1 /* rfcomm.c - RFCOMM handling */
2
3 /*
4 * Copyright (c) 2016 Intel Corporation
5 *
6 * SPDX-License-Identifier: Apache-2.0
7 */
8
9 #include <zephyr/kernel.h>
10 #include <string.h>
11 #include <errno.h>
12 #include <zephyr/sys/atomic.h>
13 #include <zephyr/sys/byteorder.h>
14 #include <zephyr/sys/util.h>
15 #include <zephyr/debug/stack.h>
16
17 #include <zephyr/bluetooth/hci.h>
18 #include <zephyr/bluetooth/bluetooth.h>
19 #include <zephyr/bluetooth/conn.h>
20 #include <zephyr/bluetooth/l2cap.h>
21
22 #include <zephyr/bluetooth/classic/rfcomm.h>
23
24 #include "host/hci_core.h"
25 #include "host/conn_internal.h"
26 #include "l2cap_br_internal.h"
27 #include "rfcomm_internal.h"
28
29 #define LOG_LEVEL CONFIG_BT_RFCOMM_LOG_LEVEL
30 #include <zephyr/logging/log.h>
31 LOG_MODULE_REGISTER(bt_rfcomm);
32
33 #define RFCOMM_CHANNEL_START 0x01
34 #define RFCOMM_CHANNEL_END 0x1e
35
36 #define RFCOMM_MIN_MTU BT_RFCOMM_SIG_MIN_MTU
37 #define RFCOMM_DEFAULT_MTU 127
38
39 #define RFCOMM_MAX_CREDITS (BT_BUF_ACL_RX_COUNT - 1)
40 #define RFCOMM_CREDITS_THRESHOLD (RFCOMM_MAX_CREDITS / 2)
41 #define RFCOMM_DEFAULT_CREDIT RFCOMM_MAX_CREDITS
42
43 #define RFCOMM_CONN_TIMEOUT K_SECONDS(60)
44 #define RFCOMM_DISC_TIMEOUT K_SECONDS(20)
45 #define RFCOMM_IDLE_TIMEOUT K_SECONDS(2)
46
47 #define DLC_RTX(_w) CONTAINER_OF(k_work_delayable_from_work(_w), \
48 struct bt_rfcomm_dlc, rtx_work)
49 #define SESSION_RTX(_w) CONTAINER_OF(k_work_delayable_from_work(_w), \
50 struct bt_rfcomm_session, rtx_work)
51
52 static struct bt_rfcomm_server *servers;
53
54 /* Pool for dummy buffers to wake up the tx threads */
55 NET_BUF_POOL_DEFINE(dummy_pool, CONFIG_BT_MAX_CONN, 0, 0, NULL);
56
57 #define RFCOMM_SESSION(_ch) CONTAINER_OF(_ch, \
58 struct bt_rfcomm_session, br_chan.chan)
59
60 static struct bt_rfcomm_session bt_rfcomm_pool[CONFIG_BT_MAX_CONN];
61
62 /* reversed, 8-bit, poly=0x07 */
63 static const uint8_t rfcomm_crc_table[256] = {
64 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
65 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
66 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
67 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
68
69 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
70 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
71 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
72 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
73
74 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
75 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
76 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
77 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
78
79 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
80 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
81 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
82 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
83
84 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
85 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
86 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
87 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
88
89 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
90 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
91 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
92 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
93
94 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
95 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
96 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
97 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
98
99 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
100 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
101 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
102 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
103 };
104
rfcomm_calc_fcs(uint16_t len,const uint8_t * data)105 static uint8_t rfcomm_calc_fcs(uint16_t len, const uint8_t *data)
106 {
107 uint8_t fcs = 0xff;
108
109 while (len--) {
110 fcs = rfcomm_crc_table[fcs ^ *data++];
111 }
112
113 /* Ones compliment */
114 return (0xff - fcs);
115 }
116
rfcomm_check_fcs(uint16_t len,const uint8_t * data,uint8_t recvd_fcs)117 static bool rfcomm_check_fcs(uint16_t len, const uint8_t *data,
118 uint8_t recvd_fcs)
119 {
120 uint8_t fcs = 0xff;
121
122 while (len--) {
123 fcs = rfcomm_crc_table[fcs ^ *data++];
124 }
125
126 /* Ones compliment */
127 fcs = rfcomm_crc_table[fcs ^ recvd_fcs];
128
129 /*0xCF is the reversed order of 11110011.*/
130 return (fcs == 0xcf);
131 }
132
rfcomm_dlcs_lookup_dlci(struct bt_rfcomm_dlc * dlcs,uint8_t dlci)133 static struct bt_rfcomm_dlc *rfcomm_dlcs_lookup_dlci(struct bt_rfcomm_dlc *dlcs,
134 uint8_t dlci)
135 {
136 for (; dlcs; dlcs = dlcs->_next) {
137 if (dlcs->dlci == dlci) {
138 return dlcs;
139 }
140 }
141
142 return NULL;
143 }
144
rfcomm_dlcs_remove_dlci(struct bt_rfcomm_dlc * dlcs,uint8_t dlci)145 static struct bt_rfcomm_dlc *rfcomm_dlcs_remove_dlci(struct bt_rfcomm_dlc *dlcs,
146 uint8_t dlci)
147 {
148 struct bt_rfcomm_dlc *tmp;
149
150 if (!dlcs) {
151 return NULL;
152 }
153
154 /* If first node is the one to be removed */
155 if (dlcs->dlci == dlci) {
156 dlcs->session->dlcs = dlcs->_next;
157 return dlcs;
158 }
159
160 for (tmp = dlcs, dlcs = dlcs->_next; dlcs; dlcs = dlcs->_next) {
161 if (dlcs->dlci == dlci) {
162 tmp->_next = dlcs->_next;
163 return dlcs;
164 }
165 tmp = dlcs;
166 }
167
168 return NULL;
169 }
170
rfcomm_server_lookup_channel(uint8_t channel)171 static struct bt_rfcomm_server *rfcomm_server_lookup_channel(uint8_t channel)
172 {
173 struct bt_rfcomm_server *server;
174
175 for (server = servers; server; server = server->_next) {
176 if (server->channel == channel) {
177 return server;
178 }
179 }
180
181 return NULL;
182 }
183
184 static struct bt_rfcomm_session *
rfcomm_sessions_lookup_bt_conn(struct bt_conn * conn)185 rfcomm_sessions_lookup_bt_conn(struct bt_conn *conn)
186 {
187 int i;
188
189 for (i = 0; i < ARRAY_SIZE(bt_rfcomm_pool); i++) {
190 struct bt_rfcomm_session *session = &bt_rfcomm_pool[i];
191
192 if (session->br_chan.chan.conn == conn) {
193 return session;
194 }
195 }
196
197 return NULL;
198 }
199
bt_rfcomm_server_register(struct bt_rfcomm_server * server)200 int bt_rfcomm_server_register(struct bt_rfcomm_server *server)
201 {
202 if (server->channel > RFCOMM_CHANNEL_END || !server->accept) {
203 return -EINVAL;
204 }
205
206 if (!server->channel) {
207 uint8_t chan = (uint8_t)BT_RFCOMM_CHAN_DYNAMIC_START;
208
209 for (; chan <= RFCOMM_CHANNEL_END; chan++) {
210 /* Check if given channel is already in use */
211 if (!rfcomm_server_lookup_channel(chan)) {
212 server->channel = chan;
213 LOG_DBG("Allocated channel 0x%02x for new server", chan);
214 break;
215 }
216 }
217
218 if (!server->channel) {
219 LOG_WRN("No free dynamic rfcomm channels available");
220 return -EADDRNOTAVAIL;
221 }
222 } else {
223 /* Check if given channel is already in use */
224 if (rfcomm_server_lookup_channel(server->channel)) {
225 LOG_WRN("Channel already registered");
226 return -EADDRINUSE;
227 }
228 }
229
230 LOG_DBG("Channel 0x%02x", server->channel);
231
232 server->_next = servers;
233 servers = server;
234
235 return 0;
236 }
237
rfcomm_dlc_tx_give_credits(struct bt_rfcomm_dlc * dlc,uint8_t credits)238 static void rfcomm_dlc_tx_give_credits(struct bt_rfcomm_dlc *dlc,
239 uint8_t credits)
240 {
241 LOG_DBG("dlc %p credits %u", dlc, credits);
242
243 while (credits--) {
244 k_sem_give(&dlc->tx_credits);
245 }
246
247 LOG_DBG("dlc %p updated credits %u", dlc, k_sem_count_get(&dlc->tx_credits));
248 }
249
rfcomm_dlc_destroy(struct bt_rfcomm_dlc * dlc)250 static void rfcomm_dlc_destroy(struct bt_rfcomm_dlc *dlc)
251 {
252 LOG_DBG("dlc %p", dlc);
253
254 k_work_cancel_delayable(&dlc->rtx_work);
255 dlc->state = BT_RFCOMM_STATE_IDLE;
256 dlc->session = NULL;
257
258 if (dlc->ops && dlc->ops->disconnected) {
259 dlc->ops->disconnected(dlc);
260 }
261 }
262
rfcomm_dlc_disconnect(struct bt_rfcomm_dlc * dlc)263 static void rfcomm_dlc_disconnect(struct bt_rfcomm_dlc *dlc)
264 {
265 uint8_t old_state = dlc->state;
266
267 LOG_DBG("dlc %p", dlc);
268
269 if (dlc->state == BT_RFCOMM_STATE_DISCONNECTED) {
270 return;
271 }
272
273 dlc->state = BT_RFCOMM_STATE_DISCONNECTED;
274
275 switch (old_state) {
276 case BT_RFCOMM_STATE_CONNECTED:
277 /* Queue a dummy buffer to wake up and stop the
278 * tx thread for states where it was running.
279 */
280 k_fifo_put(&dlc->tx_queue, net_buf_alloc(&dummy_pool, K_NO_WAIT));
281
282 /* There could be a writer waiting for credits so return a
283 * dummy credit to wake it up.
284 */
285 rfcomm_dlc_tx_give_credits(dlc, 1);
286 k_sem_give(&dlc->session->fc);
287 break;
288 default:
289 rfcomm_dlc_destroy(dlc);
290 break;
291 }
292 }
293
rfcomm_session_disconnected(struct bt_rfcomm_session * session)294 static void rfcomm_session_disconnected(struct bt_rfcomm_session *session)
295 {
296 struct bt_rfcomm_dlc *dlc;
297
298 LOG_DBG("Session %p", session);
299
300 if (session->state == BT_RFCOMM_STATE_DISCONNECTED) {
301 return;
302 }
303
304 for (dlc = session->dlcs; dlc;) {
305 struct bt_rfcomm_dlc *next;
306
307 /* prefetch since disconnected callback may cleanup */
308 next = dlc->_next;
309 dlc->_next = NULL;
310
311 rfcomm_dlc_disconnect(dlc);
312
313 dlc = next;
314 }
315
316 session->state = BT_RFCOMM_STATE_DISCONNECTED;
317 session->dlcs = NULL;
318 }
319
bt_rfcomm_create_pdu(struct net_buf_pool * pool)320 struct net_buf *bt_rfcomm_create_pdu(struct net_buf_pool *pool)
321 {
322 /* Length in RFCOMM header can be 2 bytes depending on length of user
323 * data
324 */
325 return bt_conn_create_pdu(pool,
326 sizeof(struct bt_l2cap_hdr) +
327 sizeof(struct bt_rfcomm_hdr) + 1);
328 }
329
rfcomm_send_cb(struct bt_rfcomm_session * session,struct net_buf * buf,bt_conn_tx_cb_t cb,void * user_data)330 static int rfcomm_send_cb(struct bt_rfcomm_session *session, struct net_buf *buf,
331 bt_conn_tx_cb_t cb, void *user_data)
332 {
333 int err;
334
335 err = bt_l2cap_br_chan_send_cb(&session->br_chan.chan, buf, cb, user_data);
336 if (err < 0) {
337 net_buf_unref(buf);
338 }
339
340 return err;
341 }
342
rfcomm_send(struct bt_rfcomm_session * session,struct net_buf * buf)343 static int rfcomm_send(struct bt_rfcomm_session *session, struct net_buf *buf)
344 {
345 return rfcomm_send_cb(session, buf, NULL, NULL);
346 }
347
rfcomm_send_sabm(struct bt_rfcomm_session * session,uint8_t dlci)348 static int rfcomm_send_sabm(struct bt_rfcomm_session *session, uint8_t dlci)
349 {
350 struct bt_rfcomm_hdr *hdr;
351 struct net_buf *buf;
352 uint8_t cr, fcs;
353
354 buf = bt_l2cap_create_pdu(NULL, 0);
355
356 hdr = net_buf_add(buf, sizeof(*hdr));
357 cr = BT_RFCOMM_CMD_CR(session->role);
358 hdr->address = BT_RFCOMM_SET_ADDR(dlci, cr);
359 hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_SABM, BT_RFCOMM_PF_NON_UIH);
360 hdr->length = BT_RFCOMM_SET_LEN_8(0);
361
362 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_NON_UIH, buf->data);
363 net_buf_add_u8(buf, fcs);
364
365 return rfcomm_send(session, buf);
366 }
367
rfcomm_send_disc(struct bt_rfcomm_session * session,uint8_t dlci)368 static int rfcomm_send_disc(struct bt_rfcomm_session *session, uint8_t dlci)
369 {
370 struct bt_rfcomm_hdr *hdr;
371 struct net_buf *buf;
372 uint8_t fcs, cr;
373
374 LOG_DBG("dlci %d", dlci);
375
376 buf = bt_l2cap_create_pdu(NULL, 0);
377
378 hdr = net_buf_add(buf, sizeof(*hdr));
379 cr = BT_RFCOMM_RESP_CR(session->role);
380 hdr->address = BT_RFCOMM_SET_ADDR(dlci, cr);
381 hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_DISC, BT_RFCOMM_PF_NON_UIH);
382 hdr->length = BT_RFCOMM_SET_LEN_8(0);
383 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_NON_UIH, buf->data);
384 net_buf_add_u8(buf, fcs);
385
386 return rfcomm_send(session, buf);
387 }
388
rfcomm_session_disconnect(struct bt_rfcomm_session * session)389 static void rfcomm_session_disconnect(struct bt_rfcomm_session *session)
390 {
391 if (session->dlcs) {
392 return;
393 }
394
395 session->state = BT_RFCOMM_STATE_DISCONNECTING;
396 rfcomm_send_disc(session, 0);
397 k_work_reschedule(&session->rtx_work, RFCOMM_DISC_TIMEOUT);
398 }
399
rfcomm_make_uih_msg(struct bt_rfcomm_session * session,uint8_t cr,uint8_t type,uint8_t len)400 static struct net_buf *rfcomm_make_uih_msg(struct bt_rfcomm_session *session,
401 uint8_t cr, uint8_t type,
402 uint8_t len)
403 {
404 struct bt_rfcomm_hdr *hdr;
405 struct bt_rfcomm_msg_hdr *msg_hdr;
406 struct net_buf *buf;
407 uint8_t hdr_cr;
408
409 buf = bt_l2cap_create_pdu(NULL, 0);
410
411 hdr = net_buf_add(buf, sizeof(*hdr));
412 hdr_cr = BT_RFCOMM_UIH_CR(session->role);
413 hdr->address = BT_RFCOMM_SET_ADDR(0, hdr_cr);
414 hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_UIH, BT_RFCOMM_PF_UIH);
415 hdr->length = BT_RFCOMM_SET_LEN_8(sizeof(*msg_hdr) + len);
416
417 msg_hdr = net_buf_add(buf, sizeof(*msg_hdr));
418 msg_hdr->type = BT_RFCOMM_SET_MSG_TYPE(type, cr);
419 msg_hdr->len = BT_RFCOMM_SET_LEN_8(len);
420
421 return buf;
422 }
423
rfcomm_connected(struct bt_l2cap_chan * chan)424 static void rfcomm_connected(struct bt_l2cap_chan *chan)
425 {
426 struct bt_rfcomm_session *session = RFCOMM_SESSION(chan);
427
428 LOG_DBG("Session %p", session);
429
430 /* Need to include UIH header and FCS*/
431 session->mtu = MIN(session->br_chan.rx.mtu,
432 session->br_chan.tx.mtu) -
433 BT_RFCOMM_HDR_SIZE + BT_RFCOMM_FCS_SIZE;
434
435 if (session->state == BT_RFCOMM_STATE_CONNECTING) {
436 rfcomm_send_sabm(session, 0);
437 }
438 }
439
rfcomm_disconnected(struct bt_l2cap_chan * chan)440 static void rfcomm_disconnected(struct bt_l2cap_chan *chan)
441 {
442 struct bt_rfcomm_session *session = RFCOMM_SESSION(chan);
443
444 LOG_DBG("Session %p", session);
445
446 k_work_cancel_delayable(&session->rtx_work);
447 rfcomm_session_disconnected(session);
448 session->state = BT_RFCOMM_STATE_IDLE;
449 }
450
rfcomm_dlc_rtx_timeout(struct k_work * work)451 static void rfcomm_dlc_rtx_timeout(struct k_work *work)
452 {
453 struct bt_rfcomm_dlc *dlc = DLC_RTX(work);
454 struct bt_rfcomm_session *session = dlc->session;
455
456 LOG_WRN("dlc %p state %d timeout", dlc, dlc->state);
457
458 rfcomm_dlcs_remove_dlci(session->dlcs, dlc->dlci);
459 rfcomm_dlc_disconnect(dlc);
460 rfcomm_session_disconnect(session);
461 }
462
rfcomm_dlc_init(struct bt_rfcomm_dlc * dlc,struct bt_rfcomm_session * session,uint8_t dlci,bt_rfcomm_role_t role)463 static void rfcomm_dlc_init(struct bt_rfcomm_dlc *dlc,
464 struct bt_rfcomm_session *session,
465 uint8_t dlci,
466 bt_rfcomm_role_t role)
467 {
468 LOG_DBG("dlc %p", dlc);
469
470 dlc->dlci = dlci;
471 dlc->session = session;
472 dlc->rx_credit = RFCOMM_DEFAULT_CREDIT;
473 dlc->state = BT_RFCOMM_STATE_INIT;
474 dlc->role = role;
475 k_work_init_delayable(&dlc->rtx_work, rfcomm_dlc_rtx_timeout);
476
477 /* Start a conn timer which includes auth as well */
478 k_work_schedule(&dlc->rtx_work, RFCOMM_CONN_TIMEOUT);
479
480 dlc->_next = session->dlcs;
481 session->dlcs = dlc;
482 }
483
rfcomm_dlc_accept(struct bt_rfcomm_session * session,uint8_t dlci)484 static struct bt_rfcomm_dlc *rfcomm_dlc_accept(struct bt_rfcomm_session *session,
485 uint8_t dlci)
486 {
487 struct bt_rfcomm_server *server;
488 struct bt_rfcomm_dlc *dlc;
489 uint8_t channel;
490
491 channel = BT_RFCOMM_GET_CHANNEL(dlci);
492 server = rfcomm_server_lookup_channel(channel);
493 if (!server) {
494 LOG_ERR("Server Channel not registered");
495 return NULL;
496 }
497
498 if (server->accept(session->br_chan.chan.conn, server, &dlc) < 0) {
499 LOG_DBG("Incoming connection rejected");
500 return NULL;
501 }
502
503 if (!BT_RFCOMM_CHECK_MTU(dlc->mtu)) {
504 rfcomm_dlc_destroy(dlc);
505 return NULL;
506 }
507
508 rfcomm_dlc_init(dlc, session, dlci, BT_RFCOMM_ROLE_ACCEPTOR);
509 dlc->mtu = MIN(dlc->mtu, session->mtu);
510
511 return dlc;
512 }
513
rfcomm_send_dm(struct bt_rfcomm_session * session,uint8_t dlci)514 static int rfcomm_send_dm(struct bt_rfcomm_session *session, uint8_t dlci)
515 {
516 struct bt_rfcomm_hdr *hdr;
517 struct net_buf *buf;
518 uint8_t fcs, cr;
519
520 LOG_DBG("dlci %d", dlci);
521
522 buf = bt_l2cap_create_pdu(NULL, 0);
523
524 hdr = net_buf_add(buf, sizeof(*hdr));
525 cr = BT_RFCOMM_RESP_CR(session->role);
526 hdr->address = BT_RFCOMM_SET_ADDR(dlci, cr);
527 /* For DM PF bit is not relevant, we set it 1 */
528 hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_DM, BT_RFCOMM_PF_NON_UIH);
529 hdr->length = BT_RFCOMM_SET_LEN_8(0);
530 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_NON_UIH, buf->data);
531 net_buf_add_u8(buf, fcs);
532
533 return rfcomm_send(session, buf);
534 }
535
rfcomm_check_fc(struct bt_rfcomm_dlc * dlc)536 static void rfcomm_check_fc(struct bt_rfcomm_dlc *dlc)
537 {
538 LOG_DBG("%p", dlc);
539
540 LOG_DBG("Wait for credits or MSC FC %p", dlc);
541 /* Wait for credits or MSC FC */
542 k_sem_take(&dlc->tx_credits, K_FOREVER);
543
544 if (dlc->session->cfc == BT_RFCOMM_CFC_SUPPORTED) {
545 return;
546 }
547
548 k_sem_take(&dlc->session->fc, K_FOREVER);
549
550 /* Give the sems immediately so that sem will be available for all
551 * the bufs in the queue. It will be blocked only once all the bufs
552 * are sent (which will preempt this thread) and FCOFF / FC bit
553 * with 1, is received.
554 */
555 k_sem_give(&dlc->session->fc);
556 k_sem_give(&dlc->tx_credits);
557 }
558
bt_rfcomm_tx_destroy(struct bt_rfcomm_dlc * dlc,struct net_buf * buf)559 static void bt_rfcomm_tx_destroy(struct bt_rfcomm_dlc *dlc, struct net_buf *buf)
560 {
561 LOG_DBG("dlc %p, buf %p", dlc, buf);
562
563 if ((buf == NULL) || (buf->len == 0)) {
564 return;
565 }
566
567 if (dlc && dlc->ops && dlc->ops->sent) {
568 dlc->ops->sent(dlc, -ESHUTDOWN);
569 }
570 }
571
rfcomm_sent(struct bt_conn * conn,void * user_data,int err)572 static void rfcomm_sent(struct bt_conn *conn, void *user_data, int err)
573 {
574 struct bt_rfcomm_dlc *dlc;
575
576 LOG_DBG("conn %p", conn);
577
578 if (user_data == NULL) {
579 return;
580 }
581
582 dlc = (struct bt_rfcomm_dlc *)user_data;
583
584 if (dlc && dlc->ops && dlc->ops->sent) {
585 dlc->ops->sent(dlc, err);
586 }
587 }
588
rfcomm_dlc_tx_thread(void * p1,void * p2,void * p3)589 static void rfcomm_dlc_tx_thread(void *p1, void *p2, void *p3)
590 {
591 struct bt_rfcomm_dlc *dlc = p1;
592 k_timeout_t timeout = K_FOREVER;
593 struct net_buf *buf;
594
595 LOG_DBG("Started for dlc %p", dlc);
596
597 while (dlc->state == BT_RFCOMM_STATE_CONNECTED ||
598 dlc->state == BT_RFCOMM_STATE_USER_DISCONNECT) {
599 /* Get next packet for dlc */
600 LOG_DBG("Wait for buf %p", dlc);
601 buf = k_fifo_get(&dlc->tx_queue, timeout);
602 /* If its dummy buffer or non user disconnect then break */
603 if ((dlc->state != BT_RFCOMM_STATE_CONNECTED &&
604 dlc->state != BT_RFCOMM_STATE_USER_DISCONNECT) ||
605 !buf || !buf->len) {
606 if (buf) {
607 bt_rfcomm_tx_destroy(dlc, buf);
608 net_buf_unref(buf);
609 }
610 break;
611 }
612
613 rfcomm_check_fc(dlc);
614 if (dlc->state != BT_RFCOMM_STATE_CONNECTED &&
615 dlc->state != BT_RFCOMM_STATE_USER_DISCONNECT) {
616 bt_rfcomm_tx_destroy(dlc, buf);
617 net_buf_unref(buf);
618 break;
619 }
620
621 if (rfcomm_send_cb(dlc->session, buf, rfcomm_sent, dlc) < 0) {
622 /* This fails only if channel is disconnected */
623 dlc->state = BT_RFCOMM_STATE_DISCONNECTED;
624 bt_rfcomm_tx_destroy(dlc, buf);
625 break;
626 }
627
628 if (dlc->state == BT_RFCOMM_STATE_USER_DISCONNECT) {
629 timeout = K_NO_WAIT;
630 }
631 }
632
633 LOG_DBG("dlc %p disconnected - cleaning up", dlc);
634
635 /* Give back any allocated buffers */
636 while ((buf = k_fifo_get(&dlc->tx_queue, K_NO_WAIT))) {
637 bt_rfcomm_tx_destroy(dlc, buf);
638 net_buf_unref(buf);
639 }
640
641 if (dlc->state == BT_RFCOMM_STATE_USER_DISCONNECT) {
642 dlc->state = BT_RFCOMM_STATE_DISCONNECTING;
643 }
644
645 if (dlc->state == BT_RFCOMM_STATE_DISCONNECTING) {
646 rfcomm_send_disc(dlc->session, dlc->dlci);
647 k_work_reschedule(&dlc->rtx_work, RFCOMM_DISC_TIMEOUT);
648 } else {
649 rfcomm_dlc_destroy(dlc);
650 }
651
652 LOG_DBG("dlc %p exiting", dlc);
653 }
654
rfcomm_send_ua(struct bt_rfcomm_session * session,uint8_t dlci)655 static int rfcomm_send_ua(struct bt_rfcomm_session *session, uint8_t dlci)
656 {
657 struct bt_rfcomm_hdr *hdr;
658 struct net_buf *buf;
659 uint8_t cr, fcs;
660
661 buf = bt_l2cap_create_pdu(NULL, 0);
662
663 hdr = net_buf_add(buf, sizeof(*hdr));
664 cr = BT_RFCOMM_RESP_CR(session->role);
665 hdr->address = BT_RFCOMM_SET_ADDR(dlci, cr);
666 hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_UA, BT_RFCOMM_PF_NON_UIH);
667 hdr->length = BT_RFCOMM_SET_LEN_8(0);
668
669 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_NON_UIH, buf->data);
670 net_buf_add_u8(buf, fcs);
671
672 return rfcomm_send(session, buf);
673 }
674
rfcomm_send_msc(struct bt_rfcomm_dlc * dlc,uint8_t cr,uint8_t v24_signal)675 static int rfcomm_send_msc(struct bt_rfcomm_dlc *dlc, uint8_t cr,
676 uint8_t v24_signal)
677 {
678 struct bt_rfcomm_msc *msc;
679 struct net_buf *buf;
680 uint8_t fcs;
681
682 buf = rfcomm_make_uih_msg(dlc->session, cr, BT_RFCOMM_MSC,
683 sizeof(*msc));
684
685 msc = net_buf_add(buf, sizeof(*msc));
686 /* cr bit should be always 1 in MSC */
687 msc->dlci = BT_RFCOMM_SET_ADDR(dlc->dlci, 1);
688 msc->v24_signal = v24_signal;
689
690 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
691 net_buf_add_u8(buf, fcs);
692
693 return rfcomm_send(dlc->session, buf);
694 }
695
rfcomm_send_rls(struct bt_rfcomm_dlc * dlc,uint8_t cr,uint8_t line_status)696 static int rfcomm_send_rls(struct bt_rfcomm_dlc *dlc, uint8_t cr,
697 uint8_t line_status)
698 {
699 struct bt_rfcomm_rls *rls;
700 struct net_buf *buf;
701 uint8_t fcs;
702
703 buf = rfcomm_make_uih_msg(dlc->session, cr, BT_RFCOMM_RLS,
704 sizeof(*rls));
705
706 rls = net_buf_add(buf, sizeof(*rls));
707 /* cr bit should be always 1 in RLS */
708 rls->dlci = BT_RFCOMM_SET_ADDR(dlc->dlci, 1);
709 rls->line_status = line_status;
710
711 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
712 net_buf_add_u8(buf, fcs);
713
714 return rfcomm_send(dlc->session, buf);
715 }
716
rfcomm_send_rpn(struct bt_rfcomm_session * session,uint8_t cr,struct bt_rfcomm_rpn * rpn)717 static int rfcomm_send_rpn(struct bt_rfcomm_session *session, uint8_t cr,
718 struct bt_rfcomm_rpn *rpn)
719 {
720 struct net_buf *buf;
721 uint8_t fcs;
722
723 buf = rfcomm_make_uih_msg(session, cr, BT_RFCOMM_RPN, sizeof(*rpn));
724
725 net_buf_add_mem(buf, rpn, sizeof(*rpn));
726
727 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
728 net_buf_add_u8(buf, fcs);
729
730 return rfcomm_send(session, buf);
731 }
732
rfcomm_send_test(struct bt_rfcomm_session * session,uint8_t cr,uint8_t * pattern,uint8_t len)733 static int rfcomm_send_test(struct bt_rfcomm_session *session, uint8_t cr,
734 uint8_t *pattern, uint8_t len)
735 {
736 struct net_buf *buf;
737 uint8_t fcs;
738
739 buf = rfcomm_make_uih_msg(session, cr, BT_RFCOMM_TEST, len);
740
741 net_buf_add_mem(buf, pattern, len);
742
743 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
744 net_buf_add_u8(buf, fcs);
745
746 return rfcomm_send(session, buf);
747 }
748
rfcomm_send_nsc(struct bt_rfcomm_session * session,uint8_t cmd_type)749 static int rfcomm_send_nsc(struct bt_rfcomm_session *session, uint8_t cmd_type)
750 {
751 struct net_buf *buf;
752 uint8_t fcs;
753
754 buf = rfcomm_make_uih_msg(session, BT_RFCOMM_MSG_RESP_CR,
755 BT_RFCOMM_NSC, sizeof(cmd_type));
756
757 net_buf_add_u8(buf, cmd_type);
758
759 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
760 net_buf_add_u8(buf, fcs);
761
762 return rfcomm_send(session, buf);
763 }
764
rfcomm_send_fcon(struct bt_rfcomm_session * session,uint8_t cr)765 static int rfcomm_send_fcon(struct bt_rfcomm_session *session, uint8_t cr)
766 {
767 struct net_buf *buf;
768 uint8_t fcs;
769
770 buf = rfcomm_make_uih_msg(session, cr, BT_RFCOMM_FCON, 0);
771
772 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
773 net_buf_add_u8(buf, fcs);
774
775 return rfcomm_send(session, buf);
776 }
777
rfcomm_send_fcoff(struct bt_rfcomm_session * session,uint8_t cr)778 static int rfcomm_send_fcoff(struct bt_rfcomm_session *session, uint8_t cr)
779 {
780 struct net_buf *buf;
781 uint8_t fcs;
782
783 buf = rfcomm_make_uih_msg(session, cr, BT_RFCOMM_FCOFF, 0);
784
785 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
786 net_buf_add_u8(buf, fcs);
787
788 return rfcomm_send(session, buf);
789 }
790
rfcomm_dlc_connected(struct bt_rfcomm_dlc * dlc)791 static void rfcomm_dlc_connected(struct bt_rfcomm_dlc *dlc)
792 {
793 dlc->state = BT_RFCOMM_STATE_CONNECTED;
794
795 rfcomm_send_msc(dlc, BT_RFCOMM_MSG_CMD_CR, BT_RFCOMM_DEFAULT_V24_SIG);
796
797 if (dlc->session->cfc == BT_RFCOMM_CFC_UNKNOWN) {
798 /* This means PN negotiation is not done for this session and
799 * can happen only for 1.0b device.
800 */
801 dlc->session->cfc = BT_RFCOMM_CFC_NOT_SUPPORTED;
802 }
803
804 if (dlc->session->cfc == BT_RFCOMM_CFC_NOT_SUPPORTED) {
805 LOG_DBG("CFC not supported %p", dlc);
806 rfcomm_send_fcon(dlc->session, BT_RFCOMM_MSG_CMD_CR);
807 /* Use tx_credits as binary sem for MSC FC */
808 k_sem_init(&dlc->tx_credits, 0, 1);
809 }
810
811 /* Cancel conn timer */
812 k_work_cancel_delayable(&dlc->rtx_work);
813
814 k_fifo_init(&dlc->tx_queue);
815 k_thread_create(&dlc->tx_thread, dlc->stack,
816 K_KERNEL_STACK_SIZEOF(dlc->stack),
817 rfcomm_dlc_tx_thread, dlc, NULL, NULL, K_PRIO_COOP(7),
818 0, K_NO_WAIT);
819 k_thread_name_set(&dlc->tx_thread, "BT DLC");
820
821 if (dlc->ops && dlc->ops->connected) {
822 dlc->ops->connected(dlc);
823 }
824 }
825
826 enum security_result {
827 RFCOMM_SECURITY_PASSED,
828 RFCOMM_SECURITY_REJECT,
829 RFCOMM_SECURITY_PENDING
830 };
831
rfcomm_dlc_security(struct bt_rfcomm_dlc * dlc)832 static enum security_result rfcomm_dlc_security(struct bt_rfcomm_dlc *dlc)
833 {
834 struct bt_conn *conn = dlc->session->br_chan.chan.conn;
835
836 LOG_DBG("dlc %p", dlc);
837
838 /* If current security level is greater than or equal to required
839 * security level then return SUCCESS.
840 * For SSP devices the current security will be at least MEDIUM
841 * since L2CAP is enforcing it
842 */
843 if (conn->sec_level >= dlc->required_sec_level) {
844 return RFCOMM_SECURITY_PASSED;
845 }
846
847 if (!bt_conn_set_security(conn, dlc->required_sec_level)) {
848 /*
849 * General Bonding refers to the process of performing bonding
850 * during connection setup or channel establishment procedures
851 * as a precursor to accessing a service.
852 * For current case, it is dedicated bonding.
853 */
854 atomic_set_bit(conn->flags, BT_CONN_BR_GENERAL_BONDING);
855 /* If Security elevation is initiated or in progress */
856 return RFCOMM_SECURITY_PENDING;
857 }
858
859 /* Security request failed */
860 return RFCOMM_SECURITY_REJECT;
861 }
862
rfcomm_dlc_drop(struct bt_rfcomm_dlc * dlc)863 static void rfcomm_dlc_drop(struct bt_rfcomm_dlc *dlc)
864 {
865 LOG_DBG("dlc %p", dlc);
866
867 rfcomm_dlcs_remove_dlci(dlc->session->dlcs, dlc->dlci);
868 rfcomm_dlc_destroy(dlc);
869 }
870
rfcomm_dlc_close(struct bt_rfcomm_dlc * dlc)871 static int rfcomm_dlc_close(struct bt_rfcomm_dlc *dlc)
872 {
873 LOG_DBG("dlc %p", dlc);
874
875 switch (dlc->state) {
876 case BT_RFCOMM_STATE_SECURITY_PENDING:
877 if (dlc->role == BT_RFCOMM_ROLE_ACCEPTOR) {
878 rfcomm_send_dm(dlc->session, dlc->dlci);
879 }
880 __fallthrough;
881 case BT_RFCOMM_STATE_INIT:
882 rfcomm_dlc_drop(dlc);
883 break;
884 case BT_RFCOMM_STATE_CONNECTING:
885 case BT_RFCOMM_STATE_CONFIG:
886 dlc->state = BT_RFCOMM_STATE_DISCONNECTING;
887 rfcomm_send_disc(dlc->session, dlc->dlci);
888 k_work_reschedule(&dlc->rtx_work, RFCOMM_DISC_TIMEOUT);
889 break;
890 case BT_RFCOMM_STATE_CONNECTED:
891 dlc->state = BT_RFCOMM_STATE_DISCONNECTING;
892
893 /* Queue a dummy buffer to wake up and stop the
894 * tx thread.
895 */
896 k_fifo_put(&dlc->tx_queue,
897 net_buf_alloc(&dummy_pool, K_NO_WAIT));
898
899 /* There could be a writer waiting for credits so return a
900 * dummy credit to wake it up.
901 */
902 rfcomm_dlc_tx_give_credits(dlc, 1);
903 break;
904 case BT_RFCOMM_STATE_DISCONNECTING:
905 case BT_RFCOMM_STATE_DISCONNECTED:
906 break;
907 case BT_RFCOMM_STATE_IDLE:
908 default:
909 return -EINVAL;
910 }
911
912 return 0;
913 }
914
rfcomm_handle_sabm(struct bt_rfcomm_session * session,uint8_t dlci)915 static void rfcomm_handle_sabm(struct bt_rfcomm_session *session, uint8_t dlci)
916 {
917 if (!dlci) {
918 if (rfcomm_send_ua(session, dlci) < 0) {
919 return;
920 }
921
922 session->state = BT_RFCOMM_STATE_CONNECTED;
923 } else {
924 struct bt_rfcomm_dlc *dlc;
925 enum security_result result;
926
927 dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
928 if (!dlc) {
929 dlc = rfcomm_dlc_accept(session, dlci);
930 if (!dlc) {
931 rfcomm_send_dm(session, dlci);
932 return;
933 }
934 }
935
936 result = rfcomm_dlc_security(dlc);
937 switch (result) {
938 case RFCOMM_SECURITY_PENDING:
939 dlc->state = BT_RFCOMM_STATE_SECURITY_PENDING;
940 return;
941 case RFCOMM_SECURITY_PASSED:
942 break;
943 case RFCOMM_SECURITY_REJECT:
944 default:
945 rfcomm_send_dm(session, dlci);
946 rfcomm_dlc_drop(dlc);
947 return;
948 }
949
950 if (rfcomm_send_ua(session, dlci) < 0) {
951 return;
952 }
953
954 /* Cancel idle timer if any */
955 k_work_cancel_delayable(&session->rtx_work);
956
957 rfcomm_dlc_connected(dlc);
958 }
959 }
960
rfcomm_send_pn(struct bt_rfcomm_dlc * dlc,uint8_t cr)961 static int rfcomm_send_pn(struct bt_rfcomm_dlc *dlc, uint8_t cr)
962 {
963 struct bt_rfcomm_pn *pn;
964 struct net_buf *buf;
965 uint8_t fcs;
966
967 buf = rfcomm_make_uih_msg(dlc->session, cr, BT_RFCOMM_PN, sizeof(*pn));
968
969 LOG_DBG("mtu %x", dlc->mtu);
970
971 pn = net_buf_add(buf, sizeof(*pn));
972 pn->dlci = dlc->dlci;
973 pn->mtu = sys_cpu_to_le16(dlc->mtu);
974 if (dlc->state == BT_RFCOMM_STATE_CONFIG &&
975 (dlc->session->cfc == BT_RFCOMM_CFC_UNKNOWN ||
976 dlc->session->cfc == BT_RFCOMM_CFC_SUPPORTED)) {
977 pn->credits = dlc->rx_credit;
978 if (cr) {
979 pn->flow_ctrl = BT_RFCOMM_PN_CFC_CMD;
980 } else {
981 pn->flow_ctrl = BT_RFCOMM_PN_CFC_RESP;
982 }
983 } else {
984 /* If PN comes in already opened dlc or cfc not supported
985 * these should be 0
986 */
987 pn->credits = 0U;
988 pn->flow_ctrl = 0U;
989 }
990 pn->max_retrans = 0U;
991 pn->ack_timer = 0U;
992 pn->priority = 0U;
993
994 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
995 net_buf_add_u8(buf, fcs);
996
997 return rfcomm_send(dlc->session, buf);
998 }
999
rfcomm_send_credit(struct bt_rfcomm_dlc * dlc,uint8_t credits)1000 static int rfcomm_send_credit(struct bt_rfcomm_dlc *dlc, uint8_t credits)
1001 {
1002 struct bt_rfcomm_hdr *hdr;
1003 struct net_buf *buf;
1004 uint8_t fcs, cr;
1005
1006 LOG_DBG("Dlc %p credits %d", dlc, credits);
1007
1008 buf = bt_l2cap_create_pdu(NULL, 0);
1009
1010 hdr = net_buf_add(buf, sizeof(*hdr));
1011 cr = BT_RFCOMM_UIH_CR(dlc->session->role);
1012 hdr->address = BT_RFCOMM_SET_ADDR(dlc->dlci, cr);
1013 hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_UIH,
1014 BT_RFCOMM_PF_UIH_CREDIT);
1015 hdr->length = BT_RFCOMM_SET_LEN_8(0);
1016 net_buf_add_u8(buf, credits);
1017 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
1018 net_buf_add_u8(buf, fcs);
1019
1020 return rfcomm_send(dlc->session, buf);
1021 }
1022
rfcomm_dlc_start(struct bt_rfcomm_dlc * dlc)1023 static int rfcomm_dlc_start(struct bt_rfcomm_dlc *dlc)
1024 {
1025 enum security_result result;
1026
1027 LOG_DBG("dlc %p", dlc);
1028
1029 result = rfcomm_dlc_security(dlc);
1030 switch (result) {
1031 case RFCOMM_SECURITY_PASSED:
1032 dlc->mtu = MIN(dlc->mtu, dlc->session->mtu);
1033 dlc->state = BT_RFCOMM_STATE_CONFIG;
1034 rfcomm_send_pn(dlc, BT_RFCOMM_MSG_CMD_CR);
1035 break;
1036 case RFCOMM_SECURITY_PENDING:
1037 dlc->state = BT_RFCOMM_STATE_SECURITY_PENDING;
1038 break;
1039 case RFCOMM_SECURITY_REJECT:
1040 default:
1041 return -EIO;
1042 }
1043
1044 return 0;
1045 }
1046
rfcomm_handle_ua(struct bt_rfcomm_session * session,uint8_t dlci)1047 static void rfcomm_handle_ua(struct bt_rfcomm_session *session, uint8_t dlci)
1048 {
1049 struct bt_rfcomm_dlc *dlc, *next;
1050 int err;
1051
1052 if (!dlci) {
1053 switch (session->state) {
1054 case BT_RFCOMM_STATE_CONNECTING:
1055 session->state = BT_RFCOMM_STATE_CONNECTED;
1056 for (dlc = session->dlcs; dlc; dlc = next) {
1057 next = dlc->_next;
1058 if (dlc->role == BT_RFCOMM_ROLE_INITIATOR &&
1059 dlc->state == BT_RFCOMM_STATE_INIT) {
1060 if (rfcomm_dlc_start(dlc) < 0) {
1061 rfcomm_dlc_drop(dlc);
1062 }
1063 }
1064 }
1065 /* Disconnect session if there is no dlcs left */
1066 rfcomm_session_disconnect(session);
1067 break;
1068 case BT_RFCOMM_STATE_DISCONNECTING:
1069 session->state = BT_RFCOMM_STATE_DISCONNECTED;
1070 /* Cancel disc timer */
1071 k_work_cancel_delayable(&session->rtx_work);
1072 err = bt_l2cap_chan_disconnect(&session->br_chan.chan);
1073 if (err < 0) {
1074 session->state = BT_RFCOMM_STATE_IDLE;
1075 }
1076 break;
1077 default:
1078 break;
1079 }
1080 } else {
1081 dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
1082 if (!dlc) {
1083 return;
1084 }
1085
1086 switch (dlc->state) {
1087 case BT_RFCOMM_STATE_CONNECTING:
1088 rfcomm_dlc_connected(dlc);
1089 break;
1090 case BT_RFCOMM_STATE_DISCONNECTING:
1091 rfcomm_dlc_drop(dlc);
1092 rfcomm_session_disconnect(session);
1093 break;
1094 default:
1095 break;
1096 }
1097 }
1098 }
1099
rfcomm_handle_dm(struct bt_rfcomm_session * session,uint8_t dlci)1100 static void rfcomm_handle_dm(struct bt_rfcomm_session *session, uint8_t dlci)
1101 {
1102 struct bt_rfcomm_dlc *dlc;
1103
1104 LOG_DBG("dlci %d", dlci);
1105
1106 dlc = rfcomm_dlcs_remove_dlci(session->dlcs, dlci);
1107 if (!dlc) {
1108 return;
1109 }
1110
1111 rfcomm_dlc_disconnect(dlc);
1112 rfcomm_session_disconnect(session);
1113 }
1114
rfcomm_handle_msc(struct bt_rfcomm_session * session,struct net_buf * buf,uint8_t cr)1115 static void rfcomm_handle_msc(struct bt_rfcomm_session *session,
1116 struct net_buf *buf, uint8_t cr)
1117 {
1118 struct bt_rfcomm_msc *msc = (void *)buf->data;
1119 struct bt_rfcomm_dlc *dlc;
1120 uint8_t dlci = BT_RFCOMM_GET_DLCI(msc->dlci);
1121
1122 LOG_DBG("dlci %d", dlci);
1123
1124 dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
1125 if (!dlc) {
1126 return;
1127 }
1128
1129 if (cr == BT_RFCOMM_MSG_RESP_CR) {
1130 return;
1131 }
1132
1133 if (dlc->session->cfc == BT_RFCOMM_CFC_NOT_SUPPORTED) {
1134 /* Only FC bit affects the flow on RFCOMM level */
1135 if (BT_RFCOMM_GET_FC(msc->v24_signal)) {
1136 /* If FC bit is 1 the device is unable to accept frames.
1137 * Take the semaphore with timeout K_NO_WAIT so that
1138 * dlc thread will be blocked when it tries sem_take
1139 * before sending the data. K_NO_WAIT timeout will make
1140 * sure that RX thread will not be blocked while taking
1141 * the semaphore.
1142 */
1143 k_sem_take(&dlc->tx_credits, K_NO_WAIT);
1144 } else {
1145 /* Give the sem so that it will unblock the waiting dlc
1146 * thread in sem_take().
1147 */
1148 k_sem_give(&dlc->tx_credits);
1149 }
1150 }
1151
1152 rfcomm_send_msc(dlc, BT_RFCOMM_MSG_RESP_CR, msc->v24_signal);
1153 }
1154
rfcomm_handle_rls(struct bt_rfcomm_session * session,struct net_buf * buf,uint8_t cr)1155 static void rfcomm_handle_rls(struct bt_rfcomm_session *session,
1156 struct net_buf *buf, uint8_t cr)
1157 {
1158 struct bt_rfcomm_rls *rls = (void *)buf->data;
1159 uint8_t dlci = BT_RFCOMM_GET_DLCI(rls->dlci);
1160 struct bt_rfcomm_dlc *dlc;
1161
1162 LOG_DBG("dlci %d", dlci);
1163
1164 if (!cr) {
1165 /* Ignore if its a response */
1166 return;
1167 }
1168
1169 dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
1170 if (!dlc) {
1171 return;
1172 }
1173
1174 /* As per the ETSI same line status has to returned in the response */
1175 rfcomm_send_rls(dlc, BT_RFCOMM_MSG_RESP_CR, rls->line_status);
1176 }
1177
rfcomm_handle_rpn(struct bt_rfcomm_session * session,struct net_buf * buf,uint8_t cr)1178 static void rfcomm_handle_rpn(struct bt_rfcomm_session *session,
1179 struct net_buf *buf, uint8_t cr)
1180 {
1181 struct bt_rfcomm_rpn default_rpn, *rpn = (void *)buf->data;
1182 uint8_t dlci = BT_RFCOMM_GET_DLCI(rpn->dlci);
1183 uint8_t data_bits, stop_bits, parity_bits;
1184 /* Exclude fcs to get number of value bytes */
1185 uint8_t value_len = buf->len - 1;
1186
1187 LOG_DBG("dlci %d", dlci);
1188
1189 if (!cr) {
1190 /* Ignore if its a response */
1191 return;
1192 }
1193
1194 if (value_len == sizeof(*rpn)) {
1195 /* Accept all the values proposed by the sender */
1196 rpn->param_mask = sys_cpu_to_le16(BT_RFCOMM_RPN_PARAM_MASK_ALL);
1197 rfcomm_send_rpn(session, BT_RFCOMM_MSG_RESP_CR, rpn);
1198 return;
1199 }
1200
1201 if (value_len != 1U) {
1202 return;
1203 }
1204
1205 /* If only one value byte then current port settings has to be returned
1206 * We will send default values
1207 */
1208 default_rpn.dlci = BT_RFCOMM_SET_ADDR(dlci, 1);
1209 default_rpn.baud_rate = BT_RFCOMM_RPN_BAUD_RATE_9600;
1210 default_rpn.flow_control = BT_RFCOMM_RPN_FLOW_NONE;
1211 default_rpn.xoff_char = BT_RFCOMM_RPN_XOFF_CHAR;
1212 default_rpn.xon_char = BT_RFCOMM_RPN_XON_CHAR;
1213 data_bits = BT_RFCOMM_RPN_DATA_BITS_8;
1214 stop_bits = BT_RFCOMM_RPN_STOP_BITS_1;
1215 parity_bits = BT_RFCOMM_RPN_PARITY_NONE;
1216 default_rpn.line_settings = BT_RFCOMM_SET_LINE_SETTINGS(data_bits,
1217 stop_bits,
1218 parity_bits);
1219 default_rpn.param_mask = sys_cpu_to_le16(BT_RFCOMM_RPN_PARAM_MASK_ALL);
1220
1221 rfcomm_send_rpn(session, BT_RFCOMM_MSG_RESP_CR, &default_rpn);
1222 }
1223
rfcomm_handle_pn(struct bt_rfcomm_session * session,struct net_buf * buf,uint8_t cr)1224 static void rfcomm_handle_pn(struct bt_rfcomm_session *session,
1225 struct net_buf *buf, uint8_t cr)
1226 {
1227 struct bt_rfcomm_pn *pn = (void *)buf->data;
1228 struct bt_rfcomm_dlc *dlc;
1229
1230 dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, pn->dlci);
1231 if (!dlc) {
1232 /* Ignore if it is a response */
1233 if (!cr) {
1234 return;
1235 }
1236
1237 if (!BT_RFCOMM_CHECK_MTU(pn->mtu)) {
1238 LOG_ERR("Invalid mtu %d", pn->mtu);
1239 rfcomm_send_dm(session, pn->dlci);
1240 return;
1241 }
1242
1243 dlc = rfcomm_dlc_accept(session, pn->dlci);
1244 if (!dlc) {
1245 rfcomm_send_dm(session, pn->dlci);
1246 return;
1247 }
1248
1249 LOG_DBG("Incoming connection accepted dlc %p", dlc);
1250
1251 dlc->mtu = MIN(dlc->mtu, sys_le16_to_cpu(pn->mtu));
1252
1253 if (pn->flow_ctrl == BT_RFCOMM_PN_CFC_CMD) {
1254 if (session->cfc == BT_RFCOMM_CFC_UNKNOWN) {
1255 session->cfc = BT_RFCOMM_CFC_SUPPORTED;
1256 }
1257 k_sem_init(&dlc->tx_credits, 0, K_SEM_MAX_LIMIT);
1258 rfcomm_dlc_tx_give_credits(dlc, pn->credits);
1259 } else {
1260 session->cfc = BT_RFCOMM_CFC_NOT_SUPPORTED;
1261 }
1262
1263 dlc->state = BT_RFCOMM_STATE_CONFIG;
1264 rfcomm_send_pn(dlc, BT_RFCOMM_MSG_RESP_CR);
1265 /* Cancel idle timer if any */
1266 k_work_cancel_delayable(&session->rtx_work);
1267 } else {
1268 /* If its a command */
1269 if (cr) {
1270 if (!BT_RFCOMM_CHECK_MTU(pn->mtu)) {
1271 LOG_ERR("Invalid mtu %d", pn->mtu);
1272 rfcomm_dlc_close(dlc);
1273 return;
1274 }
1275 dlc->mtu = MIN(dlc->mtu, sys_le16_to_cpu(pn->mtu));
1276 rfcomm_send_pn(dlc, BT_RFCOMM_MSG_RESP_CR);
1277 } else {
1278 if (dlc->state != BT_RFCOMM_STATE_CONFIG) {
1279 return;
1280 }
1281
1282 dlc->mtu = MIN(dlc->mtu, sys_le16_to_cpu(pn->mtu));
1283 if (pn->flow_ctrl == BT_RFCOMM_PN_CFC_RESP) {
1284 if (session->cfc == BT_RFCOMM_CFC_UNKNOWN) {
1285 session->cfc = BT_RFCOMM_CFC_SUPPORTED;
1286 }
1287 k_sem_init(&dlc->tx_credits, 0, K_SEM_MAX_LIMIT);
1288 rfcomm_dlc_tx_give_credits(dlc, pn->credits);
1289 } else {
1290 session->cfc = BT_RFCOMM_CFC_NOT_SUPPORTED;
1291 }
1292
1293 dlc->state = BT_RFCOMM_STATE_CONNECTING;
1294 rfcomm_send_sabm(session, dlc->dlci);
1295 }
1296 }
1297 }
1298
rfcomm_handle_disc(struct bt_rfcomm_session * session,uint8_t dlci)1299 static void rfcomm_handle_disc(struct bt_rfcomm_session *session, uint8_t dlci)
1300 {
1301 struct bt_rfcomm_dlc *dlc;
1302
1303 LOG_DBG("Dlci %d", dlci);
1304
1305 if (dlci) {
1306 dlc = rfcomm_dlcs_remove_dlci(session->dlcs, dlci);
1307 if (!dlc) {
1308 rfcomm_send_dm(session, dlci);
1309 return;
1310 }
1311
1312 rfcomm_send_ua(session, dlci);
1313 rfcomm_dlc_disconnect(dlc);
1314
1315 if (!session->dlcs) {
1316 /* Start a session idle timer */
1317 k_work_reschedule(&dlc->session->rtx_work,
1318 RFCOMM_IDLE_TIMEOUT);
1319 }
1320 } else {
1321 /* Cancel idle timer */
1322 k_work_cancel_delayable(&session->rtx_work);
1323 rfcomm_send_ua(session, 0);
1324 rfcomm_session_disconnected(session);
1325 }
1326 }
1327
rfcomm_handle_msg(struct bt_rfcomm_session * session,struct net_buf * buf)1328 static void rfcomm_handle_msg(struct bt_rfcomm_session *session,
1329 struct net_buf *buf)
1330 {
1331 struct bt_rfcomm_msg_hdr *hdr;
1332 uint8_t msg_type, len, cr;
1333
1334 if (buf->len < sizeof(*hdr)) {
1335 LOG_ERR("Too small RFCOMM message");
1336 return;
1337 }
1338
1339 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
1340 msg_type = BT_RFCOMM_GET_MSG_TYPE(hdr->type);
1341 cr = BT_RFCOMM_GET_MSG_CR(hdr->type);
1342 len = BT_RFCOMM_GET_LEN(hdr->len);
1343
1344 LOG_DBG("msg type %x cr %x", msg_type, cr);
1345
1346 switch (msg_type) {
1347 case BT_RFCOMM_PN:
1348 rfcomm_handle_pn(session, buf, cr);
1349 break;
1350 case BT_RFCOMM_MSC:
1351 rfcomm_handle_msc(session, buf, cr);
1352 break;
1353 case BT_RFCOMM_RLS:
1354 rfcomm_handle_rls(session, buf, cr);
1355 break;
1356 case BT_RFCOMM_RPN:
1357 rfcomm_handle_rpn(session, buf, cr);
1358 break;
1359 case BT_RFCOMM_TEST:
1360 if (!cr) {
1361 break;
1362 }
1363 rfcomm_send_test(session, BT_RFCOMM_MSG_RESP_CR, buf->data,
1364 buf->len - 1);
1365 break;
1366 case BT_RFCOMM_FCON:
1367 if (session->cfc == BT_RFCOMM_CFC_SUPPORTED) {
1368 LOG_ERR("FCON received when CFC is supported ");
1369 return;
1370 }
1371
1372 if (!cr) {
1373 break;
1374 }
1375
1376 /* Give the sem so that it will unblock the waiting dlc threads
1377 * of this session in sem_take().
1378 */
1379 k_sem_give(&session->fc);
1380 rfcomm_send_fcon(session, BT_RFCOMM_MSG_RESP_CR);
1381 break;
1382 case BT_RFCOMM_FCOFF:
1383 if (session->cfc == BT_RFCOMM_CFC_SUPPORTED) {
1384 LOG_ERR("FCOFF received when CFC is supported ");
1385 return;
1386 }
1387
1388 if (!cr) {
1389 break;
1390 }
1391
1392 /* Take the semaphore with timeout K_NO_WAIT so that all the
1393 * dlc threads in this session will be blocked when it tries
1394 * sem_take before sending the data. K_NO_WAIT timeout will
1395 * make sure that RX thread will not be blocked while taking
1396 * the semaphore.
1397 */
1398 k_sem_take(&session->fc, K_NO_WAIT);
1399 rfcomm_send_fcoff(session, BT_RFCOMM_MSG_RESP_CR);
1400 break;
1401 default:
1402 LOG_WRN("Unknown/Unsupported RFCOMM Msg type 0x%02x", msg_type);
1403 rfcomm_send_nsc(session, hdr->type);
1404 break;
1405 }
1406 }
1407
rfcomm_dlc_update_credits(struct bt_rfcomm_dlc * dlc)1408 static void rfcomm_dlc_update_credits(struct bt_rfcomm_dlc *dlc)
1409 {
1410 uint8_t credits;
1411
1412 if (dlc->session->cfc == BT_RFCOMM_CFC_NOT_SUPPORTED) {
1413 return;
1414 }
1415
1416 LOG_DBG("dlc %p credits %u", dlc, dlc->rx_credit);
1417
1418 /* Only give more credits if it went below the defined threshold */
1419 if (dlc->rx_credit > RFCOMM_CREDITS_THRESHOLD) {
1420 return;
1421 }
1422
1423 /* Restore credits */
1424 credits = RFCOMM_MAX_CREDITS - dlc->rx_credit;
1425 dlc->rx_credit += credits;
1426
1427 rfcomm_send_credit(dlc, credits);
1428 }
1429
rfcomm_handle_data(struct bt_rfcomm_session * session,struct net_buf * buf,uint8_t dlci,uint8_t pf)1430 static void rfcomm_handle_data(struct bt_rfcomm_session *session,
1431 struct net_buf *buf, uint8_t dlci, uint8_t pf)
1432
1433 {
1434 struct bt_rfcomm_dlc *dlc;
1435
1436 LOG_DBG("dlci %d, pf %d", dlci, pf);
1437
1438 dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
1439 if (!dlc) {
1440 LOG_ERR("Data recvd in non existing DLC");
1441 rfcomm_send_dm(session, dlci);
1442 return;
1443 }
1444
1445 LOG_DBG("dlc %p rx credit %d", dlc, dlc->rx_credit);
1446
1447 if (dlc->state != BT_RFCOMM_STATE_CONNECTED) {
1448 return;
1449 }
1450
1451 if (pf == BT_RFCOMM_PF_UIH_CREDIT) {
1452 if (buf->len == 0) {
1453 LOG_WRN("Data recvd is invalid");
1454 return;
1455 }
1456 rfcomm_dlc_tx_give_credits(dlc, net_buf_pull_u8(buf));
1457 }
1458
1459 if (buf->len > BT_RFCOMM_FCS_SIZE) {
1460 if (dlc->session->cfc == BT_RFCOMM_CFC_SUPPORTED &&
1461 !dlc->rx_credit) {
1462 LOG_ERR("Data recvd when rx credit is 0");
1463 rfcomm_dlc_close(dlc);
1464 return;
1465 }
1466
1467 /* Remove FCS */
1468 buf->len -= BT_RFCOMM_FCS_SIZE;
1469 if (dlc->ops && dlc->ops->recv) {
1470 dlc->ops->recv(dlc, buf);
1471 }
1472
1473 dlc->rx_credit--;
1474 rfcomm_dlc_update_credits(dlc);
1475 }
1476 }
1477
bt_rfcomm_dlc_send(struct bt_rfcomm_dlc * dlc,struct net_buf * buf)1478 int bt_rfcomm_dlc_send(struct bt_rfcomm_dlc *dlc, struct net_buf *buf)
1479 {
1480 uint8_t fcs, cr;
1481
1482 if (!buf) {
1483 return -EINVAL;
1484 }
1485
1486 LOG_DBG("dlc %p tx credit %d", dlc, k_sem_count_get(&dlc->tx_credits));
1487
1488 if (dlc->state != BT_RFCOMM_STATE_CONNECTED) {
1489 return -ENOTCONN;
1490 }
1491
1492 if (buf->len > dlc->mtu) {
1493 return -EMSGSIZE;
1494 }
1495
1496 /* length */
1497 if (buf->len > BT_RFCOMM_MAX_LEN_8) {
1498 /* Length is 2 byte */
1499 net_buf_push_le16(buf, BT_RFCOMM_SET_LEN_16(buf->len));
1500 } else {
1501 net_buf_push_u8(buf, BT_RFCOMM_SET_LEN_8(buf->len));
1502 }
1503
1504 /* control */
1505 net_buf_push_u8(buf, BT_RFCOMM_SET_CTRL(BT_RFCOMM_UIH,
1506 BT_RFCOMM_PF_UIH_NO_CREDIT));
1507 /* address */
1508 cr = BT_RFCOMM_UIH_CR(dlc->session->role);
1509 net_buf_push_u8(buf, BT_RFCOMM_SET_ADDR(dlc->dlci, cr));
1510
1511 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
1512 net_buf_add_u8(buf, fcs);
1513
1514 k_fifo_put(&dlc->tx_queue, buf);
1515
1516 return buf->len;
1517 }
1518
rfcomm_recv(struct bt_l2cap_chan * chan,struct net_buf * buf)1519 static int rfcomm_recv(struct bt_l2cap_chan *chan, struct net_buf *buf)
1520 {
1521 struct bt_rfcomm_session *session = RFCOMM_SESSION(chan);
1522 struct bt_rfcomm_hdr *hdr = (void *)buf->data;
1523 struct bt_rfcomm_hdr_ext *hdr_ext = (void *)buf->data;
1524 uint8_t dlci, frame_type, fcs, fcs_len;
1525 uint16_t msg_len;
1526 uint16_t hdr_len;
1527
1528 /* Need to consider FCS also*/
1529 if (buf->len < (sizeof(*hdr) + sizeof(fcs))) {
1530 LOG_ERR("Too small RFCOMM Frame");
1531 return 0;
1532 }
1533
1534 dlci = BT_RFCOMM_GET_DLCI(hdr->address);
1535 frame_type = BT_RFCOMM_GET_FRAME_TYPE(hdr->control);
1536
1537 LOG_DBG("session %p dlci %x type %x", session, dlci, frame_type);
1538
1539 if (BT_RFCOMM_LEN_EXTENDED(hdr->length)) {
1540 msg_len = BT_RFCOMM_GET_LEN_EXTENDED(hdr_ext->hdr.length, hdr_ext->second_length);
1541 hdr_len = sizeof(*hdr_ext);
1542 } else {
1543 msg_len = BT_RFCOMM_GET_LEN(hdr->length);
1544 hdr_len = sizeof(*hdr);
1545 }
1546
1547 if (buf->len < (hdr_len + msg_len + sizeof(fcs))) {
1548 LOG_ERR("Too small RFCOMM information (%u < %zu)", buf->len,
1549 hdr_len + msg_len + sizeof(fcs));
1550 return 0;
1551 }
1552
1553 fcs_len = (frame_type == BT_RFCOMM_UIH) ? BT_RFCOMM_FCS_LEN_UIH : hdr_len;
1554 fcs = *(net_buf_tail(buf) - sizeof(fcs));
1555 if (!rfcomm_check_fcs(fcs_len, buf->data, fcs)) {
1556 LOG_ERR("FCS check failed");
1557 return 0;
1558 }
1559
1560 net_buf_pull(buf, hdr_len);
1561
1562 switch (frame_type) {
1563 case BT_RFCOMM_SABM:
1564 rfcomm_handle_sabm(session, dlci);
1565 break;
1566 case BT_RFCOMM_UIH:
1567 if (!dlci) {
1568 rfcomm_handle_msg(session, buf);
1569 } else {
1570 rfcomm_handle_data(session, buf, dlci, BT_RFCOMM_GET_PF(hdr->control));
1571 }
1572 break;
1573 case BT_RFCOMM_DISC:
1574 rfcomm_handle_disc(session, dlci);
1575 break;
1576 case BT_RFCOMM_UA:
1577 rfcomm_handle_ua(session, dlci);
1578 break;
1579 case BT_RFCOMM_DM:
1580 rfcomm_handle_dm(session, dlci);
1581 break;
1582 default:
1583 LOG_WRN("Unknown/Unsupported RFCOMM Frame type 0x%02x", frame_type);
1584 break;
1585 }
1586
1587 return 0;
1588 }
1589
rfcomm_encrypt_change(struct bt_l2cap_chan * chan,uint8_t hci_status)1590 static void rfcomm_encrypt_change(struct bt_l2cap_chan *chan,
1591 uint8_t hci_status)
1592 {
1593 struct bt_rfcomm_session *session = RFCOMM_SESSION(chan);
1594 struct bt_conn *conn = chan->conn;
1595 struct bt_rfcomm_dlc *dlc, *next;
1596
1597 LOG_DBG("session %p status 0x%02x encr 0x%02x", session, hci_status, conn->encrypt);
1598
1599 for (dlc = session->dlcs; dlc; dlc = next) {
1600 next = dlc->_next;
1601
1602 if (dlc->state != BT_RFCOMM_STATE_SECURITY_PENDING) {
1603 continue;
1604 }
1605
1606 if (hci_status || !conn->encrypt ||
1607 conn->sec_level < dlc->required_sec_level) {
1608 rfcomm_dlc_close(dlc);
1609 continue;
1610 }
1611
1612 if (dlc->role == BT_RFCOMM_ROLE_ACCEPTOR) {
1613 rfcomm_send_ua(session, dlc->dlci);
1614 rfcomm_dlc_connected(dlc);
1615 } else {
1616 dlc->mtu = MIN(dlc->mtu, session->mtu);
1617 dlc->state = BT_RFCOMM_STATE_CONFIG;
1618 rfcomm_send_pn(dlc, BT_RFCOMM_MSG_CMD_CR);
1619 }
1620 }
1621 }
1622
rfcomm_session_rtx_timeout(struct k_work * work)1623 static void rfcomm_session_rtx_timeout(struct k_work *work)
1624 {
1625 struct bt_rfcomm_session *session = SESSION_RTX(work);
1626
1627 LOG_WRN("session %p state %d timeout", session, session->state);
1628
1629 switch (session->state) {
1630 case BT_RFCOMM_STATE_CONNECTED:
1631 rfcomm_session_disconnect(session);
1632 break;
1633 case BT_RFCOMM_STATE_DISCONNECTING:
1634 session->state = BT_RFCOMM_STATE_DISCONNECTED;
1635 if (bt_l2cap_chan_disconnect(&session->br_chan.chan) < 0) {
1636 session->state = BT_RFCOMM_STATE_IDLE;
1637 }
1638 break;
1639 }
1640 }
1641
rfcomm_session_new(bt_rfcomm_role_t role)1642 static struct bt_rfcomm_session *rfcomm_session_new(bt_rfcomm_role_t role)
1643 {
1644 int i;
1645 static const struct bt_l2cap_chan_ops ops = {
1646 .connected = rfcomm_connected,
1647 .disconnected = rfcomm_disconnected,
1648 .recv = rfcomm_recv,
1649 .encrypt_change = rfcomm_encrypt_change,
1650 };
1651
1652 for (i = 0; i < ARRAY_SIZE(bt_rfcomm_pool); i++) {
1653 struct bt_rfcomm_session *session = &bt_rfcomm_pool[i];
1654
1655 if (session->br_chan.chan.conn) {
1656 continue;
1657 }
1658
1659 LOG_DBG("session %p initialized", session);
1660
1661 session->br_chan.chan.ops = &ops;
1662 session->br_chan.rx.mtu = CONFIG_BT_RFCOMM_L2CAP_MTU;
1663 session->state = BT_RFCOMM_STATE_INIT;
1664 session->role = role;
1665 session->cfc = BT_RFCOMM_CFC_UNKNOWN;
1666 k_work_init_delayable(&session->rtx_work,
1667 rfcomm_session_rtx_timeout);
1668 k_sem_init(&session->fc, 0, 1);
1669
1670 return session;
1671 }
1672
1673 return NULL;
1674 }
1675
bt_rfcomm_dlc_connect(struct bt_conn * conn,struct bt_rfcomm_dlc * dlc,uint8_t channel)1676 int bt_rfcomm_dlc_connect(struct bt_conn *conn, struct bt_rfcomm_dlc *dlc,
1677 uint8_t channel)
1678 {
1679 struct bt_rfcomm_session *session;
1680 struct bt_l2cap_chan *chan;
1681 uint8_t dlci;
1682 int ret;
1683
1684 LOG_DBG("conn %p dlc %p channel %d", conn, dlc, channel);
1685
1686 if (!dlc) {
1687 return -EINVAL;
1688 }
1689
1690 if (!conn || conn->state != BT_CONN_CONNECTED) {
1691 return -ENOTCONN;
1692 }
1693
1694 if (channel < RFCOMM_CHANNEL_START || channel > RFCOMM_CHANNEL_END) {
1695 return -EINVAL;
1696 }
1697
1698 if (!BT_RFCOMM_CHECK_MTU(dlc->mtu)) {
1699 return -EINVAL;
1700 }
1701
1702 session = rfcomm_sessions_lookup_bt_conn(conn);
1703 if (!session) {
1704 session = rfcomm_session_new(BT_RFCOMM_ROLE_INITIATOR);
1705 if (!session) {
1706 return -ENOMEM;
1707 }
1708 }
1709
1710 dlci = BT_RFCOMM_DLCI(session->role, channel);
1711
1712 if (rfcomm_dlcs_lookup_dlci(session->dlcs, dlci)) {
1713 return -EBUSY;
1714 }
1715
1716 rfcomm_dlc_init(dlc, session, dlci, BT_RFCOMM_ROLE_INITIATOR);
1717
1718 switch (session->state) {
1719 case BT_RFCOMM_STATE_INIT:
1720 if (session->role == BT_RFCOMM_ROLE_ACCEPTOR) {
1721 /* There is an ongoing incoming conn */
1722 break;
1723 }
1724 chan = &session->br_chan.chan;
1725 BR_CHAN(chan)->required_sec_level = dlc->required_sec_level;
1726 ret = bt_l2cap_chan_connect(conn, chan, BT_L2CAP_PSM_RFCOMM);
1727 if (ret < 0) {
1728 session->state = BT_RFCOMM_STATE_IDLE;
1729 goto fail;
1730 }
1731 session->state = BT_RFCOMM_STATE_CONNECTING;
1732 break;
1733 case BT_RFCOMM_STATE_CONNECTING:
1734 break;
1735 case BT_RFCOMM_STATE_CONNECTED:
1736 ret = rfcomm_dlc_start(dlc);
1737 if (ret < 0) {
1738 goto fail;
1739 }
1740 /* Cancel idle timer if any */
1741 k_work_cancel_delayable(&session->rtx_work);
1742 break;
1743 default:
1744 LOG_ERR("Invalid session state %d", session->state);
1745 ret = -EINVAL;
1746 goto fail;
1747 }
1748
1749 return 0;
1750
1751 fail:
1752 rfcomm_dlcs_remove_dlci(session->dlcs, dlc->dlci);
1753 dlc->state = BT_RFCOMM_STATE_IDLE;
1754 dlc->session = NULL;
1755 return ret;
1756 }
1757
bt_rfcomm_dlc_disconnect(struct bt_rfcomm_dlc * dlc)1758 int bt_rfcomm_dlc_disconnect(struct bt_rfcomm_dlc *dlc)
1759 {
1760 LOG_DBG("dlc %p", dlc);
1761
1762 if (!dlc) {
1763 return -EINVAL;
1764 }
1765
1766 if (dlc->state == BT_RFCOMM_STATE_CONNECTED) {
1767 /* This is to handle user initiated disconnect to send pending
1768 * bufs in the queue before disconnecting
1769 * Queue a dummy buffer (in case if queue is empty) to wake up
1770 * and stop the tx thread.
1771 */
1772 dlc->state = BT_RFCOMM_STATE_USER_DISCONNECT;
1773 k_fifo_put(&dlc->tx_queue,
1774 net_buf_alloc(&dummy_pool, K_NO_WAIT));
1775
1776 k_work_reschedule(&dlc->rtx_work, RFCOMM_DISC_TIMEOUT);
1777
1778 return 0;
1779 }
1780
1781 return rfcomm_dlc_close(dlc);
1782 }
1783
rfcomm_accept(struct bt_conn * conn,struct bt_l2cap_server * server,struct bt_l2cap_chan ** chan)1784 static int rfcomm_accept(struct bt_conn *conn, struct bt_l2cap_server *server,
1785 struct bt_l2cap_chan **chan)
1786 {
1787 struct bt_rfcomm_session *session;
1788
1789 LOG_DBG("conn %p", conn);
1790
1791 session = rfcomm_session_new(BT_RFCOMM_ROLE_ACCEPTOR);
1792 if (session) {
1793 *chan = &session->br_chan.chan;
1794 return 0;
1795 }
1796
1797 LOG_ERR("No available RFCOMM context for conn %p", conn);
1798
1799 return -ENOMEM;
1800 }
1801
bt_rfcomm_init(void)1802 void bt_rfcomm_init(void)
1803 {
1804 static struct bt_l2cap_server server = {
1805 .psm = BT_L2CAP_PSM_RFCOMM,
1806 .accept = rfcomm_accept,
1807 .sec_level = BT_SECURITY_L1,
1808 };
1809
1810 bt_l2cap_br_server_register(&server);
1811 }
1812
