1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains state machine and action routines for multiplexer
22 * channel of the RFCOMM unit
23 *
24 ******************************************************************************/
25
26 #include <cstdint>
27
28 #include "main/shim/dumpsys.h"
29 #include "osi/include/allocator.h"
30 #include "osi/include/log.h"
31 #include "osi/include/osi.h" // UNUSED_ATTR
32 #include "stack/include/bt_hdr.h"
33 #include "stack/include/bt_types.h"
34 #include "stack/include/l2c_api.h"
35 #include "stack/rfcomm/port_int.h"
36 #include "stack/rfcomm/rfc_int.h"
37
38 #include <base/logging.h>
39
40 #define L2CAP_SUCCESS 0
41 #define L2CAP_ERROR 1
42
43 /******************************************************************************/
44 /* L O C A L F U N C T I O N P R O T O T Y P E S */
45 /******************************************************************************/
46 static void rfc_mx_sm_state_idle(tRFC_MCB* p_mcb, tRFC_MX_EVENT event,
47 void* p_data);
48 static void rfc_mx_sm_state_wait_conn_cnf(tRFC_MCB* p_mcb, tRFC_MX_EVENT event,
49 void* p_data);
50 static void rfc_mx_sm_state_configure(tRFC_MCB* p_mcb, tRFC_MX_EVENT event,
51 void* p_data);
52 static void rfc_mx_sm_sabme_wait_ua(tRFC_MCB* p_mcb, tRFC_MX_EVENT event,
53 void* p_data);
54 static void rfc_mx_sm_state_wait_sabme(tRFC_MCB* p_mcb, tRFC_MX_EVENT event,
55 void* p_data);
56 static void rfc_mx_sm_state_connected(tRFC_MCB* p_mcb, tRFC_MX_EVENT event,
57 UNUSED_ATTR void* p_data);
58 static void rfc_mx_sm_state_disc_wait_ua(tRFC_MCB* p_mcb, tRFC_MX_EVENT event,
59 void* p_data);
60
61 static void rfc_mx_conf_ind(tRFC_MCB* p_mcb, tL2CAP_CFG_INFO* p_cfg);
62 static void rfc_mx_conf_cnf(tRFC_MCB* p_mcb, uint16_t result);
63
64 /*******************************************************************************
65 *
66 * Function rfc_mx_sm_execute
67 *
68 * Description This function sends multiplexor events through the state
69 * machine.
70 *
71 * Returns void
72 *
73 ******************************************************************************/
rfc_mx_sm_execute(tRFC_MCB * p_mcb,tRFC_MX_EVENT event,void * p_data)74 void rfc_mx_sm_execute(tRFC_MCB* p_mcb, tRFC_MX_EVENT event, void* p_data) {
75 CHECK(p_mcb != nullptr) << __func__ << ": NULL mcb for event " << event;
76
77 LOG_INFO(
78 "RFCOMM peer:%s event:%d state:%s", ADDRESS_TO_LOGGABLE_CSTR(p_mcb->bd_addr),
79 event,
80 rfcomm_mx_state_text(static_cast<tRFC_MX_STATE>(p_mcb->state)).c_str());
81
82 switch (p_mcb->state) {
83 case RFC_MX_STATE_IDLE:
84 rfc_mx_sm_state_idle(p_mcb, event, p_data);
85 break;
86
87 case RFC_MX_STATE_WAIT_CONN_CNF:
88 rfc_mx_sm_state_wait_conn_cnf(p_mcb, event, p_data);
89 break;
90
91 case RFC_MX_STATE_CONFIGURE:
92 rfc_mx_sm_state_configure(p_mcb, event, p_data);
93 break;
94
95 case RFC_MX_STATE_SABME_WAIT_UA:
96 rfc_mx_sm_sabme_wait_ua(p_mcb, event, p_data);
97 break;
98
99 case RFC_MX_STATE_WAIT_SABME:
100 rfc_mx_sm_state_wait_sabme(p_mcb, event, p_data);
101 break;
102
103 case RFC_MX_STATE_CONNECTED:
104 rfc_mx_sm_state_connected(p_mcb, event, p_data);
105 break;
106
107 case RFC_MX_STATE_DISC_WAIT_UA:
108 rfc_mx_sm_state_disc_wait_ua(p_mcb, event, p_data);
109 break;
110
111 default:
112 LOG_ERROR("Received unexpected event:%hu in state:%hhu", event,
113 p_mcb->state);
114 }
115 }
116
117 /*******************************************************************************
118 *
119 * Function rfc_mx_sm_state_idle
120 *
121 * Description This function handles events when the multiplexer is in
122 * IDLE state. This state exists when connection is being
123 * initially established.
124 *
125 * Returns void
126 *
127 ******************************************************************************/
rfc_mx_sm_state_idle(tRFC_MCB * p_mcb,tRFC_MX_EVENT event,void * p_data)128 void rfc_mx_sm_state_idle(tRFC_MCB* p_mcb, tRFC_MX_EVENT event, void* p_data) {
129 switch (event) {
130 case RFC_MX_EVENT_START_REQ: {
131 /* Initialize L2CAP MTU */
132 p_mcb->peer_l2cap_mtu = L2CAP_DEFAULT_MTU - RFCOMM_MIN_OFFSET - 1;
133
134 uint16_t lcid = L2CA_ConnectReq(BT_PSM_RFCOMM, p_mcb->bd_addr);
135 if (lcid == 0) {
136 LOG(ERROR) << __func__ << ": failed to open L2CAP channel for "
137 << p_mcb->bd_addr;
138 rfc_save_lcid_mcb(nullptr, p_mcb->lcid);
139 p_mcb->lcid = 0;
140 PORT_StartCnf(p_mcb, RFCOMM_ERROR);
141 return;
142 }
143 p_mcb->lcid = lcid;
144 /* Save entry for quicker access to mcb based on the LCID */
145 rfc_save_lcid_mcb(p_mcb, p_mcb->lcid);
146
147 p_mcb->state = RFC_MX_STATE_WAIT_CONN_CNF;
148 return;
149 }
150
151 case RFC_MX_EVENT_CONN_IND:
152
153 rfc_timer_start(p_mcb, RFCOMM_CONN_TIMEOUT);
154
155 p_mcb->state = RFC_MX_STATE_CONFIGURE;
156 return;
157
158 case RFC_MX_EVENT_SABME:
159 break;
160
161 case RFC_MX_EVENT_UA:
162 case RFC_MX_EVENT_DM:
163 return;
164
165 case RFC_MX_EVENT_DISC:
166 rfc_send_dm(p_mcb, RFCOMM_MX_DLCI, true);
167 return;
168
169 case RFC_MX_EVENT_UIH:
170 rfc_send_dm(p_mcb, RFCOMM_MX_DLCI, false);
171 return;
172
173 default:
174 RFCOMM_TRACE_ERROR("Mx error state %d event %d", p_mcb->state, event);
175 return;
176 }
177 RFCOMM_TRACE_EVENT("RFCOMM MX ignored - evt:%d in state:%d", event,
178 p_mcb->state);
179 }
180
181 /*******************************************************************************
182 *
183 * Function rfc_mx_sm_state_wait_conn_cnf
184 *
185 * Description This function handles events when the multiplexer is
186 * waiting for Connection Confirm from L2CAP.
187 *
188 * Returns void
189 *
190 ******************************************************************************/
rfc_mx_sm_state_wait_conn_cnf(tRFC_MCB * p_mcb,tRFC_MX_EVENT event,void * p_data)191 void rfc_mx_sm_state_wait_conn_cnf(tRFC_MCB* p_mcb, tRFC_MX_EVENT event,
192 void* p_data) {
193 RFCOMM_TRACE_EVENT("%s: evt %d", __func__, event);
194 switch (event) {
195 case RFC_MX_EVENT_START_REQ:
196 RFCOMM_TRACE_ERROR("Mx error state %d event %d", p_mcb->state, event);
197 return;
198
199 /* There is some new timing so that Config Ind comes before security is
200 completed
201 so we are still waiting fo the confirmation. */
202 case RFC_MX_EVENT_CONF_IND:
203 rfc_mx_conf_ind(p_mcb, (tL2CAP_CFG_INFO*)p_data);
204 return;
205
206 case RFC_MX_EVENT_CONN_CNF:
207 if (*((uint16_t*)p_data) != L2CAP_SUCCESS) {
208 p_mcb->state = RFC_MX_STATE_IDLE;
209
210 PORT_StartCnf(p_mcb, *((uint16_t*)p_data));
211 return;
212 }
213 p_mcb->state = RFC_MX_STATE_CONFIGURE;
214 return;
215
216 case RFC_MX_EVENT_DISC_IND:
217 p_mcb->state = RFC_MX_STATE_IDLE;
218 PORT_CloseInd(p_mcb);
219 return;
220
221 case RFC_MX_EVENT_TIMEOUT:
222 p_mcb->state = RFC_MX_STATE_IDLE;
223 L2CA_DisconnectReq(p_mcb->lcid);
224
225 /* we gave up outgoing connection request then try peer's request */
226 if (p_mcb->pending_lcid) {
227 uint16_t i;
228 uint8_t handle;
229
230 RFCOMM_TRACE_DEBUG(
231 "RFCOMM MX retry as acceptor in collision case - evt:%d in "
232 "state:%d",
233 event, p_mcb->state);
234
235 rfc_save_lcid_mcb(NULL, p_mcb->lcid);
236 p_mcb->lcid = p_mcb->pending_lcid;
237 rfc_save_lcid_mcb(p_mcb, p_mcb->lcid);
238
239 p_mcb->is_initiator = false;
240
241 /* update direction bit */
242 for (i = 0; i < RFCOMM_MAX_DLCI; i += 2) {
243 handle = p_mcb->port_handles[i];
244 if (handle != 0) {
245 p_mcb->port_handles[i] = 0;
246 p_mcb->port_handles[i + 1] = handle;
247 rfc_cb.port.port[handle - 1].dlci += 1;
248 RFCOMM_TRACE_DEBUG("RFCOMM MX - DLCI:%d -> %d", i,
249 rfc_cb.port.port[handle - 1].dlci);
250 }
251 }
252
253 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONN_IND, nullptr);
254 } else {
255 PORT_CloseInd(p_mcb);
256 }
257 return;
258 default:
259 LOG_ERROR("Received unexpected event:%hu in state:%hhu", event,
260 p_mcb->state);
261 }
262 RFCOMM_TRACE_EVENT("RFCOMM MX ignored - evt:%d in state:%d", event,
263 p_mcb->state);
264 }
265
266 /*******************************************************************************
267 *
268 * Function rfc_mx_sm_state_configure
269 *
270 * Description This function handles events when the multiplexer in the
271 * configuration state.
272 *
273 * Returns void
274 *
275 ******************************************************************************/
rfc_mx_sm_state_configure(tRFC_MCB * p_mcb,tRFC_MX_EVENT event,void * p_data)276 void rfc_mx_sm_state_configure(tRFC_MCB* p_mcb, tRFC_MX_EVENT event,
277 void* p_data) {
278 RFCOMM_TRACE_EVENT("%s: event %d", __func__, event);
279 switch (event) {
280 case RFC_MX_EVENT_START_REQ:
281 case RFC_MX_EVENT_CONN_CNF:
282
283 RFCOMM_TRACE_ERROR("Mx error state %d event %d", p_mcb->state, event);
284 return;
285
286 case RFC_MX_EVENT_CONF_IND:
287 rfc_mx_conf_ind(p_mcb, (tL2CAP_CFG_INFO*)p_data);
288 return;
289
290 case RFC_MX_EVENT_CONF_CNF:
291 rfc_mx_conf_cnf(p_mcb, (uintptr_t)p_data);
292 return;
293
294 case RFC_MX_EVENT_DISC_IND:
295 p_mcb->state = RFC_MX_STATE_IDLE;
296 PORT_CloseInd(p_mcb);
297 return;
298
299 case RFC_MX_EVENT_TIMEOUT:
300 LOG(ERROR) << __func__ << ": L2CAP configuration timeout for "
301 << p_mcb->bd_addr;
302 p_mcb->state = RFC_MX_STATE_IDLE;
303 L2CA_DisconnectReq(p_mcb->lcid);
304
305 PORT_StartCnf(p_mcb, RFCOMM_ERROR);
306 return;
307 default:
308 LOG_ERROR("Received unexpected event:%hu in state:%hhu", event,
309 p_mcb->state);
310 }
311 RFCOMM_TRACE_EVENT("RFCOMM MX ignored - evt:%d in state:%d", event,
312 p_mcb->state);
313 }
314
315 /*******************************************************************************
316 *
317 * Function rfc_mx_sm_sabme_wait_ua
318 *
319 * Description This function handles events when the multiplexer sent
320 * SABME and is waiting for UA reply.
321 *
322 * Returns void
323 *
324 ******************************************************************************/
rfc_mx_sm_sabme_wait_ua(tRFC_MCB * p_mcb,tRFC_MX_EVENT event,UNUSED_ATTR void * p_data)325 void rfc_mx_sm_sabme_wait_ua(tRFC_MCB* p_mcb, tRFC_MX_EVENT event,
326 UNUSED_ATTR void* p_data) {
327 RFCOMM_TRACE_EVENT("%s: event %d", __func__, event);
328 switch (event) {
329 case RFC_MX_EVENT_START_REQ:
330 case RFC_MX_EVENT_CONN_CNF:
331 RFCOMM_TRACE_ERROR("Mx error state %d event %d", p_mcb->state, event);
332 return;
333
334 /* workaround: we don't support reconfig */
335 /* commented out until we support reconfig
336 case RFC_MX_EVENT_CONF_IND:
337 rfc_mx_conf_ind (p_mcb, (tL2CAP_CFG_INFO *)p_data);
338 return;
339
340 case RFC_MX_EVENT_CONF_CNF:
341 rfc_mx_conf_cnf (p_mcb, (tL2CAP_CFG_INFO *)p_data);
342 return;
343 */
344
345 case RFC_MX_EVENT_DISC_IND:
346 p_mcb->state = RFC_MX_STATE_IDLE;
347 PORT_CloseInd(p_mcb);
348 return;
349
350 case RFC_MX_EVENT_UA:
351 rfc_timer_stop(p_mcb);
352
353 p_mcb->state = RFC_MX_STATE_CONNECTED;
354 p_mcb->peer_ready = true;
355
356 PORT_StartCnf(p_mcb, RFCOMM_SUCCESS);
357 return;
358
359 case RFC_MX_EVENT_DM:
360 rfc_timer_stop(p_mcb);
361 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
362
363 case RFC_MX_EVENT_CONF_IND: /* workaround: we don't support reconfig */
364 case RFC_MX_EVENT_CONF_CNF: /* workaround: we don't support reconfig */
365 case RFC_MX_EVENT_TIMEOUT:
366 p_mcb->state = RFC_MX_STATE_IDLE;
367 L2CA_DisconnectReq(p_mcb->lcid);
368
369 PORT_StartCnf(p_mcb, RFCOMM_ERROR);
370 return;
371 default:
372 LOG_ERROR("Received unexpected event:%hu in state:%hhu", event,
373 p_mcb->state);
374 }
375 RFCOMM_TRACE_EVENT("RFCOMM MX ignored - evt:%d in state:%d", event,
376 p_mcb->state);
377 }
378
379 /*******************************************************************************
380 *
381 * Function rfc_mx_sm_state_wait_sabme
382 *
383 * Description This function handles events when the multiplexer is
384 * waiting for SABME on the acceptor side after configuration
385 *
386 * Returns void
387 *
388 ******************************************************************************/
rfc_mx_sm_state_wait_sabme(tRFC_MCB * p_mcb,tRFC_MX_EVENT event,void * p_data)389 void rfc_mx_sm_state_wait_sabme(tRFC_MCB* p_mcb, tRFC_MX_EVENT event,
390 void* p_data) {
391 RFCOMM_TRACE_EVENT("%s: event %d", __func__, event);
392 switch (event) {
393 case RFC_MX_EVENT_DISC_IND:
394 p_mcb->state = RFC_MX_STATE_IDLE;
395 PORT_CloseInd(p_mcb);
396 return;
397
398 case RFC_MX_EVENT_SABME:
399 /* if we gave up outgoing connection request */
400 if (p_mcb->pending_lcid) {
401 p_mcb->pending_lcid = 0;
402
403 rfc_send_ua(p_mcb, RFCOMM_MX_DLCI);
404
405 rfc_timer_stop(p_mcb);
406 p_mcb->state = RFC_MX_STATE_CONNECTED;
407 p_mcb->peer_ready = true;
408
409 /* MX channel collision has been resolved, continue to open ports */
410 PORT_StartCnf(p_mcb, RFCOMM_SUCCESS);
411 } else {
412 rfc_timer_stop(p_mcb);
413 PORT_StartInd(p_mcb);
414 }
415 return;
416
417 case RFC_MX_EVENT_START_RSP:
418 if (*((uint16_t*)p_data) != RFCOMM_SUCCESS)
419 rfc_send_dm(p_mcb, RFCOMM_MX_DLCI, true);
420 else {
421 rfc_send_ua(p_mcb, RFCOMM_MX_DLCI);
422
423 p_mcb->state = RFC_MX_STATE_CONNECTED;
424 p_mcb->peer_ready = true;
425 PORT_StartCnf(p_mcb, RFCOMM_SUCCESS);
426 }
427 return;
428
429 case RFC_MX_EVENT_CONF_IND: /* workaround: we don't support reconfig */
430 case RFC_MX_EVENT_CONF_CNF: /* workaround: we don't support reconfig */
431 case RFC_MX_EVENT_TIMEOUT:
432 p_mcb->state = RFC_MX_STATE_IDLE;
433 L2CA_DisconnectReq(p_mcb->lcid);
434
435 PORT_CloseInd(p_mcb);
436 return;
437
438 default:
439 LOG_WARN("RFCOMM MX ignored - evt:%d in state:%d", event, p_mcb->state);
440 }
441 RFCOMM_TRACE_EVENT("RFCOMM MX ignored - evt:%d in state:%d", event,
442 p_mcb->state);
443 }
444
445 /*******************************************************************************
446 *
447 * Function rfc_mx_sm_state_connected
448 *
449 * Description This function handles events when the multiplexer is
450 * in the CONNECTED state
451 *
452 * Returns void
453 *
454 ******************************************************************************/
rfc_mx_sm_state_connected(tRFC_MCB * p_mcb,tRFC_MX_EVENT event,UNUSED_ATTR void * p_data)455 void rfc_mx_sm_state_connected(tRFC_MCB* p_mcb, tRFC_MX_EVENT event,
456 UNUSED_ATTR void* p_data) {
457 RFCOMM_TRACE_EVENT("%s: event %d", __func__, event);
458
459 switch (event) {
460 case RFC_MX_EVENT_TIMEOUT:
461 case RFC_MX_EVENT_CLOSE_REQ:
462 rfc_timer_start(p_mcb, RFC_DISC_TIMEOUT);
463 p_mcb->state = RFC_MX_STATE_DISC_WAIT_UA;
464 rfc_send_disc(p_mcb, RFCOMM_MX_DLCI);
465 return;
466
467 case RFC_MX_EVENT_DISC_IND:
468 p_mcb->state = RFC_MX_STATE_IDLE;
469 PORT_CloseInd(p_mcb);
470 return;
471
472 case RFC_MX_EVENT_DISC:
473 /* Reply with UA. If initiator bring down L2CAP connection */
474 /* If server wait for some time if client decide to reinitiate channel */
475 rfc_send_ua(p_mcb, RFCOMM_MX_DLCI);
476 if (p_mcb->is_initiator) {
477 L2CA_DisconnectReq(p_mcb->lcid);
478 }
479 /* notify all ports that connection is gone */
480 PORT_CloseInd(p_mcb);
481 return;
482 default:
483 LOG_ERROR("Received unexpected event:%hu in state:%hhu", event,
484 p_mcb->state);
485 }
486 RFCOMM_TRACE_EVENT("RFCOMM MX ignored - evt:%d in state:%d", event,
487 p_mcb->state);
488 }
489
490 /*******************************************************************************
491 *
492 * Function rfc_mx_sm_state_disc_wait_ua
493 *
494 * Description This function handles events when the multiplexer sent
495 * DISC and is waiting for UA reply.
496 *
497 * Returns void
498 *
499 ******************************************************************************/
rfc_mx_sm_state_disc_wait_ua(tRFC_MCB * p_mcb,tRFC_MX_EVENT event,void * p_data)500 void rfc_mx_sm_state_disc_wait_ua(tRFC_MCB* p_mcb, tRFC_MX_EVENT event,
501 void* p_data) {
502 BT_HDR* p_buf;
503
504 RFCOMM_TRACE_EVENT("%s: event %d", __func__, event);
505 switch (event) {
506 case RFC_MX_EVENT_UA:
507 case RFC_MX_EVENT_DM:
508 case RFC_MX_EVENT_TIMEOUT:
509 L2CA_DisconnectReq(p_mcb->lcid);
510
511 if (p_mcb->restart_required) {
512 /* Start Request was received while disconnecting. Execute it again */
513 uint16_t lcid = L2CA_ConnectReq(BT_PSM_RFCOMM, p_mcb->bd_addr);
514 if (lcid == 0) {
515 rfc_save_lcid_mcb(NULL, p_mcb->lcid);
516 p_mcb->lcid = 0;
517 PORT_StartCnf(p_mcb, RFCOMM_ERROR);
518 return;
519 }
520 p_mcb->lcid = lcid;
521 /* Save entry for quicker access to mcb based on the LCID */
522 rfc_save_lcid_mcb(p_mcb, p_mcb->lcid);
523
524 /* clean up before reuse it */
525 while ((p_buf = (BT_HDR*)fixed_queue_try_dequeue(p_mcb->cmd_q)) != NULL)
526 osi_free(p_buf);
527
528 rfc_timer_start(p_mcb, RFC_MCB_INIT_INACT_TIMER);
529
530 p_mcb->is_initiator = true;
531 p_mcb->restart_required = false;
532
533 p_mcb->state = RFC_MX_STATE_WAIT_CONN_CNF;
534 return;
535 }
536 rfc_release_multiplexer_channel(p_mcb);
537 return;
538
539 case RFC_MX_EVENT_DISC:
540 rfc_send_ua(p_mcb, RFCOMM_MX_DLCI);
541 return;
542
543 case RFC_MX_EVENT_UIH:
544 osi_free(p_data);
545 rfc_send_dm(p_mcb, RFCOMM_MX_DLCI, false);
546 return;
547
548 case RFC_MX_EVENT_START_REQ:
549 p_mcb->restart_required = true;
550 return;
551
552 case RFC_MX_EVENT_DISC_IND:
553 p_mcb->state = RFC_MX_STATE_IDLE;
554 PORT_CloseInd(p_mcb);
555 return;
556
557 case RFC_MX_EVENT_CLOSE_REQ:
558 return;
559
560 case RFC_MX_EVENT_QOS_VIOLATION_IND:
561 break;
562 default:
563 LOG_ERROR("Received unexpected event:%hu in state:%hhu", event,
564 p_mcb->state);
565 }
566 RFCOMM_TRACE_EVENT("RFCOMM MX ignored - evt:%d in state:%d", event,
567 p_mcb->state);
568 }
569
rfc_on_l2cap_error(uint16_t lcid,uint16_t result)570 void rfc_on_l2cap_error(uint16_t lcid, uint16_t result) {
571 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
572 if (p_mcb == nullptr) return;
573
574 if (result & L2CAP_CONN_INTERNAL_MASK) {
575 /* if peer rejects our connect request but peer's connect request is pending
576 */
577 if (p_mcb->pending_lcid) {
578 RFCOMM_TRACE_DEBUG(
579 "RFCOMM_ConnectCnf retry as acceptor on pending LCID(0x%x)",
580 p_mcb->pending_lcid);
581
582 /* remove mcb from mapping table */
583 rfc_save_lcid_mcb(NULL, p_mcb->lcid);
584
585 p_mcb->lcid = p_mcb->pending_lcid;
586 p_mcb->is_initiator = false;
587 p_mcb->state = RFC_MX_STATE_IDLE;
588
589 /* store mcb into mapping table */
590 rfc_save_lcid_mcb(p_mcb, p_mcb->lcid);
591
592 /* update direction bit */
593 for (int i = 0; i < RFCOMM_MAX_DLCI; i += 2) {
594 uint8_t handle = p_mcb->port_handles[i];
595 if (handle != 0) {
596 p_mcb->port_handles[i] = 0;
597 p_mcb->port_handles[i + 1] = handle;
598 rfc_cb.port.port[handle - 1].dlci += 1;
599 RFCOMM_TRACE_DEBUG("RFCOMM MX, port_handle=%d, DLCI[%d->%d]", handle,
600 i, rfc_cb.port.port[handle - 1].dlci);
601 }
602 }
603 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONN_IND, nullptr);
604 if (p_mcb->pending_configure_complete) {
605 LOG_INFO("Configuration of the pending connection was completed");
606 p_mcb->pending_configure_complete = false;
607 uintptr_t result_as_ptr = L2CAP_CFG_OK;
608 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONF_IND,
609 &p_mcb->pending_cfg_info);
610 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONF_CNF, (void*)result_as_ptr);
611 }
612 return;
613 }
614
615 p_mcb->lcid = lcid;
616 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONN_CNF, &result);
617 } else if (result == L2CAP_CFG_FAILED_NO_REASON) {
618 LOG(ERROR) << __func__ << ": failed to configure L2CAP for "
619 << p_mcb->bd_addr;
620 if (p_mcb->is_initiator) {
621 LOG(ERROR) << __func__ << ": disconnect L2CAP due to config failure for "
622 << p_mcb->bd_addr;
623 PORT_StartCnf(p_mcb, result);
624 L2CA_DisconnectReq(p_mcb->lcid);
625 }
626 rfc_release_multiplexer_channel(p_mcb);
627 }
628 }
629
630 /*******************************************************************************
631 *
632 * Function rfc_mx_conf_cnf
633 *
634 * Description This function handles L2CA_ConfigCnf message from the
635 * L2CAP. If result is not success tell upper layer that
636 * start has not been accepted. If initiator send SABME
637 * on DLCI 0. T1 is still running.
638 *
639 ******************************************************************************/
rfc_mx_conf_cnf(tRFC_MCB * p_mcb,uint16_t result)640 static void rfc_mx_conf_cnf(tRFC_MCB* p_mcb, uint16_t result) {
641 if (p_mcb->state == RFC_MX_STATE_CONFIGURE) {
642 if (p_mcb->is_initiator) {
643 p_mcb->state = RFC_MX_STATE_SABME_WAIT_UA;
644 rfc_send_sabme(p_mcb, RFCOMM_MX_DLCI);
645 rfc_timer_start(p_mcb, RFC_T1_TIMEOUT);
646 } else {
647 p_mcb->state = RFC_MX_STATE_WAIT_SABME;
648 rfc_timer_start(
649 p_mcb, RFCOMM_CONN_TIMEOUT); /* - increased from T2=20 to CONN=120
650 to allow the user more than 10 sec to type in the
651 pin which can be e.g. 16 digits */
652 }
653 }
654 }
655
656 /*******************************************************************************
657 *
658 * Function rfc_mx_conf_ind
659 *
660 * Description This function handles L2CA_ConfigInd message from the
661 * L2CAP. Send the L2CA_ConfigRsp message.
662 *
663 ******************************************************************************/
rfc_mx_conf_ind(tRFC_MCB * p_mcb,tL2CAP_CFG_INFO * p_cfg)664 static void rfc_mx_conf_ind(tRFC_MCB* p_mcb, tL2CAP_CFG_INFO* p_cfg) {
665 /* Save peer L2CAP MTU if present */
666 /* RFCOMM adds 3-4 bytes in the beginning and 1 bytes FCS */
667 if (p_cfg->mtu_present) {
668 p_mcb->peer_l2cap_mtu = p_cfg->mtu - RFCOMM_MIN_OFFSET - 1;
669 } else {
670 p_mcb->peer_l2cap_mtu = L2CAP_DEFAULT_MTU - RFCOMM_MIN_OFFSET - 1;
671 }
672 }
673