RDKBWIFI-402: Implement IEEE 1905.1 Backhaul Steering#1035
RDKBWIFI-402: Implement IEEE 1905.1 Backhaul Steering#1035dkyncu wants to merge 2 commits intordkcentral:developfrom
Conversation
Add rbus handler and event processing for backhaul steering requests received from the EasyMesh agent. On receipt, the target mesh backhaul STA VAP is looked up by MAC address and the connection state machine is triggered with the target BSSID.
| wifi_event_type_send_action_frame, | ||
| wifi_event_type_start_channel_scan, | ||
| wifi_event_type_toggle_disconn_steady_state, | ||
| wifi_event_type_backhaul_steer, |
There was a problem hiding this comment.
What is the reason this is added in between? Better to add it before the wifi_event_command_max
There was a problem hiding this comment.
Pull request overview
Implements IEEE 1905.1 backhaul steering support by introducing a new command event and an EasyMesh (EM) RBUS method that triggers the mesh STA connection state machine toward a target BSSID.
Changes:
- Add new command subtype
wifi_event_type_backhaul_steerand string mapping. - Register a new EM RBUS method
Device.WiFi.EM.BackhaulSteerthat forwards steering requests onto the ctrl queue. - Handle the new command in the EM app by locating the mesh STA VAP by MAC and invoking the mesh-ext service state machine using
wifi_event_webconfig_set_data_sta_bssid.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
include/wifi_events.h |
Adds the new command subtype constant. |
source/core/wifi_events.c |
Adds subtype-to-string mapping for logging/debug. |
source/core/wifi_ctrl_queue_handlers.c |
Ensures the controller doesn’t process the new command directly (forwarded to apps). |
source/apps/em/wifi_em.h |
Adds the RBUS method name constant for backhaul steering. |
source/apps/em/wifi_em.c |
Implements RBUS method handler, request parsing, mesh STA VAP lookup, and state machine trigger. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| static wifi_vap_info_t *get_mesh_sta_vap_by_mac(wifi_mgr_t *mgr, unsigned char *mac) | ||
| { | ||
| unsigned int r, i, num_vaps; | ||
|
|
||
| for (r = 0; r < MAX_NUM_RADIOS; r++) { | ||
| num_vaps = mgr->radio_config[r].vaps.vap_map.num_vaps; | ||
| for (i = 0; i < num_vaps; i++) { | ||
| wifi_vap_info_t *v = &mgr->radio_config[r].vaps.vap_map.vap_array[i]; |
There was a problem hiding this comment.
get_mesh_sta_vap_by_mac() dereferences mgr unconditionally (e.g., mgr->radio_config[...]). If get_wifimgr_obj() can return NULL (other EM handlers guard against it), this can crash. Add a NULL check for mgr (and ideally mac) at the top and return NULL early.
| mgr = (wifi_mgr_t *)get_wifimgr_obj(); | ||
|
|
||
| sta_vap = get_mesh_sta_vap_by_mac(mgr, req->bh_sta_mac_addr); | ||
| if (sta_vap == NULL) { | ||
| wifi_util_error_print(WIFI_EM, | ||
| "%s:%d No mesh STA vap found for sta=%s\n", | ||
| __func__, __LINE__, sta_str); | ||
| return; | ||
| } | ||
|
|
||
| wifi_util_info_print(WIFI_EM, | ||
| "%s:%d Mesh STA vap_index=%d ssid='%s' -> target_bssid=%s\n", | ||
| __func__, __LINE__, sta_vap->vap_index, | ||
| sta_vap->u.sta_info.ssid, bssid_str); | ||
|
|
||
| // Trigger the mesh STA connection state machine with the target BSSID. | ||
| steer_vap = *sta_vap; | ||
| memcpy(steer_vap.u.sta_info.bssid, req->target_bssid, sizeof(bssid_t)); | ||
|
|
||
| ctrl = (wifi_ctrl_t *)get_wifictrl_obj(); | ||
| ext_svc = get_svc_by_type(ctrl, vap_svc_type_mesh_ext); | ||
| if (ext_svc == NULL) { |
There was a problem hiding this comment.
em_handle_backhaul_steer() calls get_wifimgr_obj()/get_wifictrl_obj() and then immediately uses the returned pointers. If either returns NULL, this will crash (e.g., in get_mesh_sta_vap_by_mac() / get_svc_by_type()). Add explicit NULL checks for mgr and ctrl before use and fail the request cleanly.
| if (len < sizeof(bh_steering_req_t)) { | ||
| wifi_util_error_print(WIFI_EM, "%s:%d Invalid length %u, expected %zu\n", |
There was a problem hiding this comment.
The length check accepts any payload len >= sizeof(bh_steering_req_t). Because push_event_to_ctrl_queue() allocates len bytes, a caller can send an arbitrarily large raw_data_len and force a large allocation even though only the first bytes are used. Consider requiring an exact size match (or at least enforcing a sane upper bound) and rejecting the request otherwise.
| if (len < sizeof(bh_steering_req_t)) { | |
| wifi_util_error_print(WIFI_EM, "%s:%d Invalid length %u, expected %zu\n", | |
| if (len != sizeof(bh_steering_req_t)) { | |
| wifi_util_error_print(WIFI_EM, "%s:%d Invalid length %u, expected exactly %zu\n", |
| pTmp = (char *)p_data->raw_data.bytes; | ||
| if ((p_data->data_type != bus_data_type_bytes) || (pTmp == NULL)) { | ||
| wifi_util_error_print(WIFI_EM, "%s:%d Wrong bus data_type:%x or null data\n", | ||
| __func__, __LINE__, p_data->data_type); | ||
| return bus_error_invalid_input; | ||
| } | ||
|
|
||
| wifi_util_info_print(WIFI_EM, "%s:%d Pushing event to ctrl queue (len=%u)\n", | ||
| __func__, __LINE__, p_data->raw_data_len); | ||
| push_event_to_ctrl_queue(pTmp, p_data->raw_data_len, wifi_event_type_command, | ||
| wifi_event_type_backhaul_steer, NULL); | ||
|
|
There was a problem hiding this comment.
em_backhaul_steer() dereferences p_data without checking for NULL and forwards raw_data_len directly into the ctrl queue allocation path. Add a NULL check for p_data and validate p_data->raw_data_len (ideally exactly sizeof(bh_steering_req_t)) before calling push_event_to_ctrl_queue() to avoid crashes and excessive allocations.
Add rbus handler and event processing for backhaul steering requests received from the EasyMesh agent. On receipt, the target mesh backhaul STA VAP is looked up by MAC address and the connection state machine is triggered with the target BSSID.