net/nanocoap: Build message with coap_pkt_t

[kb2ma]

Contribution description

Adds an API to nanocoap to use a coap_pkt_t to build a message, including options. Builds on existing buffer-based functions. Use of the coap_pkt_t struct makes it easier to manage options.

Includes:

• coap_pkt_init()
• coap_opt_add_string()
• coap_opt_add_uint()
• coap_opt_finish()

This approach also allows integration by gcoap, bringing the APIs closer together.

Issues/PRs references

Implements ideas described in #9048 and #8831. Provides an API useful to #8920.

[kb2ma]

I plan to add a couple more tests, including for the Content-Format uint option. I think that then I can remove the WIP label.

The coap_opt_get_string() function can be added to #8920. We can create a PR like #8920 for uint options. We also can create a follow-on PR for sorting options in coap_opt_finish() that were added provisionally. Certainly the gcoap adaptation will need this.

[kb2ma]

Squashed WIP commits; ready for review. The unit tests provide decent coverage. To give the work some live testing, I created a CLI app based on the gcoap example. See my riot-nano-cli repo.

As I pulled this together, a couple of issues arose in my mind:

• Do we need to create some kind of #ifdef to distinguish use of pkt-based functions to build a message vs. the traditional buffer based functions? There will be a transitional period until the buffer-based functions, like coap_put_option_block1() can be replaced.

• We should take advantage of the information in the packet struct to update/replace coap_put_option(). The change is to inform the function of the maximum buffer length available, and return -ENOSPC if not sufficient. The option header length can be more than 1, so the caller really can't predict if there is enough space. I've added asserts for now.

[kb2ma]

@kaspar030, I assume that the basic approach here is acceptable. I am starting on a PR based on this one to adapt gcoap to it. This will allow us to remove the gcoap-specific #ifdefs added in #8772 and to reverse the stack size increase in #9000.

[kb2ma]

Squashed. No one has commented, and this simplifies a follow-on PR to sort options that I'm creating.

[bergzand]

This should be @param[in,out] according to doxygen

[kb2ma]

Sure thing.

[bergzand]

A small description of the purpose of these flags would be helpful here.

[kb2ma]

Will do.

[bergzand]

Same as above

[bergzand]

Is it possible for this function to return error codes? If not, can we change the return type to size_t instead of ssize_t?

[kb2ma]

This is an interesting API design question. These coap_opt_add...() functions rely on _add_opt_pkt(), which in turn relies on coap_put_option(). IMO the latter can be improved to return -ENOSPC because the user can't always determine in advance if the option will be too long for the available buffer space. See the questions I pose in a comment above.

So, I'm sort of anticipating that we will update these functions eventually to return an error code in that case. Does it make sense to update the API now for these new functions so the user does not need to update their code in the future? Besides, use of a signed value will never really be a problem in this case. Why box in the API if you don't need to?

OTOH, maybe this whole idea of overrunning the buffer when writing options is so unlikely that the present use of an assert after the option is added is the best/simplest solution.

[bergzand]

ssize_t sounds good to me. I agree with you reason that these function might start returning errors. This error could not only be caused by a buffer overflow with the pdu buffer space, but also with the option array being completely filled.

I tend to favor a "soft" error return code here over an assertion. Mostly because it is possible for external CoAP requests to influence these options, and it would be bad if an assertion could be remotely triggered with some specific request (causing a packet of death vulnerability).

I think it would be best to add an @return negative on error to the doxygen both here and with the other "coap_opt_add" functions to indicate the need for error checking.

[kb2ma]

Please see the exact wording and let me know if any concerns. Also I updated the implementation of coap_opt_add_string() to return -ENOSPC. The input string may contain multiple separators, and it might be difficult for the caller to determine this in advance.

Mostly because it is possible for external CoAP requests to influence these options

Can you be more specific? I'm not sure that I follow you.

[bergzand]

Same with the return type as for coap_opt_add_string

[bergzand]

[in,out]

[bergzand]

How many flags are we expecting here, would uint8_t suffice?

[kb2ma]

Might we need more than eight flags? Another interesting API question. We already have used two (add-payload, and sort-options in another PR) I rounded up here figuring it didn't really matter in terms of space, and it allows for future flexibility. Conceivably we also could use the high-order byte if some future flag requires an associated value.

[bergzand]

Ok. uint16_t sounds good then. Could you please reflect this in the flag defines, so 0x0001 instead of 0x1 to have the data size a bit more explicit there.

[kb2ma]

Done.

[bergzand]

I think you should check here whether there is still an empty position in the options array, to prevent array-out-of-bounds bugs

[kb2ma]

Excellent idea!

[bergzand]

I think an explicit @pre to indicate that there should be an initialized coap_hdr_t in the buffer would be nice. Somebody is going to miss the note with the buf param there :)

[kb2ma]

I agree completely.

[kb2ma]

Thanks for the review, @bergzand. Pushed fixups.

[emmanuelsearch]

@bergzand @kb2ma are there a lot of to dos left here?

[kb2ma]

I believe I've addressed @bergzand's comments. It would be nice to at least have a high-level "ok with the approach" confirmation from @kaspar030 since this change is a significant addition to nanocoap. It is a new API to build a message instead of the historical, purely buffer-based approach.

[bergzand]

@kaspar030 On a samr21-xpro, this patch adds 26 bytes of flash usage to the nanocoap-server example, that is still unmodified without any usage of these functions.
(measured with cosy)

[kaspar030]

@kb2ma The approach looks good to me -> high-level ACK.

[kb2ma]

@bergzand, thanks for measuring. I plan to review and report. I haven't tried cosy yet.

@kaspar030, thanks for confirmation.

[bergzand]

@kb2ma I'd like to test this a bit more and then ACK it. Feel free to squash in the mean time.

[kb2ma]

Rebased and squashed.

Relative to master, I see the difference in size of the text sections as 52 bytes. I attribute this to

• realization of _encode_uint(), which is called from coap_opt_add_uint() as well as the historical coap_put_option_block()
• the longer branch name

In the proposed module doc for nanocoap, I include macros to exclude the code (COAP_WRITE_OPTIONS_STRUCT), which clears up this problem. If this is important to do now, I can add to this PR, or we can put it in a follow-on PR.

[bergzand]

Ack

[bergzand]

If this is important to do now, I can add to this PR, or we can put it in a follow-on PR.

Let's do this in a follow up.