| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
| |
If database is empty attempt to reload since the daemon may have
updated its cache in the meantime.
|
|
|
|
|
| |
Notify Multiple was parsing handle multiple times causing the length to
be assumed to be a handle.
|
|
|
|
|
| |
There could be read frames pending on both direction so this ensures
the direction is matched properly.
|
|
|
|
|
| |
Notification/Indication shall be treated as response so the correct
database is used.
|
|
|
|
|
| |
The code was using queue_find instead of queue_remove_if so follow up
read wouldn't match the attribute properly.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds decoding support for CCC so its value can be decoded:
< ACL Data TX: Handle 3585 flags 0x00 dlen 7
ATT: Read Request (0x0a) len 2
Handle: 0x002c Type: Client Characteristic Configuration (0x2902)
> ACL Data RX: Handle 3585 flags 0x02 dlen 6
ATT: Read Response (0x0b) len 1
Value: 01
Notification (0x01)
< ACL Data TX: Handle 3585 flags 0x00 dlen 9
ATT: Write Request (0x12) len 4
Handle: 0x002c Type: Client Characteristic Configuration (0x2902)
Data: 0100
Notification (0x01)
|
|
|
|
|
|
|
|
|
| |
This attempt to decode the attribute type if its gatt_db can be loaded:
< ACL Data TX: Handle 3585 flags 0x00 dlen 9
ATT: Write Request (0x12) len 4
Handle: 0x000b Type: Client Characteristic Configuration (0x2902)
Data: 0200
|
|
|
|
|
|
|
|
|
|
| |
This caches connection information including the device addres so it can
be printed alongside the handle:
> HCI Event: Disconnect Complete (0x05) plen 4
Status: Success (0x00)
Handle: 3585 Address: 68:79:12:XX:XX:XX (OUI 68-79-12)
Reason: Connection Terminated By Local Host (0x16)
|
|
|
|
| |
This moves ATT decoding function from l2cap.c to att.c.
|
|
|
|
|
| |
This moves print_hex_field to display.h and removes the duplicated code
from packet.c and l2cap.c.
|
|
|
|
|
| |
LE Terminate BIG Complete event format Subevent_Code, BIG_Handle and
Reason but the last two were swapped.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This decodes the LTV fields of Basic Audio Announcements:
< HCI Command: LE Set Periodic Advertising Data (0x08|0x003f) plen 41
Handle: 0
Operation: Complete ext advertising data (0x03)
Data length: 0x26
Service Data: Basic Audio Announcement (0x1851)
Presetation Delay: 40000
Number of Subgroups: 1
Subgroup #0:
Number of BIS(s): 1
Codec: LC3 (0x06)
Codec Specific Configuration #0: len 0x02 type 0x01
Codec Specific Configuration: 03
Codec Specific Configuration #1: len 0x02 type 0x02
Codec Specific Configuration: 01
Codec Specific Configuration #2: len 0x05 type 0x03
Codec Specific Configuration: 01000000
Codec Specific Configuration #3: len 0x03 type 0x04
Codec Specific Configuration: 2800
Metadata #0: len 0x03 type 0x02
Metadata: 0200
BIS #0:
Index: 1
Codec Specific Configuration:
|
|
|
|
| |
This enablind decoding LC3 codec id (0x06).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds support for decoding Basic Audio Announcements as shown
on:
Basic Audio Profile / Profile Specification
Page 36 of 146
Table 3.15: Format of BASE used in Basic Audio Announcements
< HCI Command: LE Set Periodic Advertising Data (0x08|0x003f) plen 36
Handle: 0
Operation: Complete ext advertising data (0x03)
Data length: 0x21
Service Data: Basic Audio Announcement (0x1851)
Presetation Delay: 40000
Number of Subgroups: 1
Subgroup #0:
Number of BIS(s): 1
Codec: Reserved (0x06)
Codec Specific Configuration: 010101020403010000020428
Metadata: 020202
BIS #0:
Index: 1
Codec Specific Configuration:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds support for decoding Broadcast Audio Announcements as shown
on:
Basic Audio Profile / Profile Specification
Page 34 of 146
Table 3.14: Broadcast Source AD format when transmitting Broadcast
Audio Announcements
< HCI Command: LE Set Extended Advertising Data (0x08|0x0037) plen 36
Handle: 0x00
Operation: Complete extended advertising data (0x03)
Fragment preference: Minimize fragmentation (0x01)
Data length: 0x20
Service Data: Broadcast Audio Announcement (0x1852)
Broadcast ID: 904177 (0x0dcbf1)
Name (complete): Broadcast Audio Source
|
|
|
|
|
|
|
| |
This adds proper decoding for Service Data UUID:
Service Data: Apple, Inc. (0xfd6f)
Data: e6b07e19815e902100b8b2f4a55255fd18f0c6be
|
|
|
|
|
|
| |
This fixes the decoding of Enhanced Credit Connection Request which was
not accounting the fields correctly causing 2 extra Source CID to be
printed.
|
|
|
|
| |
This adds support for LE BIG Info Advertising Report.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Accessing le_states_desc_table array with value 15 can cause
out-of-bound read because current size of array is 14.
Currently this cannot lead to any problems becase we do no have such
state in le_states_comb_table but this could be changed in future and
raise described problem.
Found by Linux Verification Center (linuxtesting.org) with the SVACE
static analysis tool.
|
|
|
|
| |
This adds sending and receiving BT_H4_ISO_PKT packets.
|
|
|
|
|
| |
This sends BT_HCI_EVT_DISCONNECT_COMPLETE when handling
BT_HCI_CMD_LE_BIG_TERM_SYNC.
|
|
|
|
|
| |
This sends BT_HCI_EVT_LE_BIG_SYNC_ESTABLISHED when handling
BT_HCI_CMD_LE_BIG_CREATE_SYNC.
|
|
|
|
| |
This renames the use of Periodic Advertising in the API to just PA.
|
|
|
|
|
|
| |
This adds implementation of
BT_HCI_CMD_LE_PERIODIC_ADV_CREATE_SYNC_CANCEL generating
BT_HCI_EVT_LE_PER_SYNC_ESTABLISHED if necessary.
|
|
|
|
|
|
| |
The PDU of Create BIG is actually fixed size as the num_bis is
related to the number of indexes to be connected and not the BIS
parameters.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In a connection without outgoing traffic, conn->tx_num will remain 0.
In this case, conn->tx_pkt_med should be simply 0 without calculating
"conn->tx_bytes / conn->tx_num".
This was likely to happen, for example, when "btmon -w btsnoop.log"
was launched in the middle of a LE mouse connection, and a number of
incoming ACL Data RX were received as the mouse movements. When
running "btmon -a btsnoop.log", it would encounter this error.
Reviewed-by: Alain Michaud <alainm@chromium.org>
Reviewed-by: Yun-Hao Chung <howardchung@chromium.org>
Reviewed-by: Shuo-Peng Liao <deanliao@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes the out-of-bounds array access caught by the ASAN.
monitor/sdp.c:497:19: runtime error: index 8 out of bounds for type
'cont_data [8]'
=================================================================
==4180==ERROR: AddressSanitizer: global-buffer-overflow on address
0x7fe2d271a542 at pc 0x7fe2d174a57d bp 0x7ffc6dcac1d0 sp 0x7ffc6dcab978
WRITE of size 9 at 0x7fe2d271a542 thread T0
#0 0x7fe2d174a57c (/lib/x86_64-linux-gnu/libasan.so.5+0x9b57c)
#1 0x7fe2d23bae85 in search_attr_rsp monitor/sdp.c:692
#2 0x7fe2d23be3f1 in sdp_packet monitor/sdp.c:771
#3 0x7fe2d23b004c in l2cap_frame monitor/l2cap.c:3247
#4 0x7fe2d23b3d9c in l2cap_packet monitor/l2cap.c:3312
#5 0x7fe2d237d5c3 in packet_hci_acldata monitor/packet.c:11638
#6 0x7fe2d2381876 in packet_monitor monitor/packet.c:3967
#7 0x7fe2d230b285 in data_callback monitor/control.c:973
#8 0x7fe2d2447029 in mainloop_run src/shared/mainloop.c:106
#9 0x7fe2d2449306 in mainloop_run_with_signal src/shared/mainloop-notify.c:188
#10 0x7fe2d230324a in main monitor/main.c:290
#11 0x7fe2d0b440b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
#12 0x7fe2d2303b7d in _start (/home/han1/work/dev/bluez/monitor/btmon+0x1dbb7d)
0x7fe2d271a542 is located 30 bytes to the left of global variable 'tid_list'
defined in 'monitor/sdp.c:43:24' (0x7fe2d271a560) of size 384
0x7fe2d271a542 is located 2 bytes to the right of global variable 'cont_list'
defined in 'monitor/sdp.c:424:25' (0x7fe2d271a400) of size 320
SUMMARY: AddressSanitizer: global-buffer-overflow
(/lib/x86_64-linux-gnu/libasan.so.5+0x9b57c)
...
==4180==ABORTING
|
|
|
|
|
| |
Large packets requires the support of ACL fragmentation in order to be
properly processed.
|
|
|
|
|
|
|
|
| |
This fixes erros such as:
monitor/packet.c:8129:2: runtime error: load of misaligned address
0x55956a438f2d for type 'const uint16_t', which requires 2 byte
alignment
|
|
|
|
|
|
|
|
|
|
|
| |
AVRCP byte order is always big endian:
Audio/Video Remote Control / Profile Specification - Page 20:
'Transfer Octet Order; Packets shall transfer multiple-octet fields in
standard network octet order (Big Endian), with more significant
(high-order) octets being transferred before less-significant (low-order)
octets.'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds support for vendor commands reserving a single opcode (0xfc10)
so it can be extended using subcommands, similar to how MSFT works.
The first subcommand (0x00) enables the emulator to generate arbitrary
events using the commands parameters:
> tools/hcitool cmd 3f 10 00 22 24 d0 d0 d0 d0 d0 d0 ff ff
< HCI Command: Vendor (0x3f|0x0010) plen 11
00 22 24 d0 d0 d0 d0 d0 d0 ff ff
."$........
Bluetooth: hci0: Malformed HCI Event: 0x22
> HCI Event: Inquiry Result with R.. (0x22) plen 9
Num responses: 36
Page scan repetition mode: Reserved (0xff)
Page period mode: Reserved (0xff)
Class: 0xffffd0
Major class: Uncategorized, specific device code not specified
Minor class: 0x34
Limited Discoverable Mode
invalid service class
Clock offset: 0x6368
RSSI: 105 dBm (0x69)
> HCI Event: Command Complete (0x0e) plen 4
Vendor (0x3f|0x0010) ncmd 1
Status: Success (0x00)
|
|
|
|
| |
This fixes various issues found when sanitizers are enabled.
|
|
|
|
|
| |
This patch fixes the uninitiailzed varialble(CWE-457) reported by
the Coverity scan.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds proper decoding for Device Privacy Mode flag:
@ MGMT Command: Set Device... (0x0050) plen 11 {0x0001}
LE Address: BC:9A:78:56:34:12 (OUI BC-9A-78)
Current Flags: 0x00000002
Device Privacy Mode
@ MGMT Event: Device Flags... (0x002a) plen 15 {0x0002}
LE Address: BC:9A:78:56:34:12 (OUI BC-9A-78)
Supported Flags: 0x00000003
Remote Wakeup
Device Privacy Mode
Current Flags: 0x00000002
Device Privacy Mode
|
|
|
|
|
| |
This enables decoding MSFT extension with emulator instances since it
shall be the only one using Linux Foundation as manufacturer.
|
|
|
|
|
| |
This adds the feature bits definition used in
HCI_VS_MSFT_Read_Supported_Features.
|
|
|
|
| |
128 bits are actually 16 octecs not 8.
|
|
|
|
| |
This make use of the packet definitions for MSFT extension.
|
|
|
|
|
| |
This adds proper packet definitions for command and response of MSFT
extension.
|
|
|
|
|
|
|
|
| |
BT core spec 5.3 promotes the usage of inclusive languages.
This CL replaces some terms with the more appropriate counterparts,
such as "central", "peripheral", "link key", and "accept list"
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
|
|
|
|
|
|
|
| |
BT core spec 5.3 promotes the usage of inclusive languages.
This CL replaces some terms with the more appropriate counterparts,
such as "central", "peripheral", and "accept list".
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
|
|
|
|
| |
Byte order is assumed to be big endian instead of little endian.
|
| |
|
|
|
|
| |
This fixes log of SDU interval in StoM direction.
|
|
|
|
| |
The Maximum PDU in CIS Test parameters is 2 byte value.
|
| |
|
| |
|
|
|
|
|
| |
This makes analyze.c use packet_print_addr which does take care of
decoding OUI portion of the address.
|
|
|
|
|
|
|
| |
Milisecconds is probably the best unit to have since it is unlikely that
the controller can respond in under 1 msec as well as most time
sensitive connection e.g. A2DP, HFP, etc, also don't expect the
latencies to be over 1 sec.
|
|
|
|
|
|
|
| |
Analyze code was not accounting for the fact that multiple outstanding
packets could be pending which will cause the last_tx to be overwritten
but its latency would be calculated against the very first packet
complete.
|