Verify incoming ARP packet hardware and protocol type. Drop
unknown type of packets.
Fixes#11215Fixes#11217
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
FD method tables contain function pointers, and thus should be
const and reside in ROM. This patch fixes all cases of FD vtable
definitions: for POSIX FS API and for sockets.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
If we change the ethernet MAC address, then we must also remove
the old IPv6 interface identifier (iid) address from the
interface. Otherwise there might not be enough space in the IPv6
address array for the new iid address and beside the old iid
address is not useful any more after the MAC address is changed.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Make sure that IPv4 specific functions are callable even if
IPv4 is not enabled. This allows use of IS_ENABLED() macro
in other parts of the system.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Make sure that IPv6 specific functions are callable even if
IPv6 is not enabled. This allows use of IS_ENABLED() macro
in other parts of the system.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
No need to evaluate what's the ll reserve size here as net if has a
function to do so.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
If the destination IPv6 address is interface local scope multicast
address FF01::, then loopback those packets back to us as that is
the purpose of those addresses. They are to work same way as
localhost unicast address. See RFC 3513 ch 2.7 for details.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If IPv6 is disabled, then we can skip IPv6 checks and avoid
Coverity warnings. Same thing for IPv4.
Coverity-CID: 189506
Fixes#11100
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Previously the "socket file descriptors" were just net_context
pointers cast to int. For full POSIX compatibility and support
of generic operations line read/write/close/fcntl/ioctl, the
real file descriptors should be supported, as implemented by
fdtable mini-subsys.
Socket implementation already has userspace vs flatspace dichotomy,
and adding to that ptr-fds vs real-fds dichotomy (4 possible cases)
is just too cumbersome. So, switch sockets to real fd's regardless
if full POSIX subsystem is enabled or not.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Unify the function naming for various network checking functions.
For example:
net_is_ipv6_addr_loopback() -> net_ipv6_is_addr_loopback()
net_is_my_ipv6_maddr() -> net_ipv6_is_my_maddr()
etc.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Make sure that ICMPv6 checksum is correct before continuing
processing the packet.
Fixes#10971
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we receive an IPv6 packet with organisation scope multicast
address FF08:: then we must drop it as those addresses are
reserved for organisation network traffic only.
Fixes#10961
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we receive an IPv6 packet with site scope multicast
address FF05:: then we must drop it as those addresses are
reserved for site network traffic only.
Fixes#10960
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we receive an IPv6 packet with interface scope multicast
address FF01:: then we must drop it as those addresses are
reserved for local network traffic only.
Fixes#10959
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
For Bluetooth, the link address is set only after the Bluetooth
connection is established. Because of this, place the link address
check to net_if_up() because at that point the link address should
be set properly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
There's a lot of code which assumes net_if_get_link_addr(iface)->addr
Forgetting to set it leads to deferred, spectacular crashes. It's
impractical to assert it on every usage. So, instead let's assert
it after call to driver->init(), as that is supposed to set it.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Fixes following warning:
...
subsys/net/lib/dns/llmnr_responder.c:24:0:
subsys/net/lib/dns/llmnr_responder.c: In function ‘recv_cb’:
include/net/net_pkt.h:1203:9: warning: ‘addr’ may be used uninitialized
in this function [-Wmaybe-uninitialized]
return net_pkt_append(pkt, len, data, timeout) == len;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
subsys/net/lib/dns/llmnr_responder.c:306:14: note: ‘addr’ was declared
here
const u8_t *addr;
^~~~
...
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Fixes warning:
warning: ‘ipv6’ defined but not used [-Wunused-variable]
static struct net_context *ipv6;
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
We must drop packet that is received from outside and which has
IPv6 loopback address (::1) either as a destination address or
source address.
Fixes#10933
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
CoAP library is migrated to support over socket based
applications or other higher layer protocols. Most of the
API's and functionality is kept as it is except few changes.
net_pkt/net_buf is removed from CoAP library. Now it expects
a pre-allocated flat buffer and length. If there is not enough
space to append any data, library simply returns an error.
It's user's responsibility to allocate and free memory.
One change in functionality is, earlier coap_pending_clear()
used to clear the memory, but now it's user's responsibility
to free the memory.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
ICMPv4 checksum is not optional and thus cannot be zero. Hence, drop
packet with invalid zero ICMPv4 checksum.
Signed-off-by: Ruslan Mstoi <ruslan.mstoi@intel.com>
If we receive an IPv4 that has broadcast destination address, then
properly handle it.
This means that for
* ICMPv4, if CONFIG_NET_ICMPV4_ACCEPT_BROADCAST is set (this is the
default value) and we receive echo-request then accept the packet.
Drop other ICMPv4 packets.
* TCP, drop the packet
* UDP, accept the packet if the destination address is the broadcast
address 255.255.255.255 or the subnet broadcast address.
Drop the packet if the packets broadcast address is not in our
configured subnet.
In sending side, make sure that we do not route broadcast address
IPv4 packets back to us. Also set Ethernet MAC destination address
properly if destination IPv4 address is broadcast one.
Fixes#10780
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Add utility function that returns true if given IPv4 address is
a broadcast address. This will be used in later commits to check
received packet IPv4 source and destination addresses.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Remove extra ntohl() calls when checking IPv4 address against
a subnet address.
Convert also the IPv4 address to be const as the netmask related
functions do not change its value.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Cache the used transport protocol in net_pkt. This way we can
avoid traversing IP header to get the last protocol in network
packet. This is mostly an issue in IPv6 which can have a long
list of extension headers after IPv6 header and before the
transport protocol header.
Fixes#10853
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Previously, the wifi shell needed to remove the quotes from the
SSID parameter, passed in by the underlying shell.
The new shell is now able to parse quoted strings as arguments,
so this adjustment can be removed.
Otherwise, it results in a failure to connect to an AP, as the first
character of the SSID name is stripped off.
Signed-off-by: Gil Pitney <gil.pitney@linaro.org>
Wrong Kconfig template was used for max debug level which caused
the max level to be the default level (ERROR). This prevented
all debug prints from showing.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The net_buf log level Kconfig setting was using template from
networking, which might not be available for Bluetooth code.
This caused the log level to be ignored.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The maximum log level was using wrong template which caused
the max value to be ignored.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The CONFIG_NET_DEFAULT_LOG_LEVEL template entry was only partially
fixed earlier and some spaces were not there around "=".
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Current TLS socket implementation assumed that PSK ID stored in
credential manager is NULL terminated. It's actually better to store
only the string content, as the string length is stored as well. This
approach is less confusing, when a user is not operating on C strings
but on a non-NULL terminated byte array.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When DBG level for CONFIG_LWM2M_LOG_LEVEL is disabled, a compiler
warning is generated:
In file included from include/logging/log.h:11:0,
from subsys/net/lib/lwm2m/lwm2m_engine.c:28:
subsys/net/lib/lwm2m/lwm2m_engine.c: In function ‘engine_add_observer’:
subsys/net/lib/lwm2m/lwm2m_engine.c:558:3: warning: implicit
declaration of function ‘sprint_token’
[-Wimplicit-function-declaration]
sprint_token(token, tkl), lwm2m_sprint_ip_addr(addr));
^
Let's remove the #if guards around sprint_token() and let
the Linker remove it when not needed.
Signed-off-by: Michael Scott <mike@foundries.io>
It is possible that connect callback is called when shell is not
yet set. Make sure to check this and fallback to use printk() if
shell_printf() cannot be used.
Fixes#10617
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The connect command parameters were not checked properly if
user decided to supply only mandatory parameters.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If the device does not support wifi offloading, then return -ENOTSUP
so that wifi support can be enabled for testing purposes even if
the actual device does not have wifi support. This is happens for
example in qemu which does not support wifi offloading.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Make sure that we define and declare the _net_app_register() and
_net_app_unregister() functions properly if net_app logging level
is set to debug.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Typo when calculating new value for local_time_n.low, the calculation
was just a constant expression and the value was not modified.
Coverity-CID: 188759
Fixes#10568
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Ravi kumar Veeramally