1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains L2CAP interface functions
22 *
23 ******************************************************************************/
24
25 #include <stddef.h>
26 #include "bt_target.h"
27
28 #include "bt_common.h"
29 #include "common/time_util.h"
30 #include "osi/include/osi.h"
31
32 #include "bt_utils.h"
33 #include "hci/include/btsnoop.h"
34 #include "l2c_api.h"
35 #include "l2cdefs.h"
36 #include "port_api.h"
37 #include "port_int.h"
38 #include "rfc_int.h"
39 #include "rfcdefs.h"
40
41 /*
42 * Define Callback functions to be called by L2CAP
43 */
44 static void RFCOMM_ConnectInd(const RawAddress& bd_addr, uint16_t lcid,
45 uint16_t psm, uint8_t id);
46 static void RFCOMM_ConnectCnf(uint16_t lcid, uint16_t err);
47 static void RFCOMM_ConfigInd(uint16_t lcid, tL2CAP_CFG_INFO* p_cfg);
48 static void RFCOMM_ConfigCnf(uint16_t lcid, uint16_t result,
49 tL2CAP_CFG_INFO* p_cfg);
50 static void RFCOMM_DisconnectInd(uint16_t lcid, bool is_clear);
51 static void RFCOMM_BufDataInd(uint16_t lcid, BT_HDR* p_buf);
52 static void RFCOMM_CongestionStatusInd(uint16_t lcid, bool is_congested);
53
54 /*******************************************************************************
55 *
56 * Function rfcomm_l2cap_if_init
57 *
58 * Description This function is called during the RFCOMM task startup
59 * to register interface functions with L2CAP.
60 *
61 ******************************************************************************/
rfcomm_l2cap_if_init(void)62 void rfcomm_l2cap_if_init(void) {
63 tL2CAP_APPL_INFO* p_l2c = &rfc_cb.rfc.reg_info;
64
65 p_l2c->pL2CA_ConnectInd_Cb = RFCOMM_ConnectInd;
66 p_l2c->pL2CA_ConnectCfm_Cb = RFCOMM_ConnectCnf;
67 p_l2c->pL2CA_ConfigInd_Cb = RFCOMM_ConfigInd;
68 p_l2c->pL2CA_ConfigCfm_Cb = RFCOMM_ConfigCnf;
69 p_l2c->pL2CA_DisconnectInd_Cb = RFCOMM_DisconnectInd;
70 p_l2c->pL2CA_DataInd_Cb = RFCOMM_BufDataInd;
71 p_l2c->pL2CA_CongestionStatus_Cb = RFCOMM_CongestionStatusInd;
72 p_l2c->pL2CA_TxComplete_Cb = NULL;
73 p_l2c->pL2CA_Error_Cb = rfc_on_l2cap_error;
74
75 L2CA_Register(BT_PSM_RFCOMM, rfc_cb.rfc.reg_info, true /* enable_snoop */,
76 nullptr, L2CAP_MTU_SIZE, 0, 0);
77 }
78
79 /*******************************************************************************
80 *
81 * Function RFCOMM_ConnectInd
82 *
83 * Description This is a callback function called by L2CAP when
84 * L2CA_ConnectInd received. Allocate multiplexer control
85 * block and dispatch the event to it.
86 *
87 ******************************************************************************/
RFCOMM_ConnectInd(const RawAddress & bd_addr,uint16_t lcid,UNUSED_ATTR uint16_t psm,uint8_t id)88 void RFCOMM_ConnectInd(const RawAddress& bd_addr, uint16_t lcid,
89 UNUSED_ATTR uint16_t psm, uint8_t id) {
90 tRFC_MCB* p_mcb = rfc_alloc_multiplexer_channel(bd_addr, false);
91
92 if ((p_mcb) && (p_mcb->state != RFC_MX_STATE_IDLE)) {
93 /* if this is collision case */
94 if ((p_mcb->is_initiator) && (p_mcb->state == RFC_MX_STATE_WAIT_CONN_CNF)) {
95 p_mcb->pending_lcid = lcid;
96
97 /* wait random timeout (2 - 12) to resolve collision */
98 /* if peer gives up then local device rejects incoming connection and
99 * continues as initiator */
100 /* if timeout, local device disconnects outgoing connection and continues
101 * as acceptor */
102 RFCOMM_TRACE_DEBUG(
103 "RFCOMM_ConnectInd start timer for collision, initiator's "
104 "LCID(0x%x), acceptor's LCID(0x%x)",
105 p_mcb->lcid, p_mcb->pending_lcid);
106
107 rfc_timer_start(
108 p_mcb,
109 (uint16_t)(bluetooth::common::time_get_os_boottime_ms() % 10 + 2));
110 return;
111 } else {
112 /* we cannot accept connection request from peer at this state */
113 /* don't update lcid */
114 p_mcb = nullptr;
115 }
116 } else {
117 /* store mcb even if null */
118 rfc_save_lcid_mcb(p_mcb, lcid);
119 }
120
121 if (p_mcb == nullptr) {
122 L2CA_DisconnectReq(lcid);
123 return;
124 }
125 p_mcb->lcid = lcid;
126
127 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONN_IND, &id);
128 }
129
130 /*******************************************************************************
131 *
132 * Function RFCOMM_ConnectCnf
133 *
134 * Description This is a callback function called by L2CAP when
135 * L2CA_ConnectCnf received. Save L2CAP handle and dispatch
136 * event to the FSM.
137 *
138 ******************************************************************************/
RFCOMM_ConnectCnf(uint16_t lcid,uint16_t result)139 void RFCOMM_ConnectCnf(uint16_t lcid, uint16_t result) {
140 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
141
142 if (!p_mcb) {
143 RFCOMM_TRACE_ERROR("RFCOMM_ConnectCnf LCID:0x%x", lcid);
144 return;
145 }
146
147 if (p_mcb->pending_lcid) {
148 /* if peer rejects our connect request but peer's connect request is pending
149 */
150 if (result != L2CAP_CONN_OK) {
151 return;
152 } else {
153 RFCOMM_TRACE_DEBUG("RFCOMM_ConnectCnf peer gave up pending LCID(0x%x)",
154 p_mcb->pending_lcid);
155
156 /* Peer gave up its connection request, make sure cleaning up L2CAP
157 * channel */
158 L2CA_DisconnectReq(p_mcb->pending_lcid);
159
160 p_mcb->pending_lcid = 0;
161 }
162 }
163
164 /* Save LCID to be used in all consecutive calls to L2CAP */
165 p_mcb->lcid = lcid;
166
167 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONN_CNF, &result);
168 }
169
170 /*******************************************************************************
171 *
172 * Function RFCOMM_ConfigInd
173 *
174 * Description This is a callback function called by L2CAP when
175 * L2CA_ConfigInd received. Save parameters in the control
176 * block and dispatch event to the FSM.
177 *
178 ******************************************************************************/
RFCOMM_ConfigInd(uint16_t lcid,tL2CAP_CFG_INFO * p_cfg)179 void RFCOMM_ConfigInd(uint16_t lcid, tL2CAP_CFG_INFO* p_cfg) {
180 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
181
182 if (!p_mcb) {
183 RFCOMM_TRACE_ERROR("RFCOMM_ConfigInd LCID:0x%x", lcid);
184 for (auto& [cid, mcb] : rfc_lcid_mcb) {
185 if (mcb != nullptr && mcb->pending_lcid == lcid) {
186 tL2CAP_CFG_INFO l2cap_cfg_info(*p_cfg);
187 mcb->pending_configure_complete = true;
188 mcb->pending_cfg_info = l2cap_cfg_info;
189 return;
190 }
191 }
192 return;
193 }
194
195 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONF_IND, (void*)p_cfg);
196 }
197
198 /*******************************************************************************
199 *
200 * Function RFCOMM_ConfigCnf
201 *
202 * Description This is a callback function called by L2CAP when
203 * L2CA_ConfigCnf received. Save L2CAP handle and dispatch
204 * event to the FSM.
205 *
206 ******************************************************************************/
RFCOMM_ConfigCnf(uint16_t lcid,uint16_t initiator,tL2CAP_CFG_INFO * p_cfg)207 void RFCOMM_ConfigCnf(uint16_t lcid, uint16_t initiator,
208 tL2CAP_CFG_INFO* p_cfg) {
209 RFCOMM_ConfigInd(lcid, p_cfg);
210
211 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
212
213 if (!p_mcb) {
214 RFCOMM_TRACE_ERROR("RFCOMM_ConfigCnf no MCB LCID:0x%x", lcid);
215 return;
216 }
217 uintptr_t result_as_ptr = L2CAP_CFG_OK;
218 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONF_CNF, (void*)result_as_ptr);
219 }
220
221 /*******************************************************************************
222 *
223 * Function RFCOMM_DisconnectInd
224 *
225 * Description This is a callback function called by L2CAP when
226 * L2CA_DisconnectInd received. Dispatch event to the FSM.
227 *
228 ******************************************************************************/
RFCOMM_DisconnectInd(uint16_t lcid,bool is_conf_needed)229 void RFCOMM_DisconnectInd(uint16_t lcid, bool is_conf_needed) {
230 VLOG(1) << __func__ << ": lcid=" << loghex(lcid)
231 << ", is_conf_needed=" << is_conf_needed;
232 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
233 if (!p_mcb) {
234 LOG(WARNING) << __func__ << ": no mcb for lcid " << loghex(lcid);
235 return;
236 }
237 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_DISC_IND, nullptr);
238 }
239
240 /*******************************************************************************
241 *
242 * Function RFCOMM_BufDataInd
243 *
244 * Description This is a callback function called by L2CAP when
245 * data RFCOMM frame is received. Parse the frames, check
246 * the checksum and dispatch event to multiplexer or port
247 * state machine depending on the frame destination.
248 *
249 ******************************************************************************/
RFCOMM_BufDataInd(uint16_t lcid,BT_HDR * p_buf)250 void RFCOMM_BufDataInd(uint16_t lcid, BT_HDR* p_buf) {
251 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
252
253 if (!p_mcb) {
254 LOG(WARNING) << __func__ << ": Cannot find RFCOMM multiplexer for lcid "
255 << loghex(lcid);
256 osi_free(p_buf);
257 return;
258 }
259
260 uint8_t event = rfc_parse_data(p_mcb, &rfc_cb.rfc.rx_frame, p_buf);
261
262 /* If the frame did not pass validation just ignore it */
263 if (event == RFC_EVENT_BAD_FRAME) {
264 LOG(WARNING) << __func__ << ": Bad RFCOMM frame from lcid=" << loghex(lcid)
265 << ", bd_addr=" << p_mcb->bd_addr << ", p_mcb=" << p_mcb;
266 osi_free(p_buf);
267 return;
268 }
269
270 if (rfc_cb.rfc.rx_frame.dlci == RFCOMM_MX_DLCI) {
271 RFCOMM_TRACE_DEBUG("%s: handle multiplexer event %d, p_mcb=%p", __func__,
272 event, p_mcb);
273 /* Take special care of the Multiplexer Control Messages */
274 if (event == RFC_EVENT_UIH) {
275 rfc_process_mx_message(p_mcb, p_buf);
276 return;
277 }
278
279 /* Other multiplexer events go to state machine */
280 rfc_mx_sm_execute(p_mcb, event, nullptr);
281 osi_free(p_buf);
282 return;
283 }
284
285 /* The frame was received on the data channel DLCI, verify that DLC exists */
286 tPORT* p_port = port_find_mcb_dlci_port(p_mcb, rfc_cb.rfc.rx_frame.dlci);
287 if (p_port == nullptr || !p_port->rfc.p_mcb) {
288 /* If this is a SABME on new port, check if any app is waiting for it */
289 if (event != RFC_EVENT_SABME) {
290 LOG(WARNING) << __func__
291 << ": no for none-SABME event, lcid=" << loghex(lcid)
292 << ", bd_addr=" << p_mcb->bd_addr << ", p_mcb=" << p_mcb;
293 if ((p_mcb->is_initiator && !rfc_cb.rfc.rx_frame.cr) ||
294 (!p_mcb->is_initiator && rfc_cb.rfc.rx_frame.cr)) {
295 LOG(ERROR) << __func__
296 << ": Disconnecting RFCOMM, lcid=" << loghex(lcid)
297 << ", bd_addr=" << p_mcb->bd_addr << ", p_mcb=" << p_mcb;
298 rfc_send_dm(p_mcb, rfc_cb.rfc.rx_frame.dlci, rfc_cb.rfc.rx_frame.pf);
299 }
300 osi_free(p_buf);
301 return;
302 }
303
304 p_port = port_find_dlci_port(rfc_cb.rfc.rx_frame.dlci);
305 if (p_port == nullptr) {
306 LOG(ERROR) << __func__ << ":Disconnecting RFCOMM, no port for dlci "
307 << +rfc_cb.rfc.rx_frame.dlci << ", lcid=" << loghex(lcid)
308 << ", bd_addr=" << p_mcb->bd_addr << ", p_mcb=" << p_mcb;
309 rfc_send_dm(p_mcb, rfc_cb.rfc.rx_frame.dlci, true);
310 osi_free(p_buf);
311 return;
312 }
313 RFCOMM_TRACE_DEBUG("%s: port_handles[dlci=%d]:%d->%d, p_mcb=%p", __func__,
314 rfc_cb.rfc.rx_frame.dlci,
315 p_mcb->port_handles[rfc_cb.rfc.rx_frame.dlci],
316 p_port->handle);
317 p_mcb->port_handles[rfc_cb.rfc.rx_frame.dlci] = p_port->handle;
318 p_port->rfc.p_mcb = p_mcb;
319 }
320
321 if (event == RFC_EVENT_UIH) {
322 RFCOMM_TRACE_DEBUG("%s: Handling UIH event, buf_len=%u, credit=%u",
323 __func__, p_buf->len, rfc_cb.rfc.rx_frame.credit);
324 if (p_buf->len > 0) {
325 rfc_port_sm_execute(p_port, event, p_buf);
326 } else {
327 osi_free(p_buf);
328 }
329
330 if (rfc_cb.rfc.rx_frame.credit != 0) {
331 rfc_inc_credit(p_port, rfc_cb.rfc.rx_frame.credit);
332 }
333
334 return;
335 }
336 rfc_port_sm_execute(p_port, event, nullptr);
337 osi_free(p_buf);
338 }
339
340 /*******************************************************************************
341 *
342 * Function RFCOMM_CongestionStatusInd
343 *
344 * Description This is a callback function called by L2CAP when
345 * data RFCOMM L2CAP congestion status changes
346 *
347 ******************************************************************************/
RFCOMM_CongestionStatusInd(uint16_t lcid,bool is_congested)348 void RFCOMM_CongestionStatusInd(uint16_t lcid, bool is_congested) {
349 tRFC_MCB* p_mcb = rfc_find_lcid_mcb(lcid);
350
351 if (!p_mcb) {
352 RFCOMM_TRACE_ERROR("RFCOMM_CongestionStatusInd dropped LCID:0x%x", lcid);
353 return;
354 } else {
355 RFCOMM_TRACE_EVENT("RFCOMM_CongestionStatusInd LCID:0x%x", lcid);
356 }
357 rfc_process_l2cap_congestion(p_mcb, is_congested);
358 }
359
360 /*******************************************************************************
361 *
362 * Function rfc_find_lcid_mcb
363 *
364 * Description This function returns MCB block supporting local cid
365 *
366 ******************************************************************************/
rfc_find_lcid_mcb(uint16_t lcid)367 tRFC_MCB* rfc_find_lcid_mcb(uint16_t lcid) {
368 tRFC_MCB* p_mcb = rfc_lcid_mcb[lcid];
369 if (p_mcb != nullptr) {
370 if (p_mcb->lcid != lcid) {
371 LOG(WARNING) << __func__ << "LCID reused lcid=:" << loghex(lcid)
372 << ", current_lcid=" << loghex(p_mcb->lcid);
373 return nullptr;
374 }
375 }
376 return p_mcb;
377 }
378
379 /*******************************************************************************
380 *
381 * Function rfc_save_lcid_mcb
382 *
383 * Description This function returns MCB block supporting local cid
384 *
385 ******************************************************************************/
rfc_save_lcid_mcb(tRFC_MCB * p_mcb,uint16_t lcid)386 void rfc_save_lcid_mcb(tRFC_MCB* p_mcb, uint16_t lcid) {
387 auto mcb_index = static_cast<size_t>(lcid);
388 rfc_lcid_mcb[mcb_index] = p_mcb;
389 }
390