The function obex_transport_disconn() was always returning -EINVAL
regardless of the actual error code returned by the transport
disconnect operation.
Fix this by returning the actual error code from the transport
disconnect call instead of the hardcoded -EINVAL value.
Signed-off-by: Can Wang <can.wang@nxp.com>
According to OBEX Version 1.5, section 2.2.9, it is legal to send a
zero-length End-of-Body header when object body data is generated on
the fly and the end cannot be anticipated.
Update parameter validation in bt_obex_add_header_body_or_end_body()
and bt_obex_add_header_end_body() to allow NULL body pointer when
length is zero, while still rejecting NULL body with non-zero length.
This enables proper support for zero-length End-of-Body headers as
specified in the OBEX specification.
Signed-off-by: Can Wang <can.wang@nxp.com>
Add a new helper function bt_obex_has_app_param() to check whether
a specific application parameter tag exists in the OBEX buffer.
The function uses the existing bt_obex_get_header_app_param() to
retrieve the application parameters, then parses them using
bt_obex_tlv_parse() with a callback to search for the specified tag ID.
This simplifies checking for the presence of application parameters
without needing to manually parse the TLV structure.
Signed-off-by: Can Wang <can.wang@nxp.com>
Introduce bt_le_per_adv_sync_cb_unregister to allow
unregistering of the periodic sync callbacks.
Signed-off-by: Antoni Duda <antoni.duda@programmer.net>
When MOPL exceeds MTU, adjust it to match MTU instead of sending the
error code. This handles the common case where mainstream mobile
operating systems (iPhone and Android) negotiate
MOPL values greater than the RFCOMM or L2CAP MTU.
Signed-off-by: Can Wang <can.wang@nxp.com>
Avoid calling vcp_vol_ctlr_discover_complete() with a NULL
controller pointer when lookup fails during AICS discovery.
The vcp_vol_ctlr_discover_complete() helper dereferences the
controller unconditionally, which could otherwise lead to a NULL
pointer dereference.
Fix by returning early if the controller lookup fails.
Signed-off-by: Gaetan Perrot <gaetan.perrot@spacecubics.com>
Avoid calling micp_mic_ctlr_discover_complete() with a NULL
controller pointer when lookup fails during AICS discovery.
The micp_mic_ctlr_discover_complete() helper dereferences the
controller unconditionally, which could otherwise lead to a NULL
pointer dereference.
Fix by returning early if the controller lookup fails.
Signed-off-by: Gaetan Perrot <gaetan.perrot@spacecubics.com>
Change at_get_raw_string() return type from 'char *' to 'const char *'
to match at_get_string() and improve const-correctness. This function
returns read-only AT command response data that should not be modified.
- Update at_get_raw_string() signature in at.h and at.c
- Update return statement cast from 'char *' to 'const char *'
- Update local variables in hfp_hf.c to use 'const char *':
* bvra_handle: 'id' variable
* chld_handle: 'value' variable
* cnum_handle: 'alpha' and 'speed' variables
- Mark unused 'alpha' and 'speed' in cnum_handle with __maybe_unused
- Change NULL check style from '!id' to 'id == NULL' for consistency
This completes the const-correctness improvements started in the
previous commit for HFP HF AT command string handling.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add Espressif platform and variant IDs to hci_vs.h for ESP32 family
SoCs (ESP32, ESP32-S3, ESP32-C2, ESP32-C3, ESP32-C6, ESP32-H2).
Add Espressif Systems to vs_hw_platform() and vs_hw_variant()
functions in hci_core.c for proper vendor identification.
Use CONFIG_SOC_FAMILY guards in vs_hw_variant() to reduce flash
usage by only compiling variant strings for the active SoC family.
Signed-off-by: Sylvio Alves <sylvio.alves@espressif.com>
Fix validation of AD length handling in the Bluetooth shell.
Reject zero-length AD fields before subtracting the AD type size.
The previous implementation compared an unsigned length
against zero after subtraction, making the error path
unreachable.
Signed-off-by: Om Srivastava <srivastavaom97714@gmail.com>
There is a corner case that the ACL_Data_Packet_Length is less than
the MPS of the L2CAP BR channel connection. Then the partial data
will be sent and the remaining data will be sent in sequence in the
function `l2cap_br_data_pull()`. The issue occurs when sending the
continuing fragment HCI ACL packet, due to the reference counting of
sending buffer is 0. Therefore, the application will be asserted in
the function `send_buf()`.
Fix the issue by managing the reference count of the sending buffer.
Use the function `net_buf_ref()` to increment the reference count of
the sending buffer.
If the sending buffer is the last fragment, use `net_buf_unref()` to
decrement the reference count of the sending buffer to ensure that
the send buffer can be properly released when the data is sent out.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Commit adds `bt_mesh_` prefix to `struct app_key`
to make it compatible with other internal API.
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
Commit adds functionality that synchronizes network and
application keys between mesh core and cdb.
Additionally, subnetwork bridge bsim tests were fixed since
cdb cannot allocate subnetwork if it exists.
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
Event about application key changes has been refactored.
Event provides access to the corresponding applicarion key
structure instead just key indexes.
The related code has been moved from mesh.h to app_keys.h.
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
This fixes a limitation where the stack assumed that vendor models could
not specify handlers for SIG-defined (1- or 2-byte) opcodes. This
assumption does not exist in the specification. In fact, the
specification expects this very use-case to be possible, in MeshPRT 1.1,
section 3.8.3:
> To exchange messages with a Bluetooth SIG adopted model, a Vendor Model
> shall use the Access message defined for the Bluetooth SIG model.
Signed-off-by: Ludvig Jordet <ludvig.jordet@nordicsemi.no>
This deprecates CONFIG_BT_MESH_MODEL_VND_MSG_CID_FORCE. This option was
added to allow an optimization that a) only can apply in edge case
networks that use multiple vendor models with different CIDs, b) doesn't
really have much potential gains even in this case unless there is a
large number of opcodes in these vendor models, and c) makes it
impractical to implement support for vendor models handling SIG opcodes.
Signed-off-by: Ludvig Jordet <ludvig.jordet@nordicsemi.no>
Since the entire cid checking function is conditionally included based
on KConfig, the usage site also needs to use #if instead of IS_ENABLED,
otherwise you get the following warning during compilation when the
option is disabled:
`error: implicit declaration of function
‘bt_mesh_vnd_mod_msg_cid_check’`
Signed-off-by: Ludvig Jordet <ludvig.jordet@nordicsemi.no>
Change at_get_string() return type to 'const char *'. Correspondingly,
change string parameters in HFP HF callbacks and related functions
from 'char *' to 'const char *' to reflect that these strings are
read-only data returned from AT command parsing.
- Update bt_hfp_hf_cb callback signatures for clip, operator,
call_waiting, and textual_representation
- Update at_get_string() return type to 'const char *'
- Update local variables in hfp_hf.c handlers to use 'const char *'
- Update shell callback implementations to match new signatures
- Change NULL check style from '!text' to 'text == NULL' for consistency
- Remove unnecessary initialization of 'number' variable in clcc_handle
This improves const-correctness and prevents accidental modification
of AT command response strings.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add a new function, bt_bap_ep_get_conn, which returns
the ACL connection for the endpoint. This works because
endpoints are specific to an ACL in BAP. The function
returns a pointer with a new reference similar to the
lookup functions from conn.h
The conn pointer was not added to the bt_bap_ep_info
struct, as doing so would be more likely to cause
reference leaks if the caller did not care about the
conn pointer when using bt_bap_ep_get_info. It can be
added later if that is requested.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Refactor the bt_bap_broadcast_assistant_discover function
to not read receives at the end of discovery.
This makes the function more true to what it is supposed to
do, and significantly reduces the complexity of the
procedure and the read callback.
Users will be required to, if wanted, to read the
receive state themselves with the existing
bt_bap_broadcast_assistant_read_recv_state.
The start_offset had to be modified to avoid issues with
PA sync.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Add support for getting the UCI.
For now the UCI will be duplicated by the TBS
implementation, but will be optimizied in the future
so only one copy of the UCI exists.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Tune the aux offset calculation overhead assertion to use
EVENT_OVERHEAD_START_US; this is the correct maximum
overhead causing ISR latency for start of a radio event that
occurs thereafter.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Add explicit casts from 'uint8_t *' to 'char *' in at_get_string()
and at_get_raw_string() return statements to resolve implicit cast
warnings. The data.start field is uint8_t *, but the functions
return char *.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Release the buffer with net_buf_unref(rsp) once the reading default link
policy settings response has been parsed.
Signed-off-by: zhenwei fang <fangzhenwei@bytedance.com>
Add implementations for the following SBC codec parameter getter functions:
bt_a2dp_sbc_get_channel_mode(): returns the channel mode (mono, dual,
stereo, joint stereo); bt_a2dp_sbc_get_subband_num(): returns the number of
subbands (4 or 8); bt_a2dp_sbc_get_block_length(): returns the block length
(4, 8, 12, or 16); bt_a2dp_sbc_get_allocation_method(): returns the
allocation method (SNR or loudness).
These functions parse the SBC codec configuration parameters and return
the corresponding values, completing the API defined in a2dp_codec_sbc.h.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
struct net_val is a packed struct containing
`struct bt_mesh_key dev_key` member which contains uint32_t
variable inside.
Compiling this code with llvm clang produces the following
warning:
`
error: field dev_key within 'struct net_val' is less aligned
than 'struct bt_mesh_key' and is usually due to 'struct net_val'
being packed, which can lead to unaligned accesses
[-Werror,-Wunaligned-access]
`
However, the `struct bt_mesh_key dev_key` is handled in accordance
to its actual alignment. I.e., it is copied using memcpy() which
prevents any alignment issues.
This commit resolves the following Zephyr issue:
https://github.com/zephyrproject-rtos/zephyr/issues/101144
by suppressing -Wunaligned-access warning
on the `struct net_val` declaration.
Signed-off-by: Ivan Iushkov <ivan.iushkov@nordicsemi.no>
For some controllers, such as NXP IW612 Chipset, the PCM pins of
controller needs to be configured before the SCO connection is
established. And it requires to get the `air_coding_format` to
configure the PCM pins of controller.
So, it requires to known when the SCO connection will be established
and what the `air_coding_format` of the SCO connection.
Add the function `bt_sco_hci_cb_register()` to monitor the HCI
commands `setup_sco` and `accept_sco_req`.
Add the function `bt_sco_hci_cb_unregister()` to remove the monitor.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add a new Kconfig option CONFIG_BT_HFP_AG_INBAND_RINGTONE to allow
enabling/disabling the in-band ringtone capability in HFP AG profile.
The in-band ringtone feature is now conditionally compiled based on
this configuration option. When disabled, the feature flags are set
to 0 and the bt_hfp_ag_inband_ringtone() API returns -ENOTSUP.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
In current implementation, the additional buffer is required by AT to
store the parsing AT response data temporarily. To store the parsed
AT response data completely, the buffer size is as high as the MTU of
the RFCOMM connection. And the buffer is dedicated for each HFP HF
connection. That means the RAM usage depends on the MAX HFP HF
connection count. Actually, the RFCOMM receiving buffer is valid when
processing the received AT response. The changes aim to remove the
additional buffer and leverage the receiving buffer to process the AT
response.
And there is an issue found that the type of the additional buffer
length is `uint8_t`, while the configured RFCOMM receiving data length
is 65535. When the additional buffer length exceeds 255, the AT cannot
process the received data normally.
Replace manual buffer management with net_buf_simple in the AT command
parser. This change eliminates the need for manual position tracking
and buffer length management by leveraging Zephyr's existing buffer
utilities. And leverage RFCOMM receiving buffer instead of allocating
dedicated buffer.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Remove duplicated #include directives within the same
preprocessor scope across the Zephyr tree.
Duplicates inside different #ifdef branches are preserved
as they may be intentional.
Signed-off-by: Sylvio Alves <sylvio.alves@espressif.com>
In current implementation, if the codec is not selected, the codec
CVSD will be used to as default value to start audio connection
procedure.
Optimize the codec selection to select the supported highest quality
codec as the default value.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add feature support validation in `bt_hfp_ag_voice_recognition()` to
verify that both HF and AG support voice recognition feature before
attempting to activate/deactivate it.
This prevents attempting voice recognition operations when the feature
is not supported by either the Hands-Free device or the Audio Gateway,
returning -ENOTSUP in such cases.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Check the return value of the function `atomic_cas()`. If the new
value cannot be set for the OBEX server, return the error code
`BT_OBEX_RSP_CODE_INTER_ERROR`. If the new value cannot be set for
the OBEX client, return the error code `-EINVAL`.
Fix#100012Fix#100018Fix#100019Fix#100021Fix#100022Fix#100023
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Add assertion to ensure MTU is at least the size of the start header
before calculating the remaining length for fragmentation. This prevents
potential underflow when subtracting the header size from MTU.
Fix coverity #551657
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
In option of HCI_LE_Periodic_Advertising_Create_Sync, bit 2
depend on Periodic Advertising ADI Support feature.
Signed-off-by: Gang He <ganghe@sifli.com>
A invalid indicator index will cause the underflow of the array
`ag_ind` if the indicator index is not returned by AG in the
response of AT command `AT+CIND=?`.
Replace hardcoded `-1` values with HFP_HF_INDICATOR_INVALID constant
for better code readability and maintainability. Add proper bounds
checking to validate indicator indices before accessing the `ag_ind`
array using the `ind_table` mapping.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
There is an issue found that the sco conn cannot be released when the
SCO has been disconnected. The sco conn count is referred in the sco
connected callback due to the `sco_conn` is NULL while `sco_conn`
should not be NULL when the sco connected callback is triggered.
It is a race condition issue where the sco connected callback is
triggered before `sco_conn` is updated. The sco conn reference count
has been referred incorrectly, actually it should not be referred.
Replace direct pointer access to `sco_conn` with atomic operations to
prevent race conditions in concurrent SCO connection scenarios.
If the value of `sco_conn` is not NULL when trying to set the return
value of `bt_conn_create_sco()` to `sco_conn`, it means the race
condition occurs. In this situation, discount the sco conn reference
count to fix the issue.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
When MOPL exceeds MTU, adjust it to match MTU instead of failing the
connection. This handles the common case where mainstream mobile
operating systems (iPhone and Android) negotiate
MOPL values greater than the RFCOMM or L2CAP MTU.
Signed-off-by: Cheng Chang <cheng.chang@nxp.com>
The broadcast_state variable was not used in
bt_bap_broadcast_source_update_metadata to verify the
state, but broadcast_source_get_state was instead called
twice.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Refactor the bt_bap_broadcast_source_reconfig function to be less
complex by splitting the verification into multiple functions.
Additionally, it also fixes a rare, but potential, issue where
some subgroups were updated before a later subgroup would fail
to be updated. Added can_merge_codec_cfg_data to verify correctness
before we attempt to update any subgroups. This new check is also
applied to bt_bap_broadcast_source_create.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Move the subgroup parameter validation to its own function to
reduce the size and complexity of valid_broadcast_source_param
to make Sonarcube happy.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
