1 /******************************************************************************
2 *
3 * Copyright (C) 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * this file contains the functions relating to link management. A "link"
22 * is a connection between this device and another device. Only ACL links
23 * are managed.
24 *
25 ******************************************************************************/
26
27 #include <base/logging.h>
28 #include <stdio.h>
29 #include <stdlib.h>
30 #include <string.h>
31
32 #include "bt_common.h"
33 #include "bt_types.h"
34 #include "bt_utils.h"
35 #include "btcore/include/bdaddr.h"
36 #include "btm_api.h"
37 #include "btm_int.h"
38 #include "btu.h"
39 #include "device/include/controller.h"
40 #include "hcimsgs.h"
41 #include "l2c_api.h"
42 #include "l2c_int.h"
43 #include "l2cdefs.h"
44 #include "osi/include/osi.h"
45
46 extern fixed_queue_t* btu_general_alarm_queue;
47
48 static bool l2c_link_send_to_lower(tL2C_LCB* p_lcb, BT_HDR* p_buf);
49
50 /*******************************************************************************
51 *
52 * Function l2c_link_hci_conn_req
53 *
54 * Description This function is called when an HCI Connection Request
55 * event is received.
56 *
57 * Returns true, if accept conn
58 *
59 ******************************************************************************/
l2c_link_hci_conn_req(BD_ADDR bd_addr)60 bool l2c_link_hci_conn_req(BD_ADDR bd_addr) {
61 tL2C_LCB* p_lcb;
62 tL2C_LCB* p_lcb_cur;
63 int xx;
64 bool no_links;
65
66 /* See if we have a link control block for the remote device */
67 p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_BR_EDR);
68
69 /* If we don't have one, create one and accept the connection. */
70 if (!p_lcb) {
71 p_lcb = l2cu_allocate_lcb(bd_addr, false, BT_TRANSPORT_BR_EDR);
72 if (!p_lcb) {
73 btsnd_hcic_reject_conn(bd_addr, HCI_ERR_HOST_REJECT_RESOURCES);
74 L2CAP_TRACE_ERROR("L2CAP failed to allocate LCB");
75 return false;
76 }
77
78 no_links = true;
79
80 /* If we already have connection, accept as a master */
81 for (xx = 0, p_lcb_cur = &l2cb.lcb_pool[0]; xx < MAX_L2CAP_LINKS;
82 xx++, p_lcb_cur++) {
83 if (p_lcb_cur == p_lcb) continue;
84
85 if (p_lcb_cur->in_use) {
86 no_links = false;
87 p_lcb->link_role = HCI_ROLE_MASTER;
88 break;
89 }
90 }
91
92 if (no_links) {
93 if (!btm_dev_support_switch(bd_addr))
94 p_lcb->link_role = HCI_ROLE_SLAVE;
95 else
96 p_lcb->link_role = l2cu_get_conn_role(p_lcb);
97 }
98
99 /* Tell the other side we accept the connection */
100 btsnd_hcic_accept_conn(bd_addr, p_lcb->link_role);
101
102 p_lcb->link_state = LST_CONNECTING;
103
104 /* Start a timer waiting for connect complete */
105 alarm_set_on_queue(p_lcb->l2c_lcb_timer, L2CAP_LINK_CONNECT_TIMEOUT_MS,
106 l2c_lcb_timer_timeout, p_lcb, btu_general_alarm_queue);
107 return (true);
108 }
109
110 /* We already had a link control block to the guy. Check what state it is in
111 */
112 if ((p_lcb->link_state == LST_CONNECTING) ||
113 (p_lcb->link_state == LST_CONNECT_HOLDING)) {
114 /* Connection collision. Accept the connection anyways. */
115
116 if (!btm_dev_support_switch(bd_addr))
117 p_lcb->link_role = HCI_ROLE_SLAVE;
118 else
119 p_lcb->link_role = l2cu_get_conn_role(p_lcb);
120
121 btsnd_hcic_accept_conn(bd_addr, p_lcb->link_role);
122
123 p_lcb->link_state = LST_CONNECTING;
124 return (true);
125 } else if (p_lcb->link_state == LST_DISCONNECTING) {
126 /* In disconnecting state, reject the connection. */
127 btsnd_hcic_reject_conn(bd_addr, HCI_ERR_HOST_REJECT_DEVICE);
128 } else {
129 L2CAP_TRACE_ERROR(
130 "L2CAP got conn_req while connected (state:%d). Reject it",
131 p_lcb->link_state);
132 /* Reject the connection with ACL Connection Already exist reason */
133 btsnd_hcic_reject_conn(bd_addr, HCI_ERR_CONNECTION_EXISTS);
134 }
135 return (false);
136 }
137
138 /*******************************************************************************
139 *
140 * Function l2c_link_hci_conn_comp
141 *
142 * Description This function is called when an HCI Connection Complete
143 * event is received.
144 *
145 * Returns void
146 *
147 ******************************************************************************/
l2c_link_hci_conn_comp(uint8_t status,uint16_t handle,BD_ADDR p_bda)148 bool l2c_link_hci_conn_comp(uint8_t status, uint16_t handle, BD_ADDR p_bda) {
149 tL2C_CONN_INFO ci;
150 tL2C_LCB* p_lcb;
151 tL2C_CCB* p_ccb;
152 tBTM_SEC_DEV_REC* p_dev_info = NULL;
153
154 btm_acl_update_busy_level(BTM_BLI_PAGE_DONE_EVT);
155
156 /* Save the parameters */
157 ci.status = status;
158 memcpy(ci.bd_addr, p_bda, BD_ADDR_LEN);
159
160 /* See if we have a link control block for the remote device */
161 p_lcb = l2cu_find_lcb_by_bd_addr(ci.bd_addr, BT_TRANSPORT_BR_EDR);
162
163 /* If we don't have one, this is an error */
164 if (!p_lcb) {
165 L2CAP_TRACE_WARNING("L2CAP got conn_comp for unknown BD_ADDR");
166 return (false);
167 }
168
169 if (p_lcb->link_state != LST_CONNECTING) {
170 L2CAP_TRACE_ERROR("L2CAP got conn_comp in bad state: %d status: 0x%d",
171 p_lcb->link_state, status);
172
173 if (status != HCI_SUCCESS) l2c_link_hci_disc_comp(p_lcb->handle, status);
174
175 return (false);
176 }
177
178 /* Save the handle */
179 p_lcb->handle = handle;
180
181 if (ci.status == HCI_SUCCESS) {
182 /* Connected OK. Change state to connected */
183 p_lcb->link_state = LST_CONNECTED;
184
185 /* Get the peer information if the l2cap flow-control/rtrans is supported */
186 l2cu_send_peer_info_req(p_lcb, L2CAP_EXTENDED_FEATURES_INFO_TYPE);
187
188 /* Tell BTM Acl management about the link */
189 p_dev_info = btm_find_dev(p_bda);
190 if (p_dev_info != NULL)
191 btm_acl_created(ci.bd_addr, p_dev_info->dev_class,
192 p_dev_info->sec_bd_name, handle, p_lcb->link_role,
193 BT_TRANSPORT_BR_EDR);
194 else
195 btm_acl_created(ci.bd_addr, NULL, NULL, handle, p_lcb->link_role,
196 BT_TRANSPORT_BR_EDR);
197
198 BTM_SetLinkSuperTout(ci.bd_addr, btm_cb.btm_def_link_super_tout);
199
200 /* If dedicated bonding do not process any further */
201 if (p_lcb->is_bonding) {
202 if (l2cu_start_post_bond_timer(handle)) return (true);
203 }
204
205 /* Update the timeouts in the hold queue */
206 l2c_process_held_packets(false);
207
208 alarm_cancel(p_lcb->l2c_lcb_timer);
209
210 /* For all channels, send the event through their FSMs */
211 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
212 p_ccb = p_ccb->p_next_ccb) {
213 l2c_csm_execute(p_ccb, L2CEVT_LP_CONNECT_CFM, &ci);
214 }
215
216 if (p_lcb->p_echo_rsp_cb) {
217 l2cu_send_peer_echo_req(p_lcb, NULL, 0);
218 alarm_set_on_queue(p_lcb->l2c_lcb_timer, L2CAP_ECHO_RSP_TIMEOUT_MS,
219 l2c_lcb_timer_timeout, p_lcb, btu_general_alarm_queue);
220 } else if (!p_lcb->ccb_queue.p_first_ccb) {
221 period_ms_t timeout_ms = L2CAP_LINK_STARTUP_TOUT * 1000;
222 alarm_set_on_queue(p_lcb->l2c_lcb_timer, timeout_ms,
223 l2c_lcb_timer_timeout, p_lcb, btu_general_alarm_queue);
224 }
225 }
226 /* Max number of acl connections. */
227 /* If there's an lcb disconnecting set this one to holding */
228 else if ((ci.status == HCI_ERR_MAX_NUM_OF_CONNECTIONS) &&
229 l2cu_lcb_disconnecting()) {
230 p_lcb->link_state = LST_CONNECT_HOLDING;
231 p_lcb->handle = HCI_INVALID_HANDLE;
232 } else {
233 /* Just in case app decides to try again in the callback context */
234 p_lcb->link_state = LST_DISCONNECTING;
235
236 /* Connection failed. For all channels, send the event through */
237 /* their FSMs. The CCBs should remove themselves from the LCB */
238 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;) {
239 tL2C_CCB* pn = p_ccb->p_next_ccb;
240
241 l2c_csm_execute(p_ccb, L2CEVT_LP_CONNECT_CFM_NEG, &ci);
242
243 p_ccb = pn;
244 }
245
246 p_lcb->disc_reason = status;
247 /* Release the LCB */
248 if (p_lcb->ccb_queue.p_first_ccb == NULL)
249 l2cu_release_lcb(p_lcb);
250 else /* there are any CCBs remaining */
251 {
252 if (ci.status == HCI_ERR_CONNECTION_EXISTS) {
253 /* we are in collision situation, wait for connecttion request from
254 * controller */
255 p_lcb->link_state = LST_CONNECTING;
256 } else {
257 l2cu_create_conn(p_lcb, BT_TRANSPORT_BR_EDR);
258 }
259 }
260 }
261 return (true);
262 }
263
264 /*******************************************************************************
265 *
266 * Function l2c_link_sec_comp
267 *
268 * Description This function is called when required security procedures
269 * are completed.
270 *
271 * Returns void
272 *
273 ******************************************************************************/
l2c_link_sec_comp(BD_ADDR p_bda,UNUSED_ATTR tBT_TRANSPORT transport,void * p_ref_data,uint8_t status)274 void l2c_link_sec_comp(BD_ADDR p_bda, UNUSED_ATTR tBT_TRANSPORT transport,
275 void* p_ref_data, uint8_t status) {
276 tL2C_CONN_INFO ci;
277 tL2C_LCB* p_lcb;
278 tL2C_CCB* p_ccb;
279 tL2C_CCB* p_next_ccb;
280 uint8_t event;
281
282 L2CAP_TRACE_DEBUG("l2c_link_sec_comp: %d, 0x%x", status, p_ref_data);
283
284 if (status == BTM_SUCCESS_NO_SECURITY) status = BTM_SUCCESS;
285
286 /* Save the parameters */
287 ci.status = status;
288 memcpy(ci.bd_addr, p_bda, BD_ADDR_LEN);
289
290 p_lcb = l2cu_find_lcb_by_bd_addr(p_bda, transport);
291
292 /* If we don't have one, this is an error */
293 if (!p_lcb) {
294 L2CAP_TRACE_WARNING("L2CAP got sec_comp for unknown BD_ADDR");
295 return;
296 }
297
298 /* Match p_ccb with p_ref_data returned by sec manager */
299 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_next_ccb) {
300 p_next_ccb = p_ccb->p_next_ccb;
301
302 if (p_ccb == p_ref_data) {
303 switch (status) {
304 case BTM_SUCCESS:
305 event = L2CEVT_SEC_COMP;
306 break;
307
308 case BTM_DELAY_CHECK:
309 /* start a timer - encryption change not received before L2CAP connect
310 * req */
311 alarm_set_on_queue(
312 p_ccb->l2c_ccb_timer, L2CAP_DELAY_CHECK_SM4_TIMEOUT_MS,
313 l2c_ccb_timer_timeout, p_ccb, btu_general_alarm_queue);
314 return;
315
316 default:
317 event = L2CEVT_SEC_COMP_NEG;
318 }
319 l2c_csm_execute(p_ccb, event, &ci);
320 break;
321 }
322 }
323 }
324
325 /*******************************************************************************
326 *
327 * Function l2c_link_hci_disc_comp
328 *
329 * Description This function is called when an HCI Disconnect Complete
330 * event is received.
331 *
332 * Returns true if the link is known about, else false
333 *
334 ******************************************************************************/
l2c_link_hci_disc_comp(uint16_t handle,uint8_t reason)335 bool l2c_link_hci_disc_comp(uint16_t handle, uint8_t reason) {
336 tL2C_LCB* p_lcb;
337 tL2C_CCB* p_ccb;
338 bool status = true;
339 bool lcb_is_free = true;
340 tBT_TRANSPORT transport = BT_TRANSPORT_BR_EDR;
341
342 /* See if we have a link control block for the connection */
343 p_lcb = l2cu_find_lcb_by_handle(handle);
344
345 /* If we don't have one, maybe an SCO link. Send to MM */
346 if (!p_lcb) {
347 status = false;
348 } else {
349 /* There can be a case when we rejected PIN code authentication */
350 /* otherwise save a new reason */
351 if (btm_cb.acl_disc_reason != HCI_ERR_HOST_REJECT_SECURITY)
352 btm_cb.acl_disc_reason = reason;
353
354 p_lcb->disc_reason = btm_cb.acl_disc_reason;
355
356 /* Just in case app decides to try again in the callback context */
357 p_lcb->link_state = LST_DISCONNECTING;
358
359 /* Check for BLE and handle that differently */
360 if (p_lcb->transport == BT_TRANSPORT_LE)
361 btm_ble_update_link_topology_mask(p_lcb->link_role, false);
362 /* Link is disconnected. For all channels, send the event through */
363 /* their FSMs. The CCBs should remove themselves from the LCB */
364 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;) {
365 tL2C_CCB* pn = p_ccb->p_next_ccb;
366
367 /* Keep connect pending control block (if exists)
368 * Possible Race condition when a reconnect occurs
369 * on the channel during a disconnect of link. This
370 * ccb will be automatically retried after link disconnect
371 * arrives
372 */
373 if (p_ccb != p_lcb->p_pending_ccb) {
374 l2c_csm_execute(p_ccb, L2CEVT_LP_DISCONNECT_IND, &reason);
375 }
376 p_ccb = pn;
377 }
378
379 #if (BTM_SCO_INCLUDED == TRUE)
380 if (p_lcb->transport == BT_TRANSPORT_BR_EDR)
381 /* Tell SCO management to drop any SCOs on this ACL */
382 btm_sco_acl_removed(p_lcb->remote_bd_addr);
383 #endif
384
385 /* If waiting for disconnect and reconnect is pending start the reconnect
386 now
387 race condition where layer above issued connect request on link that was
388 disconnecting
389 */
390 if (p_lcb->ccb_queue.p_first_ccb != NULL || p_lcb->p_pending_ccb) {
391 L2CAP_TRACE_DEBUG(
392 "l2c_link_hci_disc_comp: Restarting pending ACL request");
393 transport = p_lcb->transport;
394 /* for LE link, always drop and re-open to ensure to get LE remote feature
395 */
396 if (p_lcb->transport == BT_TRANSPORT_LE) {
397 l2cb.is_ble_connecting = false;
398 btm_acl_removed(p_lcb->remote_bd_addr, p_lcb->transport);
399 /* Release any held buffers */
400 BT_HDR* p_buf;
401 while (!list_is_empty(p_lcb->link_xmit_data_q)) {
402 p_buf = static_cast<BT_HDR*>(list_front(p_lcb->link_xmit_data_q));
403 list_remove(p_lcb->link_xmit_data_q, p_buf);
404 osi_free(p_buf);
405 }
406 } else {
407 #if (L2CAP_NUM_FIXED_CHNLS > 0)
408 /* If we are going to re-use the LCB without dropping it, release all
409 fixed channels
410 here */
411 int xx;
412 for (xx = 0; xx < L2CAP_NUM_FIXED_CHNLS; xx++) {
413 if (p_lcb->p_fixed_ccbs[xx] &&
414 p_lcb->p_fixed_ccbs[xx] != p_lcb->p_pending_ccb) {
415 (*l2cb.fixed_reg[xx].pL2CA_FixedConn_Cb)(
416 xx + L2CAP_FIRST_FIXED_CHNL, p_lcb->remote_bd_addr, false,
417 p_lcb->disc_reason, p_lcb->transport);
418 if (p_lcb->p_fixed_ccbs[xx] == NULL) {
419 bdstr_t bd_addr_str = {0};
420 L2CAP_TRACE_ERROR(
421 "%s: unexpected p_fixed_ccbs[%d] is NULL remote_bd_addr = %s "
422 "p_lcb = %p in_use = %d link_state = %d handle = %d "
423 "link_role = %d is_bonding = %d disc_reason = %d transport = "
424 "%d",
425 __func__, xx,
426 bdaddr_to_string((bt_bdaddr_t*)&p_lcb->remote_bd_addr,
427 bd_addr_str, sizeof(bd_addr_str)),
428 p_lcb, p_lcb->in_use, p_lcb->link_state, p_lcb->handle,
429 p_lcb->link_role, p_lcb->is_bonding, p_lcb->disc_reason,
430 p_lcb->transport);
431 }
432 CHECK(p_lcb->p_fixed_ccbs[xx] != NULL);
433 l2cu_release_ccb(p_lcb->p_fixed_ccbs[xx]);
434
435 p_lcb->p_fixed_ccbs[xx] = NULL;
436 }
437 }
438 #endif
439 }
440 if (l2cu_create_conn(p_lcb, transport))
441 lcb_is_free = false; /* still using this lcb */
442 }
443
444 p_lcb->p_pending_ccb = NULL;
445
446 /* Release the LCB */
447 if (lcb_is_free) l2cu_release_lcb(p_lcb);
448 }
449
450 /* Now that we have a free acl connection, see if any lcbs are pending */
451 if (lcb_is_free &&
452 ((p_lcb = l2cu_find_lcb_by_state(LST_CONNECT_HOLDING)) != NULL)) {
453 /* we found one-- create a connection */
454 l2cu_create_conn(p_lcb, BT_TRANSPORT_BR_EDR);
455 }
456
457 return status;
458 }
459
460 /*******************************************************************************
461 *
462 * Function l2c_link_hci_qos_violation
463 *
464 * Description This function is called when an HCI QOS Violation
465 * event is received.
466 *
467 * Returns true if the link is known about, else false
468 *
469 ******************************************************************************/
l2c_link_hci_qos_violation(uint16_t handle)470 bool l2c_link_hci_qos_violation(uint16_t handle) {
471 tL2C_LCB* p_lcb;
472 tL2C_CCB* p_ccb;
473
474 /* See if we have a link control block for the connection */
475 p_lcb = l2cu_find_lcb_by_handle(handle);
476
477 /* If we don't have one, maybe an SCO link. */
478 if (!p_lcb) return (false);
479
480 /* For all channels, tell the upper layer about it */
481 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb) {
482 if (p_ccb->p_rcb->api.pL2CA_QoSViolationInd_Cb)
483 l2c_csm_execute(p_ccb, L2CEVT_LP_QOS_VIOLATION_IND, NULL);
484 }
485
486 return (true);
487 }
488
489 /*******************************************************************************
490 *
491 * Function l2c_link_timeout
492 *
493 * Description This function is called when a link timer expires
494 *
495 * Returns void
496 *
497 ******************************************************************************/
l2c_link_timeout(tL2C_LCB * p_lcb)498 void l2c_link_timeout(tL2C_LCB* p_lcb) {
499 tL2C_CCB* p_ccb;
500 tBTM_STATUS rc;
501
502 L2CAP_TRACE_EVENT(
503 "L2CAP - l2c_link_timeout() link state %d first CCB %p is_bonding:%d",
504 p_lcb->link_state, p_lcb->ccb_queue.p_first_ccb, p_lcb->is_bonding);
505
506 /* If link was connecting or disconnecting, clear all channels and drop the
507 * LCB */
508 if ((p_lcb->link_state == LST_CONNECTING_WAIT_SWITCH) ||
509 (p_lcb->link_state == LST_CONNECTING) ||
510 (p_lcb->link_state == LST_CONNECT_HOLDING) ||
511 (p_lcb->link_state == LST_DISCONNECTING)) {
512 p_lcb->p_pending_ccb = NULL;
513
514 /* For all channels, send a disconnect indication event through */
515 /* their FSMs. The CCBs should remove themselves from the LCB */
516 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;) {
517 tL2C_CCB* pn = p_ccb->p_next_ccb;
518
519 l2c_csm_execute(p_ccb, L2CEVT_LP_DISCONNECT_IND, NULL);
520
521 p_ccb = pn;
522 }
523 if (p_lcb->link_state == LST_CONNECTING && l2cb.is_ble_connecting == true) {
524 L2CA_CancelBleConnectReq(l2cb.ble_connecting_bda);
525 }
526 /* Release the LCB */
527 l2cu_release_lcb(p_lcb);
528 }
529
530 /* If link is connected, check for inactivity timeout */
531 if (p_lcb->link_state == LST_CONNECTED) {
532 /* Check for ping outstanding */
533 if (p_lcb->p_echo_rsp_cb) {
534 tL2CA_ECHO_RSP_CB* p_cb = p_lcb->p_echo_rsp_cb;
535
536 /* Zero out the callback in case app immediately calls us again */
537 p_lcb->p_echo_rsp_cb = NULL;
538
539 (*p_cb)(L2CAP_PING_RESULT_NO_RESP);
540
541 L2CAP_TRACE_WARNING("L2CAP - ping timeout");
542
543 /* For all channels, send a disconnect indication event through */
544 /* their FSMs. The CCBs should remove themselves from the LCB */
545 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;) {
546 tL2C_CCB* pn = p_ccb->p_next_ccb;
547
548 l2c_csm_execute(p_ccb, L2CEVT_LP_DISCONNECT_IND, NULL);
549
550 p_ccb = pn;
551 }
552 }
553
554 /* If no channels in use, drop the link. */
555 if (!p_lcb->ccb_queue.p_first_ccb) {
556 period_ms_t timeout_ms;
557 bool start_timeout = true;
558
559 rc = btm_sec_disconnect(p_lcb->handle, HCI_ERR_PEER_USER);
560
561 if (rc == BTM_CMD_STORED) {
562 /* Security Manager will take care of disconnecting, state will be
563 * updated at that time */
564 start_timeout = false;
565 } else if (rc == BTM_CMD_STARTED) {
566 p_lcb->link_state = LST_DISCONNECTING;
567 timeout_ms = L2CAP_LINK_DISCONNECT_TIMEOUT_MS;
568 } else if (rc == BTM_SUCCESS) {
569 l2cu_process_fixed_disc_cback(p_lcb);
570 /* BTM SEC will make sure that link is release (probably after pairing
571 * is done) */
572 p_lcb->link_state = LST_DISCONNECTING;
573 start_timeout = false;
574 } else if (rc == BTM_BUSY) {
575 /* BTM is still executing security process. Let lcb stay as connected */
576 start_timeout = false;
577 } else if (p_lcb->is_bonding) {
578 btsnd_hcic_disconnect(p_lcb->handle, HCI_ERR_PEER_USER);
579 l2cu_process_fixed_disc_cback(p_lcb);
580 p_lcb->link_state = LST_DISCONNECTING;
581 timeout_ms = L2CAP_LINK_DISCONNECT_TIMEOUT_MS;
582 } else {
583 /* probably no buffer to send disconnect */
584 timeout_ms = BT_1SEC_TIMEOUT_MS;
585 }
586
587 if (start_timeout) {
588 alarm_set_on_queue(p_lcb->l2c_lcb_timer, timeout_ms,
589 l2c_lcb_timer_timeout, p_lcb,
590 btu_general_alarm_queue);
591 }
592 } else {
593 /* Check in case we were flow controlled */
594 l2c_link_check_send_pkts(p_lcb, NULL, NULL);
595 }
596 }
597 }
598
599 /*******************************************************************************
600 *
601 * Function l2c_info_resp_timer_timeout
602 *
603 * Description This function is called when an info request times out
604 *
605 * Returns void
606 *
607 ******************************************************************************/
l2c_info_resp_timer_timeout(void * data)608 void l2c_info_resp_timer_timeout(void* data) {
609 tL2C_LCB* p_lcb = (tL2C_LCB*)data;
610 tL2C_CCB* p_ccb;
611 tL2C_CONN_INFO ci;
612
613 /* If we timed out waiting for info response, just continue using basic if
614 * allowed */
615 if (p_lcb->w4_info_rsp) {
616 /* If waiting for security complete, restart the info response timer */
617 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
618 p_ccb = p_ccb->p_next_ccb) {
619 if ((p_ccb->chnl_state == CST_ORIG_W4_SEC_COMP) ||
620 (p_ccb->chnl_state == CST_TERM_W4_SEC_COMP)) {
621 alarm_set_on_queue(
622 p_lcb->info_resp_timer, L2CAP_WAIT_INFO_RSP_TIMEOUT_MS,
623 l2c_info_resp_timer_timeout, p_lcb, btu_general_alarm_queue);
624 return;
625 }
626 }
627
628 p_lcb->w4_info_rsp = false;
629
630 /* If link is in process of being brought up */
631 if ((p_lcb->link_state != LST_DISCONNECTED) &&
632 (p_lcb->link_state != LST_DISCONNECTING)) {
633 /* Notify active channels that peer info is finished */
634 if (p_lcb->ccb_queue.p_first_ccb) {
635 ci.status = HCI_SUCCESS;
636 memcpy(ci.bd_addr, p_lcb->remote_bd_addr, sizeof(BD_ADDR));
637
638 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
639 p_ccb = p_ccb->p_next_ccb) {
640 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_INFO_RSP, &ci);
641 }
642 }
643 }
644 }
645 }
646
647 /*******************************************************************************
648 *
649 * Function l2c_link_adjust_allocation
650 *
651 * Description This function is called when a link is created or removed
652 * to calculate the amount of packets each link may send to
653 * the HCI without an ack coming back.
654 *
655 * Currently, this is a simple allocation, dividing the
656 * number of Controller Packets by the number of links. In
657 * the future, QOS configuration should be examined.
658 *
659 * Returns void
660 *
661 ******************************************************************************/
l2c_link_adjust_allocation(void)662 void l2c_link_adjust_allocation(void) {
663 uint16_t qq, yy, qq_remainder;
664 tL2C_LCB* p_lcb;
665 uint16_t hi_quota, low_quota;
666 uint16_t num_lowpri_links = 0;
667 uint16_t num_hipri_links = 0;
668 uint16_t controller_xmit_quota = l2cb.num_lm_acl_bufs;
669 uint16_t high_pri_link_quota = L2CAP_HIGH_PRI_MIN_XMIT_QUOTA_A;
670
671 /* If no links active, reset buffer quotas and controller buffers */
672 if (l2cb.num_links_active == 0) {
673 l2cb.controller_xmit_window = l2cb.num_lm_acl_bufs;
674 l2cb.round_robin_quota = l2cb.round_robin_unacked = 0;
675 return;
676 }
677
678 /* First, count the links */
679 for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++) {
680 if (p_lcb->in_use) {
681 if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)
682 num_hipri_links++;
683 else
684 num_lowpri_links++;
685 }
686 }
687
688 /* now adjust high priority link quota */
689 low_quota = num_lowpri_links ? 1 : 0;
690 while ((num_hipri_links * high_pri_link_quota + low_quota) >
691 controller_xmit_quota)
692 high_pri_link_quota--;
693
694 /* Work out the xmit quota and buffer quota high and low priorities */
695 hi_quota = num_hipri_links * high_pri_link_quota;
696 low_quota =
697 (hi_quota < controller_xmit_quota) ? controller_xmit_quota - hi_quota : 1;
698
699 /* Work out and save the HCI xmit quota for each low priority link */
700
701 /* If each low priority link cannot have at least one buffer */
702 if (num_lowpri_links > low_quota) {
703 l2cb.round_robin_quota = low_quota;
704 qq = qq_remainder = 1;
705 }
706 /* If each low priority link can have at least one buffer */
707 else if (num_lowpri_links > 0) {
708 l2cb.round_robin_quota = 0;
709 l2cb.round_robin_unacked = 0;
710 qq = low_quota / num_lowpri_links;
711 qq_remainder = low_quota % num_lowpri_links;
712 }
713 /* If no low priority link */
714 else {
715 l2cb.round_robin_quota = 0;
716 l2cb.round_robin_unacked = 0;
717 qq = qq_remainder = 1;
718 }
719
720 L2CAP_TRACE_EVENT(
721 "l2c_link_adjust_allocation num_hipri: %u num_lowpri: %u low_quota: "
722 "%u round_robin_quota: %u qq: %u",
723 num_hipri_links, num_lowpri_links, low_quota, l2cb.round_robin_quota, qq);
724
725 /* Now, assign the quotas to each link */
726 for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++) {
727 if (p_lcb->in_use) {
728 if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH) {
729 p_lcb->link_xmit_quota = high_pri_link_quota;
730 } else {
731 /* Safety check in case we switched to round-robin with something
732 * outstanding */
733 /* if sent_not_acked is added into round_robin_unacked then don't add it
734 * again */
735 /* l2cap keeps updating sent_not_acked for exiting from round robin */
736 if ((p_lcb->link_xmit_quota > 0) && (qq == 0))
737 l2cb.round_robin_unacked += p_lcb->sent_not_acked;
738
739 p_lcb->link_xmit_quota = qq;
740 if (qq_remainder > 0) {
741 p_lcb->link_xmit_quota++;
742 qq_remainder--;
743 }
744 }
745
746 L2CAP_TRACE_EVENT(
747 "l2c_link_adjust_allocation LCB %d Priority: %d XmitQuota: %d", yy,
748 p_lcb->acl_priority, p_lcb->link_xmit_quota);
749
750 L2CAP_TRACE_EVENT(" SentNotAcked: %d RRUnacked: %d",
751 p_lcb->sent_not_acked, l2cb.round_robin_unacked);
752
753 /* There is a special case where we have readjusted the link quotas and */
754 /* this link may have sent anything but some other link sent packets so */
755 /* so we may need a timer to kick off this link's transmissions. */
756 if ((p_lcb->link_state == LST_CONNECTED) &&
757 (!list_is_empty(p_lcb->link_xmit_data_q)) &&
758 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
759 alarm_set_on_queue(
760 p_lcb->l2c_lcb_timer, L2CAP_LINK_FLOW_CONTROL_TIMEOUT_MS,
761 l2c_lcb_timer_timeout, p_lcb, btu_general_alarm_queue);
762 }
763 }
764 }
765 }
766
767 /*******************************************************************************
768 *
769 * Function l2c_link_adjust_chnl_allocation
770 *
771 * Description This function is called to calculate the amount of packets
772 * each non-F&EC channel may have outstanding.
773 *
774 * Currently, this is a simple allocation, dividing the number
775 * of packets allocated to the link by the number of channels.
776 * In the future, QOS configuration should be examined.
777 *
778 * Returns void
779 *
780 ******************************************************************************/
l2c_link_adjust_chnl_allocation(void)781 void l2c_link_adjust_chnl_allocation(void) {
782 uint8_t xx;
783
784 L2CAP_TRACE_DEBUG("%s", __func__);
785
786 /* assign buffer quota to each channel based on its data rate requirement */
787 for (xx = 0; xx < MAX_L2CAP_CHANNELS; xx++) {
788 tL2C_CCB* p_ccb = l2cb.ccb_pool + xx;
789
790 if (!p_ccb->in_use) continue;
791
792 tL2CAP_CHNL_DATA_RATE data_rate = p_ccb->tx_data_rate + p_ccb->rx_data_rate;
793 p_ccb->buff_quota = L2CAP_CBB_DEFAULT_DATA_RATE_BUFF_QUOTA * data_rate;
794 L2CAP_TRACE_EVENT(
795 "CID:0x%04x FCR Mode:%u Priority:%u TxDataRate:%u RxDataRate:%u "
796 "Quota:%u",
797 p_ccb->local_cid, p_ccb->peer_cfg.fcr.mode, p_ccb->ccb_priority,
798 p_ccb->tx_data_rate, p_ccb->rx_data_rate, p_ccb->buff_quota);
799
800 /* quota may be change so check congestion */
801 l2cu_check_channel_congestion(p_ccb);
802 }
803 }
804
805 /*******************************************************************************
806 *
807 * Function l2c_link_processs_num_bufs
808 *
809 * Description This function is called when a "controller buffer size"
810 * event is first received from the controller. It updates
811 * the L2CAP values.
812 *
813 * Returns void
814 *
815 ******************************************************************************/
l2c_link_processs_num_bufs(uint16_t num_lm_acl_bufs)816 void l2c_link_processs_num_bufs(uint16_t num_lm_acl_bufs) {
817 l2cb.num_lm_acl_bufs = l2cb.controller_xmit_window = num_lm_acl_bufs;
818 }
819
820 /*******************************************************************************
821 *
822 * Function l2c_link_pkts_rcvd
823 *
824 * Description This function is called from the HCI transport when it is
825 * time to send a "Host ready for packets" command. This is
826 * only when host to controller flow control is used. It fills
827 * in the arrays of numbers of packets and handles.
828 *
829 * Returns count of number of entries filled in
830 *
831 ******************************************************************************/
l2c_link_pkts_rcvd(UNUSED_ATTR uint16_t * num_pkts,UNUSED_ATTR uint16_t * handles)832 uint8_t l2c_link_pkts_rcvd(UNUSED_ATTR uint16_t* num_pkts,
833 UNUSED_ATTR uint16_t* handles) {
834 uint8_t num_found = 0;
835
836 return (num_found);
837 }
838
839 /*******************************************************************************
840 *
841 * Function l2c_link_role_changed
842 *
843 * Description This function is called whan a link's master/slave role
844 * change event is received. It simply updates the link control
845 * block.
846 *
847 * Returns void
848 *
849 ******************************************************************************/
l2c_link_role_changed(BD_ADDR bd_addr,uint8_t new_role,uint8_t hci_status)850 void l2c_link_role_changed(BD_ADDR bd_addr, uint8_t new_role,
851 uint8_t hci_status) {
852 tL2C_LCB* p_lcb;
853 int xx;
854
855 /* Make sure not called from HCI Command Status (bd_addr and new_role are
856 * invalid) */
857 if (bd_addr) {
858 /* If here came form hci role change event */
859 p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_BR_EDR);
860 if (p_lcb) {
861 p_lcb->link_role = new_role;
862
863 /* Reset high priority link if needed */
864 if (hci_status == HCI_SUCCESS)
865 l2cu_set_acl_priority(bd_addr, p_lcb->acl_priority, true);
866 }
867 }
868
869 /* Check if any LCB was waiting for switch to be completed */
870 for (xx = 0, p_lcb = &l2cb.lcb_pool[0]; xx < MAX_L2CAP_LINKS; xx++, p_lcb++) {
871 if ((p_lcb->in_use) && (p_lcb->link_state == LST_CONNECTING_WAIT_SWITCH)) {
872 l2cu_create_conn_after_switch(p_lcb);
873 }
874 }
875 }
876
877 /*******************************************************************************
878 *
879 * Function l2c_pin_code_request
880 *
881 * Description This function is called whan a pin-code request is received
882 * on a connection. If there are no channels active yet on the
883 * link, it extends the link first connection timer. Make sure
884 * that inactivity timer is not extended if PIN code happens
885 * to be after last ccb released.
886 *
887 * Returns void
888 *
889 ******************************************************************************/
l2c_pin_code_request(BD_ADDR bd_addr)890 void l2c_pin_code_request(BD_ADDR bd_addr) {
891 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_BR_EDR);
892
893 if ((p_lcb) && (!p_lcb->ccb_queue.p_first_ccb)) {
894 alarm_set_on_queue(p_lcb->l2c_lcb_timer, L2CAP_LINK_CONNECT_EXT_TIMEOUT_MS,
895 l2c_lcb_timer_timeout, p_lcb, btu_general_alarm_queue);
896 }
897 }
898
899 #if (L2CAP_WAKE_PARKED_LINK == TRUE)
900 /*******************************************************************************
901 *
902 * Function l2c_link_check_power_mode
903 *
904 * Description This function is called to check power mode.
905 *
906 * Returns true if link is going to be active from park
907 * false if nothing to send or not in park mode
908 *
909 ******************************************************************************/
l2c_link_check_power_mode(tL2C_LCB * p_lcb)910 bool l2c_link_check_power_mode(tL2C_LCB* p_lcb) {
911 tBTM_PM_MODE mode;
912 tL2C_CCB* p_ccb;
913 bool need_to_active = false;
914
915 /*
916 * We only switch park to active only if we have unsent packets
917 */
918 if (list_is_empty(p_lcb->link_xmit_data_q)) {
919 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
920 p_ccb = p_ccb->p_next_ccb) {
921 if (!fixed_queue_is_empty(p_ccb->xmit_hold_q)) {
922 need_to_active = true;
923 break;
924 }
925 }
926 } else
927 need_to_active = true;
928
929 /* if we have packets to send */
930 if (need_to_active) {
931 /* check power mode */
932 if (BTM_ReadPowerMode(p_lcb->remote_bd_addr, &mode) == BTM_SUCCESS) {
933 if (mode == BTM_PM_STS_PENDING) {
934 L2CAP_TRACE_DEBUG("LCB(0x%x) is in PM pending state", p_lcb->handle);
935
936 return true;
937 }
938 }
939 }
940 return false;
941 }
942 #endif /* L2CAP_WAKE_PARKED_LINK == TRUE) */
943
944 /*******************************************************************************
945 *
946 * Function l2c_link_check_send_pkts
947 *
948 * Description This function is called to check if it can send packets
949 * to the Host Controller. It may be passed the address of
950 * a packet to send.
951 *
952 * Returns void
953 *
954 ******************************************************************************/
l2c_link_check_send_pkts(tL2C_LCB * p_lcb,tL2C_CCB * p_ccb,BT_HDR * p_buf)955 void l2c_link_check_send_pkts(tL2C_LCB* p_lcb, tL2C_CCB* p_ccb, BT_HDR* p_buf) {
956 int xx;
957 bool single_write = false;
958
959 /* Save the channel ID for faster counting */
960 if (p_buf) {
961 if (p_ccb != NULL) {
962 p_buf->event = p_ccb->local_cid;
963 single_write = true;
964 } else
965 p_buf->event = 0;
966
967 p_buf->layer_specific = 0;
968 list_append(p_lcb->link_xmit_data_q, p_buf);
969
970 if (p_lcb->link_xmit_quota == 0) {
971 if (p_lcb->transport == BT_TRANSPORT_LE)
972 l2cb.ble_check_round_robin = true;
973 else
974 l2cb.check_round_robin = true;
975 }
976 }
977
978 /* If this is called from uncongested callback context break recursive
979 *calling.
980 ** This LCB will be served when receiving number of completed packet event.
981 */
982 if (l2cb.is_cong_cback_context) return;
983
984 /* If we are in a scenario where there are not enough buffers for each link to
985 ** have at least 1, then do a round-robin for all the LCBs
986 */
987 if ((p_lcb == NULL) || (p_lcb->link_xmit_quota == 0)) {
988 if (p_lcb == NULL)
989 p_lcb = l2cb.lcb_pool;
990 else if (!single_write)
991 p_lcb++;
992
993 /* Loop through, starting at the next */
994 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++) {
995 /* If controller window is full, nothing to do */
996 if (((l2cb.controller_xmit_window == 0 ||
997 (l2cb.round_robin_unacked >= l2cb.round_robin_quota)) &&
998 (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
999 (p_lcb->transport == BT_TRANSPORT_LE &&
1000 (l2cb.ble_round_robin_unacked >= l2cb.ble_round_robin_quota ||
1001 l2cb.controller_le_xmit_window == 0)))
1002 break;
1003
1004 /* Check for wraparound */
1005 if (p_lcb == &l2cb.lcb_pool[MAX_L2CAP_LINKS]) p_lcb = &l2cb.lcb_pool[0];
1006
1007 if ((!p_lcb->in_use) || (p_lcb->partial_segment_being_sent) ||
1008 (p_lcb->link_state != LST_CONNECTED) ||
1009 (p_lcb->link_xmit_quota != 0) || (L2C_LINK_CHECK_POWER_MODE(p_lcb)))
1010 continue;
1011
1012 /* See if we can send anything from the Link Queue */
1013 if (!list_is_empty(p_lcb->link_xmit_data_q)) {
1014 p_buf = (BT_HDR*)list_front(p_lcb->link_xmit_data_q);
1015 list_remove(p_lcb->link_xmit_data_q, p_buf);
1016 l2c_link_send_to_lower(p_lcb, p_buf);
1017 } else if (single_write) {
1018 /* If only doing one write, break out */
1019 break;
1020 }
1021 /* If nothing on the link queue, check the channel queue */
1022 else {
1023 p_buf = l2cu_get_next_buffer_to_send(p_lcb);
1024 if (p_buf != NULL) {
1025 l2c_link_send_to_lower(p_lcb, p_buf);
1026 }
1027 }
1028 }
1029
1030 /* If we finished without using up our quota, no need for a safety check */
1031 if ((l2cb.controller_xmit_window > 0) &&
1032 (l2cb.round_robin_unacked < l2cb.round_robin_quota) &&
1033 (p_lcb->transport == BT_TRANSPORT_BR_EDR))
1034 l2cb.check_round_robin = false;
1035
1036 if ((l2cb.controller_le_xmit_window > 0) &&
1037 (l2cb.ble_round_robin_unacked < l2cb.ble_round_robin_quota) &&
1038 (p_lcb->transport == BT_TRANSPORT_LE))
1039 l2cb.ble_check_round_robin = false;
1040 } else /* if this is not round-robin service */
1041 {
1042 /* If a partial segment is being sent, can't send anything else */
1043 if ((p_lcb->partial_segment_being_sent) ||
1044 (p_lcb->link_state != LST_CONNECTED) ||
1045 (L2C_LINK_CHECK_POWER_MODE(p_lcb)))
1046 return;
1047
1048 /* See if we can send anything from the link queue */
1049 while (((l2cb.controller_xmit_window != 0 &&
1050 (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
1051 (l2cb.controller_le_xmit_window != 0 &&
1052 (p_lcb->transport == BT_TRANSPORT_LE))) &&
1053 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
1054 if (list_is_empty(p_lcb->link_xmit_data_q)) break;
1055
1056 p_buf = (BT_HDR*)list_front(p_lcb->link_xmit_data_q);
1057 list_remove(p_lcb->link_xmit_data_q, p_buf);
1058 if (!l2c_link_send_to_lower(p_lcb, p_buf)) break;
1059 }
1060
1061 if (!single_write) {
1062 /* See if we can send anything for any channel */
1063 while (((l2cb.controller_xmit_window != 0 &&
1064 (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
1065 (l2cb.controller_le_xmit_window != 0 &&
1066 (p_lcb->transport == BT_TRANSPORT_LE))) &&
1067 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
1068 p_buf = l2cu_get_next_buffer_to_send(p_lcb);
1069 if (p_buf == NULL) break;
1070
1071 if (!l2c_link_send_to_lower(p_lcb, p_buf)) break;
1072 }
1073 }
1074
1075 /* There is a special case where we have readjusted the link quotas and */
1076 /* this link may have sent anything but some other link sent packets so */
1077 /* so we may need a timer to kick off this link's transmissions. */
1078 if ((!list_is_empty(p_lcb->link_xmit_data_q)) &&
1079 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
1080 alarm_set_on_queue(p_lcb->l2c_lcb_timer,
1081 L2CAP_LINK_FLOW_CONTROL_TIMEOUT_MS,
1082 l2c_lcb_timer_timeout, p_lcb, btu_general_alarm_queue);
1083 }
1084 }
1085 }
1086
1087 /*******************************************************************************
1088 *
1089 * Function l2c_link_send_to_lower
1090 *
1091 * Description This function queues the buffer for HCI transmission
1092 *
1093 * Returns true for success, false for fail
1094 *
1095 ******************************************************************************/
l2c_link_send_to_lower(tL2C_LCB * p_lcb,BT_HDR * p_buf)1096 static bool l2c_link_send_to_lower(tL2C_LCB* p_lcb, BT_HDR* p_buf) {
1097 uint16_t num_segs;
1098 uint16_t xmit_window, acl_data_size;
1099 const controller_t* controller = controller_get_interface();
1100
1101 if ((p_buf->len <= controller->get_acl_packet_size_classic() &&
1102 (p_lcb->transport == BT_TRANSPORT_BR_EDR)) ||
1103 ((p_lcb->transport == BT_TRANSPORT_LE) &&
1104 (p_buf->len <= controller->get_acl_packet_size_ble()))) {
1105 if (p_lcb->link_xmit_quota == 0) {
1106 if (p_lcb->transport == BT_TRANSPORT_LE)
1107 l2cb.ble_round_robin_unacked++;
1108 else
1109 l2cb.round_robin_unacked++;
1110 }
1111 p_lcb->sent_not_acked++;
1112 p_buf->layer_specific = 0;
1113
1114 if (p_lcb->transport == BT_TRANSPORT_LE) {
1115 l2cb.controller_le_xmit_window--;
1116 bte_main_hci_send(
1117 p_buf, (uint16_t)(BT_EVT_TO_LM_HCI_ACL | LOCAL_BLE_CONTROLLER_ID));
1118 } else {
1119 l2cb.controller_xmit_window--;
1120 bte_main_hci_send(p_buf, BT_EVT_TO_LM_HCI_ACL);
1121 }
1122 } else {
1123 if (p_lcb->transport == BT_TRANSPORT_LE) {
1124 acl_data_size = controller->get_acl_data_size_ble();
1125 xmit_window = l2cb.controller_le_xmit_window;
1126
1127 } else {
1128 acl_data_size = controller->get_acl_data_size_classic();
1129 xmit_window = l2cb.controller_xmit_window;
1130 }
1131 num_segs = (p_buf->len - HCI_DATA_PREAMBLE_SIZE + acl_data_size - 1) /
1132 acl_data_size;
1133
1134 /* If doing round-robin, then only 1 segment each time */
1135 if (p_lcb->link_xmit_quota == 0) {
1136 num_segs = 1;
1137 p_lcb->partial_segment_being_sent = true;
1138 } else {
1139 /* Multi-segment packet. Make sure it can fit */
1140 if (num_segs > xmit_window) {
1141 num_segs = xmit_window;
1142 p_lcb->partial_segment_being_sent = true;
1143 }
1144
1145 if (num_segs > (p_lcb->link_xmit_quota - p_lcb->sent_not_acked)) {
1146 num_segs = (p_lcb->link_xmit_quota - p_lcb->sent_not_acked);
1147 p_lcb->partial_segment_being_sent = true;
1148 }
1149 }
1150
1151 p_buf->layer_specific = num_segs;
1152 if (p_lcb->transport == BT_TRANSPORT_LE) {
1153 l2cb.controller_le_xmit_window -= num_segs;
1154 if (p_lcb->link_xmit_quota == 0) l2cb.ble_round_robin_unacked += num_segs;
1155 } else {
1156 l2cb.controller_xmit_window -= num_segs;
1157
1158 if (p_lcb->link_xmit_quota == 0) l2cb.round_robin_unacked += num_segs;
1159 }
1160
1161 p_lcb->sent_not_acked += num_segs;
1162 if (p_lcb->transport == BT_TRANSPORT_LE) {
1163 bte_main_hci_send(
1164 p_buf, (uint16_t)(BT_EVT_TO_LM_HCI_ACL | LOCAL_BLE_CONTROLLER_ID));
1165 } else {
1166 bte_main_hci_send(p_buf, BT_EVT_TO_LM_HCI_ACL);
1167 }
1168 }
1169
1170 #if (L2CAP_HCI_FLOW_CONTROL_DEBUG == TRUE)
1171 if (p_lcb->transport == BT_TRANSPORT_LE) {
1172 L2CAP_TRACE_DEBUG(
1173 "TotalWin=%d,Hndl=0x%x,Quota=%d,Unack=%d,RRQuota=%d,RRUnack=%d",
1174 l2cb.controller_le_xmit_window, p_lcb->handle, p_lcb->link_xmit_quota,
1175 p_lcb->sent_not_acked, l2cb.ble_round_robin_quota,
1176 l2cb.ble_round_robin_unacked);
1177 } else {
1178 L2CAP_TRACE_DEBUG(
1179 "TotalWin=%d,Hndl=0x%x,Quota=%d,Unack=%d,RRQuota=%d,RRUnack=%d",
1180 l2cb.controller_xmit_window, p_lcb->handle, p_lcb->link_xmit_quota,
1181 p_lcb->sent_not_acked, l2cb.round_robin_quota,
1182 l2cb.round_robin_unacked);
1183 }
1184 #endif
1185
1186 return true;
1187 }
1188
1189 /*******************************************************************************
1190 *
1191 * Function l2c_link_process_num_completed_pkts
1192 *
1193 * Description This function is called when a "number-of-completed-packets"
1194 * event is received from the controller. It updates all the
1195 * LCB transmit counts.
1196 *
1197 * Returns void
1198 *
1199 ******************************************************************************/
l2c_link_process_num_completed_pkts(uint8_t * p)1200 void l2c_link_process_num_completed_pkts(uint8_t* p) {
1201 uint8_t num_handles, xx;
1202 uint16_t handle;
1203 uint16_t num_sent;
1204 tL2C_LCB* p_lcb;
1205
1206 STREAM_TO_UINT8(num_handles, p);
1207
1208 for (xx = 0; xx < num_handles; xx++) {
1209 STREAM_TO_UINT16(handle, p);
1210 STREAM_TO_UINT16(num_sent, p);
1211
1212 p_lcb = l2cu_find_lcb_by_handle(handle);
1213
1214 /* Callback for number of completed packet event */
1215 /* Originally designed for [3DSG] */
1216 if ((p_lcb != NULL) && (p_lcb->p_nocp_cb)) {
1217 L2CAP_TRACE_DEBUG("L2CAP - calling NoCP callback");
1218 (*p_lcb->p_nocp_cb)(p_lcb->remote_bd_addr);
1219 }
1220
1221 if (p_lcb) {
1222 if (p_lcb && (p_lcb->transport == BT_TRANSPORT_LE))
1223 l2cb.controller_le_xmit_window += num_sent;
1224 else {
1225 /* Maintain the total window to the controller */
1226 l2cb.controller_xmit_window += num_sent;
1227 }
1228 /* If doing round-robin, adjust communal counts */
1229 if (p_lcb->link_xmit_quota == 0) {
1230 if (p_lcb->transport == BT_TRANSPORT_LE) {
1231 /* Don't go negative */
1232 if (l2cb.ble_round_robin_unacked > num_sent)
1233 l2cb.ble_round_robin_unacked -= num_sent;
1234 else
1235 l2cb.ble_round_robin_unacked = 0;
1236 } else {
1237 /* Don't go negative */
1238 if (l2cb.round_robin_unacked > num_sent)
1239 l2cb.round_robin_unacked -= num_sent;
1240 else
1241 l2cb.round_robin_unacked = 0;
1242 }
1243 }
1244
1245 /* Don't go negative */
1246 if (p_lcb->sent_not_acked > num_sent)
1247 p_lcb->sent_not_acked -= num_sent;
1248 else
1249 p_lcb->sent_not_acked = 0;
1250
1251 l2c_link_check_send_pkts(p_lcb, NULL, NULL);
1252
1253 /* If we were doing round-robin for low priority links, check 'em */
1254 if ((p_lcb->acl_priority == L2CAP_PRIORITY_HIGH) &&
1255 (l2cb.check_round_robin) &&
1256 (l2cb.round_robin_unacked < l2cb.round_robin_quota)) {
1257 l2c_link_check_send_pkts(NULL, NULL, NULL);
1258 }
1259 if ((p_lcb->transport == BT_TRANSPORT_LE) &&
1260 (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH) &&
1261 ((l2cb.ble_check_round_robin) &&
1262 (l2cb.ble_round_robin_unacked < l2cb.ble_round_robin_quota))) {
1263 l2c_link_check_send_pkts(NULL, NULL, NULL);
1264 }
1265 }
1266
1267 #if (L2CAP_HCI_FLOW_CONTROL_DEBUG == TRUE)
1268 if (p_lcb) {
1269 if (p_lcb->transport == BT_TRANSPORT_LE) {
1270 L2CAP_TRACE_DEBUG(
1271 "TotalWin=%d,LinkUnack(0x%x)=%d,RRCheck=%d,RRUnack=%d",
1272 l2cb.controller_le_xmit_window, p_lcb->handle,
1273 p_lcb->sent_not_acked, l2cb.ble_check_round_robin,
1274 l2cb.ble_round_robin_unacked);
1275 } else {
1276 L2CAP_TRACE_DEBUG(
1277 "TotalWin=%d,LinkUnack(0x%x)=%d,RRCheck=%d,RRUnack=%d",
1278 l2cb.controller_xmit_window, p_lcb->handle, p_lcb->sent_not_acked,
1279 l2cb.check_round_robin, l2cb.round_robin_unacked);
1280 }
1281 } else {
1282 L2CAP_TRACE_DEBUG(
1283 "TotalWin=%d LE_Win: %d, Handle=0x%x, RRCheck=%d, RRUnack=%d",
1284 l2cb.controller_xmit_window, l2cb.controller_le_xmit_window, handle,
1285 l2cb.ble_check_round_robin, l2cb.ble_round_robin_unacked);
1286 }
1287 #endif
1288 }
1289 }
1290
1291 /*******************************************************************************
1292 *
1293 * Function l2c_link_segments_xmitted
1294 *
1295 * Description This function is called from the HCI Interface when an ACL
1296 * data packet segment is transmitted.
1297 *
1298 * Returns void
1299 *
1300 ******************************************************************************/
l2c_link_segments_xmitted(BT_HDR * p_msg)1301 void l2c_link_segments_xmitted(BT_HDR* p_msg) {
1302 uint8_t* p = (uint8_t*)(p_msg + 1) + p_msg->offset;
1303 uint16_t handle;
1304 tL2C_LCB* p_lcb;
1305
1306 /* Extract the handle */
1307 STREAM_TO_UINT16(handle, p);
1308 handle = HCID_GET_HANDLE(handle);
1309
1310 /* Find the LCB based on the handle */
1311 p_lcb = l2cu_find_lcb_by_handle(handle);
1312 if (p_lcb == NULL) {
1313 L2CAP_TRACE_WARNING("L2CAP - rcvd segment complete, unknown handle: %d",
1314 handle);
1315 osi_free(p_msg);
1316 return;
1317 }
1318
1319 if (p_lcb->link_state == LST_CONNECTED) {
1320 /* Enqueue the buffer to the head of the transmit queue, and see */
1321 /* if we can transmit anything more. */
1322 list_prepend(p_lcb->link_xmit_data_q, p_msg);
1323
1324 p_lcb->partial_segment_being_sent = false;
1325
1326 l2c_link_check_send_pkts(p_lcb, NULL, NULL);
1327 } else
1328 osi_free(p_msg);
1329 }
1330