1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains state machine and action routines for a port of the
22 * RFCOMM unit
23 *
24 ******************************************************************************/
25 #include <string.h>
26 #include "bt_common.h"
27 #include "bt_target.h"
28 #include "bt_utils.h"
29 #include "btm_api.h"
30 #include "btm_int.h"
31 #include "osi/include/osi.h"
32 #include "port_api.h"
33 #include "port_int.h"
34 #include "rfc_int.h"
35 #include "rfcdefs.h"
36
37 #include <set>
38 #include "hci/include/btsnoop.h"
39
40 static const std::set<uint16_t> uuid_logging_whitelist = {
41 UUID_SERVCLASS_HEADSET_AUDIO_GATEWAY,
42 UUID_SERVCLASS_AG_HANDSFREE,
43 };
44
45 /******************************************************************************/
46 /* L O C A L F U N C T I O N P R O T O T Y P E S */
47 /******************************************************************************/
48 static void rfc_port_sm_state_closed(tPORT* p_port, uint16_t event,
49 void* p_data);
50 static void rfc_port_sm_sabme_wait_ua(tPORT* p_port, uint16_t event,
51 void* p_data);
52 static void rfc_port_sm_opened(tPORT* p_port, uint16_t event, void* p_data);
53 static void rfc_port_sm_orig_wait_sec_check(tPORT* p_port, uint16_t event,
54 void* p_data);
55 static void rfc_port_sm_term_wait_sec_check(tPORT* p_port, uint16_t event,
56 void* p_data);
57 static void rfc_port_sm_disc_wait_ua(tPORT* p_port, uint16_t event,
58 void* p_data);
59
60 static void rfc_port_uplink_data(tPORT* p_port, BT_HDR* p_buf);
61
62 static void rfc_set_port_state(tPORT_STATE* port_pars, MX_FRAME* p_frame);
63
64 /*******************************************************************************
65 *
66 * Function rfc_port_sm_execute
67 *
68 * Description This function sends port events through the state
69 * machine.
70 *
71 * Returns void
72 *
73 ******************************************************************************/
rfc_port_sm_execute(tPORT * p_port,uint16_t event,void * p_data)74 void rfc_port_sm_execute(tPORT* p_port, uint16_t event, void* p_data) {
75 CHECK(p_port != nullptr) << __func__ << ": NULL port event " << event;
76 VLOG(1) << __func__ << ": BD_ADDR=" << p_port->bd_addr
77 << ", PORT=" << std::to_string(p_port->handle)
78 << ", STATE=" << std::to_string(p_port->rfc.state)
79 << ", EVENT=" << event;
80 switch (p_port->rfc.state) {
81 case RFC_STATE_CLOSED:
82 rfc_port_sm_state_closed(p_port, event, p_data);
83 break;
84
85 case RFC_STATE_SABME_WAIT_UA:
86 rfc_port_sm_sabme_wait_ua(p_port, event, p_data);
87 break;
88
89 case RFC_STATE_ORIG_WAIT_SEC_CHECK:
90 rfc_port_sm_orig_wait_sec_check(p_port, event, p_data);
91 break;
92
93 case RFC_STATE_TERM_WAIT_SEC_CHECK:
94 rfc_port_sm_term_wait_sec_check(p_port, event, p_data);
95 break;
96
97 case RFC_STATE_OPENED:
98 rfc_port_sm_opened(p_port, event, p_data);
99 break;
100
101 case RFC_STATE_DISC_WAIT_UA:
102 rfc_port_sm_disc_wait_ua(p_port, event, p_data);
103 break;
104 }
105 }
106
107 /*******************************************************************************
108 *
109 * Function rfc_port_sm_state_closed
110 *
111 * Description This function handles events when the port is in
112 * CLOSED state. This state exists when port is
113 * being initially established.
114 *
115 * Returns void
116 *
117 ******************************************************************************/
rfc_port_sm_state_closed(tPORT * p_port,uint16_t event,void * p_data)118 void rfc_port_sm_state_closed(tPORT* p_port, uint16_t event, void* p_data) {
119 switch (event) {
120 case RFC_EVENT_OPEN:
121 p_port->rfc.state = RFC_STATE_ORIG_WAIT_SEC_CHECK;
122 btm_sec_mx_access_request(
123 p_port->rfc.p_mcb->bd_addr, BT_PSM_RFCOMM, true, BTM_SEC_PROTO_RFCOMM,
124 (uint32_t)(p_port->dlci / 2), &rfc_sec_check_complete, p_port);
125 return;
126
127 case RFC_EVENT_CLOSE:
128 break;
129
130 case RFC_EVENT_CLEAR:
131 return;
132
133 case RFC_EVENT_DATA:
134 osi_free(p_data);
135 break;
136
137 case RFC_EVENT_SABME:
138 /* make sure the multiplexer disconnect timer is not running (reconnect
139 * case) */
140 rfc_timer_stop(p_port->rfc.p_mcb);
141
142 /* Open will be continued after security checks are passed */
143 p_port->rfc.state = RFC_STATE_TERM_WAIT_SEC_CHECK;
144 btm_sec_mx_access_request(p_port->rfc.p_mcb->bd_addr, BT_PSM_RFCOMM,
145 false, BTM_SEC_PROTO_RFCOMM,
146 (uint32_t)(p_port->dlci / 2),
147 &rfc_sec_check_complete, p_port);
148 return;
149
150 case RFC_EVENT_UA:
151 return;
152
153 case RFC_EVENT_DM:
154 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DM, index=%d", __func__,
155 p_port->handle);
156 rfc_port_closed(p_port);
157 return;
158
159 case RFC_EVENT_UIH:
160 osi_free(p_data);
161 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, false);
162 return;
163
164 case RFC_EVENT_DISC:
165 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, false);
166 return;
167
168 case RFC_EVENT_TIMEOUT:
169 Port_TimeOutCloseMux(p_port->rfc.p_mcb);
170 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
171 event);
172 return;
173 }
174
175 RFCOMM_TRACE_WARNING("Port state closed Event ignored %d", event);
176 return;
177 }
178
179 /*******************************************************************************
180 *
181 * Function rfc_port_sm_sabme_wait_ua
182 *
183 * Description This function handles events when SABME on the DLC was
184 * sent and SM is waiting for UA or DM.
185 *
186 * Returns void
187 *
188 ******************************************************************************/
rfc_port_sm_sabme_wait_ua(tPORT * p_port,uint16_t event,void * p_data)189 void rfc_port_sm_sabme_wait_ua(tPORT* p_port, uint16_t event, void* p_data) {
190 switch (event) {
191 case RFC_EVENT_OPEN:
192 case RFC_EVENT_ESTABLISH_RSP:
193 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
194 event);
195 return;
196
197 case RFC_EVENT_CLOSE:
198 rfc_port_timer_start(p_port, RFC_DISC_TIMEOUT);
199 rfc_send_disc(p_port->rfc.p_mcb, p_port->dlci);
200 p_port->rfc.expected_rsp = 0;
201 p_port->rfc.state = RFC_STATE_DISC_WAIT_UA;
202 return;
203
204 case RFC_EVENT_CLEAR:
205 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_CLEAR, index=%d", __func__,
206 p_port->handle);
207 rfc_port_closed(p_port);
208 return;
209
210 case RFC_EVENT_DATA:
211 osi_free(p_data);
212 break;
213
214 case RFC_EVENT_UA:
215 rfc_port_timer_stop(p_port);
216 p_port->rfc.state = RFC_STATE_OPENED;
217
218 if (uuid_logging_whitelist.find(p_port->uuid) !=
219 uuid_logging_whitelist.end()) {
220 btsnoop_get_interface()->whitelist_rfc_dlci(p_port->rfc.p_mcb->lcid,
221 p_port->dlci);
222 }
223
224 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
225 p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_SUCCESS);
226 return;
227
228 case RFC_EVENT_DM:
229 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DM, index=%d", __func__,
230 p_port->handle);
231 p_port->rfc.p_mcb->is_disc_initiator = true;
232 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
233 p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_ERROR);
234 rfc_port_closed(p_port);
235 return;
236
237 case RFC_EVENT_DISC:
238 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DISC, index=%d", __func__,
239 p_port->handle);
240 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
241 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
242 p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_ERROR);
243 rfc_port_closed(p_port);
244 return;
245
246 case RFC_EVENT_SABME:
247 /* Continue to wait for the UA the SABME this side sent */
248 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
249 return;
250
251 case RFC_EVENT_UIH:
252 osi_free(p_data);
253 return;
254
255 case RFC_EVENT_TIMEOUT:
256 p_port->rfc.state = RFC_STATE_CLOSED;
257 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
258 p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_ERROR);
259 return;
260 }
261 RFCOMM_TRACE_WARNING("Port state sabme_wait_ua Event ignored %d", event);
262 }
263
264 /*******************************************************************************
265 *
266 * Function rfc_port_sm_term_wait_sec_check
267 *
268 * Description This function handles events for the port in the
269 * WAIT_SEC_CHECK state. SABME has been received from the
270 * peer and Security Manager verifes address, before we can
271 * send ESTABLISH_IND to the Port entity
272 *
273 * Returns void
274 *
275 ******************************************************************************/
rfc_port_sm_term_wait_sec_check(tPORT * p_port,uint16_t event,void * p_data)276 void rfc_port_sm_term_wait_sec_check(tPORT* p_port, uint16_t event,
277 void* p_data) {
278 switch (event) {
279 case RFC_EVENT_SEC_COMPLETE:
280 if (*((uint8_t*)p_data) != BTM_SUCCESS) {
281 /* Authentication/authorization failed. If link is still */
282 /* up send DM and check if we need to start inactive timer */
283 if (p_port->rfc.p_mcb) {
284 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
285 p_port->rfc.p_mcb->is_disc_initiator = true;
286 port_rfc_closed(p_port, PORT_SEC_FAILED);
287 }
288 } else {
289 PORT_DlcEstablishInd(p_port->rfc.p_mcb, p_port->dlci,
290 p_port->rfc.p_mcb->peer_l2cap_mtu);
291 }
292 return;
293
294 case RFC_EVENT_OPEN:
295 case RFC_EVENT_CLOSE:
296 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
297 event);
298 return;
299
300 case RFC_EVENT_CLEAR:
301 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_CLEAR, index=%d", __func__,
302 p_port->handle);
303 btm_sec_abort_access_req(p_port->rfc.p_mcb->bd_addr);
304 rfc_port_closed(p_port);
305 return;
306
307 case RFC_EVENT_DATA:
308 RFCOMM_TRACE_ERROR("Port error state Term Wait Sec event Data");
309 osi_free(p_data);
310 return;
311
312 case RFC_EVENT_SABME:
313 /* Ignore SABME retransmission if client dares to do so */
314 return;
315
316 case RFC_EVENT_DISC:
317 btm_sec_abort_access_req(p_port->rfc.p_mcb->bd_addr);
318 p_port->rfc.state = RFC_STATE_CLOSED;
319 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
320
321 PORT_DlcReleaseInd(p_port->rfc.p_mcb, p_port->dlci);
322 return;
323
324 case RFC_EVENT_UIH:
325 osi_free(p_data);
326 return;
327
328 case RFC_EVENT_ESTABLISH_RSP:
329 if (*((uint8_t*)p_data) != RFCOMM_SUCCESS) {
330 if (p_port->rfc.p_mcb)
331 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
332 } else {
333 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
334 p_port->rfc.state = RFC_STATE_OPENED;
335
336 if (uuid_logging_whitelist.find(p_port->uuid) !=
337 uuid_logging_whitelist.end()) {
338 btsnoop_get_interface()->whitelist_rfc_dlci(p_port->rfc.p_mcb->lcid,
339 p_port->dlci);
340 }
341 }
342 return;
343 }
344 RFCOMM_TRACE_WARNING("Port state term_wait_sec_check Event ignored %d",
345 event);
346 }
347
348 /*******************************************************************************
349 *
350 * Function rfc_port_sm_orig_wait_sec_check
351 *
352 * Description This function handles events for the port in the
353 * ORIG_WAIT_SEC_CHECK state. RFCOMM is waiting for Security
354 * manager to finish before sending SABME to the peer
355 *
356 * Returns void
357 *
358 ******************************************************************************/
rfc_port_sm_orig_wait_sec_check(tPORT * p_port,uint16_t event,void * p_data)359 void rfc_port_sm_orig_wait_sec_check(tPORT* p_port, uint16_t event,
360 void* p_data) {
361 switch (event) {
362 case RFC_EVENT_SEC_COMPLETE:
363 if (*((uint8_t*)p_data) != BTM_SUCCESS) {
364 RFCOMM_TRACE_ERROR("%s, RFC_EVENT_SEC_COMPLETE, index=%d, result=%d",
365 __func__, event, p_port->handle,
366 *((uint8_t*)p_data));
367 p_port->rfc.p_mcb->is_disc_initiator = true;
368 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci, 0,
369 RFCOMM_SECURITY_ERR);
370 rfc_port_closed(p_port);
371 return;
372 }
373 rfc_send_sabme(p_port->rfc.p_mcb, p_port->dlci);
374 rfc_port_timer_start(p_port, RFC_PORT_T1_TIMEOUT);
375 p_port->rfc.state = RFC_STATE_SABME_WAIT_UA;
376 return;
377
378 case RFC_EVENT_OPEN:
379 case RFC_EVENT_SABME: /* Peer should not use the same dlci */
380 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
381 event);
382 return;
383
384 case RFC_EVENT_CLOSE:
385 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_CLOSE, index=%d", __func__,
386 p_port->handle);
387 btm_sec_abort_access_req(p_port->rfc.p_mcb->bd_addr);
388 rfc_port_closed(p_port);
389 return;
390
391 case RFC_EVENT_DATA:
392 RFCOMM_TRACE_ERROR("Port error state Orig Wait Sec event Data");
393 osi_free(p_data);
394 return;
395
396 case RFC_EVENT_UIH:
397 osi_free(p_data);
398 return;
399 }
400 RFCOMM_TRACE_WARNING("Port state orig_wait_sec_check Event ignored %d",
401 event);
402 }
403
404 /*******************************************************************************
405 *
406 * Function rfc_port_sm_opened
407 *
408 * Description This function handles events for the port in the OPENED
409 * state
410 *
411 * Returns void
412 *
413 ******************************************************************************/
rfc_port_sm_opened(tPORT * p_port,uint16_t event,void * p_data)414 void rfc_port_sm_opened(tPORT* p_port, uint16_t event, void* p_data) {
415 switch (event) {
416 case RFC_EVENT_OPEN:
417 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
418 event);
419 return;
420
421 case RFC_EVENT_CLOSE:
422 rfc_port_timer_start(p_port, RFC_DISC_TIMEOUT);
423 rfc_send_disc(p_port->rfc.p_mcb, p_port->dlci);
424 p_port->rfc.expected_rsp = 0;
425 p_port->rfc.state = RFC_STATE_DISC_WAIT_UA;
426 return;
427
428 case RFC_EVENT_CLEAR:
429 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_CLEAR, index=%d", __func__,
430 p_port->handle);
431 rfc_port_closed(p_port);
432 return;
433
434 case RFC_EVENT_DATA:
435 /* Send credits in the frame. Pass them in the layer specific member of
436 * the hdr. */
437 /* There might be an initial case when we reduced rx_max and credit_rx is
438 * still */
439 /* bigger. Make sure that we do not send 255 */
440 if ((p_port->rfc.p_mcb->flow == PORT_FC_CREDIT) &&
441 (((BT_HDR*)p_data)->len < p_port->peer_mtu) &&
442 (!p_port->rx.user_fc) &&
443 (p_port->credit_rx_max > p_port->credit_rx)) {
444 ((BT_HDR*)p_data)->layer_specific =
445 (uint8_t)(p_port->credit_rx_max - p_port->credit_rx);
446 p_port->credit_rx = p_port->credit_rx_max;
447 } else {
448 ((BT_HDR*)p_data)->layer_specific = 0;
449 }
450 rfc_send_buf_uih(p_port->rfc.p_mcb, p_port->dlci, (BT_HDR*)p_data);
451 rfc_dec_credit(p_port);
452 return;
453
454 case RFC_EVENT_UA:
455 return;
456
457 case RFC_EVENT_SABME:
458 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
459 return;
460
461 case RFC_EVENT_DM:
462 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DM, index=%d", __func__,
463 p_port->handle);
464 PORT_DlcReleaseInd(p_port->rfc.p_mcb, p_port->dlci);
465 rfc_port_closed(p_port);
466 return;
467
468 case RFC_EVENT_DISC:
469 p_port->rfc.state = RFC_STATE_CLOSED;
470 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
471 if (!fixed_queue_is_empty(p_port->rx.queue)) {
472 /* give a chance to upper stack to close port properly */
473 RFCOMM_TRACE_DEBUG("port queue is not empty");
474 rfc_port_timer_start(p_port, RFC_DISC_TIMEOUT);
475 } else
476 PORT_DlcReleaseInd(p_port->rfc.p_mcb, p_port->dlci);
477 return;
478
479 case RFC_EVENT_UIH:
480 rfc_port_uplink_data(p_port, (BT_HDR*)p_data);
481 return;
482
483 case RFC_EVENT_TIMEOUT:
484 Port_TimeOutCloseMux(p_port->rfc.p_mcb);
485 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
486 event);
487 return;
488 }
489 RFCOMM_TRACE_WARNING("Port state opened Event ignored %d", event);
490 }
491
492 /*******************************************************************************
493 *
494 * Function rfc_port_sm_disc_wait_ua
495 *
496 * Description This function handles events when DISC on the DLC was
497 * sent and SM is waiting for UA or DM.
498 *
499 * Returns void
500 *
501 ******************************************************************************/
rfc_port_sm_disc_wait_ua(tPORT * p_port,uint16_t event,void * p_data)502 void rfc_port_sm_disc_wait_ua(tPORT* p_port, uint16_t event, void* p_data) {
503 switch (event) {
504 case RFC_EVENT_OPEN:
505 case RFC_EVENT_ESTABLISH_RSP:
506 RFCOMM_TRACE_ERROR("Port error state %d event %d", p_port->rfc.state,
507 event);
508 return;
509
510 case RFC_EVENT_CLEAR:
511 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_CLEAR, index=%d", __func__, event,
512 p_port->handle);
513 rfc_port_closed(p_port);
514 return;
515
516 case RFC_EVENT_DATA:
517 osi_free(p_data);
518 return;
519
520 case RFC_EVENT_UA:
521 p_port->rfc.p_mcb->is_disc_initiator = true;
522 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
523
524 case RFC_EVENT_DM:
525 RFCOMM_TRACE_WARNING("%s, RFC_EVENT_DM|RFC_EVENT_UA[%d], index=%d",
526 __func__, event, p_port->handle);
527 rfc_port_closed(p_port);
528 return;
529
530 case RFC_EVENT_SABME:
531 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
532 return;
533
534 case RFC_EVENT_DISC:
535 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
536 return;
537
538 case RFC_EVENT_UIH:
539 osi_free(p_data);
540 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, false);
541 return;
542
543 case RFC_EVENT_TIMEOUT:
544 RFCOMM_TRACE_ERROR("%s, RFC_EVENT_TIMEOUT, index=%d", __func__,
545 p_port->handle);
546 rfc_port_closed(p_port);
547 return;
548 }
549
550 RFCOMM_TRACE_WARNING("Port state disc_wait_ua Event ignored %d", event);
551 }
552
553 /*******************************************************************************
554 *
555 * Function rfc_port_uplink_data
556 *
557 * Description This function handles uplink information data frame.
558 *
559 ******************************************************************************/
rfc_port_uplink_data(tPORT * p_port,BT_HDR * p_buf)560 void rfc_port_uplink_data(tPORT* p_port, BT_HDR* p_buf) {
561 PORT_DataInd(p_port->rfc.p_mcb, p_port->dlci, p_buf);
562 }
563
564 /*******************************************************************************
565 *
566 * Function rfc_process_pn
567 *
568 * Description This function handles DLC parameter negotiation frame.
569 * Record MTU and pass indication to the upper layer.
570 *
571 ******************************************************************************/
rfc_process_pn(tRFC_MCB * p_mcb,bool is_command,MX_FRAME * p_frame)572 void rfc_process_pn(tRFC_MCB* p_mcb, bool is_command, MX_FRAME* p_frame) {
573 RFCOMM_TRACE_DEBUG("%s: is_initiator=%d, is_cmd=%d, state=%d, bd_addr=%s",
574 __func__, p_mcb->is_initiator, is_command, p_mcb->state,
575 p_mcb->bd_addr.ToString().c_str());
576 uint8_t dlci = p_frame->dlci;
577
578 if (is_command) {
579 /* Ignore if Multiplexer is being shut down */
580 if (p_mcb->state != RFC_MX_STATE_DISC_WAIT_UA) {
581 PORT_ParNegInd(p_mcb, dlci, p_frame->u.pn.mtu, p_frame->u.pn.conv_layer,
582 p_frame->u.pn.k);
583 } else {
584 LOG(WARNING) << __func__
585 << ": MX PN while disconnecting, bd_addr=" << p_mcb->bd_addr
586 << ", p_mcb=" << p_mcb;
587 rfc_send_dm(p_mcb, dlci, false);
588 }
589
590 return;
591 }
592 /* If we are not awaiting response just ignore it */
593 tPORT* p_port = port_find_mcb_dlci_port(p_mcb, dlci);
594 if ((p_port == nullptr) || !(p_port->rfc.expected_rsp & RFC_RSP_PN)) {
595 LOG(WARNING) << ": Ignore unwanted response, p_mcb=" << p_mcb
596 << ", bd_addr=" << p_mcb->bd_addr
597 << ", dlci=" << std::to_string(dlci);
598 return;
599 }
600
601 p_port->rfc.expected_rsp &= ~RFC_RSP_PN;
602
603 rfc_port_timer_stop(p_port);
604
605 PORT_ParNegCnf(p_mcb, dlci, p_frame->u.pn.mtu, p_frame->u.pn.conv_layer,
606 p_frame->u.pn.k);
607 }
608
609 /*******************************************************************************
610 *
611 * Function rfc_process_rpn
612 *
613 * Description This function handles Remote DLC parameter negotiation
614 * command/response. Pass command to the user.
615 *
616 ******************************************************************************/
rfc_process_rpn(tRFC_MCB * p_mcb,bool is_command,bool is_request,MX_FRAME * p_frame)617 void rfc_process_rpn(tRFC_MCB* p_mcb, bool is_command, bool is_request,
618 MX_FRAME* p_frame) {
619 tPORT_STATE port_pars;
620 tPORT* p_port;
621
622 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
623 if (p_port == nullptr) {
624 /* This is the first command on the port */
625 if (is_command) {
626 memset(&port_pars, 0, sizeof(tPORT_STATE));
627 rfc_set_port_state(&port_pars, p_frame);
628
629 PORT_PortNegInd(p_mcb, p_frame->dlci, &port_pars,
630 p_frame->u.rpn.param_mask);
631 }
632 return;
633 }
634
635 if (is_command && is_request) {
636 /* This is the special situation when peer just request local pars */
637 rfc_send_rpn(p_mcb, p_frame->dlci, false, &p_port->peer_port_pars, 0);
638 return;
639 }
640
641 port_pars = p_port->peer_port_pars;
642
643 rfc_set_port_state(&port_pars, p_frame);
644
645 if (is_command) {
646 PORT_PortNegInd(p_mcb, p_frame->dlci, &port_pars,
647 p_frame->u.rpn.param_mask);
648 return;
649 }
650
651 /* If we are not awaiting response just ignore it */
652 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
653 if ((p_port == nullptr) ||
654 !(p_port->rfc.expected_rsp & (RFC_RSP_RPN | RFC_RSP_RPN_REPLY))) {
655 LOG(WARNING) << __func__ << ": ignore DLC parameter negotiation as we are"
656 << " not waiting for any";
657 return;
658 }
659
660 /* If we sent a request for port parameters to the peer it is replying with */
661 /* mask 0. */
662 rfc_port_timer_stop(p_port);
663
664 if (p_port->rfc.expected_rsp & RFC_RSP_RPN_REPLY) {
665 p_port->rfc.expected_rsp &= ~RFC_RSP_RPN_REPLY;
666
667 p_port->peer_port_pars = port_pars;
668
669 if ((port_pars.fc_type ==
670 (RFCOMM_FC_RTR_ON_INPUT | RFCOMM_FC_RTR_ON_OUTPUT)) ||
671 (port_pars.fc_type ==
672 (RFCOMM_FC_RTC_ON_INPUT | RFCOMM_FC_RTC_ON_OUTPUT))) {
673 /* This is satisfactory port parameters. Set mask as it was Ok */
674 p_frame->u.rpn.param_mask = RFCOMM_RPN_PM_MASK;
675 } else {
676 /* Current peer parameters are not good, try to fix them */
677 p_port->peer_port_pars.fc_type =
678 (RFCOMM_FC_RTR_ON_INPUT | RFCOMM_FC_RTR_ON_OUTPUT);
679
680 p_port->rfc.expected_rsp |= RFC_RSP_RPN;
681 rfc_send_rpn(p_mcb, p_frame->dlci, true, &p_port->peer_port_pars,
682 RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT);
683 rfc_port_timer_start(p_port, RFC_T2_TIMEOUT);
684 return;
685 }
686 } else
687 p_port->rfc.expected_rsp &= ~RFC_RSP_RPN;
688
689 /* Check if all suggested parameters were accepted */
690 if (((p_frame->u.rpn.param_mask &
691 (RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT)) ==
692 (RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT)) ||
693 ((p_frame->u.rpn.param_mask &
694 (RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT)) ==
695 (RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT))) {
696 PORT_PortNegCnf(p_mcb, p_port->dlci, &port_pars, RFCOMM_SUCCESS);
697 return;
698 }
699
700 /* If we were proposing RTR flow control try RTC flow control */
701 /* If we were proposing RTC flow control try no flow control */
702 /* otherwise drop the connection */
703 if (p_port->peer_port_pars.fc_type ==
704 (RFCOMM_FC_RTR_ON_INPUT | RFCOMM_FC_RTR_ON_OUTPUT)) {
705 /* Current peer parameters are not good, try to fix them */
706 p_port->peer_port_pars.fc_type =
707 (RFCOMM_FC_RTC_ON_INPUT | RFCOMM_FC_RTC_ON_OUTPUT);
708
709 p_port->rfc.expected_rsp |= RFC_RSP_RPN;
710
711 rfc_send_rpn(p_mcb, p_frame->dlci, true, &p_port->peer_port_pars,
712 RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT);
713 rfc_port_timer_start(p_port, RFC_T2_TIMEOUT);
714 return;
715 }
716
717 /* Other side does not support flow control */
718 if (p_port->peer_port_pars.fc_type ==
719 (RFCOMM_FC_RTC_ON_INPUT | RFCOMM_FC_RTC_ON_OUTPUT)) {
720 p_port->peer_port_pars.fc_type = RFCOMM_FC_OFF;
721 PORT_PortNegCnf(p_mcb, p_port->dlci, &port_pars, RFCOMM_SUCCESS);
722 }
723 }
724
725 /*******************************************************************************
726 *
727 * Function rfc_process_msc
728 *
729 * Description This function handles Modem Status Command.
730 * Pass command to the user.
731 *
732 ******************************************************************************/
rfc_process_msc(tRFC_MCB * p_mcb,bool is_command,MX_FRAME * p_frame)733 void rfc_process_msc(tRFC_MCB* p_mcb, bool is_command, MX_FRAME* p_frame) {
734 tPORT_CTRL pars;
735 tPORT* p_port;
736 uint8_t modem_signals = p_frame->u.msc.signals;
737 bool new_peer_fc = false;
738
739 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
740 if (p_port == NULL) return;
741
742 pars.modem_signal = 0;
743
744 if (modem_signals & RFCOMM_MSC_RTC) pars.modem_signal |= MODEM_SIGNAL_DTRDSR;
745
746 if (modem_signals & RFCOMM_MSC_RTR) pars.modem_signal |= MODEM_SIGNAL_RTSCTS;
747
748 if (modem_signals & RFCOMM_MSC_IC) pars.modem_signal |= MODEM_SIGNAL_RI;
749
750 if (modem_signals & RFCOMM_MSC_DV) pars.modem_signal |= MODEM_SIGNAL_DCD;
751
752 pars.fc = ((modem_signals & RFCOMM_MSC_FC) == RFCOMM_MSC_FC);
753
754 pars.break_signal =
755 (p_frame->u.msc.break_present) ? p_frame->u.msc.break_duration : 0;
756 pars.discard_buffers = 0;
757 pars.break_signal_seq = RFCOMM_CTRL_BREAK_IN_SEQ; /* this is default */
758
759 /* Check if this command is passed only to indicate flow control */
760 if (is_command) {
761 rfc_send_msc(p_mcb, p_frame->dlci, false, &pars);
762
763 if (p_port->rfc.p_mcb->flow != PORT_FC_CREDIT) {
764 /* Spec 1.1 indicates that only FC bit is used for flow control */
765 p_port->peer_ctrl.fc = new_peer_fc = pars.fc;
766
767 if (new_peer_fc != p_port->tx.peer_fc)
768 PORT_FlowInd(p_mcb, p_frame->dlci, (bool)!new_peer_fc);
769 }
770
771 PORT_ControlInd(p_mcb, p_frame->dlci, &pars);
772
773 return;
774 }
775
776 /* If we are not awaiting response just ignore it */
777 if (!(p_port->rfc.expected_rsp & RFC_RSP_MSC)) return;
778
779 p_port->rfc.expected_rsp &= ~RFC_RSP_MSC;
780
781 rfc_port_timer_stop(p_port);
782
783 PORT_ControlCnf(p_port->rfc.p_mcb, p_port->dlci, &pars);
784 }
785
786 /*******************************************************************************
787 *
788 * Function rfc_process_rls
789 *
790 * Description This function handles Remote Line Status command.
791 * Pass command to the user.
792 *
793 ******************************************************************************/
rfc_process_rls(tRFC_MCB * p_mcb,bool is_command,MX_FRAME * p_frame)794 void rfc_process_rls(tRFC_MCB* p_mcb, bool is_command, MX_FRAME* p_frame) {
795 tPORT* p_port;
796
797 if (is_command) {
798 PORT_LineStatusInd(p_mcb, p_frame->dlci, p_frame->u.rls.line_status);
799 rfc_send_rls(p_mcb, p_frame->dlci, false, p_frame->u.rls.line_status);
800 } else {
801 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
802
803 /* If we are not awaiting response just ignore it */
804 if (!p_port || !(p_port->rfc.expected_rsp & RFC_RSP_RLS)) return;
805
806 p_port->rfc.expected_rsp &= ~RFC_RSP_RLS;
807
808 rfc_port_timer_stop(p_port);
809 }
810 }
811
812 /*******************************************************************************
813 *
814 * Function rfc_process_nsc
815 *
816 * Description This function handles None Supported Command frame.
817 *
818 ******************************************************************************/
rfc_process_nsc(UNUSED_ATTR tRFC_MCB * p_mcb,UNUSED_ATTR MX_FRAME * p_frame)819 void rfc_process_nsc(UNUSED_ATTR tRFC_MCB* p_mcb,
820 UNUSED_ATTR MX_FRAME* p_frame) {}
821
822 /*******************************************************************************
823 *
824 * Function rfc_process_test
825 *
826 * Description This function handles Test frame. If this is a command
827 * reply to it. Otherwise pass response to the user.
828 *
829 ******************************************************************************/
rfc_process_test_rsp(UNUSED_ATTR tRFC_MCB * p_mcb,BT_HDR * p_buf)830 void rfc_process_test_rsp(UNUSED_ATTR tRFC_MCB* p_mcb, BT_HDR* p_buf) {
831 osi_free(p_buf);
832 }
833
834 /*******************************************************************************
835 *
836 * Function rfc_process_fcon
837 *
838 * Description This function handles FCON frame. The peer entity is able
839 * to receive new information
840 *
841 ******************************************************************************/
rfc_process_fcon(tRFC_MCB * p_mcb,bool is_command)842 void rfc_process_fcon(tRFC_MCB* p_mcb, bool is_command) {
843 if (is_command) {
844 rfc_cb.rfc.peer_rx_disabled = false;
845
846 rfc_send_fcon(p_mcb, false);
847
848 if (!p_mcb->l2cap_congested) PORT_FlowInd(p_mcb, 0, true);
849 }
850 }
851
852 /*******************************************************************************
853 *
854 * Function rfc_process_fcoff
855 *
856 * Description This function handles FCOFF frame. The peer entity is
857 * unable to receive new information
858 *
859 ******************************************************************************/
rfc_process_fcoff(tRFC_MCB * p_mcb,bool is_command)860 void rfc_process_fcoff(tRFC_MCB* p_mcb, bool is_command) {
861 if (is_command) {
862 rfc_cb.rfc.peer_rx_disabled = true;
863
864 if (!p_mcb->l2cap_congested) PORT_FlowInd(p_mcb, 0, false);
865
866 rfc_send_fcoff(p_mcb, false);
867 }
868 }
869
870 /*******************************************************************************
871 *
872 * Function rfc_process_l2cap_congestion
873 *
874 * Description This function handles L2CAP congestion messages
875 *
876 ******************************************************************************/
rfc_process_l2cap_congestion(tRFC_MCB * p_mcb,bool is_congested)877 void rfc_process_l2cap_congestion(tRFC_MCB* p_mcb, bool is_congested) {
878 p_mcb->l2cap_congested = is_congested;
879
880 if (!is_congested) {
881 rfc_check_send_cmd(p_mcb, nullptr);
882 }
883
884 if (!rfc_cb.rfc.peer_rx_disabled) {
885 PORT_FlowInd(p_mcb, 0, !is_congested);
886 }
887 }
888
889 /*******************************************************************************
890 *
891 * Function rfc_set_port_pars
892 *
893 * Description This function sets the tPORT_STATE structure given a
894 * p_frame.
895 *
896 ******************************************************************************/
897
rfc_set_port_state(tPORT_STATE * port_pars,MX_FRAME * p_frame)898 void rfc_set_port_state(tPORT_STATE* port_pars, MX_FRAME* p_frame) {
899 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_BIT_RATE)
900 port_pars->baud_rate = p_frame->u.rpn.baud_rate;
901 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_DATA_BITS)
902 port_pars->byte_size = p_frame->u.rpn.byte_size;
903 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_STOP_BITS)
904 port_pars->stop_bits = p_frame->u.rpn.stop_bits;
905 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_PARITY)
906 port_pars->parity = p_frame->u.rpn.parity;
907 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_PARITY_TYPE)
908 port_pars->parity_type = p_frame->u.rpn.parity_type;
909 if (p_frame->u.rpn.param_mask &
910 (RFCOMM_RPN_PM_XONXOFF_ON_INPUT | RFCOMM_RPN_PM_XONXOFF_ON_OUTPUT |
911 RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT |
912 RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT))
913 port_pars->fc_type = p_frame->u.rpn.fc_type;
914 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_XON_CHAR)
915 port_pars->xon_char = p_frame->u.rpn.xon_char;
916 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_XOFF_CHAR)
917 port_pars->xoff_char = p_frame->u.rpn.xoff_char;
918 }
919