1 /******************************************************************************
2 *
3 * Copyright 2009-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * this file contains functions relating to BLE management.
22 *
23 ******************************************************************************/
24
25 #include <base/logging.h>
26 #include <base/strings/stringprintf.h>
27 #include <string.h>
28 #include "bt_target.h"
29 #include "bt_utils.h"
30 #include "bta_hearing_aid_api.h"
31 #include "btm_int.h"
32 #include "btu.h"
33 #include "device/include/controller.h"
34 #include "hcimsgs.h"
35 #include "l2c_int.h"
36 #include "l2cdefs.h"
37 #include "log/log.h"
38 #include "osi/include/osi.h"
39 #include "stack_config.h"
40
41 using base::StringPrintf;
42
43 static void l2cble_start_conn_update(tL2C_LCB* p_lcb);
44
45 /*******************************************************************************
46 *
47 * Function L2CA_CancelBleConnectReq
48 *
49 * Description Cancel a pending connection attempt to a BLE device.
50 *
51 * Parameters: BD Address of remote
52 *
53 * Return value: true if connection was cancelled
54 *
55 ******************************************************************************/
L2CA_CancelBleConnectReq(const RawAddress & rem_bda)56 bool L2CA_CancelBleConnectReq(const RawAddress& rem_bda) {
57 tL2C_LCB* p_lcb;
58
59 /* There can be only one BLE connection request outstanding at a time */
60 if (btm_ble_get_conn_st() == BLE_CONN_IDLE) {
61 L2CAP_TRACE_WARNING("%s - no connection pending", __func__);
62 return (false);
63 }
64
65 if (rem_bda != l2cb.ble_connecting_bda) {
66 LOG(WARNING) << __func__
67 << " different BDA Connecting: " << l2cb.ble_connecting_bda
68 << " Cancel: " << rem_bda;
69
70 btm_ble_dequeue_direct_conn_req(rem_bda);
71 return (false);
72 }
73
74 btsnd_hcic_ble_create_conn_cancel();
75
76 p_lcb = l2cu_find_lcb_by_bd_addr(rem_bda, BT_TRANSPORT_LE);
77 /* Do not remove lcb if an LE link is already up as a peripheral */
78 if (p_lcb != NULL &&
79 !(p_lcb->link_role == HCI_ROLE_SLAVE &&
80 btm_bda_to_acl(rem_bda, BT_TRANSPORT_LE) != NULL)) {
81 p_lcb->disc_reason = L2CAP_CONN_CANCEL;
82 l2cu_release_lcb(p_lcb);
83 }
84 /* update state to be cancel, wait for connection cancel complete */
85 btm_ble_set_conn_st(BLE_CONN_CANCEL);
86
87 return (true);
88 }
89
90 /*******************************************************************************
91 *
92 * Function L2CA_UpdateBleConnParams
93 *
94 * Description Update BLE connection parameters.
95 *
96 * Parameters: BD Address of remote
97 *
98 * Return value: true if update started
99 *
100 ******************************************************************************/
L2CA_UpdateBleConnParams(const RawAddress & rem_bda,uint16_t min_int,uint16_t max_int,uint16_t latency,uint16_t timeout,uint16_t min_ce_len,uint16_t max_ce_len)101 bool L2CA_UpdateBleConnParams(const RawAddress& rem_bda, uint16_t min_int,
102 uint16_t max_int, uint16_t latency,
103 uint16_t timeout, uint16_t min_ce_len,
104 uint16_t max_ce_len) {
105 tL2C_LCB* p_lcb;
106 tACL_CONN* p_acl_cb = btm_bda_to_acl(rem_bda, BT_TRANSPORT_LE);
107
108 /* See if we have a link control block for the remote device */
109 p_lcb = l2cu_find_lcb_by_bd_addr(rem_bda, BT_TRANSPORT_LE);
110
111 /* If we don't have one, create one and accept the connection. */
112 if (!p_lcb || !p_acl_cb) {
113 LOG(WARNING) << __func__ << " - unknown BD_ADDR " << rem_bda;
114 return (false);
115 }
116
117 if (p_lcb->transport != BT_TRANSPORT_LE) {
118 LOG(WARNING) << __func__ << " - BD_ADDR " << rem_bda << " not LE";
119 return (false);
120 }
121
122 VLOG(2) << __func__ << ": BD_ADDR=" << rem_bda << ", min_int=" << min_int
123 << ", max_int=" << max_int << ", min_ce_len=" << min_ce_len
124 << ", max_ce_len=" << max_ce_len;
125
126 p_lcb->min_interval = min_int;
127 p_lcb->max_interval = max_int;
128 p_lcb->latency = latency;
129 p_lcb->timeout = timeout;
130 p_lcb->conn_update_mask |= L2C_BLE_NEW_CONN_PARAM;
131 p_lcb->min_ce_len = min_ce_len;
132 p_lcb->max_ce_len = max_ce_len;
133
134 l2cble_start_conn_update(p_lcb);
135
136 return (true);
137 }
138
L2CA_UpdateBleConnParams(const RawAddress & rem_bda,uint16_t min_int,uint16_t max_int,uint16_t latency,uint16_t timeout)139 bool L2CA_UpdateBleConnParams(const RawAddress& rem_bda, uint16_t min_int,
140 uint16_t max_int, uint16_t latency,
141 uint16_t timeout) {
142 return L2CA_UpdateBleConnParams(rem_bda, min_int, max_int, latency, timeout,
143 0, 0);
144 }
145
146 /*******************************************************************************
147 *
148 * Function L2CA_EnableUpdateBleConnParams
149 *
150 * Description Enable or disable update based on the request from the peer
151 *
152 * Parameters: BD Address of remote
153 *
154 * Return value: true if update started
155 *
156 ******************************************************************************/
L2CA_EnableUpdateBleConnParams(const RawAddress & rem_bda,bool enable)157 bool L2CA_EnableUpdateBleConnParams(const RawAddress& rem_bda, bool enable) {
158 if (stack_config_get_interface()->get_pts_conn_updates_disabled())
159 return false;
160
161 tL2C_LCB* p_lcb;
162
163 /* See if we have a link control block for the remote device */
164 p_lcb = l2cu_find_lcb_by_bd_addr(rem_bda, BT_TRANSPORT_LE);
165
166 if (!p_lcb) {
167 LOG(WARNING) << __func__ << " - unknown BD_ADDR " << rem_bda;
168 return false;
169 }
170
171 VLOG(2) << __func__ << " - BD_ADDR " << rem_bda
172 << StringPrintf(" enable %d current upd state 0x%02x", enable,
173 p_lcb->conn_update_mask);
174
175 if (p_lcb->transport != BT_TRANSPORT_LE) {
176 LOG(WARNING) << __func__ << " - BD_ADDR " << rem_bda
177 << " not LE, link role " << p_lcb->link_role;
178 return false;
179 }
180
181 if (enable)
182 p_lcb->conn_update_mask &= ~L2C_BLE_CONN_UPDATE_DISABLE;
183 else
184 p_lcb->conn_update_mask |= L2C_BLE_CONN_UPDATE_DISABLE;
185
186 l2cble_start_conn_update(p_lcb);
187
188 return (true);
189 }
190
191 /*******************************************************************************
192 *
193 * Function L2CA_GetBleConnRole
194 *
195 * Description This function returns the connection role.
196 *
197 * Returns link role.
198 *
199 ******************************************************************************/
L2CA_GetBleConnRole(const RawAddress & bd_addr)200 uint8_t L2CA_GetBleConnRole(const RawAddress& bd_addr) {
201 uint8_t role = HCI_ROLE_UNKNOWN;
202
203 tL2C_LCB* p_lcb;
204
205 p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_LE);
206 if (p_lcb != NULL) role = p_lcb->link_role;
207
208 return role;
209 }
210 /*******************************************************************************
211 *
212 * Function L2CA_GetDisconnectReason
213 *
214 * Description This function returns the disconnect reason code.
215 *
216 * Returns disconnect reason
217 *
218 ******************************************************************************/
L2CA_GetDisconnectReason(const RawAddress & remote_bda,tBT_TRANSPORT transport)219 uint16_t L2CA_GetDisconnectReason(const RawAddress& remote_bda,
220 tBT_TRANSPORT transport) {
221 tL2C_LCB* p_lcb;
222 uint16_t reason = 0;
223
224 p_lcb = l2cu_find_lcb_by_bd_addr(remote_bda, transport);
225 if (p_lcb != NULL) reason = p_lcb->disc_reason;
226
227 L2CAP_TRACE_DEBUG("L2CA_GetDisconnectReason=%d ", reason);
228
229 return reason;
230 }
231
232 /*******************************************************************************
233 *
234 * Function l2cble_notify_le_connection
235 *
236 * Description This function notifiy the l2cap connection to the app layer
237 *
238 * Returns none
239 *
240 ******************************************************************************/
l2cble_notify_le_connection(const RawAddress & bda)241 void l2cble_notify_le_connection(const RawAddress& bda) {
242 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(bda, BT_TRANSPORT_LE);
243 tACL_CONN* p_acl = btm_bda_to_acl(bda, BT_TRANSPORT_LE);
244 tL2C_CCB* p_ccb;
245
246 if (p_lcb != NULL && p_acl != NULL && p_lcb->link_state != LST_CONNECTED) {
247 /* update link status */
248 btm_establish_continue(p_acl);
249 /* update l2cap link status and send callback */
250 p_lcb->link_state = LST_CONNECTED;
251 l2cu_process_fixed_chnl_resp(p_lcb);
252 }
253
254 if (p_lcb != NULL) {
255 /* For all channels, send the event through their FSMs */
256 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb;
257 p_ccb = p_ccb->p_next_ccb) {
258 if (p_ccb->chnl_state == CST_CLOSED)
259 l2c_csm_execute(p_ccb, L2CEVT_LP_CONNECT_CFM, NULL);
260 }
261 }
262 }
263
264 /*******************************************************************************
265 *
266 * Function l2cble_scanner_conn_comp
267 *
268 * Description This function is called when an HCI Connection Complete
269 * event is received while we are a scanner (so we are master).
270 *
271 * Returns void
272 *
273 ******************************************************************************/
l2cble_scanner_conn_comp(uint16_t handle,const RawAddress & bda,tBLE_ADDR_TYPE type,uint16_t conn_interval,uint16_t conn_latency,uint16_t conn_timeout)274 void l2cble_scanner_conn_comp(uint16_t handle, const RawAddress& bda,
275 tBLE_ADDR_TYPE type, uint16_t conn_interval,
276 uint16_t conn_latency, uint16_t conn_timeout) {
277 tL2C_LCB* p_lcb;
278 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_or_alloc_dev(bda);
279
280 L2CAP_TRACE_DEBUG(
281 "l2cble_scanner_conn_comp: HANDLE=%d addr_type=%d conn_interval=%d "
282 "slave_latency=%d supervision_tout=%d",
283 handle, type, conn_interval, conn_latency, conn_timeout);
284
285 l2cb.is_ble_connecting = false;
286
287 /* See if we have a link control block for the remote device */
288 p_lcb = l2cu_find_lcb_by_bd_addr(bda, BT_TRANSPORT_LE);
289
290 /* If we don't have one, create one. this is auto connection complete. */
291 if (!p_lcb) {
292 p_lcb = l2cu_allocate_lcb(bda, false, BT_TRANSPORT_LE);
293 if (!p_lcb) {
294 btm_sec_disconnect(handle, HCI_ERR_NO_CONNECTION);
295 L2CAP_TRACE_ERROR("l2cble_scanner_conn_comp - failed to allocate LCB");
296 btm_ble_set_conn_st(BLE_CONN_IDLE);
297 return;
298 } else {
299 if (!l2cu_initialize_fixed_ccb(
300 p_lcb, L2CAP_ATT_CID,
301 &l2cb.fixed_reg[L2CAP_ATT_CID - L2CAP_FIRST_FIXED_CHNL]
302 .fixed_chnl_opts)) {
303 btm_sec_disconnect(handle, HCI_ERR_NO_CONNECTION);
304 L2CAP_TRACE_WARNING("l2cble_scanner_conn_comp - LCB but no CCB");
305 btm_ble_set_conn_st(BLE_CONN_IDLE);
306 return;
307 }
308 }
309 } else if (p_lcb->link_state != LST_CONNECTING) {
310 L2CAP_TRACE_ERROR("L2CAP got BLE scanner conn_comp in bad state: %d",
311 p_lcb->link_state);
312 btm_ble_set_conn_st(BLE_CONN_IDLE);
313 return;
314 }
315 alarm_cancel(p_lcb->l2c_lcb_timer);
316
317 /* Save the handle */
318 p_lcb->handle = handle;
319
320 /* Connected OK. Change state to connected, we were scanning so we are master
321 */
322 p_lcb->link_role = HCI_ROLE_MASTER;
323 p_lcb->transport = BT_TRANSPORT_LE;
324
325 /* update link parameter, set slave link as non-spec default upon link up */
326 p_lcb->min_interval = p_lcb->max_interval = conn_interval;
327 p_lcb->timeout = conn_timeout;
328 p_lcb->latency = conn_latency;
329 p_lcb->conn_update_mask = L2C_BLE_NOT_DEFAULT_PARAM;
330
331 /* Tell BTM Acl management about the link */
332 btm_acl_created(bda, NULL, p_dev_rec->sec_bd_name, handle, p_lcb->link_role,
333 BT_TRANSPORT_LE);
334
335 p_lcb->peer_chnl_mask[0] = L2CAP_FIXED_CHNL_ATT_BIT |
336 L2CAP_FIXED_CHNL_BLE_SIG_BIT |
337 L2CAP_FIXED_CHNL_SMP_BIT;
338
339 btm_ble_set_conn_st(BLE_CONN_IDLE);
340
341 #if (BLE_PRIVACY_SPT == TRUE)
342 btm_ble_disable_resolving_list(BTM_BLE_RL_INIT, true);
343 #endif
344 }
345
346 /*******************************************************************************
347 *
348 * Function l2cble_advertiser_conn_comp
349 *
350 * Description This function is called when an HCI Connection Complete
351 * event is received while we are an advertiser (so we are
352 * slave).
353 *
354 * Returns void
355 *
356 ******************************************************************************/
l2cble_advertiser_conn_comp(uint16_t handle,const RawAddress & bda,UNUSED_ATTR tBLE_ADDR_TYPE type,UNUSED_ATTR uint16_t conn_interval,UNUSED_ATTR uint16_t conn_latency,UNUSED_ATTR uint16_t conn_timeout)357 void l2cble_advertiser_conn_comp(uint16_t handle, const RawAddress& bda,
358 UNUSED_ATTR tBLE_ADDR_TYPE type,
359 UNUSED_ATTR uint16_t conn_interval,
360 UNUSED_ATTR uint16_t conn_latency,
361 UNUSED_ATTR uint16_t conn_timeout) {
362 tL2C_LCB* p_lcb;
363 tBTM_SEC_DEV_REC* p_dev_rec;
364
365 /* See if we have a link control block for the remote device */
366 p_lcb = l2cu_find_lcb_by_bd_addr(bda, BT_TRANSPORT_LE);
367
368 /* If we don't have one, create one and accept the connection. */
369 if (!p_lcb) {
370 p_lcb = l2cu_allocate_lcb(bda, false, BT_TRANSPORT_LE);
371 if (!p_lcb) {
372 btm_sec_disconnect(handle, HCI_ERR_NO_CONNECTION);
373 L2CAP_TRACE_ERROR("l2cble_advertiser_conn_comp - failed to allocate LCB");
374 return;
375 } else {
376 if (!l2cu_initialize_fixed_ccb(
377 p_lcb, L2CAP_ATT_CID,
378 &l2cb.fixed_reg[L2CAP_ATT_CID - L2CAP_FIRST_FIXED_CHNL]
379 .fixed_chnl_opts)) {
380 btm_sec_disconnect(handle, HCI_ERR_NO_CONNECTION);
381 L2CAP_TRACE_WARNING("l2cble_scanner_conn_comp - LCB but no CCB");
382 return;
383 }
384 }
385 }
386
387 /* Save the handle */
388 p_lcb->handle = handle;
389
390 /* Connected OK. Change state to connected, we were advertising, so we are
391 * slave */
392 p_lcb->link_role = HCI_ROLE_SLAVE;
393 p_lcb->transport = BT_TRANSPORT_LE;
394
395 /* update link parameter, set slave link as non-spec default upon link up */
396 p_lcb->min_interval = p_lcb->max_interval = conn_interval;
397 p_lcb->timeout = conn_timeout;
398 p_lcb->latency = conn_latency;
399 p_lcb->conn_update_mask = L2C_BLE_NOT_DEFAULT_PARAM;
400
401 /* Tell BTM Acl management about the link */
402 p_dev_rec = btm_find_or_alloc_dev(bda);
403
404 btm_acl_created(bda, NULL, p_dev_rec->sec_bd_name, handle, p_lcb->link_role,
405 BT_TRANSPORT_LE);
406
407 #if (BLE_PRIVACY_SPT == TRUE)
408 btm_ble_disable_resolving_list(BTM_BLE_RL_ADV, true);
409 #endif
410
411 p_lcb->peer_chnl_mask[0] = L2CAP_FIXED_CHNL_ATT_BIT |
412 L2CAP_FIXED_CHNL_BLE_SIG_BIT |
413 L2CAP_FIXED_CHNL_SMP_BIT;
414
415 if (!HCI_LE_SLAVE_INIT_FEAT_EXC_SUPPORTED(
416 controller_get_interface()->get_features_ble()->as_array)) {
417 p_lcb->link_state = LST_CONNECTED;
418 l2cu_process_fixed_chnl_resp(p_lcb);
419 }
420
421 /* when adv and initiating are both active, cancel the direct connection */
422 if (l2cb.is_ble_connecting && bda == l2cb.ble_connecting_bda) {
423 L2CA_CancelBleConnectReq(bda);
424 }
425 }
426
427 /*******************************************************************************
428 *
429 * Function l2cble_conn_comp
430 *
431 * Description This function is called when an HCI Connection Complete
432 * event is received.
433 *
434 * Returns void
435 *
436 ******************************************************************************/
l2cble_conn_comp(uint16_t handle,uint8_t role,const RawAddress & bda,tBLE_ADDR_TYPE type,uint16_t conn_interval,uint16_t conn_latency,uint16_t conn_timeout)437 void l2cble_conn_comp(uint16_t handle, uint8_t role, const RawAddress& bda,
438 tBLE_ADDR_TYPE type, uint16_t conn_interval,
439 uint16_t conn_latency, uint16_t conn_timeout) {
440 btm_ble_update_link_topology_mask(role, true);
441
442 if (role == HCI_ROLE_MASTER) {
443 l2cble_scanner_conn_comp(handle, bda, type, conn_interval, conn_latency,
444 conn_timeout);
445 } else {
446 l2cble_advertiser_conn_comp(handle, bda, type, conn_interval, conn_latency,
447 conn_timeout);
448 }
449 }
450
451 /*******************************************************************************
452 *
453 * Function l2cble_start_conn_update
454 *
455 * Description Start the BLE connection parameter update process based on
456 * status.
457 *
458 * Parameters: lcb : l2cap link control block
459 *
460 * Return value: none
461 *
462 ******************************************************************************/
l2cble_start_conn_update(tL2C_LCB * p_lcb)463 static void l2cble_start_conn_update(tL2C_LCB* p_lcb) {
464 uint16_t min_conn_int, max_conn_int, slave_latency, supervision_tout;
465 tACL_CONN* p_acl_cb = btm_bda_to_acl(p_lcb->remote_bd_addr, BT_TRANSPORT_LE);
466 if (!p_acl_cb) {
467 LOG(ERROR) << "No known connection ACL for " << p_lcb->remote_bd_addr;
468 return;
469 }
470
471 // TODO(armansito): The return value of this call wasn't being used but the
472 // logic of this function might be depending on its side effects. We should
473 // verify if this call is needed at all and remove it otherwise.
474 btm_find_or_alloc_dev(p_lcb->remote_bd_addr);
475
476 if (p_lcb->conn_update_mask & L2C_BLE_UPDATE_PENDING) return;
477
478 if (p_lcb->conn_update_mask & L2C_BLE_CONN_UPDATE_DISABLE) {
479 /* application requests to disable parameters update.
480 If parameters are already updated, lets set them
481 up to what has been requested during connection establishement */
482 if (p_lcb->conn_update_mask & L2C_BLE_NOT_DEFAULT_PARAM &&
483 /* current connection interval is greater than default min */
484 p_lcb->min_interval > BTM_BLE_CONN_INT_MIN) {
485 /* use 7.5 ms as fast connection parameter, 0 slave latency */
486 min_conn_int = max_conn_int = BTM_BLE_CONN_INT_MIN;
487
488 L2CA_AdjustConnectionIntervals(&min_conn_int, &max_conn_int,
489 BTM_BLE_CONN_INT_MIN);
490
491 slave_latency = BTM_BLE_CONN_SLAVE_LATENCY_DEF;
492 supervision_tout = BTM_BLE_CONN_TIMEOUT_DEF;
493
494 /* if both side 4.1, or we are master device, send HCI command */
495 if (p_lcb->link_role == HCI_ROLE_MASTER
496 #if (BLE_LLT_INCLUDED == TRUE)
497 || (HCI_LE_CONN_PARAM_REQ_SUPPORTED(
498 controller_get_interface()->get_features_ble()->as_array) &&
499 HCI_LE_CONN_PARAM_REQ_SUPPORTED(p_acl_cb->peer_le_features))
500 #endif
501 ) {
502 btsnd_hcic_ble_upd_ll_conn_params(p_lcb->handle, min_conn_int,
503 max_conn_int, slave_latency,
504 supervision_tout, 0, 0);
505 p_lcb->conn_update_mask |= L2C_BLE_UPDATE_PENDING;
506 } else {
507 l2cu_send_peer_ble_par_req(p_lcb, min_conn_int, max_conn_int,
508 slave_latency, supervision_tout);
509 }
510 p_lcb->conn_update_mask &= ~L2C_BLE_NOT_DEFAULT_PARAM;
511 p_lcb->conn_update_mask |= L2C_BLE_NEW_CONN_PARAM;
512 }
513 } else {
514 /* application allows to do update, if we were delaying one do it now */
515 if (p_lcb->conn_update_mask & L2C_BLE_NEW_CONN_PARAM) {
516 /* if both side 4.1, or we are master device, send HCI command */
517 if (p_lcb->link_role == HCI_ROLE_MASTER
518 #if (BLE_LLT_INCLUDED == TRUE)
519 || (HCI_LE_CONN_PARAM_REQ_SUPPORTED(
520 controller_get_interface()->get_features_ble()->as_array) &&
521 HCI_LE_CONN_PARAM_REQ_SUPPORTED(p_acl_cb->peer_le_features))
522 #endif
523 ) {
524 btsnd_hcic_ble_upd_ll_conn_params(p_lcb->handle, p_lcb->min_interval,
525 p_lcb->max_interval, p_lcb->latency,
526 p_lcb->timeout, p_lcb->min_ce_len,
527 p_lcb->max_ce_len);
528 p_lcb->conn_update_mask |= L2C_BLE_UPDATE_PENDING;
529 } else {
530 l2cu_send_peer_ble_par_req(p_lcb, p_lcb->min_interval,
531 p_lcb->max_interval, p_lcb->latency,
532 p_lcb->timeout);
533 }
534 p_lcb->conn_update_mask &= ~L2C_BLE_NEW_CONN_PARAM;
535 p_lcb->conn_update_mask |= L2C_BLE_NOT_DEFAULT_PARAM;
536 }
537 }
538 }
539
540 /*******************************************************************************
541 *
542 * Function l2cble_process_conn_update_evt
543 *
544 * Description This function enables the connection update request from
545 * remote after a successful connection update response is
546 * received.
547 *
548 * Returns void
549 *
550 ******************************************************************************/
l2cble_process_conn_update_evt(uint16_t handle,uint8_t status,uint16_t interval,uint16_t latency,uint16_t timeout)551 void l2cble_process_conn_update_evt(uint16_t handle, uint8_t status,
552 uint16_t interval, uint16_t latency,
553 uint16_t timeout) {
554 L2CAP_TRACE_DEBUG("%s", __func__);
555
556 /* See if we have a link control block for the remote device */
557 tL2C_LCB* p_lcb = l2cu_find_lcb_by_handle(handle);
558 if (!p_lcb) {
559 L2CAP_TRACE_WARNING("%s: Invalid handle: %d", __func__, handle);
560 return;
561 }
562
563 p_lcb->conn_update_mask &= ~L2C_BLE_UPDATE_PENDING;
564
565 if (status != HCI_SUCCESS) {
566 L2CAP_TRACE_WARNING("%s: Error status: %d", __func__, status);
567 }
568
569 l2cble_start_conn_update(p_lcb);
570
571 L2CAP_TRACE_DEBUG("%s: conn_update_mask=%d", __func__,
572 p_lcb->conn_update_mask);
573 }
574
575 /*******************************************************************************
576 *
577 * Function l2cble_process_sig_cmd
578 *
579 * Description This function is called when a signalling packet is received
580 * on the BLE signalling CID
581 *
582 * Returns void
583 *
584 ******************************************************************************/
l2cble_process_sig_cmd(tL2C_LCB * p_lcb,uint8_t * p,uint16_t pkt_len)585 void l2cble_process_sig_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) {
586 uint8_t* p_pkt_end;
587 uint8_t cmd_code, id;
588 uint16_t cmd_len;
589 uint16_t min_interval, max_interval, latency, timeout;
590 tL2C_CONN_INFO con_info;
591 uint16_t lcid = 0, rcid = 0, mtu = 0, mps = 0, initial_credit = 0;
592 tL2C_CCB *p_ccb = NULL, *temp_p_ccb = NULL;
593 tL2C_RCB* p_rcb;
594 uint16_t credit;
595 p_pkt_end = p + pkt_len;
596
597 if (p + 4 > p_pkt_end) {
598 android_errorWriteLog(0x534e4554, "80261585");
599 LOG(ERROR) << "invalid read";
600 return;
601 }
602
603 STREAM_TO_UINT8(cmd_code, p);
604 STREAM_TO_UINT8(id, p);
605 STREAM_TO_UINT16(cmd_len, p);
606
607 /* Check command length does not exceed packet length */
608 if ((p + cmd_len) > p_pkt_end) {
609 L2CAP_TRACE_WARNING(
610 "L2CAP - LE - format error, pkt_len: %d cmd_len: %d code: %d",
611 pkt_len, cmd_len, cmd_code);
612 return;
613 }
614
615 switch (cmd_code) {
616 case L2CAP_CMD_REJECT:
617 p += 2;
618 break;
619
620 case L2CAP_CMD_ECHO_REQ:
621 case L2CAP_CMD_ECHO_RSP:
622 case L2CAP_CMD_INFO_RSP:
623 case L2CAP_CMD_INFO_REQ:
624 l2cu_send_peer_cmd_reject(p_lcb, L2CAP_CMD_REJ_NOT_UNDERSTOOD, id, 0, 0);
625 break;
626
627 case L2CAP_CMD_BLE_UPDATE_REQ:
628 if (p + 8 > p_pkt_end) {
629 android_errorWriteLog(0x534e4554, "80261585");
630 LOG(ERROR) << "invalid read";
631 return;
632 }
633
634 STREAM_TO_UINT16(min_interval, p); /* 0x0006 - 0x0C80 */
635 STREAM_TO_UINT16(max_interval, p); /* 0x0006 - 0x0C80 */
636 STREAM_TO_UINT16(latency, p); /* 0x0000 - 0x03E8 */
637 STREAM_TO_UINT16(timeout, p); /* 0x000A - 0x0C80 */
638 /* If we are a master, the slave wants to update the parameters */
639 if (p_lcb->link_role == HCI_ROLE_MASTER) {
640 L2CA_AdjustConnectionIntervals(&min_interval, &max_interval,
641 BTM_BLE_CONN_INT_MIN_LIMIT);
642
643 if (min_interval < BTM_BLE_CONN_INT_MIN ||
644 min_interval > BTM_BLE_CONN_INT_MAX ||
645 max_interval < BTM_BLE_CONN_INT_MIN ||
646 max_interval > BTM_BLE_CONN_INT_MAX ||
647 latency > BTM_BLE_CONN_LATENCY_MAX ||
648 /*(timeout >= max_interval && latency > (timeout * 10/(max_interval
649 * 1.25) - 1)) ||*/
650 timeout < BTM_BLE_CONN_SUP_TOUT_MIN ||
651 timeout > BTM_BLE_CONN_SUP_TOUT_MAX ||
652 max_interval < min_interval) {
653 l2cu_send_peer_ble_par_rsp(p_lcb, L2CAP_CFG_UNACCEPTABLE_PARAMS, id);
654 } else {
655 l2cu_send_peer_ble_par_rsp(p_lcb, L2CAP_CFG_OK, id);
656
657 p_lcb->min_interval = min_interval;
658 p_lcb->max_interval = max_interval;
659 p_lcb->latency = latency;
660 p_lcb->timeout = timeout;
661 p_lcb->conn_update_mask |= L2C_BLE_NEW_CONN_PARAM;
662
663 l2cble_start_conn_update(p_lcb);
664 }
665 } else
666 l2cu_send_peer_cmd_reject(p_lcb, L2CAP_CMD_REJ_NOT_UNDERSTOOD, id, 0,
667 0);
668 break;
669
670 case L2CAP_CMD_BLE_UPDATE_RSP:
671 p += 2;
672 break;
673
674 case L2CAP_CMD_BLE_CREDIT_BASED_CONN_REQ:
675 if (p + 10 > p_pkt_end) {
676 android_errorWriteLog(0x534e4554, "80261585");
677 LOG(ERROR) << "invalid read";
678 return;
679 }
680
681 STREAM_TO_UINT16(con_info.psm, p);
682 STREAM_TO_UINT16(rcid, p);
683 STREAM_TO_UINT16(mtu, p);
684 STREAM_TO_UINT16(mps, p);
685 STREAM_TO_UINT16(initial_credit, p);
686
687 L2CAP_TRACE_DEBUG(
688 "Recv L2CAP_CMD_BLE_CREDIT_BASED_CONN_REQ with "
689 "mtu = %d, "
690 "mps = %d, "
691 "initial credit = %d",
692 mtu, mps, initial_credit);
693
694 p_ccb = l2cu_find_ccb_by_remote_cid(p_lcb, rcid);
695 if (p_ccb) {
696 L2CAP_TRACE_WARNING("L2CAP - rcvd conn req for duplicated cid: 0x%04x",
697 rcid);
698 l2cu_reject_ble_connection(p_lcb, id,
699 L2CAP_LE_SOURCE_CID_ALREADY_ALLOCATED);
700 break;
701 }
702
703 p_rcb = l2cu_find_ble_rcb_by_psm(con_info.psm);
704 if (p_rcb == NULL) {
705 L2CAP_TRACE_WARNING("L2CAP - rcvd conn req for unknown PSM: 0x%04x",
706 con_info.psm);
707 l2cu_reject_ble_connection(p_lcb, id, L2CAP_LE_NO_PSM);
708 break;
709 } else {
710 if (!p_rcb->api.pL2CA_ConnectInd_Cb) {
711 L2CAP_TRACE_WARNING(
712 "L2CAP - rcvd conn req for outgoing-only connection PSM: %d",
713 con_info.psm);
714 l2cu_reject_ble_connection(p_lcb, id, L2CAP_CONN_NO_PSM);
715 break;
716 }
717 }
718
719 /* Allocate a ccb for this.*/
720 p_ccb = l2cu_allocate_ccb(p_lcb, 0);
721 if (p_ccb == NULL) {
722 L2CAP_TRACE_ERROR("L2CAP - unable to allocate CCB");
723 l2cu_reject_ble_connection(p_lcb, id, L2CAP_CONN_NO_RESOURCES);
724 break;
725 }
726
727 /* validate the parameters */
728 if (mtu < L2CAP_LE_MIN_MTU || mps < L2CAP_LE_MIN_MPS ||
729 mps > L2CAP_LE_MAX_MPS) {
730 L2CAP_TRACE_ERROR("L2CAP don't like the params");
731 l2cu_reject_ble_connection(p_lcb, id, L2CAP_CONN_NO_RESOURCES);
732 break;
733 }
734
735 p_ccb->remote_id = id;
736 p_ccb->p_rcb = p_rcb;
737 p_ccb->remote_cid = rcid;
738
739 p_ccb->peer_conn_cfg.mtu = mtu;
740 p_ccb->peer_conn_cfg.mps = mps;
741 p_ccb->peer_conn_cfg.credits = initial_credit;
742
743 p_ccb->tx_mps = mps;
744 p_ccb->ble_sdu = NULL;
745 p_ccb->ble_sdu_length = 0;
746 p_ccb->is_first_seg = true;
747 p_ccb->peer_cfg.fcr.mode = L2CAP_FCR_LE_COC_MODE;
748
749 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_REQ, &con_info);
750 break;
751
752 case L2CAP_CMD_BLE_CREDIT_BASED_CONN_RES:
753 L2CAP_TRACE_DEBUG("Recv L2CAP_CMD_BLE_CREDIT_BASED_CONN_RES");
754 /* For all channels, see whose identifier matches this id */
755 for (temp_p_ccb = p_lcb->ccb_queue.p_first_ccb; temp_p_ccb;
756 temp_p_ccb = temp_p_ccb->p_next_ccb) {
757 if (temp_p_ccb->local_id == id) {
758 p_ccb = temp_p_ccb;
759 break;
760 }
761 }
762 if (p_ccb) {
763 L2CAP_TRACE_DEBUG("I remember the connection req");
764 if (p + 10 > p_pkt_end) {
765 android_errorWriteLog(0x534e4554, "80261585");
766 LOG(ERROR) << "invalid read";
767 return;
768 }
769
770 STREAM_TO_UINT16(p_ccb->remote_cid, p);
771 STREAM_TO_UINT16(p_ccb->peer_conn_cfg.mtu, p);
772 STREAM_TO_UINT16(p_ccb->peer_conn_cfg.mps, p);
773 STREAM_TO_UINT16(p_ccb->peer_conn_cfg.credits, p);
774 STREAM_TO_UINT16(con_info.l2cap_result, p);
775 con_info.remote_cid = p_ccb->remote_cid;
776
777 L2CAP_TRACE_DEBUG(
778 "remote_cid = %d, "
779 "mtu = %d, "
780 "mps = %d, "
781 "initial_credit = %d, "
782 "con_info.l2cap_result = %d",
783 p_ccb->remote_cid, p_ccb->peer_conn_cfg.mtu,
784 p_ccb->peer_conn_cfg.mps, p_ccb->peer_conn_cfg.credits,
785 con_info.l2cap_result);
786
787 /* validate the parameters */
788 if (p_ccb->peer_conn_cfg.mtu < L2CAP_LE_MIN_MTU ||
789 p_ccb->peer_conn_cfg.mps < L2CAP_LE_MIN_MPS ||
790 p_ccb->peer_conn_cfg.mps > L2CAP_LE_MAX_MPS) {
791 L2CAP_TRACE_ERROR("L2CAP don't like the params");
792 con_info.l2cap_result = L2CAP_LE_NO_RESOURCES;
793 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP_NEG, &con_info);
794 break;
795 }
796
797 p_ccb->tx_mps = p_ccb->peer_conn_cfg.mps;
798 p_ccb->ble_sdu = NULL;
799 p_ccb->ble_sdu_length = 0;
800 p_ccb->is_first_seg = true;
801 p_ccb->peer_cfg.fcr.mode = L2CAP_FCR_LE_COC_MODE;
802
803 if (con_info.l2cap_result == L2CAP_LE_CONN_OK)
804 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP, &con_info);
805 else
806 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP_NEG, &con_info);
807 } else {
808 L2CAP_TRACE_DEBUG("I DO NOT remember the connection req");
809 con_info.l2cap_result = L2CAP_LE_INVALID_SOURCE_CID;
810 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP_NEG, &con_info);
811 }
812 break;
813
814 case L2CAP_CMD_BLE_FLOW_CTRL_CREDIT:
815 if (p + 4 > p_pkt_end) {
816 android_errorWriteLog(0x534e4554, "80261585");
817 LOG(ERROR) << "invalid read";
818 return;
819 }
820
821 STREAM_TO_UINT16(lcid, p);
822 p_ccb = l2cu_find_ccb_by_remote_cid(p_lcb, lcid);
823 if (p_ccb == NULL) {
824 L2CAP_TRACE_DEBUG("%s Credit received for unknown channel id %d",
825 __func__, lcid);
826 break;
827 }
828
829 STREAM_TO_UINT16(credit, p);
830 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_RECV_FLOW_CONTROL_CREDIT, &credit);
831 L2CAP_TRACE_DEBUG("%s Credit received", __func__);
832 break;
833
834 case L2CAP_CMD_DISC_REQ:
835 if (p + 4 > p_pkt_end) {
836 android_errorWriteLog(0x534e4554, "74121659");
837 return;
838 }
839 STREAM_TO_UINT16(lcid, p);
840 STREAM_TO_UINT16(rcid, p);
841
842 p_ccb = l2cu_find_ccb_by_cid(p_lcb, lcid);
843 if (p_ccb != NULL) {
844 if (p_ccb->remote_cid == rcid) {
845 p_ccb->remote_id = id;
846 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_DISCONNECT_REQ, NULL);
847 }
848 } else
849 l2cu_send_peer_disc_rsp(p_lcb, id, lcid, rcid);
850
851 break;
852
853 case L2CAP_CMD_DISC_RSP:
854 if (p + 4 > p_pkt_end) {
855 android_errorWriteLog(0x534e4554, "80261585");
856 LOG(ERROR) << "invalid read";
857 return;
858 }
859 STREAM_TO_UINT16(rcid, p);
860 STREAM_TO_UINT16(lcid, p);
861
862 p_ccb = l2cu_find_ccb_by_cid(p_lcb, lcid);
863 if (p_ccb != NULL) {
864 if ((p_ccb->remote_cid == rcid) && (p_ccb->local_id == id))
865 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_DISCONNECT_RSP, NULL);
866 }
867 break;
868
869 default:
870 L2CAP_TRACE_WARNING("L2CAP - LE - unknown cmd code: %d", cmd_code);
871 l2cu_send_peer_cmd_reject(p_lcb, L2CAP_CMD_REJ_NOT_UNDERSTOOD, id, 0, 0);
872 break;
873 }
874 }
875
876 /*******************************************************************************
877 *
878 * Function l2cble_init_direct_conn
879 *
880 * Description This function is to initate a direct connection
881 *
882 * Returns true connection initiated, false otherwise.
883 *
884 ******************************************************************************/
l2cble_init_direct_conn(tL2C_LCB * p_lcb)885 bool l2cble_init_direct_conn(tL2C_LCB* p_lcb) {
886 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_or_alloc_dev(p_lcb->remote_bd_addr);
887 tBTM_BLE_CB* p_cb = &btm_cb.ble_ctr_cb;
888 uint16_t scan_int;
889 uint16_t scan_win;
890 RawAddress peer_addr;
891 uint8_t peer_addr_type = BLE_ADDR_PUBLIC;
892 uint8_t own_addr_type = BLE_ADDR_PUBLIC;
893
894 /* There can be only one BLE connection request outstanding at a time */
895 if (p_dev_rec == NULL) {
896 L2CAP_TRACE_WARNING("unknown device, can not initate connection");
897 return (false);
898 }
899
900 scan_int = (p_cb->scan_int == BTM_BLE_SCAN_PARAM_UNDEF)
901 ? BTM_BLE_SCAN_FAST_INT
902 : p_cb->scan_int;
903 scan_win = (p_cb->scan_win == BTM_BLE_SCAN_PARAM_UNDEF)
904 ? BTM_BLE_SCAN_FAST_WIN
905 : p_cb->scan_win;
906
907 peer_addr_type = p_lcb->ble_addr_type;
908 peer_addr = p_lcb->remote_bd_addr;
909
910 #if (BLE_PRIVACY_SPT == TRUE)
911 own_addr_type =
912 btm_cb.ble_ctr_cb.privacy_mode ? BLE_ADDR_RANDOM : BLE_ADDR_PUBLIC;
913 if (p_dev_rec->ble.in_controller_list & BTM_RESOLVING_LIST_BIT) {
914 if (btm_cb.ble_ctr_cb.privacy_mode >= BTM_PRIVACY_1_2)
915 own_addr_type |= BLE_ADDR_TYPE_ID_BIT;
916
917 btm_ble_enable_resolving_list(BTM_BLE_RL_INIT);
918 btm_random_pseudo_to_identity_addr(&peer_addr, &peer_addr_type);
919 } else {
920 btm_ble_disable_resolving_list(BTM_BLE_RL_INIT, true);
921
922 // If we have a current RPA, use that instead.
923 if (!p_dev_rec->ble.cur_rand_addr.IsEmpty()) {
924 peer_addr = p_dev_rec->ble.cur_rand_addr;
925 }
926 }
927 #endif
928
929 if (!btm_ble_topology_check(BTM_BLE_STATE_INIT)) {
930 l2cu_release_lcb(p_lcb);
931 L2CAP_TRACE_ERROR("initate direct connection fail, topology limitation");
932 return false;
933 }
934
935 btm_send_hci_create_connection(
936 scan_int, /* uint16_t scan_int */
937 scan_win, /* uint16_t scan_win */
938 false, /* uint8_t white_list */
939 peer_addr_type, /* uint8_t addr_type_peer */
940 peer_addr, /* BD_ADDR bda_peer */
941 own_addr_type, /* uint8_t addr_type_own */
942 (uint16_t)(
943 (p_dev_rec->conn_params.min_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
944 ? p_dev_rec->conn_params.min_conn_int
945 : BTM_BLE_CONN_INT_MIN_DEF), /* uint16_t conn_int_min */
946 (uint16_t)(
947 (p_dev_rec->conn_params.max_conn_int != BTM_BLE_CONN_PARAM_UNDEF)
948 ? p_dev_rec->conn_params.max_conn_int
949 : BTM_BLE_CONN_INT_MAX_DEF), /* uint16_t conn_int_max */
950 (uint16_t)(
951 (p_dev_rec->conn_params.slave_latency != BTM_BLE_CONN_PARAM_UNDEF)
952 ? p_dev_rec->conn_params.slave_latency
953 : BTM_BLE_CONN_SLAVE_LATENCY_DEF), /* uint16_t conn_latency */
954 (uint16_t)(
955 (p_dev_rec->conn_params.supervision_tout != BTM_BLE_CONN_PARAM_UNDEF)
956 ? p_dev_rec->conn_params.supervision_tout
957 : BTM_BLE_CONN_TIMEOUT_DEF), /* conn_timeout */
958 0, /* uint16_t min_len */
959 0, /* uint16_t max_len */
960 p_lcb->initiating_phys);
961
962 p_lcb->link_state = LST_CONNECTING;
963 l2cb.is_ble_connecting = true;
964 l2cb.ble_connecting_bda = p_lcb->remote_bd_addr;
965 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, L2CAP_BLE_LINK_CONNECT_TIMEOUT_MS,
966 l2c_lcb_timer_timeout, p_lcb);
967 btm_ble_set_conn_st(BLE_DIR_CONN);
968
969 return (true);
970 }
971
972 /*******************************************************************************
973 *
974 * Function l2cble_create_conn
975 *
976 * Description This function initiates an acl connection via HCI
977 *
978 * Returns true if successful, false if connection not started.
979 *
980 ******************************************************************************/
l2cble_create_conn(tL2C_LCB * p_lcb)981 bool l2cble_create_conn(tL2C_LCB* p_lcb) {
982 tBTM_BLE_CONN_ST conn_st = btm_ble_get_conn_st();
983 bool rt = false;
984
985 /* There can be only one BLE connection request outstanding at a time */
986 if (conn_st == BLE_CONN_IDLE) {
987 rt = l2cble_init_direct_conn(p_lcb);
988 } else {
989 L2CAP_TRACE_WARNING(
990 "L2CAP - LE - cannot start new connection at conn st: %d", conn_st);
991
992 btm_ble_enqueue_direct_conn_req(p_lcb);
993
994 if (conn_st == BLE_BG_CONN) btm_ble_suspend_bg_conn();
995
996 rt = true;
997 }
998 return rt;
999 }
1000
1001 /*******************************************************************************
1002 *
1003 * Function l2c_link_processs_ble_num_bufs
1004 *
1005 * Description This function is called when a "controller buffer size"
1006 * event is first received from the controller. It updates
1007 * the L2CAP values.
1008 *
1009 * Returns void
1010 *
1011 ******************************************************************************/
l2c_link_processs_ble_num_bufs(uint16_t num_lm_ble_bufs)1012 void l2c_link_processs_ble_num_bufs(uint16_t num_lm_ble_bufs) {
1013 if (num_lm_ble_bufs == 0) {
1014 num_lm_ble_bufs = L2C_DEF_NUM_BLE_BUF_SHARED;
1015 l2cb.num_lm_acl_bufs -= L2C_DEF_NUM_BLE_BUF_SHARED;
1016 }
1017
1018 l2cb.num_lm_ble_bufs = l2cb.controller_le_xmit_window = num_lm_ble_bufs;
1019 }
1020
1021 /*******************************************************************************
1022 *
1023 * Function l2c_ble_link_adjust_allocation
1024 *
1025 * Description This function is called when a link is created or removed
1026 * to calculate the amount of packets each link may send to
1027 * the HCI without an ack coming back.
1028 *
1029 * Currently, this is a simple allocation, dividing the
1030 * number of Controller Packets by the number of links. In
1031 * the future, QOS configuration should be examined.
1032 *
1033 * Returns void
1034 *
1035 ******************************************************************************/
l2c_ble_link_adjust_allocation(void)1036 void l2c_ble_link_adjust_allocation(void) {
1037 uint16_t qq, yy, qq_remainder;
1038 tL2C_LCB* p_lcb;
1039 uint16_t hi_quota, low_quota;
1040 uint16_t num_lowpri_links = 0;
1041 uint16_t num_hipri_links = 0;
1042 uint16_t controller_xmit_quota = l2cb.num_lm_ble_bufs;
1043 uint16_t high_pri_link_quota = L2CAP_HIGH_PRI_MIN_XMIT_QUOTA_A;
1044
1045 /* If no links active, reset buffer quotas and controller buffers */
1046 if (l2cb.num_ble_links_active == 0) {
1047 l2cb.controller_le_xmit_window = l2cb.num_lm_ble_bufs;
1048 l2cb.ble_round_robin_quota = l2cb.ble_round_robin_unacked = 0;
1049 return;
1050 }
1051
1052 /* First, count the links */
1053 for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++) {
1054 if (p_lcb->in_use && p_lcb->transport == BT_TRANSPORT_LE) {
1055 if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)
1056 num_hipri_links++;
1057 else
1058 num_lowpri_links++;
1059 }
1060 }
1061
1062 /* now adjust high priority link quota */
1063 low_quota = num_lowpri_links ? 1 : 0;
1064 while ((num_hipri_links * high_pri_link_quota + low_quota) >
1065 controller_xmit_quota)
1066 high_pri_link_quota--;
1067
1068 /* Work out the xmit quota and buffer quota high and low priorities */
1069 hi_quota = num_hipri_links * high_pri_link_quota;
1070 low_quota =
1071 (hi_quota < controller_xmit_quota) ? controller_xmit_quota - hi_quota : 1;
1072
1073 /* Work out and save the HCI xmit quota for each low priority link */
1074
1075 /* If each low priority link cannot have at least one buffer */
1076 if (num_lowpri_links > low_quota) {
1077 l2cb.ble_round_robin_quota = low_quota;
1078 qq = qq_remainder = 0;
1079 }
1080 /* If each low priority link can have at least one buffer */
1081 else if (num_lowpri_links > 0) {
1082 l2cb.ble_round_robin_quota = 0;
1083 l2cb.ble_round_robin_unacked = 0;
1084 qq = low_quota / num_lowpri_links;
1085 qq_remainder = low_quota % num_lowpri_links;
1086 }
1087 /* If no low priority link */
1088 else {
1089 l2cb.ble_round_robin_quota = 0;
1090 l2cb.ble_round_robin_unacked = 0;
1091 qq = qq_remainder = 0;
1092 }
1093 L2CAP_TRACE_EVENT(
1094 "l2c_ble_link_adjust_allocation num_hipri: %u num_lowpri: %u "
1095 "low_quota: %u round_robin_quota: %u qq: %u",
1096 num_hipri_links, num_lowpri_links, low_quota, l2cb.ble_round_robin_quota,
1097 qq);
1098
1099 /* Now, assign the quotas to each link */
1100 for (yy = 0, p_lcb = &l2cb.lcb_pool[0]; yy < MAX_L2CAP_LINKS; yy++, p_lcb++) {
1101 if (p_lcb->in_use && p_lcb->transport == BT_TRANSPORT_LE) {
1102 if (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH) {
1103 p_lcb->link_xmit_quota = high_pri_link_quota;
1104 } else {
1105 /* Safety check in case we switched to round-robin with something
1106 * outstanding */
1107 /* if sent_not_acked is added into round_robin_unacked then don't add it
1108 * again */
1109 /* l2cap keeps updating sent_not_acked for exiting from round robin */
1110 if ((p_lcb->link_xmit_quota > 0) && (qq == 0))
1111 l2cb.ble_round_robin_unacked += p_lcb->sent_not_acked;
1112
1113 p_lcb->link_xmit_quota = qq;
1114 if (qq_remainder > 0) {
1115 p_lcb->link_xmit_quota++;
1116 qq_remainder--;
1117 }
1118 }
1119
1120 L2CAP_TRACE_EVENT(
1121 "l2c_ble_link_adjust_allocation LCB %d Priority: %d XmitQuota: %d",
1122 yy, p_lcb->acl_priority, p_lcb->link_xmit_quota);
1123
1124 L2CAP_TRACE_EVENT(" SentNotAcked: %d RRUnacked: %d",
1125 p_lcb->sent_not_acked, l2cb.round_robin_unacked);
1126
1127 /* There is a special case where we have readjusted the link quotas and */
1128 /* this link may have sent anything but some other link sent packets so */
1129 /* so we may need a timer to kick off this link's transmissions. */
1130 if ((p_lcb->link_state == LST_CONNECTED) &&
1131 (!list_is_empty(p_lcb->link_xmit_data_q)) &&
1132 (p_lcb->sent_not_acked < p_lcb->link_xmit_quota)) {
1133 alarm_set_on_mloop(p_lcb->l2c_lcb_timer,
1134 L2CAP_LINK_FLOW_CONTROL_TIMEOUT_MS,
1135 l2c_lcb_timer_timeout, p_lcb);
1136 }
1137 }
1138 }
1139 }
1140
1141 #if (BLE_LLT_INCLUDED == TRUE)
1142 /*******************************************************************************
1143 *
1144 * Function l2cble_process_rc_param_request_evt
1145 *
1146 * Description process LE Remote Connection Parameter Request Event.
1147 *
1148 * Returns void
1149 *
1150 ******************************************************************************/
l2cble_process_rc_param_request_evt(uint16_t handle,uint16_t int_min,uint16_t int_max,uint16_t latency,uint16_t timeout)1151 void l2cble_process_rc_param_request_evt(uint16_t handle, uint16_t int_min,
1152 uint16_t int_max, uint16_t latency,
1153 uint16_t timeout) {
1154 tL2C_LCB* p_lcb = l2cu_find_lcb_by_handle(handle);
1155
1156 if (p_lcb != NULL) {
1157 p_lcb->min_interval = int_min;
1158 p_lcb->max_interval = int_max;
1159 p_lcb->latency = latency;
1160 p_lcb->timeout = timeout;
1161
1162 /* if update is enabled, always accept connection parameter update */
1163 if ((p_lcb->conn_update_mask & L2C_BLE_CONN_UPDATE_DISABLE) == 0) {
1164 btsnd_hcic_ble_rc_param_req_reply(handle, int_min, int_max, latency,
1165 timeout, 0, 0);
1166 } else {
1167 L2CAP_TRACE_EVENT("L2CAP - LE - update currently disabled");
1168 p_lcb->conn_update_mask |= L2C_BLE_NEW_CONN_PARAM;
1169 btsnd_hcic_ble_rc_param_req_neg_reply(handle,
1170 HCI_ERR_UNACCEPT_CONN_INTERVAL);
1171 }
1172
1173 } else {
1174 L2CAP_TRACE_WARNING("No link to update connection parameter")
1175 }
1176 }
1177 #endif
1178
1179 /*******************************************************************************
1180 *
1181 * Function l2cble_update_data_length
1182 *
1183 * Description This function update link tx data length if applicable
1184 *
1185 * Returns void
1186 *
1187 ******************************************************************************/
l2cble_update_data_length(tL2C_LCB * p_lcb)1188 void l2cble_update_data_length(tL2C_LCB* p_lcb) {
1189 uint16_t tx_mtu = 0;
1190 uint16_t i = 0;
1191
1192 L2CAP_TRACE_DEBUG("%s", __func__);
1193
1194 /* See if we have a link control block for the connection */
1195 if (p_lcb == NULL) return;
1196
1197 for (i = 0; i < L2CAP_NUM_FIXED_CHNLS; i++) {
1198 if (i + L2CAP_FIRST_FIXED_CHNL != L2CAP_BLE_SIGNALLING_CID) {
1199 if ((p_lcb->p_fixed_ccbs[i] != NULL) &&
1200 (tx_mtu < (p_lcb->p_fixed_ccbs[i]->tx_data_len + L2CAP_PKT_OVERHEAD)))
1201 tx_mtu = p_lcb->p_fixed_ccbs[i]->tx_data_len + L2CAP_PKT_OVERHEAD;
1202 }
1203 }
1204
1205 if (tx_mtu > BTM_BLE_DATA_SIZE_MAX) tx_mtu = BTM_BLE_DATA_SIZE_MAX;
1206
1207 /* update TX data length if changed */
1208 if (p_lcb->tx_data_len != tx_mtu)
1209 BTM_SetBleDataLength(p_lcb->remote_bd_addr, tx_mtu);
1210 }
1211
1212 /*******************************************************************************
1213 *
1214 * Function l2cble_process_data_length_change_evt
1215 *
1216 * Description This function process the data length change event
1217 *
1218 * Returns void
1219 *
1220 ******************************************************************************/
l2cble_process_data_length_change_event(uint16_t handle,uint16_t tx_data_len,uint16_t rx_data_len)1221 void l2cble_process_data_length_change_event(uint16_t handle,
1222 uint16_t tx_data_len,
1223 uint16_t rx_data_len) {
1224 tL2C_LCB* p_lcb = l2cu_find_lcb_by_handle(handle);
1225
1226 L2CAP_TRACE_DEBUG("%s TX data len = %d", __func__, tx_data_len);
1227 if (p_lcb == NULL) return;
1228
1229 if (tx_data_len > 0) p_lcb->tx_data_len = tx_data_len;
1230
1231 /* ignore rx_data len for now */
1232 }
1233
1234 /*******************************************************************************
1235 *
1236 * Function l2cble_set_fixed_channel_tx_data_length
1237 *
1238 * Description This function update max fixed channel tx data length if
1239 * applicable
1240 *
1241 * Returns void
1242 *
1243 ******************************************************************************/
l2cble_set_fixed_channel_tx_data_length(const RawAddress & remote_bda,uint16_t fix_cid,uint16_t tx_mtu)1244 void l2cble_set_fixed_channel_tx_data_length(const RawAddress& remote_bda,
1245 uint16_t fix_cid,
1246 uint16_t tx_mtu) {
1247 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(remote_bda, BT_TRANSPORT_LE);
1248 uint16_t cid = fix_cid - L2CAP_FIRST_FIXED_CHNL;
1249
1250 L2CAP_TRACE_DEBUG("%s TX MTU = %d", __func__, tx_mtu);
1251
1252 if (!controller_get_interface()->supports_ble_packet_extension()) {
1253 L2CAP_TRACE_WARNING("%s, request not supported", __func__);
1254 return;
1255 }
1256
1257 /* See if we have a link control block for the connection */
1258 if (p_lcb == NULL) return;
1259
1260 if (p_lcb->p_fixed_ccbs[cid] != NULL) {
1261 if (tx_mtu > BTM_BLE_DATA_SIZE_MAX) tx_mtu = BTM_BLE_DATA_SIZE_MAX;
1262
1263 p_lcb->p_fixed_ccbs[cid]->tx_data_len = tx_mtu;
1264 }
1265
1266 l2cble_update_data_length(p_lcb);
1267 }
1268
1269 /*******************************************************************************
1270 *
1271 * Function l2cble_credit_based_conn_req
1272 *
1273 * Description This function sends LE Credit Based Connection Request for
1274 * LE connection oriented channels.
1275 *
1276 * Returns void
1277 *
1278 ******************************************************************************/
l2cble_credit_based_conn_req(tL2C_CCB * p_ccb)1279 void l2cble_credit_based_conn_req(tL2C_CCB* p_ccb) {
1280 if (!p_ccb) return;
1281
1282 if (p_ccb->p_lcb && p_ccb->p_lcb->transport != BT_TRANSPORT_LE) {
1283 L2CAP_TRACE_WARNING("LE link doesn't exist");
1284 return;
1285 }
1286
1287 l2cu_send_peer_ble_credit_based_conn_req(p_ccb);
1288 return;
1289 }
1290
1291 /*******************************************************************************
1292 *
1293 * Function l2cble_credit_based_conn_res
1294 *
1295 * Description This function sends LE Credit Based Connection Response for
1296 * LE connection oriented channels.
1297 *
1298 * Returns void
1299 *
1300 ******************************************************************************/
l2cble_credit_based_conn_res(tL2C_CCB * p_ccb,uint16_t result)1301 void l2cble_credit_based_conn_res(tL2C_CCB* p_ccb, uint16_t result) {
1302 if (!p_ccb) return;
1303
1304 if (p_ccb->p_lcb && p_ccb->p_lcb->transport != BT_TRANSPORT_LE) {
1305 L2CAP_TRACE_WARNING("LE link doesn't exist");
1306 return;
1307 }
1308
1309 l2cu_send_peer_ble_credit_based_conn_res(p_ccb, result);
1310 return;
1311 }
1312
1313 /*******************************************************************************
1314 *
1315 * Function l2cble_send_flow_control_credit
1316 *
1317 * Description This function sends flow control credits for
1318 * LE connection oriented channels.
1319 *
1320 * Returns void
1321 *
1322 ******************************************************************************/
l2cble_send_flow_control_credit(tL2C_CCB * p_ccb,uint16_t credit_value)1323 void l2cble_send_flow_control_credit(tL2C_CCB* p_ccb, uint16_t credit_value) {
1324 if (!p_ccb) return;
1325
1326 if (p_ccb->p_lcb && p_ccb->p_lcb->transport != BT_TRANSPORT_LE) {
1327 L2CAP_TRACE_WARNING("LE link doesn't exist");
1328 return;
1329 }
1330
1331 l2cu_send_peer_ble_flow_control_credit(p_ccb, credit_value);
1332 return;
1333 }
1334
1335 /*******************************************************************************
1336 *
1337 * Function l2cble_send_peer_disc_req
1338 *
1339 * Description This function sends disconnect request
1340 * to the peer LE device
1341 *
1342 * Returns void
1343 *
1344 ******************************************************************************/
l2cble_send_peer_disc_req(tL2C_CCB * p_ccb)1345 void l2cble_send_peer_disc_req(tL2C_CCB* p_ccb) {
1346 L2CAP_TRACE_DEBUG("%s", __func__);
1347 if (!p_ccb) return;
1348
1349 if (p_ccb->p_lcb && p_ccb->p_lcb->transport != BT_TRANSPORT_LE) {
1350 L2CAP_TRACE_WARNING("LE link doesn't exist");
1351 return;
1352 }
1353
1354 l2cu_send_peer_ble_credit_based_disconn_req(p_ccb);
1355 return;
1356 }
1357
1358 /*******************************************************************************
1359 *
1360 * Function l2cble_sec_comp
1361 *
1362 * Description This function is called when security procedure for an LE
1363 * COC link is done
1364 *
1365 * Returns void
1366 *
1367 ******************************************************************************/
l2cble_sec_comp(const RawAddress * bda,tBT_TRANSPORT transport,void * p_ref_data,uint8_t status)1368 void l2cble_sec_comp(const RawAddress* bda, tBT_TRANSPORT transport,
1369 void* p_ref_data, uint8_t status) {
1370 const RawAddress& p_bda = *bda;
1371 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(p_bda, BT_TRANSPORT_LE);
1372 tL2CAP_SEC_DATA* p_buf = NULL;
1373 uint8_t sec_flag;
1374 uint8_t sec_act;
1375
1376 if (!p_lcb) {
1377 L2CAP_TRACE_WARNING("%s: security complete for unknown device. bda=%s",
1378 __func__, bda->ToString().c_str());
1379 return;
1380 }
1381
1382 sec_act = p_lcb->sec_act;
1383 p_lcb->sec_act = 0;
1384
1385 if (!fixed_queue_is_empty(p_lcb->le_sec_pending_q)) {
1386 p_buf = (tL2CAP_SEC_DATA*)fixed_queue_dequeue(p_lcb->le_sec_pending_q);
1387 if (!p_buf) {
1388 L2CAP_TRACE_WARNING(
1389 "%s Security complete for request not initiated from L2CAP",
1390 __func__);
1391 return;
1392 }
1393
1394 if (status != BTM_SUCCESS) {
1395 (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data, status);
1396 } else {
1397 if (sec_act == BTM_SEC_ENCRYPT_MITM) {
1398 BTM_GetSecurityFlagsByTransport(p_bda, &sec_flag, transport);
1399 if (sec_flag & BTM_SEC_FLAG_LKEY_AUTHED)
1400 (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data,
1401 status);
1402 else {
1403 L2CAP_TRACE_DEBUG("%s MITM Protection Not present", __func__);
1404 (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data,
1405 BTM_FAILED_ON_SECURITY);
1406 }
1407 } else {
1408 L2CAP_TRACE_DEBUG("%s MITM Protection not required sec_act = %d",
1409 __func__, p_lcb->sec_act);
1410
1411 (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data,
1412 status);
1413 }
1414 }
1415 } else {
1416 L2CAP_TRACE_WARNING(
1417 "%s Security complete for request not initiated from L2CAP", __func__);
1418 return;
1419 }
1420 osi_free(p_buf);
1421
1422 while (!fixed_queue_is_empty(p_lcb->le_sec_pending_q)) {
1423 p_buf = (tL2CAP_SEC_DATA*)fixed_queue_dequeue(p_lcb->le_sec_pending_q);
1424
1425 if (status != BTM_SUCCESS)
1426 (*(p_buf->p_callback))(p_bda, BT_TRANSPORT_LE, p_buf->p_ref_data, status);
1427 else
1428 l2ble_sec_access_req(p_bda, p_buf->psm, p_buf->is_originator,
1429 p_buf->p_callback, p_buf->p_ref_data);
1430
1431 osi_free(p_buf);
1432 }
1433 }
1434
1435 /*******************************************************************************
1436 *
1437 * Function l2ble_sec_access_req
1438 *
1439 * Description This function is called by LE COC link to meet the
1440 * security requirement for the link
1441 *
1442 * Returns true - security procedures are started
1443 * false - failure
1444 *
1445 ******************************************************************************/
l2ble_sec_access_req(const RawAddress & bd_addr,uint16_t psm,bool is_originator,tL2CAP_SEC_CBACK * p_callback,void * p_ref_data)1446 bool l2ble_sec_access_req(const RawAddress& bd_addr, uint16_t psm,
1447 bool is_originator, tL2CAP_SEC_CBACK* p_callback,
1448 void* p_ref_data) {
1449 L2CAP_TRACE_DEBUG("%s", __func__);
1450 bool status;
1451 tL2C_LCB* p_lcb = NULL;
1452
1453 if (!p_callback) {
1454 L2CAP_TRACE_ERROR("%s No callback function", __func__);
1455 return false;
1456 }
1457
1458 p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_LE);
1459
1460 if (!p_lcb) {
1461 L2CAP_TRACE_ERROR("%s Security check for unknown device", __func__);
1462 p_callback(bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_UNKNOWN_ADDR);
1463 return false;
1464 }
1465
1466 tL2CAP_SEC_DATA* p_buf =
1467 (tL2CAP_SEC_DATA*)osi_malloc((uint16_t)sizeof(tL2CAP_SEC_DATA));
1468 if (!p_buf) {
1469 p_callback(bd_addr, BT_TRANSPORT_LE, p_ref_data, BTM_NO_RESOURCES);
1470 return false;
1471 }
1472
1473 p_buf->psm = psm;
1474 p_buf->is_originator = is_originator;
1475 p_buf->p_callback = p_callback;
1476 p_buf->p_ref_data = p_ref_data;
1477 fixed_queue_enqueue(p_lcb->le_sec_pending_q, p_buf);
1478 status = btm_ble_start_sec_check(bd_addr, psm, is_originator,
1479 &l2cble_sec_comp, p_ref_data);
1480
1481 return status;
1482 }
1483
1484 /* This function is called to adjust the connection intervals based on various
1485 * constraints. For example, when there is at least one Hearing Aid device
1486 * bonded, the minimum interval is raised. On return, min_interval and
1487 * max_interval are updated. */
L2CA_AdjustConnectionIntervals(uint16_t * min_interval,uint16_t * max_interval,uint16_t floor_interval)1488 void L2CA_AdjustConnectionIntervals(uint16_t* min_interval,
1489 uint16_t* max_interval,
1490 uint16_t floor_interval) {
1491 uint16_t phone_min_interval = floor_interval;
1492
1493 if (HearingAid::GetDeviceCount() > 0) {
1494 // When there are bonded Hearing Aid devices, we will constrained this
1495 // minimum interval.
1496 phone_min_interval = BTM_BLE_CONN_INT_MIN_HEARINGAID;
1497 L2CAP_TRACE_DEBUG("%s: Have Hearing Aids. Min. interval is set to %d",
1498 __func__, phone_min_interval);
1499 }
1500
1501 if (*min_interval < phone_min_interval) {
1502 L2CAP_TRACE_DEBUG("%s: requested min_interval=%d too small. Set to %d",
1503 __func__, *min_interval, phone_min_interval);
1504 *min_interval = phone_min_interval;
1505 }
1506
1507 // While this could result in connection parameters that fall
1508 // outside fo the range requested, this will allow the connection
1509 // to remain established.
1510 // In other words, this is a workaround for certain peripherals.
1511 if (*max_interval < phone_min_interval) {
1512 L2CAP_TRACE_DEBUG("%s: requested max_interval=%d too small. Set to %d",
1513 __func__, *max_interval, phone_min_interval);
1514 *max_interval = phone_min_interval;
1515 }
1516 }
1517