When responding with NetKey List Status, packed NetKey indices into
3 octets per pair. If number of NetKeys is odd, append the last key
index as a 2-octet value.
When a netkey is deleted from a remote node, all the appkeys bound
to this netkey are expected to be deleted as well.
This fixes app_key queue manipulation to avoid issues caused by modifying
the queue while iterating over it: instead of iteration over all the
entries, find a first bound key, delete it, find next... and so on,
until there are no bound keys left in the app_keys queue.
First valid SNB received from the network should cause the node to
switch into IV_UPD_NORMAL state.
Otherwise, it will never try to enter IV Update procedure when sequence
number approaches the IV_UPDATE_SEQ_TRIGGER, because that's only allowed
in IV_UPD_NORMAL.
After introducing "remote" flag for DevKeyMessageReceived in
c8cd5b04cc, we can now allow applications
to received DevKey messages from external addresses as well as from
local ones.
This enables applications to properly implement models using DevKey
security, by accepting only requests with "remote" flag set to false.
When a netkey is deleted all the appkeys bound to this key has
to be deleted as well. This fixes app_key queue manipulation to
avoid issues caused by modifying the queue while iterating over it:
instead of iteration over all the entries, find a first bound key,
delete it, find next... and so on, until there are no bound keys
left in the app_keys queue.
When deleting an AppKey from a node, call mesh_config_app_key_del()
only from appkey level (i.e., keep it contained in appkey.c and
remove the duplicate call in node.c)
Also, simplify the node_app_key_delete() argument list.
The struct uinput_dev variable is on stack, so clear its content to
avoid accidentally writing garbage values to kernel. This fixes "Can't
create uinput device: Invalid argument (22)" in some cases.
The crash with stack trace:
(libc-2.27.so -raise.c:51 ) raise
(libc-2.27.so -abort.c:79 ) abort
(libc-2.27.so -libc_fatal.c:181 ) __libc_message
(libc-2.27.so -malloc.c:5350 ) malloc_printerr
(libc-2.27.so -malloc.c:4157 ) _int_free
(libglib-2.0.so.0.5200.3 -gslist.c:878 ) g_slist_free_full
(bluetoothd -a2dp.c:165 ) setup_unref
(bluetoothd -a2dp.c:2184 ) a2dp_cancel
(bluetoothd -sink.c:317 ) sink_unregister
(bluetoothd -service.c:176 ) service_remove
(bluetoothd -device.c:4678 ) device_remove
(bluetoothd -adapter.c:6573 ) adapter_remove
(bluetoothd -adapter.c:8832 ) index_removed
(bluetoothd -queue.c:220 ) queue_foreach
(bluetoothd -mgmt.c:304 ) can_read_data
(bluetoothd -io-glib.c:170 ) watch_callback
(libglib-2.0.so.0.5200.3 -gmain.c:3234 ) g_main_context_dispatch
(libglib-2.0.so.0.5200.3 -gmain.c:3972 ) g_main_context_iterate
(libglib-2.0.so.0.5200.3 -gmain.c:4168 ) g_main_loop_run
(bluetoothd -main.c:798 ) main
(libc-2.27.so -libc-start.c:308 ) __libc_start_main
(bluetoothd + 0x0000b089 ) _start
(bluetoothd + 0x0000b05f ) _init
triggered when 'usb disconnect' happened during AVDTP_SET_CONFIGURATION
request is sent but haven't received the response.
In this situation, the recovering process goes into sink.c:sink_free and
then a2dp.c:a2dp_cancel, avdtp.c:cancel_request, avdtp.c:connection_lost,
avdtp.c:release_stream.
During recovering, the reference count of setup and avdtp decrease more
than it increase, which ends up causing the crash.
The reference count of setup decreases one more time since
a2dp.c:setconf_cfm(called by cfm->set_configuration in
avdtp.c:cancel_request) was called in the 'error mode', which didn't
reference the setup, but in a2dp.c:abort_cfm(called by cfm->abort in
avdtp.c:release_stream), the reference count decreased by 1.
In this case, abort_cfm shouldn't be called as we already know
setconf_cfm didn't send any request. Setting avdtp_sep_state to
AVDTP_STATE_ABORTING should avoid this issue.
The reference count of avdtp decrease one more time since
both sink.c:sink_free and sink.c:sink_set_state(called from
avdtp.c:connection_lost -> avdtp.c:avdtp_set_state) unreference avdtp
for the session. The changes in sink.c should avoid the issue.
< HCI Command: LE Periodic Advertising Set Info Transfer (0x08|0x005b) plen 5
Connection handle: 1
Service data: 0x0000
Advertising handle: 0
> HCI Event: Command Status (0x0f) plen 4
LE Periodic Advertising Set Info Transfer (0x08|0x005b) ncmd 1
Status: Unknown HCI Command (0x01)
This patch fixes saving IV received in SNB to storage.
Previously after creating new node with IV 0 (or loading node with
IV > 0 but after long inactivity) first received SNB should update IV
(and reset sequence number to 0 if necessary).
The bug would prevent new IV being saved in storage which resulted in
sequence number being set to 0 on first SNB received after every daemon
reset but IV never being updated.
list entry was not updated properly during flushing of packets
<call stack>
flush_pkt_list (list=0x638b40 <net+64>) at tools/mesh-gatt/net.c:1199
net_session_close (data_in=<optimized out>) at tools/mesh-gatt/net.c:1979
disconnect_device (cb=cb@entry=0x0, user_data=user_data@entry=0x0)
at tools/meshctl.c:791
cmd_start_prov (argc=<optimized out>, argv=0x6a9fb0)
at tools/meshctl.c:1789
This detects when a agent request is already pending for the same device
which could happen when there are 2 or more adapters in the system and
they are trying to pair with each other.
5.3.2 of Mesh Profile Bluetooth specification:
To open a link, the provisioner shall start the link establishment
timer, set to 60 seconds, and then shall start sending Link Open
messages.
On timeout, close indication will be sent. Provisioner cancels the
Link Establishment timer, when the link is open i.e. in pb_adv_tx().
This removes a roundabout logic that was required to delete
a json entry from a json array using libjsonc utilities.
A new API function, json_object_array_del_idx(), implemented in
json-c version 0.13 simplifies array entry removal to one call.
Also, add requirement to configure.ac for json-c version >= 0.13
D-Bus spec mandates that GetManagedObjects method of
org.freedesktop.DBus.ObjectManager interface returns *children* only:
https://dbus.freedesktop.org/doc/dbus-specification.html
> All returned object paths are children of the object path implementing
> this interface, i.e. their object paths start with the ObjectManager's
> object path plus '/'
Both test scripts and ELL abuse this by returning application interfaces
via ObjectManager attached to the same path, but other D-Bus
implementations do not, making Attach() fail because mandatory
interfaces cannot be found.
This patch fixes the issue by scanning hierarchy returned by
GetManagedObjects for object implementing org.bluez.mesh.Application1
interface and keeping that as node's app_path.
This adds key file with default settings for the mesh daemon.
The following settings are included:
Beacon: Default setting for to indicate whether
secure network beaconing is enabled for a
node whose Beacon state hasn't been configured
by a configuration client, i.e., this setting
apllies to a newly provisioned, created or
imported node.
Relay: Default setting for supporting relay
Friendship: Default setting for supporting Friendship
CRPL: Default depth of replay protection list.
FriendQueueSize: Default size of friend queue: the number
of messages that each Friend node can store
for the Low Power node.
ProvTimeout: Provisioning timeout in seconds.
We are the client, so we should be using connect(2) instead of bind(2),
otherwise when using non-abstract Unix sockets we will get an error that
the address is already in use.
This breaks the notify support in dpkg's start-stop-daemon.
The daemon handles multiple nodes, that may or may not be on the same
mesh network. While each node my be seperately configured to beacon or
not beacon, there is nothing gained (except redundent traffic) for each
node to beacon seperately. Beaconing is therefore centralized with the
Network Key the SNB represents, with each *received* beacon delivered
to each node. But for SNBs generated, we keep a count of how many nodes
want beacons sent for a specific key. If 1 or more, we beacon, if 0
nodes want the beacon sent, then we do not beacon.
This adds consistency checks for mandatory properties on
org.bluez.mesh.Element1 interface:
- disallow duplicate models on the same element
- disallow elements with duplicate indices
- disallow configuration server model on any element but primary
This correctly initializes net settings related to node features
based on node configuration: either defaults in the case of
a newly node created/provisioned/imported node or the configured
values read from stored existing node.
This change makes the node initialization a bit easier to follow.
Replace if-else with switch when processing request type, descriptive
function names, more predictable code flow.
