MQTT over Thread

Today I am attempting to set up an MQTT connection from a Thread device to an MQTT server on the Internet (for better or for worse, if this is a terrible idea I'm open to suggestions).

I've done some preliminary investigation using the Thread CLI example and am now starting to develop code using the Thread API in SDK 2.6.0.  I have a border router running on an RPi with NAT64.

At this point I can do a DNS lookup using otDnsClientResolveIp4Address, sending the request to fd34:e64f:ccd9:02:0:0:808:808 (i.e. 8.8.8.8) and I get back the address of the MQTT server as a synthesized IPv6 address.  I can ping this address and get a response.

The next step is to attempt an MQTT connection. 

I start by calling getaddrinfo() to resolve the IP address of the broker, this fails with -ENOENT, it's the same whether I use hints.ai_family = AF_INET or AF_INET6.

So instead I tried using the address returned by the earlier DNS lookup.  Then I call mqtt_connect() but get -EPROTOTYPE (protocol wrong type for socket).

I see some discussion in DevZone from people trying to do similar things but none quite the same as this.  Perhaps I'm being naive thinking that it should 'just work'?

Any suggestions will be gladly received.

Thanks,

  Frog

Parents Reply Children
  • Sadly I don't have control over the server; there's a list of about a dozen supported ciphersuites.  I've chosen to go with ECDHE-RSA-AES256-SHA384.  I'd hoped that this would be as simple as adding a few lines to prj.conf but have gone down something of a rabbit hole.

    Starting with CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLE

    This has dependencies:

    CONFIG_NRF_SECURITY=y
    CONFIG_MBEDTLS_RSA_C=y
    CONFIG_MBEDTLS_PKCS1_V15=y
    CONFIG_MBEDTLS_LEGACY_CRYPTO_C=y

    However, setting these breaks OpenThread, I get the message:
    "Current nrf_security configuration does not provide all MBEDTLS options which are required by precompiled OpenThread libraries."

    Investigating further I find that setting CONFIG_MBEDTLS_LEGACY_CRYPTO_C=y is the culprit.

    Intriguingly, if I specify CONFIG_MBEDTLS_RSA_C=y I get a warning that it "was assigned the value 'y' but got the value 'n'".  This appears to depend on CONFIG_MBEDTLS_LEGACY_CRYPTO_C too.

    It looks as though CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED=y might be a step forward, I'm working through the dependencies but that also appears to depend on CONFIG_MBEDTLS_LEGACY_CRYPTO_C.

    The ciphersuite list is currently

    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_256_CCM
    TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
    TLS_ECDHE_ECDSA_WITH_AES_128_CCM
    TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
    TLS_EMPTY_RENEGOTIATION_INFO_SCSV

    Presumably this is the list that OpenThread has chosen to compile in.  Do you happen to know where that's defined?  I'm not above modifying the OT source if that's what it takes.

  • So today I decided to go somewhat offroad; I set

    CONFIG_MBEDTLS_CFG_FILE="config-tls-generic.h"
    CONFIG_MBEDTLS_USER_CONFIG_FILE="my-own-nrf-config.h"

    and copied the content of config-thread.h into my-own-nrf-config.h with the intention of taking over control of the crypto settings without losing any of the functionality that OpenThread needs.  With a couple of minor tweaks I got it to compile and run.

    Now I have OpenThread working normally, but when I go to open an MQTT session it's using TCP rather than TLS, which is being rejected by the server.  At this point I'm trying to work out how to get TLS going again.

    I'll keep working away at that, comparing what I have with some examples unless you have any specific advice.

Related