1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains state machine and action routines for a port of the
22 * RFCOMM unit
23 *
24 ******************************************************************************/
25
26 #include <bluetooth/log.h>
27
28 #include <cstdint>
29 #include <cstring>
30 #include <set>
31
32 #include "hal/snoop_logger.h"
33 #include "main/shim/entry.h"
34 #include "os/log.h"
35 #include "osi/include/allocator.h"
36 #include "stack/btm/btm_sec.h"
37 #include "stack/include/bt_hdr.h"
38 #include "stack/include/bt_uuid16.h"
39 #include "stack/l2cap/l2c_int.h"
40 #include "stack/rfcomm/port_int.h"
41 #include "stack/rfcomm/rfc_int.h"
42
43 using namespace bluetooth;
44
45 static const std::set<uint16_t> uuid_logging_acceptlist = {
46 UUID_SERVCLASS_HEADSET_AUDIO_GATEWAY,
47 UUID_SERVCLASS_AG_HANDSFREE,
48 };
49
50 /******************************************************************************/
51 /* L O C A L F U N C T I O N P R O T O T Y P E S */
52 /******************************************************************************/
53 static void rfc_port_sm_state_closed(tPORT* p_port, tRFC_PORT_EVENT event,
54 void* p_data);
55 static void rfc_port_sm_sabme_wait_ua(tPORT* p_port, tRFC_PORT_EVENT event,
56 void* p_data);
57 static void rfc_port_sm_opened(tPORT* p_port, tRFC_PORT_EVENT event,
58 void* p_data);
59 static void rfc_port_sm_orig_wait_sec_check(tPORT* p_port,
60 tRFC_PORT_EVENT event,
61 void* p_data);
62 static void rfc_port_sm_term_wait_sec_check(tPORT* p_port,
63 tRFC_PORT_EVENT event,
64 void* p_data);
65 static void rfc_port_sm_disc_wait_ua(tPORT* p_port, tRFC_PORT_EVENT event,
66 void* p_data);
67
68 static void rfc_port_uplink_data(tPORT* p_port, BT_HDR* p_buf);
69
70 static void rfc_set_port_state(tPORT_STATE* port_pars, MX_FRAME* p_frame);
71
72 /*******************************************************************************
73 *
74 * Function rfc_port_sm_execute
75 *
76 * Description This function sends port events through the state
77 * machine.
78 *
79 * Returns void
80 *
81 ******************************************************************************/
rfc_port_sm_execute(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)82 void rfc_port_sm_execute(tPORT* p_port, tRFC_PORT_EVENT event, void* p_data) {
83 log::assert_that(p_port != nullptr, "NULL port event {}", event);
84
85 // logs for state RFC_STATE_OPENED handled in rfc_port_sm_opened()
86 if (p_port->rfc.state != RFC_STATE_OPENED) {
87 log::info("bd_addr:{}, index:{}, state:{}, event:{}", p_port->bd_addr,
88 p_port->handle, p_port->rfc.state, event);
89 }
90 switch (p_port->rfc.state) {
91 case RFC_STATE_CLOSED:
92 rfc_port_sm_state_closed(p_port, event, p_data);
93 break;
94
95 case RFC_STATE_SABME_WAIT_UA:
96 rfc_port_sm_sabme_wait_ua(p_port, event, p_data);
97 break;
98
99 case RFC_STATE_ORIG_WAIT_SEC_CHECK:
100 rfc_port_sm_orig_wait_sec_check(p_port, event, p_data);
101 break;
102
103 case RFC_STATE_TERM_WAIT_SEC_CHECK:
104 rfc_port_sm_term_wait_sec_check(p_port, event, p_data);
105 break;
106
107 case RFC_STATE_OPENED:
108 rfc_port_sm_opened(p_port, event, p_data);
109 break;
110
111 case RFC_STATE_DISC_WAIT_UA:
112 rfc_port_sm_disc_wait_ua(p_port, event, p_data);
113 break;
114 }
115 }
116
117 /*******************************************************************************
118 *
119 * Function rfc_port_sm_state_closed
120 *
121 * Description This function handles events when the port is in
122 * CLOSED state. This state exists when port is
123 * being initially established.
124 *
125 * Returns void
126 *
127 ******************************************************************************/
rfc_port_sm_state_closed(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)128 void rfc_port_sm_state_closed(tPORT* p_port, tRFC_PORT_EVENT event,
129 void* p_data) {
130 switch (event) {
131 case RFC_PORT_EVENT_OPEN:
132 p_port->rfc.state = RFC_STATE_ORIG_WAIT_SEC_CHECK;
133 btm_sec_mx_access_request(p_port->rfc.p_mcb->bd_addr, true,
134 p_port->sec_mask, &rfc_sec_check_complete,
135 p_port);
136 return;
137
138 case RFC_PORT_EVENT_CLOSE:
139 break;
140
141 case RFC_PORT_EVENT_CLEAR:
142 return;
143
144 case RFC_PORT_EVENT_DATA:
145 osi_free(p_data);
146 break;
147
148 case RFC_PORT_EVENT_SABME:
149 /* make sure the multiplexer disconnect timer is not running (reconnect
150 * case) */
151 rfc_timer_stop(p_port->rfc.p_mcb);
152
153 /* Open will be continued after security checks are passed */
154 p_port->rfc.state = RFC_STATE_TERM_WAIT_SEC_CHECK;
155 btm_sec_mx_access_request(p_port->rfc.p_mcb->bd_addr, false,
156 p_port->sec_mask, &rfc_sec_check_complete,
157 p_port);
158 return;
159
160 case RFC_PORT_EVENT_UA:
161 return;
162
163 case RFC_PORT_EVENT_DM:
164 log::warn("RFC_EVENT_DM, index={}", p_port->handle);
165 rfc_port_closed(p_port);
166 return;
167
168 case RFC_PORT_EVENT_UIH:
169 osi_free(p_data);
170 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, false);
171 return;
172
173 case RFC_PORT_EVENT_DISC:
174 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, false);
175 return;
176
177 case RFC_PORT_EVENT_TIMEOUT:
178 PORT_TimeOutCloseMux(p_port->rfc.p_mcb);
179 log::error("Port error state {} event {}", p_port->rfc.state, event);
180 return;
181 default:
182 log::error("Received unexpected event:{} in state:{}", event,
183 p_port->rfc.state);
184 }
185
186 log::warn("Port state closed Event ignored {}", event);
187 return;
188 }
189
190 /*******************************************************************************
191 *
192 * Function rfc_port_sm_sabme_wait_ua
193 *
194 * Description This function handles events when SABME on the DLC was
195 * sent and SM is waiting for UA or DM.
196 *
197 * Returns void
198 *
199 ******************************************************************************/
rfc_port_sm_sabme_wait_ua(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)200 void rfc_port_sm_sabme_wait_ua(tPORT* p_port, tRFC_PORT_EVENT event,
201 void* p_data) {
202 switch (event) {
203 case RFC_PORT_EVENT_OPEN:
204 case RFC_PORT_EVENT_ESTABLISH_RSP:
205 log::error("Port error state {} event {}", p_port->rfc.state, event);
206 return;
207
208 case RFC_PORT_EVENT_CLOSE:
209 rfc_port_timer_start(p_port, RFC_DISC_TIMEOUT);
210 rfc_send_disc(p_port->rfc.p_mcb, p_port->dlci);
211 p_port->rfc.expected_rsp = 0;
212 p_port->rfc.state = RFC_STATE_DISC_WAIT_UA;
213 return;
214
215 case RFC_PORT_EVENT_CLEAR:
216 log::warn("RFC_PORT_EVENT_CLEAR, index={}", p_port->handle);
217 rfc_port_closed(p_port);
218 return;
219
220 case RFC_PORT_EVENT_DATA:
221 osi_free(p_data);
222 break;
223
224 case RFC_PORT_EVENT_UA:
225 rfc_port_timer_stop(p_port);
226 p_port->rfc.state = RFC_STATE_OPENED;
227
228 if (uuid_logging_acceptlist.find(p_port->uuid) !=
229 uuid_logging_acceptlist.end()) {
230 // Find Channel Control Block by Channel ID
231 tL2C_CCB* p_ccb =
232 l2cu_find_ccb_by_cid(nullptr, p_port->rfc.p_mcb->lcid);
233 if (p_ccb) {
234 bluetooth::shim::GetSnoopLogger()->AcceptlistRfcommDlci(
235 p_ccb->p_lcb->Handle(), p_port->rfc.p_mcb->lcid, p_port->dlci);
236 }
237 }
238 if (p_port->rfc.p_mcb) {
239 uint16_t lcid;
240 tL2C_CCB* ccb;
241
242 lcid = p_port->rfc.p_mcb->lcid;
243 ccb = l2cu_find_ccb_by_cid(nullptr, lcid);
244
245 if (ccb) {
246 bluetooth::shim::GetSnoopLogger()->SetRfcommPortOpen(
247 ccb->p_lcb->Handle(), lcid, p_port->dlci, p_port->uuid,
248 p_port->rfc.p_mcb->flow == PORT_FC_CREDIT);
249 }
250 }
251
252 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
253 p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_SUCCESS);
254 return;
255
256 case RFC_PORT_EVENT_DM:
257 log::warn("RFC_EVENT_DM, index={}", p_port->handle);
258 p_port->rfc.p_mcb->is_disc_initiator = true;
259 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
260 p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_ERROR);
261 rfc_port_closed(p_port);
262 return;
263
264 case RFC_PORT_EVENT_DISC:
265 log::warn("RFC_EVENT_DISC, index={}", p_port->handle);
266 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
267 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
268 p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_ERROR);
269 rfc_port_closed(p_port);
270 return;
271
272 case RFC_PORT_EVENT_SABME:
273 /* Continue to wait for the UA the SABME this side sent */
274 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
275 return;
276
277 case RFC_PORT_EVENT_UIH:
278 osi_free(p_data);
279 return;
280
281 case RFC_PORT_EVENT_TIMEOUT:
282 p_port->rfc.state = RFC_STATE_CLOSED;
283 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci,
284 p_port->rfc.p_mcb->peer_l2cap_mtu, RFCOMM_ERROR);
285 return;
286 default:
287 log::error("Received unexpected event:{} in state:{}", event,
288 p_port->rfc.state);
289 }
290 log::warn("Port state sabme_wait_ua Event ignored {}", event);
291 }
292
293 /*******************************************************************************
294 *
295 * Function rfc_port_sm_term_wait_sec_check
296 *
297 * Description This function handles events for the port in the
298 * WAIT_SEC_CHECK state. SABME has been received from the
299 * peer and Security Manager verifes address, before we can
300 * send ESTABLISH_IND to the Port entity
301 *
302 * Returns void
303 *
304 ******************************************************************************/
rfc_port_sm_term_wait_sec_check(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)305 void rfc_port_sm_term_wait_sec_check(tPORT* p_port, tRFC_PORT_EVENT event,
306 void* p_data) {
307 switch (event) {
308 case RFC_PORT_EVENT_SEC_COMPLETE:
309 if (*((uint8_t*)p_data) != BTM_SUCCESS) {
310 /* Authentication/authorization failed. If link is still */
311 /* up send DM and check if we need to start inactive timer */
312 if (p_port->rfc.p_mcb) {
313 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
314 p_port->rfc.p_mcb->is_disc_initiator = true;
315 port_rfc_closed(p_port, PORT_SEC_FAILED);
316 }
317 } else {
318 PORT_DlcEstablishInd(p_port->rfc.p_mcb, p_port->dlci,
319 p_port->rfc.p_mcb->peer_l2cap_mtu);
320 }
321 return;
322
323 case RFC_PORT_EVENT_OPEN:
324 case RFC_PORT_EVENT_CLOSE:
325 log::error("Port error state {} event {}", p_port->rfc.state, event);
326 return;
327
328 case RFC_PORT_EVENT_CLEAR:
329 log::warn("RFC_PORT_EVENT_CLEAR, index={}", p_port->handle);
330 btm_sec_abort_access_req(p_port->rfc.p_mcb->bd_addr);
331 rfc_port_closed(p_port);
332 return;
333
334 case RFC_PORT_EVENT_DATA:
335 log::error("Port error state Term Wait Sec event Data");
336 osi_free(p_data);
337 return;
338
339 case RFC_PORT_EVENT_SABME:
340 /* Ignore SABME retransmission if client dares to do so */
341 return;
342
343 case RFC_PORT_EVENT_DISC:
344 btm_sec_abort_access_req(p_port->rfc.p_mcb->bd_addr);
345 p_port->rfc.state = RFC_STATE_CLOSED;
346 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
347
348 PORT_DlcReleaseInd(p_port->rfc.p_mcb, p_port->dlci);
349 return;
350
351 case RFC_PORT_EVENT_UIH:
352 osi_free(p_data);
353 return;
354
355 case RFC_PORT_EVENT_ESTABLISH_RSP:
356 if (*((uint8_t*)p_data) != RFCOMM_SUCCESS) {
357 if (p_port->rfc.p_mcb)
358 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
359 } else {
360 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
361 p_port->rfc.state = RFC_STATE_OPENED;
362
363 if (uuid_logging_acceptlist.find(p_port->uuid) !=
364 uuid_logging_acceptlist.end()) {
365 // Find Channel Control Block by Channel ID
366 tL2C_CCB* p_ccb =
367 l2cu_find_ccb_by_cid(nullptr, p_port->rfc.p_mcb->lcid);
368 if (p_ccb) {
369 bluetooth::shim::GetSnoopLogger()->AcceptlistRfcommDlci(
370 p_ccb->p_lcb->Handle(), p_port->rfc.p_mcb->lcid, p_port->dlci);
371 }
372 }
373 if (p_port->rfc.p_mcb) {
374 uint16_t lcid;
375 tL2C_CCB* ccb;
376
377 lcid = p_port->rfc.p_mcb->lcid;
378 ccb = l2cu_find_ccb_by_cid(nullptr, lcid);
379
380 if (ccb) {
381 bluetooth::shim::GetSnoopLogger()->SetRfcommPortOpen(
382 ccb->p_lcb->Handle(), lcid, p_port->dlci, p_port->uuid,
383 p_port->rfc.p_mcb->flow == PORT_FC_CREDIT);
384 }
385 }
386 }
387 return;
388 default:
389 log::error("Received unexpected event:{} in state:{}", event,
390 p_port->rfc.state);
391 }
392 log::warn("Port state term_wait_sec_check Event ignored {}", event);
393 }
394
395 /*******************************************************************************
396 *
397 * Function rfc_port_sm_orig_wait_sec_check
398 *
399 * Description This function handles events for the port in the
400 * ORIG_WAIT_SEC_CHECK state. RFCOMM is waiting for Security
401 * manager to finish before sending SABME to the peer
402 *
403 * Returns void
404 *
405 ******************************************************************************/
rfc_port_sm_orig_wait_sec_check(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)406 void rfc_port_sm_orig_wait_sec_check(tPORT* p_port, tRFC_PORT_EVENT event,
407 void* p_data) {
408 switch (event) {
409 case RFC_PORT_EVENT_SEC_COMPLETE:
410 if (*((uint8_t*)p_data) != BTM_SUCCESS) {
411 log::error("RFC_PORT_EVENT_SEC_COMPLETE, index={}, result={}",
412 p_port->handle, *((uint8_t*)p_data));
413 p_port->rfc.p_mcb->is_disc_initiator = true;
414 PORT_DlcEstablishCnf(p_port->rfc.p_mcb, p_port->dlci, 0,
415 RFCOMM_SECURITY_ERR);
416 rfc_port_closed(p_port);
417 return;
418 }
419 rfc_send_sabme(p_port->rfc.p_mcb, p_port->dlci);
420 rfc_port_timer_start(p_port, RFC_PORT_T1_TIMEOUT);
421 p_port->rfc.state = RFC_STATE_SABME_WAIT_UA;
422 return;
423
424 case RFC_PORT_EVENT_OPEN:
425 case RFC_PORT_EVENT_SABME: /* Peer should not use the same dlci */
426 log::error("Port error state {} event {}", p_port->rfc.state, event);
427 return;
428
429 case RFC_PORT_EVENT_CLOSE:
430 log::warn("RFC_PORT_EVENT_CLOSE, index={}", p_port->handle);
431 btm_sec_abort_access_req(p_port->rfc.p_mcb->bd_addr);
432 rfc_port_closed(p_port);
433 return;
434
435 case RFC_PORT_EVENT_DATA:
436 log::error("Port error state Orig Wait Sec event Data");
437 osi_free(p_data);
438 return;
439
440 case RFC_PORT_EVENT_UIH:
441 osi_free(p_data);
442 return;
443 default:
444 log::error("Received unexpected event:{} in state:{}", event,
445 p_port->rfc.state);
446 }
447 log::warn("Port state orig_wait_sec_check Event ignored {}", event);
448 }
449
450 /*******************************************************************************
451 *
452 * Function rfc_port_sm_opened
453 *
454 * Description This function handles events for the port in the OPENED
455 * state
456 *
457 * Returns void
458 *
459 ******************************************************************************/
rfc_port_sm_opened(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)460 void rfc_port_sm_opened(tPORT* p_port, tRFC_PORT_EVENT event, void* p_data) {
461 switch (event) {
462 case RFC_PORT_EVENT_OPEN:
463 log::error("RFC_PORT_EVENT_OPEN bd_addr:{} handle:{} dlci:{} scn:{}",
464 p_port->bd_addr, p_port->handle, p_port->dlci, p_port->scn);
465 return;
466
467 case RFC_PORT_EVENT_CLOSE:
468 log::info("RFC_PORT_EVENT_CLOSE bd_addr:{}, handle:{} dlci:{} scn:{}",
469 p_port->bd_addr, p_port->handle, p_port->dlci, p_port->scn);
470 rfc_port_timer_start(p_port, RFC_DISC_TIMEOUT);
471 rfc_send_disc(p_port->rfc.p_mcb, p_port->dlci);
472 p_port->rfc.expected_rsp = 0;
473 p_port->rfc.state = RFC_STATE_DISC_WAIT_UA;
474 return;
475
476 case RFC_PORT_EVENT_CLEAR:
477 log::warn("RFC_PORT_EVENT_CLEAR bd_addr:{} handle:{} dlci:{} scn:{}",
478 p_port->bd_addr, p_port->handle, p_port->dlci, p_port->scn);
479 rfc_port_closed(p_port);
480 return;
481
482 case RFC_PORT_EVENT_DATA:
483 /* Send credits in the frame. Pass them in the layer specific member of
484 * the hdr. */
485 /* There might be an initial case when we reduced rx_max and credit_rx is
486 * still */
487 /* bigger. Make sure that we do not send 255 */
488 log::verbose("RFC_PORT_EVENT_DATA bd_addr:{} handle:{} dlci:{} scn:{}",
489 p_port->bd_addr, p_port->handle, p_port->dlci, p_port->scn);
490 if ((p_port->rfc.p_mcb->flow == PORT_FC_CREDIT) &&
491 (((BT_HDR*)p_data)->len < p_port->peer_mtu) &&
492 (!p_port->rx.user_fc) &&
493 (p_port->credit_rx_max > p_port->credit_rx)) {
494 ((BT_HDR*)p_data)->layer_specific =
495 (uint8_t)(p_port->credit_rx_max - p_port->credit_rx);
496 p_port->credit_rx = p_port->credit_rx_max;
497 } else {
498 ((BT_HDR*)p_data)->layer_specific = 0;
499 }
500 rfc_send_buf_uih(p_port->rfc.p_mcb, p_port->dlci, (BT_HDR*)p_data);
501 rfc_dec_credit(p_port);
502 return;
503
504 case RFC_PORT_EVENT_UA:
505 log::verbose("RFC_PORT_EVENT_UA bd_addr:{} handle:{} dlci:{} scn:{}",
506 p_port->bd_addr, p_port->handle, p_port->dlci, p_port->scn);
507 return;
508
509 case RFC_PORT_EVENT_SABME:
510 log::verbose("RFC_PORT_EVENT_SABME bd_addr:{} handle:{} dlci:{} scn:{}",
511 p_port->bd_addr, p_port->handle, p_port->dlci, p_port->scn);
512 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
513 return;
514
515 case RFC_PORT_EVENT_DM:
516 log::info("RFC_EVENT_DM bd_addr:{} handle:{} dlci:{} scn:{}",
517 p_port->bd_addr, p_port->handle, p_port->dlci, p_port->scn);
518 PORT_DlcReleaseInd(p_port->rfc.p_mcb, p_port->dlci);
519 rfc_port_closed(p_port);
520 return;
521
522 case RFC_PORT_EVENT_DISC:
523 log::info("RFC_PORT_EVENT_DISC bd_addr:{} handle:{} dlci:{} scn:{}",
524 p_port->bd_addr, p_port->handle, p_port->dlci, p_port->scn);
525 p_port->rfc.state = RFC_STATE_CLOSED;
526 rfc_send_ua(p_port->rfc.p_mcb, p_port->dlci);
527 if (!fixed_queue_is_empty(p_port->rx.queue)) {
528 /* give a chance to upper stack to close port properly */
529 log::verbose("port queue is not empty");
530 rfc_port_timer_start(p_port, RFC_DISC_TIMEOUT);
531 } else {
532 PORT_DlcReleaseInd(p_port->rfc.p_mcb, p_port->dlci);
533 }
534 return;
535
536 case RFC_PORT_EVENT_UIH:
537 log::verbose("RFC_PORT_EVENT_UIH bd_addr:{}, handle:{} dlci:{} scn:{}",
538 p_port->bd_addr, p_port->handle, p_port->dlci, p_port->scn);
539 rfc_port_uplink_data(p_port, (BT_HDR*)p_data);
540 return;
541
542 case RFC_PORT_EVENT_TIMEOUT:
543 PORT_TimeOutCloseMux(p_port->rfc.p_mcb);
544 log::error("RFC_PORT_EVENT_TIMEOUT bd_addr:{} handle:{} dlci:{} scn:{}",
545 p_port->bd_addr, p_port->handle, p_port->dlci, p_port->scn);
546 return;
547
548 default:
549 break;
550 }
551 log::error("Received unexpected event:{} bd_addr:{} handle:{} dlci:{} scn:{}",
552 rfcomm_port_event_text(event), p_port->bd_addr, p_port->handle,
553 p_port->dlci, p_port->scn);
554 }
555
556 /*******************************************************************************
557 *
558 * Function rfc_port_sm_disc_wait_ua
559 *
560 * Description This function handles events when DISC on the DLC was
561 * sent and SM is waiting for UA or DM.
562 *
563 * Returns void
564 *
565 ******************************************************************************/
rfc_port_sm_disc_wait_ua(tPORT * p_port,tRFC_PORT_EVENT event,void * p_data)566 void rfc_port_sm_disc_wait_ua(tPORT* p_port, tRFC_PORT_EVENT event,
567 void* p_data) {
568 switch (event) {
569 case RFC_PORT_EVENT_OPEN:
570 case RFC_PORT_EVENT_ESTABLISH_RSP:
571 log::error("Port error state {} event {}", p_port->rfc.state, event);
572 return;
573
574 case RFC_PORT_EVENT_CLEAR:
575 log::warn("RFC_PORT_EVENT_CLEAR, index={}", p_port->handle);
576 rfc_port_closed(p_port);
577 return;
578
579 case RFC_PORT_EVENT_DATA:
580 osi_free(p_data);
581 return;
582
583 case RFC_PORT_EVENT_UA:
584 p_port->rfc.p_mcb->is_disc_initiator = true;
585 FALLTHROUGH_INTENDED; /* FALLTHROUGH */
586
587 case RFC_PORT_EVENT_DM:
588 log::warn("RFC_EVENT_DM|RFC_EVENT_UA[{}], index={}", event,
589 p_port->handle);
590 rfc_port_closed(p_port);
591 return;
592
593 case RFC_PORT_EVENT_SABME:
594 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
595 return;
596
597 case RFC_PORT_EVENT_DISC:
598 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, true);
599 return;
600
601 case RFC_PORT_EVENT_UIH:
602 osi_free(p_data);
603 rfc_send_dm(p_port->rfc.p_mcb, p_port->dlci, false);
604 return;
605
606 case RFC_PORT_EVENT_TIMEOUT:
607 log::error("RFC_EVENT_TIMEOUT, index={}", p_port->handle);
608 rfc_port_closed(p_port);
609 return;
610 default:
611 log::error("Received unexpected event:{} in state:{}", event,
612 p_port->rfc.state);
613 }
614
615 log::warn("Port state disc_wait_ua Event ignored {}", event);
616 }
617
618 /*******************************************************************************
619 *
620 * Function rfc_port_uplink_data
621 *
622 * Description This function handles uplink information data frame.
623 *
624 ******************************************************************************/
rfc_port_uplink_data(tPORT * p_port,BT_HDR * p_buf)625 void rfc_port_uplink_data(tPORT* p_port, BT_HDR* p_buf) {
626 PORT_DataInd(p_port->rfc.p_mcb, p_port->dlci, p_buf);
627 }
628
629 /*******************************************************************************
630 *
631 * Function rfc_process_pn
632 *
633 * Description This function handles DLC parameter negotiation frame.
634 * Record MTU and pass indication to the upper layer.
635 *
636 ******************************************************************************/
rfc_process_pn(tRFC_MCB * p_mcb,bool is_command,MX_FRAME * p_frame)637 void rfc_process_pn(tRFC_MCB* p_mcb, bool is_command, MX_FRAME* p_frame) {
638 log::verbose("is_initiator={}, is_cmd={}, state={}, bd_addr={}",
639 p_mcb->is_initiator, is_command, p_mcb->state, p_mcb->bd_addr);
640 uint8_t dlci = p_frame->dlci;
641
642 if (is_command) {
643 /* Ignore if Multiplexer is being shut down */
644 if (p_mcb->state != RFC_MX_STATE_DISC_WAIT_UA) {
645 PORT_ParNegInd(p_mcb, dlci, p_frame->u.pn.mtu, p_frame->u.pn.conv_layer,
646 p_frame->u.pn.k);
647 } else {
648 log::warn("MX PN while disconnecting, bd_addr={}, p_mcb={}",
649 p_mcb->bd_addr, fmt::ptr(p_mcb));
650 rfc_send_dm(p_mcb, dlci, false);
651 }
652
653 return;
654 }
655 /* If we are not awaiting response just ignore it */
656 tPORT* p_port = port_find_mcb_dlci_port(p_mcb, dlci);
657 if ((p_port == nullptr) || !(p_port->rfc.expected_rsp & RFC_RSP_PN)) {
658 log::warn(": Ignore unwanted response, p_mcb={}, bd_addr={}, dlci={}",
659 fmt::ptr(p_mcb), p_mcb->bd_addr, dlci);
660 return;
661 }
662
663 p_port->rfc.expected_rsp &= ~RFC_RSP_PN;
664
665 rfc_port_timer_stop(p_port);
666
667 PORT_ParNegCnf(p_mcb, dlci, p_frame->u.pn.mtu, p_frame->u.pn.conv_layer,
668 p_frame->u.pn.k);
669 }
670
671 /*******************************************************************************
672 *
673 * Function rfc_process_rpn
674 *
675 * Description This function handles Remote DLC parameter negotiation
676 * command/response. Pass command to the user.
677 *
678 ******************************************************************************/
rfc_process_rpn(tRFC_MCB * p_mcb,bool is_command,bool is_request,MX_FRAME * p_frame)679 void rfc_process_rpn(tRFC_MCB* p_mcb, bool is_command, bool is_request,
680 MX_FRAME* p_frame) {
681 tPORT_STATE port_pars;
682 tPORT* p_port;
683
684 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
685 if (p_port == nullptr) {
686 /* This is the first command on the port */
687 if (is_command) {
688 memset(&port_pars, 0, sizeof(tPORT_STATE));
689 rfc_set_port_state(&port_pars, p_frame);
690
691 PORT_PortNegInd(p_mcb, p_frame->dlci, &port_pars,
692 p_frame->u.rpn.param_mask);
693 }
694 return;
695 }
696
697 if (is_command && is_request) {
698 /* This is the special situation when peer just request local pars */
699 rfc_send_rpn(p_mcb, p_frame->dlci, false, &p_port->peer_port_pars, 0);
700 return;
701 }
702
703 port_pars = p_port->peer_port_pars;
704
705 rfc_set_port_state(&port_pars, p_frame);
706
707 if (is_command) {
708 PORT_PortNegInd(p_mcb, p_frame->dlci, &port_pars,
709 p_frame->u.rpn.param_mask);
710 return;
711 }
712
713 /* If we are not awaiting response just ignore it */
714 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
715 if ((p_port == nullptr) ||
716 !(p_port->rfc.expected_rsp & (RFC_RSP_RPN | RFC_RSP_RPN_REPLY))) {
717 log::warn("ignore DLC parameter negotiation as we are not waiting for any");
718 return;
719 }
720
721 /* If we sent a request for port parameters to the peer it is replying with */
722 /* mask 0. */
723 rfc_port_timer_stop(p_port);
724
725 if (p_port->rfc.expected_rsp & RFC_RSP_RPN_REPLY) {
726 p_port->rfc.expected_rsp &= ~RFC_RSP_RPN_REPLY;
727
728 p_port->peer_port_pars = port_pars;
729
730 if ((port_pars.fc_type ==
731 (RFCOMM_FC_RTR_ON_INPUT | RFCOMM_FC_RTR_ON_OUTPUT)) ||
732 (port_pars.fc_type ==
733 (RFCOMM_FC_RTC_ON_INPUT | RFCOMM_FC_RTC_ON_OUTPUT))) {
734 /* This is satisfactory port parameters. Set mask as it was Ok */
735 p_frame->u.rpn.param_mask = RFCOMM_RPN_PM_MASK;
736 } else {
737 /* Current peer parameters are not good, try to fix them */
738 p_port->peer_port_pars.fc_type =
739 (RFCOMM_FC_RTR_ON_INPUT | RFCOMM_FC_RTR_ON_OUTPUT);
740
741 p_port->rfc.expected_rsp |= RFC_RSP_RPN;
742 rfc_send_rpn(p_mcb, p_frame->dlci, true, &p_port->peer_port_pars,
743 RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT);
744 rfc_port_timer_start(p_port, RFC_T2_TIMEOUT);
745 return;
746 }
747 } else
748 p_port->rfc.expected_rsp &= ~RFC_RSP_RPN;
749
750 /* Check if all suggested parameters were accepted */
751 if (((p_frame->u.rpn.param_mask &
752 (RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT)) ==
753 (RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT)) ||
754 ((p_frame->u.rpn.param_mask &
755 (RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT)) ==
756 (RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT))) {
757 PORT_PortNegCnf(p_mcb, p_port->dlci, &port_pars, RFCOMM_SUCCESS);
758 return;
759 }
760
761 /* If we were proposing RTR flow control try RTC flow control */
762 /* If we were proposing RTC flow control try no flow control */
763 /* otherwise drop the connection */
764 if (p_port->peer_port_pars.fc_type ==
765 (RFCOMM_FC_RTR_ON_INPUT | RFCOMM_FC_RTR_ON_OUTPUT)) {
766 /* Current peer parameters are not good, try to fix them */
767 p_port->peer_port_pars.fc_type =
768 (RFCOMM_FC_RTC_ON_INPUT | RFCOMM_FC_RTC_ON_OUTPUT);
769
770 p_port->rfc.expected_rsp |= RFC_RSP_RPN;
771
772 rfc_send_rpn(p_mcb, p_frame->dlci, true, &p_port->peer_port_pars,
773 RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT);
774 rfc_port_timer_start(p_port, RFC_T2_TIMEOUT);
775 return;
776 }
777
778 /* Other side does not support flow control */
779 if (p_port->peer_port_pars.fc_type ==
780 (RFCOMM_FC_RTC_ON_INPUT | RFCOMM_FC_RTC_ON_OUTPUT)) {
781 p_port->peer_port_pars.fc_type = RFCOMM_FC_OFF;
782 PORT_PortNegCnf(p_mcb, p_port->dlci, &port_pars, RFCOMM_SUCCESS);
783 }
784 }
785
786 /*******************************************************************************
787 *
788 * Function rfc_process_msc
789 *
790 * Description This function handles Modem Status Command.
791 * Pass command to the user.
792 *
793 ******************************************************************************/
rfc_process_msc(tRFC_MCB * p_mcb,bool is_command,MX_FRAME * p_frame)794 void rfc_process_msc(tRFC_MCB* p_mcb, bool is_command, MX_FRAME* p_frame) {
795 tPORT_CTRL pars;
796 tPORT* p_port;
797 uint8_t modem_signals = p_frame->u.msc.signals;
798 bool new_peer_fc = false;
799
800 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
801 if (p_port == NULL) return;
802
803 pars.modem_signal = 0;
804
805 if (modem_signals & RFCOMM_MSC_RTC) pars.modem_signal |= MODEM_SIGNAL_DTRDSR;
806
807 if (modem_signals & RFCOMM_MSC_RTR) pars.modem_signal |= MODEM_SIGNAL_RTSCTS;
808
809 if (modem_signals & RFCOMM_MSC_IC) pars.modem_signal |= MODEM_SIGNAL_RI;
810
811 if (modem_signals & RFCOMM_MSC_DV) pars.modem_signal |= MODEM_SIGNAL_DCD;
812
813 pars.fc = ((modem_signals & RFCOMM_MSC_FC) == RFCOMM_MSC_FC);
814
815 pars.break_signal =
816 (p_frame->u.msc.break_present) ? p_frame->u.msc.break_duration : 0;
817 pars.discard_buffers = 0;
818 pars.break_signal_seq = RFCOMM_CTRL_BREAK_IN_SEQ; /* this is default */
819
820 /* Check if this command is passed only to indicate flow control */
821 if (is_command) {
822 rfc_send_msc(p_mcb, p_frame->dlci, false, &pars);
823
824 if (p_port->rfc.p_mcb->flow != PORT_FC_CREDIT) {
825 /* Spec 1.1 indicates that only FC bit is used for flow control */
826 p_port->peer_ctrl.fc = new_peer_fc = pars.fc;
827
828 if (new_peer_fc != p_port->tx.peer_fc)
829 PORT_FlowInd(p_mcb, p_frame->dlci, (bool)!new_peer_fc);
830 }
831
832 PORT_ControlInd(p_mcb, p_frame->dlci, &pars);
833
834 return;
835 }
836
837 /* If we are not awaiting response just ignore it */
838 if (!(p_port->rfc.expected_rsp & RFC_RSP_MSC)) return;
839
840 p_port->rfc.expected_rsp &= ~RFC_RSP_MSC;
841
842 rfc_port_timer_stop(p_port);
843
844 PORT_ControlCnf(p_port->rfc.p_mcb, p_port->dlci, &pars);
845 }
846
847 /*******************************************************************************
848 *
849 * Function rfc_process_rls
850 *
851 * Description This function handles Remote Line Status command.
852 * Pass command to the user.
853 *
854 ******************************************************************************/
rfc_process_rls(tRFC_MCB * p_mcb,bool is_command,MX_FRAME * p_frame)855 void rfc_process_rls(tRFC_MCB* p_mcb, bool is_command, MX_FRAME* p_frame) {
856 tPORT* p_port;
857
858 if (is_command) {
859 PORT_LineStatusInd(p_mcb, p_frame->dlci, p_frame->u.rls.line_status);
860 rfc_send_rls(p_mcb, p_frame->dlci, false, p_frame->u.rls.line_status);
861 } else {
862 p_port = port_find_mcb_dlci_port(p_mcb, p_frame->dlci);
863
864 /* If we are not awaiting response just ignore it */
865 if (!p_port || !(p_port->rfc.expected_rsp & RFC_RSP_RLS)) return;
866
867 p_port->rfc.expected_rsp &= ~RFC_RSP_RLS;
868
869 rfc_port_timer_stop(p_port);
870 }
871 }
872
873 /*******************************************************************************
874 *
875 * Function rfc_process_nsc
876 *
877 * Description This function handles None Supported Command frame.
878 *
879 ******************************************************************************/
rfc_process_nsc(tRFC_MCB *,MX_FRAME *)880 void rfc_process_nsc(tRFC_MCB* /* p_mcb */, MX_FRAME* /* p_frame */) {}
881
882 /*******************************************************************************
883 *
884 * Function rfc_process_test
885 *
886 * Description This function handles Test frame. If this is a command
887 * reply to it. Otherwise pass response to the user.
888 *
889 ******************************************************************************/
rfc_process_test_rsp(tRFC_MCB *,BT_HDR * p_buf)890 void rfc_process_test_rsp(tRFC_MCB* /* p_mcb */, BT_HDR* p_buf) {
891 osi_free(p_buf);
892 }
893
894 /*******************************************************************************
895 *
896 * Function rfc_process_fcon
897 *
898 * Description This function handles FCON frame. The peer entity is able
899 * to receive new information
900 *
901 ******************************************************************************/
rfc_process_fcon(tRFC_MCB * p_mcb,bool is_command)902 void rfc_process_fcon(tRFC_MCB* p_mcb, bool is_command) {
903 if (is_command) {
904 rfc_cb.rfc.peer_rx_disabled = false;
905
906 rfc_send_fcon(p_mcb, false);
907
908 if (!p_mcb->l2cap_congested) PORT_FlowInd(p_mcb, 0, true);
909 }
910 }
911
912 /*******************************************************************************
913 *
914 * Function rfc_process_fcoff
915 *
916 * Description This function handles FCOFF frame. The peer entity is
917 * unable to receive new information
918 *
919 ******************************************************************************/
rfc_process_fcoff(tRFC_MCB * p_mcb,bool is_command)920 void rfc_process_fcoff(tRFC_MCB* p_mcb, bool is_command) {
921 if (is_command) {
922 rfc_cb.rfc.peer_rx_disabled = true;
923
924 if (!p_mcb->l2cap_congested) PORT_FlowInd(p_mcb, 0, false);
925
926 rfc_send_fcoff(p_mcb, false);
927 }
928 }
929
930 /*******************************************************************************
931 *
932 * Function rfc_process_l2cap_congestion
933 *
934 * Description This function handles L2CAP congestion messages
935 *
936 ******************************************************************************/
rfc_process_l2cap_congestion(tRFC_MCB * p_mcb,bool is_congested)937 void rfc_process_l2cap_congestion(tRFC_MCB* p_mcb, bool is_congested) {
938 p_mcb->l2cap_congested = is_congested;
939
940 if (!is_congested) {
941 rfc_check_send_cmd(p_mcb, nullptr);
942 }
943
944 if (!rfc_cb.rfc.peer_rx_disabled) {
945 PORT_FlowInd(p_mcb, 0, !is_congested);
946 }
947 }
948
949 /*******************************************************************************
950 *
951 * Function rfc_set_port_pars
952 *
953 * Description This function sets the tPORT_STATE structure given a
954 * p_frame.
955 *
956 ******************************************************************************/
957
rfc_set_port_state(tPORT_STATE * port_pars,MX_FRAME * p_frame)958 void rfc_set_port_state(tPORT_STATE* port_pars, MX_FRAME* p_frame) {
959 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_BIT_RATE)
960 port_pars->baud_rate = p_frame->u.rpn.baud_rate;
961 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_DATA_BITS)
962 port_pars->byte_size = p_frame->u.rpn.byte_size;
963 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_STOP_BITS)
964 port_pars->stop_bits = p_frame->u.rpn.stop_bits;
965 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_PARITY)
966 port_pars->parity = p_frame->u.rpn.parity;
967 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_PARITY_TYPE)
968 port_pars->parity_type = p_frame->u.rpn.parity_type;
969 if (p_frame->u.rpn.param_mask &
970 (RFCOMM_RPN_PM_XONXOFF_ON_INPUT | RFCOMM_RPN_PM_XONXOFF_ON_OUTPUT |
971 RFCOMM_RPN_PM_RTR_ON_INPUT | RFCOMM_RPN_PM_RTR_ON_OUTPUT |
972 RFCOMM_RPN_PM_RTC_ON_INPUT | RFCOMM_RPN_PM_RTC_ON_OUTPUT))
973 port_pars->fc_type = p_frame->u.rpn.fc_type;
974 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_XON_CHAR)
975 port_pars->xon_char = p_frame->u.rpn.xon_char;
976 if (p_frame->u.rpn.param_mask & RFCOMM_RPN_PM_XOFF_CHAR)
977 port_pars->xoff_char = p_frame->u.rpn.xoff_char;
978 }
979