1 /****************************************************************************** 2 * 3 * Copyright (C) 1999-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 /****************************************************************************** 20 * 21 * This file contains the main L2CAP entry points 22 * 23 ******************************************************************************/ 24 25 #define LOG_TAG "bt_l2c_main" 26 27 #include <stdio.h> 28 #include <stdlib.h> 29 #include <string.h> 30 31 #include "bt_target.h" 32 #include "btm_int.h" 33 #include "btu.h" 34 #include "device/include/controller.h" 35 #include "bt_common.h" 36 #include "hcimsgs.h" 37 #include "l2c_api.h" 38 #include "l2c_int.h" 39 #include "l2cdefs.h" 40 #include "osi/include/log.h" 41 42 43 extern fixed_queue_t *btu_general_alarm_queue; 44 45 /********************************************************************************/ 46 /* L O C A L F U N C T I O N P R O T O T Y P E S */ 47 /********************************************************************************/ 48 static void process_l2cap_cmd (tL2C_LCB *p_lcb, UINT8 *p, UINT16 pkt_len); 49 50 /********************************************************************************/ 51 /* G L O B A L L 2 C A P D A T A */ 52 /********************************************************************************/ 53 #if L2C_DYNAMIC_MEMORY == FALSE 54 tL2C_CB l2cb; 55 #endif 56 57 /******************************************************************************* 58 ** 59 ** Function l2c_rcv_acl_data 60 ** 61 ** Description This function is called from the HCI Interface when an ACL 62 ** data packet is received. 63 ** 64 ** Returns void 65 ** 66 *******************************************************************************/ 67 void l2c_rcv_acl_data (BT_HDR *p_msg) 68 { 69 UINT8 *p = (UINT8 *)(p_msg + 1) + p_msg->offset; 70 UINT16 handle, hci_len; 71 UINT8 pkt_type; 72 tL2C_LCB *p_lcb; 73 tL2C_CCB *p_ccb = NULL; 74 UINT16 l2cap_len, rcv_cid, psm; 75 UINT16 credit; 76 77 /* Extract the handle */ 78 STREAM_TO_UINT16 (handle, p); 79 pkt_type = HCID_GET_EVENT (handle); 80 handle = HCID_GET_HANDLE (handle); 81 82 /* Since the HCI Transport is putting segmented packets back together, we */ 83 /* should never get a valid packet with the type set to "continuation" */ 84 if (pkt_type != L2CAP_PKT_CONTINUE) 85 { 86 /* Find the LCB based on the handle */ 87 if ((p_lcb = l2cu_find_lcb_by_handle (handle)) == NULL) 88 { 89 UINT8 cmd_code; 90 91 /* There is a slight possibility (specifically with USB) that we get an */ 92 /* L2CAP connection request before we get the HCI connection complete. */ 93 /* So for these types of messages, hold them for up to 2 seconds. */ 94 STREAM_TO_UINT16 (hci_len, p); 95 STREAM_TO_UINT16 (l2cap_len, p); 96 STREAM_TO_UINT16 (rcv_cid, p); 97 STREAM_TO_UINT8 (cmd_code, p); 98 99 if ((p_msg->layer_specific == 0) && (rcv_cid == L2CAP_SIGNALLING_CID) 100 && (cmd_code == L2CAP_CMD_INFO_REQ || cmd_code == L2CAP_CMD_CONN_REQ)) { 101 L2CAP_TRACE_WARNING ("L2CAP - holding ACL for unknown handle:%d ls:%d" 102 " cid:%d opcode:%d cur count:%d", handle, p_msg->layer_specific, 103 rcv_cid, cmd_code, list_length(l2cb.rcv_pending_q)); 104 p_msg->layer_specific = 2; 105 list_append(l2cb.rcv_pending_q, p_msg); 106 107 if (list_length(l2cb.rcv_pending_q) == 1) { 108 alarm_set_on_queue(l2cb.receive_hold_timer, 109 BT_1SEC_TIMEOUT_MS, 110 l2c_receive_hold_timer_timeout, NULL, 111 btu_general_alarm_queue); 112 } 113 114 return; 115 } else { 116 L2CAP_TRACE_ERROR ("L2CAP - rcvd ACL for unknown handle:%d ls:%d cid:%d" 117 " opcode:%d cur count:%d", handle, p_msg->layer_specific, rcv_cid, 118 cmd_code, list_length(l2cb.rcv_pending_q)); 119 } 120 osi_free(p_msg); 121 return; 122 } 123 } 124 else 125 { 126 L2CAP_TRACE_WARNING ("L2CAP - expected pkt start or complete, got: %d", pkt_type); 127 osi_free(p_msg); 128 return; 129 } 130 131 /* Extract the length and update the buffer header */ 132 STREAM_TO_UINT16 (hci_len, p); 133 p_msg->offset += 4; 134 135 /* Extract the length and CID */ 136 STREAM_TO_UINT16 (l2cap_len, p); 137 STREAM_TO_UINT16 (rcv_cid, p); 138 139 #if BLE_INCLUDED == TRUE 140 /* for BLE channel, always notify connection when ACL data received on the link */ 141 if (p_lcb && p_lcb->transport == BT_TRANSPORT_LE && p_lcb->link_state != LST_DISCONNECTING) 142 /* only process fixed channel data as channel open indication when link is not in disconnecting mode */ 143 l2cble_notify_le_connection(p_lcb->remote_bd_addr); 144 #endif 145 146 /* Find the CCB for this CID */ 147 if (rcv_cid >= L2CAP_BASE_APPL_CID) 148 { 149 if ((p_ccb = l2cu_find_ccb_by_cid (p_lcb, rcv_cid)) == NULL) 150 { 151 L2CAP_TRACE_WARNING ("L2CAP - unknown CID: 0x%04x", rcv_cid); 152 osi_free(p_msg); 153 return; 154 } 155 } 156 157 if (hci_len >= L2CAP_PKT_OVERHEAD) /* Must receive at least the L2CAP length and CID.*/ 158 { 159 p_msg->len = hci_len - L2CAP_PKT_OVERHEAD; 160 p_msg->offset += L2CAP_PKT_OVERHEAD; 161 } 162 else 163 { 164 L2CAP_TRACE_WARNING ("L2CAP - got incorrect hci header" ); 165 osi_free(p_msg); 166 return; 167 } 168 169 if (l2cap_len != p_msg->len) 170 { 171 L2CAP_TRACE_WARNING ("L2CAP - bad length in pkt. Exp: %d Act: %d", 172 l2cap_len, p_msg->len); 173 174 osi_free(p_msg); 175 return; 176 } 177 178 /* Send the data through the channel state machine */ 179 if (rcv_cid == L2CAP_SIGNALLING_CID) 180 { 181 process_l2cap_cmd (p_lcb, p, l2cap_len); 182 osi_free(p_msg); 183 } 184 else if (rcv_cid == L2CAP_CONNECTIONLESS_CID) 185 { 186 /* process_connectionless_data (p_lcb); */ 187 STREAM_TO_UINT16 (psm, p); 188 L2CAP_TRACE_DEBUG( "GOT CONNECTIONLESS DATA PSM:%d", psm ) ; 189 190 #if (L2CAP_UCD_INCLUDED == TRUE) 191 /* if it is not broadcast, check UCD registration */ 192 if ( l2c_ucd_check_rx_pkts( p_lcb, p_msg ) ) 193 { 194 /* nothing to do */ 195 } 196 else 197 #endif 198 osi_free(p_msg); 199 } 200 #if (BLE_INCLUDED == TRUE) 201 else if (rcv_cid == L2CAP_BLE_SIGNALLING_CID) 202 { 203 l2cble_process_sig_cmd (p_lcb, p, l2cap_len); 204 osi_free(p_msg); 205 } 206 #endif 207 #if (L2CAP_NUM_FIXED_CHNLS > 0) 208 else if ((rcv_cid >= L2CAP_FIRST_FIXED_CHNL) && (rcv_cid <= L2CAP_LAST_FIXED_CHNL) && 209 (l2cb.fixed_reg[rcv_cid - L2CAP_FIRST_FIXED_CHNL].pL2CA_FixedData_Cb != NULL) ) 210 { 211 /* If no CCB for this channel, allocate one */ 212 if (p_lcb && 213 /* only process fixed channel data when link is open or wait for data indication */ 214 (p_lcb->link_state != LST_DISCONNECTING) && 215 l2cu_initialize_fixed_ccb (p_lcb, rcv_cid, &l2cb.fixed_reg[rcv_cid - L2CAP_FIRST_FIXED_CHNL].fixed_chnl_opts)) 216 { 217 p_ccb = p_lcb->p_fixed_ccbs[rcv_cid - L2CAP_FIRST_FIXED_CHNL]; 218 219 if (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_BASIC_MODE) 220 l2c_fcr_proc_pdu (p_ccb, p_msg); 221 else 222 (*l2cb.fixed_reg[rcv_cid - L2CAP_FIRST_FIXED_CHNL].pL2CA_FixedData_Cb) 223 (rcv_cid, p_lcb->remote_bd_addr, p_msg); 224 } 225 else 226 osi_free(p_msg); 227 } 228 #endif 229 230 else 231 { 232 if (p_ccb == NULL) 233 osi_free(p_msg); 234 else 235 { 236 if (p_lcb->transport == BT_TRANSPORT_LE) 237 { 238 l2c_lcc_proc_pdu(p_ccb,p_msg); 239 // Got a pkt, valid send out credits to the peer device 240 credit = L2CAP_LE_DEFAULT_CREDIT; 241 l2c_csm_execute(p_ccb, L2CEVT_L2CA_SEND_FLOW_CONTROL_CREDIT, &credit); 242 } 243 else 244 { 245 /* Basic mode packets go straight to the state machine */ 246 if (p_ccb->peer_cfg.fcr.mode == L2CAP_FCR_BASIC_MODE) 247 l2c_csm_execute (p_ccb, L2CEVT_L2CAP_DATA, p_msg); 248 else 249 { 250 /* eRTM or streaming mode, so we need to validate states first */ 251 if ((p_ccb->chnl_state == CST_OPEN) || (p_ccb->chnl_state == CST_CONFIG)) 252 l2c_fcr_proc_pdu (p_ccb, p_msg); 253 else 254 osi_free (p_msg); 255 } 256 } 257 } 258 } 259 } 260 261 /******************************************************************************* 262 ** 263 ** Function process_l2cap_cmd 264 ** 265 ** Description This function is called when a packet is received on the 266 ** L2CAP signalling CID 267 ** 268 ** Returns void 269 ** 270 *******************************************************************************/ 271 static void process_l2cap_cmd (tL2C_LCB *p_lcb, UINT8 *p, UINT16 pkt_len) 272 { 273 UINT8 *p_pkt_end, *p_next_cmd, *p_cfg_end, *p_cfg_start; 274 UINT8 cmd_code, cfg_code, cfg_len, id; 275 tL2C_CONN_INFO con_info; 276 tL2CAP_CFG_INFO cfg_info; 277 UINT16 rej_reason, rej_mtu, lcid, rcid, info_type; 278 tL2C_CCB *p_ccb; 279 tL2C_RCB *p_rcb; 280 BOOLEAN cfg_rej, pkt_size_rej = FALSE; 281 UINT16 cfg_rej_len, cmd_len; 282 UINT16 result; 283 tL2C_CONN_INFO ci; 284 285 #if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE) 286 /* if l2cap command received in CID 1 on top of an LE link, ignore this command */ 287 if (p_lcb->transport == BT_TRANSPORT_LE) 288 return; 289 #endif 290 291 /* Reject the packet if it exceeds the default Signalling Channel MTU */ 292 if (pkt_len > L2CAP_DEFAULT_MTU) 293 { 294 /* Core Spec requires a single response to the first command found in a multi-command 295 ** L2cap packet. If only responses in the packet, then it will be ignored. 296 ** Here we simply mark the bad packet and decide which cmd ID to reject later 297 */ 298 pkt_size_rej = TRUE; 299 L2CAP_TRACE_ERROR ("L2CAP SIG MTU Pkt Len Exceeded (672) -> pkt_len: %d", pkt_len); 300 } 301 302 p_next_cmd = p; 303 p_pkt_end = p + pkt_len; 304 305 memset (&cfg_info, 0, sizeof(cfg_info)); 306 307 /* An L2CAP packet may contain multiple commands */ 308 while (TRUE) 309 { 310 /* Smallest command is 4 bytes */ 311 if ((p = p_next_cmd) > (p_pkt_end - 4)) 312 break; 313 314 STREAM_TO_UINT8 (cmd_code, p); 315 STREAM_TO_UINT8 (id, p); 316 STREAM_TO_UINT16 (cmd_len, p); 317 318 /* Check command length does not exceed packet length */ 319 if ((p_next_cmd = p + cmd_len) > p_pkt_end) 320 { 321 L2CAP_TRACE_WARNING ("Command len bad pkt_len: %d cmd_len: %d code: %d", 322 pkt_len, cmd_len, cmd_code); 323 break; 324 } 325 326 L2CAP_TRACE_DEBUG ("cmd_code: %d, id:%d, cmd_len:%d", cmd_code, id, cmd_len); 327 328 /* Bad L2CAP packet length, look or cmd to reject */ 329 if (pkt_size_rej) 330 { 331 /* If command found rejected it and we're done, otherwise keep looking */ 332 if (l2c_is_cmd_rejected(cmd_code, id, p_lcb)) 333 return; 334 else 335 continue; /* Look for next cmd/response in current packet */ 336 } 337 338 switch (cmd_code) 339 { 340 case L2CAP_CMD_REJECT: 341 STREAM_TO_UINT16 (rej_reason, p); 342 if (rej_reason == L2CAP_CMD_REJ_MTU_EXCEEDED) 343 { 344 STREAM_TO_UINT16 (rej_mtu, p); 345 /* What to do with the MTU reject ? We have negotiated an MTU. For now */ 346 /* we will ignore it and let a higher protocol timeout take care of it */ 347 348 L2CAP_TRACE_WARNING ("L2CAP - MTU rej Handle: %d MTU: %d", p_lcb->handle, rej_mtu); 349 } 350 if (rej_reason == L2CAP_CMD_REJ_INVALID_CID) 351 { 352 STREAM_TO_UINT16 (rcid, p); 353 STREAM_TO_UINT16 (lcid, p); 354 355 L2CAP_TRACE_WARNING ("L2CAP - rej with CID invalid, LCID: 0x%04x RCID: 0x%04x", lcid, rcid); 356 357 /* Remote CID invalid. Treat as a disconnect */ 358 if (((p_ccb = l2cu_find_ccb_by_cid (p_lcb, lcid)) != NULL) 359 && (p_ccb->remote_cid == rcid)) 360 { 361 /* Fake link disconnect - no reply is generated */ 362 l2c_csm_execute (p_ccb, L2CEVT_LP_DISCONNECT_IND, NULL); 363 } 364 } 365 366 /* SonyEricsson Info request Bug workaround (Continue connection) */ 367 else if (rej_reason == L2CAP_CMD_REJ_NOT_UNDERSTOOD && p_lcb->w4_info_rsp) 368 { 369 alarm_cancel(p_lcb->info_resp_timer); 370 371 p_lcb->w4_info_rsp = FALSE; 372 ci.status = HCI_SUCCESS; 373 memcpy (ci.bd_addr, p_lcb->remote_bd_addr, sizeof(BD_ADDR)); 374 375 /* For all channels, send the event through their FSMs */ 376 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb) 377 { 378 l2c_csm_execute (p_ccb, L2CEVT_L2CAP_INFO_RSP, &ci); 379 } 380 } 381 break; 382 383 case L2CAP_CMD_CONN_REQ: 384 STREAM_TO_UINT16 (con_info.psm, p); 385 STREAM_TO_UINT16 (rcid, p); 386 if ((p_rcb = l2cu_find_rcb_by_psm (con_info.psm)) == NULL) 387 { 388 L2CAP_TRACE_WARNING ("L2CAP - rcvd conn req for unknown PSM: %d", con_info.psm); 389 l2cu_reject_connection (p_lcb, rcid, id, L2CAP_CONN_NO_PSM); 390 break; 391 } 392 else 393 { 394 if (!p_rcb->api.pL2CA_ConnectInd_Cb) 395 { 396 L2CAP_TRACE_WARNING ("L2CAP - rcvd conn req for outgoing-only connection PSM: %d", con_info.psm); 397 l2cu_reject_connection (p_lcb, rcid, id, L2CAP_CONN_NO_PSM); 398 break; 399 } 400 } 401 if ((p_ccb = l2cu_allocate_ccb (p_lcb, 0)) == NULL) 402 { 403 L2CAP_TRACE_ERROR ("L2CAP - unable to allocate CCB"); 404 l2cu_reject_connection (p_lcb, rcid, id, L2CAP_CONN_NO_RESOURCES); 405 break; 406 } 407 p_ccb->remote_id = id; 408 p_ccb->p_rcb = p_rcb; 409 p_ccb->remote_cid = rcid; 410 411 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_REQ, &con_info); 412 break; 413 414 case L2CAP_CMD_CONN_RSP: 415 STREAM_TO_UINT16 (con_info.remote_cid, p); 416 STREAM_TO_UINT16 (lcid, p); 417 STREAM_TO_UINT16 (con_info.l2cap_result, p); 418 STREAM_TO_UINT16 (con_info.l2cap_status, p); 419 420 if ((p_ccb = l2cu_find_ccb_by_cid (p_lcb, lcid)) == NULL) 421 { 422 L2CAP_TRACE_WARNING ("L2CAP - no CCB for conn rsp, LCID: %d RCID: %d", 423 lcid, con_info.remote_cid); 424 break; 425 } 426 if (p_ccb->local_id != id) 427 { 428 L2CAP_TRACE_WARNING ("L2CAP - con rsp - bad ID. Exp: %d Got: %d", 429 p_ccb->local_id, id); 430 break; 431 } 432 433 if (con_info.l2cap_result == L2CAP_CONN_OK) 434 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP, &con_info); 435 else if (con_info.l2cap_result == L2CAP_CONN_PENDING) 436 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP_PND, &con_info); 437 else 438 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP_NEG, &con_info); 439 440 break; 441 442 case L2CAP_CMD_CONFIG_REQ: 443 p_cfg_end = p + cmd_len; 444 cfg_rej = FALSE; 445 cfg_rej_len = 0; 446 447 STREAM_TO_UINT16 (lcid, p); 448 STREAM_TO_UINT16 (cfg_info.flags, p); 449 450 p_cfg_start = p; 451 452 cfg_info.flush_to_present = cfg_info.mtu_present = cfg_info.qos_present = 453 cfg_info.fcr_present = cfg_info.fcs_present = FALSE; 454 455 while (p < p_cfg_end) 456 { 457 STREAM_TO_UINT8 (cfg_code, p); 458 STREAM_TO_UINT8 (cfg_len, p); 459 460 switch (cfg_code & 0x7F) 461 { 462 case L2CAP_CFG_TYPE_MTU: 463 cfg_info.mtu_present = TRUE; 464 STREAM_TO_UINT16 (cfg_info.mtu, p); 465 break; 466 467 case L2CAP_CFG_TYPE_FLUSH_TOUT: 468 cfg_info.flush_to_present = TRUE; 469 STREAM_TO_UINT16 (cfg_info.flush_to, p); 470 break; 471 472 case L2CAP_CFG_TYPE_QOS: 473 cfg_info.qos_present = TRUE; 474 STREAM_TO_UINT8 (cfg_info.qos.qos_flags, p); 475 STREAM_TO_UINT8 (cfg_info.qos.service_type, p); 476 STREAM_TO_UINT32 (cfg_info.qos.token_rate, p); 477 STREAM_TO_UINT32 (cfg_info.qos.token_bucket_size, p); 478 STREAM_TO_UINT32 (cfg_info.qos.peak_bandwidth, p); 479 STREAM_TO_UINT32 (cfg_info.qos.latency, p); 480 STREAM_TO_UINT32 (cfg_info.qos.delay_variation, p); 481 break; 482 483 case L2CAP_CFG_TYPE_FCR: 484 cfg_info.fcr_present = TRUE; 485 STREAM_TO_UINT8 (cfg_info.fcr.mode, p); 486 STREAM_TO_UINT8 (cfg_info.fcr.tx_win_sz, p); 487 STREAM_TO_UINT8 (cfg_info.fcr.max_transmit, p); 488 STREAM_TO_UINT16 (cfg_info.fcr.rtrans_tout, p); 489 STREAM_TO_UINT16 (cfg_info.fcr.mon_tout, p); 490 STREAM_TO_UINT16 (cfg_info.fcr.mps, p); 491 break; 492 493 case L2CAP_CFG_TYPE_FCS: 494 cfg_info.fcs_present = TRUE; 495 STREAM_TO_UINT8 (cfg_info.fcs, p); 496 break; 497 498 case L2CAP_CFG_TYPE_EXT_FLOW: 499 cfg_info.ext_flow_spec_present = TRUE; 500 STREAM_TO_UINT8 (cfg_info.ext_flow_spec.id, p); 501 STREAM_TO_UINT8 (cfg_info.ext_flow_spec.stype, p); 502 STREAM_TO_UINT16 (cfg_info.ext_flow_spec.max_sdu_size, p); 503 STREAM_TO_UINT32 (cfg_info.ext_flow_spec.sdu_inter_time, p); 504 STREAM_TO_UINT32 (cfg_info.ext_flow_spec.access_latency, p); 505 STREAM_TO_UINT32 (cfg_info.ext_flow_spec.flush_timeout, p); 506 break; 507 508 default: 509 /* sanity check option length */ 510 if ((cfg_len + L2CAP_CFG_OPTION_OVERHEAD) <= cmd_len) 511 { 512 p += cfg_len; 513 if ((cfg_code & 0x80) == 0) 514 { 515 cfg_rej_len += cfg_len + L2CAP_CFG_OPTION_OVERHEAD; 516 cfg_rej = TRUE; 517 } 518 } 519 /* bad length; force loop exit */ 520 else 521 { 522 p = p_cfg_end; 523 cfg_rej = TRUE; 524 } 525 break; 526 } 527 } 528 529 if ((p_ccb = l2cu_find_ccb_by_cid (p_lcb, lcid)) != NULL) 530 { 531 p_ccb->remote_id = id; 532 if (cfg_rej) 533 { 534 l2cu_send_peer_config_rej (p_ccb, p_cfg_start, (UINT16) (cmd_len - L2CAP_CONFIG_REQ_LEN), cfg_rej_len); 535 } 536 else 537 { 538 l2c_csm_execute (p_ccb, L2CEVT_L2CAP_CONFIG_REQ, &cfg_info); 539 } 540 } 541 else 542 { 543 /* updated spec says send command reject on invalid cid */ 544 l2cu_send_peer_cmd_reject (p_lcb, L2CAP_CMD_REJ_INVALID_CID, id, 0, 0); 545 } 546 break; 547 548 case L2CAP_CMD_CONFIG_RSP: 549 p_cfg_end = p + cmd_len; 550 STREAM_TO_UINT16 (lcid, p); 551 STREAM_TO_UINT16 (cfg_info.flags, p); 552 STREAM_TO_UINT16 (cfg_info.result, p); 553 554 cfg_info.flush_to_present = cfg_info.mtu_present = cfg_info.qos_present = 555 cfg_info.fcr_present = cfg_info.fcs_present = FALSE; 556 557 while (p < p_cfg_end) 558 { 559 STREAM_TO_UINT8 (cfg_code, p); 560 STREAM_TO_UINT8 (cfg_len, p); 561 562 switch (cfg_code & 0x7F) 563 { 564 case L2CAP_CFG_TYPE_MTU: 565 cfg_info.mtu_present = TRUE; 566 STREAM_TO_UINT16 (cfg_info.mtu, p); 567 break; 568 569 case L2CAP_CFG_TYPE_FLUSH_TOUT: 570 cfg_info.flush_to_present = TRUE; 571 STREAM_TO_UINT16 (cfg_info.flush_to, p); 572 break; 573 574 case L2CAP_CFG_TYPE_QOS: 575 cfg_info.qos_present = TRUE; 576 STREAM_TO_UINT8 (cfg_info.qos.qos_flags, p); 577 STREAM_TO_UINT8 (cfg_info.qos.service_type, p); 578 STREAM_TO_UINT32 (cfg_info.qos.token_rate, p); 579 STREAM_TO_UINT32 (cfg_info.qos.token_bucket_size, p); 580 STREAM_TO_UINT32 (cfg_info.qos.peak_bandwidth, p); 581 STREAM_TO_UINT32 (cfg_info.qos.latency, p); 582 STREAM_TO_UINT32 (cfg_info.qos.delay_variation, p); 583 break; 584 585 case L2CAP_CFG_TYPE_FCR: 586 cfg_info.fcr_present = TRUE; 587 STREAM_TO_UINT8 (cfg_info.fcr.mode, p); 588 STREAM_TO_UINT8 (cfg_info.fcr.tx_win_sz, p); 589 STREAM_TO_UINT8 (cfg_info.fcr.max_transmit, p); 590 STREAM_TO_UINT16 (cfg_info.fcr.rtrans_tout, p); 591 STREAM_TO_UINT16 (cfg_info.fcr.mon_tout, p); 592 STREAM_TO_UINT16 (cfg_info.fcr.mps, p); 593 break; 594 595 case L2CAP_CFG_TYPE_FCS: 596 cfg_info.fcs_present = TRUE; 597 STREAM_TO_UINT8 (cfg_info.fcs, p); 598 break; 599 600 case L2CAP_CFG_TYPE_EXT_FLOW: 601 cfg_info.ext_flow_spec_present = TRUE; 602 STREAM_TO_UINT8 (cfg_info.ext_flow_spec.id, p); 603 STREAM_TO_UINT8 (cfg_info.ext_flow_spec.stype, p); 604 STREAM_TO_UINT16 (cfg_info.ext_flow_spec.max_sdu_size, p); 605 STREAM_TO_UINT32 (cfg_info.ext_flow_spec.sdu_inter_time, p); 606 STREAM_TO_UINT32 (cfg_info.ext_flow_spec.access_latency, p); 607 STREAM_TO_UINT32 (cfg_info.ext_flow_spec.flush_timeout, p); 608 break; 609 } 610 } 611 612 if ((p_ccb = l2cu_find_ccb_by_cid (p_lcb, lcid)) != NULL) 613 { 614 if (p_ccb->local_id != id) 615 { 616 L2CAP_TRACE_WARNING ("L2CAP - cfg rsp - bad ID. Exp: %d Got: %d", 617 p_ccb->local_id, id); 618 break; 619 } 620 if ( (cfg_info.result == L2CAP_CFG_OK) || (cfg_info.result == L2CAP_CFG_PENDING) ) 621 l2c_csm_execute (p_ccb, L2CEVT_L2CAP_CONFIG_RSP, &cfg_info); 622 else 623 l2c_csm_execute (p_ccb, L2CEVT_L2CAP_CONFIG_RSP_NEG, &cfg_info); 624 } 625 else 626 { 627 L2CAP_TRACE_WARNING ("L2CAP - rcvd cfg rsp for unknown CID: 0x%04x", lcid); 628 } 629 break; 630 631 case L2CAP_CMD_DISC_REQ: 632 STREAM_TO_UINT16 (lcid, p); 633 STREAM_TO_UINT16 (rcid, p); 634 635 if ((p_ccb = l2cu_find_ccb_by_cid (p_lcb, lcid)) != NULL) 636 { 637 if (p_ccb->remote_cid == rcid) 638 { 639 p_ccb->remote_id = id; 640 l2c_csm_execute (p_ccb, L2CEVT_L2CAP_DISCONNECT_REQ, &con_info); 641 } 642 } 643 else 644 l2cu_send_peer_disc_rsp (p_lcb, id, lcid, rcid); 645 646 break; 647 648 case L2CAP_CMD_DISC_RSP: 649 STREAM_TO_UINT16 (rcid, p); 650 STREAM_TO_UINT16 (lcid, p); 651 652 if ((p_ccb = l2cu_find_ccb_by_cid (p_lcb, lcid)) != NULL) 653 { 654 if ((p_ccb->remote_cid == rcid) && (p_ccb->local_id == id)) 655 { 656 l2c_csm_execute (p_ccb, L2CEVT_L2CAP_DISCONNECT_RSP, &con_info); 657 } 658 } 659 break; 660 661 case L2CAP_CMD_ECHO_REQ: 662 l2cu_send_peer_echo_rsp (p_lcb, id, NULL, 0); 663 break; 664 665 case L2CAP_CMD_ECHO_RSP: 666 if (p_lcb->p_echo_rsp_cb) 667 { 668 tL2CA_ECHO_RSP_CB *p_cb = p_lcb->p_echo_rsp_cb; 669 670 /* Zero out the callback in case app immediately calls us again */ 671 p_lcb->p_echo_rsp_cb = NULL; 672 673 (*p_cb) (L2CAP_PING_RESULT_OK); 674 } 675 break; 676 677 case L2CAP_CMD_INFO_REQ: 678 STREAM_TO_UINT16 (info_type, p); 679 l2cu_send_peer_info_rsp (p_lcb, id, info_type); 680 break; 681 682 case L2CAP_CMD_INFO_RSP: 683 /* Stop the link connect timer if sent before L2CAP connection is up */ 684 if (p_lcb->w4_info_rsp) 685 { 686 alarm_cancel(p_lcb->info_resp_timer); 687 p_lcb->w4_info_rsp = FALSE; 688 } 689 690 STREAM_TO_UINT16 (info_type, p); 691 STREAM_TO_UINT16 (result, p); 692 693 p_lcb->info_rx_bits |= (1 << info_type); 694 695 if ( (info_type == L2CAP_EXTENDED_FEATURES_INFO_TYPE) 696 && (result == L2CAP_INFO_RESP_RESULT_SUCCESS) ) 697 { 698 STREAM_TO_UINT32( p_lcb->peer_ext_fea, p ); 699 700 #if (L2CAP_NUM_FIXED_CHNLS > 0) 701 if (p_lcb->peer_ext_fea & L2CAP_EXTFEA_FIXED_CHNLS) 702 { 703 l2cu_send_peer_info_req (p_lcb, L2CAP_FIXED_CHANNELS_INFO_TYPE); 704 break; 705 } 706 else 707 { 708 l2cu_process_fixed_chnl_resp (p_lcb); 709 } 710 #endif 711 } 712 713 #if (L2CAP_NUM_FIXED_CHNLS > 0) 714 if (info_type == L2CAP_FIXED_CHANNELS_INFO_TYPE) 715 { 716 if (result == L2CAP_INFO_RESP_RESULT_SUCCESS) 717 { 718 memcpy (p_lcb->peer_chnl_mask, p, L2CAP_FIXED_CHNL_ARRAY_SIZE); 719 } 720 721 l2cu_process_fixed_chnl_resp (p_lcb); 722 } 723 #endif 724 #if (L2CAP_UCD_INCLUDED == TRUE) 725 else if (info_type == L2CAP_CONNLESS_MTU_INFO_TYPE) 726 { 727 if (result == L2CAP_INFO_RESP_RESULT_SUCCESS) 728 { 729 STREAM_TO_UINT16 (p_lcb->ucd_mtu, p); 730 } 731 } 732 #endif 733 734 ci.status = HCI_SUCCESS; 735 memcpy (ci.bd_addr, p_lcb->remote_bd_addr, sizeof(BD_ADDR)); 736 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb) 737 { 738 l2c_csm_execute (p_ccb, L2CEVT_L2CAP_INFO_RSP, &ci); 739 } 740 break; 741 742 default: 743 L2CAP_TRACE_WARNING ("L2CAP - bad cmd code: %d", cmd_code); 744 l2cu_send_peer_cmd_reject (p_lcb, L2CAP_CMD_REJ_NOT_UNDERSTOOD, id, 0, 0); 745 return; 746 } 747 } 748 } 749 750 /******************************************************************************* 751 ** 752 ** Function l2c_process_held_packets 753 ** 754 ** Description This function processes any L2CAP packets that arrived before 755 ** the HCI connection complete arrived. It is a work around for 756 ** badly behaved controllers. 757 ** 758 ** Returns void 759 ** 760 *******************************************************************************/ 761 void l2c_process_held_packets(BOOLEAN timed_out) { 762 if (list_is_empty(l2cb.rcv_pending_q)) 763 return; 764 765 if (!timed_out) { 766 alarm_cancel(l2cb.receive_hold_timer); 767 L2CAP_TRACE_WARNING("L2CAP HOLD CONTINUE"); 768 } else { 769 L2CAP_TRACE_WARNING("L2CAP HOLD TIMEOUT"); 770 } 771 772 for (const list_node_t *node = list_begin(l2cb.rcv_pending_q); 773 node != list_end(l2cb.rcv_pending_q);) { 774 BT_HDR *p_buf = list_node(node); 775 node = list_next(node); 776 if (!timed_out || (!p_buf->layer_specific) || (--p_buf->layer_specific == 0)) { 777 list_remove(l2cb.rcv_pending_q, p_buf); 778 p_buf->layer_specific = 0xFFFF; 779 l2c_rcv_acl_data(p_buf); 780 } 781 } 782 783 /* If anyone still in the queue, restart the timeout */ 784 if (!list_is_empty(l2cb.rcv_pending_q)) { 785 alarm_set_on_queue(l2cb.receive_hold_timer, BT_1SEC_TIMEOUT_MS, 786 l2c_receive_hold_timer_timeout, NULL, 787 btu_general_alarm_queue); 788 } 789 } 790 791 /******************************************************************************* 792 ** 793 ** Function l2c_init 794 ** 795 ** Description This function is called once at startup to initialize 796 ** all the L2CAP structures 797 ** 798 ** Returns void 799 ** 800 *******************************************************************************/ 801 void l2c_init (void) 802 { 803 INT16 xx; 804 805 memset (&l2cb, 0, sizeof (tL2C_CB)); 806 /* the psm is increased by 2 before being used */ 807 l2cb.dyn_psm = 0xFFF; 808 809 /* Put all the channel control blocks on the free queue */ 810 for (xx = 0; xx < MAX_L2CAP_CHANNELS - 1; xx++) 811 { 812 l2cb.ccb_pool[xx].p_next_ccb = &l2cb.ccb_pool[xx + 1]; 813 } 814 815 #if (L2CAP_NON_FLUSHABLE_PB_INCLUDED == TRUE) 816 /* it will be set to L2CAP_PKT_START_NON_FLUSHABLE if controller supports */ 817 l2cb.non_flushable_pbf = L2CAP_PKT_START << L2CAP_PKT_TYPE_SHIFT; 818 #endif 819 820 l2cb.p_free_ccb_first = &l2cb.ccb_pool[0]; 821 l2cb.p_free_ccb_last = &l2cb.ccb_pool[MAX_L2CAP_CHANNELS - 1]; 822 823 #ifdef L2CAP_DESIRED_LINK_ROLE 824 l2cb.desire_role = L2CAP_DESIRED_LINK_ROLE; 825 #else 826 l2cb.desire_role = HCI_ROLE_SLAVE; 827 #endif 828 829 /* Set the default idle timeout */ 830 l2cb.idle_timeout = L2CAP_LINK_INACTIVITY_TOUT; 831 832 #if defined(L2CAP_INITIAL_TRACE_LEVEL) 833 l2cb.l2cap_trace_level = L2CAP_INITIAL_TRACE_LEVEL; 834 #else 835 l2cb.l2cap_trace_level = BT_TRACE_LEVEL_NONE; /* No traces */ 836 #endif 837 838 #if L2CAP_CONFORMANCE_TESTING == TRUE 839 /* Conformance testing needs a dynamic response */ 840 l2cb.test_info_resp = L2CAP_EXTFEA_SUPPORTED_MASK; 841 #endif 842 843 /* Number of ACL buffers to use for high priority channel */ 844 #if (defined(L2CAP_HIGH_PRI_CHAN_QUOTA_IS_CONFIGURABLE) && (L2CAP_HIGH_PRI_CHAN_QUOTA_IS_CONFIGURABLE == TRUE)) 845 l2cb.high_pri_min_xmit_quota = L2CAP_HIGH_PRI_MIN_XMIT_QUOTA; 846 #endif 847 848 #if BLE_INCLUDED == TRUE 849 l2cb.l2c_ble_fixed_chnls_mask = 850 L2CAP_FIXED_CHNL_ATT_BIT | L2CAP_FIXED_CHNL_BLE_SIG_BIT | L2CAP_FIXED_CHNL_SMP_BIT; 851 #endif 852 853 l2cb.rcv_pending_q = list_new(NULL); 854 if (l2cb.rcv_pending_q == NULL) 855 LOG_ERROR(LOG_TAG, "%s unable to allocate memory for link layer control block", __func__); 856 l2cb.receive_hold_timer = alarm_new("l2c.receive_hold_timer"); 857 } 858 859 void l2c_free(void) { 860 list_free(l2cb.rcv_pending_q); 861 l2cb.rcv_pending_q = NULL; 862 } 863 864 void l2c_receive_hold_timer_timeout(UNUSED_ATTR void *data) 865 { 866 /* Update the timeouts in the hold queue */ 867 l2c_process_held_packets(TRUE); 868 } 869 870 void l2c_ccb_timer_timeout(void *data) 871 { 872 tL2C_CCB *p_ccb = (tL2C_CCB *)data; 873 874 l2c_csm_execute(p_ccb, L2CEVT_TIMEOUT, NULL); 875 } 876 877 void l2c_fcrb_ack_timer_timeout(void *data) 878 { 879 tL2C_CCB *p_ccb = (tL2C_CCB *)data; 880 881 l2c_csm_execute(p_ccb, L2CEVT_ACK_TIMEOUT, NULL); 882 } 883 884 void l2c_lcb_timer_timeout(void *data) 885 { 886 tL2C_LCB *p_lcb = (tL2C_LCB *)data; 887 888 l2c_link_timeout(p_lcb); 889 } 890 891 /******************************************************************************* 892 ** 893 ** Function l2c_data_write 894 ** 895 ** Description API functions call this function to write data. 896 ** 897 ** Returns L2CAP_DW_SUCCESS, if data accepted, else FALSE 898 ** L2CAP_DW_CONGESTED, if data accepted and the channel is congested 899 ** L2CAP_DW_FAILED, if error 900 ** 901 *******************************************************************************/ 902 UINT8 l2c_data_write (UINT16 cid, BT_HDR *p_data, UINT16 flags) 903 { 904 tL2C_CCB *p_ccb; 905 906 /* Find the channel control block. We don't know the link it is on. */ 907 if ((p_ccb = l2cu_find_ccb_by_cid (NULL, cid)) == NULL) 908 { 909 L2CAP_TRACE_WARNING ("L2CAP - no CCB for L2CA_DataWrite, CID: %d", cid); 910 osi_free(p_data); 911 return (L2CAP_DW_FAILED); 912 } 913 914 #ifndef TESTER /* Tester may send any amount of data. otherwise sending message 915 bigger than mtu size of peer is a violation of protocol */ 916 UINT16 mtu; 917 918 if (p_ccb->p_lcb->transport == BT_TRANSPORT_LE) 919 mtu = p_ccb->peer_conn_cfg.mtu; 920 else 921 mtu = p_ccb->peer_cfg.mtu; 922 923 if (p_data->len > mtu) 924 { 925 L2CAP_TRACE_WARNING ("L2CAP - CID: 0x%04x cannot send message bigger than peer's mtu size", cid); 926 osi_free(p_data); 927 return (L2CAP_DW_FAILED); 928 } 929 #endif 930 931 /* channel based, packet based flushable or non-flushable */ 932 p_data->layer_specific = flags; 933 934 /* If already congested, do not accept any more packets */ 935 if (p_ccb->cong_sent) 936 { 937 L2CAP_TRACE_ERROR ("L2CAP - CID: 0x%04x cannot send, already congested xmit_hold_q.count: %u buff_quota: %u", 938 p_ccb->local_cid, 939 fixed_queue_length(p_ccb->xmit_hold_q), 940 p_ccb->buff_quota); 941 942 osi_free(p_data); 943 return (L2CAP_DW_FAILED); 944 } 945 946 947 l2c_csm_execute (p_ccb, L2CEVT_L2CA_DATA_WRITE, p_data); 948 949 if (p_ccb->cong_sent) 950 return (L2CAP_DW_CONGESTED); 951 952 return (L2CAP_DW_SUCCESS); 953 } 954 955
