mgmt: hawkbit: interface support for ip addresses and domain name

nealjack · nealjack · commit 374d1e1cdca5 · 2025-05-07T10:51:25.000-06:00
Previously, hawkbit interface only supported a url/hostname and a port,
and internally it resolves to an IP address. This does not work for
network layers that rely on NAT64, like OpenThread.  Zephyr's
implementation of `getaddrinfo` is not aware of NAT64.  DNS will resolve
an IPV4 address that needs to be converted to IPV6 with the NAT64
prefix.

This commit alters the Hawkbit interface to allow providing an explicit
domain name as a string via `server_domain`, and an already resolved IP
address as `server_addr`.

This commit changes the usage of `hawkbit_runtime_config.server_addr` to
point to either an IP address or domain name. It adds a new Kconfig
(`HAWKBIT_USE_DOMAIN_NAME`) to specify an explicit domain name and adds
a new variable `hawkbit_runtime_config.server_domain`. If
`HAWKBIT_USE_DOMAIN_NAME` is enabled and a user provides an IP address
to `server_addr`, the user must provide a domain name to
`server_domain`.

Signed-off-by: Neal Jackson &lt;neal@blueirislabs.com&gt;
diff --git a/include/zephyr/mgmt/hawkbit/config.h b/include/zephyr/mgmt/hawkbit/config.h
@@ -29,8 +29,13 @@
  * settings.
  */
 struct hawkbit_runtime_config {
-	/** Server address */
+	/**
+	 * Server address (domain name or IP address if
+	 * CONFIG_HAWKBIT_USE_DOMAIN_NAME is enabled
+	 */
 	char *server_addr;
+	/** Server domain name */
+	char *server_domain;
 	/** Server port */
 	uint16_t server_port;
 	/** Security token */
@@ -44,6 +49,7 @@ struct hawkbit_runtime_config {
  *
  * @param config Configuration settings to set.
  * @retval 0 on success.
+ * @retval -EINVAL if string length mismatch for server_domain
  * @retval -EAGAIN if probe is currently running.
  */
 int hawkbit_set_config(struct hawkbit_runtime_config *config);
@@ -55,6 +61,27 @@ int hawkbit_set_config(struct hawkbit_runtime_config *config);
  */
 struct hawkbit_runtime_config hawkbit_get_config(void);
 
+/**
+ * @brief Set the hawkBit server hostname.
+ *
+ * @param hostname_str Server hostname to set.
+ * @retval 0 on success.
+ * @retval -EINVAL if string length mismatch for server_domain
+ * @retval -EAGAIN if probe is currently running.
+ */
+static inline int hawkbit_set_server_domain(char *domain_str)
+{
+	struct hawkbit_runtime_config set_config = {
+		.server_addr = NULL,
+		.server_domain = domain_str,
+		.server_port = 0,
+		.auth_token = NULL,
+		.tls_tag = 0,
+	};
+
+	return hawkbit_set_config(&set_config);
+}
+
 /**
  * @brief Set the hawkBit server address.
  *
@@ -66,6 +93,7 @@ static inline int hawkbit_set_server_addr(char *addr_str)
 {
 	struct hawkbit_runtime_config set_config = {
 		.server_addr = addr_str,
+		.server_domain = NULL,
 		.server_port = 0,
 		.auth_token = NULL,
 		.tls_tag = 0,
@@ -85,6 +113,7 @@ static inline int hawkbit_set_server_port(uint16_t port)
 {
 	struct hawkbit_runtime_config set_config = {
 		.server_addr = NULL,
+		.server_domain = NULL,
 		.server_port = port,
 		.auth_token = NULL,
 		.tls_tag = 0,
@@ -104,6 +133,7 @@ static inline int hawkbit_set_ddi_security_token(char *token)
 {
 	struct hawkbit_runtime_config set_config = {
 		.server_addr = NULL,
+		.server_domain = NULL,
 		.server_port = 0,
 		.auth_token = token,
 		.tls_tag = 0,
@@ -123,6 +153,7 @@ static inline int hawkbit_set_tls_tag(sec_tag_t tag)
 {
 	struct hawkbit_runtime_config set_config = {
 		.server_addr = NULL,
+		.server_domain = NULL,
 		.server_port = 0,
 		.auth_token = NULL,
 		.tls_tag = tag,
@@ -141,6 +172,16 @@ static inline char *hawkbit_get_server_addr(void)
 	return hawkbit_get_config().server_addr;
 }
 
+/**
+ * @brief Get the hawkBit server hostname.
+ *
+ * @return Server hostname.
+ */
+static inline char *hawkbit_get_server_domain(void)
+{
+	return hawkbit_get_config().server_domain;
+}
+
 /**
  * @brief Get the hawkBit server port.
  *
diff --git a/subsys/mgmt/hawkbit/Kconfig b/subsys/mgmt/hawkbit/Kconfig
@@ -70,6 +70,14 @@ config HAWKBIT_SET_SETTINGS_RUNTIME
 	help
 	  Enable to set hawkbit settings at runtime.
 
+config HAWKBIT_USE_DOMAIN_NAME
+	bool "Use server_domain for domain name instead of server_addr"
+	depends on HAWKBIT_SET_SETTINGS_RUNTIME
+	help
+	  Enable to use the server_domain field for TLS and HTTP. If enabled,
+	  server_addr can accept an already resolved IP address, and the domain name
+	  can be provided via server_domain.
+
 choice HAWKBIT_DDI_SECURITY
 	prompt "hawkBit DDI API authentication modes"
 	default HAWKBIT_DDI_NO_SECURITY
diff --git a/subsys/mgmt/hawkbit/hawkbit.c b/subsys/mgmt/hawkbit/hawkbit.c
@@ -21,7 +21,6 @@
 #include <zephyr/mgmt/hawkbit/hawkbit.h>
 #include <zephyr/mgmt/hawkbit/config.h>
 #include <zephyr/mgmt/hawkbit/event.h>
-#include <zephyr/net/dns_resolve.h>
 #include <zephyr/net/http/client.h>
 #include <zephyr/net/net_ip.h>
 #include <zephyr/net/net_mgmt.h>
@@ -75,10 +74,19 @@ static bool hawkbit_initialized;
 
 #endif /* CONFIG_HAWKBIT_DDI_NO_SECURITY */
 
+#ifdef CONFIG_DNS_RESOLVER_MAX_QUERY_LEN
+#define SERVER_DOMAIN_LEN CONFIG_DNS_RESOLVER_MAX_QUERY_LEN
+#else
+#define SERVER_DOMAIN_LEN 255
+#endif
+
 static struct hawkbit_config {
 	int32_t action_id;
 #ifdef CONFIG_HAWKBIT_SET_SETTINGS_RUNTIME
 	char server_addr[DNS_MAX_NAME_SIZE + 1];
+#ifdef CONFIG_HAWKBIT_USE_DOMAIN_NAME
+	char server_domain[SERVER_DOMAIN_LEN + 1];
+#endif
 	char server_port[sizeof(STRINGIFY(__UINT16_MAX__))];
 #ifndef CONFIG_HAWKBIT_DDI_NO_SECURITY
 	char ddi_security_token[DDI_SECURITY_TOKEN_SIZE + 1];
@@ -90,11 +98,17 @@ static struct hawkbit_config {
 } hb_cfg;
 
 #ifdef CONFIG_HAWKBIT_SET_SETTINGS_RUNTIME
-#define HAWKBIT_SERVER hb_cfg.server_addr
+#ifdef CONFIG_HAWKBIT_USE_DOMAIN_NAME
+#define HAWKBIT_SERVER_DOMAIN hb_cfg.server_domain
+#else
+#define HAWKBIT_SERVER_DOMAIN hb_cfg.server_addr
+#endif /* CONFIG_HAWKBIT_USE_DOMAIN_NAME */
+#define HAWKBIT_SERVER_ADDR   hb_cfg.server_addr
 #define HAWKBIT_PORT hb_cfg.server_port
 #define HAWKBIT_PORT_INT atoi(hb_cfg.server_port)
 #else
-#define HAWKBIT_SERVER CONFIG_HAWKBIT_SERVER
+#define HAWKBIT_SERVER_ADDR   CONFIG_HAWKBIT_SERVER
+#define HAWKBIT_SERVER_DOMAIN CONFIG_HAWKBIT_SERVER
 #define HAWKBIT_PORT STRINGIFY(CONFIG_HAWKBIT_PORT)
 #define HAWKBIT_PORT_INT CONFIG_HAWKBIT_PORT
 #endif /* CONFIG_HAWKBIT_SET_SETTINGS_RUNTIME */
@@ -298,6 +312,22 @@ static int hawkbit_settings_set(const char *name, size_t len, settings_read_cb r
 		return rc;
 	}
 
+#ifdef CONFIG_HAWKBIT_USE_DOMAIN_NAME
+	if (settings_name_steq(name, "server_domain", &next) && !next) {
+		if (len != sizeof(hb_cfg.server_domain)) {
+			return -EINVAL;
+		}
+
+		rc = read_cb(cb_arg, &hb_cfg.server_domain, sizeof(hb_cfg.server_domain));
+		LOG_DBG("<%s> = %s", "hawkbit/server_domain", hb_cfg.server_domain);
+		if (rc >= 0) {
+			return 0;
+		}
+
+		return rc;
+	}
+#endif /* CONFIG_HAWKBIT_USE_DOMAIN_NAME */
+
 	if (settings_name_steq(name, "server_port", &next) && !next) {
 		if (len != sizeof(uint16_t)) {
 			return -EINVAL;
@@ -336,6 +366,9 @@ static int hawkbit_settings_set(const char *name, size_t len, settings_read_cb r
 	}
 #else  /* CONFIG_HAWKBIT_SET_SETTINGS_RUNTIME */
 	if (settings_name_steq(name, "server_addr", NULL) ||
+#ifdef CONFIG_HAWKBIT_USE_DOMAIN_NAME
+	    settings_name_steq(name, "server_domain", NULL) ||
+#endif /* CONFIG_HAWKBIT_USE_DOMAIN_NAME */
 	    settings_name_steq(name, "server_port", NULL) ||
 	    settings_name_steq(name, "ddi_token", NULL)) {
 		rc = read_cb(cb_arg, NULL, 0);
@@ -359,6 +392,9 @@ static int hawkbit_settings_export(int (*cb)(const char *name, const void *value
 	(void)cb("hawkbit/action_id", &hb_cfg.action_id, sizeof(hb_cfg.action_id));
 #ifdef CONFIG_HAWKBIT_SET_SETTINGS_RUNTIME
 	(void)cb("hawkbit/server_addr", &hb_cfg.server_addr, sizeof(hb_cfg.server_addr));
+#ifdef CONFIG_HAWKBIT_USE_DOMAIN_NAME
+	(void)cb("hawkbit/server_domain", &hb_cfg.server_domain, sizeof(hb_cfg.server_domain));
+#endif /* CONFIG_HAWKBIT_USE_DOMAIN_NAME */
 	uint16_t hawkbit_port = atoi(hb_cfg.server_port);
 	(void)cb("hawkbit/server_port", &hawkbit_port, sizeof(hawkbit_port));
 #ifndef CONFIG_HAWKBIT_DDI_NO_SECURITY
@@ -439,7 +475,7 @@ static bool start_http_client(int *hb_sock)
 	}
 
 	while (resolve_attempts--) {
-		ret = zsock_getaddrinfo(HAWKBIT_SERVER, HAWKBIT_PORT, &hints, &addr);
+		ret = zsock_getaddrinfo(HAWKBIT_SERVER_ADDR, HAWKBIT_PORT, &hints, &addr);
 		if (ret == 0) {
 			break;
 		}
@@ -469,8 +505,8 @@ static bool start_http_client(int *hb_sock)
 		goto err_sock;
 	}
 
-	if (zsock_setsockopt(*hb_sock, SOL_TLS, TLS_HOSTNAME, HAWKBIT_SERVER,
-			     sizeof(CONFIG_HAWKBIT_SERVER)) < 0) {
+	if (zsock_setsockopt(*hb_sock, SOL_TLS, TLS_HOSTNAME, HAWKBIT_SERVER_DOMAIN,
+			     sizeof(HAWKBIT_SERVER_DOMAIN)) < 0) {
 		goto err_sock;
 	}
 #endif /* CONFIG_HAWKBIT_USE_TLS */
@@ -778,12 +814,27 @@ int hawkbit_default_config_data_cb(const char *device_id, uint8_t *buffer, const
 #ifdef CONFIG_HAWKBIT_SET_SETTINGS_RUNTIME
 int hawkbit_set_config(struct hawkbit_runtime_config *config)
 {
+	size_t length;
+
 	if (k_sem_take(&probe_sem, HAWKBIT_SET_SERVER_TIMEOUT) == 0) {
 		if (config->server_addr != NULL) {
 			strncpy(hb_cfg.server_addr, config->server_addr,
 				sizeof(hb_cfg.server_addr));
 			LOG_DBG("configured %s: %s", "hawkbit/server_addr", hb_cfg.server_addr);
 		}
+#ifdef CONFIG_HAWKBIT_USE_DOMAIN_NAME
+		if (config->server_domain != NULL) {
+			length = strnlen(config->server_domain, CONFIG_DNS_RESOLVER_MAX_QUERY_LEN + 1);
+			if (length > CONFIG_DNS_RESOLVER_MAX_QUERY_LEN) {
+				LOG_ERR("%s too long: %s", "hawkbit/server_domain", config->server_domain);
+				return -EINVAL;
+			}
+			strncpy(hb_cfg.server_domain, config->server_domain,
+				sizeof(hb_cfg.server_domain));
+			LOG_DBG("configured %s: %s", "hawkbit/server_domain",
+				hb_cfg.server_domain);
+		}
+#endif /* CONFIG_HAWKBIT_USE_DOMAIN_NAME */
 		if (config->server_port != 0) {
 			snprintf(hb_cfg.server_port, sizeof(hb_cfg.server_port), "%u",
 				 config->server_port);
@@ -817,7 +868,7 @@ int hawkbit_set_config(struct hawkbit_runtime_config *config)
 struct hawkbit_runtime_config hawkbit_get_config(void)
 {
 	struct hawkbit_runtime_config config = {
-		.server_addr = HAWKBIT_SERVER,
+		.server_addr = HAWKBIT_SERVER_ADDR,
 		.server_port = HAWKBIT_PORT_INT,
 		.auth_token = HAWKBIT_DDI_SECURITY_TOKEN,
 		.tls_tag = HAWKBIT_CERT_TAG,
@@ -1041,7 +1092,7 @@ static bool send_request(struct hawkbit_context *hb_context, enum hawkbit_http_r
 #endif /* CONFIG_HAWKBIT_DDI_NO_SECURITY */
 
 	http_req.url = url_buffer;
-	http_req.host = HAWKBIT_SERVER;
+	http_req.host = HAWKBIT_SERVER_DOMAIN;
 	http_req.port = HAWKBIT_PORT;
 	http_req.protocol = "HTTP/1.1";
 	http_req.response = response_cb;
@@ -1155,7 +1206,7 @@ void hawkbit_reboot(void)
 
 static bool check_hawkbit_server(void)
 {
-	if (strlen(HAWKBIT_SERVER) == 0) {
+	if (strlen(HAWKBIT_SERVER_ADDR) == 0) {
 		if (sizeof(CONFIG_HAWKBIT_SERVER) > 1) {
 			hawkbit_set_server_addr(CONFIG_HAWKBIT_SERVER);
 		} else {
