The bt_le_ext_adv_info struct has been extended to also
contain the advertising and periodic advertising states.
Additionally, the function verifies the input to avoid
NULL pointer access, and the addr field is more
properly documented.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Core Specification 6.1 clarified exptected erro code in case peer
sending invalid Public Key. In case pairing is aborted during or
immediately after Public Key Exchange phase has completed (which is
the case here) expected reason code is set to "DHKey Check Failed".
This was affecting SM/CEN/KDU/BI-04-C and SM/PER/KDU/BI-04-C
qualification test cases.
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
The target variable is a `uint8_t`. It is not reasonable to pass a
value with `uint16_t` in little-endian format.
Remove `sys_cpu_to_le16`, and pass the value directly.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Updates the LE legacy pairing procedure as a result of errata ES-24491.
New part:
If the initiating device receives an LP_CONFIRM_R value that is equal to
the LP_CONFIRM_I value, the pairing process shall be aborted and fail
with "Confirm Value Failed" as reason.
Signed-off-by: Håvard Reierstad <haavard.reierstad@nordicsemi.no>
In the function `sdp_client_ss_search()` and
`sdp_client_ssa_search()`, the allocated buf is not released if the
required UUID is invalid.
Un-reference the allocated net buffer if the UUID is invalid.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The `session->param` should be updated to date whatever the function
`sdp_client_ssa_search()`, `sdp_client_sa_search()` or
`sdp_client_ss_search()` can be executed properly.
Update the `session->param` to the new `param` when executing the
function.
Fixes#91156
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
There is a potential issue that the index of ACL may out of the
bounds of the array `bt_hfp_hf_pool` if the array size is not aligned
with the array size of `acl_conns`.
To avoid the potential issue, check if the ACL conn index is less than
the array size of `bt_hfp_hf_pool` before accessing the array
`bt_hfp_hf_pool` with ACL conn index.
Fixes#91172
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
When there are br connections connected, find_key_in_use call
bt_conn_get_dst to get br connection's dst and bt_conn_get_dst return NULL,
then bt_keys_find_addr aseert because addr is NULL.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
- Remove memset on bt_l2cap_br_chan during SDP
disconnect to prevent overwriting resources
(e.g., rtx_work) still in use by L2CAP,
which handles channel cleanup itself.
- Delete unused partial_resp_queue to clean up code.
Signed-off-by: ZhongYao Luo <LuoZhongYao@gmail.com>
If the received data length is less than 2 in none basic mode, the
L2CAP channel connection will be dropped.
Only check the received data length if the `SAR` is
`BT_L2CAP_CONTROL_SAR_START`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Support zero-length SDU sending if the L2CAP channel connection is not
in basic mode.
Flag the zero-length SDU buffer and clear it if it has been processed.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
If the controller resolving list is cleared by HCI_LE_Clear_Resolving_List,
don't need to enable the controller address resolution.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
Handle the ECHO request/response of classic L2CAP signaling packets.
Add the functions `bt_l2cap_br_echo_cb_register()` and
`bt_l2cap_br_echo_cb_unregister()` to register/unregister the ECHO
callbacks to monitor the ECHO REQ and RSP.
Add the function `bt_l2cap_br_echo_req()` to send the ECHO REQ through
classic L2CAP signaling channel.
Add the function `bt_l2cap_br_echo_rsp()` to reply the ECHO REQ
through the classic L2CAP signaling channel.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Disconnect the L2CAP channel connection if the proposed MTU is less
than min MTU or more than local supported MTU.
The main scenes are as follows.
If the proposed MTU is less than MIN MTU.
1. The channel connection of client and server is established,
2. Client/server sends channel config REQ (MTU=50),
3. Peer replies channel config RQP (Unaccepted/success with MTU=30),
4. The client/server will repeat step 3~4 if the RSP is unacceptable.
With the change applied, the local will disconnect the L2CAP channel
connection in step 3.
If the proposed MTU is more than local supported MTU.
1. The channel connection of client and server is established,
2. Client/server sends channel config REQ (MTU=50),
3. Peer replies channel config RQP (Unaccepted/success with MTU=80),
4. The client/server will repeat step 3~4 if the RSP is unacceptable.
With the change applied, the local will disconnect the L2CAP channel
connection in step 3.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Change the callback `get_ongoing_call()` of the AG from synchronous to
asynchronous mode. It will help to avoid the Bluetooth host stack be
blocked in the context of callback `get_ongoing_call()`.
Add a function `bt_hfp_ag_ongoing_calls()` to set the ongoing calls and
reply the AT command `AT+CIND?` after the callback `get_ongoing_call()`
has been notified.
Add a delayable worker to avoid the AT command `AT+CIND?` never being
replied. After the time exceeds
@kconfig{CONFIG_BT_HFP_AG_GET_ONGOING_CALL_TIMEOUT}, the response of
the AT command `AT+CIND?` will be replied.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
If the any value of Call, Call Setup, and Held Call indicators is not
zero in the response of `AT+CIND?`, get all calls via `AT+CLCC`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
For read-only access to fields, `lock/unlock` is unnecessary.
Remove unnecessary `lock/unlock` protection for read-only access
fields of AG.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Support the case that there are some calls existed before SLC
established.
Add a callback to get the ongoing calls one by one from upper layer
when the response of the AT command `AT+CIND=?` from HF has been sent.
And set the Call, Call Setup, and Held Call indicators and report the
values int the response of AT command `AT+CIND?`. Then report all
ongoing calls in the `+CLCC` response.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The LTK cannot be derived by LK when LK is not weaker than the old LTK.
Improve the function `smp_br_pairing_allowed()` to avoid the LTK be
overwrote when old LTK has MITM protection but new LK has not MITM
protection.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
LE and BR connection have already been established, after that, LE
disconnection occurs, BR connection will not be selected as the next
default connection.
Fix this issue by searching for both BR and LE after disconnection
occurs.
Signed-off-by: Can Wang <can.wang@nxp.com>
Host stack supports to set BR security level to 4 but the security level
cannot be set to 4 by the shell command.
Update the code to support BR security level 4.
Signed-off-by: Can Wang <can.wang@nxp.com>
Recent test specification added additional test for validating
invalid packet sizes on L2CAP signaling channel. IUT is allowed
to either disconnect link, ignore packet, reject packet or
issue a warning to upper tester if other action is taken.
To keep things in line with previous check for too small size
simply ignore fixed size packets of invalid length.
This was affecting L2CAP/COS/CED/BI-11-C qualification test.
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
When execute `bt connections`, only the peer device address of selected
LE connection is flagged with `*`.
Improve the command `bt connections` to support BR connections.
Regardless of the connection type, `*` will be shown to indicate the
peer address of the current connection if the peer device address is
the peer address of selected connection.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The CR bit in DISC frames should be set as a command rather than a
response.
This patch fixes the rfcomm_send_disc function to correctly use
BT_RFCOMM_CMD_CR instead of BT_RFCOMM_RESP_CR when setting the CR bit in
the address field of DISC frames.
Signed-off-by: Jiawei Yang <jiawei.yang_1@nxp.com>
Use the macro NSEC_PER_SEC defined in sys_clock.h for nanoseconds per
second when updating write stats.
Signed-off-by: Alex Apostolu <apostolu240@gmail.com>
In current implementation, if the MITM flag of both sides is disabled,
the pairing method is incorrect.
Such as, the IOCAP of both sides is `display_yesorno`, the pairing
method is `PASSKEY_CONFIRM`. But actually, it should be `JUST_WORKS`
in this case.
Fix the issue by setting the pairing method to `JUST_WORKS` if the
MITM flag of both sides is false.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
This commit prevents ATT request APIs from blocking waiting on the
req_slab pool on the system work queue. The API will instead return
-ENOMEM.
This aligns with commit 05b16b971b, which
establishes that the GATT request APIs are non-blocking on the system
work queue. That commit makes GATT request APIs fail with -ENOMEM when
they fail to allocate a buffer for the ATT PDU on the system work queue.
There is no reason to make this distinction between the two resources,
and this makes the API more consistent.
Signed-off-by: Aleksander Wasaznik <aleksander.wasaznik@nordicsemi.no>
After https://github.com/zephyrproject-rtos/zephyr/pull/72090,
`conn_tx_alloc` no longer blocks, and each buffer always has a
corresponding `bt_conn_tx` object. This eliminates the need to configure
the number of `bt_conn_tx` objects via `CONFIG_BT_CONN_TX_MAX`, since
every buffer now carries its own context even when no callback is used.
This commit deprecates `CONFIG_BT_CONN_TX_MAX` as it is no longer
necessary. Instead, `CONFIG_BT_BUF_ACL_TX_COUNT` is used to allocate
`bt_conn_tx` objects for outgoing ACL data. ZLL already uses
`CONFIG_BT_BUF_ACL_TX_COUNT` to configure the number of outgoing ACL
packets. With this change, modifying the packet count will automatically
adjust the number of corresponding contexts, preventing both context
starvatoin and underutilization.
This approach also aligns with ISO, where the number of `bt_conn_tx`
objects for outgoing ISOdata matches `CONFIG_BT_ISO_TX_BUF_COUNT`.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
After https://github.com/zephyrproject-rtos/zephyr/pull/72090, each
packet to be sent (wether ACL or ISO data) has a corresponding
`bt_conn_tx` object, regardless of whether a callback is used.
This means that number of packets Host can send to Controller is limited
by the smaller of two values: ACL/ISO packets Controller can receive,
and the number of `bt_conn_tx` objects allocated by Host.
A mismatch between these numbers may lead to inefficient resource usage
on either Host or Controller side. If Host allocates fewer `bt_conn_tx`
objects than the number of buffers available on Controller for a given
data type, some Controller buffers may go unused. Conversely, if Host
allocates more `bt_conn_tx` objects than Controller can consume, the
excess objects remain unused.
This commit adds a check and issues a warning if the number of
`bt_conn_tx` objects is not aligned with the number of ACL/ISO buffers
reported by Controller via the LE Read Buffer Size v1 or v2 command.
Signed-off-by: Pavel Vasilyev <pavel.vasilyev@nordicsemi.no>
The building of cs.c based on the respective Kconfig option is already
taken care of CMakeLists.txt, so it's redundant to try to protect the code
through ifdefs in the c-file as well.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
Add a prompt to the long workqueue stack size, so that it can be easily
fine-tuned by the application. The exact usage will depend on many factors,
such as the chosen crypto backend and target architecture, so it's not
possible to have "one size fits all" solutions based on the default values.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
PSA Crypto API always allow psa_generate_random() to be called (i.e. there
is no PSA_WANT_xxx symbol that can be used to disable it). How random
numbers are generated internally is a library internal detail, but the
end user (Bluetooth) does not need to worry about this.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
With BT_SETTINGS enabled, there doesn't seem to (anymore?) be any
substantial overhead in stack consumption:
0x200020b8 BT RX WQ
options: 0x0, priority: -8 timeout: -9223372036854775808
state: pending, entry: 0x5ba69
stack size 2240, unused 1072, usage 1168 / 2240 (52 %)
Let's just remove the conditional default and fall back to the
non-conditional one which is 1200.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
There was a semaphore in hci_core which was given to early when
receiving the BT_HCI_EVT_NUM_COMPLETED_PACKETS message from the
controller. This would sometimes cause an assert to happen in
function hci_num_completed_packets, where there would arise a
mismatch in the bookkept count, and actually stored nodes. More
concretely, due to premature semaphore giveing, the tx_pending node
would be have been removed in another context before it could be
fetched and moved to complete list in this function.
Signed-off-by: Fredrik Danebjer <frdn@demant.com>
When the L2CAP channel connection is in none basic mode, the
`seg_recv` cannot work properly if the configuration
`CONFIG_BT_L2CAP_SEG_RECV` is enabled. And the L2CAP channel
connection will be broken incorrectly.
Check whether the received data len exceeds the SDU length if the
`SAR` is `BT_L2CAP_CONTROL_SAR_END` or `BT_L2CAP_CONTROL_SAR_CONTI`.
And check whether the SDU length is valid if the `SAR` is
`BT_L2CAP_CONTROL_SAR_UNSEG` or `BT_L2CAP_CONTROL_SAR_START`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The response L2CAP_COMMAND_REJECT_RSP(BT_L2CAP_REJ_NOT_UNDERSTOOD)
should be replied if the received L2CAP command is a invalid L2CAP
signaling command packets with extra data in the Information Payload.
Send L2CAP_COMMAND_REJECT_RSP(BT_L2CAP_REJ_NOT_UNDERSTOOD) if it a
small L2CAP signaling PDU or it has short length.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The bt_recv() and bt_recv_prio() APIs don't exist anymore, so remove any
references to them from the Kconfig help texts.
Signed-off-by: Johan Hedberg <johan.hedberg@silabs.com>
The parameter length for this command was missing the additional
length from the arrayed parameters.
Signed-off-by: Olivier Lesage <olivier.lesage@nordicsemi.no>
