1 /******************************************************************************
2  *
3  *  Copyright (C) 2014 Google, Inc.
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 #include <string.h>
19 #include "common/bt_trace.h"
20 #include "common/bt_defs.h"
21 #include "device/controller.h"
22 #include "hci/hci_internals.h"
23 #include "hci/hci_layer.h"
24 #include "hci/packet_fragmenter.h"
25 
26 #include "osi/hash_map.h"
27 #include "osi/hash_functions.h"
28 #include "common/bt_trace.h"
29 
30 
31 #define APPLY_CONTINUATION_FLAG(handle) (((handle) & 0xCFFF) | 0x1000)
32 #define APPLY_START_FLAG(handle) (((handle) & 0xCFFF) | 0x2000)
33 #define SUB_EVENT(event) ((event) & MSG_SUB_EVT_MASK)
34 #define GET_BOUNDARY_FLAG(handle) (((handle) >> 12) & 0x0003)
35 
36 #define HANDLE_MASK 0x0FFF
37 #define START_PACKET_BOUNDARY 2
38 #define CONTINUATION_PACKET_BOUNDARY 1
39 #define L2CAP_HEADER_SIZE       4
40 
41 // TODO(zachoverflow): find good value for this
42 #define NUMBER_OF_BUCKETS 42
43 
44 // Our interface and callbacks
45 static const packet_fragmenter_t interface;
46 static const controller_t *controller;
47 static const packet_fragmenter_callbacks_t *callbacks;
48 static hash_map_t *partial_packets;
49 static BT_HDR *current_fragment_packet;
50 
init(const packet_fragmenter_callbacks_t * result_callbacks)51 static void init(const packet_fragmenter_callbacks_t *result_callbacks)
52 {
53     current_fragment_packet = NULL;
54     callbacks = result_callbacks;
55     partial_packets = hash_map_new(NUMBER_OF_BUCKETS, hash_function_naive, NULL, NULL, NULL);
56 }
57 
cleanup(void)58 static void cleanup(void)
59 {
60     if (partial_packets) {
61         hash_map_free(partial_packets);
62     }
63 }
64 
fragment_get_current_packet(void)65 static BT_HDR *fragment_get_current_packet(void)
66 {
67     return current_fragment_packet;
68 }
69 
fragment_and_dispatch(BT_HDR * packet)70 static void fragment_and_dispatch(BT_HDR *packet)
71 {
72     uint16_t continuation_handle;
73     uint16_t max_data_size, max_packet_size, remaining_length;
74     uint16_t event = packet->event & MSG_EVT_MASK;
75     uint8_t *stream = packet->data + packet->offset;
76 
77     assert(packet != NULL);
78 
79     // We only fragment ACL packets
80     if (event != MSG_STACK_TO_HC_HCI_ACL) {
81         callbacks->fragmented(packet, true);
82         return;
83     }
84 
85     max_data_size =
86         SUB_EVENT(packet->event) == LOCAL_BR_EDR_CONTROLLER_ID ?
87         controller->get_acl_data_size_classic() :
88         controller->get_acl_data_size_ble();
89 
90     max_packet_size = max_data_size + HCI_ACL_PREAMBLE_SIZE;
91     if((packet->len > max_packet_size) && (packet->layer_specific == 0) && (event == MSG_STACK_TO_HC_HCI_ACL)) {
92         packet->event = MSG_HC_TO_STACK_L2C_SEG_XMIT;
93         current_fragment_packet = NULL;
94         callbacks->transmit_finished(packet, false);
95         return;
96 
97     }
98     remaining_length = packet->len;
99     STREAM_TO_UINT16(continuation_handle, stream);
100     continuation_handle = APPLY_CONTINUATION_FLAG(continuation_handle);
101     if (remaining_length > max_packet_size) {
102         current_fragment_packet = packet;
103         UINT16_TO_STREAM(stream, max_data_size);
104         packet->len = max_packet_size;
105         callbacks->fragmented(packet, false);
106         packet->offset += max_data_size;
107         remaining_length -= max_data_size;
108         packet->len = remaining_length;
109 
110         // Write the ACL header for the next fragment
111         stream = packet->data + packet->offset;
112         UINT16_TO_STREAM(stream, continuation_handle);
113         UINT16_TO_STREAM(stream, remaining_length - HCI_ACL_PREAMBLE_SIZE);
114         // Apparently L2CAP can set layer_specific to a max number of segments to transmit
115         if (packet->layer_specific) {
116             packet->layer_specific--;
117             if (packet->layer_specific == 0) {
118                 packet->event = MSG_HC_TO_STACK_L2C_SEG_XMIT;
119 
120                 /* The remain packet will send back to the l2cap layer when controller buffer is not enough
121                    current_fragment_packet must be NULL, otherwise hci_host_thread_handler() will
122                    connitue handle the remain packet. then the remain packet will be freed.
123                 */
124 
125                 current_fragment_packet = NULL;
126                 callbacks->transmit_finished(packet, false);
127                 return;
128             }
129         }
130     } else {
131         current_fragment_packet = NULL;
132         callbacks->fragmented(packet, true);
133     }
134 }
135 
reassemble_and_dispatch(BT_HDR * packet)136 static void reassemble_and_dispatch(BT_HDR *packet)
137 {
138     HCI_TRACE_DEBUG("reassemble_and_dispatch\n");
139 
140     if ((packet->event & MSG_EVT_MASK) == MSG_HC_TO_STACK_HCI_ACL) {
141         uint8_t *stream = packet->data + packet->offset;
142         uint16_t handle;
143         uint16_t l2cap_length;
144         uint16_t acl_length __attribute__((unused));
145 
146         STREAM_TO_UINT16(handle, stream);
147         STREAM_TO_UINT16(acl_length, stream);
148         STREAM_TO_UINT16(l2cap_length, stream);
149 
150         assert(acl_length == packet->len - HCI_ACL_PREAMBLE_SIZE);
151 
152         uint8_t boundary_flag = GET_BOUNDARY_FLAG(handle);
153         handle = handle & HANDLE_MASK;
154 
155         BT_HDR *partial_packet = (BT_HDR *)hash_map_get(partial_packets, (void *)(uintptr_t)handle);
156 
157         if (boundary_flag == START_PACKET_BOUNDARY) {
158             if (partial_packet) {
159                 HCI_TRACE_WARNING("%s found unfinished packet for handle with start packet. Dropping old.\n", __func__);
160                 hash_map_erase(partial_packets, (void *)(uintptr_t)handle);
161                 osi_free(partial_packet);
162             }
163 
164             uint16_t full_length = l2cap_length + L2CAP_HEADER_SIZE + HCI_ACL_PREAMBLE_SIZE;
165             if (full_length <= packet->len) {
166                 if (full_length < packet->len) {
167                     HCI_TRACE_WARNING("%s found l2cap full length %d less than the hci length %d.\n", __func__, l2cap_length, packet->len);
168                 }
169 
170                 callbacks->reassembled(packet);
171                 return;
172             }
173             partial_packet = (BT_HDR *)osi_calloc(full_length + sizeof(BT_HDR));
174             partial_packet->event = packet->event;
175             partial_packet->len = full_length;
176             partial_packet->offset = packet->len;
177 
178             memcpy(partial_packet->data, packet->data + packet->offset, packet->len);
179 
180             // Update the ACL data size to indicate the full expected length
181             stream = partial_packet->data;
182             STREAM_SKIP_UINT16(stream); // skip the handle
183             UINT16_TO_STREAM(stream, full_length - HCI_ACL_PREAMBLE_SIZE);
184 
185             hash_map_set(partial_packets, (void *)(uintptr_t)handle, partial_packet);
186             // Free the old packet buffer, since we don't need it anymore
187             osi_free(packet);
188         } else {
189             if (!partial_packet) {
190                 HCI_TRACE_ERROR("%s got continuation for unknown packet. Dropping it.\n", __func__);
191                 osi_free(packet);
192                 return;
193             }
194 
195             packet->offset += HCI_ACL_PREAMBLE_SIZE; // skip ACL preamble
196             packet->len -= HCI_ACL_PREAMBLE_SIZE;
197             uint16_t projected_offset = partial_packet->offset + packet->len;
198             if (projected_offset > partial_packet->len) { // len stores the expected length
199                 HCI_TRACE_ERROR("%s got packet which would exceed expected length of %d. Truncating.\n", __func__, partial_packet->len);
200                 packet->len = partial_packet->len - partial_packet->offset;
201                 projected_offset = partial_packet->len;
202             }
203 
204             memcpy(
205                 partial_packet->data + partial_packet->offset,
206                 packet->data + packet->offset,
207                 packet->len
208             );
209 
210             // Free the old packet buffer, since we don't need it anymore
211             osi_free(packet);
212             partial_packet->offset = projected_offset;
213 
214             if (partial_packet->offset == partial_packet->len) {
215                 hash_map_erase(partial_packets, (void *)(uintptr_t)handle);
216                 partial_packet->offset = 0;
217                 callbacks->reassembled(partial_packet);
218             }
219         }
220     } else {
221         callbacks->reassembled(packet);
222     }
223 }
224 
225 static const packet_fragmenter_t interface = {
226     init,
227     cleanup,
228 
229     fragment_get_current_packet,
230     fragment_and_dispatch,
231     reassemble_and_dispatch
232 };
233 
packet_fragmenter_get_interface(void)234 const packet_fragmenter_t *packet_fragmenter_get_interface(void)
235 {
236     controller = controller_get_interface();
237     return &interface;
238 }
239