1 /****************************************************************************** 2 * 3 * Copyright (C) 1999-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 /****************************************************************************** 20 * 21 * This file contains the main L2CAP entry points 22 * 23 ******************************************************************************/ 24 25 #define LOG_TAG "bt_l2c_main" 26 27 #include <stdio.h> 28 #include <stdlib.h> 29 #include <string.h> 30 31 #include "bt_common.h" 32 #include "bt_target.h" 33 #include "btm_int.h" 34 #include "btu.h" 35 #include "device/include/controller.h" 36 #include "hcimsgs.h" 37 #include "l2c_api.h" 38 #include "l2c_int.h" 39 #include "l2cdefs.h" 40 #include "osi/include/log.h" 41 #include "osi/include/osi.h" 42 43 /******************************************************************************/ 44 /* L O C A L F U N C T I O N P R O T O T Y P E S */ 45 /******************************************************************************/ 46 static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len); 47 48 /******************************************************************************/ 49 /* G L O B A L L 2 C A P D A T A */ 50 /******************************************************************************/ 51 tL2C_CB l2cb; 52 53 /******************************************************************************* 54 * 55 * Function l2c_rcv_acl_data 56 * 57 * Description This function is called from the HCI Interface when an ACL 58 * data packet is received. 59 * 60 * Returns void 61 * 62 ******************************************************************************/ 63 void l2c_rcv_acl_data(BT_HDR* p_msg) { 64 uint8_t* p = (uint8_t*)(p_msg + 1) + p_msg->offset; 65 uint16_t handle, hci_len; 66 uint8_t pkt_type; 67 tL2C_LCB* p_lcb; 68 tL2C_CCB* p_ccb = NULL; 69 uint16_t l2cap_len, rcv_cid, psm; 70 uint16_t credit; 71 72 /* Extract the handle */ 73 STREAM_TO_UINT16(handle, p); 74 pkt_type = HCID_GET_EVENT(handle); 75 handle = HCID_GET_HANDLE(handle); 76 77 /* Since the HCI Transport is putting segmented packets back together, we */ 78 /* should never get a valid packet with the type set to "continuation" */ 79 if (pkt_type != L2CAP_PKT_CONTINUE) { 80 /* Find the LCB based on the handle */ 81 p_lcb = l2cu_find_lcb_by_handle(handle); 82 if (p_lcb == NULL) { 83 uint8_t cmd_code; 84 85 /* There is a slight possibility (specifically with USB) that we get an */ 86 /* L2CAP connection request before we get the HCI connection complete. */ 87 /* So for these types of messages, hold them for up to 2 seconds. */ 88 STREAM_TO_UINT16(hci_len, p); 89 STREAM_TO_UINT16(l2cap_len, p); 90 STREAM_TO_UINT16(rcv_cid, p); 91 STREAM_TO_UINT8(cmd_code, p); 92 93 if ((p_msg->layer_specific == 0) && (rcv_cid == L2CAP_SIGNALLING_CID) && 94 (cmd_code == L2CAP_CMD_INFO_REQ || cmd_code == L2CAP_CMD_CONN_REQ)) { 95 L2CAP_TRACE_WARNING( 96 "L2CAP - holding ACL for unknown handle:%d ls:%d" 97 " cid:%d opcode:%d cur count:%d", 98 handle, p_msg->layer_specific, rcv_cid, cmd_code, 99 list_length(l2cb.rcv_pending_q)); 100 p_msg->layer_specific = 2; 101 list_append(l2cb.rcv_pending_q, p_msg); 102 103 if (list_length(l2cb.rcv_pending_q) == 1) { 104 alarm_set_on_mloop(l2cb.receive_hold_timer, BT_1SEC_TIMEOUT_MS, 105 l2c_receive_hold_timer_timeout, NULL); 106 } 107 108 return; 109 } else { 110 L2CAP_TRACE_ERROR( 111 "L2CAP - rcvd ACL for unknown handle:%d ls:%d cid:%d" 112 " opcode:%d cur count:%d", 113 handle, p_msg->layer_specific, rcv_cid, cmd_code, 114 list_length(l2cb.rcv_pending_q)); 115 } 116 osi_free(p_msg); 117 return; 118 } 119 } else { 120 L2CAP_TRACE_WARNING("L2CAP - expected pkt start or complete, got: %d", 121 pkt_type); 122 osi_free(p_msg); 123 return; 124 } 125 126 /* Extract the length and update the buffer header */ 127 STREAM_TO_UINT16(hci_len, p); 128 p_msg->offset += 4; 129 130 if (hci_len < L2CAP_PKT_OVERHEAD) { 131 /* Must receive at least the L2CAP length and CID */ 132 L2CAP_TRACE_WARNING("L2CAP - got incorrect hci header"); 133 osi_free(p_msg); 134 return; 135 } 136 137 /* Extract the length and CID */ 138 STREAM_TO_UINT16(l2cap_len, p); 139 STREAM_TO_UINT16(rcv_cid, p); 140 141 /* for BLE channel, always notify connection when ACL data received on the 142 * link */ 143 if (p_lcb && p_lcb->transport == BT_TRANSPORT_LE && 144 p_lcb->link_state != LST_DISCONNECTING) 145 /* only process fixed channel data as channel open indication when link is 146 * not in disconnecting mode */ 147 l2cble_notify_le_connection(p_lcb->remote_bd_addr); 148 149 /* Find the CCB for this CID */ 150 if (rcv_cid >= L2CAP_BASE_APPL_CID) { 151 p_ccb = l2cu_find_ccb_by_cid(p_lcb, rcv_cid); 152 if (p_ccb == NULL) { 153 L2CAP_TRACE_WARNING("L2CAP - unknown CID: 0x%04x", rcv_cid); 154 osi_free(p_msg); 155 return; 156 } 157 } 158 159 p_msg->len = hci_len - L2CAP_PKT_OVERHEAD; 160 p_msg->offset += L2CAP_PKT_OVERHEAD; 161 162 if (l2cap_len != p_msg->len) { 163 L2CAP_TRACE_WARNING("L2CAP - bad length in pkt. Exp: %d Act: %d", 164 l2cap_len, p_msg->len); 165 166 osi_free(p_msg); 167 return; 168 } 169 170 /* Send the data through the channel state machine */ 171 if (rcv_cid == L2CAP_SIGNALLING_CID) { 172 process_l2cap_cmd(p_lcb, p, l2cap_len); 173 osi_free(p_msg); 174 } else if (rcv_cid == L2CAP_CONNECTIONLESS_CID) { 175 /* process_connectionless_data (p_lcb); */ 176 STREAM_TO_UINT16(psm, p); 177 L2CAP_TRACE_DEBUG("GOT CONNECTIONLESS DATA PSM:%d", psm); 178 179 #if (L2CAP_UCD_INCLUDED == TRUE) 180 /* if it is not broadcast, check UCD registration */ 181 if (l2c_ucd_check_rx_pkts(p_lcb, p_msg)) { 182 /* nothing to do */ 183 } else 184 #endif 185 osi_free(p_msg); 186 } else if (rcv_cid == L2CAP_BLE_SIGNALLING_CID) { 187 l2cble_process_sig_cmd(p_lcb, p, l2cap_len); 188 osi_free(p_msg); 189 } 190 #if (L2CAP_NUM_FIXED_CHNLS > 0) 191 else if ((rcv_cid >= L2CAP_FIRST_FIXED_CHNL) && 192 (rcv_cid <= L2CAP_LAST_FIXED_CHNL) && 193 (l2cb.fixed_reg[rcv_cid - L2CAP_FIRST_FIXED_CHNL] 194 .pL2CA_FixedData_Cb != NULL)) { 195 /* If no CCB for this channel, allocate one */ 196 if (p_lcb && 197 /* only process fixed channel data when link is open or wait for data 198 indication */ 199 (p_lcb->link_state != LST_DISCONNECTING) && 200 l2cu_initialize_fixed_ccb( 201 p_lcb, rcv_cid, &l2cb.fixed_reg[rcv_cid - L2CAP_FIRST_FIXED_CHNL] 202 .fixed_chnl_opts)) { 203 p_ccb = p_lcb->p_fixed_ccbs[rcv_cid - L2CAP_FIRST_FIXED_CHNL]; 204 205 if (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_BASIC_MODE) 206 l2c_fcr_proc_pdu(p_ccb, p_msg); 207 else 208 (*l2cb.fixed_reg[rcv_cid - L2CAP_FIRST_FIXED_CHNL].pL2CA_FixedData_Cb)( 209 rcv_cid, p_lcb->remote_bd_addr, p_msg); 210 } else 211 osi_free(p_msg); 212 } 213 #endif 214 215 else { 216 if (p_ccb == NULL) 217 osi_free(p_msg); 218 else { 219 if (p_lcb->transport == BT_TRANSPORT_LE) { 220 l2c_lcc_proc_pdu(p_ccb, p_msg); 221 // Got a pkt, valid send out credits to the peer device 222 credit = L2CAP_LE_DEFAULT_CREDIT; 223 l2c_csm_execute(p_ccb, L2CEVT_L2CA_SEND_FLOW_CONTROL_CREDIT, &credit); 224 } else { 225 /* Basic mode packets go straight to the state machine */ 226 if (p_ccb->peer_cfg.fcr.mode == L2CAP_FCR_BASIC_MODE) 227 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_DATA, p_msg); 228 else { 229 /* eRTM or streaming mode, so we need to validate states first */ 230 if ((p_ccb->chnl_state == CST_OPEN) || 231 (p_ccb->chnl_state == CST_CONFIG)) 232 l2c_fcr_proc_pdu(p_ccb, p_msg); 233 else 234 osi_free(p_msg); 235 } 236 } 237 } 238 } 239 } 240 241 /******************************************************************************* 242 * 243 * Function process_l2cap_cmd 244 * 245 * Description This function is called when a packet is received on the 246 * L2CAP signalling CID 247 * 248 * Returns void 249 * 250 ******************************************************************************/ 251 static void process_l2cap_cmd(tL2C_LCB* p_lcb, uint8_t* p, uint16_t pkt_len) { 252 uint8_t *p_pkt_end, *p_next_cmd, *p_cfg_end, *p_cfg_start; 253 uint8_t cmd_code, cfg_code, cfg_len, id; 254 tL2C_CONN_INFO con_info; 255 tL2CAP_CFG_INFO cfg_info; 256 uint16_t rej_reason, rej_mtu, lcid, rcid, info_type; 257 tL2C_CCB* p_ccb; 258 tL2C_RCB* p_rcb; 259 bool cfg_rej, pkt_size_rej = false; 260 uint16_t cfg_rej_len, cmd_len; 261 uint16_t result; 262 tL2C_CONN_INFO ci; 263 264 /* if l2cap command received in CID 1 on top of an LE link, ignore this 265 * command */ 266 if (p_lcb->transport == BT_TRANSPORT_LE) return; 267 268 /* Reject the packet if it exceeds the default Signalling Channel MTU */ 269 if (pkt_len > L2CAP_DEFAULT_MTU) { 270 /* Core Spec requires a single response to the first command found in a 271 *multi-command 272 ** L2cap packet. If only responses in the packet, then it will be ignored. 273 ** Here we simply mark the bad packet and decide which cmd ID to reject 274 *later 275 */ 276 pkt_size_rej = true; 277 L2CAP_TRACE_ERROR("L2CAP SIG MTU Pkt Len Exceeded (672) -> pkt_len: %d", 278 pkt_len); 279 } 280 281 p_next_cmd = p; 282 p_pkt_end = p + pkt_len; 283 284 memset(&cfg_info, 0, sizeof(cfg_info)); 285 286 /* An L2CAP packet may contain multiple commands */ 287 while (true) { 288 /* Smallest command is 4 bytes */ 289 p = p_next_cmd; 290 if (p > (p_pkt_end - 4)) break; 291 292 STREAM_TO_UINT8(cmd_code, p); 293 STREAM_TO_UINT8(id, p); 294 STREAM_TO_UINT16(cmd_len, p); 295 296 if (cmd_len > BT_SMALL_BUFFER_SIZE) { 297 L2CAP_TRACE_WARNING("L2CAP - Invalid MTU Size"); 298 l2cu_send_peer_cmd_reject(p_lcb, L2CAP_CMD_REJ_MTU_EXCEEDED, id, 0, 0); 299 return; 300 } 301 302 /* Check command length does not exceed packet length */ 303 p_next_cmd = p + cmd_len; 304 if (p_next_cmd > p_pkt_end) { 305 L2CAP_TRACE_WARNING("Command len bad pkt_len: %d cmd_len: %d code: %d", 306 pkt_len, cmd_len, cmd_code); 307 break; 308 } 309 310 L2CAP_TRACE_DEBUG("cmd_code: %d, id:%d, cmd_len:%d", cmd_code, id, cmd_len); 311 312 /* Bad L2CAP packet length, look or cmd to reject */ 313 if (pkt_size_rej) { 314 /* If command found rejected it and we're done, otherwise keep looking */ 315 if (l2c_is_cmd_rejected(cmd_code, id, p_lcb)) 316 return; 317 else 318 continue; /* Look for next cmd/response in current packet */ 319 } 320 321 switch (cmd_code) { 322 case L2CAP_CMD_REJECT: 323 STREAM_TO_UINT16(rej_reason, p); 324 if (rej_reason == L2CAP_CMD_REJ_MTU_EXCEEDED) { 325 STREAM_TO_UINT16(rej_mtu, p); 326 /* What to do with the MTU reject ? We have negotiated an MTU. For now 327 */ 328 /* we will ignore it and let a higher protocol timeout take care of it 329 */ 330 331 L2CAP_TRACE_WARNING("L2CAP - MTU rej Handle: %d MTU: %d", 332 p_lcb->handle, rej_mtu); 333 } 334 if (rej_reason == L2CAP_CMD_REJ_INVALID_CID) { 335 STREAM_TO_UINT16(rcid, p); 336 STREAM_TO_UINT16(lcid, p); 337 338 L2CAP_TRACE_WARNING( 339 "L2CAP - rej with CID invalid, LCID: 0x%04x RCID: 0x%04x", lcid, 340 rcid); 341 342 /* Remote CID invalid. Treat as a disconnect */ 343 p_ccb = l2cu_find_ccb_by_cid(p_lcb, lcid); 344 if ((p_ccb != NULL) && (p_ccb->remote_cid == rcid)) { 345 /* Fake link disconnect - no reply is generated */ 346 l2c_csm_execute(p_ccb, L2CEVT_LP_DISCONNECT_IND, NULL); 347 } 348 } 349 350 /* SonyEricsson Info request Bug workaround (Continue connection) */ 351 else if (rej_reason == L2CAP_CMD_REJ_NOT_UNDERSTOOD && 352 p_lcb->w4_info_rsp) { 353 alarm_cancel(p_lcb->info_resp_timer); 354 355 p_lcb->w4_info_rsp = false; 356 ci.status = HCI_SUCCESS; 357 ci.bd_addr = p_lcb->remote_bd_addr; 358 359 /* For all channels, send the event through their FSMs */ 360 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; 361 p_ccb = p_ccb->p_next_ccb) { 362 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_INFO_RSP, &ci); 363 } 364 } 365 break; 366 367 case L2CAP_CMD_CONN_REQ: 368 STREAM_TO_UINT16(con_info.psm, p); 369 STREAM_TO_UINT16(rcid, p); 370 p_rcb = l2cu_find_rcb_by_psm(con_info.psm); 371 if (p_rcb == NULL) { 372 L2CAP_TRACE_WARNING("L2CAP - rcvd conn req for unknown PSM: %d", 373 con_info.psm); 374 l2cu_reject_connection(p_lcb, rcid, id, L2CAP_CONN_NO_PSM); 375 break; 376 } else { 377 if (!p_rcb->api.pL2CA_ConnectInd_Cb) { 378 L2CAP_TRACE_WARNING( 379 "L2CAP - rcvd conn req for outgoing-only connection PSM: %d", 380 con_info.psm); 381 l2cu_reject_connection(p_lcb, rcid, id, L2CAP_CONN_NO_PSM); 382 break; 383 } 384 } 385 p_ccb = l2cu_allocate_ccb(p_lcb, 0); 386 if (p_ccb == NULL) { 387 L2CAP_TRACE_ERROR("L2CAP - unable to allocate CCB"); 388 l2cu_reject_connection(p_lcb, rcid, id, L2CAP_CONN_NO_RESOURCES); 389 break; 390 } 391 p_ccb->remote_id = id; 392 p_ccb->p_rcb = p_rcb; 393 p_ccb->remote_cid = rcid; 394 395 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_REQ, &con_info); 396 break; 397 398 case L2CAP_CMD_CONN_RSP: 399 STREAM_TO_UINT16(con_info.remote_cid, p); 400 STREAM_TO_UINT16(lcid, p); 401 STREAM_TO_UINT16(con_info.l2cap_result, p); 402 STREAM_TO_UINT16(con_info.l2cap_status, p); 403 404 p_ccb = l2cu_find_ccb_by_cid(p_lcb, lcid); 405 if (p_ccb == NULL) { 406 L2CAP_TRACE_WARNING("L2CAP - no CCB for conn rsp, LCID: %d RCID: %d", 407 lcid, con_info.remote_cid); 408 break; 409 } 410 if (p_ccb->local_id != id) { 411 L2CAP_TRACE_WARNING("L2CAP - con rsp - bad ID. Exp: %d Got: %d", 412 p_ccb->local_id, id); 413 break; 414 } 415 416 if (con_info.l2cap_result == L2CAP_CONN_OK) 417 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP, &con_info); 418 else if (con_info.l2cap_result == L2CAP_CONN_PENDING) 419 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP_PND, &con_info); 420 else 421 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP_NEG, &con_info); 422 423 break; 424 425 case L2CAP_CMD_CONFIG_REQ: 426 p_cfg_end = p + cmd_len; 427 cfg_rej = false; 428 cfg_rej_len = 0; 429 430 STREAM_TO_UINT16(lcid, p); 431 STREAM_TO_UINT16(cfg_info.flags, p); 432 433 p_cfg_start = p; 434 435 cfg_info.flush_to_present = cfg_info.mtu_present = 436 cfg_info.qos_present = cfg_info.fcr_present = cfg_info.fcs_present = 437 false; 438 439 while (p < p_cfg_end) { 440 STREAM_TO_UINT8(cfg_code, p); 441 STREAM_TO_UINT8(cfg_len, p); 442 443 switch (cfg_code & 0x7F) { 444 case L2CAP_CFG_TYPE_MTU: 445 cfg_info.mtu_present = true; 446 STREAM_TO_UINT16(cfg_info.mtu, p); 447 break; 448 449 case L2CAP_CFG_TYPE_FLUSH_TOUT: 450 cfg_info.flush_to_present = true; 451 STREAM_TO_UINT16(cfg_info.flush_to, p); 452 break; 453 454 case L2CAP_CFG_TYPE_QOS: 455 cfg_info.qos_present = true; 456 STREAM_TO_UINT8(cfg_info.qos.qos_flags, p); 457 STREAM_TO_UINT8(cfg_info.qos.service_type, p); 458 STREAM_TO_UINT32(cfg_info.qos.token_rate, p); 459 STREAM_TO_UINT32(cfg_info.qos.token_bucket_size, p); 460 STREAM_TO_UINT32(cfg_info.qos.peak_bandwidth, p); 461 STREAM_TO_UINT32(cfg_info.qos.latency, p); 462 STREAM_TO_UINT32(cfg_info.qos.delay_variation, p); 463 break; 464 465 case L2CAP_CFG_TYPE_FCR: 466 cfg_info.fcr_present = true; 467 STREAM_TO_UINT8(cfg_info.fcr.mode, p); 468 STREAM_TO_UINT8(cfg_info.fcr.tx_win_sz, p); 469 STREAM_TO_UINT8(cfg_info.fcr.max_transmit, p); 470 STREAM_TO_UINT16(cfg_info.fcr.rtrans_tout, p); 471 STREAM_TO_UINT16(cfg_info.fcr.mon_tout, p); 472 STREAM_TO_UINT16(cfg_info.fcr.mps, p); 473 break; 474 475 case L2CAP_CFG_TYPE_FCS: 476 cfg_info.fcs_present = true; 477 STREAM_TO_UINT8(cfg_info.fcs, p); 478 break; 479 480 case L2CAP_CFG_TYPE_EXT_FLOW: 481 cfg_info.ext_flow_spec_present = true; 482 STREAM_TO_UINT8(cfg_info.ext_flow_spec.id, p); 483 STREAM_TO_UINT8(cfg_info.ext_flow_spec.stype, p); 484 STREAM_TO_UINT16(cfg_info.ext_flow_spec.max_sdu_size, p); 485 STREAM_TO_UINT32(cfg_info.ext_flow_spec.sdu_inter_time, p); 486 STREAM_TO_UINT32(cfg_info.ext_flow_spec.access_latency, p); 487 STREAM_TO_UINT32(cfg_info.ext_flow_spec.flush_timeout, p); 488 break; 489 490 default: 491 /* sanity check option length */ 492 if ((cfg_len + L2CAP_CFG_OPTION_OVERHEAD) <= cmd_len) { 493 p += cfg_len; 494 if ((cfg_code & 0x80) == 0) { 495 cfg_rej_len += cfg_len + L2CAP_CFG_OPTION_OVERHEAD; 496 cfg_rej = true; 497 } 498 } 499 /* bad length; force loop exit */ 500 else { 501 p = p_cfg_end; 502 cfg_rej = true; 503 } 504 break; 505 } 506 } 507 508 p_ccb = l2cu_find_ccb_by_cid(p_lcb, lcid); 509 if (p_ccb != NULL) { 510 p_ccb->remote_id = id; 511 if (cfg_rej) { 512 l2cu_send_peer_config_rej( 513 p_ccb, p_cfg_start, (uint16_t)(cmd_len - L2CAP_CONFIG_REQ_LEN), 514 cfg_rej_len); 515 } else { 516 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONFIG_REQ, &cfg_info); 517 } 518 } else { 519 /* updated spec says send command reject on invalid cid */ 520 l2cu_send_peer_cmd_reject(p_lcb, L2CAP_CMD_REJ_INVALID_CID, id, 0, 0); 521 } 522 break; 523 524 case L2CAP_CMD_CONFIG_RSP: 525 p_cfg_end = p + cmd_len; 526 STREAM_TO_UINT16(lcid, p); 527 STREAM_TO_UINT16(cfg_info.flags, p); 528 STREAM_TO_UINT16(cfg_info.result, p); 529 530 cfg_info.flush_to_present = cfg_info.mtu_present = 531 cfg_info.qos_present = cfg_info.fcr_present = cfg_info.fcs_present = 532 false; 533 534 while (p < p_cfg_end) { 535 STREAM_TO_UINT8(cfg_code, p); 536 STREAM_TO_UINT8(cfg_len, p); 537 538 switch (cfg_code & 0x7F) { 539 case L2CAP_CFG_TYPE_MTU: 540 cfg_info.mtu_present = true; 541 STREAM_TO_UINT16(cfg_info.mtu, p); 542 break; 543 544 case L2CAP_CFG_TYPE_FLUSH_TOUT: 545 cfg_info.flush_to_present = true; 546 STREAM_TO_UINT16(cfg_info.flush_to, p); 547 break; 548 549 case L2CAP_CFG_TYPE_QOS: 550 cfg_info.qos_present = true; 551 STREAM_TO_UINT8(cfg_info.qos.qos_flags, p); 552 STREAM_TO_UINT8(cfg_info.qos.service_type, p); 553 STREAM_TO_UINT32(cfg_info.qos.token_rate, p); 554 STREAM_TO_UINT32(cfg_info.qos.token_bucket_size, p); 555 STREAM_TO_UINT32(cfg_info.qos.peak_bandwidth, p); 556 STREAM_TO_UINT32(cfg_info.qos.latency, p); 557 STREAM_TO_UINT32(cfg_info.qos.delay_variation, p); 558 break; 559 560 case L2CAP_CFG_TYPE_FCR: 561 cfg_info.fcr_present = true; 562 STREAM_TO_UINT8(cfg_info.fcr.mode, p); 563 STREAM_TO_UINT8(cfg_info.fcr.tx_win_sz, p); 564 STREAM_TO_UINT8(cfg_info.fcr.max_transmit, p); 565 STREAM_TO_UINT16(cfg_info.fcr.rtrans_tout, p); 566 STREAM_TO_UINT16(cfg_info.fcr.mon_tout, p); 567 STREAM_TO_UINT16(cfg_info.fcr.mps, p); 568 break; 569 570 case L2CAP_CFG_TYPE_FCS: 571 cfg_info.fcs_present = true; 572 STREAM_TO_UINT8(cfg_info.fcs, p); 573 break; 574 575 case L2CAP_CFG_TYPE_EXT_FLOW: 576 cfg_info.ext_flow_spec_present = true; 577 STREAM_TO_UINT8(cfg_info.ext_flow_spec.id, p); 578 STREAM_TO_UINT8(cfg_info.ext_flow_spec.stype, p); 579 STREAM_TO_UINT16(cfg_info.ext_flow_spec.max_sdu_size, p); 580 STREAM_TO_UINT32(cfg_info.ext_flow_spec.sdu_inter_time, p); 581 STREAM_TO_UINT32(cfg_info.ext_flow_spec.access_latency, p); 582 STREAM_TO_UINT32(cfg_info.ext_flow_spec.flush_timeout, p); 583 break; 584 } 585 } 586 587 p_ccb = l2cu_find_ccb_by_cid(p_lcb, lcid); 588 if (p_ccb != NULL) { 589 if (p_ccb->local_id != id) { 590 L2CAP_TRACE_WARNING("L2CAP - cfg rsp - bad ID. Exp: %d Got: %d", 591 p_ccb->local_id, id); 592 break; 593 } 594 if ((cfg_info.result == L2CAP_CFG_OK) || 595 (cfg_info.result == L2CAP_CFG_PENDING)) 596 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONFIG_RSP, &cfg_info); 597 else 598 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONFIG_RSP_NEG, &cfg_info); 599 } else { 600 L2CAP_TRACE_WARNING("L2CAP - rcvd cfg rsp for unknown CID: 0x%04x", 601 lcid); 602 } 603 break; 604 605 case L2CAP_CMD_DISC_REQ: 606 STREAM_TO_UINT16(lcid, p); 607 STREAM_TO_UINT16(rcid, p); 608 609 p_ccb = l2cu_find_ccb_by_cid(p_lcb, lcid); 610 if (p_ccb != NULL) { 611 if (p_ccb->remote_cid == rcid) { 612 p_ccb->remote_id = id; 613 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_DISCONNECT_REQ, &con_info); 614 } 615 } else 616 l2cu_send_peer_disc_rsp(p_lcb, id, lcid, rcid); 617 618 break; 619 620 case L2CAP_CMD_DISC_RSP: 621 STREAM_TO_UINT16(rcid, p); 622 STREAM_TO_UINT16(lcid, p); 623 624 p_ccb = l2cu_find_ccb_by_cid(p_lcb, lcid); 625 if (p_ccb != NULL) { 626 if ((p_ccb->remote_cid == rcid) && (p_ccb->local_id == id)) { 627 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_DISCONNECT_RSP, &con_info); 628 } 629 } 630 break; 631 632 case L2CAP_CMD_ECHO_REQ: 633 l2cu_send_peer_echo_rsp(p_lcb, id, p, cmd_len); 634 break; 635 636 case L2CAP_CMD_ECHO_RSP: 637 if (p_lcb->p_echo_rsp_cb) { 638 tL2CA_ECHO_RSP_CB* p_cb = p_lcb->p_echo_rsp_cb; 639 640 /* Zero out the callback in case app immediately calls us again */ 641 p_lcb->p_echo_rsp_cb = NULL; 642 643 (*p_cb)(L2CAP_PING_RESULT_OK); 644 } 645 break; 646 647 case L2CAP_CMD_INFO_REQ: 648 STREAM_TO_UINT16(info_type, p); 649 l2cu_send_peer_info_rsp(p_lcb, id, info_type); 650 break; 651 652 case L2CAP_CMD_INFO_RSP: 653 /* Stop the link connect timer if sent before L2CAP connection is up */ 654 if (p_lcb->w4_info_rsp) { 655 alarm_cancel(p_lcb->info_resp_timer); 656 p_lcb->w4_info_rsp = false; 657 } 658 659 STREAM_TO_UINT16(info_type, p); 660 STREAM_TO_UINT16(result, p); 661 662 p_lcb->info_rx_bits |= (1 << info_type); 663 664 if ((info_type == L2CAP_EXTENDED_FEATURES_INFO_TYPE) && 665 (result == L2CAP_INFO_RESP_RESULT_SUCCESS)) { 666 STREAM_TO_UINT32(p_lcb->peer_ext_fea, p); 667 668 #if (L2CAP_NUM_FIXED_CHNLS > 0) 669 if (p_lcb->peer_ext_fea & L2CAP_EXTFEA_FIXED_CHNLS) { 670 l2cu_send_peer_info_req(p_lcb, L2CAP_FIXED_CHANNELS_INFO_TYPE); 671 break; 672 } else { 673 l2cu_process_fixed_chnl_resp(p_lcb); 674 } 675 #endif 676 } 677 678 #if (L2CAP_NUM_FIXED_CHNLS > 0) 679 if (info_type == L2CAP_FIXED_CHANNELS_INFO_TYPE) { 680 if (result == L2CAP_INFO_RESP_RESULT_SUCCESS) { 681 memcpy(p_lcb->peer_chnl_mask, p, L2CAP_FIXED_CHNL_ARRAY_SIZE); 682 } 683 684 l2cu_process_fixed_chnl_resp(p_lcb); 685 } 686 #endif 687 #if (L2CAP_UCD_INCLUDED == TRUE) 688 else if (info_type == L2CAP_CONNLESS_MTU_INFO_TYPE) { 689 if (result == L2CAP_INFO_RESP_RESULT_SUCCESS) { 690 STREAM_TO_UINT16(p_lcb->ucd_mtu, p); 691 } 692 } 693 #endif 694 695 ci.status = HCI_SUCCESS; 696 ci.bd_addr = p_lcb->remote_bd_addr; 697 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; 698 p_ccb = p_ccb->p_next_ccb) { 699 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_INFO_RSP, &ci); 700 } 701 break; 702 703 default: 704 L2CAP_TRACE_WARNING("L2CAP - bad cmd code: %d", cmd_code); 705 l2cu_send_peer_cmd_reject(p_lcb, L2CAP_CMD_REJ_NOT_UNDERSTOOD, id, 0, 706 0); 707 return; 708 } 709 } 710 } 711 712 /******************************************************************************* 713 * 714 * Function l2c_process_held_packets 715 * 716 * Description This function processes any L2CAP packets that arrived 717 * before the HCI connection complete arrived. It is a work 718 * around for badly behaved controllers. 719 * 720 * Returns void 721 * 722 ******************************************************************************/ 723 void l2c_process_held_packets(bool timed_out) { 724 if (list_is_empty(l2cb.rcv_pending_q)) return; 725 726 if (!timed_out) { 727 alarm_cancel(l2cb.receive_hold_timer); 728 L2CAP_TRACE_WARNING("L2CAP HOLD CONTINUE"); 729 } else { 730 L2CAP_TRACE_WARNING("L2CAP HOLD TIMEOUT"); 731 } 732 733 for (const list_node_t* node = list_begin(l2cb.rcv_pending_q); 734 node != list_end(l2cb.rcv_pending_q);) { 735 BT_HDR* p_buf = static_cast<BT_HDR*>(list_node(node)); 736 node = list_next(node); 737 if (!timed_out || (!p_buf->layer_specific) || 738 (--p_buf->layer_specific == 0)) { 739 list_remove(l2cb.rcv_pending_q, p_buf); 740 p_buf->layer_specific = 0xFFFF; 741 l2c_rcv_acl_data(p_buf); 742 } 743 } 744 745 /* If anyone still in the queue, restart the timeout */ 746 if (!list_is_empty(l2cb.rcv_pending_q)) { 747 alarm_set_on_mloop(l2cb.receive_hold_timer, BT_1SEC_TIMEOUT_MS, 748 l2c_receive_hold_timer_timeout, NULL); 749 } 750 } 751 752 /******************************************************************************* 753 * 754 * Function l2c_init 755 * 756 * Description This function is called once at startup to initialize 757 * all the L2CAP structures 758 * 759 * Returns void 760 * 761 ******************************************************************************/ 762 void l2c_init(void) { 763 int16_t xx; 764 765 memset(&l2cb, 0, sizeof(tL2C_CB)); 766 /* the psm is increased by 2 before being used */ 767 l2cb.dyn_psm = 0xFFF; 768 769 /* Put all the channel control blocks on the free queue */ 770 for (xx = 0; xx < MAX_L2CAP_CHANNELS - 1; xx++) { 771 l2cb.ccb_pool[xx].p_next_ccb = &l2cb.ccb_pool[xx + 1]; 772 } 773 774 #if (L2CAP_NON_FLUSHABLE_PB_INCLUDED == TRUE) 775 /* it will be set to L2CAP_PKT_START_NON_FLUSHABLE if controller supports */ 776 l2cb.non_flushable_pbf = L2CAP_PKT_START << L2CAP_PKT_TYPE_SHIFT; 777 #endif 778 779 l2cb.p_free_ccb_first = &l2cb.ccb_pool[0]; 780 l2cb.p_free_ccb_last = &l2cb.ccb_pool[MAX_L2CAP_CHANNELS - 1]; 781 782 #ifdef L2CAP_DESIRED_LINK_ROLE 783 l2cb.desire_role = L2CAP_DESIRED_LINK_ROLE; 784 #else 785 l2cb.desire_role = HCI_ROLE_SLAVE; 786 #endif 787 788 /* Set the default idle timeout */ 789 l2cb.idle_timeout = L2CAP_LINK_INACTIVITY_TOUT; 790 791 #if defined(L2CAP_INITIAL_TRACE_LEVEL) 792 l2cb.l2cap_trace_level = L2CAP_INITIAL_TRACE_LEVEL; 793 #else 794 l2cb.l2cap_trace_level = BT_TRACE_LEVEL_NONE; /* No traces */ 795 #endif 796 797 #if (L2CAP_CONFORMANCE_TESTING == TRUE) 798 /* Conformance testing needs a dynamic response */ 799 l2cb.test_info_resp = L2CAP_EXTFEA_SUPPORTED_MASK; 800 #endif 801 802 /* Number of ACL buffers to use for high priority channel */ 803 #if (L2CAP_HIGH_PRI_CHAN_QUOTA_IS_CONFIGURABLE == TRUE) 804 l2cb.high_pri_min_xmit_quota = L2CAP_HIGH_PRI_MIN_XMIT_QUOTA; 805 #endif 806 807 l2cb.l2c_ble_fixed_chnls_mask = L2CAP_FIXED_CHNL_ATT_BIT | 808 L2CAP_FIXED_CHNL_BLE_SIG_BIT | 809 L2CAP_FIXED_CHNL_SMP_BIT; 810 811 l2cb.rcv_pending_q = list_new(NULL); 812 CHECK(l2cb.rcv_pending_q != NULL); 813 814 l2cb.receive_hold_timer = alarm_new("l2c.receive_hold_timer"); 815 } 816 817 void l2c_free(void) { 818 list_free(l2cb.rcv_pending_q); 819 l2cb.rcv_pending_q = NULL; 820 } 821 822 void l2c_receive_hold_timer_timeout(UNUSED_ATTR void* data) { 823 /* Update the timeouts in the hold queue */ 824 l2c_process_held_packets(true); 825 } 826 827 void l2c_ccb_timer_timeout(void* data) { 828 tL2C_CCB* p_ccb = (tL2C_CCB*)data; 829 830 l2c_csm_execute(p_ccb, L2CEVT_TIMEOUT, NULL); 831 } 832 833 void l2c_fcrb_ack_timer_timeout(void* data) { 834 tL2C_CCB* p_ccb = (tL2C_CCB*)data; 835 836 l2c_csm_execute(p_ccb, L2CEVT_ACK_TIMEOUT, NULL); 837 } 838 839 void l2c_lcb_timer_timeout(void* data) { 840 tL2C_LCB* p_lcb = (tL2C_LCB*)data; 841 842 l2c_link_timeout(p_lcb); 843 } 844 845 /******************************************************************************* 846 * 847 * Function l2c_data_write 848 * 849 * Description API functions call this function to write data. 850 * 851 * Returns L2CAP_DW_SUCCESS, if data accepted, else false 852 * L2CAP_DW_CONGESTED, if data accepted and the channel is 853 * congested 854 * L2CAP_DW_FAILED, if error 855 * 856 ******************************************************************************/ 857 uint8_t l2c_data_write(uint16_t cid, BT_HDR* p_data, uint16_t flags) { 858 tL2C_CCB* p_ccb; 859 860 /* Find the channel control block. We don't know the link it is on. */ 861 p_ccb = l2cu_find_ccb_by_cid(NULL, cid); 862 if (p_ccb == NULL) { 863 L2CAP_TRACE_WARNING("L2CAP - no CCB for L2CA_DataWrite, CID: %d", cid); 864 osi_free(p_data); 865 return (L2CAP_DW_FAILED); 866 } 867 868 #ifndef TESTER /* Tester may send any amount of data. otherwise sending \ 869 message \ 870 bigger than mtu size of peer is a violation of protocol */ 871 uint16_t mtu; 872 873 if (p_ccb->p_lcb->transport == BT_TRANSPORT_LE) 874 mtu = p_ccb->peer_conn_cfg.mtu; 875 else 876 mtu = p_ccb->peer_cfg.mtu; 877 878 if (p_data->len > mtu) { 879 L2CAP_TRACE_WARNING( 880 "L2CAP - CID: 0x%04x cannot send message bigger than peer's mtu size: " 881 "len=%u mtu=%u", 882 cid, p_data->len, mtu); 883 osi_free(p_data); 884 return (L2CAP_DW_FAILED); 885 } 886 #endif 887 888 /* channel based, packet based flushable or non-flushable */ 889 p_data->layer_specific = flags; 890 891 /* If already congested, do not accept any more packets */ 892 if (p_ccb->cong_sent) { 893 L2CAP_TRACE_ERROR( 894 "L2CAP - CID: 0x%04x cannot send, already congested " 895 "xmit_hold_q.count: %u buff_quota: %u", 896 p_ccb->local_cid, fixed_queue_length(p_ccb->xmit_hold_q), 897 p_ccb->buff_quota); 898 899 osi_free(p_data); 900 return (L2CAP_DW_FAILED); 901 } 902 903 l2c_csm_execute(p_ccb, L2CEVT_L2CA_DATA_WRITE, p_data); 904 905 if (p_ccb->cong_sent) return (L2CAP_DW_CONGESTED); 906 907 return (L2CAP_DW_SUCCESS); 908 } 909
