net: lib: downloader: Leave room for header when using TLS with nRF91

eivindj-nordic · rlubos · commit ab80a432d15d · 2025-02-20T09:29:42.000+01:00
Using range requests of 2048 bytes leaves no room for the header when
using TLS with nRF91 devices. Reduce the range requests if recv return
-EMSGSIZE. The range_override can be configured in the host
configuration to improve performance.

Signed-off-by: Eivind Jølsgard &lt;eivind.jolsgard@nordicsemi.no&gt;
diff --git a/doc/nrf/libraries/networking/downloader.rst b/doc/nrf/libraries/networking/downloader.rst
@@ -187,12 +187,32 @@ The following snippet shows how to download a file using HTTPS:
 Limitations
 ***********
 
-The library requires the host server to provide a Content-Range field in the HTTP GET response header when using HTTPS with the nRF91 Series devices.
-If this header field is missing, the library logs the following error::
+The following limitations apply to this library:
 
-   <err> downloader: Server did not send "Content-Range" in response
+nRF91 Series TLS limitation
+===========================
 
- Due to internal limitations, maximum CoAP block size is 512 bytes.
+The nRF91 Series modem has a size limit for receiving TLS packages.
+The size limit depends on modem internals and is around 2 kB.
+See modem firmware release notes for details.
+The library  asks the server for a content-range which must be supported by the host server when using HTTPS with the nRF91 Series devices.
+
+The content range is set by the :c:member:`downloader_host_cfg.range_override` configuration in the download client configuration.
+If the configuration is not set, a default value will be used for the nRF91 Series devices when using HTTPS.
+
+The fragment size must be set so that the TLS package does not exceed the modem limit.
+The TLS package size is dependent on the HTTP header and payload size.
+The HTTP header size is dependent on the server in use.
+When meeting this limitation, the downloader attempts to reduce the content-range in order to fill the TLS size requirements.
+If the requirements cannot be met, the downloader fails with error ``-EMSSIZE``.
+
+.. note::
+   If you are experiencing this issue on a deployed product, reducing the HTTP header size responded by the server can also resolve this issue.
+
+CoaP block size
+===============
+
+Due to internal limitations, the maximum CoAP block size is 512 bytes.
 
 API documentation
 *****************
diff --git a/include/net/downloader.h b/include/net/downloader.h
@@ -55,6 +55,7 @@ enum downloader_evt_id {
 	 * - -EINVAL: Invalid configuration.
 	 * - -EAFNOSUPPORT: Unsupported address family (IPv4/IPv6).
 	 * - -EHOSTUNREACH: Failed to resolve the target address.
+	 * - -EMSGSIZE: TLS packet is larger than the nRF91 Modem can handle.
 	 *
 	 * In case of @c ECONNRESET errors, returning zero from the callback will let the
 	 * library attempt to reconnect to the server and download the last fragment again.
diff --git a/subsys/net/lib/downloader/src/transports/http.c b/subsys/net/lib/downloader/src/transports/http.c
@@ -19,7 +19,11 @@
 
 LOG_MODULE_DECLARE(downloader, CONFIG_DOWNLOADER_LOG_LEVEL);
 
-/* nRF91 modem TLS secure socket buffer limited to 2kB including header */
+/* In the nRF91 Series modem, the TLS secure socket buffer is limited to around 2 kB.
+ * If the header and data is too large, the downloader will reduce the range requests until
+ * the requirements are satisfied. The application can also set the range_override in
+ * struct downloader_host_cfg to utilize the size better.
+ */
 #define TLS_RANGE_MAX 2048
 
 #define DEFAULT_PORT_TLS 443
@@ -431,9 +435,7 @@ static int http_parse(struct downloader *dl, size_t len)
 	if (dl->progress + len != dl->file_size) {
 		if (http->ranged) {
 			http->ranged_progress += len;
-			if (http->ranged_progress < (dl->host_cfg.range_override
-							     ? dl->host_cfg.range_override
-							     : TLS_RANGE_MAX - 1)) {
+			if (http->ranged_progress < dl->host_cfg.range_override) {
 				/* Ranged query: read until a full fragment */
 				return len;
 			}
@@ -610,6 +612,19 @@ static int dl_http_download(struct downloader *dl)
 			     dl->cfg.buf_size - dl->buf_offset);
 
 	if (len < 0) {
+		if (len == -EMSGSIZE && dl->host_cfg.range_override) {
+			/* We do not have enough space for the http header and requested data,
+			 * reattempt with shorter range request.
+			 */
+			dl->host_cfg.range_override -=
+				((dl->host_cfg.range_override > 256) ? 128 : 8);
+			if (dl->host_cfg.range_override <= 8) {
+				return -EMSGSIZE;
+			}
+			LOG_DBG("Message size too big, reattempting with range size %d",
+				dl->host_cfg.range_override);
+			return -ECONNRESET;
+		}
 		if (http->connection_close) {
 			return -ECONNRESET;
 		}

Original file line number	Diff line number	Diff line change
`@@ -55,6 +55,7 @@ enum downloader_evt_id {`
`55`	`55`	`* - -EINVAL: Invalid configuration.`
`56`	`56`	`* - -EAFNOSUPPORT: Unsupported address family (IPv4/IPv6).`
`57`	`57`	`* - -EHOSTUNREACH: Failed to resolve the target address.`
	`58`	`+ * - -EMSGSIZE: TLS packet is larger than the nRF91 Modem can handle.`
`58`	`59`	`*`
`59`	`60`	`* In case of @c ECONNRESET errors, returning zero from the callback will let the`
`60`	`61`	`* library attempt to reconnect to the server and download the last fragment again.`