The HCI transport implemented by an application using the HCI raw
interface may have its own buffer headroom requirements. Currently the
available headroom gets completely determined by the selected HCI
driver. E.g. most of the time this is the native controller driver
which doesn't reserve any headroom at all.
To cover for the needs of HCI raw users, add a new Kconfig variable
for the apps to set to whatever they need. Correspondingly, use the
maximum of the HCI driver and HCI raw headroom requirements for the
buffer pool definitions and the headroom initializations.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Key overwrite feature allows to overwrite old pairing key
records when key storage is full and a new pairing request occurs,
or new keys are distributed. If enabled when key storage is full and
a keys storage slot is requested, the oldest keys added will be
removed. So new devices can be paired with no limitations and no need
to determine, which devices should be unpaired to free key storage
space explicitly in application. To enable the feature set
CONFIG_BT_KEYS_OVERWRITE_OLDEST=y.
Oldest keys are determined by minimum value of up-counting aging
counter. If you set CONFIG_BT_KEYS_SAVE_AGING_COUNTER_ON_PAIRING=y
aging counter values will be updated each time the secure connection
is established. This might increase flash wear out if at least two
secure connections are established and shut down periodically. When
the option disabled aging counter is still updated on each new secure
connection, but not stored to flash.
Signed-off-by: Sergiy Nikolayenko <sergiy_nikolayenko@jabil.com>
Fix compilation issue when wanting to use whitelist in bluetooth
applications that does not have CONFIG_BT_CENTRAL defined.
These functions are useful even for broadcaster and observer roles.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Move initiating security functionality and LTK requesting into the SMP
module so that SMP can track when the connection is in the encryption
process
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This moves check_perm code under GAT and make use of it to check if CCC
write permission can be attended by the connection security level or if
it needs to be increased.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This makes the identity initialization consistent and actually catches
a few branches where it may not have properly happened.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Make it possible to initiate new connections from within the
disconnect callback. This wasn't completely trivial since there was
connection cleanup done through deferred action using the CONN_CLEANUP
flag.
This patch moves the disconnected callbacks to be run after all
cleanup is done. We can't directly do this in the TX thread, since
that's internal, so we instead take advantage of the deferred work
support and do it using the update_work callback. Since the same
cleanup is needed also for BR/EDR connections the work definition is
moved from the LE-specific struct to the generic struct bt_conn.
A valid bt_conn object in disconnected state is a likely indication of
a connection reference leak, so there's a new BT_WARN() for this case
in bt_conn_create_le().
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Add iterator function to iterate over all connection objects.
Make type a bitmap so that it can be used as a bitmask to select which
conns to receive foreach callback.
Use foreach function internally where possible.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
SMP shall be considered internal TX notify callbacks so they are
allowed to be run from TX thread context like the others.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This adds bt_conn_create_pdu_timeout function which can be used
to provide a timeout when allocating a buffer.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Rename AUTHENTICATION, to AUTH, since this is a well established short
form of the word.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Rename bt_conn_security to bt_conn_set_security, this makes the API
naming more consistent.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Rename security level enum, using level and number instead of low,
medium, high and fips.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add option to force the host to initiate pairing procedure even if the
host has encryption keys for the peer.
This option can be used to pair with a bonded peer that has deleted its
bonding information without deleting the keys. If new pairing results
in weaker keys the pairing will be aborted.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add security error to security_changed callback. Call this callback when
security has failed and provide current security level and error.
Reason for failure can be.
- Pairing procedure failed, pairing aborted before link encryption.
- Link encrypt procedure failed
- Link key refresh procedure failed.
Fix missing bt_conn_unref on encryption key refresh with error status.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Proved the Authentication callback for pairing failed and pairing
complete when BR/EDR SSP is complete.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix missing interval min copy in bt_conn_set_param_le. Application is
unable to override BT_GAP_INIT_CONN_INT_MIN for interval_min.
Fixes: #17789
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This is safer now that bt_conn_create_pdu can return NULL when using
syswq which can prevent things like signalling of L2CAP and ATT layers.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Since TX complete notification are dispatched with syswq blocking on it
can completely deadlock Bluetooth so this attempt to make it safe by
return -ENOMEM if that the current thread happens to be the syswq
thread.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Add whitelist support in the bluetooth host.
Supported features:
- Advertising with whitelist on scan requests, connect request ,or both
- Scanning with whitelist
- Creating connections using a whitelist (Auto connection procedure).
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Use the src and dst naming to refer to the identity addresses of the
connection. Keep the device addresses used during connections but rename
them to local and remote instead.
Update documentation to be more descriptive.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The init addr should contain the on-air address used to establish the
connection. The dst address contains either the current RPA of the
unknown peer, or the identity address after identity information has
been exchanged.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
The call to bt_conn_security will send a SMP security request for
peripheral, and for central it will initiate LL encryption.
A call to bt_conn_security with no IO capabilities but authenticated
keys has been distributed, would succeed on central side, but fail on
peripheral side with error code -22.
The keys could have been either:
- Preprogrammed
- IO capabilities may have changed.
- OOB bonding may been used.
Fix so that Peripheral can send a security request if the bond
information is already established.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
move misc/stack.h to debug/stack.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/util.h to sys/util.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/slist.h to sys/slist.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/byteorder.h to sys/byteorder.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/__assert.h to sys/__assert.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move atomic.h to sys/atomic.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This makes it safe to allocate buffer from the TX callback by freeing
the context before calling the callback which should wake up the TX
thread had it be pending on add_pending_tx.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This makes the transmission complete callbacks to run on system wq
context so they are not executed in TX thread which usually has a much
smaller, and non-configurable, stack size.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This allows setting a custom pointer to be passed back to the complete
callback at expense of increasing the buffers in 4 bytes.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
bt_gatt_connected should be only called, when there is no
connection error. Change fixes problem with receiving notifications
before connection.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
Several public APIs were not checking the BT_DEV_READY flag, which
could lead to hard-to-debug behavior, particularly when the stack
lacks an identity address. Add the appropriate checks to these APIs.
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Changed the order of Bluetooth callbacks. Now the connected callback is
received before CCC changed callbacks.
Signed-off-by: Kamil Piszczek <Kamil.Piszczek@nordicsemi.no>
There are issues using lowercase min and max macros when compiling a C++
application with a third-party toolchain such as GNU ARM Embedded when
using some STL headers i.e. <chrono>.
This is because there are actual C++ functions called min and max
defined in some of the STL headers and these macros interfere with them.
By changing the macros to UPPERCASE, which is consistent with almost all
other pre-processor macros this naming conflict is avoided.
All files that use these macros have been updated.
Signed-off-by: Carlos Stuart <carlosstuart1970@gmail.com>
There is not an easy way to relate an application's user_data to a
connection. One way is to save a pointer to bt_conn in the
application's user_data array upon connection establishment.
Each connection related callback function will have to loop for all
user_data and compare the saved pointer to the passed bt_conn
pointer. This is inefficient if there are many callback activations
during the connection.
This change makes the internal bt_conn mapping function accessible to
applications in conn.h. The function name is changed to
bt_conn_index() to clearly indicate that the function returns an
index of an array.
Add an ASSERT to catch illegal parameter.
Signed-off-by: Kim Sekkelund <ksek@oticon.com>
If master or application decided to switch connection parameters to
ones that meet pending parameters don't bother sending request
after 5 seconds timeout.
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Fallback to L2CAP Connection Parameters Update Request if LL Connection
Update Request was rejected by remote device that has this marked as
supported in features. This can happen if procedure is supported only
by remote controller, but not enabled by host. This is connection
parameters update with iOS devices.
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
k_poll_signal was being used by both, struct and function. Besides
this being extremely error prone it is also a MISRA-C violation.
Changing the function to contain a verb, since it performs an action
and the struct will be a noun. This pattern must be formalized and
followed and across the project.
MISRA-C rules 5.7 and 5.9
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
In Bluetooth 5 the definition of LE security mode 1, has changed.
LE Security Mode 1 level 4 requires authenticated LE Secure Connections
pairing with encryption using a 128-bit strength encryption key.
This also changes the behaviour when a security request and response
would end up with a security level that is lower than the one requested.
Before pairing would complete, and the link would disconnect with error
authentication failure. Instead a SMP will abort pairing with error code
authentication requirement, or encryption key size.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Mkae sure that variable pointed by params is valid when passing it
as function argument.
Fixes#10587
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
This commit adds missed const modifier for addr pointer for
bt_le_set_auto_conn function
Signed-off-by: Radoslaw Koppel <radoslaw.koppel@nordicsemi.no>
