BLE: Advertisements broken after an encrypted connection is closed
Observation: After a reset, card10 start normal advertisements:
systime=1565990915 freq=2402 addr=8e89bed6 delta_t=385.054 ms rssi=-32
20 12 01 00 00 10 4d ca 02 01 06 02 0a 00 05 03 0a 18 0f 18 f2 e5 35
Advertising / AA 8e89bed6 (valid)/ 18 bytes
Channel Index: 37
Type: ADV_IND
AdvA: ca:4d:10:00:00:01 (public)
AdvData: 02 01 06 02 0a 00 05 03 0a 18 0f 18
Type 01 (Flags)
00000110
LE General Discoverable Mode
BR/EDR Not Supported
Type 0a (Tx Power Level)
0 dBm
Type 03 (16-bit Service UUIDs)
180a
180f
Data: 01 00 00 10 4d ca 02 01 06 02 0a 00 05 03 0a 18 0f 18
CRC: f2 e5 35Afterwards a pairing using numeric comparison with MITM is created and a connection opened.
After closing this connection, the advertisements are broken:
systime=1565991064 freq=2402 addr=8e89bed6 delta_t=508.126 ms rssi=-32
20 16 1e ac 40 56 62 98 eb fb 78 b0 59 c3 31 39 27 0a e8 6c c2 96 36 70 1f 11 80
Advertising / AA 8e89bed6 (valid)/ 22 bytes
Channel Index: 37
Type: ADV_IND
AdvA: 98:62:56:40:ac:1e (public)
AdvData: eb fb 78 b0 59 c3 31 39 27 0a e8 6c c2 96 36 70
Error: attempt to read past end of buffer (1 + 235 > 16)
Data: 1e ac 40 56 62 98 eb fb 78 b0 59 c3 31 39 27 0a e8 6c c2 96 36 70
CRC: 1f 11 80In both cases, the call to BbBleDrvTxData() in bbSetupAdvOp() seems to have correct data:
BbBleDrvTxData (descs=0x200246f8, cnt=1 '\001')
at /home/maxim/Documents/src/BLE/mcbusw/Hardware/Micro/ME14/Firmware/trunk/NDALibraries/BTLE/phy/bb/bb_ble_drv.c:169
169 /home/maxim/Documents/src/BLE/mcbusw/Hardware/Micro/ME14/Firmware/trunk/NDALibraries/BTLE/phy/bb/bb_ble_drv.c: No such file or directory.
(gdb) reset
max32xxx.cpu: external reset detected
(gdb) break BbBleDrvTxData
Breakpoint 1 at 0x10039a00: file /home/maxim/Documents/src/BLE/mcbusw/Hardware/Micro/ME14/Firmware/trunk/NDALibraries/BTLE/phy/bb/bb_ble_drv.c, line 169.
(gdb) c
Continuing.
Note: automatically using hardware breakpoints for read-only addresses.
Breakpoint 1, BbBleDrvTxData (descs=0x2003ff70, cnt=1 '\001')
at /home/maxim/Documents/src/BLE/mcbusw/Hardware/Micro/ME14/Firmware/trunk/NDALibraries/BTLE/phy/bb/bb_ble_drv.c:169
169 /home/maxim/Documents/src/BLE/mcbusw/Hardware/Micro/ME14/Firmware/trunk/NDALibraries/BTLE/phy/bb/bb_ble_drv.c: No such file or directory.
(gdb) x/2xw x2003ff70
No symbol "x2003ff70" in current context.
(gdb) x/2xw 0x2003ff70
0x2003ff70: 0x20010014 0x2001cf28
(gdb) x/20xb 0x2001cf28
0x2001cf28 <lctrSlvAdv>: 0x20 0x12 0x01 0x00 0x00 0x10 0x4d 0xca
0x2001cf30 <lctrSlvAdv+8>: 0x02 0x01 0x06 0x02 0x0a 0x00 0x05 0x03
0x2001cf38 <lctrSlvAdv+16>: 0x0a 0x18 0x0f 0x18Length of 0x14 and the data matched.
Things point to a mis-configured radio. Maybe encryption is still active or some other parameter does not get reset as expected.