Add option to set the size of the discardable buffer pool. This saves
memory for the MESH use case where we expect a large number of advertise
reports.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Adds a way to register listeners for incoming scanner packets, in
addition to the callback passed in bt_le_scan_enable.
This allows application modules to add multiple scan packet listeners
without owning the scanner life cycle API, enabling use cases like
beacon scanning alongside Bluetooth Mesh.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Remove toggling the advertise enable state when the advertiser name has
been updated. Advertise and scan response data should be used by the
controller on subsequent advertising events.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Start initiator immediately instead of scanning for device first.
If the host resolving list is used we need to go via scanner to resolve
the address.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Instead of having all (=addr NULL or BT_ADDR_LE_ANY to bt_unpair) as a
special case, iterate over all connected peers and unpair them the
regular way. This means bt_gatt_clear is called too. Doing this way
allows us to remove a lot of (now) unused code as well.
Signed-off-by: Jacob Siverskog <jacob@teenage.engineering>
Make remote features and remote version accesible to the application
through the bt_conn_get_remote_info object. The host will auto initiate
the procedures. If the procedures have not finished with the application
calls bt_conn_get_remote_info then EBUSY will be returned.
The procedures should finish during the first 10 connection intervals.
Signed-off-by: Sverre Storvold <Sverre.Storvold@nordicsemi.no>
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Refactor the handling of the host auto initiated LL procedures.
This makes it easier to add new auto initiated procedures as well as
reduced the maintenance by reducing code duplication.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Always check that the length of the returned command complete
event for a vendor specific command matches the expected length
when the support for Zephyr VS HCI commands are uncertain.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix multiple issues related to the way the host handles
Identity Information related to privacy
1. If the controller provided a public address the IRK
for this identity would be randomly generated but not
stored persistenly.
2. Fix the handling of the above issue which was fixed
for the random address but would initiate settings save
ID on every boot.
3. Fix the host not using the Vendor Specific HCI commands
related to retrieving the Identity Root (IR) from the
controller and using the key diversified function d1
to generate an IRK as specified in the BT Core spec.
Make sure that a Host generated ID is only saved when it is first
generated.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The whitelist API uses the controller directly through HCI commands.
Bluetooth device must have been initialized before sending HCI commands.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
If the whitelist already exists in the controller then the controller
should not add the device tot the whitelist and should return success.
In that case the counting of entries in the whitelist in the host will
be wrong.
Remove all whitelist counting in the host, and instead rely on the error
reported by the controller for this.
The controller should return error if the whitelist is full.
The controller should return error if use of whitelist was requested but
the whitelist was empty.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Check that the bluetooth device has in fact been initialized before
continuing with public API calls. This could lead to crashes when using
state that has not yet been initialized.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Now that the TX callbacks happen from the system workqueue but fixed
channels get processed from the RX thread there's a risk that the
ordering of these gets messed up. This is particularly bad for ATT
when it's trying to enforce flow control.
To fix the issue store the completed TX packet information in a
per-connection list and process this list before processing any new
packets for the same connection. We still also schedule a workqueue
callback, which will simply do nothing for this list if bt_recv()
already took care of it.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This define is not of use anymore since there's a global net_buf user
data Kconfig variable and its definition already guarantees a
sufficient minimum for Bluetooth.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This is a moderate redesign of the pending TX packet handling that
aims to eliminate potential deadlocks between the TX thread and the
system workqueue thread. The main changes are:
- TX context (bt_conn_tx) is allocated during buffer allocation, i.e.
not in the TX thread.
- We don't allocate a TX context unless there's an associated
callback. When there's no callback simple integer counters are used
for tracking.
- The TX thread is no longer responsible for TX callbacks or
scheduling of TX callbacks. Instead, the callbacks get directly
scheduled (k_work_submit) from the RX priority thread.
- CONFIG_BT_CONN_TX_MAX defaults to CONFIG_BT_L2CAP_TX_BUF_COUNT,
and in most cases wont need changing. The value now only indicates
how many pending packets with a callback are possible.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
A recent patch increased struct cmd_data from 8 to 12 bytes, which is
more than the default user data for Bluetooth. We generally don't want
the core stack to require more than 8, so instead of increasing the
requirement, move the data out from the buffer into its own array with
the help of the net_buf_id() API.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Fix race condition in bt_conn_create_le for the state of the scanner in
the Host. This leads to the host issuing a create connection command
without stopping the scanner first. This leads to command disallowed and
failing to establish connection. As well as inconsistent state in the
host which does not allow to stop the running scanner.
The race condition exists because the processing of le_adv_report
handler is done before the thread that called bt_conn_create_le was
woken up to continue after the command_complete event.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The HCI transport implemented by an application using the HCI raw
interface may have its own buffer headroom requirements. Currently the
available headroom gets completely determined by the selected HCI
driver. E.g. most of the time this is the native controller driver
which doesn't reserve any headroom at all.
To cover for the needs of HCI raw users, add a new Kconfig variable
for the apps to set to whatever they need. Correspondingly, use the
maximum of the HCI driver and HCI raw headroom requirements for the
buffer pool definitions and the headroom initializations.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
This commit adds a string representation of the
nRF53 variant in bluetooth host.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
Reduces the severity of warnings that happen from normal behavior, or
can't be prevented by the user:
- "No ID address" in hci_core.c: Reduced to an informational warning, as
this will always output with the expected usage. This isn't useful
information for 99.9% of users, and pollutes the output of all samples
using the module.
- "Composition page %u not available" in cfg_srv.c: According to the
Mesh Profile Specification section 4.4.2.2.2, the client is expected
to send page=0xff. Reduced to a debug message.
- "Connectable advertising deferred" in proxy.c: Gets logged every 10
seconds when in a Mesh Proxy connection. This is not useful
information unless the user is debugging the proxy module. Reduced to
a debug message.
Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no>
Add public API function to get the connection handle of the connection.
The connection handle is needed by applications that intend to send
vendor specific commands for a given connection.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix compilation issue when wanting to use whitelist in bluetooth
applications that does not have CONFIG_BT_CENTRAL defined.
These functions are useful even for broadcaster and observer roles.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Move initiating security functionality and LTK requesting into the SMP
module so that SMP can track when the connection is in the encryption
process
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Enable possibility to configure time a slave will wait until
start of connection parameters update procedure after BT connection
is established.
Signed-off-by: Piotr Pryga <piotr.pryga@nordicsemi.no>
This makes the identity initialization consistent and actually catches
a few branches where it may not have properly happened.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Make it possible to initiate new connections from within the
disconnect callback. This wasn't completely trivial since there was
connection cleanup done through deferred action using the CONN_CLEANUP
flag.
This patch moves the disconnected callbacks to be run after all
cleanup is done. We can't directly do this in the TX thread, since
that's internal, so we instead take advantage of the deferred work
support and do it using the update_work callback. Since the same
cleanup is needed also for BR/EDR connections the work definition is
moved from the LE-specific struct to the generic struct bt_conn.
A valid bt_conn object in disconnected state is a likely indication of
a connection reference leak, so there's a new BT_WARN() for this case
in bt_conn_create_le().
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The return code of set_random_address is not always handled. This could
lead to connection using the wrong Identity address.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add workaround for advertising data issue in the internal bluetooth
controller. The advertising data must be set after advertising
parameters in order to successfully update the advertising data after
an directed advertiser has been active.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Rename AUTHENTICATION, to AUTH, since this is a well established short
form of the word.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Rename security level enum, using level and number instead of low,
medium, high and fips.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
A security vulnerability in the Bluetooth BR/EDR Bluetooth Core
specification versions 1.0 through 5.1 has been identified as
CVE-2019-9506. The Bluetooth BR/EDR encryption key negotiation
protocol is vulnerable to packet injection that could allow an
unauthenticated user to decrease the size of the entropy of the
encryption key, potentially causing information disclosure and/or
escalation of privileges via adjacent access. There is not currently
any knowledge of this being exploited.
From Core spec erratum 11838:
A device shall enforce an encryption key with at least 128-bit
equivalent strength for all services that require Security Mode 4,
Level 4. For all other services that require encryption, a device
should enforce an encryption key with at least 56-bit equivalent
strength, irrespective of whether the remote device supports Secure
Simple Pairing.
After encryption has been enabled, the Host should check the
encryption key size using either the HCI_Read_Encryption_Key_Size
command (see [Vol 2] Part E, Section 7.5.7) or a vendor-specific
method.
Fixes#18658
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
In case sufficient security level wasn't reached the error propagation
was missing, which could lead to incorrect state transitions when
update_sec_level_br() returns. Return true/false and make sure to
abort any further operations in case the update fails.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
The storage for the public key is pub_key in hci_core.c.
When the public key event is generated the public key is copied into
this buffer, but the pointer to the event storage of the key is given
in the public key ready callback (bt_smp_pkey_ready).
SMP expects that it is safe to assign a global pointer to this variable.
In smp_init bt_pub_key_get is used to get the pointer to the public key.
In both cases SMP assigns the le_sc_pub_key to the pointer given.
This creates an issue when bt_smp_pkey_ready callback occurs after
smp_init during pairing procedure, SMP will then have a pointer to an
event buffer that has been released and contains invalid data.
Fixes: #18580
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Give the security changed callback when the peripheral initiated
security request and peer attempted to encrypt the connection but no LTK
match was found.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add security error to security_changed callback. Call this callback when
security has failed and provide current security level and error.
Reason for failure can be.
- Pairing procedure failed, pairing aborted before link encryption.
- Link encrypt procedure failed
- Link key refresh procedure failed.
Fix missing bt_conn_unref on encryption key refresh with error status.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Proved the Authentication callback for pairing failed and pairing
complete when BR/EDR SSP is complete.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix issue unable to connect to bonded peer when host resolution is used
either because the controller does not support privacy, or the
controller resolving list was exceeded.
In this case we need to use the RPA from the advertising report
directly, there is a small chance of the peer cycling the RPA here, in
which case the connection might be unsuccessful.
Bug introduced here: 45da629b24Fixes: #18306
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The RPA timer should always be running, even with privacy supported by
the controller. In order to select an IRK to generate the private
the controller is instructed by provided an identity address.
If we want to advertise privately without providing an identity address
the host has to set the private address.
Fixes: #18150
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add whitelist support in the bluetooth host.
Supported features:
- Advertising with whitelist on scan requests, connect request ,or both
- Scanning with whitelist
- Creating connections using a whitelist (Auto connection procedure).
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix bug introduced by: 45da629b24
Mistakenly set the own address type to the destination address type.
Also this uses the RPA_OR_RANDOM in case local IRKs exists in the
controller.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The init addr should contain the on-air address used to establish the
connection. The dst address contains either the current RPA of the
unknown peer, or the identity address after identity information has
been exchanged.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Error codes are listed in header files and in the core spec as hex
values. Always print them in hex in debug for easier error code
checking.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The original creates a pointer to a compiler-generated temporary that is
destroyed when the scope is exited. The pointer is stored in a structure
defined in an enclosing scope and is invalid by the point it's used.
The fix holds the structure in a variable with the same lifetime as
the pointer.
Signed-off-by: Findlay Feng <i@fengch.me>
Set advertisers state flags so that previous advertise params does not
affect the current advertiser state.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Bluetooth address parsing has been duplicated across the different
sub-shell files. Also missing parsing of identity/resolved addresses.
Move parsing of string close to parsing to string for a symmetrical API
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Introduce a separate buffer pool for events which the HCI driver
considers discardable. Examples of such events could be e.g.
Advertising Reports. The benefit of having such a pool means that the
if there is a heavy inflow of such events it will not cause the
allocation for other critical events to block and may even eliminate
deadlocks in some cases.
Also update all mesh samples not to specify explicit RX buffer counts
anymore. Instead, create appropriate defaults in Kconfig so that we
only need to override this in the app for cases like the bbc:microbit
with limited memory.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
