
merge partitions (Advertisements rejected with LinkMarginLow at
`mle_router.cpp`). Each side restarts on every Announce received
from the higher-timestamp peer; the reactive `kSendAnnouceBack`
path further amplifies this because the lower-timestamp side's
own outgoing Announces draw Announce responses from the peer.
Apply the channel/PAN ID match guard unconditionally in
`kAnnounceAttachAfterDelay`. Mirror it on the FTD
`kSendAnnouceBack` path (matching the existing `isFromOrphan`
behavior) so peers sharing MAC parameters are not prompted to
migrate to the channel/PAN ID they already use.
Add `addon_test_announce_no_flap_on_unmergeable_partitions.py`
which builds the topology above and asserts that both nodes
retain their original partition IDs across a 20-minute simulated
window. Without this change the lower-timestamp node is
repeatedly demoted from leader during that window.
This commit moves the state and logic for managing the maximum number
of IP addresses per child from `Mle` to `ChildTable`. The logic for
checking the limit is also moved to the `Child` class itself.
This change better encapsulates the child table properties.
This commit updates the DHCPv6 Prefix Delegation (PD) client to
comply with RFC 9915, which obsoletes the Server Unicast option
(Option 12) and the UseMulticast status code.
Changes:
- Removed `mServerAddress` and `ProcessServerUnicastOption()` from
`Dhcp6PdClient`.
- Modified `Dhcp6PdClient::SendMessage` to always transmit via
multicast to `ff02::1:2`.
- Removed `UseMulticast` status code handling in `HandleReply()`.
- Added `otMessageFree` weak stub in simulation platform's
`infra_if.c` to resolve linking errors on simulation radio-only
targets when DHCPv6 PD client is enabled.
- Updated `test_dhcp6_pd_client.cpp` to expect multicast and
removed the obsolete UseMulticast test case.
This commit updates `MacCountersTlv` and `MleCountersTlv` to use the
`SimpleTlvInfo` template. The original classes are replaced with
`MacCountersTlvValue` and `MleCountersTlvValue` which only represent
the TLV values. This helps simplify the TLV parsing and appending
logic and more importantly allows the TLV value formats to be
reused.
This commit extends the `BitSet` class with several new
methods:
- `CountElements()`
- `IsSubsetOf()` and `IsSupersetOf()`
- `Complement()`
- `UnionWith()`, `IntersectWith()`, and `SubtractWith()`
- `SetMask()`, `AppendTo()`, and `ReadFrom()` message.
This commit also introduces a new `BitSetUtils` non-template base class
for the `BitSet<kNumBits>` template class. This change helps optimize
code by moving the common implementation logic for various bit
manipulation operations out of the template, reducing template
instantiation overhead.
This commit refactors the Nexus tests configuration in CMakeLists.txt
by properly classifying and sorting test cases:
- Moved `inform_previous_parent_on_reattach` from the "Cert tests"
section to the "Misc tests" section, and changed its label from
"cert;nexus" to "core;nexus".
- Moved `retransmission_security` from the "Cert tests" section
to the "Misc tests" section where it belongs (retaining its
"core;nexus" label) and sorted it alphabetically.
These changes ensure the CMake file remains clean and the tests are
properly categorized.
This commit removes the thread-cert/backbone tests and cleans
up all related configurations and references.
Specifically, the following changes are made:
- Deleted tests in tests/scripts/thread-cert/backbone/
- Removed the backbone-router job from .github/workflows/otbr.yml
- Removed backbone-router dependency from upload-coverage job
- Removed setup, cleanup, and checks for backbone tests in
tests/scripts/thread-cert/run_cert_suite.py
This commit removes the `avahi` mDNS configurations from the
`thread-border-router` job matrix in the OpenThread Border Router
(`otbr.yml`) workflow.
With this change, the `thread-border-router` integration tests will
exclusively run using the `mDNSResponder` configuration.
This commit renames the `NetworkDiagnostic` namespace in `src/core/thread/`
and its related types to `NetDiag` for brevity. It updates the
corresponding filenames and header guards as well.
When a sleepy end device (where `Mle::IsRxOnWhenIdle()` returns
false) sends an MLR request, it initiates fast data polls via
`DataPollSender::SendFastPolls()` to quickly receive the response.
This commit updates `Manager::HandleResponse()` to call
`DataPollSender::StopFastPolls()` when the MLR response is processed
by a sleepy end device. This ensures that the device does not
unnecessarily continue fast polling.
Retransmissions of frames containing time-dependent header Information
Elements (IEs), such as CSL or Time Sync, require updates to these
IEs to reflect the exact time of sending. If the frame counter is not
incremented for these retransmissions, it leads to nonce reuse in
AES-CCM encryption, which is a security vulnerability.
This commit addresses this issue by ensuring that every transmission
attempt (initial or retry) uses a fresh frame counter:
- Deferred security processing from `SubMac::Send()` to
`SubMac::BeginTransmit()`.
- Upon retransmission in `SubMac::HandleTransmitDone()`, the frame is
restored to plaintext via `TxFrame::DecryptTransmitAesCcm()` and
security flags are cleared.
- This allows time-dependent IEs to be updated and a new frame counter
to be assigned for every attempt.
Added a Nexus test case `retransmission_security` to verify that both
CSL and standard MAC retransmissions use incrementing frame counters
and updated CSL phases.
This commit introduces a structured state machine to `Mlr::Manager` to
coordinate Multicast Listener Registration (MLR) activities more
efficiently. The previous implementation relied on independent delay
variables and the global `TimeTicker`, which could lead to redundant
or premature registrations, especially when a Primary Backbone Router
(PBBR) was newly discovered or updated.
The new state machine (`kStateStopped`, `kStateIdle`,
`kStateToRegisterAll`, `kStateRegistering`, `kStateRegistered`,
`kStateNewAddrToRegister`) provides explicit transitions for the
entire MLR lifecycle. This ensures that registrations are properly
aggregated and that periodic renewals are correctly rescheduled after
successful out-of-band registrations.
Additionally, the manager now uses a dedicated `TimerMilli` instead of
`TimeTicker`, reducing system-wide overhead and providing more
precise timing control.
Per RFC 9664, the UL option is always included in a success response (RCODE=0).
Comment in test_srp_server is updated also to avoid suggesting the opposite.
This commit introduces a new set of template-based APIs for
non-cryptographic random number generation in the `Random::NonCrypto`
namespace. These new methods provide a cleaner, type-safe, and more
robust interface compared to the previous methods.
Key additions:
- `Generate<UintType>()`: Returns a random value of the given
unsigned integer type (`uint8_t`, `uint16_t`, or `uint32_t`).
- `GenerateUpToExcluding<UintType>(aMax)`: Returns a random value in
the range `[0, aMax)`.
- `GenerateFromMinUpToExcluding<UintType>(aMin, aMax)`: Returns a
random value in the range `[aMin, aMax)`.
- `GenerateInClosedRange<UintType>(aMin, aMax)`: Returns a random
value in the closed range `[aMin, aMax]`.
The introduction of `GenerateInClosedRange` is an improvement as it
safely handles ranges up to the maximum value of the integer type
(e.g., `0xffff`) without the risk of overflow.
All call sites across the OpenThread core stack and tests have been
updated to adopt these new APIs. The public `otRandomNonCrypto`
functions are also updated to leverage the new internal methods.
Doxygen documentation is added for all new template methods,
detailing their behavior, including edge cases where the upper bound
is smaller than or equal to the lower bound.
This commit refactors various unit tests to use `constexpr` for
defining constants instead of anonymous `enum` types.
Using `constexpr` is the modern and preferred approach in C++, as it
provides explicit types for constants and improves code clarity and
type safety.
This commit fixes minor coding style issues in
`RoutingManager::RoutePublisher::StateToString()`. It adds a missing
semicolon after the `DefineEnumStringArray()` macro and corrects the
indentation of the return statement.
This commit makes `Tlv::AppendTlvHeader()` public and updates call
sites to use it. This method automatically handles the formatting
of the TLV header as either a standard TLV header or an extended one
based on the provided length.
This commit removes all code, configurations, APIs, and tests related
to the OPENTHREAD_CONFIG_BACKBONE_ROUTER_DUA_NDPROXYING_ENABLE feature.
Specifically, the following changes were made:
- Removed DUA ND Proxying Backbone Router configuration option and the
related OPENTHREAD_CONFIG_NDPROXY_TABLE_ENTRY_NUM definition.
- Removed CLI commands: `bbr mgmt dua` and the proactive backbone
notification fake command `/b/ba`.
- Removed NdProxyTable and bbr_manager DUA ND Proxying implementation.
- Removed public/internal APIs for ND Proxying and proactive backbone
notifications.
- Deleted ndproxy_table source files and unit tests.
- Simplified CMake and GN build files to remove deleted targets.
This commit improves the `tests/nexus/build.sh` script by adding a
`display_usage()` function and implementing stricter command-line
argument validation.
This commit removes the obsolete Backbone Router (BBR) certification
tests:
- tests/scripts/thread-cert/backbone/bbr_5_11_01.py
- tests/scripts/thread-cert/backbone/
test_mlr_multicast_routing_across_thread_pans.py
These tests are removed because DUA (Domain Unicast Address) routing
features (specifically DUA ND Proxying) have been deprecated and
removed from the codebase. Since these features are no longer
supported, the corresponding certification and validation tests are
no longer valid or runnable.
Remove obsolete backbone test cases for Domain Unicast Address
(DUA) Duplicate Address Detection (DAD), DUA routing, DUA routing
for Minimal End Devices (MED), and Neighbor Discovery (ND) Proxy.
These features and their corresponding tests are no longer needed.
This commit removes all DUA (Domain Unicast Address) validation
and verification steps from test_firewall.py. Since DUA routing
features are being phased out or removed, this keeps the firewall
test in sync and prevents potential failures during test runs.
Specifically:
- Removed DUA ping validation from host to router.
- Removed DUA collection call (collect_duas).
- Removed the packet verifier checks checking for DUA ping traffic.
When cloning the ot-br-posix repository to run the Docker-in-Docker
integration tests, the clone was shallow and did not recursively
check out nested submodules (such as cJSON and cpp-httplib). This led
to build failures inside the Docker build container since libcjson
is not pre-installed on the base build image.
This commit resolves the issue by:
1. Appending the `--recurse-submodules` flag to the git-tool clone
calls in `otbr-posix-dind.yml` and `script/test`.
2. Updating `script/git-tool`'s destination directory parsing to
robustly handle multi-line output from recursive submodule
checkouts. The new pattern extracts the path exclusively from
the first line using `sed` to prevent SIGPIPE or parsing errors.
This commit introduces a new GitHub Actions workflow to automate the
monthly release process using Calendar Versioning (CalVer).
The workflow:
- Runs automatically at 00:00 UTC on the 1st day of every month.
- Supports manual execution via `workflow_dispatch`.
- Automatically generates a CalVer tag (e.g., vYYYY.MM.0).
- Employs the GitHub CLI to create a release and auto-generate
release notes based on merged pull requests.
This commit fixes a potential `uint16_t` overflow in
`Config::SelectRandomReregistrationDelay()` which could occur if
`mReregistrationDelay` was set to the maximum `uint16_t` value.
The `Random::NonCrypto::GetUint16InRange(lower, upper)` function
includes the lower bound but excludes the upper bound. Previously,
the code called `GetUint16InRange(1, mReregistrationDelay + 1)`,
which would overflow the upper bound if `mReregistrationDelay` was
`0xffff`. The logic is updated to `1 + GetUint16InRange(0,
mReregistrationDelay)`, which safely produces a random value in the
range `[1, mReregistrationDelay]` without overflow.
This commit introduces a new helper method that allows appending a
TLV by copying its value directly from a specified `OffsetRange` of
another `Message`.
This helper automatically handles formatting the TLV as an Extended
TLV if the length exceeds 254 bytes, eliminating the need for manual
length checks and TLV header construction at the call sites.
Key changes:
- Added `Tlv::AppendTlvWithValueFromMessage()`.
- Refactored TLV header construction into a private helper
`Tlv::AppendTlvHeader()` to share logic between `AppendTlv` variants
and `StartTlv()`.
- Updated `Commissioner::SendRelayTransmit()` and
`JoinerRouter::HandleUdpReceive()` to use the new helper for
`JoinerDtlsEncapsulation` TLVs.
- Updated `TcatAgent::HandlePing()` to use the new helper, significantly
simplifying the payload response generation.
When logging while `Instance` has not been initialized yet, use 0 as
return value of `GetUptime` and use `OPENTHREAD_CONFIG_LOG_LEVEL_INIT`
as default log level instead of accessing raw memory.
This commit updates `BackboneRouter::Local` to receive role change
events directly from the `Notifier`. Previously, `Bbr::Local` was
indirectly relying on `BackboneRouter::Leader` to emit events even
when the PBBR configuration had not changed (e.g., during role
transitions).
The previous design was fragile and created an unnecessary dependency.
`Bbr::Local` now independently tracks role changes to ensure it
correctly evaluates its own status (e.g., deciding whether to
register as the Primary BBR).
This commit introduces `PrimaryEvent` to represent changes in the
Primary Backbone Router (PBBR) configuration, replacing the previous
`State` enum. Calling it `State` was misleading as the values
describe transitions or updates to the PBBR rather than a persistent
state.
The new `PrimaryEvent` enum provides a more descriptive way to notify
dependent modules (`Mlr::Manager`, `DuaManager`, and `Bbr::Local`)
about specific changes in the PBBR, such as when it is added,
removed, or when its configuration parameters (e.g., RLOC16, Sequence
Number, or MLR Timeout) are updated.
This commit simplifies and enhances the TLV parsing logic in
`TcatAgent` so to use the `Tlv::Info` helper class. This safely and
automatically handles both standard and extended TLVs, removing the
need for manual type checking and length/offset calculations.
Key changes:
- Updated `TcatAgent::HandleSingleTlv()` to use `Tlv::Info::ParseFrom()`.
- Replaced individual `aOffset` and `aLength` parameters with
`const OffsetRange &` across various TLV handler methods (e.g.,
`HandlePing`, `HandleSetActiveOperationalDataset`, `VerifyHash`).
This improves code readability, safety, and consistency with common
OpenThread TLV parsing patterns.
This commit simplifies the logic in `BleSecure::HandleTlsReceive`
by reducing the nesting level through the use of early `ExitNow()`
calls and replacing a complex `if-else` block with a `switch`
statement for handling `errorTcatAgent`.
Key improvements:
- Removed a large `else` block by adding `ExitNow()` after the
initial transparent mode check.
- Used a `switch` statement to handle `errorTcatAgent` returned
by `MeshCoP::TcatAgent::HandleSingleTlv()`, clearly separating
`kErrorNone`, `kErrorAbort` (disconnect), and default fatal
error handling.
- Improved code formatting and comment readability.
This commit refactors `BleSecure::HandleTransport()` to use the
`OffsetRange` and `Message::ReadAndAdvance()` helper methods. This
replaces manual length and offset tracking, resulting in cleaner
and safer message parsing logic.
Additionally:
- Simplified the payload length calculation by using nested `Min()`
calls instead of multiple `if/else` blocks.
- Added a `RadioPacket` typedef in `BleSecure` to alias the public
`otBleRadioPacket` structure, aligning with OpenThread's core
namespace conventions.
This commit introduces a new CMake option `OT_NEXUS_BUILD_TESTS`
(defaulting to `ON`) to control whether the individual Nexus test
executables are built.
When developing or debugging the OpenThread core stack within the
Nexus framework, building the large number of certification tests can
be time-consuming. This option allows developers to skip building the
tests and only compile the `ot-nexus-platform` library and OT core.
The check is implemented inside the `ot_nexus_test` macro to ensure
all test definitions automatically respect the flag without requiring
large conditional blocks in the `CMakeLists.txt` file.
Additionally, a `no_tests` argument is added to `tests/nexus/build.sh`
to easily invoke this configuration from the command line.
This commit refactors and improves the Backbone Router callback and
`Config` introducing new methods and encapsulating configuration-related
logic.
Key changes:
- Added `Leader::GetConfig()` to provide direct access to the internal
cached `Config` object.
- Renamed `Leader::GetConfig(Config &)` to `Leader::ReadConfig(Config &)`
to better reflect its purpose.
- Added `Config::SelectRandomReregistrationDelay()` to encapsulate the
logic for selecting a random re-registration delay.
- Simplified variosu `HandleBackboneRouterPrimaryUpdate()` callbacks
to remove the parameter `aConfig`, allowing these modules to use
`Leader::GetConfig()` instead.
This adds details to the Posix platform UDP bind error message, showing address and
port just like for the otPlatUdpConnect case. Also the severity is changed from Crit
to Warn, since it's not a critical failure given that otPlatUdpBind() is used in a
loop to find an available ephemeral port - i.e. probe the ports in range until one
succeeds.
It also fixes an issue where `errno` might be modified by the logging code itself.
Ideally the platform code would discern 'port in use' vs 'unrecoverable failure to
bind the port', but the currently defined OT APIs don't allow for any other errors
apart from ok/failed. If the specific port number is really needed, the caller
is responsible to log a critical failure.
If the PD client sendto() fails, e.g. because of an unroutable IPv6
destination, currently the message remains in the queue. Then the
subsequent retries cause a 100% CPU use (without end). This fixes the
issue by dropping the message in case of an unresolvable sendto()
failure.
This commit refactors and improves the `Sntp::Client` class by
adopting common OpenThread patterns and simplifying the logic.
Key changes:
- Introduced `Sntp::Client::QueryInfo` core class to wrap the
public `otSntpQuery` structure.
- Added `Timestamp` class to handle SNTP timestamps, simplifying
the `Header` structure.
- Renamed methods and variables to be more concise and consistent
(e.g., `FinalizeSntpTransaction` to `Finalize`,
`mRetransmissionTimer` to `mTimer`).
- Simplified the `HandleUdpReceive` logic by splitting response
processing into `ProcessResponse`.
This change improves code readability and maintainability of the
SNTP client module.
This commit adds support for interacting with nodes via the CLI in the
Nexus simulation framework. This enables writing higher-level
integration tests that verify stack behavior and state through
standard CLI commands.
Key changes:
- Integrated `Cli::Interpreter` into the `Nexus::Node` class.
- Added `Node::InputCli()` to allow sending commands to a node with
`printf`-style formatting.
- Implemented output capturing logic in `Node::HandleCliOutput()` to
buffer and parse CLI responses into individual lines, stored in a
`CliOutputArray`.
- Added helper methods to `CliOutputLine` for matching and validating
the captured output.
- Added a new `cli_basic` Nexus test to demonstrate and validate the
CLI interaction functionality.
This commit introduces a new core class `BackboneRouter::Config` that
inherits from the public `otBackboneRouterConfig` struct. This aligns
with the OpenThread architectural pattern of using core-internal
classes to wrap public API structures, providing a cleaner interface
and encapsulating logic.
Importantly, this commit ensures that the `MlrTimeout` is adjusted
and clamped to valid ranges before comparing the new configuration
with the existing one. This ensures that the state transition
(e.g., `kStateRefreshed`) correctly reflects the actual values
that will be used.
Other improvements:
- Added helper methods `IsPresent()`, `MarkAsAbsent()`, and getters
for configuration fields.
- Moved `MlrTimeout` adjustment logic into `Config::AdjustMlrTimeout()`.
- Added `Config::Log()` to log configuration details, and updated
`Leader` to log both old and new configurations when a Primary
Backbone Router event occurs.
Update `otbr-posix-dind.yml` workflow to run the DinD integration test
using a matrix strategy that covers both the default mDNS implementation
and `mDNSResponder`.
This mirrors the testing matrix used in `ot-br-posix` repository's
`docker-test.yml` workflow.
In Host + RCP mode, running `diag start` from the host CLI may trigger
RadioSpinel warnings: InvalidState, “Error processing result” / “Error
waiting response”.
**Root cause**
Diags::ProcessStart sent channel / power commands before enabling diag
mode. On Spinel, these are forwarded to the RCP (via
`SPINEL_PROP_NEST_STREAM_MFG`), but the RCP only accepts other diag
commands after start.
```
if (!IsEnabled() && !StringMatch(aArgs[0], "start"))
{
Output("diagnostics mode is disabled\r\n");
ExitNow(error = kErrorInvalidState);
}
```
As a result, early channel / power commands are rejected with
InvalidState.
This commit removes the `kDomainPrefixUnchanged` event from the
`DomainPrefixEvent` enum and refactors the related logic in
`BackboneRouter::Leader`. This value was redundant, as the manager
should only report events when an actual change (addition, removal,
or refresh) occurs in the Domain Prefix configuration.
This commit introduces `Message::ReadAndAdvance()` and its template
flavor to the `Message` class. This helper method reads data from a
`Message` at a given `OffsetRange` and advances the `OffsetRange` by
the number of bytes read upon success.
Sequential parsing of structured data (such as TLVs or protocol
headers) is a common pattern across the OpenThread codebase.
Previously, this required two separate calls: one to `Read()` and
another to `AdvanceOffset()`. The new `ReadAndAdvance()` method
consolidates these into a single, safer operation that ensures the
offset is only advanced if the read operation succeeds.
This commit updates numerous call sites across the core stack
(MLE, BBR, DatasetManager, NetworkDiagnostic, DHCPv6, etc.) to use
the new helper, improving code clarity and reducing boilerplate.
This commit removes the legacy `Tlv::FindTlv()` method variations
that read a TLV into a local buffer. These methods are no longer
used across the codebase, having been replaced by safer and more
efficient alternatives such as `Tlv::Find<TlvType>()`,
`Tlv::FindTlvValueOffsetRange()`, or `Tlv::Info::FindIn()`.
The removed methods were prone to misuse, as they did not always
handle Extended TLVs correctly if the caller provided a fixed-size
buffer. Removing these variations forces new code to use the modern
helper functions, which provide better validation and correctly
handle the decoupling of the TLV header from its value.
This commit introduces a new model for handling `RouteTlv` by
adding the `RouteTlv::Data` and `RouteTlv::Data::Entry` classes.
Previously, `RouteTlv` directly represented the packed on-wire
format, which made it difficult to work with, especially when
supporting different configurations such as
`OPENTHREAD_CONFIG_MLE_LONG_ROUTES_ENABLE`.
The new `RouteTlv::Data` class decouples the on-wire serialization
from the in-memory representation, providing a cleaner API for
parsing the TLV from a `Message` and accessing its entries and
their properties (Router ID, Route Cost, and Link Qualities).
This change improves code clarity and maintainability by providing
a structured way to handle route information.
This commit introduces a GitHub Actions workflow (OTBR DinD) to
verify that changes in the OpenThread repository do not break the
integration tests in ot-br-posix.
The workflow runs on every pull request and merge to main. It performs
the following steps:
1. Clones openthread/ot-br-posix using script/git-tool, which
automatically applies any dependent PRs specified in the PR body.
2. Replaces the openthread submodule in ot-br-posix with the local
OpenThread checkout containing the changes under test.
3. Builds the Docker-in-Docker (DinD) test runner image from
etc/docker/test/Dockerfile.dind_runner in ot-br-posix.
4. Runs test_dind_dns_sd.sh inside the DinD container to ensure that
DNS-SD advertising proxy and TREL integration tests pass
successfully.
Ideally, the mesh-local address (ML-EID) is only used when
communicating with devices in the Thread mesh. The mesh-local
address must not be used when communicating with other devices on
the infrastructure link or outside the Thread mesh.
This commit addresses this by implementing address labeling:
1. Modifying `UpdateUnicastLinux` in `src/posix/platform/netif.cpp`
to stop marking mesh-local addresses as deprecated. They are now
added as preferred addresses.
2. Implementing `AddAddressLabel` and `DeleteAddressLabel` to manage
address labels via netlink (RTM_NEWADDRLABEL/RTM_DELADDRLABEL).
3. Calling `AddAddressLabel` when a mesh-local address is added to
assign a specific label (99) to the Mesh-Local Prefix.
This ensures that the kernel prefers the ML-EID for destinations
sharing the same label (i.e., within the Thread mesh), while
avoiding its use for external traffic where other addresses with
standard labels would be a better match.
Issue: 8443
It seems that frames which are received through TREL do not have a
priority field. This creates quite some log noise when having notice log
level enabled. Lower this log entry to debug level.
This commit combines simulation-1.1.yml and simulation-1.4.yml into
a single simulation.yml workflow.
The combined workflow includes:
- ot-commissioner (from 1.1)
- simulation-local-host (from 1.1)
- channel-manager-csl (from 1.4)
- expects (renamed from 1.4's expects)
The expects job from 1.1 is removed as requested. The jobs now rely
on the project's default THREAD_VERSION instead of explicitly
setting it in the environment. Artifact naming is updated to ensure
unique coverage files are generated and correctly merged by the
unified upload-coverage job.
This commit removes the thread-cert job from the POSIX GitHub Actions
workflow. These tests have been migrated to the Nexus test framework.
The removal of the thread-cert job simplifies the POSIX workflow and
relies on the Nexus-based tests for validating Thread stack behavior.
This commit adds a new Nexus test (`test_mlr_redundant.cpp`) to verify
that the MLR manager correctly handles registrations when multiple
entities (e.g., a parent router and its children) subscribe to the
same multicast address, without sending redundant requests.
The test sets up a topology with a Primary Backbone Router, an FTD
Router, and three SEDs. The Router and SEDs all subscribe to the same
multicast address. The Router then subscribes to 14 additional unique
multicast addresses to exceed the single CoAP message payload limit
(`kMaxIp6Addresses`).
A CoAP interceptor is registered on the Backbone Router to parse
incoming `MLR.req` messages and count the number of times the shared
multicast address is included in the payload. The test verifies that
the shared address is requested exactly once, ensuring that fragmented
state tracking does not lead to duplicate registrations.
In CliUartOutput, if otPlatUartFlush() fails when trying to send
buffered output to make room for new output, it logs a warning using
otLogWarnPlat. However, this warning is added to the same full
buffer, which does not help and can cause further issues.
This commit removes the offending log line as suggested in issue #7478.
This commit simplifies the tracking of Multicast Listener Registration
(MLR) state for IPv6 addresses by removing intermediate states and
relying on the original CoAP request payload.
Previously, `Mlr::Manager` used a 3-state system (`kStateToRegister`,
`kStateRegistering`, `kStateRegistered`) which required core structures
like `Child` and `Netif` to track transient registration states.
This commit reduces the state to a single boolean (`IsMlrRegistered`)
tracked in `ChildTable` and `ThreadNetif`. When a CoAP response is
received, `Mlr::Manager` now uses `GetDispatchingRequest()` to
retrieve the original TMR MLE request message, parses the
`Ip6AddressesTlv` to determine exactly which addresses were included
in the request, and updates the registration states based purely on
this info (minus any explicitly failed addresses).
This change improves robustness, reduces RAM usage by eliminating
state-tracking arrays, and significantly cleans up the logical flow
within the MLR manager.
There exists a NULL-byte OOB in the spinel logging. The initial stack
buffer is initialized with an extra byte for the NULL-byte. However,
the full size is passed into `spinel_datatype_unpack_in_place()` which
interprets it as the valid writable size (`require_action(NULL !=
block_len_ptr && *block_len_ptr >= block_len, bail, (ret = -1, errno =
EINVAL));`).
When `block_len` is the length of the buffer, the NULL-byte write
after the function call will be OOB.
This commit moves the `AddressArray` class out of the `Mlr::Manager`
and into a dedicated `mlr_types.hpp` file as `Mlr::AddressArray`. This
decouples the type from the manager, making it available for broader
use across the module.
Additionally, the logic for parsing the `Ip6AddressesTlv` is extracted
from `Mlr::Manager::ParseResponse()` into a new `FindIn()` method on
the TLV class itself. This centralizes the TLV parsing logic within
the TLV class, which is more idiomatic. The `FindIn()` method also
provides a safety guarantee by clearing the output `AddressArray` if
parsing fails.
The build system configurations (`BUILD.gn` and `CMakeLists.txt`) are
updated to include the newly added `mlr_types.cpp` file. Doxygen
documentation is also provided for the new types and methods.
This commit updates `CoapBase::PendingRequests` to track the request
currently being processed during callback invocation via the new
`mDispatchingRequest` pointer.
It also introduces `GetDispatchingRequest()` which returns a copy of
the original request `Message`. This enables response handler
callbacks to inspect the original request (for example to read
specific TLVs). The method is restricted to confirmable requests and
must only be called from within the context of a response handler.
The method `InvokeResponseHandler` is renamed to `DispatchResponse`
to align with the new nomenclature.
This commit enhances the radio URL parsing logic to detect and fail
when unused parameters are provided in the URL. This prevents typos
or unsupported parameters from being silently ignored.
The following changes were made:
- Updated ot::Url::Url to track parameter usage by appending a
trailing '&' delimiter in Init() and replacing it with '\0'
in GetValue() when a parameter is matched. This marks the
parameter as used and removes any limit on the number of
trackable parameters.
- Added a Validate() method to ot::Url::Url to verify that all
parameters in the query string were accessed.
- Refactored ot::Posix::Radio to share a single RadioUrl instance
with SpinelManager, ensuring all components track usage on the
same URL object.
- Integrated Validate() calls in otSysInit() and platformTrelInit()
to perform validation after all platform components have been
initialized.
- Updated Radio::ProcessMaxPowerTable to use a local copy of the
parameter string to avoid premature modification of the URL buffer.
- Adjusted RadioUrl and unit tests to provide sufficient buffer
space for the additional tracking delimiter.
- Added new unit tests in tests/unit/test_url.cpp to verify the
usage tracking and validation logic.
This commit removes the `CheckInvariants()` method and all its calls
from `Mlr::Manager`.
The `CheckInvariants()` method verified internal state consistency
by checking the `kStateRegistering` status of multicast addresses
against variables like `mPending` and `mSendDelay`. As the MLR module
is being prepared for upcoming structural updates, including changes
to how address states and delays are tracked, these specific invariant
checks are no longer applicable. Removing them clears the way for
the planned redesign of the MLR state machine.
This commit introduces a cap on the number of concurrently scheduled
discovery responses in `Mle::DelayedSender`.
By adding the `CountMatchingSchedules()` method, we can now track how
many discovery responses are currently queued. The newly defined
constant `kMaxScheduledDiscoveryResponse` sets this limit to 16. If
the limit is reached, further `ScheduleDiscoveryResponse()` requests
are ignored.
This change protects the device from resource exhaustion (RAM, CPU,
and network) if it is flooded with discovery requests, preventing
potential Denial of Service (DoS) conditions.
This commit introduces the `Deprecate()` method in the `OnLinkPrefix`
class. This method properly deprecates an on-link prefix by setting
its preferred lifetime to zero and bounding the remaining valid
lifetime to a maximum of two hours from the current time.
Previously, `RxRaTracker` only called `ClearPreferredLifetime()`,
which left the valid lifetime unchanged. By replacing
`ClearPreferredLifetime()` with the new `Deprecate()` method, we
ensure that the valid lifetime of deprecated prefixes is also
bounded.
This change ensures that if a router is deemed unreachable, its
on-link prefixes will live for a maximum of 2 more hours. This
allows the state associated with an unreachable router to age out
more quickly, even if the router had previously advertised the on-link
prefix with long valid lifetime.
This commit simplifies the logic for limiting the number of messages
tracked in `MultiPacketRxMessages`.
It introduces a new cap, `kMaxRxMsgEntries` (set to 64), to restrict
the total number of unique `RxMsgEntry` items being tracked,
preventing unbounded memory growth. Additionally, the existing
message limit per entry is renamed from `kMaxNumMessages` to
`kMaxNumMessagesPerEntry` and moved within the `RxMsgEntry` scope.
The manual `for` loop used to count existing messages in
`RxMsgEntry::Add` is replaced with a clean check using
`CountAllEntries()`.
This commit simplifies the `Mlr::Manager::ParseResponse()` method and
improves its robustness.
Specific improvements include:
- Initializing the local `error` with the CoAP response result and
using `SuccessOrExit()` to cleanly handle transport-layer failures.
- Simplify parsing of of `Ip6AddressesTlv`, ensuring duplicate entries
are added only once in the `aFailedAddresses` array.
- Remove redundant `Ip6AddressesTlv` TLV length checks. Same checks are
now performed as IPv6 addresses are read from the TLV value.
- Updating `AddressArray::AddUnique()` to return an `Error`,
- Consolidating the logging logic directly into `ParseResponse()`,
removing the separate `LogResponse()` helper method.
- Explicitly clearing the `aFailedAddresses` array at the beginning of
the parsing process.
This commit refactors the logic for scheduling Multicast Listener
Registration (MLR) delays by replacing `UpdateReregistrationDelay(bool)`
with a new, more expressive method: `ScheduleNextRegistration()`.
The new method takes a `RegistrationRequest` enum (`kReregister` or
`kRenew`), clearly distinguishing between the two different scheduling
scenarios:
- `kReregister`: Triggered after re-attaching or when a Primary BBR
is added/updated. This schedules a rapid registration attempt
using a random delay between 1 and the configured BBR
reregistration delay.
- `kRenew`: Triggered periodically. This schedules a standard
registration renewal using a delay randomized between half the MLR
timeout and the timeout minus a 9-second guard time
(`kRenewGuardTime`), as mandated by Thread Spec.
This change also introduces constants for `kLongRenewTimeout` and
`kRenewGuardTime` to replace magic numbers, improving overall code
readability and maintainability.
This commit introduces an opaque `otCliInterpreter` type and a set of
new public C CLI APIs (e.g., `otCliInterpreterInit()`,
`otCliInterpreterInputLine()`) to support multiple, dynamically
allocated CLI interpreters per OpenThread instance.
This architecture allows applications to instantiate and manage
multiple concurrent CLI sessions. Backward compatibility is preserved
by retaining the original `otCli*` APIs, which now interact with a
single built-in static interpreter.
The `OPENTHREAD_CONFIG_CLI_STATIC_INTERPRETER_ENABLE` configuration
is also added. It enables support for the static interpreter and is
enabled by default. It can be disabled to save RAM in deployments
that solely use the multi-interpreter APIs.
There exists a stack OOB read in `tryProcessIcmp6RaMessage()`. The bug
originates from the posix packet processing in
`processTransmit()`. When an ICMPv6 RA packet is sent, this triggers
`tryProcessIcmp6RaMessage()`, which calculates: `raLength = length +
(ra - data)`
However, the length passed is the packet size, which can go up to the
`char packet[kMaxIp6Size];` stack buffer size. The correct calculation
is `raLength = length - (ra - data)`.
This small mistake can make `raLength` larger than the total stack
buffer size, causing a read OOB during RA processing in
`otPlatBorderRoutingProcessIcmp6Ra()`.
This commit introduces a recursion depth limit of 4 in
Ip6::HandleDatagram to prevent unbounded stack recursion from deeply
nested IPv6-in-IPv6 tunnel packets (NextHeader = 41).
This mirrors the safety limit fix implemented in the 6LoWPAN layer
decompress path (issue #12669).
A new Nexus test case `ipv6_recursion` has been added to construct
and verify that packets exceeding the depth limit are correctly
dropped with kErrorDrop, while valid nesting depth succeeds.
Key changes:
* Added `mle_router_role_allowed` nexus test, which includes a test of
the correct type of advertisement used by each type of node.
* Updated the `router_downgrade_on_sec_policy_change` nexus test
to also test changes of the Router role allowed/disallowed when
multiple factors are changed
* Updated checks in `verify_1_1_5_3_6.py` to verify that only Router
advertisments are sent during the test, to verify that REED
advertisements are not sent unless the unit is no longer
attempting to upgrade
Every DTLS ClientHello from an unseen port previously allocated a
dynamic CoapDtlsSession on the heap before DTLS cookie verification.
This allowed multiple connection attempts to leave allocated sessions
active indefinitely, leading to high memory utilization.
To resolve this:
- Enforce a 15-second handshake timeout on newly allocated sessions.
Connecting sessions that do not successfully finish the handshake
within 15 seconds are cleanly disconnected and freed.
- Enforce a session limit cap of 16 concurrent secure sessions on the
Border Agent. Reaching this limit immediately rejects new session
connection requests before triggering heap allocation.
- Implement Nexus test case TestBorderAgentSessionsLimit to robustly
verify both session limit rejection and handshake timeout behavior.
This commit adds support for IPv6 loopback address (::1) in the
simulation platform. When the local interface is set to the IPv6
loopback address, it uses the interface-local multicast group
(ff01::116) instead of the link-local group (ff02::116) for
node-to-node communication.
It also ensures that the `sin6_scope_id` is correctly set for the
loopback address in the transmission socket.
This commit fixes a deterministic null-pointer dereference in
CoapBase::ProcessBlock2Request when receiving a Block2 request
with block number greater than 0 without a preceding active
blockwise transfer.
Previously, when mLastResponse was null, the option copying logic
would unconditionally attempt to initialize the iterator with a
dereferenced mLastResponse pointer (iterator.Init(*mLastResponse)),
causing a segmentation fault crash.
This fix inserts a VerifyOrExit check on mLastResponse inside
ProcessBlock2Request. If mLastResponse is null, it returns the
kErrorNoFrameReceived error code. In ProcessBlockwiseRequest, this
is mapped to a 4.08 Request Entity Incomplete response, matching the
spec-compliant error handling behavior of Block1.
An automated reproduction and verification test case has also been
added to tests/nexus/test_coap_block.cpp.
This commit fixes the occasional/flaky failure of the Nexus test
1_1_5_8_4 by addressing a joiner expiration issue and strictly
verifying MLE Discovery Responses.
In test_1_1_5_8_4.cpp, the joiner was added with a timeout of 100s in
Step 1. However, the total simulated elapsed time before Step 11
(when the joiner is checked) is exactly 104s. This causes the
joiner to expire occasionally/consistently, resulting in the Leader
skipping the MLE Discovery Response in Step 12.
We increase the joiner timeout to 1000s so that it stays active
throughout the test. In addition, we update verify_1_1_5_8_4.py to
strictly verify the Step 12 Discovery Response and perform packet
matching chronologically rather than relying on seeking backward to
idx10.
This commit introduces a new static helper method,
`Manager::DidRegisterSuccessfully()`, to evaluate whether a specific
multicast address was successfully registered based on the MLR response
status and the list of failed addresses.
Previously, this evaluation logic was duplicated and inline within
`Manager::Finish()` using the expression:
`success = aSuccess || !aFailedAddresses.IsEmptyOrContains(addr)`.
This logic was not immediately intuitive and required reasoning through
the boolean conditions to understand the intended behavior.
Extracting this into a dedicated helper method improves code
readability and maintainability. It simplifies `Finish()` by
clearly separating the outcome evaluation from the actual state
transition logic (`kStateRegistering` to `kStateRegistered` or
`kStateToRegister`).
Additionally, the unused `AddressArray::IsEmptyOrContains()` method
has been removed.
This commit introduces a new helper method, `RxFrame::IsSecuredWith()`,
which allows callers to cleanly verify if a received MAC frame has
security enabled and uses a specific set of allowed Key ID Modes.
This eliminates redundant logic in `ThreadLinkInfo::SetFrom()`, where
the code previously had to manually check `GetSecurityEnabled()`,
extract the Key ID Mode, and validate it against `kKeyIdMode0` or
`kKeyIdMode1`. Mac::ProcessCsl()` is updated to use this new method
to cleanly enforce that CSL IE processing only occurs on frames
secured with Key ID Mode 1
Crucially, this commit also updates `DataPollHandler::HandleDataPoll()`
to use this new helper. Previously, it only checked if the frame
was secured (`GetSecurityEnabled()`), which would accept frames
using any Key ID Mode (including mode 2 with fixed/known keys). By
restricting the data poll handling to only accept Key ID Mode 1, we
ensure that data polls are only processed if they are secured with
a valid Thread network key.
This commit updates `Ip6::Filter::Apply()` to remove the exception
that allowed all unsecure link-local IPv6 datagrams to pass through
when the Thread role was disabled (e.g., when the interface is up
but Thread has not yet started).
By removing this check, the device now consistently enforces strict
port filtering at all times. Only explicitly allowed traffic, such
as MLE messages, commissioner traffic, or user-configured unsecure
ports, will be permitted, improving the overall security posture
regardless of the current Thread role state.
For testing and backward compatibility on reference devices, the
`mAllowUnsecureWhenDisabled` flag is introduced (available when
`OPENTHREAD_CONFIG_REFERENCE_DEVICE_ENABLE` is enabled). This allows
the legacy behavior to be restored via the new public APIs
`otIp6SetAllowUnsecureWhenDisabled()`. The new APIs are also provided
in CLI under `unsecureport allwhendisabled` command.
This commit introduces a new private helper method, `ShouldRegister()`,
to the `Manager` class. This method consolidates the checks required
to determine if the device should perform MLR.
This commit introduces the `KeyManager::ClearKek()` method, which clears
the `Kek` and resets the `mIsKekSet` flag.
The KEK is a temporary key used during the commissioning and entrust
phases. To improve security and key hygiene, this commit updates the
`Joiner` and `JoinerRouter` to explicitly clear the KEK once these
operations have concluded.
Specifically:
- `Joiner::Finish()` clears the KEK when finishing in `kStateEntrust`
or `kStateJoined`.
- `JoinerRouter::HandleJoinerEntrustResponse()` clears the KEK
immediately upon handling the entrust response, before scheduling
any delayed entrusts (which set their own KEK from metadata).
This commit removes a redundant `static_cast<const uint8_t *>` when
calling `Tlv::Append<Ip6AddressesTlv>()` in `SendMlrRequest()` in
`test_1_2_MATN_TC_21.cpp`. Since the method accepts `const void *`
as its value argument, the explicit cast is unnecessary and can be
safely removed to simplify the code.
This commit updates the `ContextTlv::IsValid()` method to reject
Context TLVs that specify a Context ID of zero.
According to the Thread specification, Context ID 0 is reserved for
the Mesh-Local Prefix and should not be distributed in the Network Data.
Adding this check ensures that such invalid TLVs are correctly
identified as malformed and dropped during Network Data processing.
This commit updates `AdvertisingProxy::CopyNameAndRemoveDomain()` to
properly handle potential errors returned by `Dns::Name::ExtractLabels()`.
Previously, any error returned by `ExtractLabels()` was ignored, which
could leave the output name buffer in an indeterminate state. With this
change, if extracting the labels fails, the name buffer is explicitly
cleared by setting its first character to `kNullChar`.
This prevents subsequent code from using uninitialized or partially
written data in the event of a parsing or buffer size error.
This commit resolves the flaky test failures occasionally observed
in the history_tracker Nexus test during ping verification.
The flakiness was caused by two primary issues:
1. Concurrent background Thread control traffic (e.g. multicast
Hop-by-Hop Options packets) sometimes interleaving with the Echo
Request pings, polluting the HistoryTracker queues and causing
the strict chronological checks to fail.
2. The FTD child node upgrading to a Router due to the
TooFewRouters network threshold rule, which dynamically changed
its RLOC16 and caused NeighborRloc16 history checks to fail.
To fix these, we:
1. Set the child node's router eligibility to false after joining
to prevent any unwanted topology changes or Rloc16 updates.
2. Refactored the strict Leader TX and Child RX chronological checks
with robust iterative loops filtering specifically for the
OT_ICMP6_TYPE_ECHO_REQUEST packets.
Verified 100% stable after executing a loop of 50 successful runs.
This commit enforces strictly in-order IPv6 fragment reassembly
in the core stack to improve reassembly robustness and correctness.
Previously, the reassembly engine did not track contiguous bytes
received. An out-of-order or gapped fragment containing the M=0
flag could incorrectly trigger reassembly completion, potentially
leading to the forwarding or processing of incomplete packets.
To resolve this, we now:
1. Enforce that reassembly must start with a fragment offset
of 0.
2. Verify that any subsequent fragment aligns perfectly with the
offset where the contiguous payload data currently ends
(`offset == message->GetOffset()`).
3. Safely advance `message->GetOffset()` as each fragment is
successfully appended to keep track of the contiguous
reassembled byte range.
4. Added a robust Nexus test case verifying that gapped
reassembly is properly dropped and blocked.
This strictly in-order validation approach is consistent with the
preexisting 6LoWPAN fragment reassembly in MeshForwarder.
This commit adds aRecursionDepth tracking and limit check in
Lowpan::Compress methods to prevent excessive recursive stack usage
from recursive compression of highly nested IP-in-IP headers.
Specifically:
- Threads aRecursionDepth parameter through 3-arg and 4-arg (now
5-arg) Compress wrappers.
- Enforces aRecursionDepth <= kMaxRecursionDepth (4) in Compress.
- Increments recursion depth on nested IP-in-IP calls (Ip6::kProtoIp6).
- Adds a Nexus integration test to verify that highly nested packets
are compressed up to the threshold limit, and successfully fall back
to uncompressed inline transmission without excessive stack usage.
This commit adds validation to ensure that Key ID Mode 0 (implied KEK)
secured frames are only accepted if a KEK is configured. If KEK is not
configured, the frame is rejected.
Specifically:
- Added `mIsKekSet` boolean member variable to `KeyManager` to track
KEK status.
- Implemented `KeyManager::IsKekSet()` to check if a KEK is
configured.
- Enforced a guard in `Mac::ProcessReceiveSecurity()` under
`kKeyIdMode0` to immediately reject incoming frames with
`kErrorSecurity` when the KEK is not configured.
- Added unit test `TestKeyManagerKek()` in `test_pskc.cpp` to
verify that `IsKekSet()` transitions from `false` to `true` as
expected.
This commit resolves an issue in HandleAddressSolicitResponse where
a malformed or invalid leader-supplied Router ID Mask omitting the
leader ID could trigger an assertion.
When a node receives an Address Solicit Response, it installs the new
router ID mask. If the leader's router ID is missing from the mask,
the Router entry for the leader is removed from the local router table.
Subsequently, when the node tries to ensure it has a valid next hop
and cost towards the leader, `mRouterTable.GetLeader()` returns `nullptr`,
leading to an `OT_ASSERT(leader != nullptr)` failure or a null-pointer
write when assertions are disabled.
This is resolved by safely verifying that the leader's router ID is
indeed present in the received router ID mask before applying the
routing update, ensuring `GetLeader()` is guaranteed to find it.
This commit updates `Mac::ProcessCsl` to explicitly verify that CSL IE
data frames are secured using `KeyIdMode1` (utilizing the network key
and per-neighbor frame counter freshness checks).
Fix a double-free of `mSavedResponse` in `Dns::Client` when processing
duplicate DNS responses matching an active query.
When an SRV/TXT query needs to resolve a host address (AAAA), the DNS
client allocates a chained `newQuery` to handle it. If duplicate
responses are processed before the query chain is finalized, they
trigger multiple AAAA resolution allocations for the same parent query.
Because the new query inherits `mSavedResponse` from the parent query's
`QueryInfo`, multiple chained queries end up aliasing/sharing the same
cloned `mSavedResponse` message. During finalization, `FreeQuery`
walks the chain and frees `mSavedResponse` for each query, leading to
a double-free of the shared `Message` and free-list/heap corruption.
This commit resolves the issue by:
1. Rejecting duplicate responses early in `ParseResponse` if a response
has already been received and saved for the query
(`info.mSavedResponse != nullptr`), returning `kErrorDrop`.
2. Initializing the `mSavedResponse` field of the `QueryInfo` struct
to `nullptr` before allocating the host resolution query (`newQuery`)
to prevent it from inheriting a potentially non-null saved response
from its parent.
This commit add a `OutputResult()` wrapper method in the `Utils` base
class.
Previously, several CLI sub-modules (`Dns`, `History`, `LinkMetrics`,
`MeshDiag`, and `PingSender`) implemented their own `OutputResult()`
wrappers that simply delegated to the `Interpreter`. Since all these
sub-modules inherit from `Utils`, this functionality is now provided
directly by the base class, removing redundant code and simplifying
the sub-module implementations.
This commit introduces the `Mlr` namespace to encapsulate all
Multicast Listener Registration related types and logic, improving
overall code organization and readability.
The following primary renames were performed:
- `MlrManager` to `Mlr::Manager`
- `MlrState` to `Mlr::State`
- `MlrStatus` to `Mlr::Status`
- Constants like `kMlrSuccess` to `Mlr::kStatusSuccess`
Additionally, methods within the newly scoped `Mlr::Manager` class
have been simplified by removing redundant `Mlr` prefixes (e.g.,
`SendMlr()` is now `Send()`, `FinishMlr()` is now `Finish()`).
External modules and tests have been updated to reference the new
scoped names.
This commit extracts the logic for appending an `Ip6AddressesTlv` into
a new `static` helper method, `Ip6AddressesTlv::AppendTo()`.
Previously, multiple locations in the codebase manually managed the
TLV construction and appending. This change centralizes this logic,
simplifying the call sites in `BackboneRouter::Manager` and
`MlrManager`.
RFC 7731 Section 4 specifies that the MPL Option MUST only reside
within a Hop-by-Hop Options extension header. However, previously,
Ip6::HandleOptions processed MplOption::kType regardless of whether the
enclosing header was Hop-by-Hop or Destination Options.
This commit fixes the issue by adding a boolean parameter to
Ip6::HandleOptions indicating if the enclosing header is Hop-by-Hop.
MplOption::kType is now only processed if this parameter is true.
If the MPL Option is encountered in a Destination Options header,
it is treated as unrecognized, and because its type action mandates
discarding the packet, the datagram is dropped safely.
Gate `MeshForwarder::UpdateEidRlocCacheAndStaleChild` on link
security, ensuring that the received frame has security enabled.
Adding the link security check ensures that only fully authenticated
data frames (successfully decrypted and verified at the MAC layer)
can influence the EID-to-RLOC cache and the child table states.
Host-untrusted IP-in-IP packets could reach the local TMF socket
without the intended port checks on the receive path if destined to
the Border Router's own OMR address with an inner destination set to
the Thread-side link-local address. When the outer message is
decapsulated, it recurses through the IPv6 stack receive path while
retaining its HOST_UNTRUSTED origin, but local UDP socket dispatching
lacks equivalent origin checks.
This commit introduces a validation check in Ip6::HandleDatagram to
immediately drop any message from a host-untrusted origin with a
next header of kProtoIp6 (IP-in-IP encapsulation). This securely
prevents this receive-path processing and the corresponding
forwarding behavior.
Added the tmf_origin Nexus integration test to verify that
host-untrusted IP-in-IP packets are successfully dropped by
returning kErrorDrop.
This commit reorganizes the `Node` class declaration in
`nexus_node.hpp` to improve readability and maintainability.
The methods and members are now logically grouped into marked
sections.
This commit removes an overly strict `OT_ASSERT` on child state
validity inside `ProcessAddressRegistrationTlv`.
When a valid child transitions to a link-reestablishment state
(e.g., `kStateChildUpdateRequest` or `kStateChildIdRequest`) with
registered MLR addresses, its MLR registered set is preserved. The
subsequent processing of the Child Update Response or Child ID Request
causes `ProcessAddressRegistrationTlv` to be invoked while the child
is not yet back in `kStateValid`, which triggers the assertion on the
parent router/leader.
Since the parsing logic and `MlrManager` handle non-valid child states
gracefully, this assertion is deleted.
This commit updates Tmf::Agent::Filter to require link-layer security
for all incoming TMF requests.
Thread Management Framework (TMF) messages are used for network
management and configuration. The Thread specification requires that
all TMF messages be secured. While individual handlers often have
specific checks, enforcing this at the TMF Agent level provides a
consistent security layer for all TMF traffic.
For most TMF messages, security is provided by the Network Key. For
commissioning-related messages (like Joiner Entrust), security is
provided by the Key Encryption Key (KEK). In all cases, a valid TMF
message must have link-layer security enabled.
This change prevents unauthenticated attackers from sending unsecured
TMF messages to manipulate network state or configuration.
This commit fixes an issue where a tasklet could not be successfully
unposted if it was already scheduled for execution in the current
event loop iteration.
Previously, `Scheduler::ProcessQueuedTasklets()` copied and cleared the
queued tasklets before running them. If a running tasklet called
`Unpost()` on another tasklet that was also in the copied list, the
unpost operation would fail to remove it because it only checked the
main queue.
To address this, the `Scheduler` now explicitly maintains two separate
queues: `mPostedQueue` and `mRuningQueue`. The `Tasklet::Unpost()`
method is updated to remove the target tasklet from both queues,
ensuring it is correctly dequeued even if it is pending in the running
list.
The queue logic is encapsulated into a nested `Queue` class to manage
the circular singly linked-list operations cleanly. Additionally, unit
tests are expanded to cover scenarios where tasklets post or unpost
other tasklets during execution.
This commit adds an explicit check in Joiner::HandleTmf<kUriJoinerEntrust>
to verify that the received message has link-layer security enabled.
According to the Thread specification, the Joiner Entrust message MUST
be protected by link-layer security using the Key Encryption Key (KEK).
Previously, this check was missing, allowing an unauthenticated
attacker to send unsecured Joiner Entrust messages. Such messages
could inject invalid network configuration, causing the device to
fail to attach to the correct network after a reboot.
By verifying IsLinkSecurityEnabled(), we ensure that the message
was successfully decrypted using the KEK (since the network key is
not yet known by the Joiner), thus authenticating the sender as the
valid Commissioner or Joiner Router.
This commit updates the `Interpreter::SetUserCommands()` method to
detect if a set of CLI commands is already registered. If a duplicate
registration is detected, the method now returns `OT_ERROR_NONE` and
exits early without consuming an additional slot in the user commands
table. It also ensures that `OT_ERROR_FAILED` is only returned when
there are no available slots for a new registration.
This commit simplifies the `MlrManager::SendMlrMessage()` method by
removing the `void *aContext` parameter.
Previously, all callers (`SendMlr()` and `RegisterMulticastListeners()`)
were passing `this` as the context for the CoAP response handler. The
context is now passed directly as `this` when invoking
`Tmf::Agent::SendMessageTo()`, removing the need to thread it through
the method arguments.
This commit updates the way Route TLV is constructed and appended to
messages. Previously, a `RouteTlv` object with a large fixed-size
`mRouteData` array was allocated on the stack, filled by
`RouterTable`, and then appended to the message.
To simplify the code and improve efficiently a new helper method
`RouterTable::AppendRouteTlv()` is introduced which appends the TLV
content directly in the `Message`. It uses `Tlv::StartTlv()` and
`Tlv::EndTlv()` to encapsulate the `RouterIdMask` and the iteratively
appended route data entries.
A helper method `RouteTlv::AppendRouteDataEntry()` is added which
handles encoding and adding a Route Data Entry, including the the
bit-packing logic(the staggered 1.5-byte packing under
`OPENTHREAD_CONFIG_MLE_LONG_ROUTES_ENABLE`).
This commit removes several simulation test jobs from the GitHub Actions
workflows, specifically 'simulation-1.1.yml' and 'simulation-1.4.yml'.
The following jobs were removed:
- packet-verification
- cli-ftd
- cli-mtd
- cli-time-sync
- thread-1-4
These tests have been migrated to the Nexus test framework, which
allows for more efficient and scalable network simulations by
running multiple OpenThread nodes within a single process.
This commit simplifies the `MulticastListenersTable` by replacing the
custom heap-based sorting logic with a standard `Array` and integrating
an internal `TimerMilli` (`mTimer`) to handle entry expirations.
Previously, the table maintained a min-heap based on expiration times
(`FixHeap`, `SiftHeapElemDown`, `SiftHeapElemUp`) and required
external calls to `Expire()` every second. The new implementation
uses `mListeners.FindMatching()` and `mListeners.RemoveAllMatching()`,
significantly reducing code complexity and maintenance overhead.
The unit tests in `test_multicast_listeners_table.cpp` are also updated
to reflect the simplified model
This commit updates the CLI sub-modules to use a new, non-static
`GetInterpreter()` method provided by the `Utils` base class, rather
than relying on the static `Interpreter::GetInterpreter()` which
returns a global singleton.
The `Utils::GetInterpreter()` method downcasts its associated
`OutputImplementer` reference to the specific `Interpreter` instance
it belongs to. `OutputImplementer` is a base class of `Interpreter`.
This change is a step towards adding support for multiple CLI
interpreters (per OpenThread instance).
Additionally, the `OutputImplementer` constructor is made `protected`
as it is intended to serve as a base class.
This commit refactors the instance allocation logic in `Instance` to
use `constexpr size_t` constants replacing the preprocessor macros
(`OT_DEFINE_ALIGNED_VAR` and `OT_ALIGNED_VAR_SIZE`).
The new constants `kInstanceSizeInUint64s` and
`kMultiInstanceSizeInUint64s` provide better type safety and are more
idiomatic C++. The raw storage arrays (`gInstanceRaw` and
`gMultiInstanceRaw`) are now explicitly defined as `uint64_t` arrays
using these calculated sizes.
Additionally, this commit introduces `kNumStaticInstances` to represent
the configured number of multiple static instances.
This commit introduces the `RoleTransitioner` class (renamed from
`RouterRoleTransition`) to centralize the management of router role
eligibility, thresholds, and transitions.
The following state and logic are moved from the `Mle` class into
the `RoleTransitioner`:
- Router role eligibility and allowance state (`mRouterEligible`,
`mRouterRoleAllowed`).
- Upgrade and downgrade thresholds.
- Downgrade blocking state (`mDowngradeBlocked`).
- Transition decision logic (`DecideWhetherToUpgrade()`,
`DecideWhetherToDowngrade()`).
- The transition jitter timer and its management.
By consolidating these responsibilities, the complexity of the main
`Mle` class is reduced, and the role transition process is more
explicitly managed within its own sub-component.
This commit updates `Trel::Link::ProcessReceivedPacket()` to move
channel mismatch validation until after the acknowledgment logic.
TREL ACKs serve as a mechanism to monitor link status between peers.
By deferring the channel check, we ensure that TREL packets requiring
an acknowledgment are correctly acknowledged at the TREL layer even
if they are not further processed.
A primary use case is the MLE Announce message, which is sent on a
different channel as a broadcast. At the TREL layer, this broadcast
is converted to unicast TREL packet transmissions to each peer on the
same PAN, with packets marked to request a TREL ACK. This change
ensures the receiving TREL peer sends an ACK for such packets,
maintaining link monitoring, while still dropping the packet at the
TREL link layer due to the channel mismatch.
When uart-exclusive is specified as a radio URL parameter, the UART
device is locked using flock(LOCK_EX) to prevent concurrent access,
and TIOCEXCL is set where supported.
This commit implements rate limitation for the TCAT commands Present
PSKd Hash TLV (0x10), Present PSKc Hash TLV (0x11) and Present
Install-code Hash TLV (0x12) to prevent password guessing attacks.
It also removes the TCAT command Request PSKd Hash TLV (0x14), to
prevent offline password guessing attacks with a single Hash value
retrieved from the device.
Note: The commit does not remove the Request PSKd Hash TLV
implementation in the Python commissioner such that the non-existence
of the command TLV can still be tested.
This commit enhances MLE where a full Route TLV could be appended to
a Link Accept message sent to a child neighbor, potentially leading
to a message requiring lowpan fragmentation.
Previously, `Mle::SendLinkAccept()` relied on a `Router` pointer to
determine whether to use a full or compact Route TLV. When the Link
Request originated from a child, this pointer was null, causing a
full Route TLV to be used.
The changes in this commit include:
- Updating the `LinkAcceptInfo` struct to track the RLOC16 of the Link
Request sender.
- Updating `Mle::TxMessage::AppendRouteTlv()` and adding
`AppendCompactRouteTlv()` to replace the previous single method that
took a `Neighbor` pointer. This makes the intent clearer and
supports both router and child neighbors.
- Updating `RouterTable::FillRouteTlv()` to take an RLOC16 instead of
a `Neighbor` pointer. It uses `Mle::RouterIdFromRloc16()` to ensure
that if the destination is a child, its parent's Router ID is
included in the compact Route TLV.
- Includes new Nexus test `test_compact_route_tlv` to validate the
use of compact Route TLV in Link Accept.
This commit removes the test_ping.py test file from the
thread-cert test suite.
The ping functionality tested by this file is already
well covered by existing Nexus tests (e.g.,
test_ipv6_source_selection.cpp, test_radio_filter.cpp),
so this file is no longer needed.
This commit migrates the test_history_tracker.py test
from the thread-cert test suite to the Nexus test
framework as a new C++ test.
The new C++ test, test_history_tracker.cpp, covers:
- Role changes (detached -> leader -> disabled)
- NetInfo age up to 49 days
- Child mode Rn changes
- Ping between leader and child, verifying message
types, checksums, priority, and success flags
It directly uses HistoryTracker::Local methods instead
of the C APIs.
This commit introduces `NeighborTable::Iterator` and
`NeighborTable::kIteratorInit` as core type aliases for
the public `otNeighborInfoIterator` and its initializer
`OT_NEIGHBOR_INFO_ITERATOR_INIT`.
This commit adds a new Nexus test `TestFedRxOnlyLinkEstablishment` to
verify that a Full End Device (FED) successfully establishes rx-only
links with all its neighboring routers in the network.
The test forms a topology with a leader and 15 routers, then adds an
FED child. It uses the `NeighborTable` callback to track the addition
of routers to the FED's neighbor table and ensures that it
eventually establishes links with all available neighboring routers.
This commit renames the local variable `aKeyType` to `keyType` in
`Radio::SetMacKey()` to align with the project's naming conventions.
The `a` prefix is reserved for function arguments, while local
variables use `lowerCamelCase` without a prefix.
This commit migrates the functionality covered by
`tests/scripts/thread-cert/test_radio_filter.py` to a new Nexus test
`tests/nexus/test_radio_filter.cpp`.
The new test covers:
- Initial state of radio filter (disabled).
- Enabling radio filter on Router blocks pings.
- Disabling radio filter on Router restores pings.
- Enabling radio filter on SED causes it to detach.
- Disabling radio filter on SED allows it to reattach.
To make the test pass in Nexus, the following fixes were applied:
- Set external poll period to 40ms for SED to receive ping replies.
- Forced parent search on SED using `BecomeChild()` to avoid long
backoff interval.
The energy scan portion of the original test is skipped because
`otPlatRadioEnergyScan` is not implemented in the Nexus platform.
The original Python test file is removed.
This commit migrates the functionality covered by
`tests/scripts/thread-cert/test_coaps.py` to a new Nexus test
`tests/nexus/test_coaps.cpp`.
The new test covers:
- CoAP Secure with PSK.
- CoAP Secure with X.509 certificates.
The X509 test is conditionally compiled based on
`MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED`.
The original Python test file is removed.
This commit renames the `RouterTable::FindNextHopOf()` method to
`RouterTable::FindNextHopTowards()` to more accurately reflect its
purpose: finding the next hop on the path towards a given destination
router.
This commit migrates the functionality covered by test_coap_observe.py
to the Nexus test framework.
- Enabled OPENTHREAD_CONFIG_COAP_OBSERVE_API_ENABLE in Nexus config.
- Created test_coap_observe.cpp to test CoAP observations and
notifications in a simulated network.
- Handled edge cases in the test to avoid segfaults during cancel
response processing.
- Removed the old Python test test_coap_observe.py.
This commit addresses an occasional failure in test 1_2_MATN_TC_10
where the Router's ping reply was not found in Step 8.
- Increased the time advanced in Step 8 from 10 seconds
(kStabilizationTime) to 20 seconds (2 * kStabilizationTime).
- This allows more time for address resolution (NS/NA) and packet
transmission in the simulated environment.
- Verified that the test passes consistently with 100 consecutive
successful runs after applying this fix.
This commit migrates the functionality covered by test_coap_block.py
to the Nexus test framework.
- Enabled OPENTHREAD_CONFIG_COAP_BLOCKWISE_TRANSFER_ENABLE in Nexus
config.
- Created test_coap_block.cpp to test CoAP GET and PUT block
transfers in a simulated network.
- Removed the old Python test test_coap_block.py.
This commit introduces support for configuring and retrieving a vendor
OUI-24 (Organizationally Unique Identifier). It defines the new
`OPENTHREAD_CONFIG_NET_DIAG_VENDOR_OUI` configuration option and adds
the `otThreadGetVendorOui()` and `otThreadSetVendorOui()` APIs.
When specified, the vendor OUI is included in the `BorderAgent`
mDNS/DNS-SD TXT data under the `vo` key.
The `VendorInfo` class is updated to manage the OUI value. This
commit also adds the `vendor oui` CLI command to get or set this
property. Finally, it updates the tests to validate the presence and
correctness of the new `vo` key in the TXT data.
This commit removes the `OPENTHREAD_CONFIG_MLE_IP_ADDRS_TO_REGISTER`
configuration option and the logic in `Mle` that limited the number of
IPv6 addresses registered by an MTD with its parent.
By removing this limit, MTDs will now attempt to register all their
valid unicast and multicast addresses. The parent router still
enforces its own limit on the number of addresses it accepts and
stores per child via `OPENTHREAD_CONFIG_MLE_IP_ADDRS_PER_CHILD`.
An error check is added to `openthread-core-config-check.h` to inform
users of the removal of this configuration macro.
This commit moves the constants for the minimum and maximum number of
IPv6 addresses allowed in a Multicast Listener Registration (MLR)
request from the `Ip6AddressesTlv` class to `mlr_types.hpp`.
The new constants are named `kMlrMinIp6Addresses` and
`kMlrMaxIp6Addresses`. This change decouples the protocol-specific
limits from the TLV definition, which is more appropriate as these
limits are specific to the MLR process rather than the TLV itself.
The `Ip6AddressesTlv` class is simplified to a `typedef` of `TlvInfo`.
Call sites in `MlrManager`, `BackboneRouter::Manager`, and `NcpBase`
are updated accordingly.
This commit combines the two separate definitions of the `RouteTlv`
class, which were previously conditionally compiled based on the
`OPENTHREAD_CONFIG_MLE_LONG_ROUTES_ENABLE` configuration, into a
single unified class definition.
The `#if`/`#else` preprocessor directives are now localized within the
specific getter and setter methods (e.g., `GetRouteDataEntryCount()`,
`GetRouteCost()`, `SetRouteData()`) to handle the different routing
data formats. This removes significant code duplication for shared
methods such as `Init()`, `IsValid()`, `GetRouterIdSequence()`, and
`IsSingleton()`.
This commit migrates the test_ping_lla_src.py script from thread-cert
to the Nexus test framework.
The new test_ping_lla_src.cpp implements the same test logic:
- Forms a network with a Leader and two Routers.
- Verifies that pings using a Link-Local Address (LLA) as the source
succeed when sent to a neighbor's Mesh-Local EID (ML-EID).
- Verifies that pings using an LLA source fail when sent to a
non-neighbor's ML-EID, as LLAs are only valid for single-hop
communication.
- Verifies that external routes are not used for LLA-sourced packets.
To support this migration, the Nexus Core class was enhanced with:
- Overloads for SendAndVerifyEchoRequest that allow specifying a
source address.
- New SendAndVerifyNoEchoResponse methods to verify that no echo
response is received (useful for negative test scenarios).
Changes:
- Added tests/nexus/test_ping_lla_src.cpp
- Updated tests/nexus/CMakeLists.txt to include the new test.
- Enhanced tests/nexus/platform/nexus_core.hpp/cpp with new helpers.
- Removed tests/scripts/thread-cert/test_ping_lla_src.py.
Add the jlumbroso/free-disk-space action to all jobs in the Nexus
workflow. This ensures that the runner has sufficient disk space to
complete the build and test tasks, preventing failures due to exhausted
disk resources on GitHub-hosted runners.
Added OPENTHREAD_CONFIG_PARENT_SEARCH_BACKOFF_INTERVAL with a value of
10 minutes (10 * 60 seconds) to the Nexus core configuration. This
helps in controlling the backoff behavior during parent search in the
simulator, making it more interactive.
This commit migrates the 'test_pbbr_aloc.py' script from the
thread-cert framework to the Nexus simulation framework.
The new 'test_pbbr_aloc.cpp' replicates the original test:
- Forms a network with PBBR, Leader, and Router nodes.
- Enables Backbone Router (BBR) on the PBBR node and waits for it
to become the Primary BBR.
- Verifies connectivity to the Leader ALOC (0xfc00) and the PBBR
ALOC (0xfc38) from the Router node using ICMPv6 Echo Requests.
- Confirms that the stack correctly uses Network Data for ALOC
resolution.
Nexus tests provide faster and more scalable network simulations
within a single process, improving CI efficiency and reliability.
Original Python script 'tests/scripts/thread-cert/test_pbbr_aloc.py'
is removed as its functionality is now fully covered by Nexus.
This commit migrates the test for DNSSD names with special characters
from the thread-cert functional tests to the Nexus simulation
framework.
The new Nexus test 'test_dnssd_name_with_special_chars.cpp' replicates
the logic from 'test_dnssd_name_with_special_chars.py' and covers:
- SRP service registration with an instance name containing special
and Unicode characters ("O\T 网关").
- DNS-SD browse to discover the service instance.
- DNS-SD resolution of the service instance name, including
verification of case-insensitive resolution.
* [posix] truncate settings file to last valid offset on parse error
When Init() encounters a corrupt entry, it currently truncates the
entire file to 0 bytes, destroying all settings. Since the parse loop
already knows the exact offset where corruption starts, truncate to
that offset instead, preserving all entries that were successfully
parsed.
This prevents loss of the active operational dataset (and other
settings) when only trailing bytes are corrupt — a common failure
mode when power is lost during a write.
If corruption starts at offset 0 (no valid entries), behavior is
identical to the original code.
* [posix] fsync parent directory after settings file rename
SwapPersist() calls fsync() on the data file descriptor but does not
sync the parent directory after rename(). On journaling filesystems
(ext4, overlayfs), the rename metadata may not reach stable storage
before a power loss. This can leave the old swap file in place,
which triggers a parse error on the next Init().
Add a best-effort fsync() on the parent directory after the rename.
This is non-fatal since the file data is already persisted; only the
directory entry could lag behind.
This commit exposes radio model parameters (path loss constant,
exponent, and sensitivity) and the minimum link request margin from
the Nexus simulator backend to the frontend.
Changes in backend:
- Expose constants in `RadioModel` and `Radio`.
- Add `GetRadioParameters` RPC to `simulation.proto` and implement it
in gRPC and WASM bindings.
- Expose `OPENTHREAD_CONFIG_MLE_LINK_REQUEST_MARGIN_MIN` and
`OPENTHREAD_CONFIG_MLE_PARTITION_MERGE_MARGIN_MIN` via the new RPC.
Changes in config:
- Set `OPENTHREAD_CONFIG_MLE_LINK_REQUEST_MARGIN_MIN` and
`OPENTHREAD_CONFIG_MLE_PARTITION_MERGE_MARGIN_MIN` to 5 dB in
`openthread-core-nexus-config.h`.
This allows the frontend to calculate and render circles dynamically.
This commit introduces the `DoesArrayContain()` template function to
check if a given item is present in a fixed-size C array. The template
arguments are deduced by the compiler, allowing callers to simply use
`DoesArrayContain(aArray, aItem)`.
It also updates `Manager::CoapDtlsSession::ReadSteeringDataTlv()` and
`Ip6::HandleDatagram()` to use this new helper function instead of
using manual `for` loops to iterate over `kEnrollerValidSteeringDataLengths`
and `kForwardIcmpTypes` arrays respectively.
This commit updates the `RouteTlv` implementation to use `ReadBits` and
`WriteBits` from `bit-utils` for reading and writing route data entries
(Link Quality In/Out and Route Cost). This simplifies the bitwise
operations and improves readability.
This commit migrates the DNS-SD test from the thread-cert Python
framework to the Nexus C++ framework.
The new Nexus test 'test_dnssd.cpp' replicates the original test
scenario and functionality:
- Formation of a Thread network with multiple SRP clients and a
server.
- Service registration with subtypes via SRP.
- DNS browsing for full service types and specific subtypes.
- DNS address (AAAA) and service (SRV/TXT/AAAA) resolution.
- Specific DNS record queries for SRV and KEY record types.
- Verification of DNS behavior for non-existent records.
The original Python script 'tests/scripts/thread-cert/test_dnssd.py'
is removed as its functionality is now fully covered by Nexus.
Nexus tests provide faster and more scalable network simulations
within a single process, improving CI efficiency and reliability.
This commit migrates the test_service.py script from thread-cert to the
Nexus test framework.
The new test_service.cpp implements the same test logic:
- Forms a network with a Leader and two Routers.
- Adds and removes services on different nodes.
- Verifies that Service Anycast Locators (ALOCs) are correctly
added to and removed from the nodes' unicast addresses.
- Confirms reachability of the ALOCs using ICMPv6 Echo Requests
from all nodes in the network.
- Ensures ALOCs become unreachable after the service is removed
from the network data.
Changes:
- Added tests/nexus/test_service.cpp
- Updated tests/nexus/CMakeLists.txt to include the new test.
- Removed tests/scripts/thread-cert/test_service.py.
This commit restricts the API to set a preferred router ID under
`OPENTHREAD_CONFIG_REFERENCE_DEVICE_ENABLE`. This feature is intended
for testing and therefore be excluded from standard builds to ensure
compliance with the Thread Specification.
In `Nexus::Core::HandleStateChanged`, the `lastParentId` was not
cleared when a device transitioned to the Router or Leader role. This
could cause stale parent associations to persist, leading to incorrect
link state reporting in the visualizer during subsequent role
transitions (e.g., when a former Leader merges into a partition and
becomes a Child/REED).
This fix clears `lastParentId` (sets it to `0xffff`) when the device
becomes a Router or Leader, ensuring a fresh state for parent
tracking.
This commit migrates 'test_on_mesh_prefix.py' from the thread-cert
functional tests to the Nexus simulation framework.
The new Nexus test 'test_on_mesh_prefix.cpp' covers:
- Propagation of stable and non-stable on-mesh prefixes.
- Different Network Data request behavior for MEDs and SEDs.
- MEDs receiving both stable and non-stable prefixes.
- SEDs receiving only stable prefixes.
- IPv6 address configuration (SLAAC) for all prefixes.
- Reachability verification via ICMPv6 Echo Request/Response.
Migrating to Nexus provides faster execution and improves the
reliability of the functional test suite.
This commit migrates the router multicast link request test from the
thread-cert functional tests to the Nexus simulation framework.
The new Nexus test 'test_router_multicast_link_request.cpp' covers:
- Verification of a REED node becoming a router.
- Multicast Link Request transmission to neighboring routers.
- Quick link establishment with multiple neighbors after role upgrade.
The original Python test 'test_router_multicast_link_request.py' is
removed as its functionality is now fully covered by the Nexus test.
This commit migrates the SRP server anycast mode test from the
thread-cert Python script to the Nexus test framework.
The new Nexus test `test_srp_server_anycast_mode.cpp` covers:
- SRP Server configuration in both Anycast and Unicast modes.
- Proper publication of SRP Server information in Network Data.
- SRP Client auto-start and server selection logic.
- Service registration and verification in both address modes.
- DNS browsing for registered SRP services.
Nexus tests allow for faster and more scalable network simulations
within a single process, improving CI efficiency.
Removed:
- tests/scripts/thread-cert/test_srp_server_anycast_mode.py
Migrate legacy Python test `test_reset.py` to Nexus C++ test
`test_reset.cpp`.
The test verifies that OpenThread correctly recovers network state,
specifically frame counters and datasets, after sequential resets of
nodes in a multi-hop topology (Leader <-> Router <-> ED).
The test sequence:
- Establish multi-hop topology: Leader <-> Router <-> ED.
- Send 1010 pings from ED to Leader to advance the frame counter
beyond the default storage threshold (1000).
- Reset Leader, Router, and ED sequentially.
- Verify end-to-end connectivity after resets, confirming that frame
counters were correctly recovered from non-volatile storage.
Legacy `tests/scripts/thread-cert/test_reset.py` is removed as its
functionality is now fully covered by the Nexus test.
This commit migrates the following tests from thread-cert to Nexus:
- test_router_reboot_multiple_link_request.py
- test_leader_reboot_multiple_link_request.py
New Nexus tests cover:
- Router rebooting and sending multiple Link Requests when isolated.
- Leader rebooting and sending multiple Link Requests when isolated.
The original Python cert tests are removed as they are now fully
covered by the Nexus framework.
This commit adds a new Nexus test to verify the functionality of the
MLE long routes experimental feature, which allows path costs to
exceed the standard limit of 15.
The new test `TestLongRoutes` in `test_long_routes.cpp` forms a
topology consisting of a leader and a chain of 25 routers. It then
validates that the path cost from the last router in the chain to the
leader is correctly reported as 25 using `GetPathCostToLeader()`.
Supporting changes include:
- Updating `build.sh` to support a `long_routes` build target that
enables `OT_MLE_LONG_ROUTES`.
- Adding the `long_routes` test to `CMakeLists.txt` with the
appropriate labels.
- Introducing a new GitHub workflow job `nexus-long-routes-tests` in
`nexus.yml` to automate the execution of this test.
This commit migrates the router reattach test from the thread-cert
Python framework to the Nexus C++ framework.
The new Nexus test 'test_router_reattach.cpp' replicates the
original test scenario:
- A full 32-node router network is formed.
- Router upgrade/downgrade thresholds are set to 32.
- A router is reset and verified to re-attach and reclaim its
router role.
- The test ensures the router does not downgrade after the router
selection jitter interval.
The original Python script 'tests/scripts/thread-cert/
test_router_reattach.py' is removed as its functionality is now
fully covered by Nexus.
Nexus tests provide faster and more scalable network simulations
within a single process, improving CI efficiency.
This commit migrates the anycast routing test from the thread-cert
functional tests to the Nexus simulation framework.
The new Nexus test 'test_anycast.cpp' replicates the linear topology
(R1-R2-R3-R4-R5) and verifies:
- Anycast routing for DHCPv6 Agent (ds/cs) ALOCs.
- Dynamic routing updates when multiple anycast servers are present.
- Traffic routing to the nearest anycast destination.
The original Python test 'test_anycast.py' is removed as its
functionality is now fully covered by the Nexus test.
This commit migrates the anycast locator test from the thread-cert
functional tests to the Nexus simulation framework.
The new Nexus test 'test_anycast_locator.cpp' covers:
- Anycast Locator (ALOC) resolution for the Leader from all nodes.
- Custom service ALOC resolution when only one node provides it.
- Closest-node ALOC resolution when multiple nodes provide the same
service in a line topology (LEADER-R1-R2-R3-R4).
- Verification that nodes resolve to the nearest service instance.
The original Python test 'test_anycast_locator.py' is removed as its
functionality is now fully covered by the Nexus test.
This commit simplifies the `Ip6AddressesTlv` by removing the dedicated
class definition and instead defining it as a `TlvInfo` for the
`ThreadTlv::kIp6Addresses` type.
The usage of `Ip6AddressesTlv` is updated in `BbrManager`,
`MlrManager`, and related tests to use `Tlv::StartTlv()` and
`Tlv::EndTlv()` when appending the TLV to messages.
This commit renames `GetRouteDataLength()` and `SetRouteDataLength()`
to `GetRouteDataEntryCount()` and `SetRouteDataEntryCount()` in the
`RouteTlv` class.
When `OPENTHREAD_CONFIG_MLE_LONG_ROUTES_ENABLE` is enabled, the
route data entries use a packed format (12 bits or 1.5 bytes per
entry). Consequently, the byte length of the route data field in
the TLV is no longer equal to the number of route entries.
This change ensures that `GetRouteDataEntryCount()` correctly
calculates the number of entries from the TLV length and
`SetRouteDataEntryCount()` sets the TLV length correctly based on
the entry count.
This commit migrates the SRP TTL test from the thread-cert Python
framework to the Nexus C++ framework.
The new Nexus test `test_srp_ttl.cpp` covers all four TTL clamping
cases originally implemented in `test_srp_ttl.py`:
1. CLIENT_TTL < TTL_MIN < LEASE_MAX => Clamped to TTL_MIN.
2. TTL_MIN < CLIENT_TTL < TTL_MAX < LEASE_MAX => Used CLIENT_TTL.
3. TTL_MAX < LEASE_MAX < CLIENT_TTL => Clamped to TTL_MAX.
4. LEASE_MAX < TTL_MAX < CLIENT_TTL => Clamped to LEASE_MAX.
Nexus tests provide faster and more scalable network simulations
within a single process, improving CI efficiency.
The original Python script `tests/scripts/thread-cert/test_srp_ttl.py`
is removed as its functionality is now fully covered by Nexus.
The test was failing occasionally due to the unpredictable timing of
tick-aligned timers and dataset propagation in simulations.
Specifically:
1) The router's jittered timeout (minimum 1 second) could expire
in as little as 1ms if an MLE TimeTick occurred immediately
after the security policy update.
2) Dataset propagation via MLE Advertisements could take up to
32 seconds, making immediate checks on the router's role
unreliable.
This commit fixes the flakiness by:
- Replacing flaky router role checks with `IsRouterRoleAllowed()`
assertions. This verifies that the security policy has been
successfully propagated and applied, regardless of whether the
actual role transition has completed.
- Increasing the propagation wait time to 5 seconds. This provides
a safe margin for simulated radio propagation while remaining
well within the leader's 10-second downgrade delay.
- Ensuring both the leader and router are verified for policy
application in both phases of the test.
- Maintaining the final checks to ensure both nodes eventually
become detached after the full downgrade delay (150 seconds).
The fix was verified with 1000 consecutive successful iterations.
This commit migrates the SRP server reboot port test from the
thread-cert functional tests to the Nexus simulation framework.
The new Nexus test 'test_srp_server_reboot_port.cpp' covers:
- SRP server address mode configuration (Unicast).
- SRP client auto-start discovery of the server.
- SRP server reboot (disable/enable) without node reboot.
- Verification that the server selects a new port after each reboot.
- Robustness of service re-registration over 25 reboot iterations.
The original Python test 'test_srp_server_reboot_port.py' is removed
as its functionality is now fully covered by the Nexus test.
This commit migrates the SRP register services with different
lease test from the thread-cert Python framework to the Nexus
test framework.
The new Nexus test (test_srp_register_services_diff_lease.cpp)
reproduces the functionality of the original Python test:
- Registration of multiple services with different lease/key-lease
intervals.
- Verification of per-service lease values on the SRP server.
- Ensuring key-lease is always at least as long as the lease.
- Validating lease renewal and expiry behaviors.
- Testing dynamic changes to default client lease and TTL.
Migrating to Nexus allows for faster and more scalable network
simulations within a single process.
This commit migrates the srp_client_save_server_info test from the
thread-cert Python-based test framework to the Nexus C++ simulation
framework.
The new Nexus test (test_srp_client_save_server_info.cpp) verifies:
- SRP client selects an SRP server when auto-start is enabled.
- SRP client sticks to the current server even if other SRP servers
become available.
- SRP client saves and reuses the selected server info across SRP
client stops and restarts.
- SRP client selects a new server if the current one becomes
unavailable.
- SRP client sticks to the new server even if the old one returns.
The original Python test script is removed as its functionality is
now fully covered by the new Nexus test.
This commit migrates the test_srp_register_500_services.py test from
the thread-cert test suite to the Nexus platform.
The new C++ test (tests/nexus/test_srp_scale.cpp) implements the same
functionality: it verifies that 25 SRP clients (13 routers and 12
FEDs) can successfully register a total of 500 services (20 services
per client) with a single SRP server (the leader).
The commit includes:
- Removal of the original Python test file.
- Addition of the new Nexus C++ test file.
- Integration of the new test into CMakeLists.txt and
run_nexus_tests.sh.
This commit migrates the SRP client host removal test from the
thread-cert Python-based framework to the Nexus framework.
The new C++ implementation in tests/nexus/test_srp_client_remove_host.cpp
covers the same scenarios as the original Python script:
- Successful registration of SRP host and services.
- Verification that ClearHostAndServices() does not immediately remove
server-side state.
- Verification that RemoveHostAndServices(removeKey=False,
sendUnregToServer=True) marks the host and services as deleted on the
SRP server.
- Verification that RemoveHostAndServices(removeKey=True,
sendUnregToServer=True) fully removes the host and service entries
from the SRP server.
The original Python script test_srp_client_remove_host.py is removed
as its functionality is now fully covered by the Nexus test.
This commit migrates the test_srp_many_services_mtu_check.py from
tests/scripts/thread-cert to the Nexus test framework.
The new test, tests/nexus/test_srp_many_services_mtu_check.cpp,
verifies that the SRP client correctly handles and splits SRP Update
messages when registering a large number of services that exceed
the IPv6 MTU size (1280 bytes).
Changes:
- Added tests/nexus/test_srp_many_services_mtu_check.cpp.
- Updated tests/nexus/CMakeLists.txt to include the new test.
- Removed tests/scripts/thread-cert/test_srp_many_services_mtu_check.py.
This commit stabilizes the Nexus reed_address_solicit_rejected test by
increasing the wait time for network data synchronization from 5 seconds
to 15 seconds.
The test was occasionally failing because the 5-second wait was
sometimes insufficient for the REED's service registration to reach the
leader and for the updated network data to be broadcast back to the
REED. Increasing the delay to 15 seconds provides more robust buffer for
these network events.
Verified by running the test 50 times in a loop without failures.
This commit migrates the `test_mle_msg_key_seq_jump.py` cert test to the
Nexus simulation framework.
The new Nexus test `test_mle_msg_key_seq_jump.cpp` verifies that nodes
can correctly handle jumps in the MLE key sequence and stay attached to
the network. It covers scenarios like child triggering key sequence
updates via Child Update Request and routers propagating key sequence
updates.
The original Python test script is removed as its functionality is now
fully covered by the new Nexus test.
This commit migrates the 'test_srp_client_change_lease.py' cert test
to the Nexus simulation framework.
The new Nexus test ('test_srp_client_change_lease.cpp') verifies:
- SRP registration with default lease and TTL.
- Updating the lease interval and ensuring it is reflected in SRP
Update messages.
- Updating the TTL and ensuring it is reflected in SRP Update
messages.
- Setting the TTL to 0 and ensuring the lease interval is used as
the TTL in SRP Update messages.
The original Python test script is removed as its functionality is
now fully covered by the new Nexus test.
This commit stabilizes the Nexus SRP auto-start test by increasing
the synchronization wait time from 20 seconds to 30 seconds.
The test was occasionally failing in the Nexus environment because
the 20-second wait was sometimes insufficient for the SRP server
registration to fully propagate through the network data and for
the SRP client to process the update and complete its server
selection. Increasing the wait time to 30 seconds provides a more
robust buffer for these network synchronization events.
Verified by running the test 100 times in a loop without failures.
This commit migrates the `test_ipv6_fragmentation.py` cert test to the
Nexus simulation framework.
To support this migration, the Nexus core configuration was updated to
enable IPv6 fragmentation (`OPENTHREAD_CONFIG_IP6_FRAGMENTATION_ENABLE`).
The new Nexus test `test_ipv6_fragmentation.cpp` covers the validation
of IPv6 fragmentation and reassembly. It sends large ICMPv6 Echo
Requests exceeding the 1280-byte MTU between a Leader and a Router:
- 1952 bytes payload from Leader to Router
- 1831 bytes payload from Router to Leader
The original Python test script is removed as its functionality is now
fully covered by the new Nexus test.
This commit updates the `RouterIdSet` class, renaming it to
`RouterIdMask` and expanding it to encapsulate both the router ID
sequence number and the bitmask. This allows simplifying the
definition of `ThreadRouterMaskTlv` and `RouteTlv`.
This commit simplifies the `TimeParameterTlv` implementation by
defining a `TimeParameterTlvValue` and using the `SimpleTlvInfo`
template to define `TimeParameterTlv`.
This commit migrates the SRP auto-start test from the Python-based
thread-cert test suite to the Nexus C++ test framework.
The new Nexus test replicates the logic of the original Python test:
- Forms a network with four router nodes.
- Verifies SRP client auto-start upon server discovery in netdata.
- Tests selection priority between multiple unicast and anycast
SRP servers.
- Verifies selection based on anycast sequence numbers.
- Tests selection of specific unicast addresses published in
Service Data.
- Confirms automatic failover and client stop/restart.
The original Python test file is removed as it is now covered by
the Nexus test suite.
This commit migrates the functionality of
tests/scripts/thread-cert/test_netdata_publisher.py to a new Nexus
test tests/nexus/test_netdata_publisher.cpp.
The new Nexus test covers:
- DNS/SRP Anycast entries (equal and different version numbers).
- DNS/SRP Unicast entries (service data and server data).
- Displacement of server data unicast by anycast entries.
- Publisher preference logic for DNS/SRP services.
- On-mesh prefix publisher preference and replacement.
- External route publisher preference and replacement.
Other changes:
- Add netdata_publisher to tests/nexus/CMakeLists.txt.
- Add netdata_publisher to default tests in tests/nexus/run_nexus_tests.sh.
- Remove the old tests/scripts/thread-cert/test_netdata_publisher.py.
This commit migrates the cert test script to the Nexus simulation
framework.
The new Nexus test covers:
- Initial key sequence counter and default key switch guard time.
- Dynamic updates of the key rotation time via Operational Dataset
and verification of the 93% guard time calculation rule.
- Automatic key rotation after the rotation time interval expires.
- Verification that the key switch guard time correctly prevents
nodes from updating their key sequence counter prematurely when
receiving MLE messages with a higher sequence.
- Continued communication (ICMP Echo) between nodes even when key
sequences are temporarily mismatched due to the guard timer.
The original Python test script is removed as its functionality is
now fully covered by the new Nexus test.
This commit fixes an intermittent failure in the Nexus test
'dns_client_config_auto_start'. The test was occasionally failing
because the REED node was not upgrading to the Router role within
the previous 15-second stabilization period.
The Router role transition can take up to 120 seconds due to the
default 'ROUTER_SELECTION_JITTER' parameter. This commit increases
'kStabilizationTime' to 200 seconds to ensure the node has ample
time to become a router before the test proceeds to verify its
DNS configuration.
Make `otPlatLogOutput()` `OT_TOOL_WEAK` in `cli_logging.cpp` so that
applications can provide their own strong definition to customize
instance-aware log output behaviour.
This commit migrates the 'test_mac_scan.py' cert test to the Nexus
simulation framework.
The new Nexus test 'test_mac_scan.cpp' verifies the IEEE 802.15.4
Active Scan (MAC scan) functionality. It forms a simple network
consisting of a Leader and a Router and performs an active scan
from the Leader to ensure it correctly discovers the Router's
beacon.
The original Python test script is removed as its functionality is
now fully covered by the new Nexus test.
This commit migrates the dns_client_config_auto_start test from the
thread-cert Python-based test framework to the Nexus C++ simulation
framework.
The new Nexus test (test_dns_client_config_auto_start.cpp) verifies:
- DNS client uses the SRP server address automatically when no
explicit config is set.
- Explicitly set DNS config takes precedence over auto-discovered
SRP server address.
- Clearing an explicit DNS config allows the client to fall back to
the auto-discovered SRP server address.
- DNS client updates its default config when the SRP server changes.
Changes:
- Added tests/nexus/test_dns_client_config_auto_start.cpp
- Updated tests/nexus/CMakeLists.txt to build the new test
- Updated tests/nexus/run_nexus_tests.sh to include it in default
- Removed tests/scripts/thread-cert/test_dns_client_config_auto_start.py
This commit migrates the functional test for child supervision from
the thread-cert Python-based framework to the Nexus framework.
The original test in 'tests/scripts/thread-cert/test_child_supervision.py'
has been removed and replaced with a C++ implementation in
'tests/nexus/test_child_supervision.cpp'.
The new Nexus test covers:
- Verification of initial child supervision interval on parent and child.
- Dynamically updating the supervision interval and check timeout.
- Behavior when supervision messages are blocked (child detaching).
- Verification of connectivity when child supervision is disabled.
- Handling of zero supervision interval.
'tests/nexus/CMakeLists.txt' is updated to include the new test.
This commit migrates the 'test_reed_address_solicit_rejected.py' test
from the thread-cert suite to the Nexus test framework.
The new Nexus test 'test_reed_address_solicit_rejected.cpp' covers:
- Verification that a REED node can successfully register a service and
receive the corresponding Service ALOC (0xfc10).
- Verification that when a REED node's attempt to upgrade to a router
is rejected by the Leader, it correctly remains a child while
maintaining its Service ALOC.
The original Python script is removed as its functionality is now
fully covered by the Nexus implementation.
This commit migrates the functionality of the Python-based certification
test 'test_br_upgrade_router_role.py' to a new Nexus-based C++ test
'test_br_upgrade_router_role.cpp'.
The test verifies that Border Routers (BRs) providing IP connectivity
are eligible to request a router role upgrade even when the active
router count already meets the 'router_upgrade_threshold'.
Key test steps:
- Set router upgrade threshold to 2.
- Ensure three BRs remain in child role when 2 routers already exist.
- Verify BRs upgrade to router role when they provide external routes
or prefixes, up to the limit of 2 BR routers.
- Verify that a third BR providing external routes remains a child.
- Verify that removing a route from one BR router triggers the child BR
to upgrade to a router.
The Python test is removed as it is now covered by the Nexus test.
Set the RSSI field in simulated MAC ACK frames in nexus_core.cpp.
Previously, the simulator did not populate the mRssi field in the
mInfo.mRxInfo structure of simulated ACK frames passed to
otPlatRadioTxDone. This caused OpenThread to ignore the RSSI of ACKs,
preventing the parentRss average from updating on successful data polls
from Sleepy End Devices (SEDs).
Now, the RSSI from the parent to the child is calculated using the radio
model and clamped to int8_t before being assigned to the ACK frame.
This commit migrates the test for zero-length external routes from a
Python script to the Nexus test framework. The original test was
test_zero_len_external_route.py in tests/scripts/thread-cert.
The new Nexus test test_zero_len_external_route.cpp replicates the
original test scenario:
- Forms a network with a Leader and two Routers.
- Verifies that adding a zero-length external route "::/0" on a Router
allows routing to a manually added IPv6 address on that Router.
- Verifies that explicit external routes are preferred over on-mesh
prefixes that have the default route flag set.
- Verifies that removing the external route causes traffic to be
re-routed (and in this case, fail as intended when the destination
is moved).
- Verifies that moving the address to another Router with a default
route flag allows successful routing.
This commit also fixes a bug in Core::SendAndVerifyEchoRequest in
nexus_core.cpp where the ICMP handler was not always unregistered,
especially when failures occurred. This fix ensures that subsequent
handler registrations in the same process do not fail with
kErrorAlready.
Migrating to Nexus provides faster execution and better integration with
the core OpenThread codebase.
This commit migrates the `test_ipv6_source_selection.py` cert test to
the Nexus simulation framework.
To support this migration, the Nexus framework was extended to allow
verifying the local (source) address on which an ICMP Echo Reply is
received. This is achieved by adding an overload to
`SendAndVerifyEchoRequest` that accepts an expected source address.
The new Nexus test `test_ipv6_source_selection.cpp` covers the
following scenarios:
- RLOC source for RLOC destination
- ML-EID source for ALOC destination
- ML-EID source for ML-EID destination
- Link-local source for Link-local destination
- ML-EID source for Realm-local multicast destination (ff03::1)
- GUA source for GUA destination
- GUA source for external address (via default route)
The original Python test script is removed as its functionality is now
fully covered by the new Nexus test.
Refine the event suppression logic in nexus_core.cpp when handling
NeighborTable::kChildRemoved events.
Previously, any valid neighbor found would suppress the event. Now, it
only suppresses the event if the node is found in the Router table.
This ensures that removal events for Sleepy End Devices (SEDs) are not
suppressed, allowing the link to disappear in the visualizer as
expected.
This commit fixes a compiler warning in nexus_radio.cpp where the
aFrame parameter in otPlatRadioTransmit was considered unused in
non-debug builds. The variable is only used within an OT_ASSERT.
Using OT_UNUSED_VARIABLE is the standard OpenThread pattern to
address unused parameters and ensure clean builds across different
compilers and build configurations.
This commit migrates the certification test for router downgrade on
security policy change from a Python script to the Nexus test framework.
The original test was test_router_downgrade_on_sec_policy_change.py in
tests/scripts/thread-cert.
The new Nexus test test_router_downgrade_on_sec_policy_change.cpp
replicates the original test scenario:
- Forms a network with a Leader and a Router.
- Verifies that both nodes are in the expected router/leader roles.
- Changes the security policy to disable 'R' bit (routers) and sets the
version threshold to 7.
- Verifies that the Leader and Router do not immediately downgrade,
respecting the mandatory 10-second delay.
- Verifies that restoring the original security policy before the
timeout cancels the pending downgrade.
- Verifies that re-applying the security policy change leads to both
nodes eventually downgrading to the detached state once the version
threshold and router disable flags are propagated and the timer
expires.
Migrating to Nexus provides faster execution using virtual time and a
more integrated environment for debugging core Thread logic.
This commit addresses intermittent failures in Nexus tests 1_4_DNS_TC_1,
1_4_DNS_TC_5, 1_4_PIC_TC_1, 1_4_PIC_TC_3, and 1_4_PIC_TC_4.
The issue was caused by the 'ed1' node occasionally upgrading its role
from an End Device to a Router. When 'ed1' became a router, it would
sometimes use its Routing Locator (RLOC) as the source address for DNS
queries, whereas the verification scripts expected its Mesh Local
Endpoint Identifier (MLEID), leading to packet verification failures.
To resolve this, 'ed1' is now explicitly joined as a Full End Device
(FED) using 'Node::kAsFed' instead of the default Full Thread Device
(FTD) mode. This prevents 'ed1' from becoming a router and ensures it
maintains its End Device role throughout the test, providing stable
addressing for verification.
This commit migrates the dataset_updater functional test from the
Python-based thread-cert framework to the Nexus simulation framework.
Nexus provides faster and more scalable network simulations within a
single process using virtual time.
The new test_dataset_updater.cpp covers:
- Network formation and child joining (MED and SED).
- Channel updates initiated by Leader and Router using DatasetUpdater.
- Dataset update overrides between nodes.
The legacy tests/scripts/thread-cert/test_dataset_updater.py is removed
as it is now redundant.
This commit adds a new Nexus test to verify that a Sleepy End Device
(SED) correctly informs its previous parent after reattaching to a new
parent. This replicates the functionality of the now-deleted
test_inform_previous_parent_on_reattach.py script.
The test scenario involves:
- Forming a network with a Leader and a Router.
- Attaching a SED to the Leader.
- Simulating a link failure between the SED and Leader while allowing
communication between the SED and Router.
- Verifying that the SED reattaches to the Router.
- Confirming that the SED sends an empty IPv6 message (Next Header 59)
to the Leader's RLOC to inform it of the change.
- Ensuring the SED is successfully removed from the Leader's child
table.
Migrating this test to Nexus allows for faster execution using virtual
time and single-process simulation.
The following SRP test scripts in tests/scripts/thread-cert are
redundant as their functionality is now covered by the Nexus test
framework certification suite (test_1_3_SRP_TC_*):
- test_srp_register_single_service.py: Covered by Nexus
test_1_3_SRP_TC_1.
- test_srp_lease.py: Covered by Nexus test_1_3_SRP_TC_3 (service
lease) and test_1_3_SRP_TC_4 (key lease).
- test_srp_name_conflicts.py: Covered by Nexus test_1_3_SRP_TC_2.
- test_srp_auto_host_address.py: Covered by Nexus test_1_3_SRP_TC_13.
- test_srp_sub_type.py: Covered by Nexus test_1_3_SRP_TC_15.
Nexus tests are preferred as they run in a single process using
virtual time, making them faster and more reliable than the
multi-process simulation scripts.
This commit adds support for building the Nexus simulator for
WebAssembly (WASM) using the Emscripten toolchain. This enables the
simulator to run in a web browser environment with a JavaScript-based
control interface and visualization.
Key implementation details:
- Introduced `nexus_wasm.cpp` which defines Emscripten bindings (using
Embind) for core simulation controls, including stepping time,
node creation, topology orchestration, and state manipulation.
- Implemented a `WasmObserver` and a global event queue to capture
simulation events (node state changes, link updates, packet events)
and expose them to JavaScript via a polling mechanism (`pollEvent`).
- Updated the CMake build system to support the `EMSCRIPTEN` platform,
configuring specific linker options for ES6 module export,
modularization, and memory growth.
- Enhanced `build.sh` to allow targeting WASM via `emcmake`.
- Guarded file-system-dependent operations in `nexus_pcap.cpp` and
adjusted `nexus_core.cpp` to handle WASM-specific constraints where
standard I/O or multiple observers might not be applicable.
- Added `test_wasm_bindings.mjs`, a Node.js-based smoke test that
verifies the integrity of the WASM bindings and event pipeline.
- Integrated `nexus-wasm-tests` into the GitHub Actions workflow to
ensure continuous verification of the WASM build and functionality.
This commit introduces a mechanism to temporarily override the log
level. The `Instance` class now provides `OverrideLogLevel()` and
`RestoreLogLevel()` methods. When an override is active, the
effective log level is the maximum of the original user-set level and
the override level. If `SetLogLevel()` is called while an override is
active, it updates the original level and the effective level is
recomputed.
This ensures that log messages are generated only when needed,
without permanently losing the user's original log level
configuration.
The feature is controlled by the new configuration macro
`OPENTHREAD_CONFIG_LOG_LEVEL_OVERRIDE_ENABLE`.
A new Nexus unit test `test_log_override.cpp` is added to validate
the behavior of these new feature.
The following test scripts in tests/scripts/thread-cert are now
redundant as their functionality is sufficiently covered by the Nexus
test framework:
- test_detach.py: Covered by Nexus MLE synchronization and parent
selection tests.
- test_router_upgrade.py: Covered by 5.1.x Nexus router attachment
tests.
Nexus tests are preferred for these scenarios as they execute in a
single process using virtual time, providing faster and more reliable
verification than the traditional multi-process simulation scripts.
Added `Core::AllowLinkBetween()` and `Core::UnallowLinkBetween()`
helper methods to the Nexus test platform. These methods simplify
establishing bidirectional links between nodes in simulation tests by
handling the reciprocal `AllowList()` calls in a single step.
Updated various Nexus test cases to utilize these new helpers,
replacing manual bidirectional `AllowList()` calls. This change
reduces verbosity and ensures consistency in how links are established
in the test topology.
This commit introduces `AnswerBuilder` class to track and manage
Network Diagnostic answer messages. This class is used when the
response to a query requires multiple CoAP answer messages. It
automatically manages the inclusion of the Query ID and the Answer
TLVs(providing message indexing and "more-to-follow" flags) in each
allocated answer message, while maintaining all answer messages in a
queue. The `NetworkDiagnostic::Server` is updated to use the
`AnswerBuilder`, simplifying the logic for preparing and sending
answers.
The `AnswerBuilder` class is added in a new header file
`network_diagnostic_types.hpp` to allow for its reuse by other
modules in the future.
This commit introduces gRPC support to the Nexus simulator, enabling
remote control and monitoring of simulations. This infrastructure allows
external tools and visualizers to interact with the simulated network
in real-time.
Key changes:
- Defined `simulation.proto` providing the `NexusService` definition for
simulation control and event streaming.
- Implemented `GrpcServer` in `nexus_grpc.cpp` which functions as a
Nexus simulation observer, pushing events to connected clients.
- Added RPCs for dynamic node creation, position updates, node state
control, and network orchestration (forming and joining).
- Implemented a real-time event stream that includes node state changes,
link updates, and packet captures (with basic protocol decoding).
- Introduced `nexus_native.cpp` as an entry point for a persistent
simulation server that can be controlled via gRPC.
- Updated `Core` and `Observer` interfaces to support a list of
concurrent observers instead of a single instance.
- Enhanced the CMake build system to optionally find and link against
gRPC and Protobuf, including automatic source generation.
- Updated CI (GitHub Actions) to include build and test steps for the
new gRPC functionality.
- Added comprehensive unit tests in `test_grpc.cpp` to verify all
exposed gRPC service methods.
This commit updates `CslClockAccuracyTlv` to use the `SimpleTlvInfo`
and a separate `CslClockAccuracyTlvValue` class. This change
simplifies how the TLV is appended to and read from messages
by leveraging the `Tlv::Append<TlvType>` and `Tlv::Find<TlvType>`
helper methods (avoiding the use of `FindTlv()`).
This commit removes the redundant `multiple-instance` job from the
`simulation-1.1.yml` workflow. This job was used to run Thread 1.1
certification tests with `OT_MULTIPLE_INSTANCE=ON`.
The job is being removed to streamline the CI process and reduce
redundant test coverage, as multiple-instance configurations are
sufficiently covered in other workflow files. The dependency list
for the coverage collection job is also updated to reflect this
removal.
The previous logic for suppressing CHILD_REMOVED events was flawed. It
checked if the neighbor was not in the child table. However, since the
callback is triggered after the child is removed, it was always false,
leading to false suppression for all removed children.
This caused the parent node to never emit "link removed" events to the
UI when children detached, leading to inconsistent link states (dashed
lines) when only one direction was active.
This fix updates the logic to check if a neighbor entry exists in the
neighbor table with an established link (kStateValid). This ensures we
only suppress the event when the child has successfully transitioned to
a router role and established a valid link.
This commit updates `Mle::SendMulticastAdvertisement()` to verify
that the router role is allowed by calling `IsRouterRoleAllowed()`
before proceeding to send the multicast MLE advertisement.
This commit introduces the `SimulationObserver` interface and integrates
it into the Nexus core simulation logic. This allows external systems to
observe node state changes, link updates, and packet events in real-time.
Key changes:
- Defined `SimulationObserver` interface to handle node state changes,
link updates, packet events, and event clearing.
- Added `SetObserver` and `GetObserver` methods to the `Core` class.
- Implemented `Core::HandleNeighborTableChanged` to notify the observer
of neighbor additions and removals.
- Implemented `Core::HandleStateChanged` to track node role transitions
and parent changes, updating links accordingly.
- Integrated packet event notification in `Core::ProcessRadio`,
including basic destination node ID resolution for unicast frames.
- Added `Core::SetNodeEnabled` to allow enabling or disabling Thread and
MLE on specific nodes at runtime.
- Updated `Core::Reset` to clear events via the observer.
- Increased `OPENTHREAD_CONFIG_MAX_STATECHANGE_HANDLERS` to accommodate
the new nexus state change handler.
- Added `mLastParentId` to `Node` class to correctly manage link updates
during parent switches or detachment.
RFC 8200 states that the Hop-by-Hop Options header MUST be the first
extension header and can only occur once in a packet. This commit
updates HandleExtensionHeaders to enforce this rule.
This fix prevents a potential infinite loop or exponential growth of
messages when multiple Hop-by-Hop headers (each containing an MPL
option) are processed. Previously, each MPL option could trigger its
own retransmission, and if these options were evicted from the MPL
SeedSet, they would be re-processed as new messages upon loopback,
leading to exponential growth and eventually a timeout.
This commit adds a new RadioModel class to simulate wireless propagation
characteristics between Nexus nodes. It implements a simple path-loss
model based on node distance to calculate RSSI.
Key changes include:
- Added RadioModel with CalculateRssi and ShouldDropPacket methods.
- Integrated RSSI calculation into the Core radio processing logic.
- Implemented packet dropping for signals below -100 dBm sensitivity.
- Added nexus_radio_model.cpp to the build system.
This commit introduces a new member variable `mRouterRoleAllowed` in
the `Mle` class to cache the evaluation of whether the device is
currently permitted to operate as a router.
Previously, the `IsRouterEligible()` method evaluated several
conditions (e.g., `IsFullThreadDevice()`, `mRouterEligible` config,
and various fields in `SecurityPolicy`) every time it was called.
Since this method is invoked frequently across different `Mle`
operations, re-evaluating these conditions repeatedly was
inefficient.
The new `mRouterRoleAllowed` variable caches the final computed
result. It is updated via the `UpdateRouterRoleAllowed()` method
whenever any underlying input changes, such as:
- `Mle` starting.
- Configuration parameter updates (e.g., `SetRouterEligible()`).
- Security policy changes from the `KeyManager`.
This change centralizes the logic for handling role permission updates
into a single location (`UpdateRouterRoleAllowed()`). By
consolidating the actions taken when the allowed state changes, the
codebase is cleaner and easier to maintain and update.
It also provides a clearer conceptual distinction between the user's
router configuration (`mRouterEligible`) and the effective state
used by the device.
This commit moves the TREL configuration from the build script to the
nexus-config header file. This ensures that TREL is consistently enabled
for all nexus builds and simplifies the build script.
Specifically:
- Added OPENTHREAD_CONFIG_RADIO_LINK_TREL_ENABLE to
tests/nexus/openthread-core-nexus-config.h.
- Removed OT_TREL from tests/nexus/build.sh and simplified the build
options.
This commit moves the `OPENTHREAD_CONFIG_MULTIPLE_INSTANCE_ENABLE`
configuration from the build scripts to the nexus-specific core
configuration header file.
Specifically:
- Added `#define OPENTHREAD_CONFIG_MULTIPLE_INSTANCE_ENABLE 1` to
`tests/nexus/openthread-core-nexus-config.h`.
- Removed `-DOT_MULTIPLE_INSTANCE=ON` from `tests/nexus/build.sh`.
- Removed `-DOT_MULTIPLE_INSTANCE=ON` from `tests/fuzz/oss-fuzz-build`.
This change centralizes nexus-specific configurations in the header
file, making the build scripts cleaner and ensuring consistent
configuration across different build environments that use the
nexus core config."
Due to a state retention issue in the unit test platform, TCAT tests were passing in ways they should not.
Now with the new settings/flash clearing per #12875 applied, these tests were failing.
This fixes TCAT unit tests to pass again and better express the expected behavior also.
Issue: state was retained between OT instances in the unit test platform, across tests.
This commit adds settings and flash clearing as part of testInitInstance().
This commit simplifies the Simulation 1.4 workflow by removing the
compiler and architecture matrix. Run-time issues due to compiler
differences or architecture have not been an issue, so testing a single
configuration is sufficient to reduce CI resource usage.
The workflow now uses the default environment instead of explicitly
testing both gcc/clang and m32/m64 architectures.
This commit adds a compile-time check in `time_sync_service.hpp` to
ensure that `OPENTHREAD_CONFIG_RADIO_LINK_TREL_ENABLE` is not
enabled alongside `OPENTHREAD_CONFIG_TIME_SYNC_ENABLE`. The time
synchronization feature is experimental and currently only supports
IEEE 802.15.4 radio links. Attempting to use it over TREL is
unsupported and will now result in a build failure.
This commit introduces the `Context` and `ContextWith<kContextSize>`
helper classes in the `Crypto` namespace to wrap `otCryptoContext`
and manage its storage allocation. `ContextWith<kContextSize>`
handles the buffer allocation based on the configuration
`OPENTHREAD_CONFIG_CRYPTO_PLATFORM_ALLOCS_CONTEXT`, automatically
clearing and setting the buffer.
The `AesEcb`, `HkdfSha256`, `HmacSha256`, and `Sha256` classes are
updated to use the new `ContextWith` template for their `mContext`
members. This simplifies their initialization sequences and
constructors.
This commit introduces the ability to configure whether the CLI
interpreter outputs the prompt string (`> `) at runtime.
- Adds `mPromptEnabled` boolean flag (enabled by default) under the
`OPENTHREAD_CONFIG_CLI_PROMPT_ENABLE` configuration.
- Adds the `Interpreter::SetPromptConfig()` method to toggle this
behavior.
- Updates `Interpreter::OutputPrompt()` to check `mPromptEnabled`
before emitting the prompt string.
This commit removes the following legacy 1.2 certification test scripts:
- tests/scripts/thread-cert/v1_2_router_5_1_1.py
- tests/scripts/thread-cert/v1_2_test_parent_selection.py
It also removes the 'packet-verification-1-1-on-1-4' job from the
Simulation 1.4 workflow as it is no longer required.
Now signed by the correct 'Thread Certification DeviceCA'. A 'test'
target is added in the Makefile to test chaining. The Thread
certification CA certificate is also added in the 'CA' directory,
which was missing. Documentation is updated to clarify that the
'TcatCertCa' private key is not included in this repo; and other
clarifications.
This commit introduces `testResetInstance()` in the unit test platform
layer to finalize an existing `ot::Instance` and re-initialize it
using the same underlying memory buffer, simulating a device reset.
This commit also updates `test_routing_manager.cpp` to use this new
function to streamline the test implementation.
This commit introduces static helper methods `SteeringDataTlv::FindIn()`
and `SteeringDataTlv::AppendTo()` to simplify the handling of steering
data in `Message` objects.
`SteeringDataTlv::FindIn()` encapsulates the pattern of searching for a
`SteeringDataTlv` in a `Message` and reading its value into a
`SteeringData` object. `SteeringDataTlv::AppendTo()` provides a unified
way to append steering data to a `Message`, including a validity check.
These helpers are adopted across core modules (MeshCoP, MLE, Discovery)
and various Nexus tests, replacing manual TLV manipulation with a
cleaner and safer helper methods.
This commit fixes the CLI implementation of `sntp` and `diagnostic`
commands by ensuring they use the public `otMessageInfo` type instead
of the internal `ot::Ip6::MessageInfo` class.
This commit implements the Nexus test specification 1_4_PIC_TC_4
to verify the Border Router (BR) built-in NAT64 translator.
The test verifies that the BR DUT:
- Automatically configures an IPv4 address and NAT64 prefix.
- Offers IPv4 internet connectivity to Thread devices using NAT64.
- Offers IPv4 local network connectivity to Thread devices.
- Operates a DNS recursive resolver to look up IPv4 server addresses.
New files added:
- tests/nexus/test_1_4_PIC_TC_4.cpp: C++ test execution script
- tests/nexus/verify_1_4_PIC_TC_4.py: Python pcap verification script
Integration:
- Updated tests/nexus/CMakeLists.txt to compile the test.
- Added test to default array in tests/nexus/run_nexus_tests.sh.
This commit updates the default value of the
`OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE` configuration
to be enabled automatically when `OPENTHREAD_CONFIG_CRYPTO_LIB` is
set to `OPENTHREAD_CONFIG_CRYPTO_LIB_PSA`. Additionally, it adds a
compile-time check in `crypto_platform_psa.cpp` to enforce this
requirement. This ensures that the platform key references support is
always enabled when the PSA crypto library is selected.
This commit introduces `ActiveInstanceTracker` as the first member
variable of the `Instance` class to manage the global `gActiveInstance`
pointer (when `OPENTHREAD_CONFIG_LOG_INSTANCE_AWARE_API_ENABLE` is
enabled).
By placing it as the very first member, we ensure its constructor
is called before any other member and its destructor is called after
all others. The `Instance` destructor body also explicitly sets
`gActiveInstance = this` at its start to "claim" the context during its
own destruction. This guarantees that logs emitted during both the
initialization and destruction of an `Instance` are always correctly
associated with that instance. Finally, the `ActiveInstanceTracker`
destructor sets `gActiveInstance` to `nullptr` at the very end to
prevent any potential use of a dangling pointer.
This commit introduces an overloaded version of `AppendModeTlv()`
that automatically uses the device's own `GetDeviceMode()`.
The new parameter-less version simplifies the common case where a
node reports its own mode. The parameterized version is
preserved for cases where a specific mode must be provided (e.g.,
parent reporting one of its children's mode).
This commit introduces `TxMessage::AppendSourceAddressAndLeaderDataTlvs()`
to consolidate the appending of `Source Address` and `Leader Data` TLVs.
This combination is frequently used together across various MLE messages
to provide the sender's identity and leader data. Centralizing this
into a single helper method improves code consistency.
Additionally, the `TxMessage` methods in `mle.hpp` and `mle.cpp` are
organized into "Appending single TLV" and "Appending multiple TLVs"
sections for better clarity and maintainability. Existing multi-TLV
methods like `AppendLinkAndMleFrameCounterTlvs()` and
`AppendActiveAndPendingTimestampTlvs()` are moved to the new section.
This commit updates the Nexus platform to use the internal core C++
API `Ip6::SetReceiveCallback()` instead of the public C API
`otIp6SetReceiveCallback()`.
This commit introduces `Mle::ShouldRegisterUnicastAddrWithParent()` to
centralize the logic for determining which unicast addresses should be
registered with the parent.
Previously, the filtering logic for unicast addresses was duplicated
in `HasUnregisteredAddress()` and `AppendAddressRegistrationTlv()`. By
unifying this in a single helper method, the code ensures consistent
behavior between checking for unregistered addresses and actually
appending them to the MLE messages.
Additionally, this change:
- Marks `Mle::HasUnregisteredAddress()` as `const`.
- Updates `Mle::ShouldRegisterMulticastAddrsWithParent()` to improve
readability and follow common coding patterns in the codebase.
This commit improves the address registration behavior in
`Mle::SendChildUpdateResponse()` for non-FTD devices.
Previously, the device would always append only the mesh-local address
and then unconditionally attempt to send a follow-up Child Update
Request. The updated logic now checks if the parent's request
included a Challenge TLV. If not, all addresses are appended directly
to the response, eliminating the extra message exchange. If a
Challenge is present (indicating the parent is restoring its link),
only the mesh-local address is included to prevent message
fragmentation. In this case, if the device is attached and has
unregistered addresses, a follow-up Child Update Request is scheduled
via `mDelayedSender`.
The previous implementation indirectly assumed the parent would only
request the `Address Registration` TLV when restoring its link (the
current behavior of OpenThread parents). However, such behavior on the
parent is not strictly required and could change. This update on the
child side ensures robust address registration regardless of the
parent's specific behavior.
When the Nexus test finishes, it automatically destructs all its allocated
Nodes sequentially. During this destruction phase, the OpenThread instance
attempts to destruct objects like `Nat64::Translator`, which might in turn
call logging mechanisms like `Mapping::Free()` that rely on the static
`Instance::GetActiveInstance()` pointer.
Because `Core::~Core()` did not maintain or update `gActiveInstance` while
iterating through node destructors, this pointer was left dangling, causing
segmentation faults when dereferenced by `ot::Instance::GetLogLevel()`.
This commit fixes `Core::~Core()` to manually loop through and destruct the
`mNodes` list, calling `UpdateActiveInstance(&node->GetInstance())` right
before destroying each node. This ensures that `gActiveInstance` points to
the correct context while node destruction logic runs.
This commit adds a Nexus test case 1_4_PIC_TC_3 to verify the IPv6
default route advertisement behavior of a Border Router (BR) in a
Thread 1.4 network.
The test verifies that:
- The BR correctly advertises a default route (::/0) in Thread Network
Data when it discovers a default route on the infrastructure link.
- The BR maintains the default route advertisement even if the
infrastructure default route is withdrawn, provided a non-ULA prefix
remains active on the infrastructure link.
- The default route advertisement is correctly restored or updated when
the infrastructure default route is re-enabled.
The test implementation includes:
- test_1_4_PIC_TC_3.cpp: C++ test logic using the Nexus simulation
framework, simulating BR, Router, End Device, and Infrastructure
nodes (Eth_1, Eth_2). It uses a custom ICMPv6 receive callback to
simulate "no route to host" conditions.
- verify_1_4_PIC_TC_3.py: Python verification script that analyzes
the captured packets to ensure MLE Data Responses and ICMPv6 traffic
match the expected behavior for each test step.
Integration:
- Updated tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to include the new test in the automated test suite.
This commit adds a new Nexus test that implements the test
specification in test-1-4-PIC-TC-1.md. The test verifies Border
Router functionality including:
- DHCPv6-PD client to obtain OMR prefix
- Advertising route to OMR prefix on AIL (Stub Router)
- DNS recursive resolver for public internet addresses
- Connectivity (ICMPv6, UDP, TCP/HTTP) to internet and local servers
New files:
- tests/nexus/test_1_4_PIC_TC_1.cpp: C++ test execution
- tests/nexus/verify_1_4_PIC_TC_1.py: Python pcap verification
Nexus platform enhancements:
- Enabled DHCPv6-PD client in openthread-core-nexus-config.h
- Implemented DHCPv6-PD platform APIs in nexus_infra_if.cpp
- Added RDNSS option to RA in nexus_infra_if.cpp
- Improved packet delivery on infrastructure interface in nexus_core.cpp
- Fixed upstream DNS query matching in nexus_dns.cpp
Previously, version checks used `<= 0x03060500` to guard mbedtls v3.x
APIs, incorrectly treating any version above 3.6.5 (e.g. 3.6.6+) as
v4.0. Replace these checks with `< 0x04000000` to properly cover all
v3.x releases.
This commit adds support for the Vendor OUI (`vo`) key in the Border
Agent MeshCoP service TXT data parser.
The `otBorderAgentTxtDataInfo` structure and its internal counterpart
`TxtData::Info` are updated to include a boolean flag `mHasVendorOui`
and a 3-byte array `mVendorOui` to store the 24-bit vendor OUI.
The parsing logic in `TxtData::Info::ProcessTxtEntry()` is updated to
recognize the `vo` key and extract its value. Additionally, the CLI
`Interpreter` is updated to output the vendor OUI in hexadecimal
format when it is present in the parsed information.
This commit updates the Nexus platform `InfraIf` class to inherit from
`InstanceLocator`, aligning it with the standard OpenThread architectural
patterns.
The `mNode` and `mNodeId` member variables are removed as they are now
redundant. Access to the associated `Instance` and other platform-level
components is now managed through `GetInstance()` and the newly added
`Instance::Get<T>` template specializations for `Node`, `InfraIf`,
`Udp`, `Trel`, and `Mdns`.
The `InfraIf::Init()` method is renamed to `AfterInit()` to better
reflect its role in the node initialization lifecycle. All call sites in
`nexus_infra_if.cpp` are updated to use the locator-based accessors.
This commit implements the Nexus test specification 1_4_DNS_TC_5 for
DNS record types and special cases in OpenThread 1.4.
The test verifies that the Border Router:
- Can resolve A and AAAA records from upstream DNS servers.
- Does not perform IPv6 AAAA synthesis from A records when not
specifically requested or configured.
- Can resolve mDNS records on the Adjacent Infrastructure Link (AIL).
- Supports non-typical record types (RRTypes) and "Private Use"
ranges (0xFF00-0xFFFE).
- Correctly blocks and responds with NXDomain for "ipv4only.arpa"
queries, ensuring they are not forwarded upstream.
Test Implementation:
- Created test_1_4_DNS_TC_5.cpp to simulate the network topology and
DNS query/response sequences.
- Created verify_1_4_DNS_TC_5.py to perform packet-level verification
of the DNS interactions and BR behavior.
- Integrated the new test into the Nexus build and test execution
scripts.
This commit implements the Nexus test specification 1_4_DNS_TC_3 for
upstream DNS resolver selection in OpenThread.
Nexus Platform Enhancements:
- Added OPENTHREAD_CONFIG_DNS_UPSTREAM_QUERY_ENABLE and
OPENTHREAD_CONFIG_PLATFORM_DNS_ENABLE to nexus config.
- Implemented platform DNS APIs in nexus_dns.cpp, supporting
upstream server selection based on prefix lifetimes and reachability.
- Added UdpHook to Core to allow tests to intercept and simulate
responses for backbone UDP traffic on port 53.
- Updated InfraIf::Receive to call Core::HandleUdp for generic UDP
interception.
- Added raw buffer delivery overloads for InfraIf::SendUdp.
Test Implementation:
- Created test_1_4_DNS_TC_3.cpp which performs network formation,
RA signaling (PIO/RIO/RDNSS), and DNS resolution triggers.
- Created verify_1_4_DNS_TC_3.py to validate network behavior,
RA contents, and correct upstream query routing using pktverify.
- Integrated the new test into CMakeLists.txt and the default
run_nexus_tests.sh suite.
This commit updates `Mle::HandleTimeTick()` to separate the processing
of role transitions and the checking of the leader's age into two
distinct `switch` statements.
Previously, these two checks were combined in a single `switch`
statement with complex fall-through logic. This structure contained
two issues:
1. For a device in the `kRoleChild` state, if the role transition
timeout expired, the code would execute `ExitNow()`. This
unintentionally skipped the leader age check and the rest of the
operations in `Mle::HandleTimeTick()`, such as updating the
`ChildTable` and `RouterTable`.
2. A non-router-eligible child would incorrectly fall through and
perform the leader age check. The new logic adds an explicit check
using `IsRouterEligible()` to ensure only router-eligible children
monitor the leader's age.
By separating the logic into two blocks, the code is simplified and
we avoid the brittle fall-through behavior and ensure that all time
tick operations are consistently executed regardless of the device's
role or role transition state.
This commit removes redundant calls to `mInfraIf.Init()` and
`mInfraIf.AddAddress()` from various Nexus test cases.
The infrastructure interface (`mInfraIf`) is automatically initialized
and assigned a link-local address by the core framework when a new
`Node` is added. The `InfraIf::Init()` method derives the link-local
address from the MAC address and adds it to the interface. Therefore,
these explicit manual calls in individual test scripts are unnecessary
and can be removed to simplify the test setup.
Removed redundant channel, panid, and extpanid commands. Their
information is now more comprehensively provided by the dataset active
-ns output.
Removed partitionid from the debug command list as it was redundant
with leaderdata.
Nexus test 1_4_TREL_TC_4 occasionally fails during topology formation
because the router promotion timeout (kAttachToRouterTime) was set to
120 seconds.
The MLE router selection jitter (OPENTHREAD_CONFIG_MLE_ROUTER_SELECTION
_JITTER) defaults to 120 seconds. Since the jitter timer starts after
successful attachment as a child, 120 seconds is insufficient when the
maximum jitter is selected, leading to a race condition.
This commit increases kAttachToRouterTime to 200 seconds, matching the
value used in most other Nexus tests and providing sufficient time for
router promotion to complete reliably.
This commit removes the `mSrpHostAddresses` array from the `Node`
class in the Nexus platform. The array was specific to SRP client
testing and was occupying unnecessary memory for every simulated
node instance.
Instead of keeping this state inside the `Node` abstraction, a local
`hostAddrs` array is now declared within the `Test_1_3_SRP_TC_1()` test
function. This local array safely persists for the duration of the
test, allowing `Srp::Client::SetHostAddresses()` to use the
provided pointer without relying on a global or node-level member.
This commit improves robustness and forward compatibility of Secure
Transport with newer MbedTLS/PSA configurations. There are places
where mbedtls structures are accessed directly , which can be fragile
when internal struct layouts change across Mbed TLS configurations or
versions.
To address this, this commit makes the following changes:
1. Replace direct TLS struct member access in secure transport with
mbedtls_ssl_get_peer_cert(), and tighten state/null checks to improve
robustness and forward compatibility with newer MbedTLS/PSA
configurations.
This commit updates the address-based node lookup methods in `Core`
to use the `FindMatching()` and `ContainsMatching()` methods provided
by the `LinkedList` class. This replaces manual `for` loops with
cleaner, built-in list operations.
To facilitate this, a new `AddressNetif` enum and a `Matches()` method
are added to the `Node` class. The `Matches()` method accepts an
`Ip6::Address` and an `AddressNetif` indicator, allowing it to check
if the node has the specified address on its Thread interface, its
Infrastructure interface, or any.
Additionally, a `const` overload for the `Get()` template method is
added to the `Node` class to ensure proper const-correctness.
This commit updates the IPv6 receive path in the Nexus platform to
utilize `OwnedPtr<Message>` for message lifecycle management. It
also removes the need for a large local buffer and redundant
message allocations.
Previously, `Node::HandleReceive()` copied the entire `otMessage`
payload into a local array, and `InfraIf::SendIp6()` allocated a new
`Message` to enqueue for transmission.
With this change:
- `Node::HandleIp6Receive()` wraps the received `otMessage` in an
`OwnedPtr<Message>`, ensuring proper cleanup upon exit without
explicitly calling `otMessageFree()`.
- The `Ip6::Header::ParseFrom` is used which reads and validates
the IPv6 header and the message.
- The hop limit is updated in-place within the `Message` using
`Write()` to overwrite previous header.
- `InfraIf::SendIp6()` accepts the `OwnedPtr<Message>` directly,
taking ownership and enqueuing it without requiring reallocation
or memory copying.
- Condition checks in `Node::HandleIp6Receive()` are reordered
to match the comment.
This commit simplifies the `SecureTransport` API by consolidating the
previous `Open()` and `Bind()` methods into two specialized `Open()`
flavors.
The first flavor, `Open(uint16_t aPort, ...)`, creates and binds a UDP
socket to a specific port and network interface. If the port is zero,
an ephemeral port is automatically selected.
The second flavor, `Open(TransportCallback aCallback, ...)`, enables
callback-based transmission, where outgoing messages are sent via the
provided callback and received messages are passed in through
`HandleReceive()`.
This consolidation ensures that the transport is fully initialized and
ready for traffic in a single method call. It also prevents the
creation of unused UDP sockets when a `TransportCallback` is
employed, avoiding unnecessary overhead in the `Udp` class.
All core components (`BorderAgent`, `Commissioner`, `Joiner`, and
`BleSecure`) and related tests are updated to utilize the new
patterns.
This commit adds support for handling mDNS service name conflicts by
automatically renaming the service when a collision is detected during
registration.
The new naming scheme appends a suffix based on the last two bytes of
the device's Extended Address (e.g., " #AB1E"). If this name also
conflicts, an additional index is appended (e.g., " #AB1E (1)").
Changes:
- Added `mServiceRenameIndex` to `Manager` and `EphemeralKeyManager`
to track re-naming attempts.
- Updated `otBorderAgentSetMeshCoPServiceBaseName()` and CLI documentation
to reflect the new naming and conflict resolution logic.
- Updated `OT_BORDER_AGENT_MESHCOP_SERVICE_BASE_NAME_MAX_LENGTH` to
ensure the full name fits within the 63-character DNS label limit.
- Added Nexus tests to verify the renaming logic under conflict.
This commit updates the logging in `Mle::DelayedSender` to provide
clearer information about delayed message transmissions.
The `MessageAction` enum values `kMessageDelay` and
`kMessageRemoveDelayed` are renamed to `kMessageScheduleDelayedSend`
and `kMessageRemoveDelayedSend` to better reflect their purpose. The
corresponding string mappings are also updated to "Schedule tx of"
and "Remove scheduled tx of".
Additionally, a new log entry is added to `AddSchedule()` to explicitly
record the delay duration in milliseconds, making it easier to track
when the scheduled message is expected to be sent.
This commit updates `Node::Reset()` in the Nexus platform to correctly
set the IPv6 receive callback after the OpenThread `Instance` has been
re-initialized via placement `new`.
Previously, `otIp6SetReceiveCallback()` was called before the new
`Instance` was constructed, meaning the callback registration would
be lost when the instance memory was overwritten. Additionally, the
callback registration now passes the associated `Node` object as the
context.
This change updates `Ip6::Udp::GetUdpSockets()` to return a reference
to the `LinkedList<SocketHandle>` instead of a pointer to the head of
the list. This allows for cleaner iteration using range-based for
loops and provides a more idiomatic C++ interface.
Call sites are updated accordingly. Specifically, the Nexus UDP
platform code now uses a range-based for loop to iterate through the
sockets.
In nexus tests, DNS browser and resolver objects must be initialized
using ClearAllBytes before use to ensure predictable behavior.
This commit adds missing ClearAllBytes calls for:
- Dns::Multicast::Core::Browser
- Dns::Multicast::Core::TxtResolver
- Dns::Multicast::Core::SrvResolver
- Dns::Multicast::Core::AddressResolver
In test_1_3_SRP_TC_4.cpp, ClearAllBytes is now called before browser
reuse in Step 19.
Redundant includes of common/clearable.hpp were removed as it is
available transitively.
A blank line was added after Browser declarations for consistency.
This commit enhances the `UptimeToString()` function by introducing
`UptimeStringFlags` to allow customization of the output string.
Specifically, it adds the following flags:
- `kUptimeStringIncludeMsec`: Includes milliseconds in the string.
- `kUptimeStringSkipHoursIfZero`: Omits the `<hh>:` part when hours
and days are zero.
The commit also adds a new `UptimeToString()` overload that returns
an `UptimeString` (a `String` object), simplifying usage in logging
and other areas. All existing call sites are updated to use the new
flags and the new overload where appropriate.
This commit fixes a nullptr-with-nonzero-offset runtime error in
Mac::ProcessEnhAckProbing. The error occurred because pointer
arithmetic was performed on the enhAckProbingIe pointer before
verifying if it was null.
The fix moves the pointer calculation after the null check to
ensure that it is only performed when a valid IE is present.
This was discovered by ASAN/UBSAN when processing frames without
the Enhancement ACK Probing IE.
This commit implements the Thread 1.4 Credential Sharing (CS) TC-3
Nexus test, focusing on Thread Administration Sharing using ePSKc.
The test case covers mDNS discovery, ePSKc generation/validation,
and DTLS secure transport for TMF message exchange.
Detailed changes:
- Implement full 26-step Nexus test in tests/nexus/test_1_4_CS_TC_3.cpp
covering the following procedures:
- mDNS discovery of meshcop and meshcop-e service instances.
- Validation of State Bitmap (sb) and other TXT record fields.
- Generation and Verhoeff-based validation of One-Time Passcodes.
- DTLS handshakes using correct and incorrect ePSKc values.
- MGMT_ACTIVE_GET and MGMT_PENDING_GET request/response exchanges
over the secure DTLS session.
- Testing of ephemeral key expiration and max connection attempts.
- Add Python-based packet verification script in
tests/nexus/verify_1_4_CS_TC_3.py using pktverify to ensure
protocol compliance.
- Register the 1_4_CS_TC_3 test in tests/nexus/CMakeLists.txt.
- Add 1_4_CS_TC_3 to the default test list in run_nexus_tests.sh.
This commit implements the otPlatUdp API for the Nexus simulation
environment and updates core UDP logic to facilitate it.
Changes in src/core:
- Initialize mHandle in Udp::Open with the current Instance pointer
when Nexus platform UDP is enabled. This allows the platform UDP
implementation to retrieve the instance context directly from the
otUdpSocket handle.
Changes in Nexus platform:
- Implement otPlatUdp API in nexus_udp.cpp/hpp. The implementation
routes UDP traffic through the simulated infrastructure interface
(InfraIf).
- Integrate Udp class into Nexus::Node and Nexus::Platform.
- Update InfraIf::Receive to dispatch incoming UDP packets to the
new platform UDP implementation.
- Enable OPENTHREAD_CONFIG_PLATFORM_UDP_ENABLE and related configs
in Nexus.
Changes in Nexus tests:
- Update test_border_admitter, test_border_agent, test_dtls, and
test_1_4_DNS_TC_1 to align with the new platform UDP and address/
netif usage.
- Add nexus_udp.cpp to CMakeLists.txt.
This commit updates `Manager::CoapDtlsSession::SendEnrollerResponse()`
to always include the Admitter info TLVs in responses sent to
enrollers. Previously, these TLVs were only included in responses to
registration and keep-alive requests.
This change ensures that enrollers receive consistent state updates
from the `Admitter` during all interactions, such as joiner
acceptance or release.
The test case `TestBorderAdmitterJoinerEnrollerInteraction` is
updated to validate the new behavior.
This commit enhances the `Admitter` logic for forwarding `RelayRx`
messages to connected enrollers.
If an enroller has explicitly accepted a specific joiner IID, the
`Admitter` will now always forward that joiner's relay traffic to the
owning enroller, regardless of its current `kForwardJoinerRelayRx`
flag in its registered enroller mode. The flag now strictly controls
whether the enroller receives general "multicast" forwarding for
joiners that have not yet been accepted by any enroller.
This enhancement adds a new capability to the interactions between the
`Admitter` and enrollers. Previously, if an enroller accepted a joiner
but also cleared its `kForwardJoinerRelayRx` flag, it could be
considered a misbehavior by the enroller, as it would effectively
block that joiner's traffic from reaching any other enrollers without
receiving the traffic itself. This scenario is no longer possible, and
this configuration now supports a new behavior: allowing an enroller
to accept certain joiners and receive relay traffic only from those it
has explicitly accepted.
The `test_border_admitter` is updated to validate this behavior in
detail.
This commit updates `RouterNeighborTlv` to follow the `SimpleTlvInfo`
pattern, separating the TLV value structure from its type/length
header.
Specifically, it defines `RouterNeighborTlvValue` to hold the data
fields for a router neighbor's diagnostic information, while
`RouterNeighborTlv` is redefined as a `SimpleTlvInfo` using the value
structure and the `kRouterNeighbor` type.
This allows the use of generic `Tlv::Append<RouterNeighborTlv>()` and
`tlvInfo.Read<RouterNeighborTlv>()` methods, which are generally
safer and allow value type reuse.
The `NetworkDiagnostic` and `MeshDiag` module are updated to
utilize these new methods.
This commit introduces the `LinkLayerAddress` class as a nested type
within `InfraIf`. The new class inherits from the
`otPlatInfraIfLinkLayerAddress` and provides utility methods to
simplify address manipulation and logging.
Specifically, the following capabilities are added:
- `ConvertToIid()` converts the link-layer address into an IPv6
`InterfaceIdentifier`.
- `ToString()` formats the address into a human-readable string.
- Getters like `GetLength()` and `GetBytes()` for accessing the
underlying address data.
The `nexus` platform tests are updated to leverage the newly added
`LinkLayerAddress` methods, simplifying the handling of MAC addresses
and the derivation of IPv6 interface identifiers.
This commit moves the `@addtogroup plat-infra-if` Doxygen block to the
top of the `infra_if.h` header file. Previously, it was defined
after `otPlatInfraIfLinkLayerAddress`, causing that structure and
the `OT_PLAT_INFRA_IF_MAX_LINK_LAYER_ADDR_LENGTH` macro to be excluded
from the `plat-infra-if` module in the generated documentation.
This commit updates `ChildTlv` to follow the `SimpleTlvInfo` pattern,
separating the TLV value structure from its type/length header.
Specifically, it defines `ChildTlvValue` to hold the data fields for
a child's diagnostic information, while `ChildTlv` is redefined as
a `SimpleTlvInfo` using the value structure and the `kChild` type.
This allows the use of generic `Tlv::Append<ChildTlv>()` and
`tlvInfo.Read<ChildTlv>()` methods, which are generally safer and
allow value type reuse.
The `NetworkDiagnostics` and `MeshDiag` are updated to utilize
these new definitions.
Heap::Data::UpdateBuffer() freed the existing buffer before
attempting to allocate a new one. If the allocation failed,
mData retained a dangling pointer to the already-freed buffer.
A subsequent Free() call (from the destructor or an error path)
would then free the same pointer again, causing a double-free.
This changes UpdateBuffer() to use the allocate-first pattern
(consistent with Heap::String::Set): the new buffer is allocated
first, and the old buffer is freed only after a successful
allocation. On allocation failure, the old buffer is preserved
and no dangling pointer is created.
Signed-off-by: Oblivionsage <cookieandcream560@gmail.com>
This commit updates `test-008-multicast-traffic.py` to use a strict
equality check for the number of multicast `ping` responses when the
ping originates from an SED.
The test now also verifies the `RxSuccess` IP counter on the SED to
ensure it increases by exactly the number of expected replies. This
confirms that the parent correctly avoids forwarding the original
multicast echo request back to the originating SED, even if the SED
is subscribed to the multicast address. This validates the behavior
introduced in PR #12329.
This commit adds Nexus test case 1_3_GEN_TC_2, which verifies mDNS TXT
record regeneration across factory resets in the Nexus simulation
environment.
The test ensures that key fields such as 'id' (Border Agent ID) and
'omr' (OMR prefix) are correctly updated in mDNS advertisements after
a settings wipe and network reset.
Key features of this implementation include:
- tests/nexus/test_1_3_GEN_TC_2.cpp: Sets up a Border Router, forms a
network, and validates initial mDNS state. It then performs an
otPlatSettingsWipe followed by a reset to trigger new configuration.
- tests/nexus/verify_1_3_GEN_TC_2.py: Implements robust packet
verification using hex-based marker matching for OMR prefixes to
accurately identify iteration-specific TXT records despite any
interleaved or stale mDNS packets in the capture.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh for automated build and execution.
This test validates that the Thread stack correctly manages persistent
state and re-generates unique identifiers upon a factory reset.
OpenThread's NAT64 translator assumed a fixed IPv4 header length of 20
bytes, which caused incorrect parsing and translation of IPv4 packets
containing options (IHL > 5).
Specifically, if an IPv4 packet with options was received:
1. The transport header was read from a fixed 20-byte offset, leading
to corruption of transport layer fields (e.g., UDP ports).
2. Only 20 bytes were removed from the message, leaving the IPv4
options at the beginning of the translated IPv6 payload.
3. Mandatory security checks for source route options were bypassed.
This commit fixes these issues by:
- Updating Ip4::Header to validate IHL and provide the actual header
length.
- Using the actual header length for transport header parsing and
IPv4 header removal in the NAT64 translator.
- Implementing a check to discard packets with LSRR or SSRR options
as required by RFC 7915.
A new Nexus regression test is added to verify the fix.
This commit adds Nexus test case 1_4_DNS_TC_1, which verifies that the
Thread Border Router DUT can successfully handle DNS queries with
multiple questions (QDCOUNT > 1), per the Thread 1.4 specification.
The implementation includes:
- tests/nexus/test_1_4_dns_tc_1.cpp: C++ test logic that sets up a
topology with Eth_1, BR_1 (DUT), Router_1, and ED_1. It registers
services via mDNS on Eth_1 and SRP on Router_1, and then performs
various DNS queries from ED_1, including multi-question queries.
- tests/nexus/verify_1_4_dns_tc_1.py: Python script that verifies
the DNS packet exchange in the pcap, ensuring that multi-question
queries are correctly received by the DUT and that valid responses
are returned.
- Integration into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh for automated building and execution.
This commit adds Nexus test case 1_4_TREL_TC_6, which verifies mDNS
discovery of the TREL service on a Border Router (DUT), per the Thread
1.4 specification.
The implementation includes:
- tests/nexus/test_1_4_TREL_TC_6.cpp: C++ test logic that sets up a
Border Router and a reference Ethernet device. It performs mDNS
browsing to capture the TREL service instance name and then
resolves that service.
- tests/nexus/verify_1_4_TREL_TC_6.py: Python script that verifies
the mDNS packet exchange in the pcap, including PTR, SRV, TXT, and
AAAA records, ensuring all DNS-SD parameters and fields are
correctly advertised.
- Integration into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh for automated building and execution.
This commit adds Nexus test case 1_4_TREL_TC_5, which verifies
MLE discovery scan behavior when nodes support different radio
links, per the Thread 1.4 specification.
The implementation includes:
- tests/nexus/test_1_4_TREL_TC_5.cpp: Sets up a topology with
three nodes: Node_1 (DUT) and Node_2 support both 15.4 and
TREL, while Node_3 supports 15.4 only. Each node forms its
own network. The test performs Discovery Scans from Node_2
and Node_3 and verifies that all expected peers are seen.
- tests/nexus/verify_1_4_TREL_TC_5.py: Verifies the exchange
of MLE Discovery Request and Response packets in the pcap
output, ensuring that nodes with different radio capabilities
can discover each other correctly.
- Updated tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh to include the new test in the
build and default test list.
This commit simplifies node naming in various Nexus test cases by
using the indexed `SetName(prefix, index)` flavor.
This replaces manual string formatting using `snprintf` or
`ot::String` buffers with the built-in indexed naming support.
This commit adds a new `AddTestVar` overload that accepts a
`uint32_t` value, simplifying the addition of numeric test
variables in Nexus tests.
Previously, adding a numeric test variable required manual string
formatting using a local `String` object. The new flavor handles
the uint to string conversion internally.
The change also introduces a `NewTestVar` private helper method in
the `Core` class to consolidate the logic for creating and
initializing a new `TestVar` entry.
Various Nexus test cases are updated to use the new `AddTestVar`
flavor, removing redundant string formatting code.
This commit updates `test_1_2_BBR_TC_3.cpp` to use the `Get<>()` method
when accessing the network name and extended PAN ID from the
`MeshCoP::Dataset::Info` instance.
This commit implements Thread 1.4 Test Case 8.4 (TREL-8.4), "Radio Link
(Re)discovery through Receive", using the Nexus simulation framework.
The test validates the multi-radio behavior of a Border Router (DUT)
and a Router neighbor, specifically focusing on TREL link state
transitions and rediscovery mechanisms.
Key test scenarios include:
- Initial topology formation with a multi-radio BR (DUT), a multi-radio
Router, and a 15.4-only End Device (ED).
- Preference detection for TREL vs. 802.15.4 radio links.
- Detection of TREL link failure and fallback to 802.15.4.
- TREL radio link rediscovery triggered by receiving messages from a
neighbor over the TREL interface.
- Continued reachability via TREL when the 802.15.4 radio link is
explicitly disabled.
The implementation consists of:
- tests/nexus/test_1_4_TREL_TC_4.cpp: C++ test logic for node
configuration, state transitions, and message exchange.
- tests/nexus/verify_1_4_TREL_TC_4.py: Python script for automated
packet-level verification of radio link selection.
- Integration into the Nexus build system and test runner.
This commit adds Nexus test case 1_3_GEN_TC_1, which verifies that the
Thread Version TLV uses the value '4' or higher, as required by the
Thread 1.3.x and 1.4.x specifications.
The implementation includes:
- tests/nexus/test_1_3_GEN_TC_1.cpp: C++ test logic that sets up a
topology with a Border Router, a Router, and an End Device. It
triggers MLE attachment procedures and discovery scans to generate
MLE packets containing the Version TLV. For 1.4 devices, it also
sends TMF Get Diagnostic Requests to verify the Version TLV in
DIAG_GET.rsp.
- tests/nexus/verify_1_3_GEN_TC_1.py: Python script that verifies
the MLE Version TLV in Parent Request/Response, Child ID Request,
and Discovery Response packets. It also verifies the Version TLV
in Network Diagnostic responses for 1.4 devices.
- Integration into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh for automated building and execution.
This commit adds Nexus test case 1_4_TREL_TC_3, which verifies the
multi-radio probe mechanism and TREL radio link rediscovery after a
temporary disconnect, according to the Thread 1.4 specification.
The implementation includes:
- tests/nexus/test_1_4_TREL_TC_3.cpp: Sets up a topology with a
multi-radio Border Router (DUT), a multi-radio Router, and a
15.4-only End Device. It simulates a TREL disconnect by disabling
the TREL interface on the Router, verifies that the DUT falls back
to 15.4, and then re-enables TREL to trigger and verify the probe
mechanism for link rediscovery.
- tests/nexus/verify_1_4_TREL_TC_3.py: Verifies the packet flow from
the pcap output, ensuring that TREL is used when available, 15.4
is used during the TREL disconnect, and TREL usage resumes after
rediscovery.
- Updated tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to include the new test in the build and default test list.
The test ensures that the Thread stack correctly manages link
preferences and successfully rediscovers more efficient radio links
using the multi-radio probe mechanism.
This commit adds Nexus test case 1_4_TREL_TC_2, which verifies 6LoWPAN
mesh header forwarding and fragmentation over multi-hop paths involving
both 15.4 and TREL radio links, according to the Thread 1.4 spec.
The implementation includes:
- tests/nexus/test_1_4_TREL_TC_2.cpp: Sets up a complex topology with
a multi-radio Border Router (DUT), a multi-radio Leader, and several
Routers and End Devices with varying radio capabilities (15.4-only
or multi-radio). It triggers pings with large payloads (500B) to
verify fragmentation and multi-hop routing through the DUT.
- tests/nexus/verify_1_4_TREL_TC_2.py: Verifies that packets follow the
expected multi-hop path, checking that TREL is used for infrastructure
segments (UDP) and 15.4 is used for Thread-only segments. It also
ensures that 6LoWPAN fragmentation and mesh headers are correctly
handled by the DUT when forwarding between different radio types.
- Updated tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to include the new test.
This test ensures that the Thread stack correctly handles multi-hop
routing and MTU differences across heterogeneous radio links.
This commit adds the Nexus test case 1_4_TREL_TC_1 which verifies
connectivity between multi-radio (15.4 and TREL) and single-radio
(15.4 only) devices, as per the Thread 1.4 test specification.
The implementation includes:
- tests/nexus/test_1_4_TREL_TC_1.cpp: Implements the test sequence.
It sets up a topology with a Border Router (DUT) and two Routers.
BR and Router_1 support both 15.4 and TREL, while Router_2 supports
only 15.4. The test verifies that nodes can correctly detect
neighbor radio capabilities and establishes connectivity using
both radio types.
- tests/nexus/verify_1_4_TREL_TC_1.py: Performs automated packet
verification. It ensures that traffic between multi-radio nodes
preferentially uses TREL (simulated over the infrastructure link
via UDP), while traffic involving the single-radio node uses 15.4.
It also validates successful ping exchange across the mixed-radio
topology.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test validates that the Thread stack correctly manages multiple
radio links and ensures seamless connectivity across different
physical layers.
This commit enables TREL by default for all Nexus tests to avoid
requiring multiple builds.
Key changes:
- Modified tests/nexus/build.sh to enable TREL (OT_TREL=ON) by default.
- Updated tests/nexus/test_border_admitter.cpp and
tests/nexus/test_border_agent.cpp to handle multiple mDNS services
in the platform layer, as TREL adds its own mDNS service.
- Refined tests/nexus/verify_1_2_BBR_TC_3.py to specifically filter
for MeshCoP mDNS services and made OMR prefix verification more
lenient to handle transitions in multi-radio environments.
- Updated .github/workflows/nexus.yml to use the default build for all
Nexus jobs and merged TREL tests into the cert tests job.
All 133 cert tests, core tests, and TREL tests passed successfully with
these changes.
This commit updates the TREL traffic simulation in the Nexus platform
to flow through the simulated infrastructure link. This ensures that
TREL packets are captured in the pcap file generated by the
infrastructure link, matching the behavior of mDNS traffic.
Key changes:
- Updated Trel::Send to use InfraIf::SendUdp instead of direct
delivery.
- Modified InfraIf::Receive to recognize TREL UDP packets and pass
them to the TREL platform layer.
- Removed the manual mPendingTxList from the Trel struct as
packets are now managed by the infrastructure interface's queue.
- Added initialization for the TREL platform layer in Core::CreateNode.
- Removed Core::ProcessTrel as TREL packets are now processed within
Core::ProcessInfraIf.
This change improves the realism of the TREL simulation and simplifies
packet capture for TREL-related tests.
This commit adds the Nexus test case 1_3_DPR_TC_2 which verifies
Service discovery of services on Thread and Infrastructure with
multiple Border Routers and multiple Thread networks, as per the
Thread 1.3 test specification.
The implementation includes:
- tests/nexus/test_1_3_DPR_TC_2.cpp: Implements the test sequence.
It sets up two isolated Thread networks, each with its own Border
Router (BR_1/DUT and BR_2) and End Device (ED_1 and ED_2),
attached via a shared infrastructure link. It simulates SRP
registration on both networks and verifies that services can be
discovered across networks using the Discovery Proxy function.
- tests/nexus/verify_1_3_DPR_TC_2.py: Performs automated packet
verification. It ensures both BRs correctly add SRP Server info
to their respective Network Data, SRP updates are successful,
and DNS queries (PTR and SRV) from one network successfully
discover services in the other network through the Discovery
Proxy and mDNS on the infrastructure link.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test validates that the Border Router's Discovery Proxy can
successfully discover and report services advertised by another
Border Router's Advertising Proxy function across an adjacent
infrastructure link.
This commit adds the Nexus test case 1_3_DPR_TC_1 which verifies
Discovery Proxy functionality on a Border Router, as per the
Thread 1.3 test specification.
The implementation includes:
- tests/nexus/test_1_3_DPR_TC_1.cpp: Implements the test sequence.
It sets up a topology with a Border Router (BR_1), a Thread End
Device (ED_1), and an infrastructure node (Eth_1). It simulates
Eth_1 advertising services via mDNS and ED_1 querying for those
services through the BR's Discovery Proxy.
- tests/nexus/verify_1_3_DPR_TC_1.py: Performs automated packet
verification. It ensures the BR correctly adds SRP Server info
to Network Data, Eth_1 advertises services, and ED_1 receives
a valid DNS response from the BR containing the discovered
infrastructure services.
- tests/nexus/openthread-core-nexus-config.h: Enables the
OPENTHREAD_CONFIG_DNSSD_DISCOVERY_PROXY_ENABLE configuration to
support Discovery Proxy testing in the Nexus environment.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test validates that the Border Router's Discovery Proxy can
successfully discover and report services from the infrastructure
link to Thread devices.
This commit adds the Nexus test case 1_3_DIAG_TC_2 which verifies
that an End Device correctly reports its diagnostic information and
MLE counters via Network Diagnostic queries, as per the Thread 1.4
test specification.
The implementation includes:
- tests/nexus/test_1_3_DIAG_TC_2.cpp: Sets up a topology with a Leader,
a Router, and a TD_1 (DUT) configured as a MED. It triggers Network
Diagnostic Get queries from the Leader to the DUT for various TLVs
including Max Child Timeout, EUI-64, Version, Vendor info, and MLE
Counters.
- tests/nexus/verify_1_3_DIAG_TC_2.py: Performs automated verification
of the captured traffic. It validates the presence and values of
requested TLVs (Type 19, 23-28) and ensures that MLE Counters (Type
34) reflect the expected role changes and tracking time.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures the correctness of Thread 1.4 End Device Diagnostic
and MLE Counter reporting, facilitating network health monitoring
and troubleshooting in a Thread network.
This commit hardens OpenThread against Mbed TLS/PSA ABI variation
across customer configurations. Because Mbed TLS/PSA does not
guarantee a stable ABI across build-time option sets,
application-level config changes can alter crypto context struct
size/layout, causing precompiled stack libraries to assume
incompatible memory layouts and potentially fail at runtime.
To address this, this PR makes the following changes:
1. Add OPENTHREAD_CONFIG_PLATFORM_ALLOCS_CRYPTO_CONTEXTS to let
platforms allocate/manage crypto contexts when required, while
preserving existing static context storage as the default path.
2. Update AES/HKDF/HMAC/SHA256 context initialization to support both
platform-managed and internally managed context memory models.
This commit adds the Nexus test case 1_3_DIAG_TC_1 which verifies
that a Thread Router correctly reports its child and neighbor
information via Network Diagnostic and MeshDiag queries, as per
the Thread 1.4 test specification.
The implementation includes:
- tests/nexus/test_1_3_DIAG_TC_1.cpp: Sets up a star topology with
a Leader, Router_1 (DUT), and various child nodes (FED, MED, SED,
REED). It triggers Network Diagnostic Get and MeshDiag queries
(QueryChildTable, QueryChildrenIp6Addrs, QueryRouterNeighborTable)
from the Leader to the DUT.
- tests/nexus/verify_1_3_DIAG_TC_1.py: Performs automated verification
of the captured traffic. It implements a custom TLV parser for
CoAP payloads to verify Max Child Timeout (19), Vendor/Stack info
(23-28), MLE Counters (34), Child Table (29), Child IPv6 (30),
and Router Neighbor (31) TLVs.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures the correctness of Thread 1.4 Router Diagnostic
and Child Information reporting, facilitating remote monitoring
and management of the Thread network.
This commit defines `AnswerTlvValue` to represent the value of an
Answer TLV, allowing it to be reused across different modules,
specifically `NetworkDiagnostic` and `HistoryTracker`.
The `AnswerTlv` implementation is also updated to use the
template-based `SimpleTlvInfo` pattern. This enables the use of
generic `Tlv::Append<AnswerTlv>()` and `Tlv::Find<AnswerTlv>()`
methods, which improves type safety and reduces manual TLV handling.
This commit adds the Nexus test case 1_3_SRPC_TC_7 which verifies
that a Thread device re-registers its service with the same KEY
record after a reboot, as per the Thread 1.3 test specification.
The implementation includes:
- tests/nexus/test_1_3_SRPC_TC_7.cpp: Executes the test sequence
by forming a Thread network with a Border Router (BR_1), a Router,
and a DUT (TD_1). It registers a service on the DUT, simulates a
reboot using Node::Reset(), and re-registers the same service.
- tests/nexus/verify_1_3_SRPC_TC_7.py: Performs automated verification
of the captured traffic. It ensures that the SRP Update sent after
reboot contains a KEY record identical to the one sent before
reboot. It includes a monkey-patch to access the
dns.key.public_key field in the packet verifier.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test validates that the SRP client correctly persists its key
material across reboots, which is essential for maintaining service
registration continuity.
This commit adds the Nexus test case 1_3_SRPC_TC_5 which verifies
that a DNS-SD client can correctly discover multiple services
registered via SRP, as per the Thread 1.3 test specification.
The implementation includes:
- tests/nexus/test_1_3_SRPC_TC_5.cpp: Executes the test sequence
by configuring a Border Router (BR_1), an End Device (ED_2)
registering 5 services with various TXT records, and a DUT
(TD_1). It instructs the DUT to browse for services, resolve
them, and send UDP packets to each resolved service. It verifies
the TXT record values and successful UDP transmissions.
- tests/nexus/verify_1_3_SRPC_TC_5.py: Performs automated
verification of the captured traffic (PCAP). It validates the
DNS query, the DNS response containing all 5 services, and the
subsequent UDP packets sent to the resolved addresses and ports.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures the correctness of DNS-SD client discovery logic
and its ability to handle multiple service responses in a Thread
network.
This commit adds the Nexus test case 1_3_SRPC_TC_4 which verifies
that an SRP client can correctly remove one service while leaving
other services registered, as per the Thread 1.3 test specification.
The implementation includes:
- tests/nexus/test_1_3_SRPC_TC_4.cpp: Executes the test sequence
by configuring a Border Router (BR_1) and an End Device (TD_1
as DUT). It instructs the DUT to register two services and then
remove the first service. It verifies that the SRP server handles
the removal correctly and only provides the remaining service in
subsequent DNS PTR queries.
- tests/nexus/verify_1_3_SRPC_TC_4.py: Performs automated
verification of the captured traffic (PCAP). It validates the
SRP Update messages for service registration and removal, and
checks that the DNS response from BR_1 only contains the
expected service.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures the correctness of SRP client service removal
logic and SRP server state management.
This commit adds the Nexus test case 1_3_SRPC_TC_1 which verifies
that the SRP client correctly handles re-registration with active
SRP servers, especially when multiple Border Routers are present,
as per the Thread 1.3 test specification.
The implementation includes:
- tests/nexus/test_1_3_SRPC_TC_1.cpp: Executes the test sequence
by configuring two Border Routers (BR_1 and BR_2), a Router,
and an End Device (ED_1 as DUT). It simulates BR_1 (the initial
SRP server) becoming unresponsive and verifies that the DUT
correctly switches to BR_2. It also verifies that the DUT
stays with its current server (BR_2) even when a numerically
lower server (BR_1) is re-enabled.
- tests/nexus/verify_1_3_SRPC_TC_1.py: Performs automated
verification of the captured traffic (PCAP). It checks for
correct SRP Update packets to the expected SRP servers and
validates that the DUT behavior matches the specification
criteria.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures robust SRP client behavior in dynamic networks
with multiple SRP servers.
This commit fixes an intermittent failure in the Nexus test
1_2_BBR_TC_2 by ensuring that the Backbone Router (BBR) service
is registered immediately when a node assumes the Leader role and
no primary BBR is active.
Previously, BbrLeader only tracked network data changes, and
BbrLocal applied a mandatory jitter delay before registration.
This created a race condition where another node could register
its BBR service before the new Leader, causing the Leader to
incorrectly skip its own registration.
Changes:
- Update BbrLeader to monitor role changes (kEventThreadRoleChanged).
- Modify BbrLocal to bypass registration jitter if the node is
the Leader and there is no existing primary BBR.
This commit adds the Nexus test case 1_3_SRP_TC_15 which verifies
that the SRP server and Border Router correctly handle services
that include additional subtypes, as per the Thread 1.3 test
specification.
The implementation includes:
- tests/nexus/test_1_3_SRP_TC_15.cpp: Executes the test sequence
by configuring a Border Router (BR_1 as DUT/Leader), an End
Device (ED_1), and an Infrastructure node (Eth_1). It simulates
adding, updating, and removing subtypes for a registered service
and verifies that the BR responds correctly to DNS and mDNS
queries for both basic types and subtypes.
- tests/nexus/verify_1_3_SRP_TC_15.py: Performs automated
verification of the captured traffic (PCAP). It checks SRP
updates, DNS resolutions, and mDNS responses to ensure that
subtypes are properly registered and advertised.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures robust support for SRP service subtypes and
their discovery across both Thread and Infrastructure links.
This commit adds the Nexus test case 1_3_SRP_TC_13 which verifies that
the SRP server and BR correctly handle SRP updates when a Thread
Device's IPv6 addresses change, as per the Thread 1.3 test
specification.
The implementation includes:
- tests/nexus/test_1_3_SRP_TC_13.cpp: Executes the test sequence by
configuring a Border Router (BR_1 as DUT/Leader), an End Device
(ED_1), and an Infrastructure node (Eth_1). It simulates address
updates on ED_1 and verifies that the BR updates its records and
correctly responds to DNS/mDNS queries.
- tests/nexus/verify_1_3_SRP_TC_13.py: Performs automated verification
of the captured traffic (PCAP). It checks SRP updates, DNS
resolutions, and mDNS responses to ensure they only contain the
updated addresses and not stale ones.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures that SRP and DNS discovery remain accurate when
device addresses are updated dynamically.
This commit updates recently added Nexus tests to use the new
SetGlobalLogLevel() method instead of the deprecated instance-specific
SetLogLevel(). This aligns with the recent changes in the logging
API which introduced per-instance log levels and repurposed the
global log level management.
The following test files were updated:
- tests/nexus/test_1_3_SRP_TC_11.cpp
- tests/nexus/test_1_3_SRP_TC_12.cpp
The change also wraps the call in SuccessOrQuit() to ensure that any
errors during log level configuration are caught, matching the
pattern used in other Nexus tests.
This commit simplifies the definition of `ThreadNetworkDataTlv`.
Previously, `ThreadNetworkDataTlv` included a 255-byte array to store
the Network Data TLVs. The code now relies on standard TLV parsing
methods like `Tlv::FindTlvValueOffsetRange()` and `Message::ReadBytes()`
to access the Network Data directly from the message payload.
This commit introduces the ability to set and manage log levels on a
per-instance basis when dynamic logging is enabled, while maintaining
backward compatibility with existing logging behaviors.
The existing `otLoggingGetLevel()` and `otLoggingSetLevel()` APIs are
repurposed to manage the "global" log level. They continue to behave
exactly as before in both single-instance and multi-instance
configurations, ensuring that existing users of these APIs do not need
to change their implementations. To provide more granular control, new
APIs `otGetLogLevel()` and `otSetLogLevel()` are added to handle
per-instance log levels.
Specifically, this commit makes the following changes:
- Adds `mLogLevel` to `Instance` to track the instance-specific log
level.
- Renames the global log level static variable to `sGlobalLogLevel` and
introduces `GetGlobalLogLevel()` and `SetGlobalLogLevel()` to manage
it in a multi-instance configuration.
- Updates `otGetLogLevel()` and `otSetLogLevel()` APIs to handle
per-instance log level retrieval and configuration. If a specific
level is not set for an instance, it falls back to the global
log level.
- Adds `mIsLogLevelSet` to distinguish between an explicitly set
instance log level and the global fallback in multi-instance builds.
- Introduces `otPlatLogHandleLogLevelChanged()` platform callback to
notify the platform when an instance-specific log level is updated.
- Updates Nexus tests to use `SetGlobalLogLevel()` instead of the
deprecated instance `SetLogLevel()` method.
This commit fixes an intermittent failure in the Nexus test
1_2_MATN_TC_9 by ensuring that the packet verification for Step 4b
does not advance the packet cursor prematurely.
In Step 4b, the test verifies that BR_2 (DUT) becomes the leader and
distributes its BBR dataset. It checks for both an MLE Advertisement
and an MLE Data Response from BR_2. However, these packets may arrive
in either order.
Previously, the check for the MLE Advertisement used must_next(),
which advanced the packet cursor. If the MLE Data Response arrived
before the Advertisement, the subsequent check for the Data Response
would fail because it started searching from after the Advertisement.
By using copy() for the MLE Advertisement check, we ensure that both
checks search from the same point in the packet log, making the test
robust against packet reordering.
This commit adds the Nexus test case 1_3_SRP_TC_12 which verifies
DNS/SRP service advertisement by all BRs in the Thread Network and
correct integration by the Leader, as per the Thread 1.3 test
specification.
The implementation includes:
- tests/nexus/test_1_3_SRP_TC_12.cpp: Executes the test sequence with
three Border Routers (BR_1 as DUT/Leader, BR_2, and BR_3). It
simulates adding faked high and low numerical addresses for Unicast
Datasets and adding an additional Anycast Dataset from BR_2. It
verifies the integration and withdrawal logic for SRP services.
- tests/nexus/verify_1_3_SRP_TC_12.py: Performs automated verification
of the captured traffic (PCAP). It checks the Thread Network Data
contained in MLE Data Responses for the presence of expected
Anycast and Unicast Datasets and the withdrawal of the DUT's
service when appropriate.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures that the DUT correctly manages multiple SRP server
entries in the network data based on their priority and numerical
address values.
This commit updates the `ThreadRouterMaskTlv` class definition to
include the `OT_TOOL_PACKED_BEGIN` and `OT_TOOL_PACKED_END` macros.
This class defines the structure of a TLV used in Thread messages
and directly maps to a memory buffer. Therefore, it must be properly
packed to ensure its memory footprint accurately reflects the wire
format and to prevent potential memory alignment padding.
Thankfully, this omission did not impact the format of this specific
TLV, as the alignment of its members natively matched the packed
layout.
This commit adds the Nexus test case 1_3_SRP_TC_11 which verifies that
SRP registration and mDNS discovery are correctly recovered after
various device reboots, as per the Thread 1.3 test specification.
The implementation includes:
- tests/nexus/test_1_3_SRP_TC_11.cpp: Executes the test sequence by
simulating reboots of a Thread End Device (ED_1), a Border Router
(BR_1), and an Infrastructure node (Eth_1). It ensures consistent
network datasets across reboots and uses direct method calls for
configuration.
- tests/nexus/verify_1_3_SRP_TC_11.py: Performs automated verification
of the captured traffic (PCAP). It uses specific MAC address filters
to reliably identify mDNS queries and responses across multiple
reboot scenarios where protocol exchanges may otherwise appear
identical.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures that SRP clients automatically re-register after
device or server reboots and that the BR correctly continues to
respond to mDNS queries on the infrastructure interface.
This commit adds the Nexus test case 1_3_SRP_TC_8 which verifies that
the SRP server correctly removes only selected service instances while
keeping others registered, as per the Thread 1.3 test specification.
The implementation includes:
- tests/nexus/test_1_3_SRP_TC_8.cpp: Executes the test sequence by
configuring a Thread Border Router (DUT), an End Device (ED), and
an Infrastructure node (Eth). It registers multiple services and
then removes one while verifying the remaining service.
- tests/nexus/verify_1_3_SRP_TC_8.py: Performs automated verification
of the captured traffic (PCAP), ensuring that SRP Updates, DNS
queries, and mDNS responses correctly reflect the removal of the
selected service and the persistence of the other.
- Integrated the new test into tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The test ensures that the SRP server properly handles service
deregistration according to the SRP draft and that DNS/mDNS discovery
responses are updated correctly.
This commit adds the Nexus test case 1_3_SRP_TC_6 which verifies that
the SRP server correctly handles SRP Updates both with and without
DNS name compression, according to the Thread 1.3 test specification.
The implementation includes:
- tests/nexus/test_1_3_SRP_TC_6.cpp: Executes the test sequence by
configuring a Thread Border Router (DUT), an End Device (ED), and
an Infrastructure node (Eth). It uses SetDnsNameCompressionEnabled()
to toggle name compression for SRP Updates.
- tests/nexus/verify_1_3_SRP_TC_6.py: Performs automated verification
of the captured traffic (PCAP), ensuring that SRP Updates, DNS
queries, and mDNS responses are correctly formatted and contain the
expected resource records.
- Updating tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to integrate the new test into the build and default test suite.
The test ensures that the SRP server can successfully parse uncompressed
names in SRP Updates and that subsequent DNS/mDNS discovery remains
functional for both compressed and uncompressed registration formats.
This commit refactors the `OmrPrefixManager` to decouple it from the main
`RoutingManager` policy evaluation cycle. This allows the OMR prefix to
be managed independently and published faster into the Network Data.
Previously, `OmrPrefixManager` relied on its `Evaluate()` method being
called during the main `RoutingManager::EvaluateRoutingPolicy()` cycle.
This meant it had to wait for other components to be ready — such as
sending Router Solicitations to discover other routers on the Adjacent
Infrastructure Link (AIL)—before taking action.
With this change, `OmrPrefixManager` operates independently. It can
evaluate its state as soon as the Border Router function is enabled and
`Start()` is called.
Additional improvements supporting this independent operation include:
- Replaces the `mIsLocalAddedInNetData` boolean with a `LocalPrefixState`
enum (`kNotAdded`, `kToAdd`, `kAdded`) to manage addition state and
support delayed updates.
- Introduces a random delay (`kMinDelayToAdd` to `kMaxDelayToAdd`)
before adding a self-generated OMR prefix to Network Data. This gives
the network time to settle, allowing other BRs or the `PdPrefixManager`
time to establish a prefix.
- Implements a retry mechanism with jitter for Network Data addition
failures, rather than silently ignoring them.
- Refactors `PdPrefixManager` to batch state changes via an `mEvents`
bitmask and process them through `mEventTask`. Changes are now handled
explicitly by `OmrPrefixManager::HandlePdPrefixManagerEvent()`, further
reducing unnecessary main routing policy evaluations.
This commit adds an API otDatasetIsValid to check whether the given
Operational Dataset contains all the required TLVs (Active Timestamp,
Channel, Channel Mask, Extended PAN ID, Mesh-Local Prefix, Network
Key, Network Name, PAN ID, PSKc, and Security Policy). This API also
checks whether there are duplicated TLVs or the TLVs are not
well-formed.
This commit removes three Python-based thread-cert scripts for v1.2
backbone router and multicast registration testing:
- v1_2_test_backbone_router_service.py
- v1_2_test_multicast_listener_registration.py
- v1_2_test_multicast_registration.py
These tests have been fully migrated to the Nexus simulation
framework, providing equivalent verification in a more robust and
scalable environment.
The equivalent Nexus test cases are already part of the repository:
- 1_2_BBR_TC_1, 1_2_BBR_TC_2, 1_2_BBR_TC_3
- 1_2_MATN_TC_1, 1_2_MATN_TC_2, ..., 1_2_MATN_TC_26
C++ promotes narrow integer types to int before applying ~ or unary -,
so the result is always int even when the variable being assigned to is
narrower. Clang accepted this silently for years due to a bug in its
range tracking (LLVM #126846, fixed March 2025); Clang 21, now included
in the latest Mac OS for example, correctly flags these as errors.
Add <static_cast> to the destination type at each affected spot.
This commit adds the Nexus test case 1_3_SRP_TC_5 which verifies SRP
KEY record inclusion and omission behavior according to the Thread 1.3
test specification (SRP TC-5).
The implementation includes:
- Adding mHostKeyRecordEnabled flag to Srp::Client to control host
KEY record inclusion in SRP Updates. This is enabled only when
OPENTHREAD_CONFIG_REFERENCE_DEVICE_ENABLE is defined.
- Implementing SetHostKeyRecordEnabled() and IsHostKeyRecordEnabled()
methods in Srp::Client.
- Modifying AppendHostDescriptionInstruction() in srp_client.cpp
to conditionally include the KEY record.
- Creating tests/nexus/test_1_3_SRP_TC_5.cpp to execute the test
sequence across multiple simulated nodes (BR_1, ED_1, Eth_1).
- Creating tests/nexus/verify_1_3_SRP_TC_5.py to perform automated
verification of the captured traffic.
- Updating tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh to include the new test.
The test ensures that the SRP server correctly handles updates with
and without service KEY records, omits KEY records in DNS/mDNS
responses, and rejects updates that omit all KEY records.
This commit adds a new Nexus test case 1_3_SRP_TC_4 which implements
the test specification for SRP key lease handling.
The test verifies that:
- A service instance name cannot be claimed even after the service
instance lease has expired, as long as its key lease remains active.
- The SRP server correctly manages key leases and rejects registration
updates for hosts or services that are still claimed by a previous
registration during the key lease period.
- DNS and mDNS responses correctly reflect the state of registrations
and their expirations.
Changes:
- Add tests/nexus/test_1_3_SRP_TC_4.cpp for test execution.
- Add tests/nexus/verify_1_3_SRP_TC_4.py for pcap verification.
- Update tests/nexus/CMakeLists.txt to include the new test.
- Update tests/nexus/run_nexus_tests.sh to add it to DEFAULT_TESTS.
This commit removes the `Tlv::ReadTlvValue()` method which is no
longer needed or used. The same functionality is provided through
the `Tlv::Info` class, specifically using its `ParseFrom()` and
`ReadValue()` methods. This approach is safer and provides more
comprehensive information about the parsed TLV.
The unit tests are also updated to replace the usage of the removed
method with the new `Tlv::Info` based approach.
This commit introduces node-specific log files for Nexus tests. Each
created node can save its OpenThread logs into a separate file
`ot-logs<id>.log`.
The generation of log files is controlled by the environment variable
`OT_NEXUS_SAVE_LOGS`. By default, it is disabled, but it can be
activated by setting the environment variable to "1", "yes", "true",
"on", or "t".
This commit also refactors the Nexus platform logging logic into a new
`nexus_logging.cpp` file and improves the log message format in `stdout`
to include a standard timestamp using `UptimeToString()`.
This commit updates the `BBR_TC_3` Nexus test to use two separate host
nodes, `HOST_1` and `HOST_2`, for sending mDNS queries.
By using distinct host nodes, the packet verification script can now
unambiguously identify and track queries from different test steps
based on their source Ethernet MAC address. This improves the
robustness of the test by reducing reliance on packet sequence
numbers for isolation which can be fragile due to possible multiple
transmission of mDNS query message.
Specifically, `HOST_1` is used for queries in steps 1, 5, and 12,
while `HOST_2` is dedicated to the query in step 9. Both the C++ test
logic in `test_1_2_BBR_TC_3.cpp` and the Python verification script in
`verify_1_2_BBR_TC_3.py` are updated to reflect this change.
This commit updates `Mle::HandleUdpReceive()` to avoid logging an error
when an MLE message is received while MLE is disabled.
When `IsDisabled()` is true, the `VerifyOrExit` macro now exits the
method without setting `error` to `kErrorInvalidState`. This ensures
that the `LogProcessError()` call at the `exit` label does not emit an
error log. This reduces log spam during testing/debugging.
This commit provides the platform-level implementation for the
instance-aware logging API `otPlatLogOutput()`. This API is used when
`OPENTHREAD_CONFIG_LOG_INSTANCE_AWARE_API_ENABLE` is enabled, allowing
the platform to receive the `otInstance` pointer with each log line.
The new API is implemented across:
- The simulation platform logging.
- The POSIX platform using `syslog()`.
- The NCP base to route logs to the NCP host.
- The CLI logging module.
- Unit tests and mock platforms.
The `OPENTHREAD_CONFIG_LOG_INSTANCE_AWARE_API_ENABLE` configuration is
also enabled for Toranj simulations to support multi-instance log
testing.
This commit adds support for `OPENTHREAD_CONFIG_LOG_PREPEND_UPTIME` in
multi-instance builds.
When `OPENTHREAD_CONFIG_MULTIPLE_INSTANCE_ENABLE` is enabled, the uptime
is retrieved from the currently active `Instance` using
`Instance::GetActiveInstance()`. This requires
`OPENTHREAD_CONFIG_LOG_INSTANCE_AWARE_API_ENABLE` to be enabled so that
the `Logger` can identify the instance and access its `UptimeTracker`.
A compile-time check is added to ensure that
`OPENTHREAD_CONFIG_LOG_INSTANCE_AWARE_API_ENABLE` is set when
`OPENTHREAD_CONFIG_LOG_PREPEND_UPTIME` is used in a multi-instance
build.
This commit adds a new Nexus test case 1_3_SRP_TC_3 which implements
the test specification for service instance lease renewal and
automatic service/host removal.
The test covers:
- SRP service registration and discovery via DNS and mDNS.
- SRP lease renewal before expiration.
- Automatic removal of SRP services and hosts after lease expiration.
- Verification of DNS and mDNS responses after lease expiration,
ensuring that expired records are no longer returned.
Changes:
- Add tests/nexus/test_1_3_SRP_TC_3.cpp for test execution.
- Add tests/nexus/verify_1_3_SRP_TC_3.py for pcap verification.
- Update tests/nexus/CMakeLists.txt to include the new test.
- Update tests/nexus/run_nexus_tests.sh to add it to DEFAULT_TESTS.
This commit adds a new Nexus test case 1_3_SRP_TC_2 which implements
the test specification for handling name conflicts in SRP host and
service registrations.
The test covers:
- Handling name conflicts in Host Description records.
- Handling name conflicts in Service Description records.
- Verifying that original services are discoverable on the AIL
while conflicting services are correctly rejected and not seen.
- Validating mDNS discovery on the adjacent infrastructure link
using direct method calls for SRP and DNS-SD operations.
Changes:
- Add tests/nexus/test_1_3_SRP_TC_2.cpp for test execution.
- Add tests/nexus/verify_1_3_SRP_TC_2.py for pcap verification.
- Update tests/nexus/CMakeLists.txt to include the new test.
- Update tests/nexus/run_nexus_tests.sh to add it to DEFAULT_TESTS.
In testing I have observed some failures to attach due to a `Child ID
Request` or `Child ID Response` getting lost in the air causing the
attaching device to start it's own new partition (assuming FTD).
When attaching, after selecting a parent candidate from the responses
to a multicast `Parent Request` message, devices only have one shot to
send and receive a response to a `Child ID Request`. There is a higher
rate of failure in this sequence during high traffic periods such as
formation and reset, which will cause more devices than desired to
fail the attachment process (and become their own leader if an FTD).
This commit aims to help address this by adding 2 additional retries
to `Child ID Request` messages, which gives devices a much better
chance of attaching the first time.
This commit adds a new Nexus test case 1_3_SRP_TC_1 which verifies
SRP registration and discovery in a topology with a Border Router.
The test covers:
- SRP server registration in Thread Network Data.
- SRP service registration by a Thread End Device.
- Unicast DNS queries over the Thread interface.
- mDNS discovery over the Infrastructure interface.
Changes:
- Add tests/nexus/test_1_3_SRP_TC_1.cpp for test execution.
- Add tests/nexus/verify_1_3_SRP_TC_1.py for pcap verification.
- Update tests/nexus/CMakeLists.txt and run_nexus_tests.sh.
- Extend pktverify library (consts.py, layer_fields.py) to support
DNS/mDNS and SRP-specific fields.
This commit updates the `Mle` router role downgrade logic. When a
REED transitions to a router in response to a Child ID Request, it
indicates that the attaching child has no other viable parent options.
To ensure this child remains connected to the mesh, this commit
prevents the newly promoted router from downgrading back to a REED.
A new flag `mBlockDowngrade` is added to `Mle`, and a matching
property `mBlockParentDowngrade` is added to `Child` to track if it is
blocking its parent's downgrade. The downgrade restriction is lifted
under specific conditions: when the device detaches, when a new router
is added to the network (providing a potential alternative parent for
the child), or when all children blocking the downgrade are removed.
A new nexus test `test_mle_blocking_downgrade` is added to validate
the new behavior.
This commit removes the active node tracking logic from the Nexus
simulation framework.
Previously, `Core` maintained a pointer to the `mActiveNode` and updated
it dynamically during processing and network events. This was necessary
so that log messages could be attributed to the correct node/instance.
With the recent introduction of "instance-aware logging" in the OpenThread
core, the logging mechanism natively knows which `otInstance` generated a
log. Therefore, manually tracking and context-switching the active node
in the Nexus framework is no longer required.
This change simplifies `nexus::Core`, removes context-switching overhead
from heavily utilized inline methods like `Node::Get<Type>()`, and allows
us to simplify the signature of `InfraIf::Receive()`.
This commit adds a new Nexus test case 1_3_DBR_TC_10 which implements
the test specification for reachability, OMR address configuration,
and default route processing in a Thread network with a Border Router.
The test ensures that:
- End Devices correctly configure OMR addresses from OMR prefixes.
- Routers correctly process and route packets based on external
(default) routes advertised by Border Routers.
- Border Routers can manage default routes using both external route
TLVs (::/0) and the P_default flag in OMR prefixes.
Changes:
- Add tests/nexus/test_1_3_DBR_TC_10.cpp for test execution.
- Add tests/nexus/verify_1_3_DBR_TC_10.py for pcap verification.
- Update tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to include the new test.
This commit adds several new helper methods to tests/nexus/verify_utils.py
to simplify common verification tasks in Nexus tests:
- check_ra_has_rio: verify presence and preference of RIO in RA.
- check_ra_has_pio: verify presence of PIO in RA.
- check_nwd_has_route: verify presence and preference of external
route in Network Data.
Existing tests (1_3_DBR_TC_7A/B/C and 1_3_DBR_TC_8) are updated to use
these new helper methods, which improves code readability and
consistency across the Nexus test suite.
This commit introduces the 1_3_DBR_TC_8 Nexus test case, which
verifies bi-directional reachability in a topology with multiple
Border Routers (BRs) and the presence of OMR prefixes with different
lifetimes.
Key features of this test:
- Simulates a network with two BRs and a Thread Router.
- Configures an infrastructure link with a GUA prefix.
- Configures an OMR prefix (OMR_4, P_preferred=false) in Network
Data and ensures the DUT BR correctly generates its own OMR
prefix when existing ones are not usable.
- Verifies that the DUT BR correctly multicasts Router
Advertisements (RAs) on the infrastructure link containing OMR
routes but excluding deprecated OMR_4 routes.
- Confirms bi-directional ICMPv6 connectivity between an
infrastructure device and a Thread Router.
- Ensures the DUT BR continues to advertise OMR routes even after
the originating BR (BR_2) is disabled.
The implementation includes:
- tests/nexus/test_1_3_DBR_TC_8.cpp: Test execution logic using
direct method calls and Note-level logging.
- tests/nexus/verify_1_3_DBR_TC_8.py: PCAP-based verification script
with robust Network Data and RA checking.
- Updates to tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh to register the new test case.
This commit introduces the 1_3_DBR_TC_7C Nexus test case, which
verifies bi-directional reachability in a topology with multiple
Border Routers (BRs) and the presence of non-OMR prefixes.
Key features of this test:
- Simulates a network with two BRs and a Thread Router.
- Configures an infrastructure link with a GUA prefix.
- Configures a non-OMR prefix (PRE_1, P_on_mesh=false) in Network
Data and ensures the DUT BR correctly generates its own OMR
prefix when existing ones are not usable.
- Verifies that the DUT BR correctly multicasts Router
Advertisements (RAs) on the infrastructure link containing OMR
routes but excluding PRE_1 routes.
- Confirms bi-directional ICMPv6 connectivity between an
infrastructure device and a Thread Router.
- Ensures the DUT BR continues to advertise OMR routes even after
the originating BR (BR_2) is disabled.
The implementation includes:
- tests/nexus/test_1_3_DBR_TC_7C.cpp: Test execution logic using
direct method calls and Note-level logging.
- tests/nexus/verify_1_3_DBR_TC_7C.py: PCAP-based verification script
with robust Network Data and RA checking.
- Updates to tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh to register the new test case.
This commit adds `otPlatLogOutput()`, a new platform logging API that
provides the `otInstance` pointer along with a pre-formatted log
string. This addresses the limitation of the existing `otPlatLog()` in
multi-instance builds, where the function cannot reliably determine
which OpenThread instance generated the log.
`OPENTHREAD_CONFIG_LOG_INSTANCE_AWARE_API_ENABLE`, is introduced to
enable this behavior. When enabled, `Logger::Log()` resolves the
active instance (via a tracked global pointer `gActiveInstance`)
and passes it to `otPlatLogOutput()`.
To support tracking the active instance context,
`UpdateActiveInstance()` is added and called during standard
instance retrieval paths, such as `Locator::GetInstance()` and
`Message::GetInstance()`. The TCP endpoints and listeners are also
updated to track the active instance when their `GetInstance()` methods
are invoked.
The Nexus testing platform is updated to enable this configuration
and implement `otPlatLogOutput()` to print the instance ID alongside
the log line, simplifying log tracing in multi-node simulations.
This commit simplifies the logic for updating the local OMR prefix
within `RoutingManager::OmrPrefixManager`.
The process of updating the prefix in `UpdateLocalPrefix()` is
consolidated into a single flow. Instead of multiple paths clearing
the old prefix from `NetworkData` and logging changes, the method now
determines the appropriate `prefix`, `preference`, and `origin`
(`kSelfGenerated`, `kCustom`, `kDhcp6Pd`), and delegates the change
to a shared sequence at the end of the method.
It also adds a `Matches()` method to `OmrPrefix` to efficiently check
if a given `Ip6::Prefix` and `RoutePreference` match the current OMR
prefix, avoiding unnecessary copies during updates.
Additionally, this change standardizes the log output format for local
OMR prefix updates by utilizing `LocalToString()` and ensures
the prefix's route preference is consistently included.
This commit introduces the 1_3_DBR_TC_7B Nexus test case, which
verifies bi-directional reachability in a topology with multiple
Border Routers (BRs) and the presence of deprecated prefixes.
Key features of this test:
- Simulates a network with two BRs and a Thread Router.
- Configures an infrastructure link with a GUA prefix.
- Configures a deprecated prefix (PRE_1, P_preferred=false) in
Network Data and ensures the DUT BR correctly generates its own
OMR prefix when existing ones are not usable.
- Verifies that the DUT BR correctly multicasts Router Advertisements
(RAs) on the infrastructure link containing both OMR and PRE_1
routes.
- Confirms bi-directional ICMPv6 connectivity between an
infrastructure device and a Thread Router.
- Ensures the DUT BR continues to advertise PRE_1 routes even after
the originating BR (BR_2) is disabled, as long as the prefix
remains in Network Data.
The implementation includes:
- tests/nexus/test_1_3_DBR_TC_7B.cpp: Test execution logic using
direct method calls and Note-level logging.
- tests/nexus/verify_1_3_DBR_TC_7B.py: PCAP-based verification script
with robust Network Data flag checking.
- Updates to tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh to register the new test case.
This commit introduces the 1_3_DBR_TC_7A Nexus test case, which verifies
bi-directional reachability in a topology with multiple Border Routers
(BRs) and the presence of non-OMR prefixes.
Key features of this test:
- Simulates a network with two BRs and a Thread Router.
- Configures an infrastructure link with a GUA prefix.
- Configures a non-OMR prefix (PRE_1) in Network Data and ensures the
DUT BR correctly generates its own OMR prefix when existing ones are
not usable (e.g., SLAAC disabled).
- Verifies that the DUT BR correctly multicasts Router Advertisements
(RAs) on the infrastructure link containing both OMR and PRE_1 routes.
- Confirms bi-directional ICMPv6 connectivity between an infrastructure
device and a Thread Router.
- Ensures the DUT BR continues to advertise PRE_1 routes even after the
originating BR (BR_2) is disabled, as long as the prefix remains in
Network Data.
The implementation includes:
- tests/nexus/test_1_3_DBR_TC_7A.cpp: Test execution logic using direct
method calls and Note-level logging.
- tests/nexus/verify_1_3_DBR_TC_7A.py: PCAP-based verification script
with robust Network Data flag checking.
- Updates to tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to register the new test case.
In order to facilitate a well-staged post reset process for a larger
size link, it is important to consider the timing of devices returning
to the link.
With the changes in this PR, that timing will be as follows:
1. The leader and routers will begin sending link request messages in
an attempt to reattach to the previous partition.
2. Both the leader and routers will have 4 attempts to reconnect,
afterwords falling back to attach any.
3. The leader here is given a 2s retry window (jittered 10% either
way), for a worst-case (tightest timing vs routers) of 4x2.2s =
8.8s before starting attachment.
4. The routers here are given the normal 5s multicast retx delay with
the same 10% jitter, resulting in a tightest timing (shortest) of
4x4.5s = 18s
5. For this analysis, the jitter during the attach process is ignored
because it will not be particularly significant, so we assume both
flow through a nominal failed attachment of 2x0.75s (routers) +
4x1.25s (reeds) = 6.5s
6. This means that the previous leader will start the new partition
around 15.3s after starting.
7. The former routers would fall back to starting a new partition on
their own at 24.5s after reset.
This timing leaves 9.2s of leeway (greater than the length of the full
attachment process) for the routers to get parent responses from the
old leader which has started the new partition and attach instead of
starting their own partitions.
This also leaves sufficient time between the router attachment and
children timing out of their role restoration process to attach to
their former parents.
Additionally, 4 attempts should be more than sufficient with this
timing to successfully reattach to a partition that did not also
reset. If a link request sent in this period is not accepted, then the
old partition can be safely assumed to be gone, or removed links to
the reset device.
Routers with children and the leader will also benefit in
single-device reset cases here because they are able to rejoin more
quickly. Only routers with very few/no children are slowed down in
re-attachment by 5s.
This adds a new --settings-file launch option that allows specifying
a fixed base name for the settings file, overriding the default
EUI64-based naming scheme.
When an RCP device is replaced, the new device has a different EUI64,
which causes the host to lose access to its previously stored dataset.
By using --settings-file, the settings file name remains stable across
RCP replacements, preserving the Thread network configuration.
Ref: https://github.com/orgs/openthread/discussions/12428
This commit introduces the 1_3_DBR_TC_6 Nexus test case to verify
bi-directional reachability in a multi-BR topology with existing
IPv6 infrastructure.
Key changes:
- Implement tests/nexus/test_1_3_DBR_TC_6.cpp and its corresponding
pcap-based verification script tests/nexus/verify_1_3_DBR_TC_6.py.
- Enhance the Nexus platform InfraIf class to support constructing
and sending ICMPv6 Router Advertisements (RA) with PIO and RIO.
- Add RouterAdvertisementStart() and RouterAdvertisementStop() to
InfraIf for managed periodic unsolicited RA transmissions.
- Update Core::Process() to drive the periodic RA logic in InfraIf.
- Implement response logic for ICMPv6 Router Solicitations in
InfraIf when RA advertising is enabled.
- The 1_3_DBR_TC_6 test validates that the DUT BR correctly adopts
existing OMR prefixes, advertises an external default route (::/0),
and sends appropriate RAs on the infrastructure link.
- Register the new test case in tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
This commit updates the conditional compilation for the multiple
static instances array in `Instance`. It adds a check for
`OPENTHREAD_CONFIG_MULTIPLE_INSTANCE_ENABLE` alongside
`OPENTHREAD_CONFIG_MULTIPLE_STATIC_INSTANCE_ENABLE`.
This commit adds `CloneMessage()`, `CloneMessageWithoutFooter()`,
and `CloneMessageWithout<Footer>()` methods to the `MessageAllocator`
class. These methods simplify creating copies of messages by
automatically applying the correct `kReservedHeader` size. It also
updates existing code in `CoapBase`, `Dns::Client`, `Sntp::Client`,
and `Mle` to utilize these new methods.
Additionally, this commit updates the `Clone()` method in `Message`
to be a template method, accepting a `CloneMode` to specify whether
the cloned message should retain the reserved header or have no
reserved header. The documentation for the clone methods has also
been updated to clarify which message fields are copied during the
cloning process.
This commit introduces the 1_3_DBR_TC_3 nexus test case to verify
bi-directional reachability between multiple Thread networks connected
via a common infrastructure link.
The test verifies that independent Thread networks, each with its own
Border Router (BR) connected to the same infrastructure link, can
successfully route traffic to each other. This confirms reachability
in multi-Thread network environments where no existing IPv6
infrastructure is present.
Key changes:
- Implement test_1_3_DBR_TC_3.cpp to simulate a topology with two
Thread networks (BR_1/ED_1 and BR_2/ED_2) and verify end-to-end
ping success between End Devices.
- Implement verify_1_3_DBR_TC_3.py for pcap-based validation of:
- Network Data registration of OMR and infrastructure prefixes.
- RA multicasts on the infrastructure link with correct RIO/PIO.
- Proper mapping of Extended PAN ID into the infrastructure ULA.
- Bi-directional ICMPv6 connectivity between End Devices.
- Register the new test case in CMakeLists.txt and run_nexus_tests.sh.
Thread spec doesn't define the order of TLVs in the dataset, so that
we can't call `memcmp` to compare two dataset. If we convert the
dataset to otOperationalDataset and then compare each value of
otOperationalDataset, we will met an issue if the new Thread spec
defines new TLVs in the dataset in the future.
This commit add a new dataset API `otDatasetTlvsCompare` to check
whether two dataset contain the exact same set of TLVs (same types and
values).
This commit introduces a new `Event` enumeration in `RouterTable`
along with an `Events` bit-field to track and indicate specific changes
that occur within the table. The `SignalTableChanged()` method is
updated to accept these events, replacing the previous parameterless
version. A new `LogEvents()` method is also added to log a summary of
the changes whenever the table is updated, improving debugging and
visibility into the router table's state.
This commit refactors the verification logic for Distributed Border
Router (DBR) tests in the Nexus framework to enhance robustness and
reliability.
Key changes include:
- Introduced verify_utils.check_nwd_prefix_flags() to handle complex
Thread Network Data structures, allowing for precise verification of
Prefix TLV flags and Border Router sub-TLV flags even when multiple
prefixes are present.
- Updated verify_1_3_DBR_TC_1.py and verify_1_3_DBR_TC_2.py to use
the new helper and improved the identification of OMR and ULA
prefixes in Network Data by iterating through TLV types.
- Added verification for Preferred and Valid Lifetimes in ICMPv6 Prefix
Information Options (PIO) within Router Advertisements.
- Enhanced pktverify to support icmpv6.opt.pio_valid_lifetime and
ensured proper mapping of PIO lifetime fields.
- Simplified MLE Data Response filtering in verify_1_3_DBR_TC_1.py
for better maintainability.
This commit introduces the 1_3_DBR_TC_2 nexus test case to verify
bi-directional reachability between Thread and infrastructure devices
in a topology with multiple Border Routers.
Key changes:
- Implement test_1_3_DBR_TC_2.cpp for step-by-step execution logic.
- Implement verify_1_3_DBR_TC_2.py for pcap-based verification.
- Enable OPENTHREAD_CONFIG_BORDER_ROUTING_TESTING_API_ENABLE in nexus
platform configuration to support prefix manipulation.
- Add icmpv6.opt.pio_preferred_lifetime to pktverify layer fields.
- Register the new test case in CMakeLists.txt and the default nexus
test run script.
- Refactor verify_1_3_DBR_TC_1.py and verify_1_3_DBR_TC_2.py to move
nested helper functions to the top level for better modularity.
- Remove an unnecessary Deinit() call in test_1_3_DBR_TC_1.cpp and
its definition in nexus_infra_if.hpp.
The test verifies:
- Border Router adoption of existing OMR prefixes in the network.
- Router Advertisement (RA) behavior on the infrastructure link,
including correct RIO options and suppression of non-deprecating PIOs
when another BR is present.
- Bi-directional reachability between Thread End Devices and Adjacent
Infrastructure Link (AIL) hosts during BR transitions.
- Automatic election of a new Leader and promotion to Primary BR upon
loss of the previous Leader.
- Correct derivation of BR ULA prefixes from the Extended PAN ID.
Nexus test 1_2_BBR_TC_3 occasionally fails during Step 6 after a
device reboot. The failure occurs because the Backbone Router (BBR)
is reported as active in the mDNS state bitmap ('sb' record), but
the mandatory 'omr' record is not yet present in the response.
This transient state happens because the BBR function is enabled
immediately upon attachment, whereas the Routing Manager requires
a brief period to establish and favor an OMR prefix.
This commit updates the Python verification script to filter for
mDNS responses that include the 'omr' record in Steps 6 and 13. This
allows the test to wait for the complete state to be published
naturally, rather than failing on the first transient packet
received.
Validated with 50 successful sequential executions of the test.
This commit implements the 1_3_DBR_TC_1 nexus test case to verify
bi-directional reachability between Thread and infrastructure
devices with a single Border Router.
Key changes:
- Implement test_1_3_DBR_TC_1.cpp for step-by-step execution logic.
- Implement verify_1_3_DBR_TC_1.py for pcap-based verification.
- Enhance Nexus InfraIf platform to support Deinit() for AIL
disconnection.
- Update InfraIf::Receive() to check initialization status and
ignore kErrorDrop from SendRaw() to handle legitimate packet
drops in the stack.
- Register the new test case in CMakeLists.txt and the default
nexus test run script.
The test verifies:
- Automatic OMR and on-link prefix registration in Network Data.
- Periodic ND Router Advertisement multicast on the infrastructure
link with correct PIO/RIO options and Extended PAN ID derivation.
- Bi-directional reachability between Thread End Devices (OMR) and
Infrastructure Hosts (ULA).
- Strict enforcement of non-forwarding rules for link-local and
Mesh-Local EID traffic between the Thread and infrastructure
networks.
Nexus test 1_2_BBR_TC_2 was occasionally failing at Step 14.
In this step, the previous leader (Router_1) is disabled, and
the DUT (BR_1) is expected to become the new leader and the
Primary Backbone Router (BBR).
The original wait time was 200 seconds (kAttachToRouterTime).
However, analysis showed that routers wait for the MLE Router
ID Timeout (120 seconds) before initiating a new leader election.
Combined with election jitter and BBR registration time, this
sometimes exceeded the 200-second window.
This commit increases the wait time in Step 14 to 400 seconds
(kAttachToRouterTime * 2) to provide sufficient buffer for the
leader transition and BBR registration, effectively resolving
the flake.
This commit updates the `Tlv::Append()` method template to accept a
`uint16_t` for the `aLength` parameter instead of `uint8_t`. This
change aligns the template method with the underlying `AppendTlv()`
method, allowing it to correctly append both regular and extended
TLVs based on the provided length.
The Doxygen comments are also updated to clarify that the TLV is
appended as either a regular or an extended TLV depending on whether
the length is greater than `kBaseTlvMaxLength`.
This commit implements the BBR-TC-03 test case in the Nexus simulation
framework to verify that a Backbone Router (BBR) function can be
discovered using mDNS and that changes are correctly reflected.
Key implementation details include:
- Implementation of BBR-TC-03 in C++ simulating a topology with two
Border Routers (BR_1 as initial Primary BBR, BR_2 as Secondary)
and a non-Thread IPv6 Host used for mDNS queries.
- Use of direct method calls instead of OpenThread public APIs where
appropriate, following Nexus test conventions.
- Configuration of the test environment including fixed Operational
Datasets to ensure predictable verification.
- Simulation of various network states:
- Initial Primary/Secondary BBR discovery.
- BBR function persistence after device reboot.
- Role transition (Secondary becoming Primary) when the original
Primary BBR powers down.
- Secondary BBR discovery when the original Primary BBR rejoins.
- Addition of a Python verification script to validate mDNS packets on
the simulated infrastructure link, checking for:
- Correct mDNS query/response exchanges between Host and BBRs.
- Presence and format of mandatory TXT records (dn, bb, sq, rv, tv,
sb, nn, xp, omr).
- Proper state bitmap (sb) transitions reflecting Primary vs.
Secondary status.
- Inclusion of the full test specification as inline comments in both
C++ and Python files, adhering to strict formatting requirements.
- Registration of the new test case in tests/nexus/CMakeLists.txt and
the default test list in tests/nexus/run_nexus_tests.sh.
- Setting log level to 'note' for improved visibility into state
transitions.
This commit updates `ChildTableTlvEntry` to better support the packing
and parsing of child entries in a `ChildTableTlv`. It introduces an
`InitFrom()` method to encode an entry directly from a `Child`
object, and a `Parse()` method to extract values into a `ParseInfo`
struct, improving modularity and simplifying usage.
Additionally, it consolidates the logic for calculating the timeout
exponent and decoding it back to a timeout value directly within the
`ChildTableTlvEntry` class. It also introduces `ParseChildTable()` in
`NetworkDiagnostic::Client` to clean up the child table parsing
loop.
Update mDNS traffic simulation in the Nexus platform to flow through
the simulated infrastructure link. This ensures mDNS packets are
automatically written to the PCAP file generated by the simulated
infrastructure link.
Changes:
- Wrap mDNS messages in UDP/IPv6 headers and enqueue them on the
simulated infrastructure interface (InfraIf).
- Implement a new SendUdp overload in InfraIf that accepts a Message
payload.
- Update InfraIf::Receive to intercept mDNS UDP packets (port 5353)
and deliver them to the Mdns module.
- Remove the dedicated ProcessMdns loop and manual PendingTx list from
Core and Mdns, consolidating traffic processing through InfraIf.
- Initialize Mdns with a reference to the Node to allow access to
InfraIf.
- Add GetMulticastAddress static helper to Mdns for 'ff02::fb'.
This commit updates various CMake configuration files to simplify
the check for Apple platforms. It replaces the `CMAKE_CXX_COMPILER_ID`
check for `AppleClang` with the built-in `APPLE` variable across
multiple targets (such as `ftd`, `mtd`, `cli`, and others). This
ensures that Apple-specific linker and compiler flags (like `-Wl,-map`
and `-Wimplicit-int-conversion`) are correctly applied when building
on macOS, regardless of the specific compiler used.
Additionally, this commit updates `CMakeLists.txt` to explicitly set
the `CMAKE_AR` and `CMAKE_RANLIB` paths to the default system
locations (`/usr/bin/ar` and `/usr/bin/ranlib`) when the `APPLE`
variable is set.
This commit implements the BBR-TC-02 test case in the Nexus simulation
framework to verify that if two BBR Datasets are present in a network,
the Backbone Router (BBR) that is not elected as Primary will delete
its own BBR Dataset from the Network Data.
Key implementation details include:
- Implementation of BBR-TC-02 in C++ simulating a topology with two
Border Routers (BR_1 as DUT/initial Primary, BR_2) and a Thread
Router as Leader.
- Verification of BR_1's role switch from Primary to Secondary when it
detects a BBR Dataset with a higher sequence number (BR_2's dataset).
- Verification that BR_1 sends a Server Data notification to the Leader
to remove its BBR Dataset upon switching to the Secondary role.
- Verification that BR_1 (as Secondary BBR) correctly rejects MLR.req
messages with ST_MLR_BBR_NOT_PRIMARY.
- Verification that BR_1 automatically resumes the Primary BBR role
and becomes Leader when Router_1 and BR_2 are removed from the
network.
- Addition of a Python verification script to validate:
- Correct sequence of SVR_DATA.ntf CoAP requests for BBR Dataset
registration and removal.
- Correct handling of MLR.req with ST_MLR_BBR_NOT_PRIMARY error.
- Correct filtering of Thread Network Data TLVs in CoAP payloads.
- Inclusion of the full test specification as inline comments in both
the C++ and Python files.
- Use of direct core method calls in C++ and adherence to strict
formatting rules in both files.
- Registration of the new test case in tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
The cli config `OPENTHREAD_CONFIG_CLI_BLE_SECURE_ENABLE` was
duplicated in `cli_config.h`.
Their default values were even conflicting.
Changes:
* Remove second define of `OPENTHREAD_CONFIG_CLI_BLE_SECURE_ENABLE`
(default value 0) in `cli_config.h` since it would have never
been reached.
Under interactive mode, the `ot-ctl` client treats lines starting with
"Error" as fatal command failures. It exits immediately and stop
receiving CLI output. As the `debug` command runs a sequence of
sub-commands; if one fails , the entire debug session would stop.
This change modifies the error prefix to "ERROR" for internal debug
commands, allowing ot-ctl to continue processing subsequent output.
Also, it adds an explicit `OutputLine("Done")` at the end of the debug
command processing to ensure the CLI client correctly detects the end
of the command.
This commit implements the BBR-TC-01 test case in the Nexus simulation
framework to verify that a Backbone Router (BBR) device automatically
sends its BBR dataset to the Leader if none exists in the network.
To support the Host receiving echo replies on its infrastructure
interface, the Nexus InfraIf class is extended to support custom
ICMPv6 Echo Reply handlers.
Key changes:
- Implement BBR-TC-01 C++ test case and Python verification script.
- Add EchoReplyHandler callback and registration to Nexus InfraIf.
- Update InfraIf::Receive to handle and dispatch ICMPv6 Echo Replies.
- Register 1_2_BBR_TC_1 in CMake and the test runner script.
This commit simplifies `MacCountersTlv` by replacing its individual
getter and setter methods with bulk operations:
- Adds an `Init()` method that takes a `Mac::Counters` to directly
populate the TLV fields from the MAC layer counters.
- Adds a `Read()` method to parse the TLV and populate a given
`NetworkDiagnostic::MacCounters` structure.
- Updates `NetworkDiagnostic::Server` and `Client` to use these new
methods, allowing the removal of their local helper methods
`AppendMacCounters()` and `ParseMacCounters()`.
- Introduces `Counters` as an alias for `otMacCounters` within the
`Mac` namespace.
This commit adds a new nexus test for MATN-TC-26: Multicast
registrations error handling by Thread Device.
The test verifies that a Thread Device correctly handles multicast
registration errors, such as when a Backbone Router (BBR) runs out of
resources or responds with a general failure.
Changes:
- Implemented test_1_2_MATN_TC_26.cpp to execute the test steps.
- Implemented verify_1_2_MATN_TC_26.py to verify pcap output.
- Updated CMakeLists.txt and run_nexus_tests.sh to include the
new test.
- Modified bbr_manager.cpp to correctly include failed addresses in
the MLR response when using configured error status for reference
devices.
The test ensures the DUT retries registration within the
Reregistration Delay after receiving an error and does not retry
if registration was successful until necessary.
This commit adds a new Nexus test case MATN-TC-23 to verify that a
Thread Device (DUT) automatically re-registers its multicast addresses
before the Multicast Listener Registration (MLR) timeout expires.
The test simulates a topology with two Border Routers (BR_1 and BR_2)
and a Thread Device (TD as DUT). BR_1 acts as the Primary Backbone
Router (BBR) and distributes a BBR Dataset with a configured MLR
timeout. The TD registers a multicast address and then automatically
sends a subsequent MLR.req to renew the registration before the
timeout period ends.
Implementation details:
- Added test_1_2_MATN_TC_23.cpp to execute the simulation using direct
method calls and 'note' log level.
- Added verify_1_2_MATN_TC_23.py to validate the MLR.req/rsp exchange
in the pcap output.
- Included the full test specification as inline comments in both
files, following strict indentation and formatting rules.
- Registered the new test in CMakeLists.txt and run_nexus_tests.sh.
This commit adds a new Nexus test case MATN-TC-22 to verify that a
Primary Backbone Border Router (BBR) that is configured with a low
value of Multicast Listener Registration (MLR) timeout
(< MLR_TIMEOUT_MIN) is interpreted as using an MLR timeout of
MLR_TIMEOUT_MIN by Thread Devices (DUT).
The test performs the following steps:
- Configures the Primary BBR (BR_1) with an MLR timeout of
MLR_TIMEOUT_MIN / 4.
- Verifies that the DUT registers a multicast address (MA1) at BR_1.
- Confirms that the DUT automatically re-registers for MA1 within
MLR_TIMEOUT_MIN seconds of the initial registration.
- Ensures that no more than 2 re-registrations occur within this time
period.
Included changes:
- New test implementation: test_1_2_MATN_TC_22.cpp.
- New verification script: verify_1_2_MATN_TC_22.py.
- Registration of the test in CMakeLists.txt and run_nexus_tests.sh.
The test implementation uses direct method calls in C++ and provides
step-by-step logging in both C++ and Python to match the test
specification.
This commit implements the MATN-TC-21 test case in the Nexus
simulation framework to verify that a Primary BBR correctly handles
incorrect or invalid multicast registrations from a Thread device.
Key implementation details include:
- Implementation of MATN-TC-21 in C++ simulating a topology with two
Border Routers (BR_1 as Primary/DUT, BR_2 as Secondary), a Thread
Router, and a Host.
- Verification of BR_1's handling of various invalid MLR registrations:
- Invalid unicast addresses (MAe1, MAe3) or unspecified address (MAe2).
- Link-local (MA6) and mesh-local (MA5) multicast addresses.
- Partial registration success when valid (MA1) and invalid (MA6)
addresses are mixed.
- Malformed IPv6 Addresses TLV with incorrect length (MAe4).
- Verification that only the Primary BBR (BR_1) accepts registrations,
while the Secondary BBR (BR_2) returns ST_MLR_BBR_NOT_PRIMARY.
- Addition of a Python verification script to validate:
- Correct error status codes in MLR responses (ST_MLR_INVALID,
ST_MLR_BBR_NOT_PRIMARY).
- Multicast forwarding from backbone to Thread for valid registrations.
- Handling of malformed TLVs by checking raw CoAP payloads.
- Inclusion of the full test specification as inline comments in
both the C++ and Python files.
- Registration of the new test case in tests/nexus/CMakeLists.txt
and tests/nexus/run_nexus_tests.sh.
This commit implements the MATN-TC-20 test case in the Nexus
simulation framework to verify that a Parent Router handling a
multicast registration on behalf of an MTD re-registers the
multicast address on behalf of its child before the MLR timeout
expires.
Key implementation details include:
- Implementation of the MATN-TC-20 test scenario in C++ simulating
a topology with a Router (DUT), a MED, and two Border Routers
(BR_1 as initial Primary BBR, BR_2 as Secondary BBR).
- Addition of a Python verification script to validate MLE Child
Update Request/Response exchanges and subsequent MLR.req CoAP
requests from the DUT to the Primary BBR.
- Verification that the DUT automatically re-registers the multicast
address when the MLR timeout is updated in the BBR Dataset.
- Inclusion of the full test specification as inline comments in
both the C++ and Python files, following strict formatting rules.
- Registration of the new test case in tests/nexus/CMakeLists.txt
and tests/nexus/run_nexus_tests.sh.
This commit introduces the `OPENTHREAD_CONFIG_IP6_INIT_EXT_ADDR_POOL_ENABLE`
configuration and the `otIp6Init()` API. When enabled, this feature
allows the OpenThread stack to use externally provided memory buffers for
its external unicast and multicast address pools.
By decoupling the pool sizes from build-time configurations
(`OPENTHREAD_CONFIG_IP6_MAX_EXT_UCAST_ADDRS` and
`OPENTHREAD_CONFIG_IP6_MAX_EXT_MCAST_ADDRS`), the OpenThread stack can be
compiled as a generic library without hardcoding the address pool sizes.
It delegates the memory allocation and configuration to the application
layer at run-time.
When the feature is enabled, `otIp6Init()` must be invoked to initialize
the `Netif` address pools before calling `otIp6SetEnabled()`.
This commit simplifies appending `ChannelPagesTlv` using the standard
`Tlv::Append<>()` with the the array of supported channel pages as
the TLV value.
In addition, a `ReadDiagData()` helper method is introduced in the
`NetworkDiagnostic::Client` to unify and simplify how `otNetworkDiagData`
arrays (e.g. `mNetworkData`, `mChannelPages`) are parsed and populated
from read TLVs.
This commit introduces the `MessageAllocator` template class using the
CRTP pattern to provide a unified implementation of the `NewMessage()`
methods. It standardizes the reserved header sizes for different
message types within `ReservedHeaderSize`. This removes boilerplate
code and redundant `NewMessage()` method implementations across the
`Ip6`, `Icmp`, `Udp`, `Udp::Socket`, and `CoapBase` classes.
This commit implements the Thread 1.2 test MATN-TC-19: Multicast
registration by MTD in the Nexus simulation framework. The test
verifies that an MTD can correctly register multicast addresses
through a parent Thread Router and receive multicast traffic from
the backbone.
Key implementation details:
- Created test_1_2_MATN_TC_19.cpp to simulate the network topology
(BR_1, BR_2, Router, MTD, and Host) and execute the test steps
using direct method calls.
- Implemented verify_1_2_MATN_TC_19.py for PCAP-based verification
of MLE Child Update exchanges, MLR registrations, and multicast
ICMPv6 Echo Request/Reply forwarding.
- Configured the test to use Note log level and included 1-line
log output for each step to match existing Nexus tests.
- Integrated the new test into the Nexus build system via
CMakeLists.txt and added it to the default test execution list
in run_nexus_tests.sh.
This commit adds a new Nexus test case MATN-TC-16 to verify that the
Primary Backbone Border Router (BBR) can handle a large number of
multicast group subscriptions.
The test performs 75 multicast registrations in 5 batches of 15
addresses each. It verifies the following behavior:
- The BBR correctly processes Multicast Listener Registration (MLR)
requests and returns a success status.
- Multicast packets sent to registered addresses on the backbone are
successfully forwarded to the Thread network.
- Multicast packets sent to unregistered addresses are not forwarded.
To accommodate the requirements of this test, Nexus configuration
limits are increased:
- OPENTHREAD_CONFIG_IP6_MAX_EXT_MCAST_ADDRS is increased from 4 to 80.
- The mTestVars array in Nexus Core is increased from 16 to 128
entries to support storing all multicast addresses for verification.
Included changes:
- New test files: test_1_2_MATN_TC_16.cpp and verify_1_2_MATN_TC_16.py.
- Registration of the test in CMakeLists.txt and run_nexus_tests.sh.
- Configuration updates in openthread-core-nexus-config.h and
nexus_core.hpp.
This commit implements the MATN-TC-15 test case in the Nexus simulation
framework to verify that a Thread End Device detects a change of Primary
Backbone Router (BBR) and triggers a re-registration of its multicast
groups.
Key implementation details include:
- Implementation of MATN-TC-15 in C++ simulating a topology with two
Border Routers (BR_1 and BR_2), a Thread Router, and a Thread End
Device (TD as DUT).
- Simulation of Primary BBR failover by stopping BR_1 and waiting for
BR_2 to become the new Primary BBR.
- Addition of a Python verification script to validate:
- Detection of Primary BBR change by the DUT.
- Multicast Listener Registration (MLR.req) sent by the DUT to BR_2.
- Correct forwarding of MLR.req and MLR.rsp by the intermediate
Thread Router.
- Successful registration response (MLR.rsp) from BR_2 to the DUT.
- Inclusion of the full test specification as inline comments in both
the C++ and Python files.
- Registration of the new test case in tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
This commit implements the MATN-TC-12 test case in the Nexus
simulation framework to verify that a Primary BBR correctly
decrements the IPv6 Hop Limit when forwarding multicast packets
between the backbone link and the Thread network.
Key implementation details include:
- Implementation of MATN-TC-12 in C++ simulating a topology with a
Border Router (BR_1 as DUT), a Thread Router, and a Host.
- Enhancement of the Nexus platform to support hop limit processing:
- Updated InfraIf::Receive to decrement Hop Limit when forwarding
from the backbone to the Thread network.
- Updated Node::HandleReceive to decrement Hop Limit when forwarding
from the Thread network to the backbone.
- Added support for simulating packets with Hop Limit 0 by setting
mAllowZeroHopLimit in Node::SendEchoRequest.
- Addition of a Python verification script to validate:
- Multicast forwarding from backbone to Thread with decrement.
- Multicast forwarding from Thread to backbone with decrement.
- Dropping of packets with Hop Limit 1 (or 0) during forwarding.
- Use of unique ICMPv6 identifiers to reliably distinguish between
pings in different test steps.
- Inclusion of the full test specification as inline comments in
both the C++ and Python files.
- Registration of the new test case in tests/nexus/CMakeLists.txt
and tests/nexus/run_nexus_tests.sh.
This commit implements the MATN-TC-10 test case in the Nexus
simulation framework to verify that a Secondary BBR correctly
takes over forwarding of outbound multicast transmissions when
the Primary BBR fails, specifically focusing on BBR Dataset
distribution and MLDv2/BMLR registration behavior.
Key implementation details include:
- Implementation of the MATN-TC-10 test scenario in C++ simulating
a topology with two Border Routers (BR_1 as initial Primary,
BR_2 as Secondary/DUT), a Router, and a Host.
- Verification that BR_2 takes over as the Primary BBR and Leader
after BR_1 is stopped.
- Validation of BBR Dataset (PBBR) presence in Network Data.
- Addition of a Python verification script to validate:
- Multicast ping reachability.
- Correct BBR Dataset distribution.
- Outbound multicast registration (BMLR/MLDv2) on the backbone.
- Use of explicit multicast re-subscription in Step 14 to ensure
observable registration traffic within the simulation window.
- Robust packet filters for BMLR (port 61631) and MLDv2 to handle
platform-specific dissection variances.
- Inclusion of the full test specification as inline comments in
both the C++ and Python files.
- Registration of the new test case in tests/nexus/CMakeLists.txt
and tests/nexus/run_nexus_tests.sh.
This commit implements the MATN-TC-09 test case in the Nexus
simulation framework to verify that a Secondary BBR correctly
takes over forwarding of outbound multicast transmissions when
the Primary BBR fails.
Key implementation details include:
- Implementation of the MATN-TC-09 test scenario in C++ simulating
a topology with two Border Routers (BR_1 as initial Primary,
BR_2 as Secondary/DUT) and a Thread Router.
- Verification that BR_2 takes over as the Primary BBR and Leader
after BR_1 is stopped.
- Addition of a Python verification script to validate that only
the Primary BBR forwards outbound multicast packets to the
backbone link.
- Use of distinct ICMPv6 identifiers to reliably distinguish
between multicast pings sent before and after the Primary BBR
failure.
- Inclusion of the full test specification as inline comments in
both the C++ and Python files.
- Registration of the new test case in tests/nexus/CMakeLists.txt
and tests/nexus/run_nexus_tests.sh.
This commit implements the MATN-TC-07 test case in the Nexus
simulation framework to verify default multicast forwarding
behavior on Border Routers.
Key implementation details include:
- Implementation of the MATN-TC-07 test scenario in C++ to
trigger various multicast ping requests across different
IPv6 scopes (realm-local, admin-local, site-local, global,
and link-local).
- Enhancement of the Python verification script to strictly
validate that only the Primary BBR forwards multicast
packets to the backbone link using Ethernet source address
filtering.
- Support for Ethernet link type in Nexus PCAP generation by
prepending Ethernet headers to infrastructure IPv6 packets.
- Exposure of infrastructure MAC addresses (ethaddrs) in the
test information JSON to enable identification of the
forwarding node on the backbone link.
- Support for verifying source addresses of MPL-encapsulated
multicast packets by checking both outer and inner headers.
- Addition of FindGlobalAddress() helper in the Nexus node
platform.
Implement Thread 1.2 test MATN-TC-05: Re-registration to same Multicast
Group. This test verifies that a Primary Backbone Router (BBR)
correctly manages multicast address re-registration and handles UDP
multicast traffic between the backbone and Thread network.
Key additions:
- Added SendUdp to Nexus InfraIf to support simulated UDP multicast
traffic from backbone hosts.
- Implemented test_1_2_MATN_TC_5.cpp to simulate the network topology
(DUT, BR_2, Router, and Host) and the test steps.
- Implemented verify_1_2_MATN_TC_5.py for pcap-based verification of
multicast forwarding and BBR timeout behavior.
- Integrated the new test into the Nexus build system and the default
test execution script.
This commit simplifies how the SNTP request message is allocated and
constructed in `Client::Query()`. It removes the `NewMessage()`
helper method, replacing its use with a direct message allocation from
the socket followed by `Append()` to add the header. It also updates
the error cleanup path to use the `FreeMessage()` macro.
This commit moves the definitions of `MplOption`, `UdpHeader`,
`TcpHeader`, and `Icmp6Header` from their module-specific headers into
`net/ip6_headers.hpp`. The original class definitions in `Ip6::Udp`,
`Ip6::Tcp`, and `Ip6::Icmp` are replaced with `typedef` aliases to
maintain internal compatibility.
This consolidation centralizes IPv6 protocol header definitions,
ensuring that all header sizes are available when allocating or
cloning messages. This allows for calculating the proper reserved
header length in `NewMessage()`.
This commit updates `tests/unit/test_tcat.cpp` to properly handle the
`Error` return value from `NetworkName::Set()`, resolving compiler
warnings about unhandled return types.
In `TestInitInstanceTcat()`, `IgnoreError()` is used when setting
default test values since `NetworkName::Set()` returns `kErrorNone`
or `kErrorAlready` when the same name is set again.
Add MATN-TC-04 test case to verify that a Primary BBR removes a
multicast listener entry when it expires by timeout.
- Add test_1_2_MATN_TC_4.cpp implementing the simulation of two
Border Routers (BR_1 as Primary BBR, BR_2), a Router, and a Host.
- Verify that a registered multicast address expires after the
configured MLR timeout and that the BBR stops forwarding traffic
to the group.
- Verify that a new registration to the same group is accepted
after the previous one has expired.
- Use direct method calls for BBR configuration and management.
- Add verify_1_2_MATN_TC_4.py for automated packet verification.
- Fix a loopback issue in nexus_core.cpp where infra-if packets
were being delivered back to the sender.
- Register the new test case in tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
Add MATN-TC-03 test case to verify that a Primary Backbone Router
(BBR) correctly handles Multicast Listener Registration (MLR)
requests and ignores a Timeout TLV when it is not sent by a
Commissioner.
- Add test_1_2_MATN_TC_3.cpp implementing the simulation of two
Border Routers (BR_1 as Primary BBR, BR_2), a Router, and an
external Host on the backbone.
- Verify that a Router can successfully register a multicast address.
- Verify that a Router attempting to deregister a multicast address
by sending an MLR.req with a Timeout TLV of 0 (without a
Commissioner Session ID) is handled correctly by the PBBR.
- Verify that the PBBR responds with Success and continues to
forward multicast traffic to the registered address, effectively
ignoring the invalid Timeout TLV.
- Add verify_1_2_MATN_TC_3.py for automated packet verification of
the test scenario.
- Register the new test case in tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
Add MATN-TC-02 test case to verify Multicast Listener Registration
(MLR) and multicast traffic forwarding between a Thread network and
an infrastructure link (backbone).
- Add test_1_2_MATN_TC_2.cpp implementing the simulation of two
Border Routers (BR_1 as Primary BBR, BR_2), a Thread Device (TD),
and an external host on the backbone.
- Verify TD registration of multicast addresses at BR_1 via MLR.req.
- Verify BR_1 responses and backbone notifications (BMLR.ntf).
- Verify successful forwarding of multicast ICMPv6 Echo Requests
from the backbone to the Thread network by the Primary BBR.
- Verify that non-Primary BBRs and BBRs without active registrations
do not forward multicast traffic.
- Add verify_1_2_MATN_TC_2.py for automated packet verification of
the test scenario.
- Register the new test case in tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
Add MATN-TC-01 test case to verify that a Primary BBR by default
blocks IPv6 multicast traffic from the backbone to the Thread
network when no devices have registered for the multicast groups.
- Add test_1_2_MATN_TC_1.cpp implementing the simulation of a
Border Router (BR_1 as Primary BBR), a Thread Router, and an
external host on the backbone.
- Send ICMPv6 Echo Requests from the backbone host to various
multicast addresses (admin-local, site-local, global, and
link-local).
- Add verify_1_2_MATN_TC_1.py for automated packet verification
to ensure the DUT (BR_1) does not forward these multicast
packets to its Thread Network.
- Register the new test case in tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
Implement the InfraIf class and associated platform logic to simulate
a shared infrastructure link (backbone) between Border Routers and
external hosts within the Nexus simulation environment.
Infra interface simulation:
- Implement shared Ethernet-like link for IPv6 traffic delivery.
- Add automated SLAAC address configuration based on ICMPv6 RAs.
- Support sending/receiving ICMPv6 Neighbor Discovery (RS, RA, NS, NA).
- Implement manual ICMPv6 checksum calculation for raw packets.
- Add infrastructure-level loop prevention and destination filtering.
- Provide helper methods to find nodes by infrastructure addresses.
Platform integration:
- Implement otPlatInfraIf APIs and integrate with otInstance.
- Use native Message and MessageQueue for pending traffic management.
- Add support for custom test variables in SaveTestInfo() JSON output.
- Update Node::Reset() to properly clear pending infra interface tasks.
Core enhancements:
- Add MulticastListenersTable::Has() to check for address presence.
- Add PrefixInfoOption::GetPrefixLength() and SetPrefixLength().
- Enable MLR and Backbone Router multicast routing in Nexus config.
This commit introduces `CoapBase::SendAckResponseIfUnicastRequest()`,
which sends an ACK response with a CoAP Code mapped from an `Error`
value, provided the original request was confirmable and not sent to
a multicast address. It also adds `Message::MapErrorToCoapCode()` to
handle the translation of common `Error` types into their appropriate
CoAP Code equivalents (e.g., `kErrorBusy` to `kCodeServiceUnavailable`,
or `kErrorParse` to `kCodeBadRequest`).
The TMF handlers in `AnnounceBeginServer`, `EnergyScanServer`, and
`PanIdQueryServer` are updated to use this new method. Additionally,
all three servers now explicitly reject new requests with `kErrorBusy`
if they are already running an active scan or announce operation. The
state tracking in `PanIdQueryServer` (`mIsRunning`) is also added
to correctly check its running state when starting a query.
This commit updates the `CoapBase::Request` class to encapsulate its
internal state. The `mMessage` pointer and `mMetadata` struct are
now private, and their properties are accessed and modified through
explicit getter and setter methods (e.g., `GetMessage()`,
`IsConfirmable()`, `MarkAsAcknowledged()`).
By doing so, the code that manages pending requests no longer directly
manipulates the internal metadata fields, improving code structure and
maintainability.
Extend the pktverify framework to handle Raw IPv6 packets and parse CoAP
TLVs:
- Add support for verifying Raw IPv6 packets (DLT_RAW) captured on the
infrastructure link.
- Implement parsing for CoAP TLVs used in Multicast Listener
Registration (MLR) and Backbone MLR (BMLR) messages.
- Clean up magic numbers and improve summary output for better
traceability in test reports.
Enhance the Nexus Pcap class to support the pcapng format and logging from
multiple interfaces:
- Transition from pcap to pcapng format to support multiple interface
descriptions in a single capture file.
- Add support for logging both IEEE 802.15.4 (Thread) and Raw IPv6
(Backbone) traffic.
- Implement Interface Description Blocks (IDB) and Enhanced Packet
Blocks (EPB) for pcapng compliance.
This commit updates the following `otPlatInfraIf` platform APIs to
include an `otInstance *` as their first parameter:
- `otPlatInfraIfHasAddress()`
- `otPlatInfraIfSendIcmp6Nd()`
- `otPlatInfraIfDiscoverNat64Prefix()`
Other APIs under `otPlatInfraIf` already follow this pattern. Passing
the `otInstance` pointer is the required standard for all platform
and public APIs; however, it was missed during the initial design of
these specific APIs.
While missing this parameter is often not a blocker on platforms using
a single OpenThread instance, it has become a blocker for simulations,
especially when multiple Border Routers are emulated in the same
simulation setup.
This change introduces a compatibility break for existing platform
implementations, however, it is necessary to support new use cases
(simulation of BRs). It also helps ensure consistent API design
across the stack.
This commit simplfies `thread/uri_paths.cpp` by introducing the
`UriEntryMapList` X-Macro. This macro centralizes the mapping
between the URI path string, its `kUri*` enum value and its string
name representation used in `UriToString()`.
By using this macro, we avoid redundant lists and manual template
specializations. The `kEntries[]` array, the compile-time assertions
validating the sorting of the array, and the `UriToString<>()`
template specializations are now all automatically generated from
this single list, improving maintainability and reducing the chance
of mismatches.
This change updates the `PrevRoleRestorer` logic to use an increasing
timeout when a non-sleepy device sends `Child Update Request`
messages to restore its previous child role.
The timeout starts at 4 seconds and doubles with each subsequent
retransmission. This strategy is designed to handle scenarios where
the parent may also be restarting, such as after a network-wide power
outage, by allowing more time for the parent to recover. Over four
attempts, the device waits a total of 29 seconds (4 + 8 + 16 + 1)
before abandoning the restoration process.
Sleepy devices continue to use a short and fixed 1-second timeout
between retransmissions.
Additionally, if the restoring child receives a Child Update Request
from its former parent, it switches back to the shorter 1-second
timeout to expedite the restoration process and allow at least
two more Child Update attempts.
This commit updates the Nexus test framework to use the pcapng format
for packet capture instead of the legacy pcap format.
The pcapng format provides several advantages over legacy pcap,
most importantly the ability to support multiple interface captures
within a single file. This change prepares the Nexus framework for
more comprehensive border router testing, where capturing traffic
from both the Thread (802.15.4) and infrastructure (Ethernet)
interfaces simultaneously is required.
Changes:
- Implemented Section Header Block (SHB) and Interface Description
Block (IDB) in Pcap::Open.
- Updated Pcap::WriteFrame to use Enhanced Packet Block (EPB).
- Added proper 32-bit alignment padding for EPB records as required
by the pcapng specification.
- Updated the test runner script to use the .pcapng extension.
This commit updates `EnergyScanServer` to use `Tlv::StartTlv()` and
`Tlv::EndTlv()` when constructing the Energy List TLV for the report
message. By leveraging a `Tlv::Bookmark` (`mEnergyListTlvBookmark`),
the server no longer needs to manually track the number of scan
results (`mNumScanResults`) and calculate the exact offset to update
the TLV length.
Furthermore, `Tlv::EndTlv()` automatically manages the conversion to
an Extended TLV if the payload size exceeds the maximum length of a
standard TLV (255 bytes).
This commit updates `Commissioner::HandleTmf<kUriEnergyReport>()` to
read the energy list data directly into a local array instead of
using a dedicated TLV class.
The report handler now uses `Tlv::FindTlvValueOffsetRange()` to locate
the TLV value, which works correctly whether the TLV is encoded as a
standard or extended TLV. With this change, the `EnergyListTlv` class
definition is replaced with a simple typedef to `TlvInfo`.
This commit introduces a new `TlvTypeListIterator` helper class in
the network diagnostic `Server` to simplify the parsing of Type List
TLVs. This iterator handles deduplication of requested TLV types
using a `BitSet` and centralizes the offset management and iteration
logic.
The iterator is now used in `AppendRequestedTlvs()`,
`AppendRequestedTlvsForTcat()`, `PrepareAndSendAnswers()`, and
`HandleTmf<kUriDiagnosticReset>()`, replacing redundant manual
iteration and deduplication code.
Additionally, the `TypeListTlv` definition is simplified to a
`typedef` of `TlvInfo`, as the dedicated class structure is no
longer needed.
This commit fixes a logic error in the TCP receive buffer reassembly
logic. The issue occurred when an out-of-order segment was exactly
the size of the circular buffer and the write index was non-zero.
The original logic incorrectly used modulo-wrapped indices to check
if a write should be contiguous or split:
start_index + numbytes % size. When numbytes == size, end_index ==
start_index, which evaluates to true, leading to an incorrect memory
write if start_index > 0.
This commit updates the check to use the absolute write boundary:
if (start_index + numbytes <= chdr->size). This ensures that any
write spanning the buffer boundary is correctly split.
A regression test test_cbuf_reass_boundary is added to test_all.c
to verify the fix and prevent future regressions. The test Makefile
is also updated to use $(CC) for better portability.
This commit improves the robustness of CoAP option parsing by adding
rigorous validation checks to prevent potential overflows and null
pointer dereferences.
Summary of changes:
1. In 'ReadExtendedOptionField()', added an overflow check when
calculating extended lengths for 2-byte extensions. It now returns
'kErrorParse' if the value would exceed the 16-bit range.
2. In 'ReadBlockOptionValues()', added a check to ensure the block
option exists before accessing it. This prevents a crash when
'GetOption()' returns null.
3. In 'ReadBlockOptionValues()', added length validation to ensure the
option value does not exceed the local buffer size (5 bytes) before
copying.
4. Added a new unit test 'test_coap_overflow' to verify these validation
checks and ensure they correctly handle malformed or missing options.
This commit introduces a maximum recursion depth limit for 6LoWPAN
decompression to prevent potential stack exhaustion from maliciously
crafted frames with deep IPv6-in-IPv6 encapsulation.
- Added a private constant kMaxRecursionDepth in the Lowpan
class to define the maximum allowed recursion depth.
- Updated Lowpan::Decompress() to track and validate the current
recursion depth, returning kErrorParse if the limit is exceeded.
- Added a new unit test TestLowpanDecompressRecursion in
tests/unit/test_lowpan.cpp to verify the recursion limit and
ensure it correctly handles both excessive and legitimate
encapsulation levels.
This commit simplifies and updates `Ip6::DetermineAction()` regarding
how the `aForwardThread` flag is determined for multicast messages
with a scope larger than realm-local.
Such messages are sent using IP-in-IP encapsulation destined to the
`RealmLocalAllMplForwarders` address. Both the encapsulated
(outer) and embedded (inner) messages are processed. When processing
the embedded IPv6 message, regardless of its origin, we only need to
forward it to the Thread mesh if the device has a sleepy child
subscribed to the multicast address. `MeshForwarder::SendMessage()`
on an FTD will then check for these subscriptions and schedule
indirect transmissions to those children.
The behavior for FTDs remains functionally the same as before, though
the code has been refactored to be clearer and easier to follow.
The primary change applies to MTDs: if the multicast destination scope
is larger than realm-local, the message is no longer forwarded to
Thread, as an MTD cannot have any children to support.
This commit reorganizes the member variables in the `Commissioner`
class, ordering them to optimize memory packing. Additionally, it
shortens the local typedef names for callback function pointers, such
as renaming `otCommissionerEnergyReportCallback` to the more concise
`EnergyReportCallback`, improving overall readability. Finally, it
aligns parameter formatting in method signatures like
`SendEnergyScanQuery()` and `SendPanIdQuery()`.
This commit updates `EnergyScanServer::HandleTmf<kUriEnergyScan>()`
to use a local `OwnedPtr<Coap::Message>` when allocating and preparing
the initial energy report message. Previously, the method directly
modified `mReportMessage`, potentially leaving the object in an
inconsistent state or leaking memory if subsequent `Append()` operations
failed and exited early.
By building the message in a local `newMessage` first and only taking
ownership using `PassOwnership()` after all operations succeed, we
ensure the server's internal state remains consistent.
This commit updates the `CoapBase::Receive()` and
`CoapBase::ProcessReceivedResponse()` methods to utilize early returns
via `ExitNow()` and `VerifyOrExit()`. By doing so, it flattens the
nested conditional logic and improves the overall readability of the
code.
As a result of this change in `CoapBase::Receive()`, an invalid
message that fails CoAP header parsing will exit early, correctly
skipping the `Utils::Otns::EmitCoapReceive()` signal.
This commit updates the central CoAP resource handlers in TMF agents
(`Agent::HandleResource`, `BackboneTmfAgent::HandleResource`, and
`Manager::CoapDtlsSession::HandleResource`) to verify that the
incoming request method is a POST request. If the URI is recognized
but the method is not POST, a `kCodeMethodNotAllowed` response is
now sent.
Since all TMF requests are now guaranteed to be POST requests before
reaching their specific handlers, the `IsPostRequest()` checks in
individual handlers are removed. Additionally, the
`IsConfirmablePostRequest()` and `IsNonConfirmablePostRequest()`
helper methods in `Coap::Message` are removed and their usages are
simplified to `IsConfirmable()` and `IsNonConfirmable()` in the
respective handlers.
This commit removes several thread-cert Python tests that are now
covered by the Nexus test framework. Nexus provides more efficient
and reliable testing for these scenarios.
The following tests are removed:
- Cert_8_1_01_Commissioning.py
- Cert_8_1_02_Commissioning.py
- Cert_8_1_06_Commissioning.py
- Cert_8_2_01_JoinerRouter.py
- Cert_8_2_02_JoinerRouter.py
- Cert_8_2_05_JoinerRouter.py
- Cert_8_3_01_CommissionerPetition.py
This commit adds Nexus test 1.1.8.2.2, "On Mesh Commissioner Joining
with JR, any commissioner, single (incorrect)". This test verifies
that the Commissioner correctly handles a relayed DTLS handshake
from a Joiner using an incorrect PSKd.
The test verifies that:
- The Joiner, Joiner Router, and Commissioner correctly exchange
relayed DTLS handshake records (ClientHello, HelloVerifyRequest,
ServerHello, etc.) via RLY_RX.ntf and RLY_TX.ntf messages.
- The Commissioner detects the incorrect PSKd after receiving the
Client Finished message.
- The Commissioner responds with a DTLS-Alert (handshake failure
or bad record MAC) relayed through the Joiner Router via a
RLY_TX.ntf message.
- The session is correctly terminated without fatal alerts before
the expected handshake failure.
Changes:
- Added tests/nexus/test_1_1_8_2_2.cpp to implement the test logic,
using direct internal method calls and note-level logging.
- Added tests/nexus/verify_1_1_8_2_2.py to verify the captured
pcap traffic, adhering to specified formatting and fail conditions.
- Updated tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to include the new test.
This commit adds Nexus test 1.1.8.3.1, "On Mesh Commissioner -
Commissioner Petitioning, Commissioner Keep-alive messaging, Steering
Data Updating and Commissioner Resigning". This test verifies that
a Commissioner Candidate can register itself to the network, send
periodic keep-alive messages, update steering data, and unregister
itself.
The test verifies that:
- The Commissioner correctly sends a LEAD_PET.req to the Leader.
- The Leader responds with a LEAD_PET.rsp and propagates
Commissioning Data in its Network Data.
- The Commissioner sends periodic LEAD_KA.req messages to maintain
its active state.
- The Commissioner can update Steering Data via a
MGMT_COMMISSIONER_SET.req message, and the Leader correctly
propagates this update in the Network Data.
- The Commissioner can unregister itself by sending a LEAD_KA.req
with a Reject state, which the Leader accepts.
- The Leader increments the Commissioner Session ID when a new
Commissioner session is started.
Changes:
- Added tests/nexus/test_1_1_8_3_1.cpp to implement the test logic,
using direct internal method calls and note-level logging.
- Added tests/nexus/verify_1_1_8_3_1.py to verify the captured
pcap traffic, following specified formatting and verification rules.
- Updated tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to include the new test.
This commit removes the `android-ndk` platform support from the
`script/cmake-build` script and deletes the associated CI job from
the GitHub Actions workflow.
The `android-ndk` build was used to verify OpenThread compatibility
with the Android NDK. However, since OpenThread is now officially
included in the Android platform, maintaining a separate NDK-based
build in this repository is no longer necessary.
Changes:
- Remove `android-ndk` from `OT_PLATFORMS` in `script/cmake-build`.
- Remove NDK-specific configuration logic in `script/cmake-build`.
- Remove the `android-ndk` job from `.github/workflows/build.yml`.
This commit simplifies `CoapBase::SendMessage()` by updating how
outgoing requests are processed and added to the pending request
queue.
The logic to determine the clone length (full message for
confirmable, header only for non-confirmable), initialize request
metadata, and process observe options is moved from `SendMessage()`
into the updated `PendingRequests::Add()` method (previously
`AddClone()`). This encapsulates the request preparation logic
closer to where the request is queued.
Update the `GetType()` methods to return the `Type` enumeration
instead of a raw `uint8_t`. This improves type safety and clarifies
the return type for callers. The `mType` member variable is also
updated from `uint8_t` to `Type`.
Generally, when parsing header fields, we do not map the value directly
to an `enum` since the enum may not cover all possible values present in
a received header. However, in this case, the `Type` field in the CoAP
header is a 2-bit value, and all four possible values are explicitly
defined and accounted for in the `Type` enumeration. Therefore, we can
safely cast the read bits to the `Type` enum.
This commit updates several method names in `CoapBase` to better align
with RFC 7252 terminology and clarify their behavior.
Previously, the term "empty" was used ambiguously to mean either a
message with Code 0.00 (`kCodeEmpty`) or a message that lacked a
payload but contained a response code. For example, `SendEmptyAck()`
sent an ACK (`kTypeAck`) message that actually contained a non-zero
response code (e.g., `kCodeChanged`), which is a "response" message
per the RFC, not an "empty" message.
To address this:
- `SendReset()` and `SendAck()` are removed in favor of using
`SendEmptyMessage()` directly with `kTypeReset` or `kTypeAck`.
This restricts the use of "Empty" strictly to Code 0.00 messages.
- `SendHeaderResponse()` is renamed to `SendResponse()` to clarify
that it dynamically sends a response without a payload.
- `SendEmptyAck()` is renamed to `SendAckResponse()` to indicate it
sends a piggybacked ACK `kTypeAck` response without a payload.
- `SendNotFound()` is replaced with a direct call to `SendResponse()`
using `kCodeNotFound`.
- Documentation comments for these methods are updated to explain
their purpose and requirements clearly.
- Callers across the core modules are updated to use the new method
names.
This commit adds Nexus test 1.1.8.2.1, "On Mesh Commissioner Joining
with JR, any commissioner, single (correct)". This test verifies that
the Joiner Router (DUT) correctly relays DTLS traffic between a Joiner
and an on-mesh Commissioner via RLY_RX.ntf and RLY_TX.ntf messages. It
also verifies that the JOIN_ENT.ntf message is encrypted with the KEK.
Changes:
- Added tests/nexus/test_1_1_8_2_1.cpp to implement the test logic,
including DTLS key exporting for traffic decryption.
- Added tests/nexus/verify_1_1_8_2_1.py to verify the captured traffic
using pktverify, ensuring correct relaying and encryption.
- Updated tests/nexus/verify_utils.py to support parsing Joiner-related
CoAP TLVs (DTLS Encap, UDP Port, IID, Locator, KEK) and to handle
16-bit TLV lengths.
- Integrated the test into the build system and test runner via
tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh.
This commit adds Nexus test 1.1.8.1.6, "On-Mesh Commissioner Joining,
no JR, wrong Commissioner". This test verifies that an on-mesh
Commissioner correctly rejects a Joiner when the Provisioning URL in
the JOIN_FIN.req message is not recognized.
The test verifies the following sequence:
- Successful MLE Discovery and DTLS handshake between Joiner and
Commissioner.
- Joiner sends a JOIN_FIN.req containing an unrecognized
Provisioning URL.
- Commissioner responds with a JOIN_FIN.rsp with Reject state.
- Commissioner sends an encrypted JOIN_ENT.ntf message.
- Joiner responds with an encrypted JOIN_ENT.ntf dummy response.
- Joiner terminates the DTLS session with a close_notify alert.
Changes include:
- Implemented C++ test logic in tests/nexus/test_1_1_8_1_6.cpp.
- Implemented Python verification logic in tests/nexus/verify_1_1_8_1_6.py.
- Configured DTLS key exporting in the test to allow decryption and
verification of CoAP messages in tshark.
- Updated tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to include the new test.
This commit adds Nexus test 1.1.8.1.2, "On-Mesh Commissioner Joining,
no JR, any commissioner, single (incorrect)". This test verifies that
the DUT (on-mesh Commissioner) correctly detects and handles a Joiner
using an incorrect PSKd.
The test verifies that:
- The Commissioner and Joiner correctly perform the initial DTLS
handshake up to the Client Finished message.
- The Commissioner detects the incorrect PSKd used by the Joiner.
- The Commissioner responds with a DTLS Alert (handshake failure or
bad record MAC) and terminates the session.
Changes include:
- Implemented C++ test logic in tests/nexus/test_1_1_8_1_2.cpp.
- Implemented Python verification logic in tests/nexus/verify_1_1_8_1_2.py,
which uses exported DTLS keys to decrypt and verify the handshake.
- Added code to export DTLS session keys from the Joiner node to
facilitate decryption of the Finished record in tshark.
- Added the new test to tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
This commit renames the low-level `Send()` method in `CoapBase` to
`Transmit()` to clearly differentiate it from the higher-level message
construction and scheduling logic of `SendMessage()`. The `Sender`
function pointer type and member have also been renamed to
`Transmitter` and `mTransmitter`, respectively, to align with the new
terminology.
Using `Transmit()` clearly communicates the action of handing off a
fully prepared CoAP datagram to the underlying transport layer for
transmission, resolving the naming ambiguity with `SendMessage()`.
This establishes a symmetric "Transmit/Receive" boundary between the
CoAP layer and the transport layer.
This commit addresses occasional failures in Nexus Test 1.1.8.1.1 by
improving simulation timing and packet verification robustness.
Changes:
- Increased kJoiningProcessTime from 30s to 60s in the C++ test to
provide a larger buffer for the joiner process to complete.
- Added a 1s delay after calling AddJoinerAny() to ensure the leader
processes the steering data update before discovery starts.
- Refactored the Python verification script to use pkts.copy() for
independent message exchanges (JOIN_ENT and DTLS Alert). This
allows the script to handle timing variations and out-of-order
packets in the simulated capture.
- Corrected the NM_PROVISIONING_URL_TLV constant to 32.
- Added dtls.alert_message.level to the pktverify library to enable
verification of DTLS alert severity levels.
This test was occasionally failing due to tight timing constraints.
The wait times after SSED-initiated messages were too short, causing
the CSL timer age verification to fail if the message delivery took
longer than expected.
This commit increases the wait times from 500ms to 1000ms and relaxes
the allowed CSL timer age in the verification helper to match.
This commit adds Nexus test 1.1.8.1.1, "On-Mesh Commissioner Joining, no
JR, any commissioner, single (correct)". This test verifies the MLE
discovery, DTLS handshake, and CoAP message exchange between an on-mesh
Commissioner and a Joiner.
Changes include:
- Enhanced MeshCoP::SecureTransport to support DTLS key exporting by
adding a KeylogCallback and SetKeylogCallback method.
- Exposed HandleMbedtlsExportKeys as a public method in
SecureTransport to facilitate key logging.
- Refactored SecureTransport to use named constants for internal
buffer sizes and avoid magic numbers.
- Implemented C++ test logic in tests/nexus/test_1_1_8_1_1.cpp which
uses the new key logging callback to save DTLS keys to a file.
- Implemented Python verification logic in
tests/nexus/verify_1_1_8_1_1.py which uses the exported keys to
decrypt and verify the captured network traffic.
- Used named constants and helper classes (e.g. Time) in the test
implementation and verification script to improve readability and
maintainability.
- Added the new test to tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
This commit removes several legacy Python-based certification tests for
Low Power (CSL) and Thread 1.2 features, as they have been migrated to
the Nexus test framework.
Specifically, the following tests and their associated CI workflows
(including packet verification for low power) are removed:
- CSL Transmission and Timeout
- Enhanced Frame Pending and Keep-Alive
- Single Probe and Forward Tracking Series Link Metrics
- SSED Attachment and Parent Selection
The removal of these scripts from tests/scripts/thread-cert/ and
the corresponding GitHub Action workflows reduces CI overhead while
maintaining coverage through the more scalable Nexus tests.
The packet verification script for Nexus Test 1.1.5.6.2 occasionally
failed because it expected a CoAP ACK followed by an MLE Data Response
in a specific order. Since both packets are triggered by the same
Server Data Notification event, their relative order in the PCAP can
vary.
This commit updates the script to use `pkts.copy()` when searching for
the CoAP ACK. This allows the verification to find the ACK regardless
of whether it appears before or after the MLE Data Response, making
the test more robust.
This commit updates the pyshark dependency to version 0.6 and adapts the
packet verification logic to accommodate changes in pyshark's internal
API and field mapping.
Specifically, this commit:
- Updates requirements.in and requirements.txt to pyshark 0.6.
- Adjusts pktverify and Nexus utility scripts to use the restructured
pyshark API, importing BaseLayer from pyshark.packet.layers.base
instead of the deprecated pyshark.packet.layer.Layer.
- Updates verify_1_2_LP_5_3_8.py to utilize wpan.channel for channel
filtering instead of wpan_tap.ch_num, ensuring consistency with other
Nexus tests and improving verification reliability.
This commit implements Nexus test 1.2.LP.7.2.2 to verify that the
DUT (Leader) can successfully support a minimum of 6 simultaneous
children (3 SEDs and 3 SSEDs) performing link metrics operations.
Specifically, the test verifies that:
- The DUT correctly handles simultaneous Forward Series Link Metrics
Management Requests and Enhanced ACK probing requests.
- The DUT properly aggregates metrics for multiple concurrent series
with different configurations (MAC Data Requests, Link Layer data
frames, LQI, RSSI, and Link Margin).
- Aggregated results are accurately reported in MLE Data Responses
when queried by multiple children.
- The DUT successfully provides link metrics in Enhanced ACKs for
both SED and SSED children.
Changes:
- Added test_1_2_LP_7_2_2.cpp to implement the test logic, including
node configuration, management requests, and data collection.
- Added verify_1_2_LP_7_2_2.py for automated PCAP verification of
MLE TLVs and Enhanced ACK Vendor IEs.
- Updated verify_utils.py to include necessary layer fields for
Link Metrics verification in pktverify.
- Registered the new test in CMakeLists.txt and run_nexus_tests.sh.
This commit simplifies the handling of URI paths during the processing
of block-wise CoAP requests, effectively removing duplicated code.
Previously, `CoapBase::ProcessBlockwiseRequest()` manually iterated
through CoAP options to parse and construct the URI path string. This
logic was redundant as the same functionality is provided by the
`Message::ReadUriPathOptions()` method.
By calling `ReadUriPathOptions()` earlier in the request processing flow
within `CoapBase::ProcessReceivedRequest()`, we can populate the
`uriPath` string buffer and simply pass it down. Consequently, the
`aUriPath` parameter in `ProcessBlockwiseRequest()` has been updated to
a `const Message::UriPathStringBuffer &` to reflect its new role as a
read-only input. This change leads to cleaner, more cohesive code.
This commit updates the `Otns::EmitCoapStatus()` method to use the
`Coap::Message::UriPathStringBuffer` typedef for the `uriPath` local
variable, replacing an explicit character array definition. This
improves code consistency and matches the expected parameter type of
the `Coap::Message::ReadUriPathOptions()` method.
This commit moves the execution of nexus `core` and `trel` tests from
the `toranj.yml` GitHub Actions workflow to the `nexus.yml` workflow.
It separates the tests into dedicated jobs (`nexus-core-tests` and
`nexus-trel-tests`) to improve parallelism and organization. The
existing nexus test job is also renamed to `nexus-cert-tests` to
better reflect its purpose.
This commit introduces `AllocateAndInitPostMessageTo()` and
`AllocateAndInitPriorityPostMessageTo()` methods in `CoapBase`.
These methods simplify the creation of CoAP POST messages by combining
the allocation, initialization, and appending of the payload marker
into a single call. The message type (Confirmable vs. Non-Confirmable)
is automatically determined based on whether the destination address
is multicast.
The previous `InitAsPost()` method in `Coap::Message` is removed,
and all callers in `BbrManager`, `Commissioner`, and
`AddressResolver` are updated to use the new helper methods.
Updates the TCAT class public methods for doing Commissioner
authorization checks and clarifies the code, with minor updates to
PSKc cases handling.
Unit tests are added for checking Commissioner authorization. To do
these checks, a new test class UnitTester is added which has access to
private members of the TcatAgent class. Validation/mock functions are
added in the test code to keep the unit tests readable.
Also reverts the CommCert4 fix that was made in #12151.
For more background information see JIRA BHC-766.
This commit implements Nexus test 1.2.LP.7.2.1 to validate the Forward
Tracking Series Link Metrics functionality.
Specifically, the test verifies that:
- The DUT (Leader) correctly handles Forward Series Link Metrics
Management Requests from SED and SSED children.
- The DUT properly aggregates metrics for Forward Series (MAC Data
Requests for SED, all data frames for SSED).
- Aggregated results are accurately reported in MLE Data Responses
when queried.
- Forward Series can be successfully cleared, and unknown Series IDs
result in appropriate error statuses.
Summary of changes:
- Created test_1_2_LP_7_2_1.cpp to implement the test logic.
- Created verify_1_2_LP_7_2_1.py for automated packet verification.
- Updated verify_utils.py to include MLE TLV field definitions for
Link Metrics (e.g., forward series, flags, query ID).
- Registered the new test in tests/nexus/CMakeLists.txt and
tests/nexus/run_nexus_tests.sh.
This commit implements Nexus test 1.2.LP.7.1.2, which validates the
Single Probe Link Metrics without Enhanced ACKs functionality.
The test verifies that:
- The DUT (Leader) successfully responds to Single Probe Link Metrics
Requests from SED and SSED children using MLE Data Requests.
- The DUT correctly reports RSSI, Layer 2 LQI, and Link Margin metrics
in MLE Data Responses.
- The DUT reports different RSSI values when the transmission power
(simulated via MAC filter) is varied.
Changes:
- Add test_1_2_LP_7_1_2.cpp to implement the test logic using the
Nexus simulation platform.
- Add verify_1_2_LP_7_1_2.py for automated packet verification,
ensuring Link Metrics Query and Report TLVs are correctly formatted.
- Register the new test in tests/nexus/CMakeLists.txt.
- Add the test to the default test list in tests/nexus/run_nexus_tests.sh.
This commit implements Nexus test 1.2.LP.7.1.1, which validates the
Single Probe Link Metrics with Enhanced ACKs functionality.
The test verifies that:
- The DUT (Leader) successfully responds to Link Metrics Management
Requests from SED and SSED children.
- The DUT includes correct Link Metrics data in IEEE 802.15.4-2015
Enhanced ACKs when requested.
- The DUT correctly handles registration, clearing, and error cases
for Link Metrics configurations.
Changes:
- Add test_1_2_LP_7_1_1.cpp to implement the test logic using the
Nexus simulation platform.
- Add verify_1_2_LP_7_1_1.py for automated packet verification,
ensuring Link Metrics TLVs and Enhanced ACKs are correctly formatted.
- Register the new test in tests/nexus/CMakeLists.txt.
- Add the test to the default test list in tests/nexus/run_nexus_tests.sh.
This commit implements and verifies Nexus test case 1.2.LP.5.2.1, which
validates that the Leader (DUT) correctly manages the Frame Pending bit
in acknowledgments to MAC Data and Data Request frames for Thread V1.2
and V1.1 sleepy end devices.
Key changes:
- Created tests/nexus/test_1_2_LP_5_2_1.cpp to simulate the test
topology (Leader, Router_1, SED_1, SED_2, SED_3) and execution steps.
- Implemented tests/nexus/verify_1_2_LP_5_2_1.py to perform automated
packet verification of the test criteria.
- Integrated the new test into CMakeLists.txt and run_nexus_tests.sh.
- Used AllowList to specify links between nodes as per the test spec.
- Set log level to note and used direct method calls in C++.
- Verified that the DUT sets the Frame Pending bit correctly in ACKs
based on whether indirect messages are queued for the SEDs.
This commit extracts the common lease tracking variables (`mLease`,
`mKeyLease`, `mTtl`, and `mUpdateTime`) and their associated methods
from the `Srp::Server::Host` and `Srp::Server::Service` classes into a
new shared base class, `LeaseTracker`.
By having both `Host` and `Service` inherit from `LeaseTracker`, we
eliminate duplicated logic for calculating expiration times, handling
lease info, and processing TTL updates. This refactoring simplifies
the SRP server codebase and ensures consistent lease management
behavior across both entities.
This commit removes the redundant `Clone()` methods from `Coap::Message`.
These methods previously served to retain the `HeaderOffset` across the
cloned message, which was internally tracked by modifying `MeshDest`.
Since `ot::Message::Clone()` natively preserves the `MeshDest` property,
the specialized `Coap::Message::Clone()` wrappers are unnecessary.
Callers now directly use `ot::Message::Clone()` and type-cast the result
using `AsCoapMessagePtr()`.
Starting from Mbed TLS 4.0 legacy crypto support (which now it's moved
into TF-PSA-Crypto) has been made internal so it shoudn't be referenced
anymore. This commit add guards for this change.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Starting from Mbed TLS 4.0, TLS functions will use psa_generate_random()
inernally, so there is no need to specify it as parameter or through
mbedtls_ssl_conf_rng().
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The size.yml workflow used pull_request_target with git checkout
FETCH_HEAD, which replaced the entire working directory (including
scripts) with untrusted fork code. Since pull_request_target grants
a read/write GITHUB_TOKEN even from public forks, and the workflow
had no top-level permissions restriction, this allowed arbitrary
code execution with write access to the repository.
Fix by:
1. Adding top-level permissions: contents: read (consistent with
all other workflows in this repository).
2. Replacing `git checkout FETCH_HEAD` with a fetch-only approach
that passes the PR merge commit SHA via the OT_SHA_NEW environment
variable. The check-size script uses git-archive to extract code
by SHA, so it does not need the working directory to be switched.
This ensures ./script/check-size always runs from the base branch.
3. Updating check-size to accept OT_SHA_NEW from the environment,
falling back to git rev-parse HEAD when not set (preserving
existing behavior for push-triggered and local runs).
This commit stabilizes Nexus test 1.2.LP.5.3.8 by addressing timing
issues related to SSED polling during network transitions.
Key changes:
- In test_1_2_LP_5_3_8.cpp, added StopPolling() calls after MLE and
MeshCoP exchanges to suppress immediate Data Requests triggered by
these protocols. This ensures the SSED satisfies strict 'no Data
Request' pass criteria.
- In verify_1_2_LP_5_3_8.py, updated criteria 13.2 to allow Data
Requests on the Ternary Channel that occur during the initial
network transition (re-attachment). The script now only strictly
disallows Data Requests in the 1-second window immediately
preceding the Echo Request.
These changes make the test robust against standard OpenThread
re-synchronization behavior while still verifying that Echo Requests
are received via CSL synchronization.
- Fix pktverify index synchronization issues in Nexus tests.
Previously, some verification scripts used (pkt.number, 0) as indices
in pkts.range() calls. In Nexus tests where WPAN and ETH indices are
synchronized, this could cause the advanced index to exceed the stop
index of 0, resulting in a flaky AssertionError. Updated scripts to
use (pkt.number, pkt.number) consistently.
- Reduce kAttachAsSsedTime from 20s to 5s in test_1_2_LP_5_3_2.cpp.
The 20s wait was exactly matching the CSL Synchronized Timeout,
causing SSED_1 to trigger an auto-synchronization Data Request
immediately after the wait ended, violating test constraints.
Providing more margin ensures stable test execution.
This commit implements and verifies Nexus test case 1.2.LP.5.3.8, which
validates that a Router (DUT) correctly supports a Synchronized Sleepy
End Device (SSED) that modifies its CSL Channel TLV.
Key changes:
- Created tests/nexus/test_1_2_LP_5_3_8.cpp to simulate the test
topology (Leader, DUT, SSED_1) and execution steps.
- Implemented tests/nexus/verify_1_2_LP_5_3_8.py to perform automated
packet verification of the test criteria.
- Integrated the new test into CMakeLists.txt and run_nexus_tests.sh.
- Used descriptive constants for CSL parameters and wait times to avoid
magic numbers and ensure spec compliance (e.g., CSL timeout of 20s).
- Verified connectivity using ICMPv6 Echo exchanges across Primary,
Secondary, and Ternary channels, ensuring the SSED only polls when
expected.
This commit addresses issues where child entries could remain in the
kStateChildIdRequest indefinitely in the sequence of events during
attachment. Previously there was a timeout defined and saved for the
kStateChildIdRequest state, but will no longer be excluded from timing
out. This change additionally clears previous parents upon becoming a
router, as it could previously cause unnecessary messages to inform
previous parents. Finally, this moves the transition to the valid
state to occur after success in queuing the Child ID Response.
This commit removes the standalone `AnnounceBeginClient`,
`EnergyScanClient`, and `PanIdQueryClient` classes, integrating their
methods and TMF message handlers directly into the
`MeshCoP::Commissioner` class.
Since these client classes contained minimal state and primarily
served as simple wrappers for sending specific requests and handling
callbacks, merging them into the main `Commissioner` class simplifies
the architecture, removes unnecessary auxiliary classes, and shrinks
the overall codebase size.
This commit updates the `Dso::Connection::ProcessKeepAliveMessage()`
method to use the `OffsetRange` class for parsing TLVs. This approach
robustly validates the size of each parsed TLV against the remaining
length of the received message. Utilizing `OffsetRange::Contains()`
ensures that the reported TLV size via `GetSize()` does not exceed the
available bytes in the message, preventing potential out-of-bounds
reads or infinite loops when iterating over subsequent TLVs.
This commit implements Link Metrics support in the nexus platform,
similar to the simulation platform implementation.
Key changes include:
- Added 'LinkMetricsInfo' struct and management methods to 'Radio' in
'nexus_radio'.
- Implemented 'otPlatRadioConfigureEnhAckProbing()' and Enhanced ACK IE
generation in 'nexus_core' and 'nexus_radio'.
- Enabled Link Metrics initiator and subject configuration flags in
'openthread-core-nexus-config.h'.
- Fixed spelling of 'kRadioSensitivity' in 'nexus_radio'.
- Added 'fflush(stdout)' to the logging utility in 'nexus_misc' to
improve real-time log capture during tests.
This commit adds a new Nexus test case 1.2.LP.5.3.7 to validate that a
Router (DUT) correctly supports a Synchronized Sleepy End Device
(SSED) modifying the CSL Synchronized Timeout TLV.
Specifically, this test verifies:
- Initial CSL synchronization with a 10s timeout.
- SSED successfully updating the timeout to 20s via MLE Child Update.
- DUT maintaining connectivity beyond the original 10s timeout.
- DUT correctly buffering frames when CSL synchronization expires
after the timeout is reverted to 10s.
- Successful resynchronization and buffered frame delivery.
Detailed changes:
- tests/nexus/test_1_2_LP_5_3_7.cpp: Implemented the C++ test logic
using the Nexus simulation framework.
- tests/nexus/verify_1_2_LP_5_3_7.py: Added a Python script to
validate the packet traces and ensure protocol compliance.
- tests/nexus/CMakeLists.txt: Added the new test to the build system.
- tests/nexus/run_nexus_tests.sh: Included the test in the default
Nexus test suite.
This commit adds Nexus test case 1.2.LP.5.3.6, which validates that a
Router can support a child transitioning from a Synchronized Sleepy
End Device (SSED) to a Minimal End Device (MED) and back.
The test procedure involves:
- Forming a network with a Leader, DUT (Router), and SSED child.
- Verifying SSED attachment and initial CSL-based connectivity.
- Transitioning the child to MED mode and verifying the corresponding
MLE Child Update exchange and connectivity.
- Transitioning the child back to SSED mode and verifying that CSL
synchronization is resumed.
Changes:
- Implement tests/nexus/test_1_2_LP_5_3_6.cpp for test execution.
- Implement tests/nexus/verify_1_2_LP_5_3_6.py for pcap verification,
with logic to distinguish between synchronization and polling Data
Requests.
- Update tests/nexus/CMakeLists.txt to include the new test.
- Update tests/nexus/run_nexus_tests.sh to add the test to the default
test list.
This commit adds Nexus test 1.2.LP.5.3.5 to verify that a Router (DUT)
can reliably support a minimum of 6 Synchronized Sleepy End Device
(SSED) children simultaneously, with each child operating on a
distinct CSL channel.
The test implementation in test_1_2_LP_5_3_5.cpp (aligned with SPEC
Section 3.2.6.3.2) performs the following:
- Establishes a topology with a Leader, the DUT Router, and six SSED
children.
- Configures SSEDs with varied CSL Synchronized Timeouts (10s, 20s,
and 30s) and different radio channels, including primary (11),
secondary (26), and random channels (12-15).
- Triggers CSL synchronization through MLE Child ID and Child Update
exchanges.
- Validates bi-directional connectivity by sending ICMPv6 Echo
Requests from the Leader to each SSED, ensuring they are correctly
forwarded by the DUT.
The verification script verify_1_2_LP_5_3_5.py automates packet-level
checks, ensuring:
- Successful delivery of MLE Child ID and Child Update Response
messages from the DUT.
- Correct radio channel selection for forwarded Echo Requests to
SSED_1 and SSED_6.
- Absence of MAC Data Requests from SSED_1 prior to the arrival of
the CSL-probed Echo Request, confirming active synchronization.
- Inclusion of CSL Period and Phase IEs in the 802.15.4 frame headers
of Echo Replies from SSED_1 and SSED_6.
- Reliable forwarding of Echo Replies from all six SSEDs back to
the Leader.
Changes also include registering the new test in CMakeLists.txt and
run_nexus_tests.sh.
This commit adds the .gemini/config.yaml file to configure the Gemini
code review tool. The configuration includes settings for review
severity, comment limits, and automated review triggers for pull
requests.
The packet verification script for Nexus test 1.1.7.1.4 failed
sporadically because Step 5 (ROUTER_1 multicast MLE Data Response)
was being searched starting from the cursor position after Step 4
(Leader's MLE Data Response and CoAP ACK).
Depending on the timing/non-determinism from entropy, ROUTER_1's
response could arrive before the Leader's packets, causing it to
be skipped when searching from the Step 4 cursor.
This change saves the cursor position after Step 3 and uses it as
the starting point for the Step 5 search, ensuring the packet is
found regardless of its order relative to the Step 4 packets.
This commit fixes an occasional failure in Nexus test 1.1.6.1.4
by introducing a controlled delay during the DUT attachment
process.
The test ensures the DUT picks a REED with better connectivity
as its parent. The failure was caused by a race condition where
the intended parent (router3) could upgrade from REED to active
router before the DUT completed its parent selection. This
resulted in the DUT attaching during the first Parent Request
(active routers only), rather than the second request (including
REEDs), which is required for specification compliance.
Changes:
- Added kParentSelectionTime constant (2000ms) to define the
expected parent selection window.
- Updated test_1_1_6_1_4.cpp to use AdvanceTime() with this
constant before allowing router3 to upgrade. This ensures
router3 remains a REED long enough for the DUT to send the
multicast Parent Request with the REED scan mask.
This commit adds Nexus test case 1.2.LP.5.3.4, which validates that a
Router (DUT) maintains a robust CSL connection with a Synchronized
Sleepy End Device (SSED) even when the SSED modifies its CSL Period.
The test verifies synchronization over multiple CSL period changes:
500ms -> 3300ms -> 400ms.
Changes:
- Added CSL period constants (500ms, 3300ms, 400ms) to shared utility
modules: tests/nexus/verify_utils.py (Python) and
tests/nexus/platform/nexus_utils.hpp (C++).
- Implemented tests/nexus/test_1_2_LP_5_3_4.cpp to execute the test
procedure, including topology formation, SSED attachment, and
triggering CSL period updates.
- Implemented tests/nexus/verify_1_2_LP_5_3_4.py to validate pcap
output, ensuring the DUT correctly buffers and relays ICMPv6 Echo
Requests and that SSED_1 does not send MAC Data Requests.
- Updated tests/nexus/CMakeLists.txt and tests/nexus/run_nexus_tests.sh
to integrate the new test into the build system and test runner.
This commit implements Nexus test 1.2.LP.5.3.3, which validates the
behavior when a Synchronized Sleepy End Device (SSED) becomes
unsynchronized.
The test verifies that:
- When a SSED is CSL synchronized, the parent (DUT) relays frames
using CSL transmission.
- When the SSED stops sending synchronization data polls and the CSL
connection times out, the parent falls back to indirect
transmission (buffering and waiting for a Data Request).
- Once the SSED resumes synchronization, the parent returns to using
CSL transmission.
Changes:
- Add test_1_2_LP_5_3_3.cpp to implement the test logic using the
Nexus simulation platform.
- Add verify_1_2_LP_5_3_3.py for automated packet verification,
ensuring frames are sent via CSL or indirect transmission as
appropriate.
- Register the new test in tests/nexus/CMakeLists.txt.
- Add the test to the default test list in
tests/nexus/run_nexus_tests.sh.
This commit updates the names of several message allocation methods in
`CoapBase` to `AllocateAndInit*()`. This change helps to clearly
differentiate these methods from the `NewPriorityMessage()` and
`NetMessage()` overloads, which only allocate a new `Message`.
In contrast, the `AllocateAndInit` methods allocate the message and
fully prepare it by initializing the CoAP header, appending the URI
path option, the payload marker, leaving it ready for the payload.
This change clarifies the design by explicitly indicating that these
methods perform extra setup work.
All calls to these methods throughout the codebase have been updated
to reflect the new names.
This commit introduces `DetermineRemainingDurationFrom(Time aNow)` to
the `Time` class. This method calculates the duration from a given
current time (`aNow`) to the `Time` instance, handling edge cases
where the target time is in the past by returning zero.
Several instances across the codebase (e.g., `Timer::Scheduler`,
`TcatAgent`, `Translator::Mapping`, `Srp::Server`) previously
duplicated this logic using manual checks and subtraction. They have
been updated to use this new centralized helper, improving
readability and reducing the likelihood of wrap-around or negative
duration bugs.
This commit adds Nexus test 1.2.LP.5.3.2 to validate that a Router
(DUT) can maintain a CSL connection with a Synchronized Sleepy End
Device (SSED) using various message types to trigger synchronization.
Changes:
- Implemented test_1_2_LP_5_3_2.cpp to simulate the topology of
Leader, Router (DUT), and SSED.
- Added descriptive constants (kMsPerSecond, kUsPerMs, kEchoId,
kCslWaitMultiplier) to test_1_2_LP_5_3_2.cpp to replace magic
numbers.
- Implemented verify_1_2_LP_5_3_2.py for pcap-based verification of
IEEE 802.15.4-2015 frames, CSL Information Elements, and timers.
- Updated test_1_2_LP_5_3_1.cpp to set CSL period and timeout
explicitly using stack APIs instead of the removed kAsSsed mode.
- Removed kAsSsed JoinMode from Nexus::Node in favor of explicit
CSL parameter configuration within test files.
- Added wpan.header_ie.csl.phase to verify_utils.py field mappings.
- Included the new test in CMakeLists.txt and run_nexus_tests.sh.
This commit refactors Nexus test 1.2.LP.5.3.1 to better align with
the specification and improves the robustness of the test logic and
verification script. It also removes the kAsSsed join mode to favor
explicit CSL configuration in tests.
Changes:
- Removed kAsSsed from Nexus::Node::JoinMode and Node::Join() to
encourage tests to manage CSL parameters explicitly.
- Updated test_1_2_LP_5_3_1.cpp to join as a regular SED first and
enable CSL after attachment. This matches the specification's
requirement to establish synchronization via Child Update Request.
- Introduced constants in test_1_2_LP_5_3_1.cpp for CSL period,
synchronization time, and other parameters to avoid magic numbers.
- Enhanced verify_1_2_LP_5_3_1.py with comprehensive checks for:
- MLE Child Update Request/Response exchange.
- IEEE 802.15.4-2015 frame versions.
- ICMPv6 Echo Request/Response forwarding through the Leader.
- Absence of MAC Data Requests after CSL synchronization.
- Fixed an issue in verify_1_2_LP_5_3_1.py where packet numbers
were not correctly handled in pkts.range().
This commit updates the object pool implementation to support dynamically
configured pool sizes without penalizing the memory footprint of
existing static usages.
A new `PoolBase` class is introduced to encapsulate the core linked-list
management logic (`Allocate()` and `Free()`), relying on a shared
`mFreeList`.
The existing `Pool` class is updated to inherit from `PoolBase`. It
retains its statically allocated `mPool` array, ensuring zero code-size
or RAM penalty for current users of fixed-size pools.
A new `ConfigPool` class is added, also inheriting from `PoolBase`.
This class allows a pool to be initialized at run-time with an
externally provided memory buffer (`mEntryArray`) and size
(`mNumEntries`). This enables future use cases where memory allocation
for pools can be provided dynamically by the system integrator.
This commit also includes unit tests for `ConfigPool` to verify its
allocation, deallocation, and initialization behavior.
This commit adds a new Nexus test case 1.2.LP.5.3.1 which validates
SSED attachment and CSL synchronization.
Changes:
- Added kAsSsed JoinMode to Nexus::Node platform to support joining
as a Synchronized Sleepy End Device with default CSL parameters.
- Implemented test_1_2_LP_5_3_1.cpp following the test specification
for SSED attachment.
- Implemented verify_1_2_LP_5_3_1.py to verify pcap output, ensuring
correct use of 802.15.4-2015 frames and CSL synchronization.
- Updated CMakeLists.txt and run_nexus_tests.sh to include the new
test in the Nexus test suite.
This commit implements CSL transmitter and receiver functionality in
the Nexus simulation platform. It enables the necessary OpenThread
configurations and provides the platform-level support for CSL.
It also implements the otPlatRadioGetNow platform API to provide a
high-resolution 64-bit microsecond time base, which is required for
accurate CSL timing and synchronization.
Changes:
- Added GetNowMicro64() to Nexus::Core to expose the raw 64-bit
microsecond timer.
- Implemented otPlatRadioGetNow() in nexus_radio.cpp.
- Enabled OPENTHREAD_CONFIG_MAC_CSL_RECEIVER_ENABLE and
OPENTHREAD_CONFIG_MAC_CSL_TRANSMITTER_ENABLE in Nexus config.
- Added otRadioContext to Nexus::Radio to track CSL parameters and
manage security material for radio operations.
- Implemented otPlatRadioEnableCsl, otPlatRadioResetCsl,
otPlatRadioUpdateCslSampleTime, and otPlatRadioGetCslAccuracy.
- Implemented otPlatRadioSetMacKey, otPlatRadioSetMacFrameCounter,
and otPlatRadioSetAlternateShortAddress to keep radio context
synchronized with OpenThread stack.
- Updated otPlatRadioSetExtendedAddress and otPlatRadioEnableCsl to
use AsCoreType for better readability and project conventions.
- Moved Radio member initializations to the initializer list in its
constructor.
- Refactored radio SFD processing: moved otMacFrameProcessTxSfd and
UpdateFcs from otPlatRadioTransmit (radio platform) to
Core::ProcessRadio (simulation engine), ensuring CSL IEs and
security headers are updated exactly when transmission starts.
- Enhanced Nexus::Core::ProcessRadio to support generating Enhanced
ACKs with CSL IEs for 802.15.4-2015 frames.
- Updated Nexus and fuzz build systems to include necessary Nexus
platform and utils headers/utilities.
This commit addresses a timeout issue reported by a fuzzer when
processing MAC frames with malformed Header IEs.
Specifically:
- In `FindPayloadIndex()`, added validation to ensure the returned
index does not exceed `kMaxPsduSize` (254). If the index exceeds
this value, it now returns `kInvalidIndex` (255). This prevents
callers from experiencing wrap-around issues when they cast the
result to `uint8_t`.
- In `GetHeaderIe()` and `GetThreadIe()`, changed the `index` and
`payloadIndex` variables from `uint8_t` to `uint16_t`. This
ensures that any increment during the loop does not wrap around,
which was a primary cause of the infinite loop.
- Updated the loop condition from `index <= payloadIndex` to
`index < payloadIndex`. Since `payloadIndex` points to the start
of the payload (the byte after the last Header IE), a strict
less-than comparison is correct and prevents the loop from
attempting to parse the payload itself as a Header IE.
These changes ensure robust parsing of IEEE 802.15.4 frames, even
when they contain unexpected or malformed Information Elements.
This commit adds lease and remaining lease information to the output
of `srp server host` and `srp server service` CLI commands.
The information includes:
- `lease`: The total lease time in seconds.
- `key-lease`: The total key lease time in seconds.
- `remaining lease`: The remaining lease time in seconds (with
millisecond precision).
- `remaining key-lease`: The remaining key lease time in seconds
(with millisecond precision).
A new utility method `OutputMsecDurationInSec()` is added to `Utils`
class to format durations in milliseconds as seconds with a
fractional part.
The SRP server host and service output parsers in
`tests/scripts/thread-cert/node.py`, `tests/toranj/cli/cli.py`, and
`tools/otci/otci/otci.py` are updated to correctly handle the new
fields for both active and deleted entries.
This commit addresses occasional failures in Nexus Test 1.1.9.2.9 by:
1. Increasing the wait time in Step 10 from 60s to 200s
(kAttachToRouterTime). This ensures Router 1 has enough time to
upgrade from a child to a router role after attaching to the new
partition formed by Router 2. The upgrade jitter can be up to 120s,
so the previous 60s wait was insufficient. An explicit check for the
Router role is also added.
2. Refactoring the verification script to handle out-of-order MLE
packets. Some steps involve a multicast response and a triggered
unicast request/response. The relative order of these packets is not
guaranteed in the simulation. Using save_index() and a new helper
function _verify_packet_in_group() allows searching for all required
packets from the same base index within a group while reducing code
duplication.
3. Improving the logic to advance the packet index after verifying a
group of out-of-order packets. The script now tracks the maximum
index found among all verified packets in a group to ensure no
packets are skipped in subsequent searches.
These changes make the test robust against timing variations and
jitter in the simulated environment.
This commit adds a new Nexus test `test_srp_lease` to verify the
behavior of the SRP server and client regarding lease expirations and
state updates. The test creates a network with an SRP server and
multiple client nodes that randomly perform various SRP operations
including registering, updating, unregistering, and removing services,
as well as abruptly disconnecting. The test then validates that the
SRP server correctly updates the host and service states, such as
marking them as deleted or fully removing them when their leases
expire or when explicitly requested by the clients.
This commit introduces an `Init()` method to the `Mac` class and
moves the invocation of `KeyManager::UpdateKeyMaterial()` from the
`Mac` constructor into this new method. `Mac::Init()` is then called
from `Instance::AfterInit()`, immediately after `KeyManager` is
initialized.
This ensures that `KeyManager` and other OpenThread core components
are fully constructed and properly initialized before attempting to
update the key material. The key material update interacts with
`SubMac` to configure the MAC keys. Performing this operation during
the `Mac` constructor phase can be problematic because the `KeyManager`
(under `OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE`) may not be
fully initialized and ready yet.
This updates the TCAT CLI to use the configured 'vendor app URL' by default as the
TCAT Provisioning URL, instead of a dummy value. It also updates the max length of
this URL to the configured vendor app URL max length as agreed by JIRA BHC-769.
Also 2 related minor validation fixes in TCAT agent code.
Furthermore, the Get Provisioning URL TLV TCAT command is fixed to return status 'Unsupported'
in case the URL is not configured (null or zero-length), to comply to the spec.
This commit fixes a potential memory leak of the allocated `aHost`
object in `Server::CommitSrpUpdate()`.
Previously, when the granted key lease was zero (indicating a request
to remove the host), the code used `VerifyOrExit(existingHost != nullptr)`
before calling `aHost.Free()`. If `existingHost` was null (e.g., when
receiving a request to remove a non-existent host), the function
would exit early and skip freeing `aHost`, causing a memory leak.
This is updated to always call `aHost.Free()` when `grantedKeyLease`
is zero, ensuring the memory is freed regardless of whether
`existingHost` is null or not.
This commit updates `BorderAgent` to parse the provided extra vendor
TXT data (`otBorderAgentSetVendorTxtData()`) to check if the vendor
name (`vn`) and model (`mn`) keys are already present. If they are
absent, it would use and encode the values from `VendorInfo` into the
advertised TXT data. This harmonizes the use of `VendorInfo` values
across various modules, network diagnostics, and the `BorderAgent`
TXT data.
Note that this change only impacts the system when
`OPENTHREAD_CONFIG_BORDER_AGENT_MESHCOP_SERVICE_ENABLE` is enabled,
meaning the Border Agent itself directly manages the registration and
updating of the mDNS MeshCoP service.
The generated TXT data from `otBorderAgentGetMeshCoPServiceTxtData()`
remains unchanged. This API is intended for use cases where the
next-layer code manages the publishing of the mDNS MeshCoP service,
and as documented, the TXT data from this API does not include any
vendor-specific information.
This commit updates `test_border_agent` to validate the newly
added behavior.
This commit simplifies multicast address management within `Netif` by
merging the `ExternalMulticastAddress` class directly into the base
`MulticastAddress` class. The `otNetifMulticastAddress` structure is
updated to include `mAddressOrigin` and an opaque `mData` field.
The `mData` field is utilized to track the Multicast Listener
Registration (MLR) state when the `OPENTHREAD_CONFIG_MLR_ENABLE`
feature is enabled.
By consolidating these types, we eliminate the need for separate
internal and external multicast address iteration logic in
`MlrManager`, streamlining MLR subscription checks and updates.
Additionally, this provides a more unified way to track the origin of
multicast addresses natively.
This commit implements the otPlatAlarmMicro* platform APIs in the
Nexus simulation environment. It also transitions the simulation's
internal time base from millisecond to microsecond granularity to
ensure that both millisecond and microsecond alarms operate on a
consistent and shared time reference.
Changes include:
- Enabled OPENTHREAD_CONFIG_PLATFORM_USEC_TIMER_ENABLE in Nexus config.
- Updated Nexus::Core to use a 64-bit microsecond time base (mNow).
- Implemented otPlatAlarmMicroGetNow, otPlatAlarmMicroStartAt, and
otPlatAlarmMicroStop.
- Refactored Nexus::Node to support separate millisecond and
microsecond alarm instances (mAlarmMilli and mAlarmMicro).
- Updated radio timestamps and PCAP logging to use the new high-
resolution microsecond time base.
- Adjusted simulation time advancement and alarm triggering logic to
handle both alarm types correctly.
This commit enables channel-based filtering in Nexus simulation tests
by exporting node channel information and enhancing the pktverify
library to extract and use it.
Simulation Core:
- Export each node's PAN channel to the test JSON metadata in
nexus_core.cpp.
Pktverify Library:
- Update packet.py to extract channel information from 'wpan-tap' or
'wpan_tap' layers and normalize it into 'wpan.channel'.
- Update consts.py and layer_fields.py to support the new TAP layers
and their channel fields.
- Enhance NullField to be callable and iterable, and update Bytes
comparison to handle NullField, preventing script crashes when
accessing missing layers or fields.
Verification Utilities:
- Automatically load channel information from test JSON into
verification variables (e.g., {NODE_NAME}_CHANNEL).
Test Updates:
- Stabilize 1.1.9.2.14 by using channel-based filtering instead of
relying solely on RLOC16s.
- Update 1.1.9.2.17 and 1.1.9.2.8 to use the normalized
'wpan.channel' field instead of direct 'wpan_tap' access.
The MeshCoP::Timestamp class does not have a default constructor that
clears its members. When a Timestamp object is declared on the stack,
its members (seconds, ticks, and authoritative bit) contain garbage.
The SetSeconds() and SetTicks() methods only update their respective
fields and do not touch the authoritative bit. If the authoritative
bit happens to be set from stack garbage, the timestamp may be
incorrectly considered greater than another valid timestamp.
This caused intermittent failures in Nexus test 1.1.9.2.4 and others,
where a MGMT_ACTIVE_SET.req with an old timestamp was incorrectly
accepted by the Leader instead of being rejected.
This commit adds explicit Clear() calls to all MeshCoP::Timestamp
declarations in the affected Nexus tests to ensure they are properly
initialized.
This commit adds `MatchesKey()` method to `Dns::TxtEntry` class to
check if the entry's key matches a given key string using a
case-insensitive string comparison.
The new method properly handles the case where the entry's key is
`nullptr` (which can happen when the key is longer than the
recommended max length). It simplifies the TXT entry parsing logic in
`BorderAgent` and `Trel::PeerDiscoverer`.
The unit tests for `Dns::TxtEntry` are also updated to verify the new
method.
This commit updates the DNS name compression setting to be a
per-instance property rather than a global static variable.
The `otDnsSetNameCompressionEnabled()` and
`otDnsIsNameCompressionEnabled()` C APIs are updated to take an
`otInstance` pointer. Internally, the `Instance` class now uses the
`mDnsNameCompressionEnabled` member variable instead of the static
`sDnsNameCompressionEnabled`.
Additionally, this commit enforces that DNS name compression cannot
be disabled when the OpenThread mDNS module is active. The
`otDnsSetNameCompressionEnabled()` function now returns an `otError`
and will return `OT_ERROR_NOT_CAPABLE` if a user attempts to disable
compression while mDNS is enabled. When the mDNS module is enabled,
it automatically sets name compression to true.
The CLI command and related documentation are updated to reflect
these changes.
This commit moves all methods belonging to the `CoapBase::PendingRequests`
class into a dedicated section in `coap.cpp`. Recent PRs #12421 and #12527
introduced this class and shifted many methods into it, but kept them in
their original file locations to maintain reviewable `git` diffs. This
update completes the reorganization for better code structure without
any functional changes.
This commit renames all nexus test files and updates corresponding
configuration and source files to include a '1_1_' prefix.
The '1_1' prefix represents the Thread 1.1 test plan. This change
prepares the nexus test suite for the addition of tests from the
Thread 1.2, 1.3, and 1.4 test plans, ensuring a clear and organized
structure for multi-version specification testing.
Changes include:
- Renaming test_<num>.cpp to test_1_1_<num>.cpp.
- Renaming verify_<num>.py to verify_1_1_<num>.py.
- Updating CMakeLists.txt to reflect new test names.
- Updating run_nexus_tests.sh for default tests and variants.
- Updating hardcoded JSON output filenames in C++ test sources.
- Updating testcase name identification in Python verification
scripts.
This fixes the issue that the CLI CoAP server application was not
sending a Block1 option in its final 2.04 response for PUT/POST
methods. The CoAP CLI code is restructured to be more generic,
i.e. allow for NON-confirmable blockwise transfers as well as prepare
for a (future) update that supports the use of Block1/Block2
simultaneously in a POST transaction. Current code is updated to send
5.01 Not Implemented in case an (external) CoAP client would attempt
POST with both Block options together.
The number of returned blocks for this (demo) CLI is also raised to 3,
the minimum to see a start block, middle block and final block; which
is more useful for testing.
Closes#12559
This commit addresses several issues in the Nexus verification scripts
to improve test reliability and prevent runtime errors.
- Fixed a TypeError caused by NullField in MLE command checks. When
p.mle.cmd returns a NullField, it is unhashable and fails when checked
against a set or list (e.g., 'p.mle.cmd in { ... }'). A truthiness
check for p.mle.cmd was added to verify_5_6_4.py, verify_5_6_5.py,
verify_6_2_2.py, and verify_7_1_5.py.
- Improved verify_6_2_2.py robustness:
- Wrapped must_not_next() checks within 'with pkts.save_index()' to
ensure the packet iterator remains at the correct position after
verifying the absence of specific messages.
- Refactored MLE command filtering into a helper function for better
readability and consistency.
- Updated connectivity checks to allow filtering by ROUTER_1_RLOC16
and specifically look for WPAN Data Requests.
- Cleaned up verify_5_6_4.py by replacing the explicit 'nullField'
comparison with a more idiomatic truthiness check.
This commit addresses an intermittent failure in Nexus test 9.2.6
where Step 18 (MGMT_PENDING_SET.req) was occasionally not found.
The failure occurred because the verification script started
searching for the MGMT_PENDING_SET.req packet from index12. In the
simulated Nexus environment, packet capture order from different
nodes can occasionally vary slightly when events occur at nearly
the same simulation time.
The fix expands the search range by starting from index9 (the
Leader's initial update), ensuring that the MGMT_PENDING_SET.req
packet is correctly identified regardless of minor capture order
variations. Since the URI is unique to this part of the test, this
remains a precise filter.
Additionally, this change ensures the global packet index moves
forward correctly by taking the maximum of all relevant child
filter indices.
This commit introduces new helper methods in the `Tmf::Agent` class
(`SendMessageTo()`, `SendMessageToRloc()`, `SendMessageToLeaderAloc()`,
and `SendMessageAllowMulticastLoop()`) to simplify the transmission of
TMF messages.
Previously, callers of `Tmf::Agent::SendMessage()` were required to
manually configure a `Tmf::MessageInfo` object with the appropriate
socket and peer address information before sending a message. This led
to repetitive code across the various modules utilizing TMF.
By incorporating these address resolution and message info preparation
steps directly into `Tmf::Agent`, this change significantly reduces
boilerplate code. All existing calls to `SendMessage()` have been
updated to use the new flavors.
This commit increases the kMergeWaitTime from 300 to 350 seconds in
Nexus test 5.5.4.1.
Detailed analysis of debug logs during intermittent failures showed
that the MLE partition merge process could take up to 250 seconds in
some scenarios, leaving very little margin with the previous 300-second
timeout. Increasing the timeout to 350 seconds provides a more robust
buffer for the network to stabilize and for partitions to merge before
the final connectivity verification.
The fix was verified by running 200 consecutive iterations of the test
without any failures.
This commit fixes an intermittent failure in Nexus test 5.6.6 by ensuring
that the OnMeshPrefixConfig object is properly initialized before use.
The OnMeshPrefixConfig object is declared on the stack and, if not
explicitly cleared, may contain garbage values in its bit-fields (such
as mDhcp or mPreference). This can cause the subsequent call to
AddOnMeshPrefix() to fail its IsValid() check, resulting in a
kErrorInvalidArgs error and a test failure.
Changes:
- Call config.Clear() after declaring the OnMeshPrefixConfig object
in tests/nexus/test_5_6_6.cpp to ensure all fields are initialized
to zero.
This aligns the test implementation with other Nexus tests and improves
the robustness of the test suite in simulation environments.
Verified to pass in the Nexus simulation environment.
This commit removes the certification test scripts in
tests/scripts/thread-cert/ that have been successfully migrated to
the Nexus test framework.
The following tests were migrated and are now available as Nexus
tests under tests/nexus/:
- 5.8.2, 5.8.3, 5.8.4
- 9.2.1 through 9.2.19
Migrating these tests to Nexus provides faster execution, better
reliability, and easier debugging compared to the old
simulation-based scripts.
This commit fixes an intermittent failure in Nexus test 9.2.14 caused by RLOC16 conflicts between independent partitions in the simulation.
When two independent partitions occasionally share the same RLOC16, the packet verification script could incorrectly match a MGMT_PANID_CONFLICT response from the wrong network, leading to out-of-order matching and PacketNotFound errors.
The fix adds a filter to the MGMT_PANID_CONFLICT verification steps to ensure the Channel Mask TLV matches the specific conflict being reported (Channel 20). This uniquely identifies the correct packet even if RLOC16s overlap.
Implementation details:
- tests/nexus/verify_9_2_14.py: Added filtering for the exact Channel Mask TLV value using a defined `CONFLICTING_CHANNEL_MASK` bytes constant in Step 3 and 5.
- Fixed a type mismatch by converting the constant to a `bytes` object and added documentation for the big-endian channel bitmask mapping.
The fix has been verified with 200 successful test runs in the Nexus simulation environment.
Update `Publisher::Entry::UpdateState()` to support quickly removing
a published entry when the desired number of entries is explicitly
set to zero. In this case, we bypass the random removal delay and
remove the entry immediately. This situation helps with SRP/DNS
unicast entries, where if any service data unicast or anycast entry
is seen, we set the desired number to zero and want to quickly
remove any previously added server data unicast entry.
This commit adds Nexus test case 9.2.12 which verifies that networks
on different channels and having different PAN IDs can merge using
the MLE Announce command.
Implementation details:
- tests/nexus/test_9_2_12.cpp: C++ test execution logic. Implements
the 9.2.12 spec using direct core calls. Configures two distinct
partitions with different PAN IDs and channels, then triggers
an MLE Announce process via the Commissioner to merge them.
- tests/nexus/verify_9_2_12.py: PCAP verification script. Verifies
MGMT_ANNOUNCE_BEGIN.ntf, multi-channel MLE Announces, and MLE
Child ID Requests during re-attachment. Includes verification of
MLE layer security and Key Identifier Mode for Announce messages.
- tests/nexus/verify_utils.py: Added support for MLE auxiliary
security header fields in pktverify.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_12 target.
- tests/nexus/run_nexus_tests.sh: Added 9_2_12 to default test list.
This commit adds Nexus test case 9.2.19 which verifies that the DUT
can properly get Pending Operational Dataset parameters using the
MGMT_PENDING_GET.req command.
It also addresses review comments and improves the robustness of IPv6
address verification across several Nexus tests.
Implementation details:
- tests/nexus/test_9_2_19.cpp: Implemented the test procedure. Fixed
incorrectly escaped newline characters.
- tests/nexus/test_9_2_3.cpp: Fixed incorrectly escaped newline
characters.
- tests/nexus/verify_utils.py: Added a robust helper function
'is_leader_aloc_or_rloc' using the 'ipaddress' module to identify
Leader ALOC and RLOC addresses by their IID.
- tests/nexus/verify_9_2_19.py, tests/nexus/verify_9_2_3.py,
tests/nexus/verify_9_2_5.py: Replaced fragile string-slicing and
duplicated code with the shared helper in 'verify_utils.py'.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_19 target.
- tests/nexus/run_nexus_tests.sh: Added 9_2_19 to the test list.
The tests have been verified to pass in the Nexus simulation
environment.
This commit adds Nexus test 9.2.9 which verifies synchronization of
Pending Operational Datasets when two network partitions merge.
The implementation covers:
- Formation of a single partition with Commissioner, Leader, and two
Routers in a LINE topology.
- Initial Pending Operational Dataset configuration via Commissioner.
- Partition split using RF isolation and subsequent dataset updates
in both partitions.
- Verification of dataset synchronization (Active and Pending) during
partition merge per Thread specification 8.4.3.5.
- Validation of network connectivity (ICMPv6 Echo) after synchronization.
Implementation details:
- tests/nexus/test_9_2_9.cpp: C++ test execution logic. Implements the
36-step test specification using direct core calls. Uses a LINE
topology and adjusted timing parameters for partition stability.
- tests/nexus/verify_9_2_9.py: Python pcap verification script. Uses
non-linear searching to handle interleaved post-merge updates and
detailed TLV-level verification for MLE and CoAP messages.
- tests/nexus/verify_utils.py: Updated meshcop timestamp parsing to
support multiple occurrences in a single packet.
- tests/nexus/verify_9_2_11.py: Updated to match timestamp parsing
changes in verify_utils.py.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_9 target.
- tests/nexus/run_nexus_tests.sh: Added 9_2_9 to default test list.
This commit adds a new Nexus test case 9.2.18 that verifies the
rollback of the Active Timestamp via the Pending Operational Dataset
when a new Network Master Key is included.
Changes include:
- Implementation of test 9.2.18 in C++ using direct method calls.
- Implementation of verification script for 9.2.18 in Python.
- Extension of Nexus Core to support exporting multiple network keys.
- Update to verification utilities to handle multiple network keys.
- Addition of test 9.2.18 to the default Nexus test list.
- Fixes to Commissioner and Leader initialization in the Nexus test.
- Addition of AddNetworkKey() to Core to register keys for export.
- Update to SaveTestInfo() to export 'network_keys' list in JSON.
- Robust handling of multiple decryption keys in verify_utils.py.
This commit fixes improper argument usage for SPINEL_DATATYPE_DATA_WLEN_S,
SPINEL_DATATYPE_DATA_S, SPINEL_DATATYPE_EUI64_S, and SPINEL_DATATYPE_UTF8_S
in Logger::LogSpinelFrame.
Key changes:
- Use pointer-to-pointer for data and unsigned int pointer for length
when using spinel_datatype_unpack with data types.
- Switch to spinel_datatype_unpack_in_place() when unpacking into local
buffers or structures (e.g., for EUI-64 addresses and MAC keys).
- Remove redundant length arguments for SPINEL_DATATYPE_UTF8_S.
- Refactor SPINEL_PROP_RCP_MAC_KEY to use otMacKey and in-place unpacking.
These fixes prevent potential crashes, stack corruption, and incorrect
data parsing in the Spinel logging utility.
This commit adds Nexus test case 9.2.17 which verifies the behavior of
an orphaned end device as it searches for a new parent using MLE
Announce messages.
Implementation details:
- tests/nexus/test_9_2_17.cpp: C++ test execution logic. Implements the
3-node topology (Leader_1, Leader_2, ED_1) using direct method calls.
Manages RF isolation by manipulating the Mac Filter AllowList. Sets
log level to note. Uses MED mode for the DUT to enable MLE Announce
behavior. Also explicitly sets the channel mask for Leader_2 for
robustness.
- tests/nexus/verify_9_2_17.py: PCAP verification script. Verifies
initial MLE Advertisements on separate channels, DUT sending MLE
Parent Requests on the primary channel, followed by MLE Announce
on the secondary channel. Verifies Leader_2 sending MLE Announce on
the primary channel and DUT successfully attaching to Leader_2.
- tests/nexus/run_nexus_tests.sh: Added 9_2_17 to default test list.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_17 target.
- Included full test specification as inline comments in both C++ and
Python code.
This commit fixes the problem where OpenThread mDNS responder always
sends responses to port 5353, ignoring the source port of the query.
According to RFC 6762, a mDNS responder should support one-shot
multicast DNS queries by sending the response to the source address
and source port of the query.
Changes:
- Captured the actual source port from incoming queries in Simulation
and POSIX platforms.
- Updated otPlatMdnsSendUnicast in Simulation platform to use the
provided destination port.
- Verified that legacy unicast responses correctly cap TTL to 10
seconds as required by RFC 6762 section 6.7.
This commit adds Nexus test 9.2.16 which verifies synchronization of
Active and Pending Operational Datasets between nodes during attach.
The test case implementation covers:
- Formation of a network with Commissioner, Leader, and Router_1.
- Initial attachment of Router_2 (DUT) to synchronization datasets.
- Dataset updates (Pending and Active) via Commissioner while DUT is
powered down, including PAN ID and Mesh-Local Prefix changes.
- Verification that DUT synchronizes both datasets correctly upon
reattaching to the network with a new PAN ID.
- Validation of network connectivity (ICMPv6 Echo) after the dataset
migration and reattachment.
Implementation details:
- tests/nexus/test_9_2_16.cpp: C++ test execution using direct method
calls. Sets log level to note. Uses AllowList for topology control.
- tests/nexus/verify_9_2_16.py: Python pcap verification script.
Implements robust filtering for CoAP and MLE messages.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_16 target.
- tests/nexus/run_nexus_tests.sh: Added 9_2_16 to default test list.
This commit adds Nexus test case 9.2.13 which verifies that the Thread
device properly accepts and processes Energy Scan Requests and sends
the corresponding Energy Scan Reports.
Implementation details:
- tests/nexus/test_9_2_13.cpp: C++ test execution logic. Implements
the 9.2.13 spec using direct core calls. Manages two separate
networks (Network 1 on channel 11 and Network 2 on channel 12).
Configures a topology with Leader, Commissioner, Router, and FED
nodes in Network 1, and Leader and SED nodes in Network 2.
- tests/nexus/verify_9_2_13.py: PCAP verification script. Verifies
unicast and multicast MGMT_ED_SCAN.qry messages and the resulting
MGMT_ED_REPORT.ans responses. Uses strict CoAP URI path and ICMPv6
type filtering.
- tests/nexus/platform/nexus_core.hpp/cpp: Added an optional leader
node parameter to SaveTestInfo() to allow specifying which network
partition information (like Network Key and Mesh-Local Prefix)
should be exported to the JSON file for verification. This ensures
correct packet dissection in multi-partition test scenarios.
- tests/nexus/run_nexus_tests.sh: Added 9_2_13 to default test list.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_13 target.
This commit fixes and stabilizes Nexus test case 9.2.7. It ensures full
compliance with the test specification and improves resilience against
timing variations in the simulated environment.
Changes:
- tests/nexus/test_9_2_7.cpp: Corrected the node sending the pending
dataset update in Step 11 to the Router, matching the spec. Ensured the
full Pending Operational Dataset is included in the request. Fixed
misleading comments regarding timestamp values and ensured Step 11 uses
a strictly higher active timestamp than Step 5.
- tests/nexus/verify_9_2_7.py: Relaxed delay timer verification slack to
improve test stability. Added explicit checks for Active and Pending
Timestamps in multicast MLE Data Responses. Corrected expected timestamp
values and comments.
This commit fixes flakiness in Nexus test 7.1.4 by addressing a race
condition in the packet verification script.
The verification logic previously advanced the global packet index
after identifying the Border Router's multicast MLE Data Response.
However, if a child (MED_1) sent its Child Update Request slightly
before the multicast response was processed or captured in that
specific order, the verification script would miss it because the
index had already moved forward.
The fix refactors 'verify_7_1_4.py' to use 'pkts.copy()' for major
verification blocks (Steps 5 through 8). This ensures that each step
searches from a consistent base index, making the verification robust
against variations in packet delivery and capture order.
Additionally, this commit:
- Extracts the duplicated Child Update Request/Response exchange
logic into a helper function '_verify_child_update_exchange' to
improve code reuse and maintainability.
- Adds a destination filter to Step 7 to improve verification
specificity for SED_1 notifications.
This commit adds Nexus test case 9.2.15 which verifies the
synchronization of a Pending Operational Dataset between an attaching
Router and an existing Router.
Implementation details:
- tests/nexus/test_9_2_15.cpp: Implemented the test procedure using
direct core method calls. Sets node connectivity via AllowList and
log level to note. Implements power-down simulation by stopping MLE
and bringing down the network interface. Extracted MGMT_PENDING_SET
logic into a SendPendingSet helper function for better maintainability.
- tests/nexus/verify_9_2_15.py: Implemented robust verification logic
to validate end-to-end CoAP MGMT_PENDING_SET and MGMT_ACTIVE_GET
messages, along with MLE Parent Request/Response and Child ID
Request/Response exchanges.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_15 target to the build
configuration.
- tests/nexus/run_nexus_tests.sh: Added 9_2_15 to the default test list.
This commit adds Nexus test case 9.2.14 which verifies that the DUT
properly accepts and processes PAN ID Query requests and responds
when a conflict is found.
Implementation details:
- tests/nexus/test_9_2_14.cpp: C++ test execution logic. Implements
a 4-node topology (Leader_1, Router_1, Commissioner, Leader_2).
Leader_2 forms a separate network on a secondary channel with the
same PAN ID. Test uses direct core method calls and sets log level
to note.
- tests/nexus/verify_9_2_14.py: Python pcap verification script.
Verifies MGMT_PANID_QUERY requests (unicast and multicast) from
the Commissioner and MGMT_PANID_CONFLICT responses from Router_1.
Ensures correct TLVs are present in CoAP payloads.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_14 target.
- tests/nexus/run_nexus_tests.sh: Added 9_2_14 to default test list.
The test has been verified to pass in the Nexus simulation environment.
This commit removes calls to `SetSockPortToTmf()` from the Border
Agent prior to sending messages via `Tmf::Agent`. Setting the
local socket port is unnecessary because the `Tmf::Agent` is already
bound to the TMF port number when sending CoAP messages.
Additionally, since these removals eliminate the last uses of the
`SetSockPortToTmf()` method within the codebase, the method itself
has been completely removed from `Tmf::MessageInfo` class to clean up
dead code.
This commit adds Nexus test 9.2.11 which verifies the Leader's
management of the Delay Timer during Pending Dataset updates.
The test case implementation covers:
- Formation of a network with Leader (DUT), Commissioner, Router,
MED, and SED.
- Simulation of MGMT_PENDING_SET.req via otDatasetSetPending on the
Leader node.
- Verification of multicast MLE Data Responses triggered by dataset
updates.
- Propagation of Pending Operational Dataset information across the
network.
- Validation of network stability and connectivity (ICMPv6 Echo)
across long wait periods defined by the Delay Timer.
Stable network timing and polling parameters were adjusted to ensure
reliable execution in the Nexus simulation environment.
Files modified:
- tests/nexus/test_9_2_11.cpp: C++ test execution logic.
- tests/nexus/verify_9_2_11.py: Python pcap verification script.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_11 target.
- tests/nexus/run_nexus_tests.sh: Added 9_2_11 to the test list.
This commit adds Nexus test case 5.8.4 which verifies the Security Policy
TLV bits (O, N, R, B) being disabled and the resulting network behavior.
Implementation details:
- tests/nexus/test_5_8_4.cpp: Implemented the test procedure using
direct core method calls. The test procedure implements all 20 steps
from the specification with cumulative Security Policy bit updates.
Removed unused constant kExternalCommissioningMask to fix build error.
- tests/nexus/verify_5_8_4.py: Implemented robust Python verification
logic that handles out-of-order packets and verifies individual
Security Policy and Discovery Response bits.
- tests/nexus/verify_utils.py: Enhanced the parser to support granular
Security Policy bits and Discovery Response Native Commissioning bit.
Replaced magic numbers with constants and registered additional
Security Policy flags (C, e, p) for completeness.
- tests/nexus/platform/nexus_core.cpp: Refactored SaveTestInfo to
use the Leader node as the authoritative source for network keys
and prefixes, ensuring correct decryption in verification scripts.
- Included full test specification as inline comments in both C++ and
Python code.
This commit adds Nexus test case 9.2.10 which verifies that the Thread
device maintains a delay timer after partitioning.
Implementation details:
- tests/nexus/test_9_2_10.cpp: C++ test execution logic. Implements the
5-node topology (Commissioner, Leader, Router_1, MED_1, SED_1) using
direct method calls. Manages RF isolation by manipulating the Mac Filter
AllowList. Sets log level to note.
- tests/nexus/verify_9_2_10.py: PCAP verification script. Verifies
MGMT_PENDING_SET.req/rsp, MLE Data Response dissemination, and
network-wide channel/PAN ID migration across partitions.
- tests/nexus/run_nexus_tests.sh: Added 9_2_10 to default test list.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_10 target.
This commit fixes occasional failures in Nexus test 7.1.8 by making
the verification script more robust against interleaved packets.
The implementation details:
- tests/nexus/verify_7_1_8.py: Refactored Step 3 to use separate
filter copies to find the Leader's MLE Data Response and CoAP ACK
independently of their order.
- Correctly updated the main packet filter index to ensure that
subsequent verification steps proceed from the point after both
packets have been identified.
This commit adds Nexus test case 9.2.8 which verifies that the Leader
correctly manages and persists both Active and Pending Operational
Datasets, including behavior across node re-attachments.
Implementation details:
- tests/nexus/test_9_2_8.cpp: C++ test execution logic. Implements
the 9.2.8 spec using direct core calls. Simulates power down using
Node::Reset() to verify parameter persistence across a full stack
re-initialization. Standardized node initialization by removing
explicit extended address and network key configuration, relying on
platform defaults and GenerateRandom(). Aligned leader startup to use
Up() and Start() for consistency with other tests.
- tests/nexus/verify_9_2_8.py: PCAP verification script. Verifies
MGMT_PENDING_SET.req/rsp, MGMT_ACTIVE_SET.req/rsp, and MLE
dissemination. Uses relaxed address filtering to handle short
address usage in Child ID Requests. Updated to use constants from
pktverify.consts. Improved verification robustness by checking
each DUT individually for re-attachment and connectivity.
- tests/nexus/verify_utils.py: Added support for parsing Pending
Timestamp and Delay Timer TLVs in CoAP payloads. Patched pktverify
to support wpan_tap layer for channel verification.
- tests/nexus/run_nexus_tests.sh: Added 9_2_8 to default test list.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_8 target.
This commit updates GEMINI.md to include instructions for building and
running Nexus tests. Nexus is a test framework that enables faster and
more scalable network simulations within a single process.
The updated documentation provides:
- A brief overview of the Nexus test framework.
- The command to build Nexus tests using 'tests/nexus/build.sh'.
- Commands to run all Nexus tests or a specific test using
'tests/nexus/run_nexus_tests.sh'.
- A reference to 'tests/nexus/README.md' for further details.
This commit updates `Manager::SendBackboneAnswer()` to use
`Coap::Message::InitAsPost()`, which automatically determines the
CoAP message type (Confirmable vs. Non-Confirmable) based on whether
the destination address is multicast. This simplifies the code and
removes the need for the local `proactive` boolean variable.
This commit updates `AddressResolver::SendAddressError()` to accept the
destination address as a `const Ip6::Address &` instead of a pointer.
This allows the implementation to be simplified by using
`Coap::Message::InitAsPost()`, which automatically determines the
CoAP message type (confirmable vs. non-confirmable) based on whether
the destination address is multicast.
All callers of `SendAddressError()` are updated accordingly. When
sending to all routers, `GetRealmLocalAllRoutersMulticast()` is now
explicitly passed.
This commit introduces a new set of logging macros, `LogCritOnError`,
`LogWarnOnError`, `LogNoteOnError`, `LogInfoOnError`, and
`LogDebgOnError`, to provide a consistent and streamlined way to log
errors across the codebase.
The new macros automatically prepend "Failed to " and append the error
string (using `ErrorToString()`) to the log message, reducing
boilerplate code and ensuring a uniform log format. These macros only
emit a log if the provided `Error` is not `kErrorNone`.
This change improves code readability and maintainability by
consolidating error logging logic into the logging framework.
This commit enhances the `batracker agents` command to display parsed,
human-readable information from the Border Agent TXT data by default.
This allows users to easily inspect the Border Agent State Bitmap
(Connection Mode, Thread Interface Status, Availability, Role, etc.)
and other fields like Thread Version, Network Name, Vendor Name,
or Vendor Model without manually decoding the raw bytes.
The `rawtxt` argument is introduced to optionally display the TXT data
in the raw key/value pair format.
To support this, new public APIs are added to convert Border Agent
State Bitmap enum values to their string representations.
This commit adds Nexus test 9.2.7 and improves the pktverify framework
to correctly handle Thread timestamp parsing.
The implementation includes:
- tests/nexus/test_9_2_7.cpp:
- C++ execution logic using direct core method calls.
- Implements a real Commissioner session to correctly authorize
Dataset updates.
- Documents a deviation in Step 5 where the Active Timestamp is set
to 15s (instead of 20s) to satisfy strictly increasing timestamp
requirements for subsequent steps.
- tests/nexus/verify_9_2_7.py:
- Python verification with strict field checks for timestamps and
timers.
- Handles interleaved traffic using save_index().
- Updates verification logic to accommodate timer decrements.
- Integration:
- tests/nexus/CMakeLists.txt: Added nexus_9_2_7 target.
- tests/nexus/run_nexus_tests.sh: Added 9_2_7 to default test list.
The pktverify fixes include:
- tests/scripts/thread-cert/pktverify/layer_fields.py:
- Added _thread_timestamp parser to handle raw 8-byte Thread timestamps,
avoiding fragility and timezone issues associated with date string
parsing.
- Fixed _auto parser to use calendar.timegm() for UTC date strings
instead of time.mktime(), ensuring correct epoch values regardless
of the local system timezone.
- Mapped active and pending timestamp fields to use the new
_thread_timestamp parser.
This commit updates 'tests/nexus/README.md' to provide detailed
instructions on how to build and run the Nexus tests, including
the recently added automated testing and packet verification
scripts.
Changes:
- Added instructions for building TREL tests using 'build.sh trel'.
- Added a section on automated testing and packet verification
using the 'run_nexus_tests.sh' script.
- Explained how to run individual C++ tests and Python verification
scripts manually.
- Clarified the usage of topology names and JSON output filenames
as arguments for Nexus C++ tests.
This commit fixes intermittent failures in Nexus test 7.1.7 by
improving test stability and making the verification script more
robust.
Implementation details:
- tests/nexus/test_7_1_7.cpp: Added a 500ms external poll period for
SED_1 to ensure it remains active and reachable during the test.
Replaced the magic number with a named constant `kSedPollPeriod`.
Added a stabilization delay after Step 17 to ensure network data
updates are fully propagated.
- tests/nexus/verify_7_1_7.py: Added source filtering for the Leader
(DUT) in network data update checks to avoid matching packets from
other nodes. Used Border Router sub-TLV count checks to reliably
distinguish between initial prefix additions and subsequent
removals. Improved CoAP ACK verification to handle interleaved
packets and ensure correct destination filtering. Refactored
verification chains to follow project-specific formatting standards.
This commit adds Nexus test case 9.2.6 which verifies that the Leader
properly collects and disseminates Active and Pending Operational
Datasets through the Thread network.
Implementation details:
- tests/nexus/test_9_2_6.cpp: C++ test execution logic. Includes both
MED_1 and SED_1 in the topology to simultaneously verify
dissemination to different child types in a single run. Uses direct
core calls and sets a 500ms external poll period for SED_1.
- tests/nexus/verify_9_2_6.py: PCAP verification script. Implements
robust MLE and CoAP filtering to handle short address usage and out-
of-order packet delivery. Includes monkey-patching for MeshCoP TLV
parsing in CoAP. Improved MGMT_PENDING_SET filter robustness and
removed full range reset in Step 18.
- tests/nexus/verify_9_2_4.py: Fixed regressions in MGMT_ACTIVE_SET
verification logic introduced during refactoring.
- tests/nexus/verify_utils.py: Added support for parsing
mesh_local_prefix and NM_FUTURE_TLV in CoAP payloads.
- tests/scripts/thread-cert/pktverify/consts.py: Added NM_FUTURE_TLV.
- tests/nexus/run_nexus_tests.sh: Added 9_2_6 to default test list.
- tests/nexus/CMakeLists.txt: Added nexus_9_2_6 target.
This commit updates `PendingRequests::HandleTimer()` and
`PendingRequests::AbortAllMatching()` to perform request finalization
(which invokes user callbacks) outside of the main loop iterating over
the `mRequestMessages` queue.
Iterating over `mRequestMessages` while invoking user callbacks is
unsafe because the callback may modify the request queue (e.g., abort
other transactions), potentially invalidating the iterator. This change
protects against this by moving requests to be finalized into a separate
local `MessageQueue`. The requests in the local queue are then
finalized and freed after the main loop finishes.
This commit fixes intermittent failures in Nexus test 9.2.5 and aligns
its implementation and documentation with the authoritative test
specification.
Intermittent failures were caused by disruptive network identity
changes (Extended PAN ID and Network Name) that resulted in
inconsistent node detachment and re-attachment in the simulation.
Wait times and timeouts were adjusted to improve stability.
Changes:
- Updated operational dataset values in 'test_9_2_5.cpp' to match
'Cert_9_2_05_ActiveDataset.py'.
- Adjusted 'kResponseTime' and 'kEchoTimeout' for better reliability.
- Enhanced 'verify_9_2_5.py' to strictly verify all mandated TLV
types in 'MGMT_ACTIVE_SET.req' payloads.
- Aligned inline comments and print statements in both C++ and Python
files with the authoritative spec in 'test-9-2-5.txt'.
- Corrected a typo note in the Step 5 description as per the spec.
Test 9.2.4 could occasionally fail due to the random selection of
the initial channel by the Leader. If the randomly selected channel
matched the 'Secondary' channel (12) used in MGMT_ACTIVE_SET.req in
step 6, the request would be accepted instead of rejected, causing
a verification failure.
This commit fixes the issue by explicitly configuring the Leader's
initial Operational Dataset with a fixed set of parameters (Channel
11, PAN ID 0xABCD, etc.) that are guaranteed to be different from
the parameters tested in the MGMT_ACTIVE_SET.req steps.
The fix was verified by running the test 20 times in a loop without
any failures.
This commit replaces instances of IgnoreError with SuccessOrQuit in
several Nexus test files to ensure that errors from core methods are
properly handled and cause test failure if they occur.
Modified files:
- tests/nexus/test_5_1_5.cpp
- tests/nexus/test_5_1_9.cpp
- tests/nexus/test_5_1_10.cpp
- tests/nexus/test_5_6_4.cpp
- tests/nexus/test_6_1_5.cpp
- tests/nexus/test_7_1_2.cpp
- tests/nexus/test_7_1_8.cpp
This commit adds a new Nexus test case 9.2.5 which verifies the DUT's
behavior when receiving MGMT_ACTIVE_SET.req from an active Thread node.
The test ensures that the Leader (DUT) correctly processes updates to
Active Operational Dataset parameters and disseminates them via MLE.
The test implementation includes:
- tests/nexus/test_9_2_5.cpp:
- C++ execution logic using direct core method calls.
- tests/nexus/verify_9_2_5.py:
- Python script to verify pcap output against the test specification.
- Implements strict validation of CoAP payload TLVs and response states.
- Infrastructure improvements:
- tests/nexus/verify_utils.py: Added parsing for MeshCoP TLVs in CoAP.
- tests/scripts/thread-cert/pktverify/layer_fields.py: Fixed ISO timestamp
parsing for compatibility with newer tshark versions.
Currently, `KeyManager` generates and stores a random `NetworkKey` in its
constructor when `OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE` is
enabled. This invokes `StoreNetworkKey()`, which interacts with
`KeyRefManager`. Accessing other components during construction can be
unsafe if they are not yet fully initialized.
This commit introduces a `KeyManager::Init()` method to handle this
initialization. This method is called from `Instance::AfterInit()`,
ensuring that the `Instance` and all dependencies, such as
`KeyRefManager`, are fully constructed before the `KeyManager` attempts
to access them.
This commit adds Nexus test 9.2.4 which verifies that the Active
Operational Dataset can be updated via the Commissioner using
MGMT_ACTIVE_SET.req.
The test implementation includes:
- test_9_2_4.cpp: C++ test execution for both Topology A (DUT as
Leader) and Topology B (DUT as Commissioner). It performs 22
steps, including various validation cases for MGMT_ACTIVE_SET.req
(invalid TLVs, old timestamps, invalid session ID, steering data,
and future TLVs).
- verify_9_2_4.py: Python script to verify the pcap output from the
test against the specification. It includes a custom CoAP TLV
parser to handle MeshCoP TLVs.
Key implementation details:
- Use direct method calls instead of OpenThread public APIs.
- Configure node connectivity using AllowList between Leader and
Commissioner.
- Set log level to 'note' for detailed output.
- Include full test specification as inline comments in both C++
and Python code.
- Added 9_2_4 to CMakeLists.txt and the default test list in
run_nexus_tests.sh.
This commit adds a new Nexus test case 7.1.7 which verifies that
network data is properly updated when a server (Border Router)
leaves and rejoins the network with modified information.
The test verifies that:
- The Leader (DUT) correctly processes CoAP Server Data
Notifications from two Border Routers.
- The Leader multicasts updated network data to neighbors and MEDs.
- The Leader sends unicast updates (Child Update Request or Data
Response) to SEDs.
- When a Border Router (Router 2) leaves and starts its own
partition, then rejoins with a new prefix (Prefix 2), the Leader
correctly updates the network data and disseminates it.
- Connectivity is maintained via ICMPv6 Echo Requests to addresses
based on the new prefixes.
- When a prefix is removed, the network data is correctly updated.
Summary of changes:
- Created tests/nexus/test_7_1_7.cpp:
- Implements test logic using direct core method calls.
- Sets log level to note.
- Configures AllowList for specified links (Leader-Router1,
Leader-Router2, Leader-MED1, Leader-SED1).
- Includes 1-line log outputs for each test step.
- Adheres to block comment formatting and 120-char line limits.
- Created tests/nexus/verify_7_1_7.py:
- Implements pcap-based verification of PASS criteria.
- Validates prefix updates and disseminations.
- Follows Python filter formatting style and 120-char limits.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 7_1_7 to the
default test list.
This commit adds a new Nexus test case for 'Getting the Active
Operational Dataset' (9.2.3) as specified in the Thread test
specification.
The test verifies that the active Commissioner can read Active
Operational Dataset parameters direct from the Leader using the
MGMT_ACTIVE_GET.req command, and that the Leader responds correctly
with the requested TLVs.
Summary of changes:
- Implemented Nexus test 9.2.3:
- Added tests/nexus/test_9_2_3.cpp: Implements the test execution
for both Topology A (DUT as Leader) and Topology B (DUT as
Commissioner). Uses direct core method calls and sets log level
to note. Configures the link between Leader and Commissioner
using AllowList.
- Added tests/nexus/verify_9_2_3.py: PCAP verification script
validating the MGMT_ACTIVE_GET request/response handshake for
various payload configurations (empty, specific TLVs, and mixed
allowed/not-allowed TLVs).
- Enhanced MeshCoP TLV support in nexus test framework:
- Updated verify_9_2_3.py with a monkey-patch for CoapTlvParser
to support MeshCoP TLV Request (Get) TLVs.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 9_2_3 in the
default test list and expanded tests loop.
This commit fixes an intermittent failure in Nexus test 5.5.5. The
failure occurred when Router_1 performed a late upgrade from child to
router after re-attaching to the DUT. This caused a mismatch between
the RLOC16 in the captured ping packets and the RLOC16 saved in the
test info JSON at the end of the test.
Changes:
- Disabled router eligibility for Router_1 in test_5_5_5.cpp after it
becomes isolated. This ensures it remains a child of the DUT and
maintains a consistent RLOC16 for the duration of the test.
This commit enhances the `PendingRequest` class by moving more functionality
regarding the management of pending CoAP requests into this nested class
within `CoapBase`.
Specifically, this change moves the handling of the retransmission timer,
retransmission of requests, finalizing a request, and aborting all or a
subset of requests. This helps organize the code and simplifies the
`CoapBase` class implementation.
Updates `SetOffset()` to ensure the offset is always clamped to the
current message length. This guarantees that the offset remains valid
and does not exceed the message size.
Updates `MoveOffset()` to accept `int16_t` as the delta and ensures
the calculated new offset is clamped within `0` and
`NumericLimits<uint16_t>::kMax` before setting it.
Updates `SetLength()` to rely on the new `SetOffset()` behavior to
automatically adjust the offset when the message length is reduced.
This commit adds `DetermineLengthAfterOffset()` helper method to
`Message` which returns the number of bytes in the message from the
current offset to the end of the message. This pattern is commonly used
in many places to determine the remaining length of the payload.
This commit updates various core modules including MeshCoP, 6LoWPAN,
IPv6, TCP, and MeshForwarder to use this new helper.
This commit enhances the `Message::Clone()` method to support a custom
configuration. This allows callers to specify a different length and
reserved header size for the cloned message via the new overload
`Clone(uint16_t aLength, uint16_t aReserveHeader)`.
The existing `Clone()` overloads have been updated to utilize this new
configuration mechanism. Additionally, `Coap::Message::Clone()`
methods are updated to align with these changes.
A new unit test `TestCloning()` is added to `test_message.cpp` to
verify the behavior of `Clone()` with various configurations.
This commit adds a new Nexus test case 7.1.8 which verifies that
when global prefix information is set on a Full End Device (FED),
the DUT (Router) properly disseminates the associated network data.
It also verifies that the DUT sends revised server data information
to the Leader when the FED is removed.
The test setup uses:
- Leader: Forms the network.
- Router 1 (DUT): Attached to the Leader.
- FED 1: Attached to the DUT.
The test verifies that:
- FED 1 sends a CoAP Server Data Notification to the Leader after
prefixes (2001::/64 stable and 2002::/64 non-stable) are added.
- The Leader and DUT multicast MLE Data Responses containing the
new network data.
- When FED 1 is removed, the DUT unicasts a CoAP Server Data
Notification to the Leader containing only the removed server's
RLOC16.
Summary of changes:
- Created tests/nexus/test_7_1_8.cpp:
- Implements test logic using direct core method calls.
- Sets log level to note.
- Configures AllowList for specified links (Leader-Router1,
Router1-FED1).
- Includes 1-line log outputs for each test step.
- Adheres to requested block comment formatting and line length.
- Created tests/nexus/verify_7_1_8.py:
- Implements pcap-based verification of PASS criteria.
- Validates CoAP and MLE message exchanges.
- Follows requested Python filter and line length formatting.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 7_1_8 to the
default test list.
This commit adds Nexus test 5.6.9 which verifies that a router
properly forwards data packets to a Border Router based on
Network Data information.
The test implementation includes:
- test_5_6_9.cpp: C++ test execution that sets up the topology
using Leader, two Routers (one as DUT), a MED, and a SED. It
configures external routes and triggers ICMPv6 Echo Requests.
- verify_5_6_9.py: Python script to verify the pcap output
against the test specification.
Key implementation details:
- Use direct method calls instead of OpenThread APIs where
applicable.
- Configure node connectivity using AllowList.
- Set log level to 'note'.
- Follow specific comment and logging formats as required by the
nexus test framework.
- Avoid magic numbers by using constants for time and identifiers.
- Added 5_6_9 to CMakeLists.txt and run_nexus_tests.sh default list.
This commit adds a new Nexus test case for 'On Mesh Commissioner -
MGMT_COMMISSIONER_SET.req & rsp' (9.2.2) as specified in the Thread
test specification.
Summary of changes:
- Implemented Nexus test 9.2.2:
- Added tests/nexus/test_9_2_2.cpp: Implements the test execution
for Topology A (Leader DUT). The test verifies Leader's behavior
when receiving MGMT_COMMISSIONER_SET.req directly from the active
Commissioner, including validation of missing or invalid TLVs.
Uses MeshCoP::SteeringData and Tmf::MessageInfo for more idiomatic
implementation as per review feedback.
- Added tests/nexus/verify_9_2_2.py: PCAP verification script
validating the MGMT_COMMISSIONER_SET request/response handshake
and subsequent MLE Data Response.
- Enhanced MeshCoP TLV support in nexus test framework:
- Updated tests/nexus/verify_utils.py to robustly parse MeshCoP TLVs
(Commissioner Session ID, State, Steering Data, etc.) and handle
type overlaps with existing Diagnostic TLVs.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 9_2_2 in the
default test list.
This commit adds a new Nexus test case 7.1.6 which verifies network
data propagation when a Border Router leaves the network, rejoins,
and updates its server data.
The test verifies that when the DUT (Border Router) leaves, its
registered prefixes are removed from the network data after a timeout.
Upon rejoining and updating its server data, the test ensures that
the new prefixes are correctly propagated to other routers and
their children (MED and SED).
Summary of changes:
- Created tests/nexus/test_7_1_6.cpp:
- Implements the 17-step test specification.
- Handles DUT reset and rejoin as a Router (FED).
- Uses direct OpenThread core method calls.
- Configures AllowList for controlled topology.
- Addressed review comments by using more idiomatic `FromString()`
and removing redundant constants.
- Created tests/nexus/verify_7_1_6.py:
- Implements PCAP-based verification of the test steps.
- Validates prefix removal and subsequent propagation of updated
data.
- Uses non-sequential packet search for robust verification.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 7_1_6 in the
default test list.
This commit adds a new Nexus test case 5.6.7 which verifies that a
REED device (DUT) correctly identifies an outdated version of the
Network Data and automatically requests an update from its parent
after hearing an incremented Data Version in MLE Advertisements.
The test setup uses:
- Leader: Configured as a Border Router.
- Routers 1-15: Attached to the Leader to form a network with 16
active routers.
- REED 1 (DUT): Attached to Router 1.
The test verifies that:
- The DUT correctly handles RF isolation during Network Data updates.
- The DUT identifies the incremented Data Version in its parent's
(Router 1) MLE Advertisements.
- The DUT sends an MLE Data Request to its parent with a TLV Request
TLV for the Network Data TLV.
- The DUT receives the updated Network Data and subsequently
broadcasts its own MLE Advertisement with an incremented Data
Version in the Leader Data TLV.
Summary of changes:
- Created tests/nexus/test_5_6_7.cpp:
- Implements test logic using direct core method calls.
- Sets log level to note.
- Configures AllowList for specified links to create the
required topology.
- Includes 1-line log outputs for each test step.
- Created tests/nexus/verify_5_6_7.py:
- Implements pcap-based verification of PASS criteria.
- Follows requested Python filter formatting style.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 5_6_7 to the
default test list.
This commit implements a more robust mechanism to differentiate between
overlapping TLV types in CoAP payloads, specifically for TLV type 8,
which is used for both NM_STEERING_DATA_TLV (MeshCoP) and
DG_IPV6_ADDRESS_LIST_TLV (Diagnostic).
The logic previously relied solely on TLV length, which was fragile
and caused 16-byte Steering Data TLVs to be misinterpreted.
Key changes:
- Enhanced CoapTlvParser.parse() and CoapLayer to accept and pass the
CoapLayer instance as context during parsing.
- Added a 'uri_path' property to CoapLayer for easier access to the
CoAP URI path (recon).
- Updated thread_coap_tlv_parse in verify_utils.py to use the URI path
to correctly identify Diagnostic TLVs (if URI starts with '/d/') vs.
MeshCoP or other Thread TLVs.
- Updated verify_9_2_1.py monkey-patches to match the new parser
signature.
This commit adds a new Nexus test case for 'Network data expiration'
(5.6.6) as specified in the test specification.
The test verifies that network data is properly updated when deleting
a prefix or removing a server from the network.
Summary of changes:
- Implemented Nexus test 5.6.6:
- Added tests/nexus/test_5_6_6.cpp: Implements the test execution
including topology formation, on-mesh prefix configuration, and
silent power-off of a border router. The test uses direct method
calls, sets log level to note, and uses AllowList for
connectivity.
- Added tests/nexus/verify_5_6_6.py: PCAP verification script.
Validates CoAP Server Data notifications, MLE Data Responses,
and Child Update exchanges, ensuring correct network data
propagation and expiration.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 5_6_6 in the
default test list.
This commit adds a new Nexus test case 7.1.5 which verifies that the
DUT (Router) correctly sends a Server Data Notification CoAP frame when
a third global prefix is configured. It also verifies that the DUT
properly propagates the updated Network Data to its children (MED and
SED) and handles their address registration.
The test setup uses:
- Leader: Forms the network.
- Router 1 (DUT): Attached to the Leader. Acts as a Border Router with
three prefixes:
- Prefix 1 (stable)
- Prefix 2 (non-stable)
- Prefix 3 (stable)
- MED 1: Attached to the DUT, configured to require complete data.
- SED 1: Attached to the DUT, configured to request only stable data.
Summary of changes:
- Created tests/nexus/test_7_1_5.cpp:
- Implements test logic using direct core method calls.
- Sets log level to note.
- Configures AllowList for Router1-Leader, Router1-MED1, and
Router1-SED1 links.
- Sets poll period for SED 1 to ensure timely communication.
- Includes 1-line log outputs for each test step.
- Adheres to requested block comment formatting and line length.
- Created tests/nexus/verify_7_1_5.py:
- Implements pcap-based verification of PASS criteria.
- Validates selective prefix propagation based on child mode (MED
receives all prefixes, SED receives only stable prefixes 1 and 3).
- Verifies Server Data Notification and subsequent Child Update
exchanges.
- Follows requested Python filter formatting style.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 7_1_5 to the default
test list.
This commit adds a new Nexus test case 7.1.4 which verifies that
global prefix information can be set on the DUT (Router) after the
network is formed, and that the DUT correctly notifies the Leader
via CoAP and propagates the updated Network Data (stable/non-stable)
to its attached children (MED and SED).
The test setup uses:
- Leader: Already formed network.
- Router 1 (DUT): Attached to the Leader.
- MED 1: Attached to the DUT, requires complete network data.
- SED 1: Attached to the DUT, requests only stable network data.
The test verifies that:
- The DUT unicasts a CoAP Server Data Notification to the Leader
after prefixes (2001::/64 stable and 2002::/64 non-stable) are
added.
- The Leader multicasts the new network data.
- The DUT propagates the updated data to its children.
- MED 1 receives both prefixes and registers its addresses.
- SED 1 receives only the stable prefix (Prefix 1) and registers
its addresses.
Summary of changes:
- Created tests/nexus/test_7_1_4.cpp:
- Implements test logic using direct core method calls.
- Sets log level to note.
- Configures AllowList for specified links (Router1-Leader,
Router1-MED1, Router1-SED1).
- Includes 1-line log outputs for each test step.
- Adheres to requested block comment formatting.
- Created tests/nexus/verify_7_1_4.py:
- Implements pcap-based verification of PASS criteria.
- Validates selective prefix propagation based on child mode.
- Follows requested Python filter formatting style.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 7_1_4 to the
default test list.
This commit adds a new Nexus test case for 'Network data updates –
Router as BR' (5.6.5) as specified in the test specification.
The test verifies that the DUT, as Leader, properly updates and
disseminates network data after receiving new information from a
Router acting as a Border Router with three prefix configurations.
Summary of changes:
- Implemented Nexus test 5.6.5:
- Added tests/nexus/test_5_6_5.cpp: Implements test execution.
The test forms a network with a Leader (DUT), Router 1 (BR),
MED 1, and SED 1. It configures Router 1 as a BR with three
on-mesh prefixes and verifies the Leader disseminates this
information. The test uses direct method calls, sets log
level to note, and uses AllowList for connectivity.
- Added tests/nexus/verify_5_6_5.py: PCAP verification script.
Validates CoAP Server Data Notification, CoAP Response, MLE
Data Responses (multicast and unicast), and MLE Child Update
exchanges, ensuring all required TLVs and prefix information
are present.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 5_6_5 in
the default test list.
Renames LINK_LOCAL_All_THREAD_NODES_MULTICAST_ADDRESS to
LINK_LOCAL_ALL_THREAD_NODES_MULTICAST_ADDRESS and
REALM_LOCAL_All_THREAD_NODES_MULTICAST_ADDRESS to
REALM_LOCAL_ALL_THREAD_NODES_MULTICAST_ADDRESS across the test
scripts to ensure consistent ALL_CAPS_WITH_UNDERSCORES casing
for constants, adhering to PEP 8 and project conventions.
This commit adds a new Nexus test case for 'Commissioner -
MGMT_COMMISSIONER_GET.req & rsp' (9.2.1) as specified in the Thread
test specification.
Summary of changes:
- Implemented Nexus test 9.2.1:
- Added tests/nexus/test_9_2_1.cpp: Implements the test execution
for both Topology A (DUT as Leader) and Topology B (DUT as
Commissioner). The test verifies that MGMT_COMMISSIONER_GET
requests can retrieve the entire Commissioner Dataset or specific
TLVs.
- Added tests/nexus/verify_9_2_1.py: PCAP verification script.
Uses custom monkey-patching to correctly parse and verify MeshCoP
TLVs within CoAP payloads.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 9_2_1 in the
default list and handle its A/B topologies.
This commit implements otPlatDnssdStartSrvResolver and
otPlatDnssdStopSrvResolver to support service discovery on NCP.
This commit contains these changes:
* Add new spinel property for starting / stopping service resolver
* Implement encoding/decoding of the new property
* Add unit test for encoding/decoding
* Implement ncp version of dnssd platform API
otPlatDnssdStartSrvResolver and otPlatDnssdStopSrvResolver
* Add property handler to get resolver result on NCP side
* Add unit test to verify that the resolver callback is correctly
invoked after getting resolver result.
This commit adds `ReadAtAndAdvanceOffset()` to the `Message` class to
simplify reading data from the message at the current message offset
and then advancing the message offset. This pattern is commonly used
when processing message headers sequentially. The new method helps
reduce code verbosity and ensures the offset is always advanced by
the correct size.
The new helper is adopted in various core modules including DHCPv6,
IPv6, 6LoWPAN, MLE, and UDP processing.
This commit simplifies `IsPortInUse()` by using `LinkedList` helper
`ContainsMatching()` instead of manually iterating over the
list of sockets. A `SocketHandle::Matches(uint16_t aSockPort)`
is added to support this.
This commit adds a new Nexus test case for 'Network data propagation –
Router as Border Router' (5.6.4) as specified in the test
specification.
Summary of changes:
- Implemented Nexus test 5.6.4:
- Added tests/nexus/test_5_6_4.cpp: Implements the test execution
for the DUT acting as a Border Router. The test verifies that
prefixes added by the DUT are properly propagated to Router 1
and its children (MED and SED). The test uses direct method
calls, sets log level to note, and uses AllowList for
connectivity.
- Added tests/nexus/verify_5_6_4.py: PCAP verification script.
Validates the propagation of stable and non-stable prefixes
via MLE Data Response messages from Router 1 to its children,
and verifies subsequent Child Update Request/Response
exchanges for address registration.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 5_6_4 in the
default test list.
This commit adds a new Nexus test case 7.1.3 which verifies that global
prefix information can be set on the DUT (Leader) and that the DUT
correctly sets and propagates the Network Data (stable/non-stable) to
neighbors and children in an already formed network.
The test setup uses a Leader (DUT) configured as a Border Router with
both stable (2001::/64) and non-stable (2002::/64) prefixes. It
verifies that neighbors and MED_1 (requesting complete data) receive
both prefixes via MLE Data Response, while SED_1 (requesting only
stable data) receives only the stable prefix via MLE Child Update
Request.
Summary of changes:
- Created tests/nexus/test_7_1_3.cpp:
- Implements test logic using direct core method calls.
- Sets log level to note.
- Configures AllowList for Leader-Router1, Leader-MED1, and
Leader-SED1 links.
- Includes 1-line log outputs for each test step.
- Adheres to requested block comment formatting.
- Created tests/nexus/verify_7_1_3.py:
- Implements pcap-based verification of PASS criteria.
- Validates selective prefix propagation based on child mode.
- Verifies MLE Child ID and Child Update exchanges.
- Follows requested Python filter formatting style.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 7_1_3 to the
default test list.
This commit adds a new Nexus test case 5.6.3 which verifies that
the DUT, as a Router, correctly collects network data information
(stable/non-stable) from the Leader (acting as Border Router) and
propagates it properly to its children (MED and SED).
The test setup uses:
- Leader: Configured as a Border Router with both stable
(2001::/64) and non-stable (2002::/64) prefixes.
- Router 1 (DUT): Attached to the Leader.
- MED 1: Attached to the DUT, requests complete network data.
- SED 1: Attached to the DUT, requests only stable network data.
The test verifies that:
- The DUT multicasts both prefixes received from the Leader.
- MED 1 receives and registers both prefixes.
- SED 1 receives and registers only the stable prefix (Prefix 1).
- The selective propagation follows either MLE Child Update Request
or MLE Data Response paths.
Summary of changes:
- Created tests/nexus/test_5_6_3.cpp:
- Implements test logic using direct C++ method calls.
- Configures AllowList for specified links.
- Includes 1-line log outputs for each test step.
- Adheres to requested block comment formatting.
- Created tests/nexus/verify_5_6_3.py:
- Implements pcap-based verification of PASS criteria.
- Validates selective prefix propagation based on child mode.
- Follows requested Python filter formatting style.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 5_6_3 to the
default test list.
This commit fixes an issue in the Nexus simulation core where alarms
could fire multiple times at the same simulation timestamp. This occurred
because the `mScheduled` flag was not cleared upon firing, and if the
simulation time remained static (e.g., due to pending tasklets), the
`ShouldTrigger` condition would remain true across multiple iterations
of the simulation loop.
By clearing the `mScheduled` flag before invoking the fired callback,
we ensure that each scheduled alarm triggers exactly once unless it is
explicitly rescheduled by the stack. This improvement stabilizes Nexus
tests (such as 6.2.2) that were previously flaky due to this
non-deterministic behavior.
This commit adds a new Nexus test case for 'Child Synchronization
after Reset - MLE Child Update Request' (6.5.3) as specified in the
Thread test specification.
It also corrects and improves the verification of Sleepy End Device
(SED) polling behavior across Nexus tests.
Summary of changes:
- Implemented Nexus test 6.5.3:
- Added tests/nexus/test_6_5_3.cpp: Implements the test
execution for Topology B (SED_1). The test simulates a DUT
reset for a time shorter than its Child Timeout and verifies
correct synchronization with its parent.
- Added tests/nexus/verify_6_5_3.py: PCAP verification script
validating the MLE Child Update Request and SED polling.
- Fixed SED polling verification:
- Updated verify_6_5_3.py and verify_6_5_1.py to correctly
check for MAC Data Request frames (WPAN_DATA_REQUEST) instead
of MLE Data Requests.
- Switched to RLOC16-based filtering for MAC Data Requests to
reliably match packets even when 64-bit addresses are not
available due to encryption or short addressing.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_5_3.
This commit adds a new Nexus test case for 'Child Synchronization
after Reset - No Parent Response' (6.5.2) as specified in the test
specification.
Summary of changes:
- Implemented Nexus test 6.5.2:
- Added tests/nexus/test_6_5_2.cpp: Implements the test execution
for both Topology A (End Device 'ED_1') and Topology B (Sleepy
End Device 'SED_1'). The test simulates a DUT reset and a
subsequent parent failure (Router 1), verifying that the DUT
correctly reattaches to a different parent (Leader). The test
uses direct method calls, sets log level to note, and uses
AllowList for connectivity.
- Added tests/nexus/verify_6_5_2.py: PCAP verification script.
Validates the MLE Child Update Request TLVs, confirms the DUT
resumes polling if it is a SED, and verifies the subsequent
reattachment handshake with the Leader and ICMPv6 connectivity.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_5_2 in the
default test list and added expansion logic for A/B topologies.
This commit updates run_nexus_tests.sh to improve the readability
and utility of test execution:
- Capture test execution output in a log file.
- Only print the captured logs if the test fails.
- Provide a concise one-line status (PASSED/FAILED) for each test.
- Automatically clean up temporary work directories for passing tests.
- Preserve artifacts (PCAP, JSON, logs) for failed tests and print
the path to the preserved artifacts.
This commit ensures that the NetworkData::OnMeshPrefixConfig structure
is cleared using config.Clear() before it is used in Nexus tests.
Since OnMeshPrefixConfig is a local variable on the stack, its fields
can contain garbage values if not explicitly initialized. The core
validity check OnMeshPrefixConfig::IsValid() fails if both mDhcp and
mSlaac are set to true, which can happen with uninitialized memory.
Updated tests:
- tests/nexus/test_6_3_2.cpp: Fixed RunTest6_3_2.
- tests/nexus/test_5_6_1.cpp: Fixed RunTest5_6_1.
This commit adds a new Nexus test case 7.1.2 which verifies that when
global prefix information is set on the DUT (Router), it properly
unicasts information to the Leader using CoAP (Server Data Notification)
and that the DUT correctly propagates the aggregated Network Data to its
children during the attach procedure.
The test setup uses Router_1 (DUT) configured as a Border Router with
both stable (2001::/64) and non-stable (2002::/64) prefixes. It
verifies that MED_1 (requesting complete data) receives both prefixes,
while SED_1 (requesting only stable data) receives only the stable
prefix.
Summary of changes:
- Created tests/nexus/test_7_1_2.cpp:
- Implements test logic using direct C++ method calls.
- Sets log level to note.
- Configures AllowList for Router1-Leader, Router1-MED1, and
Router1-SED1 links.
- Includes 1-line log outputs for each test step.
- Adheres to requested block comment formatting.
- Created tests/nexus/verify_7_1_2.py:
- Implements pcap-based verification of PASS criteria.
- Validates selective prefix propagation based on child mode.
- Verifies MLE Child ID and Child Update exchanges.
- Follows requested Python filter formatting style.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 7_1_2 to the
default test list.
This commit adds a new Nexus test case for 'Attaching to a REED with
Better Link Quality' (6.1.6) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 6.1.6:
- Added tests/nexus/test_6_1_6.cpp: Implements the test execution
for both Topology A (End Device 'ED_1') and Topology B (Sleepy
End Device 'SED_1'). The test configures a topology where the
DUT has a bad link (LQ=1) to an active Router and a good link
(LQ=3) to a REED. It verifies that the DUT correctly sends a
second Parent Request including REEDs when the initial attempt
yields a poor quality parent. The test uses direct method calls,
sets log level to note, and uses AllowList for connectivity.
- Added tests/nexus/verify_6_1_6.py: PCAP verification script.
Validates that the DUT sends the first Parent Request with Scan
Mask set for Routers only, followed by a second Parent Request
with Scan Mask set for both Routers and REEDs. It then confirms
the DUT attaches to the REED via a Child ID Request.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_1_6 in the
default test list and added expansion logic for A/B topologies.
This commit adds a new Nexus test case for 'Key Increment of 1 with
Roll-over' (6.6.2) as specified in the test specification.
The test verifies that the DUT properly decrypts MAC and MLE packets
secured with a Key Index incremented by 1 (causing a rollover) and
switches to the new key.
Summary of changes:
- Implemented Nexus test 6.6.2:
- Added tests/nexus/test_6_6_2.cpp: Implements the test execution
for both Topology A (End Device 'ED_1') and Topology B (Sleepy
End Device 'SED_1'). The test initializes the network with
KeySequenceCounter = 127, then increments it to 128 to force
a key switch and rollover. The test uses direct method calls,
sets log level to note, and uses AllowList for connectivity.
- Added tests/nexus/verify_6_6_2.py: PCAP verification script.
Validates MLE Child ID Request and ICMPv6 Echo packets use the
expected Key Index (128 then 1), Key Source (127), and
Key ID Mode.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_6_2 in the
default test list and added expansion logic for A/B topologies.
This commit adds a new Nexus test case for 'End Device Synchronization'
(6.1.7) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 6.1.7:
- Added tests/nexus/test_6_1_7.cpp: Implements the test execution
for DUT as a Full End Device (FED). The test verifies that the DUT
automatically sends Link Requests to neighboring routers after
attaching to the Leader. The test uses direct method calls, sets
log level to note, and uses AllowList for connectivity.
- Added tests/nexus/verify_6_1_7.py: PCAP verification script.
Validates the MLE Child ID Request to the Leader and subsequent
unicast Link Requests to Router 1, 2, and 3, ensuring they contain
all required TLVs. Also verifies receipt of Link Accepts from the
routers.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_1_7 in the
default test list.
This commit adds a new Nexus test case for 'Key Increment of 1,
Single Hop' (6.6.1) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 6.6.1:
- Added tests/nexus/test_6_6_1.cpp: Implements the test execution
for both Topology A (End Device 'ED_1') and Topology B (Sleepy
End Device 'SED_1'). The test verifies that the DUT properly
decrypts MAC and MLE packets secured with a Key Index
incremented by 1 and switches to the new key. The test uses
direct method calls to KeyManager, sets log level to note,
and uses AllowList for connectivity.
- Added tests/nexus/verify_6_6_1.py: PCAP verification script.
Validates MLE Child ID Request and ICMPv6 Echo packets use the
expected Key Index (1 then 2) and Key ID Mode.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_6_1 in the
default test list and added expansion logic for A/B topologies.
This commit adds a new Nexus test case for 'Realm-Local Addressing'
(6.4.2) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 6.4.2:
- Added tests/nexus/test_6_4_2.cpp: Implements the test execution
for both Topology A (End Device 'ED_1') and Topology B (Sleepy End
Device 'SED_1'). The test verifies ICMPv6 Echo Request/Reply
using Realm-Local addresses (ML-EID, All-Nodes, and All Thread
Nodes). Fragmented (1200 bytes) and non-fragmented packets are
tested. The test uses direct method calls, sets log level to
note, and uses AllowList for connectivity (Leader <-> Router 1
<-> DUT).
- Added tests/nexus/verify_6_4_2.py: PCAP verification script.
Validates the exchange of ICMPv6 Echo packets for ML-EID,
Realm-Local All-Nodes (FF03::1), and Realm-Local All Thread
Nodes addresses. Correctly derives the Realm-Local All Thread
Nodes address from the mesh-local prefix.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_4_2 in the
default test list and added expansion logic for A/B topologies.
This commit adds a new Nexus test case 5.6.2 which verifies that
the DUT, as Leader, collects network data information (stable/
non-stable) from the network and propagates it properly during
the attach procedure.
The test setup uses Router_1 configured as a Border Router with
both stable (2001::/64) and non-stable (2002::/64) prefixes. It
verifies that SED_1 (requesting stable data) and MED_1 (requesting
complete data) receive the correct subset of network data during
the attach procedure to the Leader (DUT).
Summary of changes:
- Created tests/nexus/test_5_6_2.cpp:
- Implements test logic using direct C++ method calls.
- Configures AllowList for Leader-Router1, Leader-MED1, and
Leader-SED1 links.
- Includes 1-line log outputs for each test step.
- Adheres to requested block comment formatting.
- Created tests/nexus/verify_5_6_2.py:
- Implements pcap-based verification of PASS criteria.
- Validates selective prefix propagation based on child mode.
- Verifies MLE Child ID and Child Update exchanges.
- Follows requested Python filter formatting style.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 5_6_2 to the
default test list.
This commit adds a new Nexus test case for 'Child Synchronization after
Reset - Reattach' (6.5.1) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 6.5.1:
- Added tests/nexus/test_6_5_1.cpp: Implements the test execution
for both Topology A (Minimal End Device 'MED_1') and Topology B
(Sleepy End Device 'SED_1'). The test simulates a DUT reset for
a time longer than its Child Timeout and verifies that it
correctly reattaches to its parent (Leader). The test uses direct
method calls, sets log level to note, and uses AllowList for
connectivity.
- Added tests/nexus/verify_6_5_1.py: PCAP verification script.
Validates the MLE Child Update Request TLVs, handles the 'Error'
status response from the Leader, and confirms the subsequent
reattachment handshake and ICMPv6 connectivity. Patches
pktverify to support the mle.tlv.status field.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_5_1 in the
default test list and added expansion logic for A/B topologies.
This commit adds a default implementation of the OpenThread crypto
platform API for the PSA Crypto API.
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
This commit adds a new Nexus test case for 'Network data propagation'
(7.1.1) as specified in the Thread Test Specification.
The test verifies that the DUT, acting as a Border Router and Leader,
correctly sets Network Data (stable and non-stable) and successfully
propagates it to various child types (Router, MED, and SED) during the
attach and child update processes.
Summary of changes:
- tests/nexus/test_7_1_1.cpp: Implements the test logic.
- Configures a network with a Leader (DUT), Router_1, MED_1, and
SED_1.
- Sets up On-Mesh Prefixes on the Leader (one stable, one non-stable)
and registers them.
- Sequentially attaches Router_1, SED_1, and MED_1.
- Advances time to allow for MLE Child ID and Child Update
exchanges.
- Uses direct core method calls and sets log level to note.
- tests/nexus/verify_7_1_1.py: Python PCAP verification script.
- Verifies MLE Advertisements from the Leader.
- Validates MLE Child ID Responses to Router_1 and MED_1 contain
both prefixes.
- Validates MLE Child ID Response to SED_1 contains only the stable
prefix and ensures P_border_router_16 is 0xFFFE.
- Verifies the Child Update exchange with required TLVs for MED_1
and SED_1.
- tests/nexus/CMakeLists.txt: Added the new test to the build system.
- tests/nexus/run_nexus_tests.sh: Added 7_1_1 to the default test list.
This commit adds a new nexus test that implements the test
specification for 6.3.2 Network Data Update.
The test covers both Topology A (Minimal End Device - MED) and
Topology B (Sleepy End Device - SED). It validates that the child
device correctly identifies updated network data and requests the
full network data if necessary.
Changes:
- Added tests/nexus/test_6_3_2.cpp to execute the test.
- Added tests/nexus/verify_6_3_2.py to verify packet captures.
- Updated tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_3_2.
The C++ code uses direct core method calls and handles RF isolation
between node pairs using AllowList/UnallowList. The Python script
performs rigorous verification of MLE Data Response, Child Update
Request/Response, and Data Request packets, including Address
Registration TLV content verification.
This commit adds a new Nexus test case for 'Attaching to a Router with
Better Link Quality' (6.1.5) as specified in the test specification.
Summary of changes:
- Added tests/nexus/test_6_1_5.cpp:
- Implements test 6.1.5 using direct method calls from the core.
- Sets up a topology with a Leader, one Router, and one REED.
- Uses AllowList to configure connectivity as specified.
- Adjusts RSSI between DUT and REED to ensure lower link quality.
- Sets log level to note and includes 1-line log output for each
test step.
- Avoids magic numbers by using descriptive constants.
- Added tests/nexus/verify_6_1_5.py:
- PCAP verification script for test 6.1.5.
- Validates MLE Parent Request and Child ID Request TLVs.
- Verifies that the DUT selects Router 1 (better link quality) as
its parent.
- Confirms ICMPv6 Echo connectivity between Router 1 and the DUT.
- Follows one-condition-per-line style for verification logic.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to include nexus_6_1_5.
- Updated tests/nexus/run_nexus_tests.sh to add 6_1_5 to the
default test list.
Increase kAttachToChildTime to 100s to ensure neighbor discovery
completes for REEDs. Also set kReedThreshold to 0 to prevent
premature router upgrades during the discovery phase.
This commit updates `tests/unit/test_seeker.cpp` to use `ot::Array`
instead of C-style arrays with initializer lists for passing expected
selection orders in `CheckSelection()`.
The previous approach of passing initializer lists to a function
expecting a reference to a constant array caused compilation issues
on certain toolchains due to template deduction rules or temporary
object handling. By explicitly populating an `ot::Array` and passing
it, the test code becomes more portable and robust across different
compilers.
This commit adds a new Nexus test case for 'Orphan Reattach' (6.3.1)
as specified in the Thread Test Specification.
The test validates that the DUT (ED or SED) will correctly detach
and re-attach to the Leader after its parent (Router_1) is silently
removed from the network.
Summary of changes:
- tests/nexus/test_6_3_1.cpp: Implements the test logic.
- Sets up a network with Leader, Router_1, and DUT.
- Initially attaches DUT to Router_1.
- Silently stops Router_1 to simulate parent loss.
- Advances time to allow the DUT to detect the loss and re-attach
to the Leader.
- Verifies connectivity via ICMPv6 Echo between Leader and DUT.
- tests/nexus/verify_6_3_1.py: Python PCAP verification script.
- Validates optional Child Update Request or Data Request
messages sent during the detachment phase.
- Exhaustively verifies the MLE attach sequence (Parent Request,
Parent Response, Child ID Request, Child ID Response) with the
new parent (Leader).
- Verifies the final ICMPv6 Echo Request/Reply exchange.
- tests/nexus/CMakeLists.txt: Integrated the new test into the build
system.
- tests/nexus/run_nexus_tests.sh: Added 6_3_1_A and 6_3_1_B to the
default test list.
This commit adds a new Nexus test case for 'Link-Local Addressing'
(6.4.1) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 6.4.1:
- Added tests/nexus/test_6_4_1.cpp: Implements the test execution
for both Topology A (End Device 'ED_1') and Topology B (Sleepy End
Device 'SED_1'). The test verifies unicast and multicast ICMPv6 Echo
Request/Reply using Link-Local addresses. Fragmented and
non-fragmented packets are tested. The test uses direct method
calls, sets log level to note, and uses AllowList for
connectivity.
- Added tests/nexus/verify_6_4_1.py: PCAP verification script.
Validates the exchange of ICMPv6 Echo packets for unicast
(Extended Address-based LLA) and multicast (All Thread Nodes and
All Nodes) addresses.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_4_1 in the
default test list and added expansion logic for A/B topologies.
This commit adds a new Nexus test case for 'Attaching to a REED with
Better Connectivity' (6.1.4) as specified in the test specification.
Summary of changes:
- Added tests/nexus/test_6_1_4.cpp:
- Implements test 6.1.4 using direct method calls from Mle class.
- Sets up a topology with a Leader, one Router, and two REEDs.
- Uses AllowList to configure connectivity so REED_1 (Router 3)
has better connectivity than REED_2 (Router 2).
- Sets log level to note and includes 1-line log output for each
test step.
- Avoids magic numbers by using constants for router upgrade
thresholds.
- Added tests/nexus/verify_6_1_4.py:
- PCAP verification script for test 6.1.4.
- Validates MLE Parent Request TLVs (Scan Mask) in steps 2 and 4.
- Verifies that the DUT selects REED_1 as its parent and sends a
unicast Child ID Request with required TLVs.
- Confirms ICMPv6 Echo exchange between REED_1 and the DUT.
- Follows requested style for line continuation and logging.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to include nexus_6_1_4.
- Updated tests/nexus/run_nexus_tests.sh to add 6_1_4 to the
default test list.
This commit adds a new Nexus test case 5.6.1 which verifies that
the DUT correctly sets the Network Data (stable/non-stable) received
during the attaching procedure and propagates it properly to
devices that attach to it.
The test setup uses a Leader configured as a Border Router with
both stable and non-stable prefixes. It verifies that children
attaching to the DUT (Router_1) receive the appropriate network
data based on their requested mode (full vs. stable-only).
Summary of changes:
- Created tests/nexus/test_5_6_1.cpp:
- Implements test execution using direct C++ method calls.
- Uses AllowList to define specific node links.
- Includes 1-line log outputs for each test specification step.
- Created tests/nexus/verify_5_6_1.py:
- Implements pcap-based verification of PASS criteria.
- Checks for stable/non-stable Network Data propagation.
- Validates 6LoWPAN fragmentation and MAC security.
- Verifies address registration and ICMPv6 connectivity.
- Updated tests/nexus/CMakeLists.txt to include the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 5_6_1 to the default
test list.
This commit updates the Nexus workflow to install TShark version 4.6.2
or later by adding the 'wireshark-dev/stable' PPA. This is required
to support modern Wireshark features in Nexus tests.
This commit adds a new Nexus test case for 'Connectivity when Parent
Joins Partition' (6.2.2) as specified in the Thread Test
Specification.
The test verifies that a Child (End Device or Sleepy End Device)
maintains connectivity when the current Leader is removed and its
parent Router joins a new partition created by another Router.
Summary of changes:
- tests/nexus/test_6_2_2.cpp: C++ test execution script.
- Implements support for Topology A (MED) and Topology B (SED).
- Sets up a network with a Leader, Router_1, Router_2, and the
DUT attached to Router_1.
- Configures Router_2 with a shorter NETWORK_ID_TIMEOUT and a
maximum Partition ID preference.
- Simulates Leader removal and verifies that Router_2 creates a
new partition and Router_1 joins it.
- Verifies that the DUT maintains connectivity via MLE Child
Update (MED) or periodic data requests (SED).
- Verifies bidirectional connectivity using ICMPv6 Echo Request.
- tests/nexus/verify_6_2_2.py: Python PCAP verification script.
- Validates that Router_2 creates a new partition with the
expected maximum Partition ID.
- Validates that Router_1 joins the new partition.
- For MED, verifies the MLE Child Update Request contains correct
TLVs (Source Address, Leader Data, Mode) and Partition ID.
- For SED, verifies periodic connectivity to the parent.
- Validates the ICMPv6 Echo Request and Reply exchange.
- tests/nexus/run_nexus_tests.sh: Updated test runner.
- Added 6_2_2 to the default test list.
- Added expansion logic to run both A and B topologies.
- tests/nexus/CMakeLists.txt: Added the new test to the build system.
This commit updates `Node::Join()` to allow specifying whether a node
joining as an SED should request the full network data or only the
stable subset via the `JoinMode` parameter.
Previously, `kAsSed` implicitly requested full network data. This
change updates `kAsSed` to request only the stable subset (the
default behavior for an SED). A new `kAsSedWithFullNetData` mode is
introduced to explicitly request full network data when joining as
an SED.
This change provides more flexibility in test scenarios, allowing
validation of SEDs with different network data requirements.
This commit adds a new Nexus test case for 'CoAP Diagnostic Query and
Answer Commands – Router, FED' (5.7.3) as specified in the test
specification.
Summary of changes:
- Implemented Nexus test 5.7.3:
- Added tests/nexus/test_5_7_3.cpp: Sets up a network topology
with a Leader, Router 1, and three children (FED 1, MED 1,
SED 1) attached to Router 1. Implemented internal callback
to validate that diagnostic responses contain essential TLVs
(MAC Address, RLOC16, Mode) and verified that at least two
nodes (Router and FED) respond.
- Added tests/nexus/verify_5_7_3.py: PCAP verification script.
Validates the multicast query and the subsequent answers from
the Router and FED DUTs. Performed deep validation of returned
TLVs (MAC Address, RLOC16, Mode, Leader Router ID, IPv6 Address
List, Child Table).
- Enhanced packet verification utilities:
- Updated tests/nexus/verify_utils.py to support parsing and
registering more Thread Diagnostic TLVs (MAC Address, IPv6
Address List, Child Table, Channel Pages).
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt and run_nexus_tests.sh to
include the new test.
Review fixes:
- tests/nexus/test_5_7_3.cpp: Use Tlv::Find() for more concise and
idiomatic parsing of Network Diagnostic TLVs.
- tests/nexus/verify_5_7_3.py: Include MED_1 in Router 1's child table
verification.
This commit adds a new Nexus test case for 'Attaching to a Router
with better connectivity' (6.1.3) as specified in the test
specification.
Summary of changes:
- Implemented Nexus test 6.1.3:
- Added tests/nexus/test_6_1_3.cpp: Sets up a topology with a
Leader, three Routers (Router 1, 2, 3), and a DUT (ED/SED).
Configures the AllowList so that Router 3 has better
connectivity than Router 2. Executes the test sequence for
both Topology A (End Device) and Topology B (Sleepy End
Device). Sets log level to note. Refactored 'main' to reduce
code duplication.
- Added tests/nexus/verify_6_1_3.py: PCAP verification script.
Validates that the DUT sends a MLE Parent Request to the
All-Routers multicast address with required TLVs, and
subsequently sends a unicast MLE Child ID Request to Router 3
due to better connectivity. Also verifies ICMPv6 Echo
Request/Reply between Router 3 and the DUT.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 6_1_3 in the
default test list and added expansion logic for A/B topologies.
- Code cleanup and review fixes:
- Refactored 'main' in test_6_1_3.cpp to improve topology and
JSON filename handling.
- Removed redundant include of 'mac/data_poll_sender.hpp'.
- Fixed code style issues identified by 'make-pretty'.
Updates various Nexus test cases to utilize the `kAsFed` `JoinMode`
when calling `Node::Join`. Previously, these tests manually called
`Mle::SetRouterEligible(false)` before joining to configure the device
as a Full End Device (FED). Using the `kAsFed` parameter simplifies
the test code and leverages the existing logic within `Node::Join` to
handle the configuration.
This commit adds a new Nexus test case for 'Connectivity when Parent
Creates Partition' (6.2.1) as specified in the Thread Test
Specification.
The test verifies that a Child (End Device or Sleepy End Device)
maintains connectivity or reattaches to its parent when the current
Leader is removed and the parent Router creates a new partition.
Summary of changes:
- tests/nexus/test_6_2_1.cpp: C++ test execution script.
- Implements support for Topology A (ED) and Topology B (SED).
- Sets up a network with a Leader, Router_1, and the DUT.
- Simulates Leader power-down and verifies that Router_1 becomes
the new Leader.
- Confirms the DUT remains attached or reattaches to Router_1.
- Verifies bidirectional connectivity using ICMPv6 Echo Request.
- tests/nexus/verify_6_2_1.py: Python PCAP verification script.
- Validates the network formation and DUT attachment.
- Verifies that Router_1 creates a new partition with a new ID
after the Leader is removed.
- Validates the ICMPv6 Echo Request and Reply exchange between
Router_1 and the DUT.
- tests/nexus/run_nexus_tests.sh: Updated test runner.
- Added 6_2_1_A and 6_2_1_B to the default test list.
- Added expansion logic to run both topologies for 6_2_1.
- tests/nexus/CMakeLists.txt: Added the new test to the build system.
This commit adds a new Nexus test case for 'CoAP Diagnostic Get
Query and Answer Commands – REED' (5.7.2) as specified in the
test specification.
Summary of changes:
- Implemented Nexus test 5.7.2:
- Added tests/nexus/test_5_7_2.cpp: Sets up a topology with a
Leader, 15 Routers, and 1 REED (DUT) attached to Router 1.
Executes the test sequence by sending CoAP Diagnostic Get,
Reset, and Query commands using direct method calls to the
Network Diagnostic Client. Uses AllowList for topology
management and sets log level to note.
- Added tests/nexus/verify_5_7_2.py: PCAP verification script.
Validates that the REED DUT correctly handles diagnostic
requests, ensuring the Timeout TLV is absent in responses
and verifying MAC counter reset functionality. Also validates
multicast query and unicast answer flows.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 5.7.2 in
the default test list.
This commit introduces the `ScanResult` class, which inherits from
`otActiveScanResult`. This new class provides C++ idiomatic getter
methods that return core OpenThread types (e.g., `ExtAddress`,
`ExtendedPanId`, `NetworkName`) instead of raw C structures.
The logic for parsing a received Beacon frame and populating the
result fields is moved into `ScanResult::PopulateFromBeacon()`.
This centralizes the parsing logic and allows it to be reused
across different modules.
Consequently, `Mac`, `DiscoverScanner`, `Seeker`, and
`PanIdQueryServer` are updated to utilize `ScanResult`. The `Mac`
class is also updated to use the `Callback` template for the active
scan handler, replacing the previous raw function pointer and context.
Step 6 of test 5.8.3 requires the DUT to send an MLE Advertisement
reflecting the updated Key Sequence Counter. The previous 10-second
simulation time in this step was occasionally insufficient, as the
default MLE advertisement interval can be up to 32 seconds.
This commit increases the simulation time in Step 6 to 35 seconds
(kMaxAdvertisementTime) to ensure that at least one periodic MLE
Advertisement is captured in the pcap for verification.
This commit introduces a new nested class `Request` within `CoapBase`
to represent a pending CoAP request. The `Request` class encapsulates
the `Message` pointer and its associated `Metadata`, providing helper
methods to manage the metadata stored in the message footer.
It also introduces the `PendingRequests` helper class to manage the
queue of pending requests. This class wraps the underlying
`MessageQueue` and provides typed access to `Request` objects, along
with methods to add, remove, and search for requests.
`CoapBase` is updated to utilize these new classes for tracking
pending requests. This streamlines the logic in
`HandleRetransmissionTimer`, `ProcessReceivedResponse`, and other
methods by abstracting the low-level message and metadata manipulations.
`FinalizeCoapTransaction` is renamed to `FinalizeRequest`.
This commit fixes an intermittent failure in Nexus test 6.1.2 by
setting the REED's router upgrade threshold to 0.
By default, a REED may attempt to upgrade to a Router if the number of
active routers in the network is below a certain threshold. In this
test scenario, we want to ensure the REED remains a child until the
appropriate point in the test sequence. Setting the threshold to 0
prevents premature promotion due to low router count, ensuring more
deterministic test behavior.
This commit fixes an intermittent failure in Nexus Test 5.5.5 where
the verification script failed to find the Address Solicit Request.
The failure was caused by two main factors:
1. Re-attachment timing: The original 120s re-attachment window in
the C++ test was occasionally too short for Router 1 to detect
isolation, perform a new parent search, and complete attachment,
especially when combined with protocol jitter and router timeout.
2. Packet ordering: The Python verification script searched for the
Address Solicit Request only after the Child ID Request. However,
due to randomized router selection jitter, the DUT (REED 1) could
occasionally send the Address Solicit Request before Router 1 had
finished its attachment process.
To fix this:
- Increased kReattachTime from 120s to 140s in the C++ test to
provide a safer margin for re-attachment.
- Updated the verification script to search for the Address Solicit
Request and Link Request starting from the beginning of the
re-attachment process (Step 4), using cascade=False to maintain
the sequential search index for other mandatory packets.
Verified by running multiple repeated iterations of the test.
Previously, `PdPrefixManager::Stop()` was implemented as a call to
`Evaluate()`. The `Evaluate()` method calls `UpdateState()`, which
checks `RoutingManager::IsRunning()` to determine if the state should
be switched to `kDhcp6PdStateStopped`.
However, `RoutingManager::Stop()` calls `PdPrefixManager::Stop()`
before updating its own running state (setting `mIsRunning` to
`false`). As a result, `PdPrefixManager` would incorrectly remain in
`Running` or `Idle` state instead of stopping.
This commit updates `PdPrefixManager::Stop()` to explicitly set the
state to `kDhcp6PdStateStopped`.
This commit adds a new Nexus test case for 'Attaching to a REED'
(6.1.2) as specified in the Thread Test Specification.
The test verifies that both an End Device (ED) and a Sleepy End Device
(SED) can successfully attach to a network through a Router Eligible
End Device (REED). The test ensures that the REED correctly upgrades
to a Router to serve as the device's parent.
Summary of changes:
- tests/nexus/test_6_1_2.cpp: C++ test execution script.
- Refactored to support topology selection via command-line arguments.
- Saves topology-specific JSON metadata (e.g., test_6_1_2_A.json).
- tests/nexus/verify_6_1_2.py: Python PCAP verification script.
- Topology-aware verification supporting both ED and SED keep-alives.
- tests/nexus/run_nexus_tests.sh: Updated test runner.
- Added support for sub-tests with topology suffixes (e.g., 6_1_2_A).
- Automatically expands '6_1_2' into both '6_1_2_A' and '6_1_2_B' runs.
- Isolates artifacts (JSON/PCAP) for each topology run.
- tests/nexus/CMakeLists.txt: Added the new test to the build system.
This commit adds a new Nexus test case for 'Key Increment of 1 With
Roll-over' (5.8.3) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.8.3:
- Added test_5_8_3.cpp: Sets up a network with a Leader and a
Router_1 (DUT). Initializes the network with
KeySequenceCounter = 127. Verifies initial MLE and MAC security
parameters. Increments KeySequenceCounter by 1 to trigger a key
rollover and verifies that the DUT correctly switches to the new
key (Key Index = 1).
- Added verify_5_8_3.py: PCAP verification script for test 5.8.3.
Validates MLE Auxiliary Security Header (Key ID Mode, Key
Source, Key Index) and MAC Auxiliary Security Header in Echo
Replies.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.8.3 test executable.
- Updated run_nexus_tests.sh to include 5.8.3 in the default test
list.
This commit adds a new Nexus test case for 'CoAP Diagnostic Get
Request, Response and Reset Commands' (5.7.1) as specified in the
test specification.
Summary of changes:
- Implemented Nexus test 5.7.1:
- Added test_5_7_1.cpp: Sets up a network topology with a Leader,
Router 1 (DUT), and various child nodes (FED, MED, SED, REED).
Executes the 8-step test sequence by sending CoAP Diagnostic
Get and Reset commands from the Leader to the DUT using direct
method calls. Uses AllowList for topology management and sets
log level to note.
- Added verify_5_7_1.py: PCAP verification script for test 5.7.1.
Validates the presence and values of requested Network
Diagnostic TLVs in CoAP requests and responses. Ensures the
DUT correctly handles requests for MAC Counters, Timeout
(omitted), and Child Table, and verifies the reset functionality.
- Enhanced verification utilities:
- Updated verify_utils.py: Added length checks during Thread TLV
parsing in CoAP payloads to handle overlapping TLV types
correctly and prevent verification failures.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.7.1 test executable.
- Updated run_nexus_tests.sh to include 5.7.1 in the default test
list.
This commit adds a new Nexus test case for 'Attaching to a Router'
(6.1.1) as specified in the Thread Test Specification.
The test verifies that both an End Device (ED) and a Sleepy End Device
(SED) can successfully attach to a network.
Summary of changes:
- tests/nexus/test_6_1_1.cpp: C++ test execution script.
- Refactored to support topology selection via command-line arguments.
- Saves topology-specific JSON metadata (e.g., test_6_1_1_A.json).
- tests/nexus/verify_6_1_1.py: Python PCAP verification script.
- Topology-aware verification supporting both ED and SED.
- tests/nexus/run_nexus_tests.sh: Updated test runner.
- Added support for sub-tests with topology suffixes (e.g., 6_1_1_A).
- Automatically expands '6_1_1' into both '6_1_1_A' and '6_1_1_B' runs.
- Isolates artifacts (JSON/PCAP) for each topology run.
- tests/nexus/CMakeLists.txt: Added the new test to the build system.
This commit adds a new Nexus test case for 'Key Increment Of 1' (5.8.2)
as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.8.2:
- Added tests/nexus/test_5_8_2.cpp: Sets up a network topology
with a Leader and Router_1 (DUT). Verifies proper decryption
of MAC and MLE packets secured with an incremented key index.
- Added tests/nexus/verify_5_8_2.py: PCAP verification script for
test 5.8.2. Validates key index transitions in MLE Parent Request,
Child ID Request, ICMPv6 Echo, and MLE Advertisements.
- Enhanced pktverify framework:
- Added 'number' property to Packet class and 'frame' object to filter
evaluation context, enabling 'frame.number' checks in verification scripts.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new test.
- Updated tests/nexus/run_nexus_tests.sh to include 5.8.2 in the
default test list.
This commit implements Nexus test case 5.5.7 which verifies the
behavior of a Thread network when three routers are separated from
the leader and eventually merge back into a single partition.
Test details:
- Topology: Leader and three Routers (Router 1, Router 2, Router 3).
- Description: The Leader acts as the sole link between each router.
When the Leader is removed for longer than the leader timeout,
each router forms its own partition. When the Leader returns, it
reattaches to any available router, and eventually all routers
merge back.
Implementation:
- Added tests/nexus/test_5_5_7.cpp for C++ test logic.
- Updated Step 12 to include exhaustive bidirectional connectivity
verification between the leader and all router nodes.
- Added tests/nexus/verify_5_5_7.py for pcap-based verification.
- Updated rejoin steps to correctly handle non-deterministic parent
selection by the leader.
- Improved pcap verification robustness by using pkts.copy() and
handling potential NullFields.
- Added _verify_ping helper to refactor ping verification logic.
- Updated Step 12 to verify full bidirectional connectivity.
- Updated CMakeLists.txt and run_nexus_tests.sh to include the test.
This commit fixes a flakiness issue in Nexus Test 5.5.1 where valid
MLE Advertisements from the Leader were occasionally caught by the
"must not send advertisements" check during reset.
The issue was caused by using the ICMPv6 Echo Request as the start
boundary for the "no advertisement" check. Since there is a small
delay between the Echo Request and the actual Leader reset, the
Leader might send a perfectly valid advertisement during this window.
To fix this, the verification script now:
1. Captures the Echo Reply to ensure the network is responsive
before the reset.
2. Uses the Echo Reply timestamp plus a 2.0-second buffer as the
actual start time for the "no advertisement" check.
3. Filters advertisements in the reset range to only trigger if
they occur after this buffered reset time.
This approach robustly distinguishes between pre-reset and
post-reset packet flows, even with timing jitter or pcap delivery
delays.
This commit adds a new Nexus test case for 'Split and Merge with REED'
(5.5.5) as specified in the Thread Test Specification.
The test demonstrates that a REED will upgrade to a Router when it
becomes a necessary parent for an isolated Router after its previous
neighbor (Router 3) is removed from the network.
Summary of changes:
- tests/nexus/test_5_5_5.cpp: C++ test execution script.
- Sets up a topology with 16 active routers total.
- Uses AllowList to specify exact links between nodes.
- Powerdowns Router 3 to isolate Router 1.
- Verifies REED 1 (DUT) upgrades to router and Router 1 reattaches.
- Includes 1-line log outputs for each test step.
- Uses mesh-local EID for ICMP Echo connectivity verification.
- tests/nexus/verify_5_5_5.py: Python PCAP verification script.
- Verifies all MLE messages and CoAP Address Solicit Request.
- Ensures proper TLVs are present in MLE and CoAP messages.
- Tracks ICMPv6 Echo Request/Reply hop-by-hop through the DUT.
- Follows "one condition per line" style for better readability.
- tests/nexus/CMakeLists.txt: Added the new test to the build system.
- tests/nexus/run_nexus_tests.sh: Added 5_5_5 to the default test list.
Adds a new Nexus test case for 'Split and Merge with Routers' (5.5.4.2)
as specified in the test specification. This test verifies that the
DUT (Router_1) correctly joins a new higher-priority partition when
the Leader is removed and later merges back when the Leader returns.
Summary of changes:
- Implemented Nexus test 5.5.4.2:
- Added test_5_5_4_2.cpp: Sets up a topology with a Leader,
DUT (Router_1), Router_2, Router_3, and Router_4. Verifies
partitioning behavior, ensuring the DUT joins the higher-priority
partition formed by Router_3 and later merges with the original
Leader. Uses direct method calls, sets log level to note, and
defines links via AllowList.
- Added verify_5_5_4_2.py: PCAP verification script for test
5.5.4.2. Ensures properly formatted MLE Advertisements, verifies
the DUT does not join a lower-priority singleton partition
prematurely, and validates the reattachment and merge process.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.5.4.2 test executable.
- Updated run_nexus_tests.sh to include 5_5_4_2 in the default test
list.
This commit addresses the occasional failure of Nexus test 5.5.4.1 by
increasing the merge wait time and improving the robustness of the
packet verification script.
Summary of changes:
- In test_5_5_4_1.cpp, increased kMergeWaitTime from 200s to 300s.
This provides sufficient time for all nodes to synchronize their
Mesh-Local Prefix and update their routing tables after the network
partitions merge.
- In verify_5_5_4_1.py, updated Step 6 verification to filter ICMPv6
Echo Request and Reply packets by their specific identifier (0xabcd).
This ensures that the verifier correctly identifies the packets from
the intended test step and avoids matching stale or transient
packets from earlier parts of the test.
This commit updates the Nexus::Node::SetName(prefix, index) method
to use an underscore ('_') instead of a space between the prefix
and the index when generating the node name.
Corresponding verification scripts verify_5_2_3.py and
verify_5_2_4.py are also updated to match the new naming convention
when looking up nodes in the test environment.
All Nexus tests have been verified to pass with this change.
This commit adds a new Nexus test case for 'Split and Merge with
Routers' (5.5.4.1) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.5.4.1:
- Added test_5_5_4_1.cpp: Sets up a network topology with a Leader
(DUT), Router_1, Router_2, Router_3, and Router_4. Verifies
MLE Advertisements from the DUT. Resets the DUT to trigger
network partitions and then merges them back. Uses direct method
calls, AllowList for topology management, and ping markers for
accurate verification.
- Added verify_5_5_4_1.py: PCAP verification script for test
5.5.4.1. Verifies DUT advertisements and ensures they stop during
the reset period. Validates successful communication after the
network merges.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.5.4.1 test executable.
- Updated run_nexus_tests.sh to include 5.5.4.1 in the default test
list.
This commit adds the `Node::FindMatchingAddress()` helper method to the
`Nexus::Node` class. This method simplifies the process of finding a
unicast address on a node that matches a given IPv6 prefix.
This commit adds a new Nexus test case for 'Split and Merge: Branch
with Child' (5.5.3) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.5.3:
- Added tests/nexus/test_5_5_3.cpp: Sets up a network topology
with a Leader, two Routers, and two MEDs. Simulates a network
split by stopping the Leader and allows Routers to form new
partitions. Reintroduces the Leader and verifies that partitions
successfully merge back together. Uses direct method calls,
sets log level to note, and uses AllowList for topology.
- Added tests/nexus/verify_5_5_3.py: PCAP verification script for
test 5.5.3. Ensures correct MLE Advertisement, Parent Request,
Child ID Request, and Address Solicit exchanges during split
and merge. Validates end-to-end ICMPv6 Echo connectivity after
the merge.
- Updated build and execution scripts:
- Modified tests/nexus/CMakeLists.txt to build the new 5.5.3 test.
- Updated tests/nexus/run_nexus_tests.sh to include 5.5.3 in the
default test list.
This commit implements Nexus test case 5.5.2 which verifies the
behavior of a Thread network when the Leader reboots and remains
offline longer than the leader timeout.
Test details:
- Topology: Leader, Router_1, and MED (attached to Router_1).
- Description: When the Leader is restarted and stays rebooted
longer than the leader timeout, Router_1 becomes the new Leader.
When the original Leader returns, it reattaches to the network as
a Router.
Implementation:
- Added tests/nexus/test_5_5_2.cpp for C++ test logic.
- Added tests/nexus/verify_5_5_2.py for pcap-based verification.
- Updated CMakeLists.txt and run_nexus_tests.sh to include the test.
This commit adds a new Nexus test case for 'Leader Reboot < timeout'
(5.5.1) as specified in the Thread Test Specification.
The test demonstrates that when a Leader reboots for a period shorter
than the leader timeout, it successfully reattaches to the network
and remains the Leader without causing partition changes.
Summary of changes:
- tests/nexus/test_5_5_1.cpp: C++ test execution script.
- Sets up a topology with a Leader and a Router.
- Reboots the Leader for 80 seconds (less than the 120s timeout).
- Uses direct method calls and block comments.
- Includes 1-line log outputs for each test step.
- tests/nexus/verify_5_5_1.py: Python PCAP verification script.
- Verifies MLE Advertisements and correct TLVs.
- Ensures Leader stops advertisements during reboot.
- Validates multicast Link Request formatting after reboot.
- Confirms no Parent Request is sent by the Leader.
- Verifies ICMPv6 connectivity after reattachment.
- tests/nexus/CMakeLists.txt: Added the new test to the build system.
- tests/nexus/run_nexus_tests.sh: Added 5_5_1 to the default test list.
This commit removes redundant `p.coap.code == consts.COAP_CODE_ACK`
checks in several Nexus test verification scripts.
The `filter_coap_ack()` function in the `pktverify` framework already
filters for CoAP ACK messages, which involves checking the message
type and the CoAP code. Therefore, adding a manual filter for the same
CoAP code is redundant and can be removed for conciseness.
Summary of changes:
- tests/nexus/verify_5_1_1.py: Remove redundant CoAP ACK code check.
- tests/nexus/verify_5_1_5.py: Remove redundant CoAP ACK code checks.
- tests/nexus/verify_5_1_6.py: Remove redundant CoAP ACK code check.
- tests/nexus/verify_5_2_3.py: Remove redundant CoAP ACK code checks.
- tests/nexus/verify_5_2_6.py: Remove redundant CoAP ACK code check.
This commit adds the filter_ipv6_src() method to the PacketFilter
class in the pktverify framework. This method improves the symmetry
of the filtering API, complementing the existing filter_ipv6_dst().
The new method is used to update several verification scripts in
tests/nexus, replacing manual lambda filters for IPv6 source
addresses with a cleaner and more readable API call.
Updated scripts:
- tests/nexus/verify_5_3_3.py
- tests/nexus/verify_5_3_7.py
- tests/nexus/verify_5_3_8.py
- tests/nexus/verify_5_3_10.py
This commit removes the Python-based thread-cert tests for sections 5.1,
5.2, and 5.3. These tests have been replaced by C++ Nexus tests in
tests/nexus/, which offer better performance, reliability, and
integration with the core OpenThread codebase.
The following Python scripts have been removed from
tests/scripts/thread-cert/:
- Cert_5_1_01 through Cert_5_1_13
- Cert_5_2_01, Cert_5_2_03 through Cert_5_2_07
- Cert_5_3_01 through Cert_5_3_11
The corresponding Nexus tests are available in tests/nexus/ along with
their respective PCAP verification scripts.
Adds a new Nexus test case 5.3.11 to validate 'AQ_TIMEOUT' and
'AQ_RETRY_TIMEOUT' intervals in the Address Query transmission
algorithm.
The test verifies that the DUT:
- Correctly generates Address Query Requests on behalf of its MED
child when sending Echo Requests to a non-existent mesh-local
address.
- Correctly implements the retry delay by NOT initiating a new Address
Query frame if a subsequent Echo Request is sent before the
'ADDRESS_QUERY_INITIAL_RETRY_DELAY' expires.
- Initiates a new Address Query Request if an Echo Request is sent
after the 'ADDRESS_QUERY_INITIAL_RETRY_DELAY' has expired.
Summary of changes:
- tests/nexus/test_5_3_11.cpp: Implemented test logic using direct
method calls and 'AllowList' for topology control.
- tests/nexus/verify_5_3_11.py: Added PCAP verification ensuring correct
Address Query generation and retry interval logic.
- tests/nexus/CMakeLists.txt: Included the new test in the build system.
- tests/nexus/run_nexus_tests.sh: Added 5_3_11 to the default nexus
test list.
Adds a new Nexus test case 5.3.10 to validate that the DUT (Router_2)
correctly generates Address Query messages and responds with Address
Notification messages for SLAAC Global Unicast Addresses (GUAs).
The test verifies that:
- The DUT correctly generates Address Query Requests on behalf of its
child (MED_1) to find Router_1's GUA.
- The DUT properly responds to Address Query Requests from the Border
Router for MED_1's GUA with a CON POST Address Notification.
- The DUT correctly caches mappings and avoids redundant Address Queries
for subsequent requests.
- The DUT removes cached entries when the target's Router ID expires.
- The DUT does not respond with Address Notification after its child
(MED_1) has timed out.
Summary of changes:
- tests/nexus/test_5_3_10.cpp: Implemented test logic using direct
method calls and kLogLevelNote.
- tests/nexus/verify_5_3_10.py: Added PCAP verification script with
robust RLOC16 and IID-based packet identification.
- tests/nexus/CMakeLists.txt: Included the new test in the build system.
- tests/nexus/run_nexus_tests.sh: Added 5_3_10 to the default list.
This commit adds a new Nexus test case for 'Address Query - DHCP GUA'
(5.3.9) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.3.9:
- test_5_3_9.cpp: Sets up a topology with Leader (DHCPv6 Border
Router), Router_1, DUT (Router_2), Router_3, and SED_1
(attached to DUT). Configures DHCPv6 prefixes 2001:: and 2002::
as on-mesh prefixes. Implements test logic using direct method
calls and sets log level to NOTE. Verifies Address Query
generation on behalf of child, Address Notification responding,
caching, and cache eviction.
- verify_5_3_9.py: PCAP verification script for test 5.3.9.
Ensures correct formatting of Address Query (NON POST /a/aq) and
Address Notification (CON POST /a/an) messages. Verifies that
DUT correctly caches addresses and evicts them when Router ID
is expired by the Leader. Also verifies that DUT does not respond
to Address Query for a child that has timed out.
- Updated supporting files:
- CMakeLists.txt: Added building of the 5_3_9 test executable.
- run_nexus_tests.sh: Added 5_3_9 to the default test list.
The test verifies that the DUT is able to generate Address Query
messages on behalf of its children and properly respond with Address
Notification messages to other routers, while correctly managing its
address cache for DHCPv6 GUA addresses.
This commit updates `Seeker` to use `MessageBackedArray` for storing
discovered candidates. This moves candidate storage from statically
allocated RAM in the `Seeker` instance to a `Message` buffer,
reducing the resident memory footprint.
The connection logic is enhanced to prioritize network diversity. The
`Seeker` now attempts to connect to the most favored candidate of
each unique network (Extended PAN ID) first. After exhausting unique
networks, it proceeds to remaining backup candidates. This improves
the likelihood of finding the correct network quickly in multi-network
environments.
The candidate storage policy is updated to limit entries per network
(defined by `kMaxCandidatesPerNetwork`). When storage is full, the
`Seeker` evicts a redundant entry from a well-represented network to
accommodate new network discoveries.
A detailed unit test `test_seeker` is included to validate candidate
tracking and selection order under various scenarios.
Updated the code style in all tests/nexus/verify_5_*.py files to use one
condition per line with the dot operator at the end of the line.
This aligns the scripts with the established pattern in verify_5_1_1.py
and improves readability.
This commit introduces a new helper method `Utils::ToYesNo()` in the
CLI module to convert boolean values into "yes" or "no" strings.
Previously, this conversion was performed using inline ternary
operators (e.g., `val ? "yes" : "no"`) scattered throughout the CLI
implementation. This change replaces these instances with the new
helper method, improving code readability and consistency.
This commit adds CLI support for the Border Agent Admitter feature.
The new commands allow users to enable/disable the admitter, check
its state, configure the joiner UDP port, and list active enrollers
and their accepted joiners.
This change also includes the corresponding documentation in
`src/cli/cli_ba.cpp` and `src/cli/README.md`.
This commit adds a new Nexus test implementing test specification 5.3.8
(MTD Child Address Set).
The test validates that the DUT MTD Child Address Set can hold at least
4 IPv6 non-link-local addresses and that the DUT does not send Address
Query requests for target addresses that should be in its child address
set.
Changes:
- Add tests/nexus/test_5_3_8.cpp to implement the test logic.
- Add tests/nexus/verify_5_3_8.py to verify pcap output.
- Update tests/nexus/CMakeLists.txt to include the new test.
- Update tests/nexus/run_nexus_tests.sh to include 5.3.8 in the default
test list.
This commit adds a new Nexus test case for 'Duplicate Address Detection'
(5.3.7) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.3.7:
- Added test_5_3_7.cpp: Sets up a network topology with a Leader
(DUT), two Routers, two MEDs, and one SED. Configures an on-mesh
prefix and assigns the same IPv6 address to two different nodes
(MED_1 and SED_1). Instructs MED_2 to send an Echo Request to
the duplicate address and verifies the resulting Address Query
and Address Error Notification exchanges. Uses direct method calls
and sets log level to note.
- Added verify_5_3_7.py: PCAP verification script for test 5.3.7.
Ensures that the Leader sends MLE Advertisements, multicasts an
Address Query (/aq) to FF03::2, receives Address Notifications
(/an) from Routers, and finally multicasts an Address Error
Notification (/ae) to FF03::2.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.3_7 test executable.
- Updated run_nexus_tests.sh to include 5_3_7 in the default test
list.
Adds a new Nexus test case for 'Router ID Mask' (5.3.6) as specified
in the test specification. This test verifies that the router ID mask
is managed correctly as connectivity to routers is lost and regained.
Summary of changes:
- Implemented Nexus test 5.3.6:
- Added test_5_3_6.cpp: Sets up a Leader (DUT) and two Routers.
Verifies that the Leader correctly removes Router IDs from its
routing table after connectivity is lost for a prolonged period
and updates them when routers reattach. Uses direct method calls
and AllowList for topology management.
- Added verify_5_3_6.py: PCAP verification script for test 5.3.6.
Ensures MLE Advertisements correctly reflect the addition and
removal of Router IDs from the ID mask.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.3.6 test executable.
- Updated run_nexus_tests.sh to include 5.3.6 in the default test
list.
This commit updates `Ip6::Address` to expose `static` getter methods for
common multicast addresses (e.g., `GetLinkLocalAllNodesMulticast()`)
as public API.
Consequentially, the wrapper `SetTo...` and `Is...` methods for these
multicast addresses are removed. Callers are updated to use the
`static` getters directly. This change simplifies usage by allowing
direct access to the constant address instances, often eliminating
the need for local `Ip6::Address` variables.
This commit adds a new Nexus test case for 'Routing - Link Quality'
(5.3.5) as specified in the Thread Test Specification.
The test validates that the DUT properly routes traffic when link
qualities between nodes are adjusted. It ensures that the shortest
path is chosen based on link costs and that direct neighbors are
prioritized for equal-cost paths.
Summary of changes:
- Implemented Nexus test 5.3.5:
- Added test_5_3_5.cpp: Sets up a multi-hop topology using
AllowList (Leader, DUT, Router 2, Router 3). Adjusts RSSI
to simulate Link Quality levels 3, 2, 1, and 0 between the
Leader and DUT. Initiates pings from Router 3 to Leader.
- Added verify_5_3_5.py: PCAP verification script that validates
multi-hop paths and ensures the 'hopsLft' field in the 6LoWPAN
Mesh Header is correctly maintained.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.3.5 test executable.
- Updated run_nexus_tests.sh to include 5.3.5 in the default list.
Adds a new Nexus test case 5.3.4 to validate that an MTD (Router_1
acting as DUT) correctly maintains an EID-to-RLOC Map Cache for its
Sleepy End Device (SED) child.
The test verifies that the DUT:
- Correctly generates Address Query Requests on behalf of its SED
child when the child sends Echo Requests to multiple MED nodes.
- Properly caches the EID-to-RLOC mappings after receiving Address
Notifications from the Leader.
- Reuses the cached mappings for subsequent Echo Requests from the
SED, without sending additional Address Queries.
Summary of changes:
- tests/nexus/test_5_3_4.cpp: Implemented test logic, refactored with
loops for maintainability.
- tests/nexus/verify_5_3_4.py: Added order-independent verification
for Address Queries and Notifications.
- tests/nexus/CMakeLists.txt: Included the new test in the build
system.
- tests/nexus/run_nexus_tests.sh: Added 5_3_4 to the default nexus
test list.
This commit updates `tests/nexus/CMakeLists.txt` to include
`${OT_CFLAGS}` in `target_compile_options` for `ot-nexus-platform`
and test executables. This enables stricter compiler warnings and
errors during the build process.
It also addresses issues exposed by the new flags, including unused
variables and constants, shadow variable declarations, and member
variable initialization order in constructors.
Adds a new Nexus test case for 'Address Query - ML-EID' (5.3.3) as
specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.3.3:
- test_5_3_3.cpp: Sets up a topology with Leader, Router_1, DUT
(Router_2), Router_3, and MED_1 (attached to DUT). Implements
the test logic using direct method calls and sets log level to
NOTE. Verifies Address Query generation, Address Notification
responding, caching, and cache eviction.
Note: Step 6 is modified to use ML-EID instead of GUA 2001::
as 2001:: is not configured as an on-mesh prefix in the test.
- verify_5_3_3.py: PCAP verification script for test 5.3.3.
Ensures correct formatting of Address Query (NON POST /a/aq) and
Address Notification (CON POST /a/an) messages. Verifies that
DUT correctly caches addresses and evicts them when Router ID
is expired by the Leader.
- Updated supporting files:
- verify_utils.py: Added support for parsing 'NL_ML_EID_TLV' in
CoAP payloads.
- CMakeLists.txt: Added building of the 5_3_3 test executable.
- run_nexus_tests.sh: Added 5_3_3 to the default test list.
The test verifies that the DUT is able to generate Address Query
messages on behalf of its children and properly respond with Address
Notification messages to other routers, while correctly managing its
address cache.
This commit fixes a flakiness in Nexus test 5.2.3 'Leader rejects CoAP
Address Solicit (2-hops from Leader)'.
The test builds a topology with 32 routers (the maximum allowed).
Occasionally, some routers would spontaneously downgrade to REEDs
during the setup phase because the default Router Downgrade Threshold
is 23. This led to failures when the test verified that all 31 joining
nodes had become routers.
The fix sets both 'RouterUpgradeThreshold' and 'RouterDowngradeThreshold'
to 'kMaxRouters' (32) for the leader and all routers, ensuring they
remain in the router role throughout the test.
Additionally, this commit wraps the 'BecomeRouter' call with
'SuccessOrQuit' to resolve a compiler warning and ensure the
operation's success is verified.
Summary of changes:
- Modified tests/nexus/test_5_2_3.cpp to set appropriate router
thresholds and use SuccessOrQuit for role transition.
Adds a new Nexus test case for 'Realm-Local Addressing' (5.3.2) as
specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.3.2:
- Added test_5_3_2.cpp: Sets up a topology with a Leader,
Router 1, Router 2 (DUT), and SED 1. Verifies that the DUT
correctly handles and responds to ICMPv6 Echo Requests sent to
its ML-EID and various Realm-Local multicast addresses
(FF03::1, FF03::2, and Realm-Local All Thread Nodes).
- Added verify_5_3_2.py: PCAP verification script for test 5.3.2.
Ensures that the DUT MUST NOT forward multicast Echo Requests
(FF03::1, FF03::2) to the SED, and that it MUST use IEEE
802.15.4 indirect transmissions to forward the Realm-Local All
Thread Nodes multicast packet to the SED.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.3.2 test executable.
- Updated run_nexus_tests.sh to include 5.3.2 in the default
test list.
This commit fixes a flakiness in Nexus test 5.2.1 'REED Attach'.
The test occasionally failed due to the non-deterministic timing of the
REED_1 upgrade process. In some runs, REED_1 would upgrade to a router
(Step 7) before MED_1 sent its initial Parent Request (Step 6),
causing a mismatch in the strict chronological packet sequence
expected by the verification script.
The verification script is updated to handle Step 6 and Steps 7/8
independently. It now uses separate packet filter copies to find both
sets of events regardless of their relative order. The main packet
index is then advanced to the end of all confirmed activities.
Summary of changes:
- Modified tests/nexus/verify_5_2_1.py to implement flexible order
verification for MED_1 join and REED_1 upgrade events.
Adds a new Nexus test case for 'Link-Local Addressing' (5.3.1) as
specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.3.1:
- Added test_5_3_1.cpp: Sets up a Leader and a Router (DUT)
topology. Leader sends various ICMPv6 Echo Requests (standard and
fragmented, unicast and multicast) to the DUT. Verifies that the
DUT responds with ICMPv6 Echo Replies. Uses direct method calls to
access the core stack.
- Added verify_5_3_1.py: PCAP verification script for test 5.3.1.
Ensures that all Echo Request/Reply exchanges are present in the
pcap and use the correct source and destination addresses.
Follows the one-condition-per-line style for packet filters.
- Updated verify_utils.py to dynamically update the All Thread Nodes
multicast address based on the mesh-local prefix.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.3.1 test executable.
- Updated run_nexus_tests.sh to include 5.3.1 in the default test
list.
- Cleaned up unused constants kEchoResponseTime and kEchoIdentifier in
test_5_3_1.cpp.
This commit fixes a logic error in `test_border_admitter` where the
assignment operator `=` was used instead of the equality operator
`==` inside `VerifyOrQuit()` checks.
Adds a new Nexus test case for 'REED Synchronization' (5.2.7) as
specified in the test specification.
The test validates the REED's Synchronization procedure after
attaching to a network with multiple Routers. A REED must process
incoming Advertisements and perform a one-way frame-counter
synchronization with at least 3 neighboring Routers.
Summary of changes:
- Implemented Nexus test 5.2.7:
- Added test_5_2_7.cpp: Sets up a topology with 16 active
routers (Leader + 15 Routers) and adds a REED last.
Verifies the REED joins and remains a child.
- Added verify_5_2_7.py: PCAP verification script for test
5.2.7, ensuring the REED sends Link Requests and receives
Link Accepts from at least three distinct neighbors with
mandatory TLVs.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.2.7 test
executable.
- Updated run_nexus_tests.sh to include 5.2.7 in the default
test list.
This commit adds a new Nexus test case 5_2_6 which implements the
"Router Downgrade Threshold - REED" test specification.
The test verifies that a router (DUT) will downgrade to a REED when
the network becomes too dense (exceeding the Router Downgrade
Threshold).
Summary of changes:
- Added tests/nexus/test_5_2_6.cpp to execute the test.
- Added tests/nexus/verify_5_2_6.py to verify the pcap output.
- Updated tests/nexus/CMakeLists.txt to include the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 5_2_6 to default tests.
The test builds a topology with 23 initial routers and then adds a 24th
router to trigger the downgrade condition on the DUT, which uses
default thresholds (16/23).
This commit adds a new Nexus test case 5.2.5 which validates that
a Router Eligible End Device (REED) correctly generates Address
Notification messages in response to Address Query messages.
The test implementation includes:
- test_5_2_5.cpp: Sets up a 16-router topology using AllowList
constraints and executes the test procedure.
- verify_5_2_5.py: Verifies the resulting pcap to ensure correct
Address Notification format (Target EID, RLOC16, and ML-EID TLVs)
and Echo Reply sequence.
Summary of changes:
- Added tests/nexus/test_5_2_5.cpp and tests/nexus/verify_5_2_5.py.
- Updated tests/nexus/CMakeLists.txt to include the new test.
- Updated tests/nexus/run_nexus_tests.sh to add 5_2_5 to default tests.
- Enabled OPENTHREAD_CONFIG_DHCP6_CLIENT_ENABLE and
OPENTHREAD_CONFIG_DHCP6_SERVER_ENABLE in
tests/nexus/openthread-core-nexus-config.h to support DHCPv6
prefixes used in the test.
This commit adds helper methods in Nexus to simplify ICMPv6 echo
exchanges:
- `Node::SendEchoRequest()`: sends an ICMPv6 Echo Request with
configurable parameters such as payload size and hop limit.
- `Core::SendAndVerifyEchoRequest()`: sends an Echo Request and
validates the matching Echo Reply within a timeout.
This commit also update various certification tests to use these
helpers, removing duplicate local utility functions.
This commit updates Test5_1_11 in tests/nexus/test_5_1_11.cpp to
properly check the return value of AddRssIn() calls using the
SuccessOrQuit() macro. This ensures that any failure in configuring
the RSSI filters during the test setup is immediately caught.
Adds a new Nexus test case for 'Router Upgrade Threshold - REED' (5.2.4)
as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.2.4:
- test_5_2_4.cpp: Sets up a topology with 16 routers (including Leader)
and verifies that a REED DUT does not upgrade to a router until a
minimal end device (MED) attempts to attach to it.
- verify_5_2_4.py: PCAP verification script for test 5.2.4, ensuring
correct MLE advertisements, Parent/Child ID exchange, Address Solicit
Request formatting, and ICMPv6 Echo connectivity.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5_2_4 test executable.
- Updated run_nexus_tests.sh to include 5_2_4 in the default test list.
The test verifies that the DUT correctly manages the router upgrade
threshold and transitions to the router role when required to support a
child.
Changes 'IsChild()' check to 'IsAttached()' for REED_1 in test 5.2.1.
REED_1 may quickly transition beyond the child state (e.g., to router)
after attaching, causing 'IsChild()' to occasionally fail depending
on the timing of the check. Using 'IsAttached()' ensures the node is
successfully connected to the network regardless of its specific role.
Adds a new Nexus test case for 'Leader rejects CoAP Address Solicit
(2-hops from Leader)' (5.2.3) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.2.3:
- Added test_5_2_3.cpp: Sets up a topology with a Leader, 31 routers
(fully connected to Leader), and a 32nd router (Router 32) that is
2-hops away from the Leader via Router 1. Verifies that the Leader
rejects the Address Solicit Request from the 33rd router with a
'No Address Available' status (1).
- Added verify_5_2_3.py: PCAP verification script for test 5.2.3.
Ensures the Address Solicit Request is sent by Router 32 to the
Leader, and that the Leader responds with a CoAP ACK containing
a Status TLV with value 1 (NL_NO_ADDRESS_AVAILABLE).
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.2.3 test executable.
- Updated run_nexus_tests.sh to include 5.2.3 in the default test
list.
This commit introduces the Border Agent Admitter feature , which
enhances Thread MeshCoP.
A Border Admitter is an enhanced Border Agent that functions as a
traditional BA while enabling new behaviors. It acts as a proxy and
dispatcher, allowing multiple external Enrollers to connect to it. It
then petitions to become the single Active Commissioner on the Thread
mesh, forwards new joiner requests to connected Enrollers, and
manages the session between joiners and multiple Enrollers
The implementation includes three main components:
- `Admitter`: The main class that orchestrates the feature, managing
enroller sessions and aggregating steering data.
- `Arbitrator`: A distributed election mechanism that runs among
Border Admitters on the mesh to select a single "Prime Admitter" by
publishing a new Border Admitter service in the Thread Network
Data.
- `CommissionerPetitioner`: A sub-component responsible for
petitioning the Leader to be granted the commissioner role. It
handles conflicts if another commissioner is already active.
New public APIs are added in `openthread/border_agent_admitter.h`.
This commit also introduces a suite of comprehensive tests for the
Border Admitter functionality under the `nexus` test framework. It
covers various scenarios including:
- Prime Admitter election and role management
- Enroller registration, keep-alive, and timeout interactions
- Handling of commissioner conflicts and petitioner retry mechanisms
- Support for multiple enroller sessions and combined steering data
- Forwarding of Joiner `RelayRx` and `UdpProxy` messages
- Joiner acceptance, release, and expiration tracking
Adds a new Nexus test case for 'REED Attach' (5.2.1) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.2.1:
- Added test_5_2_1.cpp: Sets up a Leader, REED_1, and MED_1 (DUT) topology.
Ensures REED_1 upgrades to a Router when the DUT attaches. Verifies
connectivity from the Leader to the DUT via REED_1 using ICMP Echo.
- Added verify_5_2_1.py: PCAP verification script for test 5.2.1,
ensuring MLE Parent Requests, Address Solicit/Responses, and ICMP
Echo Request/Replies are correctly exchanged and forwarded.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.2.1 test executable.
- Updated run_nexus_tests.sh to include 5.2.1 in the default test list.
Currently, the `run_cert()` function in `run_cert_suite.py` invokes
test scripts using `subprocess.check_call()` without a timeout. This
can cause the test suite to hang indefinitely if a test script fails
to terminate.
This commit updates `run_cert_suite.py` to support a configurable
`--timeout` argument. It passes this timeout to `check_call()` and
handles `subprocess.TimeoutExpired` to log failure and print output
upon timeout.
Additionally, this commit updates `script/test` to pass the
`TEST_TIMEOUT` environment variable to the test runner and updates
GitHub workflow configurations to define specific timeout values for
various test jobs.
Updates the `ot_nexus_test` macro to accept a list of labels for each
test case. This allows for categorizing tests and executing specific
subsets using `ctest -L`.
The tests are now assigned labels such as `core`, `cert`, and `trel`.
The `core` label is used for tests that verify OpenThread core logic
and behavior, distinguishing them from `cert` tests which cover
certification scenarios.
The GitHub workflow is updated to utilize `ctest -L` for running the
tests, replacing the previous `ninja test` command.
This commit adds `MessageBackedArray`, which implements a dynamic
array backed by a `Message` for data storage.
The new array class supports:
- Pushing new elements to the end.
- Reading and writing elements at specific indices.
- Searching in the array to find matching entries.
- Iterating over array elements.
- Clearing the array and freeing the underlying message.
Unit tests are added in `tests/unit/test_msg_backed_array.cpp` to
verify its functionality.
This commit updates `Joiner::Start()` to explicitly call
`SetIdFromIeeeEui64()` when `mDiscerner` is empty. This ensures that
the Joiner ID is freshly derived from the current IEEE EUI-64 address,
guaranteeing correctness even if the address was not ready during
initialization or has changed since the instance was created.
This commit optimizes the CoAP retransmission timer logic by removing
the `ScheduleRetransmissionTimer()` method, which iterated over all
pending requests to determine the next fire time.
The logic is updated as follows:
- `HandleRetransmissionTimer()` now determines the next fire time
while iterating over the `mPendingRequests` list to process
retransmissions. This avoids a redundant second pass over the list.
- `NextFireTime` is used to track the earliest fire time.
- `CopyAndEnqueueMessage()` uses `Timer::FireAtIfEarlier()` to
update the timer only if the new message's fire time is earlier
than the current schedule.
- `DequeueMessage()` no longer triggers a schedule update. If the
dequeued message was the next to expire, the timer will fire,
perform no actions, and then reschedule itself.
This commit removes a debug print statement in the Bytes.__eq__
method that was causing excessive output to stderr during packet
verification. The print statement was logging every byte comparison,
leading to cluttered logs and potentially impacting performance or
causing issues with log analysis.
- Removed print statement from Bytes.__eq__ in
tests/scripts/thread-cert/pktverify/bytes.py.
This commit updates `FreeJoinerFinalizeMessage()` to remove the state
check, allowing the message to be freed regardless of the current
state. It also removes the redundant cleanup in
`PrepareJoinerFinalizeMessage()` since `Joiner::Start()` handles the
cleanup upon error.
The `Joiner::Start()` method allocates the Joiner Finalize message and
then transitions the state to `kStateDiscover` before starting the
Seeker. If starting the Seeker fails, the exit label performs
cleanup, including calling `FreeJoinerFinalizeMessage()`. Previously,
`FreeJoinerFinalizeMessage()` checked that the state was `kStateIdle`
before freeing the message. Since the state had already been updated
to `kStateDiscover`, the message would not be freed, leading to a
message leak on failure.
Adds SuccessOrQuit() around SetRouterEligible() calls in Nexus tests to
properly handle potential errors and ensure test robustness.
Summary of changes:
- Modified tests/nexus/test_5_1_8.cpp, test_5_1_9.cpp, test_5_1_10.cpp,
and test_5_1_11.cpp to wrap SetRouterEligible(false) calls in SuccessOrQuit().
- Verified that tests build and pass correctly with these changes.
Adds a new Nexus test case for 'Router Synchronization after Reset' (5.1.13)
as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.13:
- test_5_1_13.cpp: Sets up a Leader and Router_1 topology,
simulates a router reset, and verifies successful re-synchronization.
- verify_5_1_13.py: PCAP verification script for test 5.1.13, ensuring
correct MLE advertisements, Link Request/Accept exchange, and
proper response timing and TLV validation.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.13 test executable.
- Updated run_nexus_tests.sh to include 5.1.13 in the default test list.
Adds a new Nexus test case for 'New Router Neighbor Synchronization' (5.1.12)
as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.12:
- Added test_5_1_12.cpp: Sets up a topology with a Leader, Router_2,
and DUT. DUT and Router_2 first attach to the Leader, then the
harness enables a direct link between them to trigger the
New Router Neighbor Synchronization procedure.
- Added verify_5_1_12.py: PCAP verification script for test 5.1.12,
ensuring that the DUT sends properly formatted MLE Advertisements
and exchanges Link Request/Accept messages with Router_2 as
required by the specification.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.12 test executable,
inserting it after 5.1.6.
- Updated run_nexus_tests.sh to include 5.1.12 in the default test list.
Adds a new Nexus test case for 'Attaching to a REED with better link
quality' (5.1.11) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.11:
- Added test_5_1_11.cpp: Sets up a topology with Leader, REED_1,
Router_2, and Router_1 (DUT). Configures RSSI to ensure REED_1
has a higher link quality than Router_2. Verifies that the DUT
attaches to REED_1 as its parent.
- Added verify_5_1_11.py: PCAP verification script for test 5.1.11,
validating the MLE Parent Request sequence (Routers then REEDs)
and the final attachment to REED_1.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.11 test executable.
- Updated run_nexus_tests.sh to include 5.1.11 in the default test list.
Adds a new Nexus test case for 'Parent Selection - Superior Link Quality'
(5.1.10) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.10:
- Added test_5_1_10.cpp: Sets up a Leader, Router_1, Router_2, and
Router_3 (DUT) topology. Uses AddRssIn to configure Router_1 with
superior link quality (LQ3) and Router_2/Leader with LQ2 relative
to the DUT. Verifies that the DUT selects Router_1 as its parent
during attachment.
- Added verify_5_1_10.py: PCAP verification script for test 5.1.10,
ensuring that the MLE Parent Request contains the mandatory TLVs
and that the Child ID Request is correctly sent to the superior
link-quality router (Router_1).
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.10 test executable.
- Updated run_nexus_tests.sh to include 5.1.10 in the default test
list.
Adds a new Nexus test case for 'Attaching to a REED with better
connectivity' (5.1.9) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.9:
- Added test_5_1_9.cpp: Sets up a Leader, Router_1, REED_1, REED_2, and
Router_2 (DUT). Configures REED_1 with better connectivity (links to
both Leader and Router_1) than REED_2 (link only to Leader). Verifies
that the DUT selects REED_1 as its parent.
- Added verify_5_1_9.py: PCAP verification script for test 5.1.9,
verifying MLE Parent Requests (Scan Masks 0x80 and 0xC0), Key ID Mode
0x02 in Step 5, ensuring REEDs do not respond to the first Parent
Request, comparing Connectivity TLV contents in Parent Responses to
ensure REED_1 is correctly selected, and ensuring Address Registration
TLV is absent in the Child ID Request.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.9 test executable.
- Updated run_nexus_tests.sh to include 5.1.9 in the default test list.
This commit fixes and enhances `test_coap_block.py`. Previously, the
test masked failures by using multiple trials and suppressing
exceptions. It appeared to pass even though an incorrect regex match
in `coap_wait_request()` caused it to consistently fail.
The regex in `coap_wait_request()` is updated to correctly match CLI
output and capture the CoAP method (GET, PUT, POST, DELETE).
The test script is enhanced by:
- Removing trial/retry logic and exception suppression that masked
previous failures.
- Verifying both request and response messages for GET, PUT, and
POST.
- Validating source IPv6 addresses in requests and responses.
- Ensuring the payload presence matches the expected behavior for each
CoAP method.
Adds a new Nexus test case for 'Attaching to a Router with better
connectivity' (5.1.8) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.8:
- Added test_5_1_8.cpp: Sets up a multi-router topology (Leader <-> R3 <->
R1 <-> R2). Uses AllowList to enforce path costs, verifying that the
DUT (Router_4) selects R3 as its parent since it has the best
connectivity (1 hop to Leader).
- Added verify_5_1_8.py: PCAP verification script for test 5.1.8,
ensuring MLE Parent Request, Parent Responses, and Child ID Request
follow the specification. Validates mandatory TLVs and the absence
of the Address Registration TLV in the Child ID Request.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.8 test executable.
- Updated run_nexus_tests.sh to include 5.1.8 in the default test list.
This commit updates `Coap::BlockwiseTransmitHook` to calculate the
current block count based on the block position (`aPosition`) and
block length (`*aBlockLength`), rather than relying on a `static`
variable.
The previous implementation used a `static uint32_t blockCount` to
track the progress of the block-wise transfer. This approach caused
issues when multiple transfers occurred concurrently or when the
process persisted across test retries (as in the simulation
environment). In such cases, the static variable could become out of
sync, leading to incorrect transfer termination or infinite loops.
By deriving `blockCount` from `aPosition`, the hook becomes stateless
and correctly handles retransmissions and concurrent transfers.
Adds a new Nexus test case for 'Minimum Supported Children – IPv6 Datagram
Buffering' (5.1.7) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.7:
- Added test_5_1_7.cpp: Sets up a Leader, Router_1 (DUT), 4 MEDs, and 6
SEDs. Verifies the DUT can handle the minimum required number of
children and buffers multiple concurrent IPv6 datagrams (including
a 1280-octet MTU packet) destined for SEDs.
- Added verify_5_1_7.py: PCAP verification script for test 5.1.7,
ensuring proper MLE attachment, correct forwarding of ICMPv6 Echo
Requests/Replies, and verification of buffered traffic to SEDs.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.7 test executable.
- Updated run_nexus_tests.sh to include 5.1.7 in the default test list.
This commit updates `CoapBase::ProcessBlockwiseSend()` to ensure a
Payload Marker is appended before adding the first block of data.
`SendMessage()` always calls `ParseHeaderAndOptions()` with
`kRemovePayloadMarkerIfNoPayload`, which removes any existing payload
marker if the message body is empty. However, for block-wise transfers,
the payload is added later via the block-wise transmit hook in
`ProcessBlockwiseSend()`. If the marker was removed, the first
block would be appended directly after the options without a
separator, resulting in a malformed CoAP message.
This change ensures that `ProcessBlockwiseSend()` explicitly restores
or adds the payload marker before appending the block data. The
documentation for `Message::AppendPayloadMarker()` is also updated to
clarify that the method is idempotent, making no changes if a marker
is already present.
Adds a new Nexus test case for 'Leader removes Router ID' (5.1.6) as
specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.6:
- Added test_5_1_6.cpp: Sets up a Leader and Router_1 (DUT) topology.
Verifies that when the Leader de-allocates a Router ID, the DUT
automatically re-attaches.
- Added verify_5_1_6.py: PCAP verification script for test 5.1.6,
ensuring that MLE Parent Request, MLE Child ID Request, and
Address Solicit Request messages follow the specification.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.6 test executable.
- Updated run_nexus_tests.sh to include 5.1.6 in the default test list.
Adds a new Nexus test case for 'Router Address Timeout' (5.1.5) as
specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.5:
- Added test_5_1_5.cpp: Sets up a Leader (DUT) and Router_1 topology.
Verifies that after deallocating a Router ID, the Leader does not
reassign that same Router ID for at least ID_REUSE_DELAY seconds.
Uses direct core method calls and nexus.AdvanceTime() for precise
timing control.
- Added verify_5_1_5.py: PCAP verification script for test 5.1.5,
ensuring that the Address Solicit Response contains a different
Router ID when requested before ID_REUSE_DELAY, and the requested
Router ID when requested after ID_REUSE_DELAY.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.5 test executable.
- Updated run_nexus_tests.sh to include 5.1.5 in the default test list.
Adds a new Nexus test case for 'Router Address Reallocation – DUT creates
new partition' (5.1.4) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.4:
- Added test_5_1_4.cpp: Sets up a Leader, Router_1 (DUT), and Router_2
topology. Uses AllowList to dynamically control connectivity,
verifying that Router_1 creates a new partition when the original
Leader is removed and Router_1 fails to reattach.
- Added verify_5_1_4.py: PCAP verification script for test 5.1.4,
verifying MLE Parent Requests (reattach attempts), new partition
creation, and Address Solicit Response.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.4 test executable.
- Updated run_nexus_tests.sh to include 5.1.4 in the default test list.
This commit introduces Seeker APIs in OpenThread. An earlier commit
extracted the discovery and candidate selection logic from the `Joiner`
role into a new, standalone `Seeker` module.
The `Seeker` is responsible for performing MLE Discover Scans to find
nearby Joiner Router candidates. It prioritizes these candidates based
on RSSI and steering data (indicating whether the Joiner is preferred)
and manages the list of candidates for connection attempts.
This separation allows the `Seeker` functionality to be utilized
independently of the full `Joiner` role, enabling the development of
custom joining mechanisms over Thread.
A new configuration option `OPENTHREAD_CONFIG_SEEKER_ENABLE` has been
added to control the presence of `otSeeker` APIs.
Adds a new Nexus test case for 'Router Address Reallocation – DUT attaches
to new partition' (5.1.3) as specified in the test specification.
Summary of changes:
- Implemented Nexus test 5.1.3:
- Added test_5_1_3.cpp: Sets up a Leader, Router_1 (DUT), and Router_2
topology. Uses AllowList to dynamically control connectivity,
verifying that Router_1 reattaches to a new partition formed by
Router_2 after the original Leader is removed. Uses direct core
method calls and avoids magic numbers.
- Added verify_5_1_3.py: PCAP verification script for test 5.1.3,
ensuring MLE Parent Requests, Child ID Requests, and Address Solicit
messages follow the specification.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.3 test executable.
- Updated run_nexus_tests.sh to include 5.1.3 in the default test list.
This commit adds methods to `CoapBase::Metadata` to encapsulate logic
related to initialization, retransmission checks, and updating
retransmission counters. It also renames member variables for brevity
(e.g., `mRetransmissionsRemaining` to `mRetxRemaining`) and moves
`IsObserveSubscription()` to be a method of `Metadata`.
These changes simplify implementation by delegating metadata-specific
operations to the `Metadata` struct itself.
This commit enhances the DHCPv6 PD prefix conflict detection logic
to check against Route Information Options (RIOs) present in received
Router Advertisements, in addition to the existing check against
on-link prefixes (PIOs).
The conflict detection behavior is event-driven to correctly handle
network propagation delays and valid advertisements:
1. On new prefix assignment (`kPdPrefixChanged`): A strict check is
performed. If the prefix matches any existing RIO from another
router, it is flagged as a conflict.
2. On RA table updates (`kRxRaPrefixTableChanged`): The check focuses
on conflict resolution. Crucially, it ignores new RIO matches
appearing after the prefix has been adopted. This is necessary
because once the BR publishes the PD prefix in Thread Network
Data as the OMR prefix, other BRs will naturally start
advertising it as a RIO to announce reachability.
The unit test `TestDhcp6PdConflict` is updated to verify both the
detection of conflict, its resolution, and that the subsequent RIO
advertisements do not cause a conflict after PD prefix is published
as OMR.
This change introduces a new `Seeker` class to encapsulate the logic
for discovering and prioritizing Joiner Router candidates.
The `Joiner` class is updated to use the `Seeker` to perform the
discovery scan. The `Joiner` provides a callback `EvaluateScanResult`
to the `Seeker` to filter and evaluate scan results based on
Steering Data, preserving the existing behavior.
This change separates the discovery mechanism from the `Joiner` state
machine. This simplifies the `Joiner` implementation and facilitates
future enhancements to the joining process.
This commit makes to changes to how the Joiner Router candidates are
tracked or prioritized.
Adds a new Nexus test case for 'Child Address Timeout' (5.1.2) and
performs several refactorings to improve the nexus test framework.
Summary of changes:
- Implemented Nexus test 5.1.2 (Child Address Timeout):
- Added test_5_1_2.cpp: Sets up a Leader, Router (DUT), MED, and SED
topology with restricted connectivity using AllowList. Verifies
that the parent stops responding to Address Queries for children
after their timeout interval expires.
- Added verify_5_1_2.py: PCAP verification script for test 5.1.2.
- Refactored Nexus verification infrastructure:
- Created verify_utils.py: Shared module for common verification
logic, including monkey-patches for CoapTlvParser and
which_tshark, and a generic 'run_main' test runner function.
- Updated verify_5_1_1.py and verify_5_1_2.py to use verify_utils.py,
significantly reducing boilerplate code.
- Cleaned up imports in verify_utils.py by removing unused logging.
- Updated build and execution scripts:
- Modified CMakeLists.txt to build the new 5.1.2 test executable.
- Updated run_nexus_tests.sh to include 5.1.2 in the default test list.
Automates the execution of Nexus tests on CI using Ubuntu 24.04.
The workflow installs necessary dependencies including ninja-build,
tshark, and pyshark to support both simulation and packet-level
verification.
This script provides a unified entry point for executing Nexus C++
simulations and their corresponding Python packet verification scripts.
It supports running individual test cases or a default suite, handles
PCAP logging, and ensures proper error propagation.
The fix moves the necessary includes outside the FTD/MTD conditional block:
- Added explicit include: #include "common/uptime.hpp" is now included
when OPENTHREAD_CONFIG_UPTIME_ENABLE is defined, regardless of
FTD/MTD mode.
- Extended namespace usage: The using namespace ot; directive now
applies when either FTD/MTD is enabled OR uptime is enabled,
ensuring the namespace is available for the uptime functions.
This ensures that when OPENTHREAD_CONFIG_UPTIME_ENABLE is enabled, the
required headers are included even in RADIO mode, allowing the uptime
functionality to work correctly across all device types.
This commit updates `tests/nexus/test_discover_scan.cpp` to use
`MeshCoP::NetworkIdentity` instead of `MeshCoP::ExtendedPanIdManager`.
The latter was renamed in the core codebase, leading to a build
failure in the nexus discovery scan test.
Introduces `OPENTHREAD_CONFIG_MLE_DISCOVERY_SCAN_REQUEST_CALLBACK_ENABLE`
to conditionally compile the MLE Discovery Request callback feature.
Disabling this feature allows for code size reduction on builds where
it is not needed.
A new Nexus test (`test_discover_scan.cpp`) is added to directly
validate the `otThreadSetDiscoveryRequestCallback()` API behavior.
This new test replaces a now-removed CLI-based test which used
(`discover reqcallback`). This CLI command was originally added for
testing purposes. The CLI command is not helpful as an async event
would produce unsolicited output in the CLI. The new direct C++ test
is a cleaner approach.
This commit adds a Python script to perform automated packet verification
for the Nexus test case 5.1.1 (Attaching), following the Thread
certification specification.
Changes:
- Added tests/nexus/verify_5_1_1.py:
- Implements all steps (1-11) of the 5.1.1 test specification.
- Includes a custom CoAP TLV parser to extract Thread-specific fields
(Status, RLOC16, Router Mask) from CoAP payloads.
- Automatically configures Wireshark preferences for decryption
based on the test's JSON output.
- Includes the full test specification as inline comments.
- Updated tests/scripts/thread-cert/pktverify/layer_fields.py:
- Enhanced the _auto parser to handle boolean strings ('True', 'False')
returned by newer versions of tshark, preventing parsing errors
during verification.
This commit updates `RoutingManager` to detect if a delegated DHCPv6
PD prefix conflicts with any on-link prefix advertised on the
infrastructure link.
This protects against potential DHCPv6 server misbehavior and bugs
where the same prefix might be assigned to multiple requesters.
If a conflict is detected, the delegated PD prefix is marked as
conflicted and is no longer used as the OMR prefix. Instead, we
revert to using the locally generated OMR prefix. If the conflict
is resolved, the delegated PD prefix is used again.
A new unit test `TestDhcp6PdConflict()` is added to verify this
behavior.
This commit adds support for writing test_info.json in the Nexus platform.
The test_info.json file contains information about the test topology,
including node names, roles, and addresses. This information is used by
the packet verification framework to verify the behavior of the network.
Changes:
- Added `Core::SaveTestInfo` to `nexus_core.cpp` to write node information to JSON.
- Added `SetName` and `GetName` to `Node` class in `nexus_node.hpp`.
- Updated `test_5_1_1.cpp` to set node names and call `SaveTestInfo`.
This commit adds a new Nexus test case to verify the "5.1.1 Attaching"
scenario from the Thread certification specification.
The test case verifies that:
1. A node can form a network and become a Leader.
2. A second node can join the network and become a Router.
3. Connectivity between the Leader and Router is functional using ICMPv6 Echo
to Link-Local addresses, verifying both roles as DUT.
The test ensures basic network formation and attachment functionality
within the Nexus simulation environment.
This commit enables PCAP output in the Nexus platform by adding a
Nexus::Pcap utility class and integrating it into the Nexus::Core.
PCAP logging can be enabled by setting the OT_NEXUS_PCAP_FILE
environment variable.
This marks a simulation node as 'awake' whenever an event is sent to
it. This is required because the event will induce processing on the
node followed by an alarm-event sent back to the simulator. The
simulator needs to wait to properly catch this final alarm-event;
otherwise, this alarm-event may be mistakenly processed as
confirmation of a newer event that follows later, in case the OT node
process is lagging in processing as may happen typically in CI
environments.
Also the case of unknown event type is now raised as an exception, to
avoid undetected errors in the simulation. This could cause an event
to be not sent to the node at all while the node's time is updated by
the simulator (using `self.devices[port]['time'] = event_time`) as if
the node is up to date on the latest virtual time, which it isn't,
because an event is not sent to the node.
Also fixes a potential undefined local variable 'data' flagged by the
IDE.
This commit introduces `NetworkIdentity` class to track the network
identity parameters, specifically Extended PAN ID, Network Name and
Domain Name.
The new class replaces the `ExtendedPanIdManager` and
`NetworkNameManager` which are removed by this commit.
This change simplifies `extended_panid.hpp` and `network_name.hpp`.
They now contain only basic type definitions (`ExtendedPanId` and
`NetworkName`). This allows these headers to be included in other
modules without pulling in unnecessary header dependencies.
The IEEE 802.15.4 standard specifies that the FCS is a 16-bit ITU-T
CRC calculated over the bits in the order they are transmitted (LSB
first). The previous implementation used the CrcCalculator with the
CCITT polynomial but processed bytes in an MSB-first manner, which is
incorrect for 802.15.4.
This commit updates Radio::Frame::UpdateFcs() to implement the
reflected CRC-16-CCITT algorithm correctly by processing bits LSB-first
using the reflected polynomial 0x8408.
This commit adds IEEE 802.15.4 FCS (Frame Check Sequence) computation
to the Nexus radio driver. Each frame to be transmitted is updated
with the proper CRC16-CCITT before being passed to the simulation.
Motivation for this change is to ensure that frames captured from
the Nexus simulation have a valid FCS, enabling proper decoding and
display in Wireshark when using pcap output.
This commit updates `Coap::ResponseHandler` to use a single
`Coap::Msg` pointer instead of separate `Message` and `MessageInfo`
pointers. The `Msg` class encapsulates both the CoAP message and its
associated IP message info, simplifying the handler signature and
usage.
It retains support for the legacy `otCoapResponseHandler` signature
(which uses separate parameters) for the public API by introducing
`SendMessageWithResponseHandlerSeparateParams`. This ensures that
public APIs like `otCoapSendRequest` continue to work without
breaking changes while allowing internal modules to benefit from the
simplified interface.
It introduces `CoapBase::SendCallbacks` to consolidate the storage and
invocation logic for different callback types, including the new
`ResponseHandler`, the legacy `ResponseHandlerSeparateParams`, and
block-wise transfer hooks.
All internal modules (MLE, MeshCoP, Network Data, etc.) are updated to
define their response handlers using the new `ResponseHandler`
signature with `Msg` input.
This commit adds a `GenerateRandom()` method to the `ExtendedPanId`
class, enabling the generation of a cryptographically secure random
Extended PAN Identifier.
The `ExtAddress` class inherits from `Equatable<ExtAddress>`, which
already provides an `operator==` implementation that compares
the object's memory content.
This commit adds a `@note` to the documentation of
`otPlatInfraIfDiscoverNat64Prefix` functions to make it clear that any
prefix it supplies will have a lower priority than one discovered via
RA PREF64 option (RFC 8781).
This enables the TCAT Commissioner to receive data such as TLS Alerts,
or asynchronously sent 'event' TLVs, over TLS. Processing TLS Alert
is required to detect the sending of Alert by the TCAT Device, which
is a requirement to be verified in cert tests. An async background
process is started to receive and log the received events.
Also some minor improvements in connection state management: when
certain commands are given after the TCAT link is disconnected, or
when a TCAT link could not be established, a message will be printed
to clearly say it's disconnected, instead of a cryptic error. Error
messages are now clearly prefixed with 'Error:'.
The CA certificate store for CommCert3 is extended with an additional
CA certificate, so that it can be verified in cert tests that a TCAT
Device rejects a wrong Commissioner with a TLS Alert (previously this
couldn't be tested).
Also includes a fix of the pyproject.toml such that Poetry does not
display the long warning on installation.
Also includes an improvement of TLV displaying to the user with a
STRING field, if the value is a string.
Also includes some syntax fixes that were flagged by the IDE, such as
missing return types for methods, or member variables that were not
initialized in the __init__().
This commit introduces a new `otMessageClone()` API to create a
full clone/copy of a message.
Additionally, the documentation for the `otUdpReceive` and
`otUdpHandler` callbacks is polished to improve clarity on message
ownership and lifetime.
This updates the Joiner CLI to use the correct VendorInfo data which
is configured in the build or set at runtime. Benefit is that this
data is also length-checked. Previously, the command could fail when
PACKAGE_VERSION was length > 16.
This commit updates `ApplyDirectTxQueueLimit()` to improve how the
direct tx queue handles frame limits.
Previously, when the direct tx queue reached its configured frame
count threshold, the code attempted to remove aged messages. If this
was insufficient, the new incoming message was dropped.
With this change, after attempting to remove aged messages, the code
now attempts to evict an existing lower-priority message (and all its
frames) from the direct tx queue to make room for a new higher
priority message. If no existing message can be evicted (i.e., all
messages are of higher or equal priority), the new message is
dropped.
This commit updates the `CoapBase::Interceptor` function pointer type
to accept `const Msg &` instead of separate `const Message &` and
`const Ip6::MessageInfo &` arguments. It also reorders the `void *`
to match other CoAP callbacks.
Implementations in `BackboneTmfAgent::Filter` and `Agent::Filter`
have been updated to match the new signature.
This commit introduces a new `VendorInfo` class to encapsulate
vendor-related information such as vendor name, model, and software
version.
Previously, these parameters were managed within the `NetworkDiagnostic`
module. Moving them to a dedicated class facilitates sharing and
utilization by other modules across the OT core (e.g., Border Agent,
TCAT, Joiner).
This change simplifies the `Coap::Message` implementation and removes
the fragile `HelpData` struct which was used to cache header
information within reserved portion of message.
The `Coap::Msg` class is updated to hold the parsed CoAP header
information (type, code, message ID, token). It now inherits from a
new `HeaderInfo` class which contains the parsed fields. This change
helps to simplify many of the call sites which previously had to parse
the header information themselves.
The key changes are:
- The `HelpData` struct is removed from `Coap::Message`.
- `Coap::Msg` is updated to track parsed header info in `HeaderInfo`.
- `otCoapMessageInit()` and `otCoapMessageInitResponse()` now return an
`otError`.
- Methods are renamed to harmonize their names.
- A new unit test `test_coap_message.cpp` is added to verify the
`Coap::Message` implementation.
This commit updates `Mpl::ProcessOption()` to skip MPL processing on
Sleepy End Devices (SEDs) as an optimization. Along with this it
introduces a check to prevent SEDs from processing their own
multicast messages.
Since MPL is now skipped on SEDs, they no longer have a mechanism
for multicast duplicate detection. This can cause an issue when an
SED sends a multicast message to a group it is subscribed to, as its
parent can forward the message back to the SED.
To handle this, `Ip6::DetermineAction()` is updated. For SEDs, it now
checks if the source address of a subscribed multicast message
belongs to the device itself. If it does, the message is not
received, preventing the SED from processing its own looped-back
messages.
The behavior for non-sleepy devices remains unchanged. They continue
to rely on MPL for duplicate suppression.
A default OTNS platform API function otPlatOtnsStatus() is now
provided that writes the status push to the log always (regardless of
configured log level). This is useful as a default handling for apps
built with -DOT_OTNS=ON, avoiding linker errors while not mandating
each platform to implement the API by itself.
Specifically it enables the Posix CLI app ot-cli to be built with OTNS
support, which is required to run Posix nodes in OTNS and receive the
status-push events via stdout logging.
The logging is emitted from the module named "Otns" so that a
simulator or other tool can easily detect the OTNS format status push
events in the log output.
This change moves the TLV value reading logic from static methods in
the `Tlv` class to member methods of the nested `Tlv::Info` class.
The new methods `Tlv::Info::ReadValue()`, `Tlv::Info::ReadStringValue()`,
`Tlv::Info::ReadUintValue()`, and the templated `Tlv::Info::Read<T>()`
operate on an existing `Tlv::Info` object that has already parsed a
TLV from a message.
This improves the API design by having the read operations use the
pre-parsed and validated state within a `Tlv::Info` instance. It
avoids the need to pass the TLV offset to read functions and
eliminates redundant re-parsing of the TLV header on each read,
making the code cleaner and more efficient.
The previous static methods `Tlv::Read<T>()`, `Tlv::ReadStringTlv()`,
and `Tlv::ReadUintTlv()` are removed, and all call sites are updated
to the new pattern.
Refactors the example CLI app and the CLI module code to provide a
default implementation of the 'APP' log output option for any CLI
apps. This default is used when log output is configured to 'APP'
output and the CLI application itself does not provide its own
implementation of `otPlatLog()`.
This extends the current logging option (syslog) for the Posix app
ot-cli with the option to direct the log output to the CLI app, which
then prints it in stdout. This logging option can be enabled using the
existing -DOT_LOG_OUTPUT=APP. Previously, this gave a build error for
the Posix platform. This logging method is useful/required for running
NCPs in OTNS, such that the simulator can capture all log output and
at the same time syslog is not overly burdened on the host machine.
This change renames `Tlv::ParsedInfo` to `Tlv::Info` to make it more
concise and to better reflect its purpose as a metadata holder for a
TLV in a message.
The member variables of `Tlv::Info` are made private and public
accessor methods are introduced to interact with the object's
contenet. This helps ensure that the internal representation of the
parsed TLV information is not modified directly by external modules.
All existing caller are updated to use the new name and the public
helper getter methods.
The Doxygen comments of `Tlv::Info` are also improved for better
clarity. Unit test `test_tlv` is also updated to validate all the
new methods.
When `OPENTHREAD_CONFIG_REFERENCE_DEVICE_ENABLE` is active, this
change mandates that the vendor name string MUST begin with the "RD:"
prefix. This ensures that reference devices are clearly and
consistently identifiable through network diagnostic queries.
The enforcement is applied at two levels:
- A compile-time `static_assert` is added to validate the default
`OPENTHREAD_CONFIG_NET_DIAG_VENDOR_NAME` at build time. This uses a
new `constexpr` helper utility `CheckConstStringPrefix()`.
- A runtime check is added to `otThreadSetVendorName()`, which will
now return `OT_ERROR_INVALID_ARGS` if an invalid name is provided
on a reference device build.
All related test configurations (`scan-build`, `toranj`, `nexus`) and
CLI tests are updated to reflect this new requirement and validate
it.
Radio recovery that does not fully reset the firmware leads to tables
filling up with duplicate entries. After a few resets, future resets no
longer work. Clearing the tables before inserting entries allows for
their state to be consistent during recovery.
Group mbedTLS configuration macros into logical sections and improve
formatting.
This commit helps prepare for PSA API backend introduction.
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
This change separates the Connectivity TLV value format from its
logical structure by introducing `ConnectivityTlvValue` (raw format)
and `Connectivity` (parsed info). This replaces the `ConnectivityTlv`
class and enables value format sharing between MLE and Network
Diagnostics (without improper TLV inheritance).
It also updates `ParentCandidate` to use the new `Connectivity` class
for better field encapsulation. It also updates `ConnectivityTlvValue`
parsing to handle optional fields and enforce spec-defined minimums
for these fields.
Replace the include of `<openthread/platform/memory.h>` with
`<openthread/platform/crypto.h>` in the mbedTLS config header file.
Recent PR #12290 introduced `otPlatCryptoCAlloc()` and
`otPlatCryptoFree()` platform APIs and updated the mbedTLS config to
use them. This commit ensures the correct header is included to
prevent build errors regarding use of undeclared functions
(e.g. "error: use of undeclared identifier 'otPlatCryptoCAlloc'").
The router processes its child table every second. After a child
gracefully detaches, wait some time to ensure that the router has
processed the child table entry.
This change simplifies the TLV parsing logic within the
`Client::GetNextDiagTlv()` method.
The manual parsing of basic and extended TLVs is replaced by using the
`Tlv::ParsedInfo` helper method. This encapsulates the parsing
logic, making the `GetNextDiagTlv()` method cleaner and easier to
follow.
Additionally, the `TlvInfo` typedef is renamed to `DiagTlv` to
prevent any confusion with the new `Tlv::ParsedInfo tlvInfo` variable
and to better reflect its purpose.
This commit enhances the parsing of discovery response messages in
`DiscoverScanner::HandleDiscoveryResponse()`.
The parsing logic is updated to first restrict the message to the
content of the `Discovery` TLV. This allows for a simpler and more
robust processing of the nested MeshCoP sub-TLVs. Instead of looping
through all sub-TLVs, the new approach directly looks for each expected
sub-TLV.
This change provides a clearer distinction between required TLVs
(`DiscoveryResponseTlv`, `ExtendedPanIdTlv`, `NetworkNameTlv`) and
optional ones. The handling of optional TLVs like `JoinerUdpPortTlv`
and `SteeringDataTlv` is improved to explicitly manage the case where
they are not found.
Additionally, this commit includes minor cleanups to `SteeringDataTlv`
to simplify its implementation.
This commit introduces `Coap::Msg`, a class that encapsulates
`Coap::Message` and its associated `Ip6::MessageInfo`.
`Coap` methods and TMF resource handlers are updated to use
`Coap::Msg` when handling received messages. This change simplifies
method signatures by reducing the number of parameters and enables
future extensibility for tracking additional information related to
received CoAP messages.
This commit introduces two new platform functions:
- otPlatCryptoCAlloc()
- otPlatCryptoFree()
It also provides a default implementation using the OpenThread Heap.
This API is necessary for the upcoming work related to PSA API
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
This commit introduces `LeaderDataTlvValue` as a distinct type to
represent the content of a Leader Data TLV. This allows the same value
format to be shared between the MLE and Network Diagnostic modules.
Previously, `NetworkDiagnostic::LeaderDataTlv` inherited from
`Mle::LeaderDataTlv` to reuse the implementation of the value format.
This inheritance was semantically incorrect, as a Network Diagnostic
TLV is not a specialization of an MLE TLV. The new approach of using
a shared `LeaderDataTlvValue` type provides a cleaner and more
accurate design.
With this change, `LeaderDataTlv` in both modules is now defined as a
`SimpleTlvInfo` type. This enables replacing manual TLV manipulation
with the generic `Tlv::Append<T>()` and `Tlv::Find<T>()` helpers,
making the code at the call sites cleaner and less error-prone.
This change simplifies `DiscoveryRequestTlv` and `DiscoveryResponseTlv`
generation and processing.
New types `DiscoveryRequestTlvValue` and `DiscoveryResponseTlvValue` are
introduced to represent the value (payload) of these TLVs. This s
simplifies the call sites by using the generic `Tlv::Append<T>()` and
`Tlv::Read<T>()`.
This change introduces a new build-time configuration flag,
`OPENTHREAD_CONFIG_JOINER_ADV_EXPERIMENTAL_ENABLE`, to control the
inclusion of the experimental Joiner Advertisement feature.
This behavior was first added in PR #5299. It allows optional
inclusion of a newly proposed Joiner Adv TLV in an MLE Discovery Scan
Request message.
This is an experimental feature and is not part of the Thread
specification. OpenThread's implementation is limited and partial: it
only provides the mechanism for a Joiner to include a new Joiner Adv
TLV in its emitted Discovery Scan Request messages, but does not
include the corresponding logic for the receiver of Scan Request to
read or parse this TLV.
The new flag conditionally compiles this behavior. It allows for the
entire feature to be compiled out, reducing code size and memory
usage for devices that do not require this experimental
functionality. Additionally, this change clarifies the experimental
status of the feature in the documentation.
By default, this is now disabled. It is enabled under posix build for
`toranj` tests so that it is covered in GitHub CI.
This change updates the netlink message handling for the infra link on
the POSIX platform to be more robust and efficient for `RTM_NEWLINK`
and `RTM_DELLINK` messages.
The logic for handling infra index changes is:
1. On `RTM_DELLINK`, the code verifies `ifinfo->ifi_index` is for the
currently infra index `mInfraIfIndex`.
2. On `RTM_NEWLINK`, it identifies the infra by its name
`if_indextoname(ifinfo->ifi_index)` and updates `mInfraIfIndex`.
There was a mistake with the ot_option macro usage. It shall not
contain `,` between arguments.
Signed-off-by: Arkadiusz Balys <arkadiusz.balys@nordicsemi.no>
This change introduces two new CLI commands to the Border Agent module
for managing Thread Administration One-Time Passcodes (TAPs).
The new commands are:
- `ba ephemeralkey generate-tap`: This command generates and outputs a
cryptographically secure random TAP string. Note that it does not
start ephemeral key use with this TAP string.
- `ba ephemeralkey validate-tap <keystring>`: This command validates a
given TAP string by checking its length, character set, and the
Verhoeff checksum.
The change also includes documentation updates and a new test case to
verify the functionality.
The `SteeringData` class and its related methods are moved from
`meshcop.hpp` and `meshcop.cpp` to new dedicated files
`steering_data.hpp` and `steering_data.cpp`.
This change addresses a circular include dependency issue, allowing
`SteeringData` to be included more easily in other parts of the
codebase, such as `meshcop_tlvs.hpp`, without requiring forward
declarations or pulling in unnecessary dependencies from the larger
`meshcop.hpp` header.
This commit introduces a new `otCoapToken` struct and a corresponding
`Coap::Token` class to provide a clear and type-safe representation
of a CoAP message token.
The CoAP APIs are updated to use these new types, replacing the use
of raw `uint8_t` pointers and separate length parameters. This
encapsulation enhances robustness and reduces the potential for
errors in token handling.
The following new APIs are added:
- `otCoapMessageReadToken()`
- `otCoapMessageWriteToken()`
- `otCoapMessageAreTokensEqual()`
Importantly, several older APIs are now marked as deprecated (some
returned pointers directly into `otMessage` data which is unsafe).
While these APIs remain supported for now, their use is discouraged,
and applications should migrate to the new APIs. Deprecated APIs:
- `otCoapMessageGetTokenLength()`
- `otCoapMessageGetToken()`
- `otCoapMessageSetToken()`
The internal implementation is updated to utilize the new `Token`
class, and the CLI implementation is updated to use the new public
APIs. Additionally, Doxygen documentations are updated for the new
and updated APIs.
This commit fixes incorrect return type in doxygen generated doc by
telling doxygen `OT_TOOL_PRINTF_STYLE_FORMAT_ARG_CHECK` should be
expanded. Doxygen got confused with macros following function
declarations.
This commit adds the nullptr check in `SettingsFile::SetSettingsPath`.
If the nullptr is passed to `SettingsFile::SetSettingsPath`, it will
set the settings path to a default path
(OPENTHREAD_CONFIG_POSIX_SETTINGS_PATH).
This commit improves the structure and readability of the CoAP public
API header(`coap.h`) and its implementation (`coap_api.cpp`).
- Reorganizes function and type declarations in `coap.h` and their
corresponding definitions in `coap_api.cpp` into logical groups to
improve clarity. For example, group all block-wise transfer APIs
together. There is no change to the API documentation.
- Moves the definitions of several `static inline` functions
(e.g., `otCoapSendRequest`, `otCoapSendResponse`, and block-wise
transfer variants) from `coap.h` to `coap_api.cpp`.
- Updates `otCoapOptionContentFormat` enum comments to use the `///<`
style for better consistency and alignment.
This commit enables the format-nonliteral check for code missed in
`#12236`. This commit also enables the format-nonliteral warnings in
CMake to catch such warnings in future in CMake build.
This change enhances the CoAP message implementation by enhancing
the nested `Message::Header` class.
This class encapsulates the logic for parsing and managing CoAP
header fields, including version, type, token, code, and message ID.
The main `Message` class methods are updated to delegate header
manipulation to the `Header` class.
The direct bitwise operations for header fields are replaced with the
`ReadBits<>()` and `WriteBits<>()` utility functions for better
clarity and maintainability.
This commit adjusts how the `MAC Mode2 key` is cleared to avoid
invalidating it in certain runtime flows.
In the previous behavior, when the OpenThread instance is initialized,
Mac is constructed and sets the Mode2 key. If
otInstanceErasePersistentInfo is called afterwards, the call chain
reaches KeyManager::DestroyTemporaryKeys(), where the Mode2 key is
cleared. However, there is no subsequent point where the Mode2 key is
re-set. If Thread is then enabled and a frame using Key ID Mode 2 is
received, the Mode2 key remains invalid, which can lead to incorrect
behavior.
To fix this, this commit removes the Mode2 key clearing from
`KeyManager::DestroyTemporaryKeys()` and clears the Mode2 key in the
Mac destructor. This ensures that the Mode2 key stays valid for the
lifetime of the Mac (and thus the OpenThread instance) after
initialization, and is only cleared when Mac is destroyed.
This commit introduces a new `DefineEnumStringArray` macro to simplify
the conversion of enums to their string representations. This
utility uses the X-Macro pattern to generate a `constexpr` lookup
array and validates the enum-to-string mapping at compile time using
`static_assert` checks.
This approach replaces a more verbose and error-prone pattern that
required manual definition of a string array and a separate code for
validation.
This commit enhances the CoAP block-wise transfer implementation by
removing the `BlockWiseData` struct within `Message::HelpData` and its
associated getter/setter methods (e.g., `GetBlockWiseBlockNumber()`,
`SetBlockWiseBlockNumber()`). The `Message` object is no longer
responsible for carrying temporary state related to block-wise transfers,
addressing the fragility of the previous design which used the reserved
header portion of the `Message` to store these properties.
A new `BlockInfo` struct has been introduced to cleanly encapsulate the
three pieces of information from a Block option: `mBlockNumber`,
`mBlockSzx` (size exponent), and `mMoreBlocks` flag. It also includes
utility methods like `GetBlockSize()` and `GetBlockOffsetPosition()` to
simplify calculations.
All methods involved in block-wise transfers in `coap.cpp` (e.g.,
`ProcessBlockwiseSend`, `SendNextBlock1Request`) have been updated to
use the new `BlockInfo` struct. They now create local `BlockInfo`
variables and call `ReadBlockOptionValues()` to populate them.
This commit also includes minor cleanups and improvements:
- "Block size" is now used consistently instead of block length (e.g.,
`kMaxBlockLength` is renamed to `kMaxBlockSize`).
- `OffsetRange` is now used to read the payload in
`SendNextBlock2Request` and `ProcessBlock1Request`, simplifying the
code.
This commit extracts observe-related logic from several methods into
new dedicated helper functions `ProcessObserveSend()` and
`IsObserveSubscription()`.
This change improves the clarity and maintainability of the main CoAP
methods:
- `SendMessage()` now delegates observe cancellation logic to
`ProcessObserveSend()`.
- `ScheduleRetransmissionTimer()` and `HandleRetransmissionTimer()`
use the new `IsObserveSubscription()` helper to determine if a
pending request is an active subscription that should not time
out.
- `ProcessReceivedResponse()` is simplified by separating the control
flow for observe notifications from multicast responses.
This commit allows users to pass the settings path through a command
line flag (`--data-path`) when starting the daemon / cli.
- It introduces `ot::Posix::PlatformSettingsGetPath()` and
`ot::Posix::PlatformSettingsSetPath` to unify the method of getting
/ setting the settings file path.
- If users doesn't not set this flag, the settings path will be
default to OPENTHREAD_CONFIG_POSIX_SETTINGS_PATH.
Introduces a new helper `Tlv::AppendEmptyTlv()` and a templated
version `Tlv::AppendEmpty<TlvType>()` to simplify appending empty TLVs
to a message.
This avoids repetitive manual construction of empty TLVs in different
parts of the codebase.
This commit introduces a new set of static methods to simplify
writing TLVs with variable lengths to a `Message`.
The new mechanism consists of three methods:
- `Tlv::StartTlv()`: Appends a placeholder TLV header and returns a
`Bookmark`.
- `Tlv::AdjustTlv()`: Optionally promotes the TLV to an extended TLV
if the length grows beyond the standard TLV limit. This is an
optimization to avoid large copies within a message.
- `Tlv::EndTlv()`: Calculates the final length and updates the TLV
header, promoting to an extended TLV if necessary.
This new set replaces the common but cumbersome pattern of manually
saving the start offset, appending data, and then back-patching the
length field.
The existing code is updated to use this new, simpler, and more
robust mechanism.
This commit also adds unit tests to validate the new functionality.
Increase the simulation wait time from 2 to 5 seconds in the
`test_mle_msg_key_seq_jump` after child restart.
This larger time window accounts for randomness in the timing of the
Child Update transmission. This makes the test more robust by ensuring
the child has sufficient time to send its "Child Update Request".
This change reorganizes the CoAP blockwise transfer implementation to
improve code structure and readability.
The logic for handling blockwise transfers is extracted from
`ProcessReceivedRequest()` and `ProcessReceivedResponse()` into two new
private helper methods: `ProcessBlockwiseRequest()` and
`ProcessBlockwiseResponse()`.
This separation makes the main request and response processing methods
simpler and more focused on their primary role, delegating the
complexities of blockwise transfers to dedicated functions.
Additionally, this change introduces `Message::UriPathStringBuffer` as a
`typedef` to provide a clear and consistent type for handling URI path
string buffers.
This commit introduces a new generic method `Tlv::ValidateStringValue()`
to provide a unified way of validating string values intended for use
in string-valued TLVs.
This new method checks that a given C string is a valid UTF-8 string
and that its length does not exceed the maximum length defined by the
`StringTlvType`.
The `Joiner::Start()` method is updated to use this new validation
method, which simplifies the code by replacing several explicit and
repetitive checks. This improves code clarity and maintainability by
centralizing the string validation logic.
This commit also adds missing validation for `aVendorModel` in
`Joiner::Start()`
This commit contain style fixes for the `Joiner` for improved
clarity and consistency. Changes include:
- Rename `mCallback` to `mCompletionCallback` and introduce a new
`CompletionCallback` typedef for `otJoinerCallback` to more clearly
indicate its purpose.
- Improve Doxygen comments for the `State` enum to make them more
descriptive.
- Replace the use of `OPENTHREAD_CONFIG_JOINER_MAX_CANDIDATES` macro
with a new private constant `kMaxJoinerRouterCandidates`.
- Reorder private method and member variable declarations in
`joiner.hpp` to follow a more consistent style.
This commit simplifies the block-wise transfer implementation within
`CoapBase::SendMessage()`.
It extract the logic for handling the initial block of an outgoing
block-wise transfer from `CoapBase::SendMessage()` into a new private
method, `ProcessBlockwiseSend()`. This improves readability and
maintainability while removing code duplication when processing
block-wise sends for different message types.
It also cleans up `coap.hpp` by consolidating several declarations
related to block-wise transfers under a single
`OPENTHREAD_CONFIG_COAP_BLOCKWISE_TRANSFER_ENABLE` block.
This change improves the internal implementation of CoAP block-wise
transfers.
Introduces an internal `Coap::BlockSzx` enum to mirror the public
`otCoapBlockSzx` enum, improving the separation between the API and
the implementation. All internal functions are updated to use the new
`BlockSzx` enum.
The logic from `otCoapBlockSizeFromExponent()` is moved into a new
core `Coap::BlockSizeFromExponent()` function. The public function
becomes a simple wrapper.
A new helper function, `CoapBase::DetermineBlockSzxFromSize()`, is
added to replace a `switch` statement, simplifying the logic for
determining block size from a given buffer length.
`ResourceBlockWise` is updated to inherit from `LinkedListEntry`,
aligning it with the common pattern used for managing resource lists.
This commit introduces enhanced format string checking. It activates a
new compiler warning to identify potential issues with non-literal
format strings and systematically applies format attribute macros to
functions that handle variable arguments.
This commit simplifies the validation of `Coap::TxParameters`.
The primary `SendMessage()` method is updated to accept `TxParameters`
as a pointer, where `nullptr` is mapped to the default `TxParameters`.
The user-provided `TxParameters` are now validated in the primary
`SendMessage()` method by calling `TxParameters::ValidateFor()` replacing
checks previously performed in `coap_api.cpp` source file.
This commit also adds a set of `static_assert()` checks to validate the
default `TxParameters` at compile-time, ensuring all its properties are
within valid ranges and that duration calculations will not cause
an overflow.
This approach simplifies the API by removing the `TxParameters::From()`
helper and centralizes `TxParameters` selection and validation logic
within the core `CoapBase` class.
This commit improves the accuracy of CSL timer fire time by taking
into account the accuracy drift introduced between the current CSL
window and next CSL window.
Original implementation:
- calculate CSL window edges based on current elapsed time
- CSL window edges used to obtain next CSL timer fireAt time
- does not account for additional drift due to accuracy from now until
next CSL window
- undesired outcome: if CSL period is large (e.g. 10s) and accuracy is
poor (e.g. 200ppm), then the additional accuracy drift could be
significant (e.g. 2ms) and the SSED may wake up too late
Suggested implementation:
- calculate the additional expected drift between now and next CSL
window (i.e. periodUs) and account for this difference by setting
CSL timer to fireAt earlier
This commit introduces a new script `update-header-guards.py` which
checks for the presence of header guards in `.h` and `.hpp` files and
automatically updates them, standardizing the header guard name format
across the codebase.
The new format for header guards is derived from the full path of the
file. For example, `src/core/common/notifier.hpp` will use
`OT_CORE_COMMON_NOTIFIER_HPP_`. The guard name includes additional
prefixes such as `OT_` or `OPENTHREAD_` to ensure uniqueness.
This new naming format handles cases where the same filename may be used
in different folders, such as the two `heap.hpp` files located in
`src/core/common` and `src/core/utils`.
It also ensures that public and platform OpenThread headers under
`include/openthread` have uniquely distinct header guard names to avoid
conflicts when these headers are included in other projects.
The new script helped identify issues with existing header files that
lacked header guards (e.g., `posix/system.hpp`) or had improper guards
(e.g., `openthread/link_metrics.h`).
This commit also introduces a new check script `check-header-guards` to
validate that all header guards are correctly formatted. This check is
added to the GitHub CI actions to ensure consistency moving forward.
All existing header files have been updated (using the new script)
to apply the new guard name format.
This commit reorders block-wise related methods in both header and
source files to group them within the same `#if` block. This is a
purely stylistic change to improve code organization and readability
and do not alter any functionality.
This commit updates `Server::PrepareAndSendAnswers()` to utilize
`Tlv::ParsedInfo` for more robust TLV parsing and validation. This
ensures correct validation and size calculation for both standard and
extended TLVs when iterating over TLVs through the received message.
This change also adds an explicit check to skip over extended TLVs,
ensuring the implementation correctly handles cases where extended
TLVs may be present.
This change improves the design and implementation of the CoAP response
caching mechanism.
The main changes are:
- `ResponsesQueue` is renamed to `ResponseCache` to better reflect its
purpose.
- `ResponseCache` is moved to be a private nested class within
`CoapBase` to improve encapsulation.
- The responsibility of sending a cached response is moved into the
`ResponseCache` class. A new `SendCachedResponse()` method handles
finding, cloning, and sending the cached response, which simplifies
the `ProcessReceivedRequest()` method in `CoapBase`.
- Method names within `ResponseCache` are updated for better clarity
(e.g., `DequeueAllResponses()` to `RemoveAll()`).
- Comments are updated to align with the new design.
This change results in a cleaner design with better-defined
responsibilities for the `ResponseCache` and `CoapBase` classes.
This change introduces new overloads for `Coap::SendMessage()` that
accept an `OwnedPtr<Message>`, transferring ownership of the message
to the CoAP layer upon being called.
The modules `BorderAgent` and `Commissioner` are updated to use this
new method. The use of `OwnedPtr<Message>` simplifies the message
allocation and cleanup. This removes the need for manual clean up
calls(e.g., `FreeMessageOnError()`) and makes the code safer.
This commit introduces a new public NAT66 related API function,
`otNat64StateToString()`, to convert an `otNat64State` enum value
into a human-readable string.
The `nat64 state` CLI command is updated to use this new function,
removing its local and duplicated enum-to-string logic.
This commit adds a compile-time check to ensure that
the Linux kernel version is 4.18 or newer for prefix
route metric as `IFA_RT_PRIORITY` attribute for netlink
messages was introduced in v4.18.
`OPENTHREAD_POSIX_CONFIG_INSTALL_OMR_ROUTES_ENABLE` can
be an alternative for prioritizing Off-Mesh-Routable (OMR)
prefixes for older kernels.
This commit enhances the `TestMessage()` unit test by parameterizing
it to run with various reserved length values. The test is now
executed in a loop with a set of different headroom reservation
values.
This change improves test coverage for the `Message` class by
verifying that all its core operations function correctly when
messages are allocated with various initial reserved header lengths.
This commit moves the implementation of `InvokeResponseFallback()` to
the `cpp` file. It also ensures that the implementation follows the
style guide requirement of single `return` from any method/function.
This commit introduces `SafeMultiply()` in `num_utils.hpp` as a
centralized and safe way to multiply two unsigned integers while
checking for overflow.
It updates `Coap::TxParameters::IsValid()` to use this new helper for
validating `TxParameters`, replacing a less robust local `Multiply`
implementation.
It also updates `Heap::CAlloc()` to use this function for safely
calculating the total allocation size.
Unit tests are updated to verify `SafeMultiply()` implementation.
This change moves all public APIs related to the Border Agent's
ephemeral key feature out of `border_agent.h` and into a new,
dedicated header file `border_agent_ephemeral_key.h`.
The corresponding C API implementations are also moved from
`border_agent_api.cpp` into a new dedicated
`border_agent_ephemeral_key_api.cpp` file.
This improves the organization and modularity of the public API,
making the codebase easier to navigate and understand.
This change moves the CLI implementation for the Border Agent from
the main `cli.cpp` into a new dedicated `Ba` class within
`cli_ba.cpp` and `cli_ba.hpp`.
The new `Ba` module is integrated into the main `Interpreter` class,
following the same pattern used by other CLI modules such as `Bbr`
and `Br`. This improves code organization and modularity, making the
CLI codebase easier to navigate and maintain.
The functionality of the `ba` commands remains unchanged.
This commit enhances the build process by introducing a mechanism to
automatically clean intermediate build artifacts. Specifically, it
configures the build script to remove object and archive files, a
process that is conditionally activated, primarily within GitHub
Actions workflows, to optimize build environments and manage disk
space more efficiently.
This commit clarifies the expected platform behavior for handling a
DNS upstream query cancellation.
The previous documentation was inconsistent. The documentation of
`otPlatDnsStartUpstreamQuery()` incorrectly stated that the platform
must not call `otPlatDnsUpstreamQueryDone()` on a cancelled
transaction, while the opposite was mentioned in
`otPlatDnsCancelUpstreamQuery()`.
This is now corrected to state that the platform MUST always invoke
the `otPlatDnsUpstreamQueryDone()` callback for every
`otPlatDnsStartUpstreamQuery()`, even if the query is cancelled using
`otPlatDnsCancelUpstreamQuery()`.
This commit enhances the robustness of interface management with two
improvements:
1. The `SendIcmp6Nd` function now explicitly handles `EADDRNOTAVAIL`
and `ENODEV` errors from the `sendmsg()` system call. These errors
often indicate that the interface is down or has lost its
addresses. Upon that, we trigger an immediate re-evaluation of the
interface's state by calling `otPlatInfraIfStateChanged()`.
2. The `GetFlags` function has been updated to also verify mInfraIndex
and mInfraName not changed.
This commit introduces new APIs to handle Thread Administration
One-Time Passcodes (TAP).
The new `otBorderAgentEphemeralKeyGenerateTap()` API generates a
cryptographically secure 9-character TAP string. This consists of
eight random numeric digits and a final check digit calculated using
the Verhoeff algorithm for error detection.
The corresponding `otBorderAgentEphemeralKeyValidateTap()` API
validates a given TAP string by checking its length, ensuring it
contains only digits, and verifying the Verhoeff checksum.
A new test is added to ensure the correctness of both the generation
and validation logic, covering success and failure scenarios.
This commit introduces a client/server mechanism to the History
Tracker module. This allows a device to query history information
from another device over the Thread network using TMF messages.
The new functionality is composed of three main parts:
- Server (`HistoryTracker::Server`): This component is responsible for
handling incoming TMF query requests (`h/qy`). It collects the
requested local history entries (e.g., Network Info), formats them
into TLVs, and sends them back to the requester in one or more TMF
answer messages (`h/an`). It can fragment large responses into
multiple messages.
- Client (`HistoryTracker::Client`): This provides a new public API
(`otHistoryTrackerQueryNetInfo`) to send a query to a remote
device. It handles sending the request and processing the received
answer(s), passing the retrieved history entries to the user via a
callback. A function to cancel an ongoing query
(`otHistoryTrackerCancelQuery`) is also added.
- TLVs (`history_tracker_tlvs`): New TLVs are defined for the
query/answer protocol, including `RequestTlv` to specify the query
parameters, `AnswerTlv` to manage multi-message responses,
`NetworkInfoTlv` to carry the data, and `QueryIdTlv` to correlate
requests and responses.
A new CLI command, `history query netinfo`, is added to use the new
client API. The existing `history netinfo` output logic is refactored
into helper methods to be shared by both the local and remote history
commands.
The new feature can be enabled/disabled using two new configuration
flags:
- `OPENTHREAD_CONFIG_HISTORY_TRACKER_SERVER_ENABLE`
- `OPENTHREAD_CONFIG_HISTORY_TRACKER_CLIENT_ENABLE`
This commit disables Discovery Proxy in otbr Backbone CI.
Because in this item, `BORDER_ROUTING` is explicitly disabled and it
is required by OT discovery proxy.
This commit removes `"-DOTBR_DNS_UPSTREAM_QUERY=ON"` in build script
because this option will automatically handled in the cmake options
file and it also depends on BORDER_ROUTING. Force it to be ON will
cause a conflict when BORDER_ROUTING is OFF.
This commit updates `RxMessage::Init()` to handle failures when
reserving capacity for the questions array. Previously, an allocation
failure would trigger an assertion.
By switching to `SuccessOrExit`, the method can now gracefully handle
the allocation failure by returning an error and dropping the
message. This aligns with the general error handling strategy for
received messages and makes the implementation more robust against
out-of-memory conditions.
This commit fixes an issue with `Utils::Heap::CAlloc()` method. This
method performs a multiplication of `aCount` and `aSize` input and
then casts the result to `uint16_t`. This commit adds a check to
ensure that this conversion does not result in an integer overflow,
which would cause the size to warp to an unexpected smaller value.
This change adds `EvictActiveCommissioner()` to the Border Agent,
which sends a `LeaderKeepAlive` TMF message with a `StateTlv` of
`kReject` to the Leader, causing the current active commissioner
to be evicted.
The feature is exposed through:
- A new public C API `otBorderAgentEvictActiveCommissioner()`.
- A new CLI command `ba evictcommissioner`.
The entire feature is guarded by a new configuration flag,
`OPENTHREAD_CONFIG_BORDER_AGENT_COMMISSIONER_EVICTION_API_ENABLE`,
which is disabled by default.
This provides an administrator-level tool to remove a stale or
misbehaving commissioner, which is particularly useful when the
commissioner is connected through a different border agent and cannot be
managed locally.
A new test is also added to verify the eviction behavior.
This commit introduces validation for names provided to mDNS browser,
resolver, and querier start and stop functions.
New `ValidateNamesIn()` overloads are added to check the validity of
service types, instance names, and host names passed to APIs like
`otMdnsStartBrowser()`, `otMdnsStartSrvResolver()`, etc.
This commit introduces a set of public APIs to allow manipulation
of `otSteeringData`. The new APIs are provided when the configuration
`OPENTHREAD_CONFIG_MESHCOP_STEERING_DATA_API_ENABLE` is enabled.
The internal `SteeringData` is also improved to enhance robustness.
Methods such as `Init()`, `UpdateBloomFilter()` now return an `Error`
to signal failures on invalid arguments (e.g., invalid length)
instead of asserting.
This commit allows users to pass the POSIX TUN device path
through a command line flag when starting the daemon / cli
when `OT_PLATFORM_NETIF` is enabled.
This commit introduces two new macros, `DeclareTmfResponseHandlerIn`
and `DeclareTmfResponseHandlerFullParamIn`, to simplify the
definition of TMF/CoAP response handlers.
These macros generate the boilerplate code for the `static` callback
method within a class and delegate the call to a non-static member
method with the same name. This removes the repetitive pattern of
manually defining the `static` wrapper in each class.
The existing response handlers across various core components are
updated to use the new helper macros.
This commit removes the build-time check for the order of the `Uri`
enum values. This check is now redundant as the `static_assert` calls
added in #12017 use `AreConstStringsEqual()` to validate the
correctness of the `kEntries` array, ensuring that each URI path is
correctly associated with its corresponding enum value.
This change introduces the Multi-AIL (Adjacent Infrastructure Link) detection state into the Border Agent's state bitmap, which is advertised in the MeshCoP service TXT data.
The new state is encoded in the `sb` (state bitmap) key and has the following values:
0: Multi-AIL detection is disabled.
1: Multi-AIL detection is enabled, but not detected.
2: Multi-AIL detection is enabled, and is detected.
Updates in error handling to ensure that recoverable BLE errors are
logged, failures don't lead to partial TLVs being generated or
processed, and internal allocation failures lead to a GeneralError
status response back to the TCAT Commissioner. In case of likely
unrecoverable TLV damage, or cases where the GeneralError status
response even couldn't be generated, the secure TLS connection is
closed (Disconnect).
BLE ATT MTU handling is updated to use default MTU 23 if fetching the
MTU fails; and more clear check on min MTU. If the platform reports a
very high MTU (above max) this is not seen as an error, but BleSecure
will simply uses the highest usable MTU that it has configured,
whether the platform's report is correct or not.
Close#11536
This change improves type safety and code clarity when handling uptime
values. It introduces two new named types in the `ot` namespace:
- `UptimeMsec`: representing uptime in milliseconds (`uint64_t`)
- `UptimeSec`: representing uptime in seconds (`uint32_t`).
To complement this, the `Uptime` class is renamed to `UptimeTracker` to
clarify its role as the entity that tracks uptime.
The methods within `UptimeTracker` and member variables and parameters
throughout the codebase are updated to use these new, more descriptive
types instead of generic integer types.
Additionally, `UptimeToString()` is now a free function within the `ot`
namespace.
This commit adds a new method, `MergeBloomFilterWith()`, to
`SteeringData` to allow combining two Bloom filters.
The method performs a bitwise OR operation between the current
Steering Data Bloom filter and a given one. It handles cases where
the given filter to merge has a shorter length than the target Bloom
filter. It requires the target filter's length to be a multiple of
the source's length.
A new unit test, `TestSteeringDataBloomFilterMerge()`, is included to
validate the merge logic with various filter length combinations.
This commit introduces a session index tracked by each session
(`CoapDtlsSession`) to uniquely identify sessions in log messages.
The `Manager` now maintains a counter to assign a new index to each
session upon allocation.
Logs are added to track the lifecycle of a session (allocation,
connection, disconnection, deletion, and timeout), with each event
including the session's unique index.
A new templated helper, `Log<kUri>()`, is added to standardize logging
for TMF messages, including response handling. The session index is
included in such logs to provide clearer insight into the processing
of specific TMF commands by Border Agent sessions.
When the CSL feature is first enabled on a child device, the
OpenThread stack starts CSL sampling before sending the Child Update
Request packet. The last CSL sync sample time, initialized as `0`, is
updated only when the Child Update Request is sent. However, since CSL
sampling begins earlier, the first CSL receive operation calculates
the elapsed time in `GetCslWindowEdges` using `0` as the last sync
time.
Similarly, when CSL parameters are re-initialized, the stack should
update `mCslLastSync`. Continuing to use an outdated sync time results
in inaccurate calculations and is not reasonable behavior.
This commit fixed this issue.
This change relocates the `mDelayTimerMinimal` member and its
associated accessor methods, `GetDelayTimerMinimal()` and
`SetDelayTimerMinimal()`, from the `MeshCoP::Leader` class to the
`PendingDatasetManager` class.
This functionality is specific to the handling of the pending
operational dataset. Placing it within `PendingDatasetManager`
improves code structure and cohesion by grouping related parameters
together.
This change renames the `mInfraIfPrefix` in Nat64PrefixManager to
`mPlatformPrefix`.
The original name was ambiguous because both the RA-discovered prefix
`mRaTrackerPrefix` and this prefix are sourced from the infrastructure
link. The new name `mPlatformPrefix` clarifies that this prefix is
discovered through a platform-specific mechanism (e.g., DNS-based
discovery per RFC 7050), distinguishing it from prefixes discovered
directly via RA.
This commit introduces a new API
`otBorderRoutingGetNextNat64PrefixEntry`, which allows iterating
through the table of RA-discovered NAT64 prefixes on the
infrastructure link.
The `br nat64prefixtable command` is added to the CLI to display the
contents of the RA-discovered NAT64 prefix table.
This change moves the state and logic for managing the active
commissioner from `CoapDtlsSession` to the `BorderAgent::Manager`
class.
Previously, each `CoapDtlsSession` instance tracked whether it was the
active commissioner using its own `mIsActiveCommissioner` flag, and
managed its own `mCommissionerAloc` and `mUdpReceiver`.
This commit introduces a single `mCommissionerSession` pointer in the
`Manager` to act as the sole source of truth for the currently active
commissioner. The responsibility for managing the commissioner ALOC and
the associated UDP receiver is also moved to the `Manager`.
This approach reinforces the Thread mesh rule of a single active
commissioner at a time and simplifies the code by centralizing ALOC and
UDP receiver management in one place.
This commit adds select API so that simulation and be integrated with
other mainloops.
This commit also adds a flag to disable UART on simulation platform.
This commit contains some improvements and fixes to the CoAP-observe
(RFC 7641) messaging model implementation.
It also adds an 'expect' test for using the CoAP-observe related CLI
commands.
Specific items:
- ensure that a NON observe request is not acknowledged with an Ack.
- enable a NON observe request to never time out, unless cancelled
explicitly, or unless 0 observe responses are received within the
NON request's timeout period. This fixes an issue that responses
were not recognized anymore by the client after some time.
- allow an observe request to be silently cancelled by the client,
which is the suggested way per RFC 7641, in case a new observe
request is started and the CLI user did not explicitly cancel the
previous observe. This leaves the choice to the CLI user whether to
explicitly cancel or just forget the request.
- ensure that the client accepts CON notifications which are
interspersed with NON notifications per RFC 7641. Previously, this
caused the client to send RST instead of ACK.
- avoids the error 28 ResponseTimeout popping up in various cases by
keeping the observe request active.
- implements the mandatory interspersing of CON notifications when a
NON observe relation is ongoing, per RFC 7641. This is done by
sending a CON notification after every 5 NON notifications, same as
done by libcoap. When such CON notification times out
(i.e. undelivered/unack'ed) then the observe subscription is
automatically cleared after all its retries have been made. During
this effort of trying to deliver the notification, the NON
notifications (in case these follow) are still being sent in
fire-and-forget mode as usual.
- if already one subscription is ongoing, the server will ignore
further subscription requests (Observe Option) per RFC 7641 Section
4.1 and treat the request normally.
- log message at server side when a subscriber is cancelled.
Fixes#11971
This commit introduces a new mDNS OpenThread configuration,
`OPENTHREAD_CONFIG_MULTICAST_DNS_PERSIST_STATE_ON_POST_PROBE_CONFLICT`,
to control behavior when a late conflict is detected for an already
registered mDNS entry.
When this option is enabled (the default), the mDNS entry remains in
the `kRegistered` state, and the device continues to advertise and
answer for the name. This prioritizes advertisement stability, which
is desirable in use cases like the SRP Advertising Proxy where
post-probe conflicts can be transient. If the option is disabled,
the entry's state transitions to `kConflict`, and the device stops
advertising the name.
Regardless of this configuration, the conflict callback is still
invoked, informing other modules (such as the module that requested
the registration) so they can decide on a higher-level resolution
action.
This commit updates `BorderAgent` to correctly handle the `StateTlv`
in a forwarded response from the leader specifically for the response
to a forwarded `kUriLeaderKeepAlive` message.
The leader can reject a previously accepted active commissioner in the
Keep-Alive response by including the `StateTlv` with a `kReject`
status.
This commit ensures that if the `StateTlv` indicates the commissioner
is rejected, the session is properly cleaned up. This cleanup
involves removing the previously added commissioner ALOC and marking
the session as no longer the active commissioner.
This commit replaces `kTimeoutLeaderPetition` (in seconds) with
`kLeaderPetitionTimeout` (in milliseconds). This change avoids
repeated calls to `Time::SecToMsec()` when starting the commissioner
session timer.
Moves `EphemeralKeyManager` class and its implementation from
`border_agent.hpp` and `border_agent.cpp` to their own separate files
`border_agent_ephemeral_key.hpp/cpp`.
This is a structural change to improve code organization and does not
introduce any functional changes.
This commit updates the mDNS initial query logic to allow queries to
continue indefinitely (for shared resource records), instead of
stopping after a fixed number of initial attempts. This is applicable
while there are active browsers/resolvers associated with the query.
The previous implementation already used an exponential backoff but
was limited by `kNumberOfInitialQueries = 3`
This change removes that limit. The exponential backoff strategy is
retained, doubling the query retry interval from 1 second up to a
max of 1 hour, after which queries continue at the max interval. A
random jitter of `1/32` of the interval is also applied to each
retry interval.
This commit forces mLinks.SetRxOnWhenIdle to true when performing an
active scan.
Previously, when we have an SED which is connected to a thread network
(i.e. state == child), it is unable to perform scan command because rx
is turned off.
This commit updates the gn BUILD file so that it's guaranteed to build
according to gn args instead of ignoring them based on default value
assumptions. This ensures setting a gn argument would take effect when
building OpenThread.
This commit also sorts the source file lists.
This commit adds checks in `BorderAgent::HandleTmfProxyTx()` and
`BorderAgent::HandleTmfRelayTx()` to verify that the session belongs
to the current active commissioner rather than a candidate.
Specifically, `HandleTmfProxyTx()` uses the commissioner ALOC as
the sender address, which is available only when commissioner
petition is accepted.
This commit updates the Multi-AIL Detection feature to operate
independently of the Border Routing Manager. This fundamental change
allows the detector to be enabled/disabled on its own, rather than
being tied to the Border Routing Manager's state.
This change also moves the Multi-AIL detection API into a separate
`openthread/multi_ail_detection.h` header and introduces new APIs to
control the detector independently. Corresponding CLI commands are
also added.
The `test-505-multi-ail-detection.py` is also updated to validate
this new independent behavior. In particular that a device that is
not enabled to act as a BR can independently run multi-AIL detection
and determine whether, if it becomes a BR, it will cause multi-AIL
issues.
Add `SuccessOrQuit()` to check the return `Error` value of
`RoutingManager::SetEnabled()` in `fuzz_*.cpp` source files. This
addresses warnings about ignoring the return value.
This commit validates that the Channel Mask TLVs in a TMF Energy
Scan request are non-zero.
Additionally, this commit clamps the Count TLV value to the valid
range (1, 2, and 3) as required by the Thread specification.
The `test_otci` is updated to use count 3 (previously 4).
An Energy Scan request with a zero `Channel Mask` is invalid and
can cause the device to start a scan that takes a long time or
never completes. This change rejects such requests, preventing the
device from getting stuck. This was discovered by
fuzzer test.
This commit changes the mbedtls repo in openthread from source code to
git submodule.
This makes it easier for mbedtls version upgrade. This PR doesn't
upgrade the mbedtls version. v.3.6.0 is stil used to ensure nothing is
broken. The original OT specific build files (BUILD.gn, CMakeLists.txt
and config) are kept and unchanged. I've verified that the headers and
sources in the list of BUILD.gn are correct.
Small change to surface any internal errors in the hash calculations
to the TCAT Commissioner as general error. If not done, such errors
are silently ignored and hard to diagnose in products.
This commit enhances mDNS to allow reprobing for registrations
currently in a conflict state. Upon an explicit `Register()` call,
the mDNS module will now restart the probing process. This allows the
device to attempt to claim the name again if the conflict has been
resolved on the network.
Unit tests are updated to verify this behavior.
This commit suppresses the undefined warnings in mbedtls. To detect
such warnings in OpenThread, this commit also enables warnings check
for gn BUILD and fixes issues found.
`ValidateName()` did not correctly handle names that were exactly the
maximum allowed length (`kMaxNameLength`). A name of this length is
only valid if it ends with a trailing dot. Otherwise, when encoded,
the added root label causes the encoded name to exceed the
`kMaxEncodedLength` of 255 bytes.
This commit updates `ValidateName()` to enforce that any name with
length equal to `kMaxNameLength` must end with a dot character.
It also updates the `TestDnsName` unit test to verify this corrected
behavior, ensuring `ValidateName()` and `AppendName()` handle such
names consistently.
Rename all fuzzer source files in `tests/fuzz` from `{name}.cpp` to
`fuzz_{name}.cpp`.
Update the `ot_nexus_test` macro in `tests/fuzz/CMakeLists.txt` to
reflect this change, using `fuzz_{name}.cpp` as the source file while
naming the test `{name}-fuzzer`.
This change improves consistency and makes it easier to distinguish
fuzzer source files from other similarly named files during searches.
This commit introduces a new configuration option
`OPENTHREAD_CONFIG_DNS_CLIENT_BIND_UDP_TO_THREAD_NETIF` to control
which network interface the DNS client's UDP socket binds to.
When this config is set to 1, the socket is bound to the Thread
network interface (`Ip6::kNetifThreadInternal`).
When the config is set to 0, the socket is bound to the unspecified
network interface (`Ip6::kNetifUnspecified`), allowing DNS messages
to be sent and received over any available network interface. By
default this new config is disabled.
A new CMake option `OT_DNS_CLIENT_BIND_UDP_THREAD_NETIF` is also added
to allow easy configuration of this feature.
The test configurations are updated to ensure both behaviors are
covered.
Remove the `CoapDtlsSession::ForwardContext::ToHeader()` helper method
and move its logic directly into the `HandleCoapResponse()` method.
This simplifies the implementation by removing an unnecessary function
call for a single-use case.
Additionally, convert `ForwardContext` from a `class` to a `struct`.
This change makes the constructor public, removing the need for a
`friend` declaration for `Heap::Allocatable`, and better reflects its
role as a simple data structure.
Moves the management of MeshCoP service TXT data from the
`BorderAgent::Manager` class into the `TxtData` class.
This change improves separation of concerns by isolating all TXT
data-related logic, including vendor TXT data, change callbacks, and
notifier event handling, within the `TxtData` class. The
`BorderAgent::Manager` is simplified and its responsibilities are
more focused.
A new public method, `Refresh()`, is introduced on `TxtData` to
provide a clear API for other modules to signal that the MeshCoP
service TXT data needs to be re-evaluated and updated.
The `HandleCoapResponse` callback in `CoapDtlsSession` is renamed to
`HandleLeaderResponseToFwdTmf`.
The new name more clearly indicates that this callback is used to
handle the response from the leader for a forwarded TMF message.
This improves code readability and makes the role of the callback
more explicit.
When using some special configurations, the ot-cli-ftd will crash. The
crash path is `MessageFramer::PrepareMacHeaders()` ->
`Get<NeighborTable>().FindNeighbor()` ->
`Get<ChildTable>().Contains()`. The crash happens in the
`ChildTable::Contains()`. Here is the system crash message: `kernel:
traps: ot-cli-ftd[122376] trap invalid opcode ip:5640b7713b8e
sp:7ffd6425c5f0 error:0 in ot-cli-ftd[313b8e,5640b7400000+426000]`.
The root cause of the crash is that the CandidateParent is a 4 bytes
aligned class and the Child is a 8 bytes aligned class. When
converting the CandidateParent to Neighbor and then converting the
Neighbor to Child, the program will crash due to the alignment issues.
This commit replace the static_cast with the reinterpret_cast in
ChildTable::Contains() to convert a Neighbor to a Child.
Consolidates the two overloaded `SendErrorMessage()` methods in the
`CoapDtlsSession` class into a single implementation.
The new `SendErrorMessage()` method now accepts the token information
directly, rather than a `Coap::Message` or a `ForwardContext` object.
This simplifies the call sites and removes the now-unused
`CoapCodeFromError()` helper function (the conversion is now done
in the consolidated `SendErrorMessage()`).
This commit adds the adb interface support to expect scripts, so that
we can easily run all expect scripts on Android devices.
Example usages: `spawn_node ${node_id} "adb" "${adb_serial_num}"`.
This commit enhances the `TestNat64PrefixSelection` unit test by
adding more detailed verification of the RA-discovered NAT64 prefix
table managed by `RxRaTracker`.
This commit simplifies the CoAP message forwarding logic within the
`CoapDtlsSession` by removing the `mPetition` and `mSeparate` boolean
flags from the `ForwardContext`.
The `Uri` of the request is now stored directly in `ForwardContext`
and used to determine the logic flow, making the code more explicit
and easier to understand.
The `ForwardToLeader()` is only used with `kUriLeaderPetition` and
`kUriLeaderKeepAlive`, both of which requires a separate
non-confirmable response in addition to an immediate CoAP Ack
(i.e., as if `mSeperate` is `true`).
This change removes the need for intermediate flags and simplifies the
implementation of `ForwardToLeader()`, `SendErrorMessage()`, and the
`ForwardContext` constructor and `ToHeader()` method. The CoAP
message initialization is now more direct, always using
`kTypeNonConfirmable` for forwarded responses and error messages.
This commit updates the `BorderAgent` implementation to consistently
use `OwnedPtr` for managing the lifecycle of `Coap::Message` and
`Message` objects.
This change improves memory safety and simplify the code. Message
objects are now automatically deallocated when the `OwnedPtr` goes
out of scope, which eliminates all manual calls to `FreeMessage()`
and `FreeMessageOnError()`, preventing potential memory leaks and
making the code more robust.
This commit enhances `RxRaTracker` by introducing a new `Events`
struct for handling callbacks. This change replaces the previous
`HandleRxRaTrackerDecisionFactorChanged()` method with a more
versatile `HandleRxRaTrackerEvents()` that accepts the `Events`
struct as an argument.
The new `Events` struct includes boolean flags for:
- `mInitialDiscoveryFinished`
- `mDecisionFactorChanged`
- `mLocalRaHeaderChanged`
This allows `RxRaTracker` to communicate more specific events to
`RoutingManager` and `MultiAilDetector`, enabling them to take
the proper action based on the events. The `SignalTask` has been
renamed to `EventTask` to better reflect its new role in handling
these events.
This commit involves a small enhancement for CSL to optimize for power
consumption after receiving a frame.
Original implementation:
- schedule next CSL window during current CSL timer handle
- even if a frame is received, the scheduled CSL timer is not reset
- SSED wakes up much earlier than required if elapsed time is large
Suggested implementation:
- recalculate CSL timer during `UpdateCslLastSyncTimestamp` if it is
currently running
- SSED can use updated mCslLastSync so that it does not wake up much
earlier after receiving a frame
This commit updates the default TTL values used for mDNS records to
better align with the recommendations.
Previously, a single `kDefaultTtl` of 120 seconds was used for all
records when the registered entry did not explicitly specify the TTL
to use. This commit introduces separate default TTLs:
- `kDefaultAddrTtl` for address records (`AAAA`, `A`) is kept at
120 seconds.
- `kDefaultServiceTtl` for all service records (`PTR`, `SRV`, `TXT`)
is set to 4500 seconds.
- `kDefaultKeyTtl` is also updated to 4500 seconds for `KEY` records.
The code is updated to use the appropriate default TTL based on the
record type.
This commit implements `otPlatDnssdStartBrowser` and
`otPlatDnssdStopBrowser` to support service discovery on NCP.
The platform APIs are intended to be used by
`ServiceDiscovery::Server::DiscoveryProxy` for discovery
functionality. This commit only supports browser for now and will
suppport Srv/Txt/Address resolver in other commits to avoid this
commit from being too large.
This commit contains these changes:
* Add new spinel property for starting / stopping service browser
* Implement encoding/decoding of the new property
* Add unit test for encoding/decoding
* Implement ncp version of dnssd platform API
`otPlatDnssdStartBrowser` and `otPlatDnssdStopBrowser`
* Add property handler to get browser result on NCP side
* Add unit test to verify that the browser callback is correctly
invoked after getting browser result.
This commit introduces support for discovering NAT64 prefixes as
specified in RFC 8781.
The key changes include:
- New `Nat64PrefixInfoOption`: A new `Nat64PrefixInfoOption` class is
added to represent the PREF64 option in ND messages. This handles
parsing the prefix and its lifetime from incoming RAs.
- `RxRaTracker` Enhancement: The `RxRaTracker` is updated to process
`Nat64PrefixInfoOption` from RAs. It now maintains a list of
discovered NAT64 prefixes from routers on the infrastructure link
and determines a "favored" prefix among them.
- `RoutingManager` Update: The `Nat64PrefixManager` is enhanced to
utilize the RA-discovered prefix.
- `test_routing_manager` Update: The `TestNat64PrefixSelection` is
updated to include cases with RA-discovered prefixes.
Adds a new state, `mInitialDiscoveryFinished`, to `RxRaTracker` to
track the completion of the initial router discovery (RS transmission)
process. A new method, `IsInitialRouterDiscoveryFinished()`, exposes
this state.
This new method replaces `IsRsTxInProgress()`, which previously
checked if any RS transmission was ongoing. The new model ensures
the initial discovery is tracked only once after `RxRaTracker`
starts, rather than every time RS messages are sent (e.g., due to
stale timer expiration).
Additionally, the `RoutingManager` now checks this state and ignores
incoming RS messages until the initial router discovery is complete.
This prevents the BR from replying to its own RS messages or sending
an RA prematurely with incomplete information before all routers
are discovered and decision factors are determined.
Multicast addresses with scope larger than `RealmLocal` are no longer
subject to the standard receive filter. They are passed directly to
the host callback, allowing delivery and forwarding by the host.
This fixes a scenario where a `Thread Border Router` receives a
larger-scope multicast from a `Thread Device`. Previously, if the
Border Router was listening on the same multicast address and port,
the receive filter could drop the packet, preventing it from being
forwarded to other interfaces.
This adds support for the TMF command to enable TCAT remotely. A test
is added that uses the 'UDP send' mechanism to send the new TMF
command to a target node.
Some fixes/additions to the test framework are made to support the new
test, including a new argument for udp_send() to send a specific byte
array and udp_rx() to receive data by a UDP client on a node.
This commit introduces a direct callback mechanism from `RxRaTracker`
to `MultiAilDetector` to signal changes in decision factors. This is
in preparation of future changes allowing `MultiAilDetector` to run
independently of `RoutingManager`.
Previously, `RxRaTracker` would signal `RoutingManager`, which in turn
would call `MultiAilDetector::Evaluate()`. This commit refactors this
interaction by adding a new `HandleRxRaTrackerDecisionFactorChanged()`
method to `MultiAilDetector`.
`RxRaTracker` can run independently of `RoutingManager`. Its stale timer
callback should check its own running state (`mIsRunning`) instead of
`RoutingManager`'s state.
This commit corrects the logic in `HandleStaleTimer()` to use the local
`mIsRunning` flag.
This commit introduces the `ChildUpdateResponseInfo` struct to
encapsulate parameters for sending "Child Update Response" messages.
The new struct holds the list of TLVs to include, the received
challenge, and the destination address.
Related methods such as `SendChildUpdateResponse()` are updated to use
the new struct. This simplifies the method signatures by reducing the
number of arguments and improves code clarity by grouping related
data.
Verifies that the peer and socket addresses in `Mle::HandleUdpReceive`
are link-local. This ensures that MLE messages are only processed
from link-local addresses, which is a requirement of the Thread
specification.
The P2P peer can be woken up using the wake-up identifier. The wake-up identifier
is included in the Connection IE. This commit implements methods to the Connection IE
and Frame to process wake-up identifier.
Adds two important notes to the main API documentation header to clarify
critical usage rules for all OpenThread APIs.
- The first note states that all API calls and callbacks must be
invoked from the same OS context (e.g., the same thread).
- The second note clarifies the behavior of output parameters when an
API call returns an error.
This change modifies the handling of incoming ICMPv6 ND messages on the
infrastructure interface. `InfraIf::HandledReceived()` now inspects the
message type and calls the appropriate handler directly.
- Router Advertisement (RA) and Neighbor Advertisement (NA) messages are
now passed directly to `RxRaTracker::HandleRouterAdvertisement()` and
`RxRaTracker::HandleNeighborAdvertisement()` respectively.
- The generic `RoutingManager::HandleReceived()` method is removed.
`RoutingManager` now only handles Router Solicit (RS) messages via
`RoutingManager::HandleRouterSolicit()`.
This simplifies code and gives `RxRaTracker` direct ownership of RA
and NA processing, which aligns better with its role of tracking
information from received RAs and allowing it to run independently of
the `RoutingManager`.
This change moves the `MultiAilDetector` class from being a nested
class within `RoutingManager` to its own dedicated `.hpp` and `.cpp`
files.
An instance of `MultiAilDetector` is now owned by the top-level
`Instance` class, making it a sibling component to `RoutingManager`
and other core components.
This is purely a code organization change and introduces no functional
or logic changes. This prepares for future changes where
`MultiAilDetector` may operate independently of `RoutingManager`.
This change introduces a mechanism to control the `RxRaTracker` from
multiple sources.
A new method `RxRaTracker::SetEnabled()` is added, which accepts a
`Requester` enum. The tracker now maintains separate enable flags for
each requester (e.g., `RoutingManager`).
The `RxRaTracker` will start only when at least one requester has
enabled it AND the infrastructure interface is initialized and running.
It stops when all requesters have disabled it or when the interface
goes down.
The `Start()` and `Stop()` methods are now private, managed by a new
`UpdateState()` method to centralize the state logic. `InfraIf` is
updated to notify `RxRaTracker` of state changes.
This commit adds fake implementations for OT dnssd platform APIs.
The background is that I'm trying to enable the OT Dnssd Server
functions (Discovery Proxy) in ot-br-posix by default. Once it's
enabled, `openthread-ftd` needs implemenation of dnssd platform
APIs. To make some unit tests (in ot-br-posix) build successfully,
these fake implementations are required.
Introduces a new private method `Mle::SendChildUpdateRejectResponse()`
to consolidate the logic for sending a reject response to a
"Child Update Request".
This new method creates a response containing the Source Address TLV,
Status TLV, and (if applicable) Response TLV.
The new method is now used in `Mle::HandleChildUpdateRequestOnChild()`
when the device is not a parent of the sender, and in
`Mle::HandleChildUpdateRequestOnParent()` when a request from an
unknown child is received. This change removes duplicated code from
both locations.
The macro MBEDTLS_SSL_EXPORT_KEYS is added to OT in PR #7025, it is used to
ensure mbedtls_ssl_key_export_type is defined. However, the macro
MBEDTLS_SSL_EXPORT_KEYS has been removed from the mbedtls since mbedtls-3.1.0.
If developers use external mbedtls repo with version 3.1.0 or higher
versions, and missed to define MBEDTLS_SSL_EXPORT_KEYS, it will cause
the KEK won't be set to the KeyManager.
This commit checks whether the mbedtls version is equal to or higher than
3.1.0 to ensure mbedtls_ssl_key_export_type is defined.
Ensure the same challenge is used for all "Child Update Request"
messages sent to the parent while trying to restore the previous
child role.
The challenge is now generated once when the child role restoration
process starts in `PrevRoleRestorer::Start`. This prevents a
situation where a new challenge from a retry could invalidate a
delayed but valid response from the parent that contained the
previous challenge.
Add `OT_BORDER_ROUTING_DHCP6_PD_MIN_LIFETIME ` cmake build option, to
allow customizing the dhcpv6 pd client's minimum lifetime requirement
for different network environments or testing scenarios.
The application of the P2P module may only record the P2P peer's
link-local address for communication. This commit adds an API to
convert the peer's link-local unicast address to the peer's extended
address for tearing down the P2P link.
Adds CLI related configs within the Nexus test build
(`openthread-core-nexus-config.h`) to support fuzz testing of
the CLI module.
The following configurations are added:
- `OPENTHREAD_CONFIG_CLI_MAX_LINE_LENGTH` is increased to 800 to
handle potentially long input strings generated by the fuzzer
without truncation.
- `OPENTHREAD_CONFIG_CLI_LOG_INPUT_OUTPUT_ENABLE` is enabled to log all
input and output through the CLI. This is helpful for debugging
and analyzing fuzzer-generated logs.
This change moves the management of the infrastructure interface state
out of the `RoutingManager` and centralizes it within the `InfraIf`
class. This makes `InfraIf` a more self-contained component and
simplifies the logic in `RoutingManager`.
The `RoutingManager` now depends on an initialized `InfraIf`. Its
`Init()` method is simplified and is now called from
`InfraIf::Init()`.
The public API `otBorderRoutingInit()` now directly initializes the
`InfraIf`. The `InfraIf::Init()` method is updated to support
re-initialization, allowing to switch to a new interface. When
switching, it ensures that components on the previous interface are
stopped before restarting on the new one.
After the P2P link is established, the P2P peer's extended address is
returned as the P2P handle. This commit adds an API to convert the
peer's extended address to the peer's link-local unicast address.
This commit introduces a new feature to parse the MeshCoP service TXT
data from a Border Agent.
The new API `otBorderAgentTxtDataParse()` allows parsing the raw TXT
data into a structured `otBorderAgentTxtDataInfo` object. This can be
used by applications to inspect the capabilities and status of a
discovered Border Agent.
Config `OPENTHREAD_CONFIG_BORDER_AGENT_TXT_DATA_PARSER_ENABLE` controls
this new feature.
The existing test for the Border Agent is updated to validate the new
parser and its output.
This change refines the content of the `ChildUpdateResponse` message
to avoid sending additional TLVs when rejecting a request.
The `ChildUpdateResponse` message is now tailored based on the
triggering `ChildUpdateRequest`. Specifically:
- When rejecting a `ChildUpdateRequest` (and including a Status TLV),
the response will only include a Source Address TLV, a Status TLV,
and, if sent in response to a `ChildUpdateRequest` that contained a
Challenge TLV, a Response TLV.
- The reject response will no longer include the Leader Data, MLE
Frame Counter, and Link Frame Counter TLVs.
- Any requested TLVs (from the `TLV Request TLV` in the
`ChildUpdateRequest`) are now only included in the response when
the request is accepted.
This change updates the jitter calculation for the SRP client's retry
mechanism.
Previously, a fixed jitter value was used. This could lead to
synchronized retries from multiple clients, especially as the retry
interval grows.
The new implementation calculates the jitter as a fraction of the
current retry interval (1/5th), ensuring that the jitter scales with
the wait time. This helps to better decorrelate retries from different
clients.
A new constant `kRetryJitterDivisor` is introduced for this
calculation. The jitter is clamped to a minimum value given by
`kRetryIntervalJitter`.
This commit adds `Dns::Name::ValidateName()` and `ValidateLabel()`
helper methods to validate a DNS name or label.
These methods are used at the entry of the mDNS `Register*()` and
`Unregister*()` public APIs to validate the provided host, service,
and key names. This prevents issues with malformed names and improves
the robustness of the mDNS module.
Includes unit tests for the new validation methods.
This commit adds CMake Presets. The features used in this CMake Presets
requires CMake 3.25. This allows good integration with IDEs including VS
Code.
These presets also works in command line:
```bash
cmake --preset simulation
cmake --build --preset simulation
ctest --preset simulation -R ot-test-message
```
Introduces a new method `ValidateTlvs()` on `NetworkData` to perform
structural validation of all TLVs within the network data.
This new validation is invoked from `Leader::SetNetworkData()` when
receiving new network data. If the new data fails validation, it is
rejected, and the previous network data is restored. This prevents a
device from accepting and propagating malformed network data, which
could lead to parsing errors or undefined behavior on devices.
The validation checks include:
- All TLVs and sub-TLVs are within the network data buffer bounds.
- Known TLV types like `PrefixTlv` and `ServiceTlv` are well-formed
by calling their respective `IsValid()` methods.
- Container TLVs like `BorderRouterTlv` and `HasRouteTlv` have a
length that is an exact multiple of their entry size.
This commit removes a misleading TODO comment in the NAT64 prefix
manager.
The TODO suggested changing the NAT64 prefix publisher check to use
the RLOC16 of the entry in the Network Data. However, this approach is
flawed in scenarios with multiple Border Routers.
When multiple BRs publish the same NAT64 prefix with the same
preference, `FindPreferredNat64Prefix()` may return an entry published
by a different BR. An RLOC16 check would then incorrectly cause the
current BR to believe it did not publish the prefix, potentially
leading it to withdraw its entry and cause network instability.
This commit renames NAT64 prefix discovery handler functions in
`RoutingManager` and `Nat64PrefixManager` to be more specific. This is
a non-functional refactoring that improves code clarity and
maintainability.
The new names, `HandleInfraIfDiscoverNat64PrefixDone` and
`HandleInfraIfDiscoverDone`, clarify that these handlers are for NAT64
prefixes discovered on the infrastructure interface.
This change makes the code easier to understand and prepares it for
potential future enhancements, such as discovering NAT64 prefixes from
Router Advertisements.
This commit makes the callback handlers in `InfraIf` private and
declares the C-style platform functions as friends.
This change improves encapsulation by restricting the visibility of
these internal handler methods. The public API of `InfraIf` is made
cleaner, and only the intended callers (the platform callbacks) are
granted access.
This change modifies `HandleChildUpdateRequest()` to allow a detached
child that is restoring its previous role to process a "Child Update
Request" from its former parent.
When in this state, the device will respond to the request but will
not save any of the content (TLVs) from the message, as the child has
not yet established trust with any device (including its former
parent) and therefore cannot authenticate the freshness of the
received request.
This change handles the scenario where a child and its parent may be
reset simultaneously. It allows the parent to first restore its link
with the child through a "Child Update" exchange, which can then be
followed by the child sending its own "Child Update Request" to
re-establish the link. Without this change, a communication impasse
could occur where the parent rejects the child's request (as the
child is not yet valid), and the child ignores the parent's request
(as it is not yet attached). This change prevents devices from
resorting to a full re-attachment, thereby improving network
resilience and recovery time.
A new test is added to emulate this scenario and verify that the child
restores its role correctly without performing a full attach.
Adds a destructor to the `Dns::Client` class to ensure that `Stop()`
is called when a `Client` object is destroyed (freeing all allocated
queries).
This change prevents false memory leak reports from fuzzer tests when
an `ot::Instance` is destroyed during ongoing DNS queries (retries).
This commit moves the `InfraIf` member from `RoutingManager` to be
owned directly by the `Instance`.
This change aligns the ownership of `InfraIf` with other core
components and simplifies dependencies. Decoupling `InfraIf` from
`RoutingManager` allows it to be accessed separately.
This change makes the NAT64-related method in `InfraIf`
conditionally compiled based on the configuration
`OPENTHREAD_CONFIG_NAT64_BORDER_ROUTING_ENABLE`.
The methods `DiscoverNat64Prefix()`, `DiscoverNat64PrefixDone()`,
and are now entirely excluded from the build when NAT64 border
routing is disabled.
This change introduces compile-time validation for the `kEntries`
array in `uri_paths.cpp` to ensure the array's order matches the
`Uri` enum definitions.
A new `constexpr` function, `AreConstStringsEqual()`, is added to allow
for string comparisons at compile time, which is necessary for use
within `static_assert` in C++11.
A series of `static_assert()` checks are added to `uri_paths.cpp`.
These assertions verify that each URI path string in the `kEntries`
lookup table is correctly placed at the index corresponding to its
`UriPath` enum value.
This prevents potential bugs caused by accidental reordering of either
the enum or the array, ensuring the mapping between them remains
correct. If the order is changed incorrectly, the build will now fail,
immediately alerting the developer.
`cli_coap.cpp` and `cli_coap_secure.cpp` both try to print `uint32_t`
values with `%i`, which causes build errors on some systems.
This commit uses `%lu` together with `ToUlong` to fix this and make
the code more portable.
Additionally, `%u` was used to print unsigned values instead of `%i`
This commit introduces a new `MeshCoP::BorderAgent::TxtData` class to
encapsulate the logic for preparing the Border Agent's MeshCoP
service TXT data.
The TXT data generation logic is moved from the `BorderAgent::Manager`
into the new `TxtData` class. This refactoring improves modularity
and maintainability and prepares for the future addition of a MeshCoP
TXT data parser.
This change moves the `RsSender` class from `RoutingManager` to
`RxRaTracker`.
The `RxRaTracker` is responsible for tracking received Router
Advertisements (RAs). Since sending Router Solicitations (RS) is the
mechanism to discover routers and solicit RAs, it is more appropriate
for `RxRaTracker` to own the `RsSender`.
This improves the separation of concerns by centralizing the logic for
both sending RS messages and processing the resulting RAs within the
`RxRaTracker` class. The `RoutingManager` is now decoupled from the
details of the RS transmission process.
The `IsRsTxInProgress()` method is also moved to `RxRaTracker` and its
Doxygen documentation is improved to provide more detail on the RS
transmission process.
Renames the callback used by `RxRaTracker` to inform `RoutingManager`
to `HandleRxRaTrackerDecisionFactorChanged()`.
This name more accurately reflects the triggering condition, as the
callback is invoked whenever any of the "decision factors" change,
not just when the on-link prefix table is updated.
For consistency, the related method in `OnLinkPrefixManager` is also
renamed to `HandleRxRaTrackerChanged()`.
This change replaces all instances of the null character literal
'\0' with the `kNullChar` constant throughout the `src/core/` files.
This improves code readability and consistency, making the intent
of the code more explicit.
This change makes the `RxRaTracker` a direct listener of network data
change events from the `Notifier`.
Previously, the `RoutingManager` would receive the network data change
event and then call `RxRaTracker::HandleNetDataChange()`. This
created an unnecessary dependency between the two components.
By making `RxRaTracker` a direct listener, we decouple it from
`RoutingManager`. The `HandleNetDataChange()` method in `RxRaTracker`
is also made private as it is now only called from within the class.
This commit introduces new Network Diagnostic TLVs to report Border
Router information. It implements the server and client side logic to
support these new TLVs:
- BR state (38) - `uint8` value as `otBorderRoutingState`.
- BR Infra Interface Addresses (39) - list of IPv6 addresses
- BR Local OMR Prefix (40) - local (ULA) OMR prefix
- BR DHCPv6-PD OMR prefix (41) - DHCPv6-PD prefix (if any)
- BR Local On-link Prefix (42) - local on-link prefix
- BR Favored On-link Prefix (43) -favored discovered on-link on AIL
The various BR prefix TLV values are encoded as a fixed 8 bytes value
corresponding to the IPv6 prefix bytes (`/64`) in big-endian order.
This commit updates the `networkdiagnostic get` CLI command to display
the information from these new TLVs.
It also includes a test (added in `test-503-peer-tbr-discovery.py`) to
verify the new TLVs and the CLI commands.
This change reorganizes the `BorderAgent` related classes into a new
`MeshCoP::BorderAgent` namespace to improve code structure and clarity.
The following changes are included:
- `MeshCoP::BorderAgent` class is renamed to `Manager` and placed
within the new `MeshCoP::BorderAgent` namespace.
- `MeshCoP::BorderAgentTracker` is renamed to `Tracker` under the
new namespace.
- `EphemeralKeyManager` is moved from being a nested class in
`BorderAgent` to `MeshCoP::BorderAgent::EphemeralKeyManager`.
- `EphemeralKeyManager` is now a direct member of the `Instance` class,
simplifying accessing it.
All related calls and test files are updated to reflect these
changes.
This commit separates the `RxRaTracker` logic from `RoutingManager`
into its own class and source files.
Previously, `RxRaTracker` was a nested class within `RoutingManager`.
This change moves it to `src/core/border_router/rx_ra_tracker.hpp`
and `src/core/border_router/rx_ra_tracker.cpp`, making it a
standalone class within the `ot::BorderRouter` namespace.
This separation improves modularity and prepares for future changes
where `RxRaTracker` may operate independently of `RoutingManager`.
This change adds a check at the beginning of `RegisterService()`
to ensure that the border agent is enabled before attempting to
register a service.
Previously, methods like `SetServiceBaseName()` would call
`RegisterService()` regardless of whether the agent was enabled,
leading to unintended service registration attempts on a disabled
agent.
This commit also adds a new test case to verify that changing the
service base name on a disabled border agent does not result in a
service being registered.
This fixes the issue that some required Python modules were missing in
pyproject.toml. To avoid Python version conflicts with the
cryptography module, the minimum Python version is raised to
3.10. Also, the name, version and description of the project are
updated. Module versions are updated to recent (2025) versions.
For Windows, a platform-specific import of pyreadline3 is added. Due
to this conditional dependency, the poetry.lock file is removed from
the repository: it is now necessarily specific to each platform and
has to be locally generated.
host-RCP time sync interval is in configuration file.
Added in cmake to use user defined RCP time sync internval during build.
Signed-off-by: ashish <ashish.vara@nxp.com>
Introduces a new `BorderAgentTracker` module to discover and track
Border Agents on the infrastructure link.
The tracker browses for the `_meshcop._udp` mDNS service and maintains
a list of discovered Border Agents. For each discovered service, it
resolves the port, host name, TXT record, and host addresses.
This change also adds new public otBorderAgentTracker APIs,
corresponding `batracker` CLI commands, and a new Nexus test case to
validate the behavior.
Increases the `nexus.AdvanceTime()` in the CLI fuzzer test from 10 to
60 seconds to make the test more robust.
For example, the previous 10-second wait was not sufficient for
`Dns::Client` operations to complete, especially considering retries.
This could cause false fuzzer memory leak reports.
This change introduces new files `br_log.cpp` and `br_log.hpp` to
house common logging helper functions for the border router modules.
Helper functions for logging Router Advertisement (RA) headers, Prefix
Information Options (PIO), Route Information Options (RIO), and other
related options are moved into this new module.
The log module name is also updated from `RoutingManager` to a more
general `BorderRouting`.
This change improves code structure by decoupling logging
functionalities from the `RoutingManager`.
Introduces a new `br_types.hpp` header and `br_types.cpp` source
file to centralize common data structures and type definitions used
across border router modules.
This change moves several classes from `routing_manager.hpp` to the
new `br_types.hpp` header. The moved classes include
`LifetimedPrefix`, `OnLinkPrefix`, `RoutePrefix`, `RdnssAddress`,
`IfAddress`, `OmrPrefix`, and `FavoredOmrPrefix`.
Additionally, common `typedef`s (e.g., `RoutePreference`,
`PrefixTableEntry`) and helper functions like `IsValidOmrPrefix()` are
relocated to the new files.
This improves the code structure by decoupling these shared types from
the main `RoutingManager` class, making them more reusable and easier
to maintain.
When handling a parent request, a response is not sent if the device
is not attached, or if it is attaching. However if the device starts
the attachment process between queuing the parent response and
actually sending it, the parent response will be sent from an invalid
state.
This commit causes all queued parent response messages to be removed
when the device begins the attachment process, to avoid stale messages
from being sent on the link.
This change enhances the `DelayedSender::Match()` method to support a
wildcard destination address. When the unspecified address (`::`) is
provided, the address check is skipped, allowing a match against any
destination.
A new private helper method, `LogRemove()`, is introduced to ensure
accurate logging when removing a delayed message schedule. Previously,
`RemoveMatchingSchedules()` would log the address passed to it, which
could be the wildcard `::` address. The new `LogRemove()` method
logs the actual destination from the scheduled message header
before it is removed.
This adds a BLE 'non-advertising' state in which BLE is enabled for connections, but not advertising.
- If the TCAT agent is not started and BLE is started, BLE advertising will be enabled by default.
- If the TCAT agent is started, then BLE advertising is under control of the TCAT agent - depending on its state.
The TCAT agent, while started, can be now in standby mode or in active mode. In standby, it doesn't
advertise and doesn't allow incoming TCAT connections. In active mode, it allows both advertising and incoming
connections. Timed activation of the active mode is also possible. CLI commands are added to test the new modes and
timed activation.
Existing architecture is not changed (BLE-Secure is in control and has all APIs to access TCAT agent).
It also fixes some (API) documentation and clarifies this where needed. Also, an error-value bugfix is done.
The TcatAgent is now added to instance.hpp/cpp, because that is required to use a timer from within
TcatAgent.
Log messages of TcatAgent are shortened and more often try to use an identical constant string value.
This saves memory in the binary, due to string re-use.
The "join callback" is clarified and extended to support callback to the application when the TCAT Commissioner
instructs the TCAT Device to try join a Thread network, or leave a Thread network.
This commit provides more structured logging for ssl.py errors, and
displays the OpenSSL verify error code. This is used for certification
to validate reasons of handshake failure.
This commit allows compiling the OpenThread RCP in OTNS mode.
This allows OTBR to attach seamlessly to OTNS.
* Add the mOtns attribute to Instance::Instance when compiled
with OPENTHREAD_RADIO=1
* Add src/core/utils/otns.cpp to the RCP build.
Only the necessary functions are compiled in RCP mode.
Other functions such as EmitPingRequest and EmitPingReply
that require IPv6 stack support are not compiled in RCP
and are therefore moved into adequate
`#if OPENTHREAD_MTD || OPENTHREAD_FTD` guards.
* Ensure the RCP emits the needed events in src/core/radio/radio.cpp
when compiled with OTNS support.
This change updates `BorderAgent::PrepareServiceTxtData()` to read the
Network Name (`nn` key) and Extended PAN ID (`xp` key) from the
Active Dataset, after verifying that the dataset is valid and has an
active timestamp.
Previously, these values were read directly from `NetworkNameManager`
and `ExtendedPanIdManager`, which could provide default or initial
values (during stack initialization). Reading from the Active Dataset
ensures that the advertised service TXT data is consistent with the
dataset currently in use by the device.
The `ValidateMeshCoPTxtData()` test is updated to reflect this
behavior.
This commit adds public getter functions to acquire a pointer for
the single OpenThread instance or one associated with a provided index.
An index to instance reference getter function was previously implemented
in the core instance interface, but this capability was not publicly accessible.
The accessor function introduced in this commit will now allow for platforms
or application code to perform this mapping. Corresponding changes for the
single instance case are also included.
This commit adds a field UDP port in the property
SPINEL_PROP_BORDER_AGENT_EPHEMERAL_KEY_STATE.
Similar as `SPINEL_PROP_BORDER_AGENT_MESHCOP_SERVICE_STATE`, NCP needs
to sync the UDP port number to the host as well so that the UDP proxy
on the host can correctly map the port and forward the UDP packet to
the NCP.
I missed the field in the previous commit. But since the spinel
property was just added recently and it hasn't been put into usage, I
think it's fine to change the existing spinel protocol.
This prevents the leader from allowing FTD devices' address solicit to
succeed while it is in the attaching state.
Upon processing an advertisement from a different partition, the
leader may evaluate it's own partition to be a singleton vs another
partition with routers and choose to start attaching. If a router is
upgraded during that time, the leader is committed to leaving already
and the other devices on that partition may get stranded if the router
is upgraded.
i.e. The router and other devices may now see the partition as
non-singleton, and if it has a higher partition ID than other
partitions, they will be stuck for the duration of the network ID
timeout.
Introduces a new template helper function `SetToUintMax()` in
`common/num_utils.hpp`. This function sets a given unsigned integer
variable to its maximum possible value.
The `SetToUintMax()` function infers the type of the variable,
ensuring that the correct `NumericLimits<...>::kMax` is used. This
prevents potential bugs where a variable could be assigned the max
value of a wrong `uint` type.
Existing code across different modules is updated to use this new
helper function, improving code safety and robustness.
Make `RoutingManager::GetNextRdnssAddrEntry()` and
`RoutingManager::GetNextIfAddrEntry()` const.
These methods are simple getters that do not modify the state of
`RoutingManager` and call const methods on `mRxRaTracker`. This change
makes them consistent with other similar getter methods in
RoutingManager like `GetNextPrefixTableEntry()` and
`GetNextRouterEntry()`.
The description of the method `otPlatRadioEnableCsl()` requires the platform
to include the CSL IE in the enhanced ACK when the received data frame's source
address matches the CSL receiver's peer address. This commit implements this
requirement in the simulation radio.
Note that `otPlatInfraIfDiscoverNat64Prefix` has an empty
implementation now and it always returns UNIMPLEMENTED error. So now
we constantly see the warn log on devices, which is confusing.
Expands and reorganizes the `cli debug` commands list to provide a
more comprehensive diagnostic snapshot of a device's state.
Key enhancements include:
- Expanded State Information: Adds commands for general device state
(uptime, netstat), detailed neighbor connection times, and mesh
topology diagnostics.
- Comprehensive Border Router Data: Includes detailed information for
multi-AIL status, discovered peer BRs, infrastructure routers, and
DNS-SD tables.
- Detailed Counters & History: Adds specific counters for IP, MAC,
MLE, and BR modules, along with network history for prefixes,
routes, and neighbors.
Consolidates the two overloaded `Peer::Matches()` methods for service
and host name matching into a single method.
This change introduces a new `NameMatchType` enum, which is used to
specify whether to match against a service name or a host name. This
removes the need for the now-unnecessary `ServiceNameMatcher` and
`HostNameMatcher` structs, simplifying the calling code and the `Peer`
class.
This change enhances `NetDataBrTracker` to support filtering of Border
Routers.
The `NetDataPeerBrTracker` is renamed to `NetDataBrTracker` to reflect
that it can now track all Border Routers, not just peers.
A new `Filter` enum is introduced with `kAllBorderRouters` and
`kExcludeThisDevice` options. This allows callers to specify whether
to include the current device in the list of Border Routers.
The `CountPeerBrs()` and `GetNext()` methods are updated to
`CountBrs()` and `GetNext()` respectively, and now accept a `Filter`
parameter.
This change provides more flexibility to the `NetDataBrTracker` and
makes the code more reusable. The unit tests are also updated to
clean up resources to avoid heap allocation leaks at the end of
tests.
This change enhances the move semantics for heap-allocated container
classes (`Array`, `Data`, and `String`) by introducing a consistent
pattern.
A new `Move()` method is added to `Heap::Array`, `Heap::Data`, and
`Heap::String`. This method returns an rvalue reference to the object,
making the intent to transfer ownership explicit at the call site.
The existing `TakeFrom()` methods are updated to accept an rvalue
reference and now include a check to prevent self-assignment, which
improves robustness.
For consistency, `Heap::Data::SetFrom(Data&&)` and
`Heap::String::Set(String&&)` are renamed to `TakeFrom()`.
All call sites are updated to use the new `foo.TakeFrom(bar.Move())`
pattern, replacing the more verbose and less clear
`static_cast<...&&>(bar)`.
Unit tests are updated to validate the new `TakeFrom()` and `Move()`
semantics, including tests for self-assignment and moving from a
null (empty) container
In `NetDataPeerBrTracker::CountPeerBrs()` method, the `aMinAge`
output parameter is a `uint32_t` but it was incorrectly
initialized to `NumericLimits<uint16_t>::kMax`.
This change corrects the initialization to use the
`NumericLimits<uint32_t>::kMax` to ensure the minimum age
calculation functions correctly over the full 32-bit range.
This change moves the logic for iterating over the `NetDataPeerBrTracker`
entries from `RoutingManager::RxRaTracker::Iterator` directly into the
`NetDataPeerBrTracker::GetNext()` method.
This decouples the `NetDataPeerBrTracker` from the `RoutingManager`'s
iterator implementation, allowing the removal of `RoutingManager` as a
friend class of `NetDataPeerBrTracker`.
This commit also includes smaller enhancements and changes to the
`RoutingManager::RxRaTracker::Iterator`:
- `Iterator::EntryType` is renamed to `PrefixType` for clarity.
- `Iterator::AdvanceToNextEntry()` is renamed to
`AdvanceToNextPrefixEntry()`.
Moves the nested `RoutingManager::NetDataPeerBrTracker` class into its
own standalone class `BorderRouter::NetDataPeerBrTracker` in new
files `br_tracker.cpp` and `br_tracker.hpp`.
`NetDataPeerBrTracker` is now instantiated as a member of `Instance`
and is no longer owned by `RoutingManager`.
There is no logical/behavioral change in the `NetDataPeerBrTracker`
functionality.
Public C APIs `otBorderRoutingGetNextPeerBrEntry()` and
`otBorderRoutingCountPeerBrs()` are updated to get and use the
`NetDataPeerBrTracker` component.
This commit moves the `SlaacAddress` module from `src/core/utils`
to `src/core/net`.
This change also updates the namespace from `ot::Utils` to
`ot::Ip6` and updates all includes and usages throughout the
codebase.
The `SlaacAddress` module was originally placed in `core/utils`
as SLAAC management was historically handled by the platform.
Now that the OpenThread stack manages SLAAC directly, this logic
is better placed under `core/net`.
This allows a node to asses its LinkQuality In to its neighbors.
Similar to what is already available via router info.
Useful when not all its neighbors are routers.
Previously, when the translator ran out of IPv4 addresses or mapping
pool entries, any new NAT64 translation attempt would fail until
earlier entries reached their expiration time. The default expiration
time is long (7200 seconds / 2 hours).
This commit introduces a mechanism to evict existing "stale" mappings
(old but not yet expired) to make room for new ones.
This is handled by the new `EvictStaleMapping()` method, which is
called from `AllocateIp4Address()` and `AllocateMapping()` when
resources are full. A mapping is only eligible for eviction after a
minimum idle period (`kMinEvictTimeout`) which is set to 2 minutes
(matching `UDP_MIN` in RFC 6146).
The eviction logic prioritizes mappings based on protocol usage and
last use time. The preference for eviction, from most to least
preferred, is:
1. ICMP-only mappings
2. UDP (and possibly ICMP) mappings
3. TCP (and possibly other) mappings
If two mappings are in the same category, the one that has been
idle for the longest time is evicted.
This commit also adds a detailed `TestNat64Evict` test case to
validate the eviction logic and priority.
This commit makes NCP send notification to the host when the netif
state changes.
At the beginning we use ThreadHost API to start the thread network on
OTBR NCP which explicitly sends spinel property set command to the NCP
and get response. So the host side can get the latest state of netif
in the response. However if we use the cli command (`ifconfig up`) to
start the thread network, we need the NCP to send a notification to
the host that netif state changes.
I have verified that with the change, the host can receive the update
if we issue `ifconfig up` command.
The noexcept placement new is standard in c++11. This commit adds a
config OPENTHREAD_CONFIG_USE_STD_NEW to allow using <new>. The default
behavior is still using OpenThread's own placement new implementation.
Removes the `IsValidOnLinkPrefix()` helper functions which required a PIO
to have both the on-link (`L`) flag and either the autonomous address
configuration (`A`) or DHCPv6-PD preferred (`P`) flag to be considered
valid.
The `RxRaTracker` is updated to track any received valid PIO as long as
the on-link (`L`) flag is set, regardless of the `A` or `P` flags.
The `OnLinkPrefix` class is updated to store the state of the `A` and
`P` flags from the PIO. These flags are now checked within
`OnLinkPrefix::IsFavoredOver()` to determine if a prefix is eligible
to be a "favored" on-link prefix, but their absence no longer prevents
the prefix from being tracked.
This change ensures that the routing manager is aware of all non-ULA
on-link prefixes (even those with only the L flag set), which correctly
informs the decision to publish a default route.
This commit also:
- Updates `PrefixInfoOption` in `nd6.hpp` to use a `Flags` typedef and
named constants instead of bitmasks.
- Updates `LogPrefixInfoOption` to log the state of L, A, and P flags.
- Adds a new unit test, `TestNonUlaPioWithOnlyOnLinkFlag`, to verify
the new behavior.
This change updates the TREL interface enable logic to depend on two
requesters: the user (via `otTrelSetEnabled` API or CLI) and the
stack (internal, e.g., when the Thread protocol is running).
The TREL interface is now considered enabled only when both the user
and the stack have requested to enable it. By default, the user
preference is 'enabled', allowing the stack to control the state.
A key behavior change is that a user's request to disable TREL is now
persistent. If the user explicitly disables TREL, it will remain
disabled even if the stack stops and restarts (e.g., `ifconfig down`
then `ifconfig up`). The user must explicitly re-enable the TREL
(calling `otTrelSetEnabled(true)`) to allow TREL to operate again.
This is implemented by `Trel::Interface::SetEnabled()` method now
taking a `Requester` enum (`kRequesterUser` or `kRequesterStack`) as
input and tracking `mUserEnabled` and `mStackEnabled` flags
separately.
This commit also updates API/CLI documentation and adds a new test
(`TestTrelUserDisableRenable`) to verify this new behavior.
The current history tracker only records direct transmissions, but
indirect transmissions are also required for debugging. This commit
adds support for tracking indirect transmissions.
This change updates `Radio::Init()` to avoid passing
zero-initialized temporary objects of `Mac::ExtAddress` and
`Mac::KeyMaterial` types.
Instead, it declares local variables and passes them to the setter
methods. This improves code readability and makes the intent more
explicit.
This commit updates the logic in MLE `HandleAnnounce()` for processing
a received Announce message with an older (stale) timestamp.
Previously, only an Announce with a newer timestamp would be
considered for processing and announce attach (trying to attach using
the channel and/or PANID from the received announce). Also, any
device receiving a stale Announce with an older timestamp would send
its own Announce back to inform the sender.
This change updates the behavior regarding the processing of stale
Announce messages:
- A router-eligible FTD still sends an Announce back to help inform
the other device.
- A detached MTD will now process the Announce (wait for a short delay
before trying to attach to the older Dataset). This is useful when
an MTD child device has a newer Dataset but the routers it can hear
are still on a previous, older Dataset.
- An attached MTD now ignores the stale Announce. Since an MTD cannot
become a router to help the device with the older Dataset join the
new Dataset, sending an Announce back from the MTD would be
pointless.
This commit also introduces a test to verify this exact scenario.
A Minimal End Device (MED) is defined by the spec as an MTD whose
receiver is enabled all the time.
This commit fixes the implementation of `IsMinimalEndDevice()` to
match this definition. The previous implementation of this method
would incorrectly accept any MTD config (including SED or MED).
Within the core modules, `IsMinimalEndDevice()` is only used in
`MeshForwarder::UpdateIp6Route()`. This commit updates the logic
in this method to differentiate between an FTD (calling
`UpdateIp6RouteFtd`()) and an MTD (forwarding to parent) by
checking `IsFullThreadDevice()` instead of the previous check
against `IsMinimalEndDevice()` (which was effectively checking
MTD).
This commit also adds a new unit test, `TestDeviceMode()`, to
validate all configurations of `DeviceMode` (SED, MED, FTD) and
verify the behavior of `IsMinimalEndDevice()`.
This change modifies the NAT64 translator to dynamically allocate IPv4
addresses by tracking a range of host IDs within the configured CIDR.
This approach replaces the pre-allocated `mIp4AddressPool`, making it
more memory-efficient by avoiding the storage of an entire address
array.
The translator now maintains `mMinHostId` and `mMaxHostId` derived
from the configured CIDR. When allocating an IPv4 address for a new
mapping:
- If `PORT_TRANSLATION_ENABLE` is enabled, addresses are assigned
sequentially by cycling through the host ID range. Mappings can
share an IPv4 address as they are distinguished by translated port
numbers.
- If `PORT_TRANSLATION_ENABLE` is disabled, a 1-to-1 address mapping
is used. The translator cycles through host IDs to find an unused
IPv4 address. If all addresses are allocated, it attempts to free
expired mappings before failing.
A new test case, `TestNat64CidrAddressReuse`, is added to validate the
address allocation and reuse logic. The test ensures that all
available addresses from a CIDR are used, new requests fail when the
pool is exhausted, and addresses are correctly reused after mappings
expire. It is run against multiple CIDR sizes (`/32`, `/31`, `/30`,
and `/27`) to verify behavior across various configurations.
The definition of the function `HandleMbedtlsExportKeys()` is wrapped
by the macro `MBEDTLS_SSL_EXPORT_KEYS`, but the implementation of the
function `HandleMbedtlsExportKeys()` is not wrapped by the macro
`MBEDTLS_SSL_EXPORT_KEYS`. Which causes `out-of-line definition` compiling errors.
This commit wraps the implementation of the function `HandleMbedtlsExportKeys()`
and the code that calls it with the macro `MBEDTLS_SSL_EXPORT_KEYS`.
The commit adds new spinel properties for ephemeral key feature:
* SPINEL_PROP_BORDER_AGENT_EPHEMERAL_KEY_STATE, for the NCP to update
the ePSKc state to the host
* SPINEL_PROP_BORDER_AGENT_EPHEMERAL_KEY_ENABLE, for the host to
enable/disable the ePSKc feature
* SPINEL_PROP_BORDER_AGENT_EPHEMERAL_KEY_ACTIVATE, for the host to
start the ePSKc mode
* SPINEL_PROP_BORDER_AGENT_EPHEMERAL_KEY_DEACTIVATE, for the host to
stop the ePSKc mode
The commit adds the NCP properties handler in NCP and also adds some
unit tests for the handlers.
This change simplifies the state management logic in the NAT64
translator by removing the `mEnabled` boolean flag. The `mState` enum
is now the single source of truth for the translator's operational
status.
A new `SetState()` method centralizes the actions performed when
transitioning to a new state, such as logging, signaling notifiers,
and clearing active mappings. The `IsEnabled()` helper is introduced
to check if the current state is not `kStateDisabled`.
Consequently, functions like `SetEnabled()` and `UpdateState()` are
updated to use the new `SetState()` function, making state
transitions more explicit and maintainable.
Clang warns that mMetricsValue is less aligned that its
union type. Make the union packed to fix this.
Signed-off-by: Damian Krolik <damian.krolik@nordicsemi.no>
This commit allows binding to multicast address, which means the socket
would only accept frames targeting to a particular multicast address.
This prevents other datagrams destined to the same port being delivered
to this socket.
Note that binding to a multicast address doesn't automatically subscribe
to the multicast group.
This improves debuggability of TCAT client and server, by using one
unified format (hex + ASCII) to show transmitted and received TCAT
data within the TLS session, as well as showing size of the encrypted
(TLS) data. For encrypted data, only size is now shown to avoid
clutter. Showing the hex + ASCII dump allows devs/testers to visually
read TCAT TLVs from screen and identify how all TCAT commands are
processed by the Thread device.
This change replaces the `Translator::Result` enum with the standard
`Error` type to report the outcome of a translation attempt. This
simplifies the implementation and aligns it with the rest of the
codebase.
The mapping from the old `Result` to the new `Error` is as follows:
- `kForward` is replaced by `kErrorNone`
- `kDrop` is replaced by `kErrorDrop`
- `kNotTranslated` is replaced by `kErrorAbort`
The `kErrorAbort` return value signals to the caller that no
translation was performed, and it can proceed with normal processing
of the message.
Additionally, the translation methods are renamed for better clarity.
This commit introduces new types `otNetworkDiagData`,
`otNetworkDiagIp6AddrList`, and `otNetworkDiagChildTable` to
represent common data structures within Network Diagnostic TLVs.
These new types replace the previous anonymous structs within the
`otNetworkDiagTlv` union, improving code structure and readability.
The `mNetworkData`, `mIp6AddrList`, `mChildTable`, and
`mChannelPages` fields now use these named types.
This change adds an explicit check for `mState == kStateActive` at the
beginning of the translation functions.
This single check replaces individual validations for a valid IPv4
CIDR and NAT64 prefix. This simplifies the entry logic and fixes a
bug where the `Translator` could continue performing translations
even after it was explicitly disabled via `SetEnabled(false)`.
Additionally, this change fixes a bug in `TranslateToIp6()` where an
IPv4 message would be incorrectly marked as `kForward` when no IPv4
CIDR was configured (`mIp4Cidr.mLength == 0`). The correct behavior
is to drop the packet, so the result is now set to `kDrop`.
This change renames `GetIp6Prefix()` to `GetNat64Prefix()` to more
accurately reflect its purpose and to harmonize its name with the
existing `SetNat64Prefix()` and `ClearNat64Prefix()` methods.
The related getter methods in the header and implementation files are
also reordered for better organization.
This change introduces a new utility function `CountMatchingBits()` to
calculate the number of matching leading bits between two byte
arrays.
This new fn replaces the now-removed `Ip6::Prefix::MatchLength()`.
The previous implementation was specific to the `Ip6::Prefix`
class. The new generic function is placed in `common/bit_utils` and
is used to update `Ip6::Prefix`, `Ip6::Address`, `Ip4::Cidr`, and
`PrefixTlv`.
A new unit test `test_bit_utils` is added with comprehensive tests for
the new function. The existing tests for `CountBitsInMask` are also
moved into this new test file.
This change moves the `kBitsPerByte` constant and the `BitSizeOf()`
and `BytesForBitSize()` macros from `numeric_limits.hpp` to the
more specialized `bit_utils.hpp` header.
This consolidation places common bit-utility definitions into a more
appropriate, dedicated header, improving code organization and
logical grouping. Headers that relied on these definitions are
updated accordingly.
This commit introduces a mechanism within the `RoutingManager` to
track the IPv6 addresses used by the Border Router itself on the
infrastructure interface, particularly when sending Router
Advertisements. This provides visibility for debugging and
monitoring purposes.
A new data structure, `otBorderRoutingIfAddrEntry`, is added to
represent an address and the time elapsed since it was last used as
the source of an RA.
The tracked addresses can be retrieved using the new public API
`otBorderRoutingGetNextIfAddrEntry` or CLI command `br ifaddrs`.
When `OPENTHREAD_CONFIG_NAT64_PORT_TRANSLATION_ENABLE` is enabled,
multiple `Mapping` entries can exist for the same IPv6 and IPv4
addresses, differing only by their protocol ports.
To distinguish between these entries in logs and diagnostics, this
change updates `Mapping::ToString()` to include the source and
translated port numbers in the generated string output.
This commit introduces a new header file, `common/bit_utils.hpp`, to
consolidate bit manipulation utility functions.
These functions were previously located in `common/num_utils.hpp`.
Moving them to a dedicated file improves code organization and
clarity by separating them from general numerical utilities. All
files that used these functions have been updated to include the new
header.
This commit introduces a new Nexus test to validate the functionality
of the NAT64 translator.
The test is divided into two main parts:
- `TestNat64StateChanges`: Verifies the state management of the
translator. It checks that the translator transitions correctly
between `kStateDisabled`, `kStateNotRunning`, and `kStateActive`
when the feature is enabled/disabled or when the IPv4 CIDR and
NAT64 prefix are configured or cleared. This test also confirms
that state change notifications are properly signaled.
- `TestNat64Mapping`: Validates the address mapping and translation
logic. It ensures that address mappings are correctly created for
new IPv6-to-IPv4 traffic, reused for subsequent packets from the
same IPv6 source, and eventually expire and are removed after a
period of inactivity. It also verifies that the mapping table is
cleared when the configured IPv4 CIDR is changed.
This commit moves two global constants, `kBufferSize` and
`kNumBuffers`, into their respective class scopes to improve
encapsulation and avoid potential name conflicts.
The `kBufferSize` constant is moved into the `Buffer` class as
`Buffer::kSize`. As `kBufferSize` is a generic and commonly used
name, this change prevents potential symbol collisions.
Similarly, the `kNumBuffers` constant is moved into the `MessagePool`
class, as it is exclusively used within that class.
All usages of these constants have been updated throughout the
codebase to reflect their new names.
This commit introduces a new common helper class `ExpirationChecker`.
This class is designed to be used as a "matcher" for finding expired
entries in collections like `LinkedList` or `Array`. It encapsulates
a "now" time and provides an `IsExpired()` method to check if a given
time has passed.
This change consolidates duplicated private similar structs that
previously existed in `RoutingManager`, `Mdns`, and
`SrpAdvertisingProxy`, updating all users to the new common
implementation. This simplifies the code by removing redundancy.
This change updates the management of active NAT64 mappings to use an
`OwningList`.
To support this, the `Mapping` struct now inherits from
`InstanceLocatorInit` and includes a new `Free()` method. This method
encapsulates the logic for releasing the associated IPv4 address and
the `Mapping` entry back to their corresponding pools.
This new design simplifies the `Translator` class by removing the
redundant `ReleaseMapping()`, `ReleaseMappings()`, and
`ReleaseExpiredMappings()` methods. All mapping cleanup operations
are now handled by the `OwningList` class (which invokes
`Mapping::Free()` on entries as they are removed).
Adding two extensions:
1. Add an api function to configure a response fallback callback with
`otCoapSetResponseFallback`.
2. Enable fire and forget for NON requests, supporting requests which
do not expect a response.
The mix-in helper classes like `Clearable<T>`, `Equatable<T>`, and
`Unequatable<T>` are intended for CRTP style inheritance, where `T`
is the derived class itself. A mistaken inheritance, such as `class
Foo : public Clearable<Bar>`, can compile successfully but lead to
subtle bugs.
This change enforces the correct CRTP usage at compile time. By making
the constructors of these helper classes `private` and declaring the
derived template class `T` as a `friend`, any incorrect inheritance
will now result in a build failure. This approach correctly detects
such a mistake, even if `Foo` and `Bar` happen to be `friend`s of
each other.
Additionally, `Equatable<T>` is updated to provide both `operator==`
and `operator!=`, removing its dependency on `Unequatable<T>`. This
change allows us to apply the `private` constructor enforcement to
`Equatable<T>` as well.
This commit simplifies the implementation of `SendMessage()` by
changing its parameter from a `Message` reference to an `OwnedPtr`.
The `OwnedPtr` now manages the lifetime of the message, ensuring it is
always freed, whether the translation and send operation succeed or
fail. This change removes the need for a manual tracking flag and an
explicit `Free()` call in the error path, resulting in cleaner and
more robust code.
This change enhances the unit tests for the NAT64 `Translator` to
improve readability. The key improvements include:
- Replaced raw hex dumps of packets with new helper functions that
parse and log IPv4/IPv6 headers in a human-readable format.
- Simplified the counter tests and validation of the
`ProtocolCounters`.
- Reworked the main test case functions, `Verify6To4()` and
`Verify4To6()`, to leverage the new logging and verification
helpers for better output.
The `Cidr` class was incorrectly inheriting from `Clearable<Address>`
instead of `Clearable<Cidr>`. This oversight meant that calling
`Clear()` on a `Cidr` object would not clear its `mLength` member,
only the `mAddress` field. This change corrects the template
parameter for the `Clearable` base class to `Cidr`, ensuring the
entire object is properly zeroed out.
This bug could cause issues in the NAT64 translator. When a user calls
`otNat64ClearIp4Cidr()` to disable translation, the underlying
`mIp4Cidr.Clear()` method would fail to clear the CIDR length. The
`Nat64::Translator` would check `mIp4Cidr.mLength > 0` in its
`UpdateState()` method to determine if a valid CIDR is configured.
Because `mLength` was not cleared, this check would pass incorrectly,
causing NAT64 translation to continue with an invalid,
partially-cleared CIDR instead of stopping as expected.
This change updates multiple modules to consistently use
`Get<Mle::Mle>()` for accessing the MLE component, removing the need
for local `Mle::Mle &mle` references.
This approach aligns with the common `Get<Module>()` access pattern
used across the codebase, improving consistency.
Previously, a NAT64 mapping's lifetime was only extended upon its
initial allocation. This meant that if an existing mapping was found
and reused, its expiration timer would not be refreshed, potentially
leading to its premature removal.
This change moves the `mapping->Touch()` call from `AllocateMapping()` to
`TranslateFromIp6()`. This ensures that a mapping's lifetime is
extended every time it is used for translation, whether it is newly
allocated or an existing one being reused.
This change introduces `ShouldRegisterMulticastAddrsWithParent()` to
consolidate the logic for determining when a child should register
its multicast addresses with its parent, thereby avoiding repeated
code.
The criteria for registration remain the same: a child registers its
multicast addresses if it is a Sleepy End Device (SED), or if it is a
Minimal End Device (MED) and its parent is running Thread 1.2 or a
later version.
The logic for sharing an IPv4 address, intended for scenarios with a
small address pool (CIDR prefix > /28), was incorrectly being applied
even when port translation was disabled.
When `OPENTHREAD_CONFIG_NAT64_PORT_TRANSLATION_ENABLE` is disabled,
each mapping requires a unique IPv4 address. The previous
implementation would incorrectly reuse the same address from the
pool.
This commit makes the address sharing logic conditional on the
`OPENTHREAD_CONFIG_NAT64_PORT_TRANSLATION_ENABLE` configuration. When
disabled, the translator now correctly allocates a unique IPv4
address for each mapping and returns it to the pool upon release.
This commit improves the NAT64 address mapping iterator to ensure the
remaining lifetime for all mapping entries is reported consistently.
The iterator now internally stores a timestamp upon initialization.
This timestamp is then used as a common reference to calculate the
remaining lifetime for each `otNat64AddressMapping` entry, ensuring
consistent values throughout a single iteration.
The public C APIs remain unchanged, while the underlying implementation
and the `otNat64AddressMappingIterator` struct are updated.
This change introduces `RouterUpgradeReasonToString()` to provide
human-readable strings for router upgrade reasons, which is used to
enhance logging in `BecomeRouter()` and `ProcessAddressSolicit()`.
These additions provide clearer insight into why a device is
attempting to become a router, aiding in debugging and network
analysis.
This commit places the `mSrcPortOrId` and `mTranslatedPortOrId`
members of the `Translator::Mapping` struct under the
`OPENTHREAD_CONFIG_NAT64_PORT_TRANSLATION_ENABLE` build-time flag.
This optimization reduces the memory footprint of each `Mapping` entry
and the `mMappingPool` when the NAT64 port translation feature is
disabled.
This change streamlines NAT64 mapping management by removing the
`FindMapping()` and `FindOrAllocateMapping()` helper methods.
Following recent simplifications, such as adding new `Matches()`
flavors, the logic within these `Find` methods became much
simpler. Their functionality is now incorporated directly into
`TranslateToIp6()` and `TranslateFromIp6()`, respectively.
Additionally, the `Mapping::Touch()` method is simplified to no longer
require the current time as an argument. It now retrieves the time
internally.
This commit introduces several cleanups and smaller improvements to
the IPv4 types.
- Optimizes `Cidr::ToString(StringWriter&)` by writing the address
directly to the provided writer, avoiding the allocation of a
temporary `String` object.
- Moves the IPv4 header field offset constants from the public
`ip4_types.hpp` header into the unit test file, as this was their
only place of use. This cleans up the `Ip4::Header` public API.
- Replaces hardcoded values for address and string sizes with the
corresponding `OT_IP4_*` definitions for consistency.
- Corrects the format specifier in `Address::ToString()` from `%d` to
`%u` to properly print unsigned octet values.
This change introduces a new history list to record the DHCPv6 Prefix
Delegation (PD) state and the delegated prefix.
The recorded history can be iterated using the new API
`otHistoryTrackerIterateDhcp6PdHistory()` and viewed from the CLI
using the new `history dhcp6pd` command.
This commit adds a test case to `TestMultiPacket` to validate the
correct eviction of pending truncated queries.
The test scenario sends the same truncated query multiple times,
followed by a query containing a matching known answer. It then
verifies that no response is sent, confirming that the initial
pending queries were successfully evicted from the message queue.
This validates the fix from #11854.
This change updates the `Mapping::Matches` methods to accept
`Ip4::Headers` and `Ip6::Headers` objects instead of separate IP
address and port arguments.
This simplifies the callers `FindOrAllocateMapping` and `FindMapping`
by encapsulating the conditional logic for port translation within
the `Mapping::Matches` methods. This allows for a single, unified
`FindMatching` method on the active mappings list.
This commit changes the `RxMsgEntry` allocation check from `OT_ASSERT`
to `VerifyOrExit`. This ensures that a heap allocation failure for a
multi-packet RX message results in the message being gracefully
dropped, allowing network operation to continue instead of
asserting.
Additionally, `AddNew()` now removes any existing multi-packet message
entries from the same sender before attempting to allocate a new
`RxMsgEntry`. This helps to reclaim resources and prevent stale
entries.
This change also fixes a use-after-release bug by ensuring
that the `aRxMessagePtr` (an `OwnedPtr`) is not accessed after its
ownership is transferred by the `newEntry->Add(aRxMessagePtr)`
call.
This commit simplifies and enhances the NAT64 translator's counter
implementation.
- The `mProtocolCounters` and `mErrorCounters` are explicitly cleared
in the `Translator` constructor, ensuring they are properly
zero-initialized.
- The `ErrorCounters` C++ wrapper class is removed, and the counters
are now updated directly based on `DropReason`.
- The `ProtocolCounters::Count*Packet()` methods are updated to accept
`Ip6::Headers` and `Ip4::Headers` inputs directly, which simplifies
the call sites.
- Private helper methods, `Update6To4()` and `Update4To6()`, are
introduced in `ProtocolCounters` to reduce code duplication when
incrementing packet and byte counts.
This commit introduces two new `static` helper methods,
`GetSourcePortOrIcmp6Id()` and `GetDestinationPortOrIcmp4Id()`, to
the `Translator` class. This eliminates repeated similar code and
improves overall readability.
This commit enhances the `HistoryTracker` to record information about
routers discovered on the Adjacent Infrastructure Link (AIL).
This feature is applicable when the device operates as a Border
Router, providing a mechanism to monitor the history of changes to
the discovered AIL routers for debugging and network analysis.
The history tracker records events when an AIL router is added,
removed, or when its tracked information changes. The recorded
information includes:
- The IPv6 address of the router
- Default router status and its preference
- RA flags: 'M' (Managed Addr), 'O' (Other), 'S' (SNAC Router)
- Operational information:
- Whether the router is a local entity (on same device)
- Reachability status
- Whether it is a peer Border Router on the same Thread mesh
- The favored advertised on-link prefix by this router (if any)
A new public API, `otHistoryTrackerIterateAilRoutersHistory()`, is
added to iterate over the recorded AIL router history. A
corresponding CLI command, `history ailrouters`, is also included to
display this information.
This commit updates the `Translator` class to improve code style,
readability, and consistency with the OpenThread coding conventions.
This is a pure refactoring commit with no intended logic changes. Key
changes include:
- Renamed types and variables for brevity (e.g., `AddressMapping` to
`Mapping`).
- Renamed members within the `Mapping` struct for clarity(e.g., `mIp4`
to `mIp4Address`).
- Standardized local variable names (e.g., `err` to `error`).
- Added `const` to methods that do not modify the class state.
- Improved and reformatted Doxygen and inline comments.
This commit improves the organization of `mle.cpp` by grouping all
`Attacher` method definitions together.
When the `Attacher` class was introduced in #11835, its method
definitions were intentionally kept in their previous order to
minimize the `git diff` for easier review. This resulted in the
`Attacher` methods being interleaved with other `Mle` methods.
This commit acts as a follow-up to rearrange the file and group all
`Attacher` methods into a dedicated section for better readability
and organization.
No logic changes are included in this commit.
This change introduces a `--log-level` option to the `build.sh`
script, allowing the `OPENTHREAD_CONFIG_LOG_LEVEL` to be specified at
build time.
The supported log levels are `NONE`, `CRIT`, `WARN`, `NOTE`, `INFO`,
and `DEBG`. The default level is set to `INFO`.
The CI workflow is updated to test builds with all the supported log
levels.
This commit enhances the `FindContext()` methods and converts the
`Lowpan::Context` struct into a class.
The `FindContext()` methods are updated as follows:
- Renamed to `FindContextForAddress()` and `FindContextForId()` to
more accurately reflect their function.
- The return type is changed from `Error` to `void`. Success is now
indicated by checking the `IsValid()` state of the output `Context`
object (matching how `Lowpan` class uses the `Context`). This
change simplifies the callers and harmonizes the context check
across different modules.
The `Lowpan::Context` struct is converted into a class, encapsulating
its members by making them private and introducing public getters.
This commit makes several updates to enable and fix NAT64 unit test
- Enables the NAT64 translator in `toranj` test configs, ensuring
that the `test_nat64` unit test is now covered by the GitHub
Actions CI (under the `toranj` workflow).
- Enable `OPENTHREAD_CONFIG_NAT64_PORT_TRANSLATION_ENABLE` for the POSIX
`toranj` build while disabling it for the simulation build, ensuring
both configurations are built and covered by CI.
- Fixes the `test_nat64` unit test by removing an incorrect
"mapping pool exhausted" step. This step is now invalid as the pool
size is configured to a much larger value (254) via
`OPENTHREAD_CONFIG_NAT64_MAX_MAPPINGS`.
This commit resolves compiler warnings/errors related to potential
integer overflows and unsafe narrowing conversions.
- The type of `mTxRequestAheadTimeUs` is changed from `uint16_t` to
`uint32_t` to avoid potential overflow when calculating the TX
time.
- A `ClampToUint16()` utility is now used before setting the
rendezvous time. This safely converts the calculated
`rendezvousTimeUs` to a 16-bit integer, preventing a narrowing
conversion warning.
This commit introduces `Publish()` and `Unpublish()` private helper
methods in `Nat64PrefixManager` to encapsulate and centralize the
logic for managing the published NAT64 prefix in the Network Data.
- `Publish(aPrefix, aPreference)` adds the given prefix to the Network
Data. It handles removing any previously published prefix if the
new prefix or preference differs.
- `Unpublish()` removes the currently published NAT64 prefix from the
Network Data, if one exists.
These new helpers simplify the logic within the `Evaluate()` and
`Stop()` methods, reduce code duplication, and improve overall
clarity.
This commit fixes a build failure that occurs when the log level is
set to `NOTE`.
A previous change (#11507) updated some `MeshForwarder` logging
methods from the `NOTE` to `INFO` level (e.g., `LogFrame()`).
However, these methods remained grouped with `NOTE`-level methods
under a single `OT_SHOULD_LOG_AT(OT_LOG_LEVEL_NOTE)` preprocessor
guard.
This mismatch caused a build failure when `OT_LOG_LEVEL_NOTE` was
enabled (unused parameter warnings).
To resolve this, this commit separates the logging methods into their
respective `OT_SHOULD_LOG_AT()` guards based on their actual log
level (`INFO` or `NOTE`).
This commit renames `GetPreferredNat64Prefix()` to
`FindPreferredNat64Prefix()`.
The new name better aligns with the method's behavior, as it searches
for a preferred NAT64 prefix in the Network Data and can return
`kErrorNotFound`. This change also harmonizes the method name with
other similar `Find...()` methods in the `NetworkData` class.
This commit introduces a new `Mle::Attacher` class to encapsulate all
logic and state related to the device attach process.
This change moves the attach state machine, parent candidate
management, attach timer, and message handling for Parent Request,
Parent Response, Child ID Request, and Child ID Response from `Mle`
into the new nested `Attacher` class.
This refactoring improves code organization and modularity by
separating the attach logic from the main `Mle` class.
This commit adds checks to prevent potential integer overflow issues
within the `Message` class.
Previously, calculations involving message offset and length, such as
`offset + length`, assumed the caller would provide values within a
safe range. However, in some edge cases where larger values are
given, this addition could wrap around. This could lead to incorrect
behavior, potential memory corruption, or assertion failures.
To address this, this change introduces a new generic utility
function, `CanAddSafely()`, to detect unsigned integer addition
overflows. This check is now applied in the following `Message`
methods to validate lengths and offsets before performing
arithmetic:
- `AppendBytes()`: Returns an error if `offset + length` overflows.
- `AppendBytesFromMessage()`: Returns an error on overflow.
- `GetFirstChunk()`: Safely clamps the read length to the available
message length.
- `WriteBytes()`: Asserts if `offset + length` overflows.
Unit tests for the new `CanAddSafely()` utility are included, covering
`uint8_t` and `uint16_t` cases.
This commit adds checks to prevent potential integer overflow issues
within the `Message` class.
Previously, calculations involving message offset and length, such as
`offset + length`, assumed the caller would provide values within a
safe range. However, in some edge cases where larger values are
given, this addition could wrap around. This could lead to incorrect
behavior, potential memory corruption, or assertion failures.
To address this, this change introduces a new generic utility
function, `CanAddSafely()`, to detect unsigned integer addition
overflows. This check is now applied in the following `Message`
methods to validate lengths and offsets before performing
arithmetic:
- `AppendBytes()`: Returns an error if `offset + length` overflows.
- `AppendBytesFromMessage()`: Returns an error on overflow.
- `GetFirstChunk()`: Safely clamps the read length to the available
message length.
- `WriteBytes()`: Asserts if `offset + length` overflows.
Unit tests for the new `CanAddSafely()` utility are included, covering
`uint8_t` and `uint16_t` cases.
Introduces macros to suppress a known false-positive GCC warning
"-Wstringop-overflow=0" which can be triggered when manipulating
network data.
The `AddHasRoute()`, `AddBorderRouter()`, and `AddServer()` methods
shift and update the network data bytes, which may involve inserting
or updating a sub-TLV within an existing TLV. This can trigger a
"writing x byte into a region of size 0" error on some GCC
toolchains.
This change adds the `OT_SUPPRESS_GCC_STRING_OP_BEGIN` and
`OT_SUPPRESS_GCC_STRING_OP_END` macros to silence this specific
warning within these code blocks.
This change updates the `NetworkDataTlv` class to use common bit
manipulation helper functions (`ReadBits`, `WriteBits`, `SetBit`,
`GetBit`, `ClearBit`).
This change replaces the manual bit masking and shifting for accessing
the `Type` value and the `Stable` flag with calls to the new helpers.
The member variable `mType` is also renamed to `mTypeAndStableFlag` to
more accurately reflect its contents.
This commit ensures that the Network Diagnostic server correctly
handles duplicate TLV types within a "Diagnostic Get" request.
Previously, if the `TypeList` TLV in a request contained duplicate
type entries, the server would process each one, leading to redundant
diagnostic TLVs being appended to the response message.
This is now fixed by using a `BitSet` to track the TLV types that have
already been processed from the request. If a duplicate type is
encountered, it is skipped, ensuring that each requested diagnostic
TLV is added to the response only once. This logic is applied to both
the standard and TCAT-specific request handling paths.
This commit introduces a new `AddrSolicitInfo` struct to encapsulate
all parameters related to an Address Solicit request and its
processing outcome.
The processing of a TMF Address Solicit is broken down into two new
methods:
- `AddrSolicitInfo::ParseFrom()`: Handles parsing the incoming CoAP
message.
- `ProcessAddressSolicit()`: Contains the logic for deciding whether
to grant a router ID based on the parsed request.
This change separates parsing from processing logic, improving code
structure and readability without any functional changes.
This commit introduces the `Mle::Aloc16` helper class to encapsulate
constants and helper methods related to Anycast Locators (ALOC16).
The new class provides static helpers for:
- Checking if a given ALOC16 has a specific purpose (e.g., Service,
DHCPv6 Agent, Commissioner, Primary BBR).
- Converting between an ALOC16 and its related service, context, or
session ID.
All existing code is updated to use the new helper methods. This
improves code readability and centralizes ALOC16 management.
This commit extracts the logic for selecting a leader ID and a
partition ID out of the `BecomeLeader()` method into two new private
helper methods: `SelectLeaderId()` and `SelectPartitionId()`.
This is a pure refactoring that does not alter behavior. It improves
the readability and maintainability of the `BecomeLeader()` method by
simplifying its implementation.
This change introduces a new `MessageFramer` class to encapsulate the
logic for preparing MAC data frames.
This change improves code modularity and separation of concerns by
isolating the frame preparation logic (MAC headers, mesh headers,
6LoWPAN compression, and fragmentation) from the message forwarding
responsibilities of `MeshForwarder`.
Classes such as `MeshForwarder`, `IndirectSender`, and
`DataPollSender` are updated to use the new `MessageFramer` class.
This commit enhances MPL option processing and validation.
Previously, the MPL option was processed immediately upon being found,
and multiple MPL options in the same message were accepted. This
could allow a malformed IPv6 message to be buffered for MPL
re-transmission multiple times with different seed IDs.
This change ensures the code first iterates through and validates all
included options within a Hop-by-Hop extension header, enforcing that
at most one MPL option is present before processing.
This is implemented by splitting `Mpl::ProcessOption()` into
`ReadAndValidateOption()` and a new version of `ProcessOption()` that
acts on a pre-validated `MplOption`.
This commit adds support to `HistoryTracker` to record the history of
favored on-link prefixes on the AIL.
It introduces the `otHistoryTrackerFavoredOnLinkPrefix` structure and
a new API, `otHistoryTrackerIterateFavoredOnLinkPrefixHistory()`, to
access the recorded data. The new CLI command `history onlinkprefix`
is added to display the tracked history, showing the prefix, its age,
and whether it is local to the Border Router.
This change moves the service ALOC management logic from the `Mle`
module to `NetworkData::Service::Manager`.
This change simplifies the code by consolidating responsibilities.
Since the `NetworkData::Service` module manages service entries in
the Network Data, it is the logical owner for managing the associated
service ALOCs.
This commit reorders method implementations in the source file
`network_data_service.cpp` to group them within their respective
`Iterator` and `Manager` class sections.
In PR #11680, the `Iterator` class was enhanced to be a separate class
from `Manager`. The method definitions in the `.cpp` file were kept
in their original order at that time to simplify the review by
keeping the `git diff` smaller.
Separator comments are also added to both the `.cpp` and `.hpp` files
to improve code structure and readability.
No functional changes are introduced.
This commit replaces hardcoded magic numbers for RLOC addresses with
their corresponding named constants from the `Mle` namespace.
- The DHCP Agent RLOC is now set using `Mle::kAloc16DhcpAgentStart`.
- The invalid RLOC address `0xfffe` is replaced by `Mle::kInvalidRloc16`.
This change improves code readability and maintainability. Redundant
comments were also removed.
This change updates the `NetworkData` iteration methods to reduce
redundant code and simplify their use.
Previously, separate methods were defined to iterate over different
types of network data entries (e.g., `GetNextOnMeshPrefix()`,
`GetNextExternalRoute()`). This change unifies these into a single
template method, `NetworkData::GetNext<EntryType>()`. A similar
change is applied to unify the corresponding `Contains...()`
methods into a single template.
This commit replaces the boolean `aIsLast` parameter in the
`AnswerTlv::Init()` method with an `enum IsLastFlag`.
This change improves the readability and type-safety of the code when
specifying whether an answer is the last one in a network diagnostic
query.
This change ensures that a parent device in the process of detaching
from the network ignores incoming "Parent Request" and "Child Update
Request" messages.
A new `Detacher::IsDetaching()` method is added to check for this
state. This prevents potential inefficiencies that could arise if
these requests were responded during the detachment procedure.
Since llvm-19, if we use package manager to install it, the minor
versions could be different. This commit standardizes the version on
linux to 19.1.7. This version is the same as the one installed by
homebrew.
fix parsing of
* dns_resolve4 returns a synthesized ipv6 address, but parsing expected an ipv4 address
fix csl methods
* add support for getting csl uncertainty/accuracy
* add support for setting the csl channel
* remove the non existing get_csl_period
renames variables/arguments that had a python builtin name
This commit introduces a verbose logging feature in the mDNS module to
aid in development and debugging by providing detailed logs of mDNS
traffic.
The feature is enabled at build-time via the config option
`OPENTHREAD_CONFIG_MULTICAST_DNS_VERBOSE_LOGGING_ENABLE`
(mapping to the `OT_MDNS_VERBOSE` CMake option). When enabled,
logging can be controlled at run-time using the new
`otMdnsSetVerboseLoggingEnabled()` API and the corresponding
`mdns verboselogging` CLI command.
The initial state on startup can be configured using
`OPENTHREAD_CONFIG_MULTICAST_DNS_DEFAULT_VERBOSE_LOGGING_STATE`
(mapping to the `OT_MDNS_VERBOSE_STATE` CMake option).
When active, this feature logs the content of every sent and received
mDNS message, including the header, questions, and all resource
records. The logs are emitted at the `OT_LOG_LEVEL_NONE` level to
ensure they are always captured, regardless of the active log level
configuration.
Adds a new `README_MDNS.md` file to provide a comprehensive guide for
the `mdns` CLI command.
The guide includes:
- A quick start section with examples.
- A full list of all available sub-commands.
- Detailed explanation and usage examples for each sub-command.
This commit updates the challenge/response mechanism used when a
detached device sends a "Child Update Request" to restore its role as
a child.
Previously, this process shared the `mParentRequestChallenge` with the
parent search mechanism. This logic is now consolidated within the
`PrevRoleRestorer` class, which now manages the generation and
tracking of the `TxChallenge` used in "Child Update Request".
This change simplifies the `Mle` class design and makes the child role
restoration logic separate from the parent search and attach process.
This separation allows for future enhancements where a device may run
both mechanisms in parallel.
This commit adds support for tracking the history of the favored OMR
prefix on a border router. A new public API and the corresponding
`history omrprefix` CLI command are added to retrieve the recorded
history.
A new `otHistoryTrackerFavoredOmrPrefix` type is introduced to
represent an entry in the history. Each entry includes the OMR
prefix, its preference, and a boolean flag `mIsLocal` indicating
whether the prefix is the same as the one maintained locally by the
border router. The local OMR prefix can be based on either a randomly
generated ULA or a prefix delegated via DHCPv6-PD.
This commit updates `AesCcm::Payload()` to support a `nullptr` for the
output buffer. When decrypting, the `aPlainText` can be null, and
when encrypting, `aCipherText` can be null.
This change is useful when the caller only needs the authentication
tag and does not require the actual decrypted or encrypted payload,
thus avoiding the need to provide a temporary output buffer.
This is leveraged to simplify the MAC frame processing under fuzzing
build (`OPENTHREAD_FUZZ_FUZZER_BUILD`), removing a large
stack-allocated buffer (`kFuzzMaxFrameSize`).
This change enhances the favored on-link prefix selection logic within
the `RoutingManager::OnLinkPrefixManager`.
It introduces two new prefix state variables:
- `mAilPrefix`: Tracks the on-link prefix discovered from Router
Advertisements received on the Adjacent Infrastructure Link
(AIL). This renames the previous `mFavoredDiscoveredPrefix`.
- `mFavoredPrefix`: Tracks the final selected favored prefix, which
can be either the local prefix or the `mAilPrefix`.
The setters `SetAilPrefix()` and `SetFavoredPrefix()` are added to
manage these state changes and provide additional logging.
The temporary buffer used in `RxFrame::ProcessReceiveAesCcm` under
fuzzing build is increased to 1280 bytes. This change allows for
fuzzing of larger TREL frames. A new constant `kFuzzMaxFrameSize` is
introduced for this purpose.
When using OPENTHREAD_CONFIG_TREL_MANAGE_DNSSD_ENABLE the TREL peer
discovery platform code is not needed anymore.
Added otPlatTrelNotifyPeerSocketAddressDifference under the same
logic as the rest of the TREL platform API that is not used
when OPENTHREAD_CONFIG_TREL_MANAGE_DNSSD_ENABLE is true.
Signed-off-by: Marius Preda <marius.preda@nxp.com>
The treatment of the Command ID field in a MAC command frame is
dependent on the IEEE 802.15.4 version. In the 2015 specification,
it is part of the encrypted payload, while in earlier versions, it
is part of the unencrypted MAC header. The `FindPayloadIndex()`
method correctly accounts for both cases.
This commit enhances the frame parsing and validation logic to account
for this difference.
- `ValidatePsdu()` is updated to ensure the frame is long enough to
contain the Command ID when validating a 2015-version frame.
- `GetCommandId()` is updated to validate the presence of the Command
ID field before access, fixing a potential out-of-bounds read.
- A new `IsMacCommand()` helper method is introduced to improve code
clarity and replace direct frame type checks.
The Status TLV is used in several TMF messages (Address Solicit, DUA
Registration, MLR), and the meaning of its value is
context-dependent.
This commit refactors the TLV definitions by moving the status enums
from the generic `ThreadStatusTlv` class into the modules where they
are used.
The main changes are:
- The Address Solicit status is split into two more specific enums:
- `RouterUpgradeReason` for Address Solicit requests.
- `AddrSolicitResponse` for Address Solicit responses.
- `MlrStatus` and `DuaStatus` enums are moved to `mlr` and `dua`
modules respectively.
- `ThreadStatusTlv` is simplified to a `typedef`.
This change improves code clarity, modularity, and type safety by
ensuring that status codes are defined and used within their proper
context.
We just updated the version from 14 to 16. But very unfortunately
clang-format-16 was just deprecated recently. So this time we update
the version to the latest available one. There are newer releases than
19 (like 20) but as I tested, sudo apt-get install -y clang-format-19
can work while 20 doesn't work.
misc-include-cleaner in clang-tidy-19 exerts a very strict check which
requires to directly include all headers for every symbols in the
source file. However in our current code we intentionally use some
indirect include. So this commit disables misc-include-cleaner.
This change fixes a potential use-after-free issue in the
`PeerDiscoverer::HandleTxtResult()` method.
When processing a TXT record, the corresponding `Peer` object could be
removed if it was identified as the device itself. However, a
subsequent call to `UpdatePeerState()` would still use the dangling
reference to the removed `Peer` object.
The fix merges the logic from the now-removed `ProcessPeerTxtData()`
method directly into `HandleTxtResult()`. After a `Peer` is removed,
the local `peer` pointer is set to `nullptr`, and the call to
`UpdatePeerState()` is guarded by a null check to prevent using
the invalid pointer.
This commit renames `IsExpectedToBecomeRouterSoon()` to
`WillBecomeRouterSoon()` to better reflect its behavior.
The implementation is simplified by using the `VerifyOrExit` pattern
instead of a single complex boolean expression, which improves code
readability.
This change introduces new APIs to allow configuration of the response
timeout for mesh diagnostic queries. A corresponding CLI command
`meshdiag responsetimeout` is also added to get or set the timeout
value.
When set, the new response timeout is used for subsequent queries and
does not affect any that are ongoing. The timeout value is clamped
between 50 milliseconds and 10 minutes to ensure it stays within a
reasonable range.
This commit refactors `Utils::HistoryTracker` by moving it into its
own dedicated `ot::HistoryTracker` namespace for better code
organization.
The main implementation class is renamed from `HistoryTracker` to
`Local`, making the new class `ot::HistoryTracker::Local`. This
allows additional components (like server and client) to be defined
within the `HistoryTracker` namespace.
Nested types, such as `Iterator`, are now direct members of the new
`HistoryTracker` namespace.
Commit adds check if commissioning is possible and if the tcat device is already commissioned.
Adds advertisement update on disconnected and role change.
Fixes key handling for key references.
Fixes the authorization processing.
Implements recent changes of the application TLVs.
This commit moves the child ID allocation logic from `Mle` to
`ChildTable`.
A new `AllocateNewChildRloc16()` method is added to `ChildTable` to
contain the allocation logic, and the `mNextChildId` counter is moved
to `ChildTable`. `Mle` is updated to use this new method.
This refactoring improves code encapsulation by making the
`ChildTable` responsible for managing all aspects of the children it
contains, including ID allocation.
The `kIndexMask` within `AnswerTlv` was incorrectly defined as `0x7f`,
which only covers the lower 7 bits of the `mFlagsIndex` field. This
would improperly truncate the message index value.
This change corrects the mask to `0x7fff`, which properly utilizes the
lower 15 bits for the index, while the most significant bit remains
reserved for the `kIsLastFlag`.
This commit introduces `Mle::PrevRoleRestorer` to consolidate the
logic for restoring a device's previous role (child or router/leader)
after an MLE restart.
This new class replaces and encapsulates the functionality from the
now-removed `RouterRoleRestorer` class and `RestorePrevRole()` method.
`PrevRoleRestorer` manages its own timer and retransmission logic. It
handles sending Child Update Requests to restore a child role, or
multicast Link Requests to restore a router/leader role. It also adds
a small random delay before the first transmission attempt to avoid
synchronized transmissions when multiple devices restart at once.
This change simplifies the `Mle` class by centralizing all role
restoration logic into a single component, making future enhancements
to this process easier.
This commit introduces a new feature in `HistoryTracker` to track
Network Data DNS/SRP unicast/anycast address entries. This new
functionality records when different Border Routers add or remove
these entries in the Network Data. This change also introduces new
public APIs and CLI command `history dnssrpaddr` to expose this
information.
This commit simplifies the `Settings` API by modifying all "Save"
and "Delete" methods to return `void` instead of `Error`.
Settings operations are required for a Thread device to function, so a
failure to save or delete from non-volatile storage should be treated
as a critical error. Previously, the code effectively ignored these
errors using `IgnoreError()`. This change instead treats any such
failure as a critical error, triggering an assert within the
`Settings` module.
The key changes include:
- `Settings::Save<T>()`, `Delete<T>()`, `DeleteAllChildInfo()`, and
similar methods now return `void`.
- Internal `Settings` methods use `SuccessOrAssert()` to assert on
errors.
- The responsibility for asserting on `kErrorNotImplemented` is moved
to the `SettingsDriver` layer.
This update simplifies the caller logic by removing the need for
`IgnoreError()` at many call sites. Consequently, several methods
that primarily wrapped `Settings` calls, such as `Mle::Store()` and
`BorderAgent::SetId()`, have also been updated to return `void`.
This commit increases the default DNS response timeout config,
`OPENTHREAD_CONFIG_DNS_CLIENT_DEFAULT_RESPONSE_TIMEOUT`, to 7000
milliseconds.
The default value of 7000 is selected to be longer than the
six-second wait time for queries resolved by the Discovery Proxy
(per RFC 8766, Section 5.6, first bullet).
This commit updates the handling of discovery request transmission
completion by using a `TxCallback`.
Previously, `MeshForwarder` contained special-case logic to identify a
discovery request message and would then explicitly call into
`DiscoverScanner::HandleDiscoveryRequestFrameTxDone()`.
This is changed so that `DiscoverScanner` now registers a `TxCallback`
directly on the discovery request message itself.
This commit moves the `Detacher::Detach()` method implementation to
group it with other `Detacher` method definitions.
When the `Detacher` class was added in PR #11723, its methods were
intentionally kept in their original locations to keep the `git diff`
smaller and easier to review.
This is a pure code-move refactoring to improve code organization and
has no functional changes.
This commit introduces `GenerateRandomDelay()`, to simplify the
logic for generating a random delay up to a given max delay.
This is then used through `Mle` class.
This commit implements `ot::Posix::Dhcp6PdSocket`, which provides the
`otPlatInfraIfDhcp6PdClient*` socket-like APIs for use by the core
`Dhcp6PdClient` module.
The `Posix::Dhcp6PdSocket` is a sub-component of `Posix::InfraNetif`.
This commit modifies TREL to disregard mDNS (DNS-SD) service removal
events when updating the peer table. Since mDNS peer removal signals
can be unreliable, this change prevents such signals from causing a
peer's removal. Instead, a peer entry is retained as long as TREL
packets and acks are successfully exchanged, moving towards the goal
of eliminating TREL's dependency on mDNS for peer discovery and
tracking.
This commit also introduces a new mechanism to track the last
interaction time with each peer. This information is used to evict
the least recently used entry when the peer table gets full and to
remove inactive peers after a long expiration period (7.5 min)
passes.
The `test_trel` Nexus test is updated to validate these new
behaviors.
This commit updates `RestorePrevRole()` to directly start the
`RouterRoleRestorer` instead of calling `BecomeRouter()`.
Consequently, `BecomeRouter()` is simplified by removing the logic for
handling the `kRoleDetached` state. The method now focuses on the
child-to-router transition by sending an Address Solicit message, and
its initial role validation is made more explicit.
This change ensures the logic for restoring a previous router/leader
role is separate from the child-to-router transition logic.
This commit introduces a new `Mle::Detacher` class to encapsulate all
state and logic for the graceful detach process. By managing its own
internal state, timer, and completion callback, the `Detacher` class
centralizes the detach logic, improving code clarity and
maintainability.
This commit updates the mechanism for notifying the transmit
completion of a Child ID Request message.
Instead of `MeshForwarder` checking the message type and calling into
`Mle` upon transmit completion, `Mle::SendChildIdRequest()` now
registers a `TxCallback` directly on the message.
This change simplifies `MeshForwarder` by removing the need for it to
be aware of specific `Mle` message types.
This commit resolves a potential unsafe integer conversion warning by
explicitly casting the size of the status sub-TLV to `uint8_t` before
setting the length of the main TLV in
`SendLinkMetricsManagementResponse`.
Additionally, this change enables MLE_LINK_METRICS_SUBJECT_ENABLE`
feature in the `toranj` test configuration, allowing this feature to
be covered under its builds.
This commit adds a check in `RetxTracker::ScheduleTimer()` to ensure
the timer is not scheduled if MLE operations are disabled.
This change improves safety by handling an edge case during the
graceful detach process. In this scenario, a child sends a "Child
Update Request" with a zero timeout and, upon receiving a response,
immediately stops MLE. The added check prevents the retransmission
timer from being incorrectly scheduled after MLE has been stopped.
This commit refactors the IPv6 filter by renaming `Filter::Accept()`
to `Filter::Apply()` and changing its return type from `bool` to
`Error`.
The new method now returns `kErrorNone` for an accepted message and
`kErrorDrop` for a message that should be dropped. This change
improves clarity and aligns the filter's logic with the common
`SuccessOrExit` error handling pattern used throughout the codebase.
This commit changes the workflow trigger event from `pull_request` to
`pull_request_target` so to match the event type that triggers the
`check-size` workflow.
This commit enables the `-Wimplicit-int-conversion` compiler flag for
`ftd`, `mtd`, and `radio` to improve code quality by detecting
potential data loss from implicit type conversions. This is enabled
when clang toolchain is used.
All resulting warnings have been addressed by either:
- Changing variable, parameter, or return types to ensure consistency
and prevent overflows.
- Adding explicit `static_cast` where the type conversion is intended
and safe.
This commit simplifies the `HandleParentRequest()`.
- The logic for detecting duplicate Parent Requests is made more
readable by introducing the `kParentRequestDuplicateTimeout`
constant.
- To reduce unnecessary log noise, checks like `IsRouterEligible()`
or `!IsDetached()` no longer set and return an error. This
prevents logging failure messages for conditions that are not
actual errors.
- Verbose comments are removed in favor of self-documenting code.
This commit changes the `aDelay` parameter type in
`Mle::DelayedSender` methods from `uint16_t` to `uint32_t`.
This update supports specifying message transmission delays longer
than the previous 65-second limit and avoids potential implicit
integer downcasting.
The `test_publish_meshcop_service` is updated to explicitly disable
the border agent before factory resetting `br`. This makes the
test more reliable by ensuring the MeshCoP service is unpublished.
The `test_publish_meshcop_service` is updated to explicitly disable
the border agent before stopping the `otbr-service`. This makes the
test more reliable by ensuring the MeshCoP service is unpublished
before stopping `otbr-service`.
This commit removes the explicit call to disable the `BorderAgent`
during instance finalization. This change prevents issues where the
call may trigger platform interactions that can fail due to the
platform layer being deinitialized before the `Finalize` is called.
This commit enhances the instance shutdown sequence by explicitly
disabling the Border Agent in `Instance::Finalize()`.
Additionally, direct calls to the OpenThread C API, such as
`otThreadSetEnabled()`, are replaced with their corresponding C++
method calls, like `Get<Mle::Mle>().Stop()`.
This commit refactors the `Mle::BecomeLeader()` method to use a new
`LeaderWeightCheck` enum instead of a boolean parameter for checking
the leader weight.
The new enum, with values `kCheckLeaderWeight` and
`kIgnoreLeaderWeight`, makes the intent at the call sites more
explicit and improves code readability by avoiding the ambiguity of a
`true`/`false` flag. The functional behavior remains unchanged.
This commit moves the `Message::Ownership` enum definition to the
`Ip6` class. This enum is exclusively used by the `Ip6` class to
determine whether to clone a message or take direct custody. This
model is not intended for use by other components. `OwnerPtr<>` is
the recommended approach for conveying ownership transfers.
This commit simplifies the `Reattach()` method to improve readability.
The nested `if-else` statements are replaced with a `switch()` to
check `mReattachState`, and specific situations are handled with `if
(condition) { action; ExitNow(); }`.
This commit relaxes the `border_router` test scripts that check mDNS
query results. The test will no longer fail if an expected record
does not appear in the additional section.
This change aligns with RFC 6763 section 12, which specifies that
additional records are recommended but not required. Particularly, a
TXT record is not recommended for an SRV query (section 12.2), and a
TXT query has no recommended additional records (section 12.3).
The test will now validate the additional record if it is present but
will not fail if it is absent.
This commit changes the `SetEnabled()` API to return `kErrorNone` when
the component is already in the requested state (enabled or
disabled). Previously, the method would return `kErrorAlready` in
this scenario. Making this API idempotent simplifies caller logic, as
they no longer need to handle the `kErrorAlready` case.
The radio platform API otPlatDiagRadioTransmitDone() and
otPlatDiagRadioReceiveDone() are the same with the API
otPlatRadioTxDone() and otPlatRadioReceiveDone(). This commit removes
the API otPlatDiagRadioTransmitDone() and otPlatDiagRadioReceiveDone()
to let the MAC layer and the diag module to use the same radio API to
send and receive 154 frames. So that the diag module could process the
ACK frame in the future.
This commit refactors `Mle::Start()` by moving the logic for restoring
the previous role into a new method, `RestorePrevRole()`.
This change simplifies the startup process and improves robustness by
adding more validation checks within `RestorePrevRole()`. The new
method ensures that the previously saved state information is
consistent before it is applied. For example, it verifies that
`mLastSavedRole` matches the saved RLOC16 and that parent information
is valid if the saved role was Child. These checks protect against
loading invalid settings and allow the device to start more quickly
by ignoring inconsistent state.
This commit introduces "auto-enable mode" in mDNS module. When this
mode is enabled, the mDNS module uses the same infrastructure network
interface as the Border Routing manager. The mDNS module is then
automatically enabled or disabled based on the operational state of
that interface. It is recommended to use the auto-enable mode on
Border Routers. New APIs and CLI commands are added to manage this
mode.
This commit also makes the if-index argument optional in `mdns enable`
CLI command. If an index is not provided, the command defaults to
using the Border Router's infrastructure interface. This help
simplify controlling the mDNS state in test scripts.
This commit enhances the `NetworkData::Service::Iterator` class.
The `Iterator` is now a separate class from `Service::Manager`. It
provides `GetNextDnsSrpAnycastInfo()` & `GetNextDnsSrpUnicastInfo()`
methods, simplifying the code for iterating over these service
entries. The `Iterator` is also generalized to track a given
`NetworkData` instance, allowing it to iterate over service entries
on any `NetworkData` object, not just the Leader's.
This commit updates the `EnergyScanServer` to use an `OwnedPtr<>` for
its `mReportMessage` member.
This change ensures that the allocated report message is correctly
freed when the `otInstance` is destroyed, preventing a potential
memory leak.
This commit adds a new mechanism to emulate a node reset on
`Nexus::Node`. This is realized by resetting all platform components
while ensuring the non-volatile `mSettings` remains unchanged, then
reinitializing the `ot::Instance` by invoking its constructor.
This is used to add a new `test_full_network_reset` test, which
emulates a full simultaneous reset of all nodes in a large network,
tracking how long it takes for the network to stabilize after the
reset event.
This commit introduces `otBorderRoutingGetInfraIfInfo()` to get the
interface index and running state of the configured infrastructure
interface. A corresponding CLI command is also added to retrieve this
information.
This commit introduces `Mle::RetxTracker`, a new nested class that
encapsulates the state and logic for managing MLE message
retransmissions. It specifically handles retx of Child Update and
Data Request messages sent from a child to its parent, as well as the
periodic keep-alive Child Update tx from an rx-on-when-idle child.
This change centralizes all retransmission logic within
`RetxTracker`, replacing direct state manipulation and leading to a
cleaner, more modular design.
This change also includes the following improvements and fixes:
- The retransmission timeout (`kUnicastRetxDelay`) now includes a
small random jitter.
- Fixes the logic for tracking the number of transmission attempts,
ensuring the child detaches after `kMaxAttempts` (4) are reached.
The previous code would incorrectly try one additional time
(5 attempts).
- Tracks the transmission time of Data Requests and Child Updates
separately. This ensures that periodic keep-alive Child Updates are
sent at the correct time, even after a recent Data Request
transmission.
- The `RetxTracker` is designed to be extensible for managing
retransmissions of other message types in the future.
This commit updates the `Nexus::Node` to initialize platform-specific
components first. This is achieved by defining them in a `Platform`
struct, which is inherited before `ot::Instance`.
This change ensures all platform components are ready and can be
safely used from the `Instance` constructor and any of its
sub-components.
This commit updates the wait time in the `test_mdns` unit test to
handle a rare timing failure.
When a truncated message is sent, mDNS is expected to wait for a
random delay of at least 400ms. The test previously waited exactly
400ms before checking for emitted messages, leading to rare failures
if the random delay was precisely 400ms.
This change reduces the test's wait time to 399ms, ensuring it
correctly verifies that no message is emitted during the initial
delay period and making the test more robust.
Previously we were relying on the platform to call
`otPlatInfraIfDiscoverNat64PrefixDone` to trigger the evaluation of
NAT64 prefix. Since
https://github.com/openthread/openthread/pull/11481, we're no longer
doing proactive DNS-based prefix discoveries and it never calls the
callback `otPlatInfraIfDiscoverNat64PrefixDone`.
That means NAT64 evaluation can only happen when
`RoutingManager::EvaluateRoutingPolicy` is triggered, which can cause
a at most 3-minute delay (`kRaBeaconInterval`), between enabling NAT64
feature and the feature starts to work.
This commit triggers the evaluation of routing policy when
`Nat64PrefixManager::Discover()` fails to ensure the feature starts to
work on time.
The definition of sMicroTimer and sRealTimeSignal are wrapped by the
__linux__, OPENTHREAD_CONFIG_PLATFORM_USEC_TIMER_ENABLE and
!OPENTHREAD_POSIX_VIRTUAL_TIME. But the code using these two
variables is not completely wrapped by these three macros. It causes
the compile errors in some conditions.
This commit wraps all the code that uses these two variables with
these three macros.
This commit updates `Mle` to ensure that a device ignores a
received "Child Update Request" message if it is currently detached.
This prevents the device from sending a "Child Update Response" in
this state. This behavior is particularly important when a device is
trying to restore its previous role as a router or leader.
This commit introduces new `Mainloop` helper functions. These helpers
can be used to update or check the read, write, and error file
descriptor sets (`fd_set`) or the timeout value within a
`Mainloop::Context`.
This commit refines the logging of local host address events in the
`Mdns` module.
Address update events signaled from the platform layer are now logged
at the `Debug` level instead of `Info`. This avoids excessive logging
from platform implementations that use periodic polling for address
monitoring.
Instead, after the events are processed, an `Info` level log is now
generated only if the address list has changed. This new log
specifies which addresses were added or removed. Additionally, the
format for IPv4 addresses (tracked as IPv4-mapped IPv6 addresses) is
updated to use the standard dotted-decimal notation, making the logs
easier to read.
This commit adds a netlink-based address monitoring strategy,
`OT_POSIX_MDNS_ADDR_MONITOR_NETLINK`, to `Posix::MdnsSocket`. This is
provided as an alternative to the periodic poll-based approach
introduced in PR #11641.
With this model, `MdnsSocket` reports the initial list of IPv4/IPv6
addresses on the infrastructure network interface. It then uses a
`NETLINK_ROUTE` socket to listen for `RTM_NEWADDR` and `RTM_DELADDR`
events, signaling any subsequent address changes to the mDNS module.
This commit contains various enhancements to the `Otns` class:
- Makes `Otns` methods non-static. This aligns their use with the
clang-tidy `readability-static-accessed-through-instance` check,
which disallows accessing static methods through an instance.
- Updates the `make-pretty` script to enable OTNS and include it in
`clang-tidy` checks.
- Adds a stub implementation of `otPlatOtnsStatus()` in the simulation
and fake platforms. This allows the OTNS feature to be enabled in
`make-pretty` builds and covered by GitHub Action CI checks.
- Simplifies the `EmitStatus` methods to use the `String` class for
constructing the status string.
- Adds a new helper method to construct the CoAP status string,
removing duplicated code.
This commit introduces an initial implementation in `Posix::MdnsSocket`
to monitor and report all IPv4 and IPv6 addresses assigned to the
infrastructure network interface. This mechanism is used by OpenThread's
native mDNS module and was added in PRs #11353 and #11394.
A new configuration, `OPENTHREAD_POSIX_CONFIG_MDNS_ADDR_MONITOR`, is
added to select the monitoring strategy. This commit implements the
`OT_POSIX_MDNS_ADDR_MONITOR_PERIODIC` approach, where `getifaddrs()`
is used to enumerate addresses periodically. The polling interval
is configured by `OPENTHREAD_POSIX_CONFIG_MDNS_ADDR_MONITOR_PERIOD`.
Note that the OpenThread mDNS module itself tracks the list of
reported addresses and will only take action when there is a change
from what was previously announced. This allows the platform to
simply report the full list of current addresses at each interval.
This commit fixes formatting issues in the netdata CLI README files to
improve clarity and correctness of the documentation.
The changes include:
- Adding the '>' prompt character to CLI command examples where it was
missing.
- Specifying 'bash' as the language for code blocks to enable proper
syntax highlighting.
- Remove an extra colon
This commit rearranges the method and member variable declarations in
the `Posix::MdnsSocket` class to follow the recommended order, i.e.,
methods before member variables.
This commit enhances the `Srp::Client` "single service mode". This
mode is enabled when a prepared SRP update message exceeds the IPv6
MTU size. In this mode, the client registers its services one by one,
with each SRP update containing only a single service.
The implementation is simplified by changing the `mSingleServiceMode`
flag from a persistent member variable of the `Client` class to a
field within the `MsgInfo` struct, making its scope
message-specific.
State transitions are now correctly applied to host and service
entries when operating in single service mode. This, in turn, helps
ensure that SRP message transaction IDs are managed correctly: the
same ID is used for retries of an unchanged service, while a new ID
is used if the service information has changed.
Finally, a new test case, `TestSrpClientSingleServiceMode`, is added
to `test_srp_server` to cover this behavior and its associated retry
logic in detail.
This commit updates the `MessageQueue` and `PriorityQueue`
implementations to use non-circular doubly linked lists instead of
the previous circular ones. Using a non-circular list requires the
queue to track the head element, but it simplifies common operations
like getting the head and iterating over the messages.
Particularly, `Message::GetNext()` now simply returns the `mNext`
pointer. Previously, `Message` had to store a pointer to its `mQueue`
within its `Metadata` to identify the tail of the queue and stop the
iteration correctly.
This commit also updates the unit tests. In particular,
`test_priority_queue` is significantly enhanced to cover many
scenarios, such as multiple messages with the same priority, and
messages with different priorities being added and removed in various
orders.
This commit updates the SRP client message ID assignment model.
Message IDs are now selected randomly, ensuring they differ from the
last ID used. The same message ID is reused when a message is
retried.
This replaces the earlier design where all messages, including
retries, used sequential message IDs.
The unit test is also updated to validate the new behavior.
This commit introduces new public APIs to register a `TxCallback` on a
message to be notified of its transmission outcome.
The callback is invoked with an error code indicating the transmission
status of the IPv6 message to an immediate neighbor (a one-hop
transmission). It does not indicate that the message was received by
its final, multi-hop destination.
For a unicast IPv6 message, a success (`OT_ERROR_NONE`) indicates that
the message, including all its corresponding fragments if applicable,
was successfully delivered to the immediate neighbor and a MAC layer
acknowledgment was received for all fragments. This is reported
regardless of whether the message is sent using direct or indirect
transmission (e.g., to a sleepy child via CSL or a data poll).
For a multicast message, an `OT_ERROR_NONE` status indicates that the
message and all its fragments were successfully broadcast. Note that
no MAC-level acknowledgment is required for a broadcast frame
transmission.
This commit updates `SendMessage()` to initialize the `msgType`
variable before the `switch` statement.
This change addresses a compiler warning for a possibly uninitialized
variable, flagged by `-Werror=maybe-uninitialized`.
Note that the situation where `mState` would be an undefined value is
not technically possible in the current logic. However, the compiler
cannot guarantee this and therefore generates a warning. Initializing
the variable upfront resolves this issue.
This commit modifies `Message::SetPriority()` to prevent changing a
message's priority after it has been enqueued in a `PriorityQueue`.
Attempting to do so will now return `kErrorInvalidState`.
The functionality for altering the priority of an already-enqueued
message is not currently used or required. Should this behavior
become necessary in the future, the recommended approach is to
explicitly dequeue the message first, then change its priority, and
finally re-add it to the queue. This makes the intended behavior
clearer and more explicit within the code.
This commit also updates the `test_priority_queue` unit test to
reflect this change.
This commit simplifies the code by removing the `kReattachStart` state
from the `ReattachState` enumeration. This enum is used after MLE
`Start()` to track whether to attempt to attach using a persisted
Active or Pending Dataset.
Previously, `kReattachStart` was a transitory state set in `Start()`
and then changed in the `Attach()` method to either `kReattachActive`
or `kReattachStop`, based on whether the device had a saved Active
Dataset.
This change simplifies the code by determining the state directly in
`Mle::Start()`, which allows for the removal of the now unnecessary
`kReattachStart` case.
This commit introduces the `Dhcp6PdClient` class, which implements
DHCPv6 Prefix Delegation (PD) client functionality. It integrates
with `BorderRouter::RoutingManager` and its `PdPrefixManager`
sub-component. The CMake `OT_BORDER_ROUTING_DHCP6_PD_CLIENT` mapped
to `OPENTHREAD_CONFIG_BORDER_ROUTING_DHCP6_PD_CLIENT_ENABLE` config
enables this feature.
Previously, the platform layer was expected to implement client
functionality, acquiring and providing the delegated prefix(es) to
the OT stack using `otPlatBorderRouter*` callbacks. This approach
continues to be supported. The `Dhcp6PdClient` feature adds native
support for this functionality in the OpenThread core.
The `Dhcp6PdClient` implementation follows RFC 8415, focusing on
prefix delegation and all required behaviors. The client follows the
standard four-message Solicit/Advertise/Request/Reply exchange to
obtain a delegated prefix, followed by a two-message Renew/Reply or
Rebind/Reply exchange to extend the lifetime of the delegated prefix.
When the prefix is no longer needed, a two-message Release/Reply
exchange ends its lease. The current client implementation does not
support the optional "Reconfigure Accept" mechanism.
A set of `otPlatInfraIfDhcp6PdClient*` platform APIs are also
introduced for use by the `Dhcp6PdClient`. These APIs are used to
enable or disable listening for DHCPv6 messages and to handle sending
and receiving them on the standard client and server UDP ports
(546 and 547), effectively acting as a UDP socket.
This commit also includes a comprehensive unit test covering various
aspects of `Dhcp6PdClient`, including common behaviors and many
specific edge cases.
This commit simplifies the `Message::Metadata` so that it no longer
tracks the `MessagePool`. Instead the `Message` now tracks the
`ot::Instance` it is associated with and acts as a `GetProvider`,
allowing access to any component within `Instance`, including
the `MessagePool`.
This commit enhances how changes in the number of reachable peer
Border Routers (BRs) are tracked and signaled. This tracking is
handled by `RxRaTracker` and utilized by the `MultiAilDetector` to
determine if BRs are connected to different AILs.
The `RxRaTracker::DecisionFactors` class now includes and tracks
`mReachablePeerBrCount`. This value is updated in the `Evaluate()`
method, which is invoked upon any change to the internal state
tracked by `RxRaTracker` (e.g., changes in discovered prefixes or
routers). This ensures that any change in the number of peer BRs is
promptly detected and signaled to other sub-components, allowing them
to update their state or take necessary actions.
This commit updates how `MdnsSocket::SendQueuedMessages()` iterates
over the message queue. The iteration is changed to get the next
message before processing the current one. This is necessary because
the current message may be dequeued and freed within the loop, which
would invalidate the pointer to the next message.
This commit moves the `Mle::AnnounceHandler` methods to be located
together in the same section.
The `AnnounceHandler` sub-component was added in a previous commit,
but its methods were intentionally left in their original locations
to keep the `git diff` small and easy to review. This change simply
relocates the methods to their proper place and includes no logical
modifications.
This commit addresses an issue where the fractional part of the ping
average round-trip time (RTT) was not consistently formatted.
Previously, it used ".%u" with `(avgRoundTripTime % 1000)` which
could omit leading zeros for fractional values. It now uses ".%03u"
to ensure three digits are always displayed, padding with leading
zeros when necessary.
Fix the initialization order in ProcessRadioUrl() to ensure that
configuration files are loaded before region settings are applied.
Previously, the region code was set before configuration files
(product-config-file and factory-config-file) were processed. This
caused region-specific settings such as target power to be applied
from stale configuration data rather than the newly loaded
configuration file.
The fix reorders the parameter processing sequence:
1. Basic radio parameters (fem-lnagain, cca-threshold)
2. Configuration file loading (product-config-file, factory-config-file)
3. Region setting (region)
4. Other parameters (bus-latency, max-power-table, coex settings)
This ensures that when a region is set, it will use the correct
configuration data from the newly loaded files, allowing region-specific
power settings and other parameters to be properly refreshed.
Change-Id: Idcf16d194eea65d3efe3ae380d6fa90e71bd5499
It would be easier to use OpenThread public headers if they are
self-contained and follows the IWYU style guide. This commit fixes some
style issues to make the public headers self-contained and IWYU. The
existing pretty check is also extended to verify the OpenThread public
headers are self-contained and follows IWYU.
With the router restoration, longer delay is expected. This commit
defines the router restoration delay and apply it on the unstable test
case Cert_5_1_05_RouterAddressTimeout.
This commit renames DHCPv6-PD related types and methods in
`RoutingManager` to consistently use the `Dhcp6Pd` term.
This commit also updates the related unit test in
`test_routing_manager`. The test is renamed to `TestDhcp6Pd()`, and
the code style is updated to align with other test cases in the same
file. No changes are made to the actual test steps or what is covered
by the test itself. The method for reporting PD prefixes to the
OpenThread stack is modified within the unit test. Instead of using
`otPlat` APIs, `RoutingManager` methods are now directly invoked.
This helps make the unit tests independent of the configuration,
allowing for more flexible models where platform-provided APIs may
not be provided (e.g., DHCPv6 client as part of OpenThread code).
This commit adds the `Option::Iterator` class for searching for and
iterating over DHCPv6 options with a specific code within a message.
The iteration can cover the entire message or be constrained to a
given `OffsetRange`.
The `Option::Iterator` is used to simplify the `Dhcp6::Client` and
`Dhcp6.Server` implementations, particularly when iterating over
`IaAddressOption`s within an `IaNaOption`.
This commit adds a destructor for `SecureTransport` that closes the
socket, and disconnects and removes any tracked sessions.
Removing the sessions ensures that the `SecureSession` instances and
any data allocated within them are properly freed. This handles the
case where the `otInstance` itself is destroyed, ensuring that all
heap-allocated items are cleaned up correctly to prevent memory
leaks.
This commit introduces the `AnnounceHandler` class within `Mle` to
encapsulate logic for handling Announce messages. This change
simplifies the `Mle` module and makes the code easier to read and
follow.
The `AnnounceHandler` class handles received Announce messages with a
newer timestamp and different channel and/or PAN ID. It can delay
processing to collect and handle subsequent Announce messages.
It also manages starting the "announce attach" process, where the device
attempts to attach using the parameters from a processed Announce
message.
- If the attach is successful, this class sends an Announce on the old
channel to inform other devices. This is done immediately after
attaching as a MTD child or after a router transition attempt
completes (on FTD).
- If the attach fails, the class ensures the channel and PAN ID are
restored to their original values.
In particular, the new `AnnounceHandler` uses its own `Timer` to delay
the start of an announce attach. Previously, the `AttachTimer` was
repurposed for this, in addition to its use for attach state
management.
This commit updates and enhances the parsing and generation of the
DHCPv6 DUID in Client/Server Identifier Options.
DHCPv6 DUIDs can be specified in a variety of ways, and clients and
servers must treat them as opaque values that are compared for
equality. This change adds an `Eui64Duid` type to represent a DHCPv6
DUID based on the EUI-64 Link-Layer address format (DUID-LL).
A set of common helper methods are added to parse, match, and append
the DUID in a Client or Server Identifier option:
- `ReadDuid()`: Reads the raw DUID as a blob of data.
- `ReadAsEui64Duid()`: Reads a DUID, validating that it follows the
DUID-LL format, and parses the EUI-64 address.
- `MatchesEui64Duid()`: Reads a DUID and checks that it matches a
given EUI-64 address.
- `AppendWithEui64Duid()`: Appends a Client/Server ID option with a
DUI using the DUID-LL format.
This commit also introduces `Option::AppendOption()` which appends a
DHCPv6 Option with a given code and data to a message.
These methods are then used to simplify the `Dhcp6::Server` and
`Dhcp6::Client` code.
This will avoid the problem that scope id or ifindex remains 0 for a
link-local transmission. If 0, the OS cannot decide which network
interface to use based on address alone.
This aims to fix some instances in core/tcp6 and posix/udp where the
complete struct was not initialized. In otPlatUdpJoinMulticastGroup
and otPlatUdpLeaveMulticastGroup an explicit redundant setting to '0'
is added just for clarity for people reading the code.
This commit adds some new statistics for ePSKc to show the time
duration of various sub process during the credential sharing.
A Nexus unit test is added to verify the stats are counted correctly.
A few small points to be noted:
* The `StopReason` which was used internally in `EphemeralKeyManager`
is renamed as `DeactivationReason`, defined as public and is mapped
to the public enum `otHistoryTrackerEpskcDeactivationReason`.
* The original reason `Timeout` is renamed to `SessionTimeout` to
indicate this is a timeout of the secure session. This is to
differentiate with the epskc mode timeout.
* A new reason `EpskcTimeout` to indicate the timeout is due to epskc
mode timeout.
The log message "No domain name servers found in %s, default to
127.0.0.1" is misleading because the code does not actually default to
127.0.0.1 if no nameservers are found.
This commit updates the log message to accurately reflect the
behavior.
This commit simplifies the processing of PD prefixes provided by the
platform to `PdPrefixManager`. The platform can report DHCPv6 PD
prefixes in two ways: through a Router Advertisement (RA) message
containing Prefix Information Options (PIOs) or by providing a PD
prefix directly.
Previously, these two paths were processed in a single method, which
made the code harder to read and follow. This commit refactors the
logic to separate these two paths while using common helper methods.
This change introduces `EvaluateCandidatePrefix()`, which evaluates a
single candidate prefix and tracks the most favored one. After all
candidates are evaluated, `ApplyFavoredPrefix()` is called to apply
the most favored prefix and update the current PD prefix if
necessary.
This commit introduces new helper methods for DHCPv6 Option parsing
and generation.
- It adds `Option::FindOption()` to search and parse the first DHCPv6
option with a given code within a specified range of a `Message`.
- It also adds `Option::UpdateOptionLengthInMessage()`, which updates
the Option length in a message based on the number of bytes
appended, simplifying the appending of variable-length options
(e.g., `IaNaOption`, which can contain multiple sub-options).
- Additionally, `StatusCodeOption::ReadStatusFrom()` is added to read
the status code from a Status Code Option in a specified range
within a `Message`. The absence of a Status Code option implies
success.
- Helper methods to search for and append `RapidCommitOption` are also
included.
These new helper methods are then used by `Dhcp6::Server` and
`Dhcp6::Client`, simplifying the code, particularly for processing
options in received DHCPv6 messages.
This commit also adds a new `test-036-dhcp-prefix-netdata.py` test to
validate the publishing of prefixes with the DHCP flag in Network
Data and the behavior of the DHCPv6 client and server.
This commit enhances the TREL module to manage mDNS/DNSSD service
registration and peer discovery (browse and resolving for TREL
services). This feature can be controlled through
`OPENTHREAD_CONFIG_TREL_MANAGE_DNSSD_ENABLE` (and/or the CMake option
`OT_TREL_MANAGE_DNSSD`).
When enabled, TREL will utilize the `Dnssd` module, which provides
mDNS-related APIs. This can be tied to OpenThread's native mDNS
implementation or to `otPlatDnssd` (i.e., provided by the platform
layer).
This commit also adds support for the TREL platform in the `Nexus`
test framework and uses this to add a detailed `test_trel` case. This
test covers basic TREL peer discovery and operation, along with
specific scenarios such as peer removal delay, delayed mDNS start,
TREL service name conflict resolution, host address changes, and
supporting multiple services on the same host (while unlikely in
actual deployments, this can be useful for testing and simulation
where a single machine may act as multiple Thread nodes, thus
advertising multiple TREL services from the same hostname. This is
explicitly supported by the implementation and covered in the
tests).
This commit adds a destructor for `SecureSession` which ensures the
freeing of any mbedTls allocated items. This addresses memory leaks
detected by fuzzer tests when `otInstance` is destroyed, though this
situation is unlikely in typical OpenThread stack integrations.
This commit adds destructors for `MessageQueue` and `PriorityQueue`.
This ensures that allocated `Message` instances in different queues
are freed when the `ot::Instance` is destroyed.
This commit updates the `Notifier` to directly signal events to
`BackboneRouter::Leader`, `Dhcp6::Server`, `Dhcp6::Client`, and
`NeighborDiscovery::Agent`. These classes were previously notified
indirectly through `Mle::HandleNotifierEvent()`.
This commit enhances the POSIX platform configuration system to support
dynamic configuration file paths at runtime instead of only build-time paths.
ConfigFile class:
- Replace const char* mFilePath with char mFilePath[kFilePathMaxSize] to allow
dynamic path updates after construction
- Add SetFilePath() and GetFilePath() methods
- Update constructor to use SetFilePath() with proper bounds checking
Configuration class:
- Add SetFactoryConfigFile() and SetProductConfigFile() methods to update
factory and product config file paths
Radio URL parameter support:
- Add support for 'product-config-file' parameter in radio URL
- Add support for 'factory-config-file' parameter in radio URL
This commit contains style fixes and smaller enhancements in
DHCP6-related definitions and types. Mainly, the DHCP6 `Option`
sub-classes are renamed to include the `Option` suffix
(e.g., `IaAddressOption`), harmonizing the naming style with `Tlv`
and other `Option` classes (e.g., `Nd6` or `Dns` options).
This commit modifies the TREL module to explicitly request TREL acknowledgements
for broadcast transmissions directed to known neighbors. This ensures quicker
discovery of when a TREL peer is no longer available.
This commit updates `Nexus` simulation platform to implement and
emulate `otPlatMdns` APIs. This allows Nexus test cases to be
written which require and use the OpenThread's native mDNS.
This commit also enhances `test_border_agent` to validate that the
Border Agent's registered `_meshcop._udp` can be queried and
resolved (using mDNS) from other devices.
Added comprehensive Python virtual environment setup guide to the
cp-caps README.md file.
This includes detailed sections for creation, activation, dependency
installation, and deactivation of virtual environments to help users
properly set up their testing environment and avoid package conflicts.
This commit adds `TypeTraits::IsUint<Type>` and `IsInt<Type>` to
determine (at compile time) whether a given `Type` is an unsigned or
signed integer type (8, 16, 32, or 64 bit length). These help
simplify `static_assert()` checks in template methods that work
with integer types.
This commit updates `test_publish_meshcop_service` to relax the checks
when verifying mDNS browse response. Specifically, after `br1` is factory
reset, the Border Agent and other functions are not given the chance
to stop properly and remove previously registered mDNS entries. This
can result in stale entries remaining in the mDNS cache, leading to
more service entries appearing in `browse` results. This commit
relaxes the check from `assertEqual` to `assertGreaterEqual`,
allowing the test to pass when additional entries are observed.
This commit updates the DNS-SD server to support responding to SOA and
NS record queries (including `ANY` record type queries) for the
default service domain. The recommended values for SOA record data
from RFC-8766 section 6.1 are used. The server name included in
SOA/NS answers is derived from the Extended Address of the device,
ensuring it remains fixed and consistent over reboots as long as the
device's Extended Address stays the same.
A new detailed test case is added in the `test_dns_client` unit test
to cover all the newly added behavior.
Currently, if the platform has no upstream DNS server configured,
upstream DNS query will eventually time out. This can lead to delays
in responding to the DNS client.
The new otPlatDnsIsUpstreamQueryAvailable API provides a mechanism for
the platform to proactively signal the unavailability of upstream DNS.
This commit updates `Trel::Peer` and `PeerTable` to allow scheduling a
`Peer` for removal from the table after a given delay. This enables
smoother peer removal, especially for transient issues, by avoiding
abrupt disconnections.
To implement this, a `State` has been added to the `Peer` class,
tracking whether a peer is in `kStateValid` or `kStateRemoving`. If a
peer scheduled for removal is discovered again, it will be re-added
and marked as valid. Logging is also updated to show these new state
transitions. Additionally, `EvictPeer()` is updated to prioritize
evicting peers already scheduled for removal.
To ensure consistent API behavior, peers that are scheduled for
removal are skipped when iterating over the peer table using
`otTrelGetNextPeer()` or `otTrelGetNumberOfPeers()`.
This adds comments to DNS types, to ensure that official names from
the IANA DNS parameters registry can be found in the OT source code
when starting to search from that starting point. This will make
development and code analysis easier for those not familiar with OT,
or coming from the DNS world. The IANA names (which may deviate from
RFC names) are from: https://www.iana.org/assignments/dns-parameters
This commit updates the DNSSD server/resolver to ensure it includes
the questions in the response message when the returned RCODE is
`NameError` (NXDOMAIN). It also clears the question count and any
partially appended content if there is a failure to append all
questions (when `kResponseServerFailure` (SERVFAIL) is returned).
It also adds a test case in `test_dns_client` to resolve a
non-existent name and validate the included questions.
Previously, the `VerifyOrExit()` macro's condition caused clang-tidy to
issue issue false positives regarding "boolean readability," suggesting
simplifications via De Morgan's Theorem. This occurred because the macro
wrapped the entire condition and then checked its negative.
This commit refactors the macro to evaluate the condition directly, which:
1. Eliminates the erroneous clang-tidy warnings.
2. Potentially enhances CPU branch prediction performance, as the
condition is more likely to evaluate to true.
This commit updates `BorderAgent::PrepareServiceTxtData()` to include
the "rv" key. This key represents the version of the TXT record
format. Per the Thread specification, it must be set to "1". Values
other than "1" are reserved for the future and MUST NOT be used.
This commit also updates `test_border_agent` to validate this key.
This commit addresses a defect in the Resolver::Query function where
it would error out if the attempt to send a DNS query to any single
configured server failed. This could lead to query failures even if
other DNS servers were available and operational.
This commit introduces `TxtData` and `TxtDataEncoder` as nested types
in `Trel::PeerDiscoverer`. These classes handle the decoding and
encoding of TXT data for the TREL service, separating this TXT
data-related logic from the rest of the code. This helps simplify the
code and enables future extensions, allowing the TXT data logic to be
used irrespective of how services are registered or discovered.
This commit introduces `PeerDiscoverer` as a class responsible for
TREL peer discovery, separating this logic from `Trel::Interface`.
The new class currently handles the preparation of TXT data, calling
the platform API to register the TREL service, and handling callbacks
from the platform layer with newly discovered or updated peer
information.
This separation helps with TREL module organization and enables future
extensions, such as performing discovery using the native OpenThread
mDNS module or the platform-specific DNS-SD (`otPlatDnssd`) module,
in addition to the existing approach where discovery is delegated to
the platform layer.
This commit introduces a new API to allow setting vendor-specific
extra TXT data to be included when the Border Agent advertises its
mDNS `_meshcop._udp` service.
The provided vendor TXT data is appended as given to the TXT data
generated by the Border Agent and included in the `_meshcop._udp`
mDNS service advertisement.
This vendor TXT data can be set at any time, regardless of the Border
Agent's state. Any change from a previously set value will trigger an
update of the registered mDNS service to advertise the new TXT data.
This commit also updates `test_border_agent` by generalizing and
simplifying the validation of the Border Agent's `_meshcop._udp`
service TXT data. The tests are also expanded to validate the
complete registered service TXT data, including the newly added
support for vendor-specific extra TXT data.
This commit allows to configure the link-local route's metric via
macro on Linux. By using a larger metric, we can prevent host
processes from accidentally sending traffic to Thread network
interface.
For example, when the mDNS daemon on the BR wants to respond to a `QU`
mDNS question, it will send the mDNS response to a link-local
address. In a multi-network environment, it could wrongly go to the
Thread network interface if the socket is not explicitly bound to the
desired interface.
This commit introduces `PeerTable` as a separate class to track TREL
peers, separating this logic from `Trel::Interface`. The peer table
uses `OwningList`, ensuring that `Peer` entries are properly freed
upon removal.
The logic for allocating a new peer is simplified, including the
mechanism to evict a peer to make room for a new one.
This commit also adds a new configuration option to allow TREL to use
heap-allocated `Peer` entries instead of a `Pool<Peer>` with a fixed
size. The `Peer` class now has a `Free()` method to ensure `Peer`
instances are properly freed, regardless of whether they are heap or
pool allocated. This, combined with the use of `OwningList`,
simplifies memory management.
To cover all configurations, `toranj` build configurations for the
POSIX platform are configured to disallow TREL heap usage, while
`toranj` configurations for the simulation platform enable it.
This commit updates `BorderAgent` modules to directly manage the
registration of mDNS MeshCoP services. Previously, this was the
responsibility of the platform or higher-level code. This behavior is
enabled using `OPENTHREAD_CONFIG_BORDER_AGENT_MESHCOP_SERVICE_ENABLE`
configuration option.
When enabled, the `BorderAgent` module itself will register the
`_meshcop._udp` service name with properly formatted TXT data. As the
state changes, the service registration is updated accordingly.
If the ephemeral key feature is enabled and used, the `BorderAgent`
will also manage the registration of the `_meshcop-e._udp` service.
The implementation allows the service instance name to be configured
in different ways. The Thread specification recommends using a
user-friendly name, such as "<VendorName> <ProductName>". The
name can be set using a newly added configuration option, or
alternatively, using a newly added public API for projects where the
name needs to be set at run-time after device initialization.
This commit also updates `test_border_agent`, validating all the
newly added behaviors related to MeshCoP service registrations.
In `PerformNextRegistration()`, there are many reasons why no
registration message will be sent. For example, device is not attached
or there are no DUAs to register.
This commit suppresses warn-level log messages when no registration
message is expected and normal behavior.
This commit contains smaller changes related to the TREL `Peer` class
and the parsing of TXT data within the `PeerInfo` class.
The `Peer` class definition is now moved into its own `trel_peer.hpp`
and `trel_peer.cpp` header and source files, separating it from the
`Trel::Interface` class. Additionally, the `Log()` method within the
`Peer` class has been enhanced (now using an `Action` enum).
The `PeerInfo` class remains a nested class of `Interface` and now
provides a `ParseTxtData()` method to parse the included TXT data
entries.
This commit updates the internal data structure used for tracking TREL
peers. Peer tracking now uses a `LinkedList` of `Peer` objects
allocated from a pre-allocated `Pool<Peer>`, instead of using a
fixed-size `Array<Peer>`.
This change allows for future enhancements, such as using
heap-allocated `Peer` entries and/or extending the `Peer` object to
track additional (dynamically allocated) information.
This commit relaxes the parsing of TREL TXT data entries to allow
extra bytes to be present at the end of a value.
Currently, these extra bytes are simply ignored. This change provides
safer forward compatibility, allowing for future additions to the
format of the TXT data entries.
This commit moves and enhances the `TxtDataEncoder` class, relocating
it to the common `dns_types.hpp` header file.
The new `TxtDataEncoder` provides helper methods to append TXT entries
with a variety of value types, including `NameData`, C-strings, or an
unsigned integer (in big-endian format). This enhanced encoder is
then used by the `BorderAgent` when preparing MeshCoP TXT data and
also by the TREL module.
This commit relaxes the `SocketHandle::Matches()` method to allow a
socket associated with `kNetifUnspecified` to match when
`IsHostInterface()` is set. This is in addition to the existing
behavior of matching a backbone socket under the same condition.
This commit simplifies the preparation of the State Bitmap, which is
included in the Border Agent's TXT data using the `sb` key.
Specifically, constants for field values are now directly used to
construct the `uint32_t` bitmap, making the process more
straightforward.
Additionally, relevant constants are converted to use `static
constexpr`, avoiding the use of unnamed `enum` definitions.
This commit updates how the "ConnectionMode" field is set in the
Border Agent State Bitmap, which is advertised as the value of the
`sb` TXT key. In particular, when the Border Agent service is stopped
and therefore not accepting any connections, the value of this field
is now set to `kConnectionModeDisabled` to indicate this.
This commit also updates and enhances `test_border_agent` to validate
the State Bitmap entry in the TXT data, covering cases where the
device role changes or ePSKc support is enabled/disabled.
This commit adds a new API to allow the Border Agent service to be
enabled or disabled. By default, the Border Agent service is enabled
when the `OPENTHREAD_CONFIG_BORDER_AGENT_ENABLE` feature is used.
This new API allows the user to explicitly control its state. This
can be useful in scenarios such as:
- The user code wishes to delay the start of the Border Agent service
(and its mDNS advertisement of the `_meshcop._udp` service on the
infrastructure link). This allows time to prepare or determine
vendor-specific TXT data entries for inclusion.
- Unit tests or test scripts might disable the Border Agent service to
prevent it from interfering with specific test steps. For example,
tests validating mDNS or DNS-SD functionality may disable the
Border Agent to prevent its registration of the MeshCoP service.
This commit also adds a corresponding CLI command for the new API and
updates `test_border_agent` to validate this functionality.
This commit updates the mDNS service registration to allow services
for the local host. The `mHostName` field in an `otMdnsService`
structure can now be set to `NULL` to indicate that the service
if for the local host.
The `test_mdns` unit test is also updated to verify this new
functionality.
This commit updates the `BorderAgent` to ensure that if its `Id` is
changed using the `SetId()` method, any consequent changes to the
generated TXT data for the MeshCoP service are correctly signaled.
This signaling is performed using the "Service TXT Data changed
callback". This commit also updates `test_border_agent` to validate
this.
This commit updates `BorderAgent` method and variable names to use
shorter forms where possible. Specifically, the term `MeshCoP` is
removed from many variable and method names, as the `BorderAgent`
class itself is already defined within the `MeshCoP` namespace.
This commit is purely a style and naming change and contains no
modification to the code logic.
This commit updates the DNS-SD `Server` implementation to support
queries for the `ANY` record type. This is supported whether a query
is resolved using the SRP server or the OpenThread native Discovery
Proxy.
When a query is resolved using the SRP server database, all known
records that match the query name and type are included in the
response (e.g., AAAA and KEY records for a hostname; SRV, TXT and
KEY records for a service instance name; and PTR records for service
type or sub-type query names).
Note that unlike mDNS, where an `ANY` query is expected to elicit all
known matching records, in the case of a unicast DNS query for `ANY`,
the response is only required to contain at least one matching
record, not necessarily all of them. This will be the behavior when
the Discovery Proxy is used to resolve a unicast DNS `ANY` query
(i.e., once the first answer is received from the Discovery Proxy
(mDNS), a response is prepared and sent to the client).
The unit tests `test_dns_client` and `test_dnssd_discovery_proxy` are
updated to validate the new `ANY` query behavior.
This commit adds a safeguard check in `Mle::HandleTimeTick()` to
protect against cases where scheduling or sending a Link Request
message to a new neighboring router fails. This can happen, for
example, if the device is temporarily out of message buffers.
This scenario is determined by checking if `router.IsStateLinkRequest()`
is true, there is no Link Request message scheduled to be sent to
this router, and the device is not waiting for a Link Accept
(`!router.IsWaitingForLinkAccept()`). In such a case, the neighbor is
removed using `RemoveNeighbor()`.
This commit adds implementation for RDATA translation in the
OpenThread native discovery proxy. Specifically, for certain record
types (like CNAME) where the record data includes one or more
embedded DNS names, this translation applies. If the embedded DNS
name in RDATA uses the local mDNS domain (`local.`), it is replaced
with the corresponding domain name for the Thread mesh network
(`default.service.arpa.`). Otherwise, the name is included unchanged
in the record data.
A new method, `AppendTranslatedRecordDataTo()`, is added to perform
this translation. It utilizes the `DataRecipe` table, similar to
`DecompressRecordData()`, to parse the record data and update the
embedded DNS names as needed.
The `test_dnssd_discovery_proxy` unit test is updated to cover the new
record data translation behavior.
This commit refactors the `ThreadLinkInfo` definition by moving it
into its own dedicated header (`thread_link_info.hpp`) and source
(`.cpp`) files. Previously, this definition was part of
`mesh_forwarder.hpp`.
This change simplifies the overall code structure. It also allows the
new `thread_link_info.hpp` header to be included by other modules,
such as `message.hpp`, thereby avoiding the need for forward
declarations.
This commit introduces a template helper `AppendServiceRecords()`
designed to append service-related records (SRV, TXT, and host
AAAA addresses) to the appropriate sections within a DNS `Response`
message.
This helper simplifies the codebase by removing repeated patterns.
These patterns occur when resolving queries using either SRP service
data or `ServiceInstanceInfo` retrieved from the platform (when the
platform implements discovery proxy function).
This commit contains a few smaller enhancements in the DNS-SD server
implementation:
- `ShouldForwardToUpstream()` now checks the `mEnableUpstreamQuery`.
- The `ResolveByUpstream()` method now handles its own error logging.
- Comments are added/updated to improve code readability.
This commit updates the DNS client to use `DecompressRecordData()`
helper method when processing `QueryRecord()` responses for
arbitrary record types.
This enables decompression of embedded DNS names within the received
record data for a wider range of record types. In particular, name
decompression is now supported for PTR, CNAME, DNAME, NS, SRV, SOA,
MX, RP, AFSDB, RT, PX, KX, and NSEC records.
This commit updates the DNS callbacks `HandleDnsBrowseResponse()`,
`HandleDnsServiceResponse()`, `HandleDnsRecordResponse()`, etc.,
to output an error if the query name is invalid or too long.
This change replaces previous `IgnoreError()` calls with specific
error handling code for these cases. This should help address CLI
Fuzzer test failures where long or invalid names might be generated
as CLI input.
This commit enhances the OpenThread DNSSD name server/resolver and its
native Discovery Proxy to support queries for arbitrary record
types.
To enable this, a new set of `otPlatDnssd` APIs are introduced for
generic `RecordQuerier`. These APIs mirror the existing APIs in the
OpenThread native mDNS module, allowing direct use of the native mDNS
implementation.
The discovery proxy implementation is updated to start and stop the
mDNS `RecordQuerier` when receiving a query for an arbitrary record
type, passing the first response record back to the client.
The unit tests `test_dnssd_discovery_proxy` and `test_dns_client`
are updated to cover all the newly added behaviors in discovery proxy.
This commit corrects the timing of Transmission Control Block (TCB)
re-initialization to ensure proper RST packet sending during TCP
connection aborts and to prevent potential issues due to incomplete
TCB cleanup.
This commit introduces the `MultiAilDetector` feature within the
`RoutingManager`. This feature detects whether Border Routers(BRs) on
the Thread mesh might be connected to different Adjacent
Infrastructure Links (AILs).
The feature can be enabled using the configuration option
`OPENTHREAD_CONFIG_BORDER_ROUTING_MULTI_AIL_DETECTION_ENABLE`.
The detection mechanism operates as follows: The Routing Manager
monitors the number of peer BRs listed in the Thread Network Data and
compares this with the number of peer BRs discovered by processing
received Router Advertisements (RAs) on its local AIL.
If the count derived from Network Data consistently exceeds the count
derived from RAs for a detection period of 5 minutes, the detector
concludes that BRs are likely connected to different AILs. This
triggers a detection state change, and a registered callback is
invoked. To clear this state, a shorter window of 1 minute is used.
Public APIs and corresponding CLI commands have been added to allow
checking the current detection state and registering a callback for
state change notifications.
This commit also includes test coverage for the newly added feature.
With Thread 1.4 the cli application not can also (dns) resolve
IPv4 addresses. This commit adds the same support in otci
* dns_resolve4
Implements support for vendor operations in otci get/set
* vendor_name
* vendor_model
* vendor_sw_version
Implements network diagnostic commands
* get
* reset
* non_preferred_channels
Various other (small changes)"
* allow setting read timeout on serial connections
* allow replacing read routine filter
* expose latest thread versions in the public module api
* expand the definition of dns_get_config
* replaces mgmtget/mgmtset with the correct mgmtgetcommand and mgmtsetcommand
* replaces addressmode with the correct addrmode
* adds an `ignore_result` option to `execute_command`
* adds a missing `diag` command
* removes some unexisting getters
This commit updates the mDNS `RecordQuerier` to handle record types
where the RDATA contains one or more potentially compressed DNS
names. For these types, the reported record data is now decompressed
to include the full DNS names. This enhancement applies to the
following record types: NS, CNAME, SOA, PTR, MX, RP, AFSDB, RT, PX,
SRV, KX, DNAME, and NSEC.
To achieve this, a helper `ResourceRecord::DecompressRecordData()`
method is introduced. This method uses a "recipe" formula specific
to each supported record type. The recipe defines the number of
prefix bytes before the first embedded name, the number of DNS
names, and the minimum number of suffix bytes after the names. A
common implementation then uses this recipe to parse and decompress
the RDATA. This approach makes the implementation flexible and allows
for easier addition of new record types and formats in the future.
Unit test `test_dns` is updated to validate the newly added method.
This commit enhances the `openthread-posix-config.h` header by:
- Moving configurations defined in other headers
(`platform-posix.h`) into this common header.
- Making sure the section containing guard checks for removed or
renamed POSIX configurations is at the end of the header file.
This commit refactors the `Mle` modules and combines the `MleRouter`
and `Mle` classes into a single `Mle` class which now handles both
FTD and MTD functionalities.
The `MleRouter` and `Mle` classes were originally intended as
sub-classes, where the base class `Mle` would provide MTD and common
behaviors, and `MleRouter` would implement FTD-specific behaviors.
However, over the years and as new features were implemented, these
two classes became more intertwined, and the `Mle` class began to
include many FTD-related functions and interactions with `MleRouter`
private variables and methods.
This commit simplifies the code by combining the two into a single
class. The previous `mle_router.cpp` file is also renamed to
`mle_ftd.cpp` to indicate that it implements FTD-specific MLE
behaviors.
This commit introduces an API to iterate over the local host IPv6 and
IPv4 addresses known to the OpenThread mDNS module.
The platform layer is responsible for monitoring and reporting all
host IPv4 and IPv6 addresses to the OpenThread mDNS module, which
then tracks the full address list
(see `otPlatMdnsHandleHostAddressEvent()`). The newly added function
allows iteration through this tracked list, primarily intended for
information and debugging purposes.
This commit also adds a CLI command to utilize the new API.
Additionally, the `test_mdns` unit test has been updated to validate
the functionality of the newly added API.
This commit enhances the posix `otPlatAlarm` implementation by:
- Avoiding casting from unsigned int to signed int. While this usually
works, it's technically undefined behavior.
- Adding new `IsExpired()` and `CalculateDuration()` methods to avoid
unsigned to signed casting and simplify the code.
- Ensuring `static_cast<>` is used instead of C-style casts.
This commit adds the `-Wundef` compiler flag to the OpenThread core,
CLI, and NCP builds when configured for MTD, FTD, or Radio types.
This flag helps ensure that no undefined macros are used within the
source code, protecting against potential typos in conditional
compilation checks (`#if` checks).
Due to CVE-2025-27809, on newer versions of mbedtls, handshake
will fail unless hostname is set earlier.
TLS clients are not affected if they operate in a closed ecosystem
where the trusted certificate authority only issues certificates
to trusted hosts.
In this case, `mbedtls_ssl_set_hostname` with nullptr should
be called to avoid failures.
Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
This commit adds `ResourceRecord::UpdateRecordLengthInMessage()`
helper method in `dns_types.hpp`.
This common helper is then used in the SRP client, DNSSD server, and
mDNS modules, replacing similar methods previously implemented within
these modules.
This commit introduces an alternate mechanism for the platform layer
to signal local host address changes to the OpenThread mDNS module.
The existing approach, where the platform invokes
`otPlatMdnsHandleHostAddressEvent()` for each added or removed
address, remains supported.
The new approach allows the platform to call the newly added
`otPlatMdnsHandleHostAddressRemoveAll()` callback once, immediately
followed by invoking `otPlatMdnsHandleHostAddressEvent` for every
currently assigned IPv4 and IPv6 address on the interface.
These two approaches offer flexibility for platforms with varying
capabilities accommodating different operating systems and network
stacks. Some network stacks may provide mechanisms to identify the
added or removed addresses, while others may only provide the new
list upon a change.
The `test_mdns` unit test is updated to validate this newly added
mechanism.
This commit introduces a new feature in `Dns::Client` to support
sending DNS queries for arbitrary record types. Callers are notified
of received response via a callback. New methods are provided to
parse and read all records in the response. Public APIs and related
CLI commands for this new feature are also added.
The `OPENTHREAD_CONFIG_DNS_CLIENT_ARBITRARY_RECORD_QUERY_ENABLE` build
configuration is added to control this feature. This allows projects
that do not require arbitrary DNS query functionality to disable it,
avoiding its associated firmware code size overhead.
Importantly, if a retrieved record type is PTR, CNAME, DNAME, NS, or
SRV, the record data in the received response contains a DNS name
which may use DNS name compression. For these specific record types,
the record data is first decompressed such that it contains the
uncompressed DNS name. For all other record types, the record data is
read and provided as it appears in the received response message.
This commit simplifies how information about the message queue, such
as the number of messages, data buffers, or total bytes in the queue,
is retrieved. The `MessageQueue::GetInfo()` method is changed to
clear the passed-in `Info` structure (instead of adding the counts to
the existing fields and expecting the caller to clear it).
A new helper method, `MessageQueue::AddQueueInfos()`, is added to
aggregate queue information when needed.
Various modules, such as `MeshForwarder`, `Ip6`, and `Mle`, are
updated to provide methods to retrieve their queue information
instead of exposing a reference to their internal queues.
In particular, `Coap` is updated to provide combined information for
all its queues, including request and cached response queues. This
simplifies the `Instance::GetBufferInfo()` method, which retrieves
information about all queues across all components.
This commit renames methods related to reachability checks and the
sending of ICMP unreachable errors for better clarity and
consistency. The primary method for determining reachability is
renamed to `IsReachable()`. Methods that perform a reachability check
and, upon failure, send an ICMP unreachable error are renamed as
`CheckReachabilityToSendIcmpError()`, clearly indicating their
additional action of sending an ICMP error.
This commit simplifies the `Ip6::DetermineAction()` method, which
determines the appropriate actions (`forwardThread`, `forwardHost`,
`receive`) for an IPv6 message based on its destination address and
origin.
- The code now uses `ExitNow()` to exit the method as soon as a
specific action is determined. This avoids deeply nested `if/else`
blocks and makes the control flow easier to understand.
- Some negative conditional checks have been refactored into positive
checks with early exits. For example, a condition like `if
(!cond1 || !cond2)` that guarded further processing is now
expressed as `if (cond1 && cond2) { ExitNow(); }`, making the logic
more direct.
- New comments have been added to clarify more complex checks and
conditions within the method.
- The `RouteLookup()` method has been removed and its logic inlined
directly into `DetermineAction()`. This improves code readability
and allows for clearer distinction between forwarding to a host due
to Border Router functionality versus forwarding as a last resort
when no specific route exists.
This commit introduces the `DetermineAction()` method to refactor the
code within `HandleDatagram()`. This new method centralizes the logic
for determining the appropriate action (e.g., `forwardThread`,
`forwardHost`, `receive`) for an IPv6 message based on its
destination address and origin.
This commit only focuses on code refactoring and does not introduce
any changes to the existing message processing logic.
This method inspects a received message to perform two key actions:
- Updating the EID-to-RLOC cache (for snoop optimization) and
- Detecting whether a former child device has moved to a new parent.
The renaming clarifies the specific responsibilities of this method.
This commit simplifies the process of determining the destination MAC
address. Specifically, when the destination is a link-local unicast
address, the MAC address is derived directly from its Interface
Identifier (IID). This commit replaces and removes the
`GetMacDestinationAddress()` method, with the calling code now
directly determining the destination MAC address.
This commit adds support for the "non-preferred channels" TLV in
Network Diagnostics. New APIs and their related CLI commands are
added to allow users to get/set this value, which is then used to
respond to Diagnostic Get/Query messages requesting this TLV. This
commit also introduces a mechanism to monitor and notify the caller
when a Network Diagnostic Reset command is received for this TLV.
The `test-020-net-diag` test is updated to validate the new TLV and
its API.
This commit updates the template method `Instance::Get<Type>()` to
support retrieving the `ApplicationCoap` and `ApplicationCoapSecure`
sub-components within the `Instance` hierarchy. This change replaces
the previous direct methods used to access these CoAP components,
providing a more consistent approach to accessing sub-components.
This commit introduces a new method, `Uptime::GetUptimeInSeconds
()`, which returns the device's uptime in seconds. This new method
simplifies existing code that performed manual conversion of the
uptime from milliseconds to seconds.
This commit adds a check in `instance.cpp` to ensure that exactly one
of the `OPENTHREAD_CONFIG_FTD`, `OPENTHREAD_CONFIG_MTD`, or
`OPENTHREAD_CONFIG_RADIO` configuration options is enabled. This
enforces a clear definition of the build type and prevents potential
conflicts or unexpected behavior arising from ambiguous or incorrect
configurations.
This commit introduces a new mechanism in `RoutingManager` to
configure OMR prefix handling on a Border Router. This provides
manual administration options to explicitly set a custom OMR prefix
or disable it, in addition to the existing default behavior where the
BR automatically selects and manages the OMR prefix. These new
administrative configurations can also be used during testing,
particularly for certification tests.
This commit adds new public OpenThread APIs and a CLI command,
`br omrconfig`, for this functionality. Notably, the new APIs allow
updating the OMR configuration while the BR is enabled and running,
and the implementation correctly adjusts to the new requested
behavior.
A new detailed test case is added to the `test_routing_manager` unit
test, covering the new behavior.
This commit add new helper methods `Mac::ExtAddress::SetFromIid()`
and `Mac::Address::SetExtendedFromIid()` which set the Extended
MAC Address from a given IPv6 Interface Identifier (IID). These
methods replace similar ones on `Ip6::InterfaceIdentifier` class
(`ConvertToExtAddress()` and `ConvertToMacAddress()`) to improve code
readability. It is more intuitive to call a `Set` method on the
object being modified rather than passing it as input to a `Convert`
method.
Resolves:
CMake Error at third_party/googletest/repo/CMakeLists.txt:4 (cmake_minimum_required):
Compatibility with CMake < 3.5 has been removed from CMake.
Update the VERSION argument <min> value. Or, use the <min>...<max> syntax
to tell CMake that the project requires at least <min> but has been updated
to work with policies introduced by <max> or earlier.
Or, add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to try configuring anyway.
This commit adds the `srp server port` CLI command, which maps to the
`otSrpServerGetPort()` API. This new command is now used in
`thread-cert/node.py` to implement `get_srp_server_port()`, allowing
direct retrieval of the SRP server port instead of indirectly parsing
the network data entry.
This commit enhances the native OpenThread mDNS implementation to
streamline the registration of the local host and its IPv6/IPv4
addresses.
Previously, registering the local host required tracking host
addresses and using `otMdnsRegisterHost()`, similar to registering
any other host. This commit introduces a simpler alternative that
handles both IPv6 and IPv4 addresses.
The changes in this PR include:
- The local host name can be explicitly set by the caller using new
API `otMdnsSetLocalHostName`. However, if not provided, the mDNS
module automatically generates a name derived from the device's
Extended MAC address.
- A new platform API callback, `otPlatMdnsHandleHostAddressEvent`, is
introduced to notify the OpenThread mDNS module of host address
changes.
- The OpenThread mDNS maintains an internal list of host addresses,
automatically updating it based on platform callbacks. A short
guard time is used to group multiple changes before announcing
them. Transient changes (e.g., address removal and re-addition) are
handled to prevent unnecessary announcements.
- Host IPv4 addresses (A records) are now supported. The `HostEntry`
class is updated to optionally include IPv4 addresses, in addition
to the required IPv6 addresses.
- A detailed test case in `test_mdns` covers all new local
host-related behaviors.
This commit adds support for the Network Diagnostics Enhanced Route
TLV (TLV number 37). This TLV provides information about established
links between routers, including the next hop and associated cost for
routes to all routers. This commit also adds CLI support and test
coverage for the new TLV.
This commit enhances the documentation of certain `otPlatRadio` APIs
for improved clarity.
Most importantly, regarding the `otExtAddress` input parameters,
earlier APIs such as `otPlatRadioSetExtendedAddress()`, `otPlatRadio
{Add/Clear}SrcMatchExtEntry()` assume little-endian byte order. This
is already noted in their documentation. However, some more recent
APIs, namely `otPlatRadioConfigureEnhAckProbing()` and
`otPlatRadioEnableCsl()` do not explicitly specify the byte order.
Common radio platform implementations (and how the APIs are used)
assume big-endian byte order. While this discrepancy is unfortunate,
changing it would create backward compatibility with existing
platform implementations. This commit updates the documentation of
these APIs to mention the byte order and highlight their difference
from other APIs.
This commit also clarifies `otPlatGetRssi()` expected behavior.
This commit fixes `get_srp_server_port()` in `thread-cert/node.py`.
This function parses Network Data service entries, searching for an
SRP/DNS unicast (non-preferred) entry, and then attempts to parse the
published port number of the SRP server by examining the last bytes
of the "server data".
The SRP/DNS unicast entry was previously updated to optionally include
a "version" field at the end of the "server data". This update caused
the port number parsing to fail, as the code did not account for the
extra byte corresponding to the version field.
This commit resolves this issue by ensuring that the two bytes are
correctly read and interpreted as the port number, regardless of the
presence of the version field.
The WED listener only supports calling the `Radio::ReceiveAt()` for
periodic sampling.
This commit adds support for the WED to perform periodic sampling by calling
`Radio::Sleep()` and `Radio::Receive()`.
This commit updates `otLowpanContextInfo` to include the `mStable`
flag, indicating whether the 6LoWPAN Context TLV is marked as stable
or not. The `netdata show` CLI command is also updated to display the
stable flag when outputting the list of contexts. Additionally, this
commit updates the `test-019-netdata-context-id` test to adjust how
it checks and validates the "compress" flag.
This commit makes `OPENTHREAD_CONFIG_UPTIME_ENABLE` mandatory for FTD
and MTD builds. This requirement is now explicitly enforced in the
`uptime.hpp` header file. Consequently, this configuration is only
applicable for RADIO/RCP builds.
This commit also removes unnecessary `#if` checks for this
configuration within core modules used in MTD or FTD builds. The
OpenThread API and CLI command documentation are updated
accordingly.
This commit enhances `RecordQuerier` to support queries for the ANY
record type. When querying for ANY, the response may contain various
record types. The implementation ensures that these different types
are cached separately and correctly handles responses containing
multiple record types (with or without "cache-flush" flag).
The `test_mdns` unit test is updated to validate this new behavior in
detail.
This commit introduces new Spinel properties to support CLI service in
NCP.
* Added `SPINEL_PROP_STREAM_CLI` property: This streaming property
provides a bidirectional channel for interacting with the NCP's
command-line interface (CLI). The host can send CLI commands to the
NCP by setting this property. The NCP will then execute the
commands. The NCP will send the output of the executed command (if
any) back to the host via unsolicited notifications of this same
property.
This commit changes the mesh forwarder to avoid adding CSL IE when the
message is not destined to a known neighbor. This change also eliminates
the check to exclude the MLE Discovery Request for adding CSL IE.
Key Changes:
* Server Prioritization: RDNSS-discovered servers are prioritized
based on their advertised lifetime. Servers with longer lifetimes
are preferred.
* Recursive DNS Server List: The resolver maintains a list of
recursive DNS servers, which now includes servers learned via RDNSS.
* DNS Query Integration: The resolver uses the RDNSS-learned servers
when forwarding DNS queries upstream.
* Border Routing Integration: The RDNSS callback is registered to the
border routing module.
Minor Changes:
* The unused function `Transaction *GetTransaction(int aFd)` is
removed.
Previously, the code relied on the return code of the `service radvd
status` command to determine if `radvd` was running. This was
unreliable because the command could succeed even if the service was
not actually active.
The `is_radvd_running` function now parses the output of `service
radvd status` and specifically checks for the line "running" to
confirm that the service is truly running.
This commit introduces `CoapBase::ScheduleRetransmissionTimer()`, a
new method that calculates the next retransmission timer fire time
based on all queued messages in `mPendingRequests` and then
schedules (starts or stops) the timer.
This method is now used whenever `mPendingRequests` is updated (a new
message is added or an existing message is removed). It is also used
in `HandleRetransmissionTimer()`, the timer's callback. This change
centralizes timer scheduling, simplifying the logic.
This also addresses an issue in the existing code where
`HandleRetransmissionTimer()` iterated over `mPendingRequests` to
determine expired messages and calculate the next fire time. However,
finalizing an expired message could trigger its `ResponseHandler`
callback, from which the caller may start or abort CoAP message tx
and modify `mPendingRequests` and reschedule the timer, leading to
incorrect fire time calculations (`NextFireTime` can be incorrect
which would then improperly re-schedules the timer, stop it or
schedule it to a later time).
With this change, `HandleRetransmissionTimer()` first finalizes
expired messages (potentially invoking callbacks) and then calls
`ScheduleRetransmissionTimer()` to calculate the next fire time
based on the updated `mPendingRequests`, ensuring accurate timer
scheduling.
On Android we didn't have a chance to disable reading from
`resolv.conf` at initialization of `Resolver`. This caused a logging
line at critical level which could be confusing.
This commit enhances the native mDNS implementation by adding
`RecordQuerier`, which enables continuous queries for arbitrary
record types and query names. The `RecordQuerier` follows a pattern
similar to service/address browsers and resolvers, allowing multiple
queriers to be started for the same record type and name (provided
they use different callbacks).
Record results are cached, and the cache correctly handles and reports
when new records are added or removed (either explicitly or due to
timeouts), including when the "cache-flush" flag is used in a
response.
Public OpenThread APIs and corresponding CLI commands are added for
`RecordQuerier` functionality.
The `test_mdns` unit test is updated with a detailed test case
covering the newly added `RecordQuerier` functions.
This commit enhances the DNS resolver (`resolver.cpp`) to support IPv6
addresses in upstream DNS server configurations, allowing for greater
flexibility and compatibility in IPv6-enabled environments.
This commit aims to add the possibility to specify a netif identifier for
SecureTransport::Open method. This method has now a default parameter,
kNetifUnspecified, if no argument is explicitly passed by the user.
Signed-off-by: Cristian Bulacu <cristian.bulacu@nxp.com>
The current MLE and MAC layers will trigger a call to "SubMac::UpdateCsl()"
when the CSL state or CSL parameters change. This will bring a lot of
unnecessary interface call overhead when we make RCP support CSL receiver
in the future.
This PR refactors the code so that the MLE and MAC layers only trigger a
call to `UpdateCsl` when a valid state or parameter change occurs.
This commit introduces a mechanism in `RoutingManager` to parse and
process Recursive DNS Server (RDNSS) options within received Router
Advertisement (RA) messages. The list of discovered RDNSS addresses
is tracked (per router) by `RoutingManager`, applying the advertised
lifetime to properly age the discovered entries.
This commit adds a new public API to retrieve the list of tracked
RDNSS addresses, along with a callback mechanism where OpenThread
users can register to be notified of changes to the RDNSS list. This
callback is invoked when any of the following changes occur:
- A new RDNSS address is advertised by a router.
- A previously discovered address is removed due to the router
advertising it with a zero lifetime.
- A previously discovered address has aged out (its lifetime expired
without being re-advertised).
- `RoutingManager` determines that the router advertising the address
is now unreachable, resulting in the removal of all its associated
entries.
This commit also adds corresponding CLI commands for the new API.
Furthermore, `test_routing_manager` is updated to include a test case
covering all the newly added behaviors in detail.
This commit updates the CSL channel selection logic. When a CSL
channel is not explicitly set, the code now uses the tracked
`mPanChannel` (the current Thread PAN channel) instead of
`mRadioChannel` (the current channel the radio is listening on). This
ensures that the CSL channel aligns with the Thread PAN channel, even
when the radio temporarily switches to other channels, such as during
an MLE discover scan.
This commit modifies `UpdateIp6RouteFtd()` to handle errors returned
by `NetworkData::Leader::RouteLookup()`, ensuring that messages are
dropped appropriately when a route lookup fails. It also initializes
`mMeshDest` to an invalid RLOC16 at the beginning of the method.
This commit fixes the issue that the joiner starts joining process
immediately when an invalid Joiner UDP Port is encountered. This issue
was introduced by #9445 which attempts to ignore joiner routers having
an invalid Joiner UDP Port.
This commit updates how the CSL sample time is tracked in `SubMac`,
ensuring that it is tracked using both radio time based on
`otPlatRadioGetNow()` and the local time (`TimeMicro::GetNow()`).
These two time sources may not necessarily be the same.
This change addresses the issue where the same time value was used for
both scheduling `mCslTimer` (which should be based on local time) and
for calls to the radio APIs (which should use radio time).
When in fast-start mode, the SRP server will be disabled and then
immediately enabled again if the device transfers from Child to Router.
This commit fixes this issue by also matching the MLE-ID with the SRP
server address in the Network Data.
This commit updates the `Srp::Server` so that Fast Start Mode can be
disabled by a call to `otSrpServerSetAutoEnableMode()`, in addition
to the existing method of calling `otSrpServerSetEnabled()`.
The `test_srp_server` unit test is updated to validate this new
behavior.
This commit fixes an issue in BorderAgent when handling Notifier
events.
If the events contain 'Epskc' and BA is not running, then the meshcop
service update will be skipped.
This commit refactors the `sub_mac_csl_receiver.cpp` to handle
`ReceiveAt()` and `Sleep() or Receive()` operations in different
functions to simplify the code logic.
This commit enables CCA for CSL transmission. CCA is expected for CSL
transmissions. The platform layer may skip CCA if mCsmaCaEnabled is not
set. This commit ensures mCsmaCaEnabled is correctly delivered to the
platform layer.
This commit posts a MeshCoP service changed task after Epskc feature
is enabled/disabled.
After Epskc feature is enabled/disabled, the `EpskcSupported` bit in
the statebitmap in MeshCoP Txt value should change accordingly.
This commit adds spinel properties for border agent MeshCoP service to
work under NCP.
* `SPINEL_PROP_BORDER_AGENT_MESHCOP_SERIVCE_STATE`: this simply
conveys the MeshCoP service state, including `IsActive`, udp port
and the encoded Txt values.
* `SPINEL_PROP_BORDER_AGENT_MESHCOP_SERIVCE_STATE_SUBSCRIPTION`: this
notifies the NCP side to register the state change callback. Because
we hope that the host side can have initial values. But if we
register the state change callback in NCP's initialization, the
callback will be invoked at a very early stage and send the values
while the host isn't ready to receive the MeshCoP service values. So
this property enables the host to decide when to receive the initial
values.
This commit adds "Fast Start Mode" feature for SRP server. This
feature is designed for scenarios where a device, often a mobile
device, needs to act as a provisional SRP server (e.g., functioning
as a temporary Border Router). The SRP server function is enabled
only if no other Border Routers are already providing the SRP
service within the Thread network. A common use case is a mobile
device joining a Thread network where it may be the first, or only,
BR. Importantly, Fast Start Mode allows the device to quickly start
its SRP server functionality upon joining the network, allowing other
Thread devices to quickly connect and register their services without
the typical delays associated with standard Border Router
initialization and SRP server startup (using NetData Publisher).
This commit updates `SubMac::UpdateCsl()` and related methods to use
the core types `Mac::ExtAddress` and `Mac::ShortAddress` instead of
C-style public/platform types. The extended address input is also
changed from a pointer to a reference.
This commit adds a new option in `otSrpServerAddressMode` as
`OT_SRP_SERVER_ADDRESS_MODE_UNICAST_FORCE_ADD`. This allows faster
SRP server start up by bypassing the Network Data publisher and
adding the "SRP/DNS unicast" entry directly to Network Data upon enabling
of the SRP server, regardless of how many other similar entries are
present.
This option is intended for testing and specific situations. A warning
is added to indicate that using this option will make the device
non-compliant with the Thread specification.
The unit test `test_srp_server` is updated with a new test case to
validate the new `AddressMode` and its related behavior.
This commit modifies the process exit behavior to introduce a new exit code
`OT_EXIT_RCP_RESET_REQUIRED`. This code signals that a hardware reset is required
by the POSIX platform, rather than being initiated directly by OpenThread itself.
This change is necessary to accommodate scenarios where the platform or a
separate stack (e.g., Wifi/BT) is responsible for managing hardware resets
of integrated chips (like Wifi/BT/Thread trinity chips). Previously, OpenThread
might have attempted to handle resets directly, which is not always appropriate
in these integrated environments.
This commit includes the following changes:
- Adds a new exit code: `OT_EXIT_RCP_RESET_REQUIRED` is now defined to indicate a
platform-requested hardware reset.
- Makes reset parameters optional: The `gpio-reset-device` and `gpio-reset-line`
parameters for reset functionality are now optional.
- process dies if gpio-reset-device is not given when TriggerReset().
The RCP should assert the interrupt pin to notify the SPI interface of
an impending data frame transfer to the host. This commit removes the
polling mode from the spi interface.
This commit adds a new OT API `otBorderAgentGetMeshCoPServiceTxtData`
to get MeshCoP Service TXT data from OT core.
The intention is to facilitate the NCP property update for MeshCoP
Service TXT data. With the get API, NCP property update can use the
`ChangedPropsSet` way which is more robust.
This commit updates `kAloc16ServiceEnd` to `0xfc1f`, aligning it with
recent changes in the Thread specification. The range `0xfc10-0xfc1f`
is now used for service ALOC16 corresponding to the 16 service IDs,
and the range `0xfc20-0xfc2f` is reserved for future use.
It also updates the `NetworkData::Leader::AnycastLookup()` to
explicitly check a given `aAloc16` against the defined ALOC16 ranges.
This replaces the previous model, which assumed that ALOC16 ranges
followed each other sequentially. While this assumption held true
previously, the introduction of the reserved range disrupts this
pattern. The explicit range check ensures correct behavior regardless
of future changes, making it a safer and more robust approach.
This commit changes the installation of socat from using 'apt' to
manual installation.
We found the latest socat version 1.8.0.3 has an issue when running
with OTBR docker. To avoid the error caused by version and facilitate
local development, the commit provides a script to install socat of
version 1.7.4.4 and replaces the installation in CI and scripts..
We add the install script in openthread and ot-br-posix will use the
script in openthread to install socat.
This commit enhances `NetworkData` modules to skip invalid TLVs during
iteration or search operations. Specifically, `NetworkDataTlv::Find
()` and `NetworkData::Iterate()` are updated. These two methods are
the primary methods used by all other methods for parsing or
searching for TLVs.
Generally, the leader validates TLVs before registration using
`NetworkData::Leader::Validate()`. However, this change improves
robustness by allowing receivers to also handle possible malformed
Network Data.
This commit also updates the `test_network_data` unit test to cover
the new behavior of skipping invalid TLVs.
This commit updates `SetTimeout()` to ensure the child timeout remains
within the minimum and maximum allowed values (per the specification,
the maximum value of 8 hours is used).
These limits are also enforced when the parent requests a different
timeout value in an MLE Child Update Response to the child's
request.
If the EphemeralKey Manager is enabled, when no active CoAP DTLS
session is found in the Border Agent's mDtlsTransport, it should
attempt to retrieve one managed by the EphemeralKey Manager.
This issue was discovered when using Thread devices, a Border Router ,
and `ot-commissioner` for commissioning with an ephemeral key. The
process is as follows:
Using `ot-commissioner` commit: `8fffd186b28809257bad73eab2459c97240fe535`
Using `openthread` commit: `36a8f71d0693bfb1407fc48444c4da6e7f2d32d6`
1. Using the ephemeral key, the BR and `ot-commissioner` established a
DTLS connection over the Wi-Fi link. This process worked as expected,
and the Border Agent successfully created `mCoapDtlsSession` in the
EphemeralKey Manager.
2. The `ot-commissioner` executed the command `joiner enableall
meshcop J01NU5` to allow joiners to connect.
3. When a Thread node attempted to join the network using `joiner
start J01NU5`, it failed.
The root cause was that when the `BorderAgent` received a CoAP message
from the Thread device and attempted to forward it to
`ot-commissioner` via `HandleTmf<kUriRelayRx>`, it could not find an
active CoAP DTLS session through
`FindActiveCommissionerSession`. Because the `mCoapDtlsSession` in the
EphemeralKey Manager was not managed by the Border Agent’s
`mDtlsTransport`.
This VerifyOrExit will prevent the RCP recovery process from resetting
the RCP. The comment highlights that given a multipan architecture, it
is not viable to reset the RCP once it is declared ready. In
non-multipan architectures, it is still viable and desirable to reset
the RCP as part of recovering it.
See https://github.com/orgs/openthread/discussions/11273
This commit adds tests to cover the handling of Src Match entries,
including adding, removing and clearing of short addr entries and
extended addr entries.
This commit adds a new OT API to set callback for border agent state
change: `otBorderAgentSetMeshCoPServiceChangedCallback`
`otBorderAgentStateChangedCallback` is invoked when the 'IsActive'
state of BorderAgent changes or the MeshCoP TXT data from Thread stack
changes. For example, the network name, the EXT PAN ID. This is used
to update the MeshCoP TXT data that will be published on the host and
notify the platform to start/stop the UDP Proxy.
After applying the UdpProxy design, the UDP port of published MeshCoP
service will be provided by the UdpProxy on the host (in ot-br-posix)
instead of OT core.
This commit simplifies state tracking and updates within
`PdPrefixManager`. Previously, three boolean flags (`mEnabled`,
`mStarted`, and `mPaused`) and a `GetState()` method were used to
represent the state as a `Dhcp6PdState`.
This commit replaces the boolean flags with a single `mState`
variable of type `Dhcp6PdState`. New `UpdateState()` and `SetState()`
methods handle all state transitions, ensuring PD prefix withdrawal
(OMR prefix removal from Network Data) and state change signaling.
This commit refactors the cp-caps test as follows:
1. uses the unittest framework to refactor the cp-caps.
2. all tests are sorted alphabetically
3. all test names are changed to long names.
This commit relaxes the tests that assume mDNS resolve would provide a
single IPv6 answer and explicitly check and require one address. This
behavior of the mDNS API is improved/changed in the `ot-br-posix`
implementation, allowing multiple addresses to be collected and
passed in the "resolved" callback.
This commit updates the `_assert_dig_result_matches()` function to
have an additional parameter, `allow_extra_answer`, which is then
used in specific test steps.
This commit addresses an issue introduced in #10892 where the Extended
Address byte order was not properly handled when calling
`otPlatRadio` APIs. OpenThread core uses big-endian encoding for
Extended Addresses, while the `otPlatRadio` APIs expect
little-endian, as per documented behavior.
PR #10892 refactored the byte-order reversal code from
`SourceMatchController` and `LinkRaw` into the `Radio` class. While
`Radio::AddSrcMatchExtEntry()` was updated properly to reverse the
byte order, `Radio::ClearSrcMatchExtEntry()` was not. This leads to
Extended MAC addresses not being properly removed from the source
match table, potentially causing issues with indirect transmission.
This commit resolves the issue.
It is strongly recommended to cherry-pick this fix into builds that
include #10892.
This commit clarifies the documentation for `otPlatRadioReceiveAt()`
regarding its behavior when called multiple times after successfully
scheduling a reception window. If a subsequent call occurs before
the start of the previous window, it MUST cancel the previous window
and effectively replace it. If the call occurs after the start of
the previously scheduled window, even if still within it, it MUST
NOT impact the ongoing reception.
This commit simplifies the `PdPrefixManager` class by removing the
`currentPrefixUpdated` flag. The flag was used to track PD prefix
changes during prefix processing, solely to determine if a prefix was
deprecated. This deprecation check can be performed independently,
eliminating the need for the flag and simplifying the code.
This commit updates the `BorderAgent` implementation to support
multiple parallel sessions using PSKc. It adds new public OT APIs to
iterate over all sessions, along with related CLI commands. The nexus
`test_border_agent` is updated to cover multi-session behavior and
the new session iteration APIs.
This commit simplifies `PdPrefixManager::HasPrefix()` by simply
checking if `mPrefix` is empty (rather than `IsValidOmrPrefix()`).
A favored PD prefix is always validated before it is assigned to
`mPrefix`, and when the prefix is removed, `mPrefix` is cleared.
This commit updates `otBorderRoutingDhcp6PdState` to be properly
mapped using `DefineMapEnum()` to its related core-internal `enum`
definition. This avoids the use of `static_cast` for conversion and
ensures only associated `enum` types can be mapped to each other.
This commit updates `PdPrefixManager::Evaluate()` to directly use the
helper method `FavoredOmrPrefix::IsInfrastructureDerived()` when
deciding to pause and change to `kDhcp6PdStateIdle`. This helps
improve code readability.
This commit updates `otBorderRoutingDhcp6PdState` to be properly
mapped using `DefineMapEnum()` to its related core-internal `enum`
definition. This avoids the use of `static_cast` for conversion and
ensures only associated `enum` types can be mapped to each other.
This commit updates `PdPrefixManager::Evaluate()` to directly use the
helper method `FavoredOmrPrefix::IsInfrastructureDerived()` when
deciding to pause and change to `kDhcp6PdStateIdle`. This helps
improve code readability.
This commit enhances the `OmrPrefixManager` to track and log changes
to the favored OMR prefix. The new log includes the old favored
prefix (if any) along with the new one, and provides additional
information such as its preference, whether it is a domain prefix, or
whether it matches the local OMR prefix. This replaces and enhances
the previous logs.
This new mechanism can also be used to signal (to other modules) when
the favored OMR prefix changes.
The simulation platform radio driver doesn't set the 'mInfo.mTxInfo.mIeInfo'
field of the ACK frame. And the function 'otMacFrameUpdateTimeIe()' directly
use the 'mInfo.mTxInfo.mIeInfo' field, this may cause the program crash.
This commit checks whether 'mInfo.mTxInfo.mIeInfo' is null before using it
and sets the 'mInfo.mTxInfo.mIeInfo' field of the ACK frame to null in
simulation platform.
When running the command `diag receive 1 rlp`, the DUT may fail to
receive the frame, then the otci will try the command again and
again. These retries are useless, and they will take lots of time
before timeout.
This commit sets the number of retry to 0 before executing the
command, and restore the number of retry after the command is
executed. This commit also captures the timeout exception from the
adb_shell.
The radio driver will set the `mInfo.mTxInfo.mIsSecurityProcessed` field
to True after the radio driver encrypts the frame. Which causes subsequent
frames to be sent will not be encrypted.
This commit sets the `mInfo.mTxInfo.mIsSecurityProcessed` field before
sending each frame.
This commit enables transmitting wake up frames with CCA enabled. A
build time configuration is added in case the coprocessor doesn't
support the newly added feature skipping CSMA/CA backoff only.
Previously there's a delay for every router (10 seconds) and child (3
seconds) for it to start. The serialized waiting times are
unnecessary. This commit removes such waitings to speed up the test
case. This is especially useful in the BR test
`test_srp_register_500_services_br.py` which uses non-virtual time.
This adds the `-x` flag to the `tcp send` command so send specific
data defined by a hexadecimal string. The purpose is to use this in
testing, for example to emulate HTTP GET requests.
This commit updates the Border Agent so that the `CoapDtlsSession`
tracks the forwarded CoAP request and the allocated `ForwardContext`
to the leader using `Tmf::Agent` in a list.
If the CoAP session disconnects before the forwarded request finishes,
the pending transaction is explicitly aborted in the session's
`Cleanup()` method using `Tmf::Agent::AbortTransaction()`. This
ensures that the response handler, `HandleCoapResponse()`, is invoked
while the session remains valid.
The current diag module allows users running the 'diag send' and 'diag
repeat' concurrently. The command run later will change the settings
of the command run earlier, which will cause unexpected test results.
This commit does not allow running 'diag send' and 'diag repeat'
concurrently.
This commit updates `TxMessageHistory` to track the message length
along with calculated CRC-16 and CRC-32 values of the message
content. This replaces the use of SHA256 hash, simplifying the code
and removing the dependency of the mDNS core module on the crypto
platform layer (and mbedtls).
This commit introduces the `BorderAgent::EphemeralKeyManager` class,
which manages the use of the ephemeral key by the Border Agent.
The `EphemeralKeyManager` uses its own DTLS transport and CoAP secure
sessions. This allows the `EphemeralKeyManager` and the `BorderAgent`
service (which uses PSKc) to be enabled and used in parallel.
Previously, a single transport and session was shared between these
functions, requiring the normal BA service (with PSKc) to be stopped
before the ephemeral key could be used.
This is a fundamental change and improvement to the ephemeral key and
Border Agent functionality. Therefore some existing `otBorderAgent`
APIs need to be modified. For example, `otBorderAgentGetState()`,
which returned the Border Agent state to indicate whether there were
any active sessions, is no longer meaningful, as different
sessions/transports are now used for PSKc and ephemeral key, and
there can be multiple sessions. This commit intentionally renames and
changes the `otBorderAgent` public APIs, specifically all those
related to ephemeral key use, to highlight the fundamental change in
behavior. While this can cause backward incompatibility, it requires
app layer code that used the previous APIs to be updated to take into
account the new behavior.
This commit also updates `nexus/test_border_agent`, adding new tests
to validate the new behavior (e.g., BA service and ephemeral key
parallel sessions). It also includes and validates the Border Agent
counter updates under different scenarios (this enhances and replaces
`test_ephemeral_key_counters.py`).
This commit introduces `TxMessage::AppendAddressRegistrationEntry()`
which appends an address entry in an MLE Address Registration TLV.
The new helper method determines whether a given address can be
appended as a compressed (using a lowpan context ID) or as an
uncompressed entry. This simplifies the code by moving all checks
into a common method. It also adds an explicit check to ensure the
associated Context TLV has the "compress" flag set before using
the compressed format.
This commit clarifies the intended behavior of the radio platform API
`otPlatRadioSetMacKey()` by recommending that implementations also
clear the MAC frame counter value (tracked by the radio).
It also adds a safeguard for this in `KeyManager` by changing the
order of operations. The MAC frame counter is now reset before
updating the key sequence and MAC keys. A comment explains the
rationale behind this ordering. This is to avoid potential issue
where a large counter value may be used with the new MAC key which
could then hinder frame transmission for a long duration.
The otJoinerStart enables a mechanism for Thread
commissioning. The traditional Thread commissioning process uses
factory assigned EUI-64 of the device to derive the Joiner ID and
identify/filter a joiner (through steering data bloom filter).
But otJoinerStart does not allows users to have a new EUI-64 set
at run time.
On joiner side, when a new EUI-64 value is provided, the
Joiner code uses this new value to derive the Joiner ID and
identify/filter a joiner (through steering data bloom filter).
On commissioner side, users can use this new EUI-64 value.
MTDs built out of the OpenThread stack fail 1.4 network diagnostics
test cases that track connection time and role time in MLE counter
TLVs. We can workaround manually defining UPTIME for MTDs, but it's
better to make it the default behavior.
This commit updates and enhances the CRC module.
It updates the implementation to allow both CRC16 and CRC32
calculation with different polynomials. It adds new `Feed()` methods
to add bytes from a buffer or from a message into CRC computation. It
also adds a unit test to cover CRC calculation (both CRC16 and
CRC32).
This commit updates the default CLI bind interface to be consistent with
the description. The default behavior should apply to all Thread nodes,
not just devices that define UDP platform layer. For Thread nodes that
only use the Open Thread Stack, netif type OT_NETIF_THREAD_HOST has no
meaning.
Support for OT_NETIF_THREAD_HOST has been kept using the -h option.
Updated the CLI bind command readme to make it clear when the netif
options are valid and what is the default behavior.
Signed-off-by: Marius Preda <marius.preda@nxp.com>
This commit replaces the `#if !OPENTHREAD_RADIO` checks with explicit
`#if OPENTHREAD_FTD || OPENTHREAD_MTD` checks.
The existing check relied on the assumption that exactly one of the
three options `FTD`, `MTD`, or `RADIO` will be set, and therefore
`#if !RADIO` was used indirectly as a check for `FTD` or `MTD`. This
change improves clarity and allows for future addition of new
configurations (where this assumption may no longer hold true).
This commit updates neighbor aging and recovery on FTD children. An
FTD child establishes links with neighboring routers to receive
multicast MPL (re)transmissions.
If the device is an FTD child and has more than `mChildRouterLinks`
neighbors, it uses a longer neighbor age (`kMaxNeighborAgeOnChild =
150s`) and removes the neighboring router upon expiration without
attempting to re-establish the link.
This differs from the existing behavior (which is still used when the
device is a router or an FTD child with `mChildRouterLinks` or fewer
neighbors), where a 100-second age is used, and the device attempts
to re-establish links upon expiration by sending Link Requests.
Link Requests from FTD children are suppressed when a neighboring
router becomes unavailable, and the child already has more than
`mChildRouterLinks` neighbors. This helps reduce unnecessary network
traffic on denser networks, especially when a router device is
powered off.
When "diag radio sleep" is followed by "diag send" or "diag
repeat", the radio switches to and stays in the receive mode
after a transmission. Normally, the MAC layer is responsible
for putting the radio back to sleep but the MAC layer is
bypassed when using the diag commands.
Make sure that the radio goes back to sleep after
a transmission when the sleep mode is on. This helps command
like "diag repeat" work more reliably as the transmission
is less likely to be interferred with the accidental frame
reception.
Signed-off-by: Damian Krolik <damian.krolik@nordicsemi.no>
This commit adds support for port translation in NAT64. Currently the
translator only supports a direct mapping between an IPv4 and an IPv6
address requiring a large IPv4 pool to work effectively. This implies
the need for an additional NAT 4 to 4 translator as the border router
will only have one private IPv4 in the LAN.
This commit enhances the current functionality according to NAT64 RFC
and dynamic PAT mechanism. This is used by any home router to share a
public IPv4 address with a range of devices using private
addresses. The port translation ensures the source port or the ICMP
identifier is always unique in the mapping table allowing a reply
packet to be matched with the request using the destination port and
address. This functionality can be disabled at compile time.
Signed-off-by: Marius Preda <marius.preda@nxp.com>
This commit redefines tcplp symbols that conflict with LWIP's TCP implementation:
- tcp_input has been renamed tcplp_input
- tcp_output has be renamed tcplp_output
- tcp_close has been renamed tcp_close_tcb
- tcp_init was already removed but the prototype was still present and was deleted
- TCP_MSS and TCP6_MSS have been renamed to TCP_MAXSS and TCP6_MAXSS
Signed-off-by: Marius Preda <marius.preda@nxp.com>
Commit adds implementation of:
- 0x40 Tcat tlv extraction of active dataset,
- 0x25 Tcat tlv extraction of commissioner certificate.
Includes also refactoring of `BleCommand` adds new method `process_response`.
This simplifies:
- `GetPskdHash`
- `GetRandomNumberChallenge`
The example for the "diag frame" command uses an invalid
802.15.4 frame while not bypassing the header and security
processing with "-s" flag.
In such a case, it cannot be guaranteed that the underlying
platform will send such a frame if it can't parse the frame
IEs to check if any dynamic data is to be injected.
Switch to using a correct ACK frame.
Signed-off-by: Damian Krolik <damian.krolik@nordicsemi.no>
This commit updates `Router` to track the number of remaining Link
Request attempts during link re-establishment (when no Advertisement
is received from a router, and the router is aged out). This helps
simplify the code managing link re-establishment.
The original code counts the number of received frames to check
whether the specified frame format is supported. It doesn't check
whether the sent and the received frames are the same. The test
results may have some deviation.
This commit compares the sent and received frame to check whether the
specified frame format is supported. This commit also add a case to
test the wake-up frame format.
This commit removes unnecessary Border Agent state checks in
`CoapDtlsSession` methods. When the Border Agent is stopped, the DTLS
transport is closed, and all associated sessions are cleared and
removed.
This commit adds OT APIs to enable/disable the ephemeral key feature
and get IsEnabled state of it.
Currently a dbus method is provided to enable/disable the Ephemeral
Key feature and it is implemented with the module `BorderAgent` in
ot-br-posix. After we move the MeshCoP Service Publisher into OT core,
we won't use the `BorderAgent` module anymore. So we put the get/set
methods into OT core first. In addition, the MeshCoP service published
has a state bitmap which has a bit to indicate if Ephemeral Key
feature is supported. So we have to put this data into OT core.
This commit updates `LinkQualityInfo` to track the "link quality out,"
which is the link quality from the neighbor's perspective. This value
is currently tracked by the `Router` class. The existing methods in
`LinkQualityInfo` that return the "link quality in" are renamed to
use `LinkQualityIn` to clarify and distinguish them.
This change uses existing bits in `LinkQualityInfo`, freeing up bit
fields in the `Router` class to be used for other information.
This commit improves the organization of `border_agent.cpp` by
grouping the method definitions for `CoapDtlsSession` into a separate
section.
In PR #11131, many methods were moved into this class. To keep the
`git diff` smaller and easier to review, the methods were left in the
same order as previously defined. This resulted in the methods of
`CoapDtlsSession` and `BorderAgent` being mixed and interleaved.
This PR rearranges the methods and defines separate sections for each
class. This commit does not contain any code logic changes.
The otRadioSpinelMetrics includes metrics that record the count of the
RCP timeout and the count of RCP reboot and so on. After these events
happen, the Thread stack will exits and the system will re-start the
Thread stack again. In this case, metrics of the otRadioSpinelMetrics
will be cleared and metrics values are awalys 0.
This commit adds a temporary settings to store the radio spinel metrics.
The temporary settings will clear all settings after the system reboots.
This commit updates the `CoapDtlsSession` class in `BorderAgent` to
move all session-related functionality into this class. It now
handles its own state and uses its own `Timer`, ALOC, UDP receiver,
etc.
Many methods previously defined in `BorderAgent` are now defined in
`CoapDtlsSession`, ensuring each session can be processed
individually. The `ForwardContext`, which tracks forwarded TMF
commands, is also moved into `CoapDtlsSession` and updated to track
its associated session.
This change prepares `BorderAgent` to support multiple concurrent
sessions in future PRs.
This commit adds a new class, Ip4::Headers that offers support for
managing an IPv4 header along with UDP/TCP/ICMP4 headers from a received
message/frame. This functionality is equivalent to the one already
present for IPv6.
Added GetId() and SetId() methods to ICMP4 class.
Improved the Ip6::Headers functionality:
- added SetSourcePort() method to allow easier translation of ports in NAT64.
- added GetIpLength() and GetIpHopLimit() methods.
Added SetSourcePort() and SetDestinationPort() methods for TCP.
Signed-off-by: Marius Preda <marius.preda@nxp.com>
When running the sync command, such as `diag radio receive 10000`, the cli
doesn't allow running other commands before the sync command returns. Which
causes that the sync command may be blocked for a very long time and users
can't do anything to terminate the sync command. This will also cause the
test script to fail to run the second case after running first case fails.
This commit allows the cli to execute the `factoryreset` command when running
the sync command.
`TransmitPacket()` should return an error from platform Radio
implementation, as for example Radio can be in incorrect state.
If error occurs, increase `mSentErrorInvalidStatePackets` stat.
Add wrong state case to tests and fix `diag repeat stop` called
too lata.
Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
This commit adds a mechanism to expedite recovery from temporary
router link quality mismatches. If a received `RouteTlv` (from a
received Advertisement) indicates that the neighboring router claims
no link to us by setting its `GetLinkQualityOut()` towards us as `0`,
and our two-way link quality to this router is at least Link Quality
2, we schedule a unicast MLE Advertisement to be sent to this
neighbor. This advertisement is sent after a randomly selected delay
within a one-second window using `Mle::DelayedSender`.
This helps with link recovery on the neighboring router, which
otherwise may take longer due to reliance on the next trickle
timer-triggered Advertisement transmission, which can be up to 32
seconds later and, being multicast, may be missed.
This commit introduces a "gradual router link establishment" mechanism
for FTD children. An FTD child device communicates through its parent
but can establish links with other neighboring routers to receive
multicast messages (forwarded MPL) from them, improving multicast
reliability.
An FTD child tries to establish links with the first
`ChildRouterLinks` routers quickly (sending an MLE Link Request to
initiate the link upon receiving advertisements from a neighboring
router). The `ChildRouterLinks` is configurable through an OT
configuration option (specifying the default value) and at run-time
using the `otThreadSetChildRouterLinks()` API.
After the first `ChildRouterLinks`, the "gradual router link
establishment" mechanism allows `kExtraChildRouterLinks` additional
router links to be established slowly over a longer time. Gradual
router link establishment uses the following conditions:
- The link quality to the router must be 2 or better.
- It is always skipped in the first 5 minutes
(`kWaitDurationAfterAttach`) after the device attaches.
- The child randomly decides whether to perform/skip this (with a 5%
probability).
- If the child decides to send a Link Request, a longer random delay
window is used ([1.5-10] seconds).
Even in a dense network, if 500 FTD children receive the
advertisement, with a 5% selection probability, on average, 25 nodes
will try to send a Link Request randomly spread over a 1.5-10 second
window.
With a 5% probability, on average, it takes 20 trials (20 advertisement
receptions) for an FTD child to send a Link Request. Advertisements
are, on average, ~32 seconds apart, so a child will try to establish
a link in approximately 10 minutes (20 * 32 = 640 seconds).
This commit fixes the release of expired mappings by ensuring that
`ReleaseExpiredMappings()` is always called from the timer callback
`HandleMappingExpirerTimer()`, regardless of the logging level.
Previously, `ReleaseExpiredMappings()` was called as an input to
`LogInfo()`, which could become an empty macro (ignoring its input)
if info-level logs were disabled.
This commit updates `SecureTransport` to support multiple
`SecureSession`s on the same transport. The transport tracks a list
of sessions that it owns and manages. Two new callbacks are
introduced:
- `AcceptCallback`: Used to accept a new connection request, providing
the `SecureSession` instance to use (passing ownership of the
session to the transport).
- `RemoveSessionCallback`: Signals that a session is removed,
releasing ownership of the session.
`BorderAgent`, `Tmf::SecureAgent`, and `ApplicationCoapSecure` are
updated to adopt the new model.
This commit also updates the Nexus `test_dtls`, adding
`TestDtlsMultiSession` to validate multiple session support
behavior.
The original `diag send` command is an asynchronous command. Users
must wait for a certain period of time and then run the `diag stats`
command to query how many packets have been sent to know whether all
packets have been sent. This is very inefficient, and it is not
convenient for scripts to process this command.
This commit changes the command `diag send` from an asynchronous
command to a synchronous command, and add the asynchronous command
`diag send async`.
This commit adds 'tlv' command tree to the BBTC CLI.
The 'tlv' command has two subcommands: 'list' and 'send'.
The 'tlv list' prints available TLVs types that can be used in the 'send' subcommand.
The 'tlv send <TLV_TYPE> <TLV_PAYLOAD>' allows sending specific TLV with arbitrary payloads.
Example:
`tlv send a 1234`
Send ping TLV(0x0a) with payload '1234'
The 'tlv' command tree is to gain the ability to send the TLV with any payload at any time.
This feature allows to check the behavior of TCAT device against:
- receiving of unexpected TLV
- receiving of TLV with corrupted payload
- receiving of TLVs sent in custom order
Previously, it prints a line `PASS x FAIL y ...` when all the runs of
a test case complete. However, such messages could be hard to find
when multiple test runs fail so the messages are interspersed between
other logs.
This commit moves such messages to the end of the output. This makes
it easier to notice which test cases are failed. Also it will list the
failed iterations, which is useful when MULTIPLY > 1.
This commit adds `Tasklet::Unpost()` to remove a tasklet from the
tasklet scheduler run queue if previously posted.
It also adds a detailed unit test, `test_tasklet`, covering various
uses of `Tasklet`, such as posting single or multiple tasks.,
re-posting a task from its own handler, Un-posting tasks in different
orders.
This commit changes CoAP handlers to use otError in the function or
method definitions. This ensures the definitions are consistent with
the declaration in coap.h.
This commit introduces `Crypto::Storage::KeyRefManager`, which manages
and selects the `KeyRef` values. `ot::Instance` now will have its own
`KeyRefManager`. Under `MULTIPLE_INSTANCE_ENABLE`, this allows
different `ot::Instance`s to use different `KeyRef` ranges by setting
an instance-specific offset. This offset is used when determining the
`KeyRef` numerical value for secure storage access.
This simplifies doing local check by enhancing the script to accept
extra cmake options and specifying the commit to compare.
Example usage:
```bash
OT_SHA_OLD=e4a390f34 ./script/check-size nrf52840 -DOT_FULL_LOGS=ON
```
This commit adds `test_border_agent`, using the nexus framework, to
cover the functionality of `BorderAgent`. The test cases include:
- Border Agent initial state.
- Establishing a secure session to the Border Agent and
disconnecting.
- Handling "Commissioner Petition" to accept a full commissioner.
- Handling "Commissioner Keep Alive" and timeouts.
- Ephemeral key use and its initial state.
- Establishing a connection with an ephemeral key and disconnecting.
- Ephemeral key timeout mechanism (with or without a session).
- Ephemeral key use stopping after the maximum number of failed
connection attempts.
This commit adds a new variable, `mDidConnectWithEphemeralKey`, which
tracks whether a successful secure session is established using the
ephemeral key. This variable is used in `HandleConnected()` to
determine whether to stop using the ephemeral key when the Border
Agent is notified that the secure session is disconnected.
This change ensures that ephemeral key use is not stopped after a
failed connection attempt, while still guaranteeing that an ephemeral
key can only be used once.
Without this fix, a failed connection attempt would immediately stop
the use of the ephemeral key. With this change, the intended
`kMaxEphemeralKeyConnectionAttempts` will be applied.
When configuration file defined in build parameter(command line argument),
ot-fct is wound't take into an account and accessed default path.
This commit fixes to access configuration file from path which is
defined from build command line parameter. Also, it fixes some
compilation issues while building from ot-br-posix.
Signed-off-by: ashish <ashish.vara@nxp.com>
This commit updates the code so that `Tmf::SecureAgent` is not closed
when the Thread network interface is brought down. The `SecureAgent`
is directly controlled and used by either the `BorderAgent` or
`Commissioner` during network operation, which should continue to
function even if the Thread network interface is offline. It may also
be used by the `Joiner`, but in that case, it will be closed by the
`Joiner` itself upon finishing the join attempt.
When using the `diag frame -c xxxx` command to enable the CSMA-CA when
transmitting the frame, the command `diag send` won't output any message
the CCA failure happens. It is difficult for users to know whether
the CSMA-CA is actually effective via diag commands.
This commit counts the number of packets that are sent succeed and failed,
outputs the transmision failure reason and do not re-transmit the frame
after it fails to send.
The MleRouter::BecomeRouter already checks the device role and the API
claims only return OT_ERROR_INVALID_STATE when the role is disabled.
This commit consolidates the device role check in
MleRouter::BecomeRouter.
This commit clarifies the expected behavior with CSMA/CA parameters in
TxInfo.
* non-zero mTxDelay or non-zero mTxDelayBaseTime or falsy
mCsmaCaEnabled disables CSMA backoffs, thus ignores the
mMaxCsmaBackoffs field.
* Zero mMaxCsmaBackoffs disables CSMA backoffs.
* CCA is solely controlled by mCsmaCaEnabled.
This commit updates the interaction between `BorderAgent` and the
native `Commissioner`, removing the unnecessary mechanism to stop and
restart the Border Agent when the commissioner is enabled and
disabled.
This was previously required because both modules shared the same
underlying `Tmf::SecureAgent` and DTLS transport. This has been
changed recently so that `BorderAgent` uses its own DTLS transport
and sessions.
This commit updates `BorderAgent` to utilize its own DTLS `Transport`
and CoAP `SecureSession`, separating it from the shared
`Tmf::SecureAgent` used by `Commissioner` and `Joiner` modules. This
change enables future support for multiple sessions within
`BorderAgent`.
This commit improves the organization of `secure_transport.cpp` by
grouping method definitions for `SecureSession` and `SecureTransport`
into separate sections.
The recent PR #11046 introduced `SecureSession`, separating the
session and transport functionality. To keep the `git diff` smaller
and easier to review, the methods were left in the same order as
previously defined. This resulted in methods of `SecureSession` and
`SecureTransport` being mixed and interleaved. This PR rearranges the
methods and defines separate sections for each class. This commit
does not contain any code logic changes.
This commit updates the `Dataset::IsTlvValid()` method to also
validate the Active/Pending Timestamp and Delay Timer TLVs, ensuring
they have the minimum required length. This ensures that a dataset
with invalid TLVs is correctly rejected when set on a device.
This commit introduces the `Dtls::Transport` and `Dtls::Session`
classes, separating session-related functions from transport-related
behaviors. It also introduces the `Coap::SecureSession` class, which
handles CoAP processing over a DTLS session. This simplifies the code
by allowing `Coap::SecureSession` to inherit many of its methods from
`Dtls::Session`, avoiding repetition. It also separates CoAP-specific
message processing from transport-related functionality.
`Tmf::SecureAgent` and `ApplicationCoapSecure` are updated to act as
both a `Dtls::Transport` and a single `Coap::SecureSession`.
This commit adds a version field (`uint8_t`) to DNS/SRP Anycast and
Unicast Service entries in `NetworkData::Service::Manager`.
For Unicast entries, the version the version field is placed after
the existing fields, specifically after the IPv6 address and port number fields.
For Anycast entries it is added as the in server data as part of the
Server TLV.
When processing Network Data service entries, the version field is
optional and if absent, version number zero is assumed.
The `NetworkData::Publisher` now considers entries with the same or
higher version number when deciding whether to add or remove its own
entry, preferring those with a higher version.
In SRP client, when `AutoStart` mode is used and if there are multiple
Unicast, Service entries, the client prefers the one with larger
version number.
When selecting an anycast entry, the existing rules regarding sequence
numbers are still used. If multiple entries with the same sequence
number exist, the client will assume the minimum version number among
all such entries.
This commit also updates the `test_network_data` unit test, validating
the new format and related methods.
`test_netdata_publisher.py` is also updated to check service entries
with different version numbers.
This commit updates `LinkedList` and `OwningList` to enhance
`FindMatching()`, `RemoveMatching()`, and related methods to use
`Matches()` with a variable number of arguments. The implementation
uses a variadic template function and forwarding references.
This commit simplifies the `BorderAgent::HandleUdpReceive()` method:
- All local variables are defined at the top of the method.
- Tracks whether the UDP message was handled in the new local
`didHandle` variable (avoiding the reuse of a specific error code
to track this).
- Simplifies log messages.
This commit adds guard checks for Border Agent, Commissioner, Joiner,
and CoAP Secure API features that use Secure Transport (DTLS/TLS) to
ensure `OPENTHREAD_CONFIG_SECURE_TRANSPORT_ENABLE` is enabled. It
also moves the deprecation check for the earlier DTLS configuration
to `openthread-core-config-check.h` to be consistent with other
removed/deprecated configurations.
This commit adds `LogCertMessage()` to generate a message dump log for
certification test. This function is used by both `Joiner` and
`Commissioner`, removing duplicate code.
The current diag module will count any packets received. This commit
adds the command `diag radio receive filter` to allow the diag module
receives only frames with the specified destination mac address.
This commit rearranges the method definitions in the `BorderAgent`
class so that related methods are next to each other. This improves
code readability and organization. This commit contains no logic
changes.
This commit introduces a new mechanism for the TREL link to detect and
handle discrepancies between the IPv6 address and port used by a TREL
peer in a received TREL packet, and the information previously
reported by the platform layer (through DNS-SD discovery) for the
same peer.
Ideally, the platform underlying DNS-SD should detect changes to
advertised ports and addresses by peers. However, there are
situations where this is not detected reliably.
As a received frame over the TREL radio link is processed by the MAC
or MLE layers, if the frame passes receive security checks at either
layer (indicating it is a secure and authenticated/fresh frame from a
valid neighbor), the TREL peer socket address is automatically
updated from the received TREL packet info. This ensures the TREL
peer table is updated correctly if there are changes to TREL peer
addresses of valid Thread neighbors upon rx from such neighbor,
increasing the robustness of the TREL link.
This commit also introduces a new `otPlatTrel` platform API,
`otPlatTrelNotifyPeerSocketAddressDifference()`. The TREL
implementation now notifies the platform layer whenever it detects a
discrepancy in a TREL peer's socket address, regardless of whether
the peer table is automatically updated. This allows the platform
layer to take any appropriate action, such as restarting or
confirming DNS-SD service resolution query for the peer service
instance and/or address resolution query for its associated host
name.
This commit also adds a new test that validates the newly added
behavior, including the auto-update of peer table information and
notification of the platform through the new API, triggered by either
MLE or MAC messages over the TREL radio link.
This commit contains the following changes to `LinkedList`:
- Removes the `FindMatching()` version that searches within a given
sub-section of the list, as this method is no longer needed.
- Renames the method that finds a matching entry and also returns the
`prev` entry in the list to `FindMatchingWithPrev()`. This
distinguishes it from other `FindMatching()` overloads and
clarifies its purpose. This method is often used when the caller
wants to find the matching entry and later remove it from the list.
This commit updates and simplifies how `Connect` and `Receive`
callbacks are set on `SecureTransport` and `CoapSecure`. Instead of
using the `Open()` method to set these, they are now directly set
using the corresponding `SecureSession` methods. This commit also
harmonizes the method name for setting the "connect" callback,
ensuring the same name is used by different classes.
All diagnostic commands (instead of `diag start`) should fail if
device is not in diagnostic mode. Previously it was verified by
each command's process method (with a missing check in
`ProcessEcho` and `ProcessGpio`). This commit moves the check
directly to `ProcessCmd` and cleans up redundant code.
Additionally clean the documentation and align the code as for
some commands `status 0x00` was added on success and for some not.
Move `AppendErrorResult()` to `ProcessCmd()` as well.
Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
This commit introduces the `SecureSession` class to manage
session-related functionality, decoupling it from the
`SecureTransport` class. `SecureSession` provides method such as
`Connect()`, `Send()`, and `IsConnected()`, while `SecureTransport`
focuses on transport-level operations and common configuration
(e.g., setting PSK, cipher keys).
The `Dtls` and `Tls` subclasses now inherit from both
`SecureTransport` and `SecureSession`, effectively providing the same
methods as before and implementing a single DTLS/TLS session over a
socket.
This commit updates `Setup()`, which initializes and sets up
`mbedtls_ssl_config` and `mbedtls_ssl_context`. The call
`mExtension->SetApplicationSecureKeys()` (which updates the
`mbedtls_ssl_config`) is now called before `mbedtls_ssl_setup()`
associates the config with the `mbedtls_ssl_context`. This
follows the recommendation that the config structure is not
modified after `ssl_setup()` and while a session is active.
This commit refactors the settings module to move the settings file
related methods to a seperate file, so that other modules could resue
the same code to save thier settings to another settings file.
The `diag frame` command can set the frame to be sent. But developers
has no command to check if the received frame is the same as the sent
frame. This commit adds the command `diag receive [async] <number>
[lpr]` to show the detailed info of specified number of received
frames.
The current MLE Link Request handler would result in dead lock if two
routers sends Link Request to each other at very close time points, when
either node tracks the other node in LinkRequest state, so rejects the
request until timeout.
This commit changes the handler so that a node will accept the Link
Request even if the peer is in LinkRequest state.
The wakeup frame is sent from the wakeup coordinator rather than the
wakeup end device. Current code processes the key id mode 2 only when
the device is the wakeup end device. This commit corrects this issue.
This commit fixes an issue related to #9554 where a new radio
capability is introduced: RX_ON_WHEN_IDLE.
In this commit, we set `rx_on_when_idle` to be true when calling `diag
start`, and false when calling `diag stop` for devices which support
`rx_on_when_idle`.
This fix ensures that packets can still be received if `diag` is used
after `ifconfig down`.
If the radio driver supports the `OT_RADIO_CAPS_TRANSMIT_SEC`, the
radio driver should process the security of the send frame. But the
current method `otMacFrameProcessTransmitSecurity()` doesn't process
the security of the wakeup frame. Which causes sent wakeup frame is not
encrypted.
This commit enables the method `otMacFrameProcessTransmitSecurity()`
to process the security of the wakeup frame.
There is a standalone CMake version check, no need to use this version
in gcc specific build tests. This change should accelerate gcc build
check, as it takes 8.5 minutes to build cmake.
This commit updates how state is tracked in the `SecureTransport`
class. It directly tracks whether the transport/socket has been
opened or closed in a new member variable `mIsOpen`. The TLS/DTLS
session state is tracked separately in `mSessionState`. This
separation allows for future changes to support multiple sessions
using the same transport/socket.
This commit also simplifies the session states, adding "disconnected"
and "disconnecting" (replacing "close notify") states.
When running the command `diag frame -s
fd874f68f1ca00efbe00adde5d4f4913e953845a154d4cbab10000000001820e390005009bb8ea011c58a065c39fbd`
and `diag send 20` to send the specified diag frame, we found that the
frame is modified by the RadioSpinel module. Which causes the diag
sent frames are not the same.
This commit checks whether the frame header has been updated before
sending, the RadioSpinel module won't update the frame header if the
frame header has been updated before sending. This commit also adds an
option `-u` to the `diag frame` command to specify the
`mInfo.mTxInfo.mIsHeaderUpdated` field of the diag sent frame.
This commit expects echo of diag commands to make sure the command is
received by the node when waiting for the expected output. This helps
make this test less flaky.
If the new router is not in peer's route TLV, the link request would
be ignored, causing the link establishment stuck at the Link Request
stage until timeout when a new attempt could proceed. This commit adds
a check on the initiator to make sure the peer router's Route TLV
contains the initiator's router id before sending the link request,
otherwise it refrains from initiating the link establishment.
This commit simplifies and fixes the `Send()` method by sending the
entire `aMessage` content and removing the extra `aLength` input
parameter. In all calls, the input `aLength` was set to the message's
length. The previous implementation of `Send()` did not correctly
handle cases where the passed-in length was longer than the available
bytes in the given message.
This commit also updates the documentation of `Send()` to clarify the
behavior regarding the transfer of ownership of `aMessage`.
Additionally, this commit simplifies `CoapSecure` and `BleSecure`
where `Send()` is called.
This commit updates the `ba counters` CLI command to use a counter
name lookup array. This follows the same approach used in `Cli` for
other counters, such as MAC, MLE, IP, and BR counters.
This commit adds a new mechanism to track the current attach time
(the time duration since device was last attached to a Thread mesh).
This duration indicates how long the device has been connected,
regardless of its role(child, router, or leader).
A related public OT API and CLI command are also added. This
information can be used for debugging purposes and internally within
the OT core to wait for the device to stabilize before enabling
certain behaviors.
This commit updates `Srp::Server` to associate its UDP socket with
`kNetifThreadInternal`, ensuring that received messages are from the
internal Thread network interface (i.e., from devices within the
Thread mesh).
This commit adds `test_dtls` using the nexus framework, which covers
basic functionality of `Dtls` (`SecureTransport). The test covers:
- Devices acting as DTLS server or client
- Establishing a DTLS session and data transfer
- `ConnectedHandler` events when the peer or local side disconnects
- Failed connection attempts (e.g., using an incorrect PSK)
- Setting max allowed attempts and auto-close behavior
This commit updates how MbedTLS timers are handled, ensuring that both
intermediate and finish times are tracked in their own variables.
This decouples the intervals from the underlying `TimerMilli`
instance, allowing the same timer to be shared to support multiple
sessions later.
This commit updates the `Setup()` method to separate the preparation
of the `mbedtls_ssl_config`, `mbedtls_ssl_cookie_ctx`, and
`mbedtls_ssl_context` components. This allows for decoupling these
components later, for example, to support multiple sessions using the
same configuration.
This commit rearranges the method definitions in the `SecureTransport`
source file to place the `SecureTransport::Extension` class methods
next to each other and after the `SecureTransport` methods.
This commit updates `SecureTransport`. It introduces the `Extension`
class within `SecureTransport`, providing support for additional
cipher suites and related methods to configure the ciphers
(e.g., `SetPreSharedKey()`, `SetCertificate()`).
This class decouples this functionality from the common
`SecureTransport` object, allowing it to be added to any class.
Classes like `ApplicationCoapSecure` or `BleSecure` can inherit from
`Extension` to provide these methods. An `Extension` is then
associated with a `SecureTransport` (or any of its subclasses). This
approach ensures that only instances requiring extended cipher suite
support incur the associated memory cost and avoid repeated code.
This commit also introduces `Dtls`, `DtlsExtended`, and `Tls` as
subclasses of `SecureTransport` for easier use by other modules.
This commit resets (to now) the timestamp of queued messages for a
previously sleepy child when the child mode changes to non-sleepy.
This ensures that delay-aware queue management is correctly applied
to these messages and avoids them being dropped immediately.
This commit introduces `kNetifThreadInternal` as a network interface
option for UDP sockets. Unlike other options, this disallows the use
of platform UDP for the socket, indicating that the socket should use
the OpenThread internal Thread network interface only.
This model replaces the previous approach where `ShouldUsePlatformUdp()`
would check the socket port against a set of port numbers used by
different modules (such as MLE, TMF, Joiner Router, etc) to determine
whether platform UDP APIs should be used. With the new model, each
module decides whether to associate its socket with the
`kNetifThreadInternal`.
This is a more flexible and extensible model, ensuring that sockets
that should not use the platform do not waste resources (they will
not be created or opened/closed on the platform). This also help
avoid edge cases where platform UDP operations may unintentionally
fail when the platform socket is not actually needed.
Avoid SSL context operations in TCP callbacks (for
eg. `HandleTcpDisconnected`) when the context could have already been
de-allocated after de-initialization.
This commit updates how address lists are compared in the unit test
`spinel_prop_codec`, ensuring that the correct size based on the
array length is passed to `memcmp()`.
This commit adds `Mac::CalculateRadioBusTransferTime()`, which
calculates the radio bus transfer time (in microseconds) for a given
frame size based on `Radio::GetBusSpeed()` & `Radio::GetBusLatency()`.
This helper method is used in the `CslTxScheduler` and
`WakeupTxScheduler` classes to update frame request-ahead time.
This commit updates how the handshake completion is checked on MBedTLS
version 3.0 or later. Instead of accessing the private `state`
variable, the `mbedtls_ssl_is_handshake_over()` function is used.
This follows the recommendation of the MbedTLS documentation to avoid
using the deprecated `mSsl->MBEDTLS_PRIVATE(state)` access on newer
versions.
This commit updates how the `NetifId` is set on a `Udp::Socket`. It is
now specified as a parameter in the `Open()` call instead of `Bind()`.
This change makes the socket more flexible by allowing the `NetifId`
to be known earlier (which can be used for future optimizations). It
also allows the desired `NetifId` to be set even when `Bind()` is not
explicitly called, such as when `Connect()` or `SendTo()` are used on
a socket that is not yet bound. Previously, `kNetifThread` was
assumed by default in these situations.
The public `otUdp` APIs are left unchanged to ensure backward
compatibility.
This commit removes the `ShouldUsePlatformUdp()` call in
`Ip6::PassToHost()` and `Udp::HandleMessage()`.
`ShouldUsePlatformUdp(port)` checks whether the port is NOT one of the
port numbers used by the OT stack, such as the MLE port, TMF port,
border agent port, or joiner port. This check is already covered by
`Udp::IsPortInUse()`, which checks if there is a UDP socket bound to
the given port.
Applying such a filter in `Udp::HandleMessage()` seems to have been
added by mistake, as it blocks the use of UDP receivers, which should
be able to receive and process on any port, not just the ports where
we have a socket bound.
This commit introduces `CslNeighbor`, a subclass of `Neighbor` that
also inherits from `IndirectSender::NeighborInfo` and
`CslTxScheduler::NeighborInfo` to manage indirect transmission and
CSL-specific information.
The `Child` class now inherits from `CslNeighbor`, inheriting all CSL
functionalities while adding extra child-specific information. The
newly added `CslNeighbor` allows extending CSL functionality to
devices in other roles, not just `Child` devices.
The `CslTxScheduler` class is updated to use `CslNeighbor` as well
(instead of `Child`), making it more general-purpose.
`IndirectSender`, its sub-components, and `Mac` are updated to enable
CSL on MTD builds when `OPENTHREAD_CONFIG_MAC_CSL_TRANSMITTER_ENABLE`
is enabled.
This restructuring provides a more flexible and scalable framework for
implementing enhanced CSL functionality on new device types.
This commit fixes the wrong implementation of the GetProperty handler
of `SPINEL_PROP_SRP_SERVER_ENABLED` and
`SPINEL_PROP_SRP_SERVER_AUTO_ENABLE_MODE`.
In GetProperty handlers only the body should be written. It doesn't
need to and shouldn't call `BeginFrame` and `EndFrame`. If using
`BeginFrame` here, it will get an error of INVALID_STATE.
This commit defines the `Mac::kCslRequestAhead` constant, which
maps to `OPENTHREAD_CONFIG_MAC_CSL_REQUEST_AHEAD_US`. This
constant is used within the core modules.
Commit aligns define guards on `LogAt` macto and `RegisterLogModule` to
match. Previuosly `OT_SHOULD_LOG` was getting default value set as
platform defined and log level was buy default set to none which caused
misalignment.
This commit refactors `Radio::Statistics` to be a nested type within
the `Radio` class. It is declared as a `friend` of `Radio` so that
its interaction with `Radio` can be defined as `private` methods.
When the ot-rcp enters the assert state, the host crashes and exits.
But the ot-rcp still runs in the dead loop and becomes an orphan
process.
This commit enables the platform assert so that the ot-rcp can
automatically exit when entering the assert state.
This commit removes the `Callbacks` class defined for use between
`IndirectSender` and its underlying `DataPollHandler` and
`CslTxScheduler` components. This model was added earlier in #3952 to
make all interactions between these modules asynchronous
(callback-based). The objective was to move the handling of data
polls and indirect transmissions closer to the MAC layer and allow
`DataPollHandler` logic to be moved to RCP in an host and RCP
architecture. With the introduction of CSL, this approach is no
longer viable, but the callback style was still used. This commit
removes this and simplifies the code.
The Sequence Number Suppression field and AR can be both 1 in fuzz test,
in which case, the frame is not valid. And no ack should be expected.
This commit changes the expectation in this case.
This commit fixes an issue in spinel_prop_codec unit test.
We cannot use Spinel::Decoder::ReadUintPacked with a spinel_prop_key_t
type. This will cause build errors on arm platforms.
This commit updates `DelayedSender` to allow scheduling of delayed MLE
Link Request messages. This is used to apply a random delay when
sending a Link Request after receiving an MLE Advertisement from a
neighbor.
Advertisement messages are multicast transmissions and can be received
by multiple nodes, potentially causing synchronized generation of
Link Requests. This change helps distribute the transmission time
over a random window (one second if the requester is a router, or
[1.5-3] seconds window if it is a child).
When a router timeout occurs (i.e., no advertisements are received
from a neighboring router for more than the maximum allowed age), the
device sends Link Requests to restore its link. This commit updates
this process to apply a random delay (over a one-second window) to
each Link Request transmission.
This aligns the implementation with the Thread specification and can
improve network behavior when a new router is added or abruptly
removed.
This commit adds spinel_prop_codec module to lib/spinel to provide
encoding & decoding functions for complex spinel properties.
This commit moves the encoding of `SPINEL_PROP_DNSSD_HOST`,
`SPINEL_PROP_DNSSD_SERVICE` and `SPINEL_PROP_DNSSD_KEY_RECORD` from
NcpBase to the lib and adds the decoding functions. The background is
that I found the encoding & decoding of complex spinel properties are
error-prone. However the encoding and decoding of one property are
usually put in different places. For example, encoding is in
openthread ncp while decoding is in ot-br-posix ncp spinel. It's
difficult to debug the decoding in ot-br-posix and there is no unit
tests for the encoding & decoding.
This commit puts the encoding & decoding together and adds unit tests
to ensure they are correct.
This commit refactors COAPS classes, renaming the `CoapSecure` class
as `CoapSecureBase`, which is the base class of `Tmf::SecureAgent`
and a newly added `ApplicationCoapSecure` class. This change
simplifies the code and class hierarchy and ensures that the
Application COAP secure related functions are only provided by
`ApplicationCoapSecure` and when the corresponding config feature
`OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE` is enabled.
This commit removes the calls to `mbedtls_ssl_close_notify()` in
`SecureTransport::Process()` when, based on `rval`, it is determined
that `Disconnect()` should be called, as the `Disconnect()` method
itself will call `mbedtls_ssl_close_notify()`.
This commit reorders the member variables in `SecureTransport`,
grouping booleans and variables of the same size closer to each other
to avoid alignment gaps and allow for better code optimization.
Sometimes `ot-rcp` will exit without any exit information in the
log. It is hard for developers to know what happens on the `ot-rcp`
side when the `ot-rcp` exits abnormally. This commit calls functions
defined in `lib/platform/exit_code.h` to exit the program and log the
exit information.
This commit simplifies `SecureTransport::Process()`:
- The `mReceiveCallback` is invoked only after a successful `read()`
Afterward, we `continue` back through the loop to check if it can
read again.
- The `rval` checks are now combined into a single `switch()`
statement to determine if the connection should be disconnected,
reset, or if the process should wait, and then takes the proper
action.
This commit contains changes to `SecureTransport`:
- Inlines simple methods (`Disconnect()` and `GetUdpPort()`).
- Removes/refactors simpler methods, such as `Receive()` and
`HandleSecureTransportSend()`, which are now directly moved into
`HandleMbedtlsTransmit()` and `HandleReceive()`.
- Removes unused `SetClientId()` and inlines its implementation.
- Removes extra `LogDebug` line (can be tracked by logging `State`
changes).
- Simplifies `HandleMbedtlsReceive()` and how data is read from
`mReceiveMessage`.
- Uses a consistent style to refer to function pointers.
This commit adds `Ip6::MessageInfo::HasSamePeerAddrAndPort()` which
checks if the peer address and port of two `MessageInfo` objects
match. This method is used in different modules (`Coap`, `Srp::Server`,
`SecureTransport`) to simplify the code.
This commit removes unnecessary documentation of private member
variables in the `Neighbor` class and updates `enum` based constant ,
replacing it with `static constexpr`.
This commit ensures that the `mCslPresent` flag is set on `TxFrame`
when the CSL IE header is appended to the frame. This addresses an
issue introduced in #10692 where this flag can remain unset.
If the Wake-up Coordinator role is enabled:
1. Add an API to attempt to attach a Wake-up End Device. For now,
this new API starts a wake-up frame sequence to the WED, but all
the remaining MLE changes will be provided in the upcoming PRs.
2. Add "wakeup wake" shell command.
Note:
This commit enables testing the wake-up feature without the need to
make any changes in the radio layer by implementing the wake-up frame
scheduling in the core.
In real products with the Wake-up Coordinator capability, this should
likely be offloaded to the radio layer to assure a reliable wake-up
despite of the high rate of the wake-up frames.
This commit implements response aggregation (RFC 6762 section 6.4) in
the mDNS module. If multiple responses are scheduled to be sent, each
delayed by a different interval, earlier responses are further
delayed to allow aggregation with other responses scheduled to go out
a little later.
Before preparing a response, we determine the next multicast
transmission time that is explicitly after the current time. This is
used for response aggregation. As the response is being prepared,
different entries can decide whether to extend their answer delay
duration if allowed (e.g., probe question answer delay cannot be
extended) and possible (not extending the delay beyond the maximum
allowed delay).
To realize this, the way we track the `AnswerTime` of records is
changed. It is now tracked by two variables: `mQueryRxTime`
(the receive time of the question triggering the answer) and
`mAnswerDelay`.
This commit also adds `TestResponseAggregation()` to the `test_mdns`
unit test to validate the response aggregation behavior.
This commit renames and updates `HandleLinkAcceptVariant()` used to
handle an MLE "Link Accept" or "Link Accept And Request". The method
now takes the `MessageType` directly as an input parameter.
This commit adds a new `CipherSuite` enum in `SecureTransport` to
track the selected cipher suite. This helps simplify the code. A
table is used to map the selected `mCipherSuite` to a constant array
of `MBEDTLS_TLS_*` values to configure mbedTLS module.
This commit updates how the Link Accept response timeout is tracked.
It is now directly tracked in a `Router` entry using a new member
variable, `mLinkAcceptTimeout`, which stores the remaining timeout in
seconds. This value is decremented from `HandleTimeTick()` every
second.
This model replaces the previous approach, which indirectly used
`SetLastHeard()` for this purpose. The earlier method had
shortcomings; primarily, `SetLastHeard()` could be called again on
receiving a new advertisement, inadvertently pushing back the Link
Accept timeout. This model also became problematic when a random
delay was introduced before the transmission of Link Requests
(e.g., after receiving an advertisement).
This commit also enhances the process for restoring a link when a
router is aged (i.e., no advertisements are received from it). In the
new model, once the router age expires, Link Requests are sent every
time tick (every second) up to `kMaxTxCount = 3` attempts. The main
change is that after the last attempt, the code waits for the Link
Accept timeout (~3 seconds) before the router is removed.
This commit adds an additional note next to the table from the
specification text regarding valid combinations of flags within an
encoded MAC header and the interpretation of the "PAN ID Compression"
flag.
This commit removes the `CONFIG_MLE_SEND_LINK_REQUEST_ON_ADV_TIMEOUT`
configuration option.
The related behavior is now always enabled, meaning a device will
always send a Link Request when the advertisement timeout is reached
and the neighbor age threshold is met for a neighboring router.
This commit implements "Periodic Parent Search" mechanism for FED/REED
devices (FTD children). This enhances and builds upon
the existing parent search feature, which is mainly intended for
MTD children.
An FTD child receives and processes MLE Advertisements from
neighboring routers. The child uses this information to track the
one-way link quality to each router, which is later used to compare
and select potential new parents.
Every "parent search check interval", the FTD child checks to see if
it can select a better parent by evaluating all neighboring routers
based on their link quality information. A router is considered a
suitable parent candidate only if its average RSS exceeds the current
parent's RSS by a margin (`PARENT_SEARCH_RSS_MARGIN`).
Once a candidate is selected, the FTD child sends unicast MLE Parent
Requests to both the candidate and its current parent. This ensures
updated connectivity information is obtained from both before making
a decision. The same set of criteria used to compare candidates
during initial attach are applied during parent switch.
If the attach attempt to the selected candidate fails (e.g., the
router already has the maximum number of children it can support),
the FTD child ensures not to select the same router again until
a "reselect timeout" expires.
This commit also adds the `test-025-fed-parent-search.py test`, which
validates the newly added FTD parent search behavior, including the
mechanisms to attach to a selected router and the reselect timeout.
This commit refines the Child Update Request mechanism within the MLE
module. The `DelayedSender` class is now used to schedule these
requests, enabling the aggregation of multiple updates into a single
transmission.
The previous implementation, which relied on
`mMessageTransmissionTimer` and a state variable, has been replaced
with the `DelayedSender` mechanism. This change aligns the Child
Update Request process with the scheduling of other MLE messages,
ensuring consistency.
Additionally, the `mMessageTransmissionTimer` is now exclusively
dedicated to retransmission handling, simplifying the logic and
improving code readability. The introduction of two boolean
variables, `mWaitingForChildUpdateResponse` and
`mWaitingForDataResponse`, further streamlines retransmission
handling by clearly tracking the waiting state for specific
responses.
This commit renames the `SendChildUpdateRequest/Response()` methods
to distinguish between those sending (from a child) to its parent and
those sending (from a parent node) to a child. This improves the
readability of the code.
This commit introduces the `EcdheEcdsaInfo` and `PskInfo` structs,
which encapsulate all the tracked properties needed when the
corresponding key-exchange mechanism is used. This helps simplify the
code by keeping all code related to each feature within the same
block.
The parameters of the method dataset_set_buffer() has been updated, but the
method create_dataset() still use previous defination of dataset_set_buffer().
It causes the crash when calling the method create_dataset().
This commit implements ncp version of otPlatDnssdRegisterHost.
1. move the position of `SPINEL_PROP_DNSSD_STATE` in `spinel.h`
because it was by mistake put within the range of
`SPINEL_PROP_SRP_SERVER`. The value is unchanged.
2. A template method `DnssdUpdate` is added because the same process
works also for DNSSD service and key record which will be added in
following PRs.
This commit updates the `CoapSecure`, `Tmf`, and `SecureTransport`
modules to use the `LinkSecurityMode` enum and its defined constants
to indicate whether or not layer two security should be used. This
replaces the use of boolean input parameters with `kWithLinkSecurity`
or `kNoLinkSecurity` constants, improving code readability.
This commit updates how `Mle::DelayedSender` sends MLE messages after
a delay.
Previously, a delayed message was fully prepared and placed in a
queue, waiting for its delay duration to expire. In the new model, a
delayed message is prepared when the requested delay time expires and
the message transmission time is reached. The message is constructed
right before transmission. This ensures that the delayed message
includes the most up-to-date information and simplifies the methods
that prepare and send different types of MLE messages.
`DelayedSender` now keeps track of the message type and the
specific information required to construct the message later. For
example, for a delayed Parent Response to a Parent Request, the
extended address and the `RxChallenge` of the child are saved.
This new model makes it easier to implement the desired behavior when
similar messages are already scheduled to the same destination. For
example:
- For Data Request, if one is already scheduled, a new request can
be skipped, as the earlier Data Request will be valid.
- For Parent Response, Link Accept, and Data Response, a new
schedule request replaces an earlier one.
- For Discovery Response, multiple schedules are allowed.
This commit applies style fixes and renames in the `SecureTransport`
class, including using the `k` prefix for constants and removing
unused member variables.
Started from #10872, platform trel stays un-initialized if no TREL URL is
passed in. `otPlatTrelEnable` asserted for `sInitialized`, and caused
crashes when `otPlatTrelEnable()` is called.
This commit changes the assertions to VerifyOrExit() to allow
otPlatTrelEnable calls when TREL is not initialized.
This commit implements NCP based version of `otPlatDnssdGetState`.
A unit test is added to verify the implementation. This commit also
adjusts the unit test workflow to put the ncp unit tests into a
separate item. The direct reason for this commit is that `otPlatDnssd`
APIs haven't been implemented in `FakePlatform` and when
`OT_PLATFORM_DNSSD` is turned, the build failed. Let's first run NCP
unit tests separately and later try to merge the test items.
This commit updates `otUdpSocket` to track the associated network
interface identifier to which the socket is bound. This simplifies
the code for tracking backbone sockets, particularly how
`Udp::HandlePayload()` finds a matching socket.
Previously, backbone sockets were placed at the end of the `mSockets`
linked-list. The code tracked and updated a pointer to the entry
before the first backbone socket in the list. This commit removes the
need for this additional tracking and simplifies the implementation.
The current TREL implementation uses TREL URL to pass in the TREL
interface at system start. This works for devices that have a fixed
interface for TREL.
There are devices that can dynamically switch infrastructure link, for
those devices it's possible that infra link changes from ethernet to
wifi and TREL should be re-configured on the new interface.
There's a CI failure that the BR sends the query to 8.8.8.8 as the
upstream DNS server and responded to the DNS client. This is undesired
behavior. We want the BR to query our test DNS server instead.
The issue happened because 8.8.8.8 is already an entry in
`/etc/resolv.conf`. To avoid querying it, we should fully overwrite
the `/etc/resolv.conf` to ensure the BR queries the test DNS server.
There's another issue that `bind9` service was also running on the BR
node which taken over all incoming DNS queries. `bind9` should only
run on the upstream DNS server node. I'll try fix this in a more
generic way later.
This commit introduces a mechanism for a device transitioning from
child to router role to keep receiving frames addressed to its
previous short address for a brief period.
A new radio platform API, `otPlatRadioSetAlternateShortAddress()`, is
introduced. This allows the OT stack to configure an alternate short
address. Radio platform support for this function is indicated by the
`OT_RADIO_CAPS_ALT_SHORT_ADDR` capability in `otPlatRadioGetCaps()`
The same function can be used with `OT_RADIO_INVALID_SHORT_ADDR`
(`0xfffe`) to clear a previously set alternate short address. Support
for the new API is implemented in RCP and `RadioSpinel`, ensuring
backward compatibility by dynamically checking supported radio
capabilities.
MLE code is updated to instruct the radio to use the old child RLOC16
as an alternate address upon role transition. The MLE layer will
automatically clear the alternate address after eight seconds, or if
other state/mode changes occur. This eight-second window ensures the
new router can transmit four MLE Advertisement messages.
This commit simplifies the process of preparing response and query
messages in the mDNS module. Instead of passing `TxMessage` and
`aNow` separately, a reference to `EntryContext` or `CacheContext`
is now passed directly to `PrepareResponse()` and other related
methods.
This direct approach streamlines the code and facilitates the
potential inclusion of additional fields in `EntryContext` in the
future.
This commit adds empty implementation for a NCP based version of
otPlatDnssd APIs.
Like NCP version of otPlatInfraIf APIs, this commit adds a control
option to enable/disable the simulation platform version of
otPlatDnssd APIs to avoid conflict. By default, the simulation version
of implementation will still be turned on.
This commit updates the Border Agent to invoke the ephemeral key
callback when a commissioner candidate successfully establishes a
secure session using the ephemeral key. This can be identified by
checking the state `otBorderAgentGetState()` and matching it with
`OT_BORDER_AGENT_STATE_ACTIVE`. This new signal can be used to stop
advertising the mDNS service "_meshcop-e._udp" earlier (since the
ephemeral key is one-time use).
When allocating a new NAT64 mapping table item to a transaction, the
counters might be dirty, causing incorrect counter values in NAT64
mapping protocol counters.
This commit introduces a new API `otNat64ClearIp4Cidr` which is useful
when the in-use NAT64 CIDR is preempted and the platform fails to
allocate a new IPv4 CIDR. In such a (rare) case we'd better notify OT
that there isn't an available CIDR. `otNat64SetIp4Cidr` doesn't
support an 0-length CIDR as the input so we'll have to introduce this
new API.
This commit fixes an issue in DNS recursive resolver that it didn't
bind its socket to the infra network interface. This may cause the DNS
message to be sent on an unexpected network interface, depending on
the routing table of the platform.
This commit also updates the test case `test_upstream_dns.py` to make
the upstream DNS server run on a different node. Previously the
upstream DNS server ran on the same node as the BR which is a
limitation of this test case.
This commit updates the `static_assert` checks for `enum` values within
all core modules to use the recently added compile-time static counter
and its related helper utility macros.
The implementation of `otTaskletsSignalPending` in
`examples/apps/<app>/main.c` is exactly the same as the weak
implementation in `tasklet_api.cpp`. No need to repeat it and blocking
other implementations of that function.
This commit fixes the bug in NCP Get
`SPINEL_PROP_THREAD_ACTIVE_DATASET_TLVS` and
`SPINEL_PROP_THREAD_PENDING_DATASET_TLVS`.
There are cases where dataset doesn't exist and
`otDatasetGetActiveTlvs` returns `OT_ERROR_NOT_FOUND`. This will cause
that the NCP doesn't send any responses to the host. This commit lets
the implementation ignore the NOT_FOUND error and will encode empty
data in this case.
This commit adds a compile time utility to check that enum values are in
order, which eliminates calculating the actual value of conditional enum
values in source code.
This commit adds `OnLinkPrefixManager::AddressMatchesLocalPrefix()`
method, which checks whether a given address matches the current
local on-link prefix only when the prefix is valid (being published,
advertised, or deprecated by the BR). This method is used in
`RxRaTracker::IsAddressOnLink()`, ensuring that the local prefix is
always explicitly checked. This makes the check more robust and
independent of whether `RxRaTracker` receives and tracks
self-generated RAs.
This commit adds some missing platform API implementation for
FakePlatform.
These are added so that FakePlatform can be used to write unit tests
in ot-br-posix.
The commit also guards the microSecondTimer code in `FakePlatform`
with the marcro `OPENTHREAD_CONFIG_PLATFORM_USEC_TIMER_ENABLE` because
`otPlatAlarmMicroFired` is only defined in OT timer.cpp when
`OPENTHREAD_CONFIG_PLATFORM_USEC_TIMER_ENABLE` is true.
This commit also removes some parameter names in the fake
implementation to avoid unused warnings.
This commit updates and fixes how the `mDataRequestState` variable,
which controls retransmissions of MLE Data Request messages, is
updated.
An MLE Data Request message can be sent for different purposes: either
to request updated Network Data or to retrieve a Link Metrics Report
from a neighbor/parent. The `mDataRequestState` retransmission
mechanism is used to handle retx of Data Requests for retrieving
Network Data. This commit ensures that the code that updates these
variables is moved to `SendDataRequestAfterDelay()` and
not in the common version, which can be used for both Network Data
and Link Metric Reports. This ensures these states are not
incorrectly updated when a Link Metrics Report is retrieved.
When the RCP capabilities check fails, a mechanism should be provided
to notify the user of the error instead of causing the program to
crash.
For example, the hardware reboot function provided in the Spinel
driver interface could be invoked. The specific hardware reboot
implementation is left to the user, such as performing an RCP update.
This commit adds a new helper method, `FinalizeAndRemoveMessage()`,
which finalizes all direct and indirect transmissions of a message
before removing it from the send queue. This helper is used by
`EvictMessage()` and `RemoveDataResponseMessages()`, simplifying
the code.
When `OPENTHREAD_CONFIG_WAKEUP_END_DEVICE_ENABLE` is enabled:
- APIs are available to configure and enable wake-up frames sniffing.
- `SubMac::HandleWedTimer` periodically schedules receive slots on
wake-up channel.
- Wake-up frames are processed.
- Upon reception of a wake-up frame, WUL is stopped.
This commit renames the `BitVector<>` class to `BitSet<>` and updates
its methods, introducing simpler methods such as `Add()`, `Remove()`,
and `IsEmpty()`. This aligns better with the intended use of this
class as a bit-set, e.g., as a `ChildMask` to track the set of
sleepy children to which a message is scheduled for indirect
transmission.
The `Message` class now provides the `GetIndirectTxChildMask()`
method, which returns a reference to the `ChildMask` bit-set.
This commit extends the 'dataset hex' command in the bbtc.py script by
allowing dataset TLVs to be set using a hex-encoded format.
Till now the 'dataset hex' command was only printing the
'ThreadDataset' object values in hex-encoded format, there was no
functionality to set the TLVs using hex-encoded format.
The 'dataset hex' command has been modified so the user can pass
dataset TLVs in hex-encoded format as an argument to this
command. This enables the script to set desired dataset TLVs in one
command, instead of calling dataset commands individually.
Example usage: 'dataset hex <hex-encoded TLVs>'
This commit simplifies the filter checks that drop TMF UDP messages
from untrusted origins. The `mTmfOriginFilterEnabled` flag is checked
first, and then the full UDP header is read from the message.
This commit adds the `GetNow()` method to the `Radio` class, which
maps to `otPlatRadioGetNow()`. This method is used within core
modules to avoid calling the `otPlat` API directly, aligning with the
practice for all other `otPlatRadio` APIs, which are called through
the defined `Radio` class methods.
This commit updates the helper method in `Mac::Frame` that determines
the security header's "key source" field size based on the "Key ID
Mode":
- It is renamed to `CalculateKeySourceSize()` to align with other
methods, such as `CalculateSecurityHeaderSize()` and
`CalculateMicSize()`.
- It now takes `uint8_t aSecurityControl` as input to harmonize with
other `Calculate` helpers.
This commit refactors the `InsertMplOption()` method for improved
efficiency and readability. Cascading `if`/`else` blocks have been
eliminated by handling the simpler `IsMulticastLargerThanRealmLocal()`
case first. Redundant checks for multicast destination and scope
have been removed, as these conditions are already covered by
`IsRealmLocalMulticast()` and `IsMulticastLargerThanRealmLocal()`.
This commit updates the `ReplaceWithIp4Query()` method, which
determines whether an unsuccessful IPv6 address query should be
followed up with an IPv4 query.
The logic is changed as follows:
- If the response code to the IPv6 query indicates success but the
answer section is empty (meaning the name exists but has no IPv6
address), or the response code indicates an error other than
`NameError`, the query is replaced with an IPv4 address resolution
query for the same name.
- If the server responds with `NameError` (RCode=3), indicating that
the name doesn't exist, an IPv4 query is not attempted.
This replaces the previous behavior where a follow-up query was
attempted for any error response code.
This commit updates `TxFrame::Info` to include `mCommandId`, used when
the frame type is `kTypeMacCmd`. This allows callers to specify the
Command ID when preparing a MAC Command `TxFrame`. With this change
`Frame::SetCommandId()` is no longer used or needed so it is
removed.
This commit adds a new field, `mMleCommand`, to `Message::Metadata` to
track the MLE command type of the message. Helper methods, such as
`IsMleCommand()`, are added to `Message` to get/set/check the MLE
command type.
This replaces the previous model where `Message::SubType` was used to
track a subset of MLE commands. It helps simplify the code and allow
us to track all MLE commands.
This commit introduces a platform API to get the InfraIf link-layer
address. And add the source link-layer address option to all ND6
messages generated from OpenThread.
Added 'clear' command to the 'dataset' command tree. This allows to
remove all entries in the 'ThreadDataset' object used by the script to
store the dataset values.
The reason behind this feature is that in the current implementation
of the script, the 'ThreadDataset' object entries are always
initialized by 'initial_dataset' when running the script.
No command allows to clear/remove the particular entry, which makes
this script unable to send an active dataset to the target device
without specific dataset values(custom dataset).
To make this possible, the 'clear' command has been added to the
'dataset' command tree, which removes all entries from the
'ThreadDataset' object and, by using existing commands, sets the
desired entries in the 'ThreadDataset' object from scratch.
This enables the script to send custom active dataset values to the
target device.
This commit introduces the `RouterRoleRestorer` class, nested within
`MleRouter`, to manage router/leader role restoration after an MLE
operation restart (e.g., a device reboot) by sending multicast Link
Requests. This class simplifies the code and centralizes role
restoration logic.
Specific changes:
- A new member variable `mLastSavedRole` is added to track the last
attached role (saved in non-volatile memory). This is used by
`RouterRoleRestorer` to determine the number of Link Request
attempts. This variable replaces the previous `mWasLeader`, which
was only updated after a reboot and would not account for role
changes afterward.
- The `AttachTimer` is now used for role restoration instead of the
retransmission timer, as role restoration always occurs while the
device is detached and before any attach attempts.
- The `kLinkRequestTimeout` is used for the last attempt before
considering restoration failure.
- The `mChallengeTimeout` mechanism is now removed (in earlier Thread
specification versions, multicast Link Requests could be used while
the device was attached, but this is no longer used or needed).
- `test-012-reset-recovery.py` is updated to validate the role
restoration behavior. `test_detach` is also updated and fixed.
In some cases, the platform may send the new prefix without
deprecating the existing prefix when renewing the prefix allocated by
PD.
The existing code will stop the timer, causing the prefix to be active
forever.
This commit fixes this issue.
This commit updates `TxFrame::Info` and `PrepareHeadersIn()` to
prepare header IE entries along with MAC and security headers. New
boolean fields in `TxFrame::Info` indicate whether CSL or Time IE
entries should be appended to the frame. This simplifies the code,
particularly `MeshForwarder::PrepareMacHeader()`, which now just sets
these flags on `TxFrame::Info`. It also allows for the removal of
`AppendHeaderIe<>()` and its related methods.
This commit also updates `GenerateWakeupFrame()` to use the new
model for appending `RendezvousTimeIe` and `ConnectionIe` fields.
This commit updates the graceful detach mechanism in `Mle`. A boolean
`mDetachingGracefully` is added to track when the device is
performing a "graceful detach". The `mAttachTimer` is reused for
scheduling the detach delay, as any attach operation can be stopped
during detach, and the timer can be reused. This simplifies the code
and removes the need to use a specific timer for the graceful detach
process.
This commit adds new helper methods in `IndirectSender` to find a
queued message for transmission to a given sleepy child that also
satisfies a certain condition (using a general-purpose predicate
`MessageChecker` function pointer).
These helpers are then used in `IndirectSender` and `MleRouter` to
simplify the code, particularly in `SendChildUpdateRequest()`, where
sending multiple "Child Update Request" messages to a sleepy child
being restored (after a parent restart/reboot) should be avoided.
This commit reorders member variables in the `Buffer::Metadata`
struct, grouping booleans and `uint` bitfields of the same size to
avoid alignment gaps.
This commit passes the TX power from host to coprocessor. This commit
also adds a new fake platform for coprocessor to cover the changes in
RadioSpinel and NCP.
This commit introduces a new test framework named Nexus. The
framework includes the Nexus platform implementation that emulates
platform behavior, allowing multiple nodes running the OpenThread
core stack to be simulated and interact with each other within the
same process.
Unlike the simulation platform, where nodes run in separate processes
and interact via POSIX sockets, Nexus nodes are simulated within a
single process. Nexus tests can interact directly with the C++ or C
OT core APIs, providing more control than the simulation platform's
CLI-based interactions. The flow of time in Nexus tests is directly
controlled by the test itself, allowing for quick time interval
advancement.
This model allows for faster and more scalable simulations, enabling
quick simulation of larger networks for longer durations.
This commit introduces the basic platform implementation, including:
- `nexus_alarm`, `nexus_radio`, and `nexus_settings` modules.
- Logging support, allowing logs to be distinguished per emulated
node.
This commit adds a fake platform for unit/component tests. This platform
uses virtual time so it should be able to run fast.
Note that the fake platforms leverage C++ virtual methods to allow mocking.
This commit verifies setting active dataset triggers the active dataset
change event by the notifier.
This commit updates `SendParentResponse()` to accept `aChild` as a
`Child &` instead of a `Child *`, as it will always expect a valid
child object and won't handle a `nullptr` input.
This commit updates the skip condition in `BecomeDetached()` to use
positive boolean checks for improved readability. This condition
applies when the device is already detached and is about to start an
attach attempt.
This commit updates `RoutingManager::IsValidOnLinkPrefix()`, which
checks whether a received PIO is a suitable on-link prefix. The
updated check requires the `L` (on-link) flag to be set, along with
either the `A` (autonomous address-configuration) flag or the `P`
(DHCPv6-PD preferred) flag. This aligns the implementation with the
latest SNAC router draft.
This commit reorders member variables in the `MleRouter` class,
grouping booleans and `uint`s of the same size to avoid alignment
gaps. It also reorders some of the private method declarations and
adds sections for constants, nested types, methods, and variables.
Added '-a', '--adapter' arguments to the bbtc.py arguments
parser. This allows the selection of the HCI adapter for the scanning
procedure.
According to 'Bleak' documentation of the 'BleakClient'
class(https://bleak.readthedocs.io/en/latest/api/client.html#bleakclient-class),
it's better to use the 'BLEDevice' object in 'BleakClient' during the
object instantiation, therefore it has been changed for the scanning
This commit adds the `DetermineFcfAddrType()` helper function, which
determines the Frame Control Field (FCF) address type for a given
address. The result is bit-shifted based on whether the address is
the source or destination and whether the frame uses the general
format or is a multipurpose frame. This helper simplifies methods
that prepare MAC headers.
Avoids any confusion with `OPENTHREAD_CONFIG_MLE_MAX_CHILDREN`:
* `OPENTHREAD_SPINEL_CONFIG_MAX_SRC_MATCH_ENTRIES` in
`openthread-spinel-config.h` defines size of the local source match
table used by RadioSpinel when
`OPENTHREAD_SPINEL_CONFIG_RCP_RESTORATION_MAX_COUNT` is used.
* For OpenThread, the default value of this config is
`OPENTHREAD_CONFIG_MLE_MAX_CHILDREN`.
* Other protocols (in case of MultiPAN with spinel) can define
whatever value they want for the size of the table using this
config.
Recent changes updated `Mac::Frame` to use `FrameBuilder` for
preparing frame headers. With the adoption of this model, the
previously defined `Set` methods for setting source/destination
address or PAN ID are no longer used or needed. This commit removes
them.
This commit updates `TxFrame::GenerateWakeupFrame()` to utilize the
`FrameBuilder` class for constructing frame header fields.
It also updates the `TestMacWakeupFrameGeneration()` unit test in
`test_mac_frame.cpp`:
- Uses source and destination address constants that are not reversible
to validate that extended addresses are appended in the correct byte
order.
- Includes minor style changes (renames constants and uses lowercase
hexadecimal digits for consistency).
Commit introduces implementation of missing general class commands:
- PresentPskdHash
- PresentPskcHash
- PresentInstallCodeHash
- RequestRandomNumChallenge
- RequestPskdHash
Also include minor fixes in Tcat python client and refactoring of expect
tests for tcat.
This commit explicitly enables the `OPENTHREAD_CONFIG_TLS_ENABLE`
macro in `core-toranj-config.h`. This configuration is used to
generate a custom `openthread-mbedtls-config.h` using the `unifdef`
command in `mbedtls/CMakeLists.txt`. Some versions of `unifdef` do
not expand macros first and expect the macro to be defined as a
simple number. This change ensures the build is successful.
This commit simplifies the preparation of MAC and security frames. It
introduces a `TxFrame::Info` structure that provides information
about the frame, such as its type, version, source and destination
addresses, PAN IDs, security level, and key ID mode. A new method
`PrepareHeadersIn()` is added, which uses the `Info` structure to
construct the MAC address and security headers in a given `TxFrame`.
This approach replaces the earlier `Mac::Frame::InitMacHeader()` where
all the information was passed as a list of input arguments. The
`TxFrame::Info` approach simplifies the code and allows for future
extension to accommodate other parameters (e.g., Header IE entries).
This commit adds the `Message::FooterData<>` template class, which
represents data (typically metadata) associated with a `Message` that
is appended to the end of the message. It can be read later from the
message, updated (re-written) in the message, or fully removed from
it.
The `FooterData` class provides common helper methods such as
`AppendTo()`, `ReadFrom()`, `UpdateIn()`, and `RemoveFrom()` in a
generic way. This helps simplify the various `Metadata` types defined
within the OT core modules, removing repeated definitions of similar
methods for each type.
This commit adds `CONFIG_BORDER_ROUTING_ENABLE` guard checks to
`nd6.hpp` and `nd6.cpp` source files, as the definitions in these
files are only used when the `BORDER_ROUTING` feature is enabled.
This commit updates how Keep Alive messages are handled by the Border
Agent. After establishing a secure session, a device has
`TIMEOUT_COMM_PET` (50 seconds) to take any action, including sending
a petition to become an Active Commissioner. This change ensures that
Keep Alive messages are ignored before a device becomes an Active
Commissioner, preventing candidates from extending their sessions.
Keep Alive messages are now processed only for Active Commissioners
(BA in `kStateAccepted` state), aligning the implementation with the
Thread specification.
This commit updates `test_dns_client` to validate independent address
resolution queries (in addition to the existing service resolution
tests). Specifically, it adds test cases for `ResolveIp4Address()`
and scenarios where the server responds with an error RCODE.
This commit fixes an issue in `Client::ReplaceWithIp4Query()` where an
IPv6 address resolution query failure could lead to an incorrect IPv4
query being sent. The incorrect query type was being checked in this
method, causing `ResolveIp4Address()` to keep sending queries.
This commit adds a new IDLE state to PdPrefixManager.
PdPrefixManager enters idle state when PD is enabled and there is
already a BR requesting PD prefix. When there are multiple BRs
publishing PD prefix at the same time, the one with lexcial smaller
prefix wins.
- Add Wake-up Channel TLV to the dataset.
- Add CLI support to handle the wake-up channel.
- Add MAC support for wake-up channel (to be used for sending
and receiving wake-up frames).
This commit introduces the `DelayedSender` nested class within `Mle`
to handle delayed MLE message transmissions, such as delayed
responses. Existing methods related to delayed message handling have
been refactored into this new class.
This commit improves how MTD children register their IPv6 addresses
with their parent. The `Slaac` class now tracks the Lowpan Context
ID (from Network Data) for each SLAAC address. If the Context ID
associated with an existing SLAAC address changes (due to Network
Data updates), the `Slaac` module notifies the `Mle` to schedule
a "Child Update Request" transmission (if the device is an MTD
child). This ensures that the MTD child re-registers its addresses,
resolving any previous registration failures caused by incorrect or
outdated context ID compression.
This commit also adds `test-035-context-id-change-addr-reg.py`
to validate the newly added behavior.
This commit adds the Thread Domain Name TLV (59) to the MLE Discovery
Response message. The TLV is only included if not equal to
'DefaultDomain', as per Thread 1.4 spec Section 8.4.4.1.1.2. Also,
the TLV is only included for Thread 1.4 or higher builds. This is
because for Thread < 1.4 the inclusion of this TLV was only specified
for CCM devices. Thread 1.4 changed this: the TLV is now included if
the domain name is not equal to the default name "DefaultDomain"
specified in Section 5.22.
The purpose of including the domain name is to allow discovery of
Thread Networks that belong to the same domain that the Joiner is part
of. This is used by any commissioning methods where the Thread device
can roam e.g. CCM/CCM-light or other (future) methods.
The commit extends `SPINEL_PROP_INFRA_IF_SETUP` to
`SPINEL_PROP_INFRA_IF_STATE` so that it can be used to either do infra
if setup (trigger border routing starting on NCP) or synchronize infra
if state to the NCP (ON/OFF state, IP addresses).
The current implementation on NCP will compare the `InfraIfIndex`. If
the index is different the value on NCP, it will be regarded as an
initialization or change of InfraIf. Thus the border routing module
will be re-initialized.
This commit enhances how ephemeral key timeout is used. If the timeout
expires while a commissioner or commissioner candidate is connected,
the session will be terminated. The Border Agent (BA) will then stop
using the ephemeral key and revert to using PSKc.
The ephemeral key timeout timer starts when the ephemeral key is set
on the BA. During this timeout interval, the ephemeral key can be
used only once by an external commissioner to establish a secure
connection.
1. Add OT_WAKEUP_COORDINATOR and OT_WAKEUP_END_DEVICE build
options.
2. Add support for parsing and constructing 802.15.4
Multipurpose frames.
3. Add support for parsing and constructing wake-up
frames.
This commit removes redundant namespace qualifiers from two instances
within core modules, preventing potential build warnings with certain
toolchains.
This commit adds the `extern "C"` specifier to all `OT_TOOL_WEAK`
`otPlat` definitions to ensure correct linkage when compiled with a
C++ compiler. It also explicitly includes `platform/time.h` in
`radio_platform.cpp`.
This commit removes unnecessary `#include` directives in core `cpp`
files that already include `instance.hpp`. The `instance.hpp` header
itself includes all necessary OT core headers and definitions as they
are contained within an `ot::Instance`.
When building and linking with link time optimizations and TCP is
not enabled (OPENTHREAD_CONFIG_TCP_ENABLE = 0) the following error
occurs:
tcp_subr.c:96: undefined reference to tcplp_sys_get_ticks'
To address the problem we are removing the __attribute__((used))
annotation on the initialize_tcb function which will prevent the
function from being retained when no one references it.
This commit renames `Mle::Handle{Command}()` methods where different
overloads are provided (e.g. in `Mle` and `MleRouter`) based on
device role or being an FTD. The method names now explicitly mention
the constraints (e.g. `HandleChildUpdateRequestOnChild()` or
`HandleAdvertisementOnFtd()`). This change aims to improve code
readability, making it easier to determine the purpose of each
method.
This commit updates and clarifies the behavior of `Message::ReadByte()`
and `Message::Read()` overloads regarding partial reads.
- `ReadByte()` will read the available bytes and return the actual
number of bytes read if fewer bytes are available in the message
than the requested read length. This behavior remains unchanged.
The documentation is updated to emphasize this behavior.
- `Read()` methods return `kErrorParse` if the requested length cannot
be read. This is the existing behavior which remains unchanged.
Previously, `Read()` methods would still perform a partial read and
populate the buffer/object with as many bytes that could be read,
even in case of failure and returning `kErrorParse`. This behavior
has been changed in this commit so the method will skip
reading/copying bytes if the full length cannot be read. This
aligns the documentation and behavior with how the `Read()` methods
are used and intended to be used within the OT stack.
This commit simplifies how Border Agent ID is saved in non-volatile
`Settings` by utilizing generic methods designed for single-value
setting entries. As a result, `Settings::BorderAgentId` now only
needs to define the key and the associated entry value type. This
eliminates the need for `otBorderAgentId` to be defined as packed,
thereby simplifying this structure.
This commit updates `Coap::Message::ParseHeader()` to perform two
crucial validations:
- It now checks if the message contains sufficient bytes to read the
minimum 4-byte CoAP header.
- Afterwards, determines the CoAP token length from the read header,
and then validates that the message has enough bytes to read the
token.
These validations prevent the parsing and misinterpretation of a
malformed or incomplete CoAP message as a valid one,
This commit replaces uses of the term "FED" in comments and method
names with "FTD child" where the logic applies to any FTD child
(i.e., both FED and REED). This clarifies the behavior and aligns the
code with Thread specification terminology.
This commit updates and simplifies the tracking of information
(message priority, drop status) for forwarded mesh-header fragmented
frames. This is used for consistent priority assignment to all
fragments of the same message and facilitates delay-aware queue
management, where dropping one fragment leads to dropping all
subsequent fragments of the same message.
The entry type is renamed to `FwdFrameInfo`, and an `Array` is used to
track the entries. Array helper methods such as `RemoveAllMatching()`
and `FindMatching()` help simplify the code. Since `Array` tracks the
current length, iterating over unused entries is avoided.
This commit simplifies logging methods (e.g., `LogIp6Message()`) in
the `MeshForwarder` class:
- Log lines are prepared in a `String`, allowing new fields to be
added conditionally. This simplifies the code and avoids complex
`printf`-style formats for handling optional fields.
- New helper methods are added to prepare common labels in a log line
(e.g., adding MAC address, adding security/error/priority fields).
- Logging IPv6 source/destination addresses is simplified by defining
a new helper to log an address/port.
This commit updates the `RouteingManager` to set the newly
allocated "SNAC Router Flag" (bit 6) in emitted RA messages from
Thread BR. The flag is also parsed and tracked in received RA
messages.
This replaces the previous model where an experimental flag bit
in "Flags Extension Option" indicated a "stub router". This commit
also removes the `STUB_ROUTER_FLAG_IN_EMITTED_RA_ENABLE` confg
(no longer optional/experimental) and renames `mStubRouterFlag` to
`mSnacRouterFlag`.
This commit moves the locator `GetProvider::Get<Type>()` and its
related `Timer` and `Tasklet` methods to `instance.hpp`. With this
change we can remove `locator_getters.hpp` header fully thus
simplifying the code.
The test software for certification currently uses the mDNS packets of
trel service responses to find out the trel port, and then use the port
number to determine which packets in a capture should be decoded as TREL
packets. However this may not be reliable since it depends on when the
capture starts. Added a cli to get trel port, so this can be used by
a THCI function.
This commit updates the default Thread version to 1.4, so that most
latest features will be enabled by default. This commit also explicitly
enable the epskc feature just like other features in the build script.
Currently the OPENTHREAD_CONFIG_STORE_FRAME_COUNTER_AHEAD
is hard-coded in the OT core, yet sometimes it is
desired to modify this value which requires
re-building of the OT libraries and forces
re-certification of the end product.
Implement `otThreadSetStoreFrameCounterAhead`
and `otThreadGetStoreFrameCounterAhead` to allow
API clients to configure the store frame counter
ahead parameter at run-time. This extension offloads
product makers from the need of re-certification
in case the store frame counter ahead must be tuned.
Signed-off-by: Marcin Kajor <marcin.kajor@nordicsemi.no>
This commit moves all `HeaderIe` related definitions from
`mac_frame.hpp/cpp` into newly added `mac_header_ie.hpp/cpp` source
files. This commit does not make any changes to the code.
This commit fixes the pcap callback for TX frames:
* Report the tx frame on each tx started callback, so that
retransmissions can be captured.
* Set the RSSI to be invalid for TX frames.
- Fixes to connection state management and handling of Disconnect
command TLV
- specifically, this now ensures that TCAT remains on (started)
after a commissioner disconnects. Earlier, there was the problem
that the 2nd commissioner couldn't connect anymore.
- specifically, in ble_secure.cpp the check for if
(mTcatAgent.IsEnabled()) is removed, since the err =
mTcatAgent.Connected(mTls) will already check this and raise an
error if not enabled. If not enabled, the Device is in a wrong
state to handle TCAT Commissioner commands so now it closes the
connection right away. That's better than to leave the
Commissioner in limbo on the TLS connection. The Commissioner can
now retry again and all will be well again.
- timeout of at most 10 seconds on UDP write operation in simulation
mode (if longer, the TCAT device isn't reachable and the
Commissioner now shows the error to the user.) Earlier, it got stuck
forever.
- Corrects some copy/paste errors in API definitions in comments; adds
comments where needed to explain.
- adds whitespace at some places to align format with rest of code
- improved some of the --debug output for the UDP simulation mode of
the TCAT Commissioner.
This commit adds 2 system APIs for resolver for integration on Android
platform.
- `otSysUpstreamDnsServerSetResolvConfEnabled` is for
enabling/disabling retrieving the DNS servers from `resolve.conf`.
- `otSysUpstreamDnsSetServerList` for specifying the DNS servers on
the infra link.
This implementation will be used on all platforms for NCP nodes
(simulation, any vendor platforms). However the simulation platform
already has a different implementation. To avoid conflicts, the commit
adds a control flag in simulation config so that we can choose whether
to enable the simulation implementation.
This commit introduces `platformResolver*` APIs so that `system.cpp`
can treat resolver as an independent module.
Reasons for this refactor:
- Simplify the integration on Android platform.
- The functionality of resolver is not related to the functionality of
netif.
This commit applies new pskc into secure transport when it's changed
via active/pending dataset, without impacting existing secure session
if any or ephemeralkey mode if it's activated
This commit makes the default otPlatRadioGetNow implementation fallback
to to otPlatTimeGet so that the default one is a correct implementation
in single chip architecture.
This commit updates the code to include the Supervision Interval TLV
in MLE messages sent from a child only when the child mode indicates
it is sleepy (`!IsRxOnWhenIdle()`). The Network Diagnostic Child TLV
is also updated to use zero for the "Supervision Interval" field
when the child is not sleepy. The `test-023-mesh-diag.py` is updated
to validate this new behavior.
The parent node still tracks the received supervision interval from a
child in the `Child` entry. This parameter indicates the interval
that would be used if the child were to be supervised.
This commit extends the `diag frame` command by adding an argument `-s`
to indicate whether the frame has been encrypted or not, so that the
diag commands can be used to test frames having security processed in
the host.
This commit adds code to include the Link Margin TLV in MLE Child
Update Request or Response messages sent by a parent to a child. This
allows the child to learn and update its "link quality out" to its
parent.
The change is designed to be backward compatible. Child devices
running older firmware will simply disregard this additional TLV.
When processing the message, the presence of the Link Margin TLV is
checked (it is optional).
This commit fixes an issue in `RadioSpinel` related to the tracking of
the MAC frame counter used during RCP restoration. Previously,
`RadioSpinel` tracked the last seen counter on any secured
received/transmitted frame. However, the frame counter should only be
tracked for frames that use Key ID Mode 1 and where the included Key
ID in the frame matches the current Key ID being used. The `SubMac`
module also tracks the current MAC frame counter, and it does perform
Key ID Mode and Key ID checks.
This commit adds a new public API `otLinkGetFrameCounter()` to get the
current frame counter. This is used by `RadioSpinel` to get the frame
counter instead of having `RadioSpinel` track the frame counter
itself.
This commit:
1. update the topology to make 3 BRs running on 2 AILs;
2. specify the test name as `test_multi_backbone_infra`, which is
focusing on verifying the multiple backbone framework works good
3. fix bug that previously pinging throught ethernet does not actually
work.
For 3, previous `br1.ping(br2_infra_link_local, interface=br1_infra_link_local)`
actually send ping command via ot-ctl instead of the docker bash. The
new `br1.ping(br2_onlink_ula, backbone=True)` actually send a docker
bash command to ping another node via ethernet. Here we choose to use
onlink ULA address (9100::) instead of the link local address because
only "ping [link-local-addr]%eth0" (by specifying the zone index) can
work for link-local address, but this is not currently supported by
`LinuxHost.ping_ether()` method.
This commit modifies thread-cert scripts utilizing `pktverify` to
adopt a more flexible approach to TLV type checking. Specifically, it
replaces strict equality (`==`) or strict subset (`<`) checks with a
subset or equal check (`<=`) when verifying the presence of TLVs in a
message. This adjustment ensures that test scripts adhere to the
principle of ignoring extra or unknown TLVs, thereby future-proofing
them against potential protocol updates that might introduce new
TLVs.
This commit replaces the use of `strcmp()` with `StringMatch()`, which
is an OT-specific internal function for comparing strings. This
ensures consistent use of internal helper functions.
* posix: check for nlmsg error tlv attributes
if we couldn't set NETLINK_EXT_ACK, there's no extra nlmsg attributes in
the error. avoid UB and walking uninitialized memory by checking the
flag for those attributes. for us, this avoids segfaults and in one
instance, an infinite loop while walking the non-existant attributes.
Signed-off-by: Nick Owens <nick.owens@eero.com>
* posix: zero initialize sigaction struct before use
this removes a valgrind warning about use of uninitialized memory in a
syscall when backtrace is enabled.
Signed-off-by: Nick Owens <nick.owens@eero.com>
* key_manager: zero initialize otSecurityPolicy
valgrind reports that otSecurityPolicy is used uninitialized, so just
make it zero.
clear all bytes when setting to default
Signed-off-by: Nick Owens <nick.owens@eero.com>
This commit updates `RoutingManager::RioAdvertiser` to advertise
deprecating prefixes with `NetworkData::kkRoutePreferenceLow`.
`test_routing_manager` is updated to validate this new behavior.
This commit updates the `NetworkData::Service::Manager` class to
provide helper methods for adding and removing different service
types (DNS/SRP anycast or unicast services, backbone router
service).
With this change, the definitions of `ServiceData` and `ServerData`
formats for different service types are now `private` to the
`Service::Manager` class. This centralizes the logic for constructing
and parsing the service/server TLVs, making it easier to update and
add new fields to these formats in the future.
This commit updates `Service::Manager::GetNextDnsSrpAnycastInfo()` to
iterate over Server sub-TLVs and include the RLOC16 of each entry in
the returned `Info` structure. The unit test `test_network_data` is
updated accordingly. This change simplifies the `Publisher` method
used for counting existing anycast entries in the Network Data.
This commit introduces a mechanism to check for reachability of
messages forwarded by the BR and send an ICMPv6 Destination
Unreachable error to the sender if needed.
Specifically, if the Border Router (BR) decides to forward an IPv6
message outside the AIL and the message's source address matches a
BR-generated ULA OMR prefix (with low preference), and the
destination is unreachable using this source address, then an ICMPv6
Destination Unreachable message is sent back to the sender.
For example, this situation can occur when a local,
non-infrastructure-derived ULA OMR prefix is published alongside a
`::/0` route (due to discovered PIO/RIO prefixes by the BR). A Thread
mesh device may try to reach addresses beyond the local AIL (e.g.,
the global internet) using the ULA OMR prefix, which would be
unreachable.
This feature is controlled by an OT config flag, enabled by default.
Alternatively, this functionality may be implemented within the
platform layer, in which case the configuration should be disabled.
This commit also adds a test case `test-504-br-icmp-unreach-err.py`
validating the newly added behavior.
The length of the configuration file path may exceed the default
defined max length 255.
This commit changes the name from `kFileNameMaxSize` to
`kFilePathMaxSize` and sets its value to the PATH_MAX.
This commit updates `Service::Manager::GetNextDnsSrpUnicastInfo()` to
accept a `DnsSrpUnicast::Type`, indicating the desired entry type
(either `kFromServiceData` or `kFromServerData`). This simplifies the
code, which previously iterated over all types and performed type
checks. Additionally, this change simplifies the `Publisher` methods
used for counting existing DNS/SRP unicast entries of different
types.
This commit aligns the documentation in `spinel.h` with the
implementation for `SPINEL_PROP_IPV6_ADDRESS_TABLE` regarding the
order of valid/preferred lifetime fields.
This commit adds functions to read peer BRs and routers on infra link by
wrapping the ot-ctl command `br peers` and `br routers`.
`test_multi_ail.py` is also updated to test the new added functions.
This commit targets to support getting infra link-local address of a
OtbrNode in docker test, which is usefully for future test cases.
The test_multi_ail.py is also updated to test the new method added.
This commit introduces a freshness timeout mechanism for address cache
entries which is used to decide when removing stale entries when the
associated RLOC16 is unreachable.
In `AddressResolver`, when resolving an EID from an existing cache
entry, if the target RLOC16 is unreachable, the entry is typically
considered stale and removed to allow a new address query to be sent.
This commit adds a mechanism to skip this removal step if the entry
has been recently updated, i.e., an `AddressNotify` has been received
for it and its `FreshnessTimeout` has not yet expired.
The `FreshnessTimeout` check prevents repeated address query
transmissions when mesh routes are not yet discovered (e.g., after
initial attach) or if there is a temporary link issue.
This commit updates `Dns::Client` to remember servers/resolvers that
are known to have trouble with multiple-question queries. This
information is learned from earlier interactions with the server.
When `ResolveService()` is requested, if the user explicitly
requests "optimize" service mode, the request is honored. Otherwise,
if "optimize" service mode is chosen from the default configuration
and the DNS server is known to have trouble with multiple-question
queries, "separate" service mode is used instead.
This commit also updates the `test_dns_client.cpp` unit test to
validate the newly added behavior.
This commit adds support for responding to "A record" queries in the
DNS-SD server and discovery proxy.
If the query matches a host registered with the SRP server, the host's
IPv6 addresses are returned in the Additional Data section of the
response. If the query is resolved by the proxy, the `otPlatDnssd`
APIs are used to start/stop IPv4 address resolvers for the hostname
on the infrastructure network.
The `test_dnssd_discovery_proxy` unit test is updated to validate the
new functionality.
Changed access of SendCommand to public to allow calling without
variable arguments. This is to address compilation error in
ot-br-posix repo NcpSpinel::ThreadErasePersistentInfo (while building
for OpenWrt v23.05.4 for a mips target)(error: 'args' may be used
uninitialized [-Werror=maybe-uninitialized])
This commit contains minor enhancements in the `Ip6` class:
- Removes unnecessary `static_cast<uint8>()` use
- Combines repeated `case` statements
- Use shorter variable/type names.
- Style fixes.
This commit moves the definition of `OT_THREAD_VERSION_*` constants
from the config header to the `openthread/thread.h` OT public header
file (where `otThreadGetVersion()` is declared). This allows other
projects integrating the OT stack to also see and use these
constants.
### Background
https://github.com/openthread/openthread/pull/10550 introduced a new
way to support multiple backbone nework in otbr docker test. Though it
works good while running a single test, a bug exists when running
cert-suite, which runs a batch of tests in parallel.
cert-suite allocates the name of the backbone interfaces dynamically
by setting env PORT_OFFSET for each test, so there is potentially
conflict exists if we hard code the `backbone_network` name in
TOPOLOGY. This PR is targeting to fix this potential naming conflict.
### Fix
We fix it by assigning a number for `backbone_network_id` in each BR
definition in TOPOLOGY, instead of setting a fixed `backbone network`
name. The final backbone network name is decided by both `PORT_OFFSET`
env and the number of `backbone_network` (in
`backbone{PORT_OFFSET}.{backbone_network}` format)
For example, if `PORT_OFFSET` is 0 and `backbone_network_id` is 1,
then backbone network name will be `backbone0.1`. For the tests that
only use one backbone network and the `backbone_network_id` is not
given, the backbone network name is by default
`backbone{PORT_OFFSET}.0`.
### New test case format
```
class NewTestCase(thread_cert.TestCase):
...
BR = 1
...
TOPOLOGY = {
BR: {
...
'is_otbr': True,
'backbone_network_id': <backbone-id>,
...
}
...
}
...
```
`<backbone-id>` is any integer from 0, for each BR inside a single
test, if `<backbone-id>` is different, the BR use different backbone
interfaces; the same `<backbone-id>` inside a single test case means
the same backbone network interface.
`'backbone_network_id': <backbone-id>` is optional for single backbone
test cases, when it's not given while defining a otbr node, the
backbone is default as `backbone{PORT_OFFSET}.0`.
For developers, if you are defining a new test which has multiple
backbone interfaces, please ensure `backbone_network_id` is explicitly
defined in each BR, otherwize an error is reported.
This commit updates the descrition of the function
`otPlatRadioSetChannelTargetPower()` to make the function descrition
more accurate, and updates the implementation of the function based on
the latest description.
In previous otbr docker tests, when creating docker containers, all the
containers(otbr nodes) are connected to the same docker network bridge `backbone0`
(when the env PORT_OFFSET is not set or set to 0), this means all the
otbr nodes are connected to the same infrastructures.
This commit adds support to enable user to config otbr instance
infrastructures seperately in `TOPOLOGY` when defining test cases, this
provides flexibility to run multi-ail related test cases.
The format to define backbone interface per node is:
```
class NewTestCase(thread_cert.TestCase):
...
BR = 1
...
TOPOLOGY = {
BR: {
...
'is_otbr': True,
'backbone': <backbone-name>,
...
}
...
}
...
```
`'backbone': <backbone-name>` is optional, when it's not given when
defining a otbr node, the backbone is default as
`BACKBONE_DOCKER_NETWORK_NAME`. The `<backbone-name>` is suggested to be
defined as `backbone[0-9]` to make it more easy to read and understand.
This commit also adds test_multi_ail.py as an example test case to use
this new method, this test case checks the two otbr nodes are connected
to the different infra and are in the same Thread mesh network.
In some cases that `_do_packet_verification` is False (e.g. verify() is
not defined), the docker network is not correctly removed.
docker network interface should always be removed at the end of the test
if it was created at the begin of the test
This commit adds a new spinel property
`SPINEL_PROP_THREAD_MGMT_SET_PENDING_DATASET_TLVS` to do network
migration operation on NCP.
The existing property `SPINEL_PROP_THREAD_MGMT_SET_PENDING_DATASET`
cannot be used for two reasons:
1. It uses a structured format instead of raw TLVs format.
2. The set handler of `SPINEL_PROP_THREAD_MGMT_SET_PENDING_DATASET`
doesn't call `otDatasetSendMgmtPendingSet` with a callback. On NCP,
we want to know the result of the MGMT_SET operation. (accepted,
rejected or timeout)
This new property works similarly as
`SPINEL_PROP_NET_LEAVE_GRACEFULLY` added in
https://github.com/openthread/openthread/pull/10337
1. Host sets the property to NCP.
2. NCP will give an immediate response on the result of
`otDatasetSendMgmtPendingSet`.
- If succeeded, NCP will respond an empty property
`SPINEL_PROP_THREAD_MGMT_SET_PENDING_DATASET_TLVS`
- If failed, NCP will respond a LAST_STATUS of the error info.
3. When the callback of `otDatasetSendMgmtPendingSet` is called, NCP
will send a notification of
`SPINEL_PROP_THREAD_MGMT_SET_PENDING_DATASET_TLVS` to the host to
notify the result of the operation.
This commit introduces the `KeyInfo` type, which is a `typedef` to
either `KeyPair` or `KeyPairAsRef` depending on whether the feature
`KEY_REFERENCES_ENABLE` is enabled.
This simplifies the code, removes repeated code, and eliminates extra
`#if` checks when `KeyInfo` is used.
This commit supresses the docker output unless verbose mode is enabled,
which helps preventing unnecessary output from cluttering the console.
docker output is enabled when:
* env VERBOSE is set to a non-zero value
docker output is suppressed (redirecting to /dev/null) when:
* VERBOSE is not explicitly set in env, or
* env VERBOSE is set to 0
This commit updates and renames the `Info` class to `MsgInfo`, which
now includes `mMessage` as an `OwnedPtr` to the message to be prepared.
This simplifies the code by encapsulating the `Message` and all its
associated data needed to prepare an SRP update message into one data
structure. This structure can be passed as a single input to
different methods preparing various SRP update components, instead of
as two separate inputs. The OwnedPtr ensures automatic freeing of the
message upon any error.
This commit moves the macro guard
`OPENTHREAD_POSIX_CONFIG_INFRA_IF_ENABLE` in the code so that it can
allow custom implementation of `otPlatInfraIfDiscoverNat64Prefix` when
`OPENTHREAD_POSIX_CONFIG_INFRA_IF_ENABLE` is disabled.
The use case is on Android platform. We'll not let `ot-daemon`
proactively discover the prefixes by DNS. Instead, System Server will
do the discovery of NAT64 prefix on AIL and it will notify `ot-daemon`
when the AIL NAT64 prefix is discovered/removed.
The radio_spinel periodically send Spinel command
SPINEL_PROP_RCP_TIMESTAMP to RCP to synchronize time between host
and RCP. Even if Thread stack is not running, it will periodically
wake up the Thread host.
This commit stops the time sync when the Thread stack is not running
to save host power.
This commit adds two new spinel properties:
`SPINEL_PROP_THREAD_ACTIVE_DATASET_TLVS` and
`SPINEL_PROP_THREAD_PENDING_DATASET_TLVS`, as well as the get/set
property handler on NCP side.
Currently we can only transport dataset through spinel with fixed
format. Using Tlvs allows us to append TLVs are not defined in the
current Thread Specification.
The cli command `linkmetrics` only provides an asynchronous output
method. It is difficult for scripts to call the `ot-ctl` to capture
the results of asynchronous output.
This commit replaces the command `linkmetrics mgmt` and `linkmetrics
query` with commands `linkmetrics config` and `linkmetrics
request`. Both the commands `linkmetrics config` and `linkmetrics
request` are set to the `sync` mode by default, and an option `async`
is added to these commands to support `async` mode.
This commit applies following enhancements to the
`Translator::UpdateState`:
- Remove the `aAlwaysNotify` parameter to simplify its logic.
- Fix an issue that `mState` may not be updated when setting a CIDR.
This commit updates `PassToHost()`, removing the `aApplyFilter` input
and using `aReceive` to determine whether or not to apply the RX
filter. The filter serves multiple purposes:
- Ensure Thread control UDP traffic (e.g., MLE, TMF, etc.) is filtered
out when delivering IPv6 datagrams to the host.
- Apply ICMPv6 echo requests filtering, based on the configured mode
(whether the OT stack should respond to pings for specific address
types or they should be passed to the next layer).
- Filter TCP traffic when the native OT TCP stack is used.
In all cases, the filter should be applied only if the IPv6 message is
supposed to be received by the device itself (i.e., the destination
matches the device's address), which is indicated by the `aReceive`
input.
The `aApplyFilter` input was previously set to `!forwardHost`,
indirectly assuming that `forwardHost` and `receive` would be
exclusive. While this remains true for unicast destinations, recent
changes updated the code so that all multicast traffic is forwarded
to the host regardless of whether it is also marked for `receive`.
This caused multicast MLE/TMF traffic to be passed to the host even
though it should be filtered. This issue is now addressed by this
change.
This commit also ensures that RX filter rules are consistently applied
to fragmented IPv6 messages. Previously, the filter would not apply
when fragmented IPv6 messages were passed to the host, but with this
change, the filter is applied when the message should be received by
the device.
This commit removes the checks previously performed on messages with
the origin `HostTrusted` that are to be forwarded to the Thread mesh.
This origin is used for messages generated by the OpenThread stack
itself. These checks were unnecessarily restricting such messages
from using Thread Control UDP port numbers (like TMF, MLE, etc.).
The additional check `!IsLoopbackToHostAllowed()` (which is set to
`true` by default on such messages) bypassed the entire block,
preventing any functional impact.
Recent related changes (in #9437) added similar guard checks for
messages with `HostUntrusted` origins.
This commit updates `PassToHost()` to directly use the `Ip6::Header`
and its `GetSource()` and `GetDestination()` methods when applying
filter rules. This replaces the previous model where a `MessageInfo`
was constructed from the received IPv6 header and passed to
`PassToHost()`. The previous model indirectly assumed that the
message was received, with the `MessageInfo` sock/peer addresses
mapped accordingly. However, `HandleDatagram()` can also process
messages originating from the device itself, where the notion of peer
and sock addresses would be reversed. Using `Ip6::Header` directly
makes the rules clearer and simplifies the logic of `PassToHost()`.
Additionally, this change simplifies the code by moving the
construction of `MessageInfo` to the `Receive()` method, where the
message is received.
This commit updates the `BorderAgent` to directly respond to
`MGMT_ACTIVE_GET` and `MGMT_PENDING_GET` requests from a non-active
commissioner. Requests from an active commissioner are still
forwarded to the leader. This aligns the implementation with Thread
1.4 requirements (ephemeral PSKc use case).
To achieve this, the following changes are made:
- New `State` values are added to distinguish between when a
commissioner candidate is connected and when its petition to become
the active commissioner is accepted. This determines whether the
`MGMT_GET` request should be handled directly or forwarded to the
leader.
- This state is tracked locally by `BorderAgent` instead of monitoring
Network Data to determine whether an active commissioner exists.
This ensures correct behavior even when Network Data updates are
delayed.
- The `DatasetManager` is updated to provide `ProcessGetRequest()`
to process an `MGMT_GET` request and prepare the response. This is
then used by `DatasetManager` itself and `BorderAgent`.
This commit adds default paths for expect scripts to make it easier for
running expect scripts. With this change, we can run expect tests as
follows:
```bash
./script/cmake-build simulation
./script/cmake-build posix
./tests/scripts/expect/cli-ping.exp
OT_NODE_TYPE=rcp ./tests/scripts/expect/cli-ping.exp
```
This commit also updates an existing test to cover the change.
The original code uses the absolute time when staring the CSL TX delay
in `SubMac`. The timer is a `MicroTimer` and the absolute time comes
from the `mTxDelayBaseTime`. The `mTxDelayBaseTime` comes from the
radio time `otPlatRadioGetNow ()`, the time of `MicroTimer` should
come from `otPlatAlarmMicroGetNow()`. If the `MicroTimer` and the
radio are using different timer sources, it will cause the unexpected
issue.
This commit use the relative time when starting CSL TX delay to fix
this issue.
Implement `otPlatRadioGetBusLatency` API, add optional
`bus-latency` argument to ot-daemon
and `diag radiospinel buslatency`diagnostic commands.
Add callback to notify that the bus latency has been updated
and update frame request ahead from runtime, by
recalculating the `mCslFrameRequestAheadUs` value.
Changes allow setting a bus latency while starting a new session
between host and RCP device. This way, one host can be connected
to different devices and vice versa, ensuring that the latency
will be added to `mCslFrameRequestAheadUs` calculations and CSL
tx requests will not be sent too late.
Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
The `SubMac` uses `MilliTimer` or `MicroTimer` based on the
configuration. When the `SubMac` uses the timer, it has to
distinguish the type of the timer. This commit optimizes the code to
provide unified time related functions to `SubMac` to use time. This
commit doesn't change the code logic.
This commit updates the `otThreadBecomeLeader()` API (and its related
core `MleRouter::BecomeLeader()` method) to allow an already attached
device to take over as leader, creating a new partition. For this to
work, the local leader weight (`otThreadGetLocalLeaderWeight()`) must
be greater than the weight of the current leader (which can be
retrieved using `otThreadGetLeaderWeight()`). If it is not, error code
`OT_ERROR_NOT_CAPABLE` is returned to indicate to the caller that they
need to adjust the local weight.
This commit also updates the related CLI command and adds a new test,
`test-032-leader-take-over.py`, to validate the newly added
mechanism.
This commit updates SRP client's `AutoHostAddress` behavior to
defer SRP updates on SLAAC address deprecation events.
Under `AutoHostAddressMode`, all preferred addresses on Thread Netif,
excluding link-local and mesh-local addresses, are registered. If no
eligible address is available, then the ML-EID will be registered.
This commit adds a new mechanism where if a previously registered
address starts being deprecated (e.g., due to an OMR prefix removal
from Network Data), the SRP update is deferred. The client will
re-register after the deprecation time has elapsed and the address is
removed. In the meantime, if any other event triggers the client to
send an SRP update, the updated address list will be included in that
update.
This commit also updates `test_srp_auto_host_address` to validate the
newly added behavior.
This commit makes `CalcRcpTimeOffset` of `RadioSpinel` into a public
method and call it from system `Process` method instead of making it
default behavior of `RadioSpinel`. This is also to avoid `RadioSpinel`
has a fixed behavior which is decided by
`OPENTHREAD_CONFIG_THREAD_VERSION`.
This commit updates `NetworkData::Leader` to enhance route lookup for
ALOC destinations. It contains the following changes:
- Adds `LookupRouteForServiceAloc()` to look up the route for a
service ALOC. This method uses the common `CompareRouteEntries()`,
which applies the same rules as in external route lookup.
- Adds `LookupRouteForAgentAloc()` to look up the route for DHCPv6 or
ND agent ALOC.
- Adds `FindPrefixTlvForContextId()` to find a Prefix TLV matching a
given Context ID (used in `GetContext()` and
`LookupRouteForAgentAloc()`)
- Adds `LookupRouteIn()` to perform route lookup among all entries of
a given `PrefixTlv` that match a given `EntryChecker` function
(used for `DefaultRouteLookup()` or `LookupRouteForAgentAloc()`)
- Adds `test-031-service-aloc-route-lookup.py`.
This commit updates `RemoveMessagesForChild()` to use a predicate
function to determine which messages should be removed. This replaces
the `Message::SubType` filtering and allows messages matching
multiple sub-types to be removed together.
This commit replaces direct calls to `DequeueAndFree()` with
`RemoveMessageIfNoPendingTx()` in `EvictMessage()`, `HandleResolved()`,
and `RemoveDataResponseMessages()`. This promotes consistency in
message removal logic and eliminates the need to check if the removed
message is `mSendMessage`, as this is already handled by
`RemoveMessageIfNoPendingTx()`.
On platform settings deinit, the file descriptor is closed but the
variable is not reset, which can lead to calling close on a stale fd
leading to bad file descriptor error in case the API is invoked
multiple times.
This commit adds a method to get spinel interface Id in
`SpinelDriver`.
This is to enable the user class of `SpinelDriver` can compose the
spinel header itself.
This commit adds a new mechanism in `RoutingManager` to discover and
track peer BRs found in Network Data. The `NetDataPeerBrTracker`
class implements this functionality, tracking a list of peer BR
RLOC16s and their age (time since appearance in the Network Data).
This commit also implements public OT APIs to iterate over the peer BR
list or get the total count, along with corresponding CLI commands
(`br peers`), and a test case validating the behavior.
This commit moves `RadioSpinel::SpinelStatusToOtError` to a seperate
header `spinel_header.hpp` so that this method can be used
externally. (For example, in `ot-br-posix`.
This commit requires `MAC_CSL_RECEIVER_ENABLE` to be enabled when
`CHANNEL_MANAGER_CSL_CHANNEL_SELECT_ENABLE` is also enabled. This is
checked and enforced in the `channel_manager.hpp`, emitting an
`#error` if it fails. This simplifies the `#if` checks related to
this in the `ChannelManager` class and CLI module.
New feature:
Added CoAP URI query processing functionality to CLI.
Solution:
URI string is checked for a '?' character. If found, the URI query
related part is moved to another string. Afterwards, the modified
`coapUri` string will contain only the path-related parts, and a
second string (`coapUriQuery`) will hold only the URI query related
parts. Then `coapUri` is passed to the original
`otCoapMessageAppendUriPathOptions()` method and `coapUriQuery` is
passed to a new method called `otCoapMessageAppendUriQueryOptions()`,
which - similarly to the other - splits the URI query part into more,
smaller pieces by the delimiter '&' and adds them as separate options
to the CoAP message making the request generated by this CLI function
RFC compliant. If '?' is not found, everything is processed the old
way.
This commit moves the definition of the 'RequiredRadioCaps' from
`RadioSpinel` to posix `Radio` class. Because this definition depends
on `OPENTHREAD_CONFIG_THREAD_VERSION`. And we want to remove lib's
dependency on OT core. And lib as a tool should be able to decide what
caps to check at runtime.
This commit updates the public API `otBorderRoutingGetNextRouterEntry`
and `otBorderRoutingRouterEntry` structure to indicate whether a
discovered router on an infrastructure link is likely a peer Thread
Border Router (BR) connected to the same Thread mesh. The related CLI
commands are also updated.
Additionally, this commit adds new tests to validate the discovery and
tracking of peer BRs.
This commit updates `DatasetManager::ApplyConfiguration()` to apply
the rest of the parameters in the Dataset even if setting the channel
fails. The channel error is now logged as `LogCrit()`.
Many USB radio devices (particularly those based on TI CC2652) have
reset and bootloader activation directly connected to DTR/RTS lines.
These devices will fail to start, in the default state where both
DTR/RTS are asserted on connection.
This patch ensures flow control is disabled and both DTR and RTS are
deasserted on startup while configuring the terminal.
This commit refactors the code and methods responsible for looking up
anycast destination, moving them from the `MeshForwarder` class to
the more appropriate `NetworkData::Leader` class. This better aligns
the responsibilities of each module (e.g. `RouteLookup()` is provided
by `NetworkData::Leader). This is a pure refactor with no changes or
enhancements to the existing implementation.
This commit harmonizes header file include style in CLI source files.
Most `#include` statements do not have any `#if` guard checks before
them, but some do. This commit removes the extra `#if` guard checks.
For CLI sub-modules, the `cli_<module>.hpp` header itself will have
the proper `#if` guard checks.
This commit adds a new mechanism in `RoutingManager` to track the
duration since a router is first discovered. This information is now
provided in `otBorderRoutingRouterEntry`, and the CLI `br routers`
command is updated to include this information for each router.
To enable tracking of longer durations, `Uptime` is used, which tracks
milliseconds since the start of `ot::Instance` as a `uint64_t` value.
`TimerMilli::GetNow()` is not suitable for this purpose because it
utilizes `uint32_t` intervals, which would limit the maximum
trackable time to roughly 49 days due to potential overflow.
This commit updates `test_srp_server` to wait longer after the start
of the SRP client before performing the test steps. This makes the
test more robust against random jitter which may be applied by the
client when registering.
This commit adds the `ParseTlvs()` helper method in the `Cli::Dataset`
class, which parses TLVs (as hex strings) from an input argument.
This is used in multiple methods to simplify the code.
The `Process<Cmd("set")>()` method is updated to avoid extra
conversion and use of core-internal types.
This commit adds an `Ip6::Header` field to `RxInfo`, along with the
`ParseIp6Headers()` method to decompress and parse the IPv6 headers
from the received frame. `RxInfo` now tracks whether the headers have
been parsed before.
The IPv6 headers may be parsed from different code paths as the
received frame is processed. For example, `UpdateRoutes()`,
`GetFramePriority()`, and `CheckReachability()` may parse the IPv6
headers. By having `RxInfo` cache the parsed IPv6 headers,
duplicate parsing is avoided.
This commit updates `Srp::Client` to apply a short random jitter
(15 seconds) when calculating the lease renew time. The lease is
renewed close to its expiration, using a guard interval of 120
seconds (renewing 120 seconds before expiration). The jitter is added
to distribute client refreshes, in case many clients registered their
services around the same time.
This commit moves csl receiver related functions to
sub_mac_csl_receiver.cpp to simply the sub_mac.cpp to improve the code
readability.
This commit is a pure refactoring and doesn't contain any logic or
code changes.
This commit makes two changes in `test_advertising_proxy`:
- In the test step where the server is restarted, a longer wait time
is used to account for the longer jitter interval used by SRP
client in such a case.
- Due to the use of short lease time (10 seconds) in this test, the
client will refresh the registered services quickly. Therefore, in
`check_host_and_service()`, any of `Registered`, `ToRefresh`, or
`Refreshing` states are accepted as indicating successful
registration.
This commit updates `PrepareNextDirectTransmission()` to use
`RemoveMessageIfNoPendingTx()` if a message cannot be prepared for
direct transmission. This ensures the message is not dequeued and
freed if it is also queued for indirect transmission.
This commit removes `spinel-config.h` and moves the configs to
`openthread-spinel-config.h` so that the definitions can also be
overridden by definitions in customized lib config file.
This commit adds a new feature to the `RoutingManager` to enable
tracking information about peer Thread Border Routers that are
connected to the same Thread network.
When enabled, the `RoutingManager` will maintain a record of
advertised RIO/PIO prefixes discovered from received Router
Advertisement (RA) messages of peer BRs. When disabled (the existing
behavior), such entries are not tracked.
When tracked, these entries are marked to be disregarded and are not
considered in any decision-making processes, such as selecting
favored on-link prefixes or determining routes to publish in the
Thread Network Data. They are primarily intended for debugging and
telemetry (information gathering) purposes.
This commit updates `Ip6` and `Lowpan` to use `OffsetRange` when
iterating and parsing options in an HBH extension header. It also
simplifies the `RemoveMplOption()` method by adding an `Action` enum,
which determines how to remove the MPL option: whether to shrink the
HBH header, fully remove the HBH header (if it contains no other
options), or replace MPL option with padding.
This commit adds `RxInfo::ToString()`, which generates a common log
string about an `RxInfo` using the "len:%d, src:%s, dst:%s, sec:%s"
format, providing frame length, source and destination addresses, and
whether link security is used. This is then used in different logging
methods, simplifying the code.
This commit updates `Tlv` helper methods to use `OffsetRange` in their
implementation. It also makes the `Tlv::ParsedInfo` type public. This
struct represents information about a parsed TLV in a message,
including the TLV type, the `OffsetRange` for the full TLV, and the
`OffsetRange` where the TLV's value resides in the message. This
replaces and enhances the `ParseAndSkipTlv()` method.
The `ParsedInfo` provides two methods:
- `ParseFrom()`: Parses a TLV at a given offset or offset range.
- `FindIn()`: Searches for a given TLV type in a message.
These methods handle both extended and regular TLV formats, validating
that the parsed TLV is well-formed and fully contained within the
message and the given `OffsetRange`.
Modules that iterate over a sequence of TLVs in a message are updated
to use `ParsedInfo` and its methods, simplifying the code.
This commit improves the `Srp::Client` mechanism for applying random
jitter delays before sending update messages to the server. It now
supports different jitter ranges based on specific triggers. Since
trigger events are often network-wide, potentially causing
simultaneous SRP re-registration from many nodes, longer jitter
intervals are used to distribute the resulting SRP update
transmissions and avoid congestion.
The following triggers are covered:
- Server switch: Client switching to a new server while already
connected to a discovered server. This occurs when a new server
entry appears in Network Data which is preferred over the current
selection.
- Server restart: Client was previously connected to a server that
disappeared from Network Data. Later, the same or a new server is
discovered in Network Data.
- SLAAC address add or remove: This is generally triggered by updates
to SLAAC prefixes in Network Data (e.g., OMR prefix changes).
- First registration after attach:
- If the device is attaching to an established Thread mesh
(e.g., after a reboot or initial pairing), the Network Data it
receives should already include a server entry, leading to a
quick server selection after attach. If server selection occurs
within a short window, a shorter TX jitter is used, allowing the
device to register quickly and become discoverable.
- If server discovery takes longer, a longer TX jitter is used. This
situation can indicate a server/BR starting up or a network-wide
restart of many nodes (e.g., due to a power outage).
This commit introduces `TxJitter` class to manage the requested TX
jitter based on a trigger reason. It tracks the time of the event
that triggered a longer jitter request. If the update message is sent
immediately after the trigger event, the requested maximum jitter is
applied. However, if the update message is sent later, the maximum
jitter is adjusted proportionally to the time elapsed since the
trigger event. If the elapsed time exceeds the requested maximum
jitter interval, the default short jitter is applied to avoid
unnecessary registration delay.
This commit updates `GetForwardFramePriority()` to save the original
`aRxInfo.mFrameData` before parsing the fragment header. The header
parsing may modify `mFrameData` to skip over the parsed portion. The
original `FrameData` is restored before returning, ensuring that
forwarded frames include the fragment header and eliminating the need
to create a copy of `aRxInfo`.
This commit introduces the `OffsetRange` class, which represents a
range of offsets within a `Message` or data buffer (i.e., a starting
offset and a length indicating the number of bytes in the range).
The class provides methods for common operations:
- Getting the start or end offset, or the remaining length.
- Checking if the range is empty or contains a certain number of
bytes.
- Advancing the start offset by a given amount, ensuring it never goes
beyond the end offset.
- Shrinking the range's length.
The new `OffsetRange` class simplifies methods that previously used
separate `aOffset` and `aLength` input parameters, improving code
readability and maintainability. It also facilitates reading and
processing content within a specified range.
For example, `Tlv::FindTlvValueOffsetRange()` now directly returns an
`OffsetRange` indicating the location of the TLV value. The `Message`
class is also updated with new `Read()` and `Append()` method variants
that accept `OffsetRange` arguments. These methods ensure that read
content is contained within the specified `OffsetRange`.
This commit introduces a new private struct `RxInfo` in the
`MeshForwarder` class, encapsulating information related to a
received frame during processing. The `RxInfo` struct contains
`FrameData` to track the received frame data bytes, `ThreadLinkInfo`,
and `Mac::Addresses`. This simplifies the code by allowing the
`RxInfo` to be passed to different methods instead of passing the
same information as separate parameters.
This commit adds the `OnLinkPrefix::IsFavoredOver()` method to
determine if an on-link prefix is eligible to be considered as a
favored prefix, and if so, is favored over another prefix. A
numerically smaller prefix is considered favored.
Additionally, a new test case is added to `test_routing_manager` to
validate the selection of favored on-link prefixes, including the
the requirement of a minimum preferred lifetime of 1800 seconds
for a prefix to be considered eligible.
This commit introduces new helper methods in the `Mle` class:
- `HasRloc16()`: Checks if the device is using a given RLOC16.
- `MatchesRouterId()`: Checks if this device's RLOC16 matches a given
Router ID.
- `HasMatchingRouterIdWith()`: Checks if this device's RLOC16 shares
the same Router ID with a given RLOC16. This implies that the two
devices are either directly related as parent and child or are
children of the same parent within the Thread network.
- `ParentRloc16ForRloc16()` derives the router RLOC16 corresponding to
the parent of a given (child) RLOC16.
These methods act as syntactic sugar, simplifying code and enhancing
readability.
This commit adds the `Tlv::ParseAndSkipTlv()` static method, which
parses a TLV (regular or extended) in a message at a given offset. It
validates that the TLV is fully contained within the message and
updates the offset to skip over the entire parsed TLV.
This helper method is used in various modules where manual iteration
over a sequence of TLVs is performed, specifically to skip over
extended TLVs. The following methods are updated to utilize this new
method and perform additional TLV checks:
- `DiscoverScanner::HandleDiscoveryResponse()`
- `MleRouter::HandleDiscoveryRequest()`
- `LinkMetrics::SubJect::AppendReport()`
- `LinkMetrics::Subject::HandleManagementRequest()`
- `LinkMetrics::Initiator::HandleReport()`
This commit updates `Dns::Client` so that when resolving a service
using `kServiceModeSrvTxtOptimize`, it switches to single-question
query mode and sends separate parallel SRV and TXT queries upon the
first response timeout. This is in addition to the existing behavior
of switching to separate queries upon receiving a response with an
error rcode from the server.
The `test_dns_client` unit test is also updated to validate this
scenario. New `TestMode` configurations are added to server to
control its behavior, allowing it to either reject multi-question
queries (by sending a "FormatError" rcode) or ignore them (sending
no response).
The SPI interface may receive the garbage bytes 0xff or 0x00 at the
start of the received SPI frame. This commit skips the 0x00 bytes
at the start of the received SPI frame.
This commit introduces several changes to the `Child` class for
managing registered IPv6 addresses by MTD children:
- A new method, `Child::GetIp6Addresses()`, is added, returning the
`Array` of registered IPv6 address entries. This array includes all
tracked child IPv6 addresses except for the mesh-local EID, which
can be retrieved using `Child::GetMeshLocalIp6Address()`.
- The simplified model enables easy iteration over the address array
using `Array` range-based `for` loops. With this change, the
complex `AddressIterator` and `AddressIteratorBuilder` nested
classes are removed, streamlining the code.
- MLR state tracking for child IPv6 address entries is simplified with
the introduction of a new class, `Child::Ip6AddrEntry`,
representing a registered IPv6 address entry. This class provides
`GetMlrState()` and `SetMlrState()`, enforcing that the MLR state
can only be set on a child IPv6 address entry.
This commit enhances `RoutingManager::RxRaTracker`:
- A new private `Evaluate()` method centralizes logic for handling
changes in tracked routers and advertised prefixes. It removes
expired entries, determines decision factors used by other
`RoutingManager` components, and schedules timers.
- A new class `DecisionFactors` is added to track factors used by
`RoutingManager`, including the favored on-link prefix, presence of
ULA/non-ULA prefixes, and M/O flags for mirroring in emitted RA
messages.
- `Evaluate()` determines these factors and signals changes using
`HandleRaPrefixTableChanged()` only when necessary, simplifying
signaling and avoiding redundant calculations.
This commit aims to make the use of RLOC16-related constants and
methods consistent across different modules.
- It replaces `Mac::kShortAddrInvalid` with `Mle::kInvalidRloc16` to
refer to an invalid RLOC16 value (note that these constants use the
same value `0xfffe`).
- It uses `Get<Mle::Mle>().GetRloc16()` to retrieve the device's
RLOC16 instead of `Get<Mac::Mac>().GetShortAddress()`.
- It updates `AddressResolver` to consistently use `uint16_t` for
RLOC16 (instead of the `Mac::ShortAddress` typedef).
This commit updates `HandleSetActiveOperationalDataset()` by removing
the extra conversion from `Dataset` to `Dataset::Tlvs` and directly
using the `Dataset` when saving the Active Operational Dataset.
This commit modifies `Child::RemoveIp6Address()` to update the
`mMlrToRegisterMask` and `mMlrToUnregisterMask` when a registered
child IPv6 address entry is removed from the list. These bit-vector
masks track the MLR state associated with the entry using its index
in the array. Since `Array::Remove()` replaces the deleted entry with
the last one in the array, the MLR masks are also updated to reflect
this change.
This commit updates how messages with an ALOC destination are
forwarded. If the chosen ALOC destination is a child, its parent is
used as the mesh destination unless the device itself is the parent.
Additionally, if the selected ALOC destination is a sleepy child of
the device, the parent node ensures to prepare the message for
indirect transmission. These changes ensure correct forwarding to ED
or SED devices when they register a service and want to receive
messages on their service ALOC.
This commit also adds a new test, `test-030-anycast-forwarding.py`,
which validates the forwarding to ALOC addresses on both ED and SED
devices.
This fixes a build error when the pre-processor define
OPENTHREAD_POSIX_CONFIG_NETIF_PREFIX_ROUTE_METRIC is set:
```
/usr/src/ot-br-posix/third_party/openthread/repo/src/posix/platform/netif.cpp:486:26: error: ‘kLinkLocalScope’ does not name a type
486 | static constexpr kLinkLocalScope = 2;
| ^~~~~~~~~~~~~~~
compilation terminated due to -Wfatal-errors.
```
This commit moves the `CheckReachability()` & `ResolveRoutingLoops()`
methods from the `MleRouter` class to the `MeshForwarder` class
now as `private` methods. This consolidates all `CheckReachability()`
overloads within the `MeshForwarder` class.
This commit adds `IsRouterRloc16()` (replacing `IsActiveRouter()`),
which checks whether a given RLOC16 refers to a router and not
a child. The new name clarifies that it is only a check on the RLOC16
value and does not verify if the corresponding router ID is allocated
and active. This commit also adds `IsChildRloc16()`, which is similar
to `IsRouterRloc16()` and checks if the given RLOC16 is for a child.
This simplifies the code and improves readability.
This commit updates the `Child` class to use `Array<Ip6::Address>` to
track the list of IPv6 addresses registered by an MTD child,
simplifying the code.
This commit adds the `HasMinimalChild()` method to the `ChildTable`
class and moves the logic for checking if a device has an MTD child
with a given RLOC16 from the `MleRouter` class to `ChildTable`. This
aligns better with the `ChildTable` class's responsibility of
managing all children and providing methods to search and find child
entries in the table.
This commit removes the `MleRouter::GetNextHop()` method and instead
directly uses `RouterTable::GetNextHop()`. This improves consistency
across all modules.
This commit simplifies `RxRaTracker::HandleRouterTimer()`. When all NS
probes to a router fail and it is marked as unreachable,
`HandleRouterTimer()` now directly removes/deprecates its
route/on-link prefixes, replacing a separate method previously used
for this purpose.
Additionally, a new helper method, `ShouldCheckReachability()`, is
added to check if a reachability check (sending NS probes) is needed.
This check is performed only if the router is not already marked as
unreachable and is not the local device itself.
The length of diag output messages is limited by the diag buffer size.
Developers have to change the diag buffer size to allow diag module to
output long messages. If diag output messages become longer and
longer, developers have to keep changing the diag buffer size.
This commit adds an output callback to diag module to output diag
messages. Then the length of diag output messages won't be limited by
the diag buffer size.
This commit removes the `Mle::GetNextHop()` method, which returned the
parent RLOC16 (when the parent state was valid) irrespective of a
given destination.
The `Mle::GetNextHop()` method was only used on MTD builds and from
`MeshForwarder::UpdateIp6Route()` method, where
`mle.GetNextHop(Mac::kShortAddrBroadcast)` served as an indirect way
to get the parent RLOC16. This is now replaced with a direct
`GetParentRloc16()` call, clarifying the intended purpose.
On FTD builds, the `MleRouter::GetNextHop()` is used instead of
`Mle::GetNextHop()`. The `MleRouter` method remains unchanged. Since
it would also return the parent's RLOC16 when the device is acting as
a child, using `GetParentRloc16()` covers this case as well.
This commit adds `IsLinkLocalUnicastOrMulticast()` to `Ip6::Address`
to indicate whether the address is either a link-local unicast or a
link-local multicast address.
The existing `IsLinkLocal()` is renamed to `IsLinkLocalUnicast()` to
clarify its purpose and align its name with `IsLinkLocalMulticast()`
and the new method.
The otci reports warning `DeprecationWarning: setDaemon() is
deprecated, set the daemon attribute instead`. This commit updates
the otci to fix this warning.
This commit adds a new template `Udp::SocketIn<Owner, RxHandlerPtr>`,
which defines a UDP socket for use within a specified `Owner` class.
It includes a `HandleUdpReceive()` member method callback for
processing received messages. This model, similar to `TimerMilliIn`,
eliminates the need for each socket user to define boilerplate code
for providing a static member function that simply casts and calls
the member method. This is now handled by the template `SocketIn`
class. The `Udp::Socket::Open()` method is also modified to no longer
require the callback and context parameters.
This commit adds `mIsReachable` to the `otBorderRoutingRouterEntry`
structure to indicate whether a router is reachable. A router is
marked unreachable after it fails to respond to multiple Neighbor
Solicitation (NS) probes. Additionally, the `br` CLI commands are
updated to display this information.
This commit enhances the generation of RLOC and ALOC addresses in the
`Mle` class.
Methods retrieving RLOC/ALOC addresses no longer return an `Error` and
are now `void`. The previous check for a valid `GetRloc16()` value,
which returned `kErrorDetach` if unset, is removed because this
scenario only occurred before the device's initial attachment.
Post-attachment, the RLOC16 remains valid even if the device is
detached. This change simplifies the code since RLOC/ALOC address
retrieval happens after the initial attachment.
Additional enhancements include:
- Changing the input parameter order in `GetCommissionerAloc()` to
match `GetServiceAloc()`.
- Using `Ip6::Address::SetToRoutingLocator()` to construct RLOC
addresses, harmonizing address generation and improving code
readability.
Since 74c833b623 was introduced all IPv6
multicast packets are passed to the host. Previously used promiscuous
mode configuration is now unused. This commit removes the dead code and
corresponding elements as there is no use case for them at the moment
(and they can confuse a user).
Signed-off-by: Konrad Derda <konrad.derda@nordicsemi.no>
This commit renames the methods for retrieving mesh local addresses to
`GetMeshLocalRloc()` and `GetMeshLocalEid()` (from `GetMeshLocal16()`
and `GetMeshLocal64()`, respectively) to align with the terminology
used in the Thread specification. Member and local variables are also
renamed accordingly.
This commit updates the code to use `RouterIdMatch()` for comparing
the Router IDs of two given RLOC16 values. Additionally, it
simplifies the `IsMinimalChild()` method.
This commit adds the `Mle::GetLeaderRloc16()` method, which returns
the RLOC16 of the Leader. This simplifies code that previously used
`GetLeaderId()` followed by a conversion to RLOC16.
This commit refactors methods that save or read a specified Dataset
TLV in/from secure storage under `PLATFORM_KEY_REFERENCES`. These
methods are moved from the `Dataset` class to the `DatasetManager`
class, consolidating related functionality and aligning with the
responsibilities of each class. The `Dataset` class is focused on
appending/parsing TLVs, while the `DatasetManager` class is
responsible for managing and saving the Active and Pending Datasets.
This commit modifies `Udp::Open()` to clear all properties of the
passed-in `aSocket` using the `Clear()` method. This replaces the
existing code, which only cleared the socket and peer address and
port numbers. This change ensures that `void *mHandle` member
variable in `otUdpSocket` is also set to `nullptr` before invoking
platform UDP `otPlatUdpSocket()`.
This commit adds the `IsReachable()` helper method to `Router` class,
which checks whether a router is considered reachable. It replaces
the previous comparisons of `mNsProbeCount` in the code, improving
readability. Neighbor Solicitation (NS) messages are used to
determine reachability if the router has not been heard from for some
time.
This commit adds `AppendLinkAndMleFrameCounterTlvs()` to
`Mle::TxMessage` for appending both Link and MLE Frame Counter TLVs.
This mirrors the existing `RxMessage` method for reading these
counters.
This commit adds an extra command `diag frame` to specify the frame
used for `diag send` and `diag repeat`, so that we can use this
command to send arbitrary 802.15.4 frames.
This commit removes the option to set `key_switch_guardtime` when
constructing nodes and network topology in test scripts. The
following tests are updated to reflect this change:
- `Cert_5_8_02_KeyIncrement.py`
- `Cert_5_8_03_KeyIncrementRollOver.py`
- `Cert_6_6_01_KeyIncrement.py`
- `Cert_6_6_02_KeyIncrementRollOver.py`
This commit updates the resetting of the Key Switch Guard Timer. It is
now reset under two conditions:
- The device itself triggers a key rotation and moves to the next key
sequence after the rotation time has passed since the last switch.
- The device receives a MAC or MLE message with an incoming key index
matching the next key index. Regarding MLE messages, this rule is
applied regardless of the message being classified as Authoritative
or Peer.
This commit improves the logging of `posix/platform/netif.cpp` in
following ways:
- Fix the false warning log when OT stack adds a unicast address.
1. When OT adds an address, it will add an address on host netif.
2. Then it causes a netlink `RTM_NEWADDR` event.
3. It assumes the newly added address is added by the host, so tries
to add the unicast address to OT again by
`otIp6AddUnicastAddress`.
4. `otIp6AddUnicastAddress` returns 'invalid arguments' error so it
will log `Failed to process event...`.
- Improve the logging of `AddRoute` and `DeleteRoute`. Previously they
silently sent out the requests so we don't know what the allocated
netlink sequence numbers were used for.
This makes it easier for vendors to tweak scheduling CSL
transmission request depending on minimum time to process it
(which for example might be higher for RCP architecture).
Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
This commit adds `ReadAndSetNetworkDataTlv()` to `Mle::RxMessage` to
read the Network Data TLV from a received MLE message and set it in
`NetworkData::Leader`.
This commit updates `Srp::Client` to use sequential message IDs,
replacing the previous model where message IDs were generated
randomly.
When processing responses from the server, older message IDs are
accepted as long as the corresponding older message was identical to
the latest one. This helps in situations where the server's response
may be delayed (e.g., due to network congestion) and the client retry
mechanism is retransmitting the same update message.
This commit also adds a unit test `TestSrpClientDelayedResponse()`
to validate the new behavior.
This commit adds `RxRaTracker::ScheduleAllTimers()`, which is called
whenever there is a change in tracked information about routers and
their advertised on-link or route prefixes. This method determines
the next router expiration time (to initiate NS probes), the next
prefix entry expiration, and the next stale time, then schedules all
the timers. This centralizes all timer calculations and simplifies
the code.
This commit implements a generic discovery proxy in the DNS-SD server.
It uses a set of newly added `otPlatDnssd` platform DNS-SD(mDNS) APIs
to start or stop browsers, SRV/TXT resolvers, and IPv6/IPv4 address
resolvers. These APIs closely match the native OpenThread mDNS
implementation.
OpenThread DNS-SD's existing `QueryCallback` mechanism, enabling
customized discovery proxy implementations, remains supported.
This commit includes a comprehensive unit test. This test validates
the discovery proxy's behavior, covering: standard use cases, request
timeout, s hared resolver/browser usage for multiple queries with the
same name, filtering of invalid addresses, and various edge cases.
This commit adds `ReadAndSave{Active/Pending}Dataset()` helper methods
to `Mle::RxMessage` to read the Active or Pending Dataset from a
received MLE message and save it in the corresponding
`DatasetManager`.
This commit also refactors the code for parsing the MLE TLVs, moving
it from `DatasetManager` to the `Mle` class for better alignment of
responsibilities.
This commit adds a new property SPINEL_PROP_NET_LEAVE_GRACEFULLY. The
host can trigger otThreadDetachGracefully by setting this spinel
property. Hence a SetProperty handler is implemented for this
property. A GetProperty handler is also added for this property for a
property response.
This commit adds a new posix sys API `otSysInitCoprocessor` which only
initializes the platform spinel component. (Reset the co-processor and
get the type)
The intention is to let the app to get the co-processor type without
creating the otInstance. Currently only `otSysInit` can be called
which creates the otInstance. However in some cases, we don't want to
create the instance at the early stage.
This commit adds a RCP capability diag module for verifying the RCP's
capability. This commit is an initial commit that only tested several
Spinel commands.
This commit changes unit test `TestPrefixStaleTime()` so that a route
prefix is advertised with a lifetime of 800 seconds, which is longer
than the `kStaleTime` of 600 seconds. With this change, the entry
will not expire and become stale at the same time. This simultaneous
expiration could cause issues depending on the order of execution of
`mStaleTimer` and `mExpirationTimer`, which would be scheduled for
the same time. With this change, the entry will still be valid (due
to the lifetime of 800 seconds) when the stale timer fires after 600
seconds. This ensures that the test runs consistently and does not
depend on the order in which timer callbacks fire.
This commit adds `AppendActiveAndPendingTimestampTlvs()` helper
method, which appends both Active and Pending Timestamp TLVs to the
message. This helps simplify the code as the two TLVs are almost
always included together in different MLE messages.
This commit refactors the code for preparing and appending MLE TLVs,
moving it from `DatasetManager` to the `Mle` class for better
alignment of responsibilities.
It adds `TxMessage::AppendDatasetTlv()`, which appends an Active
or Pending Dataset (if present) to an MLE message following the
proper MLE TLV format. This includes removing the corresponding
`Timestamp` from the dataset, as MLE messages include timestamps
using their own MLE TLVs rather than within the dataset itself.
This commit removes the `GetSeconds() != 0` check in
`Mle::AppendPendingTimestampTlv()`. This allows `DatasetUpdater` to
use a Pending Timestamp with random ticks and a zero seconds value if
there is no pending Dataset.
This commit enhances the handling of `Timestamp`.
Methods `SetToInvalid()` and `IsValid()` are added to the `Timestamp`
class. The value where all bytes are set to `0xff` is used to
represent an invalid `Timestamp`. This corresponds to max seconds,
max ticks with the authoritative (`U`) flag set.
This helps simplify `DatasetManager`, where we need to track local and
network Active/Pending timestamps, which may not be present. These
are now represented by setting the `Timestamp` to the invalid value
(replacing the earlier model where a `Timestamp` pointer was used
with `nullptr` representing an invalid timestamp).
This allows us to simplify the `Timestamp::Compare()` method, now
getting two `Timestamp &` instead of `Timestamp *`. With this, we can
also define comparison operator overloads to compare two `Timestamp`
objects, which helps make the code simpler and more readable.
This commit introduces new helper methods in the `Dataset` class to
write or remove a Timestamp TLV (Active or Pending) to/from the
Dataset. These are added alongside the existing `ReadTimestamp()`
method.
This commit contains minor enhancements to `HandleParentResponse()`:
- Variable name `linkMarginOut` is used for the Link Margin TLV value
included in the response from the parent candidate. This is used to
`SetLinkQualityOut()`.
- `twoWayLinkMargin` variable name is now used to show the two-way
link margin.
- `IsBetterParent()` is updated to calculate the two-way link quality
for the new parent candidate from the two-way link margin (instead
of getting it as a parameter).
This commit adds APIs to iterate over mDNS browsers and resolvers,
along with related CLI commands. These are intended for testing. It
also introduces a build config `ENTRY_ITERATION_API_ENABLE` to
control whether the mDNS module provides mechanisms and public APIs
for entry iteration.
Currently, sending an IPv6 multicast destined packet encoded in
otMessage with the otIp6Send() function reports an error kErrorNoRoute
if "host loopback allowed" flag is disabled (despite of packet being
properly passed to Mesh Forwarder). This commit changes a flag checking
statement to return kErrorNone instead.
Signed-off-by: Konrad Derda <konrad.derda@nordicsemi.no>
This commit renames the entry stale time constant to `kStaleTime` and
sets it to 10 minutes (from 30 minutes). This change aligns the
`RoutingManager` with the recommended value in the latest stub router
RFC draft (`STALE_RA_TIME`).
The unit test `test_routing_manager` is also updated to reflect this
new constant.
This commit updates and fixes how the Pending Dataset delay timer is
started. It is now started only after the timestamps are checked and
the local Pending Dataset is updated and saved to non-volatile
storage from the `LocalSave()` method.
In particular, we no longer start the delay timer from the `Save()`
method, which reads the `Dataset` from a received `Message`. This
is because we may receive a Pending Dataset with a timestamp that is
older than the currently saved local Pending Dataset. In this case,
the local Dataset is correctly not updated but without this change,
we could start the delay timer for the received stale Pending
Dataset.
`openthread-spinel-config.h` is included by many modules like
`spinel_encoder`, `spinel_decoder`. To use these modules in external
projects, we need to remove the including of
`openthread-core-config.h`.
This commit fixes mbedTLS config where MBEDTLS_OID_C is not set
together with MBEDTLS_PK_PARSE_C in some OpenThread configurations.
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
This commit updates the determination of stale times for discovered
on-link or route prefixes. The stale time is now calculated per
unique prefix. If multiple routers advertise the same on-link or
route prefix, the stale time for the prefix is set to the latest
among all corresponding entries.
This addresses an issue in the previous implementation where, for
on-link prefixes, the stale time was determined as the latest stale
time over all on-link entries, regardless of the actual prefixes. For
route prefixes, the earliest stale time was used, also disregarding
the possibility of multiple routers advertising the same prefix.
This commit also updates the `test_routing_manager` unit test to
validate the corrected stale time calculation.
This commit adds helper methods to `Mle::RxMessage` for reading and
processing specific TLVs:
- `ReadModeTlv()`: Reads the Mode TLV as a bit mask and converts it to
a `DeviceMode`.
- `ReadVersionTlv()`: Reads the Version TLV and verifies that it is at
least 1.1 (the minimum supported version).
- `ReadAndMatchResponseTlvWith(const TxChallenge &)`: Reads the
Response TLV and matches it against a given challenge.
This commit updates the calculation of stale time for a discovered
local RA header (to mirror), incorporating the default route lifetime
specified in the header when it is non-zero, in addition to the RA
stale time constant. This ensures proper behavior even if the RA
header default route lifetime is shorter than the RA stale time.
Additionally, this commit adds `CalculateExpirationTime()` to
determine the expiration time from a given update time and lifetime
duration in seconds. If the given lifetime exceeds the supported
range of `TimeMilli` (~24 days), it clamps the value to ensure time
calculations remain within the valid `TimeMilli` range.
This commit updates constants in `RoutingManager`. Timing constants
are now consistently specified as an interval with an associated
jitter, where the actual interval is randomly selected within the
range `[interval - jitter, interval + jitter]`.
The initial transmission of three RAs with a short interval of 16
seconds (± 2 seconds jitter) remains unchanged. However, subsequent
RA transmissions now use a regular beacon interval of 3 minutes (± 15
seconds jitter), replacing the previous random interval selection
within `[200, 600]` seconds.
The selection of 3 minutes as the regular RA beacon interval aligns
the implementation with the latest stub router RFC draft's
`RA_BEACON_INTERVAL` default value.
This commit simplifies how `ProcessAddressRegistrationTlv()` signals
DUA address changes. Signaling now occurs after all child addresses
are registered, using a new `SignalDuaAddressEvent()` method. This
method checks the old and new DUA addresses to determine the
appropriate event to signal.
Additionally, `Child::GetDomainUnicastAddress()` is updated to return
an `Error` and copy the DUA address into a provided `Ip6::Address`
reference.
This commit updates `PdPrefixManager` to use the newly added
`GetDeprecationTime()` method for managing the lifetime of a DHCPv6
PD prefix. This method calculates the deprecation time using the
prefix preferred lifetime directly, instead of relying on the RA
stale time constant `GetStaleTime()`.
While the PD prefix may be determined by processing RA messages
received on the Thread interface, the RA stale time is not relevant
in this context. The RA stale time is only applicable to RA messages
received over infra-if. It specifies the time that can pass after the
last RA from a particular router on infra-if before assuming the
router might be unavailable and triggering Router Solicitation
(RS) messages.
Enh-ack link metrics required to reset/clear when radio(RCP) is reset to
clear existing data. To support it, added API to reset/clear linked list
of enh-ack link metrics.
Signed-off-by: Ashishkumar Vara <ashish.vara@nxp.com>
This commit updates the mDNS module to use the recently introduced
general-purpose `NextFireTime` class, replacing the module-specific
`TimerContext` class.
This commit simplifies the `DatasetUpdater`:
- Restricts `DatasetUpdater::RequestUpdate()` to be used only when the
device is fully configured and has a valid Active Dataset; otherwise,
it returns `kErrorInvalidState`. This simplification allows for the
removal of the timer (previously used to delay the update if no
Active Dataset was present).
- Adds a check in `RequestUpdate()` to determine if the requested
Dataset changes are already present in the current Active Dataset,
returning `kErrorAlready` if so.
- Enhances `RequestUpdate()` to prepare and set the Pending Dataset
immediately. It stores the requested Dataset as a sequence of TLVs
and retains the Active and Pending Timestamp values for later use
in determining update success or failure.
- Simplifies the code for checking Dataset changes and reporting
update outcomes. A common `HandleDatasetChanged(Dataset::Type)`
method is added, which can be used when the Active or Pending
Dataset changes and performs the necessary checks, eliminating
duplicate code.
This commit adds a CI check for MbedTLS version 2.28.8, instead of
testing version 3, which is now enabled by default.
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
This commit fixes the typo and enables SRP_ADV_PROXY - also by turning
on the dependent components.
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
This commit introduces `NextFireTime`, a helper object for tracking
the next fire time along with the current time. It provides an
`UpdateIfEarlier(Time)` method to update the tracked next fire time
with a new given time only if it is earlier.
The `NextFireTime` class simplifies a common code pattern used across
modules to determine the earliest fire time when scheduling a timer.
It also ensures that the next fire time is never set before the
current time, improving code safety.
This commit fixes the warning, when logs are disabled:
warning: variable "storedCount" set but not used
[-Wunused-but-set-variable]
Signed-off-by: Łukasz Duda <lukasz.duda@nordicsemi.no>
This commit adds a method `Dataset::IsSubsetOf()` to check whether one
dataset is a subset of another. A dataset is considered a subset if
all its TLVs, excluding Active/Pending Timestamp and Delay Timer
TLVs, are present in the other dataset with exactly matching values.
This new method simplifies `Dataset::Info::IsSubsetOf()`. The unit
test `test_dataset` is updated to validate the `IsSubsetOf()()`
method.
This commit introduces the following changes:
- Adds a new callback `HandleLocalOnLinkPrefixChanged()` for
`OnLinkPrefixManager` to signal changes to the local on-link
prefix (derived from the extended PAN ID).
- Modifies `RxRaTracker` to always ignore a PIO prefix matching the
local on-link prefix, regardless of the current state of
`OnLinkPrefixManager`. Such a PIO originates from another Thread
border router connected to the same Thread network and is not used
by `OnLinkPrefixManager` to decide whether it needs to advertise
the local on-link prefix.
- Updates `RxRaTracker` to be notified when the local on-link prefix
changes. In its `HandleLocalOnLinkPrefixChanged()`, it removes any
prefixes in the table matching the new prefix.
This commit simplifies the `Restore()` methods:
- A private overload `Restore(const Dataset&)` is added, taking the
read `Dataset` as input to avoid duplicate reads.
- The public `Restore(void)` is updated to use the new private
`Restore(const Dataset&)`.
- The `HandleDetach()` method is removed, and its use in the `Mle`
class is replaced with `Restore()`.
Use the `Route64 TLV` to update the router table after adding a new
neighbor in `HandleLinkAccept`.
With this change, when a router re-joins the network, it will restore
its nexthop table while processing the `link accept`, rather than
having to wait for an `mle advertisement`.
The RcpMinHostApiVersion capability should be parsed from
SPINEL_PROP_CAPS response using SPINEL_CAP_RCP_MIN_HOST_API_VERSION,
rather than using SPINEL_PROP_RCP_MIN_HOST_API_VERSION.
This commit adds a set of helper functions to parse a given digit or
hex digit character to its numeric value, or to check if a given
character is a digit, uppercase, or lowercase letter.
This commit adds `mIsLocalDevice` in the `Router` class to track
whether it represents the local device (e.g., another software entity
on this device). This information is used to skip sending NS probes
to this router. Tracking this information directly in the `Router`
class is safer than checking the address using `mInfra.HasAddress()`,
as the addresses may have changed since the last RA was received.
This commit exposes this information through the public APIs and CLI
command, and updates `test_routing_manager` unit test to validate the
new flag.
- Update `DatasetManager::Clear()` to stop delay timer if it is
Pending Dataset.
- Remove `PendingDatasetManager::ClearNetwork()` (use `Clear()`
instead).
This commit updates how `RxRaTracker` decides whether to process
PIO/RIO from a received RA message:
- The checks are performed directly in related `Process()` methods,
removing the `ShouldProcess()` methods.
- The check `Get<RoutingManager>().IsRunning()` is removed as it is
already checked before processing the RA message.
- The check `IsValidOmrPrefix()` is removed for RIO route prefixes.
Instead, all route prefixes are tracked, regardless of length
(excluding link-local or multicast prefixes). With this change,
there is no longer a need to specifically check and allow the
default route.
This commit moves the implementation of `ApplyConfiguration()` from
the `Dataset` class to `DatasetManager`. This aligns better with the
responsibility of the `DatasetManager` class (managing the active and
pending dataset and being an `InstanceLocator`), keeping the
`Dataset` class focused on providing helper functions related to TLVs
in the Dataset: finding TLVs, reading TLV values, writing/updating
TLVs, etc.
This commit enhances the `DiscoveredPrefixTable::Router` class to
track the last time an ND6 message (RA or NS) was received from each
discovered router. This information is now available through the
`otBorderRoutingRouterEntry` and can be viewed using the `br routers`
CLI command.
This commit moves functionality from `RoutingManager` to
`RxRaTracker`:
- The `ShouldProcessPrefix/RouteInfoOption()` methods, which decide
whether to skip or process a PIO/RIO, are moved to `RxRaTracker`.
- `RxRaTracker` is directly notified on network data change, using its
new `HandleNetDataChange()` method. This replaces
`UpdateRxRaTrackerOnNetDataChange()`.
This commit updates the native mDNS implementation to include
additional records (SRV, TXT, and AAAA for host) when answering
sub-type PTR (browse) queries, the same way it is included for base
PTR queries. The unit test `test_mdns` is also updated to verify and
expect this behavior accordingly.
This commit updates the `DatasetManager` to track information about
the local dataset, such as the local timestamp, update time, and
whether it is saved in non-volatile settings. This change effectively
merges the `DatasetLocal` logic into `DatasetManager`, allowing for
the removal of `DatasetLocal` and simplifying the code.
Issue: Disabling channel monitor feature on ot-daemon by setting
following flag "OT_CHANNEL_MONITOR = 0" a compilation error was
present.
Fix: Some pieces of code in OpenThread shall be under
OPENTHREAD_CONFIG_CHANNEL_MONITOR_ENABLE.
Signed-off-by: Ashishkumar Vara <ashish.vara@nxp.com>
This commit combines the `protected` and `private` sections of
`DatasetManager`, adding `ActiveDatasetManager` and
`PendingDatasetManager` as `friend`s. This simplifies the code and
aligns with the goal of having more functions handled by the
`DatasetManager` base class.
This commit moves the scheduling and handling of the stale timer to
`RxRaTracker`. This aligns with the responsibility of this class
managing all discovered on-link/route prefixes and the locally
generated RA header to mirror.
This commit updates the native mDNS implementation to ensure the
callback is invoked when a host is registered without any address
(effectively unregistering the host and removing any previously
registered addresses for the host-name).
The implementation ensures the callback is invoked after returning
from the `RegisterHost()` call (invoked from a posted tasklet), as
required by the mDNS API definitions.
Additionally, the `test_mdns` unit test is updated to cover
registering a host with no address for the first time or updating a
previous registration.
This commit moves the tracking of the RA header of locally generated
RA messages from `TxRaInfo` to the `RxRaTracker` class. The tracked
RA header is used when `RoutingManager` sends an RA, ensuring
consistent RA headers across all RAs emitted from the device.
This aligns the logic by having `RxRaTracker` track all information
from received RAs and simplifies stale time calculations.
This commit simplifies `DatasetLocal` by moving the different overload
implementations of `Read()` to `DatasetManager`. This aligns the code
so that overloads are provided by `DatasetManager` and `DatasetLocal`
provides one version of `Save()` or `Read()`. Unused/undefined
methods in `DatasetLocal` are also removed.
This commit refactors the logic that determines whether to replace the
current Active Dataset with a Pending Dataset upon its delay timer
expiration.
Instead of performing the check within the more general-purpose
`DatasetManager::Save()` method, the logic is now moved directly
into `PendingDatasetManager::HandleDelayTimer()`. This change makes
the code more specific and prevents unintended checks in other
situations where `Save()` is used (e.g., when Active Dataset is
directly set).
The conditions remain the same: The Pending Dataset's Active
Timestamp must be newer, or the Pending Dataset must contain a
different network key.
This commit also adds `test-029-pending-dataset-key-change.py`
to validate the roll-back of Active Timestamp using Pending
Dataset.
This commit renames the `DiscoveredPrefixTable` to `RxRaTracker`. The
new name is shorter and emphasizes that this class is responsible for
processing received RA messages and tracks useful information about
the RA (routers and their advertised flags and prefixes).
It also renames `RaInfo` to `TxRaInfo` to clarify its role for
tracking information about emitted RAs.
This commit updates `Mle::HandleLeaderData()`:
- Simplify the checks for presence of Active/Pending Dataset TLV.
- Introduce `saveActive/PendingDataset` boolean flags to track whether
we should read and save the included Dataset from the received
message. These replace and consolidate a group of other local
variables.
- Restrict the `IsLeader()` checks to FTD builds
This commit tries to eliminate the dependency of the lib directory on
OT core, especially for headers under lib directory.
Currently the headers and sources under lib directory uses a lot of OT
util functions and template classes. This is not preferred because it
will cause dependency issues if we leverage lib from another
project. For example, if we include headers under lib from
`ot-br-posix`, it won't be able to find the OT common headers. If we
add INCLUDE path of OT core common, that will bring a bigger issue:
There are many conflict headers. `ot-br-posix` also has headers as
'common/code_utils.hpp'.
This commit eliminates the dependency by copying required headers from
core/common to lib/utils directory (with some changes). All the util
functions are under namespace `ot::Lib::Utils`.
`OT_ASSERT` is simply replaced by `assert`. `assert` is already used
across the lib directory.
The commit also adds a config file only for the spinel module to avoid
including `openthread-core-config.h`.
This commit introduces the `ContainsAllTlvs()` method to `Dataset`,
which checks if a dataset contains all the specified TLVs. This new
method simplifies the implementation of `IsCommissioned()` and
`ContainsAllRequiredTlvsFor(Type)`
This commit updates error handling when saving Active/Pending
Operational Datasets in non-volatile settings. Previously,
`kErrorNotImplemented` was permitted as a return value due to legacy
behavior. Since non-volatile storage is now a mandatory requirement
for Thread operation, we enforce successful saves by asserting on any
error encountered during this process. Methods returning error types
are updated, and some now return `void`.
The public APIs `otDatasetSetActive()` and `otDatasetSetPending()` are
affected by this change. They now always return `OT_ERROR_NONE` and
can essentially be treated as having a void return type. The `otError`
return type is maintained solely for backward compatibility.
This commit optimizes `RoutingManager`:
- Replaces `RoutingManager::NetworkDataContainsOmrPrefix()` with
`ContainsOmrPrefix()`.
- Simplifies `OmrPrefixManager::ShouldAdvertiseLocalAsRio()` by
utilizing `ContainsOmrPrefix()`.
- Relocates `ContainsOmrPrefix()` to `network_data_leader.cpp` and
removes its FTD-only restriction.
This commit renames command line argument --local-host to
--local-interface to reduce confusion as discussed in #10194.
This commit also add help message for local interface.
This commit simplifies the `Leader::ContainsOmrPrefix()` method by
eliminating the loop over sub-TLVs based on stable flag status. Since
OMR prefixes must be marked as stable, the search for a given OMR
prefix can be restricted to stable sub-TLV only.
This commit lets posix `otSysInit` return the Co-processor type by
adding a field in `otPlatformConfig`. (This avoids breaking the
existing code that uses `otSysInit`.) Returning the Co-processor type
allows the app layer has the information and can do
initialization. For example, the dbus server.
The commit also allows `otSysInit` and `otSysDeinit` to be completed
when the co-processor type is NCP. This doesn't mean `ot-daemon` can
work with NCP now. But this is required by further developing NCP
support in `otbr-agent` because these two methods are required. The
native posix app (ot-daemon) will still exit when it detects a
co-processor other than RCP.
When the co-processor type is RCP, `otSysInit` and `otSysDeinit` work
as usual. When the type is NCP, only spinel manager will be
initialized and ot::Instance will not be created.
This commit modifies the `CalculateHash()` method to use a zero
checksum value for RA (ICMPv6) header for both received and emitted
RA message. In prepared RA messages, the checksum is always set to
zero, and the platform layer is responsible for calculating and
updating it. For a received RA, while platforms typically zero out
the checksum after validation, this behavior isn't explicitly
required by `otPlatInfraIf` APIs. By ignoring the checksum(setting it
to zero) during hash calculation, this change ensures correct
calculation regardless of platform behavior.
This commit also updates `test_routing_manager` to intentionally
modify the checksum field in an emitted RA message before passing it
back to the OT stack. This validates the updated hash calculation
behavior.
This commit streamlines dataset-related helper methods:
- Renames all methods that save local dataset to `SaveLocal()` for
consistency and to distinguish them from `Save()` methods, which
set the partition's dataset and perform additional checks
(e.g., ensuring the timestamp is ahead).
- Renames `SendSet()` to `SyncLocalWithLeader()` and passes `aDataset`
as an input parameter to avoid redundant dataset reads.
- Removes the now unnecessary `HandleDatasetUpdated()` method, as its
functionality can be inlined within `SaveLocal(const Dataset &)`.
- Consolidates additional dataset type-specific actions(e.g., starting
a delay timer for Pending Dataset changes) into the base class
`DatasetManager` methods `Save()` and `SaveLocal()`, simplifying
the code and reducing redundancy.
- Modifies `DatasetLocal` to provide a single `Save()` method with a
`const Dataset &` input. `DatasetManager` now handles conversions
from various dataset representations (e.g., component-wise
structures or TLV sequences).
This commit adds `RouterAdvOrigin` enumeration to track the origin of
a received RA message, whether it is from another router on the
infrastructure, or self-generated by either the `RoutingManager`
module or another software entity running on the device.
This is used to exclude prefixes from self-generated `RoutingManager`
RAs in the prefix table and simplifies learning and adopting of RA
headers from other software entities on the same device.
The origin is now logged when a new RA is received for improved
debugging.
This commit also updates `test_routing_manager` to pass back any sent
RA messages to the OT stack. This validates the mechanism for
identifying self-generated RA messages.
This commit enhances the readability of the `RoutingManager` class
definition by adding comments to delineate different sections within
the code: Constants, typedefs, enumerations, nested classes and
structs, private methods, and variables.
Homebrew installation of clang-format (satisfying >14.0 requirement)
outputs the following version string:
```
Homebrew clang-format version 14.0.6
```
This change fixes the following error while running make-pretty:
```
*** ERROR: Homebrew clang-format version 14.0.6; clang-format 14.0 required
```
This commit refactors and simplifies `RoutingManager`:
- Introduces `OnLinkPrefix` and `RoutePrefix` classes, both derived
from a common base class `LifetimedPrefix` (representing a prefix
and its valid lifetime).
- Replaces the originally dual-purpose `DiscoveredPrefixTable::Entry`
(used for both route and on-link prefixes) with a new template
`Entry<Type>`, specifically used with `OnLinkPrefix`, `RoutePrefix`,
and also `Router`.
- Updates `Router` to maintain separate lists for on-link and route
prefixes.
- Utilizes `OnLinkPrefix` in `PdPrefixManager` for tracking DHCPv6-PD
prefixes.
This commit adds support to simulate Thread radio over IPv6.
With this commit, a simulation will be simulated over either IPv6 or IPv4.
If it's simulated on IPv6, it communicates with other simulation nodes
in IPv6 group `ff02::116`. And if it's simulated on IPv4, it communicates
with other simulation nodes in IPv4 group `224.0.0.116`.
Note that simulating virtual time is not included in this commit.
Problem: Executing the `udp send` command in CLI without previously
opening the example udp socket results in an unhandled null-pointer
exception.
Solution: Before anything is processed in the
`UdpExample::Process<Cmd("send")>(Arg aArgs[])` method, the UDP socket
is checked whether it's open or not. If not, the method returns with
OT_ERROR_INVALID_STATE error avoiding the null-pointer exception.
During RCP recovery, the Host does not check if the RCP supports
logging a crash dump. This causes RCP recovery to fail when the RCP is
built with `OPENTHREAD_CONFIG_PLATFORM_LOG_CRASH_DUMP_ENABLE =
0`. This bug was introduced in #10061
This commit will make the Host only request crash logs from the RCP if
the RCP supports it.
This change leverages `OwningList<>` to manage discovered routers and
prefix entries within `RoutingManager`. This ensures automatic
deallocation of these items, streamlining memory management. It works
independently of whether the items are heap-allocated or from a
`Pool`.
This commit enhances `Dns::Name` to detect and handle cases where a
compressed DNS name contains a loop spanning multiple labels. The
`test_dns` unit test has been updated to include test cases for these
invalid names.
This commit introduces a new method, `RemoveAndFreeAllMatching()`, to
the `OwningList<Type>` class. This method removes and frees all
entries in the list that match a given indicator. This is used to
simplify the native mDNS implementation. The unit test
`test_linked_list` is also updated to validate the newly added helper
method.
This commit moves the definition of coprocessor_type from posix to
lib/spinel directory. There are two reasons to do so:
1. Allow platforms other than posix to access the definition. For
example, nxp imt-rx.
2. Allow the user (posix/main.c) of OT system API to access the
definition. Currently the posix main depends on OT system API but
doesn't depend on definitions in 'platform-posix.h'. This should be
kept.
This commit adds `CalculateExpirationTime()`, which simplifies the
calculation of expiration times of discovered prefix entry by
clamping a given lifetime to the maximum value (in seconds) first
before converting to milliseconds.
This commit simplifies the code and adheres to the SHOULD
requirement in the Thread specification, which states: "A Thread
Device that is not a Leader MUST NOT process this message. Instead it
SHOULD respond with 'Reject' state value".
This commit updates the `PdPrefixManager` class for improved
readability and efficiency:
- Relocated all Prefix PD methods in the header file for logical
grouping within the same `#if` block.
- Reordered method definitions for better organization (e.g., moved
`SetEnabled()` closer to the constructor, and logging-related
methods to the end).
- Renamed variables and types for conciseness (e.g., `Dhcp6PdState` to
`State`).
- Simplified prefix processing logic, regardless of whether it's from
RA or directly set.
- Moved additional functions into `PdPrefixManager::Process()`,
including checking `mEnabled`, logging failures, and updating
counters.
- Optimized `Process()` to update the timer only when the prefix
changes.
- Introduced a new nested `PrefixEntry` class with helper methods like
`IsFavoredOver()` and `IsEmpty()`, simplifying the code and
improving readability.
- The `IsFavoredOver()` method determines if one PD prefix is favored
over another.
This commit corrects the order of calls to prefix methods `Tidy()` and
`SetLength(kOmrPrefixLength)`. This was unintentionally reversed in
PR #10000.
PD prefixes can be shorter than `kOmrPrefixLength` (as allowed by
`IsValidPdPrefix()`). To use them as OMR prefixes, `Tidy()` is called
first to clear any extra bits before potentially extending the prefix
to `kOmrPrefixLength`.
This commit introduces the `br pd omrprefix` command, which displays
the DHCPv6 Prefix Delegation (PD) On-Mesh Routable (OMR) prefix when
the DHCPv6 PD feature is enabled. Additionally, the `debug` command
is updated to output `br pd state` and this new command when the
feature is enabled
This commit adds `ProcessSetRequest()` to process a received
`MGMT_SET` request message, validate the included `Dataset`, and
determine if it affects connectivity or changes the network key. The
now unused `DatasetTlv` is removed as TLVs are read directly from the
`Message`. This change will also enable future support for
`MGMT_REPLACE` request.
This commit adds a common `SendSetRequest(const Dataset &)` method
that prepares and sends an MGMT_SET message with the given Dataset.
This removes similar duplicate code.
This commit enhances dataset handling:
- Adds `ValidateTlvs()` which parses and validates all known TLVs
within the `Dataset` and checks for any duplicates.
- Introduces a set of `SetFrom()` methods for constructing a `Dataset`
from various types of inputs, e.g., other `Dataset`, TLV sequences,
`DatasetInfo` structures, bytes read from `Message`. Now they
consistently clear the `Dataset` before setting it.
- Adds `WriteTlvsFrom()` to update a `Dataset` replacing/appending a
set of TLVs.
- Adds `AppendTlvsFrom()` to append an already encoded sequence of
TLVs without validating/checking the format.
- Renames `Get/SetSize()` to `Get/SetLength()` for consistency.
- Adds `test_dataset.cpp` unit test for basic `Dataset` validation.
This commit removes the `LogCrit` example lines emitted from
`otPlatLogCrashDump()` in simulation platform. These extra log
lines can cause test failures.
- If we check in between SendReset() and WaitResponse(),
mIsCoprocessorReady may become true before waitResponse() and if
loop becomes false even successfully reset done.
- mIsCoprocessorReady is already checked before sendReset() to avoid
resetting in case of Mulipan architecture. There is no need to check
in between sendReset() and waitResponse().
- Removed mIsCoprocessorReady from if loop check between sendReset()
and waitResponse().
Signed-off-by: Ashishkumar Vara <ashish.vara@nxp.com>
This commit breaks down current posix radio module into `Radio` and
`SpinelManager`. The static instance of `SpinelDriver` is moved from
`Radio` to `SpinelManager`. The `platformRadioXXX` methods are also
broken down into `platformSpinelXXX` and `platformRadioXXX`. The
purpose is to make `platformSpinelXXX` resuable under both NCP and RCP
cases. And to use `platformSpinelInit` to detect to co-processor type
during initialization.
This commit moves a few static util methods from the `Interpreter`
class to the `Cli::Utils` class. Since the `Interpreter` class and
other classes for cli components inherit the `Cli::Utils`, they can
still access these methods. Putting these methods in utils class is
more intuitive. This change also makes other cli classes less
dependent on the `Interpreter` class.
The method `ParseEnableOrDisable` has been moved to the `Utils` class
and these components inherit the `Utils` class so there is no need to
add namespace.
This commit adds a new feature that allows platforms to log crash logs.
### Additions
- `void otPlatLogCrashDump(void)` - API that logs a crash dump using
OpenThread Logging APIs
- `SPINEL_PROP_RCP_LOG_CRASH_DUMP` - spinel prop that calls
`otPlatLogCrashDump()` when `Set`
- `SPINEL_CAP_RCP_LOG_CRASH_DUMP` - spinel capability denoting that a
RCP supports logging crash dumps
### Usage
- For `ot-cli-ftd|mtd`, `otPlatLogCrashDump()` is called at the end of
app initialization, before the main loop. See [main.c]
- For Host/RCP setups, during initialization, the Host gets the RCP
capabilities. If the RCP has the `SPINEL_CAP_RCP_LOG_CRASH_DUMP`
capability, the Host will `Set` the `SPINEL_PROP_RCP_LOG_CRASH_DUMP`
property, triggering the RCP to call `otPlatLogCrashDump()`.
- If RCP Recovery is enabled, the this will also happen once the RCP
has been restored
This commit contains smaller enhancements in `HandleSet()`:
- Remove the redundant `IsLeader()` check since it is checked in
`HandleTmf<kUriActiveSet>` and `HandleTmf<kUriPendingSet>` before
calling `HandleSet()`
- While reading TLVs from message, ensure that entire TLV is contained
in the `Message`.
- Simplify the code that verifies an `MGMT_ACTIVE_SET.req` from a
commissioner does not affect connectivity (change boolean checks to
positive instead of negative).
- Remove `hasNetworkKey` as the condition is tracked by
`doesAffectNetworkKey`.
Reference devices that are part of the Thread test harness construct
CoAP packets sent on TMF port 61631 for certain tests, for example in
the 5.9.x series where they have to force address errors (a/ae) for
duplicate DUA or re-registration tests. These tests started to fail
when reference device firmware was updated recently to a newer
OpenThread stack that included the change in
https://github.com/openthread/openthread/pull/9437.
Example:
```
udp send fd00:db9:0:0:0:ff:fe00:5000 61631 -x 4102d63697b16e02646eff0401010010fd007d037d037d0389c3a350cdcf36e0'
Ip6-----------: Dropping TMF message from untrusted origin
```
For certification purposes, we are adding a cli toggle (for reference
devices) as a test sub-command to disable the filter that drops TMF
messages from unknown origins.
handling
This commit introduces several smaller changes to the `Dataset`
class:
- Provides template methods `Read<Tlv>()` for flexible reading of any
TLV from dataset, mirroring the existing `Write<Tlv>()` methods.
- Replaces `SetTimestamp()` method with the `Write<Tlv>()` with
specific timestamp TLVs
- Renames `GetTimestamp()` to `ReadTimestamp()`, aligning the naming
convention with other methods.
The RCP Restoration feature missed restoring the source address match
feature configuration. It causes the source match table to be disabled
by default after the RCP restarts. This commit restores the source
address match feature configuration.
When the DHCPv6 PD state changed, we need to throw out a signal to
notify another process running on the OS, then the process will decide
if it need to withdraw or request RA.
This commit adds support for adding a DHCPv6 delegated prefix to the
Routing Manager via a new Open Thread API. Previously this feature was
only supported using a platform generated RA on a Posix based BR. For
platforms that can get the prefix directly from a DHCPv6 PD client API
there is no point in creating a RA for setting the prefix. It's much
easier to use a direct call to configure it.
This new API uses an otBorderRoutingPrefixTableEntry structure as an
input parameter and evaluates the prefix based on the same rules as
one coming from a platform RA. The lifetime of the prefix can be
updated by calling the function again with new time values.
Updates the `Dnssd` module to allow it use
- Either the native OT mDNS implementation
- Or use the platform `otPlatDnssd` APIs (delegated to platform)
Also adds `OPENTHREAD_CONFIG_MULTICAST_DNS_AUTO_ENABLE_ON_INFRA_IF`
for mDNS module to be automatically enabled/disabled on the same
infra-if used for border routing based on infra-if state.
When an icmp echo request is sent to rloc/aloc address of a Thread
device, OT replies to the packet. The packet is also passed to host
and the kernel may reply to the echo request. This would cause 2 echo
replies and may be confusing when testing packet loss rate by pinging
a rloc/aloc address.
Added OT_ICMP6_ECHO_HANDLER_RLOC_ALOC_ONLY to otIcmp6EchoMode to let
OT only handle echo request to rloc/aloc addresses, this is the
default mode in posix code. Set otIcmp6EchoMode to
OT_ICMP6_ECHO_HANDLER_DISABLED will help to avoid double ping replies
from both OT and host.
Fix -Wformat trigger on some platforms as an int32_t is printed using %d
```
src/core/mac/sub_mac.cpp:336:73: warning: format '%d' expects argument of type 'int', but argument 5 has type 'int32_t' {aka 'long int'} [-Wformat=]
336 | logString.Append("Expected sample time %lu, margin ±%lu, deviation %d", ToUlong(sampleTime), ToUlong(ahead),
| ~^
| |
| int
| %ld
337 | deviation);
| ~~~~~~~~~
| |
| int32_t {aka long int}
```
- Inlines `AppendMleDatasetTlv()` in `DatasetManager` (removing from
`Dataset` class)
- Updates the locally read 'dataset' directly by removing the
timestamp before appending it to the message as an MLE TLV value.
- Leverages `Read()` which already updates the `DelayTimerTlv` with the
remaining delay, eliminating the need to re-calculate and update the
delay.
- Uses `Tlv::AppendTlv()` to append the MLE TLV with `dataset` bytes
as value.
- Updates `Dns::Name::ExtractLabels()` for in-place label extraction,
optimizing string operations.
- Introduces `Name::StripName()` to efficiently remove a suffix name
from a DNS name in place.
- Updates and simplifies unit tests `test_dns` to validate new
functionality.
This commit enhances the expect test against link metrics manager
feature to ensure that the feature can be continuously turned on or
off and work well. Because the feature will be controlled by the
feature flag in ot-br-posix.
The commit separates the spinel handling from other rcp specific
handling in `RadioSpinel` by putting the spinel handling into a new
class `SpinelDriver`. The purpose is to make the spinel handling
reusable in further change (for new architecture).
`SpinelDriver` has the following functions:
1. Co-processor initialization
2. Send a spinel command to the co-processor without waiting
3. Drive the processing of received spinel frames. But it will not do
the actual handling.
In this commit, `SpinelDriver` is added as a member of `RadioSpinel`
and `RadioSpinel` uses `SpinelDriver` to implement some of the
existing functions.
With `SpinelDriver`, it is possible to implement a new
RadioSpinel-like module that provides non-blocking APIs (No
`WaitResponse` is used). Note that there is a private, simpler
version of `WaitResponse` in `SpinelDriver` which is only used during
Co-processor initialization. The initialization process of spinel is
still blocking.
Based on discussion in #9901 , this clarifies in the documentation
that the CLI `dataset` commands can only be used in specific
situations (like testing), and that these commands allow setting
invalid (combinations of) parameters also. It points to the
Commissioner as the correct way of doing dataset updates in
production.
It also adds "Overview" sections that were missing in two README
files.
Updates `MleRouter::SetRouterEligible()` to restart the role transition
timer if the device is a child and the router eligibility is changed
to `true`.
This commit makes the following improvements to Delay Timer TLV
handling in Pending Operational Datasets:
- Enforces maximum delay adhering to the Thread spec's maximum Delay
Timer value (72 hours), clamping larger values.
- Defines min, max, and default delay timer constants in
`DelayTimerTlv`.
- Adds `CalculateRemainingDelay()` helper method to calculate
remaining delay.
- Removes code handling delay values exceeding the OpenThread `Timer`
limitation (now redundant due to the stricter 72-hour maximum).
This commit contains the following:
- Use `FindTlvValueOffset()` to find `Tlv::kGet` in message.
- Define and use `TlvList` to get list of requested TLV type.
- `TlvList` is an array of TLV types, not allowing duplicate values to
be added to the list.
- Simplify `SendGetResponse()` to handle including all or a subset of
TLVs in response.
This commit replaces `defined(__ANDROID__) &&
!OPENTHREAD_CONFIG_ANDROID_NDK_ENABLE` macro checks with
`OPENTHREAD_POSIX_CONFIG_ANDROID_ENABLE`. This is to make the build
options more configurable. E.g. there are cases where `__ANDROID__` is
defined but the platform is not fully Android-compatible so we don't
want to enable the Android platform implementation.
This commit aims to add more flags to the 'ShouldUsePlatformUdp'
function, to let sockets that have ports belonging to the stack send
their packets without using the UDP platform abstraction layer.
Without this change, when Platform UDP is enabled, packets originating
from the DHCPv6 Server/Client will take an undesired route from
socket -> platform UDP -> external IPv6 stack -> Thread IP stack ->
packet over the air.
Co-authored-by: Cristian Bulacu <cristian.bulacu@nxp.com>
This commit simplifies `DatasetManager::SendSetRequest()` by using
`Tv::Find<TlvType>()` helper method to search within the given
sequence of TLVs for `CommissionerSessionIdTlv`.
This commit introduces a `Component` enum to represent dataset
components, and defines templated methods (`IsPresent<>`, `Get<>`,
`Set<>`, etc) for streamlined access. This reduces boilerplate code
for individual component management.
This commit introduces native mDNS support within the OpenThread
stack, implementing RFC 6762 compliant registration of hosts,
services, and keys. It supports the following functionalities:
- Sending probes to claim names.
- Sending announcements on initial registration and changes.
- Sending "goodbye" announcements when unregistered or upon record
removal.
- Negative responses (NSEC).
- Support for service sub-types and their addition/removal.
- Support for `_services._dns-sd._udp` queries (all service types).
- Responding to queries (including "QU" questions).
- Delay mechanism when responding to multi-question query messages,
ensuring unique answers.
- Providing extra records in the Additional Data section if not
already in the Answer section (e.g., on a PTR query, include SRV
and host AAAA addresses).
- Implementing Known-Answer Suppression.
- Supporting multi-packet queries with known answers in follow-up
messages.
- Rate-limiting record multicasts (once per second).
- Rate-limiting probe responses (once per 250ms).
- Detecting conflicts after probes.
- Limiting the size of emitted responses or probes, breaking into
multiple messages if necessary.
- Detecting self originating messages (sent by mDNS module).
- Support for service browser.
- Support for service resolvers (SRV and TXT records) and IPv4/IPv6
address resolvers for hostnames.
- Introduces smart cache management:
- Passively caches service records for active browsers.
- Passively caches address records for active service resolvers.
- Enables multiple simultaneous browsers/resolvers for the same
service/host.
This commit introduces public `otMdns` OpenThread APIs and related CLI
commands for the mDNS module.
For platform abstraction, `otPlatMdns` APIs are defined in
`mdns_socket.h` (e.g., to send or receive mDNS messages):
- An implementation of the platform APIs is provided for posix.
- Also under the simulation platform, a simplified implementation of the
`otPlatMdns` APIs is provided (intended for testing).
This commit also adds a detailed `test_mdns` unit test, validating
various functionalities and covering potential edge cases.
This commit adds `Utils::VerhoeffChecksum` class along with public OT
APIs and related CLI commands for Verhoeff checksum calculation and
validation. Unit test `test_checksum` is updated to test the new
module.
Provided two methods for OpenThread multipan :
1. Get the index by an openthread instance reference.
2. Get the reference by an openthread instance index.
This commit refines the `NetworkData::Publisher` to differentiate
between DNS/SRP unicast entries based on whether the address
information resides in service data (part of service TLV) or server
data (part of server sub-TLV).
Additionally, if another BR adds a service data unicast entry,
`Publisher` will zero out the desired count for server data unicast
entries, effectively removing any previously published server data
unicast entries.
The `test_netdata_publisher` has been updated to validate all the
newly added behaviors.
This commit adds `LogWarnOnError()` to emit warning-level logs on
errors. The emitted log includes the error code. This replaces custom
`LogError()` across modules, simplifying the code.
This commit adds new test cases for a topology with two BRs when the
primary BR is abruptly powered off. It validates that the second BR
takes over and all nodes successfully re-register their SRP services
with the new BR using new OMR addresses.
The first test (`501`) covers the case where neither BR is acting as
mesh leader. The second test (`502`) covers the case where the
powered-off BR is also acting a mesh leader.
Filtering out traffic to/from RLOC/ALOC was added by #423 for #419.
The intention was to filter out Thread's control traffic.
Now we already added filtering out traffic by checking whether it
is destined to a service hosted in OpenThread stack, so filtering
out by RLOC/ALOC is not necessary anymore.
This commit removes this filter, as a result, the core lib gets
rid of the `PLATFORM_NETIF` flag.
This commit simplifies `MleRouter::CheckReachablity()`:
- Remove and inline `Mle::CheckReachability()` which is used
when `IsChild()`.
- Uses local `isReachable` boolean variable.
Unicast SRP dataset uses a ephemeral UDP port which could be taken by
another process. Currently SRP server creates the socket at the port
after the server is added into netdata. However, at that moment the
port may not be available on the platform so it may fail to create the
socket and start the server.
This commit adds the logic to restart the enabling process with
another port candidate if SRP server fails to create the socket.
This commit ensures `MeshForwarder::CheckReachablity()` rejects frames
where `Ip6::Header::DecompressFrom(FrameData)` returns a parse error.
This prevents the processing of potentially malformed messages.
This commit simplifies `MutableNetworkData::RemoveTemporaryData()`:
- The `RemoveTemporaryDataIn()` methods return a `bool` indicating
whether the whole TLV can be removed.
- The code is refactored to combine the call to `RemoveTlv()` for
all TLV types.
This commit updates the CLI `netdata show` command to allow an
optional RLOC16 as input. Providing an RLOC16 filters the output to
display prefix, route, and service entries associated specifically
with the specified RLOC16. This is helpful for checking entries added
by a specific border router.
`test-011-network-data-timeout.py` is updated to validate the new CLI
functionality.
This commit contains small changes to logs in `HandleTimeTick()`
method in `MleRouter` to include the RLOC16 of child entries when
updating the child table.
This commit introduces new API for setting vendor-specific extra
options to append to emitted Router Advertisement messages. Support
for this is also added in CLI under `br raoptions` command.
Implement basic unit tests for tcat to validate BLE secure part.
Additionally align handling of BLE connection states and connection
callbacks.
Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
This commit updates how `RoutingManager` differentiates between
self-generated RA messages and those from other sources sending RA on
the same device. This enables learning of the RA header, specifically
the default route lifetime.
This commit introduces a new mechanism to calculate and store a SHA256
hash of recently emitted RAs. Received RAs are cross-referenced
against the stored hashes to determine their origin. This replaces
the prior method, which relied on parsing and analyzing the included
options in the received RA.
A new test case is added in `test_routing_manager` to validate the
learning of RA header from other sources on same device.
This commit enables channel manager on SSED, together with channel monitor,
auto-selecting a better CSL channel for the link between child and its parent.
It also fixes tracking of CcaSuccessRate on CslChannel and adds toranj tests
for auto-channel selection and thread_cert test for autocsl-channel selection.
This commit introduces `NetworkData::FindRlocs()` which returns the
list of RLCO16 of all border routers and servers in the Network Data
matching specified filter conditions. The `BorderRouterFilter` can be
used to filter the entry type. It can be set to `kAnyBrOrServer` to
include all BRs and servers, or `kBrProvidingExternalIpConn` to
restrict the list to BRs providing external IP connectivity. The new
`FindRlocs()` replaces `FindBorderRouters()` and `GetNextServer()`
methods and helps simplify the code. Unit test `test_network_data`
is updated to validate the new method.
Update constants and build switch options to reflect the new version
number "1.4" (previously "1.3.1").
Keeping the legacy "1.3.1" and OT_THREAD_VERSION_1_3_1 types for
backward compatibility with projects that might be using those version
names.
Note that this commit does not change the default config value of
`OPENTHREAD_CONFIG_THREAD_VERSION` which is the default version to use
if it is not explicitly specified by build switches or in a project
config file.
This commit updates the documentation for two configs
`OPENTHREAD_CONFIG_DEFAULT_SED_BUFFER_SIZE` and `SED_DATAGRAM_COUNT`
clarifying their intended use.
This commit moves the log functions in RadioSpinel to a new Logger
class (only for spinel module) so that:
1. reduce RadioSpinel's code size for better readability
2. make the log functions reusable by the new Spinel class to add in
the future.
This commit contains smaller enhancements in the code related to
aging/updating router entries:
- Consolidate nested `if` blocks for readability.
- Add router's RLOC16 to logs for improved router tracking.
- Refactor duplicate code in `SEND_LINK_REQUEST_ON_ADV_TIMEOUT`.
Previously, when a child was promoted to a router role, the
leader upon sending "Address Solicit Response" would clear cache entries
associated with the child's old RLOC16. This commit modifies the code
to retain these cache entries when the sender is a direct child
of the leader. By retaining the cache entries, they can be associated
with the promoted router's new RLOC16 when the Link Advertisement is
received.
This commit moves the `Process{Get/Set/Enable/Disable}` methods to the
Output class and rename the `Output` class to `Utils`. The purpose is
to reduce code size in the Interpreter class to make the class focus
more on the command handling and easier for further refactoring.
The commit also removes the alias typedef of `Arg` in each cli module
because they are unnecessary. Having one definition in the parent
class is enough.
- remove typo that passed a uint64_t pointer to a function which need
a sufficiently large buffer
- fix bug that coap copying uri path option or any other long option
failed
This commit introduces `using` declarations in the `RoutingManager`
class for types defined within the `Ip6::Nd` namespace. This allows
for shorter, more readable type names to be used.
Updates validation logic after published route entry replacement to
prevent occasional failures due to a race condition. This increases
test stability.
When detaching, a child transmits a Child Update Request message with
Timeout TLV set to 0. The child waits for 1 second after sending the
Child Update Request message before stopping Thread
operation. However, during this time, the MLE retransmission timer may
fire and retransmit the Child Update Request message, which can cause
it to send a new Child Update Request message with a non-zero Timeout
TLV.
This commit update the behavior to avoid retransmitting the Child
Update Request message when detaching.
This commit adds a argument `-L`/`--local-host` to simulation platform
to specify the source IP address for packets simulating 15.4
frames. This allows the simulation packets being transmitted over
different network interfaces, so that the simulation can run on
different hosts.
This can be used to enable multiple emulation devices(e.g. Android
Virtual Device) communicating to each other over emulated Thread
radio.
The argument accepts either an IPv4 address or a network interface
name. In the latter case, the first found IPv4 address on that
interface will be used will be used.
This commit enhances flexibility in Router Advertisement (RA) message
construction by employing `Heap::Array`. This eliminates the need for
a pre-allocated buffer and removes the constraint of predetermining
the maximum RA message size.
Additionally, introduces `TxMessage` and `RxMessage` nested classes
within `Ip6::Nd::RouterAdvert` for efficient handling of outgoing and
incoming RA messages:
- `TxMessage`: Facilitates appending elements to an RA message with
dynamic buffer allocation.
- `RxMessage`: Enables parsing and iterating over options within a
received RA message.
This commit updates logging in posix platform modules so that the
emitted logs will include the platform log module name. This uses
the `otLogPlatArgs()`.
Previously the OT CLI won't be reiniitalized when it finds there's
already a listening socket. It's actually necessary to do the
initialize, considering this scenario:
1. Run `otSysDeinit()` and `otSysInit()` to reset the OT application.
1. Note that the OT instance is replaced by a new one in `otSysInit()`. We need to
call `otCliInit()` in `Daemon` to initialize the CLI with the new
instance. However, this step has been skipped in `Daemon` because the
listening socket is not cleared.
- Validates that key guard time is updated to 93% of key rotation
time when it changes.
- Checks for proper key sequence updates after key rotation
expiration.
- Confirms key guard mechanism blocks key sequence increments
while mesh nodes staying connected.
This commit updates `Srp::Server` to add snooped cache entries in
address resolver cache table for all registered host addresses
received in an SRP update message.
Entries are added when an SRP update message is received directly from
a mesh device. The RLOC16 is looked up using `AddressResolver::Lookup()`
for the SRP Update message's sender IPv6 address (SRP client's address).
This leverages snoop entry created during UDP message processing
associating sender's IPv6 address with its RLOC16.
This commit adds a new test-case validating the new behavior.
This commit makes changes/fixes to `KeyManager` regarding key switch
guard time.
Key Rotation Time updates:
- When the Key Rotation Time changes (due to security policy updates),
the key switch guard time (`mKeySwitchGuardTime`) is also adjusted.
It's set to 93% of the Rotation Time (rounded down).
- Immediately checks if the new rotation time indicates a rotation is
due and keys are rotated.
New variable `mKeySwitchGuardTimer`:
- This is reset to the current guard time whenever the key sequence is
updated.
- It decrements hourly until reaching zero.
- Key switch guard comparison is made with this value, aligning the
implementation with the Thread specification.
`SetCurrentKeySequence()` modification:
- Now accepts a new input parameter that determines whether to apply
or ignore the key switch guard when updating the key sequence.
- During a key rotation check (when the rotation time has passed), the
key switch guard is ignored and we always move to the next key
sequence number.
Other changes:
- Variables handling guard and rotation time now use `uint16_t`
instead of `uint32_t` to align with security policy definitions.
- API and CLI command documentation for setting the "key switch guard
time" emphasize that they are intended for testing purposes.
This commit implements a subset of `otPlatInfraIf` platform APIs in
simulation platforms using the `utilsSocket` to emulate communication
between BRs. This can be used for testing.
This commit also adds one (simple) example test case with two BRs
attached to two different network on same infra-if.
This is to initialize CLI for daemon instance.
With this API, user can redirect the Vendor server CLI output when
needed, and then reset back using this API when the CLI output should
be restored.
This commit modifies the `RoutingManager` to not send any Router
Advertisements (RAs) until the initial policy evaluation has
completed.
This change leverages the `IsInitialPolicyEvaluationDone()` method
which ensures that both OMR and on-link prefixes have been
determined. Specifically, this guarantees that we wait for the
initial set of Router Solicitation (RS) messages to be sent and that
we discover all other routers on the AIL before sending the first RA.
This is because on-link prefix evaluation itself is dependent on the
`mRsSender.IsInProgress()` check that waits till all RS messages are
sent and RAs from other routers are received and processed.
Without this change, the BR could receive its own RS message,
triggering it to send an RA prematurely, potentially with incorrect
M and O flags.
This commit adds a new mechanism in `BorderAgent` to allow the use of
ephemeral key. New `otBorderAgentSetEphemeralKey` API is added to
allow user to set an ephemeral key. The ephemeral key is used
instead of PSKc from Operation Dataset for a given timeout duration.
New API `otBorderAgentClearEphemeralKey` allows users to cancel the
ephemeral key before its timeout expires. While the timeout interval
is in effect, the ephemeral key can be used only once by an external
commissioner to connect. Once the commissioner disconnects, the
ephemeral key is cleared, and Border Agent reverts to using PSKc.
This commit adds a callback mechanism to signal changes related to the
Border Agent's (BA) use of an ephemeral key. It is invoked when the
BA starts/stops using the key, or when parameters (e.g., port number)
change.
This commit also adds CLI command under `ba ephemeralkey` for the new
APIs along with test script validating the new APIs.
This change makes it possible to build the `posix/platform/infra_if`
module on macOS (and other non-Linux systems). It adds guard checks
`#ifdef __linux__` around the use of `mNetLinkSocket`(used for
network interface state change detection). This allows compilation to
proceed on macOS, though equivalent functionality for detecting netif
change is not yet implemented.
This commit also adds a new `toranj-macos` workflow job to validate
that the code builds successfully with the `posix` platform.
This commit ensures that segfault won't happen if
`nullptr` is passed to `StringLength()`.
Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
This commit introduces a new module, `simul_utils.h`, under
`simulation` platform. This module provides common utility functions,
primarily related to socket operations (for emulation of radio or
TREL interface). The new functions are used by `radio.c` and
`trel.c`, consolidating code and preventing repetition.
This commit changes how the link information is tracked for a received
message over Thread radio.
It removes the `const void *mLinkInfo` field in `otMessageInfo`.
Instead a new public API `otMessageGetThreadLinkInfo()` is added to
retrieve the `otThreadLinkInfo` from an `otMessage`.
All the `ThreadLinkInfo` properties are now directly tracked in
`Message` as part its `Metadata`. The `Message::Clone()` method is
updated to properly copy the link info from the original message to
its clones.
This change helps simplify the code, avoid passing `ThreadLinkInfo`
references. More importantly, it prevents potential errors due to
incorrect use of a pointer to stack-allocated `ThreadLinkInfo` object.
This is especially important for modules that save/enqueue `Message`
and its `Ip6::MessageInfo` for later use, ensuring link information
remains valid.
This commit updates `LqiAverager::Add()` to explicitly use a `uint16_t`
local variable for calculating the new running average. This prevents
potential overflows.
This commit contains small changes in the CLI modules:
- Replace use of core-internal `kError` with `OT_ERROR` constants.
- Remove `#endif` comments when the corresponding `#if` is less
than 20 lines away adhering to OT style guide.
- Adhere to single `return` policy (use `ExitNow()`).
- Avoid calling `static` method `ParseToIp6Address()` with an object.
- Smaller style fixes: New lines after variable declaration, use
shorter local variable names, etc.
On Android, the platform doesn't restrict link-local/mesh-local source
addresses when forwarding multicast packets. For multicast packets sent
from link-local/mesh-local address to scope larger than realm-local,
set the hoplimit to 1 so the packet can be delivered to host, and will
not be forwarded to infrastructure link.
The feature is guarded by OPENTHREAD_CONFIG_IP6_RESTRICT_FORWARDING_LARGER_SCOPE_MCAST_WITH_LOCAL_SRC,
set as 1 to enable.
This commit contains smaller enhancements in `netdiag.h`:
- Changes TLV type constants to use `#define`.
- Removed unused definitions/constants.
- Move constants used by CLI module to related CLI method.
- Update comments and fix style.
This commit contains the following:
- Adds support for the Vendor App URL TLV.
- Includes new public OT APIs and configurations to get and set the
TLV value.
- Enables use of the TLV in the CLI `networkdiagnostic` command.
- Updates `test-020-net-diag-vendor-info.py` to validate the new TLV.
This commit updates how random challenge is generated for "Child
Update Request" message sent by a parent during child restoration
(after parent reset/re-attach).
A random challenge is now generated and saved in the `Child` entry
when it is first initialized in `kRestoredState`. The
`SendChildUpdateRequest()` will use the saved challenge rather than
generating a new one.
This change prevents overwriting the saved challenge when the child is
also detached and happens to send a "Parent Request" in the window
where the parent transitions to the router/leader role and before the
parent sends the "Child Update Request". It ensures that the same
random challenge is included in both "Parent Response" and "Child
Update Response," guaranteeing proper acceptance of the
child's "Child ID request".
Co-authored-by: Abtin Keshavarzian <abtink@google.com>
Currently mbedtls debug logging can only be set for builtin
mbedtls. With an external mbedtls the log level does not get
configured. This commit removes the builtin requirement.
This commit implements address deprecation mechanism in `Slaac` class.
When a prefix is removed from Network Data, its corresponding SLAAC
address is not removed immediately. Instead, it is marked as
deprecated and its "preferred" flag is set to false. After a
deprecation interval (300 seconds), the deprecated address is
removed. If the prefix is re-added to Network Data before the
deprecation time elapses, the SLAAC address is also reinstated.
Since the number of SLAAC address entries is limited, non-deprecated
addresses are prioritized. This means that if a new entry is required
for a new prefix, the earliest deprecating entry can be evicted to
accommodate the new entry.
The `Slaac` module keeps track of the associated Domain IDs for
deprecating SLAAC prefixes, even if the related Prefix TLV has
already been removed from the Network Data. This information is used
during external route lookup in `NetworkData::Leader::RouteLookup()`
if a deprecating SLAAC address is used as the source address in
an outbound message, ensuring that the message is not dropped and
can be delivered.
This commit also adds a detailed test `test-027-slaac-address.py`
validating various behaviors of SLAAC module.
This commit moves the `mBackboneRouterLocal` before `mMleRouter` in
`Instance` class to ensure that it is initialized and its constructor
is called before. This ensures when `Mle()` constructor invokes the
`ApplyNewMeshLocalPrefix()` method on `BackboneRouter::Local`, it
is already initialized.
Currently the the data poll timer is used to maintain synchronization
with the parent. It sends a data poll once per csl timeout. However
often this is not necessary as other packets that are sent cause
synchronization to be maintained. This commit resets the data poll
timer each time a frame containing the csl ie is successfully
transmitted.
This commit adds a generic SRP Advertising Proxy implementation to
OpenThread core, which uses a set of newly defined `otPlatDnssd`
platform APIs for DNS-SD (mDNS) support on infrastructure network on
a Border Router.
`Srp::Server` provides `ServiceUpdateHandler` callback mechanism that
allows platforms to implement their own advertising proxy function.
While this is still supported, the new generic advertising proxy
implementation makes it easier to port and support the proxy function
on new platforms. The platform needs to provide the DNS-SD platform
APIs, which are designed to be simple and easy to implement.
The `AdvertisingProxy` directly interacts with `Srp::Server` and its
registered `Host` and `Service` entries, tracking whether an entry
has been successfully advertised, is currently being advertised, or
has been replaced by a new registration.
The `AdvertisingProxy` ensures that consecutive SRP updates for the
same host or service are committed on the server in the order they
are received, even if their advertisements are finished in a
different order. This is important for SRP Replication support, as
the server may receive a large number of SRP updates back-to-back for
the same host.
The `AdvertisingProxy` will also register key records for SRP host and
service instance names. This will keep the claim on the name of a
removed entry while its key lease is not expired. It is also used
when an SRP host registration has no off-mesh routable address.
This commit adds a detailed unit test `test_srp_adv_proxy` that
validates the `AdvertisingProxy` under many scenarios. The test
covers a range of cases, including delayed registration callbacks and
timeouts, new registrations replacing outstanding advertisements,
platform DNS-SD state changes and failures, host address changes
adding/removing OMR addresses.
This commit simplifies `Ip6::SelectSourceAddress()` by adding a new
boolean `newAddrIsPreferred` tracking whether the new address is
preferred over the previously chosen one as we iterate over all
addresses.
This commit updates mesh-local addresses to be marked as preferred
(reverting the change from #6532). This ensures that mesh-local
addresses are not skipped over in `Ip6::SelectSourceAddress()`.
The intention behind #6532 was to ensure that mesh-local addresses,
when added to the platform host IPv6 stack (such as lwIP or the Linux
kernel), are not preferred and therefore not selected by the host
stack as the source address of application layer traffic unless
explicitly assigned.
This PR delegates this responsibility to the platform code and updates
`posix/platform/netif` to change the preferred flag for mesh-local
addresses when adding them on the platform IPv6 stack.
To make this easier, the `otIp6AddressInfo` is updated to
include `mMeshLocal` to indicate whether or not the address is
mesh-local. `otNetifAddress` already provides such a variable.
This commit moves the check for rule 1 on preferring same address as
the destination before the `(bestAddr == nullptr)` check. This
ensures that rule 1 will be correctly applied even when the address
happens to be first one in the `GetUnicastAddresses()` list.
There's no clear use case for looping back packets to host.
And it would probably result in host processing duplicate
messages. This commit disables looping packets back to host.
This commit always delivers multicast traffic to host.
Without this change, host will not be able to receive link-local and
mesh-local multicast traffic, even the host subscribes to some multicast
addresses in these scopes.
Note that this does not change the host forwarding rules, as link-local and
mesh-local traffic are not supposed to be forwarded to adjacent links.
This commit fixes `DiscoveredPrefixTable::Entry::IsDeprecated()` to
properly handle larger preferred lifetime values. It uses the method
`CalculateExpireDelay()` to handle time delay calculation, avoiding
overflow. The `test_routing_manager` test has also been updated to
check for larger preferred/valid lifetime values.
This commit introduces the `ClearAllBytes<ObjectType>()` template
function to zero out all bytes within an object. This replaces
`memset(0)` calls in OT core modules, simplifying code and improving
safety by automatically using the correct object size.
This commit updates how the `NetworkData::Publisher` handles "DNS/SRP
Service Unicast Address" entries. Specifically, when a "DNS/SRP
Service Anycast" entry is added by another BR, the publisher will set
the desired count of unicast entries to zero. This effectively
removes any previously added unicast entry. This new behavior is
only applied when the address and port are included in the Server TLV
data in a "DNS/SRP Service Unicast Address" entry.
The `test_netdata_publisher` has been updated to verify this new
behavior.
urrently the `RadioSpinel::RestoreProperties` only restores some
properties defined in `spinel.h`. But if
`OPENTHREAD_SPINEL_CONFIG_VENDOR_HOOK_ENABLE` is selected, users may
set some properties of RCP via vendor command. So the radio spinel
should allow users to register a callback to restore the vendor
properties of RCP.
While trying to read the Pskc or networkkey, we check if the keyref is
valid. We instead need to check if the key is present. There is a
possibility that the persistent data was erased before trying to read
the key, which might result in asserts.
In #9554, a new radio capability is introduced: `RX_ON_WHEN_IDLE`. On
the RCP scenario, if recoverd, there will be an error:
```
OPENTHREAD:[W] P-RadioSpinel-: Error processing result: NotImplemented
OPENTHREAD:[W] P-RadioSpinel-: Error waiting response: NotImplemented
```
When set the rx on when idle on Host to RCP, no `Set property handler`
will be found due to the target handler was surround by the macro
`OPENTHREAD_MTD || OPENTHREAD_FTD`. This `rx on when idle` capability
should not only be used for MTD and FTD, but also used for RADIO on a
NCP. This PR fixes it.
There are two changes:
1. Address the issue of handling tx timeout in case of multipan
enabled. When RCP recovery initiates due to a timeout, the SPINEL
attempts to transition to the Rx state and switch channels to
initialize the RCP. However, these actions should be ignored when
operating as Multiprotocol RCP, as another host/protocol might be
scanning, and encountering the Rx state or channel switch could
result in an error. Considering such scenarios, ignore the error
rather than assert it for multipan.
2. Make the CMake option OT_MULTIPAN_RCP depend on the compile time
value OPENTHREAD_CONFIG_MULTIPAN_RCP_ENABLE, rather than being
initialized to OFF.
This commit contains the following
- It fixes `SecureTransport` to ensure we do the max connection
attempt check when transitioning from `kStateCloseNotify`.
- It adds new public `otCoapSecure` APIs to start the agent with a
given max connection attempts, and to check the agent's state,
whether it is connected, connecting or closed.
- It adds CLI commands under `coaps` for the new APIs.
- It adds `test-026-coaps-conn-limit.py` to validate the max
connection attempt limit of CoAP secure agent.
The IPv4-mapped IPv6 address is useful in certain platform/public
APIs where we need to support both IPv6 or IPv4 address. We can
use IPv4-mapped IPv6 address to represent an IPv4 address. This
commit adds simple helper functions to validate, create and
parse such addresses.
This commit introduces a new feature in `SecureTransport` and
`CoapSecure` that allows us to specify the maximum number of allowed
connection attempts before the socket is automatically closed and the
CoAP agent is stopped. This can be used to enhance security by
preventing attacks and excessive retries. This commit also adds a
callback mechanism to notify when the limit is reached and the CoAP
agent is stopped.
For the Spinel layer, when the state is transmitting, if the received
Spinel frame fails parsing, the current implementation passes the
`OT_ERROR_PARSE` error code to the sub_mac layer via the tx done
handler. This causes an assert because the error code `OT_ERROR_PARSE`
is not a valid one for `SubMac::HandleTransmitDone`. Additionally, I
believe that when the received Spinel frame fails parsing, we should
not trigger a transmit done to the sub_mac layer, as the `TxFrame` and
the `AckFrame` may not be valid for further processing.
In this corner case, I suggest considering ignoring the parsing-failed
received packets, waiting for the tx timeout, and then raising a tx
timeout failure to recover the RCP. This might be a reasonable
approach.
Add `ResetCsl` and `otPlatRadioResetCsl`
This allows handling stack reset as separate call instead of
using `kShortAddrInvalid` as `otShortAddress` and
`nullptr` as `otExtAddress` which can be difficult to handle
on vendor's side.
Default implementation still calls
`otPlatRadioEnableCsl(aInstance,0, Mac::kShortAddrInvalid, nullptr)`
So no action is needed if vendor has already implemented handling
this case.
Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
Android traditioanlly use /dev/socket/ directory for unix sockets of
system services. This commit changes ot-daemon to use
"/dev/socket/ot-daemon".
In additional, this disables the .lock file which is not needed
for Android and can't be created along with the socket file
Resolves comments in aosp/2891476
Adds support for responding to `MleCounterTlv` in `AppendDiagTlv()`
Processing the TLV is a received response is already implemented
and supported. Updates `test-020-net-diag` to check query of MLE
counters TLV.
Currently, when netlink informs that the network interface is up, an
IPv4 route is added if a valid one is specified. However, elsewhere we
only add/update the route when NAT64 is actually enabled. Since IPv4
route is not useful when NAT64 is not enabled, apply the same logic when
the network interface is started.
This avoids warnings when NAT64 is compiled in but disabled:
incoming message is an IPv4 datagram but no NAT64 prefix configured, drop
Config `OPENTHREAD_CONFIG_SRP_CLIENT_AUTO_START_DEFAULT_MODE` is
changed to use `1` by default (unless explicitly overridden in
project configs).
It also updates related test scripts to utilize auto-start mode or
explicitly disable it for manual SRP client control, reflecting this
default change.
Create OT API to support trel telemetry which is supported through
platform API and also add cli support to get/reset trel counters.
Metrics we are adding are:
- trel_frames_tx
- trel_bytes_tx
- trel_frames_rx
- trel_bytes_rx
- trel_frames_tx_failed
- num_trel_peers
Metrics already supported through API:
- trel_enabled
This commit introduces a new method, `Name::CompareMultipleLabels()`,
to efficiently parse and compare multiple DNS name labels directly
from a message. This is then used to optimize `Name::Matches()`
eliminating the need to read the entire name into a separate buffer.
This commit also updates `Name::Matches()` method to treat the
first label as a single label allowing it to include dot character
(which is useful for service instance label).
Additionally, `test_dns` unit test is updated to validate the
functionality of the new methods.
This commit updates `ExtractLabels()` documentation to clarify that
name and suffix name can include or exclude the trailing dot but both
inputs must follow the same style. It also updates `test_dns` unit
test to validate this behavior.
This commit adds `Name::Matches()` method which compares a `Name`
instance (which can be from a C string or encoded in a `Message`)
with a given set of labels and domain name strings. This method
allows the caller to specify name components separately, enabling
scenarios like comparing "service instance name" with separate
instance label, service type, and domain strings. Unit test
`test_dns` is also updated to validate the behavior of the newly
added method.
This commit adds net role 'DISABLED' into `spinel_net_role_t` to
differentiate between 'DISABLED' and 'DETACHED' status of NCP.
Since this is only used for NCP and not related with RCP, the
`RCP_API_VERSION` is not updated.
This commit introduces template variants for `ReadName()` and other
related methods, allowing flexible reading of DNS names and labels
from messages into a given array buffer. This simplifies the code and
improves readability.
Additionally, this commit defines new types, `Dns::Name::Buffer` and
`Dns::Name::LabelBuffer`, as arrays of char with fixed sizes to hold
DNS names and labels, respectively.
OpenThread forks typically inherit all commits in the repo, including
the `dependabot` changes, so it's not needed to generate the same PRs
in the forks as well.
`OPENTHREAD_ENABLE_SPINEL_VENDOR_HOOK` was not consistent with the
intended `OPENTHREAD_SPINEL_CONFIG_ENABLE_VENDOR_HOOK`.
Rename `OPENTHREAD_SPINEL_CONFIG_ENABLE_VENDOR_HOOK` to
`OPENTHREAD_SPINEL_CONFIG_VENDOR_HOOK_ENABLE` for consistency with
other configs.
When compiling `mRadioUrl=aUrl` in `Radio::Init()`, some compilers may
implicitly convert `aUrl` to a temporary `RadioUrl` object and then
copy the temporary `RadioUrl` to `mRadioUrl` via a default copy
constructor. The pointer members of `mRadioUrl` point to the content
of the temporary `RadioUrl`, and it eventually causes the program to
access the memory that has been released, which causes the program to
crash.
This commit disables the compiler from implicitly converting `aUrl` to
a `RadioUrl` object and deletes the default copy and move
constructors.
OpenThread defines a structure to supply runtime configuration files
on a POSIX platform. These runtime configuration files contain factory
and product configuration information. They can include information
such as radio target power, region, and calibration settings.
By default, OpenThread uses an example file located at
`src/posix/platform/openthread.conf.example`. However, the file
location can be modified by supplying a pre-processor definition.
This approach has a few flaws:
- The pre-processor definitions are not accessible outside of the
OpenThread project structure.
- In order to change the values in project, a new header file must
be provided, the existing one modified, or the value forcibly set
in the OpenThread cmake file.
This change introduces OT_POSIX_FACTORY_CONFIG and OT_POSIX_PRODUCT_CONFIG
to the project cmake structure. These values allow projects that are
using OpenThread as a sub-project to pass in these runtime config paths
at compile time. This offers project maintainers flexibility in how
their project is configured.
This commit adds `OmrPrefixManager::ShouldAdvertiseLocalAsRio()` which
determines whether the local OMR prefix should be advertised as RIO
in emitted RAs. To advertise, we must have decided to publish it, and
it must already be added and present in the Network Data. This
ensures that we only advertise the local OMR prefix in emitted RAs
when, as a Border Router, we can accept and route messages using an
OMR-based address destination, which requires the prefix to be
present in Network Data. Similarly, we stop advertising (and start
deprecating) the OMR prefix in RAs as soon as we decide to remove it.
After requesting its removal from Network Data, it may still be
present in Network Data for a short interval due to delays in
registering changes with the leader.
This commit adds `RioAdvertiser` component to `RoutingManager`, which
manages the list of prefixes advertised as RIO in emitted RA messages
by BR. The RIO prefixes are discovered from on-mesh prefixes in
Thread Network Data, including OMR prefixes from `OmrPrefixManager`
and other prefixes. Existing code for maintaining the list, appending
RIOs, and determining/setting the RIO preference is moved to the
`RioAdvertiser` class.
The `RioAdvertiser` adds a new mechanism to deprecate prefixes removed
from Network Data such that any removed prefix is still advertised as
RIO in emitted RA messages up to a deprecation interval of 300
seconds (using a shorter route lifetime in RIO). This mechanism
ensures that when an OMR prefix is withdrawn, traffic can still be
routed during deprecation time from AIL to Thread devices using the
old OMR address.
This commit also updates `test_routing_manager` to validate the new
behavior.
This commit adds cli `debug` command. This command is specifically
designed for testing and debugging purposes. It executes a series of
CLI commands to gather information about the device and thread
network.
This commit adds `SetState()` in `SecureTransport` class which
also logs the state changes. New helper methods `IsState{}()` is also
added to simplify the code.
mLinkRequestAttempts is not initialized to zero causing it to get a
random value during power cycle. This causes MTD thread device to send
linkrequest after power cycle.
Create a thread network with two devices with DUT with mode rn. Reset
both devices simultaneously, enable leader and then child device
(DUT). Because class member variable mLinkRequestAttempts is not
initialized to zero during initialization, it will get random value,
and value greater than zero will lead to send a link request message
which should not be the case for a MTD device.
This commit adds `FinalizeMessageDirectTx()`, which clears the
`DirectTx` flag on a given message, updates the IPv6 counter, and
signals other modules about the transmission status(particularly for
`MleDiscoverRequest` and `MleChildIdRequest` messages so their
internal state can be updated).
This commit ensures `FinalizeMessageDirectTx()` is called in various
scenarios:
- Successful message delivery (all fragments reach destination).
- Any fragment transmission failure (frame tx failure)
- Message drop due to address query failure or malformed message.
- Message drop by queue management.
- Message eviction to prioritize higher-priority messages.
This commit also updates `DiscoverScanner` to stop an ongoing discover
scan if the "MLE Discover Request" message transmission fails with error
other than CSMA error. This is necessary because the `DiscoverScanner`
reuses the same `Message` instance for tx on different scan channels.
If the `Message` is freed (e.g., evicted), the `Message` cannot be
reused.
Finally, this commit renames `RemoveMessage()` to `EvictMessage()` to
clarify the purpose and usage of this method.
This commit simplifies `ChannelMaskTlv` generation and parsing.
Notably, it ensures that when we read this TLV from a `Message` the
TLV value format is validated. The changes include:
- `Entry` class representing a channel page entry is now defined as
a `private` nested class within `ChannelMaskTlv`.
- A shared `EntriesData::Parse()` method is added that validates and
parses the entries in the TLV, whether the TLV value resides in a
buffer (e.g., within `Dataset`) or in a `Message`.
- `ChannelMaskTlv::AppendTo()` method is added to construct entries
from a given combined channel mask (for all pages) and append the
`ChannelMaskTlv` to a given `Message`.
- `Radio::kSupportedChannelPages` is changed to an array
(containing all supported pages) instead of mask.
- Helper functions added in `Radio`, `SupportsChannelPage()` to
verify if a channel page is supported by the radio, and
`ChannelMaskForPage()` to obtain the supported channel mask for
a given page.
When we are switching to another infra netif via
`otBorderRoutingInit()`, we may want to read the state of the new
infra netif via `otSysInfraIfIsRunning()`.
Allow out-of-tree compilation of vendor specific changes to the host
side of spinel. By setting `OT_SPINEL_VENDOR_HOOK_SOURCE_DIR`,
`OT_SPINEL_VENDOR_HOOK_SOURCE` and `OT_SPINEL_VENDOR_HOOK_HEADER`, the
corresponding compile flags
`OPENTHREAD_SPINEL_CONFIG_ENABLE_VENDOR_HOOK` and
`OPENTHREAD_SPINEL_CONFIG_VENDOR_HOOK_HEADER` get set which force the
use of the `VendorRadioSpinel` class instead of the regular
`RadioSpinel` in `src/Posix/platform/radio`.
This commit enhances the SRP client to track registered addresses when
auto host address mode is enabled. A new field `mSrpRegistered` is
added to `Ip6::Netif::UnicastAddress` to track whether the address is
registered by the SRP client.
This optimization ensures that the SRP client only performs
registration when there is a change to the list of addresses that
need to be registered, preventing unnecessary re-registration and
reduces communication overhead, e.g., when a deprecating
non-preferred address which is not registered by SRP client is timed
out and removed.
This commit adds different flavors of `WriteTlv()` including template
version as `Write<SimpleTlvType>()`. These methods write or update a
TLV in `Dataset`. The new methods replace the previous `SetTlv()`
methods. This new approach introduces type safety checks during
compilation, guaranteeing the use of the correct value type for each
TLV. For instance, `Write<PanIdTlv>()` only accepts `uint16_t` value,
while `Write<NetworkKeyTlv>()` only accepts `NetworkKey` value. This
commit also renames the previous `GetTlv()` to `FindTlv()`.
Clang Compilers warns about ignoring return values.
This commit does not change the existing behavior.
Ignoring errors in `processNat64StateChange` should be safe, and we
may work under downgraded experience.
Ignoring errors in `nat64Init` should be safe like the outter if.
This commit updates the `test-603-channel-announce-recovery` test to
verify router node channel recovery (following channel change) in
addition to child recovery.
This commit adds a check when returning Link Metrics data collected by
the Link Metrics manager so that only subjects in 'active' or 'renew'
state will return the data. This is to avoid showing N/A results for
neighbors that don't support being a Link Metrics Subject. Based on
current implementation, a 'Subject' object is created when the device
is trying to register a Link Metrics probing at its neighbor. If the
neighbor device doesn't support being a Subject, the device won't get
a LinkMetricsManagement response. During this period (before timeout),
the 'Subject' object is in 'kConfiguring' state. So it's unnecessary
to return any value for Subject in such states.
This commit introduces two new methods, `ContainsTlv()` and its
template variant `Contains<TlvType>()`, in the `Dataset` class. These
methods enable checking whether a specified TLV type exists among the
Dataset's TLVs.
This commit updates the `AutoAddress` mode in `Srp::Client` to
exclude any deprecated (non-preferred) address when registering
host addresses.
It also updates `test_srp_auto_host_address` to validate the new
behavior.
This commit introduces template methods `ReadValueAs<>()` and
`WriteValueAs<>()` in `Tlv` class for handling simple TLV types
(single value and uint value). These methods are employed to simplify
the handling of `MeshCoP::Tlv` in `Dataset`. Specifically, the
following TLVs are simplified:
- `PanIdTlv`
- `ExtendedPanIdTlv`
- `PskcTlv`
- `NetworkKeyTlv`
- `MeshLocalPrefixTlv`
- `ActiveTimestampTlv`
- `PendingTimestampTlv`
- `DelayTimerTlv`
- `NetworkKeySequenceTlv`
- `JoinerUdpPortTlv`
These enhance the code by reducing repeated boilerplate code for the
these simple TLVs.
This commit contains smaller change in `bbr_local` module:
- `LogDomainPrefix()` and `LogService()` methods are updated to use
newly added `Action` enumeration.
- `HandleDomainPrefixUpdate()` is simplfied to pass the event
directly to `mDomainPrefixCallback`.
- `SetState()` is updated so we we first remove ALOC/multicast
addresses based on the previous state before adding/updating any
addresses based on the new state.
- Some methods/variables are renamed (e.g., use shorter name).
This commit refactors the code to unify the concept of 'Infrastructure
network interface' (which is for border routing) and 'backbone network
interface' (which is for backbone router). From now on they will both
be referred as 'infrastructure network interface'. In general border
routing and backbone router should be using the same infrastructure
network interface so I made this change.
This commit removes the `posix/platform/backbone.cpp` source file and
put its functionality in `posix/platform/infra_if.cpp`. Previously
`backbone.cpp` maintained its own variables `gBackboneNetifName` and
`gBackboneNetifIndex` which are redundant compared to the ones
maintained at `infra_if.cpp`. I removed these variables and changed
the references to use `otSysGetInfraNetifName` and
`otSysGetInfraNetifIndex` accordingly.
This commit adds `otBorderRoutingDhcp6PdGetState()` function
declaration in `border_routing.h` which was already implemented in
`border_routing_api.cpp` file.
This feature allows the RCP to support multiple host stacks on different PANs
by making use of the spinel Interface ID.
Created unit tests for testing multipan feature with multiple ot-instance
support.
Based on Si-Labs PR #8914 by @parag-silabs, but a little different approach.
Instead of handling everything by a single sub-mac instance, multiple
OpenThread instances are created on RCP side that map to different IID.
Thanks to this there are separate data kept for each interface. Platform
is able to determine interface by ot instance pointer passed as an argument
to most of the API functions.
Tx/scan queue was removed as it is possible to request transmission in
parallel, it is up to the platform to decide if it should fail or queue
second tx or it has two radios available.
NOTE:
Platform needs to provide different otRadioFrame of each instance and
the processing needs to take into account the instance being used.
Signed-off-by: Marek Porwisz <marek.porwisz@nordicsemi.no>
A compiling issue occurred (based on gcc 9.4.0) beacuse the
multiplication of different enum types. So it is a good idea to define
the `kUsPerMs` as `constexpr` constants instead of `enum`.
This commit simplifies the handling of Dataset TLVs that need to be
securely stored when the `PLATFORM_KEY_REFERENCES_ENABLE` feature is
enabled. Two new methods are added to the `Dataset` class:
- `SaveTlvInSecureStorageAndClearValue()` which saves the value of a
given TLV type in secure storage and clears the TLV value by
setting all value bytes to zero.
- `ReadTlvFromSecureStorage()` which reads the TLV value back from
secure storage and updates it in the `Dataset`.
These methods are used by `DatasetLocal` to manage the set of TLVs
that need to be securely stored defined by a constant array of
`SecurelyStoredTlv` entries. Each entry provides the TLV type
along with the associated `Crypto::Storage::KeyRef` to use for
active or pending Dataset.
When InfraIf is down and we received a RA from the host interface, we
may trigger the EvaluateRoutingPolicy unexpectly.
This might happen when infra if and uplink are separate interfaces.
This commit fixes this by adding Start and Stop to `PdPrefixManager`
to start / stop handling RA messages.
There was a check `self.assertNotEqual(br1_external_routes,
br2_external_routes)` that verifies the external route entries of BR1
and BR2 are different, based on the fact that their external route
prefixes (in /64) were different. However, today we're using generic
external routes like `fc00::/7` so the external route entries will be
the same when BR1 and BR2 have the same RLOC16.
I updated the test case to verify that the devices have expected
external route entries respectively.
Add missing `.GetValue()` for getting values from `TimerMicro`
Add testing with OT_CSL_RECEIVER_LOCAL_TIME_SYNC enabled
Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
This commit contains smaller enhancements in `MlrManager`:
- Use shorter names for variables and methods
- Avoid the use of normal `enum` name as a namespace
- Use core type `Ip6::Address` instead of `otIp6Address`
This commit updates `SelectSourceAddress()` to ensure that
non-deprecated addresses are always preferred over deprecated ones.
When iterating over addresses, the best option is tracked in
`bestAddr`. If the new address is not preferred and the currently
selected `bestAddr` is, the new address is skipped to ensure that it
is not picked.
Missing a header file included in the file `exit_code.h`, and
'otLogCritPlat' will not be declared. If using the function
`SuccessOrDie` with only inlcude the file
`src/lib/platform/exit_code.h`, it will have a compiling error
`'otLogCritPlat' was not declared in this scope`.
When running border routers, users have the option to perform RCP
firmware updates. After completing the update, users prefer not to
restart or reinitialize the master device but only want to restart and
restore the RCP device.
Restarting can be initiated by the user; for example, they can restart
the RCP device by triggering the reset pin. However, after this
restart is done, certain RCP information needs to be restored, such as
the panid and extended address.
Typically, the master device can restore the RCP by triggering
`RecoverFromRcpFailure`, but this behavior is not
user-controllable. So there's a need to implement a callable API for
RCP restoration.
If the `RestoreProperties` is made public, users can actively restore
the RCP by calling it and some other public functions.
At the moment, C API does not allow to get/set the configuration flag
which the message to be looped back to the Thread interface. It is
important within the context of sending already prepared IPv6 mutlicast
packets with `otIp6Send()`.
This commit implements a mechanism in `RoutingManager` to learn the
Managed Address Config `M` and Other Config `O` flags in received RA
message from discovered routers on the infrastructure link and copy
the same flags in the emitted RA message from BR.
If any discovered router on the infrastructure that is not itself a
stub router (i.e., does not include the Stub Router flag) includes
the `M` or `O` flags, the same flag are included in the emitted RA
message. If a discovered router has failed to respond to the maximum
number of NS probe attempts, we consider it as offline and ignore its
flags.
This commit also adds a detailed test case in `test_routing_manager`
to validate the newly added mechanism.
This commit adds `otBorderRoutingGetNextRouterEntry` as a new API to
iterate over discovered routers on the infrastructure link and get
information about them such as their address, their Managed Address
Configuration (`M`), Other Configuration (`O`), and Stub Router
flags.
The `otBorderRoutingPrefixTableEntry` is also updated to contain
the same information.
This commit also updates the CLI `br` sub-commands to provide this
information, adding `br routers` to obtain a list of discovered
routers.
This commit refactors the code to eliminate the use of `using` for
`BigEndian` or `LittleEndian` functions like `HostSwap` and `ReadUint`.
As these functions are frequently used in header files, using the
direct namespace enhances code safety by mitigating potential conflicts
arising from the order of included headers in the absence of explicit
`using` declarations. Generally, avoiding the `using` keyword in headers
is considered a recommended practice.
Additionally, this commit removes the `Encoding` namespace to shorten
the full function names.
This commit removes the use of `CHAR_BIT` in the code and instead
defines a constant `kBitsPerByte` for this in `numeric_limits.hpp`.
`CHAR_BIT` is generally defined as `8` but there are some platforms
were this may not be the case. The way we use `CHAR_BIT` is to
determine number of bits in a byte, so introducing our own constant
`kBitsPerByte` helps improve code readability and safety.
This commit also adds `BitSizeOf()` macro which is similar to `sizeof()`
but returns the number of bits of a given type or variable. Macro
`BytesForBitSize()` is also added which returns the number of bytes
needed to represent a given bit size. This replaces the
`BitVectorBytes()` macro previously defined in `encoding.hpp`.
This commit contains the following changes:
- Adds `CMake` option `OT_PLATFORM_KEY_REF`, corresponding to the
existing `OPENTHREAD_CONFIG_PLATFORM_KEY_REFERENCES_ENABLE`
config.
- Add empty implementations of `otPlatCryptoEcdsa{}` under the
simulation platform.
- Modifies `test_platform.cpp` to ensure that the key-ref related APIs
are defined only when the key reference feature is enabled.
- Updates `toranj/build.sh` script to provide the option to enable the
key reference feature.
- Updates GitHub workflow to validate build with key reference feature
under simulation platform, ensuring that future PRs are validated
with this feature enabled.
This commit introduces `OT_DNS_TXT_KEY_ITER_MAX_LENGTH` with a value
of `64` to represent the maximum TXT data key length supported by
`otDnsTxtEntryIterator`. We intentionally set this value higher than
the recommended maximum key length of `9` (as specified in RFC 6763
section 6.4) to enable the parsing of TXT data when longer keys are
employed.
This commit updates unit test modules to be defined under the `ot`
namespace. This aligns all the unit tests to follow the same
model, eliminating the need to use `ot::` prefix in unit test
code.
This commit updates `JoinerRouter::PrepareJoinerEntrustMessage()` to
improve how TLVs from Active Operational Dataset are appended to the
message. The TLV types that should be included in Joiner Entrust are
now defined in an array `kTlvTypes`, and the code iterating over this
array will find the TLV in Dataset and append it to the message.
Previously, if a required TLV type was not present in the Dataset, the
code would have appended the TLV with an uninitialized and possibly
random value, which could lead to unexpected behavior. The new code
will fail if the required TLVs are not present in the Dataset
instead, ensuring that only valid TLVs are included in the Joiner
Entrust message.
Check and ensure at least the netlink header is received in the netlink
socket to be safe before intepreting the buffer as a netlink message.
Per https://linux.die.net/man/3/netlink, should make sure
current message type is not NLMSG_DONE before calling NLMSG_NEXT
to properly handle multi-part netlink message.
After a router with children downgrades, it's former children will
still send child update requests until they timeout. This allows the
downgraded device to respond with status TLV indicating error to help
those children realize they need to reattach sooner.
Add a new `OT_RADIO_CAPS_RX_ON_WHEN_IDLE` radio capability which lets
OpenThread know what the radio idle state operation will be: receive
or sleep.
This allows to save power on sleepy devices since the active --> idle
transition is much faster, specially for the cases in which there is
some kind of serialization between OpenThread core and the radio
driver.
This commit addresses occasional failures in `test_routing_manager` in
the `TestBorderRoutingProcessPlatfromGeneratedNd` case. Unlike other
tests, this test sets the `heapAllocations` after the call `InitTest
(/* aEnableBorderRouting */ true)` (which enables `RoutingManager`).
This means that depending on the random timing, the `heapAllocations`
may already count some allocated heap items by `RoutingManager`
itself. With the change in this commit, at the end of the test, we
check that the number of remaining heap allocations is less than
`heapAllocations`.
This commit updates the duplicate detection mechanism for the frag
header tags under `MULTI_RADIO` config. The tag check is now
performed upon receiving the first fragment. For subsequent
fragments, older tags are permitted to be processed, but they will be
discarded if there is no matching entry in the reassembly list.
This change addresses an issue where lowpan fragment frames using
older tags could be erroneously discarded if they are interrupted by
higher-priority messages (e.g., an MLE message).
This commit updates `RoutingManager` to use heap allocated array
for `OnMeshPrefixArray` under `BORDER_ROUTING_USE_HEAP_ENABLE`
config.
This commit also updates the `toranj-config-posix` header to
explicitly disable `BORDER_ROUTING_USE_HEAP_ENABLE` under the POSIX
config to validate builds with this config disabled. This aligns with
the main purpose of the `toranj` posix build config, which is to
validate builds under different configs (run from the
`toranj-unittest` job in the `toranj.yml` GitHub action workflow).
In `ot::Posix::InfraNetif::GetFlags()`, the OT process would die if
the infra network interface is removed on the POSIX platform. On
Android platform, this is not the desired behavior because the system
server may tell the OT process to switch another infra network
interface. It's fine for OT process to keep running when the previous
infra network interface disappears because later system server will
call `otSysSetInfraNetif()` to specify the new infra network
interface.
This commit makes the following smaller enhancements in `Slaac`
class:
- Adds a new `ShouldUseForSlaac()` method to check if a network data
prefix should be used for SLAAC, checking flags and applying the
filter if set.
- Introduces separate `RemoveAddresses()` and `AddAddresses()` methods
to manage SLAAC addresses, replacing the previous `Update()` method.
- Adds helper methods to `RemoveAllAddresses()`, `RemoveAddress()` to
remove a specific address, and `AddAddressFor(prefix)` to generate
and add an address for a given prefix.
- Simplifies `GenerateIid()` by removing unused input parameters.
Allow platforms to reduce the periodic access to `otPlatRadioGetNow`
to calculate CSL synchronization elapsed time in the case when those
radio API calls are costly.
The current code won't return a failure error code when a MGMT_SET
request is rejected by the leader, so the client doesn't know whether
the operation succeed or not.
This commit fixes this issue by converting the REJECTED state to the
OT_ERROR_REJECTED error code which is propagated back via the
otDatasetMgmtSetCallback callback.
The lib `openthread-spinel-ncp` is used by the NCP build, it doesn't
need the file `radio_spinel.cpp`. This commit changes the CMake file
to make only the lib `openthread-spinel-rcp` include the file
`radio_spinel.cpp`.
This commit updates the `NetworkData::Leader` sub-class model,
removing `LeaderBase` (which intended to provide common functions
shared between FTD and MTD) and instead adding all methods directly
in `Leader` class with all `FTD`-specific methods having conditional
`#if` check.
This commit moves the `instance` module to a newly added folder
`core/instance` (from `core/common`. Header file `extension.hpp`
and its example is also moved to the same folder.
This commit adds a public OT API to generate hex dump output line by
line. This function is then used for both `LogDump{}()` and frame
capture output by CLI `promiscuous` command (removing repeated
similar code) and harmonize the hex dump outputs.
This commit adds a new API `otSysSetInfraNetif` to support specifying
the infrastructure network interface for the platform. This can be
useful in following cases:
- The infra link cannot be determined at the start up of
`otbr-agent`. We can call this API to specify the infra link without
specifying it in the command line arguments.
- Let Thread Border Router switch to another infra link without
restarting the whole OpenThread stack.
The "assert" and "VerifyOrDie" were checking same condition, so
the second validation was never executed if (rval != sizeof(key)).
Additionally,"aSwapFd" was not freed on assertion.
With this commit,
1. addressed the memory leak to system resources.
2. Replaced VerifyOrDie() or assert() by VerifyOrExit()
3. handle error at exit
The current code of the `mac.cpp` caches the supported channel mask to
a local variable. But the supported channel mask may be changed after
the country code is changed. This will cause the supported channel
mask used in `mac.cpp` to be inconsistent with the actual supported
channel mask.
This commit adds an API `otLinkSetRegion()` to set the region code and
then update the cached supported channel mask to avoid the channel
mask inconsistencies. The current Thread channel may be not included
in the new supported channel mask. When the Thread stack detects this
case, it detaches the current Thread network gracefully.
This commit adds `otNetDataGetCommissioningDataset()` as a public
API to retrieve the Commissioning Dataset from the Network Data.
It also updates CLI `netdata show` command to output the Commissioning
Dataset information. The documentation in `README_NETDATA.md` and
in `cli_network_data` are also updated. The test scripts that parse
`netdata show` output are also updated.
This commit updates `HandleTmf<kUriCommissionerSet>()`, which is used
to set the Commissioning Dataset. The following changes have been made:
- `Tlv::Find<TlvType>()` methods are used to find and parse TLVs in the
received request message.
- The existing code required the dataset to contain either Joiner UDP
or Steering Data TLVs. This check has been removed, making the
implementation aligned with the Thread specification. This permits a
commissioner to disallow MeshCoP Joining by not including Steering
Data.
- A new flavor of `SetCommisioningData()` is added, which reads the
TLVs directly from a given `aMessage`. This method is now used
when processing `kUriCommissionerSet` to avoid using temporary
local buffers to read and copy the TLVs.
- `SetCommisioningData()` and its related methods have been moved to
`network_data_leader_ftd` since they are limited to and used on
FTD devices acting as leader.
- A new private `UpdateCommissioningData()` method has been added.
This method first checks whether or not we can add a Commissioning
Data TLV with a given length into Network Data, before removing
the current TLV. This is used as a common method when Commissioning
Data is set from a message or from a given data buffer.
This commit updates `HandleNetworkDataRestoredAfterReset()`, which is
called after Network Data is restored on the leader after a leader
reset and recovery.
We now resign any active Commissioner by clearing the Commissioning
Data and adopt the Session ID from the restored Network Data
Commissioning Data. This ensures that any stale Commissioning Data
is not retained in Network Data for longer after a leader reset.
Some equation checks accidentally became non-zero checks due to
typo. Such tests may fail in certain build configurations when the
heap allocation is zero after initialization of the test.
This commit updates CommissionerIdTlv to be defined as `StringTlvInfo`
(a TLV with a UTF-8 string value with a specified maximum length). This
allows us to use `Tlv` helper methods to `Find` and `Append` this
TLV, simplifying the code.
This commit also adds a helper `StringCopy()` method that copies a
C string into a given target string buffer array if it fits in the array.
This method can also optionally perform an encoding check on the string,
such as a UTF-8 encoding check. This helper method is used to simplify
setting different strings, such as Commissioner ID, Provisioning URL,
Vendor Name, etc.
This commit contains changes related to parsing of Commissioning
Dataset sub-TLVs in `NetworkData::Leader`:
- Adds `FindInCommisioningData<SubTlvType>` to search for a given
`SubTlvType` in Commissioning Data.
- Adds `FindCommissioningSessionId()`, `FindBorderAgentRloc()`,
and `FindJoinerUdpPort()` to parse and get get the info
from Commissioning Dataset.
This commit simplifies the `RadioSpinel::SetMacKey()` method.
A common `private` overload of `SetMacKey()` is added that uses
`const otMacKey &` as its input key type.
When `KEY_REFERENCES_ENABLE` is not enable the `SetMacKey()` simply
passes the key from the `otMacKeyMaterial` directly. This avoids the
unnecessary copying of the key into a local variable.
When `KEY_REFERENCES_ENABLE` is enabled, the keys are read from
secure storage. A new `ReadMacKey()` helper method is added which
also validates that the read key size is correct.
This commit contains smaller changes in` MeshCoP::Leader` class:
- Changes `CommissioningData` to be a `private` type in this class
- Adds `Init()` to `CommisioningData()` to init all sub-tlvs.
In RadioSpinel::SetMacKey we try to reuse the otMacKey passed to
export the literal key from PSA to be sent over SPINEL to RCP. But as
the passed param is const, we cant really use this. Better option is
to extract it into a local buffer and use that to pass the keys to
RCP.
This commit adds new public OT logging APIs `otLogPlat()` and
`otLogPlatArgs()`, which allow the caller to specify a platform
sub-module name to be included in the emitted log. This makes it
easier to distinguish logs from the platform layer and filter the
logs.
This commit also updates the `RadioSpinel` class to use the new API,
ensuring that its logs use the "P-RadioSpinel" module name.
This commit moves the helper methods to find a specific TLV in a
sequence of TLVs from the `MeshCoP::Tlv` class to the base `Tlv`
class. This makes these helper methods accessible to all subclasses.
Also fixes a pskc -> PSKc typo; and explain better how to init
dataset. Based on existing documentation I struggled a long time to
create a Pending Dataset in the proper way, so I thought it would be
good to document this better.
This commit updates the `Dataset::SetTlv<ValueType>()` documentation
to mention its specifications for `uint` types (which use big-endian
encoding). It also adds `static_assert` checks to ensure that the
general template implementation is not used with `uint16/32/64`
types.
This commit updates the `Ip6` class to use `OwnedPtr<Message>`. This
smart pointer automates the freeing of messages and helps to simplify
the code by removing all the logic that tracks whether a message
needs to be freed. It also makes the transfer of ownership of
`Message` instances between methods more clear.
This commit adds an `IsLeader()` check to ensure that the device is
acting as the leader before processing `kUriLeaderPetition` or
`kUriLeaderKeepAlive` TMF messages. This adds a safeguard to ensure
that only the leader can update the commissioner dataset.
This commit simplifies how the `Netif` unicast and multicast addresses
that use the mesh-local prefix are updated when the mesh-local prefix
is changed.
The `Netif::UnicastAddress` class now includes a `mMeshLocal` flag,
which is set for all mesh-local addresses (RLOCs, ALOCs, and ML-EID).
When the mesh-local prefix is changed, `Mle` will inform `ThreadNetif`
to apply the new prefix. `ThreadNetif` will then update all of the
assigned unicast addresses that are marked as mesh-local, as well as
all of the subscribed mesh-local prefix-based multicast addresses
(such as link-local or realm-local All Thread Nodes addresses). The
`Netif` class first signals the removal of the previous address based
on the old prefix, and then the addition of the new address with the
new mesh-local prefix.
This change simplifies the code, in particular the modules such as
`Commissioner`, `BorderAgent` and `BackboneRouter::Local`, which need
to manage specific ALOC addresses. These modules no longer need to be
informed when the mesh-local prefix is changed to update their
address, as it will be done by the `Netif` class directly.
This commit contains the following smaller changes in `Ip6` and its
public APIs:
- Updates the `otNetifAddress.mNext` field to be a pointer to `const`.
This prevents users of OT APIs from modifying addresses as they
iterate over the list of addresses. The `otNetifMulticastAddress`
structure already uses this model.
- Adds new API `otIp6HasUnicastAddress()` to check whether or not a
unicast IPv6 address is assigned to the Thread interface. This is
used to simplify CLI and `posix/platform/netif.cpp`.
- Fixes the returned error from `otIp6AddUnicastAddress()` to be
`OT_ERROR_INVALID_ARGS` when the address is a Thread internal
address, to match the documentation.
- Fixes documentation and style in `ip6.h`.
This commit adds `Ip6::PrepareMulticastToLargerThanRealmLocal()`,
which prepares to transmit a multicast message with destination
larger than realm-local address. It checks if any sleepy child of
device is subscribed to the multicast address and clones the message
for indirect tx if needed, before adding the IP-in-IP tunnel header.
The new method helps remove repeated code in `SendRaw()` and
`SenDatagram()`.
This commit updates how `Ip6::HandleDatagram()` processes a tunneled
IP-in-IP message. Previously, if a message was marked for both
`receive` and `forwardThread`, e.g., possible for a multicast message
from host with multicast-loop flag, it would be received but not
forwarded to the Thread mesh. This commit ensures that such messages
are handled properly.
Without this change, multicast transmission still works fine due to
the MPL layer retransmitting the message, which would then be
forwarded to the Thread mesh. However, this change improves the
multicast behavior by ensuring that the original/first message is
also forwarded to the Thread mesh.
This commit changes the code so that if we need to both `receive` and
`forwardThread`, we create a copy of the message by cloning it.
Otherwise, we take ownership of the original message and use it
directly. We then remove the encapsulating header before processing
the embedded message by calling the `HandleDatagram()` recursively.
This commit updates `PingSender` and its config to include a
`mMulticastLoop` flag and allow the caller to set this flag. When
set, multicast ping echo request messages are looped back and
received by the device itself if it is subscribed to the same
address. The `ping` CLI command is also updated to allow setting this
flag.
This commit also updates `test-008-multicast-traffic.py` to add new
test cases to cover the multicast loop flag behavior (pinging with or
without this flag). In particular, it covers when the ping
destination is a realm-local multicast address and when it is a
larger-than-realm-local multicast address (where the `ot::Ip6` module
would use a tunnel header for forwarding the message).
This commit contains smaller changes in `Ip6` class:
- Rename constant `kForwardIcmpTypes` to follow naming convention
- Simplify how it it used to filter which ICMP types are forwarded
to Thread mesh.
With the recent addition of `GetOrigin()`, the origin of a message is
tracked by `Message` itself. With this change, we no longer need to
pass `aIsOutbound` to `Ip6::Mpl` methods, as it can be determined
from the origin of `aMessage`. This commit simplifies the code by
removing the `aIsOutbound` input parameter.
This commit contains smaller changes in `HandleRetransmissionTimer()`:
- Remove nested if/else blocks and use `continue`.
- We clone the MPL message if more retx are needed, otherwise use the
`message` directly.
- In both cases, we now use the same code path for preparing and
sending the `message`, avoiding repeated code.
- Rename `GetTimerExpirations() to `DetermineMaxRetransmissions()`.
The posix platform is able to support the HDLC, SPI and vendor spinel
interfaces, but the spinel interface type can't be changed
dynamically. It is inconvenient to use different spinel interfaces for
Thread stack in Android. This commit enables the posix platform to
support the HDLC, SPI and vendor interface at the same time, and the
final spinel interface type is determined by the radio url protocol.
Some other changes:
1. Not use CRTP style for the radio spinel.
2. Deprecate the OT_POSIX_CONFIG_RCP_BUS and
OPENTHREAD_POSIX_CONFIG_RCP_TIME_SYNC_INTERVAL.
This commit simplifies the `MeshForwarder::SendMessage()` method and
its logic for determining whether to send a multicast message to
sleepy children. We first determine whether the destination address
is link-local or realm-local all-nodes, meaning it is destined to all
nodes. Otherwise, we need to check whether each sleepy child is
subscribed to the address. We then iterate through the child table
and mark the message for indirect transmission accordingly.
This commit updates the `ip6addr -v` CLI command to provide more
information about each address including origin, prefix length, and
preferred and valid flags.
This commit adds helper methods to the `Message` class to check if the
message origin matches a specific origin. These methods are used in
the code as syntactic sugar to simplify the code.
This commit updates `MeshForwarder::SendMessage()` on FTD to check if
the message is marked for direct transmission and/or indirect
transmission to a sleepy child. If there is no pending transmission,
the message is removed.
This situation can occur if the message destination is a multicast
address larger than realm-local scope. In such a case, `SendMessage()`
skips `SetDirectTransmission()` on the message(since such message
will be forwarded using IP-in-IP encapsulation by `Ip6` module) and
assumes the message is for a sleepy child. However, if none of the
children are subscribed to this address, the message will not be
marked for indirect transmission either. Without the fix in this
commit, such messages would have remained in the `mSendQueue` and not
been removed or freed, as messages are only checked for removal after
a direct or indirect transmission attempt.
As per the mbedTLS v3.5.0 release notes:
Ref: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0
MBEDTLS_CIPHER_BLKSIZE_MAX is deprecated in favor of
MBEDTLS_MAX_BLOCK_LENGTH (if you intended what the name suggests:
maximum size of any supported block cipher) or the new name
MBEDTLS_CMAC_MAX_BLOCK_SIZE (if you intended the actual semantics:
maximum size of a block cipher supported by the CMAC module).
This commit fixes the build issue keeping the backward compatibility
intact.
This commit adds `RouterRoleTransition` nested class to `MleRouter`.
This class tracks the timeout and jitter intervals for router role
transitions, i.e., device upgrading to router role from REED or
downgrading from router to REED. It provides helper methods like
`IsPending()` and `StartTimeout()` to check if role transition
is pending or to start the timeout countdown. These methods help to
simplify the code and make it more readable.
This commit updates `RoutingManager` to include the Flags Extension
Option with Stub Router flag in its emitted Router Advertisement
messages.
Config `STUB_ROUTER_FLAG_IN_EMITTED_RA_ENABLE` can be used to enable
or disable this behavior which is enabled by default.
This commit drops UDP datagrams from an untrusted origin to TMF port.
Examples of untrusted origin:
- A process other than OT on the host sends the packet to Thread
network via platform API.
- A packet forwarded from infrastructure network to Thread network by
Thread Border Router.
OT shouldn't allow UDP datagrams from untrusted origins going to TMF
port of any Thread device.
To implement this, there's an API `otIp6SendFromOrigin`
introduced. This can be used for specifying the origin of a packet you
want to send. This commit also encapsulates the 'origin' information
in `Message::Metadata`.
This commit updates `Mle` class such that on an FED (FTD child) when
an MLE message is received, we use `FindRxOnlyNeighborRouter()` in
addition to `FindNeighbor()` before performing security check. This
ensures that the key sequence and frame counters are validated for
messages from a rx-only neighbor router.
After security check and before calling `Handle{MleCommand}()` we
clear the `neighbor` if it is a rx-only except for a subset of MLE
messages such as MLE Advertisement. This ensures that, as an FED, we
are selective about which messages to process from rx-only
neighbors.
This commit also adds a new flavor of `FindRxOnlyNeighborRouter()`
that accepts an `Mac::ExtAddress` as its input parameter.
This commit fixes typos in Doxygen documentation, ensuring that
`@param` variable names match the function/method declaration. It
also adds any missing `@param` tags and removes extra ones.
Currently, when SED sends out the Child ID request, the first data
poll goes out immediately (from the SendChildIDRequest method in
MeshForwarder (snippet A). This does not check for any failures in RCP
or SubMac (Channel Access failures or Abort which can cause Child ID
request to fail transmission). In such failure scenarios, additional
data polls are sent out (to retrieve Child ID response which seems
like wasted OTA transmissions). Request to delay the start of data
polling procedure after the Child ID request is sent successfully.
This commit updates the attach process to the same partition after
a router/REED losing connectivity to the leader. It removes the
`kSamePartitionRetry` enumerator from `AttachMode`. With this change,
after trying to attach using `kSamePartition` attach mode (with a
total of six Parent Request attempts to Routers and REEDs), the
device will switch to `kAnyPartition` attach mode. This helps to
reduce the total number of attempts before the device can decide to
take the leader role.
This commit update `BackboneRouter::Local` to be a `TimeTicker`
receiver directly instead of using the `MleRouter for this. The
`TimeTicker` callback is used to delay registration by counting down
`mRegistrationTimeout`.
This commit contains smaller changes in `BackbonRouter::Local`:
- `AddService()` now gets a `RegisterationMode` enum as its input
either decide based on current state or force registration.
- We remove the `NetworkData::Notifier::HandleServerDataUpdated()`
calls after calling `AddService()` since `AddService()` method
itself will already call this (when successfully adds the service
to Network Data)
- We also remove the extra state check before calling `AddService()`
as it is done by the `AddService()` method itself.
This commit introduces a new configuration option for the routing
manager to use heap-allocated entries in the `DiscoveredPrefixTable`,
which maintains a list of discovered routers and their advertised
on-link prefixes. This makes the implementation more flexible when
dealing with a large number of routers and/or discovered prefix
entries.
The config option `OPENTHREAD_CONFIG_BORDER_ROUTING_USE_HEAP_ENABLE`
enables this behavior. By default, it is enabled. When disabled, the
previous model, which uses pre-allocated arrays and pools, is used
instead.
This commit also updates the unit test `test_routing_manager` to track
heap allocations and validate that all heap allocations by the
routing manager are freed when it is stopped.
This commit adds the `RaFlagsExtOption` class to represent an "RA
Flags Extension" Option. It also adds code to `RoutingManager` class
to process this option in received RA messages and check whether or
not the Stub Router Flag is set. Additionally, it checks and tracks
whether or not the `M` (Managed Address) and `O` (Other Config) flags
are set in the received RA message's header.
This commit simplifies the checks to decide whether or not to call
`ProcessRouteTlv()` in `MleRouter::HandleAdvertisement()`. The whole
check is guarded by `aRxInfo.IsNeighborStateValid()`, which ensures
that we only process Route TLVs for Advertisements received from
valid neighbors. In particular, we can remove the additional checks
in the case where the device is itself `IsChild()` (i.e., acting as
an FED). In this case, `aRxInfo.mNeighbor` will be determined using
`NeighborTable::FindNeighbor()`, which checks and accepts the parent
as the only valid neighbor of the FED child.
An invalid Discovery Response that carries no Joiner UDP Port TLV will
be accepted by the joiner, but we shouldn't qualify it as a valid
joiner router since we can only open a connection with a non-zero
port.
This commit updates `Ip6::HandlePayload()` to check the `message`
pointer for null in the common flow, instead of in the `if()` block
where the message is cloned when `aMessageOwnership` is set to
`kCopyToUse`. If `aMessageOwnership` is `kTakeCustody` the `message`
is initialized as `&aMessage` already which cannot be `nullptr`.
This protects against code checker warnings that `message` may remain
null if the given `aMessageOwnership` enum value is not one of its
two defined enumerator values.
This commit excludes `ot_testing` and `__pycache__` directories when
copying the files before building the docker.
Such files are usually generated by root user and will cause errors
when copying them as a non-root user.
This commit changes openthread rcp recovery code to keep `mState` as
`kStateDisabled` if the state before recovery was
`kStateDisabled`. This is needed to avoid otbr-agent crash in the
scenario where rcp recovery is triggered before otbr initialization.
This commit sets the default value of the configuration
`TMF_ADDRESS_CACHE_MAX_SNOOP_ENTRIES` to `1/16` of the total number
of address cache entries. This ensures that the snoop entries scale
with the total number of entries.
According to the description of
https://github.com/openwrt/openwrt/pull/11559, libanl is already
included in the musl c library, so we can turn this option on.
We enable OPENTHREAD_POSIX_CONFIG_NAT64_AIL_PREFIX_ENABLE on OpenWrt
platform for better experience.
This commit updates `ForwardContext` to be `Heap::Allocatable` and
uses `OwnerPtr` to simplify the ownership (and freeing) of allocated
`ForwardContext` objects.
The default supported channel mask is set to 0x7fff000 in the default
configuration file. The dbus client test case sets the channel to 11
which is not valid in the supported channel mask. It causes the CI test
failures in https://github.com/openthread/ot-br-posix/pull/2027.
This commit updates the default supported and preferred channel masks
in the configuration file to avoid the CI test failures.
This commit contains smaller changes in `BorderAgent` class:
- Define `kUdpPort` as a private constants in `BorderAgent` class.
- Add `SendMessage()` method to send message through `SecureAgent`.
- Add `LogError()` as a method so the correct log module is used.
- Remove unused `mMessageInfo` member variable.
- Harmonize log messages.
This commit saves the MAC counter to a local variable to avoid calling
the core function Get<Settings>().Read() in radio_spinel_impl.hpp. This
is useful when spinel module is used as a lib in other projects.
This commit allows developers to set the preferred channel mask and
the supported channel mask in the configuration file. The posix
platform selects channel masks from the configuration file based on
the region code when the region code is updated.
This commit implements the packet logic in OT core. It aims to have
the same effect as what's already achieved by our iptables-based
firewall. Instead of leveraging iptables, this commit filters the
border routing packets in user space by checking the
source/destination addresses of a packet.
This commit also adds a job to do BR regression test when this feature
is enabled and iptables-based firewall is disabled.
This commit updates `HandleNetworkDataRestoredAfterReset()` which is
called when a leader device is reset and recovers the Network Data
from other routers. With the new code, leader will now check and
remove entries in the restored Network Data that are from any
currently unallocated router ID.
This change acts as a safeguard against an edge case where the leader
is reset at an inopportune time, such as right after it removed an
allocated router ID and sent MLE advertisement but before it got the
chance to send the updated Network Data to other routers.
This commit adds a separate flag to be able to turn the posix part of
multicast routing implementation off/on.
The new
OPENTHREAD_POSIX_CONFIG_BACKBONE_ROUTER_MULTICAST_ROUTING_ENABLE flag
guards the feature of posix multicast routing using MFC(multicast
forwarding cache) in MRT(multicast routing table).
The existing
OPENTHREAD_CONFIG_BACKBONE_ROUTER_MULTICAST_ROUTING_ENABLE continues
to guard the core multicast routing feature, for example handling the
MLR.req message and the multicast listeners table.
In a system where it has its own multicast routing support for packet
forwarding between Thread network and AIL, it should set
OPENTHREAD_POSIX_CONFIG_BACKBONE_ROUTER_MULTICAST_ROUTING_ENABLE to 0.
This commit adds methods to parse parameter values directly from the
url, moves the url unit test to the test/unit, and updates the url
processing methods in posix platform.
- This commit resolves inconsistency between Host and RCP channel on
scan energy when network not created.
- Added fix in MAC layer to update the channel on scan energy.
This commit updates `AddressResolver::Resolve()` to validate that the
associated RLOC16 is reachable in the sense that a valid next hop can
be found towards it, before using a matching cache entry in
`mCachedList` or `mSnoopedList`. If the RLOC16 is not reachable, the
cache entry is removed to trigger a new address query.
The core config file shouldn't be included in public API headers
because they will be included from high level project code (like
ot-br-posix) and the config file cannot be located if included here.
Adds a precise specification for the local radio clock that is at the
core of all timing-sensitive aspects of the IEEE 802.15.4 protocol
(currently mostly CSL) and refers to this definition for fields that
reference the radio clock.
Specifies the reference planes and message timestamp points for RX
timestamps, RX windows and timed TX.
Documents the Thread-specific interpretation of the CSL Phase and
derives the formula for CSL TX timestamps from it.
Based on the standard based definitions given, the TX timestamp used
for timed TX now refers to the start of PHR. This change needs to be
synchronized with the platform radio driver implementations. An
appropriate change set has been prepared for Zephyr.
This commit updates MLE to skip sending an Announce response when
receiving an Announce message from a detached/orphan device and the
included channel and PAN ID in the received Announce message are the
same as the current network's channel and PAN ID.
This commit enhances `Srp::Server` to process and commit the completed
`UpdateMetadata` entries (signaled by the "proxy service handler"
calling `HandleServiceUpdateResult()`) from a `Tasklet`. This change
is helpful in the case where the `HandleServiceUpdateResult
()` callback is invoked directly from the "update service handler"
itself. While `Srp::Server` can handle this situation, the change
makes it easier for platform implementations of advertising proxy.
In particular, it addresses an issue with the `otbr` advertising proxy
implementation. This implementation can potentially access an already
freed `Host` object. This can happen because the implementation may
hold on to the `Host` object while iterating over its `Service`
entries as advertising an earlier `Service` of the same `Host` may
fail immediately and invoke the callback directly. This would then
cause the `Host` to be freed by `Srp::Server`.
This commit updates the `check-size` script to generate a formatted
table on a branch push. The table will first include the code size
difference for all binary files, followed by the difference for all
library files. This allows us to use the `check-size` script on local
machines during development to get a full size impact report, similar
to what will be reported on the GitHub Action branch push.
This commit also generates a size report for posting on a pull request
in Markdown format. In particular, the table with the size difference
for all library files is added as a collapsible section after the
main table for binary files.
Whenever an indirect/CSL transmitted frame is being purged or replaced,
make sure that both indirect and CSL transmission attempts counts are
reset in order to avoid issues like considering a new frame as a
retransmission.
This commit implements a new module LinkMetricsManager, which utilizes
the Link Metrics feature to get the Link Metrics data from neighboring
devices.
The commit also adds a few tests to the module:
- Unit Test: tests/unit/test_link_metrics_manager.cpp, will be run in
`unit-tests` in `unit.yml`.
- Expect Test: tests/scripts/expect/v1_2-linkmetricsmgr.exp, will be
run in `expects` in `simulation-1.2.yml`.
- Simulation Test:
tests/scripts/thread-cert/v1_2_LowPower_test_link_metrics_manager.py,
will be run in `packet-verification-low-power` in
`simulation-1.2.yml`.
This commit adds a build configuration flag for the feature to set and
get device properties, which are then used to calculate the local
leader weight on a device. The feature is enabled by default on
Thread 1.3.1 or later. The new configuration flag allows OpenThread
project integrators to enable this feature on earlier versions if
desired.
This commit updates the `check-size` script and how the OpenThread
size report is generated and reported.
The size report now includes four device types:
- FTD (not acting as a BR)
- MTD (including SED)
- Border Router (BR)
- RCP
Each type uses its own example config header file (e.g., BR uses
`examples/config/ot-core-config-check-size-br.h`). These header files
specify all the OT configs and enable/disable the set of features
that make sense for the given type.
This replaces the previous model where the same set of configs were
used for all types. This change allows us to track the code size of a
typical BR build, as well as the code size of other device types.
In order to build and generate a size report for the BR configuration
example with BR-specific features enabled (such as Border Routing
Manager or NAT64), we need an implementation of the related platform
APIs that are used by these features (e.g. `otPlatInfraIf` APIs).
This commit adds mock empty implementations of these APIs, which are
only included in the size-report builds.
In multi-radio scenarios, any key sequence change currently resets the
MAC frame counter for the PHY link over which the first frame (with
new keyId and frame counter) is received. Since the neighbor key
sequence is already modified, any subsequent frame received over the
alternate PHY would have match the neighbor key sequence, but
potentially smaller frame counter, which leads to drops due to
security failure.
This commit simplifies the `Cli::Dataset` implementation by defining
an array of `ComponentMapper` structures. Each `ComponentMapper`
structure corresponds to a Dataset component, and provides the
following information:
- The component's CLI name
- A method pointer to output that component
- A method pointer to parse that component
- A pointer to the component's mIsPresent boolean flag
A new `LookupMapper()` method allows us to find (using binary search)
the entry corresponding to a given component name. This model allows
us to reuse code patterns for the main dataset sub-commands,
`mgmtsetcommand`, and `mgmtgetcommand` commands when outputting or
parsing dataset components.
This commit adds support for TCP Fast Open, without cookie management.
To add support for this, I looked at the FreeBSD codebase and brought
in some code from FreeBSD 12.0 that implements TCP Fast Open --- the
version of FreeBSD that TCPlp is based on did not fully support TCP
Fast Open.
Normally, a part of TFO is cookie management --- the server generates
a cookie and includes it in the initial handshake, and client is
expected to present this cookie on future handshakes. This part is not
yet implemented, and I changed the logic from FreeBSD to allow data to
be exchanged in the TFO handshake even if the client does not present
a cookie. If we implement this functionality for TFO later, it is
probably worth departing from FreeBSD's data structures and policies
for maintaining cookie state in favor of something that is simpler and
more memory-efficient.
The CLI interface for the posix daemon ise useful for testing and
debugging but may not be useful for release/user builds. on size
sensitive plaforms such as Android, disabling the daemon CLI will
reduce the ot-daemon binary size by around 150 KB.
So this commit defines config
"OPENTHREAD_POSIX_CONFIG_DAEMON_CLI_ENABLE" to make the daemon CLI
interface optional.
This commit enhances the DNSSD Server by updating how it stores and
tracks information when trying to resolve a received query using a
discovery proxy.
The previous approach used a fixed-size array to retain information
for pending proxy queries. The new approach uses the already
allocated `Response.mMessage` and appends the newly defined
`ProxyQueryInfo` struct to it. The `ProxyQueryInfo` struct specifies
all the information we need to track associated with a query.
`ProxyQuery` message entries are placed in a message queue waiting
for a callback from the proxy. Once a callback is received, the
`ProxyQuery` message is converted back to a `Response.mMessage` and
response is prepared and sent. The new approach removes the
restriction on the number of outstanding proxy queries and simplifies
the code.
This commit also updates the `Response` to use `OwnedPtr<Message>` to
track the allocated response message (`mMessage`). This simplifies
the logic for freeing the message in case of errors. It also helps to
make it easier to track ownership transfers of the message. For
example, if `ResolveByProxy()` successfully takes over the message to
use as a `ProxyQuery`, the owned pointer (`mMessage`) in the
`Response` class is cleared, ensuring that the response is not sent
immediately and the message is not freed. Overall, `ProcessQuery()`
method becomes simpler, as we can now decide whether or not to send
a response based on whether or not `mMessage` is nullptr.
This commit simplifies and enhances the DNSSD Server implementation:
- A new method, `ParseQuestions()`, has been added to process the
questions in a received `Request` message and determine the
`QueryType`.
- The processing and appending of the query DNS name has been
simplified. The query name is now read and copied label by label
from the `Request` message into the `Response`. When matching the
name against SRP entries, the names are compared with the query
name directly as it is encoded in the `Response` message using the
`Dns::Name::CompareName()` method. This approach is more flexible
and simpler, and it works for all query types and name formats,
including service instance names where the first label can itself
contain a dot (`.`) character. This simplification allows us to
remove the helper functions that were previously used to parse the
query name and deal with the ambiguity that arises when service
instance names are read as strings of dot-separated labels.
- The management of offsets for DNS name compression has also been
simplified. A new method, `Response::ParseQueryName()`, has been
added to validate the query name (e.g., that it contains the
correct domain) and determine all offsets.
- The `ResolveBySrp()` method has also been simplified using query
type and the newly added flavors of `Append{Ptr/Srv/Txt}Record()`
methods.
- Finally, this commit adds the `Dns::Name::ExtractLabels()` helper
method, which extracts label(s) from a full DNS name string by
first checking that it contains a given suffix name (e.g., the
suffix name can be a domain name or a service name) and then
removing it, returning the label(s).
This commit updates the `GenerateEnhAck()` method to add checks to
validate the received frame before preparing the ACK. These checks
are added as a safeguard in case the caller (radio platform
implementation) does not validate the received frame before calling
this method to generate the ACK.
Specifically, the checks verify that the received frame is using the
2015 version, has the "Ack Request" flag, has a valid source address
(which is used as the destination in the generated ACK), and has a
valid destination address that is not broadcast. The checks also
verify that if the received frame is secured, it uses security level
`kSecurityEncMic32`.
The commit also simplifies the code by using `InitMacHeader()` to
prepare the header and addresses. Enhanced ACK frames always have a
destination address and no source address (to keep the frame
shorter). If the received frame has a source PAN ID, it is used in
the ACK frame. If it does not, the code checks if the received frame
has a destination PAN ID and uses that in the ACK frame.
This commit reorganizes the MLE constants that were previously defined
in the `mle_types.hpp` header file.
Global constants (those that are used by multiple classes) are kept in
`mle_types.hpp`. Other constants are moved to the specific class that
uses them. For example, many of the delay and timeout definitions are
now defined in the `Mle` and `MleRouter` classes as `private`
constants.
Some of the constants are renamed to simplify or shorten their names,
or to make it clear how they are used. Also, some of the time interval
constants are now defined directly in milliseconds (avoid using
`Time::SecToMsec()`).
This commit updates the `InitMacFrame()` method to allow the caller to
specify whether the source or destination PAN IDs are present or not.
It also handles all cases related to PAN ID compression as defined by
IEEE 802.15.4-2015. While these cases are not used by the Thread
stack itself, adding them to `InitMacFrame()` makes it more capable
allowing future use-cases of this method such as generating enhanced
ACKs based on a received frame.
The `test_mac_frame` unit test has been updated to cover the newly
added cases.
This commit adds an RTT implementation for the cli uart api. This can
be enabled using the `OT_RTT_UART` flag for cmake or
`OPENTHREAD_ENABLE_RTT_UART` for make.
This commit updates the type of parameter `status` in
`otLinkMetricsReportCallback` and `otLinkMetricsMgmtResponseCallback`
from `uint8_t` to `otLinkMetricsStatus` for better readability.
This commit updates the `ApplyDirectTxQueueLimit()` method. We mark
the "do not evict" flag on the newly queued `aMessage` so that it
will not be removed from `RemoveAgedMessages()`. This protects
against the unlikely case where the newly queued `aMessage` may
already be aged due to execution being interrupted for a long time
between the queuing of the message in `SendMessage()` and the call to
`ApplyDirectTxQueueLimit()`. This protects against the message being
potentially removed and freed twice.
This commit updates the `CheckForHostNameAlias()` method to handle the
case where the response may include multiple CNAME records. For
example, host name mapped to another name which is itself mapped
again. In order to detect CNAME record loops, we limit the number
of CNAME record name changes to `kMaxCnameAliasNameChanges = 40`.
In `LeaderBase::RouteLookup()`, OT currently checks the source address
of the packet to ensure it matches any of the Prefix TLV in leader's
netdata. Actually it should also verify that the Prefix TLV has a
Border Router sub-TLV.
In the current implementation, OT may wrongly send/forward a packet to
BR when its source address matches with a Prefix TLV which only
contains an External Route sub-TLV. This lets BR accidentally forward
packets from Thread to infra network. For example, a packet from
Mesh-Local address to On-Link address will be wrongly forwarded to
infra network.
I recently noticed this problem because we're now using either
`fc00:/7` or `::/0` for external routes in netdata, which always
matches Mesh-Local source addresses and makes the issue more obvious.
This commit contains changes and enhancements in the DNS-SD
server/resolver class `Dns::ServiceDiscovery::Server`.
- It defines `Request` and `Response` structures, which contain all
related information for a DNS query request and response. These
structures simplify the code by encapsulating all the related
information in one place.
- The `Response` class provides methods for preparing the response,
such as appending records, DNS names to the response, or checking
the questions or updating the header. These methods replace the
previous `static` methods, which required all the information to be
passed as input parameters.
- The `QueryTransacation` type is simplified by declaring it as a
subclass of `Response`. It inherits all the helper methods from
`Response`. Other previously defined `static` methods are now
defined as methods of `QueryTransacation` (such as `CanAnswer()`).
- `ResolveBySrp()` and its related methods now directly populate the
DNS response code in the `Response` DNS header instead of returning
it.
- `ResolveBySrp()` is updated such that if a failure is encountered
when preparing the answer section, no further processing is
performed. This ensures that a previous failure `rcode` is not
overwritten. When preparing the additional section, certain
`rcode` failures are allowed, such as if the DNS name is not found.
- The processing of `Timer` is simplified, using `FiretAtIfEarlier()`
and determining next expire time from `HandleTimer()`.
- This commit also adds an empty implementation of the `otPlatDns{}`
functions (used with `OPENTHREAD_CONFIG_DNS_UPSTREAM_QUERY_ENABLE`)
under the simulation platform.
When `ResolveByUpstream()` returns an error, we ensure that the error
is cleared so that the transmission of the DNS response (with
`kResponseServerFailure` rcode) is not skipped at the `exit` label.
Current implementation of RestoreProperties() assumes there's always a
networkInfo structure stored in the settings. But, it's possible the
RCP device needs to be recovered before this structure is populated.
Signed-off-by: Axel Le Bourhis <axel.lebourhis@nxp.com>
After recent reference device release, two THCI issues
have been found.
This commit adds `"` around command arguments that have
escapable characters (like `ot networkname aa\ bb`),
and skips lines containing only ANSI escape codes
in commissioning logs.
Signed-off-by: Maciej Baczmanski <maciej.baczmanski@nordicsemi.no>
This commit changes the `protected` declarations in the `Mle` class to
be `private` since `Mle` class and its subclass, the `MleRouter`, are
declared as `friend` classes.
The commit also re-arranges the `private` definitions in the `Mle`
class into five sections: constants, enumerations, nested classes,
methods declarations, and member variable definitions.
With the change to `private`, this commit also removes the redundant
documentation of methods.
This commit updates the `Mac::TxFrame::GenerateEnhAck()` method to
check the security level of the received frame. If the security level
is not `kSecurityEncMic32`, it will return `kErrorParse`. This should
help prevent radio platform implementations from trying to perform tx
security on an invalid generated enhanced ack frame. Specifically, it
can help prevent radio platforms from calling `ProcessTxSecurity()`
on an enhanced ack frame with a security level of `kSecurityNone`
which can cause an assert in `AesCcm::Init()` due to the tag length
being zero.
This commit updates the `TrickleTimer` to allow `IntervalMax` and
`IntervalMin` to be changed while the timer is running. In particular,
when `IntervalMax` is changed to a value that is shorter than the
current interval being used by the timer, the timer will adapt the
new shorter interval and may fire immediately.
A unit test `test_trickle_timer` has been added to validate the
behavior of `TrickleTimer` in detail. All different scenarios where
`IntervalMax` or `IntervalMin` are changed are covered by the
unit test.
The new mechanism to change the trickle timer `IntervalMax` is
used to update the MLE Advertisement trickle timer. The `IntervalMax`
is determined based on the number of router neighbors of the device
with link quality 2 or better. If the device has fewer router neighbors,
it will use a shorter `IntervalMax`. As new links are established
with routers, the `IntervalMax` is recalculated and updated on the
Advertisement trickle timer.
This commit also adds a new test `test-024-mle-adv-imax-change.py` to
validate updates to the `IntervalMax` value based on the number of
router neighbors.
Co-authored-by: David Smith <david.smith@mmbnetworks.com>
This commit adds `SetIfIndex` method to `RoutingManager` class. This
method allows the infrastructure interface to be changed. The user may
initialize multiple interfaces and choose one interface as
infrastructure interface. During run time, there might be some
networking congestion or other network issue. The user can change the
infrastructure interface via this function.
This commit also adds docs for the `init` command.
This commit updates `CommitSrpUpdate()` to ensure that `aHost` is
freed when granted key lease is zero and host is fully removed.
This commit also updates unit test `test_srp_server` (which checks the
heap allocations by server) to cover the situations where client sends
an update to remove host and all its services with or without
clearing key-lease.
This commit updates and enhances the specification of OT core config
header files. It adds `OPENTHREAD_PLATFORM_CORE_CONFIG_FILE`, which
can be used by platforms to provide a core config header file name.
The project and platform specific config header files are included in
the following order:
1. Project specific header (`OPENTHREAD_PROJECT_CORE_CONFIG_FILE`)
2. Platform specific header (`OPENTHREAD_PLATFORM_CORE_CONFIG_FILE`)
3. Default config values as specified by `config/{module}.h`
CMake config options `OT_PROJECT_CONFIG` and `OT_PLATFORM_CONFIG` are
also defined, which can be used to specify project and platform
config headers. Platforms can define a default config header for
`OT_PLATFORM_CONFIG`. The existing `OT_CONFIG` CMake option is marked
as deprecated (with a warning message which recommends use of the new
configs).
This commit also updates the default simulation and POSIX core config
headers to remove extra Doxygen-style documentation and ensure that
all definitions have an `#ifndef` guard check.
This commit defines two types to track challenge or response TLV data
in MLE messages:
- `TxChallenge` represents the maximum-sized challenge data to include
and send in MLE messages. OpenThread always uses the maximum size
of 8 bytes for challenge data in the messages it sends.
- `RxChallenge` represents variable-length challenge data read from a
received MLE message.
The two separate types help to simplify their use in code.
This commit updates public APIs for getting and setting CSL period to
use microseconds unit instead of the internal ten symbols unit. This
makes the APIs easier to use.
The CSL APIs have been renamed to follow the `otLinkGet/SetCsl{Item}()`
pattern, which is the common naming style of OpenThread. This
renaming will make the APIs more consistent and avoid potential
confusion with the now-removed APIs, which used a different unit for
CSL period.
This commit also updates the related CLI CSL commands:
- The `csl period` expects the given period to be in microseconds.
- The `csl` command (which outputs all CSL parameter) shows the CSL
period in microsecond unit (e.g., "Period: 160000us").
The NCP spinel `SPINEL_PROP_THREAD_CSL_PERIOD` is also updated to use
microsecond unit for CSL period.
The related test script are updated to use the new unit, in particular
the test harness `setCSLperiod()` in `harness-thci/OpenThread.py` is
updated (no need to convert from msec).
This commit simplifies the `Sever::RemoveHost()` method by removing
the input parameter `aNotifyServiceHandler`. This is because, unlike
the `RemoveService()` method, the `RemoveHost()` method always needs
to notify the service handler.
`NETLINK_EXT_ACK` and `NETLINK_CAP_ACK` are for getting netlink reply
details from the kernel and we can still function without the two
options.
This commit loose the check of enabling the two options to make
ot-posix works on platforms where the features are missing.
This commit fixes the name of the vendor supplied target to
OT_POSIX_CONFIG_RCP_VENDOR_INTERFACE so that this target name and the
misspelled target name do not both need to be defined by vendors.
This change updates the mechanism used by vendor.cmake to include a
cmake file to define the required vendor targets used by the rcp
vendor interface library instead of the find_package command that was
previously used.
The find_package command would allow for a package to be searched for
and a target to be linked unconditionally if defined by the CMake
project. This would lead to problems if the target was already
defined, perhaps as a subdirectory of a super project, and the cache
variable is still set for the openthread build. Additionally, this
change also brings the vendor extension of the posix library more in
line with the cli vendor extension, which was created after
find_package was used in vendor.cmake.
This commit simplifies the `MleRouter::HandleChildIdRequest()` method
by directly tracking the list of MLE TLVs to be included in the
response in a `TlvList`. This replaces the previous approach of using
boolean flags to track which TLVs should be included. The use of
`TlvList` also protects against the case where the child may have
included the same TLV type in the "TLV Request TLV" and ensures
that we do not include duplicate TLVs in the response.
Currently to support Link Metrics Subject, we pre-allocate 128
entries. But this is unnecessary for MTD since it will only have one
neighbor. This commit minimizes the number to 2 - one for Enhanced-ACK
Probing and one for Forward Tracking Series.
This commit simplifies the definition of CMake configurations by
adding new macros:
- `ot_string_option` for string-valued options (`OT_VENDOR_NAME`)
- `ot_int_option` for int-valued options (`OT_MLE_MAX_CHILDREN`)
- `ot_multi_option` for multi-valued options (`OT_LOG_LEVEL`)
The option definitions have also been moved to the `options.cmake`
file from `./CMakeLists.txt`.
This commit updates `Dns::ServiceDiscovery::Server` such that when
answering a PTR query with more than one answer, it does not include
additional records. This is to keep the size of the response small.
This commit also updates the test scripts validating browse (PTR
query) function to check the new behavior. In particular, a common
python function `_parse_dns_service_info()` is added to parse service
info in CLI output of "dns browse" or "dns service" commands and
handle if output of "dns browse" does not include service info.
This commit fixes the netlink ACK error logging by extracting error
messages from the `NLMSGERR_ATTR_MSG` attribute. The key point is that
the error code in the `nlmsgerr` header is not necessary `errno` and
can't be used with `strerror()`.
This commit adds support for the Advertising PIO (AP) flag in Network
Data `ExternalRoute` entries. It also updates the `RoutingManager`
class to set the AP flag on its published Network Data route when the
local on-link prefix is included as PIO in emitted RA messages, which
is equivalent to when the local on-link prefix is being published,
advertised, or deprecated.
This commit also updates the `test_routing_manager` unit test to
validate the AP flag in the published route under different
scenarios.
This commit removes the unnecessary Doxygen-style documentation of
used configuration options from toranj config header files. This
makes the test-specific config header simpler and avoids confusion
with the main config parameters documentation, which is included in
the corresponding `src/config/<name>.h` header files.
This commit adds command to install `prettier@2.0.4` from the
Bootstrap step in `pretty` job of `build.yml` GitHub Action workflow.
This should help with occasional failure of `pretty` check.
This commit adds `SetState()` method to the `OnLinkPrefixManager`
class. This method allows the state of the on-link prefix manager to
be changed in a single place, which simplifies the logging and makes
it easier to take additional actions on state change. For example,
the `SetState()` can be used to update the Advertising PIO (AP) flag
in the published route in Network Data.
For the RCP waiting response timeout handle logic, the error code of
processing `WaitResponse()` will be checked, if there is no error, the
function `ResetRcp` will return with a log "Software reset RCP
successfully". But the implementation of the `WaitResponse` it will
always return OT_ERROR_NONE even if waiting response timeout.
This commit returns `OT_ERROR_RESPONSE_TIMEOUT` on response timeout.
This commit updates and simplifies how `Srp::Server` stores the
sub-type services. The earlier implementation treated each sub-type
as its own service, which was tracked by a `Service` object. This
design allowed sub-type services to be registered and deleted
individually. However, the latest SRP RFC draft requires SRP servers
to treat updates to a service and all its sub-types as atomic. This
means that when a service and its sub-types are being updated, the
SRP Update message must contain the entirety of information about
that service and its sub-types. As a result of this change, we can
simplify the server implementation by tracking sub-types as an array
of sub-type names in the `Service` object.
This commit also updates the way the server commits a received SRP
update info into its existing data. Previously, the server would try
to merge the new information into existing `Host` and `Service`
objects. However, this could be inefficient, as it would require
moving heap-allocated items like "txt data" and/or array of host IPv6
addresses from one object to another. The new `CommitSrpUpdate()`
implementation now starts from the new `Host` object that is
constructed as the received SRP Update message from the client is
parsed. Any previously registered services that are not present in
the new `Host` object are then moved into it.
This commit adds new public OT APIs for retrieving the sub-types
associated with a service and making it easier to iterate over the
list of registered services by a host. Due to fundamental changes in
how services are stored by the `Srp::Server` class, some existing
public `otSrpServer` APIs for filtering and iterating over services
are being removed.
Processing of the Key Sequence is happening after each individual MLE
command processing, which leads to generating MLE responses with
outdated Key Sequence.
Make sure that the new greater Key Sequence is applied before
generating any MLE response.
A test case is updated to catch the case in which fragmented Child Id
Response was generated with the old Key Sequence whereas each
individual MAC fragment is already updated with the new Key Sequence,
leading to a security error.
This commit adds the ability to collect statistics on the time
messages spend in the TX queue.
When enabled, a histogram of the time-in-queue is collected. The
time-in-queue is tracked for direct transmissions only, and is
measured as the duration from when a message is added to the TX queue
until it is passed to the MAC layer for transmission or dropped.
The histogram data consists of a number of bins, each representing a
range of time-in-queue values. The bin interval length and maximum
tracked interval can be configured using newly added configuration
options.
This commit also adds a new public OT API and a related CLI command
(`timeinqueue`) to get the collected statistics or reset the data.
This commit contains multiple changes to Network Diagnostics
modules.
It adds new TLVs: Child TLV, Child IPv6 Address List TLV, Router
Neighbor TLV and MLE counters TLV.
Child TLV contains information about a child entry including RLOC16,
extended MAC address, mode (rx-on-idle, FTD/MTD, full netdata,
CSL-sync), timeout, age, supervision interval, CSL period and
timeout, and link quality info such as RSS (last and average) and
frame/message error rates. Neighbor TLV provides similar info for a
router neighbor. The Child IPv6 Address List TLV allows to query a
parent to get the list of IPv6 addresses registered by its MTD
children.
The new Child and Neighbor TLVs can be requested in Network Diagnostic
Get Query "d/dq" message to a router (unicast) or multiple routers
(multicast). The router responds with one or more Network Diagnostic
Get Answer "d/da" messages.
We allow multiple Answer messages to be sent in response to a Query.
This is to support the case where a router has many children, and we
want to avoid sending a large message that contains all of the TLVs
for all of the children. Instead, we can send a sequence of Answer
messages, each of which contains a subset of the TLVs.
Each Answer message includes an Answer TLV that indicates the index of
the message in the sequence. The first Answer message has an index of
0, the second has an index of 1, and so on. The Answer TLV also
indicates whether the message is the last one in the sequence, or if
there are more Answer messages to come. Answer messages are sent in
sequence, and the next one is not sent until we receive a successful
CoAP ACK/response for the previous one.
This commit adds a Query ID TLV (with a 16-bit identifier as it
value) that can be optionally included in a Query message. The Query
ID is echoed back in all Answer messages associated with the same
Query message. This allows a node that sends multiple Queries to
distinguish between the received Answers.
This commit updates `MeshDiag` to use the newly added TLVs
to query the child table or children IPv6 addresses of a router.
New public OpenThread APIs under `otMeshDiag` are added for this,
along with CLI commands and their documentation. A test-case is added
to validate the newly added mechanism.
This commit changes the `Time::GetDistantFuture/Past()` methods to
exclude the ambiguous time value which is half range `(1 << 31)`
apart. The returned value is now `(1 << 31) - 1` apart. This ensures
that `Min(now.GetDistantFuture(), now)` is well-defined and the same
as `Min(now, now.GetDistantFuture())`. This commit also updates
`test_timer` to validate this.
This commit simplifies scheduling of `mJoinerExpirationTimer` by using
`FireAtIfEarlier()` when adding or updating a `Joiner` entry instead
of recalculating the fire time. When a `Joiner` entry is removed, we
keep the timer unchanged and let it be rescheduled when the currently
scheduled timer expires. The next expiration time is determined in
`HandleJoinerExpirationTimer()`, which ensures that all expiration
times are strictly after `now` and avoids any potential issue with
the order of comparison between `now` and `next` being
`now.GetDistantFuture()`.
2023-07-10 09:25:45 -07:00
3390 changed files with 366259 additions and 499541 deletions
In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
## Our Standards
Examples of behavior that contributes to creating a positive environment include:
Examples of behavior that contributes to a positive environment for our community include:
-Using welcoming and inclusive language
- Being respectful of differing viewpoints and experiences
- Gracefully accepting constructive criticism
-Focusing on what is best for the community
-Showing empathy towards other community members
-Demonstrating empathy and kindness toward other people
- Being respectful of differing opinions, viewpoints, and experiences
- Giving and gracefully accepting constructive feedback
-Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
-Focusing on what is best not just for us as individuals, but for the overall community
Examples of unacceptable behavior by participants include:
Examples of unacceptable behavior include:
- The use of sexualized language or imagery and unwelcome sexual attention or advances
- Trolling, insulting/derogatory comments, and personal or political attacks
- The use of sexualized language or imagery, and sexual attention or advances of any kind
- Trolling, insulting or derogatory comments, and personal or political attacks
- Public or private harassment
- Publishing others' private information, such as a physical or electronic address, without explicit permission
- Publishing others' private information, such as a physical or email address, without their explicit permission
- Other conduct which could reasonably be considered inappropriate in a professional setting
## Our Responsibilities
## Enforcement Responsibilities
Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.
Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate.
## Scope
This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at openthread-conduct@google.com. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement at openthread-conduct@google.com. All complaints will be reviewed and investigated promptly and fairly.
Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
All community leaders are obligated to respect the privacy and security of the reporter of any incident.
## Enforcement Guidelines
Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct:
### 1. Correction
**Community Impact**: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.
**Consequence**: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested.
### 2. Warning
**Community Impact**: A violation through a single incident or series of actions.
**Consequence**: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban.
### 3. Temporary Ban
**Community Impact**: A serious violation of community standards, including sustained inappropriate behavior.
**Consequence**: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.
### 4. Permanent Ban
**Community Impact**: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.
**Consequence**: A permanent ban from any sort of public interaction within the community.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 2.1, available at [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcement ladder][mozilla coc].
For answers to common questions about this code of conduct, see the FAQ at [https://www.contributor-covenant.org/faq][faq]. Translations are available at [https://www.contributor-covenant.org/translations][translations].
@@ -109,7 +109,7 @@ This will open up a text editor where you can specify which commits to squash.
#### Coding Conventions and Style
OpenThread uses and enforces the [OpenThread Coding Conventions and Style](STYLE_GUIDE.md) on all code, except for code located in [third_party](third_party). Use `script/make-pretty` and `script/make-pretty check` to automatically reformat code and check for code-style compliance, respectively. OpenThread currently requires [clang-format v14.0.0](https://releases.llvm.org/download.html#14.0.0) for C/C++ and [yapf v0.31.0](https://github.com/google/yapf) for Python.
OpenThread uses and enforces the [OpenThread Coding Conventions and Style](STYLE_GUIDE.md) on all code, except for code located in [third_party](third_party). Use `script/make-pretty` and `script/make-pretty check` to automatically reformat code and check for code-style compliance, respectively. OpenThread currently requires [clang-format v19](https://github.com/llvm/llvm-project/releases/tag/llvmorg-19.1.7) for C/C++ and [yapf v0.43.0](https://github.com/google/yapf) for Python.
As part of the cleanup process, you should also run `script/make-pretty check` to ensure that your code passes the baseline code style checks.
OpenThread is an open-source implementation of the Thread networking protocol, released by Google. It is designed to be OS and platform-agnostic, with a small memory footprint, making it highly portable. It supports both system-on-chip (SoC) and network co-processor (NCP) designs and is a Thread Certified Component.
The project is primarily written in C and C++, with Python used for scripting and tooling. It uses a variety of build systems, including CMake and GN, and is actively maintained with a strong emphasis on code quality and style, enforced through continuous integration.
## Building and Running
The project uses both CMake and GN as build systems. A collection of scripts in the `script/` directory simplifies the build and test process.
A bootstrap script is provided to install the required tools:
```bash
./script/bootstrap
```
### Building with CMake
The project provides CMake presets for easier configuration.
**Configure:**
```bash
cmake --preset simulation
```
**Build:**
```bash
cmake --build --preset simulation
```
### Building with Scripts
The `script/` directory contains several scripts for building the project for different configurations:
- **Simulation Build:**
```bash
script/check-simulation-build
```
- **POSIX Build:**
```bash
script/check-posix-build
```
- **ARM Build:**
```bash
script/check-arm-build
```
- **GN Build:**
```bash
script/check-gn-build
```
## Testing
The project uses CTest for testing.
To run the tests after building with the simulation preset:
```bash
ctest --preset simulation
```
### Nexus Tests
Nexus is a test framework that allows simulating multiple OpenThread nodes within a single process, enabling faster and more scalable network simulations.
For more details, see [tests/nexus/README.md](tests/nexus/README.md).
## Development Conventions
### Code Style
The project has a strict coding style, which is enforced by the `script/make-pretty` script. Before submitting a pull request, ensure your code is formatted correctly.
**Check code style:**
```bash
script/make-pretty check
```
**Format code:**
```bash
script/make-pretty
```
Key style points:
- **Indentation:** 4 spaces.
- **Naming:**
- `UpperCamelCase` for types (classes, structs, enums), methods, functions.
- `lowerCamelCase` for variables.
- `g` prefix for globals, `s` for statics, `m` for members, `a` for arguments.
- **Comments:** Doxygen is used for API documentation.
For more details, see the [STYLE_GUIDE.md](STYLE_GUIDE.md).
### Commits and Pull Requests
The project follows the "Fork-and-Pull" model. All contributions must be accompanied by a Contributor License Agreement (CLA). Pull requests are tested using GitHub Actions, and all checks must pass before merging.
For more details, see the [CONTRIBUTING.md](CONTRIBUTING.md).
@@ -10,24 +10,18 @@ OpenThread released by Google is... <a href="https://www.threadgroup.org/What-is
**...OS and platform agnostic**, with a narrow platform abstraction layer and a small memory footprint, making it highly portable. It supports both system-on-chip (SoC) and network co-processor (NCP) designs.
**...a Thread Certified Component**, implementing all features defined in the [Thread 1.3.0 specification](https://www.threadgroup.org/support#specifications), including all Thread networking layers (IPv6, 6LoWPAN, IEEE 802.15.4 with MAC security, Mesh Link Establishment, Mesh Routing) and device roles, as well as [Border Router](https://github.com/openthread/ot-br-posix) support.
**...a Thread Certified Component**, implementing all features defined in the [Thread 1.4.0 specification](https://www.threadgroup.org/support#specifications), including all Thread networking layers (IPv6, 6LoWPAN, IEEE 802.15.4 with MAC security, Mesh Link Establishment, Mesh Routing) and device roles, as well as [Border Router](https://github.com/openthread/ot-br-posix) support.
More information about Thread can be found at [threadgroup.org](http://threadgroup.org/). Thread is a registered trademark of the Thread Group, Inc.
- OpenThread uses `script/make-pretty` to reformat code and enforce code format and style. `script/make-pretty check` build target is included in OpenThread's continuous integration and must pass before a pull request is merged.
-`script/make-pretty` requires [clang-format v14.0.0](https://releases.llvm.org/download.html#14.0.0) for C/C++ and [yapf v0.31.0](https://github.com/google/yapf) for Python.
-`script/make-pretty` requires [clang-format v19](https://github.com/llvm/llvm-project/releases/tag/llvmorg-19.1.7) for C/C++ and [yapf v0.43.0](https://github.com/google/yapf) for Python.
* This method resets Enhanced-ACK Based Probing data.
*/
voidotLinkMetricsResetEnhAckProbing(void);
#ifdef __cplusplus
}// extern "C"
#endif
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Abtin Keshavarzian
