There is potential buffer overflow in pb adv.
If Transaction Continuation PDU comes before
Transaction Start PDU the last segment number is set to 0xff.
The current implementation has a strictly limited buffer size.
It is possible to receive malformed frame with wrong segment
number. All segments with number 2 and above will be stored
in the memory behind Rx buffer.
Signed-off-by: Aleksandr Khromykh <Aleksandr.Khromykh@nordicsemi.no>
Rewrite the entire Procedure Response Timeout mechanism.
Use two separate timers for local and remote initiated procedures.
Signed-off-by: Thomas Ebert Hansen <thoh@oticon.com>
As per bluetooth spec Vol. 6 part B section 5.3 we need to terminate
the connection under given situation
Signed-off-by: Andries Kruithof <andries.kruithof@nordicsemi.no>
BT Core spec 5.3 Vol 6, Part B section 2.4.23 LL_PHY_UPDATE_IND says:
"If both the PHY_C_TO_P and PHY_P_TO_C fields are zero then there is no
Instant and the Instant field is reserved for future use."
Fields that are reserved for future shall be filled with zeros.
New LLCPs implementation didn't handle this case and set the instant
as if there were a PHY change. That caused qualification tests to fail.
The commit fixes the issue.
Signed-off-by: Piotr Pryga <piotr.pryga@nordicsemi.no>
Previously, if a callback was set for notifications, they would always be
sent over unenhanced ATT.
The nfy_mult_data was bigger than the buffer user_data and we were this
overflowing the buffer when setting the tx callback user_data. Now the
data is stored separately and only a pointer to it is added to the
buffer user_data.
Signed-off-by: Herman Berget <herman.berget@nordicsemi.no>
This will generate profile data that can be analyzed using gprof. When
you build the application (currently for native_posix only), after
running the application you will get a file "gmon.out" with the call
graph which can be processed with gprof:
gprof build/zephyr/zephyr.exe gmon.out > analysis.txt
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Validate `id` so that `bt_dev.irk[id]` cannot result in an out-of-bounds
access.
This fixes coverity report 239569.
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
The Tx interval is now calculated at the beginning
of the Tx test and the next transmission is
triggerd by the switch timer instead of event
timer. This fixes a corner case issue when
timer rollover.
Signed-off-by: Kamil Gawor <Kamil.Gawor@nordicsemi.no>
When Host calls HCI_LE_Connection_CTE_Request_Enable with cte type
set to AoD with 1us slots or AoD with 2 us slots, the Controller
verifies if peer device supports Antenna Switching During CTE
Transmission (AoD) feature.
That is wrong because the feature is marked as optional when send
to peer, so it shall be igonerd by remote device.
There are no means to check if peer device supports particular
CTE type, hence the check has to be removed.
The check causes enable CTE REQ procedure to fail after feature
exchange has happened.
Signed-off-by: Piotr Pryga <piotr.pryga@nordicsemi.no>
The CTE request procedure can be run in periodic and non-periodic mode.
In periodic mode it stays enabled until Host call HCI_LE_Connection_CTE-
_Request_Enable(Enable=0x0).
In non-periodic mode the command is disabled after completion,
LL_CTE_RSP is successfully received.
There is missing disable of the procedure in the current code,
so Host is not able to run the command HCI_LE_Connection_CTE_Request_-
Enable(Enable=0x1) again without explicit call to HCI_LE_Connection_-
CTE_Request_Enable(Enable=0x0).
The commit adds missing code responsible for disable of the procedure.
Signed-off-by: Piotr Pryga <piotr.pryga@nordicsemi.no>
...content formats
In case that SenML CBOR or SenML JSON are both disabled there is need to
use plain CBOR as backup.
Signed-off-by: Veijo Pesonen <veijo.pesonen@nordicsemi.no>
There is errata clarification (Errata ID:18700)
about subscriptions on fixed group addresses.
It is possible to subscribe models on non primary elements
on any fixed group address except all nodes address.
Devices should be able to receive messages on fixed addresses
even if they do not support the feature
to which the fixed group address belongs.
Signed-off-by: Aleksandr Khromykh <Aleksandr.Khromykh@nordicsemi.no>
Increase the default TX stack size for BT_CTLR && BT_LL_SW_SPLIT,
as we have seen applications/samples nearing and even reaching
the stack size, causing stack overflows. This is especially
true if CONFIG_FPU=y which takes 96 bytes of the TX stack.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Fix assert on LL BIG terminate call before BIG sync is
established. Assert was caused due to duplicate calls to
release stream contexts, once in LL BIG terminate function
then when releasing the HCI BIG sync failed to be
established node rx was being released.
Use iso_broadcast and iso_receive samples, power cycle the
iso_broadcast device when iso_receive sample is waiting for
BIG sync to be established, iso_receive sample will perform
a BIG sync terminate that leads to the assert.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
When threads are in more than one state at a time, k_thread_state_str()
returns a string that lists each of its states delimited by a '+'.
This in turn necessitates a change to the API that includes both a
pointer to the buffer to use for the string and the size of the buffer.
Signed-off-by: Peter Mitsis <peter.mitsis@intel.com>
This updates the default proxy filter size to 16. Previous value of 3
is too less for the most practical uses and demos. The default proxy
filter type is accept list type and in this mode proxy server rejects
incoming messages from source addresses not in the accept list. The
addresses are added to the accept list when proxy client sends
messages to unicast addresses or manually adds certain addresses to
the accept list. Once this list is full more addresses cannot be added.
This also updates the default network message cache size to 32. The
network message cache helps in preventing duplicate messages getting
repeatedly relayed and helps in reducing unnecessary network traffic.
Previous value of 10 is quite less for most usecases and makes the
node appear to generate much more traffic in mixed network. The
updated value should suffice for most use cases.
Additional explannation is added in Kconfig to help users understand
the significance of this setting.
These two changes result in 176 bytes of additional RAM usage in mesh
samples.
Signed-off-by: Omkar Kulkarni <omkar.kulkarni@nordicsemi.no>
The "Database Out Of Sync" error response shall only be sent once on
each channel after a client becomes change-unaware.
Signed-off-by: Herman Berget <herman.berget@nordicsemi.no>
This fixes the case where the client reads the DB hash without reading
another attribute first after becoming change-unaware.
Signed-off-by: Herman Berget <herman.berget@nordicsemi.no>
Changes the media_proxy API to pass structs by reference instead of by
value.
Also pass structs by reference in internal functions in media player
and in media controller test.
Add pointer checks to the public API implementation where
user/application code provides structs by reference.
Signed-off-by: Asbjørn Sæbø <asbjorn.sabo@nordicsemi.no>
Update the search parser to not modify the supplied parameter.
This will allow the parameter to be made 'const'.
Signed-off-by: Asbjørn Sæbø <asbjorn.sabo@nordicsemi.no>
Commit dc812539b8 ("Bluetooth: MPL: Fix use of uninitialized
command.param value") fixed the use of a potentially un-initialized
variable, by
- splitting a log statement, so that the variable is only
logged (=used) if in use (and therefore hopefully also initialized)
- setting the variable to zero if not in use
The second part is not required, as all other code in the module
checks whether the variable is in use before using it. And this
second part also prevents the parent struct from being made 'const'.
This commits removes the zeroing of the variable, so that the struct
can be made 'const'.
Signed-off-by: Asbjørn Sæbø <asbjorn.sabo@nordicsemi.no>
Changes the media control client API to pass structs by reference
instead of by value.
Also change internals of test to pass struct by reference.
Signed-off-by: Asbjørn Sæbø <asbjorn.sabo@nordicsemi.no>
Update the definition of the set extended advertising data command to be
a variable array instead of hardcoded to the maximum length. This
conforms to the definition from the Bluetooth specification and allows
the corresponding code to be slightly cleaner.
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
In some cases (for examples when offloaded socket implementation does
not implement TLS functionality) it could be desired to create a native
TLS socket with an underlying offloaded socket.
This cannot be achieved with SO_BINDTODEVICE option only, as TLS socket
type is not really associated with a particular interface - it either
has to be offloaded, or a fully native socket is created (native TLS on
a native interface).
In order to address the problem, introduce TLS_NATIVE socket option.
This option instructs the socket dispatcher layer to create a native TLS
socket. As with the socket dispatcher the underlying socket
implementation is not decided during TLS socket creation, therefore it's
possible to use SO_BINDTODEVICE to choose either native or offloaded
interface for the underlying socket.
Additionally remove NET_SOCKETS_OFFLOAD_TLS Kconfig option, as it's no
longer needed with an runtime option to select whether to offload TLS or
not.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add an intermediate socket implementation called socket dispatcher. This
layer can be used along with the socket offloading, to postpone the
actual socket creation until a first operation on a socket is executed.
This approach leaves an opening to bind a socket to a particular
offloaded network interface, and thus offloaded socket implementation,
using SO_BINDTODEVICE socket option. Thanks to this, it is now possible
to use multiple offloaded sockets implementations along with native
sockets, and easily select which socket should use with network
interface (even if it's an offloaded interface).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Adds a Kconfig option for setting the Config Client and Health Client
timeout. Updates updates the default for Config Client to allow
reception of full sized message from a similar peer device at zero hops.
Signed-off-by: Omkar Kulkarni <omkar.kulkarni@nordicsemi.no>
Commit f7c4fe6778 ("shell: optimize history storage a bit") forgot
to distinguish between the newly allocated history item and the previous
one, causing havoc on ring buffer wraparounds with excess padding.
Signed-off-by: Nicolas Pitre <npitre@baylibre.com>
if CONFIG_LOG_TAG_MAX_LEN is 0, then a warning would be generated
on the MIN macro always being false, but as
CONFIG_LOG_TAG_MAX_LEN is a constant, then it is better to just
compile out the function if it's 0.
Signed-off-by: Ryan McClelland <ryanmcclelland@fb.com>
