blob: b99d52f56aa7f82e26aa55cd91edb967d9e36c60 [file] [log] [blame]
/* rfcomm.c - RFCOMM handling */
/*
* Copyright (c) 2016 Intel Corporation
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <zephyr.h>
#include <string.h>
#include <errno.h>
#include <sys/atomic.h>
#include <sys/byteorder.h>
#include <sys/util.h>
#include <debug/stack.h>
#include <bluetooth/hci.h>
#include <bluetooth/bluetooth.h>
#include <bluetooth/conn.h>
#include <drivers/bluetooth/hci_driver.h>
#include <bluetooth/l2cap.h>
#define BT_DBG_ENABLED IS_ENABLED(CONFIG_BT_DEBUG_RFCOMM)
#define LOG_MODULE_NAME bt_rfcomm
#include "common/log.h"
#include <bluetooth/rfcomm.h>
#include "hci_core.h"
#include "conn_internal.h"
#include "l2cap_internal.h"
#include "rfcomm_internal.h"
#define RFCOMM_CHANNEL_START 0x01
#define RFCOMM_CHANNEL_END 0x1e
#define RFCOMM_MIN_MTU BT_RFCOMM_SIG_MIN_MTU
#define RFCOMM_DEFAULT_MTU 127
#define RFCOMM_MAX_CREDITS (CONFIG_BT_BUF_ACL_RX_COUNT - 1)
#define RFCOMM_CREDITS_THRESHOLD (RFCOMM_MAX_CREDITS / 2)
#define RFCOMM_DEFAULT_CREDIT RFCOMM_MAX_CREDITS
#define RFCOMM_CONN_TIMEOUT K_SECONDS(60)
#define RFCOMM_DISC_TIMEOUT K_SECONDS(20)
#define RFCOMM_IDLE_TIMEOUT K_SECONDS(2)
#define DLC_RTX(_w) CONTAINER_OF(_w, struct bt_rfcomm_dlc, rtx_work)
#define SESSION_RTX(_w) CONTAINER_OF(_w, struct bt_rfcomm_session, rtx_work)
static struct bt_rfcomm_server *servers;
/* Pool for dummy buffers to wake up the tx threads */
NET_BUF_POOL_DEFINE(dummy_pool, CONFIG_BT_MAX_CONN, 0, 0, NULL);
#define RFCOMM_SESSION(_ch) CONTAINER_OF(_ch, \
struct bt_rfcomm_session, br_chan.chan)
static struct bt_rfcomm_session bt_rfcomm_pool[CONFIG_BT_MAX_CONN];
/* reversed, 8-bit, poly=0x07 */
static const uint8_t rfcomm_crc_table[256] = {
0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
};
static uint8_t rfcomm_calc_fcs(uint16_t len, const uint8_t *data)
{
uint8_t fcs = 0xff;
while (len--) {
fcs = rfcomm_crc_table[fcs ^ *data++];
}
/* Ones compliment */
return (0xff - fcs);
}
static bool rfcomm_check_fcs(uint16_t len, const uint8_t *data,
uint8_t recvd_fcs)
{
uint8_t fcs = 0xff;
while (len--) {
fcs = rfcomm_crc_table[fcs ^ *data++];
}
/* Ones compliment */
fcs = rfcomm_crc_table[fcs ^ recvd_fcs];
/*0xCF is the reversed order of 11110011.*/
return (fcs == 0xcf);
}
static struct bt_rfcomm_dlc *rfcomm_dlcs_lookup_dlci(struct bt_rfcomm_dlc *dlcs,
uint8_t dlci)
{
for (; dlcs; dlcs = dlcs->_next) {
if (dlcs->dlci == dlci) {
return dlcs;
}
}
return NULL;
}
static struct bt_rfcomm_dlc *rfcomm_dlcs_remove_dlci(struct bt_rfcomm_dlc *dlcs,
uint8_t dlci)
{
struct bt_rfcomm_dlc *tmp;
if (!dlcs) {
return NULL;
}
/* If first node is the one to be removed */
if (dlcs->dlci == dlci) {
dlcs->session->dlcs = dlcs->_next;
return dlcs;
}
for (tmp = dlcs, dlcs = dlcs->_next; dlcs; dlcs = dlcs->_next) {
if (dlcs->dlci == dlci) {
tmp->_next = dlcs->_next;
return dlcs;
}
tmp = dlcs;
}
return NULL;
}
static struct bt_rfcomm_server *rfcomm_server_lookup_channel(uint8_t channel)
{
struct bt_rfcomm_server *server;
for (server = servers; server; server = server->_next) {
if (server->channel == channel) {
return server;
}
}
return NULL;
}
static struct bt_rfcomm_session *
rfcomm_sessions_lookup_bt_conn(struct bt_conn *conn)
{
int i;
for (i = 0; i < ARRAY_SIZE(bt_rfcomm_pool); i++) {
struct bt_rfcomm_session *session = &bt_rfcomm_pool[i];
if (session->br_chan.chan.conn == conn) {
return session;
}
}
return NULL;
}
int bt_rfcomm_server_register(struct bt_rfcomm_server *server)
{
if (server->channel < RFCOMM_CHANNEL_START ||
server->channel > RFCOMM_CHANNEL_END || !server->accept) {
return -EINVAL;
}
/* Check if given channel is already in use */
if (rfcomm_server_lookup_channel(server->channel)) {
BT_DBG("Channel already registered");
return -EADDRINUSE;
}
BT_DBG("Channel 0x%02x", server->channel);
server->_next = servers;
servers = server;
return 0;
}
static void rfcomm_dlc_tx_give_credits(struct bt_rfcomm_dlc *dlc,
uint8_t credits)
{
BT_DBG("dlc %p credits %u", dlc, credits);
while (credits--) {
k_sem_give(&dlc->tx_credits);
}
BT_DBG("dlc %p updated credits %u", dlc,
k_sem_count_get(&dlc->tx_credits));
}
static void rfcomm_dlc_destroy(struct bt_rfcomm_dlc *dlc)
{
BT_DBG("dlc %p", dlc);
k_work_cancel_delayable(&dlc->rtx_work);
dlc->state = BT_RFCOMM_STATE_IDLE;
dlc->session = NULL;
if (dlc->ops && dlc->ops->disconnected) {
dlc->ops->disconnected(dlc);
}
}
static void rfcomm_dlc_disconnect(struct bt_rfcomm_dlc *dlc)
{
uint8_t old_state = dlc->state;
BT_DBG("dlc %p", dlc);
if (dlc->state == BT_RFCOMM_STATE_DISCONNECTED) {
return;
}
dlc->state = BT_RFCOMM_STATE_DISCONNECTED;
switch (old_state) {
case BT_RFCOMM_STATE_CONNECTED:
/* Queue a dummy buffer to wake up and stop the
* tx thread for states where it was running.
*/
net_buf_put(&dlc->tx_queue,
net_buf_alloc(&dummy_pool, K_NO_WAIT));
/* There could be a writer waiting for credits so return a
* dummy credit to wake it up.
*/
rfcomm_dlc_tx_give_credits(dlc, 1);
k_sem_give(&dlc->session->fc);
break;
default:
rfcomm_dlc_destroy(dlc);
break;
}
}
static void rfcomm_session_disconnected(struct bt_rfcomm_session *session)
{
struct bt_rfcomm_dlc *dlc;
BT_DBG("Session %p", session);
if (session->state == BT_RFCOMM_STATE_DISCONNECTED) {
return;
}
for (dlc = session->dlcs; dlc;) {
struct bt_rfcomm_dlc *next;
/* prefetch since disconnected callback may cleanup */
next = dlc->_next;
dlc->_next = NULL;
rfcomm_dlc_disconnect(dlc);
dlc = next;
}
session->state = BT_RFCOMM_STATE_DISCONNECTED;
session->dlcs = NULL;
}
struct net_buf *bt_rfcomm_create_pdu(struct net_buf_pool *pool)
{
/* Length in RFCOMM header can be 2 bytes depending on length of user
* data
*/
return bt_conn_create_pdu(pool,
sizeof(struct bt_l2cap_hdr) +
sizeof(struct bt_rfcomm_hdr) + 1);
}
static int rfcomm_send(struct bt_rfcomm_session *session, struct net_buf *buf)
{
int err;
err = bt_l2cap_chan_send(&session->br_chan.chan, buf);
if (err < 0) {
net_buf_unref(buf);
}
return err;
}
static int rfcomm_send_sabm(struct bt_rfcomm_session *session, uint8_t dlci)
{
struct bt_rfcomm_hdr *hdr;
struct net_buf *buf;
uint8_t cr, fcs;
buf = bt_l2cap_create_pdu(NULL, 0);
hdr = net_buf_add(buf, sizeof(*hdr));
cr = BT_RFCOMM_CMD_CR(session->role);
hdr->address = BT_RFCOMM_SET_ADDR(dlci, cr);
hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_SABM, BT_RFCOMM_PF_NON_UIH);
hdr->length = BT_RFCOMM_SET_LEN_8(0);
fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_NON_UIH, buf->data);
net_buf_add_u8(buf, fcs);
return rfcomm_send(session, buf);
}
static int rfcomm_send_disc(struct bt_rfcomm_session *session, uint8_t dlci)
{
struct bt_rfcomm_hdr *hdr;
struct net_buf *buf;
uint8_t fcs, cr;
BT_DBG("dlci %d", dlci);
buf = bt_l2cap_create_pdu(NULL, 0);
hdr = net_buf_add(buf, sizeof(*hdr));
cr = BT_RFCOMM_RESP_CR(session->role);
hdr->address = BT_RFCOMM_SET_ADDR(dlci, cr);
hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_DISC, BT_RFCOMM_PF_NON_UIH);
hdr->length = BT_RFCOMM_SET_LEN_8(0);
fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_NON_UIH, buf->data);
net_buf_add_u8(buf, fcs);
return rfcomm_send(session, buf);
}
static void rfcomm_session_disconnect(struct bt_rfcomm_session *session)
{
if (session->dlcs) {
return;
}
session->state = BT_RFCOMM_STATE_DISCONNECTING;
rfcomm_send_disc(session, 0);
k_work_reschedule(&session->rtx_work, RFCOMM_DISC_TIMEOUT);
}
static struct net_buf *rfcomm_make_uih_msg(struct bt_rfcomm_session *session,
uint8_t cr, uint8_t type,
uint8_t len)
{
struct bt_rfcomm_hdr *hdr;
struct bt_rfcomm_msg_hdr *msg_hdr;
struct net_buf *buf;
uint8_t hdr_cr;
buf = bt_l2cap_create_pdu(NULL, 0);
hdr = net_buf_add(buf, sizeof(*hdr));
hdr_cr = BT_RFCOMM_UIH_CR(session->role);
hdr->address = BT_RFCOMM_SET_ADDR(0, hdr_cr);
hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_UIH, BT_RFCOMM_PF_UIH);
hdr->length = BT_RFCOMM_SET_LEN_8(sizeof(*msg_hdr) + len);
msg_hdr = net_buf_add(buf, sizeof(*msg_hdr));
msg_hdr->type = BT_RFCOMM_SET_MSG_TYPE(type, cr);
msg_hdr->len = BT_RFCOMM_SET_LEN_8(len);
return buf;
}
static void rfcomm_connected(struct bt_l2cap_chan *chan)
{
struct bt_rfcomm_session *session = RFCOMM_SESSION(chan);
BT_DBG("Session %p", session);
/* Need to include UIH header and FCS*/
session->mtu = MIN(session->br_chan.rx.mtu,
session->br_chan.tx.mtu) -
BT_RFCOMM_HDR_SIZE + BT_RFCOMM_FCS_SIZE;
if (session->state == BT_RFCOMM_STATE_CONNECTING) {
rfcomm_send_sabm(session, 0);
}
}
static void rfcomm_disconnected(struct bt_l2cap_chan *chan)
{
struct bt_rfcomm_session *session = RFCOMM_SESSION(chan);
BT_DBG("Session %p", session);
k_work_cancel_delayable(&session->rtx_work);
rfcomm_session_disconnected(session);
session->state = BT_RFCOMM_STATE_IDLE;
}
static void rfcomm_dlc_rtx_timeout(struct k_work *work)
{
struct bt_rfcomm_dlc *dlc = DLC_RTX(work);
struct bt_rfcomm_session *session = dlc->session;
BT_WARN("dlc %p state %d timeout", dlc, dlc->state);
rfcomm_dlcs_remove_dlci(session->dlcs, dlc->dlci);
rfcomm_dlc_disconnect(dlc);
rfcomm_session_disconnect(session);
}
static void rfcomm_dlc_init(struct bt_rfcomm_dlc *dlc,
struct bt_rfcomm_session *session,
uint8_t dlci,
bt_rfcomm_role_t role)
{
BT_DBG("dlc %p", dlc);
dlc->dlci = dlci;
dlc->session = session;
dlc->rx_credit = RFCOMM_DEFAULT_CREDIT;
dlc->state = BT_RFCOMM_STATE_INIT;
dlc->role = role;
k_work_init_delayable(&dlc->rtx_work, rfcomm_dlc_rtx_timeout);
/* Start a conn timer which includes auth as well */
k_work_schedule(&dlc->rtx_work, RFCOMM_CONN_TIMEOUT);
dlc->_next = session->dlcs;
session->dlcs = dlc;
}
static struct bt_rfcomm_dlc *rfcomm_dlc_accept(struct bt_rfcomm_session *session,
uint8_t dlci)
{
struct bt_rfcomm_server *server;
struct bt_rfcomm_dlc *dlc;
uint8_t channel;
channel = BT_RFCOMM_GET_CHANNEL(dlci);
server = rfcomm_server_lookup_channel(channel);
if (!server) {
BT_ERR("Server Channel not registered");
return NULL;
}
if (server->accept(session->br_chan.chan.conn, &dlc) < 0) {
BT_DBG("Incoming connection rejected");
return NULL;
}
if (!BT_RFCOMM_CHECK_MTU(dlc->mtu)) {
rfcomm_dlc_destroy(dlc);
return NULL;
}
rfcomm_dlc_init(dlc, session, dlci, BT_RFCOMM_ROLE_ACCEPTOR);
dlc->mtu = MIN(dlc->mtu, session->mtu);
return dlc;
}
static int rfcomm_send_dm(struct bt_rfcomm_session *session, uint8_t dlci)
{
struct bt_rfcomm_hdr *hdr;
struct net_buf *buf;
uint8_t fcs, cr;
BT_DBG("dlci %d", dlci);
buf = bt_l2cap_create_pdu(NULL, 0);
hdr = net_buf_add(buf, sizeof(*hdr));
cr = BT_RFCOMM_RESP_CR(session->role);
hdr->address = BT_RFCOMM_SET_ADDR(dlci, cr);
/* For DM PF bit is not relevant, we set it 1 */
hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_DM, BT_RFCOMM_PF_NON_UIH);
hdr->length = BT_RFCOMM_SET_LEN_8(0);
fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_NON_UIH, buf->data);
net_buf_add_u8(buf, fcs);
return rfcomm_send(session, buf);
}
static void rfcomm_check_fc(struct bt_rfcomm_dlc *dlc)
{
BT_DBG("%p", dlc);
BT_DBG("Wait for credits or MSC FC %p", dlc);
/* Wait for credits or MSC FC */
k_sem_take(&dlc->tx_credits, K_FOREVER);
if (dlc->session->cfc == BT_RFCOMM_CFC_SUPPORTED) {
return;
}
k_sem_take(&dlc->session->fc, K_FOREVER);
/* Give the sems immediately so that sem will be available for all
* the bufs in the queue. It will be blocked only once all the bufs
* are sent (which will preempt this thread) and FCOFF / FC bit
* with 1, is received.
*/
k_sem_give(&dlc->session->fc);
k_sem_give(&dlc->tx_credits);
}
static void rfcomm_dlc_tx_thread(void *p1, void *p2, void *p3)
{
struct bt_rfcomm_dlc *dlc = p1;
k_timeout_t timeout = K_FOREVER;
struct net_buf *buf;
BT_DBG("Started for dlc %p", dlc);
while (dlc->state == BT_RFCOMM_STATE_CONNECTED ||
dlc->state == BT_RFCOMM_STATE_USER_DISCONNECT) {
/* Get next packet for dlc */
BT_DBG("Wait for buf %p", dlc);
buf = net_buf_get(&dlc->tx_queue, timeout);
/* If its dummy buffer or non user disconnect then break */
if ((dlc->state != BT_RFCOMM_STATE_CONNECTED &&
dlc->state != BT_RFCOMM_STATE_USER_DISCONNECT) ||
!buf || !buf->len) {
if (buf) {
net_buf_unref(buf);
}
break;
}
rfcomm_check_fc(dlc);
if (dlc->state != BT_RFCOMM_STATE_CONNECTED &&
dlc->state != BT_RFCOMM_STATE_USER_DISCONNECT) {
net_buf_unref(buf);
break;
}
if (rfcomm_send(dlc->session, buf) < 0) {
/* This fails only if channel is disconnected */
dlc->state = BT_RFCOMM_STATE_DISCONNECTED;
break;
}
if (dlc->state == BT_RFCOMM_STATE_USER_DISCONNECT) {
timeout = K_NO_WAIT;
}
}
BT_DBG("dlc %p disconnected - cleaning up", dlc);
/* Give back any allocated buffers */
while ((buf = net_buf_get(&dlc->tx_queue, K_NO_WAIT))) {
net_buf_unref(buf);
}
if (dlc->state == BT_RFCOMM_STATE_USER_DISCONNECT) {
dlc->state = BT_RFCOMM_STATE_DISCONNECTING;
}
if (dlc->state == BT_RFCOMM_STATE_DISCONNECTING) {
rfcomm_send_disc(dlc->session, dlc->dlci);
k_work_reschedule(&dlc->rtx_work, RFCOMM_DISC_TIMEOUT);
} else {
rfcomm_dlc_destroy(dlc);
}
BT_DBG("dlc %p exiting", dlc);
}
static int rfcomm_send_ua(struct bt_rfcomm_session *session, uint8_t dlci)
{
struct bt_rfcomm_hdr *hdr;
struct net_buf *buf;
uint8_t cr, fcs;
buf = bt_l2cap_create_pdu(NULL, 0);
hdr = net_buf_add(buf, sizeof(*hdr));
cr = BT_RFCOMM_RESP_CR(session->role);
hdr->address = BT_RFCOMM_SET_ADDR(dlci, cr);
hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_UA, BT_RFCOMM_PF_NON_UIH);
hdr->length = BT_RFCOMM_SET_LEN_8(0);
fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_NON_UIH, buf->data);
net_buf_add_u8(buf, fcs);
return rfcomm_send(session, buf);
}
static int rfcomm_send_msc(struct bt_rfcomm_dlc *dlc, uint8_t cr,
uint8_t v24_signal)
{
struct bt_rfcomm_msc *msc;
struct net_buf *buf;
uint8_t fcs;
buf = rfcomm_make_uih_msg(dlc->session, cr, BT_RFCOMM_MSC,
sizeof(*msc));
msc = net_buf_add(buf, sizeof(*msc));
/* cr bit should be always 1 in MSC */
msc->dlci = BT_RFCOMM_SET_ADDR(dlc->dlci, 1);
msc->v24_signal = v24_signal;
fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
net_buf_add_u8(buf, fcs);
return rfcomm_send(dlc->session, buf);
}
static int rfcomm_send_rls(struct bt_rfcomm_dlc *dlc, uint8_t cr,
uint8_t line_status)
{
struct bt_rfcomm_rls *rls;
struct net_buf *buf;
uint8_t fcs;
buf = rfcomm_make_uih_msg(dlc->session, cr, BT_RFCOMM_RLS,
sizeof(*rls));
rls = net_buf_add(buf, sizeof(*rls));
/* cr bit should be always 1 in RLS */
rls->dlci = BT_RFCOMM_SET_ADDR(dlc->dlci, 1);
rls->line_status = line_status;
fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
net_buf_add_u8(buf, fcs);
return rfcomm_send(dlc->session, buf);
}
static int rfcomm_send_rpn(struct bt_rfcomm_session *session, uint8_t cr,
struct bt_rfcomm_rpn *rpn)
{
struct net_buf *buf;
uint8_t fcs;
buf = rfcomm_make_uih_msg(session, cr, BT_RFCOMM_RPN, sizeof(*rpn));
net_buf_add_mem(buf, rpn, sizeof(*rpn));
fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
net_buf_add_u8(buf, fcs);
return rfcomm_send(session, buf);
}
static int rfcomm_send_test(struct bt_rfcomm_session *session, uint8_t cr,
uint8_t *pattern, uint8_t len)
{
struct net_buf *buf;
uint8_t fcs;
buf = rfcomm_make_uih_msg(session, cr, BT_RFCOMM_TEST, len);
net_buf_add_mem(buf, pattern, len);
fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
net_buf_add_u8(buf, fcs);
return rfcomm_send(session, buf);
}
static int rfcomm_send_nsc(struct bt_rfcomm_session *session, uint8_t cmd_type)
{
struct net_buf *buf;
uint8_t fcs;
buf = rfcomm_make_uih_msg(session, BT_RFCOMM_MSG_RESP_CR,
BT_RFCOMM_NSC, sizeof(cmd_type));
net_buf_add_u8(buf, cmd_type);
fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
net_buf_add_u8(buf, fcs);
return rfcomm_send(session, buf);
}
static int rfcomm_send_fcon(struct bt_rfcomm_session *session, uint8_t cr)
{
struct net_buf *buf;
uint8_t fcs;
buf = rfcomm_make_uih_msg(session, cr, BT_RFCOMM_FCON, 0);
fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
net_buf_add_u8(buf, fcs);
return rfcomm_send(session, buf);
}
static int rfcomm_send_fcoff(struct bt_rfcomm_session *session, uint8_t cr)
{
struct net_buf *buf;
uint8_t fcs;
buf = rfcomm_make_uih_msg(session, cr, BT_RFCOMM_FCOFF, 0);
fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
net_buf_add_u8(buf, fcs);
return rfcomm_send(session, buf);
}
static void rfcomm_dlc_connected(struct bt_rfcomm_dlc *dlc)
{
dlc->state = BT_RFCOMM_STATE_CONNECTED;
rfcomm_send_msc(dlc, BT_RFCOMM_MSG_CMD_CR, BT_RFCOMM_DEFAULT_V24_SIG);
if (dlc->session->cfc == BT_RFCOMM_CFC_UNKNOWN) {
/* This means PN negotiation is not done for this session and
* can happen only for 1.0b device.
*/
dlc->session->cfc = BT_RFCOMM_CFC_NOT_SUPPORTED;
}
if (dlc->session->cfc == BT_RFCOMM_CFC_NOT_SUPPORTED) {
BT_DBG("CFC not supported %p", dlc);
rfcomm_send_fcon(dlc->session, BT_RFCOMM_MSG_CMD_CR);
/* Use tx_credits as binary sem for MSC FC */
k_sem_init(&dlc->tx_credits, 0, 1);
}
/* Cancel conn timer */
k_work_cancel_delayable(&dlc->rtx_work);
k_fifo_init(&dlc->tx_queue);
k_thread_create(&dlc->tx_thread, dlc->stack,
K_KERNEL_STACK_SIZEOF(dlc->stack),
rfcomm_dlc_tx_thread, dlc, NULL, NULL, K_PRIO_COOP(7),
0, K_NO_WAIT);
k_thread_name_set(&dlc->tx_thread, "BT DLC");
if (dlc->ops && dlc->ops->connected) {
dlc->ops->connected(dlc);
}
}
enum security_result {
RFCOMM_SECURITY_PASSED,
RFCOMM_SECURITY_REJECT,
RFCOMM_SECURITY_PENDING
};
static enum security_result rfcomm_dlc_security(struct bt_rfcomm_dlc *dlc)
{
struct bt_conn *conn = dlc->session->br_chan.chan.conn;
BT_DBG("dlc %p", dlc);
/* If current security level is greater than or equal to required
* security level then return SUCCESS.
* For SSP devices the current security will be at least MEDIUM
* since L2CAP is enforcing it
*/
if (conn->sec_level >= dlc->required_sec_level) {
return RFCOMM_SECURITY_PASSED;
}
if (!bt_conn_set_security(conn, dlc->required_sec_level)) {
/* If Security elevation is initiated or in progress */
return RFCOMM_SECURITY_PENDING;
}
/* Security request failed */
return RFCOMM_SECURITY_REJECT;
}
static void rfcomm_dlc_drop(struct bt_rfcomm_dlc *dlc)
{
BT_DBG("dlc %p", dlc);
rfcomm_dlcs_remove_dlci(dlc->session->dlcs, dlc->dlci);
rfcomm_dlc_destroy(dlc);
}
static int rfcomm_dlc_close(struct bt_rfcomm_dlc *dlc)
{
BT_DBG("dlc %p", dlc);
switch (dlc->state) {
case BT_RFCOMM_STATE_SECURITY_PENDING:
if (dlc->role == BT_RFCOMM_ROLE_ACCEPTOR) {
rfcomm_send_dm(dlc->session, dlc->dlci);
}
__fallthrough;
case BT_RFCOMM_STATE_INIT:
rfcomm_dlc_drop(dlc);
break;
case BT_RFCOMM_STATE_CONNECTING:
case BT_RFCOMM_STATE_CONFIG:
dlc->state = BT_RFCOMM_STATE_DISCONNECTING;
rfcomm_send_disc(dlc->session, dlc->dlci);
k_work_reschedule(&dlc->rtx_work, RFCOMM_DISC_TIMEOUT);
break;
case BT_RFCOMM_STATE_CONNECTED:
dlc->state = BT_RFCOMM_STATE_DISCONNECTING;
/* Queue a dummy buffer to wake up and stop the
* tx thread.
*/
net_buf_put(&dlc->tx_queue,
net_buf_alloc(&dummy_pool, K_NO_WAIT));
/* There could be a writer waiting for credits so return a
* dummy credit to wake it up.
*/
rfcomm_dlc_tx_give_credits(dlc, 1);
break;
case BT_RFCOMM_STATE_DISCONNECTING:
case BT_RFCOMM_STATE_DISCONNECTED:
break;
case BT_RFCOMM_STATE_IDLE:
default:
return -EINVAL;
}
return 0;
}
static void rfcomm_handle_sabm(struct bt_rfcomm_session *session, uint8_t dlci)
{
if (!dlci) {
if (rfcomm_send_ua(session, dlci) < 0) {
return;
}
session->state = BT_RFCOMM_STATE_CONNECTED;
} else {
struct bt_rfcomm_dlc *dlc;
enum security_result result;
dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
if (!dlc) {
dlc = rfcomm_dlc_accept(session, dlci);
if (!dlc) {
rfcomm_send_dm(session, dlci);
return;
}
}
result = rfcomm_dlc_security(dlc);
switch (result) {
case RFCOMM_SECURITY_PENDING:
dlc->state = BT_RFCOMM_STATE_SECURITY_PENDING;
return;
case RFCOMM_SECURITY_PASSED:
break;
case RFCOMM_SECURITY_REJECT:
default:
rfcomm_send_dm(session, dlci);
rfcomm_dlc_drop(dlc);
return;
}
if (rfcomm_send_ua(session, dlci) < 0) {
return;
}
/* Cancel idle timer if any */
k_work_cancel_delayable(&session->rtx_work);
rfcomm_dlc_connected(dlc);
}
}
static int rfcomm_send_pn(struct bt_rfcomm_dlc *dlc, uint8_t cr)
{
struct bt_rfcomm_pn *pn;
struct net_buf *buf;
uint8_t fcs;
buf = rfcomm_make_uih_msg(dlc->session, cr, BT_RFCOMM_PN, sizeof(*pn));
BT_DBG("mtu %x", dlc->mtu);
pn = net_buf_add(buf, sizeof(*pn));
pn->dlci = dlc->dlci;
pn->mtu = sys_cpu_to_le16(dlc->mtu);
if (dlc->state == BT_RFCOMM_STATE_CONFIG &&
(dlc->session->cfc == BT_RFCOMM_CFC_UNKNOWN ||
dlc->session->cfc == BT_RFCOMM_CFC_SUPPORTED)) {
pn->credits = dlc->rx_credit;
if (cr) {
pn->flow_ctrl = BT_RFCOMM_PN_CFC_CMD;
} else {
pn->flow_ctrl = BT_RFCOMM_PN_CFC_RESP;
}
} else {
/* If PN comes in already opened dlc or cfc not supported
* these should be 0
*/
pn->credits = 0U;
pn->flow_ctrl = 0U;
}
pn->max_retrans = 0U;
pn->ack_timer = 0U;
pn->priority = 0U;
fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
net_buf_add_u8(buf, fcs);
return rfcomm_send(dlc->session, buf);
}
static int rfcomm_send_credit(struct bt_rfcomm_dlc *dlc, uint8_t credits)
{
struct bt_rfcomm_hdr *hdr;
struct net_buf *buf;
uint8_t fcs, cr;
BT_DBG("Dlc %p credits %d", dlc, credits);
buf = bt_l2cap_create_pdu(NULL, 0);
hdr = net_buf_add(buf, sizeof(*hdr));
cr = BT_RFCOMM_UIH_CR(dlc->session->role);
hdr->address = BT_RFCOMM_SET_ADDR(dlc->dlci, cr);
hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_UIH,
BT_RFCOMM_PF_UIH_CREDIT);
hdr->length = BT_RFCOMM_SET_LEN_8(0);
net_buf_add_u8(buf, credits);
fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
net_buf_add_u8(buf, fcs);
return rfcomm_send(dlc->session, buf);
}
static int rfcomm_dlc_start(struct bt_rfcomm_dlc *dlc)
{
enum security_result result;
BT_DBG("dlc %p", dlc);
result = rfcomm_dlc_security(dlc);
switch (result) {
case RFCOMM_SECURITY_PASSED:
dlc->mtu = MIN(dlc->mtu, dlc->session->mtu);
dlc->state = BT_RFCOMM_STATE_CONFIG;
rfcomm_send_pn(dlc, BT_RFCOMM_MSG_CMD_CR);
break;
case RFCOMM_SECURITY_PENDING:
dlc->state = BT_RFCOMM_STATE_SECURITY_PENDING;
break;
case RFCOMM_SECURITY_REJECT:
default:
return -EIO;
}
return 0;
}
static void rfcomm_handle_ua(struct bt_rfcomm_session *session, uint8_t dlci)
{
struct bt_rfcomm_dlc *dlc, *next;
int err;
if (!dlci) {
switch (session->state) {
case BT_RFCOMM_STATE_CONNECTING:
session->state = BT_RFCOMM_STATE_CONNECTED;
for (dlc = session->dlcs; dlc; dlc = next) {
next = dlc->_next;
if (dlc->role == BT_RFCOMM_ROLE_INITIATOR &&
dlc->state == BT_RFCOMM_STATE_INIT) {
if (rfcomm_dlc_start(dlc) < 0) {
rfcomm_dlc_drop(dlc);
}
}
}
/* Disconnect session if there is no dlcs left */
rfcomm_session_disconnect(session);
break;
case BT_RFCOMM_STATE_DISCONNECTING:
session->state = BT_RFCOMM_STATE_DISCONNECTED;
/* Cancel disc timer */
k_work_cancel_delayable(&session->rtx_work);
err = bt_l2cap_chan_disconnect(&session->br_chan.chan);
if (err < 0) {
session->state = BT_RFCOMM_STATE_IDLE;
}
break;
default:
break;
}
} else {
dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
if (!dlc) {
return;
}
switch (dlc->state) {
case BT_RFCOMM_STATE_CONNECTING:
rfcomm_dlc_connected(dlc);
break;
case BT_RFCOMM_STATE_DISCONNECTING:
rfcomm_dlc_drop(dlc);
rfcomm_session_disconnect(session);
break;
default:
break;
}
}
}
static void rfcomm_handle_dm(struct bt_rfcomm_session *session, uint8_t dlci)
{
struct bt_rfcomm_dlc *dlc;
BT_DBG("dlci %d", dlci);
dlc = rfcomm_dlcs_remove_dlci(session->dlcs, dlci);
if (!dlc) {
return;
}
rfcomm_dlc_disconnect(dlc);
rfcomm_session_disconnect(session);
}
static void rfcomm_handle_msc(struct bt_rfcomm_session *session,
struct net_buf *buf, uint8_t cr)
{
struct bt_rfcomm_msc *msc = (void *)buf->data;
struct bt_rfcomm_dlc *dlc;
uint8_t dlci = BT_RFCOMM_GET_DLCI(msc->dlci);
BT_DBG("dlci %d", dlci);
dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
if (!dlc) {
return;
}
if (cr == BT_RFCOMM_MSG_RESP_CR) {
return;
}
if (dlc->session->cfc == BT_RFCOMM_CFC_NOT_SUPPORTED) {
/* Only FC bit affects the flow on RFCOMM level */
if (BT_RFCOMM_GET_FC(msc->v24_signal)) {
/* If FC bit is 1 the device is unable to accept frames.
* Take the semaphore with timeout K_NO_WAIT so that
* dlc thread will be blocked when it tries sem_take
* before sending the data. K_NO_WAIT timeout will make
* sure that RX thread will not be blocked while taking
* the semaphore.
*/
k_sem_take(&dlc->tx_credits, K_NO_WAIT);
} else {
/* Give the sem so that it will unblock the waiting dlc
* thread in sem_take().
*/
k_sem_give(&dlc->tx_credits);
}
}
rfcomm_send_msc(dlc, BT_RFCOMM_MSG_RESP_CR, msc->v24_signal);
}
static void rfcomm_handle_rls(struct bt_rfcomm_session *session,
struct net_buf *buf, uint8_t cr)
{
struct bt_rfcomm_rls *rls = (void *)buf->data;
uint8_t dlci = BT_RFCOMM_GET_DLCI(rls->dlci);
struct bt_rfcomm_dlc *dlc;
BT_DBG("dlci %d", dlci);
if (!cr) {
/* Ignore if its a response */
return;
}
dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
if (!dlc) {
return;
}
/* As per the ETSI same line status has to returned in the response */
rfcomm_send_rls(dlc, BT_RFCOMM_MSG_RESP_CR, rls->line_status);
}
static void rfcomm_handle_rpn(struct bt_rfcomm_session *session,
struct net_buf *buf, uint8_t cr)
{
struct bt_rfcomm_rpn default_rpn, *rpn = (void *)buf->data;
uint8_t dlci = BT_RFCOMM_GET_DLCI(rpn->dlci);
uint8_t data_bits, stop_bits, parity_bits;
/* Exclude fcs to get number of value bytes */
uint8_t value_len = buf->len - 1;
BT_DBG("dlci %d", dlci);
if (!cr) {
/* Ignore if its a response */
return;
}
if (value_len == sizeof(*rpn)) {
/* Accept all the values proposed by the sender */
rpn->param_mask = sys_cpu_to_le16(BT_RFCOMM_RPN_PARAM_MASK_ALL);
rfcomm_send_rpn(session, BT_RFCOMM_MSG_RESP_CR, rpn);
return;
}
if (value_len != 1U) {
return;
}
/* If only one value byte then current port settings has to be returned
* We will send default values
*/
default_rpn.dlci = BT_RFCOMM_SET_ADDR(dlci, 1);
default_rpn.baud_rate = BT_RFCOMM_RPN_BAUD_RATE_9600;
default_rpn.flow_control = BT_RFCOMM_RPN_FLOW_NONE;
default_rpn.xoff_char = BT_RFCOMM_RPN_XOFF_CHAR;
default_rpn.xon_char = BT_RFCOMM_RPN_XON_CHAR;
data_bits = BT_RFCOMM_RPN_DATA_BITS_8;
stop_bits = BT_RFCOMM_RPN_STOP_BITS_1;
parity_bits = BT_RFCOMM_RPN_PARITY_NONE;
default_rpn.line_settings = BT_RFCOMM_SET_LINE_SETTINGS(data_bits,
stop_bits,
parity_bits);
default_rpn.param_mask = sys_cpu_to_le16(BT_RFCOMM_RPN_PARAM_MASK_ALL);
rfcomm_send_rpn(session, BT_RFCOMM_MSG_RESP_CR, &default_rpn);
}
static void rfcomm_handle_pn(struct bt_rfcomm_session *session,
struct net_buf *buf, uint8_t cr)
{
struct bt_rfcomm_pn *pn = (void *)buf->data;
struct bt_rfcomm_dlc *dlc;
dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, pn->dlci);
if (!dlc) {
/* Ignore if it is a response */
if (!cr) {
return;
}
if (!BT_RFCOMM_CHECK_MTU(pn->mtu)) {
BT_ERR("Invalid mtu %d", pn->mtu);
rfcomm_send_dm(session, pn->dlci);
return;
}
dlc = rfcomm_dlc_accept(session, pn->dlci);
if (!dlc) {
rfcomm_send_dm(session, pn->dlci);
return;
}
BT_DBG("Incoming connection accepted dlc %p", dlc);
dlc->mtu = MIN(dlc->mtu, sys_le16_to_cpu(pn->mtu));
if (pn->flow_ctrl == BT_RFCOMM_PN_CFC_CMD) {
if (session->cfc == BT_RFCOMM_CFC_UNKNOWN) {
session->cfc = BT_RFCOMM_CFC_SUPPORTED;
}
k_sem_init(&dlc->tx_credits, 0, K_SEM_MAX_LIMIT);
rfcomm_dlc_tx_give_credits(dlc, pn->credits);
} else {
session->cfc = BT_RFCOMM_CFC_NOT_SUPPORTED;
}
dlc->state = BT_RFCOMM_STATE_CONFIG;
rfcomm_send_pn(dlc, BT_RFCOMM_MSG_RESP_CR);
/* Cancel idle timer if any */
k_work_cancel_delayable(&session->rtx_work);
} else {
/* If its a command */
if (cr) {
if (!BT_RFCOMM_CHECK_MTU(pn->mtu)) {
BT_ERR("Invalid mtu %d", pn->mtu);
rfcomm_dlc_close(dlc);
return;
}
dlc->mtu = MIN(dlc->mtu, sys_le16_to_cpu(pn->mtu));
rfcomm_send_pn(dlc, BT_RFCOMM_MSG_RESP_CR);
} else {
if (dlc->state != BT_RFCOMM_STATE_CONFIG) {
return;
}
dlc->mtu = MIN(dlc->mtu, sys_le16_to_cpu(pn->mtu));
if (pn->flow_ctrl == BT_RFCOMM_PN_CFC_RESP) {
if (session->cfc == BT_RFCOMM_CFC_UNKNOWN) {
session->cfc = BT_RFCOMM_CFC_SUPPORTED;
}
k_sem_init(&dlc->tx_credits, 0, K_SEM_MAX_LIMIT);
rfcomm_dlc_tx_give_credits(dlc, pn->credits);
} else {
session->cfc = BT_RFCOMM_CFC_NOT_SUPPORTED;
}
dlc->state = BT_RFCOMM_STATE_CONNECTING;
rfcomm_send_sabm(session, dlc->dlci);
}
}
}
static void rfcomm_handle_disc(struct bt_rfcomm_session *session, uint8_t dlci)
{
struct bt_rfcomm_dlc *dlc;
BT_DBG("Dlci %d", dlci);
if (dlci) {
dlc = rfcomm_dlcs_remove_dlci(session->dlcs, dlci);
if (!dlc) {
rfcomm_send_dm(session, dlci);
return;
}
rfcomm_send_ua(session, dlci);
rfcomm_dlc_disconnect(dlc);
if (!session->dlcs) {
/* Start a session idle timer */
k_work_reschedule(&dlc->session->rtx_work,
RFCOMM_IDLE_TIMEOUT);
}
} else {
/* Cancel idle timer */
k_work_cancel_delayable(&session->rtx_work);
rfcomm_send_ua(session, 0);
rfcomm_session_disconnected(session);
}
}
static void rfcomm_handle_msg(struct bt_rfcomm_session *session,
struct net_buf *buf)
{
struct bt_rfcomm_msg_hdr *hdr;
uint8_t msg_type, len, cr;
if (buf->len < sizeof(*hdr)) {
BT_ERR("Too small RFCOMM message");
return;
}
hdr = net_buf_pull_mem(buf, sizeof(*hdr));
msg_type = BT_RFCOMM_GET_MSG_TYPE(hdr->type);
cr = BT_RFCOMM_GET_MSG_CR(hdr->type);
len = BT_RFCOMM_GET_LEN(hdr->len);
BT_DBG("msg type %x cr %x", msg_type, cr);
switch (msg_type) {
case BT_RFCOMM_PN:
rfcomm_handle_pn(session, buf, cr);
break;
case BT_RFCOMM_MSC:
rfcomm_handle_msc(session, buf, cr);
break;
case BT_RFCOMM_RLS:
rfcomm_handle_rls(session, buf, cr);
break;
case BT_RFCOMM_RPN:
rfcomm_handle_rpn(session, buf, cr);
break;
case BT_RFCOMM_TEST:
if (!cr) {
break;
}
rfcomm_send_test(session, BT_RFCOMM_MSG_RESP_CR, buf->data,
buf->len - 1);
break;
case BT_RFCOMM_FCON:
if (session->cfc == BT_RFCOMM_CFC_SUPPORTED) {
BT_ERR("FCON received when CFC is supported ");
return;
}
if (!cr) {
break;
}
/* Give the sem so that it will unblock the waiting dlc threads
* of this session in sem_take().
*/
k_sem_give(&session->fc);
rfcomm_send_fcon(session, BT_RFCOMM_MSG_RESP_CR);
break;
case BT_RFCOMM_FCOFF:
if (session->cfc == BT_RFCOMM_CFC_SUPPORTED) {
BT_ERR("FCOFF received when CFC is supported ");
return;
}
if (!cr) {
break;
}
/* Take the semaphore with timeout K_NO_WAIT so that all the
* dlc threads in this session will be blocked when it tries
* sem_take before sending the data. K_NO_WAIT timeout will
* make sure that RX thread will not be blocked while taking
* the semaphore.
*/
k_sem_take(&session->fc, K_NO_WAIT);
rfcomm_send_fcoff(session, BT_RFCOMM_MSG_RESP_CR);
break;
default:
BT_WARN("Unknown/Unsupported RFCOMM Msg type 0x%02x", msg_type);
rfcomm_send_nsc(session, hdr->type);
break;
}
}
static void rfcomm_dlc_update_credits(struct bt_rfcomm_dlc *dlc)
{
uint8_t credits;
if (dlc->session->cfc == BT_RFCOMM_CFC_NOT_SUPPORTED) {
return;
}
BT_DBG("dlc %p credits %u", dlc, dlc->rx_credit);
/* Only give more credits if it went below the defined threshold */
if (dlc->rx_credit > RFCOMM_CREDITS_THRESHOLD) {
return;
}
/* Restore credits */
credits = RFCOMM_MAX_CREDITS - dlc->rx_credit;
dlc->rx_credit += credits;
rfcomm_send_credit(dlc, credits);
}
static void rfcomm_handle_data(struct bt_rfcomm_session *session,
struct net_buf *buf, uint8_t dlci, uint8_t pf)
{
struct bt_rfcomm_dlc *dlc;
BT_DBG("dlci %d, pf %d", dlci, pf);
dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
if (!dlc) {
BT_ERR("Data recvd in non existing DLC");
rfcomm_send_dm(session, dlci);
return;
}
BT_DBG("dlc %p rx credit %d", dlc, dlc->rx_credit);
if (dlc->state != BT_RFCOMM_STATE_CONNECTED) {
return;
}
if (pf == BT_RFCOMM_PF_UIH_CREDIT) {
rfcomm_dlc_tx_give_credits(dlc, net_buf_pull_u8(buf));
}
if (buf->len > BT_RFCOMM_FCS_SIZE) {
if (dlc->session->cfc == BT_RFCOMM_CFC_SUPPORTED &&
!dlc->rx_credit) {
BT_ERR("Data recvd when rx credit is 0");
rfcomm_dlc_close(dlc);
return;
}
/* Remove FCS */
buf->len -= BT_RFCOMM_FCS_SIZE;
if (dlc->ops && dlc->ops->recv) {
dlc->ops->recv(dlc, buf);
}
dlc->rx_credit--;
rfcomm_dlc_update_credits(dlc);
}
}
int bt_rfcomm_dlc_send(struct bt_rfcomm_dlc *dlc, struct net_buf *buf)
{
uint8_t fcs, cr;
if (!buf) {
return -EINVAL;
}
BT_DBG("dlc %p tx credit %d", dlc, k_sem_count_get(&dlc->tx_credits));
if (dlc->state != BT_RFCOMM_STATE_CONNECTED) {
return -ENOTCONN;
}
if (buf->len > dlc->mtu) {
return -EMSGSIZE;
}
/* length */
if (buf->len > BT_RFCOMM_MAX_LEN_8) {
/* Length is 2 byte */
net_buf_push_le16(buf, BT_RFCOMM_SET_LEN_16(buf->len));
} else {
net_buf_push_u8(buf, BT_RFCOMM_SET_LEN_8(buf->len));
}
/* control */
net_buf_push_u8(buf, BT_RFCOMM_SET_CTRL(BT_RFCOMM_UIH,
BT_RFCOMM_PF_UIH_NO_CREDIT));
/* address */
cr = BT_RFCOMM_UIH_CR(dlc->session->role);
net_buf_push_u8(buf, BT_RFCOMM_SET_ADDR(dlc->dlci, cr));
fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
net_buf_add_u8(buf, fcs);
net_buf_put(&dlc->tx_queue, buf);
return buf->len;
}
static int rfcomm_recv(struct bt_l2cap_chan *chan, struct net_buf *buf)
{
struct bt_rfcomm_session *session = RFCOMM_SESSION(chan);
struct bt_rfcomm_hdr *hdr = (void *)buf->data;
uint8_t dlci, frame_type, fcs, fcs_len;
/* Need to consider FCS also*/
if (buf->len < (sizeof(*hdr) + 1)) {
BT_ERR("Too small RFCOMM Frame");
return 0;
}
dlci = BT_RFCOMM_GET_DLCI(hdr->address);
frame_type = BT_RFCOMM_GET_FRAME_TYPE(hdr->control);
BT_DBG("session %p dlci %x type %x", session, dlci, frame_type);
fcs_len = (frame_type == BT_RFCOMM_UIH) ? BT_RFCOMM_FCS_LEN_UIH :
BT_RFCOMM_FCS_LEN_NON_UIH;
fcs = *(net_buf_tail(buf) - 1);
if (!rfcomm_check_fcs(fcs_len, buf->data, fcs)) {
BT_ERR("FCS check failed");
return 0;
}
if (BT_RFCOMM_LEN_EXTENDED(hdr->length)) {
net_buf_pull(buf, sizeof(*hdr) + 1);
} else {
net_buf_pull(buf, sizeof(*hdr));
}
switch (frame_type) {
case BT_RFCOMM_SABM:
rfcomm_handle_sabm(session, dlci);
break;
case BT_RFCOMM_UIH:
if (!dlci) {
rfcomm_handle_msg(session, buf);
} else {
rfcomm_handle_data(session, buf, dlci,
BT_RFCOMM_GET_PF(hdr->control));
}
break;
case BT_RFCOMM_DISC:
rfcomm_handle_disc(session, dlci);
break;
case BT_RFCOMM_UA:
rfcomm_handle_ua(session, dlci);
break;
case BT_RFCOMM_DM:
rfcomm_handle_dm(session, dlci);
break;
default:
BT_WARN("Unknown/Unsupported RFCOMM Frame type 0x%02x",
frame_type);
break;
}
return 0;
}
static void rfcomm_encrypt_change(struct bt_l2cap_chan *chan,
uint8_t hci_status)
{
struct bt_rfcomm_session *session = RFCOMM_SESSION(chan);
struct bt_conn *conn = chan->conn;
struct bt_rfcomm_dlc *dlc, *next;
BT_DBG("session %p status 0x%02x encr 0x%02x", session, hci_status,
conn->encrypt);
for (dlc = session->dlcs; dlc; dlc = next) {
next = dlc->_next;
if (dlc->state != BT_RFCOMM_STATE_SECURITY_PENDING) {
continue;
}
if (hci_status || !conn->encrypt ||
conn->sec_level < dlc->required_sec_level) {
rfcomm_dlc_close(dlc);
continue;
}
if (dlc->role == BT_RFCOMM_ROLE_ACCEPTOR) {
rfcomm_send_ua(session, dlc->dlci);
rfcomm_dlc_connected(dlc);
} else {
dlc->mtu = MIN(dlc->mtu, session->mtu);
dlc->state = BT_RFCOMM_STATE_CONFIG;
rfcomm_send_pn(dlc, BT_RFCOMM_MSG_CMD_CR);
}
}
}
static void rfcomm_session_rtx_timeout(struct k_work *work)
{
struct bt_rfcomm_session *session = SESSION_RTX(work);
BT_WARN("session %p state %d timeout", session, session->state);
switch (session->state) {
case BT_RFCOMM_STATE_CONNECTED:
rfcomm_session_disconnect(session);
break;
case BT_RFCOMM_STATE_DISCONNECTING:
session->state = BT_RFCOMM_STATE_DISCONNECTED;
if (bt_l2cap_chan_disconnect(&session->br_chan.chan) < 0) {
session->state = BT_RFCOMM_STATE_IDLE;
}
break;
}
}
static struct bt_rfcomm_session *rfcomm_session_new(bt_rfcomm_role_t role)
{
int i;
static const struct bt_l2cap_chan_ops ops = {
.connected = rfcomm_connected,
.disconnected = rfcomm_disconnected,
.recv = rfcomm_recv,
.encrypt_change = rfcomm_encrypt_change,
};
for (i = 0; i < ARRAY_SIZE(bt_rfcomm_pool); i++) {
struct bt_rfcomm_session *session = &bt_rfcomm_pool[i];
if (session->br_chan.chan.conn) {
continue;
}
BT_DBG("session %p initialized", session);
session->br_chan.chan.ops = &ops;
session->br_chan.rx.mtu = CONFIG_BT_RFCOMM_L2CAP_MTU;
session->state = BT_RFCOMM_STATE_INIT;
session->role = role;
session->cfc = BT_RFCOMM_CFC_UNKNOWN;
k_work_init_delayable(&session->rtx_work,
rfcomm_session_rtx_timeout);
k_sem_init(&session->fc, 0, 1);
return session;
}
return NULL;
}
int bt_rfcomm_dlc_connect(struct bt_conn *conn, struct bt_rfcomm_dlc *dlc,
uint8_t channel)
{
struct bt_rfcomm_session *session;
struct bt_l2cap_chan *chan;
uint8_t dlci;
int ret;
BT_DBG("conn %p dlc %p channel %d", conn, dlc, channel);
if (!dlc) {
return -EINVAL;
}
if (!conn || conn->state != BT_CONN_CONNECTED) {
return -ENOTCONN;
}
if (channel < RFCOMM_CHANNEL_START || channel > RFCOMM_CHANNEL_END) {
return -EINVAL;
}
if (!BT_RFCOMM_CHECK_MTU(dlc->mtu)) {
return -EINVAL;
}
session = rfcomm_sessions_lookup_bt_conn(conn);
if (!session) {
session = rfcomm_session_new(BT_RFCOMM_ROLE_INITIATOR);
if (!session) {
return -ENOMEM;
}
}
dlci = BT_RFCOMM_DLCI(session->role, channel);
if (rfcomm_dlcs_lookup_dlci(session->dlcs, dlci)) {
return -EBUSY;
}
rfcomm_dlc_init(dlc, session, dlci, BT_RFCOMM_ROLE_INITIATOR);
switch (session->state) {
case BT_RFCOMM_STATE_INIT:
if (session->role == BT_RFCOMM_ROLE_ACCEPTOR) {
/* There is an ongoing incoming conn */
break;
}
chan = &session->br_chan.chan;
BR_CHAN(chan)->required_sec_level = dlc->required_sec_level;
ret = bt_l2cap_chan_connect(conn, chan, BT_L2CAP_PSM_RFCOMM);
if (ret < 0) {
session->state = BT_RFCOMM_STATE_IDLE;
goto fail;
}
session->state = BT_RFCOMM_STATE_CONNECTING;
break;
case BT_RFCOMM_STATE_CONNECTING:
break;
case BT_RFCOMM_STATE_CONNECTED:
ret = rfcomm_dlc_start(dlc);
if (ret < 0) {
goto fail;
}
/* Cancel idle timer if any */
k_work_cancel_delayable(&session->rtx_work);
break;
default:
BT_ERR("Invalid session state %d", session->state);
ret = -EINVAL;
goto fail;
}
return 0;
fail:
rfcomm_dlcs_remove_dlci(session->dlcs, dlc->dlci);
dlc->state = BT_RFCOMM_STATE_IDLE;
dlc->session = NULL;
return ret;
}
int bt_rfcomm_dlc_disconnect(struct bt_rfcomm_dlc *dlc)
{
BT_DBG("dlc %p", dlc);
if (!dlc) {
return -EINVAL;
}
if (dlc->state == BT_RFCOMM_STATE_CONNECTED) {
/* This is to handle user initiated disconnect to send pending
* bufs in the queue before disconnecting
* Queue a dummy buffer (in case if queue is empty) to wake up
* and stop the tx thread.
*/
dlc->state = BT_RFCOMM_STATE_USER_DISCONNECT;
net_buf_put(&dlc->tx_queue,
net_buf_alloc(&dummy_pool, K_NO_WAIT));
k_work_reschedule(&dlc->rtx_work, RFCOMM_DISC_TIMEOUT);
return 0;
}
return rfcomm_dlc_close(dlc);
}
static int rfcomm_accept(struct bt_conn *conn, struct bt_l2cap_chan **chan)
{
struct bt_rfcomm_session *session;
BT_DBG("conn %p", conn);
session = rfcomm_session_new(BT_RFCOMM_ROLE_ACCEPTOR);
if (session) {
*chan = &session->br_chan.chan;
return 0;
}
BT_ERR("No available RFCOMM context for conn %p", conn);
return -ENOMEM;
}
void bt_rfcomm_init(void)
{
static struct bt_l2cap_server server = {
.psm = BT_L2CAP_PSM_RFCOMM,
.accept = rfcomm_accept,
.sec_level = BT_SECURITY_L1,
};
bt_l2cap_br_server_register(&server);
}