With multiple 6LoWPAN interfaces the router for the given interface
—the one the triggering RA came over—should be used to register the
address with.
Co-Authored-By: Benjamin Valentin <benpicco@googlemail.com>
The macros US_PER_MS and friends are assumed to be 32 bit unsigned integers
by users. However, e.g. on AVR a `1000U` is only 16 bit long. Thus, e.g.
`xtimer_usleep(100 * US_PER_MS)` will wrap around and only sleep for ~34ms.
This commit declares them as unsigned long, which is on all currently supported
platforms 32 bit wide.
Previously, ztimer would happily set an absolute RTT alarm value that exceeds
RTT's maximum value (though not a longer interval), as the `val` was
simply added to `rtt_get_counter()`.
This commit ensures that the target value wraps around RTT_MAX_VALUE.
Fixes#13920.
Enabled by the gnrc_netif_events pseudo module. Using an internal event
loop within the gnrc_netif thread eliminates the risk of lost interrupts
and lets ISR events always be handled before any send/receive requests
from other threads are processed.
The events in the event loop is also a potential hook for MAC layers and
other link layer modules which may need to inject and process events
before any external IPC messages are handled.
Co-Authored-By: Koen Zandberg <koen@bergzand.net>
With #10970 only existing *.c files will be added to SRC when using
the SUBMODULES mechanism, so SUBMODULES_NOFORCE (used to filter out
non existing source files) is now redundant so remove the usage.
This makes the code of `readline()` clearer and shorter. It also fixes a
minor artifact of the long line handling.
Previously it was not possible to recover from a long line. That is, if too
many characters were sent, the line would be invalidated and pressing backspace
would not fix it- the only option was to discard the line. It is now possible
to bring the line back to size. Note that visual effects when deleting characters
will still depend on the host's terminal.
The new code is written in a way that all writes to memory are guarded by
bounds check, so an assertion was removed.
Co-authored-by: Juan Carrano <j.carrano@fu-berlin.de>
There was some code added to "prevent putchar from being inlined", which
supposedly enlarged the code size.
Co-authored-by: Juan Carrano <j.carrano@fu-berlin.de>
This fixes `xtimer` to use `xtimer_now64()` instead of `xtimer_now()`
for updating the `*now` variable during the iteration in
`_update_short_timers()` function. The same function is used to
initialize `*now` in `_timer_callback()` below.
While using `xtimer_now()` in this iteration step does not hinder the
proper execution of all timers in the short term timers (for those the
`xtimer` module only looks at the `start_time` member, not the
`long_start_time` member) at least for the current long term time window
(I did not test higher cases), it sets the `long_start_time` member to 0
for all timers following in the list of timers after this iteration
step. However, external modules that rely on this to be correct,
e.g. evtimer [1], fail their calculations when trying to compare to
the current value to `xtimer_now64()`.
[1] https://github.com/RIOT-OS/RIOT/blob/11f3d68/sys/evtimer/evtimer.c#L118-L121
Co-Authored-By: Cenk Gündoğan <mail+dev@gundogan.net>
The termination condition implemented in gnrc_pktbuf_malloc does not
work when using the sock interface as sock copies packet data to a local
buffer and frees the packet afterwards. As such, the fuzzing application
would exit before performing any input processing.
For this reason, the termination condition in gnrc_pktbuf_malloc is
disabled when using sock. Instead, the application terminates if
gnrc_sock_recv previously returned the fuzzing packet. The underlying
assumption of this implementation is that gnrc_sock_recv is called in a
loop.
Since RIOT is an operating system the native binary will never terminate
[0]. The termination condition for fuzzing GNRC is that the packet was
handled by the network stack and therefore freed. If it is never freed
we will deadlock meaning a memory leak was found, afl should be able to
detect this through timeouts.
This is currently only supported for gnrc_pktbuf_malloc since this is
the pktbuf implementation I used for fuzzing. Implementing this in
pktbuf.h is not possible.
[0]: Except NATIVE_AUTO_EXIT is defined, however, even with that define
set RIOT will only terminate when all threads terminated. Unfortunately,
gnrc_udp and other network threads will never terminate.
This adds a utility module which is used to write applications for
fuzzing RIOT network modules. The module provides a dummy network
interface which is configured with a static IPv6 addresses for modules
which perform operations on the underlying network interface. Besides,
it contains a utility function for transforming data received on
standard input into a `gnrc_pktsnip_t`.
There were two subtle bugs that prevented the DHCPv6 client to request
multiple prefixes for different interfaces.
- `dhcpv6_client_req_ia_pd()` would fill up *all* leases with the same interface
- `_parse_reply()` would return after parsing the first answer
With this patch, `gnrc_border_router` gets a prefix on both interfaces of the at86rf215.
With lwIP we have a chunked UDP payload, so just providing the
stack-internal buffer is not possible. To be able to iterate over such
a chunked payload, this change allows the `sock_*_recv_buf()` functions
to use the internal buffer context as an iteration state.
As the internal buffer space can be released when the function would
return 0, `sock_recv_buf_free()` becomes unnecessary.
RFC4648 specifies an alternate alphabet for base64 encoding / decoding
where '+' and '/' are exchanged for '-' and '-' to make the resulting
string safe to use in filenames and URLs.
This adds a base64url_encode() function that uses the alternate alphabet.
The base64_decode() function is extended to accept both alphabets.
The numeric value for EOF is -1. This caused the shell to return
the same code when EOF was encountered and when the line lenght was
exceeded. Additionally, if the line length is exceeded, the correct
behaviour is to consume the remaining characters until the end of
the line, to prevent the following line from containing (potentially
dangerous) garbage.
Co-authored-by: Hendrik van Essen <hendrik.ve@fu-berlin.de>
We don't want to advertise ourselves as a router to the upstream router.
This also leads to the border router ignoring advertisements from the upstream
router.
In 06aa65e1ba (#10627) a new behavior was
introduced in IPv6 route resolution to try address resolution only at
interfaces that have the prefix of the address to be resolved configured
in the prefix list. This however only makes sense, if the prefix
configured is [on-link], otherwise there is small likelihood of the
address to be resolved being on that link.
For the error case presented for 06aa65e (circular routing at the border
router) this made sense, however within a 6LoWPAN, due to the prefix
being valid for the entire mesh, this leads to the nodes always trying
classic address resolution for in-network addresses instead of just
routing to the default route.
Classic address resolution however fails, as 6LoWPAN hosts typically
[don't join the solicited-node multicast address of their unicast
addresses][6LN-iface-init], resulting in in-network addresses not being
reachable.
As such, to prevent both error cases
- the fallback to address resolution by prefix list must only be used
when the prefix is on-link,
- the prefix configured by DHCPv6/UHCP at the 6LoWPAN border router
must be configured as on-link, but
- the prefix must not be advertised as on-link within the 6LoWPAN to
still be [in line with RFC 6775][RFC-6775-forbidden]
With this change these cases are covered.
[on-link]: https://tools.ietf.org/html/rfc4861#page-6
[RFC 6775]: https://tools.ietf.org/html/rfc6775
[6LN-iface-init]: https://tools.ietf.org/html/rfc6775#section-5.2
[RFC-6775-forbidden]: https://tools.ietf.org/html/rfc6775#section-6.1
When pinging to a prefix for which there is a prefix list entry on the
node (so no next hop) but a default route, a packet to a non-existent
address under that prefix results in the packet being forwarded to the
default route instead. This fixes it, so the node tries address
resolution on the interface the prefix list entry is associated to.
This change amends the `sock` API by a set of functions to `sock` that
allow provisioning of stack-internal buffers to the caller on receive.
This allows to cover two use-cases
1. Zero-copy systems: if the stacks supported the buffer space provided
by these functions can be the same that was filled in the link-layer
2. asynchronous receive within a wrapping sock layer (e.g. `sock_dtls`
wrapping `sock_udp`): to receive packets of the lower level protocol
asynchronously, the wrapping implementation layer would currently
need to allocate its own buffer space, introducing a third buffer
space in addition to the one of the application and the network
stack. For a wrapping layer this is undesirable.
While there are security considerations exposing stack internal memory
space to the caller, I believe they are minor, as in the end the
application developer is the person in control of the node.
This refactors nanocoap to seperate out the resource tree parsing. It
allows for calling the tree handler with custom resource trees. The
advantage is that a resource with COAP_MATCH_SUBTREE can parse a new
separate resource tree.
This is the radio found in NXP Kinetis KW41Z, KW21Z. Only 802.15.4 mode
is implemented (KW41Z also supports BLE on the same transceiver).
The driver uses vendor supplied initialization code for the low level
XCVR hardware, these files were imported from KSDK 2.2.0 (framework_5.3.5)
This adds a driver for the SPI based AT86RF215 transceiver.
The chip supports the IEEE Std 802.15.4-2015 and IEEE Std 802.15.4g-2012 standard.
This driver supports two versions of the chip:
- AT86RF215: dual sub-GHz & 2.4 GHz radio & baseband
- AT86RF215M: sub-GHz radio & baseband only
Both radios support the following PHY modes:
- MR-FSK
- MR-OFDM
- MR-O-QPKS
- O-QPSK (legacy)
The driver currently only implements support for legacy O-QPSK.
To use both interfaces, add
GNRC_NETIF_NUMOF := 2
to your Makefile.
The transceiver is able to send frames of up to 2047 bytes according to
IEEE 802.15.4g-2012 when operating in non-legacy mode.
Known issues:
- [ ] dBm setting values are bogus
- [ ] Channel spacing for sub-GHz MR-O-QPSK might be wrong
- [ ] TX/RX stress test will lock up the driver on openmote-b
If memarray data is not initialized to 0 (for instance during a
re-init). The last element of the array is not properly cleared thus
leading to returning an invalid pointer when everything is allocated.
`netopt_state_t` is an enumeration type which is not necessarily 1 byte. If `uint8_t` is used, the cast `*((const netopt_state_t*) val` in `sx127x_netdev::_set`tries to read the real size, which can be more than the given length of 1 byte. Therefore, `netstat_opt_t` has to be used instead of `uint8_t`
This function tries to remove the thread from a mutex waiting queue.
The value pointed to by unlocked will be set to 1 if the thread was removed from the waiting queue otherwise 0.
Handling timeout smaller than XTIMER_BACKOFF (the timer spins) when the mutex is already locked.
This fixes the test tests/xtimer_mutex_lock_timeout/main.c:mutex_timeout_spin_locked.
This commit adds logic to make xtimer use ztimer_usec as backend
(instead of periph_timer). This allows ztimer_usec and xtimer to
coexist. It also allows xtimer to profit from eventually implemented
power mode blocking in ztimer's periph_timer backend.
If the header file is included test_utils_interactive_sync() will
be defined as an empty function when the module is not used, e.g.
added to DISABLE_MODULES in tests/*
sock_util used ot check RIOT_VERSION for selecting fmt functions.
RIOT's Makefile.dep sets fmt as a dependency for sock_util,
so the usual MODULE_FMT can be used.
One special case less.
This updates (or adds) a compression context whenever a new prefix
arrives at the border router. This allows 6LoWPAN to compress said
prefix in the network.
Sadly, there is now way to just remove the context when the prefix is
overwritten, so I do not do it. If an administrator chooses to reset the
prefix they can use `6ctx del` which timeouts the prefix appropriately,
but IMHO it doesn't hurt to keep the old contexts.
Saving RAM is more important than saving a few cycles
used by re-creating the request buffer in the error case.
Also reduce the size of the buffer to 128 bytes.
If we are just requesting the AAAA record it is unlikely
for the reply to take up the maximum size of 512 bytes.
We were already placing restrictions on the domain name length,
those are now actually a bit more relaxed (112 bytes instead of 64)
This way, the sock-types can use the sock_async_ctx_t type in their
definition without including `sock_async_ctx.h` (potentially creating
further cyclic includes).
If a new event is fired during the execution of the event callback,
`event->type` might change. However as `event->type` is set to 0 after
the execution of the callback, that leads to it being 0 on the next
round of the event handler's execution, leading in the event getting
lost.
If there is more than one interface, print the id of the receiving
interface for convenience.
```
ping6 ff02::1
2020-02-20 18:19:38,644 # 12 bytes from fe80::d0ae:c1b:2054:58e%7: icmp_seq=0 ttl=64 rssi=-45 dBm time=4.801 ms
2020-02-20 18:19:38,652 # 12 bytes from fe80::d0ae:c1b:2054:58c%8: icmp_seq=0 ttl=64 rssi=-63 dBm time=13.422 ms (DUP!)
2020-02-20 18:19:38,661 # 12 bytes from fe80::c78:16d9:8aca:ba9a%8: icmp_seq=0 ttl=64 rssi=-44 dBm time=21.819 ms (DUP!)
2020-02-20 18:19:39,648 # 12 bytes from fe80::d0ae:c1b:2054:58e%7: icmp_seq=1 ttl=64 rssi=-44 dBm time=4.797 ms
2020-02-20 18:19:39,657 # 12 bytes from fe80::d0ae:c1b:2054:58c%8: icmp_seq=1 ttl=64 rssi=-61 dBm time=12.917 ms (DUP!)
2020-02-20 18:19:39,666 # 12 bytes from fe80::c78:16d9:8aca:ba9a%8: icmp_seq=1 ttl=64 rssi=-43 dBm time=21.679 ms (DUP!)
2020-02-20 18:19:40,657 # 12 bytes from fe80::d0ae:c1b:2054:58e%7: icmp_seq=2 ttl=64 rssi=-41 dBm time=4.795 ms
```
bitarithm.h is not needed for the interface of shed but may cause conflicts
due to different definitions of SETBIT and CLRBIT
common implementations are: (value, offset) xor (value, mask) bitarithm
implements the later
frac.c and nrf52/usbdev.c use bitarithm.h but where missing the include
sam0/rtt.c defined a bit using mask from bitarithm,
changed that to the soulution used in sam0/rtc.c
As the whitelist define can be set per compilation unit in all
legitimate cases, the checks do not need to be run on every single usb.h
inclusion. This is done for two reaons:
* It is sufficient -- if any user C file includes usb.h, there's already
a good chance that the user is doing something USB related manualy.
(And conversely, the existing examples with boards that happen to pull
in CDC-ACM or CDC-ECM do not include usb.h from an example C file).
* Defining the USB_H_USER_IS_RIOT around legitimate uses of the header
by other headers would allow accidental sidestepping: If a user
includes a legitimate usb.h using header (say, board.h) and just
forgets to include usb.h on their own, their application that'd mess
with USB would still work as usb.h is transitively included, and the
check for custom includes does not trigger.
A new define, USB_H_USER_IS_RIOT_INTERNAL, is defined that may only be
set from within RIOT's own compilation units that deem themselves
standard RIOT peripherals. If all usb.h users in a program match that
requirement, a default VID/PID pair is set.
Due to the new composite check, the individual checks for VID/PID being
set become moot and are removed.
This implements the randomization of canary values on each build as
mentioned in the comment above the STACK_CHK_GUARD macro. The canary
value is generated by the buildsystem and passed to the ssp module using
a `-D` compiler flag. The ssp object file, using this canary value, is
marked as PHONY to make sure it is rebuild on each make invocation,
thereby ensuring that each build uses a new random canary value.
Implementing this properly would require generating a cryptographically
secure random value on each boot of the RIOT operating system. This is
not deemed possible on some constrained devices, e.g. due to lack of
hardware random number generators. Besides, RIOT only seems to support a
PRNG (random module) currently. While this may be implemented in the
future for some devices the changes implemented in this commit may still
be used as a fallback then.
A hardcoded canary value is used when building software on the CI to not
break the CI test cache [1].
[1]: https://github.com/RIOT-OS/RIOT/pull/13119#issuecomment-574132932
The reassembly buffer only needs (and stores) the headers *before* the
fragment header (called per-fragment headers in RFC 8200, section 4.5).
Currently, when a subsequent IPv6 fragment is received before the first
fragment the fragment header is however not removed. With this fix it
does.
This implements a client for DHCPv6 IA_PD (Identity Association for
Prefix Delegation). Goal was to have a IETF-compliant alternative to
UHCP. The implementation was based on RFC 8415.
The comment exists since the introduction of the [original
implementation], but its meaning is unclear and misleading, as the code
doesn't do anything with link-local.
[original implementation]: https://github.com/RIOT-OS/RIOT/pull/3561
Rule 2 of the source address algorithm outlined in [RFC6724] states the
possible source addresses must also be compared among each other:
> Rule 2: Prefer appropriate scope.
> If Scope(SA) < Scope(SB): If Scope(SA) < Scope(D), then prefer SB and
> otherwise prefer SA. Similarly, if Scope(SB) < Scope(SA): If
> Scope(SB) < Scope(D), then prefer SA and otherwise prefer SB.
Our current implementation doesn't do that. It just checks if the scope
of a possible source is lesser than the scope of the destination
(which involves the second "If" in the rule).
This fix grants points according to the scope of an address. If the
scope matches, they get the highest points, ensuring that the selected
source will always be reachable from the destination.
[RFC6724]: https://tools.ietf.org/html/rfc6724
Since the GNRC_IPV6 is part of GNRC it should be a part of the gnrc compile time configuration group.
This adds information on the group to specify it is gnrc and changes the group from config to net_gnrc_conf
Typically a stack needs to add the callback for a sock as a member of
its respective `sock` type so `sock_types.h` needs to include
`net/sock/async.h` at the moment. As those however include
`net/sock/<prot>.h`, which in turn include `sock_types.h`, we create a
cyclic dependency.
This fix resolves this cyclic dependency, by putting the callback
definitions in its own header that then in turn can be also included
by `sock_types.h`.
Having the definitions sit in the `net/gnrc/sixlowpan/frag.h` header
does not make much sense, when using Selective Fragment Forwarding
(and the fragmentation buffer already includes a
`net/gnrc/sixlowpan/frag/stats.h` header), so they are moved to their
own header. Since with this change it makes more sense to have the
statistics stored in their own sub-module, the pseudo-module is also
actualized.
A pointer is not 32 bit on all platforms.
Since gnrc_lwmac only stores 16 bit in the pointer variable it is
still save to cast like this even on AVR, but cast to uintptr_t
instead of uint32_t.
fixes#12869
The configuration length verification was not taking additional alt
interface descriptors into account. This breaks situations where an alt
interface is used such as is the case with CDC ECM
When the destination address is the loopback address (`::1`) in GNRC
the selected network interface typically is `NULL`, as with GNRC no
loopback interface de facto exists. So the assertion when checking if
the source address is valid if `netif != NULL` fails on that check.
This change fixes that issue by checking if the destination address is
the loopback address, before checking the validity of the source
address.
When XTIMER_BACKOFF is used by `_xtimer_set()`, `offset` has already
been converted to ticks.
So the documentation of the `xtimer_tsleepXX()` functions is correct,
however for `xtimer_usleep()` XTIMER_BACKOFF has to be converted to µs
to calculate the minimal sleep time.
This commit adds runtime assertions to validate that the total length of
the configuration descriptor as communicated to the host device matches the
generated length of the configuration descriptor.
The RTT callback for a super-frame cycle uses the `arg` pointer to set
the message value that then is handed to the GoMacH thread. However,
in both instances the timer is scheduled the constant
`GNRC_GOMACH_EVENT_RTT_NEW_CYCLE` is provided. This means the argument
is not really necessary.
The ubjson module has a number of quality defects and is unsafe.
Considering CBOR is popular, standarized and supported in RIOT and that
the ubjson implementation is a home-grown one whose API will likely be
unfamiliar to new users, I propose to delete it.
This removal, of course, dows not have to be NOW. We can deprecate it for
one or two releases before.
What's wrong with this module?
- Unsafe: the parsing is done recursively. This is embedded in the API, so it
is not possible to fix it without changing the API. A document with too much
nesting can cause a stack overflow.
- Does not validate writing: it is possible to produce invalid output. From
the docs:
> The library won't complain if you write multiple values that are not
> inside an array or object. The result will just not be properly serialized.
- Poorly tested. As shown by #11702, #11703 the tests were not even detecting
that a False was stored as True.
- In line with the previous remark, see
68dc5b0d6e/tests/unittests/tests-ubjson/tests-ubjson.c (L66-L77)
Why is the following code in the unit tests??
```c
irq_disable();
sched_set_status(data->main_thread, STATUS_PENDING);
```
- #2175 is still unfixed after 3.5 years.
- Code quality. The code has multiline macros that assign variables and
return. See c332514875/sys/ubjson/ubjson-write.c (L34-L41)
Can we mark it as deprecated this release and sweep it in the following one?
`gnrc_sixlowpan_frag_rb_base_rm()` cleans up the intervals which is part
of `gnrc_sixlowpan_frag_rb`, not `gnrc_sixlowpan_frag`, so when the
`gnrc_sixlowpan_frag` is not compiled in, but `gnrc_sixlowpan_frag_rb`,
the intervals allocated in the reassembly buffer and inherited by the
virtual reassembly buffer are never released.
This fits with the semantics of this function which doesn't provide or
uses any state of the reassembly buffer provided by the user, but finds
the entry itself and then removes it. This gives the user no chance to
remove the packet in the reassembly buffer entry, so
`gnrc_sixlowpan_frag_rb_rm_by_datagram()` has to release the packet
(other than `gnrc_sixlowpan_frag_rb_remove()` where not releasing the
packet is desired as it might be handed up to an upper layer).
Prevent a possible race condition when _mutex_timeout fires just after the
mutex was locked but before the xtimer was removed
The flow
int xtimer_mutex_lock_timeout(mutex_t *mutex, uint64_t timeout) {
...
mutex_lock(mutex);
/* mutex locked */
/* _mutex_timeout fires and tries to remove thread from mutex queue */
/* DEBUG: simulate callback call between lock and remove */
xtimer_spin(xtimer_ticks_from_usec(timeout*2));
xtimer_remove(&t);
...
}
To make it possible to use an Arduino library, a new pseudomodule arduino_lib is introduced. This pseudomodule enables implicitly module arduino but avoids that a sketch is required or generated and compiled. Thus, it is possible to compile and use a package or directory with some source files from an Arduino library in RIOT applications.
Preprocesor fails to evaluate the if condicion on L91-92 because
RTT_FREQUENCY is not defined, and therefore a division by 0 occurs.
TO avoid this replicate the RTT_FREQUENCY undefined warning.
Currently the bitfield type mixes up the order of bits: While the byte
order is big-endian (most significant byte first), the bit order of each
single byte within the bitfield is little-endian (most significant bit
last). While this isn't a problem for most applications of the bitfield
type it becomes one when sending the bitfield over the network (as done
e.g. in the [ACKs of Selective Fragment Recovery][SFR-ACKs]).
This change unifies byte order and bit order to both be most
significant bX first.
[SFR-ACKs]: https://tools.ietf.org/html/draft-ietf-6lo-fragment-recovery-07
Right now 'ipv6_addr_split_iface' assumes that the interface specifier
will always be a number (based on GNRC way of identifying interfaces),
but this may not be always the case.In order to be able to use the
Network Interface API, interfaces should be referred by their name.
This changes 'ipv6_addr_split_iface' so it returns a pointer to the
string that specifies the interface.
45f7966 made the `src_len` field the "emptiness signifier" for the VRB.
However, when `gnrc_sixlowpan_frag` is compiled in, the remove function
`gnrc_sixlowpan_frag_vrb_rm()` does not set the `src_len` to zero,
resulting in already deleted entry to be recognized as non-empty.
This allows to set a timer between the completion of a datagram in the
reassembly buffer and the deletion of the corresponding reassembly
buffer entry. This allows to ignore potentially late incoming link-layer
duplicates of fragments of the datagram that then will have the
reassembly buffer entry be blocked.
This was noted in this [discussion] for classic 6LoWPAN reassembly (and
minimal fragment forwarding) and is recommended in the current
[selective fragment recovery draft][SFR draft].
[discussion]: https://mailarchive.ietf.org/arch/msg/6lo/Ez0tzZDqawVn6AFhYzAFWUOtJns
[SFR draft]: https://tools.ietf.org/html/draft-ietf-6lo-fragment-recovery-07#section-6
As analyzed in #12678 there are cases where different reports can be
generated for the different snips of the packet send via the `sock`.
To catch all errors generated by the stack, the sock has to subscribe
for all snips of the packet sent. If any of the snips reports an error
distinct from `GNRC_NETERR_SUCCESS` or the previous one, we report that
status instead of just the first we receive. This way we are ensured to
have the first error reported by the stack for the given packet.
cd1ce6b98d accidentally disabled generating documentation for
`xtimer_msg_*()` functions.
Always define those functions when building the documentation.
Arduino is always enabling C++11 support, so sketches and libs are depending on
it. Every C++ compiler has been enabling C++11 by default for some years now.
Still, Ubuntu's avr-gcc is so **horrible** out of date, that it is not enabled
there. As a simple work around, -std=c++11 is now passed to the C++ compiler if
Arduino is used.
This imports the protocol parameters for Selective Fragment Recovery
(SFR). For the values I took some educated guesses based on my
experience with previous experimentation with fragment forwarding.
The defines currently are based on [draft v7].
[draft v7]: https://tools.ietf.org/html/draft-ietf-6lo-fragment-recovery-07#section-7.1
fixup! gnrc_sixlowpan_frag: initial import of SRF parameters
The name `fragment_msg` or `frag_msg`/`msg_frag` always to me was a bit
misplaced, as it basically implements an asynchronous fragmentation
buffer and doesn't necessarily have anything to do with messages.
This change
1. changes the name to `fb` (for fragmentation buffer)
2. factors its code out to its own sub-module so it can be re-used by
other 6LoWPAN fragmentation schemes like [Selective Fragment
Recovery]
[Selective Fragment Recovery]: https://tools.ietf.org/html/draft-ietf-6lo-fragment-recovery-05
The interface is already fetched in the beginning of the function and
doesn't change during its run, so getting the interface again at this
point is just redundant.
When decoding IPHC in a fragmented datagram, relying on the size of the
allocated space for the decoded packet is wrong when fragments are
forwarded and decoded on an intermediate node (for which the reassembly
buffer's space is used): Using the full datagram size for allocation in
this case would be wasteful, so the allocated space is only marginally
larger than the fragment's compressed form.
This in turn results in the wrong UDP payload size being chosen and
even worse being forwarded to the subsequent nodes.
This change uses the (virtual) reassembly buffer's `datagram_size`
instead of relying on the allocated space for the encoded
datagram/fragment.
Stated the obvious in the doc: Altering the LUID returned by luid_get() breaks
the guarantee that it is locally unique, as it than could collide with other
LUIDs returned by luid_get().
This module was intended to be a test framework for GNRC but it never
really got used. It was not maintained for 3 years. It will be removed
after 2020.07 release at the latest.
Added a header to allow defining C interfaces using the default C11 atomic
types. Those types are however fully opaque and inaccessible from C++, as C11
atomics are completely incompatible with C++.
`_match_to_idx()` was removed from source address selection (which was
the only one setting the filter parameter to a non-NULL value), so it
is the parameter is not needed anymore.
When source address selection is done, both RFC and comments in the code
state, that a longest prefix match should *only* be used as a
tie-breaker between more than one viable candidate. If there is only one
address, there is
a) no need for a tie-breaker
b) in the case of either the destination address or the single remaining
address being ULAs ([which are considered to be of global scope]
[RFC4193]) possibly not matching, as `fd00::/7` and e.g. `2001::/8`
do not have a common prefix.
(b) in fact causes the match function to return -1, causing the source
address selection to return -1, causing the outer function to return the
first address it found (which most often is the link-local address),
causing e.g. a ping to an ULA to fail, even is there is a global
address.
[RFC4193]: https://tools.ietf.org/html/rfc4193
Different platforms evaluate `printf()` for NULL pointers differently,
resulting tests checking for a certain output to fail. This unifies that
(debug) output for the static packet buffer statistics.
This adds an early exit when the usb interface with the data endpoints
is not activated. This prevents the cdc_ecm_netdev code from attempting
to send the PDU when the USB device is not yet initialized or activated
by a host.
Similar as with #12513, when the NIB is compiled in 6LN mode (but not
6LR mode), the address-resolution state-machine (ARSM) functionality is
disabled in favor of the more simpler address resolution proposed in RFC
6775.
However, if a non-6LN interface is also compiled in (without making it
a router or border router) it will never join the solicited-nodes
multicast address of addresses added to it, resulting in address
resolution to that interface to fail.
If the interface is not a 6LN (which in case 6LN mode is disabled is
always false), a warning is now printed, encouraging the user to
activate the ARSM functionality if needed.
The OUT endpoint of the cdc ecm data endpoint is only expected to
receive data when the alternative interface is activated. Signalling
ready in the init function can cause issues as the endpoints are not yet
enabled in the low level USB peripheral driver.
Previously `ifconfig` would only know link-local addresses
(printed as 'local') and everything else would be 'global'.
This is wrong for site-local and unique local addresses which were
also denoted as global.
So use the already existing helper functions to determine the correct
type of IPv6 address when printing.
When the NIB is compiled for 6LN mode (but not a 6LBR), the Stateless
Address Autoconfiguration (SLAAC) functionality is disabled, as it is
typically not required; see `sys/include/net/gnrc/ipv6/nib/conf.h`, ll.
46 and 55. However, if a non-6LN interface is also compiled in (still
without making the node a border router) an auto-configured address will
be assigned in accordance with [RFC 6775] to the interface, just
assuming the interface is a 6LN interface. As it then only performs
duplicate address detection RFC-6775-style then, the address then never
becomes valid, as the duplicate address detection according to [RFC
4862] (part of the SLAAC functionality) is never performed.
As auto-configuring an address without SLAAC doesn't make sense, this
fix makes the interface skip it completely, but provides a warning to
the user, so they know what to do.
[RFC 6775]: https://tools.ietf.org/html/rfc6775#section-5.2
[RFC 4862]: https://tools.ietf.org/html/rfc4862#section-5.4
The functions now are semantic distinct:
- gnrc_netif_is_6lo(): the interface is a 6Lo interface
- gnrc_netif_is_6ln(): the interface is using Neighbor Discovery
according to RFC 6775
We want to check if the interface is an interface requiring the 6Lo
adaptation layer, not if it is a 6LN according to RFC 6775 [[1]].
[1]: https://tools.ietf.org/html/rfc6775#section-2
Preparation step to introduce a semantic difference between an
interface being a 6Lo interface and a 6LN according to RFC 6775 [[1]]
(i.e. performs Neighbor Discovery as defined there).
[1]: https://tools.ietf.org/html/rfc6775#section-2
When writing to the IPv6 header the implementation currently doesn't
take the packet with the (potentially) duplicated header, but the
packet with the original one, which leads to the packet sent and then
released in `gnrc_netif_ethernet.c` first and then accessed again in
further iterations of the "writing to the IPv6 header" loop, which
causes access to an invalid pointer, causing a crash.
Fixes#11980
Arduino libraries often include Arduino.h. For source code compatibility this header file is required. Header guards in file arduino.hpp had to be renamed.
While 485dbd1fda (from #12175) was right
in assuming that the for most ICMPv6 error messages the originating
packet's destination address must not be a multicast, this is not the
case for _all_ ICMPv6 error messages (see [RFC 4443], section 2.4(e.3)).
Additionally, 485dbd1fda removed the
check for the source address ([RFC 4443], section 2.4(e.6)), which this
PR re-adds.
[RFC 4443]: https://tools.ietf.org/html/rfc4443#section-2.4
Rather than dispatching the packet automatically once it is complete,
`gnrc_sixlowpan_frag_rb_add()` now only returns success, and leaves it
to the caller to dispatch the packet.
While it is correct to not use an invalid address as a source address,
it is incorrect to assume that addresses not assigned to the interface
(`idx == -1` in the respective piece of code) are invalid: Other than
classic forwarding via a FIB, forwarded packets utilizing a IPv6
routing header will pass this check, like any other packet sent by this
node. The source address for these is not on the given node, so e.g.
source routing is not possible at the moment.
The IPv6 (extension) headers of the first fragment received are re-used
for the reassembled packet, so when receiving a subsequent packet we
need to distinguish, if we just want to release the payload or all of
the packet after the packet data was added to the reassembly buffer.
This commit adds an example application showcasing SUIT draft v4
firmware updates.
It includes a test script suitable for local or CI testing.
Co-authored-by: Alexandre Abadie <alexandre.abadie@inria.fr>
Co-authored-by: Koen Zandberg <koen@bergzand.net>
Co-authored-by: Francisco Molina <femolina@uc.cl>
Without this change an attacker would be able to stop the emcute server
by sending a crafted packet triggering this branch. The solution is
using `continue` instead of `return`.
Due to some changes to the minimal forwarding draft and in preparation
for Selective Fragment Recovery some changes to the VRB API were
needed. Now the index of a VRB entry is only (L2 src, tag) not as
before (L2 src, L2 dst, length, tag).
I know that the current `rbuf_base` causes waste, as all the fields not
used by the new index are effectively not used by the VRB. I'd like to
fix that however in a later change, since that also requires some
modifications of the classic reassembly buffer, and thus would
complicate the review and testing of the change.
Sources for the index change:
- https://tools.ietf.org/html/draft-ietf-6lo-minimal-fragment-04#section-1
- https://mailarchive.ietf.org/arch/browse/6lo/?gbt=1&index=DLCTxC2X4bRNtYPHhtEkavMWlz4
This fixes a denial of service where an attacker would be able to cause
a NULL pointer dereference by sending a spoofed packet. This attack only
requires knowledge about pending message ids.
This is quick solution to avoid wrapping around after 4294967 milliseconds.
It uses xtimer_now_usec64 instead of xtimer_now_usec.
Notice that this is more expansive than the previous solution, especially
on AVR systems.
This change is in preparation to [PR 10788]. PR 10788 will make the
shell exitable which may lead to unexpected behavior in comparison to
previous usage of the shell.
To prevent this, this PR introduces two "new" functions to the shell's
API: `shell_run_once()` and `shell_run_forever()`.
`shell_run_once()` basically has the same behavior as `shell_run()` in
current master: Start a shell and continue reading lines until EOF is
reached.
`shell_run_forever()` wraps around `shell_run_once()` and restarts the
shell if it exits.
`shell_run()` is re-introduced as a back-porting alias for
`shell_run_forever()`.
As a consequence all current calls to `shell_run()` won't exit even
with [PR 10788] merged (which would add EOT as additional exit
condition for `shell_run_once()`).
[PR 10788]: https://github.com/RIOT-OS/RIOT/pull/10788
TCP options have up to three fields (kind, length, value). The
current code only checks for the presence of the first field. Before
accessing the second field (length) the code must ensure that a length
field is even present.
A received packet is outputted in DEBUG _after_ it was already parsed,
but with a reference to the already parsed header. The result is that
there can be some garbage in the output and the packet is not dumped in
total. As without parsing we do not have access to the header yet, we
use the `gnrc_netif_addr_to_str()` helper function instead of parsing
the destination address by hand.
This commit changes the name of the requests over the control endpoints
to control requests instead of setup requests. This is a terminology fix
to follow the USB specification more closely as technically only the
first stage of a control request is named setup which contains a setup
packet. The whole transfer is a control transfer.
This enables 'pthread' support on arduino.
avr-libc C90 'time.h' does not include 'sys/types.h' as POSIX expects it.
However, the type previously defined conflicts with the one in
'cpu/atmega_common/avr_libc_extra/include/sys/types.h' when both are
included, so include 'sys/types.h'.
Maybe it should alway be included by 'time.h' but this
would need its specific review.
llvm-ar behaves weidly when creating thin archive. This only manifests
itself when using arduino sketches as these are built from the "bin"
directory.
Specifically, given a directory "m" and an object in "m/obj.o " an
invocation with CWD==m:
```
llvm-ar rcTs ../m.a obj.o
```
Will create a maformed archive. Binutils does not have any issue with this.
The following command, executed with CWD==m/.. works:
```
llvm-ar rcTs m.a m/obj.o
```
The trick used in this commit is to put the source files in a different
directory than the object files and compile from there.
- add init_schedstatistics function to be called after
auto_init, that way xtimer_is init is called before
the first call to xtimer_now
- register schedstatics code as a callback to be executed
on each sched_run()
- Removed stdio_init() from newlib's _init(), as this is too late in the boot
process to allow DEBUG()ing during periph_init()
- Added stdio_init() to the various cpu_init() routines of the ARM CPUs just
before periph_init()
The function insert returns KERNEL_PID_UNDEF now because pthread_create checks for it.
In pthread_create it checks now if thread_create returns a valid pid
before this commit the src address was checked for multicast, but the dst address should be checked. Therefore udp multicast packets would be flooded back to the src as ICMPv6 error, as not all nodes had a UDP receiver registered.
Replaces the special heap command approach of the lpc_common module with a more general heap command approach. Module lpc_common was already removed with PR #2118. PR #2118 integrated cpu/lpc_common code in cpu/lpc2387. With PR #3530 special heap handling for cpu/lpc2387 was replaced by newlib memory management which uses _sbrk_r to allocate chunks from the heap. _sbrk_r uses _sheap and _eheap symbols that are defined in lpc2387.ld and can be used together with mallinfo function for heap statistics.
- Serial.print() and Serial.println() have been extended to support:
- unsigned int
- long
- unsigned long
- The SerialFormat BIN has been implemented
- Serial.println(void) has been added
Rename TMP006 to TMP00x
Add TMP007 sensor support to TMP00X
Change uint8_t reg to uint16_t
Add to doxygen documentation group
Expose compile time configurations
Move defines from .c to .h
Change double to float, because double is not needed
Add TMP007 register information
Generate a module for arduino sketches in a subfolder of BINDIR.
This prevents issues when doing concurrent builds or out of tree build with
readonly sources.
Declare all generated files as `BUILDDEPS` to be re-created after
`clean` on parrallel `clean all`.
When a keepalive timeout occurs keepalive_retry_cnt remains zero,
so when the connection is re-established _on_keepalive_evt will
immediately disconnect instead of actually sending a keepalive ping.
The sequence looks like:
1. _on_connack: start con->keepalive_timer
2. Server does not respond to keepalive pings
3. _on_keepalive_evt: con->keepalive_retry_cnt reaches zero
4. Connection torn down and ASYMCUTE_DISCONNECTED sent to application
5. Application starts reconnection
6. _on_connack: start con->keepalive_timer again
7. First _on_keepalive_evt: con->keepalive_retry_cnt is still zero
8. Repeat from 4.
So this simply resets keepalive_retry_cnt in _on_connack when
the keepalive timer is restarted. It's a new connection, so
resetting the keepalive retry counter make senses regardless.
Signed-off-by: Derek Hageman <hageman@inthat.cloud>
With the increase of the message queue size from 8 to 16 in
946b06e4f0, the default stack became too small.
This changes the stack size to grow with the message queue size.
The cc110x driver has been re-written from scratch to overcome the limitations
of the old driver. The main motivation of the rewrite was to achieve better
maintainability by a detailed documentation, reduce the complexity and the
overhead of the SPI communication with the device, and to allow to
simultaneously use transceivers with different configuration regarding the used
base band, the channel bandwidth, the modulation rate, and the channel map.
Features of this driver include:
- Support for the CC1100, CC1101, and the CC1100e sub-gigahertz transceivers.
- Detailed documentation of every aspect of this driver.
- An easy to use configuration API that allows setting the transceiver
configuration (modulation rate, channel bandwidth, base frequency) and the
channel map.
- Fast channel hopping by pre-calibration of the channels during device
configuration (so that no calibration is needed during hopping).
- Simplified SPI communication: Only during start-up the MCU has to wait
for the transceiver to be ready (for the power regulators and the crystal
to stabilize). The old driver did this for every SPI transfer, which
resulted in complex communication code. This driver will wait on start up
for the transceiver to power up and then use RIOT's SPI API like every other
driver. (Not only the data sheet states that this is fine, it also proved to
be reliable in practise.)
- Greatly reduced latency: The RTT on the old driver (@150 kbps data rate) was
about 16ms, the new driver (@250 kbps data rate) has as RTT of ~3ms
(depending on SPI clock and on CPU performance) (measured with ping6).
- Increased reliability: The preamble size and the sync word size have been
doubled compared to the old driver (preamble: 8 bytes instead of 4,
sync word: 4 byte instead of 2). The new values are the once recommended by
the data sheet for reliable communication.
- Basic diagnostic during driver initialization to detect common issues as
SPI communication issues and GDO pin configuration/wiring issues.
- TX power configuration with netdev_driver_t::set() API-integration
- Calls to netdev_driver_t::send() block until the transmission has completed
to ease the use of the API (implemented without busy waiting, so that the
MCU can enter lower power states or other threads can be executed).
- Removed cc110x driver
- Updated all makefiles
- Kept both board specific configurations and support for it in RIOT's
upper layers, so re-implementations don't need to start from zero
CTRL-C cancels the current line, similar to how getty works.
This is useful if one is using a dumb terminal to communicate with
a node, as it saves having to repeatedly type backspace to discard the
current line. It also helps when connecting to an already running node,
as one does not know what is on the line buffer, the safest thing to do
is to begin by sending a ctrl-C.
This is a suggestion of @benemorius.
Add an implementation that waits for 's' to print 'START' and return.
If 'r' is given is prints 'READY' to allow querying for state.
The help and answered string have to be different to not match the other.
Using puts/getchar was smaller than using `stdio_read/stdio_write` on the
example I tested with `esp32`.
From the gnrc_pktbuf_mark documentation:
It's not guaranteed that `result->data` points to the
same address as the original `pkt->data.
Thus it should be necessary to update the `hdr` pointer.
if xtimer_set spins the callback is executed in the thread context.
comment to explain irq_disable
and when this line could be removed
(when xtimer stops executing the callback funtion from thread context)
If an address was pre-configured by the upper layer its validity is
currently ignored. It is neither checked if the address is on the
interface at all nor is it checked if it is valid.
This change provides a fix for that by checking both facts.
A proper error code is returned if a key with unsupported (either by the implementation or the AES algorithm) length is passed to aes_init.
This fixes Issue #10175
The length field in an MQTT packet carries the _total_ length of the
packet. If it is below 256 (i.e. fits in one byte) only one byte is
used for the length field. If it is larger than that 3 bytes are used,
with the first byte having the value `0x01` and the remaining bytes
representing the length in as a 2 byte unsigned integer in network byte
order. Resulting from that it can be assessed that the check in
`emcutes`'s `set_len()` function is wrong as it needs to be checked if
`len` is lesser or equal to `0xff - 1`. `len <= (0xff - 1)` can be
simplified to `len < 0xff`. For some larger packages this safes 2 bytes
of wasted packet space.
`len` is used with the `memcpy()` to copy the payload to `tbuf`. With a
payload provided that is just long enough to fill `tbuf`, `len += 6`
leads to the `memcpy()` overriding data after `tbuf` (e.g. the
`mutex` that is unlocked right after) and thus resulting in potential
segmentation faults.
Additionally `+ 6` can only be applied if the total packet length is
below 256 (see spec), so `len + pos` is what needs to be provided to the
corresponding send functions instead (`pos` adapts to the header length
of the PUBLISH message).
Unstructured static initializer like { 0 } lead to compilation errors on ESP8266, MSP430 and MIPS. Error messages are:
error: (near initialization for 'queue.event_list') [-Werror=missing-braces]
error: (near initialization for 'queue.waiter') [-Werror=missing-field-initializers]
This change fixes the compilation problem.
Check for the usage of `newlib_nano` module instead of the
`USE_NANO_SPECS` variable.
This allows also benefiting from the `printf_float` and `scanf_float`
behaviour on `arm7` and `riscv` cpus.
- Add SEMTECH_LORAMAC_ALREADY_JOINED ret code for semtech_loramac_join
- Add SEMTECH_LORAMAC_TX_CNF_FAILED ret code for semtech_loramac_send
- Update shell commands to notify when no ACK is received on cnf tx
stm32eth: Move to stm32_common periph
cpu/stm32_periph_eth: Rebase to current master branch
- Update DMA to use new vendor headers
- Update send to use iolist. It looks like the packet headers are now transfered as seperate iolist entries which results in the eth periph sending each header as own packet. To fix this a rather ugly workaround is used where the whole iolist content is first copied to a static buffer. This will be fixed soon in another commit
- If MAC is set to zero use luid to generate one
- Small code style fixes
cpu/stm312f7: Add periph config for on-board ethernet
boards/nucleo-f767zi: Add config for on board ethernet
tests/stm32_eth_lwip: Remove board restriction
boards/common/nucleo: Add luid module if stm32 ethernet is used
tests/stm32_eth_gnrc: Add Testcase for gnrc using the stm32 eth periph
stm32_eth: Rework netdev driver layour
tests/stm32_eth_*: Use netdev driver header file for prototypes
stm32_eth: Add auto init for stm32 eth netdev driver
boards/stm32: Enable ethernet conf for nucleo boards
stm32_eth_auto_init: Add dont be pendantic flag
stm32_eth: Remove dma specific stuff from periph_cpu.h
Looks like this was implemented in PR #9171 and 021697ae94 with the same interface.
stm32_eth: Remove eth feature from stm32f4discovery boards
stm32_eth: Migrate to stm32 DMA API
stm32_eth: Add iolist to module deps
stm32_eth: Rework send function to use iolist
stm32_eth: Fix ci build warnings
stm32_eth: Fix bug introduced with iolist usage
stm32_eth: Remove redundant static buffer
stm32_eth: Fix feature dependencies
stm32_eth: Fix wrong header guard name
stm32_eth: Implement correct l2 netstats interface
stm32_eth: Rename public functions to stm32_eth_*
stm32_eth: Fix doccheck
stm32_eth: Move register DEFINE to appropriate header file
stm32_eth: remove untested configuration for f446ze boards
stm32_eth: Move periph configuration struct to stm32_common
stm32_eth: Fix naming of eth_phy_read and eth_phy_write
stm32_eth: Remove obsolete test applications
When reworking the reception of IPv6 packets I reset a previously set
`ipv6` snip as follows when the IPv6 extension handler returns a
packet (see first hunk of this commit):
```C
ipv6 = pkt->next->next
```
With `gnrc_ipv6_ext` this makes *somewhat* sense, `pkt->next` was
previously equal to `ipv6` and after the function call `pkt->next`
is the marked extension header, while `pkt->next->next` is the IPv6
header. However, since `ipv6` is already write-protected i.e.
`ipv6->users == 1` (see ll. 665-675), any additional call of
`gnrc_pktbuf_start_write()` [won't][start-write-doc] duplicate the
packet. In fact, the only `gnrc_pktbuf_start_write()` in
`gnrc_ipv6_ext` is used to send the *result* to the subscribers of that
extension header type, leaving the original packet unchanged for the
caller. As such `ipv6` remains the pointer to the IPv6 header whether
we set it in the line above or not. So we actually don't need that
line.
However, the extension header handling also returns a packet when
`gnrc_ipv6_ext` is not compiled in. In that case it is just a dummy
define that returns the packet you give provide it which means that
this still holds true: `pkt->next == ipv6`.
So setting `ipv6` in this case is actually harmful, as `ipv6` now
points to the NETIF header [following the IPv6 header][pkt-structure]
in the packet and this causes the `user` counter of that NETIF header
`hdr` to be decremented if `hdr->users > 1` in the write-protection I
removed in hunk 2 of this commit:
```C
/* pkt might not be writable yet, if header was given above */
ipv6 = gnrc_pktbuf_start_write(ipv6);
if (ipv6 == NULL) {
DEBUG("ipv6: unable to get write access to packet: dropping it\n");
gnrc_pktbuf_release(pkt);
return;
}
```
But as we already established, `ipv6->users` is already 1, so we don't
actually need the write protection here either.
Since the packet stays unchanged after the `ipv6` snip, we also don't
need to re-search for `netif_hdr` after the other two lines are
removed.
[start-write-doc]: https://doc.riot-os.org/group__net__gnrc__pktbuf.html#ga640418467294ae3d408c109ab27bd617
[pkt-structure]: https://doc.riot-os.org/group__net__gnrc__pkt.html#ga278e783e56a5ee6f1bd7b81077ed82a7
Summary for Users
=================
Deprecation is scheduled for 2020.01.
Users which depend on this module and cannot switch libraries may copy
the code into to their own application.
As expressed in PR #11724, the UBJSON module has issues which are not easy
or worth fixing.
Before removing the module, it should be marked as deprecated to give users
time to either migrate to another library, or copy the code to their own
private repo.
The deprecation warning has been supressed from the unit tests. This has the
ugly side-effect of supressing deprecation warning in other unit tests too,
but that should not last long, only until the module is finally deleted.
The `addr` parameter of the NIB's `_handle_dad()` function can come
from anywhere (e.g. in the fallback to classic SLAAC the destination
address of the IP header is used), so putting that pointer in a timer
is not a good idea. Instead we use the version of the address that is
stored within the interface.
