Router::handleReceived stores its allocCopy of the encrypted packet in the
class member p_encrypted. callModules() invokes module replies that re-enter
the router via MeshService::sendToMesh -> Router::sendLocal, which on a
broadcast reply recursively calls handleReceived. The inner call overwrites
the outer's p_encrypted without releasing it; on the way out it nulls the
member, the outer release(p_encrypted) now releases nullptr, and the original
allocation is permanently leaked. ~381 B per recursion.
Promote p_encrypted to a function-local so each invocation owns its own copy
for its full lifetime. The MQTT-publish null check at the call site (added by
PR #9136 as a workaround for this bug) stays in place because allocCopy can
still legitimately return nullptr on packetPool exhaustion.
Copilot's review of PR #8999 (the original introduction) flagged this exact
pattern at merge time:
"Storing p_encrypted as a class member can cause issues with recursive or
concurrent calls to handleReceived() since each call would overwrite the
previous packet pointer."
The historical reason for the member (S&F needing to retain the encrypted
copy across calls) was satisfied differently by PR #9799 (ServerAPI converted
to std::unique_ptr + cleanup on connection close), so the member is no longer
load-bearing.
Reproduces issues #9632 / #10101 / #8729 (heap leak when MeshMonitor
connected; TCP drops on Station G2 / LILYGO ServerAPI dump abort).
Hardware A/B on Station G2 under sustained TCP-API retry storm (open :4403,
request config, disconnect mid-stream, repeat at ~0.6/s) - 9 min run:
| Build | heapFree drift | rebootCount delta |
| this patch | -1.5 KB (noise)| 0 |
| stock 2.7.13 | -73 KB (8.1KB/min) | +1 (OOM crash) |
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: Ben Meadors <benmmeadors@gmail.com>
The "Invalid protobufs (bad psk?)" and "Invalid portnum (bad psk?)"
messages fire every time a neighbor transmits on a channel whose
8-bit hash matches one of ours but the PSK differs. In RF environments
with multiple mesh groups nearby this is routine — a single device
can see dozens of these per minute from SAR/MeshCA/private networks
sharing a hash collision.
LOG_ERROR for a benign "not our PSK" event:
- spams the log when you have any neighboring mesh group
- makes a genuine PSK misconfiguration on YOUR own channel
indistinguishable from the constant cross-channel noise
- hides actual errors in the stream
LOG_DEBUG matches how similar decryption-failure paths are handled
elsewhere (eg. the PKC "decrypt attempted but failed" uses LOG_WARN).
Dropping the trailing "!" as well — these are expected events, not
exceptional ones.
* Deprecate forwarding for invalid hop_start
* Add pre-hop packet drop policy
* Log ignored rebroadcasts for pre-hop packets
* Respect pre-hop policy ALLOW in routing gates
* Exempt local packets from pre-hop drop policy
* Format pre-hop log line
* Add MODERN_ONLY rebroadcast mode for pre-hop packets
* Simplify implementation for drop packet only behaviour
* Revert formatting-only changes
* Match ReliableRouter EOF formatting
* Make pre-hop drop a build-time flag
* Rework to compile/build flag MESHTASTIC_PREHOP_DROP
* Set MESHTASTIC_PREHOP_DROP off by default
* Inline pre-hop hop_start validity check
---------
Co-authored-by: Ben Meadors <benmmeadors@gmail.com>
Co-authored-by: Jord <650645+DivineOmega@users.noreply.github.com>
* Add ESP32 Power Management lessons learned document
Documents our experimentation with ESP-IDF DFS and why it doesn't
work well for Meshtastic (RTOS locks, BLE locks, USB issues).
Proposes simpler alternative: manual setCpuFrequencyMhz() control
with explicit triggers for when to go fast vs slow.
* Addition of traffic management module
* Fixing compile issues, but may still need to update protobufs.
* Fixing log2Floor in cuckoo hash function
* Adding support for traffic management in PhoneAPI.
* Making router_preserve_hops work without checking if the previous hop was a router. Also works for CLIENT_BASE.
* Adding station-g2 and portduino varients to be able to use this module.
* Spoofing from address for nodeinfo cache
* Changing name and behavior for zero_hop_telemetry / zero_hop_position
* Name change for exhausting telemetry packets and setting hop_limit to 1 so it will be 0 when sent.
* Updated hop logic, including exhaustRequested flag to bypass some checks later in the code.
* Reducing memory on nrf52 nodes further to 12 bytes per entry, 12KB total using 8 bit hashes with 0.4% collision. Probably ok. Adding portduino to the platforms that don't need to worry about memory as much.
* Fixing hopsAway for nodeinfo responses.
* traffic_management.nodeinfo_direct_response_min_hops -> traffic_management.nodeinfo_direct_response_max_hops
* Removing dry run mode
* Updates to UnifiedCacheEntry to use a common cache, created defaults for some values, reduced a couple bytes per entry by using a resolution-scale time selection based on configuration value.
* Enhance traffic management logging and configuration. Updated log messages in NextHopRouter and Router to include more context. Adjusted traffic management configuration checks in AdminModule and improved cache handling in TrafficManagementModule. Ensured consistent enabling of traffic management across various variants.
* Implement destructor for TrafficManagementModule and improve cache allocation handling. The destructor ensures proper deallocation of cache memory based on its allocation source (PSRAM or heap). Additionally, updated cache allocation logic to log warnings only when PSRAM allocation fails.
* Update TrafficManagementModule with enhanced comments for clarity and improve cache handling logic. Update protobuf submodule to latest commit.
* Creating consistent log messages
* Remove docs/ESP32_Power_Management.md from traffic_module
* Add unit tests for Traffic Management Module functionality
* Fixing compile issues, but may still need to update protobufs.
* Adding support for traffic management in PhoneAPI.
* Making router_preserve_hops work without checking if the previous hop was a router. Also works for CLIENT_BASE.
* Enhance traffic management logging and configuration. Updated log messages in NextHopRouter and Router to include more context. Adjusted traffic management configuration checks in AdminModule and improved cache handling in TrafficManagementModule. Ensured consistent enabling of traffic management across various variants.
* Implement destructor for TrafficManagementModule and improve cache allocation handling. The destructor ensures proper deallocation of cache memory based on its allocation source (PSRAM or heap). Additionally, updated cache allocation logic to log warnings only when PSRAM allocation fails.
* Update TrafficManagementModule with enhanced comments for clarity and improve cache handling logic. Update protobuf submodule to latest commit.
* Add mock classes and unit tests for Traffic Management Module functionality.
* Refactor setup and loop functions in test_main.cpp to include extern "C" linkage
* Update comment to include reduced memory requirements
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Re-arranging comments for programmers with the attention span of less than 5 lines of code.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Update comments in TrafficManagementModule to reflect changes in timestamp epoch handling and memory optimization details.
* bug: Use node-wide config_ok_to_mqtt setting for cached NodeInfo replies.
* Better way to handle clearing the ok_to_mqtt bit
* Add bucketing to cuckoo hashing, allowing for 95% occupied rate before major eviction problems.
* Extend nodeinfo cache for psram devices.
* Refactor traffic management to make hop exhaustion packet-scoped. Nice catch.
* Implement better position precision sanitization in TrafficManagementModule.
* Added logic in TrafficManagementModule to invalidate stale traffic state. Also, added some tests to avoid future me from creating a regression here.
* Fixing tests for native
* Enhance TrafficManagementModule to improve NodeInfo response handling and position deduplication logic. Added tests to ensure local packets bypass transit filters and that NodeInfo requests correctly update the requester information in the cache. Updated deduplication checks to prevent dropping valid position packets under certain conditions.
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
I thought git would be smart enough to understand all the whitespace changes but even with all the flags I know to make it ignore theses it still blows up if there are identical changes on both sides.
I have a solution but it require creating a new commit at the merge base for each conflicting PR and merging it into develop.
I don't think blowing up all PRs is worth for now, maybe if we can coordinate this for V3 let's say.
This reverts commit 0d11331d18.
* Add null check for p_encrypted before MQTT publish
A user on BayMesh observed a strange crash in MQTT::onSend that seemed to be a null pointer dereference of this value.
* Trunk
* Calculate hops correctly even when hop_start==0.
* Use the same type (int8_t) in the loop, avoiding signed/unsigned mismatches.
* Clarify defaultIfUnknown is returned for encrypted packets.
* Calculate hops correctly even when hop_start==0.
* Use the same type (int8_t) in the loop, avoiding signed/unsigned mismatches.
* Clarify defaultIfUnknown is returned for encrypted packets.
* RoutingModule::sendAckNak takes ackWantsAck arg to set want_ack on the ACK itself
* Use reliable delivery for traceroute requests (which will be copied to traceroute responses by setReplyTo)
* Update ReliableRouter::sniffReceived to use ReliableRouter::shouldSuccessAckWithWantAck
* Use isFromUs
* Update MockRoutingModule::sendAckNak to include ackWantsAck argument (currently ignored)
---------
Co-authored-by: Ben Meadors <benmmeadors@gmail.com>
* feat: implement router hop preservation for router-to-router communication
- Preserve hop_limit when both local device and previous relay are routers/CLIENT_BASE
- Only preserve hops for favorite routers to prevent abuse
- Apply to both FloodingRouter and NextHopRouter
- Update hop counting logic in MeshService for router-to-router communication
This allows routers to communicate over longer distances without
consuming hop limits, improving mesh network efficiency for
infrastructure nodes.
* chore: update protobufs submodule to latest
* Optimized to check friend list first before nodedb.
* Reverting unintended changes
* revert: remove protobufs submodule update
This reverts the protobufs submodule back to a84657c22 to remove
unintended changes from this branch.
* Slight rewrite to remove flawed NO_RELAY_NODE logic and added logic to add isFirstHop. If isFirstHop, always decrease hop_limit to avoid retry logic.
* DRY code. Remove NodeInfo logic that was left over.
* Trunk formatting
* Added compatibility between nodes on different Presets through `Mesh via UDP`
* Optimize multicast handling and channel mapping
- FloodingRouter: remove redundant UDP-encrypted rebroadcast suppression.
- Router: guard multicast fallback with HAS_UDP_MULTICAST and map fallback-decoded packets
to the local default channel via isDefaultChannel()
- UdpMulticastHandler: set transport_mechanism only after successful decode
* trunk fmt
* Move setting transport mechanism.
---------
Co-authored-by: GUVWAF <thijs@havinga.eu>
* Start portduino_config refactor
* refactor GPIOs to new portduino_config
* More portduino_config work
* More conversion to portduino_config
* Finish portduino_config transition
* trunk
* yaml output work
* Simplify the GPIO config
* Trunk
* treewide: make 'ifdef DEBUG_PORT' guards also take into account DEBUG_MUTE
* stm32wl: Add a guard against having debug prints turned on without PIO_FRAMEWORK_ARDUINO_NANOLIB_FLOAT_PRINTF defined
---------
Co-authored-by: Ben Meadors <benmmeadors@gmail.com>
* Wipe keys if low entropy
* Client Notification Payload variant
* Don't call service before it's created
* Lucky Number 14
* Catch for low-entropy keys even before region is set
