Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use CoAP for fetching diagnostic #2569

Open
dakhnod opened this issue Oct 29, 2024 · 8 comments
Open

use CoAP for fetching diagnostic #2569

dakhnod opened this issue Oct 29, 2024 · 8 comments

Comments

@dakhnod
Copy link

dakhnod commented Oct 29, 2024

I am Interested in retrieving diagnostic data from devices via CoAP.

From my research, it seems that the TMF CoAP server is listening at port 61631.
I am now trying to use coap-client to fetch said diagnostics data via the command

printf '\x12\x01\x00\x21\x02\x50\x7e' | coap-client -N -p 61631 -f - -m post coap://[ff02::1%wpan0]:61631/d/dq

The issue now is that my otbr-agent instance logs out Dropping TMF message from untrusted origin and seems to return 4.04.

Thus, here are my questions:

  1. Is there any documentation to the TMF CoAP calls?
  2. Why does the BR reject my messages?
  3. How can send calls to the BR CoAP?

Thanks for your time!

@wgtdkp
Copy link
Member

wgtdkp commented Oct 29, 2024

This is by design for privacy / security reasons - so that the Thread diagnostic information won't be made available to whatever devices on the Wi-Fi link or an untrusted app on the BR device.

What stops you from using the netdiag.h API or the CLI commands?

cc @superwhd @sunytt

@dakhnod
Copy link
Author

dakhnod commented Oct 29, 2024

@wgtdkp Thanks for the quick answer, I was suspecting something similar.
But how does it the BR know? After all, I am sending the CoAP query from the wpan0 interface, and the source and dst addresses should be identical. So, how does the BR know it's not the CLI?

@wgtdkp
Copy link
Member

wgtdkp commented Oct 29, 2024

@dakhnod
Copy link
Author

dakhnod commented Oct 29, 2024

But..the CLI can send CoAP request over the network, right? How do those remote systems differentiate the CLI vs a generic CoAP client?

@jwhui
Copy link
Member

jwhui commented Oct 29, 2024

But..the CLI can send CoAP request over the network, right? How do those remote systems differentiate the CLI vs a generic CoAP client?

OpenThread CLI leverages OpenThread's internal CoAP implementation. A generic CoAP client come through the host system's network stack. OpenThread treats those sources of packets differently.

@dakhnod
Copy link
Author

dakhnod commented Oct 29, 2024

@jwhui gereat, that would explain my strange observations in wireshark.

So, is there a way to use a generic coap client to access those internal endpoints?

@dakhnod
Copy link
Author

dakhnod commented Nov 19, 2024

@jwhui Sorry for asking again, but we need a way of finding all EUI64 inside a thread network from a nodeJS program. How can I achieve that? The agent can run within the Thread network, it doesn't have to be from outside the network.

@jwhui
Copy link
Member

jwhui commented Nov 19, 2024

One option is to disable the TMF origin filter. Note that this feature is only intended for testing.

https://openthread.io/reference/cli/commands#test_tmforiginfilter

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants