1 /******************************************************************************
2 *
3 * Copyright 2003-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 ******************************************************************************/
18
19 /******************************************************************************
20 *
21 * This module contains action functions of the link control state machine.
22 *
23 ******************************************************************************/
24 #include <bluetooth/log.h>
25 #include <com_android_bluetooth_flags.h>
26 #include <string.h>
27
28 #include "avct_api.h"
29 #include "avct_int.h"
30 #include "bta/include/bta_sec_api.h"
31 #include "btif/include/btif_av.h"
32 #include "device/include/device_iot_config.h"
33 #include "internal_include/bt_target.h"
34 #include "osi/include/allocator.h"
35 #include "stack/avct/avct_defs.h"
36 #include "stack/include/bt_hdr.h"
37 #include "stack/include/bt_types.h"
38
39 using namespace bluetooth;
40
41 /* packet header length lookup table */
42 const uint8_t avct_lcb_pkt_type_len[] = {AVCT_HDR_LEN_SINGLE,
43 AVCT_HDR_LEN_START, AVCT_HDR_LEN_CONT,
44 AVCT_HDR_LEN_END};
45
46 /*******************************************************************************
47 *
48 * Function avct_lcb_msg_asmbl
49 *
50 * Description Reassemble incoming message.
51 *
52 *
53 * Returns Pointer to reassembled message; NULL if no message
54 * available.
55 *
56 ******************************************************************************/
avct_lcb_msg_asmbl(tAVCT_LCB * p_lcb,BT_HDR * p_buf)57 static BT_HDR* avct_lcb_msg_asmbl(tAVCT_LCB* p_lcb, BT_HDR* p_buf) {
58 uint8_t* p;
59 uint8_t pkt_type;
60 BT_HDR* p_ret;
61
62 if (p_buf->len < 1) {
63 osi_free(p_buf);
64 p_ret = NULL;
65 return p_ret;
66 }
67
68 /* parse the message header */
69 p = (uint8_t*)(p_buf + 1) + p_buf->offset;
70 pkt_type = AVCT_PKT_TYPE(p);
71
72 /* quick sanity check on length */
73 if (p_buf->len < avct_lcb_pkt_type_len[pkt_type] ||
74 (sizeof(BT_HDR) + p_buf->offset + p_buf->len) > BT_DEFAULT_BUFFER_SIZE) {
75 osi_free(p_buf);
76 log::warn("Bad length during reassembly");
77 p_ret = NULL;
78 }
79 /* single packet */
80 else if (pkt_type == AVCT_PKT_TYPE_SINGLE) {
81 /* if reassembly in progress drop message and process new single */
82 if (p_lcb->p_rx_msg != NULL) log::warn("Got single during reassembly");
83
84 osi_free_and_reset((void**)&p_lcb->p_rx_msg);
85
86 p_ret = p_buf;
87 }
88 /* start packet */
89 else if (pkt_type == AVCT_PKT_TYPE_START) {
90 /* if reassembly in progress drop message and process new start */
91 if (p_lcb->p_rx_msg != NULL) log::warn("Got start during reassembly");
92
93 osi_free_and_reset((void**)&p_lcb->p_rx_msg);
94
95 /*
96 * Allocate bigger buffer for reassembly. As lower layers are
97 * not aware of possible packet size after reassembly, they
98 * would have allocated smaller buffer.
99 */
100 if (sizeof(BT_HDR) + p_buf->offset + p_buf->len > BT_DEFAULT_BUFFER_SIZE) {
101 osi_free(p_buf);
102 p_ret = NULL;
103 return p_ret;
104 }
105 p_lcb->p_rx_msg = (BT_HDR*)osi_malloc(BT_DEFAULT_BUFFER_SIZE);
106 memcpy(p_lcb->p_rx_msg, p_buf, sizeof(BT_HDR) + p_buf->offset + p_buf->len);
107
108 /* Free original buffer */
109 osi_free(p_buf);
110
111 /* update p to point to new buffer */
112 p = (uint8_t*)(p_lcb->p_rx_msg + 1) + p_lcb->p_rx_msg->offset;
113
114 /* copy first header byte over nosp */
115 *(p + 1) = *p;
116
117 /* set offset to point to where to copy next */
118 p_lcb->p_rx_msg->offset += p_lcb->p_rx_msg->len;
119
120 /* adjust length for packet header */
121 p_lcb->p_rx_msg->len -= 1;
122
123 p_ret = NULL;
124 }
125 /* continue or end */
126 else {
127 /* if no reassembly in progress drop message */
128 if (p_lcb->p_rx_msg == NULL) {
129 osi_free(p_buf);
130 log::warn("Pkt type={} out of order", pkt_type);
131 p_ret = NULL;
132 } else {
133 /* get size of buffer holding assembled message */
134 /*
135 * NOTE: The buffer is allocated above at the beginning of the
136 * reassembly, and is always of size BT_DEFAULT_BUFFER_SIZE.
137 */
138 uint16_t buf_len = BT_DEFAULT_BUFFER_SIZE - sizeof(BT_HDR);
139
140 /* adjust offset and len of fragment for header byte */
141 p_buf->offset += AVCT_HDR_LEN_CONT;
142 p_buf->len -= AVCT_HDR_LEN_CONT;
143
144 /* verify length */
145 if ((p_lcb->p_rx_msg->offset + p_buf->len) > buf_len) {
146 /* won't fit; free everything */
147 log::warn("Fragmented message too big!");
148 osi_free_and_reset((void**)&p_lcb->p_rx_msg);
149 osi_free(p_buf);
150 p_ret = NULL;
151 } else {
152 /* copy contents of p_buf to p_rx_msg */
153 memcpy((uint8_t*)(p_lcb->p_rx_msg + 1) + p_lcb->p_rx_msg->offset,
154 (uint8_t*)(p_buf + 1) + p_buf->offset, p_buf->len);
155
156 if (pkt_type == AVCT_PKT_TYPE_END) {
157 p_lcb->p_rx_msg->offset -= p_lcb->p_rx_msg->len;
158 p_lcb->p_rx_msg->len += p_buf->len;
159 p_ret = p_lcb->p_rx_msg;
160 p_lcb->p_rx_msg = NULL;
161 } else {
162 p_lcb->p_rx_msg->offset += p_buf->len;
163 p_lcb->p_rx_msg->len += p_buf->len;
164 p_ret = NULL;
165 }
166 osi_free(p_buf);
167 }
168 }
169 }
170 return p_ret;
171 }
172
173 /*******************************************************************************
174 *
175 * Function avct_lcb_chnl_open
176 *
177 * Description Open L2CAP channel to peer
178 *
179 *
180 * Returns Nothing.
181 *
182 ******************************************************************************/
avct_lcb_chnl_open(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT *)183 void avct_lcb_chnl_open(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* /* p_data */) {
184 uint16_t result = AVCT_RESULT_FAIL;
185
186 p_lcb->ch_state = AVCT_CH_CONN;
187 p_lcb->ch_lcid = L2CA_ConnectReqWithSecurity(AVCT_PSM, p_lcb->peer_addr,
188 BTA_SEC_AUTHENTICATE);
189 if (p_lcb->ch_lcid == 0) {
190 /* if connect req failed, send ourselves close event */
191 tAVCT_LCB_EVT avct_lcb_evt;
192 avct_lcb_evt.result = result;
193 avct_lcb_event(p_lcb, AVCT_LCB_LL_CLOSE_EVT, &avct_lcb_evt);
194 }
195 }
196
197 /*******************************************************************************
198 *
199 * Function avct_lcb_unbind_disc
200 *
201 * Description Deallocate ccb and call callback with disconnect event.
202 *
203 *
204 * Returns Nothing.
205 *
206 ******************************************************************************/
avct_lcb_unbind_disc(tAVCT_LCB *,tAVCT_LCB_EVT * p_data)207 void avct_lcb_unbind_disc(tAVCT_LCB* /* p_lcb */, tAVCT_LCB_EVT* p_data) {
208 avct_ccb_dealloc(p_data->p_ccb, AVCT_DISCONNECT_CFM_EVT, 0, NULL);
209 }
210
211 /*******************************************************************************
212 *
213 * Function avct_lcb_open_ind
214 *
215 * Description Handle an LL_OPEN event. For each allocated ccb already
216 * bound to this lcb, send a connect event. For each
217 * unbound ccb with a new PID, bind that ccb to this lcb and
218 * send a connect event.
219 *
220 *
221 * Returns Nothing.
222 *
223 ******************************************************************************/
avct_lcb_open_ind(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data)224 void avct_lcb_open_ind(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data) {
225 tAVCT_CCB* p_ccb = &avct_cb.ccb[0];
226 int i;
227 bool bind = false;
228
229 if (btif_av_src_sink_coexist_enabled()) {
230 bool is_originater = false;
231
232 for (i = 0; i < AVCT_NUM_CONN; i++, p_ccb++) {
233 if (p_ccb->allocated && (p_ccb->p_lcb == p_lcb) &&
234 p_ccb->cc.role == AVCT_INT) {
235 log::verbose("find int handle {}", i);
236 is_originater = true;
237 }
238 }
239
240 p_ccb = &avct_cb.ccb[0];
241 for (i = 0; i < AVCT_NUM_CONN; i++, p_ccb++) {
242 /* if ccb allocated and */
243 /** M: to avoid avctp collision, make sure the collision can be checked @{
244 */
245 log::verbose("{} ccb to lcb, alloc {}, lcb {}, role {}, pid 0x{:x}", i,
246 p_ccb->allocated, fmt::ptr(p_ccb->p_lcb), p_ccb->cc.role,
247 p_ccb->cc.pid);
248 if (p_ccb->allocated && (p_ccb->p_lcb == p_lcb)) {
249 /* if bound to this lcb send connect confirm event */
250 if (p_ccb->cc.role == AVCT_INT) {
251 /** @} */
252 bind = true;
253 if (!L2CA_SetTxPriority(p_lcb->ch_lcid, L2CAP_CHNL_PRIORITY_HIGH)) {
254 log::warn(
255 "Unable to set L2CAP transmit high priority peer:{} cid:{}",
256 p_ccb->p_lcb->peer_addr, p_lcb->ch_lcid);
257 }
258 p_ccb->cc.p_ctrl_cback(avct_ccb_to_idx(p_ccb), AVCT_CONNECT_CFM_EVT,
259 0, &p_lcb->peer_addr);
260 }
261 /* if unbound acceptor and lcb doesn't already have a ccb for this PID
262 */
263 /** M: to avoid avctp collision, make sure the collision can be checked
264 @{ */
265 else if ((p_ccb->cc.role == AVCT_ACP) &&
266 avct_lcb_has_pid(p_lcb, p_ccb->cc.pid)) {
267 /* bind ccb to lcb and send connect ind event */
268 if (is_originater) {
269 log::error("int exist, unbind acp handle:{}", i);
270 p_ccb->p_lcb = NULL;
271 } else {
272 bind = true;
273 p_ccb->p_lcb = p_lcb;
274 if (!L2CA_SetTxPriority(p_lcb->ch_lcid, L2CAP_CHNL_PRIORITY_HIGH)) {
275 log::warn(
276 "Unable to set L2CAP transmit high priority peer:{} cid:{}",
277 p_ccb->p_lcb->peer_addr, p_lcb->ch_lcid);
278 }
279 p_ccb->cc.p_ctrl_cback(avct_ccb_to_idx(p_ccb), AVCT_CONNECT_IND_EVT,
280 0, &p_lcb->peer_addr);
281 }
282 }
283 }
284 }
285 } else {
286 for (i = 0; i < AVCT_NUM_CONN; i++, p_ccb++) {
287 /* if ccb allocated and */
288 if (p_ccb->allocated) {
289 /* if bound to this lcb send connect confirm event */
290 if (p_ccb->p_lcb == p_lcb) {
291 bind = true;
292 if (!L2CA_SetTxPriority(p_lcb->ch_lcid, L2CAP_CHNL_PRIORITY_HIGH)) {
293 log::warn(
294 "Unable to set L2CAP transmit high priority peer:{} cid:{}",
295 p_ccb->p_lcb->peer_addr, p_lcb->ch_lcid);
296 }
297 p_ccb->cc.p_ctrl_cback(avct_ccb_to_idx(p_ccb), AVCT_CONNECT_CFM_EVT,
298 0, &p_lcb->peer_addr);
299 }
300 /* if unbound acceptor and lcb doesn't already have a ccb for this PID
301 */
302 else if ((p_ccb->p_lcb == NULL) && (p_ccb->cc.role == AVCT_ACP) &&
303 (avct_lcb_has_pid(p_lcb, p_ccb->cc.pid) == NULL)) {
304 /* bind ccb to lcb and send connect ind event */
305 bind = true;
306 p_ccb->p_lcb = p_lcb;
307 if (!L2CA_SetTxPriority(p_lcb->ch_lcid, L2CAP_CHNL_PRIORITY_HIGH)) {
308 log::warn(
309 "Unable to set L2CAP transmit high priority peer:{} cid:{}",
310 p_ccb->p_lcb->peer_addr, p_lcb->ch_lcid);
311 }
312 p_ccb->cc.p_ctrl_cback(avct_ccb_to_idx(p_ccb), AVCT_CONNECT_IND_EVT,
313 0, &p_lcb->peer_addr);
314 }
315 }
316 }
317 }
318
319 /* if no ccbs bound to this lcb, disconnect */
320 if (!bind) {
321 DEVICE_IOT_CONFIG_ADDR_INT_ADD_ONE(p_lcb->peer_addr,
322 IOT_CONF_KEY_AVRCP_CONN_FAIL_COUNT);
323 avct_lcb_event(p_lcb, AVCT_LCB_INT_CLOSE_EVT, p_data);
324 }
325 }
326
327 /*******************************************************************************
328 *
329 * Function avct_lcb_open_fail
330 *
331 * Description L2CAP channel open attempt failed. Deallocate any ccbs
332 * on this lcb and send connect confirm event with failure.
333 *
334 *
335 * Returns Nothing.
336 *
337 ******************************************************************************/
avct_lcb_open_fail(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data)338 void avct_lcb_open_fail(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data) {
339 tAVCT_CCB* p_ccb = &avct_cb.ccb[0];
340 int i;
341
342 for (i = 0; i < AVCT_NUM_CONN; i++, p_ccb++) {
343 if (p_ccb->allocated && (p_ccb->p_lcb == p_lcb)) {
344 avct_ccb_dealloc(p_ccb, AVCT_CONNECT_CFM_EVT, p_data->result,
345 &p_lcb->peer_addr);
346 DEVICE_IOT_CONFIG_ADDR_INT_ADD_ONE(p_lcb->peer_addr,
347 IOT_CONF_KEY_AVRCP_CONN_FAIL_COUNT);
348 }
349 }
350 }
351
352 /*******************************************************************************
353 *
354 * Function avct_lcb_close_ind
355 *
356 * Description L2CAP channel closed by peer. Deallocate any initiator
357 * ccbs on this lcb and send disconnect ind event.
358 *
359 *
360 * Returns Nothing.
361 *
362 ******************************************************************************/
avct_lcb_close_ind(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT *)363 void avct_lcb_close_ind(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* /* p_data */) {
364 tAVCT_CCB* p_ccb = &avct_cb.ccb[0];
365 int i;
366
367 for (i = 0; i < AVCT_NUM_CONN; i++, p_ccb++) {
368 if (p_ccb->allocated && (p_ccb->p_lcb == p_lcb)) {
369 if (p_ccb->cc.role == AVCT_INT) {
370 avct_ccb_dealloc(p_ccb, AVCT_DISCONNECT_IND_EVT, 0, &p_lcb->peer_addr);
371 } else {
372 p_ccb->p_lcb = NULL;
373 (*p_ccb->cc.p_ctrl_cback)(avct_ccb_to_idx(p_ccb),
374 AVCT_DISCONNECT_IND_EVT, 0,
375 &p_lcb->peer_addr);
376 }
377 }
378 }
379 }
380
381 /*******************************************************************************
382 *
383 * Function avct_lcb_close_cfm
384 *
385 * Description L2CAP channel closed by us. Deallocate any initiator
386 * ccbs on this lcb and send disconnect ind or cfm event.
387 *
388 *
389 * Returns Nothing.
390 *
391 ******************************************************************************/
avct_lcb_close_cfm(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data)392 void avct_lcb_close_cfm(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data) {
393 tAVCT_CCB* p_ccb = &avct_cb.ccb[0];
394 int i;
395 uint8_t event;
396
397 for (i = 0; i < AVCT_NUM_CONN; i++, p_ccb++) {
398 if (p_ccb->allocated && (p_ccb->p_lcb == p_lcb)) {
399 /* if this ccb initiated close send disconnect cfm otherwise ind */
400 if (p_ccb->ch_close) {
401 p_ccb->ch_close = false;
402 event = AVCT_DISCONNECT_CFM_EVT;
403 } else {
404 event = AVCT_DISCONNECT_IND_EVT;
405 }
406
407 if (p_ccb->cc.role == AVCT_INT) {
408 avct_ccb_dealloc(p_ccb, event, p_data->result, &p_lcb->peer_addr);
409 } else {
410 p_ccb->p_lcb = NULL;
411 (*p_ccb->cc.p_ctrl_cback)(avct_ccb_to_idx(p_ccb), event, p_data->result,
412 &p_lcb->peer_addr);
413 }
414 }
415 }
416 }
417
418 /*******************************************************************************
419 *
420 * Function avct_lcb_bind_conn
421 *
422 * Description Bind ccb to lcb and send connect cfm event.
423 *
424 *
425 * Returns Nothing.
426 *
427 ******************************************************************************/
avct_lcb_bind_conn(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data)428 void avct_lcb_bind_conn(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data) {
429 p_data->p_ccb->p_lcb = p_lcb;
430 (*p_data->p_ccb->cc.p_ctrl_cback)(avct_ccb_to_idx(p_data->p_ccb),
431 AVCT_CONNECT_CFM_EVT, 0, &p_lcb->peer_addr);
432 }
433
434 /*******************************************************************************
435 *
436 * Function avct_lcb_chk_disc
437 *
438 * Description A ccb wants to close; if it is the last ccb on this lcb,
439 * close channel. Otherwise just deallocate and call
440 * callback.
441 *
442 * Returns Nothing.
443 *
444 ******************************************************************************/
avct_lcb_chk_disc(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data)445 void avct_lcb_chk_disc(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data) {
446 avct_close_bcb(p_lcb, p_data);
447 if (avct_lcb_last_ccb(p_lcb, p_data->p_ccb)) {
448 log::info("Closing last avct channel to device");
449 p_data->p_ccb->ch_close = true;
450 avct_lcb_event(p_lcb, AVCT_LCB_INT_CLOSE_EVT, p_data);
451 } else {
452 log::info("Closing avct channel with active remaining channels");
453 avct_lcb_unbind_disc(p_lcb, p_data);
454 }
455 }
456
457 /*******************************************************************************
458 *
459 * Function avct_lcb_chnl_disc
460 *
461 * Description Disconnect L2CAP channel.
462 *
463 *
464 * Returns Nothing.
465 *
466 ******************************************************************************/
avct_lcb_chnl_disc(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT *)467 void avct_lcb_chnl_disc(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* /* p_data */) {
468 avct_l2c_disconnect(p_lcb->ch_lcid, 0);
469 }
470
471 /*******************************************************************************
472 *
473 * Function avct_lcb_bind_fail
474 *
475 * Description Deallocate ccb and call callback with connect event
476 * with failure result.
477 *
478 *
479 * Returns Nothing.
480 *
481 ******************************************************************************/
avct_lcb_bind_fail(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data)482 void avct_lcb_bind_fail(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data) {
483 avct_ccb_dealloc(p_data->p_ccb, AVCT_CONNECT_CFM_EVT, AVCT_RESULT_FAIL, NULL);
484 DEVICE_IOT_CONFIG_ADDR_INT_ADD_ONE(p_lcb->peer_addr,
485 IOT_CONF_KEY_AVRCP_CONN_FAIL_COUNT);
486 }
487
488 /*******************************************************************************
489 *
490 * Function avct_lcb_cong_ind
491 *
492 * Description Handle congestion indication from L2CAP.
493 *
494 *
495 * Returns Nothing.
496 *
497 ******************************************************************************/
avct_lcb_cong_ind(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data)498 void avct_lcb_cong_ind(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data) {
499 tAVCT_CCB* p_ccb = &avct_cb.ccb[0];
500 int i;
501 uint8_t event;
502 BT_HDR* p_buf;
503
504 /* set event */
505 event = (p_data->cong) ? AVCT_CONG_IND_EVT : AVCT_UNCONG_IND_EVT;
506 p_lcb->cong = p_data->cong;
507 if (!p_lcb->cong && !fixed_queue_is_empty(p_lcb->tx_q)) {
508 while (!p_lcb->cong &&
509 (p_buf = (BT_HDR*)fixed_queue_try_dequeue(p_lcb->tx_q)) != NULL) {
510 if (L2CA_DataWrite(p_lcb->ch_lcid, p_buf) == L2CAP_DW_CONGESTED) {
511 p_lcb->cong = true;
512 }
513 }
514 }
515
516 /* send event to all ccbs on this lcb */
517 for (i = 0; i < AVCT_NUM_CONN; i++, p_ccb++) {
518 if (p_ccb->allocated && (p_ccb->p_lcb == p_lcb)) {
519 (*p_ccb->cc.p_ctrl_cback)(avct_ccb_to_idx(p_ccb), event, 0,
520 &p_lcb->peer_addr);
521 }
522 }
523 }
524
525 /*******************************************************************************
526 *
527 * Function avct_lcb_discard_msg
528 *
529 * Description Discard a message sent in from the API.
530 *
531 *
532 * Returns Nothing.
533 *
534 ******************************************************************************/
avct_lcb_discard_msg(tAVCT_LCB *,tAVCT_LCB_EVT * p_data)535 void avct_lcb_discard_msg(tAVCT_LCB* /* p_lcb */, tAVCT_LCB_EVT* p_data) {
536 log::warn("Dropping message");
537 osi_free_and_reset((void**)&p_data->ul_msg.p_buf);
538 }
539
540 /*******************************************************************************
541 *
542 * Function avct_lcb_send_msg
543 *
544 * Description Build and send an AVCTP message.
545 *
546 *
547 * Returns Nothing.
548 *
549 ******************************************************************************/
avct_lcb_send_msg(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data)550 void avct_lcb_send_msg(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data) {
551 uint16_t curr_msg_len;
552 uint8_t pkt_type;
553 uint8_t hdr_len;
554 uint8_t* p;
555 uint8_t nosp = 0; /* number of subsequent packets */
556 uint16_t temp;
557 uint16_t buf_size = p_lcb->peer_mtu + L2CAP_MIN_OFFSET + BT_HDR_SIZE;
558
559 /* store msg len */
560 curr_msg_len = p_data->ul_msg.p_buf->len;
561
562 /* initialize packet type and other stuff */
563 if (curr_msg_len <= (p_lcb->peer_mtu - AVCT_HDR_LEN_SINGLE)) {
564 pkt_type = AVCT_PKT_TYPE_SINGLE;
565 } else {
566 pkt_type = AVCT_PKT_TYPE_START;
567 temp = (curr_msg_len + AVCT_HDR_LEN_START - p_lcb->peer_mtu);
568 nosp = temp / (p_lcb->peer_mtu - 1) + 1;
569 if ((temp % (p_lcb->peer_mtu - 1)) != 0) nosp++;
570 }
571
572 /* while we haven't sent all packets */
573 while (curr_msg_len != 0) {
574 BT_HDR* p_buf;
575
576 /* set header len */
577 hdr_len = avct_lcb_pkt_type_len[pkt_type];
578
579 /* if remaining msg must be fragmented */
580 if (p_data->ul_msg.p_buf->len > (p_lcb->peer_mtu - hdr_len)) {
581 /* get a new buffer for fragment we are sending */
582 p_buf = (BT_HDR*)osi_malloc(buf_size);
583
584 /* copy portion of data from current message to new buffer */
585 p_buf->offset = L2CAP_MIN_OFFSET + hdr_len;
586 p_buf->len = p_lcb->peer_mtu - hdr_len;
587
588 memcpy(
589 (uint8_t*)(p_buf + 1) + p_buf->offset,
590 (uint8_t*)(p_data->ul_msg.p_buf + 1) + p_data->ul_msg.p_buf->offset,
591 p_buf->len);
592
593 p_data->ul_msg.p_buf->offset += p_buf->len;
594 p_data->ul_msg.p_buf->len -= p_buf->len;
595 } else {
596 p_buf = p_data->ul_msg.p_buf;
597 }
598
599 curr_msg_len -= p_buf->len;
600
601 /* set up to build header */
602 p_buf->len += hdr_len;
603 p_buf->offset -= hdr_len;
604 p = (uint8_t*)(p_buf + 1) + p_buf->offset;
605
606 /* build header */
607 AVCT_BUILD_HDR(p, p_data->ul_msg.label, pkt_type, p_data->ul_msg.cr);
608 if (pkt_type == AVCT_PKT_TYPE_START) {
609 UINT8_TO_STREAM(p, nosp);
610 }
611 if ((pkt_type == AVCT_PKT_TYPE_START) ||
612 (pkt_type == AVCT_PKT_TYPE_SINGLE)) {
613 UINT16_TO_BE_STREAM(p, p_data->ul_msg.p_ccb->cc.pid);
614 }
615
616 if (p_lcb->cong) {
617 fixed_queue_enqueue(p_lcb->tx_q, p_buf);
618 }
619
620 /* send message to L2CAP */
621 else {
622 if (L2CA_DataWrite(p_lcb->ch_lcid, p_buf) == L2CAP_DW_CONGESTED) {
623 p_lcb->cong = true;
624 }
625 }
626
627 /* update pkt type for next packet */
628 if (curr_msg_len > (p_lcb->peer_mtu - AVCT_HDR_LEN_END)) {
629 pkt_type = AVCT_PKT_TYPE_CONT;
630 } else {
631 pkt_type = AVCT_PKT_TYPE_END;
632 }
633 }
634 log::verbose("tx_q_count:{}", fixed_queue_length(p_lcb->tx_q));
635 return;
636 }
637
638 /*******************************************************************************
639 *
640 * Function avct_lcb_free_msg_ind
641 *
642 * Description Discard an incoming AVCTP message.
643 *
644 *
645 * Returns Nothing.
646 *
647 ******************************************************************************/
avct_lcb_free_msg_ind(tAVCT_LCB *,tAVCT_LCB_EVT * p_data)648 void avct_lcb_free_msg_ind(tAVCT_LCB* /* p_lcb */, tAVCT_LCB_EVT* p_data) {
649 if (p_data == NULL) return;
650
651 osi_free_and_reset((void**)&p_data->p_buf);
652 }
653
654 /*******************************************************************************
655 *
656 * Function avct_lcb_msg_ind
657 *
658 * Description Handle an incoming AVCTP message.
659 *
660 *
661 * Returns Nothing.
662 *
663 ******************************************************************************/
avct_lcb_msg_ind(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data)664 void avct_lcb_msg_ind(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data) {
665 uint8_t* p;
666 uint8_t label, type, cr_ipid;
667 uint16_t pid;
668 tAVCT_CCB* p_ccb;
669
670 /* this p_buf is to be reported through p_msg_cback. The layer_specific
671 * needs to be set properly to indicate that it is received through
672 * control channel */
673 p_data->p_buf->layer_specific = AVCT_DATA_CTRL;
674
675 /* reassemble message; if no message available (we received a fragment) return
676 */
677 p_data->p_buf = avct_lcb_msg_asmbl(p_lcb, p_data->p_buf);
678 if (p_data->p_buf == NULL) {
679 return;
680 }
681
682 p = (uint8_t*)(p_data->p_buf + 1) + p_data->p_buf->offset;
683
684 /* parse header byte */
685 AVCT_PARSE_HDR(p, label, type, cr_ipid);
686 /* parse PID */
687 BE_STREAM_TO_UINT16(pid, p);
688
689 /* check for invalid cr_ipid */
690 if (cr_ipid == AVCT_CR_IPID_INVALID) {
691 log::warn("Invalid cr_ipid {}", cr_ipid);
692 osi_free_and_reset((void**)&p_data->p_buf);
693 return;
694 }
695
696 bool bind = false;
697 if (btif_av_src_sink_coexist_enabled()) {
698 bind = avct_msg_ind_for_src_sink_coexist(p_lcb, p_data, label, cr_ipid);
699 osi_free_and_reset((void**)&p_data->p_buf);
700 if (bind) return;
701 } else {
702 /* lookup PID */
703 p_ccb = avct_lcb_has_pid(p_lcb, pid);
704 if (p_ccb) {
705 /* PID found; send msg up, adjust bt hdr and call msg callback */
706 p_data->p_buf->offset += AVCT_HDR_LEN_SINGLE;
707 p_data->p_buf->len -= AVCT_HDR_LEN_SINGLE;
708 (*p_ccb->cc.p_msg_cback)(avct_ccb_to_idx(p_ccb), label, cr_ipid,
709 p_data->p_buf);
710 return;
711 }
712 }
713
714 /* PID not found; drop message */
715 log::warn("No ccb for PID={:x}", pid);
716 osi_free_and_reset((void**)&p_data->p_buf);
717
718 /* if command send reject */
719 if (cr_ipid == AVCT_CMD) {
720 BT_HDR* p_buf = (BT_HDR*)osi_malloc(AVCT_CMD_BUF_SIZE);
721 p_buf->len = AVCT_HDR_LEN_SINGLE;
722 p_buf->offset = AVCT_MSG_OFFSET - AVCT_HDR_LEN_SINGLE;
723 p = (uint8_t*)(p_buf + 1) + p_buf->offset;
724 AVCT_BUILD_HDR(p, label, AVCT_PKT_TYPE_SINGLE, AVCT_REJ);
725 UINT16_TO_BE_STREAM(p, pid);
726 if (L2CA_DataWrite(p_lcb->ch_lcid, p_buf) != L2CAP_DW_SUCCESS) {
727 log::warn("Unable to write L2CAP data peer:{} cid:{} len:{}",
728 p_lcb->peer_addr, p_lcb->ch_lcid, p_buf->len);
729 }
730 }
731 }
732
avct_msg_ind_for_src_sink_coexist(tAVCT_LCB * p_lcb,tAVCT_LCB_EVT * p_data,uint8_t label,uint8_t cr_ipid)733 bool avct_msg_ind_for_src_sink_coexist(tAVCT_LCB* p_lcb, tAVCT_LCB_EVT* p_data,
734 uint8_t label, uint8_t cr_ipid) {
735 bool bind = false;
736 tAVCT_CCB* p_ccb;
737 int p_buf_len;
738 uint8_t* p;
739 uint16_t pid, type;
740
741 p = (uint8_t*)(p_data->p_buf + 1) + p_data->p_buf->offset;
742 if (com::android::bluetooth::flags::a2dp_concurrent_source_sink()) {
743 AVCT_PARSE_HDR(p, label, type, cr_ipid);
744 }
745
746 BE_STREAM_TO_UINT16(pid, p);
747
748 p_ccb = &avct_cb.ccb[0];
749 p_data->p_buf->offset += AVCT_HDR_LEN_SINGLE;
750 p_data->p_buf->len -= AVCT_HDR_LEN_SINGLE;
751 p_buf_len = BT_HDR_SIZE + p_data->p_buf->offset + p_data->p_buf->len;
752
753 for (int i = 0; i < AVCT_NUM_CONN; i++, p_ccb++) {
754 if (p_ccb->allocated && (p_ccb->p_lcb == p_lcb) && (p_ccb->cc.pid == pid)) {
755 /* PID found; send msg up, adjust bt hdr and call msg callback */
756 bind = true;
757 BT_HDR* p_tmp_buf = (BT_HDR*)osi_malloc(p_buf_len);
758 memcpy(p_tmp_buf, p_data->p_buf, p_buf_len);
759 (*p_ccb->cc.p_msg_cback)(avct_ccb_to_idx(p_ccb), label, cr_ipid,
760 p_tmp_buf);
761 }
762 }
763
764 return bind;
765 }
766