1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains state machine and action routines for a port of the
22 * RFCOMM unit
23 *
24 ******************************************************************************/
25
26 #include <bluetooth/log.h>
27 #include <com_android_bluetooth_flags.h>
28
29 #include <cstdint>
30 #include <cstring>
31 #include <set>
32
33 #include "hal/snoop_logger.h"
34 #include "main/shim/entry.h"
35 #include "osi/include/allocator.h"
36 #include "stack/btm/btm_sec.h"
37 #include "stack/include/bt_hdr.h"
38 #include "stack/include/bt_uuid16.h"
39 #include "stack/include/btm_status.h"
40 #include "stack/l2cap/l2c_int.h"
41 #include "stack/rfcomm/port_int.h"
42 #include "stack/rfcomm/rfc_int.h"
43 #include "stack/rfcomm/rfc_state.h"
44
45 using namespace bluetooth;
46
47 static const std::set<uint16_t> uuid_logging_acceptlist = {
48 UUID_SERVCLASS_HEADSET_AUDIO_GATEWAY,
49 UUID_SERVCLASS_AG_HANDSFREE,
50 };
51
52 /******************************************************************************/
53 /* L O C A L F U N C T I O N P R O T O T Y P E S */
54 /******************************************************************************/
55 static void rfc_port_sm_state_closed(tPORT* p_port, tRFC_PORT_EVENT event, void* p_data);
56 static void rfc_port_sm_sabme_wait_ua(tPORT* p_port, tRFC_PORT_EVENT event, void* p_data);
57 static void rfc_port_sm_opened(tPORT* p_port, tRFC_PORT_EVENT event, void* p_data);
58 static void rfc_port_sm_orig_wait_sec_check(tPORT* p_port, tRFC_PORT_EVENT event, void* p_data);
59 static void rfc_port_sm_term_wait_sec_check(tPORT* p_port, tRFC_PORT_EVENT event, void* p_data);
60 static void rfc_port_sm_disc_wait_ua(tPORT* p_port, tRFC_PORT_EVENT event, void* p_data);
61
62 static void rfc_port_uplink_data(tPORT* p_port, BT_HDR* p_buf);
63
64 static void rfc_set_port_settings(PortSettings* port_settings, MX_FRAME* p_frame);
65
66 /*******************************************************************************
67 *
68 * Function rfc_port_sm_execute
69 *
70 * Description This function sends port events through the state
71 * machine.
72 *
73 * Returns void
74 *
75 ******************************************************************************/
rfc_port_sm_execute(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)76 void rfc_port_sm_execute(tPORT* p_port, tRFC_PORT_EVENT event, void* p_data) {
77 log::assert_that(p_port != nullptr, "NULL port, event {}", event);
78
79 p_port->rfc.sm_cb.last_event = event;
80
81 // logs for state RFC_STATE_OPENED handled in rfc_port_sm_opened()
82 if (p_port->rfc.sm_cb.state != RFC_STATE_OPENED) {
83 log::info("bd_addr:{}, handle:{}, state:{}, event:{}", p_port->bd_addr, p_port->handle,
84 rfcomm_port_state_text(p_port->rfc.sm_cb.state), rfcomm_port_event_text(event));
85 }
86 switch (p_port->rfc.sm_cb.state) {
87 case RFC_STATE_CLOSED:
88 rfc_port_sm_state_closed(p_port, event, p_data);
89 break;
90
91 case RFC_STATE_SABME_WAIT_UA:
92 rfc_port_sm_sabme_wait_ua(p_port, event, p_data);
93 break;
94
95 case RFC_STATE_ORIG_WAIT_SEC_CHECK:
96 rfc_port_sm_orig_wait_sec_check(p_port, event, p_data);
97 break;
98
99 case RFC_STATE_TERM_WAIT_SEC_CHECK:
100 rfc_port_sm_term_wait_sec_check(p_port, event, p_data);
101 break;
102
103 case RFC_STATE_OPENED:
104 rfc_port_sm_opened(p_port, event, p_data);
105 break;
106
107 case RFC_STATE_DISC_WAIT_UA:
108 rfc_port_sm_disc_wait_ua(p_port, event, p_data);
109 break;
110 }
111 }
112
113 /*******************************************************************************
114 *
115 * Function rfc_port_sm_state_closed
116 *
117 * Description This function handles events when the port is in
118 * CLOSED state. This state exists when port is
119 * being initially established.
120 *
121 * Returns void
122 *
123 ******************************************************************************/
rfc_port_sm_state_closed(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)124 void rfc_port_sm_state_closed(tPORT* p_port, tRFC_PORT_EVENT event, void* p_data) {
125 switch (event) {
126 case RFC_PORT_EVENT_OPEN:
127 rfc_set_state(RFC_STATE_ORIG_WAIT_SEC_CHECK, p_port);
128 btm_sec_mx_access_request(p_port->rfc.p_mcb->bd_addr, true, p_port->sec_mask,
129 &rfc_sec_check_complete, p_port);
130 return;
131
132 case RFC_PORT_EVENT_CLOSE:
133 break;
134
135 case RFC_PORT_EVENT_CLEAR:
136 return;
137
138 case RFC_PORT_EVENT_DATA:
139 osi_free(p_data);
140 break;
141
142 case RFC_PORT_EVENT_SABME:
143 /* make sure the multiplexer disconnect timer is not running (reconnect
144 * case) */
145 rfc_timer_stop(p_port->rfc.p_mcb);
146
147 /* Open will be continued after security checks are passed */
148 rfc_set_state(RFC_STATE_TERM_WAIT_SEC_CHECK, p_port);
149 btm_sec_mx_access_request(p_port->rfc.p_mcb->bd_addr, false, p_port->sec_mask,
150 &rfc_sec_check_complete, p_port);
151 return;
152
153 case RFC_PORT_EVENT_UA:
154 return;
155
156 case RFC_PORT_EVENT_DM:
157 log::warn("RFC_EVENT_DM, handle:{}", p_port->handle);
158 rfc_port_closed(p_port);
159 return;
160
161 case RFC_PORT_EVENT_UIH:
162 osi_free(p_data);
163 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, false);
164 return;
165
166 case RFC_PORT_EVENT_DISC:
167 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, false);
168 return;
169
170 case RFC_PORT_EVENT_TIMEOUT:
171 PORT_TimeOutCloseMux(p_port->rfc.p_mcb);
172 log::error("Port error state {} event {}", p_port->rfc.sm_cb.state, event);
173 return;
174 default:
175 log::error("Received unexpected event:{} in state:{}", rfcomm_port_event_text(event),
176 rfcomm_port_state_text(p_port->rfc.sm_cb.state));
177 }
178
179 log::warn("Event ignored {}", rfcomm_port_event_text(event));
180 return;
181 }
182
183 /*******************************************************************************
184 *
185 * Function rfc_port_sm_sabme_wait_ua
186 *
187 * Description This function handles events when SABME on the DLC was
188 * sent and SM is waiting for UA or DM.
189 *
190 * Returns void
191 *
192 ******************************************************************************/
rfc_port_sm_sabme_wait_ua(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)193 void rfc_port_sm_sabme_wait_ua(tPORT* p_port, tRFC_PORT_EVENT event, void* p_data) {
194 switch (event) {
195 case RFC_PORT_EVENT_OPEN:
196 case RFC_PORT_EVENT_ESTABLISH_RSP:
197 log::error("Port error event:{}", event);
198 return;
199
200 case RFC_PORT_EVENT_CLOSE:
201 rfc_port_timer_start(p_port, RFC_DISC_TIMEOUT);
202 rfc_send_disc(p_port->rfc.p_mcb, p_port->dlci);
203 p_port->rfc.expected_rsp = 0;
204 rfc_set_state(RFC_STATE_DISC_WAIT_UA, p_port);
205 return;
206
207 case RFC_PORT_EVENT_CLEAR:
208 log::warn("RFC_PORT_EVENT_CLEAR, handle:{}", p_port->handle);
209 rfc_port_closed(p_port);
210 return;
211
212 case RFC_PORT_EVENT_DATA:
213 osi_free(p_data);
214 break;
215
216 case RFC_PORT_EVENT_UA:
217 rfc_port_timer_stop(p_port);
218 rfc_set_state(RFC_STATE_OPENED, p_port);
219
220 if (uuid_logging_acceptlist.find(p_port->uuid) != uuid_logging_acceptlist.end()) {
221 // Find Channel Control Block by Channel ID
222 tL2C_CCB* p_ccb = l2cu_find_ccb_by_cid(nullptr, p_port->rfc.p_mcb->lcid);
223 if (p_ccb) {
224 bluetooth::shim::GetSnoopLogger()->AcceptlistRfcommDlci(
225 p_ccb->p_lcb->Handle(), p_port->rfc.p_mcb->lcid, p_port->dlci);
226 }
227 }
228 if (p_port->rfc.p_mcb) {
229 uint16_t lcid;
230 tL2C_CCB* ccb;
231
232 lcid = p_port->rfc.p_mcb->lcid;
233 ccb = l2cu_find_ccb_by_cid(nullptr, lcid);
234
235 if (ccb) {
236 bluetooth::shim::GetSnoopLogger()->SetRfcommPortOpen(
237 ccb->p_lcb->Handle(), lcid, p_port->dlci, p_port->uuid,
238 p_port->rfc.p_mcb->flow == PORT_FC_CREDIT);
239 }
240 }
241
242 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci, p_port->rfc.p_mcb->peer_l2cap_mtu,
243 RFCOMM_SUCCESS);
244 return;
245
246 case RFC_PORT_EVENT_DM:
247 log::warn("RFC_EVENT_DM, handle:{}", p_port->handle);
248 p_port->rfc.p_mcb->is_disc_initiator = true;
249 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci, p_port->rfc.p_mcb->peer_l2cap_mtu,
250 RFCOMM_ERROR);
251 rfc_port_closed(p_port);
252 return;
253
254 case RFC_PORT_EVENT_DISC:
255 log::warn("RFC_EVENT_DISC, handle:{}", p_port->handle);
256 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
257 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci, p_port->rfc.p_mcb->peer_l2cap_mtu,
258 RFCOMM_ERROR);
259 rfc_port_closed(p_port);
260 return;
261
262 case RFC_PORT_EVENT_SABME:
263 /* Continue to wait for the UA the SABME this side sent */
264 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
265 return;
266
267 case RFC_PORT_EVENT_UIH:
268 osi_free(p_data);
269 return;
270
271 case RFC_PORT_EVENT_TIMEOUT:
272 rfc_set_state(RFC_STATE_CLOSED, p_port);
273 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci, p_port->rfc.p_mcb->peer_l2cap_mtu,
274 RFCOMM_ERROR);
275 return;
276 default:
277 log::error("Received unexpected event:{} in state:{}", rfcomm_port_event_text(event),
278 rfcomm_port_state_text(static_cast<tRFC_PORT_STATE>(p_port->rfc.sm_cb.state)));
279 }
280 log::warn("Event ignored {}", rfcomm_port_event_text(event));
281 }
282
283 /*******************************************************************************
284 *
285 * Function rfc_port_sm_term_wait_sec_check
286 *
287 * Description This function handles events for the port in the
288 * WAIT_SEC_CHECK state. SABME has been received from the
289 * peer and Security Manager verifes address, before we can
290 * send ESTABLISH_IND to the Port entity
291 *
292 * Returns void
293 *
294 ******************************************************************************/
rfc_port_sm_term_wait_sec_check(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)295 void rfc_port_sm_term_wait_sec_check(tPORT* p_port, tRFC_PORT_EVENT event, void* p_data) {
296 switch (event) {
297 case RFC_PORT_EVENT_SEC_COMPLETE:
298 if (*((tBTM_STATUS*)p_data) != tBTM_STATUS::BTM_SUCCESS) {
299 log::error("Security check failed result:{} state:{} port_handle:{}",
300 btm_status_text(*((tBTM_STATUS*)p_data)),
301 rfcomm_port_state_text(p_port->rfc.sm_cb.state), p_port->handle);
302 /* Authentication/authorization failed. If link is still */
303 /* up send DM and check if we need to start inactive timer */
304 if (p_port->rfc.p_mcb) {
305 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
306 p_port->rfc.p_mcb->is_disc_initiator = true;
307 port_rfc_closed(p_port, PORT_SEC_FAILED);
308 }
309 } else {
310 log::debug("Security check succeeded state:{} port_handle:{}",
311 rfcomm_port_state_text(static_cast<tRFC_PORT_STATE>(p_port->rfc.sm_cb.state)),
312 p_port->handle);
313 PORT_DlcEstablishInd(p_port->rfc.p_mcb, p_port->dlci, p_port->rfc.p_mcb->peer_l2cap_mtu);
314 }
315 return;
316
317 case RFC_PORT_EVENT_OPEN:
318 case RFC_PORT_EVENT_CLOSE:
319 log::error("Port error event {}", rfcomm_port_event_text(event));
320 return;
321
322 case RFC_PORT_EVENT_CLEAR:
323 log::warn("RFC_PORT_EVENT_CLEAR, handle:{}", p_port->handle);
324 btm_sec_abort_access_req(p_port->rfc.p_mcb->bd_addr);
325 rfc_port_closed(p_port);
326 return;
327
328 case RFC_PORT_EVENT_DATA:
329 log::error("Port error event {}", rfcomm_port_event_text(event));
330 osi_free(p_data);
331 return;
332
333 case RFC_PORT_EVENT_SABME:
334 /* Ignore SABME retransmission if client dares to do so */
335 return;
336
337 case RFC_PORT_EVENT_DISC:
338 btm_sec_abort_access_req(p_port->rfc.p_mcb->bd_addr);
339 rfc_set_state(RFC_STATE_CLOSED, p_port);
340 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
341
342 PORT_DlcReleaseInd(p_port->rfc.p_mcb, p_port->dlci);
343 return;
344
345 case RFC_PORT_EVENT_UIH:
346 osi_free(p_data);
347 return;
348
349 case RFC_PORT_EVENT_ESTABLISH_RSP:
350 if (*((uint8_t*)p_data) != RFCOMM_SUCCESS) {
351 if (p_port->rfc.p_mcb) {
352 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
353 }
354 } else {
355 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
356 rfc_set_state(RFC_STATE_OPENED, p_port);
357
358 if (uuid_logging_acceptlist.find(p_port->uuid) != uuid_logging_acceptlist.end()) {
359 // Find Channel Control Block by Channel ID
360 tL2C_CCB* p_ccb = l2cu_find_ccb_by_cid(nullptr, p_port->rfc.p_mcb->lcid);
361 if (p_ccb) {
362 bluetooth::shim::GetSnoopLogger()->AcceptlistRfcommDlci(
363 p_ccb->p_lcb->Handle(), p_port->rfc.p_mcb->lcid, p_port->dlci);
364 }
365 }
366 if (p_port->rfc.p_mcb) {
367 uint16_t lcid;
368 tL2C_CCB* ccb;
369
370 lcid = p_port->rfc.p_mcb->lcid;
371 ccb = l2cu_find_ccb_by_cid(nullptr, lcid);
372
373 if (ccb) {
374 bluetooth::shim::GetSnoopLogger()->SetRfcommPortOpen(
375 ccb->p_lcb->Handle(), lcid, p_port->dlci, p_port->uuid,
376 p_port->rfc.p_mcb->flow == PORT_FC_CREDIT);
377 }
378 }
379 }
380 return;
381 default:
382 log::error("Received unexpected event:{} in state:{}", rfcomm_port_event_text(event),
383 rfcomm_port_state_text(p_port->rfc.sm_cb.state));
384 }
385 log::warn("Event ignored {}", event);
386 }
387
388 /*******************************************************************************
389 *
390 * Function rfc_port_sm_orig_wait_sec_check
391 *
392 * Description This function handles events for the port in the
393 * ORIG_WAIT_SEC_CHECK state. RFCOMM is waiting for Security
394 * manager to finish before sending SABME to the peer
395 *
396 * Returns void
397 *
398 ******************************************************************************/
rfc_port_sm_orig_wait_sec_check(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)399 void rfc_port_sm_orig_wait_sec_check(tPORT* p_port, tRFC_PORT_EVENT event, void* p_data) {
400 switch (event) {
401 case RFC_PORT_EVENT_SEC_COMPLETE:
402 if (*((tBTM_STATUS*)p_data) != tBTM_STATUS::BTM_SUCCESS) {
403 log::error("Security check failed result:{} state:{} handle:{}",
404 btm_status_text(*((tBTM_STATUS*)p_data)),
405 rfcomm_port_state_text(p_port->rfc.sm_cb.state), p_port->handle);
406 p_port->rfc.p_mcb->is_disc_initiator = true;
407 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci, 0, RFCOMM_SECURITY_ERR);
408 rfc_port_closed(p_port);
409 } else {
410 log::debug("Security check succeeded state:{} handle:{}",
411 rfcomm_port_state_text(p_port->rfc.sm_cb.state), p_port->handle);
412 rfc_send_sabme(p_port->rfc.p_mcb, p_port->dlci);
413 rfc_port_timer_start(p_port, RFC_PORT_T1_TIMEOUT);
414 rfc_set_state(RFC_STATE_SABME_WAIT_UA, p_port);
415 }
416 return;
417
418 case RFC_PORT_EVENT_OPEN:
419 case RFC_PORT_EVENT_SABME: /* Peer should not use the same dlci */
420 log::error("Port error event {}", rfcomm_port_event_text(event));
421 return;
422
423 case RFC_PORT_EVENT_CLOSE:
424 log::warn("RFC_PORT_EVENT_CLOSE, handle:{}", p_port->handle);
425 btm_sec_abort_access_req(p_port->rfc.p_mcb->bd_addr);
426 rfc_port_closed(p_port);
427 return;
428
429 case RFC_PORT_EVENT_DATA:
430 log::error("Port error {}", rfcomm_port_event_text(event));
431 osi_free(p_data);
432 return;
433
434 case RFC_PORT_EVENT_UIH:
435 osi_free(p_data);
436 return;
437 default:
438 log::error("Received unexpected event:{} in state:{}", rfcomm_port_event_text(event),
439 rfcomm_port_state_text(p_port->rfc.sm_cb.state));
440 }
441 log::warn("Event ignored {}", rfcomm_port_event_text(event));
442 }
443
444 /*******************************************************************************
445 *
446 * Function rfc_port_sm_opened
447 *
448 * Description This function handles events for the port in the OPENED
449 * state
450 *
451 * Returns void
452 *
453 ******************************************************************************/
rfc_port_sm_opened(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)454 void rfc_port_sm_opened(tPORT* p_port, tRFC_PORT_EVENT event, void* p_data) {
455 switch (event) {
456 case RFC_PORT_EVENT_OPEN:
457 log::error("RFC_PORT_EVENT_OPEN bd_addr:{} port_handle:{} dlci:{} scn:{}", p_port->bd_addr,
458 p_port->handle, p_port->dlci, p_port->scn);
459 return;
460
461 case RFC_PORT_EVENT_CLOSE:
462 log::info("RFC_PORT_EVENT_CLOSE bd_addr:{}, port_handle:{} dlci:{} scn:{}", p_port->bd_addr,
463 p_port->handle, p_port->dlci, p_port->scn);
464 rfc_port_timer_start(p_port, RFC_DISC_TIMEOUT);
465 rfc_send_disc(p_port->rfc.p_mcb, p_port->dlci);
466 p_port->rfc.expected_rsp = 0;
467 rfc_set_state(RFC_STATE_DISC_WAIT_UA, p_port);
468 return;
469
470 case RFC_PORT_EVENT_CLEAR:
471 log::warn("RFC_PORT_EVENT_CLEAR bd_addr:{} port_handle:{} dlci:{} scn:{}", p_port->bd_addr,
472 p_port->handle, p_port->dlci, p_port->scn);
473 rfc_port_closed(p_port);
474 return;
475
476 case RFC_PORT_EVENT_DATA:
477 // Send credits in the frame. Pass them in the layer specific member of the hdr.
478 // There might be an initial case when we reduced rx_max and credit_rx is still bigger.
479 // Make sure that we do not send 255
480 log::verbose("RFC_PORT_EVENT_DATA bd_addr:{} port_handle:{} dlci:{} scn:{}", p_port->bd_addr,
481 p_port->handle, p_port->dlci, p_port->scn);
482 if ((p_port->rfc.p_mcb->flow == PORT_FC_CREDIT) &&
483 (((BT_HDR*)p_data)->len < p_port->peer_mtu) && (!p_port->rx.user_fc) &&
484 (p_port->credit_rx_max > p_port->credit_rx)) {
485 ((BT_HDR*)p_data)->layer_specific = (uint8_t)(p_port->credit_rx_max - p_port->credit_rx);
486 p_port->credit_rx = p_port->credit_rx_max;
487 } else {
488 ((BT_HDR*)p_data)->layer_specific = 0;
489 }
490 rfc_send_buf_uih(p_port->rfc.p_mcb, p_port->dlci, (BT_HDR*)p_data);
491 rfc_dec_credit(p_port);
492 return;
493
494 case RFC_PORT_EVENT_UA:
495 log::verbose("RFC_PORT_EVENT_UA bd_addr:{} port_handle:{} dlci:{} scn:{}", p_port->bd_addr,
496 p_port->handle, p_port->dlci, p_port->scn);
497 return;
498
499 case RFC_PORT_EVENT_SABME:
500 log::verbose("RFC_PORT_EVENT_SABME bd_addr:{} port_handle:{} dlci:{} scn:{}", p_port->bd_addr,
501 p_port->handle, p_port->dlci, p_port->scn);
502 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
503 return;
504
505 case RFC_PORT_EVENT_DM:
506 log::info("RFC_EVENT_DM bd_addr:{} port_handle:{} dlci:{} scn:{}", p_port->bd_addr,
507 p_port->handle, p_port->dlci, p_port->scn);
508 PORT_DlcReleaseInd(p_port->rfc.p_mcb, p_port->dlci);
509 rfc_port_closed(p_port);
510 return;
511
512 case RFC_PORT_EVENT_DISC:
513 log::info("RFC_PORT_EVENT_DISC bd_addr:{} port_handle:{} dlci:{} scn:{}", p_port->bd_addr,
514 p_port->handle, p_port->dlci, p_port->scn);
515 rfc_set_state(RFC_STATE_CLOSED, p_port);
516 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
517 if (!fixed_queue_is_empty(p_port->rx.queue)) {
518 /* give a chance to upper stack to close port properly */
519 log::verbose("port queue is not empty");
520 rfc_port_timer_start(p_port, RFC_DISC_TIMEOUT);
521 } else {
522 PORT_DlcReleaseInd(p_port->rfc.p_mcb, p_port->dlci);
523 }
524 return;
525
526 case RFC_PORT_EVENT_UIH:
527 log::verbose("RFC_PORT_EVENT_UIH bd_addr:{}, port_handle:{} dlci:{} scn:{}", p_port->bd_addr,
528 p_port->handle, p_port->dlci, p_port->scn);
529 rfc_port_uplink_data(p_port, (BT_HDR*)p_data);
530 return;
531
532 case RFC_PORT_EVENT_TIMEOUT:
533 PORT_TimeOutCloseMux(p_port->rfc.p_mcb);
534 log::error("RFC_PORT_EVENT_TIMEOUT bd_addr:{} port_handle:{} dlci:{} scn:{}", p_port->bd_addr,
535 p_port->handle, p_port->dlci, p_port->scn);
536 return;
537
538 default:
539 log::error("Received unexpected event:{} bd_addr:{} port_handle:{} dlci:{} scn:{}",
540 rfcomm_port_event_text(event), p_port->bd_addr, p_port->handle, p_port->dlci,
541 p_port->scn);
542 break;
543 }
544 log::warn("Event ignored {}", rfcomm_port_event_text(event));
545 }
546
547 /*******************************************************************************
548 *
549 * Function rfc_port_sm_disc_wait_ua
550 *
551 * Description This function handles events when DISC on the DLC was
552 * sent and SM is waiting for UA or DM.
553 *
554 * Returns void
555 *
556 ******************************************************************************/
rfc_port_sm_disc_wait_ua(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)557 void rfc_port_sm_disc_wait_ua(tPORT* p_port, tRFC_PORT_EVENT event, void* p_data) {
558 switch (event) {
559 case RFC_PORT_EVENT_OPEN:
560 case RFC_PORT_EVENT_ESTABLISH_RSP:
561 log::error("Port error event {}", rfcomm_port_event_text(event));
562 return;
563
564 case RFC_PORT_EVENT_CLEAR:
565 log::warn("RFC_PORT_EVENT_CLEAR, port_handle:{}", p_port->handle);
566 rfc_port_closed(p_port);
567 return;
568
569 case RFC_PORT_EVENT_DATA:
570 osi_free(p_data);
571 return;
572
573 case RFC_PORT_EVENT_UA:
574 p_port->rfc.p_mcb->is_disc_initiator = true;
575 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
576
577 case RFC_PORT_EVENT_DM:
578 log::warn("RFC_EVENT_DM|RFC_EVENT_UA[{}], port_handle:{}", event, p_port->handle);
579 if (com::android::bluetooth::flags::rfcomm_always_disc_initiator_in_disc_wait_ua()) {
580 // If we got a DM in RFC_STATE_DISC_WAIT_UA, it's likely that both ends
581 // attempt to DISC at the same time and both get a DM.
582 // Without setting this flag the both ends would start the same timers,
583 // wait, and still DISC the multiplexer at the same time eventually.
584 // The wait is meaningless and would block all other services that rely
585 // on RFCOMM such as HFP.
586 // Thus, setting this flag here to save us a timeout and doesn't
587 // introduce further RFCOMM event changes.
588 p_port->rfc.p_mcb->is_disc_initiator = true;
589 }
590 rfc_port_closed(p_port);
591 return;
592
593 case RFC_PORT_EVENT_SABME:
594 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
595 return;
596
597 case RFC_PORT_EVENT_DISC:
598 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
599 return;
600
601 case RFC_PORT_EVENT_UIH:
602 osi_free(p_data);
603 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, false);
604 return;
605
606 case RFC_PORT_EVENT_TIMEOUT:
607 log::error("RFC_EVENT_TIMEOUT, port_handle:{}", p_port->handle);
608 rfc_port_closed(p_port);
609 return;
610 default:
611 log::error("Received unexpected event:{} in state:{}", rfcomm_port_event_text(event),
612 rfcomm_port_state_text(p_port->rfc.sm_cb.state));
613 }
614
615 log::warn("Event ignored {}", rfcomm_port_event_text(event));
616 }
617
618 /*******************************************************************************
619 *
620 * Function rfc_port_uplink_data
621 *
622 * Description This function handles uplink information data frame.
623 *
624 ******************************************************************************/
rfc_port_uplink_data(tPORT * p_port,BT_HDR * p_buf)625 void rfc_port_uplink_data(tPORT* p_port, BT_HDR* p_buf) {
626 PORT_DataInd(p_port->rfc.p_mcb, p_port->dlci, p_buf);
627 }
628
629 /*******************************************************************************
630 *
631 * Function rfc_process_pn
632 *
633 * Description This function handles DLC parameter negotiation frame.
634 * Record MTU and pass indication to the upper layer.
635 *
636 ******************************************************************************/
rfc_process_pn(tRFC_MCB * p_mcb,bool is_command,MX_FRAME * p_frame)637 void rfc_process_pn(tRFC_MCB* p_mcb, bool is_command, MX_FRAME* p_frame) {
638 log::verbose("is_initiator={}, is_cmd={}, state={}, bd_addr={}", p_mcb->is_initiator, is_command,
639 p_mcb->state, p_mcb->bd_addr);
640 uint8_t dlci = p_frame->dlci;
641
642 if (is_command) {
643 /* Ignore if Multiplexer is being shut down */
644 if (p_mcb->state != RFC_MX_STATE_DISC_WAIT_UA) {
645 PORT_ParNegInd(p_mcb, dlci, p_frame->u.pn.mtu, p_frame->u.pn.conv_layer, p_frame->u.pn.k);
646 } else {
647 log::warn("MX PN while disconnecting, bd_addr={}, p_mcb={}", p_mcb->bd_addr,
648 std::format_ptr(p_mcb));
649 rfc_send_dm(p_mcb, dlci, false);
650 }
651
652 return;
653 }
654 /* If we are not awaiting response just ignore it */
655 tPORT* p_port = port_find_mcb_dlci_port(p_mcb, dlci);
656 if ((p_port == nullptr) || !(p_port->rfc.expected_rsp & RFC_RSP_PN)) {
657 log::warn(": Ignore unwanted response, p_mcb={}, bd_addr={}, dlci={}", std::format_ptr(p_mcb),
658 p_mcb->bd_addr, dlci);
659 return;
660 }
661
662 p_port->rfc.expected_rsp &= ~RFC_RSP_PN;
663
664 rfc_port_timer_stop(p_port);
665
666 PORT_ParNegCnf(p_mcb, dlci, p_frame->u.pn.mtu, p_frame->u.pn.conv_layer, p_frame->u.pn.k);
667 }
668
669 /*******************************************************************************
670 *
671 * Function rfc_process_rpn
672 *
673 * Description This function handles Remote DLC parameter negotiation
674 * command/response. Pass command to the user.
675 *
676 ******************************************************************************/
rfc_process_rpn(tRFC_MCB * p_mcb,bool is_command,bool is_request,MX_FRAME * p_frame)677 void rfc_process_rpn(tRFC_MCB* p_mcb, bool is_command, bool is_request, MX_FRAME* p_frame) {
678 PortSettings port_settings = {};
679 tPORT* p_port;
680
681 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
682 if (p_port == nullptr) {
683 /* This is the first command on the port */
684 if (is_command) {
685 rfc_set_port_settings(&port_settings, p_frame);
686
687 PORT_PortNegInd(p_mcb, p_frame->dlci, &port_settings, p_frame->u.rpn.param_mask);
688 }
689 return;
690 }
691
692 if (is_command && is_request) {
693 /* This is the special situation when peer just request local pars */
694 rfc_send_rpn(p_mcb, p_frame->dlci, false, &p_port->peer_port_settings, 0);
695 return;
696 }
697
698 port_settings = p_port->peer_port_settings;
699
700 rfc_set_port_settings(&port_settings, p_frame);
701
702 if (is_command) {
703 PORT_PortNegInd(p_mcb, p_frame->dlci, &port_settings, p_frame->u.rpn.param_mask);
704 return;
705 }
706
707 // If we are not awaiting response just ignore it
708 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
709 if ((p_port == nullptr) || !(p_port->rfc.expected_rsp & (RFC_RSP_RPN | RFC_RSP_RPN_REPLY))) {
710 log::warn("ignore DLC parameter negotiation as we are not waiting for any");
711 return;
712 }
713
714 // If we sent a request for port parameters to the peer it is replying with mask 0.
715 rfc_port_timer_stop(p_port);
716
717 if (p_port->rfc.expected_rsp & RFC_RSP_RPN_REPLY) {
718 p_port->rfc.expected_rsp &= ~RFC_RSP_RPN_REPLY;
719
720 p_port->peer_port_settings = port_settings;
721
722 if ((port_settings.fc_type == (RFCOMM_FC_RTR_ON_INPUT | RFCOMM_FC_RTR_ON_OUTPUT)) ||
723 (port_settings.fc_type == (RFCOMM_FC_RTC_ON_INPUT | RFCOMM_FC_RTC_ON_OUTPUT))) {
724 /* This is satisfactory port parameters. Set mask as it was Ok */
725 p_frame->u.rpn.param_mask = RFCOMM_RPN_PM_MASK;
726 } else {
727 /* Current peer parameters are not good, try to fix them */
728 p_port->peer_port_settings.fc_type = (RFCOMM_FC_RTR_ON_INPUT | RFCOMM_FC_RTR_ON_OUTPUT);
729
730 p_port->rfc.expected_rsp |= RFC_RSP_RPN;
731 rfc_send_rpn(p_mcb, p_frame->dlci, true, &p_port->peer_port_settings,
732 RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT);
733 rfc_port_timer_start(p_port, RFC_T2_TIMEOUT);
734 return;
735 }
736 } else {
737 p_port->rfc.expected_rsp &= ~RFC_RSP_RPN;
738 }
739
740 /* Check if all suggested parameters were accepted */
741 if (((p_frame->u.rpn.param_mask & (RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT)) ==
742 (RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT)) ||
743 ((p_frame->u.rpn.param_mask & (RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT)) ==
744 (RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT))) {
745 PORT_PortNegCnf(p_mcb, p_port->dlci, &port_settings, RFCOMM_SUCCESS);
746 return;
747 }
748
749 /* If we were proposing RTR flow control try RTC flow control */
750 /* If we were proposing RTC flow control try no flow control */
751 /* otherwise drop the connection */
752 if (p_port->peer_port_settings.fc_type == (RFCOMM_FC_RTR_ON_INPUT | RFCOMM_FC_RTR_ON_OUTPUT)) {
753 /* Current peer parameters are not good, try to fix them */
754 p_port->peer_port_settings.fc_type = (RFCOMM_FC_RTC_ON_INPUT | RFCOMM_FC_RTC_ON_OUTPUT);
755
756 p_port->rfc.expected_rsp |= RFC_RSP_RPN;
757
758 rfc_send_rpn(p_mcb, p_frame->dlci, true, &p_port->peer_port_settings,
759 RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT);
760 rfc_port_timer_start(p_port, RFC_T2_TIMEOUT);
761 return;
762 }
763
764 /* Other side does not support flow control */
765 if (p_port->peer_port_settings.fc_type == (RFCOMM_FC_RTC_ON_INPUT | RFCOMM_FC_RTC_ON_OUTPUT)) {
766 p_port->peer_port_settings.fc_type = RFCOMM_FC_OFF;
767 PORT_PortNegCnf(p_mcb, p_port->dlci, &port_settings, RFCOMM_SUCCESS);
768 }
769 }
770
771 /*******************************************************************************
772 *
773 * Function rfc_process_msc
774 *
775 * Description This function handles Modem Status Command.
776 * Pass command to the user.
777 *
778 ******************************************************************************/
rfc_process_msc(tRFC_MCB * p_mcb,bool is_command,MX_FRAME * p_frame)779 void rfc_process_msc(tRFC_MCB* p_mcb, bool is_command, MX_FRAME* p_frame) {
780 tPORT_CTRL pars;
781 tPORT* p_port;
782 uint8_t modem_signals = p_frame->u.msc.signals;
783 bool new_peer_fc = false;
784
785 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
786 if (p_port == NULL) {
787 return;
788 }
789
790 pars.modem_signal = 0;
791
792 if (modem_signals & RFCOMM_MSC_RTC) {
793 pars.modem_signal |= MODEM_SIGNAL_DTRDSR;
794 }
795
796 if (modem_signals & RFCOMM_MSC_RTR) {
797 pars.modem_signal |= MODEM_SIGNAL_RTSCTS;
798 }
799
800 if (modem_signals & RFCOMM_MSC_IC) {
801 pars.modem_signal |= MODEM_SIGNAL_RI;
802 }
803
804 if (modem_signals & RFCOMM_MSC_DV) {
805 pars.modem_signal |= MODEM_SIGNAL_DCD;
806 }
807
808 pars.fc = ((modem_signals & RFCOMM_MSC_FC) == RFCOMM_MSC_FC);
809
810 pars.break_signal = (p_frame->u.msc.break_present) ? p_frame->u.msc.break_duration : 0;
811 pars.discard_buffers = 0;
812 pars.break_signal_seq = RFCOMM_CTRL_BREAK_IN_SEQ; /* this is default */
813
814 /* Check if this command is passed only to indicate flow control */
815 if (is_command) {
816 rfc_send_msc(p_mcb, p_frame->dlci, false, &pars);
817
818 if (p_port->rfc.p_mcb->flow != PORT_FC_CREDIT) {
819 /* Spec 1.1 indicates that only FC bit is used for flow control */
820 p_port->peer_ctrl.fc = new_peer_fc = pars.fc;
821
822 if (new_peer_fc != p_port->tx.peer_fc) {
823 PORT_FlowInd(p_mcb, p_frame->dlci, (bool)!new_peer_fc);
824 }
825 }
826
827 PORT_ControlInd(p_mcb, p_frame->dlci, &pars);
828
829 return;
830 }
831
832 /* If we are not awaiting response just ignore it */
833 if (!(p_port->rfc.expected_rsp & RFC_RSP_MSC)) {
834 return;
835 }
836
837 p_port->rfc.expected_rsp &= ~RFC_RSP_MSC;
838
839 rfc_port_timer_stop(p_port);
840
841 PORT_ControlCnf(p_port->rfc.p_mcb, p_port->dlci, &pars);
842 }
843
844 /*******************************************************************************
845 *
846 * Function rfc_process_rls
847 *
848 * Description This function handles Remote Line Status command.
849 * Pass command to the user.
850 *
851 ******************************************************************************/
rfc_process_rls(tRFC_MCB * p_mcb,bool is_command,MX_FRAME * p_frame)852 void rfc_process_rls(tRFC_MCB* p_mcb, bool is_command, MX_FRAME* p_frame) {
853 tPORT* p_port;
854
855 if (is_command) {
856 PORT_LineStatusInd(p_mcb, p_frame->dlci, p_frame->u.rls.line_status);
857 rfc_send_rls(p_mcb, p_frame->dlci, false, p_frame->u.rls.line_status);
858 } else {
859 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
860
861 /* If we are not awaiting response just ignore it */
862 if (!p_port || !(p_port->rfc.expected_rsp & RFC_RSP_RLS)) {
863 return;
864 }
865
866 p_port->rfc.expected_rsp &= ~RFC_RSP_RLS;
867
868 rfc_port_timer_stop(p_port);
869 }
870 }
871
872 /*******************************************************************************
873 *
874 * Function rfc_process_nsc
875 *
876 * Description This function handles None Supported Command frame.
877 *
878 ******************************************************************************/
rfc_process_nsc(tRFC_MCB *,MX_FRAME *)879 void rfc_process_nsc(tRFC_MCB* /* p_mcb */, MX_FRAME* /* p_frame */) {}
880
881 /*******************************************************************************
882 *
883 * Function rfc_process_test
884 *
885 * Description This function handles Test frame. If this is a command
886 * reply to it. Otherwise pass response to the user.
887 *
888 ******************************************************************************/
rfc_process_test_rsp(tRFC_MCB *,BT_HDR * p_buf)889 void rfc_process_test_rsp(tRFC_MCB* /* p_mcb */, BT_HDR* p_buf) { osi_free(p_buf); }
890
891 /*******************************************************************************
892 *
893 * Function rfc_process_fcon
894 *
895 * Description This function handles FCON frame. The peer entity is able
896 * to receive new information
897 *
898 ******************************************************************************/
rfc_process_fcon(tRFC_MCB * p_mcb,bool is_command)899 void rfc_process_fcon(tRFC_MCB* p_mcb, bool is_command) {
900 if (is_command) {
901 rfc_cb.rfc.peer_rx_disabled = false;
902
903 rfc_send_fcon(p_mcb, false);
904
905 if (!p_mcb->l2cap_congested) {
906 PORT_FlowInd(p_mcb, 0, true);
907 }
908 }
909 }
910
911 /*******************************************************************************
912 *
913 * Function rfc_process_fcoff
914 *
915 * Description This function handles FCOFF frame. The peer entity is
916 * unable to receive new information
917 *
918 ******************************************************************************/
rfc_process_fcoff(tRFC_MCB * p_mcb,bool is_command)919 void rfc_process_fcoff(tRFC_MCB* p_mcb, bool is_command) {
920 if (is_command) {
921 rfc_cb.rfc.peer_rx_disabled = true;
922
923 if (!p_mcb->l2cap_congested) {
924 PORT_FlowInd(p_mcb, 0, false);
925 }
926
927 rfc_send_fcoff(p_mcb, false);
928 }
929 }
930
931 /*******************************************************************************
932 *
933 * Function rfc_process_l2cap_congestion
934 *
935 * Description This function handles L2CAP congestion messages
936 *
937 ******************************************************************************/
rfc_process_l2cap_congestion(tRFC_MCB * p_mcb,bool is_congested)938 void rfc_process_l2cap_congestion(tRFC_MCB* p_mcb, bool is_congested) {
939 p_mcb->l2cap_congested = is_congested;
940
941 if (!is_congested) {
942 rfc_check_send_cmd(p_mcb, nullptr);
943 }
944
945 if (!rfc_cb.rfc.peer_rx_disabled) {
946 PORT_FlowInd(p_mcb, 0, !is_congested);
947 }
948 }
949
950 /*******************************************************************************
951 *
952 * Function rfc_set_port_settings
953 *
954 * Description This function sets the PortSettings structure given a
955 * p_frame.
956 *
957 ******************************************************************************/
958
rfc_set_port_settings(PortSettings * port_settings,MX_FRAME * p_frame)959 void rfc_set_port_settings(PortSettings* port_settings, MX_FRAME* p_frame) {
960 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_BIT_RATE) {
961 port_settings->baud_rate = p_frame->u.rpn.baud_rate;
962 }
963 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_DATA_BITS) {
964 port_settings->byte_size = p_frame->u.rpn.byte_size;
965 }
966 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_STOP_BITS) {
967 port_settings->stop_bits = p_frame->u.rpn.stop_bits;
968 }
969 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_PARITY) {
970 port_settings->parity = p_frame->u.rpn.parity;
971 }
972 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_PARITY_TYPE) {
973 port_settings->parity_type = p_frame->u.rpn.parity_type;
974 }
975 if (p_frame->u.rpn.param_mask &
976 (RFCOMM_RPN_PM_XONXOFF_ON_INPUT | RFCOMM_RPN_PM_XONXOFF_ON_OUTPUT |
977 RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT | RFCOMM_RPN_PM_RTC_ON_INPUT |
978 RFCOMM_RPN_PM_RTC_ON_OUTPUT)) {
979 port_settings->fc_type = p_frame->u.rpn.fc_type;
980 }
981 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_XON_CHAR) {
982 port_settings->xon_char = p_frame->u.rpn.xon_char;
983 }
984 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_XOFF_CHAR) {
985 port_settings->xoff_char = p_frame->u.rpn.xoff_char;
986 }
987 }
988