New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 679938 link

Starred by 0 users
Status: WontFix
Owner: ----
Closed: Feb 2017
Cc:
jlklein@chromium.org
r...@chromium.org
khorimoto@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug

Blocking:
issue 672263



Sign in to add a comment

Weave client connection receives duplicate GATT characteristic value changed packets

Project Member Reported by hansberry@chromium.org, Jan 11 2017 
Device: veyron_minnie
Chrome Version: 57.0.2967.0
OS: 9086.0.0

What steps will reproduce the problem?
(1) Establish a separate device in the BLE peripheral role acting as a GATT server, listening for a common UUID and the same GATT characteristic write/read UUIDs.
(2) Initiate a connection with cryptauth::BluetoothLowEnergyWeaveClientConnection::Connect(), with the Connection constructed with the correct BluetoothAddress and UUIDs.

What is the expected result?
The Chromebook should successfully create a GATT connection to the other device.

What happens instead?
BluetoothLowEnergyWeaveClientConnection::GattCharacteristicValueChanged() is called twice with the same packet. This causes an error further down in the stack with BluetoothLowEnergyWeavePacketReceiver::VerifyPacketCounter(): the same packet has the same packet counter, and thus the state machine throws itself into an error state (BluetoothLowEnergyWeavePacketReceiver::MoveToErrorState()). Then BluetoothLowEnergyWeaveClientConnection incorrectly closes the connection before it is completely established.

The incoming packet is indirectly from BluetoothLowEnergyWeaveClientConnection::SendConnectionRequest(). See (pruned) logs:

[20238:20238:0110/155645.040393:VERBOSE1:bluetooth_remote_gatt_characteristic_bluez.cc(293)] Sending GATT characteristic write request to characteristic: /org/bluez/hci0/dev_7A_A5_92_29_DA_0A/service0028/char002c, UUID: 00000100-0004-1000-8000-001a11000101, with value: [80000100010000].
[20238:20238:0110/155645.134123:INFO:bluetooth_low_energy_weave_client_connection.cc(518)] tether Characteristic written.
[20238:20356:0110/155645.134994:VERBOSE1:object_manager.cc(283)] Signal received: message_type: MESSAGE_SIGNAL
path: /org/bluez/hci0/dev_7A_A5_92_29_DA_0A/service0028/char0029
interface: org.freedesktop.DBus.Properties
member: PropertiesChanged
sender: :1.763
signature: sa{sv}as
serial: 3701

string "org.bluez.GattCharacteristic1"
array [
  dict entry {
    string "Value"
    variant       array [
        byte 129
        byte 0
        byte 1
        byte 2
        byte 2
      ]
  }
]
array [
]
[20238:20238:0110/155645.142650:INFO:bluetooth_low_energy_weave_client_connection.cc(262)] [GattCharacteristicValueChanged]
[20238:20238:0110/155645.157877:INFO:bluetooth_low_energy_weave_client_connection.cc(262)] [GattCharacteristicValueChanged]

I have confirmed that all packets, not just the one sent by BluetoothLowEnergyWeaveClientConnection::SendConnectionRequest(), hit BluetoothLowEnergyWeaveClientConnection::GattCharacteristicValueChanged() twice. 

It's unclear why BluetoothLowEnergyWeaveClientConnection::GattCharacteristicValueChanged() is called twice, because I have verified that BluetoothLowEnergyWeaveClientConnection::SendConnectionRequest() is only called once.

Comment 1 by khorimoto@chromium.org, Jan 11 2017

Cc: st...@chromium.org

Comment 2 by hansberry@chromium.org, Feb 2 2017

Status: WontFix (was: Untriaged)
Turns out that this bug was inadvertently my fault, caused by a hacky patch I I used to workaround crbug.com/679044. :/

Closing.

Comment 3 by st...@chromium.org, Mar 3 2017

Cc: r...@chromium.org

Comment 4 by st...@chromium.org, Mar 3 2017

Cc: -st...@chromium.org

Sign in to add a comment