michaelh/zephyr
1
0
Fork 0
Code Releases Activity

Bluetooth: L2CAP: Fix accounting SDU header len as data

Browse source 
This cause packets that are up to 2 bytes off segment maximum length
to be considered transmitted when in fact that could be some bytes left
to be transmitted which cause any subsequent packet to trigger invalid
SDU on the remote end:

[ 3612.376068] l2cap_le_data_rcv:6757: SDU fragment. chan->sdu->len 66 skb->len 68 chan->sdu_len 67
[ 3612.376073] Bluetooth: Too much LE L2CAP data received

Change-Id: Id2f3469ce1c0b27bb87c4d5bc18e6ede9d93dbde
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This commit is contained in:
Luiz Augusto von Dentz 2017-03-31 14:51:53 +03:00 committed by Johan Hedberg
commit a91238aca6
1 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

7
subsys/bluetooth/host/l2cap.c
View file

@ -1063,7 +1063,7 @@ static int l2cap_chan_le_send(struct bt_l2cap_le_chan *ch, struct net_buf *buf,
BT_DBG("ch %p cid 0x%04x len %u credits %u", ch, ch->tx.cid,
buf->len, k_sem_count_get(&ch->tx.credits));
len = buf->len;
len = buf->len - sdu_hdr_len;
bt_l2cap_send(ch->chan.conn, ch->tx.cid, buf);
@ -1119,7 +1119,8 @@ static int l2cap_chan_le_send_sdu(struct bt_l2cap_le_chan *ch,
}
}
BT_DBG("ch %p cid 0x%04x sent %u", ch, ch->tx.cid, sent);
BT_DBG("ch %p cid 0x%04x sent %u total_len %u", ch, ch->tx.cid, sent,
total_len);
net_buf_unref(buf);
@ -1640,7 +1641,7 @@ int bt_l2cap_chan_send(struct bt_l2cap_chan *chan, struct net_buf *buf)
return -EINVAL;
}
BT_DBG("chan %p buf %p len %u", chan, buf, buf->len);
BT_DBG("chan %p buf %p len %zu", chan, buf, net_buf_frags_len(buf));
if (!chan->conn || chan->conn->state != BT_CONN_CONNECTED) {
return -ENOTCONN;