1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains state machine and action routines for a port of the
22 * RFCOMM unit
23 *
24 ******************************************************************************/
25 #include <string.h>
26 #include "bt_common.h"
27 #include "bt_target.h"
28 #include "bt_utils.h"
29 #include "btm_api.h"
30 #include "osi/include/osi.h"
31 #include "port_api.h"
32 #include "port_int.h"
33 #include "rfc_int.h"
34 #include "rfcdefs.h"
35
36 #include <set>
37 #include "hci/include/btsnoop.h"
38 #include "stack/btm/btm_sec.h"
39
40 static const std::set<uint16_t> uuid_logging_acceptlist = {
41 UUID_SERVCLASS_HEADSET_AUDIO_GATEWAY,
42 UUID_SERVCLASS_AG_HANDSFREE,
43 };
44
45 /******************************************************************************/
46 /* L O C A L F U N C T I O N P R O T O T Y P E S */
47 /******************************************************************************/
48 static void rfc_port_sm_state_closed(tPORT* p_port, uint16_t event,
49 void* p_data);
50 static void rfc_port_sm_sabme_wait_ua(tPORT* p_port, uint16_t event,
51 void* p_data);
52 static void rfc_port_sm_opened(tPORT* p_port, uint16_t event, void* p_data);
53 static void rfc_port_sm_orig_wait_sec_check(tPORT* p_port, uint16_t event,
54 void* p_data);
55 static void rfc_port_sm_term_wait_sec_check(tPORT* p_port, uint16_t event,
56 void* p_data);
57 static void rfc_port_sm_disc_wait_ua(tPORT* p_port, uint16_t event,
58 void* p_data);
59
60 static void rfc_port_uplink_data(tPORT* p_port, BT_HDR* p_buf);
61
62 static void rfc_set_port_state(tPORT_STATE* port_pars, MX_FRAME* p_frame);
63
64 /*******************************************************************************
65 *
66 * Function rfc_port_sm_execute
67 *
68 * Description This function sends port events through the state
69 * machine.
70 *
71 * Returns void
72 *
73 ******************************************************************************/
rfc_port_sm_execute(tPORT * p_port,uint16_t event,void * p_data)74 void rfc_port_sm_execute(tPORT* p_port, uint16_t event, void* p_data) {
75 CHECK(p_port != nullptr) << __func__ << ": NULL port event " << event;
76 VLOG(1) << __func__ << ": BD_ADDR=" << p_port->bd_addr
77 << ", PORT=" << std::to_string(p_port->handle)
78 << ", STATE=" << std::to_string(p_port->rfc.state)
79 << ", EVENT=" << event;
80 switch (p_port->rfc.state) {
81 case RFC_STATE_CLOSED:
82 rfc_port_sm_state_closed(p_port, event, p_data);
83 break;
84
85 case RFC_STATE_SABME_WAIT_UA:
86 rfc_port_sm_sabme_wait_ua(p_port, event, p_data);
87 break;
88
89 case RFC_STATE_ORIG_WAIT_SEC_CHECK:
90 rfc_port_sm_orig_wait_sec_check(p_port, event, p_data);
91 break;
92
93 case RFC_STATE_TERM_WAIT_SEC_CHECK:
94 rfc_port_sm_term_wait_sec_check(p_port, event, p_data);
95 break;
96
97 case RFC_STATE_OPENED:
98 rfc_port_sm_opened(p_port, event, p_data);
99 break;
100
101 case RFC_STATE_DISC_WAIT_UA:
102 rfc_port_sm_disc_wait_ua(p_port, event, p_data);
103 break;
104 }
105 }
106
107 /*******************************************************************************
108 *
109 * Function rfc_port_sm_state_closed
110 *
111 * Description This function handles events when the port is in
112 * CLOSED state. This state exists when port is
113 * being initially established.
114 *
115 * Returns void
116 *
117 ******************************************************************************/
rfc_port_sm_state_closed(tPORT * p_port,uint16_t event,void * p_data)118 void rfc_port_sm_state_closed(tPORT* p_port, uint16_t event, void* p_data) {
119 uint32_t scn = (uint32_t)(p_port->dlci / 2);
120 switch (event) {
121 case RFC_EVENT_OPEN:
122 p_port->rfc.state = RFC_STATE_ORIG_WAIT_SEC_CHECK;
123 if (rfcomm_security_records.count(scn) == 0) {
124 rfc_sec_check_complete(nullptr, BT_TRANSPORT_BR_EDR, p_port,
125 BTM_NO_RESOURCES);
126 return;
127 }
128 btm_sec_mx_access_request(p_port->rfc.p_mcb->bd_addr, true,
129 rfcomm_security_records[scn],
130 &rfc_sec_check_complete, p_port);
131 return;
132
133 case RFC_EVENT_CLOSE:
134 break;
135
136 case RFC_EVENT_CLEAR:
137 return;
138
139 case RFC_EVENT_DATA:
140 osi_free(p_data);
141 break;
142
143 case RFC_EVENT_SABME:
144 /* make sure the multiplexer disconnect timer is not running (reconnect
145 * case) */
146 rfc_timer_stop(p_port->rfc.p_mcb);
147
148 /* Open will be continued after security checks are passed */
149 p_port->rfc.state = RFC_STATE_TERM_WAIT_SEC_CHECK;
150 if (rfcomm_security_records.count(scn) == 0) {
151 rfc_sec_check_complete(nullptr, BT_TRANSPORT_BR_EDR, p_port,
152 BTM_NO_RESOURCES);
153 return;
154 }
155 btm_sec_mx_access_request(p_port->rfc.p_mcb->bd_addr, true,
156 rfcomm_security_records[scn],
157 &rfc_sec_check_complete, p_port);
158 return;
159
160 case RFC_EVENT_UA:
161 return;
162
163 case RFC_EVENT_DM:
164 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DM, index=%d", __func__,
165 p_port->handle);
166 rfc_port_closed(p_port);
167 return;
168
169 case RFC_EVENT_UIH:
170 osi_free(p_data);
171 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, false);
172 return;
173
174 case RFC_EVENT_DISC:
175 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, false);
176 return;
177
178 case RFC_EVENT_TIMEOUT:
179 Port_TimeOutCloseMux(p_port->rfc.p_mcb);
180 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
181 event);
182 return;
183 }
184
185 RFCOMM_TRACE_WARNING("Port state closed Event ignored %d", event);
186 return;
187 }
188
189 /*******************************************************************************
190 *
191 * Function rfc_port_sm_sabme_wait_ua
192 *
193 * Description This function handles events when SABME on the DLC was
194 * sent and SM is waiting for UA or DM.
195 *
196 * Returns void
197 *
198 ******************************************************************************/
rfc_port_sm_sabme_wait_ua(tPORT * p_port,uint16_t event,void * p_data)199 void rfc_port_sm_sabme_wait_ua(tPORT* p_port, uint16_t event, void* p_data) {
200 switch (event) {
201 case RFC_EVENT_OPEN:
202 case RFC_EVENT_ESTABLISH_RSP:
203 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
204 event);
205 return;
206
207 case RFC_EVENT_CLOSE:
208 rfc_port_timer_start(p_port, RFC_DISC_TIMEOUT);
209 rfc_send_disc(p_port->rfc.p_mcb, p_port->dlci);
210 p_port->rfc.expected_rsp = 0;
211 p_port->rfc.state = RFC_STATE_DISC_WAIT_UA;
212 return;
213
214 case RFC_EVENT_CLEAR:
215 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_CLEAR, index=%d", __func__,
216 p_port->handle);
217 rfc_port_closed(p_port);
218 return;
219
220 case RFC_EVENT_DATA:
221 osi_free(p_data);
222 break;
223
224 case RFC_EVENT_UA:
225 rfc_port_timer_stop(p_port);
226 p_port->rfc.state = RFC_STATE_OPENED;
227
228 if (uuid_logging_acceptlist.find(p_port->uuid) !=
229 uuid_logging_acceptlist.end()) {
230 btsnoop_get_interface()->allowlist_rfc_dlci(p_port->rfc.p_mcb->lcid,
231 p_port->dlci);
232 }
233
234 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
235 p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_SUCCESS);
236 return;
237
238 case RFC_EVENT_DM:
239 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DM, index=%d", __func__,
240 p_port->handle);
241 p_port->rfc.p_mcb->is_disc_initiator = true;
242 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
243 p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_ERROR);
244 rfc_port_closed(p_port);
245 return;
246
247 case RFC_EVENT_DISC:
248 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DISC, index=%d", __func__,
249 p_port->handle);
250 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
251 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
252 p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_ERROR);
253 rfc_port_closed(p_port);
254 return;
255
256 case RFC_EVENT_SABME:
257 /* Continue to wait for the UA the SABME this side sent */
258 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
259 return;
260
261 case RFC_EVENT_UIH:
262 osi_free(p_data);
263 return;
264
265 case RFC_EVENT_TIMEOUT:
266 p_port->rfc.state = RFC_STATE_CLOSED;
267 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
268 p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_ERROR);
269 return;
270 }
271 RFCOMM_TRACE_WARNING("Port state sabme_wait_ua Event ignored %d", event);
272 }
273
274 /*******************************************************************************
275 *
276 * Function rfc_port_sm_term_wait_sec_check
277 *
278 * Description This function handles events for the port in the
279 * WAIT_SEC_CHECK state. SABME has been received from the
280 * peer and Security Manager verifes address, before we can
281 * send ESTABLISH_IND to the Port entity
282 *
283 * Returns void
284 *
285 ******************************************************************************/
rfc_port_sm_term_wait_sec_check(tPORT * p_port,uint16_t event,void * p_data)286 void rfc_port_sm_term_wait_sec_check(tPORT* p_port, uint16_t event,
287 void* p_data) {
288 switch (event) {
289 case RFC_EVENT_SEC_COMPLETE:
290 if (*((uint8_t*)p_data) != BTM_SUCCESS) {
291 /* Authentication/authorization failed. If link is still */
292 /* up send DM and check if we need to start inactive timer */
293 if (p_port->rfc.p_mcb) {
294 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
295 p_port->rfc.p_mcb->is_disc_initiator = true;
296 port_rfc_closed(p_port, PORT_SEC_FAILED);
297 }
298 } else {
299 PORT_DlcEstablishInd(p_port->rfc.p_mcb, p_port->dlci,
300 p_port->rfc.p_mcb->peer_l2cap_mtu);
301 }
302 return;
303
304 case RFC_EVENT_OPEN:
305 case RFC_EVENT_CLOSE:
306 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
307 event);
308 return;
309
310 case RFC_EVENT_CLEAR:
311 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_CLEAR, index=%d", __func__,
312 p_port->handle);
313 btm_sec_abort_access_req(p_port->rfc.p_mcb->bd_addr);
314 rfc_port_closed(p_port);
315 return;
316
317 case RFC_EVENT_DATA:
318 RFCOMM_TRACE_ERROR("Port error state Term Wait Sec event Data");
319 osi_free(p_data);
320 return;
321
322 case RFC_EVENT_SABME:
323 /* Ignore SABME retransmission if client dares to do so */
324 return;
325
326 case RFC_EVENT_DISC:
327 btm_sec_abort_access_req(p_port->rfc.p_mcb->bd_addr);
328 p_port->rfc.state = RFC_STATE_CLOSED;
329 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
330
331 PORT_DlcReleaseInd(p_port->rfc.p_mcb, p_port->dlci);
332 return;
333
334 case RFC_EVENT_UIH:
335 osi_free(p_data);
336 return;
337
338 case RFC_EVENT_ESTABLISH_RSP:
339 if (*((uint8_t*)p_data) != RFCOMM_SUCCESS) {
340 if (p_port->rfc.p_mcb)
341 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
342 } else {
343 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
344 p_port->rfc.state = RFC_STATE_OPENED;
345
346 if (uuid_logging_acceptlist.find(p_port->uuid) !=
347 uuid_logging_acceptlist.end()) {
348 btsnoop_get_interface()->allowlist_rfc_dlci(p_port->rfc.p_mcb->lcid,
349 p_port->dlci);
350 }
351 }
352 return;
353 }
354 RFCOMM_TRACE_WARNING("Port state term_wait_sec_check Event ignored %d",
355 event);
356 }
357
358 /*******************************************************************************
359 *
360 * Function rfc_port_sm_orig_wait_sec_check
361 *
362 * Description This function handles events for the port in the
363 * ORIG_WAIT_SEC_CHECK state. RFCOMM is waiting for Security
364 * manager to finish before sending SABME to the peer
365 *
366 * Returns void
367 *
368 ******************************************************************************/
rfc_port_sm_orig_wait_sec_check(tPORT * p_port,uint16_t event,void * p_data)369 void rfc_port_sm_orig_wait_sec_check(tPORT* p_port, uint16_t event,
370 void* p_data) {
371 switch (event) {
372 case RFC_EVENT_SEC_COMPLETE:
373 if (*((uint8_t*)p_data) != BTM_SUCCESS) {
374 RFCOMM_TRACE_ERROR("%s, RFC_EVENT_SEC_COMPLETE, index=%d, result=%d",
375 __func__, event, p_port->handle,
376 *((uint8_t*)p_data));
377 p_port->rfc.p_mcb->is_disc_initiator = true;
378 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci, 0,
379 RFCOMM_SECURITY_ERR);
380 rfc_port_closed(p_port);
381 return;
382 }
383 rfc_send_sabme(p_port->rfc.p_mcb, p_port->dlci);
384 rfc_port_timer_start(p_port, RFC_PORT_T1_TIMEOUT);
385 p_port->rfc.state = RFC_STATE_SABME_WAIT_UA;
386 return;
387
388 case RFC_EVENT_OPEN:
389 case RFC_EVENT_SABME: /* Peer should not use the same dlci */
390 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
391 event);
392 return;
393
394 case RFC_EVENT_CLOSE:
395 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_CLOSE, index=%d", __func__,
396 p_port->handle);
397 btm_sec_abort_access_req(p_port->rfc.p_mcb->bd_addr);
398 rfc_port_closed(p_port);
399 return;
400
401 case RFC_EVENT_DATA:
402 RFCOMM_TRACE_ERROR("Port error state Orig Wait Sec event Data");
403 osi_free(p_data);
404 return;
405
406 case RFC_EVENT_UIH:
407 osi_free(p_data);
408 return;
409 }
410 RFCOMM_TRACE_WARNING("Port state orig_wait_sec_check Event ignored %d",
411 event);
412 }
413
414 /*******************************************************************************
415 *
416 * Function rfc_port_sm_opened
417 *
418 * Description This function handles events for the port in the OPENED
419 * state
420 *
421 * Returns void
422 *
423 ******************************************************************************/
rfc_port_sm_opened(tPORT * p_port,uint16_t event,void * p_data)424 void rfc_port_sm_opened(tPORT* p_port, uint16_t event, void* p_data) {
425 switch (event) {
426 case RFC_EVENT_OPEN:
427 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
428 event);
429 return;
430
431 case RFC_EVENT_CLOSE:
432 rfc_port_timer_start(p_port, RFC_DISC_TIMEOUT);
433 rfc_send_disc(p_port->rfc.p_mcb, p_port->dlci);
434 p_port->rfc.expected_rsp = 0;
435 p_port->rfc.state = RFC_STATE_DISC_WAIT_UA;
436 return;
437
438 case RFC_EVENT_CLEAR:
439 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_CLEAR, index=%d", __func__,
440 p_port->handle);
441 rfc_port_closed(p_port);
442 return;
443
444 case RFC_EVENT_DATA:
445 /* Send credits in the frame. Pass them in the layer specific member of
446 * the hdr. */
447 /* There might be an initial case when we reduced rx_max and credit_rx is
448 * still */
449 /* bigger. Make sure that we do not send 255 */
450 if ((p_port->rfc.p_mcb->flow == PORT_FC_CREDIT) &&
451 (((BT_HDR*)p_data)->len < p_port->peer_mtu) &&
452 (!p_port->rx.user_fc) &&
453 (p_port->credit_rx_max > p_port->credit_rx)) {
454 ((BT_HDR*)p_data)->layer_specific =
455 (uint8_t)(p_port->credit_rx_max - p_port->credit_rx);
456 p_port->credit_rx = p_port->credit_rx_max;
457 } else {
458 ((BT_HDR*)p_data)->layer_specific = 0;
459 }
460 rfc_send_buf_uih(p_port->rfc.p_mcb, p_port->dlci, (BT_HDR*)p_data);
461 rfc_dec_credit(p_port);
462 return;
463
464 case RFC_EVENT_UA:
465 return;
466
467 case RFC_EVENT_SABME:
468 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
469 return;
470
471 case RFC_EVENT_DM:
472 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DM, index=%d", __func__,
473 p_port->handle);
474 PORT_DlcReleaseInd(p_port->rfc.p_mcb, p_port->dlci);
475 rfc_port_closed(p_port);
476 return;
477
478 case RFC_EVENT_DISC:
479 p_port->rfc.state = RFC_STATE_CLOSED;
480 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
481 if (!fixed_queue_is_empty(p_port->rx.queue)) {
482 /* give a chance to upper stack to close port properly */
483 RFCOMM_TRACE_DEBUG("port queue is not empty");
484 rfc_port_timer_start(p_port, RFC_DISC_TIMEOUT);
485 } else
486 PORT_DlcReleaseInd(p_port->rfc.p_mcb, p_port->dlci);
487 return;
488
489 case RFC_EVENT_UIH:
490 rfc_port_uplink_data(p_port, (BT_HDR*)p_data);
491 return;
492
493 case RFC_EVENT_TIMEOUT:
494 Port_TimeOutCloseMux(p_port->rfc.p_mcb);
495 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
496 event);
497 return;
498 }
499 RFCOMM_TRACE_WARNING("Port state opened Event ignored %d", event);
500 }
501
502 /*******************************************************************************
503 *
504 * Function rfc_port_sm_disc_wait_ua
505 *
506 * Description This function handles events when DISC on the DLC was
507 * sent and SM is waiting for UA or DM.
508 *
509 * Returns void
510 *
511 ******************************************************************************/
rfc_port_sm_disc_wait_ua(tPORT * p_port,uint16_t event,void * p_data)512 void rfc_port_sm_disc_wait_ua(tPORT* p_port, uint16_t event, void* p_data) {
513 switch (event) {
514 case RFC_EVENT_OPEN:
515 case RFC_EVENT_ESTABLISH_RSP:
516 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
517 event);
518 return;
519
520 case RFC_EVENT_CLEAR:
521 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_CLEAR, index=%d", __func__, event,
522 p_port->handle);
523 rfc_port_closed(p_port);
524 return;
525
526 case RFC_EVENT_DATA:
527 osi_free(p_data);
528 return;
529
530 case RFC_EVENT_UA:
531 p_port->rfc.p_mcb->is_disc_initiator = true;
532 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
533
534 case RFC_EVENT_DM:
535 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DM|RFC_EVENT_UA[%d], index=%d",
536 __func__, event, p_port->handle);
537 rfc_port_closed(p_port);
538 return;
539
540 case RFC_EVENT_SABME:
541 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
542 return;
543
544 case RFC_EVENT_DISC:
545 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
546 return;
547
548 case RFC_EVENT_UIH:
549 osi_free(p_data);
550 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, false);
551 return;
552
553 case RFC_EVENT_TIMEOUT:
554 RFCOMM_TRACE_ERROR("%s, RFC_EVENT_TIMEOUT, index=%d", __func__,
555 p_port->handle);
556 rfc_port_closed(p_port);
557 return;
558 }
559
560 RFCOMM_TRACE_WARNING("Port state disc_wait_ua Event ignored %d", event);
561 }
562
563 /*******************************************************************************
564 *
565 * Function rfc_port_uplink_data
566 *
567 * Description This function handles uplink information data frame.
568 *
569 ******************************************************************************/
rfc_port_uplink_data(tPORT * p_port,BT_HDR * p_buf)570 void rfc_port_uplink_data(tPORT* p_port, BT_HDR* p_buf) {
571 PORT_DataInd(p_port->rfc.p_mcb, p_port->dlci, p_buf);
572 }
573
574 /*******************************************************************************
575 *
576 * Function rfc_process_pn
577 *
578 * Description This function handles DLC parameter negotiation frame.
579 * Record MTU and pass indication to the upper layer.
580 *
581 ******************************************************************************/
rfc_process_pn(tRFC_MCB * p_mcb,bool is_command,MX_FRAME * p_frame)582 void rfc_process_pn(tRFC_MCB* p_mcb, bool is_command, MX_FRAME* p_frame) {
583 RFCOMM_TRACE_DEBUG("%s: is_initiator=%d, is_cmd=%d, state=%d, bd_addr=%s",
584 __func__, p_mcb->is_initiator, is_command, p_mcb->state,
585 p_mcb->bd_addr.ToString().c_str());
586 uint8_t dlci = p_frame->dlci;
587
588 if (is_command) {
589 /* Ignore if Multiplexer is being shut down */
590 if (p_mcb->state != RFC_MX_STATE_DISC_WAIT_UA) {
591 PORT_ParNegInd(p_mcb, dlci, p_frame->u.pn.mtu, p_frame->u.pn.conv_layer,
592 p_frame->u.pn.k);
593 } else {
594 LOG(WARNING) << __func__
595 << ": MX PN while disconnecting, bd_addr=" << p_mcb->bd_addr
596 << ", p_mcb=" << p_mcb;
597 rfc_send_dm(p_mcb, dlci, false);
598 }
599
600 return;
601 }
602 /* If we are not awaiting response just ignore it */
603 tPORT* p_port = port_find_mcb_dlci_port(p_mcb, dlci);
604 if ((p_port == nullptr) || !(p_port->rfc.expected_rsp & RFC_RSP_PN)) {
605 LOG(WARNING) << ": Ignore unwanted response, p_mcb=" << p_mcb
606 << ", bd_addr=" << p_mcb->bd_addr
607 << ", dlci=" << std::to_string(dlci);
608 return;
609 }
610
611 p_port->rfc.expected_rsp &= ~RFC_RSP_PN;
612
613 rfc_port_timer_stop(p_port);
614
615 PORT_ParNegCnf(p_mcb, dlci, p_frame->u.pn.mtu, p_frame->u.pn.conv_layer,
616 p_frame->u.pn.k);
617 }
618
619 /*******************************************************************************
620 *
621 * Function rfc_process_rpn
622 *
623 * Description This function handles Remote DLC parameter negotiation
624 * command/response. Pass command to the user.
625 *
626 ******************************************************************************/
rfc_process_rpn(tRFC_MCB * p_mcb,bool is_command,bool is_request,MX_FRAME * p_frame)627 void rfc_process_rpn(tRFC_MCB* p_mcb, bool is_command, bool is_request,
628 MX_FRAME* p_frame) {
629 tPORT_STATE port_pars;
630 tPORT* p_port;
631
632 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
633 if (p_port == nullptr) {
634 /* This is the first command on the port */
635 if (is_command) {
636 memset(&port_pars, 0, sizeof(tPORT_STATE));
637 rfc_set_port_state(&port_pars, p_frame);
638
639 PORT_PortNegInd(p_mcb, p_frame->dlci, &port_pars,
640 p_frame->u.rpn.param_mask);
641 }
642 return;
643 }
644
645 if (is_command && is_request) {
646 /* This is the special situation when peer just request local pars */
647 rfc_send_rpn(p_mcb, p_frame->dlci, false, &p_port->peer_port_pars, 0);
648 return;
649 }
650
651 port_pars = p_port->peer_port_pars;
652
653 rfc_set_port_state(&port_pars, p_frame);
654
655 if (is_command) {
656 PORT_PortNegInd(p_mcb, p_frame->dlci, &port_pars,
657 p_frame->u.rpn.param_mask);
658 return;
659 }
660
661 /* If we are not awaiting response just ignore it */
662 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
663 if ((p_port == nullptr) ||
664 !(p_port->rfc.expected_rsp & (RFC_RSP_RPN | RFC_RSP_RPN_REPLY))) {
665 LOG(WARNING) << __func__ << ": ignore DLC parameter negotiation as we are"
666 << " not waiting for any";
667 return;
668 }
669
670 /* If we sent a request for port parameters to the peer it is replying with */
671 /* mask 0. */
672 rfc_port_timer_stop(p_port);
673
674 if (p_port->rfc.expected_rsp & RFC_RSP_RPN_REPLY) {
675 p_port->rfc.expected_rsp &= ~RFC_RSP_RPN_REPLY;
676
677 p_port->peer_port_pars = port_pars;
678
679 if ((port_pars.fc_type ==
680 (RFCOMM_FC_RTR_ON_INPUT | RFCOMM_FC_RTR_ON_OUTPUT)) ||
681 (port_pars.fc_type ==
682 (RFCOMM_FC_RTC_ON_INPUT | RFCOMM_FC_RTC_ON_OUTPUT))) {
683 /* This is satisfactory port parameters. Set mask as it was Ok */
684 p_frame->u.rpn.param_mask = RFCOMM_RPN_PM_MASK;
685 } else {
686 /* Current peer parameters are not good, try to fix them */
687 p_port->peer_port_pars.fc_type =
688 (RFCOMM_FC_RTR_ON_INPUT | RFCOMM_FC_RTR_ON_OUTPUT);
689
690 p_port->rfc.expected_rsp |= RFC_RSP_RPN;
691 rfc_send_rpn(p_mcb, p_frame->dlci, true, &p_port->peer_port_pars,
692 RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT);
693 rfc_port_timer_start(p_port, RFC_T2_TIMEOUT);
694 return;
695 }
696 } else
697 p_port->rfc.expected_rsp &= ~RFC_RSP_RPN;
698
699 /* Check if all suggested parameters were accepted */
700 if (((p_frame->u.rpn.param_mask &
701 (RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT)) ==
702 (RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT)) ||
703 ((p_frame->u.rpn.param_mask &
704 (RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT)) ==
705 (RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT))) {
706 PORT_PortNegCnf(p_mcb, p_port->dlci, &port_pars, RFCOMM_SUCCESS);
707 return;
708 }
709
710 /* If we were proposing RTR flow control try RTC flow control */
711 /* If we were proposing RTC flow control try no flow control */
712 /* otherwise drop the connection */
713 if (p_port->peer_port_pars.fc_type ==
714 (RFCOMM_FC_RTR_ON_INPUT | RFCOMM_FC_RTR_ON_OUTPUT)) {
715 /* Current peer parameters are not good, try to fix them */
716 p_port->peer_port_pars.fc_type =
717 (RFCOMM_FC_RTC_ON_INPUT | RFCOMM_FC_RTC_ON_OUTPUT);
718
719 p_port->rfc.expected_rsp |= RFC_RSP_RPN;
720
721 rfc_send_rpn(p_mcb, p_frame->dlci, true, &p_port->peer_port_pars,
722 RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT);
723 rfc_port_timer_start(p_port, RFC_T2_TIMEOUT);
724 return;
725 }
726
727 /* Other side does not support flow control */
728 if (p_port->peer_port_pars.fc_type ==
729 (RFCOMM_FC_RTC_ON_INPUT | RFCOMM_FC_RTC_ON_OUTPUT)) {
730 p_port->peer_port_pars.fc_type = RFCOMM_FC_OFF;
731 PORT_PortNegCnf(p_mcb, p_port->dlci, &port_pars, RFCOMM_SUCCESS);
732 }
733 }
734
735 /*******************************************************************************
736 *
737 * Function rfc_process_msc
738 *
739 * Description This function handles Modem Status Command.
740 * Pass command to the user.
741 *
742 ******************************************************************************/
rfc_process_msc(tRFC_MCB * p_mcb,bool is_command,MX_FRAME * p_frame)743 void rfc_process_msc(tRFC_MCB* p_mcb, bool is_command, MX_FRAME* p_frame) {
744 tPORT_CTRL pars;
745 tPORT* p_port;
746 uint8_t modem_signals = p_frame->u.msc.signals;
747 bool new_peer_fc = false;
748
749 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
750 if (p_port == NULL) return;
751
752 pars.modem_signal = 0;
753
754 if (modem_signals & RFCOMM_MSC_RTC) pars.modem_signal |= MODEM_SIGNAL_DTRDSR;
755
756 if (modem_signals & RFCOMM_MSC_RTR) pars.modem_signal |= MODEM_SIGNAL_RTSCTS;
757
758 if (modem_signals & RFCOMM_MSC_IC) pars.modem_signal |= MODEM_SIGNAL_RI;
759
760 if (modem_signals & RFCOMM_MSC_DV) pars.modem_signal |= MODEM_SIGNAL_DCD;
761
762 pars.fc = ((modem_signals & RFCOMM_MSC_FC) == RFCOMM_MSC_FC);
763
764 pars.break_signal =
765 (p_frame->u.msc.break_present) ? p_frame->u.msc.break_duration : 0;
766 pars.discard_buffers = 0;
767 pars.break_signal_seq = RFCOMM_CTRL_BREAK_IN_SEQ; /* this is default */
768
769 /* Check if this command is passed only to indicate flow control */
770 if (is_command) {
771 rfc_send_msc(p_mcb, p_frame->dlci, false, &pars);
772
773 if (p_port->rfc.p_mcb->flow != PORT_FC_CREDIT) {
774 /* Spec 1.1 indicates that only FC bit is used for flow control */
775 p_port->peer_ctrl.fc = new_peer_fc = pars.fc;
776
777 if (new_peer_fc != p_port->tx.peer_fc)
778 PORT_FlowInd(p_mcb, p_frame->dlci, (bool)!new_peer_fc);
779 }
780
781 PORT_ControlInd(p_mcb, p_frame->dlci, &pars);
782
783 return;
784 }
785
786 /* If we are not awaiting response just ignore it */
787 if (!(p_port->rfc.expected_rsp & RFC_RSP_MSC)) return;
788
789 p_port->rfc.expected_rsp &= ~RFC_RSP_MSC;
790
791 rfc_port_timer_stop(p_port);
792
793 PORT_ControlCnf(p_port->rfc.p_mcb, p_port->dlci, &pars);
794 }
795
796 /*******************************************************************************
797 *
798 * Function rfc_process_rls
799 *
800 * Description This function handles Remote Line Status command.
801 * Pass command to the user.
802 *
803 ******************************************************************************/
rfc_process_rls(tRFC_MCB * p_mcb,bool is_command,MX_FRAME * p_frame)804 void rfc_process_rls(tRFC_MCB* p_mcb, bool is_command, MX_FRAME* p_frame) {
805 tPORT* p_port;
806
807 if (is_command) {
808 PORT_LineStatusInd(p_mcb, p_frame->dlci, p_frame->u.rls.line_status);
809 rfc_send_rls(p_mcb, p_frame->dlci, false, p_frame->u.rls.line_status);
810 } else {
811 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
812
813 /* If we are not awaiting response just ignore it */
814 if (!p_port || !(p_port->rfc.expected_rsp & RFC_RSP_RLS)) return;
815
816 p_port->rfc.expected_rsp &= ~RFC_RSP_RLS;
817
818 rfc_port_timer_stop(p_port);
819 }
820 }
821
822 /*******************************************************************************
823 *
824 * Function rfc_process_nsc
825 *
826 * Description This function handles None Supported Command frame.
827 *
828 ******************************************************************************/
rfc_process_nsc(UNUSED_ATTR tRFC_MCB * p_mcb,UNUSED_ATTR MX_FRAME * p_frame)829 void rfc_process_nsc(UNUSED_ATTR tRFC_MCB* p_mcb,
830 UNUSED_ATTR MX_FRAME* p_frame) {}
831
832 /*******************************************************************************
833 *
834 * Function rfc_process_test
835 *
836 * Description This function handles Test frame. If this is a command
837 * reply to it. Otherwise pass response to the user.
838 *
839 ******************************************************************************/
rfc_process_test_rsp(UNUSED_ATTR tRFC_MCB * p_mcb,BT_HDR * p_buf)840 void rfc_process_test_rsp(UNUSED_ATTR tRFC_MCB* p_mcb, BT_HDR* p_buf) {
841 osi_free(p_buf);
842 }
843
844 /*******************************************************************************
845 *
846 * Function rfc_process_fcon
847 *
848 * Description This function handles FCON frame. The peer entity is able
849 * to receive new information
850 *
851 ******************************************************************************/
rfc_process_fcon(tRFC_MCB * p_mcb,bool is_command)852 void rfc_process_fcon(tRFC_MCB* p_mcb, bool is_command) {
853 if (is_command) {
854 rfc_cb.rfc.peer_rx_disabled = false;
855
856 rfc_send_fcon(p_mcb, false);
857
858 if (!p_mcb->l2cap_congested) PORT_FlowInd(p_mcb, 0, true);
859 }
860 }
861
862 /*******************************************************************************
863 *
864 * Function rfc_process_fcoff
865 *
866 * Description This function handles FCOFF frame. The peer entity is
867 * unable to receive new information
868 *
869 ******************************************************************************/
rfc_process_fcoff(tRFC_MCB * p_mcb,bool is_command)870 void rfc_process_fcoff(tRFC_MCB* p_mcb, bool is_command) {
871 if (is_command) {
872 rfc_cb.rfc.peer_rx_disabled = true;
873
874 if (!p_mcb->l2cap_congested) PORT_FlowInd(p_mcb, 0, false);
875
876 rfc_send_fcoff(p_mcb, false);
877 }
878 }
879
880 /*******************************************************************************
881 *
882 * Function rfc_process_l2cap_congestion
883 *
884 * Description This function handles L2CAP congestion messages
885 *
886 ******************************************************************************/
rfc_process_l2cap_congestion(tRFC_MCB * p_mcb,bool is_congested)887 void rfc_process_l2cap_congestion(tRFC_MCB* p_mcb, bool is_congested) {
888 p_mcb->l2cap_congested = is_congested;
889
890 if (!is_congested) {
891 rfc_check_send_cmd(p_mcb, nullptr);
892 }
893
894 if (!rfc_cb.rfc.peer_rx_disabled) {
895 PORT_FlowInd(p_mcb, 0, !is_congested);
896 }
897 }
898
899 /*******************************************************************************
900 *
901 * Function rfc_set_port_pars
902 *
903 * Description This function sets the tPORT_STATE structure given a
904 * p_frame.
905 *
906 ******************************************************************************/
907
rfc_set_port_state(tPORT_STATE * port_pars,MX_FRAME * p_frame)908 void rfc_set_port_state(tPORT_STATE* port_pars, MX_FRAME* p_frame) {
909 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_BIT_RATE)
910 port_pars->baud_rate = p_frame->u.rpn.baud_rate;
911 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_DATA_BITS)
912 port_pars->byte_size = p_frame->u.rpn.byte_size;
913 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_STOP_BITS)
914 port_pars->stop_bits = p_frame->u.rpn.stop_bits;
915 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_PARITY)
916 port_pars->parity = p_frame->u.rpn.parity;
917 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_PARITY_TYPE)
918 port_pars->parity_type = p_frame->u.rpn.parity_type;
919 if (p_frame->u.rpn.param_mask &
920 (RFCOMM_RPN_PM_XONXOFF_ON_INPUT | RFCOMM_RPN_PM_XONXOFF_ON_OUTPUT |
921 RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT |
922 RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT))
923 port_pars->fc_type = p_frame->u.rpn.fc_type;
924 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_XON_CHAR)
925 port_pars->xon_char = p_frame->u.rpn.xon_char;
926 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_XOFF_CHAR)
927 port_pars->xoff_char = p_frame->u.rpn.xoff_char;
928 }
929