l2c_main.c revision 0b47e0a35c16f5b7d77c30ec1c095ed92ff4fd74
1/****************************************************************************** 2 * 3 * Copyright (C) 1999-2012 Broadcom Corporation 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at: 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 * 17 ******************************************************************************/ 18 19/****************************************************************************** 20 * 21 * This file contains the main L2CAP entry points 22 * 23 ******************************************************************************/ 24 25#include <stdlib.h> 26#include <string.h> 27#include <stdio.h> 28 29#include "device/include/controller.h" 30#include "btcore/include/counter.h" 31#include "bt_target.h" 32#include "btm_int.h" 33#include "btu.h" 34#include "gki.h" 35#include "hcimsgs.h" 36#include "l2c_api.h" 37#include "l2c_int.h" 38#include "l2cdefs.h" 39#include "osi/include/log.h" 40 41/********************************************************************************/ 42/* L O C A L F U N C T I O N P R O T O T Y P E S */ 43/********************************************************************************/ 44static void process_l2cap_cmd (tL2C_LCB *p_lcb, UINT8 *p, UINT16 pkt_len); 45 46/********************************************************************************/ 47/* G L O B A L L 2 C A P D A T A */ 48/********************************************************************************/ 49#if L2C_DYNAMIC_MEMORY == FALSE 50tL2C_CB l2cb; 51#endif 52 53/******************************************************************************* 54** 55** Function l2c_bcst_msg 56** 57** Description 58** 59** Returns void 60** 61*******************************************************************************/ 62void l2c_bcst_msg( BT_HDR *p_buf, UINT16 psm ) 63{ 64 UINT8 *p; 65 66 /* Ensure we have enough space in the buffer for the L2CAP and HCI headers */ 67 if (p_buf->offset < L2CAP_BCST_MIN_OFFSET) 68 { 69 L2CAP_TRACE_ERROR ("L2CAP - cannot send buffer, offset: %d", p_buf->offset); 70 GKI_freebuf (p_buf); 71 return; 72 } 73 74 /* Step back some bytes to add the headers */ 75 p_buf->offset -= (HCI_DATA_PREAMBLE_SIZE + L2CAP_PKT_OVERHEAD + L2CAP_BCST_OVERHEAD); 76 p_buf->len += L2CAP_PKT_OVERHEAD + L2CAP_BCST_OVERHEAD; 77 78 /* Set the pointer to the beginning of the data */ 79 p = (UINT8 *)(p_buf + 1) + p_buf->offset; 80 81 /* First, the HCI transport header */ 82 UINT16_TO_STREAM (p, 0x0050 | (L2CAP_PKT_START << 12) | (2 << 14)); 83 84 uint16_t acl_data_size = controller_get_interface()->get_acl_data_size_classic(); 85 /* The HCI transport will segment the buffers. */ 86 if (p_buf->len > acl_data_size) 87 { 88 UINT16_TO_STREAM (p, acl_data_size); 89 } 90 else 91 { 92 UINT16_TO_STREAM (p, p_buf->len); 93 } 94 95 /* Now the L2CAP header */ 96 UINT16_TO_STREAM (p, p_buf->len - L2CAP_PKT_OVERHEAD); 97 UINT16_TO_STREAM (p, L2CAP_CONNECTIONLESS_CID); 98 UINT16_TO_STREAM (p, psm); 99 100 p_buf->len += HCI_DATA_PREAMBLE_SIZE; 101 102 if (p_buf->len <= controller_get_interface()->get_acl_packet_size_classic()) 103 { 104 counter_add("l2cap.ch2.tx.bytes", p_buf->len); 105 counter_add("l2cap.ch2.tx.pkts", 1); 106 107 bte_main_hci_send(p_buf, BT_EVT_TO_LM_HCI_ACL); 108 } 109} 110 111 112/******************************************************************************* 113** 114** Function l2c_rcv_acl_data 115** 116** Description This function is called from the HCI Interface when an ACL 117** data packet is received. 118** 119** Returns void 120** 121*******************************************************************************/ 122void l2c_rcv_acl_data (BT_HDR *p_msg) 123{ 124 UINT8 *p = (UINT8 *)(p_msg + 1) + p_msg->offset; 125 UINT16 handle, hci_len; 126 UINT8 pkt_type; 127 tL2C_LCB *p_lcb; 128 tL2C_CCB *p_ccb = NULL; 129 UINT16 l2cap_len, rcv_cid, psm; 130 131 /* Extract the handle */ 132 STREAM_TO_UINT16 (handle, p); 133 pkt_type = HCID_GET_EVENT (handle); 134 handle = HCID_GET_HANDLE (handle); 135 136 /* Since the HCI Transport is putting segmented packets back together, we */ 137 /* should never get a valid packet with the type set to "continuation" */ 138 if (pkt_type != L2CAP_PKT_CONTINUE) 139 { 140 /* Find the LCB based on the handle */ 141 if ((p_lcb = l2cu_find_lcb_by_handle (handle)) == NULL) 142 { 143 UINT8 cmd_code; 144 145 /* There is a slight possibility (specifically with USB) that we get an */ 146 /* L2CAP connection request before we get the HCI connection complete. */ 147 /* So for these types of messages, hold them for up to 2 seconds. */ 148 STREAM_TO_UINT16 (hci_len, p); 149 STREAM_TO_UINT16 (l2cap_len, p); 150 STREAM_TO_UINT16 (rcv_cid, p); 151 STREAM_TO_UINT8 (cmd_code, p); 152 153 if ((p_msg->layer_specific == 0) && (rcv_cid == L2CAP_SIGNALLING_CID) 154 && (cmd_code == L2CAP_CMD_INFO_REQ || cmd_code == L2CAP_CMD_CONN_REQ)) { 155 L2CAP_TRACE_WARNING ("L2CAP - holding ACL for unknown handle:%d ls:%d" 156 " cid:%d opcode:%d cur count:%d", handle, p_msg->layer_specific, 157 rcv_cid, cmd_code, list_length(l2cb.rcv_pending_q)); 158 p_msg->layer_specific = 2; 159 list_append(l2cb.rcv_pending_q, p_msg); 160 161 if (list_length(l2cb.rcv_pending_q) == 1) 162 btu_start_timer (&l2cb.rcv_hold_tle, BTU_TTYPE_L2CAP_HOLD, BT_1SEC_TIMEOUT); 163 164 return; 165 } else { 166 L2CAP_TRACE_ERROR ("L2CAP - rcvd ACL for unknown handle:%d ls:%d cid:%d" 167 " opcode:%d cur count:%d", handle, p_msg->layer_specific, rcv_cid, 168 cmd_code, list_length(l2cb.rcv_pending_q)); 169 } 170 GKI_freebuf (p_msg); 171 return; 172 } 173 } 174 else 175 { 176 L2CAP_TRACE_WARNING ("L2CAP - expected pkt start or complete, got: %d", pkt_type); 177 GKI_freebuf (p_msg); 178 return; 179 } 180 181 /* Extract the length and update the buffer header */ 182 STREAM_TO_UINT16 (hci_len, p); 183 p_msg->offset += 4; 184 185 /* Extract the length and CID */ 186 STREAM_TO_UINT16 (l2cap_len, p); 187 STREAM_TO_UINT16 (rcv_cid, p); 188 189 /* Find the CCB for this CID */ 190 if (rcv_cid >= L2CAP_BASE_APPL_CID) 191 { 192 if ((p_ccb = l2cu_find_ccb_by_cid (p_lcb, rcv_cid)) == NULL) 193 { 194 L2CAP_TRACE_WARNING ("L2CAP - unknown CID: 0x%04x", rcv_cid); 195 GKI_freebuf (p_msg); 196 return; 197 } 198 } 199 200 if (hci_len >= L2CAP_PKT_OVERHEAD) /* Must receive at least the L2CAP length and CID.*/ 201 { 202 p_msg->len = hci_len - L2CAP_PKT_OVERHEAD; 203 p_msg->offset += L2CAP_PKT_OVERHEAD; 204 } 205 else 206 { 207 L2CAP_TRACE_WARNING ("L2CAP - got incorrect hci header" ); 208 GKI_freebuf (p_msg); 209 return; 210 } 211 212 if (l2cap_len != p_msg->len) 213 { 214 L2CAP_TRACE_WARNING ("L2CAP - bad length in pkt. Exp: %d Act: %d", 215 l2cap_len, p_msg->len); 216 217 GKI_freebuf (p_msg); 218 return; 219 } 220 221 /* Send the data through the channel state machine */ 222 if (rcv_cid == L2CAP_SIGNALLING_CID) 223 { 224 counter_add("l2cap.sig.rx.bytes", l2cap_len); 225 counter_add("l2cap.sig.rx.pkts", 1); 226 process_l2cap_cmd (p_lcb, p, l2cap_len); 227 GKI_freebuf (p_msg); 228 } 229 else if (rcv_cid == L2CAP_CONNECTIONLESS_CID) 230 { 231 counter_add("l2cap.ch2.rx.bytes", l2cap_len); 232 counter_add("l2cap.ch2.rx.pkts", 1); 233 /* process_connectionless_data (p_lcb); */ 234 STREAM_TO_UINT16 (psm, p); 235 L2CAP_TRACE_DEBUG( "GOT CONNECTIONLESS DATA PSM:%d", psm ) ; 236 237#if (L2CAP_UCD_INCLUDED == TRUE) 238 /* if it is not broadcast, check UCD registration */ 239 if ( l2c_ucd_check_rx_pkts( p_lcb, p_msg ) ) 240 { 241 /* nothing to do */ 242 } 243 else 244#endif 245 GKI_freebuf (p_msg); 246 } 247#if (BLE_INCLUDED == TRUE) 248 else if (rcv_cid == L2CAP_BLE_SIGNALLING_CID) 249 { 250 counter_add("l2cap.ble.rx.bytes", l2cap_len); 251 counter_add("l2cap.ble.rx.pkts", 1); 252 l2cble_process_sig_cmd (p_lcb, p, l2cap_len); 253 GKI_freebuf (p_msg); 254 } 255#endif 256#if (L2CAP_NUM_FIXED_CHNLS > 0) 257 else if ((rcv_cid >= L2CAP_FIRST_FIXED_CHNL) && (rcv_cid <= L2CAP_LAST_FIXED_CHNL) && 258 (l2cb.fixed_reg[rcv_cid - L2CAP_FIRST_FIXED_CHNL].pL2CA_FixedData_Cb != NULL) ) 259 { 260 counter_add("l2cap.fix.rx.bytes", l2cap_len); 261 counter_add("l2cap.fix.rx.pkts", 1); 262 /* If no CCB for this channel, allocate one */ 263 if (p_lcb && 264 /* discard fixed channel data when link is disconnecting */ 265 (p_lcb->link_state != LST_DISCONNECTING) && 266 l2cu_initialize_fixed_ccb (p_lcb, rcv_cid, 267 &l2cb.fixed_reg[rcv_cid - L2CAP_FIRST_FIXED_CHNL].fixed_chnl_opts)) 268 { 269#if(defined BLE_INCLUDED && (BLE_INCLUDED == TRUE)) 270 l2cble_notify_le_connection(p_lcb->remote_bd_addr); 271#endif 272 p_ccb = p_lcb->p_fixed_ccbs[rcv_cid - L2CAP_FIRST_FIXED_CHNL]; 273 274 if (p_ccb->peer_cfg.fcr.mode != L2CAP_FCR_BASIC_MODE) 275 l2c_fcr_proc_pdu (p_ccb, p_msg); 276 else 277 (*l2cb.fixed_reg[rcv_cid - L2CAP_FIRST_FIXED_CHNL].pL2CA_FixedData_Cb)(p_lcb->remote_bd_addr, p_msg); 278 } 279 else 280 GKI_freebuf (p_msg); 281 } 282#endif 283 284 else 285 { 286 counter_add("l2cap.dyn.rx.bytes", l2cap_len); 287 counter_add("l2cap.dyn.rx.pkts", 1); 288 if (p_ccb == NULL) 289 GKI_freebuf (p_msg); 290 else 291 { 292 /* Basic mode packets go straight to the state machine */ 293 if (p_ccb->peer_cfg.fcr.mode == L2CAP_FCR_BASIC_MODE) 294 l2c_csm_execute (p_ccb, L2CEVT_L2CAP_DATA, p_msg); 295 else 296 { 297 /* eRTM or streaming mode, so we need to validate states first */ 298 if ((p_ccb->chnl_state == CST_OPEN) || (p_ccb->chnl_state == CST_CONFIG)) 299 l2c_fcr_proc_pdu (p_ccb, p_msg); 300 else 301 GKI_freebuf (p_msg); 302 } 303 } 304 } 305} 306 307/******************************************************************************* 308** 309** Function process_l2cap_cmd 310** 311** Description This function is called when a packet is received on the 312** L2CAP signalling CID 313** 314** Returns void 315** 316*******************************************************************************/ 317static void process_l2cap_cmd (tL2C_LCB *p_lcb, UINT8 *p, UINT16 pkt_len) 318{ 319 UINT8 *p_pkt_end, *p_next_cmd, *p_cfg_end, *p_cfg_start; 320 UINT8 cmd_code, cfg_code, cfg_len, id; 321 tL2C_CONN_INFO con_info; 322 tL2CAP_CFG_INFO cfg_info; 323 UINT16 rej_reason, rej_mtu, lcid, rcid, info_type; 324 tL2C_CCB *p_ccb; 325 tL2C_RCB *p_rcb, *p_rcb2; 326 BOOLEAN cfg_rej, pkt_size_rej = FALSE; 327 UINT16 cfg_rej_len, cmd_len; 328 UINT16 result; 329 tL2C_CONN_INFO ci; 330 331#if (defined BLE_INCLUDED && BLE_INCLUDED == TRUE) 332 /* if l2cap command received in CID 1 on top of an LE link, ignore this command */ 333 if (p_lcb->transport == BT_TRANSPORT_LE) 334 return; 335#endif 336 337 /* Reject the packet if it exceeds the default Signalling Channel MTU */ 338 if (pkt_len > L2CAP_DEFAULT_MTU) 339 { 340 /* Core Spec requires a single response to the first command found in a multi-command 341 ** L2cap packet. If only responses in the packet, then it will be ignored. 342 ** Here we simply mark the bad packet and decide which cmd ID to reject later 343 */ 344 pkt_size_rej = TRUE; 345 L2CAP_TRACE_ERROR ("L2CAP SIG MTU Pkt Len Exceeded (672) -> pkt_len: %d", pkt_len); 346 } 347 348 p_next_cmd = p; 349 p_pkt_end = p + pkt_len; 350 351 memset (&cfg_info, 0, sizeof(cfg_info)); 352 353 /* An L2CAP packet may contain multiple commands */ 354 while (TRUE) 355 { 356 /* Smallest command is 4 bytes */ 357 if ((p = p_next_cmd) > (p_pkt_end - 4)) 358 break; 359 360 STREAM_TO_UINT8 (cmd_code, p); 361 STREAM_TO_UINT8 (id, p); 362 STREAM_TO_UINT16 (cmd_len, p); 363 364 /* Check command length does not exceed packet length */ 365 if ((p_next_cmd = p + cmd_len) > p_pkt_end) 366 { 367 L2CAP_TRACE_WARNING ("Command len bad pkt_len: %d cmd_len: %d code: %d", 368 pkt_len, cmd_len, cmd_code); 369 break; 370 } 371 372 L2CAP_TRACE_DEBUG ("cmd_code: %d, id:%d, cmd_len:%d", cmd_code, id, cmd_len); 373 374 /* Bad L2CAP packet length, look or cmd to reject */ 375 if (pkt_size_rej) 376 { 377 /* If command found rejected it and we're done, otherwise keep looking */ 378 if (l2c_is_cmd_rejected(cmd_code, id, p_lcb)) 379 return; 380 else 381 continue; /* Look for next cmd/response in current packet */ 382 } 383 384 switch (cmd_code) 385 { 386 case L2CAP_CMD_REJECT: 387 STREAM_TO_UINT16 (rej_reason, p); 388 if (rej_reason == L2CAP_CMD_REJ_MTU_EXCEEDED) 389 { 390 STREAM_TO_UINT16 (rej_mtu, p); 391 /* What to do with the MTU reject ? We have negotiated an MTU. For now */ 392 /* we will ignore it and let a higher protocol timeout take care of it */ 393 394 L2CAP_TRACE_WARNING ("L2CAP - MTU rej Handle: %d MTU: %d", p_lcb->handle, rej_mtu); 395 } 396 if (rej_reason == L2CAP_CMD_REJ_INVALID_CID) 397 { 398 STREAM_TO_UINT16 (rcid, p); 399 STREAM_TO_UINT16 (lcid, p); 400 401 L2CAP_TRACE_WARNING ("L2CAP - rej with CID invalid, LCID: 0x%04x RCID: 0x%04x", lcid, rcid); 402 403 /* Remote CID invalid. Treat as a disconnect */ 404 if (((p_ccb = l2cu_find_ccb_by_cid (p_lcb, lcid)) != NULL) 405 && (p_ccb->remote_cid == rcid)) 406 { 407 /* Fake link disconnect - no reply is generated */ 408 l2c_csm_execute (p_ccb, L2CEVT_LP_DISCONNECT_IND, NULL); 409 } 410 } 411 412 /* SonyEricsson Info request Bug workaround (Continue connection) */ 413 else if (rej_reason == L2CAP_CMD_REJ_NOT_UNDERSTOOD && p_lcb->w4_info_rsp) 414 { 415 btu_stop_timer (&p_lcb->info_timer_entry); 416 417 p_lcb->w4_info_rsp = FALSE; 418 ci.status = HCI_SUCCESS; 419 memcpy (ci.bd_addr, p_lcb->remote_bd_addr, sizeof(BD_ADDR)); 420 421 /* For all channels, send the event through their FSMs */ 422 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb) 423 { 424 l2c_csm_execute (p_ccb, L2CEVT_L2CAP_INFO_RSP, &ci); 425 } 426 } 427 break; 428 429 case L2CAP_CMD_CONN_REQ: 430 STREAM_TO_UINT16 (con_info.psm, p); 431 STREAM_TO_UINT16 (rcid, p); 432 if ((p_rcb = l2cu_find_rcb_by_psm (con_info.psm)) == NULL) 433 { 434 L2CAP_TRACE_WARNING ("L2CAP - rcvd conn req for unknown PSM: %d", con_info.psm); 435 l2cu_reject_connection (p_lcb, rcid, id, L2CAP_CONN_NO_PSM); 436 break; 437 } 438 else 439 { 440 if (!p_rcb->api.pL2CA_ConnectInd_Cb) 441 { 442 L2CAP_TRACE_WARNING ("L2CAP - rcvd conn req for outgoing-only connection PSM: %d", con_info.psm); 443 l2cu_reject_connection (p_lcb, rcid, id, L2CAP_CONN_NO_PSM); 444 break; 445 } 446 } 447 if ((p_ccb = l2cu_allocate_ccb (p_lcb, 0)) == NULL) 448 { 449 L2CAP_TRACE_ERROR ("L2CAP - unable to allocate CCB"); 450 l2cu_reject_connection (p_lcb, rcid, id, L2CAP_CONN_NO_RESOURCES); 451 break; 452 } 453 p_ccb->remote_id = id; 454 p_ccb->p_rcb = p_rcb; 455 p_ccb->remote_cid = rcid; 456 457 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_REQ, &con_info); 458 break; 459 460 case L2CAP_CMD_CONN_RSP: 461 STREAM_TO_UINT16 (con_info.remote_cid, p); 462 STREAM_TO_UINT16 (lcid, p); 463 STREAM_TO_UINT16 (con_info.l2cap_result, p); 464 STREAM_TO_UINT16 (con_info.l2cap_status, p); 465 466 if ((p_ccb = l2cu_find_ccb_by_cid (p_lcb, lcid)) == NULL) 467 { 468 L2CAP_TRACE_WARNING ("L2CAP - no CCB for conn rsp, LCID: %d RCID: %d", 469 lcid, con_info.remote_cid); 470 break; 471 } 472 if (p_ccb->local_id != id) 473 { 474 L2CAP_TRACE_WARNING ("L2CAP - con rsp - bad ID. Exp: %d Got: %d", 475 p_ccb->local_id, id); 476 break; 477 } 478 479 if (con_info.l2cap_result == L2CAP_CONN_OK) 480 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP, &con_info); 481 else if (con_info.l2cap_result == L2CAP_CONN_PENDING) 482 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP_PND, &con_info); 483 else 484 l2c_csm_execute(p_ccb, L2CEVT_L2CAP_CONNECT_RSP_NEG, &con_info); 485 486 break; 487 488 case L2CAP_CMD_CONFIG_REQ: 489 p_cfg_end = p + cmd_len; 490 cfg_rej = FALSE; 491 cfg_rej_len = 0; 492 493 STREAM_TO_UINT16 (lcid, p); 494 STREAM_TO_UINT16 (cfg_info.flags, p); 495 496 p_cfg_start = p; 497 498 cfg_info.flush_to_present = cfg_info.mtu_present = cfg_info.qos_present = 499 cfg_info.fcr_present = cfg_info.fcs_present = FALSE; 500 501 while (p < p_cfg_end) 502 { 503 STREAM_TO_UINT8 (cfg_code, p); 504 STREAM_TO_UINT8 (cfg_len, p); 505 506 switch (cfg_code & 0x7F) 507 { 508 case L2CAP_CFG_TYPE_MTU: 509 cfg_info.mtu_present = TRUE; 510 STREAM_TO_UINT16 (cfg_info.mtu, p); 511 break; 512 513 case L2CAP_CFG_TYPE_FLUSH_TOUT: 514 cfg_info.flush_to_present = TRUE; 515 STREAM_TO_UINT16 (cfg_info.flush_to, p); 516 break; 517 518 case L2CAP_CFG_TYPE_QOS: 519 cfg_info.qos_present = TRUE; 520 STREAM_TO_UINT8 (cfg_info.qos.qos_flags, p); 521 STREAM_TO_UINT8 (cfg_info.qos.service_type, p); 522 STREAM_TO_UINT32 (cfg_info.qos.token_rate, p); 523 STREAM_TO_UINT32 (cfg_info.qos.token_bucket_size, p); 524 STREAM_TO_UINT32 (cfg_info.qos.peak_bandwidth, p); 525 STREAM_TO_UINT32 (cfg_info.qos.latency, p); 526 STREAM_TO_UINT32 (cfg_info.qos.delay_variation, p); 527 break; 528 529 case L2CAP_CFG_TYPE_FCR: 530 cfg_info.fcr_present = TRUE; 531 STREAM_TO_UINT8 (cfg_info.fcr.mode, p); 532 STREAM_TO_UINT8 (cfg_info.fcr.tx_win_sz, p); 533 STREAM_TO_UINT8 (cfg_info.fcr.max_transmit, p); 534 STREAM_TO_UINT16 (cfg_info.fcr.rtrans_tout, p); 535 STREAM_TO_UINT16 (cfg_info.fcr.mon_tout, p); 536 STREAM_TO_UINT16 (cfg_info.fcr.mps, p); 537 break; 538 539 case L2CAP_CFG_TYPE_FCS: 540 cfg_info.fcs_present = TRUE; 541 STREAM_TO_UINT8 (cfg_info.fcs, p); 542 break; 543 544 case L2CAP_CFG_TYPE_EXT_FLOW: 545 cfg_info.ext_flow_spec_present = TRUE; 546 STREAM_TO_UINT8 (cfg_info.ext_flow_spec.id, p); 547 STREAM_TO_UINT8 (cfg_info.ext_flow_spec.stype, p); 548 STREAM_TO_UINT16 (cfg_info.ext_flow_spec.max_sdu_size, p); 549 STREAM_TO_UINT32 (cfg_info.ext_flow_spec.sdu_inter_time, p); 550 STREAM_TO_UINT32 (cfg_info.ext_flow_spec.access_latency, p); 551 STREAM_TO_UINT32 (cfg_info.ext_flow_spec.flush_timeout, p); 552 break; 553 554 default: 555 /* sanity check option length */ 556 if ((cfg_len + L2CAP_CFG_OPTION_OVERHEAD) <= cmd_len) 557 { 558 p += cfg_len; 559 if ((cfg_code & 0x80) == 0) 560 { 561 cfg_rej_len += cfg_len + L2CAP_CFG_OPTION_OVERHEAD; 562 cfg_rej = TRUE; 563 } 564 } 565 /* bad length; force loop exit */ 566 else 567 { 568 p = p_cfg_end; 569 cfg_rej = TRUE; 570 } 571 break; 572 } 573 } 574 575 if ((p_ccb = l2cu_find_ccb_by_cid (p_lcb, lcid)) != NULL) 576 { 577 p_ccb->remote_id = id; 578 if (cfg_rej) 579 { 580 l2cu_send_peer_config_rej (p_ccb, p_cfg_start, (UINT16) (cmd_len - L2CAP_CONFIG_REQ_LEN), cfg_rej_len); 581 } 582 else 583 { 584 l2c_csm_execute (p_ccb, L2CEVT_L2CAP_CONFIG_REQ, &cfg_info); 585 } 586 } 587 else 588 { 589 /* updated spec says send command reject on invalid cid */ 590 l2cu_send_peer_cmd_reject (p_lcb, L2CAP_CMD_REJ_INVALID_CID, id, 0, 0); 591 } 592 break; 593 594 case L2CAP_CMD_CONFIG_RSP: 595 p_cfg_end = p + cmd_len; 596 STREAM_TO_UINT16 (lcid, p); 597 STREAM_TO_UINT16 (cfg_info.flags, p); 598 STREAM_TO_UINT16 (cfg_info.result, p); 599 600 cfg_info.flush_to_present = cfg_info.mtu_present = cfg_info.qos_present = 601 cfg_info.fcr_present = cfg_info.fcs_present = FALSE; 602 603 while (p < p_cfg_end) 604 { 605 STREAM_TO_UINT8 (cfg_code, p); 606 STREAM_TO_UINT8 (cfg_len, p); 607 608 switch (cfg_code & 0x7F) 609 { 610 case L2CAP_CFG_TYPE_MTU: 611 cfg_info.mtu_present = TRUE; 612 STREAM_TO_UINT16 (cfg_info.mtu, p); 613 break; 614 615 case L2CAP_CFG_TYPE_FLUSH_TOUT: 616 cfg_info.flush_to_present = TRUE; 617 STREAM_TO_UINT16 (cfg_info.flush_to, p); 618 break; 619 620 case L2CAP_CFG_TYPE_QOS: 621 cfg_info.qos_present = TRUE; 622 STREAM_TO_UINT8 (cfg_info.qos.qos_flags, p); 623 STREAM_TO_UINT8 (cfg_info.qos.service_type, p); 624 STREAM_TO_UINT32 (cfg_info.qos.token_rate, p); 625 STREAM_TO_UINT32 (cfg_info.qos.token_bucket_size, p); 626 STREAM_TO_UINT32 (cfg_info.qos.peak_bandwidth, p); 627 STREAM_TO_UINT32 (cfg_info.qos.latency, p); 628 STREAM_TO_UINT32 (cfg_info.qos.delay_variation, p); 629 break; 630 631 case L2CAP_CFG_TYPE_FCR: 632 cfg_info.fcr_present = TRUE; 633 STREAM_TO_UINT8 (cfg_info.fcr.mode, p); 634 STREAM_TO_UINT8 (cfg_info.fcr.tx_win_sz, p); 635 STREAM_TO_UINT8 (cfg_info.fcr.max_transmit, p); 636 STREAM_TO_UINT16 (cfg_info.fcr.rtrans_tout, p); 637 STREAM_TO_UINT16 (cfg_info.fcr.mon_tout, p); 638 STREAM_TO_UINT16 (cfg_info.fcr.mps, p); 639 break; 640 641 case L2CAP_CFG_TYPE_FCS: 642 cfg_info.fcs_present = TRUE; 643 STREAM_TO_UINT8 (cfg_info.fcs, p); 644 break; 645 646 case L2CAP_CFG_TYPE_EXT_FLOW: 647 cfg_info.ext_flow_spec_present = TRUE; 648 STREAM_TO_UINT8 (cfg_info.ext_flow_spec.id, p); 649 STREAM_TO_UINT8 (cfg_info.ext_flow_spec.stype, p); 650 STREAM_TO_UINT16 (cfg_info.ext_flow_spec.max_sdu_size, p); 651 STREAM_TO_UINT32 (cfg_info.ext_flow_spec.sdu_inter_time, p); 652 STREAM_TO_UINT32 (cfg_info.ext_flow_spec.access_latency, p); 653 STREAM_TO_UINT32 (cfg_info.ext_flow_spec.flush_timeout, p); 654 break; 655 } 656 } 657 658 if ((p_ccb = l2cu_find_ccb_by_cid (p_lcb, lcid)) != NULL) 659 { 660 if (p_ccb->local_id != id) 661 { 662 L2CAP_TRACE_WARNING ("L2CAP - cfg rsp - bad ID. Exp: %d Got: %d", 663 p_ccb->local_id, id); 664 break; 665 } 666 if ( (cfg_info.result == L2CAP_CFG_OK) || (cfg_info.result == L2CAP_CFG_PENDING) ) 667 l2c_csm_execute (p_ccb, L2CEVT_L2CAP_CONFIG_RSP, &cfg_info); 668 else 669 l2c_csm_execute (p_ccb, L2CEVT_L2CAP_CONFIG_RSP_NEG, &cfg_info); 670 } 671 else 672 { 673 L2CAP_TRACE_WARNING ("L2CAP - rcvd cfg rsp for unknown CID: 0x%04x", lcid); 674 } 675 break; 676 677 678 case L2CAP_CMD_DISC_REQ: 679 STREAM_TO_UINT16 (lcid, p); 680 STREAM_TO_UINT16 (rcid, p); 681 682 if ((p_ccb = l2cu_find_ccb_by_cid (p_lcb, lcid)) != NULL) 683 { 684 if (p_ccb->remote_cid == rcid) 685 { 686 p_ccb->remote_id = id; 687 l2c_csm_execute (p_ccb, L2CEVT_L2CAP_DISCONNECT_REQ, &con_info); 688 } 689 } 690 else 691 l2cu_send_peer_disc_rsp (p_lcb, id, lcid, rcid); 692 693 break; 694 695 case L2CAP_CMD_DISC_RSP: 696 STREAM_TO_UINT16 (rcid, p); 697 STREAM_TO_UINT16 (lcid, p); 698 699 if ((p_ccb = l2cu_find_ccb_by_cid (p_lcb, lcid)) != NULL) 700 { 701 if ((p_ccb->remote_cid == rcid) && (p_ccb->local_id == id)) 702 { 703 l2c_csm_execute (p_ccb, L2CEVT_L2CAP_DISCONNECT_RSP, &con_info); 704 } 705 } 706 break; 707 708 case L2CAP_CMD_ECHO_REQ: 709 l2cu_send_peer_echo_rsp (p_lcb, id, NULL, 0); 710 break; 711 712 case L2CAP_CMD_ECHO_RSP: 713 if (p_lcb->p_echo_rsp_cb) 714 { 715 tL2CA_ECHO_RSP_CB *p_cb = p_lcb->p_echo_rsp_cb; 716 717 /* Zero out the callback in case app immediately calls us again */ 718 p_lcb->p_echo_rsp_cb = NULL; 719 720 (*p_cb) (L2CAP_PING_RESULT_OK); 721 } 722 break; 723 724 case L2CAP_CMD_INFO_REQ: 725 STREAM_TO_UINT16 (info_type, p); 726 l2cu_send_peer_info_rsp (p_lcb, id, info_type); 727 break; 728 729 case L2CAP_CMD_INFO_RSP: 730 /* Stop the link connect timer if sent before L2CAP connection is up */ 731 if (p_lcb->w4_info_rsp) 732 { 733 btu_stop_timer (&p_lcb->info_timer_entry); 734 p_lcb->w4_info_rsp = FALSE; 735 } 736 737 STREAM_TO_UINT16 (info_type, p); 738 STREAM_TO_UINT16 (result, p); 739 740 p_lcb->info_rx_bits |= (1 << info_type); 741 742 if ( (info_type == L2CAP_EXTENDED_FEATURES_INFO_TYPE) 743 && (result == L2CAP_INFO_RESP_RESULT_SUCCESS) ) 744 { 745 STREAM_TO_UINT32( p_lcb->peer_ext_fea, p ); 746 747#if (L2CAP_NUM_FIXED_CHNLS > 0) 748 if (p_lcb->peer_ext_fea & L2CAP_EXTFEA_FIXED_CHNLS) 749 { 750 l2cu_send_peer_info_req (p_lcb, L2CAP_FIXED_CHANNELS_INFO_TYPE); 751 break; 752 } 753 else 754 { 755 l2cu_process_fixed_chnl_resp (p_lcb); 756 } 757#endif 758 } 759 760 761#if (L2CAP_NUM_FIXED_CHNLS > 0) 762 if (info_type == L2CAP_FIXED_CHANNELS_INFO_TYPE) 763 { 764 if (result == L2CAP_INFO_RESP_RESULT_SUCCESS) 765 { 766 memcpy (p_lcb->peer_chnl_mask, p, L2CAP_FIXED_CHNL_ARRAY_SIZE); 767 } 768 769 l2cu_process_fixed_chnl_resp (p_lcb); 770 } 771#endif 772#if (L2CAP_UCD_INCLUDED == TRUE) 773 else if (info_type == L2CAP_CONNLESS_MTU_INFO_TYPE) 774 { 775 if (result == L2CAP_INFO_RESP_RESULT_SUCCESS) 776 { 777 STREAM_TO_UINT16 (p_lcb->ucd_mtu, p); 778 } 779 } 780#endif 781 782 ci.status = HCI_SUCCESS; 783 memcpy (ci.bd_addr, p_lcb->remote_bd_addr, sizeof(BD_ADDR)); 784 for (p_ccb = p_lcb->ccb_queue.p_first_ccb; p_ccb; p_ccb = p_ccb->p_next_ccb) 785 { 786 l2c_csm_execute (p_ccb, L2CEVT_L2CAP_INFO_RSP, &ci); 787 } 788 break; 789 790 default: 791 L2CAP_TRACE_WARNING ("L2CAP - bad cmd code: %d", cmd_code); 792 l2cu_send_peer_cmd_reject (p_lcb, L2CAP_CMD_REJ_NOT_UNDERSTOOD, id, 0, 0); 793 return; 794 } 795 } 796} 797 798/******************************************************************************* 799** 800** Function l2c_process_held_packets 801** 802** Description This function processes any L2CAP packets that arrived before 803** the HCI connection complete arrived. It is a work around for 804** badly behaved controllers. 805** 806** Returns void 807** 808*******************************************************************************/ 809void l2c_process_held_packets(BOOLEAN timed_out) { 810 if (list_is_empty(l2cb.rcv_pending_q)) 811 return; 812 813 if (!timed_out) { 814 btu_stop_timer(&l2cb.rcv_hold_tle); 815 L2CAP_TRACE_WARNING("L2CAP HOLD CONTINUE"); 816 } else { 817 L2CAP_TRACE_WARNING("L2CAP HOLD TIMEOUT"); 818 } 819 820 for (const list_node_t *node = list_begin(l2cb.rcv_pending_q); 821 node != list_end(l2cb.rcv_pending_q);) { 822 BT_HDR *p_buf = list_node(node); 823 node = list_next(node); 824 if (!timed_out || (!p_buf->layer_specific) || (--p_buf->layer_specific == 0)) { 825 list_remove(l2cb.rcv_pending_q, p_buf); 826 p_buf->layer_specific = 0xFFFF; 827 l2c_rcv_acl_data(p_buf); 828 } 829 } 830 831 /* If anyone still in the queue, restart the timeout */ 832 if (!list_is_empty(l2cb.rcv_pending_q)) 833 btu_start_timer (&l2cb.rcv_hold_tle, BTU_TTYPE_L2CAP_HOLD, BT_1SEC_TIMEOUT); 834} 835 836 837/******************************************************************************* 838** 839** Function l2c_init 840** 841** Description This function is called once at startup to initialize 842** all the L2CAP structures 843** 844** Returns void 845** 846*******************************************************************************/ 847void l2c_init (void) 848{ 849 INT16 xx; 850 851 memset (&l2cb, 0, sizeof (tL2C_CB)); 852 /* the psm is increased by 2 before being used */ 853 l2cb.dyn_psm = 0xFFF; 854 855 /* Put all the channel control blocks on the free queue */ 856 for (xx = 0; xx < MAX_L2CAP_CHANNELS - 1; xx++) 857 { 858 l2cb.ccb_pool[xx].p_next_ccb = &l2cb.ccb_pool[xx + 1]; 859 } 860 861#if (L2CAP_NON_FLUSHABLE_PB_INCLUDED == TRUE) 862 /* it will be set to L2CAP_PKT_START_NON_FLUSHABLE if controller supports */ 863 l2cb.non_flushable_pbf = L2CAP_PKT_START << L2CAP_PKT_TYPE_SHIFT; 864#endif 865 866 867 l2cb.p_free_ccb_first = &l2cb.ccb_pool[0]; 868 l2cb.p_free_ccb_last = &l2cb.ccb_pool[MAX_L2CAP_CHANNELS - 1]; 869 870#ifdef L2CAP_DESIRED_LINK_ROLE 871 l2cb.desire_role = L2CAP_DESIRED_LINK_ROLE; 872#else 873 l2cb.desire_role = HCI_ROLE_SLAVE; 874#endif 875 876 /* Set the default idle timeout */ 877 l2cb.idle_timeout = L2CAP_LINK_INACTIVITY_TOUT; 878 879#if defined(L2CAP_INITIAL_TRACE_LEVEL) 880 l2cb.l2cap_trace_level = L2CAP_INITIAL_TRACE_LEVEL; 881#else 882 l2cb.l2cap_trace_level = BT_TRACE_LEVEL_NONE; /* No traces */ 883#endif 884 885#if L2CAP_CONFORMANCE_TESTING == TRUE 886 /* Conformance testing needs a dynamic response */ 887 l2cb.test_info_resp = L2CAP_EXTFEA_SUPPORTED_MASK; 888#endif 889 890 /* Number of ACL buffers to use for high priority channel */ 891#if (defined(L2CAP_HIGH_PRI_CHAN_QUOTA_IS_CONFIGURABLE) && (L2CAP_HIGH_PRI_CHAN_QUOTA_IS_CONFIGURABLE == TRUE)) 892 l2cb.high_pri_min_xmit_quota = L2CAP_HIGH_PRI_MIN_XMIT_QUOTA; 893#endif 894 895 l2cb.l2c_ble_fixed_chnls_mask = 896 L2CAP_FIXED_CHNL_ATT_BIT | L2CAP_FIXED_CHNL_BLE_SIG_BIT | L2CAP_FIXED_CHNL_SMP_BIT; 897 898 l2cb.rcv_pending_q = list_new(NULL); 899 if (l2cb.rcv_pending_q == NULL) 900 LOG_ERROR("%s unable to allocate memory for link layer control block", __func__); 901} 902 903void l2c_free(void) { 904 list_free(l2cb.rcv_pending_q); 905} 906 907/******************************************************************************* 908** 909** Function l2c_process_timeout 910** 911** Description This function is called when an L2CAP-related timeout occurs 912** 913** Returns void 914** 915*******************************************************************************/ 916void l2c_process_timeout (TIMER_LIST_ENT *p_tle) 917{ 918 /* What type of timeout ? */ 919 switch (p_tle->event) 920 { 921 case BTU_TTYPE_L2CAP_LINK: 922 l2c_link_timeout ((tL2C_LCB *)p_tle->param); 923 break; 924 925 case BTU_TTYPE_L2CAP_CHNL: 926 l2c_csm_execute (((tL2C_CCB *)p_tle->param), L2CEVT_TIMEOUT, NULL); 927 break; 928 929 case BTU_TTYPE_L2CAP_FCR_ACK: 930 l2c_csm_execute (((tL2C_CCB *)p_tle->param), L2CEVT_ACK_TIMEOUT, NULL); 931 break; 932 933 case BTU_TTYPE_L2CAP_HOLD: 934 /* Update the timeouts in the hold queue */ 935 l2c_process_held_packets(TRUE); 936 break; 937 938 case BTU_TTYPE_L2CAP_INFO: 939 l2c_info_timeout((tL2C_LCB *)p_tle->param); 940 break; 941 } 942} 943 944/******************************************************************************* 945** 946** Function l2c_data_write 947** 948** Description API functions call this function to write data. 949** 950** Returns L2CAP_DW_SUCCESS, if data accepted, else FALSE 951** L2CAP_DW_CONGESTED, if data accepted and the channel is congested 952** L2CAP_DW_FAILED, if error 953** 954*******************************************************************************/ 955UINT8 l2c_data_write (UINT16 cid, BT_HDR *p_data, UINT16 flags) 956{ 957 tL2C_CCB *p_ccb; 958 959 /* Find the channel control block. We don't know the link it is on. */ 960 if ((p_ccb = l2cu_find_ccb_by_cid (NULL, cid)) == NULL) 961 { 962 L2CAP_TRACE_WARNING ("L2CAP - no CCB for L2CA_DataWrite, CID: %d", cid); 963 GKI_freebuf (p_data); 964 return (L2CAP_DW_FAILED); 965 } 966 967#ifndef TESTER /* Tester may send any amount of data. otherwise sending message 968 bigger than mtu size of peer is a violation of protocol */ 969 if (p_data->len > p_ccb->peer_cfg.mtu) 970 { 971 L2CAP_TRACE_WARNING ("L2CAP - CID: 0x%04x cannot send message bigger than peer's mtu size", cid); 972 GKI_freebuf (p_data); 973 return (L2CAP_DW_FAILED); 974 } 975#endif 976 977 /* channel based, packet based flushable or non-flushable */ 978 p_data->layer_specific = flags; 979 980 /* If already congested, do not accept any more packets */ 981 if (p_ccb->cong_sent) 982 { 983 L2CAP_TRACE_ERROR ("L2CAP - CID: 0x%04x cannot send, already congested xmit_hold_q.count: %u buff_quota: %u", 984 p_ccb->local_cid, GKI_queue_length(&p_ccb->xmit_hold_q), p_ccb->buff_quota); 985 986 GKI_freebuf (p_data); 987 return (L2CAP_DW_FAILED); 988 } 989 990 counter_add("l2cap.dyn.tx.bytes", p_data->len); 991 counter_add("l2cap.dyn.tx.pkts", 1); 992 993 l2c_csm_execute (p_ccb, L2CEVT_L2CA_DATA_WRITE, p_data); 994 995 if (p_ccb->cong_sent) 996 return (L2CAP_DW_CONGESTED); 997 998 return (L2CAP_DW_SUCCESS); 999} 1000 1001