Updates the LE legacy pairing procedure as a result of errata ES-24491.
New part:
If the initiating device receives an LP_CONFIRM_R value that is equal to
the LP_CONFIRM_I value, the pairing process shall be aborted and fail
with "Confirm Value Failed" as reason.
Signed-off-by: Håvard Reierstad <haavard.reierstad@nordicsemi.no>
In the function `sdp_client_ss_search()` and
`sdp_client_ssa_search()`, the allocated buf is not released if the
required UUID is invalid.
Un-reference the allocated net buffer if the UUID is invalid.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Made a few complex functions simpler
Added missing default cases in switches
Fixes a bad cast that removed const
Moved loop iterators to inner loop
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Fixes a few bad casts that ignored const
Add a few missing final else statement
Refactored aics_discover_func to be less complex by
moving some parts of it into a new function.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
The `session->param` should be updated to date whatever the function
`sdp_client_ssa_search()`, `sdp_client_sa_search()` or
`sdp_client_ss_search()` can be executed properly.
Update the `session->param` to the new `param` when executing the
function.
Fixes#91156
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
There is a potential issue that the index of ACL may out of the
bounds of the array `bt_hfp_hf_pool` if the array size is not aligned
with the array size of `acl_conns`.
To avoid the potential issue, check if the ACL conn index is less than
the array size of `bt_hfp_hf_pool` before accessing the array
`bt_hfp_hf_pool` with ACL conn index.
Fixes#91172
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
When there are br connections connected, find_key_in_use call
bt_conn_get_dst to get br connection's dst and bt_conn_get_dst return NULL,
then bt_keys_find_addr aseert because addr is NULL.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
- Remove memset on bt_l2cap_br_chan during SDP
disconnect to prevent overwriting resources
(e.g., rtx_work) still in use by L2CAP,
which handles channel cleanup itself.
- Delete unused partial_resp_queue to clean up code.
Signed-off-by: ZhongYao Luo <LuoZhongYao@gmail.com>
If the received data length is less than 2 in none basic mode, the
L2CAP channel connection will be dropped.
Only check the received data length if the `SAR` is
`BT_L2CAP_CONTROL_SAR_START`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Support zero-length SDU sending if the L2CAP channel connection is not
in basic mode.
Flag the zero-length SDU buffer and clear it if it has been processed.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Commit changes BT_MESH_DFU_FWID_MAXLEN option to be
compliant with BLE Mesh specification.
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
If the controller resolving list is cleared by HCI_LE_Clear_Resolving_List,
don't need to enable the controller address resolution.
Signed-off-by: Mark Wang <yichang.wang@nxp.com>
Handle the ECHO request/response of classic L2CAP signaling packets.
Add the functions `bt_l2cap_br_echo_cb_register()` and
`bt_l2cap_br_echo_cb_unregister()` to register/unregister the ECHO
callbacks to monitor the ECHO REQ and RSP.
Add the function `bt_l2cap_br_echo_req()` to send the ECHO REQ through
classic L2CAP signaling channel.
Add the function `bt_l2cap_br_echo_rsp()` to reply the ECHO REQ
through the classic L2CAP signaling channel.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Disconnect the L2CAP channel connection if the proposed MTU is less
than min MTU or more than local supported MTU.
The main scenes are as follows.
If the proposed MTU is less than MIN MTU.
1. The channel connection of client and server is established,
2. Client/server sends channel config REQ (MTU=50),
3. Peer replies channel config RQP (Unaccepted/success with MTU=30),
4. The client/server will repeat step 3~4 if the RSP is unacceptable.
With the change applied, the local will disconnect the L2CAP channel
connection in step 3.
If the proposed MTU is more than local supported MTU.
1. The channel connection of client and server is established,
2. Client/server sends channel config REQ (MTU=50),
3. Peer replies channel config RQP (Unaccepted/success with MTU=80),
4. The client/server will repeat step 3~4 if the RSP is unacceptable.
With the change applied, the local will disconnect the L2CAP channel
connection in step 3.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Change the callback `get_ongoing_call()` of the AG from synchronous to
asynchronous mode. It will help to avoid the Bluetooth host stack be
blocked in the context of callback `get_ongoing_call()`.
Add a function `bt_hfp_ag_ongoing_calls()` to set the ongoing calls and
reply the AT command `AT+CIND?` after the callback `get_ongoing_call()`
has been notified.
Add a delayable worker to avoid the AT command `AT+CIND?` never being
replied. After the time exceeds
@kconfig{CONFIG_BT_HFP_AG_GET_ONGOING_CALL_TIMEOUT}, the response of
the AT command `AT+CIND?` will be replied.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
If the any value of Call, Call Setup, and Held Call indicators is not
zero in the response of `AT+CIND?`, get all calls via `AT+CLCC`.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
For read-only access to fields, `lock/unlock` is unnecessary.
Remove unnecessary `lock/unlock` protection for read-only access
fields of AG.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
Support the case that there are some calls existed before SLC
established.
Add a callback to get the ongoing calls one by one from upper layer
when the response of the AT command `AT+CIND=?` from HF has been sent.
And set the Call, Call Setup, and Held Call indicators and report the
values int the response of AT command `AT+CIND?`. Then report all
ongoing calls in the `+CLCC` response.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The LTK cannot be derived by LK when LK is not weaker than the old LTK.
Improve the function `smp_br_pairing_allowed()` to avoid the LTK be
overwrote when old LTK has MITM protection but new LK has not MITM
protection.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
LE and BR connection have already been established, after that, LE
disconnection occurs, BR connection will not be selected as the next
default connection.
Fix this issue by searching for both BR and LE after disconnection
occurs.
Signed-off-by: Can Wang <can.wang@nxp.com>
Host stack supports to set BR security level to 4 but the security level
cannot be set to 4 by the shell command.
Update the code to support BR security level 4.
Signed-off-by: Can Wang <can.wang@nxp.com>
Add ll_conn_get() return value check for valid connection
context.
Build command:
cmake -GNinja -DBOARD=nrf52833dk/nrf52833
-DEXTRA_CONF_FILE=overlay-all-bt_ll_sw_split.conf
-DDTC_OVERLAY_FILE=boards/nrf52833dk_nrf52833_df.overlay
-DSNIPPET="bt-ll-sw-split" ../../samples/bluetooth/hci_uart
ninja
Before:
Memory region Used Size Region Size %age Used
FLASH: 283716 B 512 KB 54.11%
RAM: 109752 B 128 KB 83.73%
IDT_LIST: 0 GB 32 KB 0.00%
After:
Memory region Used Size Region Size %age Used
FLASH: 284992 B 512 KB 54.36%
RAM: 109752 B 128 KB 83.73%
IDT_LIST: 0 GB 32 KB 0.00%
After (use of `conn != NULL`):
Memory region Used Size Region Size %age Used
FLASH: 285044 B 512 KB 54.37%
RAM: 109752 B 128 KB 83.73%
IDT_LIST: 0 GB 32 KB 0.00%
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix missing connection handle invalidate on Controller
power up.
The connection context are zero-initialized on startup and
calls to `ll_connected_get()` would incorrectly return a
valid connection context pointer for connection handle 0.
Relates to commit fa02dc4d02 ("Bluetooth: Controller: Fix
missing reset of connection handle").
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Recent test specification added additional test for validating
invalid packet sizes on L2CAP signaling channel. IUT is allowed
to either disconnect link, ignore packet, reject packet or
issue a warning to upper tester if other action is taken.
To keep things in line with previous check for too small size
simply ignore fixed size packets of invalid length.
This was affecting L2CAP/COS/CED/BI-11-C qualification test.
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
The bt_csip_set_member_register kept a counter that was not
decreased when bt_csip_set_member_unregister was called.
This meant that we could register and unregister CSIS,
but we could not re-register once it had been unregistered.
This commit fixes this by removing the counter and instead
rely on the service instance state, which also requires restoring
the original service definition, as well as adding a test that would
have failed with the previous version.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Based on a dicussion on the Bluetooth SIG GAWG reflector, it is
not allowed for a broadcast assistant to request specific BIS
indexes as well as BT_BAP_BIS_SYNC_NO_PREF in the same
request.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
Based on a dicussion on the Bluetooth SIG GAWG reflector, it is
not allowed for a broadcast assistant to request specific BIS
indexes as well as BT_BAP_BIS_SYNC_NO_PREF in the same
request.
Signed-off-by: Emil Gydesen <emil.gydesen@nordicsemi.no>
When execute `bt connections`, only the peer device address of selected
LE connection is flagged with `*`.
Improve the command `bt connections` to support BR connections.
Regardless of the connection type, `*` will be shown to indicate the
peer address of the current connection if the peer device address is
the peer address of selected connection.
Signed-off-by: Lyle Zhu <lyle.zhu@nxp.com>
The CR bit in DISC frames should be set as a command rather than a
response.
This patch fixes the rfcomm_send_disc function to correctly use
BT_RFCOMM_CMD_CR instead of BT_RFCOMM_RESP_CR when setting the CR bit in
the address field of DISC frames.
Signed-off-by: Jiawei Yang <jiawei.yang_1@nxp.com>
Commit fixes bug when advertisements were disabled and stopped
during suspending without unreferencing allocated advertisements.
Signed-off-by: Aleksandr Khromykh <aleksandr.khromykh@nordicsemi.no>
Previously, the interval was only checked for non-zero. Now it is
validated to be within the allowed range (BT_HCI_LE_INTERVAL_MIN
to BT_HCI_LE_INTERVAL_MAX) to avoid invalid values.
Signed-off-by: Babak Arisian <bbaa@demant.com>
Fix assertion observed establishing subsequent Peripheral
ISO connection due to a race between the new CIS context
being acquired into a CIG and LLL getting a CIS sorted by
CIS offset in that CIG. Get only active CISes from the CIG
in the LLL prepare.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix max tx octets value used as given to the Host by the
LE Read Buffer Size command response.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Fix missing removal of redundant ISO Rx size in ACL Rx PDU
allocation size.
Related to commit 7c89f1fe9f ("Bluetooth: controller:
Support for separate ISO RX data path").
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
BASS server need to notify that both BIS and PA are no longer synced by
setting all required fields to 0 after client stops BIS by sending a
BIG control PDU with a BIG TERMINATED indication.
meanwhile BIG_Encryption in the notification should also be reset to be
BT_BAP_BIG_ENC_STATE_NO_ENC when BIS is not synced anymore.
Signed-off-by: Ping Wang <pinw@demant.com>
Fix missing nRF CCM disable on connection event abort.
There can be a problem on nRF SoC for example when a S8
"encrypted" reception is aborted, and a 2M "cleartext"
reception starts; slow CCM (that is not stopped as part of
radio disable) will corrupt a fast received "cleartext" when
the same current free rx buffer is reused in the Controller.
This is not a problem when the connection being abort-ee is
on a faster PHY than the abort-er.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
Use the macro NSEC_PER_SEC defined in sys_clock.h for nanoseconds per
second when updating write stats.
Signed-off-by: Alex Apostolu <apostolu240@gmail.com>
