• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /******************************************************************************
2  *
3  *  Copyright 1999-2012 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  This file contains state machine and action routines for a port of the
22  *  RFCOMM unit
23  *
24  ******************************************************************************/
25 #include <string.h>
26 #include "bt_common.h"
27 #include "bt_target.h"
28 #include "bt_utils.h"
29 #include "btm_api.h"
30 #include "btm_int.h"
31 #include "osi/include/osi.h"
32 #include "port_api.h"
33 #include "port_int.h"
34 #include "rfc_int.h"
35 #include "rfcdefs.h"
36 
37 #include <set>
38 #include "hci/include/btsnoop.h"
39 
40 static const std::set<uint16_t> uuid_logging_whitelist = {
41     UUID_SERVCLASS_HEADSET_AUDIO_GATEWAY,
42     UUID_SERVCLASS_AG_HANDSFREE,
43 };
44 
45 /******************************************************************************/
46 /*            L O C A L    F U N C T I O N     P R O T O T Y P E S            */
47 /******************************************************************************/
48 static void rfc_port_sm_state_closed(tPORT* p_port, uint16_t event,
49                                      void* p_data);
50 static void rfc_port_sm_sabme_wait_ua(tPORT* p_port, uint16_t event,
51                                       void* p_data);
52 static void rfc_port_sm_opened(tPORT* p_port, uint16_t event, void* p_data);
53 static void rfc_port_sm_orig_wait_sec_check(tPORT* p_port, uint16_t event,
54                                             void* p_data);
55 static void rfc_port_sm_term_wait_sec_check(tPORT* p_port, uint16_t event,
56                                             void* p_data);
57 static void rfc_port_sm_disc_wait_ua(tPORT* p_port, uint16_t event,
58                                      void* p_data);
59 
60 static void rfc_port_uplink_data(tPORT* p_port, BT_HDR* p_buf);
61 
62 static void rfc_set_port_state(tPORT_STATE* port_pars, MX_FRAME* p_frame);
63 
64 /*******************************************************************************
65  *
66  * Function         rfc_port_sm_execute
67  *
68  * Description      This function sends port events through the state
69  *                  machine.
70  *
71  * Returns          void
72  *
73  ******************************************************************************/
rfc_port_sm_execute(tPORT * p_port,uint16_t event,void * p_data)74 void rfc_port_sm_execute(tPORT* p_port, uint16_t event, void* p_data) {
75   CHECK(p_port != nullptr) << __func__ << ": NULL port event " << event;
76   VLOG(1) << __func__ << ": BD_ADDR=" << p_port->bd_addr
77           << ", PORT=" << std::to_string(p_port->handle)
78           << ", STATE=" << std::to_string(p_port->rfc.state)
79           << ", EVENT=" << event;
80   switch (p_port->rfc.state) {
81     case RFC_STATE_CLOSED:
82       rfc_port_sm_state_closed(p_port, event, p_data);
83       break;
84 
85     case RFC_STATE_SABME_WAIT_UA:
86       rfc_port_sm_sabme_wait_ua(p_port, event, p_data);
87       break;
88 
89     case RFC_STATE_ORIG_WAIT_SEC_CHECK:
90       rfc_port_sm_orig_wait_sec_check(p_port, event, p_data);
91       break;
92 
93     case RFC_STATE_TERM_WAIT_SEC_CHECK:
94       rfc_port_sm_term_wait_sec_check(p_port, event, p_data);
95       break;
96 
97     case RFC_STATE_OPENED:
98       rfc_port_sm_opened(p_port, event, p_data);
99       break;
100 
101     case RFC_STATE_DISC_WAIT_UA:
102       rfc_port_sm_disc_wait_ua(p_port, event, p_data);
103       break;
104   }
105 }
106 
107 /*******************************************************************************
108  *
109  * Function         rfc_port_sm_state_closed
110  *
111  * Description      This function handles events when the port is in
112  *                  CLOSED state. This state exists when port is
113  *                  being initially established.
114  *
115  * Returns          void
116  *
117  ******************************************************************************/
rfc_port_sm_state_closed(tPORT * p_port,uint16_t event,void * p_data)118 void rfc_port_sm_state_closed(tPORT* p_port, uint16_t event, void* p_data) {
119   switch (event) {
120     case RFC_EVENT_OPEN:
121       p_port->rfc.state = RFC_STATE_ORIG_WAIT_SEC_CHECK;
122       btm_sec_mx_access_request(
123           p_port->rfc.p_mcb->bd_addr, BT_PSM_RFCOMM, true, BTM_SEC_PROTO_RFCOMM,
124           (uint32_t)(p_port->dlci / 2), &rfc_sec_check_complete, p_port);
125       return;
126 
127     case RFC_EVENT_CLOSE:
128       break;
129 
130     case RFC_EVENT_CLEAR:
131       return;
132 
133     case RFC_EVENT_DATA:
134       osi_free(p_data);
135       break;
136 
137     case RFC_EVENT_SABME:
138       /* make sure the multiplexer disconnect timer is not running (reconnect
139        * case) */
140       rfc_timer_stop(p_port->rfc.p_mcb);
141 
142       /* Open will be continued after security checks are passed */
143       p_port->rfc.state = RFC_STATE_TERM_WAIT_SEC_CHECK;
144       btm_sec_mx_access_request(p_port->rfc.p_mcb->bd_addr, BT_PSM_RFCOMM,
145                                 false, BTM_SEC_PROTO_RFCOMM,
146                                 (uint32_t)(p_port->dlci / 2),
147                                 &rfc_sec_check_complete, p_port);
148       return;
149 
150     case RFC_EVENT_UA:
151       return;
152 
153     case RFC_EVENT_DM:
154       RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DM, index=%d", __func__,
155                            p_port->handle);
156       rfc_port_closed(p_port);
157       return;
158 
159     case RFC_EVENT_UIH:
160       osi_free(p_data);
161       rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, false);
162       return;
163 
164     case RFC_EVENT_DISC:
165       rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, false);
166       return;
167 
168     case RFC_EVENT_TIMEOUT:
169       Port_TimeOutCloseMux(p_port->rfc.p_mcb);
170       RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
171                          event);
172       return;
173   }
174 
175   RFCOMM_TRACE_WARNING("Port state closed Event ignored %d", event);
176   return;
177 }
178 
179 /*******************************************************************************
180  *
181  * Function         rfc_port_sm_sabme_wait_ua
182  *
183  * Description      This function handles events when SABME on the DLC was
184  *                  sent and SM is waiting for UA or DM.
185  *
186  * Returns          void
187  *
188  ******************************************************************************/
rfc_port_sm_sabme_wait_ua(tPORT * p_port,uint16_t event,void * p_data)189 void rfc_port_sm_sabme_wait_ua(tPORT* p_port, uint16_t event, void* p_data) {
190   switch (event) {
191     case RFC_EVENT_OPEN:
192     case RFC_EVENT_ESTABLISH_RSP:
193       RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
194                          event);
195       return;
196 
197     case RFC_EVENT_CLOSE:
198       rfc_port_timer_start(p_port, RFC_DISC_TIMEOUT);
199       rfc_send_disc(p_port->rfc.p_mcb, p_port->dlci);
200       p_port->rfc.expected_rsp = 0;
201       p_port->rfc.state = RFC_STATE_DISC_WAIT_UA;
202       return;
203 
204     case RFC_EVENT_CLEAR:
205       RFCOMM_TRACE_WARNING("%s, RFC_EVENT_CLEAR, index=%d", __func__,
206                            p_port->handle);
207       rfc_port_closed(p_port);
208       return;
209 
210     case RFC_EVENT_DATA:
211       osi_free(p_data);
212       break;
213 
214     case RFC_EVENT_UA:
215       rfc_port_timer_stop(p_port);
216       p_port->rfc.state = RFC_STATE_OPENED;
217 
218       if (uuid_logging_whitelist.find(p_port->uuid) !=
219           uuid_logging_whitelist.end()) {
220         btsnoop_get_interface()->whitelist_rfc_dlci(p_port->rfc.p_mcb->lcid,
221                                                     p_port->dlci);
222       }
223 
224       PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
225                            p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_SUCCESS);
226       return;
227 
228     case RFC_EVENT_DM:
229       RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DM, index=%d", __func__,
230                            p_port->handle);
231       p_port->rfc.p_mcb->is_disc_initiator = true;
232       PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
233                            p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_ERROR);
234       rfc_port_closed(p_port);
235       return;
236 
237     case RFC_EVENT_DISC:
238       RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DISC, index=%d", __func__,
239                            p_port->handle);
240       rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
241       PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
242                            p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_ERROR);
243       rfc_port_closed(p_port);
244       return;
245 
246     case RFC_EVENT_SABME:
247       /* Continue to wait for the UA the SABME this side sent */
248       rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
249       return;
250 
251     case RFC_EVENT_UIH:
252       osi_free(p_data);
253       return;
254 
255     case RFC_EVENT_TIMEOUT:
256       p_port->rfc.state = RFC_STATE_CLOSED;
257       PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
258                            p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_ERROR);
259       return;
260   }
261   RFCOMM_TRACE_WARNING("Port state sabme_wait_ua Event ignored %d", event);
262 }
263 
264 /*******************************************************************************
265  *
266  * Function         rfc_port_sm_term_wait_sec_check
267  *
268  * Description      This function handles events for the port in the
269  *                  WAIT_SEC_CHECK state.  SABME has been received from the
270  *                  peer and Security Manager verifes address, before we can
271  *                  send ESTABLISH_IND to the Port entity
272  *
273  * Returns          void
274  *
275  ******************************************************************************/
rfc_port_sm_term_wait_sec_check(tPORT * p_port,uint16_t event,void * p_data)276 void rfc_port_sm_term_wait_sec_check(tPORT* p_port, uint16_t event,
277                                      void* p_data) {
278   switch (event) {
279     case RFC_EVENT_SEC_COMPLETE:
280       if (*((uint8_t*)p_data) != BTM_SUCCESS) {
281         /* Authentication/authorization failed.  If link is still  */
282         /* up send DM and check if we need to start inactive timer */
283         if (p_port->rfc.p_mcb) {
284           rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
285           p_port->rfc.p_mcb->is_disc_initiator = true;
286           port_rfc_closed(p_port, PORT_SEC_FAILED);
287         }
288       } else {
289         PORT_DlcEstablishInd(p_port->rfc.p_mcb, p_port->dlci,
290                              p_port->rfc.p_mcb->peer_l2cap_mtu);
291       }
292       return;
293 
294     case RFC_EVENT_OPEN:
295     case RFC_EVENT_CLOSE:
296       RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
297                          event);
298       return;
299 
300     case RFC_EVENT_CLEAR:
301       RFCOMM_TRACE_WARNING("%s, RFC_EVENT_CLEAR, index=%d", __func__,
302                            p_port->handle);
303       btm_sec_abort_access_req(p_port->rfc.p_mcb->bd_addr);
304       rfc_port_closed(p_port);
305       return;
306 
307     case RFC_EVENT_DATA:
308       RFCOMM_TRACE_ERROR("Port error state Term Wait Sec event Data");
309       osi_free(p_data);
310       return;
311 
312     case RFC_EVENT_SABME:
313       /* Ignore SABME retransmission if client dares to do so */
314       return;
315 
316     case RFC_EVENT_DISC:
317       btm_sec_abort_access_req(p_port->rfc.p_mcb->bd_addr);
318       p_port->rfc.state = RFC_STATE_CLOSED;
319       rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
320 
321       PORT_DlcReleaseInd(p_port->rfc.p_mcb, p_port->dlci);
322       return;
323 
324     case RFC_EVENT_UIH:
325       osi_free(p_data);
326       return;
327 
328     case RFC_EVENT_ESTABLISH_RSP:
329       if (*((uint8_t*)p_data) != RFCOMM_SUCCESS) {
330         if (p_port->rfc.p_mcb)
331           rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
332       } else {
333         rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
334         p_port->rfc.state = RFC_STATE_OPENED;
335 
336         if (uuid_logging_whitelist.find(p_port->uuid) !=
337             uuid_logging_whitelist.end()) {
338           btsnoop_get_interface()->whitelist_rfc_dlci(p_port->rfc.p_mcb->lcid,
339                                                       p_port->dlci);
340         }
341       }
342       return;
343   }
344   RFCOMM_TRACE_WARNING("Port state term_wait_sec_check Event ignored %d",
345                        event);
346 }
347 
348 /*******************************************************************************
349  *
350  * Function         rfc_port_sm_orig_wait_sec_check
351  *
352  * Description      This function handles events for the port in the
353  *                  ORIG_WAIT_SEC_CHECK state.  RFCOMM is waiting for Security
354  *                  manager to finish before sending SABME to the peer
355  *
356  * Returns          void
357  *
358  ******************************************************************************/
rfc_port_sm_orig_wait_sec_check(tPORT * p_port,uint16_t event,void * p_data)359 void rfc_port_sm_orig_wait_sec_check(tPORT* p_port, uint16_t event,
360                                      void* p_data) {
361   switch (event) {
362     case RFC_EVENT_SEC_COMPLETE:
363       if (*((uint8_t*)p_data) != BTM_SUCCESS) {
364         RFCOMM_TRACE_ERROR("%s, RFC_EVENT_SEC_COMPLETE, index=%d, result=%d",
365                            __func__, event, p_port->handle,
366                            *((uint8_t*)p_data));
367         p_port->rfc.p_mcb->is_disc_initiator = true;
368         PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci, 0,
369                              RFCOMM_SECURITY_ERR);
370         rfc_port_closed(p_port);
371         return;
372       }
373       rfc_send_sabme(p_port->rfc.p_mcb, p_port->dlci);
374       rfc_port_timer_start(p_port, RFC_PORT_T1_TIMEOUT);
375       p_port->rfc.state = RFC_STATE_SABME_WAIT_UA;
376       return;
377 
378     case RFC_EVENT_OPEN:
379     case RFC_EVENT_SABME: /* Peer should not use the same dlci */
380       RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
381                          event);
382       return;
383 
384     case RFC_EVENT_CLOSE:
385       RFCOMM_TRACE_WARNING("%s, RFC_EVENT_CLOSE, index=%d", __func__,
386                            p_port->handle);
387       btm_sec_abort_access_req(p_port->rfc.p_mcb->bd_addr);
388       rfc_port_closed(p_port);
389       return;
390 
391     case RFC_EVENT_DATA:
392       RFCOMM_TRACE_ERROR("Port error state Orig Wait Sec event Data");
393       osi_free(p_data);
394       return;
395 
396     case RFC_EVENT_UIH:
397       osi_free(p_data);
398       return;
399   }
400   RFCOMM_TRACE_WARNING("Port state orig_wait_sec_check Event ignored %d",
401                        event);
402 }
403 
404 /*******************************************************************************
405  *
406  * Function         rfc_port_sm_opened
407  *
408  * Description      This function handles events for the port in the OPENED
409  *                  state
410  *
411  * Returns          void
412  *
413  ******************************************************************************/
rfc_port_sm_opened(tPORT * p_port,uint16_t event,void * p_data)414 void rfc_port_sm_opened(tPORT* p_port, uint16_t event, void* p_data) {
415   switch (event) {
416     case RFC_EVENT_OPEN:
417       RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
418                          event);
419       return;
420 
421     case RFC_EVENT_CLOSE:
422       rfc_port_timer_start(p_port, RFC_DISC_TIMEOUT);
423       rfc_send_disc(p_port->rfc.p_mcb, p_port->dlci);
424       p_port->rfc.expected_rsp = 0;
425       p_port->rfc.state = RFC_STATE_DISC_WAIT_UA;
426       return;
427 
428     case RFC_EVENT_CLEAR:
429       RFCOMM_TRACE_WARNING("%s, RFC_EVENT_CLEAR, index=%d", __func__,
430                            p_port->handle);
431       rfc_port_closed(p_port);
432       return;
433 
434     case RFC_EVENT_DATA:
435       /* Send credits in the frame.  Pass them in the layer specific member of
436        * the hdr. */
437       /* There might be an initial case when we reduced rx_max and credit_rx is
438        * still */
439       /* bigger.  Make sure that we do not send 255 */
440       if ((p_port->rfc.p_mcb->flow == PORT_FC_CREDIT) &&
441           (((BT_HDR*)p_data)->len < p_port->peer_mtu) &&
442           (!p_port->rx.user_fc) &&
443           (p_port->credit_rx_max > p_port->credit_rx)) {
444         ((BT_HDR*)p_data)->layer_specific =
445             (uint8_t)(p_port->credit_rx_max - p_port->credit_rx);
446         p_port->credit_rx = p_port->credit_rx_max;
447       } else {
448         ((BT_HDR*)p_data)->layer_specific = 0;
449       }
450       rfc_send_buf_uih(p_port->rfc.p_mcb, p_port->dlci, (BT_HDR*)p_data);
451       rfc_dec_credit(p_port);
452       return;
453 
454     case RFC_EVENT_UA:
455       return;
456 
457     case RFC_EVENT_SABME:
458       rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
459       return;
460 
461     case RFC_EVENT_DM:
462       RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DM, index=%d", __func__,
463                            p_port->handle);
464       PORT_DlcReleaseInd(p_port->rfc.p_mcb, p_port->dlci);
465       rfc_port_closed(p_port);
466       return;
467 
468     case RFC_EVENT_DISC:
469       p_port->rfc.state = RFC_STATE_CLOSED;
470       rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
471       if (!fixed_queue_is_empty(p_port->rx.queue)) {
472         /* give a chance to upper stack to close port properly */
473         RFCOMM_TRACE_DEBUG("port queue is not empty");
474         rfc_port_timer_start(p_port, RFC_DISC_TIMEOUT);
475       } else
476         PORT_DlcReleaseInd(p_port->rfc.p_mcb, p_port->dlci);
477       return;
478 
479     case RFC_EVENT_UIH:
480       rfc_port_uplink_data(p_port, (BT_HDR*)p_data);
481       return;
482 
483     case RFC_EVENT_TIMEOUT:
484       Port_TimeOutCloseMux(p_port->rfc.p_mcb);
485       RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
486                          event);
487       return;
488   }
489   RFCOMM_TRACE_WARNING("Port state opened Event ignored %d", event);
490 }
491 
492 /*******************************************************************************
493  *
494  * Function         rfc_port_sm_disc_wait_ua
495  *
496  * Description      This function handles events when DISC on the DLC was
497  *                  sent and SM is waiting for UA or DM.
498  *
499  * Returns          void
500  *
501  ******************************************************************************/
rfc_port_sm_disc_wait_ua(tPORT * p_port,uint16_t event,void * p_data)502 void rfc_port_sm_disc_wait_ua(tPORT* p_port, uint16_t event, void* p_data) {
503   switch (event) {
504     case RFC_EVENT_OPEN:
505     case RFC_EVENT_ESTABLISH_RSP:
506       RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
507                          event);
508       return;
509 
510     case RFC_EVENT_CLEAR:
511       RFCOMM_TRACE_WARNING("%s, RFC_EVENT_CLEAR, index=%d", __func__, event,
512                            p_port->handle);
513       rfc_port_closed(p_port);
514       return;
515 
516     case RFC_EVENT_DATA:
517       osi_free(p_data);
518       return;
519 
520     case RFC_EVENT_UA:
521       p_port->rfc.p_mcb->is_disc_initiator = true;
522       FALLTHROUGH_INTENDED; /* FALLTHROUGH */
523 
524     case RFC_EVENT_DM:
525       RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DM|RFC_EVENT_UA[%d], index=%d",
526                            __func__, event, p_port->handle);
527       rfc_port_closed(p_port);
528       return;
529 
530     case RFC_EVENT_SABME:
531       rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
532       return;
533 
534     case RFC_EVENT_DISC:
535       rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
536       return;
537 
538     case RFC_EVENT_UIH:
539       osi_free(p_data);
540       rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, false);
541       return;
542 
543     case RFC_EVENT_TIMEOUT:
544       RFCOMM_TRACE_ERROR("%s, RFC_EVENT_TIMEOUT, index=%d", __func__,
545                          p_port->handle);
546       rfc_port_closed(p_port);
547       return;
548   }
549 
550   RFCOMM_TRACE_WARNING("Port state disc_wait_ua Event ignored %d", event);
551 }
552 
553 /*******************************************************************************
554  *
555  * Function         rfc_port_uplink_data
556  *
557  * Description      This function handles uplink information data frame.
558  *
559  ******************************************************************************/
rfc_port_uplink_data(tPORT * p_port,BT_HDR * p_buf)560 void rfc_port_uplink_data(tPORT* p_port, BT_HDR* p_buf) {
561   PORT_DataInd(p_port->rfc.p_mcb, p_port->dlci, p_buf);
562 }
563 
564 /*******************************************************************************
565  *
566  * Function         rfc_process_pn
567  *
568  * Description      This function handles DLC parameter negotiation frame.
569  *                  Record MTU and pass indication to the upper layer.
570  *
571  ******************************************************************************/
rfc_process_pn(tRFC_MCB * p_mcb,bool is_command,MX_FRAME * p_frame)572 void rfc_process_pn(tRFC_MCB* p_mcb, bool is_command, MX_FRAME* p_frame) {
573   RFCOMM_TRACE_DEBUG("%s: is_initiator=%d, is_cmd=%d, state=%d, bd_addr=%s",
574                      __func__, p_mcb->is_initiator, is_command, p_mcb->state,
575                      p_mcb->bd_addr.ToString().c_str());
576   uint8_t dlci = p_frame->dlci;
577 
578   if (is_command) {
579     /* Ignore if Multiplexer is being shut down */
580     if (p_mcb->state != RFC_MX_STATE_DISC_WAIT_UA) {
581       PORT_ParNegInd(p_mcb, dlci, p_frame->u.pn.mtu, p_frame->u.pn.conv_layer,
582                      p_frame->u.pn.k);
583     } else {
584       LOG(WARNING) << __func__
585                    << ": MX PN while disconnecting, bd_addr=" << p_mcb->bd_addr
586                    << ", p_mcb=" << p_mcb;
587       rfc_send_dm(p_mcb, dlci, false);
588     }
589 
590     return;
591   }
592   /* If we are not awaiting response just ignore it */
593   tPORT* p_port = port_find_mcb_dlci_port(p_mcb, dlci);
594   if ((p_port == nullptr) || !(p_port->rfc.expected_rsp & RFC_RSP_PN)) {
595     LOG(WARNING) << ": Ignore unwanted response, p_mcb=" << p_mcb
596                  << ", bd_addr=" << p_mcb->bd_addr
597                  << ", dlci=" << std::to_string(dlci);
598     return;
599   }
600 
601   p_port->rfc.expected_rsp &= ~RFC_RSP_PN;
602 
603   rfc_port_timer_stop(p_port);
604 
605   PORT_ParNegCnf(p_mcb, dlci, p_frame->u.pn.mtu, p_frame->u.pn.conv_layer,
606                  p_frame->u.pn.k);
607 }
608 
609 /*******************************************************************************
610  *
611  * Function         rfc_process_rpn
612  *
613  * Description      This function handles Remote DLC parameter negotiation
614  *                  command/response.  Pass command to the user.
615  *
616  ******************************************************************************/
rfc_process_rpn(tRFC_MCB * p_mcb,bool is_command,bool is_request,MX_FRAME * p_frame)617 void rfc_process_rpn(tRFC_MCB* p_mcb, bool is_command, bool is_request,
618                      MX_FRAME* p_frame) {
619   tPORT_STATE port_pars;
620   tPORT* p_port;
621 
622   p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
623   if (p_port == nullptr) {
624     /* This is the first command on the port */
625     if (is_command) {
626       memset(&port_pars, 0, sizeof(tPORT_STATE));
627       rfc_set_port_state(&port_pars, p_frame);
628 
629       PORT_PortNegInd(p_mcb, p_frame->dlci, &port_pars,
630                       p_frame->u.rpn.param_mask);
631     }
632     return;
633   }
634 
635   if (is_command && is_request) {
636     /* This is the special situation when peer just request local pars */
637     rfc_send_rpn(p_mcb, p_frame->dlci, false, &p_port->peer_port_pars, 0);
638     return;
639   }
640 
641   port_pars = p_port->peer_port_pars;
642 
643   rfc_set_port_state(&port_pars, p_frame);
644 
645   if (is_command) {
646     PORT_PortNegInd(p_mcb, p_frame->dlci, &port_pars,
647                     p_frame->u.rpn.param_mask);
648     return;
649   }
650 
651   /* If we are not awaiting response just ignore it */
652   p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
653   if ((p_port == nullptr) ||
654       !(p_port->rfc.expected_rsp & (RFC_RSP_RPN | RFC_RSP_RPN_REPLY))) {
655     LOG(WARNING) << __func__ << ": ignore DLC parameter negotiation as we are"
656                  << " not waiting for any";
657     return;
658   }
659 
660   /* If we sent a request for port parameters to the peer he is replying with */
661   /* mask 0. */
662   rfc_port_timer_stop(p_port);
663 
664   if (p_port->rfc.expected_rsp & RFC_RSP_RPN_REPLY) {
665     p_port->rfc.expected_rsp &= ~RFC_RSP_RPN_REPLY;
666 
667     p_port->peer_port_pars = port_pars;
668 
669     if ((port_pars.fc_type ==
670          (RFCOMM_FC_RTR_ON_INPUT | RFCOMM_FC_RTR_ON_OUTPUT)) ||
671         (port_pars.fc_type ==
672          (RFCOMM_FC_RTC_ON_INPUT | RFCOMM_FC_RTC_ON_OUTPUT))) {
673       /* This is satisfactory port parameters.  Set mask as it was Ok */
674       p_frame->u.rpn.param_mask = RFCOMM_RPN_PM_MASK;
675     } else {
676       /* Current peer parameters are not good, try to fix them */
677       p_port->peer_port_pars.fc_type =
678           (RFCOMM_FC_RTR_ON_INPUT | RFCOMM_FC_RTR_ON_OUTPUT);
679 
680       p_port->rfc.expected_rsp |= RFC_RSP_RPN;
681       rfc_send_rpn(p_mcb, p_frame->dlci, true, &p_port->peer_port_pars,
682                    RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT);
683       rfc_port_timer_start(p_port, RFC_T2_TIMEOUT);
684       return;
685     }
686   } else
687     p_port->rfc.expected_rsp &= ~RFC_RSP_RPN;
688 
689   /* Check if all suggested parameters were accepted */
690   if (((p_frame->u.rpn.param_mask &
691         (RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT)) ==
692        (RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT)) ||
693       ((p_frame->u.rpn.param_mask &
694         (RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT)) ==
695        (RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT))) {
696     PORT_PortNegCnf(p_mcb, p_port->dlci, &port_pars, RFCOMM_SUCCESS);
697     return;
698   }
699 
700   /* If we were proposing RTR flow control try RTC flow control */
701   /* If we were proposing RTC flow control try no flow control */
702   /* otherwise drop the connection */
703   if (p_port->peer_port_pars.fc_type ==
704       (RFCOMM_FC_RTR_ON_INPUT | RFCOMM_FC_RTR_ON_OUTPUT)) {
705     /* Current peer parameters are not good, try to fix them */
706     p_port->peer_port_pars.fc_type =
707         (RFCOMM_FC_RTC_ON_INPUT | RFCOMM_FC_RTC_ON_OUTPUT);
708 
709     p_port->rfc.expected_rsp |= RFC_RSP_RPN;
710 
711     rfc_send_rpn(p_mcb, p_frame->dlci, true, &p_port->peer_port_pars,
712                  RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT);
713     rfc_port_timer_start(p_port, RFC_T2_TIMEOUT);
714     return;
715   }
716 
717   /* Other side does not support flow control */
718   if (p_port->peer_port_pars.fc_type ==
719       (RFCOMM_FC_RTC_ON_INPUT | RFCOMM_FC_RTC_ON_OUTPUT)) {
720     p_port->peer_port_pars.fc_type = RFCOMM_FC_OFF;
721     PORT_PortNegCnf(p_mcb, p_port->dlci, &port_pars, RFCOMM_SUCCESS);
722   }
723 }
724 
725 /*******************************************************************************
726  *
727  * Function         rfc_process_msc
728  *
729  * Description      This function handles Modem Status Command.
730  *                  Pass command to the user.
731  *
732  ******************************************************************************/
rfc_process_msc(tRFC_MCB * p_mcb,bool is_command,MX_FRAME * p_frame)733 void rfc_process_msc(tRFC_MCB* p_mcb, bool is_command, MX_FRAME* p_frame) {
734   tPORT_CTRL pars;
735   tPORT* p_port;
736   uint8_t modem_signals = p_frame->u.msc.signals;
737   bool new_peer_fc = false;
738 
739   p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
740   if (p_port == NULL) return;
741 
742   pars.modem_signal = 0;
743 
744   if (modem_signals & RFCOMM_MSC_RTC) pars.modem_signal |= MODEM_SIGNAL_DTRDSR;
745 
746   if (modem_signals & RFCOMM_MSC_RTR) pars.modem_signal |= MODEM_SIGNAL_RTSCTS;
747 
748   if (modem_signals & RFCOMM_MSC_IC) pars.modem_signal |= MODEM_SIGNAL_RI;
749 
750   if (modem_signals & RFCOMM_MSC_DV) pars.modem_signal |= MODEM_SIGNAL_DCD;
751 
752   pars.fc = ((modem_signals & RFCOMM_MSC_FC) == RFCOMM_MSC_FC);
753 
754   pars.break_signal =
755       (p_frame->u.msc.break_present) ? p_frame->u.msc.break_duration : 0;
756   pars.discard_buffers = 0;
757   pars.break_signal_seq = RFCOMM_CTRL_BREAK_IN_SEQ; /* this is default */
758 
759   /* Check if this command is passed only to indicate flow control */
760   if (is_command) {
761     rfc_send_msc(p_mcb, p_frame->dlci, false, &pars);
762 
763     if (p_port->rfc.p_mcb->flow != PORT_FC_CREDIT) {
764       /* Spec 1.1 indicates that only FC bit is used for flow control */
765       p_port->peer_ctrl.fc = new_peer_fc = pars.fc;
766 
767       if (new_peer_fc != p_port->tx.peer_fc)
768         PORT_FlowInd(p_mcb, p_frame->dlci, (bool)!new_peer_fc);
769     }
770 
771     PORT_ControlInd(p_mcb, p_frame->dlci, &pars);
772 
773     return;
774   }
775 
776   /* If we are not awaiting response just ignore it */
777   if (!(p_port->rfc.expected_rsp & RFC_RSP_MSC)) return;
778 
779   p_port->rfc.expected_rsp &= ~RFC_RSP_MSC;
780 
781   rfc_port_timer_stop(p_port);
782 
783   PORT_ControlCnf(p_port->rfc.p_mcb, p_port->dlci, &pars);
784 }
785 
786 /*******************************************************************************
787  *
788  * Function         rfc_process_rls
789  *
790  * Description      This function handles Remote Line Status command.
791  *                  Pass command to the user.
792  *
793  ******************************************************************************/
rfc_process_rls(tRFC_MCB * p_mcb,bool is_command,MX_FRAME * p_frame)794 void rfc_process_rls(tRFC_MCB* p_mcb, bool is_command, MX_FRAME* p_frame) {
795   tPORT* p_port;
796 
797   if (is_command) {
798     PORT_LineStatusInd(p_mcb, p_frame->dlci, p_frame->u.rls.line_status);
799     rfc_send_rls(p_mcb, p_frame->dlci, false, p_frame->u.rls.line_status);
800   } else {
801     p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
802 
803     /* If we are not awaiting response just ignore it */
804     if (!p_port || !(p_port->rfc.expected_rsp & RFC_RSP_RLS)) return;
805 
806     p_port->rfc.expected_rsp &= ~RFC_RSP_RLS;
807 
808     rfc_port_timer_stop(p_port);
809   }
810 }
811 
812 /*******************************************************************************
813  *
814  * Function         rfc_process_nsc
815  *
816  * Description      This function handles None Supported Command frame.
817  *
818  ******************************************************************************/
rfc_process_nsc(UNUSED_ATTR tRFC_MCB * p_mcb,UNUSED_ATTR MX_FRAME * p_frame)819 void rfc_process_nsc(UNUSED_ATTR tRFC_MCB* p_mcb,
820                      UNUSED_ATTR MX_FRAME* p_frame) {}
821 
822 /*******************************************************************************
823  *
824  * Function         rfc_process_test
825  *
826  * Description      This function handles Test frame.  If this is a command
827  *                  reply to it.  Otherwise pass response to the user.
828  *
829  ******************************************************************************/
rfc_process_test_rsp(UNUSED_ATTR tRFC_MCB * p_mcb,BT_HDR * p_buf)830 void rfc_process_test_rsp(UNUSED_ATTR tRFC_MCB* p_mcb, BT_HDR* p_buf) {
831   osi_free(p_buf);
832 }
833 
834 /*******************************************************************************
835  *
836  * Function         rfc_process_fcon
837  *
838  * Description      This function handles FCON frame.  The peer entity is able
839  *                  to receive new information
840  *
841  ******************************************************************************/
rfc_process_fcon(tRFC_MCB * p_mcb,bool is_command)842 void rfc_process_fcon(tRFC_MCB* p_mcb, bool is_command) {
843   if (is_command) {
844     rfc_cb.rfc.peer_rx_disabled = false;
845 
846     rfc_send_fcon(p_mcb, false);
847 
848     if (!p_mcb->l2cap_congested) PORT_FlowInd(p_mcb, 0, true);
849   }
850 }
851 
852 /*******************************************************************************
853  *
854  * Function         rfc_process_fcoff
855  *
856  * Description      This function handles FCOFF frame.  The peer entity is
857  *                  unable to receive new information
858  *
859  ******************************************************************************/
rfc_process_fcoff(tRFC_MCB * p_mcb,bool is_command)860 void rfc_process_fcoff(tRFC_MCB* p_mcb, bool is_command) {
861   if (is_command) {
862     rfc_cb.rfc.peer_rx_disabled = true;
863 
864     if (!p_mcb->l2cap_congested) PORT_FlowInd(p_mcb, 0, false);
865 
866     rfc_send_fcoff(p_mcb, false);
867   }
868 }
869 
870 /*******************************************************************************
871  *
872  * Function         rfc_process_l2cap_congestion
873  *
874  * Description      This function handles L2CAP congestion messages
875  *
876  ******************************************************************************/
rfc_process_l2cap_congestion(tRFC_MCB * p_mcb,bool is_congested)877 void rfc_process_l2cap_congestion(tRFC_MCB* p_mcb, bool is_congested) {
878   p_mcb->l2cap_congested = is_congested;
879 
880   if (!is_congested) {
881     rfc_check_send_cmd(p_mcb, nullptr);
882   }
883 
884   if (!rfc_cb.rfc.peer_rx_disabled) {
885     PORT_FlowInd(p_mcb, 0, !is_congested);
886   }
887 }
888 
889 /*******************************************************************************
890  *
891  * Function         rfc_set_port_pars
892  *
893  * Description      This function sets the tPORT_STATE structure given a
894  *                  p_frame.
895  *
896  ******************************************************************************/
897 
rfc_set_port_state(tPORT_STATE * port_pars,MX_FRAME * p_frame)898 void rfc_set_port_state(tPORT_STATE* port_pars, MX_FRAME* p_frame) {
899   if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_BIT_RATE)
900     port_pars->baud_rate = p_frame->u.rpn.baud_rate;
901   if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_DATA_BITS)
902     port_pars->byte_size = p_frame->u.rpn.byte_size;
903   if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_STOP_BITS)
904     port_pars->stop_bits = p_frame->u.rpn.stop_bits;
905   if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_PARITY)
906     port_pars->parity = p_frame->u.rpn.parity;
907   if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_PARITY_TYPE)
908     port_pars->parity_type = p_frame->u.rpn.parity_type;
909   if (p_frame->u.rpn.param_mask &
910       (RFCOMM_RPN_PM_XONXOFF_ON_INPUT | RFCOMM_RPN_PM_XONXOFF_ON_OUTPUT |
911        RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT |
912        RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT))
913     port_pars->fc_type = p_frame->u.rpn.fc_type;
914   if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_XON_CHAR)
915     port_pars->xon_char = p_frame->u.rpn.xon_char;
916   if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_XOFF_CHAR)
917     port_pars->xoff_char = p_frame->u.rpn.xoff_char;
918 }
919