Adds the socket option TLS_ALPN_LIST for SOL_TLS sockets
Passes the configured alpn list to the mbedtls config
on mbedtls init
Signed-off-by: Emil Hammarstrom <emil.hammarstrom@assaabloy.com>
The indentation went wrong when the integer types was changed
from the type "u8_t" to type "uint8_t". This changed the length
of the type and caused the code to look bad in places.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Zephyr running on MPU devices have a different memory model than
process-oriented OSes like Linux and require a method to set
kernel object permissions on a file descriptor's underlying
context object. Add this, and a test to show that it is working.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Instead of using a custom offloading interface, users can use
`NET_SOCKET_REGISTER` macro to register custom socket API provider. This
solution removes a limitation, that only one offloaded interface can be
registered and that it cannot be used together with native IP stack.
The only exception remainig are DNS releated operations -
`getaddrinfo`/`freeaddrinfo`, which, when offloaded, have to be
registered specifically.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
`TLS_PEER_VERIFY` and `TLS_DTLS_ROLE` options accept specific values,
yet no symbols were defined for them. In result, magic numbers were used
in several places, making the code less readable.
Fix this issue, by adding the missing symbols to the `socket.h` header,
and using them in places where related socket options are set.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The previous patch left some include directives hidden within the body
of the extern "C" block. Lift them out to the top of the file where
they're more visible.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
The SO_SOCKS5 socket option can be used by the application to
set the SOCKS5 proxy details. These details will be used when
connecting to peer.
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
The SO_TXTIME socket option can be used by the application to
tell the network device driver the exact moment when the
network packet should be sent.
This feature is also implemented in Linux.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Add BSD socket sendmsg() API that can be used to send data to peer
and also pass ancillary data to lower level of the network stack.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The handcrafted allocation falls victim of misaligned structures due to
toolchain padding which crashes the socket test code on 64-bit targets.
Let's move it to the iterable section utility where those issues are
already taken care of.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
This can be used to activate the network packet statistics
collection. Note that we do not have resources to calculate
each network packet transit times but we collect average times
instead.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Folks found the use of @rststar/@endrststar non-intuitive (wanted to use
@rststart). The "star" was there indicating the doxygen comment lines
had a leading asterisk that needed to be stripped, but since our
commenting convention is to use the leading asterisk on continuation
lines, the leading asterisk is always there. So, change the doxygen
alias to the more expected @rst/@endrst.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Allow user to set the socket priority using setsockopt() call.
The priority value is used to order the networking queues so
that packets with a higher priority may be processed first.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
From POSIX.1-2017:
The getsockname() function shall retrieve the locally-bound name of the
specified socket, store this address in the sockaddr structure pointed
to by the address argument, and store the length of this address in the
object pointed to by the address_len argument.
The address_len argument points to a socklen_t object which on input
specifies the length of the supplied sockaddr structure, and on output
specifies the length of the stored address. If the actual length of the
address is greater than the length of the supplied sockaddr structure,
the stored address shall be truncated.
If the socket has not been bound to a local name, the value stored in
the object pointed to by address is unspecified.
Signed-off-by: Tomasz Gorochowik <tgorochowik@antmicro.com>
Not in POSIX. Linux man getnameinfo says about it:
"In order to assist the programmer in choosing reasonable sizes for
the supplied buffers, <netdb.h> defines the constants
#define NI_MAXHOST 1025
#define NI_MAXSERV 32
Since glibc 2.8, these definitions are exposed only if suitable
feature test macros are defined, namely: _GNU_SOURCE, _DEFAULT_SOURCE
(since glibc 2.19), or (in glibc versions up to and including 2.19)
_BSD_SOURCE or _SVID_SOURCE."
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
We need all the socket APIs to work from user mode.
tests/net/socket/misc now runs in userspace.
Fixes: #15227
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
The current idea is that we document zsock_* prefixed symbols, refer
to Open Group POSIX website
(http://pubs.opengroup.org/onlinepubs/9699919799/) for normative
descriptions, and explicitly mention bare POSIX name of a function
too (so e.g. users could find it via search).
Fixes: #13397
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Add various AI_* flags, similar to previously added flags for
getnameinfo(). All flags specified by POSIX are defined (with
values compatible with Linux), to allow to build existing
software which may refer to them. They can be implemented
gradually, as usecases arrive.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
To save binary size, currently just returns textual name of error
code, e.g. EAI_FAIL -> "EAI_FAIL". Based on real usecases, can be
replaced with user-friendly message later. (Current usecase is to
allow/help to elaborate sockets API by proof-of-concept porting
existing socket apps).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
select() is a rather peculiar construct, defining/depending on many
types and symbols. Making that to coexist with POSIX subsystem is
an ongoing challange. To facilitate that, let's split those
definitions to a separate header (which e.g. can be included without
including all the rest of socket defines).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
This function is the opposite of getaddrinfo(), i.e. converts
struct sockaddr into a textual address. Normally (or more
specifically, based on the flags) it would perform reverse DNS
lookup, but current implementation implements only subset of
functionality, by converting to numeric textual address.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Following convention, all functions of sockets API have zsock_
prefix, then optionally aliased to bare POSIX names.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
shutdown() itself is described as just marking RX or TX path of a
socket as not available. For the first approximation, we implement
it just as a dummy function, to allow build existing POSIX
applications which use it.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
The convention is that implementation of any Socket API function
lives in zsock_*(), and then it's optionally aliased to bare POSIX
name if requested. This convention must be followed to get proper
integration into the general POSIX subsystem.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Implemented via Zephyr's net_hostname_get(). As support for that call
is configurable and by default off, while many POSIX applications
assume that hostname is always available, we need a default value
in case CONFIG_NET_HOSTNAME_ENABLE is "n". Initial version of this
patch added that on the level of gethostname() call, but of was
suggested to move that down to net_hostname_get() instead.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
struct timeval is per POSIX defined in sys/time.h, but that also
allowed to pull sys/select.h (and indeed, it does with native_posix),
which then starts to conflict with out select implementation (if
NET_SOCKETS_POSIX_NAMES is defined, and many samples/tests have it).
So, for now follow the existing route of duplicating all definitions
needed by our code in namespaced manner. Things like struct timeval
usage will need to be revisited later, when we'll want socket
subsystem to work with POSIX subsystem, but that's a separate deep
matter.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
It's implemented on top of poll() anyway, and the current
implementation of fd_set uses array of fd's underlyingly, which
leads to O(n) complexity for FD_SET() and friends.
The purpose of select() implementation is to allow to perform
proof-of-concept port of 3rd-party code to Zephyr quickly. For
efficiency, poll() should be used instead.
Fixes: #11333
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
When offloading is enabled, a call to inet_pton() results in a call to
zsock_inet_pton() based on its implementation in include/net/socket.h.
This eventually leads to a call to _impl_zsock_inet_pton(), which is
not defined when offloading is enabled.
In this commit, we have chosen to directly call net_addr_pton() in
inet_pton() in the offload case to be efficient, and keep the
implementation as it is when offload is not enabled.
Fixes#12441
Signed-off-by: Vincent Wan <vincent.wan@linaro.org>
As mentioned in issue #12265, some networking APIs
aren't included in the generated
API docs because doxygengroup directives were missing.
Signed-off-by: David B. Kinder <david.b.kinder@intel.com>
Implement extended socket vtable for TLS sockets, therefore allowing to
integrate the implementation with socket subsystem.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Secure socket options descriptions were not doxygen comments,
therefore did not show up in the documentation.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
So that client apps can refer to them, and then can be implemented on
Zephyr side as needed.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Adds getaddrinfo and freeaddrinfo to the offloaded API.
Signed-off-by: Joakim Andre Tønnesen <joakim.tonnesen@nordicsemi.no>
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Any word started with underscore followed by and uppercase letter or a
second underscore is a reserved word according with C99.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This patch enables BSD socket offload to a dedicated
TCP/IP offload engine.
This provides a simpler, more direct mechanism than going
through NET_OFFLOAD (zsock -> net_context -> socket conversions)
for those devices which provide complete TCP/IP offload at the
BSD socket level, and whose use cases do not require
IP routing between multiple network interfaces.
To use, configure CONFIG_NET_SOCKETS_OFFLOAD=y, and register
socket_offload_ops with this module.
Fixes#3706
Signed-off-by: Gil Pitney <gil.pitney@linaro.org>
This commit contains several fixes for DTLS implementation, proposed in
a post-merge review of #9338.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add system calls for the zsock implementations of socket,
close, bind, connect, listen, accept, sendto, recvfrom,
fcntl, poll, inet_pton, and getaddrinfo.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Make TLS poll function verify if decrypted data is available after
socket has notified activity with POLLIN flag. This prevents from giving
false notifications in case data was received on socket but was consumed
by mbedTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add write-only socket option to set role for DTLS connection. This
option is irrelevant for TLS connections.
This options accepts and integer with a TLS role, compatible with
mbedTLS values:
0 - client,
1 - server.
By default, DTLS will assume client role.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add write only TLS secure option to set peer verification level for
TLS connection.
This option accepts an integer with a peer verification
level, compatible with mbedtls values (0 - none, 1 - optional, 2 -
required.
By default, socket mimics mebdTLS behavior - (none for server, required
for client).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS secure socket option to read a ciphersuite chosen during TLS
handshake. Might be useful during development.
This is a read-only option that returns an integer containing an
IANA assigned ciphersuite identifier of chosen ciphersuite.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS secure socket option that enables to narrow list of ciphersuites
available for TLS connection.
This option accepts an array of integers with IANA assigned ciphersuite
identifiers and returns such.
By default, every statically configured ciphersuite is available for a
socket and getsockopt returns an array of these.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add write-only TLS secure socket option to set hostname.
This option accepts a string containing the hostname. May be NULL, to
disable hostname verification.
By default, an empty string is set as a hostname for TLS clients,
to enforce hostname verification in mbedTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
