1 /****************************************************************************** 2 * 3 * Copyright 1999-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19 /***************************************************************************** 20 * 21 * This file contains collection of utility functions used the RFCOMM unit 22 * 23 *****************************************************************************/ 24 25 #include "bt_common.h" 26 #include "bt_target.h" 27 28 #include "bt_utils.h" 29 #include "btm_api.h" 30 #include "btm_int.h" 31 #include "btu.h" 32 #include "osi/include/osi.h" 33 #include "port_api.h" 34 #include "port_ext.h" 35 #include "port_int.h" 36 #include "rfc_int.h" 37 #include "rfcdefs.h" 38 39 #include <string.h> 40 41 /******************************************************************************* 42 * 43 * Function rfc_calc_fcs 44 * 45 * Description Reversed CRC Table , 8-bit, poly=0x07 46 * (GSM 07.10 TS 101 369 V6.3.0) 47 ******************************************************************************/ 48 static const uint8_t rfc_crctable[] = { 49 0x00, 0x91, 0xE3, 0x72, 0x07, 0x96, 0xE4, 0x75, 0x0E, 0x9F, 0xED, 50 0x7C, 0x09, 0x98, 0xEA, 0x7B, 0x1C, 0x8D, 0xFF, 0x6E, 0x1B, 0x8A, 51 0xF8, 0x69, 0x12, 0x83, 0xF1, 0x60, 0x15, 0x84, 0xF6, 0x67, 0x38, 52 0xA9, 0xDB, 0x4A, 0x3F, 0xAE, 0xDC, 0x4D, 0x36, 0xA7, 0xD5, 0x44, 53 0x31, 0xA0, 0xD2, 0x43, 0x24, 0xB5, 0xC7, 0x56, 0x23, 0xB2, 0xC0, 54 0x51, 0x2A, 0xBB, 0xC9, 0x58, 0x2D, 0xBC, 0xCE, 0x5F, 55 56 0x70, 0xE1, 0x93, 0x02, 0x77, 0xE6, 0x94, 0x05, 0x7E, 0xEF, 0x9D, 57 0x0C, 0x79, 0xE8, 0x9A, 0x0B, 0x6C, 0xFD, 0x8F, 0x1E, 0x6B, 0xFA, 58 0x88, 0x19, 0x62, 0xF3, 0x81, 0x10, 0x65, 0xF4, 0x86, 0x17, 0x48, 59 0xD9, 0xAB, 0x3A, 0x4F, 0xDE, 0xAC, 0x3D, 0x46, 0xD7, 0xA5, 0x34, 60 0x41, 0xD0, 0xA2, 0x33, 0x54, 0xC5, 0xB7, 0x26, 0x53, 0xC2, 0xB0, 61 0x21, 0x5A, 0xCB, 0xB9, 0x28, 0x5D, 0xCC, 0xBE, 0x2F, 62 63 0xE0, 0x71, 0x03, 0x92, 0xE7, 0x76, 0x04, 0x95, 0xEE, 0x7F, 0x0D, 64 0x9C, 0xE9, 0x78, 0x0A, 0x9B, 0xFC, 0x6D, 0x1F, 0x8E, 0xFB, 0x6A, 65 0x18, 0x89, 0xF2, 0x63, 0x11, 0x80, 0xF5, 0x64, 0x16, 0x87, 0xD8, 66 0x49, 0x3B, 0xAA, 0xDF, 0x4E, 0x3C, 0xAD, 0xD6, 0x47, 0x35, 0xA4, 67 0xD1, 0x40, 0x32, 0xA3, 0xC4, 0x55, 0x27, 0xB6, 0xC3, 0x52, 0x20, 68 0xB1, 0xCA, 0x5B, 0x29, 0xB8, 0xCD, 0x5C, 0x2E, 0xBF, 69 70 0x90, 0x01, 0x73, 0xE2, 0x97, 0x06, 0x74, 0xE5, 0x9E, 0x0F, 0x7D, 71 0xEC, 0x99, 0x08, 0x7A, 0xEB, 0x8C, 0x1D, 0x6F, 0xFE, 0x8B, 0x1A, 72 0x68, 0xF9, 0x82, 0x13, 0x61, 0xF0, 0x85, 0x14, 0x66, 0xF7, 0xA8, 73 0x39, 0x4B, 0xDA, 0xAF, 0x3E, 0x4C, 0xDD, 0xA6, 0x37, 0x45, 0xD4, 74 0xA1, 0x30, 0x42, 0xD3, 0xB4, 0x25, 0x57, 0xC6, 0xB3, 0x22, 0x50, 75 0xC1, 0xBA, 0x2B, 0x59, 0xC8, 0xBD, 0x2C, 0x5E, 0xCF}; 76 77 /******************************************************************************* 78 * 79 * Function rfc_calc_fcs 80 * 81 * Description This function calculate FCS for the RFCOMM frame 82 * (GSM 07.10 TS 101 369 V6.3.0) 83 * 84 * Input len - number of bytes in the message 85 * p - points to message 86 * 87 ******************************************************************************/ 88 uint8_t rfc_calc_fcs(uint16_t len, uint8_t* p) { 89 uint8_t fcs = 0xFF; 90 91 while (len--) { 92 fcs = rfc_crctable[fcs ^ *p++]; 93 } 94 95 /* Ones compliment */ 96 return (0xFF - fcs); 97 } 98 99 /******************************************************************************* 100 * 101 * Function rfc_check_fcs 102 * 103 * Description This function checks FCS for the RFCOMM frame 104 * (GSM 07.10 TS 101 369 V6.3.0) 105 * 106 * Input len - number of bytes in the message 107 * p - points to message 108 * received_fcs - received FCS 109 * 110 ******************************************************************************/ 111 bool rfc_check_fcs(uint16_t len, uint8_t* p, uint8_t received_fcs) { 112 uint8_t fcs = 0xFF; 113 114 while (len--) { 115 fcs = rfc_crctable[fcs ^ *p++]; 116 } 117 118 /* Ones compliment */ 119 fcs = rfc_crctable[fcs ^ received_fcs]; 120 121 /*0xCF is the reversed order of 11110011.*/ 122 return (fcs == 0xCF); 123 } 124 125 /******************************************************************************* 126 * 127 * Function rfc_alloc_multiplexer_channel 128 * 129 * Description This function returns existing or new control block for 130 * the address. 131 * 132 ******************************************************************************/ 133 tRFC_MCB* rfc_alloc_multiplexer_channel(const RawAddress& bd_addr, 134 bool is_initiator) { 135 int i, j; 136 tRFC_MCB* p_mcb = NULL; 137 VLOG(1) << __func__ << ": bd_addr:" << bd_addr; 138 RFCOMM_TRACE_DEBUG("rfc_alloc_multiplexer_channel:is_initiator:%d", 139 is_initiator); 140 141 for (i = 0; i < MAX_BD_CONNECTIONS; i++) { 142 RFCOMM_TRACE_DEBUG( 143 "rfc_alloc_multiplexer_channel rfc_cb.port.rfc_mcb[%d].state:%d", i, 144 rfc_cb.port.rfc_mcb[i].state); 145 VLOG(1) << "(rfc_cb.port.rfc_mcb[i].bd_addr:" 146 << rfc_cb.port.rfc_mcb[i].bd_addr; 147 148 if ((rfc_cb.port.rfc_mcb[i].state != RFC_MX_STATE_IDLE) && 149 rfc_cb.port.rfc_mcb[i].bd_addr == bd_addr) { 150 /* Multiplexer channel found do not change anything */ 151 /* If there was an inactivity timer running stop it now */ 152 if (rfc_cb.port.rfc_mcb[i].state == RFC_MX_STATE_CONNECTED) 153 rfc_timer_stop(&rfc_cb.port.rfc_mcb[i]); 154 RFCOMM_TRACE_DEBUG( 155 "rfc_alloc_multiplexer_channel:is_initiator:%d, found, state:%d, " 156 "p_mcb:%p", 157 is_initiator, rfc_cb.port.rfc_mcb[i].state, &rfc_cb.port.rfc_mcb[i]); 158 return (&rfc_cb.port.rfc_mcb[i]); 159 } 160 } 161 162 /* connection with bd_addr does not exist */ 163 for (i = 0, j = rfc_cb.rfc.last_mux + 1; i < MAX_BD_CONNECTIONS; i++, j++) { 164 if (j >= MAX_BD_CONNECTIONS) j = 0; 165 166 p_mcb = &rfc_cb.port.rfc_mcb[j]; 167 if (rfc_cb.port.rfc_mcb[j].state == RFC_MX_STATE_IDLE) { 168 /* New multiplexer control block */ 169 alarm_free(p_mcb->mcb_timer); 170 fixed_queue_free(p_mcb->cmd_q, NULL); 171 memset(p_mcb, 0, sizeof(tRFC_MCB)); 172 p_mcb->bd_addr = bd_addr; 173 RFCOMM_TRACE_DEBUG( 174 "rfc_alloc_multiplexer_channel:is_initiator:%d, create new p_mcb:%p, " 175 "index:%d", 176 is_initiator, &rfc_cb.port.rfc_mcb[j], j); 177 178 p_mcb->mcb_timer = alarm_new("rfcomm_mcb.mcb_timer"); 179 p_mcb->cmd_q = fixed_queue_new(SIZE_MAX); 180 181 p_mcb->is_initiator = is_initiator; 182 183 rfc_timer_start(p_mcb, RFC_MCB_INIT_INACT_TIMER); 184 185 rfc_cb.rfc.last_mux = (uint8_t)j; 186 return (p_mcb); 187 } 188 } 189 return (NULL); 190 } 191 192 /******************************************************************************* 193 * 194 * Function rfc_release_multiplexer_channel 195 * 196 * Description Release a multiplexer control block 197 * 198 ******************************************************************************/ 199 void rfc_release_multiplexer_channel(tRFC_MCB* p_mcb) { 200 /* Remove the MCB from the mapping table */ 201 rfc_save_lcid_mcb(NULL, p_mcb->lcid); 202 203 /* Remove the MCB from the ports */ 204 for (int i = 0; i < MAX_RFC_PORTS; i++) { 205 if (rfc_cb.port.port[i].rfc.p_mcb == p_mcb) 206 rfc_cb.port.port[i].rfc.p_mcb = NULL; 207 } 208 209 rfc_timer_stop(p_mcb); 210 alarm_free(p_mcb->mcb_timer); 211 212 fixed_queue_free(p_mcb->cmd_q, osi_free); 213 214 memset(p_mcb, 0, sizeof(tRFC_MCB)); 215 p_mcb->state = RFC_MX_STATE_IDLE; 216 } 217 218 /******************************************************************************* 219 * 220 * Function rfc_timer_start 221 * 222 * Description Start RFC Timer 223 * 224 ******************************************************************************/ 225 void rfc_timer_start(tRFC_MCB* p_mcb, uint16_t timeout) { 226 RFCOMM_TRACE_EVENT("%s - timeout:%d seconds", __func__, timeout); 227 228 period_ms_t interval_ms = timeout * 1000; 229 alarm_set_on_mloop(p_mcb->mcb_timer, interval_ms, rfcomm_mcb_timer_timeout, 230 p_mcb); 231 } 232 233 /******************************************************************************* 234 * 235 * Function rfc_timer_stop 236 * 237 * Description Stop RFC Timer 238 * 239 ******************************************************************************/ 240 void rfc_timer_stop(tRFC_MCB* p_mcb) { 241 RFCOMM_TRACE_EVENT("%s", __func__); 242 243 alarm_cancel(p_mcb->mcb_timer); 244 } 245 246 /******************************************************************************* 247 * 248 * Function rfc_port_timer_start 249 * 250 * Description Start RFC Timer 251 * 252 ******************************************************************************/ 253 void rfc_port_timer_start(tPORT* p_port, uint16_t timeout) { 254 RFCOMM_TRACE_EVENT("%s - timeout:%d seconds", __func__, timeout); 255 256 period_ms_t interval_ms = timeout * 1000; 257 alarm_set_on_mloop(p_port->rfc.port_timer, interval_ms, 258 rfcomm_port_timer_timeout, p_port); 259 } 260 261 /******************************************************************************* 262 * 263 * Function rfc_port_timer_stop 264 * 265 * Description Stop RFC Timer 266 * 267 ******************************************************************************/ 268 void rfc_port_timer_stop(tPORT* p_port) { 269 RFCOMM_TRACE_EVENT("%s", __func__); 270 271 alarm_cancel(p_port->rfc.port_timer); 272 } 273 274 /******************************************************************************* 275 * 276 * Function rfc_check_mcb_active 277 * 278 * Description Check if there are any opened ports on the MCB if not 279 * start MCB Inact timer. 280 * 281 * Returns void 282 * 283 ******************************************************************************/ 284 void rfc_check_mcb_active(tRFC_MCB* p_mcb) { 285 uint16_t i; 286 287 for (i = 0; i < RFCOMM_MAX_DLCI; i++) { 288 if (p_mcb->port_inx[i] != 0) { 289 p_mcb->is_disc_initiator = false; 290 return; 291 } 292 } 293 /* The last port was DISCed. On the client side start disconnecting Mx */ 294 /* On the server side start inactivity timer */ 295 if (p_mcb->is_disc_initiator) { 296 p_mcb->is_disc_initiator = false; 297 rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CLOSE_REQ, NULL); 298 } else 299 rfc_timer_start(p_mcb, RFC_MCB_RELEASE_INACT_TIMER); 300 } 301 302 void rfcomm_port_timer_timeout(void* data) { 303 tPORT* p_port = (tPORT*)data; 304 305 rfc_port_sm_execute(p_port, RFC_EVENT_TIMEOUT, NULL); 306 } 307 308 void rfcomm_mcb_timer_timeout(void* data) { 309 tRFC_MCB* p_mcb = (tRFC_MCB*)data; 310 311 rfc_mx_sm_execute(p_mcb, RFC_EVENT_TIMEOUT, NULL); 312 } 313 314 /******************************************************************************* 315 * 316 * Function rfc_sec_check_complete 317 * 318 * Description The function called when Security Manager finishes 319 * verification of the service side connection 320 * 321 * Returns void 322 * 323 ******************************************************************************/ 324 void rfc_sec_check_complete(UNUSED_ATTR const RawAddress* bd_addr, 325 UNUSED_ATTR tBT_TRANSPORT transport, 326 void* p_ref_data, uint8_t res) { 327 tPORT* p_port = (tPORT*)p_ref_data; 328 329 /* Verify that PORT is still waiting for Security to complete */ 330 if (!p_port->in_use || 331 ((p_port->rfc.state != RFC_STATE_ORIG_WAIT_SEC_CHECK) && 332 (p_port->rfc.state != RFC_STATE_TERM_WAIT_SEC_CHECK))) 333 return; 334 335 rfc_port_sm_execute((tPORT*)p_ref_data, RFC_EVENT_SEC_COMPLETE, &res); 336 } 337 338 /******************************************************************************* 339 * 340 * Function rfc_port_closed 341 * 342 * Description The function is called when port is released based on the 343 * event received from the lower layer, typically L2CAP 344 * connection down, DISC, or DM frame. 345 * 346 * Returns void 347 * 348 ******************************************************************************/ 349 void rfc_port_closed(tPORT* p_port) { 350 tRFC_MCB* p_mcb = p_port->rfc.p_mcb; 351 rfc_port_timer_stop(p_port); 352 p_port->rfc.state = RFC_STATE_CLOSED; 353 354 /* If multiplexer channel was up mark it as down */ 355 if (p_mcb) { 356 p_mcb->port_inx[p_port->dlci] = 0; 357 358 /* If there are no more ports opened on this MCB release it */ 359 rfc_check_mcb_active(p_mcb); 360 } 361 362 /* Notify port that RFC connection is gone */ 363 port_rfc_closed(p_port, PORT_CLOSED); 364 } 365 366 /******************************************************************************* 367 * 368 * Function rfc_inc_credit 369 * 370 * Description The function is called when a credit is received in a UIH 371 * frame. It increments the TX credit count, and if data 372 * flow had halted, it restarts it. 373 * 374 * Returns void 375 * 376 ******************************************************************************/ 377 void rfc_inc_credit(tPORT* p_port, uint8_t credit) { 378 if (p_port->rfc.p_mcb->flow == PORT_FC_CREDIT) { 379 p_port->credit_tx += credit; 380 381 RFCOMM_TRACE_EVENT("rfc_inc_credit:%d", p_port->credit_tx); 382 383 if (p_port->tx.peer_fc) PORT_FlowInd(p_port->rfc.p_mcb, p_port->dlci, true); 384 } 385 } 386 387 /******************************************************************************* 388 * 389 * Function rfc_dec_credit 390 * 391 * Description The function is called when a UIH frame of user data is 392 * sent. It decrements the credit count. If credit count 393 * Reaches zero, peer_fc is set. 394 * 395 * Returns void 396 * 397 ******************************************************************************/ 398 void rfc_dec_credit(tPORT* p_port) { 399 if (p_port->rfc.p_mcb->flow == PORT_FC_CREDIT) { 400 if (p_port->credit_tx > 0) p_port->credit_tx--; 401 402 if (p_port->credit_tx == 0) p_port->tx.peer_fc = true; 403 } 404 } 405 406 /******************************************************************************* 407 * 408 * Function rfc_check_send_cmd 409 * 410 * Description This function is called to send an RFCOMM command message 411 * or to handle the RFCOMM command message queue. 412 * 413 * Returns void 414 * 415 ******************************************************************************/ 416 void rfc_check_send_cmd(tRFC_MCB* p_mcb, BT_HDR* p_buf) { 417 /* if passed a buffer queue it */ 418 if (p_buf != NULL) { 419 if (p_mcb->cmd_q == NULL) { 420 RFCOMM_TRACE_ERROR( 421 "%s: empty queue: p_mcb = %p p_mcb->lcid = %u cached p_mcb = %p", 422 __func__, p_mcb, p_mcb->lcid, rfc_find_lcid_mcb(p_mcb->lcid)); 423 } 424 fixed_queue_enqueue(p_mcb->cmd_q, p_buf); 425 } 426 427 /* handle queue if L2CAP not congested */ 428 while (!p_mcb->l2cap_congested) { 429 BT_HDR* p = (BT_HDR*)fixed_queue_try_dequeue(p_mcb->cmd_q); 430 if (p == NULL) break; 431 L2CA_DataWrite(p_mcb->lcid, p); 432 } 433 } 434