From: Anderson Lizardo <anderson.lizardo@openbossa.org>
To: Adam Warski <adam@warski.org>
Cc: BlueZ development <linux-bluetooth@vger.kernel.org>
Subject: Re: Passive scanning of iBeacons results in a "Data Buffer Overflow"
Date: Mon, 10 Mar 2014 09:09:02 -0400 [thread overview]
Message-ID: <CAJdJm_MrjHy-fk-OQUeepxh2C_K=ap30ekR0U91e6kK+ov42HQ@mail.gmail.com> (raw)
In-Reply-To: <A6C5B873-6614-45B3-AD4C-B3E08831E6D8@warski.org>
Hi Adam,
Duplicate filtering is done inside the controller. If you disable
filtering, the controller will receive a lot more packets (the
quantity will depend on device's advertising parameters, but it is
several times more packets).
Even if your Gimbal device changes address on every packet (which is
unusual, usually address changes are time based), what you actually
see without using --duplicate is still a small fraction of what the
controller receives over the air. Try comparing Gimbal on using
--duplicates versus not using (instead of comparing different devices
with different firmware and adv. parameters). Try counting number of
adv. reports on both situations. I expect to see a lot more when
--duplicate is enabled...
Regarding the logs, it seems your dmesg.txt seems only to show the
last lines of debugging... maybe the dmesg buffer is too short. Can
you check if there is a more complete log generated in one of the
/var/log/kern.log.* files ?
Fortunately, It contains one snippet showing problems with HCI
reassembly from USB packets:
[ 878.184532] btusb_intr_complete: hci0 urb d9a8d300 status 0 count 16
[ 878.185499] btusb_intr_complete: hci0 urb d9a8d300 status 0 count 16
[ 878.186498] btusb_intr_complete: hci0 urb d9a8d300 status 0 count 12
[ 878.386548] btusb_intr_complete: hci0 urb d9a8d300 status 0 count 16
[ 878.387530] btusb_intr_complete: hci0 urb d9a8d300 status 0 count 16
[ 878.387664] hci_rx_work: hci0
[ 878.387693] hci_send_to_monitor: hdev d9a4e000 len 64
[ 878.387783] hci_send_to_sock: hdev d9a4e000 len 64
[ 878.387803] hci_rx_work: hci0 Event packet
[ 878.387822] hci_event_packet: hci0 event 0xbc
[ 878.387847] hci_send_to_monitor: hdev d9a4e000 len 4
[ 878.387896] hci_send_to_sock: hdev d9a4e000 len 4
[ 878.387913] hci_rx_work: hci0 Event packet
[ 878.387930] hci_req_cmd_complete: opcode 0x200c status 0x00
[ 878.387945] hci_sent_cmd_data: hci0 opcode 0x200c
[ 878.387959] hci_event_packet: hci0 event 0x00
[ 878.388058] hci_sock_recvmsg: sock da567840, sk daa9c800
It contains 3 bogus events:
> HCI Event: Unknown (0xbc) plen 62
> HCI Event: Unknown (0x00) plen 2
> HCI Event: Physical Link Complete (0x40) plen 127
For me, it still points out to corrupted/truncated USB packets.
Unfortunately, it is just indirect evidence as the logs don't show raw
USB packets. But you can definitively confirm by using a USB sniffer
tool. I recommend using tshark (wireshark's command line interface).
It works just fine on raspberry. See this post for instructions:
http://nagaraj-embedded.blogspot.com.br/2012/03/capturing-usb-data-through-wireshark.html
Note that on raspberry there is just "usbmon1" (i.e. Bus 1), and
everything is attached to it. So the logs will get other unrelated
traffic (like ethernet packets), but wireshark GUI is powerful enough
to filter only traffic related to a specific device.
Best Regards,
--
Anderson Lizardo
http://www.indt.org/?lang=en
INdT - Manaus - Brazil
next prev parent reply other threads:[~2014-03-10 13:09 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-28 12:41 Passive scanning of iBeacons results in a "Data Buffer Overflow" Adam Warski
2014-02-28 16:14 ` Anderson Lizardo
2014-03-01 9:34 ` Adam Warski
2014-03-01 19:11 ` Anderson Lizardo
2014-03-02 15:07 ` Adam Warski
2014-03-03 15:27 ` Adam Warski
[not found] ` <0BA8DEFD-9E73-4A6A-A9E6-1957634CABF8@warski.org>
2014-03-03 18:02 ` Anderson Lizardo
2014-03-03 21:06 ` Adam Warski
2014-03-03 21:25 ` Adam Warski
2014-03-03 23:07 ` Anderson Lizardo
2014-03-05 20:41 ` Adam Warski
2014-03-10 13:09 ` Anderson Lizardo [this message]
2014-03-16 19:53 ` Adam Warski
2014-03-18 14:07 ` Anderson Lizardo
2014-03-19 23:47 ` Terry Hardie
2014-04-18 9:59 ` Adam Warski
2014-03-08 7:19 ` Terry Hardie
2014-03-09 6:25 ` Terry Hardie
2014-03-10 13:21 ` Anderson Lizardo
2014-03-11 0:54 ` Terry Hardie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAJdJm_MrjHy-fk-OQUeepxh2C_K=ap30ekR0U91e6kK+ov42HQ@mail.gmail.com' \
--to=anderson.lizardo@openbossa.org \
--cc=adam@warski.org \
--cc=linux-bluetooth@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.