1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains state machine and action routines for a port of the
22 * RFCOMM unit
23 *
24 ******************************************************************************/
25
26 #include <base/logging.h>
27
28 #include <cstdint>
29 #include <cstring>
30 #include <set>
31
32 #include "bt_target.h"
33 #include "gd/hal/snoop_logger.h"
34 #include "main/shim/shim.h"
35 #include "osi/include/allocator.h"
36 #include "osi/include/log.h"
37 #include "osi/include/osi.h" // UNUSED_ATTR
38 #include "stack/btm/btm_sec.h"
39 #include "stack/include/bt_hdr.h"
40 #include "stack/include/sdpdefs.h"
41 #include "stack/l2cap/l2c_int.h"
42 #include "stack/rfcomm/port_int.h"
43 #include "stack/rfcomm/rfc_int.h"
44
45 static const std::set<uint16_t> uuid_logging_acceptlist = {
46 UUID_SERVCLASS_HEADSET_AUDIO_GATEWAY,
47 UUID_SERVCLASS_AG_HANDSFREE,
48 };
49
50 /******************************************************************************/
51 /* L O C A L F U N C T I O N P R O T O T Y P E S */
52 /******************************************************************************/
53 static void rfc_port_sm_state_closed(tPORT* p_port, tRFC_PORT_EVENT event,
54 void* p_data);
55 static void rfc_port_sm_sabme_wait_ua(tPORT* p_port, tRFC_PORT_EVENT event,
56 void* p_data);
57 static void rfc_port_sm_opened(tPORT* p_port, tRFC_PORT_EVENT event,
58 void* p_data);
59 static void rfc_port_sm_orig_wait_sec_check(tPORT* p_port,
60 tRFC_PORT_EVENT event,
61 void* p_data);
62 static void rfc_port_sm_term_wait_sec_check(tPORT* p_port,
63 tRFC_PORT_EVENT event,
64 void* p_data);
65 static void rfc_port_sm_disc_wait_ua(tPORT* p_port, tRFC_PORT_EVENT event,
66 void* p_data);
67
68 static void rfc_port_uplink_data(tPORT* p_port, BT_HDR* p_buf);
69
70 static void rfc_set_port_state(tPORT_STATE* port_pars, MX_FRAME* p_frame);
71
72 /*******************************************************************************
73 *
74 * Function rfc_port_sm_execute
75 *
76 * Description This function sends port events through the state
77 * machine.
78 *
79 * Returns void
80 *
81 ******************************************************************************/
rfc_port_sm_execute(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)82 void rfc_port_sm_execute(tPORT* p_port, tRFC_PORT_EVENT event, void* p_data) {
83 CHECK(p_port != nullptr) << __func__ << ": NULL port event " << event;
84 VLOG(1) << __func__ << ": BD_ADDR=" << p_port->bd_addr
85 << ", PORT=" << std::to_string(p_port->handle)
86 << ", STATE=" << std::to_string(p_port->rfc.state)
87 << ", EVENT=" << event;
88 switch (p_port->rfc.state) {
89 case RFC_STATE_CLOSED:
90 rfc_port_sm_state_closed(p_port, event, p_data);
91 break;
92
93 case RFC_STATE_SABME_WAIT_UA:
94 rfc_port_sm_sabme_wait_ua(p_port, event, p_data);
95 break;
96
97 case RFC_STATE_ORIG_WAIT_SEC_CHECK:
98 rfc_port_sm_orig_wait_sec_check(p_port, event, p_data);
99 break;
100
101 case RFC_STATE_TERM_WAIT_SEC_CHECK:
102 rfc_port_sm_term_wait_sec_check(p_port, event, p_data);
103 break;
104
105 case RFC_STATE_OPENED:
106 rfc_port_sm_opened(p_port, event, p_data);
107 break;
108
109 case RFC_STATE_DISC_WAIT_UA:
110 rfc_port_sm_disc_wait_ua(p_port, event, p_data);
111 break;
112 }
113 }
114
115 /*******************************************************************************
116 *
117 * Function rfc_port_sm_state_closed
118 *
119 * Description This function handles events when the port is in
120 * CLOSED state. This state exists when port is
121 * being initially established.
122 *
123 * Returns void
124 *
125 ******************************************************************************/
rfc_port_sm_state_closed(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)126 void rfc_port_sm_state_closed(tPORT* p_port, tRFC_PORT_EVENT event,
127 void* p_data) {
128 switch (event) {
129 case RFC_PORT_EVENT_OPEN:
130 p_port->rfc.state = RFC_STATE_ORIG_WAIT_SEC_CHECK;
131 btm_sec_mx_access_request(p_port->rfc.p_mcb->bd_addr, true,
132 p_port->sec_mask, &rfc_sec_check_complete,
133 p_port);
134 return;
135
136 case RFC_PORT_EVENT_CLOSE:
137 break;
138
139 case RFC_PORT_EVENT_CLEAR:
140 return;
141
142 case RFC_PORT_EVENT_DATA:
143 osi_free(p_data);
144 break;
145
146 case RFC_PORT_EVENT_SABME:
147 /* make sure the multiplexer disconnect timer is not running (reconnect
148 * case) */
149 rfc_timer_stop(p_port->rfc.p_mcb);
150
151 /* Open will be continued after security checks are passed */
152 p_port->rfc.state = RFC_STATE_TERM_WAIT_SEC_CHECK;
153 btm_sec_mx_access_request(p_port->rfc.p_mcb->bd_addr, false,
154 p_port->sec_mask, &rfc_sec_check_complete,
155 p_port);
156 return;
157
158 case RFC_PORT_EVENT_UA:
159 return;
160
161 case RFC_PORT_EVENT_DM:
162 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DM, index=%d", __func__,
163 p_port->handle);
164 rfc_port_closed(p_port);
165 return;
166
167 case RFC_PORT_EVENT_UIH:
168 osi_free(p_data);
169 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, false);
170 return;
171
172 case RFC_PORT_EVENT_DISC:
173 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, false);
174 return;
175
176 case RFC_PORT_EVENT_TIMEOUT:
177 Port_TimeOutCloseMux(p_port->rfc.p_mcb);
178 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
179 event);
180 return;
181 default:
182 LOG_ERROR("Received unexpected event:%hu in state:%hhu", event,
183 p_port->rfc.state);
184 }
185
186 RFCOMM_TRACE_WARNING("Port state closed Event ignored %d", event);
187 return;
188 }
189
190 /*******************************************************************************
191 *
192 * Function rfc_port_sm_sabme_wait_ua
193 *
194 * Description This function handles events when SABME on the DLC was
195 * sent and SM is waiting for UA or DM.
196 *
197 * Returns void
198 *
199 ******************************************************************************/
rfc_port_sm_sabme_wait_ua(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)200 void rfc_port_sm_sabme_wait_ua(tPORT* p_port, tRFC_PORT_EVENT event,
201 void* p_data) {
202 switch (event) {
203 case RFC_PORT_EVENT_OPEN:
204 case RFC_PORT_EVENT_ESTABLISH_RSP:
205 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
206 event);
207 return;
208
209 case RFC_PORT_EVENT_CLOSE:
210 rfc_port_timer_start(p_port, RFC_DISC_TIMEOUT);
211 rfc_send_disc(p_port->rfc.p_mcb, p_port->dlci);
212 p_port->rfc.expected_rsp = 0;
213 p_port->rfc.state = RFC_STATE_DISC_WAIT_UA;
214 return;
215
216 case RFC_PORT_EVENT_CLEAR:
217 RFCOMM_TRACE_WARNING("%s, RFC_PORT_EVENT_CLEAR, index=%d", __func__,
218 p_port->handle);
219 rfc_port_closed(p_port);
220 return;
221
222 case RFC_PORT_EVENT_DATA:
223 osi_free(p_data);
224 break;
225
226 case RFC_PORT_EVENT_UA:
227 rfc_port_timer_stop(p_port);
228 p_port->rfc.state = RFC_STATE_OPENED;
229
230 if (uuid_logging_acceptlist.find(p_port->uuid) !=
231 uuid_logging_acceptlist.end()) {
232 // Find Channel Control Block by Channel ID
233 tL2C_CCB* p_ccb =
234 l2cu_find_ccb_by_cid(nullptr, p_port->rfc.p_mcb->lcid);
235 if (p_ccb) {
236 bluetooth::shim::GetSnoopLogger()->AcceptlistRfcommDlci(
237 p_ccb->p_lcb->Handle(), p_port->rfc.p_mcb->lcid, p_port->dlci);
238 }
239 }
240 if (p_port->rfc.p_mcb) {
241 uint16_t lcid;
242 tL2C_CCB* ccb;
243
244 lcid = p_port->rfc.p_mcb->lcid;
245 ccb = l2cu_find_ccb_by_cid(nullptr, lcid);
246
247 if (ccb) {
248 bluetooth::shim::GetSnoopLogger()->SetRfcommPortOpen(
249 ccb->p_lcb->Handle(), lcid, p_port->dlci, p_port->uuid,
250 p_port->rfc.p_mcb->flow == PORT_FC_CREDIT);
251 }
252 }
253
254 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
255 p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_SUCCESS);
256 return;
257
258 case RFC_PORT_EVENT_DM:
259 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DM, index=%d", __func__,
260 p_port->handle);
261 p_port->rfc.p_mcb->is_disc_initiator = true;
262 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
263 p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_ERROR);
264 rfc_port_closed(p_port);
265 return;
266
267 case RFC_PORT_EVENT_DISC:
268 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DISC, index=%d", __func__,
269 p_port->handle);
270 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
271 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
272 p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_ERROR);
273 rfc_port_closed(p_port);
274 return;
275
276 case RFC_PORT_EVENT_SABME:
277 /* Continue to wait for the UA the SABME this side sent */
278 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
279 return;
280
281 case RFC_PORT_EVENT_UIH:
282 osi_free(p_data);
283 return;
284
285 case RFC_PORT_EVENT_TIMEOUT:
286 p_port->rfc.state = RFC_STATE_CLOSED;
287 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
288 p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_ERROR);
289 return;
290 default:
291 LOG_ERROR("Received unexpected event:%hu in state:%hhu", event,
292 p_port->rfc.state);
293 }
294 RFCOMM_TRACE_WARNING("Port state sabme_wait_ua Event ignored %d", event);
295 }
296
297 /*******************************************************************************
298 *
299 * Function rfc_port_sm_term_wait_sec_check
300 *
301 * Description This function handles events for the port in the
302 * WAIT_SEC_CHECK state. SABME has been received from the
303 * peer and Security Manager verifes address, before we can
304 * send ESTABLISH_IND to the Port entity
305 *
306 * Returns void
307 *
308 ******************************************************************************/
rfc_port_sm_term_wait_sec_check(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)309 void rfc_port_sm_term_wait_sec_check(tPORT* p_port, tRFC_PORT_EVENT event,
310 void* p_data) {
311 switch (event) {
312 case RFC_PORT_EVENT_SEC_COMPLETE:
313 if (*((uint8_t*)p_data) != BTM_SUCCESS) {
314 /* Authentication/authorization failed. If link is still */
315 /* up send DM and check if we need to start inactive timer */
316 if (p_port->rfc.p_mcb) {
317 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
318 p_port->rfc.p_mcb->is_disc_initiator = true;
319 port_rfc_closed(p_port, PORT_SEC_FAILED);
320 }
321 } else {
322 PORT_DlcEstablishInd(p_port->rfc.p_mcb, p_port->dlci,
323 p_port->rfc.p_mcb->peer_l2cap_mtu);
324 }
325 return;
326
327 case RFC_PORT_EVENT_OPEN:
328 case RFC_PORT_EVENT_CLOSE:
329 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
330 event);
331 return;
332
333 case RFC_PORT_EVENT_CLEAR:
334 RFCOMM_TRACE_WARNING("%s, RFC_PORT_EVENT_CLEAR, index=%d", __func__,
335 p_port->handle);
336 btm_sec_abort_access_req(p_port->rfc.p_mcb->bd_addr);
337 rfc_port_closed(p_port);
338 return;
339
340 case RFC_PORT_EVENT_DATA:
341 RFCOMM_TRACE_ERROR("Port error state Term Wait Sec event Data");
342 osi_free(p_data);
343 return;
344
345 case RFC_PORT_EVENT_SABME:
346 /* Ignore SABME retransmission if client dares to do so */
347 return;
348
349 case RFC_PORT_EVENT_DISC:
350 btm_sec_abort_access_req(p_port->rfc.p_mcb->bd_addr);
351 p_port->rfc.state = RFC_STATE_CLOSED;
352 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
353
354 PORT_DlcReleaseInd(p_port->rfc.p_mcb, p_port->dlci);
355 return;
356
357 case RFC_PORT_EVENT_UIH:
358 osi_free(p_data);
359 return;
360
361 case RFC_PORT_EVENT_ESTABLISH_RSP:
362 if (*((uint8_t*)p_data) != RFCOMM_SUCCESS) {
363 if (p_port->rfc.p_mcb)
364 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
365 } else {
366 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
367 p_port->rfc.state = RFC_STATE_OPENED;
368
369 if (uuid_logging_acceptlist.find(p_port->uuid) !=
370 uuid_logging_acceptlist.end()) {
371 // Find Channel Control Block by Channel ID
372 tL2C_CCB* p_ccb =
373 l2cu_find_ccb_by_cid(nullptr, p_port->rfc.p_mcb->lcid);
374 if (p_ccb) {
375 bluetooth::shim::GetSnoopLogger()->AcceptlistRfcommDlci(
376 p_ccb->p_lcb->Handle(), p_port->rfc.p_mcb->lcid, p_port->dlci);
377 }
378 }
379 if (p_port->rfc.p_mcb) {
380 uint16_t lcid;
381 tL2C_CCB* ccb;
382
383 lcid = p_port->rfc.p_mcb->lcid;
384 ccb = l2cu_find_ccb_by_cid(nullptr, lcid);
385
386 if (ccb) {
387 bluetooth::shim::GetSnoopLogger()->SetRfcommPortOpen(
388 ccb->p_lcb->Handle(), lcid, p_port->dlci, p_port->uuid,
389 p_port->rfc.p_mcb->flow == PORT_FC_CREDIT);
390 }
391 }
392 }
393 return;
394 default:
395 LOG_ERROR("Received unexpected event:%hu in state:%hhu", event,
396 p_port->rfc.state);
397 }
398 RFCOMM_TRACE_WARNING("Port state term_wait_sec_check Event ignored %d",
399 event);
400 }
401
402 /*******************************************************************************
403 *
404 * Function rfc_port_sm_orig_wait_sec_check
405 *
406 * Description This function handles events for the port in the
407 * ORIG_WAIT_SEC_CHECK state. RFCOMM is waiting for Security
408 * manager to finish before sending SABME to the peer
409 *
410 * Returns void
411 *
412 ******************************************************************************/
rfc_port_sm_orig_wait_sec_check(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)413 void rfc_port_sm_orig_wait_sec_check(tPORT* p_port, tRFC_PORT_EVENT event,
414 void* p_data) {
415 switch (event) {
416 case RFC_PORT_EVENT_SEC_COMPLETE:
417 if (*((uint8_t*)p_data) != BTM_SUCCESS) {
418 RFCOMM_TRACE_ERROR(
419 "%s, RFC_PORT_EVENT_SEC_COMPLETE, index=%d, result=%d", __func__,
420 event, p_port->handle, *((uint8_t*)p_data));
421 p_port->rfc.p_mcb->is_disc_initiator = true;
422 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci, 0,
423 RFCOMM_SECURITY_ERR);
424 rfc_port_closed(p_port);
425 return;
426 }
427 rfc_send_sabme(p_port->rfc.p_mcb, p_port->dlci);
428 rfc_port_timer_start(p_port, RFC_PORT_T1_TIMEOUT);
429 p_port->rfc.state = RFC_STATE_SABME_WAIT_UA;
430 return;
431
432 case RFC_PORT_EVENT_OPEN:
433 case RFC_PORT_EVENT_SABME: /* Peer should not use the same dlci */
434 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
435 event);
436 return;
437
438 case RFC_PORT_EVENT_CLOSE:
439 RFCOMM_TRACE_WARNING("%s, RFC_PORT_EVENT_CLOSE, index=%d", __func__,
440 p_port->handle);
441 btm_sec_abort_access_req(p_port->rfc.p_mcb->bd_addr);
442 rfc_port_closed(p_port);
443 return;
444
445 case RFC_PORT_EVENT_DATA:
446 RFCOMM_TRACE_ERROR("Port error state Orig Wait Sec event Data");
447 osi_free(p_data);
448 return;
449
450 case RFC_PORT_EVENT_UIH:
451 osi_free(p_data);
452 return;
453 default:
454 LOG_ERROR("Received unexpected event:%hu in state:%hhu", event,
455 p_port->rfc.state);
456 }
457 RFCOMM_TRACE_WARNING("Port state orig_wait_sec_check Event ignored %d",
458 event);
459 }
460
461 /*******************************************************************************
462 *
463 * Function rfc_port_sm_opened
464 *
465 * Description This function handles events for the port in the OPENED
466 * state
467 *
468 * Returns void
469 *
470 ******************************************************************************/
rfc_port_sm_opened(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)471 void rfc_port_sm_opened(tPORT* p_port, tRFC_PORT_EVENT event, void* p_data) {
472 switch (event) {
473 case RFC_PORT_EVENT_OPEN:
474 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
475 event);
476 return;
477
478 case RFC_PORT_EVENT_CLOSE:
479 rfc_port_timer_start(p_port, RFC_DISC_TIMEOUT);
480 rfc_send_disc(p_port->rfc.p_mcb, p_port->dlci);
481 p_port->rfc.expected_rsp = 0;
482 p_port->rfc.state = RFC_STATE_DISC_WAIT_UA;
483 return;
484
485 case RFC_PORT_EVENT_CLEAR:
486 RFCOMM_TRACE_WARNING("%s, RFC_PORT_EVENT_CLEAR, index=%d", __func__,
487 p_port->handle);
488 rfc_port_closed(p_port);
489 return;
490
491 case RFC_PORT_EVENT_DATA:
492 /* Send credits in the frame. Pass them in the layer specific member of
493 * the hdr. */
494 /* There might be an initial case when we reduced rx_max and credit_rx is
495 * still */
496 /* bigger. Make sure that we do not send 255 */
497 if ((p_port->rfc.p_mcb->flow == PORT_FC_CREDIT) &&
498 (((BT_HDR*)p_data)->len < p_port->peer_mtu) &&
499 (!p_port->rx.user_fc) &&
500 (p_port->credit_rx_max > p_port->credit_rx)) {
501 ((BT_HDR*)p_data)->layer_specific =
502 (uint8_t)(p_port->credit_rx_max - p_port->credit_rx);
503 p_port->credit_rx = p_port->credit_rx_max;
504 } else {
505 ((BT_HDR*)p_data)->layer_specific = 0;
506 }
507 rfc_send_buf_uih(p_port->rfc.p_mcb, p_port->dlci, (BT_HDR*)p_data);
508 rfc_dec_credit(p_port);
509 return;
510
511 case RFC_PORT_EVENT_UA:
512 return;
513
514 case RFC_PORT_EVENT_SABME:
515 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
516 return;
517
518 case RFC_PORT_EVENT_DM:
519 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DM, index=%d", __func__,
520 p_port->handle);
521 PORT_DlcReleaseInd(p_port->rfc.p_mcb, p_port->dlci);
522 rfc_port_closed(p_port);
523 return;
524
525 case RFC_PORT_EVENT_DISC:
526 p_port->rfc.state = RFC_STATE_CLOSED;
527 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
528 if (!fixed_queue_is_empty(p_port->rx.queue)) {
529 /* give a chance to upper stack to close port properly */
530 RFCOMM_TRACE_DEBUG("port queue is not empty");
531 rfc_port_timer_start(p_port, RFC_DISC_TIMEOUT);
532 } else
533 PORT_DlcReleaseInd(p_port->rfc.p_mcb, p_port->dlci);
534 return;
535
536 case RFC_PORT_EVENT_UIH:
537 rfc_port_uplink_data(p_port, (BT_HDR*)p_data);
538 return;
539
540 case RFC_PORT_EVENT_TIMEOUT:
541 Port_TimeOutCloseMux(p_port->rfc.p_mcb);
542 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
543 event);
544 return;
545 default:
546 LOG_ERROR("Received unexpected event:%hu in state:%hhu", event,
547 p_port->rfc.state);
548 }
549 RFCOMM_TRACE_WARNING("Port state opened Event ignored %d", event);
550 }
551
552 /*******************************************************************************
553 *
554 * Function rfc_port_sm_disc_wait_ua
555 *
556 * Description This function handles events when DISC on the DLC was
557 * sent and SM is waiting for UA or DM.
558 *
559 * Returns void
560 *
561 ******************************************************************************/
rfc_port_sm_disc_wait_ua(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)562 void rfc_port_sm_disc_wait_ua(tPORT* p_port, tRFC_PORT_EVENT event,
563 void* p_data) {
564 switch (event) {
565 case RFC_PORT_EVENT_OPEN:
566 case RFC_PORT_EVENT_ESTABLISH_RSP:
567 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
568 event);
569 return;
570
571 case RFC_PORT_EVENT_CLEAR:
572 RFCOMM_TRACE_WARNING("%s, RFC_PORT_EVENT_CLEAR, index=%d", __func__,
573 event, p_port->handle);
574 rfc_port_closed(p_port);
575 return;
576
577 case RFC_PORT_EVENT_DATA:
578 osi_free(p_data);
579 return;
580
581 case RFC_PORT_EVENT_UA:
582 p_port->rfc.p_mcb->is_disc_initiator = true;
583 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
584
585 case RFC_PORT_EVENT_DM:
586 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DM|RFC_EVENT_UA[%d], index=%d",
587 __func__, event, p_port->handle);
588 rfc_port_closed(p_port);
589 return;
590
591 case RFC_PORT_EVENT_SABME:
592 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
593 return;
594
595 case RFC_PORT_EVENT_DISC:
596 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
597 return;
598
599 case RFC_PORT_EVENT_UIH:
600 osi_free(p_data);
601 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, false);
602 return;
603
604 case RFC_PORT_EVENT_TIMEOUT:
605 RFCOMM_TRACE_ERROR("%s, RFC_EVENT_TIMEOUT, index=%d", __func__,
606 p_port->handle);
607 rfc_port_closed(p_port);
608 return;
609 default:
610 LOG_ERROR("Received unexpected event:%hu in state:%hhu", event,
611 p_port->rfc.state);
612 }
613
614 RFCOMM_TRACE_WARNING("Port state disc_wait_ua Event ignored %d", event);
615 }
616
617 /*******************************************************************************
618 *
619 * Function rfc_port_uplink_data
620 *
621 * Description This function handles uplink information data frame.
622 *
623 ******************************************************************************/
rfc_port_uplink_data(tPORT * p_port,BT_HDR * p_buf)624 void rfc_port_uplink_data(tPORT* p_port, BT_HDR* p_buf) {
625 PORT_DataInd(p_port->rfc.p_mcb, p_port->dlci, p_buf);
626 }
627
628 /*******************************************************************************
629 *
630 * Function rfc_process_pn
631 *
632 * Description This function handles DLC parameter negotiation frame.
633 * Record MTU and pass indication to the upper layer.
634 *
635 ******************************************************************************/
rfc_process_pn(tRFC_MCB * p_mcb,bool is_command,MX_FRAME * p_frame)636 void rfc_process_pn(tRFC_MCB* p_mcb, bool is_command, MX_FRAME* p_frame) {
637 RFCOMM_TRACE_DEBUG("%s: is_initiator=%d, is_cmd=%d, state=%d, bd_addr=%s",
638 __func__, p_mcb->is_initiator, is_command, p_mcb->state,
639 ADDRESS_TO_LOGGABLE_CSTR(p_mcb->bd_addr));
640 uint8_t dlci = p_frame->dlci;
641
642 if (is_command) {
643 /* Ignore if Multiplexer is being shut down */
644 if (p_mcb->state != RFC_MX_STATE_DISC_WAIT_UA) {
645 PORT_ParNegInd(p_mcb, dlci, p_frame->u.pn.mtu, p_frame->u.pn.conv_layer,
646 p_frame->u.pn.k);
647 } else {
648 LOG(WARNING) << __func__
649 << ": MX PN while disconnecting, bd_addr=" << p_mcb->bd_addr
650 << ", p_mcb=" << p_mcb;
651 rfc_send_dm(p_mcb, dlci, false);
652 }
653
654 return;
655 }
656 /* If we are not awaiting response just ignore it */
657 tPORT* p_port = port_find_mcb_dlci_port(p_mcb, dlci);
658 if ((p_port == nullptr) || !(p_port->rfc.expected_rsp & RFC_RSP_PN)) {
659 LOG(WARNING) << ": Ignore unwanted response, p_mcb=" << p_mcb
660 << ", bd_addr=" << p_mcb->bd_addr
661 << ", dlci=" << std::to_string(dlci);
662 return;
663 }
664
665 p_port->rfc.expected_rsp &= ~RFC_RSP_PN;
666
667 rfc_port_timer_stop(p_port);
668
669 PORT_ParNegCnf(p_mcb, dlci, p_frame->u.pn.mtu, p_frame->u.pn.conv_layer,
670 p_frame->u.pn.k);
671 }
672
673 /*******************************************************************************
674 *
675 * Function rfc_process_rpn
676 *
677 * Description This function handles Remote DLC parameter negotiation
678 * command/response. Pass command to the user.
679 *
680 ******************************************************************************/
rfc_process_rpn(tRFC_MCB * p_mcb,bool is_command,bool is_request,MX_FRAME * p_frame)681 void rfc_process_rpn(tRFC_MCB* p_mcb, bool is_command, bool is_request,
682 MX_FRAME* p_frame) {
683 tPORT_STATE port_pars;
684 tPORT* p_port;
685
686 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
687 if (p_port == nullptr) {
688 /* This is the first command on the port */
689 if (is_command) {
690 memset(&port_pars, 0, sizeof(tPORT_STATE));
691 rfc_set_port_state(&port_pars, p_frame);
692
693 PORT_PortNegInd(p_mcb, p_frame->dlci, &port_pars,
694 p_frame->u.rpn.param_mask);
695 }
696 return;
697 }
698
699 if (is_command && is_request) {
700 /* This is the special situation when peer just request local pars */
701 rfc_send_rpn(p_mcb, p_frame->dlci, false, &p_port->peer_port_pars, 0);
702 return;
703 }
704
705 port_pars = p_port->peer_port_pars;
706
707 rfc_set_port_state(&port_pars, p_frame);
708
709 if (is_command) {
710 PORT_PortNegInd(p_mcb, p_frame->dlci, &port_pars,
711 p_frame->u.rpn.param_mask);
712 return;
713 }
714
715 /* If we are not awaiting response just ignore it */
716 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
717 if ((p_port == nullptr) ||
718 !(p_port->rfc.expected_rsp & (RFC_RSP_RPN | RFC_RSP_RPN_REPLY))) {
719 LOG(WARNING) << __func__ << ": ignore DLC parameter negotiation as we are"
720 << " not waiting for any";
721 return;
722 }
723
724 /* If we sent a request for port parameters to the peer it is replying with */
725 /* mask 0. */
726 rfc_port_timer_stop(p_port);
727
728 if (p_port->rfc.expected_rsp & RFC_RSP_RPN_REPLY) {
729 p_port->rfc.expected_rsp &= ~RFC_RSP_RPN_REPLY;
730
731 p_port->peer_port_pars = port_pars;
732
733 if ((port_pars.fc_type ==
734 (RFCOMM_FC_RTR_ON_INPUT | RFCOMM_FC_RTR_ON_OUTPUT)) ||
735 (port_pars.fc_type ==
736 (RFCOMM_FC_RTC_ON_INPUT | RFCOMM_FC_RTC_ON_OUTPUT))) {
737 /* This is satisfactory port parameters. Set mask as it was Ok */
738 p_frame->u.rpn.param_mask = RFCOMM_RPN_PM_MASK;
739 } else {
740 /* Current peer parameters are not good, try to fix them */
741 p_port->peer_port_pars.fc_type =
742 (RFCOMM_FC_RTR_ON_INPUT | RFCOMM_FC_RTR_ON_OUTPUT);
743
744 p_port->rfc.expected_rsp |= RFC_RSP_RPN;
745 rfc_send_rpn(p_mcb, p_frame->dlci, true, &p_port->peer_port_pars,
746 RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT);
747 rfc_port_timer_start(p_port, RFC_T2_TIMEOUT);
748 return;
749 }
750 } else
751 p_port->rfc.expected_rsp &= ~RFC_RSP_RPN;
752
753 /* Check if all suggested parameters were accepted */
754 if (((p_frame->u.rpn.param_mask &
755 (RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT)) ==
756 (RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT)) ||
757 ((p_frame->u.rpn.param_mask &
758 (RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT)) ==
759 (RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT))) {
760 PORT_PortNegCnf(p_mcb, p_port->dlci, &port_pars, RFCOMM_SUCCESS);
761 return;
762 }
763
764 /* If we were proposing RTR flow control try RTC flow control */
765 /* If we were proposing RTC flow control try no flow control */
766 /* otherwise drop the connection */
767 if (p_port->peer_port_pars.fc_type ==
768 (RFCOMM_FC_RTR_ON_INPUT | RFCOMM_FC_RTR_ON_OUTPUT)) {
769 /* Current peer parameters are not good, try to fix them */
770 p_port->peer_port_pars.fc_type =
771 (RFCOMM_FC_RTC_ON_INPUT | RFCOMM_FC_RTC_ON_OUTPUT);
772
773 p_port->rfc.expected_rsp |= RFC_RSP_RPN;
774
775 rfc_send_rpn(p_mcb, p_frame->dlci, true, &p_port->peer_port_pars,
776 RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT);
777 rfc_port_timer_start(p_port, RFC_T2_TIMEOUT);
778 return;
779 }
780
781 /* Other side does not support flow control */
782 if (p_port->peer_port_pars.fc_type ==
783 (RFCOMM_FC_RTC_ON_INPUT | RFCOMM_FC_RTC_ON_OUTPUT)) {
784 p_port->peer_port_pars.fc_type = RFCOMM_FC_OFF;
785 PORT_PortNegCnf(p_mcb, p_port->dlci, &port_pars, RFCOMM_SUCCESS);
786 }
787 }
788
789 /*******************************************************************************
790 *
791 * Function rfc_process_msc
792 *
793 * Description This function handles Modem Status Command.
794 * Pass command to the user.
795 *
796 ******************************************************************************/
rfc_process_msc(tRFC_MCB * p_mcb,bool is_command,MX_FRAME * p_frame)797 void rfc_process_msc(tRFC_MCB* p_mcb, bool is_command, MX_FRAME* p_frame) {
798 tPORT_CTRL pars;
799 tPORT* p_port;
800 uint8_t modem_signals = p_frame->u.msc.signals;
801 bool new_peer_fc = false;
802
803 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
804 if (p_port == NULL) return;
805
806 pars.modem_signal = 0;
807
808 if (modem_signals & RFCOMM_MSC_RTC) pars.modem_signal |= MODEM_SIGNAL_DTRDSR;
809
810 if (modem_signals & RFCOMM_MSC_RTR) pars.modem_signal |= MODEM_SIGNAL_RTSCTS;
811
812 if (modem_signals & RFCOMM_MSC_IC) pars.modem_signal |= MODEM_SIGNAL_RI;
813
814 if (modem_signals & RFCOMM_MSC_DV) pars.modem_signal |= MODEM_SIGNAL_DCD;
815
816 pars.fc = ((modem_signals & RFCOMM_MSC_FC) == RFCOMM_MSC_FC);
817
818 pars.break_signal =
819 (p_frame->u.msc.break_present) ? p_frame->u.msc.break_duration : 0;
820 pars.discard_buffers = 0;
821 pars.break_signal_seq = RFCOMM_CTRL_BREAK_IN_SEQ; /* this is default */
822
823 /* Check if this command is passed only to indicate flow control */
824 if (is_command) {
825 rfc_send_msc(p_mcb, p_frame->dlci, false, &pars);
826
827 if (p_port->rfc.p_mcb->flow != PORT_FC_CREDIT) {
828 /* Spec 1.1 indicates that only FC bit is used for flow control */
829 p_port->peer_ctrl.fc = new_peer_fc = pars.fc;
830
831 if (new_peer_fc != p_port->tx.peer_fc)
832 PORT_FlowInd(p_mcb, p_frame->dlci, (bool)!new_peer_fc);
833 }
834
835 PORT_ControlInd(p_mcb, p_frame->dlci, &pars);
836
837 return;
838 }
839
840 /* If we are not awaiting response just ignore it */
841 if (!(p_port->rfc.expected_rsp & RFC_RSP_MSC)) return;
842
843 p_port->rfc.expected_rsp &= ~RFC_RSP_MSC;
844
845 rfc_port_timer_stop(p_port);
846
847 PORT_ControlCnf(p_port->rfc.p_mcb, p_port->dlci, &pars);
848 }
849
850 /*******************************************************************************
851 *
852 * Function rfc_process_rls
853 *
854 * Description This function handles Remote Line Status command.
855 * Pass command to the user.
856 *
857 ******************************************************************************/
rfc_process_rls(tRFC_MCB * p_mcb,bool is_command,MX_FRAME * p_frame)858 void rfc_process_rls(tRFC_MCB* p_mcb, bool is_command, MX_FRAME* p_frame) {
859 tPORT* p_port;
860
861 if (is_command) {
862 PORT_LineStatusInd(p_mcb, p_frame->dlci, p_frame->u.rls.line_status);
863 rfc_send_rls(p_mcb, p_frame->dlci, false, p_frame->u.rls.line_status);
864 } else {
865 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
866
867 /* If we are not awaiting response just ignore it */
868 if (!p_port || !(p_port->rfc.expected_rsp & RFC_RSP_RLS)) return;
869
870 p_port->rfc.expected_rsp &= ~RFC_RSP_RLS;
871
872 rfc_port_timer_stop(p_port);
873 }
874 }
875
876 /*******************************************************************************
877 *
878 * Function rfc_process_nsc
879 *
880 * Description This function handles None Supported Command frame.
881 *
882 ******************************************************************************/
rfc_process_nsc(UNUSED_ATTR tRFC_MCB * p_mcb,UNUSED_ATTR MX_FRAME * p_frame)883 void rfc_process_nsc(UNUSED_ATTR tRFC_MCB* p_mcb,
884 UNUSED_ATTR MX_FRAME* p_frame) {}
885
886 /*******************************************************************************
887 *
888 * Function rfc_process_test
889 *
890 * Description This function handles Test frame. If this is a command
891 * reply to it. Otherwise pass response to the user.
892 *
893 ******************************************************************************/
rfc_process_test_rsp(UNUSED_ATTR tRFC_MCB * p_mcb,BT_HDR * p_buf)894 void rfc_process_test_rsp(UNUSED_ATTR tRFC_MCB* p_mcb, BT_HDR* p_buf) {
895 osi_free(p_buf);
896 }
897
898 /*******************************************************************************
899 *
900 * Function rfc_process_fcon
901 *
902 * Description This function handles FCON frame. The peer entity is able
903 * to receive new information
904 *
905 ******************************************************************************/
rfc_process_fcon(tRFC_MCB * p_mcb,bool is_command)906 void rfc_process_fcon(tRFC_MCB* p_mcb, bool is_command) {
907 if (is_command) {
908 rfc_cb.rfc.peer_rx_disabled = false;
909
910 rfc_send_fcon(p_mcb, false);
911
912 if (!p_mcb->l2cap_congested) PORT_FlowInd(p_mcb, 0, true);
913 }
914 }
915
916 /*******************************************************************************
917 *
918 * Function rfc_process_fcoff
919 *
920 * Description This function handles FCOFF frame. The peer entity is
921 * unable to receive new information
922 *
923 ******************************************************************************/
rfc_process_fcoff(tRFC_MCB * p_mcb,bool is_command)924 void rfc_process_fcoff(tRFC_MCB* p_mcb, bool is_command) {
925 if (is_command) {
926 rfc_cb.rfc.peer_rx_disabled = true;
927
928 if (!p_mcb->l2cap_congested) PORT_FlowInd(p_mcb, 0, false);
929
930 rfc_send_fcoff(p_mcb, false);
931 }
932 }
933
934 /*******************************************************************************
935 *
936 * Function rfc_process_l2cap_congestion
937 *
938 * Description This function handles L2CAP congestion messages
939 *
940 ******************************************************************************/
rfc_process_l2cap_congestion(tRFC_MCB * p_mcb,bool is_congested)941 void rfc_process_l2cap_congestion(tRFC_MCB* p_mcb, bool is_congested) {
942 p_mcb->l2cap_congested = is_congested;
943
944 if (!is_congested) {
945 rfc_check_send_cmd(p_mcb, nullptr);
946 }
947
948 if (!rfc_cb.rfc.peer_rx_disabled) {
949 PORT_FlowInd(p_mcb, 0, !is_congested);
950 }
951 }
952
953 /*******************************************************************************
954 *
955 * Function rfc_set_port_pars
956 *
957 * Description This function sets the tPORT_STATE structure given a
958 * p_frame.
959 *
960 ******************************************************************************/
961
rfc_set_port_state(tPORT_STATE * port_pars,MX_FRAME * p_frame)962 void rfc_set_port_state(tPORT_STATE* port_pars, MX_FRAME* p_frame) {
963 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_BIT_RATE)
964 port_pars->baud_rate = p_frame->u.rpn.baud_rate;
965 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_DATA_BITS)
966 port_pars->byte_size = p_frame->u.rpn.byte_size;
967 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_STOP_BITS)
968 port_pars->stop_bits = p_frame->u.rpn.stop_bits;
969 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_PARITY)
970 port_pars->parity = p_frame->u.rpn.parity;
971 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_PARITY_TYPE)
972 port_pars->parity_type = p_frame->u.rpn.parity_type;
973 if (p_frame->u.rpn.param_mask &
974 (RFCOMM_RPN_PM_XONXOFF_ON_INPUT | RFCOMM_RPN_PM_XONXOFF_ON_OUTPUT |
975 RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT |
976 RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT))
977 port_pars->fc_type = p_frame->u.rpn.fc_type;
978 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_XON_CHAR)
979 port_pars->xon_char = p_frame->u.rpn.xon_char;
980 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_XOFF_CHAR)
981 port_pars->xoff_char = p_frame->u.rpn.xoff_char;
982 }
983