As the whitelist define can be set per compilation unit in all
legitimate cases, the checks do not need to be run on every single usb.h
inclusion. This is done for two reaons:
* It is sufficient -- if any user C file includes usb.h, there's already
a good chance that the user is doing something USB related manualy.
(And conversely, the existing examples with boards that happen to pull
in CDC-ACM or CDC-ECM do not include usb.h from an example C file).
* Defining the USB_H_USER_IS_RIOT around legitimate uses of the header
by other headers would allow accidental sidestepping: If a user
includes a legitimate usb.h using header (say, board.h) and just
forgets to include usb.h on their own, their application that'd mess
with USB would still work as usb.h is transitively included, and the
check for custom includes does not trigger.
A new define, USB_H_USER_IS_RIOT_INTERNAL, is defined that may only be
set from within RIOT's own compilation units that deem themselves
standard RIOT peripherals. If all usb.h users in a program match that
requirement, a default VID/PID pair is set.
Due to the new composite check, the individual checks for VID/PID being
set become moot and are removed.
This implements the randomization of canary values on each build as
mentioned in the comment above the STACK_CHK_GUARD macro. The canary
value is generated by the buildsystem and passed to the ssp module using
a `-D` compiler flag. The ssp object file, using this canary value, is
marked as PHONY to make sure it is rebuild on each make invocation,
thereby ensuring that each build uses a new random canary value.
Implementing this properly would require generating a cryptographically
secure random value on each boot of the RIOT operating system. This is
not deemed possible on some constrained devices, e.g. due to lack of
hardware random number generators. Besides, RIOT only seems to support a
PRNG (random module) currently. While this may be implemented in the
future for some devices the changes implemented in this commit may still
be used as a fallback then.
A hardcoded canary value is used when building software on the CI to not
break the CI test cache [1].
[1]: https://github.com/RIOT-OS/RIOT/pull/13119#issuecomment-574132932
The reassembly buffer only needs (and stores) the headers *before* the
fragment header (called per-fragment headers in RFC 8200, section 4.5).
Currently, when a subsequent IPv6 fragment is received before the first
fragment the fragment header is however not removed. With this fix it
does.
This implements a client for DHCPv6 IA_PD (Identity Association for
Prefix Delegation). Goal was to have a IETF-compliant alternative to
UHCP. The implementation was based on RFC 8415.
The comment exists since the introduction of the [original
implementation], but its meaning is unclear and misleading, as the code
doesn't do anything with link-local.
[original implementation]: https://github.com/RIOT-OS/RIOT/pull/3561
Rule 2 of the source address algorithm outlined in [RFC6724] states the
possible source addresses must also be compared among each other:
> Rule 2: Prefer appropriate scope.
> If Scope(SA) < Scope(SB): If Scope(SA) < Scope(D), then prefer SB and
> otherwise prefer SA. Similarly, if Scope(SB) < Scope(SA): If
> Scope(SB) < Scope(D), then prefer SA and otherwise prefer SB.
Our current implementation doesn't do that. It just checks if the scope
of a possible source is lesser than the scope of the destination
(which involves the second "If" in the rule).
This fix grants points according to the scope of an address. If the
scope matches, they get the highest points, ensuring that the selected
source will always be reachable from the destination.
[RFC6724]: https://tools.ietf.org/html/rfc6724
Since the GNRC_IPV6 is part of GNRC it should be a part of the gnrc compile time configuration group.
This adds information on the group to specify it is gnrc and changes the group from config to net_gnrc_conf
Typically a stack needs to add the callback for a sock as a member of
its respective `sock` type so `sock_types.h` needs to include
`net/sock/async.h` at the moment. As those however include
`net/sock/<prot>.h`, which in turn include `sock_types.h`, we create a
cyclic dependency.
This fix resolves this cyclic dependency, by putting the callback
definitions in its own header that then in turn can be also included
by `sock_types.h`.
Having the definitions sit in the `net/gnrc/sixlowpan/frag.h` header
does not make much sense, when using Selective Fragment Forwarding
(and the fragmentation buffer already includes a
`net/gnrc/sixlowpan/frag/stats.h` header), so they are moved to their
own header. Since with this change it makes more sense to have the
statistics stored in their own sub-module, the pseudo-module is also
actualized.
A pointer is not 32 bit on all platforms.
Since gnrc_lwmac only stores 16 bit in the pointer variable it is
still save to cast like this even on AVR, but cast to uintptr_t
instead of uint32_t.
fixes#12869
The configuration length verification was not taking additional alt
interface descriptors into account. This breaks situations where an alt
interface is used such as is the case with CDC ECM
When the destination address is the loopback address (`::1`) in GNRC
the selected network interface typically is `NULL`, as with GNRC no
loopback interface de facto exists. So the assertion when checking if
the source address is valid if `netif != NULL` fails on that check.
This change fixes that issue by checking if the destination address is
the loopback address, before checking the validity of the source
address.
This commit adds runtime assertions to validate that the total length of
the configuration descriptor as communicated to the host device matches the
generated length of the configuration descriptor.
The RTT callback for a super-frame cycle uses the `arg` pointer to set
the message value that then is handed to the GoMacH thread. However,
in both instances the timer is scheduled the constant
`GNRC_GOMACH_EVENT_RTT_NEW_CYCLE` is provided. This means the argument
is not really necessary.
The ubjson module has a number of quality defects and is unsafe.
Considering CBOR is popular, standarized and supported in RIOT and that
the ubjson implementation is a home-grown one whose API will likely be
unfamiliar to new users, I propose to delete it.
This removal, of course, dows not have to be NOW. We can deprecate it for
one or two releases before.
What's wrong with this module?
- Unsafe: the parsing is done recursively. This is embedded in the API, so it
is not possible to fix it without changing the API. A document with too much
nesting can cause a stack overflow.
- Does not validate writing: it is possible to produce invalid output. From
the docs:
> The library won't complain if you write multiple values that are not
> inside an array or object. The result will just not be properly serialized.
- Poorly tested. As shown by #11702, #11703 the tests were not even detecting
that a False was stored as True.
- In line with the previous remark, see
68dc5b0d6e/tests/unittests/tests-ubjson/tests-ubjson.c (L66-L77)
Why is the following code in the unit tests??
```c
irq_disable();
sched_set_status(data->main_thread, STATUS_PENDING);
```
- #2175 is still unfixed after 3.5 years.
- Code quality. The code has multiline macros that assign variables and
return. See c332514875/sys/ubjson/ubjson-write.c (L34-L41)
Can we mark it as deprecated this release and sweep it in the following one?
`gnrc_sixlowpan_frag_rb_base_rm()` cleans up the intervals which is part
of `gnrc_sixlowpan_frag_rb`, not `gnrc_sixlowpan_frag`, so when the
`gnrc_sixlowpan_frag` is not compiled in, but `gnrc_sixlowpan_frag_rb`,
the intervals allocated in the reassembly buffer and inherited by the
virtual reassembly buffer are never released.
This fits with the semantics of this function which doesn't provide or
uses any state of the reassembly buffer provided by the user, but finds
the entry itself and then removes it. This gives the user no chance to
remove the packet in the reassembly buffer entry, so
`gnrc_sixlowpan_frag_rb_rm_by_datagram()` has to release the packet
(other than `gnrc_sixlowpan_frag_rb_remove()` where not releasing the
packet is desired as it might be handed up to an upper layer).
Prevent a possible race condition when _mutex_timeout fires just after the
mutex was locked but before the xtimer was removed
The flow
int xtimer_mutex_lock_timeout(mutex_t *mutex, uint64_t timeout) {
...
mutex_lock(mutex);
/* mutex locked */
/* _mutex_timeout fires and tries to remove thread from mutex queue */
/* DEBUG: simulate callback call between lock and remove */
xtimer_spin(xtimer_ticks_from_usec(timeout*2));
xtimer_remove(&t);
...
}
To make it possible to use an Arduino library, a new pseudomodule arduino_lib is introduced. This pseudomodule enables implicitly module arduino but avoids that a sketch is required or generated and compiled. Thus, it is possible to compile and use a package or directory with some source files from an Arduino library in RIOT applications.
Preprocesor fails to evaluate the if condicion on L91-92 because
RTT_FREQUENCY is not defined, and therefore a division by 0 occurs.
TO avoid this replicate the RTT_FREQUENCY undefined warning.
Currently the bitfield type mixes up the order of bits: While the byte
order is big-endian (most significant byte first), the bit order of each
single byte within the bitfield is little-endian (most significant bit
last). While this isn't a problem for most applications of the bitfield
type it becomes one when sending the bitfield over the network (as done
e.g. in the [ACKs of Selective Fragment Recovery][SFR-ACKs]).
This change unifies byte order and bit order to both be most
significant bX first.
[SFR-ACKs]: https://tools.ietf.org/html/draft-ietf-6lo-fragment-recovery-07
Right now 'ipv6_addr_split_iface' assumes that the interface specifier
will always be a number (based on GNRC way of identifying interfaces),
but this may not be always the case.In order to be able to use the
Network Interface API, interfaces should be referred by their name.
This changes 'ipv6_addr_split_iface' so it returns a pointer to the
string that specifies the interface.
45f7966 made the `src_len` field the "emptiness signifier" for the VRB.
However, when `gnrc_sixlowpan_frag` is compiled in, the remove function
`gnrc_sixlowpan_frag_vrb_rm()` does not set the `src_len` to zero,
resulting in already deleted entry to be recognized as non-empty.
This allows to set a timer between the completion of a datagram in the
reassembly buffer and the deletion of the corresponding reassembly
buffer entry. This allows to ignore potentially late incoming link-layer
duplicates of fragments of the datagram that then will have the
reassembly buffer entry be blocked.
This was noted in this [discussion] for classic 6LoWPAN reassembly (and
minimal fragment forwarding) and is recommended in the current
[selective fragment recovery draft][SFR draft].
[discussion]: https://mailarchive.ietf.org/arch/msg/6lo/Ez0tzZDqawVn6AFhYzAFWUOtJns
[SFR draft]: https://tools.ietf.org/html/draft-ietf-6lo-fragment-recovery-07#section-6
As analyzed in #12678 there are cases where different reports can be
generated for the different snips of the packet send via the `sock`.
To catch all errors generated by the stack, the sock has to subscribe
for all snips of the packet sent. If any of the snips reports an error
distinct from `GNRC_NETERR_SUCCESS` or the previous one, we report that
status instead of just the first we receive. This way we are ensured to
have the first error reported by the stack for the given packet.
cd1ce6b98d accidentally disabled generating documentation for
`xtimer_msg_*()` functions.
Always define those functions when building the documentation.
Arduino is always enabling C++11 support, so sketches and libs are depending on
it. Every C++ compiler has been enabling C++11 by default for some years now.
Still, Ubuntu's avr-gcc is so **horrible** out of date, that it is not enabled
there. As a simple work around, -std=c++11 is now passed to the C++ compiler if
Arduino is used.
This imports the protocol parameters for Selective Fragment Recovery
(SFR). For the values I took some educated guesses based on my
experience with previous experimentation with fragment forwarding.
The defines currently are based on [draft v7].
[draft v7]: https://tools.ietf.org/html/draft-ietf-6lo-fragment-recovery-07#section-7.1
fixup! gnrc_sixlowpan_frag: initial import of SRF parameters
The name `fragment_msg` or `frag_msg`/`msg_frag` always to me was a bit
misplaced, as it basically implements an asynchronous fragmentation
buffer and doesn't necessarily have anything to do with messages.
This change
1. changes the name to `fb` (for fragmentation buffer)
2. factors its code out to its own sub-module so it can be re-used by
other 6LoWPAN fragmentation schemes like [Selective Fragment
Recovery]
[Selective Fragment Recovery]: https://tools.ietf.org/html/draft-ietf-6lo-fragment-recovery-05
The interface is already fetched in the beginning of the function and
doesn't change during its run, so getting the interface again at this
point is just redundant.
When decoding IPHC in a fragmented datagram, relying on the size of the
allocated space for the decoded packet is wrong when fragments are
forwarded and decoded on an intermediate node (for which the reassembly
buffer's space is used): Using the full datagram size for allocation in
this case would be wasteful, so the allocated space is only marginally
larger than the fragment's compressed form.
This in turn results in the wrong UDP payload size being chosen and
even worse being forwarded to the subsequent nodes.
This change uses the (virtual) reassembly buffer's `datagram_size`
instead of relying on the allocated space for the encoded
datagram/fragment.
This module was intended to be a test framework for GNRC but it never
really got used. It was not maintained for 3 years. It will be removed
after 2020.07 release at the latest.
Added a header to allow defining C interfaces using the default C11 atomic
types. Those types are however fully opaque and inaccessible from C++, as C11
atomics are completely incompatible with C++.
`_match_to_idx()` was removed from source address selection (which was
the only one setting the filter parameter to a non-NULL value), so it
is the parameter is not needed anymore.
When source address selection is done, both RFC and comments in the code
state, that a longest prefix match should *only* be used as a
tie-breaker between more than one viable candidate. If there is only one
address, there is
a) no need for a tie-breaker
b) in the case of either the destination address or the single remaining
address being ULAs ([which are considered to be of global scope]
[RFC4193]) possibly not matching, as `fd00::/7` and e.g. `2001::/8`
do not have a common prefix.
(b) in fact causes the match function to return -1, causing the source
address selection to return -1, causing the outer function to return the
first address it found (which most often is the link-local address),
causing e.g. a ping to an ULA to fail, even is there is a global
address.
[RFC4193]: https://tools.ietf.org/html/rfc4193
Different platforms evaluate `printf()` for NULL pointers differently,
resulting tests checking for a certain output to fail. This unifies that
(debug) output for the static packet buffer statistics.
This adds an early exit when the usb interface with the data endpoints
is not activated. This prevents the cdc_ecm_netdev code from attempting
to send the PDU when the USB device is not yet initialized or activated
by a host.
Similar as with #12513, when the NIB is compiled in 6LN mode (but not
6LR mode), the address-resolution state-machine (ARSM) functionality is
disabled in favor of the more simpler address resolution proposed in RFC
6775.
However, if a non-6LN interface is also compiled in (without making it
a router or border router) it will never join the solicited-nodes
multicast address of addresses added to it, resulting in address
resolution to that interface to fail.
If the interface is not a 6LN (which in case 6LN mode is disabled is
always false), a warning is now printed, encouraging the user to
activate the ARSM functionality if needed.
The OUT endpoint of the cdc ecm data endpoint is only expected to
receive data when the alternative interface is activated. Signalling
ready in the init function can cause issues as the endpoints are not yet
enabled in the low level USB peripheral driver.
Previously `ifconfig` would only know link-local addresses
(printed as 'local') and everything else would be 'global'.
This is wrong for site-local and unique local addresses which were
also denoted as global.
So use the already existing helper functions to determine the correct
type of IPv6 address when printing.
When the NIB is compiled for 6LN mode (but not a 6LBR), the Stateless
Address Autoconfiguration (SLAAC) functionality is disabled, as it is
typically not required; see `sys/include/net/gnrc/ipv6/nib/conf.h`, ll.
46 and 55. However, if a non-6LN interface is also compiled in (still
without making the node a border router) an auto-configured address will
be assigned in accordance with [RFC 6775] to the interface, just
assuming the interface is a 6LN interface. As it then only performs
duplicate address detection RFC-6775-style then, the address then never
becomes valid, as the duplicate address detection according to [RFC
4862] (part of the SLAAC functionality) is never performed.
As auto-configuring an address without SLAAC doesn't make sense, this
fix makes the interface skip it completely, but provides a warning to
the user, so they know what to do.
[RFC 6775]: https://tools.ietf.org/html/rfc6775#section-5.2
[RFC 4862]: https://tools.ietf.org/html/rfc4862#section-5.4
The functions now are semantic distinct:
- gnrc_netif_is_6lo(): the interface is a 6Lo interface
- gnrc_netif_is_6ln(): the interface is using Neighbor Discovery
according to RFC 6775
We want to check if the interface is an interface requiring the 6Lo
adaptation layer, not if it is a 6LN according to RFC 6775 [[1]].
[1]: https://tools.ietf.org/html/rfc6775#section-2
Preparation step to introduce a semantic difference between an
interface being a 6Lo interface and a 6LN according to RFC 6775 [[1]]
(i.e. performs Neighbor Discovery as defined there).
[1]: https://tools.ietf.org/html/rfc6775#section-2
When writing to the IPv6 header the implementation currently doesn't
take the packet with the (potentially) duplicated header, but the
packet with the original one, which leads to the packet sent and then
released in `gnrc_netif_ethernet.c` first and then accessed again in
further iterations of the "writing to the IPv6 header" loop, which
causes access to an invalid pointer, causing a crash.
Fixes#11980
Arduino libraries often include Arduino.h. For source code compatibility this header file is required. Header guards in file arduino.hpp had to be renamed.
While 485dbd1fda (from #12175) was right
in assuming that the for most ICMPv6 error messages the originating
packet's destination address must not be a multicast, this is not the
case for _all_ ICMPv6 error messages (see [RFC 4443], section 2.4(e.3)).
Additionally, 485dbd1fda removed the
check for the source address ([RFC 4443], section 2.4(e.6)), which this
PR re-adds.
[RFC 4443]: https://tools.ietf.org/html/rfc4443#section-2.4