This fixes a double-free error when destroying the NVM storage of a mesh node.
Cleanly handle two distinct scenarios:
1. When the node is being deleted at runtime. This causes release of
both dynamic memory and NVM storage.
2. During shutdown, we release dynamic memory only.
This fixes the crash that occurs when a controller used by bluetooth-meshd
is removed and then added back again.
Also, correctly restart scanning when the controller is re-enabled.
Backtrace:
0x00005618e754d040 in ?? ()
0x00005618e6e12d9a in io_ready_callback () at mesh/mesh.c:174
0x00005618e6e3d2c8 in l_queue_foreach () at ell/queue.c:441
0x00005618e6e37927 in request_complete () at src/shared/mgmt.c:261
This removes a redundant call to save node configuration in
add_local_node(): there is a number of unconditional calls to
mesh_config_write_<some_node_Setting>() within this function
which would result in the node configuration being saved implicitly.
This allows to update settings of the following composition fields
when an existing node (application) attaches to the daemon:
Company ID (CID), Product ID (PID), Versioin ID (VID),
CRPL (replay protection depth)
This modifies miscellaneous utility functions in mesh-config-json.c:
when writing a new value to a node configuration file, delete
the existing field containing an old value first.
This fixes a case when a configuration server receives a virtual
subscription add/overwrite command targeting a vendor model.
Correctly set "vendor" argument before trying to save the updated
subscrition to configuration file.
JoinComplete() dbus method calls are the only time that node tokens are
delivered to client Applications, so if the call fails for any reason
(including time-outs) the daemon has a way to clean-up the stale unused
node data.
This patch changes Import and CreateNetwork API to deliver tokens via
the JoinComplete method call. When application doesn't raise any error
during handling JoinComplete then it is assumed that the token has been
saved, otherwise when application replies with an error message then the
node is removed.
This patch fixes invalid app_path on 'Join' method call - the daemon
tried to use the value of app_root API argument, while it should use
path discovered by scanning result of GetManagedObjects() call.
When daemon receives beacon with IV=n+1, IVU=False it will
start sending messages with new IV and set sequence to 0.
However if daemon receives another beacon with IV=n+1, IVU=True it
will go back to sending messages with old IV=n (IVU set to True).
Because sequence number has been reset those messages will be dropped
by replay protection and node will lose communication.
Once IV is updated daemon should not go back to using the old value.
This patch adds beacon rejection if IV has already been updated.
- Remove application_encrypt/application_decrypt
- Make mesh_crypto_privacy_counter private, add mesh_crypto_pecb
- Make *_nonce functions private and align their implementation to be
more consistent
- Refactor network_encrypt/network_decrypt to use *_nonce functions and
rename them to packet_encrypt/packet_decrypt
- Refactor packet_encode/packet_decode
If node configuration is completely removed from the system,
remove all pending writes to the configuration file.
Fixes the segfault below:
mesh/cfgmod-server.c:node_reset() Node Reset
mesh/mesh-config-json.c:mesh_config_destroy() Delete node config /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c
mesh/util.c:del_fobject() RM /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c/rpl/00000000/0001
mesh/util.c:del_fobject() RMDIR /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c/rpl/00000000
mesh/util.c:del_fobject() RMDIR /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c/rpl
mesh/util.c:del_fobject() RM /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c/node.json.bak
mesh/util.c:del_fobject() RM /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c/node.json
mesh/util.c:del_fobject() RMDIR /var/lib/bluetooth/mesh/02040d0a060e0a08090b0103070f050c
Segmentation fault
Program terminated with signal SIGSEGV, Segmentation fault.
0x0000563a35df2ed0 in ?? ()
0x00007fd6b131689f in json_object_to_json_string_length (jso=jso@entry=0x563a35dd8d30, flags=flags@entry=2,
Capabilities need to be zero'd before realtime reading fresh values,
because they are mostly bitmasks, which are set when capabilities are
detected, and never otherwise cleared.
As provisioner's capabilities might change during application lifetime
(e.g. no network link to download OOB key), let's query the agent again
after application calls AddNode().
The following methods are modified to allow for future development:
Interface org.bluez.mesh.Management1:
Old: void UnprovisionedScan(uint16 seconds)
New: void UnprovisionedScan(dict options)
The options parameter is a dictionary with the following keys defined:
uint16 Seconds
Specifies number of seconds for scanning to be active.
If set to 0 or if this key is not present, then the
scanning will continue until UnprovisionedScanCancel()
or AddNode() methods are called.
other keys TBD
Old: void AddNode(array{byte}[16] uuid)
New: void AddNode(array{byte}[16] uuid, dict options)
The options parameter is currently an empty dictionary
Interface org.bluez.mesh.Provisioner1
Old: void ScanResult(int16 rssi, array{byte} data)
New: void ScanResult(int16 rssi, array{byte} data, dict options)
The options parameter is currently an empty dictionary
This patch fixes usage of send_pub_status() when handling publication
set message - mod_id was swapped with pub_addr, resulting in malformed
message being sent back to the Config Client.
Provision complete callback is handled in provision failure case.
If link closed received abruptly with reason success, triggered
provision complete callback. Removed session timeout and session
free as they are handled in pb_adv_unreg.
4.4.1.2.9 of Mesh Profile Bluetooth specification:
When an element receives a Config NetKey Delete message that
identifies a NetKey that is not in the NetKey List, it
responds with Success, because the result of deleting the
key that does not exist in the NetKey List will be the same
as if the key was deleted from the NetKey List.
For added reliability, it is legal to send short messages as "single
segment" segmented messages, which require transport layer
acknowledgement. This feature is intended for heavy usage in the future
so I am adding it now.
Further, to support this functionality, an additional queue has been
added to allow multiple SAR messages to the same DST to be queued and
sent serially.
This fixes a condition when a node continues processing messages
after it has been reset by a remote configuration client.
Upon receiving Config Node Reset message, node removal happens after
a grace interval to allow sending of Config Node Reset Status reply.
This removes unused ttl parameter from mesh_model_rx(). The TTL value
is not processed at the access layer, so there is no need to pass it
to a model.
Also, remove "uint32_t dst" parameter from the typedef of
mesh_model_recv_cb: providing a just destination address is sufficient
for internally implemented models (currently, it's only Config Server)
Future versions of Mesh will introduce new advertising packets, which
do not fit in the limited and rigid filtering currently used. This minor
rewrite allows registering and receiving of *any* AD types, including
the filtering on multiple octets of the incoming AD parts.
This fixes a bug when a virtual label and its size hasn't been passed
to a decryption function: instead of always using NULL pointer for
label and 0 for lable size, use actual virtual label info if decrypting
a payload addressed to a virtual destination.
This fixes how app key files are accessed when finalizing
Key Refresh procedure. Instead of using open(entry->d_name, ...)
to get file descriptor, use openat(dir_fd, entry->d_name, ...)
since entry->d_name contains a relative app key filename, not an
absolute path.
This handles a case when a Key Refresh procedure is in place with
no application keys stored in the keyring. When KR procedure is
finalized, the check for the presence of AppKeys storage directory
does not return failure if the directory does not exist.
Also, remove duplicate include.
Re-arranged for efficiency. Replay Protection was set up as an atomic
check-and-add operation. Now we check the message early so we can
discard it without taking further action, and only add it to the RPL
once fully verified that it was authorized and addressed to us.
Mesh specification requires that Replay Protection be preserved
across node restarts. This adds that storage in
<node_uuid>/rpl/<iv_index>/<src>
Realtime access remains in an l_queue structure, and stored as
messages are processed.
Replay Protection was only being applied against Application Keys,
but messages with Device Keys are just as vulnerable, and need to be
checked as well.
Scrub of Sequence Number handling of OB messages to account for in-node
delivery of segmented messages, so that each discrete message has a
unique sequence number for the RPL.
The specification calls for a flatter Replay Protection List that
applies to all processed messages, regardless of which credentials
were used to secure them. So storage and checking is now centralized
in mesh/net.c
