main โ feat/safe_dds
opened 11:02PM - 11 Mar 26 UTC
### Solved Problem
Fixes https://github.com/PX4/PX4-Autopilot/issues/26712 and โฆhttps://github.com/PX4/PX4-Autopilot/issues/25273 unsafe behaviors.
Other than the documentation issues above, the major concern is that a non-gated DDS interface leads to confusion on the user side when offboard messages interfere with non-offboard modes during vehicle operation. This clashes with what is the most natural and expected behavior of the system. After discussing with other maintainers, it was highlighted that there is a desire for an unobstructed path between offboard and FMU via DDS, so that OBC nodes act essentially as firmware-level modules. To ensure this remains the case, a parameter `UXRCE_DDS_SAFE` is introduced, which, if set to `0`, keeps the previous functionality - ie, non-gated behavior. When the parameter is active (set to `1`), only whitelisted uORB topics in `safety_whitelist.yaml` are allowed to publish to uORB regardless of the activated mode.
### Solution
Introduces a parameter that allows the user to stay with the previously used DDS direct-access to uORB, irrespective of vehicle mode. If this parameter is enabled (suggested default usage), the UXRCE DDS client only publishes to uORB when in offboard mode. This behavior is ignored if a specific uORB topic is whitelisted in `safety_whitelist.yaml` (feel free to suggest name changes). If a topic is placed there, the safety check is ignored.
Data always flows from uORB to DDS irrespective of the parameter value, so subscriptions are always possible.
### Changelog Entry
For release notes:
```
Feature: ensure safe behavior from UXRCE DDS
```
### Alternatives
1. Keep the previous behavior, which allows non-gated access to uORB.
2. Create an API-like usage for DDS
### Test coverage
SITL
### Context
