1 /* rfcomm.c - RFCOMM handling */
2
3 /*
4 * Copyright (c) 2016 Intel Corporation
5 *
6 * SPDX-License-Identifier: Apache-2.0
7 */
8
9 #include <zephyr/kernel.h>
10 #include <string.h>
11 #include <errno.h>
12 #include <zephyr/sys/atomic.h>
13 #include <zephyr/sys/byteorder.h>
14 #include <zephyr/sys/util.h>
15 #include <zephyr/debug/stack.h>
16
17 #include <zephyr/bluetooth/hci.h>
18 #include <zephyr/bluetooth/bluetooth.h>
19 #include <zephyr/bluetooth/conn.h>
20 #include <zephyr/bluetooth/l2cap.h>
21
22 #include <zephyr/bluetooth/classic/rfcomm.h>
23
24 #include "host/hci_core.h"
25 #include "host/conn_internal.h"
26 #include "l2cap_br_internal.h"
27 #include "rfcomm_internal.h"
28
29 #define LOG_LEVEL CONFIG_BT_RFCOMM_LOG_LEVEL
30 #include <zephyr/logging/log.h>
31 LOG_MODULE_REGISTER(bt_rfcomm);
32
33 #define RFCOMM_CHANNEL_START 0x01
34 #define RFCOMM_CHANNEL_END 0x1e
35
36 #define RFCOMM_MIN_MTU BT_RFCOMM_SIG_MIN_MTU
37 #define RFCOMM_DEFAULT_MTU 127
38
39 #define RFCOMM_MAX_CREDITS (BT_BUF_ACL_RX_COUNT - 1)
40 #define RFCOMM_CREDITS_THRESHOLD (RFCOMM_MAX_CREDITS / 2)
41 #define RFCOMM_DEFAULT_CREDIT RFCOMM_MAX_CREDITS
42
43 #define RFCOMM_CONN_TIMEOUT K_SECONDS(60)
44 #define RFCOMM_DISC_TIMEOUT K_SECONDS(20)
45 #define RFCOMM_IDLE_TIMEOUT K_SECONDS(2)
46
47 #define DLC_RTX(_w) CONTAINER_OF(k_work_delayable_from_work(_w), \
48 struct bt_rfcomm_dlc, rtx_work)
49 #define SESSION_RTX(_w) CONTAINER_OF(k_work_delayable_from_work(_w), \
50 struct bt_rfcomm_session, rtx_work)
51
52 static struct bt_rfcomm_server *servers;
53
54 /* Pool for dummy buffers to wake up the tx threads */
55 NET_BUF_POOL_DEFINE(dummy_pool, CONFIG_BT_MAX_CONN, 0, 0, NULL);
56
57 #define RFCOMM_SESSION(_ch) CONTAINER_OF(_ch, \
58 struct bt_rfcomm_session, br_chan.chan)
59
60 static struct bt_rfcomm_session bt_rfcomm_pool[CONFIG_BT_MAX_CONN];
61
62 /* reversed, 8-bit, poly=0x07 */
63 static const uint8_t rfcomm_crc_table[256] = {
64 0x00, 0x91, 0xe3, 0x72, 0x07, 0x96, 0xe4, 0x75,
65 0x0e, 0x9f, 0xed, 0x7c, 0x09, 0x98, 0xea, 0x7b,
66 0x1c, 0x8d, 0xff, 0x6e, 0x1b, 0x8a, 0xf8, 0x69,
67 0x12, 0x83, 0xf1, 0x60, 0x15, 0x84, 0xf6, 0x67,
68
69 0x38, 0xa9, 0xdb, 0x4a, 0x3f, 0xae, 0xdc, 0x4d,
70 0x36, 0xa7, 0xd5, 0x44, 0x31, 0xa0, 0xd2, 0x43,
71 0x24, 0xb5, 0xc7, 0x56, 0x23, 0xb2, 0xc0, 0x51,
72 0x2a, 0xbb, 0xc9, 0x58, 0x2d, 0xbc, 0xce, 0x5f,
73
74 0x70, 0xe1, 0x93, 0x02, 0x77, 0xe6, 0x94, 0x05,
75 0x7e, 0xef, 0x9d, 0x0c, 0x79, 0xe8, 0x9a, 0x0b,
76 0x6c, 0xfd, 0x8f, 0x1e, 0x6b, 0xfa, 0x88, 0x19,
77 0x62, 0xf3, 0x81, 0x10, 0x65, 0xf4, 0x86, 0x17,
78
79 0x48, 0xd9, 0xab, 0x3a, 0x4f, 0xde, 0xac, 0x3d,
80 0x46, 0xd7, 0xa5, 0x34, 0x41, 0xd0, 0xa2, 0x33,
81 0x54, 0xc5, 0xb7, 0x26, 0x53, 0xc2, 0xb0, 0x21,
82 0x5a, 0xcb, 0xb9, 0x28, 0x5d, 0xcc, 0xbe, 0x2f,
83
84 0xe0, 0x71, 0x03, 0x92, 0xe7, 0x76, 0x04, 0x95,
85 0xee, 0x7f, 0x0d, 0x9c, 0xe9, 0x78, 0x0a, 0x9b,
86 0xfc, 0x6d, 0x1f, 0x8e, 0xfb, 0x6a, 0x18, 0x89,
87 0xf2, 0x63, 0x11, 0x80, 0xf5, 0x64, 0x16, 0x87,
88
89 0xd8, 0x49, 0x3b, 0xaa, 0xdf, 0x4e, 0x3c, 0xad,
90 0xd6, 0x47, 0x35, 0xa4, 0xd1, 0x40, 0x32, 0xa3,
91 0xc4, 0x55, 0x27, 0xb6, 0xc3, 0x52, 0x20, 0xb1,
92 0xca, 0x5b, 0x29, 0xb8, 0xcd, 0x5c, 0x2e, 0xbf,
93
94 0x90, 0x01, 0x73, 0xe2, 0x97, 0x06, 0x74, 0xe5,
95 0x9e, 0x0f, 0x7d, 0xec, 0x99, 0x08, 0x7a, 0xeb,
96 0x8c, 0x1d, 0x6f, 0xfe, 0x8b, 0x1a, 0x68, 0xf9,
97 0x82, 0x13, 0x61, 0xf0, 0x85, 0x14, 0x66, 0xf7,
98
99 0xa8, 0x39, 0x4b, 0xda, 0xaf, 0x3e, 0x4c, 0xdd,
100 0xa6, 0x37, 0x45, 0xd4, 0xa1, 0x30, 0x42, 0xd3,
101 0xb4, 0x25, 0x57, 0xc6, 0xb3, 0x22, 0x50, 0xc1,
102 0xba, 0x2b, 0x59, 0xc8, 0xbd, 0x2c, 0x5e, 0xcf
103 };
104
rfcomm_calc_fcs(uint16_t len,const uint8_t * data)105 static uint8_t rfcomm_calc_fcs(uint16_t len, const uint8_t *data)
106 {
107 uint8_t fcs = 0xff;
108
109 while (len--) {
110 fcs = rfcomm_crc_table[fcs ^ *data++];
111 }
112
113 /* Ones compliment */
114 return (0xff - fcs);
115 }
116
rfcomm_check_fcs(uint16_t len,const uint8_t * data,uint8_t recvd_fcs)117 static bool rfcomm_check_fcs(uint16_t len, const uint8_t *data,
118 uint8_t recvd_fcs)
119 {
120 uint8_t fcs = 0xff;
121
122 while (len--) {
123 fcs = rfcomm_crc_table[fcs ^ *data++];
124 }
125
126 /* Ones compliment */
127 fcs = rfcomm_crc_table[fcs ^ recvd_fcs];
128
129 /*0xCF is the reversed order of 11110011.*/
130 return (fcs == 0xcf);
131 }
132
rfcomm_dlcs_lookup_dlci(struct bt_rfcomm_dlc * dlcs,uint8_t dlci)133 static struct bt_rfcomm_dlc *rfcomm_dlcs_lookup_dlci(struct bt_rfcomm_dlc *dlcs,
134 uint8_t dlci)
135 {
136 for (; dlcs; dlcs = dlcs->_next) {
137 if (dlcs->dlci == dlci) {
138 return dlcs;
139 }
140 }
141
142 return NULL;
143 }
144
rfcomm_dlcs_remove_dlci(struct bt_rfcomm_dlc * dlcs,uint8_t dlci)145 static struct bt_rfcomm_dlc *rfcomm_dlcs_remove_dlci(struct bt_rfcomm_dlc *dlcs,
146 uint8_t dlci)
147 {
148 struct bt_rfcomm_dlc *tmp;
149
150 if (!dlcs) {
151 return NULL;
152 }
153
154 /* If first node is the one to be removed */
155 if (dlcs->dlci == dlci) {
156 dlcs->session->dlcs = dlcs->_next;
157 return dlcs;
158 }
159
160 for (tmp = dlcs, dlcs = dlcs->_next; dlcs; dlcs = dlcs->_next) {
161 if (dlcs->dlci == dlci) {
162 tmp->_next = dlcs->_next;
163 return dlcs;
164 }
165 tmp = dlcs;
166 }
167
168 return NULL;
169 }
170
rfcomm_server_lookup_channel(uint8_t channel)171 static struct bt_rfcomm_server *rfcomm_server_lookup_channel(uint8_t channel)
172 {
173 struct bt_rfcomm_server *server;
174
175 for (server = servers; server; server = server->_next) {
176 if (server->channel == channel) {
177 return server;
178 }
179 }
180
181 return NULL;
182 }
183
184 static struct bt_rfcomm_session *
rfcomm_sessions_lookup_bt_conn(struct bt_conn * conn)185 rfcomm_sessions_lookup_bt_conn(struct bt_conn *conn)
186 {
187 int i;
188
189 for (i = 0; i < ARRAY_SIZE(bt_rfcomm_pool); i++) {
190 struct bt_rfcomm_session *session = &bt_rfcomm_pool[i];
191
192 if (session->br_chan.chan.conn == conn) {
193 return session;
194 }
195 }
196
197 return NULL;
198 }
199
bt_rfcomm_server_register(struct bt_rfcomm_server * server)200 int bt_rfcomm_server_register(struct bt_rfcomm_server *server)
201 {
202 if (server->channel < RFCOMM_CHANNEL_START ||
203 server->channel > RFCOMM_CHANNEL_END || !server->accept) {
204 return -EINVAL;
205 }
206
207 /* Check if given channel is already in use */
208 if (rfcomm_server_lookup_channel(server->channel)) {
209 LOG_DBG("Channel already registered");
210 return -EADDRINUSE;
211 }
212
213 LOG_DBG("Channel 0x%02x", server->channel);
214
215 server->_next = servers;
216 servers = server;
217
218 return 0;
219 }
220
rfcomm_dlc_tx_give_credits(struct bt_rfcomm_dlc * dlc,uint8_t credits)221 static void rfcomm_dlc_tx_give_credits(struct bt_rfcomm_dlc *dlc,
222 uint8_t credits)
223 {
224 LOG_DBG("dlc %p credits %u", dlc, credits);
225
226 while (credits--) {
227 k_sem_give(&dlc->tx_credits);
228 }
229
230 LOG_DBG("dlc %p updated credits %u", dlc, k_sem_count_get(&dlc->tx_credits));
231 }
232
rfcomm_dlc_destroy(struct bt_rfcomm_dlc * dlc)233 static void rfcomm_dlc_destroy(struct bt_rfcomm_dlc *dlc)
234 {
235 LOG_DBG("dlc %p", dlc);
236
237 k_work_cancel_delayable(&dlc->rtx_work);
238 dlc->state = BT_RFCOMM_STATE_IDLE;
239 dlc->session = NULL;
240
241 if (dlc->ops && dlc->ops->disconnected) {
242 dlc->ops->disconnected(dlc);
243 }
244 }
245
rfcomm_dlc_disconnect(struct bt_rfcomm_dlc * dlc)246 static void rfcomm_dlc_disconnect(struct bt_rfcomm_dlc *dlc)
247 {
248 uint8_t old_state = dlc->state;
249
250 LOG_DBG("dlc %p", dlc);
251
252 if (dlc->state == BT_RFCOMM_STATE_DISCONNECTED) {
253 return;
254 }
255
256 dlc->state = BT_RFCOMM_STATE_DISCONNECTED;
257
258 switch (old_state) {
259 case BT_RFCOMM_STATE_CONNECTED:
260 /* Queue a dummy buffer to wake up and stop the
261 * tx thread for states where it was running.
262 */
263 k_fifo_put(&dlc->tx_queue, net_buf_alloc(&dummy_pool, K_NO_WAIT));
264
265 /* There could be a writer waiting for credits so return a
266 * dummy credit to wake it up.
267 */
268 rfcomm_dlc_tx_give_credits(dlc, 1);
269 k_sem_give(&dlc->session->fc);
270 break;
271 default:
272 rfcomm_dlc_destroy(dlc);
273 break;
274 }
275 }
276
rfcomm_session_disconnected(struct bt_rfcomm_session * session)277 static void rfcomm_session_disconnected(struct bt_rfcomm_session *session)
278 {
279 struct bt_rfcomm_dlc *dlc;
280
281 LOG_DBG("Session %p", session);
282
283 if (session->state == BT_RFCOMM_STATE_DISCONNECTED) {
284 return;
285 }
286
287 for (dlc = session->dlcs; dlc;) {
288 struct bt_rfcomm_dlc *next;
289
290 /* prefetch since disconnected callback may cleanup */
291 next = dlc->_next;
292 dlc->_next = NULL;
293
294 rfcomm_dlc_disconnect(dlc);
295
296 dlc = next;
297 }
298
299 session->state = BT_RFCOMM_STATE_DISCONNECTED;
300 session->dlcs = NULL;
301 }
302
bt_rfcomm_create_pdu(struct net_buf_pool * pool)303 struct net_buf *bt_rfcomm_create_pdu(struct net_buf_pool *pool)
304 {
305 /* Length in RFCOMM header can be 2 bytes depending on length of user
306 * data
307 */
308 return bt_conn_create_pdu(pool,
309 sizeof(struct bt_l2cap_hdr) +
310 sizeof(struct bt_rfcomm_hdr) + 1);
311 }
312
rfcomm_send_cb(struct bt_rfcomm_session * session,struct net_buf * buf,bt_conn_tx_cb_t cb,void * user_data)313 static int rfcomm_send_cb(struct bt_rfcomm_session *session, struct net_buf *buf,
314 bt_conn_tx_cb_t cb, void *user_data)
315 {
316 int err;
317
318 err = bt_l2cap_br_chan_send_cb(&session->br_chan.chan, buf, cb, user_data);
319 if (err < 0) {
320 net_buf_unref(buf);
321 }
322
323 return err;
324 }
325
rfcomm_send(struct bt_rfcomm_session * session,struct net_buf * buf)326 static int rfcomm_send(struct bt_rfcomm_session *session, struct net_buf *buf)
327 {
328 return rfcomm_send_cb(session, buf, NULL, NULL);
329 }
330
rfcomm_send_sabm(struct bt_rfcomm_session * session,uint8_t dlci)331 static int rfcomm_send_sabm(struct bt_rfcomm_session *session, uint8_t dlci)
332 {
333 struct bt_rfcomm_hdr *hdr;
334 struct net_buf *buf;
335 uint8_t cr, fcs;
336
337 buf = bt_l2cap_create_pdu(NULL, 0);
338
339 hdr = net_buf_add(buf, sizeof(*hdr));
340 cr = BT_RFCOMM_CMD_CR(session->role);
341 hdr->address = BT_RFCOMM_SET_ADDR(dlci, cr);
342 hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_SABM, BT_RFCOMM_PF_NON_UIH);
343 hdr->length = BT_RFCOMM_SET_LEN_8(0);
344
345 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_NON_UIH, buf->data);
346 net_buf_add_u8(buf, fcs);
347
348 return rfcomm_send(session, buf);
349 }
350
rfcomm_send_disc(struct bt_rfcomm_session * session,uint8_t dlci)351 static int rfcomm_send_disc(struct bt_rfcomm_session *session, uint8_t dlci)
352 {
353 struct bt_rfcomm_hdr *hdr;
354 struct net_buf *buf;
355 uint8_t fcs, cr;
356
357 LOG_DBG("dlci %d", dlci);
358
359 buf = bt_l2cap_create_pdu(NULL, 0);
360
361 hdr = net_buf_add(buf, sizeof(*hdr));
362 cr = BT_RFCOMM_RESP_CR(session->role);
363 hdr->address = BT_RFCOMM_SET_ADDR(dlci, cr);
364 hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_DISC, BT_RFCOMM_PF_NON_UIH);
365 hdr->length = BT_RFCOMM_SET_LEN_8(0);
366 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_NON_UIH, buf->data);
367 net_buf_add_u8(buf, fcs);
368
369 return rfcomm_send(session, buf);
370 }
371
rfcomm_session_disconnect(struct bt_rfcomm_session * session)372 static void rfcomm_session_disconnect(struct bt_rfcomm_session *session)
373 {
374 if (session->dlcs) {
375 return;
376 }
377
378 session->state = BT_RFCOMM_STATE_DISCONNECTING;
379 rfcomm_send_disc(session, 0);
380 k_work_reschedule(&session->rtx_work, RFCOMM_DISC_TIMEOUT);
381 }
382
rfcomm_make_uih_msg(struct bt_rfcomm_session * session,uint8_t cr,uint8_t type,uint8_t len)383 static struct net_buf *rfcomm_make_uih_msg(struct bt_rfcomm_session *session,
384 uint8_t cr, uint8_t type,
385 uint8_t len)
386 {
387 struct bt_rfcomm_hdr *hdr;
388 struct bt_rfcomm_msg_hdr *msg_hdr;
389 struct net_buf *buf;
390 uint8_t hdr_cr;
391
392 buf = bt_l2cap_create_pdu(NULL, 0);
393
394 hdr = net_buf_add(buf, sizeof(*hdr));
395 hdr_cr = BT_RFCOMM_UIH_CR(session->role);
396 hdr->address = BT_RFCOMM_SET_ADDR(0, hdr_cr);
397 hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_UIH, BT_RFCOMM_PF_UIH);
398 hdr->length = BT_RFCOMM_SET_LEN_8(sizeof(*msg_hdr) + len);
399
400 msg_hdr = net_buf_add(buf, sizeof(*msg_hdr));
401 msg_hdr->type = BT_RFCOMM_SET_MSG_TYPE(type, cr);
402 msg_hdr->len = BT_RFCOMM_SET_LEN_8(len);
403
404 return buf;
405 }
406
rfcomm_connected(struct bt_l2cap_chan * chan)407 static void rfcomm_connected(struct bt_l2cap_chan *chan)
408 {
409 struct bt_rfcomm_session *session = RFCOMM_SESSION(chan);
410
411 LOG_DBG("Session %p", session);
412
413 /* Need to include UIH header and FCS*/
414 session->mtu = MIN(session->br_chan.rx.mtu,
415 session->br_chan.tx.mtu) -
416 BT_RFCOMM_HDR_SIZE + BT_RFCOMM_FCS_SIZE;
417
418 if (session->state == BT_RFCOMM_STATE_CONNECTING) {
419 rfcomm_send_sabm(session, 0);
420 }
421 }
422
rfcomm_disconnected(struct bt_l2cap_chan * chan)423 static void rfcomm_disconnected(struct bt_l2cap_chan *chan)
424 {
425 struct bt_rfcomm_session *session = RFCOMM_SESSION(chan);
426
427 LOG_DBG("Session %p", session);
428
429 k_work_cancel_delayable(&session->rtx_work);
430 rfcomm_session_disconnected(session);
431 session->state = BT_RFCOMM_STATE_IDLE;
432 }
433
rfcomm_dlc_rtx_timeout(struct k_work * work)434 static void rfcomm_dlc_rtx_timeout(struct k_work *work)
435 {
436 struct bt_rfcomm_dlc *dlc = DLC_RTX(work);
437 struct bt_rfcomm_session *session = dlc->session;
438
439 LOG_WRN("dlc %p state %d timeout", dlc, dlc->state);
440
441 rfcomm_dlcs_remove_dlci(session->dlcs, dlc->dlci);
442 rfcomm_dlc_disconnect(dlc);
443 rfcomm_session_disconnect(session);
444 }
445
rfcomm_dlc_init(struct bt_rfcomm_dlc * dlc,struct bt_rfcomm_session * session,uint8_t dlci,bt_rfcomm_role_t role)446 static void rfcomm_dlc_init(struct bt_rfcomm_dlc *dlc,
447 struct bt_rfcomm_session *session,
448 uint8_t dlci,
449 bt_rfcomm_role_t role)
450 {
451 LOG_DBG("dlc %p", dlc);
452
453 dlc->dlci = dlci;
454 dlc->session = session;
455 dlc->rx_credit = RFCOMM_DEFAULT_CREDIT;
456 dlc->state = BT_RFCOMM_STATE_INIT;
457 dlc->role = role;
458 k_work_init_delayable(&dlc->rtx_work, rfcomm_dlc_rtx_timeout);
459
460 /* Start a conn timer which includes auth as well */
461 k_work_schedule(&dlc->rtx_work, RFCOMM_CONN_TIMEOUT);
462
463 dlc->_next = session->dlcs;
464 session->dlcs = dlc;
465 }
466
rfcomm_dlc_accept(struct bt_rfcomm_session * session,uint8_t dlci)467 static struct bt_rfcomm_dlc *rfcomm_dlc_accept(struct bt_rfcomm_session *session,
468 uint8_t dlci)
469 {
470 struct bt_rfcomm_server *server;
471 struct bt_rfcomm_dlc *dlc;
472 uint8_t channel;
473
474 channel = BT_RFCOMM_GET_CHANNEL(dlci);
475 server = rfcomm_server_lookup_channel(channel);
476 if (!server) {
477 LOG_ERR("Server Channel not registered");
478 return NULL;
479 }
480
481 if (server->accept(session->br_chan.chan.conn, &dlc) < 0) {
482 LOG_DBG("Incoming connection rejected");
483 return NULL;
484 }
485
486 if (!BT_RFCOMM_CHECK_MTU(dlc->mtu)) {
487 rfcomm_dlc_destroy(dlc);
488 return NULL;
489 }
490
491 rfcomm_dlc_init(dlc, session, dlci, BT_RFCOMM_ROLE_ACCEPTOR);
492 dlc->mtu = MIN(dlc->mtu, session->mtu);
493
494 return dlc;
495 }
496
rfcomm_send_dm(struct bt_rfcomm_session * session,uint8_t dlci)497 static int rfcomm_send_dm(struct bt_rfcomm_session *session, uint8_t dlci)
498 {
499 struct bt_rfcomm_hdr *hdr;
500 struct net_buf *buf;
501 uint8_t fcs, cr;
502
503 LOG_DBG("dlci %d", dlci);
504
505 buf = bt_l2cap_create_pdu(NULL, 0);
506
507 hdr = net_buf_add(buf, sizeof(*hdr));
508 cr = BT_RFCOMM_RESP_CR(session->role);
509 hdr->address = BT_RFCOMM_SET_ADDR(dlci, cr);
510 /* For DM PF bit is not relevant, we set it 1 */
511 hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_DM, BT_RFCOMM_PF_NON_UIH);
512 hdr->length = BT_RFCOMM_SET_LEN_8(0);
513 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_NON_UIH, buf->data);
514 net_buf_add_u8(buf, fcs);
515
516 return rfcomm_send(session, buf);
517 }
518
rfcomm_check_fc(struct bt_rfcomm_dlc * dlc)519 static void rfcomm_check_fc(struct bt_rfcomm_dlc *dlc)
520 {
521 LOG_DBG("%p", dlc);
522
523 LOG_DBG("Wait for credits or MSC FC %p", dlc);
524 /* Wait for credits or MSC FC */
525 k_sem_take(&dlc->tx_credits, K_FOREVER);
526
527 if (dlc->session->cfc == BT_RFCOMM_CFC_SUPPORTED) {
528 return;
529 }
530
531 k_sem_take(&dlc->session->fc, K_FOREVER);
532
533 /* Give the sems immediately so that sem will be available for all
534 * the bufs in the queue. It will be blocked only once all the bufs
535 * are sent (which will preempt this thread) and FCOFF / FC bit
536 * with 1, is received.
537 */
538 k_sem_give(&dlc->session->fc);
539 k_sem_give(&dlc->tx_credits);
540 }
541
bt_rfcomm_tx_destroy(struct bt_rfcomm_dlc * dlc,struct net_buf * buf)542 static void bt_rfcomm_tx_destroy(struct bt_rfcomm_dlc *dlc, struct net_buf *buf)
543 {
544 LOG_DBG("dlc %p, buf %p", dlc, buf);
545
546 if ((buf == NULL) || (buf->len == 0)) {
547 return;
548 }
549
550 if (dlc && dlc->ops && dlc->ops->sent) {
551 dlc->ops->sent(dlc, -ESHUTDOWN);
552 }
553 }
554
rfcomm_sent(struct bt_conn * conn,void * user_data,int err)555 static void rfcomm_sent(struct bt_conn *conn, void *user_data, int err)
556 {
557 struct bt_rfcomm_dlc *dlc;
558
559 LOG_DBG("conn %p", conn);
560
561 if (user_data == NULL) {
562 return;
563 }
564
565 dlc = (struct bt_rfcomm_dlc *)user_data;
566
567 if (dlc && dlc->ops && dlc->ops->sent) {
568 dlc->ops->sent(dlc, err);
569 }
570 }
571
rfcomm_dlc_tx_thread(void * p1,void * p2,void * p3)572 static void rfcomm_dlc_tx_thread(void *p1, void *p2, void *p3)
573 {
574 struct bt_rfcomm_dlc *dlc = p1;
575 k_timeout_t timeout = K_FOREVER;
576 struct net_buf *buf;
577
578 LOG_DBG("Started for dlc %p", dlc);
579
580 while (dlc->state == BT_RFCOMM_STATE_CONNECTED ||
581 dlc->state == BT_RFCOMM_STATE_USER_DISCONNECT) {
582 /* Get next packet for dlc */
583 LOG_DBG("Wait for buf %p", dlc);
584 buf = k_fifo_get(&dlc->tx_queue, timeout);
585 /* If its dummy buffer or non user disconnect then break */
586 if ((dlc->state != BT_RFCOMM_STATE_CONNECTED &&
587 dlc->state != BT_RFCOMM_STATE_USER_DISCONNECT) ||
588 !buf || !buf->len) {
589 if (buf) {
590 bt_rfcomm_tx_destroy(dlc, buf);
591 net_buf_unref(buf);
592 }
593 break;
594 }
595
596 rfcomm_check_fc(dlc);
597 if (dlc->state != BT_RFCOMM_STATE_CONNECTED &&
598 dlc->state != BT_RFCOMM_STATE_USER_DISCONNECT) {
599 bt_rfcomm_tx_destroy(dlc, buf);
600 net_buf_unref(buf);
601 break;
602 }
603
604 if (rfcomm_send_cb(dlc->session, buf, rfcomm_sent, dlc) < 0) {
605 /* This fails only if channel is disconnected */
606 dlc->state = BT_RFCOMM_STATE_DISCONNECTED;
607 bt_rfcomm_tx_destroy(dlc, buf);
608 break;
609 }
610
611 if (dlc->state == BT_RFCOMM_STATE_USER_DISCONNECT) {
612 timeout = K_NO_WAIT;
613 }
614 }
615
616 LOG_DBG("dlc %p disconnected - cleaning up", dlc);
617
618 /* Give back any allocated buffers */
619 while ((buf = k_fifo_get(&dlc->tx_queue, K_NO_WAIT))) {
620 bt_rfcomm_tx_destroy(dlc, buf);
621 net_buf_unref(buf);
622 }
623
624 if (dlc->state == BT_RFCOMM_STATE_USER_DISCONNECT) {
625 dlc->state = BT_RFCOMM_STATE_DISCONNECTING;
626 }
627
628 if (dlc->state == BT_RFCOMM_STATE_DISCONNECTING) {
629 rfcomm_send_disc(dlc->session, dlc->dlci);
630 k_work_reschedule(&dlc->rtx_work, RFCOMM_DISC_TIMEOUT);
631 } else {
632 rfcomm_dlc_destroy(dlc);
633 }
634
635 LOG_DBG("dlc %p exiting", dlc);
636 }
637
rfcomm_send_ua(struct bt_rfcomm_session * session,uint8_t dlci)638 static int rfcomm_send_ua(struct bt_rfcomm_session *session, uint8_t dlci)
639 {
640 struct bt_rfcomm_hdr *hdr;
641 struct net_buf *buf;
642 uint8_t cr, fcs;
643
644 buf = bt_l2cap_create_pdu(NULL, 0);
645
646 hdr = net_buf_add(buf, sizeof(*hdr));
647 cr = BT_RFCOMM_RESP_CR(session->role);
648 hdr->address = BT_RFCOMM_SET_ADDR(dlci, cr);
649 hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_UA, BT_RFCOMM_PF_NON_UIH);
650 hdr->length = BT_RFCOMM_SET_LEN_8(0);
651
652 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_NON_UIH, buf->data);
653 net_buf_add_u8(buf, fcs);
654
655 return rfcomm_send(session, buf);
656 }
657
rfcomm_send_msc(struct bt_rfcomm_dlc * dlc,uint8_t cr,uint8_t v24_signal)658 static int rfcomm_send_msc(struct bt_rfcomm_dlc *dlc, uint8_t cr,
659 uint8_t v24_signal)
660 {
661 struct bt_rfcomm_msc *msc;
662 struct net_buf *buf;
663 uint8_t fcs;
664
665 buf = rfcomm_make_uih_msg(dlc->session, cr, BT_RFCOMM_MSC,
666 sizeof(*msc));
667
668 msc = net_buf_add(buf, sizeof(*msc));
669 /* cr bit should be always 1 in MSC */
670 msc->dlci = BT_RFCOMM_SET_ADDR(dlc->dlci, 1);
671 msc->v24_signal = v24_signal;
672
673 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
674 net_buf_add_u8(buf, fcs);
675
676 return rfcomm_send(dlc->session, buf);
677 }
678
rfcomm_send_rls(struct bt_rfcomm_dlc * dlc,uint8_t cr,uint8_t line_status)679 static int rfcomm_send_rls(struct bt_rfcomm_dlc *dlc, uint8_t cr,
680 uint8_t line_status)
681 {
682 struct bt_rfcomm_rls *rls;
683 struct net_buf *buf;
684 uint8_t fcs;
685
686 buf = rfcomm_make_uih_msg(dlc->session, cr, BT_RFCOMM_RLS,
687 sizeof(*rls));
688
689 rls = net_buf_add(buf, sizeof(*rls));
690 /* cr bit should be always 1 in RLS */
691 rls->dlci = BT_RFCOMM_SET_ADDR(dlc->dlci, 1);
692 rls->line_status = line_status;
693
694 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
695 net_buf_add_u8(buf, fcs);
696
697 return rfcomm_send(dlc->session, buf);
698 }
699
rfcomm_send_rpn(struct bt_rfcomm_session * session,uint8_t cr,struct bt_rfcomm_rpn * rpn)700 static int rfcomm_send_rpn(struct bt_rfcomm_session *session, uint8_t cr,
701 struct bt_rfcomm_rpn *rpn)
702 {
703 struct net_buf *buf;
704 uint8_t fcs;
705
706 buf = rfcomm_make_uih_msg(session, cr, BT_RFCOMM_RPN, sizeof(*rpn));
707
708 net_buf_add_mem(buf, rpn, sizeof(*rpn));
709
710 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
711 net_buf_add_u8(buf, fcs);
712
713 return rfcomm_send(session, buf);
714 }
715
rfcomm_send_test(struct bt_rfcomm_session * session,uint8_t cr,uint8_t * pattern,uint8_t len)716 static int rfcomm_send_test(struct bt_rfcomm_session *session, uint8_t cr,
717 uint8_t *pattern, uint8_t len)
718 {
719 struct net_buf *buf;
720 uint8_t fcs;
721
722 buf = rfcomm_make_uih_msg(session, cr, BT_RFCOMM_TEST, len);
723
724 net_buf_add_mem(buf, pattern, len);
725
726 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
727 net_buf_add_u8(buf, fcs);
728
729 return rfcomm_send(session, buf);
730 }
731
rfcomm_send_nsc(struct bt_rfcomm_session * session,uint8_t cmd_type)732 static int rfcomm_send_nsc(struct bt_rfcomm_session *session, uint8_t cmd_type)
733 {
734 struct net_buf *buf;
735 uint8_t fcs;
736
737 buf = rfcomm_make_uih_msg(session, BT_RFCOMM_MSG_RESP_CR,
738 BT_RFCOMM_NSC, sizeof(cmd_type));
739
740 net_buf_add_u8(buf, cmd_type);
741
742 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
743 net_buf_add_u8(buf, fcs);
744
745 return rfcomm_send(session, buf);
746 }
747
rfcomm_send_fcon(struct bt_rfcomm_session * session,uint8_t cr)748 static int rfcomm_send_fcon(struct bt_rfcomm_session *session, uint8_t cr)
749 {
750 struct net_buf *buf;
751 uint8_t fcs;
752
753 buf = rfcomm_make_uih_msg(session, cr, BT_RFCOMM_FCON, 0);
754
755 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
756 net_buf_add_u8(buf, fcs);
757
758 return rfcomm_send(session, buf);
759 }
760
rfcomm_send_fcoff(struct bt_rfcomm_session * session,uint8_t cr)761 static int rfcomm_send_fcoff(struct bt_rfcomm_session *session, uint8_t cr)
762 {
763 struct net_buf *buf;
764 uint8_t fcs;
765
766 buf = rfcomm_make_uih_msg(session, cr, BT_RFCOMM_FCOFF, 0);
767
768 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
769 net_buf_add_u8(buf, fcs);
770
771 return rfcomm_send(session, buf);
772 }
773
rfcomm_dlc_connected(struct bt_rfcomm_dlc * dlc)774 static void rfcomm_dlc_connected(struct bt_rfcomm_dlc *dlc)
775 {
776 dlc->state = BT_RFCOMM_STATE_CONNECTED;
777
778 rfcomm_send_msc(dlc, BT_RFCOMM_MSG_CMD_CR, BT_RFCOMM_DEFAULT_V24_SIG);
779
780 if (dlc->session->cfc == BT_RFCOMM_CFC_UNKNOWN) {
781 /* This means PN negotiation is not done for this session and
782 * can happen only for 1.0b device.
783 */
784 dlc->session->cfc = BT_RFCOMM_CFC_NOT_SUPPORTED;
785 }
786
787 if (dlc->session->cfc == BT_RFCOMM_CFC_NOT_SUPPORTED) {
788 LOG_DBG("CFC not supported %p", dlc);
789 rfcomm_send_fcon(dlc->session, BT_RFCOMM_MSG_CMD_CR);
790 /* Use tx_credits as binary sem for MSC FC */
791 k_sem_init(&dlc->tx_credits, 0, 1);
792 }
793
794 /* Cancel conn timer */
795 k_work_cancel_delayable(&dlc->rtx_work);
796
797 k_fifo_init(&dlc->tx_queue);
798 k_thread_create(&dlc->tx_thread, dlc->stack,
799 K_KERNEL_STACK_SIZEOF(dlc->stack),
800 rfcomm_dlc_tx_thread, dlc, NULL, NULL, K_PRIO_COOP(7),
801 0, K_NO_WAIT);
802 k_thread_name_set(&dlc->tx_thread, "BT DLC");
803
804 if (dlc->ops && dlc->ops->connected) {
805 dlc->ops->connected(dlc);
806 }
807 }
808
809 enum security_result {
810 RFCOMM_SECURITY_PASSED,
811 RFCOMM_SECURITY_REJECT,
812 RFCOMM_SECURITY_PENDING
813 };
814
rfcomm_dlc_security(struct bt_rfcomm_dlc * dlc)815 static enum security_result rfcomm_dlc_security(struct bt_rfcomm_dlc *dlc)
816 {
817 struct bt_conn *conn = dlc->session->br_chan.chan.conn;
818
819 LOG_DBG("dlc %p", dlc);
820
821 /* If current security level is greater than or equal to required
822 * security level then return SUCCESS.
823 * For SSP devices the current security will be at least MEDIUM
824 * since L2CAP is enforcing it
825 */
826 if (conn->sec_level >= dlc->required_sec_level) {
827 return RFCOMM_SECURITY_PASSED;
828 }
829
830 if (!bt_conn_set_security(conn, dlc->required_sec_level)) {
831 /*
832 * General Bonding refers to the process of performing bonding
833 * during connection setup or channel establishment procedures
834 * as a precursor to accessing a service.
835 * For current case, it is dedicated bonding.
836 */
837 atomic_set_bit(conn->flags, BT_CONN_BR_GENERAL_BONDING);
838 /* If Security elevation is initiated or in progress */
839 return RFCOMM_SECURITY_PENDING;
840 }
841
842 /* Security request failed */
843 return RFCOMM_SECURITY_REJECT;
844 }
845
rfcomm_dlc_drop(struct bt_rfcomm_dlc * dlc)846 static void rfcomm_dlc_drop(struct bt_rfcomm_dlc *dlc)
847 {
848 LOG_DBG("dlc %p", dlc);
849
850 rfcomm_dlcs_remove_dlci(dlc->session->dlcs, dlc->dlci);
851 rfcomm_dlc_destroy(dlc);
852 }
853
rfcomm_dlc_close(struct bt_rfcomm_dlc * dlc)854 static int rfcomm_dlc_close(struct bt_rfcomm_dlc *dlc)
855 {
856 LOG_DBG("dlc %p", dlc);
857
858 switch (dlc->state) {
859 case BT_RFCOMM_STATE_SECURITY_PENDING:
860 if (dlc->role == BT_RFCOMM_ROLE_ACCEPTOR) {
861 rfcomm_send_dm(dlc->session, dlc->dlci);
862 }
863 __fallthrough;
864 case BT_RFCOMM_STATE_INIT:
865 rfcomm_dlc_drop(dlc);
866 break;
867 case BT_RFCOMM_STATE_CONNECTING:
868 case BT_RFCOMM_STATE_CONFIG:
869 dlc->state = BT_RFCOMM_STATE_DISCONNECTING;
870 rfcomm_send_disc(dlc->session, dlc->dlci);
871 k_work_reschedule(&dlc->rtx_work, RFCOMM_DISC_TIMEOUT);
872 break;
873 case BT_RFCOMM_STATE_CONNECTED:
874 dlc->state = BT_RFCOMM_STATE_DISCONNECTING;
875
876 /* Queue a dummy buffer to wake up and stop the
877 * tx thread.
878 */
879 k_fifo_put(&dlc->tx_queue,
880 net_buf_alloc(&dummy_pool, K_NO_WAIT));
881
882 /* There could be a writer waiting for credits so return a
883 * dummy credit to wake it up.
884 */
885 rfcomm_dlc_tx_give_credits(dlc, 1);
886 break;
887 case BT_RFCOMM_STATE_DISCONNECTING:
888 case BT_RFCOMM_STATE_DISCONNECTED:
889 break;
890 case BT_RFCOMM_STATE_IDLE:
891 default:
892 return -EINVAL;
893 }
894
895 return 0;
896 }
897
rfcomm_handle_sabm(struct bt_rfcomm_session * session,uint8_t dlci)898 static void rfcomm_handle_sabm(struct bt_rfcomm_session *session, uint8_t dlci)
899 {
900 if (!dlci) {
901 if (rfcomm_send_ua(session, dlci) < 0) {
902 return;
903 }
904
905 session->state = BT_RFCOMM_STATE_CONNECTED;
906 } else {
907 struct bt_rfcomm_dlc *dlc;
908 enum security_result result;
909
910 dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
911 if (!dlc) {
912 dlc = rfcomm_dlc_accept(session, dlci);
913 if (!dlc) {
914 rfcomm_send_dm(session, dlci);
915 return;
916 }
917 }
918
919 result = rfcomm_dlc_security(dlc);
920 switch (result) {
921 case RFCOMM_SECURITY_PENDING:
922 dlc->state = BT_RFCOMM_STATE_SECURITY_PENDING;
923 return;
924 case RFCOMM_SECURITY_PASSED:
925 break;
926 case RFCOMM_SECURITY_REJECT:
927 default:
928 rfcomm_send_dm(session, dlci);
929 rfcomm_dlc_drop(dlc);
930 return;
931 }
932
933 if (rfcomm_send_ua(session, dlci) < 0) {
934 return;
935 }
936
937 /* Cancel idle timer if any */
938 k_work_cancel_delayable(&session->rtx_work);
939
940 rfcomm_dlc_connected(dlc);
941 }
942 }
943
rfcomm_send_pn(struct bt_rfcomm_dlc * dlc,uint8_t cr)944 static int rfcomm_send_pn(struct bt_rfcomm_dlc *dlc, uint8_t cr)
945 {
946 struct bt_rfcomm_pn *pn;
947 struct net_buf *buf;
948 uint8_t fcs;
949
950 buf = rfcomm_make_uih_msg(dlc->session, cr, BT_RFCOMM_PN, sizeof(*pn));
951
952 LOG_DBG("mtu %x", dlc->mtu);
953
954 pn = net_buf_add(buf, sizeof(*pn));
955 pn->dlci = dlc->dlci;
956 pn->mtu = sys_cpu_to_le16(dlc->mtu);
957 if (dlc->state == BT_RFCOMM_STATE_CONFIG &&
958 (dlc->session->cfc == BT_RFCOMM_CFC_UNKNOWN ||
959 dlc->session->cfc == BT_RFCOMM_CFC_SUPPORTED)) {
960 pn->credits = dlc->rx_credit;
961 if (cr) {
962 pn->flow_ctrl = BT_RFCOMM_PN_CFC_CMD;
963 } else {
964 pn->flow_ctrl = BT_RFCOMM_PN_CFC_RESP;
965 }
966 } else {
967 /* If PN comes in already opened dlc or cfc not supported
968 * these should be 0
969 */
970 pn->credits = 0U;
971 pn->flow_ctrl = 0U;
972 }
973 pn->max_retrans = 0U;
974 pn->ack_timer = 0U;
975 pn->priority = 0U;
976
977 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
978 net_buf_add_u8(buf, fcs);
979
980 return rfcomm_send(dlc->session, buf);
981 }
982
rfcomm_send_credit(struct bt_rfcomm_dlc * dlc,uint8_t credits)983 static int rfcomm_send_credit(struct bt_rfcomm_dlc *dlc, uint8_t credits)
984 {
985 struct bt_rfcomm_hdr *hdr;
986 struct net_buf *buf;
987 uint8_t fcs, cr;
988
989 LOG_DBG("Dlc %p credits %d", dlc, credits);
990
991 buf = bt_l2cap_create_pdu(NULL, 0);
992
993 hdr = net_buf_add(buf, sizeof(*hdr));
994 cr = BT_RFCOMM_UIH_CR(dlc->session->role);
995 hdr->address = BT_RFCOMM_SET_ADDR(dlc->dlci, cr);
996 hdr->control = BT_RFCOMM_SET_CTRL(BT_RFCOMM_UIH,
997 BT_RFCOMM_PF_UIH_CREDIT);
998 hdr->length = BT_RFCOMM_SET_LEN_8(0);
999 net_buf_add_u8(buf, credits);
1000 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
1001 net_buf_add_u8(buf, fcs);
1002
1003 return rfcomm_send(dlc->session, buf);
1004 }
1005
rfcomm_dlc_start(struct bt_rfcomm_dlc * dlc)1006 static int rfcomm_dlc_start(struct bt_rfcomm_dlc *dlc)
1007 {
1008 enum security_result result;
1009
1010 LOG_DBG("dlc %p", dlc);
1011
1012 result = rfcomm_dlc_security(dlc);
1013 switch (result) {
1014 case RFCOMM_SECURITY_PASSED:
1015 dlc->mtu = MIN(dlc->mtu, dlc->session->mtu);
1016 dlc->state = BT_RFCOMM_STATE_CONFIG;
1017 rfcomm_send_pn(dlc, BT_RFCOMM_MSG_CMD_CR);
1018 break;
1019 case RFCOMM_SECURITY_PENDING:
1020 dlc->state = BT_RFCOMM_STATE_SECURITY_PENDING;
1021 break;
1022 case RFCOMM_SECURITY_REJECT:
1023 default:
1024 return -EIO;
1025 }
1026
1027 return 0;
1028 }
1029
rfcomm_handle_ua(struct bt_rfcomm_session * session,uint8_t dlci)1030 static void rfcomm_handle_ua(struct bt_rfcomm_session *session, uint8_t dlci)
1031 {
1032 struct bt_rfcomm_dlc *dlc, *next;
1033 int err;
1034
1035 if (!dlci) {
1036 switch (session->state) {
1037 case BT_RFCOMM_STATE_CONNECTING:
1038 session->state = BT_RFCOMM_STATE_CONNECTED;
1039 for (dlc = session->dlcs; dlc; dlc = next) {
1040 next = dlc->_next;
1041 if (dlc->role == BT_RFCOMM_ROLE_INITIATOR &&
1042 dlc->state == BT_RFCOMM_STATE_INIT) {
1043 if (rfcomm_dlc_start(dlc) < 0) {
1044 rfcomm_dlc_drop(dlc);
1045 }
1046 }
1047 }
1048 /* Disconnect session if there is no dlcs left */
1049 rfcomm_session_disconnect(session);
1050 break;
1051 case BT_RFCOMM_STATE_DISCONNECTING:
1052 session->state = BT_RFCOMM_STATE_DISCONNECTED;
1053 /* Cancel disc timer */
1054 k_work_cancel_delayable(&session->rtx_work);
1055 err = bt_l2cap_chan_disconnect(&session->br_chan.chan);
1056 if (err < 0) {
1057 session->state = BT_RFCOMM_STATE_IDLE;
1058 }
1059 break;
1060 default:
1061 break;
1062 }
1063 } else {
1064 dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
1065 if (!dlc) {
1066 return;
1067 }
1068
1069 switch (dlc->state) {
1070 case BT_RFCOMM_STATE_CONNECTING:
1071 rfcomm_dlc_connected(dlc);
1072 break;
1073 case BT_RFCOMM_STATE_DISCONNECTING:
1074 rfcomm_dlc_drop(dlc);
1075 rfcomm_session_disconnect(session);
1076 break;
1077 default:
1078 break;
1079 }
1080 }
1081 }
1082
rfcomm_handle_dm(struct bt_rfcomm_session * session,uint8_t dlci)1083 static void rfcomm_handle_dm(struct bt_rfcomm_session *session, uint8_t dlci)
1084 {
1085 struct bt_rfcomm_dlc *dlc;
1086
1087 LOG_DBG("dlci %d", dlci);
1088
1089 dlc = rfcomm_dlcs_remove_dlci(session->dlcs, dlci);
1090 if (!dlc) {
1091 return;
1092 }
1093
1094 rfcomm_dlc_disconnect(dlc);
1095 rfcomm_session_disconnect(session);
1096 }
1097
rfcomm_handle_msc(struct bt_rfcomm_session * session,struct net_buf * buf,uint8_t cr)1098 static void rfcomm_handle_msc(struct bt_rfcomm_session *session,
1099 struct net_buf *buf, uint8_t cr)
1100 {
1101 struct bt_rfcomm_msc *msc = (void *)buf->data;
1102 struct bt_rfcomm_dlc *dlc;
1103 uint8_t dlci = BT_RFCOMM_GET_DLCI(msc->dlci);
1104
1105 LOG_DBG("dlci %d", dlci);
1106
1107 dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
1108 if (!dlc) {
1109 return;
1110 }
1111
1112 if (cr == BT_RFCOMM_MSG_RESP_CR) {
1113 return;
1114 }
1115
1116 if (dlc->session->cfc == BT_RFCOMM_CFC_NOT_SUPPORTED) {
1117 /* Only FC bit affects the flow on RFCOMM level */
1118 if (BT_RFCOMM_GET_FC(msc->v24_signal)) {
1119 /* If FC bit is 1 the device is unable to accept frames.
1120 * Take the semaphore with timeout K_NO_WAIT so that
1121 * dlc thread will be blocked when it tries sem_take
1122 * before sending the data. K_NO_WAIT timeout will make
1123 * sure that RX thread will not be blocked while taking
1124 * the semaphore.
1125 */
1126 k_sem_take(&dlc->tx_credits, K_NO_WAIT);
1127 } else {
1128 /* Give the sem so that it will unblock the waiting dlc
1129 * thread in sem_take().
1130 */
1131 k_sem_give(&dlc->tx_credits);
1132 }
1133 }
1134
1135 rfcomm_send_msc(dlc, BT_RFCOMM_MSG_RESP_CR, msc->v24_signal);
1136 }
1137
rfcomm_handle_rls(struct bt_rfcomm_session * session,struct net_buf * buf,uint8_t cr)1138 static void rfcomm_handle_rls(struct bt_rfcomm_session *session,
1139 struct net_buf *buf, uint8_t cr)
1140 {
1141 struct bt_rfcomm_rls *rls = (void *)buf->data;
1142 uint8_t dlci = BT_RFCOMM_GET_DLCI(rls->dlci);
1143 struct bt_rfcomm_dlc *dlc;
1144
1145 LOG_DBG("dlci %d", dlci);
1146
1147 if (!cr) {
1148 /* Ignore if its a response */
1149 return;
1150 }
1151
1152 dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
1153 if (!dlc) {
1154 return;
1155 }
1156
1157 /* As per the ETSI same line status has to returned in the response */
1158 rfcomm_send_rls(dlc, BT_RFCOMM_MSG_RESP_CR, rls->line_status);
1159 }
1160
rfcomm_handle_rpn(struct bt_rfcomm_session * session,struct net_buf * buf,uint8_t cr)1161 static void rfcomm_handle_rpn(struct bt_rfcomm_session *session,
1162 struct net_buf *buf, uint8_t cr)
1163 {
1164 struct bt_rfcomm_rpn default_rpn, *rpn = (void *)buf->data;
1165 uint8_t dlci = BT_RFCOMM_GET_DLCI(rpn->dlci);
1166 uint8_t data_bits, stop_bits, parity_bits;
1167 /* Exclude fcs to get number of value bytes */
1168 uint8_t value_len = buf->len - 1;
1169
1170 LOG_DBG("dlci %d", dlci);
1171
1172 if (!cr) {
1173 /* Ignore if its a response */
1174 return;
1175 }
1176
1177 if (value_len == sizeof(*rpn)) {
1178 /* Accept all the values proposed by the sender */
1179 rpn->param_mask = sys_cpu_to_le16(BT_RFCOMM_RPN_PARAM_MASK_ALL);
1180 rfcomm_send_rpn(session, BT_RFCOMM_MSG_RESP_CR, rpn);
1181 return;
1182 }
1183
1184 if (value_len != 1U) {
1185 return;
1186 }
1187
1188 /* If only one value byte then current port settings has to be returned
1189 * We will send default values
1190 */
1191 default_rpn.dlci = BT_RFCOMM_SET_ADDR(dlci, 1);
1192 default_rpn.baud_rate = BT_RFCOMM_RPN_BAUD_RATE_9600;
1193 default_rpn.flow_control = BT_RFCOMM_RPN_FLOW_NONE;
1194 default_rpn.xoff_char = BT_RFCOMM_RPN_XOFF_CHAR;
1195 default_rpn.xon_char = BT_RFCOMM_RPN_XON_CHAR;
1196 data_bits = BT_RFCOMM_RPN_DATA_BITS_8;
1197 stop_bits = BT_RFCOMM_RPN_STOP_BITS_1;
1198 parity_bits = BT_RFCOMM_RPN_PARITY_NONE;
1199 default_rpn.line_settings = BT_RFCOMM_SET_LINE_SETTINGS(data_bits,
1200 stop_bits,
1201 parity_bits);
1202 default_rpn.param_mask = sys_cpu_to_le16(BT_RFCOMM_RPN_PARAM_MASK_ALL);
1203
1204 rfcomm_send_rpn(session, BT_RFCOMM_MSG_RESP_CR, &default_rpn);
1205 }
1206
rfcomm_handle_pn(struct bt_rfcomm_session * session,struct net_buf * buf,uint8_t cr)1207 static void rfcomm_handle_pn(struct bt_rfcomm_session *session,
1208 struct net_buf *buf, uint8_t cr)
1209 {
1210 struct bt_rfcomm_pn *pn = (void *)buf->data;
1211 struct bt_rfcomm_dlc *dlc;
1212
1213 dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, pn->dlci);
1214 if (!dlc) {
1215 /* Ignore if it is a response */
1216 if (!cr) {
1217 return;
1218 }
1219
1220 if (!BT_RFCOMM_CHECK_MTU(pn->mtu)) {
1221 LOG_ERR("Invalid mtu %d", pn->mtu);
1222 rfcomm_send_dm(session, pn->dlci);
1223 return;
1224 }
1225
1226 dlc = rfcomm_dlc_accept(session, pn->dlci);
1227 if (!dlc) {
1228 rfcomm_send_dm(session, pn->dlci);
1229 return;
1230 }
1231
1232 LOG_DBG("Incoming connection accepted dlc %p", dlc);
1233
1234 dlc->mtu = MIN(dlc->mtu, sys_le16_to_cpu(pn->mtu));
1235
1236 if (pn->flow_ctrl == BT_RFCOMM_PN_CFC_CMD) {
1237 if (session->cfc == BT_RFCOMM_CFC_UNKNOWN) {
1238 session->cfc = BT_RFCOMM_CFC_SUPPORTED;
1239 }
1240 k_sem_init(&dlc->tx_credits, 0, K_SEM_MAX_LIMIT);
1241 rfcomm_dlc_tx_give_credits(dlc, pn->credits);
1242 } else {
1243 session->cfc = BT_RFCOMM_CFC_NOT_SUPPORTED;
1244 }
1245
1246 dlc->state = BT_RFCOMM_STATE_CONFIG;
1247 rfcomm_send_pn(dlc, BT_RFCOMM_MSG_RESP_CR);
1248 /* Cancel idle timer if any */
1249 k_work_cancel_delayable(&session->rtx_work);
1250 } else {
1251 /* If its a command */
1252 if (cr) {
1253 if (!BT_RFCOMM_CHECK_MTU(pn->mtu)) {
1254 LOG_ERR("Invalid mtu %d", pn->mtu);
1255 rfcomm_dlc_close(dlc);
1256 return;
1257 }
1258 dlc->mtu = MIN(dlc->mtu, sys_le16_to_cpu(pn->mtu));
1259 rfcomm_send_pn(dlc, BT_RFCOMM_MSG_RESP_CR);
1260 } else {
1261 if (dlc->state != BT_RFCOMM_STATE_CONFIG) {
1262 return;
1263 }
1264
1265 dlc->mtu = MIN(dlc->mtu, sys_le16_to_cpu(pn->mtu));
1266 if (pn->flow_ctrl == BT_RFCOMM_PN_CFC_RESP) {
1267 if (session->cfc == BT_RFCOMM_CFC_UNKNOWN) {
1268 session->cfc = BT_RFCOMM_CFC_SUPPORTED;
1269 }
1270 k_sem_init(&dlc->tx_credits, 0, K_SEM_MAX_LIMIT);
1271 rfcomm_dlc_tx_give_credits(dlc, pn->credits);
1272 } else {
1273 session->cfc = BT_RFCOMM_CFC_NOT_SUPPORTED;
1274 }
1275
1276 dlc->state = BT_RFCOMM_STATE_CONNECTING;
1277 rfcomm_send_sabm(session, dlc->dlci);
1278 }
1279 }
1280 }
1281
rfcomm_handle_disc(struct bt_rfcomm_session * session,uint8_t dlci)1282 static void rfcomm_handle_disc(struct bt_rfcomm_session *session, uint8_t dlci)
1283 {
1284 struct bt_rfcomm_dlc *dlc;
1285
1286 LOG_DBG("Dlci %d", dlci);
1287
1288 if (dlci) {
1289 dlc = rfcomm_dlcs_remove_dlci(session->dlcs, dlci);
1290 if (!dlc) {
1291 rfcomm_send_dm(session, dlci);
1292 return;
1293 }
1294
1295 rfcomm_send_ua(session, dlci);
1296 rfcomm_dlc_disconnect(dlc);
1297
1298 if (!session->dlcs) {
1299 /* Start a session idle timer */
1300 k_work_reschedule(&dlc->session->rtx_work,
1301 RFCOMM_IDLE_TIMEOUT);
1302 }
1303 } else {
1304 /* Cancel idle timer */
1305 k_work_cancel_delayable(&session->rtx_work);
1306 rfcomm_send_ua(session, 0);
1307 rfcomm_session_disconnected(session);
1308 }
1309 }
1310
rfcomm_handle_msg(struct bt_rfcomm_session * session,struct net_buf * buf)1311 static void rfcomm_handle_msg(struct bt_rfcomm_session *session,
1312 struct net_buf *buf)
1313 {
1314 struct bt_rfcomm_msg_hdr *hdr;
1315 uint8_t msg_type, len, cr;
1316
1317 if (buf->len < sizeof(*hdr)) {
1318 LOG_ERR("Too small RFCOMM message");
1319 return;
1320 }
1321
1322 hdr = net_buf_pull_mem(buf, sizeof(*hdr));
1323 msg_type = BT_RFCOMM_GET_MSG_TYPE(hdr->type);
1324 cr = BT_RFCOMM_GET_MSG_CR(hdr->type);
1325 len = BT_RFCOMM_GET_LEN(hdr->len);
1326
1327 LOG_DBG("msg type %x cr %x", msg_type, cr);
1328
1329 switch (msg_type) {
1330 case BT_RFCOMM_PN:
1331 rfcomm_handle_pn(session, buf, cr);
1332 break;
1333 case BT_RFCOMM_MSC:
1334 rfcomm_handle_msc(session, buf, cr);
1335 break;
1336 case BT_RFCOMM_RLS:
1337 rfcomm_handle_rls(session, buf, cr);
1338 break;
1339 case BT_RFCOMM_RPN:
1340 rfcomm_handle_rpn(session, buf, cr);
1341 break;
1342 case BT_RFCOMM_TEST:
1343 if (!cr) {
1344 break;
1345 }
1346 rfcomm_send_test(session, BT_RFCOMM_MSG_RESP_CR, buf->data,
1347 buf->len - 1);
1348 break;
1349 case BT_RFCOMM_FCON:
1350 if (session->cfc == BT_RFCOMM_CFC_SUPPORTED) {
1351 LOG_ERR("FCON received when CFC is supported ");
1352 return;
1353 }
1354
1355 if (!cr) {
1356 break;
1357 }
1358
1359 /* Give the sem so that it will unblock the waiting dlc threads
1360 * of this session in sem_take().
1361 */
1362 k_sem_give(&session->fc);
1363 rfcomm_send_fcon(session, BT_RFCOMM_MSG_RESP_CR);
1364 break;
1365 case BT_RFCOMM_FCOFF:
1366 if (session->cfc == BT_RFCOMM_CFC_SUPPORTED) {
1367 LOG_ERR("FCOFF received when CFC is supported ");
1368 return;
1369 }
1370
1371 if (!cr) {
1372 break;
1373 }
1374
1375 /* Take the semaphore with timeout K_NO_WAIT so that all the
1376 * dlc threads in this session will be blocked when it tries
1377 * sem_take before sending the data. K_NO_WAIT timeout will
1378 * make sure that RX thread will not be blocked while taking
1379 * the semaphore.
1380 */
1381 k_sem_take(&session->fc, K_NO_WAIT);
1382 rfcomm_send_fcoff(session, BT_RFCOMM_MSG_RESP_CR);
1383 break;
1384 default:
1385 LOG_WRN("Unknown/Unsupported RFCOMM Msg type 0x%02x", msg_type);
1386 rfcomm_send_nsc(session, hdr->type);
1387 break;
1388 }
1389 }
1390
rfcomm_dlc_update_credits(struct bt_rfcomm_dlc * dlc)1391 static void rfcomm_dlc_update_credits(struct bt_rfcomm_dlc *dlc)
1392 {
1393 uint8_t credits;
1394
1395 if (dlc->session->cfc == BT_RFCOMM_CFC_NOT_SUPPORTED) {
1396 return;
1397 }
1398
1399 LOG_DBG("dlc %p credits %u", dlc, dlc->rx_credit);
1400
1401 /* Only give more credits if it went below the defined threshold */
1402 if (dlc->rx_credit > RFCOMM_CREDITS_THRESHOLD) {
1403 return;
1404 }
1405
1406 /* Restore credits */
1407 credits = RFCOMM_MAX_CREDITS - dlc->rx_credit;
1408 dlc->rx_credit += credits;
1409
1410 rfcomm_send_credit(dlc, credits);
1411 }
1412
rfcomm_handle_data(struct bt_rfcomm_session * session,struct net_buf * buf,uint8_t dlci,uint8_t pf)1413 static void rfcomm_handle_data(struct bt_rfcomm_session *session,
1414 struct net_buf *buf, uint8_t dlci, uint8_t pf)
1415
1416 {
1417 struct bt_rfcomm_dlc *dlc;
1418
1419 LOG_DBG("dlci %d, pf %d", dlci, pf);
1420
1421 dlc = rfcomm_dlcs_lookup_dlci(session->dlcs, dlci);
1422 if (!dlc) {
1423 LOG_ERR("Data recvd in non existing DLC");
1424 rfcomm_send_dm(session, dlci);
1425 return;
1426 }
1427
1428 LOG_DBG("dlc %p rx credit %d", dlc, dlc->rx_credit);
1429
1430 if (dlc->state != BT_RFCOMM_STATE_CONNECTED) {
1431 return;
1432 }
1433
1434 if (pf == BT_RFCOMM_PF_UIH_CREDIT) {
1435 if (buf->len == 0) {
1436 LOG_WRN("Data recvd is invalid");
1437 return;
1438 }
1439 rfcomm_dlc_tx_give_credits(dlc, net_buf_pull_u8(buf));
1440 }
1441
1442 if (buf->len > BT_RFCOMM_FCS_SIZE) {
1443 if (dlc->session->cfc == BT_RFCOMM_CFC_SUPPORTED &&
1444 !dlc->rx_credit) {
1445 LOG_ERR("Data recvd when rx credit is 0");
1446 rfcomm_dlc_close(dlc);
1447 return;
1448 }
1449
1450 /* Remove FCS */
1451 buf->len -= BT_RFCOMM_FCS_SIZE;
1452 if (dlc->ops && dlc->ops->recv) {
1453 dlc->ops->recv(dlc, buf);
1454 }
1455
1456 dlc->rx_credit--;
1457 rfcomm_dlc_update_credits(dlc);
1458 }
1459 }
1460
bt_rfcomm_dlc_send(struct bt_rfcomm_dlc * dlc,struct net_buf * buf)1461 int bt_rfcomm_dlc_send(struct bt_rfcomm_dlc *dlc, struct net_buf *buf)
1462 {
1463 uint8_t fcs, cr;
1464
1465 if (!buf) {
1466 return -EINVAL;
1467 }
1468
1469 LOG_DBG("dlc %p tx credit %d", dlc, k_sem_count_get(&dlc->tx_credits));
1470
1471 if (dlc->state != BT_RFCOMM_STATE_CONNECTED) {
1472 return -ENOTCONN;
1473 }
1474
1475 if (buf->len > dlc->mtu) {
1476 return -EMSGSIZE;
1477 }
1478
1479 /* length */
1480 if (buf->len > BT_RFCOMM_MAX_LEN_8) {
1481 /* Length is 2 byte */
1482 net_buf_push_le16(buf, BT_RFCOMM_SET_LEN_16(buf->len));
1483 } else {
1484 net_buf_push_u8(buf, BT_RFCOMM_SET_LEN_8(buf->len));
1485 }
1486
1487 /* control */
1488 net_buf_push_u8(buf, BT_RFCOMM_SET_CTRL(BT_RFCOMM_UIH,
1489 BT_RFCOMM_PF_UIH_NO_CREDIT));
1490 /* address */
1491 cr = BT_RFCOMM_UIH_CR(dlc->session->role);
1492 net_buf_push_u8(buf, BT_RFCOMM_SET_ADDR(dlc->dlci, cr));
1493
1494 fcs = rfcomm_calc_fcs(BT_RFCOMM_FCS_LEN_UIH, buf->data);
1495 net_buf_add_u8(buf, fcs);
1496
1497 k_fifo_put(&dlc->tx_queue, buf);
1498
1499 return buf->len;
1500 }
1501
rfcomm_recv(struct bt_l2cap_chan * chan,struct net_buf * buf)1502 static int rfcomm_recv(struct bt_l2cap_chan *chan, struct net_buf *buf)
1503 {
1504 struct bt_rfcomm_session *session = RFCOMM_SESSION(chan);
1505 struct bt_rfcomm_hdr *hdr = (void *)buf->data;
1506 struct bt_rfcomm_hdr_ext *hdr_ext = (void *)buf->data;
1507 uint8_t dlci, frame_type, fcs, fcs_len;
1508 uint16_t msg_len;
1509 uint16_t hdr_len;
1510
1511 /* Need to consider FCS also*/
1512 if (buf->len < (sizeof(*hdr) + sizeof(fcs))) {
1513 LOG_ERR("Too small RFCOMM Frame");
1514 return 0;
1515 }
1516
1517 dlci = BT_RFCOMM_GET_DLCI(hdr->address);
1518 frame_type = BT_RFCOMM_GET_FRAME_TYPE(hdr->control);
1519
1520 LOG_DBG("session %p dlci %x type %x", session, dlci, frame_type);
1521
1522 if (BT_RFCOMM_LEN_EXTENDED(hdr->length)) {
1523 msg_len = BT_RFCOMM_GET_LEN_EXTENDED(hdr_ext->hdr.length, hdr_ext->second_length);
1524 hdr_len = sizeof(*hdr_ext);
1525 } else {
1526 msg_len = BT_RFCOMM_GET_LEN(hdr->length);
1527 hdr_len = sizeof(*hdr);
1528 }
1529
1530 if (buf->len < (hdr_len + msg_len + sizeof(fcs))) {
1531 LOG_ERR("Too small RFCOMM information (%d < %d)", buf->len,
1532 hdr_len + msg_len + sizeof(fcs));
1533 return 0;
1534 }
1535
1536 fcs_len = (frame_type == BT_RFCOMM_UIH) ? BT_RFCOMM_FCS_LEN_UIH : hdr_len;
1537 fcs = *(net_buf_tail(buf) - sizeof(fcs));
1538 if (!rfcomm_check_fcs(fcs_len, buf->data, fcs)) {
1539 LOG_ERR("FCS check failed");
1540 return 0;
1541 }
1542
1543 net_buf_pull(buf, hdr_len);
1544
1545 switch (frame_type) {
1546 case BT_RFCOMM_SABM:
1547 rfcomm_handle_sabm(session, dlci);
1548 break;
1549 case BT_RFCOMM_UIH:
1550 if (!dlci) {
1551 rfcomm_handle_msg(session, buf);
1552 } else {
1553 rfcomm_handle_data(session, buf, dlci, BT_RFCOMM_GET_PF(hdr->control));
1554 }
1555 break;
1556 case BT_RFCOMM_DISC:
1557 rfcomm_handle_disc(session, dlci);
1558 break;
1559 case BT_RFCOMM_UA:
1560 rfcomm_handle_ua(session, dlci);
1561 break;
1562 case BT_RFCOMM_DM:
1563 rfcomm_handle_dm(session, dlci);
1564 break;
1565 default:
1566 LOG_WRN("Unknown/Unsupported RFCOMM Frame type 0x%02x", frame_type);
1567 break;
1568 }
1569
1570 return 0;
1571 }
1572
rfcomm_encrypt_change(struct bt_l2cap_chan * chan,uint8_t hci_status)1573 static void rfcomm_encrypt_change(struct bt_l2cap_chan *chan,
1574 uint8_t hci_status)
1575 {
1576 struct bt_rfcomm_session *session = RFCOMM_SESSION(chan);
1577 struct bt_conn *conn = chan->conn;
1578 struct bt_rfcomm_dlc *dlc, *next;
1579
1580 LOG_DBG("session %p status 0x%02x encr 0x%02x", session, hci_status, conn->encrypt);
1581
1582 for (dlc = session->dlcs; dlc; dlc = next) {
1583 next = dlc->_next;
1584
1585 if (dlc->state != BT_RFCOMM_STATE_SECURITY_PENDING) {
1586 continue;
1587 }
1588
1589 if (hci_status || !conn->encrypt ||
1590 conn->sec_level < dlc->required_sec_level) {
1591 rfcomm_dlc_close(dlc);
1592 continue;
1593 }
1594
1595 if (dlc->role == BT_RFCOMM_ROLE_ACCEPTOR) {
1596 rfcomm_send_ua(session, dlc->dlci);
1597 rfcomm_dlc_connected(dlc);
1598 } else {
1599 dlc->mtu = MIN(dlc->mtu, session->mtu);
1600 dlc->state = BT_RFCOMM_STATE_CONFIG;
1601 rfcomm_send_pn(dlc, BT_RFCOMM_MSG_CMD_CR);
1602 }
1603 }
1604 }
1605
rfcomm_session_rtx_timeout(struct k_work * work)1606 static void rfcomm_session_rtx_timeout(struct k_work *work)
1607 {
1608 struct bt_rfcomm_session *session = SESSION_RTX(work);
1609
1610 LOG_WRN("session %p state %d timeout", session, session->state);
1611
1612 switch (session->state) {
1613 case BT_RFCOMM_STATE_CONNECTED:
1614 rfcomm_session_disconnect(session);
1615 break;
1616 case BT_RFCOMM_STATE_DISCONNECTING:
1617 session->state = BT_RFCOMM_STATE_DISCONNECTED;
1618 if (bt_l2cap_chan_disconnect(&session->br_chan.chan) < 0) {
1619 session->state = BT_RFCOMM_STATE_IDLE;
1620 }
1621 break;
1622 }
1623 }
1624
rfcomm_session_new(bt_rfcomm_role_t role)1625 static struct bt_rfcomm_session *rfcomm_session_new(bt_rfcomm_role_t role)
1626 {
1627 int i;
1628 static const struct bt_l2cap_chan_ops ops = {
1629 .connected = rfcomm_connected,
1630 .disconnected = rfcomm_disconnected,
1631 .recv = rfcomm_recv,
1632 .encrypt_change = rfcomm_encrypt_change,
1633 };
1634
1635 for (i = 0; i < ARRAY_SIZE(bt_rfcomm_pool); i++) {
1636 struct bt_rfcomm_session *session = &bt_rfcomm_pool[i];
1637
1638 if (session->br_chan.chan.conn) {
1639 continue;
1640 }
1641
1642 LOG_DBG("session %p initialized", session);
1643
1644 session->br_chan.chan.ops = &ops;
1645 session->br_chan.rx.mtu = CONFIG_BT_RFCOMM_L2CAP_MTU;
1646 session->state = BT_RFCOMM_STATE_INIT;
1647 session->role = role;
1648 session->cfc = BT_RFCOMM_CFC_UNKNOWN;
1649 k_work_init_delayable(&session->rtx_work,
1650 rfcomm_session_rtx_timeout);
1651 k_sem_init(&session->fc, 0, 1);
1652
1653 return session;
1654 }
1655
1656 return NULL;
1657 }
1658
bt_rfcomm_dlc_connect(struct bt_conn * conn,struct bt_rfcomm_dlc * dlc,uint8_t channel)1659 int bt_rfcomm_dlc_connect(struct bt_conn *conn, struct bt_rfcomm_dlc *dlc,
1660 uint8_t channel)
1661 {
1662 struct bt_rfcomm_session *session;
1663 struct bt_l2cap_chan *chan;
1664 uint8_t dlci;
1665 int ret;
1666
1667 LOG_DBG("conn %p dlc %p channel %d", conn, dlc, channel);
1668
1669 if (!dlc) {
1670 return -EINVAL;
1671 }
1672
1673 if (!conn || conn->state != BT_CONN_CONNECTED) {
1674 return -ENOTCONN;
1675 }
1676
1677 if (channel < RFCOMM_CHANNEL_START || channel > RFCOMM_CHANNEL_END) {
1678 return -EINVAL;
1679 }
1680
1681 if (!BT_RFCOMM_CHECK_MTU(dlc->mtu)) {
1682 return -EINVAL;
1683 }
1684
1685 session = rfcomm_sessions_lookup_bt_conn(conn);
1686 if (!session) {
1687 session = rfcomm_session_new(BT_RFCOMM_ROLE_INITIATOR);
1688 if (!session) {
1689 return -ENOMEM;
1690 }
1691 }
1692
1693 dlci = BT_RFCOMM_DLCI(session->role, channel);
1694
1695 if (rfcomm_dlcs_lookup_dlci(session->dlcs, dlci)) {
1696 return -EBUSY;
1697 }
1698
1699 rfcomm_dlc_init(dlc, session, dlci, BT_RFCOMM_ROLE_INITIATOR);
1700
1701 switch (session->state) {
1702 case BT_RFCOMM_STATE_INIT:
1703 if (session->role == BT_RFCOMM_ROLE_ACCEPTOR) {
1704 /* There is an ongoing incoming conn */
1705 break;
1706 }
1707 chan = &session->br_chan.chan;
1708 BR_CHAN(chan)->required_sec_level = dlc->required_sec_level;
1709 ret = bt_l2cap_chan_connect(conn, chan, BT_L2CAP_PSM_RFCOMM);
1710 if (ret < 0) {
1711 session->state = BT_RFCOMM_STATE_IDLE;
1712 goto fail;
1713 }
1714 session->state = BT_RFCOMM_STATE_CONNECTING;
1715 break;
1716 case BT_RFCOMM_STATE_CONNECTING:
1717 break;
1718 case BT_RFCOMM_STATE_CONNECTED:
1719 ret = rfcomm_dlc_start(dlc);
1720 if (ret < 0) {
1721 goto fail;
1722 }
1723 /* Cancel idle timer if any */
1724 k_work_cancel_delayable(&session->rtx_work);
1725 break;
1726 default:
1727 LOG_ERR("Invalid session state %d", session->state);
1728 ret = -EINVAL;
1729 goto fail;
1730 }
1731
1732 return 0;
1733
1734 fail:
1735 rfcomm_dlcs_remove_dlci(session->dlcs, dlc->dlci);
1736 dlc->state = BT_RFCOMM_STATE_IDLE;
1737 dlc->session = NULL;
1738 return ret;
1739 }
1740
bt_rfcomm_dlc_disconnect(struct bt_rfcomm_dlc * dlc)1741 int bt_rfcomm_dlc_disconnect(struct bt_rfcomm_dlc *dlc)
1742 {
1743 LOG_DBG("dlc %p", dlc);
1744
1745 if (!dlc) {
1746 return -EINVAL;
1747 }
1748
1749 if (dlc->state == BT_RFCOMM_STATE_CONNECTED) {
1750 /* This is to handle user initiated disconnect to send pending
1751 * bufs in the queue before disconnecting
1752 * Queue a dummy buffer (in case if queue is empty) to wake up
1753 * and stop the tx thread.
1754 */
1755 dlc->state = BT_RFCOMM_STATE_USER_DISCONNECT;
1756 k_fifo_put(&dlc->tx_queue,
1757 net_buf_alloc(&dummy_pool, K_NO_WAIT));
1758
1759 k_work_reschedule(&dlc->rtx_work, RFCOMM_DISC_TIMEOUT);
1760
1761 return 0;
1762 }
1763
1764 return rfcomm_dlc_close(dlc);
1765 }
1766
rfcomm_accept(struct bt_conn * conn,struct bt_l2cap_server * server,struct bt_l2cap_chan ** chan)1767 static int rfcomm_accept(struct bt_conn *conn, struct bt_l2cap_server *server,
1768 struct bt_l2cap_chan **chan)
1769 {
1770 struct bt_rfcomm_session *session;
1771
1772 LOG_DBG("conn %p", conn);
1773
1774 session = rfcomm_session_new(BT_RFCOMM_ROLE_ACCEPTOR);
1775 if (session) {
1776 *chan = &session->br_chan.chan;
1777 return 0;
1778 }
1779
1780 LOG_ERR("No available RFCOMM context for conn %p", conn);
1781
1782 return -ENOMEM;
1783 }
1784
bt_rfcomm_init(void)1785 void bt_rfcomm_init(void)
1786 {
1787 static struct bt_l2cap_server server = {
1788 .psm = BT_L2CAP_PSM_RFCOMM,
1789 .accept = rfcomm_accept,
1790 .sec_level = BT_SECURITY_L1,
1791 };
1792
1793 bt_l2cap_br_server_register(&server);
1794 }
1795
