Fix missing big_disconnect in hci_le_big_complete when the number of
BIS in the event is invalid.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Validate the big_handle before received from the controller before
using it as an array into the bigs array.
Discover by coverity: Insecure data handling (TAINTED_SCALAR)
Using tainted variable "big_handle" as an index into an array "bigs".
Cleanup state of BIG in pending or syncing state if it exists.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix parsing BIG handle which is just one octet as a two octet field,
which could have caused problems on big-endian systems.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Refactor the BIG initialized atomic handling to use bits instead of a
single atomic.
This allows for more bit flags to be added.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
In the file gatt.c, GAP service contains the Device Name
characteristic. If writable, authentication and authorization may
be defined by a higher layer specification.It means that GATT
clients can write to device name GAP characteristic without
bonding. So we add a configuration for writable name without
bonding.
Signed-off-by: Jun Huang <huangjun6@xiaomi.com>
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Adds a check for the BT_LE_FEAT_BIT_PER_ADV bit for each
function related to periodic advertising, including sync and
PAST transfer.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Fix undefined reference to bt_key_foreach when BT_LOG_SNIFFER_INFO has
been enabled but BT_SMP is not enabled.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
This adds bt_conn_iso function to safely access the struct bt_conn_iso
within a bt_conn.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Channel direction was actually a source of confusion since the spec does
actually define the data path direction from controller point of view
meaning input actually means transmit and output receive, also direction
can be configured with different QoS settings.
To make these APIs less confusing and allow QoS to be configured
independently they are now split into RX (receiving) and TX
(transmission) settings including its data path.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
CHECKIF is preferred as it handles full runtime error handling in
addition to just asserts.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This fixes bt_iso_cleanup when there are still channels bound to the
ACL connection.
On top of it introduce bt_iso_chan_unbind which can be used to unbind
channels and thus release the reference to the ACL connection if that
has not been disconnected in which case the channels are unbind
automatically.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
When the channel has just been bound but is not connected yet there is
no need to send any command over the air but the disconnected callback
shall still be called in order to notify the channel owner that it has
reached disconnected state.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
When initiating a disconnection conn_disconnect would be called to send
HCI_Disconnect but the controller may be quick enough to send Disconnect
Complete event before setting BT_CONN_DISCONNECT which will then cause
the invalid transition from BT_CONN_DISCONNECTED to BT_CONN_DISCONNECT
and the connection won't be freed properly.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
This fixes a regression introduced by 4350021f09 which prevents
references to be properly release when there is an ISO connection.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Fix regression is central only builds when CONFIG_BT_PRIVACY and/or
CONFIG_BT_EXT_ADV is enabled, or the functions bt_id_reset or
bt_id_delete is called from application.
This resulted in build error for undefined functions
bt_le_ext_adv_foreach and bt_le_adv_lookup_legacy since the definition
for these functions are now only compiled in when CONFIG_BT_BROADCASTER
has been enabled.
Regression from:
53cea4719d
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix CONFIG_BT_HCI_ACL_DATA_SIZE default value set to 0 when data length
feature in the controller is not enabled. In this case the default value
will be set to 0 which is outside of the range specified for the option.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add hci_driver.h to include files in id.c to ensure that prototype for
bt_read_static_addr is visible. This fixes builds that define
CONFIG_BT_CTLR but not CONFIG_BT_HCI_VS_EXT.
Signed-off-by: Wolfgang Puffitsch <wopu@demant.com>
The order of Destination CIDs shall correspond the order of Source CIDs
including its amount so errors that don't result in all connection being
refused shall not break the order of CIDs.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
For errors that means all connections have been refused there is no need
to add dcids since none will be valid.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
When receiving L2CAP_CREDIT_BASED_CONNECTION_REQ the remote may request
more channels than allowed so this checks if amount of channel surpasses
the maximum channels (5) and return an error.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Refactor out the BR/EDR handling from hci_core.c to its own source file
in br.c.
BR/EDR consists of inquiry and discovery roles in addition to
initialization. SSP is still kept separate.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Align the SSP HCI event handlers with the rest of the functions in using
the bt_ prefix. In order to avoid name conflict with the HCI struct
definitions the infix _evt_ has been dropped.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix compilation error with BR/EDR is enabled but the feature
CONFIG_BT_KEYS_OVERWRITE_OLDEST is disabled.
This caused compilation error because the field aging_counter is not
defined in the keys struct.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Refactor out the advertiser roles handling from hci_core.c to its own
source file in adv.c.
Advertising roles consists of legacy and extended advertiser, and
periodic advertiser.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Refactor out the scan roles handling from hci_core.c to its own source
file in scan.c.
Scan roles consists of regular scanning and synchronization to
periodic advertiser.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Don't include checks for advertiser is enabled when the broadcaster role
is not enabled. This makes it possible to have bt_le_ext_adv_foreach
be excluded from the compilation.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Refactor out the identity handling from hci_core to its own source file
in id.c
Identity consistes of managing the identities of the device, the privacy
feature which hides the identities. And handling of the identity
resolving list in the controller, needed to support privacy-enabled
remote devices.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Refactor the code so that bt_adv_lookup_legacy is always called after
the IS_ENABLED(CONFIG_BT_BROADCASTER) configuration has been checked and
the code path will be excluded.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Refactor command state state handling to one function.
When setting state outside of hci_core the cmd macro is not available,
so in order to assign the buf pointer to state the function is needed.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add the option CONFIG_BT_HCI_ACL_DATA_SIZE which allows the user
to configure the max HCI ACL data payload. This is needed for platorms
where the BLE LL, HCI uart and host run on three different cores.
Fixes: #30441
Signed-off-by: Johan Stridkvist <johan.stridkvist@nordicsemi.no>
Overwrite the existing bond when the IRK of the existing bond could not
resolve the RPA of the peer. This would happen if the peer has deleted
the bond and replaced the IRK that was used.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Refactor update_keys_check helper function to operate on input keys
input. This allows the function to be re-used on a keys structure that
is not the current connection keys.
This also avoids the helper function changing the connection state.
The conn->le.keys pointer should at this point always have been
assigned, as central when sending the pairing request, and as peripheral
when receiving the pairing request at the very latest.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Added initial support for BIS (broadcast ISO stream), which
adds support for creating BISes as both broadcaster and receiver,
as well as managing and creating BIGs.
Extends PA sync to handle BIGInfo adveritising reports.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Currently there is no way to distinguish between a caller
explicitly asking for a semaphore with a limit that
happens to be `UINT_MAX` and a semaphore that just
has a limit "as large as possible".
Add `K_SEM_MAX_LIMIT`, currently defined to `UINT_MAX`, and akin
to `K_FOREVER` versus just passing some very large wait time.
In addition, the `k_sem_*` APIs were type-confused, where
the internal data structure was `uint32_t`, but the APIs took
and returned `unsigned int`. This changes the underlying data
structure to also use `unsigned int`, as changing the APIs
would be a (potentially) breaking change.
These changes are backwards-compatible, but it is strongly suggested
to take a quick scan for `k_sem_init` and `K_SEM_DEFINE` calls with
`UINT_MAX` (or `UINT32_MAX`) and replace them with `K_SEM_MAX_LIMIT`
where appropriate.
Signed-off-by: James Harris <james.harris@intel.com>
Log the security keys that the sniffer needs in order to sucessfully
decrypt the connection.
This option allows the sniffer to work in the cases where enabling
using the SMP debug keys is not wanted, either because it changes the
way the peer behaves or is denied by the peer.
It also enables the sniffer to decrypt a connection where the bond
already exists.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Convert allowed_cmds to an array of atomic_t of size 1.
This makes it future proof in case more commands are added.
Possibly silences coverity false positives on array vs singleton usage.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Allow NULL pointer to be passed to bt_id_get function so
that only count can be fetched.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
There's a prompt to set the TX stack size, that's documented as an
advanced setting, but attempts to override it it are rejected unless
you add another setting that allows it to be change. Tell the user
how to make changes work.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Remove compilation warning caused by currently not used
hci_df_set_conn_cte_tx_param function.
Code is sorrounded by #ifdef CONFIG_BT_CTLR_DF_CONN_CTE_RSP.
The CONFIG_BT_CTLR_DF_CONN_CTE_RSP is changed to be disabled
by default (until complete implementation of the feature is
provided).
Signed-off-by: Piotr Pryga <piotr.pryga@nordicsemi.no>
We should verify that the buffer has sufficient data before attempting
to parse the SDU length field. If we get a too short packet just
disconnect the channel.
Fixes#32497
Signed-off-by: Johan Hedberg <johan.hedberg@intel.com>
Fix array overrun of client features bitset, where CF_BYTE_LAST was
incorrectly defined as 2 using module instead of divide.
Also fix additional bit-logic when number of bits would exceed a byte:
- Inner for loop iterates from 0 to number of bits on a single byte.
- Same bitmask used for all bytes.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
