Bluetooth: L2CAP: Fix accounting SDU header len as data
This cause packets that are up to 2 bytes off segment maximum length to be considered transmitted when in fact that could be some bytes left to be transmitted which cause any subsequent packet to trigger invalid SDU on the remote end: [ 3612.376068] l2cap_le_data_rcv:6757: SDU fragment. chan->sdu->len 66 skb->len 68 chan->sdu_len 67 [ 3612.376073] Bluetooth: Too much LE L2CAP data received Change-Id: Id2f3469ce1c0b27bb87c4d5bc18e6ede9d93dbde Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This commit is contained in:
parent
5f69bde72b
commit
a91238aca6
1 changed files with 4 additions and 3 deletions
|
@ -1063,7 +1063,7 @@ static int l2cap_chan_le_send(struct bt_l2cap_le_chan *ch, struct net_buf *buf,
|
|||
BT_DBG("ch %p cid 0x%04x len %u credits %u", ch, ch->tx.cid,
|
||||
buf->len, k_sem_count_get(&ch->tx.credits));
|
||||
|
||||
len = buf->len;
|
||||
len = buf->len - sdu_hdr_len;
|
||||
|
||||
bt_l2cap_send(ch->chan.conn, ch->tx.cid, buf);
|
||||
|
||||
|
@ -1119,7 +1119,8 @@ static int l2cap_chan_le_send_sdu(struct bt_l2cap_le_chan *ch,
|
|||
}
|
||||
}
|
||||
|
||||
BT_DBG("ch %p cid 0x%04x sent %u", ch, ch->tx.cid, sent);
|
||||
BT_DBG("ch %p cid 0x%04x sent %u total_len %u", ch, ch->tx.cid, sent,
|
||||
total_len);
|
||||
|
||||
net_buf_unref(buf);
|
||||
|
||||
|
@ -1640,7 +1641,7 @@ int bt_l2cap_chan_send(struct bt_l2cap_chan *chan, struct net_buf *buf)
|
|||
return -EINVAL;
|
||||
}
|
||||
|
||||
BT_DBG("chan %p buf %p len %u", chan, buf, buf->len);
|
||||
BT_DBG("chan %p buf %p len %zu", chan, buf, net_buf_frags_len(buf));
|
||||
|
||||
if (!chan->conn || chan->conn->state != BT_CONN_CONNECTED) {
|
||||
return -ENOTCONN;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue