Skip to content

Zephyr TCP/IP replacement #114

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dgarske merged 10 commits into from
Jun 8, 2026
Merged

Zephyr TCP/IP replacement #114

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
08cc43a
Added multiple interface routing
danielinux May 11, 2026
8be5e92
Added zephyr port
danielinux May 11, 2026
a03f455
Fix failing test, increase coverage
danielinux May 11, 2026
ee81b21
Fixed failing build, addressed copilot comments
danielinux May 11, 2026
b5c5ece
Removed dead function
danielinux May 11, 2026
70986c1
Address copilot's comments
danielinux May 11, 2026
5caff43
Fixed test regression due to symbol visibility
danielinux May 11, 2026
f1bebb3
Fix Zephyr POSIX type handling
danielinux Jun 8, 2026
032a464
Fix stale nexthop unit tests
danielinux Jun 8, 2026
1d9288f
Simplify m33mu latest container workflows
danielinux Jun 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/stm32h563-m33mu-freertos.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ jobs:
stm32h563_m33mu_echo_freertos:
runs-on: ubuntu-latest
container:
image: ghcr.io/wolfssl/wolfboot-ci-m33mu:v1.2
image: ghcr.io/wolfssl/wolfboot-ci-m33mu:latest
options: --privileged
steps:
- name: Checkout
Expand Down
29 changes: 13 additions & 16 deletions .github/workflows/stm32h563-m33mu-ssh-tzen.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
run: |
set -euo pipefail
apt-get update
apt-get install -y sudo dnsmasq iproute2 netcat-openbsd git \
apt-get install -y dnsmasq iproute2 netcat-openbsd git \
openssh-client sshpass

- name: Fetch wolfSSL/wolfSSH/wolfBoot
Expand All @@ -34,9 +34,9 @@ jobs:
git clone --depth 1 --branch master https://github.com/wolfSSL/wolfssh.git ../wolfssh
fi
if [ ! -d ../wolfboot ]; then
git clone --depth 1 --branch stm32tz https://github.com/dgarske/wolfboot.git ../wolfboot
git -C ../wolfboot submodule update --init --single-branch
git clone --depth 1 https://github.com/wolfSSL/wolfBoot.git ../wolfboot
fi
git -C ../wolfboot submodule update --init --single-branch

- name: Build wolfBoot (stm32h5-tz)
run: |
Expand All @@ -63,19 +63,19 @@ jobs:
cleanup() {
set +e
if [ -f /tmp/m33mu.pid ]; then
sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
fi
sudo pkill -x m33mu 2>/dev/null || true
pkill -x m33mu 2>/dev/null || true
if [ -f /tmp/dnsmasq.pid ]; then
sudo kill "$(cat /tmp/dnsmasq.pid)" 2>/dev/null || true
kill "$(cat /tmp/dnsmasq.pid)" 2>/dev/null || true
fi
sudo ip link del tap0 2>/dev/null || true
ip link del tap0 2>/dev/null || true
}
trap cleanup EXIT

sudo ip tuntap add dev tap0 mode tap
sudo ip addr add 192.168.12.1/24 dev tap0
sudo ip link set tap0 up
ip tuntap add dev tap0 mode tap
ip addr add 192.168.12.1/24 dev tap0
ip link set tap0 up

cat > /tmp/dnsmasq.conf <<'CONF'
interface=tap0
Expand All @@ -84,12 +84,9 @@ jobs:
dhcp-leasefile=/tmp/dnsmasq.leases
log-dhcp
CONF
sudo dnsmasq --conf-file=/tmp/dnsmasq.conf --pid-file=/tmp/dnsmasq.pid
dnsmasq --conf-file=/tmp/dnsmasq.conf --pid-file=/tmp/dnsmasq.pid

# wolfBoot does a full software ECC256 verify of the 300 KB
# signed NS image before it BLXNSes into wolfIP. End-to-end the
# m33mu run takes ~3 minutes; 360s gives ~2x headroom.
sudo m33mu \
/usr/local/bin/m33mu \
../wolfboot/wolfboot.bin \
src/port/stm32h563/app_v1_signed.bin:0x60000 \
--cpu stm32h563 --tap:tap0 --uart-stdout --timeout 360 --quit-on-faults \
Expand Down Expand Up @@ -142,5 +139,5 @@ jobs:
fi
echo "SSH test succeeded."
if [ -f /tmp/m33mu.pid ]; then
sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
fi
91 changes: 42 additions & 49 deletions .github/workflows/stm32h563-m33mu.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 20
container:
image: ghcr.io/wolfssl/wolfboot-ci-m33mu:v1.2
image: ghcr.io/wolfssl/wolfboot-ci-m33mu:latest
options: --privileged

steps:
Expand All @@ -21,7 +21,7 @@ jobs:
run: |
set -euo pipefail
apt-get update
apt-get install -y sudo dnsmasq iproute2 netcat-openbsd
apt-get install -y dnsmasq iproute2 netcat-openbsd

- name: Build STM32H563 echo firmware
run: |
Expand All @@ -36,19 +36,19 @@ jobs:
cleanup() {
set +e
if [ -f /tmp/m33mu.pid ]; then
sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
fi
sudo pkill -x m33mu 2>/dev/null || true
pkill -x m33mu 2>/dev/null || true
if [ -f /tmp/dnsmasq.pid ]; then
sudo kill "$(cat /tmp/dnsmasq.pid)" 2>/dev/null || true
kill "$(cat /tmp/dnsmasq.pid)" 2>/dev/null || true
fi
sudo ip link del tap0 2>/dev/null || true
ip link del tap0 2>/dev/null || true
}
trap cleanup EXIT

sudo ip tuntap add dev tap0 mode tap
sudo ip addr add 192.168.12.1/24 dev tap0
sudo ip link set tap0 up
ip tuntap add dev tap0 mode tap
ip addr add 192.168.12.1/24 dev tap0
ip link set tap0 up

cat > /tmp/dnsmasq.conf <<'EOF'
interface=tap0
Expand All @@ -57,9 +57,9 @@ jobs:
dhcp-leasefile=/tmp/dnsmasq.leases
log-dhcp
EOF
sudo dnsmasq --conf-file=/tmp/dnsmasq.conf --pid-file=/tmp/dnsmasq.pid
dnsmasq --conf-file=/tmp/dnsmasq.conf --pid-file=/tmp/dnsmasq.pid

sudo m33mu src/port/stm32h563/app.bin \
/usr/local/bin/m33mu src/port/stm32h563/app.bin \
--cpu stm32h563 --tap:tap0 --uart-stdout --timeout 120 \
2>&1 | tee /tmp/m33mu.log &
sleep 1
Expand All @@ -68,6 +68,7 @@ jobs:
echo "${m33mu_pid}" > /tmp/m33mu.pid
fi

# Wait for DHCP lease
ip=""
for _ in $(seq 1 60); do
if [ -s /tmp/dnsmasq.leases ]; then
Expand Down Expand Up @@ -107,14 +108,14 @@ jobs:
fi
echo "Echo test succeeded."
if [ -f /tmp/m33mu.pid ]; then
sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
fi

stm32h563_m33mu_full:
runs-on: ubuntu-latest
timeout-minutes: 30
container:
image: ghcr.io/wolfssl/wolfboot-ci-m33mu:v1.2
image: ghcr.io/wolfssl/wolfboot-ci-m33mu:latest
options: --privileged

steps:
Expand All @@ -132,7 +133,7 @@ jobs:
run: |
set -euo pipefail
apt-get update
apt-get install -y sudo dnsmasq iproute2 netcat-openbsd \
apt-get install -y dnsmasq iproute2 netcat-openbsd \
curl mosquitto-clients openssh-client

- name: Build STM32H563 full firmware
Expand All @@ -152,19 +153,19 @@ jobs:
cleanup() {
set +e
if [ -f /tmp/m33mu.pid ]; then
sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
fi
sudo pkill -x m33mu 2>/dev/null || true
pkill -x m33mu 2>/dev/null || true
if [ -f /tmp/dnsmasq.pid ]; then
sudo kill "$(cat /tmp/dnsmasq.pid)" 2>/dev/null || true
kill "$(cat /tmp/dnsmasq.pid)" 2>/dev/null || true
fi
sudo ip link del tap0 2>/dev/null || true
ip link del tap0 2>/dev/null || true
}
trap cleanup EXIT

sudo ip tuntap add dev tap0 mode tap
sudo ip addr add 192.168.12.1/24 dev tap0
sudo ip link set tap0 up
ip tuntap add dev tap0 mode tap
ip addr add 192.168.12.1/24 dev tap0
ip link set tap0 up

cat > /tmp/dnsmasq.conf <<'EOF'
interface=tap0
Expand All @@ -173,9 +174,9 @@ jobs:
dhcp-leasefile=/tmp/dnsmasq.leases
log-dhcp
EOF
sudo dnsmasq --conf-file=/tmp/dnsmasq.conf --pid-file=/tmp/dnsmasq.pid
dnsmasq --conf-file=/tmp/dnsmasq.conf --pid-file=/tmp/dnsmasq.pid

sudo m33mu src/port/stm32h563/app.bin \
/usr/local/bin/m33mu src/port/stm32h563/app.bin \
--cpu stm32h563 --tap:tap0 --uart-stdout --timeout 240 \
2>&1 | tee /tmp/m33mu.log &
sleep 1
Expand Down Expand Up @@ -316,14 +317,14 @@ jobs:
echo ""
echo "=== All tests passed ==="
if [ -f /tmp/m33mu.pid ]; then
sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
fi

stm32h563_m33mu_https_tls13:
runs-on: ubuntu-latest
timeout-minutes: 25
container:
image: ghcr.io/wolfssl/wolfboot-ci-m33mu:v1.2
image: ghcr.io/wolfssl/wolfboot-ci-m33mu:latest
options: --privileged

steps:
Expand All @@ -333,7 +334,7 @@ jobs:
run: |
set -euo pipefail
apt-get update
apt-get install -y sudo dnsmasq iproute2 curl git tcpdump
apt-get install -y dnsmasq iproute2 curl git tcpdump

- name: Fetch wolfSSL
run: |
Expand Down Expand Up @@ -361,22 +362,22 @@ jobs:
cleanup() {
set +e
if [ -f /tmp/m33mu.pid ]; then
sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
fi
if [ -f /tmp/tcpdump.pid ]; then
sudo kill "$(cat /tmp/tcpdump.pid)" 2>/dev/null || true
kill "$(cat /tmp/tcpdump.pid)" 2>/dev/null || true
fi
sudo pkill -x m33mu 2>/dev/null || true
pkill -x m33mu 2>/dev/null || true
if [ -f /tmp/dnsmasq.pid ]; then
sudo kill "$(cat /tmp/dnsmasq.pid)" 2>/dev/null || true
kill "$(cat /tmp/dnsmasq.pid)" 2>/dev/null || true
fi
sudo ip link del tap0 2>/dev/null || true
ip link del tap0 2>/dev/null || true
}
trap cleanup EXIT

sudo ip tuntap add dev tap0 mode tap
sudo ip addr add 192.168.12.1/24 dev tap0
sudo ip link set tap0 up
ip tuntap add dev tap0 mode tap
ip addr add 192.168.12.1/24 dev tap0
ip link set tap0 up

cat > /tmp/dnsmasq.conf <<'CONF'
interface=tap0
Expand All @@ -385,12 +386,12 @@ jobs:
dhcp-leasefile=/tmp/dnsmasq.leases
log-dhcp
CONF
sudo dnsmasq --conf-file=/tmp/dnsmasq.conf --pid-file=/tmp/dnsmasq.pid
dnsmasq --conf-file=/tmp/dnsmasq.conf --pid-file=/tmp/dnsmasq.pid

sudo tcpdump -i tap0 -nn -U -w /tmp/https-test.pcap > /tmp/tcpdump.log 2>&1 &
tcpdump -i tap0 -nn -U -w /tmp/https-test.pcap > /tmp/tcpdump.log 2>&1 &
echo $! > /tmp/tcpdump.pid

sudo m33mu src/port/stm32h563/app.bin \
/usr/local/bin/m33mu src/port/stm32h563/app.bin \
--cpu stm32h563 --tap:tap0 --uart-stdout --timeout 180 --quit-on-faults \
2>&1 | tee /tmp/m33mu.log &
sleep 1
Expand Down Expand Up @@ -444,17 +445,17 @@ jobs:
fi
echo "HTTPS test succeeded."
if [ -f /tmp/m33mu.pid ]; then
sudo kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
kill "$(cat /tmp/m33mu.pid)" 2>/dev/null || true
fi
if [ -f /tmp/tcpdump.pid ]; then
sudo kill "$(cat /tmp/tcpdump.pid)" 2>/dev/null || true
kill "$(cat /tmp/tcpdump.pid)" 2>/dev/null || true
fi

stm32h563_m33mu_vlan:
runs-on: ubuntu-latest
timeout-minutes: 20
container:
image: ghcr.io/wolfssl/wolfboot-ci-m33mu:v1.2
image: ghcr.io/wolfssl/wolfboot-ci-m33mu:latest
options: --privileged

steps:
Expand All @@ -464,11 +465,7 @@ jobs:
run: |
set -euo pipefail
apt-get update
# iproute2: 'ip' command (tap, vlan link-add)
# tcpdump: packet capture on tap0
# tshark: filter/parse the pcap for VID + direction assertions
# sudo: the integration script wraps privileged ops with sudo
apt-get install -y sudo iproute2 tcpdump tshark
apt-get install -y iproute2 tcpdump tshark

- name: Run VLAN integration test (TCP echo over 802.1Q)
timeout-minutes: 15
Expand All @@ -478,10 +475,6 @@ jobs:
M33MU_TIMEOUT: "60"
run: |
set -euo pipefail
# The script builds the firmware with ENABLE_VLAN=1, sets up tap0
# + tap0.${VLAN_VID}, boots m33mu, probes the TCP echo service on
# port 7 over the VLAN, and asserts via tshark that 802.1Q frames
# flowed in both directions on VID=${VLAN_VID}.
bash tools/scripts/debug-m33mu-vlan-local.sh

- name: Upload VLAN artifacts on failure
Expand Down
Loading
Loading