Remove re-using connection objects in disconnected state when creating
directed advertiser or establishing a connection as a central using
direct connection procedure.
This makes the API mores consistent it terms of which connection roles
can be started from the disconnected callback.
This also avoids a central connection object being re-used for a
connection as a peripheral instead and vice versa.
When attempting to create a new connection the API would returning
a valid connection object if there is already an existing connection
object.
This existing connection object could be either in the process of
establishing the connection or already connected.
Returning the connection object in this would give the false impression
that the stack has initiated connection procedure, when in fact it just
returned an existing connection object.
The application has the ability to check for existing connection objects
using the bt_conn_lookup_addr_le API.
Add warning plus comment possible scenarios why the a valid connection
object might exists. Most important is to explain why a valid connection
object exists during the disconnected callback.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reserve conn object for undirected connectable advertiser. This means we
won't have a situation where we start a connectable advertise but will
fail to allocate a connection object for it in the connection complete
event.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reserve a connection object when starting the auto-initiator using the
controller whitelist.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix bt_conn_create_aute_le returning the wrong error code when bt_init
has not been called yet. This is inconsistent with the rest of the API
functions.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Refactor stopping directed advertiser to disconnect the state object
when calling advertise stop. This follows the same pattern as
bt_conn_disconnect.
Remove returning conn objects in BT_CONN_CONNECT state, this state could
only be an initiator starting a connection in the central role.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Start initiator immediately instead of scanning for device first.
If the host resolving list is used we need to go via scanner to resolve
the address.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Instead of having all (=addr NULL or BT_ADDR_LE_ANY to bt_unpair) as a
special case, iterate over all connected peers and unpair them the
regular way. This means bt_gatt_clear is called too. Doing this way
allows us to remove a lot of (now) unused code as well.
Signed-off-by: Jacob Siverskog <jacob@teenage.engineering>
Make remote features and remote version accesible to the application
through the bt_conn_get_remote_info object. The host will auto initiate
the procedures. If the procedures have not finished with the application
calls bt_conn_get_remote_info then EBUSY will be returned.
The procedures should finish during the first 10 connection intervals.
Signed-off-by: Sverre Storvold <Sverre.Storvold@nordicsemi.no>
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This enable chaning the function and line number making it easier to
debug where a buffer allocation is blocking.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Handle invalid ACL flags in HCI transport.
Only Point to Point is supported over HCI in both directions.
Fix flushable start HCI ACL packets not allowed on LE-U connections
from Host to controller.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
If the whitelist already exists in the controller then the controller
should not add the device tot the whitelist and should return success.
In that case the counting of entries in the whitelist in the host will
be wrong.
Remove all whitelist counting in the host, and instead rely on the error
reported by the controller for this.
The controller should return error if the whitelist is full.
The controller should return error if use of whitelist was requested but
the whitelist was empty.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Check that the bluetooth device has in fact been initialized before
continuing with public API calls. This could lead to crashes when using
state that has not yet been initialized.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Send connection parameter update request only if it contains the valid
range of values for connection intervals, latency and timeout.
Signed-off-by: Kiran Paramaswaran <kipm@oticon.com>
Now that the TX callbacks happen from the system workqueue but fixed
channels get processed from the RX thread there's a risk that the
ordering of these gets messed up. This is particularly bad for ATT
when it's trying to enforce flow control.
To fix the issue store the completed TX packet information in a
per-connection list and process this list before processing any new
packets for the same connection. We still also schedule a workqueue
callback, which will simply do nothing for this list if bt_recv()
already took care of it.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This define is not of use anymore since there's a global net_buf user
data Kconfig variable and its definition already guarantees a
sufficient minimum for Bluetooth.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Now that we've removed the TX allocation dependency from the TX thread
we no longer have the need to do special-casing for the system
workqueue when allocating buffers. Instead, we do have to special-case
the system workqueue when allocating TX contexts since the system
workqueue is the only place where they get freed up.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This is a moderate redesign of the pending TX packet handling that
aims to eliminate potential deadlocks between the TX thread and the
system workqueue thread. The main changes are:
- TX context (bt_conn_tx) is allocated during buffer allocation, i.e.
not in the TX thread.
- We don't allocate a TX context unless there's an associated
callback. When there's no callback simple integer counters are used
for tracking.
- The TX thread is no longer responsible for TX callbacks or
scheduling of TX callbacks. Instead, the callbacks get directly
scheduled (k_work_submit) from the RX priority thread.
- CONFIG_BT_CONN_TX_MAX defaults to CONFIG_BT_L2CAP_TX_BUF_COUNT,
and in most cases wont need changing. The value now only indicates
how many pending packets with a callback are possible.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Fix race condition in bt_conn_create_le for the state of the scanner in
the Host. This leads to the host issuing a create connection command
without stopping the scanner first. This leads to command disallowed and
failing to establish connection. As well as inconsistent state in the
host which does not allow to stop the running scanner.
The race condition exists because the processing of le_adv_report
handler is done before the thread that called bt_conn_create_le was
woken up to continue after the command_complete event.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix command status for LE Command Param Update HCI command silently
dropped by the host without notifying the application that this command
has failed. This happens because the host does not wait for the command
status event to check the status code returned.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix deadlock in Bluetooth Host. Deadlock could happen from the SMP
callbacks when calling Bluetooth API functions. This is because the
callbacks was given directly from the HCI TX thread. If the calling
API function resulted in trying to send a new HCI command it would post
this HCI command to the HCI TX thread and then wait for command complete
event. This would result in the HCI TX thread blocked waiting for the
itself to process the command.
Example:
Calling bt_conn_le_conn_param_update from pairing_complete callback.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The HCI transport implemented by an application using the HCI raw
interface may have its own buffer headroom requirements. Currently the
available headroom gets completely determined by the selected HCI
driver. E.g. most of the time this is the native controller driver
which doesn't reserve any headroom at all.
To cover for the needs of HCI raw users, add a new Kconfig variable
for the apps to set to whatever they need. Correspondingly, use the
maximum of the HCI driver and HCI raw headroom requirements for the
buffer pool definitions and the headroom initializations.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Key overwrite feature allows to overwrite old pairing key
records when key storage is full and a new pairing request occurs,
or new keys are distributed. If enabled when key storage is full and
a keys storage slot is requested, the oldest keys added will be
removed. So new devices can be paired with no limitations and no need
to determine, which devices should be unpaired to free key storage
space explicitly in application. To enable the feature set
CONFIG_BT_KEYS_OVERWRITE_OLDEST=y.
Oldest keys are determined by minimum value of up-counting aging
counter. If you set CONFIG_BT_KEYS_SAVE_AGING_COUNTER_ON_PAIRING=y
aging counter values will be updated each time the secure connection
is established. This might increase flash wear out if at least two
secure connections are established and shut down periodically. When
the option disabled aging counter is still updated on each new secure
connection, but not stored to flash.
Signed-off-by: Sergiy Nikolayenko <sergiy_nikolayenko@jabil.com>
Fix compilation issue when wanting to use whitelist in bluetooth
applications that does not have CONFIG_BT_CENTRAL defined.
These functions are useful even for broadcaster and observer roles.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Move initiating security functionality and LTK requesting into the SMP
module so that SMP can track when the connection is in the encryption
process
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This moves check_perm code under GAT and make use of it to check if CCC
write permission can be attended by the connection security level or if
it needs to be increased.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This makes the identity initialization consistent and actually catches
a few branches where it may not have properly happened.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Make it possible to initiate new connections from within the
disconnect callback. This wasn't completely trivial since there was
connection cleanup done through deferred action using the CONN_CLEANUP
flag.
This patch moves the disconnected callbacks to be run after all
cleanup is done. We can't directly do this in the TX thread, since
that's internal, so we instead take advantage of the deferred work
support and do it using the update_work callback. Since the same
cleanup is needed also for BR/EDR connections the work definition is
moved from the LE-specific struct to the generic struct bt_conn.
A valid bt_conn object in disconnected state is a likely indication of
a connection reference leak, so there's a new BT_WARN() for this case
in bt_conn_create_le().
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Add iterator function to iterate over all connection objects.
Make type a bitmap so that it can be used as a bitmask to select which
conns to receive foreach callback.
Use foreach function internally where possible.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
SMP shall be considered internal TX notify callbacks so they are
allowed to be run from TX thread context like the others.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This adds bt_conn_create_pdu_timeout function which can be used
to provide a timeout when allocating a buffer.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Rename AUTHENTICATION, to AUTH, since this is a well established short
form of the word.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Rename bt_conn_security to bt_conn_set_security, this makes the API
naming more consistent.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Rename security level enum, using level and number instead of low,
medium, high and fips.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add option to force the host to initiate pairing procedure even if the
host has encryption keys for the peer.
This option can be used to pair with a bonded peer that has deleted its
bonding information without deleting the keys. If new pairing results
in weaker keys the pairing will be aborted.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add security error to security_changed callback. Call this callback when
security has failed and provide current security level and error.
Reason for failure can be.
- Pairing procedure failed, pairing aborted before link encryption.
- Link encrypt procedure failed
- Link key refresh procedure failed.
Fix missing bt_conn_unref on encryption key refresh with error status.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Proved the Authentication callback for pairing failed and pairing
complete when BR/EDR SSP is complete.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix missing interval min copy in bt_conn_set_param_le. Application is
unable to override BT_GAP_INIT_CONN_INT_MIN for interval_min.
Fixes: #17789
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This is safer now that bt_conn_create_pdu can return NULL when using
syswq which can prevent things like signalling of L2CAP and ATT layers.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Since TX complete notification are dispatched with syswq blocking on it
can completely deadlock Bluetooth so this attempt to make it safe by
return -ENOMEM if that the current thread happens to be the syswq
thread.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Add whitelist support in the bluetooth host.
Supported features:
- Advertising with whitelist on scan requests, connect request ,or both
- Scanning with whitelist
- Creating connections using a whitelist (Auto connection procedure).
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Use the src and dst naming to refer to the identity addresses of the
connection. Keep the device addresses used during connections but rename
them to local and remote instead.
Update documentation to be more descriptive.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The init addr should contain the on-air address used to establish the
connection. The dst address contains either the current RPA of the
unknown peer, or the identity address after identity information has
been exchanged.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The call to bt_conn_security will send a SMP security request for
peripheral, and for central it will initiate LL encryption.
A call to bt_conn_security with no IO capabilities but authenticated
keys has been distributed, would succeed on central side, but fail on
peripheral side with error code -22.
The keys could have been either:
- Preprogrammed
- IO capabilities may have changed.
- OOB bonding may been used.
Fix so that Peripheral can send a security request if the bond
information is already established.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
move misc/stack.h to debug/stack.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/util.h to sys/util.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/slist.h to sys/slist.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/byteorder.h to sys/byteorder.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/__assert.h to sys/__assert.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
