1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains L2CAP interface functions
22 *
23 ******************************************************************************/
24
25 #include <base/logging.h>
26
27 #include <cstddef>
28 #include <cstdint>
29
30 #include "bt_target.h"
31 #include "common/time_util.h"
32 #include "osi/include/allocator.h"
33 #include "osi/include/log.h"
34 #include "osi/include/osi.h" // UNUSED_ATTR
35 #include "stack/include/bt_hdr.h"
36 #include "stack/include/bt_types.h"
37 #include "stack/include/l2c_api.h"
38 #include "stack/rfcomm/port_int.h"
39 #include "stack/rfcomm/rfc_int.h"
40 #include "types/raw_address.h"
41
42 /*
43 * Define Callback functions to be called by L2CAP
44 */
45 static void RFCOMM_ConnectInd(const RawAddress& bd_addr, uint16_t lcid,
46 uint16_t psm, uint8_t id);
47 static void RFCOMM_ConnectCnf(uint16_t lcid, uint16_t err);
48 static void RFCOMM_ConfigInd(uint16_t lcid, tL2CAP_CFG_INFO* p_cfg);
49 static void RFCOMM_ConfigCnf(uint16_t lcid, uint16_t result,
50 tL2CAP_CFG_INFO* p_cfg);
51 static void RFCOMM_DisconnectInd(uint16_t lcid, bool is_clear);
52 static void RFCOMM_BufDataInd(uint16_t lcid, BT_HDR* p_buf);
53 static void RFCOMM_CongestionStatusInd(uint16_t lcid, bool is_congested);
54
55 /*******************************************************************************
56 *
57 * Function rfcomm_l2cap_if_init
58 *
59 * Description This function is called during the RFCOMM task startup
60 * to register interface functions with L2CAP.
61 *
62 ******************************************************************************/
rfcomm_l2cap_if_init(void)63 void rfcomm_l2cap_if_init(void) {
64 tL2CAP_APPL_INFO* p_l2c = &rfc_cb.rfc.reg_info;
65
66 p_l2c->pL2CA_ConnectInd_Cb = RFCOMM_ConnectInd;
67 p_l2c->pL2CA_ConnectCfm_Cb = RFCOMM_ConnectCnf;
68 p_l2c->pL2CA_ConfigInd_Cb = RFCOMM_ConfigInd;
69 p_l2c->pL2CA_ConfigCfm_Cb = RFCOMM_ConfigCnf;
70 p_l2c->pL2CA_DisconnectInd_Cb = RFCOMM_DisconnectInd;
71 p_l2c->pL2CA_DataInd_Cb = RFCOMM_BufDataInd;
72 p_l2c->pL2CA_CongestionStatus_Cb = RFCOMM_CongestionStatusInd;
73 p_l2c->pL2CA_TxComplete_Cb = NULL;
74 p_l2c->pL2CA_Error_Cb = rfc_on_l2cap_error;
75
76 L2CA_Register(BT_PSM_RFCOMM, rfc_cb.rfc.reg_info, true /* enable_snoop */,
77 nullptr, L2CAP_MTU_SIZE, 0, 0);
78 }
79
80 /*******************************************************************************
81 *
82 * Function RFCOMM_ConnectInd
83 *
84 * Description This is a callback function called by L2CAP when
85 * L2CA_ConnectInd received. Allocate multiplexer control
86 * block and dispatch the event to it.
87 *
88 ******************************************************************************/
RFCOMM_ConnectInd(const RawAddress & bd_addr,uint16_t lcid,UNUSED_ATTR uint16_t psm,uint8_t id)89 void RFCOMM_ConnectInd(const RawAddress& bd_addr, uint16_t lcid,
90 UNUSED_ATTR uint16_t psm, uint8_t id) {
91 tRFC_MCB* p_mcb = rfc_alloc_multiplexer_channel(bd_addr, false);
92
93 if ((p_mcb) && (p_mcb->state != RFC_MX_STATE_IDLE)) {
94 /* if this is collision case */
95 if ((p_mcb->is_initiator) && (p_mcb->state == RFC_MX_STATE_WAIT_CONN_CNF)) {
96 p_mcb->pending_lcid = lcid;
97
98 /* wait random timeout (2 - 12) to resolve collision */
99 /* if peer gives up then local device rejects incoming connection and
100 * continues as initiator */
101 /* if timeout, local device disconnects outgoing connection and continues
102 * as acceptor */
103 RFCOMM_TRACE_DEBUG(
104 "RFCOMM_ConnectInd start timer for collision, initiator's "
105 "LCID(0x%x), acceptor's LCID(0x%x)",
106 p_mcb->lcid, p_mcb->pending_lcid);
107
108 rfc_timer_start(
109 p_mcb,
110 (uint16_t)(bluetooth::common::time_get_os_boottime_ms() % 10 + 2));
111 return;
112 } else {
113 /* we cannot accept connection request from peer at this state */
114 /* don't update lcid */
115 p_mcb = nullptr;
116 }
117 } else {
118 /* store mcb even if null */
119 rfc_save_lcid_mcb(p_mcb, lcid);
120 }
121
122 if (p_mcb == nullptr) {
123 L2CA_DisconnectReq(lcid);
124 return;
125 }
126 p_mcb->lcid = lcid;
127
128 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONN_IND, &id);
129 }
130
131 /*******************************************************************************
132 *
133 * Function RFCOMM_ConnectCnf
134 *
135 * Description This is a callback function called by L2CAP when
136 * L2CA_ConnectCnf received. Save L2CAP handle and dispatch
137 * event to the FSM.
138 *
139 ******************************************************************************/
RFCOMM_ConnectCnf(uint16_t lcid,uint16_t result)140 void RFCOMM_ConnectCnf(uint16_t lcid, uint16_t result) {
141 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
142
143 if (!p_mcb) {
144 RFCOMM_TRACE_ERROR("RFCOMM_ConnectCnf LCID:0x%x", lcid);
145 return;
146 }
147
148 if (p_mcb->pending_lcid) {
149 /* if peer rejects our connect request but peer's connect request is pending
150 */
151 if (result != L2CAP_CONN_OK) {
152 return;
153 } else {
154 RFCOMM_TRACE_DEBUG("RFCOMM_ConnectCnf peer gave up pending LCID(0x%x)",
155 p_mcb->pending_lcid);
156
157 /* Peer gave up its connection request, make sure cleaning up L2CAP
158 * channel */
159 L2CA_DisconnectReq(p_mcb->pending_lcid);
160
161 p_mcb->pending_lcid = 0;
162 }
163 }
164
165 /* Save LCID to be used in all consecutive calls to L2CAP */
166 p_mcb->lcid = lcid;
167
168 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONN_CNF, &result);
169 }
170
171 /*******************************************************************************
172 *
173 * Function RFCOMM_ConfigInd
174 *
175 * Description This is a callback function called by L2CAP when
176 * L2CA_ConfigInd received. Save parameters in the control
177 * block and dispatch event to the FSM.
178 *
179 ******************************************************************************/
RFCOMM_ConfigInd(uint16_t lcid,tL2CAP_CFG_INFO * p_cfg)180 void RFCOMM_ConfigInd(uint16_t lcid, tL2CAP_CFG_INFO* p_cfg) {
181 if (p_cfg == nullptr) {
182 LOG_ERROR("Received l2cap configuration info with nullptr");
183 return;
184 }
185
186 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
187
188 if (!p_mcb) {
189 RFCOMM_TRACE_ERROR("RFCOMM_ConfigInd LCID:0x%x", lcid);
190 for (auto& [cid, mcb] : rfc_lcid_mcb) {
191 if (mcb != nullptr && mcb->pending_lcid == lcid) {
192 tL2CAP_CFG_INFO l2cap_cfg_info(*p_cfg);
193 mcb->pending_configure_complete = true;
194 mcb->pending_cfg_info = l2cap_cfg_info;
195 return;
196 }
197 }
198 return;
199 }
200
201 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONF_IND, (void*)p_cfg);
202 }
203
204 /*******************************************************************************
205 *
206 * Function RFCOMM_ConfigCnf
207 *
208 * Description This is a callback function called by L2CAP when
209 * L2CA_ConfigCnf received. Save L2CAP handle and dispatch
210 * event to the FSM.
211 *
212 ******************************************************************************/
RFCOMM_ConfigCnf(uint16_t lcid,UNUSED_ATTR uint16_t initiator,tL2CAP_CFG_INFO * p_cfg)213 void RFCOMM_ConfigCnf(uint16_t lcid, UNUSED_ATTR uint16_t initiator,
214 tL2CAP_CFG_INFO* p_cfg) {
215 RFCOMM_ConfigInd(lcid, p_cfg);
216
217 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
218
219 if (!p_mcb) {
220 RFCOMM_TRACE_ERROR("RFCOMM_ConfigCnf no MCB LCID:0x%x", lcid);
221 return;
222 }
223 uintptr_t result_as_ptr = L2CAP_CFG_OK;
224 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONF_CNF, (void*)result_as_ptr);
225 }
226
227 /*******************************************************************************
228 *
229 * Function RFCOMM_DisconnectInd
230 *
231 * Description This is a callback function called by L2CAP when
232 * L2CA_DisconnectInd received. Dispatch event to the FSM.
233 *
234 ******************************************************************************/
RFCOMM_DisconnectInd(uint16_t lcid,bool is_conf_needed)235 void RFCOMM_DisconnectInd(uint16_t lcid, bool is_conf_needed) {
236 VLOG(1) << __func__ << ": lcid=" << loghex(lcid)
237 << ", is_conf_needed=" << is_conf_needed;
238 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
239 if (!p_mcb) {
240 LOG(WARNING) << __func__ << ": no mcb for lcid " << loghex(lcid);
241 return;
242 }
243 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_DISC_IND, nullptr);
244 }
245
246 /*******************************************************************************
247 *
248 * Function RFCOMM_BufDataInd
249 *
250 * Description This is a callback function called by L2CAP when
251 * data RFCOMM frame is received. Parse the frames, check
252 * the checksum and dispatch event to multiplexer or port
253 * state machine depending on the frame destination.
254 *
255 ******************************************************************************/
RFCOMM_BufDataInd(uint16_t lcid,BT_HDR * p_buf)256 void RFCOMM_BufDataInd(uint16_t lcid, BT_HDR* p_buf) {
257 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
258
259 if (!p_mcb) {
260 LOG(WARNING) << __func__ << ": Cannot find RFCOMM multiplexer for lcid "
261 << loghex(lcid);
262 osi_free(p_buf);
263 return;
264 }
265
266 tRFC_EVENT event = rfc_parse_data(p_mcb, &rfc_cb.rfc.rx_frame, p_buf);
267
268 /* If the frame did not pass validation just ignore it */
269 if (event == RFC_EVENT_BAD_FRAME) {
270 LOG(WARNING) << __func__ << ": Bad RFCOMM frame from lcid=" << loghex(lcid)
271 << ", bd_addr=" << p_mcb->bd_addr << ", p_mcb=" << p_mcb;
272 osi_free(p_buf);
273 return;
274 }
275
276 if (rfc_cb.rfc.rx_frame.dlci == RFCOMM_MX_DLCI) {
277 RFCOMM_TRACE_DEBUG("%s: handle multiplexer event %d, p_mcb=%p", __func__,
278 event, p_mcb);
279 /* Take special care of the Multiplexer Control Messages */
280 if (event == RFC_EVENT_UIH) {
281 rfc_process_mx_message(p_mcb, p_buf);
282 return;
283 }
284
285 /* Other multiplexer events go to state machine */
286 rfc_mx_sm_execute(p_mcb, static_cast<tRFC_MX_EVENT>(event), nullptr);
287 osi_free(p_buf);
288 return;
289 }
290
291 /* The frame was received on the data channel DLCI, verify that DLC exists */
292 tPORT* p_port = port_find_mcb_dlci_port(p_mcb, rfc_cb.rfc.rx_frame.dlci);
293 if (p_port == nullptr || !p_port->rfc.p_mcb) {
294 /* If this is a SABME on new port, check if any app is waiting for it */
295 if (event != RFC_EVENT_SABME) {
296 LOG(WARNING) << __func__
297 << ": no for none-SABME event, lcid=" << loghex(lcid)
298 << ", bd_addr=" << p_mcb->bd_addr << ", p_mcb=" << p_mcb;
299 if ((p_mcb->is_initiator && !rfc_cb.rfc.rx_frame.cr) ||
300 (!p_mcb->is_initiator && rfc_cb.rfc.rx_frame.cr)) {
301 LOG(ERROR) << __func__
302 << ": Disconnecting RFCOMM, lcid=" << loghex(lcid)
303 << ", bd_addr=" << p_mcb->bd_addr << ", p_mcb=" << p_mcb;
304 rfc_send_dm(p_mcb, rfc_cb.rfc.rx_frame.dlci, rfc_cb.rfc.rx_frame.pf);
305 }
306 osi_free(p_buf);
307 return;
308 }
309
310 p_port = port_find_dlci_port(rfc_cb.rfc.rx_frame.dlci);
311 if (p_port == nullptr) {
312 LOG(ERROR) << __func__ << ":Disconnecting RFCOMM, no port for dlci "
313 << +rfc_cb.rfc.rx_frame.dlci << ", lcid=" << loghex(lcid)
314 << ", bd_addr=" << p_mcb->bd_addr << ", p_mcb=" << p_mcb;
315 rfc_send_dm(p_mcb, rfc_cb.rfc.rx_frame.dlci, true);
316 osi_free(p_buf);
317 return;
318 }
319 RFCOMM_TRACE_DEBUG("%s: port_handles[dlci=%d]:%d->%d, p_mcb=%p", __func__,
320 rfc_cb.rfc.rx_frame.dlci,
321 p_mcb->port_handles[rfc_cb.rfc.rx_frame.dlci],
322 p_port->handle);
323 p_mcb->port_handles[rfc_cb.rfc.rx_frame.dlci] = p_port->handle;
324 p_port->rfc.p_mcb = p_mcb;
325 }
326
327 if (event == RFC_EVENT_UIH) {
328 RFCOMM_TRACE_DEBUG("%s: Handling UIH event, buf_len=%u, credit=%u",
329 __func__, p_buf->len, rfc_cb.rfc.rx_frame.credit);
330 if (p_buf->len > 0) {
331 rfc_port_sm_execute(p_port, static_cast<tRFC_PORT_EVENT>(event), p_buf);
332 } else {
333 osi_free(p_buf);
334 }
335
336 if (rfc_cb.rfc.rx_frame.credit != 0) {
337 rfc_inc_credit(p_port, rfc_cb.rfc.rx_frame.credit);
338 }
339
340 return;
341 }
342 rfc_port_sm_execute(p_port, static_cast<tRFC_PORT_EVENT>(event), nullptr);
343 osi_free(p_buf);
344 }
345
346 /*******************************************************************************
347 *
348 * Function RFCOMM_CongestionStatusInd
349 *
350 * Description This is a callback function called by L2CAP when
351 * data RFCOMM L2CAP congestion status changes
352 *
353 ******************************************************************************/
RFCOMM_CongestionStatusInd(uint16_t lcid,bool is_congested)354 void RFCOMM_CongestionStatusInd(uint16_t lcid, bool is_congested) {
355 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
356
357 if (!p_mcb) {
358 RFCOMM_TRACE_ERROR("RFCOMM_CongestionStatusInd dropped LCID:0x%x", lcid);
359 return;
360 } else {
361 RFCOMM_TRACE_EVENT("RFCOMM_CongestionStatusInd LCID:0x%x", lcid);
362 }
363 rfc_process_l2cap_congestion(p_mcb, is_congested);
364 }
365
366 /*******************************************************************************
367 *
368 * Function rfc_find_lcid_mcb
369 *
370 * Description This function returns MCB block supporting local cid
371 *
372 ******************************************************************************/
rfc_find_lcid_mcb(uint16_t lcid)373 tRFC_MCB* rfc_find_lcid_mcb(uint16_t lcid) {
374 tRFC_MCB* p_mcb = rfc_lcid_mcb[lcid];
375 if (p_mcb != nullptr) {
376 if (p_mcb->lcid != lcid) {
377 LOG(WARNING) << __func__ << "LCID reused lcid=:" << loghex(lcid)
378 << ", current_lcid=" << loghex(p_mcb->lcid);
379 return nullptr;
380 }
381 }
382 return p_mcb;
383 }
384
385 /*******************************************************************************
386 *
387 * Function rfc_save_lcid_mcb
388 *
389 * Description This function returns MCB block supporting local cid
390 *
391 ******************************************************************************/
rfc_save_lcid_mcb(tRFC_MCB * p_mcb,uint16_t lcid)392 void rfc_save_lcid_mcb(tRFC_MCB* p_mcb, uint16_t lcid) {
393 auto mcb_index = static_cast<size_t>(lcid);
394 rfc_lcid_mcb[mcb_index] = p_mcb;
395 }
396