1 /****************************************************************************** 2 * 3 * Copyright (C) 1999-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 /***************************************************************************** 20 * 21 * This file contains collection of utility functions used the RFCOMM unit 22 * 23 *****************************************************************************/ 24 25 #include "bt_target.h" 26 #include "gki.h" 27 28 #include "btm_api.h" 29 #include "btm_int.h" 30 #include "rfcdefs.h" 31 #include "port_api.h" 32 #include "port_ext.h" 33 #include "port_int.h" 34 #include "rfc_int.h" 35 #include "btu.h" 36 37 #include <string.h> 38 39 /******************************************************************************* 40 ** 41 ** Function rfc_calc_fcs 42 ** 43 ** Description Reversed CRC Table , 8-bit, poly=0x07 44 ** (GSM 07.10 TS 101 369 V6.3.0) 45 *******************************************************************************/ 46 static const UINT8 rfc_crctable[] = 47 { 48 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75, 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B, 49 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69, 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67, 50 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D, 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43, 51 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51, 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F, 52 53 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05, 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B, 54 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19, 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17, 55 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D, 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33, 56 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21, 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F, 57 58 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95, 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B, 59 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89, 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87, 60 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD, 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3, 61 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1, 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF, 62 63 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5, 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB, 64 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9, 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7, 65 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD, 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3, 66 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1, 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF 67 }; 68 69 70 /******************************************************************************* 71 ** 72 ** Function rfc_calc_fcs 73 ** 74 ** Description This function calculate FCS for the RFCOMM frame 75 ** (GSM 07.10 TS 101 369 V6.3.0) 76 ** 77 ** Input len - number of bytes in the message 78 ** p - points to message 79 ** 80 *******************************************************************************/ 81 UINT8 rfc_calc_fcs (UINT16 len, UINT8 *p) 82 { 83 UINT8 fcs = 0xFF; 84 85 while (len--) 86 { 87 fcs = rfc_crctable[fcs ^ *p++]; 88 } 89 90 /* Ones compliment */ 91 return (0xFF - fcs); 92 } 93 94 95 /******************************************************************************* 96 ** 97 ** Function rfc_check_fcs 98 ** 99 ** Description This function checks FCS for the RFCOMM frame 100 ** (GSM 07.10 TS 101 369 V6.3.0) 101 ** 102 ** Input len - number of bytes in the message 103 ** p - points to message 104 ** received_fcs - received FCS 105 ** 106 *******************************************************************************/ 107 BOOLEAN rfc_check_fcs (UINT16 len, UINT8 *p, UINT8 received_fcs) 108 { 109 UINT8 fcs = 0xFF; 110 111 while (len--) 112 { 113 fcs = rfc_crctable[fcs ^ *p++]; 114 } 115 116 /* Ones compliment */ 117 fcs = rfc_crctable[fcs ^ received_fcs]; 118 119 /*0xCF is the reversed order of 11110011.*/ 120 return (fcs == 0xCF); 121 } 122 123 124 /******************************************************************************* 125 ** 126 ** Function rfc_alloc_multiplexer_channel 127 ** 128 ** Description This function returns existing or new control block for 129 ** the BD_ADDR. 130 ** 131 *******************************************************************************/ 132 tRFC_MCB *rfc_alloc_multiplexer_channel (BD_ADDR bd_addr, BOOLEAN is_initiator) 133 { 134 int i, j; 135 tRFC_MCB *p_mcb = NULL; 136 137 for (i = 0; i < MAX_BD_CONNECTIONS; i++) 138 { 139 if ((rfc_cb.port.rfc_mcb[i].state != RFC_MX_STATE_IDLE) 140 && (!memcmp (rfc_cb.port.rfc_mcb[i].bd_addr, bd_addr, BD_ADDR_LEN))) 141 { 142 /* Multiplexer channel found do not change anything */ 143 /* If there was an inactivity timer running stop it now */ 144 if (rfc_cb.port.rfc_mcb[i].state == RFC_MX_STATE_CONNECTED) 145 rfc_timer_stop (&rfc_cb.port.rfc_mcb[i]); 146 return (&rfc_cb.port.rfc_mcb[i]); 147 } 148 } 149 150 /* connection with bd_addr does not exist */ 151 for (i = 0, j = rfc_cb.rfc.last_mux + 1; i < MAX_BD_CONNECTIONS; i++, j++) 152 { 153 if (j >= MAX_BD_CONNECTIONS) 154 j = 0; 155 156 p_mcb = &rfc_cb.port.rfc_mcb[j]; 157 if (rfc_cb.port.rfc_mcb[j].state == RFC_MX_STATE_IDLE) 158 { 159 /* New multiplexer control block */ 160 memset (p_mcb, 0, sizeof (tRFC_MCB)); 161 memcpy (p_mcb->bd_addr, bd_addr, BD_ADDR_LEN); 162 163 GKI_init_q(&p_mcb->cmd_q); 164 165 p_mcb->is_initiator = is_initiator; 166 167 rfc_timer_start (p_mcb, RFC_MCB_INIT_INACT_TIMER); 168 169 rfc_cb.rfc.last_mux = (UINT8) j; 170 return (p_mcb); 171 } 172 } 173 return (NULL); 174 } 175 176 177 /******************************************************************************* 178 ** 179 ** Function rfc_release_multiplexer_channel 180 ** 181 ** Description This function returns existing or new control block for 182 ** the BD_ADDR. 183 ** 184 *******************************************************************************/ 185 void rfc_release_multiplexer_channel (tRFC_MCB *p_mcb) 186 { 187 void *p_buf; 188 189 rfc_timer_stop (p_mcb); 190 191 while ((p_buf = GKI_dequeue(&p_mcb->cmd_q)) != NULL) 192 GKI_freebuf(p_buf); 193 194 memset (p_mcb, 0, sizeof (tRFC_MCB)); 195 p_mcb->state = RFC_MX_STATE_IDLE; 196 } 197 198 199 /******************************************************************************* 200 ** 201 ** Function rfc_timer_start 202 ** 203 ** Description Start RFC Timer 204 ** 205 *******************************************************************************/ 206 void rfc_timer_start (tRFC_MCB *p_mcb, UINT16 timeout) 207 { 208 TIMER_LIST_ENT *p_tle = &p_mcb->tle; 209 210 RFCOMM_TRACE_EVENT1 ("rfc_timer_start - timeout:%d", timeout); 211 212 p_tle->param = (UINT32)p_mcb; 213 214 btu_start_timer (p_tle, BTU_TTYPE_RFCOMM_MFC, timeout); 215 } 216 217 218 /******************************************************************************* 219 ** 220 ** Function rfc_timer_stop 221 ** 222 ** Description Stop RFC Timer 223 ** 224 *******************************************************************************/ 225 void rfc_timer_stop (tRFC_MCB *p_mcb) 226 { 227 RFCOMM_TRACE_EVENT0 ("rfc_timer_stop"); 228 229 btu_stop_timer (&p_mcb->tle); 230 } 231 232 233 /******************************************************************************* 234 ** 235 ** Function rfc_port_timer_start 236 ** 237 ** Description Start RFC Timer 238 ** 239 *******************************************************************************/ 240 void rfc_port_timer_start (tPORT *p_port, UINT16 timeout) 241 { 242 TIMER_LIST_ENT *p_tle = &p_port->rfc.tle; 243 244 RFCOMM_TRACE_EVENT1 ("rfc_port_timer_start - timeout:%d", timeout); 245 246 p_tle->param = (UINT32)p_port; 247 248 btu_start_timer (p_tle, BTU_TTYPE_RFCOMM_PORT, timeout); 249 } 250 251 252 /******************************************************************************* 253 ** 254 ** Function rfc_port_timer_stop 255 ** 256 ** Description Stop RFC Timer 257 ** 258 *******************************************************************************/ 259 void rfc_port_timer_stop (tPORT *p_port) 260 { 261 RFCOMM_TRACE_EVENT0 ("rfc_port_timer_stop"); 262 263 btu_stop_timer (&p_port->rfc.tle); 264 } 265 266 267 /******************************************************************************* 268 ** 269 ** Function rfc_check_mcb_active 270 ** 271 ** Description Check if there are any opened ports on the MCB if not 272 ** start MCB Inact timer. 273 ** 274 ** Returns void 275 ** 276 *******************************************************************************/ 277 void rfc_check_mcb_active (tRFC_MCB *p_mcb) 278 { 279 UINT16 i; 280 281 for (i = 0; i < RFCOMM_MAX_DLCI; i++) 282 { 283 if (p_mcb->port_inx[i] != 0) 284 { 285 p_mcb->is_disc_initiator = FALSE; 286 return; 287 } 288 } 289 /* The last port was DISCed. On the client side start disconnecting Mx */ 290 /* On the server side start inactivity timer */ 291 if (p_mcb->is_disc_initiator) 292 { 293 p_mcb->is_disc_initiator = FALSE; 294 rfc_mx_sm_execute (p_mcb, RFC_MX_EVENT_CLOSE_REQ, NULL); 295 } 296 else 297 rfc_timer_start (p_mcb, RFC_MCB_RELEASE_INACT_TIMER); 298 } 299 300 301 /******************************************************************************* 302 ** 303 ** Function rfcomm_process_timeout 304 ** 305 ** Description The function called every second to check RFCOMM timers 306 ** 307 ** Returns void 308 ** 309 *******************************************************************************/ 310 void rfcomm_process_timeout (TIMER_LIST_ENT *p_tle) 311 { 312 switch (p_tle->event) 313 { 314 case BTU_TTYPE_RFCOMM_MFC: 315 rfc_mx_sm_execute ((tRFC_MCB *)p_tle->param, RFC_EVENT_TIMEOUT, NULL); 316 break; 317 318 case BTU_TTYPE_RFCOMM_PORT: 319 rfc_port_sm_execute ((tPORT *)p_tle->param, RFC_EVENT_TIMEOUT, NULL); 320 break; 321 322 default: 323 break; 324 } 325 } 326 327 328 /******************************************************************************* 329 ** 330 ** Function rfc_sec_check_complete 331 ** 332 ** Description The function called when Security Manager finishes 333 ** verification of the service side connection 334 ** 335 ** Returns void 336 ** 337 *******************************************************************************/ 338 void rfc_sec_check_complete (BD_ADDR bd_addr, void *p_ref_data, UINT8 res) 339 { 340 tPORT *p_port = (tPORT *)p_ref_data; 341 342 /* Verify that PORT is still waiting for Security to complete */ 343 if (!p_port->in_use 344 || ((p_port->rfc.state != RFC_STATE_ORIG_WAIT_SEC_CHECK) 345 && (p_port->rfc.state != RFC_STATE_TERM_WAIT_SEC_CHECK))) 346 return; 347 348 rfc_port_sm_execute ((tPORT *)p_ref_data, RFC_EVENT_SEC_COMPLETE, &res); 349 } 350 351 352 /******************************************************************************* 353 ** 354 ** Function rfc_port_closed 355 ** 356 ** Description The function is called when port is released based on the 357 ** event received from the lower layer, typically L2CAP 358 ** connection down, DISC, or DM frame. 359 ** 360 ** Returns void 361 ** 362 *******************************************************************************/ 363 void rfc_port_closed (tPORT *p_port) 364 { 365 tRFC_MCB *p_mcb = p_port->rfc.p_mcb; 366 367 RFCOMM_TRACE_DEBUG0 ("rfc_port_closed"); 368 369 rfc_port_timer_stop (p_port); 370 371 p_port->rfc.state = RFC_STATE_CLOSED; 372 373 /* If multiplexer channel was up mark it as down */ 374 if (p_mcb) 375 { 376 p_mcb->port_inx[p_port->dlci] = 0; 377 378 /* If there are no more ports opened on this MCB release it */ 379 rfc_check_mcb_active (p_mcb); 380 } 381 382 /* Notify port that RFC connection is gone */ 383 port_rfc_closed (p_port, PORT_CLOSED); 384 } 385 386 /******************************************************************************* 387 ** 388 ** Function rfc_inc_credit 389 ** 390 ** Description The function is called when a credit is received in a UIH 391 ** frame. It increments the TX credit count, and if data 392 ** flow had halted, it restarts it. 393 ** 394 ** Returns void 395 ** 396 *******************************************************************************/ 397 void rfc_inc_credit (tPORT *p_port, UINT8 credit) 398 { 399 if (p_port->rfc.p_mcb->flow == PORT_FC_CREDIT) 400 { 401 p_port->credit_tx += credit; 402 403 RFCOMM_TRACE_EVENT1 ("rfc_inc_credit:%d", p_port->credit_tx); 404 405 if (p_port->tx.peer_fc == TRUE) 406 PORT_FlowInd(p_port->rfc.p_mcb, p_port->dlci, TRUE); 407 } 408 } 409 410 /******************************************************************************* 411 ** 412 ** Function rfc_dec_credit 413 ** 414 ** Description The function is called when a UIH frame of user data is 415 ** sent. It decrements the credit count. If credit count 416 ** Reaches zero, peer_fc is set. 417 ** 418 ** Returns void 419 ** 420 *******************************************************************************/ 421 void rfc_dec_credit (tPORT *p_port) 422 { 423 if (p_port->rfc.p_mcb->flow == PORT_FC_CREDIT) 424 { 425 if (p_port->credit_tx > 0) 426 p_port->credit_tx--; 427 428 if (p_port->credit_tx == 0) 429 p_port->tx.peer_fc = TRUE; 430 } 431 } 432 433 434 /******************************************************************************* 435 ** 436 ** Function rfc_check_send_cmd 437 ** 438 ** Description This function is called to send an RFCOMM command message 439 ** or to handle the RFCOMM command message queue. 440 ** 441 ** Returns void 442 ** 443 *******************************************************************************/ 444 void rfc_check_send_cmd(tRFC_MCB *p_mcb, BT_HDR *p_buf) 445 { 446 BT_HDR *p; 447 448 /* if passed a buffer queue it */ 449 if (p_buf != NULL) 450 { 451 GKI_enqueue(&p_mcb->cmd_q, p_buf); 452 } 453 454 /* handle queue if L2CAP not congested */ 455 while (p_mcb->l2cap_congested == FALSE) 456 { 457 if ((p = (BT_HDR *) GKI_dequeue(&p_mcb->cmd_q)) == NULL) 458 { 459 break; 460 } 461 462 463 L2CA_DataWrite (p_mcb->lcid, p); 464 } 465 } 466 467 468