If the network driver for some reason did not set the data in
the network packet properly, then just drop it as we cannot do
anything with just plain net_pkt.
Fixes#28131
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If hannel don't have alloc_buf and the RX MTU is configured to require
segmentation this warn the user and truncate the RX MTU.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
In case where ull_adv::disable() is disallowed, disable_mark is
erroneously re-mark instead of un-marked
Signed-off-by: Erik Brockhoff <erbr@oticon.com>
If there is no handler for IPv4 broadcast packet, then ignore it
instead of trying to send an ARP message to resolve the senders
address.
Fixes#21016
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Accourding to the spec the CCC descriptor may occur in any position
within the characteristic definition after the Characteristic Value.
Fixes#28324
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Fix for handling REJECT_IND PDU received for PHY Update,
Connection Parameter Request and Data Length Update control
procedures.
If a link layer control procedure collision occurs, example
with local initiated PHY Update Procedure, and peer sends a
REJECT_IND PDU, then the PHY Update Procedure is stalled.
Fixes#28282.
Signed-off-by: Vinayak Kariappa Chettimada <vich@nordicsemi.no>
According Mesh Profile Spec 5.4.2.4 Authentication, if device
use Input OOB Authentication method, should send input complete
pub after local public key has been acked.
`bt_mesh_input_string` or `bt_mesh_input_number` directly send
`input_complete`, however does not check whether the pub key has
been sent.
Mesh Provisioning timeout set to `60` seconds, so even this
probability is extremely low, it does not mean that there is no
such probability.
Signed-off-by: Lingao Meng <mengabc1086@gmail.com>
Fix bug in device name shortening handling leading to memory
corruption.
This is triggered by an underflow in the length field of the shortened
name when set_data_len + 2 > set_data_len_max.
Fixes: #27693
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Ignore error when failing to set the passive scanner private address.
This can happen because in between the time we checked if the
advertiser was enabled and the time we execute the set random address
command the state of the advertiser could have changed in the
controller, and we only set the state once the command has completed
in the controller.
Fixes: #25672
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix not setting NRPA before starting scanner.
Occurs with BT_PRIVACY=n and BT_EXT_ADV=y
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
We need to have timer that closes the connection for good if
we do not get the FIN and ACK reponse from the peer.
If there is any pending data when application does close(),
send them before sending FIN.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If there is some error during connection creation, just bail
out in order to avoid null pointer access.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we try to send data but the sending window is full, then
try to kick the resend of the pending data.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If there is no space in the sending window, then return -EAGAIN
so that the caller may try later.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
We should have a max value for sending window so that application
is not able to use all our net_bufs for queueing packets.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
The socket layer expects to receive -ENOBUFS if we do not have
any network buffers so cannot build a network message to be sent.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If there is an error, the net_context.c:context_sendto() will
free the net_pkt, so we must not do it here.
This commit fixes this error message:
<err> net_pkt: *** ERROR *** pkt 0x20421908 is freed already
(context_sendto():1672)
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Usually the out-of-memory situation will clear itself eventually,
so if that happens in TCP, then keep the connection running and
let the user to decide what to do next.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
If we run out of network buffers and cannot send data, and if
we have a blocking socket, then wait until new buffers are
available before returning. As this might lead to deadlock,
wait only max 10 seconds and return ENOMEM if we cannot get
buffers in a reasonable amount of time.
Fixes#28216
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Instead of hardcoded value of 3, use the value from Kconfig file
so that user can tweak the TCP retry count.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Use SYS_SLIST_FOR_EACH_CONTAINER_SAFE() macro when searching
the connection list so that we notice if new entries are added
or removed in the list.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Instead of forcing the slist node to be first in the tcp struct,
use the pointer to node when accessing the slist. This way we
can change the ordering of fields in tcp struct.
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Re-structures the `bt_conn_recv()` to support more generic appending of
new ACL data. This also handles the possibility of receiving 0-length
ACL_START and ACL_CONT fragments, whilst maintaining existing
error-checking functionality.
Signed-off-by: Thomas Stenersen <thomas.stenersen@nordicsemi.no>
Fixes issue #26900.
A controller may fragment an L2CAP SDUs in any way it sees fit,
including fragmenting the L2CAP header. Likewise, the receiving
controller may send the fragmented header as ACL data to the host.
The Zephyr host assumed that a `BT_ACL_START` was at least 2 bytes long,
and consequently read the two-byte length field from the buffer without
length checks.
This commit allows the `BT_ACL_START` to be less than two bytes,
updating the `conn->rx_len` onces the `BT_ACL_CONT` with the remaining
part of the length field has been received.
Signed-off-by: Thomas Stenersen <thomas.stenersen@nordicsemi.no>
Fix Kconfig dependencies for enabling the controller PHY options
for LE 2M Phy and LE Coded Phy. These options should be selectable
without connections enabled when extended advertising has been enabled.
The issue affects out-of-tree controllers that wish to use the
BT_CTLR_PHY_CODED and BT_CTLR_PHY_2M options.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Select the controller feature support for data length and LE 2M PHY
based on the SoC hardware capabilities instead of relying on SoC
family.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
osdp_build_ctx() was returning fixed NULL and the subsequent code did
not check if ctx was NULL due to osdp_build_ctx() failures. Fix both
these issues.
Signed-off-by: Siddharth Chandrasekaran <siddharth@embedjournal.com>
When attempting to bind a channel if it fails the code will attempt to
cleanup calling bt_iso_cleanup which expects connections of
BT_CONN_TYPE_ISO.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
ISO connection does not initialize its tx_complete_work nor it uses for
anything so calling into tx_notify will likely cause a crash.
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Commit 770f232a67 removes an array
termination from the shell_make_argv function. This function was
called from two functions: execute and tab_handle. In the mentioned
commit termination was added only in the execute function.
As a result calling tab_handle function was causing a segmentation
fault. This fix adds array termination to the tab_handle function.
Fixes#28434
Signed-off-by: Jakub Rzeszutko <jakub.rzeszutko@nordisemi.no>
Change so that the caller of lwm2m_init_message is
responsible for generating a message id and remove message id generation
from lwm2m_init_message. Prevents generating a new id when the caller's
intent is to init a message with id 0.
Fixes#28283
Signed-off-by: Pascal Brogle <pascal.brogle@husqvarnagroup.com>
message id 0 and token 0 have special semantics in the lwm2m engine,
they are used to request generation of new id, mark them as such.
Signed-off-by: Pascal Brogle <pascal.brogle@husqvarnagroup.com>
Now that CONFIG_BT_CTLR_RX_PRIO_STACK_SIZE defines a stack size, allow
for it to be configurable from a .conf file just like the rest of the
threads in Bluetooth.
Fixes#27768.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
