1 /****************************************************************************** 2 * 3 * Copyright (C) 1999-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 /****************************************************************************** 20 * 21 * This file contains L2CAP utility functions 22 * 23 ******************************************************************************/ 24 25 #include <stdio.h> 26 #include <stdlib.h> 27 #include <string.h> 28 29 #include "bt_common.h" 30 #include "bt_types.h" 31 #include "bt_utils.h" 32 #include "btm_api.h" 33 #include "btm_int.h" 34 #include "btu.h" 35 #include "device/include/controller.h" 36 #include "hcidefs.h" 37 #include "hcimsgs.h" 38 #include "l2c_int.h" 39 #include "l2cdefs.h" 40 #include "osi/include/allocator.h" 41 42 /******************************************************************************* 43 * 44 * Function l2cu_can_allocate_lcb 45 * 46 * Description Look for an unused LCB 47 * 48 * Returns true if there is space for one more lcb 49 * 50 ******************************************************************************/ 51 bool l2cu_can_allocate_lcb(void) { 52 for (int i = 0; i < MAX_L2CAP_LINKS; i++) { 53 if (!l2cb.lcb_pool[i].in_use) return true; 54 } 55 return false; 56 } 57 58 /******************************************************************************* 59 * 60 * Function l2cu_allocate_lcb 61 * 62 * Description Look for an unused LCB 63 * 64 * Returns LCB address or NULL if none found 65 * 66 ******************************************************************************/ 67 tL2C_LCB* l2cu_allocate_lcb(const RawAddress& p_bd_addr, bool is_bonding, 68 tBT_TRANSPORT transport) { 69 int xx; 70 tL2C_LCB* p_lcb = &l2cb.lcb_pool[0]; 71 72 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++) { 73 if (!p_lcb->in_use) { 74 alarm_free(p_lcb->l2c_lcb_timer); 75 alarm_free(p_lcb->info_resp_timer); 76 memset(p_lcb, 0, sizeof(tL2C_LCB)); 77 78 p_lcb->remote_bd_addr = p_bd_addr; 79 80 p_lcb->in_use = true; 81 p_lcb->link_state = LST_DISCONNECTED; 82 p_lcb->handle = HCI_INVALID_HANDLE; 83 p_lcb->link_flush_tout = 0xFFFF; 84 p_lcb->l2c_lcb_timer = alarm_new("l2c_lcb.l2c_lcb_timer"); 85 p_lcb->info_resp_timer = alarm_new("l2c_lcb.info_resp_timer"); 86 p_lcb->idle_timeout = l2cb.idle_timeout; 87 p_lcb->id = 1; /* spec does not allow '0' */ 88 p_lcb->is_bonding = is_bonding; 89 p_lcb->transport = transport; 90 p_lcb->tx_data_len = 91 controller_get_interface()->get_ble_default_data_packet_length(); 92 p_lcb->le_sec_pending_q = fixed_queue_new(SIZE_MAX); 93 94 if (transport == BT_TRANSPORT_LE) { 95 l2cb.num_ble_links_active++; 96 l2c_ble_link_adjust_allocation(); 97 } else { 98 l2cb.num_links_active++; 99 l2c_link_adjust_allocation(); 100 } 101 #if (L2CAP_UCD_INCLUDED == TRUE) 102 p_lcb->ucd_out_sec_pending_q = fixed_queue_new(SIZE_MAX); 103 p_lcb->ucd_in_sec_pending_q = fixed_queue_new(SIZE_MAX); 104 #endif 105 p_lcb->link_xmit_data_q = list_new(NULL); 106 return (p_lcb); 107 } 108 } 109 110 /* If here, no free LCB found */ 111 return (NULL); 112 } 113 114 /******************************************************************************* 115 * 116 * Function l2cu_update_lcb_4_bonding 117 * 118 * Description Mark the lcb for bonding. Used when bonding takes place on 119 * an existing ACL connection. (Pre-Lisbon devices) 120 * 121 * Returns Nothing 122 * 123 ******************************************************************************/ 124 void l2cu_update_lcb_4_bonding(const RawAddress& p_bd_addr, bool is_bonding) { 125 tL2C_LCB* p_lcb = l2cu_find_lcb_by_bd_addr(p_bd_addr, BT_TRANSPORT_BR_EDR); 126 127 if (p_lcb) { 128 VLOG(1) << __func__ << " BDA: " << p_bd_addr 129 << " is_bonding: " << is_bonding; 130 p_lcb->is_bonding = is_bonding; 131 } 132 } 133 134 /******************************************************************************* 135 * 136 * Function l2cu_release_lcb 137 * 138 * Description Release an LCB. All timers will be stopped and freed, 139 * channels dropped, buffers returned etc. 140 * 141 * Returns void 142 * 143 ******************************************************************************/ 144 void l2cu_release_lcb(tL2C_LCB* p_lcb) { 145 tL2C_CCB* p_ccb; 146 147 p_lcb->in_use = false; 148 p_lcb->is_bonding = false; 149 150 /* Stop and free timers */ 151 alarm_free(p_lcb->l2c_lcb_timer); 152 p_lcb->l2c_lcb_timer = NULL; 153 alarm_free(p_lcb->info_resp_timer); 154 p_lcb->info_resp_timer = NULL; 155 156 /* Release any unfinished L2CAP packet on this link */ 157 osi_free_and_reset((void**)&p_lcb->p_hcit_rcv_acl); 158 159 #if (BTM_SCO_INCLUDED == TRUE) 160 if (p_lcb->transport == BT_TRANSPORT_BR_EDR) /* Release all SCO links */ 161 btm_remove_sco_links(p_lcb->remote_bd_addr); 162 #endif 163 164 if (p_lcb->sent_not_acked > 0) { 165 if (p_lcb->transport == BT_TRANSPORT_LE) { 166 l2cb.controller_le_xmit_window += p_lcb->sent_not_acked; 167 if (l2cb.controller_le_xmit_window > l2cb.num_lm_ble_bufs) { 168 l2cb.controller_le_xmit_window = l2cb.num_lm_ble_bufs; 169 } 170 } else { 171 l2cb.controller_xmit_window += p_lcb->sent_not_acked; 172 if (l2cb.controller_xmit_window > l2cb.num_lm_acl_bufs) { 173 l2cb.controller_xmit_window = l2cb.num_lm_acl_bufs; 174 } 175 } 176 } 177 178 // Reset BLE connecting flag only if the address matches 179 if (l2cb.ble_connecting_bda == p_lcb->remote_bd_addr) 180 l2cb.is_ble_connecting = false; 181 182 #if (L2CAP_NUM_FIXED_CHNLS > 0) 183 l2cu_process_fixed_disc_cback(p_lcb); 184 #endif 185 186 /* Ensure no CCBs left on this LCB */ 187 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; 188 p_ccb = p_lcb->ccb_queue.p_first_ccb) { 189 l2cu_release_ccb(p_ccb); 190 } 191 192 /* Tell BTM Acl management the link was removed */ 193 if ((p_lcb->link_state == LST_CONNECTED) || 194 (p_lcb->link_state == LST_DISCONNECTING)) 195 btm_acl_removed(p_lcb->remote_bd_addr, p_lcb->transport); 196 197 /* Release any held buffers */ 198 if (p_lcb->link_xmit_data_q) { 199 while (!list_is_empty(p_lcb->link_xmit_data_q)) { 200 BT_HDR* p_buf = static_cast<BT_HDR*>(list_front(p_lcb->link_xmit_data_q)); 201 list_remove(p_lcb->link_xmit_data_q, p_buf); 202 osi_free(p_buf); 203 } 204 list_free(p_lcb->link_xmit_data_q); 205 p_lcb->link_xmit_data_q = NULL; 206 } 207 208 #if (L2CAP_UCD_INCLUDED == TRUE) 209 /* clean up any security pending UCD */ 210 l2c_ucd_delete_sec_pending_q(p_lcb); 211 #endif 212 213 /* Re-adjust flow control windows make sure it does not go negative */ 214 if (p_lcb->transport == BT_TRANSPORT_LE) { 215 if (l2cb.num_ble_links_active >= 1) l2cb.num_ble_links_active--; 216 217 l2c_ble_link_adjust_allocation(); 218 } else { 219 if (l2cb.num_links_active >= 1) l2cb.num_links_active--; 220 221 l2c_link_adjust_allocation(); 222 } 223 224 /* Check for ping outstanding */ 225 if (p_lcb->p_echo_rsp_cb) { 226 tL2CA_ECHO_RSP_CB* p_cb = p_lcb->p_echo_rsp_cb; 227 228 /* Zero out the callback in case app immediately calls us again */ 229 p_lcb->p_echo_rsp_cb = NULL; 230 231 (*p_cb)(L2CAP_PING_RESULT_NO_LINK); 232 } 233 234 /* Check and release all the LE COC connections waiting for security */ 235 if (p_lcb->le_sec_pending_q) { 236 while (!fixed_queue_is_empty(p_lcb->le_sec_pending_q)) { 237 tL2CAP_SEC_DATA* p_buf = 238 (tL2CAP_SEC_DATA*)fixed_queue_try_dequeue(p_lcb->le_sec_pending_q); 239 if (p_buf->p_callback) 240 p_buf->p_callback(p_lcb->remote_bd_addr, p_lcb->transport, 241 p_buf->p_ref_data, BTM_DEV_RESET); 242 osi_free(p_buf); 243 } 244 fixed_queue_free(p_lcb->le_sec_pending_q, NULL); 245 p_lcb->le_sec_pending_q = NULL; 246 } 247 } 248 249 /******************************************************************************* 250 * 251 * Function l2cu_find_lcb_by_bd_addr 252 * 253 * Description Look through all active LCBs for a match based on the 254 * remote BD address. 255 * 256 * Returns pointer to matched LCB, or NULL if no match 257 * 258 ******************************************************************************/ 259 tL2C_LCB* l2cu_find_lcb_by_bd_addr(const RawAddress& p_bd_addr, 260 tBT_TRANSPORT transport) { 261 int xx; 262 tL2C_LCB* p_lcb = &l2cb.lcb_pool[0]; 263 264 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++) { 265 if ((p_lcb->in_use) && p_lcb->transport == transport && 266 (p_lcb->remote_bd_addr == p_bd_addr)) { 267 return (p_lcb); 268 } 269 } 270 271 /* If here, no match found */ 272 return (NULL); 273 } 274 275 /******************************************************************************* 276 * 277 * Function l2cu_get_conn_role 278 * 279 * Description Determine the desired role (master or slave) of a link. 280 * If already got a slave link, this one must be a master. If 281 * already got at least 1 link where we are the master, make 282 * this also a master. 283 * 284 * Returns HCI_ROLE_MASTER or HCI_ROLE_SLAVE 285 * 286 ******************************************************************************/ 287 uint8_t l2cu_get_conn_role(tL2C_LCB* p_this_lcb) { return l2cb.desire_role; } 288 289 /******************************************************************************* 290 * 291 * Function l2c_is_cmd_rejected 292 * 293 * Description Checks if cmd_code is command or response 294 * If a command it will be rejected per spec. 295 * This function is used when a illegal packet length is 296 * detected. 297 * 298 * Returns bool - true if cmd_code is a command and it is rejected, 299 * false if response code. (command not rejected) 300 * 301 ******************************************************************************/ 302 bool l2c_is_cmd_rejected(uint8_t cmd_code, uint8_t id, tL2C_LCB* p_lcb) { 303 switch (cmd_code) { 304 case L2CAP_CMD_CONN_REQ: 305 case L2CAP_CMD_CONFIG_REQ: 306 case L2CAP_CMD_DISC_REQ: 307 case L2CAP_CMD_ECHO_REQ: 308 case L2CAP_CMD_INFO_REQ: 309 case L2CAP_CMD_AMP_CONN_REQ: 310 case L2CAP_CMD_AMP_MOVE_REQ: 311 case L2CAP_CMD_BLE_UPDATE_REQ: 312 l2cu_send_peer_cmd_reject(p_lcb, L2CAP_CMD_REJ_MTU_EXCEEDED, id, 313 L2CAP_DEFAULT_MTU, 0); 314 L2CAP_TRACE_WARNING("Dumping first Command (%d)", cmd_code); 315 return true; 316 317 default: /* Otherwise a response */ 318 return false; 319 } 320 } 321 322 /******************************************************************************* 323 * 324 * Function l2cu_build_header 325 * 326 * Description Builds the L2CAP command packet header 327 * 328 * Returns Pointer to allocated packet or NULL if no resources 329 * 330 ******************************************************************************/ 331 BT_HDR* l2cu_build_header(tL2C_LCB* p_lcb, uint16_t len, uint8_t cmd, 332 uint8_t id) { 333 BT_HDR* p_buf = (BT_HDR*)osi_malloc(L2CAP_CMD_BUF_SIZE); 334 uint8_t* p; 335 336 p_buf->offset = L2CAP_SEND_CMD_OFFSET; 337 p_buf->len = 338 len + HCI_DATA_PREAMBLE_SIZE + L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 339 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET; 340 341 /* Put in HCI header - handle + pkt boundary */ 342 if (p_lcb->transport == BT_TRANSPORT_LE) { 343 UINT16_TO_STREAM(p, (p_lcb->handle | (L2CAP_PKT_START_NON_FLUSHABLE 344 << L2CAP_PKT_TYPE_SHIFT))); 345 } else { 346 #if (L2CAP_NON_FLUSHABLE_PB_INCLUDED == TRUE) 347 UINT16_TO_STREAM(p, p_lcb->handle | l2cb.non_flushable_pbf); 348 #else 349 UINT16_TO_STREAM( 350 p, (p_lcb->handle | (L2CAP_PKT_START << L2CAP_PKT_TYPE_SHIFT))); 351 #endif 352 } 353 354 UINT16_TO_STREAM(p, len + L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD); 355 UINT16_TO_STREAM(p, len + L2CAP_CMD_OVERHEAD); 356 357 if (p_lcb->transport == BT_TRANSPORT_LE) { 358 UINT16_TO_STREAM(p, L2CAP_BLE_SIGNALLING_CID); 359 } else { 360 UINT16_TO_STREAM(p, L2CAP_SIGNALLING_CID); 361 } 362 363 /* Put in L2CAP command header */ 364 UINT8_TO_STREAM(p, cmd); 365 UINT8_TO_STREAM(p, id); 366 UINT16_TO_STREAM(p, len); 367 368 return (p_buf); 369 } 370 371 /******************************************************************************* 372 * 373 * Function l2cu_adj_id 374 * 375 * Description Checks for valid ID based on specified mask 376 * and adjusts the id if invalid. 377 * 378 * Returns void 379 * 380 ******************************************************************************/ 381 void l2cu_adj_id(tL2C_LCB* p_lcb, uint8_t adj_mask) { 382 if ((adj_mask & L2CAP_ADJ_ZERO_ID) && !p_lcb->id) { 383 p_lcb->id++; 384 } 385 } 386 387 /******************************************************************************* 388 * 389 * Function l2cu_send_peer_cmd_reject 390 * 391 * Description Build and send an L2CAP "command reject" message 392 * to the peer. 393 * 394 * Returns void 395 * 396 ******************************************************************************/ 397 void l2cu_send_peer_cmd_reject(tL2C_LCB* p_lcb, uint16_t reason, uint8_t rem_id, 398 uint16_t p1, uint16_t p2) { 399 uint16_t param_len; 400 BT_HDR* p_buf; 401 uint8_t* p; 402 403 /* Put in L2CAP packet header */ 404 if (reason == L2CAP_CMD_REJ_MTU_EXCEEDED) 405 param_len = 2; 406 else if (reason == L2CAP_CMD_REJ_INVALID_CID) 407 param_len = 4; 408 else 409 param_len = 0; 410 411 p_buf = l2cu_build_header(p_lcb, (uint16_t)(L2CAP_CMD_REJECT_LEN + param_len), 412 L2CAP_CMD_REJECT, rem_id); 413 if (p_buf == NULL) { 414 L2CAP_TRACE_WARNING("L2CAP - no buffer cmd_rej"); 415 return; 416 } 417 418 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 419 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 420 421 UINT16_TO_STREAM(p, reason); 422 423 if (param_len >= 2) UINT16_TO_STREAM(p, p1); 424 425 if (param_len >= 4) UINT16_TO_STREAM(p, p2); 426 427 l2c_link_check_send_pkts(p_lcb, NULL, p_buf); 428 } 429 430 /******************************************************************************* 431 * 432 * Function l2cu_send_peer_connect_req 433 * 434 * Description Build and send an L2CAP "connection request" message 435 * to the peer. 436 * 437 * Returns void 438 * 439 ******************************************************************************/ 440 void l2cu_send_peer_connect_req(tL2C_CCB* p_ccb) { 441 BT_HDR* p_buf; 442 uint8_t* p; 443 444 /* Create an identifier for this packet */ 445 p_ccb->p_lcb->id++; 446 l2cu_adj_id(p_ccb->p_lcb, L2CAP_ADJ_ID); 447 448 p_ccb->local_id = p_ccb->p_lcb->id; 449 450 p_buf = l2cu_build_header(p_ccb->p_lcb, L2CAP_CONN_REQ_LEN, 451 L2CAP_CMD_CONN_REQ, p_ccb->local_id); 452 if (p_buf == NULL) { 453 L2CAP_TRACE_WARNING("L2CAP - no buffer for conn_req"); 454 return; 455 } 456 457 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 458 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 459 460 UINT16_TO_STREAM(p, p_ccb->p_rcb->real_psm); 461 UINT16_TO_STREAM(p, p_ccb->local_cid); 462 463 l2c_link_check_send_pkts(p_ccb->p_lcb, NULL, p_buf); 464 } 465 466 /******************************************************************************* 467 * 468 * Function l2cu_send_peer_connect_rsp 469 * 470 * Description Build and send an L2CAP "connection response" message 471 * to the peer. 472 * 473 * Returns void 474 * 475 ******************************************************************************/ 476 void l2cu_send_peer_connect_rsp(tL2C_CCB* p_ccb, uint16_t result, 477 uint16_t status) { 478 BT_HDR* p_buf; 479 uint8_t* p; 480 481 if (result == L2CAP_CONN_PENDING) { 482 /* if we already sent pending response */ 483 if (p_ccb->flags & CCB_FLAG_SENT_PENDING) 484 return; 485 else 486 p_ccb->flags |= CCB_FLAG_SENT_PENDING; 487 } 488 489 p_buf = l2cu_build_header(p_ccb->p_lcb, L2CAP_CONN_RSP_LEN, 490 L2CAP_CMD_CONN_RSP, p_ccb->remote_id); 491 if (p_buf == NULL) { 492 L2CAP_TRACE_WARNING("L2CAP - no buffer for conn_rsp"); 493 return; 494 } 495 496 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 497 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 498 499 UINT16_TO_STREAM(p, p_ccb->local_cid); 500 UINT16_TO_STREAM(p, p_ccb->remote_cid); 501 UINT16_TO_STREAM(p, result); 502 UINT16_TO_STREAM(p, status); 503 504 l2c_link_check_send_pkts(p_ccb->p_lcb, NULL, p_buf); 505 } 506 507 /******************************************************************************* 508 * 509 * Function l2cu_reject_connection 510 * 511 * Description Build and send an L2CAP "connection response neg" message 512 * to the peer. This function is called when there is no peer 513 * CCB (non-existant PSM or no resources). 514 * 515 * Returns void 516 * 517 ******************************************************************************/ 518 void l2cu_reject_connection(tL2C_LCB* p_lcb, uint16_t remote_cid, 519 uint8_t rem_id, uint16_t result) { 520 BT_HDR* p_buf; 521 uint8_t* p; 522 523 p_buf = 524 l2cu_build_header(p_lcb, L2CAP_CONN_RSP_LEN, L2CAP_CMD_CONN_RSP, rem_id); 525 if (p_buf == NULL) { 526 L2CAP_TRACE_WARNING("L2CAP - no buffer for conn_req"); 527 return; 528 } 529 530 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 531 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 532 533 UINT16_TO_STREAM(p, 0); /* Local CID of 0 */ 534 UINT16_TO_STREAM(p, remote_cid); 535 UINT16_TO_STREAM(p, result); 536 UINT16_TO_STREAM(p, 0); /* Status of 0 */ 537 538 l2c_link_check_send_pkts(p_lcb, NULL, p_buf); 539 } 540 541 /******************************************************************************* 542 * 543 * Function l2cu_send_peer_config_req 544 * 545 * Description Build and send an L2CAP "configuration request" message 546 * to the peer. 547 * 548 * Returns void 549 * 550 ******************************************************************************/ 551 void l2cu_send_peer_config_req(tL2C_CCB* p_ccb, tL2CAP_CFG_INFO* p_cfg) { 552 BT_HDR* p_buf; 553 uint16_t cfg_len = 0; 554 uint8_t* p; 555 556 /* Create an identifier for this packet */ 557 p_ccb->p_lcb->id++; 558 l2cu_adj_id(p_ccb->p_lcb, L2CAP_ADJ_ID); 559 560 p_ccb->local_id = p_ccb->p_lcb->id; 561 562 if (p_cfg->mtu_present) 563 cfg_len += L2CAP_CFG_MTU_OPTION_LEN + L2CAP_CFG_OPTION_OVERHEAD; 564 if (p_cfg->flush_to_present) 565 cfg_len += L2CAP_CFG_FLUSH_OPTION_LEN + L2CAP_CFG_OPTION_OVERHEAD; 566 if (p_cfg->qos_present) 567 cfg_len += L2CAP_CFG_QOS_OPTION_LEN + L2CAP_CFG_OPTION_OVERHEAD; 568 if (p_cfg->fcr_present) 569 cfg_len += L2CAP_CFG_FCR_OPTION_LEN + L2CAP_CFG_OPTION_OVERHEAD; 570 if (p_cfg->fcs_present) 571 cfg_len += L2CAP_CFG_FCS_OPTION_LEN + L2CAP_CFG_OPTION_OVERHEAD; 572 if (p_cfg->ext_flow_spec_present) 573 cfg_len += L2CAP_CFG_EXT_FLOW_OPTION_LEN + L2CAP_CFG_OPTION_OVERHEAD; 574 575 p_buf = l2cu_build_header(p_ccb->p_lcb, 576 (uint16_t)(L2CAP_CONFIG_REQ_LEN + cfg_len), 577 L2CAP_CMD_CONFIG_REQ, p_ccb->local_id); 578 if (p_buf == NULL) { 579 L2CAP_TRACE_WARNING("L2CAP - no buffer for conn_req"); 580 return; 581 } 582 583 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 584 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 585 586 UINT16_TO_STREAM(p, p_ccb->remote_cid); 587 UINT16_TO_STREAM(p, p_cfg->flags); /* Flags (continuation) */ 588 589 /* Now, put the options */ 590 if (p_cfg->mtu_present) { 591 UINT8_TO_STREAM(p, L2CAP_CFG_TYPE_MTU); 592 UINT8_TO_STREAM(p, L2CAP_CFG_MTU_OPTION_LEN); 593 UINT16_TO_STREAM(p, p_cfg->mtu); 594 } 595 if (p_cfg->flush_to_present) { 596 UINT8_TO_STREAM(p, L2CAP_CFG_TYPE_FLUSH_TOUT); 597 UINT8_TO_STREAM(p, L2CAP_CFG_FLUSH_OPTION_LEN); 598 UINT16_TO_STREAM(p, p_cfg->flush_to); 599 } 600 if (p_cfg->qos_present) { 601 UINT8_TO_STREAM(p, L2CAP_CFG_TYPE_QOS); 602 UINT8_TO_STREAM(p, L2CAP_CFG_QOS_OPTION_LEN); 603 UINT8_TO_STREAM(p, p_cfg->qos.qos_flags); 604 UINT8_TO_STREAM(p, p_cfg->qos.service_type); 605 UINT32_TO_STREAM(p, p_cfg->qos.token_rate); 606 UINT32_TO_STREAM(p, p_cfg->qos.token_bucket_size); 607 UINT32_TO_STREAM(p, p_cfg->qos.peak_bandwidth); 608 UINT32_TO_STREAM(p, p_cfg->qos.latency); 609 UINT32_TO_STREAM(p, p_cfg->qos.delay_variation); 610 } 611 if (p_cfg->fcr_present) { 612 UINT8_TO_STREAM(p, L2CAP_CFG_TYPE_FCR); 613 UINT8_TO_STREAM(p, L2CAP_CFG_FCR_OPTION_LEN); 614 UINT8_TO_STREAM(p, p_cfg->fcr.mode); 615 UINT8_TO_STREAM(p, p_cfg->fcr.tx_win_sz); 616 UINT8_TO_STREAM(p, p_cfg->fcr.max_transmit); 617 UINT16_TO_STREAM(p, p_cfg->fcr.rtrans_tout); 618 UINT16_TO_STREAM(p, p_cfg->fcr.mon_tout); 619 UINT16_TO_STREAM(p, p_cfg->fcr.mps); 620 } 621 622 if (p_cfg->fcs_present) { 623 UINT8_TO_STREAM(p, L2CAP_CFG_TYPE_FCS); 624 UINT8_TO_STREAM(p, L2CAP_CFG_FCS_OPTION_LEN); 625 UINT8_TO_STREAM(p, p_cfg->fcs); 626 } 627 628 if (p_cfg->ext_flow_spec_present) { 629 UINT8_TO_STREAM(p, L2CAP_CFG_TYPE_EXT_FLOW); 630 UINT8_TO_STREAM(p, L2CAP_CFG_EXT_FLOW_OPTION_LEN); 631 UINT8_TO_STREAM(p, p_cfg->ext_flow_spec.id); 632 UINT8_TO_STREAM(p, p_cfg->ext_flow_spec.stype); 633 UINT16_TO_STREAM(p, p_cfg->ext_flow_spec.max_sdu_size); 634 UINT32_TO_STREAM(p, p_cfg->ext_flow_spec.sdu_inter_time); 635 UINT32_TO_STREAM(p, p_cfg->ext_flow_spec.access_latency); 636 UINT32_TO_STREAM(p, p_cfg->ext_flow_spec.flush_timeout); 637 } 638 639 l2c_link_check_send_pkts(p_ccb->p_lcb, NULL, p_buf); 640 } 641 642 /******************************************************************************* 643 * 644 * Function l2cu_send_peer_config_rsp 645 * 646 * Description Build and send an L2CAP "configuration response" message 647 * to the peer. 648 * 649 * Returns void 650 * 651 ******************************************************************************/ 652 void l2cu_send_peer_config_rsp(tL2C_CCB* p_ccb, tL2CAP_CFG_INFO* p_cfg) { 653 BT_HDR* p_buf; 654 uint16_t cfg_len = 0; 655 uint8_t* p; 656 657 /* Create an identifier for this packet */ 658 if (p_cfg->mtu_present) 659 cfg_len += L2CAP_CFG_MTU_OPTION_LEN + L2CAP_CFG_OPTION_OVERHEAD; 660 if (p_cfg->flush_to_present) 661 cfg_len += L2CAP_CFG_FLUSH_OPTION_LEN + L2CAP_CFG_OPTION_OVERHEAD; 662 if (p_cfg->qos_present) 663 cfg_len += L2CAP_CFG_QOS_OPTION_LEN + L2CAP_CFG_OPTION_OVERHEAD; 664 if (p_cfg->fcr_present) 665 cfg_len += L2CAP_CFG_FCR_OPTION_LEN + L2CAP_CFG_OPTION_OVERHEAD; 666 if (p_cfg->ext_flow_spec_present) 667 cfg_len += L2CAP_CFG_EXT_FLOW_OPTION_LEN + L2CAP_CFG_OPTION_OVERHEAD; 668 669 p_buf = l2cu_build_header(p_ccb->p_lcb, 670 (uint16_t)(L2CAP_CONFIG_RSP_LEN + cfg_len), 671 L2CAP_CMD_CONFIG_RSP, p_ccb->remote_id); 672 if (p_buf == NULL) { 673 L2CAP_TRACE_WARNING("L2CAP - no buffer for conn_req"); 674 return; 675 } 676 677 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 678 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 679 680 UINT16_TO_STREAM(p, p_ccb->remote_cid); 681 UINT16_TO_STREAM(p, 682 p_cfg->flags); /* Flags (continuation) Must match request */ 683 UINT16_TO_STREAM(p, p_cfg->result); 684 685 /* Now, put the options */ 686 if (p_cfg->mtu_present) { 687 UINT8_TO_STREAM(p, L2CAP_CFG_TYPE_MTU); 688 UINT8_TO_STREAM(p, L2CAP_CFG_MTU_OPTION_LEN); 689 UINT16_TO_STREAM(p, p_cfg->mtu); 690 } 691 if (p_cfg->flush_to_present) { 692 UINT8_TO_STREAM(p, L2CAP_CFG_TYPE_FLUSH_TOUT); 693 UINT8_TO_STREAM(p, L2CAP_CFG_FLUSH_OPTION_LEN); 694 UINT16_TO_STREAM(p, p_cfg->flush_to); 695 } 696 if (p_cfg->qos_present) { 697 UINT8_TO_STREAM(p, L2CAP_CFG_TYPE_QOS); 698 UINT8_TO_STREAM(p, L2CAP_CFG_QOS_OPTION_LEN); 699 UINT8_TO_STREAM(p, p_cfg->qos.qos_flags); 700 UINT8_TO_STREAM(p, p_cfg->qos.service_type); 701 UINT32_TO_STREAM(p, p_cfg->qos.token_rate); 702 UINT32_TO_STREAM(p, p_cfg->qos.token_bucket_size); 703 UINT32_TO_STREAM(p, p_cfg->qos.peak_bandwidth); 704 UINT32_TO_STREAM(p, p_cfg->qos.latency); 705 UINT32_TO_STREAM(p, p_cfg->qos.delay_variation); 706 } 707 if (p_cfg->fcr_present) { 708 UINT8_TO_STREAM(p, L2CAP_CFG_TYPE_FCR); 709 UINT8_TO_STREAM(p, L2CAP_CFG_FCR_OPTION_LEN); 710 UINT8_TO_STREAM(p, p_cfg->fcr.mode); 711 UINT8_TO_STREAM(p, p_cfg->fcr.tx_win_sz); 712 UINT8_TO_STREAM(p, p_cfg->fcr.max_transmit); 713 UINT16_TO_STREAM(p, p_ccb->our_cfg.fcr.rtrans_tout); 714 UINT16_TO_STREAM(p, p_ccb->our_cfg.fcr.mon_tout); 715 UINT16_TO_STREAM(p, p_cfg->fcr.mps); 716 } 717 718 if (p_cfg->ext_flow_spec_present) { 719 UINT8_TO_STREAM(p, L2CAP_CFG_TYPE_EXT_FLOW); 720 UINT8_TO_STREAM(p, L2CAP_CFG_EXT_FLOW_OPTION_LEN); 721 UINT8_TO_STREAM(p, p_cfg->ext_flow_spec.id); 722 UINT8_TO_STREAM(p, p_cfg->ext_flow_spec.stype); 723 UINT16_TO_STREAM(p, p_cfg->ext_flow_spec.max_sdu_size); 724 UINT32_TO_STREAM(p, p_cfg->ext_flow_spec.sdu_inter_time); 725 UINT32_TO_STREAM(p, p_cfg->ext_flow_spec.access_latency); 726 UINT32_TO_STREAM(p, p_cfg->ext_flow_spec.flush_timeout); 727 } 728 729 l2c_link_check_send_pkts(p_ccb->p_lcb, NULL, p_buf); 730 } 731 732 /******************************************************************************* 733 * 734 * Function l2cu_send_peer_config_rej 735 * 736 * Description Build and send an L2CAP "configuration reject" message 737 * to the peer. 738 * 739 * Returns void 740 * 741 ******************************************************************************/ 742 void l2cu_send_peer_config_rej(tL2C_CCB* p_ccb, uint8_t* p_data, 743 uint16_t data_len, uint16_t rej_len) { 744 uint16_t len, cfg_len, buf_space, len1; 745 uint8_t *p, *p_hci_len, *p_data_end; 746 uint8_t cfg_code; 747 748 L2CAP_TRACE_DEBUG("l2cu_send_peer_config_rej: data_len=%d, rej_len=%d", 749 data_len, rej_len); 750 751 len = BT_HDR_SIZE + HCI_DATA_PREAMBLE_SIZE + L2CAP_PKT_OVERHEAD + 752 L2CAP_CMD_OVERHEAD + L2CAP_CONFIG_RSP_LEN; 753 len1 = 0xFFFF - len; 754 if (rej_len > len1) { 755 L2CAP_TRACE_ERROR( 756 "L2CAP - cfg_rej pkt size exceeds buffer design max limit."); 757 return; 758 } 759 760 BT_HDR* p_buf = (BT_HDR*)osi_malloc(len + rej_len); 761 p_buf->offset = L2CAP_SEND_CMD_OFFSET; 762 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET; 763 764 /* Put in HCI header - handle + pkt boundary */ 765 #if (L2CAP_NON_FLUSHABLE_PB_INCLUDED == TRUE) 766 if (HCI_NON_FLUSHABLE_PB_SUPPORTED(BTM_ReadLocalFeatures())) { 767 UINT16_TO_STREAM(p, (p_ccb->p_lcb->handle | (L2CAP_PKT_START_NON_FLUSHABLE 768 << L2CAP_PKT_TYPE_SHIFT))); 769 } else 770 #endif 771 { 772 UINT16_TO_STREAM( 773 p, (p_ccb->p_lcb->handle | (L2CAP_PKT_START << L2CAP_PKT_TYPE_SHIFT))); 774 } 775 776 /* Remember the HCI header length position, and save space for it */ 777 p_hci_len = p; 778 p += 2; 779 780 /* Put in L2CAP packet header */ 781 UINT16_TO_STREAM(p, L2CAP_CMD_OVERHEAD + L2CAP_CONFIG_RSP_LEN + rej_len); 782 UINT16_TO_STREAM(p, L2CAP_SIGNALLING_CID); 783 784 /* Put in L2CAP command header */ 785 UINT8_TO_STREAM(p, L2CAP_CMD_CONFIG_RSP); 786 UINT8_TO_STREAM(p, p_ccb->remote_id); 787 788 UINT16_TO_STREAM(p, L2CAP_CONFIG_RSP_LEN + rej_len); 789 790 UINT16_TO_STREAM(p, p_ccb->remote_cid); 791 UINT16_TO_STREAM(p, 0); /* Flags = 0 (no continuation) */ 792 UINT16_TO_STREAM(p, L2CAP_CFG_UNKNOWN_OPTIONS); 793 794 buf_space = rej_len; 795 796 /* Now, put the rejected options */ 797 p_data_end = p_data + data_len; 798 while (p_data < p_data_end) { 799 cfg_code = *p_data; 800 cfg_len = *(p_data + 1); 801 802 switch (cfg_code & 0x7F) { 803 /* skip known options */ 804 case L2CAP_CFG_TYPE_MTU: 805 case L2CAP_CFG_TYPE_FLUSH_TOUT: 806 case L2CAP_CFG_TYPE_QOS: 807 p_data += cfg_len + L2CAP_CFG_OPTION_OVERHEAD; 808 break; 809 810 /* unknown options; copy into rsp if not hints */ 811 default: 812 /* sanity check option length */ 813 if ((cfg_len + L2CAP_CFG_OPTION_OVERHEAD) <= data_len) { 814 if ((cfg_code & 0x80) == 0) { 815 if (buf_space >= (cfg_len + L2CAP_CFG_OPTION_OVERHEAD)) { 816 memcpy(p, p_data, cfg_len + L2CAP_CFG_OPTION_OVERHEAD); 817 p += cfg_len + L2CAP_CFG_OPTION_OVERHEAD; 818 buf_space -= (cfg_len + L2CAP_CFG_OPTION_OVERHEAD); 819 } else { 820 L2CAP_TRACE_WARNING("L2CAP - cfg_rej exceeds allocated buffer"); 821 p_data = p_data_end; /* force loop exit */ 822 break; 823 } 824 } 825 p_data += cfg_len + L2CAP_CFG_OPTION_OVERHEAD; 826 } 827 /* bad length; force loop exit */ 828 else { 829 p_data = p_data_end; 830 } 831 break; 832 } 833 } 834 835 len = (uint16_t)(p - p_hci_len - 2); 836 UINT16_TO_STREAM(p_hci_len, len); 837 838 p_buf->len = len + 4; 839 840 L2CAP_TRACE_DEBUG("L2CAP - cfg_rej pkt hci_len=%d, l2cap_len=%d", len, 841 (L2CAP_CMD_OVERHEAD + L2CAP_CONFIG_RSP_LEN + rej_len)); 842 843 l2c_link_check_send_pkts(p_ccb->p_lcb, NULL, p_buf); 844 } 845 846 /******************************************************************************* 847 * 848 * Function l2cu_send_peer_disc_req 849 * 850 * Description Build and send an L2CAP "disconnect request" message 851 * to the peer. 852 * 853 * Returns void 854 * 855 ******************************************************************************/ 856 void l2cu_send_peer_disc_req(tL2C_CCB* p_ccb) { 857 BT_HDR *p_buf, *p_buf2; 858 uint8_t* p; 859 860 if ((!p_ccb) || (p_ccb->p_lcb == NULL)) { 861 L2CAP_TRACE_ERROR("%s L2CAP - ccb or lcb invalid", __func__); 862 return; 863 } 864 865 /* Create an identifier for this packet */ 866 p_ccb->p_lcb->id++; 867 l2cu_adj_id(p_ccb->p_lcb, L2CAP_ADJ_ID); 868 869 p_ccb->local_id = p_ccb->p_lcb->id; 870 871 p_buf = l2cu_build_header(p_ccb->p_lcb, L2CAP_DISC_REQ_LEN, 872 L2CAP_CMD_DISC_REQ, p_ccb->local_id); 873 if (p_buf == NULL) { 874 L2CAP_TRACE_WARNING("L2CAP - no buffer for disc_req"); 875 return; 876 } 877 878 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 879 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 880 881 UINT16_TO_STREAM(p, p_ccb->remote_cid); 882 UINT16_TO_STREAM(p, p_ccb->local_cid); 883 884 /* Move all queued data packets to the LCB. In FCR mode, assume the higher 885 layer checks that all buffers are sent before disconnecting. 886 */ 887 if (p_ccb->peer_cfg.fcr.mode == L2CAP_FCR_BASIC_MODE) { 888 while ((p_buf2 = (BT_HDR*)fixed_queue_try_dequeue(p_ccb->xmit_hold_q)) != 889 NULL) { 890 l2cu_set_acl_hci_header(p_buf2, p_ccb); 891 l2c_link_check_send_pkts(p_ccb->p_lcb, p_ccb, p_buf2); 892 } 893 } 894 895 l2c_link_check_send_pkts(p_ccb->p_lcb, NULL, p_buf); 896 } 897 898 /******************************************************************************* 899 * 900 * Function l2cu_send_peer_disc_rsp 901 * 902 * Description Build and send an L2CAP "disconnect response" message 903 * to the peer. 904 * 905 * This function is passed the parameters for the disconnect 906 * response instead of the CCB address, as it may be called 907 * to send a disconnect response when there is no CCB. 908 * 909 * Returns void 910 * 911 ******************************************************************************/ 912 void l2cu_send_peer_disc_rsp(tL2C_LCB* p_lcb, uint8_t remote_id, 913 uint16_t local_cid, uint16_t remote_cid) { 914 BT_HDR* p_buf; 915 uint8_t* p; 916 917 p_buf = l2cu_build_header(p_lcb, L2CAP_DISC_RSP_LEN, L2CAP_CMD_DISC_RSP, 918 remote_id); 919 if (p_buf == NULL) { 920 L2CAP_TRACE_WARNING("L2CAP - no buffer for disc_rsp"); 921 return; 922 } 923 924 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 925 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 926 927 UINT16_TO_STREAM(p, local_cid); 928 UINT16_TO_STREAM(p, remote_cid); 929 930 l2c_link_check_send_pkts(p_lcb, NULL, p_buf); 931 } 932 933 /******************************************************************************* 934 * 935 * Function l2cu_send_peer_echo_req 936 * 937 * Description Build and send an L2CAP "echo request" message 938 * to the peer. Note that we do not currently allow 939 * data in the echo request. 940 * 941 * Returns void 942 * 943 ******************************************************************************/ 944 void l2cu_send_peer_echo_req(tL2C_LCB* p_lcb, uint8_t* p_data, 945 uint16_t data_len) { 946 BT_HDR* p_buf; 947 uint8_t* p; 948 949 p_lcb->id++; 950 l2cu_adj_id(p_lcb, L2CAP_ADJ_ZERO_ID); /* check for wrap to '0' */ 951 952 p_buf = l2cu_build_header(p_lcb, (uint16_t)(L2CAP_ECHO_REQ_LEN + data_len), 953 L2CAP_CMD_ECHO_REQ, p_lcb->id); 954 if (p_buf == NULL) { 955 L2CAP_TRACE_WARNING("L2CAP - no buffer for echo_req"); 956 return; 957 } 958 959 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 960 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 961 962 if (data_len) { 963 ARRAY_TO_STREAM(p, p_data, data_len); 964 } 965 966 l2c_link_check_send_pkts(p_lcb, NULL, p_buf); 967 } 968 969 /******************************************************************************* 970 * 971 * Function l2cu_send_peer_echo_rsp 972 * 973 * Description Build and send an L2CAP "echo response" message 974 * to the peer. 975 * 976 * Returns void 977 * 978 ******************************************************************************/ 979 void l2cu_send_peer_echo_rsp(tL2C_LCB* p_lcb, uint8_t id, uint8_t* p_data, 980 uint16_t data_len) { 981 BT_HDR* p_buf; 982 uint8_t* p; 983 uint16_t maxlen; 984 /* Filter out duplicate IDs or if available buffers are low (intruder 985 * checking) */ 986 if (!id || id == p_lcb->cur_echo_id) { 987 /* Dump this request since it is illegal */ 988 L2CAP_TRACE_WARNING("L2CAP ignoring duplicate echo request (%d)", id); 989 return; 990 } else 991 p_lcb->cur_echo_id = id; 992 993 uint16_t acl_data_size = 994 controller_get_interface()->get_acl_data_size_classic(); 995 uint16_t acl_packet_size = 996 controller_get_interface()->get_acl_packet_size_classic(); 997 /* Don't return data if it does not fit in ACL and L2CAP MTU */ 998 maxlen = (L2CAP_CMD_BUF_SIZE > acl_packet_size) 999 ? acl_data_size 1000 : (uint16_t)L2CAP_CMD_BUF_SIZE; 1001 maxlen -= 1002 (uint16_t)(BT_HDR_SIZE + HCI_DATA_PREAMBLE_SIZE + L2CAP_PKT_OVERHEAD + 1003 L2CAP_CMD_OVERHEAD + L2CAP_ECHO_RSP_LEN); 1004 1005 if (data_len > maxlen) data_len = 0; 1006 1007 p_buf = l2cu_build_header(p_lcb, (uint16_t)(L2CAP_ECHO_RSP_LEN + data_len), 1008 L2CAP_CMD_ECHO_RSP, id); 1009 if (p_buf == NULL) { 1010 L2CAP_TRACE_WARNING("L2CAP - no buffer for echo_rsp"); 1011 return; 1012 } 1013 1014 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 1015 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 1016 1017 if (data_len) { 1018 ARRAY_TO_STREAM(p, p_data, data_len); 1019 } 1020 1021 l2c_link_check_send_pkts(p_lcb, NULL, p_buf); 1022 } 1023 1024 /******************************************************************************* 1025 * 1026 * Function l2cu_send_peer_info_req 1027 * 1028 * Description Build and send an L2CAP "info request" message 1029 * to the peer. 1030 * Returns void 1031 * 1032 ******************************************************************************/ 1033 void l2cu_send_peer_info_req(tL2C_LCB* p_lcb, uint16_t info_type) { 1034 BT_HDR* p_buf; 1035 uint8_t* p; 1036 1037 /* check for wrap and/or BRCM ID */ 1038 p_lcb->id++; 1039 l2cu_adj_id(p_lcb, L2CAP_ADJ_ID); 1040 1041 p_buf = l2cu_build_header(p_lcb, 2, L2CAP_CMD_INFO_REQ, p_lcb->id); 1042 if (p_buf == NULL) { 1043 L2CAP_TRACE_WARNING("L2CAP - no buffer for info_req"); 1044 return; 1045 } 1046 1047 L2CAP_TRACE_EVENT("l2cu_send_peer_info_req: type 0x%04x", info_type); 1048 1049 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 1050 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 1051 1052 UINT16_TO_STREAM(p, info_type); 1053 1054 p_lcb->w4_info_rsp = true; 1055 alarm_set_on_mloop(p_lcb->info_resp_timer, L2CAP_WAIT_INFO_RSP_TIMEOUT_MS, 1056 l2c_info_resp_timer_timeout, p_lcb); 1057 1058 l2c_link_check_send_pkts(p_lcb, NULL, p_buf); 1059 } 1060 1061 /******************************************************************************* 1062 * 1063 * Function l2cu_send_peer_info_rsp 1064 * 1065 * Description Build and send an L2CAP "info response" message 1066 * to the peer. 1067 * 1068 * Returns void 1069 * 1070 ******************************************************************************/ 1071 void l2cu_send_peer_info_rsp(tL2C_LCB* p_lcb, uint8_t remote_id, 1072 uint16_t info_type) { 1073 BT_HDR* p_buf; 1074 uint8_t* p; 1075 uint16_t len = L2CAP_INFO_RSP_LEN; 1076 1077 #if (L2CAP_CONFORMANCE_TESTING == TRUE) 1078 if ((info_type == L2CAP_EXTENDED_FEATURES_INFO_TYPE) && 1079 (l2cb.test_info_resp & 1080 (L2CAP_EXTFEA_ENH_RETRANS | L2CAP_EXTFEA_STREAM_MODE | 1081 L2CAP_EXTFEA_NO_CRC | L2CAP_EXTFEA_EXT_FLOW_SPEC | 1082 L2CAP_EXTFEA_FIXED_CHNLS | L2CAP_EXTFEA_EXT_WINDOW | 1083 L2CAP_EXTFEA_UCD_RECEPTION))) 1084 #else 1085 if ((info_type == L2CAP_EXTENDED_FEATURES_INFO_TYPE) && 1086 (L2CAP_EXTFEA_SUPPORTED_MASK & 1087 (L2CAP_EXTFEA_ENH_RETRANS | L2CAP_EXTFEA_STREAM_MODE | 1088 L2CAP_EXTFEA_NO_CRC | L2CAP_EXTFEA_FIXED_CHNLS | 1089 L2CAP_EXTFEA_UCD_RECEPTION)) != 0) 1090 #endif 1091 { 1092 len += L2CAP_EXTENDED_FEATURES_ARRAY_SIZE; 1093 } else if (info_type == L2CAP_FIXED_CHANNELS_INFO_TYPE) { 1094 len += L2CAP_FIXED_CHNL_ARRAY_SIZE; 1095 } else if (info_type == L2CAP_CONNLESS_MTU_INFO_TYPE) { 1096 len += L2CAP_CONNLESS_MTU_INFO_SIZE; 1097 } 1098 1099 p_buf = l2cu_build_header(p_lcb, len, L2CAP_CMD_INFO_RSP, remote_id); 1100 if (p_buf == NULL) { 1101 L2CAP_TRACE_WARNING("L2CAP - no buffer for info_rsp"); 1102 return; 1103 } 1104 1105 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 1106 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 1107 1108 UINT16_TO_STREAM(p, info_type); 1109 1110 #if (L2CAP_CONFORMANCE_TESTING == TRUE) 1111 if ((info_type == L2CAP_EXTENDED_FEATURES_INFO_TYPE) && 1112 (l2cb.test_info_resp & 1113 (L2CAP_EXTFEA_ENH_RETRANS | L2CAP_EXTFEA_STREAM_MODE | 1114 L2CAP_EXTFEA_UCD_RECEPTION))) 1115 #else 1116 if ((info_type == L2CAP_EXTENDED_FEATURES_INFO_TYPE) && 1117 (L2CAP_EXTFEA_SUPPORTED_MASK & 1118 (L2CAP_EXTFEA_ENH_RETRANS | L2CAP_EXTFEA_STREAM_MODE | 1119 L2CAP_EXTFEA_UCD_RECEPTION)) != 0) 1120 #endif 1121 { 1122 UINT16_TO_STREAM(p, L2CAP_INFO_RESP_RESULT_SUCCESS); 1123 if (p_lcb->transport == BT_TRANSPORT_LE) { 1124 /* optional data are not added for now */ 1125 UINT32_TO_STREAM(p, L2CAP_BLE_EXTFEA_MASK); 1126 } else { 1127 #if (L2CAP_CONFORMANCE_TESTING == TRUE) 1128 UINT32_TO_STREAM(p, l2cb.test_info_resp); 1129 #else 1130 #if (L2CAP_NUM_FIXED_CHNLS > 0) 1131 UINT32_TO_STREAM(p, 1132 L2CAP_EXTFEA_SUPPORTED_MASK | L2CAP_EXTFEA_FIXED_CHNLS); 1133 #else 1134 UINT32_TO_STREAM(p, L2CAP_EXTFEA_SUPPORTED_MASK); 1135 #endif 1136 #endif 1137 } 1138 } else if (info_type == L2CAP_FIXED_CHANNELS_INFO_TYPE) { 1139 UINT16_TO_STREAM(p, L2CAP_INFO_RESP_RESULT_SUCCESS); 1140 memset(p, 0, L2CAP_FIXED_CHNL_ARRAY_SIZE); 1141 1142 p[0] = L2CAP_FIXED_CHNL_SIG_BIT; 1143 1144 if (L2CAP_EXTFEA_SUPPORTED_MASK & L2CAP_EXTFEA_UCD_RECEPTION) 1145 p[0] |= L2CAP_FIXED_CHNL_CNCTLESS_BIT; 1146 1147 #if (L2CAP_NUM_FIXED_CHNLS > 0) 1148 { 1149 int xx; 1150 1151 for (xx = 0; xx < L2CAP_NUM_FIXED_CHNLS; xx++) { 1152 /* Skip fixed channels not used on BR/EDR-ACL link */ 1153 if ((xx >= L2CAP_ATT_CID - L2CAP_FIRST_FIXED_CHNL) && 1154 (xx <= L2CAP_SMP_CID - L2CAP_FIRST_FIXED_CHNL)) 1155 continue; 1156 1157 if (l2cb.fixed_reg[xx].pL2CA_FixedConn_Cb != NULL) 1158 p[(xx + L2CAP_FIRST_FIXED_CHNL) / 8] |= 1159 1 << ((xx + L2CAP_FIRST_FIXED_CHNL) % 8); 1160 } 1161 } 1162 #endif 1163 } else if (info_type == L2CAP_CONNLESS_MTU_INFO_TYPE) { 1164 UINT16_TO_STREAM(p, L2CAP_INFO_RESP_RESULT_SUCCESS); 1165 UINT16_TO_STREAM(p, L2CAP_UCD_MTU); 1166 } else { 1167 UINT16_TO_STREAM( 1168 p, L2CAP_INFO_RESP_RESULT_NOT_SUPPORTED); /* 'not supported' */ 1169 } 1170 1171 l2c_link_check_send_pkts(p_lcb, NULL, p_buf); 1172 } 1173 1174 /****************************************************************************** 1175 * 1176 * Function l2cu_enqueue_ccb 1177 * 1178 * Description queue CCB by priority. The first CCB is highest priority and 1179 * is served at first. The CCB is queued to an LLCB or an LCB. 1180 * 1181 * Returns None 1182 * 1183 ******************************************************************************/ 1184 void l2cu_enqueue_ccb(tL2C_CCB* p_ccb) { 1185 tL2C_CCB* p_ccb1; 1186 tL2C_CCB_Q* p_q = NULL; 1187 1188 /* Find out which queue the channel is on 1189 */ 1190 if (p_ccb->p_lcb != NULL) p_q = &p_ccb->p_lcb->ccb_queue; 1191 1192 if ((!p_ccb->in_use) || (p_q == NULL)) { 1193 L2CAP_TRACE_ERROR( 1194 "l2cu_enqueue_ccb CID: 0x%04x ERROR in_use: %u p_lcb: 0x%08x", 1195 p_ccb->local_cid, p_ccb->in_use, p_ccb->p_lcb); 1196 return; 1197 } 1198 1199 L2CAP_TRACE_DEBUG("l2cu_enqueue_ccb CID: 0x%04x priority: %d", 1200 p_ccb->local_cid, p_ccb->ccb_priority); 1201 1202 /* If the queue is empty, we go at the front */ 1203 if (!p_q->p_first_ccb) { 1204 p_q->p_first_ccb = p_q->p_last_ccb = p_ccb; 1205 p_ccb->p_next_ccb = p_ccb->p_prev_ccb = NULL; 1206 } else { 1207 p_ccb1 = p_q->p_first_ccb; 1208 1209 while (p_ccb1 != NULL) { 1210 /* Insert new ccb at the end of the same priority. Lower number, higher 1211 * priority */ 1212 if (p_ccb->ccb_priority < p_ccb1->ccb_priority) { 1213 /* Are we at the head of the queue ? */ 1214 if (p_ccb1 == p_q->p_first_ccb) 1215 p_q->p_first_ccb = p_ccb; 1216 else 1217 p_ccb1->p_prev_ccb->p_next_ccb = p_ccb; 1218 1219 p_ccb->p_next_ccb = p_ccb1; 1220 p_ccb->p_prev_ccb = p_ccb1->p_prev_ccb; 1221 p_ccb1->p_prev_ccb = p_ccb; 1222 break; 1223 } 1224 1225 p_ccb1 = p_ccb1->p_next_ccb; 1226 } 1227 1228 /* If we are lower then anyone in the list, we go at the end */ 1229 if (!p_ccb1) { 1230 /* add new ccb at the end of the list */ 1231 p_q->p_last_ccb->p_next_ccb = p_ccb; 1232 1233 p_ccb->p_next_ccb = NULL; 1234 p_ccb->p_prev_ccb = p_q->p_last_ccb; 1235 p_q->p_last_ccb = p_ccb; 1236 } 1237 } 1238 1239 #if (L2CAP_ROUND_ROBIN_CHANNEL_SERVICE == TRUE) 1240 /* Adding CCB into round robin service table of its LCB */ 1241 if (p_ccb->p_lcb != NULL) { 1242 /* if this is the first channel in this priority group */ 1243 if (p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].num_ccb == 0) { 1244 /* Set the first channel to this CCB */ 1245 p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].p_first_ccb = p_ccb; 1246 /* Set the next serving channel in this group to this CCB */ 1247 p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].p_serve_ccb = p_ccb; 1248 /* Initialize quota of this priority group based on its priority */ 1249 p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].quota = 1250 L2CAP_GET_PRIORITY_QUOTA(p_ccb->ccb_priority); 1251 } 1252 /* increase number of channels in this group */ 1253 p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].num_ccb++; 1254 } 1255 #endif 1256 } 1257 1258 /****************************************************************************** 1259 * 1260 * Function l2cu_dequeue_ccb 1261 * 1262 * Description dequeue CCB from a queue 1263 * 1264 * Returns - 1265 * 1266 ******************************************************************************/ 1267 void l2cu_dequeue_ccb(tL2C_CCB* p_ccb) { 1268 tL2C_CCB_Q* p_q = NULL; 1269 1270 L2CAP_TRACE_DEBUG("l2cu_dequeue_ccb CID: 0x%04x", p_ccb->local_cid); 1271 1272 /* Find out which queue the channel is on 1273 */ 1274 if (p_ccb->p_lcb != NULL) p_q = &p_ccb->p_lcb->ccb_queue; 1275 1276 if ((!p_ccb->in_use) || (p_q == NULL) || (p_q->p_first_ccb == NULL)) { 1277 L2CAP_TRACE_ERROR( 1278 "l2cu_dequeue_ccb CID: 0x%04x ERROR in_use: %u p_lcb: 0x%08x p_q: " 1279 "0x%08x p_q->p_first_ccb: 0x%08x", 1280 p_ccb->local_cid, p_ccb->in_use, p_ccb->p_lcb, p_q, 1281 p_q ? p_q->p_first_ccb : 0); 1282 return; 1283 } 1284 1285 #if (L2CAP_ROUND_ROBIN_CHANNEL_SERVICE == TRUE) 1286 /* Removing CCB from round robin service table of its LCB */ 1287 if (p_ccb->p_lcb != NULL) { 1288 /* decrease number of channels in this priority group */ 1289 p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].num_ccb--; 1290 1291 /* if it was the last channel in the priority group */ 1292 if (p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].num_ccb == 0) { 1293 p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].p_first_ccb = NULL; 1294 p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].p_serve_ccb = NULL; 1295 } else { 1296 /* if it is the first channel of this group */ 1297 if (p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].p_first_ccb == p_ccb) { 1298 p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].p_first_ccb = 1299 p_ccb->p_next_ccb; 1300 } 1301 /* if it is the next serving channel of this group */ 1302 if (p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].p_serve_ccb == p_ccb) { 1303 /* simply, start serving from the first channel */ 1304 p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].p_serve_ccb = 1305 p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].p_first_ccb; 1306 } 1307 } 1308 } 1309 #endif 1310 1311 if (p_ccb == p_q->p_first_ccb) { 1312 /* We are removing the first in a queue */ 1313 p_q->p_first_ccb = p_ccb->p_next_ccb; 1314 1315 if (p_q->p_first_ccb) 1316 p_q->p_first_ccb->p_prev_ccb = NULL; 1317 else 1318 p_q->p_last_ccb = NULL; 1319 } else if (p_ccb == p_q->p_last_ccb) { 1320 /* We are removing the last in a queue */ 1321 p_q->p_last_ccb = p_ccb->p_prev_ccb; 1322 p_q->p_last_ccb->p_next_ccb = NULL; 1323 } else { 1324 /* In the middle of a chain. */ 1325 p_ccb->p_prev_ccb->p_next_ccb = p_ccb->p_next_ccb; 1326 p_ccb->p_next_ccb->p_prev_ccb = p_ccb->p_prev_ccb; 1327 } 1328 1329 p_ccb->p_next_ccb = p_ccb->p_prev_ccb = NULL; 1330 } 1331 1332 /****************************************************************************** 1333 * 1334 * Function l2cu_change_pri_ccb 1335 * 1336 * Description 1337 * 1338 * Returns - 1339 * 1340 ******************************************************************************/ 1341 void l2cu_change_pri_ccb(tL2C_CCB* p_ccb, tL2CAP_CHNL_PRIORITY priority) { 1342 if (p_ccb->ccb_priority != priority) { 1343 /* If CCB is not the only guy on the queue */ 1344 if ((p_ccb->p_next_ccb != NULL) || (p_ccb->p_prev_ccb != NULL)) { 1345 L2CAP_TRACE_DEBUG("Update CCB list in logical link"); 1346 1347 /* Remove CCB from queue and re-queue it at new priority */ 1348 l2cu_dequeue_ccb(p_ccb); 1349 1350 p_ccb->ccb_priority = priority; 1351 l2cu_enqueue_ccb(p_ccb); 1352 } 1353 #if (L2CAP_ROUND_ROBIN_CHANNEL_SERVICE == TRUE) 1354 else { 1355 /* If CCB is the only guy on the queue, no need to re-enqueue */ 1356 /* update only round robin service data */ 1357 p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].num_ccb = 0; 1358 p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].p_first_ccb = NULL; 1359 p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].p_serve_ccb = NULL; 1360 1361 p_ccb->ccb_priority = priority; 1362 1363 p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].p_first_ccb = p_ccb; 1364 p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].p_serve_ccb = p_ccb; 1365 p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].quota = 1366 L2CAP_GET_PRIORITY_QUOTA(p_ccb->ccb_priority); 1367 p_ccb->p_lcb->rr_serv[p_ccb->ccb_priority].num_ccb = 1; 1368 } 1369 #endif 1370 } 1371 } 1372 1373 /******************************************************************************* 1374 * 1375 * Function l2cu_allocate_ccb 1376 * 1377 * Description This function allocates a Channel Control Block and 1378 * attaches it to a link control block. The local CID 1379 * is also assigned. 1380 * 1381 * Returns pointer to CCB, or NULL if none 1382 * 1383 ******************************************************************************/ 1384 tL2C_CCB* l2cu_allocate_ccb(tL2C_LCB* p_lcb, uint16_t cid) { 1385 tL2C_CCB* p_ccb; 1386 tL2C_CCB* p_prev; 1387 1388 L2CAP_TRACE_DEBUG("l2cu_allocate_ccb: cid 0x%04x", cid); 1389 1390 if (!l2cb.p_free_ccb_first) return (NULL); 1391 1392 /* If a CID was passed in, use that, else take the first free one */ 1393 if (cid == 0) { 1394 p_ccb = l2cb.p_free_ccb_first; 1395 l2cb.p_free_ccb_first = p_ccb->p_next_ccb; 1396 } else { 1397 p_prev = NULL; 1398 1399 p_ccb = &l2cb.ccb_pool[cid - L2CAP_BASE_APPL_CID]; 1400 1401 if (p_ccb == l2cb.p_free_ccb_first) 1402 l2cb.p_free_ccb_first = p_ccb->p_next_ccb; 1403 else { 1404 for (p_prev = l2cb.p_free_ccb_first; p_prev != NULL; 1405 p_prev = p_prev->p_next_ccb) { 1406 if (p_prev->p_next_ccb == p_ccb) { 1407 p_prev->p_next_ccb = p_ccb->p_next_ccb; 1408 1409 if (p_ccb == l2cb.p_free_ccb_last) l2cb.p_free_ccb_last = p_prev; 1410 1411 break; 1412 } 1413 } 1414 if (p_prev == NULL) { 1415 L2CAP_TRACE_ERROR( 1416 "l2cu_allocate_ccb: could not find CCB for CID 0x%04x in the free " 1417 "list", 1418 cid); 1419 return NULL; 1420 } 1421 } 1422 } 1423 1424 p_ccb->p_next_ccb = p_ccb->p_prev_ccb = NULL; 1425 1426 p_ccb->in_use = true; 1427 1428 /* Get a CID for the connection */ 1429 p_ccb->local_cid = L2CAP_BASE_APPL_CID + (uint16_t)(p_ccb - l2cb.ccb_pool); 1430 1431 p_ccb->p_lcb = p_lcb; 1432 p_ccb->p_rcb = NULL; 1433 p_ccb->should_free_rcb = false; 1434 1435 /* Set priority then insert ccb into LCB queue (if we have an LCB) */ 1436 p_ccb->ccb_priority = L2CAP_CHNL_PRIORITY_LOW; 1437 1438 if (p_lcb) l2cu_enqueue_ccb(p_ccb); 1439 1440 /* clear what peer wants to configure */ 1441 p_ccb->peer_cfg_bits = 0; 1442 1443 /* Put in default values for configuration */ 1444 memset(&p_ccb->our_cfg, 0, sizeof(tL2CAP_CFG_INFO)); 1445 memset(&p_ccb->peer_cfg, 0, sizeof(tL2CAP_CFG_INFO)); 1446 1447 /* Put in default values for local/peer configurations */ 1448 p_ccb->our_cfg.flush_to = p_ccb->peer_cfg.flush_to = L2CAP_DEFAULT_FLUSH_TO; 1449 p_ccb->our_cfg.mtu = p_ccb->peer_cfg.mtu = L2CAP_DEFAULT_MTU; 1450 p_ccb->our_cfg.qos.service_type = p_ccb->peer_cfg.qos.service_type = 1451 L2CAP_DEFAULT_SERV_TYPE; 1452 p_ccb->our_cfg.qos.token_rate = p_ccb->peer_cfg.qos.token_rate = 1453 L2CAP_DEFAULT_TOKEN_RATE; 1454 p_ccb->our_cfg.qos.token_bucket_size = p_ccb->peer_cfg.qos.token_bucket_size = 1455 L2CAP_DEFAULT_BUCKET_SIZE; 1456 p_ccb->our_cfg.qos.peak_bandwidth = p_ccb->peer_cfg.qos.peak_bandwidth = 1457 L2CAP_DEFAULT_PEAK_BANDWIDTH; 1458 p_ccb->our_cfg.qos.latency = p_ccb->peer_cfg.qos.latency = 1459 L2CAP_DEFAULT_LATENCY; 1460 p_ccb->our_cfg.qos.delay_variation = p_ccb->peer_cfg.qos.delay_variation = 1461 L2CAP_DEFAULT_DELAY; 1462 1463 p_ccb->bypass_fcs = 0; 1464 memset(&p_ccb->ertm_info, 0, sizeof(tL2CAP_ERTM_INFO)); 1465 p_ccb->peer_cfg_already_rejected = false; 1466 p_ccb->fcr_cfg_tries = L2CAP_MAX_FCR_CFG_TRIES; 1467 1468 alarm_free(p_ccb->fcrb.ack_timer); 1469 p_ccb->fcrb.ack_timer = alarm_new("l2c_fcrb.ack_timer"); 1470 1471 /* CSP408639 Fix: When L2CAP send amp move channel request or receive 1472 * L2CEVT_AMP_MOVE_REQ do following sequence. Send channel move 1473 * request -> Stop retrans/monitor timer -> Change channel state to 1474 * CST_AMP_MOVING. */ 1475 alarm_free(p_ccb->fcrb.mon_retrans_timer); 1476 p_ccb->fcrb.mon_retrans_timer = alarm_new("l2c_fcrb.mon_retrans_timer"); 1477 1478 p_ccb->ertm_info.preferred_mode = 1479 L2CAP_FCR_BASIC_MODE; /* Default mode for channel is basic mode */ 1480 p_ccb->ertm_info.allowed_modes = 1481 L2CAP_FCR_CHAN_OPT_BASIC; /* Default mode for channel is basic mode */ 1482 p_ccb->ertm_info.fcr_rx_buf_size = L2CAP_FCR_RX_BUF_SIZE; 1483 p_ccb->ertm_info.fcr_tx_buf_size = L2CAP_FCR_TX_BUF_SIZE; 1484 p_ccb->ertm_info.user_rx_buf_size = L2CAP_USER_RX_BUF_SIZE; 1485 p_ccb->ertm_info.user_tx_buf_size = L2CAP_USER_TX_BUF_SIZE; 1486 p_ccb->max_rx_mtu = L2CAP_MTU_SIZE; 1487 p_ccb->tx_mps = L2CAP_FCR_TX_BUF_SIZE - 32; 1488 1489 p_ccb->xmit_hold_q = fixed_queue_new(SIZE_MAX); 1490 p_ccb->fcrb.srej_rcv_hold_q = fixed_queue_new(SIZE_MAX); 1491 p_ccb->fcrb.retrans_q = fixed_queue_new(SIZE_MAX); 1492 p_ccb->fcrb.waiting_for_ack_q = fixed_queue_new(SIZE_MAX); 1493 1494 p_ccb->cong_sent = false; 1495 p_ccb->buff_quota = 2; /* This gets set after config */ 1496 1497 /* If CCB was reserved Config_Done can already have some value */ 1498 if (cid == 0) 1499 p_ccb->config_done = 0; 1500 else { 1501 L2CAP_TRACE_DEBUG("l2cu_allocate_ccb: cid 0x%04x config_done:0x%x", cid, 1502 p_ccb->config_done); 1503 } 1504 1505 p_ccb->chnl_state = CST_CLOSED; 1506 p_ccb->flags = 0; 1507 p_ccb->tx_data_rate = L2CAP_CHNL_DATA_RATE_LOW; 1508 p_ccb->rx_data_rate = L2CAP_CHNL_DATA_RATE_LOW; 1509 1510 #if (L2CAP_NON_FLUSHABLE_PB_INCLUDED == TRUE) 1511 p_ccb->is_flushable = false; 1512 #endif 1513 1514 alarm_free(p_ccb->l2c_ccb_timer); 1515 p_ccb->l2c_ccb_timer = alarm_new("l2c.l2c_ccb_timer"); 1516 1517 l2c_link_adjust_chnl_allocation(); 1518 1519 return (p_ccb); 1520 } 1521 1522 /******************************************************************************* 1523 * 1524 * Function l2cu_start_post_bond_timer 1525 * 1526 * Description This function starts the ACL Link inactivity timer after 1527 * dedicated bonding 1528 * This timer can be longer than the normal link inactivity 1529 * timer for some platforms. 1530 * 1531 * Returns bool - true if idle timer started or disconnect initiated 1532 * false if there's one or more pending CCB's exist 1533 * 1534 ******************************************************************************/ 1535 bool l2cu_start_post_bond_timer(uint16_t handle) { 1536 tL2C_LCB* p_lcb = l2cu_find_lcb_by_handle(handle); 1537 1538 if (!p_lcb) return (true); 1539 1540 p_lcb->is_bonding = false; 1541 1542 /* Only start timer if no control blocks allocated */ 1543 if (p_lcb->ccb_queue.p_first_ccb != NULL) return (false); 1544 1545 /* If no channels on the connection, start idle timeout */ 1546 if ((p_lcb->link_state == LST_CONNECTED) || 1547 (p_lcb->link_state == LST_CONNECTING) || 1548 (p_lcb->link_state == LST_DISCONNECTING)) { 1549 period_ms_t timeout_ms = L2CAP_BONDING_TIMEOUT * 1000; 1550 1551 if (p_lcb->idle_timeout == 0) { 1552 btsnd_hcic_disconnect(p_lcb->handle, HCI_ERR_PEER_USER); 1553 p_lcb->link_state = LST_DISCONNECTING; 1554 timeout_ms = L2CAP_LINK_DISCONNECT_TIMEOUT_MS; 1555 } 1556 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, timeout_ms, l2c_lcb_timer_timeout, 1557 p_lcb); 1558 return (true); 1559 } 1560 1561 return (false); 1562 } 1563 1564 /******************************************************************************* 1565 * 1566 * Function l2cu_release_ccb 1567 * 1568 * Description This function releases a Channel Control Block. The timer 1569 * is stopped, any attached buffers freed, and the CCB is 1570 * removed from the link control block. 1571 * 1572 * Returns void 1573 * 1574 ******************************************************************************/ 1575 void l2cu_release_ccb(tL2C_CCB* p_ccb) { 1576 tL2C_LCB* p_lcb = p_ccb->p_lcb; 1577 tL2C_RCB* p_rcb = p_ccb->p_rcb; 1578 1579 L2CAP_TRACE_DEBUG("l2cu_release_ccb: cid 0x%04x in_use: %u", 1580 p_ccb->local_cid, p_ccb->in_use); 1581 1582 /* If already released, could be race condition */ 1583 if (!p_ccb->in_use) return; 1584 1585 if (p_rcb && (p_rcb->psm != p_rcb->real_psm)) { 1586 btm_sec_clr_service_by_psm(p_rcb->psm); 1587 } 1588 1589 if (p_ccb->should_free_rcb) { 1590 osi_free(p_rcb); 1591 p_ccb->p_rcb = NULL; 1592 p_ccb->should_free_rcb = false; 1593 } 1594 1595 btm_sec_clr_temp_auth_service(p_lcb->remote_bd_addr); 1596 1597 /* Free the timer */ 1598 alarm_free(p_ccb->l2c_ccb_timer); 1599 p_ccb->l2c_ccb_timer = NULL; 1600 1601 fixed_queue_free(p_ccb->xmit_hold_q, osi_free); 1602 p_ccb->xmit_hold_q = NULL; 1603 1604 l2c_fcr_cleanup(p_ccb); 1605 1606 /* Channel may not be assigned to any LCB if it was just pre-reserved */ 1607 if ((p_lcb) && ((p_ccb->local_cid >= L2CAP_BASE_APPL_CID) 1608 #if (L2CAP_UCD_INCLUDED == TRUE) 1609 || (p_ccb->local_cid == L2CAP_CONNECTIONLESS_CID) 1610 #endif 1611 )) { 1612 l2cu_dequeue_ccb(p_ccb); 1613 1614 /* Delink the CCB from the LCB */ 1615 p_ccb->p_lcb = NULL; 1616 } 1617 1618 /* Put the CCB back on the free pool */ 1619 if (!l2cb.p_free_ccb_first) { 1620 l2cb.p_free_ccb_first = p_ccb; 1621 l2cb.p_free_ccb_last = p_ccb; 1622 p_ccb->p_next_ccb = NULL; 1623 p_ccb->p_prev_ccb = NULL; 1624 } else { 1625 p_ccb->p_next_ccb = NULL; 1626 p_ccb->p_prev_ccb = l2cb.p_free_ccb_last; 1627 l2cb.p_free_ccb_last->p_next_ccb = p_ccb; 1628 l2cb.p_free_ccb_last = p_ccb; 1629 } 1630 1631 /* Flag as not in use */ 1632 p_ccb->in_use = false; 1633 1634 /* If no channels on the connection, start idle timeout */ 1635 if ((p_lcb) && p_lcb->in_use && (p_lcb->link_state == LST_CONNECTED)) { 1636 if (!p_lcb->ccb_queue.p_first_ccb) { 1637 // Closing a security channel on LE device should not start connection 1638 // timeout 1639 if (p_lcb->transport == BT_TRANSPORT_LE && 1640 p_ccb->local_cid == L2CAP_SMP_CID) 1641 return; 1642 1643 l2cu_no_dynamic_ccbs(p_lcb); 1644 } else { 1645 /* Link is still active, adjust channel quotas. */ 1646 l2c_link_adjust_chnl_allocation(); 1647 } 1648 } 1649 } 1650 1651 /******************************************************************************* 1652 * 1653 * Function l2cu_find_ccb_by_remote_cid 1654 * 1655 * Description Look through all active CCBs on a link for a match based 1656 * on the remote CID. 1657 * 1658 * Returns pointer to matched CCB, or NULL if no match 1659 * 1660 ******************************************************************************/ 1661 tL2C_CCB* l2cu_find_ccb_by_remote_cid(tL2C_LCB* p_lcb, uint16_t remote_cid) { 1662 tL2C_CCB* p_ccb; 1663 1664 /* If LCB is NULL, look through all active links */ 1665 if (!p_lcb) { 1666 return NULL; 1667 } else { 1668 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb) 1669 if ((p_ccb->in_use) && (p_ccb->remote_cid == remote_cid)) return (p_ccb); 1670 } 1671 1672 /* If here, no match found */ 1673 return (NULL); 1674 } 1675 1676 /******************************************************************************* 1677 * 1678 * Function l2cu_allocate_rcb 1679 * 1680 * Description Look through the Registration Control Blocks for a free 1681 * one. 1682 * 1683 * Returns Pointer to the RCB or NULL if not found 1684 * 1685 ******************************************************************************/ 1686 tL2C_RCB* l2cu_allocate_rcb(uint16_t psm) { 1687 tL2C_RCB* p_rcb = &l2cb.rcb_pool[0]; 1688 uint16_t xx; 1689 1690 for (xx = 0; xx < MAX_L2CAP_CLIENTS; xx++, p_rcb++) { 1691 if (!p_rcb->in_use) { 1692 p_rcb->in_use = true; 1693 p_rcb->psm = psm; 1694 #if (L2CAP_UCD_INCLUDED == TRUE) 1695 p_rcb->ucd.state = L2C_UCD_STATE_UNUSED; 1696 #endif 1697 return (p_rcb); 1698 } 1699 } 1700 1701 /* If here, no free RCB found */ 1702 return (NULL); 1703 } 1704 1705 /******************************************************************************* 1706 * 1707 * Function l2cu_allocate_ble_rcb 1708 * 1709 * Description Look through the BLE Registration Control Blocks for a free 1710 * one. 1711 * 1712 * Returns Pointer to the BLE RCB or NULL if not found 1713 * 1714 ******************************************************************************/ 1715 tL2C_RCB* l2cu_allocate_ble_rcb(uint16_t psm) { 1716 tL2C_RCB* p_rcb = &l2cb.ble_rcb_pool[0]; 1717 uint16_t xx; 1718 1719 for (xx = 0; xx < BLE_MAX_L2CAP_CLIENTS; xx++, p_rcb++) { 1720 if (!p_rcb->in_use) { 1721 p_rcb->in_use = true; 1722 p_rcb->psm = psm; 1723 #if (L2CAP_UCD_INCLUDED == TRUE) 1724 p_rcb->ucd.state = L2C_UCD_STATE_UNUSED; 1725 #endif 1726 return (p_rcb); 1727 } 1728 } 1729 1730 /* If here, no free RCB found */ 1731 return (NULL); 1732 } 1733 1734 /******************************************************************************* 1735 * 1736 * Function l2cu_release_rcb 1737 * 1738 * Description Mark an RCB as no longet in use 1739 * 1740 * Returns void 1741 * 1742 ******************************************************************************/ 1743 void l2cu_release_rcb(tL2C_RCB* p_rcb) { 1744 p_rcb->in_use = false; 1745 p_rcb->psm = 0; 1746 } 1747 1748 /******************************************************************************* 1749 * 1750 * Function l2cu_disconnect_chnl 1751 * 1752 * Description Disconnect a channel. Typically, this is due to either 1753 * receiving a bad configuration, bad packet or max_retries 1754 * expiring. 1755 * 1756 ******************************************************************************/ 1757 void l2cu_disconnect_chnl(tL2C_CCB* p_ccb) { 1758 uint16_t local_cid = p_ccb->local_cid; 1759 1760 if (local_cid >= L2CAP_BASE_APPL_CID) { 1761 tL2CA_DISCONNECT_IND_CB* p_disc_cb = 1762 p_ccb->p_rcb->api.pL2CA_DisconnectInd_Cb; 1763 1764 L2CAP_TRACE_WARNING("L2CAP - disconnect_chnl CID: 0x%04x", local_cid); 1765 1766 l2cu_send_peer_disc_req(p_ccb); 1767 1768 l2cu_release_ccb(p_ccb); 1769 1770 (*p_disc_cb)(local_cid, false); 1771 } else { 1772 /* failure on the AMP channel, probably need to disconnect ACL */ 1773 L2CAP_TRACE_ERROR("L2CAP - disconnect_chnl CID: 0x%04x Ignored", local_cid); 1774 } 1775 } 1776 1777 /******************************************************************************* 1778 * 1779 * Function l2cu_find_rcb_by_psm 1780 * 1781 * Description Look through the Registration Control Blocks to see if 1782 * anyone registered to handle the PSM in question 1783 * 1784 * Returns Pointer to the RCB or NULL if not found 1785 * 1786 ******************************************************************************/ 1787 tL2C_RCB* l2cu_find_rcb_by_psm(uint16_t psm) { 1788 tL2C_RCB* p_rcb = &l2cb.rcb_pool[0]; 1789 uint16_t xx; 1790 1791 for (xx = 0; xx < MAX_L2CAP_CLIENTS; xx++, p_rcb++) { 1792 if ((p_rcb->in_use) && (p_rcb->psm == psm)) return (p_rcb); 1793 } 1794 1795 /* If here, no match found */ 1796 return (NULL); 1797 } 1798 1799 /******************************************************************************* 1800 * 1801 * Function l2cu_find_ble_rcb_by_psm 1802 * 1803 * Description Look through the BLE Registration Control Blocks to see if 1804 * anyone registered to handle the PSM in question 1805 * 1806 * Returns Pointer to the BLE RCB or NULL if not found 1807 * 1808 ******************************************************************************/ 1809 tL2C_RCB* l2cu_find_ble_rcb_by_psm(uint16_t psm) { 1810 tL2C_RCB* p_rcb = &l2cb.ble_rcb_pool[0]; 1811 uint16_t xx; 1812 1813 for (xx = 0; xx < BLE_MAX_L2CAP_CLIENTS; xx++, p_rcb++) { 1814 if ((p_rcb->in_use) && (p_rcb->psm == psm)) return (p_rcb); 1815 } 1816 1817 /* If here, no match found */ 1818 return (NULL); 1819 } 1820 1821 /******************************************************************************* 1822 * 1823 * Function l2cu_process_peer_cfg_req 1824 * 1825 * Description This function is called when the peer sends us a "config 1826 * request" message. It extracts the configuration of interest 1827 * and saves it in the CCB. 1828 * 1829 * Note: Negotiation of the FCR channel type is handled 1830 * internally, all others are passed to the upper layer. 1831 * 1832 * Returns uint8_t - L2CAP_PEER_CFG_OK if passed to upper layer, 1833 * L2CAP_PEER_CFG_UNACCEPTABLE if automatically 1834 * responded to because parameters are 1835 * unnacceptable from a specification point 1836 * of view. 1837 * L2CAP_PEER_CFG_DISCONNECT if no compatible channel 1838 * modes between the two devices, and shall 1839 * be closed. 1840 * 1841 ******************************************************************************/ 1842 uint8_t l2cu_process_peer_cfg_req(tL2C_CCB* p_ccb, tL2CAP_CFG_INFO* p_cfg) { 1843 bool mtu_ok = true; 1844 bool qos_type_ok = true; 1845 bool flush_to_ok = true; 1846 bool fcr_ok = true; 1847 uint8_t fcr_status; 1848 1849 /* Ignore FCR parameters for basic mode */ 1850 if (!p_cfg->fcr_present) p_cfg->fcr.mode = L2CAP_FCR_BASIC_MODE; 1851 1852 /* Save the MTU that our peer can receive */ 1853 if (p_cfg->mtu_present) { 1854 /* Make sure MTU is at least the minimum */ 1855 if (p_cfg->mtu >= L2CAP_MIN_MTU) { 1856 /* In basic mode, limit the MTU to our buffer size */ 1857 if ((p_cfg->fcr_present == false) && (p_cfg->mtu > L2CAP_MTU_SIZE)) 1858 p_cfg->mtu = L2CAP_MTU_SIZE; 1859 1860 /* Save the accepted value in case of renegotiation */ 1861 p_ccb->peer_cfg.mtu = p_cfg->mtu; 1862 p_ccb->peer_cfg.mtu_present = true; 1863 p_ccb->peer_cfg_bits |= L2CAP_CH_CFG_MASK_MTU; 1864 } else /* Illegal MTU value */ 1865 { 1866 p_cfg->mtu = L2CAP_MIN_MTU; 1867 mtu_ok = false; 1868 } 1869 } 1870 /* Reload mtu from a previously accepted config request */ 1871 else if (p_ccb->peer_cfg.mtu_present) { 1872 p_cfg->mtu_present = true; 1873 p_cfg->mtu = p_ccb->peer_cfg.mtu; 1874 } 1875 1876 /* Verify that the flush timeout is a valid value (0 is illegal) */ 1877 if (p_cfg->flush_to_present) { 1878 if (!p_cfg->flush_to) { 1879 p_cfg->flush_to = 0xFFFF; /* Infinite retransmissions (spec default) */ 1880 flush_to_ok = false; 1881 } else /* Save the accepted value in case of renegotiation */ 1882 { 1883 p_ccb->peer_cfg.flush_to_present = true; 1884 p_ccb->peer_cfg.flush_to = p_cfg->flush_to; 1885 p_ccb->peer_cfg_bits |= L2CAP_CH_CFG_MASK_FLUSH_TO; 1886 } 1887 } 1888 /* Reload flush_to from a previously accepted config request */ 1889 else if (p_ccb->peer_cfg.flush_to_present) { 1890 p_cfg->flush_to_present = true; 1891 p_cfg->flush_to = p_ccb->peer_cfg.flush_to; 1892 } 1893 1894 /* Save the QOS settings the the peer is using */ 1895 if (p_cfg->qos_present) { 1896 /* Make sure service type is not a reserved value; otherwise let upper 1897 layer decide if acceptable 1898 */ 1899 if (p_cfg->qos.service_type <= GUARANTEED) { 1900 p_ccb->peer_cfg.qos = p_cfg->qos; 1901 p_ccb->peer_cfg.qos_present = true; 1902 p_ccb->peer_cfg_bits |= L2CAP_CH_CFG_MASK_QOS; 1903 } else /* Illegal service type value */ 1904 { 1905 p_cfg->qos.service_type = BEST_EFFORT; 1906 qos_type_ok = false; 1907 } 1908 } 1909 /* Reload QOS from a previously accepted config request */ 1910 else if (p_ccb->peer_cfg.qos_present) { 1911 p_cfg->qos_present = true; 1912 p_cfg->qos = p_ccb->peer_cfg.qos; 1913 } 1914 1915 fcr_status = l2c_fcr_process_peer_cfg_req(p_ccb, p_cfg); 1916 if (fcr_status == L2CAP_PEER_CFG_DISCONNECT) { 1917 /* Notify caller to disconnect the channel (incompatible modes) */ 1918 p_cfg->result = L2CAP_CFG_FAILED_NO_REASON; 1919 p_cfg->mtu_present = p_cfg->qos_present = p_cfg->flush_to_present = 0; 1920 1921 return (L2CAP_PEER_CFG_DISCONNECT); 1922 } 1923 1924 fcr_ok = (fcr_status == L2CAP_PEER_CFG_OK); 1925 1926 /* Return any unacceptable parameters */ 1927 if (mtu_ok && flush_to_ok && qos_type_ok && fcr_ok) { 1928 l2cu_adjust_out_mps(p_ccb); 1929 return (L2CAP_PEER_CFG_OK); 1930 } else { 1931 p_cfg->result = L2CAP_CFG_UNACCEPTABLE_PARAMS; 1932 1933 if (mtu_ok) p_cfg->mtu_present = false; 1934 if (flush_to_ok) p_cfg->flush_to_present = false; 1935 if (qos_type_ok) p_cfg->qos_present = false; 1936 if (fcr_ok) p_cfg->fcr_present = false; 1937 1938 return (L2CAP_PEER_CFG_UNACCEPTABLE); 1939 } 1940 } 1941 1942 /******************************************************************************* 1943 * 1944 * Function l2cu_process_peer_cfg_rsp 1945 * 1946 * Description This function is called when the peer sends us a "config 1947 * response" message. It extracts the configuration of interest 1948 * and saves it in the CCB. 1949 * 1950 * Returns void 1951 * 1952 ******************************************************************************/ 1953 void l2cu_process_peer_cfg_rsp(tL2C_CCB* p_ccb, tL2CAP_CFG_INFO* p_cfg) { 1954 /* If we wanted QoS and the peer sends us a positive response with QoS, use 1955 * his values */ 1956 if ((p_cfg->qos_present) && (p_ccb->our_cfg.qos_present)) 1957 p_ccb->our_cfg.qos = p_cfg->qos; 1958 1959 if (p_cfg->fcr_present) { 1960 /* Save the retransmission and monitor timeout values */ 1961 if (p_cfg->fcr.mode == L2CAP_FCR_ERTM_MODE) { 1962 p_ccb->peer_cfg.fcr.rtrans_tout = p_cfg->fcr.rtrans_tout; 1963 p_ccb->peer_cfg.fcr.mon_tout = p_cfg->fcr.mon_tout; 1964 } 1965 1966 /* Calculate the max number of packets for which we can delay sending an ack 1967 */ 1968 if (p_cfg->fcr.tx_win_sz < p_ccb->our_cfg.fcr.tx_win_sz) 1969 p_ccb->fcrb.max_held_acks = p_cfg->fcr.tx_win_sz / 3; 1970 else 1971 p_ccb->fcrb.max_held_acks = p_ccb->our_cfg.fcr.tx_win_sz / 3; 1972 1973 L2CAP_TRACE_DEBUG( 1974 "l2cu_process_peer_cfg_rsp(): peer tx_win_sz: %d, our tx_win_sz: %d, " 1975 "max_held_acks: %d", 1976 p_cfg->fcr.tx_win_sz, p_ccb->our_cfg.fcr.tx_win_sz, 1977 p_ccb->fcrb.max_held_acks); 1978 } 1979 } 1980 1981 /******************************************************************************* 1982 * 1983 * Function l2cu_process_our_cfg_req 1984 * 1985 * Description This function is called when we send a "config request" 1986 * message. It extracts the configuration of interest and saves 1987 * it in the CCB. 1988 * 1989 * Returns void 1990 * 1991 ******************************************************************************/ 1992 void l2cu_process_our_cfg_req(tL2C_CCB* p_ccb, tL2CAP_CFG_INFO* p_cfg) { 1993 tL2C_LCB* p_lcb; 1994 uint16_t hci_flush_to; 1995 1996 /* Save the QOS settings we are using for transmit */ 1997 if (p_cfg->qos_present) { 1998 p_ccb->our_cfg.qos_present = true; 1999 p_ccb->our_cfg.qos = p_cfg->qos; 2000 } 2001 2002 if (p_cfg->fcr_present) { 2003 /* Override FCR options if attempting streaming or basic */ 2004 if (p_cfg->fcr.mode == L2CAP_FCR_BASIC_MODE) 2005 memset(&p_cfg->fcr, 0, sizeof(tL2CAP_FCR_OPTS)); 2006 else { 2007 /* On BR/EDR, timer values are zero in config request */ 2008 /* On class 2 AMP, timer value in config request shall be non-0 processing 2009 * time */ 2010 /* timer value in config response shall be greater than 2011 * received processing time */ 2012 p_cfg->fcr.mon_tout = p_cfg->fcr.rtrans_tout = 0; 2013 2014 if (p_cfg->fcr.mode == L2CAP_FCR_STREAM_MODE) 2015 p_cfg->fcr.max_transmit = p_cfg->fcr.tx_win_sz = 0; 2016 } 2017 2018 /* Set the threshold to send acks (may be updated in the cfg response) */ 2019 p_ccb->fcrb.max_held_acks = p_cfg->fcr.tx_win_sz / 3; 2020 2021 /* Include FCS option only if peer can handle it */ 2022 if (p_ccb->p_lcb->peer_ext_fea & L2CAP_EXTFEA_NO_CRC) { 2023 /* FCS check can be bypassed if peer also desires to bypass */ 2024 if (p_cfg->fcs_present && p_cfg->fcs == L2CAP_CFG_FCS_BYPASS) 2025 p_ccb->bypass_fcs |= L2CAP_CFG_FCS_OUR; 2026 } else 2027 p_cfg->fcs_present = false; 2028 } else { 2029 p_cfg->fcr.mode = L2CAP_FCR_BASIC_MODE; 2030 } 2031 2032 p_ccb->our_cfg.fcr.mode = p_cfg->fcr.mode; 2033 p_ccb->our_cfg.fcr_present = p_cfg->fcr_present; 2034 2035 /* Check the flush timeout. If it is lower than the current one used */ 2036 /* then we need to adjust the flush timeout sent to the controller */ 2037 if (p_cfg->flush_to_present) { 2038 if ((p_cfg->flush_to == 0) || 2039 (p_cfg->flush_to == L2CAP_NO_AUTOMATIC_FLUSH)) { 2040 /* don't send invalid flush timeout */ 2041 /* SPEC: The sender of the Request shall specify its flush timeout value 2042 */ 2043 /* if it differs from the default value of 0xFFFF */ 2044 p_cfg->flush_to_present = false; 2045 } else { 2046 p_ccb->our_cfg.flush_to = p_cfg->flush_to; 2047 p_lcb = p_ccb->p_lcb; 2048 2049 if (p_cfg->flush_to < p_lcb->link_flush_tout) { 2050 p_lcb->link_flush_tout = p_cfg->flush_to; 2051 2052 /* If the timeout is within range of HCI, set the flush timeout */ 2053 if (p_cfg->flush_to <= ((HCI_MAX_AUTOMATIC_FLUSH_TIMEOUT * 5) / 8)) { 2054 /* Convert flush timeout to 0.625 ms units, with round */ 2055 hci_flush_to = ((p_cfg->flush_to * 8) + 3) / 5; 2056 btsnd_hcic_write_auto_flush_tout(p_lcb->handle, hci_flush_to); 2057 } 2058 } 2059 } 2060 } 2061 } 2062 2063 /******************************************************************************* 2064 * 2065 * Function l2cu_process_our_cfg_rsp 2066 * 2067 * Description This function is called when we send the peer a "config 2068 * response" message. It extracts the configuration of interest 2069 * and saves it in the CCB. 2070 * 2071 * Returns void 2072 * 2073 ******************************************************************************/ 2074 void l2cu_process_our_cfg_rsp(tL2C_CCB* p_ccb, tL2CAP_CFG_INFO* p_cfg) { 2075 /* If peer wants QoS, we are allowed to change the values in a positive 2076 * response */ 2077 if ((p_cfg->qos_present) && (p_ccb->peer_cfg.qos_present)) 2078 p_ccb->peer_cfg.qos = p_cfg->qos; 2079 else 2080 p_cfg->qos_present = false; 2081 2082 l2c_fcr_adj_our_rsp_options(p_ccb, p_cfg); 2083 } 2084 2085 /******************************************************************************* 2086 * 2087 * Function l2cu_device_reset 2088 * 2089 * Description This function is called when reset of the device is 2090 * completed. For all active connection simulate HCI_DISC 2091 * 2092 * Returns void 2093 * 2094 ******************************************************************************/ 2095 void l2cu_device_reset(void) { 2096 int xx; 2097 tL2C_LCB* p_lcb = &l2cb.lcb_pool[0]; 2098 2099 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++) { 2100 if ((p_lcb->in_use) && (p_lcb->handle != HCI_INVALID_HANDLE)) { 2101 l2c_link_hci_disc_comp(p_lcb->handle, (uint8_t)-1); 2102 } 2103 } 2104 l2cb.is_ble_connecting = false; 2105 } 2106 2107 /******************************************************************************* 2108 * 2109 * Function l2cu_create_conn 2110 * 2111 * Description This function initiates an acl connection via HCI 2112 * 2113 * Returns true if successful, false if get buffer fails. 2114 * 2115 ******************************************************************************/ 2116 bool l2cu_create_conn(tL2C_LCB* p_lcb, tBT_TRANSPORT transport) { 2117 uint8_t phy = controller_get_interface()->get_le_all_initiating_phys(); 2118 return l2cu_create_conn(p_lcb, transport, phy); 2119 } 2120 2121 bool l2cu_create_conn(tL2C_LCB* p_lcb, tBT_TRANSPORT transport, 2122 uint8_t initiating_phys) { 2123 int xx; 2124 tL2C_LCB* p_lcb_cur = &l2cb.lcb_pool[0]; 2125 #if (BTM_SCO_INCLUDED == TRUE) 2126 bool is_sco_active; 2127 #endif 2128 2129 tBT_DEVICE_TYPE dev_type; 2130 tBLE_ADDR_TYPE addr_type; 2131 2132 BTM_ReadDevInfo(p_lcb->remote_bd_addr, &dev_type, &addr_type); 2133 2134 if (transport == BT_TRANSPORT_LE) { 2135 if (!controller_get_interface()->supports_ble()) return false; 2136 2137 p_lcb->ble_addr_type = addr_type; 2138 p_lcb->transport = BT_TRANSPORT_LE; 2139 p_lcb->initiating_phys = initiating_phys; 2140 2141 return (l2cble_create_conn(p_lcb)); 2142 } 2143 2144 /* If there is a connection where we perform as a slave, try to switch roles 2145 for this connection */ 2146 for (xx = 0, p_lcb_cur = &l2cb.lcb_pool[0]; xx < MAX_L2CAP_LINKS; 2147 xx++, p_lcb_cur++) { 2148 if (p_lcb_cur == p_lcb) continue; 2149 2150 if ((p_lcb_cur->in_use) && (p_lcb_cur->link_role == HCI_ROLE_SLAVE)) { 2151 #if (BTM_SCO_INCLUDED == TRUE) 2152 /* The LMP_switch_req shall be sent only if the ACL logical transport 2153 is in active mode, when encryption is disabled, and all synchronous 2154 logical transports on the same physical link are disabled." */ 2155 2156 /* Check if there is any SCO Active on this BD Address */ 2157 is_sco_active = btm_is_sco_active_by_bdaddr(p_lcb_cur->remote_bd_addr); 2158 2159 L2CAP_TRACE_API( 2160 "l2cu_create_conn - btm_is_sco_active_by_bdaddr() is_sco_active = %s", 2161 (is_sco_active == true) ? "true" : "false"); 2162 2163 if (is_sco_active == true) 2164 continue; /* No Master Slave switch not allowed when SCO Active */ 2165 #endif 2166 /*4_1_TODO check if btm_cb.devcb.local_features to be used instead */ 2167 if (HCI_SWITCH_SUPPORTED(BTM_ReadLocalFeatures())) { 2168 /* mark this lcb waiting for switch to be completed and 2169 start switch on the other one */ 2170 p_lcb->link_state = LST_CONNECTING_WAIT_SWITCH; 2171 p_lcb->link_role = HCI_ROLE_MASTER; 2172 2173 if (BTM_SwitchRole(p_lcb_cur->remote_bd_addr, HCI_ROLE_MASTER, NULL) == 2174 BTM_CMD_STARTED) { 2175 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, 2176 L2CAP_LINK_ROLE_SWITCH_TIMEOUT_MS, 2177 l2c_lcb_timer_timeout, p_lcb); 2178 return (true); 2179 } 2180 } 2181 } 2182 } 2183 2184 p_lcb->link_state = LST_CONNECTING; 2185 2186 return (l2cu_create_conn_after_switch(p_lcb)); 2187 } 2188 2189 /******************************************************************************* 2190 * 2191 * Function l2cu_get_num_hi_priority 2192 * 2193 * Description Gets the number of high priority channels. 2194 * 2195 * Returns 2196 * 2197 ******************************************************************************/ 2198 uint8_t l2cu_get_num_hi_priority(void) { 2199 uint8_t no_hi = 0; 2200 int xx; 2201 tL2C_LCB* p_lcb = &l2cb.lcb_pool[0]; 2202 2203 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++) { 2204 if ((p_lcb->in_use) && (p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)) { 2205 no_hi++; 2206 } 2207 } 2208 return no_hi; 2209 } 2210 2211 /******************************************************************************* 2212 * 2213 * Function l2cu_create_conn_after_switch 2214 * 2215 * Description This function initiates an acl connection via HCI 2216 * If switch required to create connection it is already done. 2217 * 2218 * Returns true if successful, false if get buffer fails. 2219 * 2220 ******************************************************************************/ 2221 2222 bool l2cu_create_conn_after_switch(tL2C_LCB* p_lcb) { 2223 uint8_t allow_switch = HCI_CR_CONN_ALLOW_SWITCH; 2224 tBTM_INQ_INFO* p_inq_info; 2225 uint8_t page_scan_rep_mode; 2226 uint8_t page_scan_mode; 2227 uint16_t clock_offset; 2228 uint8_t* p_features; 2229 uint16_t num_acl = BTM_GetNumAclLinks(); 2230 tBTM_SEC_DEV_REC* p_dev_rec = btm_find_dev(p_lcb->remote_bd_addr); 2231 uint8_t no_hi_prio_chs = l2cu_get_num_hi_priority(); 2232 2233 p_features = BTM_ReadLocalFeatures(); 2234 2235 L2CAP_TRACE_DEBUG( 2236 "l2cu_create_conn_after_switch :%d num_acl:%d no_hi: %d is_bonding:%d", 2237 l2cb.disallow_switch, num_acl, no_hi_prio_chs, p_lcb->is_bonding); 2238 /* FW team says that we can participant in 4 piconets 2239 * typically 3 piconet + 1 for scanning. 2240 * We can enhance the code to count the number of piconets later. */ 2241 if (((!l2cb.disallow_switch && (num_acl < 3)) || 2242 (p_lcb->is_bonding && (no_hi_prio_chs == 0))) && 2243 HCI_SWITCH_SUPPORTED(p_features)) 2244 allow_switch = HCI_CR_CONN_ALLOW_SWITCH; 2245 else 2246 allow_switch = HCI_CR_CONN_NOT_ALLOW_SWITCH; 2247 2248 p_lcb->link_state = LST_CONNECTING; 2249 2250 /* Check with the BT manager if details about remote device are known */ 2251 p_inq_info = BTM_InqDbRead(p_lcb->remote_bd_addr); 2252 if (p_inq_info != NULL) { 2253 page_scan_rep_mode = p_inq_info->results.page_scan_rep_mode; 2254 page_scan_mode = p_inq_info->results.page_scan_mode; 2255 clock_offset = (uint16_t)(p_inq_info->results.clock_offset); 2256 } else { 2257 /* No info known. Use default settings */ 2258 page_scan_rep_mode = HCI_PAGE_SCAN_REP_MODE_R1; 2259 page_scan_mode = HCI_MANDATARY_PAGE_SCAN_MODE; 2260 2261 clock_offset = (p_dev_rec) ? p_dev_rec->clock_offset : 0; 2262 } 2263 2264 btsnd_hcic_create_conn( 2265 p_lcb->remote_bd_addr, (HCI_PKT_TYPES_MASK_DM1 | HCI_PKT_TYPES_MASK_DH1 | 2266 HCI_PKT_TYPES_MASK_DM3 | HCI_PKT_TYPES_MASK_DH3 | 2267 HCI_PKT_TYPES_MASK_DM5 | HCI_PKT_TYPES_MASK_DH5), 2268 page_scan_rep_mode, page_scan_mode, clock_offset, allow_switch); 2269 2270 btm_acl_update_busy_level(BTM_BLI_PAGE_EVT); 2271 2272 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, L2CAP_LINK_CONNECT_TIMEOUT_MS, 2273 l2c_lcb_timer_timeout, p_lcb); 2274 2275 return (true); 2276 } 2277 2278 /******************************************************************************* 2279 * 2280 * Function l2cu_find_lcb_by_state 2281 * 2282 * Description Look through all active LCBs for a match based on the 2283 * LCB state. 2284 * 2285 * Returns pointer to first matched LCB, or NULL if no match 2286 * 2287 ******************************************************************************/ 2288 tL2C_LCB* l2cu_find_lcb_by_state(tL2C_LINK_STATE state) { 2289 uint16_t i; 2290 tL2C_LCB* p_lcb = &l2cb.lcb_pool[0]; 2291 2292 for (i = 0; i < MAX_L2CAP_LINKS; i++, p_lcb++) { 2293 if ((p_lcb->in_use) && (p_lcb->link_state == state)) { 2294 return (p_lcb); 2295 } 2296 } 2297 2298 /* If here, no match found */ 2299 return (NULL); 2300 } 2301 2302 /******************************************************************************* 2303 * 2304 * Function l2cu_lcb_disconnecting 2305 * 2306 * Description On each active lcb, check if the lcb is in disconnecting 2307 * state, or if there are no ccb's on the lcb (implying 2308 idle timeout is running), or if last ccb on the link 2309 is in disconnecting state. 2310 * 2311 * Returns true if any of above conditions met, false otherwise 2312 * 2313 ******************************************************************************/ 2314 bool l2cu_lcb_disconnecting(void) { 2315 tL2C_LCB* p_lcb; 2316 tL2C_CCB* p_ccb; 2317 uint16_t i; 2318 bool status = false; 2319 2320 p_lcb = &l2cb.lcb_pool[0]; 2321 2322 for (i = 0; i < MAX_L2CAP_LINKS; i++, p_lcb++) { 2323 if (p_lcb->in_use) { 2324 /* no ccbs on lcb, or lcb is in disconnecting state */ 2325 if ((!p_lcb->ccb_queue.p_first_ccb) || 2326 (p_lcb->link_state == LST_DISCONNECTING)) { 2327 status = true; 2328 break; 2329 } 2330 /* only one ccb left on lcb */ 2331 else if (p_lcb->ccb_queue.p_first_ccb == p_lcb->ccb_queue.p_last_ccb) { 2332 p_ccb = p_lcb->ccb_queue.p_first_ccb; 2333 2334 if ((p_ccb->in_use) && 2335 ((p_ccb->chnl_state == CST_W4_L2CAP_DISCONNECT_RSP) || 2336 (p_ccb->chnl_state == CST_W4_L2CA_DISCONNECT_RSP))) { 2337 status = true; 2338 break; 2339 } 2340 } 2341 } 2342 } 2343 return status; 2344 } 2345 2346 /******************************************************************************* 2347 * 2348 * Function l2cu_set_acl_priority 2349 * 2350 * Description Sets the transmission priority for a channel. 2351 * (For initial implementation only two values are valid. 2352 * L2CAP_PRIORITY_NORMAL and L2CAP_PRIORITY_HIGH). 2353 * 2354 * Returns true if a valid channel, else false 2355 * 2356 ******************************************************************************/ 2357 2358 bool l2cu_set_acl_priority(const RawAddress& bd_addr, uint8_t priority, 2359 bool reset_after_rs) { 2360 tL2C_LCB* p_lcb; 2361 uint8_t* pp; 2362 uint8_t command[HCI_BRCM_ACL_PRIORITY_PARAM_SIZE]; 2363 uint8_t vs_param; 2364 2365 APPL_TRACE_EVENT("SET ACL PRIORITY %d", priority); 2366 2367 /* Find the link control block for the acl channel */ 2368 p_lcb = l2cu_find_lcb_by_bd_addr(bd_addr, BT_TRANSPORT_BR_EDR); 2369 if (p_lcb == NULL) { 2370 L2CAP_TRACE_WARNING("L2CAP - no LCB for L2CA_SetAclPriority"); 2371 return (false); 2372 } 2373 2374 if (BTM_IS_BRCM_CONTROLLER()) { 2375 /* Called from above L2CAP through API; send VSC if changed */ 2376 if ((!reset_after_rs && (priority != p_lcb->acl_priority)) || 2377 /* Called because of a master/slave role switch; if high resend VSC */ 2378 (reset_after_rs && p_lcb->acl_priority == L2CAP_PRIORITY_HIGH)) { 2379 pp = command; 2380 2381 vs_param = (priority == L2CAP_PRIORITY_HIGH) ? HCI_BRCM_ACL_PRIORITY_HIGH 2382 : HCI_BRCM_ACL_PRIORITY_LOW; 2383 2384 UINT16_TO_STREAM(pp, p_lcb->handle); 2385 UINT8_TO_STREAM(pp, vs_param); 2386 2387 BTM_VendorSpecificCommand(HCI_BRCM_SET_ACL_PRIORITY, 2388 HCI_BRCM_ACL_PRIORITY_PARAM_SIZE, command, 2389 NULL); 2390 } 2391 } 2392 2393 /* Adjust lmp buffer allocation for this channel if priority changed */ 2394 if (p_lcb->acl_priority != priority) { 2395 p_lcb->acl_priority = priority; 2396 l2c_link_adjust_allocation(); 2397 } 2398 return (true); 2399 } 2400 2401 #if (L2CAP_NON_FLUSHABLE_PB_INCLUDED == TRUE) 2402 /****************************************************************************** 2403 * 2404 * Function l2cu_set_non_flushable_pbf 2405 * 2406 * Description set L2CAP_PKT_START_NON_FLUSHABLE if controller supoorts 2407 * 2408 * Returns void 2409 * 2410 ******************************************************************************/ 2411 void l2cu_set_non_flushable_pbf(bool is_supported) { 2412 if (is_supported) 2413 l2cb.non_flushable_pbf = 2414 (L2CAP_PKT_START_NON_FLUSHABLE << L2CAP_PKT_TYPE_SHIFT); 2415 else 2416 l2cb.non_flushable_pbf = (L2CAP_PKT_START << L2CAP_PKT_TYPE_SHIFT); 2417 } 2418 #endif 2419 2420 /******************************************************************************* 2421 * 2422 * Function l2cu_resubmit_pending_sec_req 2423 * 2424 * Description This function is called when required security procedures 2425 * are completed and any pending requests can be re-submitted. 2426 * 2427 * Returns void 2428 * 2429 ******************************************************************************/ 2430 void l2cu_resubmit_pending_sec_req(const RawAddress* p_bda) { 2431 tL2C_LCB* p_lcb; 2432 tL2C_CCB* p_ccb; 2433 tL2C_CCB* p_next_ccb; 2434 int xx; 2435 2436 L2CAP_TRACE_DEBUG("l2cu_resubmit_pending_sec_req p_bda: 0x%08x", p_bda); 2437 2438 /* If we are called with a BDA, only resubmit for that BDA */ 2439 if (p_bda) { 2440 p_lcb = l2cu_find_lcb_by_bd_addr(*p_bda, BT_TRANSPORT_BR_EDR); 2441 2442 /* If we don't have one, this is an error */ 2443 if (p_lcb) { 2444 /* For all channels, send the event through their FSMs */ 2445 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_next_ccb) { 2446 p_next_ccb = p_ccb->p_next_ccb; 2447 l2c_csm_execute(p_ccb, L2CEVT_SEC_RE_SEND_CMD, NULL); 2448 } 2449 } else { 2450 L2CAP_TRACE_WARNING("l2cu_resubmit_pending_sec_req - unknown BD_ADDR"); 2451 } 2452 } else { 2453 /* No BDA pasesed in, so check all links */ 2454 for (xx = 0, p_lcb = &l2cb.lcb_pool[0]; xx < MAX_L2CAP_LINKS; 2455 xx++, p_lcb++) { 2456 if (p_lcb->in_use) { 2457 /* For all channels, send the event through their FSMs */ 2458 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_next_ccb) { 2459 p_next_ccb = p_ccb->p_next_ccb; 2460 l2c_csm_execute(p_ccb, L2CEVT_SEC_RE_SEND_CMD, NULL); 2461 } 2462 } 2463 } 2464 } 2465 } 2466 2467 #if (L2CAP_CONFORMANCE_TESTING == TRUE) 2468 /******************************************************************************* 2469 * 2470 * Function l2cu_set_info_rsp_mask 2471 * 2472 * Description This function allows the script wrapper to change the 2473 * info resp mask for conformance testing. 2474 * 2475 * Returns pointer to CCB, or NULL if none 2476 * 2477 ******************************************************************************/ 2478 void l2cu_set_info_rsp_mask(uint32_t mask) { l2cb.test_info_resp = mask; } 2479 #endif /* L2CAP_CONFORMANCE_TESTING */ 2480 2481 /******************************************************************************* 2482 * 2483 * Function l2cu_adjust_out_mps 2484 * 2485 * Description Sets our MPS based on current controller capabilities 2486 * 2487 * Returns void 2488 * 2489 ******************************************************************************/ 2490 void l2cu_adjust_out_mps(tL2C_CCB* p_ccb) { 2491 uint16_t packet_size; 2492 2493 /* on the tx side MTU is selected based on packet size of the controller */ 2494 packet_size = btm_get_max_packet_size(p_ccb->p_lcb->remote_bd_addr); 2495 2496 if (packet_size <= (L2CAP_PKT_OVERHEAD + L2CAP_FCR_OVERHEAD + 2497 L2CAP_SDU_LEN_OVERHEAD + L2CAP_FCS_LEN)) { 2498 /* something is very wrong */ 2499 L2CAP_TRACE_ERROR( 2500 "l2cu_adjust_out_mps bad packet size: %u will use MPS: %u", 2501 packet_size, p_ccb->peer_cfg.fcr.mps); 2502 p_ccb->tx_mps = p_ccb->peer_cfg.fcr.mps; 2503 } else { 2504 packet_size -= (L2CAP_PKT_OVERHEAD + L2CAP_FCR_OVERHEAD + 2505 L2CAP_SDU_LEN_OVERHEAD + L2CAP_FCS_LEN); 2506 2507 /* We try to negotiate MTU that each packet can be split into whole 2508 number of max packets. For example if link is 1.2 max packet size is 339 2509 bytes. 2510 At first calculate how many whole packets it is. MAX L2CAP is 1691 + 4 2511 overhead. 2512 1695, that will be 5 Dh5 packets. Now maximum L2CAP packet is 2513 5 * 339 = 1695. Minus 4 bytes L2CAP header 1691. 2514 2515 For EDR 2.0 packet size is 1027. So we better send RFCOMM packet as 1 3DH5 2516 packet 2517 1 * 1027 = 1027. Minus 4 bytes L2CAP header 1023. */ 2518 if (p_ccb->peer_cfg.fcr.mps >= packet_size) 2519 p_ccb->tx_mps = p_ccb->peer_cfg.fcr.mps / packet_size * packet_size; 2520 else 2521 p_ccb->tx_mps = p_ccb->peer_cfg.fcr.mps; 2522 2523 L2CAP_TRACE_DEBUG( 2524 "l2cu_adjust_out_mps use %d Based on peer_cfg.fcr.mps: %u " 2525 "packet_size: %u", 2526 p_ccb->tx_mps, p_ccb->peer_cfg.fcr.mps, packet_size); 2527 } 2528 } 2529 2530 /******************************************************************************* 2531 * 2532 * Function l2cu_initialize_fixed_ccb 2533 * 2534 * Description Initialize a fixed channel's CCB 2535 * 2536 * Returns true or false 2537 * 2538 ******************************************************************************/ 2539 bool l2cu_initialize_fixed_ccb(tL2C_LCB* p_lcb, uint16_t fixed_cid, 2540 tL2CAP_FCR_OPTS* p_fcr) { 2541 #if (L2CAP_NUM_FIXED_CHNLS > 0) 2542 tL2C_CCB* p_ccb; 2543 2544 /* If we already have a CCB, then simply return */ 2545 p_ccb = p_lcb->p_fixed_ccbs[fixed_cid - L2CAP_FIRST_FIXED_CHNL]; 2546 if ((p_ccb != NULL) && p_ccb->in_use) { 2547 /* 2548 * NOTE: The "in_use" check is needed to ignore leftover entries 2549 * that have been already released by l2cu_release_ccb(). 2550 */ 2551 return (true); 2552 } 2553 2554 p_ccb = l2cu_allocate_ccb(NULL, 0); 2555 if (p_ccb == NULL) return (false); 2556 2557 alarm_cancel(p_lcb->l2c_lcb_timer); 2558 2559 /* Set CID for the connection */ 2560 p_ccb->local_cid = fixed_cid; 2561 p_ccb->remote_cid = fixed_cid; 2562 2563 p_ccb->is_flushable = false; 2564 2565 if (p_fcr) { 2566 /* Set the FCR parameters. For now, we will use default pools */ 2567 p_ccb->our_cfg.fcr = p_ccb->peer_cfg.fcr = *p_fcr; 2568 2569 p_ccb->ertm_info.fcr_rx_buf_size = L2CAP_FCR_RX_BUF_SIZE; 2570 p_ccb->ertm_info.fcr_tx_buf_size = L2CAP_FCR_TX_BUF_SIZE; 2571 p_ccb->ertm_info.user_rx_buf_size = L2CAP_USER_RX_BUF_SIZE; 2572 p_ccb->ertm_info.user_tx_buf_size = L2CAP_USER_TX_BUF_SIZE; 2573 2574 p_ccb->fcrb.max_held_acks = p_fcr->tx_win_sz / 3; 2575 } 2576 2577 /* Link ccb to lcb and lcb to ccb */ 2578 p_lcb->p_fixed_ccbs[fixed_cid - L2CAP_FIRST_FIXED_CHNL] = p_ccb; 2579 p_ccb->p_lcb = p_lcb; 2580 2581 /* There is no configuration, so if the link is up, the channel is up */ 2582 if (p_lcb->link_state == LST_CONNECTED) p_ccb->chnl_state = CST_OPEN; 2583 2584 /* Set the default idle timeout value to use */ 2585 p_ccb->fixed_chnl_idle_tout = 2586 l2cb.fixed_reg[fixed_cid - L2CAP_FIRST_FIXED_CHNL].default_idle_tout; 2587 #endif 2588 return (true); 2589 } 2590 2591 /******************************************************************************* 2592 * 2593 * Function l2cu_no_dynamic_ccbs 2594 * 2595 * Description Handles the case when there are no more dynamic CCBs. If 2596 * there are any fixed CCBs, start the longest of the fixed CCB 2597 * timeouts, otherwise start the default link idle timeout or 2598 * disconnect. 2599 * 2600 * Returns void 2601 * 2602 ******************************************************************************/ 2603 void l2cu_no_dynamic_ccbs(tL2C_LCB* p_lcb) { 2604 tBTM_STATUS rc; 2605 period_ms_t timeout_ms = p_lcb->idle_timeout * 1000; 2606 bool start_timeout = true; 2607 2608 #if (L2CAP_NUM_FIXED_CHNLS > 0) 2609 int xx; 2610 2611 for (xx = 0; xx < L2CAP_NUM_FIXED_CHNLS; xx++) { 2612 if ((p_lcb->p_fixed_ccbs[xx] != NULL) && 2613 (p_lcb->p_fixed_ccbs[xx]->fixed_chnl_idle_tout * 1000 > timeout_ms)) { 2614 timeout_ms = p_lcb->p_fixed_ccbs[xx]->fixed_chnl_idle_tout * 1000; 2615 } 2616 } 2617 #endif 2618 2619 /* If the link is pairing, do not mess with the timeouts */ 2620 if (p_lcb->is_bonding) return; 2621 2622 if (timeout_ms == 0) { 2623 L2CAP_TRACE_DEBUG( 2624 "l2cu_no_dynamic_ccbs() IDLE timer 0, disconnecting link"); 2625 2626 rc = btm_sec_disconnect(p_lcb->handle, HCI_ERR_PEER_USER); 2627 if (rc == BTM_CMD_STARTED) { 2628 l2cu_process_fixed_disc_cback(p_lcb); 2629 p_lcb->link_state = LST_DISCONNECTING; 2630 timeout_ms = L2CAP_LINK_DISCONNECT_TIMEOUT_MS; 2631 } else if (rc == BTM_SUCCESS) { 2632 l2cu_process_fixed_disc_cback(p_lcb); 2633 /* BTM SEC will make sure that link is release (probably after pairing is 2634 * done) */ 2635 p_lcb->link_state = LST_DISCONNECTING; 2636 start_timeout = false; 2637 } else if (p_lcb->is_bonding) { 2638 btsnd_hcic_disconnect(p_lcb->handle, HCI_ERR_PEER_USER); 2639 l2cu_process_fixed_disc_cback(p_lcb); 2640 p_lcb->link_state = LST_DISCONNECTING; 2641 timeout_ms = L2CAP_LINK_DISCONNECT_TIMEOUT_MS; 2642 } else { 2643 /* probably no buffer to send disconnect */ 2644 timeout_ms = BT_1SEC_TIMEOUT_MS; 2645 } 2646 } 2647 2648 if (start_timeout) { 2649 L2CAP_TRACE_DEBUG("%s starting IDLE timeout: %d ms", __func__, timeout_ms); 2650 alarm_set_on_mloop(p_lcb->l2c_lcb_timer, timeout_ms, l2c_lcb_timer_timeout, 2651 p_lcb); 2652 } else { 2653 alarm_cancel(p_lcb->l2c_lcb_timer); 2654 } 2655 } 2656 2657 #if (L2CAP_NUM_FIXED_CHNLS > 0) 2658 /******************************************************************************* 2659 * 2660 * Function l2cu_process_fixed_chnl_resp 2661 * 2662 * Description handle a fixed channel response (or lack thereof) 2663 * if the link failed, or a fixed channel response was 2664 * not received, the bitfield is all zeros. 2665 * 2666 ******************************************************************************/ 2667 void l2cu_process_fixed_chnl_resp(tL2C_LCB* p_lcb) { 2668 if (p_lcb->transport == BT_TRANSPORT_BR_EDR) { 2669 /* ignore all not assigned BR/EDR channels */ 2670 p_lcb->peer_chnl_mask[0] &= 2671 (L2CAP_FIXED_CHNL_SIG_BIT | L2CAP_FIXED_CHNL_CNCTLESS_BIT | 2672 L2CAP_FIXED_CHNL_SMP_BR_BIT); 2673 } else 2674 p_lcb->peer_chnl_mask[0] = l2cb.l2c_ble_fixed_chnls_mask; 2675 2676 /* Tell all registered fixed channels about the connection */ 2677 for (int xx = 0; xx < L2CAP_NUM_FIXED_CHNLS; xx++) { 2678 /* skip sending LE fix channel callbacks on BR/EDR links */ 2679 if (p_lcb->transport == BT_TRANSPORT_BR_EDR && 2680 xx + L2CAP_FIRST_FIXED_CHNL >= L2CAP_ATT_CID && 2681 xx + L2CAP_FIRST_FIXED_CHNL <= L2CAP_SMP_CID) 2682 continue; 2683 if (l2cb.fixed_reg[xx].pL2CA_FixedConn_Cb != NULL) { 2684 if (p_lcb->peer_chnl_mask[(xx + L2CAP_FIRST_FIXED_CHNL) / 8] & 2685 (1 << ((xx + L2CAP_FIRST_FIXED_CHNL) % 8))) { 2686 if (p_lcb->p_fixed_ccbs[xx]) 2687 p_lcb->p_fixed_ccbs[xx]->chnl_state = CST_OPEN; 2688 (*l2cb.fixed_reg[xx].pL2CA_FixedConn_Cb)(xx + L2CAP_FIRST_FIXED_CHNL, 2689 p_lcb->remote_bd_addr, true, 0, 2690 p_lcb->transport); 2691 } else { 2692 (*l2cb.fixed_reg[xx].pL2CA_FixedConn_Cb)( 2693 xx + L2CAP_FIRST_FIXED_CHNL, p_lcb->remote_bd_addr, false, 2694 p_lcb->disc_reason, p_lcb->transport); 2695 2696 if (p_lcb->p_fixed_ccbs[xx]) { 2697 l2cu_release_ccb(p_lcb->p_fixed_ccbs[xx]); 2698 p_lcb->p_fixed_ccbs[xx] = NULL; 2699 } 2700 } 2701 } 2702 } 2703 } 2704 #endif 2705 2706 /******************************************************************************* 2707 * 2708 * Function l2cu_process_fixed_disc_cback 2709 * 2710 * Description send l2cap fixed channel disconnection callback to the 2711 * application 2712 * 2713 * Returns void 2714 * 2715 ******************************************************************************/ 2716 void l2cu_process_fixed_disc_cback(tL2C_LCB* p_lcb) { 2717 #if (L2CAP_NUM_FIXED_CHNLS > 0) 2718 2719 /* Select peer channels mask to use depending on transport */ 2720 uint8_t peer_channel_mask = p_lcb->peer_chnl_mask[0]; 2721 2722 // For LE, reset the stored peer channel mask 2723 if (p_lcb->transport == BT_TRANSPORT_LE) p_lcb->peer_chnl_mask[0] = 0; 2724 2725 for (int xx = 0; xx < L2CAP_NUM_FIXED_CHNLS; xx++) { 2726 if (p_lcb->p_fixed_ccbs[xx]) { 2727 if (p_lcb->p_fixed_ccbs[xx] != p_lcb->p_pending_ccb) { 2728 tL2C_CCB* p_l2c_chnl_ctrl_block; 2729 p_l2c_chnl_ctrl_block = p_lcb->p_fixed_ccbs[xx]; 2730 p_lcb->p_fixed_ccbs[xx] = NULL; 2731 l2cu_release_ccb(p_l2c_chnl_ctrl_block); 2732 (*l2cb.fixed_reg[xx].pL2CA_FixedConn_Cb)( 2733 xx + L2CAP_FIRST_FIXED_CHNL, p_lcb->remote_bd_addr, false, 2734 p_lcb->disc_reason, p_lcb->transport); 2735 } 2736 } else if ((peer_channel_mask & (1 << (xx + L2CAP_FIRST_FIXED_CHNL))) && 2737 (l2cb.fixed_reg[xx].pL2CA_FixedConn_Cb != NULL)) 2738 (*l2cb.fixed_reg[xx].pL2CA_FixedConn_Cb)( 2739 xx + L2CAP_FIRST_FIXED_CHNL, p_lcb->remote_bd_addr, false, 2740 p_lcb->disc_reason, p_lcb->transport); 2741 } 2742 #endif 2743 } 2744 2745 /******************************************************************************* 2746 * 2747 * Function l2cu_send_peer_ble_par_req 2748 * 2749 * Description Build and send a BLE parameter update request message 2750 * to the peer. 2751 * 2752 * Returns void 2753 * 2754 ******************************************************************************/ 2755 void l2cu_send_peer_ble_par_req(tL2C_LCB* p_lcb, uint16_t min_int, 2756 uint16_t max_int, uint16_t latency, 2757 uint16_t timeout) { 2758 BT_HDR* p_buf; 2759 uint8_t* p; 2760 2761 /* Create an identifier for this packet */ 2762 p_lcb->id++; 2763 l2cu_adj_id(p_lcb, L2CAP_ADJ_ID); 2764 2765 p_buf = l2cu_build_header(p_lcb, L2CAP_CMD_BLE_UPD_REQ_LEN, 2766 L2CAP_CMD_BLE_UPDATE_REQ, p_lcb->id); 2767 if (p_buf == NULL) { 2768 L2CAP_TRACE_WARNING("l2cu_send_peer_ble_par_req - no buffer"); 2769 return; 2770 } 2771 2772 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 2773 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 2774 2775 UINT16_TO_STREAM(p, min_int); 2776 UINT16_TO_STREAM(p, max_int); 2777 UINT16_TO_STREAM(p, latency); 2778 UINT16_TO_STREAM(p, timeout); 2779 2780 l2c_link_check_send_pkts(p_lcb, NULL, p_buf); 2781 } 2782 2783 /******************************************************************************* 2784 * 2785 * Function l2cu_send_peer_ble_par_rsp 2786 * 2787 * Description Build and send a BLE parameter update response message 2788 * to the peer. 2789 * 2790 * Returns void 2791 * 2792 ******************************************************************************/ 2793 void l2cu_send_peer_ble_par_rsp(tL2C_LCB* p_lcb, uint16_t reason, 2794 uint8_t rem_id) { 2795 BT_HDR* p_buf; 2796 uint8_t* p; 2797 2798 p_buf = l2cu_build_header(p_lcb, L2CAP_CMD_BLE_UPD_RSP_LEN, 2799 L2CAP_CMD_BLE_UPDATE_RSP, rem_id); 2800 if (p_buf == NULL) { 2801 L2CAP_TRACE_WARNING("l2cu_send_peer_ble_par_rsp - no buffer"); 2802 return; 2803 } 2804 2805 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 2806 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 2807 2808 UINT16_TO_STREAM(p, reason); 2809 2810 l2c_link_check_send_pkts(p_lcb, NULL, p_buf); 2811 } 2812 2813 /******************************************************************************* 2814 * 2815 * Function l2cu_send_peer_ble_credit_based_conn_req 2816 * 2817 * Description Build and send a BLE packet to establish LE connection 2818 * oriented L2CAP channel. 2819 * 2820 * Returns void 2821 * 2822 ******************************************************************************/ 2823 void l2cu_send_peer_ble_credit_based_conn_req(tL2C_CCB* p_ccb) { 2824 BT_HDR* p_buf; 2825 uint8_t* p; 2826 tL2C_LCB* p_lcb = NULL; 2827 uint16_t mtu; 2828 uint16_t mps; 2829 uint16_t initial_credit; 2830 2831 if (!p_ccb) return; 2832 p_lcb = p_ccb->p_lcb; 2833 2834 /* Create an identifier for this packet */ 2835 p_ccb->p_lcb->id++; 2836 l2cu_adj_id(p_ccb->p_lcb, L2CAP_ADJ_ID); 2837 2838 p_ccb->local_id = p_ccb->p_lcb->id; 2839 2840 p_buf = l2cu_build_header(p_lcb, L2CAP_CMD_BLE_CREDIT_BASED_CONN_REQ_LEN, 2841 L2CAP_CMD_BLE_CREDIT_BASED_CONN_REQ, p_lcb->id); 2842 if (p_buf == NULL) { 2843 L2CAP_TRACE_WARNING("l2cu_send_peer_ble_credit_based_conn_req - no buffer"); 2844 return; 2845 } 2846 2847 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 2848 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 2849 2850 mtu = p_ccb->local_conn_cfg.mtu; 2851 mps = p_ccb->local_conn_cfg.mps; 2852 initial_credit = p_ccb->local_conn_cfg.credits; 2853 2854 L2CAP_TRACE_DEBUG( 2855 "l2cu_send_peer_ble_credit_based_conn_req PSM:0x%04x local_cid:%d\ 2856 mtu:%d mps:%d initial_credit:%d", 2857 p_ccb->p_rcb->real_psm, p_ccb->local_cid, mtu, mps, initial_credit); 2858 2859 UINT16_TO_STREAM(p, p_ccb->p_rcb->real_psm); 2860 UINT16_TO_STREAM(p, p_ccb->local_cid); 2861 UINT16_TO_STREAM(p, mtu); 2862 UINT16_TO_STREAM(p, mps); 2863 UINT16_TO_STREAM(p, initial_credit); 2864 2865 l2c_link_check_send_pkts(p_lcb, NULL, p_buf); 2866 } 2867 2868 /******************************************************************************* 2869 * 2870 * Function l2cu_reject_ble_connection 2871 * 2872 * Description Build and send an L2CAP "Credit based connection res" 2873 * message to the peer. This function is called for non-success 2874 * cases. 2875 * 2876 * Returns void 2877 * 2878 ******************************************************************************/ 2879 void l2cu_reject_ble_connection(tL2C_LCB* p_lcb, uint8_t rem_id, 2880 uint16_t result) { 2881 BT_HDR* p_buf; 2882 uint8_t* p; 2883 2884 p_buf = l2cu_build_header(p_lcb, L2CAP_CMD_BLE_CREDIT_BASED_CONN_RES_LEN, 2885 L2CAP_CMD_BLE_CREDIT_BASED_CONN_RES, rem_id); 2886 if (p_buf == NULL) { 2887 L2CAP_TRACE_WARNING("l2cu_reject_ble_connection - no buffer"); 2888 return; 2889 } 2890 2891 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 2892 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 2893 2894 UINT16_TO_STREAM(p, 0); /* Local CID of 0 */ 2895 UINT16_TO_STREAM(p, 0); /* MTU */ 2896 UINT16_TO_STREAM(p, 0); /* MPS */ 2897 UINT16_TO_STREAM(p, 0); /* initial credit */ 2898 UINT16_TO_STREAM(p, result); 2899 2900 l2c_link_check_send_pkts(p_lcb, NULL, p_buf); 2901 } 2902 2903 /******************************************************************************* 2904 * 2905 * Function l2cu_send_peer_ble_credit_based_conn_res 2906 * 2907 * Description Build and send an L2CAP "Credit based connection res" 2908 * message to the peer. This function is called in case of 2909 * success. 2910 * 2911 * Returns void 2912 * 2913 ******************************************************************************/ 2914 void l2cu_send_peer_ble_credit_based_conn_res(tL2C_CCB* p_ccb, 2915 uint16_t result) { 2916 BT_HDR* p_buf; 2917 uint8_t* p; 2918 2919 L2CAP_TRACE_DEBUG("l2cu_send_peer_ble_credit_based_conn_res"); 2920 p_buf = 2921 l2cu_build_header(p_ccb->p_lcb, L2CAP_CMD_BLE_CREDIT_BASED_CONN_RES_LEN, 2922 L2CAP_CMD_BLE_CREDIT_BASED_CONN_RES, p_ccb->remote_id); 2923 if (p_buf == NULL) { 2924 L2CAP_TRACE_WARNING("l2cu_send_peer_ble_credit_based_conn_res - no buffer"); 2925 return; 2926 } 2927 2928 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 2929 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 2930 2931 UINT16_TO_STREAM(p, p_ccb->local_cid); /* Local CID */ 2932 UINT16_TO_STREAM(p, p_ccb->local_conn_cfg.mtu); /* MTU */ 2933 UINT16_TO_STREAM(p, p_ccb->local_conn_cfg.mps); /* MPS */ 2934 UINT16_TO_STREAM(p, p_ccb->local_conn_cfg.credits); /* initial credit */ 2935 UINT16_TO_STREAM(p, result); 2936 2937 l2c_link_check_send_pkts(p_ccb->p_lcb, NULL, p_buf); 2938 } 2939 2940 /******************************************************************************* 2941 * 2942 * Function l2cu_send_peer_ble_flow_control_credit 2943 * 2944 * Description Build and send a BLE packet to give credits to peer device 2945 * for LE connection oriented L2CAP channel. 2946 * 2947 * Returns void 2948 * 2949 ******************************************************************************/ 2950 void l2cu_send_peer_ble_flow_control_credit(tL2C_CCB* p_ccb, 2951 uint16_t credit_value) { 2952 BT_HDR* p_buf; 2953 uint8_t* p; 2954 tL2C_LCB* p_lcb = NULL; 2955 2956 if (!p_ccb) return; 2957 p_lcb = p_ccb->p_lcb; 2958 2959 /* Create an identifier for this packet */ 2960 p_ccb->p_lcb->id++; 2961 l2cu_adj_id(p_ccb->p_lcb, L2CAP_ADJ_ID); 2962 2963 p_ccb->local_id = p_ccb->p_lcb->id; 2964 2965 p_buf = l2cu_build_header(p_lcb, L2CAP_CMD_BLE_FLOW_CTRL_CREDIT_LEN, 2966 L2CAP_CMD_BLE_FLOW_CTRL_CREDIT, p_lcb->id); 2967 if (p_buf == NULL) { 2968 L2CAP_TRACE_WARNING("l2cu_send_peer_ble_credit_based_conn_req - no buffer"); 2969 return; 2970 } 2971 2972 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 2973 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 2974 2975 UINT16_TO_STREAM(p, p_ccb->local_cid); 2976 UINT16_TO_STREAM(p, credit_value); 2977 2978 l2c_link_check_send_pkts(p_lcb, NULL, p_buf); 2979 } 2980 2981 /******************************************************************************* 2982 * 2983 * Function l2cu_send_peer_ble_credit_based_conn_req 2984 * 2985 * Description Build and send a BLE packet to disconnect LE connection 2986 * oriented L2CAP channel. 2987 * 2988 * Returns void 2989 * 2990 ******************************************************************************/ 2991 void l2cu_send_peer_ble_credit_based_disconn_req(tL2C_CCB* p_ccb) { 2992 BT_HDR* p_buf; 2993 uint8_t* p; 2994 tL2C_LCB* p_lcb = NULL; 2995 L2CAP_TRACE_DEBUG("%s", __func__); 2996 2997 if (!p_ccb) return; 2998 p_lcb = p_ccb->p_lcb; 2999 3000 /* Create an identifier for this packet */ 3001 p_ccb->p_lcb->id++; 3002 l2cu_adj_id(p_ccb->p_lcb, L2CAP_ADJ_ID); 3003 3004 p_ccb->local_id = p_ccb->p_lcb->id; 3005 p_buf = l2cu_build_header(p_lcb, L2CAP_DISC_REQ_LEN, L2CAP_CMD_DISC_REQ, 3006 p_lcb->id); 3007 if (p_buf == NULL) { 3008 L2CAP_TRACE_WARNING( 3009 "l2cu_send_peer_ble_credit_based_disconn_req - no buffer"); 3010 return; 3011 } 3012 3013 p = (uint8_t*)(p_buf + 1) + L2CAP_SEND_CMD_OFFSET + HCI_DATA_PREAMBLE_SIZE + 3014 L2CAP_PKT_OVERHEAD + L2CAP_CMD_OVERHEAD; 3015 3016 UINT16_TO_STREAM(p, p_ccb->remote_cid); 3017 UINT16_TO_STREAM(p, p_ccb->local_cid); 3018 3019 l2c_link_check_send_pkts(p_lcb, NULL, p_buf); 3020 } 3021 3022 /******************************************************************************* 3023 * Functions used by both Full and Light Stack 3024 ******************************************************************************/ 3025 3026 /******************************************************************************* 3027 * 3028 * Function l2cu_find_lcb_by_handle 3029 * 3030 * Description Look through all active LCBs for a match based on the 3031 * HCI handle. 3032 * 3033 * Returns pointer to matched LCB, or NULL if no match 3034 * 3035 ******************************************************************************/ 3036 tL2C_LCB* l2cu_find_lcb_by_handle(uint16_t handle) { 3037 int xx; 3038 tL2C_LCB* p_lcb = &l2cb.lcb_pool[0]; 3039 3040 for (xx = 0; xx < MAX_L2CAP_LINKS; xx++, p_lcb++) { 3041 if ((p_lcb->in_use) && (p_lcb->handle == handle)) { 3042 return (p_lcb); 3043 } 3044 } 3045 3046 /* If here, no match found */ 3047 return (NULL); 3048 } 3049 3050 /******************************************************************************* 3051 * 3052 * Function l2cu_find_ccb_by_cid 3053 * 3054 * Description Look through all active CCBs on a link for a match based 3055 * on the local CID. If passed the link pointer is NULL, all 3056 * active links are searched. 3057 * 3058 * Returns pointer to matched CCB, or NULL if no match 3059 * 3060 ******************************************************************************/ 3061 tL2C_CCB* l2cu_find_ccb_by_cid(tL2C_LCB* p_lcb, uint16_t local_cid) { 3062 tL2C_CCB* p_ccb = NULL; 3063 #if (L2CAP_UCD_INCLUDED == TRUE) 3064 uint8_t xx; 3065 #endif 3066 3067 if (local_cid >= L2CAP_BASE_APPL_CID) { 3068 /* find the associated CCB by "index" */ 3069 local_cid -= L2CAP_BASE_APPL_CID; 3070 3071 if (local_cid >= MAX_L2CAP_CHANNELS) return NULL; 3072 3073 p_ccb = l2cb.ccb_pool + local_cid; 3074 3075 /* make sure the CCB is in use */ 3076 if (!p_ccb->in_use) { 3077 p_ccb = NULL; 3078 } 3079 /* make sure it's for the same LCB */ 3080 else if (p_lcb && p_lcb != p_ccb->p_lcb) { 3081 p_ccb = NULL; 3082 } 3083 } 3084 #if (L2CAP_UCD_INCLUDED == TRUE) 3085 else { 3086 /* searching fixed channel */ 3087 p_ccb = l2cb.ccb_pool; 3088 for (xx = 0; xx < MAX_L2CAP_CHANNELS; xx++) { 3089 if ((p_ccb->local_cid == local_cid) && (p_ccb->in_use) && 3090 (p_lcb == p_ccb->p_lcb)) 3091 break; 3092 else 3093 p_ccb++; 3094 } 3095 if (xx >= MAX_L2CAP_CHANNELS) return NULL; 3096 } 3097 #endif 3098 3099 return (p_ccb); 3100 } 3101 3102 #if (L2CAP_ROUND_ROBIN_CHANNEL_SERVICE == TRUE) 3103 3104 /****************************************************************************** 3105 * 3106 * Function l2cu_get_next_channel_in_rr 3107 * 3108 * Description get the next channel to send on a link. It also adjusts the 3109 * CCB queue to do a basic priority and round-robin scheduling. 3110 * 3111 * Returns pointer to CCB or NULL 3112 * 3113 ******************************************************************************/ 3114 static tL2C_CCB* l2cu_get_next_channel_in_rr(tL2C_LCB* p_lcb) { 3115 tL2C_CCB* p_serve_ccb = NULL; 3116 tL2C_CCB* p_ccb; 3117 3118 int i, j; 3119 3120 /* scan all of priority until finding a channel to serve */ 3121 for (i = 0; (i < L2CAP_NUM_CHNL_PRIORITY) && (!p_serve_ccb); i++) { 3122 /* scan all channel within serving priority group until finding a channel to 3123 * serve */ 3124 for (j = 0; (j < p_lcb->rr_serv[p_lcb->rr_pri].num_ccb) && (!p_serve_ccb); 3125 j++) { 3126 /* scaning from next serving channel */ 3127 p_ccb = p_lcb->rr_serv[p_lcb->rr_pri].p_serve_ccb; 3128 3129 if (!p_ccb) { 3130 L2CAP_TRACE_ERROR("p_serve_ccb is NULL, rr_pri=%d", p_lcb->rr_pri); 3131 return NULL; 3132 } 3133 3134 L2CAP_TRACE_DEBUG("RR scan pri=%d, lcid=0x%04x, q_cout=%d", 3135 p_ccb->ccb_priority, p_ccb->local_cid, 3136 fixed_queue_length(p_ccb->xmit_hold_q)); 3137 3138 /* store the next serving channel */ 3139 /* this channel is the last channel of its priority group */ 3140 if ((p_ccb->p_next_ccb == NULL) || 3141 (p_ccb->p_next_ccb->ccb_priority != p_ccb->ccb_priority)) { 3142 /* next serving channel is set to the first channel in the group */ 3143 p_lcb->rr_serv[p_lcb->rr_pri].p_serve_ccb = 3144 p_lcb->rr_serv[p_lcb->rr_pri].p_first_ccb; 3145 } else { 3146 /* next serving channel is set to the next channel in the group */ 3147 p_lcb->rr_serv[p_lcb->rr_pri].p_serve_ccb = p_ccb->p_next_ccb; 3148 } 3149 3150 if (p_ccb->chnl_state != CST_OPEN) continue; 3151 3152 if (p_ccb->p_lcb->transport == BT_TRANSPORT_LE) { 3153 L2CAP_TRACE_DEBUG("%s : Connection oriented channel", __func__); 3154 if (fixed_queue_is_empty(p_ccb->xmit_hold_q)) continue; 3155 3156 } else { 3157 /* eL2CAP option in use */ 3158 if (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_BASIC_MODE) { 3159 if (p_ccb->fcrb.wait_ack || p_ccb->fcrb.remote_busy) continue; 3160 3161 if (fixed_queue_is_empty(p_ccb->fcrb.retrans_q)) { 3162 if (fixed_queue_is_empty(p_ccb->xmit_hold_q)) continue; 3163 3164 /* If in eRTM mode, check for window closure */ 3165 if ((p_ccb->peer_cfg.fcr.mode == L2CAP_FCR_ERTM_MODE) && 3166 (l2c_fcr_is_flow_controlled(p_ccb))) 3167 continue; 3168 } 3169 } else { 3170 if (fixed_queue_is_empty(p_ccb->xmit_hold_q)) continue; 3171 } 3172 } 3173 3174 /* found a channel to serve */ 3175 p_serve_ccb = p_ccb; 3176 /* decrease quota of its priority group */ 3177 p_lcb->rr_serv[p_lcb->rr_pri].quota--; 3178 } 3179 3180 /* if there is no more quota of the priority group or no channel to have 3181 * data to send */ 3182 if ((p_lcb->rr_serv[p_lcb->rr_pri].quota == 0) || (!p_serve_ccb)) { 3183 /* serve next priority group */ 3184 p_lcb->rr_pri = (p_lcb->rr_pri + 1) % L2CAP_NUM_CHNL_PRIORITY; 3185 /* initialize its quota */ 3186 p_lcb->rr_serv[p_lcb->rr_pri].quota = 3187 L2CAP_GET_PRIORITY_QUOTA(p_lcb->rr_pri); 3188 } 3189 } 3190 3191 if (p_serve_ccb) { 3192 L2CAP_TRACE_DEBUG("RR service pri=%d, quota=%d, lcid=0x%04x", 3193 p_serve_ccb->ccb_priority, 3194 p_lcb->rr_serv[p_serve_ccb->ccb_priority].quota, 3195 p_serve_ccb->local_cid); 3196 } 3197 3198 return p_serve_ccb; 3199 } 3200 3201 #else /* (L2CAP_ROUND_ROBIN_CHANNEL_SERVICE == TRUE) */ 3202 3203 /****************************************************************************** 3204 * 3205 * Function l2cu_get_next_channel 3206 * 3207 * Description get the next channel to send on a link bassed on priority 3208 * scheduling. 3209 * 3210 * Returns pointer to CCB or NULL 3211 * 3212 ******************************************************************************/ 3213 static tL2C_CCB* l2cu_get_next_channel(tL2C_LCB* p_lcb) { 3214 tL2C_CCB* p_ccb; 3215 3216 /* Get the first CCB with data to send. 3217 */ 3218 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb) { 3219 if (p_ccb->chnl_state != CST_OPEN) continue; 3220 3221 if (p_ccb->fcrb.wait_ack || p_ccb->fcrb.remote_busy) continue; 3222 3223 if (!fixed_queue_is_empty(p_ccb->fcrb.retrans_q)) return p_ccb; 3224 3225 if (fixed_queue_is_empty(p_ccb->xmit_hold_q)) continue; 3226 3227 /* If in eRTM mode, check for window closure */ 3228 if ((p_ccb->peer_cfg.fcr.mode == L2CAP_FCR_ERTM_MODE) && 3229 (l2c_fcr_is_flow_controlled(p_ccb))) 3230 continue; 3231 3232 /* If here, we found someone */ 3233 return p_ccb; 3234 } 3235 3236 return NULL; 3237 } 3238 #endif /* (L2CAP_ROUND_ROBIN_CHANNEL_SERVICE == TRUE) */ 3239 3240 void l2cu_tx_complete(tL2C_TX_COMPLETE_CB_INFO* p_cbi) { 3241 if (p_cbi->cb != NULL) p_cbi->cb(p_cbi->local_cid, p_cbi->num_sdu); 3242 } 3243 3244 /****************************************************************************** 3245 * 3246 * Function l2cu_get_next_buffer_to_send 3247 * 3248 * Description get the next buffer to send on a link. It also adjusts the 3249 * CCB queue to do a basic priority and round-robin scheduling. 3250 * 3251 * Returns pointer to buffer or NULL 3252 * 3253 ******************************************************************************/ 3254 BT_HDR* l2cu_get_next_buffer_to_send(tL2C_LCB* p_lcb, 3255 tL2C_TX_COMPLETE_CB_INFO* p_cbi) { 3256 tL2C_CCB* p_ccb; 3257 BT_HDR* p_buf; 3258 3259 /* Highest priority are fixed channels */ 3260 #if (L2CAP_NUM_FIXED_CHNLS > 0) 3261 int xx; 3262 3263 p_cbi->cb = NULL; 3264 3265 for (xx = 0; xx < L2CAP_NUM_FIXED_CHNLS; xx++) { 3266 p_ccb = p_lcb->p_fixed_ccbs[xx]; 3267 if (p_ccb == NULL) continue; 3268 3269 /* eL2CAP option in use */ 3270 if (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_BASIC_MODE) { 3271 if (p_ccb->fcrb.wait_ack || p_ccb->fcrb.remote_busy) continue; 3272 3273 /* No more checks needed if sending from the reatransmit queue */ 3274 if (fixed_queue_is_empty(p_ccb->fcrb.retrans_q)) { 3275 if (fixed_queue_is_empty(p_ccb->xmit_hold_q)) continue; 3276 3277 /* If in eRTM mode, check for window closure */ 3278 if ((p_ccb->peer_cfg.fcr.mode == L2CAP_FCR_ERTM_MODE) && 3279 (l2c_fcr_is_flow_controlled(p_ccb))) 3280 continue; 3281 } 3282 3283 p_buf = l2c_fcr_get_next_xmit_sdu_seg(p_ccb, 0); 3284 if (p_buf != NULL) { 3285 l2cu_check_channel_congestion(p_ccb); 3286 l2cu_set_acl_hci_header(p_buf, p_ccb); 3287 return (p_buf); 3288 } 3289 } else { 3290 if (!fixed_queue_is_empty(p_ccb->xmit_hold_q)) { 3291 p_buf = (BT_HDR*)fixed_queue_try_dequeue(p_ccb->xmit_hold_q); 3292 if (NULL == p_buf) { 3293 L2CAP_TRACE_ERROR("%s: No data to be sent", __func__); 3294 return (NULL); 3295 } 3296 3297 /* Prepare callback info for TX completion */ 3298 p_cbi->cb = l2cb.fixed_reg[xx].pL2CA_FixedTxComplete_Cb; 3299 p_cbi->local_cid = p_ccb->local_cid; 3300 p_cbi->num_sdu = 1; 3301 3302 l2cu_check_channel_congestion(p_ccb); 3303 l2cu_set_acl_hci_header(p_buf, p_ccb); 3304 return (p_buf); 3305 } 3306 } 3307 } 3308 #endif 3309 3310 #if (L2CAP_ROUND_ROBIN_CHANNEL_SERVICE == TRUE) 3311 /* get next serving channel in round-robin */ 3312 p_ccb = l2cu_get_next_channel_in_rr(p_lcb); 3313 #else 3314 p_ccb = l2cu_get_next_channel(p_lcb); 3315 #endif 3316 3317 /* Return if no buffer */ 3318 if (p_ccb == NULL) return (NULL); 3319 3320 if (p_ccb->p_lcb->transport == BT_TRANSPORT_LE) { 3321 /* Check credits */ 3322 if (p_ccb->peer_conn_cfg.credits == 0) { 3323 L2CAP_TRACE_DEBUG("%s No credits to send packets", __func__); 3324 return NULL; 3325 } 3326 p_buf = l2c_lcc_get_next_xmit_sdu_seg(p_ccb, 0); 3327 if (p_buf == NULL) return (NULL); 3328 3329 p_ccb->peer_conn_cfg.credits--; 3330 } else { 3331 if (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_BASIC_MODE) { 3332 p_buf = l2c_fcr_get_next_xmit_sdu_seg(p_ccb, 0); 3333 if (p_buf == NULL) return (NULL); 3334 } else { 3335 p_buf = (BT_HDR*)fixed_queue_try_dequeue(p_ccb->xmit_hold_q); 3336 if (NULL == p_buf) { 3337 L2CAP_TRACE_ERROR("l2cu_get_buffer_to_send() #2: No data to be sent"); 3338 return (NULL); 3339 } 3340 } 3341 } 3342 3343 if (p_ccb->p_rcb && p_ccb->p_rcb->api.pL2CA_TxComplete_Cb && 3344 (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_ERTM_MODE)) 3345 (*p_ccb->p_rcb->api.pL2CA_TxComplete_Cb)(p_ccb->local_cid, 1); 3346 3347 l2cu_check_channel_congestion(p_ccb); 3348 3349 l2cu_set_acl_hci_header(p_buf, p_ccb); 3350 3351 return (p_buf); 3352 } 3353 3354 /****************************************************************************** 3355 * 3356 * Function l2cu_set_acl_hci_header 3357 * 3358 * Description Set HCI handle for ACL packet 3359 * 3360 * Returns None 3361 * 3362 ******************************************************************************/ 3363 void l2cu_set_acl_hci_header(BT_HDR* p_buf, tL2C_CCB* p_ccb) { 3364 uint8_t* p; 3365 3366 /* Set the pointer to the beginning of the data minus 4 bytes for the packet 3367 * header */ 3368 p = (uint8_t*)(p_buf + 1) + p_buf->offset - HCI_DATA_PREAMBLE_SIZE; 3369 3370 if (p_ccb->p_lcb->transport == BT_TRANSPORT_LE) { 3371 UINT16_TO_STREAM(p, p_ccb->p_lcb->handle | (L2CAP_PKT_START_NON_FLUSHABLE 3372 << L2CAP_PKT_TYPE_SHIFT)); 3373 3374 uint16_t acl_data_size = 3375 controller_get_interface()->get_acl_data_size_ble(); 3376 /* The HCI transport will segment the buffers. */ 3377 if (p_buf->len > acl_data_size) { 3378 UINT16_TO_STREAM(p, acl_data_size); 3379 } else { 3380 UINT16_TO_STREAM(p, p_buf->len); 3381 } 3382 } else { 3383 #if (L2CAP_NON_FLUSHABLE_PB_INCLUDED == TRUE) 3384 if ((((p_buf->layer_specific & L2CAP_FLUSHABLE_MASK) == 3385 L2CAP_FLUSHABLE_CH_BASED) && 3386 (p_ccb->is_flushable)) || 3387 ((p_buf->layer_specific & L2CAP_FLUSHABLE_MASK) == 3388 L2CAP_FLUSHABLE_PKT)) { 3389 UINT16_TO_STREAM( 3390 p, p_ccb->p_lcb->handle | (L2CAP_PKT_START << L2CAP_PKT_TYPE_SHIFT)); 3391 } else { 3392 UINT16_TO_STREAM(p, p_ccb->p_lcb->handle | l2cb.non_flushable_pbf); 3393 } 3394 #else 3395 UINT16_TO_STREAM( 3396 p, p_ccb->p_lcb->handle | (L2CAP_PKT_START << L2CAP_PKT_TYPE_SHIFT)); 3397 #endif 3398 3399 uint16_t acl_data_size = 3400 controller_get_interface()->get_acl_data_size_classic(); 3401 /* The HCI transport will segment the buffers. */ 3402 if (p_buf->len > acl_data_size) { 3403 UINT16_TO_STREAM(p, acl_data_size); 3404 } else { 3405 UINT16_TO_STREAM(p, p_buf->len); 3406 } 3407 } 3408 p_buf->offset -= HCI_DATA_PREAMBLE_SIZE; 3409 p_buf->len += HCI_DATA_PREAMBLE_SIZE; 3410 } 3411 3412 /****************************************************************************** 3413 * 3414 * Function l2cu_check_channel_congestion 3415 * 3416 * Description check if any change in congestion status 3417 * 3418 * Returns None 3419 * 3420 ******************************************************************************/ 3421 void l2cu_check_channel_congestion(tL2C_CCB* p_ccb) { 3422 size_t q_count = fixed_queue_length(p_ccb->xmit_hold_q); 3423 3424 #if (L2CAP_UCD_INCLUDED == TRUE) 3425 if (p_ccb->local_cid == L2CAP_CONNECTIONLESS_CID) { 3426 q_count += fixed_queue_length(p_ccb->p_lcb->ucd_out_sec_pending_q); 3427 } 3428 #endif 3429 /* If the CCB queue limit is subject to a quota, check for congestion */ 3430 /* if this channel has outgoing traffic */ 3431 if (p_ccb->buff_quota != 0) { 3432 /* If this channel was congested */ 3433 if (p_ccb->cong_sent) { 3434 /* If the channel is not congested now, tell the app */ 3435 if (q_count <= (p_ccb->buff_quota / 2)) { 3436 p_ccb->cong_sent = false; 3437 if (p_ccb->p_rcb && p_ccb->p_rcb->api.pL2CA_CongestionStatus_Cb) { 3438 L2CAP_TRACE_DEBUG( 3439 "L2CAP - Calling CongestionStatus_Cb (false), CID: 0x%04x " 3440 "xmit_hold_q.count: %u buff_quota: %u", 3441 p_ccb->local_cid, q_count, p_ccb->buff_quota); 3442 3443 /* Prevent recursive calling */ 3444 l2cb.is_cong_cback_context = true; 3445 (*p_ccb->p_rcb->api.pL2CA_CongestionStatus_Cb)(p_ccb->local_cid, 3446 false); 3447 l2cb.is_cong_cback_context = false; 3448 } 3449 #if (L2CAP_UCD_INCLUDED == TRUE) 3450 else if (p_ccb->p_rcb && p_ccb->local_cid == L2CAP_CONNECTIONLESS_CID) { 3451 if (p_ccb->p_rcb->ucd.cb_info.pL2CA_UCD_Congestion_Status_Cb) { 3452 L2CAP_TRACE_DEBUG( 3453 "L2CAP - Calling UCD CongestionStatus_Cb (false), " 3454 "SecPendingQ:%u,XmitQ:%u,Quota:%u", 3455 fixed_queue_length(p_ccb->p_lcb->ucd_out_sec_pending_q), 3456 fixed_queue_length(p_ccb->xmit_hold_q), p_ccb->buff_quota); 3457 p_ccb->p_rcb->ucd.cb_info.pL2CA_UCD_Congestion_Status_Cb( 3458 p_ccb->p_lcb->remote_bd_addr, false); 3459 } 3460 } 3461 #endif 3462 #if (L2CAP_NUM_FIXED_CHNLS > 0) 3463 else { 3464 uint8_t xx; 3465 for (xx = 0; xx < L2CAP_NUM_FIXED_CHNLS; xx++) { 3466 if (p_ccb->p_lcb->p_fixed_ccbs[xx] == p_ccb) { 3467 if (l2cb.fixed_reg[xx].pL2CA_FixedCong_Cb != NULL) 3468 (*l2cb.fixed_reg[xx].pL2CA_FixedCong_Cb)( 3469 p_ccb->p_lcb->remote_bd_addr, false); 3470 break; 3471 } 3472 } 3473 } 3474 #endif 3475 } 3476 } else { 3477 /* If this channel was not congested but it is congested now, tell the app 3478 */ 3479 if (q_count > p_ccb->buff_quota) { 3480 p_ccb->cong_sent = true; 3481 if (p_ccb->p_rcb && p_ccb->p_rcb->api.pL2CA_CongestionStatus_Cb) { 3482 L2CAP_TRACE_DEBUG( 3483 "L2CAP - Calling CongestionStatus_Cb " 3484 "(true),CID:0x%04x,XmitQ:%u,Quota:%u", 3485 p_ccb->local_cid, q_count, p_ccb->buff_quota); 3486 3487 (*p_ccb->p_rcb->api.pL2CA_CongestionStatus_Cb)(p_ccb->local_cid, 3488 true); 3489 } 3490 #if (L2CAP_UCD_INCLUDED == TRUE) 3491 else if (p_ccb->p_rcb && p_ccb->local_cid == L2CAP_CONNECTIONLESS_CID) { 3492 if (p_ccb->p_rcb->ucd.cb_info.pL2CA_UCD_Congestion_Status_Cb) { 3493 L2CAP_TRACE_DEBUG( 3494 "L2CAP - Calling UCD CongestionStatus_Cb (true), " 3495 "SecPendingQ:%u,XmitQ:%u,Quota:%u", 3496 fixed_queue_length(p_ccb->p_lcb->ucd_out_sec_pending_q), 3497 fixed_queue_length(p_ccb->xmit_hold_q), p_ccb->buff_quota); 3498 p_ccb->p_rcb->ucd.cb_info.pL2CA_UCD_Congestion_Status_Cb( 3499 p_ccb->p_lcb->remote_bd_addr, true); 3500 } 3501 } 3502 #endif 3503 #if (L2CAP_NUM_FIXED_CHNLS > 0) 3504 else { 3505 uint8_t xx; 3506 for (xx = 0; xx < L2CAP_NUM_FIXED_CHNLS; xx++) { 3507 if (p_ccb->p_lcb->p_fixed_ccbs[xx] == p_ccb) { 3508 if (l2cb.fixed_reg[xx].pL2CA_FixedCong_Cb != NULL) 3509 (*l2cb.fixed_reg[xx].pL2CA_FixedCong_Cb)( 3510 p_ccb->p_lcb->remote_bd_addr, true); 3511 break; 3512 } 3513 } 3514 } 3515 #endif 3516 } 3517 } 3518 } 3519 } 3520 3521 /******************************************************************************* 3522 * 3523 * Function l2cu_is_ccb_active 3524 * 3525 * Description Check if Channel Control Block is in use or released 3526 * 3527 * Returns bool - true if Channel Control Block is in use 3528 * false if p_ccb is null or is released. 3529 * 3530 ******************************************************************************/ 3531 bool l2cu_is_ccb_active(tL2C_CCB* p_ccb) { return (p_ccb && p_ccb->in_use); } 3532
