/******************************************************************************
*
* Copyright (C) 1999-2012 Broadcom Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
******************************************************************************/
/******************************************************************************
*
* This file contains state machine and action routines for multiplexer
* channel of the RFCOMM unit
*
******************************************************************************/
#include <string.h>
#include "bt_common.h"
#include "bt_types.h"
#include "bt_utils.h"
#include "l2c_api.h"
#include "l2cdefs.h"
#include "osi/include/osi.h"
#include "port_api.h"
#include "port_int.h"
#include "rfc_int.h"
#include "rfcdefs.h"
#define L2CAP_SUCCESS 0
#define L2CAP_ERROR 1
/******************************************************************************/
/* L O C A L F U N C T I O N P R O T O T Y P E S */
/******************************************************************************/
static void rfc_mx_sm_state_idle(tRFC_MCB* p_mcb, uint16_t event, void* p_data);
static void rfc_mx_sm_state_wait_conn_cnf(tRFC_MCB* p_mcb, uint16_t event,
void* p_data);
static void rfc_mx_sm_state_configure(tRFC_MCB* p_mcb, uint16_t event,
void* p_data);
static void rfc_mx_sm_sabme_wait_ua(tRFC_MCB* p_mcb, uint16_t event,
void* p_data);
static void rfc_mx_sm_state_wait_sabme(tRFC_MCB* p_mcb, uint16_t event,
void* p_data);
static void rfc_mx_sm_state_connected(tRFC_MCB* p_mcb, uint16_t event,
UNUSED_ATTR void* p_data);
static void rfc_mx_sm_state_disc_wait_ua(tRFC_MCB* p_mcb, uint16_t event,
void* p_data);
static void rfc_mx_send_config_req(tRFC_MCB* p_mcb);
static void rfc_mx_conf_ind(tRFC_MCB* p_mcb, tL2CAP_CFG_INFO* p_cfg);
static void rfc_mx_conf_cnf(tRFC_MCB* p_mcb, tL2CAP_CFG_INFO* p_cfg);
/*******************************************************************************
*
* Function rfc_mx_sm_execute
*
* Description This function sends multiplexor events through the state
* machine.
*
* Returns void
*
******************************************************************************/
void rfc_mx_sm_execute(tRFC_MCB* p_mcb, uint16_t event, void* p_data) {
switch (p_mcb->state) {
case RFC_MX_STATE_IDLE:
rfc_mx_sm_state_idle(p_mcb, event, p_data);
break;
case RFC_MX_STATE_WAIT_CONN_CNF:
rfc_mx_sm_state_wait_conn_cnf(p_mcb, event, p_data);
break;
case RFC_MX_STATE_CONFIGURE:
rfc_mx_sm_state_configure(p_mcb, event, p_data);
break;
case RFC_MX_STATE_SABME_WAIT_UA:
rfc_mx_sm_sabme_wait_ua(p_mcb, event, p_data);
break;
case RFC_MX_STATE_WAIT_SABME:
rfc_mx_sm_state_wait_sabme(p_mcb, event, p_data);
break;
case RFC_MX_STATE_CONNECTED:
rfc_mx_sm_state_connected(p_mcb, event, p_data);
break;
case RFC_MX_STATE_DISC_WAIT_UA:
rfc_mx_sm_state_disc_wait_ua(p_mcb, event, p_data);
break;
}
}
/*******************************************************************************
*
* Function rfc_mx_sm_state_idle
*
* Description This function handles events when the multiplexer is in
* IDLE state. This state exists when connection is being
* initially established.
*
* Returns void
*
******************************************************************************/
void rfc_mx_sm_state_idle(tRFC_MCB* p_mcb, uint16_t event, void* p_data) {
RFCOMM_TRACE_EVENT("rfc_mx_sm_state_idle - evt:%d", event);
switch (event) {
case RFC_MX_EVENT_START_REQ: {
/* Initialize L2CAP MTU */
p_mcb->peer_l2cap_mtu = L2CAP_DEFAULT_MTU - RFCOMM_MIN_OFFSET - 1;
uint16_t lcid = L2CA_ConnectReq(BT_PSM_RFCOMM, p_mcb->bd_addr);
if (lcid == 0) {
rfc_save_lcid_mcb(NULL, p_mcb->lcid);
p_mcb->lcid = 0;
PORT_StartCnf(p_mcb, RFCOMM_ERROR);
return;
}
p_mcb->lcid = lcid;
/* Save entry for quicker access to mcb based on the LCID */
rfc_save_lcid_mcb(p_mcb, p_mcb->lcid);
p_mcb->state = RFC_MX_STATE_WAIT_CONN_CNF;
return;
}
case RFC_MX_EVENT_START_RSP:
case RFC_MX_EVENT_CONN_CNF:
case RFC_MX_EVENT_CONF_IND:
case RFC_MX_EVENT_CONF_CNF:
RFCOMM_TRACE_ERROR("Mx error state %d event %d", p_mcb->state, event);
return;
case RFC_MX_EVENT_CONN_IND:
rfc_timer_start(p_mcb, RFCOMM_CONN_TIMEOUT);
L2CA_ConnectRsp(p_mcb->bd_addr, *((uint8_t*)p_data), p_mcb->lcid,
L2CAP_CONN_OK, 0);
rfc_mx_send_config_req(p_mcb);
p_mcb->state = RFC_MX_STATE_CONFIGURE;
return;
case RFC_EVENT_SABME:
break;
case RFC_EVENT_UA:
case RFC_EVENT_DM:
return;
case RFC_EVENT_DISC:
rfc_send_dm(p_mcb, RFCOMM_MX_DLCI, true);
return;
case RFC_EVENT_UIH:
rfc_send_dm(p_mcb, RFCOMM_MX_DLCI, false);
return;
}
RFCOMM_TRACE_EVENT("RFCOMM MX ignored - evt:%d in state:%d", event,
p_mcb->state);
}
/*******************************************************************************
*
* Function rfc_mx_sm_state_wait_conn_cnf
*
* Description This function handles events when the multiplexer is
* waiting for Connection Confirm from L2CAP.
*
* Returns void
*
******************************************************************************/
void rfc_mx_sm_state_wait_conn_cnf(tRFC_MCB* p_mcb, uint16_t event,
void* p_data) {
RFCOMM_TRACE_EVENT("rfc_mx_sm_state_wait_conn_cnf - evt:%d", event);
switch (event) {
case RFC_MX_EVENT_START_REQ:
RFCOMM_TRACE_ERROR("Mx error state %d event %d", p_mcb->state, event);
return;
/* There is some new timing so that Config Ind comes before security is
completed
so we are still waiting fo the confirmation. */
case RFC_MX_EVENT_CONF_IND:
rfc_mx_conf_ind(p_mcb, (tL2CAP_CFG_INFO*)p_data);
return;
case RFC_MX_EVENT_CONN_CNF:
if (*((uint16_t*)p_data) != L2CAP_SUCCESS) {
p_mcb->state = RFC_MX_STATE_IDLE;
PORT_StartCnf(p_mcb, *((uint16_t*)p_data));
return;
}
p_mcb->state = RFC_MX_STATE_CONFIGURE;
rfc_mx_send_config_req(p_mcb);
return;
case RFC_MX_EVENT_DISC_IND:
p_mcb->state = RFC_MX_STATE_IDLE;
PORT_CloseInd(p_mcb);
return;
case RFC_EVENT_TIMEOUT:
p_mcb->state = RFC_MX_STATE_IDLE;
L2CA_DisconnectReq(p_mcb->lcid);
/* we gave up outgoing connection request then try peer's request */
if (p_mcb->pending_lcid) {
uint16_t i;
uint8_t idx;
RFCOMM_TRACE_DEBUG(
"RFCOMM MX retry as acceptor in collision case - evt:%d in "
"state:%d",
event, p_mcb->state);
rfc_save_lcid_mcb(NULL, p_mcb->lcid);
p_mcb->lcid = p_mcb->pending_lcid;
rfc_save_lcid_mcb(p_mcb, p_mcb->lcid);
p_mcb->is_initiator = false;
/* update direction bit */
for (i = 0; i < RFCOMM_MAX_DLCI; i += 2) {
idx = p_mcb->port_inx[i];
if (idx != 0) {
p_mcb->port_inx[i] = 0;
p_mcb->port_inx[i + 1] = idx;
rfc_cb.port.port[idx - 1].dlci += 1;
RFCOMM_TRACE_DEBUG("RFCOMM MX - DLCI:%d -> %d", i,
rfc_cb.port.port[idx - 1].dlci);
}
}
rfc_mx_sm_execute(p_mcb, RFC_MX_EVENT_CONN_IND, &(p_mcb->pending_id));
} else {
PORT_CloseInd(p_mcb);
}
return;
}
RFCOMM_TRACE_EVENT("RFCOMM MX ignored - evt:%d in state:%d", event,
p_mcb->state);
}
/*******************************************************************************
*
* Function rfc_mx_sm_state_configure
*
* Description This function handles events when the multiplexer in the
* configuration state.
*
* Returns void
*
******************************************************************************/
void rfc_mx_sm_state_configure(tRFC_MCB* p_mcb, uint16_t event, void* p_data) {
RFCOMM_TRACE_EVENT("rfc_mx_sm_state_configure - evt:%d", event);
switch (event) {
case RFC_MX_EVENT_START_REQ:
case RFC_MX_EVENT_CONN_CNF:
RFCOMM_TRACE_ERROR("Mx error state %d event %d", p_mcb->state, event);
return;
case RFC_MX_EVENT_CONF_IND:
rfc_mx_conf_ind(p_mcb, (tL2CAP_CFG_INFO*)p_data);
return;
case RFC_MX_EVENT_CONF_CNF:
rfc_mx_conf_cnf(p_mcb, (tL2CAP_CFG_INFO*)p_data);
return;
case RFC_MX_EVENT_DISC_IND:
p_mcb->state = RFC_MX_STATE_IDLE;
PORT_CloseInd(p_mcb);
return;
case RFC_EVENT_TIMEOUT:
p_mcb->state = RFC_MX_STATE_IDLE;
L2CA_DisconnectReq(p_mcb->lcid);
PORT_StartCnf(p_mcb, RFCOMM_ERROR);
return;
}
RFCOMM_TRACE_EVENT("RFCOMM MX ignored - evt:%d in state:%d", event,
p_mcb->state);
}
/*******************************************************************************
*
* Function rfc_mx_sm_sabme_wait_ua
*
* Description This function handles events when the multiplexer sent
* SABME and is waiting for UA reply.
*
* Returns void
*
******************************************************************************/
void rfc_mx_sm_sabme_wait_ua(tRFC_MCB* p_mcb, uint16_t event,
UNUSED_ATTR void* p_data) {
RFCOMM_TRACE_EVENT("rfc_mx_sm_sabme_wait_ua - evt:%d", event);
switch (event) {
case RFC_MX_EVENT_START_REQ:
case RFC_MX_EVENT_CONN_CNF:
RFCOMM_TRACE_ERROR("Mx error state %d event %d", p_mcb->state, event);
return;
/* workaround: we don't support reconfig */
/* commented out until we support reconfig
case RFC_MX_EVENT_CONF_IND:
rfc_mx_conf_ind (p_mcb, (tL2CAP_CFG_INFO *)p_data);
return;
case RFC_MX_EVENT_CONF_CNF:
rfc_mx_conf_cnf (p_mcb, (tL2CAP_CFG_INFO *)p_data);
return;
*/
case RFC_MX_EVENT_DISC_IND:
p_mcb->state = RFC_MX_STATE_IDLE;
PORT_CloseInd(p_mcb);
return;
case RFC_EVENT_UA:
rfc_timer_stop(p_mcb);
p_mcb->state = RFC_MX_STATE_CONNECTED;
p_mcb->peer_ready = true;
PORT_StartCnf(p_mcb, RFCOMM_SUCCESS);
return;
case RFC_EVENT_DM:
rfc_timer_stop(p_mcb);
/* Case falls through */
case RFC_MX_EVENT_CONF_IND: /* workaround: we don't support reconfig */
case RFC_MX_EVENT_CONF_CNF: /* workaround: we don't support reconfig */
case RFC_EVENT_TIMEOUT:
p_mcb->state = RFC_MX_STATE_IDLE;
L2CA_DisconnectReq(p_mcb->lcid);
PORT_StartCnf(p_mcb, RFCOMM_ERROR);
return;
}
RFCOMM_TRACE_EVENT("RFCOMM MX ignored - evt:%d in state:%d", event,
p_mcb->state);
}
/*******************************************************************************
*
* Function rfc_mx_sm_state_wait_sabme
*
* Description This function handles events when the multiplexer is
* waiting for SABME on the acceptor side after configuration
*
* Returns void
*
******************************************************************************/
void rfc_mx_sm_state_wait_sabme(tRFC_MCB* p_mcb, uint16_t event, void* p_data) {
RFCOMM_TRACE_EVENT("rfc_mx_sm_state_wait_sabme - evt:%d", event);
switch (event) {
case RFC_MX_EVENT_DISC_IND:
p_mcb->state = RFC_MX_STATE_IDLE;
PORT_CloseInd(p_mcb);
return;
case RFC_EVENT_SABME:
/* if we gave up outgoing connection request */
if (p_mcb->pending_lcid) {
p_mcb->pending_lcid = 0;
rfc_send_ua(p_mcb, RFCOMM_MX_DLCI);
rfc_timer_stop(p_mcb);
p_mcb->state = RFC_MX_STATE_CONNECTED;
p_mcb->peer_ready = true;
/* MX channel collision has been resolved, continue to open ports */
PORT_StartCnf(p_mcb, RFCOMM_SUCCESS);
} else {
rfc_timer_stop(p_mcb);
PORT_StartInd(p_mcb);
}
return;
case RFC_MX_EVENT_START_RSP:
if (*((uint16_t*)p_data) != RFCOMM_SUCCESS)
rfc_send_dm(p_mcb, RFCOMM_MX_DLCI, true);
else {
rfc_send_ua(p_mcb, RFCOMM_MX_DLCI);
p_mcb->state = RFC_MX_STATE_CONNECTED;
p_mcb->peer_ready = true;
PORT_StartCnf(p_mcb, RFCOMM_SUCCESS);
}
return;
case RFC_MX_EVENT_CONF_IND: /* workaround: we don't support reconfig */
case RFC_MX_EVENT_CONF_CNF: /* workaround: we don't support reconfig */
case RFC_EVENT_TIMEOUT:
p_mcb->state = RFC_MX_STATE_IDLE;
L2CA_DisconnectReq(p_mcb->lcid);
PORT_CloseInd(p_mcb);
return;
}
RFCOMM_TRACE_EVENT("RFCOMM MX ignored - evt:%d in state:%d", event,
p_mcb->state);
}
/*******************************************************************************
*
* Function rfc_mx_sm_state_connected
*
* Description This function handles events when the multiplexer is
* in the CONNECTED state
*
* Returns void
*
******************************************************************************/
void rfc_mx_sm_state_connected(tRFC_MCB* p_mcb, uint16_t event,
UNUSED_ATTR void* p_data) {
RFCOMM_TRACE_EVENT("rfc_mx_sm_state_connected - evt:%d", event);
switch (event) {
case RFC_EVENT_TIMEOUT:
case RFC_MX_EVENT_CLOSE_REQ:
rfc_timer_start(p_mcb, RFC_DISC_TIMEOUT);
p_mcb->state = RFC_MX_STATE_DISC_WAIT_UA;
rfc_send_disc(p_mcb, RFCOMM_MX_DLCI);
return;
case RFC_MX_EVENT_DISC_IND:
p_mcb->state = RFC_MX_STATE_IDLE;
PORT_CloseInd(p_mcb);
return;
case RFC_EVENT_DISC:
/* Reply with UA. If initiator bring down L2CAP connection */
/* If server wait for some time if client decide to reinitiate channel */
rfc_send_ua(p_mcb, RFCOMM_MX_DLCI);
if (p_mcb->is_initiator) {
L2CA_DisconnectReq(p_mcb->lcid);
}
/* notify all ports that connection is gone */
PORT_CloseInd(p_mcb);
return;
}
RFCOMM_TRACE_EVENT("RFCOMM MX ignored - evt:%d in state:%d", event,
p_mcb->state);
}
/*******************************************************************************
*
* Function rfc_mx_sm_state_disc_wait_ua
*
* Description This function handles events when the multiplexer sent
* DISC and is waiting for UA reply.
*
* Returns void
*
******************************************************************************/
void rfc_mx_sm_state_disc_wait_ua(tRFC_MCB* p_mcb, uint16_t event,
void* p_data) {
BT_HDR* p_buf;
RFCOMM_TRACE_EVENT("rfc_mx_sm_state_disc_wait_ua - evt:%d", event);
switch (event) {
case RFC_EVENT_UA:
case RFC_EVENT_DM:
case RFC_EVENT_TIMEOUT:
L2CA_DisconnectReq(p_mcb->lcid);
if (p_mcb->restart_required) {
/* Start Request was received while disconnecting. Execute it again */
uint16_t lcid = L2CA_ConnectReq(BT_PSM_RFCOMM, p_mcb->bd_addr);
if (lcid == 0) {
rfc_save_lcid_mcb(NULL, p_mcb->lcid);
p_mcb->lcid = 0;
PORT_StartCnf(p_mcb, RFCOMM_ERROR);
return;
}
p_mcb->lcid = lcid;
/* Save entry for quicker access to mcb based on the LCID */
rfc_save_lcid_mcb(p_mcb, p_mcb->lcid);
/* clean up before reuse it */
while ((p_buf = (BT_HDR*)fixed_queue_try_dequeue(p_mcb->cmd_q)) != NULL)
osi_free(p_buf);
rfc_timer_start(p_mcb, RFC_MCB_INIT_INACT_TIMER);
p_mcb->is_initiator = true;
p_mcb->restart_required = false;
p_mcb->local_cfg_sent = false;
p_mcb->peer_cfg_rcvd = false;
p_mcb->state = RFC_MX_STATE_WAIT_CONN_CNF;
return;
}
rfc_release_multiplexer_channel(p_mcb);
return;
case RFC_EVENT_DISC:
rfc_send_ua(p_mcb, RFCOMM_MX_DLCI);
return;
case RFC_EVENT_UIH:
osi_free(p_data);
rfc_send_dm(p_mcb, RFCOMM_MX_DLCI, false);
return;
case RFC_MX_EVENT_START_REQ:
p_mcb->restart_required = true;
return;
case RFC_MX_EVENT_DISC_IND:
p_mcb->state = RFC_MX_STATE_IDLE;
PORT_CloseInd(p_mcb);
return;
case RFC_MX_EVENT_CLOSE_REQ:
return;
case RFC_MX_EVENT_QOS_VIOLATION_IND:
break;
}
RFCOMM_TRACE_EVENT("RFCOMM MX ignored - evt:%d in state:%d", event,
p_mcb->state);
}
/*******************************************************************************
*
* Function rfc_mx_send_config_req
*
* Description This function handles L2CA_ConnectInd message from the
* L2CAP. Accept connection.
*
******************************************************************************/
static void rfc_mx_send_config_req(tRFC_MCB* p_mcb) {
tL2CAP_CFG_INFO cfg;
RFCOMM_TRACE_EVENT("rfc_mx_send_config_req");
memset(&cfg, 0, sizeof(tL2CAP_CFG_INFO));
cfg.mtu_present = true;
cfg.mtu = L2CAP_MTU_SIZE;
/* Defaults set by memset
cfg.flush_to_present = false;
cfg.qos_present = false;
cfg.fcr_present = false;
cfg.fcr.mode = L2CAP_FCR_BASIC_MODE;
cfg.fcs_present = false;
cfg.fcs = N/A when fcs_present is false;
*/
L2CA_ConfigReq(p_mcb->lcid, &cfg);
}
/*******************************************************************************
*
* Function rfc_mx_conf_cnf
*
* Description This function handles L2CA_ConfigCnf message from the
* L2CAP. If result is not success tell upper layer that
* start has not been accepted. If initiator send SABME
* on DLCI 0. T1 is still running.
*
******************************************************************************/
static void rfc_mx_conf_cnf(tRFC_MCB* p_mcb, tL2CAP_CFG_INFO* p_cfg) {
RFCOMM_TRACE_EVENT("rfc_mx_conf_cnf p_cfg:%08x res:%d ", p_cfg,
(p_cfg) ? p_cfg->result : 0);
if (p_cfg->result != L2CAP_CFG_OK) {
if (p_mcb->is_initiator) {
PORT_StartCnf(p_mcb, p_cfg->result);
L2CA_DisconnectReq(p_mcb->lcid);
}
rfc_release_multiplexer_channel(p_mcb);
return;
}
p_mcb->local_cfg_sent = true;
if ((p_mcb->state == RFC_MX_STATE_CONFIGURE) && p_mcb->peer_cfg_rcvd) {
if (p_mcb->is_initiator) {
p_mcb->state = RFC_MX_STATE_SABME_WAIT_UA;
rfc_send_sabme(p_mcb, RFCOMM_MX_DLCI);
rfc_timer_start(p_mcb, RFC_T1_TIMEOUT);
} else {
p_mcb->state = RFC_MX_STATE_WAIT_SABME;
rfc_timer_start(
p_mcb, RFCOMM_CONN_TIMEOUT); /* - increased from T2=20 to CONN=120
to allow the user more than 10 sec to type in the
pin which can be e.g. 16 digits */
}
}
}
/*******************************************************************************
*
* Function rfc_mx_conf_ind
*
* Description This function handles L2CA_ConfigInd message from the
* L2CAP. Send the L2CA_ConfigRsp message.
*
******************************************************************************/
static void rfc_mx_conf_ind(tRFC_MCB* p_mcb, tL2CAP_CFG_INFO* p_cfg) {
/* Save peer L2CAP MTU if present */
/* RFCOMM adds 3-4 bytes in the beginning and 1 bytes FCS */
if (p_cfg->mtu_present)
p_mcb->peer_l2cap_mtu = p_cfg->mtu - RFCOMM_MIN_OFFSET - 1;
else
p_mcb->peer_l2cap_mtu = L2CAP_DEFAULT_MTU - RFCOMM_MIN_OFFSET - 1;
p_cfg->mtu_present = false;
p_cfg->flush_to_present = false;
p_cfg->qos_present = false;
p_cfg->result = L2CAP_CFG_OK;
L2CA_ConfigRsp(p_mcb->lcid, p_cfg);
p_mcb->peer_cfg_rcvd = true;
if ((p_mcb->state == RFC_MX_STATE_CONFIGURE) && p_mcb->local_cfg_sent) {
if (p_mcb->is_initiator) {
p_mcb->state = RFC_MX_STATE_SABME_WAIT_UA;
rfc_send_sabme(p_mcb, RFCOMM_MX_DLCI);
rfc_timer_start(p_mcb, RFC_T1_TIMEOUT);
} else {
p_mcb->state = RFC_MX_STATE_WAIT_SABME;
rfc_timer_start(
p_mcb, RFCOMM_CONN_TIMEOUT); /* - increased from T2=20 to CONN=120
to allow the user more than 10 sec to type in the
pin which can be e.g. 16 digits */
}
}
}