1 /******************************************************************************
2 *
3 * Copyright 2001-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * this file contains the main BNEP functions
22 *
23 ******************************************************************************/
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include "bt_target.h"
29
30 #include "bt_common.h"
31 #include "bt_types.h"
32 #include "hcidefs.h"
33 #include "hcimsgs.h"
34
35 #include "l2c_api.h"
36 #include "l2cdefs.h"
37 #include "log/log.h"
38
39 #include "btm_api.h"
40 #include "btu.h"
41
42 #include "bnep_api.h"
43 #include "bnep_int.h"
44 #include "bt_utils.h"
45
46 #include "device/include/controller.h"
47 #include "osi/include/osi.h"
48
49 /******************************************************************************/
50 /* G L O B A L B N E P D A T A */
51 /******************************************************************************/
52 tBNEP_CB bnep_cb;
53
54 const uint16_t bnep_frame_hdr_sizes[] = {14, 1, 2, 8, 8};
55
56 /******************************************************************************/
57 /* L O C A L F U N C T I O N P R O T O T Y P E S */
58 /******************************************************************************/
59 static void bnep_connect_ind(const RawAddress& bd_addr, uint16_t l2cap_cid,
60 uint16_t psm, uint8_t l2cap_id);
61 static void bnep_connect_cfm(uint16_t l2cap_cid, uint16_t result);
62 static void bnep_config_ind(uint16_t l2cap_cid, tL2CAP_CFG_INFO* p_cfg);
63 static void bnep_config_cfm(uint16_t l2cap_cid, tL2CAP_CFG_INFO* p_cfg);
64 static void bnep_disconnect_ind(uint16_t l2cap_cid, bool ack_needed);
65 static void bnep_disconnect_cfm(uint16_t l2cap_cid, uint16_t result);
66 static void bnep_data_ind(uint16_t l2cap_cid, BT_HDR* p_msg);
67 static void bnep_congestion_ind(uint16_t lcid, bool is_congested);
68
69 /*******************************************************************************
70 *
71 * Function bnep_register_with_l2cap
72 *
73 * Description This function registers BNEP PSM with L2CAP
74 *
75 * Returns void
76 *
77 ******************************************************************************/
bnep_register_with_l2cap(void)78 tBNEP_RESULT bnep_register_with_l2cap(void) {
79 /* Initialize the L2CAP configuration. We only care about MTU and flush */
80 memset(&bnep_cb.l2cap_my_cfg, 0, sizeof(tL2CAP_CFG_INFO));
81
82 bnep_cb.l2cap_my_cfg.mtu_present = true;
83 bnep_cb.l2cap_my_cfg.mtu = BNEP_MTU_SIZE;
84 bnep_cb.l2cap_my_cfg.flush_to_present = true;
85 bnep_cb.l2cap_my_cfg.flush_to = BNEP_FLUSH_TO;
86
87 bnep_cb.reg_info.pL2CA_ConnectInd_Cb = bnep_connect_ind;
88 bnep_cb.reg_info.pL2CA_ConnectCfm_Cb = bnep_connect_cfm;
89 bnep_cb.reg_info.pL2CA_ConfigInd_Cb = bnep_config_ind;
90 bnep_cb.reg_info.pL2CA_ConfigCfm_Cb = bnep_config_cfm;
91 bnep_cb.reg_info.pL2CA_DisconnectInd_Cb = bnep_disconnect_ind;
92 bnep_cb.reg_info.pL2CA_DisconnectCfm_Cb = bnep_disconnect_cfm;
93 bnep_cb.reg_info.pL2CA_DataInd_Cb = bnep_data_ind;
94 bnep_cb.reg_info.pL2CA_CongestionStatus_Cb = bnep_congestion_ind;
95
96 /* Now, register with L2CAP */
97 if (!L2CA_Register(BT_PSM_BNEP, &bnep_cb.reg_info)) {
98 BNEP_TRACE_ERROR("BNEP - Registration failed");
99 return BNEP_SECURITY_FAIL;
100 }
101
102 return BNEP_SUCCESS;
103 }
104
105 /*******************************************************************************
106 *
107 * Function bnep_connect_ind
108 *
109 * Description This function handles an inbound connection indication
110 * from L2CAP. This is the case where we are acting as a
111 * server.
112 *
113 * Returns void
114 *
115 ******************************************************************************/
bnep_connect_ind(const RawAddress & bd_addr,uint16_t l2cap_cid,UNUSED_ATTR uint16_t psm,uint8_t l2cap_id)116 static void bnep_connect_ind(const RawAddress& bd_addr, uint16_t l2cap_cid,
117 UNUSED_ATTR uint16_t psm, uint8_t l2cap_id) {
118 tBNEP_CONN* p_bcb = bnepu_find_bcb_by_bd_addr(bd_addr);
119
120 /* If we are not acting as server, or already have a connection, or have */
121 /* no more resources to handle the connection, reject the connection. */
122 if (!(bnep_cb.profile_registered) || (p_bcb) ||
123 ((p_bcb = bnepu_allocate_bcb(bd_addr)) == NULL)) {
124 L2CA_ConnectRsp(bd_addr, l2cap_id, l2cap_cid, L2CAP_CONN_NO_PSM, 0);
125 return;
126 }
127
128 /* Transition to the next appropriate state, waiting for config setup. */
129 p_bcb->con_state = BNEP_STATE_CFG_SETUP;
130
131 /* Save the L2CAP Channel ID. */
132 p_bcb->l2cap_cid = l2cap_cid;
133
134 /* Send response to the L2CAP layer. */
135 L2CA_ConnectRsp(bd_addr, l2cap_id, l2cap_cid, L2CAP_CONN_OK, L2CAP_CONN_OK);
136
137 /* Send a Configuration Request. */
138 L2CA_ConfigReq(l2cap_cid, &bnep_cb.l2cap_my_cfg);
139
140 /* Start timer waiting for config setup */
141 alarm_set_on_mloop(p_bcb->conn_timer, BNEP_CONN_TIMEOUT_MS,
142 bnep_conn_timer_timeout, p_bcb);
143
144 BNEP_TRACE_EVENT("BNEP - Rcvd L2CAP conn ind, CID: 0x%x", p_bcb->l2cap_cid);
145 }
146
147 /*******************************************************************************
148 *
149 * Function bnep_connect_cfm
150 *
151 * Description This function handles the connect confirm events
152 * from L2CAP. This is the case when we are acting as a
153 * client and have sent a connect request.
154 *
155 * Returns void
156 *
157 ******************************************************************************/
bnep_connect_cfm(uint16_t l2cap_cid,uint16_t result)158 static void bnep_connect_cfm(uint16_t l2cap_cid, uint16_t result) {
159 tBNEP_CONN* p_bcb;
160
161 /* Find CCB based on CID */
162 p_bcb = bnepu_find_bcb_by_cid(l2cap_cid);
163 if (p_bcb == NULL) {
164 BNEP_TRACE_WARNING("BNEP - Rcvd conn cnf for unknown CID 0x%x", l2cap_cid);
165 return;
166 }
167
168 /* If the connection response contains success status, then */
169 /* Transition to the next state and startup the timer. */
170 if ((result == L2CAP_CONN_OK) &&
171 (p_bcb->con_state == BNEP_STATE_CONN_START)) {
172 p_bcb->con_state = BNEP_STATE_CFG_SETUP;
173
174 /* Send a Configuration Request. */
175 L2CA_ConfigReq(l2cap_cid, &bnep_cb.l2cap_my_cfg);
176
177 /* Start timer waiting for config results */
178 alarm_set_on_mloop(p_bcb->conn_timer, BNEP_CONN_TIMEOUT_MS,
179 bnep_conn_timer_timeout, p_bcb);
180
181 BNEP_TRACE_EVENT("BNEP - got conn cnf, sent cfg req, CID: 0x%x",
182 p_bcb->l2cap_cid);
183 } else {
184 BNEP_TRACE_WARNING("BNEP - Rcvd conn cnf with error: 0x%x CID 0x%x",
185 result, p_bcb->l2cap_cid);
186
187 /* Tell the upper layer, if he has a callback */
188 if (bnep_cb.p_conn_state_cb && p_bcb->con_flags & BNEP_FLAGS_IS_ORIG) {
189 (*bnep_cb.p_conn_state_cb)(p_bcb->handle, p_bcb->rem_bda,
190 BNEP_CONN_FAILED, false);
191 }
192
193 bnepu_release_bcb(p_bcb);
194 }
195 }
196
197 /*******************************************************************************
198 *
199 * Function bnep_config_ind
200 *
201 * Description This function processes the L2CAP configuration indication
202 * event.
203 *
204 * Returns void
205 *
206 ******************************************************************************/
bnep_config_ind(uint16_t l2cap_cid,tL2CAP_CFG_INFO * p_cfg)207 static void bnep_config_ind(uint16_t l2cap_cid, tL2CAP_CFG_INFO* p_cfg) {
208 tBNEP_CONN* p_bcb;
209 uint16_t result, mtu = 0;
210
211 /* Find CCB based on CID */
212 p_bcb = bnepu_find_bcb_by_cid(l2cap_cid);
213 if (p_bcb == NULL) {
214 BNEP_TRACE_WARNING("BNEP - Rcvd L2CAP cfg ind, unknown CID: 0x%x",
215 l2cap_cid);
216 return;
217 }
218
219 BNEP_TRACE_EVENT("BNEP - Rcvd cfg ind, CID: 0x%x", l2cap_cid);
220
221 /* Remember the remote MTU size */
222 if ((!p_cfg->mtu_present) || (p_cfg->mtu < BNEP_MIN_MTU_SIZE)) {
223 mtu = p_cfg->mtu;
224 p_cfg->flush_to_present = false;
225 p_cfg->mtu_present = true;
226 p_cfg->mtu = BNEP_MIN_MTU_SIZE;
227 p_cfg->result = result = L2CAP_CFG_UNACCEPTABLE_PARAMS;
228 } else {
229 if (p_cfg->mtu > BNEP_MTU_SIZE)
230 p_bcb->rem_mtu_size = BNEP_MTU_SIZE;
231 else
232 p_bcb->rem_mtu_size = p_cfg->mtu;
233
234 /* For now, always accept configuration from the other side */
235 p_cfg->flush_to_present = false;
236 p_cfg->mtu_present = false;
237 p_cfg->result = result = L2CAP_CFG_OK;
238 }
239
240 L2CA_ConfigRsp(l2cap_cid, p_cfg);
241
242 if (result != L2CAP_CFG_OK) {
243 BNEP_TRACE_EVENT("BNEP - Rcvd cfg ind with bad MTU %d, CID: 0x%x", mtu,
244 l2cap_cid);
245 return;
246 }
247
248 p_bcb->con_flags |= BNEP_FLAGS_HIS_CFG_DONE;
249
250 if (p_bcb->con_flags & BNEP_FLAGS_MY_CFG_DONE) {
251 p_bcb->con_state = BNEP_STATE_SEC_CHECKING;
252
253 /* Start timer waiting for setup or response */
254 alarm_set_on_mloop(p_bcb->conn_timer, BNEP_HOST_TIMEOUT_MS,
255 bnep_conn_timer_timeout, p_bcb);
256
257 if (p_bcb->con_flags & BNEP_FLAGS_IS_ORIG) {
258 btm_sec_mx_access_request(p_bcb->rem_bda, BT_PSM_BNEP, true,
259 BTM_SEC_PROTO_BNEP, p_bcb->src_uuid.As32Bit(),
260 &bnep_sec_check_complete, p_bcb);
261 }
262 }
263 }
264
265 /*******************************************************************************
266 *
267 * Function bnep_config_cfm
268 *
269 * Description This function processes the L2CAP configuration confirmation
270 * event.
271 *
272 * Returns void
273 *
274 ******************************************************************************/
bnep_config_cfm(uint16_t l2cap_cid,tL2CAP_CFG_INFO * p_cfg)275 static void bnep_config_cfm(uint16_t l2cap_cid, tL2CAP_CFG_INFO* p_cfg) {
276 tBNEP_CONN* p_bcb;
277
278 BNEP_TRACE_EVENT("BNEP - Rcvd cfg cfm, CID: 0x%x Result: %d", l2cap_cid,
279 p_cfg->result);
280
281 /* Find CCB based on CID */
282 p_bcb = bnepu_find_bcb_by_cid(l2cap_cid);
283 if (p_bcb == NULL) {
284 BNEP_TRACE_WARNING("BNEP - Rcvd L2CAP cfg ind, unknown CID: 0x%x",
285 l2cap_cid);
286 return;
287 }
288
289 /* For now, always accept configuration from the other side */
290 if (p_cfg->result == L2CAP_CFG_OK) {
291 p_bcb->con_flags |= BNEP_FLAGS_MY_CFG_DONE;
292
293 if (p_bcb->con_flags & BNEP_FLAGS_HIS_CFG_DONE) {
294 p_bcb->con_state = BNEP_STATE_SEC_CHECKING;
295
296 /* Start timer waiting for setup or response */
297 alarm_set_on_mloop(p_bcb->conn_timer, BNEP_HOST_TIMEOUT_MS,
298 bnep_conn_timer_timeout, p_bcb);
299
300 if (p_bcb->con_flags & BNEP_FLAGS_IS_ORIG) {
301 btm_sec_mx_access_request(p_bcb->rem_bda, BT_PSM_BNEP, true,
302 BTM_SEC_PROTO_BNEP, p_bcb->src_uuid.As32Bit(),
303 &bnep_sec_check_complete, p_bcb);
304 }
305 }
306 } else {
307 /* Tell the upper layer, if he has a callback */
308 if ((p_bcb->con_flags & BNEP_FLAGS_IS_ORIG) && (bnep_cb.p_conn_state_cb)) {
309 (*bnep_cb.p_conn_state_cb)(p_bcb->handle, p_bcb->rem_bda,
310 BNEP_CONN_FAILED_CFG, false);
311 }
312
313 L2CA_DisconnectReq(p_bcb->l2cap_cid);
314
315 bnepu_release_bcb(p_bcb);
316 }
317 }
318
319 /*******************************************************************************
320 *
321 * Function bnep_disconnect_ind
322 *
323 * Description This function handles a disconnect event from L2CAP. If
324 * requested to, we ack the disconnect before dropping the CCB
325 *
326 * Returns void
327 *
328 ******************************************************************************/
bnep_disconnect_ind(uint16_t l2cap_cid,bool ack_needed)329 static void bnep_disconnect_ind(uint16_t l2cap_cid, bool ack_needed) {
330 tBNEP_CONN* p_bcb;
331
332 if (ack_needed) L2CA_DisconnectRsp(l2cap_cid);
333
334 /* Find CCB based on CID */
335 p_bcb = bnepu_find_bcb_by_cid(l2cap_cid);
336 if (p_bcb == NULL) {
337 BNEP_TRACE_WARNING("BNEP - Rcvd L2CAP disc, unknown CID: 0x%x", l2cap_cid);
338 return;
339 }
340
341 BNEP_TRACE_EVENT("BNEP - Rcvd L2CAP disc, CID: 0x%x", l2cap_cid);
342
343 /* Tell the user if he has a callback */
344 if (p_bcb->con_state == BNEP_STATE_CONNECTED) {
345 if (bnep_cb.p_conn_state_cb)
346 (*bnep_cb.p_conn_state_cb)(p_bcb->handle, p_bcb->rem_bda,
347 BNEP_CONN_DISCONNECTED, false);
348 } else {
349 if ((bnep_cb.p_conn_state_cb) &&
350 ((p_bcb->con_flags & BNEP_FLAGS_IS_ORIG) ||
351 (p_bcb->con_flags & BNEP_FLAGS_CONN_COMPLETED)))
352 (*bnep_cb.p_conn_state_cb)(p_bcb->handle, p_bcb->rem_bda,
353 BNEP_CONN_FAILED, false);
354 }
355
356 bnepu_release_bcb(p_bcb);
357 }
358
359 /*******************************************************************************
360 *
361 * Function bnep_disconnect_cfm
362 *
363 * Description This function gets the disconnect confirm event from L2CAP
364 *
365 * Returns void
366 *
367 ******************************************************************************/
bnep_disconnect_cfm(uint16_t l2cap_cid,uint16_t result)368 static void bnep_disconnect_cfm(uint16_t l2cap_cid, uint16_t result) {
369 BNEP_TRACE_EVENT("BNEP - Rcvd L2CAP disc cfm, CID: 0x%x, Result 0x%x",
370 l2cap_cid, result);
371 }
372
373 /*******************************************************************************
374 *
375 * Function bnep_congestion_ind
376 *
377 * Description This is a callback function called by L2CAP when
378 * congestion status changes
379 *
380 ******************************************************************************/
bnep_congestion_ind(uint16_t l2cap_cid,bool is_congested)381 static void bnep_congestion_ind(uint16_t l2cap_cid, bool is_congested) {
382 tBNEP_CONN* p_bcb;
383
384 /* Find BCB based on CID */
385 p_bcb = bnepu_find_bcb_by_cid(l2cap_cid);
386 if (p_bcb == NULL) {
387 BNEP_TRACE_WARNING("BNEP - Rcvd L2CAP cong, unknown CID: 0x%x", l2cap_cid);
388 return;
389 }
390
391 if (is_congested) {
392 p_bcb->con_flags |= BNEP_FLAGS_L2CAP_CONGESTED;
393 if (bnep_cb.p_tx_data_flow_cb) {
394 bnep_cb.p_tx_data_flow_cb(p_bcb->handle, BNEP_TX_FLOW_OFF);
395 }
396 } else {
397 p_bcb->con_flags &= ~BNEP_FLAGS_L2CAP_CONGESTED;
398
399 if (bnep_cb.p_tx_data_flow_cb) {
400 bnep_cb.p_tx_data_flow_cb(p_bcb->handle, BNEP_TX_FLOW_ON);
401 }
402
403 /* While not congested, send as many buffers as we can */
404 while (!(p_bcb->con_flags & BNEP_FLAGS_L2CAP_CONGESTED)) {
405 BT_HDR* p_buf = (BT_HDR*)fixed_queue_try_dequeue(p_bcb->xmit_q);
406
407 if (!p_buf) break;
408
409 L2CA_DataWrite(l2cap_cid, p_buf);
410 }
411 }
412 }
413
414 /*******************************************************************************
415 *
416 * Function bnep_data_ind
417 *
418 * Description This function is called when data is received from L2CAP.
419 * if we are the originator of the connection, we are the SDP
420 * client, and the received message is queued for the client.
421 *
422 * If we are the destination of the connection, we are the SDP
423 * server, so the message is passed to the server processing
424 * function.
425 *
426 * Returns void
427 *
428 ******************************************************************************/
bnep_data_ind(uint16_t l2cap_cid,BT_HDR * p_buf)429 static void bnep_data_ind(uint16_t l2cap_cid, BT_HDR* p_buf) {
430 tBNEP_CONN* p_bcb;
431 uint8_t* p = (uint8_t*)(p_buf + 1) + p_buf->offset;
432 uint16_t rem_len = p_buf->len;
433 if (rem_len == 0) {
434 android_errorWriteLog(0x534e4554, "78286118");
435 osi_free(p_buf);
436 return;
437 }
438 uint8_t type, ctrl_type, ext_type = 0;
439 bool extension_present, fw_ext_present;
440 uint16_t protocol = 0;
441
442 /* Find CCB based on CID */
443 p_bcb = bnepu_find_bcb_by_cid(l2cap_cid);
444 if (p_bcb == NULL) {
445 BNEP_TRACE_WARNING("BNEP - Rcvd L2CAP data, unknown CID: 0x%x", l2cap_cid);
446 osi_free(p_buf);
447 return;
448 }
449
450 /* Get the type and extension bits */
451 type = *p++;
452 extension_present = type >> 7;
453 type &= 0x7f;
454 if (type >= sizeof(bnep_frame_hdr_sizes) / sizeof(bnep_frame_hdr_sizes[0])) {
455 BNEP_TRACE_EVENT("BNEP - rcvd frame, bad type: 0x%02x", type);
456 android_errorWriteLog(0x534e4554, "68818034");
457 osi_free(p_buf);
458 return;
459 }
460 if ((rem_len <= bnep_frame_hdr_sizes[type]) || (rem_len > BNEP_MTU_SIZE)) {
461 BNEP_TRACE_EVENT("BNEP - rcvd frame, bad len: %d type: 0x%02x", p_buf->len,
462 type);
463 osi_free(p_buf);
464 return;
465 }
466
467 rem_len--;
468
469 if ((p_bcb->con_state != BNEP_STATE_CONNECTED) &&
470 (!(p_bcb->con_flags & BNEP_FLAGS_CONN_COMPLETED)) &&
471 (type != BNEP_FRAME_CONTROL)) {
472 BNEP_TRACE_WARNING(
473 "BNEP - Ignored L2CAP data while in state: %d, CID: 0x%x",
474 p_bcb->con_state, l2cap_cid);
475
476 if (extension_present) {
477 /*
478 ** When there is no connection if a data packet is received
479 ** with unknown control extension headers then those should be processed
480 ** according to complain/ignore law
481 */
482 uint8_t ext, length;
483 uint16_t org_len, new_len;
484 /* parse the extension headers and process unknown control headers */
485 org_len = rem_len;
486 do {
487 if (org_len < 2) {
488 android_errorWriteLog(0x534e4554, "67863755");
489 break;
490 }
491 ext = *p++;
492 length = *p++;
493
494 new_len = (length + 2);
495 if (new_len > org_len) {
496 android_errorWriteLog(0x534e4554, "67863755");
497 break;
498 }
499
500 if ((ext & 0x7F) == BNEP_EXTENSION_FILTER_CONTROL) {
501 if (length == 0) {
502 android_errorWriteLog(0x534e4554, "79164722");
503 break;
504 }
505 if (*p > BNEP_FILTER_MULTI_ADDR_RESPONSE_MSG) {
506 bnep_send_command_not_understood(p_bcb, *p);
507 }
508 }
509
510 p += length;
511
512 org_len -= new_len;
513 } while (ext & 0x80);
514 }
515 osi_free(p_buf);
516 return;
517 }
518
519 if (type > BNEP_FRAME_COMPRESSED_ETHERNET_DEST_ONLY) {
520 BNEP_TRACE_EVENT("BNEP - rcvd frame, unknown type: 0x%02x", type);
521 osi_free(p_buf);
522 return;
523 }
524
525 BNEP_TRACE_DEBUG("BNEP - rcv frame, type: %d len: %d Ext: %d", type,
526 p_buf->len, extension_present);
527
528 /* Initialize addresses to 'not supplied' */
529 const RawAddress *p_src_addr, *p_dst_addr;
530 p_src_addr = p_dst_addr = NULL;
531
532 switch (type) {
533 case BNEP_FRAME_GENERAL_ETHERNET:
534 p_dst_addr = (RawAddress*)p;
535 p += BD_ADDR_LEN;
536 p_src_addr = (RawAddress*)p;
537 p += BD_ADDR_LEN;
538 BE_STREAM_TO_UINT16(protocol, p);
539 rem_len -= 14;
540 break;
541
542 case BNEP_FRAME_CONTROL:
543 ctrl_type = *p;
544 p = bnep_process_control_packet(p_bcb, p, &rem_len, false);
545
546 if (ctrl_type == BNEP_SETUP_CONNECTION_REQUEST_MSG &&
547 p_bcb->con_state != BNEP_STATE_CONNECTED && extension_present && p &&
548 rem_len) {
549 osi_free(p_bcb->p_pending_data);
550 p_bcb->p_pending_data = (BT_HDR*)osi_malloc(rem_len + sizeof(BT_HDR));
551 memcpy((uint8_t*)(p_bcb->p_pending_data + 1), p, rem_len);
552 p_bcb->p_pending_data->len = rem_len;
553 p_bcb->p_pending_data->offset = 0;
554 } else {
555 while (extension_present && p && rem_len) {
556 ext_type = *p++;
557 rem_len--;
558 extension_present = ext_type >> 7;
559 ext_type &= 0x7F;
560
561 /* if unknown extension present stop processing */
562 if (ext_type != BNEP_EXTENSION_FILTER_CONTROL) break;
563
564 android_errorWriteLog(0x534e4554, "69271284");
565 p = bnep_process_control_packet(p_bcb, p, &rem_len, true);
566 }
567 }
568 osi_free(p_buf);
569 return;
570
571 case BNEP_FRAME_COMPRESSED_ETHERNET:
572 BE_STREAM_TO_UINT16(protocol, p);
573 rem_len -= 2;
574 break;
575
576 case BNEP_FRAME_COMPRESSED_ETHERNET_SRC_ONLY:
577 p_src_addr = (RawAddress*)p;
578 p += BD_ADDR_LEN;
579 BE_STREAM_TO_UINT16(protocol, p);
580 rem_len -= 8;
581 break;
582
583 case BNEP_FRAME_COMPRESSED_ETHERNET_DEST_ONLY:
584 p_dst_addr = (RawAddress*)p;
585 p += BD_ADDR_LEN;
586 BE_STREAM_TO_UINT16(protocol, p);
587 rem_len -= 8;
588 break;
589 }
590
591 /* Process the header extension if there is one */
592 while (extension_present && p && rem_len) {
593 ext_type = *p;
594 extension_present = ext_type >> 7;
595 ext_type &= 0x7F;
596
597 /* if unknown extension present stop processing */
598 if (ext_type) {
599 BNEP_TRACE_EVENT("Data extension type 0x%x found", ext_type);
600 break;
601 }
602
603 p++;
604 rem_len--;
605 p = bnep_process_control_packet(p_bcb, p, &rem_len, true);
606 }
607
608 p_buf->offset += p_buf->len - rem_len;
609 p_buf->len = rem_len;
610
611 /* Always give the upper layer MAC addresses */
612 if (!p_src_addr) p_src_addr = &p_bcb->rem_bda;
613
614 if (!p_dst_addr) p_dst_addr = controller_get_interface()->get_address();
615
616 /* check whether there are any extensions to be forwarded */
617 if (ext_type)
618 fw_ext_present = true;
619 else
620 fw_ext_present = false;
621
622 if (bnep_cb.p_data_buf_cb) {
623 (*bnep_cb.p_data_buf_cb)(p_bcb->handle, *p_src_addr, *p_dst_addr, protocol,
624 p_buf, fw_ext_present);
625 } else if (bnep_cb.p_data_ind_cb) {
626 (*bnep_cb.p_data_ind_cb)(p_bcb->handle, *p_src_addr, *p_dst_addr, protocol,
627 p, rem_len, fw_ext_present);
628 osi_free(p_buf);
629 }
630 }
631
632 /*******************************************************************************
633 *
634 * Function bnep_conn_timer_timeout
635 *
636 * Description This function processes a timeout. If it is a startup
637 * timeout, we check for reading our BD address. If it
638 * is an L2CAP timeout, we send a disconnect req to L2CAP.
639 *
640 * Returns void
641 *
642 ******************************************************************************/
bnep_conn_timer_timeout(void * data)643 void bnep_conn_timer_timeout(void* data) {
644 tBNEP_CONN* p_bcb = (tBNEP_CONN*)data;
645
646 BNEP_TRACE_EVENT(
647 "BNEP - CCB timeout in state: %d CID: 0x%x flags %x, re_transmit %d",
648 p_bcb->con_state, p_bcb->l2cap_cid, p_bcb->con_flags,
649 p_bcb->re_transmits);
650
651 if (p_bcb->con_state == BNEP_STATE_CONN_SETUP) {
652 BNEP_TRACE_EVENT("BNEP - CCB timeout in state: %d CID: 0x%x",
653 p_bcb->con_state, p_bcb->l2cap_cid);
654
655 if (!(p_bcb->con_flags & BNEP_FLAGS_IS_ORIG)) {
656 L2CA_DisconnectReq(p_bcb->l2cap_cid);
657
658 bnepu_release_bcb(p_bcb);
659 return;
660 }
661
662 if (p_bcb->re_transmits++ != BNEP_MAX_RETRANSMITS) {
663 bnep_send_conn_req(p_bcb);
664 alarm_set_on_mloop(p_bcb->conn_timer, BNEP_CONN_TIMEOUT_MS,
665 bnep_conn_timer_timeout, p_bcb);
666 } else {
667 L2CA_DisconnectReq(p_bcb->l2cap_cid);
668
669 if ((p_bcb->con_flags & BNEP_FLAGS_IS_ORIG) && (bnep_cb.p_conn_state_cb))
670 (*bnep_cb.p_conn_state_cb)(p_bcb->handle, p_bcb->rem_bda,
671 BNEP_CONN_FAILED, false);
672
673 bnepu_release_bcb(p_bcb);
674 return;
675 }
676 } else if (p_bcb->con_state != BNEP_STATE_CONNECTED) {
677 BNEP_TRACE_EVENT("BNEP - CCB timeout in state: %d CID: 0x%x",
678 p_bcb->con_state, p_bcb->l2cap_cid);
679
680 L2CA_DisconnectReq(p_bcb->l2cap_cid);
681
682 /* Tell the user if he has a callback */
683 if ((p_bcb->con_flags & BNEP_FLAGS_IS_ORIG) && (bnep_cb.p_conn_state_cb))
684 (*bnep_cb.p_conn_state_cb)(p_bcb->handle, p_bcb->rem_bda,
685 BNEP_CONN_FAILED, false);
686
687 bnepu_release_bcb(p_bcb);
688 } else if (p_bcb->con_flags & BNEP_FLAGS_FILTER_RESP_PEND) {
689 if (p_bcb->re_transmits++ != BNEP_MAX_RETRANSMITS) {
690 bnepu_send_peer_our_filters(p_bcb);
691 alarm_set_on_mloop(p_bcb->conn_timer, BNEP_FILTER_SET_TIMEOUT_MS,
692 bnep_conn_timer_timeout, p_bcb);
693 } else {
694 L2CA_DisconnectReq(p_bcb->l2cap_cid);
695
696 /* Tell the user if he has a callback */
697 if (bnep_cb.p_conn_state_cb)
698 (*bnep_cb.p_conn_state_cb)(p_bcb->handle, p_bcb->rem_bda,
699 BNEP_SET_FILTER_FAIL, false);
700
701 bnepu_release_bcb(p_bcb);
702 return;
703 }
704 } else if (p_bcb->con_flags & BNEP_FLAGS_MULTI_RESP_PEND) {
705 if (p_bcb->re_transmits++ != BNEP_MAX_RETRANSMITS) {
706 bnepu_send_peer_our_multi_filters(p_bcb);
707 alarm_set_on_mloop(p_bcb->conn_timer, BNEP_FILTER_SET_TIMEOUT_MS,
708 bnep_conn_timer_timeout, p_bcb);
709 } else {
710 L2CA_DisconnectReq(p_bcb->l2cap_cid);
711
712 /* Tell the user if he has a callback */
713 if (bnep_cb.p_conn_state_cb)
714 (*bnep_cb.p_conn_state_cb)(p_bcb->handle, p_bcb->rem_bda,
715 BNEP_SET_FILTER_FAIL, false);
716
717 bnepu_release_bcb(p_bcb);
718 return;
719 }
720 }
721 }
722
723 /*******************************************************************************
724 *
725 * Function bnep_connected
726 *
727 * Description This function is called when a connection is established
728 * (after config).
729 *
730 * Returns void
731 *
732 ******************************************************************************/
bnep_connected(tBNEP_CONN * p_bcb)733 void bnep_connected(tBNEP_CONN* p_bcb) {
734 bool is_role_change;
735
736 if (p_bcb->con_flags & BNEP_FLAGS_CONN_COMPLETED)
737 is_role_change = true;
738 else
739 is_role_change = false;
740
741 p_bcb->con_state = BNEP_STATE_CONNECTED;
742 p_bcb->con_flags |= BNEP_FLAGS_CONN_COMPLETED;
743 p_bcb->con_flags &= (~BNEP_FLAGS_SETUP_RCVD);
744
745 /* Ensure timer is stopped */
746 alarm_cancel(p_bcb->conn_timer);
747 p_bcb->re_transmits = 0;
748
749 /* Tell the upper layer, if he has a callback */
750 if (bnep_cb.p_conn_state_cb)
751 (*bnep_cb.p_conn_state_cb)(p_bcb->handle, p_bcb->rem_bda, BNEP_SUCCESS,
752 is_role_change);
753 }
754