Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[coap-secure] introduce maximum connection attempt limit for CoAP agent #9694

Merged
merged 1 commit into from
Jan 25, 2024
Merged

[coap-secure] introduce maximum connection attempt limit for CoAP agent #9694

merged 1 commit into from
Jan 25, 2024

Conversation

abtink
Copy link
Member

@abtink abtink commented Dec 7, 2023

This commit introduces a new feature in SecureTransport and CoapSecure that allows us to specify the maximum number of allowed connection attempts before the socket is automatically closed and the CoAP agent is stopped. This can be used to enhance security by preventing attacks and excessive retries. This commit also adds a callback mechanism to notify when the limit is reached and the CoAP agent is stopped.

Related to SPEC-1216 and for use with ephemeral PSK mechasnim (PR #9435)

@abtink abtink mentioned this pull request Dec 7, 2023
Open
23 tasks
@size-report size-report
Copy link

size-report bot commented Dec 7, 2023
edited
Loading

Size Report of OpenThread

Merging #9694 into main(a0b9ac7).

name branch text data bss total
ot-cli-ftd main 464256 760 66252 531268
#9694 464448 760 66284 531492
+/- +192 0 +32 +224
ot-ncp-ftd main 434556 760 61464 496780
#9694 434748 760 61496 497004
+/- +192 0 +32 +224
libopenthread-ftd.a main 233668 0 40198 273866
#9694 233868 0 40230 274098
+/- +200 0 +32 +232
libopenthread-cli-ftd.a main 56654 0 8075 64729
#9694 56654 0 8075 64729
+/- 0 0 0 0
libopenthread-ncp-ftd.a main 31839 0 5916 37755
#9694 31839 0 5916 37755
+/- 0 0 0 0
ot-cli-mtd main 363400 760 51148 415308
#9694 363640 760 51180 415580
+/- +240 0 +32 +272
ot-ncp-mtd main 346252 760 46376 393388
#9694 346476 760 46408 393644
+/- +224 0 +32 +256
libopenthread-mtd.a main 157026 0 25110 182136
#9694 157254 0 25142 182396
+/- +228 0 +32 +260
libopenthread-cli-mtd.a main 39527 0 8059 47586
#9694 39527 0 8059 47586
+/- 0 0 0 0
libopenthread-ncp-mtd.a main 24719 0 5916 30635
#9694 24719 0 5916 30635
+/- 0 0 0 0
ot-cli-ftd-br main 532624 768 130932 664324
#9694 532800 768 130964 664532
+/- +176 0 +32 +208
libopenthread-ftd-br.a main 296643 5 104854 401502
#9694 296815 5 104886 401706
+/- +172 0 +32 +204
libopenthread-cli-ftd-br.a main 70287 0 8099 78386
#9694 70287 0 8099 78386
+/- 0 0 0 0
ot-rcp main 62168 564 20604 83336
#9694 62168 564 20604 83336
+/- 0 0 0 0
libopenthread-rcp.a main 9522 0 5052 14574
#9694 9522 0 5052 14574
+/- 0 0 0 0
libopenthread-radio.a main 18811 0 214 19025
#9694 18811 0 214 19025
+/- 0 0 0 0

@codecov Codecov
Copy link

codecov bot commented Dec 7, 2023
edited
Loading

Codecov Report

Attention: 13 lines in your changes are missing coverage. Please review.

Comparison is base (a0b9ac7) 81.49% compared to head (6c29b98) 82.44%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #9694      +/-   ##
==========================================
+ Coverage   81.49%   82.44%   +0.95%     
==========================================
  Files         555      558       +3     
  Lines       76358    71769    -4589     
==========================================
- Hits        62229    59172    -3057     
+ Misses      14129    12597    -1532
Files Coverage Δ
src/core/coap/coap_secure.hpp 76.00% <ø> (-12.00%) ⬇️
src/core/meshcop/secure_transport.hpp 90.90% <ø> (ø)
src/core/coap/coap_secure.cpp 78.57% <70.00%> (-3.99%) ⬇️
src/core/meshcop/secure_transport.cpp 71.63% <58.82%> (+2.04%) ⬆️

... and 342 files with indirect coverage changes

@abtink abtink mentioned this pull request Dec 8, 2023
Merged
jwhui
jwhui reviewed Jan 19, 2024
View reviewed changes
src/core/meshcop/secure_transport.cpp Outdated Show resolved Hide resolved
src/core/meshcop/secure_transport.cpp Outdated Show resolved Hide resolved
src/core/meshcop/secure_transport.cpp Outdated Show resolved Hide resolved
@abtink
[coap-secure] introduce maximum connection attempt limit for CoAP agent
6c29b98 
This commit introduces a new feature in `SecureTransport` and
`CoapSecure` that allows us to specify the maximum number of allowed
connection attempts before the socket is automatically closed and the
CoAP agent is stopped. This can be used to enhance security by
preventing attacks and excessive retries. This commit also adds a
callback mechanism to notify when the limit is reached and the CoAP
agent is stopped.
@jwhui jwhui merged commit 81106df into openthread:main Jan 25, 2024
100 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jwhui jwhui jwhui approved these changes

Assignees
No one assigned
Labels
comp: coap enhancement P4
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@abtink @jwhui