Check that Ethernet header is in the first net_buf fragment.
This is very unlikely to happen as device driver is expected
to only deliver proper Ethernet frames to upper stack.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
We run various TCP function from work queue. Make sure the
connection lock is taken before accessing the connection.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
support longer name like urn:dev:ops:{OUI}-{ProductClass}-{SerialNumber}
or urn:imei-msisdn:###############-###############
Signed-off-by: Pascal Brogle <pascal.brogle@husqvarnagroup.com>
Fixed stack being to small for joiner operations.
Enabled auto joining even in case of manual start.
Fixed attachement of SED on norfic radios.
Signed-off-by: Marek Porwisz <marek.porwisz@nordicsemi.no>
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Adds check for provisioning random values that are identical to our own,
and terminates the provisioning procedure.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
In bt_set_name we already get name length so let's use it in strncpy
Also fix warning with enable -Wstringop-truncation
Signed-off-by: Ilya Averyanov <a1ien.n3t@gmail.com>
The sync create and sync delete dit not have the correct
amount of mandatory and optional parameters set in the
SHELL_CMD_ARG declarations.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
The sync terminate callback did not set any entries in the
PA sync array to NULL, thus not allowing the shell to
reuse them in case that the sync was lost unexpectectly.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Instead of doing slow (non-fast) scan when syncing to
a PA, it will now do a fast scan, which drastically reduces the
time it takes to create the sync. The application may
still do explicit slow scan if wanted.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
When the application cancels the PA sync, it would update
the scan before clearing the BT_PER_ADV_SYNC_SYNCING flag
which cause the scan to always start again.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Instead of casting k_delayed_work directly to k_work, use the
k_work field name. This avoids warnings from Coverity and
allows the code to work even if the k_delayed_work fields are
re-ordered in the future.
Coverity-CID: 214346
Fixes#28659
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Fix the redundant PDU transmission when the new Tx PDU
buffer is enqueued after MD bit value of zero was
transmitted previously in a connection event.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Add dependency to UDP in DHCPv4 Kconfig option as UDP is needed
in DHPCv4 to work properly.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
An execution path could reach a loop that dereferences a pointer in
conditions where the pointer is null. Add a check to the loop
condition.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Bug description:
When in tcp_conn_unref(), in case one of the delayed works is already
submitted to sysworkq (after delay period), e.g. send_timer, the check
of k_delayed_work_remaining_get() prevents calling
k_delayed_work_cancel().
This leads to corrupting sysworkq when zeroing struct tcp* conn.
Note that the "next" pointer for the work queue is part of the struct
work (in _reserved field). Which is, in this case, a member of struct
tcp.
Scenario leading to the bug:
(1) net_tcp_connect() is called from a work in sysworkq
(2) net_tcp_connect() submits conn->send_timer to sysworkq
(3) while net_tcp_connect() is waiting on connect_sem, delay period
passes (z_timeout) and send_timer enters sysworkq work slist
(4) also, some other code (app) submits more works to queue, now pointed
by conn->send_timer in sysworkq work list
(5) connection fails (no answer to SYN), causing a call to
tcp_conn_unref()
(6) tcp_conn_unref() is calling tcp_send_queue_flush()
(7) checking k_delayed_work_remaining_get(&conn->send_timer) returns 0
due to delay period end, but send_timer is still in sysworkq work
slist (sysworkq thread still hasn't handled the work)
(8) BUG!: no call to k_delayed_work_cancel(&conn->send_timer)
(9) back in tcp_conn_unref(), a call to memset(conn, 0, sizeof(*conn))
zeroes conn->send_timer
(10) conn->send_timer is pointed to in sysworkq work slist, but is
zeroed, clearing pointer to following works submitted in stage (4)
(11) EFFECT! the works in stage (4) are never executed!!
NOTES:
* k_delayed_work_cancel(), handles both states:
(1) delayed work pends on timeout and
(2) work already in queue.
So there is no need to check k_delayed_work_remaining_get()
* This is also relevant for conn->send_data_timer
Solution:
removing checks of k_delayed_work_remaining_get(), always calling
k_delayed_work_cancel() for work in struct tcp, in unref, before memset
Signed-off-by: David Komel <a8961713@gmail.com>
Instead of hardcoding the priority1 and priority2 values used
in BMCA, let the user tweak the values via Kconfig.
Fixes#28151
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Fix bt_le_oob_get_local and bt_le_ext_adv_oob_get_local stuck forever
waiting for the sc_local_pkey_ready semaphore when SC HCI commands
are not supported in the controller.
By using the le_sc_supported helper function the runtime check of HCI
commands and the feature check of CONFIG_BT_SMP_OOB_LEGACY_PAIR_ONLY
is combined to be handled int the same way.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Move the le_sc_supported helper function up in the source file so that
it can be re-used in other places without a forward declaration.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Since conn->send_data_total is of time size_t we need to use %zu or
we'll get build errors in sanitycheck on 64-bit platforms
Fixes#28605
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
If the network driver for some reason did not set the data in
the network packet properly, then just drop it as we cannot do
anything with just plain net_pkt.
Fixes#28131
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If hannel don't have alloc_buf and the RX MTU is configured to require
segmentation this warn the user and truncate the RX MTU.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
In case where ull_adv::disable() is disallowed, disable_mark is
erroneously re-mark instead of un-marked
Signed-off-by: Erik Brockhoff <erbr@oticon.com>
If there is no handler for IPv4 broadcast packet, then ignore it
instead of trying to send an ARP message to resolve the senders
address.
Fixes#21016
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Accourding to the spec the CCC descriptor may occur in any position
within the characteristic definition after the Characteristic Value.
Fixes#28324
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Fix for handling REJECT_IND PDU received for PHY Update,
Connection Parameter Request and Data Length Update control
procedures.
If a link layer control procedure collision occurs, example
with local initiated PHY Update Procedure, and peer sends a
REJECT_IND PDU, then the PHY Update Procedure is stalled.
Fixes#28282.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
According Mesh Profile Spec 5.4.2.4 Authentication, if device
use Input OOB Authentication method, should send input complete
pub after local public key has been acked.
`bt_mesh_input_string` or `bt_mesh_input_number` directly send
`input_complete`, however does not check whether the pub key has
been sent.
Mesh Provisioning timeout set to `60` seconds, so even this
probability is extremely low, it does not mean that there is no
such probability.
Signed-off-by: Lingao Meng <mengabc1086@gmail.com>
Fix bug in device name shortening handling leading to memory
corruption.
This is triggered by an underflow in the length field of the shortened
name when set_data_len + 2 > set_data_len_max.
Fixes: #27693
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Ignore error when failing to set the passive scanner private address.
This can happen because in between the time we checked if the
advertiser was enabled and the time we execute the set random address
command the state of the advertiser could have changed in the
controller, and we only set the state once the command has completed
in the controller.
Fixes: #25672
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix not setting NRPA before starting scanner.
Occurs with BT_PRIVACY=n and BT_EXT_ADV=y
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
We need to have timer that closes the connection for good if
we do not get the FIN and ACK reponse from the peer.
If there is any pending data when application does close(),
send them before sending FIN.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If there is some error during connection creation, just bail
out in order to avoid null pointer access.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we try to send data but the sending window is full, then
try to kick the resend of the pending data.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If there is no space in the sending window, then return -EAGAIN
so that the caller may try later.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
We should have a max value for sending window so that application
is not able to use all our net_bufs for queueing packets.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The socket layer expects to receive -ENOBUFS if we do not have
any network buffers so cannot build a network message to be sent.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If there is an error, the net_context.c:context_sendto() will
free the net_pkt, so we must not do it here.
This commit fixes this error message:
<err> net_pkt: *** ERROR *** pkt 0x20421908 is freed already
(context_sendto():1672)
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
