1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains L2CAP interface functions
22 *
23 ******************************************************************************/
24
25 #include <bluetooth/log.h>
26
27 #include <cstddef>
28 #include <cstdint>
29
30 #include "common/time_util.h"
31 #include "internal_include/bt_target.h"
32 #include "osi/include/allocator.h"
33 #include "stack/include/bt_hdr.h"
34 #include "stack/include/bt_psm_types.h"
35 #include "stack/include/l2cap_interface.h"
36 #include "stack/include/l2cdefs.h"
37 #include "stack/rfcomm/port_int.h"
38 #include "stack/rfcomm/rfc_int.h"
39 #include "types/raw_address.h"
40
41 using namespace bluetooth;
42
43 /*
44 * Define Callback functions to be called by L2CAP
45 */
46 static void RFCOMM_ConnectInd(const RawAddress& bd_addr, uint16_t lcid, uint16_t psm, uint8_t id);
47 static void RFCOMM_ConnectCnf(uint16_t lcid, tL2CAP_CONN err);
48 static void RFCOMM_ConfigInd(uint16_t lcid, tL2CAP_CFG_INFO* p_cfg);
49 static void RFCOMM_ConfigCnf(uint16_t lcid, uint16_t result, tL2CAP_CFG_INFO* p_cfg);
50 static void RFCOMM_DisconnectInd(uint16_t lcid, bool is_clear);
51 static void RFCOMM_BufDataInd(uint16_t lcid, BT_HDR* p_buf);
52 static void RFCOMM_CongestionStatusInd(uint16_t lcid, bool is_congested);
53
54 /*******************************************************************************
55 *
56 * Function rfcomm_l2cap_if_init
57 *
58 * Description This function is called during the RFCOMM task startup
59 * to register interface functions with L2CAP.
60 *
61 ******************************************************************************/
rfcomm_l2cap_if_init(void)62 void rfcomm_l2cap_if_init(void) {
63 tL2CAP_APPL_INFO* p_l2c = &rfc_cb.rfc.reg_info;
64
65 p_l2c->pL2CA_ConnectInd_Cb = RFCOMM_ConnectInd;
66 p_l2c->pL2CA_ConnectCfm_Cb = RFCOMM_ConnectCnf;
67 p_l2c->pL2CA_ConfigInd_Cb = RFCOMM_ConfigInd;
68 p_l2c->pL2CA_ConfigCfm_Cb = RFCOMM_ConfigCnf;
69 p_l2c->pL2CA_DisconnectInd_Cb = RFCOMM_DisconnectInd;
70 p_l2c->pL2CA_DataInd_Cb = RFCOMM_BufDataInd;
71 p_l2c->pL2CA_CongestionStatus_Cb = RFCOMM_CongestionStatusInd;
72 p_l2c->pL2CA_TxComplete_Cb = NULL;
73 p_l2c->pL2CA_Error_Cb = rfc_on_l2cap_error;
74
75 if (!stack::l2cap::get_interface().L2CA_Register(BT_PSM_RFCOMM, rfc_cb.rfc.reg_info,
76 true /* enable_snoop */, nullptr, L2CAP_MTU_SIZE,
77 0, 0)) {
78 log::error("Unable to register with L2CAP profile RFCOMM psm:{}", BT_PSM_RFCOMM);
79 }
80 }
81
82 /*******************************************************************************
83 *
84 * Function RFCOMM_ConnectInd
85 *
86 * Description This is a callback function called by L2CAP when
87 * L2CA_ConnectInd received. Allocate multiplexer control
88 * block and dispatch the event to it.
89 *
90 ******************************************************************************/
RFCOMM_ConnectInd(const RawAddress & bd_addr,uint16_t lcid,uint16_t,uint8_t id)91 void RFCOMM_ConnectInd(const RawAddress& bd_addr, uint16_t lcid, uint16_t /* psm */, uint8_t id) {
92 tRFC_MCB* p_mcb = rfc_alloc_multiplexer_channel(bd_addr, false);
93
94 if (p_mcb != nullptr && p_mcb->is_initiator && p_mcb->state == RFC_MX_STATE_WAIT_CONN_CNF) {
95 p_mcb->pending_lcid = lcid;
96
97 /* wait random timeout (2 - 12) to resolve collision */
98 /* if peer gives up then local device rejects incoming connection and
99 * continues as initiator */
100 /* if timeout, local device disconnects outgoing connection and continues
101 * as acceptor */
102 log::verbose(
103 "RFCOMM_ConnectInd start timer for collision, initiator's "
104 "LCID(0x{:x}), acceptor's LCID(0x{:x})",
105 p_mcb->lcid, p_mcb->pending_lcid);
106
107 rfc_timer_start(p_mcb, (uint16_t)(bluetooth::common::time_get_os_boottime_ms() % 10 + 2));
108 return;
109 }
110 if (p_mcb != nullptr && p_mcb->is_initiator && p_mcb->state != RFC_MX_STATE_IDLE) {
111 /* we cannot accept connection request from peer at this state */
112 /* don't update lcid */
113 p_mcb = nullptr;
114 } else {
115 /* store mcb even if null */
116 rfc_save_lcid_mcb(p_mcb, lcid);
117 }
118
119 if (p_mcb == nullptr) {
120 if (!stack::l2cap::get_interface().L2CA_DisconnectReq(lcid)) {
121 log::warn("Unable to disconnect L2CAP cid:{}", lcid);
122 }
123 return;
124 }
125 p_mcb->lcid = lcid;
126
127 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONN_IND, &id);
128 }
129
130 /*******************************************************************************
131 *
132 * Function RFCOMM_ConnectCnf
133 *
134 * Description This is a callback function called by L2CAP when
135 * L2CA_ConnectCnf received. Save L2CAP handle and dispatch
136 * event to the FSM.
137 *
138 ******************************************************************************/
RFCOMM_ConnectCnf(uint16_t lcid,tL2CAP_CONN result)139 void RFCOMM_ConnectCnf(uint16_t lcid, tL2CAP_CONN result) {
140 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
141
142 if (p_mcb == nullptr) {
143 log::error("RFCOMM_ConnectCnf LCID:0x{:x}", lcid);
144 return;
145 }
146
147 if (p_mcb->pending_lcid) {
148 /* if peer rejects our connect request but peer's connect request is pending
149 */
150 if (result != tL2CAP_CONN::L2CAP_CONN_OK) {
151 return;
152 } else {
153 log::verbose("RFCOMM_ConnectCnf peer gave up pending LCID(0x{:x})", p_mcb->pending_lcid);
154
155 /* Peer gave up its connection request, make sure cleaning up L2CAP
156 * channel */
157 if (!stack::l2cap::get_interface().L2CA_DisconnectReq(p_mcb->pending_lcid)) {
158 log::warn("Unable to send L2CAP disconnect request peer:{} cid:{}", p_mcb->bd_addr,
159 p_mcb->lcid);
160 }
161
162 p_mcb->pending_lcid = 0;
163 }
164 }
165
166 /* Save LCID to be used in all consecutive calls to L2CAP */
167 p_mcb->lcid = lcid;
168
169 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONN_CNF, &result);
170 }
171
172 /*******************************************************************************
173 *
174 * Function RFCOMM_ConfigInd
175 *
176 * Description This is a callback function called by L2CAP when
177 * L2CA_ConfigInd received. Save parameters in the control
178 * block and dispatch event to the FSM.
179 *
180 ******************************************************************************/
RFCOMM_ConfigInd(uint16_t lcid,tL2CAP_CFG_INFO * p_cfg)181 void RFCOMM_ConfigInd(uint16_t lcid, tL2CAP_CFG_INFO* p_cfg) {
182 if (p_cfg == nullptr) {
183 log::error("Received l2cap configuration info with nullptr");
184 return;
185 }
186
187 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
188
189 if (p_mcb == nullptr) {
190 log::error("RFCOMM_ConfigInd LCID:0x{:x}", lcid);
191 for (auto& [cid, mcb] : rfc_lcid_mcb) {
192 if (mcb != nullptr && mcb->pending_lcid == lcid) {
193 tL2CAP_CFG_INFO l2cap_cfg_info(*p_cfg);
194 mcb->pending_configure_complete = true;
195 mcb->pending_cfg_info = l2cap_cfg_info;
196 return;
197 }
198 }
199 return;
200 }
201
202 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONF_IND, (void*)p_cfg);
203 }
204
205 /*******************************************************************************
206 *
207 * Function RFCOMM_ConfigCnf
208 *
209 * Description This is a callback function called by L2CAP when
210 * L2CA_ConfigCnf received. Save L2CAP handle and dispatch
211 * event to the FSM.
212 *
213 ******************************************************************************/
RFCOMM_ConfigCnf(uint16_t lcid,uint16_t,tL2CAP_CFG_INFO * p_cfg)214 void RFCOMM_ConfigCnf(uint16_t lcid, uint16_t /* initiator */, tL2CAP_CFG_INFO* p_cfg) {
215 RFCOMM_ConfigInd(lcid, p_cfg);
216
217 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
218
219 if (p_mcb == nullptr) {
220 log::error("RFCOMM_ConfigCnf no MCB LCID:0x{:x}", lcid);
221 return;
222 }
223 uintptr_t result_as_ptr = static_cast<unsigned>(tL2CAP_CFG_RESULT::L2CAP_CFG_OK);
224 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONF_CNF, (void*)result_as_ptr);
225 }
226
227 /*******************************************************************************
228 *
229 * Function RFCOMM_DisconnectInd
230 *
231 * Description This is a callback function called by L2CAP when
232 * L2CA_DisconnectInd received. Dispatch event to the FSM.
233 *
234 ******************************************************************************/
RFCOMM_DisconnectInd(uint16_t lcid,bool is_conf_needed)235 void RFCOMM_DisconnectInd(uint16_t lcid, bool is_conf_needed) {
236 log::verbose("lcid:0x{:x}, is_conf_needed:{}", lcid, is_conf_needed);
237 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
238 if (p_mcb == nullptr) {
239 log::warn("no mcb for lcid 0x{:x}", lcid);
240 return;
241 }
242 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_DISC_IND, nullptr);
243 }
244
245 /*******************************************************************************
246 *
247 * Function RFCOMM_BufDataInd
248 *
249 * Description This is a callback function called by L2CAP when
250 * data RFCOMM frame is received. Parse the frames, check
251 * the checksum and dispatch event to multiplexer or port
252 * state machine depending on the frame destination.
253 *
254 ******************************************************************************/
RFCOMM_BufDataInd(uint16_t lcid,BT_HDR * p_buf)255 void RFCOMM_BufDataInd(uint16_t lcid, BT_HDR* p_buf) {
256 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
257
258 if (p_mcb == nullptr) {
259 log::warn("Cannot find RFCOMM multiplexer for lcid 0x{:x}", lcid);
260 osi_free(p_buf);
261 return;
262 }
263
264 tRFC_EVENT event = rfc_parse_data(p_mcb, &rfc_cb.rfc.rx_frame, p_buf);
265
266 /* If the frame did not pass validation just ignore it */
267 if (event == RFC_EVENT_BAD_FRAME) {
268 log::warn("Bad RFCOMM frame from lcid=0x{:x}, bd_addr={}, p_mcb={}", lcid, p_mcb->bd_addr,
269 std::format_ptr(p_mcb));
270 osi_free(p_buf);
271 return;
272 }
273
274 if (rfc_cb.rfc.rx_frame.dlci == RFCOMM_MX_DLCI) {
275 log::verbose("handle multiplexer event {}, p_mcb={}", event, std::format_ptr(p_mcb));
276 /* Take special care of the Multiplexer Control Messages */
277 if (event == RFC_EVENT_UIH) {
278 rfc_process_mx_message(p_mcb, p_buf);
279 return;
280 }
281
282 /* Other multiplexer events go to state machine */
283 rfc_mx_sm_execute(p_mcb, static_cast<tRFC_MX_EVENT>(event), nullptr);
284 osi_free(p_buf);
285 return;
286 }
287
288 /* The frame was received on the data channel DLCI, verify that DLC exists */
289 tPORT* p_port = port_find_mcb_dlci_port(p_mcb, rfc_cb.rfc.rx_frame.dlci);
290 if (p_port == nullptr || !p_port->rfc.p_mcb) {
291 /* If this is a SABME on new port, check if any app is waiting for it */
292 if (event != RFC_EVENT_SABME) {
293 log::warn("no for none-SABME event, lcid=0x{:x}, bd_addr={}, p_mcb={}", lcid, p_mcb->bd_addr,
294 std::format_ptr(p_mcb));
295 if ((p_mcb->is_initiator && !rfc_cb.rfc.rx_frame.cr) ||
296 (!p_mcb->is_initiator && rfc_cb.rfc.rx_frame.cr)) {
297 log::error("Disconnecting RFCOMM, lcid=0x{:x}, bd_addr={}, p_mcb={}", lcid, p_mcb->bd_addr,
298 std::format_ptr(p_mcb));
299 rfc_send_dm(p_mcb, rfc_cb.rfc.rx_frame.dlci, rfc_cb.rfc.rx_frame.pf);
300 }
301 osi_free(p_buf);
302 return;
303 }
304
305 p_port = port_find_dlci_port(rfc_cb.rfc.rx_frame.dlci);
306 if (p_port == nullptr) {
307 log::error(
308 "Disconnecting RFCOMM, no port for dlci {}, lcid=0x{:x}, bd_addr={}, "
309 "p_mcb={}",
310 rfc_cb.rfc.rx_frame.dlci, lcid, p_mcb->bd_addr, std::format_ptr(p_mcb));
311 rfc_send_dm(p_mcb, rfc_cb.rfc.rx_frame.dlci, true);
312 osi_free(p_buf);
313 return;
314 }
315 log::verbose("port_handles[dlci={}]:{}->{}, p_mcb={}", rfc_cb.rfc.rx_frame.dlci,
316 p_mcb->port_handles[rfc_cb.rfc.rx_frame.dlci], p_port->handle,
317 std::format_ptr(p_mcb));
318 p_mcb->port_handles[rfc_cb.rfc.rx_frame.dlci] = p_port->handle;
319 p_port->rfc.p_mcb = p_mcb;
320 }
321
322 if (event == RFC_EVENT_UIH) {
323 log::verbose("Handling UIH event, buf_len={}, credit={}", p_buf->len,
324 rfc_cb.rfc.rx_frame.credit);
325 if (p_buf->len > 0) {
326 rfc_port_sm_execute(p_port, static_cast<tRFC_PORT_EVENT>(event), p_buf);
327 } else {
328 osi_free(p_buf);
329 }
330
331 if (rfc_cb.rfc.rx_frame.credit != 0) {
332 rfc_inc_credit(p_port, rfc_cb.rfc.rx_frame.credit);
333 }
334
335 return;
336 }
337 rfc_port_sm_execute(p_port, static_cast<tRFC_PORT_EVENT>(event), nullptr);
338 osi_free(p_buf);
339 }
340
341 /*******************************************************************************
342 *
343 * Function RFCOMM_CongestionStatusInd
344 *
345 * Description This is a callback function called by L2CAP when
346 * data RFCOMM L2CAP congestion status changes
347 *
348 ******************************************************************************/
RFCOMM_CongestionStatusInd(uint16_t lcid,bool is_congested)349 void RFCOMM_CongestionStatusInd(uint16_t lcid, bool is_congested) {
350 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
351
352 if (p_mcb == nullptr) {
353 log::error("RFCOMM_CongestionStatusInd dropped LCID:0x{:x}", lcid);
354 return;
355 } else {
356 log::verbose("RFCOMM_CongestionStatusInd LCID:0x{:x}", lcid);
357 }
358 rfc_process_l2cap_congestion(p_mcb, is_congested);
359 }
360
361 /*******************************************************************************
362 *
363 * Function rfc_find_lcid_mcb
364 *
365 * Description This function returns MCB block supporting local cid
366 *
367 ******************************************************************************/
rfc_find_lcid_mcb(uint16_t lcid)368 tRFC_MCB* rfc_find_lcid_mcb(uint16_t lcid) {
369 tRFC_MCB* p_mcb = rfc_lcid_mcb[lcid];
370 if (p_mcb != nullptr) {
371 if (p_mcb->lcid != lcid) {
372 log::warn("LCID reused lcid=:0x{:x}, current_lcid=0x{:x}", lcid, p_mcb->lcid);
373 return nullptr;
374 }
375 }
376 return p_mcb;
377 }
378
379 /*******************************************************************************
380 *
381 * Function rfc_save_lcid_mcb
382 *
383 * Description This function returns MCB block supporting local cid
384 *
385 ******************************************************************************/
rfc_save_lcid_mcb(tRFC_MCB * p_mcb,uint16_t lcid)386 void rfc_save_lcid_mcb(tRFC_MCB* p_mcb, uint16_t lcid) {
387 auto mcb_index = static_cast<size_t>(lcid);
388 rfc_lcid_mcb[mcb_index] = p_mcb;
389 }
390