In retransmission mode and flow control mode, the TxWindow size should
be same on both sides.
When one side is updated, also update the other side.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
When creating a broadcast source with
bt_cap_initiator_broadcast_audio_create there was no check if
all broadcast sources were already allocated, which could cause
a NULL pointer dereference.
Add a check, a test and documentation about possibly
error codes of the function.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
A bonding issue is found with following conditions,
a. Local is a SSP initiator and it is in non-bondable mode,
b. Peer is in bondable mode,
c. The bonding flag in Authentication_Requirements of local IOCAP is
`No Bonding`,
d. the bonding flag in Authentication_Requirements of peer IOCAP is
`Bonding`.
The bonding information will be exchanged and stored. It is incorrect
behavior.
Fix the issue by reporting a pairing failure and disconnecting the ACL
connection with error `BT_HCI_ERR_AUTH_FAIL`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The FCS flag of TX direction is not set correctly if the FCS flag of
RX direction is set. The issue could be found with following steps,
Step 1, Local sends configuration request with ERET mode and FCS
omitted.
Step 2, Peer replies the configuration response without any errors.
Step 3, Peer sends configuration request with ERET mode and NO FCS.
Step 4, Local replies the configuration response without any errors.
The FCS flag of TX is cleared incorrectly.
The FCS should be enabled if any one side enables the FCS.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
In current implementation, if the HCI ACL data length exceeds on L2CAP
packet, the HCI ACL data will be discarded.
Support the case if the transport is classic.
Add a function `bt_br_acl_recv()` to handle the multi L2CAP packets
one by one.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
When applying the connection parameter update, the window widening
for the previous connection interval was not applied since that is
normally done in LLL
Fixed by applying the window widening in ull_conn_update_parameters()
instead in this case
Fixes EBQ test failure in LL/CON/PER/BV-10-C
Signed-off-by: Troels Nilsson <trnn@demant.com>
On reboot, client list to notify is not updated properly.
Fix is to check and add the reconnected clients on
security changed cb.
Subscription check is added before notify to clients.
BT Enable check is added in the register function before adding
bonded devices to client list.
Also typo is corrected in add_bonded_addr_to_client_list in the
second loop.
Signed-off-by: Nithin Ramesh Myliattil <niym@demant.com>
Update bit array (number of connections) added for each receive state.
Notifications are attempted to be sent in the system workqueue and
retried if failing.
Issue #85487
Signed-off-by: Jens Rehhoff Thomsen <jthm@demant.com>
- When encrypt_state in a receive state of the scan delegator is
BT_BAP_BIG_ENC_STATE_BAD_CODE, make sure that on synchronization
encrypt_state is updated to BT_BAP_BIG_ENC_STATE_DEC, as this
implies that a correct code was provided, so that the broadcast
assistant is not asked for a correct code any longer.
Signed-off-by: Max Emde <mxem@demant.com>
The va.h file used both uintX and bool without including
the appropriate header files, which can cause a compile issue
if the file is included in the wrong order.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
BR_SEND_KEYS_SC should be used to determine the value of
Responder Key Distribution when sending pairing_response to
reply smp br pairing_request.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
The mod_src_param was several places stored on the stack.
However this is a complex paramater struct that has
2 Kconfig options that can significantly increase the size,
and the maximum size of the parameter is nearly 8 KiB, and
was always place the in the BT RX thread's stack.
For this reason, the param is now stored in a single
static variable in RAM instead, so that the BT RX thread's stack
does not need to be increased based on the Kconfig options,
as that is quite difficult for users to be aware of.
The add_src_param has been left as is, as that stored in
the calling thread, and it is easier for an application
to determine if the calling thread needs additional stack
space.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Bad Broadcast Code in BASS/Scan Delegator if BIG_Encryption
field value = 0x03 (Bad_Code), Bad_Code shall be set to the
value 0xFFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF according to BASS v1.0.1
Signed-off-by: Gudipudi Ramana Kumar <gudipudiramanakumar@gmail.com>
When the connection status is "PENDING", need reset the br channel
identifier to the correct value before resend the connection response,
otherwise these is in an "ident mismatch" error being reported.
Signed-off-by: Make Shi <make.shi@nxp.com>
The local device shall only set the MITM protection required flag if
the local device itself requires MITM protection.
Only set MITM flag when the required security level is more than 2 and
pairing method is not `JUST_WORKS`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Bluetooth had two public types with similar name _bt_gatt_ccc and
bt_gatt_ccc, but for absolutely different purposes.
That caused misunderstanding of relationship of them and cases
where to use which one.
Commit changes name of _bt_gatt_ccc to more suitable by usage and
improves documentation of it.
Additionally, it changes name of BT_GATT_CCC_INITIALIZER
to correspond the type name.
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
The start_simple_cs_test and stop_cs_test depends on
CONFIG_BT_CHANNEL_SOUNDING_TEST and could cause build errors if that
is disabled while CONFIG_BT_CHANNEL_SOUNDING=y in the shell.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Update `bt_irk_eq` to use `util_memeq` instead of `memcmp` and the
"disconnect" BabbleSim test to use `util_eq` instead of a first
assertion on the size followed by a `memcmp`.
This is done as an example usage of the two new functions.
Signed-off-by: Théo Battrel <theo.battrel@nordicsemi.no>
If the SLC is broken, all saved calls should be cleared.
Clear all calls in the callback `hf_disconnected()` and
`ag_disconnected()`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
In current implementation, the active/hold call will be terminated
and notify the upper layer the status change of calls when the SLC
is broken. But the calls should not be terminated in this case.
Do not terminate the calls and only clear the status of all calls.
And disconnect the SCO connection if it is established.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Validate that a received LL_CIS_REQ is valid and reject if it is not
Fixes EBQ test failure in LL/CIS/PER/BI-07-C
Signed-off-by: Troels Nilsson <trnn@demant.com>
Add bt_ccp_client_get_bearers that will return the bearers of
a client so that the application can always retrieve them if they
do not store them from the discovery callback.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Private Node Identity advertisement on a subnet should stop as soon as
the network is removed.
Signed-off-by: alperen sener <alperen.sener@nordicsemi.no>
Fixed the bt_pacs_get_available_context API to return values of type
bt_audio_context instead of an error type.
Signed-off-by: Dereje Wassie <deiw@demant.com>
Rewrote places in the bluetooth code that converts objects
larger than one byte by taking the address of an unaligned struct
member and changed it to a function that takes the value directly
and converts it to big endian.
Signed-off-by: Lars-Ove Karlsson <lars-ove.karlsson@iar.com>
`>= 0` was used when EATT support was implemented (#23199) because
`bt_l2cap_chan_send` could return number of bytes sent. After PR #67528,
`bt_l2cap_chan_send` doesn't return amount of bytes sent or any positive
value, but either 0 or negative value. Thus `>= 0` is not needed. It
also confusing when reading code, especially when the same check is not
implemented in other cases where underlying function `chan_send` is
used.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
`att_sent` is removed as it does not provide any value. All checks are
already performed in `att_on_sent_cb`, and keeping it only increases
readability complexity.
`att_sent` is removed as doesn't give any value. All checks are done
already in `att_on_sent_cb`. It just increases readness complexity.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
The extra `bt_att_chan_req_send` does nothing but increases readability
complexity. All checks are already performed by the caller.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
The existing checks were not thread safe at all.
Replace the checks by using atomic_test_and_set_bit
and then clearing the bit again on error.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
In bt_sco_disconnected, chan->sco is set as NULL before callback. Then
hfp disconnection callback use it to callback to application in
hfp_hf_sco_disconnected.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
gcc 11.4.0, seems to believe this variable may be used uninitialized,
and warns about it (causing a test build failure due to warnings
being treated as errors).
Let's just initialize the variable to 0 to avoid the issue, as the
cost is trivial.
subsys/bluetooth/host/classic/hfp_ag.c: In function
‘bt_hfp_ag_vts_handler’:
1095
subsys/bluetooth/host/classic/hfp_ag.c:3091:17: error: ‘code’ may be
used uninitialized in this function [-Werror=maybe-uninitialized]
1096
3091 | bt_ag->transmit_dtmf_code(ag, code);
1097
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1098
The issue can be reproduced for ex. with:
$ mkdir build ; cd build
$ cmake -GNinja -DBOARD=native_sim/native/64 ../tests/bluetooth/shell \
-DCONF_FILE="prj_br.conf"
$ ninja
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
While linking with the IAR linker using generated linker scripts,
and with errors if unhandled sections are encountered, many of the
bluetooth tests failed because CONFIG_SETTINGS was not set.
The section that was not handled was
'._settings_handler_static.static.settings_handler_bt_ccc_'
Now it's only set if CONFIG_SETTINGS is set.
Signed-off-by: Lars-Ove Karlsson <lars-ove.karlsson@iar.com>
Previously bis_sync_req was only called when requested_bis_sync
was changed. However that meant that there were cases where the
requested_bis_sync was the same as the new request, but where
the actual BIS sync state were different. This was mostly
the case when the scan delegator had autonousmly
added or modified the receive state.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
The scan_delegator_mod_src accidentally may have overwritten
the value of internal_state->requested_bis_sync before the
entire request had been verified, causing a mismatch between
what the application knows and what the stack stored.
Fixed by storing the request in a temporary value until
everything has been verified and accepted.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Updated implementation to use single receive thread to
enqueue HCI ISO data, ACL data and events towards Host when
building HCI-Only samples/applications, i.e. when building
hci_uart, hci_spi or hci_ipc samples (CONFIG_BT_HCI_RAW=y).
This implementation will serialize HCI events and data as
they occur corresponding to on-air timelines of their
occurrences which is how they are generated by the Link
Layer.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
The error occur when discoverying br devices and need to send request_name
for many found devices.
In system work queue task, bt_hci_inquiry_complete->
report_discovery_results is called, then request_name is called for all
the found devices. The controller gives HCI_Remote_Name_Request_Complete
event for every name request result and one buf is allocated from
hci_rx_pool to save HCI_Remote_Name_Request_Complete. When system work
queue task is blocked to call request_name for every device, many
HCI_Remote_Name_Request_Complete are received for the already sent
request_name, it uses up all the buf of hci_rx_pool, then the bt_rx_thread
task is blocked to get buf from hci_rx_pool when next
HCI_Remote_Name_Request_Complete is received, meanwhile the next
request_name send hci cmd and wait the result, but the hci status/complete
event can't be received because the bt_rx_thread is blocked and
bt_uart_isr is kept in the state to receive last
HCI_Remote_Name_Request_Complete, then bt_dev.ncmd_sem is not released,
then the next request_name send hci cmd again, but the bt_dev.ncmd_sem is
invalid, then bt_hci_cmd_send_sync fail and assert.
resolve it by requesting name one by one.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
When an advertising set is not configured for periodic advertising,
the correct error to return is BT_HCI_ERR_CMD_DISALLOWED
Fixes EBQ test failure of HCI/DDI/BI-70-C
Signed-off-by: Troels Nilsson <trnn@demant.com>
If the AG works as Data Channel Acceptor, the ACL conn cannot be known
by the application of AG. Similar with HF, add ACL conn as the first
parameter to the `connected` callback of AG.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>