- Adds platform API `trelDnssdInitialize` to initialize TREL
DNS-SD module.
- Adds `test_trel_connectivity.py` test.
- Fixed `Border Router` TREL test to really use TREL.
This commit generates a random NAT64 prefix and adds the prefix to
NetworkData if none exits. The prefix will be saved in Settings for
recovery.
It also adds a new CLI command `br nat64prefix` to show the local
nat64 prefix.
A new config OPENTHREAD_CONFIG_BORDER_ROUTING_NAT64_ENABLE is defined
and used to guard the change.
This initial implementation only supports a single BR.
This commit enables `OT_BORDER_ROUTING` feature in some of the
build scripts (e.g., `script/check-scan-build` or `make-pretty`) so
that it is covered by github actions workflow CI.
This commit adds support for DNS Stateful Operations (DSO) as
specified in RFC 8490.
It adds `platform/dso_transport.hpp` header file which defines the
platform APIs/callbacks for DSO transport layer (e.g., DSN-over-TLS
or DNS-over-TCP).
The `Dso` module handles establishing connection with a peer, acting
either as a DSO client or server, establishing a DSO session over a
connection, and then sending and processing DSO request, response,
and unidirectional messages (including support for DSO TLV formats).
The `Dso` module also manages the session life cycle and timeouts,
namely the "Inactivity" and "Keep Alive" timeouts (including sending
and processing of Keep Alive messages when needed). It also handles
adding encryption padding before sending a message. It implements the
padding policy "Random-Block-Length Padding" from RFC 8467.
This commit also adds a detailed unit test `test_dso` covering the
behavior (including corner cases) of the `Dso` implementation. The
unit test provides an implementation of the DSO platform APIs which
emulate the DSO transport layer. It also includes a simplified alarm
platform implementation (emulating timers and allowing time to
advance in the unit test). These allow the unit test to cover more
complicated situations and behaviors (timeouts, failures, etc).
This commit removes `OPENTHREAD_CONFIG_LOG_DEFINE_AS_MACRO_ONLY`.
which helps simplify the logging implementation. This feature enabled
all logging including the platform API to be defined as macros and
was intended for certain restricted platforms. With the new logging
model, OpenThread core itself will prepare the entire log line
instead of platform layer, so this feature is no longer applicable or
useful.
This commit implements OTBR firewall. This implementation focuses on
ingress filtering. We may also introduce egress filtering when
necessary.
For security purpose, there are some packet forwarding rules to
follow, which were originally introduced in the spec.
- Inbound packets initiated with On-Link addresses source (OMR and
mesh local prefix based addresses) should be blocked.
- Inbound unicast packets whose destination address is not OMR address
or DUA should be blocked.
- Inbound unicast packets whose source address or destination address
is link-local should be blocked. Note that we don’t need to
explicitly add rules for link-local addresses since this should
already be handled by the kernel.
These rules can be easily implemented by iptables and ipset.
Before otbr-agent starts, there is a script creating the iptables
rules. The rules themselves are constant so we don't need to change
them dynamically. During the runtime of otbr-agent, otbr-agent updates
ipsets accordingly whenever there's a change of on-link prefixes.
This commit adds two simulation tests to verify that SRP clients can
register 500 services to one SRP server:
- Virtual time simulation test with one SRP server and 25 SRP clients,
each client registering 20 SRP services.
- OTBR simulation test same as above, but run SRP server on OTBR
(Docker).
This commit implements part of the OTBR firewall. This implementation
focuses on the ingress filtering part. We may also introduce egress
filtering part when necessary.
For security purpose, there are some packet forwarding rules to
follow, which were originally introduced in the spec.
- Inbound packets initiated with On-Link addresses source (OMR and
mesh local prefix based addresses) should be blocked.
- Inbound unicast packets whose destination address is not OMR address
or DUA should be blocked.
- Inbound unicast packets whose source address or destination address
is link-local should be blocked. Note that we don’t need to
explicitly add rules for link-local addresses since this should
already be handled by the kernel.
These rules can be easily implemented by iptables and ipset.
- Before otbr-agent starts, there is a script creating the iptables
rules. The rules themselves are constant so we don't need to change
them dynamically.
- During the runtime of otbr-agent, otbr-agent updates ipsets
accordingly whenever there's a change of on-link prefixes.
Background:
In an early stage of developing a new product, developers may want to
verify the Thread related hardware functionality, for example, send,
receive, etc. However if the product uses the posix <-> RCP mode,
it's hard to verify it before the posix daemon can run on the
host. cli-ftd and cli-mtd could be an alternative. However, if the
product uses the posix <-> RCP mode, the space of the 802.15.4 radio
chip will be very small. For example, nRF52811 doesn't have enough
space to flash cli-ftd or cli-mtd firmware. So this PR creates a new
firmware ot-cli-radio which has very limited functionality for
verifying the hardware.
Basically, the ot-cli-radio consists of openthread-radio and
libopenthread-cli-radio.a. It supports very few cli commands. The most
important command is diag. Currently, there are: diag, help, reset,
version.
Currently, the diag commands have different implementation on RCP:
- For commands like diag start, the process function
(Diags::ProcessStart) is first called on host. Then host sends an
SPI frame to the RCP and Diags::ProcessStart (different
implementation) is called again on RCP.
- For commands like diag send, Diags::ProcessSend is first called on
host. Then host sends an SPI frame to the RCP, directly calling
send API. And there is no Diags::ProcessSend implemented on RCP.
Let's call the implementation of Diags::Process* currently on host as
native diag commands. When we run ot-cli-radio, we should use the
native diag commands because it won't interact with a posix daemon and
it processes the diag commands through the whole process. So this PR
adds a new option OPENTHREAD_CONFIG_DIAG_NATIVE_CMDS_ON_RCP to control
whether to use the native diag implementation on RCP. When we use a
normal RCP, the option should be disabled. While when use
ot-cli-radio, the option should be enabled.
This commit adds a new class `AnycastLocator` which can be used to
locate the closest destination of an anycast IPv6 address (i.e., find
the related mesh local EID and RLOC16). The closest destination is
determined based on the the current routing table and path costs
within the Thread mesh.
The implementation uses a CoAP confirmable post request to a newly
added URI path ("a/yl"). The destination IPv6 address of such as
request message is set to the anycast address to be located. The
receiver of the request message sends a CoAP response which includes
the "Mesh Local EID" and "Thread RLOC16" TLVs.
This commit also adds support this new feature in CLI (adding a new
`locate <anycast-addr>` command).
Finally this commit adds `test_anycast_locator.py` to test behavior of
the new feature.
This commit adds a new module `Uptime` which tracks the number of
milliseconds since OpenThread stack initialization as an `uint64_t`
value. It also adds public OT APIs to get the current uptime value
(either as the number of milliseconds or in human-readable string
format like "2 days 12:45:12.762"). A CLI `uptime` command is also
added. This feature can be enabled using the newly added config
option `OPENTHREAD_CONFIG_UPTIME_ENABLE` (or the related CMake
`OT_UPTIME` option).
This commit adds History Tracker feature and its CLI support. This
feature records history of different events as the Thread network
operates (e.g., history of RX and TX IPv6 messages or network info
changes).
Recorded entries are timestamped. When the history list is read, the
timestamps are given as the entry age relative to the time the list
is being read. For example in CLI a timestamp can be shown as
`02:31:50.628 ago` indicating the entry was recorded 2 hours, 31 min,
50 sec, and 628 msec ago. Number of days is added for events that are
older than 24 hours, e.g., `31 days 03:00:23.931 ago`. Timestamps use
millisecond accuracy and are tacked up to 49 days. If an event is
older than 49 days, the entry is still tracked in the list but the
timestamp is shown as old or `more than 49 days ago`.
The `HistoryTracker` currently maintains 3 lists. The Network Info
history tracks changes to Device Role, Mode, RLOC16 and Partition ID.
The RX/TX history list records information about the received/sent
IPv6 messages:
- Message type (UDP, TCP, ICMP6 (and its subtype), etc.)
- Source and destination IPv6 addresses and port numbers
- IPv6 payload length
- The message checksum (for UDP, TCP, or ICMP6).
- Whether or not the link-layer security was used
- Message priority: low, norm, high, net (for control messages)
- Short address (RLOC16) of neighbor who send/received the msg
- Received Signal Strength (in dBm) for RX only
- Radio link info (15.4/TREL) on which msg was sent/received
(useful when `OPENTHREAD_CONFIG_MULTI_RADIO` is enabled)
Config `HISTORY_TRACKER_EXCLUDE_THREAD_CONTROL_MESSAGES` can be used
to configure `HistoryTracker` to exclude Thread Control message
(e.g., MLE, TMF) from TX and RX history.
The number of entries recorded for each history list is configurable
through a set of OpenThread config options, e.g., number of entries
in Network Info history list is specified by OpenThread config option
`OPENTHREAD_CONFIG_HISTORY_TRACKER_NET_INFO_LIST_SIZE`. The
`HistoryTracker` will keep the most recent entries overwriting oldest
ones when the list gets full.
This commit also adds support for `HistoryTracker` in CLI. The CLI
commands provide two style for printing the history information: A
table format (more human-readable) and list style (better suited for
parsing by machine/code). `README_HISTORY.md` is added to document
the commands and the info provided by each history list entry.
This commit also adds `test_history_tracker.py` test-case which
covers the behavior of `HistoryTracker`.
This commit implements a new feature "Network Data Publisher" which
provides mechanisms to limit the number of similar entries (service
and/or prefix) in the Thread Network Data by monitoring the Network
Data and managing if or when to add or remove entries. This feature is
enabled using `OPENTHREAD_CONFIG_NETDATA_PUBLISHER_ENABLE` config, or
`NETDATA_PUBLISHER` in autoconf, or `OT_NETDATA_PUBLISHER` cmake
option.
This commit adds support for publishing DNS/SRP anycast/unicast
service, on-mesh prefix, and external route prefix entries.
When there is a request to publish an entry, the `Publisher` monitors
the Network Data and counts the number of similar entries. If there
are fewer entries than a desired target number, the entry is added
after a short random delay.
If there are too many similar entries, `Publisher` starts the process
of removing its own entry (again after some random wait time). When
removing entries, certain entries are preferred over others (e.g., an
entry from a router over one from an end-device or if they are from
the same type of node, the one with smaller RLOC16). If `Publisher`
determines that its own entry is a preferred one, it adds an extra
wait time before removing its entry. This gives higher chance for a
non-preferred entry from another device to be removed before removing
a preferred entry which helps towards quicker convergence of the
process to the desired number of entries.
On-mesh prefix and external route entries have a "preference" field.
When publishing such an entry, a matching entry in the network data is
counted only if its preference is same or higher than the entry's
preference. This ensures that a device with a higher preference entry
publishes its entry even when there are many lower preference similar
entries in the network data (potentially causing a lower preference
entry to be removed).
This commit also adds `test_netdata_publisher.py` to verify the
behavior of the `Publisher`.
This commit fixes reporting expect failures by adding fail on error
flag to the ot_exec_expect_script function in script/test script.
This commit also fixes failing expect tests and removes expect tests
on macOS for unstable issues.
The default Thread version has been set to 1.2 when building. Our test
script which checks building hasn't been updated accordingly. This
commit fixes this error.
This commit splits OPENTHREAD_CONFIG_MLE_LINK_METRICS_ENABLE macro
into two subsequent ones:
- OPENTHREAD_CONFIG_MLE_LINK_METRICS_SUBJECT_ENABLE
- OPENTHREAD_CONFIG_MLE_LINK_METRICS_INITIATOR_ENABLE
This addresses `clang-tidy` warning for unused `using` statement. This
commit also ensures `OT_DNSSD_SERVER` is enabled in `make-pretty`
script and therefore covered by github action `build pretty`
workflow.
Summary of changes:
- Enable building OpenThread RCP image on the Raspberry Pi (aarch64)
directly (using Ubuntu)
- Fix problem with not having access to the /opt folder as a user
List of changes:
- modified Autotools, CMake and Android build systems
- increased heap size as new version requires additional 64B
- replaced deprecated API (mbedtls_ecdsa_sign_det)
- removed workaround with defining mbedtls_ecp_restart_ctx
This commit updates `toranj/build.sh` script for posix based builds to
generate CLI executable. It also updates the posix platform to provide
log functionality when `LOG_OUTPUT` is set to `LOG_OUTPUT_APP`.
This commit also adds CI build checks for multi-radio and TREL build
configurations under posix platform.
Since OT_TREL is going to be set to ON in OTBR, this commit makes sure
we test OTBR with TREL off.
Also removed -DOTBR_DNSSD_DISCOVERY_PROXY=ON since it's now ON by
default.
The POSIX NCP app(ot-ncp) is simulating of NCP with an RCP. With the
latest otbr-agent, this is not needed any more. It is only used in CI
tests. This commit removes the app to save maintenance efforts.
