1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains L2CAP interface functions
22 *
23 ******************************************************************************/
24
25 #include <stddef.h>
26 #include "bt_target.h"
27
28 #include "bt_common.h"
29 #include "common/time_util.h"
30 #include "osi/include/osi.h"
31
32 #include "bt_utils.h"
33 #include "hci/include/btsnoop.h"
34 #include "l2c_api.h"
35 #include "l2cdefs.h"
36 #include "port_api.h"
37 #include "port_int.h"
38 #include "rfc_int.h"
39 #include "rfcdefs.h"
40
41 /*
42 * Define Callback functions to be called by L2CAP
43 */
44 static void RFCOMM_ConnectInd(const RawAddress& bd_addr, uint16_t lcid,
45 uint16_t psm, uint8_t id);
46 static void RFCOMM_ConnectCnf(uint16_t lcid, uint16_t err);
47 static void RFCOMM_ConfigInd(uint16_t lcid, tL2CAP_CFG_INFO* p_cfg);
48 static void RFCOMM_ConfigCnf(uint16_t lcid, tL2CAP_CFG_INFO* p_cfg);
49 static void RFCOMM_DisconnectInd(uint16_t lcid, bool is_clear);
50 static void RFCOMM_QoSViolationInd(UNUSED_ATTR const RawAddress& bd_addr);
51 static void RFCOMM_BufDataInd(uint16_t lcid, BT_HDR* p_buf);
52 static void RFCOMM_CongestionStatusInd(uint16_t lcid, bool is_congested);
53
54 /*******************************************************************************
55 *
56 * Function rfcomm_l2cap_if_init
57 *
58 * Description This function is called during the RFCOMM task startup
59 * to register interface functions with L2CAP.
60 *
61 ******************************************************************************/
rfcomm_l2cap_if_init(void)62 void rfcomm_l2cap_if_init(void) {
63 tL2CAP_APPL_INFO* p_l2c = &rfc_cb.rfc.reg_info;
64
65 p_l2c->pL2CA_ConnectInd_Cb = RFCOMM_ConnectInd;
66 p_l2c->pL2CA_ConnectCfm_Cb = RFCOMM_ConnectCnf;
67 p_l2c->pL2CA_ConnectPnd_Cb = NULL;
68 p_l2c->pL2CA_ConfigInd_Cb = RFCOMM_ConfigInd;
69 p_l2c->pL2CA_ConfigCfm_Cb = RFCOMM_ConfigCnf;
70 p_l2c->pL2CA_DisconnectInd_Cb = RFCOMM_DisconnectInd;
71 p_l2c->pL2CA_DisconnectCfm_Cb = NULL;
72 p_l2c->pL2CA_QoSViolationInd_Cb = RFCOMM_QoSViolationInd;
73 p_l2c->pL2CA_DataInd_Cb = RFCOMM_BufDataInd;
74 p_l2c->pL2CA_CongestionStatus_Cb = RFCOMM_CongestionStatusInd;
75 p_l2c->pL2CA_TxComplete_Cb = NULL;
76
77 L2CA_Register(BT_PSM_RFCOMM, p_l2c, true /* enable_snoop */, nullptr);
78 }
79
80 /*******************************************************************************
81 *
82 * Function RFCOMM_ConnectInd
83 *
84 * Description This is a callback function called by L2CAP when
85 * L2CA_ConnectInd received. Allocate multiplexer control
86 * block and dispatch the event to it.
87 *
88 ******************************************************************************/
RFCOMM_ConnectInd(const RawAddress & bd_addr,uint16_t lcid,UNUSED_ATTR uint16_t psm,uint8_t id)89 void RFCOMM_ConnectInd(const RawAddress& bd_addr, uint16_t lcid,
90 UNUSED_ATTR uint16_t psm, uint8_t id) {
91 tRFC_MCB* p_mcb = rfc_alloc_multiplexer_channel(bd_addr, false);
92
93 if ((p_mcb) && (p_mcb->state != RFC_MX_STATE_IDLE)) {
94 /* if this is collision case */
95 if ((p_mcb->is_initiator) && (p_mcb->state == RFC_MX_STATE_WAIT_CONN_CNF)) {
96 p_mcb->pending_lcid = lcid;
97 p_mcb->pending_id = id;
98
99 /* wait random timeout (2 - 12) to resolve collision */
100 /* if peer gives up then local device rejects incoming connection and
101 * continues as initiator */
102 /* if timeout, local device disconnects outgoing connection and continues
103 * as acceptor */
104 RFCOMM_TRACE_DEBUG(
105 "RFCOMM_ConnectInd start timer for collision, initiator's "
106 "LCID(0x%x), acceptor's LCID(0x%x)",
107 p_mcb->lcid, p_mcb->pending_lcid);
108
109 rfc_timer_start(
110 p_mcb,
111 (uint16_t)(bluetooth::common::time_get_os_boottime_ms() % 10 + 2));
112 return;
113 } else {
114 /* we cannot accept connection request from peer at this state */
115 /* don't update lcid */
116 p_mcb = nullptr;
117 }
118 } else {
119 /* store mcb even if null */
120 rfc_save_lcid_mcb(p_mcb, lcid);
121 }
122
123 if (p_mcb == nullptr) {
124 L2CA_ConnectRsp(bd_addr, id, lcid, L2CAP_CONN_NO_RESOURCES, 0);
125 return;
126 }
127 p_mcb->lcid = lcid;
128
129 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONN_IND, &id);
130 }
131
132 /*******************************************************************************
133 *
134 * Function RFCOMM_ConnectCnf
135 *
136 * Description This is a callback function called by L2CAP when
137 * L2CA_ConnectCnf received. Save L2CAP handle and dispatch
138 * event to the FSM.
139 *
140 ******************************************************************************/
RFCOMM_ConnectCnf(uint16_t lcid,uint16_t result)141 void RFCOMM_ConnectCnf(uint16_t lcid, uint16_t result) {
142 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
143
144 if (!p_mcb) {
145 RFCOMM_TRACE_ERROR("RFCOMM_ConnectCnf LCID:0x%x", lcid);
146 return;
147 }
148
149 if (p_mcb->pending_lcid) {
150 /* if peer rejects our connect request but peer's connect request is pending
151 */
152 if (result != L2CAP_CONN_OK) {
153 RFCOMM_TRACE_DEBUG(
154 "RFCOMM_ConnectCnf retry as acceptor on pending LCID(0x%x)",
155 p_mcb->pending_lcid);
156
157 /* remove mcb from mapping table */
158 rfc_save_lcid_mcb(NULL, p_mcb->lcid);
159
160 p_mcb->lcid = p_mcb->pending_lcid;
161 p_mcb->is_initiator = false;
162 p_mcb->state = RFC_MX_STATE_IDLE;
163
164 /* store mcb into mapping table */
165 rfc_save_lcid_mcb(p_mcb, p_mcb->lcid);
166
167 /* update direction bit */
168 for (int i = 0; i < RFCOMM_MAX_DLCI; i += 2) {
169 uint8_t handle = p_mcb->port_handles[i];
170 if (handle != 0) {
171 p_mcb->port_handles[i] = 0;
172 p_mcb->port_handles[i + 1] = handle;
173 rfc_cb.port.port[handle - 1].dlci += 1;
174 RFCOMM_TRACE_DEBUG("RFCOMM MX, port_handle=%d, DLCI[%d->%d]", handle,
175 i, rfc_cb.port.port[handle - 1].dlci);
176 }
177 }
178
179 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONN_IND, &(p_mcb->pending_id));
180 return;
181 } else {
182 RFCOMM_TRACE_DEBUG("RFCOMM_ConnectCnf peer gave up pending LCID(0x%x)",
183 p_mcb->pending_lcid);
184
185 /* Peer gave up his connection request, make sure cleaning up L2CAP
186 * channel */
187 L2CA_ConnectRsp(p_mcb->bd_addr, p_mcb->pending_id, p_mcb->pending_lcid,
188 L2CAP_CONN_NO_RESOURCES, 0);
189
190 p_mcb->pending_lcid = 0;
191 }
192 }
193
194 /* Save LCID to be used in all consecutive calls to L2CAP */
195 p_mcb->lcid = lcid;
196
197 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONN_CNF, &result);
198 }
199
200 /*******************************************************************************
201 *
202 * Function RFCOMM_ConfigInd
203 *
204 * Description This is a callback function called by L2CAP when
205 * L2CA_ConfigInd received. Save parameters in the control
206 * block and dispatch event to the FSM.
207 *
208 ******************************************************************************/
RFCOMM_ConfigInd(uint16_t lcid,tL2CAP_CFG_INFO * p_cfg)209 void RFCOMM_ConfigInd(uint16_t lcid, tL2CAP_CFG_INFO* p_cfg) {
210 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
211
212 if (!p_mcb) {
213 RFCOMM_TRACE_ERROR("RFCOMM_ConfigInd LCID:0x%x", lcid);
214 return;
215 }
216
217 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONF_IND, (void*)p_cfg);
218 }
219
220 /*******************************************************************************
221 *
222 * Function RFCOMM_ConfigCnf
223 *
224 * Description This is a callback function called by L2CAP when
225 * L2CA_ConfigCnf received. Save L2CAP handle and dispatch
226 * event to the FSM.
227 *
228 ******************************************************************************/
RFCOMM_ConfigCnf(uint16_t lcid,tL2CAP_CFG_INFO * p_cfg)229 void RFCOMM_ConfigCnf(uint16_t lcid, tL2CAP_CFG_INFO* p_cfg) {
230 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
231
232 if (!p_mcb) {
233 RFCOMM_TRACE_ERROR("RFCOMM_ConfigCnf no MCB LCID:0x%x", lcid);
234 return;
235 }
236
237 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONF_CNF, (void*)p_cfg);
238 }
239
240 /*******************************************************************************
241 *
242 * Function RFCOMM_QoSViolationInd
243 *
244 * Description This is a callback function called by L2CAP when
245 * L2CA_QoSViolationIndInd received. Dispatch event to the
246 * FSM.
247 *
248 ******************************************************************************/
RFCOMM_QoSViolationInd(UNUSED_ATTR const RawAddress & bd_addr)249 void RFCOMM_QoSViolationInd(UNUSED_ATTR const RawAddress& bd_addr) {}
250
251 /*******************************************************************************
252 *
253 * Function RFCOMM_DisconnectInd
254 *
255 * Description This is a callback function called by L2CAP when
256 * L2CA_DisconnectInd received. Dispatch event to the FSM.
257 *
258 ******************************************************************************/
RFCOMM_DisconnectInd(uint16_t lcid,bool is_conf_needed)259 void RFCOMM_DisconnectInd(uint16_t lcid, bool is_conf_needed) {
260 VLOG(1) << __func__ << ": lcid=" << loghex(lcid)
261 << ", is_conf_needed=" << is_conf_needed;
262 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
263 if (is_conf_needed) {
264 L2CA_DisconnectRsp(lcid);
265 }
266 if (!p_mcb) {
267 LOG(WARNING) << __func__ << ": no mcb for lcid " << loghex(lcid);
268 return;
269 }
270 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_DISC_IND, nullptr);
271 }
272
273 /*******************************************************************************
274 *
275 * Function RFCOMM_BufDataInd
276 *
277 * Description This is a callback function called by L2CAP when
278 * data RFCOMM frame is received. Parse the frames, check
279 * the checksum and dispatch event to multiplexer or port
280 * state machine depending on the frame destination.
281 *
282 ******************************************************************************/
RFCOMM_BufDataInd(uint16_t lcid,BT_HDR * p_buf)283 void RFCOMM_BufDataInd(uint16_t lcid, BT_HDR* p_buf) {
284 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
285
286 if (!p_mcb) {
287 LOG(WARNING) << __func__ << ": Cannot find RFCOMM multiplexer for lcid "
288 << loghex(lcid);
289 osi_free(p_buf);
290 return;
291 }
292
293 uint8_t event = rfc_parse_data(p_mcb, &rfc_cb.rfc.rx_frame, p_buf);
294
295 /* If the frame did not pass validation just ignore it */
296 if (event == RFC_EVENT_BAD_FRAME) {
297 LOG(WARNING) << __func__ << ": Bad RFCOMM frame from lcid=" << loghex(lcid)
298 << ", bd_addr=" << p_mcb->bd_addr << ", p_mcb=" << p_mcb;
299 osi_free(p_buf);
300 return;
301 }
302
303 if (rfc_cb.rfc.rx_frame.dlci == RFCOMM_MX_DLCI) {
304 RFCOMM_TRACE_DEBUG("%s: handle multiplexer event %d, p_mcb=%p", __func__,
305 event, p_mcb);
306 /* Take special care of the Multiplexer Control Messages */
307 if (event == RFC_EVENT_UIH) {
308 rfc_process_mx_message(p_mcb, p_buf);
309 return;
310 }
311
312 /* Other multiplexer events go to state machine */
313 rfc_mx_sm_execute(p_mcb, event, nullptr);
314 osi_free(p_buf);
315 return;
316 }
317
318 /* The frame was received on the data channel DLCI, verify that DLC exists */
319 tPORT* p_port = port_find_mcb_dlci_port(p_mcb, rfc_cb.rfc.rx_frame.dlci);
320 if (p_port == nullptr || !p_port->rfc.p_mcb) {
321 /* If this is a SABME on new port, check if any app is waiting for it */
322 if (event != RFC_EVENT_SABME) {
323 LOG(WARNING) << __func__
324 << ": no for none-SABME event, lcid=" << loghex(lcid)
325 << ", bd_addr=" << p_mcb->bd_addr << ", p_mcb=" << p_mcb;
326 if ((p_mcb->is_initiator && !rfc_cb.rfc.rx_frame.cr) ||
327 (!p_mcb->is_initiator && rfc_cb.rfc.rx_frame.cr)) {
328 LOG(ERROR) << __func__
329 << ": Disconnecting RFCOMM, lcid=" << loghex(lcid)
330 << ", bd_addr=" << p_mcb->bd_addr << ", p_mcb=" << p_mcb;
331 rfc_send_dm(p_mcb, rfc_cb.rfc.rx_frame.dlci, rfc_cb.rfc.rx_frame.pf);
332 }
333 osi_free(p_buf);
334 return;
335 }
336
337 p_port = port_find_dlci_port(rfc_cb.rfc.rx_frame.dlci);
338 if (p_port == nullptr) {
339 LOG(ERROR) << __func__ << ":Disconnecting RFCOMM, no port for dlci "
340 << +rfc_cb.rfc.rx_frame.dlci << ", lcid=" << loghex(lcid)
341 << ", bd_addr=" << p_mcb->bd_addr << ", p_mcb=" << p_mcb;
342 rfc_send_dm(p_mcb, rfc_cb.rfc.rx_frame.dlci, true);
343 osi_free(p_buf);
344 return;
345 }
346 RFCOMM_TRACE_DEBUG("%s: port_handles[dlci=%d]:%d->%d, p_mcb=%p", __func__,
347 rfc_cb.rfc.rx_frame.dlci,
348 p_mcb->port_handles[rfc_cb.rfc.rx_frame.dlci],
349 p_port->handle);
350 p_mcb->port_handles[rfc_cb.rfc.rx_frame.dlci] = p_port->handle;
351 p_port->rfc.p_mcb = p_mcb;
352 }
353
354 if (event == RFC_EVENT_UIH) {
355 RFCOMM_TRACE_DEBUG("%s: Handling UIH event, buf_len=%u, credit=%u",
356 __func__, p_buf->len, rfc_cb.rfc.rx_frame.credit);
357 if (p_buf->len > 0) {
358 rfc_port_sm_execute(p_port, event, p_buf);
359 } else {
360 osi_free(p_buf);
361 }
362
363 if (rfc_cb.rfc.rx_frame.credit != 0) {
364 rfc_inc_credit(p_port, rfc_cb.rfc.rx_frame.credit);
365 }
366
367 return;
368 }
369 rfc_port_sm_execute(p_port, event, nullptr);
370 osi_free(p_buf);
371 }
372
373 /*******************************************************************************
374 *
375 * Function RFCOMM_CongestionStatusInd
376 *
377 * Description This is a callback function called by L2CAP when
378 * data RFCOMM L2CAP congestion status changes
379 *
380 ******************************************************************************/
RFCOMM_CongestionStatusInd(uint16_t lcid,bool is_congested)381 void RFCOMM_CongestionStatusInd(uint16_t lcid, bool is_congested) {
382 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
383
384 if (!p_mcb) {
385 RFCOMM_TRACE_ERROR("RFCOMM_CongestionStatusInd dropped LCID:0x%x", lcid);
386 return;
387 } else {
388 RFCOMM_TRACE_EVENT("RFCOMM_CongestionStatusInd LCID:0x%x", lcid);
389 }
390 rfc_process_l2cap_congestion(p_mcb, is_congested);
391 }
392
393 /*******************************************************************************
394 *
395 * Function rfc_find_lcid_mcb
396 *
397 * Description This function returns MCB block supporting local cid
398 *
399 ******************************************************************************/
rfc_find_lcid_mcb(uint16_t lcid)400 tRFC_MCB* rfc_find_lcid_mcb(uint16_t lcid) {
401 if (lcid - L2CAP_BASE_APPL_CID >= MAX_L2CAP_CHANNELS) {
402 RFCOMM_TRACE_ERROR("rfc_find_lcid_mcb LCID:0x%x", lcid);
403 return nullptr;
404 } else {
405 tRFC_MCB* p_mcb = rfc_cb.rfc.p_rfc_lcid_mcb[lcid - L2CAP_BASE_APPL_CID];
406 if (p_mcb != nullptr) {
407 if (p_mcb->lcid != lcid) {
408 LOG(WARNING) << __func__ << "LCID reused lcid=:" << loghex(lcid)
409 << ", current_lcid=" << loghex(p_mcb->lcid);
410 return nullptr;
411 }
412 }
413 return p_mcb;
414 }
415 }
416
417 /*******************************************************************************
418 *
419 * Function rfc_save_lcid_mcb
420 *
421 * Description This function returns MCB block supporting local cid
422 *
423 ******************************************************************************/
rfc_save_lcid_mcb(tRFC_MCB * p_mcb,uint16_t lcid)424 void rfc_save_lcid_mcb(tRFC_MCB* p_mcb, uint16_t lcid) {
425 if (lcid < L2CAP_BASE_APPL_CID) {
426 LOG(ERROR) << __func__ << ": LCID " << lcid << " is too small";
427 return;
428 }
429 auto mcb_index = static_cast<size_t>(lcid - L2CAP_BASE_APPL_CID);
430 if (mcb_index >= MAX_L2CAP_CHANNELS) {
431 LOG(ERROR) << __func__ << ": LCID " << lcid << " is too large";
432 return;
433 }
434 rfc_cb.rfc.p_rfc_lcid_mcb[mcb_index] = p_mcb;
435 }
436