1 /******************************************************************************
2  *
3  *  Copyright (C) 2010-2014 Broadcom Corporation
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 /******************************************************************************
20  *
21  *  This file contains the LLCP utilities
22  *
23  ******************************************************************************/
24 
25 #include <string.h>
26 
27 #include <android-base/stringprintf.h>
28 #include <base/logging.h>
29 #include <log/log.h>
30 
31 #include "bt_types.h"
32 #include "gki.h"
33 #include "llcp_defs.h"
34 #include "llcp_int.h"
35 #include "nfc_int.h"
36 
37 using android::base::StringPrintf;
38 
39 extern bool nfc_debug_enabled;
40 
41 /*******************************************************************************
42 **
43 ** Function         llcp_util_parse_link_params
44 **
45 ** Description      Parse LLCP Link parameters
46 **
47 ** Returns          TRUE if success
48 **
49 *******************************************************************************/
llcp_util_parse_link_params(uint16_t length,uint8_t * p_bytes)50 bool llcp_util_parse_link_params(uint16_t length, uint8_t* p_bytes) {
51   uint8_t param_type, param_len, *p = p_bytes;
52 
53   while (length >= 2) {
54     BE_STREAM_TO_UINT8(param_type, p);
55     BE_STREAM_TO_UINT8(param_len, p);
56     if (length < param_len + 2) {
57       android_errorWriteLog(0x534e4554, "114238578");
58       LOG(ERROR) << StringPrintf("Bad TLV's");
59       return false;
60     }
61     length -= param_len + 2;
62 
63     switch (param_type) {
64       case LLCP_VERSION_TYPE:
65         if (param_len != LLCP_VERSION_LEN) {
66           android_errorWriteLog(0x534e4554, "114238578");
67           LOG(ERROR) << StringPrintf("Bad TLV's");
68           return false;
69         }
70         BE_STREAM_TO_UINT8(llcp_cb.lcb.peer_version, p);
71         DLOG_IF(INFO, nfc_debug_enabled)
72             << StringPrintf("Peer Version - 0x%02X", llcp_cb.lcb.peer_version);
73         break;
74 
75       case LLCP_MIUX_TYPE:
76         if (param_len != LLCP_MIUX_LEN) {
77           android_errorWriteLog(0x534e4554, "114238578");
78           LOG(ERROR) << StringPrintf("Bad TLV's");
79           return false;
80         }
81         BE_STREAM_TO_UINT16(llcp_cb.lcb.peer_miu, p);
82         llcp_cb.lcb.peer_miu &= LLCP_MIUX_MASK;
83         llcp_cb.lcb.peer_miu += LLCP_DEFAULT_MIU;
84         DLOG_IF(INFO, nfc_debug_enabled)
85             << StringPrintf("Peer MIU - %d bytes", llcp_cb.lcb.peer_miu);
86         break;
87 
88       case LLCP_WKS_TYPE:
89         if (param_len != LLCP_WKS_LEN) {
90           android_errorWriteLog(0x534e4554, "114238578");
91           LOG(ERROR) << StringPrintf("Bad TLV's");
92           return false;
93         }
94         BE_STREAM_TO_UINT16(llcp_cb.lcb.peer_wks, p);
95         DLOG_IF(INFO, nfc_debug_enabled)
96             << StringPrintf("Peer WKS - 0x%04X", llcp_cb.lcb.peer_wks);
97         break;
98 
99       case LLCP_LTO_TYPE:
100         if (param_len != LLCP_LTO_LEN) {
101           android_errorWriteLog(0x534e4554, "114238578");
102           LOG(ERROR) << StringPrintf("Bad TLV's");
103           return false;
104         }
105         BE_STREAM_TO_UINT8(llcp_cb.lcb.peer_lto, p);
106         llcp_cb.lcb.peer_lto *= LLCP_LTO_UNIT; /* 10ms unit */
107         DLOG_IF(INFO, nfc_debug_enabled)
108             << StringPrintf("Peer LTO - %d ms", llcp_cb.lcb.peer_lto);
109         break;
110 
111       case LLCP_OPT_TYPE:
112         if (param_len != LLCP_OPT_LEN) {
113           android_errorWriteLog(0x534e4554, "114238578");
114           LOG(ERROR) << StringPrintf("Bad TLV's");
115           return false;
116         }
117         BE_STREAM_TO_UINT8(llcp_cb.lcb.peer_opt, p);
118         DLOG_IF(INFO, nfc_debug_enabled)
119             << StringPrintf("Peer OPT - 0x%02X", llcp_cb.lcb.peer_opt);
120         break;
121 
122       default:
123         LOG(ERROR) << StringPrintf("Unexpected type 0x%x", param_type);
124         p += param_len;
125         break;
126     }
127   }
128   return true;
129 }
130 
131 /*******************************************************************************
132 **
133 ** Function         llcp_util_adjust_ll_congestion
134 **
135 ** Description      adjust tx/rx congestion thresholds on logical link
136 **
137 ** Returns          void
138 **
139 *******************************************************************************/
llcp_util_adjust_ll_congestion(void)140 void llcp_util_adjust_ll_congestion(void) {
141   /* buffer quota is allocated equally for each logical data link */
142   if (llcp_cb.num_logical_data_link) {
143     llcp_cb.ll_tx_congest_start =
144         llcp_cb.max_num_ll_tx_buff / llcp_cb.num_logical_data_link;
145     llcp_cb.ll_rx_congest_start =
146         llcp_cb.max_num_ll_rx_buff / llcp_cb.num_logical_data_link;
147   } else {
148     llcp_cb.ll_tx_congest_start = llcp_cb.max_num_ll_tx_buff;
149     llcp_cb.ll_rx_congest_start = llcp_cb.max_num_ll_rx_buff;
150   }
151 
152   /* at least one for each logical data link */
153   if (llcp_cb.ll_tx_congest_start == 0) {
154     llcp_cb.ll_tx_congest_start = 1;
155   }
156   if (llcp_cb.ll_rx_congest_start == 0) {
157     llcp_cb.ll_rx_congest_start = 1;
158   }
159 
160   if (llcp_cb.ll_tx_congest_start > 1) {
161     llcp_cb.ll_tx_congest_end = 1;
162   } else {
163     llcp_cb.ll_tx_congest_end = 0;
164   }
165 
166   DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
167       "num_logical_data_link=%d, ll_tx_congest_start=%d, ll_tx_congest_end=%d, "
168       "ll_rx_congest_start=%d",
169       llcp_cb.num_logical_data_link, llcp_cb.ll_tx_congest_start,
170       llcp_cb.ll_tx_congest_end, llcp_cb.ll_rx_congest_start);
171 }
172 
173 /*******************************************************************************
174 **
175 ** Function         llcp_util_adjust_dl_rx_congestion
176 **
177 ** Description      adjust rx congestion thresholds on data link
178 **
179 ** Returns          void
180 **
181 *******************************************************************************/
llcp_util_adjust_dl_rx_congestion(void)182 void llcp_util_adjust_dl_rx_congestion(void) {
183   uint8_t idx, rx_congest_start;
184 
185   if (llcp_cb.num_data_link_connection) {
186     rx_congest_start = llcp_cb.num_rx_buff / llcp_cb.num_data_link_connection;
187 
188     for (idx = 0; idx < LLCP_MAX_DATA_LINK; idx++) {
189       if (llcp_cb.dlcb[idx].state == LLCP_DLC_STATE_CONNECTED) {
190         if (rx_congest_start > llcp_cb.dlcb[idx].local_rw) {
191           /*
192           ** set rx congestion threshold LLCP_DL_MIN_RX_CONGEST at
193           ** least so, we don't need to flow off too often.
194           */
195           if (llcp_cb.dlcb[idx].local_rw + 1 > LLCP_DL_MIN_RX_CONGEST)
196             llcp_cb.dlcb[idx].rx_congest_threshold =
197                 llcp_cb.dlcb[idx].local_rw + 1;
198           else
199             llcp_cb.dlcb[idx].rx_congest_threshold = LLCP_DL_MIN_RX_CONGEST;
200         } else {
201           llcp_cb.dlcb[idx].rx_congest_threshold = LLCP_DL_MIN_RX_CONGEST;
202         }
203 
204         DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
205             "DLC[%d], local_rw=%d, rx_congest_threshold=%d", idx,
206             llcp_cb.dlcb[idx].local_rw, llcp_cb.dlcb[idx].rx_congest_threshold);
207       }
208     }
209   }
210 }
211 
212 /*******************************************************************************
213 **
214 ** Function         llcp_util_check_rx_congested_status
215 **
216 ** Description      Update rx congested status
217 **
218 ** Returns          void
219 **
220 *******************************************************************************/
llcp_util_check_rx_congested_status(void)221 void llcp_util_check_rx_congested_status(void) {
222   uint8_t idx;
223 
224   if (llcp_cb.overall_rx_congested) {
225     /* check if rx congestion clear */
226     if (llcp_cb.total_rx_ui_pdu + llcp_cb.total_rx_i_pdu <=
227         llcp_cb.overall_rx_congest_end) {
228       DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
229           "rx link is uncongested, "
230           "%d+%d <= %d",
231           llcp_cb.total_rx_ui_pdu, llcp_cb.total_rx_i_pdu,
232           llcp_cb.overall_rx_congest_end);
233 
234       llcp_cb.overall_rx_congested = false;
235 
236       for (idx = 0; idx < LLCP_MAX_DATA_LINK; idx++) {
237         /* set flag to clear local busy status on data link connections */
238         if ((llcp_cb.dlcb[idx].state == LLCP_DLC_STATE_CONNECTED) &&
239             (llcp_cb.dlcb[idx].is_rx_congested == false)) {
240           llcp_cb.dlcb[idx].flags |= LLCP_DATA_LINK_FLAG_PENDING_RR_RNR;
241         }
242       }
243     }
244   } else {
245     /* check if rx link is congested */
246     if (llcp_cb.total_rx_ui_pdu + llcp_cb.total_rx_i_pdu >=
247         llcp_cb.overall_rx_congest_start) {
248       LOG(WARNING) << StringPrintf(
249           "rx link is congested, %d+%d "
250           ">= %d",
251           llcp_cb.total_rx_ui_pdu, llcp_cb.total_rx_i_pdu,
252           llcp_cb.overall_rx_congest_start);
253 
254       llcp_cb.overall_rx_congested = true;
255 
256       /* rx link congestion is started, send RNR to remote end point */
257       for (idx = 0; idx < LLCP_MAX_DATA_LINK; idx++) {
258         if ((llcp_cb.dlcb[idx].state == LLCP_DLC_STATE_CONNECTED) &&
259             (llcp_cb.dlcb[idx].is_rx_congested == false)) {
260           llcp_cb.dlcb[idx].flags |= LLCP_DATA_LINK_FLAG_PENDING_RR_RNR;
261         }
262       }
263     }
264   }
265 }
266 
267 /*******************************************************************************
268 **
269 ** Function         llcp_util_send_ui
270 **
271 ** Description      Send UI PDU
272 **
273 ** Returns          tLLCP_STATUS
274 **
275 *******************************************************************************/
llcp_util_send_ui(uint8_t ssap,uint8_t dsap,tLLCP_APP_CB * p_app_cb,NFC_HDR * p_msg)276 tLLCP_STATUS llcp_util_send_ui(uint8_t ssap, uint8_t dsap,
277                                tLLCP_APP_CB* p_app_cb, NFC_HDR* p_msg) {
278   uint8_t* p;
279   tLLCP_STATUS status = LLCP_STATUS_SUCCESS;
280 
281   p_msg->offset -= LLCP_PDU_HEADER_SIZE;
282   p_msg->len += LLCP_PDU_HEADER_SIZE;
283 
284   p = (uint8_t*)(p_msg + 1) + p_msg->offset;
285   UINT16_TO_BE_STREAM(p, LLCP_GET_PDU_HEADER(dsap, LLCP_PDU_UI_TYPE, ssap));
286 
287   GKI_enqueue(&p_app_cb->ui_xmit_q, p_msg);
288   llcp_cb.total_tx_ui_pdu++;
289 
290   llcp_link_check_send_data();
291 
292   if ((p_app_cb->is_ui_tx_congested) ||
293       (p_app_cb->ui_xmit_q.count >= llcp_cb.ll_tx_congest_start) ||
294       (llcp_cb.overall_tx_congested) ||
295       (llcp_cb.total_tx_ui_pdu >= llcp_cb.max_num_ll_tx_buff)) {
296     /* set congested here so overall congestion check routine will not report
297      * event again, */
298     /* or notify uncongestion later */
299     p_app_cb->is_ui_tx_congested = true;
300 
301     LOG(WARNING) << StringPrintf(
302         "Logical link (SAP=0x%X) congested: ui_xmit_q.count=%d", ssap,
303         p_app_cb->ui_xmit_q.count);
304 
305     status = LLCP_STATUS_CONGESTED;
306   }
307 
308   return status;
309 }
310 
311 /*******************************************************************************
312 **
313 ** Function         llcp_util_send_disc
314 **
315 ** Description      Send DISC PDU
316 **
317 ** Returns          void
318 **
319 *******************************************************************************/
llcp_util_send_disc(uint8_t dsap,uint8_t ssap)320 void llcp_util_send_disc(uint8_t dsap, uint8_t ssap) {
321   NFC_HDR* p_msg;
322   uint8_t* p;
323 
324   p_msg = (NFC_HDR*)GKI_getpoolbuf(LLCP_POOL_ID);
325 
326   if (p_msg) {
327     p_msg->len = LLCP_PDU_DISC_SIZE;
328     p_msg->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
329 
330     p = (uint8_t*)(p_msg + 1) + p_msg->offset;
331     UINT16_TO_BE_STREAM(p, LLCP_GET_PDU_HEADER(dsap, LLCP_PDU_DISC_TYPE, ssap));
332 
333     GKI_enqueue(&llcp_cb.lcb.sig_xmit_q, p_msg);
334     llcp_link_check_send_data();
335   }
336 }
337 
338 /*******************************************************************************
339 **
340 ** Function         llcp_util_allocate_data_link
341 **
342 ** Description      Allocate tLLCP_DLCB for data link connection
343 **
344 ** Returns          tLLCP_DLCB *
345 **
346 ******************************************************************************/
llcp_util_allocate_data_link(uint8_t reg_sap,uint8_t remote_sap)347 tLLCP_DLCB* llcp_util_allocate_data_link(uint8_t reg_sap, uint8_t remote_sap) {
348   tLLCP_DLCB* p_dlcb = nullptr;
349   int idx;
350 
351   DLOG_IF(INFO, nfc_debug_enabled)
352       << StringPrintf("reg_sap = 0x%x, remote_sap = 0x%x", reg_sap, remote_sap);
353 
354   for (idx = 0; idx < LLCP_MAX_DATA_LINK; idx++) {
355     if (llcp_cb.dlcb[idx].state == LLCP_DLC_STATE_IDLE) {
356       p_dlcb = &(llcp_cb.dlcb[idx]);
357 
358       memset(p_dlcb, 0, sizeof(tLLCP_DLCB));
359       break;
360     }
361   }
362 
363   if (!p_dlcb) {
364     LOG(ERROR) << StringPrintf("Out of DLCB");
365   } else {
366     p_dlcb->p_app_cb = llcp_util_get_app_cb(reg_sap);
367     p_dlcb->local_sap = reg_sap;
368     p_dlcb->remote_sap = remote_sap;
369     p_dlcb->timer.param = (uintptr_t)p_dlcb;
370 
371     /* this is for inactivity timer and congestion control. */
372     llcp_cb.num_data_link_connection++;
373 
374     DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
375         "local_sap = 0x%x, remote_sap = 0x%x, "
376         "num_data_link_connection = %d",
377         p_dlcb->local_sap, p_dlcb->remote_sap,
378         llcp_cb.num_data_link_connection);
379   }
380   return p_dlcb;
381 }
382 
383 /*******************************************************************************
384 **
385 ** Function         llcp_util_deallocate_data_link
386 **
387 ** Description      Deallocate tLLCP_DLCB
388 **
389 ** Returns          void
390 **
391 ******************************************************************************/
llcp_util_deallocate_data_link(tLLCP_DLCB * p_dlcb)392 void llcp_util_deallocate_data_link(tLLCP_DLCB* p_dlcb) {
393   if (p_dlcb) {
394     DLOG_IF(INFO, nfc_debug_enabled)
395         << StringPrintf("local_sap = 0x%x", p_dlcb->local_sap);
396 
397     if (p_dlcb->state != LLCP_DLC_STATE_IDLE) {
398       nfc_stop_quick_timer(&p_dlcb->timer);
399       llcp_dlc_flush_q(p_dlcb);
400 
401       p_dlcb->state = LLCP_DLC_STATE_IDLE;
402 
403       if (llcp_cb.num_data_link_connection > 0) {
404         llcp_cb.num_data_link_connection--;
405       }
406 
407       DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
408           "num_data_link_connection = %d", llcp_cb.num_data_link_connection);
409     }
410   }
411 }
412 
413 /*******************************************************************************
414 **
415 ** Function         llcp_util_send_connect
416 **
417 ** Description      Send CONNECT PDU
418 **
419 ** Returns          tLLCP_STATUS
420 **
421 ******************************************************************************/
llcp_util_send_connect(tLLCP_DLCB * p_dlcb,tLLCP_CONNECTION_PARAMS * p_params)422 tLLCP_STATUS llcp_util_send_connect(tLLCP_DLCB* p_dlcb,
423                                     tLLCP_CONNECTION_PARAMS* p_params) {
424   NFC_HDR* p_msg;
425   uint8_t* p;
426   uint16_t miu_len = 0, rw_len = 0, sn_len = 0;
427 
428   if (p_params->miu != LLCP_DEFAULT_MIU) {
429     miu_len = 4; /* TYPE, LEN, 2 bytes MIU */
430   }
431   if (p_params->rw != LLCP_DEFAULT_RW) {
432     rw_len = 3;           /* TYPE, LEN, 1 byte RW */
433     p_params->rw &= 0x0F; /* only 4 bits  */
434   }
435   if ((strlen(p_params->sn)) && (p_dlcb->remote_sap == LLCP_SAP_SDP)) {
436     sn_len = (uint16_t)(2 + strlen(p_params->sn)); /* TYPE, LEN, SN */
437   }
438 
439   p_msg = (NFC_HDR*)GKI_getpoolbuf(LLCP_POOL_ID);
440 
441   if (p_msg) {
442     p_msg->len = LLCP_PDU_HEADER_SIZE + miu_len + rw_len + sn_len;
443     p_msg->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
444 
445     p = (uint8_t*)(p_msg + 1) + p_msg->offset;
446 
447     UINT16_TO_BE_STREAM(
448         p, LLCP_GET_PDU_HEADER(p_dlcb->remote_sap, LLCP_PDU_CONNECT_TYPE,
449                                p_dlcb->local_sap));
450 
451     if (miu_len) {
452       UINT8_TO_BE_STREAM(p, LLCP_MIUX_TYPE);
453       UINT8_TO_BE_STREAM(p, LLCP_MIUX_LEN);
454       UINT16_TO_BE_STREAM(p, p_params->miu - LLCP_DEFAULT_MIU);
455     }
456 
457     if (rw_len) {
458       UINT8_TO_BE_STREAM(p, LLCP_RW_TYPE);
459       UINT8_TO_BE_STREAM(p, LLCP_RW_LEN);
460       UINT8_TO_BE_STREAM(p, p_params->rw);
461     }
462 
463     if (sn_len) {
464       UINT8_TO_BE_STREAM(p, LLCP_SN_TYPE);
465       UINT8_TO_BE_STREAM(p, sn_len - 2);
466       memcpy(p, p_params->sn, sn_len - 2);
467     }
468 
469     GKI_enqueue(&llcp_cb.lcb.sig_xmit_q, p_msg);
470     llcp_link_check_send_data();
471 
472     return LLCP_STATUS_SUCCESS;
473   }
474 
475   return LLCP_STATUS_FAIL;
476 }
477 
478 /*******************************************************************************
479 **
480 ** Function         llcp_util_parse_connect
481 **
482 ** Description      Parse CONNECT PDU
483 **
484 ** Returns          tLLCP_STATUS
485 **
486 *******************************************************************************/
llcp_util_parse_connect(uint8_t * p_bytes,uint16_t length,tLLCP_CONNECTION_PARAMS * p_params)487 tLLCP_STATUS llcp_util_parse_connect(uint8_t* p_bytes, uint16_t length,
488                                      tLLCP_CONNECTION_PARAMS* p_params) {
489   uint8_t param_type, param_len, *p = p_bytes;
490 
491   p_params->miu = LLCP_DEFAULT_MIU;
492   p_params->rw = LLCP_DEFAULT_RW;
493   p_params->sn[0] = 0;
494   p_params->sn[1] = 0;
495 
496   while (length >= 2) {
497     BE_STREAM_TO_UINT8(param_type, p);
498     BE_STREAM_TO_UINT8(param_len, p);
499     /* check remaining lengh */
500     if (length < param_len + 2) {
501       android_errorWriteLog(0x534e4554, "111660010");
502       LOG(ERROR) << StringPrintf("Bad TLV's");
503       return LLCP_STATUS_FAIL;
504     }
505     length -= param_len + 2;
506 
507     switch (param_type) {
508       case LLCP_MIUX_TYPE:
509         if (param_len != LLCP_MIUX_LEN) {
510           android_errorWriteLog(0x534e4554, "111660010");
511           LOG(ERROR) << StringPrintf("Bad TLV's");
512           return LLCP_STATUS_FAIL;
513         }
514         BE_STREAM_TO_UINT16(p_params->miu, p);
515         p_params->miu &= LLCP_MIUX_MASK;
516         p_params->miu += LLCP_DEFAULT_MIU;
517 
518         DLOG_IF(INFO, nfc_debug_enabled)
519             << StringPrintf("LLCP_MIUX_TYPE:%d", p_params->miu);
520         break;
521 
522       case LLCP_RW_TYPE:
523         if (param_len != LLCP_RW_LEN) {
524           android_errorWriteLog(0x534e4554, "111660010");
525           LOG(ERROR) << StringPrintf("Bad TLV's");
526           return LLCP_STATUS_FAIL;
527         }
528         BE_STREAM_TO_UINT8(p_params->rw, p);
529         p_params->rw &= 0x0F;
530 
531         DLOG_IF(INFO, nfc_debug_enabled)
532             << StringPrintf("LLCP_RW_TYPE:%d", p_params->rw);
533         break;
534 
535       case LLCP_SN_TYPE:
536         if (param_len == 0) {
537           /* indicate that SN type is included without SN */
538           p_params->sn[1] = LLCP_SN_TYPE;
539         } else if (param_len <= LLCP_MAX_SN_LEN) {
540           memcpy(p_params->sn, p, param_len);
541           p_params->sn[param_len] = 0;
542         } else {
543           memcpy(p_params->sn, p, LLCP_MAX_SN_LEN);
544           p_params->sn[LLCP_MAX_SN_LEN] = 0;
545         }
546         p += param_len;
547 
548         DLOG_IF(INFO, nfc_debug_enabled)
549             << StringPrintf("LLCP_SN_TYPE:<%s>", p_params->sn);
550         break;
551 
552       default:
553         LOG(ERROR) << StringPrintf("Unexpected type 0x%x", param_type);
554         p += param_len;
555         break;
556     }
557   }
558   return LLCP_STATUS_SUCCESS;
559 }
560 
561 /*******************************************************************************
562 **
563 ** Function         llcp_util_send_cc
564 **
565 ** Description      Send CC PDU
566 **
567 ** Returns          tLLCP_STATUS
568 **
569 ******************************************************************************/
llcp_util_send_cc(tLLCP_DLCB * p_dlcb,tLLCP_CONNECTION_PARAMS * p_params)570 tLLCP_STATUS llcp_util_send_cc(tLLCP_DLCB* p_dlcb,
571                                tLLCP_CONNECTION_PARAMS* p_params) {
572   NFC_HDR* p_msg;
573   uint8_t* p;
574   uint16_t miu_len = 0, rw_len = 0;
575 
576   if (p_params->miu != LLCP_DEFAULT_MIU) {
577     miu_len = 4;
578   }
579   if (p_params->rw != LLCP_DEFAULT_RW) {
580     rw_len = 3;
581     p_params->rw &= 0x0F;
582   }
583 
584   p_msg = (NFC_HDR*)GKI_getpoolbuf(LLCP_POOL_ID);
585 
586   if (p_msg) {
587     p_msg->len = LLCP_PDU_HEADER_SIZE + miu_len + rw_len;
588     p_msg->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
589 
590     p = (uint8_t*)(p_msg + 1) + p_msg->offset;
591 
592     UINT16_TO_BE_STREAM(
593         p, LLCP_GET_PDU_HEADER(p_dlcb->remote_sap, LLCP_PDU_CC_TYPE,
594                                p_dlcb->local_sap));
595 
596     if (miu_len) {
597       UINT8_TO_BE_STREAM(p, LLCP_MIUX_TYPE);
598       UINT8_TO_BE_STREAM(p, LLCP_MIUX_LEN);
599       UINT16_TO_BE_STREAM(p, p_params->miu - LLCP_DEFAULT_MIU);
600     }
601 
602     if (rw_len) {
603       UINT8_TO_BE_STREAM(p, LLCP_RW_TYPE);
604       UINT8_TO_BE_STREAM(p, LLCP_RW_LEN);
605       UINT8_TO_BE_STREAM(p, p_params->rw);
606     }
607 
608     GKI_enqueue(&llcp_cb.lcb.sig_xmit_q, p_msg);
609     llcp_link_check_send_data();
610 
611     return LLCP_STATUS_SUCCESS;
612   }
613 
614   return LLCP_STATUS_FAIL;
615 }
616 
617 /*******************************************************************************
618 **
619 ** Function         llcp_util_parse_cc
620 **
621 ** Description      Parse CC PDU
622 **
623 ** Returns          tLLCP_STATUS
624 **
625 *******************************************************************************/
llcp_util_parse_cc(uint8_t * p_bytes,uint16_t length,uint16_t * p_miu,uint8_t * p_rw)626 tLLCP_STATUS llcp_util_parse_cc(uint8_t* p_bytes, uint16_t length,
627                                 uint16_t* p_miu, uint8_t* p_rw) {
628   uint8_t param_type, param_len, *p = p_bytes;
629 
630   *p_miu = LLCP_DEFAULT_MIU;
631   *p_rw = LLCP_DEFAULT_RW;
632 
633   while (length >= 2) {
634     BE_STREAM_TO_UINT8(param_type, p);
635     BE_STREAM_TO_UINT8(param_len, p);
636     if (length < param_len + 2) {
637       android_errorWriteLog(0x534e4554, "114237888");
638       LOG(ERROR) << StringPrintf("Bad TLV's");
639       return LLCP_STATUS_FAIL;
640     }
641     length -= param_len + 2;
642 
643     switch (param_type) {
644       case LLCP_MIUX_TYPE:
645         if (param_len != LLCP_MIUX_LEN) {
646           android_errorWriteLog(0x534e4554, "114237888");
647           LOG(ERROR) << StringPrintf("Bad TLV's");
648           return LLCP_STATUS_FAIL;
649         }
650         BE_STREAM_TO_UINT16((*p_miu), p);
651         (*p_miu) &= LLCP_MIUX_MASK;
652         (*p_miu) += LLCP_DEFAULT_MIU;
653 
654         DLOG_IF(INFO, nfc_debug_enabled)
655             << StringPrintf("LLCP_MIUX_TYPE:%d", *p_miu);
656         break;
657 
658       case LLCP_RW_TYPE:
659         if (param_len != LLCP_RW_LEN) {
660           android_errorWriteLog(0x534e4554, "114237888");
661           LOG(ERROR) << StringPrintf("Bad TLV's");
662           return LLCP_STATUS_FAIL;
663         }
664         BE_STREAM_TO_UINT8((*p_rw), p);
665         (*p_rw) &= 0x0F;
666 
667         DLOG_IF(INFO, nfc_debug_enabled)
668             << StringPrintf("LLCP_RW_TYPE:%d", *p_rw);
669         break;
670 
671       default:
672         LOG(ERROR) << StringPrintf("Unexpected type 0x%x", param_type);
673         p += param_len;
674         break;
675     }
676   }
677   return LLCP_STATUS_SUCCESS;
678 }
679 
680 /*******************************************************************************
681 **
682 ** Function         llcp_util_send_dm
683 **
684 ** Description      Send DM PDU
685 **
686 ** Returns          void
687 **
688 *******************************************************************************/
llcp_util_send_dm(uint8_t dsap,uint8_t ssap,uint8_t reason)689 void llcp_util_send_dm(uint8_t dsap, uint8_t ssap, uint8_t reason) {
690   NFC_HDR* p_msg;
691   uint8_t* p;
692 
693   p_msg = (NFC_HDR*)GKI_getpoolbuf(LLCP_POOL_ID);
694 
695   if (p_msg) {
696     p_msg->len = LLCP_PDU_DM_SIZE;
697     p_msg->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
698 
699     p = (uint8_t*)(p_msg + 1) + p_msg->offset;
700     UINT16_TO_BE_STREAM(p, LLCP_GET_PDU_HEADER(dsap, LLCP_PDU_DM_TYPE, ssap));
701     UINT8_TO_BE_STREAM(p, reason);
702 
703     GKI_enqueue(&llcp_cb.lcb.sig_xmit_q, p_msg);
704     llcp_link_check_send_data();
705   }
706 }
707 
708 /*******************************************************************************
709 **
710 ** Function         llcp_util_build_info_pdu
711 **
712 ** Description      Add DSAP, PTYPE, SSAP and sequence numbers and update local
713 **                  ack sequence
714 **
715 ** Returns          void
716 **
717 *******************************************************************************/
llcp_util_build_info_pdu(tLLCP_DLCB * p_dlcb,NFC_HDR * p_msg)718 void llcp_util_build_info_pdu(tLLCP_DLCB* p_dlcb, NFC_HDR* p_msg) {
719   uint8_t* p;
720   uint8_t rcv_seq;
721 
722   p_msg->offset -= LLCP_PDU_HEADER_SIZE + LLCP_SEQUENCE_SIZE;
723   p_msg->len += LLCP_PDU_HEADER_SIZE + LLCP_SEQUENCE_SIZE;
724   p = (uint8_t*)(p_msg + 1) + p_msg->offset;
725 
726   UINT16_TO_BE_STREAM(p,
727                       LLCP_GET_PDU_HEADER(p_dlcb->remote_sap, LLCP_PDU_I_TYPE,
728                                           p_dlcb->local_sap));
729 
730   /* if local_busy or rx congested then do not update receive sequence number to
731    * flow off */
732   if ((p_dlcb->local_busy) || (p_dlcb->is_rx_congested) ||
733       (llcp_cb.overall_rx_congested)) {
734     rcv_seq = p_dlcb->sent_ack_seq;
735   } else {
736     p_dlcb->sent_ack_seq = p_dlcb->next_rx_seq;
737     rcv_seq = p_dlcb->sent_ack_seq;
738   }
739   UINT8_TO_BE_STREAM(p, LLCP_GET_SEQUENCE(p_dlcb->next_tx_seq, rcv_seq));
740 }
741 
742 /*******************************************************************************
743 **
744 ** Function         llcp_util_send_frmr
745 **
746 ** Description      Send FRMR PDU
747 **
748 ** Returns          tLLCP_STATUS
749 **
750 *******************************************************************************/
llcp_util_send_frmr(tLLCP_DLCB * p_dlcb,uint8_t flags,uint8_t ptype,uint8_t sequence)751 tLLCP_STATUS llcp_util_send_frmr(tLLCP_DLCB* p_dlcb, uint8_t flags,
752                                  uint8_t ptype, uint8_t sequence) {
753   NFC_HDR* p_msg;
754   uint8_t* p;
755 
756   p_msg = (NFC_HDR*)GKI_getpoolbuf(LLCP_POOL_ID);
757 
758   if (p_msg) {
759     p_msg->len = LLCP_PDU_FRMR_SIZE;
760     p_msg->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
761 
762     p = (uint8_t*)(p_msg + 1) + p_msg->offset;
763 
764     UINT16_TO_BE_STREAM(
765         p, LLCP_GET_PDU_HEADER(p_dlcb->remote_sap, LLCP_PDU_FRMR_TYPE,
766                                p_dlcb->local_sap));
767     UINT8_TO_BE_STREAM(p, (flags << 4) | ptype);
768     UINT8_TO_BE_STREAM(p, sequence);
769     UINT8_TO_BE_STREAM(p, (p_dlcb->next_tx_seq << 4) | p_dlcb->next_rx_seq);
770     UINT8_TO_BE_STREAM(p, (p_dlcb->rcvd_ack_seq << 4) | p_dlcb->sent_ack_seq);
771 
772     GKI_enqueue(&llcp_cb.lcb.sig_xmit_q, p_msg);
773     llcp_link_check_send_data();
774 
775     return LLCP_STATUS_SUCCESS;
776   } else {
777     LOG(ERROR) << StringPrintf("Out of resource");
778     return LLCP_STATUS_FAIL;
779   }
780 }
781 
782 /*******************************************************************************
783 **
784 ** Function         llcp_util_send_rr_rnr
785 **
786 ** Description      Send RR or RNR PDU
787 **
788 ** Returns          void
789 **
790 *******************************************************************************/
llcp_util_send_rr_rnr(tLLCP_DLCB * p_dlcb)791 void llcp_util_send_rr_rnr(tLLCP_DLCB* p_dlcb) {
792   NFC_HDR* p_msg;
793   uint8_t* p;
794   uint8_t pdu_type;
795   uint8_t pdu_size;
796   uint8_t rcv_seq;
797 
798   /* if no indication of change in local busy or rx congestion */
799   if ((p_dlcb->flags & LLCP_DATA_LINK_FLAG_PENDING_RR_RNR) == 0) {
800     /* if all ack is sent */
801     if (p_dlcb->sent_ack_seq == p_dlcb->next_rx_seq) {
802       /* we don't need to send RR/RNR */
803       return;
804     } else {
805       /* if rx flow off because of local busy or congestion */
806       if ((p_dlcb->local_busy) || (p_dlcb->is_rx_congested) ||
807           (llcp_cb.overall_rx_congested)) {
808         /* don't send RR/RNR */
809         return;
810       }
811     }
812   }
813 
814   if ((p_dlcb->local_busy) || (p_dlcb->is_rx_congested) ||
815       (llcp_cb.overall_rx_congested)) {
816     DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
817         ""
818         "local_busy=%d,is_rx_congested=%d,overall_rx_congested=%d",
819         p_dlcb->local_busy, p_dlcb->is_rx_congested,
820         llcp_cb.overall_rx_congested);
821 
822     /* if local_busy or rx congested then do not update receive sequence number
823      * to flow off */
824     pdu_type = LLCP_PDU_RNR_TYPE;
825     pdu_size = LLCP_PDU_RNR_SIZE;
826     rcv_seq = p_dlcb->sent_ack_seq;
827   } else {
828     pdu_type = LLCP_PDU_RR_TYPE;
829     pdu_size = LLCP_PDU_RR_SIZE;
830 
831     p_dlcb->sent_ack_seq = p_dlcb->next_rx_seq;
832     rcv_seq = p_dlcb->sent_ack_seq;
833   }
834 
835   p_msg = (NFC_HDR*)GKI_getpoolbuf(LLCP_POOL_ID);
836 
837   if (p_msg) {
838     p_dlcb->flags &= ~LLCP_DATA_LINK_FLAG_PENDING_RR_RNR;
839 
840     p_msg->len = pdu_size;
841     p_msg->offset = NCI_MSG_OFFSET_SIZE + NCI_DATA_HDR_SIZE;
842 
843     p = (uint8_t*)(p_msg + 1) + p_msg->offset;
844 
845     UINT16_TO_BE_STREAM(p, LLCP_GET_PDU_HEADER(p_dlcb->remote_sap, pdu_type,
846                                                p_dlcb->local_sap));
847 
848     UINT8_TO_BE_STREAM(p, rcv_seq);
849 
850     DLOG_IF(INFO, nfc_debug_enabled) << StringPrintf(
851         "LLCP TX - N(S,R):(NA,%d) V(S,SA,R,RA):(%d,%d,%d,%d)",
852         p_dlcb->next_rx_seq, p_dlcb->next_tx_seq, p_dlcb->rcvd_ack_seq,
853         p_dlcb->next_rx_seq, p_dlcb->sent_ack_seq);
854     GKI_enqueue(&llcp_cb.lcb.sig_xmit_q, p_msg);
855     llcp_link_check_send_data();
856   } else {
857     LOG(ERROR) << StringPrintf("Out of resource");
858   }
859 }
860 
861 /*******************************************************************************
862 **
863 ** Function         llcp_util_get_app_cb
864 **
865 ** Description      get pointer of application registered control block by SAP
866 **
867 ** Returns          tLLCP_APP_CB *
868 **
869 *******************************************************************************/
llcp_util_get_app_cb(uint8_t local_sap)870 tLLCP_APP_CB* llcp_util_get_app_cb(uint8_t local_sap) {
871   tLLCP_APP_CB* p_app_cb = nullptr;
872 
873   if (local_sap <= LLCP_UPPER_BOUND_WK_SAP) {
874     if ((local_sap != LLCP_SAP_LM) && (local_sap < LLCP_MAX_WKS)) {
875       p_app_cb = &llcp_cb.wks_cb[local_sap];
876     }
877   } else if (local_sap <= LLCP_UPPER_BOUND_SDP_SAP) {
878     if (local_sap - LLCP_LOWER_BOUND_SDP_SAP < LLCP_MAX_SERVER) {
879       p_app_cb = &llcp_cb.server_cb[local_sap - LLCP_LOWER_BOUND_SDP_SAP];
880     }
881   } else if (local_sap <= LLCP_UPPER_BOUND_LOCAL_SAP) {
882     if (local_sap - LLCP_LOWER_BOUND_LOCAL_SAP < LLCP_MAX_CLIENT) {
883       p_app_cb = &llcp_cb.client_cb[local_sap - LLCP_LOWER_BOUND_LOCAL_SAP];
884     }
885   }
886 
887   return (p_app_cb);
888 }
889