If the TCP segment is not sent properly by L2, then do not mark
it "not sent" in net_if.c:net_if_tx(). That "not sent" marking
confused TCP ref counting in tcp.c:tcp_retry_expired() and caused
the packet to be freed too early which then caused free net_buf
access issue during packet resend. This free memory access was
seen with zperf sample application.
From TCP point of view, the packet can be considered sent when
it is given to L2. The TCP timer will resend the packet if needed.
Fixes#15050
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
This reverts commit 9cd547f53b.
The commit we are reverting, fixed originally the issue that was
seen with zperf. There we freed the net_pkt too early while it was
still waiting for a TCP ACK. The commit 9cd547f5 seemd to fix that
issue but it was causing issues in dump_http_server sample app which
then started to leak memory. No issues were seen with echo-server
with or without the commit 9cd547f5.
So the lessons learned here is that one needs to test with multiple
network sample apps like dump_http_server, echo_server and zperf
before considering TCP fixes valid, especially fixes that touch
ref counting issues.
Fixes#15031
The next commit will fix the zperf free memory access patch.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
In order to accept string of the same size entered in
CONFIG_BT_DEVICE_NAME_MAX an extra byte must be allocated to guarantee
it will always be NULL terminated.
Fixes#15067
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Add TELNET backed for shell module. The TELNET implementation is based
on the telnet_console driver.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
There's no need to track this info in prov.c since hci_core.c is
already doing it. Just query hci_core.c always using the
bt_pub_key_get() API.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
If PB-GATT is disabled while there are connected clients, those
clients must be disconnected. Add a 'disconnect` parameter to
bt_mesh_proxy_prov_disable() to handle scenarios when we don't want to
disconnect (e.g. right after successfully finishing provisioning) and
tose where we do want to disconnect (e.g. user requesting to disable
the provisioning bearer).
Also make sure that we always update advertising, so that a stale
advertising set isn't left in the controller.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
If both PB-ADV and PB-GATT are supported, we need to properly
re-initialize variables such as link.rx.prev_id and (particularly
importantly) link.rx.buf. If we don't do this it may lead to the
following fault when trying to reprovision again:
***** USAGE FAULT *****
Illegal use of the EPSR
***** Hardware exception *****
Current thread ID = 0x20001f10
Faulting instruction address = 0x0
Fatal fault in thread 0x20001f10! Aborting.
Fixes#14928
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Remove unnecessary const keywords (the entire struct is const) and use
bool instead of u8_t for the require_link member.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Using settings_delete() makes it much easier to understand what the
code is doing, and actually also reduces the amount of code.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Add error checking, remove redundant code, and improve the logging for
settings related functionality.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The read() callback of attributes returns ssize_t and not size_t. Fix
this, which also fixes a Coverity warning.
Fixes Coverity CID 197457
Fixes#14958
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The convention in the code is to use the appropriate address copying
functions instead of direct assignments. Even when a specific copying
function doesn't exist the convention is to use memcpy.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The master is using unknown rsp to terminate slave side initiated
procedures that has collided with the encryption procedure initiated by
the master.
We need to handle an unknown response that is sent in unencrypted during
the encryption procedure, even though we have already set up to receive
encrypted packets.
Fixes#14044
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Updating the Resolvable Private Address when advertising and
active scanning in progress fails and clears the RPA_VALID
flag; making the next bt_le_scan_start while continuing to
advertise to fail.
This is fixed by keeping the RPA_VALID flag remain set.
Stopping and starting active scanning to update RPA can be
implemented in a separate commit.
Fixes#9463.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Replaced by the new CONFIG_LOG system.
Also remove the "Logging Options" menu and turn the LOG symbol into a
'menuconfig', with prompt "Logging", which appears in the top menu. LOG
and its dependent symbols make up all of the logging Kconfig symbols
now.
Piggyback some minor cleanup.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
This patch increases size of acl_tx_pool and makes sure that acl_read_cb
waits for available buffers.
Size of acl_tx_pool is now configurable with CONFIG_BT_CTLR_TX_BUFFERS.
Previously it was possible to run out of buffers and in that case
acl_read_cb returned. This caused ACL data TX to stall because device
did not read data from HCI out endpoint.
Fixes#14899
Signed-off-by: Matias Karhumaa <matias.karhumaa@gmail.com>
RTT backend supports two modes blocking and drop. Apparently,
defines used lead to warning while clang compilation. Define
that caused warning has been changed together with clean up
which removed #ifdefs for definitions.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Rename power managment subsystem Kconfig options describing minimum
residency to make them easier to identify with respective policy.
Following is a detailed list of string replacements used:
s/SYS_PM_SLEEP_(\d)_MIN_RES/SYS_PM_MIN_RESIDENCY_SLEEP_$1/
s/SYS_PM_DEEP_SLEEP_(\d)_MIN_RES/SYS_PM_MIN_RESIDENCY_DEEP_SLEEP_$1/
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
Add SYS_POWER_ prefix to HAS_STATE_SLEEP_, HAS_STATE_DEEP_SLEEP_
options to align them with names of power states they control.
Following is a detailed list of string replacements used:
s/HAS_STATE_SLEEP_(\d)/HAS_SYS_POWER_STATE_SLEEP_$1/
s/HAS_STATE_DEEP_SLEEP_(\d)/HAS_SYS_POWER_STATE_DEEP_SLEEP_$1/
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
This commit cleans up names of system power management functions by
assuring that:
- all functions start with 'sys_pm_' prefix
- API functions which should not be exposed to the user start with '_'
- name of the function hints at its purpose
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
There exists SoCs, e.g. STM32L4, where one of the low power modes
reduces CPU frequency and supply voltage but does not stop the CPU. Such
power modes are currently not supported by Zephyr.
To facilitate adding support for such class of power modes in the future
and to ensure the naming convention makes it clear that the currently
supported power modes stop the CPU this commit renames Low Power States
to Slep States and updates the documentation.
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
When building ticker.c from the shell, it requires include access to the
Nordic HAL, so add the relevant folder to the include path.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
CONFIG_PM_LOG_LEVEL was renamed to CONFIG_SYS_PM_LOG_LEVEL in commit
c45961daae ("power: Rework OS <-> Application interface"), but the old
name is still used here. Fix the name.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
The network packet ref count was not properly increased when
the TCP was retried. This meant that the second time the packet
was sent, the device driver managed to release the TCP frame even
if we had not got ACK to it.
Somewhat long debug log follows:
The net_pkt 0x08072d5c is created, we write 1K data into it, initial ref
count is 1.
net_pkt_write: pkt 0x08072d5c data 0x08075d40 length 1024
net_tcp_queue_data: Queue 0x08072d5c len 1024
net_tcp_trace: pkt 0x08072d5c src 5001 dst 5001
net_tcp_trace: seq 0x15d2aa09 (366127625) ack 0x7f67d918
net_tcp_trace: flags uAPrsf
net_tcp_trace: win 1280 chk 0x0bea
net_tcp_queue_pkt: pkt 0x08072d5c new ref 2 (net_tcp_queue_pkt:850)
At this point, the ref is 2. Then the packet is sent as you see below.
net_pkt_ref_debug: TX [13] pkt 0x08072d5c ref 2 net_tcp_queue_pkt():850
net_tcp_send_data: Sending pkt 0x08072d5c (1084 bytes)
net_pkt_unref_debug: TX [13] pkt 0x08072d5c ref 1 (ethernet_send():597)
Ref is still correct, packet is still alive. We have not received ACK,
so the packet is resent.
tcp_retry_expired: ref pkt 0x08072d5c new ref 2 (tcp_retry_expired:233)
net_pkt_ref_debug: TX [10] pkt 0x08072d5c ref 2 tcp_retry_expired():233
net_pkt_unref_debug: TX [10] pkt 0x08072d5c ref 1 ... (net_if_tx():173)
net_pkt_unref_debug: TX [10] pkt 0x08072d5c ref 0 ... (net_if_tx():173)
Reference count is now wrong, it should have been 1. This is because we
did not increase the ref count when packet was placed first time into
sent list in tcp.c:tcp_retry_expired().
The fix is quite simple as you can see from this commit.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
With BT_HOST_CRYPTO, advertising stack size could be overflowed,
increase size to 1024 when BT_HOST_CRYPTO is enabled.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
This patch fixes following issues.
* If IPv6 neighbor table is full, stack can not add any new
neighbors. So stale counter is introduced. Whenever neighbor
enters into STALE state, stale counter will be incremented
by one. When table is full and if stack wants to add new
neighbor, oldest neighbor in STALE state will be removed
and new neighbor will be added.
* When neighbor is in PROBE state and when it exceeds max
number of PROBEs, only neighbor with router is removed.
As per RFC 4861 Appendix C, entry can be discarded. Now
neighbor will be removed from the table.
* Reachability timer has an issue. e.g. if a first entry timer
is 10 seconds, after 3 seconds, a new entry added with
only 3 seconds. But current implementation does not check
whether remaining time of current left over timeout is more
than new entry timeout or not. In this example, when new entry
timeout is 3 seconds, left over timeout from first etnry is
still 7 seconds. If k_delayed_work_remaining_get() returns
some value then new entry time out was not considered.
Which is bad. It fixed now.
* nbr_free is used sometimes to remove the neighbor. Which does
not remove route if that particulat neighbor is route to some
other neighbor. net_ipv6_nbr_rm() should be used in such places.
* Trivial changes which does not affect functionality.
Fixes#14063
Signed-off-by: Ravi kumar Veeramally <ravikumar.veeramally@linux.intel.com>
Shell was selecting logger option which lead to define
CONFIG_LOG_RUNTIME_FILTERING generation even though log
was disabled. That messed up logger and lead to compilation
failure.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Fix regression and allow incoming packet when source and
destination port numbers are the same.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
In case of Ethernet for instance, the MTU is larger than the minimal
IPv6 MTU, so it is not required to fragment a packet that fits in
Ethernet MTU.
Fixes#14659
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Command scan fixed in the way that it can take one mandatory parameter
and one optional. Previously it accepted only 2 mandatory parameters.
Signed-off-by: Jakub Rzeszutko <jakub.rzeszutko@nordicsemi.no>
Removed automatic argument count checking in bt command. Now
it is possible to print a message that extra argument is not
recognized.
Signed-off-by: Jakub Rzeszutko <jakub.rzeszutko@nordicsemi.no>
It is invalid to try to bit shift the same amount of bits as
what is the number of bits in the left expression’s type.
Coverity-CID: 187079
Fixes#8988
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Use ringbuf library for handling RX CDC ACM path. Remove old code
artifacts handling specific hardware.
Fixes#14288
Signed-off-by: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
Several public APIs were not checking the BT_DEV_READY flag, which
could lead to hard-to-debug behavior, particularly when the stack
lacks an identity address. Add the appropriate checks to these APIs.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The treatment of the BT_DEV_READY flag was broken when used together
with BT_SETTINGS. The flag would get set even though the stack was
still in a partially initialized state. Even worse, for central role
the stack would potentially try to initiate passive scanning without
having an identity address.
Refactor the code that sets the BT_DEV_READY flag (among other
initialization) into a separate bt_finalize_init() helper function and
call it when the settings have been loaded. Also clarify the warning
message given to the user in case settings_load() needs to be called.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The code for checking duplicates in the existing settings store was
incorrectly identifying a new value with the same initial content but
shorter length as a duplicate. Fix this by doing an early check on a
new vs old length mismatch, and immediately flag this as not a
duplicate.
Fixes#14840
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Enforce that NULL value is never given with a non-zero length. This
way we don't need to check this over and over again further down the
call path.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Fix a bug where the controller would use the length
field of the advertisement packet before checking
if the length field was valid.
It is possible that the controller has received a packet
that passes CRC check but has a length field that is invalid.
This would cause the scanner to overwrite the scan report
buffer
Fixes: #14741
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
