From e091b4301e90509a6f030a3d8fa7c75687590075 Mon Sep 17 00:00:00 2001 From: Tony Date: Tue, 19 May 2026 08:16:28 +0800 Subject: [PATCH] fix(gateway): enable KNX security device endpoints and enhance tunnel frame handling Signed-off-by: Tony --- apps/gateway/sdkconfig | 2 +- components/gateway_knx/src/ets_device_runtime.cpp | 9 +++++++++ knx | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/apps/gateway/sdkconfig b/apps/gateway/sdkconfig index 2afcd3f..a60e537 100644 --- a/apps/gateway/sdkconfig +++ b/apps/gateway/sdkconfig @@ -674,7 +674,7 @@ CONFIG_GATEWAY_KNX_BRIDGE_SUPPORTED=y CONFIG_GATEWAY_START_KNX_BRIDGE_ENABLED=y CONFIG_GATEWAY_KNX_DATA_SECURE_SUPPORTED=y # CONFIG_GATEWAY_KNX_IP_SECURE_SUPPORTED is not set -# CONFIG_GATEWAY_KNX_SECURITY_DEV_ENDPOINTS is not set +CONFIG_GATEWAY_KNX_SECURITY_DEV_ENDPOINTS=y CONFIG_GATEWAY_KNX_SECURITY_PLAIN_NVS=y CONFIG_GATEWAY_KNX_OEM_MANUFACTURER_ID=0x01e5 CONFIG_GATEWAY_KNX_OEM_HARDWARE_ID=0xa401 diff --git a/components/gateway_knx/src/ets_device_runtime.cpp b/components/gateway_knx/src/ets_device_runtime.cpp index 21abca0..df262c6 100644 --- a/components/gateway_knx/src/ets_device_runtime.cpp +++ b/components/gateway_knx/src/ets_device_runtime.cpp @@ -123,6 +123,7 @@ EtsDeviceRuntime::EtsDeviceRuntime(std::string nvs_namespace, } ESP_LOGI("gateway_knx", "OpenKNX loading memory namespace=%s", nvs_namespace_.c_str()); device_.readMemory(); + ApplyReg1DaliIdentity(device_, platform_); installGroupObjectCallbacks(); if (!IsUsableIndividualAddress(device_.deviceObject().individualAddress()) && IsUsableIndividualAddress(fallback_individual_address)) { @@ -520,6 +521,14 @@ bool EtsDeviceRuntime::shouldConsumeTunnelFrame(CemiFrame& frame) const { const uint16_t client_address = tunnelClientAddress(); const bool commissioning = !const_cast(device_).configured() || programmingMode(); + // KNX Data Secure setup uses tool-access sync frames on group-address 0. + // Consume those locally so the secure layer can emit its response back on + // the active tunnel instead of forwarding the request to TP-UART only. + if (frame.addressType() == GroupAddress && dest == 0x0000 && + frame.apdu().type() == SecureService) { + return true; + } + if (frame.addressType() == IndividualAddress) { if (dest == own_address || dest == client_address || (commissioning && dest == kKnxUnconfiguredBroadcastAddress)) { diff --git a/knx b/knx index aaeb08f..dac61e2 160000 --- a/knx +++ b/knx @@ -1 +1 @@ -Subproject commit aaeb08f23272beadd18bd7ecbb90fdbc36a0d3a1 +Subproject commit dac61e2707fcded1960d7dd416fb17b630e3b844