Merge branch 'master' into nodenum-consistency

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.github/actions/setup-base/action.yml

@@ -5,7 +5,7 @@ runs:
   using: composite
   steps:
     - name: Checkout code
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
       with:
         submodules: recursive
         ref: ${{github.event.pull_request.head.ref}}

.github/workflows/build_debian_src.yml

@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           submodules: recursive
           path: meshtasticd

.github/workflows/build_firmware.yml

@@ -20,7 +20,7 @@ jobs:
     name: build-${{ inputs.platform }}
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           submodules: recursive
           ref: ${{github.event.pull_request.head.ref}}

.github/workflows/docker_build.yml

@@ -47,7 +47,7 @@ jobs:
     runs-on: ${{ inputs.runs-on }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           submodules: recursive
           ref: ${{github.event.pull_request.head.ref}}

.github/workflows/docker_manifest.yml

@@ -83,7 +83,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           submodules: recursive
           ref: ${{github.event.pull_request.head.ref}}

.github/workflows/hook_copr.yml

@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           submodules: recursive
           ref: ${{ github.ref }}

.github/workflows/main_matrix.yml

@@ -42,7 +42,7 @@ jobs:
           - check
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: actions/setup-python@v5
         with:
           python-version: 3.x
@@ -72,7 +72,7 @@ jobs:
   version:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Get release version string
         run: |
           echo "long=$(./bin/buildinfo.py long)" >> $GITHUB_OUTPUT
@@ -93,7 +93,7 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.event_name != 'workflow_dispatch' }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Build base
         id: base
         uses: ./.github/actions/setup-base
@@ -288,7 +288,7 @@ jobs:
       ]
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{github.event.pull_request.head.ref}}
           repository: ${{github.event.pull_request.head.repo.full_name}}
@@ -367,7 +367,7 @@ jobs:
       - package-pio-deps-native-tft
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python
         uses: actions/setup-python@v5
@@ -436,7 +436,7 @@ jobs:
     needs: [release-artifacts, version]
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python
         uses: actions/setup-python@v5
@@ -491,7 +491,7 @@ jobs:
         esp32,esp32s3,esp32c3,esp32c6,nrf52840,rp2040,rp2350,stm32
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python
         uses: actions/setup-python@v5

.github/workflows/nightly.yml

@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Trunk Check
         uses: trunk-io/trunk-action@v1
@@ -31,7 +31,7 @@ jobs:
       pull-requests: write # For trunk to create PRs
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Trunk Upgrade
         uses: trunk-io/trunk-action/upgrade@v1

.github/workflows/package_obs.yml

@@ -34,7 +34,7 @@ jobs:
     needs: build-debian-src
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           submodules: recursive
           path: meshtasticd

.github/workflows/package_pio_deps.yml

@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           submodules: recursive
           ref: ${{github.event.pull_request.head.ref}}

.github/workflows/package_ppa.yml

@@ -32,7 +32,7 @@ jobs:
     needs: build-debian-src
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           submodules: recursive
           path: meshtasticd

.github/workflows/release_channels.yml

@@ -60,7 +60,7 @@ jobs:
         shell: bash
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python
         uses: actions/setup-python@v5

.github/workflows/sec_sast_semgrep_cron.yml

@@ -21,7 +21,7 @@ jobs:
     steps:
       # step 1
       - name: clone application source code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       # step 2
       - name: full scan

.github/workflows/sec_sast_semgrep_pull.yml

@@ -13,7 +13,7 @@ jobs:
     steps:
       # step 1
       - name: clone application source code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 

.github/workflows/test_native.yml

@@ -14,7 +14,7 @@ jobs:
     name: Native Simulator Tests
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           ref: ${{github.event.pull_request.head.ref}}
           repository: ${{github.event.pull_request.head.repo.full_name}}
@@ -70,7 +70,7 @@ jobs:
     name: Native PlatformIO Tests
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           ref: ${{github.event.pull_request.head.ref}}
           repository: ${{github.event.pull_request.head.repo.full_name}}
@@ -127,7 +127,7 @@ jobs:
       - platformio-tests
     if: always()
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           ref: ${{github.event.pull_request.head.ref}}
           repository: ${{github.event.pull_request.head.repo.full_name}}

.github/workflows/tests.yml

@@ -20,7 +20,7 @@ jobs:
     runs-on: test-runner
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       # - uses: actions/setup-python@v5
       #   with:

.github/workflows/trunk_annotate_pr.yml

@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Trunk Check
         uses: trunk-io/trunk-action@v1

.github/workflows/trunk_check.yml

@@ -16,7 +16,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Trunk Check
         uses: trunk-io/trunk-action@v1

.github/workflows/trunk_format_pr.yml

@@ -15,7 +15,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{github.event.pull_request.head.ref}}
           repository: ${{github.event.pull_request.head.repo.full_name}}

.github/workflows/update_protobufs.yml

@@ -11,7 +11,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           submodules: true
 

bin/org.meshtastic.meshtasticd.metainfo.xml

@@ -87,6 +87,9 @@
   </screenshots>
 
   <releases>
+    <release version="2.7.5" date="2025-08-09">
+      <url type="details">https://github.com/meshtastic/firmware/releases?q=tag%3Av2.7.5</url>
+    </release>
     <release version="2.7.4" date="2025-07-19">
       <url type="details">https://github.com/meshtastic/firmware/releases?q=tag%3Av2.7.4</url>
     </release>

debian/changelog

@@ -1,4 +1,4 @@
-meshtasticd (2.7.4.0) UNRELEASED; urgency=medium
+meshtasticd (2.7.5.0) UNRELEASED; urgency=medium
 
   [ Austin Lane ]
   * Initial packaging
@@ -34,4 +34,7 @@ meshtasticd (2.7.4.0) UNRELEASED; urgency=medium
   [  ]
   * GitHub Actions Automatic version bump
 
- --  <github-actions[bot]@users.noreply.github.com>  Sat, 19 Jul 2025 11:36:55 +0000
+  [  ]
+  * GitHub Actions Automatic version bump
+
+ --  <github-actions[bot]@users.noreply.github.com>  Sat, 09 Aug 2025 12:46:53 +0000

platformio.ini

@@ -110,7 +110,7 @@ lib_deps =
 [device-ui_base]
 lib_deps =
 	# renovate: datasource=git-refs depName=meshtastic/device-ui packageName=https://github.com/meshtastic/device-ui gitBranch=master
-	https://github.com/meshtastic/device-ui/archive/d044c01e87583867011991a96f926e4e929d8a93.zip
+	https://github.com/meshtastic/device-ui/archive/0cd108ff783539e41ef38258ba2784ab3b1bdc97.zip
 
 ; Common libs for environmental measurements in telemetry module
 [environmental_base]

src/mesh/NodeDB.cpp

@@ -985,8 +985,9 @@ void NodeDB::resetNodes()
 
 void NodeDB::removeNodeByNum(NodeNum nodeNum)
 {
-    int newPos = 0, removed = 0;
-    for (int i = 0; i < numMeshNodes; i++) {
+    // Don't remove the own node at position 0
+    int newPos = 1, removed = 0;
+    for (int i = 1; i < numMeshNodes; i++) {
         if (meshNodes->at(i).num != nodeNum)
             meshNodes->at(newPos++) = meshNodes->at(i);
         else
@@ -1082,18 +1083,16 @@ void NodeDB::pickNewNodeNum()
     }
 
     meshtastic_NodeInfoLite *found;
-    while (((found = getMeshNode(nodeNum)) && memcmp(found->user.macaddr, ourMacAddr, sizeof(ourMacAddr)) != 0) ||
-           (nodeNum == NODENUM_BROADCAST || nodeNum < NUM_RESERVED)) {
-        NodeNum candidate = random(NUM_RESERVED, LONG_MAX); // try a new random choice
-        if (found)
-            LOG_WARN("NOTE! Our desired nodenum 0x%x is invalid or in use, by MAC ending in 0x%02x%02x vs our 0x%02x%02x, so "
-                     "trying for 0x%x",
-                     nodeNum, found->user.macaddr[4], found->user.macaddr[5], ourMacAddr[4], ourMacAddr[5], candidate);
-        nodeNum = candidate;
+    if (((found = getMeshNode(nodeNum)) && memcmp(found->user.macaddr, ourMacAddr, sizeof(ourMacAddr)) != 0) ||
+        (nodeNum == NODENUM_BROADCAST || nodeNum < NUM_RESERVED)) {
+        NodeNum newNodeNum = (ourMacAddr[2] << 24) | (ourMacAddr[3] << 16) | (ourMacAddr[4] << 8) | ourMacAddr[5];
+        LOG_WARN("NOTE! Our saved nodenum 0x%x is invalid or in use. Using 0x%x", nodeNum, newNodeNum);
+        nodeNum = newNodeNum;
     }
     LOG_DEBUG("Use nodenum 0x%x ", nodeNum);
 
     myNodeInfo.my_node_num = nodeNum;
+    removeNodeByNum(nodeNum); // Since we skip 0, this should only ever remove outside matches.
 }
 
 /** Load a protobuf from a file, return LoadFileResult */
@@ -1689,10 +1688,10 @@ bool NodeDB::updateUser(uint32_t nodeId, meshtastic_User &p, uint8_t channelInde
 /// we updateGUI and updateGUIforNode if we think our this change is big enough for a redraw
 void NodeDB::updateFrom(const meshtastic_MeshPacket &mp)
 {
-    // if (mp.from == getNodeNum()) {
-    //     LOG_DEBUG("Ignore update from self");
-    //     return;
-    // }
+    if (mp.transport_mechanism != meshtastic_MeshPacket_TransportMechanism_TRANSPORT_API && mp.from == getNodeNum()) {
+        LOG_DEBUG("Ignore update from self");
+        return;
+    }
     if (mp.which_payload_variant == meshtastic_MeshPacket_decoded_tag && mp.from) {
         LOG_DEBUG("Update DB node 0x%x, rx_time=%u", mp.from, mp.rx_time);
 

src/mesh/api/PacketAPI.cpp

@@ -70,7 +70,7 @@ bool PacketAPI::receivePacket(void)
             break;
         }
         case meshtastic_ToRadio_heartbeat_tag:
-            if (mr->heartbeat.dummy_field == 1) {
+            if (mr->heartbeat.nonce == 1) {
                 if (nodeInfoModule) {
                     LOG_INFO("Broadcasting nodeinfo ping");
                     nodeInfoModule->sendOurNodeInfo(NODENUM_BROADCAST, true, 0, true);

src/mesh/generated/meshtastic/deviceonly.pb.h

@@ -362,7 +362,7 @@ extern const pb_msgdesc_t meshtastic_BackupPreferences_msg;
 #define MESHTASTIC_MESHTASTIC_DEVICEONLY_PB_H_MAX_SIZE meshtastic_BackupPreferences_size
 #define meshtastic_BackupPreferences_size        2271
 #define meshtastic_ChannelFile_size              718
-#define meshtastic_DeviceState_size              1728
+#define meshtastic_DeviceState_size              1737
 #define meshtastic_NodeInfoLite_size             196
 #define meshtastic_PositionLite_size             28
 #define meshtastic_UserLite_size                 98

src/mesh/generated/meshtastic/mesh.pb.cpp

@@ -119,6 +119,8 @@ PB_BIND(meshtastic_ChunkedPayloadResponse, meshtastic_ChunkedPayloadResponse, AU
 
 
 
+
+
 
 
 

src/mesh/generated/meshtastic/mesh.pb.h

@@ -509,6 +509,26 @@ typedef enum _meshtastic_MeshPacket_Delayed {
     meshtastic_MeshPacket_Delayed_DELAYED_DIRECT = 2
 } meshtastic_MeshPacket_Delayed;
 
+/* Enum to identify which transport mechanism this packet arrived over */
+typedef enum _meshtastic_MeshPacket_TransportMechanism {
+    /* The default case is that the node generated a packet itself */
+    meshtastic_MeshPacket_TransportMechanism_TRANSPORT_INTERNAL = 0,
+    /* Arrived via the primary LoRa radio */
+    meshtastic_MeshPacket_TransportMechanism_TRANSPORT_LORA = 1,
+    /* Arrived via a secondary LoRa radio */
+    meshtastic_MeshPacket_TransportMechanism_TRANSPORT_LORA_ALT1 = 2,
+    /* Arrived via a tertiary LoRa radio */
+    meshtastic_MeshPacket_TransportMechanism_TRANSPORT_LORA_ALT2 = 3,
+    /* Arrived via a quaternary LoRa radio */
+    meshtastic_MeshPacket_TransportMechanism_TRANSPORT_LORA_ALT3 = 4,
+    /* Arrived via an MQTT connection */
+    meshtastic_MeshPacket_TransportMechanism_TRANSPORT_MQTT = 5,
+    /* Arrived via Multicast UDP */
+    meshtastic_MeshPacket_TransportMechanism_TRANSPORT_MULTICAST_UDP = 6,
+    /* Arrived via API connection */
+    meshtastic_MeshPacket_TransportMechanism_TRANSPORT_API = 7
+} meshtastic_MeshPacket_TransportMechanism;
+
 /* Log levels, chosen to match python logging conventions. */
 typedef enum _meshtastic_LogRecord_Level {
     /* Log levels, chosen to match python logging conventions. */
@@ -863,6 +883,8 @@ typedef struct _meshtastic_MeshPacket {
  Timestamp after which this packet may be sent.
  Set by the firmware internally, clients are not supposed to set this. */
     uint32_t tx_after;
+    /* Indicates which transport mechanism this packet arrived over */
+    meshtastic_MeshPacket_TransportMechanism transport_mechanism;
 } meshtastic_MeshPacket;
 
 /* The bluetooth to device link:
@@ -1149,7 +1171,8 @@ typedef struct _meshtastic_FromRadio {
 /* A heartbeat message is sent to the node from the client to keep the connection alive.
  This is currently only needed to keep serial connections alive, but can be used by any PhoneAPI. */
 typedef struct _meshtastic_Heartbeat {
-    char dummy_field;
+    /* The nonce of the heartbeat message */
+    uint32_t nonce;
 } meshtastic_Heartbeat;
 
 /* Packets/commands to the radio will be written (reliably) to the toRadio characteristic.
@@ -1267,6 +1290,10 @@ extern "C" {
 #define _meshtastic_MeshPacket_Delayed_MAX meshtastic_MeshPacket_Delayed_DELAYED_DIRECT
 #define _meshtastic_MeshPacket_Delayed_ARRAYSIZE ((meshtastic_MeshPacket_Delayed)(meshtastic_MeshPacket_Delayed_DELAYED_DIRECT+1))
 
+#define _meshtastic_MeshPacket_TransportMechanism_MIN meshtastic_MeshPacket_TransportMechanism_TRANSPORT_INTERNAL
+#define _meshtastic_MeshPacket_TransportMechanism_MAX meshtastic_MeshPacket_TransportMechanism_TRANSPORT_API
+#define _meshtastic_MeshPacket_TransportMechanism_ARRAYSIZE ((meshtastic_MeshPacket_TransportMechanism)(meshtastic_MeshPacket_TransportMechanism_TRANSPORT_API+1))
+
 #define _meshtastic_LogRecord_Level_MIN meshtastic_LogRecord_Level_UNSET
 #define _meshtastic_LogRecord_Level_MAX meshtastic_LogRecord_Level_CRITICAL
 #define _meshtastic_LogRecord_Level_ARRAYSIZE ((meshtastic_LogRecord_Level)(meshtastic_LogRecord_Level_CRITICAL+1))
@@ -1287,6 +1314,7 @@ extern "C" {
 
 #define meshtastic_MeshPacket_priority_ENUMTYPE meshtastic_MeshPacket_Priority
 #define meshtastic_MeshPacket_delayed_ENUMTYPE meshtastic_MeshPacket_Delayed
+#define meshtastic_MeshPacket_transport_mechanism_ENUMTYPE meshtastic_MeshPacket_TransportMechanism
 
 
 #define meshtastic_MyNodeInfo_firmware_edition_ENUMTYPE meshtastic_FirmwareEdition
@@ -1326,7 +1354,7 @@ extern "C" {
 #define meshtastic_KeyVerification_init_default  {0, {0, {0}}, {0, {0}}}
 #define meshtastic_Waypoint_init_default         {0, false, 0, false, 0, 0, 0, "", "", 0}
 #define meshtastic_MqttClientProxyMessage_init_default {"", 0, {{0, {0}}}, 0}
-#define meshtastic_MeshPacket_init_default       {0, 0, 0, 0, {meshtastic_Data_init_default}, 0, 0, 0, 0, 0, _meshtastic_MeshPacket_Priority_MIN, 0, _meshtastic_MeshPacket_Delayed_MIN, 0, 0, {0, {0}}, 0, 0, 0, 0}
+#define meshtastic_MeshPacket_init_default       {0, 0, 0, 0, {meshtastic_Data_init_default}, 0, 0, 0, 0, 0, _meshtastic_MeshPacket_Priority_MIN, 0, _meshtastic_MeshPacket_Delayed_MIN, 0, 0, {0, {0}}, 0, 0, 0, 0, _meshtastic_MeshPacket_TransportMechanism_MIN}
 #define meshtastic_NodeInfo_init_default         {0, false, meshtastic_User_init_default, false, meshtastic_Position_init_default, 0, 0, false, meshtastic_DeviceMetrics_init_default, 0, 0, false, 0, 0, 0, 0}
 #define meshtastic_MyNodeInfo_init_default       {0, 0, 0, {0, {0}}, "", _meshtastic_FirmwareEdition_MIN, 0}
 #define meshtastic_LogRecord_init_default        {"", 0, "", _meshtastic_LogRecord_Level_MIN}
@@ -1357,7 +1385,7 @@ extern "C" {
 #define meshtastic_KeyVerification_init_zero     {0, {0, {0}}, {0, {0}}}
 #define meshtastic_Waypoint_init_zero            {0, false, 0, false, 0, 0, 0, "", "", 0}
 #define meshtastic_MqttClientProxyMessage_init_zero {"", 0, {{0, {0}}}, 0}
-#define meshtastic_MeshPacket_init_zero          {0, 0, 0, 0, {meshtastic_Data_init_zero}, 0, 0, 0, 0, 0, _meshtastic_MeshPacket_Priority_MIN, 0, _meshtastic_MeshPacket_Delayed_MIN, 0, 0, {0, {0}}, 0, 0, 0, 0}
+#define meshtastic_MeshPacket_init_zero          {0, 0, 0, 0, {meshtastic_Data_init_zero}, 0, 0, 0, 0, 0, _meshtastic_MeshPacket_Priority_MIN, 0, _meshtastic_MeshPacket_Delayed_MIN, 0, 0, {0, {0}}, 0, 0, 0, 0, _meshtastic_MeshPacket_TransportMechanism_MIN}
 #define meshtastic_NodeInfo_init_zero            {0, false, meshtastic_User_init_zero, false, meshtastic_Position_init_zero, 0, 0, false, meshtastic_DeviceMetrics_init_zero, 0, 0, false, 0, 0, 0, 0}
 #define meshtastic_MyNodeInfo_init_zero          {0, 0, 0, {0, {0}}, "", _meshtastic_FirmwareEdition_MIN, 0}
 #define meshtastic_LogRecord_init_zero           {"", 0, "", _meshtastic_LogRecord_Level_MIN}
@@ -1465,6 +1493,7 @@ extern "C" {
 #define meshtastic_MeshPacket_next_hop_tag       18
 #define meshtastic_MeshPacket_relay_node_tag     19
 #define meshtastic_MeshPacket_tx_after_tag       20
+#define meshtastic_MeshPacket_transport_mechanism_tag 21
 #define meshtastic_NodeInfo_num_tag              1
 #define meshtastic_NodeInfo_user_tag             2
 #define meshtastic_NodeInfo_position_tag         3
@@ -1551,6 +1580,7 @@ extern "C" {
 #define meshtastic_FromRadio_fileInfo_tag        15
 #define meshtastic_FromRadio_clientNotification_tag 16
 #define meshtastic_FromRadio_deviceuiConfig_tag  17
+#define meshtastic_Heartbeat_nonce_tag           1
 #define meshtastic_ToRadio_packet_tag            1
 #define meshtastic_ToRadio_want_config_id_tag    3
 #define meshtastic_ToRadio_disconnect_tag        4
@@ -1687,7 +1717,8 @@ X(a, STATIC,   SINGULAR, BYTES,    public_key,       16) \
 X(a, STATIC,   SINGULAR, BOOL,     pki_encrypted,    17) \
 X(a, STATIC,   SINGULAR, UINT32,   next_hop,         18) \
 X(a, STATIC,   SINGULAR, UINT32,   relay_node,       19) \
-X(a, STATIC,   SINGULAR, UINT32,   tx_after,         20)
+X(a, STATIC,   SINGULAR, UINT32,   tx_after,         20) \
+X(a, STATIC,   SINGULAR, UENUM,    transport_mechanism,  21)
 #define meshtastic_MeshPacket_CALLBACK NULL
 #define meshtastic_MeshPacket_DEFAULT NULL
 #define meshtastic_MeshPacket_payload_variant_decoded_MSGTYPE meshtastic_Data
@@ -1882,7 +1913,7 @@ X(a, STATIC,   SINGULAR, UINT32,   excluded_modules,  12)
 #define meshtastic_DeviceMetadata_DEFAULT NULL
 
 #define meshtastic_Heartbeat_FIELDLIST(X, a) \
-
+X(a, STATIC,   SINGULAR, UINT32,   nonce,             1)
 #define meshtastic_Heartbeat_CALLBACK NULL
 #define meshtastic_Heartbeat_DEFAULT NULL
 
@@ -1992,14 +2023,14 @@ extern const pb_msgdesc_t meshtastic_ChunkedPayloadResponse_msg;
 #define meshtastic_DuplicatedPublicKey_size      0
 #define meshtastic_FileInfo_size                 236
 #define meshtastic_FromRadio_size                510
-#define meshtastic_Heartbeat_size                0
+#define meshtastic_Heartbeat_size                6
 #define meshtastic_KeyVerificationFinal_size     65
 #define meshtastic_KeyVerificationNumberInform_size 58
 #define meshtastic_KeyVerificationNumberRequest_size 52
 #define meshtastic_KeyVerification_size          79
 #define meshtastic_LogRecord_size                426
 #define meshtastic_LowEntropyKey_size            0
-#define meshtastic_MeshPacket_size               378
+#define meshtastic_MeshPacket_size               381
 #define meshtastic_MqttClientProxyMessage_size   501
 #define meshtastic_MyNodeInfo_size               83
 #define meshtastic_NeighborInfo_size             258

src/modules/NodeInfoModule.cpp

@@ -14,6 +14,10 @@ bool NodeInfoModule::handleReceivedProtobuf(const meshtastic_MeshPacket &mp, mes
 {
     auto p = *pptr;
 
+    if (mp.from == nodeDB->getNodeNum()) {
+        LOG_WARN("Ignoring packet supposed to be from our own node: %08x", mp.from);
+        return false;
+    }
     if (p.is_licensed != owner.is_licensed) {
         LOG_WARN("Invalid nodeInfo detected, is_licensed mismatch!");
         return true;

src/platform/nrf52/architecture.h

@@ -53,6 +53,9 @@
 #define HW_VENDOR meshtastic_HardwareModel_WISMESH_TAG
 #elif defined(GAT562_MESH_TRIAL_TRACKER)
 #define HW_VENDOR meshtastic_HardwareModel_GAT562_MESH_TRIAL_TRACKER
+#elif defined(NOMADSTAR_METEOR_PRO)
+#define HW_VENDOR meshtastic_HardwareModel_NOMADSTAR_METEOR_PRO
+// MAke sure all custom RAK4630 boards are defined before the generic RAK4630
 #elif defined(RAK4630)
 #define HW_VENDOR meshtastic_HardwareModel_RAK4631
 #elif defined(TTGO_T_ECHO)
@@ -89,8 +92,6 @@
 #define HW_VENDOR meshtastic_HardwareModel_SEEED_SOLAR_NODE
 #elif defined(HELTEC_MESH_POCKET)
 #define HW_VENDOR meshtastic_HardwareModel_HELTEC_MESH_POCKET
-#elif defined(NOMADSTAR_METEOR_PRO)
-#define HW_VENDOR meshtastic_HardwareModel_NOMADSTAR_METEOR_PRO
 #elif defined(SEEED_WIO_TRACKER_L1_EINK)
 #define HW_VENDOR meshtastic_HardwareModel_SEEED_WIO_TRACKER_L1_EINK
 #elif defined(SEEED_WIO_TRACKER_L1)

test/test_security/test_packet_handling.cpp

@@ -0,0 +1,159 @@
+#include "DebugConfiguration.h"
+#include "TestUtil.h"
+#include <unity.h>
+
+#ifdef ARCH_PORTDUINO
+#include "mesh/NodeDB.h"
+#include "mesh/generated/meshtastic/mesh.pb.h"
+#include "modules/NodeInfoModule.h"
+
+// Mock NodeDB that tracks when updateUser would be called - follows MQTT test pattern
+class MockNodeDB : public NodeDB
+{
+  public:
+    MockNodeDB()
+    {
+        updateUserCallCount = 0;
+        lastUpdatedNodeNum = 0;
+    }
+
+    // Override virtual getMeshNode method (same as MQTT test pattern)
+    meshtastic_NodeInfoLite *getMeshNode(NodeNum n) override { return &emptyNode; }
+
+    // Track calls that would go to updateUser (we'll check this in the test)
+    // Since updateUser is not virtual, we override a method that's called during the process
+    meshtastic_NodeInfoLite *getMeshNodeForUpdate(NodeNum n)
+    {
+        updateUserCallCount++;
+        lastUpdatedNodeNum = n;
+        return &emptyNode;
+    }
+
+    int updateUserCallCount;
+    NodeNum lastUpdatedNodeNum;
+    meshtastic_NodeInfoLite emptyNode = {};
+};
+
+// Testable version of NodeInfoModule that exposes protected methods
+class TestableNodeInfoModule : public NodeInfoModule
+{
+  public:
+    bool testHandleReceivedProtobuf(const meshtastic_MeshPacket &mp, meshtastic_User *user)
+    {
+        return handleReceivedProtobuf(mp, user);
+    }
+};
+
+void test_nodeinfo_spoofing_vulnerability()
+{
+    // Create mock NodeDB and assign to global pointer like MQTT test
+    const std::unique_ptr<MockNodeDB> mockNodeDB(new MockNodeDB());
+    nodeDB = mockNodeDB.get();
+
+    // Set our node number (simulating what happens in real startup)
+    myNodeInfo.my_node_num = 0x12345678;
+
+    // Create a test NodeInfoModule
+    TestableNodeInfoModule testModule;
+
+    // Create a spoofed packet claiming to be from our own node
+    meshtastic_MeshPacket spoofedPacket = meshtastic_MeshPacket_init_default;
+    spoofedPacket.transport_mechanism = meshtastic_MeshPacket_TransportMechanism_TRANSPORT_LORA;
+    spoofedPacket.from = 0x12345678; // VULNERABILITY: Same as our node number
+    spoofedPacket.to = NODENUM_BROADCAST;
+    spoofedPacket.channel = 0;
+    spoofedPacket.which_payload_variant = meshtastic_MeshPacket_decoded_tag;
+    spoofedPacket.decoded.portnum = meshtastic_PortNum_NODEINFO_APP;
+
+    // Create malicious User data that an attacker wants to inject
+    meshtastic_User maliciousUser = meshtastic_User_init_default;
+    strcpy(maliciousUser.long_name, "HACKED_NODE");
+    strcpy(maliciousUser.short_name, "HAK");
+    strcpy(maliciousUser.id, "!87654321"); // Attacker's fake ID
+    maliciousUser.is_licensed = true;      // Try to make us appear licensed when we're not
+
+    // Test the vulnerability: handleReceivedProtobuf should reject spoofed packets claiming to be from our own node
+    // but currently it processes them, calling updateUser with our own node number
+    bool result = testModule.testHandleReceivedProtobuf(spoofedPacket, &maliciousUser);
+
+    // The vulnerability is demonstrated by the function NOT rejecting the spoofed packet
+    // In a secure implementation, packets claiming to be from our own node should be rejected
+    // and the function should return true (meaning "I handled this, don't process further")
+
+    // Currently this will FAIL because the vulnerability exists:
+    // - The function returns false (allowing further processing)
+    // - It calls updateUser with the spoofed node number (our own number)
+    // - This allows an attacker to modify our node information
+
+    TEST_ASSERT_FALSE_MESSAGE(result,
+                              "VULNERABILITY CONFIRMED: handleReceivedProtobuf processes spoofed packets from our own node.\n"
+                              "Expected: Function should return true (reject spoofed packet)\n"
+                              "Actual: Function returned false (processed spoofed packet)\n"
+                              "This allows attackers to spoof our node number and modify our NodeInfo.");
+
+    printf("\n=== SECURITY TEST RESULTS ===\n");
+    printf("✗ Vulnerability exists: NodeInfoModule processes spoofed packets from our own node\n");
+    printf("✗ Attack vector: Attacker can spoof packets with from=our_node_number\n");
+    printf("==============================\n\n");
+}
+
+void test_legitimate_packet_processing()
+{
+    // Test that legitimate packets from OTHER nodes are processed correctly
+    const std::unique_ptr<MockNodeDB> mockNodeDB(new MockNodeDB());
+    nodeDB = mockNodeDB.get();
+
+    myNodeInfo.my_node_num = 0x12345678;
+    TestableNodeInfoModule testModule;
+
+    // Create a legitimate packet from a DIFFERENT node
+    meshtastic_MeshPacket legitimatePacket = meshtastic_MeshPacket_init_default;
+    legitimatePacket.transport_mechanism = meshtastic_MeshPacket_TransportMechanism_TRANSPORT_LORA;
+    legitimatePacket.from = 0x87654321; // Different node number - this is legitimate
+    legitimatePacket.to = NODENUM_BROADCAST;
+    legitimatePacket.channel = 0;
+    legitimatePacket.which_payload_variant = meshtastic_MeshPacket_decoded_tag;
+    legitimatePacket.decoded.portnum = meshtastic_PortNum_NODEINFO_APP;
+
+    meshtastic_User legitimateUser = meshtastic_User_init_default;
+    strcpy(legitimateUser.long_name, "Legitimate User");
+    strcpy(legitimateUser.short_name, "LEG");
+
+    bool result = testModule.testHandleReceivedProtobuf(legitimatePacket, &legitimateUser);
+
+    // Legitimate packets should be processed normally (return false for further processing)
+    TEST_ASSERT_FALSE_MESSAGE(result, "Legitimate packets from other nodes should be processed normally");
+
+    printf("✓ Legitimate packet processing works correctly\n");
+}
+
+void setUp()
+{
+    // Required by Unity
+}
+
+void tearDown()
+{
+    // Required by Unity
+}
+
+void setup()
+{
+    // Initialize test environment like MQTT test
+    initializeTestEnvironment();
+
+    UNITY_BEGIN();
+
+    printf("\n=== NodeInfo Spoofing Security Test ===\n");
+    printf("Testing vulnerability in NodeInfoModule::handleReceivedProtobuf()\n");
+    printf("Issue: Function doesn't check if packet claims to be from our own node\n\n");
+
+    RUN_TEST(test_nodeinfo_spoofing_vulnerability);
+    RUN_TEST(test_legitimate_packet_processing);
+
+    UNITY_END();
+}
+
+void loop() {}
+
+#endif

version.properties

@@ -1,4 +1,4 @@
 [VERSION]  
 major = 2
 minor = 7
-build = 4
+build = 5