It seems like the API is broken, at least in the case where multiple connections are allowed. AFAIK param->idx is supposed to identify the index of the active connection to which the IRK request applies, but when the remote device is recognized, 0xFF is passed instead, so the IRK request indication handler has no way of knowing which connection to get the peer address from. This bug bit me when I tried to connect from an iOS device that had been previously bonded: connections would repeatedly get set up and fail, with perhaps 100ms period, and after a few seconds of this the QN9021 would crash in a way I haven't been able to diagnose.
Since my application only needs to allow one connection at a time, meaning the correct connection index has to be 0, I implemented a workaround. Here's the patch for system/app/task/smp/app_smp_task.c:
@@ -312,6 +312,11 @@
*
****************************************************************************************
*/
+
+#if BLE_CONNECTION_MAX > 1
+# error "Workaround for https://community.nxp.com/thread/429593 can fail if more than one connection is allowed"
+#endif
+
#if (QN_SECURITY_ON)
int app_smpc_irk_req_ind_handler(ke_msg_id_t const msgid, struct smpc_irk_req_ind const *param,
ke_task_id_t const dest_id, ke_task_id_t const src_id)
@@ -325,7 +330,7 @@
{
- app_env.bonded_info[app_env.irk_pos - 1].peer_addr = app_env.dev_rec[param->idx].bonded_info.peer_addr;
+ app_env.bonded_info[app_env.irk_pos - 1].peer_addr = app_env.dev_rec[0].bonded_info.peer_addr;
app_env.irk_pos = 0;
return (KE_MSG_CONSUMED);
}
