| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
This rework config option parsing adding helper function to make it
simpler to parse new options.
|
| |
|
|
|
| |
This adds experimental field to btd_adapter_driver so the plugin can
indicate drivers that depends on experimental to be enabled.
|
| |
|
|
|
|
| |
If plugin .init returns -ENOTSUP treat it as the system doesn't
support the driver since that is the error returned by
btd_profile_register when experimental is disabled.
|
| |
|
|
|
| |
This adds experimental field to btd_profile so the plugin can indicate
drivers that depends on experimental to be enabled.
|
| |
|
|
|
|
|
| |
This fixes not sending ASE Receiver Stop Ready if stream is on disabling
state when CIS is disconnected.
Fixes: https://github.com/bluez/bluez/issues/516
|
| |
|
|
| |
This adds initial code for Broadcast Audio Scan Service.
|
| |
|
|
|
| |
This adds iovec helper functions for handling byteorder and alignment
in place.
|
| |
|
|
|
| |
This adds Write Request Rejected Common Profile and Service
Error Code.
|
| |
|
|
|
|
|
| |
This fixes the following warning:
src/shared/shell.c:615:21: warning: non-ANSI function declaration of
function 'bt_shell_usage'
|
| |
|
|
|
|
| |
This fixes not releasing prompt when queueing a line to be executed
since it can be considered as user input if the init script is
attempting to enter it as response to prompt input.
|
| |
|
|
|
|
|
| |
This fixes the following errors:
src/shared/util.c:271:2: runtime error: null pointer passed as argument
2, which is declared to never be null
|
| |
|
|
|
|
| |
This use iovec as expected storage for capabilities and configuration
so it is inline with what bluetoothctl has been using making it simpler
to reuse these definitions.
|
| |
|
|
| |
Fix typo s/BT_BAP_CONFIG_LATENCY_BALACED/BT_BAP_CONFIG_LATENCY_BALANCED
|
| |
|
|
|
| |
This adds support for NULL PDUs which can be used to skip a round of
TX/RX.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This fixes not removing the process_id timeout when freeing the session
which can cause the following crash:
Invalid read of size 8
at 0x18EB39: bap_debug (bap.c:553)
by 0x1913A8: bap_process_queue (bap.c:3542)
by 0x1A8630: timeout_callback (timeout-glib.c:25)
Address 0x55e0650 is 128 bytes inside a block of size 160 free'd
at 0x48480E4: free (vg_replace_malloc.c:872)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a stream is being detached but bt_bap reference is already 0 don't
attempt to detach the stream as they would be freed anyway:
Invalid read of size 8
at 0x19A360: bap_free (bap.c:2576)
by 0x19A360: bt_bap_unref (bap.c:2735)
by 0x19A360: bt_bap_unref (bap.c:2727)
by 0x160E9A: test_teardown (test-bap.c:412)
by 0x1A8BCA: teardown_callback (tester.c:434)
Address 0x55e05e0 is 16 bytes inside a block of size 160 free'd
at 0x48480E4: free (vg_replace_malloc.c:872)
by 0x1AD5F6: queue_foreach (queue.c:207)
by 0x19A1C5: bt_bap_detach (bap.c:3879)
by 0x19A1C5: bt_bap_detach (bap.c:3855)
by 0x19A33F: bap_free (bap.c:2574)
|
| |
|
|
|
| |
Add function to get the PACS Sink/Source Audio Locations field relevant
for a given PAC.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds support for "rsi" when a SIRK has been set on main.conf, the
clients can then enable it via Includes property which will make the
daemon to automatically generate an RSI (hash+random) and include it as
part of the advertising data:
< HCI Command: LE Set Extended Advertising Data (0x08|0x0037) plen 15
Handle: 0x01
Operation: Complete extended advertising data (0x03)
Fragment preference: Minimize fragmentation (0x01)
Data length: 0x0b
Resolvable Set Identifier: E2-4E-AA-1B-2B-61
Hash: 0x1b2b61
Random: 0xe24eaa
Flags: 0x06
LE General Discoverable Mode
BR/EDR Not Supported
|
| |
|
|
|
|
| |
bt_ad_has_data attempts to match the data portion even when not set
which is useful the user is only interested in actually mataching the
type alone.
|
| |
|
|
| |
There was a typo in the group name using CSIP instead of CSIS.
|
| |
|
|
|
| |
If a device advertising with RSI is only found later after the set was
already create we shall still attempt to connect to it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
discovery_filter_to_mgmt_cp() does not add discovery_filter.discoverable
to the created mgmt_cp_start_service_discovery struct.
Instead update_discovery_filter() separately checks
client->discovery_filter->discoverable for all clients.
This means that for discovery-filters which only have the discoverable
flag set, to put the adapter in discoverable mode while discovering,
the created mgmt_cp_start_service_discovery struct is empty.
This empty mgmt_cp_start_service_discovery struct then gets sent
to the kernel as part of a MGMT_OP_START_SERVICE_DISCOVERY msg
by start_discovery_timeout().
This use of an empty filter with MGMT_OP_START_SERVICE_DISCOVERY
causes some bluetooth devices to not get seen with some (most?)
Broadcom bluetooth adapters. This problem has been observed with
the following Broadcom models: BCM4343A0, BCM43430A1, BCM43341B0 .
On these models the following 2 devices were not being discovered
when starting a scan with a filter with just discoverable set
in the filter (as gnome-bluetooth does):
Device 09:02:01:03:0F:87 (public)
Name: Bluetooth 3.0 Keyboard
Alias: Bluetooth 3.0 Keyboard
Class: 0x00000540
Icon: input-keyboard
Paired: yes
Bonded: yes
Trusted: yes
Blocked: no
Connected: yes
WakeAllowed: yes
LegacyPairing: yes
UUID: Service Discovery Serve.. (00001000-0000-1000-8000-00805f9b34fb)
UUID: Human Interface Device... (00001124-0000-1000-8000-00805f9b34fb)
UUID: PnP Information (00001200-0000-1000-8000-00805f9b34fb)
Modalias: bluetooth:v05ACp022Cd011B
Device 00:60:D1:00:00:34 (public)
Name: Bluetooth Mouse
Alias: Bluetooth Mouse
Class: 0x00002580
Icon: input-mouse
Paired: yes
Bonded: yes
Trusted: yes
Blocked: no
Connected: yes
WakeAllowed: yes
LegacyPairing: no
UUID: Human Interface Device... (00001124-0000-1000-8000-00805f9b34fb)
UUID: PnP Information (00001200-0000-1000-8000-00805f9b34fb)
Modalias: usb:v0103p0204d001E
Since setting the discoverable flag on a filter only is a way to
automatically put the adapter in discoverable mode itself while
it is discovering; and since this does not any device filtering
at all; modify merge_discovery_filters() to treat discovery with
such filters as regular unfiltered discovery.
This results in start_discovery_timeout() starting regular
discovery through a MGMT_OP_START_DISCOVERY message and this
fixes these 2 example devices not getting discovered by the
mentioned Broadcom BT adapter models.
Link: https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/merge_requests/163
Reviewed-by: Bastien Nocera <hadess@hadess.net>
|
| |
|
|
|
|
| |
If the device is marked as auto-connect the kernel may initiate the
connection spontaneously causing new connections to not have set the
state->initiator flag properly.
|
| |
|
|
|
| |
This makes gatt_db_attribute_get_value public so it can be used by the
likes of btmon.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds support for -i/--init-script which can be used to provide a
file with commands to be initialized, the commands are then run in
sequence after completing:
client/bluetoothctl -i client/power-on-off.bt
Agent registered
Changing power on succeeded
[CHG] Controller A8:7E:EA:56:87:D5 Pairable: yes
[CHG] Controller 98:8D:46:EE:6D:16 Pairable: yes
[CHG] Controller 98:8D:46:EE:6D:16 PowerState: on-disabling
AdvertisementMonitor path registered
|
| |
|
|
|
|
|
|
|
| |
Notifications were using bt_att_send directly instead of
bt_gatt_client_write_value thus it wouldn't create a request which
causes the instance to not be able to track it which in turn may cause
the client to trigger its idle callback too early.
Fixes: https://github.com/bluez/bluez/issues/490
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following crash:
Invalid read of size 8
at 0x1E1E0B: bt_gatt_client_idle_unregister (gatt-client.c:3812)
by 0x1EB6BD: bt_bap_detach (bap.c:3821)
by 0x1EB6BD: bt_bap_detach (bap.c:3808)
by 0x1D5631: queue_foreach (queue.c:207)
by 0x1DCAA3: disconnect_cb (att.c:713)
by 0x1F4404: watch_callback (io-glib.c:157)
by 0x48BBC7E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7400.6)
by 0x4912117: ??? (in /usr/lib64/libglib-2.0.so.0.7400.6)
by 0x48BB24E: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.7400.6)
by 0x1F4A54: mainloop_run (mainloop-glib.c:66)
by 0x1F4E21: mainloop_run_with_signal (mainloop-notify.c:188)
by 0x1304B4: main (main.c:1428)
Address 0x28 is not stack'd, malloc'd or (recently) free'd
|
| |
|
|
|
|
|
|
| |
Some platforms use different filtering and for this purpose,
some of the ACL/SCO/ISO/SDP data is truncated.
In such a case, included length is smaller than the original size.
Without this fix, btmon stops working after first truncated packet.
|
| |
|
|
|
|
|
|
|
| |
Audio Locations and Contexts are properties of the PACS service, not of
individual PAC, as these are device-wide bitmaps and a single
characteristic may exist on PACS server (PACS v1.0 Sec 3).
Move the attributes out from bt_bap_pac to bt_bap_pacs, and actually
keep track of the values.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following set can be observed when a sirk is exists but it is
encrypted leading to info->set to not be set:
Invalid read of size 8
at 0x1ACDF0: append_set (device.c:1662)
by 0x1FFEFFF7DF: ???
by 0x1D4461: queue_foreach (queue.c:207)
by 0x1AC8DE: dev_property_get_set (device.c:1700)
by 0x1CF3E2: append_property (object.c:498)
by 0x1CFA91: append_properties (object.c:527)
by 0x1CFAFD: append_interface (object.c:542)
by 0x48D7CEF: g_slist_foreach (gslist.c:887)
by 0x1CF5A7: append_interfaces (object.c:1104)
by 0x1CF5A7: append_object (object.c:1119)
by 0x48D7CEF: g_slist_foreach (gslist.c:887)
by 0x1CF5D0: append_object (object.c:1122)
by 0x48D7CEF: g_slist_foreach (gslist.c:887)
Address 0x8 is not stack'd, malloc'd or (recently) free'd
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following trace:
Invalid read of size 1
at 0x1F4282: bt_csip_get_sirk (csip.c:812)
by 0x176B21: csip_ready (csip.c:259)
by 0x1F3C74: csip_notify_ready (csip.c:578)
by 0x1F3C74: csip_idle (csip.c:659)
by 0x1DCDCC: idle_notify (gatt-client.c:171)
by 0x1D579A: queue_remove_if (queue.c:279)
by 0x1D584F: queue_remove_all (queue.c:321)
by 0x1E036F: notify_client_idle (gatt-client.c:180)
by 0x1E036F: request_unref (gatt-client.c:199)
by 0x1DC60D: destroy_att_send_op (att.c:211)
by 0x1DC60D: handle_rsp (att.c:874)
by 0x1DC60D: can_read_data (att.c:1064)
by 0x1F43F4: watch_callback (io-glib.c:157)
by 0x48BBC7E: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7400.6)
by 0x4912117: ??? (in /usr/lib64/libglib-2.0.so.0.7400.6)
by 0x48BB24E: g_main_loop_run (in /usr/lib64/libglib-2.0.so.0.7400.6)
Address 0x0 is not stack'd, malloc'd or (recently) free'd
|
| |
|
|
|
|
| |
This introduces bt_gatt_client_ref_save which ensures the instaces
which are being destroyed, e.g. ref_count = 0, do not attempt to reach
callbacks.
|
| |
|
|
|
| |
This make sure idle callback is unregistered before bt_gatt_client is
unref.
|
| |
|
|
|
| |
This make sure idle callback is unregistered before bt_gatt_client is
unref.
|
| |
|
|
| |
This adds initial code for Coordinated Set Identification Profile.
|
| |
|
|
|
| |
This introduces option to configure main.conf that can be used to
configure co-ordinated set identification profile.
|
| |
|
|
|
| |
This checks if device is advertising an RSI and if so disregards if it
is not discoverable since other members can be.
|
| |
|
|
|
| |
This adds the initial implementation of DeviceSet interface as
documented in doc/set-api.rst.
|
| |
|
|
| |
This adds BT_AD_CSIP_RSI advertising data type.
|
| |
|
|
|
|
|
|
|
| |
This adds bt_crypto_sirk which attempts to generate a unique SIRK using
the following steps:
- Generate a hash (k) using the str as input
- Generate a hash (sirk) using vendor, product, version and source as input
- Encrypt sirk using k as LTK with sef function.
|
| |
|
|
|
|
|
|
|
|
| |
This makes use of DEFER_SETUP mechanism to do the following checks
before accepting the connection:
- Checks a valid device object exits
- Checks if initiator/central as if the peripheral start connecting it
may cause collisions.
- Checks if the limit of allowed connections has been reached.
|
| |
|
|
|
|
| |
EATT is causing some problem with some platforms as they also attempt to
configure it may cause a connection collision which needs to be handled
by the kernel.
|
| |
|
|
|
|
|
| |
This checks cid before attempting to create device, if the device is
using an RPA it could be that the MGMT event has not been processed yet
which would lead to create a second copy of the same device using its
identity address.
|
| |
|
|
|
|
| |
When updating the device address check if the device is marked as
temporary before attempting to call store_device_info otherwise it will
have no effect and instead btd_device_set_temporary must be called.
|
| |
|
|
|
| |
BT_ATT_OP_MTU_REQ shall only be sent on the so called fixed channel
since EATT channels shall use L2CAP procedure to update its MTU.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If an unexpected disconnect happens while bt_bap_config is pending the
following trace can be observed, to fix it bt_bap_config is reworked so
it no longer attempts to create and config the stream in place, instead
it just return the new stream and the function is renamed to
bt_bap_stream_new:
Invalid write of size 4
at 0x3980D8: config_cb (bap.c:395)
by 0x4DF5A3: bap_req_complete (bap.c:3471)
by 0x4E9D33: bap_req_detach (bap.c:3807)
by 0x4E9D33: bt_bap_detach (bap.c:3819)
by 0x4E9D33: bt_bap_detach (bap.c:3810)
by 0x397AA9: bap_disconnect (bap.c:1342)
by 0x4223E0: btd_service_disconnect (service.c:305)
by 0x4974D8F: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.7200.3)
by 0x438FC3: att_disconnected_cb (device.c:5160)
by 0x49A6C6: queue_foreach (queue.c:207)
by 0x4B463B: disconnect_cb (att.c:701)
by 0x5054DF: watch_callback (io-glib.c:157)
by 0x495BFAE: g_main_context_dispatch (in /usr/lib64/libglib-2.0.so.0.7200.3)
by 0x49B12C7: ??? (in /usr/lib64/libglib-2.0.so.0.7200.3)
Address 0x6576940 is 96 bytes inside a block of size 112 free'd
at 0x48480E4: free (vg_replace_malloc.c:872)
by 0x48F78D: remove_interface (object.c:660)
by 0x490489: g_dbus_unregister_interface (object.c:1394)
by 0x397BA8: ep_remove (bap.c:1330)
by 0x49ACF4: queue_remove_if (queue.c:279)
by 0x49B0AC: queue_remove_all (queue.c:321)
by 0x397A7C: bap_disconnect (bap.c:1339)
by 0x4223E0: btd_service_disconnect (service.c:305)
by 0x4974D8F: g_slist_foreach (in /usr/lib64/libglib-2.0.so.0.7200.3)
by 0x438FC3: att_disconnected_cb (device.c:5160)
by 0x49A6C6: queue_foreach (queue.c:207)
by 0x4B463B: disconnect_cb (att.c:701)
Block was alloc'd at
at 0x484586F: malloc (vg_replace_malloc.c:381)
by 0x49B432: util_malloc (util.c:43)
by 0x39A1D9: ep_register (bap.c:563)
by 0x39A1D9: pac_found (bap.c:664)
by 0x4E5FEA: bap_foreach_pac (bap.c:3980)
by 0x4EA437: bap_notify_ready (bap.c:2736)
by 0x4EA437: bap_idle (bap.c:3711)
by 0x4B52F0: idle_notify (gatt-client.c:171)
by 0x49ACF4: queue_remove_if (queue.c:279)
by 0x49B0AC: queue_remove_all (queue.c:321)
by 0x4C092C: notify_client_idle (gatt-client.c:180)
by 0x4C092C: request_unref (gatt-client.c:199)
by 0x4AACB5: destroy_att_send_op (att.c:209)
by 0x4B2B88: handle_rsp (att.c:862)
by 0x4B2B88: can_read_data (att.c:1052)
by 0x5054DF: watch_callback (io-glib.c:157)
|
| |
|
|
|
|
|
| |
This uses bt_gatt_client_idle_register to track when instance is ready
instead of using a dedicated queue to track requests.
Fixes: https://github.com/bluez/bluez/issues/485
|
| |
|
|
|
| |
This introduces the concept of idle callback which can be used to get
notified when there is no more pending requests by the client.
|
| |
|
|
|
|
| |
If session is being detached any ongoing/queue request shall be
cancelled as well otherwise when the session is attach again they would
be invalid.
|
| |
|
|
|
| |
This checks if an att instance already exists before attempting to
connect it once again.
|
