From: Keith Packard <keithp@keithp.com>
To: Johan Hedberg <johan.hedberg@gmail.com>, Waldemar.Rymarkiewicz@tieto.com
Cc: padovan@profusion.mobi, marcel@holtmann.org,
linux-bluetooth@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: Regression caused by "Bluetooth: Map sec_level to link key requirements"
Date: Thu, 09 Jun 2011 10:01:17 -0700 [thread overview]
Message-ID: <yuny61b3pnm.fsf@aiko.keithp.com> (raw)
In-Reply-To: <20110609083345.GA2894@dell.ccr.corp.intel.com>
[-- Attachment #1: Type: text/plain, Size: 4535 bytes --]
On Thu, 9 Jun 2011 17:33:45 +0900, Johan Hedberg <johan.hedberg@gmail.com> wrote:
> The patch was not only fine but actually *needed* by the BITE. So
> reverting it will make some qualification tests fail.
Yeah, it seemed pretty obvious that the patch added some useful security
checks.
> There's no DUN support in the N900 by default and the only package I'm
> aware that provides it uses the command line rfcomm tool with high
> security on the socket to block just-works SSP pairing (since the rfcomm
> tool doesn't use the authorization framework to guarantee a user pop-up
> dialog). The SyncML code I can't comment on since I haven't seen it.
Service Name: Dial-Up Networking
Service RecHandle: 0x10000
Service Class ID List:
"Dialup Networking" (0x1103)
"Generic Networking" (0x1201)
Protocol Descriptor List:
"L2CAP" (0x0100)
"RFCOMM" (0x0003)
Channel: 1
Profile Descriptor List:
"Dialup Networking" (0x1103)
Version: 0x0100
> So potentially this might be limited to high security sockets.
> Speculating further, if the device connecting to the N900 has a pre-2.1
> Bluetooth controller this could simply be about not having a 16-digit
> PIN which high security services require.
> So could whoever is able to
> reproduce the issue try repairing and entering a 16-digit PIN to see if
> the problem goes away?
I re-pair'ed using a manually entered a 16 digit pin, but now DUN setup
doesn't succeed at all.
> And if this is in fact the case then the kernel
> code is working exactly as it should; the only issue is that these
> services should really be using medium security level instead of high.
I cannot figure out how to reconfigure things so that they work again.
> hcidump -Rt > foo.log from your test session will help as well
here's a dump of trying to start the syncml session:
HCI sniffer - Bluetooth packet analyzer ver 2.0
device: hci0 snap_len: 1028 filter: 0xffffffff
2011-06-09 09:36:27.729606 < 01 05 04 0D 6E F5 C1 5B 9B EC 18 CC 02 00 00 00 01
2011-06-09 09:36:27.731045 > 04 0F 04 00 01 05 04
2011-06-09 09:36:28.281075 > 04 12 08 00 6E F5 C1 5B 9B EC 01
2011-06-09 09:36:28.435069 > 04 03 0B 00 0C 00 6E F5 C1 5B 9B EC 01 00
2011-06-09 09:36:28.435115 < 01 1B 04 02 0C 00
2011-06-09 09:36:28.437015 > 04 1B 03 0C 00 05
2011-06-09 09:36:28.438023 > 04 0F 04 00 01 1B 04
2011-06-09 09:36:28.439017 > 04 0B 0B 00 0C 00 BF EE 0F C6 98 3D 59 82
2011-06-09 09:36:28.439051 < 01 1C 04 03 0C 00 01
2011-06-09 09:36:28.441060 > 04 1B 03 0C 00 03
2011-06-09 09:36:28.443060 > 04 0F 04 00 01 1C 04
2011-06-09 09:36:28.448100 > 04 23 0D 00 0C 00 01 01 01 00 00 00 00 00 00 00
2011-06-09 09:36:28.448133 < 01 19 04 0A 6E F5 C1 5B 9B EC 02 00 00 00
2011-06-09 09:36:28.450059 > 04 0F 04 00 01 19 04
2011-06-09 09:36:28.470089 > 04 07 FF 00 6E F5 C1 5B 9B EC 6E 61 6D 69 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2011-06-09 09:36:28.470129 < 01 11 04 02 0C 00
2011-06-09 09:36:28.472099 > 04 0F 04 00 01 11 04
2011-06-09 09:36:28.473061 > 04 17 06 6E F5 C1 5B 9B EC
2011-06-09 09:36:28.473193 < 01 0B 04 16 6E F5 C1 5B 9B EC CC CB 2A 77 3C 2E 5E 6B 75 87
67 EC 03 40 67 8E
2011-06-09 09:36:28.485125 > 04 0E 0A 01 0B 04 00 6E F5 C1 5B 9B EC
2011-06-09 09:36:28.503097 > 04 06 03 00 0C 00
2011-06-09 09:36:28.503134 < 01 13 04 03 0C 00 01
2011-06-09 09:36:28.505069 > 04 0F 04 00 01 13 04
2011-06-09 09:36:28.533086 > 04 08 04 00 0C 00 01
2011-06-09 09:36:28.533133 < 02 0C 00 0A 00 06 00 01 00 0A 01 02 00 02 00
2011-06-09 09:36:28.539338 > 02 0C 20 10 00 0C 00 01 00 0B 01 08 00 02 00 00 00 00 00 00
00
2011-06-09 09:36:28.672083 > 04 13 05 01 0C 00 01 00
2011-06-09 09:36:36.509207 > 04 05 04 00 0C 00 13
--
keith.packard@intel.com
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2011-06-09 17:01 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-09 7:20 Regression caused by "Bluetooth: Map sec_level to link key requirements" Keith Packard
2011-06-09 7:59 ` Waldemar.Rymarkiewicz
2011-06-09 7:59 ` Waldemar.Rymarkiewicz
2011-06-09 8:33 ` Johan Hedberg
2011-06-09 17:01 ` Keith Packard [this message]
2011-06-09 17:11 ` Waldemar.Rymarkiewicz
2011-06-09 17:11 ` Waldemar.Rymarkiewicz
2011-06-10 5:55 ` Johan Hedberg
2011-06-10 5:58 ` Luiz Augusto von Dentz
2011-06-19 11:11 ` Keith Packard
2011-06-19 17:59 ` Johan Hedberg
2011-06-19 19:01 ` Keith Packard
2011-06-25 5:45 ` Jeremy Fitzhardinge
2011-06-25 19:40 ` Gustavo F. Padovan
2011-06-09 8:02 ` Waldemar.Rymarkiewicz
2011-06-09 8:02 ` Waldemar.Rymarkiewicz
2011-06-09 17:04 ` Keith Packard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=yuny61b3pnm.fsf@aiko.keithp.com \
--to=keithp@keithp.com \
--cc=Waldemar.Rymarkiewicz@tieto.com \
--cc=johan.hedberg@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=padovan@profusion.mobi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.