mirror of
https://github.com/espressif/esp-idf.git
synced 2026-04-27 19:13:21 +00:00
Jon Gilmore
25ddfaab1c
The minimum length check in `reassemble_and_dispatch()` applied the START packet minimum (`HCI_ACL_PREAMBLE_SIZE + L2CAP_LENGTH_SIZE` = 8 bytes) to **all** ACL packets, including continuation fragments. Continuation fragments only carry the 4-byte ACL preamble (handle + length) with no L2CAP header, so small but valid continuations (5-7 bytes) were incorrectly rejected as "too short." This caused the first L2CAP PDU in a rapid burst of BLE GATT indications to be silently dropped. The partial reassembly was orphaned, then discarded when the next indication's START fragment arrived, producing: ``` E BT_HCI: ACL packet too short (len=5) W BT_HCI: reassemble_and_dispatch found unfinished packet for handle with start packet. Dropping old. ``` Parse the ACL preamble first (requires only 4 bytes) to determine the boundary flag, then apply the L2CAP length check only to START packets. Continuation packets are now accepted with the correct minimum of `HCI_ACL_PREAMBLE_SIZE` (4 bytes). - ESP32-S3 connected to a BLE peripheral that fragments indications at 40 bytes per L2CAP PDU - Peripheral sends 8+ indications within ~200ms (burst of state changes) - The final continuation fragment of the first indication is small (5-6 bytes after type stripping) - 100% reproducible on every burst; confirmed on ESP-IDF 5.5.3, 5.5.4, and 6.0.0 Verified on ESP32-S3 with a Sub-Zero wall oven (SO3050PESP, firmware 8.5): - **Before fix:** First indication in every burst lost (ACL reassembly failure) - **After fix:** All indications in burst delivered correctly, including when the final continuation fragment is 5-6 bytes Closes https://github.com/espressif/esp-idf/issues/18414