1 /****************************************************************************** 2 * 3 * Copyright (C) 1999-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 /***************************************************************************** 20 * 21 * This file contains collection of utility functions used the RFCOMM unit 22 * 23 *****************************************************************************/ 24 25 #include "bt_target.h" 26 #include "gki.h" 27 28 #include "btm_api.h" 29 #include "btm_int.h" 30 #include "rfcdefs.h" 31 #include "port_api.h" 32 #include "port_ext.h" 33 #include "port_int.h" 34 #include "rfc_int.h" 35 #include "btu.h" 36 37 #include <string.h> 38 39 /******************************************************************************* 40 ** 41 ** Function rfc_calc_fcs 42 ** 43 ** Description Reversed CRC Table , 8-bit, poly=0x07 44 ** (GSM 07.10 TS 101 369 V6.3.0) 45 *******************************************************************************/ 46 static const UINT8 rfc_crctable[] = 47 { 48 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75, 0x0E, 0x9F, 0xED, 0x7C, 0x09, 0x98, 0xEA, 0x7B, 49 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 0xF8, 0x69, 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67, 50 0x38, 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D, 0x36, 0xA7, 0xD5, 0x44, 0x31, 0xA0, 0xD2, 0x43, 51 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 0x51, 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F, 52 53 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05, 0x7E, 0xEF, 0x9D, 0x0C, 0x79, 0xE8, 0x9A, 0x0B, 54 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 0x88, 0x19, 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17, 55 0x48, 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D, 0x46, 0xD7, 0xA5, 0x34, 0x41, 0xD0, 0xA2, 0x33, 56 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 0x21, 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F, 57 58 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95, 0xEE, 0x7F, 0x0D, 0x9C, 0xE9, 0x78, 0x0A, 0x9B, 59 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 0x18, 0x89, 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87, 60 0xD8, 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD, 0xD6, 0x47, 0x35, 0xA4, 0xD1, 0x40, 0x32, 0xA3, 61 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 0xB1, 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF, 62 63 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5, 0x9E, 0x0F, 0x7D, 0xEC, 0x99, 0x08, 0x7A, 0xEB, 64 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 0x68, 0xF9, 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7, 65 0xA8, 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD, 0xA6, 0x37, 0x45, 0xD4, 0xA1, 0x30, 0x42, 0xD3, 66 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 0xC1, 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF 67 }; 68 69 70 /******************************************************************************* 71 ** 72 ** Function rfc_calc_fcs 73 ** 74 ** Description This function calculate FCS for the RFCOMM frame 75 ** (GSM 07.10 TS 101 369 V6.3.0) 76 ** 77 ** Input len - number of bytes in the message 78 ** p - points to message 79 ** 80 *******************************************************************************/ 81 UINT8 rfc_calc_fcs (UINT16 len, UINT8 *p) 82 { 83 UINT8 fcs = 0xFF; 84 85 while (len--) 86 { 87 fcs = rfc_crctable[fcs ^ *p++]; 88 } 89 90 /* Ones compliment */ 91 return (0xFF - fcs); 92 } 93 94 95 /******************************************************************************* 96 ** 97 ** Function rfc_check_fcs 98 ** 99 ** Description This function checks FCS for the RFCOMM frame 100 ** (GSM 07.10 TS 101 369 V6.3.0) 101 ** 102 ** Input len - number of bytes in the message 103 ** p - points to message 104 ** received_fcs - received FCS 105 ** 106 *******************************************************************************/ 107 BOOLEAN rfc_check_fcs (UINT16 len, UINT8 *p, UINT8 received_fcs) 108 { 109 UINT8 fcs = 0xFF; 110 111 while (len--) 112 { 113 fcs = rfc_crctable[fcs ^ *p++]; 114 } 115 116 /* Ones compliment */ 117 fcs = rfc_crctable[fcs ^ received_fcs]; 118 119 /*0xCF is the reversed order of 11110011.*/ 120 return (fcs == 0xCF); 121 } 122 123 124 /******************************************************************************* 125 ** 126 ** Function rfc_alloc_multiplexer_channel 127 ** 128 ** Description This function returns existing or new control block for 129 ** the BD_ADDR. 130 ** 131 *******************************************************************************/ 132 tRFC_MCB *rfc_alloc_multiplexer_channel (BD_ADDR bd_addr, BOOLEAN is_initiator) 133 { 134 int i, j; 135 tRFC_MCB *p_mcb = NULL; 136 RFCOMM_TRACE_DEBUG6("rfc_alloc_multiplexer_channel: bd_addr:%02x:%02x:%02x:%02x:%02x:%02x", 137 bd_addr[0], bd_addr[1], bd_addr[2], bd_addr[3], bd_addr[4], bd_addr[5]); 138 RFCOMM_TRACE_DEBUG1("rfc_alloc_multiplexer_channel:is_initiator:%d", is_initiator); 139 140 for (i = 0; i < MAX_BD_CONNECTIONS; i++) 141 { 142 RFCOMM_TRACE_DEBUG2("rfc_alloc_multiplexer_channel rfc_cb.port.rfc_mcb[%d].state:%d", 143 i, rfc_cb.port.rfc_mcb[i].state); 144 RFCOMM_TRACE_DEBUG6("(rfc_cb.port.rfc_mcb[i].bd_addr:%02x:%02x:%02x:%02x:%02x:%02x", 145 rfc_cb.port.rfc_mcb[i].bd_addr[0], rfc_cb.port.rfc_mcb[i].bd_addr[1], 146 rfc_cb.port.rfc_mcb[i].bd_addr[2], rfc_cb.port.rfc_mcb[i].bd_addr[3], 147 rfc_cb.port.rfc_mcb[i].bd_addr[4], rfc_cb.port.rfc_mcb[i].bd_addr[5]); 148 149 if ((rfc_cb.port.rfc_mcb[i].state != RFC_MX_STATE_IDLE) 150 && (!memcmp (rfc_cb.port.rfc_mcb[i].bd_addr, bd_addr, BD_ADDR_LEN))) 151 { 152 /* Multiplexer channel found do not change anything */ 153 /* If there was an inactivity timer running stop it now */ 154 if (rfc_cb.port.rfc_mcb[i].state == RFC_MX_STATE_CONNECTED) 155 rfc_timer_stop (&rfc_cb.port.rfc_mcb[i]); 156 RFCOMM_TRACE_DEBUG3("rfc_alloc_multiplexer_channel:is_initiator:%d, found, state:%d, p_mcb:%p", 157 is_initiator, rfc_cb.port.rfc_mcb[i].state, &rfc_cb.port.rfc_mcb[i]); 158 return (&rfc_cb.port.rfc_mcb[i]); 159 } 160 } 161 162 /* connection with bd_addr does not exist */ 163 for (i = 0, j = rfc_cb.rfc.last_mux + 1; i < MAX_BD_CONNECTIONS; i++, j++) 164 { 165 if (j >= MAX_BD_CONNECTIONS) 166 j = 0; 167 168 p_mcb = &rfc_cb.port.rfc_mcb[j]; 169 if (rfc_cb.port.rfc_mcb[j].state == RFC_MX_STATE_IDLE) 170 { 171 /* New multiplexer control block */ 172 memset (p_mcb, 0, sizeof (tRFC_MCB)); 173 memcpy (p_mcb->bd_addr, bd_addr, BD_ADDR_LEN); 174 RFCOMM_TRACE_DEBUG3("rfc_alloc_multiplexer_channel:is_initiator:%d, create new p_mcb:%p, index:%d", 175 is_initiator, &rfc_cb.port.rfc_mcb[j], j); 176 177 GKI_init_q(&p_mcb->cmd_q); 178 179 p_mcb->is_initiator = is_initiator; 180 181 rfc_timer_start (p_mcb, RFC_MCB_INIT_INACT_TIMER); 182 183 rfc_cb.rfc.last_mux = (UINT8) j; 184 return (p_mcb); 185 } 186 } 187 return (NULL); 188 } 189 190 191 /******************************************************************************* 192 ** 193 ** Function rfc_release_multiplexer_channel 194 ** 195 ** Description This function returns existing or new control block for 196 ** the BD_ADDR. 197 ** 198 *******************************************************************************/ 199 void rfc_release_multiplexer_channel (tRFC_MCB *p_mcb) 200 { 201 void *p_buf; 202 203 rfc_timer_stop (p_mcb); 204 205 while ((p_buf = GKI_dequeue(&p_mcb->cmd_q)) != NULL) 206 GKI_freebuf(p_buf); 207 208 memset (p_mcb, 0, sizeof (tRFC_MCB)); 209 p_mcb->state = RFC_MX_STATE_IDLE; 210 } 211 212 213 /******************************************************************************* 214 ** 215 ** Function rfc_timer_start 216 ** 217 ** Description Start RFC Timer 218 ** 219 *******************************************************************************/ 220 void rfc_timer_start (tRFC_MCB *p_mcb, UINT16 timeout) 221 { 222 TIMER_LIST_ENT *p_tle = &p_mcb->tle; 223 224 RFCOMM_TRACE_EVENT1 ("rfc_timer_start - timeout:%d", timeout); 225 226 p_tle->param = (UINT32)p_mcb; 227 228 btu_start_timer (p_tle, BTU_TTYPE_RFCOMM_MFC, timeout); 229 } 230 231 232 /******************************************************************************* 233 ** 234 ** Function rfc_timer_stop 235 ** 236 ** Description Stop RFC Timer 237 ** 238 *******************************************************************************/ 239 void rfc_timer_stop (tRFC_MCB *p_mcb) 240 { 241 RFCOMM_TRACE_EVENT0 ("rfc_timer_stop"); 242 243 btu_stop_timer (&p_mcb->tle); 244 } 245 246 247 /******************************************************************************* 248 ** 249 ** Function rfc_port_timer_start 250 ** 251 ** Description Start RFC Timer 252 ** 253 *******************************************************************************/ 254 void rfc_port_timer_start (tPORT *p_port, UINT16 timeout) 255 { 256 TIMER_LIST_ENT *p_tle = &p_port->rfc.tle; 257 258 RFCOMM_TRACE_EVENT1 ("rfc_port_timer_start - timeout:%d", timeout); 259 260 p_tle->param = (UINT32)p_port; 261 262 btu_start_timer (p_tle, BTU_TTYPE_RFCOMM_PORT, timeout); 263 } 264 265 266 /******************************************************************************* 267 ** 268 ** Function rfc_port_timer_stop 269 ** 270 ** Description Stop RFC Timer 271 ** 272 *******************************************************************************/ 273 void rfc_port_timer_stop (tPORT *p_port) 274 { 275 RFCOMM_TRACE_EVENT0 ("rfc_port_timer_stop"); 276 277 btu_stop_timer (&p_port->rfc.tle); 278 } 279 280 281 /******************************************************************************* 282 ** 283 ** Function rfc_check_mcb_active 284 ** 285 ** Description Check if there are any opened ports on the MCB if not 286 ** start MCB Inact timer. 287 ** 288 ** Returns void 289 ** 290 *******************************************************************************/ 291 void rfc_check_mcb_active (tRFC_MCB *p_mcb) 292 { 293 UINT16 i; 294 295 for (i = 0; i < RFCOMM_MAX_DLCI; i++) 296 { 297 if (p_mcb->port_inx[i] != 0) 298 { 299 p_mcb->is_disc_initiator = FALSE; 300 return; 301 } 302 } 303 /* The last port was DISCed. On the client side start disconnecting Mx */ 304 /* On the server side start inactivity timer */ 305 if (p_mcb->is_disc_initiator) 306 { 307 p_mcb->is_disc_initiator = FALSE; 308 rfc_mx_sm_execute (p_mcb, RFC_MX_EVENT_CLOSE_REQ, NULL); 309 } 310 else 311 rfc_timer_start (p_mcb, RFC_MCB_RELEASE_INACT_TIMER); 312 } 313 314 315 /******************************************************************************* 316 ** 317 ** Function rfcomm_process_timeout 318 ** 319 ** Description The function called every second to check RFCOMM timers 320 ** 321 ** Returns void 322 ** 323 *******************************************************************************/ 324 void rfcomm_process_timeout (TIMER_LIST_ENT *p_tle) 325 { 326 switch (p_tle->event) 327 { 328 case BTU_TTYPE_RFCOMM_MFC: 329 rfc_mx_sm_execute ((tRFC_MCB *)p_tle->param, RFC_EVENT_TIMEOUT, NULL); 330 break; 331 332 case BTU_TTYPE_RFCOMM_PORT: 333 rfc_port_sm_execute ((tPORT *)p_tle->param, RFC_EVENT_TIMEOUT, NULL); 334 break; 335 336 default: 337 break; 338 } 339 } 340 341 342 /******************************************************************************* 343 ** 344 ** Function rfc_sec_check_complete 345 ** 346 ** Description The function called when Security Manager finishes 347 ** verification of the service side connection 348 ** 349 ** Returns void 350 ** 351 *******************************************************************************/ 352 void rfc_sec_check_complete (BD_ADDR bd_addr, void *p_ref_data, UINT8 res) 353 { 354 tPORT *p_port = (tPORT *)p_ref_data; 355 356 /* Verify that PORT is still waiting for Security to complete */ 357 if (!p_port->in_use 358 || ((p_port->rfc.state != RFC_STATE_ORIG_WAIT_SEC_CHECK) 359 && (p_port->rfc.state != RFC_STATE_TERM_WAIT_SEC_CHECK))) 360 return; 361 362 rfc_port_sm_execute ((tPORT *)p_ref_data, RFC_EVENT_SEC_COMPLETE, &res); 363 } 364 365 366 /******************************************************************************* 367 ** 368 ** Function rfc_port_closed 369 ** 370 ** Description The function is called when port is released based on the 371 ** event received from the lower layer, typically L2CAP 372 ** connection down, DISC, or DM frame. 373 ** 374 ** Returns void 375 ** 376 *******************************************************************************/ 377 void rfc_port_closed (tPORT *p_port) 378 { 379 tRFC_MCB *p_mcb = p_port->rfc.p_mcb; 380 381 RFCOMM_TRACE_DEBUG0 ("rfc_port_closed"); 382 383 rfc_port_timer_stop (p_port); 384 385 p_port->rfc.state = RFC_STATE_CLOSED; 386 387 /* If multiplexer channel was up mark it as down */ 388 if (p_mcb) 389 { 390 p_mcb->port_inx[p_port->dlci] = 0; 391 392 /* If there are no more ports opened on this MCB release it */ 393 rfc_check_mcb_active (p_mcb); 394 } 395 396 /* Notify port that RFC connection is gone */ 397 port_rfc_closed (p_port, PORT_CLOSED); 398 } 399 400 /******************************************************************************* 401 ** 402 ** Function rfc_inc_credit 403 ** 404 ** Description The function is called when a credit is received in a UIH 405 ** frame. It increments the TX credit count, and if data 406 ** flow had halted, it restarts it. 407 ** 408 ** Returns void 409 ** 410 *******************************************************************************/ 411 void rfc_inc_credit (tPORT *p_port, UINT8 credit) 412 { 413 if (p_port->rfc.p_mcb->flow == PORT_FC_CREDIT) 414 { 415 p_port->credit_tx += credit; 416 417 RFCOMM_TRACE_EVENT1 ("rfc_inc_credit:%d", p_port->credit_tx); 418 419 if (p_port->tx.peer_fc == TRUE) 420 PORT_FlowInd(p_port->rfc.p_mcb, p_port->dlci, TRUE); 421 } 422 } 423 424 /******************************************************************************* 425 ** 426 ** Function rfc_dec_credit 427 ** 428 ** Description The function is called when a UIH frame of user data is 429 ** sent. It decrements the credit count. If credit count 430 ** Reaches zero, peer_fc is set. 431 ** 432 ** Returns void 433 ** 434 *******************************************************************************/ 435 void rfc_dec_credit (tPORT *p_port) 436 { 437 if (p_port->rfc.p_mcb->flow == PORT_FC_CREDIT) 438 { 439 if (p_port->credit_tx > 0) 440 p_port->credit_tx--; 441 442 if (p_port->credit_tx == 0) 443 p_port->tx.peer_fc = TRUE; 444 } 445 } 446 447 448 /******************************************************************************* 449 ** 450 ** Function rfc_check_send_cmd 451 ** 452 ** Description This function is called to send an RFCOMM command message 453 ** or to handle the RFCOMM command message queue. 454 ** 455 ** Returns void 456 ** 457 *******************************************************************************/ 458 void rfc_check_send_cmd(tRFC_MCB *p_mcb, BT_HDR *p_buf) 459 { 460 BT_HDR *p; 461 462 /* if passed a buffer queue it */ 463 if (p_buf != NULL) 464 { 465 GKI_enqueue(&p_mcb->cmd_q, p_buf); 466 } 467 468 /* handle queue if L2CAP not congested */ 469 while (p_mcb->l2cap_congested == FALSE) 470 { 471 if ((p = (BT_HDR *) GKI_dequeue(&p_mcb->cmd_q)) == NULL) 472 { 473 break; 474 } 475 476 477 L2CA_DataWrite (p_mcb->lcid, p); 478 } 479 } 480 481 482
