普通文本  |  1170行  |  38.8 KB

/******************************************************************************
 *
 *  Copyright 2009-2013 Broadcom Corporation
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at:
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 ******************************************************************************/

#include <base/strings/stringprintf.h>
#include <string.h>
#include "bt_target.h"
#include "bt_utils.h"
#include "btm_int.h"
#include "btu.h"
#include "device/include/controller.h"
#include "gap_api.h"
#include "l2c_int.h"
#include "l2cdefs.h"
#include "osi/include/fixed_queue.h"
#include "osi/include/mutex.h"

using base::StringPrintf;

/* Define the GAP Connection Control Block */
typedef struct {
#define GAP_CCB_STATE_IDLE 0
#define GAP_CCB_STATE_LISTENING 1
#define GAP_CCB_STATE_CONN_SETUP 2
#define GAP_CCB_STATE_CFG_SETUP 3
#define GAP_CCB_STATE_WAIT_SEC 4
#define GAP_CCB_STATE_CONNECTED 5
  uint8_t con_state;

#define GAP_CCB_FLAGS_IS_ORIG 0x01
#define GAP_CCB_FLAGS_HIS_CFG_DONE 0x02
#define GAP_CCB_FLAGS_MY_CFG_DONE 0x04
#define GAP_CCB_FLAGS_SEC_DONE 0x08
#define GAP_CCB_FLAGS_CONN_DONE 0x0E
  uint8_t con_flags;

  uint8_t service_id;     /* Used by BTM */
  uint16_t gap_handle;    /* GAP handle */
  uint16_t connection_id; /* L2CAP CID */
  bool rem_addr_specified;
  uint8_t chan_mode_mask; /* Supported channel modes (FCR) */
  RawAddress rem_dev_address;
  uint16_t psm;
  uint16_t rem_mtu_size;

  bool is_congested;
  fixed_queue_t* tx_queue; /* Queue of buffers waiting to be sent */
  fixed_queue_t* rx_queue; /* Queue of buffers waiting to be read */

  uint32_t rx_queue_size; /* Total data count in rx_queue */

  tGAP_CONN_CALLBACK* p_callback; /* Users callback function */

  tL2CAP_CFG_INFO cfg;              /* Configuration */
  tL2CAP_ERTM_INFO ertm_info;       /* Pools and modes for ertm */
  tBT_TRANSPORT transport;          /* Transport channel BR/EDR or BLE */
  tL2CAP_LE_CFG_INFO local_coc_cfg; /* local configuration for LE Coc */
  tL2CAP_LE_CFG_INFO peer_coc_cfg;  /* local configuration for LE Coc */
} tGAP_CCB;

typedef struct {
  tL2CAP_APPL_INFO reg_info; /* L2CAP Registration info */
  tGAP_CCB ccb_pool[GAP_MAX_CONNECTIONS];
} tGAP_CONN;

namespace {
tGAP_CONN conn;
}

/******************************************************************************/
/*            L O C A L    F U N C T I O N     P R O T O T Y P E S            */
/******************************************************************************/
static void gap_connect_ind(const RawAddress& bd_addr, uint16_t l2cap_cid,
                            uint16_t psm, uint8_t l2cap_id);
static void gap_connect_cfm(uint16_t l2cap_cid, uint16_t result);
static void gap_config_ind(uint16_t l2cap_cid, tL2CAP_CFG_INFO* p_cfg);
static void gap_config_cfm(uint16_t l2cap_cid, tL2CAP_CFG_INFO* p_cfg);
static void gap_disconnect_ind(uint16_t l2cap_cid, bool ack_needed);
static void gap_data_ind(uint16_t l2cap_cid, BT_HDR* p_msg);
static void gap_congestion_ind(uint16_t lcid, bool is_congested);
static void gap_tx_complete_ind(uint16_t l2cap_cid, uint16_t sdu_sent);
static void gap_credits_received_cb(uint16_t l2cap_cid,
                                    uint16_t credits_received,
                                    uint16_t credit_count);

static tGAP_CCB* gap_find_ccb_by_cid(uint16_t cid);
static tGAP_CCB* gap_find_ccb_by_handle(uint16_t handle);
static tGAP_CCB* gap_allocate_ccb(void);
static void gap_release_ccb(tGAP_CCB* p_ccb);
static void gap_checks_con_flags(tGAP_CCB* p_ccb);

/*******************************************************************************
 *
 * Function         gap_conn_init
 *
 * Description      This function is called to initialize GAP connection
 *                  management
 *
 * Returns          void
 *
 ******************************************************************************/
void gap_conn_init(void) {
  memset(&conn, 0, sizeof(tGAP_CONN));
  conn.reg_info.pL2CA_ConnectInd_Cb = gap_connect_ind;
  conn.reg_info.pL2CA_ConnectCfm_Cb = gap_connect_cfm;
  conn.reg_info.pL2CA_ConnectPnd_Cb = NULL;
  conn.reg_info.pL2CA_ConfigInd_Cb = gap_config_ind;
  conn.reg_info.pL2CA_ConfigCfm_Cb = gap_config_cfm;
  conn.reg_info.pL2CA_DisconnectInd_Cb = gap_disconnect_ind;
  conn.reg_info.pL2CA_DisconnectCfm_Cb = NULL;
  conn.reg_info.pL2CA_QoSViolationInd_Cb = NULL;
  conn.reg_info.pL2CA_DataInd_Cb = gap_data_ind;
  conn.reg_info.pL2CA_CongestionStatus_Cb = gap_congestion_ind;
  conn.reg_info.pL2CA_TxComplete_Cb = gap_tx_complete_ind;
  conn.reg_info.pL2CA_CreditsReceived_Cb = gap_credits_received_cb;
}

/*******************************************************************************
 *
 * Function         GAP_ConnOpen
 *
 * Description      This function is called to open an L2CAP connection.
 *
 * Parameters:      is_server   - If true, the connection is not created
 *                                but put into a "listen" mode waiting for
 *                                the remote side to connect.
 *
 *                  service_id  - Unique service ID from
 *                                BTM_SEC_SERVICE_FIRST_EMPTY (6)
 *                                to BTM_SEC_MAX_SERVICE_RECORDS (32)
 *
 *                  p_rem_bda   - Pointer to remote BD Address.
 *                                If a server, and we don't care about the
 *                                remote BD Address, then NULL should be passed.
 *
 *                  psm         - the PSM used for the connection
 *                  le_mps      - Maximum PDU Size for LE CoC
 *
 *                  p_config    - Optional pointer to configuration structure.
 *                                If NULL, the default GAP configuration will
 *                                be used.
 *
 *                  security    - security flags
 *                  chan_mode_mask - (GAP_FCR_CHAN_OPT_BASIC,
 *                                    GAP_FCR_CHAN_OPT_ERTM,
 *                                    GAP_FCR_CHAN_OPT_STREAM)
 *
 *                  p_cb        - Pointer to callback function for events.
 *
 * Returns          handle of the connection if successful, else
 *                            GAP_INVALID_HANDLE
 *
 ******************************************************************************/
uint16_t GAP_ConnOpen(const char* p_serv_name, uint8_t service_id,
                      bool is_server, const RawAddress* p_rem_bda, uint16_t psm,
                      uint16_t le_mps, tL2CAP_CFG_INFO* p_cfg,
                      tL2CAP_ERTM_INFO* ertm_info, uint16_t security,
                      uint8_t chan_mode_mask, tGAP_CONN_CALLBACK* p_cb,
                      tBT_TRANSPORT transport) {
  tGAP_CCB* p_ccb;
  uint16_t cid;

  DVLOG(1) << "GAP_CONN - Open Request";

  /* Allocate a new CCB. Return if none available. */
  p_ccb = gap_allocate_ccb();
  if (p_ccb == NULL) return (GAP_INVALID_HANDLE);

  /* update the transport */
  p_ccb->transport = transport;

  /* The service_id must be set before calling gap_release_ccb(). */
  p_ccb->service_id = service_id;

  /* If caller specified a BD address, save it */
  if (p_rem_bda) {
    /* the bd addr is not RawAddress::kAny, then a bd address was specified */
    if (*p_rem_bda != RawAddress::kAny) p_ccb->rem_addr_specified = true;

    p_ccb->rem_dev_address = *p_rem_bda;
  } else if (!is_server) {
    /* remore addr is not specified and is not a server -> bad */
    return (GAP_INVALID_HANDLE);
  }

  /* A client MUST have specified a bd addr to connect with */
  if (!p_ccb->rem_addr_specified && !is_server) {
    gap_release_ccb(p_ccb);
    LOG(ERROR)
        << "GAP ERROR: Client must specify a remote BD ADDR to connect to!";
    return (GAP_INVALID_HANDLE);
  }

  /* Check if configuration was specified */
  if (p_cfg) p_ccb->cfg = *p_cfg;

  /* Configure L2CAP COC, if transport is LE */
  if (transport == BT_TRANSPORT_LE) {
    p_ccb->local_coc_cfg.credits = L2CAP_LE_CREDIT_DEFAULT;
    p_ccb->local_coc_cfg.mtu = p_cfg->mtu;

    uint16_t max_mps = controller_get_interface()->get_acl_data_size_ble();
    if (le_mps > max_mps) {
      LOG(INFO) << "Limiting MPS to one buffer size - " << max_mps;
      le_mps = max_mps;
    }
    p_ccb->local_coc_cfg.mps = le_mps;

    VLOG(2) << __func__ << ": credits=" << p_ccb->local_coc_cfg.credits
            << ", mps=" << p_ccb->local_coc_cfg.mps
            << ", mtu=" << p_ccb->local_coc_cfg.mtu;
  }

  p_ccb->p_callback = p_cb;

  /* If originator, use a dynamic PSM */
  if (!is_server)
    conn.reg_info.pL2CA_ConnectInd_Cb = NULL;
  else
    conn.reg_info.pL2CA_ConnectInd_Cb = gap_connect_ind;

  /* Register the PSM with L2CAP */
  if (transport == BT_TRANSPORT_BR_EDR) {
    p_ccb->psm = L2CA_REGISTER(psm, &conn.reg_info, false /* enable_snoop */);
    if (p_ccb->psm == 0) {
      LOG(ERROR) << StringPrintf("%s: Failure registering PSM 0x%04x", __func__,
                                 psm);
      gap_release_ccb(p_ccb);
      return (GAP_INVALID_HANDLE);
    }
  }

  if (transport == BT_TRANSPORT_LE) {
    p_ccb->psm = L2CA_REGISTER_COC(
        psm, &conn.reg_info, AMP_AUTOSWITCH_ALLOWED | AMP_USE_AMP_IF_POSSIBLE);
    if (p_ccb->psm == 0) {
      LOG(ERROR) << StringPrintf("%s: Failure registering PSM 0x%04x", __func__,
                                 psm);
      gap_release_ccb(p_ccb);
      return (GAP_INVALID_HANDLE);
    }
  }

  /* Register with Security Manager for the specific security level */
  if (!BTM_SetSecurityLevel((uint8_t)!is_server, p_serv_name, p_ccb->service_id,
                            security, p_ccb->psm, 0, 0)) {
    LOG(ERROR) << "GAP_CONN - Security Error";
    gap_release_ccb(p_ccb);
    return (GAP_INVALID_HANDLE);
  }

  /* Fill in eL2CAP parameter data */
  if (p_ccb->cfg.fcr_present) {
    if (ertm_info == NULL) {
      p_ccb->ertm_info.preferred_mode = p_ccb->cfg.fcr.mode;
      p_ccb->ertm_info.user_rx_buf_size = GAP_DATA_BUF_SIZE;
      p_ccb->ertm_info.user_tx_buf_size = GAP_DATA_BUF_SIZE;
      p_ccb->ertm_info.fcr_rx_buf_size = L2CAP_INVALID_ERM_BUF_SIZE;
      p_ccb->ertm_info.fcr_tx_buf_size = L2CAP_INVALID_ERM_BUF_SIZE;
    } else {
      p_ccb->ertm_info = *ertm_info;
    }
  }

  /* optional FCR channel modes */
  if (ertm_info != NULL) {
    p_ccb->ertm_info.allowed_modes =
        (chan_mode_mask) ? chan_mode_mask : (uint8_t)L2CAP_FCR_CHAN_OPT_BASIC;
  }

  if (is_server) {
    p_ccb->con_flags |=
        GAP_CCB_FLAGS_SEC_DONE; /* assume btm/l2cap would handle it */
    p_ccb->con_state = GAP_CCB_STATE_LISTENING;
    return (p_ccb->gap_handle);
  } else {
    /* We are the originator of this connection */
    p_ccb->con_flags = GAP_CCB_FLAGS_IS_ORIG;

    /* Transition to the next appropriate state, waiting for connection confirm.
     */
    p_ccb->con_state = GAP_CCB_STATE_CONN_SETUP;

    /* mark security done flag, when security is not required */
    if ((security & (BTM_SEC_OUT_AUTHORIZE | BTM_SEC_OUT_AUTHENTICATE |
                     BTM_SEC_OUT_ENCRYPT)) == 0)
      p_ccb->con_flags |= GAP_CCB_FLAGS_SEC_DONE;

    /* Check if L2CAP started the connection process */
    if (p_rem_bda && (transport == BT_TRANSPORT_BR_EDR)) {
      cid = L2CA_CONNECT_REQ(p_ccb->psm, *p_rem_bda, &p_ccb->ertm_info);
      if (cid != 0) {
        p_ccb->connection_id = cid;
        return (p_ccb->gap_handle);
      }
    }

    if (p_rem_bda && (transport == BT_TRANSPORT_LE)) {
      cid = L2CA_CONNECT_COC_REQ(p_ccb->psm, *p_rem_bda, &p_ccb->local_coc_cfg);
      if (cid != 0) {
        p_ccb->connection_id = cid;
        return (p_ccb->gap_handle);
      }
    }

    gap_release_ccb(p_ccb);
    return (GAP_INVALID_HANDLE);
  }
}

/*******************************************************************************
 *
 * Function         GAP_ConnClose
 *
 * Description      This function is called to close a connection.
 *
 * Parameters:      handle - Handle of the connection returned by GAP_ConnOpen
 *
 * Returns          BT_PASS             - closed OK
 *                  GAP_ERR_BAD_HANDLE  - invalid handle
 *
 ******************************************************************************/
uint16_t GAP_ConnClose(uint16_t gap_handle) {
  tGAP_CCB* p_ccb = gap_find_ccb_by_handle(gap_handle);

  DVLOG(1) << StringPrintf("GAP_CONN - close  handle: 0x%x", gap_handle);

  if (p_ccb) {
    /* Check if we have a connection ID */
    if (p_ccb->con_state != GAP_CCB_STATE_LISTENING)
      L2CA_DISCONNECT_REQ(p_ccb->connection_id);

    gap_release_ccb(p_ccb);

    return (BT_PASS);
  }

  return (GAP_ERR_BAD_HANDLE);
}

/*******************************************************************************
 *
 * Function         GAP_ConnReadData
 *
 * Description      Normally not GKI aware application will call this function
 *                  after receiving GAP_EVT_RXDATA event.
 *
 * Parameters:      handle      - Handle of the connection returned in the Open
 *                  p_data      - Data area
 *                  max_len     - Byte count requested
 *                  p_len       - Byte count received
 *
 * Returns          BT_PASS             - data read
 *                  GAP_ERR_BAD_HANDLE  - invalid handle
 *                  GAP_NO_DATA_AVAIL   - no data available
 *
 ******************************************************************************/
uint16_t GAP_ConnReadData(uint16_t gap_handle, uint8_t* p_data,
                          uint16_t max_len, uint16_t* p_len) {
  tGAP_CCB* p_ccb = gap_find_ccb_by_handle(gap_handle);
  uint16_t copy_len;

  if (!p_ccb) return (GAP_ERR_BAD_HANDLE);

  *p_len = 0;

  if (fixed_queue_is_empty(p_ccb->rx_queue)) return (GAP_NO_DATA_AVAIL);

  mutex_global_lock();

  while (max_len) {
    BT_HDR* p_buf =
        static_cast<BT_HDR*>(fixed_queue_try_peek_first(p_ccb->rx_queue));
    if (p_buf == NULL) break;

    copy_len = (p_buf->len > max_len) ? max_len : p_buf->len;
    max_len -= copy_len;
    *p_len += copy_len;
    if (p_data) {
      memcpy(p_data, (uint8_t*)(p_buf + 1) + p_buf->offset, copy_len);
      p_data += copy_len;
    }

    if (p_buf->len > copy_len) {
      p_buf->offset += copy_len;
      p_buf->len -= copy_len;
      break;
    }
    osi_free(fixed_queue_try_dequeue(p_ccb->rx_queue));
  }

  p_ccb->rx_queue_size -= *p_len;

  mutex_global_unlock();

  DVLOG(1) << StringPrintf(
      "GAP_ConnReadData - rx_queue_size left=%d, *p_len=%d",
      p_ccb->rx_queue_size, *p_len);

  return (BT_PASS);
}

/*******************************************************************************
 *
 * Function         GAP_GetRxQueueCnt
 *
 * Description      This function return number of bytes on the rx queue.
 *
 * Parameters:      handle     - Handle returned in the GAP_ConnOpen
 *                  p_rx_queue_count - Pointer to return queue count in.
 *
 *
 ******************************************************************************/
int GAP_GetRxQueueCnt(uint16_t handle, uint32_t* p_rx_queue_count) {
  tGAP_CCB* p_ccb;
  int rc = BT_PASS;

  /* Check that handle is valid */
  if (handle < GAP_MAX_CONNECTIONS) {
    p_ccb = &conn.ccb_pool[handle];

    if (p_ccb->con_state == GAP_CCB_STATE_CONNECTED) {
      *p_rx_queue_count = p_ccb->rx_queue_size;
    } else
      rc = GAP_INVALID_HANDLE;
  } else
    rc = GAP_INVALID_HANDLE;

  DVLOG(1) << StringPrintf("GAP_GetRxQueueCnt - rc = 0x%04x, rx_queue_count=%d",
                           rc, *p_rx_queue_count);

  return (rc);
}

/*******************************************************************************
 *
 * Function         GAP_ConnBTRead
 *
 * Description      Bluetooth-aware applications will call this function after
 *                  receiving GAP_EVT_RXDATA event.
 *
 * Parameters:      handle      - Handle of the connection returned in the Open
 *                  pp_buf      - pointer to address of buffer with data,
 *
 * Returns          BT_PASS             - data read
 *                  GAP_ERR_BAD_HANDLE  - invalid handle
 *                  GAP_NO_DATA_AVAIL   - no data available
 *
 ******************************************************************************/
uint16_t GAP_ConnBTRead(uint16_t gap_handle, BT_HDR** pp_buf) {
  tGAP_CCB* p_ccb = gap_find_ccb_by_handle(gap_handle);
  BT_HDR* p_buf;

  if (!p_ccb) return (GAP_ERR_BAD_HANDLE);

  p_buf = (BT_HDR*)fixed_queue_try_dequeue(p_ccb->rx_queue);

  if (p_buf) {
    *pp_buf = p_buf;

    p_ccb->rx_queue_size -= p_buf->len;
    return (BT_PASS);
  } else {
    *pp_buf = NULL;
    return (GAP_NO_DATA_AVAIL);
  }
}

/* Try to write the queued data to l2ca. Return true on success, or if queue is
 * congested. False if error occured when writing. */
static bool gap_try_write_queued_data(tGAP_CCB* p_ccb) {
  if (p_ccb->is_congested) return true;

  /* Send the buffer through L2CAP */
  BT_HDR* p_buf;
  while ((p_buf = (BT_HDR*)fixed_queue_try_dequeue(p_ccb->tx_queue)) != NULL) {
    uint8_t status = L2CA_DATA_WRITE(p_ccb->connection_id, p_buf);

    if (status == L2CAP_DW_CONGESTED) {
      p_ccb->is_congested = true;
      return true;
    } else if (status != L2CAP_DW_SUCCESS)
      return false;
  }
  return true;
}

/*******************************************************************************
 *
 * Function         GAP_ConnWriteData
 *
 * Description      Normally not GKI aware application will call this function
 *                  to send data to the connection.
 *
 * Parameters:      handle      - Handle of the connection returned in the Open
 *                  msg         - pointer to single SDU to send. This function
 *                                will take ownership of it.
 *
 * Returns          BT_PASS                 - data read
 *                  GAP_ERR_BAD_HANDLE      - invalid handle
 *                  GAP_ERR_BAD_STATE       - connection not established
 *                  GAP_CONGESTION          - system is congested
 *
 ******************************************************************************/
uint16_t GAP_ConnWriteData(uint16_t gap_handle, BT_HDR* msg) {
  tGAP_CCB* p_ccb = gap_find_ccb_by_handle(gap_handle);

  if (!p_ccb) {
    osi_free(msg);
    return GAP_ERR_BAD_HANDLE;
  }

  if (p_ccb->con_state != GAP_CCB_STATE_CONNECTED) {
    osi_free(msg);
    return GAP_ERR_BAD_STATE;
  }

  if (msg->len > p_ccb->rem_mtu_size) {
    osi_free(msg);
    return GAP_ERR_ILL_PARM;
  }

  DVLOG(1) << StringPrintf("GAP_WriteData %d bytes", msg->len);

  fixed_queue_enqueue(p_ccb->tx_queue, msg);

  if (!gap_try_write_queued_data(p_ccb)) return GAP_ERR_BAD_STATE;

  return (BT_PASS);
}

/*******************************************************************************
 *
 * Function         GAP_ConnReconfig
 *
 * Description      Applications can call this function to reconfigure the
 *                  connection.
 *
 * Parameters:      handle      - Handle of the connection
 *                  p_cfg       - Pointer to new configuration
 *
 * Returns          BT_PASS                 - config process started
 *                  GAP_ERR_BAD_HANDLE      - invalid handle
 *
 ******************************************************************************/
uint16_t GAP_ConnReconfig(uint16_t gap_handle, tL2CAP_CFG_INFO* p_cfg) {
  tGAP_CCB* p_ccb = gap_find_ccb_by_handle(gap_handle);

  if (!p_ccb) return (GAP_ERR_BAD_HANDLE);

  p_ccb->cfg = *p_cfg;

  if (p_ccb->con_state == GAP_CCB_STATE_CONNECTED)
    L2CA_CONFIG_REQ(p_ccb->connection_id, p_cfg);

  return (BT_PASS);
}

/*******************************************************************************
 *
 * Function         GAP_ConnSetIdleTimeout
 *
 * Description      Higher layers call this function to set the idle timeout for
 *                  a connection, or for all future connections. The "idle
 *                  timeout" is the amount of time that a connection can remain
 *                  up with no L2CAP channels on it. A timeout of zero means
 *                  that the connection will be torn down immediately when the
 *                  last channel is removed. A timeout of 0xFFFF means no
 *                  timeout. Values are in seconds.
 *
 * Parameters:      handle      - Handle of the connection
 *                  timeout     - in secs
 *                                0 = immediate disconnect when last channel is
 *                                    removed
 *                                0xFFFF = no idle timeout
 *
 * Returns          BT_PASS                 - config process started
 *                  GAP_ERR_BAD_HANDLE      - invalid handle
 *
 ******************************************************************************/
uint16_t GAP_ConnSetIdleTimeout(uint16_t gap_handle, uint16_t timeout) {
  tGAP_CCB* p_ccb;

  p_ccb = gap_find_ccb_by_handle(gap_handle);
  if (p_ccb == NULL) return (GAP_ERR_BAD_HANDLE);

  if (L2CA_SetIdleTimeout(p_ccb->connection_id, timeout, false))
    return (BT_PASS);
  else
    return (GAP_ERR_BAD_HANDLE);
}

/*******************************************************************************
 *
 * Function         GAP_ConnGetRemoteAddr
 *
 * Description      This function is called to get the remote BD address
 *                  of a connection.
 *
 * Parameters:      handle - Handle of the connection returned by GAP_ConnOpen
 *
 * Returns          BT_PASS             - closed OK
 *                  GAP_ERR_BAD_HANDLE  - invalid handle
 *
 ******************************************************************************/
const RawAddress* GAP_ConnGetRemoteAddr(uint16_t gap_handle) {
  tGAP_CCB* p_ccb = gap_find_ccb_by_handle(gap_handle);

  DVLOG(1) << __func__ << " gap_handle = " << gap_handle;

  if ((p_ccb) && (p_ccb->con_state > GAP_CCB_STATE_LISTENING)) {
    DVLOG(1) << __func__ << " BDA: " << p_ccb->rem_dev_address;
    return &p_ccb->rem_dev_address;
  } else {
    DVLOG(1) << __func__ << " return Error ";
    return nullptr;
  }
}

/*******************************************************************************
 *
 * Function         GAP_ConnGetRemMtuSize
 *
 * Description      Returns the remote device's MTU size
 *
 * Parameters:      handle      - Handle of the connection
 *
 * Returns          uint16_t    - maximum size buffer that can be transmitted to
 *                                the peer
 *
 ******************************************************************************/
uint16_t GAP_ConnGetRemMtuSize(uint16_t gap_handle) {
  tGAP_CCB* p_ccb;

  p_ccb = gap_find_ccb_by_handle(gap_handle);
  if (p_ccb == NULL) return (0);

  return (p_ccb->rem_mtu_size);
}

/*******************************************************************************
 *
 * Function         GAP_ConnGetL2CAPCid
 *
 * Description      Returns the L2CAP channel id
 *
 * Parameters:      handle      - Handle of the connection
 *
 * Returns          uint16_t    - The L2CAP channel id
 *                  0, if error
 *
 ******************************************************************************/
uint16_t GAP_ConnGetL2CAPCid(uint16_t gap_handle) {
  tGAP_CCB* p_ccb;

  p_ccb = gap_find_ccb_by_handle(gap_handle);
  if (p_ccb == NULL) return (0);

  return (p_ccb->connection_id);
}

/*******************************************************************************
 *
 * Function         gap_tx_connect_ind
 *
 * Description      Sends out GAP_EVT_TX_EMPTY when transmission has been
 *                  completed.
 *
 * Returns          void
 *
 ******************************************************************************/
void gap_tx_complete_ind(uint16_t l2cap_cid, uint16_t sdu_sent) {
  tGAP_CCB* p_ccb = gap_find_ccb_by_cid(l2cap_cid);
  if (p_ccb == NULL) return;

  if ((p_ccb->con_state == GAP_CCB_STATE_CONNECTED) && (sdu_sent == 0xFFFF)) {
    DVLOG(1) << StringPrintf("%s: GAP_EVT_TX_EMPTY", __func__);
    p_ccb->p_callback(p_ccb->gap_handle, GAP_EVT_TX_EMPTY, nullptr);
  }
}

void gap_credits_received_cb(uint16_t l2cap_cid, uint16_t credits_received,
                             uint16_t credit_count) {
  tGAP_CCB* p_ccb = gap_find_ccb_by_cid(l2cap_cid);
  if (!p_ccb) return;

  tGAP_CB_DATA data{.coc_credits = {.credits_received = credits_received,
                                    .credit_count = credit_count}};
  p_ccb->p_callback(p_ccb->gap_handle, GAP_EVT_LE_COC_CREDITS, &data);
}

/*******************************************************************************
 *
 * Function         gap_connect_ind
 *
 * Description      This function handles an inbound connection indication
 *                  from L2CAP. This is the case where we are acting as a
 *                  server.
 *
 * Returns          void
 *
 ******************************************************************************/
static void gap_connect_ind(const RawAddress& bd_addr, uint16_t l2cap_cid,
                            uint16_t psm, uint8_t l2cap_id) {
  uint16_t xx;
  tGAP_CCB* p_ccb;

  /* See if we have a CCB listening for the connection */
  for (xx = 0, p_ccb = conn.ccb_pool; xx < GAP_MAX_CONNECTIONS; xx++, p_ccb++) {
    if ((p_ccb->con_state == GAP_CCB_STATE_LISTENING) && (p_ccb->psm == psm) &&
        (!p_ccb->rem_addr_specified || (bd_addr == p_ccb->rem_dev_address)))
      break;
  }

  if (xx == GAP_MAX_CONNECTIONS) {
    LOG(WARNING) << "*******";
    LOG(WARNING) << "WARNING: GAP Conn Indication for Unexpected Bd "
                    "Addr...Disconnecting";
    LOG(WARNING) << "*******";

    /* Disconnect because it is an unexpected connection */
    L2CA_DISCONNECT_REQ(l2cap_cid);
    return;
  }

  /* Transition to the next appropriate state, waiting for config setup. */
  if (p_ccb->transport == BT_TRANSPORT_BR_EDR)
    p_ccb->con_state = GAP_CCB_STATE_CFG_SETUP;

  /* Save the BD Address and Channel ID. */
  p_ccb->rem_dev_address = bd_addr;
  p_ccb->connection_id = l2cap_cid;

  /* Send response to the L2CAP layer. */
  if (p_ccb->transport == BT_TRANSPORT_BR_EDR)
    L2CA_CONNECT_RSP(bd_addr, l2cap_id, l2cap_cid, L2CAP_CONN_OK, L2CAP_CONN_OK,
                     &p_ccb->ertm_info);

  if (p_ccb->transport == BT_TRANSPORT_LE) {
    L2CA_CONNECT_COC_RSP(bd_addr, l2cap_id, l2cap_cid, L2CAP_CONN_OK,
                         L2CAP_CONN_OK, &p_ccb->local_coc_cfg);

    /* get the remote coc configuration */
    L2CA_GET_PEER_COC_CONFIG(l2cap_cid, &p_ccb->peer_coc_cfg);
    p_ccb->rem_mtu_size = p_ccb->peer_coc_cfg.mtu;

    /* configuration is not required for LE COC */
    p_ccb->con_flags |= GAP_CCB_FLAGS_HIS_CFG_DONE;
    p_ccb->con_flags |= GAP_CCB_FLAGS_MY_CFG_DONE;
    gap_checks_con_flags(p_ccb);
  }

  DVLOG(1) << StringPrintf("GAP_CONN - Rcvd L2CAP conn ind, CID: 0x%x",
                           p_ccb->connection_id);

  /* Send a Configuration Request. */
  if (p_ccb->transport == BT_TRANSPORT_BR_EDR)
    L2CA_CONFIG_REQ(l2cap_cid, &p_ccb->cfg);
}

/*******************************************************************************
 *
 * Function         gap_checks_con_flags
 *
 * Description      This function processes the L2CAP configuration indication
 *                  event.
 *
 * Returns          void
 *
 ******************************************************************************/
static void gap_checks_con_flags(tGAP_CCB* p_ccb) {
  DVLOG(1) << __func__ << " conn_flags:0x" << +p_ccb->con_flags;
  /* if all the required con_flags are set, report the OPEN event now */
  if ((p_ccb->con_flags & GAP_CCB_FLAGS_CONN_DONE) == GAP_CCB_FLAGS_CONN_DONE) {
    p_ccb->con_state = GAP_CCB_STATE_CONNECTED;

    p_ccb->p_callback(p_ccb->gap_handle, GAP_EVT_CONN_OPENED, nullptr);
  }
}

/*******************************************************************************
 *
 * Function         gap_sec_check_complete
 *
 * Description      The function called when Security Manager finishes
 *                  verification of the service side connection
 *
 * Returns          void
 *
 ******************************************************************************/
static void gap_sec_check_complete(const RawAddress*, tBT_TRANSPORT,
                                   void* p_ref_data, uint8_t res) {
  tGAP_CCB* p_ccb = (tGAP_CCB*)p_ref_data;

  DVLOG(1) << StringPrintf(
      "gap_sec_check_complete conn_state:%d, conn_flags:0x%x, status:%d",
      p_ccb->con_state, p_ccb->con_flags, res);
  if (p_ccb->con_state == GAP_CCB_STATE_IDLE) return;

  if (res == BTM_SUCCESS) {
    p_ccb->con_flags |= GAP_CCB_FLAGS_SEC_DONE;
    gap_checks_con_flags(p_ccb);
  } else {
    /* security failed - disconnect the channel */
    L2CA_DISCONNECT_REQ(p_ccb->connection_id);
  }
}

/*******************************************************************************
 *
 * Function         gap_connect_cfm
 *
 * Description      This function handles the connect confirm events
 *                  from L2CAP. This is the case when we are acting as a
 *                  client and have sent a connect request.
 *
 * Returns          void
 *
 ******************************************************************************/
static void gap_connect_cfm(uint16_t l2cap_cid, uint16_t result) {
  tGAP_CCB* p_ccb;

  /* Find CCB based on CID */
  p_ccb = gap_find_ccb_by_cid(l2cap_cid);
  if (p_ccb == NULL) return;

  /* initiate security process, if needed */
  if ((p_ccb->con_flags & GAP_CCB_FLAGS_SEC_DONE) == 0 &&
      p_ccb->transport != BT_TRANSPORT_LE) {
    btm_sec_mx_access_request(p_ccb->rem_dev_address, p_ccb->psm, true, 0, 0,
                              &gap_sec_check_complete, p_ccb);
  }

  /* If the connection response contains success status, then */
  /* Transition to the next state and startup the timer.      */
  if ((result == L2CAP_CONN_OK) &&
      (p_ccb->con_state == GAP_CCB_STATE_CONN_SETUP)) {
    if (p_ccb->transport == BT_TRANSPORT_BR_EDR) {
      p_ccb->con_state = GAP_CCB_STATE_CFG_SETUP;

      /* Send a Configuration Request. */
      L2CA_CONFIG_REQ(l2cap_cid, &p_ccb->cfg);
    }

    if (p_ccb->transport == BT_TRANSPORT_LE) {
      /* get the remote coc configuration */
      L2CA_GET_PEER_COC_CONFIG(l2cap_cid, &p_ccb->peer_coc_cfg);
      p_ccb->rem_mtu_size = p_ccb->peer_coc_cfg.mtu;

      /* configuration is not required for LE COC */
      p_ccb->con_flags |= GAP_CCB_FLAGS_HIS_CFG_DONE;
      p_ccb->con_flags |= GAP_CCB_FLAGS_MY_CFG_DONE;
      p_ccb->con_flags |= GAP_CCB_FLAGS_SEC_DONE;
      gap_checks_con_flags(p_ccb);
    }
  } else {
    /* Tell the user if he has a callback */
    if (p_ccb->p_callback)
      (*p_ccb->p_callback)(p_ccb->gap_handle, GAP_EVT_CONN_CLOSED, nullptr);

    gap_release_ccb(p_ccb);
  }
}

/*******************************************************************************
 *
 * Function         gap_config_ind
 *
 * Description      This function processes the L2CAP configuration indication
 *                  event.
 *
 * Returns          void
 *
 ******************************************************************************/
static void gap_config_ind(uint16_t l2cap_cid, tL2CAP_CFG_INFO* p_cfg) {
  tGAP_CCB* p_ccb;
  uint16_t local_mtu_size;

  /* Find CCB based on CID */
  p_ccb = gap_find_ccb_by_cid(l2cap_cid);
  if (p_ccb == NULL) return;

  /* Remember the remote MTU size */

  if (p_ccb->cfg.fcr.mode == L2CAP_FCR_ERTM_MODE) {
    local_mtu_size =
        p_ccb->ertm_info.user_tx_buf_size - sizeof(BT_HDR) - L2CAP_MIN_OFFSET;
  } else
    local_mtu_size = L2CAP_MTU_SIZE;

  if ((!p_cfg->mtu_present) || (p_cfg->mtu > local_mtu_size)) {
    p_ccb->rem_mtu_size = local_mtu_size;
  } else
    p_ccb->rem_mtu_size = p_cfg->mtu;

  /* For now, always accept configuration from the other side */
  p_cfg->flush_to_present = false;
  p_cfg->mtu_present = false;
  p_cfg->result = L2CAP_CFG_OK;
  p_cfg->fcs_present = false;

  L2CA_CONFIG_RSP(l2cap_cid, p_cfg);

  p_ccb->con_flags |= GAP_CCB_FLAGS_HIS_CFG_DONE;

  gap_checks_con_flags(p_ccb);
}

/*******************************************************************************
 *
 * Function         gap_config_cfm
 *
 * Description      This function processes the L2CAP configuration confirmation
 *                  event.
 *
 * Returns          void
 *
 ******************************************************************************/
static void gap_config_cfm(uint16_t l2cap_cid, tL2CAP_CFG_INFO* p_cfg) {
  tGAP_CCB* p_ccb;

  /* Find CCB based on CID */
  p_ccb = gap_find_ccb_by_cid(l2cap_cid);
  if (p_ccb == NULL) return;

  if (p_cfg->result == L2CAP_CFG_OK) {
    p_ccb->con_flags |= GAP_CCB_FLAGS_MY_CFG_DONE;

    if (p_ccb->cfg.fcr_present)
      p_ccb->cfg.fcr.mode = p_cfg->fcr.mode;
    else
      p_ccb->cfg.fcr.mode = L2CAP_FCR_BASIC_MODE;

    gap_checks_con_flags(p_ccb);
  } else {
    p_ccb->p_callback(p_ccb->gap_handle, GAP_EVT_CONN_CLOSED, nullptr);
    gap_release_ccb(p_ccb);
  }
}

/*******************************************************************************
 *
 * Function         gap_disconnect_ind
 *
 * Description      This function handles a disconnect event from L2CAP. If
 *                  requested to, we ack the disconnect before dropping the CCB
 *
 * Returns          void
 *
 ******************************************************************************/
static void gap_disconnect_ind(uint16_t l2cap_cid, bool ack_needed) {
  tGAP_CCB* p_ccb;

  DVLOG(1) << StringPrintf("GAP_CONN - Rcvd L2CAP disc, CID: 0x%x", l2cap_cid);

  /* Find CCB based on CID */
  p_ccb = gap_find_ccb_by_cid(l2cap_cid);
  if (p_ccb == NULL) return;

  if (ack_needed) L2CA_DISCONNECT_RSP(l2cap_cid);

  p_ccb->p_callback(p_ccb->gap_handle, GAP_EVT_CONN_CLOSED, nullptr);
  gap_release_ccb(p_ccb);
}

/*******************************************************************************
 *
 * Function         gap_data_ind
 *
 * Description      This function is called when data is received from L2CAP.
 *
 * Returns          void
 *
 ******************************************************************************/
static void gap_data_ind(uint16_t l2cap_cid, BT_HDR* p_msg) {
  tGAP_CCB* p_ccb;

  /* Find CCB based on CID */
  p_ccb = gap_find_ccb_by_cid(l2cap_cid);
  if (p_ccb == NULL) {
    osi_free(p_msg);
    return;
  }

  if (p_ccb->con_state == GAP_CCB_STATE_CONNECTED) {
    fixed_queue_enqueue(p_ccb->rx_queue, p_msg);

    p_ccb->rx_queue_size += p_msg->len;
    /*
    DVLOG(1) << StringPrintf ("gap_data_ind - rx_queue_size=%d, msg len=%d",
                                   p_ccb->rx_queue_size, p_msg->len);
     */

    p_ccb->p_callback(p_ccb->gap_handle, GAP_EVT_CONN_DATA_AVAIL, nullptr);
  } else {
    osi_free(p_msg);
  }
}

/*******************************************************************************
 *
 * Function         gap_congestion_ind
 *
 * Description      This is a callback function called by L2CAP when
 *                  data L2CAP congestion status changes
 *
 ******************************************************************************/
static void gap_congestion_ind(uint16_t lcid, bool is_congested) {
  DVLOG(1) << StringPrintf("GAP_CONN - Rcvd L2CAP Is Congested (%d), CID: 0x%x",
                           is_congested, lcid);

  tGAP_CCB* p_ccb = gap_find_ccb_by_cid(lcid); /* Find CCB based on CID */
  if (!p_ccb) return;

  p_ccb->is_congested = is_congested;

  p_ccb->p_callback(
      p_ccb->gap_handle,
      (is_congested) ? GAP_EVT_CONN_CONGESTED : GAP_EVT_CONN_UNCONGESTED,
      nullptr);

  gap_try_write_queued_data(p_ccb);
}

/*******************************************************************************
 *
 * Function         gap_find_ccb_by_cid
 *
 * Description      This function searches the CCB table for an entry with the
 *                  passed CID.
 *
 * Returns          the CCB address, or NULL if not found.
 *
 ******************************************************************************/
static tGAP_CCB* gap_find_ccb_by_cid(uint16_t cid) {
  uint16_t xx;
  tGAP_CCB* p_ccb;

  /* Look through each connection control block */
  for (xx = 0, p_ccb = conn.ccb_pool; xx < GAP_MAX_CONNECTIONS; xx++, p_ccb++) {
    if ((p_ccb->con_state != GAP_CCB_STATE_IDLE) &&
        (p_ccb->connection_id == cid))
      return (p_ccb);
  }

  /* If here, not found */
  return (NULL);
}

/*******************************************************************************
 *
 * Function         gap_find_ccb_by_handle
 *
 * Description      This function searches the CCB table for an entry with the
 *                  passed handle.
 *
 * Returns          the CCB address, or NULL if not found.
 *
 ******************************************************************************/
static tGAP_CCB* gap_find_ccb_by_handle(uint16_t handle) {
  tGAP_CCB* p_ccb;

  /* Check that handle is valid */
  if (handle < GAP_MAX_CONNECTIONS) {
    p_ccb = &conn.ccb_pool[handle];

    if (p_ccb->con_state != GAP_CCB_STATE_IDLE) return (p_ccb);
  }

  /* If here, handle points to invalid connection */
  return (NULL);
}

/*******************************************************************************
 *
 * Function         gap_allocate_ccb
 *
 * Description      This function allocates a new CCB.
 *
 * Returns          CCB address, or NULL if none available.
 *
 ******************************************************************************/
static tGAP_CCB* gap_allocate_ccb(void) {
  uint16_t xx;
  tGAP_CCB* p_ccb;

  /* Look through each connection control block for a free one */
  for (xx = 0, p_ccb = conn.ccb_pool; xx < GAP_MAX_CONNECTIONS; xx++, p_ccb++) {
    if (p_ccb->con_state == GAP_CCB_STATE_IDLE) {
      memset(p_ccb, 0, sizeof(tGAP_CCB));
      p_ccb->tx_queue = fixed_queue_new(SIZE_MAX);
      p_ccb->rx_queue = fixed_queue_new(SIZE_MAX);

      p_ccb->gap_handle = xx;
      p_ccb->rem_mtu_size = L2CAP_MTU_SIZE;

      return (p_ccb);
    }
  }

  /* If here, no free CCB found */
  return (NULL);
}

/*******************************************************************************
 *
 * Function         gap_release_ccb
 *
 * Description      This function releases a CCB.
 *
 * Returns          void
 *
 ******************************************************************************/
static void gap_release_ccb(tGAP_CCB* p_ccb) {
  /* Drop any buffers we may be holding */
  p_ccb->rx_queue_size = 0;

  while (!fixed_queue_is_empty(p_ccb->rx_queue))
    osi_free(fixed_queue_try_dequeue(p_ccb->rx_queue));
  fixed_queue_free(p_ccb->rx_queue, NULL);
  p_ccb->rx_queue = NULL;

  while (!fixed_queue_is_empty(p_ccb->tx_queue))
    osi_free(fixed_queue_try_dequeue(p_ccb->tx_queue));
  fixed_queue_free(p_ccb->tx_queue, NULL);
  p_ccb->tx_queue = NULL;

  p_ccb->con_state = GAP_CCB_STATE_IDLE;

  /* If no-one else is using the PSM, deregister from L2CAP */
  tGAP_CCB* p_ccb_local = conn.ccb_pool;
  for (uint16_t i = 0; i < GAP_MAX_CONNECTIONS; i++, p_ccb_local++) {
    if ((p_ccb_local->con_state != GAP_CCB_STATE_IDLE) &&
        (p_ccb_local->psm == p_ccb->psm)) {
      DVLOG(1) << __func__ << " : " << +p_ccb_local->psm
               << " PSM is still in use, do not deregister";
      return;
    }
  }

  /* Free the security record for this PSM */
  BTM_SecClrService(p_ccb->service_id);
  if (p_ccb->transport == BT_TRANSPORT_BR_EDR) L2CA_DEREGISTER(p_ccb->psm);
  if (p_ccb->transport == BT_TRANSPORT_LE) L2CA_DEREGISTER_COC(p_ccb->psm);
}

extern void gap_attr_db_init(void);

/*
 * This routine should not be called except once per stack invocation.
 */
void GAP_Init(void) {
  gap_conn_init();
  gap_attr_db_init();
}